ctl.c revision 289881 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 289881 2015-10-24 17:24:19Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_cd.h>
73#include <cam/scsi/scsi_da.h>
74#include <cam/ctl/ctl_io.h>
75#include <cam/ctl/ctl.h>
76#include <cam/ctl/ctl_frontend.h>
77#include <cam/ctl/ctl_util.h>
78#include <cam/ctl/ctl_backend.h>
79#include <cam/ctl/ctl_ioctl.h>
80#include <cam/ctl/ctl_ha.h>
81#include <cam/ctl/ctl_private.h>
82#include <cam/ctl/ctl_debug.h>
83#include <cam/ctl/ctl_scsi_all.h>
84#include <cam/ctl/ctl_error.h>
85
86struct ctl_softc *control_softc = NULL;
87
88/*
89 * Template mode pages.
90 */
91
92/*
93 * Note that these are default values only.  The actual values will be
94 * filled in when the user does a mode sense.
95 */
96const static struct copan_debugconf_subpage debugconf_page_default = {
97	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
98	DBGCNF_SUBPAGE_CODE,		/* subpage */
99	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
100	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
101	DBGCNF_VERSION,			/* page_version */
102	{CTL_TIME_IO_DEFAULT_SECS>>8,
103	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
104};
105
106const static struct copan_debugconf_subpage debugconf_page_changeable = {
107	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
108	DBGCNF_SUBPAGE_CODE,		/* subpage */
109	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
110	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
111	0,				/* page_version */
112	{0xff,0xff},			/* ctl_time_io_secs */
113};
114
115const static struct scsi_da_rw_recovery_page rw_er_page_default = {
116	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
117	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
118	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
119	/*read_retry_count*/0,
120	/*correction_span*/0,
121	/*head_offset_count*/0,
122	/*data_strobe_offset_cnt*/0,
123	/*byte8*/SMS_RWER_LBPERE,
124	/*write_retry_count*/0,
125	/*reserved2*/0,
126	/*recovery_time_limit*/{0, 0},
127};
128
129const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
130	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
131	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
132	/*byte3*/0,
133	/*read_retry_count*/0,
134	/*correction_span*/0,
135	/*head_offset_count*/0,
136	/*data_strobe_offset_cnt*/0,
137	/*byte8*/0,
138	/*write_retry_count*/0,
139	/*reserved2*/0,
140	/*recovery_time_limit*/{0, 0},
141};
142
143const static struct scsi_format_page format_page_default = {
144	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
145	/*page_length*/sizeof(struct scsi_format_page) - 2,
146	/*tracks_per_zone*/ {0, 0},
147	/*alt_sectors_per_zone*/ {0, 0},
148	/*alt_tracks_per_zone*/ {0, 0},
149	/*alt_tracks_per_lun*/ {0, 0},
150	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
151			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
152	/*bytes_per_sector*/ {0, 0},
153	/*interleave*/ {0, 0},
154	/*track_skew*/ {0, 0},
155	/*cylinder_skew*/ {0, 0},
156	/*flags*/ SFP_HSEC,
157	/*reserved*/ {0, 0, 0}
158};
159
160const static struct scsi_format_page format_page_changeable = {
161	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
162	/*page_length*/sizeof(struct scsi_format_page) - 2,
163	/*tracks_per_zone*/ {0, 0},
164	/*alt_sectors_per_zone*/ {0, 0},
165	/*alt_tracks_per_zone*/ {0, 0},
166	/*alt_tracks_per_lun*/ {0, 0},
167	/*sectors_per_track*/ {0, 0},
168	/*bytes_per_sector*/ {0, 0},
169	/*interleave*/ {0, 0},
170	/*track_skew*/ {0, 0},
171	/*cylinder_skew*/ {0, 0},
172	/*flags*/ 0,
173	/*reserved*/ {0, 0, 0}
174};
175
176const static struct scsi_rigid_disk_page rigid_disk_page_default = {
177	/*page_code*/SMS_RIGID_DISK_PAGE,
178	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
179	/*cylinders*/ {0, 0, 0},
180	/*heads*/ CTL_DEFAULT_HEADS,
181	/*start_write_precomp*/ {0, 0, 0},
182	/*start_reduced_current*/ {0, 0, 0},
183	/*step_rate*/ {0, 0},
184	/*landing_zone_cylinder*/ {0, 0, 0},
185	/*rpl*/ SRDP_RPL_DISABLED,
186	/*rotational_offset*/ 0,
187	/*reserved1*/ 0,
188	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
189			   CTL_DEFAULT_ROTATION_RATE & 0xff},
190	/*reserved2*/ {0, 0}
191};
192
193const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
194	/*page_code*/SMS_RIGID_DISK_PAGE,
195	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
196	/*cylinders*/ {0, 0, 0},
197	/*heads*/ 0,
198	/*start_write_precomp*/ {0, 0, 0},
199	/*start_reduced_current*/ {0, 0, 0},
200	/*step_rate*/ {0, 0},
201	/*landing_zone_cylinder*/ {0, 0, 0},
202	/*rpl*/ 0,
203	/*rotational_offset*/ 0,
204	/*reserved1*/ 0,
205	/*rotation_rate*/ {0, 0},
206	/*reserved2*/ {0, 0}
207};
208
209const static struct scsi_caching_page caching_page_default = {
210	/*page_code*/SMS_CACHING_PAGE,
211	/*page_length*/sizeof(struct scsi_caching_page) - 2,
212	/*flags1*/ SCP_DISC | SCP_WCE,
213	/*ret_priority*/ 0,
214	/*disable_pf_transfer_len*/ {0xff, 0xff},
215	/*min_prefetch*/ {0, 0},
216	/*max_prefetch*/ {0xff, 0xff},
217	/*max_pf_ceiling*/ {0xff, 0xff},
218	/*flags2*/ 0,
219	/*cache_segments*/ 0,
220	/*cache_seg_size*/ {0, 0},
221	/*reserved*/ 0,
222	/*non_cache_seg_size*/ {0, 0, 0}
223};
224
225const static struct scsi_caching_page caching_page_changeable = {
226	/*page_code*/SMS_CACHING_PAGE,
227	/*page_length*/sizeof(struct scsi_caching_page) - 2,
228	/*flags1*/ SCP_WCE | SCP_RCD,
229	/*ret_priority*/ 0,
230	/*disable_pf_transfer_len*/ {0, 0},
231	/*min_prefetch*/ {0, 0},
232	/*max_prefetch*/ {0, 0},
233	/*max_pf_ceiling*/ {0, 0},
234	/*flags2*/ 0,
235	/*cache_segments*/ 0,
236	/*cache_seg_size*/ {0, 0},
237	/*reserved*/ 0,
238	/*non_cache_seg_size*/ {0, 0, 0}
239};
240
241const static struct scsi_control_page control_page_default = {
242	/*page_code*/SMS_CONTROL_MODE_PAGE,
243	/*page_length*/sizeof(struct scsi_control_page) - 2,
244	/*rlec*/0,
245	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
246	/*eca_and_aen*/0,
247	/*flags4*/SCP_TAS,
248	/*aen_holdoff_period*/{0, 0},
249	/*busy_timeout_period*/{0, 0},
250	/*extended_selftest_completion_time*/{0, 0}
251};
252
253const static struct scsi_control_page control_page_changeable = {
254	/*page_code*/SMS_CONTROL_MODE_PAGE,
255	/*page_length*/sizeof(struct scsi_control_page) - 2,
256	/*rlec*/SCP_DSENSE,
257	/*queue_flags*/SCP_QUEUE_ALG_MASK,
258	/*eca_and_aen*/SCP_SWP,
259	/*flags4*/0,
260	/*aen_holdoff_period*/{0, 0},
261	/*busy_timeout_period*/{0, 0},
262	/*extended_selftest_completion_time*/{0, 0}
263};
264
265#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
266
267const static struct scsi_control_ext_page control_ext_page_default = {
268	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
269	/*subpage_code*/0x01,
270	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
271	/*flags*/0,
272	/*prio*/0,
273	/*max_sense*/0
274};
275
276const static struct scsi_control_ext_page control_ext_page_changeable = {
277	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
278	/*subpage_code*/0x01,
279	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
280	/*flags*/0,
281	/*prio*/0,
282	/*max_sense*/0
283};
284
285const static struct scsi_info_exceptions_page ie_page_default = {
286	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
287	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
288	/*info_flags*/SIEP_FLAGS_DEXCPT,
289	/*mrie*/0,
290	/*interval_timer*/{0, 0, 0, 0},
291	/*report_count*/{0, 0, 0, 0}
292};
293
294const static struct scsi_info_exceptions_page ie_page_changeable = {
295	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
296	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
297	/*info_flags*/0,
298	/*mrie*/0,
299	/*interval_timer*/{0, 0, 0, 0},
300	/*report_count*/{0, 0, 0, 0}
301};
302
303#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
304
305const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
306	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
307	/*subpage_code*/0x02,
308	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
309	/*flags*/0,
310	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311	/*descr*/{}},
312	{{/*flags*/0,
313	  /*resource*/0x01,
314	  /*reserved*/{0, 0},
315	  /*count*/{0, 0, 0, 0}},
316	 {/*flags*/0,
317	  /*resource*/0x02,
318	  /*reserved*/{0, 0},
319	  /*count*/{0, 0, 0, 0}},
320	 {/*flags*/0,
321	  /*resource*/0xf1,
322	  /*reserved*/{0, 0},
323	  /*count*/{0, 0, 0, 0}},
324	 {/*flags*/0,
325	  /*resource*/0xf2,
326	  /*reserved*/{0, 0},
327	  /*count*/{0, 0, 0, 0}}
328	}
329};
330
331const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
332	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
333	/*subpage_code*/0x02,
334	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
335	/*flags*/0,
336	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
337	/*descr*/{}},
338	{{/*flags*/0,
339	  /*resource*/0,
340	  /*reserved*/{0, 0},
341	  /*count*/{0, 0, 0, 0}},
342	 {/*flags*/0,
343	  /*resource*/0,
344	  /*reserved*/{0, 0},
345	  /*count*/{0, 0, 0, 0}},
346	 {/*flags*/0,
347	  /*resource*/0,
348	  /*reserved*/{0, 0},
349	  /*count*/{0, 0, 0, 0}},
350	 {/*flags*/0,
351	  /*resource*/0,
352	  /*reserved*/{0, 0},
353	  /*count*/{0, 0, 0, 0}}
354	}
355};
356
357const static struct scsi_cddvd_capabilities_page cddvd_page_default = {
358	/*page_code*/SMS_CDDVD_CAPS_PAGE,
359	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
360	/*caps1*/0x3f,
361	/*caps2*/0x00,
362	/*caps3*/0xf0,
363	/*caps4*/0x00,
364	/*caps5*/0x29,
365	/*caps6*/0x00,
366	/*obsolete*/{0, 0},
367	/*nvol_levels*/{0, 0},
368	/*buffer_size*/{8, 0},
369	/*obsolete2*/{0, 0},
370	/*reserved*/0,
371	/*digital*/0,
372	/*obsolete3*/0,
373	/*copy_management*/0,
374	/*reserved2*/0,
375	/*rotation_control*/0,
376	/*cur_write_speed*/0,
377	/*num_speed_descr*/0,
378};
379
380const static struct scsi_cddvd_capabilities_page cddvd_page_changeable = {
381	/*page_code*/SMS_CDDVD_CAPS_PAGE,
382	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
383	/*caps1*/0,
384	/*caps2*/0,
385	/*caps3*/0,
386	/*caps4*/0,
387	/*caps5*/0,
388	/*caps6*/0,
389	/*obsolete*/{0, 0},
390	/*nvol_levels*/{0, 0},
391	/*buffer_size*/{0, 0},
392	/*obsolete2*/{0, 0},
393	/*reserved*/0,
394	/*digital*/0,
395	/*obsolete3*/0,
396	/*copy_management*/0,
397	/*reserved2*/0,
398	/*rotation_control*/0,
399	/*cur_write_speed*/0,
400	/*num_speed_descr*/0,
401};
402
403SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
404static int worker_threads = -1;
405SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
406    &worker_threads, 1, "Number of worker threads");
407static int ctl_debug = CTL_DEBUG_NONE;
408SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
409    &ctl_debug, 0, "Enabled debug flags");
410
411/*
412 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
413 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
414 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
415 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
416 */
417#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
418
419static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
420				  int param);
421static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
422static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
423static int ctl_init(void);
424void ctl_shutdown(void);
425static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
426static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
427static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
428static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
429			      struct ctl_ooa *ooa_hdr,
430			      struct ctl_ooa_entry *kern_entries);
431static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
432		     struct thread *td);
433static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
434			 struct ctl_be_lun *be_lun);
435static int ctl_free_lun(struct ctl_lun *lun);
436static void ctl_create_lun(struct ctl_be_lun *be_lun);
437static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
438
439static int ctl_do_mode_select(union ctl_io *io);
440static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
441			   uint64_t res_key, uint64_t sa_res_key,
442			   uint8_t type, uint32_t residx,
443			   struct ctl_scsiio *ctsio,
444			   struct scsi_per_res_out *cdb,
445			   struct scsi_per_res_out_parms* param);
446static void ctl_pro_preempt_other(struct ctl_lun *lun,
447				  union ctl_ha_msg *msg);
448static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
449static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
450static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
451static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
452static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
453static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
454static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
455					 int alloc_len);
456static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
457					 int alloc_len);
458static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
459static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
460static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
461static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
462static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
463static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
464    bool seq);
465static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
466static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
467    union ctl_io *pending_io, union ctl_io *ooa_io);
468static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
469				union ctl_io *starting_io);
470static int ctl_check_blocked(struct ctl_lun *lun);
471static int ctl_scsiio_lun_check(struct ctl_lun *lun,
472				const struct ctl_cmd_entry *entry,
473				struct ctl_scsiio *ctsio);
474static void ctl_failover_lun(union ctl_io *io);
475static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
476			       struct ctl_scsiio *ctsio);
477static int ctl_scsiio(struct ctl_scsiio *ctsio);
478
479static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
480static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
481			    ctl_ua_type ua_type);
482static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
483			 ctl_ua_type ua_type);
484static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
485static int ctl_abort_task(union ctl_io *io);
486static int ctl_abort_task_set(union ctl_io *io);
487static int ctl_query_task(union ctl_io *io, int task_set);
488static int ctl_i_t_nexus_reset(union ctl_io *io);
489static int ctl_query_async_event(union ctl_io *io);
490static void ctl_run_task(union ctl_io *io);
491#ifdef CTL_IO_DELAY
492static void ctl_datamove_timer_wakeup(void *arg);
493static void ctl_done_timer_wakeup(void *arg);
494#endif /* CTL_IO_DELAY */
495
496static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
497static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
498static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
499static void ctl_datamove_remote_write(union ctl_io *io);
500static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
501static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
502static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
503static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
504				    ctl_ha_dt_cb callback);
505static void ctl_datamove_remote_read(union ctl_io *io);
506static void ctl_datamove_remote(union ctl_io *io);
507static void ctl_process_done(union ctl_io *io);
508static void ctl_lun_thread(void *arg);
509static void ctl_thresh_thread(void *arg);
510static void ctl_work_thread(void *arg);
511static void ctl_enqueue_incoming(union ctl_io *io);
512static void ctl_enqueue_rtr(union ctl_io *io);
513static void ctl_enqueue_done(union ctl_io *io);
514static void ctl_enqueue_isc(union ctl_io *io);
515static const struct ctl_cmd_entry *
516    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
517static const struct ctl_cmd_entry *
518    ctl_validate_command(struct ctl_scsiio *ctsio);
519static int ctl_cmd_applicable(uint8_t lun_type,
520    const struct ctl_cmd_entry *entry);
521
522static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
523static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
524static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
525static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
526
527/*
528 * Load the serialization table.  This isn't very pretty, but is probably
529 * the easiest way to do it.
530 */
531#include "ctl_ser_table.c"
532
533/*
534 * We only need to define open, close and ioctl routines for this driver.
535 */
536static struct cdevsw ctl_cdevsw = {
537	.d_version =	D_VERSION,
538	.d_flags =	0,
539	.d_open =	ctl_open,
540	.d_close =	ctl_close,
541	.d_ioctl =	ctl_ioctl,
542	.d_name =	"ctl",
543};
544
545
546MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
547
548static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
549
550static moduledata_t ctl_moduledata = {
551	"ctl",
552	ctl_module_event_handler,
553	NULL
554};
555
556DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
557MODULE_VERSION(ctl, 1);
558
559static struct ctl_frontend ha_frontend =
560{
561	.name = "ha",
562};
563
564static void
565ctl_ha_datamove(union ctl_io *io)
566{
567	struct ctl_lun *lun;
568	struct ctl_sg_entry *sgl;
569	union ctl_ha_msg msg;
570	uint32_t sg_entries_sent;
571	int do_sg_copy, i, j;
572
573	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
574	memset(&msg.dt, 0, sizeof(msg.dt));
575	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
576	msg.hdr.original_sc = io->io_hdr.original_sc;
577	msg.hdr.serializing_sc = io;
578	msg.hdr.nexus = io->io_hdr.nexus;
579	msg.hdr.status = io->io_hdr.status;
580	msg.dt.flags = io->io_hdr.flags;
581
582	/*
583	 * We convert everything into a S/G list here.  We can't
584	 * pass by reference, only by value between controllers.
585	 * So we can't pass a pointer to the S/G list, only as many
586	 * S/G entries as we can fit in here.  If it's possible for
587	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
588	 * then we need to break this up into multiple transfers.
589	 */
590	if (io->scsiio.kern_sg_entries == 0) {
591		msg.dt.kern_sg_entries = 1;
592#if 0
593		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
594			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
595		} else {
596			/* XXX KDM use busdma here! */
597			msg.dt.sg_list[0].addr =
598			    (void *)vtophys(io->scsiio.kern_data_ptr);
599		}
600#else
601		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
602		    ("HA does not support BUS_ADDR"));
603		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
604#endif
605		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
606		do_sg_copy = 0;
607	} else {
608		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
609		do_sg_copy = 1;
610	}
611
612	msg.dt.kern_data_len = io->scsiio.kern_data_len;
613	msg.dt.kern_total_len = io->scsiio.kern_total_len;
614	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
615	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
616	msg.dt.sg_sequence = 0;
617
618	/*
619	 * Loop until we've sent all of the S/G entries.  On the
620	 * other end, we'll recompose these S/G entries into one
621	 * contiguous list before processing.
622	 */
623	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
624	    msg.dt.sg_sequence++) {
625		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
626		    sizeof(msg.dt.sg_list[0])),
627		    msg.dt.kern_sg_entries - sg_entries_sent);
628		if (do_sg_copy != 0) {
629			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
630			for (i = sg_entries_sent, j = 0;
631			     i < msg.dt.cur_sg_entries; i++, j++) {
632#if 0
633				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
634					msg.dt.sg_list[j].addr = sgl[i].addr;
635				} else {
636					/* XXX KDM use busdma here! */
637					msg.dt.sg_list[j].addr =
638					    (void *)vtophys(sgl[i].addr);
639				}
640#else
641				KASSERT((io->io_hdr.flags &
642				    CTL_FLAG_BUS_ADDR) == 0,
643				    ("HA does not support BUS_ADDR"));
644				msg.dt.sg_list[j].addr = sgl[i].addr;
645#endif
646				msg.dt.sg_list[j].len = sgl[i].len;
647			}
648		}
649
650		sg_entries_sent += msg.dt.cur_sg_entries;
651		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
652		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
653		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
654		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
655		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
656			io->io_hdr.port_status = 31341;
657			io->scsiio.be_move_done(io);
658			return;
659		}
660		msg.dt.sent_sg_entries = sg_entries_sent;
661	}
662
663	/*
664	 * Officially handover the request from us to peer.
665	 * If failover has just happened, then we must return error.
666	 * If failover happen just after, then it is not our problem.
667	 */
668	if (lun)
669		mtx_lock(&lun->lun_lock);
670	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
671		if (lun)
672			mtx_unlock(&lun->lun_lock);
673		io->io_hdr.port_status = 31342;
674		io->scsiio.be_move_done(io);
675		return;
676	}
677	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
678	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
679	if (lun)
680		mtx_unlock(&lun->lun_lock);
681}
682
683static void
684ctl_ha_done(union ctl_io *io)
685{
686	union ctl_ha_msg msg;
687
688	if (io->io_hdr.io_type == CTL_IO_SCSI) {
689		memset(&msg, 0, sizeof(msg));
690		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
691		msg.hdr.original_sc = io->io_hdr.original_sc;
692		msg.hdr.nexus = io->io_hdr.nexus;
693		msg.hdr.status = io->io_hdr.status;
694		msg.scsi.scsi_status = io->scsiio.scsi_status;
695		msg.scsi.tag_num = io->scsiio.tag_num;
696		msg.scsi.tag_type = io->scsiio.tag_type;
697		msg.scsi.sense_len = io->scsiio.sense_len;
698		msg.scsi.sense_residual = io->scsiio.sense_residual;
699		msg.scsi.residual = io->scsiio.residual;
700		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
701		    io->scsiio.sense_len);
702		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
703		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
704		    msg.scsi.sense_len, M_WAITOK);
705	}
706	ctl_free_io(io);
707}
708
709static void
710ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
711			    union ctl_ha_msg *msg_info)
712{
713	struct ctl_scsiio *ctsio;
714
715	if (msg_info->hdr.original_sc == NULL) {
716		printf("%s: original_sc == NULL!\n", __func__);
717		/* XXX KDM now what? */
718		return;
719	}
720
721	ctsio = &msg_info->hdr.original_sc->scsiio;
722	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
723	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
724	ctsio->io_hdr.status = msg_info->hdr.status;
725	ctsio->scsi_status = msg_info->scsi.scsi_status;
726	ctsio->sense_len = msg_info->scsi.sense_len;
727	ctsio->sense_residual = msg_info->scsi.sense_residual;
728	ctsio->residual = msg_info->scsi.residual;
729	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
730	       msg_info->scsi.sense_len);
731	ctl_enqueue_isc((union ctl_io *)ctsio);
732}
733
734static void
735ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
736				union ctl_ha_msg *msg_info)
737{
738	struct ctl_scsiio *ctsio;
739
740	if (msg_info->hdr.serializing_sc == NULL) {
741		printf("%s: serializing_sc == NULL!\n", __func__);
742		/* XXX KDM now what? */
743		return;
744	}
745
746	ctsio = &msg_info->hdr.serializing_sc->scsiio;
747	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
748	ctl_enqueue_isc((union ctl_io *)ctsio);
749}
750
751void
752ctl_isc_announce_lun(struct ctl_lun *lun)
753{
754	struct ctl_softc *softc = lun->ctl_softc;
755	union ctl_ha_msg *msg;
756	struct ctl_ha_msg_lun_pr_key pr_key;
757	int i, k;
758
759	if (softc->ha_link != CTL_HA_LINK_ONLINE)
760		return;
761	mtx_lock(&lun->lun_lock);
762	i = sizeof(msg->lun);
763	if (lun->lun_devid)
764		i += lun->lun_devid->len;
765	i += sizeof(pr_key) * lun->pr_key_count;
766alloc:
767	mtx_unlock(&lun->lun_lock);
768	msg = malloc(i, M_CTL, M_WAITOK);
769	mtx_lock(&lun->lun_lock);
770	k = sizeof(msg->lun);
771	if (lun->lun_devid)
772		k += lun->lun_devid->len;
773	k += sizeof(pr_key) * lun->pr_key_count;
774	if (i < k) {
775		free(msg, M_CTL);
776		i = k;
777		goto alloc;
778	}
779	bzero(&msg->lun, sizeof(msg->lun));
780	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
781	msg->hdr.nexus.targ_lun = lun->lun;
782	msg->hdr.nexus.targ_mapped_lun = lun->lun;
783	msg->lun.flags = lun->flags;
784	msg->lun.pr_generation = lun->pr_generation;
785	msg->lun.pr_res_idx = lun->pr_res_idx;
786	msg->lun.pr_res_type = lun->pr_res_type;
787	msg->lun.pr_key_count = lun->pr_key_count;
788	i = 0;
789	if (lun->lun_devid) {
790		msg->lun.lun_devid_len = lun->lun_devid->len;
791		memcpy(&msg->lun.data[i], lun->lun_devid->data,
792		    msg->lun.lun_devid_len);
793		i += msg->lun.lun_devid_len;
794	}
795	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
796		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
797			continue;
798		pr_key.pr_iid = k;
799		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
800		i += sizeof(pr_key);
801	}
802	mtx_unlock(&lun->lun_lock);
803	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
804	    M_WAITOK);
805	free(msg, M_CTL);
806
807	if (lun->flags & CTL_LUN_PRIMARY_SC) {
808		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
809			ctl_isc_announce_mode(lun, -1,
810			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
811			    lun->mode_pages.index[i].subpage);
812		}
813	}
814}
815
816void
817ctl_isc_announce_port(struct ctl_port *port)
818{
819	struct ctl_softc *softc = port->ctl_softc;
820	union ctl_ha_msg *msg;
821	int i;
822
823	if (port->targ_port < softc->port_min ||
824	    port->targ_port >= softc->port_max ||
825	    softc->ha_link != CTL_HA_LINK_ONLINE)
826		return;
827	i = sizeof(msg->port) + strlen(port->port_name) + 1;
828	if (port->lun_map)
829		i += sizeof(uint32_t) * CTL_MAX_LUNS;
830	if (port->port_devid)
831		i += port->port_devid->len;
832	if (port->target_devid)
833		i += port->target_devid->len;
834	if (port->init_devid)
835		i += port->init_devid->len;
836	msg = malloc(i, M_CTL, M_WAITOK);
837	bzero(&msg->port, sizeof(msg->port));
838	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
839	msg->hdr.nexus.targ_port = port->targ_port;
840	msg->port.port_type = port->port_type;
841	msg->port.physical_port = port->physical_port;
842	msg->port.virtual_port = port->virtual_port;
843	msg->port.status = port->status;
844	i = 0;
845	msg->port.name_len = sprintf(&msg->port.data[i],
846	    "%d:%s", softc->ha_id, port->port_name) + 1;
847	i += msg->port.name_len;
848	if (port->lun_map) {
849		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
850		memcpy(&msg->port.data[i], port->lun_map,
851		    msg->port.lun_map_len);
852		i += msg->port.lun_map_len;
853	}
854	if (port->port_devid) {
855		msg->port.port_devid_len = port->port_devid->len;
856		memcpy(&msg->port.data[i], port->port_devid->data,
857		    msg->port.port_devid_len);
858		i += msg->port.port_devid_len;
859	}
860	if (port->target_devid) {
861		msg->port.target_devid_len = port->target_devid->len;
862		memcpy(&msg->port.data[i], port->target_devid->data,
863		    msg->port.target_devid_len);
864		i += msg->port.target_devid_len;
865	}
866	if (port->init_devid) {
867		msg->port.init_devid_len = port->init_devid->len;
868		memcpy(&msg->port.data[i], port->init_devid->data,
869		    msg->port.init_devid_len);
870		i += msg->port.init_devid_len;
871	}
872	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
873	    M_WAITOK);
874	free(msg, M_CTL);
875}
876
877void
878ctl_isc_announce_iid(struct ctl_port *port, int iid)
879{
880	struct ctl_softc *softc = port->ctl_softc;
881	union ctl_ha_msg *msg;
882	int i, l;
883
884	if (port->targ_port < softc->port_min ||
885	    port->targ_port >= softc->port_max ||
886	    softc->ha_link != CTL_HA_LINK_ONLINE)
887		return;
888	mtx_lock(&softc->ctl_lock);
889	i = sizeof(msg->iid);
890	l = 0;
891	if (port->wwpn_iid[iid].name)
892		l = strlen(port->wwpn_iid[iid].name) + 1;
893	i += l;
894	msg = malloc(i, M_CTL, M_NOWAIT);
895	if (msg == NULL) {
896		mtx_unlock(&softc->ctl_lock);
897		return;
898	}
899	bzero(&msg->iid, sizeof(msg->iid));
900	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
901	msg->hdr.nexus.targ_port = port->targ_port;
902	msg->hdr.nexus.initid = iid;
903	msg->iid.in_use = port->wwpn_iid[iid].in_use;
904	msg->iid.name_len = l;
905	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
906	if (port->wwpn_iid[iid].name)
907		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
908	mtx_unlock(&softc->ctl_lock);
909	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
910	free(msg, M_CTL);
911}
912
913void
914ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
915    uint8_t page, uint8_t subpage)
916{
917	struct ctl_softc *softc = lun->ctl_softc;
918	union ctl_ha_msg msg;
919	int i;
920
921	if (softc->ha_link != CTL_HA_LINK_ONLINE)
922		return;
923	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
924		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
925		    page && lun->mode_pages.index[i].subpage == subpage)
926			break;
927	}
928	if (i == CTL_NUM_MODE_PAGES)
929		return;
930	bzero(&msg.mode, sizeof(msg.mode));
931	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
932	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
933	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
934	msg.hdr.nexus.targ_lun = lun->lun;
935	msg.hdr.nexus.targ_mapped_lun = lun->lun;
936	msg.mode.page_code = page;
937	msg.mode.subpage = subpage;
938	msg.mode.page_len = lun->mode_pages.index[i].page_len;
939	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
940	    msg.mode.page_len);
941	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
942	    M_WAITOK);
943}
944
945static void
946ctl_isc_ha_link_up(struct ctl_softc *softc)
947{
948	struct ctl_port *port;
949	struct ctl_lun *lun;
950	union ctl_ha_msg msg;
951	int i;
952
953	/* Announce this node parameters to peer for validation. */
954	msg.login.msg_type = CTL_MSG_LOGIN;
955	msg.login.version = CTL_HA_VERSION;
956	msg.login.ha_mode = softc->ha_mode;
957	msg.login.ha_id = softc->ha_id;
958	msg.login.max_luns = CTL_MAX_LUNS;
959	msg.login.max_ports = CTL_MAX_PORTS;
960	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
961	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
962	    M_WAITOK);
963
964	STAILQ_FOREACH(port, &softc->port_list, links) {
965		ctl_isc_announce_port(port);
966		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
967			if (port->wwpn_iid[i].in_use)
968				ctl_isc_announce_iid(port, i);
969		}
970	}
971	STAILQ_FOREACH(lun, &softc->lun_list, links)
972		ctl_isc_announce_lun(lun);
973}
974
975static void
976ctl_isc_ha_link_down(struct ctl_softc *softc)
977{
978	struct ctl_port *port;
979	struct ctl_lun *lun;
980	union ctl_io *io;
981	int i;
982
983	mtx_lock(&softc->ctl_lock);
984	STAILQ_FOREACH(lun, &softc->lun_list, links) {
985		mtx_lock(&lun->lun_lock);
986		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
987			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
988			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
989		}
990		mtx_unlock(&lun->lun_lock);
991
992		mtx_unlock(&softc->ctl_lock);
993		io = ctl_alloc_io(softc->othersc_pool);
994		mtx_lock(&softc->ctl_lock);
995		ctl_zero_io(io);
996		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
997		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
998		ctl_enqueue_isc(io);
999	}
1000
1001	STAILQ_FOREACH(port, &softc->port_list, links) {
1002		if (port->targ_port >= softc->port_min &&
1003		    port->targ_port < softc->port_max)
1004			continue;
1005		port->status &= ~CTL_PORT_STATUS_ONLINE;
1006		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1007			port->wwpn_iid[i].in_use = 0;
1008			free(port->wwpn_iid[i].name, M_CTL);
1009			port->wwpn_iid[i].name = NULL;
1010		}
1011	}
1012	mtx_unlock(&softc->ctl_lock);
1013}
1014
1015static void
1016ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1017{
1018	struct ctl_lun *lun;
1019	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
1020
1021	mtx_lock(&softc->ctl_lock);
1022	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
1023	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
1024		mtx_lock(&lun->lun_lock);
1025		mtx_unlock(&softc->ctl_lock);
1026		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
1027		    msg->ua.ua_set)
1028			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
1029		if (msg->ua.ua_all) {
1030			if (msg->ua.ua_set)
1031				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
1032			else
1033				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
1034		} else {
1035			if (msg->ua.ua_set)
1036				ctl_est_ua(lun, iid, msg->ua.ua_type);
1037			else
1038				ctl_clr_ua(lun, iid, msg->ua.ua_type);
1039		}
1040		mtx_unlock(&lun->lun_lock);
1041	} else
1042		mtx_unlock(&softc->ctl_lock);
1043}
1044
1045static void
1046ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1047{
1048	struct ctl_lun *lun;
1049	struct ctl_ha_msg_lun_pr_key pr_key;
1050	int i, k;
1051	ctl_lun_flags oflags;
1052	uint32_t targ_lun;
1053
1054	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1055	mtx_lock(&softc->ctl_lock);
1056	if ((targ_lun >= CTL_MAX_LUNS) ||
1057	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1058		mtx_unlock(&softc->ctl_lock);
1059		return;
1060	}
1061	mtx_lock(&lun->lun_lock);
1062	mtx_unlock(&softc->ctl_lock);
1063	if (lun->flags & CTL_LUN_DISABLED) {
1064		mtx_unlock(&lun->lun_lock);
1065		return;
1066	}
1067	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1068	if (msg->lun.lun_devid_len != i || (i > 0 &&
1069	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1070		mtx_unlock(&lun->lun_lock);
1071		printf("%s: Received conflicting HA LUN %d\n",
1072		    __func__, msg->hdr.nexus.targ_lun);
1073		return;
1074	} else {
1075		/* Record whether peer is primary. */
1076		oflags = lun->flags;
1077		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1078		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1079			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1080		else
1081			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1082		if (oflags != lun->flags)
1083			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1084
1085		/* If peer is primary and we are not -- use data */
1086		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1087		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1088			lun->pr_generation = msg->lun.pr_generation;
1089			lun->pr_res_idx = msg->lun.pr_res_idx;
1090			lun->pr_res_type = msg->lun.pr_res_type;
1091			lun->pr_key_count = msg->lun.pr_key_count;
1092			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1093				ctl_clr_prkey(lun, k);
1094			for (k = 0; k < msg->lun.pr_key_count; k++) {
1095				memcpy(&pr_key, &msg->lun.data[i],
1096				    sizeof(pr_key));
1097				ctl_alloc_prkey(lun, pr_key.pr_iid);
1098				ctl_set_prkey(lun, pr_key.pr_iid,
1099				    pr_key.pr_key);
1100				i += sizeof(pr_key);
1101			}
1102		}
1103
1104		mtx_unlock(&lun->lun_lock);
1105		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1106		    __func__, msg->hdr.nexus.targ_lun,
1107		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1108		    "primary" : "secondary"));
1109
1110		/* If we are primary but peer doesn't know -- notify */
1111		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1112		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1113			ctl_isc_announce_lun(lun);
1114	}
1115}
1116
1117static void
1118ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1119{
1120	struct ctl_port *port;
1121	struct ctl_lun *lun;
1122	int i, new;
1123
1124	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1125	if (port == NULL) {
1126		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1127		    msg->hdr.nexus.targ_port));
1128		new = 1;
1129		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1130		port->frontend = &ha_frontend;
1131		port->targ_port = msg->hdr.nexus.targ_port;
1132		port->fe_datamove = ctl_ha_datamove;
1133		port->fe_done = ctl_ha_done;
1134	} else if (port->frontend == &ha_frontend) {
1135		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1136		    msg->hdr.nexus.targ_port));
1137		new = 0;
1138	} else {
1139		printf("%s: Received conflicting HA port %d\n",
1140		    __func__, msg->hdr.nexus.targ_port);
1141		return;
1142	}
1143	port->port_type = msg->port.port_type;
1144	port->physical_port = msg->port.physical_port;
1145	port->virtual_port = msg->port.virtual_port;
1146	port->status = msg->port.status;
1147	i = 0;
1148	free(port->port_name, M_CTL);
1149	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1150	    M_CTL);
1151	i += msg->port.name_len;
1152	if (msg->port.lun_map_len != 0) {
1153		if (port->lun_map == NULL)
1154			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1155			    M_CTL, M_WAITOK);
1156		memcpy(port->lun_map, &msg->port.data[i],
1157		    sizeof(uint32_t) * CTL_MAX_LUNS);
1158		i += msg->port.lun_map_len;
1159	} else {
1160		free(port->lun_map, M_CTL);
1161		port->lun_map = NULL;
1162	}
1163	if (msg->port.port_devid_len != 0) {
1164		if (port->port_devid == NULL ||
1165		    port->port_devid->len != msg->port.port_devid_len) {
1166			free(port->port_devid, M_CTL);
1167			port->port_devid = malloc(sizeof(struct ctl_devid) +
1168			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1169		}
1170		memcpy(port->port_devid->data, &msg->port.data[i],
1171		    msg->port.port_devid_len);
1172		port->port_devid->len = msg->port.port_devid_len;
1173		i += msg->port.port_devid_len;
1174	} else {
1175		free(port->port_devid, M_CTL);
1176		port->port_devid = NULL;
1177	}
1178	if (msg->port.target_devid_len != 0) {
1179		if (port->target_devid == NULL ||
1180		    port->target_devid->len != msg->port.target_devid_len) {
1181			free(port->target_devid, M_CTL);
1182			port->target_devid = malloc(sizeof(struct ctl_devid) +
1183			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1184		}
1185		memcpy(port->target_devid->data, &msg->port.data[i],
1186		    msg->port.target_devid_len);
1187		port->target_devid->len = msg->port.target_devid_len;
1188		i += msg->port.target_devid_len;
1189	} else {
1190		free(port->target_devid, M_CTL);
1191		port->target_devid = NULL;
1192	}
1193	if (msg->port.init_devid_len != 0) {
1194		if (port->init_devid == NULL ||
1195		    port->init_devid->len != msg->port.init_devid_len) {
1196			free(port->init_devid, M_CTL);
1197			port->init_devid = malloc(sizeof(struct ctl_devid) +
1198			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1199		}
1200		memcpy(port->init_devid->data, &msg->port.data[i],
1201		    msg->port.init_devid_len);
1202		port->init_devid->len = msg->port.init_devid_len;
1203		i += msg->port.init_devid_len;
1204	} else {
1205		free(port->init_devid, M_CTL);
1206		port->init_devid = NULL;
1207	}
1208	if (new) {
1209		if (ctl_port_register(port) != 0) {
1210			printf("%s: ctl_port_register() failed with error\n",
1211			    __func__);
1212		}
1213	}
1214	mtx_lock(&softc->ctl_lock);
1215	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1216		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1217			continue;
1218		mtx_lock(&lun->lun_lock);
1219		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1220		mtx_unlock(&lun->lun_lock);
1221	}
1222	mtx_unlock(&softc->ctl_lock);
1223}
1224
1225static void
1226ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1227{
1228	struct ctl_port *port;
1229	int iid;
1230
1231	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1232	if (port == NULL) {
1233		printf("%s: Received IID for unknown port %d\n",
1234		    __func__, msg->hdr.nexus.targ_port);
1235		return;
1236	}
1237	iid = msg->hdr.nexus.initid;
1238	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1239	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1240	free(port->wwpn_iid[iid].name, M_CTL);
1241	if (msg->iid.name_len) {
1242		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1243		    msg->iid.name_len, M_CTL);
1244	} else
1245		port->wwpn_iid[iid].name = NULL;
1246}
1247
1248static void
1249ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1250{
1251
1252	if (msg->login.version != CTL_HA_VERSION) {
1253		printf("CTL HA peers have different versions %d != %d\n",
1254		    msg->login.version, CTL_HA_VERSION);
1255		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1256		return;
1257	}
1258	if (msg->login.ha_mode != softc->ha_mode) {
1259		printf("CTL HA peers have different ha_mode %d != %d\n",
1260		    msg->login.ha_mode, softc->ha_mode);
1261		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1262		return;
1263	}
1264	if (msg->login.ha_id == softc->ha_id) {
1265		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1266		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1267		return;
1268	}
1269	if (msg->login.max_luns != CTL_MAX_LUNS ||
1270	    msg->login.max_ports != CTL_MAX_PORTS ||
1271	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1272		printf("CTL HA peers have different limits\n");
1273		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1274		return;
1275	}
1276}
1277
1278static void
1279ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1280{
1281	struct ctl_lun *lun;
1282	int i;
1283	uint32_t initidx, targ_lun;
1284
1285	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1286	mtx_lock(&softc->ctl_lock);
1287	if ((targ_lun >= CTL_MAX_LUNS) ||
1288	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1289		mtx_unlock(&softc->ctl_lock);
1290		return;
1291	}
1292	mtx_lock(&lun->lun_lock);
1293	mtx_unlock(&softc->ctl_lock);
1294	if (lun->flags & CTL_LUN_DISABLED) {
1295		mtx_unlock(&lun->lun_lock);
1296		return;
1297	}
1298	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1299		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1300		    msg->mode.page_code &&
1301		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1302			break;
1303	}
1304	if (i == CTL_NUM_MODE_PAGES) {
1305		mtx_unlock(&lun->lun_lock);
1306		return;
1307	}
1308	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1309	    lun->mode_pages.index[i].page_len);
1310	initidx = ctl_get_initindex(&msg->hdr.nexus);
1311	if (initidx != -1)
1312		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1313	mtx_unlock(&lun->lun_lock);
1314}
1315
1316/*
1317 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1318 * subsystem come in here.
1319 */
1320static void
1321ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1322{
1323	struct ctl_softc *softc = control_softc;
1324	union ctl_io *io;
1325	struct ctl_prio *presio;
1326	ctl_ha_status isc_status;
1327
1328	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1329	if (event == CTL_HA_EVT_MSG_RECV) {
1330		union ctl_ha_msg *msg, msgbuf;
1331
1332		if (param > sizeof(msgbuf))
1333			msg = malloc(param, M_CTL, M_WAITOK);
1334		else
1335			msg = &msgbuf;
1336		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1337		    M_WAITOK);
1338		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1339			printf("%s: Error receiving message: %d\n",
1340			    __func__, isc_status);
1341			if (msg != &msgbuf)
1342				free(msg, M_CTL);
1343			return;
1344		}
1345
1346		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1347		switch (msg->hdr.msg_type) {
1348		case CTL_MSG_SERIALIZE:
1349			io = ctl_alloc_io(softc->othersc_pool);
1350			ctl_zero_io(io);
1351			// populate ctsio from msg
1352			io->io_hdr.io_type = CTL_IO_SCSI;
1353			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1354			io->io_hdr.original_sc = msg->hdr.original_sc;
1355			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1356					    CTL_FLAG_IO_ACTIVE;
1357			/*
1358			 * If we're in serialization-only mode, we don't
1359			 * want to go through full done processing.  Thus
1360			 * the COPY flag.
1361			 *
1362			 * XXX KDM add another flag that is more specific.
1363			 */
1364			if (softc->ha_mode != CTL_HA_MODE_XFER)
1365				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1366			io->io_hdr.nexus = msg->hdr.nexus;
1367#if 0
1368			printf("port %u, iid %u, lun %u\n",
1369			       io->io_hdr.nexus.targ_port,
1370			       io->io_hdr.nexus.initid,
1371			       io->io_hdr.nexus.targ_lun);
1372#endif
1373			io->scsiio.tag_num = msg->scsi.tag_num;
1374			io->scsiio.tag_type = msg->scsi.tag_type;
1375#ifdef CTL_TIME_IO
1376			io->io_hdr.start_time = time_uptime;
1377			getbinuptime(&io->io_hdr.start_bt);
1378#endif /* CTL_TIME_IO */
1379			io->scsiio.cdb_len = msg->scsi.cdb_len;
1380			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1381			       CTL_MAX_CDBLEN);
1382			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1383				const struct ctl_cmd_entry *entry;
1384
1385				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1386				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1387				io->io_hdr.flags |=
1388					entry->flags & CTL_FLAG_DATA_MASK;
1389			}
1390			ctl_enqueue_isc(io);
1391			break;
1392
1393		/* Performed on the Originating SC, XFER mode only */
1394		case CTL_MSG_DATAMOVE: {
1395			struct ctl_sg_entry *sgl;
1396			int i, j;
1397
1398			io = msg->hdr.original_sc;
1399			if (io == NULL) {
1400				printf("%s: original_sc == NULL!\n", __func__);
1401				/* XXX KDM do something here */
1402				break;
1403			}
1404			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1405			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1406			/*
1407			 * Keep track of this, we need to send it back over
1408			 * when the datamove is complete.
1409			 */
1410			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1411			if (msg->hdr.status == CTL_SUCCESS)
1412				io->io_hdr.status = msg->hdr.status;
1413
1414			if (msg->dt.sg_sequence == 0) {
1415#ifdef CTL_TIME_IO
1416				getbinuptime(&io->io_hdr.dma_start_bt);
1417#endif
1418				i = msg->dt.kern_sg_entries +
1419				    msg->dt.kern_data_len /
1420				    CTL_HA_DATAMOVE_SEGMENT + 1;
1421				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1422				    M_WAITOK | M_ZERO);
1423				io->io_hdr.remote_sglist = sgl;
1424				io->io_hdr.local_sglist =
1425				    &sgl[msg->dt.kern_sg_entries];
1426
1427				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1428
1429				io->scsiio.kern_sg_entries =
1430					msg->dt.kern_sg_entries;
1431				io->scsiio.rem_sg_entries =
1432					msg->dt.kern_sg_entries;
1433				io->scsiio.kern_data_len =
1434					msg->dt.kern_data_len;
1435				io->scsiio.kern_total_len =
1436					msg->dt.kern_total_len;
1437				io->scsiio.kern_data_resid =
1438					msg->dt.kern_data_resid;
1439				io->scsiio.kern_rel_offset =
1440					msg->dt.kern_rel_offset;
1441				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1442				io->io_hdr.flags |= msg->dt.flags &
1443				    CTL_FLAG_BUS_ADDR;
1444			} else
1445				sgl = (struct ctl_sg_entry *)
1446					io->scsiio.kern_data_ptr;
1447
1448			for (i = msg->dt.sent_sg_entries, j = 0;
1449			     i < (msg->dt.sent_sg_entries +
1450			     msg->dt.cur_sg_entries); i++, j++) {
1451				sgl[i].addr = msg->dt.sg_list[j].addr;
1452				sgl[i].len = msg->dt.sg_list[j].len;
1453
1454#if 0
1455				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1456				    __func__, sgl[i].addr, sgl[i].len, j, i);
1457#endif
1458			}
1459
1460			/*
1461			 * If this is the last piece of the I/O, we've got
1462			 * the full S/G list.  Queue processing in the thread.
1463			 * Otherwise wait for the next piece.
1464			 */
1465			if (msg->dt.sg_last != 0)
1466				ctl_enqueue_isc(io);
1467			break;
1468		}
1469		/* Performed on the Serializing (primary) SC, XFER mode only */
1470		case CTL_MSG_DATAMOVE_DONE: {
1471			if (msg->hdr.serializing_sc == NULL) {
1472				printf("%s: serializing_sc == NULL!\n",
1473				       __func__);
1474				/* XXX KDM now what? */
1475				break;
1476			}
1477			/*
1478			 * We grab the sense information here in case
1479			 * there was a failure, so we can return status
1480			 * back to the initiator.
1481			 */
1482			io = msg->hdr.serializing_sc;
1483			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1484			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1485			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1486			io->io_hdr.port_status = msg->scsi.fetd_status;
1487			io->scsiio.residual = msg->scsi.residual;
1488			if (msg->hdr.status != CTL_STATUS_NONE) {
1489				io->io_hdr.status = msg->hdr.status;
1490				io->scsiio.scsi_status = msg->scsi.scsi_status;
1491				io->scsiio.sense_len = msg->scsi.sense_len;
1492				io->scsiio.sense_residual =msg->scsi.sense_residual;
1493				memcpy(&io->scsiio.sense_data,
1494				    &msg->scsi.sense_data,
1495				    msg->scsi.sense_len);
1496				if (msg->hdr.status == CTL_SUCCESS)
1497					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1498			}
1499			ctl_enqueue_isc(io);
1500			break;
1501		}
1502
1503		/* Preformed on Originating SC, SER_ONLY mode */
1504		case CTL_MSG_R2R:
1505			io = msg->hdr.original_sc;
1506			if (io == NULL) {
1507				printf("%s: original_sc == NULL!\n",
1508				    __func__);
1509				break;
1510			}
1511			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1512			io->io_hdr.msg_type = CTL_MSG_R2R;
1513			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1514			ctl_enqueue_isc(io);
1515			break;
1516
1517		/*
1518		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1519		 * mode.
1520		 * Performed on the Originating (i.e. secondary) SC in XFER
1521		 * mode
1522		 */
1523		case CTL_MSG_FINISH_IO:
1524			if (softc->ha_mode == CTL_HA_MODE_XFER)
1525				ctl_isc_handler_finish_xfer(softc, msg);
1526			else
1527				ctl_isc_handler_finish_ser_only(softc, msg);
1528			break;
1529
1530		/* Preformed on Originating SC */
1531		case CTL_MSG_BAD_JUJU:
1532			io = msg->hdr.original_sc;
1533			if (io == NULL) {
1534				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1535				       __func__);
1536				break;
1537			}
1538			ctl_copy_sense_data(msg, io);
1539			/*
1540			 * IO should have already been cleaned up on other
1541			 * SC so clear this flag so we won't send a message
1542			 * back to finish the IO there.
1543			 */
1544			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1545			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1546
1547			/* io = msg->hdr.serializing_sc; */
1548			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1549			ctl_enqueue_isc(io);
1550			break;
1551
1552		/* Handle resets sent from the other side */
1553		case CTL_MSG_MANAGE_TASKS: {
1554			struct ctl_taskio *taskio;
1555			taskio = (struct ctl_taskio *)ctl_alloc_io(
1556			    softc->othersc_pool);
1557			ctl_zero_io((union ctl_io *)taskio);
1558			taskio->io_hdr.io_type = CTL_IO_TASK;
1559			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1560			taskio->io_hdr.nexus = msg->hdr.nexus;
1561			taskio->task_action = msg->task.task_action;
1562			taskio->tag_num = msg->task.tag_num;
1563			taskio->tag_type = msg->task.tag_type;
1564#ifdef CTL_TIME_IO
1565			taskio->io_hdr.start_time = time_uptime;
1566			getbinuptime(&taskio->io_hdr.start_bt);
1567#endif /* CTL_TIME_IO */
1568			ctl_run_task((union ctl_io *)taskio);
1569			break;
1570		}
1571		/* Persistent Reserve action which needs attention */
1572		case CTL_MSG_PERS_ACTION:
1573			presio = (struct ctl_prio *)ctl_alloc_io(
1574			    softc->othersc_pool);
1575			ctl_zero_io((union ctl_io *)presio);
1576			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1577			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1578			presio->io_hdr.nexus = msg->hdr.nexus;
1579			presio->pr_msg = msg->pr;
1580			ctl_enqueue_isc((union ctl_io *)presio);
1581			break;
1582		case CTL_MSG_UA:
1583			ctl_isc_ua(softc, msg, param);
1584			break;
1585		case CTL_MSG_PORT_SYNC:
1586			ctl_isc_port_sync(softc, msg, param);
1587			break;
1588		case CTL_MSG_LUN_SYNC:
1589			ctl_isc_lun_sync(softc, msg, param);
1590			break;
1591		case CTL_MSG_IID_SYNC:
1592			ctl_isc_iid_sync(softc, msg, param);
1593			break;
1594		case CTL_MSG_LOGIN:
1595			ctl_isc_login(softc, msg, param);
1596			break;
1597		case CTL_MSG_MODE_SYNC:
1598			ctl_isc_mode_sync(softc, msg, param);
1599			break;
1600		default:
1601			printf("Received HA message of unknown type %d\n",
1602			    msg->hdr.msg_type);
1603			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1604			break;
1605		}
1606		if (msg != &msgbuf)
1607			free(msg, M_CTL);
1608	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1609		printf("CTL: HA link status changed from %d to %d\n",
1610		    softc->ha_link, param);
1611		if (param == softc->ha_link)
1612			return;
1613		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1614			softc->ha_link = param;
1615			ctl_isc_ha_link_down(softc);
1616		} else {
1617			softc->ha_link = param;
1618			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1619				ctl_isc_ha_link_up(softc);
1620		}
1621		return;
1622	} else {
1623		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1624		return;
1625	}
1626}
1627
1628static void
1629ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1630{
1631
1632	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1633	    src->scsi.sense_len);
1634	dest->scsiio.scsi_status = src->scsi.scsi_status;
1635	dest->scsiio.sense_len = src->scsi.sense_len;
1636	dest->io_hdr.status = src->hdr.status;
1637}
1638
1639static void
1640ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1641{
1642
1643	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1644	    src->scsiio.sense_len);
1645	dest->scsi.scsi_status = src->scsiio.scsi_status;
1646	dest->scsi.sense_len = src->scsiio.sense_len;
1647	dest->hdr.status = src->io_hdr.status;
1648}
1649
1650void
1651ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1652{
1653	struct ctl_softc *softc = lun->ctl_softc;
1654	ctl_ua_type *pu;
1655
1656	if (initidx < softc->init_min || initidx >= softc->init_max)
1657		return;
1658	mtx_assert(&lun->lun_lock, MA_OWNED);
1659	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1660	if (pu == NULL)
1661		return;
1662	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1663}
1664
1665void
1666ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1667{
1668	int i;
1669
1670	mtx_assert(&lun->lun_lock, MA_OWNED);
1671	if (lun->pending_ua[port] == NULL)
1672		return;
1673	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1674		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1675			continue;
1676		lun->pending_ua[port][i] |= ua;
1677	}
1678}
1679
1680void
1681ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1682{
1683	struct ctl_softc *softc = lun->ctl_softc;
1684	int i;
1685
1686	mtx_assert(&lun->lun_lock, MA_OWNED);
1687	for (i = softc->port_min; i < softc->port_max; i++)
1688		ctl_est_ua_port(lun, i, except, ua);
1689}
1690
1691void
1692ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1693{
1694	struct ctl_softc *softc = lun->ctl_softc;
1695	ctl_ua_type *pu;
1696
1697	if (initidx < softc->init_min || initidx >= softc->init_max)
1698		return;
1699	mtx_assert(&lun->lun_lock, MA_OWNED);
1700	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1701	if (pu == NULL)
1702		return;
1703	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1704}
1705
1706void
1707ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1708{
1709	struct ctl_softc *softc = lun->ctl_softc;
1710	int i, j;
1711
1712	mtx_assert(&lun->lun_lock, MA_OWNED);
1713	for (i = softc->port_min; i < softc->port_max; i++) {
1714		if (lun->pending_ua[i] == NULL)
1715			continue;
1716		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1717			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1718				continue;
1719			lun->pending_ua[i][j] &= ~ua;
1720		}
1721	}
1722}
1723
1724void
1725ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1726    ctl_ua_type ua_type)
1727{
1728	struct ctl_lun *lun;
1729
1730	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1731	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1732		mtx_lock(&lun->lun_lock);
1733		ctl_clr_ua(lun, initidx, ua_type);
1734		mtx_unlock(&lun->lun_lock);
1735	}
1736}
1737
1738static int
1739ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1740{
1741	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1742	struct ctl_lun *lun;
1743	struct ctl_lun_req ireq;
1744	int error, value;
1745
1746	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1747	error = sysctl_handle_int(oidp, &value, 0, req);
1748	if ((error != 0) || (req->newptr == NULL))
1749		return (error);
1750
1751	mtx_lock(&softc->ctl_lock);
1752	if (value == 0)
1753		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1754	else
1755		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1756	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1757		mtx_unlock(&softc->ctl_lock);
1758		bzero(&ireq, sizeof(ireq));
1759		ireq.reqtype = CTL_LUNREQ_MODIFY;
1760		ireq.reqdata.modify.lun_id = lun->lun;
1761		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1762		    curthread);
1763		if (ireq.status != CTL_LUN_OK) {
1764			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1765			    __func__, ireq.status, ireq.error_str);
1766		}
1767		mtx_lock(&softc->ctl_lock);
1768	}
1769	mtx_unlock(&softc->ctl_lock);
1770	return (0);
1771}
1772
1773static int
1774ctl_init(void)
1775{
1776	struct ctl_softc *softc;
1777	void *other_pool;
1778	int i, error;
1779
1780	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1781			       M_WAITOK | M_ZERO);
1782
1783	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1784			      "cam/ctl");
1785	softc->dev->si_drv1 = softc;
1786
1787	sysctl_ctx_init(&softc->sysctl_ctx);
1788	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1789		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1790		CTLFLAG_RD, 0, "CAM Target Layer");
1791
1792	if (softc->sysctl_tree == NULL) {
1793		printf("%s: unable to allocate sysctl tree\n", __func__);
1794		destroy_dev(softc->dev);
1795		free(control_softc, M_DEVBUF);
1796		control_softc = NULL;
1797		return (ENOMEM);
1798	}
1799
1800	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1801	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1802	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1803	softc->flags = 0;
1804
1805	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1806	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1807	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1808
1809	/*
1810	 * In Copan's HA scheme, the "master" and "slave" roles are
1811	 * figured out through the slot the controller is in.  Although it
1812	 * is an active/active system, someone has to be in charge.
