ctl.c revision 288262 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 288262 2015-09-26 12:53:55Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_DEXCPT,
288	/*mrie*/0,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 0}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/0,
297	/*mrie*/0,
298	/*interval_timer*/{0, 0, 0, 0},
299	/*report_count*/{0, 0, 0, 0}
300};
301
302#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
303
304const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
305	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
306	/*subpage_code*/0x02,
307	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
308	/*flags*/0,
309	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310	/*descr*/{}},
311	{{/*flags*/0,
312	  /*resource*/0x01,
313	  /*reserved*/{0, 0},
314	  /*count*/{0, 0, 0, 0}},
315	 {/*flags*/0,
316	  /*resource*/0x02,
317	  /*reserved*/{0, 0},
318	  /*count*/{0, 0, 0, 0}},
319	 {/*flags*/0,
320	  /*resource*/0xf1,
321	  /*reserved*/{0, 0},
322	  /*count*/{0, 0, 0, 0}},
323	 {/*flags*/0,
324	  /*resource*/0xf2,
325	  /*reserved*/{0, 0},
326	  /*count*/{0, 0, 0, 0}}
327	}
328};
329
330const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
331	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
332	/*subpage_code*/0x02,
333	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
334	/*flags*/0,
335	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
336	/*descr*/{}},
337	{{/*flags*/0,
338	  /*resource*/0,
339	  /*reserved*/{0, 0},
340	  /*count*/{0, 0, 0, 0}},
341	 {/*flags*/0,
342	  /*resource*/0,
343	  /*reserved*/{0, 0},
344	  /*count*/{0, 0, 0, 0}},
345	 {/*flags*/0,
346	  /*resource*/0,
347	  /*reserved*/{0, 0},
348	  /*count*/{0, 0, 0, 0}},
349	 {/*flags*/0,
350	  /*resource*/0,
351	  /*reserved*/{0, 0},
352	  /*count*/{0, 0, 0, 0}}
353	}
354};
355
356SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
357static int worker_threads = -1;
358SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
359    &worker_threads, 1, "Number of worker threads");
360static int ctl_debug = CTL_DEBUG_NONE;
361SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
362    &ctl_debug, 0, "Enabled debug flags");
363
364/*
365 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
366 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
367 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
368 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
369 */
370#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
371
372static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
373				  int param);
374static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
375static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
376static int ctl_init(void);
377void ctl_shutdown(void);
378static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
379static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
380static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
381static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
382			      struct ctl_ooa *ooa_hdr,
383			      struct ctl_ooa_entry *kern_entries);
384static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
385		     struct thread *td);
386static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
387			 struct ctl_be_lun *be_lun);
388static int ctl_free_lun(struct ctl_lun *lun);
389static void ctl_create_lun(struct ctl_be_lun *be_lun);
390static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
391
392static int ctl_do_mode_select(union ctl_io *io);
393static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
394			   uint64_t res_key, uint64_t sa_res_key,
395			   uint8_t type, uint32_t residx,
396			   struct ctl_scsiio *ctsio,
397			   struct scsi_per_res_out *cdb,
398			   struct scsi_per_res_out_parms* param);
399static void ctl_pro_preempt_other(struct ctl_lun *lun,
400				  union ctl_ha_msg *msg);
401static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
402static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
403static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
404static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
407static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
408					 int alloc_len);
409static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
410					 int alloc_len);
411static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
412static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
413static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
414static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
415static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
416static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
417    bool seq);
418static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
419static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
420    union ctl_io *pending_io, union ctl_io *ooa_io);
421static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
422				union ctl_io *starting_io);
423static int ctl_check_blocked(struct ctl_lun *lun);
424static int ctl_scsiio_lun_check(struct ctl_lun *lun,
425				const struct ctl_cmd_entry *entry,
426				struct ctl_scsiio *ctsio);
427static void ctl_failover_lun(union ctl_io *io);
428static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
429			       struct ctl_scsiio *ctsio);
430static int ctl_scsiio(struct ctl_scsiio *ctsio);
431
432static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
433static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
434			    ctl_ua_type ua_type);
435static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
436			 ctl_ua_type ua_type);
437static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
438static int ctl_abort_task(union ctl_io *io);
439static int ctl_abort_task_set(union ctl_io *io);
440static int ctl_query_task(union ctl_io *io, int task_set);
441static int ctl_i_t_nexus_reset(union ctl_io *io);
442static int ctl_query_async_event(union ctl_io *io);
443static void ctl_run_task(union ctl_io *io);
444#ifdef CTL_IO_DELAY
445static void ctl_datamove_timer_wakeup(void *arg);
446static void ctl_done_timer_wakeup(void *arg);
447#endif /* CTL_IO_DELAY */
448
449static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
450static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
451static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
452static void ctl_datamove_remote_write(union ctl_io *io);
453static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
454static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
455static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
456static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
457				    ctl_ha_dt_cb callback);
458static void ctl_datamove_remote_read(union ctl_io *io);
459static void ctl_datamove_remote(union ctl_io *io);
460static void ctl_process_done(union ctl_io *io);
461static void ctl_lun_thread(void *arg);
462static void ctl_thresh_thread(void *arg);
463static void ctl_work_thread(void *arg);
464static void ctl_enqueue_incoming(union ctl_io *io);
465static void ctl_enqueue_rtr(union ctl_io *io);
466static void ctl_enqueue_done(union ctl_io *io);
467static void ctl_enqueue_isc(union ctl_io *io);
468static const struct ctl_cmd_entry *
469    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
470static const struct ctl_cmd_entry *
471    ctl_validate_command(struct ctl_scsiio *ctsio);
472static int ctl_cmd_applicable(uint8_t lun_type,
473    const struct ctl_cmd_entry *entry);
474
475static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
476static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
477static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
478static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
479
480/*
481 * Load the serialization table.  This isn't very pretty, but is probably
482 * the easiest way to do it.
483 */
484#include "ctl_ser_table.c"
485
486/*
487 * We only need to define open, close and ioctl routines for this driver.
488 */
489static struct cdevsw ctl_cdevsw = {
490	.d_version =	D_VERSION,
491	.d_flags =	0,
492	.d_open =	ctl_open,
493	.d_close =	ctl_close,
494	.d_ioctl =	ctl_ioctl,
495	.d_name =	"ctl",
496};
497
498
499MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
500
501static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
502
503static moduledata_t ctl_moduledata = {
504	"ctl",
505	ctl_module_event_handler,
506	NULL
507};
508
509DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
510MODULE_VERSION(ctl, 1);
511
512static struct ctl_frontend ha_frontend =
513{
514	.name = "ha",
515};
516
517static void
518ctl_ha_datamove(union ctl_io *io)
519{
520	struct ctl_lun *lun;
521	struct ctl_sg_entry *sgl;
522	union ctl_ha_msg msg;
523	uint32_t sg_entries_sent;
524	int do_sg_copy, i, j;
525
526	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
527	memset(&msg.dt, 0, sizeof(msg.dt));
528	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
529	msg.hdr.original_sc = io->io_hdr.original_sc;
530	msg.hdr.serializing_sc = io;
531	msg.hdr.nexus = io->io_hdr.nexus;
532	msg.hdr.status = io->io_hdr.status;
533	msg.dt.flags = io->io_hdr.flags;
534
535	/*
536	 * We convert everything into a S/G list here.  We can't
537	 * pass by reference, only by value between controllers.
538	 * So we can't pass a pointer to the S/G list, only as many
539	 * S/G entries as we can fit in here.  If it's possible for
540	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
541	 * then we need to break this up into multiple transfers.
542	 */
543	if (io->scsiio.kern_sg_entries == 0) {
544		msg.dt.kern_sg_entries = 1;
545#if 0
546		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
547			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
548		} else {
549			/* XXX KDM use busdma here! */
550			msg.dt.sg_list[0].addr =
551			    (void *)vtophys(io->scsiio.kern_data_ptr);
552		}
553#else
554		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
555		    ("HA does not support BUS_ADDR"));
556		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
557#endif
558		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
559		do_sg_copy = 0;
560	} else {
561		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
562		do_sg_copy = 1;
563	}
564
565	msg.dt.kern_data_len = io->scsiio.kern_data_len;
566	msg.dt.kern_total_len = io->scsiio.kern_total_len;
567	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
568	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
569	msg.dt.sg_sequence = 0;
570
571	/*
572	 * Loop until we've sent all of the S/G entries.  On the
573	 * other end, we'll recompose these S/G entries into one
574	 * contiguous list before processing.
575	 */
576	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
577	    msg.dt.sg_sequence++) {
578		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
579		    sizeof(msg.dt.sg_list[0])),
580		    msg.dt.kern_sg_entries - sg_entries_sent);
581		if (do_sg_copy != 0) {
582			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
583			for (i = sg_entries_sent, j = 0;
584			     i < msg.dt.cur_sg_entries; i++, j++) {
585#if 0
586				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
587					msg.dt.sg_list[j].addr = sgl[i].addr;
588				} else {
589					/* XXX KDM use busdma here! */
590					msg.dt.sg_list[j].addr =
591					    (void *)vtophys(sgl[i].addr);
592				}
593#else
594				KASSERT((io->io_hdr.flags &
595				    CTL_FLAG_BUS_ADDR) == 0,
596				    ("HA does not support BUS_ADDR"));
597				msg.dt.sg_list[j].addr = sgl[i].addr;
598#endif
599				msg.dt.sg_list[j].len = sgl[i].len;
600			}
601		}
602
603		sg_entries_sent += msg.dt.cur_sg_entries;
604		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
605		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
606		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
607		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
608		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
609			io->io_hdr.port_status = 31341;
610			io->scsiio.be_move_done(io);
611			return;
612		}
613		msg.dt.sent_sg_entries = sg_entries_sent;
614	}
615
616	/*
617	 * Officially handover the request from us to peer.
618	 * If failover has just happened, then we must return error.
619	 * If failover happen just after, then it is not our problem.
620	 */
621	if (lun)
622		mtx_lock(&lun->lun_lock);
623	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
624		if (lun)
625			mtx_unlock(&lun->lun_lock);
626		io->io_hdr.port_status = 31342;
627		io->scsiio.be_move_done(io);
628		return;
629	}
630	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
631	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
632	if (lun)
633		mtx_unlock(&lun->lun_lock);
634}
635
636static void
637ctl_ha_done(union ctl_io *io)
638{
639	union ctl_ha_msg msg;
640
641	if (io->io_hdr.io_type == CTL_IO_SCSI) {
642		memset(&msg, 0, sizeof(msg));
643		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
644		msg.hdr.original_sc = io->io_hdr.original_sc;
645		msg.hdr.nexus = io->io_hdr.nexus;
646		msg.hdr.status = io->io_hdr.status;
647		msg.scsi.scsi_status = io->scsiio.scsi_status;
648		msg.scsi.tag_num = io->scsiio.tag_num;
649		msg.scsi.tag_type = io->scsiio.tag_type;
650		msg.scsi.sense_len = io->scsiio.sense_len;
651		msg.scsi.sense_residual = io->scsiio.sense_residual;
652		msg.scsi.residual = io->scsiio.residual;
653		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
654		    io->scsiio.sense_len);
655		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
656		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
657		    msg.scsi.sense_len, M_WAITOK);
658	}
659	ctl_free_io(io);
660}
661
662static void
663ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
664			    union ctl_ha_msg *msg_info)
665{
666	struct ctl_scsiio *ctsio;
667
668	if (msg_info->hdr.original_sc == NULL) {
669		printf("%s: original_sc == NULL!\n", __func__);
670		/* XXX KDM now what? */
671		return;
672	}
673
674	ctsio = &msg_info->hdr.original_sc->scsiio;
675	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
676	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
677	ctsio->io_hdr.status = msg_info->hdr.status;
678	ctsio->scsi_status = msg_info->scsi.scsi_status;
679	ctsio->sense_len = msg_info->scsi.sense_len;
680	ctsio->sense_residual = msg_info->scsi.sense_residual;
681	ctsio->residual = msg_info->scsi.residual;
682	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
683	       msg_info->scsi.sense_len);
684	ctl_enqueue_isc((union ctl_io *)ctsio);
685}
686
687static void
688ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
689				union ctl_ha_msg *msg_info)
690{
691	struct ctl_scsiio *ctsio;
692
693	if (msg_info->hdr.serializing_sc == NULL) {
694		printf("%s: serializing_sc == NULL!\n", __func__);
695		/* XXX KDM now what? */
696		return;
697	}
698
699	ctsio = &msg_info->hdr.serializing_sc->scsiio;
700	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
701	ctl_enqueue_isc((union ctl_io *)ctsio);
702}
703
704void
705ctl_isc_announce_lun(struct ctl_lun *lun)
706{
707	struct ctl_softc *softc = lun->ctl_softc;
708	union ctl_ha_msg *msg;
709	struct ctl_ha_msg_lun_pr_key pr_key;
710	int i, k;
711
712	if (softc->ha_link != CTL_HA_LINK_ONLINE)
713		return;
714	mtx_lock(&lun->lun_lock);
715	i = sizeof(msg->lun);
716	if (lun->lun_devid)
717		i += lun->lun_devid->len;
718	i += sizeof(pr_key) * lun->pr_key_count;
719alloc:
720	mtx_unlock(&lun->lun_lock);
721	msg = malloc(i, M_CTL, M_WAITOK);
722	mtx_lock(&lun->lun_lock);
723	k = sizeof(msg->lun);
724	if (lun->lun_devid)
725		k += lun->lun_devid->len;
726	k += sizeof(pr_key) * lun->pr_key_count;
727	if (i < k) {
728		free(msg, M_CTL);
729		i = k;
730		goto alloc;
731	}
732	bzero(&msg->lun, sizeof(msg->lun));
733	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
734	msg->hdr.nexus.targ_lun = lun->lun;
735	msg->hdr.nexus.targ_mapped_lun = lun->lun;
736	msg->lun.flags = lun->flags;
737	msg->lun.pr_generation = lun->PRGeneration;
738	msg->lun.pr_res_idx = lun->pr_res_idx;
739	msg->lun.pr_res_type = lun->res_type;
740	msg->lun.pr_key_count = lun->pr_key_count;
741	i = 0;
742	if (lun->lun_devid) {
743		msg->lun.lun_devid_len = lun->lun_devid->len;
744		memcpy(&msg->lun.data[i], lun->lun_devid->data,
745		    msg->lun.lun_devid_len);
746		i += msg->lun.lun_devid_len;
747	}
748	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
749		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
750			continue;
751		pr_key.pr_iid = k;
752		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
753		i += sizeof(pr_key);
754	}
755	mtx_unlock(&lun->lun_lock);
756	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
757	    M_WAITOK);
758	free(msg, M_CTL);
759
760	if (lun->flags & CTL_LUN_PRIMARY_SC) {
761		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
762			ctl_isc_announce_mode(lun, -1,
763			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
764			    lun->mode_pages.index[i].subpage);
765		}
766	}
767}
768
769void
770ctl_isc_announce_port(struct ctl_port *port)
771{
772	struct ctl_softc *softc = port->ctl_softc;
773	union ctl_ha_msg *msg;
774	int i;
775
776	if (port->targ_port < softc->port_min ||
777	    port->targ_port >= softc->port_max ||
778	    softc->ha_link != CTL_HA_LINK_ONLINE)
779		return;
780	i = sizeof(msg->port) + strlen(port->port_name) + 1;
781	if (port->lun_map)
782		i += sizeof(uint32_t) * CTL_MAX_LUNS;
783	if (port->port_devid)
784		i += port->port_devid->len;
785	if (port->target_devid)
786		i += port->target_devid->len;
787	if (port->init_devid)
788		i += port->init_devid->len;
789	msg = malloc(i, M_CTL, M_WAITOK);
790	bzero(&msg->port, sizeof(msg->port));
791	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
792	msg->hdr.nexus.targ_port = port->targ_port;
793	msg->port.port_type = port->port_type;
794	msg->port.physical_port = port->physical_port;
795	msg->port.virtual_port = port->virtual_port;
796	msg->port.status = port->status;
797	i = 0;
798	msg->port.name_len = sprintf(&msg->port.data[i],
799	    "%d:%s", softc->ha_id, port->port_name) + 1;
800	i += msg->port.name_len;
801	if (port->lun_map) {
802		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
803		memcpy(&msg->port.data[i], port->lun_map,
804		    msg->port.lun_map_len);
805		i += msg->port.lun_map_len;
806	}
807	if (port->port_devid) {
808		msg->port.port_devid_len = port->port_devid->len;
809		memcpy(&msg->port.data[i], port->port_devid->data,
810		    msg->port.port_devid_len);
811		i += msg->port.port_devid_len;
812	}
813	if (port->target_devid) {
814		msg->port.target_devid_len = port->target_devid->len;
815		memcpy(&msg->port.data[i], port->target_devid->data,
816		    msg->port.target_devid_len);
817		i += msg->port.target_devid_len;
818	}
819	if (port->init_devid) {
820		msg->port.init_devid_len = port->init_devid->len;
821		memcpy(&msg->port.data[i], port->init_devid->data,
822		    msg->port.init_devid_len);
823		i += msg->port.init_devid_len;
824	}
825	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
826	    M_WAITOK);
827	free(msg, M_CTL);
828}
829
830void
831ctl_isc_announce_iid(struct ctl_port *port, int iid)
832{
833	struct ctl_softc *softc = port->ctl_softc;
834	union ctl_ha_msg *msg;
835	int i, l;
836
837	if (port->targ_port < softc->port_min ||
838	    port->targ_port >= softc->port_max ||
839	    softc->ha_link != CTL_HA_LINK_ONLINE)
840		return;
841	mtx_lock(&softc->ctl_lock);
842	i = sizeof(msg->iid);
843	l = 0;
844	if (port->wwpn_iid[iid].name)
845		l = strlen(port->wwpn_iid[iid].name) + 1;
846	i += l;
847	msg = malloc(i, M_CTL, M_NOWAIT);
848	if (msg == NULL) {
849		mtx_unlock(&softc->ctl_lock);
850		return;
851	}
852	bzero(&msg->iid, sizeof(msg->iid));
853	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
854	msg->hdr.nexus.targ_port = port->targ_port;
855	msg->hdr.nexus.initid = iid;
856	msg->iid.in_use = port->wwpn_iid[iid].in_use;
857	msg->iid.name_len = l;
858	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
859	if (port->wwpn_iid[iid].name)
860		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
861	mtx_unlock(&softc->ctl_lock);
862	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
863	free(msg, M_CTL);
864}
865
866void
867ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
868    uint8_t page, uint8_t subpage)
869{
870	struct ctl_softc *softc = lun->ctl_softc;
871	union ctl_ha_msg msg;
872	int i;
873
874	if (softc->ha_link != CTL_HA_LINK_ONLINE)
875		return;
876	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
877		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
878		    page && lun->mode_pages.index[i].subpage == subpage)
879			break;
880	}
881	if (i == CTL_NUM_MODE_PAGES)
882		return;
883	bzero(&msg.mode, sizeof(msg.mode));
884	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
885	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
886	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
887	msg.hdr.nexus.targ_lun = lun->lun;
888	msg.hdr.nexus.targ_mapped_lun = lun->lun;
889	msg.mode.page_code = page;
890	msg.mode.subpage = subpage;
891	msg.mode.page_len = lun->mode_pages.index[i].page_len;
892	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
893	    msg.mode.page_len);
894	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
895	    M_WAITOK);
896}
897
898static void
899ctl_isc_ha_link_up(struct ctl_softc *softc)
900{
901	struct ctl_port *port;
902	struct ctl_lun *lun;
903	union ctl_ha_msg msg;
904	int i;
905
906	/* Announce this node parameters to peer for validation. */
907	msg.login.msg_type = CTL_MSG_LOGIN;
908	msg.login.version = CTL_HA_VERSION;
909	msg.login.ha_mode = softc->ha_mode;
910	msg.login.ha_id = softc->ha_id;
911	msg.login.max_luns = CTL_MAX_LUNS;
912	msg.login.max_ports = CTL_MAX_PORTS;
913	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
914	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
915	    M_WAITOK);
916
917	STAILQ_FOREACH(port, &softc->port_list, links) {
918		ctl_isc_announce_port(port);
919		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
920			if (port->wwpn_iid[i].in_use)
921				ctl_isc_announce_iid(port, i);
922		}
923	}
924	STAILQ_FOREACH(lun, &softc->lun_list, links)
925		ctl_isc_announce_lun(lun);
926}
927
928static void
929ctl_isc_ha_link_down(struct ctl_softc *softc)
930{
931	struct ctl_port *port;
932	struct ctl_lun *lun;
933	union ctl_io *io;
934	int i;
935
936	mtx_lock(&softc->ctl_lock);
937	STAILQ_FOREACH(lun, &softc->lun_list, links) {
938		mtx_lock(&lun->lun_lock);
939		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
940			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
941			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
942		}
943		mtx_unlock(&lun->lun_lock);
944
945		mtx_unlock(&softc->ctl_lock);
946		io = ctl_alloc_io(softc->othersc_pool);
947		mtx_lock(&softc->ctl_lock);
948		ctl_zero_io(io);
949		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
950		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
951		ctl_enqueue_isc(io);
952	}
953
954	STAILQ_FOREACH(port, &softc->port_list, links) {
955		if (port->targ_port >= softc->port_min &&
956		    port->targ_port < softc->port_max)
957			continue;
958		port->status &= ~CTL_PORT_STATUS_ONLINE;
959		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
960			port->wwpn_iid[i].in_use = 0;
961			free(port->wwpn_iid[i].name, M_CTL);
962			port->wwpn_iid[i].name = NULL;
963		}
964	}
965	mtx_unlock(&softc->ctl_lock);
966}
967
968static void
969ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
970{
971	struct ctl_lun *lun;
972	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
973
974	mtx_lock(&softc->ctl_lock);
975	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
976	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
977		mtx_lock(&lun->lun_lock);
978		mtx_unlock(&softc->ctl_lock);
979		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
980		    msg->ua.ua_set)
981			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
982		if (msg->ua.ua_all) {
983			if (msg->ua.ua_set)
984				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
985			else
986				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
987		} else {
988			if (msg->ua.ua_set)
989				ctl_est_ua(lun, iid, msg->ua.ua_type);
990			else
991				ctl_clr_ua(lun, iid, msg->ua.ua_type);
992		}
993		mtx_unlock(&lun->lun_lock);
994	} else
995		mtx_unlock(&softc->ctl_lock);
996}
997
998static void
999ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1000{
1001	struct ctl_lun *lun;
1002	struct ctl_ha_msg_lun_pr_key pr_key;
1003	int i, k;
1004	ctl_lun_flags oflags;
1005	uint32_t targ_lun;
1006
1007	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1008	mtx_lock(&softc->ctl_lock);
1009	if ((targ_lun >= CTL_MAX_LUNS) ||
1010	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1011		mtx_unlock(&softc->ctl_lock);
1012		return;
1013	}
1014	mtx_lock(&lun->lun_lock);
1015	mtx_unlock(&softc->ctl_lock);
1016	if (lun->flags & CTL_LUN_DISABLED) {
1017		mtx_unlock(&lun->lun_lock);
1018		return;
1019	}
1020	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1021	if (msg->lun.lun_devid_len != i || (i > 0 &&
1022	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1023		mtx_unlock(&lun->lun_lock);
1024		printf("%s: Received conflicting HA LUN %d\n",
1025		    __func__, msg->hdr.nexus.targ_lun);
1026		return;
1027	} else {
1028		/* Record whether peer is primary. */
1029		oflags = lun->flags;
1030		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1031		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1032			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1033		else
1034			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1035		if (oflags != lun->flags)
1036			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1037
1038		/* If peer is primary and we are not -- use data */
1039		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1040		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1041			lun->PRGeneration = msg->lun.pr_generation;
1042			lun->pr_res_idx = msg->lun.pr_res_idx;
1043			lun->res_type = msg->lun.pr_res_type;
1044			lun->pr_key_count = msg->lun.pr_key_count;
1045			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1046				ctl_clr_prkey(lun, k);
1047			for (k = 0; k < msg->lun.pr_key_count; k++) {
1048				memcpy(&pr_key, &msg->lun.data[i],
1049				    sizeof(pr_key));
1050				ctl_alloc_prkey(lun, pr_key.pr_iid);
1051				ctl_set_prkey(lun, pr_key.pr_iid,
1052				    pr_key.pr_key);
1053				i += sizeof(pr_key);
1054			}
1055		}
1056
1057		mtx_unlock(&lun->lun_lock);
1058		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1059		    __func__, msg->hdr.nexus.targ_lun,
1060		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1061		    "primary" : "secondary"));
1062
1063		/* If we are primary but peer doesn't know -- notify */
1064		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1065		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1066			ctl_isc_announce_lun(lun);
1067	}
1068}
1069
1070static void
1071ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1072{
1073	struct ctl_port *port;
1074	struct ctl_lun *lun;
1075	int i, new;
1076
1077	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1078	if (port == NULL) {
1079		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1080		    msg->hdr.nexus.targ_port));
1081		new = 1;
1082		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1083		port->frontend = &ha_frontend;
1084		port->targ_port = msg->hdr.nexus.targ_port;
1085		port->fe_datamove = ctl_ha_datamove;
1086		port->fe_done = ctl_ha_done;
1087	} else if (port->frontend == &ha_frontend) {
1088		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1089		    msg->hdr.nexus.targ_port));
1090		new = 0;
1091	} else {
1092		printf("%s: Received conflicting HA port %d\n",
1093		    __func__, msg->hdr.nexus.targ_port);
1094		return;
1095	}
1096	port->port_type = msg->port.port_type;
1097	port->physical_port = msg->port.physical_port;
1098	port->virtual_port = msg->port.virtual_port;
1099	port->status = msg->port.status;
1100	i = 0;
1101	free(port->port_name, M_CTL);
1102	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1103	    M_CTL);
1104	i += msg->port.name_len;
1105	if (msg->port.lun_map_len != 0) {
1106		if (port->lun_map == NULL)
1107			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1108			    M_CTL, M_WAITOK);
1109		memcpy(port->lun_map, &msg->port.data[i],
1110		    sizeof(uint32_t) * CTL_MAX_LUNS);
1111		i += msg->port.lun_map_len;
1112	} else {
1113		free(port->lun_map, M_CTL);
1114		port->lun_map = NULL;
1115	}
1116	if (msg->port.port_devid_len != 0) {
1117		if (port->port_devid == NULL ||
1118		    port->port_devid->len != msg->port.port_devid_len) {
1119			free(port->port_devid, M_CTL);
1120			port->port_devid = malloc(sizeof(struct ctl_devid) +
1121			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1122		}
1123		memcpy(port->port_devid->data, &msg->port.data[i],
1124		    msg->port.port_devid_len);
1125		port->port_devid->len = msg->port.port_devid_len;
1126		i += msg->port.port_devid_len;
1127	} else {
1128		free(port->port_devid, M_CTL);
1129		port->port_devid = NULL;
1130	}
1131	if (msg->port.target_devid_len != 0) {
1132		if (port->target_devid == NULL ||
1133		    port->target_devid->len != msg->port.target_devid_len) {
1134			free(port->target_devid, M_CTL);
1135			port->target_devid = malloc(sizeof(struct ctl_devid) +
1136			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1137		}
1138		memcpy(port->target_devid->data, &msg->port.data[i],
1139		    msg->port.target_devid_len);
1140		port->target_devid->len = msg->port.target_devid_len;
1141		i += msg->port.target_devid_len;
1142	} else {
1143		free(port->target_devid, M_CTL);
1144		port->target_devid = NULL;
1145	}
1146	if (msg->port.init_devid_len != 0) {
1147		if (port->init_devid == NULL ||
1148		    port->init_devid->len != msg->port.init_devid_len) {
1149			free(port->init_devid, M_CTL);
1150			port->init_devid = malloc(sizeof(struct ctl_devid) +
1151			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1152		}
1153		memcpy(port->init_devid->data, &msg->port.data[i],
1154		    msg->port.init_devid_len);
1155		port->init_devid->len = msg->port.init_devid_len;
1156		i += msg->port.init_devid_len;
1157	} else {
1158		free(port->init_devid, M_CTL);
1159		port->init_devid = NULL;
1160	}
1161	if (new) {
1162		if (ctl_port_register(port) != 0) {
1163			printf("%s: ctl_port_register() failed with error\n",
1164			    __func__);
1165		}
1166	}
1167	mtx_lock(&softc->ctl_lock);
1168	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1169		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1170			continue;
1171		mtx_lock(&lun->lun_lock);
1172		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1173		mtx_unlock(&lun->lun_lock);
1174	}
1175	mtx_unlock(&softc->ctl_lock);
1176}
1177
1178static void
1179ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1180{
1181	struct ctl_port *port;
1182	int iid;
1183
1184	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1185	if (port == NULL) {
1186		printf("%s: Received IID for unknown port %d\n",
1187		    __func__, msg->hdr.nexus.targ_port);
1188		return;
1189	}
1190	iid = msg->hdr.nexus.initid;
1191	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1192	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1193	free(port->wwpn_iid[iid].name, M_CTL);
1194	if (msg->iid.name_len) {
1195		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1196		    msg->iid.name_len, M_CTL);
1197	} else
1198		port->wwpn_iid[iid].name = NULL;
1199}
1200
1201static void
1202ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1203{
1204
1205	if (msg->login.version != CTL_HA_VERSION) {
1206		printf("CTL HA peers have different versions %d != %d\n",
1207		    msg->login.version, CTL_HA_VERSION);
1208		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1209		return;
1210	}
1211	if (msg->login.ha_mode != softc->ha_mode) {
1212		printf("CTL HA peers have different ha_mode %d != %d\n",
1213		    msg->login.ha_mode, softc->ha_mode);
1214		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1215		return;
1216	}
1217	if (msg->login.ha_id == softc->ha_id) {
1218		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1219		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1220		return;
1221	}
1222	if (msg->login.max_luns != CTL_MAX_LUNS ||
1223	    msg->login.max_ports != CTL_MAX_PORTS ||
1224	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1225		printf("CTL HA peers have different limits\n");
1226		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1227		return;
1228	}
1229}
1230
1231static void
1232ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1233{
1234	struct ctl_lun *lun;
1235	int i;
1236	uint32_t initidx, targ_lun;
1237
1238	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1239	mtx_lock(&softc->ctl_lock);
1240	if ((targ_lun >= CTL_MAX_LUNS) ||
1241	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1242		mtx_unlock(&softc->ctl_lock);
1243		return;
1244	}
1245	mtx_lock(&lun->lun_lock);
1246	mtx_unlock(&softc->ctl_lock);
1247	if (lun->flags & CTL_LUN_DISABLED) {
1248		mtx_unlock(&lun->lun_lock);
1249		return;
1250	}
1251	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1252		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1253		    msg->mode.page_code &&
1254		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1255			break;
1256	}
1257	if (i == CTL_NUM_MODE_PAGES) {
1258		mtx_unlock(&lun->lun_lock);
1259		return;
1260	}
1261	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1262	    lun->mode_pages.index[i].page_len);
1263	initidx = ctl_get_initindex(&msg->hdr.nexus);
1264	if (initidx != -1)
1265		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1266	mtx_unlock(&lun->lun_lock);
1267}
1268
1269/*
1270 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1271 * subsystem come in here.
1272 */
1273static void
1274ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1275{
1276	struct ctl_softc *softc = control_softc;
1277	union ctl_io *io;
1278	struct ctl_prio *presio;
1279	ctl_ha_status isc_status;
1280
1281	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1282	if (event == CTL_HA_EVT_MSG_RECV) {
1283		union ctl_ha_msg *msg, msgbuf;
1284
1285		if (param > sizeof(msgbuf))
1286			msg = malloc(param, M_CTL, M_WAITOK);
1287		else
1288			msg = &msgbuf;
1289		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1290		    M_WAITOK);
1291		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1292			printf("%s: Error receiving message: %d\n",
1293			    __func__, isc_status);
1294			if (msg != &msgbuf)
1295				free(msg, M_CTL);
1296			return;
1297		}
1298
1299		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1300		switch (msg->hdr.msg_type) {
1301		case CTL_MSG_SERIALIZE:
1302			io = ctl_alloc_io(softc->othersc_pool);
1303			ctl_zero_io(io);
1304			// populate ctsio from msg
1305			io->io_hdr.io_type = CTL_IO_SCSI;
1306			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1307			io->io_hdr.original_sc = msg->hdr.original_sc;
1308			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1309					    CTL_FLAG_IO_ACTIVE;
1310			/*
1311			 * If we're in serialization-only mode, we don't
1312			 * want to go through full done processing.  Thus
1313			 * the COPY flag.
1314			 *
1315			 * XXX KDM add another flag that is more specific.
1316			 */
1317			if (softc->ha_mode != CTL_HA_MODE_XFER)
1318				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1319			io->io_hdr.nexus = msg->hdr.nexus;
1320#if 0
1321			printf("port %u, iid %u, lun %u\n",
1322			       io->io_hdr.nexus.targ_port,
1323			       io->io_hdr.nexus.initid,
1324			       io->io_hdr.nexus.targ_lun);
1325#endif
1326			io->scsiio.tag_num = msg->scsi.tag_num;
1327			io->scsiio.tag_type = msg->scsi.tag_type;
1328#ifdef CTL_TIME_IO
1329			io->io_hdr.start_time = time_uptime;
1330			getbinuptime(&io->io_hdr.start_bt);
1331#endif /* CTL_TIME_IO */
1332			io->scsiio.cdb_len = msg->scsi.cdb_len;
1333			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1334			       CTL_MAX_CDBLEN);
1335			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1336				const struct ctl_cmd_entry *entry;
1337
1338				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1339				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1340				io->io_hdr.flags |=
1341					entry->flags & CTL_FLAG_DATA_MASK;
1342			}
1343			ctl_enqueue_isc(io);
1344			break;
1345
1346		/* Performed on the Originating SC, XFER mode only */
1347		case CTL_MSG_DATAMOVE: {
1348			struct ctl_sg_entry *sgl;
1349			int i, j;
1350
1351			io = msg->hdr.original_sc;
1352			if (io == NULL) {
1353				printf("%s: original_sc == NULL!\n", __func__);
1354				/* XXX KDM do something here */
1355				break;
1356			}
1357			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1358			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1359			/*
1360			 * Keep track of this, we need to send it back over
1361			 * when the datamove is complete.
1362			 */
1363			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1364			if (msg->hdr.status == CTL_SUCCESS)
1365				io->io_hdr.status = msg->hdr.status;
1366
1367			if (msg->dt.sg_sequence == 0) {
1368#ifdef CTL_TIME_IO
1369				getbinuptime(&io->io_hdr.dma_start_bt);
1370#endif
1371				i = msg->dt.kern_sg_entries +
1372				    msg->dt.kern_data_len /
1373				    CTL_HA_DATAMOVE_SEGMENT + 1;
1374				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1375				    M_WAITOK | M_ZERO);
1376				io->io_hdr.remote_sglist = sgl;
1377				io->io_hdr.local_sglist =
1378				    &sgl[msg->dt.kern_sg_entries];
1379
1380				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1381
1382				io->scsiio.kern_sg_entries =
1383					msg->dt.kern_sg_entries;
1384				io->scsiio.rem_sg_entries =
1385					msg->dt.kern_sg_entries;
1386				io->scsiio.kern_data_len =
1387					msg->dt.kern_data_len;
1388				io->scsiio.kern_total_len =
1389					msg->dt.kern_total_len;
1390				io->scsiio.kern_data_resid =
1391					msg->dt.kern_data_resid;
1392				io->scsiio.kern_rel_offset =
1393					msg->dt.kern_rel_offset;
1394				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1395				io->io_hdr.flags |= msg->dt.flags &
1396				    CTL_FLAG_BUS_ADDR;
1397			} else
1398				sgl = (struct ctl_sg_entry *)
1399					io->scsiio.kern_data_ptr;
1400
1401			for (i = msg->dt.sent_sg_entries, j = 0;
1402			     i < (msg->dt.sent_sg_entries +
1403			     msg->dt.cur_sg_entries); i++, j++) {
1404				sgl[i].addr = msg->dt.sg_list[j].addr;
1405				sgl[i].len = msg->dt.sg_list[j].len;
1406
1407#if 0
1408				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1409				    __func__, sgl[i].addr, sgl[i].len, j, i);
1410#endif
1411			}
1412
1413			/*
1414			 * If this is the last piece of the I/O, we've got
1415			 * the full S/G list.  Queue processing in the thread.
1416			 * Otherwise wait for the next piece.
1417			 */
1418			if (msg->dt.sg_last != 0)
1419				ctl_enqueue_isc(io);
1420			break;
1421		}
1422		/* Performed on the Serializing (primary) SC, XFER mode only */
1423		case CTL_MSG_DATAMOVE_DONE: {
1424			if (msg->hdr.serializing_sc == NULL) {
1425				printf("%s: serializing_sc == NULL!\n",
1426				       __func__);
1427				/* XXX KDM now what? */
1428				break;
1429			}
1430			/*
1431			 * We grab the sense information here in case
1432			 * there was a failure, so we can return status
1433			 * back to the initiator.
1434			 */
1435			io = msg->hdr.serializing_sc;
1436			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1437			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1438			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1439			io->io_hdr.port_status = msg->scsi.fetd_status;
1440			io->scsiio.residual = msg->scsi.residual;
1441			if (msg->hdr.status != CTL_STATUS_NONE) {
1442				io->io_hdr.status = msg->hdr.status;
1443				io->scsiio.scsi_status = msg->scsi.scsi_status;
1444				io->scsiio.sense_len = msg->scsi.sense_len;
1445				io->scsiio.sense_residual =msg->scsi.sense_residual;
1446				memcpy(&io->scsiio.sense_data,
1447				    &msg->scsi.sense_data,
1448				    msg->scsi.sense_len);
1449				if (msg->hdr.status == CTL_SUCCESS)
1450					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1451			}
1452			ctl_enqueue_isc(io);
1453			break;
1454		}
1455
1456		/* Preformed on Originating SC, SER_ONLY mode */
1457		case CTL_MSG_R2R:
1458			io = msg->hdr.original_sc;
1459			if (io == NULL) {
1460				printf("%s: original_sc == NULL!\n",
1461				    __func__);
1462				break;
1463			}
1464			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1465			io->io_hdr.msg_type = CTL_MSG_R2R;
1466			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1467			ctl_enqueue_isc(io);
1468			break;
1469
1470		/*
1471		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1472		 * mode.
1473		 * Performed on the Originating (i.e. secondary) SC in XFER
1474		 * mode
1475		 */
1476		case CTL_MSG_FINISH_IO:
1477			if (softc->ha_mode == CTL_HA_MODE_XFER)
1478				ctl_isc_handler_finish_xfer(softc, msg);
1479			else
1480				ctl_isc_handler_finish_ser_only(softc, msg);
1481			break;
1482
1483		/* Preformed on Originating SC */
1484		case CTL_MSG_BAD_JUJU:
1485			io = msg->hdr.original_sc;
1486			if (io == NULL) {
1487				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1488				       __func__);
1489				break;
1490			}
1491			ctl_copy_sense_data(msg, io);
1492			/*
1493			 * IO should have already been cleaned up on other
1494			 * SC so clear this flag so we won't send a message
1495			 * back to finish the IO there.
1496			 */
1497			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1498			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1499
1500			/* io = msg->hdr.serializing_sc; */
1501			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1502			ctl_enqueue_isc(io);
1503			break;
1504
1505		/* Handle resets sent from the other side */
1506		case CTL_MSG_MANAGE_TASKS: {
1507			struct ctl_taskio *taskio;
1508			taskio = (struct ctl_taskio *)ctl_alloc_io(
1509			    softc->othersc_pool);
1510			ctl_zero_io((union ctl_io *)taskio);
1511			taskio->io_hdr.io_type = CTL_IO_TASK;
1512			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1513			taskio->io_hdr.nexus = msg->hdr.nexus;
1514			taskio->task_action = msg->task.task_action;
1515			taskio->tag_num = msg->task.tag_num;
1516			taskio->tag_type = msg->task.tag_type;
1517#ifdef CTL_TIME_IO
1518			taskio->io_hdr.start_time = time_uptime;
1519			getbinuptime(&taskio->io_hdr.start_bt);
1520#endif /* CTL_TIME_IO */
1521			ctl_run_task((union ctl_io *)taskio);
1522			break;
1523		}
1524		/* Persistent Reserve action which needs attention */
1525		case CTL_MSG_PERS_ACTION:
1526			presio = (struct ctl_prio *)ctl_alloc_io(
1527			    softc->othersc_pool);
1528			ctl_zero_io((union ctl_io *)presio);
1529			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1530			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1531			presio->io_hdr.nexus = msg->hdr.nexus;
1532			presio->pr_msg = msg->pr;
1533			ctl_enqueue_isc((union ctl_io *)presio);
1534			break;
1535		case CTL_MSG_UA:
1536			ctl_isc_ua(softc, msg, param);
1537			break;
1538		case CTL_MSG_PORT_SYNC:
1539			ctl_isc_port_sync(softc, msg, param);
1540			break;
1541		case CTL_MSG_LUN_SYNC:
1542			ctl_isc_lun_sync(softc, msg, param);
1543			break;
1544		case CTL_MSG_IID_SYNC:
1545			ctl_isc_iid_sync(softc, msg, param);
1546			break;
1547		case CTL_MSG_LOGIN:
1548			ctl_isc_login(softc, msg, param);
1549			break;
1550		case CTL_MSG_MODE_SYNC:
1551			ctl_isc_mode_sync(softc, msg, param);
1552			break;
1553		default:
1554			printf("Received HA message of unknown type %d\n",
1555			    msg->hdr.msg_type);
1556			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1557			break;
1558		}
1559		if (msg != &msgbuf)
1560			free(msg, M_CTL);
1561	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1562		printf("CTL: HA link status changed from %d to %d\n",
1563		    softc->ha_link, param);
1564		if (param == softc->ha_link)
1565			return;
1566		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1567			softc->ha_link = param;
1568			ctl_isc_ha_link_down(softc);
1569		} else {
1570			softc->ha_link = param;
1571			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1572				ctl_isc_ha_link_up(softc);
1573		}
1574		return;
1575	} else {
1576		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1577		return;
1578	}
1579}
1580
1581static void
1582ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1583{
1584
1585	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1586	    src->scsi.sense_len);
1587	dest->scsiio.scsi_status = src->scsi.scsi_status;
1588	dest->scsiio.sense_len = src->scsi.sense_len;
1589	dest->io_hdr.status = src->hdr.status;
1590}
1591
1592static void
1593ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1594{
1595
1596	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1597	    src->scsiio.sense_len);
1598	dest->scsi.scsi_status = src->scsiio.scsi_status;
1599	dest->scsi.sense_len = src->scsiio.sense_len;
1600	dest->hdr.status = src->io_hdr.status;
1601}
1602
1603void
1604ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1605{
1606	struct ctl_softc *softc = lun->ctl_softc;
1607	ctl_ua_type *pu;
1608
1609	if (initidx < softc->init_min || initidx >= softc->init_max)
1610		return;
1611	mtx_assert(&lun->lun_lock, MA_OWNED);
1612	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1613	if (pu == NULL)
1614		return;
1615	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1616}
1617
1618void
1619ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1620{
1621	int i;
1622
1623	mtx_assert(&lun->lun_lock, MA_OWNED);
1624	if (lun->pending_ua[port] == NULL)
1625		return;
1626	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1627		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1628			continue;
1629		lun->pending_ua[port][i] |= ua;
1630	}
1631}
1632
1633void
1634ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1635{
1636	struct ctl_softc *softc = lun->ctl_softc;
1637	int i;
1638
1639	mtx_assert(&lun->lun_lock, MA_OWNED);
1640	for (i = softc->port_min; i < softc->port_max; i++)
1641		ctl_est_ua_port(lun, i, except, ua);
1642}
1643
1644void
1645ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1646{
1647	struct ctl_softc *softc = lun->ctl_softc;
1648	ctl_ua_type *pu;
1649
1650	if (initidx < softc->init_min || initidx >= softc->init_max)
1651		return;
1652	mtx_assert(&lun->lun_lock, MA_OWNED);
1653	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1654	if (pu == NULL)
1655		return;
1656	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1657}
1658
1659void
1660ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1661{
1662	struct ctl_softc *softc = lun->ctl_softc;
1663	int i, j;
1664
1665	mtx_assert(&lun->lun_lock, MA_OWNED);
1666	for (i = softc->port_min; i < softc->port_max; i++) {
1667		if (lun->pending_ua[i] == NULL)
1668			continue;
1669		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1670			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1671				continue;
1672			lun->pending_ua[i][j] &= ~ua;
1673		}
1674	}
1675}
1676
1677void
1678ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1679    ctl_ua_type ua_type)
1680{
1681	struct ctl_lun *lun;
1682
1683	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1684	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1685		mtx_lock(&lun->lun_lock);
1686		ctl_clr_ua(lun, initidx, ua_type);
1687		mtx_unlock(&lun->lun_lock);
1688	}
1689}
1690
1691static int
1692ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1693{
1694	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1695	struct ctl_lun *lun;
1696	struct ctl_lun_req ireq;
1697	int error, value;
1698
1699	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1700	error = sysctl_handle_int(oidp, &value, 0, req);
1701	if ((error != 0) || (req->newptr == NULL))
1702		return (error);
1703
1704	mtx_lock(&softc->ctl_lock);
1705	if (value == 0)
1706		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1707	else
1708		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1709	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1710		mtx_unlock(&softc->ctl_lock);
1711		bzero(&ireq, sizeof(ireq));
1712		ireq.reqtype = CTL_LUNREQ_MODIFY;
1713		ireq.reqdata.modify.lun_id = lun->lun;
1714		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1715		    curthread);
1716		if (ireq.status != CTL_LUN_OK) {
1717			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1718			    __func__, ireq.status, ireq.error_str);
1719		}
1720		mtx_lock(&softc->ctl_lock);
1721	}
1722	mtx_unlock(&softc->ctl_lock);
1723	return (0);
1724}
1725
1726static int
1727ctl_init(void)
1728{
1729	struct ctl_softc *softc;
1730	void *other_pool;
1731	int i, error;
1732
1733	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1734			       M_WAITOK | M_ZERO);
1735
1736	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1737			      "cam/ctl");
1738	softc->dev->si_drv1 = softc;
1739
1740	sysctl_ctx_init(&softc->sysctl_ctx);
1741	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1742		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1743		CTLFLAG_RD, 0, "CAM Target Layer");
1744
1745	if (softc->sysctl_tree == NULL) {
1746		printf("%s: unable to allocate sysctl tree\n", __func__);
1747		destroy_dev(softc->dev);
1748		free(control_softc, M_DEVBUF);
1749		control_softc = NULL;
1750		return (ENOMEM);
1751	}
1752
1753	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1754	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1755	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1756	softc->flags = 0;
1757
1758	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1759	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1760	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1761
1762	/*
1763	 * In Copan's HA scheme, the "master" and "slave" roles are
1764	 * figured out through the slot the controller is in.  Although it
1765	 * is an active/active system, someone has to be in charge.
1766	 */
1767	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1768	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1769	    "HA head ID (0 - no HA)");
1770	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1771		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1772		softc->is_single = 1;
1773		softc->port_cnt = CTL_MAX_PORTS;
1774		softc->port_min = 0;
1775	} else {
1776		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1777		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1778	}
1779	softc->port_max = softc->port_min + softc->port_cnt;
1780	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1781	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1782
1783	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1784	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1785	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1786
1787	STAILQ_INIT(&softc->lun_list);
1788	STAILQ_INIT(&softc->pending_lun_queue);
1789	STAILQ_INIT(&softc->fe_list);
1790	STAILQ_INIT(&softc->port_list);
1791	STAILQ_INIT(&softc->be_list);
1792	ctl_tpc_init(softc);
1793
1794	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1795	                    &other_pool) != 0)
1796	{
1797		printf("ctl: can't allocate %d entry other SC pool, "
1798		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1799		return (ENOMEM);
1800	}
1801	softc->othersc_pool = other_pool;
1802
1803	if (worker_threads <= 0)
1804		worker_threads = max(1, mp_ncpus / 4);
1805	if (worker_threads > CTL_MAX_THREADS)
1806		worker_threads = CTL_MAX_THREADS;
1807
1808	for (i = 0; i < worker_threads; i++) {
1809		struct ctl_thread *thr = &softc->threads[i];
1810
1811		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1812		thr->ctl_softc = softc;
1813		STAILQ_INIT(&thr->incoming_queue);
1814		STAILQ_INIT(&thr->rtr_queue);
1815		STAILQ_INIT(&thr->done_queue);
1816		STAILQ_INIT(&thr->isc_queue);
1817
1818		error = kproc_kthread_add(ctl_work_thread, thr,
1819		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1820		if (error != 0) {
1821			printf("error creating CTL work thread!\n");
1822			ctl_pool_free(other_pool);
1823			return (error);
1824		}
1825	}
1826	error = kproc_kthread_add(ctl_lun_thread, softc,
1827	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1828	if (error != 0) {
1829		printf("error creating CTL lun thread!\n");
1830		ctl_pool_free(other_pool);
1831		return (error);
1832	}
1833	error = kproc_kthread_add(ctl_thresh_thread, softc,
1834	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1835	if (error != 0) {
1836		printf("error creating CTL threshold thread!\n");
1837		ctl_pool_free(other_pool);
1838		return (error);
1839	}
1840
1841	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1842	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1843	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1844
1845	if (softc->is_single == 0) {
1846		ctl_frontend_register(&ha_frontend);
1847		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1848			printf("ctl_init: ctl_ha_msg_init failed.\n");
1849			softc->is_single = 1;
1850		} else
1851		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1852		    != CTL_HA_STATUS_SUCCESS) {
1853			printf("ctl_init: ctl_ha_msg_register failed.\n");
1854			softc->is_single = 1;
1855		}
1856	}
1857	return (0);
1858}
1859
1860void
1861ctl_shutdown(void)
1862{
1863	struct ctl_softc *softc = control_softc;
1864	struct ctl_lun *lun, *next_lun;
1865
1866	if (softc->is_single == 0) {
1867		ctl_ha_msg_shutdown(softc);
1868		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1869		    != CTL_HA_STATUS_SUCCESS)
1870			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1871		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1872			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1873		ctl_frontend_deregister(&ha_frontend);
1874	}
1875
1876	mtx_lock(&softc->ctl_lock);
1877
1878	/*
1879	 * Free up each LUN.
