ctl.c revision 344992 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2014-2017 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#include <sys/cdefs.h>
44__FBSDID("$FreeBSD: stable/11/sys/cam/ctl/ctl.c 344992 2019-03-11 01:44:37Z mav $");
45
46#include <sys/param.h>
47#include <sys/systm.h>
48#include <sys/ctype.h>
49#include <sys/kernel.h>
50#include <sys/types.h>
51#include <sys/kthread.h>
52#include <sys/bio.h>
53#include <sys/fcntl.h>
54#include <sys/lock.h>
55#include <sys/module.h>
56#include <sys/mutex.h>
57#include <sys/condvar.h>
58#include <sys/malloc.h>
59#include <sys/conf.h>
60#include <sys/ioccom.h>
61#include <sys/queue.h>
62#include <sys/sbuf.h>
63#include <sys/smp.h>
64#include <sys/endian.h>
65#include <sys/sysctl.h>
66#include <vm/uma.h>
67
68#include <cam/cam.h>
69#include <cam/scsi/scsi_all.h>
70#include <cam/scsi/scsi_cd.h>
71#include <cam/scsi/scsi_da.h>
72#include <cam/ctl/ctl_io.h>
73#include <cam/ctl/ctl.h>
74#include <cam/ctl/ctl_frontend.h>
75#include <cam/ctl/ctl_util.h>
76#include <cam/ctl/ctl_backend.h>
77#include <cam/ctl/ctl_ioctl.h>
78#include <cam/ctl/ctl_ha.h>
79#include <cam/ctl/ctl_private.h>
80#include <cam/ctl/ctl_debug.h>
81#include <cam/ctl/ctl_scsi_all.h>
82#include <cam/ctl/ctl_error.h>
83
84struct ctl_softc *control_softc = NULL;
85
86/*
87 * Template mode pages.
88 */
89
90/*
91 * Note that these are default values only.  The actual values will be
92 * filled in when the user does a mode sense.
93 */
94const static struct scsi_da_rw_recovery_page rw_er_page_default = {
95	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
96	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
97	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
98	/*read_retry_count*/0,
99	/*correction_span*/0,
100	/*head_offset_count*/0,
101	/*data_strobe_offset_cnt*/0,
102	/*byte8*/SMS_RWER_LBPERE,
103	/*write_retry_count*/0,
104	/*reserved2*/0,
105	/*recovery_time_limit*/{0, 0},
106};
107
108const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
109	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
110	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
111	/*byte3*/SMS_RWER_PER,
112	/*read_retry_count*/0,
113	/*correction_span*/0,
114	/*head_offset_count*/0,
115	/*data_strobe_offset_cnt*/0,
116	/*byte8*/SMS_RWER_LBPERE,
117	/*write_retry_count*/0,
118	/*reserved2*/0,
119	/*recovery_time_limit*/{0, 0},
120};
121
122const static struct scsi_format_page format_page_default = {
123	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
124	/*page_length*/sizeof(struct scsi_format_page) - 2,
125	/*tracks_per_zone*/ {0, 0},
126	/*alt_sectors_per_zone*/ {0, 0},
127	/*alt_tracks_per_zone*/ {0, 0},
128	/*alt_tracks_per_lun*/ {0, 0},
129	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
130			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
131	/*bytes_per_sector*/ {0, 0},
132	/*interleave*/ {0, 0},
133	/*track_skew*/ {0, 0},
134	/*cylinder_skew*/ {0, 0},
135	/*flags*/ SFP_HSEC,
136	/*reserved*/ {0, 0, 0}
137};
138
139const static struct scsi_format_page format_page_changeable = {
140	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
141	/*page_length*/sizeof(struct scsi_format_page) - 2,
142	/*tracks_per_zone*/ {0, 0},
143	/*alt_sectors_per_zone*/ {0, 0},
144	/*alt_tracks_per_zone*/ {0, 0},
145	/*alt_tracks_per_lun*/ {0, 0},
146	/*sectors_per_track*/ {0, 0},
147	/*bytes_per_sector*/ {0, 0},
148	/*interleave*/ {0, 0},
149	/*track_skew*/ {0, 0},
150	/*cylinder_skew*/ {0, 0},
151	/*flags*/ 0,
152	/*reserved*/ {0, 0, 0}
153};
154
155const static struct scsi_rigid_disk_page rigid_disk_page_default = {
156	/*page_code*/SMS_RIGID_DISK_PAGE,
157	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
158	/*cylinders*/ {0, 0, 0},
159	/*heads*/ CTL_DEFAULT_HEADS,
160	/*start_write_precomp*/ {0, 0, 0},
161	/*start_reduced_current*/ {0, 0, 0},
162	/*step_rate*/ {0, 0},
163	/*landing_zone_cylinder*/ {0, 0, 0},
164	/*rpl*/ SRDP_RPL_DISABLED,
165	/*rotational_offset*/ 0,
166	/*reserved1*/ 0,
167	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
168			   CTL_DEFAULT_ROTATION_RATE & 0xff},
169	/*reserved2*/ {0, 0}
170};
171
172const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
173	/*page_code*/SMS_RIGID_DISK_PAGE,
174	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
175	/*cylinders*/ {0, 0, 0},
176	/*heads*/ 0,
177	/*start_write_precomp*/ {0, 0, 0},
178	/*start_reduced_current*/ {0, 0, 0},
179	/*step_rate*/ {0, 0},
180	/*landing_zone_cylinder*/ {0, 0, 0},
181	/*rpl*/ 0,
182	/*rotational_offset*/ 0,
183	/*reserved1*/ 0,
184	/*rotation_rate*/ {0, 0},
185	/*reserved2*/ {0, 0}
186};
187
188const static struct scsi_da_verify_recovery_page verify_er_page_default = {
189	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
190	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
191	/*byte3*/0,
192	/*read_retry_count*/0,
193	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
194	/*recovery_time_limit*/{0, 0},
195};
196
197const static struct scsi_da_verify_recovery_page verify_er_page_changeable = {
198	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
199	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
200	/*byte3*/SMS_VER_PER,
201	/*read_retry_count*/0,
202	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
203	/*recovery_time_limit*/{0, 0},
204};
205
206const static struct scsi_caching_page caching_page_default = {
207	/*page_code*/SMS_CACHING_PAGE,
208	/*page_length*/sizeof(struct scsi_caching_page) - 2,
209	/*flags1*/ SCP_DISC | SCP_WCE,
210	/*ret_priority*/ 0,
211	/*disable_pf_transfer_len*/ {0xff, 0xff},
212	/*min_prefetch*/ {0, 0},
213	/*max_prefetch*/ {0xff, 0xff},
214	/*max_pf_ceiling*/ {0xff, 0xff},
215	/*flags2*/ 0,
216	/*cache_segments*/ 0,
217	/*cache_seg_size*/ {0, 0},
218	/*reserved*/ 0,
219	/*non_cache_seg_size*/ {0, 0, 0}
220};
221
222const static struct scsi_caching_page caching_page_changeable = {
223	/*page_code*/SMS_CACHING_PAGE,
224	/*page_length*/sizeof(struct scsi_caching_page) - 2,
225	/*flags1*/ SCP_WCE | SCP_RCD,
226	/*ret_priority*/ 0,
227	/*disable_pf_transfer_len*/ {0, 0},
228	/*min_prefetch*/ {0, 0},
229	/*max_prefetch*/ {0, 0},
230	/*max_pf_ceiling*/ {0, 0},
231	/*flags2*/ 0,
232	/*cache_segments*/ 0,
233	/*cache_seg_size*/ {0, 0},
234	/*reserved*/ 0,
235	/*non_cache_seg_size*/ {0, 0, 0}
236};
237
238const static struct scsi_control_page control_page_default = {
239	/*page_code*/SMS_CONTROL_MODE_PAGE,
240	/*page_length*/sizeof(struct scsi_control_page) - 2,
241	/*rlec*/0,
242	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
243	/*eca_and_aen*/0,
244	/*flags4*/SCP_TAS,
245	/*aen_holdoff_period*/{0, 0},
246	/*busy_timeout_period*/{0, 0},
247	/*extended_selftest_completion_time*/{0, 0}
248};
249
250const static struct scsi_control_page control_page_changeable = {
251	/*page_code*/SMS_CONTROL_MODE_PAGE,
252	/*page_length*/sizeof(struct scsi_control_page) - 2,
253	/*rlec*/SCP_DSENSE,
254	/*queue_flags*/SCP_QUEUE_ALG_MASK | SCP_NUAR,
255	/*eca_and_aen*/SCP_SWP,
256	/*flags4*/0,
257	/*aen_holdoff_period*/{0, 0},
258	/*busy_timeout_period*/{0, 0},
259	/*extended_selftest_completion_time*/{0, 0}
260};
261
262#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
263
264const static struct scsi_control_ext_page control_ext_page_default = {
265	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
266	/*subpage_code*/0x01,
267	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
268	/*flags*/0,
269	/*prio*/0,
270	/*max_sense*/0
271};
272
273const static struct scsi_control_ext_page control_ext_page_changeable = {
274	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
275	/*subpage_code*/0x01,
276	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
277	/*flags*/0,
278	/*prio*/0,
279	/*max_sense*/0xff
280};
281
282const static struct scsi_info_exceptions_page ie_page_default = {
283	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
284	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
285	/*info_flags*/SIEP_FLAGS_EWASC,
286	/*mrie*/SIEP_MRIE_NO,
287	/*interval_timer*/{0, 0, 0, 0},
288	/*report_count*/{0, 0, 0, 1}
289};
290
291const static struct scsi_info_exceptions_page ie_page_changeable = {
292	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
293	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
294	/*info_flags*/SIEP_FLAGS_EWASC | SIEP_FLAGS_DEXCPT | SIEP_FLAGS_TEST |
295	    SIEP_FLAGS_LOGERR,
296	/*mrie*/0x0f,
297	/*interval_timer*/{0xff, 0xff, 0xff, 0xff},
298	/*report_count*/{0xff, 0xff, 0xff, 0xff}
299};
300
301#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
302
303const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
304	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
305	/*subpage_code*/0x02,
306	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
307	/*flags*/0,
308	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
309	/*descr*/{}},
310	{{/*flags*/0,
311	  /*resource*/0x01,
312	  /*reserved*/{0, 0},
313	  /*count*/{0, 0, 0, 0}},
314	 {/*flags*/0,
315	  /*resource*/0x02,
316	  /*reserved*/{0, 0},
317	  /*count*/{0, 0, 0, 0}},
318	 {/*flags*/0,
319	  /*resource*/0xf1,
320	  /*reserved*/{0, 0},
321	  /*count*/{0, 0, 0, 0}},
322	 {/*flags*/0,
323	  /*resource*/0xf2,
324	  /*reserved*/{0, 0},
325	  /*count*/{0, 0, 0, 0}}
326	}
327};
328
329const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
330	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
331	/*subpage_code*/0x02,
332	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
333	/*flags*/SLBPP_SITUA,
334	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
335	/*descr*/{}},
336	{{/*flags*/0,
337	  /*resource*/0,
338	  /*reserved*/{0, 0},
339	  /*count*/{0, 0, 0, 0}},
340	 {/*flags*/0,
341	  /*resource*/0,
342	  /*reserved*/{0, 0},
343	  /*count*/{0, 0, 0, 0}},
344	 {/*flags*/0,
345	  /*resource*/0,
346	  /*reserved*/{0, 0},
347	  /*count*/{0, 0, 0, 0}},
348	 {/*flags*/0,
349	  /*resource*/0,
350	  /*reserved*/{0, 0},
351	  /*count*/{0, 0, 0, 0}}
352	}
353};
354
355const static struct scsi_cddvd_capabilities_page cddvd_page_default = {
356	/*page_code*/SMS_CDDVD_CAPS_PAGE,
357	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
358	/*caps1*/0x3f,
359	/*caps2*/0x00,
360	/*caps3*/0xf0,
361	/*caps4*/0x00,
362	/*caps5*/0x29,
363	/*caps6*/0x00,
364	/*obsolete*/{0, 0},
365	/*nvol_levels*/{0, 0},
366	/*buffer_size*/{8, 0},
367	/*obsolete2*/{0, 0},
368	/*reserved*/0,
369	/*digital*/0,
370	/*obsolete3*/0,
371	/*copy_management*/0,
372	/*reserved2*/0,
373	/*rotation_control*/0,
374	/*cur_write_speed*/0,
375	/*num_speed_descr*/0,
376};
377
378const static struct scsi_cddvd_capabilities_page cddvd_page_changeable = {
379	/*page_code*/SMS_CDDVD_CAPS_PAGE,
380	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
381	/*caps1*/0,
382	/*caps2*/0,
383	/*caps3*/0,
384	/*caps4*/0,
385	/*caps5*/0,
386	/*caps6*/0,
387	/*obsolete*/{0, 0},
388	/*nvol_levels*/{0, 0},
389	/*buffer_size*/{0, 0},
390	/*obsolete2*/{0, 0},
391	/*reserved*/0,
392	/*digital*/0,
393	/*obsolete3*/0,
394	/*copy_management*/0,
395	/*reserved2*/0,
396	/*rotation_control*/0,
397	/*cur_write_speed*/0,
398	/*num_speed_descr*/0,
399};
400
401SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
402static int worker_threads = -1;
403SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
404    &worker_threads, 1, "Number of worker threads");
405static int ctl_debug = CTL_DEBUG_NONE;
406SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
407    &ctl_debug, 0, "Enabled debug flags");
408static int ctl_lun_map_size = 1024;
409SYSCTL_INT(_kern_cam_ctl, OID_AUTO, lun_map_size, CTLFLAG_RWTUN,
410    &ctl_lun_map_size, 0, "Size of per-port LUN map (max LUN + 1)");
411#ifdef  CTL_TIME_IO
412static int ctl_time_io_secs = CTL_TIME_IO_DEFAULT_SECS;
413SYSCTL_INT(_kern_cam_ctl, OID_AUTO, time_io_secs, CTLFLAG_RWTUN,
414    &ctl_time_io_secs, 0, "Log requests taking more seconds");
415#endif
416
417/*
418 * Maximum number of LUNs we support.  MUST be a power of 2.
419 */
420#define	CTL_DEFAULT_MAX_LUNS	1024
421static int ctl_max_luns = CTL_DEFAULT_MAX_LUNS;
422TUNABLE_INT("kern.cam.ctl.max_luns", &ctl_max_luns);
423SYSCTL_INT(_kern_cam_ctl, OID_AUTO, max_luns, CTLFLAG_RDTUN,
424    &ctl_max_luns, CTL_DEFAULT_MAX_LUNS, "Maximum number of LUNs");
425
426/*
427 * Maximum number of ports registered at one time.
428 */
429#define	CTL_DEFAULT_MAX_PORTS		256
430static int ctl_max_ports = CTL_DEFAULT_MAX_PORTS;
431TUNABLE_INT("kern.cam.ctl.max_ports", &ctl_max_ports);
432SYSCTL_INT(_kern_cam_ctl, OID_AUTO, max_ports, CTLFLAG_RDTUN,
433    &ctl_max_ports, CTL_DEFAULT_MAX_LUNS, "Maximum number of ports");
434
435/*
436 * Maximum number of initiators we support.
437 */
438#define	CTL_MAX_INITIATORS	(CTL_MAX_INIT_PER_PORT * ctl_max_ports)
439
440/*
441 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
442 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
443 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
444 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
445 */
446#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
447
448static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
449				  int param);
450static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
451static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
452static int ctl_init(void);
453static int ctl_shutdown(void);
454static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
455static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
456static void ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
457static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
458			      struct ctl_ooa *ooa_hdr,
459			      struct ctl_ooa_entry *kern_entries);
460static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
461		     struct thread *td);
462static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
463			 struct ctl_be_lun *be_lun);
464static int ctl_free_lun(struct ctl_lun *lun);
465static void ctl_create_lun(struct ctl_be_lun *be_lun);
466
467static int ctl_do_mode_select(union ctl_io *io);
468static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
469			   uint64_t res_key, uint64_t sa_res_key,
470			   uint8_t type, uint32_t residx,
471			   struct ctl_scsiio *ctsio,
472			   struct scsi_per_res_out *cdb,
473			   struct scsi_per_res_out_parms* param);
474static void ctl_pro_preempt_other(struct ctl_lun *lun,
475				  union ctl_ha_msg *msg);
476static void ctl_hndl_per_res_out_on_other_sc(union ctl_io *io);
477static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
478static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
479static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
480static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
481static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
482static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
483					 int alloc_len);
484static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
485					 int alloc_len);
486static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
487static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
488static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
489static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
490static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
491static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
492    bool seq);
493static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
494static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
495    union ctl_io *pending_io, union ctl_io *ooa_io);
496static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
497				union ctl_io *starting_io);
498static int ctl_check_blocked(struct ctl_lun *lun);
499static int ctl_scsiio_lun_check(struct ctl_lun *lun,
500				const struct ctl_cmd_entry *entry,
501				struct ctl_scsiio *ctsio);
502static void ctl_failover_lun(union ctl_io *io);
503static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
504			       struct ctl_scsiio *ctsio);
505static int ctl_scsiio(struct ctl_scsiio *ctsio);
506
507static int ctl_target_reset(union ctl_io *io);
508static void ctl_do_lun_reset(struct ctl_lun *lun, uint32_t initidx,
509			 ctl_ua_type ua_type);
510static int ctl_lun_reset(union ctl_io *io);
511static int ctl_abort_task(union ctl_io *io);
512static int ctl_abort_task_set(union ctl_io *io);
513static int ctl_query_task(union ctl_io *io, int task_set);
514static void ctl_i_t_nexus_loss(struct ctl_softc *softc, uint32_t initidx,
515			      ctl_ua_type ua_type);
516static int ctl_i_t_nexus_reset(union ctl_io *io);
517static int ctl_query_async_event(union ctl_io *io);
518static void ctl_run_task(union ctl_io *io);
519#ifdef CTL_IO_DELAY
520static void ctl_datamove_timer_wakeup(void *arg);
521static void ctl_done_timer_wakeup(void *arg);
522#endif /* CTL_IO_DELAY */
523
524static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
525static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
526static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
527static void ctl_datamove_remote_write(union ctl_io *io);
528static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
529static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
530static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
531static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
532				    ctl_ha_dt_cb callback);
533static void ctl_datamove_remote_read(union ctl_io *io);
534static void ctl_datamove_remote(union ctl_io *io);
535static void ctl_process_done(union ctl_io *io);
536static void ctl_lun_thread(void *arg);
537static void ctl_thresh_thread(void *arg);
538static void ctl_work_thread(void *arg);
539static void ctl_enqueue_incoming(union ctl_io *io);
540static void ctl_enqueue_rtr(union ctl_io *io);
541static void ctl_enqueue_done(union ctl_io *io);
542static void ctl_enqueue_isc(union ctl_io *io);
543static const struct ctl_cmd_entry *
544    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
545static const struct ctl_cmd_entry *
546    ctl_validate_command(struct ctl_scsiio *ctsio);
547static int ctl_cmd_applicable(uint8_t lun_type,
548    const struct ctl_cmd_entry *entry);
549static int ctl_ha_init(void);
550static int ctl_ha_shutdown(void);
551
552static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
553static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
554static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
555static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
556
557/*
558 * Load the serialization table.  This isn't very pretty, but is probably
559 * the easiest way to do it.
560 */
561#include "ctl_ser_table.c"
562
563/*
564 * We only need to define open, close and ioctl routines for this driver.
565 */
566static struct cdevsw ctl_cdevsw = {
567	.d_version =	D_VERSION,
568	.d_flags =	0,
569	.d_open =	ctl_open,
570	.d_close =	ctl_close,
571	.d_ioctl =	ctl_ioctl,
572	.d_name =	"ctl",
573};
574
575
576MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
577
578static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
579
580static moduledata_t ctl_moduledata = {
581	"ctl",
582	ctl_module_event_handler,
583	NULL
584};
585
586DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
587MODULE_VERSION(ctl, 1);
588
589static struct ctl_frontend ha_frontend =
590{
591	.name = "ha",
592	.init = ctl_ha_init,
593	.shutdown = ctl_ha_shutdown,
594};
595
596static int
597ctl_ha_init(void)
598{
599	struct ctl_softc *softc = control_softc;
600
601	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
602	                    &softc->othersc_pool) != 0)
603		return (ENOMEM);
604	if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
605		ctl_pool_free(softc->othersc_pool);
606		return (EIO);
607	}
608	if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
609	    != CTL_HA_STATUS_SUCCESS) {
610		ctl_ha_msg_destroy(softc);
611		ctl_pool_free(softc->othersc_pool);
612		return (EIO);
613	}
614	return (0);
615};
616
617static int
618ctl_ha_shutdown(void)
619{
620	struct ctl_softc *softc = control_softc;
621	struct ctl_port *port;
622
623	ctl_ha_msg_shutdown(softc);
624	if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL) != CTL_HA_STATUS_SUCCESS)
625		return (EIO);
626	if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
627		return (EIO);
628	ctl_pool_free(softc->othersc_pool);
629	while ((port = STAILQ_FIRST(&ha_frontend.port_list)) != NULL) {
630		ctl_port_deregister(port);
631		free(port->port_name, M_CTL);
632		free(port, M_CTL);
633	}
634	return (0);
635};
636
637static void
638ctl_ha_datamove(union ctl_io *io)
639{
640	struct ctl_lun *lun = CTL_LUN(io);
641	struct ctl_sg_entry *sgl;
642	union ctl_ha_msg msg;
643	uint32_t sg_entries_sent;
644	int do_sg_copy, i, j;
645
646	memset(&msg.dt, 0, sizeof(msg.dt));
647	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
648	msg.hdr.original_sc = io->io_hdr.remote_io;
649	msg.hdr.serializing_sc = io;
650	msg.hdr.nexus = io->io_hdr.nexus;
651	msg.hdr.status = io->io_hdr.status;
652	msg.dt.flags = io->io_hdr.flags;
653
654	/*
655	 * We convert everything into a S/G list here.  We can't
656	 * pass by reference, only by value between controllers.
657	 * So we can't pass a pointer to the S/G list, only as many
658	 * S/G entries as we can fit in here.  If it's possible for
659	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
660	 * then we need to break this up into multiple transfers.
661	 */
662	if (io->scsiio.kern_sg_entries == 0) {
663		msg.dt.kern_sg_entries = 1;
664#if 0
665		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
666			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
667		} else {
668			/* XXX KDM use busdma here! */
669			msg.dt.sg_list[0].addr =
670			    (void *)vtophys(io->scsiio.kern_data_ptr);
671		}
672#else
673		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
674		    ("HA does not support BUS_ADDR"));
675		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
676#endif
677		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
678		do_sg_copy = 0;
679	} else {
680		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
681		do_sg_copy = 1;
682	}
683
684	msg.dt.kern_data_len = io->scsiio.kern_data_len;
685	msg.dt.kern_total_len = io->scsiio.kern_total_len;
686	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
687	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
688	msg.dt.sg_sequence = 0;
689
690	/*
691	 * Loop until we've sent all of the S/G entries.  On the
692	 * other end, we'll recompose these S/G entries into one
693	 * contiguous list before processing.
694	 */
695	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
696	    msg.dt.sg_sequence++) {
697		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
698		    sizeof(msg.dt.sg_list[0])),
699		    msg.dt.kern_sg_entries - sg_entries_sent);
700		if (do_sg_copy != 0) {
701			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
702			for (i = sg_entries_sent, j = 0;
703			     i < msg.dt.cur_sg_entries; i++, j++) {
704#if 0
705				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
706					msg.dt.sg_list[j].addr = sgl[i].addr;
707				} else {
708					/* XXX KDM use busdma here! */
709					msg.dt.sg_list[j].addr =
710					    (void *)vtophys(sgl[i].addr);
711				}
712#else
713				KASSERT((io->io_hdr.flags &
714				    CTL_FLAG_BUS_ADDR) == 0,
715				    ("HA does not support BUS_ADDR"));
716				msg.dt.sg_list[j].addr = sgl[i].addr;
717#endif
718				msg.dt.sg_list[j].len = sgl[i].len;
719			}
720		}
721
722		sg_entries_sent += msg.dt.cur_sg_entries;
723		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
724		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
725		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
726		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
727		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
728			io->io_hdr.port_status = 31341;
729			io->scsiio.be_move_done(io);
730			return;
731		}
732		msg.dt.sent_sg_entries = sg_entries_sent;
733	}
734
735	/*
736	 * Officially handover the request from us to peer.
737	 * If failover has just happened, then we must return error.
738	 * If failover happen just after, then it is not our problem.
739	 */
740	if (lun)
741		mtx_lock(&lun->lun_lock);
742	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
743		if (lun)
744			mtx_unlock(&lun->lun_lock);
745		io->io_hdr.port_status = 31342;
746		io->scsiio.be_move_done(io);
747		return;
748	}
749	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
750	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
751	if (lun)
752		mtx_unlock(&lun->lun_lock);
753}
754
755static void
756ctl_ha_done(union ctl_io *io)
757{
758	union ctl_ha_msg msg;
759
760	if (io->io_hdr.io_type == CTL_IO_SCSI) {
761		memset(&msg, 0, sizeof(msg));
762		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
763		msg.hdr.original_sc = io->io_hdr.remote_io;
764		msg.hdr.nexus = io->io_hdr.nexus;
765		msg.hdr.status = io->io_hdr.status;
766		msg.scsi.scsi_status = io->scsiio.scsi_status;
767		msg.scsi.tag_num = io->scsiio.tag_num;
768		msg.scsi.tag_type = io->scsiio.tag_type;
769		msg.scsi.sense_len = io->scsiio.sense_len;
770		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
771		    io->scsiio.sense_len);
772		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
773		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
774		    msg.scsi.sense_len, M_WAITOK);
775	}
776	ctl_free_io(io);
777}
778
779static void
780ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
781			    union ctl_ha_msg *msg_info)
782{
783	struct ctl_scsiio *ctsio;
784
785	if (msg_info->hdr.original_sc == NULL) {
786		printf("%s: original_sc == NULL!\n", __func__);
787		/* XXX KDM now what? */
788		return;
789	}
790
791	ctsio = &msg_info->hdr.original_sc->scsiio;
792	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
793	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
794	ctsio->io_hdr.status = msg_info->hdr.status;
795	ctsio->scsi_status = msg_info->scsi.scsi_status;
796	ctsio->sense_len = msg_info->scsi.sense_len;
797	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
798	       msg_info->scsi.sense_len);
799	ctl_enqueue_isc((union ctl_io *)ctsio);
800}
801
802static void
803ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
804				union ctl_ha_msg *msg_info)
805{
806	struct ctl_scsiio *ctsio;
807
808	if (msg_info->hdr.serializing_sc == NULL) {
809		printf("%s: serializing_sc == NULL!\n", __func__);
810		/* XXX KDM now what? */
811		return;
812	}
813
814	ctsio = &msg_info->hdr.serializing_sc->scsiio;
815	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
816	ctl_enqueue_isc((union ctl_io *)ctsio);
817}
818
819void
820ctl_isc_announce_lun(struct ctl_lun *lun)
821{
822	struct ctl_softc *softc = lun->ctl_softc;
823	union ctl_ha_msg *msg;
824	struct ctl_ha_msg_lun_pr_key pr_key;
825	int i, k;
826
827	if (softc->ha_link != CTL_HA_LINK_ONLINE)
828		return;
829	mtx_lock(&lun->lun_lock);
830	i = sizeof(msg->lun);
831	if (lun->lun_devid)
832		i += lun->lun_devid->len;
833	i += sizeof(pr_key) * lun->pr_key_count;
834alloc:
835	mtx_unlock(&lun->lun_lock);
836	msg = malloc(i, M_CTL, M_WAITOK);
837	mtx_lock(&lun->lun_lock);
838	k = sizeof(msg->lun);
839	if (lun->lun_devid)
840		k += lun->lun_devid->len;
841	k += sizeof(pr_key) * lun->pr_key_count;
842	if (i < k) {
843		free(msg, M_CTL);
844		i = k;
845		goto alloc;
846	}
847	bzero(&msg->lun, sizeof(msg->lun));
848	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
849	msg->hdr.nexus.targ_lun = lun->lun;
850	msg->hdr.nexus.targ_mapped_lun = lun->lun;
851	msg->lun.flags = lun->flags;
852	msg->lun.pr_generation = lun->pr_generation;
853	msg->lun.pr_res_idx = lun->pr_res_idx;
854	msg->lun.pr_res_type = lun->pr_res_type;
855	msg->lun.pr_key_count = lun->pr_key_count;
856	i = 0;
857	if (lun->lun_devid) {
858		msg->lun.lun_devid_len = lun->lun_devid->len;
859		memcpy(&msg->lun.data[i], lun->lun_devid->data,
860		    msg->lun.lun_devid_len);
861		i += msg->lun.lun_devid_len;
862	}
863	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
864		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
865			continue;
866		pr_key.pr_iid = k;
867		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
868		i += sizeof(pr_key);
869	}
870	mtx_unlock(&lun->lun_lock);
871	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
872	    M_WAITOK);
873	free(msg, M_CTL);
874
875	if (lun->flags & CTL_LUN_PRIMARY_SC) {
876		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
877			ctl_isc_announce_mode(lun, -1,
878			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
879			    lun->mode_pages.index[i].subpage);
880		}
881	}
882}
883
884void
885ctl_isc_announce_port(struct ctl_port *port)
886{
887	struct ctl_softc *softc = port->ctl_softc;
888	union ctl_ha_msg *msg;
889	int i;
890
891	if (port->targ_port < softc->port_min ||
892	    port->targ_port >= softc->port_max ||
893	    softc->ha_link != CTL_HA_LINK_ONLINE)
894		return;
895	i = sizeof(msg->port) + strlen(port->port_name) + 1;
896	if (port->lun_map)
897		i += port->lun_map_size * sizeof(uint32_t);
898	if (port->port_devid)
899		i += port->port_devid->len;
900	if (port->target_devid)
901		i += port->target_devid->len;
902	if (port->init_devid)
903		i += port->init_devid->len;
904	msg = malloc(i, M_CTL, M_WAITOK);
905	bzero(&msg->port, sizeof(msg->port));
906	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
907	msg->hdr.nexus.targ_port = port->targ_port;
908	msg->port.port_type = port->port_type;
909	msg->port.physical_port = port->physical_port;
910	msg->port.virtual_port = port->virtual_port;
911	msg->port.status = port->status;
912	i = 0;
913	msg->port.name_len = sprintf(&msg->port.data[i],
914	    "%d:%s", softc->ha_id, port->port_name) + 1;
915	i += msg->port.name_len;
916	if (port->lun_map) {
917		msg->port.lun_map_len = port->lun_map_size * sizeof(uint32_t);
918		memcpy(&msg->port.data[i], port->lun_map,
919		    msg->port.lun_map_len);
920		i += msg->port.lun_map_len;
921	}
922	if (port->port_devid) {
923		msg->port.port_devid_len = port->port_devid->len;
924		memcpy(&msg->port.data[i], port->port_devid->data,
925		    msg->port.port_devid_len);
926		i += msg->port.port_devid_len;
927	}
928	if (port->target_devid) {
929		msg->port.target_devid_len = port->target_devid->len;
930		memcpy(&msg->port.data[i], port->target_devid->data,
931		    msg->port.target_devid_len);
932		i += msg->port.target_devid_len;
933	}
934	if (port->init_devid) {
935		msg->port.init_devid_len = port->init_devid->len;
936		memcpy(&msg->port.data[i], port->init_devid->data,
937		    msg->port.init_devid_len);
938		i += msg->port.init_devid_len;
939	}
940	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
941	    M_WAITOK);
942	free(msg, M_CTL);
943}
944
945void
946ctl_isc_announce_iid(struct ctl_port *port, int iid)
947{
948	struct ctl_softc *softc = port->ctl_softc;
949	union ctl_ha_msg *msg;
950	int i, l;
951
952	if (port->targ_port < softc->port_min ||
953	    port->targ_port >= softc->port_max ||
954	    softc->ha_link != CTL_HA_LINK_ONLINE)
955		return;
956	mtx_lock(&softc->ctl_lock);
957	i = sizeof(msg->iid);
958	l = 0;
959	if (port->wwpn_iid[iid].name)
960		l = strlen(port->wwpn_iid[iid].name) + 1;
961	i += l;
962	msg = malloc(i, M_CTL, M_NOWAIT);
963	if (msg == NULL) {
964		mtx_unlock(&softc->ctl_lock);
965		return;
966	}
967	bzero(&msg->iid, sizeof(msg->iid));
968	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
969	msg->hdr.nexus.targ_port = port->targ_port;
970	msg->hdr.nexus.initid = iid;
971	msg->iid.in_use = port->wwpn_iid[iid].in_use;
972	msg->iid.name_len = l;
973	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
974	if (port->wwpn_iid[iid].name)
975		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
976	mtx_unlock(&softc->ctl_lock);
977	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
978	free(msg, M_CTL);
979}
980
981void
982ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
983    uint8_t page, uint8_t subpage)
984{
985	struct ctl_softc *softc = lun->ctl_softc;
986	union ctl_ha_msg msg;
987	u_int i;
988
989	if (softc->ha_link != CTL_HA_LINK_ONLINE)
990		return;
991	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
992		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
993		    page && lun->mode_pages.index[i].subpage == subpage)
994			break;
995	}
996	if (i == CTL_NUM_MODE_PAGES)
997		return;
998
999	/* Don't try to replicate pages not present on this device. */
1000	if (lun->mode_pages.index[i].page_data == NULL)
1001		return;
1002
1003	bzero(&msg.mode, sizeof(msg.mode));
1004	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
1005	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
1006	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
1007	msg.hdr.nexus.targ_lun = lun->lun;
1008	msg.hdr.nexus.targ_mapped_lun = lun->lun;
1009	msg.mode.page_code = page;
1010	msg.mode.subpage = subpage;
1011	msg.mode.page_len = lun->mode_pages.index[i].page_len;
1012	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
1013	    msg.mode.page_len);
1014	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
1015	    M_WAITOK);
1016}
1017
1018static void
1019ctl_isc_ha_link_up(struct ctl_softc *softc)
1020{
1021	struct ctl_port *port;
1022	struct ctl_lun *lun;
1023	union ctl_ha_msg msg;
1024	int i;
1025
1026	/* Announce this node parameters to peer for validation. */
1027	msg.login.msg_type = CTL_MSG_LOGIN;
1028	msg.login.version = CTL_HA_VERSION;
1029	msg.login.ha_mode = softc->ha_mode;
1030	msg.login.ha_id = softc->ha_id;
1031	msg.login.max_luns = ctl_max_luns;
1032	msg.login.max_ports = ctl_max_ports;
1033	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
1034	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
1035	    M_WAITOK);
1036
1037	STAILQ_FOREACH(port, &softc->port_list, links) {
1038		ctl_isc_announce_port(port);
1039		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1040			if (port->wwpn_iid[i].in_use)
1041				ctl_isc_announce_iid(port, i);
1042		}
1043	}
1044	STAILQ_FOREACH(lun, &softc->lun_list, links)
1045		ctl_isc_announce_lun(lun);
1046}
1047
1048static void
1049ctl_isc_ha_link_down(struct ctl_softc *softc)
1050{
1051	struct ctl_port *port;
1052	struct ctl_lun *lun;
1053	union ctl_io *io;
1054	int i;
1055
1056	mtx_lock(&softc->ctl_lock);
1057	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1058		mtx_lock(&lun->lun_lock);
1059		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
1060			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1061			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1062		}
1063		mtx_unlock(&lun->lun_lock);
1064
1065		mtx_unlock(&softc->ctl_lock);
1066		io = ctl_alloc_io(softc->othersc_pool);
1067		mtx_lock(&softc->ctl_lock);
1068		ctl_zero_io(io);
1069		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
1070		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
1071		ctl_enqueue_isc(io);
1072	}
1073
1074	STAILQ_FOREACH(port, &softc->port_list, links) {
1075		if (port->targ_port >= softc->port_min &&
1076		    port->targ_port < softc->port_max)
1077			continue;
1078		port->status &= ~CTL_PORT_STATUS_ONLINE;
1079		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1080			port->wwpn_iid[i].in_use = 0;
1081			free(port->wwpn_iid[i].name, M_CTL);
1082			port->wwpn_iid[i].name = NULL;
1083		}
1084	}
1085	mtx_unlock(&softc->ctl_lock);
1086}
1087
1088static void
1089ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1090{
1091	struct ctl_lun *lun;
1092	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
1093
1094	mtx_lock(&softc->ctl_lock);
1095	if (msg->hdr.nexus.targ_mapped_lun >= ctl_max_luns ||
1096	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) == NULL) {
1097		mtx_unlock(&softc->ctl_lock);
1098		return;
1099	}
1100	mtx_lock(&lun->lun_lock);
1101	mtx_unlock(&softc->ctl_lock);
1102	if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES && msg->ua.ua_set)
1103		memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
1104	if (msg->ua.ua_all) {
1105		if (msg->ua.ua_set)
1106			ctl_est_ua_all(lun, iid, msg->ua.ua_type);
1107		else
1108			ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
1109	} else {
1110		if (msg->ua.ua_set)
1111			ctl_est_ua(lun, iid, msg->ua.ua_type);
1112		else
1113			ctl_clr_ua(lun, iid, msg->ua.ua_type);
1114	}
1115	mtx_unlock(&lun->lun_lock);
1116}
1117
1118static void
1119ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1120{
1121	struct ctl_lun *lun;
1122	struct ctl_ha_msg_lun_pr_key pr_key;
1123	int i, k;
1124	ctl_lun_flags oflags;
1125	uint32_t targ_lun;
1126
1127	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1128	mtx_lock(&softc->ctl_lock);
1129	if (targ_lun >= ctl_max_luns ||
1130	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
1131		mtx_unlock(&softc->ctl_lock);
1132		return;
1133	}
1134	mtx_lock(&lun->lun_lock);
1135	mtx_unlock(&softc->ctl_lock);
1136	if (lun->flags & CTL_LUN_DISABLED) {
1137		mtx_unlock(&lun->lun_lock);
1138		return;
1139	}
1140	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1141	if (msg->lun.lun_devid_len != i || (i > 0 &&
1142	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1143		mtx_unlock(&lun->lun_lock);
1144		printf("%s: Received conflicting HA LUN %d\n",
1145		    __func__, targ_lun);
1146		return;
1147	} else {
1148		/* Record whether peer is primary. */
1149		oflags = lun->flags;
1150		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1151		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1152			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1153		else
1154			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1155		if (oflags != lun->flags)
1156			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1157
1158		/* If peer is primary and we are not -- use data */
1159		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1160		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1161			lun->pr_generation = msg->lun.pr_generation;
1162			lun->pr_res_idx = msg->lun.pr_res_idx;
1163			lun->pr_res_type = msg->lun.pr_res_type;
1164			lun->pr_key_count = msg->lun.pr_key_count;
1165			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1166				ctl_clr_prkey(lun, k);
1167			for (k = 0; k < msg->lun.pr_key_count; k++) {
1168				memcpy(&pr_key, &msg->lun.data[i],
1169				    sizeof(pr_key));
1170				ctl_alloc_prkey(lun, pr_key.pr_iid);
1171				ctl_set_prkey(lun, pr_key.pr_iid,
1172				    pr_key.pr_key);
1173				i += sizeof(pr_key);
1174			}
1175		}
1176
1177		mtx_unlock(&lun->lun_lock);
1178		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1179		    __func__, targ_lun,
1180		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1181		    "primary" : "secondary"));
1182
1183		/* If we are primary but peer doesn't know -- notify */
1184		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1185		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1186			ctl_isc_announce_lun(lun);
1187	}
1188}
1189
1190static void
1191ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1192{
1193	struct ctl_port *port;
1194	struct ctl_lun *lun;
1195	int i, new;
1196
1197	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1198	if (port == NULL) {
1199		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1200		    msg->hdr.nexus.targ_port));
1201		new = 1;
1202		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1203		port->frontend = &ha_frontend;
1204		port->targ_port = msg->hdr.nexus.targ_port;
1205		port->fe_datamove = ctl_ha_datamove;
1206		port->fe_done = ctl_ha_done;
1207	} else if (port->frontend == &ha_frontend) {
1208		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1209		    msg->hdr.nexus.targ_port));
1210		new = 0;
1211	} else {
1212		printf("%s: Received conflicting HA port %d\n",
1213		    __func__, msg->hdr.nexus.targ_port);
1214		return;
1215	}
1216	port->port_type = msg->port.port_type;
1217	port->physical_port = msg->port.physical_port;
1218	port->virtual_port = msg->port.virtual_port;
1219	port->status = msg->port.status;
1220	i = 0;
1221	free(port->port_name, M_CTL);
1222	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1223	    M_CTL);
1224	i += msg->port.name_len;
1225	if (msg->port.lun_map_len != 0) {
1226		if (port->lun_map == NULL ||
1227		    port->lun_map_size * sizeof(uint32_t) <
1228		    msg->port.lun_map_len) {
1229			port->lun_map_size = 0;
1230			free(port->lun_map, M_CTL);
1231			port->lun_map = malloc(msg->port.lun_map_len,
1232			    M_CTL, M_WAITOK);
1233		}
1234		memcpy(port->lun_map, &msg->port.data[i], msg->port.lun_map_len);
1235		port->lun_map_size = msg->port.lun_map_len / sizeof(uint32_t);
1236		i += msg->port.lun_map_len;
1237	} else {
1238		port->lun_map_size = 0;
1239		free(port->lun_map, M_CTL);
1240		port->lun_map = NULL;
1241	}
1242	if (msg->port.port_devid_len != 0) {
1243		if (port->port_devid == NULL ||
1244		    port->port_devid->len < msg->port.port_devid_len) {
1245			free(port->port_devid, M_CTL);
1246			port->port_devid = malloc(sizeof(struct ctl_devid) +
1247			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1248		}
1249		memcpy(port->port_devid->data, &msg->port.data[i],
1250		    msg->port.port_devid_len);
1251		port->port_devid->len = msg->port.port_devid_len;
1252		i += msg->port.port_devid_len;
1253	} else {
1254		free(port->port_devid, M_CTL);
1255		port->port_devid = NULL;
1256	}
1257	if (msg->port.target_devid_len != 0) {
1258		if (port->target_devid == NULL ||
1259		    port->target_devid->len < msg->port.target_devid_len) {
1260			free(port->target_devid, M_CTL);
1261			port->target_devid = malloc(sizeof(struct ctl_devid) +
1262			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1263		}
1264		memcpy(port->target_devid->data, &msg->port.data[i],
1265		    msg->port.target_devid_len);
1266		port->target_devid->len = msg->port.target_devid_len;
1267		i += msg->port.target_devid_len;
1268	} else {
1269		free(port->target_devid, M_CTL);
1270		port->target_devid = NULL;
1271	}
1272	if (msg->port.init_devid_len != 0) {
1273		if (port->init_devid == NULL ||
1274		    port->init_devid->len < msg->port.init_devid_len) {
1275			free(port->init_devid, M_CTL);
1276			port->init_devid = malloc(sizeof(struct ctl_devid) +
1277			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1278		}
1279		memcpy(port->init_devid->data, &msg->port.data[i],
1280		    msg->port.init_devid_len);
1281		port->init_devid->len = msg->port.init_devid_len;
1282		i += msg->port.init_devid_len;
1283	} else {
1284		free(port->init_devid, M_CTL);
1285		port->init_devid = NULL;
1286	}
1287	if (new) {
1288		if (ctl_port_register(port) != 0) {
1289			printf("%s: ctl_port_register() failed with error\n",
1290			    __func__);
1291		}
1292	}
1293	mtx_lock(&softc->ctl_lock);
1294	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1295		if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
1296			continue;
1297		mtx_lock(&lun->lun_lock);
1298		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1299		mtx_unlock(&lun->lun_lock);
1300	}
1301	mtx_unlock(&softc->ctl_lock);
1302}
1303
1304static void
1305ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1306{
1307	struct ctl_port *port;
1308	int iid;
1309
1310	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1311	if (port == NULL) {
1312		printf("%s: Received IID for unknown port %d\n",
1313		    __func__, msg->hdr.nexus.targ_port);
1314		return;
1315	}
1316	iid = msg->hdr.nexus.initid;
1317	if (port->wwpn_iid[iid].in_use != 0 &&
1318	    msg->iid.in_use == 0)
1319		ctl_i_t_nexus_loss(softc, iid, CTL_UA_POWERON);
1320	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1321	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1322	free(port->wwpn_iid[iid].name, M_CTL);
1323	if (msg->iid.name_len) {
1324		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1325		    msg->iid.name_len, M_CTL);
1326	} else
1327		port->wwpn_iid[iid].name = NULL;
1328}
1329
1330static void
1331ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1332{
1333
1334	if (msg->login.version != CTL_HA_VERSION) {
1335		printf("CTL HA peers have different versions %d != %d\n",
1336		    msg->login.version, CTL_HA_VERSION);
1337		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1338		return;
1339	}
1340	if (msg->login.ha_mode != softc->ha_mode) {
1341		printf("CTL HA peers have different ha_mode %d != %d\n",
1342		    msg->login.ha_mode, softc->ha_mode);
1343		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1344		return;
1345	}
1346	if (msg->login.ha_id == softc->ha_id) {
1347		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1348		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1349		return;
1350	}
1351	if (msg->login.max_luns != ctl_max_luns ||
1352	    msg->login.max_ports != ctl_max_ports ||
1353	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1354		printf("CTL HA peers have different limits\n");
1355		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1356		return;
1357	}
1358}
1359
1360static void
1361ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1362{
1363	struct ctl_lun *lun;
1364	u_int i;
1365	uint32_t initidx, targ_lun;
1366
1367	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1368	mtx_lock(&softc->ctl_lock);
1369	if (targ_lun >= ctl_max_luns ||
1370	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
1371		mtx_unlock(&softc->ctl_lock);
1372		return;
1373	}
1374	mtx_lock(&lun->lun_lock);
1375	mtx_unlock(&softc->ctl_lock);
1376	if (lun->flags & CTL_LUN_DISABLED) {
1377		mtx_unlock(&lun->lun_lock);
1378		return;
1379	}
1380	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1381		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1382		    msg->mode.page_code &&
1383		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1384			break;
1385	}
1386	if (i == CTL_NUM_MODE_PAGES) {
1387		mtx_unlock(&lun->lun_lock);
1388		return;
1389	}
1390	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1391	    lun->mode_pages.index[i].page_len);
1392	initidx = ctl_get_initindex(&msg->hdr.nexus);
1393	if (initidx != -1)
1394		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1395	mtx_unlock(&lun->lun_lock);
1396}
1397
1398/*
1399 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1400 * subsystem come in here.