1813	 */
1814	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1815	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1816	    "HA head ID (0 - no HA)");
1817	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1818		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1819		softc->is_single = 1;
1820		softc->port_cnt = CTL_MAX_PORTS;
1821		softc->port_min = 0;
1822	} else {
1823		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1824		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1825	}
1826	softc->port_max = softc->port_min + softc->port_cnt;
1827	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1828	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1829
1830	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1831	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1832	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1833
1834	STAILQ_INIT(&softc->lun_list);
1835	STAILQ_INIT(&softc->pending_lun_queue);
1836	STAILQ_INIT(&softc->fe_list);
1837	STAILQ_INIT(&softc->port_list);
1838	STAILQ_INIT(&softc->be_list);
1839	ctl_tpc_init(softc);
1840
1841	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1842	                    &other_pool) != 0)
1843	{
1844		printf("ctl: can't allocate %d entry other SC pool, "
1845		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1846		return (ENOMEM);
1847	}
1848	softc->othersc_pool = other_pool;
1849
1850	if (worker_threads <= 0)
1851		worker_threads = max(1, mp_ncpus / 4);
1852	if (worker_threads > CTL_MAX_THREADS)
1853		worker_threads = CTL_MAX_THREADS;
1854
1855	for (i = 0; i < worker_threads; i++) {
1856		struct ctl_thread *thr = &softc->threads[i];
1857
1858		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1859		thr->ctl_softc = softc;
1860		STAILQ_INIT(&thr->incoming_queue);
1861		STAILQ_INIT(&thr->rtr_queue);
1862		STAILQ_INIT(&thr->done_queue);
1863		STAILQ_INIT(&thr->isc_queue);
1864
1865		error = kproc_kthread_add(ctl_work_thread, thr,
1866		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1867		if (error != 0) {
1868			printf("error creating CTL work thread!\n");
1869			ctl_pool_free(other_pool);
1870			return (error);
1871		}
1872	}
1873	error = kproc_kthread_add(ctl_lun_thread, softc,
1874	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1875	if (error != 0) {
1876		printf("error creating CTL lun thread!\n");
1877		ctl_pool_free(other_pool);
1878		return (error);
1879	}
1880	error = kproc_kthread_add(ctl_thresh_thread, softc,
1881	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1882	if (error != 0) {
1883		printf("error creating CTL threshold thread!\n");
1884		ctl_pool_free(other_pool);
1885		return (error);
1886	}
1887
1888	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1889	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1890	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1891
1892	if (softc->is_single == 0) {
1893		ctl_frontend_register(&ha_frontend);
1894		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1895			printf("ctl_init: ctl_ha_msg_init failed.\n");
1896			softc->is_single = 1;
1897		} else
1898		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1899		    != CTL_HA_STATUS_SUCCESS) {
1900			printf("ctl_init: ctl_ha_msg_register failed.\n");
1901			softc->is_single = 1;
1902		}
1903	}
1904	return (0);
1905}
1906
1907void
1908ctl_shutdown(void)
1909{
1910	struct ctl_softc *softc = control_softc;
1911	struct ctl_lun *lun, *next_lun;
1912
1913	if (softc->is_single == 0) {
1914		ctl_ha_msg_shutdown(softc);
1915		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1916		    != CTL_HA_STATUS_SUCCESS)
1917			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1918		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1919			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1920		ctl_frontend_deregister(&ha_frontend);
1921	}
1922
1923	mtx_lock(&softc->ctl_lock);
1924
1925	STAILQ_FOREACH_SAFE(lun, &softc->lun_list, links, next_lun)
1926		ctl_free_lun(lun);
1927
1928	mtx_unlock(&softc->ctl_lock);
1929
1930#if 0
1931	ctl_shutdown_thread(softc->work_thread);
1932	mtx_destroy(&softc->queue_lock);
1933#endif
1934
1935	ctl_tpc_shutdown(softc);
1936	uma_zdestroy(softc->io_zone);
1937	mtx_destroy(&softc->ctl_lock);
1938
1939	destroy_dev(softc->dev);
1940
1941	sysctl_ctx_free(&softc->sysctl_ctx);
1942
1943	free(control_softc, M_DEVBUF);
1944	control_softc = NULL;
1945}
1946
1947static int
1948ctl_module_event_handler(module_t mod, int what, void *arg)
1949{
1950
1951	switch (what) {
1952	case MOD_LOAD:
1953		return (ctl_init());
1954	case MOD_UNLOAD:
1955		return (EBUSY);
1956	default:
1957		return (EOPNOTSUPP);
1958	}
1959}
1960
1961/*
1962 * XXX KDM should we do some access checks here?  Bump a reference count to
1963 * prevent a CTL module from being unloaded while someone has it open?
1964 */
1965static int
1966ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1967{
1968	return (0);
1969}
1970
1971static int
1972ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1973{
1974	return (0);
1975}
1976
1977/*
1978 * Remove an initiator by port number and initiator ID.
1979 * Returns 0 for success, -1 for failure.
1980 */
1981int
1982ctl_remove_initiator(struct ctl_port *port, int iid)
1983{
1984	struct ctl_softc *softc = port->ctl_softc;
1985
1986	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1987
1988	if (iid > CTL_MAX_INIT_PER_PORT) {
1989		printf("%s: initiator ID %u > maximun %u!\n",
1990		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1991		return (-1);
1992	}
1993
1994	mtx_lock(&softc->ctl_lock);
1995	port->wwpn_iid[iid].in_use--;
1996	port->wwpn_iid[iid].last_use = time_uptime;
1997	mtx_unlock(&softc->ctl_lock);
1998	ctl_isc_announce_iid(port, iid);
1999
2000	return (0);
2001}
2002
2003/*
2004 * Add an initiator to the initiator map.
2005 * Returns iid for success, < 0 for failure.
2006 */
2007int
2008ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
2009{
2010	struct ctl_softc *softc = port->ctl_softc;
2011	time_t best_time;
2012	int i, best;
2013
2014	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2015
2016	if (iid >= CTL_MAX_INIT_PER_PORT) {
2017		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
2018		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
2019		free(name, M_CTL);
2020		return (-1);
2021	}
2022
2023	mtx_lock(&softc->ctl_lock);
2024
2025	if (iid < 0 && (wwpn != 0 || name != NULL)) {
2026		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2027			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
2028				iid = i;
2029				break;
2030			}
2031			if (name != NULL && port->wwpn_iid[i].name != NULL &&
2032			    strcmp(name, port->wwpn_iid[i].name) == 0) {
2033				iid = i;
2034				break;
2035			}
2036		}
2037	}
2038
2039	if (iid < 0) {
2040		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2041			if (port->wwpn_iid[i].in_use == 0 &&
2042			    port->wwpn_iid[i].wwpn == 0 &&
2043			    port->wwpn_iid[i].name == NULL) {
2044				iid = i;
2045				break;
2046			}
2047		}
2048	}
2049
2050	if (iid < 0) {
2051		best = -1;
2052		best_time = INT32_MAX;
2053		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2054			if (port->wwpn_iid[i].in_use == 0) {
2055				if (port->wwpn_iid[i].last_use < best_time) {
2056					best = i;
2057					best_time = port->wwpn_iid[i].last_use;
2058				}
2059			}
2060		}
2061		iid = best;
2062	}
2063
2064	if (iid < 0) {
2065		mtx_unlock(&softc->ctl_lock);
2066		free(name, M_CTL);
2067		return (-2);
2068	}
2069
2070	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2071		/*
2072		 * This is not an error yet.
2073		 */
2074		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2075#if 0
2076			printf("%s: port %d iid %u WWPN %#jx arrived"
2077			    " again\n", __func__, port->targ_port,
2078			    iid, (uintmax_t)wwpn);
2079#endif
2080			goto take;
2081		}
2082		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2083		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2084#if 0
2085			printf("%s: port %d iid %u name '%s' arrived"
2086			    " again\n", __func__, port->targ_port,
2087			    iid, name);
2088#endif
2089			goto take;
2090		}
2091
2092		/*
2093		 * This is an error, but what do we do about it?  The
2094		 * driver is telling us we have a new WWPN for this
2095		 * initiator ID, so we pretty much need to use it.
2096		 */
2097		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2098		    " but WWPN %#jx '%s' is still at that address\n",
2099		    __func__, port->targ_port, iid, wwpn, name,
2100		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2101		    port->wwpn_iid[iid].name);
2102
2103		/*
2104		 * XXX KDM clear have_ca and ua_pending on each LUN for
2105		 * this initiator.
2106		 */
2107	}
2108take:
2109	free(port->wwpn_iid[iid].name, M_CTL);
2110	port->wwpn_iid[iid].name = name;
2111	port->wwpn_iid[iid].wwpn = wwpn;
2112	port->wwpn_iid[iid].in_use++;
2113	mtx_unlock(&softc->ctl_lock);
2114	ctl_isc_announce_iid(port, iid);
2115
2116	return (iid);
2117}
2118
2119static int
2120ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2121{
2122	int len;
2123
2124	switch (port->port_type) {
2125	case CTL_PORT_FC:
2126	{
2127		struct scsi_transportid_fcp *id =
2128		    (struct scsi_transportid_fcp *)buf;
2129		if (port->wwpn_iid[iid].wwpn == 0)
2130			return (0);
2131		memset(id, 0, sizeof(*id));
2132		id->format_protocol = SCSI_PROTO_FC;
2133		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2134		return (sizeof(*id));
2135	}
2136	case CTL_PORT_ISCSI:
2137	{
2138		struct scsi_transportid_iscsi_port *id =
2139		    (struct scsi_transportid_iscsi_port *)buf;
2140		if (port->wwpn_iid[iid].name == NULL)
2141			return (0);
2142		memset(id, 0, 256);
2143		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2144		    SCSI_PROTO_ISCSI;
2145		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2146		len = roundup2(min(len, 252), 4);
2147		scsi_ulto2b(len, id->additional_length);
2148		return (sizeof(*id) + len);
2149	}
2150	case CTL_PORT_SAS:
2151	{
2152		struct scsi_transportid_sas *id =
2153		    (struct scsi_transportid_sas *)buf;
2154		if (port->wwpn_iid[iid].wwpn == 0)
2155			return (0);
2156		memset(id, 0, sizeof(*id));
2157		id->format_protocol = SCSI_PROTO_SAS;
2158		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2159		return (sizeof(*id));
2160	}
2161	default:
2162	{
2163		struct scsi_transportid_spi *id =
2164		    (struct scsi_transportid_spi *)buf;
2165		memset(id, 0, sizeof(*id));
2166		id->format_protocol = SCSI_PROTO_SPI;
2167		scsi_ulto2b(iid, id->scsi_addr);
2168		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2169		return (sizeof(*id));
2170	}
2171	}
2172}
2173
2174/*
2175 * Serialize a command that went down the "wrong" side, and so was sent to
2176 * this controller for execution.  The logic is a little different than the
2177 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2178 * sent back to the other side, but in the success case, we execute the
2179 * command on this side (XFER mode) or tell the other side to execute it
2180 * (SER_ONLY mode).
2181 */
2182static int
2183ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2184{
2185	struct ctl_softc *softc = control_softc;
2186	union ctl_ha_msg msg_info;
2187	struct ctl_port *port;
2188	struct ctl_lun *lun;
2189	const struct ctl_cmd_entry *entry;
2190	int retval = 0;
2191	uint32_t targ_lun;
2192
2193	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2194	mtx_lock(&softc->ctl_lock);
2195
2196	/* Make sure that we know about this port. */
2197	port = ctl_io_port(&ctsio->io_hdr);
2198	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2199		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2200					 /*retry_count*/ 1);
2201		goto badjuju;
2202	}
2203
2204	/* Make sure that we know about this LUN. */
2205	if ((targ_lun < CTL_MAX_LUNS) &&
2206	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2207		mtx_lock(&lun->lun_lock);
2208		mtx_unlock(&softc->ctl_lock);
2209		/*
2210		 * If the LUN is invalid, pretend that it doesn't exist.
2211		 * It will go away as soon as all pending I/O has been
2212		 * completed.
2213		 */
2214		if (lun->flags & CTL_LUN_DISABLED) {
2215			mtx_unlock(&lun->lun_lock);
2216			lun = NULL;
2217		}
2218	} else {
2219		mtx_unlock(&softc->ctl_lock);
2220		lun = NULL;
2221	}
2222	if (lun == NULL) {
2223		/*
2224		 * The other node would not send this request to us unless
2225		 * received announce that we are primary node for this LUN.
2226		 * If this LUN does not exist now, it is probably result of
2227		 * a race, so respond to initiator in the most opaque way.
2228		 */
2229		ctl_set_busy(ctsio);
2230		goto badjuju;
2231	}
2232
2233	entry = ctl_get_cmd_entry(ctsio, NULL);
2234	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2235		mtx_unlock(&lun->lun_lock);
2236		goto badjuju;
2237	}
2238
2239	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2240	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2241
2242	/*
2243	 * Every I/O goes into the OOA queue for a
2244	 * particular LUN, and stays there until completion.
2245	 */
2246#ifdef CTL_TIME_IO
2247	if (TAILQ_EMPTY(&lun->ooa_queue))
2248		lun->idle_time += getsbinuptime() - lun->last_busy;
2249#endif
2250	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2251
2252	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2253		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2254		 ooa_links))) {
2255	case CTL_ACTION_BLOCK:
2256		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2257		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2258				  blocked_links);
2259		mtx_unlock(&lun->lun_lock);
2260		break;
2261	case CTL_ACTION_PASS:
2262	case CTL_ACTION_SKIP:
2263		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2264			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2265			ctl_enqueue_rtr((union ctl_io *)ctsio);
2266			mtx_unlock(&lun->lun_lock);
2267		} else {
2268			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2269			mtx_unlock(&lun->lun_lock);
2270
2271			/* send msg back to other side */
2272			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2273			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2274			msg_info.hdr.msg_type = CTL_MSG_R2R;
2275			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2276			    sizeof(msg_info.hdr), M_WAITOK);
2277		}
2278		break;
2279	case CTL_ACTION_OVERLAP:
2280		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2281		mtx_unlock(&lun->lun_lock);
2282		ctl_set_overlapped_cmd(ctsio);
2283		goto badjuju;
2284	case CTL_ACTION_OVERLAP_TAG:
2285		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2286		mtx_unlock(&lun->lun_lock);
2287		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2288		goto badjuju;
2289	case CTL_ACTION_ERROR:
2290	default:
2291		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2292		mtx_unlock(&lun->lun_lock);
2293
2294		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2295					 /*retry_count*/ 0);
2296badjuju:
2297		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2298		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2299		msg_info.hdr.serializing_sc = NULL;
2300		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2301		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2302		    sizeof(msg_info.scsi), M_WAITOK);
2303		retval = 1;
2304		break;
2305	}
2306	return (retval);
2307}
2308
2309/*
2310 * Returns 0 for success, errno for failure.
2311 */
2312static void
2313ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2314		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2315{
2316	union ctl_io *io;
2317
2318	mtx_lock(&lun->lun_lock);
2319	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2320	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2321	     ooa_links)) {
2322		struct ctl_ooa_entry *entry;
2323
2324		/*
2325		 * If we've got more than we can fit, just count the
2326		 * remaining entries.
2327		 */
2328		if (*cur_fill_num >= ooa_hdr->alloc_num)
2329			continue;
2330
2331		entry = &kern_entries[*cur_fill_num];
2332
2333		entry->tag_num = io->scsiio.tag_num;
2334		entry->lun_num = lun->lun;
2335#ifdef CTL_TIME_IO
2336		entry->start_bt = io->io_hdr.start_bt;
2337#endif
2338		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2339		entry->cdb_len = io->scsiio.cdb_len;
2340		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2341			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2342
2343		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2344			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2345
2346		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2347			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2348
2349		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2350			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2351
2352		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2353			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2354	}
2355	mtx_unlock(&lun->lun_lock);
2356}
2357
2358static void *
2359ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2360		 size_t error_str_len)
2361{
2362	void *kptr;
2363
2364	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2365
2366	if (copyin(user_addr, kptr, len) != 0) {
2367		snprintf(error_str, error_str_len, "Error copying %d bytes "
2368			 "from user address %p to kernel address %p", len,
2369			 user_addr, kptr);
2370		free(kptr, M_CTL);
2371		return (NULL);
2372	}
2373
2374	return (kptr);
2375}
2376
2377static void
2378ctl_free_args(int num_args, struct ctl_be_arg *args)
2379{
2380	int i;
2381
2382	if (args == NULL)
2383		return;
2384
2385	for (i = 0; i < num_args; i++) {
2386		free(args[i].kname, M_CTL);
2387		free(args[i].kvalue, M_CTL);
2388	}
2389
2390	free(args, M_CTL);
2391}
2392
2393static struct ctl_be_arg *
2394ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2395		char *error_str, size_t error_str_len)
2396{
2397	struct ctl_be_arg *args;
2398	int i;
2399
2400	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2401				error_str, error_str_len);
2402
2403	if (args == NULL)
2404		goto bailout;
2405
2406	for (i = 0; i < num_args; i++) {
2407		args[i].kname = NULL;
2408		args[i].kvalue = NULL;
2409	}
2410
2411	for (i = 0; i < num_args; i++) {
2412		uint8_t *tmpptr;
2413
2414		args[i].kname = ctl_copyin_alloc(args[i].name,
2415			args[i].namelen, error_str, error_str_len);
2416		if (args[i].kname == NULL)
2417			goto bailout;
2418
2419		if (args[i].kname[args[i].namelen - 1] != '\0') {
2420			snprintf(error_str, error_str_len, "Argument %d "
2421				 "name is not NUL-terminated", i);
2422			goto bailout;
2423		}
2424
2425		if (args[i].flags & CTL_BEARG_RD) {
2426			tmpptr = ctl_copyin_alloc(args[i].value,
2427				args[i].vallen, error_str, error_str_len);
2428			if (tmpptr == NULL)
2429				goto bailout;
2430			if ((args[i].flags & CTL_BEARG_ASCII)
2431			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2432				snprintf(error_str, error_str_len, "Argument "
2433				    "%d value is not NUL-terminated", i);
2434				goto bailout;
2435			}
2436			args[i].kvalue = tmpptr;
2437		} else {
2438			args[i].kvalue = malloc(args[i].vallen,
2439			    M_CTL, M_WAITOK | M_ZERO);
2440		}
2441	}
2442
2443	return (args);
2444bailout:
2445
2446	ctl_free_args(num_args, args);
2447
2448	return (NULL);
2449}
2450
2451static void
2452ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2453{
2454	int i;
2455
2456	for (i = 0; i < num_args; i++) {
2457		if (args[i].flags & CTL_BEARG_WR)
2458			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2459	}
2460}
2461
2462/*
2463 * Escape characters that are illegal or not recommended in XML.
2464 */
2465int
2466ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2467{
2468	char *end = str + size;
2469	int retval;
2470
2471	retval = 0;
2472
2473	for (; *str && str < end; str++) {
2474		switch (*str) {
2475		case '&':
2476			retval = sbuf_printf(sb, "&amp;");
2477			break;
2478		case '>':
2479			retval = sbuf_printf(sb, "&gt;");
2480			break;
2481		case '<':
2482			retval = sbuf_printf(sb, "&lt;");
2483			break;
2484		default:
2485			retval = sbuf_putc(sb, *str);
2486			break;
2487		}
2488
2489		if (retval != 0)
2490			break;
2491
2492	}
2493
2494	return (retval);
2495}
2496
2497static void
2498ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2499{
2500	struct scsi_vpd_id_descriptor *desc;
2501	int i;
2502
2503	if (id == NULL || id->len < 4)
2504		return;
2505	desc = (struct scsi_vpd_id_descriptor *)id->data;
2506	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2507	case SVPD_ID_TYPE_T10:
2508		sbuf_printf(sb, "t10.");
2509		break;
2510	case SVPD_ID_TYPE_EUI64:
2511		sbuf_printf(sb, "eui.");
2512		break;
2513	case SVPD_ID_TYPE_NAA:
2514		sbuf_printf(sb, "naa.");
2515		break;
2516	case SVPD_ID_TYPE_SCSI_NAME:
2517		break;
2518	}
2519	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2520	case SVPD_ID_CODESET_BINARY:
2521		for (i = 0; i < desc->length; i++)
2522			sbuf_printf(sb, "%02x", desc->identifier[i]);
2523		break;
2524	case SVPD_ID_CODESET_ASCII:
2525		sbuf_printf(sb, "%.*s", (int)desc->length,
2526		    (char *)desc->identifier);
2527		break;
2528	case SVPD_ID_CODESET_UTF8:
2529		sbuf_printf(sb, "%s", (char *)desc->identifier);
2530		break;
2531	}
2532}
2533
2534static int
2535ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2536	  struct thread *td)
2537{
2538	struct ctl_softc *softc = dev->si_drv1;
2539	struct ctl_lun *lun;
2540	int retval;
2541
2542	retval = 0;
2543
2544	switch (cmd) {
2545	case CTL_IO:
2546		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2547		break;
2548	case CTL_ENABLE_PORT:
2549	case CTL_DISABLE_PORT:
2550	case CTL_SET_PORT_WWNS: {
2551		struct ctl_port *port;
2552		struct ctl_port_entry *entry;
2553
2554		entry = (struct ctl_port_entry *)addr;
2555
2556		mtx_lock(&softc->ctl_lock);
2557		STAILQ_FOREACH(port, &softc->port_list, links) {
2558			int action, done;
2559
2560			if (port->targ_port < softc->port_min ||
2561			    port->targ_port >= softc->port_max)
2562				continue;
2563
2564			action = 0;
2565			done = 0;
2566			if ((entry->port_type == CTL_PORT_NONE)
2567			 && (entry->targ_port == port->targ_port)) {
2568				/*
2569				 * If the user only wants to enable or
2570				 * disable or set WWNs on a specific port,
2571				 * do the operation and we're done.
2572				 */
2573				action = 1;
2574				done = 1;
2575			} else if (entry->port_type & port->port_type) {
2576				/*
2577				 * Compare the user's type mask with the
2578				 * particular frontend type to see if we
2579				 * have a match.
2580				 */
2581				action = 1;
2582				done = 0;
2583
2584				/*
2585				 * Make sure the user isn't trying to set
2586				 * WWNs on multiple ports at the same time.
2587				 */
2588				if (cmd == CTL_SET_PORT_WWNS) {
2589					printf("%s: Can't set WWNs on "
2590					       "multiple ports\n", __func__);
2591					retval = EINVAL;
2592					break;
2593				}
2594			}
2595			if (action == 0)
2596				continue;
2597
2598			/*
2599			 * XXX KDM we have to drop the lock here, because
2600			 * the online/offline operations can potentially
2601			 * block.  We need to reference count the frontends
2602			 * so they can't go away,
2603			 */
2604			if (cmd == CTL_ENABLE_PORT) {
2605				mtx_unlock(&softc->ctl_lock);
2606				ctl_port_online(port);
2607				mtx_lock(&softc->ctl_lock);
2608			} else if (cmd == CTL_DISABLE_PORT) {
2609				mtx_unlock(&softc->ctl_lock);
2610				ctl_port_offline(port);
2611				mtx_lock(&softc->ctl_lock);
2612			} else if (cmd == CTL_SET_PORT_WWNS) {
2613				ctl_port_set_wwns(port,
2614				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2615				    1 : 0, entry->wwnn,
2616				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2617				    1 : 0, entry->wwpn);
2618			}
2619			if (done != 0)
2620				break;
2621		}
2622		mtx_unlock(&softc->ctl_lock);
2623		break;
2624	}
2625	case CTL_GET_OOA: {
2626		struct ctl_ooa *ooa_hdr;
2627		struct ctl_ooa_entry *entries;
2628		uint32_t cur_fill_num;
2629
2630		ooa_hdr = (struct ctl_ooa *)addr;
2631
2632		if ((ooa_hdr->alloc_len == 0)
2633		 || (ooa_hdr->alloc_num == 0)) {
2634			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2635			       "must be non-zero\n", __func__,
2636			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2637			retval = EINVAL;
2638			break;
2639		}
2640
2641		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2642		    sizeof(struct ctl_ooa_entry))) {
2643			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2644			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2645			       __func__, ooa_hdr->alloc_len,
2646			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2647			retval = EINVAL;
2648			break;
2649		}
2650
2651		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2652		if (entries == NULL) {
2653			printf("%s: could not allocate %d bytes for OOA "
2654			       "dump\n", __func__, ooa_hdr->alloc_len);
2655			retval = ENOMEM;
2656			break;
2657		}
2658
2659		mtx_lock(&softc->ctl_lock);
2660		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2661		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2662		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2663			mtx_unlock(&softc->ctl_lock);
2664			free(entries, M_CTL);
2665			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2666			       __func__, (uintmax_t)ooa_hdr->lun_num);
2667			retval = EINVAL;
2668			break;
2669		}
2670
2671		cur_fill_num = 0;
2672
2673		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2674			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2675				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2676				    ooa_hdr, entries);
2677			}
2678		} else {
2679			lun = softc->ctl_luns[ooa_hdr->lun_num];
2680			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2681			    entries);
2682		}
2683		mtx_unlock(&softc->ctl_lock);
2684
2685		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2686		ooa_hdr->fill_len = ooa_hdr->fill_num *
2687			sizeof(struct ctl_ooa_entry);
2688		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2689		if (retval != 0) {
2690			printf("%s: error copying out %d bytes for OOA dump\n",
2691			       __func__, ooa_hdr->fill_len);
2692		}
2693
2694		getbinuptime(&ooa_hdr->cur_bt);
2695
2696		if (cur_fill_num > ooa_hdr->alloc_num) {
2697			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2698			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2699		} else {
2700			ooa_hdr->dropped_num = 0;
2701			ooa_hdr->status = CTL_OOA_OK;
2702		}
2703
2704		free(entries, M_CTL);
2705		break;
2706	}
2707	case CTL_DELAY_IO: {
2708		struct ctl_io_delay_info *delay_info;
2709
2710		delay_info = (struct ctl_io_delay_info *)addr;
2711
2712#ifdef CTL_IO_DELAY
2713		mtx_lock(&softc->ctl_lock);
2714
2715		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2716		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2717			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2718		} else {
2719			lun = softc->ctl_luns[delay_info->lun_id];
2720			mtx_lock(&lun->lun_lock);
2721
2722			delay_info->status = CTL_DELAY_STATUS_OK;
2723
2724			switch (delay_info->delay_type) {
2725			case CTL_DELAY_TYPE_CONT:
2726				break;
2727			case CTL_DELAY_TYPE_ONESHOT:
2728				break;
2729			default:
2730				delay_info->status =
2731					CTL_DELAY_STATUS_INVALID_TYPE;
2732				break;
2733			}
2734
2735			switch (delay_info->delay_loc) {
2736			case CTL_DELAY_LOC_DATAMOVE:
2737				lun->delay_info.datamove_type =
2738					delay_info->delay_type;
2739				lun->delay_info.datamove_delay =
2740					delay_info->delay_secs;
2741				break;
2742			case CTL_DELAY_LOC_DONE:
2743				lun->delay_info.done_type =
2744					delay_info->delay_type;
2745				lun->delay_info.done_delay =
2746					delay_info->delay_secs;
2747				break;
2748			default:
2749				delay_info->status =
2750					CTL_DELAY_STATUS_INVALID_LOC;
2751				break;
2752			}
2753			mtx_unlock(&lun->lun_lock);
2754		}
2755
2756		mtx_unlock(&softc->ctl_lock);
2757#else
2758		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2759#endif /* CTL_IO_DELAY */
2760		break;
2761	}
2762	case CTL_GETSTATS: {
2763		struct ctl_stats *stats;
2764		int i;
2765
2766		stats = (struct ctl_stats *)addr;
2767
2768		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2769		     stats->alloc_len) {
2770			stats->status = CTL_SS_NEED_MORE_SPACE;
2771			stats->num_luns = softc->num_luns;
2772			break;
2773		}
2774		/*
2775		 * XXX KDM no locking here.  If the LUN list changes,
2776		 * things can blow up.
2777		 */
2778		i = 0;
2779		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2780			retval = copyout(&lun->stats, &stats->lun_stats[i++],
2781					 sizeof(lun->stats));
2782			if (retval != 0)
2783				break;
2784		}
2785		stats->num_luns = softc->num_luns;
2786		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2787				 softc->num_luns;
2788		stats->status = CTL_SS_OK;
2789#ifdef CTL_TIME_IO
2790		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2791#else
2792		stats->flags = CTL_STATS_FLAG_NONE;
2793#endif
2794		getnanouptime(&stats->timestamp);
2795		break;
2796	}
2797	case CTL_ERROR_INJECT: {
2798		struct ctl_error_desc *err_desc, *new_err_desc;
2799
2800		err_desc = (struct ctl_error_desc *)addr;
2801
2802		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2803				      M_WAITOK | M_ZERO);
2804		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2805
2806		mtx_lock(&softc->ctl_lock);
2807		lun = softc->ctl_luns[err_desc->lun_id];
2808		if (lun == NULL) {
2809			mtx_unlock(&softc->ctl_lock);
2810			free(new_err_desc, M_CTL);
2811			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2812			       __func__, (uintmax_t)err_desc->lun_id);
2813			retval = EINVAL;
2814			break;
2815		}
2816		mtx_lock(&lun->lun_lock);
2817		mtx_unlock(&softc->ctl_lock);
2818
2819		/*
2820		 * We could do some checking here to verify the validity
2821		 * of the request, but given the complexity of error
2822		 * injection requests, the checking logic would be fairly
2823		 * complex.
2824		 *
2825		 * For now, if the request is invalid, it just won't get
2826		 * executed and might get deleted.
2827		 */
2828		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2829
2830		/*
2831		 * XXX KDM check to make sure the serial number is unique,
2832		 * in case we somehow manage to wrap.  That shouldn't
2833		 * happen for a very long time, but it's the right thing to
2834		 * do.
2835		 */
2836		new_err_desc->serial = lun->error_serial;
2837		err_desc->serial = lun->error_serial;
2838		lun->error_serial++;
2839
2840		mtx_unlock(&lun->lun_lock);
2841		break;
2842	}
2843	case CTL_ERROR_INJECT_DELETE: {
2844		struct ctl_error_desc *delete_desc, *desc, *desc2;
2845		int delete_done;
2846
2847		delete_desc = (struct ctl_error_desc *)addr;
2848		delete_done = 0;
2849
2850		mtx_lock(&softc->ctl_lock);
2851		lun = softc->ctl_luns[delete_desc->lun_id];
2852		if (lun == NULL) {
2853			mtx_unlock(&softc->ctl_lock);
2854			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2855			       __func__, (uintmax_t)delete_desc->lun_id);
2856			retval = EINVAL;
2857			break;
2858		}
2859		mtx_lock(&lun->lun_lock);
2860		mtx_unlock(&softc->ctl_lock);
2861		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2862			if (desc->serial != delete_desc->serial)
2863				continue;
2864
2865			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2866				      links);
2867			free(desc, M_CTL);
2868			delete_done = 1;
2869		}
2870		mtx_unlock(&lun->lun_lock);
2871		if (delete_done == 0) {
2872			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2873			       "error serial %ju on LUN %u\n", __func__,
2874			       delete_desc->serial, delete_desc->lun_id);
2875			retval = EINVAL;
2876			break;
2877		}
2878		break;
2879	}
2880	case CTL_DUMP_STRUCTS: {
2881		int i, j, k;
2882		struct ctl_port *port;
2883		struct ctl_frontend *fe;
2884
2885		mtx_lock(&softc->ctl_lock);
2886		printf("CTL Persistent Reservation information start:\n");
2887		for (i = 0; i < CTL_MAX_LUNS; i++) {
2888			lun = softc->ctl_luns[i];
2889
2890			if ((lun == NULL)
2891			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2892				continue;
2893
2894			for (j = 0; j < CTL_MAX_PORTS; j++) {
2895				if (lun->pr_keys[j] == NULL)
2896					continue;
2897				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2898					if (lun->pr_keys[j][k] == 0)
2899						continue;
2900					printf("  LUN %d port %d iid %d key "
2901					       "%#jx\n", i, j, k,
2902					       (uintmax_t)lun->pr_keys[j][k]);
2903				}
2904			}
2905		}
2906		printf("CTL Persistent Reservation information end\n");
2907		printf("CTL Ports:\n");
2908		STAILQ_FOREACH(port, &softc->port_list, links) {
2909			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2910			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2911			       port->frontend->name, port->port_type,
2912			       port->physical_port, port->virtual_port,
2913			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2914			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2915				if (port->wwpn_iid[j].in_use == 0 &&
2916				    port->wwpn_iid[j].wwpn == 0 &&
2917				    port->wwpn_iid[j].name == NULL)
2918					continue;
2919
2920				printf("    iid %u use %d WWPN %#jx '%s'\n",
2921				    j, port->wwpn_iid[j].in_use,
2922				    (uintmax_t)port->wwpn_iid[j].wwpn,
2923				    port->wwpn_iid[j].name);
2924			}
2925		}
2926		printf("CTL Port information end\n");
2927		mtx_unlock(&softc->ctl_lock);
2928		/*
2929		 * XXX KDM calling this without a lock.  We'd likely want
2930		 * to drop the lock before calling the frontend's dump
2931		 * routine anyway.
2932		 */
2933		printf("CTL Frontends:\n");
2934		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2935			printf("  Frontend '%s'\n", fe->name);
2936			if (fe->fe_dump != NULL)
2937				fe->fe_dump();
2938		}
2939		printf("CTL Frontend information end\n");
2940		break;
2941	}
2942	case CTL_LUN_REQ: {
2943		struct ctl_lun_req *lun_req;
2944		struct ctl_backend_driver *backend;
2945
2946		lun_req = (struct ctl_lun_req *)addr;
2947
2948		backend = ctl_backend_find(lun_req->backend);
2949		if (backend == NULL) {
2950			lun_req->status = CTL_LUN_ERROR;
2951			snprintf(lun_req->error_str,
2952				 sizeof(lun_req->error_str),
2953				 "Backend \"%s\" not found.",
2954				 lun_req->backend);
2955			break;
2956		}
2957		if (lun_req->num_be_args > 0) {
2958			lun_req->kern_be_args = ctl_copyin_args(
2959				lun_req->num_be_args,
2960				lun_req->be_args,
2961				lun_req->error_str,
2962				sizeof(lun_req->error_str));
2963			if (lun_req->kern_be_args == NULL) {
2964				lun_req->status = CTL_LUN_ERROR;
2965				break;
2966			}
2967		}
2968
2969		retval = backend->ioctl(dev, cmd, addr, flag, td);
2970
2971		if (lun_req->num_be_args > 0) {
2972			ctl_copyout_args(lun_req->num_be_args,
2973				      lun_req->kern_be_args);
2974			ctl_free_args(lun_req->num_be_args,
2975				      lun_req->kern_be_args);
2976		}
2977		break;
2978	}
2979	case CTL_LUN_LIST: {
2980		struct sbuf *sb;
2981		struct ctl_lun_list *list;
2982		struct ctl_option *opt;
2983
2984		list = (struct ctl_lun_list *)addr;
2985
2986		/*
2987		 * Allocate a fixed length sbuf here, based on the length
2988		 * of the user's buffer.  We could allocate an auto-extending
2989		 * buffer, and then tell the user how much larger our
2990		 * amount of data is than his buffer, but that presents
2991		 * some problems:
2992		 *
2993		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2994		 *     we can't hold a lock while calling them with an
2995		 *     auto-extending buffer.
2996 		 *
2997		 * 2.  There is not currently a LUN reference counting
2998		 *     mechanism, outside of outstanding transactions on
2999		 *     the LUN's OOA queue.  So a LUN could go away on us
3000		 *     while we're getting the LUN number, backend-specific
3001		 *     information, etc.  Thus, given the way things
3002		 *     currently work, we need to hold the CTL lock while
3003		 *     grabbing LUN information.
3004		 *
3005		 * So, from the user's standpoint, the best thing to do is
3006		 * allocate what he thinks is a reasonable buffer length,
3007		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3008		 * double the buffer length and try again.  (And repeat
3009		 * that until he succeeds.)
3010		 */
3011		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3012		if (sb == NULL) {
3013			list->status = CTL_LUN_LIST_ERROR;
3014			snprintf(list->error_str, sizeof(list->error_str),
3015				 "Unable to allocate %d bytes for LUN list",
3016				 list->alloc_len);
3017			break;
3018		}
3019
3020		sbuf_printf(sb, "<ctllunlist>\n");
3021
3022		mtx_lock(&softc->ctl_lock);
3023		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3024			mtx_lock(&lun->lun_lock);
3025			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3026					     (uintmax_t)lun->lun);
3027
3028			/*
3029			 * Bail out as soon as we see that we've overfilled
3030			 * the buffer.
3031			 */
3032			if (retval != 0)
3033				break;
3034
3035			retval = sbuf_printf(sb, "\t<backend_type>%s"
3036					     "</backend_type>\n",
3037					     (lun->backend == NULL) ?  "none" :
3038					     lun->backend->name);
3039
3040			if (retval != 0)
3041				break;
3042
3043			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3044					     lun->be_lun->lun_type);
3045
3046			if (retval != 0)
3047				break;
3048
3049			if (lun->backend == NULL) {
3050				retval = sbuf_printf(sb, "</lun>\n");
3051				if (retval != 0)
3052					break;
3053				continue;
3054			}
3055
3056			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3057					     (lun->be_lun->maxlba > 0) ?
3058					     lun->be_lun->maxlba + 1 : 0);
3059
3060			if (retval != 0)
3061				break;
3062
3063			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3064					     lun->be_lun->blocksize);
3065
3066			if (retval != 0)
3067				break;
3068
3069			retval = sbuf_printf(sb, "\t<serial_number>");
3070
3071			if (retval != 0)
3072				break;
3073
3074			retval = ctl_sbuf_printf_esc(sb,
3075			    lun->be_lun->serial_num,
3076			    sizeof(lun->be_lun->serial_num));
3077
3078			if (retval != 0)
3079				break;
3080
3081			retval = sbuf_printf(sb, "</serial_number>\n");
3082
3083			if (retval != 0)
3084				break;
3085
3086			retval = sbuf_printf(sb, "\t<device_id>");
3087
3088			if (retval != 0)
3089				break;
3090
3091			retval = ctl_sbuf_printf_esc(sb,
3092			    lun->be_lun->device_id,
3093			    sizeof(lun->be_lun->device_id));
3094
3095			if (retval != 0)
3096				break;
3097
3098			retval = sbuf_printf(sb, "</device_id>\n");
3099
3100			if (retval != 0)
3101				break;
3102
3103			if (lun->backend->lun_info != NULL) {
3104				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3105				if (retval != 0)
3106					break;
3107			}
3108			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3109				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3110				    opt->name, opt->value, opt->name);
3111				if (retval != 0)
3112					break;
3113			}
3114
3115			retval = sbuf_printf(sb, "</lun>\n");
3116
3117			if (retval != 0)
3118				break;
3119			mtx_unlock(&lun->lun_lock);
3120		}
3121		if (lun != NULL)
3122			mtx_unlock(&lun->lun_lock);
3123		mtx_unlock(&softc->ctl_lock);
3124
3125		if ((retval != 0)
3126		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3127			retval = 0;
3128			sbuf_delete(sb);
3129			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3130			snprintf(list->error_str, sizeof(list->error_str),
3131				 "Out of space, %d bytes is too small",
3132				 list->alloc_len);
3133			break;
3134		}
3135
3136		sbuf_finish(sb);
3137
3138		retval = copyout(sbuf_data(sb), list->lun_xml,
3139				 sbuf_len(sb) + 1);
3140
3141		list->fill_len = sbuf_len(sb) + 1;
3142		list->status = CTL_LUN_LIST_OK;
3143		sbuf_delete(sb);
3144		break;
3145	}
3146	case CTL_ISCSI: {
3147		struct ctl_iscsi *ci;
3148		struct ctl_frontend *fe;
3149
3150		ci = (struct ctl_iscsi *)addr;
3151
3152		fe = ctl_frontend_find("iscsi");
3153		if (fe == NULL) {
3154			ci->status = CTL_ISCSI_ERROR;
3155			snprintf(ci->error_str, sizeof(ci->error_str),
3156			    "Frontend \"iscsi\" not found.");
3157			break;
3158		}
3159
3160		retval = fe->ioctl(dev, cmd, addr, flag, td);
3161		break;
3162	}
3163	case CTL_PORT_REQ: {
3164		struct ctl_req *req;
3165		struct ctl_frontend *fe;
3166
3167		req = (struct ctl_req *)addr;
3168
3169		fe = ctl_frontend_find(req->driver);
3170		if (fe == NULL) {
3171			req->status = CTL_LUN_ERROR;
3172			snprintf(req->error_str, sizeof(req->error_str),
3173			    "Frontend \"%s\" not found.", req->driver);
3174			break;
3175		}
3176		if (req->num_args > 0) {
3177			req->kern_args = ctl_copyin_args(req->num_args,
3178			    req->args, req->error_str, sizeof(req->error_str));
3179			if (req->kern_args == NULL) {
3180				req->status = CTL_LUN_ERROR;
3181				break;
3182			}
3183		}
3184
3185		if (fe->ioctl)
3186			retval = fe->ioctl(dev, cmd, addr, flag, td);
3187		else
3188			retval = ENODEV;
3189
3190		if (req->num_args > 0) {
3191			ctl_copyout_args(req->num_args, req->kern_args);
3192			ctl_free_args(req->num_args, req->kern_args);
3193		}
3194		break;
3195	}
3196	case CTL_PORT_LIST: {
3197		struct sbuf *sb;
3198		struct ctl_port *port;
3199		struct ctl_lun_list *list;
3200		struct ctl_option *opt;
3201		int j;
3202		uint32_t plun;
3203
3204		list = (struct ctl_lun_list *)addr;
3205
3206		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3207		if (sb == NULL) {
3208			list->status = CTL_LUN_LIST_ERROR;
3209			snprintf(list->error_str, sizeof(list->error_str),
3210				 "Unable to allocate %d bytes for LUN list",
3211				 list->alloc_len);
3212			break;
3213		}
3214
3215		sbuf_printf(sb, "<ctlportlist>\n");
3216
3217		mtx_lock(&softc->ctl_lock);
3218		STAILQ_FOREACH(port, &softc->port_list, links) {
3219			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3220					     (uintmax_t)port->targ_port);
3221
3222			/*
3223			 * Bail out as soon as we see that we've overfilled
3224			 * the buffer.
3225			 */
3226			if (retval != 0)
3227				break;
3228
3229			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3230			    "</frontend_type>\n", port->frontend->name);
3231			if (retval != 0)
3232				break;
3233
3234			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3235					     port->port_type);
3236			if (retval != 0)
3237				break;
3238
3239			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3240			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3241			if (retval != 0)
3242				break;
3243
3244			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3245			    port->port_name);
3246			if (retval != 0)
3247				break;
3248
3249			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3250			    port->physical_port);
3251			if (retval != 0)
3252				break;
3253
3254			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3255			    port->virtual_port);
3256			if (retval != 0)
3257				break;
3258
3259			if (port->target_devid != NULL) {
3260				sbuf_printf(sb, "\t<target>");
3261				ctl_id_sbuf(port->target_devid, sb);
3262				sbuf_printf(sb, "</target>\n");
3263			}
3264
3265			if (port->port_devid != NULL) {
3266				sbuf_printf(sb, "\t<port>");
3267				ctl_id_sbuf(port->port_devid, sb);
3268				sbuf_printf(sb, "</port>\n");
3269			}
3270
3271			if (port->port_info != NULL) {
3272				retval = port->port_info(port->onoff_arg, sb);
3273				if (retval != 0)
3274					break;
3275			}
3276			STAILQ_FOREACH(opt, &port->options, links) {
3277				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3278				    opt->name, opt->value, opt->name);
3279				if (retval != 0)
3280					break;
3281			}
3282
3283			if (port->lun_map != NULL) {
3284				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3285				for (j = 0; j < CTL_MAX_LUNS; j++) {
3286					plun = ctl_lun_map_from_port(port, j);
3287					if (plun >= CTL_MAX_LUNS)
3288						continue;
3289					sbuf_printf(sb,
3290					    "\t<lun id=\"%u\">%u</lun>\n",
3291					    j, plun);
3292				}
3293			}
3294
3295			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3296				if (port->wwpn_iid[j].in_use == 0 ||
3297				    (port->wwpn_iid[j].wwpn == 0 &&
3298				     port->wwpn_iid[j].name == NULL))
3299					continue;
3300
3301				if (port->wwpn_iid[j].name != NULL)
3302					retval = sbuf_printf(sb,
3303					    "\t<initiator id=\"%u\">%s</initiator>\n",
3304					    j, port->wwpn_iid[j].name);
3305				else
3306					retval = sbuf_printf(sb,
3307					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3308					    j, port->wwpn_iid[j].wwpn);
3309				if (retval != 0)
3310					break;
3311			}
3312			if (retval != 0)
3313				break;
3314
3315			retval = sbuf_printf(sb, "</targ_port>\n");
3316			if (retval != 0)
3317				break;
3318		}
3319		mtx_unlock(&softc->ctl_lock);
3320
3321		if ((retval != 0)
3322		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3323			retval = 0;
3324			sbuf_delete(sb);
3325			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3326			snprintf(list->error_str, sizeof(list->error_str),
3327				 "Out of space, %d bytes is too small",
3328				 list->alloc_len);
3329			break;
3330		}
3331
3332		sbuf_finish(sb);
3333
3334		retval = copyout(sbuf_data(sb), list->lun_xml,
3335				 sbuf_len(sb) + 1);
3336
3337		list->fill_len = sbuf_len(sb) + 1;
3338		list->status = CTL_LUN_LIST_OK;
3339		sbuf_delete(sb);
3340		break;
3341	}
3342	case CTL_LUN_MAP: {
3343		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3344		struct ctl_port *port;
3345
3346		mtx_lock(&softc->ctl_lock);
3347		if (lm->port < softc->port_min ||
3348		    lm->port >= softc->port_max ||
3349		    (port = softc->ctl_ports[lm->port]) == NULL) {
3350			mtx_unlock(&softc->ctl_lock);
3351			return (ENXIO);
3352		}
3353		if (port->status & CTL_PORT_STATUS_ONLINE) {
3354			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3355				if (ctl_lun_map_to_port(port, lun->lun) >=
3356				    CTL_MAX_LUNS)
3357					continue;
3358				mtx_lock(&lun->lun_lock);
3359				ctl_est_ua_port(lun, lm->port, -1,
3360				    CTL_UA_LUN_CHANGE);
3361				mtx_unlock(&lun->lun_lock);
3362			}
3363		}
3364		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3365		if (lm->plun < CTL_MAX_LUNS) {
3366			if (lm->lun == UINT32_MAX)
3367				retval = ctl_lun_map_unset(port, lm->plun);
3368			else if (lm->lun < CTL_MAX_LUNS &&
3369			    softc->ctl_luns[lm->lun] != NULL)
3370				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3371			else
3372				return (ENXIO);
3373		} else if (lm->plun == UINT32_MAX) {
3374			if (lm->lun == UINT32_MAX)
3375				retval = ctl_lun_map_deinit(port);
3376			else
3377				retval = ctl_lun_map_init(port);
3378		} else
3379			return (ENXIO);
3380		if (port->status & CTL_PORT_STATUS_ONLINE)
3381			ctl_isc_announce_port(port);
3382		break;
3383	}
3384	default: {
3385		/* XXX KDM should we fix this? */
3386#if 0
3387		struct ctl_backend_driver *backend;
3388		unsigned int type;
3389		int found;
3390
3391		found = 0;
3392
3393		/*
3394		 * We encode the backend type as the ioctl type for backend
3395		 * ioctls.  So parse it out here, and then search for a
3396		 * backend of this type.