1880	 */
1881	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1882		next_lun = STAILQ_NEXT(lun, links);
1883		ctl_free_lun(lun);
1884	}
1885
1886	mtx_unlock(&softc->ctl_lock);
1887
1888#if 0
1889	ctl_shutdown_thread(softc->work_thread);
1890	mtx_destroy(&softc->queue_lock);
1891#endif
1892
1893	ctl_tpc_shutdown(softc);
1894	uma_zdestroy(softc->io_zone);
1895	mtx_destroy(&softc->ctl_lock);
1896
1897	destroy_dev(softc->dev);
1898
1899	sysctl_ctx_free(&softc->sysctl_ctx);
1900
1901	free(control_softc, M_DEVBUF);
1902	control_softc = NULL;
1903}
1904
1905static int
1906ctl_module_event_handler(module_t mod, int what, void *arg)
1907{
1908
1909	switch (what) {
1910	case MOD_LOAD:
1911		return (ctl_init());
1912	case MOD_UNLOAD:
1913		return (EBUSY);
1914	default:
1915		return (EOPNOTSUPP);
1916	}
1917}
1918
1919/*
1920 * XXX KDM should we do some access checks here?  Bump a reference count to
1921 * prevent a CTL module from being unloaded while someone has it open?
1922 */
1923static int
1924ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1925{
1926	return (0);
1927}
1928
1929static int
1930ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1931{
1932	return (0);
1933}
1934
1935/*
1936 * Remove an initiator by port number and initiator ID.
1937 * Returns 0 for success, -1 for failure.
1938 */
1939int
1940ctl_remove_initiator(struct ctl_port *port, int iid)
1941{
1942	struct ctl_softc *softc = port->ctl_softc;
1943
1944	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1945
1946	if (iid > CTL_MAX_INIT_PER_PORT) {
1947		printf("%s: initiator ID %u > maximun %u!\n",
1948		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1949		return (-1);
1950	}
1951
1952	mtx_lock(&softc->ctl_lock);
1953	port->wwpn_iid[iid].in_use--;
1954	port->wwpn_iid[iid].last_use = time_uptime;
1955	mtx_unlock(&softc->ctl_lock);
1956	ctl_isc_announce_iid(port, iid);
1957
1958	return (0);
1959}
1960
1961/*
1962 * Add an initiator to the initiator map.
1963 * Returns iid for success, < 0 for failure.
1964 */
1965int
1966ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1967{
1968	struct ctl_softc *softc = port->ctl_softc;
1969	time_t best_time;
1970	int i, best;
1971
1972	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1973
1974	if (iid >= CTL_MAX_INIT_PER_PORT) {
1975		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1976		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1977		free(name, M_CTL);
1978		return (-1);
1979	}
1980
1981	mtx_lock(&softc->ctl_lock);
1982
1983	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1984		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1985			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1986				iid = i;
1987				break;
1988			}
1989			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1990			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1991				iid = i;
1992				break;
1993			}
1994		}
1995	}
1996
1997	if (iid < 0) {
1998		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1999			if (port->wwpn_iid[i].in_use == 0 &&
2000			    port->wwpn_iid[i].wwpn == 0 &&
2001			    port->wwpn_iid[i].name == NULL) {
2002				iid = i;
2003				break;
2004			}
2005		}
2006	}
2007
2008	if (iid < 0) {
2009		best = -1;
2010		best_time = INT32_MAX;
2011		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2012			if (port->wwpn_iid[i].in_use == 0) {
2013				if (port->wwpn_iid[i].last_use < best_time) {
2014					best = i;
2015					best_time = port->wwpn_iid[i].last_use;
2016				}
2017			}
2018		}
2019		iid = best;
2020	}
2021
2022	if (iid < 0) {
2023		mtx_unlock(&softc->ctl_lock);
2024		free(name, M_CTL);
2025		return (-2);
2026	}
2027
2028	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2029		/*
2030		 * This is not an error yet.
2031		 */
2032		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2033#if 0
2034			printf("%s: port %d iid %u WWPN %#jx arrived"
2035			    " again\n", __func__, port->targ_port,
2036			    iid, (uintmax_t)wwpn);
2037#endif
2038			goto take;
2039		}
2040		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2041		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2042#if 0
2043			printf("%s: port %d iid %u name '%s' arrived"
2044			    " again\n", __func__, port->targ_port,
2045			    iid, name);
2046#endif
2047			goto take;
2048		}
2049
2050		/*
2051		 * This is an error, but what do we do about it?  The
2052		 * driver is telling us we have a new WWPN for this
2053		 * initiator ID, so we pretty much need to use it.
2054		 */
2055		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2056		    " but WWPN %#jx '%s' is still at that address\n",
2057		    __func__, port->targ_port, iid, wwpn, name,
2058		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2059		    port->wwpn_iid[iid].name);
2060
2061		/*
2062		 * XXX KDM clear have_ca and ua_pending on each LUN for
2063		 * this initiator.
2064		 */
2065	}
2066take:
2067	free(port->wwpn_iid[iid].name, M_CTL);
2068	port->wwpn_iid[iid].name = name;
2069	port->wwpn_iid[iid].wwpn = wwpn;
2070	port->wwpn_iid[iid].in_use++;
2071	mtx_unlock(&softc->ctl_lock);
2072	ctl_isc_announce_iid(port, iid);
2073
2074	return (iid);
2075}
2076
2077static int
2078ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2079{
2080	int len;
2081
2082	switch (port->port_type) {
2083	case CTL_PORT_FC:
2084	{
2085		struct scsi_transportid_fcp *id =
2086		    (struct scsi_transportid_fcp *)buf;
2087		if (port->wwpn_iid[iid].wwpn == 0)
2088			return (0);
2089		memset(id, 0, sizeof(*id));
2090		id->format_protocol = SCSI_PROTO_FC;
2091		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2092		return (sizeof(*id));
2093	}
2094	case CTL_PORT_ISCSI:
2095	{
2096		struct scsi_transportid_iscsi_port *id =
2097		    (struct scsi_transportid_iscsi_port *)buf;
2098		if (port->wwpn_iid[iid].name == NULL)
2099			return (0);
2100		memset(id, 0, 256);
2101		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2102		    SCSI_PROTO_ISCSI;
2103		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2104		len = roundup2(min(len, 252), 4);
2105		scsi_ulto2b(len, id->additional_length);
2106		return (sizeof(*id) + len);
2107	}
2108	case CTL_PORT_SAS:
2109	{
2110		struct scsi_transportid_sas *id =
2111		    (struct scsi_transportid_sas *)buf;
2112		if (port->wwpn_iid[iid].wwpn == 0)
2113			return (0);
2114		memset(id, 0, sizeof(*id));
2115		id->format_protocol = SCSI_PROTO_SAS;
2116		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2117		return (sizeof(*id));
2118	}
2119	default:
2120	{
2121		struct scsi_transportid_spi *id =
2122		    (struct scsi_transportid_spi *)buf;
2123		memset(id, 0, sizeof(*id));
2124		id->format_protocol = SCSI_PROTO_SPI;
2125		scsi_ulto2b(iid, id->scsi_addr);
2126		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2127		return (sizeof(*id));
2128	}
2129	}
2130}
2131
2132/*
2133 * Serialize a command that went down the "wrong" side, and so was sent to
2134 * this controller for execution.  The logic is a little different than the
2135 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2136 * sent back to the other side, but in the success case, we execute the
2137 * command on this side (XFER mode) or tell the other side to execute it
2138 * (SER_ONLY mode).
2139 */
2140static int
2141ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2142{
2143	struct ctl_softc *softc = control_softc;
2144	union ctl_ha_msg msg_info;
2145	struct ctl_port *port;
2146	struct ctl_lun *lun;
2147	const struct ctl_cmd_entry *entry;
2148	int retval = 0;
2149	uint32_t targ_lun;
2150
2151	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2152	mtx_lock(&softc->ctl_lock);
2153
2154	/* Make sure that we know about this port. */
2155	port = ctl_io_port(&ctsio->io_hdr);
2156	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2157		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2158					 /*retry_count*/ 1);
2159		goto badjuju;
2160	}
2161
2162	/* Make sure that we know about this LUN. */
2163	if ((targ_lun < CTL_MAX_LUNS) &&
2164	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2165		mtx_lock(&lun->lun_lock);
2166		mtx_unlock(&softc->ctl_lock);
2167		/*
2168		 * If the LUN is invalid, pretend that it doesn't exist.
2169		 * It will go away as soon as all pending I/O has been
2170		 * completed.
2171		 */
2172		if (lun->flags & CTL_LUN_DISABLED) {
2173			mtx_unlock(&lun->lun_lock);
2174			lun = NULL;
2175		}
2176	} else {
2177		mtx_unlock(&softc->ctl_lock);
2178		lun = NULL;
2179	}
2180	if (lun == NULL) {
2181		/*
2182		 * The other node would not send this request to us unless
2183		 * received announce that we are primary node for this LUN.
2184		 * If this LUN does not exist now, it is probably result of
2185		 * a race, so respond to initiator in the most opaque way.
2186		 */
2187		ctl_set_busy(ctsio);
2188		goto badjuju;
2189	}
2190
2191	entry = ctl_get_cmd_entry(ctsio, NULL);
2192	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2193		mtx_unlock(&lun->lun_lock);
2194		goto badjuju;
2195	}
2196
2197	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2198	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2199
2200	/*
2201	 * Every I/O goes into the OOA queue for a
2202	 * particular LUN, and stays there until completion.
2203	 */
2204#ifdef CTL_TIME_IO
2205	if (TAILQ_EMPTY(&lun->ooa_queue))
2206		lun->idle_time += getsbinuptime() - lun->last_busy;
2207#endif
2208	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2209
2210	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2211		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2212		 ooa_links))) {
2213	case CTL_ACTION_BLOCK:
2214		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2215		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2216				  blocked_links);
2217		mtx_unlock(&lun->lun_lock);
2218		break;
2219	case CTL_ACTION_PASS:
2220	case CTL_ACTION_SKIP:
2221		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2222			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2223			ctl_enqueue_rtr((union ctl_io *)ctsio);
2224			mtx_unlock(&lun->lun_lock);
2225		} else {
2226			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2227			mtx_unlock(&lun->lun_lock);
2228
2229			/* send msg back to other side */
2230			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2231			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2232			msg_info.hdr.msg_type = CTL_MSG_R2R;
2233			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2234			    sizeof(msg_info.hdr), M_WAITOK);
2235		}
2236		break;
2237	case CTL_ACTION_OVERLAP:
2238		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2239		mtx_unlock(&lun->lun_lock);
2240		ctl_set_overlapped_cmd(ctsio);
2241		goto badjuju;
2242	case CTL_ACTION_OVERLAP_TAG:
2243		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2244		mtx_unlock(&lun->lun_lock);
2245		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2246		goto badjuju;
2247	case CTL_ACTION_ERROR:
2248	default:
2249		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2250		mtx_unlock(&lun->lun_lock);
2251
2252		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2253					 /*retry_count*/ 0);
2254badjuju:
2255		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2256		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2257		msg_info.hdr.serializing_sc = NULL;
2258		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2259		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2260		    sizeof(msg_info.scsi), M_WAITOK);
2261		retval = 1;
2262		break;
2263	}
2264	return (retval);
2265}
2266
2267/*
2268 * Returns 0 for success, errno for failure.
2269 */
2270static void
2271ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2272		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2273{
2274	union ctl_io *io;
2275
2276	mtx_lock(&lun->lun_lock);
2277	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2278	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2279	     ooa_links)) {
2280		struct ctl_ooa_entry *entry;
2281
2282		/*
2283		 * If we've got more than we can fit, just count the
2284		 * remaining entries.
2285		 */
2286		if (*cur_fill_num >= ooa_hdr->alloc_num)
2287			continue;
2288
2289		entry = &kern_entries[*cur_fill_num];
2290
2291		entry->tag_num = io->scsiio.tag_num;
2292		entry->lun_num = lun->lun;
2293#ifdef CTL_TIME_IO
2294		entry->start_bt = io->io_hdr.start_bt;
2295#endif
2296		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2297		entry->cdb_len = io->scsiio.cdb_len;
2298		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2299			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2300
2301		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2302			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2303
2304		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2305			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2306
2307		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2308			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2309
2310		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2311			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2312	}
2313	mtx_unlock(&lun->lun_lock);
2314}
2315
2316static void *
2317ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2318		 size_t error_str_len)
2319{
2320	void *kptr;
2321
2322	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2323
2324	if (copyin(user_addr, kptr, len) != 0) {
2325		snprintf(error_str, error_str_len, "Error copying %d bytes "
2326			 "from user address %p to kernel address %p", len,
2327			 user_addr, kptr);
2328		free(kptr, M_CTL);
2329		return (NULL);
2330	}
2331
2332	return (kptr);
2333}
2334
2335static void
2336ctl_free_args(int num_args, struct ctl_be_arg *args)
2337{
2338	int i;
2339
2340	if (args == NULL)
2341		return;
2342
2343	for (i = 0; i < num_args; i++) {
2344		free(args[i].kname, M_CTL);
2345		free(args[i].kvalue, M_CTL);
2346	}
2347
2348	free(args, M_CTL);
2349}
2350
2351static struct ctl_be_arg *
2352ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2353		char *error_str, size_t error_str_len)
2354{
2355	struct ctl_be_arg *args;
2356	int i;
2357
2358	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2359				error_str, error_str_len);
2360
2361	if (args == NULL)
2362		goto bailout;
2363
2364	for (i = 0; i < num_args; i++) {
2365		args[i].kname = NULL;
2366		args[i].kvalue = NULL;
2367	}
2368
2369	for (i = 0; i < num_args; i++) {
2370		uint8_t *tmpptr;
2371
2372		args[i].kname = ctl_copyin_alloc(args[i].name,
2373			args[i].namelen, error_str, error_str_len);
2374		if (args[i].kname == NULL)
2375			goto bailout;
2376
2377		if (args[i].kname[args[i].namelen - 1] != '\0') {
2378			snprintf(error_str, error_str_len, "Argument %d "
2379				 "name is not NUL-terminated", i);
2380			goto bailout;
2381		}
2382
2383		if (args[i].flags & CTL_BEARG_RD) {
2384			tmpptr = ctl_copyin_alloc(args[i].value,
2385				args[i].vallen, error_str, error_str_len);
2386			if (tmpptr == NULL)
2387				goto bailout;
2388			if ((args[i].flags & CTL_BEARG_ASCII)
2389			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2390				snprintf(error_str, error_str_len, "Argument "
2391				    "%d value is not NUL-terminated", i);
2392				goto bailout;
2393			}
2394			args[i].kvalue = tmpptr;
2395		} else {
2396			args[i].kvalue = malloc(args[i].vallen,
2397			    M_CTL, M_WAITOK | M_ZERO);
2398		}
2399	}
2400
2401	return (args);
2402bailout:
2403
2404	ctl_free_args(num_args, args);
2405
2406	return (NULL);
2407}
2408
2409static void
2410ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2411{
2412	int i;
2413
2414	for (i = 0; i < num_args; i++) {
2415		if (args[i].flags & CTL_BEARG_WR)
2416			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2417	}
2418}
2419
2420/*
2421 * Escape characters that are illegal or not recommended in XML.
2422 */
2423int
2424ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2425{
2426	char *end = str + size;
2427	int retval;
2428
2429	retval = 0;
2430
2431	for (; *str && str < end; str++) {
2432		switch (*str) {
2433		case '&':
2434			retval = sbuf_printf(sb, "&amp;");
2435			break;
2436		case '>':
2437			retval = sbuf_printf(sb, "&gt;");
2438			break;
2439		case '<':
2440			retval = sbuf_printf(sb, "&lt;");
2441			break;
2442		default:
2443			retval = sbuf_putc(sb, *str);
2444			break;
2445		}
2446
2447		if (retval != 0)
2448			break;
2449
2450	}
2451
2452	return (retval);
2453}
2454
2455static void
2456ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2457{
2458	struct scsi_vpd_id_descriptor *desc;
2459	int i;
2460
2461	if (id == NULL || id->len < 4)
2462		return;
2463	desc = (struct scsi_vpd_id_descriptor *)id->data;
2464	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2465	case SVPD_ID_TYPE_T10:
2466		sbuf_printf(sb, "t10.");
2467		break;
2468	case SVPD_ID_TYPE_EUI64:
2469		sbuf_printf(sb, "eui.");
2470		break;
2471	case SVPD_ID_TYPE_NAA:
2472		sbuf_printf(sb, "naa.");
2473		break;
2474	case SVPD_ID_TYPE_SCSI_NAME:
2475		break;
2476	}
2477	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2478	case SVPD_ID_CODESET_BINARY:
2479		for (i = 0; i < desc->length; i++)
2480			sbuf_printf(sb, "%02x", desc->identifier[i]);
2481		break;
2482	case SVPD_ID_CODESET_ASCII:
2483		sbuf_printf(sb, "%.*s", (int)desc->length,
2484		    (char *)desc->identifier);
2485		break;
2486	case SVPD_ID_CODESET_UTF8:
2487		sbuf_printf(sb, "%s", (char *)desc->identifier);
2488		break;
2489	}
2490}
2491
2492static int
2493ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2494	  struct thread *td)
2495{
2496	struct ctl_softc *softc = dev->si_drv1;
2497	struct ctl_lun *lun;
2498	int retval;
2499
2500	retval = 0;
2501
2502	switch (cmd) {
2503	case CTL_IO:
2504		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2505		break;
2506	case CTL_ENABLE_PORT:
2507	case CTL_DISABLE_PORT:
2508	case CTL_SET_PORT_WWNS: {
2509		struct ctl_port *port;
2510		struct ctl_port_entry *entry;
2511
2512		entry = (struct ctl_port_entry *)addr;
2513
2514		mtx_lock(&softc->ctl_lock);
2515		STAILQ_FOREACH(port, &softc->port_list, links) {
2516			int action, done;
2517
2518			if (port->targ_port < softc->port_min ||
2519			    port->targ_port >= softc->port_max)
2520				continue;
2521
2522			action = 0;
2523			done = 0;
2524			if ((entry->port_type == CTL_PORT_NONE)
2525			 && (entry->targ_port == port->targ_port)) {
2526				/*
2527				 * If the user only wants to enable or
2528				 * disable or set WWNs on a specific port,
2529				 * do the operation and we're done.
2530				 */
2531				action = 1;
2532				done = 1;
2533			} else if (entry->port_type & port->port_type) {
2534				/*
2535				 * Compare the user's type mask with the
2536				 * particular frontend type to see if we
2537				 * have a match.
2538				 */
2539				action = 1;
2540				done = 0;
2541
2542				/*
2543				 * Make sure the user isn't trying to set
2544				 * WWNs on multiple ports at the same time.
2545				 */
2546				if (cmd == CTL_SET_PORT_WWNS) {
2547					printf("%s: Can't set WWNs on "
2548					       "multiple ports\n", __func__);
2549					retval = EINVAL;
2550					break;
2551				}
2552			}
2553			if (action == 0)
2554				continue;
2555
2556			/*
2557			 * XXX KDM we have to drop the lock here, because
2558			 * the online/offline operations can potentially
2559			 * block.  We need to reference count the frontends
2560			 * so they can't go away,
2561			 */
2562			if (cmd == CTL_ENABLE_PORT) {
2563				mtx_unlock(&softc->ctl_lock);
2564				ctl_port_online(port);
2565				mtx_lock(&softc->ctl_lock);
2566			} else if (cmd == CTL_DISABLE_PORT) {
2567				mtx_unlock(&softc->ctl_lock);
2568				ctl_port_offline(port);
2569				mtx_lock(&softc->ctl_lock);
2570			} else if (cmd == CTL_SET_PORT_WWNS) {
2571				ctl_port_set_wwns(port,
2572				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2573				    1 : 0, entry->wwnn,
2574				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2575				    1 : 0, entry->wwpn);
2576			}
2577			if (done != 0)
2578				break;
2579		}
2580		mtx_unlock(&softc->ctl_lock);
2581		break;
2582	}
2583	case CTL_GET_OOA: {
2584		struct ctl_ooa *ooa_hdr;
2585		struct ctl_ooa_entry *entries;
2586		uint32_t cur_fill_num;
2587
2588		ooa_hdr = (struct ctl_ooa *)addr;
2589
2590		if ((ooa_hdr->alloc_len == 0)
2591		 || (ooa_hdr->alloc_num == 0)) {
2592			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2593			       "must be non-zero\n", __func__,
2594			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2595			retval = EINVAL;
2596			break;
2597		}
2598
2599		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2600		    sizeof(struct ctl_ooa_entry))) {
2601			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2602			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2603			       __func__, ooa_hdr->alloc_len,
2604			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2605			retval = EINVAL;
2606			break;
2607		}
2608
2609		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2610		if (entries == NULL) {
2611			printf("%s: could not allocate %d bytes for OOA "
2612			       "dump\n", __func__, ooa_hdr->alloc_len);
2613			retval = ENOMEM;
2614			break;
2615		}
2616
2617		mtx_lock(&softc->ctl_lock);
2618		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2619		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2620		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2621			mtx_unlock(&softc->ctl_lock);
2622			free(entries, M_CTL);
2623			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2624			       __func__, (uintmax_t)ooa_hdr->lun_num);
2625			retval = EINVAL;
2626			break;
2627		}
2628
2629		cur_fill_num = 0;
2630
2631		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2632			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2633				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2634				    ooa_hdr, entries);
2635			}
2636		} else {
2637			lun = softc->ctl_luns[ooa_hdr->lun_num];
2638			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2639			    entries);
2640		}
2641		mtx_unlock(&softc->ctl_lock);
2642
2643		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2644		ooa_hdr->fill_len = ooa_hdr->fill_num *
2645			sizeof(struct ctl_ooa_entry);
2646		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2647		if (retval != 0) {
2648			printf("%s: error copying out %d bytes for OOA dump\n",
2649			       __func__, ooa_hdr->fill_len);
2650		}
2651
2652		getbinuptime(&ooa_hdr->cur_bt);
2653
2654		if (cur_fill_num > ooa_hdr->alloc_num) {
2655			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2656			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2657		} else {
2658			ooa_hdr->dropped_num = 0;
2659			ooa_hdr->status = CTL_OOA_OK;
2660		}
2661
2662		free(entries, M_CTL);
2663		break;
2664	}
2665	case CTL_DELAY_IO: {
2666		struct ctl_io_delay_info *delay_info;
2667
2668		delay_info = (struct ctl_io_delay_info *)addr;
2669
2670#ifdef CTL_IO_DELAY
2671		mtx_lock(&softc->ctl_lock);
2672
2673		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2674		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2675			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2676		} else {
2677			lun = softc->ctl_luns[delay_info->lun_id];
2678			mtx_lock(&lun->lun_lock);
2679
2680			delay_info->status = CTL_DELAY_STATUS_OK;
2681
2682			switch (delay_info->delay_type) {
2683			case CTL_DELAY_TYPE_CONT:
2684				break;
2685			case CTL_DELAY_TYPE_ONESHOT:
2686				break;
2687			default:
2688				delay_info->status =
2689					CTL_DELAY_STATUS_INVALID_TYPE;
2690				break;
2691			}
2692
2693			switch (delay_info->delay_loc) {
2694			case CTL_DELAY_LOC_DATAMOVE:
2695				lun->delay_info.datamove_type =
2696					delay_info->delay_type;
2697				lun->delay_info.datamove_delay =
2698					delay_info->delay_secs;
2699				break;
2700			case CTL_DELAY_LOC_DONE:
2701				lun->delay_info.done_type =
2702					delay_info->delay_type;
2703				lun->delay_info.done_delay =
2704					delay_info->delay_secs;
2705				break;
2706			default:
2707				delay_info->status =
2708					CTL_DELAY_STATUS_INVALID_LOC;
2709				break;
2710			}
2711			mtx_unlock(&lun->lun_lock);
2712		}
2713
2714		mtx_unlock(&softc->ctl_lock);
2715#else
2716		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2717#endif /* CTL_IO_DELAY */
2718		break;
2719	}
2720	case CTL_GETSTATS: {
2721		struct ctl_stats *stats;
2722		int i;
2723
2724		stats = (struct ctl_stats *)addr;
2725
2726		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2727		     stats->alloc_len) {
2728			stats->status = CTL_SS_NEED_MORE_SPACE;
2729			stats->num_luns = softc->num_luns;
2730			break;
2731		}
2732		/*
2733		 * XXX KDM no locking here.  If the LUN list changes,
2734		 * things can blow up.
2735		 */
2736		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2737		     i++, lun = STAILQ_NEXT(lun, links)) {
2738			retval = copyout(&lun->stats, &stats->lun_stats[i],
2739					 sizeof(lun->stats));
2740			if (retval != 0)
2741				break;
2742		}
2743		stats->num_luns = softc->num_luns;
2744		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2745				 softc->num_luns;
2746		stats->status = CTL_SS_OK;
2747#ifdef CTL_TIME_IO
2748		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2749#else
2750		stats->flags = CTL_STATS_FLAG_NONE;
2751#endif
2752		getnanouptime(&stats->timestamp);
2753		break;
2754	}
2755	case CTL_ERROR_INJECT: {
2756		struct ctl_error_desc *err_desc, *new_err_desc;
2757
2758		err_desc = (struct ctl_error_desc *)addr;
2759
2760		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2761				      M_WAITOK | M_ZERO);
2762		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2763
2764		mtx_lock(&softc->ctl_lock);
2765		lun = softc->ctl_luns[err_desc->lun_id];
2766		if (lun == NULL) {
2767			mtx_unlock(&softc->ctl_lock);
2768			free(new_err_desc, M_CTL);
2769			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2770			       __func__, (uintmax_t)err_desc->lun_id);
2771			retval = EINVAL;
2772			break;
2773		}
2774		mtx_lock(&lun->lun_lock);
2775		mtx_unlock(&softc->ctl_lock);
2776
2777		/*
2778		 * We could do some checking here to verify the validity
2779		 * of the request, but given the complexity of error
2780		 * injection requests, the checking logic would be fairly
2781		 * complex.
2782		 *
2783		 * For now, if the request is invalid, it just won't get
2784		 * executed and might get deleted.
2785		 */
2786		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2787
2788		/*
2789		 * XXX KDM check to make sure the serial number is unique,
2790		 * in case we somehow manage to wrap.  That shouldn't
2791		 * happen for a very long time, but it's the right thing to
2792		 * do.
2793		 */
2794		new_err_desc->serial = lun->error_serial;
2795		err_desc->serial = lun->error_serial;
2796		lun->error_serial++;
2797
2798		mtx_unlock(&lun->lun_lock);
2799		break;
2800	}
2801	case CTL_ERROR_INJECT_DELETE: {
2802		struct ctl_error_desc *delete_desc, *desc, *desc2;
2803		int delete_done;
2804
2805		delete_desc = (struct ctl_error_desc *)addr;
2806		delete_done = 0;
2807
2808		mtx_lock(&softc->ctl_lock);
2809		lun = softc->ctl_luns[delete_desc->lun_id];
2810		if (lun == NULL) {
2811			mtx_unlock(&softc->ctl_lock);
2812			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2813			       __func__, (uintmax_t)delete_desc->lun_id);
2814			retval = EINVAL;
2815			break;
2816		}
2817		mtx_lock(&lun->lun_lock);
2818		mtx_unlock(&softc->ctl_lock);
2819		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2820			if (desc->serial != delete_desc->serial)
2821				continue;
2822
2823			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2824				      links);
2825			free(desc, M_CTL);
2826			delete_done = 1;
2827		}
2828		mtx_unlock(&lun->lun_lock);
2829		if (delete_done == 0) {
2830			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2831			       "error serial %ju on LUN %u\n", __func__,
2832			       delete_desc->serial, delete_desc->lun_id);
2833			retval = EINVAL;
2834			break;
2835		}
2836		break;
2837	}
2838	case CTL_DUMP_STRUCTS: {
2839		int i, j, k;
2840		struct ctl_port *port;
2841		struct ctl_frontend *fe;
2842
2843		mtx_lock(&softc->ctl_lock);
2844		printf("CTL Persistent Reservation information start:\n");
2845		for (i = 0; i < CTL_MAX_LUNS; i++) {
2846			lun = softc->ctl_luns[i];
2847
2848			if ((lun == NULL)
2849			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2850				continue;
2851
2852			for (j = 0; j < CTL_MAX_PORTS; j++) {
2853				if (lun->pr_keys[j] == NULL)
2854					continue;
2855				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2856					if (lun->pr_keys[j][k] == 0)
2857						continue;
2858					printf("  LUN %d port %d iid %d key "
2859					       "%#jx\n", i, j, k,
2860					       (uintmax_t)lun->pr_keys[j][k]);
2861				}
2862			}
2863		}
2864		printf("CTL Persistent Reservation information end\n");
2865		printf("CTL Ports:\n");
2866		STAILQ_FOREACH(port, &softc->port_list, links) {
2867			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2868			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2869			       port->frontend->name, port->port_type,
2870			       port->physical_port, port->virtual_port,
2871			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2872			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2873				if (port->wwpn_iid[j].in_use == 0 &&
2874				    port->wwpn_iid[j].wwpn == 0 &&
2875				    port->wwpn_iid[j].name == NULL)
2876					continue;
2877
2878				printf("    iid %u use %d WWPN %#jx '%s'\n",
2879				    j, port->wwpn_iid[j].in_use,
2880				    (uintmax_t)port->wwpn_iid[j].wwpn,
2881				    port->wwpn_iid[j].name);
2882			}
2883		}
2884		printf("CTL Port information end\n");
2885		mtx_unlock(&softc->ctl_lock);
2886		/*
2887		 * XXX KDM calling this without a lock.  We'd likely want
2888		 * to drop the lock before calling the frontend's dump
2889		 * routine anyway.
2890		 */
2891		printf("CTL Frontends:\n");
2892		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2893			printf("  Frontend '%s'\n", fe->name);
2894			if (fe->fe_dump != NULL)
2895				fe->fe_dump();
2896		}
2897		printf("CTL Frontend information end\n");
2898		break;
2899	}
2900	case CTL_LUN_REQ: {
2901		struct ctl_lun_req *lun_req;
2902		struct ctl_backend_driver *backend;
2903
2904		lun_req = (struct ctl_lun_req *)addr;
2905
2906		backend = ctl_backend_find(lun_req->backend);
2907		if (backend == NULL) {
2908			lun_req->status = CTL_LUN_ERROR;
2909			snprintf(lun_req->error_str,
2910				 sizeof(lun_req->error_str),
2911				 "Backend \"%s\" not found.",
2912				 lun_req->backend);
2913			break;
2914		}
2915		if (lun_req->num_be_args > 0) {
2916			lun_req->kern_be_args = ctl_copyin_args(
2917				lun_req->num_be_args,
2918				lun_req->be_args,
2919				lun_req->error_str,
2920				sizeof(lun_req->error_str));
2921			if (lun_req->kern_be_args == NULL) {
2922				lun_req->status = CTL_LUN_ERROR;
2923				break;
2924			}
2925		}
2926
2927		retval = backend->ioctl(dev, cmd, addr, flag, td);
2928
2929		if (lun_req->num_be_args > 0) {
2930			ctl_copyout_args(lun_req->num_be_args,
2931				      lun_req->kern_be_args);
2932			ctl_free_args(lun_req->num_be_args,
2933				      lun_req->kern_be_args);
2934		}
2935		break;
2936	}
2937	case CTL_LUN_LIST: {
2938		struct sbuf *sb;
2939		struct ctl_lun_list *list;
2940		struct ctl_option *opt;
2941
2942		list = (struct ctl_lun_list *)addr;
2943
2944		/*
2945		 * Allocate a fixed length sbuf here, based on the length
2946		 * of the user's buffer.  We could allocate an auto-extending
2947		 * buffer, and then tell the user how much larger our
2948		 * amount of data is than his buffer, but that presents
2949		 * some problems:
2950		 *
2951		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2952		 *     we can't hold a lock while calling them with an
2953		 *     auto-extending buffer.
2954 		 *
2955		 * 2.  There is not currently a LUN reference counting
2956		 *     mechanism, outside of outstanding transactions on
2957		 *     the LUN's OOA queue.  So a LUN could go away on us
2958		 *     while we're getting the LUN number, backend-specific
2959		 *     information, etc.  Thus, given the way things
2960		 *     currently work, we need to hold the CTL lock while
2961		 *     grabbing LUN information.
2962		 *
2963		 * So, from the user's standpoint, the best thing to do is
2964		 * allocate what he thinks is a reasonable buffer length,
2965		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2966		 * double the buffer length and try again.  (And repeat
2967		 * that until he succeeds.)
2968		 */
2969		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2970		if (sb == NULL) {
2971			list->status = CTL_LUN_LIST_ERROR;
2972			snprintf(list->error_str, sizeof(list->error_str),
2973				 "Unable to allocate %d bytes for LUN list",
2974				 list->alloc_len);
2975			break;
2976		}
2977
2978		sbuf_printf(sb, "<ctllunlist>\n");
2979
2980		mtx_lock(&softc->ctl_lock);
2981		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2982			mtx_lock(&lun->lun_lock);
2983			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2984					     (uintmax_t)lun->lun);
2985
2986			/*
2987			 * Bail out as soon as we see that we've overfilled
2988			 * the buffer.
2989			 */
2990			if (retval != 0)
2991				break;
2992
2993			retval = sbuf_printf(sb, "\t<backend_type>%s"
2994					     "</backend_type>\n",
2995					     (lun->backend == NULL) ?  "none" :
2996					     lun->backend->name);
2997
2998			if (retval != 0)
2999				break;
3000
3001			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3002					     lun->be_lun->lun_type);
3003
3004			if (retval != 0)
3005				break;
3006
3007			if (lun->backend == NULL) {
3008				retval = sbuf_printf(sb, "</lun>\n");
3009				if (retval != 0)
3010					break;
3011				continue;
3012			}
3013
3014			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3015					     (lun->be_lun->maxlba > 0) ?
3016					     lun->be_lun->maxlba + 1 : 0);
3017
3018			if (retval != 0)
3019				break;
3020
3021			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3022					     lun->be_lun->blocksize);
3023
3024			if (retval != 0)
3025				break;
3026
3027			retval = sbuf_printf(sb, "\t<serial_number>");
3028
3029			if (retval != 0)
3030				break;
3031
3032			retval = ctl_sbuf_printf_esc(sb,
3033			    lun->be_lun->serial_num,
3034			    sizeof(lun->be_lun->serial_num));
3035
3036			if (retval != 0)
3037				break;
3038
3039			retval = sbuf_printf(sb, "</serial_number>\n");
3040
3041			if (retval != 0)
3042				break;
3043
3044			retval = sbuf_printf(sb, "\t<device_id>");
3045
3046			if (retval != 0)
3047				break;
3048
3049			retval = ctl_sbuf_printf_esc(sb,
3050			    lun->be_lun->device_id,
3051			    sizeof(lun->be_lun->device_id));
3052
3053			if (retval != 0)
3054				break;
3055
3056			retval = sbuf_printf(sb, "</device_id>\n");
3057
3058			if (retval != 0)
3059				break;
3060
3061			if (lun->backend->lun_info != NULL) {
3062				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3063				if (retval != 0)
3064					break;
3065			}
3066			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3067				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3068				    opt->name, opt->value, opt->name);
3069				if (retval != 0)
3070					break;
3071			}
3072
3073			retval = sbuf_printf(sb, "</lun>\n");
3074
3075			if (retval != 0)
3076				break;
3077			mtx_unlock(&lun->lun_lock);
3078		}
3079		if (lun != NULL)
3080			mtx_unlock(&lun->lun_lock);
3081		mtx_unlock(&softc->ctl_lock);
3082
3083		if ((retval != 0)
3084		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3085			retval = 0;
3086			sbuf_delete(sb);
3087			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3088			snprintf(list->error_str, sizeof(list->error_str),
3089				 "Out of space, %d bytes is too small",
3090				 list->alloc_len);
3091			break;
3092		}
3093
3094		sbuf_finish(sb);
3095
3096		retval = copyout(sbuf_data(sb), list->lun_xml,
3097				 sbuf_len(sb) + 1);
3098
3099		list->fill_len = sbuf_len(sb) + 1;
3100		list->status = CTL_LUN_LIST_OK;
3101		sbuf_delete(sb);
3102		break;
3103	}
3104	case CTL_ISCSI: {
3105		struct ctl_iscsi *ci;
3106		struct ctl_frontend *fe;
3107
3108		ci = (struct ctl_iscsi *)addr;
3109
3110		fe = ctl_frontend_find("iscsi");
3111		if (fe == NULL) {
3112			ci->status = CTL_ISCSI_ERROR;
3113			snprintf(ci->error_str, sizeof(ci->error_str),
3114			    "Frontend \"iscsi\" not found.");
3115			break;
3116		}
3117
3118		retval = fe->ioctl(dev, cmd, addr, flag, td);
3119		break;
3120	}
3121	case CTL_PORT_REQ: {
3122		struct ctl_req *req;
3123		struct ctl_frontend *fe;
3124
3125		req = (struct ctl_req *)addr;
3126
3127		fe = ctl_frontend_find(req->driver);
3128		if (fe == NULL) {
3129			req->status = CTL_LUN_ERROR;
3130			snprintf(req->error_str, sizeof(req->error_str),
3131			    "Frontend \"%s\" not found.", req->driver);
3132			break;
3133		}
3134		if (req->num_args > 0) {
3135			req->kern_args = ctl_copyin_args(req->num_args,
3136			    req->args, req->error_str, sizeof(req->error_str));
3137			if (req->kern_args == NULL) {
3138				req->status = CTL_LUN_ERROR;
3139				break;
3140			}
3141		}
3142
3143		if (fe->ioctl)
3144			retval = fe->ioctl(dev, cmd, addr, flag, td);
3145		else
3146			retval = ENODEV;
3147
3148		if (req->num_args > 0) {
3149			ctl_copyout_args(req->num_args, req->kern_args);
3150			ctl_free_args(req->num_args, req->kern_args);
3151		}
3152		break;
3153	}
3154	case CTL_PORT_LIST: {
3155		struct sbuf *sb;
3156		struct ctl_port *port;
3157		struct ctl_lun_list *list;
3158		struct ctl_option *opt;
3159		int j;
3160		uint32_t plun;
3161
3162		list = (struct ctl_lun_list *)addr;
3163
3164		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3165		if (sb == NULL) {
3166			list->status = CTL_LUN_LIST_ERROR;
3167			snprintf(list->error_str, sizeof(list->error_str),
3168				 "Unable to allocate %d bytes for LUN list",
3169				 list->alloc_len);
3170			break;
3171		}
3172
3173		sbuf_printf(sb, "<ctlportlist>\n");
3174
3175		mtx_lock(&softc->ctl_lock);
3176		STAILQ_FOREACH(port, &softc->port_list, links) {
3177			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3178					     (uintmax_t)port->targ_port);
3179
3180			/*
3181			 * Bail out as soon as we see that we've overfilled
3182			 * the buffer.
3183			 */
3184			if (retval != 0)
3185				break;
3186
3187			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3188			    "</frontend_type>\n", port->frontend->name);
3189			if (retval != 0)
3190				break;
3191
3192			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3193					     port->port_type);
3194			if (retval != 0)
3195				break;
3196
3197			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3198			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3199			if (retval != 0)
3200				break;
3201
3202			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3203			    port->port_name);
3204			if (retval != 0)
3205				break;
3206
3207			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3208			    port->physical_port);
3209			if (retval != 0)
3210				break;
3211
3212			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3213			    port->virtual_port);
3214			if (retval != 0)
3215				break;
3216
3217			if (port->target_devid != NULL) {
3218				sbuf_printf(sb, "\t<target>");
3219				ctl_id_sbuf(port->target_devid, sb);
3220				sbuf_printf(sb, "</target>\n");
3221			}
3222
3223			if (port->port_devid != NULL) {
3224				sbuf_printf(sb, "\t<port>");
3225				ctl_id_sbuf(port->port_devid, sb);
3226				sbuf_printf(sb, "</port>\n");
3227			}
3228
3229			if (port->port_info != NULL) {
3230				retval = port->port_info(port->onoff_arg, sb);
3231				if (retval != 0)
3232					break;
3233			}
3234			STAILQ_FOREACH(opt, &port->options, links) {
3235				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3236				    opt->name, opt->value, opt->name);
3237				if (retval != 0)
3238					break;
3239			}
3240
3241			if (port->lun_map != NULL) {
3242				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3243				for (j = 0; j < CTL_MAX_LUNS; j++) {
3244					plun = ctl_lun_map_from_port(port, j);
3245					if (plun >= CTL_MAX_LUNS)
3246						continue;
3247					sbuf_printf(sb,
3248					    "\t<lun id=\"%u\">%u</lun>\n",
3249					    j, plun);
3250				}
3251			}
3252
3253			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3254				if (port->wwpn_iid[j].in_use == 0 ||
3255				    (port->wwpn_iid[j].wwpn == 0 &&
3256				     port->wwpn_iid[j].name == NULL))
3257					continue;
3258
3259				if (port->wwpn_iid[j].name != NULL)
3260					retval = sbuf_printf(sb,
3261					    "\t<initiator id=\"%u\">%s</initiator>\n",
3262					    j, port->wwpn_iid[j].name);
3263				else
3264					retval = sbuf_printf(sb,
3265					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3266					    j, port->wwpn_iid[j].wwpn);
3267				if (retval != 0)
3268					break;
3269			}
3270			if (retval != 0)
3271				break;
3272
3273			retval = sbuf_printf(sb, "</targ_port>\n");
3274			if (retval != 0)
3275				break;
3276		}
3277		mtx_unlock(&softc->ctl_lock);
3278
3279		if ((retval != 0)
3280		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3281			retval = 0;
3282			sbuf_delete(sb);
3283			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3284			snprintf(list->error_str, sizeof(list->error_str),
3285				 "Out of space, %d bytes is too small",
3286				 list->alloc_len);
3287			break;
3288		}
3289
3290		sbuf_finish(sb);
3291
3292		retval = copyout(sbuf_data(sb), list->lun_xml,
3293				 sbuf_len(sb) + 1);
3294
3295		list->fill_len = sbuf_len(sb) + 1;
3296		list->status = CTL_LUN_LIST_OK;
3297		sbuf_delete(sb);
3298		break;
3299	}
3300	case CTL_LUN_MAP: {
3301		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3302		struct ctl_port *port;
3303
3304		mtx_lock(&softc->ctl_lock);
3305		if (lm->port < softc->port_min ||
3306		    lm->port >= softc->port_max ||
3307		    (port = softc->ctl_ports[lm->port]) == NULL) {
3308			mtx_unlock(&softc->ctl_lock);
3309			return (ENXIO);
3310		}
3311		if (port->status & CTL_PORT_STATUS_ONLINE) {
3312			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3313				if (ctl_lun_map_to_port(port, lun->lun) >=
3314				    CTL_MAX_LUNS)
3315					continue;
3316				mtx_lock(&lun->lun_lock);
3317				ctl_est_ua_port(lun, lm->port, -1,
3318				    CTL_UA_LUN_CHANGE);
3319				mtx_unlock(&lun->lun_lock);
3320			}
3321		}
3322		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3323		if (lm->plun < CTL_MAX_LUNS) {
3324			if (lm->lun == UINT32_MAX)
3325				retval = ctl_lun_map_unset(port, lm->plun);
3326			else if (lm->lun < CTL_MAX_LUNS &&
3327			    softc->ctl_luns[lm->lun] != NULL)
3328				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3329			else
3330				return (ENXIO);
3331		} else if (lm->plun == UINT32_MAX) {
3332			if (lm->lun == UINT32_MAX)
3333				retval = ctl_lun_map_deinit(port);
3334			else
3335				retval = ctl_lun_map_init(port);
3336		} else
3337			return (ENXIO);
3338		if (port->status & CTL_PORT_STATUS_ONLINE)
3339			ctl_isc_announce_port(port);
3340		break;
3341	}
3342	default: {
3343		/* XXX KDM should we fix this? */
3344#if 0
3345		struct ctl_backend_driver *backend;
3346		unsigned int type;
3347		int found;
3348
3349		found = 0;
3350
3351		/*
3352		 * We encode the backend type as the ioctl type for backend
3353		 * ioctls.  So parse it out here, and then search for a
3354		 * backend of this type.
3355		 */
3356		type = _IOC_TYPE(cmd);
3357
3358		STAILQ_FOREACH(backend, &softc->be_list, links) {
3359			if (backend->type == type) {
3360				found = 1;
3361				break;
3362			}
3363		}
3364		if (found == 0) {
3365			printf("ctl: unknown ioctl command %#lx or backend "
3366			       "%d\n", cmd, type);
3367			retval = EINVAL;
3368			break;
3369		}
3370		retval = backend->ioctl(dev, cmd, addr, flag, td);
3371#endif
3372		retval = ENOTTY;
3373		break;
3374	}
3375	}
3376	return (retval);
3377}
3378
3379uint32_t
3380ctl_get_initindex(struct ctl_nexus *nexus)
3381{
3382	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3383}
3384
3385int
3386ctl_lun_map_init(struct ctl_port *port)
3387{
3388	struct ctl_softc *softc = port->ctl_softc;
3389	struct ctl_lun *lun;
3390	uint32_t i;
3391
3392	if (port->lun_map == NULL)
3393		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3394		    M_CTL, M_NOWAIT);
3395	if (port->lun_map == NULL)
3396		return (ENOMEM);
3397	for (i = 0; i < CTL_MAX_LUNS; i++)
3398		port->lun_map[i] = UINT32_MAX;
3399	if (port->status & CTL_PORT_STATUS_ONLINE) {
3400		if (port->lun_disable != NULL) {
3401			STAILQ_FOREACH(lun, &softc->lun_list, links)
3402				port->lun_disable(port->targ_lun_arg, lun->lun);
3403		}
3404		ctl_isc_announce_port(port);
3405	}
3406	return (0);
3407}
3408
3409int
3410ctl_lun_map_deinit(struct ctl_port *port)
3411{
3412	struct ctl_softc *softc = port->ctl_softc;
3413	struct ctl_lun *lun;
3414
3415	if (port->lun_map == NULL)
3416		return (0);
3417	free(port->lun_map, M_CTL);
3418	port->lun_map = NULL;
3419	if (port->status & CTL_PORT_STATUS_ONLINE) {
3420		if (port->lun_enable != NULL) {
3421			STAILQ_FOREACH(lun, &softc->lun_list, links)
3422				port->lun_enable(port->targ_lun_arg, lun->lun);
3423		}
3424		ctl_isc_announce_port(port);
3425	}
3426	return (0);
3427}
3428
3429int
3430ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3431{
3432	int status;
3433	uint32_t old;
3434
3435	if (port->lun_map == NULL) {
3436		status = ctl_lun_map_init(port);
3437		if (status != 0)
3438			return (status);
3439	}
3440	old = port->lun_map[plun];
3441	port->lun_map[plun] = glun;
3442	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3443		if (port->lun_enable != NULL)
3444			port->lun_enable(port->targ_lun_arg, plun);
3445		ctl_isc_announce_port(port);
3446	}
3447	return (0);
3448}
3449
3450int
3451ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3452{
3453	uint32_t old;
3454
3455	if (port->lun_map == NULL)
3456		return (0);
3457	old = port->lun_map[plun];
3458	port->lun_map[plun] = UINT32_MAX;
3459	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3460		if (port->lun_disable != NULL)
3461			port->lun_disable(port->targ_lun_arg, plun);
3462		ctl_isc_announce_port(port);
3463	}
3464	return (0);
3465}
3466
3467uint32_t
3468ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3469{
3470
3471	if (port == NULL)
3472		return (UINT32_MAX);
3473	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3474		return (lun_id);
3475	return (port->lun_map[lun_id]);
3476}
3477
3478uint32_t
3479ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3480{
3481	uint32_t i;
3482
3483	if (port == NULL)
3484		return (UINT32_MAX);
3485	if (port->lun_map == NULL)
3486		return (lun_id);
3487	for (i = 0; i < CTL_MAX_LUNS; i++) {
3488		if (port->lun_map[i] == lun_id)
3489			return (i);
3490	}
3491	return (UINT32_MAX);
3492}
3493
3494static struct ctl_port *
3495ctl_io_port(struct ctl_io_hdr *io_hdr)
3496{
3497
3498	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3499}
3500
3501int
3502ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3503{
3504	int i;
3505
3506	for (i = first; i < last; i++) {
3507		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3508			return (i);
3509	}
3510	return (-1);
3511}
3512
3513int
3514ctl_set_mask(uint32_t *mask, uint32_t bit)
3515{
3516	uint32_t chunk, piece;
3517
3518	chunk = bit >> 5;
3519	piece = bit % (sizeof(uint32_t) * 8);
3520
3521	if ((mask[chunk] & (1 << piece)) != 0)
3522		return (-1);
3523	else
3524		mask[chunk] |= (1 << piece);
3525
3526	return (0);
3527}
3528
3529int
3530ctl_clear_mask(uint32_t *mask, uint32_t bit)
3531{
3532	uint32_t chunk, piece;
3533
3534	chunk = bit >> 5;
3535	piece = bit % (sizeof(uint32_t) * 8);
3536
3537	if ((mask[chunk] & (1 << piece)) == 0)
3538		return (-1);
3539	else
3540		mask[chunk] &= ~(1 << piece);
3541
3542	return (0);
3543}
3544
3545int
3546ctl_is_set(uint32_t *mask, uint32_t bit)
3547{
3548	uint32_t chunk, piece;
3549
3550	chunk = bit >> 5;
3551	piece = bit % (sizeof(uint32_t) * 8);
3552
3553	if ((mask[chunk] & (1 << piece)) == 0)
3554		return (0);
3555	else
3556		return (1);
3557}
3558
3559static uint64_t
3560ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3561{
3562	uint64_t *t;
3563
3564	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3565	if (t == NULL)
3566		return (0);
3567	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3568}
3569
3570static void
3571ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3572{
3573	uint64_t *t;
3574
3575	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3576	if (t == NULL)
3577		return;
3578	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3579}
3580
3581static void
3582ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3583{
3584	uint64_t *p;
3585	u_int i;
3586
3587	i = residx/CTL_MAX_INIT_PER_PORT;
3588	if (lun->pr_keys[i] != NULL)
3589		return;
3590	mtx_unlock(&lun->lun_lock);
3591	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3592	    M_WAITOK | M_ZERO);
3593	mtx_lock(&lun->lun_lock);
3594	if (lun->pr_keys[i] == NULL)
3595		lun->pr_keys[i] = p;
3596	else
3597		free(p, M_CTL);
3598}
3599
3600static void
3601ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3602{
3603	uint64_t *t;
3604
3605	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3606	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3607	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3608}
3609
3610/*
3611 * ctl_softc, pool_name, total_ctl_io are passed in.