1401 */
1402static void
1403ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1404{
1405	struct ctl_softc *softc = control_softc;
1406	union ctl_io *io;
1407	struct ctl_prio *presio;
1408	ctl_ha_status isc_status;
1409
1410	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1411	if (event == CTL_HA_EVT_MSG_RECV) {
1412		union ctl_ha_msg *msg, msgbuf;
1413
1414		if (param > sizeof(msgbuf))
1415			msg = malloc(param, M_CTL, M_WAITOK);
1416		else
1417			msg = &msgbuf;
1418		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1419		    M_WAITOK);
1420		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1421			printf("%s: Error receiving message: %d\n",
1422			    __func__, isc_status);
1423			if (msg != &msgbuf)
1424				free(msg, M_CTL);
1425			return;
1426		}
1427
1428		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1429		switch (msg->hdr.msg_type) {
1430		case CTL_MSG_SERIALIZE:
1431			io = ctl_alloc_io(softc->othersc_pool);
1432			ctl_zero_io(io);
1433			// populate ctsio from msg
1434			io->io_hdr.io_type = CTL_IO_SCSI;
1435			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1436			io->io_hdr.remote_io = msg->hdr.original_sc;
1437			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1438					    CTL_FLAG_IO_ACTIVE;
1439			/*
1440			 * If we're in serialization-only mode, we don't
1441			 * want to go through full done processing.  Thus
1442			 * the COPY flag.
1443			 *
1444			 * XXX KDM add another flag that is more specific.
1445			 */
1446			if (softc->ha_mode != CTL_HA_MODE_XFER)
1447				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1448			io->io_hdr.nexus = msg->hdr.nexus;
1449#if 0
1450			printf("port %u, iid %u, lun %u\n",
1451			       io->io_hdr.nexus.targ_port,
1452			       io->io_hdr.nexus.initid,
1453			       io->io_hdr.nexus.targ_lun);
1454#endif
1455			io->scsiio.tag_num = msg->scsi.tag_num;
1456			io->scsiio.tag_type = msg->scsi.tag_type;
1457#ifdef CTL_TIME_IO
1458			io->io_hdr.start_time = time_uptime;
1459			getbinuptime(&io->io_hdr.start_bt);
1460#endif /* CTL_TIME_IO */
1461			io->scsiio.cdb_len = msg->scsi.cdb_len;
1462			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1463			       CTL_MAX_CDBLEN);
1464			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1465				const struct ctl_cmd_entry *entry;
1466
1467				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1468				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1469				io->io_hdr.flags |=
1470					entry->flags & CTL_FLAG_DATA_MASK;
1471			}
1472			ctl_enqueue_isc(io);
1473			break;
1474
1475		/* Performed on the Originating SC, XFER mode only */
1476		case CTL_MSG_DATAMOVE: {
1477			struct ctl_sg_entry *sgl;
1478			int i, j;
1479
1480			io = msg->hdr.original_sc;
1481			if (io == NULL) {
1482				printf("%s: original_sc == NULL!\n", __func__);
1483				/* XXX KDM do something here */
1484				break;
1485			}
1486			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1487			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1488			/*
1489			 * Keep track of this, we need to send it back over
1490			 * when the datamove is complete.
1491			 */
1492			io->io_hdr.remote_io = msg->hdr.serializing_sc;
1493			if (msg->hdr.status == CTL_SUCCESS)
1494				io->io_hdr.status = msg->hdr.status;
1495
1496			if (msg->dt.sg_sequence == 0) {
1497#ifdef CTL_TIME_IO
1498				getbinuptime(&io->io_hdr.dma_start_bt);
1499#endif
1500				i = msg->dt.kern_sg_entries +
1501				    msg->dt.kern_data_len /
1502				    CTL_HA_DATAMOVE_SEGMENT + 1;
1503				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1504				    M_WAITOK | M_ZERO);
1505				CTL_RSGL(io) = sgl;
1506				CTL_LSGL(io) = &sgl[msg->dt.kern_sg_entries];
1507
1508				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1509
1510				io->scsiio.kern_sg_entries =
1511					msg->dt.kern_sg_entries;
1512				io->scsiio.rem_sg_entries =
1513					msg->dt.kern_sg_entries;
1514				io->scsiio.kern_data_len =
1515					msg->dt.kern_data_len;
1516				io->scsiio.kern_total_len =
1517					msg->dt.kern_total_len;
1518				io->scsiio.kern_data_resid =
1519					msg->dt.kern_data_resid;
1520				io->scsiio.kern_rel_offset =
1521					msg->dt.kern_rel_offset;
1522				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1523				io->io_hdr.flags |= msg->dt.flags &
1524				    CTL_FLAG_BUS_ADDR;
1525			} else
1526				sgl = (struct ctl_sg_entry *)
1527					io->scsiio.kern_data_ptr;
1528
1529			for (i = msg->dt.sent_sg_entries, j = 0;
1530			     i < (msg->dt.sent_sg_entries +
1531			     msg->dt.cur_sg_entries); i++, j++) {
1532				sgl[i].addr = msg->dt.sg_list[j].addr;
1533				sgl[i].len = msg->dt.sg_list[j].len;
1534
1535#if 0
1536				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1537				    __func__, sgl[i].addr, sgl[i].len, j, i);
1538#endif
1539			}
1540
1541			/*
1542			 * If this is the last piece of the I/O, we've got
1543			 * the full S/G list.  Queue processing in the thread.
1544			 * Otherwise wait for the next piece.
1545			 */
1546			if (msg->dt.sg_last != 0)
1547				ctl_enqueue_isc(io);
1548			break;
1549		}
1550		/* Performed on the Serializing (primary) SC, XFER mode only */
1551		case CTL_MSG_DATAMOVE_DONE: {
1552			if (msg->hdr.serializing_sc == NULL) {
1553				printf("%s: serializing_sc == NULL!\n",
1554				       __func__);
1555				/* XXX KDM now what? */
1556				break;
1557			}
1558			/*
1559			 * We grab the sense information here in case
1560			 * there was a failure, so we can return status
1561			 * back to the initiator.
1562			 */
1563			io = msg->hdr.serializing_sc;
1564			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1565			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1566			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1567			io->io_hdr.port_status = msg->scsi.port_status;
1568			io->scsiio.kern_data_resid = msg->scsi.kern_data_resid;
1569			if (msg->hdr.status != CTL_STATUS_NONE) {
1570				io->io_hdr.status = msg->hdr.status;
1571				io->scsiio.scsi_status = msg->scsi.scsi_status;
1572				io->scsiio.sense_len = msg->scsi.sense_len;
1573				memcpy(&io->scsiio.sense_data,
1574				    &msg->scsi.sense_data,
1575				    msg->scsi.sense_len);
1576				if (msg->hdr.status == CTL_SUCCESS)
1577					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1578			}
1579			ctl_enqueue_isc(io);
1580			break;
1581		}
1582
1583		/* Preformed on Originating SC, SER_ONLY mode */
1584		case CTL_MSG_R2R:
1585			io = msg->hdr.original_sc;
1586			if (io == NULL) {
1587				printf("%s: original_sc == NULL!\n",
1588				    __func__);
1589				break;
1590			}
1591			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1592			io->io_hdr.msg_type = CTL_MSG_R2R;
1593			io->io_hdr.remote_io = msg->hdr.serializing_sc;
1594			ctl_enqueue_isc(io);
1595			break;
1596
1597		/*
1598		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1599		 * mode.
1600		 * Performed on the Originating (i.e. secondary) SC in XFER
1601		 * mode
1602		 */
1603		case CTL_MSG_FINISH_IO:
1604			if (softc->ha_mode == CTL_HA_MODE_XFER)
1605				ctl_isc_handler_finish_xfer(softc, msg);
1606			else
1607				ctl_isc_handler_finish_ser_only(softc, msg);
1608			break;
1609
1610		/* Preformed on Originating SC */
1611		case CTL_MSG_BAD_JUJU:
1612			io = msg->hdr.original_sc;
1613			if (io == NULL) {
1614				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1615				       __func__);
1616				break;
1617			}
1618			ctl_copy_sense_data(msg, io);
1619			/*
1620			 * IO should have already been cleaned up on other
1621			 * SC so clear this flag so we won't send a message
1622			 * back to finish the IO there.
1623			 */
1624			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1625			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1626
1627			/* io = msg->hdr.serializing_sc; */
1628			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1629			ctl_enqueue_isc(io);
1630			break;
1631
1632		/* Handle resets sent from the other side */
1633		case CTL_MSG_MANAGE_TASKS: {
1634			struct ctl_taskio *taskio;
1635			taskio = (struct ctl_taskio *)ctl_alloc_io(
1636			    softc->othersc_pool);
1637			ctl_zero_io((union ctl_io *)taskio);
1638			taskio->io_hdr.io_type = CTL_IO_TASK;
1639			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1640			taskio->io_hdr.nexus = msg->hdr.nexus;
1641			taskio->task_action = msg->task.task_action;
1642			taskio->tag_num = msg->task.tag_num;
1643			taskio->tag_type = msg->task.tag_type;
1644#ifdef CTL_TIME_IO
1645			taskio->io_hdr.start_time = time_uptime;
1646			getbinuptime(&taskio->io_hdr.start_bt);
1647#endif /* CTL_TIME_IO */
1648			ctl_run_task((union ctl_io *)taskio);
1649			break;
1650		}
1651		/* Persistent Reserve action which needs attention */
1652		case CTL_MSG_PERS_ACTION:
1653			presio = (struct ctl_prio *)ctl_alloc_io(
1654			    softc->othersc_pool);
1655			ctl_zero_io((union ctl_io *)presio);
1656			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1657			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1658			presio->io_hdr.nexus = msg->hdr.nexus;
1659			presio->pr_msg = msg->pr;
1660			ctl_enqueue_isc((union ctl_io *)presio);
1661			break;
1662		case CTL_MSG_UA:
1663			ctl_isc_ua(softc, msg, param);
1664			break;
1665		case CTL_MSG_PORT_SYNC:
1666			ctl_isc_port_sync(softc, msg, param);
1667			break;
1668		case CTL_MSG_LUN_SYNC:
1669			ctl_isc_lun_sync(softc, msg, param);
1670			break;
1671		case CTL_MSG_IID_SYNC:
1672			ctl_isc_iid_sync(softc, msg, param);
1673			break;
1674		case CTL_MSG_LOGIN:
1675			ctl_isc_login(softc, msg, param);
1676			break;
1677		case CTL_MSG_MODE_SYNC:
1678			ctl_isc_mode_sync(softc, msg, param);
1679			break;
1680		default:
1681			printf("Received HA message of unknown type %d\n",
1682			    msg->hdr.msg_type);
1683			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1684			break;
1685		}
1686		if (msg != &msgbuf)
1687			free(msg, M_CTL);
1688	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1689		printf("CTL: HA link status changed from %d to %d\n",
1690		    softc->ha_link, param);
1691		if (param == softc->ha_link)
1692			return;
1693		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1694			softc->ha_link = param;
1695			ctl_isc_ha_link_down(softc);
1696		} else {
1697			softc->ha_link = param;
1698			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1699				ctl_isc_ha_link_up(softc);
1700		}
1701		return;
1702	} else {
1703		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1704		return;
1705	}
1706}
1707
1708static void
1709ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1710{
1711
1712	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1713	    src->scsi.sense_len);
1714	dest->scsiio.scsi_status = src->scsi.scsi_status;
1715	dest->scsiio.sense_len = src->scsi.sense_len;
1716	dest->io_hdr.status = src->hdr.status;
1717}
1718
1719static void
1720ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1721{
1722
1723	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1724	    src->scsiio.sense_len);
1725	dest->scsi.scsi_status = src->scsiio.scsi_status;
1726	dest->scsi.sense_len = src->scsiio.sense_len;
1727	dest->hdr.status = src->io_hdr.status;
1728}
1729
1730void
1731ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1732{
1733	struct ctl_softc *softc = lun->ctl_softc;
1734	ctl_ua_type *pu;
1735
1736	if (initidx < softc->init_min || initidx >= softc->init_max)
1737		return;
1738	mtx_assert(&lun->lun_lock, MA_OWNED);
1739	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1740	if (pu == NULL)
1741		return;
1742	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1743}
1744
1745void
1746ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1747{
1748	int i;
1749
1750	mtx_assert(&lun->lun_lock, MA_OWNED);
1751	if (lun->pending_ua[port] == NULL)
1752		return;
1753	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1754		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1755			continue;
1756		lun->pending_ua[port][i] |= ua;
1757	}
1758}
1759
1760void
1761ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1762{
1763	struct ctl_softc *softc = lun->ctl_softc;
1764	int i;
1765
1766	mtx_assert(&lun->lun_lock, MA_OWNED);
1767	for (i = softc->port_min; i < softc->port_max; i++)
1768		ctl_est_ua_port(lun, i, except, ua);
1769}
1770
1771void
1772ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1773{
1774	struct ctl_softc *softc = lun->ctl_softc;
1775	ctl_ua_type *pu;
1776
1777	if (initidx < softc->init_min || initidx >= softc->init_max)
1778		return;
1779	mtx_assert(&lun->lun_lock, MA_OWNED);
1780	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1781	if (pu == NULL)
1782		return;
1783	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1784}
1785
1786void
1787ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1788{
1789	struct ctl_softc *softc = lun->ctl_softc;
1790	int i, j;
1791
1792	mtx_assert(&lun->lun_lock, MA_OWNED);
1793	for (i = softc->port_min; i < softc->port_max; i++) {
1794		if (lun->pending_ua[i] == NULL)
1795			continue;
1796		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1797			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1798				continue;
1799			lun->pending_ua[i][j] &= ~ua;
1800		}
1801	}
1802}
1803
1804void
1805ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1806    ctl_ua_type ua_type)
1807{
1808	struct ctl_lun *lun;
1809
1810	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1811	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1812		mtx_lock(&lun->lun_lock);
1813		ctl_clr_ua(lun, initidx, ua_type);
1814		mtx_unlock(&lun->lun_lock);
1815	}
1816}
1817
1818static int
1819ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1820{
1821	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1822	struct ctl_lun *lun;
1823	struct ctl_lun_req ireq;
1824	int error, value;
1825
1826	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1827	error = sysctl_handle_int(oidp, &value, 0, req);
1828	if ((error != 0) || (req->newptr == NULL))
1829		return (error);
1830
1831	mtx_lock(&softc->ctl_lock);
1832	if (value == 0)
1833		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1834	else
1835		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1836	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1837		mtx_unlock(&softc->ctl_lock);
1838		bzero(&ireq, sizeof(ireq));
1839		ireq.reqtype = CTL_LUNREQ_MODIFY;
1840		ireq.reqdata.modify.lun_id = lun->lun;
1841		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1842		    curthread);
1843		if (ireq.status != CTL_LUN_OK) {
1844			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1845			    __func__, ireq.status, ireq.error_str);
1846		}
1847		mtx_lock(&softc->ctl_lock);
1848	}
1849	mtx_unlock(&softc->ctl_lock);
1850	return (0);
1851}
1852
1853static int
1854ctl_init(void)
1855{
1856	struct make_dev_args args;
1857	struct ctl_softc *softc;
1858	int i, error;
1859
1860	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1861			       M_WAITOK | M_ZERO);
1862
1863	make_dev_args_init(&args);
1864	args.mda_devsw = &ctl_cdevsw;
1865	args.mda_uid = UID_ROOT;
1866	args.mda_gid = GID_OPERATOR;
1867	args.mda_mode = 0600;
1868	args.mda_si_drv1 = softc;
1869	error = make_dev_s(&args, &softc->dev, "cam/ctl");
1870	if (error != 0) {
1871		free(softc, M_DEVBUF);
1872		control_softc = NULL;
1873		return (error);
1874	}
1875
1876	sysctl_ctx_init(&softc->sysctl_ctx);
1877	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1878		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1879		CTLFLAG_RD, 0, "CAM Target Layer");
1880
1881	if (softc->sysctl_tree == NULL) {
1882		printf("%s: unable to allocate sysctl tree\n", __func__);
1883		destroy_dev(softc->dev);
1884		free(softc, M_DEVBUF);
1885		control_softc = NULL;
1886		return (ENOMEM);
1887	}
1888
1889	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1890	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1891	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1892	softc->flags = 0;
1893
1894	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1895	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1896	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1897
1898	if (ctl_max_luns <= 0 || powerof2(ctl_max_luns) == 0) {
1899		printf("Bad value %d for kern.cam.ctl.max_luns, must be a power of two, using %d\n",
1900		    ctl_max_luns, CTL_DEFAULT_MAX_LUNS);
1901		ctl_max_luns = CTL_DEFAULT_MAX_LUNS;
1902	}
1903	softc->ctl_luns = malloc(sizeof(struct ctl_lun *) * ctl_max_luns,
1904	    M_DEVBUF, M_WAITOK | M_ZERO);
1905	softc->ctl_lun_mask = malloc(sizeof(uint32_t) *
1906	    ((ctl_max_luns + 31) / 32), M_DEVBUF, M_WAITOK | M_ZERO);
1907	if (ctl_max_ports <= 0 || powerof2(ctl_max_ports) == 0) {
1908		printf("Bad value %d for kern.cam.ctl.max_ports, must be a power of two, using %d\n",
1909		    ctl_max_ports, CTL_DEFAULT_MAX_PORTS);
1910		ctl_max_ports = CTL_DEFAULT_MAX_PORTS;
1911	}
1912	softc->ctl_port_mask = malloc(sizeof(uint32_t) *
1913	  ((ctl_max_ports + 31) / 32), M_DEVBUF, M_WAITOK | M_ZERO);
1914	softc->ctl_ports = malloc(sizeof(struct ctl_port *) * ctl_max_ports,
1915	     M_DEVBUF, M_WAITOK | M_ZERO);
1916
1917
1918	/*
1919	 * In Copan's HA scheme, the "master" and "slave" roles are
1920	 * figured out through the slot the controller is in.  Although it
1921	 * is an active/active system, someone has to be in charge.
1922	 */
1923	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1924	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1925	    "HA head ID (0 - no HA)");
1926	if (softc->ha_id == 0 || softc->ha_id > NUM_HA_SHELVES) {
1927		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1928		softc->is_single = 1;
1929		softc->port_cnt = ctl_max_ports;
1930		softc->port_min = 0;
1931	} else {
1932		softc->port_cnt = ctl_max_ports / NUM_HA_SHELVES;
1933		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1934	}
1935	softc->port_max = softc->port_min + softc->port_cnt;
1936	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1937	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1938
1939	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1940	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1941	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1942
1943	STAILQ_INIT(&softc->lun_list);
1944	STAILQ_INIT(&softc->pending_lun_queue);
1945	STAILQ_INIT(&softc->fe_list);
1946	STAILQ_INIT(&softc->port_list);
1947	STAILQ_INIT(&softc->be_list);
1948	ctl_tpc_init(softc);
1949
1950	if (worker_threads <= 0)
1951		worker_threads = max(1, mp_ncpus / 4);
1952	if (worker_threads > CTL_MAX_THREADS)
1953		worker_threads = CTL_MAX_THREADS;
1954
1955	for (i = 0; i < worker_threads; i++) {
1956		struct ctl_thread *thr = &softc->threads[i];
1957
1958		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1959		thr->ctl_softc = softc;
1960		STAILQ_INIT(&thr->incoming_queue);
1961		STAILQ_INIT(&thr->rtr_queue);
1962		STAILQ_INIT(&thr->done_queue);
1963		STAILQ_INIT(&thr->isc_queue);
1964
1965		error = kproc_kthread_add(ctl_work_thread, thr,
1966		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1967		if (error != 0) {
1968			printf("error creating CTL work thread!\n");
1969			return (error);
1970		}
1971	}
1972	error = kproc_kthread_add(ctl_lun_thread, softc,
1973	    &softc->ctl_proc, &softc->lun_thread, 0, 0, "ctl", "lun");
1974	if (error != 0) {
1975		printf("error creating CTL lun thread!\n");
1976		return (error);
1977	}
1978	error = kproc_kthread_add(ctl_thresh_thread, softc,
1979	    &softc->ctl_proc, &softc->thresh_thread, 0, 0, "ctl", "thresh");
1980	if (error != 0) {
1981		printf("error creating CTL threshold thread!\n");
1982		return (error);
1983	}
1984
1985	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1986	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1987	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1988
1989	if (softc->is_single == 0) {
1990		if (ctl_frontend_register(&ha_frontend) != 0)
1991			softc->is_single = 1;
1992	}
1993	return (0);
1994}
1995
1996static int
1997ctl_shutdown(void)
1998{
1999	struct ctl_softc *softc = control_softc;
2000	int i;
2001
2002	if (softc->is_single == 0)
2003		ctl_frontend_deregister(&ha_frontend);
2004
2005	destroy_dev(softc->dev);
2006
2007	/* Shutdown CTL threads. */
2008	softc->shutdown = 1;
2009	for (i = 0; i < worker_threads; i++) {
2010		struct ctl_thread *thr = &softc->threads[i];
2011		while (thr->thread != NULL) {
2012			wakeup(thr);
2013			if (thr->thread != NULL)
2014				pause("CTL thr shutdown", 1);
2015		}
2016		mtx_destroy(&thr->queue_lock);
2017	}
2018	while (softc->lun_thread != NULL) {
2019		wakeup(&softc->pending_lun_queue);
2020		if (softc->lun_thread != NULL)
2021			pause("CTL thr shutdown", 1);
2022	}
2023	while (softc->thresh_thread != NULL) {
2024		wakeup(softc->thresh_thread);
2025		if (softc->thresh_thread != NULL)
2026			pause("CTL thr shutdown", 1);
2027	}
2028
2029	ctl_tpc_shutdown(softc);
2030	uma_zdestroy(softc->io_zone);
2031	mtx_destroy(&softc->ctl_lock);
2032
2033	free(softc->ctl_luns, M_DEVBUF);
2034	free(softc->ctl_lun_mask, M_DEVBUF);
2035	free(softc->ctl_port_mask, M_DEVBUF);
2036	free(softc->ctl_ports, M_DEVBUF);
2037
2038	sysctl_ctx_free(&softc->sysctl_ctx);
2039
2040	free(softc, M_DEVBUF);
2041	control_softc = NULL;
2042	return (0);
2043}
2044
2045static int
2046ctl_module_event_handler(module_t mod, int what, void *arg)
2047{
2048
2049	switch (what) {
2050	case MOD_LOAD:
2051		return (ctl_init());
2052	case MOD_UNLOAD:
2053		return (ctl_shutdown());
2054	default:
2055		return (EOPNOTSUPP);
2056	}
2057}
2058
2059/*
2060 * XXX KDM should we do some access checks here?  Bump a reference count to
2061 * prevent a CTL module from being unloaded while someone has it open?
2062 */
2063static int
2064ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
2065{
2066	return (0);
2067}
2068
2069static int
2070ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
2071{
2072	return (0);
2073}
2074
2075/*
2076 * Remove an initiator by port number and initiator ID.
2077 * Returns 0 for success, -1 for failure.
2078 */
2079int
2080ctl_remove_initiator(struct ctl_port *port, int iid)
2081{
2082	struct ctl_softc *softc = port->ctl_softc;
2083	int last;
2084
2085	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2086
2087	if (iid > CTL_MAX_INIT_PER_PORT) {
2088		printf("%s: initiator ID %u > maximun %u!\n",
2089		       __func__, iid, CTL_MAX_INIT_PER_PORT);
2090		return (-1);
2091	}
2092
2093	mtx_lock(&softc->ctl_lock);
2094	last = (--port->wwpn_iid[iid].in_use == 0);
2095	port->wwpn_iid[iid].last_use = time_uptime;
2096	mtx_unlock(&softc->ctl_lock);
2097	if (last)
2098		ctl_i_t_nexus_loss(softc, iid, CTL_UA_POWERON);
2099	ctl_isc_announce_iid(port, iid);
2100
2101	return (0);
2102}
2103
2104/*
2105 * Add an initiator to the initiator map.
2106 * Returns iid for success, < 0 for failure.
2107 */
2108int
2109ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
2110{
2111	struct ctl_softc *softc = port->ctl_softc;
2112	time_t best_time;
2113	int i, best;
2114
2115	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2116
2117	if (iid >= CTL_MAX_INIT_PER_PORT) {
2118		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
2119		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
2120		free(name, M_CTL);
2121		return (-1);
2122	}
2123
2124	mtx_lock(&softc->ctl_lock);
2125
2126	if (iid < 0 && (wwpn != 0 || name != NULL)) {
2127		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2128			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
2129				iid = i;
2130				break;
2131			}
2132			if (name != NULL && port->wwpn_iid[i].name != NULL &&
2133			    strcmp(name, port->wwpn_iid[i].name) == 0) {
2134				iid = i;
2135				break;
2136			}
2137		}
2138	}
2139
2140	if (iid < 0) {
2141		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2142			if (port->wwpn_iid[i].in_use == 0 &&
2143			    port->wwpn_iid[i].wwpn == 0 &&
2144			    port->wwpn_iid[i].name == NULL) {
2145				iid = i;
2146				break;
2147			}
2148		}
2149	}
2150
2151	if (iid < 0) {
2152		best = -1;
2153		best_time = INT32_MAX;
2154		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2155			if (port->wwpn_iid[i].in_use == 0) {
2156				if (port->wwpn_iid[i].last_use < best_time) {
2157					best = i;
2158					best_time = port->wwpn_iid[i].last_use;
2159				}
2160			}
2161		}
2162		iid = best;
2163	}
2164
2165	if (iid < 0) {
2166		mtx_unlock(&softc->ctl_lock);
2167		free(name, M_CTL);
2168		return (-2);
2169	}
2170
2171	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2172		/*
2173		 * This is not an error yet.
2174		 */
2175		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2176#if 0
2177			printf("%s: port %d iid %u WWPN %#jx arrived"
2178			    " again\n", __func__, port->targ_port,
2179			    iid, (uintmax_t)wwpn);
2180#endif
2181			goto take;
2182		}
2183		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2184		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2185#if 0
2186			printf("%s: port %d iid %u name '%s' arrived"
2187			    " again\n", __func__, port->targ_port,
2188			    iid, name);
2189#endif
2190			goto take;
2191		}
2192
2193		/*
2194		 * This is an error, but what do we do about it?  The
2195		 * driver is telling us we have a new WWPN for this
2196		 * initiator ID, so we pretty much need to use it.
2197		 */
2198		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2199		    " but WWPN %#jx '%s' is still at that address\n",
2200		    __func__, port->targ_port, iid, wwpn, name,
2201		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2202		    port->wwpn_iid[iid].name);
2203	}
2204take:
2205	free(port->wwpn_iid[iid].name, M_CTL);
2206	port->wwpn_iid[iid].name = name;
2207	port->wwpn_iid[iid].wwpn = wwpn;
2208	port->wwpn_iid[iid].in_use++;
2209	mtx_unlock(&softc->ctl_lock);
2210	ctl_isc_announce_iid(port, iid);
2211
2212	return (iid);
2213}
2214
2215static int
2216ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2217{
2218	int len;
2219
2220	switch (port->port_type) {
2221	case CTL_PORT_FC:
2222	{
2223		struct scsi_transportid_fcp *id =
2224		    (struct scsi_transportid_fcp *)buf;
2225		if (port->wwpn_iid[iid].wwpn == 0)
2226			return (0);
2227		memset(id, 0, sizeof(*id));
2228		id->format_protocol = SCSI_PROTO_FC;
2229		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2230		return (sizeof(*id));
2231	}
2232	case CTL_PORT_ISCSI:
2233	{
2234		struct scsi_transportid_iscsi_port *id =
2235		    (struct scsi_transportid_iscsi_port *)buf;
2236		if (port->wwpn_iid[iid].name == NULL)
2237			return (0);
2238		memset(id, 0, 256);
2239		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2240		    SCSI_PROTO_ISCSI;
2241		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2242		len = roundup2(min(len, 252), 4);
2243		scsi_ulto2b(len, id->additional_length);
2244		return (sizeof(*id) + len);
2245	}
2246	case CTL_PORT_SAS:
2247	{
2248		struct scsi_transportid_sas *id =
2249		    (struct scsi_transportid_sas *)buf;
2250		if (port->wwpn_iid[iid].wwpn == 0)
2251			return (0);
2252		memset(id, 0, sizeof(*id));
2253		id->format_protocol = SCSI_PROTO_SAS;
2254		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2255		return (sizeof(*id));
2256	}
2257	default:
2258	{
2259		struct scsi_transportid_spi *id =
2260		    (struct scsi_transportid_spi *)buf;
2261		memset(id, 0, sizeof(*id));
2262		id->format_protocol = SCSI_PROTO_SPI;
2263		scsi_ulto2b(iid, id->scsi_addr);
2264		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2265		return (sizeof(*id));
2266	}
2267	}
2268}
2269
2270/*
2271 * Serialize a command that went down the "wrong" side, and so was sent to
2272 * this controller for execution.  The logic is a little different than the
2273 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2274 * sent back to the other side, but in the success case, we execute the
2275 * command on this side (XFER mode) or tell the other side to execute it
2276 * (SER_ONLY mode).
2277 */
2278static void
2279ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2280{
2281	struct ctl_softc *softc = CTL_SOFTC(ctsio);
2282	struct ctl_port *port = CTL_PORT(ctsio);
2283	union ctl_ha_msg msg_info;
2284	struct ctl_lun *lun;
2285	const struct ctl_cmd_entry *entry;
2286	uint32_t targ_lun;
2287
2288	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2289
2290	/* Make sure that we know about this port. */
2291	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2292		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2293					 /*retry_count*/ 1);
2294		goto badjuju;
2295	}
2296
2297	/* Make sure that we know about this LUN. */
2298	mtx_lock(&softc->ctl_lock);
2299	if (targ_lun >= ctl_max_luns ||
2300	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
2301		mtx_unlock(&softc->ctl_lock);
2302
2303		/*
2304		 * The other node would not send this request to us unless
2305		 * received announce that we are primary node for this LUN.
2306		 * If this LUN does not exist now, it is probably result of
2307		 * a race, so respond to initiator in the most opaque way.
2308		 */
2309		ctl_set_busy(ctsio);
2310		goto badjuju;
2311	}
2312	mtx_lock(&lun->lun_lock);
2313	mtx_unlock(&softc->ctl_lock);
2314
2315	/*
2316	 * If the LUN is invalid, pretend that it doesn't exist.
2317	 * It will go away as soon as all pending I/Os completed.
2318	 */
2319	if (lun->flags & CTL_LUN_DISABLED) {
2320		mtx_unlock(&lun->lun_lock);
2321		ctl_set_busy(ctsio);
2322		goto badjuju;
2323	}
2324
2325	entry = ctl_get_cmd_entry(ctsio, NULL);
2326	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2327		mtx_unlock(&lun->lun_lock);
2328		goto badjuju;
2329	}
2330
2331	CTL_LUN(ctsio) = lun;
2332	CTL_BACKEND_LUN(ctsio) = lun->be_lun;
2333
2334	/*
2335	 * Every I/O goes into the OOA queue for a
2336	 * particular LUN, and stays there until completion.
2337	 */
2338#ifdef CTL_TIME_IO
2339	if (TAILQ_EMPTY(&lun->ooa_queue))
2340		lun->idle_time += getsbinuptime() - lun->last_busy;
2341#endif
2342	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2343
2344	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2345		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2346		 ooa_links))) {
2347	case CTL_ACTION_BLOCK:
2348		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2349		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2350				  blocked_links);
2351		mtx_unlock(&lun->lun_lock);
2352		break;
2353	case CTL_ACTION_PASS:
2354	case CTL_ACTION_SKIP:
2355		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2356			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2357			ctl_enqueue_rtr((union ctl_io *)ctsio);
2358			mtx_unlock(&lun->lun_lock);
2359		} else {
2360			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2361			mtx_unlock(&lun->lun_lock);
2362
2363			/* send msg back to other side */
2364			msg_info.hdr.original_sc = ctsio->io_hdr.remote_io;
2365			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2366			msg_info.hdr.msg_type = CTL_MSG_R2R;
2367			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2368			    sizeof(msg_info.hdr), M_WAITOK);
2369		}
2370		break;
2371	case CTL_ACTION_OVERLAP:
2372		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2373		mtx_unlock(&lun->lun_lock);
2374		ctl_set_overlapped_cmd(ctsio);
2375		goto badjuju;
2376	case CTL_ACTION_OVERLAP_TAG:
2377		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2378		mtx_unlock(&lun->lun_lock);
2379		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2380		goto badjuju;
2381	case CTL_ACTION_ERROR:
2382	default:
2383		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2384		mtx_unlock(&lun->lun_lock);
2385
2386		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2387					 /*retry_count*/ 0);
2388badjuju:
2389		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2390		msg_info.hdr.original_sc = ctsio->io_hdr.remote_io;
2391		msg_info.hdr.serializing_sc = NULL;
2392		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2393		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2394		    sizeof(msg_info.scsi), M_WAITOK);
2395		ctl_free_io((union ctl_io *)ctsio);
2396		break;
2397	}
2398}
2399
2400/*
2401 * Returns 0 for success, errno for failure.
2402 */
2403static void
2404ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2405		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2406{
2407	union ctl_io *io;
2408
2409	mtx_lock(&lun->lun_lock);
2410	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2411	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2412	     ooa_links)) {
2413		struct ctl_ooa_entry *entry;
2414
2415		/*
2416		 * If we've got more than we can fit, just count the
2417		 * remaining entries.
2418		 */
2419		if (*cur_fill_num >= ooa_hdr->alloc_num)
2420			continue;
2421
2422		entry = &kern_entries[*cur_fill_num];
2423
2424		entry->tag_num = io->scsiio.tag_num;
2425		entry->lun_num = lun->lun;
2426#ifdef CTL_TIME_IO
2427		entry->start_bt = io->io_hdr.start_bt;
2428#endif
2429		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2430		entry->cdb_len = io->scsiio.cdb_len;
2431		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2432			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2433
2434		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2435			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2436
2437		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2438			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2439
2440		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2441			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2442
2443		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2444			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2445	}
2446	mtx_unlock(&lun->lun_lock);
2447}
2448
2449static void *
2450ctl_copyin_alloc(void *user_addr, unsigned int len, char *error_str,
2451		 size_t error_str_len)
2452{
2453	void *kptr;
2454
2455	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2456
2457	if (copyin(user_addr, kptr, len) != 0) {
2458		snprintf(error_str, error_str_len, "Error copying %d bytes "
2459			 "from user address %p to kernel address %p", len,
2460			 user_addr, kptr);
2461		free(kptr, M_CTL);
2462		return (NULL);
2463	}
2464
2465	return (kptr);
2466}
2467
2468static void
2469ctl_free_args(int num_args, struct ctl_be_arg *args)
2470{
2471	int i;
2472
2473	if (args == NULL)
2474		return;
2475
2476	for (i = 0; i < num_args; i++) {
2477		free(args[i].kname, M_CTL);
2478		free(args[i].kvalue, M_CTL);
2479	}
2480
2481	free(args, M_CTL);
2482}
2483
2484static struct ctl_be_arg *
2485ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2486		char *error_str, size_t error_str_len)
2487{
2488	struct ctl_be_arg *args;
2489	int i;
2490
2491	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2492				error_str, error_str_len);
2493
2494	if (args == NULL)
2495		goto bailout;
2496
2497	for (i = 0; i < num_args; i++) {
2498		args[i].kname = NULL;
2499		args[i].kvalue = NULL;
2500	}
2501
2502	for (i = 0; i < num_args; i++) {
2503		uint8_t *tmpptr;
2504
2505		if (args[i].namelen == 0) {
2506			snprintf(error_str, error_str_len, "Argument %d "
2507				 "name length is zero", i);
2508			goto bailout;
2509		}
2510
2511		args[i].kname = ctl_copyin_alloc(args[i].name,
2512			args[i].namelen, error_str, error_str_len);
2513		if (args[i].kname == NULL)
2514			goto bailout;
2515
2516		if (args[i].kname[args[i].namelen - 1] != '\0') {
2517			snprintf(error_str, error_str_len, "Argument %d "
2518				 "name is not NUL-terminated", i);
2519			goto bailout;
2520		}
2521
2522		if (args[i].flags & CTL_BEARG_RD) {
2523			if (args[i].vallen == 0) {
2524				snprintf(error_str, error_str_len, "Argument %d "
2525					 "value length is zero", i);
2526				goto bailout;
2527			}
2528
2529			tmpptr = ctl_copyin_alloc(args[i].value,
2530				args[i].vallen, error_str, error_str_len);
2531			if (tmpptr == NULL)
2532				goto bailout;
2533
2534			if ((args[i].flags & CTL_BEARG_ASCII)
2535			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2536				snprintf(error_str, error_str_len, "Argument "
2537				    "%d value is not NUL-terminated", i);
2538				free(tmpptr, M_CTL);
2539				goto bailout;
2540			}
2541			args[i].kvalue = tmpptr;
2542		} else {
2543			args[i].kvalue = malloc(args[i].vallen,
2544			    M_CTL, M_WAITOK | M_ZERO);
2545		}
2546	}
2547
2548	return (args);
2549bailout:
2550
2551	ctl_free_args(num_args, args);
2552
2553	return (NULL);
2554}
2555
2556static void
2557ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2558{
2559	int i;
2560
2561	for (i = 0; i < num_args; i++) {
2562		if (args[i].flags & CTL_BEARG_WR)
2563			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2564	}
2565}
2566
2567/*
2568 * Escape characters that are illegal or not recommended in XML.