3397		 */
3398		type = _IOC_TYPE(cmd);
3399
3400		STAILQ_FOREACH(backend, &softc->be_list, links) {
3401			if (backend->type == type) {
3402				found = 1;
3403				break;
3404			}
3405		}
3406		if (found == 0) {
3407			printf("ctl: unknown ioctl command %#lx or backend "
3408			       "%d\n", cmd, type);
3409			retval = EINVAL;
3410			break;
3411		}
3412		retval = backend->ioctl(dev, cmd, addr, flag, td);
3413#endif
3414		retval = ENOTTY;
3415		break;
3416	}
3417	}
3418	return (retval);
3419}
3420
3421uint32_t
3422ctl_get_initindex(struct ctl_nexus *nexus)
3423{
3424	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3425}
3426
3427int
3428ctl_lun_map_init(struct ctl_port *port)
3429{
3430	struct ctl_softc *softc = port->ctl_softc;
3431	struct ctl_lun *lun;
3432	uint32_t i;
3433
3434	if (port->lun_map == NULL)
3435		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3436		    M_CTL, M_NOWAIT);
3437	if (port->lun_map == NULL)
3438		return (ENOMEM);
3439	for (i = 0; i < CTL_MAX_LUNS; i++)
3440		port->lun_map[i] = UINT32_MAX;
3441	if (port->status & CTL_PORT_STATUS_ONLINE) {
3442		if (port->lun_disable != NULL) {
3443			STAILQ_FOREACH(lun, &softc->lun_list, links)
3444				port->lun_disable(port->targ_lun_arg, lun->lun);
3445		}
3446		ctl_isc_announce_port(port);
3447	}
3448	return (0);
3449}
3450
3451int
3452ctl_lun_map_deinit(struct ctl_port *port)
3453{
3454	struct ctl_softc *softc = port->ctl_softc;
3455	struct ctl_lun *lun;
3456
3457	if (port->lun_map == NULL)
3458		return (0);
3459	free(port->lun_map, M_CTL);
3460	port->lun_map = NULL;
3461	if (port->status & CTL_PORT_STATUS_ONLINE) {
3462		if (port->lun_enable != NULL) {
3463			STAILQ_FOREACH(lun, &softc->lun_list, links)
3464				port->lun_enable(port->targ_lun_arg, lun->lun);
3465		}
3466		ctl_isc_announce_port(port);
3467	}
3468	return (0);
3469}
3470
3471int
3472ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3473{
3474	int status;
3475	uint32_t old;
3476
3477	if (port->lun_map == NULL) {
3478		status = ctl_lun_map_init(port);
3479		if (status != 0)
3480			return (status);
3481	}
3482	old = port->lun_map[plun];
3483	port->lun_map[plun] = glun;
3484	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3485		if (port->lun_enable != NULL)
3486			port->lun_enable(port->targ_lun_arg, plun);
3487		ctl_isc_announce_port(port);
3488	}
3489	return (0);
3490}
3491
3492int
3493ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3494{
3495	uint32_t old;
3496
3497	if (port->lun_map == NULL)
3498		return (0);
3499	old = port->lun_map[plun];
3500	port->lun_map[plun] = UINT32_MAX;
3501	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3502		if (port->lun_disable != NULL)
3503			port->lun_disable(port->targ_lun_arg, plun);
3504		ctl_isc_announce_port(port);
3505	}
3506	return (0);
3507}
3508
3509uint32_t
3510ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3511{
3512
3513	if (port == NULL)
3514		return (UINT32_MAX);
3515	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3516		return (lun_id);
3517	return (port->lun_map[lun_id]);
3518}
3519
3520uint32_t
3521ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3522{
3523	uint32_t i;
3524
3525	if (port == NULL)
3526		return (UINT32_MAX);
3527	if (port->lun_map == NULL)
3528		return (lun_id);
3529	for (i = 0; i < CTL_MAX_LUNS; i++) {
3530		if (port->lun_map[i] == lun_id)
3531			return (i);
3532	}
3533	return (UINT32_MAX);
3534}
3535
3536uint32_t
3537ctl_decode_lun(uint64_t encoded)
3538{
3539	uint8_t lun[8];
3540	uint32_t result = 0xffffffff;
3541
3542	be64enc(lun, encoded);
3543	switch (lun[0] & RPL_LUNDATA_ATYP_MASK) {
3544	case RPL_LUNDATA_ATYP_PERIPH:
3545		if ((lun[0] & 0x3f) == 0 && lun[2] == 0 && lun[3] == 0 &&
3546		    lun[4] == 0 && lun[5] == 0 && lun[6] == 0 && lun[7] == 0)
3547			result = lun[1];
3548		break;
3549	case RPL_LUNDATA_ATYP_FLAT:
3550		if (lun[2] == 0 && lun[3] == 0 && lun[4] == 0 && lun[5] == 0 &&
3551		    lun[6] == 0 && lun[7] == 0)
3552			result = ((lun[0] & 0x3f) << 8) + lun[1];
3553		break;
3554	case RPL_LUNDATA_ATYP_EXTLUN:
3555		switch (lun[0] & RPL_LUNDATA_EXT_EAM_MASK) {
3556		case 0x02:
3557			switch (lun[0] & RPL_LUNDATA_EXT_LEN_MASK) {
3558			case 0x00:
3559				result = lun[1];
3560				break;
3561			case 0x10:
3562				result = (lun[1] << 16) + (lun[2] << 8) +
3563				    lun[3];
3564				break;
3565			case 0x20:
3566				if (lun[1] == 0 && lun[6] == 0 && lun[7] == 0)
3567					result = (lun[2] << 24) +
3568					    (lun[3] << 16) + (lun[4] << 8) +
3569					    lun[5];
3570				break;
3571			}
3572			break;
3573		case RPL_LUNDATA_EXT_EAM_NOT_SPEC:
3574			result = 0xffffffff;
3575			break;
3576		}
3577		break;
3578	}
3579	return (result);
3580}
3581
3582uint64_t
3583ctl_encode_lun(uint32_t decoded)
3584{
3585	uint64_t l = decoded;
3586
3587	if (l <= 0xff)
3588		return (((uint64_t)RPL_LUNDATA_ATYP_PERIPH << 56) | (l << 48));
3589	if (l <= 0x3fff)
3590		return (((uint64_t)RPL_LUNDATA_ATYP_FLAT << 56) | (l << 48));
3591	if (l <= 0xffffff)
3592		return (((uint64_t)(RPL_LUNDATA_ATYP_EXTLUN | 0x12) << 56) |
3593		    (l << 32));
3594	return ((((uint64_t)RPL_LUNDATA_ATYP_EXTLUN | 0x22) << 56) | (l << 16));
3595}
3596
3597static struct ctl_port *
3598ctl_io_port(struct ctl_io_hdr *io_hdr)
3599{
3600
3601	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3602}
3603
3604int
3605ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3606{
3607	int i;
3608
3609	for (i = first; i < last; i++) {
3610		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3611			return (i);
3612	}
3613	return (-1);
3614}
3615
3616int
3617ctl_set_mask(uint32_t *mask, uint32_t bit)
3618{
3619	uint32_t chunk, piece;
3620
3621	chunk = bit >> 5;
3622	piece = bit % (sizeof(uint32_t) * 8);
3623
3624	if ((mask[chunk] & (1 << piece)) != 0)
3625		return (-1);
3626	else
3627		mask[chunk] |= (1 << piece);
3628
3629	return (0);
3630}
3631
3632int
3633ctl_clear_mask(uint32_t *mask, uint32_t bit)
3634{
3635	uint32_t chunk, piece;
3636
3637	chunk = bit >> 5;
3638	piece = bit % (sizeof(uint32_t) * 8);
3639
3640	if ((mask[chunk] & (1 << piece)) == 0)
3641		return (-1);
3642	else
3643		mask[chunk] &= ~(1 << piece);
3644
3645	return (0);
3646}
3647
3648int
3649ctl_is_set(uint32_t *mask, uint32_t bit)
3650{
3651	uint32_t chunk, piece;
3652
3653	chunk = bit >> 5;
3654	piece = bit % (sizeof(uint32_t) * 8);
3655
3656	if ((mask[chunk] & (1 << piece)) == 0)
3657		return (0);
3658	else
3659		return (1);
3660}
3661
3662static uint64_t
3663ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3664{
3665	uint64_t *t;
3666
3667	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3668	if (t == NULL)
3669		return (0);
3670	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3671}
3672
3673static void
3674ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3675{
3676	uint64_t *t;
3677
3678	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3679	if (t == NULL)
3680		return;
3681	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3682}
3683
3684static void
3685ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3686{
3687	uint64_t *p;
3688	u_int i;
3689
3690	i = residx/CTL_MAX_INIT_PER_PORT;
3691	if (lun->pr_keys[i] != NULL)
3692		return;
3693	mtx_unlock(&lun->lun_lock);
3694	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3695	    M_WAITOK | M_ZERO);
3696	mtx_lock(&lun->lun_lock);
3697	if (lun->pr_keys[i] == NULL)
3698		lun->pr_keys[i] = p;
3699	else
3700		free(p, M_CTL);
3701}
3702
3703static void
3704ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3705{
3706	uint64_t *t;
3707
3708	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3709	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3710	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3711}
3712
3713/*
3714 * ctl_softc, pool_name, total_ctl_io are passed in.
3715 * npool is passed out.
3716 */
3717int
3718ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3719		uint32_t total_ctl_io, void **npool)
3720{
3721#ifdef IO_POOLS
3722	struct ctl_io_pool *pool;
3723
3724	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3725					    M_NOWAIT | M_ZERO);
3726	if (pool == NULL)
3727		return (ENOMEM);
3728
3729	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3730	pool->ctl_softc = ctl_softc;
3731	pool->zone = uma_zsecond_create(pool->name, NULL,
3732	    NULL, NULL, NULL, ctl_softc->io_zone);
3733	/* uma_prealloc(pool->zone, total_ctl_io); */
3734
3735	*npool = pool;
3736#else
3737	*npool = ctl_softc->io_zone;
3738#endif
3739	return (0);
3740}
3741
3742void
3743ctl_pool_free(struct ctl_io_pool *pool)
3744{
3745
3746	if (pool == NULL)
3747		return;
3748
3749#ifdef IO_POOLS
3750	uma_zdestroy(pool->zone);
3751	free(pool, M_CTL);
3752#endif
3753}
3754
3755union ctl_io *
3756ctl_alloc_io(void *pool_ref)
3757{
3758	union ctl_io *io;
3759#ifdef IO_POOLS
3760	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3761
3762	io = uma_zalloc(pool->zone, M_WAITOK);
3763#else
3764	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3765#endif
3766	if (io != NULL)
3767		io->io_hdr.pool = pool_ref;
3768	return (io);
3769}
3770
3771union ctl_io *
3772ctl_alloc_io_nowait(void *pool_ref)
3773{
3774	union ctl_io *io;
3775#ifdef IO_POOLS
3776	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3777
3778	io = uma_zalloc(pool->zone, M_NOWAIT);
3779#else
3780	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3781#endif
3782	if (io != NULL)
3783		io->io_hdr.pool = pool_ref;
3784	return (io);
3785}
3786
3787void
3788ctl_free_io(union ctl_io *io)
3789{
3790#ifdef IO_POOLS
3791	struct ctl_io_pool *pool;
3792#endif
3793
3794	if (io == NULL)
3795		return;
3796
3797#ifdef IO_POOLS
3798	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3799	uma_zfree(pool->zone, io);
3800#else
3801	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3802#endif
3803}
3804
3805void
3806ctl_zero_io(union ctl_io *io)
3807{
3808	void *pool_ref;
3809
3810	if (io == NULL)
3811		return;
3812
3813	/*
3814	 * May need to preserve linked list pointers at some point too.
3815	 */
3816	pool_ref = io->io_hdr.pool;
3817	memset(io, 0, sizeof(*io));
3818	io->io_hdr.pool = pool_ref;
3819}
3820
3821int
3822ctl_expand_number(const char *buf, uint64_t *num)
3823{
3824	char *endptr;
3825	uint64_t number;
3826	unsigned shift;
3827
3828	number = strtoq(buf, &endptr, 0);
3829
3830	switch (tolower((unsigned char)*endptr)) {
3831	case 'e':
3832		shift = 60;
3833		break;
3834	case 'p':
3835		shift = 50;
3836		break;
3837	case 't':
3838		shift = 40;
3839		break;
3840	case 'g':
3841		shift = 30;
3842		break;
3843	case 'm':
3844		shift = 20;
3845		break;
3846	case 'k':
3847		shift = 10;
3848		break;
3849	case 'b':
3850	case '\0': /* No unit. */
3851		*num = number;
3852		return (0);
3853	default:
3854		/* Unrecognized unit. */
3855		return (-1);
3856	}
3857
3858	if ((number << shift) >> shift != number) {
3859		/* Overflow */
3860		return (-1);
3861	}
3862	*num = number << shift;
3863	return (0);
3864}
3865
3866
3867/*
3868 * This routine could be used in the future to load default and/or saved
3869 * mode page parameters for a particuar lun.
3870 */
3871static int
3872ctl_init_page_index(struct ctl_lun *lun)
3873{
3874	int i, page_code;
3875	struct ctl_page_index *page_index;
3876	const char *value;
3877	uint64_t ival;
3878
3879	memcpy(&lun->mode_pages.index, page_index_template,
3880	       sizeof(page_index_template));
3881
3882	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3883
3884		page_index = &lun->mode_pages.index[i];
3885		if (lun->be_lun->lun_type == T_DIRECT &&
3886		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
3887			continue;
3888		if (lun->be_lun->lun_type == T_PROCESSOR &&
3889		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
3890			continue;
3891		if (lun->be_lun->lun_type == T_CDROM &&
3892		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
3893			continue;
3894
3895		page_code = page_index->page_code & SMPH_PC_MASK;
3896		switch (page_code) {
3897		case SMS_RW_ERROR_RECOVERY_PAGE: {
3898			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3899			    ("subpage %#x for page %#x is incorrect!",
3900			    page_index->subpage, page_code));
3901			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3902			       &rw_er_page_default,
3903			       sizeof(rw_er_page_default));
3904			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3905			       &rw_er_page_changeable,
3906			       sizeof(rw_er_page_changeable));
3907			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3908			       &rw_er_page_default,
3909			       sizeof(rw_er_page_default));
3910			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3911			       &rw_er_page_default,
3912			       sizeof(rw_er_page_default));
3913			page_index->page_data =
3914				(uint8_t *)lun->mode_pages.rw_er_page;
3915			break;
3916		}
3917		case SMS_FORMAT_DEVICE_PAGE: {
3918			struct scsi_format_page *format_page;
3919
3920			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3921			    ("subpage %#x for page %#x is incorrect!",
3922			    page_index->subpage, page_code));
3923
3924			/*
3925			 * Sectors per track are set above.  Bytes per
3926			 * sector need to be set here on a per-LUN basis.
3927			 */
3928			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3929			       &format_page_default,
3930			       sizeof(format_page_default));
3931			memcpy(&lun->mode_pages.format_page[
3932			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3933			       sizeof(format_page_changeable));
3934			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3935			       &format_page_default,
3936			       sizeof(format_page_default));
3937			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3938			       &format_page_default,
3939			       sizeof(format_page_default));
3940
3941			format_page = &lun->mode_pages.format_page[
3942				CTL_PAGE_CURRENT];
3943			scsi_ulto2b(lun->be_lun->blocksize,
3944				    format_page->bytes_per_sector);
3945
3946			format_page = &lun->mode_pages.format_page[
3947				CTL_PAGE_DEFAULT];
3948			scsi_ulto2b(lun->be_lun->blocksize,
3949				    format_page->bytes_per_sector);
3950
3951			format_page = &lun->mode_pages.format_page[
3952				CTL_PAGE_SAVED];
3953			scsi_ulto2b(lun->be_lun->blocksize,
3954				    format_page->bytes_per_sector);
3955
3956			page_index->page_data =
3957				(uint8_t *)lun->mode_pages.format_page;
3958			break;
3959		}
3960		case SMS_RIGID_DISK_PAGE: {
3961			struct scsi_rigid_disk_page *rigid_disk_page;
3962			uint32_t sectors_per_cylinder;
3963			uint64_t cylinders;
3964#ifndef	__XSCALE__
3965			int shift;
3966#endif /* !__XSCALE__ */
3967
3968			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3969			    ("subpage %#x for page %#x is incorrect!",
3970			    page_index->subpage, page_code));
3971
3972			/*
3973			 * Rotation rate and sectors per track are set
3974			 * above.  We calculate the cylinders here based on
3975			 * capacity.  Due to the number of heads and
3976			 * sectors per track we're using, smaller arrays
3977			 * may turn out to have 0 cylinders.  Linux and
3978			 * FreeBSD don't pay attention to these mode pages
3979			 * to figure out capacity, but Solaris does.  It
3980			 * seems to deal with 0 cylinders just fine, and
3981			 * works out a fake geometry based on the capacity.
3982			 */
3983			memcpy(&lun->mode_pages.rigid_disk_page[
3984			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3985			       sizeof(rigid_disk_page_default));
3986			memcpy(&lun->mode_pages.rigid_disk_page[
3987			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3988			       sizeof(rigid_disk_page_changeable));
3989
3990			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3991				CTL_DEFAULT_HEADS;
3992
3993			/*
3994			 * The divide method here will be more accurate,
3995			 * probably, but results in floating point being
3996			 * used in the kernel on i386 (__udivdi3()).  On the
3997			 * XScale, though, __udivdi3() is implemented in
3998			 * software.
3999			 *
4000			 * The shift method for cylinder calculation is
4001			 * accurate if sectors_per_cylinder is a power of
4002			 * 2.  Otherwise it might be slightly off -- you
4003			 * might have a bit of a truncation problem.
4004			 */
4005#ifdef	__XSCALE__
4006			cylinders = (lun->be_lun->maxlba + 1) /
4007				sectors_per_cylinder;
4008#else
4009			for (shift = 31; shift > 0; shift--) {
4010				if (sectors_per_cylinder & (1 << shift))
4011					break;
4012			}
4013			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4014#endif
4015
4016			/*
4017			 * We've basically got 3 bytes, or 24 bits for the
4018			 * cylinder size in the mode page.  If we're over,
4019			 * just round down to 2^24.
4020			 */
4021			if (cylinders > 0xffffff)
4022				cylinders = 0xffffff;
4023
4024			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4025				CTL_PAGE_DEFAULT];
4026			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4027
4028			if ((value = ctl_get_opt(&lun->be_lun->options,
4029			    "rpm")) != NULL) {
4030				scsi_ulto2b(strtol(value, NULL, 0),
4031				     rigid_disk_page->rotation_rate);
4032			}
4033
4034			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4035			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4036			       sizeof(rigid_disk_page_default));
4037			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4038			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4039			       sizeof(rigid_disk_page_default));
4040
4041			page_index->page_data =
4042				(uint8_t *)lun->mode_pages.rigid_disk_page;
4043			break;
4044		}
4045		case SMS_CACHING_PAGE: {
4046			struct scsi_caching_page *caching_page;
4047
4048			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4049			    ("subpage %#x for page %#x is incorrect!",
4050			    page_index->subpage, page_code));
4051			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4052			       &caching_page_default,
4053			       sizeof(caching_page_default));
4054			memcpy(&lun->mode_pages.caching_page[
4055			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4056			       sizeof(caching_page_changeable));
4057			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4058			       &caching_page_default,
4059			       sizeof(caching_page_default));
4060			caching_page = &lun->mode_pages.caching_page[
4061			    CTL_PAGE_SAVED];
4062			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4063			if (value != NULL && strcmp(value, "off") == 0)
4064				caching_page->flags1 &= ~SCP_WCE;
4065			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4066			if (value != NULL && strcmp(value, "off") == 0)
4067				caching_page->flags1 |= SCP_RCD;
4068			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4069			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4070			       sizeof(caching_page_default));
4071			page_index->page_data =
4072				(uint8_t *)lun->mode_pages.caching_page;
4073			break;
4074		}
4075		case SMS_CONTROL_MODE_PAGE: {
4076			switch (page_index->subpage) {
4077			case SMS_SUBPAGE_PAGE_0: {
4078				struct scsi_control_page *control_page;
4079
4080				memcpy(&lun->mode_pages.control_page[
4081				    CTL_PAGE_DEFAULT],
4082				       &control_page_default,
4083				       sizeof(control_page_default));
4084				memcpy(&lun->mode_pages.control_page[
4085				    CTL_PAGE_CHANGEABLE],
4086				       &control_page_changeable,
4087				       sizeof(control_page_changeable));
4088				memcpy(&lun->mode_pages.control_page[
4089				    CTL_PAGE_SAVED],
4090				       &control_page_default,
4091				       sizeof(control_page_default));
4092				control_page = &lun->mode_pages.control_page[
4093				    CTL_PAGE_SAVED];
4094				value = ctl_get_opt(&lun->be_lun->options,
4095				    "reordering");
4096				if (value != NULL &&
4097				    strcmp(value, "unrestricted") == 0) {
4098					control_page->queue_flags &=
4099					    ~SCP_QUEUE_ALG_MASK;
4100					control_page->queue_flags |=
4101					    SCP_QUEUE_ALG_UNRESTRICTED;
4102				}
4103				memcpy(&lun->mode_pages.control_page[
4104				    CTL_PAGE_CURRENT],
4105				       &lun->mode_pages.control_page[
4106				    CTL_PAGE_SAVED],
4107				       sizeof(control_page_default));
4108				page_index->page_data =
4109				    (uint8_t *)lun->mode_pages.control_page;
4110				break;
4111			}
4112			case 0x01:
4113				memcpy(&lun->mode_pages.control_ext_page[
4114				    CTL_PAGE_DEFAULT],
4115				       &control_ext_page_default,
4116				       sizeof(control_ext_page_default));
4117				memcpy(&lun->mode_pages.control_ext_page[
4118				    CTL_PAGE_CHANGEABLE],
4119				       &control_ext_page_changeable,
4120				       sizeof(control_ext_page_changeable));
4121				memcpy(&lun->mode_pages.control_ext_page[
4122				    CTL_PAGE_SAVED],
4123				       &control_ext_page_default,
4124				       sizeof(control_ext_page_default));
4125				memcpy(&lun->mode_pages.control_ext_page[
4126				    CTL_PAGE_CURRENT],
4127				       &lun->mode_pages.control_ext_page[
4128				    CTL_PAGE_SAVED],
4129				       sizeof(control_ext_page_default));
4130				page_index->page_data =
4131				    (uint8_t *)lun->mode_pages.control_ext_page;
4132				break;
4133			default:
4134				panic("subpage %#x for page %#x is incorrect!",
4135				      page_index->subpage, page_code);
4136			}
4137			break;
4138		}
4139		case SMS_INFO_EXCEPTIONS_PAGE: {
4140			switch (page_index->subpage) {
4141			case SMS_SUBPAGE_PAGE_0:
4142				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4143				       &ie_page_default,
4144				       sizeof(ie_page_default));
4145				memcpy(&lun->mode_pages.ie_page[
4146				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4147				       sizeof(ie_page_changeable));
4148				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4149				       &ie_page_default,
4150				       sizeof(ie_page_default));
4151				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4152				       &ie_page_default,
4153				       sizeof(ie_page_default));
4154				page_index->page_data =
4155					(uint8_t *)lun->mode_pages.ie_page;
4156				break;
4157			case 0x02: {
4158				struct ctl_logical_block_provisioning_page *page;
4159
4160				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4161				       &lbp_page_default,
4162				       sizeof(lbp_page_default));
4163				memcpy(&lun->mode_pages.lbp_page[
4164				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4165				       sizeof(lbp_page_changeable));
4166				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4167				       &lbp_page_default,
4168				       sizeof(lbp_page_default));
4169				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4170				value = ctl_get_opt(&lun->be_lun->options,
4171				    "avail-threshold");
4172				if (value != NULL &&
4173				    ctl_expand_number(value, &ival) == 0) {
4174					page->descr[0].flags |= SLBPPD_ENABLED |
4175					    SLBPPD_ARMING_DEC;
4176					if (lun->be_lun->blocksize)
4177						ival /= lun->be_lun->blocksize;
4178					else
4179						ival /= 512;
4180					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4181					    page->descr[0].count);
4182				}
4183				value = ctl_get_opt(&lun->be_lun->options,
4184				    "used-threshold");
4185				if (value != NULL &&
4186				    ctl_expand_number(value, &ival) == 0) {
4187					page->descr[1].flags |= SLBPPD_ENABLED |
4188					    SLBPPD_ARMING_INC;
4189					if (lun->be_lun->blocksize)
4190						ival /= lun->be_lun->blocksize;
4191					else
4192						ival /= 512;
4193					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4194					    page->descr[1].count);
4195				}
4196				value = ctl_get_opt(&lun->be_lun->options,
4197				    "pool-avail-threshold");
4198				if (value != NULL &&
4199				    ctl_expand_number(value, &ival) == 0) {
4200					page->descr[2].flags |= SLBPPD_ENABLED |
4201					    SLBPPD_ARMING_DEC;
4202					if (lun->be_lun->blocksize)
4203						ival /= lun->be_lun->blocksize;
4204					else
4205						ival /= 512;
4206					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4207					    page->descr[2].count);
4208				}
4209				value = ctl_get_opt(&lun->be_lun->options,
4210				    "pool-used-threshold");
4211				if (value != NULL &&
4212				    ctl_expand_number(value, &ival) == 0) {
4213					page->descr[3].flags |= SLBPPD_ENABLED |
4214					    SLBPPD_ARMING_INC;
4215					if (lun->be_lun->blocksize)
4216						ival /= lun->be_lun->blocksize;
4217					else
4218						ival /= 512;
4219					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4220					    page->descr[3].count);
4221				}
4222				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4223				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4224				       sizeof(lbp_page_default));
4225				page_index->page_data =
4226					(uint8_t *)lun->mode_pages.lbp_page;
4227				break;
4228			}
4229			default:
4230				panic("subpage %#x for page %#x is incorrect!",
4231				      page_index->subpage, page_code);
4232			}
4233			break;
4234		}
4235		case SMS_CDDVD_CAPS_PAGE:{
4236			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4237			    ("subpage %#x for page %#x is incorrect!",
4238			    page_index->subpage, page_code));
4239			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_DEFAULT],
4240			       &cddvd_page_default,
4241			       sizeof(cddvd_page_default));
4242			memcpy(&lun->mode_pages.cddvd_page[
4243			       CTL_PAGE_CHANGEABLE], &cddvd_page_changeable,
4244			       sizeof(cddvd_page_changeable));
4245			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4246			       &cddvd_page_default,
4247			       sizeof(cddvd_page_default));
4248			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_CURRENT],
4249			       &lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4250			       sizeof(cddvd_page_default));
4251			page_index->page_data =
4252				(uint8_t *)lun->mode_pages.cddvd_page;
4253			break;
4254		}
4255		case SMS_VENDOR_SPECIFIC_PAGE:{
4256			switch (page_index->subpage) {
4257			case DBGCNF_SUBPAGE_CODE: {
4258				memcpy(&lun->mode_pages.debugconf_subpage[
4259				       CTL_PAGE_CURRENT],
4260				       &debugconf_page_default,
4261				       sizeof(debugconf_page_default));
4262				memcpy(&lun->mode_pages.debugconf_subpage[
4263				       CTL_PAGE_CHANGEABLE],
4264				       &debugconf_page_changeable,
4265				       sizeof(debugconf_page_changeable));
4266				memcpy(&lun->mode_pages.debugconf_subpage[
4267				       CTL_PAGE_DEFAULT],
4268				       &debugconf_page_default,
4269				       sizeof(debugconf_page_default));
4270				memcpy(&lun->mode_pages.debugconf_subpage[
4271				       CTL_PAGE_SAVED],
4272				       &debugconf_page_default,
4273				       sizeof(debugconf_page_default));
4274				page_index->page_data =
4275				    (uint8_t *)lun->mode_pages.debugconf_subpage;
4276				break;
4277			}
4278			default:
4279				panic("subpage %#x for page %#x is incorrect!",
4280				      page_index->subpage, page_code);
4281			}
4282			break;
4283		}
4284		default:
4285			panic("invalid page code value %#x", page_code);
4286		}
4287	}
4288
4289	return (CTL_RETVAL_COMPLETE);
4290}
4291
4292static int
4293ctl_init_log_page_index(struct ctl_lun *lun)
4294{
4295	struct ctl_page_index *page_index;
4296	int i, j, k, prev;
4297
4298	memcpy(&lun->log_pages.index, log_page_index_template,
4299	       sizeof(log_page_index_template));
4300
4301	prev = -1;
4302	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4303
4304		page_index = &lun->log_pages.index[i];
4305		if (lun->be_lun->lun_type == T_DIRECT &&
4306		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4307			continue;
4308		if (lun->be_lun->lun_type == T_PROCESSOR &&
4309		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4310			continue;
4311		if (lun->be_lun->lun_type == T_CDROM &&
4312		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4313			continue;
4314
4315		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4316		    lun->backend->lun_attr == NULL)
4317			continue;
4318
4319		if (page_index->page_code != prev) {
4320			lun->log_pages.pages_page[j] = page_index->page_code;
4321			prev = page_index->page_code;
4322			j++;
4323		}
4324		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4325		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4326		k++;
4327	}
4328	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4329	lun->log_pages.index[0].page_len = j;
4330	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4331	lun->log_pages.index[1].page_len = k * 2;
4332	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4333	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4334	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4335	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4336
4337	return (CTL_RETVAL_COMPLETE);
4338}
4339
4340static int
4341hex2bin(const char *str, uint8_t *buf, int buf_size)
4342{
4343	int i;
4344	u_char c;
4345
4346	memset(buf, 0, buf_size);
4347	while (isspace(str[0]))
4348		str++;
4349	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4350		str += 2;
4351	buf_size *= 2;
4352	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4353		c = str[i];
4354		if (isdigit(c))
4355			c -= '0';
4356		else if (isalpha(c))
4357			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4358		else
4359			break;
4360		if (c >= 16)
4361			break;
4362		if ((i & 1) == 0)
4363			buf[i / 2] |= (c << 4);
4364		else
4365			buf[i / 2] |= c;
4366	}
4367	return ((i + 1) / 2);
4368}
4369
4370/*
4371 * LUN allocation.
4372 *
4373 * Requirements:
4374 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4375 *   wants us to allocate the LUN and he can block.
4376 * - ctl_softc is always set
4377 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4378 *
4379 * Returns 0 for success, non-zero (errno) for failure.
4380 */
4381static int
4382ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4383	      struct ctl_be_lun *const be_lun)
4384{
4385	struct ctl_lun *nlun, *lun;
4386	struct scsi_vpd_id_descriptor *desc;
4387	struct scsi_vpd_id_t10 *t10id;
4388	const char *eui, *naa, *scsiname, *vendor, *value;
4389	int lun_number, i, lun_malloced;
4390	int devidlen, idlen1, idlen2 = 0, len;
4391
4392	if (be_lun == NULL)
4393		return (EINVAL);
4394
4395	/*
4396	 * We currently only support Direct Access or Processor LUN types.
4397	 */
4398	switch (be_lun->lun_type) {
4399	case T_DIRECT:
4400	case T_PROCESSOR:
4401	case T_CDROM:
4402		break;
4403	case T_SEQUENTIAL:
4404	case T_CHANGER:
4405	default:
4406		be_lun->lun_config_status(be_lun->be_lun,
4407					  CTL_LUN_CONFIG_FAILURE);
4408		break;
4409	}
4410	if (ctl_lun == NULL) {
4411		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4412		lun_malloced = 1;
4413	} else {
4414		lun_malloced = 0;
4415		lun = ctl_lun;
4416	}
4417
4418	memset(lun, 0, sizeof(*lun));
4419	if (lun_malloced)
4420		lun->flags = CTL_LUN_MALLOCED;
4421
4422	/* Generate LUN ID. */
4423	devidlen = max(CTL_DEVID_MIN_LEN,
4424	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4425	idlen1 = sizeof(*t10id) + devidlen;
4426	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4427	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4428	if (scsiname != NULL) {
4429		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4430		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4431	}
4432	eui = ctl_get_opt(&be_lun->options, "eui");
4433	if (eui != NULL) {
4434		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4435	}
4436	naa = ctl_get_opt(&be_lun->options, "naa");
4437	if (naa != NULL) {
4438		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4439	}
4440	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4441	    M_CTL, M_WAITOK | M_ZERO);
4442	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4443	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4444	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4445	desc->length = idlen1;
4446	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4447	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4448	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4449		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4450	} else {
4451		strncpy(t10id->vendor, vendor,
4452		    min(sizeof(t10id->vendor), strlen(vendor)));
4453	}
4454	strncpy((char *)t10id->vendor_spec_id,
4455	    (char *)be_lun->device_id, devidlen);
4456	if (scsiname != NULL) {
4457		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4458		    desc->length);
4459		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4460		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4461		    SVPD_ID_TYPE_SCSI_NAME;
4462		desc->length = idlen2;
4463		strlcpy(desc->identifier, scsiname, idlen2);
4464	}
4465	if (eui != NULL) {
4466		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4467		    desc->length);
4468		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4469		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4470		    SVPD_ID_TYPE_EUI64;
4471		desc->length = hex2bin(eui, desc->identifier, 16);
4472		desc->length = desc->length > 12 ? 16 :
4473		    (desc->length > 8 ? 12 : 8);
4474		len -= 16 - desc->length;
4475	}
4476	if (naa != NULL) {
4477		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4478		    desc->length);
4479		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4480		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4481		    SVPD_ID_TYPE_NAA;
4482		desc->length = hex2bin(naa, desc->identifier, 16);
4483		desc->length = desc->length > 8 ? 16 : 8;
4484		len -= 16 - desc->length;
4485	}
4486	lun->lun_devid->len = len;
4487
4488	mtx_lock(&ctl_softc->ctl_lock);
4489	/*
4490	 * See if the caller requested a particular LUN number.  If so, see
4491	 * if it is available.  Otherwise, allocate the first available LUN.
4492	 */
4493	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4494		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4495		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4496			mtx_unlock(&ctl_softc->ctl_lock);
4497			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4498				printf("ctl: requested LUN ID %d is higher "
4499				       "than CTL_MAX_LUNS - 1 (%d)\n",
4500				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4501			} else {
4502				/*
4503				 * XXX KDM return an error, or just assign
4504				 * another LUN ID in this case??
4505				 */
4506				printf("ctl: requested LUN ID %d is already "
4507				       "in use\n", be_lun->req_lun_id);
4508			}
4509			if (lun->flags & CTL_LUN_MALLOCED)
4510				free(lun, M_CTL);
4511			be_lun->lun_config_status(be_lun->be_lun,
4512						  CTL_LUN_CONFIG_FAILURE);
4513			return (ENOSPC);
4514		}
4515		lun_number = be_lun->req_lun_id;
4516	} else {
4517		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4518		if (lun_number == -1) {
4519			mtx_unlock(&ctl_softc->ctl_lock);
4520			printf("ctl: can't allocate LUN, out of LUNs\n");
4521			if (lun->flags & CTL_LUN_MALLOCED)
4522				free(lun, M_CTL);
4523			be_lun->lun_config_status(be_lun->be_lun,
4524						  CTL_LUN_CONFIG_FAILURE);
4525			return (ENOSPC);
4526		}
4527	}
4528	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4529
4530	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4531	lun->lun = lun_number;
4532	lun->be_lun = be_lun;
4533	/*
4534	 * The processor LUN is always enabled.  Disk LUNs come on line
4535	 * disabled, and must be enabled by the backend.
4536	 */
4537	lun->flags |= CTL_LUN_DISABLED;
4538	lun->backend = be_lun->be;
4539	be_lun->ctl_lun = lun;
4540	be_lun->lun_id = lun_number;
4541	atomic_add_int(&be_lun->be->num_luns, 1);
4542	if (be_lun->flags & CTL_LUN_FLAG_EJECTED)
4543		lun->flags |= CTL_LUN_EJECTED;
4544	if (be_lun->flags & CTL_LUN_FLAG_NO_MEDIA)
4545		lun->flags |= CTL_LUN_NO_MEDIA;
4546	if (be_lun->flags & CTL_LUN_FLAG_STOPPED)
4547		lun->flags |= CTL_LUN_STOPPED;
4548
4549	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4550		lun->flags |= CTL_LUN_PRIMARY_SC;
4551
4552	value = ctl_get_opt(&be_lun->options, "removable");
4553	if (value != NULL) {
4554		if (strcmp(value, "on") == 0)
4555			lun->flags |= CTL_LUN_REMOVABLE;
4556	} else if (be_lun->lun_type == T_CDROM)
4557		lun->flags |= CTL_LUN_REMOVABLE;
4558
4559	lun->ctl_softc = ctl_softc;
4560#ifdef CTL_TIME_IO
4561	lun->last_busy = getsbinuptime();
4562#endif
4563	TAILQ_INIT(&lun->ooa_queue);
4564	TAILQ_INIT(&lun->blocked_queue);
4565	STAILQ_INIT(&lun->error_list);
4566	ctl_tpc_lun_init(lun);
4567
4568	/*
4569	 * Initialize the mode and log page index.
4570	 */
4571	ctl_init_page_index(lun);
4572	ctl_init_log_page_index(lun);
4573
4574	/*
4575	 * Now, before we insert this lun on the lun list, set the lun
4576	 * inventory changed UA for all other luns.
4577	 */
4578	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4579		mtx_lock(&nlun->lun_lock);
4580		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4581		mtx_unlock(&nlun->lun_lock);
4582	}
4583
4584	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4585
4586	ctl_softc->ctl_luns[lun_number] = lun;
4587
4588	ctl_softc->num_luns++;
4589
4590	/* Setup statistics gathering */
4591	lun->stats.device_type = be_lun->lun_type;
4592	lun->stats.lun_number = lun_number;
4593	lun->stats.blocksize = be_lun->blocksize;
4594	if (be_lun->blocksize == 0)
4595		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4596	for (i = 0;i < CTL_MAX_PORTS;i++)
4597		lun->stats.ports[i].targ_port = i;
4598
4599	mtx_unlock(&ctl_softc->ctl_lock);
4600
4601	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4602	return (0);
4603}
4604
4605/*
4606 * Delete a LUN.
4607 * Assumptions:
4608 * - LUN has already been marked invalid and any pending I/O has been taken
4609 *   care of.
4610 */
4611static int
4612ctl_free_lun(struct ctl_lun *lun)
4613{
4614	struct ctl_softc *softc;
4615	struct ctl_lun *nlun;
4616	int i;
4617
4618	softc = lun->ctl_softc;
4619
4620	mtx_assert(&softc->ctl_lock, MA_OWNED);
4621
4622	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4623
4624	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4625
4626	softc->ctl_luns[lun->lun] = NULL;
4627
4628	if (!TAILQ_EMPTY(&lun->ooa_queue))
4629		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4630
4631	softc->num_luns--;
4632
4633	/*
4634	 * Tell the backend to free resources, if this LUN has a backend.
4635	 */
4636	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4637	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4638
4639	ctl_tpc_lun_shutdown(lun);
4640	mtx_destroy(&lun->lun_lock);
4641	free(lun->lun_devid, M_CTL);
4642	for (i = 0; i < CTL_MAX_PORTS; i++)
4643		free(lun->pending_ua[i], M_CTL);
4644	for (i = 0; i < CTL_MAX_PORTS; i++)
4645		free(lun->pr_keys[i], M_CTL);
4646	free(lun->write_buffer, M_CTL);
4647	if (lun->flags & CTL_LUN_MALLOCED)
4648		free(lun, M_CTL);
4649
4650	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4651		mtx_lock(&nlun->lun_lock);
4652		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4653		mtx_unlock(&nlun->lun_lock);
4654	}
4655
4656	return (0);
4657}
4658
4659static void
4660ctl_create_lun(struct ctl_be_lun *be_lun)
4661{
4662
4663	/*
4664	 * ctl_alloc_lun() should handle all potential failure cases.
4665	 */
4666	ctl_alloc_lun(control_softc, NULL, be_lun);
4667}
4668
4669int
4670ctl_add_lun(struct ctl_be_lun *be_lun)
4671{
4672	struct ctl_softc *softc = control_softc;
4673
4674	mtx_lock(&softc->ctl_lock);
4675	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4676	mtx_unlock(&softc->ctl_lock);
4677	wakeup(&softc->pending_lun_queue);
4678
4679	return (0);
4680}
4681
4682int
4683ctl_enable_lun(struct ctl_be_lun *be_lun)
4684{
4685	struct ctl_softc *softc;
4686	struct ctl_port *port, *nport;
4687	struct ctl_lun *lun;
4688	int retval;
4689
4690	lun = (struct ctl_lun *)be_lun->ctl_lun;
4691	softc = lun->ctl_softc;
4692
4693	mtx_lock(&softc->ctl_lock);
4694	mtx_lock(&lun->lun_lock);
4695	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4696		/*
4697		 * eh?  Why did we get called if the LUN is already
4698		 * enabled?
4699		 */
4700		mtx_unlock(&lun->lun_lock);
4701		mtx_unlock(&softc->ctl_lock);
4702		return (0);
4703	}
4704	lun->flags &= ~CTL_LUN_DISABLED;
4705	mtx_unlock(&lun->lun_lock);
4706
4707	STAILQ_FOREACH_SAFE(port, &softc->port_list, links, nport) {
4708		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4709		    port->lun_map != NULL || port->lun_enable == NULL)
4710			continue;
4711
4712		/*
4713		 * Drop the lock while we call the FETD's enable routine.
4714		 * This can lead to a callback into CTL (at least in the
4715		 * case of the internal initiator frontend.
4716		 */
4717		mtx_unlock(&softc->ctl_lock);
4718		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4719		mtx_lock(&softc->ctl_lock);
4720		if (retval != 0) {
4721			printf("%s: FETD %s port %d returned error "
4722			       "%d for lun_enable on lun %jd\n",
4723			       __func__, port->port_name, port->targ_port,
4724			       retval, (intmax_t)lun->lun);
4725		}
4726	}
4727
4728	mtx_unlock(&softc->ctl_lock);
4729	ctl_isc_announce_lun(lun);
4730
4731	return (0);
4732}
4733
4734int
4735ctl_disable_lun(struct ctl_be_lun *be_lun)
4736{
4737	struct ctl_softc *softc;
4738	struct ctl_port *port;
4739	struct ctl_lun *lun;
4740	int retval;
4741
4742	lun = (struct ctl_lun *)be_lun->ctl_lun;
4743	softc = lun->ctl_softc;
4744
4745	mtx_lock(&softc->ctl_lock);
4746	mtx_lock(&lun->lun_lock);
4747	if (lun->flags & CTL_LUN_DISABLED) {
4748		mtx_unlock(&lun->lun_lock);
4749		mtx_unlock(&softc->ctl_lock);
4750		return (0);
4751	}
4752	lun->flags |= CTL_LUN_DISABLED;
4753	mtx_unlock(&lun->lun_lock);
4754
4755	STAILQ_FOREACH(port, &softc->port_list, links) {
4756		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4757		    port->lun_map != NULL || port->lun_disable == NULL)
4758			continue;
4759
4760		/*
4761		 * Drop the lock before we call the frontend's disable
4762		 * routine, to avoid lock order reversals.
4763		 *
4764		 * XXX KDM what happens if the frontend list changes while
4765		 * we're traversing it?  It's unlikely, but should be handled.
4766		 */
4767		mtx_unlock(&softc->ctl_lock);
4768		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4769		mtx_lock(&softc->ctl_lock);
4770		if (retval != 0) {
4771			printf("%s: FETD %s port %d returned error "
4772			       "%d for lun_disable on lun %jd\n",
4773			       __func__, port->port_name, port->targ_port,
4774			       retval, (intmax_t)lun->lun);
4775		}
4776	}
4777
4778	mtx_unlock(&softc->ctl_lock);
4779	ctl_isc_announce_lun(lun);
4780
4781	return (0);
4782}
4783
4784int
4785ctl_start_lun(struct ctl_be_lun *be_lun)
4786{
4787	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4788
4789	mtx_lock(&lun->lun_lock);
4790	lun->flags &= ~CTL_LUN_STOPPED;
4791	mtx_unlock(&lun->lun_lock);
4792	return (0);
4793}
4794
4795int
4796ctl_stop_lun(struct ctl_be_lun *be_lun)
4797{
4798	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4799
4800	mtx_lock(&lun->lun_lock);
4801	lun->flags |= CTL_LUN_STOPPED;
4802	mtx_unlock(&lun->lun_lock);
4803	return (0);
4804}
4805
4806int
4807ctl_lun_no_media(struct ctl_be_lun *be_lun)
4808{
4809	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4810
4811	mtx_lock(&lun->lun_lock);
4812	lun->flags |= CTL_LUN_NO_MEDIA;
4813	mtx_unlock(&lun->lun_lock);
4814	return (0);
4815}
4816
4817int
4818ctl_lun_has_media(struct ctl_be_lun *be_lun)
4819{
4820	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4821	union ctl_ha_msg msg;
4822
4823	mtx_lock(&lun->lun_lock);
4824	lun->flags &= ~(CTL_LUN_NO_MEDIA | CTL_LUN_EJECTED);
4825	if (lun->flags & CTL_LUN_REMOVABLE)
4826		ctl_est_ua_all(lun, -1, CTL_UA_MEDIUM_CHANGE);
4827	mtx_unlock(&lun->lun_lock);
4828	if ((lun->flags & CTL_LUN_REMOVABLE) &&
4829	    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4830		bzero(&msg.ua, sizeof(msg.ua));
4831		msg.hdr.msg_type = CTL_MSG_UA;
4832		msg.hdr.nexus.initid = -1;
4833		msg.hdr.nexus.targ_port = -1;
4834		msg.hdr.nexus.targ_lun = lun->lun;
4835		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4836		msg.ua.ua_all = 1;
4837		msg.ua.ua_set = 1;
4838		msg.ua.ua_type = CTL_UA_MEDIUM_CHANGE;
4839		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4840		    M_WAITOK);
4841	}
4842	return (0);
4843}
4844
4845int
4846ctl_lun_ejected(struct ctl_be_lun *be_lun)
4847{
4848	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4849
4850	mtx_lock(&lun->lun_lock);
4851	lun->flags |= CTL_LUN_EJECTED;
4852	mtx_unlock(&lun->lun_lock);
4853	return (0);
4854}
4855
4856int
4857ctl_lun_primary(struct ctl_be_lun *be_lun)
4858{
4859	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4860
4861	mtx_lock(&lun->lun_lock);
4862	lun->flags |= CTL_LUN_PRIMARY_SC;
4863	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4864	mtx_unlock(&lun->lun_lock);
4865	ctl_isc_announce_lun(lun);
4866	return (0);
4867}
4868
4869int
4870ctl_lun_secondary(struct ctl_be_lun *be_lun)
4871{
4872	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4873
4874	mtx_lock(&lun->lun_lock);
4875	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4876	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4877	mtx_unlock(&lun->lun_lock);
4878	ctl_isc_announce_lun(lun);
4879	return (0);
4880}
4881
4882int
4883ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4884{
4885	struct ctl_softc *softc;
4886	struct ctl_lun *lun;
4887
4888	lun = (struct ctl_lun *)be_lun->ctl_lun;
4889	softc = lun->ctl_softc;
4890
4891	mtx_lock(&lun->lun_lock);
4892
4893	/*
4894	 * The LUN needs to be disabled before it can be marked invalid.
4895	 */
4896	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4897		mtx_unlock(&lun->lun_lock);
4898		return (-1);
4899	}
4900	/*
4901	 * Mark the LUN invalid.
4902	 */
4903	lun->flags |= CTL_LUN_INVALID;
4904
4905	/*
4906	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4907	 * If we have something in the OOA queue, we'll free it when the
4908	 * last I/O completes.
4909	 */
4910	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4911		mtx_unlock(&lun->lun_lock);
4912		mtx_lock(&softc->ctl_lock);
4913		ctl_free_lun(lun);
4914		mtx_unlock(&softc->ctl_lock);
4915	} else
4916		mtx_unlock(&lun->lun_lock);
4917
4918	return (0);
4919}
4920
4921void
4922ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4923{
4924	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4925	union ctl_ha_msg msg;
4926
4927	mtx_lock(&lun->lun_lock);
4928	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGE);
4929	mtx_unlock(&lun->lun_lock);
4930	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4931		/* Send msg to other side. */
4932		bzero(&msg.ua, sizeof(msg.ua));
4933		msg.hdr.msg_type = CTL_MSG_UA;
4934		msg.hdr.nexus.initid = -1;
4935		msg.hdr.nexus.targ_port = -1;
4936		msg.hdr.nexus.targ_lun = lun->lun;
4937		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4938		msg.ua.ua_all = 1;
4939		msg.ua.ua_set = 1;
4940		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGE;
4941		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4942		    M_WAITOK);
4943	}
4944}
4945
4946/*
4947 * Backend "memory move is complete" callback for requests that never
4948 * make it down to say RAIDCore's configuration code.
4949 */
4950int
4951ctl_config_move_done(union ctl_io *io)
4952{
4953	int retval;
4954
4955	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4956	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4957	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4958
4959	if ((io->io_hdr.port_status != 0) &&
4960	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4961	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4962		/*
4963		 * For hardware error sense keys, the sense key
4964		 * specific value is defined to be a retry count,
4965		 * but we use it to pass back an internal FETD
4966		 * error code.  XXX KDM  Hopefully the FETD is only
4967		 * using 16 bits for an error code, since that's
4968		 * all the space we have in the sks field.
4969		 */
4970		ctl_set_internal_failure(&io->scsiio,
4971					 /*sks_valid*/ 1,
4972					 /*retry_count*/
4973					 io->io_hdr.port_status);
4974	}
4975
4976	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4977		ctl_data_print(io);
4978	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4979	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4980	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4981	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4982		/*
4983		 * XXX KDM just assuming a single pointer here, and not a
4984		 * S/G list.  If we start using S/G lists for config data,
4985		 * we'll need to know how to clean them up here as well.
4986		 */
4987		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4988			free(io->scsiio.kern_data_ptr, M_CTL);
4989		ctl_done(io);
4990		retval = CTL_RETVAL_COMPLETE;
4991	} else {
4992		/*
4993		 * XXX KDM now we need to continue data movement.  Some
4994		 * options:
4995		 * - call ctl_scsiio() again?  We don't do this for data
4996		 *   writes, because for those at least we know ahead of
4997		 *   time where the write will go and how long it is.  For
4998		 *   config writes, though, that information is largely
4999		 *   contained within the write itself, thus we need to
5000		 *   parse out the data again.
5001		 *
5002		 * - Call some other function once the data is in?
5003		 */
5004
5005		/*
5006		 * XXX KDM call ctl_scsiio() again for now, and check flag
5007		 * bits to see whether we're allocated or not.
5008		 */
5009		retval = ctl_scsiio(&io->scsiio);
5010	}
5011	return (retval);
5012}
5013
5014/*
5015 * This gets called by a backend driver when it is done with a
5016 * data_submit method.
5017 */
5018void
5019ctl_data_submit_done(union ctl_io *io)
5020{
5021	/*
5022	 * If the IO_CONT flag is set, we need to call the supplied
5023	 * function to continue processing the I/O, instead of completing
5024	 * the I/O just yet.
5025	 *
5026	 * If there is an error, though, we don't want to keep processing.
5027	 * Instead, just send status back to the initiator.
5028	 */
5029	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5030	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5031	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5032	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5033		io->scsiio.io_cont(io);
5034		return;
5035	}
5036	ctl_done(io);
5037}
5038
5039/*
5040 * This gets called by a backend driver when it is done with a
5041 * configuration write.
5042 */
5043void
5044ctl_config_write_done(union ctl_io *io)
5045{
5046	uint8_t *buf;
5047
5048	/*
5049	 * If the IO_CONT flag is set, we need to call the supplied
5050	 * function to continue processing the I/O, instead of completing
5051	 * the I/O just yet.
5052	 *
5053	 * If there is an error, though, we don't want to keep processing.
5054	 * Instead, just send status back to the initiator.
5055	 */
5056	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5057	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5058	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5059	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5060		io->scsiio.io_cont(io);
5061		return;
5062	}
5063	/*
5064	 * Since a configuration write can be done for commands that actually
5065	 * have data allocated, like write buffer, and commands that have
5066	 * no data, like start/stop unit, we need to check here.
5067	 */
5068	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5069		buf = io->scsiio.kern_data_ptr;
5070	else
5071		buf = NULL;
5072	ctl_done(io);
5073	if (buf)
5074		free(buf, M_CTL);
5075}
5076
5077void
5078ctl_config_read_done(union ctl_io *io)
5079{
5080	uint8_t *buf;
5081
5082	/*
5083	 * If there is some error -- we are done, skip data transfer.
5084	 */
5085	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5086	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5087	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5088		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5089			buf = io->scsiio.kern_data_ptr;
5090		else
5091			buf = NULL;
5092		ctl_done(io);
5093		if (buf)
5094			free(buf, M_CTL);
5095		return;
5096	}
5097
5098	/*
5099	 * If the IO_CONT flag is set, we need to call the supplied
5100	 * function to continue processing the I/O, instead of completing
5101	 * the I/O just yet.
5102	 */
5103	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5104		io->scsiio.io_cont(io);
5105		return;
5106	}
5107
5108	ctl_datamove(io);
5109}
5110
5111/*
5112 * SCSI release command.
5113 */
5114int
5115ctl_scsi_release(struct ctl_scsiio *ctsio)
5116{
5117	struct ctl_lun *lun;
5118	uint32_t residx;
5119
5120	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5121
5122	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5123	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5124
5125	/*
5126	 * XXX KDM right now, we only support LUN reservation.  We don't
5127	 * support 3rd party reservations, or extent reservations, which
5128	 * might actually need the parameter list.  If we've gotten this
5129	 * far, we've got a LUN reservation.  Anything else got kicked out
5130	 * above.  So, according to SPC, ignore the length.
5131	 */
5132
5133	mtx_lock(&lun->lun_lock);
5134
5135	/*
5136	 * According to SPC, it is not an error for an intiator to attempt
5137	 * to release a reservation on a LUN that isn't reserved, or that
5138	 * is reserved by another initiator.  The reservation can only be
5139	 * released, though, by the initiator who made it or by one of
5140	 * several reset type events.
5141	 */
5142	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5143			lun->flags &= ~CTL_LUN_RESERVED;
5144
5145	mtx_unlock(&lun->lun_lock);
5146
5147	ctl_set_success(ctsio);
5148	ctl_done((union ctl_io *)ctsio);
5149	return (CTL_RETVAL_COMPLETE);
5150}
5151
5152int
5153ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5154{
5155	struct ctl_lun *lun;
5156	uint32_t residx;
5157
5158	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5159
5160	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5161	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5162
5163	/*
5164	 * XXX KDM right now, we only support LUN reservation.  We don't
5165	 * support 3rd party reservations, or extent reservations, which
5166	 * might actually need the parameter list.  If we've gotten this
5167	 * far, we've got a LUN reservation.  Anything else got kicked out
5168	 * above.  So, according to SPC, ignore the length.