3612 * npool is passed out.
3613 */
3614int
3615ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3616		uint32_t total_ctl_io, void **npool)
3617{
3618#ifdef IO_POOLS
3619	struct ctl_io_pool *pool;
3620
3621	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3622					    M_NOWAIT | M_ZERO);
3623	if (pool == NULL)
3624		return (ENOMEM);
3625
3626	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3627	pool->ctl_softc = ctl_softc;
3628	pool->zone = uma_zsecond_create(pool->name, NULL,
3629	    NULL, NULL, NULL, ctl_softc->io_zone);
3630	/* uma_prealloc(pool->zone, total_ctl_io); */
3631
3632	*npool = pool;
3633#else
3634	*npool = ctl_softc->io_zone;
3635#endif
3636	return (0);
3637}
3638
3639void
3640ctl_pool_free(struct ctl_io_pool *pool)
3641{
3642
3643	if (pool == NULL)
3644		return;
3645
3646#ifdef IO_POOLS
3647	uma_zdestroy(pool->zone);
3648	free(pool, M_CTL);
3649#endif
3650}
3651
3652union ctl_io *
3653ctl_alloc_io(void *pool_ref)
3654{
3655	union ctl_io *io;
3656#ifdef IO_POOLS
3657	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3658
3659	io = uma_zalloc(pool->zone, M_WAITOK);
3660#else
3661	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3662#endif
3663	if (io != NULL)
3664		io->io_hdr.pool = pool_ref;
3665	return (io);
3666}
3667
3668union ctl_io *
3669ctl_alloc_io_nowait(void *pool_ref)
3670{
3671	union ctl_io *io;
3672#ifdef IO_POOLS
3673	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3674
3675	io = uma_zalloc(pool->zone, M_NOWAIT);
3676#else
3677	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3678#endif
3679	if (io != NULL)
3680		io->io_hdr.pool = pool_ref;
3681	return (io);
3682}
3683
3684void
3685ctl_free_io(union ctl_io *io)
3686{
3687#ifdef IO_POOLS
3688	struct ctl_io_pool *pool;
3689#endif
3690
3691	if (io == NULL)
3692		return;
3693
3694#ifdef IO_POOLS
3695	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3696	uma_zfree(pool->zone, io);
3697#else
3698	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3699#endif
3700}
3701
3702void
3703ctl_zero_io(union ctl_io *io)
3704{
3705	void *pool_ref;
3706
3707	if (io == NULL)
3708		return;
3709
3710	/*
3711	 * May need to preserve linked list pointers at some point too.
3712	 */
3713	pool_ref = io->io_hdr.pool;
3714	memset(io, 0, sizeof(*io));
3715	io->io_hdr.pool = pool_ref;
3716}
3717
3718/*
3719 * This routine is currently used for internal copies of ctl_ios that need
3720 * to persist for some reason after we've already returned status to the
3721 * FETD.  (Thus the flag set.)
3722 *
3723 * XXX XXX
3724 * Note that this makes a blind copy of all fields in the ctl_io, except
3725 * for the pool reference.  This includes any memory that has been
3726 * allocated!  That memory will no longer be valid after done has been
3727 * called, so this would be VERY DANGEROUS for command that actually does
3728 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3729 * start and stop commands, which don't transfer any data, so this is not a
3730 * problem.  If it is used for anything else, the caller would also need to
3731 * allocate data buffer space and this routine would need to be modified to
3732 * copy the data buffer(s) as well.
3733 */
3734void
3735ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3736{
3737	void *pool_ref;
3738
3739	if ((src == NULL)
3740	 || (dest == NULL))
3741		return;
3742
3743	/*
3744	 * May need to preserve linked list pointers at some point too.
3745	 */
3746	pool_ref = dest->io_hdr.pool;
3747
3748	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3749
3750	dest->io_hdr.pool = pool_ref;
3751	/*
3752	 * We need to know that this is an internal copy, and doesn't need
3753	 * to get passed back to the FETD that allocated it.
3754	 */
3755	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3756}
3757
3758int
3759ctl_expand_number(const char *buf, uint64_t *num)
3760{
3761	char *endptr;
3762	uint64_t number;
3763	unsigned shift;
3764
3765	number = strtoq(buf, &endptr, 0);
3766
3767	switch (tolower((unsigned char)*endptr)) {
3768	case 'e':
3769		shift = 60;
3770		break;
3771	case 'p':
3772		shift = 50;
3773		break;
3774	case 't':
3775		shift = 40;
3776		break;
3777	case 'g':
3778		shift = 30;
3779		break;
3780	case 'm':
3781		shift = 20;
3782		break;
3783	case 'k':
3784		shift = 10;
3785		break;
3786	case 'b':
3787	case '\0': /* No unit. */
3788		*num = number;
3789		return (0);
3790	default:
3791		/* Unrecognized unit. */
3792		return (-1);
3793	}
3794
3795	if ((number << shift) >> shift != number) {
3796		/* Overflow */
3797		return (-1);
3798	}
3799	*num = number << shift;
3800	return (0);
3801}
3802
3803
3804/*
3805 * This routine could be used in the future to load default and/or saved
3806 * mode page parameters for a particuar lun.
3807 */
3808static int
3809ctl_init_page_index(struct ctl_lun *lun)
3810{
3811	int i;
3812	struct ctl_page_index *page_index;
3813	const char *value;
3814	uint64_t ival;
3815
3816	memcpy(&lun->mode_pages.index, page_index_template,
3817	       sizeof(page_index_template));
3818
3819	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3820
3821		page_index = &lun->mode_pages.index[i];
3822		if (lun->be_lun->lun_type != T_DIRECT &&
3823		    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3824			continue;
3825
3826		switch (page_index->page_code & SMPH_PC_MASK) {
3827		case SMS_RW_ERROR_RECOVERY_PAGE: {
3828			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3829				panic("subpage is incorrect!");
3830			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3831			       &rw_er_page_default,
3832			       sizeof(rw_er_page_default));
3833			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3834			       &rw_er_page_changeable,
3835			       sizeof(rw_er_page_changeable));
3836			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3837			       &rw_er_page_default,
3838			       sizeof(rw_er_page_default));
3839			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3840			       &rw_er_page_default,
3841			       sizeof(rw_er_page_default));
3842			page_index->page_data =
3843				(uint8_t *)lun->mode_pages.rw_er_page;
3844			break;
3845		}
3846		case SMS_FORMAT_DEVICE_PAGE: {
3847			struct scsi_format_page *format_page;
3848
3849			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3850				panic("subpage is incorrect!");
3851
3852			/*
3853			 * Sectors per track are set above.  Bytes per
3854			 * sector need to be set here on a per-LUN basis.
3855			 */
3856			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3857			       &format_page_default,
3858			       sizeof(format_page_default));
3859			memcpy(&lun->mode_pages.format_page[
3860			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3861			       sizeof(format_page_changeable));
3862			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3863			       &format_page_default,
3864			       sizeof(format_page_default));
3865			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3866			       &format_page_default,
3867			       sizeof(format_page_default));
3868
3869			format_page = &lun->mode_pages.format_page[
3870				CTL_PAGE_CURRENT];
3871			scsi_ulto2b(lun->be_lun->blocksize,
3872				    format_page->bytes_per_sector);
3873
3874			format_page = &lun->mode_pages.format_page[
3875				CTL_PAGE_DEFAULT];
3876			scsi_ulto2b(lun->be_lun->blocksize,
3877				    format_page->bytes_per_sector);
3878
3879			format_page = &lun->mode_pages.format_page[
3880				CTL_PAGE_SAVED];
3881			scsi_ulto2b(lun->be_lun->blocksize,
3882				    format_page->bytes_per_sector);
3883
3884			page_index->page_data =
3885				(uint8_t *)lun->mode_pages.format_page;
3886			break;
3887		}
3888		case SMS_RIGID_DISK_PAGE: {
3889			struct scsi_rigid_disk_page *rigid_disk_page;
3890			uint32_t sectors_per_cylinder;
3891			uint64_t cylinders;
3892#ifndef	__XSCALE__
3893			int shift;
3894#endif /* !__XSCALE__ */
3895
3896			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3897				panic("invalid subpage value %d",
3898				      page_index->subpage);
3899
3900			/*
3901			 * Rotation rate and sectors per track are set
3902			 * above.  We calculate the cylinders here based on
3903			 * capacity.  Due to the number of heads and
3904			 * sectors per track we're using, smaller arrays
3905			 * may turn out to have 0 cylinders.  Linux and
3906			 * FreeBSD don't pay attention to these mode pages
3907			 * to figure out capacity, but Solaris does.  It
3908			 * seems to deal with 0 cylinders just fine, and
3909			 * works out a fake geometry based on the capacity.
3910			 */
3911			memcpy(&lun->mode_pages.rigid_disk_page[
3912			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3913			       sizeof(rigid_disk_page_default));
3914			memcpy(&lun->mode_pages.rigid_disk_page[
3915			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3916			       sizeof(rigid_disk_page_changeable));
3917
3918			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3919				CTL_DEFAULT_HEADS;
3920
3921			/*
3922			 * The divide method here will be more accurate,
3923			 * probably, but results in floating point being
3924			 * used in the kernel on i386 (__udivdi3()).  On the
3925			 * XScale, though, __udivdi3() is implemented in
3926			 * software.
3927			 *
3928			 * The shift method for cylinder calculation is
3929			 * accurate if sectors_per_cylinder is a power of
3930			 * 2.  Otherwise it might be slightly off -- you
3931			 * might have a bit of a truncation problem.
3932			 */
3933#ifdef	__XSCALE__
3934			cylinders = (lun->be_lun->maxlba + 1) /
3935				sectors_per_cylinder;
3936#else
3937			for (shift = 31; shift > 0; shift--) {
3938				if (sectors_per_cylinder & (1 << shift))
3939					break;
3940			}
3941			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3942#endif
3943
3944			/*
3945			 * We've basically got 3 bytes, or 24 bits for the
3946			 * cylinder size in the mode page.  If we're over,
3947			 * just round down to 2^24.
3948			 */
3949			if (cylinders > 0xffffff)
3950				cylinders = 0xffffff;
3951
3952			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3953				CTL_PAGE_DEFAULT];
3954			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3955
3956			if ((value = ctl_get_opt(&lun->be_lun->options,
3957			    "rpm")) != NULL) {
3958				scsi_ulto2b(strtol(value, NULL, 0),
3959				     rigid_disk_page->rotation_rate);
3960			}
3961
3962			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3963			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3964			       sizeof(rigid_disk_page_default));
3965			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3966			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3967			       sizeof(rigid_disk_page_default));
3968
3969			page_index->page_data =
3970				(uint8_t *)lun->mode_pages.rigid_disk_page;
3971			break;
3972		}
3973		case SMS_CACHING_PAGE: {
3974			struct scsi_caching_page *caching_page;
3975
3976			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3977				panic("invalid subpage value %d",
3978				      page_index->subpage);
3979			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3980			       &caching_page_default,
3981			       sizeof(caching_page_default));
3982			memcpy(&lun->mode_pages.caching_page[
3983			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3984			       sizeof(caching_page_changeable));
3985			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3986			       &caching_page_default,
3987			       sizeof(caching_page_default));
3988			caching_page = &lun->mode_pages.caching_page[
3989			    CTL_PAGE_SAVED];
3990			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3991			if (value != NULL && strcmp(value, "off") == 0)
3992				caching_page->flags1 &= ~SCP_WCE;
3993			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3994			if (value != NULL && strcmp(value, "off") == 0)
3995				caching_page->flags1 |= SCP_RCD;
3996			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3997			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3998			       sizeof(caching_page_default));
3999			page_index->page_data =
4000				(uint8_t *)lun->mode_pages.caching_page;
4001			break;
4002		}
4003		case SMS_CONTROL_MODE_PAGE: {
4004			switch (page_index->subpage) {
4005			case SMS_SUBPAGE_PAGE_0: {
4006				struct scsi_control_page *control_page;
4007
4008				memcpy(&lun->mode_pages.control_page[
4009				    CTL_PAGE_DEFAULT],
4010				       &control_page_default,
4011				       sizeof(control_page_default));
4012				memcpy(&lun->mode_pages.control_page[
4013				    CTL_PAGE_CHANGEABLE],
4014				       &control_page_changeable,
4015				       sizeof(control_page_changeable));
4016				memcpy(&lun->mode_pages.control_page[
4017				    CTL_PAGE_SAVED],
4018				       &control_page_default,
4019				       sizeof(control_page_default));
4020				control_page = &lun->mode_pages.control_page[
4021				    CTL_PAGE_SAVED];
4022				value = ctl_get_opt(&lun->be_lun->options,
4023				    "reordering");
4024				if (value != NULL &&
4025				    strcmp(value, "unrestricted") == 0) {
4026					control_page->queue_flags &=
4027					    ~SCP_QUEUE_ALG_MASK;
4028					control_page->queue_flags |=
4029					    SCP_QUEUE_ALG_UNRESTRICTED;
4030				}
4031				memcpy(&lun->mode_pages.control_page[
4032				    CTL_PAGE_CURRENT],
4033				       &lun->mode_pages.control_page[
4034				    CTL_PAGE_SAVED],
4035				       sizeof(control_page_default));
4036				page_index->page_data =
4037				    (uint8_t *)lun->mode_pages.control_page;
4038				break;
4039			}
4040			case 0x01:
4041				memcpy(&lun->mode_pages.control_ext_page[
4042				    CTL_PAGE_DEFAULT],
4043				       &control_ext_page_default,
4044				       sizeof(control_ext_page_default));
4045				memcpy(&lun->mode_pages.control_ext_page[
4046				    CTL_PAGE_CHANGEABLE],
4047				       &control_ext_page_changeable,
4048				       sizeof(control_ext_page_changeable));
4049				memcpy(&lun->mode_pages.control_ext_page[
4050				    CTL_PAGE_SAVED],
4051				       &control_ext_page_default,
4052				       sizeof(control_ext_page_default));
4053				memcpy(&lun->mode_pages.control_ext_page[
4054				    CTL_PAGE_CURRENT],
4055				       &lun->mode_pages.control_ext_page[
4056				    CTL_PAGE_SAVED],
4057				       sizeof(control_ext_page_default));
4058				page_index->page_data =
4059				    (uint8_t *)lun->mode_pages.control_ext_page;
4060				break;
4061			}
4062			break;
4063		}
4064		case SMS_INFO_EXCEPTIONS_PAGE: {
4065			switch (page_index->subpage) {
4066			case SMS_SUBPAGE_PAGE_0:
4067				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4068				       &ie_page_default,
4069				       sizeof(ie_page_default));
4070				memcpy(&lun->mode_pages.ie_page[
4071				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4072				       sizeof(ie_page_changeable));
4073				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4074				       &ie_page_default,
4075				       sizeof(ie_page_default));
4076				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4077				       &ie_page_default,
4078				       sizeof(ie_page_default));
4079				page_index->page_data =
4080					(uint8_t *)lun->mode_pages.ie_page;
4081				break;
4082			case 0x02: {
4083				struct ctl_logical_block_provisioning_page *page;
4084
4085				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4086				       &lbp_page_default,
4087				       sizeof(lbp_page_default));
4088				memcpy(&lun->mode_pages.lbp_page[
4089				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4090				       sizeof(lbp_page_changeable));
4091				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4092				       &lbp_page_default,
4093				       sizeof(lbp_page_default));
4094				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4095				value = ctl_get_opt(&lun->be_lun->options,
4096				    "avail-threshold");
4097				if (value != NULL &&
4098				    ctl_expand_number(value, &ival) == 0) {
4099					page->descr[0].flags |= SLBPPD_ENABLED |
4100					    SLBPPD_ARMING_DEC;
4101					if (lun->be_lun->blocksize)
4102						ival /= lun->be_lun->blocksize;
4103					else
4104						ival /= 512;
4105					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4106					    page->descr[0].count);
4107				}
4108				value = ctl_get_opt(&lun->be_lun->options,
4109				    "used-threshold");
4110				if (value != NULL &&
4111				    ctl_expand_number(value, &ival) == 0) {
4112					page->descr[1].flags |= SLBPPD_ENABLED |
4113					    SLBPPD_ARMING_INC;
4114					if (lun->be_lun->blocksize)
4115						ival /= lun->be_lun->blocksize;
4116					else
4117						ival /= 512;
4118					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4119					    page->descr[1].count);
4120				}
4121				value = ctl_get_opt(&lun->be_lun->options,
4122				    "pool-avail-threshold");
4123				if (value != NULL &&
4124				    ctl_expand_number(value, &ival) == 0) {
4125					page->descr[2].flags |= SLBPPD_ENABLED |
4126					    SLBPPD_ARMING_DEC;
4127					if (lun->be_lun->blocksize)
4128						ival /= lun->be_lun->blocksize;
4129					else
4130						ival /= 512;
4131					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4132					    page->descr[2].count);
4133				}
4134				value = ctl_get_opt(&lun->be_lun->options,
4135				    "pool-used-threshold");
4136				if (value != NULL &&
4137				    ctl_expand_number(value, &ival) == 0) {
4138					page->descr[3].flags |= SLBPPD_ENABLED |
4139					    SLBPPD_ARMING_INC;
4140					if (lun->be_lun->blocksize)
4141						ival /= lun->be_lun->blocksize;
4142					else
4143						ival /= 512;
4144					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4145					    page->descr[3].count);
4146				}
4147				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4148				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4149				       sizeof(lbp_page_default));
4150				page_index->page_data =
4151					(uint8_t *)lun->mode_pages.lbp_page;
4152			}}
4153			break;
4154		}
4155		case SMS_VENDOR_SPECIFIC_PAGE:{
4156			switch (page_index->subpage) {
4157			case DBGCNF_SUBPAGE_CODE: {
4158				memcpy(&lun->mode_pages.debugconf_subpage[
4159				       CTL_PAGE_CURRENT],
4160				       &debugconf_page_default,
4161				       sizeof(debugconf_page_default));
4162				memcpy(&lun->mode_pages.debugconf_subpage[
4163				       CTL_PAGE_CHANGEABLE],
4164				       &debugconf_page_changeable,
4165				       sizeof(debugconf_page_changeable));
4166				memcpy(&lun->mode_pages.debugconf_subpage[
4167				       CTL_PAGE_DEFAULT],
4168				       &debugconf_page_default,
4169				       sizeof(debugconf_page_default));
4170				memcpy(&lun->mode_pages.debugconf_subpage[
4171				       CTL_PAGE_SAVED],
4172				       &debugconf_page_default,
4173				       sizeof(debugconf_page_default));
4174				page_index->page_data =
4175				    (uint8_t *)lun->mode_pages.debugconf_subpage;
4176				break;
4177			}
4178			default:
4179				panic("invalid subpage value %d",
4180				      page_index->subpage);
4181				break;
4182			}
4183   			break;
4184		}
4185		default:
4186			panic("invalid page value %d",
4187			      page_index->page_code & SMPH_PC_MASK);
4188			break;
4189    	}
4190	}
4191
4192	return (CTL_RETVAL_COMPLETE);
4193}
4194
4195static int
4196ctl_init_log_page_index(struct ctl_lun *lun)
4197{
4198	struct ctl_page_index *page_index;
4199	int i, j, k, prev;
4200
4201	memcpy(&lun->log_pages.index, log_page_index_template,
4202	       sizeof(log_page_index_template));
4203
4204	prev = -1;
4205	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4206
4207		page_index = &lun->log_pages.index[i];
4208		if (lun->be_lun->lun_type != T_DIRECT &&
4209		    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4210			continue;
4211
4212		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4213		    lun->backend->lun_attr == NULL)
4214			continue;
4215
4216		if (page_index->page_code != prev) {
4217			lun->log_pages.pages_page[j] = page_index->page_code;
4218			prev = page_index->page_code;
4219			j++;
4220		}
4221		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4222		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4223		k++;
4224	}
4225	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4226	lun->log_pages.index[0].page_len = j;
4227	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4228	lun->log_pages.index[1].page_len = k * 2;
4229	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4230	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4231	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4232	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4233
4234	return (CTL_RETVAL_COMPLETE);
4235}
4236
4237static int
4238hex2bin(const char *str, uint8_t *buf, int buf_size)
4239{
4240	int i;
4241	u_char c;
4242
4243	memset(buf, 0, buf_size);
4244	while (isspace(str[0]))
4245		str++;
4246	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4247		str += 2;
4248	buf_size *= 2;
4249	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4250		c = str[i];
4251		if (isdigit(c))
4252			c -= '0';
4253		else if (isalpha(c))
4254			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4255		else
4256			break;
4257		if (c >= 16)
4258			break;
4259		if ((i & 1) == 0)
4260			buf[i / 2] |= (c << 4);
4261		else
4262			buf[i / 2] |= c;
4263	}
4264	return ((i + 1) / 2);
4265}
4266
4267/*
4268 * LUN allocation.
4269 *
4270 * Requirements:
4271 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4272 *   wants us to allocate the LUN and he can block.
4273 * - ctl_softc is always set
4274 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4275 *
4276 * Returns 0 for success, non-zero (errno) for failure.
4277 */
4278static int
4279ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4280	      struct ctl_be_lun *const be_lun)
4281{
4282	struct ctl_lun *nlun, *lun;
4283	struct scsi_vpd_id_descriptor *desc;
4284	struct scsi_vpd_id_t10 *t10id;
4285	const char *eui, *naa, *scsiname, *vendor;
4286	int lun_number, i, lun_malloced;
4287	int devidlen, idlen1, idlen2 = 0, len;
4288
4289	if (be_lun == NULL)
4290		return (EINVAL);
4291
4292	/*
4293	 * We currently only support Direct Access or Processor LUN types.
4294	 */
4295	switch (be_lun->lun_type) {
4296	case T_DIRECT:
4297		break;
4298	case T_PROCESSOR:
4299		break;
4300	case T_SEQUENTIAL:
4301	case T_CHANGER:
4302	default:
4303		be_lun->lun_config_status(be_lun->be_lun,
4304					  CTL_LUN_CONFIG_FAILURE);
4305		break;
4306	}
4307	if (ctl_lun == NULL) {
4308		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4309		lun_malloced = 1;
4310	} else {
4311		lun_malloced = 0;
4312		lun = ctl_lun;
4313	}
4314
4315	memset(lun, 0, sizeof(*lun));
4316	if (lun_malloced)
4317		lun->flags = CTL_LUN_MALLOCED;
4318
4319	/* Generate LUN ID. */
4320	devidlen = max(CTL_DEVID_MIN_LEN,
4321	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4322	idlen1 = sizeof(*t10id) + devidlen;
4323	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4324	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4325	if (scsiname != NULL) {
4326		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4327		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4328	}
4329	eui = ctl_get_opt(&be_lun->options, "eui");
4330	if (eui != NULL) {
4331		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4332	}
4333	naa = ctl_get_opt(&be_lun->options, "naa");
4334	if (naa != NULL) {
4335		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4336	}
4337	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4338	    M_CTL, M_WAITOK | M_ZERO);
4339	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4340	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4341	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4342	desc->length = idlen1;
4343	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4344	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4345	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4346		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4347	} else {
4348		strncpy(t10id->vendor, vendor,
4349		    min(sizeof(t10id->vendor), strlen(vendor)));
4350	}
4351	strncpy((char *)t10id->vendor_spec_id,
4352	    (char *)be_lun->device_id, devidlen);
4353	if (scsiname != NULL) {
4354		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4355		    desc->length);
4356		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4357		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4358		    SVPD_ID_TYPE_SCSI_NAME;
4359		desc->length = idlen2;
4360		strlcpy(desc->identifier, scsiname, idlen2);
4361	}
4362	if (eui != NULL) {
4363		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4364		    desc->length);
4365		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4366		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4367		    SVPD_ID_TYPE_EUI64;
4368		desc->length = hex2bin(eui, desc->identifier, 16);
4369		desc->length = desc->length > 12 ? 16 :
4370		    (desc->length > 8 ? 12 : 8);
4371		len -= 16 - desc->length;
4372	}
4373	if (naa != NULL) {
4374		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4375		    desc->length);
4376		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4377		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4378		    SVPD_ID_TYPE_NAA;
4379		desc->length = hex2bin(naa, desc->identifier, 16);
4380		desc->length = desc->length > 8 ? 16 : 8;
4381		len -= 16 - desc->length;
4382	}
4383	lun->lun_devid->len = len;
4384
4385	mtx_lock(&ctl_softc->ctl_lock);
4386	/*
4387	 * See if the caller requested a particular LUN number.  If so, see
4388	 * if it is available.  Otherwise, allocate the first available LUN.
4389	 */
4390	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4391		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4392		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4393			mtx_unlock(&ctl_softc->ctl_lock);
4394			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4395				printf("ctl: requested LUN ID %d is higher "
4396				       "than CTL_MAX_LUNS - 1 (%d)\n",
4397				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4398			} else {
4399				/*
4400				 * XXX KDM return an error, or just assign
4401				 * another LUN ID in this case??
4402				 */
4403				printf("ctl: requested LUN ID %d is already "
4404				       "in use\n", be_lun->req_lun_id);
4405			}
4406			if (lun->flags & CTL_LUN_MALLOCED)
4407				free(lun, M_CTL);
4408			be_lun->lun_config_status(be_lun->be_lun,
4409						  CTL_LUN_CONFIG_FAILURE);
4410			return (ENOSPC);
4411		}
4412		lun_number = be_lun->req_lun_id;
4413	} else {
4414		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4415		if (lun_number == -1) {
4416			mtx_unlock(&ctl_softc->ctl_lock);
4417			printf("ctl: can't allocate LUN, out of LUNs\n");
4418			if (lun->flags & CTL_LUN_MALLOCED)
4419				free(lun, M_CTL);
4420			be_lun->lun_config_status(be_lun->be_lun,
4421						  CTL_LUN_CONFIG_FAILURE);
4422			return (ENOSPC);
4423		}
4424	}
4425	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4426
4427	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4428	lun->lun = lun_number;
4429	lun->be_lun = be_lun;
4430	/*
4431	 * The processor LUN is always enabled.  Disk LUNs come on line
4432	 * disabled, and must be enabled by the backend.
4433	 */
4434	lun->flags |= CTL_LUN_DISABLED;
4435	lun->backend = be_lun->be;
4436	be_lun->ctl_lun = lun;
4437	be_lun->lun_id = lun_number;
4438	atomic_add_int(&be_lun->be->num_luns, 1);
4439	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4440		lun->flags |= CTL_LUN_OFFLINE;
4441
4442	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4443		lun->flags |= CTL_LUN_STOPPED;
4444
4445	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4446		lun->flags |= CTL_LUN_INOPERABLE;
4447
4448	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4449		lun->flags |= CTL_LUN_PRIMARY_SC;
4450
4451	lun->ctl_softc = ctl_softc;
4452#ifdef CTL_TIME_IO
4453	lun->last_busy = getsbinuptime();
4454#endif
4455	TAILQ_INIT(&lun->ooa_queue);
4456	TAILQ_INIT(&lun->blocked_queue);
4457	STAILQ_INIT(&lun->error_list);
4458	ctl_tpc_lun_init(lun);
4459
4460	/*
4461	 * Initialize the mode and log page index.
4462	 */
4463	ctl_init_page_index(lun);
4464	ctl_init_log_page_index(lun);
4465
4466	/*
4467	 * Now, before we insert this lun on the lun list, set the lun
4468	 * inventory changed UA for all other luns.
4469	 */
4470	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4471		mtx_lock(&nlun->lun_lock);
4472		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4473		mtx_unlock(&nlun->lun_lock);
4474	}
4475
4476	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4477
4478	ctl_softc->ctl_luns[lun_number] = lun;
4479
4480	ctl_softc->num_luns++;
4481
4482	/* Setup statistics gathering */
4483	lun->stats.device_type = be_lun->lun_type;
4484	lun->stats.lun_number = lun_number;
4485	lun->stats.blocksize = be_lun->blocksize;
4486	if (be_lun->blocksize == 0)
4487		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4488	for (i = 0;i < CTL_MAX_PORTS;i++)
4489		lun->stats.ports[i].targ_port = i;
4490
4491	mtx_unlock(&ctl_softc->ctl_lock);
4492
4493	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4494	return (0);
4495}
4496
4497/*
4498 * Delete a LUN.
4499 * Assumptions:
4500 * - LUN has already been marked invalid and any pending I/O has been taken
4501 *   care of.
4502 */
4503static int
4504ctl_free_lun(struct ctl_lun *lun)
4505{
4506	struct ctl_softc *softc;
4507	struct ctl_lun *nlun;
4508	int i;
4509
4510	softc = lun->ctl_softc;
4511
4512	mtx_assert(&softc->ctl_lock, MA_OWNED);
4513
4514	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4515
4516	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4517
4518	softc->ctl_luns[lun->lun] = NULL;
4519
4520	if (!TAILQ_EMPTY(&lun->ooa_queue))
4521		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4522
4523	softc->num_luns--;
4524
4525	/*
4526	 * Tell the backend to free resources, if this LUN has a backend.
4527	 */
4528	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4529	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4530
4531	ctl_tpc_lun_shutdown(lun);
4532	mtx_destroy(&lun->lun_lock);
4533	free(lun->lun_devid, M_CTL);
4534	for (i = 0; i < CTL_MAX_PORTS; i++)
4535		free(lun->pending_ua[i], M_CTL);
4536	for (i = 0; i < CTL_MAX_PORTS; i++)
4537		free(lun->pr_keys[i], M_CTL);
4538	free(lun->write_buffer, M_CTL);
4539	if (lun->flags & CTL_LUN_MALLOCED)
4540		free(lun, M_CTL);
4541
4542	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4543		mtx_lock(&nlun->lun_lock);
4544		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4545		mtx_unlock(&nlun->lun_lock);
4546	}
4547
4548	return (0);
4549}
4550
4551static void
4552ctl_create_lun(struct ctl_be_lun *be_lun)
4553{
4554
4555	/*
4556	 * ctl_alloc_lun() should handle all potential failure cases.
4557	 */
4558	ctl_alloc_lun(control_softc, NULL, be_lun);
4559}
4560
4561int
4562ctl_add_lun(struct ctl_be_lun *be_lun)
4563{
4564	struct ctl_softc *softc = control_softc;
4565
4566	mtx_lock(&softc->ctl_lock);
4567	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4568	mtx_unlock(&softc->ctl_lock);
4569	wakeup(&softc->pending_lun_queue);
4570
4571	return (0);
4572}
4573
4574int
4575ctl_enable_lun(struct ctl_be_lun *be_lun)
4576{
4577	struct ctl_softc *softc;
4578	struct ctl_port *port, *nport;
4579	struct ctl_lun *lun;
4580	int retval;
4581
4582	lun = (struct ctl_lun *)be_lun->ctl_lun;
4583	softc = lun->ctl_softc;
4584
4585	mtx_lock(&softc->ctl_lock);
4586	mtx_lock(&lun->lun_lock);
4587	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4588		/*
4589		 * eh?  Why did we get called if the LUN is already
4590		 * enabled?
4591		 */
4592		mtx_unlock(&lun->lun_lock);
4593		mtx_unlock(&softc->ctl_lock);
4594		return (0);
4595	}
4596	lun->flags &= ~CTL_LUN_DISABLED;
4597	mtx_unlock(&lun->lun_lock);
4598
4599	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4600		nport = STAILQ_NEXT(port, links);
4601		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4602		    port->lun_map != NULL || port->lun_enable == NULL)
4603			continue;
4604
4605		/*
4606		 * Drop the lock while we call the FETD's enable routine.
4607		 * This can lead to a callback into CTL (at least in the
4608		 * case of the internal initiator frontend.
4609		 */
4610		mtx_unlock(&softc->ctl_lock);
4611		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4612		mtx_lock(&softc->ctl_lock);
4613		if (retval != 0) {
4614			printf("%s: FETD %s port %d returned error "
4615			       "%d for lun_enable on lun %jd\n",
4616			       __func__, port->port_name, port->targ_port,
4617			       retval, (intmax_t)lun->lun);
4618		}
4619	}
4620
4621	mtx_unlock(&softc->ctl_lock);
4622	ctl_isc_announce_lun(lun);
4623
4624	return (0);
4625}
4626
4627int
4628ctl_disable_lun(struct ctl_be_lun *be_lun)
4629{
4630	struct ctl_softc *softc;
4631	struct ctl_port *port;
4632	struct ctl_lun *lun;
4633	int retval;
4634
4635	lun = (struct ctl_lun *)be_lun->ctl_lun;
4636	softc = lun->ctl_softc;
4637
4638	mtx_lock(&softc->ctl_lock);
4639	mtx_lock(&lun->lun_lock);
4640	if (lun->flags & CTL_LUN_DISABLED) {
4641		mtx_unlock(&lun->lun_lock);
4642		mtx_unlock(&softc->ctl_lock);
4643		return (0);
4644	}
4645	lun->flags |= CTL_LUN_DISABLED;
4646	mtx_unlock(&lun->lun_lock);
4647
4648	STAILQ_FOREACH(port, &softc->port_list, links) {
4649		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4650		    port->lun_map != NULL || port->lun_disable == NULL)
4651			continue;
4652
4653		/*
4654		 * Drop the lock before we call the frontend's disable
4655		 * routine, to avoid lock order reversals.
4656		 *
4657		 * XXX KDM what happens if the frontend list changes while
4658		 * we're traversing it?  It's unlikely, but should be handled.
4659		 */
4660		mtx_unlock(&softc->ctl_lock);
4661		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4662		mtx_lock(&softc->ctl_lock);
4663		if (retval != 0) {
4664			printf("%s: FETD %s port %d returned error "
4665			       "%d for lun_disable on lun %jd\n",
4666			       __func__, port->port_name, port->targ_port,
4667			       retval, (intmax_t)lun->lun);
4668		}
4669	}
4670
4671	mtx_unlock(&softc->ctl_lock);
4672	ctl_isc_announce_lun(lun);
4673
4674	return (0);
4675}
4676
4677int
4678ctl_start_lun(struct ctl_be_lun *be_lun)
4679{
4680	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4681
4682	mtx_lock(&lun->lun_lock);
4683	lun->flags &= ~CTL_LUN_STOPPED;
4684	mtx_unlock(&lun->lun_lock);
4685	return (0);
4686}
4687
4688int
4689ctl_stop_lun(struct ctl_be_lun *be_lun)
4690{
4691	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4692
4693	mtx_lock(&lun->lun_lock);
4694	lun->flags |= CTL_LUN_STOPPED;
4695	mtx_unlock(&lun->lun_lock);
4696	return (0);
4697}
4698
4699int
4700ctl_lun_offline(struct ctl_be_lun *be_lun)
4701{
4702	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4703
4704	mtx_lock(&lun->lun_lock);
4705	lun->flags |= CTL_LUN_OFFLINE;
4706	mtx_unlock(&lun->lun_lock);
4707	return (0);
4708}
4709
4710int
4711ctl_lun_online(struct ctl_be_lun *be_lun)
4712{
4713	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4714
4715	mtx_lock(&lun->lun_lock);
4716	lun->flags &= ~CTL_LUN_OFFLINE;
4717	mtx_unlock(&lun->lun_lock);
4718	return (0);
4719}
4720
4721int
4722ctl_lun_primary(struct ctl_be_lun *be_lun)
4723{
4724	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4725
4726	mtx_lock(&lun->lun_lock);
4727	lun->flags |= CTL_LUN_PRIMARY_SC;
4728	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4729	mtx_unlock(&lun->lun_lock);
4730	ctl_isc_announce_lun(lun);
4731	return (0);
4732}
4733
4734int
4735ctl_lun_secondary(struct ctl_be_lun *be_lun)
4736{
4737	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4738
4739	mtx_lock(&lun->lun_lock);
4740	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4741	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4742	mtx_unlock(&lun->lun_lock);
4743	ctl_isc_announce_lun(lun);
4744	return (0);
4745}
4746
4747int
4748ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4749{
4750	struct ctl_softc *softc;
4751	struct ctl_lun *lun;
4752
4753	lun = (struct ctl_lun *)be_lun->ctl_lun;
4754	softc = lun->ctl_softc;
4755
4756	mtx_lock(&lun->lun_lock);
4757
4758	/*
4759	 * The LUN needs to be disabled before it can be marked invalid.
4760	 */
4761	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4762		mtx_unlock(&lun->lun_lock);
4763		return (-1);
4764	}
4765	/*
4766	 * Mark the LUN invalid.
4767	 */
4768	lun->flags |= CTL_LUN_INVALID;
4769
4770	/*
4771	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4772	 * If we have something in the OOA queue, we'll free it when the
4773	 * last I/O completes.
4774	 */
4775	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4776		mtx_unlock(&lun->lun_lock);
4777		mtx_lock(&softc->ctl_lock);
4778		ctl_free_lun(lun);
4779		mtx_unlock(&softc->ctl_lock);
4780	} else
4781		mtx_unlock(&lun->lun_lock);
4782
4783	return (0);
4784}
4785
4786int
4787ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4788{
4789	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4790
4791	mtx_lock(&lun->lun_lock);
4792	lun->flags |= CTL_LUN_INOPERABLE;
4793	mtx_unlock(&lun->lun_lock);
4794	return (0);
4795}
4796
4797int
4798ctl_lun_operable(struct ctl_be_lun *be_lun)
4799{
4800	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4801
4802	mtx_lock(&lun->lun_lock);
4803	lun->flags &= ~CTL_LUN_INOPERABLE;
4804	mtx_unlock(&lun->lun_lock);
4805	return (0);
4806}
4807
4808void
4809ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4810{
4811	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4812	union ctl_ha_msg msg;
4813
4814	mtx_lock(&lun->lun_lock);
4815	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4816	mtx_unlock(&lun->lun_lock);
4817	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4818		/* Send msg to other side. */
4819		bzero(&msg.ua, sizeof(msg.ua));
4820		msg.hdr.msg_type = CTL_MSG_UA;
4821		msg.hdr.nexus.initid = -1;
4822		msg.hdr.nexus.targ_port = -1;
4823		msg.hdr.nexus.targ_lun = lun->lun;
4824		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4825		msg.ua.ua_all = 1;
4826		msg.ua.ua_set = 1;
4827		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4828		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4829		    M_WAITOK);
4830	}
4831}
4832
4833/*
4834 * Backend "memory move is complete" callback for requests that never
4835 * make it down to say RAIDCore's configuration code.
4836 */
4837int
4838ctl_config_move_done(union ctl_io *io)
4839{
4840	int retval;
4841
4842	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4843	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4844	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4845
4846	if ((io->io_hdr.port_status != 0) &&
4847	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4848	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4849		/*
4850		 * For hardware error sense keys, the sense key
4851		 * specific value is defined to be a retry count,
4852		 * but we use it to pass back an internal FETD
4853		 * error code.  XXX KDM  Hopefully the FETD is only
4854		 * using 16 bits for an error code, since that's
4855		 * all the space we have in the sks field.
4856		 */
4857		ctl_set_internal_failure(&io->scsiio,
4858					 /*sks_valid*/ 1,
4859					 /*retry_count*/
4860					 io->io_hdr.port_status);
4861	}
4862
4863	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4864		ctl_data_print(io);
4865	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4866	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4867	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4868	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4869		/*
4870		 * XXX KDM just assuming a single pointer here, and not a
4871		 * S/G list.  If we start using S/G lists for config data,
4872		 * we'll need to know how to clean them up here as well.
4873		 */
4874		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4875			free(io->scsiio.kern_data_ptr, M_CTL);
4876		ctl_done(io);
4877		retval = CTL_RETVAL_COMPLETE;
4878	} else {
4879		/*
4880		 * XXX KDM now we need to continue data movement.  Some
4881		 * options:
4882		 * - call ctl_scsiio() again?  We don't do this for data
4883		 *   writes, because for those at least we know ahead of
4884		 *   time where the write will go and how long it is.  For
4885		 *   config writes, though, that information is largely
4886		 *   contained within the write itself, thus we need to
4887		 *   parse out the data again.
4888		 *
4889		 * - Call some other function once the data is in?
4890		 */
4891
4892		/*
4893		 * XXX KDM call ctl_scsiio() again for now, and check flag
4894		 * bits to see whether we're allocated or not.
4895		 */
4896		retval = ctl_scsiio(&io->scsiio);
4897	}
4898	return (retval);
4899}
4900
4901/*
4902 * This gets called by a backend driver when it is done with a
4903 * data_submit method.
4904 */
4905void
4906ctl_data_submit_done(union ctl_io *io)
4907{
4908	/*
4909	 * If the IO_CONT flag is set, we need to call the supplied
4910	 * function to continue processing the I/O, instead of completing
4911	 * the I/O just yet.
4912	 *
4913	 * If there is an error, though, we don't want to keep processing.
4914	 * Instead, just send status back to the initiator.
4915	 */
4916	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4917	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4918	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4919	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4920		io->scsiio.io_cont(io);
4921		return;
4922	}
4923	ctl_done(io);
4924}
4925
4926/*
4927 * This gets called by a backend driver when it is done with a
4928 * configuration write.
4929 */
4930void
4931ctl_config_write_done(union ctl_io *io)
4932{
4933	uint8_t *buf;
4934
4935	/*
4936	 * If the IO_CONT flag is set, we need to call the supplied
4937	 * function to continue processing the I/O, instead of completing
4938	 * the I/O just yet.
4939	 *
4940	 * If there is an error, though, we don't want to keep processing.
4941	 * Instead, just send status back to the initiator.
4942	 */
4943	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4944	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4945	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4946	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4947		io->scsiio.io_cont(io);
4948		return;
4949	}
4950	/*
4951	 * Since a configuration write can be done for commands that actually
4952	 * have data allocated, like write buffer, and commands that have
4953	 * no data, like start/stop unit, we need to check here.
4954	 */
4955	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4956		buf = io->scsiio.kern_data_ptr;
4957	else
4958		buf = NULL;
4959	ctl_done(io);
4960	if (buf)
4961		free(buf, M_CTL);
4962}
4963
4964void
4965ctl_config_read_done(union ctl_io *io)
4966{
4967	uint8_t *buf;
4968
4969	/*
4970	 * If there is some error -- we are done, skip data transfer.
4971	 */
4972	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4973	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4974	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4975		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4976			buf = io->scsiio.kern_data_ptr;
4977		else
4978			buf = NULL;
4979		ctl_done(io);
4980		if (buf)
4981			free(buf, M_CTL);
4982		return;
4983	}
4984
4985	/*
4986	 * If the IO_CONT flag is set, we need to call the supplied
4987	 * function to continue processing the I/O, instead of completing
4988	 * the I/O just yet.
4989	 */
4990	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4991		io->scsiio.io_cont(io);
4992		return;
4993	}
4994
4995	ctl_datamove(io);
4996}
4997
4998/*
4999 * SCSI release command.
5000 */
5001int
5002ctl_scsi_release(struct ctl_scsiio *ctsio)
5003{
5004	struct ctl_lun *lun;
5005	uint32_t residx;
5006
5007	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5008
5009	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5010	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5011
5012	/*
5013	 * XXX KDM right now, we only support LUN reservation.  We don't
5014	 * support 3rd party reservations, or extent reservations, which
5015	 * might actually need the parameter list.  If we've gotten this
5016	 * far, we've got a LUN reservation.  Anything else got kicked out
5017	 * above.  So, according to SPC, ignore the length.
5018	 */
5019
5020	mtx_lock(&lun->lun_lock);
5021
5022	/*
5023	 * According to SPC, it is not an error for an intiator to attempt
5024	 * to release a reservation on a LUN that isn't reserved, or that
5025	 * is reserved by another initiator.  The reservation can only be
5026	 * released, though, by the initiator who made it or by one of
5027	 * several reset type events.
5028	 */
5029	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5030			lun->flags &= ~CTL_LUN_RESERVED;
5031
5032	mtx_unlock(&lun->lun_lock);
5033
5034	ctl_set_success(ctsio);
5035	ctl_done((union ctl_io *)ctsio);
5036	return (CTL_RETVAL_COMPLETE);
5037}
5038
5039int
5040ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5041{
5042	struct ctl_lun *lun;
5043	uint32_t residx;
5044
5045	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5046
5047	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5048	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5049
5050	/*
5051	 * XXX KDM right now, we only support LUN reservation.  We don't
5052	 * support 3rd party reservations, or extent reservations, which
5053	 * might actually need the parameter list.  If we've gotten this
5054	 * far, we've got a LUN reservation.  Anything else got kicked out
5055	 * above.  So, according to SPC, ignore the length.
5056	 */
5057
5058	mtx_lock(&lun->lun_lock);
5059	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5060		ctl_set_reservation_conflict(ctsio);
5061		goto bailout;
5062	}
5063	lun->flags |= CTL_LUN_RESERVED;
5064	lun->res_idx = residx;
5065	ctl_set_success(ctsio);
5066
5067bailout:
5068	mtx_unlock(&lun->lun_lock);
5069	ctl_done((union ctl_io *)ctsio);
5070	return (CTL_RETVAL_COMPLETE);
5071}
5072
5073int
5074ctl_start_stop(struct ctl_scsiio *ctsio)
5075{
5076	struct scsi_start_stop_unit *cdb;
5077	struct ctl_lun *lun;
5078	int retval;
5079
5080	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5081
5082	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5083	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5084
5085	/*
5086	 * XXX KDM
5087	 * We don't support the immediate bit on a stop unit.  In order to
5088	 * do that, we would need to code up a way to know that a stop is
5089	 * pending, and hold off any new commands until it completes, one
5090	 * way or another.  Then we could accept or reject those commands
5091	 * depending on its status.  We would almost need to do the reverse
5092	 * of what we do below for an immediate start -- return the copy of
5093	 * the ctl_io to the FETD with status to send to the host (and to
5094	 * free the copy!) and then free the original I/O once the stop
5095	 * actually completes.  That way, the OOA queue mechanism can work
5096	 * to block commands that shouldn't proceed.  Another alternative
5097	 * would be to put the copy in the queue in place of the original,
5098	 * and return the original back to the caller.  That could be
5099	 * slightly safer..
5100	 */
5101	if ((cdb->byte2 & SSS_IMMED)
5102	 && ((cdb->how & SSS_START) == 0)) {
5103		ctl_set_invalid_field(ctsio,
5104				      /*sks_valid*/ 1,
5105				      /*command*/ 1,
5106				      /*field*/ 1,
5107				      /*bit_valid*/ 1,
5108				      /*bit*/ 0);
5109		ctl_done((union ctl_io *)ctsio);
5110		return (CTL_RETVAL_COMPLETE);
5111	}
5112
5113	if ((lun->flags & CTL_LUN_PR_RESERVED)
5114	 && ((cdb->how & SSS_START)==0)) {
5115		uint32_t residx;
5116
5117		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5118		if (ctl_get_prkey(lun, residx) == 0
5119		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5120
5121			ctl_set_reservation_conflict(ctsio);
5122			ctl_done((union ctl_io *)ctsio);
5123			return (CTL_RETVAL_COMPLETE);
5124		}
5125	}
5126
5127	/*
5128	 * If there is no backend on this device, we can't start or stop
5129	 * it.  In theory we shouldn't get any start/stop commands in the
5130	 * first place at this level if the LUN doesn't have a backend.
5131	 * That should get stopped by the command decode code.
5132	 */
5133	if (lun->backend == NULL) {
5134		ctl_set_invalid_opcode(ctsio);
5135		ctl_done((union ctl_io *)ctsio);
5136		return (CTL_RETVAL_COMPLETE);
5137	}
5138
5139	/*
5140	 * In the non-immediate case, we send the request to
5141	 * the backend and return status to the user when
5142	 * it is done.
5143	 *
5144	 * In the immediate case, we allocate a new ctl_io
5145	 * to hold a copy of the request, and send that to
5146	 * the backend.  We then set good status on the
5147	 * user's request and return it immediately.
5148	 */
5149	if (cdb->byte2 & SSS_IMMED) {
5150		union ctl_io *new_io;
5151
5152		new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5153		ctl_copy_io((union ctl_io *)ctsio, new_io);
5154		retval = lun->backend->config_write(new_io);
5155		ctl_set_success(ctsio);
5156		ctl_done((union ctl_io *)ctsio);
5157	} else {
5158		retval = lun->backend->config_write(
5159			(union ctl_io *)ctsio);
5160	}
5161	return (retval);
5162}
5163
5164/*
5165 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5166 * we don't really do anything with the LBA and length fields if the user
5167 * passes them in.  Instead we'll just flush out the cache for the entire
5168 * LUN.