2569 */
2570int
2571ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2572{
2573	char *end = str + size;
2574	int retval;
2575
2576	retval = 0;
2577
2578	for (; *str && str < end; str++) {
2579		switch (*str) {
2580		case '&':
2581			retval = sbuf_printf(sb, "&amp;");
2582			break;
2583		case '>':
2584			retval = sbuf_printf(sb, "&gt;");
2585			break;
2586		case '<':
2587			retval = sbuf_printf(sb, "&lt;");
2588			break;
2589		default:
2590			retval = sbuf_putc(sb, *str);
2591			break;
2592		}
2593
2594		if (retval != 0)
2595			break;
2596
2597	}
2598
2599	return (retval);
2600}
2601
2602static void
2603ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2604{
2605	struct scsi_vpd_id_descriptor *desc;
2606	int i;
2607
2608	if (id == NULL || id->len < 4)
2609		return;
2610	desc = (struct scsi_vpd_id_descriptor *)id->data;
2611	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2612	case SVPD_ID_TYPE_T10:
2613		sbuf_printf(sb, "t10.");
2614		break;
2615	case SVPD_ID_TYPE_EUI64:
2616		sbuf_printf(sb, "eui.");
2617		break;
2618	case SVPD_ID_TYPE_NAA:
2619		sbuf_printf(sb, "naa.");
2620		break;
2621	case SVPD_ID_TYPE_SCSI_NAME:
2622		break;
2623	}
2624	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2625	case SVPD_ID_CODESET_BINARY:
2626		for (i = 0; i < desc->length; i++)
2627			sbuf_printf(sb, "%02x", desc->identifier[i]);
2628		break;
2629	case SVPD_ID_CODESET_ASCII:
2630		sbuf_printf(sb, "%.*s", (int)desc->length,
2631		    (char *)desc->identifier);
2632		break;
2633	case SVPD_ID_CODESET_UTF8:
2634		sbuf_printf(sb, "%s", (char *)desc->identifier);
2635		break;
2636	}
2637}
2638
2639static int
2640ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2641	  struct thread *td)
2642{
2643	struct ctl_softc *softc = dev->si_drv1;
2644	struct ctl_port *port;
2645	struct ctl_lun *lun;
2646	int retval;
2647
2648	retval = 0;
2649
2650	switch (cmd) {
2651	case CTL_IO:
2652		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2653		break;
2654	case CTL_ENABLE_PORT:
2655	case CTL_DISABLE_PORT:
2656	case CTL_SET_PORT_WWNS: {
2657		struct ctl_port *port;
2658		struct ctl_port_entry *entry;
2659
2660		entry = (struct ctl_port_entry *)addr;
2661
2662		mtx_lock(&softc->ctl_lock);
2663		STAILQ_FOREACH(port, &softc->port_list, links) {
2664			int action, done;
2665
2666			if (port->targ_port < softc->port_min ||
2667			    port->targ_port >= softc->port_max)
2668				continue;
2669
2670			action = 0;
2671			done = 0;
2672			if ((entry->port_type == CTL_PORT_NONE)
2673			 && (entry->targ_port == port->targ_port)) {
2674				/*
2675				 * If the user only wants to enable or
2676				 * disable or set WWNs on a specific port,
2677				 * do the operation and we're done.
2678				 */
2679				action = 1;
2680				done = 1;
2681			} else if (entry->port_type & port->port_type) {
2682				/*
2683				 * Compare the user's type mask with the
2684				 * particular frontend type to see if we
2685				 * have a match.
2686				 */
2687				action = 1;
2688				done = 0;
2689
2690				/*
2691				 * Make sure the user isn't trying to set
2692				 * WWNs on multiple ports at the same time.
2693				 */
2694				if (cmd == CTL_SET_PORT_WWNS) {
2695					printf("%s: Can't set WWNs on "
2696					       "multiple ports\n", __func__);
2697					retval = EINVAL;
2698					break;
2699				}
2700			}
2701			if (action == 0)
2702				continue;
2703
2704			/*
2705			 * XXX KDM we have to drop the lock here, because
2706			 * the online/offline operations can potentially
2707			 * block.  We need to reference count the frontends
2708			 * so they can't go away,
2709			 */
2710			if (cmd == CTL_ENABLE_PORT) {
2711				mtx_unlock(&softc->ctl_lock);
2712				ctl_port_online(port);
2713				mtx_lock(&softc->ctl_lock);
2714			} else if (cmd == CTL_DISABLE_PORT) {
2715				mtx_unlock(&softc->ctl_lock);
2716				ctl_port_offline(port);
2717				mtx_lock(&softc->ctl_lock);
2718			} else if (cmd == CTL_SET_PORT_WWNS) {
2719				ctl_port_set_wwns(port,
2720				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2721				    1 : 0, entry->wwnn,
2722				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2723				    1 : 0, entry->wwpn);
2724			}
2725			if (done != 0)
2726				break;
2727		}
2728		mtx_unlock(&softc->ctl_lock);
2729		break;
2730	}
2731	case CTL_GET_OOA: {
2732		struct ctl_ooa *ooa_hdr;
2733		struct ctl_ooa_entry *entries;
2734		uint32_t cur_fill_num;
2735
2736		ooa_hdr = (struct ctl_ooa *)addr;
2737
2738		if ((ooa_hdr->alloc_len == 0)
2739		 || (ooa_hdr->alloc_num == 0)) {
2740			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2741			       "must be non-zero\n", __func__,
2742			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2743			retval = EINVAL;
2744			break;
2745		}
2746
2747		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2748		    sizeof(struct ctl_ooa_entry))) {
2749			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2750			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2751			       __func__, ooa_hdr->alloc_len,
2752			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2753			retval = EINVAL;
2754			break;
2755		}
2756
2757		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2758		if (entries == NULL) {
2759			printf("%s: could not allocate %d bytes for OOA "
2760			       "dump\n", __func__, ooa_hdr->alloc_len);
2761			retval = ENOMEM;
2762			break;
2763		}
2764
2765		mtx_lock(&softc->ctl_lock);
2766		if ((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0 &&
2767		    (ooa_hdr->lun_num >= ctl_max_luns ||
2768		     softc->ctl_luns[ooa_hdr->lun_num] == NULL)) {
2769			mtx_unlock(&softc->ctl_lock);
2770			free(entries, M_CTL);
2771			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2772			       __func__, (uintmax_t)ooa_hdr->lun_num);
2773			retval = EINVAL;
2774			break;
2775		}
2776
2777		cur_fill_num = 0;
2778
2779		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2780			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2781				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2782				    ooa_hdr, entries);
2783			}
2784		} else {
2785			lun = softc->ctl_luns[ooa_hdr->lun_num];
2786			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2787			    entries);
2788		}
2789		mtx_unlock(&softc->ctl_lock);
2790
2791		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2792		ooa_hdr->fill_len = ooa_hdr->fill_num *
2793			sizeof(struct ctl_ooa_entry);
2794		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2795		if (retval != 0) {
2796			printf("%s: error copying out %d bytes for OOA dump\n",
2797			       __func__, ooa_hdr->fill_len);
2798		}
2799
2800		getbinuptime(&ooa_hdr->cur_bt);
2801
2802		if (cur_fill_num > ooa_hdr->alloc_num) {
2803			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2804			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2805		} else {
2806			ooa_hdr->dropped_num = 0;
2807			ooa_hdr->status = CTL_OOA_OK;
2808		}
2809
2810		free(entries, M_CTL);
2811		break;
2812	}
2813	case CTL_DELAY_IO: {
2814		struct ctl_io_delay_info *delay_info;
2815
2816		delay_info = (struct ctl_io_delay_info *)addr;
2817
2818#ifdef CTL_IO_DELAY
2819		mtx_lock(&softc->ctl_lock);
2820		if (delay_info->lun_id >= ctl_max_luns ||
2821		    (lun = softc->ctl_luns[delay_info->lun_id]) == NULL) {
2822			mtx_unlock(&softc->ctl_lock);
2823			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2824			break;
2825		}
2826		mtx_lock(&lun->lun_lock);
2827		mtx_unlock(&softc->ctl_lock);
2828		delay_info->status = CTL_DELAY_STATUS_OK;
2829		switch (delay_info->delay_type) {
2830		case CTL_DELAY_TYPE_CONT:
2831		case CTL_DELAY_TYPE_ONESHOT:
2832			break;
2833		default:
2834			delay_info->status = CTL_DELAY_STATUS_INVALID_TYPE;
2835			break;
2836		}
2837		switch (delay_info->delay_loc) {
2838		case CTL_DELAY_LOC_DATAMOVE:
2839			lun->delay_info.datamove_type = delay_info->delay_type;
2840			lun->delay_info.datamove_delay = delay_info->delay_secs;
2841			break;
2842		case CTL_DELAY_LOC_DONE:
2843			lun->delay_info.done_type = delay_info->delay_type;
2844			lun->delay_info.done_delay = delay_info->delay_secs;
2845			break;
2846		default:
2847			delay_info->status = CTL_DELAY_STATUS_INVALID_LOC;
2848			break;
2849		}
2850		mtx_unlock(&lun->lun_lock);
2851#else
2852		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2853#endif /* CTL_IO_DELAY */
2854		break;
2855	}
2856#ifdef CTL_LEGACY_STATS
2857	case CTL_GETSTATS: {
2858		struct ctl_stats *stats = (struct ctl_stats *)addr;
2859		int i;
2860
2861		/*
2862		 * XXX KDM no locking here.  If the LUN list changes,
2863		 * things can blow up.
2864		 */
2865		i = 0;
2866		stats->status = CTL_SS_OK;
2867		stats->fill_len = 0;
2868		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2869			if (stats->fill_len + sizeof(lun->legacy_stats) >
2870			    stats->alloc_len) {
2871				stats->status = CTL_SS_NEED_MORE_SPACE;
2872				break;
2873			}
2874			retval = copyout(&lun->legacy_stats, &stats->lun_stats[i++],
2875					 sizeof(lun->legacy_stats));
2876			if (retval != 0)
2877				break;
2878			stats->fill_len += sizeof(lun->legacy_stats);
2879		}
2880		stats->num_luns = softc->num_luns;
2881		stats->flags = CTL_STATS_FLAG_NONE;
2882#ifdef CTL_TIME_IO
2883		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
2884#endif
2885		getnanouptime(&stats->timestamp);
2886		break;
2887	}
2888#endif /* CTL_LEGACY_STATS */
2889	case CTL_ERROR_INJECT: {
2890		struct ctl_error_desc *err_desc, *new_err_desc;
2891
2892		err_desc = (struct ctl_error_desc *)addr;
2893
2894		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2895				      M_WAITOK | M_ZERO);
2896		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2897
2898		mtx_lock(&softc->ctl_lock);
2899		if (err_desc->lun_id >= ctl_max_luns ||
2900		    (lun = softc->ctl_luns[err_desc->lun_id]) == NULL) {
2901			mtx_unlock(&softc->ctl_lock);
2902			free(new_err_desc, M_CTL);
2903			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2904			       __func__, (uintmax_t)err_desc->lun_id);
2905			retval = EINVAL;
2906			break;
2907		}
2908		mtx_lock(&lun->lun_lock);
2909		mtx_unlock(&softc->ctl_lock);
2910
2911		/*
2912		 * We could do some checking here to verify the validity
2913		 * of the request, but given the complexity of error
2914		 * injection requests, the checking logic would be fairly
2915		 * complex.
2916		 *
2917		 * For now, if the request is invalid, it just won't get
2918		 * executed and might get deleted.
2919		 */
2920		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2921
2922		/*
2923		 * XXX KDM check to make sure the serial number is unique,
2924		 * in case we somehow manage to wrap.  That shouldn't
2925		 * happen for a very long time, but it's the right thing to
2926		 * do.
2927		 */
2928		new_err_desc->serial = lun->error_serial;
2929		err_desc->serial = lun->error_serial;
2930		lun->error_serial++;
2931
2932		mtx_unlock(&lun->lun_lock);
2933		break;
2934	}
2935	case CTL_ERROR_INJECT_DELETE: {
2936		struct ctl_error_desc *delete_desc, *desc, *desc2;
2937		int delete_done;
2938
2939		delete_desc = (struct ctl_error_desc *)addr;
2940		delete_done = 0;
2941
2942		mtx_lock(&softc->ctl_lock);
2943		if (delete_desc->lun_id >= ctl_max_luns ||
2944		    (lun = softc->ctl_luns[delete_desc->lun_id]) == NULL) {
2945			mtx_unlock(&softc->ctl_lock);
2946			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2947			       __func__, (uintmax_t)delete_desc->lun_id);
2948			retval = EINVAL;
2949			break;
2950		}
2951		mtx_lock(&lun->lun_lock);
2952		mtx_unlock(&softc->ctl_lock);
2953		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2954			if (desc->serial != delete_desc->serial)
2955				continue;
2956
2957			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2958				      links);
2959			free(desc, M_CTL);
2960			delete_done = 1;
2961		}
2962		mtx_unlock(&lun->lun_lock);
2963		if (delete_done == 0) {
2964			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2965			       "error serial %ju on LUN %u\n", __func__,
2966			       delete_desc->serial, delete_desc->lun_id);
2967			retval = EINVAL;
2968			break;
2969		}
2970		break;
2971	}
2972	case CTL_DUMP_STRUCTS: {
2973		int j, k;
2974		struct ctl_port *port;
2975		struct ctl_frontend *fe;
2976
2977		mtx_lock(&softc->ctl_lock);
2978		printf("CTL Persistent Reservation information start:\n");
2979		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2980			mtx_lock(&lun->lun_lock);
2981			if ((lun->flags & CTL_LUN_DISABLED) != 0) {
2982				mtx_unlock(&lun->lun_lock);
2983				continue;
2984			}
2985
2986			for (j = 0; j < ctl_max_ports; j++) {
2987				if (lun->pr_keys[j] == NULL)
2988					continue;
2989				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2990					if (lun->pr_keys[j][k] == 0)
2991						continue;
2992					printf("  LUN %ju port %d iid %d key "
2993					       "%#jx\n", lun->lun, j, k,
2994					       (uintmax_t)lun->pr_keys[j][k]);
2995				}
2996			}
2997			mtx_unlock(&lun->lun_lock);
2998		}
2999		printf("CTL Persistent Reservation information end\n");
3000		printf("CTL Ports:\n");
3001		STAILQ_FOREACH(port, &softc->port_list, links) {
3002			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3003			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3004			       port->frontend->name, port->port_type,
3005			       port->physical_port, port->virtual_port,
3006			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3007			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3008				if (port->wwpn_iid[j].in_use == 0 &&
3009				    port->wwpn_iid[j].wwpn == 0 &&
3010				    port->wwpn_iid[j].name == NULL)
3011					continue;
3012
3013				printf("    iid %u use %d WWPN %#jx '%s'\n",
3014				    j, port->wwpn_iid[j].in_use,
3015				    (uintmax_t)port->wwpn_iid[j].wwpn,
3016				    port->wwpn_iid[j].name);
3017			}
3018		}
3019		printf("CTL Port information end\n");
3020		mtx_unlock(&softc->ctl_lock);
3021		/*
3022		 * XXX KDM calling this without a lock.  We'd likely want
3023		 * to drop the lock before calling the frontend's dump
3024		 * routine anyway.
3025		 */
3026		printf("CTL Frontends:\n");
3027		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3028			printf("  Frontend '%s'\n", fe->name);
3029			if (fe->fe_dump != NULL)
3030				fe->fe_dump();
3031		}
3032		printf("CTL Frontend information end\n");
3033		break;
3034	}
3035	case CTL_LUN_REQ: {
3036		struct ctl_lun_req *lun_req;
3037		struct ctl_backend_driver *backend;
3038
3039		lun_req = (struct ctl_lun_req *)addr;
3040
3041		backend = ctl_backend_find(lun_req->backend);
3042		if (backend == NULL) {
3043			lun_req->status = CTL_LUN_ERROR;
3044			snprintf(lun_req->error_str,
3045				 sizeof(lun_req->error_str),
3046				 "Backend \"%s\" not found.",
3047				 lun_req->backend);
3048			break;
3049		}
3050		if (lun_req->num_be_args > 0) {
3051			lun_req->kern_be_args = ctl_copyin_args(
3052				lun_req->num_be_args,
3053				lun_req->be_args,
3054				lun_req->error_str,
3055				sizeof(lun_req->error_str));
3056			if (lun_req->kern_be_args == NULL) {
3057				lun_req->status = CTL_LUN_ERROR;
3058				break;
3059			}
3060		}
3061
3062		retval = backend->ioctl(dev, cmd, addr, flag, td);
3063
3064		if (lun_req->num_be_args > 0) {
3065			ctl_copyout_args(lun_req->num_be_args,
3066				      lun_req->kern_be_args);
3067			ctl_free_args(lun_req->num_be_args,
3068				      lun_req->kern_be_args);
3069		}
3070		break;
3071	}
3072	case CTL_LUN_LIST: {
3073		struct sbuf *sb;
3074		struct ctl_lun_list *list;
3075		struct ctl_option *opt;
3076
3077		list = (struct ctl_lun_list *)addr;
3078
3079		/*
3080		 * Allocate a fixed length sbuf here, based on the length
3081		 * of the user's buffer.  We could allocate an auto-extending
3082		 * buffer, and then tell the user how much larger our
3083		 * amount of data is than his buffer, but that presents
3084		 * some problems:
3085		 *
3086		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3087		 *     we can't hold a lock while calling them with an
3088		 *     auto-extending buffer.
3089 		 *
3090		 * 2.  There is not currently a LUN reference counting
3091		 *     mechanism, outside of outstanding transactions on
3092		 *     the LUN's OOA queue.  So a LUN could go away on us
3093		 *     while we're getting the LUN number, backend-specific
3094		 *     information, etc.  Thus, given the way things
3095		 *     currently work, we need to hold the CTL lock while
3096		 *     grabbing LUN information.
3097		 *
3098		 * So, from the user's standpoint, the best thing to do is
3099		 * allocate what he thinks is a reasonable buffer length,
3100		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3101		 * double the buffer length and try again.  (And repeat
3102		 * that until he succeeds.)
3103		 */
3104		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3105		if (sb == NULL) {
3106			list->status = CTL_LUN_LIST_ERROR;
3107			snprintf(list->error_str, sizeof(list->error_str),
3108				 "Unable to allocate %d bytes for LUN list",
3109				 list->alloc_len);
3110			break;
3111		}
3112
3113		sbuf_printf(sb, "<ctllunlist>\n");
3114
3115		mtx_lock(&softc->ctl_lock);
3116		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3117			mtx_lock(&lun->lun_lock);
3118			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3119					     (uintmax_t)lun->lun);
3120
3121			/*
3122			 * Bail out as soon as we see that we've overfilled
3123			 * the buffer.
3124			 */
3125			if (retval != 0)
3126				break;
3127
3128			retval = sbuf_printf(sb, "\t<backend_type>%s"
3129					     "</backend_type>\n",
3130					     (lun->backend == NULL) ?  "none" :
3131					     lun->backend->name);
3132
3133			if (retval != 0)
3134				break;
3135
3136			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3137					     lun->be_lun->lun_type);
3138
3139			if (retval != 0)
3140				break;
3141
3142			if (lun->backend == NULL) {
3143				retval = sbuf_printf(sb, "</lun>\n");
3144				if (retval != 0)
3145					break;
3146				continue;
3147			}
3148
3149			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3150					     (lun->be_lun->maxlba > 0) ?
3151					     lun->be_lun->maxlba + 1 : 0);
3152
3153			if (retval != 0)
3154				break;
3155
3156			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3157					     lun->be_lun->blocksize);
3158
3159			if (retval != 0)
3160				break;
3161
3162			retval = sbuf_printf(sb, "\t<serial_number>");
3163
3164			if (retval != 0)
3165				break;
3166
3167			retval = ctl_sbuf_printf_esc(sb,
3168			    lun->be_lun->serial_num,
3169			    sizeof(lun->be_lun->serial_num));
3170
3171			if (retval != 0)
3172				break;
3173
3174			retval = sbuf_printf(sb, "</serial_number>\n");
3175
3176			if (retval != 0)
3177				break;
3178
3179			retval = sbuf_printf(sb, "\t<device_id>");
3180
3181			if (retval != 0)
3182				break;
3183
3184			retval = ctl_sbuf_printf_esc(sb,
3185			    lun->be_lun->device_id,
3186			    sizeof(lun->be_lun->device_id));
3187
3188			if (retval != 0)
3189				break;
3190
3191			retval = sbuf_printf(sb, "</device_id>\n");
3192
3193			if (retval != 0)
3194				break;
3195
3196			if (lun->backend->lun_info != NULL) {
3197				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3198				if (retval != 0)
3199					break;
3200			}
3201			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3202				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3203				    opt->name, opt->value, opt->name);
3204				if (retval != 0)
3205					break;
3206			}
3207
3208			retval = sbuf_printf(sb, "</lun>\n");
3209
3210			if (retval != 0)
3211				break;
3212			mtx_unlock(&lun->lun_lock);
3213		}
3214		if (lun != NULL)
3215			mtx_unlock(&lun->lun_lock);
3216		mtx_unlock(&softc->ctl_lock);
3217
3218		if ((retval != 0)
3219		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3220			retval = 0;
3221			sbuf_delete(sb);
3222			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3223			snprintf(list->error_str, sizeof(list->error_str),
3224				 "Out of space, %d bytes is too small",
3225				 list->alloc_len);
3226			break;
3227		}
3228
3229		sbuf_finish(sb);
3230
3231		retval = copyout(sbuf_data(sb), list->lun_xml,
3232				 sbuf_len(sb) + 1);
3233
3234		list->fill_len = sbuf_len(sb) + 1;
3235		list->status = CTL_LUN_LIST_OK;
3236		sbuf_delete(sb);
3237		break;
3238	}
3239	case CTL_ISCSI: {
3240		struct ctl_iscsi *ci;
3241		struct ctl_frontend *fe;
3242
3243		ci = (struct ctl_iscsi *)addr;
3244
3245		fe = ctl_frontend_find("iscsi");
3246		if (fe == NULL) {
3247			ci->status = CTL_ISCSI_ERROR;
3248			snprintf(ci->error_str, sizeof(ci->error_str),
3249			    "Frontend \"iscsi\" not found.");
3250			break;
3251		}
3252
3253		retval = fe->ioctl(dev, cmd, addr, flag, td);
3254		break;
3255	}
3256	case CTL_PORT_REQ: {
3257		struct ctl_req *req;
3258		struct ctl_frontend *fe;
3259
3260		req = (struct ctl_req *)addr;
3261
3262		fe = ctl_frontend_find(req->driver);
3263		if (fe == NULL) {
3264			req->status = CTL_LUN_ERROR;
3265			snprintf(req->error_str, sizeof(req->error_str),
3266			    "Frontend \"%s\" not found.", req->driver);
3267			break;
3268		}
3269		if (req->num_args > 0) {
3270			req->kern_args = ctl_copyin_args(req->num_args,
3271			    req->args, req->error_str, sizeof(req->error_str));
3272			if (req->kern_args == NULL) {
3273				req->status = CTL_LUN_ERROR;
3274				break;
3275			}
3276		}
3277
3278		if (fe->ioctl)
3279			retval = fe->ioctl(dev, cmd, addr, flag, td);
3280		else
3281			retval = ENODEV;
3282
3283		if (req->num_args > 0) {
3284			ctl_copyout_args(req->num_args, req->kern_args);
3285			ctl_free_args(req->num_args, req->kern_args);
3286		}
3287		break;
3288	}
3289	case CTL_PORT_LIST: {
3290		struct sbuf *sb;
3291		struct ctl_port *port;
3292		struct ctl_lun_list *list;
3293		struct ctl_option *opt;
3294		int j;
3295		uint32_t plun;
3296
3297		list = (struct ctl_lun_list *)addr;
3298
3299		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3300		if (sb == NULL) {
3301			list->status = CTL_LUN_LIST_ERROR;
3302			snprintf(list->error_str, sizeof(list->error_str),
3303				 "Unable to allocate %d bytes for LUN list",
3304				 list->alloc_len);
3305			break;
3306		}
3307
3308		sbuf_printf(sb, "<ctlportlist>\n");
3309
3310		mtx_lock(&softc->ctl_lock);
3311		STAILQ_FOREACH(port, &softc->port_list, links) {
3312			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3313					     (uintmax_t)port->targ_port);
3314
3315			/*
3316			 * Bail out as soon as we see that we've overfilled
3317			 * the buffer.
3318			 */
3319			if (retval != 0)
3320				break;
3321
3322			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3323			    "</frontend_type>\n", port->frontend->name);
3324			if (retval != 0)
3325				break;
3326
3327			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3328					     port->port_type);
3329			if (retval != 0)
3330				break;
3331
3332			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3333			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3334			if (retval != 0)
3335				break;
3336
3337			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3338			    port->port_name);
3339			if (retval != 0)
3340				break;
3341
3342			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3343			    port->physical_port);
3344			if (retval != 0)
3345				break;
3346
3347			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3348			    port->virtual_port);
3349			if (retval != 0)
3350				break;
3351
3352			if (port->target_devid != NULL) {
3353				sbuf_printf(sb, "\t<target>");
3354				ctl_id_sbuf(port->target_devid, sb);
3355				sbuf_printf(sb, "</target>\n");
3356			}
3357
3358			if (port->port_devid != NULL) {
3359				sbuf_printf(sb, "\t<port>");
3360				ctl_id_sbuf(port->port_devid, sb);
3361				sbuf_printf(sb, "</port>\n");
3362			}
3363
3364			if (port->port_info != NULL) {
3365				retval = port->port_info(port->onoff_arg, sb);
3366				if (retval != 0)
3367					break;
3368			}
3369			STAILQ_FOREACH(opt, &port->options, links) {
3370				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3371				    opt->name, opt->value, opt->name);
3372				if (retval != 0)
3373					break;
3374			}
3375
3376			if (port->lun_map != NULL) {
3377				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3378				for (j = 0; j < port->lun_map_size; j++) {
3379					plun = ctl_lun_map_from_port(port, j);
3380					if (plun == UINT32_MAX)
3381						continue;
3382					sbuf_printf(sb,
3383					    "\t<lun id=\"%u\">%u</lun>\n",
3384					    j, plun);
3385				}
3386			}
3387
3388			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3389				if (port->wwpn_iid[j].in_use == 0 ||
3390				    (port->wwpn_iid[j].wwpn == 0 &&
3391				     port->wwpn_iid[j].name == NULL))
3392					continue;
3393
3394				if (port->wwpn_iid[j].name != NULL)
3395					retval = sbuf_printf(sb,
3396					    "\t<initiator id=\"%u\">%s</initiator>\n",
3397					    j, port->wwpn_iid[j].name);
3398				else
3399					retval = sbuf_printf(sb,
3400					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3401					    j, port->wwpn_iid[j].wwpn);
3402				if (retval != 0)
3403					break;
3404			}
3405			if (retval != 0)
3406				break;
3407
3408			retval = sbuf_printf(sb, "</targ_port>\n");
3409			if (retval != 0)
3410				break;
3411		}
3412		mtx_unlock(&softc->ctl_lock);
3413
3414		if ((retval != 0)
3415		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3416			retval = 0;
3417			sbuf_delete(sb);
3418			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3419			snprintf(list->error_str, sizeof(list->error_str),
3420				 "Out of space, %d bytes is too small",
3421				 list->alloc_len);
3422			break;
3423		}
3424
3425		sbuf_finish(sb);
3426
3427		retval = copyout(sbuf_data(sb), list->lun_xml,
3428				 sbuf_len(sb) + 1);
3429
3430		list->fill_len = sbuf_len(sb) + 1;
3431		list->status = CTL_LUN_LIST_OK;
3432		sbuf_delete(sb);
3433		break;
3434	}
3435	case CTL_LUN_MAP: {
3436		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3437		struct ctl_port *port;
3438
3439		mtx_lock(&softc->ctl_lock);
3440		if (lm->port < softc->port_min ||
3441		    lm->port >= softc->port_max ||
3442		    (port = softc->ctl_ports[lm->port]) == NULL) {
3443			mtx_unlock(&softc->ctl_lock);
3444			return (ENXIO);
3445		}
3446		if (port->status & CTL_PORT_STATUS_ONLINE) {
3447			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3448				if (ctl_lun_map_to_port(port, lun->lun) ==
3449				    UINT32_MAX)
3450					continue;
3451				mtx_lock(&lun->lun_lock);
3452				ctl_est_ua_port(lun, lm->port, -1,
3453				    CTL_UA_LUN_CHANGE);
3454				mtx_unlock(&lun->lun_lock);
3455			}
3456		}
3457		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3458		if (lm->plun != UINT32_MAX) {
3459			if (lm->lun == UINT32_MAX)
3460				retval = ctl_lun_map_unset(port, lm->plun);
3461			else if (lm->lun < ctl_max_luns &&
3462			    softc->ctl_luns[lm->lun] != NULL)
3463				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3464			else
3465				return (ENXIO);
3466		} else {
3467			if (lm->lun == UINT32_MAX)
3468				retval = ctl_lun_map_deinit(port);
3469			else
3470				retval = ctl_lun_map_init(port);
3471		}
3472		if (port->status & CTL_PORT_STATUS_ONLINE)
3473			ctl_isc_announce_port(port);
3474		break;
3475	}
3476	case CTL_GET_LUN_STATS: {
3477		struct ctl_get_io_stats *stats = (struct ctl_get_io_stats *)addr;
3478		int i;
3479
3480		/*
3481		 * XXX KDM no locking here.  If the LUN list changes,
3482		 * things can blow up.
3483		 */
3484		i = 0;
3485		stats->status = CTL_SS_OK;
3486		stats->fill_len = 0;
3487		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3488			if (lun->lun < stats->first_item)
3489				continue;
3490			if (stats->fill_len + sizeof(lun->stats) >
3491			    stats->alloc_len) {
3492				stats->status = CTL_SS_NEED_MORE_SPACE;
3493				break;
3494			}
3495			retval = copyout(&lun->stats, &stats->stats[i++],
3496					 sizeof(lun->stats));
3497			if (retval != 0)
3498				break;
3499			stats->fill_len += sizeof(lun->stats);
3500		}
3501		stats->num_items = softc->num_luns;
3502		stats->flags = CTL_STATS_FLAG_NONE;
3503#ifdef CTL_TIME_IO
3504		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
3505#endif
3506		getnanouptime(&stats->timestamp);
3507		break;
3508	}
3509	case CTL_GET_PORT_STATS: {
3510		struct ctl_get_io_stats *stats = (struct ctl_get_io_stats *)addr;
3511		int i;
3512
3513		/*
3514		 * XXX KDM no locking here.  If the LUN list changes,
3515		 * things can blow up.
3516		 */
3517		i = 0;
3518		stats->status = CTL_SS_OK;
3519		stats->fill_len = 0;
3520		STAILQ_FOREACH(port, &softc->port_list, links) {
3521			if (port->targ_port < stats->first_item)
3522				continue;
3523			if (stats->fill_len + sizeof(port->stats) >
3524			    stats->alloc_len) {
3525				stats->status = CTL_SS_NEED_MORE_SPACE;
3526				break;
3527			}
3528			retval = copyout(&port->stats, &stats->stats[i++],
3529					 sizeof(port->stats));
3530			if (retval != 0)
3531				break;
3532			stats->fill_len += sizeof(port->stats);
3533		}
3534		stats->num_items = softc->num_ports;
3535		stats->flags = CTL_STATS_FLAG_NONE;
3536#ifdef CTL_TIME_IO
3537		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
3538#endif
3539		getnanouptime(&stats->timestamp);
3540		break;
3541	}
3542	default: {
3543		/* XXX KDM should we fix this? */
3544#if 0
3545		struct ctl_backend_driver *backend;
3546		unsigned int type;
3547		int found;
3548
3549		found = 0;
3550
3551		/*
3552		 * We encode the backend type as the ioctl type for backend
3553		 * ioctls.  So parse it out here, and then search for a
3554		 * backend of this type.
3555		 */
3556		type = _IOC_TYPE(cmd);
3557
3558		STAILQ_FOREACH(backend, &softc->be_list, links) {
3559			if (backend->type == type) {
3560				found = 1;
3561				break;
3562			}
3563		}
3564		if (found == 0) {
3565			printf("ctl: unknown ioctl command %#lx or backend "
3566			       "%d\n", cmd, type);
3567			retval = EINVAL;
3568			break;
3569		}
3570		retval = backend->ioctl(dev, cmd, addr, flag, td);
3571#endif
3572		retval = ENOTTY;
3573		break;
3574	}
3575	}
3576	return (retval);
3577}
3578
3579uint32_t
3580ctl_get_initindex(struct ctl_nexus *nexus)
3581{
3582	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3583}
3584
3585int
3586ctl_lun_map_init(struct ctl_port *port)
3587{
3588	struct ctl_softc *softc = port->ctl_softc;
3589	struct ctl_lun *lun;
3590	int size = ctl_lun_map_size;
3591	uint32_t i;
3592
3593	if (port->lun_map == NULL || port->lun_map_size < size) {
3594		port->lun_map_size = 0;
3595		free(port->lun_map, M_CTL);
3596		port->lun_map = malloc(size * sizeof(uint32_t),
3597		    M_CTL, M_NOWAIT);
3598	}
3599	if (port->lun_map == NULL)
3600		return (ENOMEM);
3601	for (i = 0; i < size; i++)
3602		port->lun_map[i] = UINT32_MAX;
3603	port->lun_map_size = size;
3604	if (port->status & CTL_PORT_STATUS_ONLINE) {
3605		if (port->lun_disable != NULL) {
3606			STAILQ_FOREACH(lun, &softc->lun_list, links)
3607				port->lun_disable(port->targ_lun_arg, lun->lun);
3608		}
3609		ctl_isc_announce_port(port);
3610	}
3611	return (0);
3612}
3613
3614int
3615ctl_lun_map_deinit(struct ctl_port *port)
3616{
3617	struct ctl_softc *softc = port->ctl_softc;
3618	struct ctl_lun *lun;
3619
3620	if (port->lun_map == NULL)
3621		return (0);
3622	port->lun_map_size = 0;
3623	free(port->lun_map, M_CTL);
3624	port->lun_map = NULL;
3625	if (port->status & CTL_PORT_STATUS_ONLINE) {
3626		if (port->lun_enable != NULL) {
3627			STAILQ_FOREACH(lun, &softc->lun_list, links)
3628				port->lun_enable(port->targ_lun_arg, lun->lun);
3629		}
3630		ctl_isc_announce_port(port);
3631	}
3632	return (0);
3633}
3634
3635int
3636ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3637{
3638	int status;
3639	uint32_t old;
3640
3641	if (port->lun_map == NULL) {
3642		status = ctl_lun_map_init(port);
3643		if (status != 0)
3644			return (status);
3645	}
3646	if (plun >= port->lun_map_size)
3647		return (EINVAL);
3648	old = port->lun_map[plun];
3649	port->lun_map[plun] = glun;
3650	if ((port->status & CTL_PORT_STATUS_ONLINE) && old == UINT32_MAX) {
3651		if (port->lun_enable != NULL)
3652			port->lun_enable(port->targ_lun_arg, plun);
3653		ctl_isc_announce_port(port);
3654	}
3655	return (0);
3656}
3657
3658int
3659ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3660{
3661	uint32_t old;
3662
3663	if (port->lun_map == NULL || plun >= port->lun_map_size)
3664		return (0);
3665	old = port->lun_map[plun];
3666	port->lun_map[plun] = UINT32_MAX;
3667	if ((port->status & CTL_PORT_STATUS_ONLINE) && old != UINT32_MAX) {
3668		if (port->lun_disable != NULL)
3669			port->lun_disable(port->targ_lun_arg, plun);
3670		ctl_isc_announce_port(port);
3671	}
3672	return (0);
3673}
3674
3675uint32_t
3676ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3677{
3678
3679	if (port == NULL)
3680		return (UINT32_MAX);
3681	if (port->lun_map == NULL)
3682		return (lun_id);
3683	if (lun_id > port->lun_map_size)
3684		return (UINT32_MAX);
3685	return (port->lun_map[lun_id]);
3686}
3687
3688uint32_t
3689ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3690{
3691	uint32_t i;
3692
3693	if (port == NULL)
3694		return (UINT32_MAX);
3695	if (port->lun_map == NULL)
3696		return (lun_id);
3697	for (i = 0; i < port->lun_map_size; i++) {
3698		if (port->lun_map[i] == lun_id)
3699			return (i);
3700	}
3701	return (UINT32_MAX);
3702}
3703
3704uint32_t
3705ctl_decode_lun(uint64_t encoded)
3706{
3707	uint8_t lun[8];
3708	uint32_t result = 0xffffffff;
3709
3710	be64enc(lun, encoded);
3711	switch (lun[0] & RPL_LUNDATA_ATYP_MASK) {
3712	case RPL_LUNDATA_ATYP_PERIPH:
3713		if ((lun[0] & 0x3f) == 0 && lun[2] == 0 && lun[3] == 0 &&
3714		    lun[4] == 0 && lun[5] == 0 && lun[6] == 0 && lun[7] == 0)
3715			result = lun[1];
3716		break;
3717	case RPL_LUNDATA_ATYP_FLAT:
3718		if (lun[2] == 0 && lun[3] == 0 && lun[4] == 0 && lun[5] == 0 &&
3719		    lun[6] == 0 && lun[7] == 0)
3720			result = ((lun[0] & 0x3f) << 8) + lun[1];
3721		break;
3722	case RPL_LUNDATA_ATYP_EXTLUN:
3723		switch (lun[0] & RPL_LUNDATA_EXT_EAM_MASK) {
3724		case 0x02:
3725			switch (lun[0] & RPL_LUNDATA_EXT_LEN_MASK) {
3726			case 0x00:
3727				result = lun[1];
3728				break;
3729			case 0x10:
3730				result = (lun[1] << 16) + (lun[2] << 8) +
3731				    lun[3];
3732				break;
3733			case 0x20:
3734				if (lun[1] == 0 && lun[6] == 0 && lun[7] == 0)
3735					result = (lun[2] << 24) +
3736					    (lun[3] << 16) + (lun[4] << 8) +
3737					    lun[5];
3738				break;
3739			}
3740			break;
3741		case RPL_LUNDATA_EXT_EAM_NOT_SPEC:
3742			result = 0xffffffff;
3743			break;
3744		}
3745		break;
3746	}
3747	return (result);
3748}
3749
3750uint64_t
3751ctl_encode_lun(uint32_t decoded)
3752{
3753	uint64_t l = decoded;
3754
3755	if (l <= 0xff)
3756		return (((uint64_t)RPL_LUNDATA_ATYP_PERIPH << 56) | (l << 48));
3757	if (l <= 0x3fff)
3758		return (((uint64_t)RPL_LUNDATA_ATYP_FLAT << 56) | (l << 48));
3759	if (l <= 0xffffff)
3760		return (((uint64_t)(RPL_LUNDATA_ATYP_EXTLUN | 0x12) << 56) |
3761		    (l << 32));
3762	return ((((uint64_t)RPL_LUNDATA_ATYP_EXTLUN | 0x22) << 56) | (l << 16));
3763}
3764
3765int
3766ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3767{
3768	int i;
3769
3770	for (i = first; i < last; i++) {
3771		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3772			return (i);
3773	}
3774	return (-1);
3775}
3776
3777int
3778ctl_set_mask(uint32_t *mask, uint32_t bit)
3779{
3780	uint32_t chunk, piece;
3781
3782	chunk = bit >> 5;
3783	piece = bit % (sizeof(uint32_t) * 8);
3784
3785	if ((mask[chunk] & (1 << piece)) != 0)
3786		return (-1);
3787	else
3788		mask[chunk] |= (1 << piece);
3789
3790	return (0);
3791}
3792
3793int
3794ctl_clear_mask(uint32_t *mask, uint32_t bit)
3795{
3796	uint32_t chunk, piece;
3797
3798	chunk = bit >> 5;
3799	piece = bit % (sizeof(uint32_t) * 8);
3800
3801	if ((mask[chunk] & (1 << piece)) == 0)
3802		return (-1);
3803	else
3804		mask[chunk] &= ~(1 << piece);
3805
3806	return (0);
3807}
3808
3809int
3810ctl_is_set(uint32_t *mask, uint32_t bit)
3811{
3812	uint32_t chunk, piece;
3813
3814	chunk = bit >> 5;
3815	piece = bit % (sizeof(uint32_t) * 8);
3816
3817	if ((mask[chunk] & (1 << piece)) == 0)
3818		return (0);
3819	else
3820		return (1);
3821}
3822
3823static uint64_t
3824ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3825{
3826	uint64_t *t;
3827
3828	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3829	if (t == NULL)
3830		return (0);
3831	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3832}
3833
3834static void
3835ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3836{
3837	uint64_t *t;
3838
3839	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3840	if (t == NULL)
3841		return;
3842	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3843}
3844
3845static void
3846ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3847{
3848	uint64_t *p;
3849	u_int i;
3850
3851	i = residx/CTL_MAX_INIT_PER_PORT;
3852	if (lun->pr_keys[i] != NULL)
3853		return;
3854	mtx_unlock(&lun->lun_lock);
3855	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3856	    M_WAITOK | M_ZERO);
3857	mtx_lock(&lun->lun_lock);
3858	if (lun->pr_keys[i] == NULL)
3859		lun->pr_keys[i] = p;
3860	else
3861		free(p, M_CTL);
3862}
3863
3864static void
3865ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3866{
3867	uint64_t *t;
3868
3869	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3870	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3871	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3872}
3873
3874/*
3875 * ctl_softc, pool_name, total_ctl_io are passed in.