5169	 */
5170
5171	mtx_lock(&lun->lun_lock);
5172	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5173		ctl_set_reservation_conflict(ctsio);
5174		goto bailout;
5175	}
5176
5177	/* SPC-3 exceptions to SPC-2 RESERVE and RELEASE behavior. */
5178	if (lun->flags & CTL_LUN_PR_RESERVED) {
5179		ctl_set_success(ctsio);
5180		goto bailout;
5181	}
5182
5183	lun->flags |= CTL_LUN_RESERVED;
5184	lun->res_idx = residx;
5185	ctl_set_success(ctsio);
5186
5187bailout:
5188	mtx_unlock(&lun->lun_lock);
5189	ctl_done((union ctl_io *)ctsio);
5190	return (CTL_RETVAL_COMPLETE);
5191}
5192
5193int
5194ctl_start_stop(struct ctl_scsiio *ctsio)
5195{
5196	struct scsi_start_stop_unit *cdb;
5197	struct ctl_lun *lun;
5198	int retval;
5199
5200	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5201
5202	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5203	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5204
5205	if ((cdb->how & SSS_PC_MASK) == 0) {
5206		if ((lun->flags & CTL_LUN_PR_RESERVED) &&
5207		    (cdb->how & SSS_START) == 0) {
5208			uint32_t residx;
5209
5210			residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5211			if (ctl_get_prkey(lun, residx) == 0 ||
5212			    (lun->pr_res_idx != residx && lun->pr_res_type < 4)) {
5213
5214				ctl_set_reservation_conflict(ctsio);
5215				ctl_done((union ctl_io *)ctsio);
5216				return (CTL_RETVAL_COMPLETE);
5217			}
5218		}
5219
5220		if ((cdb->how & SSS_LOEJ) &&
5221		    (lun->flags & CTL_LUN_REMOVABLE) == 0) {
5222			ctl_set_invalid_field(ctsio,
5223					      /*sks_valid*/ 1,
5224					      /*command*/ 1,
5225					      /*field*/ 4,
5226					      /*bit_valid*/ 1,
5227					      /*bit*/ 1);
5228			ctl_done((union ctl_io *)ctsio);
5229			return (CTL_RETVAL_COMPLETE);
5230		}
5231
5232		if ((cdb->how & SSS_START) == 0 && (cdb->how & SSS_LOEJ) &&
5233		    lun->prevent_count > 0) {
5234			/* "Medium removal prevented" */
5235			ctl_set_sense(ctsio, /*current_error*/ 1,
5236			    /*sense_key*/(lun->flags & CTL_LUN_NO_MEDIA) ?
5237			     SSD_KEY_NOT_READY : SSD_KEY_ILLEGAL_REQUEST,
5238			    /*asc*/ 0x53, /*ascq*/ 0x02, SSD_ELEM_NONE);
5239			ctl_done((union ctl_io *)ctsio);
5240			return (CTL_RETVAL_COMPLETE);
5241		}
5242	}
5243
5244	retval = lun->backend->config_write((union ctl_io *)ctsio);
5245	return (retval);
5246}
5247
5248int
5249ctl_prevent_allow(struct ctl_scsiio *ctsio)
5250{
5251	struct ctl_lun *lun;
5252	struct scsi_prevent *cdb;
5253	int retval;
5254	uint32_t initidx;
5255
5256	CTL_DEBUG_PRINT(("ctl_prevent_allow\n"));
5257
5258	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5259	cdb = (struct scsi_prevent *)ctsio->cdb;
5260
5261	if ((lun->flags & CTL_LUN_REMOVABLE) == 0) {
5262		ctl_set_invalid_opcode(ctsio);
5263		ctl_done((union ctl_io *)ctsio);
5264		return (CTL_RETVAL_COMPLETE);
5265	}
5266
5267	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5268	mtx_lock(&lun->lun_lock);
5269	if ((cdb->how & PR_PREVENT) &&
5270	    ctl_is_set(lun->prevent, initidx) == 0) {
5271		ctl_set_mask(lun->prevent, initidx);
5272		lun->prevent_count++;
5273	} else if ((cdb->how & PR_PREVENT) == 0 &&
5274	    ctl_is_set(lun->prevent, initidx)) {
5275		ctl_clear_mask(lun->prevent, initidx);
5276		lun->prevent_count--;
5277	}
5278	mtx_unlock(&lun->lun_lock);
5279	retval = lun->backend->config_write((union ctl_io *)ctsio);
5280	return (retval);
5281}
5282
5283/*
5284 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5285 * we don't really do anything with the LBA and length fields if the user
5286 * passes them in.  Instead we'll just flush out the cache for the entire
5287 * LUN.
5288 */
5289int
5290ctl_sync_cache(struct ctl_scsiio *ctsio)
5291{
5292	struct ctl_lun *lun;
5293	struct ctl_softc *softc;
5294	struct ctl_lba_len_flags *lbalen;
5295	uint64_t starting_lba;
5296	uint32_t block_count;
5297	int retval;
5298	uint8_t byte2;
5299
5300	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5301
5302	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5303	softc = lun->ctl_softc;
5304	retval = 0;
5305
5306	switch (ctsio->cdb[0]) {
5307	case SYNCHRONIZE_CACHE: {
5308		struct scsi_sync_cache *cdb;
5309		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5310
5311		starting_lba = scsi_4btoul(cdb->begin_lba);
5312		block_count = scsi_2btoul(cdb->lb_count);
5313		byte2 = cdb->byte2;
5314		break;
5315	}
5316	case SYNCHRONIZE_CACHE_16: {
5317		struct scsi_sync_cache_16 *cdb;
5318		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5319
5320		starting_lba = scsi_8btou64(cdb->begin_lba);
5321		block_count = scsi_4btoul(cdb->lb_count);
5322		byte2 = cdb->byte2;
5323		break;
5324	}
5325	default:
5326		ctl_set_invalid_opcode(ctsio);
5327		ctl_done((union ctl_io *)ctsio);
5328		goto bailout;
5329		break; /* NOTREACHED */
5330	}
5331
5332	/*
5333	 * We check the LBA and length, but don't do anything with them.
5334	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5335	 * get flushed.  This check will just help satisfy anyone who wants
5336	 * to see an error for an out of range LBA.
5337	 */
5338	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5339		ctl_set_lba_out_of_range(ctsio);
5340		ctl_done((union ctl_io *)ctsio);
5341		goto bailout;
5342	}
5343
5344	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5345	lbalen->lba = starting_lba;
5346	lbalen->len = block_count;
5347	lbalen->flags = byte2;
5348	retval = lun->backend->config_write((union ctl_io *)ctsio);
5349
5350bailout:
5351	return (retval);
5352}
5353
5354int
5355ctl_format(struct ctl_scsiio *ctsio)
5356{
5357	struct scsi_format *cdb;
5358	struct ctl_lun *lun;
5359	int length, defect_list_len;
5360
5361	CTL_DEBUG_PRINT(("ctl_format\n"));
5362
5363	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5364
5365	cdb = (struct scsi_format *)ctsio->cdb;
5366
5367	length = 0;
5368	if (cdb->byte2 & SF_FMTDATA) {
5369		if (cdb->byte2 & SF_LONGLIST)
5370			length = sizeof(struct scsi_format_header_long);
5371		else
5372			length = sizeof(struct scsi_format_header_short);
5373	}
5374
5375	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5376	 && (length > 0)) {
5377		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5378		ctsio->kern_data_len = length;
5379		ctsio->kern_total_len = length;
5380		ctsio->kern_data_resid = 0;
5381		ctsio->kern_rel_offset = 0;
5382		ctsio->kern_sg_entries = 0;
5383		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5384		ctsio->be_move_done = ctl_config_move_done;
5385		ctl_datamove((union ctl_io *)ctsio);
5386
5387		return (CTL_RETVAL_COMPLETE);
5388	}
5389
5390	defect_list_len = 0;
5391
5392	if (cdb->byte2 & SF_FMTDATA) {
5393		if (cdb->byte2 & SF_LONGLIST) {
5394			struct scsi_format_header_long *header;
5395
5396			header = (struct scsi_format_header_long *)
5397				ctsio->kern_data_ptr;
5398
5399			defect_list_len = scsi_4btoul(header->defect_list_len);
5400			if (defect_list_len != 0) {
5401				ctl_set_invalid_field(ctsio,
5402						      /*sks_valid*/ 1,
5403						      /*command*/ 0,
5404						      /*field*/ 2,
5405						      /*bit_valid*/ 0,
5406						      /*bit*/ 0);
5407				goto bailout;
5408			}
5409		} else {
5410			struct scsi_format_header_short *header;
5411
5412			header = (struct scsi_format_header_short *)
5413				ctsio->kern_data_ptr;
5414
5415			defect_list_len = scsi_2btoul(header->defect_list_len);
5416			if (defect_list_len != 0) {
5417				ctl_set_invalid_field(ctsio,
5418						      /*sks_valid*/ 1,
5419						      /*command*/ 0,
5420						      /*field*/ 2,
5421						      /*bit_valid*/ 0,
5422						      /*bit*/ 0);
5423				goto bailout;
5424			}
5425		}
5426	}
5427
5428	ctl_set_success(ctsio);
5429bailout:
5430
5431	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5432		free(ctsio->kern_data_ptr, M_CTL);
5433		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5434	}
5435
5436	ctl_done((union ctl_io *)ctsio);
5437	return (CTL_RETVAL_COMPLETE);
5438}
5439
5440int
5441ctl_read_buffer(struct ctl_scsiio *ctsio)
5442{
5443	struct ctl_lun *lun;
5444	uint64_t buffer_offset;
5445	uint32_t len;
5446	uint8_t byte2;
5447	static uint8_t descr[4];
5448	static uint8_t echo_descr[4] = { 0 };
5449
5450	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5451	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5452	switch (ctsio->cdb[0]) {
5453	case READ_BUFFER: {
5454		struct scsi_read_buffer *cdb;
5455
5456		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5457		buffer_offset = scsi_3btoul(cdb->offset);
5458		len = scsi_3btoul(cdb->length);
5459		byte2 = cdb->byte2;
5460		break;
5461	}
5462	case READ_BUFFER_16: {
5463		struct scsi_read_buffer_16 *cdb;
5464
5465		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5466		buffer_offset = scsi_8btou64(cdb->offset);
5467		len = scsi_4btoul(cdb->length);
5468		byte2 = cdb->byte2;
5469		break;
5470	}
5471	default: /* This shouldn't happen. */
5472		ctl_set_invalid_opcode(ctsio);
5473		ctl_done((union ctl_io *)ctsio);
5474		return (CTL_RETVAL_COMPLETE);
5475	}
5476
5477	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5478	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5479	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5480		ctl_set_invalid_field(ctsio,
5481				      /*sks_valid*/ 1,
5482				      /*command*/ 1,
5483				      /*field*/ 1,
5484				      /*bit_valid*/ 1,
5485				      /*bit*/ 4);
5486		ctl_done((union ctl_io *)ctsio);
5487		return (CTL_RETVAL_COMPLETE);
5488	}
5489
5490	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5491	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5492		ctl_set_invalid_field(ctsio,
5493				      /*sks_valid*/ 1,
5494				      /*command*/ 1,
5495				      /*field*/ 6,
5496				      /*bit_valid*/ 0,
5497				      /*bit*/ 0);
5498		ctl_done((union ctl_io *)ctsio);
5499		return (CTL_RETVAL_COMPLETE);
5500	}
5501
5502	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5503		descr[0] = 0;
5504		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5505		ctsio->kern_data_ptr = descr;
5506		len = min(len, sizeof(descr));
5507	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5508		ctsio->kern_data_ptr = echo_descr;
5509		len = min(len, sizeof(echo_descr));
5510	} else {
5511		if (lun->write_buffer == NULL) {
5512			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5513			    M_CTL, M_WAITOK);
5514		}
5515		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5516	}
5517	ctsio->kern_data_len = len;
5518	ctsio->kern_total_len = len;
5519	ctsio->kern_data_resid = 0;
5520	ctsio->kern_rel_offset = 0;
5521	ctsio->kern_sg_entries = 0;
5522	ctl_set_success(ctsio);
5523	ctsio->be_move_done = ctl_config_move_done;
5524	ctl_datamove((union ctl_io *)ctsio);
5525	return (CTL_RETVAL_COMPLETE);
5526}
5527
5528int
5529ctl_write_buffer(struct ctl_scsiio *ctsio)
5530{
5531	struct scsi_write_buffer *cdb;
5532	struct ctl_lun *lun;
5533	int buffer_offset, len;
5534
5535	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5536
5537	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5538	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5539
5540	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5541		ctl_set_invalid_field(ctsio,
5542				      /*sks_valid*/ 1,
5543				      /*command*/ 1,
5544				      /*field*/ 1,
5545				      /*bit_valid*/ 1,
5546				      /*bit*/ 4);
5547		ctl_done((union ctl_io *)ctsio);
5548		return (CTL_RETVAL_COMPLETE);
5549	}
5550
5551	len = scsi_3btoul(cdb->length);
5552	buffer_offset = scsi_3btoul(cdb->offset);
5553
5554	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5555		ctl_set_invalid_field(ctsio,
5556				      /*sks_valid*/ 1,
5557				      /*command*/ 1,
5558				      /*field*/ 6,
5559				      /*bit_valid*/ 0,
5560				      /*bit*/ 0);
5561		ctl_done((union ctl_io *)ctsio);
5562		return (CTL_RETVAL_COMPLETE);
5563	}
5564
5565	/*
5566	 * If we've got a kernel request that hasn't been malloced yet,
5567	 * malloc it and tell the caller the data buffer is here.
5568	 */
5569	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5570		if (lun->write_buffer == NULL) {
5571			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5572			    M_CTL, M_WAITOK);
5573		}
5574		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5575		ctsio->kern_data_len = len;
5576		ctsio->kern_total_len = len;
5577		ctsio->kern_data_resid = 0;
5578		ctsio->kern_rel_offset = 0;
5579		ctsio->kern_sg_entries = 0;
5580		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5581		ctsio->be_move_done = ctl_config_move_done;
5582		ctl_datamove((union ctl_io *)ctsio);
5583
5584		return (CTL_RETVAL_COMPLETE);
5585	}
5586
5587	ctl_set_success(ctsio);
5588	ctl_done((union ctl_io *)ctsio);
5589	return (CTL_RETVAL_COMPLETE);
5590}
5591
5592int
5593ctl_write_same(struct ctl_scsiio *ctsio)
5594{
5595	struct ctl_lun *lun;
5596	struct ctl_lba_len_flags *lbalen;
5597	uint64_t lba;
5598	uint32_t num_blocks;
5599	int len, retval;
5600	uint8_t byte2;
5601
5602	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5603
5604	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5605
5606	switch (ctsio->cdb[0]) {
5607	case WRITE_SAME_10: {
5608		struct scsi_write_same_10 *cdb;
5609
5610		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5611
5612		lba = scsi_4btoul(cdb->addr);
5613		num_blocks = scsi_2btoul(cdb->length);
5614		byte2 = cdb->byte2;
5615		break;
5616	}
5617	case WRITE_SAME_16: {
5618		struct scsi_write_same_16 *cdb;
5619
5620		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5621
5622		lba = scsi_8btou64(cdb->addr);
5623		num_blocks = scsi_4btoul(cdb->length);
5624		byte2 = cdb->byte2;
5625		break;
5626	}
5627	default:
5628		/*
5629		 * We got a command we don't support.  This shouldn't
5630		 * happen, commands should be filtered out above us.
5631		 */
5632		ctl_set_invalid_opcode(ctsio);
5633		ctl_done((union ctl_io *)ctsio);
5634
5635		return (CTL_RETVAL_COMPLETE);
5636		break; /* NOTREACHED */
5637	}
5638
5639	/* ANCHOR flag can be used only together with UNMAP */
5640	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5641		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5642		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5643		ctl_done((union ctl_io *)ctsio);
5644		return (CTL_RETVAL_COMPLETE);
5645	}
5646
5647	/*
5648	 * The first check is to make sure we're in bounds, the second
5649	 * check is to catch wrap-around problems.  If the lba + num blocks
5650	 * is less than the lba, then we've wrapped around and the block
5651	 * range is invalid anyway.
5652	 */
5653	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5654	 || ((lba + num_blocks) < lba)) {
5655		ctl_set_lba_out_of_range(ctsio);
5656		ctl_done((union ctl_io *)ctsio);
5657		return (CTL_RETVAL_COMPLETE);
5658	}
5659
5660	/* Zero number of blocks means "to the last logical block" */
5661	if (num_blocks == 0) {
5662		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5663			ctl_set_invalid_field(ctsio,
5664					      /*sks_valid*/ 0,
5665					      /*command*/ 1,
5666					      /*field*/ 0,
5667					      /*bit_valid*/ 0,
5668					      /*bit*/ 0);
5669			ctl_done((union ctl_io *)ctsio);
5670			return (CTL_RETVAL_COMPLETE);
5671		}
5672		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5673	}
5674
5675	len = lun->be_lun->blocksize;
5676
5677	/*
5678	 * If we've got a kernel request that hasn't been malloced yet,
5679	 * malloc it and tell the caller the data buffer is here.
5680	 */
5681	if ((byte2 & SWS_NDOB) == 0 &&
5682	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5683		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5684		ctsio->kern_data_len = len;
5685		ctsio->kern_total_len = len;
5686		ctsio->kern_data_resid = 0;
5687		ctsio->kern_rel_offset = 0;
5688		ctsio->kern_sg_entries = 0;
5689		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5690		ctsio->be_move_done = ctl_config_move_done;
5691		ctl_datamove((union ctl_io *)ctsio);
5692
5693		return (CTL_RETVAL_COMPLETE);
5694	}
5695
5696	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5697	lbalen->lba = lba;
5698	lbalen->len = num_blocks;
5699	lbalen->flags = byte2;
5700	retval = lun->backend->config_write((union ctl_io *)ctsio);
5701
5702	return (retval);
5703}
5704
5705int
5706ctl_unmap(struct ctl_scsiio *ctsio)
5707{
5708	struct ctl_lun *lun;
5709	struct scsi_unmap *cdb;
5710	struct ctl_ptr_len_flags *ptrlen;
5711	struct scsi_unmap_header *hdr;
5712	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5713	uint64_t lba;
5714	uint32_t num_blocks;
5715	int len, retval;
5716	uint8_t byte2;
5717
5718	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5719
5720	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5721	cdb = (struct scsi_unmap *)ctsio->cdb;
5722
5723	len = scsi_2btoul(cdb->length);
5724	byte2 = cdb->byte2;
5725
5726	/*
5727	 * If we've got a kernel request that hasn't been malloced yet,
5728	 * malloc it and tell the caller the data buffer is here.
5729	 */
5730	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5731		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5732		ctsio->kern_data_len = len;
5733		ctsio->kern_total_len = len;
5734		ctsio->kern_data_resid = 0;
5735		ctsio->kern_rel_offset = 0;
5736		ctsio->kern_sg_entries = 0;
5737		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5738		ctsio->be_move_done = ctl_config_move_done;
5739		ctl_datamove((union ctl_io *)ctsio);
5740
5741		return (CTL_RETVAL_COMPLETE);
5742	}
5743
5744	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5745	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5746	if (len < sizeof (*hdr) ||
5747	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5748	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5749	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5750		ctl_set_invalid_field(ctsio,
5751				      /*sks_valid*/ 0,
5752				      /*command*/ 0,
5753				      /*field*/ 0,
5754				      /*bit_valid*/ 0,
5755				      /*bit*/ 0);
5756		goto done;
5757	}
5758	len = scsi_2btoul(hdr->desc_length);
5759	buf = (struct scsi_unmap_desc *)(hdr + 1);
5760	end = buf + len / sizeof(*buf);
5761
5762	endnz = buf;
5763	for (range = buf; range < end; range++) {
5764		lba = scsi_8btou64(range->lba);
5765		num_blocks = scsi_4btoul(range->length);
5766		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5767		 || ((lba + num_blocks) < lba)) {
5768			ctl_set_lba_out_of_range(ctsio);
5769			ctl_done((union ctl_io *)ctsio);
5770			return (CTL_RETVAL_COMPLETE);
5771		}
5772		if (num_blocks != 0)
5773			endnz = range + 1;
5774	}
5775
5776	/*
5777	 * Block backend can not handle zero last range.
5778	 * Filter it out and return if there is nothing left.
5779	 */
5780	len = (uint8_t *)endnz - (uint8_t *)buf;
5781	if (len == 0) {
5782		ctl_set_success(ctsio);
5783		goto done;
5784	}
5785
5786	mtx_lock(&lun->lun_lock);
5787	ptrlen = (struct ctl_ptr_len_flags *)
5788	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5789	ptrlen->ptr = (void *)buf;
5790	ptrlen->len = len;
5791	ptrlen->flags = byte2;
5792	ctl_check_blocked(lun);
5793	mtx_unlock(&lun->lun_lock);
5794
5795	retval = lun->backend->config_write((union ctl_io *)ctsio);
5796	return (retval);
5797
5798done:
5799	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5800		free(ctsio->kern_data_ptr, M_CTL);
5801		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5802	}
5803	ctl_done((union ctl_io *)ctsio);
5804	return (CTL_RETVAL_COMPLETE);
5805}
5806
5807/*
5808 * Note that this function currently doesn't actually do anything inside
5809 * CTL to enforce things if the DQue bit is turned on.
5810 *
5811 * Also note that this function can't be used in the default case, because
5812 * the DQue bit isn't set in the changeable mask for the control mode page
5813 * anyway.  This is just here as an example for how to implement a page
5814 * handler, and a placeholder in case we want to allow the user to turn
5815 * tagged queueing on and off.
5816 *
5817 * The D_SENSE bit handling is functional, however, and will turn
5818 * descriptor sense on and off for a given LUN.
5819 */
5820int
5821ctl_control_page_handler(struct ctl_scsiio *ctsio,
5822			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5823{
5824	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5825	struct ctl_lun *lun;
5826	int set_ua;
5827	uint32_t initidx;
5828
5829	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5830	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5831	set_ua = 0;
5832
5833	user_cp = (struct scsi_control_page *)page_ptr;
5834	current_cp = (struct scsi_control_page *)
5835		(page_index->page_data + (page_index->page_len *
5836		CTL_PAGE_CURRENT));
5837	saved_cp = (struct scsi_control_page *)
5838		(page_index->page_data + (page_index->page_len *
5839		CTL_PAGE_SAVED));
5840
5841	mtx_lock(&lun->lun_lock);
5842	if (((current_cp->rlec & SCP_DSENSE) == 0)
5843	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5844		/*
5845		 * Descriptor sense is currently turned off and the user
5846		 * wants to turn it on.
5847		 */
5848		current_cp->rlec |= SCP_DSENSE;
5849		saved_cp->rlec |= SCP_DSENSE;
5850		lun->flags |= CTL_LUN_SENSE_DESC;
5851		set_ua = 1;
5852	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5853		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5854		/*
5855		 * Descriptor sense is currently turned on, and the user
5856		 * wants to turn it off.
5857		 */
5858		current_cp->rlec &= ~SCP_DSENSE;
5859		saved_cp->rlec &= ~SCP_DSENSE;
5860		lun->flags &= ~CTL_LUN_SENSE_DESC;
5861		set_ua = 1;
5862	}
5863	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5864	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5865		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5866		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5867		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5868		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5869		set_ua = 1;
5870	}
5871	if ((current_cp->eca_and_aen & SCP_SWP) !=
5872	    (user_cp->eca_and_aen & SCP_SWP)) {
5873		current_cp->eca_and_aen &= ~SCP_SWP;
5874		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5875		saved_cp->eca_and_aen &= ~SCP_SWP;
5876		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5877		set_ua = 1;
5878	}
5879	if (set_ua != 0)
5880		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5881	mtx_unlock(&lun->lun_lock);
5882	if (set_ua) {
5883		ctl_isc_announce_mode(lun,
5884		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5885		    page_index->page_code, page_index->subpage);
5886	}
5887	return (0);
5888}
5889
5890int
5891ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5892		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5893{
5894	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5895	struct ctl_lun *lun;
5896	int set_ua;
5897	uint32_t initidx;
5898
5899	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5900	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5901	set_ua = 0;
5902
5903	user_cp = (struct scsi_caching_page *)page_ptr;
5904	current_cp = (struct scsi_caching_page *)
5905		(page_index->page_data + (page_index->page_len *
5906		CTL_PAGE_CURRENT));
5907	saved_cp = (struct scsi_caching_page *)
5908		(page_index->page_data + (page_index->page_len *
5909		CTL_PAGE_SAVED));
5910
5911	mtx_lock(&lun->lun_lock);
5912	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5913	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5914		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5915		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5916		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5917		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5918		set_ua = 1;
5919	}
5920	if (set_ua != 0)
5921		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5922	mtx_unlock(&lun->lun_lock);
5923	if (set_ua) {
5924		ctl_isc_announce_mode(lun,
5925		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5926		    page_index->page_code, page_index->subpage);
5927	}
5928	return (0);
5929}
5930
5931int
5932ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5933				struct ctl_page_index *page_index,
5934				uint8_t *page_ptr)
5935{
5936	uint8_t *c;
5937	int i;
5938
5939	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5940	ctl_time_io_secs =
5941		(c[0] << 8) |
5942		(c[1] << 0) |
5943		0;
5944	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5945	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5946	printf("page data:");
5947	for (i=0; i<8; i++)
5948		printf(" %.2x",page_ptr[i]);
5949	printf("\n");
5950	return (0);
5951}
5952
5953int
5954ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5955			       struct ctl_page_index *page_index,
5956			       int pc)
5957{
5958	struct copan_debugconf_subpage *page;
5959
5960	page = (struct copan_debugconf_subpage *)page_index->page_data +
5961		(page_index->page_len * pc);
5962
5963	switch (pc) {
5964	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5965	case SMS_PAGE_CTRL_DEFAULT >> 6:
5966	case SMS_PAGE_CTRL_SAVED >> 6:
5967		/*
5968		 * We don't update the changable or default bits for this page.
5969		 */
5970		break;
5971	case SMS_PAGE_CTRL_CURRENT >> 6:
5972		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5973		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5974		break;
5975	default:
5976		break;
5977	}
5978	return (0);
5979}
5980
5981
5982static int
5983ctl_do_mode_select(union ctl_io *io)
5984{
5985	struct scsi_mode_page_header *page_header;
5986	struct ctl_page_index *page_index;
5987	struct ctl_scsiio *ctsio;
5988	int page_len, page_len_offset, page_len_size;
5989	union ctl_modepage_info *modepage_info;
5990	struct ctl_lun *lun;
5991	int *len_left, *len_used;
5992	int retval, i;
5993
5994	ctsio = &io->scsiio;
5995	page_index = NULL;
5996	page_len = 0;
5997	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5998
5999	modepage_info = (union ctl_modepage_info *)
6000		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6001	len_left = &modepage_info->header.len_left;
6002	len_used = &modepage_info->header.len_used;
6003
6004do_next_page:
6005
6006	page_header = (struct scsi_mode_page_header *)
6007		(ctsio->kern_data_ptr + *len_used);
6008
6009	if (*len_left == 0) {
6010		free(ctsio->kern_data_ptr, M_CTL);
6011		ctl_set_success(ctsio);
6012		ctl_done((union ctl_io *)ctsio);
6013		return (CTL_RETVAL_COMPLETE);
6014	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6015
6016		free(ctsio->kern_data_ptr, M_CTL);
6017		ctl_set_param_len_error(ctsio);
6018		ctl_done((union ctl_io *)ctsio);
6019		return (CTL_RETVAL_COMPLETE);
6020
6021	} else if ((page_header->page_code & SMPH_SPF)
6022		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6023
6024		free(ctsio->kern_data_ptr, M_CTL);
6025		ctl_set_param_len_error(ctsio);
6026		ctl_done((union ctl_io *)ctsio);
6027		return (CTL_RETVAL_COMPLETE);
6028	}
6029
6030
6031	/*
6032	 * XXX KDM should we do something with the block descriptor?
6033	 */
6034	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6035		page_index = &lun->mode_pages.index[i];
6036		if (lun->be_lun->lun_type == T_DIRECT &&
6037		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6038			continue;
6039		if (lun->be_lun->lun_type == T_PROCESSOR &&
6040		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6041			continue;
6042		if (lun->be_lun->lun_type == T_CDROM &&
6043		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6044			continue;
6045
6046		if ((page_index->page_code & SMPH_PC_MASK) !=
6047		    (page_header->page_code & SMPH_PC_MASK))
6048			continue;
6049
6050		/*
6051		 * If neither page has a subpage code, then we've got a
6052		 * match.
6053		 */
6054		if (((page_index->page_code & SMPH_SPF) == 0)
6055		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6056			page_len = page_header->page_length;
6057			break;
6058		}
6059
6060		/*
6061		 * If both pages have subpages, then the subpage numbers
6062		 * have to match.
6063		 */
6064		if ((page_index->page_code & SMPH_SPF)
6065		  && (page_header->page_code & SMPH_SPF)) {
6066			struct scsi_mode_page_header_sp *sph;
6067
6068			sph = (struct scsi_mode_page_header_sp *)page_header;
6069			if (page_index->subpage == sph->subpage) {
6070				page_len = scsi_2btoul(sph->page_length);
6071				break;
6072			}
6073		}
6074	}
6075
6076	/*
6077	 * If we couldn't find the page, or if we don't have a mode select
6078	 * handler for it, send back an error to the user.
6079	 */
6080	if ((i >= CTL_NUM_MODE_PAGES)
6081	 || (page_index->select_handler == NULL)) {
6082		ctl_set_invalid_field(ctsio,
6083				      /*sks_valid*/ 1,
6084				      /*command*/ 0,
6085				      /*field*/ *len_used,
6086				      /*bit_valid*/ 0,
6087				      /*bit*/ 0);
6088		free(ctsio->kern_data_ptr, M_CTL);
6089		ctl_done((union ctl_io *)ctsio);
6090		return (CTL_RETVAL_COMPLETE);
6091	}
6092
6093	if (page_index->page_code & SMPH_SPF) {
6094		page_len_offset = 2;
6095		page_len_size = 2;
6096	} else {
6097		page_len_size = 1;
6098		page_len_offset = 1;
6099	}
6100
6101	/*
6102	 * If the length the initiator gives us isn't the one we specify in
6103	 * the mode page header, or if they didn't specify enough data in
6104	 * the CDB to avoid truncating this page, kick out the request.
6105	 */
6106	if ((page_len != (page_index->page_len - page_len_offset -
6107			  page_len_size))
6108	 || (*len_left < page_index->page_len)) {
6109
6110
6111		ctl_set_invalid_field(ctsio,
6112				      /*sks_valid*/ 1,
6113				      /*command*/ 0,
6114				      /*field*/ *len_used + page_len_offset,
6115				      /*bit_valid*/ 0,
6116				      /*bit*/ 0);
6117		free(ctsio->kern_data_ptr, M_CTL);
6118		ctl_done((union ctl_io *)ctsio);
6119		return (CTL_RETVAL_COMPLETE);
6120	}
6121
6122	/*
6123	 * Run through the mode page, checking to make sure that the bits
6124	 * the user changed are actually legal for him to change.
6125	 */
6126	for (i = 0; i < page_index->page_len; i++) {
6127		uint8_t *user_byte, *change_mask, *current_byte;
6128		int bad_bit;
6129		int j;
6130
6131		user_byte = (uint8_t *)page_header + i;
6132		change_mask = page_index->page_data +
6133			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6134		current_byte = page_index->page_data +
6135			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6136
6137		/*
6138		 * Check to see whether the user set any bits in this byte
6139		 * that he is not allowed to set.
6140		 */
6141		if ((*user_byte & ~(*change_mask)) ==
6142		    (*current_byte & ~(*change_mask)))
6143			continue;
6144
6145		/*
6146		 * Go through bit by bit to determine which one is illegal.
6147		 */
6148		bad_bit = 0;
6149		for (j = 7; j >= 0; j--) {
6150			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6151			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6152				bad_bit = i;
6153				break;
6154			}
6155		}
6156		ctl_set_invalid_field(ctsio,
6157				      /*sks_valid*/ 1,
6158				      /*command*/ 0,
6159				      /*field*/ *len_used + i,
6160				      /*bit_valid*/ 1,
6161				      /*bit*/ bad_bit);
6162		free(ctsio->kern_data_ptr, M_CTL);
6163		ctl_done((union ctl_io *)ctsio);
6164		return (CTL_RETVAL_COMPLETE);
6165	}
6166
6167	/*
6168	 * Decrement these before we call the page handler, since we may
6169	 * end up getting called back one way or another before the handler
6170	 * returns to this context.
6171	 */
6172	*len_left -= page_index->page_len;
6173	*len_used += page_index->page_len;
6174
6175	retval = page_index->select_handler(ctsio, page_index,
6176					    (uint8_t *)page_header);
6177
6178	/*
6179	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6180	 * wait until this queued command completes to finish processing
6181	 * the mode page.  If it returns anything other than
6182	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6183	 * already set the sense information, freed the data pointer, and
6184	 * completed the io for us.
6185	 */
6186	if (retval != CTL_RETVAL_COMPLETE)
6187		goto bailout_no_done;
6188
6189	/*
6190	 * If the initiator sent us more than one page, parse the next one.
6191	 */
6192	if (*len_left > 0)
6193		goto do_next_page;
6194
6195	ctl_set_success(ctsio);
6196	free(ctsio->kern_data_ptr, M_CTL);
6197	ctl_done((union ctl_io *)ctsio);
6198
6199bailout_no_done:
6200
6201	return (CTL_RETVAL_COMPLETE);
6202
6203}
6204
6205int
6206ctl_mode_select(struct ctl_scsiio *ctsio)
6207{
6208	int param_len, pf, sp;
6209	int header_size, bd_len;
6210	union ctl_modepage_info *modepage_info;
6211
6212	switch (ctsio->cdb[0]) {
6213	case MODE_SELECT_6: {
6214		struct scsi_mode_select_6 *cdb;
6215
6216		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6217
6218		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6219		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6220		param_len = cdb->length;
6221		header_size = sizeof(struct scsi_mode_header_6);
6222		break;
6223	}
6224	case MODE_SELECT_10: {
6225		struct scsi_mode_select_10 *cdb;
6226
6227		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6228
6229		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6230		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6231		param_len = scsi_2btoul(cdb->length);
6232		header_size = sizeof(struct scsi_mode_header_10);
6233		break;
6234	}
6235	default:
6236		ctl_set_invalid_opcode(ctsio);
6237		ctl_done((union ctl_io *)ctsio);
6238		return (CTL_RETVAL_COMPLETE);
6239	}
6240
6241	/*
6242	 * From SPC-3:
6243	 * "A parameter list length of zero indicates that the Data-Out Buffer
6244	 * shall be empty. This condition shall not be considered as an error."
6245	 */
6246	if (param_len == 0) {
6247		ctl_set_success(ctsio);
6248		ctl_done((union ctl_io *)ctsio);
6249		return (CTL_RETVAL_COMPLETE);
6250	}
6251
6252	/*
6253	 * Since we'll hit this the first time through, prior to
6254	 * allocation, we don't need to free a data buffer here.
6255	 */
6256	if (param_len < header_size) {
6257		ctl_set_param_len_error(ctsio);
6258		ctl_done((union ctl_io *)ctsio);
6259		return (CTL_RETVAL_COMPLETE);
6260	}
6261
6262	/*
6263	 * Allocate the data buffer and grab the user's data.  In theory,
6264	 * we shouldn't have to sanity check the parameter list length here
6265	 * because the maximum size is 64K.  We should be able to malloc
6266	 * that much without too many problems.
6267	 */
6268	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6269		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6270		ctsio->kern_data_len = param_len;
6271		ctsio->kern_total_len = param_len;
6272		ctsio->kern_data_resid = 0;
6273		ctsio->kern_rel_offset = 0;
6274		ctsio->kern_sg_entries = 0;
6275		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6276		ctsio->be_move_done = ctl_config_move_done;
6277		ctl_datamove((union ctl_io *)ctsio);
6278
6279		return (CTL_RETVAL_COMPLETE);
6280	}
6281
6282	switch (ctsio->cdb[0]) {
6283	case MODE_SELECT_6: {
6284		struct scsi_mode_header_6 *mh6;
6285
6286		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6287		bd_len = mh6->blk_desc_len;
6288		break;
6289	}
6290	case MODE_SELECT_10: {
6291		struct scsi_mode_header_10 *mh10;
6292
6293		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6294		bd_len = scsi_2btoul(mh10->blk_desc_len);
6295		break;
6296	}
6297	default:
6298		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6299	}
6300
6301	if (param_len < (header_size + bd_len)) {
6302		free(ctsio->kern_data_ptr, M_CTL);
6303		ctl_set_param_len_error(ctsio);
6304		ctl_done((union ctl_io *)ctsio);
6305		return (CTL_RETVAL_COMPLETE);
6306	}
6307
6308	/*
6309	 * Set the IO_CONT flag, so that if this I/O gets passed to
6310	 * ctl_config_write_done(), it'll get passed back to
6311	 * ctl_do_mode_select() for further processing, or completion if
6312	 * we're all done.
6313	 */
6314	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6315	ctsio->io_cont = ctl_do_mode_select;
6316
6317	modepage_info = (union ctl_modepage_info *)
6318		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6319	memset(modepage_info, 0, sizeof(*modepage_info));
6320	modepage_info->header.len_left = param_len - header_size - bd_len;
6321	modepage_info->header.len_used = header_size + bd_len;
6322
6323	return (ctl_do_mode_select((union ctl_io *)ctsio));
6324}
6325
6326int
6327ctl_mode_sense(struct ctl_scsiio *ctsio)
6328{
6329	struct ctl_lun *lun;
6330	int pc, page_code, dbd, llba, subpage;
6331	int alloc_len, page_len, header_len, total_len;
6332	struct scsi_mode_block_descr *block_desc;
6333	struct ctl_page_index *page_index;
6334
6335	dbd = 0;
6336	llba = 0;
6337	block_desc = NULL;
6338
6339	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6340
6341	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6342	switch (ctsio->cdb[0]) {
6343	case MODE_SENSE_6: {
6344		struct scsi_mode_sense_6 *cdb;
6345
6346		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6347
6348		header_len = sizeof(struct scsi_mode_hdr_6);
6349		if (cdb->byte2 & SMS_DBD)
6350			dbd = 1;
6351		else
6352			header_len += sizeof(struct scsi_mode_block_descr);
6353
6354		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6355		page_code = cdb->page & SMS_PAGE_CODE;
6356		subpage = cdb->subpage;
6357		alloc_len = cdb->length;
6358		break;
6359	}
6360	case MODE_SENSE_10: {
6361		struct scsi_mode_sense_10 *cdb;
6362
6363		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6364
6365		header_len = sizeof(struct scsi_mode_hdr_10);
6366
6367		if (cdb->byte2 & SMS_DBD)
6368			dbd = 1;
6369		else
6370			header_len += sizeof(struct scsi_mode_block_descr);
6371		if (cdb->byte2 & SMS10_LLBAA)
6372			llba = 1;
6373		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6374		page_code = cdb->page & SMS_PAGE_CODE;
6375		subpage = cdb->subpage;
6376		alloc_len = scsi_2btoul(cdb->length);
6377		break;
6378	}
6379	default:
6380		ctl_set_invalid_opcode(ctsio);
6381		ctl_done((union ctl_io *)ctsio);
6382		return (CTL_RETVAL_COMPLETE);
6383		break; /* NOTREACHED */
6384	}
6385
6386	/*
6387	 * We have to make a first pass through to calculate the size of
6388	 * the pages that match the user's query.  Then we allocate enough
6389	 * memory to hold it, and actually copy the data into the buffer.
6390	 */
6391	switch (page_code) {
6392	case SMS_ALL_PAGES_PAGE: {
6393		int i;
6394
6395		page_len = 0;
6396
6397		/*
6398		 * At the moment, values other than 0 and 0xff here are
6399		 * reserved according to SPC-3.
6400		 */
6401		if ((subpage != SMS_SUBPAGE_PAGE_0)
6402		 && (subpage != SMS_SUBPAGE_ALL)) {
6403			ctl_set_invalid_field(ctsio,
6404					      /*sks_valid*/ 1,
6405					      /*command*/ 1,
6406					      /*field*/ 3,
6407					      /*bit_valid*/ 0,
6408					      /*bit*/ 0);
6409			ctl_done((union ctl_io *)ctsio);
6410			return (CTL_RETVAL_COMPLETE);
6411		}
6412
6413		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6414			page_index = &lun->mode_pages.index[i];
6415
6416			/* Make sure the page is supported for this dev type */
6417			if (lun->be_lun->lun_type == T_DIRECT &&
6418			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6419				continue;
6420			if (lun->be_lun->lun_type == T_PROCESSOR &&
6421			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6422				continue;
6423			if (lun->be_lun->lun_type == T_CDROM &&
6424			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6425				continue;
6426
6427			/*
6428			 * We don't use this subpage if the user didn't
6429			 * request all subpages.
6430			 */
6431			if ((page_index->subpage != 0)
6432			 && (subpage == SMS_SUBPAGE_PAGE_0))
6433				continue;
6434
6435#if 0
6436			printf("found page %#x len %d\n",
6437			       page_index->page_code & SMPH_PC_MASK,
6438			       page_index->page_len);
6439#endif
6440			page_len += page_index->page_len;
6441		}
6442		break;
6443	}
6444	default: {
6445		int i;
6446
6447		page_len = 0;
6448
6449		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6450			page_index = &lun->mode_pages.index[i];
6451
6452			/* Make sure the page is supported for this dev type */
6453			if (lun->be_lun->lun_type == T_DIRECT &&
6454			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6455				continue;
6456			if (lun->be_lun->lun_type == T_PROCESSOR &&
6457			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6458				continue;
6459			if (lun->be_lun->lun_type == T_CDROM &&
6460			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6461				continue;
6462
6463			/* Look for the right page code */
6464			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6465				continue;
6466
6467			/* Look for the right subpage or the subpage wildcard*/
6468			if ((page_index->subpage != subpage)
6469			 && (subpage != SMS_SUBPAGE_ALL))
6470				continue;
6471
6472#if 0
6473			printf("found page %#x len %d\n",
6474			       page_index->page_code & SMPH_PC_MASK,
6475			       page_index->page_len);
6476#endif
6477
6478			page_len += page_index->page_len;
6479		}
6480
6481		if (page_len == 0) {
6482			ctl_set_invalid_field(ctsio,
6483					      /*sks_valid*/ 1,
6484					      /*command*/ 1,
6485					      /*field*/ 2,
6486					      /*bit_valid*/ 1,
6487					      /*bit*/ 5);
6488			ctl_done((union ctl_io *)ctsio);
6489			return (CTL_RETVAL_COMPLETE);
6490		}
6491		break;
6492	}
6493	}
6494
6495	total_len = header_len + page_len;
6496#if 0
6497	printf("header_len = %d, page_len = %d, total_len = %d\n",
6498	       header_len, page_len, total_len);
6499#endif
6500
6501	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6502	ctsio->kern_sg_entries = 0;
6503	ctsio->kern_data_resid = 0;
6504	ctsio->kern_rel_offset = 0;
6505	if (total_len < alloc_len) {
6506		ctsio->residual = alloc_len - total_len;
6507		ctsio->kern_data_len = total_len;
6508		ctsio->kern_total_len = total_len;
6509	} else {
6510		ctsio->residual = 0;
6511		ctsio->kern_data_len = alloc_len;
6512		ctsio->kern_total_len = alloc_len;
6513	}
6514
6515	switch (ctsio->cdb[0]) {
6516	case MODE_SENSE_6: {
6517		struct scsi_mode_hdr_6 *header;
6518
6519		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6520
6521		header->datalen = MIN(total_len - 1, 254);
6522		if (lun->be_lun->lun_type == T_DIRECT) {
6523			header->dev_specific = 0x10; /* DPOFUA */
6524			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6525			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6526			    .eca_and_aen & SCP_SWP) != 0)
6527				    header->dev_specific |= 0x80; /* WP */
6528		}
6529		if (dbd)
6530			header->block_descr_len = 0;
6531		else
6532			header->block_descr_len =
6533				sizeof(struct scsi_mode_block_descr);
6534		block_desc = (struct scsi_mode_block_descr *)&header[1];
6535		break;
6536	}
6537	case MODE_SENSE_10: {
6538		struct scsi_mode_hdr_10 *header;
6539		int datalen;
6540
6541		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6542
6543		datalen = MIN(total_len - 2, 65533);
6544		scsi_ulto2b(datalen, header->datalen);
6545		if (lun->be_lun->lun_type == T_DIRECT) {
6546			header->dev_specific = 0x10; /* DPOFUA */
6547			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6548			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6549			    .eca_and_aen & SCP_SWP) != 0)
6550				    header->dev_specific |= 0x80; /* WP */
6551		}
6552		if (dbd)
6553			scsi_ulto2b(0, header->block_descr_len);
6554		else
6555			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6556				    header->block_descr_len);
6557		block_desc = (struct scsi_mode_block_descr *)&header[1];
6558		break;
6559	}
6560	default:
6561		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6562	}
6563
6564	/*
6565	 * If we've got a disk, use its blocksize in the block
6566	 * descriptor.  Otherwise, just set it to 0.
6567	 */
6568	if (dbd == 0) {
6569		if (lun->be_lun->lun_type == T_DIRECT)
6570			scsi_ulto3b(lun->be_lun->blocksize,
6571				    block_desc->block_len);
6572		else
6573			scsi_ulto3b(0, block_desc->block_len);
6574	}
6575
6576	switch (page_code) {
6577	case SMS_ALL_PAGES_PAGE: {
6578		int i, data_used;
6579
6580		data_used = header_len;
6581		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6582			struct ctl_page_index *page_index;
6583
6584			page_index = &lun->mode_pages.index[i];
6585			if (lun->be_lun->lun_type == T_DIRECT &&
6586			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6587				continue;
6588			if (lun->be_lun->lun_type == T_PROCESSOR &&
6589			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6590				continue;
6591			if (lun->be_lun->lun_type == T_CDROM &&
6592			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6593				continue;
6594
6595			/*
6596			 * We don't use this subpage if the user didn't
6597			 * request all subpages.  We already checked (above)
6598			 * to make sure the user only specified a subpage
6599			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6600			 */
6601			if ((page_index->subpage != 0)
6602			 && (subpage == SMS_SUBPAGE_PAGE_0))
6603				continue;
6604
6605			/*
6606			 * Call the handler, if it exists, to update the
6607			 * page to the latest values.
6608			 */
6609			if (page_index->sense_handler != NULL)
6610				page_index->sense_handler(ctsio, page_index,pc);
6611
6612			memcpy(ctsio->kern_data_ptr + data_used,
6613			       page_index->page_data +
6614			       (page_index->page_len * pc),
6615			       page_index->page_len);
6616			data_used += page_index->page_len;
6617		}
6618		break;
6619	}
6620	default: {
6621		int i, data_used;
6622
6623		data_used = header_len;
6624
6625		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6626			struct ctl_page_index *page_index;
6627
6628			page_index = &lun->mode_pages.index[i];
6629
6630			/* Look for the right page code */
6631			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6632				continue;
6633
6634			/* Look for the right subpage or the subpage wildcard*/
6635			if ((page_index->subpage != subpage)
6636			 && (subpage != SMS_SUBPAGE_ALL))
6637				continue;
6638
6639			/* Make sure the page is supported for this dev type */
6640			if (lun->be_lun->lun_type == T_DIRECT &&
6641			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6642				continue;
6643			if (lun->be_lun->lun_type == T_PROCESSOR &&
6644			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6645				continue;
6646			if (lun->be_lun->lun_type == T_CDROM &&
6647			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6648				continue;
6649
6650			/*
6651			 * Call the handler, if it exists, to update the
6652			 * page to the latest values.
6653			 */
6654			if (page_index->sense_handler != NULL)
6655				page_index->sense_handler(ctsio, page_index,pc);
6656
6657			memcpy(ctsio->kern_data_ptr + data_used,
6658			       page_index->page_data +
6659			       (page_index->page_len * pc),
6660			       page_index->page_len);
6661			data_used += page_index->page_len;
6662		}
6663		break;
6664	}
6665	}
6666
6667	ctl_set_success(ctsio);
6668	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6669	ctsio->be_move_done = ctl_config_move_done;
6670	ctl_datamove((union ctl_io *)ctsio);
6671	return (CTL_RETVAL_COMPLETE);
6672}
6673
6674int
6675ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6676			       struct ctl_page_index *page_index,
6677			       int pc)
6678{
6679	struct ctl_lun *lun;
6680	struct scsi_log_param_header *phdr;
6681	uint8_t *data;
6682	uint64_t val;
6683
6684	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6685	data = page_index->page_data;
6686
6687	if (lun->backend->lun_attr != NULL &&
6688	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6689	     != UINT64_MAX) {
6690		phdr = (struct scsi_log_param_header *)data;
6691		scsi_ulto2b(0x0001, phdr->param_code);
6692		phdr->param_control = SLP_LBIN | SLP_LP;
6693		phdr->param_len = 8;
6694		data = (uint8_t *)(phdr + 1);
6695		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6696		data[4] = 0x02; /* per-pool */
6697		data += phdr->param_len;
6698	}
6699
6700	if (lun->backend->lun_attr != NULL &&
6701	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6702	     != UINT64_MAX) {
6703		phdr = (struct scsi_log_param_header *)data;
6704		scsi_ulto2b(0x0002, phdr->param_code);
6705		phdr->param_control = SLP_LBIN | SLP_LP;
6706		phdr->param_len = 8;
6707		data = (uint8_t *)(phdr + 1);
6708		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6709		data[4] = 0x01; /* per-LUN */
6710		data += phdr->param_len;
6711	}
6712
6713	if (lun->backend->lun_attr != NULL &&
6714	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6715	     != UINT64_MAX) {
6716		phdr = (struct scsi_log_param_header *)data;
6717		scsi_ulto2b(0x00f1, phdr->param_code);
6718		phdr->param_control = SLP_LBIN | SLP_LP;
6719		phdr->param_len = 8;
6720		data = (uint8_t *)(phdr + 1);
6721		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6722		data[4] = 0x02; /* per-pool */
6723		data += phdr->param_len;
6724	}
6725
6726	if (lun->backend->lun_attr != NULL &&
6727	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6728	     != UINT64_MAX) {
6729		phdr = (struct scsi_log_param_header *)data;
6730		scsi_ulto2b(0x00f2, phdr->param_code);
6731		phdr->param_control = SLP_LBIN | SLP_LP;
6732		phdr->param_len = 8;
6733		data = (uint8_t *)(phdr + 1);
6734		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6735		data[4] = 0x02; /* per-pool */
6736		data += phdr->param_len;
6737	}
6738
6739	page_index->page_len = data - page_index->page_data;
6740	return (0);
6741}
6742
6743int
6744ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6745			       struct ctl_page_index *page_index,
6746			       int pc)
6747{
6748	struct ctl_lun *lun;
6749	struct stat_page *data;
6750	uint64_t rn, wn, rb, wb;
6751	struct bintime rt, wt;
6752	int i;
6753
6754	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6755	data = (struct stat_page *)page_index->page_data;
6756
6757	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6758	data->sap.hdr.param_control = SLP_LBIN;
6759	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6760	    sizeof(struct scsi_log_param_header);
6761	rn = wn = rb = wb = 0;
6762	bintime_clear(&rt);
6763	bintime_clear(&wt);
6764	for (i = 0; i < CTL_MAX_PORTS; i++) {
6765		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6766		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6767		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6768		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6769		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6770		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6771	}
6772	scsi_u64to8b(rn, data->sap.read_num);
6773	scsi_u64to8b(wn, data->sap.write_num);
6774	if (lun->stats.blocksize > 0) {
6775		scsi_u64to8b(wb / lun->stats.blocksize,
6776		    data->sap.recvieved_lba);
6777		scsi_u64to8b(rb / lun->stats.blocksize,
6778		    data->sap.transmitted_lba);
6779	}
6780	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6781	    data->sap.read_int);
6782	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6783	    data->sap.write_int);
6784	scsi_u64to8b(0, data->sap.weighted_num);
6785	scsi_u64to8b(0, data->sap.weighted_int);
6786	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6787	data->it.hdr.param_control = SLP_LBIN;
6788	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6789	    sizeof(struct scsi_log_param_header);
6790#ifdef CTL_TIME_IO
6791	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6792#endif
6793	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6794	data->it.hdr.param_control = SLP_LBIN;
6795	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6796	    sizeof(struct scsi_log_param_header);
6797	scsi_ulto4b(3, data->ti.exponent);
6798	scsi_ulto4b(1, data->ti.integer);
6799
6800	page_index->page_len = sizeof(*data);
6801	return (0);
6802}
6803
6804int
6805ctl_log_sense(struct ctl_scsiio *ctsio)
6806{
6807	struct ctl_lun *lun;
6808	int i, pc, page_code, subpage;
6809	int alloc_len, total_len;
6810	struct ctl_page_index *page_index;
6811	struct scsi_log_sense *cdb;
6812	struct scsi_log_header *header;
6813
6814	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6815
6816	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6817	cdb = (struct scsi_log_sense *)ctsio->cdb;
6818	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6819	page_code = cdb->page & SLS_PAGE_CODE;
6820	subpage = cdb->subpage;
6821	alloc_len = scsi_2btoul(cdb->length);
6822
6823	page_index = NULL;
6824	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6825		page_index = &lun->log_pages.index[i];
6826
6827		/* Look for the right page code */
6828		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6829			continue;
6830
6831		/* Look for the right subpage or the subpage wildcard*/
6832		if (page_index->subpage != subpage)
6833			continue;
6834
6835		break;
6836	}
6837	if (i >= CTL_NUM_LOG_PAGES) {
6838		ctl_set_invalid_field(ctsio,
6839				      /*sks_valid*/ 1,
6840				      /*command*/ 1,
6841				      /*field*/ 2,
6842				      /*bit_valid*/ 0,
6843				      /*bit*/ 0);
6844		ctl_done((union ctl_io *)ctsio);
6845		return (CTL_RETVAL_COMPLETE);
6846	}
6847
6848	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6849
6850	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6851	ctsio->kern_sg_entries = 0;
6852	ctsio->kern_data_resid = 0;
6853	ctsio->kern_rel_offset = 0;
6854	if (total_len < alloc_len) {
6855		ctsio->residual = alloc_len - total_len;
6856		ctsio->kern_data_len = total_len;
6857		ctsio->kern_total_len = total_len;
6858	} else {
6859		ctsio->residual = 0;
6860		ctsio->kern_data_len = alloc_len;
6861		ctsio->kern_total_len = alloc_len;
6862	}
6863
6864	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6865	header->page = page_index->page_code;
6866	if (page_index->subpage) {
6867		header->page |= SL_SPF;
6868		header->subpage = page_index->subpage;
6869	}
6870	scsi_ulto2b(page_index->page_len, header->datalen);
6871
6872	/*
6873	 * Call the handler, if it exists, to update the
6874	 * page to the latest values.