5169 */
5170int
5171ctl_sync_cache(struct ctl_scsiio *ctsio)
5172{
5173	struct ctl_lun *lun;
5174	struct ctl_softc *softc;
5175	struct ctl_lba_len_flags *lbalen;
5176	uint64_t starting_lba;
5177	uint32_t block_count;
5178	int retval;
5179	uint8_t byte2;
5180
5181	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5182
5183	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5184	softc = lun->ctl_softc;
5185	retval = 0;
5186
5187	switch (ctsio->cdb[0]) {
5188	case SYNCHRONIZE_CACHE: {
5189		struct scsi_sync_cache *cdb;
5190		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5191
5192		starting_lba = scsi_4btoul(cdb->begin_lba);
5193		block_count = scsi_2btoul(cdb->lb_count);
5194		byte2 = cdb->byte2;
5195		break;
5196	}
5197	case SYNCHRONIZE_CACHE_16: {
5198		struct scsi_sync_cache_16 *cdb;
5199		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5200
5201		starting_lba = scsi_8btou64(cdb->begin_lba);
5202		block_count = scsi_4btoul(cdb->lb_count);
5203		byte2 = cdb->byte2;
5204		break;
5205	}
5206	default:
5207		ctl_set_invalid_opcode(ctsio);
5208		ctl_done((union ctl_io *)ctsio);
5209		goto bailout;
5210		break; /* NOTREACHED */
5211	}
5212
5213	/*
5214	 * We check the LBA and length, but don't do anything with them.
5215	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5216	 * get flushed.  This check will just help satisfy anyone who wants
5217	 * to see an error for an out of range LBA.
5218	 */
5219	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5220		ctl_set_lba_out_of_range(ctsio);
5221		ctl_done((union ctl_io *)ctsio);
5222		goto bailout;
5223	}
5224
5225	/*
5226	 * If this LUN has no backend, we can't flush the cache anyway.
5227	 */
5228	if (lun->backend == NULL) {
5229		ctl_set_invalid_opcode(ctsio);
5230		ctl_done((union ctl_io *)ctsio);
5231		goto bailout;
5232	}
5233
5234	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5235	lbalen->lba = starting_lba;
5236	lbalen->len = block_count;
5237	lbalen->flags = byte2;
5238	retval = lun->backend->config_write((union ctl_io *)ctsio);
5239
5240bailout:
5241	return (retval);
5242}
5243
5244int
5245ctl_format(struct ctl_scsiio *ctsio)
5246{
5247	struct scsi_format *cdb;
5248	struct ctl_lun *lun;
5249	int length, defect_list_len;
5250
5251	CTL_DEBUG_PRINT(("ctl_format\n"));
5252
5253	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5254
5255	cdb = (struct scsi_format *)ctsio->cdb;
5256
5257	length = 0;
5258	if (cdb->byte2 & SF_FMTDATA) {
5259		if (cdb->byte2 & SF_LONGLIST)
5260			length = sizeof(struct scsi_format_header_long);
5261		else
5262			length = sizeof(struct scsi_format_header_short);
5263	}
5264
5265	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5266	 && (length > 0)) {
5267		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5268		ctsio->kern_data_len = length;
5269		ctsio->kern_total_len = length;
5270		ctsio->kern_data_resid = 0;
5271		ctsio->kern_rel_offset = 0;
5272		ctsio->kern_sg_entries = 0;
5273		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5274		ctsio->be_move_done = ctl_config_move_done;
5275		ctl_datamove((union ctl_io *)ctsio);
5276
5277		return (CTL_RETVAL_COMPLETE);
5278	}
5279
5280	defect_list_len = 0;
5281
5282	if (cdb->byte2 & SF_FMTDATA) {
5283		if (cdb->byte2 & SF_LONGLIST) {
5284			struct scsi_format_header_long *header;
5285
5286			header = (struct scsi_format_header_long *)
5287				ctsio->kern_data_ptr;
5288
5289			defect_list_len = scsi_4btoul(header->defect_list_len);
5290			if (defect_list_len != 0) {
5291				ctl_set_invalid_field(ctsio,
5292						      /*sks_valid*/ 1,
5293						      /*command*/ 0,
5294						      /*field*/ 2,
5295						      /*bit_valid*/ 0,
5296						      /*bit*/ 0);
5297				goto bailout;
5298			}
5299		} else {
5300			struct scsi_format_header_short *header;
5301
5302			header = (struct scsi_format_header_short *)
5303				ctsio->kern_data_ptr;
5304
5305			defect_list_len = scsi_2btoul(header->defect_list_len);
5306			if (defect_list_len != 0) {
5307				ctl_set_invalid_field(ctsio,
5308						      /*sks_valid*/ 1,
5309						      /*command*/ 0,
5310						      /*field*/ 2,
5311						      /*bit_valid*/ 0,
5312						      /*bit*/ 0);
5313				goto bailout;
5314			}
5315		}
5316	}
5317
5318	/*
5319	 * The format command will clear out the "Medium format corrupted"
5320	 * status if set by the configuration code.  That status is really
5321	 * just a way to notify the host that we have lost the media, and
5322	 * get them to issue a command that will basically make them think
5323	 * they're blowing away the media.
5324	 */
5325	mtx_lock(&lun->lun_lock);
5326	lun->flags &= ~CTL_LUN_INOPERABLE;
5327	mtx_unlock(&lun->lun_lock);
5328
5329	ctl_set_success(ctsio);
5330bailout:
5331
5332	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5333		free(ctsio->kern_data_ptr, M_CTL);
5334		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5335	}
5336
5337	ctl_done((union ctl_io *)ctsio);
5338	return (CTL_RETVAL_COMPLETE);
5339}
5340
5341int
5342ctl_read_buffer(struct ctl_scsiio *ctsio)
5343{
5344	struct ctl_lun *lun;
5345	uint64_t buffer_offset;
5346	uint32_t len;
5347	uint8_t byte2;
5348	static uint8_t descr[4];
5349	static uint8_t echo_descr[4] = { 0 };
5350
5351	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5352	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5353	switch (ctsio->cdb[0]) {
5354	case READ_BUFFER: {
5355		struct scsi_read_buffer *cdb;
5356
5357		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5358		buffer_offset = scsi_3btoul(cdb->offset);
5359		len = scsi_3btoul(cdb->length);
5360		byte2 = cdb->byte2;
5361		break;
5362	}
5363	case READ_BUFFER_16: {
5364		struct scsi_read_buffer_16 *cdb;
5365
5366		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5367		buffer_offset = scsi_8btou64(cdb->offset);
5368		len = scsi_4btoul(cdb->length);
5369		byte2 = cdb->byte2;
5370		break;
5371	}
5372	default: /* This shouldn't happen. */
5373		ctl_set_invalid_opcode(ctsio);
5374		ctl_done((union ctl_io *)ctsio);
5375		return (CTL_RETVAL_COMPLETE);
5376	}
5377
5378	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5379	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5380	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5381		ctl_set_invalid_field(ctsio,
5382				      /*sks_valid*/ 1,
5383				      /*command*/ 1,
5384				      /*field*/ 1,
5385				      /*bit_valid*/ 1,
5386				      /*bit*/ 4);
5387		ctl_done((union ctl_io *)ctsio);
5388		return (CTL_RETVAL_COMPLETE);
5389	}
5390
5391	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5392	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5393		ctl_set_invalid_field(ctsio,
5394				      /*sks_valid*/ 1,
5395				      /*command*/ 1,
5396				      /*field*/ 6,
5397				      /*bit_valid*/ 0,
5398				      /*bit*/ 0);
5399		ctl_done((union ctl_io *)ctsio);
5400		return (CTL_RETVAL_COMPLETE);
5401	}
5402
5403	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5404		descr[0] = 0;
5405		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5406		ctsio->kern_data_ptr = descr;
5407		len = min(len, sizeof(descr));
5408	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5409		ctsio->kern_data_ptr = echo_descr;
5410		len = min(len, sizeof(echo_descr));
5411	} else {
5412		if (lun->write_buffer == NULL) {
5413			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5414			    M_CTL, M_WAITOK);
5415		}
5416		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5417	}
5418	ctsio->kern_data_len = len;
5419	ctsio->kern_total_len = len;
5420	ctsio->kern_data_resid = 0;
5421	ctsio->kern_rel_offset = 0;
5422	ctsio->kern_sg_entries = 0;
5423	ctl_set_success(ctsio);
5424	ctsio->be_move_done = ctl_config_move_done;
5425	ctl_datamove((union ctl_io *)ctsio);
5426	return (CTL_RETVAL_COMPLETE);
5427}
5428
5429int
5430ctl_write_buffer(struct ctl_scsiio *ctsio)
5431{
5432	struct scsi_write_buffer *cdb;
5433	struct ctl_lun *lun;
5434	int buffer_offset, len;
5435
5436	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5437
5438	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5439	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5440
5441	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5442		ctl_set_invalid_field(ctsio,
5443				      /*sks_valid*/ 1,
5444				      /*command*/ 1,
5445				      /*field*/ 1,
5446				      /*bit_valid*/ 1,
5447				      /*bit*/ 4);
5448		ctl_done((union ctl_io *)ctsio);
5449		return (CTL_RETVAL_COMPLETE);
5450	}
5451
5452	len = scsi_3btoul(cdb->length);
5453	buffer_offset = scsi_3btoul(cdb->offset);
5454
5455	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5456		ctl_set_invalid_field(ctsio,
5457				      /*sks_valid*/ 1,
5458				      /*command*/ 1,
5459				      /*field*/ 6,
5460				      /*bit_valid*/ 0,
5461				      /*bit*/ 0);
5462		ctl_done((union ctl_io *)ctsio);
5463		return (CTL_RETVAL_COMPLETE);
5464	}
5465
5466	/*
5467	 * If we've got a kernel request that hasn't been malloced yet,
5468	 * malloc it and tell the caller the data buffer is here.
5469	 */
5470	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5471		if (lun->write_buffer == NULL) {
5472			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5473			    M_CTL, M_WAITOK);
5474		}
5475		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5476		ctsio->kern_data_len = len;
5477		ctsio->kern_total_len = len;
5478		ctsio->kern_data_resid = 0;
5479		ctsio->kern_rel_offset = 0;
5480		ctsio->kern_sg_entries = 0;
5481		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5482		ctsio->be_move_done = ctl_config_move_done;
5483		ctl_datamove((union ctl_io *)ctsio);
5484
5485		return (CTL_RETVAL_COMPLETE);
5486	}
5487
5488	ctl_set_success(ctsio);
5489	ctl_done((union ctl_io *)ctsio);
5490	return (CTL_RETVAL_COMPLETE);
5491}
5492
5493int
5494ctl_write_same(struct ctl_scsiio *ctsio)
5495{
5496	struct ctl_lun *lun;
5497	struct ctl_lba_len_flags *lbalen;
5498	uint64_t lba;
5499	uint32_t num_blocks;
5500	int len, retval;
5501	uint8_t byte2;
5502
5503	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5504
5505	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5506
5507	switch (ctsio->cdb[0]) {
5508	case WRITE_SAME_10: {
5509		struct scsi_write_same_10 *cdb;
5510
5511		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5512
5513		lba = scsi_4btoul(cdb->addr);
5514		num_blocks = scsi_2btoul(cdb->length);
5515		byte2 = cdb->byte2;
5516		break;
5517	}
5518	case WRITE_SAME_16: {
5519		struct scsi_write_same_16 *cdb;
5520
5521		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5522
5523		lba = scsi_8btou64(cdb->addr);
5524		num_blocks = scsi_4btoul(cdb->length);
5525		byte2 = cdb->byte2;
5526		break;
5527	}
5528	default:
5529		/*
5530		 * We got a command we don't support.  This shouldn't
5531		 * happen, commands should be filtered out above us.
5532		 */
5533		ctl_set_invalid_opcode(ctsio);
5534		ctl_done((union ctl_io *)ctsio);
5535
5536		return (CTL_RETVAL_COMPLETE);
5537		break; /* NOTREACHED */
5538	}
5539
5540	/* ANCHOR flag can be used only together with UNMAP */
5541	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5542		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5543		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5544		ctl_done((union ctl_io *)ctsio);
5545		return (CTL_RETVAL_COMPLETE);
5546	}
5547
5548	/*
5549	 * The first check is to make sure we're in bounds, the second
5550	 * check is to catch wrap-around problems.  If the lba + num blocks
5551	 * is less than the lba, then we've wrapped around and the block
5552	 * range is invalid anyway.
5553	 */
5554	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5555	 || ((lba + num_blocks) < lba)) {
5556		ctl_set_lba_out_of_range(ctsio);
5557		ctl_done((union ctl_io *)ctsio);
5558		return (CTL_RETVAL_COMPLETE);
5559	}
5560
5561	/* Zero number of blocks means "to the last logical block" */
5562	if (num_blocks == 0) {
5563		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5564			ctl_set_invalid_field(ctsio,
5565					      /*sks_valid*/ 0,
5566					      /*command*/ 1,
5567					      /*field*/ 0,
5568					      /*bit_valid*/ 0,
5569					      /*bit*/ 0);
5570			ctl_done((union ctl_io *)ctsio);
5571			return (CTL_RETVAL_COMPLETE);
5572		}
5573		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5574	}
5575
5576	len = lun->be_lun->blocksize;
5577
5578	/*
5579	 * If we've got a kernel request that hasn't been malloced yet,
5580	 * malloc it and tell the caller the data buffer is here.
5581	 */
5582	if ((byte2 & SWS_NDOB) == 0 &&
5583	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5584		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5585		ctsio->kern_data_len = len;
5586		ctsio->kern_total_len = len;
5587		ctsio->kern_data_resid = 0;
5588		ctsio->kern_rel_offset = 0;
5589		ctsio->kern_sg_entries = 0;
5590		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5591		ctsio->be_move_done = ctl_config_move_done;
5592		ctl_datamove((union ctl_io *)ctsio);
5593
5594		return (CTL_RETVAL_COMPLETE);
5595	}
5596
5597	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5598	lbalen->lba = lba;
5599	lbalen->len = num_blocks;
5600	lbalen->flags = byte2;
5601	retval = lun->backend->config_write((union ctl_io *)ctsio);
5602
5603	return (retval);
5604}
5605
5606int
5607ctl_unmap(struct ctl_scsiio *ctsio)
5608{
5609	struct ctl_lun *lun;
5610	struct scsi_unmap *cdb;
5611	struct ctl_ptr_len_flags *ptrlen;
5612	struct scsi_unmap_header *hdr;
5613	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5614	uint64_t lba;
5615	uint32_t num_blocks;
5616	int len, retval;
5617	uint8_t byte2;
5618
5619	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5620
5621	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5622	cdb = (struct scsi_unmap *)ctsio->cdb;
5623
5624	len = scsi_2btoul(cdb->length);
5625	byte2 = cdb->byte2;
5626
5627	/*
5628	 * If we've got a kernel request that hasn't been malloced yet,
5629	 * malloc it and tell the caller the data buffer is here.
5630	 */
5631	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5632		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5633		ctsio->kern_data_len = len;
5634		ctsio->kern_total_len = len;
5635		ctsio->kern_data_resid = 0;
5636		ctsio->kern_rel_offset = 0;
5637		ctsio->kern_sg_entries = 0;
5638		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5639		ctsio->be_move_done = ctl_config_move_done;
5640		ctl_datamove((union ctl_io *)ctsio);
5641
5642		return (CTL_RETVAL_COMPLETE);
5643	}
5644
5645	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5646	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5647	if (len < sizeof (*hdr) ||
5648	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5649	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5650	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5651		ctl_set_invalid_field(ctsio,
5652				      /*sks_valid*/ 0,
5653				      /*command*/ 0,
5654				      /*field*/ 0,
5655				      /*bit_valid*/ 0,
5656				      /*bit*/ 0);
5657		goto done;
5658	}
5659	len = scsi_2btoul(hdr->desc_length);
5660	buf = (struct scsi_unmap_desc *)(hdr + 1);
5661	end = buf + len / sizeof(*buf);
5662
5663	endnz = buf;
5664	for (range = buf; range < end; range++) {
5665		lba = scsi_8btou64(range->lba);
5666		num_blocks = scsi_4btoul(range->length);
5667		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5668		 || ((lba + num_blocks) < lba)) {
5669			ctl_set_lba_out_of_range(ctsio);
5670			ctl_done((union ctl_io *)ctsio);
5671			return (CTL_RETVAL_COMPLETE);
5672		}
5673		if (num_blocks != 0)
5674			endnz = range + 1;
5675	}
5676
5677	/*
5678	 * Block backend can not handle zero last range.
5679	 * Filter it out and return if there is nothing left.
5680	 */
5681	len = (uint8_t *)endnz - (uint8_t *)buf;
5682	if (len == 0) {
5683		ctl_set_success(ctsio);
5684		goto done;
5685	}
5686
5687	mtx_lock(&lun->lun_lock);
5688	ptrlen = (struct ctl_ptr_len_flags *)
5689	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5690	ptrlen->ptr = (void *)buf;
5691	ptrlen->len = len;
5692	ptrlen->flags = byte2;
5693	ctl_check_blocked(lun);
5694	mtx_unlock(&lun->lun_lock);
5695
5696	retval = lun->backend->config_write((union ctl_io *)ctsio);
5697	return (retval);
5698
5699done:
5700	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5701		free(ctsio->kern_data_ptr, M_CTL);
5702		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5703	}
5704	ctl_done((union ctl_io *)ctsio);
5705	return (CTL_RETVAL_COMPLETE);
5706}
5707
5708/*
5709 * Note that this function currently doesn't actually do anything inside
5710 * CTL to enforce things if the DQue bit is turned on.
5711 *
5712 * Also note that this function can't be used in the default case, because
5713 * the DQue bit isn't set in the changeable mask for the control mode page
5714 * anyway.  This is just here as an example for how to implement a page
5715 * handler, and a placeholder in case we want to allow the user to turn
5716 * tagged queueing on and off.
5717 *
5718 * The D_SENSE bit handling is functional, however, and will turn
5719 * descriptor sense on and off for a given LUN.
5720 */
5721int
5722ctl_control_page_handler(struct ctl_scsiio *ctsio,
5723			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5724{
5725	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5726	struct ctl_lun *lun;
5727	int set_ua;
5728	uint32_t initidx;
5729
5730	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5731	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5732	set_ua = 0;
5733
5734	user_cp = (struct scsi_control_page *)page_ptr;
5735	current_cp = (struct scsi_control_page *)
5736		(page_index->page_data + (page_index->page_len *
5737		CTL_PAGE_CURRENT));
5738	saved_cp = (struct scsi_control_page *)
5739		(page_index->page_data + (page_index->page_len *
5740		CTL_PAGE_SAVED));
5741
5742	mtx_lock(&lun->lun_lock);
5743	if (((current_cp->rlec & SCP_DSENSE) == 0)
5744	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5745		/*
5746		 * Descriptor sense is currently turned off and the user
5747		 * wants to turn it on.
5748		 */
5749		current_cp->rlec |= SCP_DSENSE;
5750		saved_cp->rlec |= SCP_DSENSE;
5751		lun->flags |= CTL_LUN_SENSE_DESC;
5752		set_ua = 1;
5753	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5754		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5755		/*
5756		 * Descriptor sense is currently turned on, and the user
5757		 * wants to turn it off.
5758		 */
5759		current_cp->rlec &= ~SCP_DSENSE;
5760		saved_cp->rlec &= ~SCP_DSENSE;
5761		lun->flags &= ~CTL_LUN_SENSE_DESC;
5762		set_ua = 1;
5763	}
5764	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5765	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5766		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5767		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5768		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5769		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5770		set_ua = 1;
5771	}
5772	if ((current_cp->eca_and_aen & SCP_SWP) !=
5773	    (user_cp->eca_and_aen & SCP_SWP)) {
5774		current_cp->eca_and_aen &= ~SCP_SWP;
5775		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5776		saved_cp->eca_and_aen &= ~SCP_SWP;
5777		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5778		set_ua = 1;
5779	}
5780	if (set_ua != 0)
5781		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5782	mtx_unlock(&lun->lun_lock);
5783	if (set_ua) {
5784		ctl_isc_announce_mode(lun,
5785		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5786		    page_index->page_code, page_index->subpage);
5787	}
5788	return (0);
5789}
5790
5791int
5792ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5793		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5794{
5795	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5796	struct ctl_lun *lun;
5797	int set_ua;
5798	uint32_t initidx;
5799
5800	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5801	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5802	set_ua = 0;
5803
5804	user_cp = (struct scsi_caching_page *)page_ptr;
5805	current_cp = (struct scsi_caching_page *)
5806		(page_index->page_data + (page_index->page_len *
5807		CTL_PAGE_CURRENT));
5808	saved_cp = (struct scsi_caching_page *)
5809		(page_index->page_data + (page_index->page_len *
5810		CTL_PAGE_SAVED));
5811
5812	mtx_lock(&lun->lun_lock);
5813	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5814	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5815		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5816		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5817		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5818		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5819		set_ua = 1;
5820	}
5821	if (set_ua != 0)
5822		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5823	mtx_unlock(&lun->lun_lock);
5824	if (set_ua) {
5825		ctl_isc_announce_mode(lun,
5826		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5827		    page_index->page_code, page_index->subpage);
5828	}
5829	return (0);
5830}
5831
5832int
5833ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5834				struct ctl_page_index *page_index,
5835				uint8_t *page_ptr)
5836{
5837	uint8_t *c;
5838	int i;
5839
5840	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5841	ctl_time_io_secs =
5842		(c[0] << 8) |
5843		(c[1] << 0) |
5844		0;
5845	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5846	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5847	printf("page data:");
5848	for (i=0; i<8; i++)
5849		printf(" %.2x",page_ptr[i]);
5850	printf("\n");
5851	return (0);
5852}
5853
5854int
5855ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5856			       struct ctl_page_index *page_index,
5857			       int pc)
5858{
5859	struct copan_debugconf_subpage *page;
5860
5861	page = (struct copan_debugconf_subpage *)page_index->page_data +
5862		(page_index->page_len * pc);
5863
5864	switch (pc) {
5865	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5866	case SMS_PAGE_CTRL_DEFAULT >> 6:
5867	case SMS_PAGE_CTRL_SAVED >> 6:
5868		/*
5869		 * We don't update the changable or default bits for this page.
5870		 */
5871		break;
5872	case SMS_PAGE_CTRL_CURRENT >> 6:
5873		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5874		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5875		break;
5876	default:
5877		break;
5878	}
5879	return (0);
5880}
5881
5882
5883static int
5884ctl_do_mode_select(union ctl_io *io)
5885{
5886	struct scsi_mode_page_header *page_header;
5887	struct ctl_page_index *page_index;
5888	struct ctl_scsiio *ctsio;
5889	int page_len, page_len_offset, page_len_size;
5890	union ctl_modepage_info *modepage_info;
5891	struct ctl_lun *lun;
5892	int *len_left, *len_used;
5893	int retval, i;
5894
5895	ctsio = &io->scsiio;
5896	page_index = NULL;
5897	page_len = 0;
5898	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5899
5900	modepage_info = (union ctl_modepage_info *)
5901		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5902	len_left = &modepage_info->header.len_left;
5903	len_used = &modepage_info->header.len_used;
5904
5905do_next_page:
5906
5907	page_header = (struct scsi_mode_page_header *)
5908		(ctsio->kern_data_ptr + *len_used);
5909
5910	if (*len_left == 0) {
5911		free(ctsio->kern_data_ptr, M_CTL);
5912		ctl_set_success(ctsio);
5913		ctl_done((union ctl_io *)ctsio);
5914		return (CTL_RETVAL_COMPLETE);
5915	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5916
5917		free(ctsio->kern_data_ptr, M_CTL);
5918		ctl_set_param_len_error(ctsio);
5919		ctl_done((union ctl_io *)ctsio);
5920		return (CTL_RETVAL_COMPLETE);
5921
5922	} else if ((page_header->page_code & SMPH_SPF)
5923		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5924
5925		free(ctsio->kern_data_ptr, M_CTL);
5926		ctl_set_param_len_error(ctsio);
5927		ctl_done((union ctl_io *)ctsio);
5928		return (CTL_RETVAL_COMPLETE);
5929	}
5930
5931
5932	/*
5933	 * XXX KDM should we do something with the block descriptor?
5934	 */
5935	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5936
5937		if (lun->be_lun->lun_type != T_DIRECT &&
5938		    (lun->mode_pages.index[i].page_flags &
5939		     CTL_PAGE_FLAG_DISK_ONLY))
5940			continue;
5941
5942		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5943		    (page_header->page_code & SMPH_PC_MASK))
5944			continue;
5945
5946		/*
5947		 * If neither page has a subpage code, then we've got a
5948		 * match.
5949		 */
5950		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5951		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5952			page_index = &lun->mode_pages.index[i];
5953			page_len = page_header->page_length;
5954			break;
5955		}
5956
5957		/*
5958		 * If both pages have subpages, then the subpage numbers
5959		 * have to match.
5960		 */
5961		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5962		  && (page_header->page_code & SMPH_SPF)) {
5963			struct scsi_mode_page_header_sp *sph;
5964
5965			sph = (struct scsi_mode_page_header_sp *)page_header;
5966
5967			if (lun->mode_pages.index[i].subpage ==
5968			    sph->subpage) {
5969				page_index = &lun->mode_pages.index[i];
5970				page_len = scsi_2btoul(sph->page_length);
5971				break;
5972			}
5973		}
5974	}
5975
5976	/*
5977	 * If we couldn't find the page, or if we don't have a mode select
5978	 * handler for it, send back an error to the user.
5979	 */
5980	if ((page_index == NULL)
5981	 || (page_index->select_handler == NULL)) {
5982		ctl_set_invalid_field(ctsio,
5983				      /*sks_valid*/ 1,
5984				      /*command*/ 0,
5985				      /*field*/ *len_used,
5986				      /*bit_valid*/ 0,
5987				      /*bit*/ 0);
5988		free(ctsio->kern_data_ptr, M_CTL);
5989		ctl_done((union ctl_io *)ctsio);
5990		return (CTL_RETVAL_COMPLETE);
5991	}
5992
5993	if (page_index->page_code & SMPH_SPF) {
5994		page_len_offset = 2;
5995		page_len_size = 2;
5996	} else {
5997		page_len_size = 1;
5998		page_len_offset = 1;
5999	}
6000
6001	/*
6002	 * If the length the initiator gives us isn't the one we specify in
6003	 * the mode page header, or if they didn't specify enough data in
6004	 * the CDB to avoid truncating this page, kick out the request.
6005	 */
6006	if ((page_len != (page_index->page_len - page_len_offset -
6007			  page_len_size))
6008	 || (*len_left < page_index->page_len)) {
6009
6010
6011		ctl_set_invalid_field(ctsio,
6012				      /*sks_valid*/ 1,
6013				      /*command*/ 0,
6014				      /*field*/ *len_used + page_len_offset,
6015				      /*bit_valid*/ 0,
6016				      /*bit*/ 0);
6017		free(ctsio->kern_data_ptr, M_CTL);
6018		ctl_done((union ctl_io *)ctsio);
6019		return (CTL_RETVAL_COMPLETE);
6020	}
6021
6022	/*
6023	 * Run through the mode page, checking to make sure that the bits
6024	 * the user changed are actually legal for him to change.
6025	 */
6026	for (i = 0; i < page_index->page_len; i++) {
6027		uint8_t *user_byte, *change_mask, *current_byte;
6028		int bad_bit;
6029		int j;
6030
6031		user_byte = (uint8_t *)page_header + i;
6032		change_mask = page_index->page_data +
6033			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6034		current_byte = page_index->page_data +
6035			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6036
6037		/*
6038		 * Check to see whether the user set any bits in this byte
6039		 * that he is not allowed to set.
6040		 */
6041		if ((*user_byte & ~(*change_mask)) ==
6042		    (*current_byte & ~(*change_mask)))
6043			continue;
6044
6045		/*
6046		 * Go through bit by bit to determine which one is illegal.
6047		 */
6048		bad_bit = 0;
6049		for (j = 7; j >= 0; j--) {
6050			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6051			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6052				bad_bit = i;
6053				break;
6054			}
6055		}
6056		ctl_set_invalid_field(ctsio,
6057				      /*sks_valid*/ 1,
6058				      /*command*/ 0,
6059				      /*field*/ *len_used + i,
6060				      /*bit_valid*/ 1,
6061				      /*bit*/ bad_bit);
6062		free(ctsio->kern_data_ptr, M_CTL);
6063		ctl_done((union ctl_io *)ctsio);
6064		return (CTL_RETVAL_COMPLETE);
6065	}
6066
6067	/*
6068	 * Decrement these before we call the page handler, since we may
6069	 * end up getting called back one way or another before the handler
6070	 * returns to this context.
6071	 */
6072	*len_left -= page_index->page_len;
6073	*len_used += page_index->page_len;
6074
6075	retval = page_index->select_handler(ctsio, page_index,
6076					    (uint8_t *)page_header);
6077
6078	/*
6079	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6080	 * wait until this queued command completes to finish processing
6081	 * the mode page.  If it returns anything other than
6082	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6083	 * already set the sense information, freed the data pointer, and
6084	 * completed the io for us.
6085	 */
6086	if (retval != CTL_RETVAL_COMPLETE)
6087		goto bailout_no_done;
6088
6089	/*
6090	 * If the initiator sent us more than one page, parse the next one.
6091	 */
6092	if (*len_left > 0)
6093		goto do_next_page;
6094
6095	ctl_set_success(ctsio);
6096	free(ctsio->kern_data_ptr, M_CTL);
6097	ctl_done((union ctl_io *)ctsio);
6098
6099bailout_no_done:
6100
6101	return (CTL_RETVAL_COMPLETE);
6102
6103}
6104
6105int
6106ctl_mode_select(struct ctl_scsiio *ctsio)
6107{
6108	int param_len, pf, sp;
6109	int header_size, bd_len;
6110	union ctl_modepage_info *modepage_info;
6111
6112	switch (ctsio->cdb[0]) {
6113	case MODE_SELECT_6: {
6114		struct scsi_mode_select_6 *cdb;
6115
6116		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6117
6118		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6119		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6120		param_len = cdb->length;
6121		header_size = sizeof(struct scsi_mode_header_6);
6122		break;
6123	}
6124	case MODE_SELECT_10: {
6125		struct scsi_mode_select_10 *cdb;
6126
6127		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6128
6129		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6130		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6131		param_len = scsi_2btoul(cdb->length);
6132		header_size = sizeof(struct scsi_mode_header_10);
6133		break;
6134	}
6135	default:
6136		ctl_set_invalid_opcode(ctsio);
6137		ctl_done((union ctl_io *)ctsio);
6138		return (CTL_RETVAL_COMPLETE);
6139	}
6140
6141	/*
6142	 * From SPC-3:
6143	 * "A parameter list length of zero indicates that the Data-Out Buffer
6144	 * shall be empty. This condition shall not be considered as an error."
6145	 */
6146	if (param_len == 0) {
6147		ctl_set_success(ctsio);
6148		ctl_done((union ctl_io *)ctsio);
6149		return (CTL_RETVAL_COMPLETE);
6150	}
6151
6152	/*
6153	 * Since we'll hit this the first time through, prior to
6154	 * allocation, we don't need to free a data buffer here.
6155	 */
6156	if (param_len < header_size) {
6157		ctl_set_param_len_error(ctsio);
6158		ctl_done((union ctl_io *)ctsio);
6159		return (CTL_RETVAL_COMPLETE);
6160	}
6161
6162	/*
6163	 * Allocate the data buffer and grab the user's data.  In theory,
6164	 * we shouldn't have to sanity check the parameter list length here
6165	 * because the maximum size is 64K.  We should be able to malloc
6166	 * that much without too many problems.
6167	 */
6168	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6169		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6170		ctsio->kern_data_len = param_len;
6171		ctsio->kern_total_len = param_len;
6172		ctsio->kern_data_resid = 0;
6173		ctsio->kern_rel_offset = 0;
6174		ctsio->kern_sg_entries = 0;
6175		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6176		ctsio->be_move_done = ctl_config_move_done;
6177		ctl_datamove((union ctl_io *)ctsio);
6178
6179		return (CTL_RETVAL_COMPLETE);
6180	}
6181
6182	switch (ctsio->cdb[0]) {
6183	case MODE_SELECT_6: {
6184		struct scsi_mode_header_6 *mh6;
6185
6186		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6187		bd_len = mh6->blk_desc_len;
6188		break;
6189	}
6190	case MODE_SELECT_10: {
6191		struct scsi_mode_header_10 *mh10;
6192
6193		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6194		bd_len = scsi_2btoul(mh10->blk_desc_len);
6195		break;
6196	}
6197	default:
6198		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6199		break;
6200	}
6201
6202	if (param_len < (header_size + bd_len)) {
6203		free(ctsio->kern_data_ptr, M_CTL);
6204		ctl_set_param_len_error(ctsio);
6205		ctl_done((union ctl_io *)ctsio);
6206		return (CTL_RETVAL_COMPLETE);
6207	}
6208
6209	/*
6210	 * Set the IO_CONT flag, so that if this I/O gets passed to
6211	 * ctl_config_write_done(), it'll get passed back to
6212	 * ctl_do_mode_select() for further processing, or completion if
6213	 * we're all done.
6214	 */
6215	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6216	ctsio->io_cont = ctl_do_mode_select;
6217
6218	modepage_info = (union ctl_modepage_info *)
6219		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6220	memset(modepage_info, 0, sizeof(*modepage_info));
6221	modepage_info->header.len_left = param_len - header_size - bd_len;
6222	modepage_info->header.len_used = header_size + bd_len;
6223
6224	return (ctl_do_mode_select((union ctl_io *)ctsio));
6225}
6226
6227int
6228ctl_mode_sense(struct ctl_scsiio *ctsio)
6229{
6230	struct ctl_lun *lun;
6231	int pc, page_code, dbd, llba, subpage;
6232	int alloc_len, page_len, header_len, total_len;
6233	struct scsi_mode_block_descr *block_desc;
6234	struct ctl_page_index *page_index;
6235
6236	dbd = 0;
6237	llba = 0;
6238	block_desc = NULL;
6239	page_index = NULL;
6240
6241	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6242
6243	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6244	switch (ctsio->cdb[0]) {
6245	case MODE_SENSE_6: {
6246		struct scsi_mode_sense_6 *cdb;
6247
6248		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6249
6250		header_len = sizeof(struct scsi_mode_hdr_6);
6251		if (cdb->byte2 & SMS_DBD)
6252			dbd = 1;
6253		else
6254			header_len += sizeof(struct scsi_mode_block_descr);
6255
6256		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6257		page_code = cdb->page & SMS_PAGE_CODE;
6258		subpage = cdb->subpage;
6259		alloc_len = cdb->length;
6260		break;
6261	}
6262	case MODE_SENSE_10: {
6263		struct scsi_mode_sense_10 *cdb;
6264
6265		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6266
6267		header_len = sizeof(struct scsi_mode_hdr_10);
6268
6269		if (cdb->byte2 & SMS_DBD)
6270			dbd = 1;
6271		else
6272			header_len += sizeof(struct scsi_mode_block_descr);
6273		if (cdb->byte2 & SMS10_LLBAA)
6274			llba = 1;
6275		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6276		page_code = cdb->page & SMS_PAGE_CODE;
6277		subpage = cdb->subpage;
6278		alloc_len = scsi_2btoul(cdb->length);
6279		break;
6280	}
6281	default:
6282		ctl_set_invalid_opcode(ctsio);
6283		ctl_done((union ctl_io *)ctsio);
6284		return (CTL_RETVAL_COMPLETE);
6285		break; /* NOTREACHED */
6286	}
6287
6288	/*
6289	 * We have to make a first pass through to calculate the size of
6290	 * the pages that match the user's query.  Then we allocate enough
6291	 * memory to hold it, and actually copy the data into the buffer.
6292	 */
6293	switch (page_code) {
6294	case SMS_ALL_PAGES_PAGE: {
6295		int i;
6296
6297		page_len = 0;
6298
6299		/*
6300		 * At the moment, values other than 0 and 0xff here are
6301		 * reserved according to SPC-3.
6302		 */
6303		if ((subpage != SMS_SUBPAGE_PAGE_0)
6304		 && (subpage != SMS_SUBPAGE_ALL)) {
6305			ctl_set_invalid_field(ctsio,
6306					      /*sks_valid*/ 1,
6307					      /*command*/ 1,
6308					      /*field*/ 3,
6309					      /*bit_valid*/ 0,
6310					      /*bit*/ 0);
6311			ctl_done((union ctl_io *)ctsio);
6312			return (CTL_RETVAL_COMPLETE);
6313		}
6314
6315		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6316			if (lun->be_lun->lun_type != T_DIRECT &&
6317			    (lun->mode_pages.index[i].page_flags &
6318			     CTL_PAGE_FLAG_DISK_ONLY))
6319				continue;
6320
6321			/*
6322			 * We don't use this subpage if the user didn't
6323			 * request all subpages.
6324			 */
6325			if ((lun->mode_pages.index[i].subpage != 0)
6326			 && (subpage == SMS_SUBPAGE_PAGE_0))
6327				continue;
6328
6329#if 0
6330			printf("found page %#x len %d\n",
6331			       lun->mode_pages.index[i].page_code &
6332			       SMPH_PC_MASK,
6333			       lun->mode_pages.index[i].page_len);
6334#endif
6335			page_len += lun->mode_pages.index[i].page_len;
6336		}
6337		break;
6338	}
6339	default: {
6340		int i;
6341
6342		page_len = 0;
6343
6344		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6345			/* Look for the right page code */
6346			if ((lun->mode_pages.index[i].page_code &
6347			     SMPH_PC_MASK) != page_code)
6348				continue;
6349
6350			/* Look for the right subpage or the subpage wildcard*/
6351			if ((lun->mode_pages.index[i].subpage != subpage)
6352			 && (subpage != SMS_SUBPAGE_ALL))
6353				continue;
6354
6355			/* Make sure the page is supported for this dev type */
6356			if (lun->be_lun->lun_type != T_DIRECT &&
6357			    (lun->mode_pages.index[i].page_flags &
6358			     CTL_PAGE_FLAG_DISK_ONLY))
6359				continue;
6360
6361#if 0
6362			printf("found page %#x len %d\n",
6363			       lun->mode_pages.index[i].page_code &
6364			       SMPH_PC_MASK,
6365			       lun->mode_pages.index[i].page_len);
6366#endif
6367
6368			page_len += lun->mode_pages.index[i].page_len;
6369		}
6370
6371		if (page_len == 0) {
6372			ctl_set_invalid_field(ctsio,
6373					      /*sks_valid*/ 1,
6374					      /*command*/ 1,
6375					      /*field*/ 2,
6376					      /*bit_valid*/ 1,
6377					      /*bit*/ 5);
6378			ctl_done((union ctl_io *)ctsio);
6379			return (CTL_RETVAL_COMPLETE);
6380		}
6381		break;
6382	}
6383	}
6384
6385	total_len = header_len + page_len;
6386#if 0
6387	printf("header_len = %d, page_len = %d, total_len = %d\n",
6388	       header_len, page_len, total_len);
6389#endif
6390
6391	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6392	ctsio->kern_sg_entries = 0;
6393	ctsio->kern_data_resid = 0;
6394	ctsio->kern_rel_offset = 0;
6395	if (total_len < alloc_len) {
6396		ctsio->residual = alloc_len - total_len;
6397		ctsio->kern_data_len = total_len;
6398		ctsio->kern_total_len = total_len;
6399	} else {
6400		ctsio->residual = 0;
6401		ctsio->kern_data_len = alloc_len;
6402		ctsio->kern_total_len = alloc_len;
6403	}
6404
6405	switch (ctsio->cdb[0]) {
6406	case MODE_SENSE_6: {
6407		struct scsi_mode_hdr_6 *header;
6408
6409		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6410
6411		header->datalen = MIN(total_len - 1, 254);
6412		if (lun->be_lun->lun_type == T_DIRECT) {
6413			header->dev_specific = 0x10; /* DPOFUA */
6414			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6415			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6416			    .eca_and_aen & SCP_SWP) != 0)
6417				    header->dev_specific |= 0x80; /* WP */
6418		}
6419		if (dbd)
6420			header->block_descr_len = 0;
6421		else
6422			header->block_descr_len =
6423				sizeof(struct scsi_mode_block_descr);
6424		block_desc = (struct scsi_mode_block_descr *)&header[1];
6425		break;
6426	}
6427	case MODE_SENSE_10: {
6428		struct scsi_mode_hdr_10 *header;
6429		int datalen;
6430
6431		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6432
6433		datalen = MIN(total_len - 2, 65533);
6434		scsi_ulto2b(datalen, header->datalen);
6435		if (lun->be_lun->lun_type == T_DIRECT) {
6436			header->dev_specific = 0x10; /* DPOFUA */
6437			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6438			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6439			    .eca_and_aen & SCP_SWP) != 0)
6440				    header->dev_specific |= 0x80; /* WP */
6441		}
6442		if (dbd)
6443			scsi_ulto2b(0, header->block_descr_len);
6444		else
6445			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6446				    header->block_descr_len);
6447		block_desc = (struct scsi_mode_block_descr *)&header[1];
6448		break;
6449	}
6450	default:
6451		panic("invalid CDB type %#x", ctsio->cdb[0]);
6452		break; /* NOTREACHED */
6453	}
6454
6455	/*
6456	 * If we've got a disk, use its blocksize in the block
6457	 * descriptor.  Otherwise, just set it to 0.
6458	 */
6459	if (dbd == 0) {
6460		if (lun->be_lun->lun_type == T_DIRECT)
6461			scsi_ulto3b(lun->be_lun->blocksize,
6462				    block_desc->block_len);
6463		else
6464			scsi_ulto3b(0, block_desc->block_len);
6465	}
6466
6467	switch (page_code) {
6468	case SMS_ALL_PAGES_PAGE: {
6469		int i, data_used;
6470
6471		data_used = header_len;
6472		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6473			struct ctl_page_index *page_index;
6474
6475			page_index = &lun->mode_pages.index[i];
6476
6477			if (lun->be_lun->lun_type != T_DIRECT &&
6478			    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
6479				continue;
6480
6481			/*
6482			 * We don't use this subpage if the user didn't
6483			 * request all subpages.  We already checked (above)
6484			 * to make sure the user only specified a subpage
6485			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6486			 */
6487			if ((page_index->subpage != 0)
6488			 && (subpage == SMS_SUBPAGE_PAGE_0))
6489				continue;
6490
6491			/*
6492			 * Call the handler, if it exists, to update the
6493			 * page to the latest values.
6494			 */
6495			if (page_index->sense_handler != NULL)
6496				page_index->sense_handler(ctsio, page_index,pc);
6497
6498			memcpy(ctsio->kern_data_ptr + data_used,
6499			       page_index->page_data +
6500			       (page_index->page_len * pc),
6501			       page_index->page_len);
6502			data_used += page_index->page_len;
6503		}
6504		break;
6505	}
6506	default: {
6507		int i, data_used;
6508
6509		data_used = header_len;
6510
6511		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6512			struct ctl_page_index *page_index;
6513
6514			page_index = &lun->mode_pages.index[i];
6515
6516			/* Look for the right page code */
6517			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6518				continue;
6519
6520			/* Look for the right subpage or the subpage wildcard*/
6521			if ((page_index->subpage != subpage)
6522			 && (subpage != SMS_SUBPAGE_ALL))
6523				continue;
6524
6525			/* Make sure the page is supported for this dev type */
6526			if (lun->be_lun->lun_type != T_DIRECT &&
6527			    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
6528				continue;
6529
6530			/*
6531			 * Call the handler, if it exists, to update the
6532			 * page to the latest values.
6533			 */
6534			if (page_index->sense_handler != NULL)
6535				page_index->sense_handler(ctsio, page_index,pc);
6536
6537			memcpy(ctsio->kern_data_ptr + data_used,
6538			       page_index->page_data +
6539			       (page_index->page_len * pc),
6540			       page_index->page_len);
6541			data_used += page_index->page_len;
6542		}
6543		break;
6544	}
6545	}
6546
6547	ctl_set_success(ctsio);
6548	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6549	ctsio->be_move_done = ctl_config_move_done;
6550	ctl_datamove((union ctl_io *)ctsio);
6551	return (CTL_RETVAL_COMPLETE);
6552}
6553
6554int
6555ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6556			       struct ctl_page_index *page_index,
6557			       int pc)
6558{
6559	struct ctl_lun *lun;
6560	struct scsi_log_param_header *phdr;
6561	uint8_t *data;
6562	uint64_t val;
6563
6564	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6565	data = page_index->page_data;
6566
6567	if (lun->backend->lun_attr != NULL &&
6568	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6569	     != UINT64_MAX) {
6570		phdr = (struct scsi_log_param_header *)data;
6571		scsi_ulto2b(0x0001, phdr->param_code);
6572		phdr->param_control = SLP_LBIN | SLP_LP;
6573		phdr->param_len = 8;
6574		data = (uint8_t *)(phdr + 1);
6575		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6576		data[4] = 0x02; /* per-pool */
6577		data += phdr->param_len;
6578	}
6579
6580	if (lun->backend->lun_attr != NULL &&
6581	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6582	     != UINT64_MAX) {
6583		phdr = (struct scsi_log_param_header *)data;
6584		scsi_ulto2b(0x0002, phdr->param_code);
6585		phdr->param_control = SLP_LBIN | SLP_LP;
6586		phdr->param_len = 8;
6587		data = (uint8_t *)(phdr + 1);
6588		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6589		data[4] = 0x01; /* per-LUN */
6590		data += phdr->param_len;
6591	}
6592
6593	if (lun->backend->lun_attr != NULL &&
6594	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6595	     != UINT64_MAX) {
6596		phdr = (struct scsi_log_param_header *)data;
6597		scsi_ulto2b(0x00f1, phdr->param_code);
6598		phdr->param_control = SLP_LBIN | SLP_LP;
6599		phdr->param_len = 8;
6600		data = (uint8_t *)(phdr + 1);
6601		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6602		data[4] = 0x02; /* per-pool */
6603		data += phdr->param_len;
6604	}
6605
6606	if (lun->backend->lun_attr != NULL &&
6607	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6608	     != UINT64_MAX) {
6609		phdr = (struct scsi_log_param_header *)data;
6610		scsi_ulto2b(0x00f2, phdr->param_code);
6611		phdr->param_control = SLP_LBIN | SLP_LP;
6612		phdr->param_len = 8;
6613		data = (uint8_t *)(phdr + 1);
6614		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6615		data[4] = 0x02; /* per-pool */
6616		data += phdr->param_len;
6617	}
6618
6619	page_index->page_len = data - page_index->page_data;
6620	return (0);
6621}
6622
6623int
6624ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6625			       struct ctl_page_index *page_index,
6626			       int pc)
6627{
6628	struct ctl_lun *lun;
6629	struct stat_page *data;
6630	uint64_t rn, wn, rb, wb;
6631	struct bintime rt, wt;
6632	int i;
6633
6634	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6635	data = (struct stat_page *)page_index->page_data;
6636
6637	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6638	data->sap.hdr.param_control = SLP_LBIN;
6639	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6640	    sizeof(struct scsi_log_param_header);
6641	rn = wn = rb = wb = 0;
6642	bintime_clear(&rt);
6643	bintime_clear(&wt);
6644	for (i = 0; i < CTL_MAX_PORTS; i++) {
6645		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6646		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6647		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6648		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6649		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6650		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6651	}
6652	scsi_u64to8b(rn, data->sap.read_num);
6653	scsi_u64to8b(wn, data->sap.write_num);
6654	if (lun->stats.blocksize > 0) {
6655		scsi_u64to8b(wb / lun->stats.blocksize,
6656		    data->sap.recvieved_lba);
6657		scsi_u64to8b(rb / lun->stats.blocksize,
6658		    data->sap.transmitted_lba);
6659	}
6660	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6661	    data->sap.read_int);
6662	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6663	    data->sap.write_int);
6664	scsi_u64to8b(0, data->sap.weighted_num);
6665	scsi_u64to8b(0, data->sap.weighted_int);
6666	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6667	data->it.hdr.param_control = SLP_LBIN;
6668	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6669	    sizeof(struct scsi_log_param_header);
6670#ifdef CTL_TIME_IO
6671	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6672#endif
6673	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6674	data->it.hdr.param_control = SLP_LBIN;
6675	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6676	    sizeof(struct scsi_log_param_header);
6677	scsi_ulto4b(3, data->ti.exponent);
6678	scsi_ulto4b(1, data->ti.integer);
6679
6680	page_index->page_len = sizeof(*data);
6681	return (0);
6682}
6683
6684int
6685ctl_log_sense(struct ctl_scsiio *ctsio)
6686{
6687	struct ctl_lun *lun;
6688	int i, pc, page_code, subpage;
6689	int alloc_len, total_len;
6690	struct ctl_page_index *page_index;
6691	struct scsi_log_sense *cdb;
6692	struct scsi_log_header *header;
6693
6694	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6695
6696	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6697	cdb = (struct scsi_log_sense *)ctsio->cdb;
6698	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6699	page_code = cdb->page & SLS_PAGE_CODE;
6700	subpage = cdb->subpage;
6701	alloc_len = scsi_2btoul(cdb->length);
6702
6703	page_index = NULL;
6704	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6705		page_index = &lun->log_pages.index[i];
6706
6707		/* Look for the right page code */
6708		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6709			continue;
6710
6711		/* Look for the right subpage or the subpage wildcard*/
6712		if (page_index->subpage != subpage)
6713			continue;
6714
6715		break;
6716	}
6717	if (i >= CTL_NUM_LOG_PAGES) {
6718		ctl_set_invalid_field(ctsio,
6719				      /*sks_valid*/ 1,
6720				      /*command*/ 1,
6721				      /*field*/ 2,
6722				      /*bit_valid*/ 0,
6723				      /*bit*/ 0);
6724		ctl_done((union ctl_io *)ctsio);
6725		return (CTL_RETVAL_COMPLETE);
6726	}
6727
6728	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6729
6730	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6731	ctsio->kern_sg_entries = 0;
6732	ctsio->kern_data_resid = 0;
6733	ctsio->kern_rel_offset = 0;
6734	if (total_len < alloc_len) {
6735		ctsio->residual = alloc_len - total_len;
6736		ctsio->kern_data_len = total_len;
6737		ctsio->kern_total_len = total_len;
6738	} else {
6739		ctsio->residual = 0;
6740		ctsio->kern_data_len = alloc_len;
6741		ctsio->kern_total_len = alloc_len;
6742	}
6743
6744	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6745	header->page = page_index->page_code;
6746	if (page_index->subpage) {
6747		header->page |= SL_SPF;
6748		header->subpage = page_index->subpage;
6749	}
6750	scsi_ulto2b(page_index->page_len, header->datalen);
6751
6752	/*
6753	 * Call the handler, if it exists, to update the
6754	 * page to the latest values.