3876 * npool is passed out.
3877 */
3878int
3879ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3880		uint32_t total_ctl_io, void **npool)
3881{
3882	struct ctl_io_pool *pool;
3883
3884	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3885					    M_NOWAIT | M_ZERO);
3886	if (pool == NULL)
3887		return (ENOMEM);
3888
3889	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3890	pool->ctl_softc = ctl_softc;
3891#ifdef IO_POOLS
3892	pool->zone = uma_zsecond_create(pool->name, NULL,
3893	    NULL, NULL, NULL, ctl_softc->io_zone);
3894	/* uma_prealloc(pool->zone, total_ctl_io); */
3895#else
3896	pool->zone = ctl_softc->io_zone;
3897#endif
3898
3899	*npool = pool;
3900	return (0);
3901}
3902
3903void
3904ctl_pool_free(struct ctl_io_pool *pool)
3905{
3906
3907	if (pool == NULL)
3908		return;
3909
3910#ifdef IO_POOLS
3911	uma_zdestroy(pool->zone);
3912#endif
3913	free(pool, M_CTL);
3914}
3915
3916union ctl_io *
3917ctl_alloc_io(void *pool_ref)
3918{
3919	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3920	union ctl_io *io;
3921
3922	io = uma_zalloc(pool->zone, M_WAITOK);
3923	if (io != NULL) {
3924		io->io_hdr.pool = pool_ref;
3925		CTL_SOFTC(io) = pool->ctl_softc;
3926	}
3927	return (io);
3928}
3929
3930union ctl_io *
3931ctl_alloc_io_nowait(void *pool_ref)
3932{
3933	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3934	union ctl_io *io;
3935
3936	io = uma_zalloc(pool->zone, M_NOWAIT);
3937	if (io != NULL) {
3938		io->io_hdr.pool = pool_ref;
3939		CTL_SOFTC(io) = pool->ctl_softc;
3940	}
3941	return (io);
3942}
3943
3944void
3945ctl_free_io(union ctl_io *io)
3946{
3947	struct ctl_io_pool *pool;
3948
3949	if (io == NULL)
3950		return;
3951
3952	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3953	uma_zfree(pool->zone, io);
3954}
3955
3956void
3957ctl_zero_io(union ctl_io *io)
3958{
3959	struct ctl_io_pool *pool;
3960
3961	if (io == NULL)
3962		return;
3963
3964	/*
3965	 * May need to preserve linked list pointers at some point too.
3966	 */
3967	pool = io->io_hdr.pool;
3968	memset(io, 0, sizeof(*io));
3969	io->io_hdr.pool = pool;
3970	CTL_SOFTC(io) = pool->ctl_softc;
3971}
3972
3973int
3974ctl_expand_number(const char *buf, uint64_t *num)
3975{
3976	char *endptr;
3977	uint64_t number;
3978	unsigned shift;
3979
3980	number = strtoq(buf, &endptr, 0);
3981
3982	switch (tolower((unsigned char)*endptr)) {
3983	case 'e':
3984		shift = 60;
3985		break;
3986	case 'p':
3987		shift = 50;
3988		break;
3989	case 't':
3990		shift = 40;
3991		break;
3992	case 'g':
3993		shift = 30;
3994		break;
3995	case 'm':
3996		shift = 20;
3997		break;
3998	case 'k':
3999		shift = 10;
4000		break;
4001	case 'b':
4002	case '\0': /* No unit. */
4003		*num = number;
4004		return (0);
4005	default:
4006		/* Unrecognized unit. */
4007		return (-1);
4008	}
4009
4010	if ((number << shift) >> shift != number) {
4011		/* Overflow */
4012		return (-1);
4013	}
4014	*num = number << shift;
4015	return (0);
4016}
4017
4018
4019/*
4020 * This routine could be used in the future to load default and/or saved
4021 * mode page parameters for a particuar lun.
4022 */
4023static int
4024ctl_init_page_index(struct ctl_lun *lun)
4025{
4026	int i, page_code;
4027	struct ctl_page_index *page_index;
4028	const char *value;
4029	uint64_t ival;
4030
4031	memcpy(&lun->mode_pages.index, page_index_template,
4032	       sizeof(page_index_template));
4033
4034	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4035
4036		page_index = &lun->mode_pages.index[i];
4037		if (lun->be_lun->lun_type == T_DIRECT &&
4038		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4039			continue;
4040		if (lun->be_lun->lun_type == T_PROCESSOR &&
4041		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4042			continue;
4043		if (lun->be_lun->lun_type == T_CDROM &&
4044		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4045			continue;
4046
4047		page_code = page_index->page_code & SMPH_PC_MASK;
4048		switch (page_code) {
4049		case SMS_RW_ERROR_RECOVERY_PAGE: {
4050			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4051			    ("subpage %#x for page %#x is incorrect!",
4052			    page_index->subpage, page_code));
4053			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4054			       &rw_er_page_default,
4055			       sizeof(rw_er_page_default));
4056			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4057			       &rw_er_page_changeable,
4058			       sizeof(rw_er_page_changeable));
4059			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4060			       &rw_er_page_default,
4061			       sizeof(rw_er_page_default));
4062			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4063			       &rw_er_page_default,
4064			       sizeof(rw_er_page_default));
4065			page_index->page_data =
4066				(uint8_t *)lun->mode_pages.rw_er_page;
4067			break;
4068		}
4069		case SMS_FORMAT_DEVICE_PAGE: {
4070			struct scsi_format_page *format_page;
4071
4072			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4073			    ("subpage %#x for page %#x is incorrect!",
4074			    page_index->subpage, page_code));
4075
4076			/*
4077			 * Sectors per track are set above.  Bytes per
4078			 * sector need to be set here on a per-LUN basis.
4079			 */
4080			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4081			       &format_page_default,
4082			       sizeof(format_page_default));
4083			memcpy(&lun->mode_pages.format_page[
4084			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4085			       sizeof(format_page_changeable));
4086			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4087			       &format_page_default,
4088			       sizeof(format_page_default));
4089			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4090			       &format_page_default,
4091			       sizeof(format_page_default));
4092
4093			format_page = &lun->mode_pages.format_page[
4094				CTL_PAGE_CURRENT];
4095			scsi_ulto2b(lun->be_lun->blocksize,
4096				    format_page->bytes_per_sector);
4097
4098			format_page = &lun->mode_pages.format_page[
4099				CTL_PAGE_DEFAULT];
4100			scsi_ulto2b(lun->be_lun->blocksize,
4101				    format_page->bytes_per_sector);
4102
4103			format_page = &lun->mode_pages.format_page[
4104				CTL_PAGE_SAVED];
4105			scsi_ulto2b(lun->be_lun->blocksize,
4106				    format_page->bytes_per_sector);
4107
4108			page_index->page_data =
4109				(uint8_t *)lun->mode_pages.format_page;
4110			break;
4111		}
4112		case SMS_RIGID_DISK_PAGE: {
4113			struct scsi_rigid_disk_page *rigid_disk_page;
4114			uint32_t sectors_per_cylinder;
4115			uint64_t cylinders;
4116#ifndef	__XSCALE__
4117			int shift;
4118#endif /* !__XSCALE__ */
4119
4120			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4121			    ("subpage %#x for page %#x is incorrect!",
4122			    page_index->subpage, page_code));
4123
4124			/*
4125			 * Rotation rate and sectors per track are set
4126			 * above.  We calculate the cylinders here based on
4127			 * capacity.  Due to the number of heads and
4128			 * sectors per track we're using, smaller arrays
4129			 * may turn out to have 0 cylinders.  Linux and
4130			 * FreeBSD don't pay attention to these mode pages
4131			 * to figure out capacity, but Solaris does.  It
4132			 * seems to deal with 0 cylinders just fine, and
4133			 * works out a fake geometry based on the capacity.
4134			 */
4135			memcpy(&lun->mode_pages.rigid_disk_page[
4136			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4137			       sizeof(rigid_disk_page_default));
4138			memcpy(&lun->mode_pages.rigid_disk_page[
4139			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4140			       sizeof(rigid_disk_page_changeable));
4141
4142			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4143				CTL_DEFAULT_HEADS;
4144
4145			/*
4146			 * The divide method here will be more accurate,
4147			 * probably, but results in floating point being
4148			 * used in the kernel on i386 (__udivdi3()).  On the
4149			 * XScale, though, __udivdi3() is implemented in
4150			 * software.
4151			 *
4152			 * The shift method for cylinder calculation is
4153			 * accurate if sectors_per_cylinder is a power of
4154			 * 2.  Otherwise it might be slightly off -- you
4155			 * might have a bit of a truncation problem.
4156			 */
4157#ifdef	__XSCALE__
4158			cylinders = (lun->be_lun->maxlba + 1) /
4159				sectors_per_cylinder;
4160#else
4161			for (shift = 31; shift > 0; shift--) {
4162				if (sectors_per_cylinder & (1 << shift))
4163					break;
4164			}
4165			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4166#endif
4167
4168			/*
4169			 * We've basically got 3 bytes, or 24 bits for the
4170			 * cylinder size in the mode page.  If we're over,
4171			 * just round down to 2^24.
4172			 */
4173			if (cylinders > 0xffffff)
4174				cylinders = 0xffffff;
4175
4176			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4177				CTL_PAGE_DEFAULT];
4178			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4179
4180			if ((value = ctl_get_opt(&lun->be_lun->options,
4181			    "rpm")) != NULL) {
4182				scsi_ulto2b(strtol(value, NULL, 0),
4183				     rigid_disk_page->rotation_rate);
4184			}
4185
4186			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4187			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4188			       sizeof(rigid_disk_page_default));
4189			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4190			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4191			       sizeof(rigid_disk_page_default));
4192
4193			page_index->page_data =
4194				(uint8_t *)lun->mode_pages.rigid_disk_page;
4195			break;
4196		}
4197		case SMS_VERIFY_ERROR_RECOVERY_PAGE: {
4198			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4199			    ("subpage %#x for page %#x is incorrect!",
4200			    page_index->subpage, page_code));
4201			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CURRENT],
4202			       &verify_er_page_default,
4203			       sizeof(verify_er_page_default));
4204			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CHANGEABLE],
4205			       &verify_er_page_changeable,
4206			       sizeof(verify_er_page_changeable));
4207			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_DEFAULT],
4208			       &verify_er_page_default,
4209			       sizeof(verify_er_page_default));
4210			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_SAVED],
4211			       &verify_er_page_default,
4212			       sizeof(verify_er_page_default));
4213			page_index->page_data =
4214				(uint8_t *)lun->mode_pages.verify_er_page;
4215			break;
4216		}
4217		case SMS_CACHING_PAGE: {
4218			struct scsi_caching_page *caching_page;
4219
4220			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4221			    ("subpage %#x for page %#x is incorrect!",
4222			    page_index->subpage, page_code));
4223			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4224			       &caching_page_default,
4225			       sizeof(caching_page_default));
4226			memcpy(&lun->mode_pages.caching_page[
4227			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4228			       sizeof(caching_page_changeable));
4229			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4230			       &caching_page_default,
4231			       sizeof(caching_page_default));
4232			caching_page = &lun->mode_pages.caching_page[
4233			    CTL_PAGE_SAVED];
4234			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4235			if (value != NULL && strcmp(value, "off") == 0)
4236				caching_page->flags1 &= ~SCP_WCE;
4237			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4238			if (value != NULL && strcmp(value, "off") == 0)
4239				caching_page->flags1 |= SCP_RCD;
4240			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4241			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4242			       sizeof(caching_page_default));
4243			page_index->page_data =
4244				(uint8_t *)lun->mode_pages.caching_page;
4245			break;
4246		}
4247		case SMS_CONTROL_MODE_PAGE: {
4248			switch (page_index->subpage) {
4249			case SMS_SUBPAGE_PAGE_0: {
4250				struct scsi_control_page *control_page;
4251
4252				memcpy(&lun->mode_pages.control_page[
4253				    CTL_PAGE_DEFAULT],
4254				       &control_page_default,
4255				       sizeof(control_page_default));
4256				memcpy(&lun->mode_pages.control_page[
4257				    CTL_PAGE_CHANGEABLE],
4258				       &control_page_changeable,
4259				       sizeof(control_page_changeable));
4260				memcpy(&lun->mode_pages.control_page[
4261				    CTL_PAGE_SAVED],
4262				       &control_page_default,
4263				       sizeof(control_page_default));
4264				control_page = &lun->mode_pages.control_page[
4265				    CTL_PAGE_SAVED];
4266				value = ctl_get_opt(&lun->be_lun->options,
4267				    "reordering");
4268				if (value != NULL &&
4269				    strcmp(value, "unrestricted") == 0) {
4270					control_page->queue_flags &=
4271					    ~SCP_QUEUE_ALG_MASK;
4272					control_page->queue_flags |=
4273					    SCP_QUEUE_ALG_UNRESTRICTED;
4274				}
4275				memcpy(&lun->mode_pages.control_page[
4276				    CTL_PAGE_CURRENT],
4277				       &lun->mode_pages.control_page[
4278				    CTL_PAGE_SAVED],
4279				       sizeof(control_page_default));
4280				page_index->page_data =
4281				    (uint8_t *)lun->mode_pages.control_page;
4282				break;
4283			}
4284			case 0x01:
4285				memcpy(&lun->mode_pages.control_ext_page[
4286				    CTL_PAGE_DEFAULT],
4287				       &control_ext_page_default,
4288				       sizeof(control_ext_page_default));
4289				memcpy(&lun->mode_pages.control_ext_page[
4290				    CTL_PAGE_CHANGEABLE],
4291				       &control_ext_page_changeable,
4292				       sizeof(control_ext_page_changeable));
4293				memcpy(&lun->mode_pages.control_ext_page[
4294				    CTL_PAGE_SAVED],
4295				       &control_ext_page_default,
4296				       sizeof(control_ext_page_default));
4297				memcpy(&lun->mode_pages.control_ext_page[
4298				    CTL_PAGE_CURRENT],
4299				       &lun->mode_pages.control_ext_page[
4300				    CTL_PAGE_SAVED],
4301				       sizeof(control_ext_page_default));
4302				page_index->page_data =
4303				    (uint8_t *)lun->mode_pages.control_ext_page;
4304				break;
4305			default:
4306				panic("subpage %#x for page %#x is incorrect!",
4307				      page_index->subpage, page_code);
4308			}
4309			break;
4310		}
4311		case SMS_INFO_EXCEPTIONS_PAGE: {
4312			switch (page_index->subpage) {
4313			case SMS_SUBPAGE_PAGE_0:
4314				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4315				       &ie_page_default,
4316				       sizeof(ie_page_default));
4317				memcpy(&lun->mode_pages.ie_page[
4318				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4319				       sizeof(ie_page_changeable));
4320				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4321				       &ie_page_default,
4322				       sizeof(ie_page_default));
4323				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4324				       &ie_page_default,
4325				       sizeof(ie_page_default));
4326				page_index->page_data =
4327					(uint8_t *)lun->mode_pages.ie_page;
4328				break;
4329			case 0x02: {
4330				struct ctl_logical_block_provisioning_page *page;
4331
4332				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4333				       &lbp_page_default,
4334				       sizeof(lbp_page_default));
4335				memcpy(&lun->mode_pages.lbp_page[
4336				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4337				       sizeof(lbp_page_changeable));
4338				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4339				       &lbp_page_default,
4340				       sizeof(lbp_page_default));
4341				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4342				value = ctl_get_opt(&lun->be_lun->options,
4343				    "avail-threshold");
4344				if (value != NULL &&
4345				    ctl_expand_number(value, &ival) == 0) {
4346					page->descr[0].flags |= SLBPPD_ENABLED |
4347					    SLBPPD_ARMING_DEC;
4348					if (lun->be_lun->blocksize)
4349						ival /= lun->be_lun->blocksize;
4350					else
4351						ival /= 512;
4352					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4353					    page->descr[0].count);
4354				}
4355				value = ctl_get_opt(&lun->be_lun->options,
4356				    "used-threshold");
4357				if (value != NULL &&
4358				    ctl_expand_number(value, &ival) == 0) {
4359					page->descr[1].flags |= SLBPPD_ENABLED |
4360					    SLBPPD_ARMING_INC;
4361					if (lun->be_lun->blocksize)
4362						ival /= lun->be_lun->blocksize;
4363					else
4364						ival /= 512;
4365					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4366					    page->descr[1].count);
4367				}
4368				value = ctl_get_opt(&lun->be_lun->options,
4369				    "pool-avail-threshold");
4370				if (value != NULL &&
4371				    ctl_expand_number(value, &ival) == 0) {
4372					page->descr[2].flags |= SLBPPD_ENABLED |
4373					    SLBPPD_ARMING_DEC;
4374					if (lun->be_lun->blocksize)
4375						ival /= lun->be_lun->blocksize;
4376					else
4377						ival /= 512;
4378					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4379					    page->descr[2].count);
4380				}
4381				value = ctl_get_opt(&lun->be_lun->options,
4382				    "pool-used-threshold");
4383				if (value != NULL &&
4384				    ctl_expand_number(value, &ival) == 0) {
4385					page->descr[3].flags |= SLBPPD_ENABLED |
4386					    SLBPPD_ARMING_INC;
4387					if (lun->be_lun->blocksize)
4388						ival /= lun->be_lun->blocksize;
4389					else
4390						ival /= 512;
4391					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4392					    page->descr[3].count);
4393				}
4394				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4395				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4396				       sizeof(lbp_page_default));
4397				page_index->page_data =
4398					(uint8_t *)lun->mode_pages.lbp_page;
4399				break;
4400			}
4401			default:
4402				panic("subpage %#x for page %#x is incorrect!",
4403				      page_index->subpage, page_code);
4404			}
4405			break;
4406		}
4407		case SMS_CDDVD_CAPS_PAGE:{
4408			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4409			    ("subpage %#x for page %#x is incorrect!",
4410			    page_index->subpage, page_code));
4411			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_DEFAULT],
4412			       &cddvd_page_default,
4413			       sizeof(cddvd_page_default));
4414			memcpy(&lun->mode_pages.cddvd_page[
4415			       CTL_PAGE_CHANGEABLE], &cddvd_page_changeable,
4416			       sizeof(cddvd_page_changeable));
4417			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4418			       &cddvd_page_default,
4419			       sizeof(cddvd_page_default));
4420			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_CURRENT],
4421			       &lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4422			       sizeof(cddvd_page_default));
4423			page_index->page_data =
4424				(uint8_t *)lun->mode_pages.cddvd_page;
4425			break;
4426		}
4427		default:
4428			panic("invalid page code value %#x", page_code);
4429		}
4430	}
4431
4432	return (CTL_RETVAL_COMPLETE);
4433}
4434
4435static int
4436ctl_init_log_page_index(struct ctl_lun *lun)
4437{
4438	struct ctl_page_index *page_index;
4439	int i, j, k, prev;
4440
4441	memcpy(&lun->log_pages.index, log_page_index_template,
4442	       sizeof(log_page_index_template));
4443
4444	prev = -1;
4445	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4446
4447		page_index = &lun->log_pages.index[i];
4448		if (lun->be_lun->lun_type == T_DIRECT &&
4449		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4450			continue;
4451		if (lun->be_lun->lun_type == T_PROCESSOR &&
4452		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4453			continue;
4454		if (lun->be_lun->lun_type == T_CDROM &&
4455		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4456			continue;
4457
4458		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4459		    lun->backend->lun_attr == NULL)
4460			continue;
4461
4462		if (page_index->page_code != prev) {
4463			lun->log_pages.pages_page[j] = page_index->page_code;
4464			prev = page_index->page_code;
4465			j++;
4466		}
4467		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4468		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4469		k++;
4470	}
4471	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4472	lun->log_pages.index[0].page_len = j;
4473	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4474	lun->log_pages.index[1].page_len = k * 2;
4475	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4476	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4477	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4478	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4479	lun->log_pages.index[4].page_data = (uint8_t *)&lun->log_pages.ie_page;
4480	lun->log_pages.index[4].page_len = sizeof(lun->log_pages.ie_page);
4481
4482	return (CTL_RETVAL_COMPLETE);
4483}
4484
4485static int
4486hex2bin(const char *str, uint8_t *buf, int buf_size)
4487{
4488	int i;
4489	u_char c;
4490
4491	memset(buf, 0, buf_size);
4492	while (isspace(str[0]))
4493		str++;
4494	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4495		str += 2;
4496	buf_size *= 2;
4497	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4498		while (str[i] == '-')	/* Skip dashes in UUIDs. */
4499			str++;
4500		c = str[i];
4501		if (isdigit(c))
4502			c -= '0';
4503		else if (isalpha(c))
4504			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4505		else
4506			break;
4507		if (c >= 16)
4508			break;
4509		if ((i & 1) == 0)
4510			buf[i / 2] |= (c << 4);
4511		else
4512			buf[i / 2] |= c;
4513	}
4514	return ((i + 1) / 2);
4515}
4516
4517/*
4518 * LUN allocation.
4519 *
4520 * Requirements:
4521 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4522 *   wants us to allocate the LUN and he can block.
4523 * - ctl_softc is always set
4524 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4525 *
4526 * Returns 0 for success, non-zero (errno) for failure.
4527 */
4528static int
4529ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4530	      struct ctl_be_lun *const be_lun)
4531{
4532	struct ctl_lun *nlun, *lun;
4533	struct scsi_vpd_id_descriptor *desc;
4534	struct scsi_vpd_id_t10 *t10id;
4535	const char *eui, *naa, *scsiname, *uuid, *vendor, *value;
4536	int lun_number, lun_malloced;
4537	int devidlen, idlen1, idlen2 = 0, len;
4538
4539	if (be_lun == NULL)
4540		return (EINVAL);
4541
4542	/*
4543	 * We currently only support Direct Access or Processor LUN types.
4544	 */
4545	switch (be_lun->lun_type) {
4546	case T_DIRECT:
4547	case T_PROCESSOR:
4548	case T_CDROM:
4549		break;
4550	case T_SEQUENTIAL:
4551	case T_CHANGER:
4552	default:
4553		be_lun->lun_config_status(be_lun->be_lun,
4554					  CTL_LUN_CONFIG_FAILURE);
4555		break;
4556	}
4557	if (ctl_lun == NULL) {
4558		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4559		lun_malloced = 1;
4560	} else {
4561		lun_malloced = 0;
4562		lun = ctl_lun;
4563	}
4564
4565	memset(lun, 0, sizeof(*lun));
4566	if (lun_malloced)
4567		lun->flags = CTL_LUN_MALLOCED;
4568
4569	lun->pending_sense = malloc(sizeof(struct scsi_sense_data *) *
4570	    ctl_max_ports, M_DEVBUF, M_WAITOK | M_ZERO);
4571	lun->pending_ua = malloc(sizeof(ctl_ua_type *) * ctl_max_ports,
4572	    M_DEVBUF, M_WAITOK | M_ZERO);
4573	lun->pr_keys = malloc(sizeof(uint64_t *) * ctl_max_ports,
4574	    M_DEVBUF, M_WAITOK | M_ZERO);
4575
4576	/* Generate LUN ID. */
4577	devidlen = max(CTL_DEVID_MIN_LEN,
4578	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4579	idlen1 = sizeof(*t10id) + devidlen;
4580	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4581	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4582	if (scsiname != NULL) {
4583		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4584		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4585	}
4586	eui = ctl_get_opt(&be_lun->options, "eui");
4587	if (eui != NULL) {
4588		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4589	}
4590	naa = ctl_get_opt(&be_lun->options, "naa");
4591	if (naa != NULL) {
4592		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4593	}
4594	uuid = ctl_get_opt(&be_lun->options, "uuid");
4595	if (uuid != NULL) {
4596		len += sizeof(struct scsi_vpd_id_descriptor) + 18;
4597	}
4598	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4599	    M_CTL, M_WAITOK | M_ZERO);
4600	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4601	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4602	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4603	desc->length = idlen1;
4604	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4605	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4606	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4607		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4608	} else {
4609		strncpy(t10id->vendor, vendor,
4610		    min(sizeof(t10id->vendor), strlen(vendor)));
4611	}
4612	strncpy((char *)t10id->vendor_spec_id,
4613	    (char *)be_lun->device_id, devidlen);
4614	if (scsiname != NULL) {
4615		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4616		    desc->length);
4617		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4618		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4619		    SVPD_ID_TYPE_SCSI_NAME;
4620		desc->length = idlen2;
4621		strlcpy(desc->identifier, scsiname, idlen2);
4622	}
4623	if (eui != NULL) {
4624		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4625		    desc->length);
4626		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4627		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4628		    SVPD_ID_TYPE_EUI64;
4629		desc->length = hex2bin(eui, desc->identifier, 16);
4630		desc->length = desc->length > 12 ? 16 :
4631		    (desc->length > 8 ? 12 : 8);
4632		len -= 16 - desc->length;
4633	}
4634	if (naa != NULL) {
4635		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4636		    desc->length);
4637		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4638		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4639		    SVPD_ID_TYPE_NAA;
4640		desc->length = hex2bin(naa, desc->identifier, 16);
4641		desc->length = desc->length > 8 ? 16 : 8;
4642		len -= 16 - desc->length;
4643	}
4644	if (uuid != NULL) {
4645		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4646		    desc->length);
4647		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4648		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4649		    SVPD_ID_TYPE_UUID;
4650		desc->identifier[0] = 0x10;
4651		hex2bin(uuid, &desc->identifier[2], 16);
4652		desc->length = 18;
4653	}
4654	lun->lun_devid->len = len;
4655
4656	mtx_lock(&ctl_softc->ctl_lock);
4657	/*
4658	 * See if the caller requested a particular LUN number.  If so, see
4659	 * if it is available.  Otherwise, allocate the first available LUN.
4660	 */
4661	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4662		if ((be_lun->req_lun_id > (ctl_max_luns - 1))
4663		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4664			mtx_unlock(&ctl_softc->ctl_lock);
4665			if (be_lun->req_lun_id > (ctl_max_luns - 1)) {
4666				printf("ctl: requested LUN ID %d is higher "
4667				       "than ctl_max_luns - 1 (%d)\n",
4668				       be_lun->req_lun_id, ctl_max_luns - 1);
4669			} else {
4670				/*
4671				 * XXX KDM return an error, or just assign
4672				 * another LUN ID in this case??
4673				 */
4674				printf("ctl: requested LUN ID %d is already "
4675				       "in use\n", be_lun->req_lun_id);
4676			}
4677fail:
4678			free(lun->lun_devid, M_CTL);
4679			if (lun->flags & CTL_LUN_MALLOCED)
4680				free(lun, M_CTL);
4681			be_lun->lun_config_status(be_lun->be_lun,
4682						  CTL_LUN_CONFIG_FAILURE);
4683			return (ENOSPC);
4684		}
4685		lun_number = be_lun->req_lun_id;
4686	} else {
4687		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, ctl_max_luns);
4688		if (lun_number == -1) {
4689			mtx_unlock(&ctl_softc->ctl_lock);
4690			printf("ctl: can't allocate LUN, out of LUNs\n");
4691			goto fail;
4692		}
4693	}
4694	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4695	mtx_unlock(&ctl_softc->ctl_lock);
4696
4697	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4698	lun->lun = lun_number;
4699	lun->be_lun = be_lun;
4700	/*
4701	 * The processor LUN is always enabled.  Disk LUNs come on line
4702	 * disabled, and must be enabled by the backend.
4703	 */
4704	lun->flags |= CTL_LUN_DISABLED;
4705	lun->backend = be_lun->be;
4706	be_lun->ctl_lun = lun;
4707	be_lun->lun_id = lun_number;
4708	atomic_add_int(&be_lun->be->num_luns, 1);
4709	if (be_lun->flags & CTL_LUN_FLAG_EJECTED)
4710		lun->flags |= CTL_LUN_EJECTED;
4711	if (be_lun->flags & CTL_LUN_FLAG_NO_MEDIA)
4712		lun->flags |= CTL_LUN_NO_MEDIA;
4713	if (be_lun->flags & CTL_LUN_FLAG_STOPPED)
4714		lun->flags |= CTL_LUN_STOPPED;
4715
4716	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4717		lun->flags |= CTL_LUN_PRIMARY_SC;
4718
4719	value = ctl_get_opt(&be_lun->options, "removable");
4720	if (value != NULL) {
4721		if (strcmp(value, "on") == 0)
4722			lun->flags |= CTL_LUN_REMOVABLE;
4723	} else if (be_lun->lun_type == T_CDROM)
4724		lun->flags |= CTL_LUN_REMOVABLE;
4725
4726	lun->ctl_softc = ctl_softc;
4727#ifdef CTL_TIME_IO
4728	lun->last_busy = getsbinuptime();
4729#endif
4730	TAILQ_INIT(&lun->ooa_queue);
4731	TAILQ_INIT(&lun->blocked_queue);
4732	STAILQ_INIT(&lun->error_list);
4733	lun->ie_reported = 1;
4734	callout_init_mtx(&lun->ie_callout, &lun->lun_lock, 0);
4735	ctl_tpc_lun_init(lun);
4736	if (lun->flags & CTL_LUN_REMOVABLE) {
4737		lun->prevent = malloc((CTL_MAX_INITIATORS + 31) / 32 * 4,
4738		    M_CTL, M_WAITOK);
4739	}
4740
4741	/*
4742	 * Initialize the mode and log page index.
4743	 */
4744	ctl_init_page_index(lun);
4745	ctl_init_log_page_index(lun);
4746
4747	/* Setup statistics gathering */
4748#ifdef CTL_LEGACY_STATS
4749	lun->legacy_stats.device_type = be_lun->lun_type;
4750	lun->legacy_stats.lun_number = lun_number;
4751	lun->legacy_stats.blocksize = be_lun->blocksize;
4752	if (be_lun->blocksize == 0)
4753		lun->legacy_stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4754	lun->legacy_stats.ports = malloc(sizeof(struct ctl_lun_io_port_stats) *
4755	    ctl_max_ports, M_DEVBUF, M_WAITOK | M_ZERO);
4756	for (len = 0; len < ctl_max_ports; len++)
4757		lun->legacy_stats.ports[len].targ_port = len;
4758#endif /* CTL_LEGACY_STATS */
4759	lun->stats.item = lun_number;
4760
4761	/*
4762	 * Now, before we insert this lun on the lun list, set the lun
4763	 * inventory changed UA for all other luns.
4764	 */
4765	mtx_lock(&ctl_softc->ctl_lock);
4766	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4767		mtx_lock(&nlun->lun_lock);
4768		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4769		mtx_unlock(&nlun->lun_lock);
4770	}
4771	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4772	ctl_softc->ctl_luns[lun_number] = lun;
4773	ctl_softc->num_luns++;
4774	mtx_unlock(&ctl_softc->ctl_lock);
4775
4776	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4777	return (0);
4778}
4779
4780/*
4781 * Delete a LUN.
4782 * Assumptions:
4783 * - LUN has already been marked invalid and any pending I/O has been taken
4784 *   care of.
4785 */
4786static int
4787ctl_free_lun(struct ctl_lun *lun)
4788{
4789	struct ctl_softc *softc = lun->ctl_softc;
4790	struct ctl_lun *nlun;
4791	int i;
4792
4793	KASSERT(TAILQ_EMPTY(&lun->ooa_queue),
4794	    ("Freeing a LUN %p with outstanding I/O!\n", lun));
4795
4796	mtx_lock(&softc->ctl_lock);
4797	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4798	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4799	softc->ctl_luns[lun->lun] = NULL;
4800	softc->num_luns--;
4801	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4802		mtx_lock(&nlun->lun_lock);
4803		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4804		mtx_unlock(&nlun->lun_lock);
4805	}
4806	mtx_unlock(&softc->ctl_lock);
4807
4808	/*
4809	 * Tell the backend to free resources, if this LUN has a backend.
4810	 */
4811	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4812	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4813
4814	lun->ie_reportcnt = UINT32_MAX;
4815	callout_drain(&lun->ie_callout);
4816	ctl_tpc_lun_shutdown(lun);
4817	mtx_destroy(&lun->lun_lock);
4818	free(lun->lun_devid, M_CTL);
4819	for (i = 0; i < ctl_max_ports; i++)
4820		free(lun->pending_ua[i], M_CTL);
4821	free(lun->pending_ua, M_DEVBUF);
4822	for (i = 0; i < ctl_max_ports; i++)
4823		free(lun->pr_keys[i], M_CTL);
4824	free(lun->pr_keys, M_DEVBUF);
4825	free(lun->write_buffer, M_CTL);
4826	free(lun->prevent, M_CTL);
4827	if (lun->flags & CTL_LUN_MALLOCED)
4828		free(lun, M_CTL);
4829
4830	return (0);
4831}
4832
4833static void
4834ctl_create_lun(struct ctl_be_lun *be_lun)
4835{
4836
4837	/*
4838	 * ctl_alloc_lun() should handle all potential failure cases.
4839	 */
4840	ctl_alloc_lun(control_softc, NULL, be_lun);
4841}
4842
4843int
4844ctl_add_lun(struct ctl_be_lun *be_lun)
4845{
4846	struct ctl_softc *softc = control_softc;
4847
4848	mtx_lock(&softc->ctl_lock);
4849	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4850	mtx_unlock(&softc->ctl_lock);
4851	wakeup(&softc->pending_lun_queue);
4852
4853	return (0);
4854}
4855
4856int
4857ctl_enable_lun(struct ctl_be_lun *be_lun)
4858{
4859	struct ctl_softc *softc;
4860	struct ctl_port *port, *nport;
4861	struct ctl_lun *lun;
4862	int retval;
4863
4864	lun = (struct ctl_lun *)be_lun->ctl_lun;
4865	softc = lun->ctl_softc;
4866
4867	mtx_lock(&softc->ctl_lock);
4868	mtx_lock(&lun->lun_lock);
4869	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4870		/*
4871		 * eh?  Why did we get called if the LUN is already
4872		 * enabled?
4873		 */
4874		mtx_unlock(&lun->lun_lock);
4875		mtx_unlock(&softc->ctl_lock);
4876		return (0);
4877	}
4878	lun->flags &= ~CTL_LUN_DISABLED;
4879	mtx_unlock(&lun->lun_lock);
4880
4881	STAILQ_FOREACH_SAFE(port, &softc->port_list, links, nport) {
4882		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4883		    port->lun_map != NULL || port->lun_enable == NULL)
4884			continue;
4885
4886		/*
4887		 * Drop the lock while we call the FETD's enable routine.
4888		 * This can lead to a callback into CTL (at least in the
4889		 * case of the internal initiator frontend.
4890		 */
4891		mtx_unlock(&softc->ctl_lock);
4892		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4893		mtx_lock(&softc->ctl_lock);
4894		if (retval != 0) {
4895			printf("%s: FETD %s port %d returned error "
4896			       "%d for lun_enable on lun %jd\n",
4897			       __func__, port->port_name, port->targ_port,
4898			       retval, (intmax_t)lun->lun);
4899		}
4900	}
4901
4902	mtx_unlock(&softc->ctl_lock);
4903	ctl_isc_announce_lun(lun);
4904
4905	return (0);
4906}
4907
4908int
4909ctl_disable_lun(struct ctl_be_lun *be_lun)
4910{
4911	struct ctl_softc *softc;
4912	struct ctl_port *port;
4913	struct ctl_lun *lun;
4914	int retval;
4915
4916	lun = (struct ctl_lun *)be_lun->ctl_lun;
4917	softc = lun->ctl_softc;
4918
4919	mtx_lock(&softc->ctl_lock);
4920	mtx_lock(&lun->lun_lock);
4921	if (lun->flags & CTL_LUN_DISABLED) {
4922		mtx_unlock(&lun->lun_lock);
4923		mtx_unlock(&softc->ctl_lock);
4924		return (0);
4925	}
4926	lun->flags |= CTL_LUN_DISABLED;
4927	mtx_unlock(&lun->lun_lock);
4928
4929	STAILQ_FOREACH(port, &softc->port_list, links) {
4930		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4931		    port->lun_map != NULL || port->lun_disable == NULL)
4932			continue;
4933
4934		/*
4935		 * Drop the lock before we call the frontend's disable
4936		 * routine, to avoid lock order reversals.
4937		 *
4938		 * XXX KDM what happens if the frontend list changes while
4939		 * we're traversing it?  It's unlikely, but should be handled.
4940		 */
4941		mtx_unlock(&softc->ctl_lock);
4942		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4943		mtx_lock(&softc->ctl_lock);
4944		if (retval != 0) {
4945			printf("%s: FETD %s port %d returned error "
4946			       "%d for lun_disable on lun %jd\n",
4947			       __func__, port->port_name, port->targ_port,
4948			       retval, (intmax_t)lun->lun);
4949		}
4950	}
4951
4952	mtx_unlock(&softc->ctl_lock);
4953	ctl_isc_announce_lun(lun);
4954
4955	return (0);
4956}
4957
4958int
4959ctl_start_lun(struct ctl_be_lun *be_lun)
4960{
4961	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4962
4963	mtx_lock(&lun->lun_lock);
4964	lun->flags &= ~CTL_LUN_STOPPED;
4965	mtx_unlock(&lun->lun_lock);
4966	return (0);
4967}
4968
4969int
4970ctl_stop_lun(struct ctl_be_lun *be_lun)
4971{
4972	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4973
4974	mtx_lock(&lun->lun_lock);
4975	lun->flags |= CTL_LUN_STOPPED;
4976	mtx_unlock(&lun->lun_lock);
4977	return (0);
4978}
4979
4980int
4981ctl_lun_no_media(struct ctl_be_lun *be_lun)
4982{
4983	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4984
4985	mtx_lock(&lun->lun_lock);
4986	lun->flags |= CTL_LUN_NO_MEDIA;
4987	mtx_unlock(&lun->lun_lock);
4988	return (0);
4989}
4990
4991int
4992ctl_lun_has_media(struct ctl_be_lun *be_lun)
4993{
4994	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4995	union ctl_ha_msg msg;
4996
4997	mtx_lock(&lun->lun_lock);
4998	lun->flags &= ~(CTL_LUN_NO_MEDIA | CTL_LUN_EJECTED);
4999	if (lun->flags & CTL_LUN_REMOVABLE)
5000		ctl_est_ua_all(lun, -1, CTL_UA_MEDIUM_CHANGE);
5001	mtx_unlock(&lun->lun_lock);
5002	if ((lun->flags & CTL_LUN_REMOVABLE) &&
5003	    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
5004		bzero(&msg.ua, sizeof(msg.ua));
5005		msg.hdr.msg_type = CTL_MSG_UA;
5006		msg.hdr.nexus.initid = -1;
5007		msg.hdr.nexus.targ_port = -1;
5008		msg.hdr.nexus.targ_lun = lun->lun;
5009		msg.hdr.nexus.targ_mapped_lun = lun->lun;
5010		msg.ua.ua_all = 1;
5011		msg.ua.ua_set = 1;
5012		msg.ua.ua_type = CTL_UA_MEDIUM_CHANGE;
5013		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
5014		    M_WAITOK);
5015	}
5016	return (0);
5017}
5018
5019int
5020ctl_lun_ejected(struct ctl_be_lun *be_lun)
5021{
5022	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5023
5024	mtx_lock(&lun->lun_lock);
5025	lun->flags |= CTL_LUN_EJECTED;
5026	mtx_unlock(&lun->lun_lock);
5027	return (0);
5028}
5029
5030int
5031ctl_lun_primary(struct ctl_be_lun *be_lun)
5032{
5033	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5034
5035	mtx_lock(&lun->lun_lock);
5036	lun->flags |= CTL_LUN_PRIMARY_SC;
5037	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
5038	mtx_unlock(&lun->lun_lock);
5039	ctl_isc_announce_lun(lun);
5040	return (0);
5041}
5042
5043int
5044ctl_lun_secondary(struct ctl_be_lun *be_lun)
5045{
5046	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5047
5048	mtx_lock(&lun->lun_lock);
5049	lun->flags &= ~CTL_LUN_PRIMARY_SC;
5050	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
5051	mtx_unlock(&lun->lun_lock);
5052	ctl_isc_announce_lun(lun);
5053	return (0);
5054}
5055
5056int
5057ctl_invalidate_lun(struct ctl_be_lun *be_lun)
5058{
5059	struct ctl_softc *softc;
5060	struct ctl_lun *lun;
5061
5062	lun = (struct ctl_lun *)be_lun->ctl_lun;
5063	softc = lun->ctl_softc;
5064
5065	mtx_lock(&lun->lun_lock);
5066
5067	/*
5068	 * The LUN needs to be disabled before it can be marked invalid.