6875	 */
6876	if (page_index->sense_handler != NULL)
6877		page_index->sense_handler(ctsio, page_index, pc);
6878
6879	memcpy(header + 1, page_index->page_data, page_index->page_len);
6880
6881	ctl_set_success(ctsio);
6882	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6883	ctsio->be_move_done = ctl_config_move_done;
6884	ctl_datamove((union ctl_io *)ctsio);
6885	return (CTL_RETVAL_COMPLETE);
6886}
6887
6888int
6889ctl_read_capacity(struct ctl_scsiio *ctsio)
6890{
6891	struct scsi_read_capacity *cdb;
6892	struct scsi_read_capacity_data *data;
6893	struct ctl_lun *lun;
6894	uint32_t lba;
6895
6896	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6897
6898	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6899
6900	lba = scsi_4btoul(cdb->addr);
6901	if (((cdb->pmi & SRC_PMI) == 0)
6902	 && (lba != 0)) {
6903		ctl_set_invalid_field(/*ctsio*/ ctsio,
6904				      /*sks_valid*/ 1,
6905				      /*command*/ 1,
6906				      /*field*/ 2,
6907				      /*bit_valid*/ 0,
6908				      /*bit*/ 0);
6909		ctl_done((union ctl_io *)ctsio);
6910		return (CTL_RETVAL_COMPLETE);
6911	}
6912
6913	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6914
6915	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6916	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6917	ctsio->residual = 0;
6918	ctsio->kern_data_len = sizeof(*data);
6919	ctsio->kern_total_len = sizeof(*data);
6920	ctsio->kern_data_resid = 0;
6921	ctsio->kern_rel_offset = 0;
6922	ctsio->kern_sg_entries = 0;
6923
6924	/*
6925	 * If the maximum LBA is greater than 0xfffffffe, the user must
6926	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6927	 * serivce action set.
6928	 */
6929	if (lun->be_lun->maxlba > 0xfffffffe)
6930		scsi_ulto4b(0xffffffff, data->addr);
6931	else
6932		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6933
6934	/*
6935	 * XXX KDM this may not be 512 bytes...
6936	 */
6937	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6938
6939	ctl_set_success(ctsio);
6940	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6941	ctsio->be_move_done = ctl_config_move_done;
6942	ctl_datamove((union ctl_io *)ctsio);
6943	return (CTL_RETVAL_COMPLETE);
6944}
6945
6946int
6947ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6948{
6949	struct scsi_read_capacity_16 *cdb;
6950	struct scsi_read_capacity_data_long *data;
6951	struct ctl_lun *lun;
6952	uint64_t lba;
6953	uint32_t alloc_len;
6954
6955	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6956
6957	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6958
6959	alloc_len = scsi_4btoul(cdb->alloc_len);
6960	lba = scsi_8btou64(cdb->addr);
6961
6962	if ((cdb->reladr & SRC16_PMI)
6963	 && (lba != 0)) {
6964		ctl_set_invalid_field(/*ctsio*/ ctsio,
6965				      /*sks_valid*/ 1,
6966				      /*command*/ 1,
6967				      /*field*/ 2,
6968				      /*bit_valid*/ 0,
6969				      /*bit*/ 0);
6970		ctl_done((union ctl_io *)ctsio);
6971		return (CTL_RETVAL_COMPLETE);
6972	}
6973
6974	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6975
6976	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6977	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6978
6979	if (sizeof(*data) < alloc_len) {
6980		ctsio->residual = alloc_len - sizeof(*data);
6981		ctsio->kern_data_len = sizeof(*data);
6982		ctsio->kern_total_len = sizeof(*data);
6983	} else {
6984		ctsio->residual = 0;
6985		ctsio->kern_data_len = alloc_len;
6986		ctsio->kern_total_len = alloc_len;
6987	}
6988	ctsio->kern_data_resid = 0;
6989	ctsio->kern_rel_offset = 0;
6990	ctsio->kern_sg_entries = 0;
6991
6992	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6993	/* XXX KDM this may not be 512 bytes... */
6994	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6995	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6996	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6997	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6998		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6999
7000	ctl_set_success(ctsio);
7001	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7002	ctsio->be_move_done = ctl_config_move_done;
7003	ctl_datamove((union ctl_io *)ctsio);
7004	return (CTL_RETVAL_COMPLETE);
7005}
7006
7007int
7008ctl_get_lba_status(struct ctl_scsiio *ctsio)
7009{
7010	struct scsi_get_lba_status *cdb;
7011	struct scsi_get_lba_status_data *data;
7012	struct ctl_lun *lun;
7013	struct ctl_lba_len_flags *lbalen;
7014	uint64_t lba;
7015	uint32_t alloc_len, total_len;
7016	int retval;
7017
7018	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7019
7020	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7021	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7022	lba = scsi_8btou64(cdb->addr);
7023	alloc_len = scsi_4btoul(cdb->alloc_len);
7024
7025	if (lba > lun->be_lun->maxlba) {
7026		ctl_set_lba_out_of_range(ctsio);
7027		ctl_done((union ctl_io *)ctsio);
7028		return (CTL_RETVAL_COMPLETE);
7029	}
7030
7031	total_len = sizeof(*data) + sizeof(data->descr[0]);
7032	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7033	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7034
7035	if (total_len < alloc_len) {
7036		ctsio->residual = alloc_len - total_len;
7037		ctsio->kern_data_len = total_len;
7038		ctsio->kern_total_len = total_len;
7039	} else {
7040		ctsio->residual = 0;
7041		ctsio->kern_data_len = alloc_len;
7042		ctsio->kern_total_len = alloc_len;
7043	}
7044	ctsio->kern_data_resid = 0;
7045	ctsio->kern_rel_offset = 0;
7046	ctsio->kern_sg_entries = 0;
7047
7048	/* Fill dummy data in case backend can't tell anything. */
7049	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7050	scsi_u64to8b(lba, data->descr[0].addr);
7051	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7052	    data->descr[0].length);
7053	data->descr[0].status = 0; /* Mapped or unknown. */
7054
7055	ctl_set_success(ctsio);
7056	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7057	ctsio->be_move_done = ctl_config_move_done;
7058
7059	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7060	lbalen->lba = lba;
7061	lbalen->len = total_len;
7062	lbalen->flags = 0;
7063	retval = lun->backend->config_read((union ctl_io *)ctsio);
7064	return (CTL_RETVAL_COMPLETE);
7065}
7066
7067int
7068ctl_read_defect(struct ctl_scsiio *ctsio)
7069{
7070	struct scsi_read_defect_data_10 *ccb10;
7071	struct scsi_read_defect_data_12 *ccb12;
7072	struct scsi_read_defect_data_hdr_10 *data10;
7073	struct scsi_read_defect_data_hdr_12 *data12;
7074	uint32_t alloc_len, data_len;
7075	uint8_t format;
7076
7077	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7078
7079	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7080		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7081		format = ccb10->format;
7082		alloc_len = scsi_2btoul(ccb10->alloc_length);
7083		data_len = sizeof(*data10);
7084	} else {
7085		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7086		format = ccb12->format;
7087		alloc_len = scsi_4btoul(ccb12->alloc_length);
7088		data_len = sizeof(*data12);
7089	}
7090	if (alloc_len == 0) {
7091		ctl_set_success(ctsio);
7092		ctl_done((union ctl_io *)ctsio);
7093		return (CTL_RETVAL_COMPLETE);
7094	}
7095
7096	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7097	if (data_len < alloc_len) {
7098		ctsio->residual = alloc_len - data_len;
7099		ctsio->kern_data_len = data_len;
7100		ctsio->kern_total_len = data_len;
7101	} else {
7102		ctsio->residual = 0;
7103		ctsio->kern_data_len = alloc_len;
7104		ctsio->kern_total_len = alloc_len;
7105	}
7106	ctsio->kern_data_resid = 0;
7107	ctsio->kern_rel_offset = 0;
7108	ctsio->kern_sg_entries = 0;
7109
7110	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7111		data10 = (struct scsi_read_defect_data_hdr_10 *)
7112		    ctsio->kern_data_ptr;
7113		data10->format = format;
7114		scsi_ulto2b(0, data10->length);
7115	} else {
7116		data12 = (struct scsi_read_defect_data_hdr_12 *)
7117		    ctsio->kern_data_ptr;
7118		data12->format = format;
7119		scsi_ulto2b(0, data12->generation);
7120		scsi_ulto4b(0, data12->length);
7121	}
7122
7123	ctl_set_success(ctsio);
7124	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7125	ctsio->be_move_done = ctl_config_move_done;
7126	ctl_datamove((union ctl_io *)ctsio);
7127	return (CTL_RETVAL_COMPLETE);
7128}
7129
7130int
7131ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7132{
7133	struct scsi_maintenance_in *cdb;
7134	int retval;
7135	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7136	int num_target_port_groups, num_target_ports;
7137	struct ctl_lun *lun;
7138	struct ctl_softc *softc;
7139	struct ctl_port *port;
7140	struct scsi_target_group_data *rtg_ptr;
7141	struct scsi_target_group_data_extended *rtg_ext_ptr;
7142	struct scsi_target_port_group_descriptor *tpg_desc;
7143
7144	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7145
7146	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7147	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7148	softc = lun->ctl_softc;
7149
7150	retval = CTL_RETVAL_COMPLETE;
7151
7152	switch (cdb->byte2 & STG_PDF_MASK) {
7153	case STG_PDF_LENGTH:
7154		ext = 0;
7155		break;
7156	case STG_PDF_EXTENDED:
7157		ext = 1;
7158		break;
7159	default:
7160		ctl_set_invalid_field(/*ctsio*/ ctsio,
7161				      /*sks_valid*/ 1,
7162				      /*command*/ 1,
7163				      /*field*/ 2,
7164				      /*bit_valid*/ 1,
7165				      /*bit*/ 5);
7166		ctl_done((union ctl_io *)ctsio);
7167		return(retval);
7168	}
7169
7170	if (softc->is_single)
7171		num_target_port_groups = 1;
7172	else
7173		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7174	num_target_ports = 0;
7175	mtx_lock(&softc->ctl_lock);
7176	STAILQ_FOREACH(port, &softc->port_list, links) {
7177		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7178			continue;
7179		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7180			continue;
7181		num_target_ports++;
7182	}
7183	mtx_unlock(&softc->ctl_lock);
7184
7185	if (ext)
7186		total_len = sizeof(struct scsi_target_group_data_extended);
7187	else
7188		total_len = sizeof(struct scsi_target_group_data);
7189	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7190		num_target_port_groups +
7191	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7192
7193	alloc_len = scsi_4btoul(cdb->length);
7194
7195	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7196
7197	ctsio->kern_sg_entries = 0;
7198
7199	if (total_len < alloc_len) {
7200		ctsio->residual = alloc_len - total_len;
7201		ctsio->kern_data_len = total_len;
7202		ctsio->kern_total_len = total_len;
7203	} else {
7204		ctsio->residual = 0;
7205		ctsio->kern_data_len = alloc_len;
7206		ctsio->kern_total_len = alloc_len;
7207	}
7208	ctsio->kern_data_resid = 0;
7209	ctsio->kern_rel_offset = 0;
7210
7211	if (ext) {
7212		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7213		    ctsio->kern_data_ptr;
7214		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7215		rtg_ext_ptr->format_type = 0x10;
7216		rtg_ext_ptr->implicit_transition_time = 0;
7217		tpg_desc = &rtg_ext_ptr->groups[0];
7218	} else {
7219		rtg_ptr = (struct scsi_target_group_data *)
7220		    ctsio->kern_data_ptr;
7221		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7222		tpg_desc = &rtg_ptr->groups[0];
7223	}
7224
7225	mtx_lock(&softc->ctl_lock);
7226	pg = softc->port_min / softc->port_cnt;
7227	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7228		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7229	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7230		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7231	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7232		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7233	else
7234		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7235	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7236		os = gs;
7237		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7238	} else
7239		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7240	for (g = 0; g < num_target_port_groups; g++) {
7241		tpg_desc->pref_state = (g == pg) ? gs : os;
7242		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7243		    TPG_U_SUP | TPG_T_SUP;
7244		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7245		tpg_desc->status = TPG_IMPLICIT;
7246		pc = 0;
7247		STAILQ_FOREACH(port, &softc->port_list, links) {
7248			if (port->targ_port < g * softc->port_cnt ||
7249			    port->targ_port >= (g + 1) * softc->port_cnt)
7250				continue;
7251			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7252				continue;
7253			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7254				continue;
7255			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7256			    relative_target_port_identifier);
7257			pc++;
7258		}
7259		tpg_desc->target_port_count = pc;
7260		tpg_desc = (struct scsi_target_port_group_descriptor *)
7261		    &tpg_desc->descriptors[pc];
7262	}
7263	mtx_unlock(&softc->ctl_lock);
7264
7265	ctl_set_success(ctsio);
7266	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7267	ctsio->be_move_done = ctl_config_move_done;
7268	ctl_datamove((union ctl_io *)ctsio);
7269	return(retval);
7270}
7271
7272int
7273ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7274{
7275	struct ctl_lun *lun;
7276	struct scsi_report_supported_opcodes *cdb;
7277	const struct ctl_cmd_entry *entry, *sentry;
7278	struct scsi_report_supported_opcodes_all *all;
7279	struct scsi_report_supported_opcodes_descr *descr;
7280	struct scsi_report_supported_opcodes_one *one;
7281	int retval;
7282	int alloc_len, total_len;
7283	int opcode, service_action, i, j, num;
7284
7285	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7286
7287	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7288	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7289
7290	retval = CTL_RETVAL_COMPLETE;
7291
7292	opcode = cdb->requested_opcode;
7293	service_action = scsi_2btoul(cdb->requested_service_action);
7294	switch (cdb->options & RSO_OPTIONS_MASK) {
7295	case RSO_OPTIONS_ALL:
7296		num = 0;
7297		for (i = 0; i < 256; i++) {
7298			entry = &ctl_cmd_table[i];
7299			if (entry->flags & CTL_CMD_FLAG_SA5) {
7300				for (j = 0; j < 32; j++) {
7301					sentry = &((const struct ctl_cmd_entry *)
7302					    entry->execute)[j];
7303					if (ctl_cmd_applicable(
7304					    lun->be_lun->lun_type, sentry))
7305						num++;
7306				}
7307			} else {
7308				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7309				    entry))
7310					num++;
7311			}
7312		}
7313		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7314		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7315		break;
7316	case RSO_OPTIONS_OC:
7317		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7318			ctl_set_invalid_field(/*ctsio*/ ctsio,
7319					      /*sks_valid*/ 1,
7320					      /*command*/ 1,
7321					      /*field*/ 2,
7322					      /*bit_valid*/ 1,
7323					      /*bit*/ 2);
7324			ctl_done((union ctl_io *)ctsio);
7325			return (CTL_RETVAL_COMPLETE);
7326		}
7327		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7328		break;
7329	case RSO_OPTIONS_OC_SA:
7330		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7331		    service_action >= 32) {
7332			ctl_set_invalid_field(/*ctsio*/ ctsio,
7333					      /*sks_valid*/ 1,
7334					      /*command*/ 1,
7335					      /*field*/ 2,
7336					      /*bit_valid*/ 1,
7337					      /*bit*/ 2);
7338			ctl_done((union ctl_io *)ctsio);
7339			return (CTL_RETVAL_COMPLETE);
7340		}
7341		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7342		break;
7343	default:
7344		ctl_set_invalid_field(/*ctsio*/ ctsio,
7345				      /*sks_valid*/ 1,
7346				      /*command*/ 1,
7347				      /*field*/ 2,
7348				      /*bit_valid*/ 1,
7349				      /*bit*/ 2);
7350		ctl_done((union ctl_io *)ctsio);
7351		return (CTL_RETVAL_COMPLETE);
7352	}
7353
7354	alloc_len = scsi_4btoul(cdb->length);
7355
7356	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7357
7358	ctsio->kern_sg_entries = 0;
7359
7360	if (total_len < alloc_len) {
7361		ctsio->residual = alloc_len - total_len;
7362		ctsio->kern_data_len = total_len;
7363		ctsio->kern_total_len = total_len;
7364	} else {
7365		ctsio->residual = 0;
7366		ctsio->kern_data_len = alloc_len;
7367		ctsio->kern_total_len = alloc_len;
7368	}
7369	ctsio->kern_data_resid = 0;
7370	ctsio->kern_rel_offset = 0;
7371
7372	switch (cdb->options & RSO_OPTIONS_MASK) {
7373	case RSO_OPTIONS_ALL:
7374		all = (struct scsi_report_supported_opcodes_all *)
7375		    ctsio->kern_data_ptr;
7376		num = 0;
7377		for (i = 0; i < 256; i++) {
7378			entry = &ctl_cmd_table[i];
7379			if (entry->flags & CTL_CMD_FLAG_SA5) {
7380				for (j = 0; j < 32; j++) {
7381					sentry = &((const struct ctl_cmd_entry *)
7382					    entry->execute)[j];
7383					if (!ctl_cmd_applicable(
7384					    lun->be_lun->lun_type, sentry))
7385						continue;
7386					descr = &all->descr[num++];
7387					descr->opcode = i;
7388					scsi_ulto2b(j, descr->service_action);
7389					descr->flags = RSO_SERVACTV;
7390					scsi_ulto2b(sentry->length,
7391					    descr->cdb_length);
7392				}
7393			} else {
7394				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7395				    entry))
7396					continue;
7397				descr = &all->descr[num++];
7398				descr->opcode = i;
7399				scsi_ulto2b(0, descr->service_action);
7400				descr->flags = 0;
7401				scsi_ulto2b(entry->length, descr->cdb_length);
7402			}
7403		}
7404		scsi_ulto4b(
7405		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7406		    all->length);
7407		break;
7408	case RSO_OPTIONS_OC:
7409		one = (struct scsi_report_supported_opcodes_one *)
7410		    ctsio->kern_data_ptr;
7411		entry = &ctl_cmd_table[opcode];
7412		goto fill_one;
7413	case RSO_OPTIONS_OC_SA:
7414		one = (struct scsi_report_supported_opcodes_one *)
7415		    ctsio->kern_data_ptr;
7416		entry = &ctl_cmd_table[opcode];
7417		entry = &((const struct ctl_cmd_entry *)
7418		    entry->execute)[service_action];
7419fill_one:
7420		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7421			one->support = 3;
7422			scsi_ulto2b(entry->length, one->cdb_length);
7423			one->cdb_usage[0] = opcode;
7424			memcpy(&one->cdb_usage[1], entry->usage,
7425			    entry->length - 1);
7426		} else
7427			one->support = 1;
7428		break;
7429	}
7430
7431	ctl_set_success(ctsio);
7432	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7433	ctsio->be_move_done = ctl_config_move_done;
7434	ctl_datamove((union ctl_io *)ctsio);
7435	return(retval);
7436}
7437
7438int
7439ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7440{
7441	struct scsi_report_supported_tmf *cdb;
7442	struct scsi_report_supported_tmf_data *data;
7443	int retval;
7444	int alloc_len, total_len;
7445
7446	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7447
7448	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7449
7450	retval = CTL_RETVAL_COMPLETE;
7451
7452	total_len = sizeof(struct scsi_report_supported_tmf_data);
7453	alloc_len = scsi_4btoul(cdb->length);
7454
7455	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7456
7457	ctsio->kern_sg_entries = 0;
7458
7459	if (total_len < alloc_len) {
7460		ctsio->residual = alloc_len - total_len;
7461		ctsio->kern_data_len = total_len;
7462		ctsio->kern_total_len = total_len;
7463	} else {
7464		ctsio->residual = 0;
7465		ctsio->kern_data_len = alloc_len;
7466		ctsio->kern_total_len = alloc_len;
7467	}
7468	ctsio->kern_data_resid = 0;
7469	ctsio->kern_rel_offset = 0;
7470
7471	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7472	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7473	    RST_TRS;
7474	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7475
7476	ctl_set_success(ctsio);
7477	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7478	ctsio->be_move_done = ctl_config_move_done;
7479	ctl_datamove((union ctl_io *)ctsio);
7480	return (retval);
7481}
7482
7483int
7484ctl_report_timestamp(struct ctl_scsiio *ctsio)
7485{
7486	struct scsi_report_timestamp *cdb;
7487	struct scsi_report_timestamp_data *data;
7488	struct timeval tv;
7489	int64_t timestamp;
7490	int retval;
7491	int alloc_len, total_len;
7492
7493	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7494
7495	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7496
7497	retval = CTL_RETVAL_COMPLETE;
7498
7499	total_len = sizeof(struct scsi_report_timestamp_data);
7500	alloc_len = scsi_4btoul(cdb->length);
7501
7502	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7503
7504	ctsio->kern_sg_entries = 0;
7505
7506	if (total_len < alloc_len) {
7507		ctsio->residual = alloc_len - total_len;
7508		ctsio->kern_data_len = total_len;
7509		ctsio->kern_total_len = total_len;
7510	} else {
7511		ctsio->residual = 0;
7512		ctsio->kern_data_len = alloc_len;
7513		ctsio->kern_total_len = alloc_len;
7514	}
7515	ctsio->kern_data_resid = 0;
7516	ctsio->kern_rel_offset = 0;
7517
7518	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7519	scsi_ulto2b(sizeof(*data) - 2, data->length);
7520	data->origin = RTS_ORIG_OUTSIDE;
7521	getmicrotime(&tv);
7522	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7523	scsi_ulto4b(timestamp >> 16, data->timestamp);
7524	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7525
7526	ctl_set_success(ctsio);
7527	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7528	ctsio->be_move_done = ctl_config_move_done;
7529	ctl_datamove((union ctl_io *)ctsio);
7530	return (retval);
7531}
7532
7533int
7534ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7535{
7536	struct scsi_per_res_in *cdb;
7537	int alloc_len, total_len = 0;
7538	/* struct scsi_per_res_in_rsrv in_data; */
7539	struct ctl_lun *lun;
7540	struct ctl_softc *softc;
7541	uint64_t key;
7542
7543	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7544
7545	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7546
7547	alloc_len = scsi_2btoul(cdb->length);
7548
7549	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7550	softc = lun->ctl_softc;
7551
7552retry:
7553	mtx_lock(&lun->lun_lock);
7554	switch (cdb->action) {
7555	case SPRI_RK: /* read keys */
7556		total_len = sizeof(struct scsi_per_res_in_keys) +
7557			lun->pr_key_count *
7558			sizeof(struct scsi_per_res_key);
7559		break;
7560	case SPRI_RR: /* read reservation */
7561		if (lun->flags & CTL_LUN_PR_RESERVED)
7562			total_len = sizeof(struct scsi_per_res_in_rsrv);
7563		else
7564			total_len = sizeof(struct scsi_per_res_in_header);
7565		break;
7566	case SPRI_RC: /* report capabilities */
7567		total_len = sizeof(struct scsi_per_res_cap);
7568		break;
7569	case SPRI_RS: /* read full status */
7570		total_len = sizeof(struct scsi_per_res_in_header) +
7571		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7572		    lun->pr_key_count;
7573		break;
7574	default:
7575		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7576	}
7577	mtx_unlock(&lun->lun_lock);
7578
7579	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7580
7581	if (total_len < alloc_len) {
7582		ctsio->residual = alloc_len - total_len;
7583		ctsio->kern_data_len = total_len;
7584		ctsio->kern_total_len = total_len;
7585	} else {
7586		ctsio->residual = 0;
7587		ctsio->kern_data_len = alloc_len;
7588		ctsio->kern_total_len = alloc_len;
7589	}
7590
7591	ctsio->kern_data_resid = 0;
7592	ctsio->kern_rel_offset = 0;
7593	ctsio->kern_sg_entries = 0;
7594
7595	mtx_lock(&lun->lun_lock);
7596	switch (cdb->action) {
7597	case SPRI_RK: { // read keys
7598        struct scsi_per_res_in_keys *res_keys;
7599		int i, key_count;
7600
7601		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7602
7603		/*
7604		 * We had to drop the lock to allocate our buffer, which
7605		 * leaves time for someone to come in with another
7606		 * persistent reservation.  (That is unlikely, though,
7607		 * since this should be the only persistent reservation
7608		 * command active right now.)
7609		 */
7610		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7611		    (lun->pr_key_count *
7612		     sizeof(struct scsi_per_res_key)))){
7613			mtx_unlock(&lun->lun_lock);
7614			free(ctsio->kern_data_ptr, M_CTL);
7615			printf("%s: reservation length changed, retrying\n",
7616			       __func__);
7617			goto retry;
7618		}
7619
7620		scsi_ulto4b(lun->pr_generation, res_keys->header.generation);
7621
7622		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7623			     lun->pr_key_count, res_keys->header.length);
7624
7625		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7626			if ((key = ctl_get_prkey(lun, i)) == 0)
7627				continue;
7628
7629			/*
7630			 * We used lun->pr_key_count to calculate the
7631			 * size to allocate.  If it turns out the number of
7632			 * initiators with the registered flag set is
7633			 * larger than that (i.e. they haven't been kept in
7634			 * sync), we've got a problem.
7635			 */
7636			if (key_count >= lun->pr_key_count) {
7637				key_count++;
7638				continue;
7639			}
7640			scsi_u64to8b(key, res_keys->keys[key_count].key);
7641			key_count++;
7642		}
7643		break;
7644	}
7645	case SPRI_RR: { // read reservation
7646		struct scsi_per_res_in_rsrv *res;
7647		int tmp_len, header_only;
7648
7649		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7650
7651		scsi_ulto4b(lun->pr_generation, res->header.generation);
7652
7653		if (lun->flags & CTL_LUN_PR_RESERVED)
7654		{
7655			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7656			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7657				    res->header.length);
7658			header_only = 0;
7659		} else {
7660			tmp_len = sizeof(struct scsi_per_res_in_header);
7661			scsi_ulto4b(0, res->header.length);
7662			header_only = 1;
7663		}
7664
7665		/*
7666		 * We had to drop the lock to allocate our buffer, which
7667		 * leaves time for someone to come in with another
7668		 * persistent reservation.  (That is unlikely, though,
7669		 * since this should be the only persistent reservation
7670		 * command active right now.)
7671		 */
7672		if (tmp_len != total_len) {
7673			mtx_unlock(&lun->lun_lock);
7674			free(ctsio->kern_data_ptr, M_CTL);
7675			printf("%s: reservation status changed, retrying\n",
7676			       __func__);
7677			goto retry;
7678		}
7679
7680		/*
7681		 * No reservation held, so we're done.
7682		 */
7683		if (header_only != 0)
7684			break;
7685
7686		/*
7687		 * If the registration is an All Registrants type, the key
7688		 * is 0, since it doesn't really matter.
7689		 */
7690		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7691			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7692			    res->data.reservation);
7693		}
7694		res->data.scopetype = lun->pr_res_type;
7695		break;
7696	}
7697	case SPRI_RC:     //report capabilities
7698	{
7699		struct scsi_per_res_cap *res_cap;
7700		uint16_t type_mask;
7701
7702		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7703		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7704		res_cap->flags1 = SPRI_CRH;
7705		res_cap->flags2 = SPRI_TMV | SPRI_ALLOW_5;
7706		type_mask = SPRI_TM_WR_EX_AR |
7707			    SPRI_TM_EX_AC_RO |
7708			    SPRI_TM_WR_EX_RO |
7709			    SPRI_TM_EX_AC |
7710			    SPRI_TM_WR_EX |
7711			    SPRI_TM_EX_AC_AR;
7712		scsi_ulto2b(type_mask, res_cap->type_mask);
7713		break;
7714	}
7715	case SPRI_RS: { // read full status
7716		struct scsi_per_res_in_full *res_status;
7717		struct scsi_per_res_in_full_desc *res_desc;
7718		struct ctl_port *port;
7719		int i, len;
7720
7721		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7722
7723		/*
7724		 * We had to drop the lock to allocate our buffer, which
7725		 * leaves time for someone to come in with another
7726		 * persistent reservation.  (That is unlikely, though,
7727		 * since this should be the only persistent reservation
7728		 * command active right now.)
7729		 */
7730		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7731		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7732		     lun->pr_key_count)){
7733			mtx_unlock(&lun->lun_lock);
7734			free(ctsio->kern_data_ptr, M_CTL);
7735			printf("%s: reservation length changed, retrying\n",
7736			       __func__);
7737			goto retry;
7738		}
7739
7740		scsi_ulto4b(lun->pr_generation, res_status->header.generation);
7741
7742		res_desc = &res_status->desc[0];
7743		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7744			if ((key = ctl_get_prkey(lun, i)) == 0)
7745				continue;
7746
7747			scsi_u64to8b(key, res_desc->res_key.key);
7748			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7749			    (lun->pr_res_idx == i ||
7750			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7751				res_desc->flags = SPRI_FULL_R_HOLDER;
7752				res_desc->scopetype = lun->pr_res_type;
7753			}
7754			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7755			    res_desc->rel_trgt_port_id);
7756			len = 0;
7757			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7758			if (port != NULL)
7759				len = ctl_create_iid(port,
7760				    i % CTL_MAX_INIT_PER_PORT,
7761				    res_desc->transport_id);
7762			scsi_ulto4b(len, res_desc->additional_length);
7763			res_desc = (struct scsi_per_res_in_full_desc *)
7764			    &res_desc->transport_id[len];
7765		}
7766		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7767		    res_status->header.length);
7768		break;
7769	}
7770	default:
7771		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7772	}
7773	mtx_unlock(&lun->lun_lock);
7774
7775	ctl_set_success(ctsio);
7776	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7777	ctsio->be_move_done = ctl_config_move_done;
7778	ctl_datamove((union ctl_io *)ctsio);
7779	return (CTL_RETVAL_COMPLETE);
7780}
7781
7782/*
7783 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7784 * it should return.
7785 */
7786static int
7787ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7788		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7789		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7790		struct scsi_per_res_out_parms* param)
7791{
7792	union ctl_ha_msg persis_io;
7793	int i;
7794
7795	mtx_lock(&lun->lun_lock);
7796	if (sa_res_key == 0) {
7797		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7798			/* validate scope and type */
7799			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7800			     SPR_LU_SCOPE) {
7801				mtx_unlock(&lun->lun_lock);
7802				ctl_set_invalid_field(/*ctsio*/ ctsio,
7803						      /*sks_valid*/ 1,
7804						      /*command*/ 1,
7805						      /*field*/ 2,
7806						      /*bit_valid*/ 1,
7807						      /*bit*/ 4);
7808				ctl_done((union ctl_io *)ctsio);
7809				return (1);
7810			}
7811
7812		        if (type>8 || type==2 || type==4 || type==0) {
7813				mtx_unlock(&lun->lun_lock);
7814				ctl_set_invalid_field(/*ctsio*/ ctsio,
7815       	           				      /*sks_valid*/ 1,
7816						      /*command*/ 1,
7817						      /*field*/ 2,
7818						      /*bit_valid*/ 1,
7819						      /*bit*/ 0);
7820				ctl_done((union ctl_io *)ctsio);
7821				return (1);
7822		        }
7823
7824			/*
7825			 * Unregister everybody else and build UA for
7826			 * them
7827			 */
7828			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7829				if (i == residx || ctl_get_prkey(lun, i) == 0)
7830					continue;
7831
7832				ctl_clr_prkey(lun, i);
7833				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7834			}
7835			lun->pr_key_count = 1;
7836			lun->pr_res_type = type;
7837			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7838			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7839				lun->pr_res_idx = residx;
7840			lun->pr_generation++;
7841			mtx_unlock(&lun->lun_lock);
7842
7843			/* send msg to other side */
7844			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7845			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7846			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7847			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7848			persis_io.pr.pr_info.res_type = type;
7849			memcpy(persis_io.pr.pr_info.sa_res_key,
7850			       param->serv_act_res_key,
7851			       sizeof(param->serv_act_res_key));
7852			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7853			    sizeof(persis_io.pr), M_WAITOK);
7854		} else {
7855			/* not all registrants */
7856			mtx_unlock(&lun->lun_lock);
7857			free(ctsio->kern_data_ptr, M_CTL);
7858			ctl_set_invalid_field(ctsio,
7859					      /*sks_valid*/ 1,
7860					      /*command*/ 0,
7861					      /*field*/ 8,
7862					      /*bit_valid*/ 0,
7863					      /*bit*/ 0);
7864			ctl_done((union ctl_io *)ctsio);
7865			return (1);
7866		}
7867	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7868		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7869		int found = 0;
7870
7871		if (res_key == sa_res_key) {
7872			/* special case */
7873			/*
7874			 * The spec implies this is not good but doesn't
7875			 * say what to do. There are two choices either
7876			 * generate a res conflict or check condition
7877			 * with illegal field in parameter data. Since
7878			 * that is what is done when the sa_res_key is
7879			 * zero I'll take that approach since this has
7880			 * to do with the sa_res_key.
7881			 */
7882			mtx_unlock(&lun->lun_lock);
7883			free(ctsio->kern_data_ptr, M_CTL);
7884			ctl_set_invalid_field(ctsio,
7885					      /*sks_valid*/ 1,
7886					      /*command*/ 0,
7887					      /*field*/ 8,
7888					      /*bit_valid*/ 0,
7889					      /*bit*/ 0);
7890			ctl_done((union ctl_io *)ctsio);
7891			return (1);
7892		}
7893
7894		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7895			if (ctl_get_prkey(lun, i) != sa_res_key)
7896				continue;
7897
7898			found = 1;
7899			ctl_clr_prkey(lun, i);
7900			lun->pr_key_count--;
7901			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7902		}
7903		if (!found) {
7904			mtx_unlock(&lun->lun_lock);
7905			free(ctsio->kern_data_ptr, M_CTL);
7906			ctl_set_reservation_conflict(ctsio);
7907			ctl_done((union ctl_io *)ctsio);
7908			return (CTL_RETVAL_COMPLETE);
7909		}
7910		lun->pr_generation++;
7911		mtx_unlock(&lun->lun_lock);
7912
7913		/* send msg to other side */
7914		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7915		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7916		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7917		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7918		persis_io.pr.pr_info.res_type = type;
7919		memcpy(persis_io.pr.pr_info.sa_res_key,
7920		       param->serv_act_res_key,
7921		       sizeof(param->serv_act_res_key));
7922		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7923		    sizeof(persis_io.pr), M_WAITOK);
7924	} else {
7925		/* Reserved but not all registrants */
7926		/* sa_res_key is res holder */
7927		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7928			/* validate scope and type */
7929			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7930			     SPR_LU_SCOPE) {
7931				mtx_unlock(&lun->lun_lock);
7932				ctl_set_invalid_field(/*ctsio*/ ctsio,
7933						      /*sks_valid*/ 1,
7934						      /*command*/ 1,
7935						      /*field*/ 2,
7936						      /*bit_valid*/ 1,
7937						      /*bit*/ 4);
7938				ctl_done((union ctl_io *)ctsio);
7939				return (1);
7940			}
7941
7942			if (type>8 || type==2 || type==4 || type==0) {
7943				mtx_unlock(&lun->lun_lock);
7944				ctl_set_invalid_field(/*ctsio*/ ctsio,
7945						      /*sks_valid*/ 1,
7946						      /*command*/ 1,
7947						      /*field*/ 2,
7948						      /*bit_valid*/ 1,
7949						      /*bit*/ 0);
7950				ctl_done((union ctl_io *)ctsio);
7951				return (1);
7952			}
7953
7954			/*
7955			 * Do the following:
7956			 * if sa_res_key != res_key remove all
7957			 * registrants w/sa_res_key and generate UA
7958			 * for these registrants(Registrations
7959			 * Preempted) if it wasn't an exclusive
7960			 * reservation generate UA(Reservations
7961			 * Preempted) for all other registered nexuses
7962			 * if the type has changed. Establish the new
7963			 * reservation and holder. If res_key and
7964			 * sa_res_key are the same do the above
7965			 * except don't unregister the res holder.
7966			 */
7967
7968			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7969				if (i == residx || ctl_get_prkey(lun, i) == 0)
7970					continue;
7971
7972				if (sa_res_key == ctl_get_prkey(lun, i)) {
7973					ctl_clr_prkey(lun, i);
7974					lun->pr_key_count--;
7975					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7976				} else if (type != lun->pr_res_type &&
7977				    (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
7978				     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
7979					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7980				}
7981			}
7982			lun->pr_res_type = type;
7983			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7984			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7985				lun->pr_res_idx = residx;
7986			else
7987				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7988			lun->pr_generation++;
7989			mtx_unlock(&lun->lun_lock);
7990
7991			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7992			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7993			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7994			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7995			persis_io.pr.pr_info.res_type = type;
7996			memcpy(persis_io.pr.pr_info.sa_res_key,
7997			       param->serv_act_res_key,
7998			       sizeof(param->serv_act_res_key));
7999			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8000			    sizeof(persis_io.pr), M_WAITOK);
8001		} else {
8002			/*
8003			 * sa_res_key is not the res holder just
8004			 * remove registrants
8005			 */
8006			int found=0;
8007
8008			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8009				if (sa_res_key != ctl_get_prkey(lun, i))
8010					continue;
8011
8012				found = 1;
8013				ctl_clr_prkey(lun, i);
8014				lun->pr_key_count--;
8015				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8016			}
8017
8018			if (!found) {
8019				mtx_unlock(&lun->lun_lock);
8020				free(ctsio->kern_data_ptr, M_CTL);
8021				ctl_set_reservation_conflict(ctsio);
8022				ctl_done((union ctl_io *)ctsio);
8023		        	return (1);
8024			}
8025			lun->pr_generation++;
8026			mtx_unlock(&lun->lun_lock);
8027
8028			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8029			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8030			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8031			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8032			persis_io.pr.pr_info.res_type = type;
8033			memcpy(persis_io.pr.pr_info.sa_res_key,
8034			       param->serv_act_res_key,
8035			       sizeof(param->serv_act_res_key));
8036			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8037			    sizeof(persis_io.pr), M_WAITOK);
8038		}
8039	}
8040	return (0);
8041}
8042
8043static void
8044ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8045{
8046	uint64_t sa_res_key;
8047	int i;
8048
8049	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8050
8051	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8052	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8053	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8054		if (sa_res_key == 0) {
8055			/*
8056			 * Unregister everybody else and build UA for
8057			 * them
8058			 */
8059			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8060				if (i == msg->pr.pr_info.residx ||
8061				    ctl_get_prkey(lun, i) == 0)
8062					continue;
8063
8064				ctl_clr_prkey(lun, i);
8065				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8066			}
8067
8068			lun->pr_key_count = 1;
8069			lun->pr_res_type = msg->pr.pr_info.res_type;
8070			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8071			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8072				lun->pr_res_idx = msg->pr.pr_info.residx;
8073		} else {
8074		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8075				if (sa_res_key == ctl_get_prkey(lun, i))
8076					continue;
8077
8078				ctl_clr_prkey(lun, i);
8079				lun->pr_key_count--;
8080				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8081			}
8082		}
8083	} else {
8084		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8085			if (i == msg->pr.pr_info.residx ||
8086			    ctl_get_prkey(lun, i) == 0)
8087				continue;
8088
8089			if (sa_res_key == ctl_get_prkey(lun, i)) {
8090				ctl_clr_prkey(lun, i);
8091				lun->pr_key_count--;
8092				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8093			} else if (msg->pr.pr_info.res_type != lun->pr_res_type
8094			    && (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8095			     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
8096				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8097			}
8098		}
8099		lun->pr_res_type = msg->pr.pr_info.res_type;
8100		if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8101		    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8102			lun->pr_res_idx = msg->pr.pr_info.residx;
8103		else
8104			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8105	}
8106	lun->pr_generation++;
8107
8108}
8109
8110
8111int
8112ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8113{
8114	int retval;
8115	u_int32_t param_len;
8116	struct scsi_per_res_out *cdb;
8117	struct ctl_lun *lun;
8118	struct scsi_per_res_out_parms* param;
8119	struct ctl_softc *softc;
8120	uint32_t residx;
8121	uint64_t res_key, sa_res_key, key;
8122	uint8_t type;
8123	union ctl_ha_msg persis_io;
8124	int    i;
8125
8126	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8127
8128	retval = CTL_RETVAL_COMPLETE;
8129
8130	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8131	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8132	softc = lun->ctl_softc;
8133
8134	/*
8135	 * We only support whole-LUN scope.  The scope & type are ignored for
8136	 * register, register and ignore existing key and clear.
8137	 * We sometimes ignore scope and type on preempts too!!
8138	 * Verify reservation type here as well.
8139	 */
8140	type = cdb->scope_type & SPR_TYPE_MASK;
8141	if ((cdb->action == SPRO_RESERVE)
8142	 || (cdb->action == SPRO_RELEASE)) {
8143		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8144			ctl_set_invalid_field(/*ctsio*/ ctsio,
8145					      /*sks_valid*/ 1,
8146					      /*command*/ 1,
8147					      /*field*/ 2,
8148					      /*bit_valid*/ 1,
8149					      /*bit*/ 4);
8150			ctl_done((union ctl_io *)ctsio);
8151			return (CTL_RETVAL_COMPLETE);
8152		}
8153
8154		if (type>8 || type==2 || type==4 || type==0) {
8155			ctl_set_invalid_field(/*ctsio*/ ctsio,
8156					      /*sks_valid*/ 1,
8157					      /*command*/ 1,
8158					      /*field*/ 2,
8159					      /*bit_valid*/ 1,
8160					      /*bit*/ 0);
8161			ctl_done((union ctl_io *)ctsio);
8162			return (CTL_RETVAL_COMPLETE);
8163		}
8164	}
8165
8166	param_len = scsi_4btoul(cdb->length);
8167
8168	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8169		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8170		ctsio->kern_data_len = param_len;
8171		ctsio->kern_total_len = param_len;
8172		ctsio->kern_data_resid = 0;
8173		ctsio->kern_rel_offset = 0;
8174		ctsio->kern_sg_entries = 0;
8175		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8176		ctsio->be_move_done = ctl_config_move_done;
8177		ctl_datamove((union ctl_io *)ctsio);
8178
8179		return (CTL_RETVAL_COMPLETE);
8180	}
8181
8182	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8183
8184	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8185	res_key = scsi_8btou64(param->res_key.key);
8186	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8187
8188	/*
8189	 * Validate the reservation key here except for SPRO_REG_IGNO
8190	 * This must be done for all other service actions
8191	 */
8192	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8193		mtx_lock(&lun->lun_lock);
8194		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8195			if (res_key != key) {
8196				/*
8197				 * The current key passed in doesn't match
8198				 * the one the initiator previously
8199				 * registered.
8200				 */
8201				mtx_unlock(&lun->lun_lock);
8202				free(ctsio->kern_data_ptr, M_CTL);
8203				ctl_set_reservation_conflict(ctsio);
8204				ctl_done((union ctl_io *)ctsio);
8205				return (CTL_RETVAL_COMPLETE);
8206			}
8207		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8208			/*
8209			 * We are not registered
8210			 */
8211			mtx_unlock(&lun->lun_lock);
8212			free(ctsio->kern_data_ptr, M_CTL);
8213			ctl_set_reservation_conflict(ctsio);
8214			ctl_done((union ctl_io *)ctsio);
8215			return (CTL_RETVAL_COMPLETE);
8216		} else if (res_key != 0) {
8217			/*
8218			 * We are not registered and trying to register but
8219			 * the register key isn't zero.
8220			 */
8221			mtx_unlock(&lun->lun_lock);
8222			free(ctsio->kern_data_ptr, M_CTL);
8223			ctl_set_reservation_conflict(ctsio);
8224			ctl_done((union ctl_io *)ctsio);
8225			return (CTL_RETVAL_COMPLETE);
8226		}
8227		mtx_unlock(&lun->lun_lock);
8228	}
8229
8230	switch (cdb->action & SPRO_ACTION_MASK) {
8231	case SPRO_REGISTER:
8232	case SPRO_REG_IGNO: {
8233
8234#if 0
8235		printf("Registration received\n");
8236#endif
8237
8238		/*
8239		 * We don't support any of these options, as we report in
8240		 * the read capabilities request (see
8241		 * ctl_persistent_reserve_in(), above).
8242		 */
8243		if ((param->flags & SPR_SPEC_I_PT)
8244		 || (param->flags & SPR_ALL_TG_PT)
8245		 || (param->flags & SPR_APTPL)) {
8246			int bit_ptr;
8247
8248			if (param->flags & SPR_APTPL)
8249				bit_ptr = 0;
8250			else if (param->flags & SPR_ALL_TG_PT)
8251				bit_ptr = 2;
8252			else /* SPR_SPEC_I_PT */
8253				bit_ptr = 3;
8254
8255			free(ctsio->kern_data_ptr, M_CTL);
8256			ctl_set_invalid_field(ctsio,
8257					      /*sks_valid*/ 1,
8258					      /*command*/ 0,
8259					      /*field*/ 20,
8260					      /*bit_valid*/ 1,
8261					      /*bit*/ bit_ptr);
8262			ctl_done((union ctl_io *)ctsio);
8263			return (CTL_RETVAL_COMPLETE);
8264		}
8265
8266		mtx_lock(&lun->lun_lock);
8267
8268		/*
8269		 * The initiator wants to clear the
8270		 * key/unregister.
8271		 */
8272		if (sa_res_key == 0) {
8273			if ((res_key == 0
8274			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8275			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8276			  && ctl_get_prkey(lun, residx) == 0)) {
8277				mtx_unlock(&lun->lun_lock);
8278				goto done;
8279			}
8280
8281			ctl_clr_prkey(lun, residx);
8282			lun->pr_key_count--;
8283
8284			if (residx == lun->pr_res_idx) {
8285				lun->flags &= ~CTL_LUN_PR_RESERVED;
8286				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8287
8288				if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8289				     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8290				    lun->pr_key_count) {
8291					/*
8292					 * If the reservation is a registrants
8293					 * only type we need to generate a UA
8294					 * for other registered inits.  The
8295					 * sense code should be RESERVATIONS
8296					 * RELEASED
8297					 */
8298
8299					for (i = softc->init_min; i < softc->init_max; i++){
8300						if (ctl_get_prkey(lun, i) == 0)
8301							continue;
8302						ctl_est_ua(lun, i,
8303						    CTL_UA_RES_RELEASE);
8304					}
8305				}
8306				lun->pr_res_type = 0;
8307			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8308				if (lun->pr_key_count==0) {
8309					lun->flags &= ~CTL_LUN_PR_RESERVED;
8310					lun->pr_res_type = 0;
8311					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8312				}
8313			}
8314			lun->pr_generation++;
8315			mtx_unlock(&lun->lun_lock);
8316
8317			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8318			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8319			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8320			persis_io.pr.pr_info.residx = residx;
8321			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8322			    sizeof(persis_io.pr), M_WAITOK);
8323		} else /* sa_res_key != 0 */ {
8324
8325			/*
8326			 * If we aren't registered currently then increment
8327			 * the key count and set the registered flag.
8328			 */
8329			ctl_alloc_prkey(lun, residx);
8330			if (ctl_get_prkey(lun, residx) == 0)
8331				lun->pr_key_count++;
8332			ctl_set_prkey(lun, residx, sa_res_key);
8333			lun->pr_generation++;
8334			mtx_unlock(&lun->lun_lock);
8335
8336			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8337			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8338			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8339			persis_io.pr.pr_info.residx = residx;
8340			memcpy(persis_io.pr.pr_info.sa_res_key,
8341			       param->serv_act_res_key,
8342			       sizeof(param->serv_act_res_key));
8343			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8344			    sizeof(persis_io.pr), M_WAITOK);
8345		}
8346
8347		break;
8348	}
8349	case SPRO_RESERVE:
8350#if 0
8351                printf("Reserve executed type %d\n", type);
8352#endif
8353		mtx_lock(&lun->lun_lock);
8354		if (lun->flags & CTL_LUN_PR_RESERVED) {
8355			/*
8356			 * if this isn't the reservation holder and it's
8357			 * not a "all registrants" type or if the type is
8358			 * different then we have a conflict
8359			 */
8360			if ((lun->pr_res_idx != residx
8361			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8362			 || lun->pr_res_type != type) {
8363				mtx_unlock(&lun->lun_lock);
8364				free(ctsio->kern_data_ptr, M_CTL);
8365				ctl_set_reservation_conflict(ctsio);
8366				ctl_done((union ctl_io *)ctsio);
8367				return (CTL_RETVAL_COMPLETE);
8368			}
8369			mtx_unlock(&lun->lun_lock);
8370		} else /* create a reservation */ {
8371			/*
8372			 * If it's not an "all registrants" type record
8373			 * reservation holder
8374			 */
8375			if (type != SPR_TYPE_WR_EX_AR
8376			 && type != SPR_TYPE_EX_AC_AR)
8377				lun->pr_res_idx = residx; /* Res holder */
8378			else
8379				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8380
8381			lun->flags |= CTL_LUN_PR_RESERVED;
8382			lun->pr_res_type = type;
8383
8384			mtx_unlock(&lun->lun_lock);
8385
8386			/* send msg to other side */
8387			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8388			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8389			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8390			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8391			persis_io.pr.pr_info.res_type = type;
8392			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8393			    sizeof(persis_io.pr), M_WAITOK);
8394		}
8395		break;
8396
8397	case SPRO_RELEASE:
8398		mtx_lock(&lun->lun_lock);
8399		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8400			/* No reservation exists return good status */
8401			mtx_unlock(&lun->lun_lock);
8402			goto done;
8403		}
8404		/*
8405		 * Is this nexus a reservation holder?
8406		 */
8407		if (lun->pr_res_idx != residx
8408		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8409			/*
8410			 * not a res holder return good status but
8411			 * do nothing
8412			 */
8413			mtx_unlock(&lun->lun_lock);
8414			goto done;
8415		}
8416
8417		if (lun->pr_res_type != type) {
8418			mtx_unlock(&lun->lun_lock);
8419			free(ctsio->kern_data_ptr, M_CTL);
8420			ctl_set_illegal_pr_release(ctsio);
8421			ctl_done((union ctl_io *)ctsio);
8422			return (CTL_RETVAL_COMPLETE);
8423		}
8424
8425		/* okay to release */
8426		lun->flags &= ~CTL_LUN_PR_RESERVED;
8427		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8428		lun->pr_res_type = 0;
8429
8430		/*
8431		 * if this isn't an exclusive access
8432		 * res generate UA for all other
8433		 * registrants.
8434		 */
8435		if (type != SPR_TYPE_EX_AC
8436		 && type != SPR_TYPE_WR_EX) {
8437			for (i = softc->init_min; i < softc->init_max; i++) {
8438				if (i == residx || ctl_get_prkey(lun, i) == 0)
8439					continue;
8440				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8441			}
8442		}
8443		mtx_unlock(&lun->lun_lock);
8444
8445		/* Send msg to other side */
8446		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8447		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8448		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8449		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8450		     sizeof(persis_io.pr), M_WAITOK);
8451		break;
8452
8453	case SPRO_CLEAR:
8454		/* send msg to other side */
8455
8456		mtx_lock(&lun->lun_lock);
8457		lun->flags &= ~CTL_LUN_PR_RESERVED;
8458		lun->pr_res_type = 0;
8459		lun->pr_key_count = 0;
8460		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8461
8462		ctl_clr_prkey(lun, residx);
8463		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8464			if (ctl_get_prkey(lun, i) != 0) {
8465				ctl_clr_prkey(lun, i);
8466				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8467			}
8468		lun->pr_generation++;
8469		mtx_unlock(&lun->lun_lock);
8470
8471		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8472		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8473		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8474		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8475		     sizeof(persis_io.pr), M_WAITOK);
8476		break;
8477
8478	case SPRO_PREEMPT:
8479	case SPRO_PRE_ABO: {
8480		int nretval;
8481
8482		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8483					  residx, ctsio, cdb, param);
8484		if (nretval != 0)
8485			return (CTL_RETVAL_COMPLETE);
8486		break;
8487	}
8488	default:
8489		panic("%s: Invalid PR type %#x", __func__, cdb->action);
8490	}
8491
8492done:
8493	free(ctsio->kern_data_ptr, M_CTL);
8494	ctl_set_success(ctsio);
8495	ctl_done((union ctl_io *)ctsio);
8496
8497	return (retval);
8498}
8499
8500/*
8501 * This routine is for handling a message from the other SC pertaining to
8502 * persistent reserve out. All the error checking will have been done
8503 * so only perorming the action need be done here to keep the two
8504 * in sync.
8505 */
8506static void
8507ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8508{
8509	struct ctl_softc *softc = control_softc;
8510	struct ctl_lun *lun;
8511	int i;
8512	uint32_t residx, targ_lun;
8513
8514	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8515	mtx_lock(&softc->ctl_lock);
8516	if ((targ_lun >= CTL_MAX_LUNS) ||
8517	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8518		mtx_unlock(&softc->ctl_lock);
8519		return;
8520	}
8521	mtx_lock(&lun->lun_lock);
8522	mtx_unlock(&softc->ctl_lock);
8523	if (lun->flags & CTL_LUN_DISABLED) {
8524		mtx_unlock(&lun->lun_lock);
8525		return;
8526	}
8527	residx = ctl_get_initindex(&msg->hdr.nexus);
8528	switch(msg->pr.pr_info.action) {
8529	case CTL_PR_REG_KEY:
8530		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8531		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8532			lun->pr_key_count++;
8533		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8534		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8535		lun->pr_generation++;
8536		break;
8537
8538	case CTL_PR_UNREG_KEY:
8539		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8540		lun->pr_key_count--;
8541
8542		/* XXX Need to see if the reservation has been released */
8543		/* if so do we need to generate UA? */
8544		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8545			lun->flags &= ~CTL_LUN_PR_RESERVED;
8546			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8547
8548			if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8549			     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8550			    lun->pr_key_count) {
8551				/*
8552				 * If the reservation is a registrants
8553				 * only type we need to generate a UA
8554				 * for other registered inits.  The
8555				 * sense code should be RESERVATIONS
8556				 * RELEASED
8557				 */
8558
8559				for (i = softc->init_min; i < softc->init_max; i++) {
8560					if (ctl_get_prkey(lun, i) == 0)
8561						continue;
8562
8563					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8564				}
8565			}
8566			lun->pr_res_type = 0;
8567		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8568			if (lun->pr_key_count==0) {
8569				lun->flags &= ~CTL_LUN_PR_RESERVED;
8570				lun->pr_res_type = 0;
8571				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8572			}
8573		}
8574		lun->pr_generation++;
8575		break;
8576
8577	case CTL_PR_RESERVE:
8578		lun->flags |= CTL_LUN_PR_RESERVED;
8579		lun->pr_res_type = msg->pr.pr_info.res_type;
8580		lun->pr_res_idx = msg->pr.pr_info.residx;
8581
8582		break;
8583
8584	case CTL_PR_RELEASE:
8585		/*
8586		 * if this isn't an exclusive access res generate UA for all
8587		 * other registrants.