6755	 */
6756	if (page_index->sense_handler != NULL)
6757		page_index->sense_handler(ctsio, page_index, pc);
6758
6759	memcpy(header + 1, page_index->page_data, page_index->page_len);
6760
6761	ctl_set_success(ctsio);
6762	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6763	ctsio->be_move_done = ctl_config_move_done;
6764	ctl_datamove((union ctl_io *)ctsio);
6765	return (CTL_RETVAL_COMPLETE);
6766}
6767
6768int
6769ctl_read_capacity(struct ctl_scsiio *ctsio)
6770{
6771	struct scsi_read_capacity *cdb;
6772	struct scsi_read_capacity_data *data;
6773	struct ctl_lun *lun;
6774	uint32_t lba;
6775
6776	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6777
6778	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6779
6780	lba = scsi_4btoul(cdb->addr);
6781	if (((cdb->pmi & SRC_PMI) == 0)
6782	 && (lba != 0)) {
6783		ctl_set_invalid_field(/*ctsio*/ ctsio,
6784				      /*sks_valid*/ 1,
6785				      /*command*/ 1,
6786				      /*field*/ 2,
6787				      /*bit_valid*/ 0,
6788				      /*bit*/ 0);
6789		ctl_done((union ctl_io *)ctsio);
6790		return (CTL_RETVAL_COMPLETE);
6791	}
6792
6793	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6794
6795	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6796	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6797	ctsio->residual = 0;
6798	ctsio->kern_data_len = sizeof(*data);
6799	ctsio->kern_total_len = sizeof(*data);
6800	ctsio->kern_data_resid = 0;
6801	ctsio->kern_rel_offset = 0;
6802	ctsio->kern_sg_entries = 0;
6803
6804	/*
6805	 * If the maximum LBA is greater than 0xfffffffe, the user must
6806	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6807	 * serivce action set.
6808	 */
6809	if (lun->be_lun->maxlba > 0xfffffffe)
6810		scsi_ulto4b(0xffffffff, data->addr);
6811	else
6812		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6813
6814	/*
6815	 * XXX KDM this may not be 512 bytes...
6816	 */
6817	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6818
6819	ctl_set_success(ctsio);
6820	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6821	ctsio->be_move_done = ctl_config_move_done;
6822	ctl_datamove((union ctl_io *)ctsio);
6823	return (CTL_RETVAL_COMPLETE);
6824}
6825
6826int
6827ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6828{
6829	struct scsi_read_capacity_16 *cdb;
6830	struct scsi_read_capacity_data_long *data;
6831	struct ctl_lun *lun;
6832	uint64_t lba;
6833	uint32_t alloc_len;
6834
6835	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6836
6837	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6838
6839	alloc_len = scsi_4btoul(cdb->alloc_len);
6840	lba = scsi_8btou64(cdb->addr);
6841
6842	if ((cdb->reladr & SRC16_PMI)
6843	 && (lba != 0)) {
6844		ctl_set_invalid_field(/*ctsio*/ ctsio,
6845				      /*sks_valid*/ 1,
6846				      /*command*/ 1,
6847				      /*field*/ 2,
6848				      /*bit_valid*/ 0,
6849				      /*bit*/ 0);
6850		ctl_done((union ctl_io *)ctsio);
6851		return (CTL_RETVAL_COMPLETE);
6852	}
6853
6854	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6855
6856	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6857	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6858
6859	if (sizeof(*data) < alloc_len) {
6860		ctsio->residual = alloc_len - sizeof(*data);
6861		ctsio->kern_data_len = sizeof(*data);
6862		ctsio->kern_total_len = sizeof(*data);
6863	} else {
6864		ctsio->residual = 0;
6865		ctsio->kern_data_len = alloc_len;
6866		ctsio->kern_total_len = alloc_len;
6867	}
6868	ctsio->kern_data_resid = 0;
6869	ctsio->kern_rel_offset = 0;
6870	ctsio->kern_sg_entries = 0;
6871
6872	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6873	/* XXX KDM this may not be 512 bytes... */
6874	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6875	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6876	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6877	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6878		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6879
6880	ctl_set_success(ctsio);
6881	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6882	ctsio->be_move_done = ctl_config_move_done;
6883	ctl_datamove((union ctl_io *)ctsio);
6884	return (CTL_RETVAL_COMPLETE);
6885}
6886
6887int
6888ctl_get_lba_status(struct ctl_scsiio *ctsio)
6889{
6890	struct scsi_get_lba_status *cdb;
6891	struct scsi_get_lba_status_data *data;
6892	struct ctl_lun *lun;
6893	struct ctl_lba_len_flags *lbalen;
6894	uint64_t lba;
6895	uint32_t alloc_len, total_len;
6896	int retval;
6897
6898	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6899
6900	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6901	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6902	lba = scsi_8btou64(cdb->addr);
6903	alloc_len = scsi_4btoul(cdb->alloc_len);
6904
6905	if (lba > lun->be_lun->maxlba) {
6906		ctl_set_lba_out_of_range(ctsio);
6907		ctl_done((union ctl_io *)ctsio);
6908		return (CTL_RETVAL_COMPLETE);
6909	}
6910
6911	total_len = sizeof(*data) + sizeof(data->descr[0]);
6912	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6913	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6914
6915	if (total_len < alloc_len) {
6916		ctsio->residual = alloc_len - total_len;
6917		ctsio->kern_data_len = total_len;
6918		ctsio->kern_total_len = total_len;
6919	} else {
6920		ctsio->residual = 0;
6921		ctsio->kern_data_len = alloc_len;
6922		ctsio->kern_total_len = alloc_len;
6923	}
6924	ctsio->kern_data_resid = 0;
6925	ctsio->kern_rel_offset = 0;
6926	ctsio->kern_sg_entries = 0;
6927
6928	/* Fill dummy data in case backend can't tell anything. */
6929	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6930	scsi_u64to8b(lba, data->descr[0].addr);
6931	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6932	    data->descr[0].length);
6933	data->descr[0].status = 0; /* Mapped or unknown. */
6934
6935	ctl_set_success(ctsio);
6936	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6937	ctsio->be_move_done = ctl_config_move_done;
6938
6939	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6940	lbalen->lba = lba;
6941	lbalen->len = total_len;
6942	lbalen->flags = 0;
6943	retval = lun->backend->config_read((union ctl_io *)ctsio);
6944	return (CTL_RETVAL_COMPLETE);
6945}
6946
6947int
6948ctl_read_defect(struct ctl_scsiio *ctsio)
6949{
6950	struct scsi_read_defect_data_10 *ccb10;
6951	struct scsi_read_defect_data_12 *ccb12;
6952	struct scsi_read_defect_data_hdr_10 *data10;
6953	struct scsi_read_defect_data_hdr_12 *data12;
6954	uint32_t alloc_len, data_len;
6955	uint8_t format;
6956
6957	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6958
6959	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6960		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6961		format = ccb10->format;
6962		alloc_len = scsi_2btoul(ccb10->alloc_length);
6963		data_len = sizeof(*data10);
6964	} else {
6965		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6966		format = ccb12->format;
6967		alloc_len = scsi_4btoul(ccb12->alloc_length);
6968		data_len = sizeof(*data12);
6969	}
6970	if (alloc_len == 0) {
6971		ctl_set_success(ctsio);
6972		ctl_done((union ctl_io *)ctsio);
6973		return (CTL_RETVAL_COMPLETE);
6974	}
6975
6976	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6977	if (data_len < alloc_len) {
6978		ctsio->residual = alloc_len - data_len;
6979		ctsio->kern_data_len = data_len;
6980		ctsio->kern_total_len = data_len;
6981	} else {
6982		ctsio->residual = 0;
6983		ctsio->kern_data_len = alloc_len;
6984		ctsio->kern_total_len = alloc_len;
6985	}
6986	ctsio->kern_data_resid = 0;
6987	ctsio->kern_rel_offset = 0;
6988	ctsio->kern_sg_entries = 0;
6989
6990	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6991		data10 = (struct scsi_read_defect_data_hdr_10 *)
6992		    ctsio->kern_data_ptr;
6993		data10->format = format;
6994		scsi_ulto2b(0, data10->length);
6995	} else {
6996		data12 = (struct scsi_read_defect_data_hdr_12 *)
6997		    ctsio->kern_data_ptr;
6998		data12->format = format;
6999		scsi_ulto2b(0, data12->generation);
7000		scsi_ulto4b(0, data12->length);
7001	}
7002
7003	ctl_set_success(ctsio);
7004	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7005	ctsio->be_move_done = ctl_config_move_done;
7006	ctl_datamove((union ctl_io *)ctsio);
7007	return (CTL_RETVAL_COMPLETE);
7008}
7009
7010int
7011ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7012{
7013	struct scsi_maintenance_in *cdb;
7014	int retval;
7015	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7016	int num_target_port_groups, num_target_ports;
7017	struct ctl_lun *lun;
7018	struct ctl_softc *softc;
7019	struct ctl_port *port;
7020	struct scsi_target_group_data *rtg_ptr;
7021	struct scsi_target_group_data_extended *rtg_ext_ptr;
7022	struct scsi_target_port_group_descriptor *tpg_desc;
7023
7024	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7025
7026	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7027	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7028	softc = lun->ctl_softc;
7029
7030	retval = CTL_RETVAL_COMPLETE;
7031
7032	switch (cdb->byte2 & STG_PDF_MASK) {
7033	case STG_PDF_LENGTH:
7034		ext = 0;
7035		break;
7036	case STG_PDF_EXTENDED:
7037		ext = 1;
7038		break;
7039	default:
7040		ctl_set_invalid_field(/*ctsio*/ ctsio,
7041				      /*sks_valid*/ 1,
7042				      /*command*/ 1,
7043				      /*field*/ 2,
7044				      /*bit_valid*/ 1,
7045				      /*bit*/ 5);
7046		ctl_done((union ctl_io *)ctsio);
7047		return(retval);
7048	}
7049
7050	if (softc->is_single)
7051		num_target_port_groups = 1;
7052	else
7053		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7054	num_target_ports = 0;
7055	mtx_lock(&softc->ctl_lock);
7056	STAILQ_FOREACH(port, &softc->port_list, links) {
7057		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7058			continue;
7059		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7060			continue;
7061		num_target_ports++;
7062	}
7063	mtx_unlock(&softc->ctl_lock);
7064
7065	if (ext)
7066		total_len = sizeof(struct scsi_target_group_data_extended);
7067	else
7068		total_len = sizeof(struct scsi_target_group_data);
7069	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7070		num_target_port_groups +
7071	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7072
7073	alloc_len = scsi_4btoul(cdb->length);
7074
7075	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7076
7077	ctsio->kern_sg_entries = 0;
7078
7079	if (total_len < alloc_len) {
7080		ctsio->residual = alloc_len - total_len;
7081		ctsio->kern_data_len = total_len;
7082		ctsio->kern_total_len = total_len;
7083	} else {
7084		ctsio->residual = 0;
7085		ctsio->kern_data_len = alloc_len;
7086		ctsio->kern_total_len = alloc_len;
7087	}
7088	ctsio->kern_data_resid = 0;
7089	ctsio->kern_rel_offset = 0;
7090
7091	if (ext) {
7092		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7093		    ctsio->kern_data_ptr;
7094		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7095		rtg_ext_ptr->format_type = 0x10;
7096		rtg_ext_ptr->implicit_transition_time = 0;
7097		tpg_desc = &rtg_ext_ptr->groups[0];
7098	} else {
7099		rtg_ptr = (struct scsi_target_group_data *)
7100		    ctsio->kern_data_ptr;
7101		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7102		tpg_desc = &rtg_ptr->groups[0];
7103	}
7104
7105	mtx_lock(&softc->ctl_lock);
7106	pg = softc->port_min / softc->port_cnt;
7107	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7108		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7109	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7110		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7111	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7112		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7113	else
7114		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7115	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7116		os = gs;
7117		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7118	} else
7119		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7120	for (g = 0; g < num_target_port_groups; g++) {
7121		tpg_desc->pref_state = (g == pg) ? gs : os;
7122		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7123		    TPG_U_SUP | TPG_T_SUP;
7124		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7125		tpg_desc->status = TPG_IMPLICIT;
7126		pc = 0;
7127		STAILQ_FOREACH(port, &softc->port_list, links) {
7128			if (port->targ_port < g * softc->port_cnt ||
7129			    port->targ_port >= (g + 1) * softc->port_cnt)
7130				continue;
7131			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7132				continue;
7133			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7134				continue;
7135			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7136			    relative_target_port_identifier);
7137			pc++;
7138		}
7139		tpg_desc->target_port_count = pc;
7140		tpg_desc = (struct scsi_target_port_group_descriptor *)
7141		    &tpg_desc->descriptors[pc];
7142	}
7143	mtx_unlock(&softc->ctl_lock);
7144
7145	ctl_set_success(ctsio);
7146	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7147	ctsio->be_move_done = ctl_config_move_done;
7148	ctl_datamove((union ctl_io *)ctsio);
7149	return(retval);
7150}
7151
7152int
7153ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7154{
7155	struct ctl_lun *lun;
7156	struct scsi_report_supported_opcodes *cdb;
7157	const struct ctl_cmd_entry *entry, *sentry;
7158	struct scsi_report_supported_opcodes_all *all;
7159	struct scsi_report_supported_opcodes_descr *descr;
7160	struct scsi_report_supported_opcodes_one *one;
7161	int retval;
7162	int alloc_len, total_len;
7163	int opcode, service_action, i, j, num;
7164
7165	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7166
7167	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7168	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7169
7170	retval = CTL_RETVAL_COMPLETE;
7171
7172	opcode = cdb->requested_opcode;
7173	service_action = scsi_2btoul(cdb->requested_service_action);
7174	switch (cdb->options & RSO_OPTIONS_MASK) {
7175	case RSO_OPTIONS_ALL:
7176		num = 0;
7177		for (i = 0; i < 256; i++) {
7178			entry = &ctl_cmd_table[i];
7179			if (entry->flags & CTL_CMD_FLAG_SA5) {
7180				for (j = 0; j < 32; j++) {
7181					sentry = &((const struct ctl_cmd_entry *)
7182					    entry->execute)[j];
7183					if (ctl_cmd_applicable(
7184					    lun->be_lun->lun_type, sentry))
7185						num++;
7186				}
7187			} else {
7188				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7189				    entry))
7190					num++;
7191			}
7192		}
7193		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7194		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7195		break;
7196	case RSO_OPTIONS_OC:
7197		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7198			ctl_set_invalid_field(/*ctsio*/ ctsio,
7199					      /*sks_valid*/ 1,
7200					      /*command*/ 1,
7201					      /*field*/ 2,
7202					      /*bit_valid*/ 1,
7203					      /*bit*/ 2);
7204			ctl_done((union ctl_io *)ctsio);
7205			return (CTL_RETVAL_COMPLETE);
7206		}
7207		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7208		break;
7209	case RSO_OPTIONS_OC_SA:
7210		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7211		    service_action >= 32) {
7212			ctl_set_invalid_field(/*ctsio*/ ctsio,
7213					      /*sks_valid*/ 1,
7214					      /*command*/ 1,
7215					      /*field*/ 2,
7216					      /*bit_valid*/ 1,
7217					      /*bit*/ 2);
7218			ctl_done((union ctl_io *)ctsio);
7219			return (CTL_RETVAL_COMPLETE);
7220		}
7221		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7222		break;
7223	default:
7224		ctl_set_invalid_field(/*ctsio*/ ctsio,
7225				      /*sks_valid*/ 1,
7226				      /*command*/ 1,
7227				      /*field*/ 2,
7228				      /*bit_valid*/ 1,
7229				      /*bit*/ 2);
7230		ctl_done((union ctl_io *)ctsio);
7231		return (CTL_RETVAL_COMPLETE);
7232	}
7233
7234	alloc_len = scsi_4btoul(cdb->length);
7235
7236	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7237
7238	ctsio->kern_sg_entries = 0;
7239
7240	if (total_len < alloc_len) {
7241		ctsio->residual = alloc_len - total_len;
7242		ctsio->kern_data_len = total_len;
7243		ctsio->kern_total_len = total_len;
7244	} else {
7245		ctsio->residual = 0;
7246		ctsio->kern_data_len = alloc_len;
7247		ctsio->kern_total_len = alloc_len;
7248	}
7249	ctsio->kern_data_resid = 0;
7250	ctsio->kern_rel_offset = 0;
7251
7252	switch (cdb->options & RSO_OPTIONS_MASK) {
7253	case RSO_OPTIONS_ALL:
7254		all = (struct scsi_report_supported_opcodes_all *)
7255		    ctsio->kern_data_ptr;
7256		num = 0;
7257		for (i = 0; i < 256; i++) {
7258			entry = &ctl_cmd_table[i];
7259			if (entry->flags & CTL_CMD_FLAG_SA5) {
7260				for (j = 0; j < 32; j++) {
7261					sentry = &((const struct ctl_cmd_entry *)
7262					    entry->execute)[j];
7263					if (!ctl_cmd_applicable(
7264					    lun->be_lun->lun_type, sentry))
7265						continue;
7266					descr = &all->descr[num++];
7267					descr->opcode = i;
7268					scsi_ulto2b(j, descr->service_action);
7269					descr->flags = RSO_SERVACTV;
7270					scsi_ulto2b(sentry->length,
7271					    descr->cdb_length);
7272				}
7273			} else {
7274				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7275				    entry))
7276					continue;
7277				descr = &all->descr[num++];
7278				descr->opcode = i;
7279				scsi_ulto2b(0, descr->service_action);
7280				descr->flags = 0;
7281				scsi_ulto2b(entry->length, descr->cdb_length);
7282			}
7283		}
7284		scsi_ulto4b(
7285		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7286		    all->length);
7287		break;
7288	case RSO_OPTIONS_OC:
7289		one = (struct scsi_report_supported_opcodes_one *)
7290		    ctsio->kern_data_ptr;
7291		entry = &ctl_cmd_table[opcode];
7292		goto fill_one;
7293	case RSO_OPTIONS_OC_SA:
7294		one = (struct scsi_report_supported_opcodes_one *)
7295		    ctsio->kern_data_ptr;
7296		entry = &ctl_cmd_table[opcode];
7297		entry = &((const struct ctl_cmd_entry *)
7298		    entry->execute)[service_action];
7299fill_one:
7300		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7301			one->support = 3;
7302			scsi_ulto2b(entry->length, one->cdb_length);
7303			one->cdb_usage[0] = opcode;
7304			memcpy(&one->cdb_usage[1], entry->usage,
7305			    entry->length - 1);
7306		} else
7307			one->support = 1;
7308		break;
7309	}
7310
7311	ctl_set_success(ctsio);
7312	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7313	ctsio->be_move_done = ctl_config_move_done;
7314	ctl_datamove((union ctl_io *)ctsio);
7315	return(retval);
7316}
7317
7318int
7319ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7320{
7321	struct scsi_report_supported_tmf *cdb;
7322	struct scsi_report_supported_tmf_data *data;
7323	int retval;
7324	int alloc_len, total_len;
7325
7326	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7327
7328	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7329
7330	retval = CTL_RETVAL_COMPLETE;
7331
7332	total_len = sizeof(struct scsi_report_supported_tmf_data);
7333	alloc_len = scsi_4btoul(cdb->length);
7334
7335	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7336
7337	ctsio->kern_sg_entries = 0;
7338
7339	if (total_len < alloc_len) {
7340		ctsio->residual = alloc_len - total_len;
7341		ctsio->kern_data_len = total_len;
7342		ctsio->kern_total_len = total_len;
7343	} else {
7344		ctsio->residual = 0;
7345		ctsio->kern_data_len = alloc_len;
7346		ctsio->kern_total_len = alloc_len;
7347	}
7348	ctsio->kern_data_resid = 0;
7349	ctsio->kern_rel_offset = 0;
7350
7351	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7352	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7353	    RST_TRS;
7354	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7355
7356	ctl_set_success(ctsio);
7357	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7358	ctsio->be_move_done = ctl_config_move_done;
7359	ctl_datamove((union ctl_io *)ctsio);
7360	return (retval);
7361}
7362
7363int
7364ctl_report_timestamp(struct ctl_scsiio *ctsio)
7365{
7366	struct scsi_report_timestamp *cdb;
7367	struct scsi_report_timestamp_data *data;
7368	struct timeval tv;
7369	int64_t timestamp;
7370	int retval;
7371	int alloc_len, total_len;
7372
7373	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7374
7375	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7376
7377	retval = CTL_RETVAL_COMPLETE;
7378
7379	total_len = sizeof(struct scsi_report_timestamp_data);
7380	alloc_len = scsi_4btoul(cdb->length);
7381
7382	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7383
7384	ctsio->kern_sg_entries = 0;
7385
7386	if (total_len < alloc_len) {
7387		ctsio->residual = alloc_len - total_len;
7388		ctsio->kern_data_len = total_len;
7389		ctsio->kern_total_len = total_len;
7390	} else {
7391		ctsio->residual = 0;
7392		ctsio->kern_data_len = alloc_len;
7393		ctsio->kern_total_len = alloc_len;
7394	}
7395	ctsio->kern_data_resid = 0;
7396	ctsio->kern_rel_offset = 0;
7397
7398	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7399	scsi_ulto2b(sizeof(*data) - 2, data->length);
7400	data->origin = RTS_ORIG_OUTSIDE;
7401	getmicrotime(&tv);
7402	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7403	scsi_ulto4b(timestamp >> 16, data->timestamp);
7404	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7405
7406	ctl_set_success(ctsio);
7407	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7408	ctsio->be_move_done = ctl_config_move_done;
7409	ctl_datamove((union ctl_io *)ctsio);
7410	return (retval);
7411}
7412
7413int
7414ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7415{
7416	struct scsi_per_res_in *cdb;
7417	int alloc_len, total_len = 0;
7418	/* struct scsi_per_res_in_rsrv in_data; */
7419	struct ctl_lun *lun;
7420	struct ctl_softc *softc;
7421	uint64_t key;
7422
7423	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7424
7425	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7426
7427	alloc_len = scsi_2btoul(cdb->length);
7428
7429	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7430	softc = lun->ctl_softc;
7431
7432retry:
7433	mtx_lock(&lun->lun_lock);
7434	switch (cdb->action) {
7435	case SPRI_RK: /* read keys */
7436		total_len = sizeof(struct scsi_per_res_in_keys) +
7437			lun->pr_key_count *
7438			sizeof(struct scsi_per_res_key);
7439		break;
7440	case SPRI_RR: /* read reservation */
7441		if (lun->flags & CTL_LUN_PR_RESERVED)
7442			total_len = sizeof(struct scsi_per_res_in_rsrv);
7443		else
7444			total_len = sizeof(struct scsi_per_res_in_header);
7445		break;
7446	case SPRI_RC: /* report capabilities */
7447		total_len = sizeof(struct scsi_per_res_cap);
7448		break;
7449	case SPRI_RS: /* read full status */
7450		total_len = sizeof(struct scsi_per_res_in_header) +
7451		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7452		    lun->pr_key_count;
7453		break;
7454	default:
7455		panic("Invalid PR type %x", cdb->action);
7456	}
7457	mtx_unlock(&lun->lun_lock);
7458
7459	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7460
7461	if (total_len < alloc_len) {
7462		ctsio->residual = alloc_len - total_len;
7463		ctsio->kern_data_len = total_len;
7464		ctsio->kern_total_len = total_len;
7465	} else {
7466		ctsio->residual = 0;
7467		ctsio->kern_data_len = alloc_len;
7468		ctsio->kern_total_len = alloc_len;
7469	}
7470
7471	ctsio->kern_data_resid = 0;
7472	ctsio->kern_rel_offset = 0;
7473	ctsio->kern_sg_entries = 0;
7474
7475	mtx_lock(&lun->lun_lock);
7476	switch (cdb->action) {
7477	case SPRI_RK: { // read keys
7478        struct scsi_per_res_in_keys *res_keys;
7479		int i, key_count;
7480
7481		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7482
7483		/*
7484		 * We had to drop the lock to allocate our buffer, which
7485		 * leaves time for someone to come in with another
7486		 * persistent reservation.  (That is unlikely, though,
7487		 * since this should be the only persistent reservation
7488		 * command active right now.)
7489		 */
7490		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7491		    (lun->pr_key_count *
7492		     sizeof(struct scsi_per_res_key)))){
7493			mtx_unlock(&lun->lun_lock);
7494			free(ctsio->kern_data_ptr, M_CTL);
7495			printf("%s: reservation length changed, retrying\n",
7496			       __func__);
7497			goto retry;
7498		}
7499
7500		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7501
7502		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7503			     lun->pr_key_count, res_keys->header.length);
7504
7505		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7506			if ((key = ctl_get_prkey(lun, i)) == 0)
7507				continue;
7508
7509			/*
7510			 * We used lun->pr_key_count to calculate the
7511			 * size to allocate.  If it turns out the number of
7512			 * initiators with the registered flag set is
7513			 * larger than that (i.e. they haven't been kept in
7514			 * sync), we've got a problem.
7515			 */
7516			if (key_count >= lun->pr_key_count) {
7517				key_count++;
7518				continue;
7519			}
7520			scsi_u64to8b(key, res_keys->keys[key_count].key);
7521			key_count++;
7522		}
7523		break;
7524	}
7525	case SPRI_RR: { // read reservation
7526		struct scsi_per_res_in_rsrv *res;
7527		int tmp_len, header_only;
7528
7529		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7530
7531		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7532
7533		if (lun->flags & CTL_LUN_PR_RESERVED)
7534		{
7535			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7536			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7537				    res->header.length);
7538			header_only = 0;
7539		} else {
7540			tmp_len = sizeof(struct scsi_per_res_in_header);
7541			scsi_ulto4b(0, res->header.length);
7542			header_only = 1;
7543		}
7544
7545		/*
7546		 * We had to drop the lock to allocate our buffer, which
7547		 * leaves time for someone to come in with another
7548		 * persistent reservation.  (That is unlikely, though,
7549		 * since this should be the only persistent reservation
7550		 * command active right now.)
7551		 */
7552		if (tmp_len != total_len) {
7553			mtx_unlock(&lun->lun_lock);
7554			free(ctsio->kern_data_ptr, M_CTL);
7555			printf("%s: reservation status changed, retrying\n",
7556			       __func__);
7557			goto retry;
7558		}
7559
7560		/*
7561		 * No reservation held, so we're done.
7562		 */
7563		if (header_only != 0)
7564			break;
7565
7566		/*
7567		 * If the registration is an All Registrants type, the key
7568		 * is 0, since it doesn't really matter.
7569		 */
7570		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7571			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7572			    res->data.reservation);
7573		}
7574		res->data.scopetype = lun->res_type;
7575		break;
7576	}
7577	case SPRI_RC:     //report capabilities
7578	{
7579		struct scsi_per_res_cap *res_cap;
7580		uint16_t type_mask;
7581
7582		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7583		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7584		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7585		type_mask = SPRI_TM_WR_EX_AR |
7586			    SPRI_TM_EX_AC_RO |
7587			    SPRI_TM_WR_EX_RO |
7588			    SPRI_TM_EX_AC |
7589			    SPRI_TM_WR_EX |
7590			    SPRI_TM_EX_AC_AR;
7591		scsi_ulto2b(type_mask, res_cap->type_mask);
7592		break;
7593	}
7594	case SPRI_RS: { // read full status
7595		struct scsi_per_res_in_full *res_status;
7596		struct scsi_per_res_in_full_desc *res_desc;
7597		struct ctl_port *port;
7598		int i, len;
7599
7600		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7601
7602		/*
7603		 * We had to drop the lock to allocate our buffer, which
7604		 * leaves time for someone to come in with another
7605		 * persistent reservation.  (That is unlikely, though,
7606		 * since this should be the only persistent reservation
7607		 * command active right now.)
7608		 */
7609		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7610		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7611		     lun->pr_key_count)){
7612			mtx_unlock(&lun->lun_lock);
7613			free(ctsio->kern_data_ptr, M_CTL);
7614			printf("%s: reservation length changed, retrying\n",
7615			       __func__);
7616			goto retry;
7617		}
7618
7619		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7620
7621		res_desc = &res_status->desc[0];
7622		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7623			if ((key = ctl_get_prkey(lun, i)) == 0)
7624				continue;
7625
7626			scsi_u64to8b(key, res_desc->res_key.key);
7627			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7628			    (lun->pr_res_idx == i ||
7629			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7630				res_desc->flags = SPRI_FULL_R_HOLDER;
7631				res_desc->scopetype = lun->res_type;
7632			}
7633			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7634			    res_desc->rel_trgt_port_id);
7635			len = 0;
7636			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7637			if (port != NULL)
7638				len = ctl_create_iid(port,
7639				    i % CTL_MAX_INIT_PER_PORT,
7640				    res_desc->transport_id);
7641			scsi_ulto4b(len, res_desc->additional_length);
7642			res_desc = (struct scsi_per_res_in_full_desc *)
7643			    &res_desc->transport_id[len];
7644		}
7645		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7646		    res_status->header.length);
7647		break;
7648	}
7649	default:
7650		/*
7651		 * This is a bug, because we just checked for this above,
7652		 * and should have returned an error.
7653		 */
7654		panic("Invalid PR type %x", cdb->action);
7655		break; /* NOTREACHED */
7656	}
7657	mtx_unlock(&lun->lun_lock);
7658
7659	ctl_set_success(ctsio);
7660	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7661	ctsio->be_move_done = ctl_config_move_done;
7662	ctl_datamove((union ctl_io *)ctsio);
7663	return (CTL_RETVAL_COMPLETE);
7664}
7665
7666/*
7667 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7668 * it should return.
7669 */
7670static int
7671ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7672		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7673		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7674		struct scsi_per_res_out_parms* param)
7675{
7676	union ctl_ha_msg persis_io;
7677	int i;
7678
7679	mtx_lock(&lun->lun_lock);
7680	if (sa_res_key == 0) {
7681		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7682			/* validate scope and type */
7683			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7684			     SPR_LU_SCOPE) {
7685				mtx_unlock(&lun->lun_lock);
7686				ctl_set_invalid_field(/*ctsio*/ ctsio,
7687						      /*sks_valid*/ 1,
7688						      /*command*/ 1,
7689						      /*field*/ 2,
7690						      /*bit_valid*/ 1,
7691						      /*bit*/ 4);
7692				ctl_done((union ctl_io *)ctsio);
7693				return (1);
7694			}
7695
7696		        if (type>8 || type==2 || type==4 || type==0) {
7697				mtx_unlock(&lun->lun_lock);
7698				ctl_set_invalid_field(/*ctsio*/ ctsio,
7699       	           				      /*sks_valid*/ 1,
7700						      /*command*/ 1,
7701						      /*field*/ 2,
7702						      /*bit_valid*/ 1,
7703						      /*bit*/ 0);
7704				ctl_done((union ctl_io *)ctsio);
7705				return (1);
7706		        }
7707
7708			/*
7709			 * Unregister everybody else and build UA for
7710			 * them
7711			 */
7712			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7713				if (i == residx || ctl_get_prkey(lun, i) == 0)
7714					continue;
7715
7716				ctl_clr_prkey(lun, i);
7717				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7718			}
7719			lun->pr_key_count = 1;
7720			lun->res_type = type;
7721			if (lun->res_type != SPR_TYPE_WR_EX_AR
7722			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7723				lun->pr_res_idx = residx;
7724			lun->PRGeneration++;
7725			mtx_unlock(&lun->lun_lock);
7726
7727			/* send msg to other side */
7728			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7729			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7730			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7731			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7732			persis_io.pr.pr_info.res_type = type;
7733			memcpy(persis_io.pr.pr_info.sa_res_key,
7734			       param->serv_act_res_key,
7735			       sizeof(param->serv_act_res_key));
7736			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7737			    sizeof(persis_io.pr), M_WAITOK);
7738		} else {
7739			/* not all registrants */
7740			mtx_unlock(&lun->lun_lock);
7741			free(ctsio->kern_data_ptr, M_CTL);
7742			ctl_set_invalid_field(ctsio,
7743					      /*sks_valid*/ 1,
7744					      /*command*/ 0,
7745					      /*field*/ 8,
7746					      /*bit_valid*/ 0,
7747					      /*bit*/ 0);
7748			ctl_done((union ctl_io *)ctsio);
7749			return (1);
7750		}
7751	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7752		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7753		int found = 0;
7754
7755		if (res_key == sa_res_key) {
7756			/* special case */
7757			/*
7758			 * The spec implies this is not good but doesn't
7759			 * say what to do. There are two choices either
7760			 * generate a res conflict or check condition
7761			 * with illegal field in parameter data. Since
7762			 * that is what is done when the sa_res_key is
7763			 * zero I'll take that approach since this has
7764			 * to do with the sa_res_key.
7765			 */
7766			mtx_unlock(&lun->lun_lock);
7767			free(ctsio->kern_data_ptr, M_CTL);
7768			ctl_set_invalid_field(ctsio,
7769					      /*sks_valid*/ 1,
7770					      /*command*/ 0,
7771					      /*field*/ 8,
7772					      /*bit_valid*/ 0,
7773					      /*bit*/ 0);
7774			ctl_done((union ctl_io *)ctsio);
7775			return (1);
7776		}
7777
7778		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7779			if (ctl_get_prkey(lun, i) != sa_res_key)
7780				continue;
7781
7782			found = 1;
7783			ctl_clr_prkey(lun, i);
7784			lun->pr_key_count--;
7785			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7786		}
7787		if (!found) {
7788			mtx_unlock(&lun->lun_lock);
7789			free(ctsio->kern_data_ptr, M_CTL);
7790			ctl_set_reservation_conflict(ctsio);
7791			ctl_done((union ctl_io *)ctsio);
7792			return (CTL_RETVAL_COMPLETE);
7793		}
7794		lun->PRGeneration++;
7795		mtx_unlock(&lun->lun_lock);
7796
7797		/* send msg to other side */
7798		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7799		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7800		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7801		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7802		persis_io.pr.pr_info.res_type = type;
7803		memcpy(persis_io.pr.pr_info.sa_res_key,
7804		       param->serv_act_res_key,
7805		       sizeof(param->serv_act_res_key));
7806		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7807		    sizeof(persis_io.pr), M_WAITOK);
7808	} else {
7809		/* Reserved but not all registrants */
7810		/* sa_res_key is res holder */
7811		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7812			/* validate scope and type */
7813			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7814			     SPR_LU_SCOPE) {
7815				mtx_unlock(&lun->lun_lock);
7816				ctl_set_invalid_field(/*ctsio*/ ctsio,
7817						      /*sks_valid*/ 1,
7818						      /*command*/ 1,
7819						      /*field*/ 2,
7820						      /*bit_valid*/ 1,
7821						      /*bit*/ 4);
7822				ctl_done((union ctl_io *)ctsio);
7823				return (1);
7824			}
7825
7826			if (type>8 || type==2 || type==4 || type==0) {
7827				mtx_unlock(&lun->lun_lock);
7828				ctl_set_invalid_field(/*ctsio*/ ctsio,
7829						      /*sks_valid*/ 1,
7830						      /*command*/ 1,
7831						      /*field*/ 2,
7832						      /*bit_valid*/ 1,
7833						      /*bit*/ 0);
7834				ctl_done((union ctl_io *)ctsio);
7835				return (1);
7836			}
7837
7838			/*
7839			 * Do the following:
7840			 * if sa_res_key != res_key remove all
7841			 * registrants w/sa_res_key and generate UA
7842			 * for these registrants(Registrations
7843			 * Preempted) if it wasn't an exclusive
7844			 * reservation generate UA(Reservations
7845			 * Preempted) for all other registered nexuses
7846			 * if the type has changed. Establish the new
7847			 * reservation and holder. If res_key and
7848			 * sa_res_key are the same do the above
7849			 * except don't unregister the res holder.
7850			 */
7851
7852			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7853				if (i == residx || ctl_get_prkey(lun, i) == 0)
7854					continue;
7855
7856				if (sa_res_key == ctl_get_prkey(lun, i)) {
7857					ctl_clr_prkey(lun, i);
7858					lun->pr_key_count--;
7859					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7860				} else if (type != lun->res_type
7861					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7862					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7863					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7864				}
7865			}
7866			lun->res_type = type;
7867			if (lun->res_type != SPR_TYPE_WR_EX_AR
7868			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7869				lun->pr_res_idx = residx;
7870			else
7871				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7872			lun->PRGeneration++;
7873			mtx_unlock(&lun->lun_lock);
7874
7875			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7876			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7877			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7878			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7879			persis_io.pr.pr_info.res_type = type;
7880			memcpy(persis_io.pr.pr_info.sa_res_key,
7881			       param->serv_act_res_key,
7882			       sizeof(param->serv_act_res_key));
7883			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7884			    sizeof(persis_io.pr), M_WAITOK);
7885		} else {
7886			/*
7887			 * sa_res_key is not the res holder just
7888			 * remove registrants
7889			 */
7890			int found=0;
7891
7892			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7893				if (sa_res_key != ctl_get_prkey(lun, i))
7894					continue;
7895
7896				found = 1;
7897				ctl_clr_prkey(lun, i);
7898				lun->pr_key_count--;
7899				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7900			}
7901
7902			if (!found) {
7903				mtx_unlock(&lun->lun_lock);
7904				free(ctsio->kern_data_ptr, M_CTL);
7905				ctl_set_reservation_conflict(ctsio);
7906				ctl_done((union ctl_io *)ctsio);
7907		        	return (1);
7908			}
7909			lun->PRGeneration++;
7910			mtx_unlock(&lun->lun_lock);
7911
7912			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7913			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7914			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7915			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7916			persis_io.pr.pr_info.res_type = type;
7917			memcpy(persis_io.pr.pr_info.sa_res_key,
7918			       param->serv_act_res_key,
7919			       sizeof(param->serv_act_res_key));
7920			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7921			    sizeof(persis_io.pr), M_WAITOK);
7922		}
7923	}
7924	return (0);
7925}
7926
7927static void
7928ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7929{
7930	uint64_t sa_res_key;
7931	int i;
7932
7933	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7934
7935	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7936	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7937	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7938		if (sa_res_key == 0) {
7939			/*
7940			 * Unregister everybody else and build UA for
7941			 * them
7942			 */
7943			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7944				if (i == msg->pr.pr_info.residx ||
7945				    ctl_get_prkey(lun, i) == 0)
7946					continue;
7947
7948				ctl_clr_prkey(lun, i);
7949				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7950			}
7951
7952			lun->pr_key_count = 1;
7953			lun->res_type = msg->pr.pr_info.res_type;
7954			if (lun->res_type != SPR_TYPE_WR_EX_AR
7955			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7956				lun->pr_res_idx = msg->pr.pr_info.residx;
7957		} else {
7958		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7959				if (sa_res_key == ctl_get_prkey(lun, i))
7960					continue;
7961
7962				ctl_clr_prkey(lun, i);
7963				lun->pr_key_count--;
7964				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7965			}
7966		}
7967	} else {
7968		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7969			if (i == msg->pr.pr_info.residx ||
7970			    ctl_get_prkey(lun, i) == 0)
7971				continue;
7972
7973			if (sa_res_key == ctl_get_prkey(lun, i)) {
7974				ctl_clr_prkey(lun, i);
7975				lun->pr_key_count--;
7976				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7977			} else if (msg->pr.pr_info.res_type != lun->res_type
7978				&& (lun->res_type == SPR_TYPE_WR_EX_RO
7979				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
7980				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7981			}
7982		}
7983		lun->res_type = msg->pr.pr_info.res_type;
7984		if (lun->res_type != SPR_TYPE_WR_EX_AR
7985		 && lun->res_type != SPR_TYPE_EX_AC_AR)
7986			lun->pr_res_idx = msg->pr.pr_info.residx;
7987		else
7988			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7989	}
7990	lun->PRGeneration++;
7991
7992}
7993
7994
7995int
7996ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
7997{
7998	int retval;
7999	u_int32_t param_len;
8000	struct scsi_per_res_out *cdb;
8001	struct ctl_lun *lun;
8002	struct scsi_per_res_out_parms* param;
8003	struct ctl_softc *softc;
8004	uint32_t residx;
8005	uint64_t res_key, sa_res_key, key;
8006	uint8_t type;
8007	union ctl_ha_msg persis_io;
8008	int    i;
8009
8010	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8011
8012	retval = CTL_RETVAL_COMPLETE;
8013
8014	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8015	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8016	softc = lun->ctl_softc;
8017
8018	/*
8019	 * We only support whole-LUN scope.  The scope & type are ignored for
8020	 * register, register and ignore existing key and clear.
8021	 * We sometimes ignore scope and type on preempts too!!
8022	 * Verify reservation type here as well.
8023	 */
8024	type = cdb->scope_type & SPR_TYPE_MASK;
8025	if ((cdb->action == SPRO_RESERVE)
8026	 || (cdb->action == SPRO_RELEASE)) {
8027		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8028			ctl_set_invalid_field(/*ctsio*/ ctsio,
8029					      /*sks_valid*/ 1,
8030					      /*command*/ 1,
8031					      /*field*/ 2,
8032					      /*bit_valid*/ 1,
8033					      /*bit*/ 4);
8034			ctl_done((union ctl_io *)ctsio);
8035			return (CTL_RETVAL_COMPLETE);
8036		}
8037
8038		if (type>8 || type==2 || type==4 || type==0) {
8039			ctl_set_invalid_field(/*ctsio*/ ctsio,
8040					      /*sks_valid*/ 1,
8041					      /*command*/ 1,
8042					      /*field*/ 2,
8043					      /*bit_valid*/ 1,
8044					      /*bit*/ 0);
8045			ctl_done((union ctl_io *)ctsio);
8046			return (CTL_RETVAL_COMPLETE);
8047		}
8048	}
8049
8050	param_len = scsi_4btoul(cdb->length);
8051
8052	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8053		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8054		ctsio->kern_data_len = param_len;
8055		ctsio->kern_total_len = param_len;
8056		ctsio->kern_data_resid = 0;
8057		ctsio->kern_rel_offset = 0;
8058		ctsio->kern_sg_entries = 0;
8059		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8060		ctsio->be_move_done = ctl_config_move_done;
8061		ctl_datamove((union ctl_io *)ctsio);
8062
8063		return (CTL_RETVAL_COMPLETE);
8064	}
8065
8066	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8067
8068	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8069	res_key = scsi_8btou64(param->res_key.key);
8070	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8071
8072	/*
8073	 * Validate the reservation key here except for SPRO_REG_IGNO
8074	 * This must be done for all other service actions
8075	 */
8076	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8077		mtx_lock(&lun->lun_lock);
8078		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8079			if (res_key != key) {
8080				/*
8081				 * The current key passed in doesn't match
8082				 * the one the initiator previously
8083				 * registered.
8084				 */
8085				mtx_unlock(&lun->lun_lock);
8086				free(ctsio->kern_data_ptr, M_CTL);
8087				ctl_set_reservation_conflict(ctsio);
8088				ctl_done((union ctl_io *)ctsio);
8089				return (CTL_RETVAL_COMPLETE);
8090			}
8091		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8092			/*
8093			 * We are not registered
8094			 */
8095			mtx_unlock(&lun->lun_lock);
8096			free(ctsio->kern_data_ptr, M_CTL);
8097			ctl_set_reservation_conflict(ctsio);
8098			ctl_done((union ctl_io *)ctsio);
8099			return (CTL_RETVAL_COMPLETE);
8100		} else if (res_key != 0) {
8101			/*
8102			 * We are not registered and trying to register but
8103			 * the register key isn't zero.
8104			 */
8105			mtx_unlock(&lun->lun_lock);
8106			free(ctsio->kern_data_ptr, M_CTL);
8107			ctl_set_reservation_conflict(ctsio);
8108			ctl_done((union ctl_io *)ctsio);
8109			return (CTL_RETVAL_COMPLETE);
8110		}
8111		mtx_unlock(&lun->lun_lock);
8112	}
8113
8114	switch (cdb->action & SPRO_ACTION_MASK) {
8115	case SPRO_REGISTER:
8116	case SPRO_REG_IGNO: {
8117
8118#if 0
8119		printf("Registration received\n");
8120#endif
8121
8122		/*
8123		 * We don't support any of these options, as we report in
8124		 * the read capabilities request (see
8125		 * ctl_persistent_reserve_in(), above).
8126		 */
8127		if ((param->flags & SPR_SPEC_I_PT)
8128		 || (param->flags & SPR_ALL_TG_PT)
8129		 || (param->flags & SPR_APTPL)) {
8130			int bit_ptr;
8131
8132			if (param->flags & SPR_APTPL)
8133				bit_ptr = 0;
8134			else if (param->flags & SPR_ALL_TG_PT)
8135				bit_ptr = 2;
8136			else /* SPR_SPEC_I_PT */
8137				bit_ptr = 3;
8138
8139			free(ctsio->kern_data_ptr, M_CTL);
8140			ctl_set_invalid_field(ctsio,
8141					      /*sks_valid*/ 1,
8142					      /*command*/ 0,
8143					      /*field*/ 20,
8144					      /*bit_valid*/ 1,
8145					      /*bit*/ bit_ptr);
8146			ctl_done((union ctl_io *)ctsio);
8147			return (CTL_RETVAL_COMPLETE);
8148		}
8149
8150		mtx_lock(&lun->lun_lock);
8151
8152		/*
8153		 * The initiator wants to clear the
8154		 * key/unregister.
8155		 */
8156		if (sa_res_key == 0) {
8157			if ((res_key == 0
8158			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8159			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8160			  && ctl_get_prkey(lun, residx) == 0)) {
8161				mtx_unlock(&lun->lun_lock);
8162				goto done;
8163			}
8164
8165			ctl_clr_prkey(lun, residx);
8166			lun->pr_key_count--;
8167
8168			if (residx == lun->pr_res_idx) {
8169				lun->flags &= ~CTL_LUN_PR_RESERVED;
8170				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8171
8172				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8173				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8174				 && lun->pr_key_count) {
8175					/*
8176					 * If the reservation is a registrants
8177					 * only type we need to generate a UA
8178					 * for other registered inits.  The
8179					 * sense code should be RESERVATIONS
8180					 * RELEASED
8181					 */
8182
8183					for (i = softc->init_min; i < softc->init_max; i++){
8184						if (ctl_get_prkey(lun, i) == 0)
8185							continue;
8186						ctl_est_ua(lun, i,
8187						    CTL_UA_RES_RELEASE);
8188					}
8189				}
8190				lun->res_type = 0;
8191			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8192				if (lun->pr_key_count==0) {
8193					lun->flags &= ~CTL_LUN_PR_RESERVED;
8194					lun->res_type = 0;
8195					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8196				}
8197			}
8198			lun->PRGeneration++;
8199			mtx_unlock(&lun->lun_lock);
8200
8201			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8202			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8203			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8204			persis_io.pr.pr_info.residx = residx;
8205			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8206			    sizeof(persis_io.pr), M_WAITOK);
8207		} else /* sa_res_key != 0 */ {
8208
8209			/*
8210			 * If we aren't registered currently then increment
8211			 * the key count and set the registered flag.
8212			 */
8213			ctl_alloc_prkey(lun, residx);
8214			if (ctl_get_prkey(lun, residx) == 0)
8215				lun->pr_key_count++;
8216			ctl_set_prkey(lun, residx, sa_res_key);
8217			lun->PRGeneration++;
8218			mtx_unlock(&lun->lun_lock);
8219
8220			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8221			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8222			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8223			persis_io.pr.pr_info.residx = residx;
8224			memcpy(persis_io.pr.pr_info.sa_res_key,
8225			       param->serv_act_res_key,
8226			       sizeof(param->serv_act_res_key));
8227			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8228			    sizeof(persis_io.pr), M_WAITOK);
8229		}
8230
8231		break;
8232	}
8233	case SPRO_RESERVE:
8234#if 0
8235                printf("Reserve executed type %d\n", type);
8236#endif
8237		mtx_lock(&lun->lun_lock);
8238		if (lun->flags & CTL_LUN_PR_RESERVED) {
8239			/*
8240			 * if this isn't the reservation holder and it's
8241			 * not a "all registrants" type or if the type is
8242			 * different then we have a conflict
8243			 */
8244			if ((lun->pr_res_idx != residx
8245			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8246			 || lun->res_type != type) {
8247				mtx_unlock(&lun->lun_lock);
8248				free(ctsio->kern_data_ptr, M_CTL);
8249				ctl_set_reservation_conflict(ctsio);
8250				ctl_done((union ctl_io *)ctsio);
8251				return (CTL_RETVAL_COMPLETE);
8252			}
8253			mtx_unlock(&lun->lun_lock);
8254		} else /* create a reservation */ {
8255			/*
8256			 * If it's not an "all registrants" type record
8257			 * reservation holder
8258			 */
8259			if (type != SPR_TYPE_WR_EX_AR
8260			 && type != SPR_TYPE_EX_AC_AR)
8261				lun->pr_res_idx = residx; /* Res holder */
8262			else
8263				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8264
8265			lun->flags |= CTL_LUN_PR_RESERVED;
8266			lun->res_type = type;
8267
8268			mtx_unlock(&lun->lun_lock);
8269
8270			/* send msg to other side */
8271			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8272			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8273			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8274			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8275			persis_io.pr.pr_info.res_type = type;
8276			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8277			    sizeof(persis_io.pr), M_WAITOK);
8278		}
8279		break;
8280
8281	case SPRO_RELEASE:
8282		mtx_lock(&lun->lun_lock);
8283		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8284			/* No reservation exists return good status */
8285			mtx_unlock(&lun->lun_lock);
8286			goto done;
8287		}
8288		/*
8289		 * Is this nexus a reservation holder?