5069	 */
5070	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
5071		mtx_unlock(&lun->lun_lock);
5072		return (-1);
5073	}
5074	/*
5075	 * Mark the LUN invalid.
5076	 */
5077	lun->flags |= CTL_LUN_INVALID;
5078
5079	/*
5080	 * If there is nothing in the OOA queue, go ahead and free the LUN.
5081	 * If we have something in the OOA queue, we'll free it when the
5082	 * last I/O completes.
5083	 */
5084	if (TAILQ_EMPTY(&lun->ooa_queue)) {
5085		mtx_unlock(&lun->lun_lock);
5086		ctl_free_lun(lun);
5087	} else
5088		mtx_unlock(&lun->lun_lock);
5089
5090	return (0);
5091}
5092
5093void
5094ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5095{
5096	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5097	union ctl_ha_msg msg;
5098
5099	mtx_lock(&lun->lun_lock);
5100	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGE);
5101	mtx_unlock(&lun->lun_lock);
5102	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
5103		/* Send msg to other side. */
5104		bzero(&msg.ua, sizeof(msg.ua));
5105		msg.hdr.msg_type = CTL_MSG_UA;
5106		msg.hdr.nexus.initid = -1;
5107		msg.hdr.nexus.targ_port = -1;
5108		msg.hdr.nexus.targ_lun = lun->lun;
5109		msg.hdr.nexus.targ_mapped_lun = lun->lun;
5110		msg.ua.ua_all = 1;
5111		msg.ua.ua_set = 1;
5112		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGE;
5113		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
5114		    M_WAITOK);
5115	}
5116}
5117
5118/*
5119 * Backend "memory move is complete" callback for requests that never
5120 * make it down to say RAIDCore's configuration code.
5121 */
5122int
5123ctl_config_move_done(union ctl_io *io)
5124{
5125	int retval;
5126
5127	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5128	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
5129	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
5130
5131	if ((io->io_hdr.port_status != 0) &&
5132	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5133	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5134		ctl_set_internal_failure(&io->scsiio, /*sks_valid*/ 1,
5135		    /*retry_count*/ io->io_hdr.port_status);
5136	} else if (io->scsiio.kern_data_resid != 0 &&
5137	    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT &&
5138	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5139	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5140		ctl_set_invalid_field_ciu(&io->scsiio);
5141	}
5142
5143	if (ctl_debug & CTL_DEBUG_CDB_DATA)
5144		ctl_data_print(io);
5145	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
5146	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5147	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
5148	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5149		/*
5150		 * XXX KDM just assuming a single pointer here, and not a
5151		 * S/G list.  If we start using S/G lists for config data,
5152		 * we'll need to know how to clean them up here as well.
5153		 */
5154		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5155			free(io->scsiio.kern_data_ptr, M_CTL);
5156		ctl_done(io);
5157		retval = CTL_RETVAL_COMPLETE;
5158	} else {
5159		/*
5160		 * XXX KDM now we need to continue data movement.  Some
5161		 * options:
5162		 * - call ctl_scsiio() again?  We don't do this for data
5163		 *   writes, because for those at least we know ahead of
5164		 *   time where the write will go and how long it is.  For
5165		 *   config writes, though, that information is largely
5166		 *   contained within the write itself, thus we need to
5167		 *   parse out the data again.
5168		 *
5169		 * - Call some other function once the data is in?
5170		 */
5171
5172		/*
5173		 * XXX KDM call ctl_scsiio() again for now, and check flag
5174		 * bits to see whether we're allocated or not.
5175		 */
5176		retval = ctl_scsiio(&io->scsiio);
5177	}
5178	return (retval);
5179}
5180
5181/*
5182 * This gets called by a backend driver when it is done with a
5183 * data_submit method.
5184 */
5185void
5186ctl_data_submit_done(union ctl_io *io)
5187{
5188	/*
5189	 * If the IO_CONT flag is set, we need to call the supplied
5190	 * function to continue processing the I/O, instead of completing
5191	 * the I/O just yet.
5192	 *
5193	 * If there is an error, though, we don't want to keep processing.
5194	 * Instead, just send status back to the initiator.
5195	 */
5196	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5197	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5198	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5199	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5200		io->scsiio.io_cont(io);
5201		return;
5202	}
5203	ctl_done(io);
5204}
5205
5206/*
5207 * This gets called by a backend driver when it is done with a
5208 * configuration write.
5209 */
5210void
5211ctl_config_write_done(union ctl_io *io)
5212{
5213	uint8_t *buf;
5214
5215	/*
5216	 * If the IO_CONT flag is set, we need to call the supplied
5217	 * function to continue processing the I/O, instead of completing
5218	 * the I/O just yet.
5219	 *
5220	 * If there is an error, though, we don't want to keep processing.
5221	 * Instead, just send status back to the initiator.
5222	 */
5223	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5224	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5225	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5226	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5227		io->scsiio.io_cont(io);
5228		return;
5229	}
5230	/*
5231	 * Since a configuration write can be done for commands that actually
5232	 * have data allocated, like write buffer, and commands that have
5233	 * no data, like start/stop unit, we need to check here.
5234	 */
5235	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5236		buf = io->scsiio.kern_data_ptr;
5237	else
5238		buf = NULL;
5239	ctl_done(io);
5240	if (buf)
5241		free(buf, M_CTL);
5242}
5243
5244void
5245ctl_config_read_done(union ctl_io *io)
5246{
5247	uint8_t *buf;
5248
5249	/*
5250	 * If there is some error -- we are done, skip data transfer.
5251	 */
5252	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5253	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5254	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5255		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5256			buf = io->scsiio.kern_data_ptr;
5257		else
5258			buf = NULL;
5259		ctl_done(io);
5260		if (buf)
5261			free(buf, M_CTL);
5262		return;
5263	}
5264
5265	/*
5266	 * If the IO_CONT flag is set, we need to call the supplied
5267	 * function to continue processing the I/O, instead of completing
5268	 * the I/O just yet.
5269	 */
5270	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5271		io->scsiio.io_cont(io);
5272		return;
5273	}
5274
5275	ctl_datamove(io);
5276}
5277
5278/*
5279 * SCSI release command.
5280 */
5281int
5282ctl_scsi_release(struct ctl_scsiio *ctsio)
5283{
5284	struct ctl_lun *lun = CTL_LUN(ctsio);
5285	uint32_t residx;
5286
5287	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5288
5289	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5290
5291	/*
5292	 * XXX KDM right now, we only support LUN reservation.  We don't
5293	 * support 3rd party reservations, or extent reservations, which
5294	 * might actually need the parameter list.  If we've gotten this
5295	 * far, we've got a LUN reservation.  Anything else got kicked out
5296	 * above.  So, according to SPC, ignore the length.
5297	 */
5298
5299	mtx_lock(&lun->lun_lock);
5300
5301	/*
5302	 * According to SPC, it is not an error for an intiator to attempt
5303	 * to release a reservation on a LUN that isn't reserved, or that
5304	 * is reserved by another initiator.  The reservation can only be
5305	 * released, though, by the initiator who made it or by one of
5306	 * several reset type events.
5307	 */
5308	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5309			lun->flags &= ~CTL_LUN_RESERVED;
5310
5311	mtx_unlock(&lun->lun_lock);
5312
5313	ctl_set_success(ctsio);
5314	ctl_done((union ctl_io *)ctsio);
5315	return (CTL_RETVAL_COMPLETE);
5316}
5317
5318int
5319ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5320{
5321	struct ctl_lun *lun = CTL_LUN(ctsio);
5322	uint32_t residx;
5323
5324	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5325
5326	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5327
5328	/*
5329	 * XXX KDM right now, we only support LUN reservation.  We don't
5330	 * support 3rd party reservations, or extent reservations, which
5331	 * might actually need the parameter list.  If we've gotten this
5332	 * far, we've got a LUN reservation.  Anything else got kicked out
5333	 * above.  So, according to SPC, ignore the length.
5334	 */
5335
5336	mtx_lock(&lun->lun_lock);
5337	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5338		ctl_set_reservation_conflict(ctsio);
5339		goto bailout;
5340	}
5341
5342	/* SPC-3 exceptions to SPC-2 RESERVE and RELEASE behavior. */
5343	if (lun->flags & CTL_LUN_PR_RESERVED) {
5344		ctl_set_success(ctsio);
5345		goto bailout;
5346	}
5347
5348	lun->flags |= CTL_LUN_RESERVED;
5349	lun->res_idx = residx;
5350	ctl_set_success(ctsio);
5351
5352bailout:
5353	mtx_unlock(&lun->lun_lock);
5354	ctl_done((union ctl_io *)ctsio);
5355	return (CTL_RETVAL_COMPLETE);
5356}
5357
5358int
5359ctl_start_stop(struct ctl_scsiio *ctsio)
5360{
5361	struct ctl_lun *lun = CTL_LUN(ctsio);
5362	struct scsi_start_stop_unit *cdb;
5363	int retval;
5364
5365	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5366
5367	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5368
5369	if ((cdb->how & SSS_PC_MASK) == 0) {
5370		if ((lun->flags & CTL_LUN_PR_RESERVED) &&
5371		    (cdb->how & SSS_START) == 0) {
5372			uint32_t residx;
5373
5374			residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5375			if (ctl_get_prkey(lun, residx) == 0 ||
5376			    (lun->pr_res_idx != residx && lun->pr_res_type < 4)) {
5377
5378				ctl_set_reservation_conflict(ctsio);
5379				ctl_done((union ctl_io *)ctsio);
5380				return (CTL_RETVAL_COMPLETE);
5381			}
5382		}
5383
5384		if ((cdb->how & SSS_LOEJ) &&
5385		    (lun->flags & CTL_LUN_REMOVABLE) == 0) {
5386			ctl_set_invalid_field(ctsio,
5387					      /*sks_valid*/ 1,
5388					      /*command*/ 1,
5389					      /*field*/ 4,
5390					      /*bit_valid*/ 1,
5391					      /*bit*/ 1);
5392			ctl_done((union ctl_io *)ctsio);
5393			return (CTL_RETVAL_COMPLETE);
5394		}
5395
5396		if ((cdb->how & SSS_START) == 0 && (cdb->how & SSS_LOEJ) &&
5397		    lun->prevent_count > 0) {
5398			/* "Medium removal prevented" */
5399			ctl_set_sense(ctsio, /*current_error*/ 1,
5400			    /*sense_key*/(lun->flags & CTL_LUN_NO_MEDIA) ?
5401			     SSD_KEY_NOT_READY : SSD_KEY_ILLEGAL_REQUEST,
5402			    /*asc*/ 0x53, /*ascq*/ 0x02, SSD_ELEM_NONE);
5403			ctl_done((union ctl_io *)ctsio);
5404			return (CTL_RETVAL_COMPLETE);
5405		}
5406	}
5407
5408	retval = lun->backend->config_write((union ctl_io *)ctsio);
5409	return (retval);
5410}
5411
5412int
5413ctl_prevent_allow(struct ctl_scsiio *ctsio)
5414{
5415	struct ctl_lun *lun = CTL_LUN(ctsio);
5416	struct scsi_prevent *cdb;
5417	int retval;
5418	uint32_t initidx;
5419
5420	CTL_DEBUG_PRINT(("ctl_prevent_allow\n"));
5421
5422	cdb = (struct scsi_prevent *)ctsio->cdb;
5423
5424	if ((lun->flags & CTL_LUN_REMOVABLE) == 0 || lun->prevent == NULL) {
5425		ctl_set_invalid_opcode(ctsio);
5426		ctl_done((union ctl_io *)ctsio);
5427		return (CTL_RETVAL_COMPLETE);
5428	}
5429
5430	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5431	mtx_lock(&lun->lun_lock);
5432	if ((cdb->how & PR_PREVENT) &&
5433	    ctl_is_set(lun->prevent, initidx) == 0) {
5434		ctl_set_mask(lun->prevent, initidx);
5435		lun->prevent_count++;
5436	} else if ((cdb->how & PR_PREVENT) == 0 &&
5437	    ctl_is_set(lun->prevent, initidx)) {
5438		ctl_clear_mask(lun->prevent, initidx);
5439		lun->prevent_count--;
5440	}
5441	mtx_unlock(&lun->lun_lock);
5442	retval = lun->backend->config_write((union ctl_io *)ctsio);
5443	return (retval);
5444}
5445
5446/*
5447 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5448 * we don't really do anything with the LBA and length fields if the user
5449 * passes them in.  Instead we'll just flush out the cache for the entire
5450 * LUN.
5451 */
5452int
5453ctl_sync_cache(struct ctl_scsiio *ctsio)
5454{
5455	struct ctl_lun *lun = CTL_LUN(ctsio);
5456	struct ctl_lba_len_flags *lbalen;
5457	uint64_t starting_lba;
5458	uint32_t block_count;
5459	int retval;
5460	uint8_t byte2;
5461
5462	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5463
5464	retval = 0;
5465
5466	switch (ctsio->cdb[0]) {
5467	case SYNCHRONIZE_CACHE: {
5468		struct scsi_sync_cache *cdb;
5469		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5470
5471		starting_lba = scsi_4btoul(cdb->begin_lba);
5472		block_count = scsi_2btoul(cdb->lb_count);
5473		byte2 = cdb->byte2;
5474		break;
5475	}
5476	case SYNCHRONIZE_CACHE_16: {
5477		struct scsi_sync_cache_16 *cdb;
5478		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5479
5480		starting_lba = scsi_8btou64(cdb->begin_lba);
5481		block_count = scsi_4btoul(cdb->lb_count);
5482		byte2 = cdb->byte2;
5483		break;
5484	}
5485	default:
5486		ctl_set_invalid_opcode(ctsio);
5487		ctl_done((union ctl_io *)ctsio);
5488		goto bailout;
5489		break; /* NOTREACHED */
5490	}
5491
5492	/*
5493	 * We check the LBA and length, but don't do anything with them.
5494	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5495	 * get flushed.  This check will just help satisfy anyone who wants
5496	 * to see an error for an out of range LBA.
5497	 */
5498	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5499		ctl_set_lba_out_of_range(ctsio,
5500		    MAX(starting_lba, lun->be_lun->maxlba + 1));
5501		ctl_done((union ctl_io *)ctsio);
5502		goto bailout;
5503	}
5504
5505	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5506	lbalen->lba = starting_lba;
5507	lbalen->len = block_count;
5508	lbalen->flags = byte2;
5509	retval = lun->backend->config_write((union ctl_io *)ctsio);
5510
5511bailout:
5512	return (retval);
5513}
5514
5515int
5516ctl_format(struct ctl_scsiio *ctsio)
5517{
5518	struct scsi_format *cdb;
5519	int length, defect_list_len;
5520
5521	CTL_DEBUG_PRINT(("ctl_format\n"));
5522
5523	cdb = (struct scsi_format *)ctsio->cdb;
5524
5525	length = 0;
5526	if (cdb->byte2 & SF_FMTDATA) {
5527		if (cdb->byte2 & SF_LONGLIST)
5528			length = sizeof(struct scsi_format_header_long);
5529		else
5530			length = sizeof(struct scsi_format_header_short);
5531	}
5532
5533	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5534	 && (length > 0)) {
5535		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5536		ctsio->kern_data_len = length;
5537		ctsio->kern_total_len = length;
5538		ctsio->kern_rel_offset = 0;
5539		ctsio->kern_sg_entries = 0;
5540		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5541		ctsio->be_move_done = ctl_config_move_done;
5542		ctl_datamove((union ctl_io *)ctsio);
5543
5544		return (CTL_RETVAL_COMPLETE);
5545	}
5546
5547	defect_list_len = 0;
5548
5549	if (cdb->byte2 & SF_FMTDATA) {
5550		if (cdb->byte2 & SF_LONGLIST) {
5551			struct scsi_format_header_long *header;
5552
5553			header = (struct scsi_format_header_long *)
5554				ctsio->kern_data_ptr;
5555
5556			defect_list_len = scsi_4btoul(header->defect_list_len);
5557			if (defect_list_len != 0) {
5558				ctl_set_invalid_field(ctsio,
5559						      /*sks_valid*/ 1,
5560						      /*command*/ 0,
5561						      /*field*/ 2,
5562						      /*bit_valid*/ 0,
5563						      /*bit*/ 0);
5564				goto bailout;
5565			}
5566		} else {
5567			struct scsi_format_header_short *header;
5568
5569			header = (struct scsi_format_header_short *)
5570				ctsio->kern_data_ptr;
5571
5572			defect_list_len = scsi_2btoul(header->defect_list_len);
5573			if (defect_list_len != 0) {
5574				ctl_set_invalid_field(ctsio,
5575						      /*sks_valid*/ 1,
5576						      /*command*/ 0,
5577						      /*field*/ 2,
5578						      /*bit_valid*/ 0,
5579						      /*bit*/ 0);
5580				goto bailout;
5581			}
5582		}
5583	}
5584
5585	ctl_set_success(ctsio);
5586bailout:
5587
5588	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5589		free(ctsio->kern_data_ptr, M_CTL);
5590		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5591	}
5592
5593	ctl_done((union ctl_io *)ctsio);
5594	return (CTL_RETVAL_COMPLETE);
5595}
5596
5597int
5598ctl_read_buffer(struct ctl_scsiio *ctsio)
5599{
5600	struct ctl_lun *lun = CTL_LUN(ctsio);
5601	uint64_t buffer_offset;
5602	uint32_t len;
5603	uint8_t byte2;
5604	static uint8_t descr[4];
5605	static uint8_t echo_descr[4] = { 0 };
5606
5607	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5608
5609	switch (ctsio->cdb[0]) {
5610	case READ_BUFFER: {
5611		struct scsi_read_buffer *cdb;
5612
5613		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5614		buffer_offset = scsi_3btoul(cdb->offset);
5615		len = scsi_3btoul(cdb->length);
5616		byte2 = cdb->byte2;
5617		break;
5618	}
5619	case READ_BUFFER_16: {
5620		struct scsi_read_buffer_16 *cdb;
5621
5622		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5623		buffer_offset = scsi_8btou64(cdb->offset);
5624		len = scsi_4btoul(cdb->length);
5625		byte2 = cdb->byte2;
5626		break;
5627	}
5628	default: /* This shouldn't happen. */
5629		ctl_set_invalid_opcode(ctsio);
5630		ctl_done((union ctl_io *)ctsio);
5631		return (CTL_RETVAL_COMPLETE);
5632	}
5633
5634	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5635	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5636		ctl_set_invalid_field(ctsio,
5637				      /*sks_valid*/ 1,
5638				      /*command*/ 1,
5639				      /*field*/ 6,
5640				      /*bit_valid*/ 0,
5641				      /*bit*/ 0);
5642		ctl_done((union ctl_io *)ctsio);
5643		return (CTL_RETVAL_COMPLETE);
5644	}
5645
5646	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5647		descr[0] = 0;
5648		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5649		ctsio->kern_data_ptr = descr;
5650		len = min(len, sizeof(descr));
5651	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5652		ctsio->kern_data_ptr = echo_descr;
5653		len = min(len, sizeof(echo_descr));
5654	} else {
5655		if (lun->write_buffer == NULL) {
5656			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5657			    M_CTL, M_WAITOK);
5658		}
5659		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5660	}
5661	ctsio->kern_data_len = len;
5662	ctsio->kern_total_len = len;
5663	ctsio->kern_rel_offset = 0;
5664	ctsio->kern_sg_entries = 0;
5665	ctl_set_success(ctsio);
5666	ctsio->be_move_done = ctl_config_move_done;
5667	ctl_datamove((union ctl_io *)ctsio);
5668	return (CTL_RETVAL_COMPLETE);
5669}
5670
5671int
5672ctl_write_buffer(struct ctl_scsiio *ctsio)
5673{
5674	struct ctl_lun *lun = CTL_LUN(ctsio);
5675	struct scsi_write_buffer *cdb;
5676	int buffer_offset, len;
5677
5678	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5679
5680	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5681
5682	len = scsi_3btoul(cdb->length);
5683	buffer_offset = scsi_3btoul(cdb->offset);
5684
5685	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5686		ctl_set_invalid_field(ctsio,
5687				      /*sks_valid*/ 1,
5688				      /*command*/ 1,
5689				      /*field*/ 6,
5690				      /*bit_valid*/ 0,
5691				      /*bit*/ 0);
5692		ctl_done((union ctl_io *)ctsio);
5693		return (CTL_RETVAL_COMPLETE);
5694	}
5695
5696	/*
5697	 * If we've got a kernel request that hasn't been malloced yet,
5698	 * malloc it and tell the caller the data buffer is here.
5699	 */
5700	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5701		if (lun->write_buffer == NULL) {
5702			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5703			    M_CTL, M_WAITOK);
5704		}
5705		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5706		ctsio->kern_data_len = len;
5707		ctsio->kern_total_len = len;
5708		ctsio->kern_rel_offset = 0;
5709		ctsio->kern_sg_entries = 0;
5710		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5711		ctsio->be_move_done = ctl_config_move_done;
5712		ctl_datamove((union ctl_io *)ctsio);
5713
5714		return (CTL_RETVAL_COMPLETE);
5715	}
5716
5717	ctl_set_success(ctsio);
5718	ctl_done((union ctl_io *)ctsio);
5719	return (CTL_RETVAL_COMPLETE);
5720}
5721
5722int
5723ctl_write_same(struct ctl_scsiio *ctsio)
5724{
5725	struct ctl_lun *lun = CTL_LUN(ctsio);
5726	struct ctl_lba_len_flags *lbalen;
5727	uint64_t lba;
5728	uint32_t num_blocks;
5729	int len, retval;
5730	uint8_t byte2;
5731
5732	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5733
5734	switch (ctsio->cdb[0]) {
5735	case WRITE_SAME_10: {
5736		struct scsi_write_same_10 *cdb;
5737
5738		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5739
5740		lba = scsi_4btoul(cdb->addr);
5741		num_blocks = scsi_2btoul(cdb->length);
5742		byte2 = cdb->byte2;
5743		break;
5744	}
5745	case WRITE_SAME_16: {
5746		struct scsi_write_same_16 *cdb;
5747
5748		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5749
5750		lba = scsi_8btou64(cdb->addr);
5751		num_blocks = scsi_4btoul(cdb->length);
5752		byte2 = cdb->byte2;
5753		break;
5754	}
5755	default:
5756		/*
5757		 * We got a command we don't support.  This shouldn't
5758		 * happen, commands should be filtered out above us.
5759		 */
5760		ctl_set_invalid_opcode(ctsio);
5761		ctl_done((union ctl_io *)ctsio);
5762
5763		return (CTL_RETVAL_COMPLETE);
5764		break; /* NOTREACHED */
5765	}
5766
5767	/* ANCHOR flag can be used only together with UNMAP */
5768	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5769		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5770		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5771		ctl_done((union ctl_io *)ctsio);
5772		return (CTL_RETVAL_COMPLETE);
5773	}
5774
5775	/*
5776	 * The first check is to make sure we're in bounds, the second
5777	 * check is to catch wrap-around problems.  If the lba + num blocks
5778	 * is less than the lba, then we've wrapped around and the block
5779	 * range is invalid anyway.
5780	 */
5781	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5782	 || ((lba + num_blocks) < lba)) {
5783		ctl_set_lba_out_of_range(ctsio,
5784		    MAX(lba, lun->be_lun->maxlba + 1));
5785		ctl_done((union ctl_io *)ctsio);
5786		return (CTL_RETVAL_COMPLETE);
5787	}
5788
5789	/* Zero number of blocks means "to the last logical block" */
5790	if (num_blocks == 0) {
5791		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5792			ctl_set_invalid_field(ctsio,
5793					      /*sks_valid*/ 0,
5794					      /*command*/ 1,
5795					      /*field*/ 0,
5796					      /*bit_valid*/ 0,
5797					      /*bit*/ 0);
5798			ctl_done((union ctl_io *)ctsio);
5799			return (CTL_RETVAL_COMPLETE);
5800		}
5801		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5802	}
5803
5804	len = lun->be_lun->blocksize;
5805
5806	/*
5807	 * If we've got a kernel request that hasn't been malloced yet,
5808	 * malloc it and tell the caller the data buffer is here.
5809	 */
5810	if ((byte2 & SWS_NDOB) == 0 &&
5811	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5812		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5813		ctsio->kern_data_len = len;
5814		ctsio->kern_total_len = len;
5815		ctsio->kern_rel_offset = 0;
5816		ctsio->kern_sg_entries = 0;
5817		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5818		ctsio->be_move_done = ctl_config_move_done;
5819		ctl_datamove((union ctl_io *)ctsio);
5820
5821		return (CTL_RETVAL_COMPLETE);
5822	}
5823
5824	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5825	lbalen->lba = lba;
5826	lbalen->len = num_blocks;
5827	lbalen->flags = byte2;
5828	retval = lun->backend->config_write((union ctl_io *)ctsio);
5829
5830	return (retval);
5831}
5832
5833int
5834ctl_unmap(struct ctl_scsiio *ctsio)
5835{
5836	struct ctl_lun *lun = CTL_LUN(ctsio);
5837	struct scsi_unmap *cdb;
5838	struct ctl_ptr_len_flags *ptrlen;
5839	struct scsi_unmap_header *hdr;
5840	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5841	uint64_t lba;
5842	uint32_t num_blocks;
5843	int len, retval;
5844	uint8_t byte2;
5845
5846	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5847
5848	cdb = (struct scsi_unmap *)ctsio->cdb;
5849	len = scsi_2btoul(cdb->length);
5850	byte2 = cdb->byte2;
5851
5852	/*
5853	 * If we've got a kernel request that hasn't been malloced yet,
5854	 * malloc it and tell the caller the data buffer is here.
5855	 */
5856	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5857		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5858		ctsio->kern_data_len = len;
5859		ctsio->kern_total_len = len;
5860		ctsio->kern_rel_offset = 0;
5861		ctsio->kern_sg_entries = 0;
5862		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5863		ctsio->be_move_done = ctl_config_move_done;
5864		ctl_datamove((union ctl_io *)ctsio);
5865
5866		return (CTL_RETVAL_COMPLETE);
5867	}
5868
5869	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5870	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5871	if (len < sizeof (*hdr) ||
5872	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5873	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5874	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5875		ctl_set_invalid_field(ctsio,
5876				      /*sks_valid*/ 0,
5877				      /*command*/ 0,
5878				      /*field*/ 0,
5879				      /*bit_valid*/ 0,
5880				      /*bit*/ 0);
5881		goto done;
5882	}
5883	len = scsi_2btoul(hdr->desc_length);
5884	buf = (struct scsi_unmap_desc *)(hdr + 1);
5885	end = buf + len / sizeof(*buf);
5886
5887	endnz = buf;
5888	for (range = buf; range < end; range++) {
5889		lba = scsi_8btou64(range->lba);
5890		num_blocks = scsi_4btoul(range->length);
5891		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5892		 || ((lba + num_blocks) < lba)) {
5893			ctl_set_lba_out_of_range(ctsio,
5894			    MAX(lba, lun->be_lun->maxlba + 1));
5895			ctl_done((union ctl_io *)ctsio);
5896			return (CTL_RETVAL_COMPLETE);
5897		}
5898		if (num_blocks != 0)
5899			endnz = range + 1;
5900	}
5901
5902	/*
5903	 * Block backend can not handle zero last range.
5904	 * Filter it out and return if there is nothing left.
5905	 */
5906	len = (uint8_t *)endnz - (uint8_t *)buf;
5907	if (len == 0) {
5908		ctl_set_success(ctsio);
5909		goto done;
5910	}
5911
5912	mtx_lock(&lun->lun_lock);
5913	ptrlen = (struct ctl_ptr_len_flags *)
5914	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5915	ptrlen->ptr = (void *)buf;
5916	ptrlen->len = len;
5917	ptrlen->flags = byte2;
5918	ctl_check_blocked(lun);
5919	mtx_unlock(&lun->lun_lock);
5920
5921	retval = lun->backend->config_write((union ctl_io *)ctsio);
5922	return (retval);
5923
5924done:
5925	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5926		free(ctsio->kern_data_ptr, M_CTL);
5927		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5928	}
5929	ctl_done((union ctl_io *)ctsio);
5930	return (CTL_RETVAL_COMPLETE);
5931}
5932
5933int
5934ctl_default_page_handler(struct ctl_scsiio *ctsio,
5935			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5936{
5937	struct ctl_lun *lun = CTL_LUN(ctsio);
5938	uint8_t *current_cp;
5939	int set_ua;
5940	uint32_t initidx;
5941
5942	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5943	set_ua = 0;
5944
5945	current_cp = (page_index->page_data + (page_index->page_len *
5946	    CTL_PAGE_CURRENT));
5947
5948	mtx_lock(&lun->lun_lock);
5949	if (memcmp(current_cp, page_ptr, page_index->page_len)) {
5950		memcpy(current_cp, page_ptr, page_index->page_len);
5951		set_ua = 1;
5952	}
5953	if (set_ua != 0)
5954		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5955	mtx_unlock(&lun->lun_lock);
5956	if (set_ua) {
5957		ctl_isc_announce_mode(lun,
5958		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5959		    page_index->page_code, page_index->subpage);
5960	}
5961	return (CTL_RETVAL_COMPLETE);
5962}
5963
5964static void
5965ctl_ie_timer(void *arg)
5966{
5967	struct ctl_lun *lun = arg;
5968	uint64_t t;
5969
5970	if (lun->ie_asc == 0)
5971		return;
5972
5973	if (lun->MODE_IE.mrie == SIEP_MRIE_UA)
5974		ctl_est_ua_all(lun, -1, CTL_UA_IE);
5975	else
5976		lun->ie_reported = 0;
5977
5978	if (lun->ie_reportcnt < scsi_4btoul(lun->MODE_IE.report_count)) {
5979		lun->ie_reportcnt++;
5980		t = scsi_4btoul(lun->MODE_IE.interval_timer);
5981		if (t == 0 || t == UINT32_MAX)
5982			t = 3000;  /* 5 min */
5983		callout_schedule(&lun->ie_callout, t * hz / 10);
5984	}
5985}
5986
5987int
5988ctl_ie_page_handler(struct ctl_scsiio *ctsio,
5989			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5990{
5991	struct ctl_lun *lun = CTL_LUN(ctsio);
5992	struct scsi_info_exceptions_page *pg;
5993	uint64_t t;
5994
5995	(void)ctl_default_page_handler(ctsio, page_index, page_ptr);
5996
5997	pg = (struct scsi_info_exceptions_page *)page_ptr;
5998	mtx_lock(&lun->lun_lock);
5999	if (pg->info_flags & SIEP_FLAGS_TEST) {
6000		lun->ie_asc = 0x5d;
6001		lun->ie_ascq = 0xff;
6002		if (pg->mrie == SIEP_MRIE_UA) {
6003			ctl_est_ua_all(lun, -1, CTL_UA_IE);
6004			lun->ie_reported = 1;
6005		} else {
6006			ctl_clr_ua_all(lun, -1, CTL_UA_IE);
6007			lun->ie_reported = -1;
6008		}
6009		lun->ie_reportcnt = 1;
6010		if (lun->ie_reportcnt < scsi_4btoul(pg->report_count)) {
6011			lun->ie_reportcnt++;
6012			t = scsi_4btoul(pg->interval_timer);
6013			if (t == 0 || t == UINT32_MAX)
6014				t = 3000;  /* 5 min */
6015			callout_reset(&lun->ie_callout, t * hz / 10,
6016			    ctl_ie_timer, lun);
6017		}
6018	} else {
6019		lun->ie_asc = 0;
6020		lun->ie_ascq = 0;
6021		lun->ie_reported = 1;
6022		ctl_clr_ua_all(lun, -1, CTL_UA_IE);
6023		lun->ie_reportcnt = UINT32_MAX;
6024		callout_stop(&lun->ie_callout);
6025	}
6026	mtx_unlock(&lun->lun_lock);
6027	return (CTL_RETVAL_COMPLETE);
6028}
6029
6030static int
6031ctl_do_mode_select(union ctl_io *io)
6032{
6033	struct ctl_lun *lun = CTL_LUN(io);
6034	struct scsi_mode_page_header *page_header;
6035	struct ctl_page_index *page_index;
6036	struct ctl_scsiio *ctsio;
6037	int page_len, page_len_offset, page_len_size;
6038	union ctl_modepage_info *modepage_info;
6039	uint16_t *len_left, *len_used;
6040	int retval, i;
6041
6042	ctsio = &io->scsiio;
6043	page_index = NULL;
6044	page_len = 0;
6045
6046	modepage_info = (union ctl_modepage_info *)
6047		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6048	len_left = &modepage_info->header.len_left;
6049	len_used = &modepage_info->header.len_used;
6050
6051do_next_page:
6052
6053	page_header = (struct scsi_mode_page_header *)
6054		(ctsio->kern_data_ptr + *len_used);
6055
6056	if (*len_left == 0) {
6057		free(ctsio->kern_data_ptr, M_CTL);
6058		ctl_set_success(ctsio);
6059		ctl_done((union ctl_io *)ctsio);
6060		return (CTL_RETVAL_COMPLETE);
6061	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6062
6063		free(ctsio->kern_data_ptr, M_CTL);
6064		ctl_set_param_len_error(ctsio);
6065		ctl_done((union ctl_io *)ctsio);
6066		return (CTL_RETVAL_COMPLETE);
6067
6068	} else if ((page_header->page_code & SMPH_SPF)
6069		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6070
6071		free(ctsio->kern_data_ptr, M_CTL);
6072		ctl_set_param_len_error(ctsio);
6073		ctl_done((union ctl_io *)ctsio);
6074		return (CTL_RETVAL_COMPLETE);
6075	}
6076
6077
6078	/*
6079	 * XXX KDM should we do something with the block descriptor?
6080	 */
6081	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6082		page_index = &lun->mode_pages.index[i];
6083		if (lun->be_lun->lun_type == T_DIRECT &&
6084		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6085			continue;
6086		if (lun->be_lun->lun_type == T_PROCESSOR &&
6087		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6088			continue;
6089		if (lun->be_lun->lun_type == T_CDROM &&
6090		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6091			continue;
6092
6093		if ((page_index->page_code & SMPH_PC_MASK) !=
6094		    (page_header->page_code & SMPH_PC_MASK))
6095			continue;
6096
6097		/*
6098		 * If neither page has a subpage code, then we've got a
6099		 * match.
6100		 */
6101		if (((page_index->page_code & SMPH_SPF) == 0)
6102		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6103			page_len = page_header->page_length;
6104			break;
6105		}
6106
6107		/*
6108		 * If both pages have subpages, then the subpage numbers
6109		 * have to match.
6110		 */
6111		if ((page_index->page_code & SMPH_SPF)
6112		  && (page_header->page_code & SMPH_SPF)) {
6113			struct scsi_mode_page_header_sp *sph;
6114
6115			sph = (struct scsi_mode_page_header_sp *)page_header;
6116			if (page_index->subpage == sph->subpage) {
6117				page_len = scsi_2btoul(sph->page_length);
6118				break;
6119			}
6120		}
6121	}
6122
6123	/*
6124	 * If we couldn't find the page, or if we don't have a mode select
6125	 * handler for it, send back an error to the user.
6126	 */
6127	if ((i >= CTL_NUM_MODE_PAGES)
6128	 || (page_index->select_handler == NULL)) {
6129		ctl_set_invalid_field(ctsio,
6130				      /*sks_valid*/ 1,
6131				      /*command*/ 0,
6132				      /*field*/ *len_used,
6133				      /*bit_valid*/ 0,
6134				      /*bit*/ 0);
6135		free(ctsio->kern_data_ptr, M_CTL);
6136		ctl_done((union ctl_io *)ctsio);
6137		return (CTL_RETVAL_COMPLETE);
6138	}
6139
6140	if (page_index->page_code & SMPH_SPF) {
6141		page_len_offset = 2;
6142		page_len_size = 2;
6143	} else {
6144		page_len_size = 1;
6145		page_len_offset = 1;
6146	}
6147
6148	/*
6149	 * If the length the initiator gives us isn't the one we specify in
6150	 * the mode page header, or if they didn't specify enough data in
6151	 * the CDB to avoid truncating this page, kick out the request.
6152	 */
6153	if (page_len != page_index->page_len - page_len_offset - page_len_size) {
6154		ctl_set_invalid_field(ctsio,
6155				      /*sks_valid*/ 1,
6156				      /*command*/ 0,
6157				      /*field*/ *len_used + page_len_offset,
6158				      /*bit_valid*/ 0,
6159				      /*bit*/ 0);
6160		free(ctsio->kern_data_ptr, M_CTL);
6161		ctl_done((union ctl_io *)ctsio);
6162		return (CTL_RETVAL_COMPLETE);
6163	}
6164	if (*len_left < page_index->page_len) {
6165		free(ctsio->kern_data_ptr, M_CTL);
6166		ctl_set_param_len_error(ctsio);
6167		ctl_done((union ctl_io *)ctsio);
6168		return (CTL_RETVAL_COMPLETE);
6169	}
6170
6171	/*
6172	 * Run through the mode page, checking to make sure that the bits
6173	 * the user changed are actually legal for him to change.
6174	 */
6175	for (i = 0; i < page_index->page_len; i++) {
6176		uint8_t *user_byte, *change_mask, *current_byte;
6177		int bad_bit;
6178		int j;
6179
6180		user_byte = (uint8_t *)page_header + i;
6181		change_mask = page_index->page_data +
6182			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6183		current_byte = page_index->page_data +
6184			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6185
6186		/*
6187		 * Check to see whether the user set any bits in this byte
6188		 * that he is not allowed to set.
6189		 */
6190		if ((*user_byte & ~(*change_mask)) ==
6191		    (*current_byte & ~(*change_mask)))
6192			continue;
6193
6194		/*
6195		 * Go through bit by bit to determine which one is illegal.
6196		 */
6197		bad_bit = 0;
6198		for (j = 7; j >= 0; j--) {
6199			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6200			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6201				bad_bit = i;
6202				break;
6203			}
6204		}
6205		ctl_set_invalid_field(ctsio,
6206				      /*sks_valid*/ 1,
6207				      /*command*/ 0,
6208				      /*field*/ *len_used + i,
6209				      /*bit_valid*/ 1,
6210				      /*bit*/ bad_bit);
6211		free(ctsio->kern_data_ptr, M_CTL);
6212		ctl_done((union ctl_io *)ctsio);
6213		return (CTL_RETVAL_COMPLETE);
6214	}
6215
6216	/*
6217	 * Decrement these before we call the page handler, since we may
6218	 * end up getting called back one way or another before the handler
6219	 * returns to this context.
6220	 */
6221	*len_left -= page_index->page_len;
6222	*len_used += page_index->page_len;
6223
6224	retval = page_index->select_handler(ctsio, page_index,
6225					    (uint8_t *)page_header);
6226
6227	/*
6228	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6229	 * wait until this queued command completes to finish processing
6230	 * the mode page.  If it returns anything other than
6231	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6232	 * already set the sense information, freed the data pointer, and
6233	 * completed the io for us.
6234	 */
6235	if (retval != CTL_RETVAL_COMPLETE)
6236		goto bailout_no_done;
6237
6238	/*
6239	 * If the initiator sent us more than one page, parse the next one.