8588		 */
8589		if (lun->pr_res_type != SPR_TYPE_EX_AC &&
8590		    lun->pr_res_type != SPR_TYPE_WR_EX) {
8591			for (i = softc->init_min; i < softc->init_max; i++)
8592				if (i == residx || ctl_get_prkey(lun, i) == 0)
8593					continue;
8594				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8595		}
8596
8597		lun->flags &= ~CTL_LUN_PR_RESERVED;
8598		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8599		lun->pr_res_type = 0;
8600		break;
8601
8602	case CTL_PR_PREEMPT:
8603		ctl_pro_preempt_other(lun, msg);
8604		break;
8605	case CTL_PR_CLEAR:
8606		lun->flags &= ~CTL_LUN_PR_RESERVED;
8607		lun->pr_res_type = 0;
8608		lun->pr_key_count = 0;
8609		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8610
8611		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8612			if (ctl_get_prkey(lun, i) == 0)
8613				continue;
8614			ctl_clr_prkey(lun, i);
8615			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8616		}
8617		lun->pr_generation++;
8618		break;
8619	}
8620
8621	mtx_unlock(&lun->lun_lock);
8622}
8623
8624int
8625ctl_read_write(struct ctl_scsiio *ctsio)
8626{
8627	struct ctl_lun *lun;
8628	struct ctl_lba_len_flags *lbalen;
8629	uint64_t lba;
8630	uint32_t num_blocks;
8631	int flags, retval;
8632	int isread;
8633
8634	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8635
8636	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8637
8638	flags = 0;
8639	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8640	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8641	switch (ctsio->cdb[0]) {
8642	case READ_6:
8643	case WRITE_6: {
8644		struct scsi_rw_6 *cdb;
8645
8646		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8647
8648		lba = scsi_3btoul(cdb->addr);
8649		/* only 5 bits are valid in the most significant address byte */
8650		lba &= 0x1fffff;
8651		num_blocks = cdb->length;
8652		/*
8653		 * This is correct according to SBC-2.
8654		 */
8655		if (num_blocks == 0)
8656			num_blocks = 256;
8657		break;
8658	}
8659	case READ_10:
8660	case WRITE_10: {
8661		struct scsi_rw_10 *cdb;
8662
8663		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8664		if (cdb->byte2 & SRW10_FUA)
8665			flags |= CTL_LLF_FUA;
8666		if (cdb->byte2 & SRW10_DPO)
8667			flags |= CTL_LLF_DPO;
8668		lba = scsi_4btoul(cdb->addr);
8669		num_blocks = scsi_2btoul(cdb->length);
8670		break;
8671	}
8672	case WRITE_VERIFY_10: {
8673		struct scsi_write_verify_10 *cdb;
8674
8675		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8676		flags |= CTL_LLF_FUA;
8677		if (cdb->byte2 & SWV_DPO)
8678			flags |= CTL_LLF_DPO;
8679		lba = scsi_4btoul(cdb->addr);
8680		num_blocks = scsi_2btoul(cdb->length);
8681		break;
8682	}
8683	case READ_12:
8684	case WRITE_12: {
8685		struct scsi_rw_12 *cdb;
8686
8687		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8688		if (cdb->byte2 & SRW12_FUA)
8689			flags |= CTL_LLF_FUA;
8690		if (cdb->byte2 & SRW12_DPO)
8691			flags |= CTL_LLF_DPO;
8692		lba = scsi_4btoul(cdb->addr);
8693		num_blocks = scsi_4btoul(cdb->length);
8694		break;
8695	}
8696	case WRITE_VERIFY_12: {
8697		struct scsi_write_verify_12 *cdb;
8698
8699		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8700		flags |= CTL_LLF_FUA;
8701		if (cdb->byte2 & SWV_DPO)
8702			flags |= CTL_LLF_DPO;
8703		lba = scsi_4btoul(cdb->addr);
8704		num_blocks = scsi_4btoul(cdb->length);
8705		break;
8706	}
8707	case READ_16:
8708	case WRITE_16: {
8709		struct scsi_rw_16 *cdb;
8710
8711		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8712		if (cdb->byte2 & SRW12_FUA)
8713			flags |= CTL_LLF_FUA;
8714		if (cdb->byte2 & SRW12_DPO)
8715			flags |= CTL_LLF_DPO;
8716		lba = scsi_8btou64(cdb->addr);
8717		num_blocks = scsi_4btoul(cdb->length);
8718		break;
8719	}
8720	case WRITE_ATOMIC_16: {
8721		struct scsi_write_atomic_16 *cdb;
8722
8723		if (lun->be_lun->atomicblock == 0) {
8724			ctl_set_invalid_opcode(ctsio);
8725			ctl_done((union ctl_io *)ctsio);
8726			return (CTL_RETVAL_COMPLETE);
8727		}
8728
8729		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8730		if (cdb->byte2 & SRW12_FUA)
8731			flags |= CTL_LLF_FUA;
8732		if (cdb->byte2 & SRW12_DPO)
8733			flags |= CTL_LLF_DPO;
8734		lba = scsi_8btou64(cdb->addr);
8735		num_blocks = scsi_2btoul(cdb->length);
8736		if (num_blocks > lun->be_lun->atomicblock) {
8737			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8738			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8739			    /*bit*/ 0);
8740			ctl_done((union ctl_io *)ctsio);
8741			return (CTL_RETVAL_COMPLETE);
8742		}
8743		break;
8744	}
8745	case WRITE_VERIFY_16: {
8746		struct scsi_write_verify_16 *cdb;
8747
8748		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8749		flags |= CTL_LLF_FUA;
8750		if (cdb->byte2 & SWV_DPO)
8751			flags |= CTL_LLF_DPO;
8752		lba = scsi_8btou64(cdb->addr);
8753		num_blocks = scsi_4btoul(cdb->length);
8754		break;
8755	}
8756	default:
8757		/*
8758		 * We got a command we don't support.  This shouldn't
8759		 * happen, commands should be filtered out above us.
8760		 */
8761		ctl_set_invalid_opcode(ctsio);
8762		ctl_done((union ctl_io *)ctsio);
8763
8764		return (CTL_RETVAL_COMPLETE);
8765		break; /* NOTREACHED */
8766	}
8767
8768	/*
8769	 * The first check is to make sure we're in bounds, the second
8770	 * check is to catch wrap-around problems.  If the lba + num blocks
8771	 * is less than the lba, then we've wrapped around and the block
8772	 * range is invalid anyway.
8773	 */
8774	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8775	 || ((lba + num_blocks) < lba)) {
8776		ctl_set_lba_out_of_range(ctsio);
8777		ctl_done((union ctl_io *)ctsio);
8778		return (CTL_RETVAL_COMPLETE);
8779	}
8780
8781	/*
8782	 * According to SBC-3, a transfer length of 0 is not an error.
8783	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8784	 * translates to 256 blocks for those commands.
8785	 */
8786	if (num_blocks == 0) {
8787		ctl_set_success(ctsio);
8788		ctl_done((union ctl_io *)ctsio);
8789		return (CTL_RETVAL_COMPLETE);
8790	}
8791
8792	/* Set FUA and/or DPO if caches are disabled. */
8793	if (isread) {
8794		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8795		    SCP_RCD) != 0)
8796			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8797	} else {
8798		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8799		    SCP_WCE) == 0)
8800			flags |= CTL_LLF_FUA;
8801	}
8802
8803	lbalen = (struct ctl_lba_len_flags *)
8804	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8805	lbalen->lba = lba;
8806	lbalen->len = num_blocks;
8807	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8808
8809	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8810	ctsio->kern_rel_offset = 0;
8811
8812	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8813
8814	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8815	return (retval);
8816}
8817
8818static int
8819ctl_cnw_cont(union ctl_io *io)
8820{
8821	struct ctl_scsiio *ctsio;
8822	struct ctl_lun *lun;
8823	struct ctl_lba_len_flags *lbalen;
8824	int retval;
8825
8826	ctsio = &io->scsiio;
8827	ctsio->io_hdr.status = CTL_STATUS_NONE;
8828	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8829	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8830	lbalen = (struct ctl_lba_len_flags *)
8831	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8832	lbalen->flags &= ~CTL_LLF_COMPARE;
8833	lbalen->flags |= CTL_LLF_WRITE;
8834
8835	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8836	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8837	return (retval);
8838}
8839
8840int
8841ctl_cnw(struct ctl_scsiio *ctsio)
8842{
8843	struct ctl_lun *lun;
8844	struct ctl_lba_len_flags *lbalen;
8845	uint64_t lba;
8846	uint32_t num_blocks;
8847	int flags, retval;
8848
8849	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8850
8851	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8852
8853	flags = 0;
8854	switch (ctsio->cdb[0]) {
8855	case COMPARE_AND_WRITE: {
8856		struct scsi_compare_and_write *cdb;
8857
8858		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8859		if (cdb->byte2 & SRW10_FUA)
8860			flags |= CTL_LLF_FUA;
8861		if (cdb->byte2 & SRW10_DPO)
8862			flags |= CTL_LLF_DPO;
8863		lba = scsi_8btou64(cdb->addr);
8864		num_blocks = cdb->length;
8865		break;
8866	}
8867	default:
8868		/*
8869		 * We got a command we don't support.  This shouldn't
8870		 * happen, commands should be filtered out above us.
8871		 */
8872		ctl_set_invalid_opcode(ctsio);
8873		ctl_done((union ctl_io *)ctsio);
8874
8875		return (CTL_RETVAL_COMPLETE);
8876		break; /* NOTREACHED */
8877	}
8878
8879	/*
8880	 * The first check is to make sure we're in bounds, the second
8881	 * check is to catch wrap-around problems.  If the lba + num blocks
8882	 * is less than the lba, then we've wrapped around and the block
8883	 * range is invalid anyway.
8884	 */
8885	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8886	 || ((lba + num_blocks) < lba)) {
8887		ctl_set_lba_out_of_range(ctsio);
8888		ctl_done((union ctl_io *)ctsio);
8889		return (CTL_RETVAL_COMPLETE);
8890	}
8891
8892	/*
8893	 * According to SBC-3, a transfer length of 0 is not an error.
8894	 */
8895	if (num_blocks == 0) {
8896		ctl_set_success(ctsio);
8897		ctl_done((union ctl_io *)ctsio);
8898		return (CTL_RETVAL_COMPLETE);
8899	}
8900
8901	/* Set FUA if write cache is disabled. */
8902	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8903	    SCP_WCE) == 0)
8904		flags |= CTL_LLF_FUA;
8905
8906	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8907	ctsio->kern_rel_offset = 0;
8908
8909	/*
8910	 * Set the IO_CONT flag, so that if this I/O gets passed to
8911	 * ctl_data_submit_done(), it'll get passed back to
8912	 * ctl_ctl_cnw_cont() for further processing.
8913	 */
8914	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8915	ctsio->io_cont = ctl_cnw_cont;
8916
8917	lbalen = (struct ctl_lba_len_flags *)
8918	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8919	lbalen->lba = lba;
8920	lbalen->len = num_blocks;
8921	lbalen->flags = CTL_LLF_COMPARE | flags;
8922
8923	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8924	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8925	return (retval);
8926}
8927
8928int
8929ctl_verify(struct ctl_scsiio *ctsio)
8930{
8931	struct ctl_lun *lun;
8932	struct ctl_lba_len_flags *lbalen;
8933	uint64_t lba;
8934	uint32_t num_blocks;
8935	int bytchk, flags;
8936	int retval;
8937
8938	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8939
8940	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8941
8942	bytchk = 0;
8943	flags = CTL_LLF_FUA;
8944	switch (ctsio->cdb[0]) {
8945	case VERIFY_10: {
8946		struct scsi_verify_10 *cdb;
8947
8948		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8949		if (cdb->byte2 & SVFY_BYTCHK)
8950			bytchk = 1;
8951		if (cdb->byte2 & SVFY_DPO)
8952			flags |= CTL_LLF_DPO;
8953		lba = scsi_4btoul(cdb->addr);
8954		num_blocks = scsi_2btoul(cdb->length);
8955		break;
8956	}
8957	case VERIFY_12: {
8958		struct scsi_verify_12 *cdb;
8959
8960		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8961		if (cdb->byte2 & SVFY_BYTCHK)
8962			bytchk = 1;
8963		if (cdb->byte2 & SVFY_DPO)
8964			flags |= CTL_LLF_DPO;
8965		lba = scsi_4btoul(cdb->addr);
8966		num_blocks = scsi_4btoul(cdb->length);
8967		break;
8968	}
8969	case VERIFY_16: {
8970		struct scsi_rw_16 *cdb;
8971
8972		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8973		if (cdb->byte2 & SVFY_BYTCHK)
8974			bytchk = 1;
8975		if (cdb->byte2 & SVFY_DPO)
8976			flags |= CTL_LLF_DPO;
8977		lba = scsi_8btou64(cdb->addr);
8978		num_blocks = scsi_4btoul(cdb->length);
8979		break;
8980	}
8981	default:
8982		/*
8983		 * We got a command we don't support.  This shouldn't
8984		 * happen, commands should be filtered out above us.
8985		 */
8986		ctl_set_invalid_opcode(ctsio);
8987		ctl_done((union ctl_io *)ctsio);
8988		return (CTL_RETVAL_COMPLETE);
8989	}
8990
8991	/*
8992	 * The first check is to make sure we're in bounds, the second
8993	 * check is to catch wrap-around problems.  If the lba + num blocks
8994	 * is less than the lba, then we've wrapped around and the block
8995	 * range is invalid anyway.
8996	 */
8997	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8998	 || ((lba + num_blocks) < lba)) {
8999		ctl_set_lba_out_of_range(ctsio);
9000		ctl_done((union ctl_io *)ctsio);
9001		return (CTL_RETVAL_COMPLETE);
9002	}
9003
9004	/*
9005	 * According to SBC-3, a transfer length of 0 is not an error.
9006	 */
9007	if (num_blocks == 0) {
9008		ctl_set_success(ctsio);
9009		ctl_done((union ctl_io *)ctsio);
9010		return (CTL_RETVAL_COMPLETE);
9011	}
9012
9013	lbalen = (struct ctl_lba_len_flags *)
9014	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9015	lbalen->lba = lba;
9016	lbalen->len = num_blocks;
9017	if (bytchk) {
9018		lbalen->flags = CTL_LLF_COMPARE | flags;
9019		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9020	} else {
9021		lbalen->flags = CTL_LLF_VERIFY | flags;
9022		ctsio->kern_total_len = 0;
9023	}
9024	ctsio->kern_rel_offset = 0;
9025
9026	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9027	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9028	return (retval);
9029}
9030
9031int
9032ctl_report_luns(struct ctl_scsiio *ctsio)
9033{
9034	struct ctl_softc *softc;
9035	struct scsi_report_luns *cdb;
9036	struct scsi_report_luns_data *lun_data;
9037	struct ctl_lun *lun, *request_lun;
9038	struct ctl_port *port;
9039	int num_luns, retval;
9040	uint32_t alloc_len, lun_datalen;
9041	int num_filled;
9042	uint32_t initidx, targ_lun_id, lun_id;
9043
9044	retval = CTL_RETVAL_COMPLETE;
9045	cdb = (struct scsi_report_luns *)ctsio->cdb;
9046	port = ctl_io_port(&ctsio->io_hdr);
9047	softc = port->ctl_softc;
9048
9049	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9050
9051	mtx_lock(&softc->ctl_lock);
9052	num_luns = 0;
9053	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9054		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9055			num_luns++;
9056	}
9057	mtx_unlock(&softc->ctl_lock);
9058
9059	switch (cdb->select_report) {
9060	case RPL_REPORT_DEFAULT:
9061	case RPL_REPORT_ALL:
9062	case RPL_REPORT_NONSUBSID:
9063		break;
9064	case RPL_REPORT_WELLKNOWN:
9065	case RPL_REPORT_ADMIN:
9066	case RPL_REPORT_CONGLOM:
9067		num_luns = 0;
9068		break;
9069	default:
9070		ctl_set_invalid_field(ctsio,
9071				      /*sks_valid*/ 1,
9072				      /*command*/ 1,
9073				      /*field*/ 2,
9074				      /*bit_valid*/ 0,
9075				      /*bit*/ 0);
9076		ctl_done((union ctl_io *)ctsio);
9077		return (retval);
9078		break; /* NOTREACHED */
9079	}
9080
9081	alloc_len = scsi_4btoul(cdb->length);
9082	/*
9083	 * The initiator has to allocate at least 16 bytes for this request,
9084	 * so he can at least get the header and the first LUN.  Otherwise
9085	 * we reject the request (per SPC-3 rev 14, section 6.21).
9086	 */
9087	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9088	    sizeof(struct scsi_report_luns_lundata))) {
9089		ctl_set_invalid_field(ctsio,
9090				      /*sks_valid*/ 1,
9091				      /*command*/ 1,
9092				      /*field*/ 6,
9093				      /*bit_valid*/ 0,
9094				      /*bit*/ 0);
9095		ctl_done((union ctl_io *)ctsio);
9096		return (retval);
9097	}
9098
9099	request_lun = (struct ctl_lun *)
9100		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9101
9102	lun_datalen = sizeof(*lun_data) +
9103		(num_luns * sizeof(struct scsi_report_luns_lundata));
9104
9105	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9106	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9107	ctsio->kern_sg_entries = 0;
9108
9109	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9110
9111	mtx_lock(&softc->ctl_lock);
9112	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9113		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9114		if (lun_id >= CTL_MAX_LUNS)
9115			continue;
9116		lun = softc->ctl_luns[lun_id];
9117		if (lun == NULL)
9118			continue;
9119
9120		be64enc(lun_data->luns[num_filled++].lundata,
9121		    ctl_encode_lun(targ_lun_id));
9122
9123		/*
9124		 * According to SPC-3, rev 14 section 6.21:
9125		 *
9126		 * "The execution of a REPORT LUNS command to any valid and
9127		 * installed logical unit shall clear the REPORTED LUNS DATA
9128		 * HAS CHANGED unit attention condition for all logical
9129		 * units of that target with respect to the requesting
9130		 * initiator. A valid and installed logical unit is one
9131		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9132		 * INQUIRY data (see 6.4.2)."
9133		 *
9134		 * If request_lun is NULL, the LUN this report luns command
9135		 * was issued to is either disabled or doesn't exist. In that
9136		 * case, we shouldn't clear any pending lun change unit
9137		 * attention.
9138		 */
9139		if (request_lun != NULL) {
9140			mtx_lock(&lun->lun_lock);
9141			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9142			mtx_unlock(&lun->lun_lock);
9143		}
9144	}
9145	mtx_unlock(&softc->ctl_lock);
9146
9147	/*
9148	 * It's quite possible that we've returned fewer LUNs than we allocated
9149	 * space for.  Trim it.
9150	 */
9151	lun_datalen = sizeof(*lun_data) +
9152		(num_filled * sizeof(struct scsi_report_luns_lundata));
9153
9154	if (lun_datalen < alloc_len) {
9155		ctsio->residual = alloc_len - lun_datalen;
9156		ctsio->kern_data_len = lun_datalen;
9157		ctsio->kern_total_len = lun_datalen;
9158	} else {
9159		ctsio->residual = 0;
9160		ctsio->kern_data_len = alloc_len;
9161		ctsio->kern_total_len = alloc_len;
9162	}
9163	ctsio->kern_data_resid = 0;
9164	ctsio->kern_rel_offset = 0;
9165	ctsio->kern_sg_entries = 0;
9166
9167	/*
9168	 * We set this to the actual data length, regardless of how much
9169	 * space we actually have to return results.  If the user looks at
9170	 * this value, he'll know whether or not he allocated enough space
9171	 * and reissue the command if necessary.  We don't support well
9172	 * known logical units, so if the user asks for that, return none.
9173	 */
9174	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9175
9176	/*
9177	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9178	 * this request.
9179	 */
9180	ctl_set_success(ctsio);
9181	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9182	ctsio->be_move_done = ctl_config_move_done;
9183	ctl_datamove((union ctl_io *)ctsio);
9184	return (retval);
9185}
9186
9187int
9188ctl_request_sense(struct ctl_scsiio *ctsio)
9189{
9190	struct scsi_request_sense *cdb;
9191	struct scsi_sense_data *sense_ptr;
9192	struct ctl_softc *ctl_softc;
9193	struct ctl_lun *lun;
9194	uint32_t initidx;
9195	int have_error;
9196	scsi_sense_data_type sense_format;
9197	ctl_ua_type ua_type;
9198
9199	cdb = (struct scsi_request_sense *)ctsio->cdb;
9200
9201	ctl_softc = control_softc;
9202	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9203
9204	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9205
9206	/*
9207	 * Determine which sense format the user wants.
9208	 */
9209	if (cdb->byte2 & SRS_DESC)
9210		sense_format = SSD_TYPE_DESC;
9211	else
9212		sense_format = SSD_TYPE_FIXED;
9213
9214	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9215	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9216	ctsio->kern_sg_entries = 0;
9217
9218	/*
9219	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9220	 * larger than the largest allowed value for the length field in the
9221	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9222	 */
9223	ctsio->residual = 0;
9224	ctsio->kern_data_len = cdb->length;
9225	ctsio->kern_total_len = cdb->length;
9226
9227	ctsio->kern_data_resid = 0;
9228	ctsio->kern_rel_offset = 0;
9229	ctsio->kern_sg_entries = 0;
9230
9231	/*
9232	 * If we don't have a LUN, we don't have any pending sense.
9233	 */
9234	if (lun == NULL)
9235		goto no_sense;
9236
9237	have_error = 0;
9238	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9239	/*
9240	 * Check for pending sense, and then for pending unit attentions.
9241	 * Pending sense gets returned first, then pending unit attentions.
9242	 */
9243	mtx_lock(&lun->lun_lock);
9244#ifdef CTL_WITH_CA
9245	if (ctl_is_set(lun->have_ca, initidx)) {
9246		scsi_sense_data_type stored_format;
9247
9248		/*
9249		 * Check to see which sense format was used for the stored
9250		 * sense data.
9251		 */
9252		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9253
9254		/*
9255		 * If the user requested a different sense format than the
9256		 * one we stored, then we need to convert it to the other
9257		 * format.  If we're going from descriptor to fixed format
9258		 * sense data, we may lose things in translation, depending
9259		 * on what options were used.
9260		 *
9261		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9262		 * for some reason we'll just copy it out as-is.
9263		 */
9264		if ((stored_format == SSD_TYPE_FIXED)
9265		 && (sense_format == SSD_TYPE_DESC))
9266			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9267			    &lun->pending_sense[initidx],
9268			    (struct scsi_sense_data_desc *)sense_ptr);
9269		else if ((stored_format == SSD_TYPE_DESC)
9270		      && (sense_format == SSD_TYPE_FIXED))
9271			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9272			    &lun->pending_sense[initidx],
9273			    (struct scsi_sense_data_fixed *)sense_ptr);
9274		else
9275			memcpy(sense_ptr, &lun->pending_sense[initidx],
9276			       MIN(sizeof(*sense_ptr),
9277			       sizeof(lun->pending_sense[initidx])));
9278
9279		ctl_clear_mask(lun->have_ca, initidx);
9280		have_error = 1;
9281	} else
9282#endif
9283	{
9284		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9285		if (ua_type != CTL_UA_NONE)
9286			have_error = 1;
9287		if (ua_type == CTL_UA_LUN_CHANGE) {
9288			mtx_unlock(&lun->lun_lock);
9289			mtx_lock(&ctl_softc->ctl_lock);
9290			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9291			mtx_unlock(&ctl_softc->ctl_lock);
9292			mtx_lock(&lun->lun_lock);
9293		}
9294
9295	}
9296	mtx_unlock(&lun->lun_lock);
9297
9298	/*
9299	 * We already have a pending error, return it.
9300	 */
9301	if (have_error != 0) {
9302		/*
9303		 * We report the SCSI status as OK, since the status of the
9304		 * request sense command itself is OK.
9305		 * We report 0 for the sense length, because we aren't doing
9306		 * autosense in this case.  We're reporting sense as
9307		 * parameter data.
9308		 */
9309		ctl_set_success(ctsio);
9310		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9311		ctsio->be_move_done = ctl_config_move_done;
9312		ctl_datamove((union ctl_io *)ctsio);
9313		return (CTL_RETVAL_COMPLETE);
9314	}
9315
9316no_sense:
9317
9318	/*
9319	 * No sense information to report, so we report that everything is
9320	 * okay.
9321	 */
9322	ctl_set_sense_data(sense_ptr,
9323			   lun,
9324			   sense_format,
9325			   /*current_error*/ 1,
9326			   /*sense_key*/ SSD_KEY_NO_SENSE,
9327			   /*asc*/ 0x00,
9328			   /*ascq*/ 0x00,
9329			   SSD_ELEM_NONE);
9330
9331	/*
9332	 * We report 0 for the sense length, because we aren't doing
9333	 * autosense in this case.  We're reporting sense as parameter data.
9334	 */
9335	ctl_set_success(ctsio);
9336	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9337	ctsio->be_move_done = ctl_config_move_done;
9338	ctl_datamove((union ctl_io *)ctsio);
9339	return (CTL_RETVAL_COMPLETE);
9340}
9341
9342int
9343ctl_tur(struct ctl_scsiio *ctsio)
9344{
9345
9346	CTL_DEBUG_PRINT(("ctl_tur\n"));
9347
9348	ctl_set_success(ctsio);
9349	ctl_done((union ctl_io *)ctsio);
9350
9351	return (CTL_RETVAL_COMPLETE);
9352}
9353
9354/*
9355 * SCSI VPD page 0x00, the Supported VPD Pages page.
9356 */
9357static int
9358ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9359{
9360	struct scsi_vpd_supported_pages *pages;
9361	int sup_page_size;
9362	struct ctl_lun *lun;
9363	int p;
9364
9365	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9366
9367	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9368	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9369	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9370	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9371	ctsio->kern_sg_entries = 0;
9372
9373	if (sup_page_size < alloc_len) {
9374		ctsio->residual = alloc_len - sup_page_size;
9375		ctsio->kern_data_len = sup_page_size;
9376		ctsio->kern_total_len = sup_page_size;
9377	} else {
9378		ctsio->residual = 0;
9379		ctsio->kern_data_len = alloc_len;
9380		ctsio->kern_total_len = alloc_len;
9381	}
9382	ctsio->kern_data_resid = 0;
9383	ctsio->kern_rel_offset = 0;
9384	ctsio->kern_sg_entries = 0;
9385
9386	/*
9387	 * The control device is always connected.  The disk device, on the
9388	 * other hand, may not be online all the time.  Need to change this
9389	 * to figure out whether the disk device is actually online or not.
9390	 */
9391	if (lun != NULL)
9392		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9393				lun->be_lun->lun_type;
9394	else
9395		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9396
9397	p = 0;
9398	/* Supported VPD pages */
9399	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9400	/* Serial Number */
9401	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9402	/* Device Identification */
9403	pages->page_list[p++] = SVPD_DEVICE_ID;
9404	/* Extended INQUIRY Data */
9405	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9406	/* Mode Page Policy */
9407	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9408	/* SCSI Ports */
9409	pages->page_list[p++] = SVPD_SCSI_PORTS;
9410	/* Third-party Copy */
9411	pages->page_list[p++] = SVPD_SCSI_TPC;
9412	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9413		/* Block limits */
9414		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9415		/* Block Device Characteristics */
9416		pages->page_list[p++] = SVPD_BDC;
9417		/* Logical Block Provisioning */
9418		pages->page_list[p++] = SVPD_LBP;
9419	}
9420	pages->length = p;
9421
9422	ctl_set_success(ctsio);
9423	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9424	ctsio->be_move_done = ctl_config_move_done;
9425	ctl_datamove((union ctl_io *)ctsio);
9426	return (CTL_RETVAL_COMPLETE);
9427}
9428
9429/*
9430 * SCSI VPD page 0x80, the Unit Serial Number page.
9431 */
9432static int
9433ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9434{
9435	struct scsi_vpd_unit_serial_number *sn_ptr;
9436	struct ctl_lun *lun;
9437	int data_len;
9438
9439	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9440
9441	data_len = 4 + CTL_SN_LEN;
9442	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9443	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9444	if (data_len < alloc_len) {
9445		ctsio->residual = alloc_len - data_len;
9446		ctsio->kern_data_len = data_len;
9447		ctsio->kern_total_len = data_len;
9448	} else {
9449		ctsio->residual = 0;
9450		ctsio->kern_data_len = alloc_len;
9451		ctsio->kern_total_len = alloc_len;
9452	}
9453	ctsio->kern_data_resid = 0;
9454	ctsio->kern_rel_offset = 0;
9455	ctsio->kern_sg_entries = 0;
9456
9457	/*
9458	 * The control device is always connected.  The disk device, on the
9459	 * other hand, may not be online all the time.  Need to change this
9460	 * to figure out whether the disk device is actually online or not.
9461	 */
9462	if (lun != NULL)
9463		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9464				  lun->be_lun->lun_type;
9465	else
9466		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9467
9468	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9469	sn_ptr->length = CTL_SN_LEN;
9470	/*
9471	 * If we don't have a LUN, we just leave the serial number as
9472	 * all spaces.
9473	 */
9474	if (lun != NULL) {
9475		strncpy((char *)sn_ptr->serial_num,
9476			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9477	} else
9478		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9479
9480	ctl_set_success(ctsio);
9481	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9482	ctsio->be_move_done = ctl_config_move_done;
9483	ctl_datamove((union ctl_io *)ctsio);
9484	return (CTL_RETVAL_COMPLETE);
9485}
9486
9487
9488/*
9489 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9490 */
9491static int
9492ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9493{
9494	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9495	struct ctl_lun *lun;
9496	int data_len;
9497
9498	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9499
9500	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9501	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9502	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9503	ctsio->kern_sg_entries = 0;
9504
9505	if (data_len < alloc_len) {
9506		ctsio->residual = alloc_len - data_len;
9507		ctsio->kern_data_len = data_len;
9508		ctsio->kern_total_len = data_len;
9509	} else {
9510		ctsio->residual = 0;
9511		ctsio->kern_data_len = alloc_len;
9512		ctsio->kern_total_len = alloc_len;
9513	}
9514	ctsio->kern_data_resid = 0;
9515	ctsio->kern_rel_offset = 0;
9516	ctsio->kern_sg_entries = 0;
9517
9518	/*
9519	 * The control device is always connected.  The disk device, on the
9520	 * other hand, may not be online all the time.
9521	 */
9522	if (lun != NULL)
9523		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9524				     lun->be_lun->lun_type;
9525	else
9526		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9527	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9528	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9529	/*
9530	 * We support head of queue, ordered and simple tags.
9531	 */
9532	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9533	/*
9534	 * Volatile cache supported.
9535	 */
9536	eid_ptr->flags3 = SVPD_EID_V_SUP;
9537
9538	/*
9539	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9540	 * attention for a particular IT nexus on all LUNs once we report
9541	 * it to that nexus once.  This bit is required as of SPC-4.
9542	 */
9543	eid_ptr->flags4 = SVPD_EID_LUICLT;
9544
9545	/*
9546	 * XXX KDM in order to correctly answer this, we would need
9547	 * information from the SIM to determine how much sense data it
9548	 * can send.  So this would really be a path inquiry field, most
9549	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9550	 * but the hardware may or may not be able to support that much.
9551	 * 0 just means that the maximum sense data length is not reported.
9552	 */
9553	eid_ptr->max_sense_length = 0;
9554
9555	ctl_set_success(ctsio);
9556	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9557	ctsio->be_move_done = ctl_config_move_done;
9558	ctl_datamove((union ctl_io *)ctsio);
9559	return (CTL_RETVAL_COMPLETE);
9560}
9561
9562static int
9563ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9564{
9565	struct scsi_vpd_mode_page_policy *mpp_ptr;
9566	struct ctl_lun *lun;
9567	int data_len;
9568
9569	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9570
9571	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9572	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9573
9574	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9575	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9576	ctsio->kern_sg_entries = 0;
9577
9578	if (data_len < alloc_len) {
9579		ctsio->residual = alloc_len - data_len;
9580		ctsio->kern_data_len = data_len;
9581		ctsio->kern_total_len = data_len;
9582	} else {
9583		ctsio->residual = 0;
9584		ctsio->kern_data_len = alloc_len;
9585		ctsio->kern_total_len = alloc_len;
9586	}
9587	ctsio->kern_data_resid = 0;
9588	ctsio->kern_rel_offset = 0;
9589	ctsio->kern_sg_entries = 0;
9590
9591	/*
9592	 * The control device is always connected.  The disk device, on the
9593	 * other hand, may not be online all the time.
9594	 */
9595	if (lun != NULL)
9596		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9597				     lun->be_lun->lun_type;
9598	else
9599		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9600	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9601	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9602	mpp_ptr->descr[0].page_code = 0x3f;
9603	mpp_ptr->descr[0].subpage_code = 0xff;
9604	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9605
9606	ctl_set_success(ctsio);
9607	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9608	ctsio->be_move_done = ctl_config_move_done;
9609	ctl_datamove((union ctl_io *)ctsio);
9610	return (CTL_RETVAL_COMPLETE);
9611}
9612
9613/*
9614 * SCSI VPD page 0x83, the Device Identification page.
9615 */
9616static int
9617ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9618{
9619	struct scsi_vpd_device_id *devid_ptr;
9620	struct scsi_vpd_id_descriptor *desc;
9621	struct ctl_softc *softc;
9622	struct ctl_lun *lun;
9623	struct ctl_port *port;
9624	int data_len;
9625	uint8_t proto;
9626
9627	softc = control_softc;
9628
9629	port = ctl_io_port(&ctsio->io_hdr);
9630	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9631
9632	data_len = sizeof(struct scsi_vpd_device_id) +
9633	    sizeof(struct scsi_vpd_id_descriptor) +
9634		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9635	    sizeof(struct scsi_vpd_id_descriptor) +
9636		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9637	if (lun && lun->lun_devid)
9638		data_len += lun->lun_devid->len;
9639	if (port && port->port_devid)
9640		data_len += port->port_devid->len;
9641	if (port && port->target_devid)
9642		data_len += port->target_devid->len;
9643
9644	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9645	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9646	ctsio->kern_sg_entries = 0;
9647
9648	if (data_len < alloc_len) {
9649		ctsio->residual = alloc_len - data_len;
9650		ctsio->kern_data_len = data_len;
9651		ctsio->kern_total_len = data_len;
9652	} else {
9653		ctsio->residual = 0;
9654		ctsio->kern_data_len = alloc_len;
9655		ctsio->kern_total_len = alloc_len;
9656	}
9657	ctsio->kern_data_resid = 0;
9658	ctsio->kern_rel_offset = 0;
9659	ctsio->kern_sg_entries = 0;
9660
9661	/*
9662	 * The control device is always connected.  The disk device, on the
9663	 * other hand, may not be online all the time.
9664	 */
9665	if (lun != NULL)
9666		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9667				     lun->be_lun->lun_type;
9668	else
9669		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9670	devid_ptr->page_code = SVPD_DEVICE_ID;
9671	scsi_ulto2b(data_len - 4, devid_ptr->length);
9672
9673	if (port && port->port_type == CTL_PORT_FC)
9674		proto = SCSI_PROTO_FC << 4;
9675	else if (port && port->port_type == CTL_PORT_ISCSI)
9676		proto = SCSI_PROTO_ISCSI << 4;
9677	else
9678		proto = SCSI_PROTO_SPI << 4;
9679	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9680
9681	/*
9682	 * We're using a LUN association here.  i.e., this device ID is a
9683	 * per-LUN identifier.
9684	 */
9685	if (lun && lun->lun_devid) {
9686		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9687		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9688		    lun->lun_devid->len);
9689	}
9690
9691	/*
9692	 * This is for the WWPN which is a port association.
9693	 */
9694	if (port && port->port_devid) {
9695		memcpy(desc, port->port_devid->data, port->port_devid->len);
9696		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9697		    port->port_devid->len);
9698	}
9699
9700	/*
9701	 * This is for the Relative Target Port(type 4h) identifier
9702	 */
9703	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9704	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9705	    SVPD_ID_TYPE_RELTARG;
9706	desc->length = 4;
9707	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9708	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9709	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9710
9711	/*
9712	 * This is for the Target Port Group(type 5h) identifier
9713	 */
9714	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9715	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9716	    SVPD_ID_TYPE_TPORTGRP;
9717	desc->length = 4;
9718	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9719	    &desc->identifier[2]);
9720	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9721	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9722
9723	/*
9724	 * This is for the Target identifier
9725	 */
9726	if (port && port->target_devid) {
9727		memcpy(desc, port->target_devid->data, port->target_devid->len);
9728	}
9729
9730	ctl_set_success(ctsio);
9731	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9732	ctsio->be_move_done = ctl_config_move_done;
9733	ctl_datamove((union ctl_io *)ctsio);
9734	return (CTL_RETVAL_COMPLETE);
9735}
9736
9737static int
9738ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9739{
9740	struct ctl_softc *softc = control_softc;
9741	struct scsi_vpd_scsi_ports *sp;
9742	struct scsi_vpd_port_designation *pd;
9743	struct scsi_vpd_port_designation_cont *pdc;
9744	struct ctl_lun *lun;
9745	struct ctl_port *port;
9746	int data_len, num_target_ports, iid_len, id_len;
9747
9748	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9749
9750	num_target_ports = 0;
9751	iid_len = 0;
9752	id_len = 0;
9753	mtx_lock(&softc->ctl_lock);
9754	STAILQ_FOREACH(port, &softc->port_list, links) {
9755		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9756			continue;
9757		if (lun != NULL &&
9758		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9759			continue;
9760		num_target_ports++;
9761		if (port->init_devid)
9762			iid_len += port->init_devid->len;
9763		if (port->port_devid)
9764			id_len += port->port_devid->len;
9765	}
9766	mtx_unlock(&softc->ctl_lock);
9767
9768	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9769	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9770	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9771	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9772	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9773	ctsio->kern_sg_entries = 0;
9774
9775	if (data_len < alloc_len) {
9776		ctsio->residual = alloc_len - data_len;
9777		ctsio->kern_data_len = data_len;
9778		ctsio->kern_total_len = data_len;
9779	} else {
9780		ctsio->residual = 0;
9781		ctsio->kern_data_len = alloc_len;
9782		ctsio->kern_total_len = alloc_len;
9783	}
9784	ctsio->kern_data_resid = 0;
9785	ctsio->kern_rel_offset = 0;
9786	ctsio->kern_sg_entries = 0;
9787
9788	/*
9789	 * The control device is always connected.  The disk device, on the
9790	 * other hand, may not be online all the time.  Need to change this
9791	 * to figure out whether the disk device is actually online or not.
9792	 */
9793	if (lun != NULL)
9794		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9795				  lun->be_lun->lun_type;
9796	else
9797		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9798
9799	sp->page_code = SVPD_SCSI_PORTS;
9800	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9801	    sp->page_length);
9802	pd = &sp->design[0];
9803
9804	mtx_lock(&softc->ctl_lock);
9805	STAILQ_FOREACH(port, &softc->port_list, links) {
9806		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9807			continue;
9808		if (lun != NULL &&
9809		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9810			continue;
9811		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9812		if (port->init_devid) {
9813			iid_len = port->init_devid->len;
9814			memcpy(pd->initiator_transportid,
9815			    port->init_devid->data, port->init_devid->len);
9816		} else
9817			iid_len = 0;
9818		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9819		pdc = (struct scsi_vpd_port_designation_cont *)
9820		    (&pd->initiator_transportid[iid_len]);
9821		if (port->port_devid) {
9822			id_len = port->port_devid->len;
9823			memcpy(pdc->target_port_descriptors,
9824			    port->port_devid->data, port->port_devid->len);
9825		} else
9826			id_len = 0;
9827		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9828		pd = (struct scsi_vpd_port_designation *)
9829		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9830	}
9831	mtx_unlock(&softc->ctl_lock);
9832
9833	ctl_set_success(ctsio);
9834	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9835	ctsio->be_move_done = ctl_config_move_done;
9836	ctl_datamove((union ctl_io *)ctsio);
9837	return (CTL_RETVAL_COMPLETE);
9838}
9839
9840static int
9841ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9842{
9843	struct scsi_vpd_block_limits *bl_ptr;
9844	struct ctl_lun *lun;
9845
9846	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9847
9848	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9849	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9850	ctsio->kern_sg_entries = 0;
9851
9852	if (sizeof(*bl_ptr) < alloc_len) {
9853		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9854		ctsio->kern_data_len = sizeof(*bl_ptr);
9855		ctsio->kern_total_len = sizeof(*bl_ptr);
9856	} else {
9857		ctsio->residual = 0;
9858		ctsio->kern_data_len = alloc_len;
9859		ctsio->kern_total_len = alloc_len;
9860	}
9861	ctsio->kern_data_resid = 0;
9862	ctsio->kern_rel_offset = 0;
9863	ctsio->kern_sg_entries = 0;
9864
9865	/*
9866	 * The control device is always connected.  The disk device, on the
9867	 * other hand, may not be online all the time.  Need to change this
9868	 * to figure out whether the disk device is actually online or not.
9869	 */
9870	if (lun != NULL)
9871		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9872				  lun->be_lun->lun_type;
9873	else
9874		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9875
9876	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9877	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9878	bl_ptr->max_cmp_write_len = 0xff;
9879	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9880	if (lun != NULL) {
9881		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9882		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9883			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9884			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9885			if (lun->be_lun->ublockexp != 0) {
9886				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9887				    bl_ptr->opt_unmap_grain);
9888				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9889				    bl_ptr->unmap_grain_align);
9890			}
9891		}
9892		scsi_ulto4b(lun->be_lun->atomicblock,
9893		    bl_ptr->max_atomic_transfer_length);
9894		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9895		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9896		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9897		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9898	}
9899	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9900
9901	ctl_set_success(ctsio);
9902	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9903	ctsio->be_move_done = ctl_config_move_done;
9904	ctl_datamove((union ctl_io *)ctsio);
9905	return (CTL_RETVAL_COMPLETE);
9906}
9907
9908static int
9909ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9910{
9911	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9912	struct ctl_lun *lun;
9913	const char *value;
9914	u_int i;
9915
9916	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9917
9918	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9919	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9920	ctsio->kern_sg_entries = 0;
9921
9922	if (sizeof(*bdc_ptr) < alloc_len) {
9923		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9924		ctsio->kern_data_len = sizeof(*bdc_ptr);
9925		ctsio->kern_total_len = sizeof(*bdc_ptr);
9926	} else {
9927		ctsio->residual = 0;
9928		ctsio->kern_data_len = alloc_len;
9929		ctsio->kern_total_len = alloc_len;
9930	}
9931	ctsio->kern_data_resid = 0;
9932	ctsio->kern_rel_offset = 0;
9933	ctsio->kern_sg_entries = 0;
9934
9935	/*
9936	 * The control device is always connected.  The disk device, on the
9937	 * other hand, may not be online all the time.  Need to change this
9938	 * to figure out whether the disk device is actually online or not.
9939	 */
9940	if (lun != NULL)
9941		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9942				  lun->be_lun->lun_type;
9943	else
9944		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9945	bdc_ptr->page_code = SVPD_BDC;
9946	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9947	if (lun != NULL &&
9948	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9949		i = strtol(value, NULL, 0);
9950	else
9951		i = CTL_DEFAULT_ROTATION_RATE;
9952	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9953	if (lun != NULL &&
9954	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9955		i = strtol(value, NULL, 0);
9956	else
9957		i = 0;
9958	bdc_ptr->wab_wac_ff = (i & 0x0f);
9959	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9960
9961	ctl_set_success(ctsio);
9962	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9963	ctsio->be_move_done = ctl_config_move_done;
9964	ctl_datamove((union ctl_io *)ctsio);
9965	return (CTL_RETVAL_COMPLETE);
9966}
9967
9968static int
9969ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9970{
9971	struct scsi_vpd_logical_block_prov *lbp_ptr;
9972	struct ctl_lun *lun;
9973
9974	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9975
9976	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9977	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9978	ctsio->kern_sg_entries = 0;
9979
9980	if (sizeof(*lbp_ptr) < alloc_len) {
9981		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9982		ctsio->kern_data_len = sizeof(*lbp_ptr);
9983		ctsio->kern_total_len = sizeof(*lbp_ptr);
9984	} else {
9985		ctsio->residual = 0;
9986		ctsio->kern_data_len = alloc_len;
9987		ctsio->kern_total_len = alloc_len;
9988	}
9989	ctsio->kern_data_resid = 0;
9990	ctsio->kern_rel_offset = 0;
9991	ctsio->kern_sg_entries = 0;
9992
9993	/*
9994	 * The control device is always connected.  The disk device, on the
9995	 * other hand, may not be online all the time.  Need to change this
9996	 * to figure out whether the disk device is actually online or not.
9997	 */
9998	if (lun != NULL)
9999		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10000				  lun->be_lun->lun_type;
10001	else
10002		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10003
10004	lbp_ptr->page_code = SVPD_LBP;
10005	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10006	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10007	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10008		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10009		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10010		lbp_ptr->prov_type = SVPD_LBP_THIN;
10011	}
10012
10013	ctl_set_success(ctsio);
10014	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10015	ctsio->be_move_done = ctl_config_move_done;
10016	ctl_datamove((union ctl_io *)ctsio);
10017	return (CTL_RETVAL_COMPLETE);
10018}
10019
10020/*
10021 * INQUIRY with the EVPD bit set.
10022 */
10023static int
10024ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10025{
10026	struct ctl_lun *lun;
10027	struct scsi_inquiry *cdb;
10028	int alloc_len, retval;
10029
10030	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10031	cdb = (struct scsi_inquiry *)ctsio->cdb;
10032	alloc_len = scsi_2btoul(cdb->length);
10033
10034	switch (cdb->page_code) {
10035	case SVPD_SUPPORTED_PAGES:
10036		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10037		break;
10038	case SVPD_UNIT_SERIAL_NUMBER:
10039		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10040		break;
10041	case SVPD_DEVICE_ID:
10042		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10043		break;
10044	case SVPD_EXTENDED_INQUIRY_DATA:
10045		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10046		break;
10047	case SVPD_MODE_PAGE_POLICY:
10048		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10049		break;
10050	case SVPD_SCSI_PORTS:
10051		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10052		break;
10053	case SVPD_SCSI_TPC:
10054		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10055		break;
10056	case SVPD_BLOCK_LIMITS:
10057		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10058			goto err;
10059		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10060		break;
10061	case SVPD_BDC:
10062		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10063			goto err;
10064		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10065		break;
10066	case SVPD_LBP:
10067		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10068			goto err;
10069		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10070		break;
10071	default:
10072err:
10073		ctl_set_invalid_field(ctsio,
10074				      /*sks_valid*/ 1,
10075				      /*command*/ 1,
10076				      /*field*/ 2,
10077				      /*bit_valid*/ 0,
10078				      /*bit*/ 0);
10079		ctl_done((union ctl_io *)ctsio);
10080		retval = CTL_RETVAL_COMPLETE;
10081		break;
10082	}
10083
10084	return (retval);
10085}
10086
10087/*
10088 * Standard INQUIRY data.
10089 */
10090static int
10091ctl_inquiry_std(struct ctl_scsiio *ctsio)
10092{
10093	struct scsi_inquiry_data *inq_ptr;
10094	struct scsi_inquiry *cdb;
10095	struct ctl_softc *softc = control_softc;
10096	struct ctl_port *port;
10097	struct ctl_lun *lun;
10098	char *val;
10099	uint32_t alloc_len, data_len;
10100	ctl_port_type port_type;
10101
10102	port = ctl_io_port(&ctsio->io_hdr);
10103	port_type = port->port_type;
10104	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10105		port_type = CTL_PORT_SCSI;
10106
10107	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10108	cdb = (struct scsi_inquiry *)ctsio->cdb;
10109	alloc_len = scsi_2btoul(cdb->length);
10110
10111	/*
10112	 * We malloc the full inquiry data size here and fill it
10113	 * in.  If the user only asks for less, we'll give him
10114	 * that much.
10115	 */
10116	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10117	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10118	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10119	ctsio->kern_sg_entries = 0;
10120	ctsio->kern_data_resid = 0;
10121	ctsio->kern_rel_offset = 0;
10122
10123	if (data_len < alloc_len) {
10124		ctsio->residual = alloc_len - data_len;
10125		ctsio->kern_data_len = data_len;
10126		ctsio->kern_total_len = data_len;
10127	} else {
10128		ctsio->residual = 0;
10129		ctsio->kern_data_len = alloc_len;
10130		ctsio->kern_total_len = alloc_len;
10131	}
10132
10133	if (lun != NULL) {
10134		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10135		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10136			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10137			    lun->be_lun->lun_type;
10138		} else {
10139			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10140			    lun->be_lun->lun_type;
10141		}
10142		if (lun->flags & CTL_LUN_REMOVABLE)
10143			inq_ptr->dev_qual2 |= SID_RMB;
10144	} else
10145		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10146
10147	/* RMB in byte 2 is 0 */
10148	inq_ptr->version = SCSI_REV_SPC4;
10149
10150	/*
10151	 * According to SAM-3, even if a device only supports a single
10152	 * level of LUN addressing, it should still set the HISUP bit:
10153	 *
10154	 * 4.9.1 Logical unit numbers overview
10155	 *
10156	 * All logical unit number formats described in this standard are
10157	 * hierarchical in structure even when only a single level in that
10158	 * hierarchy is used. The HISUP bit shall be set to one in the
10159	 * standard INQUIRY data (see SPC-2) when any logical unit number
10160	 * format described in this standard is used.  Non-hierarchical
10161	 * formats are outside the scope of this standard.
10162	 *
10163	 * Therefore we set the HiSup bit here.
10164	 *
10165	 * The reponse format is 2, per SPC-3.
10166	 */
10167	inq_ptr->response_format = SID_HiSup | 2;
10168
10169	inq_ptr->additional_length = data_len -
10170	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10171	CTL_DEBUG_PRINT(("additional_length = %d\n",
10172			 inq_ptr->additional_length));
10173
10174	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10175	if (port_type == CTL_PORT_SCSI)
10176		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10177	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10178	inq_ptr->flags = SID_CmdQue;
10179	if (port_type == CTL_PORT_SCSI)
10180		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10181
10182	/*
10183	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10184	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10185	 * name and 4 bytes for the revision.
10186	 */
10187	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10188	    "vendor")) == NULL) {
10189		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10190	} else {
10191		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10192		strncpy(inq_ptr->vendor, val,
10193		    min(sizeof(inq_ptr->vendor), strlen(val)));
10194	}
10195	if (lun == NULL) {
10196		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10197		    sizeof(inq_ptr->product));
10198	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10199		switch (lun->be_lun->lun_type) {
10200		case T_DIRECT:
10201			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10202			    sizeof(inq_ptr->product));
10203			break;
10204		case T_PROCESSOR:
10205			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10206			    sizeof(inq_ptr->product));
10207			break;
10208		case T_CDROM:
10209			strncpy(inq_ptr->product, CTL_CDROM_PRODUCT,
10210			    sizeof(inq_ptr->product));
10211			break;
10212		default:
10213			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10214			    sizeof(inq_ptr->product));
10215			break;
10216		}
10217	} else {
10218		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10219		strncpy(inq_ptr->product, val,
10220		    min(sizeof(inq_ptr->product), strlen(val)));
10221	}
10222
10223	/*
10224	 * XXX make this a macro somewhere so it automatically gets
10225	 * incremented when we make changes.
10226	 */
10227	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10228	    "revision")) == NULL) {
10229		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10230	} else {
10231		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10232		strncpy(inq_ptr->revision, val,
10233		    min(sizeof(inq_ptr->revision), strlen(val)));
10234	}
10235
10236	/*
10237	 * For parallel SCSI, we support double transition and single
10238	 * transition clocking.  We also support QAS (Quick Arbitration
10239	 * and Selection) and Information Unit transfers on both the
10240	 * control and array devices.