8290		 */
8291		if (lun->pr_res_idx != residx
8292		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8293			/*
8294			 * not a res holder return good status but
8295			 * do nothing
8296			 */
8297			mtx_unlock(&lun->lun_lock);
8298			goto done;
8299		}
8300
8301		if (lun->res_type != type) {
8302			mtx_unlock(&lun->lun_lock);
8303			free(ctsio->kern_data_ptr, M_CTL);
8304			ctl_set_illegal_pr_release(ctsio);
8305			ctl_done((union ctl_io *)ctsio);
8306			return (CTL_RETVAL_COMPLETE);
8307		}
8308
8309		/* okay to release */
8310		lun->flags &= ~CTL_LUN_PR_RESERVED;
8311		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8312		lun->res_type = 0;
8313
8314		/*
8315		 * if this isn't an exclusive access
8316		 * res generate UA for all other
8317		 * registrants.
8318		 */
8319		if (type != SPR_TYPE_EX_AC
8320		 && type != SPR_TYPE_WR_EX) {
8321			for (i = softc->init_min; i < softc->init_max; i++) {
8322				if (i == residx || ctl_get_prkey(lun, i) == 0)
8323					continue;
8324				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8325			}
8326		}
8327		mtx_unlock(&lun->lun_lock);
8328
8329		/* Send msg to other side */
8330		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8331		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8332		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8333		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8334		     sizeof(persis_io.pr), M_WAITOK);
8335		break;
8336
8337	case SPRO_CLEAR:
8338		/* send msg to other side */
8339
8340		mtx_lock(&lun->lun_lock);
8341		lun->flags &= ~CTL_LUN_PR_RESERVED;
8342		lun->res_type = 0;
8343		lun->pr_key_count = 0;
8344		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8345
8346		ctl_clr_prkey(lun, residx);
8347		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8348			if (ctl_get_prkey(lun, i) != 0) {
8349				ctl_clr_prkey(lun, i);
8350				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8351			}
8352		lun->PRGeneration++;
8353		mtx_unlock(&lun->lun_lock);
8354
8355		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8356		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8357		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8358		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8359		     sizeof(persis_io.pr), M_WAITOK);
8360		break;
8361
8362	case SPRO_PREEMPT:
8363	case SPRO_PRE_ABO: {
8364		int nretval;
8365
8366		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8367					  residx, ctsio, cdb, param);
8368		if (nretval != 0)
8369			return (CTL_RETVAL_COMPLETE);
8370		break;
8371	}
8372	default:
8373		panic("Invalid PR type %x", cdb->action);
8374	}
8375
8376done:
8377	free(ctsio->kern_data_ptr, M_CTL);
8378	ctl_set_success(ctsio);
8379	ctl_done((union ctl_io *)ctsio);
8380
8381	return (retval);
8382}
8383
8384/*
8385 * This routine is for handling a message from the other SC pertaining to
8386 * persistent reserve out. All the error checking will have been done
8387 * so only perorming the action need be done here to keep the two
8388 * in sync.
8389 */
8390static void
8391ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8392{
8393	struct ctl_softc *softc = control_softc;
8394	struct ctl_lun *lun;
8395	int i;
8396	uint32_t residx, targ_lun;
8397
8398	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8399	mtx_lock(&softc->ctl_lock);
8400	if ((targ_lun >= CTL_MAX_LUNS) ||
8401	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8402		mtx_unlock(&softc->ctl_lock);
8403		return;
8404	}
8405	mtx_lock(&lun->lun_lock);
8406	mtx_unlock(&softc->ctl_lock);
8407	if (lun->flags & CTL_LUN_DISABLED) {
8408		mtx_unlock(&lun->lun_lock);
8409		return;
8410	}
8411	residx = ctl_get_initindex(&msg->hdr.nexus);
8412	switch(msg->pr.pr_info.action) {
8413	case CTL_PR_REG_KEY:
8414		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8415		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8416			lun->pr_key_count++;
8417		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8418		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8419		lun->PRGeneration++;
8420		break;
8421
8422	case CTL_PR_UNREG_KEY:
8423		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8424		lun->pr_key_count--;
8425
8426		/* XXX Need to see if the reservation has been released */
8427		/* if so do we need to generate UA? */
8428		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8429			lun->flags &= ~CTL_LUN_PR_RESERVED;
8430			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8431
8432			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8433			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8434			 && lun->pr_key_count) {
8435				/*
8436				 * If the reservation is a registrants
8437				 * only type we need to generate a UA
8438				 * for other registered inits.  The
8439				 * sense code should be RESERVATIONS
8440				 * RELEASED
8441				 */
8442
8443				for (i = softc->init_min; i < softc->init_max; i++) {
8444					if (ctl_get_prkey(lun, i) == 0)
8445						continue;
8446
8447					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8448				}
8449			}
8450			lun->res_type = 0;
8451		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8452			if (lun->pr_key_count==0) {
8453				lun->flags &= ~CTL_LUN_PR_RESERVED;
8454				lun->res_type = 0;
8455				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8456			}
8457		}
8458		lun->PRGeneration++;
8459		break;
8460
8461	case CTL_PR_RESERVE:
8462		lun->flags |= CTL_LUN_PR_RESERVED;
8463		lun->res_type = msg->pr.pr_info.res_type;
8464		lun->pr_res_idx = msg->pr.pr_info.residx;
8465
8466		break;
8467
8468	case CTL_PR_RELEASE:
8469		/*
8470		 * if this isn't an exclusive access res generate UA for all
8471		 * other registrants.
8472		 */
8473		if (lun->res_type != SPR_TYPE_EX_AC
8474		 && lun->res_type != SPR_TYPE_WR_EX) {
8475			for (i = softc->init_min; i < softc->init_max; i++)
8476				if (i == residx || ctl_get_prkey(lun, i) == 0)
8477					continue;
8478				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8479		}
8480
8481		lun->flags &= ~CTL_LUN_PR_RESERVED;
8482		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8483		lun->res_type = 0;
8484		break;
8485
8486	case CTL_PR_PREEMPT:
8487		ctl_pro_preempt_other(lun, msg);
8488		break;
8489	case CTL_PR_CLEAR:
8490		lun->flags &= ~CTL_LUN_PR_RESERVED;
8491		lun->res_type = 0;
8492		lun->pr_key_count = 0;
8493		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8494
8495		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8496			if (ctl_get_prkey(lun, i) == 0)
8497				continue;
8498			ctl_clr_prkey(lun, i);
8499			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8500		}
8501		lun->PRGeneration++;
8502		break;
8503	}
8504
8505	mtx_unlock(&lun->lun_lock);
8506}
8507
8508int
8509ctl_read_write(struct ctl_scsiio *ctsio)
8510{
8511	struct ctl_lun *lun;
8512	struct ctl_lba_len_flags *lbalen;
8513	uint64_t lba;
8514	uint32_t num_blocks;
8515	int flags, retval;
8516	int isread;
8517
8518	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8519
8520	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8521
8522	flags = 0;
8523	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8524	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8525	switch (ctsio->cdb[0]) {
8526	case READ_6:
8527	case WRITE_6: {
8528		struct scsi_rw_6 *cdb;
8529
8530		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8531
8532		lba = scsi_3btoul(cdb->addr);
8533		/* only 5 bits are valid in the most significant address byte */
8534		lba &= 0x1fffff;
8535		num_blocks = cdb->length;
8536		/*
8537		 * This is correct according to SBC-2.
8538		 */
8539		if (num_blocks == 0)
8540			num_blocks = 256;
8541		break;
8542	}
8543	case READ_10:
8544	case WRITE_10: {
8545		struct scsi_rw_10 *cdb;
8546
8547		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8548		if (cdb->byte2 & SRW10_FUA)
8549			flags |= CTL_LLF_FUA;
8550		if (cdb->byte2 & SRW10_DPO)
8551			flags |= CTL_LLF_DPO;
8552		lba = scsi_4btoul(cdb->addr);
8553		num_blocks = scsi_2btoul(cdb->length);
8554		break;
8555	}
8556	case WRITE_VERIFY_10: {
8557		struct scsi_write_verify_10 *cdb;
8558
8559		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8560		flags |= CTL_LLF_FUA;
8561		if (cdb->byte2 & SWV_DPO)
8562			flags |= CTL_LLF_DPO;
8563		lba = scsi_4btoul(cdb->addr);
8564		num_blocks = scsi_2btoul(cdb->length);
8565		break;
8566	}
8567	case READ_12:
8568	case WRITE_12: {
8569		struct scsi_rw_12 *cdb;
8570
8571		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8572		if (cdb->byte2 & SRW12_FUA)
8573			flags |= CTL_LLF_FUA;
8574		if (cdb->byte2 & SRW12_DPO)
8575			flags |= CTL_LLF_DPO;
8576		lba = scsi_4btoul(cdb->addr);
8577		num_blocks = scsi_4btoul(cdb->length);
8578		break;
8579	}
8580	case WRITE_VERIFY_12: {
8581		struct scsi_write_verify_12 *cdb;
8582
8583		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8584		flags |= CTL_LLF_FUA;
8585		if (cdb->byte2 & SWV_DPO)
8586			flags |= CTL_LLF_DPO;
8587		lba = scsi_4btoul(cdb->addr);
8588		num_blocks = scsi_4btoul(cdb->length);
8589		break;
8590	}
8591	case READ_16:
8592	case WRITE_16: {
8593		struct scsi_rw_16 *cdb;
8594
8595		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8596		if (cdb->byte2 & SRW12_FUA)
8597			flags |= CTL_LLF_FUA;
8598		if (cdb->byte2 & SRW12_DPO)
8599			flags |= CTL_LLF_DPO;
8600		lba = scsi_8btou64(cdb->addr);
8601		num_blocks = scsi_4btoul(cdb->length);
8602		break;
8603	}
8604	case WRITE_ATOMIC_16: {
8605		struct scsi_write_atomic_16 *cdb;
8606
8607		if (lun->be_lun->atomicblock == 0) {
8608			ctl_set_invalid_opcode(ctsio);
8609			ctl_done((union ctl_io *)ctsio);
8610			return (CTL_RETVAL_COMPLETE);
8611		}
8612
8613		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8614		if (cdb->byte2 & SRW12_FUA)
8615			flags |= CTL_LLF_FUA;
8616		if (cdb->byte2 & SRW12_DPO)
8617			flags |= CTL_LLF_DPO;
8618		lba = scsi_8btou64(cdb->addr);
8619		num_blocks = scsi_2btoul(cdb->length);
8620		if (num_blocks > lun->be_lun->atomicblock) {
8621			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8622			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8623			    /*bit*/ 0);
8624			ctl_done((union ctl_io *)ctsio);
8625			return (CTL_RETVAL_COMPLETE);
8626		}
8627		break;
8628	}
8629	case WRITE_VERIFY_16: {
8630		struct scsi_write_verify_16 *cdb;
8631
8632		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8633		flags |= CTL_LLF_FUA;
8634		if (cdb->byte2 & SWV_DPO)
8635			flags |= CTL_LLF_DPO;
8636		lba = scsi_8btou64(cdb->addr);
8637		num_blocks = scsi_4btoul(cdb->length);
8638		break;
8639	}
8640	default:
8641		/*
8642		 * We got a command we don't support.  This shouldn't
8643		 * happen, commands should be filtered out above us.
8644		 */
8645		ctl_set_invalid_opcode(ctsio);
8646		ctl_done((union ctl_io *)ctsio);
8647
8648		return (CTL_RETVAL_COMPLETE);
8649		break; /* NOTREACHED */
8650	}
8651
8652	/*
8653	 * The first check is to make sure we're in bounds, the second
8654	 * check is to catch wrap-around problems.  If the lba + num blocks
8655	 * is less than the lba, then we've wrapped around and the block
8656	 * range is invalid anyway.
8657	 */
8658	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8659	 || ((lba + num_blocks) < lba)) {
8660		ctl_set_lba_out_of_range(ctsio);
8661		ctl_done((union ctl_io *)ctsio);
8662		return (CTL_RETVAL_COMPLETE);
8663	}
8664
8665	/*
8666	 * According to SBC-3, a transfer length of 0 is not an error.
8667	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8668	 * translates to 256 blocks for those commands.
8669	 */
8670	if (num_blocks == 0) {
8671		ctl_set_success(ctsio);
8672		ctl_done((union ctl_io *)ctsio);
8673		return (CTL_RETVAL_COMPLETE);
8674	}
8675
8676	/* Set FUA and/or DPO if caches are disabled. */
8677	if (isread) {
8678		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8679		    SCP_RCD) != 0)
8680			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8681	} else {
8682		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8683		    SCP_WCE) == 0)
8684			flags |= CTL_LLF_FUA;
8685	}
8686
8687	lbalen = (struct ctl_lba_len_flags *)
8688	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8689	lbalen->lba = lba;
8690	lbalen->len = num_blocks;
8691	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8692
8693	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8694	ctsio->kern_rel_offset = 0;
8695
8696	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8697
8698	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8699	return (retval);
8700}
8701
8702static int
8703ctl_cnw_cont(union ctl_io *io)
8704{
8705	struct ctl_scsiio *ctsio;
8706	struct ctl_lun *lun;
8707	struct ctl_lba_len_flags *lbalen;
8708	int retval;
8709
8710	ctsio = &io->scsiio;
8711	ctsio->io_hdr.status = CTL_STATUS_NONE;
8712	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8713	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8714	lbalen = (struct ctl_lba_len_flags *)
8715	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8716	lbalen->flags &= ~CTL_LLF_COMPARE;
8717	lbalen->flags |= CTL_LLF_WRITE;
8718
8719	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8720	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8721	return (retval);
8722}
8723
8724int
8725ctl_cnw(struct ctl_scsiio *ctsio)
8726{
8727	struct ctl_lun *lun;
8728	struct ctl_lba_len_flags *lbalen;
8729	uint64_t lba;
8730	uint32_t num_blocks;
8731	int flags, retval;
8732
8733	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8734
8735	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8736
8737	flags = 0;
8738	switch (ctsio->cdb[0]) {
8739	case COMPARE_AND_WRITE: {
8740		struct scsi_compare_and_write *cdb;
8741
8742		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8743		if (cdb->byte2 & SRW10_FUA)
8744			flags |= CTL_LLF_FUA;
8745		if (cdb->byte2 & SRW10_DPO)
8746			flags |= CTL_LLF_DPO;
8747		lba = scsi_8btou64(cdb->addr);
8748		num_blocks = cdb->length;
8749		break;
8750	}
8751	default:
8752		/*
8753		 * We got a command we don't support.  This shouldn't
8754		 * happen, commands should be filtered out above us.
8755		 */
8756		ctl_set_invalid_opcode(ctsio);
8757		ctl_done((union ctl_io *)ctsio);
8758
8759		return (CTL_RETVAL_COMPLETE);
8760		break; /* NOTREACHED */
8761	}
8762
8763	/*
8764	 * The first check is to make sure we're in bounds, the second
8765	 * check is to catch wrap-around problems.  If the lba + num blocks
8766	 * is less than the lba, then we've wrapped around and the block
8767	 * range is invalid anyway.
8768	 */
8769	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8770	 || ((lba + num_blocks) < lba)) {
8771		ctl_set_lba_out_of_range(ctsio);
8772		ctl_done((union ctl_io *)ctsio);
8773		return (CTL_RETVAL_COMPLETE);
8774	}
8775
8776	/*
8777	 * According to SBC-3, a transfer length of 0 is not an error.
8778	 */
8779	if (num_blocks == 0) {
8780		ctl_set_success(ctsio);
8781		ctl_done((union ctl_io *)ctsio);
8782		return (CTL_RETVAL_COMPLETE);
8783	}
8784
8785	/* Set FUA if write cache is disabled. */
8786	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8787	    SCP_WCE) == 0)
8788		flags |= CTL_LLF_FUA;
8789
8790	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8791	ctsio->kern_rel_offset = 0;
8792
8793	/*
8794	 * Set the IO_CONT flag, so that if this I/O gets passed to
8795	 * ctl_data_submit_done(), it'll get passed back to
8796	 * ctl_ctl_cnw_cont() for further processing.
8797	 */
8798	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8799	ctsio->io_cont = ctl_cnw_cont;
8800
8801	lbalen = (struct ctl_lba_len_flags *)
8802	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8803	lbalen->lba = lba;
8804	lbalen->len = num_blocks;
8805	lbalen->flags = CTL_LLF_COMPARE | flags;
8806
8807	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8808	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8809	return (retval);
8810}
8811
8812int
8813ctl_verify(struct ctl_scsiio *ctsio)
8814{
8815	struct ctl_lun *lun;
8816	struct ctl_lba_len_flags *lbalen;
8817	uint64_t lba;
8818	uint32_t num_blocks;
8819	int bytchk, flags;
8820	int retval;
8821
8822	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8823
8824	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8825
8826	bytchk = 0;
8827	flags = CTL_LLF_FUA;
8828	switch (ctsio->cdb[0]) {
8829	case VERIFY_10: {
8830		struct scsi_verify_10 *cdb;
8831
8832		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8833		if (cdb->byte2 & SVFY_BYTCHK)
8834			bytchk = 1;
8835		if (cdb->byte2 & SVFY_DPO)
8836			flags |= CTL_LLF_DPO;
8837		lba = scsi_4btoul(cdb->addr);
8838		num_blocks = scsi_2btoul(cdb->length);
8839		break;
8840	}
8841	case VERIFY_12: {
8842		struct scsi_verify_12 *cdb;
8843
8844		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8845		if (cdb->byte2 & SVFY_BYTCHK)
8846			bytchk = 1;
8847		if (cdb->byte2 & SVFY_DPO)
8848			flags |= CTL_LLF_DPO;
8849		lba = scsi_4btoul(cdb->addr);
8850		num_blocks = scsi_4btoul(cdb->length);
8851		break;
8852	}
8853	case VERIFY_16: {
8854		struct scsi_rw_16 *cdb;
8855
8856		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8857		if (cdb->byte2 & SVFY_BYTCHK)
8858			bytchk = 1;
8859		if (cdb->byte2 & SVFY_DPO)
8860			flags |= CTL_LLF_DPO;
8861		lba = scsi_8btou64(cdb->addr);
8862		num_blocks = scsi_4btoul(cdb->length);
8863		break;
8864	}
8865	default:
8866		/*
8867		 * We got a command we don't support.  This shouldn't
8868		 * happen, commands should be filtered out above us.
8869		 */
8870		ctl_set_invalid_opcode(ctsio);
8871		ctl_done((union ctl_io *)ctsio);
8872		return (CTL_RETVAL_COMPLETE);
8873	}
8874
8875	/*
8876	 * The first check is to make sure we're in bounds, the second
8877	 * check is to catch wrap-around problems.  If the lba + num blocks
8878	 * is less than the lba, then we've wrapped around and the block
8879	 * range is invalid anyway.
8880	 */
8881	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8882	 || ((lba + num_blocks) < lba)) {
8883		ctl_set_lba_out_of_range(ctsio);
8884		ctl_done((union ctl_io *)ctsio);
8885		return (CTL_RETVAL_COMPLETE);
8886	}
8887
8888	/*
8889	 * According to SBC-3, a transfer length of 0 is not an error.
8890	 */
8891	if (num_blocks == 0) {
8892		ctl_set_success(ctsio);
8893		ctl_done((union ctl_io *)ctsio);
8894		return (CTL_RETVAL_COMPLETE);
8895	}
8896
8897	lbalen = (struct ctl_lba_len_flags *)
8898	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8899	lbalen->lba = lba;
8900	lbalen->len = num_blocks;
8901	if (bytchk) {
8902		lbalen->flags = CTL_LLF_COMPARE | flags;
8903		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8904	} else {
8905		lbalen->flags = CTL_LLF_VERIFY | flags;
8906		ctsio->kern_total_len = 0;
8907	}
8908	ctsio->kern_rel_offset = 0;
8909
8910	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8911	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8912	return (retval);
8913}
8914
8915int
8916ctl_report_luns(struct ctl_scsiio *ctsio)
8917{
8918	struct ctl_softc *softc;
8919	struct scsi_report_luns *cdb;
8920	struct scsi_report_luns_data *lun_data;
8921	struct ctl_lun *lun, *request_lun;
8922	struct ctl_port *port;
8923	int num_luns, retval;
8924	uint32_t alloc_len, lun_datalen;
8925	int num_filled;
8926	uint32_t initidx, targ_lun_id, lun_id;
8927
8928	retval = CTL_RETVAL_COMPLETE;
8929	cdb = (struct scsi_report_luns *)ctsio->cdb;
8930	port = ctl_io_port(&ctsio->io_hdr);
8931	softc = port->ctl_softc;
8932
8933	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8934
8935	mtx_lock(&softc->ctl_lock);
8936	num_luns = 0;
8937	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8938		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8939			num_luns++;
8940	}
8941	mtx_unlock(&softc->ctl_lock);
8942
8943	switch (cdb->select_report) {
8944	case RPL_REPORT_DEFAULT:
8945	case RPL_REPORT_ALL:
8946	case RPL_REPORT_NONSUBSID:
8947		break;
8948	case RPL_REPORT_WELLKNOWN:
8949	case RPL_REPORT_ADMIN:
8950	case RPL_REPORT_CONGLOM:
8951		num_luns = 0;
8952		break;
8953	default:
8954		ctl_set_invalid_field(ctsio,
8955				      /*sks_valid*/ 1,
8956				      /*command*/ 1,
8957				      /*field*/ 2,
8958				      /*bit_valid*/ 0,
8959				      /*bit*/ 0);
8960		ctl_done((union ctl_io *)ctsio);
8961		return (retval);
8962		break; /* NOTREACHED */
8963	}
8964
8965	alloc_len = scsi_4btoul(cdb->length);
8966	/*
8967	 * The initiator has to allocate at least 16 bytes for this request,
8968	 * so he can at least get the header and the first LUN.  Otherwise
8969	 * we reject the request (per SPC-3 rev 14, section 6.21).
8970	 */
8971	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
8972	    sizeof(struct scsi_report_luns_lundata))) {
8973		ctl_set_invalid_field(ctsio,
8974				      /*sks_valid*/ 1,
8975				      /*command*/ 1,
8976				      /*field*/ 6,
8977				      /*bit_valid*/ 0,
8978				      /*bit*/ 0);
8979		ctl_done((union ctl_io *)ctsio);
8980		return (retval);
8981	}
8982
8983	request_lun = (struct ctl_lun *)
8984		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8985
8986	lun_datalen = sizeof(*lun_data) +
8987		(num_luns * sizeof(struct scsi_report_luns_lundata));
8988
8989	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
8990	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
8991	ctsio->kern_sg_entries = 0;
8992
8993	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8994
8995	mtx_lock(&softc->ctl_lock);
8996	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
8997		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
8998		if (lun_id >= CTL_MAX_LUNS)
8999			continue;
9000		lun = softc->ctl_luns[lun_id];
9001		if (lun == NULL)
9002			continue;
9003
9004		if (targ_lun_id <= 0xff) {
9005			/*
9006			 * Peripheral addressing method, bus number 0.
9007			 */
9008			lun_data->luns[num_filled].lundata[0] =
9009				RPL_LUNDATA_ATYP_PERIPH;
9010			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9011			num_filled++;
9012		} else if (targ_lun_id <= 0x3fff) {
9013			/*
9014			 * Flat addressing method.
9015			 */
9016			lun_data->luns[num_filled].lundata[0] =
9017				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9018			lun_data->luns[num_filled].lundata[1] =
9019				(targ_lun_id & 0xff);
9020			num_filled++;
9021		} else if (targ_lun_id <= 0xffffff) {
9022			/*
9023			 * Extended flat addressing method.
9024			 */
9025			lun_data->luns[num_filled].lundata[0] =
9026			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9027			scsi_ulto3b(targ_lun_id,
9028			    &lun_data->luns[num_filled].lundata[1]);
9029			num_filled++;
9030		} else {
9031			printf("ctl_report_luns: bogus LUN number %jd, "
9032			       "skipping\n", (intmax_t)targ_lun_id);
9033		}
9034		/*
9035		 * According to SPC-3, rev 14 section 6.21:
9036		 *
9037		 * "The execution of a REPORT LUNS command to any valid and
9038		 * installed logical unit shall clear the REPORTED LUNS DATA
9039		 * HAS CHANGED unit attention condition for all logical
9040		 * units of that target with respect to the requesting
9041		 * initiator. A valid and installed logical unit is one
9042		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9043		 * INQUIRY data (see 6.4.2)."
9044		 *
9045		 * If request_lun is NULL, the LUN this report luns command
9046		 * was issued to is either disabled or doesn't exist. In that
9047		 * case, we shouldn't clear any pending lun change unit
9048		 * attention.
9049		 */
9050		if (request_lun != NULL) {
9051			mtx_lock(&lun->lun_lock);
9052			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9053			mtx_unlock(&lun->lun_lock);
9054		}
9055	}
9056	mtx_unlock(&softc->ctl_lock);
9057
9058	/*
9059	 * It's quite possible that we've returned fewer LUNs than we allocated
9060	 * space for.  Trim it.
9061	 */
9062	lun_datalen = sizeof(*lun_data) +
9063		(num_filled * sizeof(struct scsi_report_luns_lundata));
9064
9065	if (lun_datalen < alloc_len) {
9066		ctsio->residual = alloc_len - lun_datalen;
9067		ctsio->kern_data_len = lun_datalen;
9068		ctsio->kern_total_len = lun_datalen;
9069	} else {
9070		ctsio->residual = 0;
9071		ctsio->kern_data_len = alloc_len;
9072		ctsio->kern_total_len = alloc_len;
9073	}
9074	ctsio->kern_data_resid = 0;
9075	ctsio->kern_rel_offset = 0;
9076	ctsio->kern_sg_entries = 0;
9077
9078	/*
9079	 * We set this to the actual data length, regardless of how much
9080	 * space we actually have to return results.  If the user looks at
9081	 * this value, he'll know whether or not he allocated enough space
9082	 * and reissue the command if necessary.  We don't support well
9083	 * known logical units, so if the user asks for that, return none.
9084	 */
9085	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9086
9087	/*
9088	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9089	 * this request.
9090	 */
9091	ctl_set_success(ctsio);
9092	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9093	ctsio->be_move_done = ctl_config_move_done;
9094	ctl_datamove((union ctl_io *)ctsio);
9095	return (retval);
9096}
9097
9098int
9099ctl_request_sense(struct ctl_scsiio *ctsio)
9100{
9101	struct scsi_request_sense *cdb;
9102	struct scsi_sense_data *sense_ptr;
9103	struct ctl_softc *ctl_softc;
9104	struct ctl_lun *lun;
9105	uint32_t initidx;
9106	int have_error;
9107	scsi_sense_data_type sense_format;
9108	ctl_ua_type ua_type;
9109
9110	cdb = (struct scsi_request_sense *)ctsio->cdb;
9111
9112	ctl_softc = control_softc;
9113	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9114
9115	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9116
9117	/*
9118	 * Determine which sense format the user wants.
9119	 */
9120	if (cdb->byte2 & SRS_DESC)
9121		sense_format = SSD_TYPE_DESC;
9122	else
9123		sense_format = SSD_TYPE_FIXED;
9124
9125	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9126	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9127	ctsio->kern_sg_entries = 0;
9128
9129	/*
9130	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9131	 * larger than the largest allowed value for the length field in the
9132	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9133	 */
9134	ctsio->residual = 0;
9135	ctsio->kern_data_len = cdb->length;
9136	ctsio->kern_total_len = cdb->length;
9137
9138	ctsio->kern_data_resid = 0;
9139	ctsio->kern_rel_offset = 0;
9140	ctsio->kern_sg_entries = 0;
9141
9142	/*
9143	 * If we don't have a LUN, we don't have any pending sense.
9144	 */
9145	if (lun == NULL)
9146		goto no_sense;
9147
9148	have_error = 0;
9149	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9150	/*
9151	 * Check for pending sense, and then for pending unit attentions.
9152	 * Pending sense gets returned first, then pending unit attentions.
9153	 */
9154	mtx_lock(&lun->lun_lock);
9155#ifdef CTL_WITH_CA
9156	if (ctl_is_set(lun->have_ca, initidx)) {
9157		scsi_sense_data_type stored_format;
9158
9159		/*
9160		 * Check to see which sense format was used for the stored
9161		 * sense data.
9162		 */
9163		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9164
9165		/*
9166		 * If the user requested a different sense format than the
9167		 * one we stored, then we need to convert it to the other
9168		 * format.  If we're going from descriptor to fixed format
9169		 * sense data, we may lose things in translation, depending
9170		 * on what options were used.
9171		 *
9172		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9173		 * for some reason we'll just copy it out as-is.
9174		 */
9175		if ((stored_format == SSD_TYPE_FIXED)
9176		 && (sense_format == SSD_TYPE_DESC))
9177			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9178			    &lun->pending_sense[initidx],
9179			    (struct scsi_sense_data_desc *)sense_ptr);
9180		else if ((stored_format == SSD_TYPE_DESC)
9181		      && (sense_format == SSD_TYPE_FIXED))
9182			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9183			    &lun->pending_sense[initidx],
9184			    (struct scsi_sense_data_fixed *)sense_ptr);
9185		else
9186			memcpy(sense_ptr, &lun->pending_sense[initidx],
9187			       MIN(sizeof(*sense_ptr),
9188			       sizeof(lun->pending_sense[initidx])));
9189
9190		ctl_clear_mask(lun->have_ca, initidx);
9191		have_error = 1;
9192	} else
9193#endif
9194	{
9195		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9196		if (ua_type != CTL_UA_NONE)
9197			have_error = 1;
9198		if (ua_type == CTL_UA_LUN_CHANGE) {
9199			mtx_unlock(&lun->lun_lock);
9200			mtx_lock(&ctl_softc->ctl_lock);
9201			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9202			mtx_unlock(&ctl_softc->ctl_lock);
9203			mtx_lock(&lun->lun_lock);
9204		}
9205
9206	}
9207	mtx_unlock(&lun->lun_lock);
9208
9209	/*
9210	 * We already have a pending error, return it.
9211	 */
9212	if (have_error != 0) {
9213		/*
9214		 * We report the SCSI status as OK, since the status of the
9215		 * request sense command itself is OK.
9216		 * We report 0 for the sense length, because we aren't doing
9217		 * autosense in this case.  We're reporting sense as
9218		 * parameter data.
9219		 */
9220		ctl_set_success(ctsio);
9221		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9222		ctsio->be_move_done = ctl_config_move_done;
9223		ctl_datamove((union ctl_io *)ctsio);
9224		return (CTL_RETVAL_COMPLETE);
9225	}
9226
9227no_sense:
9228
9229	/*
9230	 * No sense information to report, so we report that everything is
9231	 * okay.
9232	 */
9233	ctl_set_sense_data(sense_ptr,
9234			   lun,
9235			   sense_format,
9236			   /*current_error*/ 1,
9237			   /*sense_key*/ SSD_KEY_NO_SENSE,
9238			   /*asc*/ 0x00,
9239			   /*ascq*/ 0x00,
9240			   SSD_ELEM_NONE);
9241
9242	/*
9243	 * We report 0 for the sense length, because we aren't doing
9244	 * autosense in this case.  We're reporting sense as parameter data.
9245	 */
9246	ctl_set_success(ctsio);
9247	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9248	ctsio->be_move_done = ctl_config_move_done;
9249	ctl_datamove((union ctl_io *)ctsio);
9250	return (CTL_RETVAL_COMPLETE);
9251}
9252
9253int
9254ctl_tur(struct ctl_scsiio *ctsio)
9255{
9256
9257	CTL_DEBUG_PRINT(("ctl_tur\n"));
9258
9259	ctl_set_success(ctsio);
9260	ctl_done((union ctl_io *)ctsio);
9261
9262	return (CTL_RETVAL_COMPLETE);
9263}
9264
9265/*
9266 * SCSI VPD page 0x00, the Supported VPD Pages page.
9267 */
9268static int
9269ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9270{
9271	struct scsi_vpd_supported_pages *pages;
9272	int sup_page_size;
9273	struct ctl_lun *lun;
9274	int p;
9275
9276	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9277
9278	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9279	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9280	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9281	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9282	ctsio->kern_sg_entries = 0;
9283
9284	if (sup_page_size < alloc_len) {
9285		ctsio->residual = alloc_len - sup_page_size;
9286		ctsio->kern_data_len = sup_page_size;
9287		ctsio->kern_total_len = sup_page_size;
9288	} else {
9289		ctsio->residual = 0;
9290		ctsio->kern_data_len = alloc_len;
9291		ctsio->kern_total_len = alloc_len;
9292	}
9293	ctsio->kern_data_resid = 0;
9294	ctsio->kern_rel_offset = 0;
9295	ctsio->kern_sg_entries = 0;
9296
9297	/*
9298	 * The control device is always connected.  The disk device, on the
9299	 * other hand, may not be online all the time.  Need to change this
9300	 * to figure out whether the disk device is actually online or not.
9301	 */
9302	if (lun != NULL)
9303		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9304				lun->be_lun->lun_type;
9305	else
9306		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9307
9308	p = 0;
9309	/* Supported VPD pages */
9310	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9311	/* Serial Number */
9312	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9313	/* Device Identification */
9314	pages->page_list[p++] = SVPD_DEVICE_ID;
9315	/* Extended INQUIRY Data */
9316	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9317	/* Mode Page Policy */
9318	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9319	/* SCSI Ports */
9320	pages->page_list[p++] = SVPD_SCSI_PORTS;
9321	/* Third-party Copy */
9322	pages->page_list[p++] = SVPD_SCSI_TPC;
9323	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9324		/* Block limits */
9325		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9326		/* Block Device Characteristics */
9327		pages->page_list[p++] = SVPD_BDC;
9328		/* Logical Block Provisioning */
9329		pages->page_list[p++] = SVPD_LBP;
9330	}
9331	pages->length = p;
9332
9333	ctl_set_success(ctsio);
9334	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9335	ctsio->be_move_done = ctl_config_move_done;
9336	ctl_datamove((union ctl_io *)ctsio);
9337	return (CTL_RETVAL_COMPLETE);
9338}
9339
9340/*
9341 * SCSI VPD page 0x80, the Unit Serial Number page.
9342 */
9343static int
9344ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9345{
9346	struct scsi_vpd_unit_serial_number *sn_ptr;
9347	struct ctl_lun *lun;
9348	int data_len;
9349
9350	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9351
9352	data_len = 4 + CTL_SN_LEN;
9353	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9354	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9355	if (data_len < alloc_len) {
9356		ctsio->residual = alloc_len - data_len;
9357		ctsio->kern_data_len = data_len;
9358		ctsio->kern_total_len = data_len;
9359	} else {
9360		ctsio->residual = 0;
9361		ctsio->kern_data_len = alloc_len;
9362		ctsio->kern_total_len = alloc_len;
9363	}
9364	ctsio->kern_data_resid = 0;
9365	ctsio->kern_rel_offset = 0;
9366	ctsio->kern_sg_entries = 0;
9367
9368	/*
9369	 * The control device is always connected.  The disk device, on the
9370	 * other hand, may not be online all the time.  Need to change this
9371	 * to figure out whether the disk device is actually online or not.
9372	 */
9373	if (lun != NULL)
9374		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9375				  lun->be_lun->lun_type;
9376	else
9377		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9378
9379	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9380	sn_ptr->length = CTL_SN_LEN;
9381	/*
9382	 * If we don't have a LUN, we just leave the serial number as
9383	 * all spaces.
9384	 */
9385	if (lun != NULL) {
9386		strncpy((char *)sn_ptr->serial_num,
9387			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9388	} else
9389		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9390
9391	ctl_set_success(ctsio);
9392	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9393	ctsio->be_move_done = ctl_config_move_done;
9394	ctl_datamove((union ctl_io *)ctsio);
9395	return (CTL_RETVAL_COMPLETE);
9396}
9397
9398
9399/*
9400 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9401 */
9402static int
9403ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9404{
9405	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9406	struct ctl_lun *lun;
9407	int data_len;
9408
9409	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9410
9411	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9412	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9413	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9414	ctsio->kern_sg_entries = 0;
9415
9416	if (data_len < alloc_len) {
9417		ctsio->residual = alloc_len - data_len;
9418		ctsio->kern_data_len = data_len;
9419		ctsio->kern_total_len = data_len;
9420	} else {
9421		ctsio->residual = 0;
9422		ctsio->kern_data_len = alloc_len;
9423		ctsio->kern_total_len = alloc_len;
9424	}
9425	ctsio->kern_data_resid = 0;
9426	ctsio->kern_rel_offset = 0;
9427	ctsio->kern_sg_entries = 0;
9428
9429	/*
9430	 * The control device is always connected.  The disk device, on the
9431	 * other hand, may not be online all the time.
9432	 */
9433	if (lun != NULL)
9434		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9435				     lun->be_lun->lun_type;
9436	else
9437		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9438	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9439	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9440	/*
9441	 * We support head of queue, ordered and simple tags.
9442	 */
9443	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9444	/*
9445	 * Volatile cache supported.
9446	 */
9447	eid_ptr->flags3 = SVPD_EID_V_SUP;
9448
9449	/*
9450	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9451	 * attention for a particular IT nexus on all LUNs once we report
9452	 * it to that nexus once.  This bit is required as of SPC-4.
9453	 */
9454	eid_ptr->flags4 = SVPD_EID_LUICLT;
9455
9456	/*
9457	 * XXX KDM in order to correctly answer this, we would need
9458	 * information from the SIM to determine how much sense data it
9459	 * can send.  So this would really be a path inquiry field, most
9460	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9461	 * but the hardware may or may not be able to support that much.
9462	 * 0 just means that the maximum sense data length is not reported.
9463	 */
9464	eid_ptr->max_sense_length = 0;
9465
9466	ctl_set_success(ctsio);
9467	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9468	ctsio->be_move_done = ctl_config_move_done;
9469	ctl_datamove((union ctl_io *)ctsio);
9470	return (CTL_RETVAL_COMPLETE);
9471}
9472
9473static int
9474ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9475{
9476	struct scsi_vpd_mode_page_policy *mpp_ptr;
9477	struct ctl_lun *lun;
9478	int data_len;
9479
9480	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9481
9482	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9483	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9484
9485	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9486	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9487	ctsio->kern_sg_entries = 0;
9488
9489	if (data_len < alloc_len) {
9490		ctsio->residual = alloc_len - data_len;
9491		ctsio->kern_data_len = data_len;
9492		ctsio->kern_total_len = data_len;
9493	} else {
9494		ctsio->residual = 0;
9495		ctsio->kern_data_len = alloc_len;
9496		ctsio->kern_total_len = alloc_len;
9497	}
9498	ctsio->kern_data_resid = 0;
9499	ctsio->kern_rel_offset = 0;
9500	ctsio->kern_sg_entries = 0;
9501
9502	/*
9503	 * The control device is always connected.  The disk device, on the
9504	 * other hand, may not be online all the time.
9505	 */
9506	if (lun != NULL)
9507		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9508				     lun->be_lun->lun_type;
9509	else
9510		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9511	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9512	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9513	mpp_ptr->descr[0].page_code = 0x3f;
9514	mpp_ptr->descr[0].subpage_code = 0xff;
9515	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9516
9517	ctl_set_success(ctsio);
9518	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9519	ctsio->be_move_done = ctl_config_move_done;
9520	ctl_datamove((union ctl_io *)ctsio);
9521	return (CTL_RETVAL_COMPLETE);
9522}
9523
9524/*
9525 * SCSI VPD page 0x83, the Device Identification page.
9526 */
9527static int
9528ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9529{
9530	struct scsi_vpd_device_id *devid_ptr;
9531	struct scsi_vpd_id_descriptor *desc;
9532	struct ctl_softc *softc;
9533	struct ctl_lun *lun;
9534	struct ctl_port *port;
9535	int data_len;
9536	uint8_t proto;
9537
9538	softc = control_softc;
9539
9540	port = ctl_io_port(&ctsio->io_hdr);
9541	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9542
9543	data_len = sizeof(struct scsi_vpd_device_id) +
9544	    sizeof(struct scsi_vpd_id_descriptor) +
9545		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9546	    sizeof(struct scsi_vpd_id_descriptor) +
9547		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9548	if (lun && lun->lun_devid)
9549		data_len += lun->lun_devid->len;
9550	if (port && port->port_devid)
9551		data_len += port->port_devid->len;
9552	if (port && port->target_devid)
9553		data_len += port->target_devid->len;
9554
9555	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9556	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9557	ctsio->kern_sg_entries = 0;
9558
9559	if (data_len < alloc_len) {
9560		ctsio->residual = alloc_len - data_len;
9561		ctsio->kern_data_len = data_len;
9562		ctsio->kern_total_len = data_len;
9563	} else {
9564		ctsio->residual = 0;
9565		ctsio->kern_data_len = alloc_len;
9566		ctsio->kern_total_len = alloc_len;
9567	}
9568	ctsio->kern_data_resid = 0;
9569	ctsio->kern_rel_offset = 0;
9570	ctsio->kern_sg_entries = 0;
9571
9572	/*
9573	 * The control device is always connected.  The disk device, on the
9574	 * other hand, may not be online all the time.
9575	 */
9576	if (lun != NULL)
9577		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9578				     lun->be_lun->lun_type;
9579	else
9580		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9581	devid_ptr->page_code = SVPD_DEVICE_ID;
9582	scsi_ulto2b(data_len - 4, devid_ptr->length);
9583
9584	if (port && port->port_type == CTL_PORT_FC)
9585		proto = SCSI_PROTO_FC << 4;
9586	else if (port && port->port_type == CTL_PORT_ISCSI)
9587		proto = SCSI_PROTO_ISCSI << 4;
9588	else
9589		proto = SCSI_PROTO_SPI << 4;
9590	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9591
9592	/*
9593	 * We're using a LUN association here.  i.e., this device ID is a
9594	 * per-LUN identifier.
9595	 */
9596	if (lun && lun->lun_devid) {
9597		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9598		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9599		    lun->lun_devid->len);
9600	}
9601
9602	/*
9603	 * This is for the WWPN which is a port association.
9604	 */
9605	if (port && port->port_devid) {
9606		memcpy(desc, port->port_devid->data, port->port_devid->len);
9607		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9608		    port->port_devid->len);
9609	}
9610
9611	/*
9612	 * This is for the Relative Target Port(type 4h) identifier
9613	 */
9614	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9615	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9616	    SVPD_ID_TYPE_RELTARG;
9617	desc->length = 4;
9618	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9619	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9620	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9621
9622	/*
9623	 * This is for the Target Port Group(type 5h) identifier
9624	 */
9625	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9626	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9627	    SVPD_ID_TYPE_TPORTGRP;
9628	desc->length = 4;
9629	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9630	    &desc->identifier[2]);
9631	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9632	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9633
9634	/*
9635	 * This is for the Target identifier
9636	 */
9637	if (port && port->target_devid) {
9638		memcpy(desc, port->target_devid->data, port->target_devid->len);
9639	}
9640
9641	ctl_set_success(ctsio);
9642	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9643	ctsio->be_move_done = ctl_config_move_done;
9644	ctl_datamove((union ctl_io *)ctsio);
9645	return (CTL_RETVAL_COMPLETE);
9646}
9647
9648static int
9649ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9650{
9651	struct ctl_softc *softc = control_softc;
9652	struct scsi_vpd_scsi_ports *sp;
9653	struct scsi_vpd_port_designation *pd;
9654	struct scsi_vpd_port_designation_cont *pdc;
9655	struct ctl_lun *lun;
9656	struct ctl_port *port;
9657	int data_len, num_target_ports, iid_len, id_len;
9658
9659	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9660
9661	num_target_ports = 0;
9662	iid_len = 0;
9663	id_len = 0;
9664	mtx_lock(&softc->ctl_lock);
9665	STAILQ_FOREACH(port, &softc->port_list, links) {
9666		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9667			continue;
9668		if (lun != NULL &&
9669		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9670			continue;
9671		num_target_ports++;
9672		if (port->init_devid)
9673			iid_len += port->init_devid->len;
9674		if (port->port_devid)
9675			id_len += port->port_devid->len;
9676	}
9677	mtx_unlock(&softc->ctl_lock);
9678
9679	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9680	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9681	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9682	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9683	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9684	ctsio->kern_sg_entries = 0;
9685
9686	if (data_len < alloc_len) {
9687		ctsio->residual = alloc_len - data_len;
9688		ctsio->kern_data_len = data_len;
9689		ctsio->kern_total_len = data_len;
9690	} else {
9691		ctsio->residual = 0;
9692		ctsio->kern_data_len = alloc_len;
9693		ctsio->kern_total_len = alloc_len;
9694	}
9695	ctsio->kern_data_resid = 0;
9696	ctsio->kern_rel_offset = 0;
9697	ctsio->kern_sg_entries = 0;
9698
9699	/*
9700	 * The control device is always connected.  The disk device, on the
9701	 * other hand, may not be online all the time.  Need to change this
9702	 * to figure out whether the disk device is actually online or not.
9703	 */
9704	if (lun != NULL)
9705		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9706				  lun->be_lun->lun_type;
9707	else
9708		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9709
9710	sp->page_code = SVPD_SCSI_PORTS;
9711	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9712	    sp->page_length);
9713	pd = &sp->design[0];
9714
9715	mtx_lock(&softc->ctl_lock);
9716	STAILQ_FOREACH(port, &softc->port_list, links) {
9717		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9718			continue;
9719		if (lun != NULL &&
9720		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9721			continue;
9722		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9723		if (port->init_devid) {
9724			iid_len = port->init_devid->len;
9725			memcpy(pd->initiator_transportid,
9726			    port->init_devid->data, port->init_devid->len);
9727		} else
9728			iid_len = 0;
9729		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9730		pdc = (struct scsi_vpd_port_designation_cont *)
9731		    (&pd->initiator_transportid[iid_len]);
9732		if (port->port_devid) {
9733			id_len = port->port_devid->len;
9734			memcpy(pdc->target_port_descriptors,
9735			    port->port_devid->data, port->port_devid->len);
9736		} else
9737			id_len = 0;
9738		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9739		pd = (struct scsi_vpd_port_designation *)
9740		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9741	}
9742	mtx_unlock(&softc->ctl_lock);
9743
9744	ctl_set_success(ctsio);
9745	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9746	ctsio->be_move_done = ctl_config_move_done;
9747	ctl_datamove((union ctl_io *)ctsio);
9748	return (CTL_RETVAL_COMPLETE);
9749}
9750
9751static int
9752ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9753{
9754	struct scsi_vpd_block_limits *bl_ptr;
9755	struct ctl_lun *lun;
9756
9757	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9758
9759	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9760	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9761	ctsio->kern_sg_entries = 0;
9762
9763	if (sizeof(*bl_ptr) < alloc_len) {
9764		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9765		ctsio->kern_data_len = sizeof(*bl_ptr);
9766		ctsio->kern_total_len = sizeof(*bl_ptr);
9767	} else {
9768		ctsio->residual = 0;
9769		ctsio->kern_data_len = alloc_len;
9770		ctsio->kern_total_len = alloc_len;
9771	}
9772	ctsio->kern_data_resid = 0;
9773	ctsio->kern_rel_offset = 0;
9774	ctsio->kern_sg_entries = 0;
9775
9776	/*
9777	 * The control device is always connected.  The disk device, on the
9778	 * other hand, may not be online all the time.  Need to change this
9779	 * to figure out whether the disk device is actually online or not.
9780	 */
9781	if (lun != NULL)
9782		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9783				  lun->be_lun->lun_type;
9784	else
9785		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9786
9787	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9788	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9789	bl_ptr->max_cmp_write_len = 0xff;
9790	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9791	if (lun != NULL) {
9792		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9793		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9794			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9795			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9796			if (lun->be_lun->ublockexp != 0) {
9797				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9798				    bl_ptr->opt_unmap_grain);
9799				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9800				    bl_ptr->unmap_grain_align);
9801			}
9802		}
9803		scsi_ulto4b(lun->be_lun->atomicblock,
9804		    bl_ptr->max_atomic_transfer_length);
9805		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9806		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9807		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9808		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9809	}
9810	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9811
9812	ctl_set_success(ctsio);
9813	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9814	ctsio->be_move_done = ctl_config_move_done;
9815	ctl_datamove((union ctl_io *)ctsio);
9816	return (CTL_RETVAL_COMPLETE);
9817}
9818
9819static int
9820ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9821{
9822	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9823	struct ctl_lun *lun;
9824	const char *value;
9825	u_int i;
9826
9827	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9828
9829	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9830	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9831	ctsio->kern_sg_entries = 0;
9832
9833	if (sizeof(*bdc_ptr) < alloc_len) {
9834		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9835		ctsio->kern_data_len = sizeof(*bdc_ptr);
9836		ctsio->kern_total_len = sizeof(*bdc_ptr);
9837	} else {
9838		ctsio->residual = 0;
9839		ctsio->kern_data_len = alloc_len;
9840		ctsio->kern_total_len = alloc_len;
9841	}
9842	ctsio->kern_data_resid = 0;
9843	ctsio->kern_rel_offset = 0;
9844	ctsio->kern_sg_entries = 0;
9845
9846	/*
9847	 * The control device is always connected.  The disk device, on the
9848	 * other hand, may not be online all the time.  Need to change this
9849	 * to figure out whether the disk device is actually online or not.