6240	 */
6241	if (*len_left > 0)
6242		goto do_next_page;
6243
6244	ctl_set_success(ctsio);
6245	free(ctsio->kern_data_ptr, M_CTL);
6246	ctl_done((union ctl_io *)ctsio);
6247
6248bailout_no_done:
6249
6250	return (CTL_RETVAL_COMPLETE);
6251
6252}
6253
6254int
6255ctl_mode_select(struct ctl_scsiio *ctsio)
6256{
6257	struct ctl_lun *lun = CTL_LUN(ctsio);
6258	union ctl_modepage_info *modepage_info;
6259	int bd_len, i, header_size, param_len, pf, rtd, sp;
6260	uint32_t initidx;
6261
6262	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6263	switch (ctsio->cdb[0]) {
6264	case MODE_SELECT_6: {
6265		struct scsi_mode_select_6 *cdb;
6266
6267		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6268
6269		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6270		rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
6271		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6272		param_len = cdb->length;
6273		header_size = sizeof(struct scsi_mode_header_6);
6274		break;
6275	}
6276	case MODE_SELECT_10: {
6277		struct scsi_mode_select_10 *cdb;
6278
6279		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6280
6281		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6282		rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
6283		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6284		param_len = scsi_2btoul(cdb->length);
6285		header_size = sizeof(struct scsi_mode_header_10);
6286		break;
6287	}
6288	default:
6289		ctl_set_invalid_opcode(ctsio);
6290		ctl_done((union ctl_io *)ctsio);
6291		return (CTL_RETVAL_COMPLETE);
6292	}
6293
6294	if (rtd) {
6295		if (param_len != 0) {
6296			ctl_set_invalid_field(ctsio, /*sks_valid*/ 0,
6297			    /*command*/ 1, /*field*/ 0,
6298			    /*bit_valid*/ 0, /*bit*/ 0);
6299			ctl_done((union ctl_io *)ctsio);
6300			return (CTL_RETVAL_COMPLETE);
6301		}
6302
6303		/* Revert to defaults. */
6304		ctl_init_page_index(lun);
6305		mtx_lock(&lun->lun_lock);
6306		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6307		mtx_unlock(&lun->lun_lock);
6308		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6309			ctl_isc_announce_mode(lun, -1,
6310			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
6311			    lun->mode_pages.index[i].subpage);
6312		}
6313		ctl_set_success(ctsio);
6314		ctl_done((union ctl_io *)ctsio);
6315		return (CTL_RETVAL_COMPLETE);
6316	}
6317
6318	/*
6319	 * From SPC-3:
6320	 * "A parameter list length of zero indicates that the Data-Out Buffer
6321	 * shall be empty. This condition shall not be considered as an error."
6322	 */
6323	if (param_len == 0) {
6324		ctl_set_success(ctsio);
6325		ctl_done((union ctl_io *)ctsio);
6326		return (CTL_RETVAL_COMPLETE);
6327	}
6328
6329	/*
6330	 * Since we'll hit this the first time through, prior to
6331	 * allocation, we don't need to free a data buffer here.
6332	 */
6333	if (param_len < header_size) {
6334		ctl_set_param_len_error(ctsio);
6335		ctl_done((union ctl_io *)ctsio);
6336		return (CTL_RETVAL_COMPLETE);
6337	}
6338
6339	/*
6340	 * Allocate the data buffer and grab the user's data.  In theory,
6341	 * we shouldn't have to sanity check the parameter list length here
6342	 * because the maximum size is 64K.  We should be able to malloc
6343	 * that much without too many problems.
6344	 */
6345	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6346		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6347		ctsio->kern_data_len = param_len;
6348		ctsio->kern_total_len = param_len;
6349		ctsio->kern_rel_offset = 0;
6350		ctsio->kern_sg_entries = 0;
6351		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6352		ctsio->be_move_done = ctl_config_move_done;
6353		ctl_datamove((union ctl_io *)ctsio);
6354
6355		return (CTL_RETVAL_COMPLETE);
6356	}
6357
6358	switch (ctsio->cdb[0]) {
6359	case MODE_SELECT_6: {
6360		struct scsi_mode_header_6 *mh6;
6361
6362		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6363		bd_len = mh6->blk_desc_len;
6364		break;
6365	}
6366	case MODE_SELECT_10: {
6367		struct scsi_mode_header_10 *mh10;
6368
6369		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6370		bd_len = scsi_2btoul(mh10->blk_desc_len);
6371		break;
6372	}
6373	default:
6374		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6375	}
6376
6377	if (param_len < (header_size + bd_len)) {
6378		free(ctsio->kern_data_ptr, M_CTL);
6379		ctl_set_param_len_error(ctsio);
6380		ctl_done((union ctl_io *)ctsio);
6381		return (CTL_RETVAL_COMPLETE);
6382	}
6383
6384	/*
6385	 * Set the IO_CONT flag, so that if this I/O gets passed to
6386	 * ctl_config_write_done(), it'll get passed back to
6387	 * ctl_do_mode_select() for further processing, or completion if
6388	 * we're all done.
6389	 */
6390	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6391	ctsio->io_cont = ctl_do_mode_select;
6392
6393	modepage_info = (union ctl_modepage_info *)
6394		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6395	memset(modepage_info, 0, sizeof(*modepage_info));
6396	modepage_info->header.len_left = param_len - header_size - bd_len;
6397	modepage_info->header.len_used = header_size + bd_len;
6398
6399	return (ctl_do_mode_select((union ctl_io *)ctsio));
6400}
6401
6402int
6403ctl_mode_sense(struct ctl_scsiio *ctsio)
6404{
6405	struct ctl_lun *lun = CTL_LUN(ctsio);
6406	int pc, page_code, dbd, llba, subpage;
6407	int alloc_len, page_len, header_len, total_len;
6408	struct scsi_mode_block_descr *block_desc;
6409	struct ctl_page_index *page_index;
6410
6411	dbd = 0;
6412	llba = 0;
6413	block_desc = NULL;
6414
6415	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6416
6417	switch (ctsio->cdb[0]) {
6418	case MODE_SENSE_6: {
6419		struct scsi_mode_sense_6 *cdb;
6420
6421		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6422
6423		header_len = sizeof(struct scsi_mode_hdr_6);
6424		if (cdb->byte2 & SMS_DBD)
6425			dbd = 1;
6426		else
6427			header_len += sizeof(struct scsi_mode_block_descr);
6428
6429		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6430		page_code = cdb->page & SMS_PAGE_CODE;
6431		subpage = cdb->subpage;
6432		alloc_len = cdb->length;
6433		break;
6434	}
6435	case MODE_SENSE_10: {
6436		struct scsi_mode_sense_10 *cdb;
6437
6438		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6439
6440		header_len = sizeof(struct scsi_mode_hdr_10);
6441
6442		if (cdb->byte2 & SMS_DBD)
6443			dbd = 1;
6444		else
6445			header_len += sizeof(struct scsi_mode_block_descr);
6446		if (cdb->byte2 & SMS10_LLBAA)
6447			llba = 1;
6448		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6449		page_code = cdb->page & SMS_PAGE_CODE;
6450		subpage = cdb->subpage;
6451		alloc_len = scsi_2btoul(cdb->length);
6452		break;
6453	}
6454	default:
6455		ctl_set_invalid_opcode(ctsio);
6456		ctl_done((union ctl_io *)ctsio);
6457		return (CTL_RETVAL_COMPLETE);
6458		break; /* NOTREACHED */
6459	}
6460
6461	/*
6462	 * We have to make a first pass through to calculate the size of
6463	 * the pages that match the user's query.  Then we allocate enough
6464	 * memory to hold it, and actually copy the data into the buffer.
6465	 */
6466	switch (page_code) {
6467	case SMS_ALL_PAGES_PAGE: {
6468		u_int i;
6469
6470		page_len = 0;
6471
6472		/*
6473		 * At the moment, values other than 0 and 0xff here are
6474		 * reserved according to SPC-3.
6475		 */
6476		if ((subpage != SMS_SUBPAGE_PAGE_0)
6477		 && (subpage != SMS_SUBPAGE_ALL)) {
6478			ctl_set_invalid_field(ctsio,
6479					      /*sks_valid*/ 1,
6480					      /*command*/ 1,
6481					      /*field*/ 3,
6482					      /*bit_valid*/ 0,
6483					      /*bit*/ 0);
6484			ctl_done((union ctl_io *)ctsio);
6485			return (CTL_RETVAL_COMPLETE);
6486		}
6487
6488		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6489			page_index = &lun->mode_pages.index[i];
6490
6491			/* Make sure the page is supported for this dev type */
6492			if (lun->be_lun->lun_type == T_DIRECT &&
6493			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6494				continue;
6495			if (lun->be_lun->lun_type == T_PROCESSOR &&
6496			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6497				continue;
6498			if (lun->be_lun->lun_type == T_CDROM &&
6499			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6500				continue;
6501
6502			/*
6503			 * We don't use this subpage if the user didn't
6504			 * request all subpages.
6505			 */
6506			if ((page_index->subpage != 0)
6507			 && (subpage == SMS_SUBPAGE_PAGE_0))
6508				continue;
6509
6510#if 0
6511			printf("found page %#x len %d\n",
6512			       page_index->page_code & SMPH_PC_MASK,
6513			       page_index->page_len);
6514#endif
6515			page_len += page_index->page_len;
6516		}
6517		break;
6518	}
6519	default: {
6520		u_int i;
6521
6522		page_len = 0;
6523
6524		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6525			page_index = &lun->mode_pages.index[i];
6526
6527			/* Make sure the page is supported for this dev type */
6528			if (lun->be_lun->lun_type == T_DIRECT &&
6529			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6530				continue;
6531			if (lun->be_lun->lun_type == T_PROCESSOR &&
6532			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6533				continue;
6534			if (lun->be_lun->lun_type == T_CDROM &&
6535			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6536				continue;
6537
6538			/* Look for the right page code */
6539			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6540				continue;
6541
6542			/* Look for the right subpage or the subpage wildcard*/
6543			if ((page_index->subpage != subpage)
6544			 && (subpage != SMS_SUBPAGE_ALL))
6545				continue;
6546
6547#if 0
6548			printf("found page %#x len %d\n",
6549			       page_index->page_code & SMPH_PC_MASK,
6550			       page_index->page_len);
6551#endif
6552
6553			page_len += page_index->page_len;
6554		}
6555
6556		if (page_len == 0) {
6557			ctl_set_invalid_field(ctsio,
6558					      /*sks_valid*/ 1,
6559					      /*command*/ 1,
6560					      /*field*/ 2,
6561					      /*bit_valid*/ 1,
6562					      /*bit*/ 5);
6563			ctl_done((union ctl_io *)ctsio);
6564			return (CTL_RETVAL_COMPLETE);
6565		}
6566		break;
6567	}
6568	}
6569
6570	total_len = header_len + page_len;
6571#if 0
6572	printf("header_len = %d, page_len = %d, total_len = %d\n",
6573	       header_len, page_len, total_len);
6574#endif
6575
6576	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6577	ctsio->kern_sg_entries = 0;
6578	ctsio->kern_rel_offset = 0;
6579	ctsio->kern_data_len = min(total_len, alloc_len);
6580	ctsio->kern_total_len = ctsio->kern_data_len;
6581
6582	switch (ctsio->cdb[0]) {
6583	case MODE_SENSE_6: {
6584		struct scsi_mode_hdr_6 *header;
6585
6586		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6587
6588		header->datalen = MIN(total_len - 1, 254);
6589		if (lun->be_lun->lun_type == T_DIRECT) {
6590			header->dev_specific = 0x10; /* DPOFUA */
6591			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6592			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6593				header->dev_specific |= 0x80; /* WP */
6594		}
6595		if (dbd)
6596			header->block_descr_len = 0;
6597		else
6598			header->block_descr_len =
6599				sizeof(struct scsi_mode_block_descr);
6600		block_desc = (struct scsi_mode_block_descr *)&header[1];
6601		break;
6602	}
6603	case MODE_SENSE_10: {
6604		struct scsi_mode_hdr_10 *header;
6605		int datalen;
6606
6607		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6608
6609		datalen = MIN(total_len - 2, 65533);
6610		scsi_ulto2b(datalen, header->datalen);
6611		if (lun->be_lun->lun_type == T_DIRECT) {
6612			header->dev_specific = 0x10; /* DPOFUA */
6613			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6614			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6615				header->dev_specific |= 0x80; /* WP */
6616		}
6617		if (dbd)
6618			scsi_ulto2b(0, header->block_descr_len);
6619		else
6620			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6621				    header->block_descr_len);
6622		block_desc = (struct scsi_mode_block_descr *)&header[1];
6623		break;
6624	}
6625	default:
6626		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6627	}
6628
6629	/*
6630	 * If we've got a disk, use its blocksize in the block
6631	 * descriptor.  Otherwise, just set it to 0.
6632	 */
6633	if (dbd == 0) {
6634		if (lun->be_lun->lun_type == T_DIRECT)
6635			scsi_ulto3b(lun->be_lun->blocksize,
6636				    block_desc->block_len);
6637		else
6638			scsi_ulto3b(0, block_desc->block_len);
6639	}
6640
6641	switch (page_code) {
6642	case SMS_ALL_PAGES_PAGE: {
6643		int i, data_used;
6644
6645		data_used = header_len;
6646		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6647			struct ctl_page_index *page_index;
6648
6649			page_index = &lun->mode_pages.index[i];
6650			if (lun->be_lun->lun_type == T_DIRECT &&
6651			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6652				continue;
6653			if (lun->be_lun->lun_type == T_PROCESSOR &&
6654			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6655				continue;
6656			if (lun->be_lun->lun_type == T_CDROM &&
6657			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6658				continue;
6659
6660			/*
6661			 * We don't use this subpage if the user didn't
6662			 * request all subpages.  We already checked (above)
6663			 * to make sure the user only specified a subpage
6664			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6665			 */
6666			if ((page_index->subpage != 0)
6667			 && (subpage == SMS_SUBPAGE_PAGE_0))
6668				continue;
6669
6670			/*
6671			 * Call the handler, if it exists, to update the
6672			 * page to the latest values.
6673			 */
6674			if (page_index->sense_handler != NULL)
6675				page_index->sense_handler(ctsio, page_index,pc);
6676
6677			memcpy(ctsio->kern_data_ptr + data_used,
6678			       page_index->page_data +
6679			       (page_index->page_len * pc),
6680			       page_index->page_len);
6681			data_used += page_index->page_len;
6682		}
6683		break;
6684	}
6685	default: {
6686		int i, data_used;
6687
6688		data_used = header_len;
6689
6690		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6691			struct ctl_page_index *page_index;
6692
6693			page_index = &lun->mode_pages.index[i];
6694
6695			/* Look for the right page code */
6696			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6697				continue;
6698
6699			/* Look for the right subpage or the subpage wildcard*/
6700			if ((page_index->subpage != subpage)
6701			 && (subpage != SMS_SUBPAGE_ALL))
6702				continue;
6703
6704			/* Make sure the page is supported for this dev type */
6705			if (lun->be_lun->lun_type == T_DIRECT &&
6706			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6707				continue;
6708			if (lun->be_lun->lun_type == T_PROCESSOR &&
6709			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6710				continue;
6711			if (lun->be_lun->lun_type == T_CDROM &&
6712			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6713				continue;
6714
6715			/*
6716			 * Call the handler, if it exists, to update the
6717			 * page to the latest values.
6718			 */
6719			if (page_index->sense_handler != NULL)
6720				page_index->sense_handler(ctsio, page_index,pc);
6721
6722			memcpy(ctsio->kern_data_ptr + data_used,
6723			       page_index->page_data +
6724			       (page_index->page_len * pc),
6725			       page_index->page_len);
6726			data_used += page_index->page_len;
6727		}
6728		break;
6729	}
6730	}
6731
6732	ctl_set_success(ctsio);
6733	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6734	ctsio->be_move_done = ctl_config_move_done;
6735	ctl_datamove((union ctl_io *)ctsio);
6736	return (CTL_RETVAL_COMPLETE);
6737}
6738
6739int
6740ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6741			       struct ctl_page_index *page_index,
6742			       int pc)
6743{
6744	struct ctl_lun *lun = CTL_LUN(ctsio);
6745	struct scsi_log_param_header *phdr;
6746	uint8_t *data;
6747	uint64_t val;
6748
6749	data = page_index->page_data;
6750
6751	if (lun->backend->lun_attr != NULL &&
6752	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6753	     != UINT64_MAX) {
6754		phdr = (struct scsi_log_param_header *)data;
6755		scsi_ulto2b(0x0001, phdr->param_code);
6756		phdr->param_control = SLP_LBIN | SLP_LP;
6757		phdr->param_len = 8;
6758		data = (uint8_t *)(phdr + 1);
6759		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6760		data[4] = 0x02; /* per-pool */
6761		data += phdr->param_len;
6762	}
6763
6764	if (lun->backend->lun_attr != NULL &&
6765	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6766	     != UINT64_MAX) {
6767		phdr = (struct scsi_log_param_header *)data;
6768		scsi_ulto2b(0x0002, phdr->param_code);
6769		phdr->param_control = SLP_LBIN | SLP_LP;
6770		phdr->param_len = 8;
6771		data = (uint8_t *)(phdr + 1);
6772		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6773		data[4] = 0x01; /* per-LUN */
6774		data += phdr->param_len;
6775	}
6776
6777	if (lun->backend->lun_attr != NULL &&
6778	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6779	     != UINT64_MAX) {
6780		phdr = (struct scsi_log_param_header *)data;
6781		scsi_ulto2b(0x00f1, phdr->param_code);
6782		phdr->param_control = SLP_LBIN | SLP_LP;
6783		phdr->param_len = 8;
6784		data = (uint8_t *)(phdr + 1);
6785		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6786		data[4] = 0x02; /* per-pool */
6787		data += phdr->param_len;
6788	}
6789
6790	if (lun->backend->lun_attr != NULL &&
6791	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6792	     != UINT64_MAX) {
6793		phdr = (struct scsi_log_param_header *)data;
6794		scsi_ulto2b(0x00f2, phdr->param_code);
6795		phdr->param_control = SLP_LBIN | SLP_LP;
6796		phdr->param_len = 8;
6797		data = (uint8_t *)(phdr + 1);
6798		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6799		data[4] = 0x02; /* per-pool */
6800		data += phdr->param_len;
6801	}
6802
6803	page_index->page_len = data - page_index->page_data;
6804	return (0);
6805}
6806
6807int
6808ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6809			       struct ctl_page_index *page_index,
6810			       int pc)
6811{
6812	struct ctl_lun *lun = CTL_LUN(ctsio);
6813	struct stat_page *data;
6814	struct bintime *t;
6815
6816	data = (struct stat_page *)page_index->page_data;
6817
6818	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6819	data->sap.hdr.param_control = SLP_LBIN;
6820	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6821	    sizeof(struct scsi_log_param_header);
6822	scsi_u64to8b(lun->stats.operations[CTL_STATS_READ],
6823	    data->sap.read_num);
6824	scsi_u64to8b(lun->stats.operations[CTL_STATS_WRITE],
6825	    data->sap.write_num);
6826	if (lun->be_lun->blocksize > 0) {
6827		scsi_u64to8b(lun->stats.bytes[CTL_STATS_WRITE] /
6828		    lun->be_lun->blocksize, data->sap.recvieved_lba);
6829		scsi_u64to8b(lun->stats.bytes[CTL_STATS_READ] /
6830		    lun->be_lun->blocksize, data->sap.transmitted_lba);
6831	}
6832	t = &lun->stats.time[CTL_STATS_READ];
6833	scsi_u64to8b((uint64_t)t->sec * 1000 + t->frac / (UINT64_MAX / 1000),
6834	    data->sap.read_int);
6835	t = &lun->stats.time[CTL_STATS_WRITE];
6836	scsi_u64to8b((uint64_t)t->sec * 1000 + t->frac / (UINT64_MAX / 1000),
6837	    data->sap.write_int);
6838	scsi_u64to8b(0, data->sap.weighted_num);
6839	scsi_u64to8b(0, data->sap.weighted_int);
6840	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6841	data->it.hdr.param_control = SLP_LBIN;
6842	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6843	    sizeof(struct scsi_log_param_header);
6844#ifdef CTL_TIME_IO
6845	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6846#endif
6847	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6848	data->it.hdr.param_control = SLP_LBIN;
6849	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6850	    sizeof(struct scsi_log_param_header);
6851	scsi_ulto4b(3, data->ti.exponent);
6852	scsi_ulto4b(1, data->ti.integer);
6853	return (0);
6854}
6855
6856int
6857ctl_ie_log_sense_handler(struct ctl_scsiio *ctsio,
6858			       struct ctl_page_index *page_index,
6859			       int pc)
6860{
6861	struct ctl_lun *lun = CTL_LUN(ctsio);
6862	struct scsi_log_informational_exceptions *data;
6863
6864	data = (struct scsi_log_informational_exceptions *)page_index->page_data;
6865
6866	scsi_ulto2b(SLP_IE_GEN, data->hdr.param_code);
6867	data->hdr.param_control = SLP_LBIN;
6868	data->hdr.param_len = sizeof(struct scsi_log_informational_exceptions) -
6869	    sizeof(struct scsi_log_param_header);
6870	data->ie_asc = lun->ie_asc;
6871	data->ie_ascq = lun->ie_ascq;
6872	data->temperature = 0xff;
6873	return (0);
6874}
6875
6876int
6877ctl_log_sense(struct ctl_scsiio *ctsio)
6878{
6879	struct ctl_lun *lun = CTL_LUN(ctsio);
6880	int i, pc, page_code, subpage;
6881	int alloc_len, total_len;
6882	struct ctl_page_index *page_index;
6883	struct scsi_log_sense *cdb;
6884	struct scsi_log_header *header;
6885
6886	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6887
6888	cdb = (struct scsi_log_sense *)ctsio->cdb;
6889	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6890	page_code = cdb->page & SLS_PAGE_CODE;
6891	subpage = cdb->subpage;
6892	alloc_len = scsi_2btoul(cdb->length);
6893
6894	page_index = NULL;
6895	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6896		page_index = &lun->log_pages.index[i];
6897
6898		/* Look for the right page code */
6899		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6900			continue;
6901
6902		/* Look for the right subpage or the subpage wildcard*/
6903		if (page_index->subpage != subpage)
6904			continue;
6905
6906		break;
6907	}
6908	if (i >= CTL_NUM_LOG_PAGES) {
6909		ctl_set_invalid_field(ctsio,
6910				      /*sks_valid*/ 1,
6911				      /*command*/ 1,
6912				      /*field*/ 2,
6913				      /*bit_valid*/ 0,
6914				      /*bit*/ 0);
6915		ctl_done((union ctl_io *)ctsio);
6916		return (CTL_RETVAL_COMPLETE);
6917	}
6918
6919	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6920
6921	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6922	ctsio->kern_sg_entries = 0;
6923	ctsio->kern_rel_offset = 0;
6924	ctsio->kern_data_len = min(total_len, alloc_len);
6925	ctsio->kern_total_len = ctsio->kern_data_len;
6926
6927	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6928	header->page = page_index->page_code;
6929	if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING)
6930		header->page |= SL_DS;
6931	if (page_index->subpage) {
6932		header->page |= SL_SPF;
6933		header->subpage = page_index->subpage;
6934	}
6935	scsi_ulto2b(page_index->page_len, header->datalen);
6936
6937	/*
6938	 * Call the handler, if it exists, to update the
6939	 * page to the latest values.
6940	 */
6941	if (page_index->sense_handler != NULL)
6942		page_index->sense_handler(ctsio, page_index, pc);
6943
6944	memcpy(header + 1, page_index->page_data, page_index->page_len);
6945
6946	ctl_set_success(ctsio);
6947	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6948	ctsio->be_move_done = ctl_config_move_done;
6949	ctl_datamove((union ctl_io *)ctsio);
6950	return (CTL_RETVAL_COMPLETE);
6951}
6952
6953int
6954ctl_read_capacity(struct ctl_scsiio *ctsio)
6955{
6956	struct ctl_lun *lun = CTL_LUN(ctsio);
6957	struct scsi_read_capacity *cdb;
6958	struct scsi_read_capacity_data *data;
6959	uint32_t lba;
6960
6961	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6962
6963	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6964
6965	lba = scsi_4btoul(cdb->addr);
6966	if (((cdb->pmi & SRC_PMI) == 0)
6967	 && (lba != 0)) {
6968		ctl_set_invalid_field(/*ctsio*/ ctsio,
6969				      /*sks_valid*/ 1,
6970				      /*command*/ 1,
6971				      /*field*/ 2,
6972				      /*bit_valid*/ 0,
6973				      /*bit*/ 0);
6974		ctl_done((union ctl_io *)ctsio);
6975		return (CTL_RETVAL_COMPLETE);
6976	}
6977
6978	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6979	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6980	ctsio->kern_data_len = sizeof(*data);
6981	ctsio->kern_total_len = sizeof(*data);
6982	ctsio->kern_rel_offset = 0;
6983	ctsio->kern_sg_entries = 0;
6984
6985	/*
6986	 * If the maximum LBA is greater than 0xfffffffe, the user must
6987	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6988	 * serivce action set.
6989	 */
6990	if (lun->be_lun->maxlba > 0xfffffffe)
6991		scsi_ulto4b(0xffffffff, data->addr);
6992	else
6993		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6994
6995	/*
6996	 * XXX KDM this may not be 512 bytes...
6997	 */
6998	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6999
7000	ctl_set_success(ctsio);
7001	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7002	ctsio->be_move_done = ctl_config_move_done;
7003	ctl_datamove((union ctl_io *)ctsio);
7004	return (CTL_RETVAL_COMPLETE);
7005}
7006
7007int
7008ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7009{
7010	struct ctl_lun *lun = CTL_LUN(ctsio);
7011	struct scsi_read_capacity_16 *cdb;
7012	struct scsi_read_capacity_data_long *data;
7013	uint64_t lba;
7014	uint32_t alloc_len;
7015
7016	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7017
7018	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7019
7020	alloc_len = scsi_4btoul(cdb->alloc_len);
7021	lba = scsi_8btou64(cdb->addr);
7022
7023	if ((cdb->reladr & SRC16_PMI)
7024	 && (lba != 0)) {
7025		ctl_set_invalid_field(/*ctsio*/ ctsio,
7026				      /*sks_valid*/ 1,
7027				      /*command*/ 1,
7028				      /*field*/ 2,
7029				      /*bit_valid*/ 0,
7030				      /*bit*/ 0);
7031		ctl_done((union ctl_io *)ctsio);
7032		return (CTL_RETVAL_COMPLETE);
7033	}
7034
7035	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7036	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7037	ctsio->kern_rel_offset = 0;
7038	ctsio->kern_sg_entries = 0;
7039	ctsio->kern_data_len = min(sizeof(*data), alloc_len);
7040	ctsio->kern_total_len = ctsio->kern_data_len;
7041
7042	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7043	/* XXX KDM this may not be 512 bytes... */
7044	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7045	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7046	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7047	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7048		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7049
7050	ctl_set_success(ctsio);
7051	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7052	ctsio->be_move_done = ctl_config_move_done;
7053	ctl_datamove((union ctl_io *)ctsio);
7054	return (CTL_RETVAL_COMPLETE);
7055}
7056
7057int
7058ctl_get_lba_status(struct ctl_scsiio *ctsio)
7059{
7060	struct ctl_lun *lun = CTL_LUN(ctsio);
7061	struct scsi_get_lba_status *cdb;
7062	struct scsi_get_lba_status_data *data;
7063	struct ctl_lba_len_flags *lbalen;
7064	uint64_t lba;
7065	uint32_t alloc_len, total_len;
7066	int retval;
7067
7068	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7069
7070	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7071	lba = scsi_8btou64(cdb->addr);
7072	alloc_len = scsi_4btoul(cdb->alloc_len);
7073
7074	if (lba > lun->be_lun->maxlba) {
7075		ctl_set_lba_out_of_range(ctsio, lba);
7076		ctl_done((union ctl_io *)ctsio);
7077		return (CTL_RETVAL_COMPLETE);
7078	}
7079
7080	total_len = sizeof(*data) + sizeof(data->descr[0]);
7081	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7082	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7083	ctsio->kern_rel_offset = 0;
7084	ctsio->kern_sg_entries = 0;
7085	ctsio->kern_data_len = min(total_len, alloc_len);
7086	ctsio->kern_total_len = ctsio->kern_data_len;
7087
7088	/* Fill dummy data in case backend can't tell anything. */
7089	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7090	scsi_u64to8b(lba, data->descr[0].addr);
7091	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7092	    data->descr[0].length);
7093	data->descr[0].status = 0; /* Mapped or unknown. */
7094
7095	ctl_set_success(ctsio);
7096	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7097	ctsio->be_move_done = ctl_config_move_done;
7098
7099	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7100	lbalen->lba = lba;
7101	lbalen->len = total_len;
7102	lbalen->flags = 0;
7103	retval = lun->backend->config_read((union ctl_io *)ctsio);
7104	return (retval);
7105}
7106
7107int
7108ctl_read_defect(struct ctl_scsiio *ctsio)
7109{
7110	struct scsi_read_defect_data_10 *ccb10;
7111	struct scsi_read_defect_data_12 *ccb12;
7112	struct scsi_read_defect_data_hdr_10 *data10;
7113	struct scsi_read_defect_data_hdr_12 *data12;
7114	uint32_t alloc_len, data_len;
7115	uint8_t format;
7116
7117	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7118
7119	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7120		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7121		format = ccb10->format;
7122		alloc_len = scsi_2btoul(ccb10->alloc_length);
7123		data_len = sizeof(*data10);
7124	} else {
7125		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7126		format = ccb12->format;
7127		alloc_len = scsi_4btoul(ccb12->alloc_length);
7128		data_len = sizeof(*data12);
7129	}
7130	if (alloc_len == 0) {
7131		ctl_set_success(ctsio);
7132		ctl_done((union ctl_io *)ctsio);
7133		return (CTL_RETVAL_COMPLETE);
7134	}
7135
7136	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7137	ctsio->kern_rel_offset = 0;
7138	ctsio->kern_sg_entries = 0;
7139	ctsio->kern_data_len = min(data_len, alloc_len);
7140	ctsio->kern_total_len = ctsio->kern_data_len;
7141
7142	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7143		data10 = (struct scsi_read_defect_data_hdr_10 *)
7144		    ctsio->kern_data_ptr;
7145		data10->format = format;
7146		scsi_ulto2b(0, data10->length);
7147	} else {
7148		data12 = (struct scsi_read_defect_data_hdr_12 *)
7149		    ctsio->kern_data_ptr;
7150		data12->format = format;
7151		scsi_ulto2b(0, data12->generation);
7152		scsi_ulto4b(0, data12->length);
7153	}
7154
7155	ctl_set_success(ctsio);
7156	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7157	ctsio->be_move_done = ctl_config_move_done;
7158	ctl_datamove((union ctl_io *)ctsio);
7159	return (CTL_RETVAL_COMPLETE);
7160}
7161
7162int
7163ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7164{
7165	struct ctl_softc *softc = CTL_SOFTC(ctsio);
7166	struct ctl_lun *lun = CTL_LUN(ctsio);
7167	struct scsi_maintenance_in *cdb;
7168	int retval;
7169	int alloc_len, ext, total_len = 0, g, pc, pg, ts, os;
7170	int num_ha_groups, num_target_ports, shared_group;
7171	struct ctl_port *port;
7172	struct scsi_target_group_data *rtg_ptr;
7173	struct scsi_target_group_data_extended *rtg_ext_ptr;
7174	struct scsi_target_port_group_descriptor *tpg_desc;
7175
7176	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7177
7178	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7179	retval = CTL_RETVAL_COMPLETE;
7180
7181	switch (cdb->byte2 & STG_PDF_MASK) {
7182	case STG_PDF_LENGTH:
7183		ext = 0;
7184		break;
7185	case STG_PDF_EXTENDED:
7186		ext = 1;
7187		break;
7188	default:
7189		ctl_set_invalid_field(/*ctsio*/ ctsio,
7190				      /*sks_valid*/ 1,
7191				      /*command*/ 1,
7192				      /*field*/ 2,
7193				      /*bit_valid*/ 1,
7194				      /*bit*/ 5);
7195		ctl_done((union ctl_io *)ctsio);
7196		return(retval);
7197	}
7198
7199	num_target_ports = 0;
7200	shared_group = (softc->is_single != 0);
7201	mtx_lock(&softc->ctl_lock);
7202	STAILQ_FOREACH(port, &softc->port_list, links) {
7203		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7204			continue;
7205		if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7206			continue;
7207		num_target_ports++;
7208		if (port->status & CTL_PORT_STATUS_HA_SHARED)
7209			shared_group = 1;
7210	}
7211	mtx_unlock(&softc->ctl_lock);
7212	num_ha_groups = (softc->is_single) ? 0 : NUM_HA_SHELVES;
7213
7214	if (ext)
7215		total_len = sizeof(struct scsi_target_group_data_extended);
7216	else
7217		total_len = sizeof(struct scsi_target_group_data);
7218	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7219		(shared_group + num_ha_groups) +
7220	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7221
7222	alloc_len = scsi_4btoul(cdb->length);
7223
7224	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7225	ctsio->kern_sg_entries = 0;
7226	ctsio->kern_rel_offset = 0;
7227	ctsio->kern_data_len = min(total_len, alloc_len);
7228	ctsio->kern_total_len = ctsio->kern_data_len;
7229
7230	if (ext) {
7231		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7232		    ctsio->kern_data_ptr;
7233		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7234		rtg_ext_ptr->format_type = 0x10;
7235		rtg_ext_ptr->implicit_transition_time = 0;
7236		tpg_desc = &rtg_ext_ptr->groups[0];
7237	} else {
7238		rtg_ptr = (struct scsi_target_group_data *)
7239		    ctsio->kern_data_ptr;
7240		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7241		tpg_desc = &rtg_ptr->groups[0];
7242	}
7243
7244	mtx_lock(&softc->ctl_lock);
7245	pg = softc->port_min / softc->port_cnt;
7246	if (lun->flags & (CTL_LUN_PRIMARY_SC | CTL_LUN_PEER_SC_PRIMARY)) {
7247		/* Some shelf is known to be primary. */
7248		if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7249			os = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7250		else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7251			os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7252		else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7253			os = TPG_ASYMMETRIC_ACCESS_STANDBY;
7254		else
7255			os = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7256		if (lun->flags & CTL_LUN_PRIMARY_SC) {
7257			ts = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7258		} else {
7259			ts = os;
7260			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7261		}
7262	} else {
7263		/* No known primary shelf. */
7264		if (softc->ha_link == CTL_HA_LINK_OFFLINE) {
7265			ts = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7266			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7267		} else if (softc->ha_link == CTL_HA_LINK_UNKNOWN) {
7268			ts = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7269			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7270		} else {
7271			ts = os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7272		}
7273	}
7274	if (shared_group) {
7275		tpg_desc->pref_state = ts;
7276		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7277		    TPG_U_SUP | TPG_T_SUP;
7278		scsi_ulto2b(1, tpg_desc->target_port_group);
7279		tpg_desc->status = TPG_IMPLICIT;
7280		pc = 0;
7281		STAILQ_FOREACH(port, &softc->port_list, links) {
7282			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7283				continue;
7284			if (!softc->is_single &&
7285			    (port->status & CTL_PORT_STATUS_HA_SHARED) == 0)
7286				continue;
7287			if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7288				continue;
7289			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7290			    relative_target_port_identifier);
7291			pc++;
7292		}
7293		tpg_desc->target_port_count = pc;
7294		tpg_desc = (struct scsi_target_port_group_descriptor *)
7295		    &tpg_desc->descriptors[pc];
7296	}
7297	for (g = 0; g < num_ha_groups; g++) {
7298		tpg_desc->pref_state = (g == pg) ? ts : os;
7299		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7300		    TPG_U_SUP | TPG_T_SUP;
7301		scsi_ulto2b(2 + g, tpg_desc->target_port_group);
7302		tpg_desc->status = TPG_IMPLICIT;
7303		pc = 0;
7304		STAILQ_FOREACH(port, &softc->port_list, links) {
7305			if (port->targ_port < g * softc->port_cnt ||
7306			    port->targ_port >= (g + 1) * softc->port_cnt)
7307				continue;
7308			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7309				continue;
7310			if (port->status & CTL_PORT_STATUS_HA_SHARED)
7311				continue;
7312			if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7313				continue;
7314			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7315			    relative_target_port_identifier);
7316			pc++;
7317		}
7318		tpg_desc->target_port_count = pc;
7319		tpg_desc = (struct scsi_target_port_group_descriptor *)
7320		    &tpg_desc->descriptors[pc];
7321	}
7322	mtx_unlock(&softc->ctl_lock);
7323
7324	ctl_set_success(ctsio);
7325	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7326	ctsio->be_move_done = ctl_config_move_done;
7327	ctl_datamove((union ctl_io *)ctsio);
7328	return(retval);
7329}
7330
7331int
7332ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7333{
7334	struct ctl_lun *lun = CTL_LUN(ctsio);
7335	struct scsi_report_supported_opcodes *cdb;
7336	const struct ctl_cmd_entry *entry, *sentry;
7337	struct scsi_report_supported_opcodes_all *all;
7338	struct scsi_report_supported_opcodes_descr *descr;
7339	struct scsi_report_supported_opcodes_one *one;
7340	int retval;
7341	int alloc_len, total_len;
7342	int opcode, service_action, i, j, num;
7343
7344	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7345
7346	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7347	retval = CTL_RETVAL_COMPLETE;
7348
7349	opcode = cdb->requested_opcode;
7350	service_action = scsi_2btoul(cdb->requested_service_action);
7351	switch (cdb->options & RSO_OPTIONS_MASK) {
7352	case RSO_OPTIONS_ALL:
7353		num = 0;
7354		for (i = 0; i < 256; i++) {
7355			entry = &ctl_cmd_table[i];
7356			if (entry->flags & CTL_CMD_FLAG_SA5) {
7357				for (j = 0; j < 32; j++) {
7358					sentry = &((const struct ctl_cmd_entry *)
7359					    entry->execute)[j];
7360					if (ctl_cmd_applicable(
7361					    lun->be_lun->lun_type, sentry))
7362						num++;
7363				}
7364			} else {
7365				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7366				    entry))
7367					num++;
7368			}
7369		}
7370		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7371		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7372		break;
7373	case RSO_OPTIONS_OC:
7374		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7375			ctl_set_invalid_field(/*ctsio*/ ctsio,
7376					      /*sks_valid*/ 1,
7377					      /*command*/ 1,
7378					      /*field*/ 2,
7379					      /*bit_valid*/ 1,
7380					      /*bit*/ 2);
7381			ctl_done((union ctl_io *)ctsio);
7382			return (CTL_RETVAL_COMPLETE);
7383		}
7384		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7385		break;
7386	case RSO_OPTIONS_OC_SA:
7387		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7388		    service_action >= 32) {
7389			ctl_set_invalid_field(/*ctsio*/ ctsio,
7390					      /*sks_valid*/ 1,
7391					      /*command*/ 1,
7392					      /*field*/ 2,
7393					      /*bit_valid*/ 1,
7394					      /*bit*/ 2);
7395			ctl_done((union ctl_io *)ctsio);
7396			return (CTL_RETVAL_COMPLETE);
7397		}
7398		/* FALLTHROUGH */
7399	case RSO_OPTIONS_OC_ASA:
7400		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7401		break;
7402	default:
7403		ctl_set_invalid_field(/*ctsio*/ ctsio,
7404				      /*sks_valid*/ 1,
7405				      /*command*/ 1,
7406				      /*field*/ 2,
7407				      /*bit_valid*/ 1,
7408				      /*bit*/ 2);
7409		ctl_done((union ctl_io *)ctsio);
7410		return (CTL_RETVAL_COMPLETE);
7411	}
7412
7413	alloc_len = scsi_4btoul(cdb->length);
7414
7415	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7416	ctsio->kern_sg_entries = 0;
7417	ctsio->kern_rel_offset = 0;
7418	ctsio->kern_data_len = min(total_len, alloc_len);
7419	ctsio->kern_total_len = ctsio->kern_data_len;
7420
7421	switch (cdb->options & RSO_OPTIONS_MASK) {
7422	case RSO_OPTIONS_ALL:
7423		all = (struct scsi_report_supported_opcodes_all *)
7424		    ctsio->kern_data_ptr;
7425		num = 0;
7426		for (i = 0; i < 256; i++) {
7427			entry = &ctl_cmd_table[i];
7428			if (entry->flags & CTL_CMD_FLAG_SA5) {
7429				for (j = 0; j < 32; j++) {
7430					sentry = &((const struct ctl_cmd_entry *)
7431					    entry->execute)[j];
7432					if (!ctl_cmd_applicable(
7433					    lun->be_lun->lun_type, sentry))
7434						continue;
7435					descr = &all->descr[num++];
7436					descr->opcode = i;
7437					scsi_ulto2b(j, descr->service_action);
7438					descr->flags = RSO_SERVACTV;
7439					scsi_ulto2b(sentry->length,
7440					    descr->cdb_length);
7441				}
7442			} else {
7443				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7444				    entry))
7445					continue;
7446				descr = &all->descr[num++];
7447				descr->opcode = i;
7448				scsi_ulto2b(0, descr->service_action);
7449				descr->flags = 0;
7450				scsi_ulto2b(entry->length, descr->cdb_length);
7451			}
7452		}
7453		scsi_ulto4b(
7454		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7455		    all->length);
7456		break;
7457	case RSO_OPTIONS_OC:
7458		one = (struct scsi_report_supported_opcodes_one *)
7459		    ctsio->kern_data_ptr;
7460		entry = &ctl_cmd_table[opcode];
7461		goto fill_one;
7462	case RSO_OPTIONS_OC_SA:
7463		one = (struct scsi_report_supported_opcodes_one *)
7464		    ctsio->kern_data_ptr;
7465		entry = &ctl_cmd_table[opcode];
7466		entry = &((const struct ctl_cmd_entry *)
7467		    entry->execute)[service_action];
7468fill_one:
7469		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7470			one->support = 3;
7471			scsi_ulto2b(entry->length, one->cdb_length);
7472			one->cdb_usage[0] = opcode;
7473			memcpy(&one->cdb_usage[1], entry->usage,
7474			    entry->length - 1);
7475		} else
7476			one->support = 1;
7477		break;
7478	case RSO_OPTIONS_OC_ASA:
7479		one = (struct scsi_report_supported_opcodes_one *)
7480		    ctsio->kern_data_ptr;
7481		entry = &ctl_cmd_table[opcode];
7482		if (entry->flags & CTL_CMD_FLAG_SA5) {
7483			entry = &((const struct ctl_cmd_entry *)
7484			    entry->execute)[service_action];
7485		} else if (service_action != 0) {
7486			one->support = 1;
7487			break;
7488		}
7489		goto fill_one;
7490	}
7491
7492	ctl_set_success(ctsio);
7493	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7494	ctsio->be_move_done = ctl_config_move_done;
7495	ctl_datamove((union ctl_io *)ctsio);
7496	return(retval);
7497}
7498
7499int
7500ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7501{
7502	struct scsi_report_supported_tmf *cdb;
7503	struct scsi_report_supported_tmf_ext_data *data;
7504	int retval;
7505	int alloc_len, total_len;
7506
7507	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7508
7509	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7510
7511	retval = CTL_RETVAL_COMPLETE;
7512
7513	if (cdb->options & RST_REPD)
7514		total_len = sizeof(struct scsi_report_supported_tmf_ext_data);
7515	else
7516		total_len = sizeof(struct scsi_report_supported_tmf_data);
7517	alloc_len = scsi_4btoul(cdb->length);
7518
7519	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7520	ctsio->kern_sg_entries = 0;
7521	ctsio->kern_rel_offset = 0;
7522	ctsio->kern_data_len = min(total_len, alloc_len);
7523	ctsio->kern_total_len = ctsio->kern_data_len;
7524
7525	data = (struct scsi_report_supported_tmf_ext_data *)ctsio->kern_data_ptr;
7526	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7527	    RST_TRS;
7528	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7529	data->length = total_len - 4;
7530
7531	ctl_set_success(ctsio);
7532	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7533	ctsio->be_move_done = ctl_config_move_done;
7534	ctl_datamove((union ctl_io *)ctsio);
7535	return (retval);
7536}
7537
7538int
7539ctl_report_timestamp(struct ctl_scsiio *ctsio)
7540{
7541	struct scsi_report_timestamp *cdb;
7542	struct scsi_report_timestamp_data *data;
7543	struct timeval tv;
7544	int64_t timestamp;
7545	int retval;
7546	int alloc_len, total_len;
7547
7548	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7549
7550	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7551
7552	retval = CTL_RETVAL_COMPLETE;
7553
7554	total_len = sizeof(struct scsi_report_timestamp_data);
7555	alloc_len = scsi_4btoul(cdb->length);
7556
7557	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7558	ctsio->kern_sg_entries = 0;
7559	ctsio->kern_rel_offset = 0;
7560	ctsio->kern_data_len = min(total_len, alloc_len);
7561	ctsio->kern_total_len = ctsio->kern_data_len;
7562
7563	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7564	scsi_ulto2b(sizeof(*data) - 2, data->length);
7565	data->origin = RTS_ORIG_OUTSIDE;
7566	getmicrotime(&tv);
7567	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7568	scsi_ulto4b(timestamp >> 16, data->timestamp);
7569	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7570
7571	ctl_set_success(ctsio);
7572	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7573	ctsio->be_move_done = ctl_config_move_done;
7574	ctl_datamove((union ctl_io *)ctsio);
7575	return (retval);
7576}
7577
7578int
7579ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7580{
7581	struct ctl_softc *softc = CTL_SOFTC(ctsio);
7582	struct ctl_lun *lun = CTL_LUN(ctsio);
7583	struct scsi_per_res_in *cdb;
7584	int alloc_len, total_len = 0;
7585	/* struct scsi_per_res_in_rsrv in_data; */
7586	uint64_t key;
7587
7588	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7589
7590	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7591
7592	alloc_len = scsi_2btoul(cdb->length);
7593
7594retry:
7595	mtx_lock(&lun->lun_lock);
7596	switch (cdb->action) {
7597	case SPRI_RK: /* read keys */
7598		total_len = sizeof(struct scsi_per_res_in_keys) +
7599			lun->pr_key_count *
7600			sizeof(struct scsi_per_res_key);
7601		break;
7602	case SPRI_RR: /* read reservation */
7603		if (lun->flags & CTL_LUN_PR_RESERVED)
7604			total_len = sizeof(struct scsi_per_res_in_rsrv);
7605		else
7606			total_len = sizeof(struct scsi_per_res_in_header);
7607		break;
7608	case SPRI_RC: /* report capabilities */
7609		total_len = sizeof(struct scsi_per_res_cap);
7610		break;
7611	case SPRI_RS: /* read full status */
7612		total_len = sizeof(struct scsi_per_res_in_header) +
7613		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7614		    lun->pr_key_count;
7615		break;
7616	default:
7617		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7618	}
7619	mtx_unlock(&lun->lun_lock);
7620
7621	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7622	ctsio->kern_rel_offset = 0;
7623	ctsio->kern_sg_entries = 0;
7624	ctsio->kern_data_len = min(total_len, alloc_len);
7625	ctsio->kern_total_len = ctsio->kern_data_len;
7626
7627	mtx_lock(&lun->lun_lock);
7628	switch (cdb->action) {
7629	case SPRI_RK: { // read keys
7630        struct scsi_per_res_in_keys *res_keys;
7631		int i, key_count;
7632
7633		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7634
7635		/*
7636		 * We had to drop the lock to allocate our buffer, which
7637		 * leaves time for someone to come in with another
7638		 * persistent reservation.  (That is unlikely, though,
7639		 * since this should be the only persistent reservation
7640		 * command active right now.)