10241	 */
10242	if (port_type == CTL_PORT_SCSI)
10243		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10244				    SID_SPI_IUS;
10245
10246	/* SAM-5 (no version claimed) */
10247	scsi_ulto2b(0x00A0, inq_ptr->version1);
10248	/* SPC-4 (no version claimed) */
10249	scsi_ulto2b(0x0460, inq_ptr->version2);
10250	if (port_type == CTL_PORT_FC) {
10251		/* FCP-2 ANSI INCITS.350:2003 */
10252		scsi_ulto2b(0x0917, inq_ptr->version3);
10253	} else if (port_type == CTL_PORT_SCSI) {
10254		/* SPI-4 ANSI INCITS.362:200x */
10255		scsi_ulto2b(0x0B56, inq_ptr->version3);
10256	} else if (port_type == CTL_PORT_ISCSI) {
10257		/* iSCSI (no version claimed) */
10258		scsi_ulto2b(0x0960, inq_ptr->version3);
10259	} else if (port_type == CTL_PORT_SAS) {
10260		/* SAS (no version claimed) */
10261		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10262	}
10263
10264	if (lun == NULL) {
10265		/* SBC-4 (no version claimed) */
10266		scsi_ulto2b(0x0600, inq_ptr->version4);
10267	} else {
10268		switch (lun->be_lun->lun_type) {
10269		case T_DIRECT:
10270			/* SBC-4 (no version claimed) */
10271			scsi_ulto2b(0x0600, inq_ptr->version4);
10272			break;
10273		case T_PROCESSOR:
10274			break;
10275		case T_CDROM:
10276			/* MMC-6 (no version claimed) */
10277			scsi_ulto2b(0x04E0, inq_ptr->version4);
10278			break;
10279		default:
10280			break;
10281		}
10282	}
10283
10284	ctl_set_success(ctsio);
10285	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10286	ctsio->be_move_done = ctl_config_move_done;
10287	ctl_datamove((union ctl_io *)ctsio);
10288	return (CTL_RETVAL_COMPLETE);
10289}
10290
10291int
10292ctl_inquiry(struct ctl_scsiio *ctsio)
10293{
10294	struct scsi_inquiry *cdb;
10295	int retval;
10296
10297	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10298
10299	cdb = (struct scsi_inquiry *)ctsio->cdb;
10300	if (cdb->byte2 & SI_EVPD)
10301		retval = ctl_inquiry_evpd(ctsio);
10302	else if (cdb->page_code == 0)
10303		retval = ctl_inquiry_std(ctsio);
10304	else {
10305		ctl_set_invalid_field(ctsio,
10306				      /*sks_valid*/ 1,
10307				      /*command*/ 1,
10308				      /*field*/ 2,
10309				      /*bit_valid*/ 0,
10310				      /*bit*/ 0);
10311		ctl_done((union ctl_io *)ctsio);
10312		return (CTL_RETVAL_COMPLETE);
10313	}
10314
10315	return (retval);
10316}
10317
10318int
10319ctl_get_config(struct ctl_scsiio *ctsio)
10320{
10321	struct scsi_get_config_header *hdr;
10322	struct scsi_get_config_feature *feature;
10323	struct scsi_get_config *cdb;
10324	struct ctl_lun *lun;
10325	uint32_t alloc_len, data_len;
10326	int rt, starting;
10327
10328	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10329	cdb = (struct scsi_get_config *)ctsio->cdb;
10330	rt = (cdb->rt & SGC_RT_MASK);
10331	starting = scsi_2btoul(cdb->starting_feature);
10332	alloc_len = scsi_2btoul(cdb->length);
10333
10334	data_len = sizeof(struct scsi_get_config_header) +
10335	    sizeof(struct scsi_get_config_feature) + 8 +
10336	    sizeof(struct scsi_get_config_feature) + 8 +
10337	    sizeof(struct scsi_get_config_feature) + 4 +
10338	    sizeof(struct scsi_get_config_feature) + 4 +
10339	    sizeof(struct scsi_get_config_feature) + 8 +
10340	    sizeof(struct scsi_get_config_feature) +
10341	    sizeof(struct scsi_get_config_feature) + 4 +
10342	    sizeof(struct scsi_get_config_feature) + 4 +
10343	    sizeof(struct scsi_get_config_feature) + 4 +
10344	    sizeof(struct scsi_get_config_feature) + 4 +
10345	    sizeof(struct scsi_get_config_feature) + 4 +
10346	    sizeof(struct scsi_get_config_feature) + 4;
10347	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10348	ctsio->kern_sg_entries = 0;
10349	ctsio->kern_data_resid = 0;
10350	ctsio->kern_rel_offset = 0;
10351
10352	hdr = (struct scsi_get_config_header *)ctsio->kern_data_ptr;
10353	if (lun->flags & CTL_LUN_NO_MEDIA)
10354		scsi_ulto2b(0x0000, hdr->current_profile);
10355	else
10356		scsi_ulto2b(0x0010, hdr->current_profile);
10357	feature = (struct scsi_get_config_feature *)(hdr + 1);
10358
10359	if (starting > 0x003b)
10360		goto done;
10361	if (starting > 0x003a)
10362		goto f3b;
10363	if (starting > 0x002b)
10364		goto f3a;
10365	if (starting > 0x002a)
10366		goto f2b;
10367	if (starting > 0x001f)
10368		goto f2a;
10369	if (starting > 0x001e)
10370		goto f1f;
10371	if (starting > 0x001d)
10372		goto f1e;
10373	if (starting > 0x0010)
10374		goto f1d;
10375	if (starting > 0x0003)
10376		goto f10;
10377	if (starting > 0x0002)
10378		goto f3;
10379	if (starting > 0x0001)
10380		goto f2;
10381	if (starting > 0x0000)
10382		goto f1;
10383
10384	/* Profile List */
10385	scsi_ulto2b(0x0000, feature->feature_code);
10386	feature->flags = SGC_F_PERSISTENT | SGC_F_CURRENT;
10387	feature->add_length = 8;
10388	scsi_ulto2b(0x0008, &feature->feature_data[0]);	/* CD-ROM */
10389	feature->feature_data[2] = 0x00;
10390	scsi_ulto2b(0x0010, &feature->feature_data[4]);	/* DVD-ROM */
10391	feature->feature_data[6] = 0x01;
10392	feature = (struct scsi_get_config_feature *)
10393	    &feature->feature_data[feature->add_length];
10394
10395f1:	/* Core */
10396	scsi_ulto2b(0x0001, feature->feature_code);
10397	feature->flags = 0x08 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10398	feature->add_length = 8;
10399	scsi_ulto4b(0x00000000, &feature->feature_data[0]);
10400	feature->feature_data[4] = 0x03;
10401	feature = (struct scsi_get_config_feature *)
10402	    &feature->feature_data[feature->add_length];
10403
10404f2:	/* Morphing */
10405	scsi_ulto2b(0x0002, feature->feature_code);
10406	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10407	feature->add_length = 4;
10408	feature->feature_data[0] = 0x02;
10409	feature = (struct scsi_get_config_feature *)
10410	    &feature->feature_data[feature->add_length];
10411
10412f3:	/* Removable Medium */
10413	scsi_ulto2b(0x0003, feature->feature_code);
10414	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10415	feature->add_length = 4;
10416	feature->feature_data[0] = 0x39;
10417	feature = (struct scsi_get_config_feature *)
10418	    &feature->feature_data[feature->add_length];
10419
10420	if (rt == SGC_RT_CURRENT && (lun->flags & CTL_LUN_NO_MEDIA))
10421		goto done;
10422
10423f10:	/* Random Read */
10424	scsi_ulto2b(0x0010, feature->feature_code);
10425	feature->flags = 0x00;
10426	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10427		feature->flags |= SGC_F_CURRENT;
10428	feature->add_length = 8;
10429	scsi_ulto4b(lun->be_lun->blocksize, &feature->feature_data[0]);
10430	scsi_ulto2b(1, &feature->feature_data[4]);
10431	feature->feature_data[6] = 0x00;
10432	feature = (struct scsi_get_config_feature *)
10433	    &feature->feature_data[feature->add_length];
10434
10435f1d:	/* Multi-Read */
10436	scsi_ulto2b(0x001D, feature->feature_code);
10437	feature->flags = 0x00;
10438	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10439		feature->flags |= SGC_F_CURRENT;
10440	feature->add_length = 0;
10441	feature = (struct scsi_get_config_feature *)
10442	    &feature->feature_data[feature->add_length];
10443
10444f1e:	/* CD Read */
10445	scsi_ulto2b(0x001E, feature->feature_code);
10446	feature->flags = 0x00;
10447	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10448		feature->flags |= SGC_F_CURRENT;
10449	feature->add_length = 4;
10450	feature->feature_data[0] = 0x00;
10451	feature = (struct scsi_get_config_feature *)
10452	    &feature->feature_data[feature->add_length];
10453
10454f1f:	/* DVD Read */
10455	scsi_ulto2b(0x001F, feature->feature_code);
10456	feature->flags = 0x08;
10457	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10458		feature->flags |= SGC_F_CURRENT;
10459	feature->add_length = 4;
10460	feature->feature_data[0] = 0x01;
10461	feature->feature_data[2] = 0x03;
10462	feature = (struct scsi_get_config_feature *)
10463	    &feature->feature_data[feature->add_length];
10464
10465f2a:	/* DVD+RW */
10466	scsi_ulto2b(0x002A, feature->feature_code);
10467	feature->flags = 0x04;
10468	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10469		feature->flags |= SGC_F_CURRENT;
10470	feature->add_length = 4;
10471	feature->feature_data[0] = 0x00;
10472	feature->feature_data[1] = 0x00;
10473	feature = (struct scsi_get_config_feature *)
10474	    &feature->feature_data[feature->add_length];
10475
10476f2b:	/* DVD+R */
10477	scsi_ulto2b(0x002B, feature->feature_code);
10478	feature->flags = 0x00;
10479	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10480		feature->flags |= SGC_F_CURRENT;
10481	feature->add_length = 4;
10482	feature->feature_data[0] = 0x00;
10483	feature = (struct scsi_get_config_feature *)
10484	    &feature->feature_data[feature->add_length];
10485
10486f3a:	/* DVD+RW Dual Layer */
10487	scsi_ulto2b(0x003A, feature->feature_code);
10488	feature->flags = 0x00;
10489	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10490		feature->flags |= SGC_F_CURRENT;
10491	feature->add_length = 4;
10492	feature->feature_data[0] = 0x00;
10493	feature->feature_data[1] = 0x00;
10494	feature = (struct scsi_get_config_feature *)
10495	    &feature->feature_data[feature->add_length];
10496
10497f3b:	/* DVD+R Dual Layer */
10498	scsi_ulto2b(0x003B, feature->feature_code);
10499	feature->flags = 0x00;
10500	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10501		feature->flags |= SGC_F_CURRENT;
10502	feature->add_length = 4;
10503	feature->feature_data[0] = 0x00;
10504	feature = (struct scsi_get_config_feature *)
10505	    &feature->feature_data[feature->add_length];
10506
10507done:
10508	data_len = (uint8_t *)feature - (uint8_t *)hdr;
10509	if (rt == SGC_RT_SPECIFIC && data_len > 4) {
10510		feature = (struct scsi_get_config_feature *)(hdr + 1);
10511		if (scsi_2btoul(feature->feature_code) == starting)
10512			feature = (struct scsi_get_config_feature *)
10513			    &feature->feature_data[feature->add_length];
10514		data_len = (uint8_t *)feature - (uint8_t *)hdr;
10515	}
10516	scsi_ulto4b(data_len - 4, hdr->data_length);
10517	if (data_len < alloc_len) {
10518		ctsio->residual = alloc_len - data_len;
10519		ctsio->kern_data_len = data_len;
10520		ctsio->kern_total_len = data_len;
10521	} else {
10522		ctsio->residual = 0;
10523		ctsio->kern_data_len = alloc_len;
10524		ctsio->kern_total_len = alloc_len;
10525	}
10526
10527	ctl_set_success(ctsio);
10528	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10529	ctsio->be_move_done = ctl_config_move_done;
10530	ctl_datamove((union ctl_io *)ctsio);
10531	return (CTL_RETVAL_COMPLETE);
10532}
10533
10534int
10535ctl_get_event_status(struct ctl_scsiio *ctsio)
10536{
10537	struct scsi_get_event_status_header *hdr;
10538	struct scsi_get_event_status *cdb;
10539	struct ctl_lun *lun;
10540	uint32_t alloc_len, data_len;
10541	int notif_class;
10542
10543	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10544	cdb = (struct scsi_get_event_status *)ctsio->cdb;
10545	if ((cdb->byte2 & SGESN_POLLED) == 0) {
10546		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
10547		    /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
10548		ctl_done((union ctl_io *)ctsio);
10549		return (CTL_RETVAL_COMPLETE);
10550	}
10551	notif_class = cdb->notif_class;
10552	alloc_len = scsi_2btoul(cdb->length);
10553
10554	data_len = sizeof(struct scsi_get_event_status_header);
10555	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10556	ctsio->kern_sg_entries = 0;
10557	ctsio->kern_data_resid = 0;
10558	ctsio->kern_rel_offset = 0;
10559
10560	if (data_len < alloc_len) {
10561		ctsio->residual = alloc_len - data_len;
10562		ctsio->kern_data_len = data_len;
10563		ctsio->kern_total_len = data_len;
10564	} else {
10565		ctsio->residual = 0;
10566		ctsio->kern_data_len = alloc_len;
10567		ctsio->kern_total_len = alloc_len;
10568	}
10569
10570	hdr = (struct scsi_get_event_status_header *)ctsio->kern_data_ptr;
10571	scsi_ulto2b(0, hdr->descr_length);
10572	hdr->nea_class = SGESN_NEA;
10573	hdr->supported_class = 0;
10574
10575	ctl_set_success(ctsio);
10576	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10577	ctsio->be_move_done = ctl_config_move_done;
10578	ctl_datamove((union ctl_io *)ctsio);
10579	return (CTL_RETVAL_COMPLETE);
10580}
10581
10582int
10583ctl_mechanism_status(struct ctl_scsiio *ctsio)
10584{
10585	struct scsi_mechanism_status_header *hdr;
10586	struct scsi_mechanism_status *cdb;
10587	struct ctl_lun *lun;
10588	uint32_t alloc_len, data_len;
10589
10590	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10591	cdb = (struct scsi_mechanism_status *)ctsio->cdb;
10592	alloc_len = scsi_2btoul(cdb->length);
10593
10594	data_len = sizeof(struct scsi_mechanism_status_header);
10595	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10596	ctsio->kern_sg_entries = 0;
10597	ctsio->kern_data_resid = 0;
10598	ctsio->kern_rel_offset = 0;
10599
10600	if (data_len < alloc_len) {
10601		ctsio->residual = alloc_len - data_len;
10602		ctsio->kern_data_len = data_len;
10603		ctsio->kern_total_len = data_len;
10604	} else {
10605		ctsio->residual = 0;
10606		ctsio->kern_data_len = alloc_len;
10607		ctsio->kern_total_len = alloc_len;
10608	}
10609
10610	hdr = (struct scsi_mechanism_status_header *)ctsio->kern_data_ptr;
10611	hdr->state1 = 0x00;
10612	hdr->state2 = 0xe0;
10613	scsi_ulto3b(0, hdr->lba);
10614	hdr->slots_num = 0;
10615	scsi_ulto2b(0, hdr->slots_length);
10616
10617	ctl_set_success(ctsio);
10618	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10619	ctsio->be_move_done = ctl_config_move_done;
10620	ctl_datamove((union ctl_io *)ctsio);
10621	return (CTL_RETVAL_COMPLETE);
10622}
10623
10624static void
10625ctl_ultomsf(uint32_t lba, uint8_t *buf)
10626{
10627
10628	lba += 150;
10629	buf[0] = 0;
10630	buf[1] = bin2bcd((lba / 75) / 60);
10631	buf[2] = bin2bcd((lba / 75) % 60);
10632	buf[3] = bin2bcd(lba % 75);
10633}
10634
10635int
10636ctl_read_toc(struct ctl_scsiio *ctsio)
10637{
10638	struct scsi_read_toc_hdr *hdr;
10639	struct scsi_read_toc_type01_descr *descr;
10640	struct scsi_read_toc *cdb;
10641	struct ctl_lun *lun;
10642	uint32_t alloc_len, data_len;
10643	int format, msf;
10644
10645	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10646	cdb = (struct scsi_read_toc *)ctsio->cdb;
10647	msf = (cdb->byte2 & CD_MSF) != 0;
10648	format = cdb->format;
10649	alloc_len = scsi_2btoul(cdb->data_len);
10650
10651	data_len = sizeof(struct scsi_read_toc_hdr);
10652	if (format == 0)
10653		data_len += 2 * sizeof(struct scsi_read_toc_type01_descr);
10654	else
10655		data_len += sizeof(struct scsi_read_toc_type01_descr);
10656	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10657	ctsio->kern_sg_entries = 0;
10658	ctsio->kern_data_resid = 0;
10659	ctsio->kern_rel_offset = 0;
10660
10661	if (data_len < alloc_len) {
10662		ctsio->residual = alloc_len - data_len;
10663		ctsio->kern_data_len = data_len;
10664		ctsio->kern_total_len = data_len;
10665	} else {
10666		ctsio->residual = 0;
10667		ctsio->kern_data_len = alloc_len;
10668		ctsio->kern_total_len = alloc_len;
10669	}
10670
10671	hdr = (struct scsi_read_toc_hdr *)ctsio->kern_data_ptr;
10672	if (format == 0) {
10673		scsi_ulto2b(0x12, hdr->data_length);
10674		hdr->first = 1;
10675		hdr->last = 1;
10676		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10677		descr->addr_ctl = 0x14;
10678		descr->track_number = 1;
10679		if (msf)
10680			ctl_ultomsf(0, descr->track_start);
10681		else
10682			scsi_ulto4b(0, descr->track_start);
10683		descr++;
10684		descr->addr_ctl = 0x14;
10685		descr->track_number = 0xaa;
10686		if (msf)
10687			ctl_ultomsf(lun->be_lun->maxlba+1, descr->track_start);
10688		else
10689			scsi_ulto4b(lun->be_lun->maxlba+1, descr->track_start);
10690	} else {
10691		scsi_ulto2b(0x0a, hdr->data_length);
10692		hdr->first = 1;
10693		hdr->last = 1;
10694		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10695		descr->addr_ctl = 0x14;
10696		descr->track_number = 1;
10697		if (msf)
10698			ctl_ultomsf(0, descr->track_start);
10699		else
10700			scsi_ulto4b(0, descr->track_start);
10701	}
10702
10703	ctl_set_success(ctsio);
10704	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10705	ctsio->be_move_done = ctl_config_move_done;
10706	ctl_datamove((union ctl_io *)ctsio);
10707	return (CTL_RETVAL_COMPLETE);
10708}
10709
10710/*
10711 * For known CDB types, parse the LBA and length.
10712 */
10713static int
10714ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10715{
10716	if (io->io_hdr.io_type != CTL_IO_SCSI)
10717		return (1);
10718
10719	switch (io->scsiio.cdb[0]) {
10720	case COMPARE_AND_WRITE: {
10721		struct scsi_compare_and_write *cdb;
10722
10723		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10724
10725		*lba = scsi_8btou64(cdb->addr);
10726		*len = cdb->length;
10727		break;
10728	}
10729	case READ_6:
10730	case WRITE_6: {
10731		struct scsi_rw_6 *cdb;
10732
10733		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10734
10735		*lba = scsi_3btoul(cdb->addr);
10736		/* only 5 bits are valid in the most significant address byte */
10737		*lba &= 0x1fffff;
10738		*len = cdb->length;
10739		break;
10740	}
10741	case READ_10:
10742	case WRITE_10: {
10743		struct scsi_rw_10 *cdb;
10744
10745		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10746
10747		*lba = scsi_4btoul(cdb->addr);
10748		*len = scsi_2btoul(cdb->length);
10749		break;
10750	}
10751	case WRITE_VERIFY_10: {
10752		struct scsi_write_verify_10 *cdb;
10753
10754		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10755
10756		*lba = scsi_4btoul(cdb->addr);
10757		*len = scsi_2btoul(cdb->length);
10758		break;
10759	}
10760	case READ_12:
10761	case WRITE_12: {
10762		struct scsi_rw_12 *cdb;
10763
10764		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10765
10766		*lba = scsi_4btoul(cdb->addr);
10767		*len = scsi_4btoul(cdb->length);
10768		break;
10769	}
10770	case WRITE_VERIFY_12: {
10771		struct scsi_write_verify_12 *cdb;
10772
10773		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10774
10775		*lba = scsi_4btoul(cdb->addr);
10776		*len = scsi_4btoul(cdb->length);
10777		break;
10778	}
10779	case READ_16:
10780	case WRITE_16: {
10781		struct scsi_rw_16 *cdb;
10782
10783		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10784
10785		*lba = scsi_8btou64(cdb->addr);
10786		*len = scsi_4btoul(cdb->length);
10787		break;
10788	}
10789	case WRITE_ATOMIC_16: {
10790		struct scsi_write_atomic_16 *cdb;
10791
10792		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10793
10794		*lba = scsi_8btou64(cdb->addr);
10795		*len = scsi_2btoul(cdb->length);
10796		break;
10797	}
10798	case WRITE_VERIFY_16: {
10799		struct scsi_write_verify_16 *cdb;
10800
10801		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10802
10803		*lba = scsi_8btou64(cdb->addr);
10804		*len = scsi_4btoul(cdb->length);
10805		break;
10806	}
10807	case WRITE_SAME_10: {
10808		struct scsi_write_same_10 *cdb;
10809
10810		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10811
10812		*lba = scsi_4btoul(cdb->addr);
10813		*len = scsi_2btoul(cdb->length);
10814		break;
10815	}
10816	case WRITE_SAME_16: {
10817		struct scsi_write_same_16 *cdb;
10818
10819		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10820
10821		*lba = scsi_8btou64(cdb->addr);
10822		*len = scsi_4btoul(cdb->length);
10823		break;
10824	}
10825	case VERIFY_10: {
10826		struct scsi_verify_10 *cdb;
10827
10828		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10829
10830		*lba = scsi_4btoul(cdb->addr);
10831		*len = scsi_2btoul(cdb->length);
10832		break;
10833	}
10834	case VERIFY_12: {
10835		struct scsi_verify_12 *cdb;
10836
10837		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10838
10839		*lba = scsi_4btoul(cdb->addr);
10840		*len = scsi_4btoul(cdb->length);
10841		break;
10842	}
10843	case VERIFY_16: {
10844		struct scsi_verify_16 *cdb;
10845
10846		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10847
10848		*lba = scsi_8btou64(cdb->addr);
10849		*len = scsi_4btoul(cdb->length);
10850		break;
10851	}
10852	case UNMAP: {
10853		*lba = 0;
10854		*len = UINT64_MAX;
10855		break;
10856	}
10857	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10858		struct scsi_get_lba_status *cdb;
10859
10860		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10861		*lba = scsi_8btou64(cdb->addr);
10862		*len = UINT32_MAX;
10863		break;
10864	}
10865	default:
10866		return (1);
10867		break; /* NOTREACHED */
10868	}
10869
10870	return (0);
10871}
10872
10873static ctl_action
10874ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10875    bool seq)
10876{
10877	uint64_t endlba1, endlba2;
10878
10879	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10880	endlba2 = lba2 + len2 - 1;
10881
10882	if ((endlba1 < lba2) || (endlba2 < lba1))
10883		return (CTL_ACTION_PASS);
10884	else
10885		return (CTL_ACTION_BLOCK);
10886}
10887
10888static int
10889ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10890{
10891	struct ctl_ptr_len_flags *ptrlen;
10892	struct scsi_unmap_desc *buf, *end, *range;
10893	uint64_t lba;
10894	uint32_t len;
10895
10896	/* If not UNMAP -- go other way. */
10897	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10898	    io->scsiio.cdb[0] != UNMAP)
10899		return (CTL_ACTION_ERROR);
10900
10901	/* If UNMAP without data -- block and wait for data. */
10902	ptrlen = (struct ctl_ptr_len_flags *)
10903	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10904	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10905	    ptrlen->ptr == NULL)
10906		return (CTL_ACTION_BLOCK);
10907
10908	/* UNMAP with data -- check for collision. */
10909	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10910	end = buf + ptrlen->len / sizeof(*buf);
10911	for (range = buf; range < end; range++) {
10912		lba = scsi_8btou64(range->lba);
10913		len = scsi_4btoul(range->length);
10914		if ((lba < lba2 + len2) && (lba + len > lba2))
10915			return (CTL_ACTION_BLOCK);
10916	}
10917	return (CTL_ACTION_PASS);
10918}
10919
10920static ctl_action
10921ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10922{
10923	uint64_t lba1, lba2;
10924	uint64_t len1, len2;
10925	int retval;
10926
10927	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10928		return (CTL_ACTION_ERROR);
10929
10930	retval = ctl_extent_check_unmap(io1, lba2, len2);
10931	if (retval != CTL_ACTION_ERROR)
10932		return (retval);
10933
10934	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10935		return (CTL_ACTION_ERROR);
10936
10937	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10938		seq = FALSE;
10939	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10940}
10941
10942static ctl_action
10943ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10944{
10945	uint64_t lba1, lba2;
10946	uint64_t len1, len2;
10947
10948	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10949		return (CTL_ACTION_PASS);
10950	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10951		return (CTL_ACTION_ERROR);
10952	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10953		return (CTL_ACTION_ERROR);
10954
10955	if (lba1 + len1 == lba2)
10956		return (CTL_ACTION_BLOCK);
10957	return (CTL_ACTION_PASS);
10958}
10959
10960static ctl_action
10961ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10962    union ctl_io *ooa_io)
10963{
10964	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10965	const ctl_serialize_action *serialize_row;
10966
10967	/*
10968	 * The initiator attempted multiple untagged commands at the same
10969	 * time.  Can't do that.
10970	 */
10971	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10972	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10973	 && ((pending_io->io_hdr.nexus.targ_port ==
10974	      ooa_io->io_hdr.nexus.targ_port)
10975	  && (pending_io->io_hdr.nexus.initid ==
10976	      ooa_io->io_hdr.nexus.initid))
10977	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10978	      CTL_FLAG_STATUS_SENT)) == 0))
10979		return (CTL_ACTION_OVERLAP);
10980
10981	/*
10982	 * The initiator attempted to send multiple tagged commands with
10983	 * the same ID.  (It's fine if different initiators have the same
10984	 * tag ID.)
10985	 *
10986	 * Even if all of those conditions are true, we don't kill the I/O
10987	 * if the command ahead of us has been aborted.  We won't end up
10988	 * sending it to the FETD, and it's perfectly legal to resend a
10989	 * command with the same tag number as long as the previous
10990	 * instance of this tag number has been aborted somehow.
10991	 */
10992	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10993	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10994	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10995	 && ((pending_io->io_hdr.nexus.targ_port ==
10996	      ooa_io->io_hdr.nexus.targ_port)
10997	  && (pending_io->io_hdr.nexus.initid ==
10998	      ooa_io->io_hdr.nexus.initid))
10999	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
11000	      CTL_FLAG_STATUS_SENT)) == 0))
11001		return (CTL_ACTION_OVERLAP_TAG);
11002
11003	/*
11004	 * If we get a head of queue tag, SAM-3 says that we should
11005	 * immediately execute it.
11006	 *
11007	 * What happens if this command would normally block for some other
11008	 * reason?  e.g. a request sense with a head of queue tag
11009	 * immediately after a write.  Normally that would block, but this
11010	 * will result in its getting executed immediately...
11011	 *
11012	 * We currently return "pass" instead of "skip", so we'll end up
11013	 * going through the rest of the queue to check for overlapped tags.
11014	 *
11015	 * XXX KDM check for other types of blockage first??
11016	 */
11017	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11018		return (CTL_ACTION_PASS);
11019
11020	/*
11021	 * Ordered tags have to block until all items ahead of them
11022	 * have completed.  If we get called with an ordered tag, we always
11023	 * block, if something else is ahead of us in the queue.
11024	 */
11025	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
11026		return (CTL_ACTION_BLOCK);
11027
11028	/*
11029	 * Simple tags get blocked until all head of queue and ordered tags
11030	 * ahead of them have completed.  I'm lumping untagged commands in
11031	 * with simple tags here.  XXX KDM is that the right thing to do?
11032	 */
11033	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11034	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
11035	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11036	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
11037		return (CTL_ACTION_BLOCK);
11038
11039	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
11040	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
11041
11042	serialize_row = ctl_serialize_table[ooa_entry->seridx];
11043
11044	switch (serialize_row[pending_entry->seridx]) {
11045	case CTL_SER_BLOCK:
11046		return (CTL_ACTION_BLOCK);
11047	case CTL_SER_EXTENT:
11048		return (ctl_extent_check(ooa_io, pending_io,
11049		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
11050	case CTL_SER_EXTENTOPT:
11051		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11052		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11053			return (ctl_extent_check(ooa_io, pending_io,
11054			    (lun->be_lun &&
11055			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
11056		return (CTL_ACTION_PASS);
11057	case CTL_SER_EXTENTSEQ:
11058		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
11059			return (ctl_extent_check_seq(ooa_io, pending_io));
11060		return (CTL_ACTION_PASS);
11061	case CTL_SER_PASS:
11062		return (CTL_ACTION_PASS);
11063	case CTL_SER_BLOCKOPT:
11064		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11065		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11066			return (CTL_ACTION_BLOCK);
11067		return (CTL_ACTION_PASS);
11068	case CTL_SER_SKIP:
11069		return (CTL_ACTION_SKIP);
11070	default:
11071		panic("%s: Invalid serialization value %d for %d => %d",
11072		    __func__, serialize_row[pending_entry->seridx],
11073		    pending_entry->seridx, ooa_entry->seridx);
11074	}
11075
11076	return (CTL_ACTION_ERROR);
11077}
11078
11079/*
11080 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
11081 * Assumptions:
11082 * - pending_io is generally either incoming, or on the blocked queue
11083 * - starting I/O is the I/O we want to start the check with.
11084 */
11085static ctl_action
11086ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
11087	      union ctl_io *starting_io)
11088{
11089	union ctl_io *ooa_io;
11090	ctl_action action;
11091
11092	mtx_assert(&lun->lun_lock, MA_OWNED);
11093
11094	/*
11095	 * Run back along the OOA queue, starting with the current
11096	 * blocked I/O and going through every I/O before it on the
11097	 * queue.  If starting_io is NULL, we'll just end up returning
11098	 * CTL_ACTION_PASS.
11099	 */
11100	for (ooa_io = starting_io; ooa_io != NULL;
11101	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11102	     ooa_links)){
11103
11104		/*
11105		 * This routine just checks to see whether
11106		 * cur_blocked is blocked by ooa_io, which is ahead
11107		 * of it in the queue.  It doesn't queue/dequeue
11108		 * cur_blocked.
11109		 */
11110		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11111		switch (action) {
11112		case CTL_ACTION_BLOCK:
11113		case CTL_ACTION_OVERLAP:
11114		case CTL_ACTION_OVERLAP_TAG:
11115		case CTL_ACTION_SKIP:
11116		case CTL_ACTION_ERROR:
11117			return (action);
11118			break; /* NOTREACHED */
11119		case CTL_ACTION_PASS:
11120			break;
11121		default:
11122			panic("%s: Invalid action %d\n", __func__, action);
11123		}
11124	}
11125
11126	return (CTL_ACTION_PASS);
11127}
11128
11129/*
11130 * Assumptions:
11131 * - An I/O has just completed, and has been removed from the per-LUN OOA
11132 *   queue, so some items on the blocked queue may now be unblocked.
11133 */
11134static int
11135ctl_check_blocked(struct ctl_lun *lun)
11136{
11137	struct ctl_softc *softc = lun->ctl_softc;
11138	union ctl_io *cur_blocked, *next_blocked;
11139
11140	mtx_assert(&lun->lun_lock, MA_OWNED);
11141
11142	/*
11143	 * Run forward from the head of the blocked queue, checking each
11144	 * entry against the I/Os prior to it on the OOA queue to see if
11145	 * there is still any blockage.
11146	 *
11147	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11148	 * with our removing a variable on it while it is traversing the
11149	 * list.
11150	 */
11151	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11152	     cur_blocked != NULL; cur_blocked = next_blocked) {
11153		union ctl_io *prev_ooa;
11154		ctl_action action;
11155
11156		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11157							  blocked_links);
11158
11159		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11160						      ctl_ooaq, ooa_links);
11161
11162		/*
11163		 * If cur_blocked happens to be the first item in the OOA
11164		 * queue now, prev_ooa will be NULL, and the action
11165		 * returned will just be CTL_ACTION_PASS.
11166		 */
11167		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11168
11169		switch (action) {
11170		case CTL_ACTION_BLOCK:
11171			/* Nothing to do here, still blocked */
11172			break;
11173		case CTL_ACTION_OVERLAP:
11174		case CTL_ACTION_OVERLAP_TAG:
11175			/*
11176			 * This shouldn't happen!  In theory we've already
11177			 * checked this command for overlap...
11178			 */
11179			break;
11180		case CTL_ACTION_PASS:
11181		case CTL_ACTION_SKIP: {
11182			const struct ctl_cmd_entry *entry;
11183
11184			/*
11185			 * The skip case shouldn't happen, this transaction
11186			 * should have never made it onto the blocked queue.
11187			 */
11188			/*
11189			 * This I/O is no longer blocked, we can remove it
11190			 * from the blocked queue.  Since this is a TAILQ
11191			 * (doubly linked list), we can do O(1) removals
11192			 * from any place on the list.
11193			 */
11194			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11195				     blocked_links);
11196			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11197
11198			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11199			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11200				/*
11201				 * Need to send IO back to original side to
11202				 * run
11203				 */
11204				union ctl_ha_msg msg_info;
11205
11206				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11207				msg_info.hdr.original_sc =
11208					cur_blocked->io_hdr.original_sc;
11209				msg_info.hdr.serializing_sc = cur_blocked;
11210				msg_info.hdr.msg_type = CTL_MSG_R2R;
11211				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11212				    sizeof(msg_info.hdr), M_NOWAIT);
11213				break;
11214			}
11215			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11216
11217			/*
11218			 * Check this I/O for LUN state changes that may
11219			 * have happened while this command was blocked.
11220			 * The LUN state may have been changed by a command
11221			 * ahead of us in the queue, so we need to re-check
11222			 * for any states that can be caused by SCSI
11223			 * commands.
11224			 */
11225			if (ctl_scsiio_lun_check(lun, entry,
11226						 &cur_blocked->scsiio) == 0) {
11227				cur_blocked->io_hdr.flags |=
11228				                      CTL_FLAG_IS_WAS_ON_RTR;
11229				ctl_enqueue_rtr(cur_blocked);
11230			} else
11231				ctl_done(cur_blocked);
11232			break;
11233		}
11234		default:
11235			/*
11236			 * This probably shouldn't happen -- we shouldn't
11237			 * get CTL_ACTION_ERROR, or anything else.
11238			 */
11239			break;
11240		}
11241	}
11242
11243	return (CTL_RETVAL_COMPLETE);
11244}
11245
11246/*
11247 * This routine (with one exception) checks LUN flags that can be set by
11248 * commands ahead of us in the OOA queue.  These flags have to be checked
11249 * when a command initially comes in, and when we pull a command off the
11250 * blocked queue and are preparing to execute it.  The reason we have to
11251 * check these flags for commands on the blocked queue is that the LUN
11252 * state may have been changed by a command ahead of us while we're on the
11253 * blocked queue.
11254 *
11255 * Ordering is somewhat important with these checks, so please pay
11256 * careful attention to the placement of any new checks.
11257 */
11258static int
11259ctl_scsiio_lun_check(struct ctl_lun *lun,
11260    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11261{
11262	struct ctl_softc *softc = lun->ctl_softc;
11263	int retval;
11264	uint32_t residx;
11265
11266	retval = 0;
11267
11268	mtx_assert(&lun->lun_lock, MA_OWNED);
11269
11270	/*
11271	 * If this shelf is a secondary shelf controller, we may have to
11272	 * reject some commands disallowed by HA mode and link state.
11273	 */
11274	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11275		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11276		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11277			ctl_set_lun_unavail(ctsio);
11278			retval = 1;
11279			goto bailout;
11280		}
11281		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11282		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11283			ctl_set_lun_transit(ctsio);
11284			retval = 1;
11285			goto bailout;
11286		}
11287		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11288		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11289			ctl_set_lun_standby(ctsio);
11290			retval = 1;
11291			goto bailout;
11292		}
11293
11294		/* The rest of checks are only done on executing side */
11295		if (softc->ha_mode == CTL_HA_MODE_XFER)
11296			goto bailout;
11297	}
11298
11299	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11300		if (lun->be_lun &&
11301		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11302			ctl_set_hw_write_protected(ctsio);
11303			retval = 1;
11304			goto bailout;
11305		}
11306		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11307		    .eca_and_aen & SCP_SWP) != 0) {
11308			ctl_set_sense(ctsio, /*current_error*/ 1,
11309			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11310			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11311			retval = 1;
11312			goto bailout;
11313		}
11314	}
11315
11316	/*
11317	 * Check for a reservation conflict.  If this command isn't allowed
11318	 * even on reserved LUNs, and if this initiator isn't the one who
11319	 * reserved us, reject the command with a reservation conflict.
11320	 */
11321	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11322	if ((lun->flags & CTL_LUN_RESERVED)
11323	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11324		if (lun->res_idx != residx) {
11325			ctl_set_reservation_conflict(ctsio);
11326			retval = 1;
11327			goto bailout;
11328		}
11329	}
11330
11331	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11332	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11333		/* No reservation or command is allowed. */;
11334	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11335	    (lun->pr_res_type == SPR_TYPE_WR_EX ||
11336	     lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
11337	     lun->pr_res_type == SPR_TYPE_WR_EX_AR)) {
11338		/* The command is allowed for Write Exclusive resv. */;
11339	} else {
11340		/*
11341		 * if we aren't registered or it's a res holder type
11342		 * reservation and this isn't the res holder then set a
11343		 * conflict.
11344		 */
11345		if (ctl_get_prkey(lun, residx) == 0 ||
11346		    (residx != lun->pr_res_idx && lun->pr_res_type < 4)) {
11347			ctl_set_reservation_conflict(ctsio);
11348			retval = 1;
11349			goto bailout;
11350		}
11351	}
11352
11353	if ((entry->flags & CTL_CMD_FLAG_OK_ON_NO_MEDIA) == 0) {
11354		if (lun->flags & CTL_LUN_EJECTED)
11355			ctl_set_lun_ejected(ctsio);
11356		else if (lun->flags & CTL_LUN_NO_MEDIA) {
11357			if (lun->flags & CTL_LUN_REMOVABLE)
11358				ctl_set_lun_no_media(ctsio);
11359			else
11360				ctl_set_lun_int_reqd(ctsio);
11361		} else if (lun->flags & CTL_LUN_STOPPED)
11362			ctl_set_lun_stopped(ctsio);
11363		else
11364			goto bailout;
11365		retval = 1;
11366		goto bailout;
11367	}
11368
11369bailout:
11370	return (retval);
11371}
11372
11373static void
11374ctl_failover_io(union ctl_io *io, int have_lock)
11375{
11376	ctl_set_busy(&io->scsiio);
11377	ctl_done(io);
11378}
11379
11380static void
11381ctl_failover_lun(union ctl_io *rio)
11382{
11383	struct ctl_softc *softc = control_softc;
11384	struct ctl_lun *lun;
11385	struct ctl_io_hdr *io, *next_io;
11386	uint32_t targ_lun;
11387
11388	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
11389	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
11390
11391	/* Find and lock the LUN. */
11392	mtx_lock(&softc->ctl_lock);
11393	if ((targ_lun < CTL_MAX_LUNS) &&
11394	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11395		mtx_lock(&lun->lun_lock);
11396		mtx_unlock(&softc->ctl_lock);
11397		if (lun->flags & CTL_LUN_DISABLED) {
11398			mtx_unlock(&lun->lun_lock);
11399			return;
11400		}
11401	} else {
11402		mtx_unlock(&softc->ctl_lock);
11403		return;
11404	}
11405
11406	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11407		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11408			/* We are master */
11409			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11410				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11411					io->flags |= CTL_FLAG_ABORT;
11412					io->flags |= CTL_FLAG_FAILOVER;
11413				} else { /* This can be only due to DATAMOVE */
11414					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11415					io->flags &= ~CTL_FLAG_DMA_INPROG;
11416					io->flags |= CTL_FLAG_IO_ACTIVE;
11417					io->port_status = 31340;
11418					ctl_enqueue_isc((union ctl_io *)io);
11419				}
11420			}
11421			/* We are slave */
11422			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11423				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11424				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11425					io->flags |= CTL_FLAG_FAILOVER;
11426				} else {
11427					ctl_set_busy(&((union ctl_io *)io)->
11428					    scsiio);
11429					ctl_done((union ctl_io *)io);
11430				}
11431			}
11432		}
11433	} else { /* SERIALIZE modes */
11434		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11435		    next_io) {
11436			/* We are master */
11437			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11438				TAILQ_REMOVE(&lun->blocked_queue, io,
11439				    blocked_links);
11440				io->flags &= ~CTL_FLAG_BLOCKED;
11441				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11442				ctl_free_io((union ctl_io *)io);
11443			}
11444		}
11445		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11446			/* We are master */
11447			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11448				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11449				ctl_free_io((union ctl_io *)io);
11450			}
11451			/* We are slave */
11452			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11453				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11454				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11455					ctl_set_busy(&((union ctl_io *)io)->
11456					    scsiio);
11457					ctl_done((union ctl_io *)io);
11458				}
11459			}
11460		}
11461		ctl_check_blocked(lun);
11462	}
11463	mtx_unlock(&lun->lun_lock);
11464}
11465
11466static int
11467ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11468{
11469	struct ctl_lun *lun;
11470	const struct ctl_cmd_entry *entry;
11471	uint32_t initidx, targ_lun;
11472	int retval;
11473
11474	retval = 0;
11475
11476	lun = NULL;
11477
11478	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11479	if ((targ_lun < CTL_MAX_LUNS)
11480	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11481		/*
11482		 * If the LUN is invalid, pretend that it doesn't exist.
11483		 * It will go away as soon as all pending I/O has been
11484		 * completed.
11485		 */
11486		mtx_lock(&lun->lun_lock);
11487		if (lun->flags & CTL_LUN_DISABLED) {
11488			mtx_unlock(&lun->lun_lock);
11489			lun = NULL;
11490			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11491			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11492		} else {
11493			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11494			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11495				lun->be_lun;
11496
11497			/*
11498			 * Every I/O goes into the OOA queue for a
11499			 * particular LUN, and stays there until completion.
11500			 */
11501#ifdef CTL_TIME_IO
11502			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11503				lun->idle_time += getsbinuptime() -
11504				    lun->last_busy;
11505			}
11506#endif
11507			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11508			    ooa_links);
11509		}
11510	} else {
11511		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11512		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11513	}
11514
11515	/* Get command entry and return error if it is unsuppotyed. */
11516	entry = ctl_validate_command(ctsio);
11517	if (entry == NULL) {
11518		if (lun)
11519			mtx_unlock(&lun->lun_lock);
11520		return (retval);
11521	}
11522
11523	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11524	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11525
11526	/*
11527	 * Check to see whether we can send this command to LUNs that don't
11528	 * exist.  This should pretty much only be the case for inquiry
11529	 * and request sense.  Further checks, below, really require having
11530	 * a LUN, so we can't really check the command anymore.  Just put
11531	 * it on the rtr queue.
11532	 */
11533	if (lun == NULL) {
11534		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11535			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11536			ctl_enqueue_rtr((union ctl_io *)ctsio);
11537			return (retval);
11538		}
11539
11540		ctl_set_unsupported_lun(ctsio);
11541		ctl_done((union ctl_io *)ctsio);
11542		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11543		return (retval);
11544	} else {
11545		/*
11546		 * Make sure we support this particular command on this LUN.
11547		 * e.g., we don't support writes to the control LUN.
11548		 */
11549		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11550			mtx_unlock(&lun->lun_lock);
11551			ctl_set_invalid_opcode(ctsio);
11552			ctl_done((union ctl_io *)ctsio);
11553			return (retval);
11554		}
11555	}
11556
11557	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11558
11559#ifdef CTL_WITH_CA
11560	/*
11561	 * If we've got a request sense, it'll clear the contingent
11562	 * allegiance condition.  Otherwise, if we have a CA condition for
11563	 * this initiator, clear it, because it sent down a command other
11564	 * than request sense.
11565	 */
11566	if ((ctsio->cdb[0] != REQUEST_SENSE)
11567	 && (ctl_is_set(lun->have_ca, initidx)))
11568		ctl_clear_mask(lun->have_ca, initidx);
11569#endif
11570
11571	/*
11572	 * If the command has this flag set, it handles its own unit
11573	 * attention reporting, we shouldn't do anything.  Otherwise we
11574	 * check for any pending unit attentions, and send them back to the
11575	 * initiator.  We only do this when a command initially comes in,
11576	 * not when we pull it off the blocked queue.
11577	 *
11578	 * According to SAM-3, section 5.3.2, the order that things get
11579	 * presented back to the host is basically unit attentions caused
11580	 * by some sort of reset event, busy status, reservation conflicts
11581	 * or task set full, and finally any other status.
11582	 *
11583	 * One issue here is that some of the unit attentions we report
11584	 * don't fall into the "reset" category (e.g. "reported luns data
11585	 * has changed").  So reporting it here, before the reservation
11586	 * check, may be technically wrong.  I guess the only thing to do
11587	 * would be to check for and report the reset events here, and then
11588	 * check for the other unit attention types after we check for a
11589	 * reservation conflict.
11590	 *
11591	 * XXX KDM need to fix this
11592	 */
11593	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11594		ctl_ua_type ua_type;
11595
11596		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11597		    SSD_TYPE_NONE);
11598		if (ua_type != CTL_UA_NONE) {
11599			mtx_unlock(&lun->lun_lock);
11600			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11601			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11602			ctsio->sense_len = SSD_FULL_SIZE;
11603			ctl_done((union ctl_io *)ctsio);
11604			return (retval);
11605		}
11606	}
11607
11608
11609	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11610		mtx_unlock(&lun->lun_lock);
11611		ctl_done((union ctl_io *)ctsio);
11612		return (retval);
11613	}
11614
11615	/*
11616	 * XXX CHD this is where we want to send IO to other side if
11617	 * this LUN is secondary on this SC. We will need to make a copy
11618	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11619	 * the copy we send as FROM_OTHER.
11620	 * We also need to stuff the address of the original IO so we can
11621	 * find it easily. Something similar will need be done on the other
11622	 * side so when we are done we can find the copy.
11623	 */
11624	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11625	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11626	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11627		union ctl_ha_msg msg_info;
11628		int isc_retval;
11629
11630		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11631		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11632		mtx_unlock(&lun->lun_lock);
11633
11634		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11635		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11636		msg_info.hdr.serializing_sc = NULL;
11637		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11638		msg_info.scsi.tag_num = ctsio->tag_num;
11639		msg_info.scsi.tag_type = ctsio->tag_type;
11640		msg_info.scsi.cdb_len = ctsio->cdb_len;
11641		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11642
11643		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11644		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11645		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11646			ctl_set_busy(ctsio);
11647			ctl_done((union ctl_io *)ctsio);
11648			return (retval);
11649		}
11650		return (retval);
11651	}
11652
11653	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11654			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11655			      ctl_ooaq, ooa_links))) {
11656	case CTL_ACTION_BLOCK:
11657		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11658		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11659				  blocked_links);
11660		mtx_unlock(&lun->lun_lock);
11661		return (retval);
11662	case CTL_ACTION_PASS:
11663	case CTL_ACTION_SKIP:
11664		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11665		mtx_unlock(&lun->lun_lock);
11666		ctl_enqueue_rtr((union ctl_io *)ctsio);
11667		break;
11668	case CTL_ACTION_OVERLAP:
11669		mtx_unlock(&lun->lun_lock);
11670		ctl_set_overlapped_cmd(ctsio);
11671		ctl_done((union ctl_io *)ctsio);
11672		break;
11673	case CTL_ACTION_OVERLAP_TAG:
11674		mtx_unlock(&lun->lun_lock);
11675		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11676		ctl_done((union ctl_io *)ctsio);
11677		break;
11678	case CTL_ACTION_ERROR:
11679	default:
11680		mtx_unlock(&lun->lun_lock);
11681		ctl_set_internal_failure(ctsio,
11682					 /*sks_valid*/ 0,
11683					 /*retry_count*/ 0);
11684		ctl_done((union ctl_io *)ctsio);
11685		break;
11686	}
11687	return (retval);
11688}
11689
11690const struct ctl_cmd_entry *
11691ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11692{
11693	const struct ctl_cmd_entry *entry;
11694	int service_action;
11695
11696	entry = &ctl_cmd_table[ctsio->cdb[0]];
11697	if (sa)
11698		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11699	if (entry->flags & CTL_CMD_FLAG_SA5) {
11700		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11701		entry = &((const struct ctl_cmd_entry *)
11702		    entry->execute)[service_action];
11703	}
11704	return (entry);
11705}
11706
11707const struct ctl_cmd_entry *
11708ctl_validate_command(struct ctl_scsiio *ctsio)
11709{
11710	const struct ctl_cmd_entry *entry;
11711	int i, sa;
11712	uint8_t diff;
11713
11714	entry = ctl_get_cmd_entry(ctsio, &sa);
11715	if (entry->execute == NULL) {
11716		if (sa)
11717			ctl_set_invalid_field(ctsio,
11718					      /*sks_valid*/ 1,
11719					      /*command*/ 1,
11720					      /*field*/ 1,
11721					      /*bit_valid*/ 1,
11722					      /*bit*/ 4);
11723		else
11724			ctl_set_invalid_opcode(ctsio);
11725		ctl_done((union ctl_io *)ctsio);
11726		return (NULL);
11727	}
11728	KASSERT(entry->length > 0,
11729	    ("Not defined length for command 0x%02x/0x%02x",
11730	     ctsio->cdb[0], ctsio->cdb[1]));
11731	for (i = 1; i < entry->length; i++) {
11732		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11733		if (diff == 0)
11734			continue;
11735		ctl_set_invalid_field(ctsio,
11736				      /*sks_valid*/ 1,
11737				      /*command*/ 1,
11738				      /*field*/ i,
11739				      /*bit_valid*/ 1,
11740				      /*bit*/ fls(diff) - 1);
11741		ctl_done((union ctl_io *)ctsio);
11742		return (NULL);
11743	}
11744	return (entry);
11745}
11746
11747static int
11748ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11749{
11750
11751	switch (lun_type) {
11752	case T_DIRECT:
11753		if ((entry->flags & CTL_CMD_FLAG_OK_ON_DIRECT) == 0)
11754			return (0);
11755		break;
11756	case T_PROCESSOR:
11757		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11758			return (0);
11759		break;
11760	case T_CDROM:
11761		if ((entry->flags & CTL_CMD_FLAG_OK_ON_CDROM) == 0)
11762			return (0);
11763		break;
11764	default:
11765		return (0);
11766	}
11767	return (1);
11768}
11769
11770static int
11771ctl_scsiio(struct ctl_scsiio *ctsio)
11772{
11773	int retval;
11774	const struct ctl_cmd_entry *entry;
11775
11776	retval = CTL_RETVAL_COMPLETE;
11777
11778	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11779
11780	entry = ctl_get_cmd_entry(ctsio, NULL);
11781
11782	/*
11783	 * If this I/O has been aborted, just send it straight to
11784	 * ctl_done() without executing it.
11785	 */
11786	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11787		ctl_done((union ctl_io *)ctsio);
11788		goto bailout;
11789	}
11790
11791	/*
11792	 * All the checks should have been handled by ctl_scsiio_precheck().
11793	 * We should be clear now to just execute the I/O.
11794	 */
11795	retval = entry->execute(ctsio);
11796
11797bailout:
11798	return (retval);
11799}
11800
11801/*
11802 * Since we only implement one target right now, a bus reset simply resets
11803 * our single target.
11804 */
11805static int
11806ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11807{
11808	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11809}
11810
11811static int
11812ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11813		 ctl_ua_type ua_type)
11814{
11815	struct ctl_port *port;
11816	struct ctl_lun *lun;
11817	int retval;
11818
11819	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11820		union ctl_ha_msg msg_info;
11821
11822		msg_info.hdr.nexus = io->io_hdr.nexus;
11823		if (ua_type==CTL_UA_TARG_RESET)
11824			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11825		else
11826			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11827		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11828		msg_info.hdr.original_sc = NULL;
11829		msg_info.hdr.serializing_sc = NULL;
11830		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11831		    sizeof(msg_info.task), M_WAITOK);
11832	}
11833	retval = 0;
11834
11835	mtx_lock(&softc->ctl_lock);
11836	port = ctl_io_port(&io->io_hdr);
11837	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11838		if (port != NULL &&
11839		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11840			continue;
11841		retval += ctl_do_lun_reset(lun, io, ua_type);
11842	}
11843	mtx_unlock(&softc->ctl_lock);
11844	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11845	return (retval);
11846}
11847
11848/*
11849 * The LUN should always be set.  The I/O is optional, and is used to
11850 * distinguish between I/Os sent by this initiator, and by other
11851 * initiators.  We set unit attention for initiators other than this one.
11852 * SAM-3 is vague on this point.  It does say that a unit attention should
11853 * be established for other initiators when a LUN is reset (see section
11854 * 5.7.3), but it doesn't specifically say that the unit attention should
11855 * be established for this particular initiator when a LUN is reset.  Here
11856 * is the relevant text, from SAM-3 rev 8:
11857 *
11858 * 5.7.2 When a SCSI initiator port aborts its own tasks
11859 *
11860 * When a SCSI initiator port causes its own task(s) to be aborted, no
11861 * notification that the task(s) have been aborted shall be returned to
11862 * the SCSI initiator port other than the completion response for the
11863 * command or task management function action that caused the task(s) to
11864 * be aborted and notification(s) associated with related effects of the
11865 * action (e.g., a reset unit attention condition).
11866 *
11867 * XXX KDM for now, we're setting unit attention for all initiators.
11868 */
11869static int
11870ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11871{
11872	union ctl_io *xio;
11873#if 0
11874	uint32_t initidx;
11875#endif
11876	int i;
11877
11878	mtx_lock(&lun->lun_lock);
11879	/*
11880	 * Run through the OOA queue and abort each I/O.