9850	 */
9851	if (lun != NULL)
9852		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9853				  lun->be_lun->lun_type;
9854	else
9855		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9856	bdc_ptr->page_code = SVPD_BDC;
9857	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9858	if (lun != NULL &&
9859	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9860		i = strtol(value, NULL, 0);
9861	else
9862		i = CTL_DEFAULT_ROTATION_RATE;
9863	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9864	if (lun != NULL &&
9865	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9866		i = strtol(value, NULL, 0);
9867	else
9868		i = 0;
9869	bdc_ptr->wab_wac_ff = (i & 0x0f);
9870	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9871
9872	ctl_set_success(ctsio);
9873	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9874	ctsio->be_move_done = ctl_config_move_done;
9875	ctl_datamove((union ctl_io *)ctsio);
9876	return (CTL_RETVAL_COMPLETE);
9877}
9878
9879static int
9880ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9881{
9882	struct scsi_vpd_logical_block_prov *lbp_ptr;
9883	struct ctl_lun *lun;
9884
9885	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9886
9887	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9888	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9889	ctsio->kern_sg_entries = 0;
9890
9891	if (sizeof(*lbp_ptr) < alloc_len) {
9892		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9893		ctsio->kern_data_len = sizeof(*lbp_ptr);
9894		ctsio->kern_total_len = sizeof(*lbp_ptr);
9895	} else {
9896		ctsio->residual = 0;
9897		ctsio->kern_data_len = alloc_len;
9898		ctsio->kern_total_len = alloc_len;
9899	}
9900	ctsio->kern_data_resid = 0;
9901	ctsio->kern_rel_offset = 0;
9902	ctsio->kern_sg_entries = 0;
9903
9904	/*
9905	 * The control device is always connected.  The disk device, on the
9906	 * other hand, may not be online all the time.  Need to change this
9907	 * to figure out whether the disk device is actually online or not.
9908	 */
9909	if (lun != NULL)
9910		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9911				  lun->be_lun->lun_type;
9912	else
9913		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9914
9915	lbp_ptr->page_code = SVPD_LBP;
9916	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9917	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9918	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9919		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9920		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9921		lbp_ptr->prov_type = SVPD_LBP_THIN;
9922	}
9923
9924	ctl_set_success(ctsio);
9925	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9926	ctsio->be_move_done = ctl_config_move_done;
9927	ctl_datamove((union ctl_io *)ctsio);
9928	return (CTL_RETVAL_COMPLETE);
9929}
9930
9931/*
9932 * INQUIRY with the EVPD bit set.
9933 */
9934static int
9935ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9936{
9937	struct ctl_lun *lun;
9938	struct scsi_inquiry *cdb;
9939	int alloc_len, retval;
9940
9941	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9942	cdb = (struct scsi_inquiry *)ctsio->cdb;
9943	alloc_len = scsi_2btoul(cdb->length);
9944
9945	switch (cdb->page_code) {
9946	case SVPD_SUPPORTED_PAGES:
9947		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9948		break;
9949	case SVPD_UNIT_SERIAL_NUMBER:
9950		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9951		break;
9952	case SVPD_DEVICE_ID:
9953		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9954		break;
9955	case SVPD_EXTENDED_INQUIRY_DATA:
9956		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9957		break;
9958	case SVPD_MODE_PAGE_POLICY:
9959		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9960		break;
9961	case SVPD_SCSI_PORTS:
9962		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9963		break;
9964	case SVPD_SCSI_TPC:
9965		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9966		break;
9967	case SVPD_BLOCK_LIMITS:
9968		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9969			goto err;
9970		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9971		break;
9972	case SVPD_BDC:
9973		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9974			goto err;
9975		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9976		break;
9977	case SVPD_LBP:
9978		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9979			goto err;
9980		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9981		break;
9982	default:
9983err:
9984		ctl_set_invalid_field(ctsio,
9985				      /*sks_valid*/ 1,
9986				      /*command*/ 1,
9987				      /*field*/ 2,
9988				      /*bit_valid*/ 0,
9989				      /*bit*/ 0);
9990		ctl_done((union ctl_io *)ctsio);
9991		retval = CTL_RETVAL_COMPLETE;
9992		break;
9993	}
9994
9995	return (retval);
9996}
9997
9998/*
9999 * Standard INQUIRY data.
10000 */
10001static int
10002ctl_inquiry_std(struct ctl_scsiio *ctsio)
10003{
10004	struct scsi_inquiry_data *inq_ptr;
10005	struct scsi_inquiry *cdb;
10006	struct ctl_softc *softc = control_softc;
10007	struct ctl_port *port;
10008	struct ctl_lun *lun;
10009	char *val;
10010	uint32_t alloc_len, data_len;
10011	ctl_port_type port_type;
10012
10013	port = ctl_io_port(&ctsio->io_hdr);
10014	port_type = port->port_type;
10015	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10016		port_type = CTL_PORT_SCSI;
10017
10018	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10019	cdb = (struct scsi_inquiry *)ctsio->cdb;
10020	alloc_len = scsi_2btoul(cdb->length);
10021
10022	/*
10023	 * We malloc the full inquiry data size here and fill it
10024	 * in.  If the user only asks for less, we'll give him
10025	 * that much.
10026	 */
10027	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10028	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10029	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10030	ctsio->kern_sg_entries = 0;
10031	ctsio->kern_data_resid = 0;
10032	ctsio->kern_rel_offset = 0;
10033
10034	if (data_len < alloc_len) {
10035		ctsio->residual = alloc_len - data_len;
10036		ctsio->kern_data_len = data_len;
10037		ctsio->kern_total_len = data_len;
10038	} else {
10039		ctsio->residual = 0;
10040		ctsio->kern_data_len = alloc_len;
10041		ctsio->kern_total_len = alloc_len;
10042	}
10043
10044	if (lun != NULL) {
10045		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10046		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10047			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10048			    lun->be_lun->lun_type;
10049		} else {
10050			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10051			    lun->be_lun->lun_type;
10052		}
10053	} else
10054		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10055
10056	/* RMB in byte 2 is 0 */
10057	inq_ptr->version = SCSI_REV_SPC4;
10058
10059	/*
10060	 * According to SAM-3, even if a device only supports a single
10061	 * level of LUN addressing, it should still set the HISUP bit:
10062	 *
10063	 * 4.9.1 Logical unit numbers overview
10064	 *
10065	 * All logical unit number formats described in this standard are
10066	 * hierarchical in structure even when only a single level in that
10067	 * hierarchy is used. The HISUP bit shall be set to one in the
10068	 * standard INQUIRY data (see SPC-2) when any logical unit number
10069	 * format described in this standard is used.  Non-hierarchical
10070	 * formats are outside the scope of this standard.
10071	 *
10072	 * Therefore we set the HiSup bit here.
10073	 *
10074	 * The reponse format is 2, per SPC-3.
10075	 */
10076	inq_ptr->response_format = SID_HiSup | 2;
10077
10078	inq_ptr->additional_length = data_len -
10079	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10080	CTL_DEBUG_PRINT(("additional_length = %d\n",
10081			 inq_ptr->additional_length));
10082
10083	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10084	if (port_type == CTL_PORT_SCSI)
10085		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10086	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10087	inq_ptr->flags = SID_CmdQue;
10088	if (port_type == CTL_PORT_SCSI)
10089		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10090
10091	/*
10092	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10093	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10094	 * name and 4 bytes for the revision.
10095	 */
10096	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10097	    "vendor")) == NULL) {
10098		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10099	} else {
10100		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10101		strncpy(inq_ptr->vendor, val,
10102		    min(sizeof(inq_ptr->vendor), strlen(val)));
10103	}
10104	if (lun == NULL) {
10105		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10106		    sizeof(inq_ptr->product));
10107	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10108		switch (lun->be_lun->lun_type) {
10109		case T_DIRECT:
10110			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10111			    sizeof(inq_ptr->product));
10112			break;
10113		case T_PROCESSOR:
10114			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10115			    sizeof(inq_ptr->product));
10116			break;
10117		default:
10118			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10119			    sizeof(inq_ptr->product));
10120			break;
10121		}
10122	} else {
10123		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10124		strncpy(inq_ptr->product, val,
10125		    min(sizeof(inq_ptr->product), strlen(val)));
10126	}
10127
10128	/*
10129	 * XXX make this a macro somewhere so it automatically gets
10130	 * incremented when we make changes.
10131	 */
10132	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10133	    "revision")) == NULL) {
10134		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10135	} else {
10136		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10137		strncpy(inq_ptr->revision, val,
10138		    min(sizeof(inq_ptr->revision), strlen(val)));
10139	}
10140
10141	/*
10142	 * For parallel SCSI, we support double transition and single
10143	 * transition clocking.  We also support QAS (Quick Arbitration
10144	 * and Selection) and Information Unit transfers on both the
10145	 * control and array devices.
10146	 */
10147	if (port_type == CTL_PORT_SCSI)
10148		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10149				    SID_SPI_IUS;
10150
10151	/* SAM-5 (no version claimed) */
10152	scsi_ulto2b(0x00A0, inq_ptr->version1);
10153	/* SPC-4 (no version claimed) */
10154	scsi_ulto2b(0x0460, inq_ptr->version2);
10155	if (port_type == CTL_PORT_FC) {
10156		/* FCP-2 ANSI INCITS.350:2003 */
10157		scsi_ulto2b(0x0917, inq_ptr->version3);
10158	} else if (port_type == CTL_PORT_SCSI) {
10159		/* SPI-4 ANSI INCITS.362:200x */
10160		scsi_ulto2b(0x0B56, inq_ptr->version3);
10161	} else if (port_type == CTL_PORT_ISCSI) {
10162		/* iSCSI (no version claimed) */
10163		scsi_ulto2b(0x0960, inq_ptr->version3);
10164	} else if (port_type == CTL_PORT_SAS) {
10165		/* SAS (no version claimed) */
10166		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10167	}
10168
10169	if (lun == NULL) {
10170		/* SBC-4 (no version claimed) */
10171		scsi_ulto2b(0x0600, inq_ptr->version4);
10172	} else {
10173		switch (lun->be_lun->lun_type) {
10174		case T_DIRECT:
10175			/* SBC-4 (no version claimed) */
10176			scsi_ulto2b(0x0600, inq_ptr->version4);
10177			break;
10178		case T_PROCESSOR:
10179		default:
10180			break;
10181		}
10182	}
10183
10184	ctl_set_success(ctsio);
10185	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10186	ctsio->be_move_done = ctl_config_move_done;
10187	ctl_datamove((union ctl_io *)ctsio);
10188	return (CTL_RETVAL_COMPLETE);
10189}
10190
10191int
10192ctl_inquiry(struct ctl_scsiio *ctsio)
10193{
10194	struct scsi_inquiry *cdb;
10195	int retval;
10196
10197	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10198
10199	cdb = (struct scsi_inquiry *)ctsio->cdb;
10200	if (cdb->byte2 & SI_EVPD)
10201		retval = ctl_inquiry_evpd(ctsio);
10202	else if (cdb->page_code == 0)
10203		retval = ctl_inquiry_std(ctsio);
10204	else {
10205		ctl_set_invalid_field(ctsio,
10206				      /*sks_valid*/ 1,
10207				      /*command*/ 1,
10208				      /*field*/ 2,
10209				      /*bit_valid*/ 0,
10210				      /*bit*/ 0);
10211		ctl_done((union ctl_io *)ctsio);
10212		return (CTL_RETVAL_COMPLETE);
10213	}
10214
10215	return (retval);
10216}
10217
10218/*
10219 * For known CDB types, parse the LBA and length.
10220 */
10221static int
10222ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10223{
10224	if (io->io_hdr.io_type != CTL_IO_SCSI)
10225		return (1);
10226
10227	switch (io->scsiio.cdb[0]) {
10228	case COMPARE_AND_WRITE: {
10229		struct scsi_compare_and_write *cdb;
10230
10231		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10232
10233		*lba = scsi_8btou64(cdb->addr);
10234		*len = cdb->length;
10235		break;
10236	}
10237	case READ_6:
10238	case WRITE_6: {
10239		struct scsi_rw_6 *cdb;
10240
10241		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10242
10243		*lba = scsi_3btoul(cdb->addr);
10244		/* only 5 bits are valid in the most significant address byte */
10245		*lba &= 0x1fffff;
10246		*len = cdb->length;
10247		break;
10248	}
10249	case READ_10:
10250	case WRITE_10: {
10251		struct scsi_rw_10 *cdb;
10252
10253		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10254
10255		*lba = scsi_4btoul(cdb->addr);
10256		*len = scsi_2btoul(cdb->length);
10257		break;
10258	}
10259	case WRITE_VERIFY_10: {
10260		struct scsi_write_verify_10 *cdb;
10261
10262		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10263
10264		*lba = scsi_4btoul(cdb->addr);
10265		*len = scsi_2btoul(cdb->length);
10266		break;
10267	}
10268	case READ_12:
10269	case WRITE_12: {
10270		struct scsi_rw_12 *cdb;
10271
10272		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10273
10274		*lba = scsi_4btoul(cdb->addr);
10275		*len = scsi_4btoul(cdb->length);
10276		break;
10277	}
10278	case WRITE_VERIFY_12: {
10279		struct scsi_write_verify_12 *cdb;
10280
10281		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10282
10283		*lba = scsi_4btoul(cdb->addr);
10284		*len = scsi_4btoul(cdb->length);
10285		break;
10286	}
10287	case READ_16:
10288	case WRITE_16: {
10289		struct scsi_rw_16 *cdb;
10290
10291		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10292
10293		*lba = scsi_8btou64(cdb->addr);
10294		*len = scsi_4btoul(cdb->length);
10295		break;
10296	}
10297	case WRITE_ATOMIC_16: {
10298		struct scsi_write_atomic_16 *cdb;
10299
10300		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10301
10302		*lba = scsi_8btou64(cdb->addr);
10303		*len = scsi_2btoul(cdb->length);
10304		break;
10305	}
10306	case WRITE_VERIFY_16: {
10307		struct scsi_write_verify_16 *cdb;
10308
10309		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10310
10311		*lba = scsi_8btou64(cdb->addr);
10312		*len = scsi_4btoul(cdb->length);
10313		break;
10314	}
10315	case WRITE_SAME_10: {
10316		struct scsi_write_same_10 *cdb;
10317
10318		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10319
10320		*lba = scsi_4btoul(cdb->addr);
10321		*len = scsi_2btoul(cdb->length);
10322		break;
10323	}
10324	case WRITE_SAME_16: {
10325		struct scsi_write_same_16 *cdb;
10326
10327		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10328
10329		*lba = scsi_8btou64(cdb->addr);
10330		*len = scsi_4btoul(cdb->length);
10331		break;
10332	}
10333	case VERIFY_10: {
10334		struct scsi_verify_10 *cdb;
10335
10336		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10337
10338		*lba = scsi_4btoul(cdb->addr);
10339		*len = scsi_2btoul(cdb->length);
10340		break;
10341	}
10342	case VERIFY_12: {
10343		struct scsi_verify_12 *cdb;
10344
10345		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10346
10347		*lba = scsi_4btoul(cdb->addr);
10348		*len = scsi_4btoul(cdb->length);
10349		break;
10350	}
10351	case VERIFY_16: {
10352		struct scsi_verify_16 *cdb;
10353
10354		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10355
10356		*lba = scsi_8btou64(cdb->addr);
10357		*len = scsi_4btoul(cdb->length);
10358		break;
10359	}
10360	case UNMAP: {
10361		*lba = 0;
10362		*len = UINT64_MAX;
10363		break;
10364	}
10365	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10366		struct scsi_get_lba_status *cdb;
10367
10368		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10369		*lba = scsi_8btou64(cdb->addr);
10370		*len = UINT32_MAX;
10371		break;
10372	}
10373	default:
10374		return (1);
10375		break; /* NOTREACHED */
10376	}
10377
10378	return (0);
10379}
10380
10381static ctl_action
10382ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10383    bool seq)
10384{
10385	uint64_t endlba1, endlba2;
10386
10387	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10388	endlba2 = lba2 + len2 - 1;
10389
10390	if ((endlba1 < lba2) || (endlba2 < lba1))
10391		return (CTL_ACTION_PASS);
10392	else
10393		return (CTL_ACTION_BLOCK);
10394}
10395
10396static int
10397ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10398{
10399	struct ctl_ptr_len_flags *ptrlen;
10400	struct scsi_unmap_desc *buf, *end, *range;
10401	uint64_t lba;
10402	uint32_t len;
10403
10404	/* If not UNMAP -- go other way. */
10405	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10406	    io->scsiio.cdb[0] != UNMAP)
10407		return (CTL_ACTION_ERROR);
10408
10409	/* If UNMAP without data -- block and wait for data. */
10410	ptrlen = (struct ctl_ptr_len_flags *)
10411	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10412	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10413	    ptrlen->ptr == NULL)
10414		return (CTL_ACTION_BLOCK);
10415
10416	/* UNMAP with data -- check for collision. */
10417	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10418	end = buf + ptrlen->len / sizeof(*buf);
10419	for (range = buf; range < end; range++) {
10420		lba = scsi_8btou64(range->lba);
10421		len = scsi_4btoul(range->length);
10422		if ((lba < lba2 + len2) && (lba + len > lba2))
10423			return (CTL_ACTION_BLOCK);
10424	}
10425	return (CTL_ACTION_PASS);
10426}
10427
10428static ctl_action
10429ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10430{
10431	uint64_t lba1, lba2;
10432	uint64_t len1, len2;
10433	int retval;
10434
10435	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10436		return (CTL_ACTION_ERROR);
10437
10438	retval = ctl_extent_check_unmap(io1, lba2, len2);
10439	if (retval != CTL_ACTION_ERROR)
10440		return (retval);
10441
10442	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10443		return (CTL_ACTION_ERROR);
10444
10445	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10446		seq = FALSE;
10447	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10448}
10449
10450static ctl_action
10451ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10452{
10453	uint64_t lba1, lba2;
10454	uint64_t len1, len2;
10455
10456	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10457		return (CTL_ACTION_PASS);
10458	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10459		return (CTL_ACTION_ERROR);
10460	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10461		return (CTL_ACTION_ERROR);
10462
10463	if (lba1 + len1 == lba2)
10464		return (CTL_ACTION_BLOCK);
10465	return (CTL_ACTION_PASS);
10466}
10467
10468static ctl_action
10469ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10470    union ctl_io *ooa_io)
10471{
10472	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10473	const ctl_serialize_action *serialize_row;
10474
10475	/*
10476	 * The initiator attempted multiple untagged commands at the same
10477	 * time.  Can't do that.
10478	 */
10479	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10480	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10481	 && ((pending_io->io_hdr.nexus.targ_port ==
10482	      ooa_io->io_hdr.nexus.targ_port)
10483	  && (pending_io->io_hdr.nexus.initid ==
10484	      ooa_io->io_hdr.nexus.initid))
10485	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10486	      CTL_FLAG_STATUS_SENT)) == 0))
10487		return (CTL_ACTION_OVERLAP);
10488
10489	/*
10490	 * The initiator attempted to send multiple tagged commands with
10491	 * the same ID.  (It's fine if different initiators have the same
10492	 * tag ID.)
10493	 *
10494	 * Even if all of those conditions are true, we don't kill the I/O
10495	 * if the command ahead of us has been aborted.  We won't end up
10496	 * sending it to the FETD, and it's perfectly legal to resend a
10497	 * command with the same tag number as long as the previous
10498	 * instance of this tag number has been aborted somehow.
10499	 */
10500	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10501	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10502	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10503	 && ((pending_io->io_hdr.nexus.targ_port ==
10504	      ooa_io->io_hdr.nexus.targ_port)
10505	  && (pending_io->io_hdr.nexus.initid ==
10506	      ooa_io->io_hdr.nexus.initid))
10507	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10508	      CTL_FLAG_STATUS_SENT)) == 0))
10509		return (CTL_ACTION_OVERLAP_TAG);
10510
10511	/*
10512	 * If we get a head of queue tag, SAM-3 says that we should
10513	 * immediately execute it.
10514	 *
10515	 * What happens if this command would normally block for some other
10516	 * reason?  e.g. a request sense with a head of queue tag
10517	 * immediately after a write.  Normally that would block, but this
10518	 * will result in its getting executed immediately...
10519	 *
10520	 * We currently return "pass" instead of "skip", so we'll end up
10521	 * going through the rest of the queue to check for overlapped tags.
10522	 *
10523	 * XXX KDM check for other types of blockage first??
10524	 */
10525	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10526		return (CTL_ACTION_PASS);
10527
10528	/*
10529	 * Ordered tags have to block until all items ahead of them
10530	 * have completed.  If we get called with an ordered tag, we always
10531	 * block, if something else is ahead of us in the queue.
10532	 */
10533	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10534		return (CTL_ACTION_BLOCK);
10535
10536	/*
10537	 * Simple tags get blocked until all head of queue and ordered tags
10538	 * ahead of them have completed.  I'm lumping untagged commands in
10539	 * with simple tags here.  XXX KDM is that the right thing to do?
10540	 */
10541	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10542	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10543	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10544	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10545		return (CTL_ACTION_BLOCK);
10546
10547	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10548	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10549
10550	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10551
10552	switch (serialize_row[pending_entry->seridx]) {
10553	case CTL_SER_BLOCK:
10554		return (CTL_ACTION_BLOCK);
10555	case CTL_SER_EXTENT:
10556		return (ctl_extent_check(ooa_io, pending_io,
10557		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10558	case CTL_SER_EXTENTOPT:
10559		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10560		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10561			return (ctl_extent_check(ooa_io, pending_io,
10562			    (lun->be_lun &&
10563			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10564		return (CTL_ACTION_PASS);
10565	case CTL_SER_EXTENTSEQ:
10566		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10567			return (ctl_extent_check_seq(ooa_io, pending_io));
10568		return (CTL_ACTION_PASS);
10569	case CTL_SER_PASS:
10570		return (CTL_ACTION_PASS);
10571	case CTL_SER_BLOCKOPT:
10572		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10573		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10574			return (CTL_ACTION_BLOCK);
10575		return (CTL_ACTION_PASS);
10576	case CTL_SER_SKIP:
10577		return (CTL_ACTION_SKIP);
10578	default:
10579		panic("invalid serialization value %d",
10580		      serialize_row[pending_entry->seridx]);
10581	}
10582
10583	return (CTL_ACTION_ERROR);
10584}
10585
10586/*
10587 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10588 * Assumptions:
10589 * - pending_io is generally either incoming, or on the blocked queue
10590 * - starting I/O is the I/O we want to start the check with.
10591 */
10592static ctl_action
10593ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10594	      union ctl_io *starting_io)
10595{
10596	union ctl_io *ooa_io;
10597	ctl_action action;
10598
10599	mtx_assert(&lun->lun_lock, MA_OWNED);
10600
10601	/*
10602	 * Run back along the OOA queue, starting with the current
10603	 * blocked I/O and going through every I/O before it on the
10604	 * queue.  If starting_io is NULL, we'll just end up returning
10605	 * CTL_ACTION_PASS.
10606	 */
10607	for (ooa_io = starting_io; ooa_io != NULL;
10608	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10609	     ooa_links)){
10610
10611		/*
10612		 * This routine just checks to see whether
10613		 * cur_blocked is blocked by ooa_io, which is ahead
10614		 * of it in the queue.  It doesn't queue/dequeue
10615		 * cur_blocked.
10616		 */
10617		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10618		switch (action) {
10619		case CTL_ACTION_BLOCK:
10620		case CTL_ACTION_OVERLAP:
10621		case CTL_ACTION_OVERLAP_TAG:
10622		case CTL_ACTION_SKIP:
10623		case CTL_ACTION_ERROR:
10624			return (action);
10625			break; /* NOTREACHED */
10626		case CTL_ACTION_PASS:
10627			break;
10628		default:
10629			panic("invalid action %d", action);
10630			break;  /* NOTREACHED */
10631		}
10632	}
10633
10634	return (CTL_ACTION_PASS);
10635}
10636
10637/*
10638 * Assumptions:
10639 * - An I/O has just completed, and has been removed from the per-LUN OOA
10640 *   queue, so some items on the blocked queue may now be unblocked.
10641 */
10642static int
10643ctl_check_blocked(struct ctl_lun *lun)
10644{
10645	struct ctl_softc *softc = lun->ctl_softc;
10646	union ctl_io *cur_blocked, *next_blocked;
10647
10648	mtx_assert(&lun->lun_lock, MA_OWNED);
10649
10650	/*
10651	 * Run forward from the head of the blocked queue, checking each
10652	 * entry against the I/Os prior to it on the OOA queue to see if
10653	 * there is still any blockage.
10654	 *
10655	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10656	 * with our removing a variable on it while it is traversing the
10657	 * list.
10658	 */
10659	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10660	     cur_blocked != NULL; cur_blocked = next_blocked) {
10661		union ctl_io *prev_ooa;
10662		ctl_action action;
10663
10664		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10665							  blocked_links);
10666
10667		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10668						      ctl_ooaq, ooa_links);
10669
10670		/*
10671		 * If cur_blocked happens to be the first item in the OOA
10672		 * queue now, prev_ooa will be NULL, and the action
10673		 * returned will just be CTL_ACTION_PASS.
10674		 */
10675		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10676
10677		switch (action) {
10678		case CTL_ACTION_BLOCK:
10679			/* Nothing to do here, still blocked */
10680			break;
10681		case CTL_ACTION_OVERLAP:
10682		case CTL_ACTION_OVERLAP_TAG:
10683			/*
10684			 * This shouldn't happen!  In theory we've already
10685			 * checked this command for overlap...
10686			 */
10687			break;
10688		case CTL_ACTION_PASS:
10689		case CTL_ACTION_SKIP: {
10690			const struct ctl_cmd_entry *entry;
10691
10692			/*
10693			 * The skip case shouldn't happen, this transaction
10694			 * should have never made it onto the blocked queue.
10695			 */
10696			/*
10697			 * This I/O is no longer blocked, we can remove it
10698			 * from the blocked queue.  Since this is a TAILQ
10699			 * (doubly linked list), we can do O(1) removals
10700			 * from any place on the list.
10701			 */
10702			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10703				     blocked_links);
10704			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10705
10706			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10707			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10708				/*
10709				 * Need to send IO back to original side to
10710				 * run
10711				 */
10712				union ctl_ha_msg msg_info;
10713
10714				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10715				msg_info.hdr.original_sc =
10716					cur_blocked->io_hdr.original_sc;
10717				msg_info.hdr.serializing_sc = cur_blocked;
10718				msg_info.hdr.msg_type = CTL_MSG_R2R;
10719				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10720				    sizeof(msg_info.hdr), M_NOWAIT);
10721				break;
10722			}
10723			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10724
10725			/*
10726			 * Check this I/O for LUN state changes that may
10727			 * have happened while this command was blocked.
10728			 * The LUN state may have been changed by a command
10729			 * ahead of us in the queue, so we need to re-check
10730			 * for any states that can be caused by SCSI
10731			 * commands.
10732			 */
10733			if (ctl_scsiio_lun_check(lun, entry,
10734						 &cur_blocked->scsiio) == 0) {
10735				cur_blocked->io_hdr.flags |=
10736				                      CTL_FLAG_IS_WAS_ON_RTR;
10737				ctl_enqueue_rtr(cur_blocked);
10738			} else
10739				ctl_done(cur_blocked);
10740			break;
10741		}
10742		default:
10743			/*
10744			 * This probably shouldn't happen -- we shouldn't
10745			 * get CTL_ACTION_ERROR, or anything else.
10746			 */
10747			break;
10748		}
10749	}
10750
10751	return (CTL_RETVAL_COMPLETE);
10752}
10753
10754/*
10755 * This routine (with one exception) checks LUN flags that can be set by
10756 * commands ahead of us in the OOA queue.  These flags have to be checked
10757 * when a command initially comes in, and when we pull a command off the
10758 * blocked queue and are preparing to execute it.  The reason we have to
10759 * check these flags for commands on the blocked queue is that the LUN
10760 * state may have been changed by a command ahead of us while we're on the
10761 * blocked queue.
10762 *
10763 * Ordering is somewhat important with these checks, so please pay
10764 * careful attention to the placement of any new checks.
10765 */
10766static int
10767ctl_scsiio_lun_check(struct ctl_lun *lun,
10768    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10769{
10770	struct ctl_softc *softc = lun->ctl_softc;
10771	int retval;
10772	uint32_t residx;
10773
10774	retval = 0;
10775
10776	mtx_assert(&lun->lun_lock, MA_OWNED);
10777
10778	/*
10779	 * If this shelf is a secondary shelf controller, we may have to
10780	 * reject some commands disallowed by HA mode and link state.
10781	 */
10782	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10783		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10784		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10785			ctl_set_lun_unavail(ctsio);
10786			retval = 1;
10787			goto bailout;
10788		}
10789		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10790		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10791			ctl_set_lun_transit(ctsio);
10792			retval = 1;
10793			goto bailout;
10794		}
10795		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10796		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10797			ctl_set_lun_standby(ctsio);
10798			retval = 1;
10799			goto bailout;
10800		}
10801
10802		/* The rest of checks are only done on executing side */
10803		if (softc->ha_mode == CTL_HA_MODE_XFER)
10804			goto bailout;
10805	}
10806
10807	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10808		if (lun->be_lun &&
10809		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10810			ctl_set_hw_write_protected(ctsio);
10811			retval = 1;
10812			goto bailout;
10813		}
10814		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10815		    .eca_and_aen & SCP_SWP) != 0) {
10816			ctl_set_sense(ctsio, /*current_error*/ 1,
10817			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10818			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10819			retval = 1;
10820			goto bailout;
10821		}
10822	}
10823
10824	/*
10825	 * Check for a reservation conflict.  If this command isn't allowed
10826	 * even on reserved LUNs, and if this initiator isn't the one who
10827	 * reserved us, reject the command with a reservation conflict.
10828	 */
10829	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10830	if ((lun->flags & CTL_LUN_RESERVED)
10831	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10832		if (lun->res_idx != residx) {
10833			ctl_set_reservation_conflict(ctsio);
10834			retval = 1;
10835			goto bailout;
10836		}
10837	}
10838
10839	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10840	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10841		/* No reservation or command is allowed. */;
10842	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10843	    (lun->res_type == SPR_TYPE_WR_EX ||
10844	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10845	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10846		/* The command is allowed for Write Exclusive resv. */;
10847	} else {
10848		/*
10849		 * if we aren't registered or it's a res holder type
10850		 * reservation and this isn't the res holder then set a
10851		 * conflict.
10852		 */
10853		if (ctl_get_prkey(lun, residx) == 0
10854		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10855			ctl_set_reservation_conflict(ctsio);
10856			retval = 1;
10857			goto bailout;
10858		}
10859	}
10860
10861	if ((lun->flags & CTL_LUN_OFFLINE)
10862	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10863		ctl_set_lun_not_ready(ctsio);
10864		retval = 1;
10865		goto bailout;
10866	}
10867
10868	if ((lun->flags & CTL_LUN_STOPPED)
10869	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10870		/* "Logical unit not ready, initializing cmd. required" */
10871		ctl_set_lun_stopped(ctsio);
10872		retval = 1;
10873		goto bailout;
10874	}
10875
10876	if ((lun->flags & CTL_LUN_INOPERABLE)
10877	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10878		/* "Medium format corrupted" */
10879		ctl_set_medium_format_corrupted(ctsio);
10880		retval = 1;
10881		goto bailout;
10882	}
10883
10884bailout:
10885	return (retval);
10886}
10887
10888static void
10889ctl_failover_io(union ctl_io *io, int have_lock)
10890{
10891	ctl_set_busy(&io->scsiio);
10892	ctl_done(io);
10893}
10894
10895static void
10896ctl_failover_lun(union ctl_io *rio)
10897{
10898	struct ctl_softc *softc = control_softc;
10899	struct ctl_lun *lun;
10900	struct ctl_io_hdr *io, *next_io;
10901	uint32_t targ_lun;
10902
10903	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
10904	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
10905
10906	/* Find and lock the LUN. */
10907	mtx_lock(&softc->ctl_lock);
10908	if ((targ_lun < CTL_MAX_LUNS) &&
10909	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
10910		mtx_lock(&lun->lun_lock);
10911		mtx_unlock(&softc->ctl_lock);
10912		if (lun->flags & CTL_LUN_DISABLED) {
10913			mtx_unlock(&lun->lun_lock);
10914			return;
10915		}
10916	} else {
10917		mtx_unlock(&softc->ctl_lock);
10918		return;
10919	}
10920
10921	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10922		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10923			/* We are master */
10924			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10925				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10926					io->flags |= CTL_FLAG_ABORT;
10927					io->flags |= CTL_FLAG_FAILOVER;
10928				} else { /* This can be only due to DATAMOVE */
10929					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10930					io->flags &= ~CTL_FLAG_DMA_INPROG;
10931					io->flags |= CTL_FLAG_IO_ACTIVE;
10932					io->port_status = 31340;
10933					ctl_enqueue_isc((union ctl_io *)io);
10934				}
10935			}
10936			/* We are slave */
10937			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10938				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10939				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10940					io->flags |= CTL_FLAG_FAILOVER;
10941				} else {
10942					ctl_set_busy(&((union ctl_io *)io)->
10943					    scsiio);
10944					ctl_done((union ctl_io *)io);
10945				}
10946			}
10947		}
10948	} else { /* SERIALIZE modes */
10949		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10950		    next_io) {
10951			/* We are master */
10952			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10953				TAILQ_REMOVE(&lun->blocked_queue, io,
10954				    blocked_links);
10955				io->flags &= ~CTL_FLAG_BLOCKED;
10956				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10957				ctl_free_io((union ctl_io *)io);
10958			}
10959		}
10960		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10961			/* We are master */
10962			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10963				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10964				ctl_free_io((union ctl_io *)io);
10965			}
10966			/* We are slave */
10967			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10968				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10969				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
10970					ctl_set_busy(&((union ctl_io *)io)->
10971					    scsiio);
10972					ctl_done((union ctl_io *)io);
10973				}
10974			}
10975		}
10976		ctl_check_blocked(lun);
10977	}
10978	mtx_unlock(&lun->lun_lock);
10979}
10980
10981static int
10982ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
10983{
10984	struct ctl_lun *lun;
10985	const struct ctl_cmd_entry *entry;
10986	uint32_t initidx, targ_lun;
10987	int retval;
10988
10989	retval = 0;
10990
10991	lun = NULL;
10992
10993	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
10994	if ((targ_lun < CTL_MAX_LUNS)
10995	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
10996		/*
10997		 * If the LUN is invalid, pretend that it doesn't exist.
10998		 * It will go away as soon as all pending I/O has been
10999		 * completed.
11000		 */
11001		mtx_lock(&lun->lun_lock);
11002		if (lun->flags & CTL_LUN_DISABLED) {
11003			mtx_unlock(&lun->lun_lock);
11004			lun = NULL;
11005			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11006			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11007		} else {
11008			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11009			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11010				lun->be_lun;
11011
11012			/*
11013			 * Every I/O goes into the OOA queue for a
11014			 * particular LUN, and stays there until completion.
11015			 */
11016#ifdef CTL_TIME_IO
11017			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11018				lun->idle_time += getsbinuptime() -
11019				    lun->last_busy;
11020			}
11021#endif
11022			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11023			    ooa_links);
11024		}
11025	} else {
11026		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11027		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11028	}
11029
11030	/* Get command entry and return error if it is unsuppotyed. */
11031	entry = ctl_validate_command(ctsio);
11032	if (entry == NULL) {
11033		if (lun)
11034			mtx_unlock(&lun->lun_lock);
11035		return (retval);
11036	}
11037
11038	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11039	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11040
11041	/*
11042	 * Check to see whether we can send this command to LUNs that don't
11043	 * exist.  This should pretty much only be the case for inquiry
11044	 * and request sense.  Further checks, below, really require having
11045	 * a LUN, so we can't really check the command anymore.  Just put
11046	 * it on the rtr queue.
11047	 */
11048	if (lun == NULL) {
11049		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11050			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11051			ctl_enqueue_rtr((union ctl_io *)ctsio);
11052			return (retval);
11053		}
11054
11055		ctl_set_unsupported_lun(ctsio);
11056		ctl_done((union ctl_io *)ctsio);
11057		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11058		return (retval);
11059	} else {
11060		/*
11061		 * Make sure we support this particular command on this LUN.
11062		 * e.g., we don't support writes to the control LUN.
11063		 */
11064		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11065			mtx_unlock(&lun->lun_lock);
11066			ctl_set_invalid_opcode(ctsio);
11067			ctl_done((union ctl_io *)ctsio);
11068			return (retval);
11069		}
11070	}
11071
11072	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11073
11074#ifdef CTL_WITH_CA
11075	/*
11076	 * If we've got a request sense, it'll clear the contingent
11077	 * allegiance condition.  Otherwise, if we have a CA condition for
11078	 * this initiator, clear it, because it sent down a command other
11079	 * than request sense.
11080	 */
11081	if ((ctsio->cdb[0] != REQUEST_SENSE)
11082	 && (ctl_is_set(lun->have_ca, initidx)))
11083		ctl_clear_mask(lun->have_ca, initidx);
11084#endif
11085
11086	/*
11087	 * If the command has this flag set, it handles its own unit
11088	 * attention reporting, we shouldn't do anything.  Otherwise we
11089	 * check for any pending unit attentions, and send them back to the
11090	 * initiator.  We only do this when a command initially comes in,
11091	 * not when we pull it off the blocked queue.
11092	 *
11093	 * According to SAM-3, section 5.3.2, the order that things get
11094	 * presented back to the host is basically unit attentions caused
11095	 * by some sort of reset event, busy status, reservation conflicts
11096	 * or task set full, and finally any other status.
11097	 *
11098	 * One issue here is that some of the unit attentions we report
11099	 * don't fall into the "reset" category (e.g. "reported luns data
11100	 * has changed").  So reporting it here, before the reservation
11101	 * check, may be technically wrong.  I guess the only thing to do
11102	 * would be to check for and report the reset events here, and then
11103	 * check for the other unit attention types after we check for a
11104	 * reservation conflict.
11105	 *
11106	 * XXX KDM need to fix this
11107	 */
11108	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11109		ctl_ua_type ua_type;
11110
11111		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11112		    SSD_TYPE_NONE);
11113		if (ua_type != CTL_UA_NONE) {
11114			mtx_unlock(&lun->lun_lock);
11115			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11116			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11117			ctsio->sense_len = SSD_FULL_SIZE;
11118			ctl_done((union ctl_io *)ctsio);
11119			return (retval);
11120		}
11121	}
11122
11123
11124	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11125		mtx_unlock(&lun->lun_lock);
11126		ctl_done((union ctl_io *)ctsio);
11127		return (retval);
11128	}
11129
11130	/*
11131	 * XXX CHD this is where we want to send IO to other side if
11132	 * this LUN is secondary on this SC. We will need to make a copy
11133	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11134	 * the copy we send as FROM_OTHER.
11135	 * We also need to stuff the address of the original IO so we can
11136	 * find it easily. Something similar will need be done on the other
11137	 * side so when we are done we can find the copy.
11138	 */
11139	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11140	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11141	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11142		union ctl_ha_msg msg_info;
11143		int isc_retval;
11144
11145		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11146		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11147		mtx_unlock(&lun->lun_lock);
11148
11149		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11150		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11151		msg_info.hdr.serializing_sc = NULL;
11152		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11153		msg_info.scsi.tag_num = ctsio->tag_num;
11154		msg_info.scsi.tag_type = ctsio->tag_type;
11155		msg_info.scsi.cdb_len = ctsio->cdb_len;
11156		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11157
11158		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11159		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11160		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11161			ctl_set_busy(ctsio);
11162			ctl_done((union ctl_io *)ctsio);
11163			return (retval);
11164		}
11165		return (retval);
11166	}
11167
11168	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11169			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11170			      ctl_ooaq, ooa_links))) {
11171	case CTL_ACTION_BLOCK:
11172		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11173		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11174				  blocked_links);
11175		mtx_unlock(&lun->lun_lock);
11176		return (retval);
11177	case CTL_ACTION_PASS:
11178	case CTL_ACTION_SKIP:
11179		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11180		mtx_unlock(&lun->lun_lock);
11181		ctl_enqueue_rtr((union ctl_io *)ctsio);
11182		break;
11183	case CTL_ACTION_OVERLAP:
11184		mtx_unlock(&lun->lun_lock);
11185		ctl_set_overlapped_cmd(ctsio);
11186		ctl_done((union ctl_io *)ctsio);
11187		break;
11188	case CTL_ACTION_OVERLAP_TAG:
11189		mtx_unlock(&lun->lun_lock);
11190		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11191		ctl_done((union ctl_io *)ctsio);
11192		break;
11193	case CTL_ACTION_ERROR:
11194	default:
11195		mtx_unlock(&lun->lun_lock);
11196		ctl_set_internal_failure(ctsio,
11197					 /*sks_valid*/ 0,
11198					 /*retry_count*/ 0);
11199		ctl_done((union ctl_io *)ctsio);
11200		break;
11201	}
11202	return (retval);
11203}
11204
11205const struct ctl_cmd_entry *
11206ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11207{
11208	const struct ctl_cmd_entry *entry;
11209	int service_action;
11210
11211	entry = &ctl_cmd_table[ctsio->cdb[0]];
11212	if (sa)
11213		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11214	if (entry->flags & CTL_CMD_FLAG_SA5) {
11215		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11216		entry = &((const struct ctl_cmd_entry *)
11217		    entry->execute)[service_action];
11218	}
11219	return (entry);
11220}
11221
11222const struct ctl_cmd_entry *
11223ctl_validate_command(struct ctl_scsiio *ctsio)
11224{
11225	const struct ctl_cmd_entry *entry;
11226	int i, sa;
11227	uint8_t diff;
11228
11229	entry = ctl_get_cmd_entry(ctsio, &sa);
11230	if (entry->execute == NULL) {
11231		if (sa)
11232			ctl_set_invalid_field(ctsio,
11233					      /*sks_valid*/ 1,
11234					      /*command*/ 1,
11235					      /*field*/ 1,
11236					      /*bit_valid*/ 1,
11237					      /*bit*/ 4);
11238		else
11239			ctl_set_invalid_opcode(ctsio);
11240		ctl_done((union ctl_io *)ctsio);
11241		return (NULL);
11242	}
11243	KASSERT(entry->length > 0,
11244	    ("Not defined length for command 0x%02x/0x%02x",
11245	     ctsio->cdb[0], ctsio->cdb[1]));
11246	for (i = 1; i < entry->length; i++) {
11247		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11248		if (diff == 0)
11249			continue;
11250		ctl_set_invalid_field(ctsio,
11251				      /*sks_valid*/ 1,
11252				      /*command*/ 1,
11253				      /*field*/ i,
11254				      /*bit_valid*/ 1,
11255				      /*bit*/ fls(diff) - 1);
11256		ctl_done((union ctl_io *)ctsio);
11257		return (NULL);
11258	}
11259	return (entry);
11260}
11261
11262static int
11263ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11264{
11265
11266	switch (lun_type) {
11267	case T_PROCESSOR:
11268		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11269			return (0);
11270		break;
11271	case T_DIRECT:
11272		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11273			return (0);
11274		break;
11275	default:
11276		return (0);
11277	}
11278	return (1);
11279}
11280
11281static int
11282ctl_scsiio(struct ctl_scsiio *ctsio)
11283{
11284	int retval;
11285	const struct ctl_cmd_entry *entry;
11286
11287	retval = CTL_RETVAL_COMPLETE;
11288
11289	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11290
11291	entry = ctl_get_cmd_entry(ctsio, NULL);
11292
11293	/*
11294	 * If this I/O has been aborted, just send it straight to
11295	 * ctl_done() without executing it.
11296	 */
11297	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11298		ctl_done((union ctl_io *)ctsio);
11299		goto bailout;
11300	}
11301
11302	/*
11303	 * All the checks should have been handled by ctl_scsiio_precheck().
11304	 * We should be clear now to just execute the I/O.
11305	 */
11306	retval = entry->execute(ctsio);
11307
11308bailout:
11309	return (retval);
11310}
11311
11312/*
11313 * Since we only implement one target right now, a bus reset simply resets
11314 * our single target.
11315 */
11316static int
11317ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11318{
11319	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11320}
11321
11322static int
11323ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11324		 ctl_ua_type ua_type)
11325{
11326	struct ctl_port *port;
11327	struct ctl_lun *lun;
11328	int retval;
11329
11330	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11331		union ctl_ha_msg msg_info;
11332
11333		msg_info.hdr.nexus = io->io_hdr.nexus;
11334		if (ua_type==CTL_UA_TARG_RESET)
11335			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11336		else
11337			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11338		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11339		msg_info.hdr.original_sc = NULL;
11340		msg_info.hdr.serializing_sc = NULL;
11341		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11342		    sizeof(msg_info.task), M_WAITOK);
11343	}
11344	retval = 0;
11345
11346	mtx_lock(&softc->ctl_lock);
11347	port = ctl_io_port(&io->io_hdr);
11348	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11349		if (port != NULL &&
11350		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11351			continue;
11352		retval += ctl_do_lun_reset(lun, io, ua_type);
11353	}
11354	mtx_unlock(&softc->ctl_lock);
11355	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11356	return (retval);
11357}
11358
11359/*
11360 * The LUN should always be set.  The I/O is optional, and is used to
11361 * distinguish between I/Os sent by this initiator, and by other
11362 * initiators.  We set unit attention for initiators other than this one.
11363 * SAM-3 is vague on this point.  It does say that a unit attention should
11364 * be established for other initiators when a LUN is reset (see section
11365 * 5.7.3), but it doesn't specifically say that the unit attention should
11366 * be established for this particular initiator when a LUN is reset.  Here
11367 * is the relevant text, from SAM-3 rev 8:
11368 *
11369 * 5.7.2 When a SCSI initiator port aborts its own tasks
11370 *
11371 * When a SCSI initiator port causes its own task(s) to be aborted, no
11372 * notification that the task(s) have been aborted shall be returned to
11373 * the SCSI initiator port other than the completion response for the
11374 * command or task management function action that caused the task(s) to
11375 * be aborted and notification(s) associated with related effects of the
11376 * action (e.g., a reset unit attention condition).
11377 *
11378 * XXX KDM for now, we're setting unit attention for all initiators.
11379 */
11380static int
11381ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11382{
11383	union ctl_io *xio;
11384#if 0
11385	uint32_t initidx;
11386#endif
11387#ifdef CTL_WITH_CA
11388	int i;
11389#endif
11390
11391	mtx_lock(&lun->lun_lock);
11392	/*
11393	 * Run through the OOA queue and abort each I/O.
11394	 */
11395	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11396	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11397		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11398	}
11399
11400	/*
11401	 * This version sets unit attention for every
11402	 */
11403#if 0
11404	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11405	ctl_est_ua_all(lun, initidx, ua_type);
11406#else
11407	ctl_est_ua_all(lun, -1, ua_type);
11408#endif
11409
11410	/*
11411	 * A reset (any kind, really) clears reservations established with
11412	 * RESERVE/RELEASE.  It does not clear reservations established
11413	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11414	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11415	 * reservations made with the RESERVE/RELEASE commands, because
11416	 * those commands are obsolete in SPC-3.
11417	 */
11418	lun->flags &= ~CTL_LUN_RESERVED;
11419
11420#ifdef CTL_WITH_CA
11421	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11422		ctl_clear_mask(lun->have_ca, i);
11423#endif
11424	mtx_unlock(&lun->lun_lock);
11425
11426	return (0);
11427}
11428
11429static int
11430ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11431{
11432	struct ctl_lun *lun;
11433	uint32_t targ_lun;
11434	int retval;
11435
11436	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11437	mtx_lock(&softc->ctl_lock);
11438	if ((targ_lun >= CTL_MAX_LUNS) ||
11439	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11440		mtx_unlock(&softc->ctl_lock);
11441		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11442		return (1);
11443	}
11444	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11445	mtx_unlock(&softc->ctl_lock);
11446	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11447
11448	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11449		union ctl_ha_msg msg_info;
11450
11451		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11452		msg_info.hdr.nexus = io->io_hdr.nexus;
11453		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11454		msg_info.hdr.original_sc = NULL;
11455		msg_info.hdr.serializing_sc = NULL;
11456		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11457		    sizeof(msg_info.task), M_WAITOK);
11458	}
11459	return (retval);
11460}
11461
11462static void
11463ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11464    int other_sc)
11465{
11466	union ctl_io *xio;
11467
11468	mtx_assert(&lun->lun_lock, MA_OWNED);
11469
11470	/*
11471	 * Run through the OOA queue and attempt to find the given I/O.
11472	 * The target port, initiator ID, tag type and tag number have to
11473	 * match the values that we got from the initiator.  If we have an
11474	 * untagged command to abort, simply abort the first untagged command
11475	 * we come to.  We only allow one untagged command at a time of course.
11476	 */
11477	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11478	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11479
11480		if ((targ_port == UINT32_MAX ||
11481		     targ_port == xio->io_hdr.nexus.targ_port) &&
11482		    (init_id == UINT32_MAX ||
11483		     init_id == xio->io_hdr.nexus.initid)) {
11484			if (targ_port != xio->io_hdr.nexus.targ_port ||
11485			    init_id != xio->io_hdr.nexus.initid)
11486				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11487			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11488			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11489				union ctl_ha_msg msg_info;
11490
11491				msg_info.hdr.nexus = xio->io_hdr.nexus;
11492				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11493				msg_info.task.tag_num = xio->scsiio.tag_num;
11494				msg_info.task.tag_type = xio->scsiio.tag_type;
11495				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11496				msg_info.hdr.original_sc = NULL;
11497				msg_info.hdr.serializing_sc = NULL;
11498				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11499				    sizeof(msg_info.task), M_NOWAIT);
11500			}
11501		}
11502	}
11503}
11504
11505static int
11506ctl_abort_task_set(union ctl_io *io)
11507{
11508	struct ctl_softc *softc = control_softc;
11509	struct ctl_lun *lun;
11510	uint32_t targ_lun;
11511
11512	/*
11513	 * Look up the LUN.