7641		 */
7642		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7643		    (lun->pr_key_count *
7644		     sizeof(struct scsi_per_res_key)))){
7645			mtx_unlock(&lun->lun_lock);
7646			free(ctsio->kern_data_ptr, M_CTL);
7647			printf("%s: reservation length changed, retrying\n",
7648			       __func__);
7649			goto retry;
7650		}
7651
7652		scsi_ulto4b(lun->pr_generation, res_keys->header.generation);
7653
7654		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7655			     lun->pr_key_count, res_keys->header.length);
7656
7657		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7658			if ((key = ctl_get_prkey(lun, i)) == 0)
7659				continue;
7660
7661			/*
7662			 * We used lun->pr_key_count to calculate the
7663			 * size to allocate.  If it turns out the number of
7664			 * initiators with the registered flag set is
7665			 * larger than that (i.e. they haven't been kept in
7666			 * sync), we've got a problem.
7667			 */
7668			if (key_count >= lun->pr_key_count) {
7669				key_count++;
7670				continue;
7671			}
7672			scsi_u64to8b(key, res_keys->keys[key_count].key);
7673			key_count++;
7674		}
7675		break;
7676	}
7677	case SPRI_RR: { // read reservation
7678		struct scsi_per_res_in_rsrv *res;
7679		int tmp_len, header_only;
7680
7681		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7682
7683		scsi_ulto4b(lun->pr_generation, res->header.generation);
7684
7685		if (lun->flags & CTL_LUN_PR_RESERVED)
7686		{
7687			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7688			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7689				    res->header.length);
7690			header_only = 0;
7691		} else {
7692			tmp_len = sizeof(struct scsi_per_res_in_header);
7693			scsi_ulto4b(0, res->header.length);
7694			header_only = 1;
7695		}
7696
7697		/*
7698		 * We had to drop the lock to allocate our buffer, which
7699		 * leaves time for someone to come in with another
7700		 * persistent reservation.  (That is unlikely, though,
7701		 * since this should be the only persistent reservation
7702		 * command active right now.)
7703		 */
7704		if (tmp_len != total_len) {
7705			mtx_unlock(&lun->lun_lock);
7706			free(ctsio->kern_data_ptr, M_CTL);
7707			printf("%s: reservation status changed, retrying\n",
7708			       __func__);
7709			goto retry;
7710		}
7711
7712		/*
7713		 * No reservation held, so we're done.
7714		 */
7715		if (header_only != 0)
7716			break;
7717
7718		/*
7719		 * If the registration is an All Registrants type, the key
7720		 * is 0, since it doesn't really matter.
7721		 */
7722		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7723			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7724			    res->data.reservation);
7725		}
7726		res->data.scopetype = lun->pr_res_type;
7727		break;
7728	}
7729	case SPRI_RC:     //report capabilities
7730	{
7731		struct scsi_per_res_cap *res_cap;
7732		uint16_t type_mask;
7733
7734		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7735		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7736		res_cap->flags1 = SPRI_CRH;
7737		res_cap->flags2 = SPRI_TMV | SPRI_ALLOW_5;
7738		type_mask = SPRI_TM_WR_EX_AR |
7739			    SPRI_TM_EX_AC_RO |
7740			    SPRI_TM_WR_EX_RO |
7741			    SPRI_TM_EX_AC |
7742			    SPRI_TM_WR_EX |
7743			    SPRI_TM_EX_AC_AR;
7744		scsi_ulto2b(type_mask, res_cap->type_mask);
7745		break;
7746	}
7747	case SPRI_RS: { // read full status
7748		struct scsi_per_res_in_full *res_status;
7749		struct scsi_per_res_in_full_desc *res_desc;
7750		struct ctl_port *port;
7751		int i, len;
7752
7753		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7754
7755		/*
7756		 * We had to drop the lock to allocate our buffer, which
7757		 * leaves time for someone to come in with another
7758		 * persistent reservation.  (That is unlikely, though,
7759		 * since this should be the only persistent reservation
7760		 * command active right now.)
7761		 */
7762		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7763		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7764		     lun->pr_key_count)){
7765			mtx_unlock(&lun->lun_lock);
7766			free(ctsio->kern_data_ptr, M_CTL);
7767			printf("%s: reservation length changed, retrying\n",
7768			       __func__);
7769			goto retry;
7770		}
7771
7772		scsi_ulto4b(lun->pr_generation, res_status->header.generation);
7773
7774		res_desc = &res_status->desc[0];
7775		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7776			if ((key = ctl_get_prkey(lun, i)) == 0)
7777				continue;
7778
7779			scsi_u64to8b(key, res_desc->res_key.key);
7780			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7781			    (lun->pr_res_idx == i ||
7782			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7783				res_desc->flags = SPRI_FULL_R_HOLDER;
7784				res_desc->scopetype = lun->pr_res_type;
7785			}
7786			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7787			    res_desc->rel_trgt_port_id);
7788			len = 0;
7789			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7790			if (port != NULL)
7791				len = ctl_create_iid(port,
7792				    i % CTL_MAX_INIT_PER_PORT,
7793				    res_desc->transport_id);
7794			scsi_ulto4b(len, res_desc->additional_length);
7795			res_desc = (struct scsi_per_res_in_full_desc *)
7796			    &res_desc->transport_id[len];
7797		}
7798		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7799		    res_status->header.length);
7800		break;
7801	}
7802	default:
7803		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7804	}
7805	mtx_unlock(&lun->lun_lock);
7806
7807	ctl_set_success(ctsio);
7808	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7809	ctsio->be_move_done = ctl_config_move_done;
7810	ctl_datamove((union ctl_io *)ctsio);
7811	return (CTL_RETVAL_COMPLETE);
7812}
7813
7814/*
7815 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7816 * it should return.
7817 */
7818static int
7819ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7820		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7821		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7822		struct scsi_per_res_out_parms* param)
7823{
7824	union ctl_ha_msg persis_io;
7825	int i;
7826
7827	mtx_lock(&lun->lun_lock);
7828	if (sa_res_key == 0) {
7829		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7830			/* validate scope and type */
7831			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7832			     SPR_LU_SCOPE) {
7833				mtx_unlock(&lun->lun_lock);
7834				ctl_set_invalid_field(/*ctsio*/ ctsio,
7835						      /*sks_valid*/ 1,
7836						      /*command*/ 1,
7837						      /*field*/ 2,
7838						      /*bit_valid*/ 1,
7839						      /*bit*/ 4);
7840				ctl_done((union ctl_io *)ctsio);
7841				return (1);
7842			}
7843
7844		        if (type>8 || type==2 || type==4 || type==0) {
7845				mtx_unlock(&lun->lun_lock);
7846				ctl_set_invalid_field(/*ctsio*/ ctsio,
7847       	           				      /*sks_valid*/ 1,
7848						      /*command*/ 1,
7849						      /*field*/ 2,
7850						      /*bit_valid*/ 1,
7851						      /*bit*/ 0);
7852				ctl_done((union ctl_io *)ctsio);
7853				return (1);
7854		        }
7855
7856			/*
7857			 * Unregister everybody else and build UA for
7858			 * them
7859			 */
7860			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7861				if (i == residx || ctl_get_prkey(lun, i) == 0)
7862					continue;
7863
7864				ctl_clr_prkey(lun, i);
7865				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7866			}
7867			lun->pr_key_count = 1;
7868			lun->pr_res_type = type;
7869			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7870			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7871				lun->pr_res_idx = residx;
7872			lun->pr_generation++;
7873			mtx_unlock(&lun->lun_lock);
7874
7875			/* send msg to other side */
7876			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7877			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7878			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7879			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7880			persis_io.pr.pr_info.res_type = type;
7881			memcpy(persis_io.pr.pr_info.sa_res_key,
7882			       param->serv_act_res_key,
7883			       sizeof(param->serv_act_res_key));
7884			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7885			    sizeof(persis_io.pr), M_WAITOK);
7886		} else {
7887			/* not all registrants */
7888			mtx_unlock(&lun->lun_lock);
7889			free(ctsio->kern_data_ptr, M_CTL);
7890			ctl_set_invalid_field(ctsio,
7891					      /*sks_valid*/ 1,
7892					      /*command*/ 0,
7893					      /*field*/ 8,
7894					      /*bit_valid*/ 0,
7895					      /*bit*/ 0);
7896			ctl_done((union ctl_io *)ctsio);
7897			return (1);
7898		}
7899	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7900		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7901		int found = 0;
7902
7903		if (res_key == sa_res_key) {
7904			/* special case */
7905			/*
7906			 * The spec implies this is not good but doesn't
7907			 * say what to do. There are two choices either
7908			 * generate a res conflict or check condition
7909			 * with illegal field in parameter data. Since
7910			 * that is what is done when the sa_res_key is
7911			 * zero I'll take that approach since this has
7912			 * to do with the sa_res_key.
7913			 */
7914			mtx_unlock(&lun->lun_lock);
7915			free(ctsio->kern_data_ptr, M_CTL);
7916			ctl_set_invalid_field(ctsio,
7917					      /*sks_valid*/ 1,
7918					      /*command*/ 0,
7919					      /*field*/ 8,
7920					      /*bit_valid*/ 0,
7921					      /*bit*/ 0);
7922			ctl_done((union ctl_io *)ctsio);
7923			return (1);
7924		}
7925
7926		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7927			if (ctl_get_prkey(lun, i) != sa_res_key)
7928				continue;
7929
7930			found = 1;
7931			ctl_clr_prkey(lun, i);
7932			lun->pr_key_count--;
7933			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7934		}
7935		if (!found) {
7936			mtx_unlock(&lun->lun_lock);
7937			free(ctsio->kern_data_ptr, M_CTL);
7938			ctl_set_reservation_conflict(ctsio);
7939			ctl_done((union ctl_io *)ctsio);
7940			return (CTL_RETVAL_COMPLETE);
7941		}
7942		lun->pr_generation++;
7943		mtx_unlock(&lun->lun_lock);
7944
7945		/* send msg to other side */
7946		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7947		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7948		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7949		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7950		persis_io.pr.pr_info.res_type = type;
7951		memcpy(persis_io.pr.pr_info.sa_res_key,
7952		       param->serv_act_res_key,
7953		       sizeof(param->serv_act_res_key));
7954		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7955		    sizeof(persis_io.pr), M_WAITOK);
7956	} else {
7957		/* Reserved but not all registrants */
7958		/* sa_res_key is res holder */
7959		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7960			/* validate scope and type */
7961			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7962			     SPR_LU_SCOPE) {
7963				mtx_unlock(&lun->lun_lock);
7964				ctl_set_invalid_field(/*ctsio*/ ctsio,
7965						      /*sks_valid*/ 1,
7966						      /*command*/ 1,
7967						      /*field*/ 2,
7968						      /*bit_valid*/ 1,
7969						      /*bit*/ 4);
7970				ctl_done((union ctl_io *)ctsio);
7971				return (1);
7972			}
7973
7974			if (type>8 || type==2 || type==4 || type==0) {
7975				mtx_unlock(&lun->lun_lock);
7976				ctl_set_invalid_field(/*ctsio*/ ctsio,
7977						      /*sks_valid*/ 1,
7978						      /*command*/ 1,
7979						      /*field*/ 2,
7980						      /*bit_valid*/ 1,
7981						      /*bit*/ 0);
7982				ctl_done((union ctl_io *)ctsio);
7983				return (1);
7984			}
7985
7986			/*
7987			 * Do the following:
7988			 * if sa_res_key != res_key remove all
7989			 * registrants w/sa_res_key and generate UA
7990			 * for these registrants(Registrations
7991			 * Preempted) if it wasn't an exclusive
7992			 * reservation generate UA(Reservations
7993			 * Preempted) for all other registered nexuses
7994			 * if the type has changed. Establish the new
7995			 * reservation and holder. If res_key and
7996			 * sa_res_key are the same do the above
7997			 * except don't unregister the res holder.
7998			 */
7999
8000			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8001				if (i == residx || ctl_get_prkey(lun, i) == 0)
8002					continue;
8003
8004				if (sa_res_key == ctl_get_prkey(lun, i)) {
8005					ctl_clr_prkey(lun, i);
8006					lun->pr_key_count--;
8007					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8008				} else if (type != lun->pr_res_type &&
8009				    (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8010				     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
8011					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8012				}
8013			}
8014			lun->pr_res_type = type;
8015			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8016			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8017				lun->pr_res_idx = residx;
8018			else
8019				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8020			lun->pr_generation++;
8021			mtx_unlock(&lun->lun_lock);
8022
8023			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8024			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8025			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8026			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8027			persis_io.pr.pr_info.res_type = type;
8028			memcpy(persis_io.pr.pr_info.sa_res_key,
8029			       param->serv_act_res_key,
8030			       sizeof(param->serv_act_res_key));
8031			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8032			    sizeof(persis_io.pr), M_WAITOK);
8033		} else {
8034			/*
8035			 * sa_res_key is not the res holder just
8036			 * remove registrants
8037			 */
8038			int found=0;
8039
8040			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8041				if (sa_res_key != ctl_get_prkey(lun, i))
8042					continue;
8043
8044				found = 1;
8045				ctl_clr_prkey(lun, i);
8046				lun->pr_key_count--;
8047				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8048			}
8049
8050			if (!found) {
8051				mtx_unlock(&lun->lun_lock);
8052				free(ctsio->kern_data_ptr, M_CTL);
8053				ctl_set_reservation_conflict(ctsio);
8054				ctl_done((union ctl_io *)ctsio);
8055		        	return (1);
8056			}
8057			lun->pr_generation++;
8058			mtx_unlock(&lun->lun_lock);
8059
8060			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8061			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8062			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8063			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8064			persis_io.pr.pr_info.res_type = type;
8065			memcpy(persis_io.pr.pr_info.sa_res_key,
8066			       param->serv_act_res_key,
8067			       sizeof(param->serv_act_res_key));
8068			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8069			    sizeof(persis_io.pr), M_WAITOK);
8070		}
8071	}
8072	return (0);
8073}
8074
8075static void
8076ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8077{
8078	uint64_t sa_res_key;
8079	int i;
8080
8081	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8082
8083	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8084	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8085	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8086		if (sa_res_key == 0) {
8087			/*
8088			 * Unregister everybody else and build UA for
8089			 * them
8090			 */
8091			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8092				if (i == msg->pr.pr_info.residx ||
8093				    ctl_get_prkey(lun, i) == 0)
8094					continue;
8095
8096				ctl_clr_prkey(lun, i);
8097				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8098			}
8099
8100			lun->pr_key_count = 1;
8101			lun->pr_res_type = msg->pr.pr_info.res_type;
8102			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8103			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8104				lun->pr_res_idx = msg->pr.pr_info.residx;
8105		} else {
8106		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8107				if (sa_res_key == ctl_get_prkey(lun, i))
8108					continue;
8109
8110				ctl_clr_prkey(lun, i);
8111				lun->pr_key_count--;
8112				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8113			}
8114		}
8115	} else {
8116		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8117			if (i == msg->pr.pr_info.residx ||
8118			    ctl_get_prkey(lun, i) == 0)
8119				continue;
8120
8121			if (sa_res_key == ctl_get_prkey(lun, i)) {
8122				ctl_clr_prkey(lun, i);
8123				lun->pr_key_count--;
8124				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8125			} else if (msg->pr.pr_info.res_type != lun->pr_res_type
8126			    && (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8127			     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
8128				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8129			}
8130		}
8131		lun->pr_res_type = msg->pr.pr_info.res_type;
8132		if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8133		    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8134			lun->pr_res_idx = msg->pr.pr_info.residx;
8135		else
8136			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8137	}
8138	lun->pr_generation++;
8139
8140}
8141
8142
8143int
8144ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8145{
8146	struct ctl_softc *softc = CTL_SOFTC(ctsio);
8147	struct ctl_lun *lun = CTL_LUN(ctsio);
8148	int retval;
8149	u_int32_t param_len;
8150	struct scsi_per_res_out *cdb;
8151	struct scsi_per_res_out_parms* param;
8152	uint32_t residx;
8153	uint64_t res_key, sa_res_key, key;
8154	uint8_t type;
8155	union ctl_ha_msg persis_io;
8156	int    i;
8157
8158	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8159
8160	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8161	retval = CTL_RETVAL_COMPLETE;
8162
8163	/*
8164	 * We only support whole-LUN scope.  The scope & type are ignored for
8165	 * register, register and ignore existing key and clear.
8166	 * We sometimes ignore scope and type on preempts too!!
8167	 * Verify reservation type here as well.
8168	 */
8169	type = cdb->scope_type & SPR_TYPE_MASK;
8170	if ((cdb->action == SPRO_RESERVE)
8171	 || (cdb->action == SPRO_RELEASE)) {
8172		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8173			ctl_set_invalid_field(/*ctsio*/ ctsio,
8174					      /*sks_valid*/ 1,
8175					      /*command*/ 1,
8176					      /*field*/ 2,
8177					      /*bit_valid*/ 1,
8178					      /*bit*/ 4);
8179			ctl_done((union ctl_io *)ctsio);
8180			return (CTL_RETVAL_COMPLETE);
8181		}
8182
8183		if (type>8 || type==2 || type==4 || type==0) {
8184			ctl_set_invalid_field(/*ctsio*/ ctsio,
8185					      /*sks_valid*/ 1,
8186					      /*command*/ 1,
8187					      /*field*/ 2,
8188					      /*bit_valid*/ 1,
8189					      /*bit*/ 0);
8190			ctl_done((union ctl_io *)ctsio);
8191			return (CTL_RETVAL_COMPLETE);
8192		}
8193	}
8194
8195	param_len = scsi_4btoul(cdb->length);
8196
8197	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8198		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8199		ctsio->kern_data_len = param_len;
8200		ctsio->kern_total_len = param_len;
8201		ctsio->kern_rel_offset = 0;
8202		ctsio->kern_sg_entries = 0;
8203		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8204		ctsio->be_move_done = ctl_config_move_done;
8205		ctl_datamove((union ctl_io *)ctsio);
8206
8207		return (CTL_RETVAL_COMPLETE);
8208	}
8209
8210	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8211
8212	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8213	res_key = scsi_8btou64(param->res_key.key);
8214	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8215
8216	/*
8217	 * Validate the reservation key here except for SPRO_REG_IGNO
8218	 * This must be done for all other service actions
8219	 */
8220	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8221		mtx_lock(&lun->lun_lock);
8222		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8223			if (res_key != key) {
8224				/*
8225				 * The current key passed in doesn't match
8226				 * the one the initiator previously
8227				 * registered.
8228				 */
8229				mtx_unlock(&lun->lun_lock);
8230				free(ctsio->kern_data_ptr, M_CTL);
8231				ctl_set_reservation_conflict(ctsio);
8232				ctl_done((union ctl_io *)ctsio);
8233				return (CTL_RETVAL_COMPLETE);
8234			}
8235		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8236			/*
8237			 * We are not registered
8238			 */
8239			mtx_unlock(&lun->lun_lock);
8240			free(ctsio->kern_data_ptr, M_CTL);
8241			ctl_set_reservation_conflict(ctsio);
8242			ctl_done((union ctl_io *)ctsio);
8243			return (CTL_RETVAL_COMPLETE);
8244		} else if (res_key != 0) {
8245			/*
8246			 * We are not registered and trying to register but
8247			 * the register key isn't zero.
8248			 */
8249			mtx_unlock(&lun->lun_lock);
8250			free(ctsio->kern_data_ptr, M_CTL);
8251			ctl_set_reservation_conflict(ctsio);
8252			ctl_done((union ctl_io *)ctsio);
8253			return (CTL_RETVAL_COMPLETE);
8254		}
8255		mtx_unlock(&lun->lun_lock);
8256	}
8257
8258	switch (cdb->action & SPRO_ACTION_MASK) {
8259	case SPRO_REGISTER:
8260	case SPRO_REG_IGNO: {
8261
8262#if 0
8263		printf("Registration received\n");
8264#endif
8265
8266		/*
8267		 * We don't support any of these options, as we report in
8268		 * the read capabilities request (see
8269		 * ctl_persistent_reserve_in(), above).
8270		 */
8271		if ((param->flags & SPR_SPEC_I_PT)
8272		 || (param->flags & SPR_ALL_TG_PT)
8273		 || (param->flags & SPR_APTPL)) {
8274			int bit_ptr;
8275
8276			if (param->flags & SPR_APTPL)
8277				bit_ptr = 0;
8278			else if (param->flags & SPR_ALL_TG_PT)
8279				bit_ptr = 2;
8280			else /* SPR_SPEC_I_PT */
8281				bit_ptr = 3;
8282
8283			free(ctsio->kern_data_ptr, M_CTL);
8284			ctl_set_invalid_field(ctsio,
8285					      /*sks_valid*/ 1,
8286					      /*command*/ 0,
8287					      /*field*/ 20,
8288					      /*bit_valid*/ 1,
8289					      /*bit*/ bit_ptr);
8290			ctl_done((union ctl_io *)ctsio);
8291			return (CTL_RETVAL_COMPLETE);
8292		}
8293
8294		mtx_lock(&lun->lun_lock);
8295
8296		/*
8297		 * The initiator wants to clear the
8298		 * key/unregister.
8299		 */
8300		if (sa_res_key == 0) {
8301			if ((res_key == 0
8302			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8303			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8304			  && ctl_get_prkey(lun, residx) == 0)) {
8305				mtx_unlock(&lun->lun_lock);
8306				goto done;
8307			}
8308
8309			ctl_clr_prkey(lun, residx);
8310			lun->pr_key_count--;
8311
8312			if (residx == lun->pr_res_idx) {
8313				lun->flags &= ~CTL_LUN_PR_RESERVED;
8314				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8315
8316				if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8317				     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8318				    lun->pr_key_count) {
8319					/*
8320					 * If the reservation is a registrants
8321					 * only type we need to generate a UA
8322					 * for other registered inits.  The
8323					 * sense code should be RESERVATIONS
8324					 * RELEASED
8325					 */
8326
8327					for (i = softc->init_min; i < softc->init_max; i++){
8328						if (ctl_get_prkey(lun, i) == 0)
8329							continue;
8330						ctl_est_ua(lun, i,
8331						    CTL_UA_RES_RELEASE);
8332					}
8333				}
8334				lun->pr_res_type = 0;
8335			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8336				if (lun->pr_key_count==0) {
8337					lun->flags &= ~CTL_LUN_PR_RESERVED;
8338					lun->pr_res_type = 0;
8339					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8340				}
8341			}
8342			lun->pr_generation++;
8343			mtx_unlock(&lun->lun_lock);
8344
8345			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8346			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8347			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8348			persis_io.pr.pr_info.residx = residx;
8349			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8350			    sizeof(persis_io.pr), M_WAITOK);
8351		} else /* sa_res_key != 0 */ {
8352
8353			/*
8354			 * If we aren't registered currently then increment
8355			 * the key count and set the registered flag.
8356			 */
8357			ctl_alloc_prkey(lun, residx);
8358			if (ctl_get_prkey(lun, residx) == 0)
8359				lun->pr_key_count++;
8360			ctl_set_prkey(lun, residx, sa_res_key);
8361			lun->pr_generation++;
8362			mtx_unlock(&lun->lun_lock);
8363
8364			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8365			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8366			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8367			persis_io.pr.pr_info.residx = residx;
8368			memcpy(persis_io.pr.pr_info.sa_res_key,
8369			       param->serv_act_res_key,
8370			       sizeof(param->serv_act_res_key));
8371			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8372			    sizeof(persis_io.pr), M_WAITOK);
8373		}
8374
8375		break;
8376	}
8377	case SPRO_RESERVE:
8378#if 0
8379                printf("Reserve executed type %d\n", type);
8380#endif
8381		mtx_lock(&lun->lun_lock);
8382		if (lun->flags & CTL_LUN_PR_RESERVED) {
8383			/*
8384			 * if this isn't the reservation holder and it's
8385			 * not a "all registrants" type or if the type is
8386			 * different then we have a conflict
8387			 */
8388			if ((lun->pr_res_idx != residx
8389			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8390			 || lun->pr_res_type != type) {
8391				mtx_unlock(&lun->lun_lock);
8392				free(ctsio->kern_data_ptr, M_CTL);
8393				ctl_set_reservation_conflict(ctsio);
8394				ctl_done((union ctl_io *)ctsio);
8395				return (CTL_RETVAL_COMPLETE);
8396			}
8397			mtx_unlock(&lun->lun_lock);
8398		} else /* create a reservation */ {
8399			/*
8400			 * If it's not an "all registrants" type record
8401			 * reservation holder
8402			 */
8403			if (type != SPR_TYPE_WR_EX_AR
8404			 && type != SPR_TYPE_EX_AC_AR)
8405				lun->pr_res_idx = residx; /* Res holder */
8406			else
8407				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8408
8409			lun->flags |= CTL_LUN_PR_RESERVED;
8410			lun->pr_res_type = type;
8411
8412			mtx_unlock(&lun->lun_lock);
8413
8414			/* send msg to other side */
8415			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8416			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8417			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8418			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8419			persis_io.pr.pr_info.res_type = type;
8420			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8421			    sizeof(persis_io.pr), M_WAITOK);
8422		}
8423		break;
8424
8425	case SPRO_RELEASE:
8426		mtx_lock(&lun->lun_lock);
8427		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8428			/* No reservation exists return good status */
8429			mtx_unlock(&lun->lun_lock);
8430			goto done;
8431		}
8432		/*
8433		 * Is this nexus a reservation holder?
8434		 */
8435		if (lun->pr_res_idx != residx
8436		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8437			/*
8438			 * not a res holder return good status but
8439			 * do nothing
8440			 */
8441			mtx_unlock(&lun->lun_lock);
8442			goto done;
8443		}
8444
8445		if (lun->pr_res_type != type) {
8446			mtx_unlock(&lun->lun_lock);
8447			free(ctsio->kern_data_ptr, M_CTL);
8448			ctl_set_illegal_pr_release(ctsio);
8449			ctl_done((union ctl_io *)ctsio);
8450			return (CTL_RETVAL_COMPLETE);
8451		}
8452
8453		/* okay to release */
8454		lun->flags &= ~CTL_LUN_PR_RESERVED;
8455		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8456		lun->pr_res_type = 0;
8457
8458		/*
8459		 * If this isn't an exclusive access reservation and NUAR
8460		 * is not set, generate UA for all other registrants.
8461		 */
8462		if (type != SPR_TYPE_EX_AC && type != SPR_TYPE_WR_EX &&
8463		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8464			for (i = softc->init_min; i < softc->init_max; i++) {
8465				if (i == residx || ctl_get_prkey(lun, i) == 0)
8466					continue;
8467				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8468			}
8469		}
8470		mtx_unlock(&lun->lun_lock);
8471
8472		/* Send msg to other side */
8473		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8474		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8475		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8476		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8477		     sizeof(persis_io.pr), M_WAITOK);
8478		break;
8479
8480	case SPRO_CLEAR:
8481		/* send msg to other side */
8482
8483		mtx_lock(&lun->lun_lock);
8484		lun->flags &= ~CTL_LUN_PR_RESERVED;
8485		lun->pr_res_type = 0;
8486		lun->pr_key_count = 0;
8487		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8488
8489		ctl_clr_prkey(lun, residx);
8490		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8491			if (ctl_get_prkey(lun, i) != 0) {
8492				ctl_clr_prkey(lun, i);
8493				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8494			}
8495		lun->pr_generation++;
8496		mtx_unlock(&lun->lun_lock);
8497
8498		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8499		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8500		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8501		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8502		     sizeof(persis_io.pr), M_WAITOK);
8503		break;
8504
8505	case SPRO_PREEMPT:
8506	case SPRO_PRE_ABO: {
8507		int nretval;
8508
8509		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8510					  residx, ctsio, cdb, param);
8511		if (nretval != 0)
8512			return (CTL_RETVAL_COMPLETE);
8513		break;
8514	}
8515	default:
8516		panic("%s: Invalid PR type %#x", __func__, cdb->action);
8517	}
8518
8519done:
8520	free(ctsio->kern_data_ptr, M_CTL);
8521	ctl_set_success(ctsio);
8522	ctl_done((union ctl_io *)ctsio);
8523
8524	return (retval);
8525}
8526
8527/*
8528 * This routine is for handling a message from the other SC pertaining to
8529 * persistent reserve out. All the error checking will have been done
8530 * so only perorming the action need be done here to keep the two
8531 * in sync.
8532 */
8533static void
8534ctl_hndl_per_res_out_on_other_sc(union ctl_io *io)
8535{
8536	struct ctl_softc *softc = CTL_SOFTC(io);
8537	union ctl_ha_msg *msg = (union ctl_ha_msg *)&io->presio.pr_msg;
8538	struct ctl_lun *lun;
8539	int i;
8540	uint32_t residx, targ_lun;
8541
8542	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8543	mtx_lock(&softc->ctl_lock);
8544	if (targ_lun >= ctl_max_luns ||
8545	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
8546		mtx_unlock(&softc->ctl_lock);
8547		return;
8548	}
8549	mtx_lock(&lun->lun_lock);
8550	mtx_unlock(&softc->ctl_lock);
8551	if (lun->flags & CTL_LUN_DISABLED) {
8552		mtx_unlock(&lun->lun_lock);
8553		return;
8554	}
8555	residx = ctl_get_initindex(&msg->hdr.nexus);
8556	switch(msg->pr.pr_info.action) {
8557	case CTL_PR_REG_KEY:
8558		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8559		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8560			lun->pr_key_count++;
8561		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8562		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8563		lun->pr_generation++;
8564		break;
8565
8566	case CTL_PR_UNREG_KEY:
8567		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8568		lun->pr_key_count--;
8569
8570		/* XXX Need to see if the reservation has been released */
8571		/* if so do we need to generate UA? */
8572		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8573			lun->flags &= ~CTL_LUN_PR_RESERVED;
8574			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8575
8576			if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8577			     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8578			    lun->pr_key_count) {
8579				/*
8580				 * If the reservation is a registrants
8581				 * only type we need to generate a UA
8582				 * for other registered inits.  The
8583				 * sense code should be RESERVATIONS
8584				 * RELEASED
8585				 */
8586
8587				for (i = softc->init_min; i < softc->init_max; i++) {
8588					if (ctl_get_prkey(lun, i) == 0)
8589						continue;
8590
8591					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8592				}
8593			}
8594			lun->pr_res_type = 0;
8595		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8596			if (lun->pr_key_count==0) {
8597				lun->flags &= ~CTL_LUN_PR_RESERVED;
8598				lun->pr_res_type = 0;
8599				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8600			}
8601		}
8602		lun->pr_generation++;
8603		break;
8604
8605	case CTL_PR_RESERVE:
8606		lun->flags |= CTL_LUN_PR_RESERVED;
8607		lun->pr_res_type = msg->pr.pr_info.res_type;
8608		lun->pr_res_idx = msg->pr.pr_info.residx;
8609
8610		break;
8611
8612	case CTL_PR_RELEASE:
8613		/*
8614		 * If this isn't an exclusive access reservation and NUAR
8615		 * is not set, generate UA for all other registrants.
8616		 */
8617		if (lun->pr_res_type != SPR_TYPE_EX_AC &&
8618		    lun->pr_res_type != SPR_TYPE_WR_EX &&
8619		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8620			for (i = softc->init_min; i < softc->init_max; i++)
8621				if (i == residx || ctl_get_prkey(lun, i) == 0)
8622					continue;
8623				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8624		}
8625
8626		lun->flags &= ~CTL_LUN_PR_RESERVED;
8627		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8628		lun->pr_res_type = 0;
8629		break;
8630
8631	case CTL_PR_PREEMPT:
8632		ctl_pro_preempt_other(lun, msg);
8633		break;
8634	case CTL_PR_CLEAR:
8635		lun->flags &= ~CTL_LUN_PR_RESERVED;
8636		lun->pr_res_type = 0;
8637		lun->pr_key_count = 0;
8638		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8639
8640		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8641			if (ctl_get_prkey(lun, i) == 0)
8642				continue;
8643			ctl_clr_prkey(lun, i);
8644			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8645		}
8646		lun->pr_generation++;
8647		break;
8648	}
8649
8650	mtx_unlock(&lun->lun_lock);
8651}
8652
8653int
8654ctl_read_write(struct ctl_scsiio *ctsio)
8655{
8656	struct ctl_lun *lun = CTL_LUN(ctsio);
8657	struct ctl_lba_len_flags *lbalen;
8658	uint64_t lba;
8659	uint32_t num_blocks;
8660	int flags, retval;
8661	int isread;
8662
8663	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8664
8665	flags = 0;
8666	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8667	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8668	switch (ctsio->cdb[0]) {
8669	case READ_6:
8670	case WRITE_6: {
8671		struct scsi_rw_6 *cdb;
8672
8673		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8674
8675		lba = scsi_3btoul(cdb->addr);
8676		/* only 5 bits are valid in the most significant address byte */
8677		lba &= 0x1fffff;
8678		num_blocks = cdb->length;
8679		/*
8680		 * This is correct according to SBC-2.
8681		 */
8682		if (num_blocks == 0)
8683			num_blocks = 256;
8684		break;
8685	}
8686	case READ_10:
8687	case WRITE_10: {
8688		struct scsi_rw_10 *cdb;
8689
8690		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8691		if (cdb->byte2 & SRW10_FUA)
8692			flags |= CTL_LLF_FUA;
8693		if (cdb->byte2 & SRW10_DPO)
8694			flags |= CTL_LLF_DPO;
8695		lba = scsi_4btoul(cdb->addr);
8696		num_blocks = scsi_2btoul(cdb->length);
8697		break;
8698	}
8699	case WRITE_VERIFY_10: {
8700		struct scsi_write_verify_10 *cdb;
8701
8702		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8703		flags |= CTL_LLF_FUA;
8704		if (cdb->byte2 & SWV_DPO)
8705			flags |= CTL_LLF_DPO;
8706		lba = scsi_4btoul(cdb->addr);
8707		num_blocks = scsi_2btoul(cdb->length);
8708		break;
8709	}
8710	case READ_12:
8711	case WRITE_12: {
8712		struct scsi_rw_12 *cdb;
8713
8714		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8715		if (cdb->byte2 & SRW12_FUA)
8716			flags |= CTL_LLF_FUA;
8717		if (cdb->byte2 & SRW12_DPO)
8718			flags |= CTL_LLF_DPO;
8719		lba = scsi_4btoul(cdb->addr);
8720		num_blocks = scsi_4btoul(cdb->length);
8721		break;
8722	}
8723	case WRITE_VERIFY_12: {
8724		struct scsi_write_verify_12 *cdb;
8725
8726		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8727		flags |= CTL_LLF_FUA;
8728		if (cdb->byte2 & SWV_DPO)
8729			flags |= CTL_LLF_DPO;
8730		lba = scsi_4btoul(cdb->addr);
8731		num_blocks = scsi_4btoul(cdb->length);
8732		break;
8733	}
8734	case READ_16:
8735	case WRITE_16: {
8736		struct scsi_rw_16 *cdb;
8737
8738		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8739		if (cdb->byte2 & SRW12_FUA)
8740			flags |= CTL_LLF_FUA;
8741		if (cdb->byte2 & SRW12_DPO)
8742			flags |= CTL_LLF_DPO;
8743		lba = scsi_8btou64(cdb->addr);
8744		num_blocks = scsi_4btoul(cdb->length);
8745		break;
8746	}
8747	case WRITE_ATOMIC_16: {
8748		struct scsi_write_atomic_16 *cdb;
8749
8750		if (lun->be_lun->atomicblock == 0) {
8751			ctl_set_invalid_opcode(ctsio);
8752			ctl_done((union ctl_io *)ctsio);
8753			return (CTL_RETVAL_COMPLETE);
8754		}
8755
8756		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8757		if (cdb->byte2 & SRW12_FUA)
8758			flags |= CTL_LLF_FUA;
8759		if (cdb->byte2 & SRW12_DPO)
8760			flags |= CTL_LLF_DPO;
8761		lba = scsi_8btou64(cdb->addr);
8762		num_blocks = scsi_2btoul(cdb->length);
8763		if (num_blocks > lun->be_lun->atomicblock) {
8764			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8765			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8766			    /*bit*/ 0);
8767			ctl_done((union ctl_io *)ctsio);
8768			return (CTL_RETVAL_COMPLETE);
8769		}
8770		break;
8771	}
8772	case WRITE_VERIFY_16: {
8773		struct scsi_write_verify_16 *cdb;
8774
8775		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8776		flags |= CTL_LLF_FUA;
8777		if (cdb->byte2 & SWV_DPO)
8778			flags |= CTL_LLF_DPO;
8779		lba = scsi_8btou64(cdb->addr);
8780		num_blocks = scsi_4btoul(cdb->length);
8781		break;
8782	}
8783	default:
8784		/*
8785		 * We got a command we don't support.  This shouldn't
8786		 * happen, commands should be filtered out above us.