11881	 */
11882	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11883	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11884		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11885	}
11886
11887	/*
11888	 * This version sets unit attention for every
11889	 */
11890#if 0
11891	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11892	ctl_est_ua_all(lun, initidx, ua_type);
11893#else
11894	ctl_est_ua_all(lun, -1, ua_type);
11895#endif
11896
11897	/*
11898	 * A reset (any kind, really) clears reservations established with
11899	 * RESERVE/RELEASE.  It does not clear reservations established
11900	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11901	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11902	 * reservations made with the RESERVE/RELEASE commands, because
11903	 * those commands are obsolete in SPC-3.
11904	 */
11905	lun->flags &= ~CTL_LUN_RESERVED;
11906
11907#ifdef CTL_WITH_CA
11908	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11909		ctl_clear_mask(lun->have_ca, i);
11910#endif
11911	lun->prevent_count = 0;
11912	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11913		ctl_clear_mask(lun->prevent, i);
11914	mtx_unlock(&lun->lun_lock);
11915
11916	return (0);
11917}
11918
11919static int
11920ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11921{
11922	struct ctl_lun *lun;
11923	uint32_t targ_lun;
11924	int retval;
11925
11926	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11927	mtx_lock(&softc->ctl_lock);
11928	if ((targ_lun >= CTL_MAX_LUNS) ||
11929	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11930		mtx_unlock(&softc->ctl_lock);
11931		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11932		return (1);
11933	}
11934	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11935	mtx_unlock(&softc->ctl_lock);
11936	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11937
11938	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11939		union ctl_ha_msg msg_info;
11940
11941		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11942		msg_info.hdr.nexus = io->io_hdr.nexus;
11943		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11944		msg_info.hdr.original_sc = NULL;
11945		msg_info.hdr.serializing_sc = NULL;
11946		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11947		    sizeof(msg_info.task), M_WAITOK);
11948	}
11949	return (retval);
11950}
11951
11952static void
11953ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11954    int other_sc)
11955{
11956	union ctl_io *xio;
11957
11958	mtx_assert(&lun->lun_lock, MA_OWNED);
11959
11960	/*
11961	 * Run through the OOA queue and attempt to find the given I/O.
11962	 * The target port, initiator ID, tag type and tag number have to
11963	 * match the values that we got from the initiator.  If we have an
11964	 * untagged command to abort, simply abort the first untagged command
11965	 * we come to.  We only allow one untagged command at a time of course.
11966	 */
11967	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11968	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11969
11970		if ((targ_port == UINT32_MAX ||
11971		     targ_port == xio->io_hdr.nexus.targ_port) &&
11972		    (init_id == UINT32_MAX ||
11973		     init_id == xio->io_hdr.nexus.initid)) {
11974			if (targ_port != xio->io_hdr.nexus.targ_port ||
11975			    init_id != xio->io_hdr.nexus.initid)
11976				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11977			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11978			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11979				union ctl_ha_msg msg_info;
11980
11981				msg_info.hdr.nexus = xio->io_hdr.nexus;
11982				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11983				msg_info.task.tag_num = xio->scsiio.tag_num;
11984				msg_info.task.tag_type = xio->scsiio.tag_type;
11985				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11986				msg_info.hdr.original_sc = NULL;
11987				msg_info.hdr.serializing_sc = NULL;
11988				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11989				    sizeof(msg_info.task), M_NOWAIT);
11990			}
11991		}
11992	}
11993}
11994
11995static int
11996ctl_abort_task_set(union ctl_io *io)
11997{
11998	struct ctl_softc *softc = control_softc;
11999	struct ctl_lun *lun;
12000	uint32_t targ_lun;
12001
12002	/*
12003	 * Look up the LUN.
12004	 */
12005	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12006	mtx_lock(&softc->ctl_lock);
12007	if ((targ_lun >= CTL_MAX_LUNS) ||
12008	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12009		mtx_unlock(&softc->ctl_lock);
12010		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12011		return (1);
12012	}
12013
12014	mtx_lock(&lun->lun_lock);
12015	mtx_unlock(&softc->ctl_lock);
12016	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12017		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12018		    io->io_hdr.nexus.initid,
12019		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12020	} else { /* CTL_TASK_CLEAR_TASK_SET */
12021		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12022		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12023	}
12024	mtx_unlock(&lun->lun_lock);
12025	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12026	return (0);
12027}
12028
12029static int
12030ctl_i_t_nexus_reset(union ctl_io *io)
12031{
12032	struct ctl_softc *softc = control_softc;
12033	struct ctl_lun *lun;
12034	uint32_t initidx;
12035
12036	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12037		union ctl_ha_msg msg_info;
12038
12039		msg_info.hdr.nexus = io->io_hdr.nexus;
12040		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
12041		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12042		msg_info.hdr.original_sc = NULL;
12043		msg_info.hdr.serializing_sc = NULL;
12044		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12045		    sizeof(msg_info.task), M_WAITOK);
12046	}
12047
12048	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12049	mtx_lock(&softc->ctl_lock);
12050	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12051		mtx_lock(&lun->lun_lock);
12052		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12053		    io->io_hdr.nexus.initid, 1);
12054#ifdef CTL_WITH_CA
12055		ctl_clear_mask(lun->have_ca, initidx);
12056#endif
12057		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
12058			lun->flags &= ~CTL_LUN_RESERVED;
12059		if (ctl_is_set(lun->prevent, initidx)) {
12060			ctl_clear_mask(lun->prevent, initidx);
12061			lun->prevent_count--;
12062		}
12063		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
12064		mtx_unlock(&lun->lun_lock);
12065	}
12066	mtx_unlock(&softc->ctl_lock);
12067	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12068	return (0);
12069}
12070
12071static int
12072ctl_abort_task(union ctl_io *io)
12073{
12074	union ctl_io *xio;
12075	struct ctl_lun *lun;
12076	struct ctl_softc *softc;
12077#if 0
12078	struct sbuf sb;
12079	char printbuf[128];
12080#endif
12081	int found;
12082	uint32_t targ_lun;
12083
12084	softc = control_softc;
12085	found = 0;
12086
12087	/*
12088	 * Look up the LUN.
12089	 */
12090	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12091	mtx_lock(&softc->ctl_lock);
12092	if ((targ_lun >= CTL_MAX_LUNS) ||
12093	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12094		mtx_unlock(&softc->ctl_lock);
12095		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12096		return (1);
12097	}
12098
12099#if 0
12100	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12101	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12102#endif
12103
12104	mtx_lock(&lun->lun_lock);
12105	mtx_unlock(&softc->ctl_lock);
12106	/*
12107	 * Run through the OOA queue and attempt to find the given I/O.
12108	 * The target port, initiator ID, tag type and tag number have to
12109	 * match the values that we got from the initiator.  If we have an
12110	 * untagged command to abort, simply abort the first untagged command
12111	 * we come to.  We only allow one untagged command at a time of course.
12112	 */
12113	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12114	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12115#if 0
12116		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12117
12118		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12119			    lun->lun, xio->scsiio.tag_num,
12120			    xio->scsiio.tag_type,
12121			    (xio->io_hdr.blocked_links.tqe_prev
12122			    == NULL) ? "" : " BLOCKED",
12123			    (xio->io_hdr.flags &
12124			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12125			    (xio->io_hdr.flags &
12126			    CTL_FLAG_ABORT) ? " ABORT" : "",
12127			    (xio->io_hdr.flags &
12128			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12129		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12130		sbuf_finish(&sb);
12131		printf("%s\n", sbuf_data(&sb));
12132#endif
12133
12134		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12135		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12136		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12137			continue;
12138
12139		/*
12140		 * If the abort says that the task is untagged, the
12141		 * task in the queue must be untagged.  Otherwise,
12142		 * we just check to see whether the tag numbers
12143		 * match.  This is because the QLogic firmware
12144		 * doesn't pass back the tag type in an abort
12145		 * request.
12146		 */
12147#if 0
12148		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12149		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12150		 || (xio->scsiio.tag_num == io->taskio.tag_num))
12151#endif
12152		/*
12153		 * XXX KDM we've got problems with FC, because it
12154		 * doesn't send down a tag type with aborts.  So we
12155		 * can only really go by the tag number...
12156		 * This may cause problems with parallel SCSI.
12157		 * Need to figure that out!!
12158		 */
12159		if (xio->scsiio.tag_num == io->taskio.tag_num) {
12160			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12161			found = 1;
12162			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
12163			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12164				union ctl_ha_msg msg_info;
12165
12166				msg_info.hdr.nexus = io->io_hdr.nexus;
12167				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12168				msg_info.task.tag_num = io->taskio.tag_num;
12169				msg_info.task.tag_type = io->taskio.tag_type;
12170				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12171				msg_info.hdr.original_sc = NULL;
12172				msg_info.hdr.serializing_sc = NULL;
12173#if 0
12174				printf("Sent Abort to other side\n");
12175#endif
12176				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12177				    sizeof(msg_info.task), M_NOWAIT);
12178			}
12179#if 0
12180			printf("ctl_abort_task: found I/O to abort\n");
12181#endif
12182		}
12183	}
12184	mtx_unlock(&lun->lun_lock);
12185
12186	if (found == 0) {
12187		/*
12188		 * This isn't really an error.  It's entirely possible for
12189		 * the abort and command completion to cross on the wire.
12190		 * This is more of an informative/diagnostic error.
12191		 */
12192#if 0
12193		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12194		       "%u:%u:%u tag %d type %d\n",
12195		       io->io_hdr.nexus.initid,
12196		       io->io_hdr.nexus.targ_port,
12197		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12198		       io->taskio.tag_type);
12199#endif
12200	}
12201	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12202	return (0);
12203}
12204
12205static int
12206ctl_query_task(union ctl_io *io, int task_set)
12207{
12208	union ctl_io *xio;
12209	struct ctl_lun *lun;
12210	struct ctl_softc *softc;
12211	int found = 0;
12212	uint32_t targ_lun;
12213
12214	softc = control_softc;
12215	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12216	mtx_lock(&softc->ctl_lock);
12217	if ((targ_lun >= CTL_MAX_LUNS) ||
12218	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12219		mtx_unlock(&softc->ctl_lock);
12220		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12221		return (1);
12222	}
12223	mtx_lock(&lun->lun_lock);
12224	mtx_unlock(&softc->ctl_lock);
12225	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12226	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12227
12228		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12229		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12230		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12231			continue;
12232
12233		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12234			found = 1;
12235			break;
12236		}
12237	}
12238	mtx_unlock(&lun->lun_lock);
12239	if (found)
12240		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12241	else
12242		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12243	return (0);
12244}
12245
12246static int
12247ctl_query_async_event(union ctl_io *io)
12248{
12249	struct ctl_lun *lun;
12250	struct ctl_softc *softc;
12251	ctl_ua_type ua;
12252	uint32_t targ_lun, initidx;
12253
12254	softc = control_softc;
12255	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12256	mtx_lock(&softc->ctl_lock);
12257	if ((targ_lun >= CTL_MAX_LUNS) ||
12258	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12259		mtx_unlock(&softc->ctl_lock);
12260		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12261		return (1);
12262	}
12263	mtx_lock(&lun->lun_lock);
12264	mtx_unlock(&softc->ctl_lock);
12265	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12266	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12267	mtx_unlock(&lun->lun_lock);
12268	if (ua != CTL_UA_NONE)
12269		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12270	else
12271		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12272	return (0);
12273}
12274
12275static void
12276ctl_run_task(union ctl_io *io)
12277{
12278	struct ctl_softc *softc = control_softc;
12279	int retval = 1;
12280
12281	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12282	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12283	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12284	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12285	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12286	switch (io->taskio.task_action) {
12287	case CTL_TASK_ABORT_TASK:
12288		retval = ctl_abort_task(io);
12289		break;
12290	case CTL_TASK_ABORT_TASK_SET:
12291	case CTL_TASK_CLEAR_TASK_SET:
12292		retval = ctl_abort_task_set(io);
12293		break;
12294	case CTL_TASK_CLEAR_ACA:
12295		break;
12296	case CTL_TASK_I_T_NEXUS_RESET:
12297		retval = ctl_i_t_nexus_reset(io);
12298		break;
12299	case CTL_TASK_LUN_RESET:
12300		retval = ctl_lun_reset(softc, io);
12301		break;
12302	case CTL_TASK_TARGET_RESET:
12303		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12304		break;
12305	case CTL_TASK_BUS_RESET:
12306		retval = ctl_bus_reset(softc, io);
12307		break;
12308	case CTL_TASK_PORT_LOGIN:
12309		break;
12310	case CTL_TASK_PORT_LOGOUT:
12311		break;
12312	case CTL_TASK_QUERY_TASK:
12313		retval = ctl_query_task(io, 0);
12314		break;
12315	case CTL_TASK_QUERY_TASK_SET:
12316		retval = ctl_query_task(io, 1);
12317		break;
12318	case CTL_TASK_QUERY_ASYNC_EVENT:
12319		retval = ctl_query_async_event(io);
12320		break;
12321	default:
12322		printf("%s: got unknown task management event %d\n",
12323		       __func__, io->taskio.task_action);
12324		break;
12325	}
12326	if (retval == 0)
12327		io->io_hdr.status = CTL_SUCCESS;
12328	else
12329		io->io_hdr.status = CTL_ERROR;
12330	ctl_done(io);
12331}
12332
12333/*
12334 * For HA operation.  Handle commands that come in from the other
12335 * controller.
12336 */
12337static void
12338ctl_handle_isc(union ctl_io *io)
12339{
12340	int free_io;
12341	struct ctl_lun *lun;
12342	struct ctl_softc *softc = control_softc;
12343	uint32_t targ_lun;
12344
12345	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12346	lun = softc->ctl_luns[targ_lun];
12347
12348	switch (io->io_hdr.msg_type) {
12349	case CTL_MSG_SERIALIZE:
12350		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12351		break;
12352	case CTL_MSG_R2R: {
12353		const struct ctl_cmd_entry *entry;
12354
12355		/*
12356		 * This is only used in SER_ONLY mode.
12357		 */
12358		free_io = 0;
12359		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12360		mtx_lock(&lun->lun_lock);
12361		if (ctl_scsiio_lun_check(lun,
12362		    entry, (struct ctl_scsiio *)io) != 0) {
12363			mtx_unlock(&lun->lun_lock);
12364			ctl_done(io);
12365			break;
12366		}
12367		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12368		mtx_unlock(&lun->lun_lock);
12369		ctl_enqueue_rtr(io);
12370		break;
12371	}
12372	case CTL_MSG_FINISH_IO:
12373		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12374			free_io = 0;
12375			ctl_done(io);
12376		} else {
12377			free_io = 1;
12378			mtx_lock(&lun->lun_lock);
12379			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12380				     ooa_links);
12381			ctl_check_blocked(lun);
12382			mtx_unlock(&lun->lun_lock);
12383		}
12384		break;
12385	case CTL_MSG_PERS_ACTION:
12386		ctl_hndl_per_res_out_on_other_sc(
12387			(union ctl_ha_msg *)&io->presio.pr_msg);
12388		free_io = 1;
12389		break;
12390	case CTL_MSG_BAD_JUJU:
12391		free_io = 0;
12392		ctl_done(io);
12393		break;
12394	case CTL_MSG_DATAMOVE:
12395		/* Only used in XFER mode */
12396		free_io = 0;
12397		ctl_datamove_remote(io);
12398		break;
12399	case CTL_MSG_DATAMOVE_DONE:
12400		/* Only used in XFER mode */
12401		free_io = 0;
12402		io->scsiio.be_move_done(io);
12403		break;
12404	case CTL_MSG_FAILOVER:
12405		ctl_failover_lun(io);
12406		free_io = 1;
12407		break;
12408	default:
12409		free_io = 1;
12410		printf("%s: Invalid message type %d\n",
12411		       __func__, io->io_hdr.msg_type);
12412		break;
12413	}
12414	if (free_io)
12415		ctl_free_io(io);
12416
12417}
12418
12419
12420/*
12421 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12422 * there is no match.
12423 */
12424static ctl_lun_error_pattern
12425ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12426{
12427	const struct ctl_cmd_entry *entry;
12428	ctl_lun_error_pattern filtered_pattern, pattern;
12429
12430	pattern = desc->error_pattern;
12431
12432	/*
12433	 * XXX KDM we need more data passed into this function to match a
12434	 * custom pattern, and we actually need to implement custom pattern
12435	 * matching.
12436	 */
12437	if (pattern & CTL_LUN_PAT_CMD)
12438		return (CTL_LUN_PAT_CMD);
12439
12440	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12441		return (CTL_LUN_PAT_ANY);
12442
12443	entry = ctl_get_cmd_entry(ctsio, NULL);
12444
12445	filtered_pattern = entry->pattern & pattern;
12446
12447	/*
12448	 * If the user requested specific flags in the pattern (e.g.
12449	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12450	 * flags.
12451	 *
12452	 * If the user did not specify any flags, it doesn't matter whether
12453	 * or not the command supports the flags.
12454	 */
12455	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12456	     (pattern & ~CTL_LUN_PAT_MASK))
12457		return (CTL_LUN_PAT_NONE);
12458
12459	/*
12460	 * If the user asked for a range check, see if the requested LBA
12461	 * range overlaps with this command's LBA range.
12462	 */
12463	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12464		uint64_t lba1;
12465		uint64_t len1;
12466		ctl_action action;
12467		int retval;
12468
12469		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12470		if (retval != 0)
12471			return (CTL_LUN_PAT_NONE);
12472
12473		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12474					      desc->lba_range.len, FALSE);
12475		/*
12476		 * A "pass" means that the LBA ranges don't overlap, so
12477		 * this doesn't match the user's range criteria.
12478		 */
12479		if (action == CTL_ACTION_PASS)
12480			return (CTL_LUN_PAT_NONE);
12481	}
12482
12483	return (filtered_pattern);
12484}
12485
12486static void
12487ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12488{
12489	struct ctl_error_desc *desc, *desc2;
12490
12491	mtx_assert(&lun->lun_lock, MA_OWNED);
12492
12493	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12494		ctl_lun_error_pattern pattern;
12495		/*
12496		 * Check to see whether this particular command matches
12497		 * the pattern in the descriptor.
12498		 */
12499		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12500		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12501			continue;
12502
12503		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12504		case CTL_LUN_INJ_ABORTED:
12505			ctl_set_aborted(&io->scsiio);
12506			break;
12507		case CTL_LUN_INJ_MEDIUM_ERR:
12508			ctl_set_medium_error(&io->scsiio,
12509			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12510			     CTL_FLAG_DATA_OUT);
12511			break;
12512		case CTL_LUN_INJ_UA:
12513			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12514			 * OCCURRED */
12515			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12516			break;
12517		case CTL_LUN_INJ_CUSTOM:
12518			/*
12519			 * We're assuming the user knows what he is doing.
12520			 * Just copy the sense information without doing
12521			 * checks.
12522			 */
12523			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12524			      MIN(sizeof(desc->custom_sense),
12525				  sizeof(io->scsiio.sense_data)));
12526			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12527			io->scsiio.sense_len = SSD_FULL_SIZE;
12528			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12529			break;
12530		case CTL_LUN_INJ_NONE:
12531		default:
12532			/*
12533			 * If this is an error injection type we don't know
12534			 * about, clear the continuous flag (if it is set)
12535			 * so it will get deleted below.
12536			 */
12537			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12538			break;
12539		}
12540		/*
12541		 * By default, each error injection action is a one-shot
12542		 */
12543		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12544			continue;
12545
12546		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12547
12548		free(desc, M_CTL);
12549	}
12550}
12551
12552#ifdef CTL_IO_DELAY
12553static void
12554ctl_datamove_timer_wakeup(void *arg)
12555{
12556	union ctl_io *io;
12557
12558	io = (union ctl_io *)arg;
12559
12560	ctl_datamove(io);
12561}
12562#endif /* CTL_IO_DELAY */
12563
12564void
12565ctl_datamove(union ctl_io *io)
12566{
12567	struct ctl_lun *lun;
12568	void (*fe_datamove)(union ctl_io *io);
12569
12570	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12571
12572	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12573
12574	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12575#ifdef CTL_TIME_IO
12576	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12577		char str[256];
12578		char path_str[64];
12579		struct sbuf sb;
12580
12581		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12582		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12583
12584		sbuf_cat(&sb, path_str);
12585		switch (io->io_hdr.io_type) {
12586		case CTL_IO_SCSI:
12587			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12588			sbuf_printf(&sb, "\n");
12589			sbuf_cat(&sb, path_str);
12590			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12591				    io->scsiio.tag_num, io->scsiio.tag_type);
12592			break;
12593		case CTL_IO_TASK:
12594			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12595				    "Tag Type: %d\n", io->taskio.task_action,
12596				    io->taskio.tag_num, io->taskio.tag_type);
12597			break;
12598		default:
12599			panic("%s: Invalid CTL I/O type %d\n",
12600			    __func__, io->io_hdr.io_type);
12601		}
12602		sbuf_cat(&sb, path_str);
12603		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12604			    (intmax_t)time_uptime - io->io_hdr.start_time);
12605		sbuf_finish(&sb);
12606		printf("%s", sbuf_data(&sb));
12607	}
12608#endif /* CTL_TIME_IO */
12609
12610#ifdef CTL_IO_DELAY
12611	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12612		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12613	} else {
12614		if ((lun != NULL)
12615		 && (lun->delay_info.datamove_delay > 0)) {
12616
12617			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12618			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12619			callout_reset(&io->io_hdr.delay_callout,
12620				      lun->delay_info.datamove_delay * hz,
12621				      ctl_datamove_timer_wakeup, io);
12622			if (lun->delay_info.datamove_type ==
12623			    CTL_DELAY_TYPE_ONESHOT)
12624				lun->delay_info.datamove_delay = 0;
12625			return;
12626		}
12627	}
12628#endif
12629
12630	/*
12631	 * This command has been aborted.  Set the port status, so we fail
12632	 * the data move.
12633	 */
12634	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12635		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12636		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12637		       io->io_hdr.nexus.targ_port,
12638		       io->io_hdr.nexus.targ_lun);
12639		io->io_hdr.port_status = 31337;
12640		/*
12641		 * Note that the backend, in this case, will get the
12642		 * callback in its context.  In other cases it may get
12643		 * called in the frontend's interrupt thread context.
12644		 */
12645		io->scsiio.be_move_done(io);
12646		return;
12647	}
12648
12649	/* Don't confuse frontend with zero length data move. */
12650	if (io->scsiio.kern_data_len == 0) {
12651		io->scsiio.be_move_done(io);
12652		return;
12653	}
12654
12655	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12656	fe_datamove(io);
12657}
12658
12659static void
12660ctl_send_datamove_done(union ctl_io *io, int have_lock)
12661{
12662	union ctl_ha_msg msg;
12663#ifdef CTL_TIME_IO
12664	struct bintime cur_bt;
12665#endif
12666
12667	memset(&msg, 0, sizeof(msg));
12668	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12669	msg.hdr.original_sc = io;
12670	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12671	msg.hdr.nexus = io->io_hdr.nexus;
12672	msg.hdr.status = io->io_hdr.status;
12673	msg.scsi.tag_num = io->scsiio.tag_num;
12674	msg.scsi.tag_type = io->scsiio.tag_type;
12675	msg.scsi.scsi_status = io->scsiio.scsi_status;
12676	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12677	       io->scsiio.sense_len);
12678	msg.scsi.sense_len = io->scsiio.sense_len;
12679	msg.scsi.sense_residual = io->scsiio.sense_residual;
12680	msg.scsi.fetd_status = io->io_hdr.port_status;
12681	msg.scsi.residual = io->scsiio.residual;
12682	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12683	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12684		ctl_failover_io(io, /*have_lock*/ have_lock);
12685		return;
12686	}
12687	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12688	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12689	    msg.scsi.sense_len, M_WAITOK);
12690
12691#ifdef CTL_TIME_IO
12692	getbinuptime(&cur_bt);
12693	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12694	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12695#endif
12696	io->io_hdr.num_dmas++;
12697}
12698
12699/*
12700 * The DMA to the remote side is done, now we need to tell the other side
12701 * we're done so it can continue with its data movement.
12702 */
12703static void
12704ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12705{
12706	union ctl_io *io;
12707	int i;
12708
12709	io = rq->context;
12710
12711	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12712		printf("%s: ISC DMA write failed with error %d", __func__,
12713		       rq->ret);
12714		ctl_set_internal_failure(&io->scsiio,
12715					 /*sks_valid*/ 1,
12716					 /*retry_count*/ rq->ret);
12717	}
12718
12719	ctl_dt_req_free(rq);
12720
12721	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12722		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12723	free(io->io_hdr.remote_sglist, M_CTL);
12724	io->io_hdr.remote_sglist = NULL;
12725	io->io_hdr.local_sglist = NULL;
12726
12727	/*
12728	 * The data is in local and remote memory, so now we need to send
12729	 * status (good or back) back to the other side.
12730	 */
12731	ctl_send_datamove_done(io, /*have_lock*/ 0);
12732}
12733
12734/*
12735 * We've moved the data from the host/controller into local memory.  Now we
12736 * need to push it over to the remote controller's memory.
12737 */
12738static int
12739ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12740{
12741	int retval;
12742
12743	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12744					  ctl_datamove_remote_write_cb);
12745	return (retval);
12746}
12747
12748static void
12749ctl_datamove_remote_write(union ctl_io *io)
12750{
12751	int retval;
12752	void (*fe_datamove)(union ctl_io *io);
12753
12754	/*
12755	 * - Get the data from the host/HBA into local memory.
12756	 * - DMA memory from the local controller to the remote controller.
12757	 * - Send status back to the remote controller.
12758	 */
12759
12760	retval = ctl_datamove_remote_sgl_setup(io);
12761	if (retval != 0)
12762		return;
12763
12764	/* Switch the pointer over so the FETD knows what to do */
12765	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12766
12767	/*
12768	 * Use a custom move done callback, since we need to send completion
12769	 * back to the other controller, not to the backend on this side.
12770	 */
12771	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12772
12773	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12774	fe_datamove(io);
12775}
12776
12777static int
12778ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12779{
12780#if 0
12781	char str[256];
12782	char path_str[64];
12783	struct sbuf sb;
12784#endif
12785	int i;
12786
12787	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12788		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12789	free(io->io_hdr.remote_sglist, M_CTL);
12790	io->io_hdr.remote_sglist = NULL;
12791	io->io_hdr.local_sglist = NULL;
12792
12793#if 0
12794	scsi_path_string(io, path_str, sizeof(path_str));
12795	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12796	sbuf_cat(&sb, path_str);
12797	scsi_command_string(&io->scsiio, NULL, &sb);
12798	sbuf_printf(&sb, "\n");
12799	sbuf_cat(&sb, path_str);
12800	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12801		    io->scsiio.tag_num, io->scsiio.tag_type);
12802	sbuf_cat(&sb, path_str);
12803	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12804		    io->io_hdr.flags, io->io_hdr.status);
12805	sbuf_finish(&sb);
12806	printk("%s", sbuf_data(&sb));
12807#endif
12808
12809
12810	/*
12811	 * The read is done, now we need to send status (good or bad) back
12812	 * to the other side.
12813	 */
12814	ctl_send_datamove_done(io, /*have_lock*/ 0);
12815
12816	return (0);
12817}
12818
12819static void
12820ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12821{
12822	union ctl_io *io;
12823	void (*fe_datamove)(union ctl_io *io);
12824
12825	io = rq->context;
12826
12827	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12828		printf("%s: ISC DMA read failed with error %d\n", __func__,
12829		       rq->ret);
12830		ctl_set_internal_failure(&io->scsiio,
12831					 /*sks_valid*/ 1,
12832					 /*retry_count*/ rq->ret);
12833	}
12834
12835	ctl_dt_req_free(rq);
12836
12837	/* Switch the pointer over so the FETD knows what to do */
12838	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12839
12840	/*
12841	 * Use a custom move done callback, since we need to send completion
12842	 * back to the other controller, not to the backend on this side.
12843	 */
12844	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12845
12846	/* XXX KDM add checks like the ones in ctl_datamove? */
12847
12848	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12849	fe_datamove(io);
12850}
12851
12852static int
12853ctl_datamove_remote_sgl_setup(union ctl_io *io)
12854{
12855	struct ctl_sg_entry *local_sglist;
12856	uint32_t len_to_go;
12857	int retval;
12858	int i;
12859
12860	retval = 0;
12861	local_sglist = io->io_hdr.local_sglist;
12862	len_to_go = io->scsiio.kern_data_len;
12863
12864	/*
12865	 * The difficult thing here is that the size of the various
12866	 * S/G segments may be different than the size from the
12867	 * remote controller.  That'll make it harder when DMAing
12868	 * the data back to the other side.
12869	 */
12870	for (i = 0; len_to_go > 0; i++) {
12871		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12872		local_sglist[i].addr =
12873		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12874
12875		len_to_go -= local_sglist[i].len;
12876	}
12877	/*
12878	 * Reset the number of S/G entries accordingly.  The original
12879	 * number of S/G entries is available in rem_sg_entries.
12880	 */
12881	io->scsiio.kern_sg_entries = i;
12882
12883#if 0
12884	printf("%s: kern_sg_entries = %d\n", __func__,
12885	       io->scsiio.kern_sg_entries);
12886	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12887		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12888		       local_sglist[i].addr, local_sglist[i].len);
12889#endif
12890
12891	return (retval);
12892}
12893
12894static int
12895ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12896			 ctl_ha_dt_cb callback)
12897{
12898	struct ctl_ha_dt_req *rq;
12899	struct ctl_sg_entry *remote_sglist, *local_sglist;
12900	uint32_t local_used, remote_used, total_used;
12901	int i, j, isc_ret;
12902
12903	rq = ctl_dt_req_alloc();
12904
12905	/*
12906	 * If we failed to allocate the request, and if the DMA didn't fail
12907	 * anyway, set busy status.  This is just a resource allocation
12908	 * failure.
12909	 */
12910	if ((rq == NULL)
12911	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12912	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12913		ctl_set_busy(&io->scsiio);
12914
12915	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12916	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12917
12918		if (rq != NULL)
12919			ctl_dt_req_free(rq);
12920
12921		/*
12922		 * The data move failed.  We need to return status back
12923		 * to the other controller.  No point in trying to DMA
12924		 * data to the remote controller.
12925		 */
12926
12927		ctl_send_datamove_done(io, /*have_lock*/ 0);
12928
12929		return (1);
12930	}
12931
12932	local_sglist = io->io_hdr.local_sglist;
12933	remote_sglist = io->io_hdr.remote_sglist;
12934	local_used = 0;
12935	remote_used = 0;
12936	total_used = 0;
12937
12938	/*
12939	 * Pull/push the data over the wire from/to the other controller.
12940	 * This takes into account the possibility that the local and
12941	 * remote sglists may not be identical in terms of the size of
12942	 * the elements and the number of elements.
12943	 *
12944	 * One fundamental assumption here is that the length allocated for
12945	 * both the local and remote sglists is identical.  Otherwise, we've
12946	 * essentially got a coding error of some sort.
12947	 */
12948	isc_ret = CTL_HA_STATUS_SUCCESS;
12949	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12950		uint32_t cur_len;
12951		uint8_t *tmp_ptr;
12952
12953		rq->command = command;
12954		rq->context = io;
12955
12956		/*
12957		 * Both pointers should be aligned.  But it is possible
12958		 * that the allocation length is not.  They should both
12959		 * also have enough slack left over at the end, though,
12960		 * to round up to the next 8 byte boundary.
12961		 */
12962		cur_len = MIN(local_sglist[i].len - local_used,
12963			      remote_sglist[j].len - remote_used);
12964		rq->size = cur_len;
12965
12966		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12967		tmp_ptr += local_used;
12968
12969#if 0
12970		/* Use physical addresses when talking to ISC hardware */
12971		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12972			/* XXX KDM use busdma */
12973			rq->local = vtophys(tmp_ptr);
12974		} else
12975			rq->local = tmp_ptr;
12976#else
12977		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12978		    ("HA does not support BUS_ADDR"));
12979		rq->local = tmp_ptr;
12980#endif
12981
12982		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12983		tmp_ptr += remote_used;
12984		rq->remote = tmp_ptr;
12985
12986		rq->callback = NULL;
12987
12988		local_used += cur_len;
12989		if (local_used >= local_sglist[i].len) {
12990			i++;
12991			local_used = 0;
12992		}
12993
12994		remote_used += cur_len;
12995		if (remote_used >= remote_sglist[j].len) {
12996			j++;
12997			remote_used = 0;
12998		}
12999		total_used += cur_len;
13000
13001		if (total_used >= io->scsiio.kern_data_len)
13002			rq->callback = callback;
13003
13004#if 0
13005		printf("%s: %s: local %p remote %p size %d\n", __func__,
13006		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13007		       rq->local, rq->remote, rq->size);
13008#endif
13009
13010		isc_ret = ctl_dt_single(rq);
13011		if (isc_ret > CTL_HA_STATUS_SUCCESS)
13012			break;
13013	}
13014	if (isc_ret != CTL_HA_STATUS_WAIT) {
13015		rq->ret = isc_ret;
13016		callback(rq);
13017	}
13018
13019	return (0);
13020}
13021
13022static void
13023ctl_datamove_remote_read(union ctl_io *io)
13024{
13025	int retval;
13026	int i;
13027
13028	/*
13029	 * This will send an error to the other controller in the case of a
13030	 * failure.
13031	 */
13032	retval = ctl_datamove_remote_sgl_setup(io);
13033	if (retval != 0)
13034		return;
13035
13036	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13037					  ctl_datamove_remote_read_cb);
13038	if (retval != 0) {
13039		/*
13040		 * Make sure we free memory if there was an error..  The
13041		 * ctl_datamove_remote_xfer() function will send the
13042		 * datamove done message, or call the callback with an
13043		 * error if there is a problem.
13044		 */
13045		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13046			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13047		free(io->io_hdr.remote_sglist, M_CTL);
13048		io->io_hdr.remote_sglist = NULL;
13049		io->io_hdr.local_sglist = NULL;
13050	}
13051}
13052
13053/*
13054 * Process a datamove request from the other controller.  This is used for
13055 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13056 * first.  Once that is complete, the data gets DMAed into the remote
13057 * controller's memory.  For reads, we DMA from the remote controller's
13058 * memory into our memory first, and then move it out to the FETD.
13059 */
13060static void
13061ctl_datamove_remote(union ctl_io *io)
13062{
13063
13064	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
13065
13066	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13067		ctl_failover_io(io, /*have_lock*/ 0);
13068		return;
13069	}
13070
13071	/*
13072	 * Note that we look for an aborted I/O here, but don't do some of
13073	 * the other checks that ctl_datamove() normally does.
13074	 * We don't need to run the datamove delay code, since that should
13075	 * have been done if need be on the other controller.
13076	 */
13077	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13078		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
13079		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
13080		       io->io_hdr.nexus.targ_port,
13081		       io->io_hdr.nexus.targ_lun);
13082		io->io_hdr.port_status = 31338;
13083		ctl_send_datamove_done(io, /*have_lock*/ 0);
13084		return;
13085	}
13086
13087	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
13088		ctl_datamove_remote_write(io);
13089	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
13090		ctl_datamove_remote_read(io);
13091	else {
13092		io->io_hdr.port_status = 31339;
13093		ctl_send_datamove_done(io, /*have_lock*/ 0);
13094	}
13095}
13096
13097static void
13098ctl_process_done(union ctl_io *io)
13099{
13100	struct ctl_lun *lun;
13101	struct ctl_softc *softc = control_softc;
13102	void (*fe_done)(union ctl_io *io);
13103	union ctl_ha_msg msg;
13104	uint32_t targ_port = io->io_hdr.nexus.targ_port;
13105
13106	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13107	fe_done = softc->ctl_ports[targ_port]->fe_done;
13108
13109#ifdef CTL_TIME_IO
13110	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13111		char str[256];
13112		char path_str[64];
13113		struct sbuf sb;
13114
13115		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13116		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13117
13118		sbuf_cat(&sb, path_str);
13119		switch (io->io_hdr.io_type) {
13120		case CTL_IO_SCSI:
13121			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13122			sbuf_printf(&sb, "\n");
13123			sbuf_cat(&sb, path_str);
13124			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13125				    io->scsiio.tag_num, io->scsiio.tag_type);
13126			break;
13127		case CTL_IO_TASK:
13128			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13129				    "Tag Type: %d\n", io->taskio.task_action,
13130				    io->taskio.tag_num, io->taskio.tag_type);
13131			break;
13132		default:
13133			panic("%s: Invalid CTL I/O type %d\n",
13134			    __func__, io->io_hdr.io_type);
13135		}
13136		sbuf_cat(&sb, path_str);
13137		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13138			    (intmax_t)time_uptime - io->io_hdr.start_time);
13139		sbuf_finish(&sb);
13140		printf("%s", sbuf_data(&sb));
13141	}
13142#endif /* CTL_TIME_IO */
13143
13144	switch (io->io_hdr.io_type) {
13145	case CTL_IO_SCSI:
13146		break;
13147	case CTL_IO_TASK:
13148		if (ctl_debug & CTL_DEBUG_INFO)
13149			ctl_io_error_print(io, NULL);
13150		fe_done(io);
13151		return;
13152	default:
13153		panic("%s: Invalid CTL I/O type %d\n",
13154		    __func__, io->io_hdr.io_type);
13155	}
13156
13157	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13158	if (lun == NULL) {
13159		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13160				 io->io_hdr.nexus.targ_mapped_lun));
13161		goto bailout;
13162	}
13163
13164	mtx_lock(&lun->lun_lock);
13165
13166	/*
13167	 * Check to see if we have any errors to inject here.  We only
13168	 * inject errors for commands that don't already have errors set.
13169	 */
13170	if (!STAILQ_EMPTY(&lun->error_list) &&
13171	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13172	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13173		ctl_inject_error(lun, io);
13174
13175	/*
13176	 * XXX KDM how do we treat commands that aren't completed
13177	 * successfully?
13178	 *
13179	 * XXX KDM should we also track I/O latency?
13180	 */
13181	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13182	    io->io_hdr.io_type == CTL_IO_SCSI) {
13183#ifdef CTL_TIME_IO
13184		struct bintime cur_bt;
13185#endif
13186		int type;
13187
13188		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13189		    CTL_FLAG_DATA_IN)
13190			type = CTL_STATS_READ;
13191		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13192		    CTL_FLAG_DATA_OUT)
13193			type = CTL_STATS_WRITE;
13194		else
13195			type = CTL_STATS_NO_IO;
13196
13197		lun->stats.ports[targ_port].bytes[type] +=
13198		    io->scsiio.kern_total_len;
13199		lun->stats.ports[targ_port].operations[type]++;
13200#ifdef CTL_TIME_IO
13201		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13202		   &io->io_hdr.dma_bt);
13203		getbinuptime(&cur_bt);
13204		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13205		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13206#endif
13207		lun->stats.ports[targ_port].num_dmas[type] +=
13208		    io->io_hdr.num_dmas;
13209	}
13210
13211	/*
13212	 * Remove this from the OOA queue.
13213	 */
13214	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13215#ifdef CTL_TIME_IO
13216	if (TAILQ_EMPTY(&lun->ooa_queue))
13217		lun->last_busy = getsbinuptime();
13218#endif
13219
13220	/*
13221	 * Run through the blocked queue on this LUN and see if anything
13222	 * has become unblocked, now that this transaction is done.
13223	 */
13224	ctl_check_blocked(lun);
13225
13226	/*
13227	 * If the LUN has been invalidated, free it if there is nothing
13228	 * left on its OOA queue.
13229	 */
13230	if ((lun->flags & CTL_LUN_INVALID)
13231	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13232		mtx_unlock(&lun->lun_lock);
13233		mtx_lock(&softc->ctl_lock);
13234		ctl_free_lun(lun);
13235		mtx_unlock(&softc->ctl_lock);
13236	} else
13237		mtx_unlock(&lun->lun_lock);
13238
13239bailout:
13240
13241	/*
13242	 * If this command has been aborted, make sure we set the status
13243	 * properly.  The FETD is responsible for freeing the I/O and doing
13244	 * whatever it needs to do to clean up its state.
13245	 */
13246	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13247		ctl_set_task_aborted(&io->scsiio);
13248
13249	/*
13250	 * If enabled, print command error status.
13251	 */
13252	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13253	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13254		ctl_io_error_print(io, NULL);
13255
13256	/*
13257	 * Tell the FETD or the other shelf controller we're done with this
13258	 * command.  Note that only SCSI commands get to this point.  Task
13259	 * management commands are completed above.
13260	 */
13261	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13262	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13263		memset(&msg, 0, sizeof(msg));
13264		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13265		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13266		msg.hdr.nexus = io->io_hdr.nexus;
13267		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13268		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13269		    M_WAITOK);
13270	}
13271
13272	fe_done(io);
13273}
13274
13275#ifdef CTL_WITH_CA
13276/*
13277 * Front end should call this if it doesn't do autosense.  When the request
13278 * sense comes back in from the initiator, we'll dequeue this and send it.
13279 */
13280int
13281ctl_queue_sense(union ctl_io *io)
13282{
13283	struct ctl_lun *lun;
13284	struct ctl_port *port;
13285	struct ctl_softc *softc;
13286	uint32_t initidx, targ_lun;
13287
13288	softc = control_softc;
13289
13290	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13291
13292	/*
13293	 * LUN lookup will likely move to the ctl_work_thread() once we
13294	 * have our new queueing infrastructure (that doesn't put things on
13295	 * a per-LUN queue initially).  That is so that we can handle
13296	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13297	 * can't deal with that right now.
13298	 */
13299	mtx_lock(&softc->ctl_lock);
13300
13301	/*
13302	 * If we don't have a LUN for this, just toss the sense
13303	 * information.
13304	 */
13305	port = ctl_io_port(&ctsio->io_hdr);
13306	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13307	if ((targ_lun < CTL_MAX_LUNS)
13308	 && (softc->ctl_luns[targ_lun] != NULL))
13309		lun = softc->ctl_luns[targ_lun];
13310	else
13311		goto bailout;
13312
13313	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13314
13315	mtx_lock(&lun->lun_lock);
13316	/*
13317	 * Already have CA set for this LUN...toss the sense information.
13318	 */
13319	if (ctl_is_set(lun->have_ca, initidx)) {
13320		mtx_unlock(&lun->lun_lock);
13321		goto bailout;
13322	}
13323
13324	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13325	       MIN(sizeof(lun->pending_sense[initidx]),
13326	       sizeof(io->scsiio.sense_data)));
13327	ctl_set_mask(lun->have_ca, initidx);
13328	mtx_unlock(&lun->lun_lock);
13329
13330bailout:
13331	mtx_unlock(&softc->ctl_lock);
13332
13333	ctl_free_io(io);
13334
13335	return (CTL_RETVAL_COMPLETE);
13336}
13337#endif
13338
13339/*
13340 * Primary command inlet from frontend ports.  All SCSI and task I/O
13341 * requests must go through this function.
13342 */
13343int
13344ctl_queue(union ctl_io *io)
13345{
13346	struct ctl_port *port;
13347
13348	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13349
13350#ifdef CTL_TIME_IO
13351	io->io_hdr.start_time = time_uptime;
13352	getbinuptime(&io->io_hdr.start_bt);
13353#endif /* CTL_TIME_IO */
13354
13355	/* Map FE-specific LUN ID into global one. */
13356	port = ctl_io_port(&io->io_hdr);
13357	io->io_hdr.nexus.targ_mapped_lun =
13358	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13359
13360	switch (io->io_hdr.io_type) {
13361	case CTL_IO_SCSI:
13362	case CTL_IO_TASK:
13363		if (ctl_debug & CTL_DEBUG_CDB)
13364			ctl_io_print(io);
13365		ctl_enqueue_incoming(io);
13366		break;
13367	default:
13368		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13369		return (EINVAL);
13370	}
13371
13372	return (CTL_RETVAL_COMPLETE);
13373}
13374
13375#ifdef CTL_IO_DELAY
13376static void
13377ctl_done_timer_wakeup(void *arg)
13378{
13379	union ctl_io *io;
13380
13381	io = (union ctl_io *)arg;
13382	ctl_done(io);
13383}
13384#endif /* CTL_IO_DELAY */
13385
13386void
13387ctl_serseq_done(union ctl_io *io)
13388{
13389	struct ctl_lun *lun;
13390
13391	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13392	if (lun->be_lun == NULL ||
13393	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13394		return;
13395	mtx_lock(&lun->lun_lock);
13396	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13397	ctl_check_blocked(lun);
13398	mtx_unlock(&lun->lun_lock);
13399}
13400
13401void
13402ctl_done(union ctl_io *io)
13403{
13404
13405	/*
13406	 * Enable this to catch duplicate completion issues.
13407	 */
13408#if 0
13409	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13410		printf("%s: type %d msg %d cdb %x iptl: "
13411		       "%u:%u:%u tag 0x%04x "
13412		       "flag %#x status %x\n",
13413			__func__,
13414			io->io_hdr.io_type,
13415			io->io_hdr.msg_type,
13416			io->scsiio.cdb[0],
13417			io->io_hdr.nexus.initid,
13418			io->io_hdr.nexus.targ_port,
13419			io->io_hdr.nexus.targ_lun,
13420			(io->io_hdr.io_type ==
13421			CTL_IO_TASK) ?
13422			io->taskio.tag_num :
13423			io->scsiio.tag_num,
13424		        io->io_hdr.flags,
13425			io->io_hdr.status);
13426	} else
13427		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13428#endif
13429
13430	/*
13431	 * This is an internal copy of an I/O, and should not go through
13432	 * the normal done processing logic.
13433	 */
13434	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13435		return;
13436
13437#ifdef CTL_IO_DELAY
13438	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13439		struct ctl_lun *lun;
13440
13441		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13442
13443		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13444	} else {
13445		struct ctl_lun *lun;
13446
13447		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13448
13449		if ((lun != NULL)
13450		 && (lun->delay_info.done_delay > 0)) {
13451
13452			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13453			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13454			callout_reset(&io->io_hdr.delay_callout,
13455				      lun->delay_info.done_delay * hz,
13456				      ctl_done_timer_wakeup, io);
13457			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13458				lun->delay_info.done_delay = 0;
13459			return;
13460		}
13461	}
13462#endif /* CTL_IO_DELAY */
13463
13464	ctl_enqueue_done(io);
13465}
13466
13467static void
13468ctl_work_thread(void *arg)
13469{
13470	struct ctl_thread *thr = (struct ctl_thread *)arg;
13471	struct ctl_softc *softc = thr->ctl_softc;
13472	union ctl_io *io;
13473	int retval;
13474
13475	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13476
13477	for (;;) {
13478		/*
13479		 * We handle the queues in this order:
13480		 * - ISC
13481		 * - done queue (to free up resources, unblock other commands)
13482		 * - RtR queue
13483		 * - incoming queue
13484		 *
13485		 * If those queues are empty, we break out of the loop and
13486		 * go to sleep.
13487		 */
13488		mtx_lock(&thr->queue_lock);
13489		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13490		if (io != NULL) {
13491			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13492			mtx_unlock(&thr->queue_lock);
13493			ctl_handle_isc(io);
13494			continue;
13495		}
13496		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13497		if (io != NULL) {
13498			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13499			/* clear any blocked commands, call fe_done */
13500			mtx_unlock(&thr->queue_lock);
13501			ctl_process_done(io);
13502			continue;
13503		}
13504		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13505		if (io != NULL) {
13506			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13507			mtx_unlock(&thr->queue_lock);
13508			if (io->io_hdr.io_type == CTL_IO_TASK)
13509				ctl_run_task(io);
13510			else
13511				ctl_scsiio_precheck(softc, &io->scsiio);
13512			continue;
13513		}
13514		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13515		if (io != NULL) {
13516			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13517			mtx_unlock(&thr->queue_lock);
13518			retval = ctl_scsiio(&io->scsiio);
13519			if (retval != CTL_RETVAL_COMPLETE)
13520				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13521			continue;
13522		}
13523
13524		/* Sleep until we have something to do. */
13525		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13526	}
13527}
13528
13529static void
13530ctl_lun_thread(void *arg)
13531{
13532	struct ctl_softc *softc = (struct ctl_softc *)arg;
13533	struct ctl_be_lun *be_lun;
13534
13535	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13536
13537	for (;;) {
13538		mtx_lock(&softc->ctl_lock);
13539		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13540		if (be_lun != NULL) {
13541			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13542			mtx_unlock(&softc->ctl_lock);
13543			ctl_create_lun(be_lun);
13544			continue;
13545		}
13546
13547		/* Sleep until we have something to do. */
13548		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13549		    PDROP | PRIBIO, "-", 0);
13550	}
13551}
13552
13553static void
13554ctl_thresh_thread(void *arg)
13555{
13556	struct ctl_softc *softc = (struct ctl_softc *)arg;
13557	struct ctl_lun *lun;
13558	struct scsi_da_rw_recovery_page *rwpage;
13559	struct ctl_logical_block_provisioning_page *page;
13560	const char *attr;
13561	union ctl_ha_msg msg;
13562	uint64_t thres, val;
13563	int i, e, set;
13564
13565	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13566
13567	for (;;) {
13568		mtx_lock(&softc->ctl_lock);
13569		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13570			if ((lun->flags & CTL_LUN_DISABLED) ||
13571			    (lun->flags & CTL_LUN_NO_MEDIA) ||
13572			    lun->backend->lun_attr == NULL)
13573				continue;
13574			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13575			    softc->ha_mode == CTL_HA_MODE_XFER)
13576				continue;
13577			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13578			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13579				continue;
13580			e = 0;
13581			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13582			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13583				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13584					continue;
13585				thres = scsi_4btoul(page->descr[i].count);
13586				thres <<= CTL_LBP_EXPONENT;
13587				switch (page->descr[i].resource) {
13588				case 0x01:
13589					attr = "blocksavail";
13590					break;
13591				case 0x02:
13592					attr = "blocksused";
13593					break;
13594				case 0xf1:
13595					attr = "poolblocksavail";
13596					break;
13597				case 0xf2:
13598					attr = "poolblocksused";
13599					break;
13600				default:
13601					continue;
13602				}
13603				mtx_unlock(&softc->ctl_lock); // XXX
13604				val = lun->backend->lun_attr(
13605				    lun->be_lun->be_lun, attr);
13606				mtx_lock(&softc->ctl_lock);
13607				if (val == UINT64_MAX)
13608					continue;
13609				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13610				    == SLBPPD_ARMING_INC)
13611					e = (val >= thres);
13612				else
13613					e = (val <= thres);
13614				if (e)
13615					break;
13616			}
13617			mtx_lock(&lun->lun_lock);
13618			if (e) {
13619				scsi_u64to8b((uint8_t *)&page->descr[i] -
13620				    (uint8_t *)page, lun->ua_tpt_info);
13621				if (lun->lasttpt == 0 ||
13622				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13623					lun->lasttpt = time_uptime;
13624					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13625					set = 1;
13626				} else
13627					set = 0;
13628			} else {
13629				lun->lasttpt = 0;
13630				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13631				set = -1;
13632			}
13633			mtx_unlock(&lun->lun_lock);
13634			if (set != 0 &&
13635			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13636				/* Send msg to other side. */
13637				bzero(&msg.ua, sizeof(msg.ua));
13638				msg.hdr.msg_type = CTL_MSG_UA;
13639				msg.hdr.nexus.initid = -1;
13640				msg.hdr.nexus.targ_port = -1;
13641				msg.hdr.nexus.targ_lun = lun->lun;
13642				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13643				msg.ua.ua_all = 1;
13644				msg.ua.ua_set = (set > 0);
13645				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13646				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13647				mtx_unlock(&softc->ctl_lock); // XXX
13648				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13649				    sizeof(msg.ua), M_WAITOK);
13650				mtx_lock(&softc->ctl_lock);
13651			}
13652		}
13653		mtx_unlock(&softc->ctl_lock);
13654		pause("-", CTL_LBP_PERIOD * hz);
13655	}
13656}
13657
13658static void
13659ctl_enqueue_incoming(union ctl_io *io)
13660{
13661	struct ctl_softc *softc = control_softc;
13662	struct ctl_thread *thr;
13663	u_int idx;
13664
13665	idx = (io->io_hdr.nexus.targ_port * 127 +
13666	       io->io_hdr.nexus.initid) % worker_threads;
13667	thr = &softc->threads[idx];
13668	mtx_lock(&thr->queue_lock);
13669	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13670	mtx_unlock(&thr->queue_lock);
13671	wakeup(thr);
13672}
13673
13674static void
13675ctl_enqueue_rtr(union ctl_io *io)
13676{
13677	struct ctl_softc *softc = control_softc;
13678	struct ctl_thread *thr;
13679
13680	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13681	mtx_lock(&thr->queue_lock);
13682	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13683	mtx_unlock(&thr->queue_lock);
13684	wakeup(thr);
13685}
13686
13687static void
13688ctl_enqueue_done(union ctl_io *io)
13689{
13690	struct ctl_softc *softc = control_softc;
13691	struct ctl_thread *thr;
13692
13693	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13694	mtx_lock(&thr->queue_lock);
13695	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13696	mtx_unlock(&thr->queue_lock);
13697	wakeup(thr);
13698}
13699
13700static void
13701ctl_enqueue_isc(union ctl_io *io)
13702{
13703	struct ctl_softc *softc = control_softc;
13704	struct ctl_thread *thr;
13705
13706	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13707	mtx_lock(&thr->queue_lock);
13708	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13709	mtx_unlock(&thr->queue_lock);
13710	wakeup(thr);
13711}
13712
13713/*
13714 *  vim: ts=8
13715 */
13716