11514	 */
11515	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11516	mtx_lock(&softc->ctl_lock);
11517	if ((targ_lun >= CTL_MAX_LUNS) ||
11518	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11519		mtx_unlock(&softc->ctl_lock);
11520		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11521		return (1);
11522	}
11523
11524	mtx_lock(&lun->lun_lock);
11525	mtx_unlock(&softc->ctl_lock);
11526	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11527		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11528		    io->io_hdr.nexus.initid,
11529		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11530	} else { /* CTL_TASK_CLEAR_TASK_SET */
11531		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11532		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11533	}
11534	mtx_unlock(&lun->lun_lock);
11535	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11536	return (0);
11537}
11538
11539static int
11540ctl_i_t_nexus_reset(union ctl_io *io)
11541{
11542	struct ctl_softc *softc = control_softc;
11543	struct ctl_lun *lun;
11544	uint32_t initidx;
11545
11546	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11547		union ctl_ha_msg msg_info;
11548
11549		msg_info.hdr.nexus = io->io_hdr.nexus;
11550		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11551		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11552		msg_info.hdr.original_sc = NULL;
11553		msg_info.hdr.serializing_sc = NULL;
11554		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11555		    sizeof(msg_info.task), M_WAITOK);
11556	}
11557
11558	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11559	mtx_lock(&softc->ctl_lock);
11560	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11561		mtx_lock(&lun->lun_lock);
11562		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11563		    io->io_hdr.nexus.initid, 1);
11564#ifdef CTL_WITH_CA
11565		ctl_clear_mask(lun->have_ca, initidx);
11566#endif
11567		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11568			lun->flags &= ~CTL_LUN_RESERVED;
11569		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11570		mtx_unlock(&lun->lun_lock);
11571	}
11572	mtx_unlock(&softc->ctl_lock);
11573	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11574	return (0);
11575}
11576
11577static int
11578ctl_abort_task(union ctl_io *io)
11579{
11580	union ctl_io *xio;
11581	struct ctl_lun *lun;
11582	struct ctl_softc *softc;
11583#if 0
11584	struct sbuf sb;
11585	char printbuf[128];
11586#endif
11587	int found;
11588	uint32_t targ_lun;
11589
11590	softc = control_softc;
11591	found = 0;
11592
11593	/*
11594	 * Look up the LUN.
11595	 */
11596	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11597	mtx_lock(&softc->ctl_lock);
11598	if ((targ_lun >= CTL_MAX_LUNS) ||
11599	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11600		mtx_unlock(&softc->ctl_lock);
11601		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11602		return (1);
11603	}
11604
11605#if 0
11606	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11607	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11608#endif
11609
11610	mtx_lock(&lun->lun_lock);
11611	mtx_unlock(&softc->ctl_lock);
11612	/*
11613	 * Run through the OOA queue and attempt to find the given I/O.
11614	 * The target port, initiator ID, tag type and tag number have to
11615	 * match the values that we got from the initiator.  If we have an
11616	 * untagged command to abort, simply abort the first untagged command
11617	 * we come to.  We only allow one untagged command at a time of course.
11618	 */
11619	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11620	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11621#if 0
11622		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11623
11624		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11625			    lun->lun, xio->scsiio.tag_num,
11626			    xio->scsiio.tag_type,
11627			    (xio->io_hdr.blocked_links.tqe_prev
11628			    == NULL) ? "" : " BLOCKED",
11629			    (xio->io_hdr.flags &
11630			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11631			    (xio->io_hdr.flags &
11632			    CTL_FLAG_ABORT) ? " ABORT" : "",
11633			    (xio->io_hdr.flags &
11634			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11635		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11636		sbuf_finish(&sb);
11637		printf("%s\n", sbuf_data(&sb));
11638#endif
11639
11640		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11641		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11642		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11643			continue;
11644
11645		/*
11646		 * If the abort says that the task is untagged, the
11647		 * task in the queue must be untagged.  Otherwise,
11648		 * we just check to see whether the tag numbers
11649		 * match.  This is because the QLogic firmware
11650		 * doesn't pass back the tag type in an abort
11651		 * request.
11652		 */
11653#if 0
11654		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11655		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11656		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11657#endif
11658		/*
11659		 * XXX KDM we've got problems with FC, because it
11660		 * doesn't send down a tag type with aborts.  So we
11661		 * can only really go by the tag number...
11662		 * This may cause problems with parallel SCSI.
11663		 * Need to figure that out!!
11664		 */
11665		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11666			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11667			found = 1;
11668			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11669			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11670				union ctl_ha_msg msg_info;
11671
11672				msg_info.hdr.nexus = io->io_hdr.nexus;
11673				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11674				msg_info.task.tag_num = io->taskio.tag_num;
11675				msg_info.task.tag_type = io->taskio.tag_type;
11676				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11677				msg_info.hdr.original_sc = NULL;
11678				msg_info.hdr.serializing_sc = NULL;
11679#if 0
11680				printf("Sent Abort to other side\n");
11681#endif
11682				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11683				    sizeof(msg_info.task), M_NOWAIT);
11684			}
11685#if 0
11686			printf("ctl_abort_task: found I/O to abort\n");
11687#endif
11688		}
11689	}
11690	mtx_unlock(&lun->lun_lock);
11691
11692	if (found == 0) {
11693		/*
11694		 * This isn't really an error.  It's entirely possible for
11695		 * the abort and command completion to cross on the wire.
11696		 * This is more of an informative/diagnostic error.
11697		 */
11698#if 0
11699		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11700		       "%u:%u:%u tag %d type %d\n",
11701		       io->io_hdr.nexus.initid,
11702		       io->io_hdr.nexus.targ_port,
11703		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11704		       io->taskio.tag_type);
11705#endif
11706	}
11707	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11708	return (0);
11709}
11710
11711static int
11712ctl_query_task(union ctl_io *io, int task_set)
11713{
11714	union ctl_io *xio;
11715	struct ctl_lun *lun;
11716	struct ctl_softc *softc;
11717	int found = 0;
11718	uint32_t targ_lun;
11719
11720	softc = control_softc;
11721	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11722	mtx_lock(&softc->ctl_lock);
11723	if ((targ_lun >= CTL_MAX_LUNS) ||
11724	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11725		mtx_unlock(&softc->ctl_lock);
11726		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11727		return (1);
11728	}
11729	mtx_lock(&lun->lun_lock);
11730	mtx_unlock(&softc->ctl_lock);
11731	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11732	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11733
11734		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11735		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11736		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11737			continue;
11738
11739		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11740			found = 1;
11741			break;
11742		}
11743	}
11744	mtx_unlock(&lun->lun_lock);
11745	if (found)
11746		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11747	else
11748		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11749	return (0);
11750}
11751
11752static int
11753ctl_query_async_event(union ctl_io *io)
11754{
11755	struct ctl_lun *lun;
11756	struct ctl_softc *softc;
11757	ctl_ua_type ua;
11758	uint32_t targ_lun, initidx;
11759
11760	softc = control_softc;
11761	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11762	mtx_lock(&softc->ctl_lock);
11763	if ((targ_lun >= CTL_MAX_LUNS) ||
11764	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11765		mtx_unlock(&softc->ctl_lock);
11766		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11767		return (1);
11768	}
11769	mtx_lock(&lun->lun_lock);
11770	mtx_unlock(&softc->ctl_lock);
11771	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11772	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11773	mtx_unlock(&lun->lun_lock);
11774	if (ua != CTL_UA_NONE)
11775		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11776	else
11777		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11778	return (0);
11779}
11780
11781static void
11782ctl_run_task(union ctl_io *io)
11783{
11784	struct ctl_softc *softc = control_softc;
11785	int retval = 1;
11786
11787	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11788	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11789	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11790	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11791	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11792	switch (io->taskio.task_action) {
11793	case CTL_TASK_ABORT_TASK:
11794		retval = ctl_abort_task(io);
11795		break;
11796	case CTL_TASK_ABORT_TASK_SET:
11797	case CTL_TASK_CLEAR_TASK_SET:
11798		retval = ctl_abort_task_set(io);
11799		break;
11800	case CTL_TASK_CLEAR_ACA:
11801		break;
11802	case CTL_TASK_I_T_NEXUS_RESET:
11803		retval = ctl_i_t_nexus_reset(io);
11804		break;
11805	case CTL_TASK_LUN_RESET:
11806		retval = ctl_lun_reset(softc, io);
11807		break;
11808	case CTL_TASK_TARGET_RESET:
11809		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11810		break;
11811	case CTL_TASK_BUS_RESET:
11812		retval = ctl_bus_reset(softc, io);
11813		break;
11814	case CTL_TASK_PORT_LOGIN:
11815		break;
11816	case CTL_TASK_PORT_LOGOUT:
11817		break;
11818	case CTL_TASK_QUERY_TASK:
11819		retval = ctl_query_task(io, 0);
11820		break;
11821	case CTL_TASK_QUERY_TASK_SET:
11822		retval = ctl_query_task(io, 1);
11823		break;
11824	case CTL_TASK_QUERY_ASYNC_EVENT:
11825		retval = ctl_query_async_event(io);
11826		break;
11827	default:
11828		printf("%s: got unknown task management event %d\n",
11829		       __func__, io->taskio.task_action);
11830		break;
11831	}
11832	if (retval == 0)
11833		io->io_hdr.status = CTL_SUCCESS;
11834	else
11835		io->io_hdr.status = CTL_ERROR;
11836	ctl_done(io);
11837}
11838
11839/*
11840 * For HA operation.  Handle commands that come in from the other
11841 * controller.
11842 */
11843static void
11844ctl_handle_isc(union ctl_io *io)
11845{
11846	int free_io;
11847	struct ctl_lun *lun;
11848	struct ctl_softc *softc = control_softc;
11849	uint32_t targ_lun;
11850
11851	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11852	lun = softc->ctl_luns[targ_lun];
11853
11854	switch (io->io_hdr.msg_type) {
11855	case CTL_MSG_SERIALIZE:
11856		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11857		break;
11858	case CTL_MSG_R2R: {
11859		const struct ctl_cmd_entry *entry;
11860
11861		/*
11862		 * This is only used in SER_ONLY mode.
11863		 */
11864		free_io = 0;
11865		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11866		mtx_lock(&lun->lun_lock);
11867		if (ctl_scsiio_lun_check(lun,
11868		    entry, (struct ctl_scsiio *)io) != 0) {
11869			mtx_unlock(&lun->lun_lock);
11870			ctl_done(io);
11871			break;
11872		}
11873		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11874		mtx_unlock(&lun->lun_lock);
11875		ctl_enqueue_rtr(io);
11876		break;
11877	}
11878	case CTL_MSG_FINISH_IO:
11879		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11880			free_io = 0;
11881			ctl_done(io);
11882		} else {
11883			free_io = 1;
11884			mtx_lock(&lun->lun_lock);
11885			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11886				     ooa_links);
11887			ctl_check_blocked(lun);
11888			mtx_unlock(&lun->lun_lock);
11889		}
11890		break;
11891	case CTL_MSG_PERS_ACTION:
11892		ctl_hndl_per_res_out_on_other_sc(
11893			(union ctl_ha_msg *)&io->presio.pr_msg);
11894		free_io = 1;
11895		break;
11896	case CTL_MSG_BAD_JUJU:
11897		free_io = 0;
11898		ctl_done(io);
11899		break;
11900	case CTL_MSG_DATAMOVE:
11901		/* Only used in XFER mode */
11902		free_io = 0;
11903		ctl_datamove_remote(io);
11904		break;
11905	case CTL_MSG_DATAMOVE_DONE:
11906		/* Only used in XFER mode */
11907		free_io = 0;
11908		io->scsiio.be_move_done(io);
11909		break;
11910	case CTL_MSG_FAILOVER:
11911		ctl_failover_lun(io);
11912		free_io = 1;
11913		break;
11914	default:
11915		free_io = 1;
11916		printf("%s: Invalid message type %d\n",
11917		       __func__, io->io_hdr.msg_type);
11918		break;
11919	}
11920	if (free_io)
11921		ctl_free_io(io);
11922
11923}
11924
11925
11926/*
11927 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11928 * there is no match.
11929 */
11930static ctl_lun_error_pattern
11931ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11932{
11933	const struct ctl_cmd_entry *entry;
11934	ctl_lun_error_pattern filtered_pattern, pattern;
11935
11936	pattern = desc->error_pattern;
11937
11938	/*
11939	 * XXX KDM we need more data passed into this function to match a
11940	 * custom pattern, and we actually need to implement custom pattern
11941	 * matching.
11942	 */
11943	if (pattern & CTL_LUN_PAT_CMD)
11944		return (CTL_LUN_PAT_CMD);
11945
11946	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11947		return (CTL_LUN_PAT_ANY);
11948
11949	entry = ctl_get_cmd_entry(ctsio, NULL);
11950
11951	filtered_pattern = entry->pattern & pattern;
11952
11953	/*
11954	 * If the user requested specific flags in the pattern (e.g.
11955	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11956	 * flags.
11957	 *
11958	 * If the user did not specify any flags, it doesn't matter whether
11959	 * or not the command supports the flags.
11960	 */
11961	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11962	     (pattern & ~CTL_LUN_PAT_MASK))
11963		return (CTL_LUN_PAT_NONE);
11964
11965	/*
11966	 * If the user asked for a range check, see if the requested LBA
11967	 * range overlaps with this command's LBA range.
11968	 */
11969	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
11970		uint64_t lba1;
11971		uint64_t len1;
11972		ctl_action action;
11973		int retval;
11974
11975		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
11976		if (retval != 0)
11977			return (CTL_LUN_PAT_NONE);
11978
11979		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
11980					      desc->lba_range.len, FALSE);
11981		/*
11982		 * A "pass" means that the LBA ranges don't overlap, so
11983		 * this doesn't match the user's range criteria.
11984		 */
11985		if (action == CTL_ACTION_PASS)
11986			return (CTL_LUN_PAT_NONE);
11987	}
11988
11989	return (filtered_pattern);
11990}
11991
11992static void
11993ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
11994{
11995	struct ctl_error_desc *desc, *desc2;
11996
11997	mtx_assert(&lun->lun_lock, MA_OWNED);
11998
11999	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12000		ctl_lun_error_pattern pattern;
12001		/*
12002		 * Check to see whether this particular command matches
12003		 * the pattern in the descriptor.
12004		 */
12005		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12006		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12007			continue;
12008
12009		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12010		case CTL_LUN_INJ_ABORTED:
12011			ctl_set_aborted(&io->scsiio);
12012			break;
12013		case CTL_LUN_INJ_MEDIUM_ERR:
12014			ctl_set_medium_error(&io->scsiio,
12015			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12016			     CTL_FLAG_DATA_OUT);
12017			break;
12018		case CTL_LUN_INJ_UA:
12019			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12020			 * OCCURRED */
12021			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12022			break;
12023		case CTL_LUN_INJ_CUSTOM:
12024			/*
12025			 * We're assuming the user knows what he is doing.
12026			 * Just copy the sense information without doing
12027			 * checks.
12028			 */
12029			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12030			      MIN(sizeof(desc->custom_sense),
12031				  sizeof(io->scsiio.sense_data)));
12032			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12033			io->scsiio.sense_len = SSD_FULL_SIZE;
12034			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12035			break;
12036		case CTL_LUN_INJ_NONE:
12037		default:
12038			/*
12039			 * If this is an error injection type we don't know
12040			 * about, clear the continuous flag (if it is set)
12041			 * so it will get deleted below.
12042			 */
12043			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12044			break;
12045		}
12046		/*
12047		 * By default, each error injection action is a one-shot
12048		 */
12049		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12050			continue;
12051
12052		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12053
12054		free(desc, M_CTL);
12055	}
12056}
12057
12058#ifdef CTL_IO_DELAY
12059static void
12060ctl_datamove_timer_wakeup(void *arg)
12061{
12062	union ctl_io *io;
12063
12064	io = (union ctl_io *)arg;
12065
12066	ctl_datamove(io);
12067}
12068#endif /* CTL_IO_DELAY */
12069
12070void
12071ctl_datamove(union ctl_io *io)
12072{
12073	struct ctl_lun *lun;
12074	void (*fe_datamove)(union ctl_io *io);
12075
12076	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12077
12078	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12079
12080	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12081#ifdef CTL_TIME_IO
12082	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12083		char str[256];
12084		char path_str[64];
12085		struct sbuf sb;
12086
12087		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12088		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12089
12090		sbuf_cat(&sb, path_str);
12091		switch (io->io_hdr.io_type) {
12092		case CTL_IO_SCSI:
12093			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12094			sbuf_printf(&sb, "\n");
12095			sbuf_cat(&sb, path_str);
12096			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12097				    io->scsiio.tag_num, io->scsiio.tag_type);
12098			break;
12099		case CTL_IO_TASK:
12100			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12101				    "Tag Type: %d\n", io->taskio.task_action,
12102				    io->taskio.tag_num, io->taskio.tag_type);
12103			break;
12104		default:
12105			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12106			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12107			break;
12108		}
12109		sbuf_cat(&sb, path_str);
12110		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12111			    (intmax_t)time_uptime - io->io_hdr.start_time);
12112		sbuf_finish(&sb);
12113		printf("%s", sbuf_data(&sb));
12114	}
12115#endif /* CTL_TIME_IO */
12116
12117#ifdef CTL_IO_DELAY
12118	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12119		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12120	} else {
12121		if ((lun != NULL)
12122		 && (lun->delay_info.datamove_delay > 0)) {
12123
12124			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12125			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12126			callout_reset(&io->io_hdr.delay_callout,
12127				      lun->delay_info.datamove_delay * hz,
12128				      ctl_datamove_timer_wakeup, io);
12129			if (lun->delay_info.datamove_type ==
12130			    CTL_DELAY_TYPE_ONESHOT)
12131				lun->delay_info.datamove_delay = 0;
12132			return;
12133		}
12134	}
12135#endif
12136
12137	/*
12138	 * This command has been aborted.  Set the port status, so we fail
12139	 * the data move.
12140	 */
12141	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12142		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12143		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12144		       io->io_hdr.nexus.targ_port,
12145		       io->io_hdr.nexus.targ_lun);
12146		io->io_hdr.port_status = 31337;
12147		/*
12148		 * Note that the backend, in this case, will get the
12149		 * callback in its context.  In other cases it may get
12150		 * called in the frontend's interrupt thread context.
12151		 */
12152		io->scsiio.be_move_done(io);
12153		return;
12154	}
12155
12156	/* Don't confuse frontend with zero length data move. */
12157	if (io->scsiio.kern_data_len == 0) {
12158		io->scsiio.be_move_done(io);
12159		return;
12160	}
12161
12162	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12163	fe_datamove(io);
12164}
12165
12166static void
12167ctl_send_datamove_done(union ctl_io *io, int have_lock)
12168{
12169	union ctl_ha_msg msg;
12170#ifdef CTL_TIME_IO
12171	struct bintime cur_bt;
12172#endif
12173
12174	memset(&msg, 0, sizeof(msg));
12175	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12176	msg.hdr.original_sc = io;
12177	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12178	msg.hdr.nexus = io->io_hdr.nexus;
12179	msg.hdr.status = io->io_hdr.status;
12180	msg.scsi.tag_num = io->scsiio.tag_num;
12181	msg.scsi.tag_type = io->scsiio.tag_type;
12182	msg.scsi.scsi_status = io->scsiio.scsi_status;
12183	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12184	       io->scsiio.sense_len);
12185	msg.scsi.sense_len = io->scsiio.sense_len;
12186	msg.scsi.sense_residual = io->scsiio.sense_residual;
12187	msg.scsi.fetd_status = io->io_hdr.port_status;
12188	msg.scsi.residual = io->scsiio.residual;
12189	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12190	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12191		ctl_failover_io(io, /*have_lock*/ have_lock);
12192		return;
12193	}
12194	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12195	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12196	    msg.scsi.sense_len, M_WAITOK);
12197
12198#ifdef CTL_TIME_IO
12199	getbinuptime(&cur_bt);
12200	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12201	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12202#endif
12203	io->io_hdr.num_dmas++;
12204}
12205
12206/*
12207 * The DMA to the remote side is done, now we need to tell the other side
12208 * we're done so it can continue with its data movement.
12209 */
12210static void
12211ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12212{
12213	union ctl_io *io;
12214	int i;
12215
12216	io = rq->context;
12217
12218	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12219		printf("%s: ISC DMA write failed with error %d", __func__,
12220		       rq->ret);
12221		ctl_set_internal_failure(&io->scsiio,
12222					 /*sks_valid*/ 1,
12223					 /*retry_count*/ rq->ret);
12224	}
12225
12226	ctl_dt_req_free(rq);
12227
12228	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12229		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12230	free(io->io_hdr.remote_sglist, M_CTL);
12231	io->io_hdr.remote_sglist = NULL;
12232	io->io_hdr.local_sglist = NULL;
12233
12234	/*
12235	 * The data is in local and remote memory, so now we need to send
12236	 * status (good or back) back to the other side.
12237	 */
12238	ctl_send_datamove_done(io, /*have_lock*/ 0);
12239}
12240
12241/*
12242 * We've moved the data from the host/controller into local memory.  Now we
12243 * need to push it over to the remote controller's memory.
12244 */
12245static int
12246ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12247{
12248	int retval;
12249
12250	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12251					  ctl_datamove_remote_write_cb);
12252	return (retval);
12253}
12254
12255static void
12256ctl_datamove_remote_write(union ctl_io *io)
12257{
12258	int retval;
12259	void (*fe_datamove)(union ctl_io *io);
12260
12261	/*
12262	 * - Get the data from the host/HBA into local memory.
12263	 * - DMA memory from the local controller to the remote controller.
12264	 * - Send status back to the remote controller.
12265	 */
12266
12267	retval = ctl_datamove_remote_sgl_setup(io);
12268	if (retval != 0)
12269		return;
12270
12271	/* Switch the pointer over so the FETD knows what to do */
12272	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12273
12274	/*
12275	 * Use a custom move done callback, since we need to send completion
12276	 * back to the other controller, not to the backend on this side.
12277	 */
12278	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12279
12280	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12281	fe_datamove(io);
12282}
12283
12284static int
12285ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12286{
12287#if 0
12288	char str[256];
12289	char path_str[64];
12290	struct sbuf sb;
12291#endif
12292	int i;
12293
12294	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12295		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12296	free(io->io_hdr.remote_sglist, M_CTL);
12297	io->io_hdr.remote_sglist = NULL;
12298	io->io_hdr.local_sglist = NULL;
12299
12300#if 0
12301	scsi_path_string(io, path_str, sizeof(path_str));
12302	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12303	sbuf_cat(&sb, path_str);
12304	scsi_command_string(&io->scsiio, NULL, &sb);
12305	sbuf_printf(&sb, "\n");
12306	sbuf_cat(&sb, path_str);
12307	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12308		    io->scsiio.tag_num, io->scsiio.tag_type);
12309	sbuf_cat(&sb, path_str);
12310	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12311		    io->io_hdr.flags, io->io_hdr.status);
12312	sbuf_finish(&sb);
12313	printk("%s", sbuf_data(&sb));
12314#endif
12315
12316
12317	/*
12318	 * The read is done, now we need to send status (good or bad) back
12319	 * to the other side.
12320	 */
12321	ctl_send_datamove_done(io, /*have_lock*/ 0);
12322
12323	return (0);
12324}
12325
12326static void
12327ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12328{
12329	union ctl_io *io;
12330	void (*fe_datamove)(union ctl_io *io);
12331
12332	io = rq->context;
12333
12334	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12335		printf("%s: ISC DMA read failed with error %d\n", __func__,
12336		       rq->ret);
12337		ctl_set_internal_failure(&io->scsiio,
12338					 /*sks_valid*/ 1,
12339					 /*retry_count*/ rq->ret);
12340	}
12341
12342	ctl_dt_req_free(rq);
12343
12344	/* Switch the pointer over so the FETD knows what to do */
12345	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12346
12347	/*
12348	 * Use a custom move done callback, since we need to send completion
12349	 * back to the other controller, not to the backend on this side.
12350	 */
12351	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12352
12353	/* XXX KDM add checks like the ones in ctl_datamove? */
12354
12355	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12356	fe_datamove(io);
12357}
12358
12359static int
12360ctl_datamove_remote_sgl_setup(union ctl_io *io)
12361{
12362	struct ctl_sg_entry *local_sglist;
12363	uint32_t len_to_go;
12364	int retval;
12365	int i;
12366
12367	retval = 0;
12368	local_sglist = io->io_hdr.local_sglist;
12369	len_to_go = io->scsiio.kern_data_len;
12370
12371	/*
12372	 * The difficult thing here is that the size of the various
12373	 * S/G segments may be different than the size from the
12374	 * remote controller.  That'll make it harder when DMAing
12375	 * the data back to the other side.
12376	 */
12377	for (i = 0; len_to_go > 0; i++) {
12378		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12379		local_sglist[i].addr =
12380		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12381
12382		len_to_go -= local_sglist[i].len;
12383	}
12384	/*
12385	 * Reset the number of S/G entries accordingly.  The original
12386	 * number of S/G entries is available in rem_sg_entries.
12387	 */
12388	io->scsiio.kern_sg_entries = i;
12389
12390#if 0
12391	printf("%s: kern_sg_entries = %d\n", __func__,
12392	       io->scsiio.kern_sg_entries);
12393	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12394		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12395		       local_sglist[i].addr, local_sglist[i].len);
12396#endif
12397
12398	return (retval);
12399}
12400
12401static int
12402ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12403			 ctl_ha_dt_cb callback)
12404{
12405	struct ctl_ha_dt_req *rq;
12406	struct ctl_sg_entry *remote_sglist, *local_sglist;
12407	uint32_t local_used, remote_used, total_used;
12408	int i, j, isc_ret;
12409
12410	rq = ctl_dt_req_alloc();
12411
12412	/*
12413	 * If we failed to allocate the request, and if the DMA didn't fail
12414	 * anyway, set busy status.  This is just a resource allocation
12415	 * failure.
12416	 */
12417	if ((rq == NULL)
12418	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12419	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12420		ctl_set_busy(&io->scsiio);
12421
12422	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12423	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12424
12425		if (rq != NULL)
12426			ctl_dt_req_free(rq);
12427
12428		/*
12429		 * The data move failed.  We need to return status back
12430		 * to the other controller.  No point in trying to DMA
12431		 * data to the remote controller.
12432		 */
12433
12434		ctl_send_datamove_done(io, /*have_lock*/ 0);
12435
12436		return (1);
12437	}
12438
12439	local_sglist = io->io_hdr.local_sglist;
12440	remote_sglist = io->io_hdr.remote_sglist;
12441	local_used = 0;
12442	remote_used = 0;
12443	total_used = 0;
12444
12445	/*
12446	 * Pull/push the data over the wire from/to the other controller.
12447	 * This takes into account the possibility that the local and
12448	 * remote sglists may not be identical in terms of the size of
12449	 * the elements and the number of elements.
12450	 *
12451	 * One fundamental assumption here is that the length allocated for
12452	 * both the local and remote sglists is identical.  Otherwise, we've
12453	 * essentially got a coding error of some sort.
12454	 */
12455	isc_ret = CTL_HA_STATUS_SUCCESS;
12456	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12457		uint32_t cur_len;
12458		uint8_t *tmp_ptr;
12459
12460		rq->command = command;
12461		rq->context = io;
12462
12463		/*
12464		 * Both pointers should be aligned.  But it is possible
12465		 * that the allocation length is not.  They should both
12466		 * also have enough slack left over at the end, though,
12467		 * to round up to the next 8 byte boundary.
12468		 */
12469		cur_len = MIN(local_sglist[i].len - local_used,
12470			      remote_sglist[j].len - remote_used);
12471		rq->size = cur_len;
12472
12473		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12474		tmp_ptr += local_used;
12475
12476#if 0
12477		/* Use physical addresses when talking to ISC hardware */
12478		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12479			/* XXX KDM use busdma */
12480			rq->local = vtophys(tmp_ptr);
12481		} else
12482			rq->local = tmp_ptr;
12483#else
12484		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12485		    ("HA does not support BUS_ADDR"));
12486		rq->local = tmp_ptr;
12487#endif
12488
12489		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12490		tmp_ptr += remote_used;
12491		rq->remote = tmp_ptr;
12492
12493		rq->callback = NULL;
12494
12495		local_used += cur_len;
12496		if (local_used >= local_sglist[i].len) {
12497			i++;
12498			local_used = 0;
12499		}
12500
12501		remote_used += cur_len;
12502		if (remote_used >= remote_sglist[j].len) {
12503			j++;
12504			remote_used = 0;
12505		}
12506		total_used += cur_len;
12507
12508		if (total_used >= io->scsiio.kern_data_len)
12509			rq->callback = callback;
12510
12511#if 0
12512		printf("%s: %s: local %p remote %p size %d\n", __func__,
12513		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12514		       rq->local, rq->remote, rq->size);
12515#endif
12516
12517		isc_ret = ctl_dt_single(rq);
12518		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12519			break;
12520	}
12521	if (isc_ret != CTL_HA_STATUS_WAIT) {
12522		rq->ret = isc_ret;
12523		callback(rq);
12524	}
12525
12526	return (0);
12527}
12528
12529static void
12530ctl_datamove_remote_read(union ctl_io *io)
12531{
12532	int retval;
12533	int i;
12534
12535	/*
12536	 * This will send an error to the other controller in the case of a
12537	 * failure.
12538	 */
12539	retval = ctl_datamove_remote_sgl_setup(io);
12540	if (retval != 0)
12541		return;
12542
12543	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12544					  ctl_datamove_remote_read_cb);
12545	if (retval != 0) {
12546		/*
12547		 * Make sure we free memory if there was an error..  The
12548		 * ctl_datamove_remote_xfer() function will send the
12549		 * datamove done message, or call the callback with an
12550		 * error if there is a problem.
12551		 */
12552		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12553			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12554		free(io->io_hdr.remote_sglist, M_CTL);
12555		io->io_hdr.remote_sglist = NULL;
12556		io->io_hdr.local_sglist = NULL;
12557	}
12558}
12559
12560/*
12561 * Process a datamove request from the other controller.  This is used for
12562 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12563 * first.  Once that is complete, the data gets DMAed into the remote
12564 * controller's memory.  For reads, we DMA from the remote controller's
12565 * memory into our memory first, and then move it out to the FETD.
12566 */
12567static void
12568ctl_datamove_remote(union ctl_io *io)
12569{
12570
12571	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12572
12573	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12574		ctl_failover_io(io, /*have_lock*/ 0);
12575		return;
12576	}
12577
12578	/*
12579	 * Note that we look for an aborted I/O here, but don't do some of
12580	 * the other checks that ctl_datamove() normally does.
12581	 * We don't need to run the datamove delay code, since that should
12582	 * have been done if need be on the other controller.
12583	 */
12584	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12585		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12586		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12587		       io->io_hdr.nexus.targ_port,
12588		       io->io_hdr.nexus.targ_lun);
12589		io->io_hdr.port_status = 31338;
12590		ctl_send_datamove_done(io, /*have_lock*/ 0);
12591		return;
12592	}
12593
12594	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12595		ctl_datamove_remote_write(io);
12596	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12597		ctl_datamove_remote_read(io);
12598	else {
12599		io->io_hdr.port_status = 31339;
12600		ctl_send_datamove_done(io, /*have_lock*/ 0);
12601	}
12602}
12603
12604static void
12605ctl_process_done(union ctl_io *io)
12606{
12607	struct ctl_lun *lun;
12608	struct ctl_softc *softc = control_softc;
12609	void (*fe_done)(union ctl_io *io);
12610	union ctl_ha_msg msg;
12611	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12612
12613	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12614	fe_done = softc->ctl_ports[targ_port]->fe_done;
12615
12616#ifdef CTL_TIME_IO
12617	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12618		char str[256];
12619		char path_str[64];
12620		struct sbuf sb;
12621
12622		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12623		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12624
12625		sbuf_cat(&sb, path_str);
12626		switch (io->io_hdr.io_type) {
12627		case CTL_IO_SCSI:
12628			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12629			sbuf_printf(&sb, "\n");
12630			sbuf_cat(&sb, path_str);
12631			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12632				    io->scsiio.tag_num, io->scsiio.tag_type);
12633			break;
12634		case CTL_IO_TASK:
12635			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12636				    "Tag Type: %d\n", io->taskio.task_action,
12637				    io->taskio.tag_num, io->taskio.tag_type);
12638			break;
12639		default:
12640			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12641			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12642			break;
12643		}
12644		sbuf_cat(&sb, path_str);
12645		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12646			    (intmax_t)time_uptime - io->io_hdr.start_time);
12647		sbuf_finish(&sb);
12648		printf("%s", sbuf_data(&sb));
12649	}
12650#endif /* CTL_TIME_IO */
12651
12652	switch (io->io_hdr.io_type) {
12653	case CTL_IO_SCSI:
12654		break;
12655	case CTL_IO_TASK:
12656		if (ctl_debug & CTL_DEBUG_INFO)
12657			ctl_io_error_print(io, NULL);
12658		fe_done(io);
12659		return;
12660	default:
12661		panic("ctl_process_done: invalid io type %d\n",
12662		      io->io_hdr.io_type);
12663		break; /* NOTREACHED */
12664	}
12665
12666	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12667	if (lun == NULL) {
12668		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12669				 io->io_hdr.nexus.targ_mapped_lun));
12670		goto bailout;
12671	}
12672
12673	mtx_lock(&lun->lun_lock);
12674
12675	/*
12676	 * Check to see if we have any errors to inject here.  We only
12677	 * inject errors for commands that don't already have errors set.
12678	 */
12679	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12680	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12681	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12682		ctl_inject_error(lun, io);
12683
12684	/*
12685	 * XXX KDM how do we treat commands that aren't completed
12686	 * successfully?
12687	 *
12688	 * XXX KDM should we also track I/O latency?
12689	 */
12690	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12691	    io->io_hdr.io_type == CTL_IO_SCSI) {
12692#ifdef CTL_TIME_IO
12693		struct bintime cur_bt;
12694#endif
12695		int type;
12696
12697		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12698		    CTL_FLAG_DATA_IN)
12699			type = CTL_STATS_READ;
12700		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12701		    CTL_FLAG_DATA_OUT)
12702			type = CTL_STATS_WRITE;
12703		else
12704			type = CTL_STATS_NO_IO;
12705
12706		lun->stats.ports[targ_port].bytes[type] +=
12707		    io->scsiio.kern_total_len;
12708		lun->stats.ports[targ_port].operations[type]++;
12709#ifdef CTL_TIME_IO
12710		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12711		   &io->io_hdr.dma_bt);
12712		getbinuptime(&cur_bt);
12713		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12714		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12715#endif
12716		lun->stats.ports[targ_port].num_dmas[type] +=
12717		    io->io_hdr.num_dmas;
12718	}
12719
12720	/*
12721	 * Remove this from the OOA queue.
12722	 */
12723	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12724#ifdef CTL_TIME_IO
12725	if (TAILQ_EMPTY(&lun->ooa_queue))
12726		lun->last_busy = getsbinuptime();
12727#endif
12728
12729	/*
12730	 * Run through the blocked queue on this LUN and see if anything
12731	 * has become unblocked, now that this transaction is done.
12732	 */
12733	ctl_check_blocked(lun);
12734
12735	/*
12736	 * If the LUN has been invalidated, free it if there is nothing
12737	 * left on its OOA queue.
12738	 */
12739	if ((lun->flags & CTL_LUN_INVALID)
12740	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12741		mtx_unlock(&lun->lun_lock);
12742		mtx_lock(&softc->ctl_lock);
12743		ctl_free_lun(lun);
12744		mtx_unlock(&softc->ctl_lock);
12745	} else
12746		mtx_unlock(&lun->lun_lock);
12747
12748bailout:
12749
12750	/*
12751	 * If this command has been aborted, make sure we set the status
12752	 * properly.  The FETD is responsible for freeing the I/O and doing
12753	 * whatever it needs to do to clean up its state.
12754	 */
12755	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12756		ctl_set_task_aborted(&io->scsiio);
12757
12758	/*
12759	 * If enabled, print command error status.
12760	 */
12761	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12762	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12763		ctl_io_error_print(io, NULL);
12764
12765	/*
12766	 * Tell the FETD or the other shelf controller we're done with this
12767	 * command.  Note that only SCSI commands get to this point.  Task
12768	 * management commands are completed above.
12769	 */
12770	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12771	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12772		memset(&msg, 0, sizeof(msg));
12773		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12774		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12775		msg.hdr.nexus = io->io_hdr.nexus;
12776		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12777		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12778		    M_WAITOK);
12779	}
12780
12781	fe_done(io);
12782}
12783
12784#ifdef CTL_WITH_CA
12785/*
12786 * Front end should call this if it doesn't do autosense.  When the request
12787 * sense comes back in from the initiator, we'll dequeue this and send it.
12788 */
12789int
12790ctl_queue_sense(union ctl_io *io)
12791{
12792	struct ctl_lun *lun;
12793	struct ctl_port *port;
12794	struct ctl_softc *softc;
12795	uint32_t initidx, targ_lun;
12796
12797	softc = control_softc;
12798
12799	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
12800
12801	/*
12802	 * LUN lookup will likely move to the ctl_work_thread() once we
12803	 * have our new queueing infrastructure (that doesn't put things on
12804	 * a per-LUN queue initially).  That is so that we can handle
12805	 * things like an INQUIRY to a LUN that we don't have enabled.  We
12806	 * can't deal with that right now.
12807	 */
12808	mtx_lock(&softc->ctl_lock);
12809
12810	/*
12811	 * If we don't have a LUN for this, just toss the sense
12812	 * information.
12813	 */
12814	port = ctl_io_port(&ctsio->io_hdr);
12815	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12816	if ((targ_lun < CTL_MAX_LUNS)
12817	 && (softc->ctl_luns[targ_lun] != NULL))
12818		lun = softc->ctl_luns[targ_lun];
12819	else
12820		goto bailout;
12821
12822	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12823
12824	mtx_lock(&lun->lun_lock);
12825	/*
12826	 * Already have CA set for this LUN...toss the sense information.
12827	 */
12828	if (ctl_is_set(lun->have_ca, initidx)) {
12829		mtx_unlock(&lun->lun_lock);
12830		goto bailout;
12831	}
12832
12833	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
12834	       MIN(sizeof(lun->pending_sense[initidx]),
12835	       sizeof(io->scsiio.sense_data)));
12836	ctl_set_mask(lun->have_ca, initidx);
12837	mtx_unlock(&lun->lun_lock);
12838
12839bailout:
12840	mtx_unlock(&softc->ctl_lock);
12841
12842	ctl_free_io(io);
12843
12844	return (CTL_RETVAL_COMPLETE);
12845}
12846#endif
12847
12848/*
12849 * Primary command inlet from frontend ports.  All SCSI and task I/O
12850 * requests must go through this function.
12851 */
12852int
12853ctl_queue(union ctl_io *io)
12854{
12855	struct ctl_port *port;
12856
12857	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
12858
12859#ifdef CTL_TIME_IO
12860	io->io_hdr.start_time = time_uptime;
12861	getbinuptime(&io->io_hdr.start_bt);
12862#endif /* CTL_TIME_IO */
12863
12864	/* Map FE-specific LUN ID into global one. */
12865	port = ctl_io_port(&io->io_hdr);
12866	io->io_hdr.nexus.targ_mapped_lun =
12867	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12868
12869	switch (io->io_hdr.io_type) {
12870	case CTL_IO_SCSI:
12871	case CTL_IO_TASK:
12872		if (ctl_debug & CTL_DEBUG_CDB)
12873			ctl_io_print(io);
12874		ctl_enqueue_incoming(io);
12875		break;
12876	default:
12877		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
12878		return (EINVAL);
12879	}
12880
12881	return (CTL_RETVAL_COMPLETE);
12882}
12883
12884#ifdef CTL_IO_DELAY
12885static void
12886ctl_done_timer_wakeup(void *arg)
12887{
12888	union ctl_io *io;
12889
12890	io = (union ctl_io *)arg;
12891	ctl_done(io);
12892}
12893#endif /* CTL_IO_DELAY */
12894
12895void
12896ctl_serseq_done(union ctl_io *io)
12897{
12898	struct ctl_lun *lun;
12899
12900	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12901	if (lun->be_lun == NULL ||
12902	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
12903		return;
12904	mtx_lock(&lun->lun_lock);
12905	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
12906	ctl_check_blocked(lun);
12907	mtx_unlock(&lun->lun_lock);
12908}
12909
12910void
12911ctl_done(union ctl_io *io)
12912{
12913
12914	/*
12915	 * Enable this to catch duplicate completion issues.
12916	 */
12917#if 0
12918	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
12919		printf("%s: type %d msg %d cdb %x iptl: "
12920		       "%u:%u:%u tag 0x%04x "
12921		       "flag %#x status %x\n",
12922			__func__,
12923			io->io_hdr.io_type,
12924			io->io_hdr.msg_type,
12925			io->scsiio.cdb[0],
12926			io->io_hdr.nexus.initid,
12927			io->io_hdr.nexus.targ_port,
12928			io->io_hdr.nexus.targ_lun,
12929			(io->io_hdr.io_type ==
12930			CTL_IO_TASK) ?
12931			io->taskio.tag_num :
12932			io->scsiio.tag_num,
12933		        io->io_hdr.flags,
12934			io->io_hdr.status);
12935	} else
12936		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
12937#endif
12938
12939	/*
12940	 * This is an internal copy of an I/O, and should not go through
12941	 * the normal done processing logic.
12942	 */
12943	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
12944		return;
12945
12946#ifdef CTL_IO_DELAY
12947	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12948		struct ctl_lun *lun;
12949
12950		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12951
12952		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12953	} else {
12954		struct ctl_lun *lun;
12955
12956		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12957
12958		if ((lun != NULL)
12959		 && (lun->delay_info.done_delay > 0)) {
12960
12961			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12962			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12963			callout_reset(&io->io_hdr.delay_callout,
12964				      lun->delay_info.done_delay * hz,
12965				      ctl_done_timer_wakeup, io);
12966			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
12967				lun->delay_info.done_delay = 0;
12968			return;
12969		}
12970	}
12971#endif /* CTL_IO_DELAY */
12972
12973	ctl_enqueue_done(io);
12974}
12975
12976static void
12977ctl_work_thread(void *arg)
12978{
12979	struct ctl_thread *thr = (struct ctl_thread *)arg;
12980	struct ctl_softc *softc = thr->ctl_softc;
12981	union ctl_io *io;
12982	int retval;
12983
12984	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
12985
12986	for (;;) {
12987		/*
12988		 * We handle the queues in this order:
12989		 * - ISC
12990		 * - done queue (to free up resources, unblock other commands)
12991		 * - RtR queue
12992		 * - incoming queue
12993		 *
12994		 * If those queues are empty, we break out of the loop and
12995		 * go to sleep.
12996		 */
12997		mtx_lock(&thr->queue_lock);
12998		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
12999		if (io != NULL) {
13000			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13001			mtx_unlock(&thr->queue_lock);
13002			ctl_handle_isc(io);
13003			continue;
13004		}
13005		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13006		if (io != NULL) {
13007			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13008			/* clear any blocked commands, call fe_done */
13009			mtx_unlock(&thr->queue_lock);
13010			ctl_process_done(io);
13011			continue;
13012		}
13013		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13014		if (io != NULL) {
13015			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13016			mtx_unlock(&thr->queue_lock);
13017			if (io->io_hdr.io_type == CTL_IO_TASK)
13018				ctl_run_task(io);
13019			else
13020				ctl_scsiio_precheck(softc, &io->scsiio);
13021			continue;
13022		}
13023		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13024		if (io != NULL) {
13025			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13026			mtx_unlock(&thr->queue_lock);
13027			retval = ctl_scsiio(&io->scsiio);
13028			if (retval != CTL_RETVAL_COMPLETE)
13029				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13030			continue;
13031		}
13032
13033		/* Sleep until we have something to do. */
13034		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13035	}
13036}
13037
13038static void
13039ctl_lun_thread(void *arg)
13040{
13041	struct ctl_softc *softc = (struct ctl_softc *)arg;
13042	struct ctl_be_lun *be_lun;
13043
13044	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13045
13046	for (;;) {
13047		mtx_lock(&softc->ctl_lock);
13048		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13049		if (be_lun != NULL) {
13050			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13051			mtx_unlock(&softc->ctl_lock);
13052			ctl_create_lun(be_lun);
13053			continue;
13054		}
13055
13056		/* Sleep until we have something to do. */
13057		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13058		    PDROP | PRIBIO, "-", 0);
13059	}
13060}
13061
13062static void
13063ctl_thresh_thread(void *arg)
13064{
13065	struct ctl_softc *softc = (struct ctl_softc *)arg;
13066	struct ctl_lun *lun;
13067	struct scsi_da_rw_recovery_page *rwpage;
13068	struct ctl_logical_block_provisioning_page *page;
13069	const char *attr;
13070	union ctl_ha_msg msg;
13071	uint64_t thres, val;
13072	int i, e, set;
13073
13074	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13075
13076	for (;;) {
13077		mtx_lock(&softc->ctl_lock);
13078		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13079			if ((lun->flags & CTL_LUN_DISABLED) ||
13080			    (lun->flags & CTL_LUN_OFFLINE) ||
13081			    lun->backend->lun_attr == NULL)
13082				continue;
13083			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13084			    softc->ha_mode == CTL_HA_MODE_XFER)
13085				continue;
13086			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13087			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13088				continue;
13089			e = 0;
13090			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13091			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13092				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13093					continue;
13094				thres = scsi_4btoul(page->descr[i].count);
13095				thres <<= CTL_LBP_EXPONENT;
13096				switch (page->descr[i].resource) {
13097				case 0x01:
13098					attr = "blocksavail";
13099					break;
13100				case 0x02:
13101					attr = "blocksused";
13102					break;
13103				case 0xf1:
13104					attr = "poolblocksavail";
13105					break;
13106				case 0xf2:
13107					attr = "poolblocksused";
13108					break;
13109				default:
13110					continue;
13111				}
13112				mtx_unlock(&softc->ctl_lock); // XXX
13113				val = lun->backend->lun_attr(
13114				    lun->be_lun->be_lun, attr);
13115				mtx_lock(&softc->ctl_lock);
13116				if (val == UINT64_MAX)
13117					continue;
13118				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13119				    == SLBPPD_ARMING_INC)
13120					e = (val >= thres);
13121				else
13122					e = (val <= thres);
13123				if (e)
13124					break;
13125			}
13126			mtx_lock(&lun->lun_lock);
13127			if (e) {
13128				scsi_u64to8b((uint8_t *)&page->descr[i] -
13129				    (uint8_t *)page, lun->ua_tpt_info);
13130				if (lun->lasttpt == 0 ||
13131				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13132					lun->lasttpt = time_uptime;
13133					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13134					set = 1;
13135				} else
13136					set = 0;
13137			} else {
13138				lun->lasttpt = 0;
13139				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13140				set = -1;
13141			}
13142			mtx_unlock(&lun->lun_lock);
13143			if (set != 0 &&
13144			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13145				/* Send msg to other side. */
13146				bzero(&msg.ua, sizeof(msg.ua));
13147				msg.hdr.msg_type = CTL_MSG_UA;
13148				msg.hdr.nexus.initid = -1;
13149				msg.hdr.nexus.targ_port = -1;
13150				msg.hdr.nexus.targ_lun = lun->lun;
13151				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13152				msg.ua.ua_all = 1;
13153				msg.ua.ua_set = (set > 0);
13154				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13155				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13156				mtx_unlock(&softc->ctl_lock); // XXX
13157				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13158				    sizeof(msg.ua), M_WAITOK);
13159				mtx_lock(&softc->ctl_lock);
13160			}
13161		}
13162		mtx_unlock(&softc->ctl_lock);
13163		pause("-", CTL_LBP_PERIOD * hz);
13164	}
13165}
13166
13167static void
13168ctl_enqueue_incoming(union ctl_io *io)
13169{
13170	struct ctl_softc *softc = control_softc;
13171	struct ctl_thread *thr;
13172	u_int idx;
13173
13174	idx = (io->io_hdr.nexus.targ_port * 127 +
13175	       io->io_hdr.nexus.initid) % worker_threads;
13176	thr = &softc->threads[idx];
13177	mtx_lock(&thr->queue_lock);
13178	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13179	mtx_unlock(&thr->queue_lock);
13180	wakeup(thr);
13181}
13182
13183static void
13184ctl_enqueue_rtr(union ctl_io *io)
13185{
13186	struct ctl_softc *softc = control_softc;
13187	struct ctl_thread *thr;
13188
13189	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13190	mtx_lock(&thr->queue_lock);
13191	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13192	mtx_unlock(&thr->queue_lock);
13193	wakeup(thr);
13194}
13195
13196static void
13197ctl_enqueue_done(union ctl_io *io)
13198{
13199	struct ctl_softc *softc = control_softc;
13200	struct ctl_thread *thr;
13201
13202	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13203	mtx_lock(&thr->queue_lock);
13204	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13205	mtx_unlock(&thr->queue_lock);
13206	wakeup(thr);
13207}
13208
13209static void
13210ctl_enqueue_isc(union ctl_io *io)
13211{
13212	struct ctl_softc *softc = control_softc;
13213	struct ctl_thread *thr;
13214
13215	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13216	mtx_lock(&thr->queue_lock);
13217	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13218	mtx_unlock(&thr->queue_lock);
13219	wakeup(thr);
13220}
13221
13222/*
13223 *  vim: ts=8
13224 */
13225