8787		 */
8788		ctl_set_invalid_opcode(ctsio);
8789		ctl_done((union ctl_io *)ctsio);
8790
8791		return (CTL_RETVAL_COMPLETE);
8792		break; /* NOTREACHED */
8793	}
8794
8795	/*
8796	 * The first check is to make sure we're in bounds, the second
8797	 * check is to catch wrap-around problems.  If the lba + num blocks
8798	 * is less than the lba, then we've wrapped around and the block
8799	 * range is invalid anyway.
8800	 */
8801	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8802	 || ((lba + num_blocks) < lba)) {
8803		ctl_set_lba_out_of_range(ctsio,
8804		    MAX(lba, lun->be_lun->maxlba + 1));
8805		ctl_done((union ctl_io *)ctsio);
8806		return (CTL_RETVAL_COMPLETE);
8807	}
8808
8809	/*
8810	 * According to SBC-3, a transfer length of 0 is not an error.
8811	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8812	 * translates to 256 blocks for those commands.
8813	 */
8814	if (num_blocks == 0) {
8815		ctl_set_success(ctsio);
8816		ctl_done((union ctl_io *)ctsio);
8817		return (CTL_RETVAL_COMPLETE);
8818	}
8819
8820	/* Set FUA and/or DPO if caches are disabled. */
8821	if (isread) {
8822		if ((lun->MODE_CACHING.flags1 & SCP_RCD) != 0)
8823			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8824	} else {
8825		if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8826			flags |= CTL_LLF_FUA;
8827	}
8828
8829	lbalen = (struct ctl_lba_len_flags *)
8830	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8831	lbalen->lba = lba;
8832	lbalen->len = num_blocks;
8833	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8834
8835	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8836	ctsio->kern_rel_offset = 0;
8837
8838	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8839
8840	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8841	return (retval);
8842}
8843
8844static int
8845ctl_cnw_cont(union ctl_io *io)
8846{
8847	struct ctl_lun *lun = CTL_LUN(io);
8848	struct ctl_scsiio *ctsio;
8849	struct ctl_lba_len_flags *lbalen;
8850	int retval;
8851
8852	ctsio = &io->scsiio;
8853	ctsio->io_hdr.status = CTL_STATUS_NONE;
8854	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8855	lbalen = (struct ctl_lba_len_flags *)
8856	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8857	lbalen->flags &= ~CTL_LLF_COMPARE;
8858	lbalen->flags |= CTL_LLF_WRITE;
8859
8860	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8861	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8862	return (retval);
8863}
8864
8865int
8866ctl_cnw(struct ctl_scsiio *ctsio)
8867{
8868	struct ctl_lun *lun = CTL_LUN(ctsio);
8869	struct ctl_lba_len_flags *lbalen;
8870	uint64_t lba;
8871	uint32_t num_blocks;
8872	int flags, retval;
8873
8874	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8875
8876	flags = 0;
8877	switch (ctsio->cdb[0]) {
8878	case COMPARE_AND_WRITE: {
8879		struct scsi_compare_and_write *cdb;
8880
8881		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8882		if (cdb->byte2 & SRW10_FUA)
8883			flags |= CTL_LLF_FUA;
8884		if (cdb->byte2 & SRW10_DPO)
8885			flags |= CTL_LLF_DPO;
8886		lba = scsi_8btou64(cdb->addr);
8887		num_blocks = cdb->length;
8888		break;
8889	}
8890	default:
8891		/*
8892		 * We got a command we don't support.  This shouldn't
8893		 * happen, commands should be filtered out above us.
8894		 */
8895		ctl_set_invalid_opcode(ctsio);
8896		ctl_done((union ctl_io *)ctsio);
8897
8898		return (CTL_RETVAL_COMPLETE);
8899		break; /* NOTREACHED */
8900	}
8901
8902	/*
8903	 * The first check is to make sure we're in bounds, the second
8904	 * check is to catch wrap-around problems.  If the lba + num blocks
8905	 * is less than the lba, then we've wrapped around and the block
8906	 * range is invalid anyway.
8907	 */
8908	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8909	 || ((lba + num_blocks) < lba)) {
8910		ctl_set_lba_out_of_range(ctsio,
8911		    MAX(lba, lun->be_lun->maxlba + 1));
8912		ctl_done((union ctl_io *)ctsio);
8913		return (CTL_RETVAL_COMPLETE);
8914	}
8915
8916	/*
8917	 * According to SBC-3, a transfer length of 0 is not an error.
8918	 */
8919	if (num_blocks == 0) {
8920		ctl_set_success(ctsio);
8921		ctl_done((union ctl_io *)ctsio);
8922		return (CTL_RETVAL_COMPLETE);
8923	}
8924
8925	/* Set FUA if write cache is disabled. */
8926	if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8927		flags |= CTL_LLF_FUA;
8928
8929	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8930	ctsio->kern_rel_offset = 0;
8931
8932	/*
8933	 * Set the IO_CONT flag, so that if this I/O gets passed to
8934	 * ctl_data_submit_done(), it'll get passed back to
8935	 * ctl_ctl_cnw_cont() for further processing.
8936	 */
8937	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8938	ctsio->io_cont = ctl_cnw_cont;
8939
8940	lbalen = (struct ctl_lba_len_flags *)
8941	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8942	lbalen->lba = lba;
8943	lbalen->len = num_blocks;
8944	lbalen->flags = CTL_LLF_COMPARE | flags;
8945
8946	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8947	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8948	return (retval);
8949}
8950
8951int
8952ctl_verify(struct ctl_scsiio *ctsio)
8953{
8954	struct ctl_lun *lun = CTL_LUN(ctsio);
8955	struct ctl_lba_len_flags *lbalen;
8956	uint64_t lba;
8957	uint32_t num_blocks;
8958	int bytchk, flags;
8959	int retval;
8960
8961	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8962
8963	bytchk = 0;
8964	flags = CTL_LLF_FUA;
8965	switch (ctsio->cdb[0]) {
8966	case VERIFY_10: {
8967		struct scsi_verify_10 *cdb;
8968
8969		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8970		if (cdb->byte2 & SVFY_BYTCHK)
8971			bytchk = 1;
8972		if (cdb->byte2 & SVFY_DPO)
8973			flags |= CTL_LLF_DPO;
8974		lba = scsi_4btoul(cdb->addr);
8975		num_blocks = scsi_2btoul(cdb->length);
8976		break;
8977	}
8978	case VERIFY_12: {
8979		struct scsi_verify_12 *cdb;
8980
8981		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8982		if (cdb->byte2 & SVFY_BYTCHK)
8983			bytchk = 1;
8984		if (cdb->byte2 & SVFY_DPO)
8985			flags |= CTL_LLF_DPO;
8986		lba = scsi_4btoul(cdb->addr);
8987		num_blocks = scsi_4btoul(cdb->length);
8988		break;
8989	}
8990	case VERIFY_16: {
8991		struct scsi_rw_16 *cdb;
8992
8993		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8994		if (cdb->byte2 & SVFY_BYTCHK)
8995			bytchk = 1;
8996		if (cdb->byte2 & SVFY_DPO)
8997			flags |= CTL_LLF_DPO;
8998		lba = scsi_8btou64(cdb->addr);
8999		num_blocks = scsi_4btoul(cdb->length);
9000		break;
9001	}
9002	default:
9003		/*
9004		 * We got a command we don't support.  This shouldn't
9005		 * happen, commands should be filtered out above us.
9006		 */
9007		ctl_set_invalid_opcode(ctsio);
9008		ctl_done((union ctl_io *)ctsio);
9009		return (CTL_RETVAL_COMPLETE);
9010	}
9011
9012	/*
9013	 * The first check is to make sure we're in bounds, the second
9014	 * check is to catch wrap-around problems.  If the lba + num blocks
9015	 * is less than the lba, then we've wrapped around and the block
9016	 * range is invalid anyway.
9017	 */
9018	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9019	 || ((lba + num_blocks) < lba)) {
9020		ctl_set_lba_out_of_range(ctsio,
9021		    MAX(lba, lun->be_lun->maxlba + 1));
9022		ctl_done((union ctl_io *)ctsio);
9023		return (CTL_RETVAL_COMPLETE);
9024	}
9025
9026	/*
9027	 * According to SBC-3, a transfer length of 0 is not an error.
9028	 */
9029	if (num_blocks == 0) {
9030		ctl_set_success(ctsio);
9031		ctl_done((union ctl_io *)ctsio);
9032		return (CTL_RETVAL_COMPLETE);
9033	}
9034
9035	lbalen = (struct ctl_lba_len_flags *)
9036	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9037	lbalen->lba = lba;
9038	lbalen->len = num_blocks;
9039	if (bytchk) {
9040		lbalen->flags = CTL_LLF_COMPARE | flags;
9041		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9042	} else {
9043		lbalen->flags = CTL_LLF_VERIFY | flags;
9044		ctsio->kern_total_len = 0;
9045	}
9046	ctsio->kern_rel_offset = 0;
9047
9048	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9049	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9050	return (retval);
9051}
9052
9053int
9054ctl_report_luns(struct ctl_scsiio *ctsio)
9055{
9056	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9057	struct ctl_port *port = CTL_PORT(ctsio);
9058	struct ctl_lun *lun, *request_lun = CTL_LUN(ctsio);
9059	struct scsi_report_luns *cdb;
9060	struct scsi_report_luns_data *lun_data;
9061	int num_filled, num_luns, num_port_luns, retval;
9062	uint32_t alloc_len, lun_datalen;
9063	uint32_t initidx, targ_lun_id, lun_id;
9064
9065	retval = CTL_RETVAL_COMPLETE;
9066	cdb = (struct scsi_report_luns *)ctsio->cdb;
9067
9068	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9069
9070	num_luns = 0;
9071	num_port_luns = port->lun_map ? port->lun_map_size : ctl_max_luns;
9072	mtx_lock(&softc->ctl_lock);
9073	for (targ_lun_id = 0; targ_lun_id < num_port_luns; targ_lun_id++) {
9074		if (ctl_lun_map_from_port(port, targ_lun_id) != UINT32_MAX)
9075			num_luns++;
9076	}
9077	mtx_unlock(&softc->ctl_lock);
9078
9079	switch (cdb->select_report) {
9080	case RPL_REPORT_DEFAULT:
9081	case RPL_REPORT_ALL:
9082	case RPL_REPORT_NONSUBSID:
9083		break;
9084	case RPL_REPORT_WELLKNOWN:
9085	case RPL_REPORT_ADMIN:
9086	case RPL_REPORT_CONGLOM:
9087		num_luns = 0;
9088		break;
9089	default:
9090		ctl_set_invalid_field(ctsio,
9091				      /*sks_valid*/ 1,
9092				      /*command*/ 1,
9093				      /*field*/ 2,
9094				      /*bit_valid*/ 0,
9095				      /*bit*/ 0);
9096		ctl_done((union ctl_io *)ctsio);
9097		return (retval);
9098		break; /* NOTREACHED */
9099	}
9100
9101	alloc_len = scsi_4btoul(cdb->length);
9102	/*
9103	 * The initiator has to allocate at least 16 bytes for this request,
9104	 * so he can at least get the header and the first LUN.  Otherwise
9105	 * we reject the request (per SPC-3 rev 14, section 6.21).
9106	 */
9107	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9108	    sizeof(struct scsi_report_luns_lundata))) {
9109		ctl_set_invalid_field(ctsio,
9110				      /*sks_valid*/ 1,
9111				      /*command*/ 1,
9112				      /*field*/ 6,
9113				      /*bit_valid*/ 0,
9114				      /*bit*/ 0);
9115		ctl_done((union ctl_io *)ctsio);
9116		return (retval);
9117	}
9118
9119	lun_datalen = sizeof(*lun_data) +
9120		(num_luns * sizeof(struct scsi_report_luns_lundata));
9121
9122	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9123	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9124	ctsio->kern_sg_entries = 0;
9125
9126	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9127
9128	mtx_lock(&softc->ctl_lock);
9129	for (targ_lun_id = 0, num_filled = 0;
9130	    targ_lun_id < num_port_luns && num_filled < num_luns;
9131	    targ_lun_id++) {
9132		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9133		if (lun_id == UINT32_MAX)
9134			continue;
9135		lun = softc->ctl_luns[lun_id];
9136		if (lun == NULL)
9137			continue;
9138
9139		be64enc(lun_data->luns[num_filled++].lundata,
9140		    ctl_encode_lun(targ_lun_id));
9141
9142		/*
9143		 * According to SPC-3, rev 14 section 6.21:
9144		 *
9145		 * "The execution of a REPORT LUNS command to any valid and
9146		 * installed logical unit shall clear the REPORTED LUNS DATA
9147		 * HAS CHANGED unit attention condition for all logical
9148		 * units of that target with respect to the requesting
9149		 * initiator. A valid and installed logical unit is one
9150		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9151		 * INQUIRY data (see 6.4.2)."
9152		 *
9153		 * If request_lun is NULL, the LUN this report luns command
9154		 * was issued to is either disabled or doesn't exist. In that
9155		 * case, we shouldn't clear any pending lun change unit
9156		 * attention.
9157		 */
9158		if (request_lun != NULL) {
9159			mtx_lock(&lun->lun_lock);
9160			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9161			mtx_unlock(&lun->lun_lock);
9162		}
9163	}
9164	mtx_unlock(&softc->ctl_lock);
9165
9166	/*
9167	 * It's quite possible that we've returned fewer LUNs than we allocated
9168	 * space for.  Trim it.
9169	 */
9170	lun_datalen = sizeof(*lun_data) +
9171		(num_filled * sizeof(struct scsi_report_luns_lundata));
9172	ctsio->kern_rel_offset = 0;
9173	ctsio->kern_sg_entries = 0;
9174	ctsio->kern_data_len = min(lun_datalen, alloc_len);
9175	ctsio->kern_total_len = ctsio->kern_data_len;
9176
9177	/*
9178	 * We set this to the actual data length, regardless of how much
9179	 * space we actually have to return results.  If the user looks at
9180	 * this value, he'll know whether or not he allocated enough space
9181	 * and reissue the command if necessary.  We don't support well
9182	 * known logical units, so if the user asks for that, return none.
9183	 */
9184	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9185
9186	/*
9187	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9188	 * this request.
9189	 */
9190	ctl_set_success(ctsio);
9191	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9192	ctsio->be_move_done = ctl_config_move_done;
9193	ctl_datamove((union ctl_io *)ctsio);
9194	return (retval);
9195}
9196
9197int
9198ctl_request_sense(struct ctl_scsiio *ctsio)
9199{
9200	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9201	struct ctl_lun *lun = CTL_LUN(ctsio);
9202	struct scsi_request_sense *cdb;
9203	struct scsi_sense_data *sense_ptr, *ps;
9204	uint32_t initidx;
9205	int have_error;
9206	u_int sense_len = SSD_FULL_SIZE;
9207	scsi_sense_data_type sense_format;
9208	ctl_ua_type ua_type;
9209	uint8_t asc = 0, ascq = 0;
9210
9211	cdb = (struct scsi_request_sense *)ctsio->cdb;
9212
9213	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9214
9215	/*
9216	 * Determine which sense format the user wants.
9217	 */
9218	if (cdb->byte2 & SRS_DESC)
9219		sense_format = SSD_TYPE_DESC;
9220	else
9221		sense_format = SSD_TYPE_FIXED;
9222
9223	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9224	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9225	ctsio->kern_sg_entries = 0;
9226	ctsio->kern_rel_offset = 0;
9227
9228	/*
9229	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9230	 * larger than the largest allowed value for the length field in the
9231	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9232	 */
9233	ctsio->kern_data_len = cdb->length;
9234	ctsio->kern_total_len = cdb->length;
9235
9236	/*
9237	 * If we don't have a LUN, we don't have any pending sense.
9238	 */
9239	if (lun == NULL ||
9240	    ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
9241	     softc->ha_link < CTL_HA_LINK_UNKNOWN)) {
9242		/* "Logical unit not supported" */
9243		ctl_set_sense_data(sense_ptr, &sense_len, NULL, sense_format,
9244		    /*current_error*/ 1,
9245		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
9246		    /*asc*/ 0x25,
9247		    /*ascq*/ 0x00,
9248		    SSD_ELEM_NONE);
9249		goto send;
9250	}
9251
9252	have_error = 0;
9253	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9254	/*
9255	 * Check for pending sense, and then for pending unit attentions.
9256	 * Pending sense gets returned first, then pending unit attentions.
9257	 */
9258	mtx_lock(&lun->lun_lock);
9259	ps = lun->pending_sense[initidx / CTL_MAX_INIT_PER_PORT];
9260	if (ps != NULL)
9261		ps += initidx % CTL_MAX_INIT_PER_PORT;
9262	if (ps != NULL && ps->error_code != 0) {
9263		scsi_sense_data_type stored_format;
9264
9265		/*
9266		 * Check to see which sense format was used for the stored
9267		 * sense data.
9268		 */
9269		stored_format = scsi_sense_type(ps);
9270
9271		/*
9272		 * If the user requested a different sense format than the
9273		 * one we stored, then we need to convert it to the other
9274		 * format.  If we're going from descriptor to fixed format
9275		 * sense data, we may lose things in translation, depending
9276		 * on what options were used.
9277		 *
9278		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9279		 * for some reason we'll just copy it out as-is.
9280		 */
9281		if ((stored_format == SSD_TYPE_FIXED)
9282		 && (sense_format == SSD_TYPE_DESC))
9283			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9284			    ps, (struct scsi_sense_data_desc *)sense_ptr);
9285		else if ((stored_format == SSD_TYPE_DESC)
9286		      && (sense_format == SSD_TYPE_FIXED))
9287			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9288			    ps, (struct scsi_sense_data_fixed *)sense_ptr);
9289		else
9290			memcpy(sense_ptr, ps, sizeof(*sense_ptr));
9291
9292		ps->error_code = 0;
9293		have_error = 1;
9294	} else {
9295		ua_type = ctl_build_ua(lun, initidx, sense_ptr, &sense_len,
9296		    sense_format);
9297		if (ua_type != CTL_UA_NONE)
9298			have_error = 1;
9299	}
9300	if (have_error == 0) {
9301		/*
9302		 * Report informational exception if have one and allowed.
9303		 */
9304		if (lun->MODE_IE.mrie != SIEP_MRIE_NO) {
9305			asc = lun->ie_asc;
9306			ascq = lun->ie_ascq;
9307		}
9308		ctl_set_sense_data(sense_ptr, &sense_len, lun, sense_format,
9309		    /*current_error*/ 1,
9310		    /*sense_key*/ SSD_KEY_NO_SENSE,
9311		    /*asc*/ asc,
9312		    /*ascq*/ ascq,
9313		    SSD_ELEM_NONE);
9314	}
9315	mtx_unlock(&lun->lun_lock);
9316
9317send:
9318	/*
9319	 * We report the SCSI status as OK, since the status of the command
9320	 * itself is OK.  We're reporting sense as parameter data.
9321	 */
9322	ctl_set_success(ctsio);
9323	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9324	ctsio->be_move_done = ctl_config_move_done;
9325	ctl_datamove((union ctl_io *)ctsio);
9326	return (CTL_RETVAL_COMPLETE);
9327}
9328
9329int
9330ctl_tur(struct ctl_scsiio *ctsio)
9331{
9332
9333	CTL_DEBUG_PRINT(("ctl_tur\n"));
9334
9335	ctl_set_success(ctsio);
9336	ctl_done((union ctl_io *)ctsio);
9337
9338	return (CTL_RETVAL_COMPLETE);
9339}
9340
9341/*
9342 * SCSI VPD page 0x00, the Supported VPD Pages page.
9343 */
9344static int
9345ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9346{
9347	struct ctl_lun *lun = CTL_LUN(ctsio);
9348	struct scsi_vpd_supported_pages *pages;
9349	int sup_page_size;
9350	int p;
9351
9352	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9353	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9354	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9355	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9356	ctsio->kern_rel_offset = 0;
9357	ctsio->kern_sg_entries = 0;
9358	ctsio->kern_data_len = min(sup_page_size, alloc_len);
9359	ctsio->kern_total_len = ctsio->kern_data_len;
9360
9361	/*
9362	 * The control device is always connected.  The disk device, on the
9363	 * other hand, may not be online all the time.  Need to change this
9364	 * to figure out whether the disk device is actually online or not.
9365	 */
9366	if (lun != NULL)
9367		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9368				lun->be_lun->lun_type;
9369	else
9370		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9371
9372	p = 0;
9373	/* Supported VPD pages */
9374	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9375	/* Serial Number */
9376	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9377	/* Device Identification */
9378	pages->page_list[p++] = SVPD_DEVICE_ID;
9379	/* Extended INQUIRY Data */
9380	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9381	/* Mode Page Policy */
9382	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9383	/* SCSI Ports */
9384	pages->page_list[p++] = SVPD_SCSI_PORTS;
9385	/* Third-party Copy */
9386	pages->page_list[p++] = SVPD_SCSI_TPC;
9387	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9388		/* Block limits */
9389		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9390		/* Block Device Characteristics */
9391		pages->page_list[p++] = SVPD_BDC;
9392		/* Logical Block Provisioning */
9393		pages->page_list[p++] = SVPD_LBP;
9394	}
9395	pages->length = p;
9396
9397	ctl_set_success(ctsio);
9398	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9399	ctsio->be_move_done = ctl_config_move_done;
9400	ctl_datamove((union ctl_io *)ctsio);
9401	return (CTL_RETVAL_COMPLETE);
9402}
9403
9404/*
9405 * SCSI VPD page 0x80, the Unit Serial Number page.
9406 */
9407static int
9408ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9409{
9410	struct ctl_lun *lun = CTL_LUN(ctsio);
9411	struct scsi_vpd_unit_serial_number *sn_ptr;
9412	int data_len;
9413
9414	data_len = 4 + CTL_SN_LEN;
9415	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9416	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9417	ctsio->kern_rel_offset = 0;
9418	ctsio->kern_sg_entries = 0;
9419	ctsio->kern_data_len = min(data_len, alloc_len);
9420	ctsio->kern_total_len = ctsio->kern_data_len;
9421
9422	/*
9423	 * The control device is always connected.  The disk device, on the
9424	 * other hand, may not be online all the time.  Need to change this
9425	 * to figure out whether the disk device is actually online or not.
9426	 */
9427	if (lun != NULL)
9428		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9429				  lun->be_lun->lun_type;
9430	else
9431		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9432
9433	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9434	sn_ptr->length = CTL_SN_LEN;
9435	/*
9436	 * If we don't have a LUN, we just leave the serial number as
9437	 * all spaces.
9438	 */
9439	if (lun != NULL) {
9440		strncpy((char *)sn_ptr->serial_num,
9441			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9442	} else
9443		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9444
9445	ctl_set_success(ctsio);
9446	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9447	ctsio->be_move_done = ctl_config_move_done;
9448	ctl_datamove((union ctl_io *)ctsio);
9449	return (CTL_RETVAL_COMPLETE);
9450}
9451
9452
9453/*
9454 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9455 */
9456static int
9457ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9458{
9459	struct ctl_lun *lun = CTL_LUN(ctsio);
9460	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9461	int data_len;
9462
9463	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9464	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9465	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9466	ctsio->kern_sg_entries = 0;
9467	ctsio->kern_rel_offset = 0;
9468	ctsio->kern_data_len = min(data_len, alloc_len);
9469	ctsio->kern_total_len = ctsio->kern_data_len;
9470
9471	/*
9472	 * The control device is always connected.  The disk device, on the
9473	 * other hand, may not be online all the time.
9474	 */
9475	if (lun != NULL)
9476		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9477				     lun->be_lun->lun_type;
9478	else
9479		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9480	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9481	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9482	/*
9483	 * We support head of queue, ordered and simple tags.
9484	 */
9485	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9486	/*
9487	 * Volatile cache supported.
9488	 */
9489	eid_ptr->flags3 = SVPD_EID_V_SUP;
9490
9491	/*
9492	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9493	 * attention for a particular IT nexus on all LUNs once we report
9494	 * it to that nexus once.  This bit is required as of SPC-4.
9495	 */
9496	eid_ptr->flags4 = SVPD_EID_LUICLR;
9497
9498	/*
9499	 * We support revert to defaults (RTD) bit in MODE SELECT.
9500	 */
9501	eid_ptr->flags5 = SVPD_EID_RTD_SUP;
9502
9503	/*
9504	 * XXX KDM in order to correctly answer this, we would need
9505	 * information from the SIM to determine how much sense data it
9506	 * can send.  So this would really be a path inquiry field, most
9507	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9508	 * but the hardware may or may not be able to support that much.
9509	 * 0 just means that the maximum sense data length is not reported.
9510	 */
9511	eid_ptr->max_sense_length = 0;
9512
9513	ctl_set_success(ctsio);
9514	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9515	ctsio->be_move_done = ctl_config_move_done;
9516	ctl_datamove((union ctl_io *)ctsio);
9517	return (CTL_RETVAL_COMPLETE);
9518}
9519
9520static int
9521ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9522{
9523	struct ctl_lun *lun = CTL_LUN(ctsio);
9524	struct scsi_vpd_mode_page_policy *mpp_ptr;
9525	int data_len;
9526
9527	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9528	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9529
9530	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9531	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9532	ctsio->kern_rel_offset = 0;
9533	ctsio->kern_sg_entries = 0;
9534	ctsio->kern_data_len = min(data_len, alloc_len);
9535	ctsio->kern_total_len = ctsio->kern_data_len;
9536
9537	/*
9538	 * The control device is always connected.  The disk device, on the
9539	 * other hand, may not be online all the time.
9540	 */
9541	if (lun != NULL)
9542		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9543				     lun->be_lun->lun_type;
9544	else
9545		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9546	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9547	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9548	mpp_ptr->descr[0].page_code = 0x3f;
9549	mpp_ptr->descr[0].subpage_code = 0xff;
9550	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9551
9552	ctl_set_success(ctsio);
9553	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9554	ctsio->be_move_done = ctl_config_move_done;
9555	ctl_datamove((union ctl_io *)ctsio);
9556	return (CTL_RETVAL_COMPLETE);
9557}
9558
9559/*
9560 * SCSI VPD page 0x83, the Device Identification page.
9561 */
9562static int
9563ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9564{
9565	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9566	struct ctl_port *port = CTL_PORT(ctsio);
9567	struct ctl_lun *lun = CTL_LUN(ctsio);
9568	struct scsi_vpd_device_id *devid_ptr;
9569	struct scsi_vpd_id_descriptor *desc;
9570	int data_len, g;
9571	uint8_t proto;
9572
9573	data_len = sizeof(struct scsi_vpd_device_id) +
9574	    sizeof(struct scsi_vpd_id_descriptor) +
9575		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9576	    sizeof(struct scsi_vpd_id_descriptor) +
9577		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9578	if (lun && lun->lun_devid)
9579		data_len += lun->lun_devid->len;
9580	if (port && port->port_devid)
9581		data_len += port->port_devid->len;
9582	if (port && port->target_devid)
9583		data_len += port->target_devid->len;
9584
9585	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9586	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9587	ctsio->kern_sg_entries = 0;
9588	ctsio->kern_rel_offset = 0;
9589	ctsio->kern_sg_entries = 0;
9590	ctsio->kern_data_len = min(data_len, alloc_len);
9591	ctsio->kern_total_len = ctsio->kern_data_len;
9592
9593	/*
9594	 * The control device is always connected.  The disk device, on the
9595	 * other hand, may not be online all the time.
9596	 */
9597	if (lun != NULL)
9598		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9599				     lun->be_lun->lun_type;
9600	else
9601		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9602	devid_ptr->page_code = SVPD_DEVICE_ID;
9603	scsi_ulto2b(data_len - 4, devid_ptr->length);
9604
9605	if (port && port->port_type == CTL_PORT_FC)
9606		proto = SCSI_PROTO_FC << 4;
9607	else if (port && port->port_type == CTL_PORT_SAS)
9608		proto = SCSI_PROTO_SAS << 4;
9609	else if (port && port->port_type == CTL_PORT_ISCSI)
9610		proto = SCSI_PROTO_ISCSI << 4;
9611	else
9612		proto = SCSI_PROTO_SPI << 4;
9613	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9614
9615	/*
9616	 * We're using a LUN association here.  i.e., this device ID is a
9617	 * per-LUN identifier.
9618	 */
9619	if (lun && lun->lun_devid) {
9620		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9621		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9622		    lun->lun_devid->len);
9623	}
9624
9625	/*
9626	 * This is for the WWPN which is a port association.
9627	 */
9628	if (port && port->port_devid) {
9629		memcpy(desc, port->port_devid->data, port->port_devid->len);
9630		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9631		    port->port_devid->len);
9632	}
9633
9634	/*
9635	 * This is for the Relative Target Port(type 4h) identifier
9636	 */
9637	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9638	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9639	    SVPD_ID_TYPE_RELTARG;
9640	desc->length = 4;
9641	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9642	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9643	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9644
9645	/*
9646	 * This is for the Target Port Group(type 5h) identifier
9647	 */
9648	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9649	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9650	    SVPD_ID_TYPE_TPORTGRP;
9651	desc->length = 4;
9652	if (softc->is_single ||
9653	    (port && port->status & CTL_PORT_STATUS_HA_SHARED))
9654		g = 1;
9655	else
9656		g = 2 + ctsio->io_hdr.nexus.targ_port / softc->port_cnt;
9657	scsi_ulto2b(g, &desc->identifier[2]);
9658	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9659	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9660
9661	/*
9662	 * This is for the Target identifier
9663	 */
9664	if (port && port->target_devid) {
9665		memcpy(desc, port->target_devid->data, port->target_devid->len);
9666	}
9667
9668	ctl_set_success(ctsio);
9669	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9670	ctsio->be_move_done = ctl_config_move_done;
9671	ctl_datamove((union ctl_io *)ctsio);
9672	return (CTL_RETVAL_COMPLETE);
9673}
9674
9675static int
9676ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9677{
9678	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9679	struct ctl_lun *lun = CTL_LUN(ctsio);
9680	struct scsi_vpd_scsi_ports *sp;
9681	struct scsi_vpd_port_designation *pd;
9682	struct scsi_vpd_port_designation_cont *pdc;
9683	struct ctl_port *port;
9684	int data_len, num_target_ports, iid_len, id_len;
9685
9686	num_target_ports = 0;
9687	iid_len = 0;
9688	id_len = 0;
9689	mtx_lock(&softc->ctl_lock);
9690	STAILQ_FOREACH(port, &softc->port_list, links) {
9691		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9692			continue;
9693		if (lun != NULL &&
9694		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
9695			continue;
9696		num_target_ports++;
9697		if (port->init_devid)
9698			iid_len += port->init_devid->len;
9699		if (port->port_devid)
9700			id_len += port->port_devid->len;
9701	}
9702	mtx_unlock(&softc->ctl_lock);
9703
9704	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9705	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9706	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9707	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9708	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9709	ctsio->kern_sg_entries = 0;
9710	ctsio->kern_rel_offset = 0;
9711	ctsio->kern_sg_entries = 0;
9712	ctsio->kern_data_len = min(data_len, alloc_len);
9713	ctsio->kern_total_len = ctsio->kern_data_len;
9714
9715	/*
9716	 * The control device is always connected.  The disk device, on the
9717	 * other hand, may not be online all the time.  Need to change this
9718	 * to figure out whether the disk device is actually online or not.
9719	 */
9720	if (lun != NULL)
9721		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9722				  lun->be_lun->lun_type;
9723	else
9724		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9725
9726	sp->page_code = SVPD_SCSI_PORTS;
9727	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9728	    sp->page_length);
9729	pd = &sp->design[0];
9730
9731	mtx_lock(&softc->ctl_lock);
9732	STAILQ_FOREACH(port, &softc->port_list, links) {
9733		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9734			continue;
9735		if (lun != NULL &&
9736		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
9737			continue;
9738		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9739		if (port->init_devid) {
9740			iid_len = port->init_devid->len;
9741			memcpy(pd->initiator_transportid,
9742			    port->init_devid->data, port->init_devid->len);
9743		} else
9744			iid_len = 0;
9745		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9746		pdc = (struct scsi_vpd_port_designation_cont *)
9747		    (&pd->initiator_transportid[iid_len]);
9748		if (port->port_devid) {
9749			id_len = port->port_devid->len;
9750			memcpy(pdc->target_port_descriptors,
9751			    port->port_devid->data, port->port_devid->len);
9752		} else
9753			id_len = 0;
9754		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9755		pd = (struct scsi_vpd_port_designation *)
9756		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9757	}
9758	mtx_unlock(&softc->ctl_lock);
9759
9760	ctl_set_success(ctsio);
9761	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9762	ctsio->be_move_done = ctl_config_move_done;
9763	ctl_datamove((union ctl_io *)ctsio);
9764	return (CTL_RETVAL_COMPLETE);
9765}
9766
9767static int
9768ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9769{
9770	struct ctl_lun *lun = CTL_LUN(ctsio);
9771	struct scsi_vpd_block_limits *bl_ptr;
9772	uint64_t ival;
9773
9774	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9775	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9776	ctsio->kern_sg_entries = 0;
9777	ctsio->kern_rel_offset = 0;
9778	ctsio->kern_sg_entries = 0;
9779	ctsio->kern_data_len = min(sizeof(*bl_ptr), alloc_len);
9780	ctsio->kern_total_len = ctsio->kern_data_len;
9781
9782	/*
9783	 * The control device is always connected.  The disk device, on the
9784	 * other hand, may not be online all the time.  Need to change this
9785	 * to figure out whether the disk device is actually online or not.
9786	 */
9787	if (lun != NULL)
9788		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9789				  lun->be_lun->lun_type;
9790	else
9791		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9792
9793	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9794	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9795	bl_ptr->max_cmp_write_len = 0xff;
9796	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9797	if (lun != NULL) {
9798		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9799		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9800			ival = 0xffffffff;
9801			ctl_get_opt_number(&lun->be_lun->options,
9802			    "unmap_max_lba", &ival);
9803			scsi_ulto4b(ival, bl_ptr->max_unmap_lba_cnt);
9804			ival = 0xffffffff;
9805			ctl_get_opt_number(&lun->be_lun->options,
9806			    "unmap_max_descr", &ival);
9807			scsi_ulto4b(ival, bl_ptr->max_unmap_blk_cnt);
9808			if (lun->be_lun->ublockexp != 0) {
9809				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9810				    bl_ptr->opt_unmap_grain);
9811				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9812				    bl_ptr->unmap_grain_align);
9813			}
9814		}
9815		scsi_ulto4b(lun->be_lun->atomicblock,
9816		    bl_ptr->max_atomic_transfer_length);
9817		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9818		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9819		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9820		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9821		ival = UINT64_MAX;
9822		ctl_get_opt_number(&lun->be_lun->options, "write_same_max_lba", &ival);
9823		scsi_u64to8b(ival, bl_ptr->max_write_same_length);
9824	}
9825
9826	ctl_set_success(ctsio);
9827	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9828	ctsio->be_move_done = ctl_config_move_done;
9829	ctl_datamove((union ctl_io *)ctsio);
9830	return (CTL_RETVAL_COMPLETE);
9831}
9832
9833static int
9834ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9835{
9836	struct ctl_lun *lun = CTL_LUN(ctsio);
9837	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9838	const char *value;
9839	u_int i;
9840
9841	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9842	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9843	ctsio->kern_sg_entries = 0;
9844	ctsio->kern_rel_offset = 0;
9845	ctsio->kern_data_len = min(sizeof(*bdc_ptr), alloc_len);
9846	ctsio->kern_total_len = ctsio->kern_data_len;
9847
9848	/*
9849	 * The control device is always connected.  The disk device, on the
9850	 * other hand, may not be online all the time.  Need to change this
9851	 * to figure out whether the disk device is actually online or not.
9852	 */
9853	if (lun != NULL)
9854		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9855				  lun->be_lun->lun_type;
9856	else
9857		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9858	bdc_ptr->page_code = SVPD_BDC;
9859	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9860	if (lun != NULL &&
9861	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9862		i = strtol(value, NULL, 0);
9863	else
9864		i = CTL_DEFAULT_ROTATION_RATE;
9865	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9866	if (lun != NULL &&
9867	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9868		i = strtol(value, NULL, 0);
9869	else
9870		i = 0;
9871	bdc_ptr->wab_wac_ff = (i & 0x0f);
9872	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9873
9874	ctl_set_success(ctsio);
9875	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9876	ctsio->be_move_done = ctl_config_move_done;
9877	ctl_datamove((union ctl_io *)ctsio);
9878	return (CTL_RETVAL_COMPLETE);
9879}
9880
9881static int
9882ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9883{
9884	struct ctl_lun *lun = CTL_LUN(ctsio);
9885	struct scsi_vpd_logical_block_prov *lbp_ptr;
9886	const char *value;
9887
9888	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9889	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9890	ctsio->kern_sg_entries = 0;
9891	ctsio->kern_rel_offset = 0;
9892	ctsio->kern_data_len = min(sizeof(*lbp_ptr), alloc_len);
9893	ctsio->kern_total_len = ctsio->kern_data_len;
9894
9895	/*
9896	 * The control device is always connected.  The disk device, on the
9897	 * other hand, may not be online all the time.  Need to change this
9898	 * to figure out whether the disk device is actually online or not.
9899	 */
9900	if (lun != NULL)
9901		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9902				  lun->be_lun->lun_type;
9903	else
9904		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9905
9906	lbp_ptr->page_code = SVPD_LBP;
9907	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9908	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9909	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9910		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9911		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9912		value = ctl_get_opt(&lun->be_lun->options, "provisioning_type");
9913		if (value != NULL) {
9914			if (strcmp(value, "resource") == 0)
9915				lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
9916			else if (strcmp(value, "thin") == 0)
9917				lbp_ptr->prov_type = SVPD_LBP_THIN;
9918		} else
9919			lbp_ptr->prov_type = SVPD_LBP_THIN;
9920	}
9921
9922	ctl_set_success(ctsio);
9923	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9924	ctsio->be_move_done = ctl_config_move_done;
9925	ctl_datamove((union ctl_io *)ctsio);
9926	return (CTL_RETVAL_COMPLETE);
9927}
9928
9929/*
9930 * INQUIRY with the EVPD bit set.
9931 */
9932static int
9933ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9934{
9935	struct ctl_lun *lun = CTL_LUN(ctsio);
9936	struct scsi_inquiry *cdb;
9937	int alloc_len, retval;
9938
9939	cdb = (struct scsi_inquiry *)ctsio->cdb;
9940	alloc_len = scsi_2btoul(cdb->length);
9941
9942	switch (cdb->page_code) {
9943	case SVPD_SUPPORTED_PAGES:
9944		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9945		break;
9946	case SVPD_UNIT_SERIAL_NUMBER:
9947		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9948		break;
9949	case SVPD_DEVICE_ID:
9950		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9951		break;
9952	case SVPD_EXTENDED_INQUIRY_DATA:
9953		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9954		break;
9955	case SVPD_MODE_PAGE_POLICY:
9956		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9957		break;
9958	case SVPD_SCSI_PORTS:
9959		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9960		break;
9961	case SVPD_SCSI_TPC:
9962		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9963		break;
9964	case SVPD_BLOCK_LIMITS:
9965		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9966			goto err;
9967		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9968		break;
9969	case SVPD_BDC:
9970		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9971			goto err;
9972		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9973		break;
9974	case SVPD_LBP:
9975		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9976			goto err;
9977		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9978		break;
9979	default:
9980err:
9981		ctl_set_invalid_field(ctsio,
9982				      /*sks_valid*/ 1,
9983				      /*command*/ 1,
9984				      /*field*/ 2,
9985				      /*bit_valid*/ 0,
9986				      /*bit*/ 0);
9987		ctl_done((union ctl_io *)ctsio);
9988		retval = CTL_RETVAL_COMPLETE;
9989		break;
9990	}
9991
9992	return (retval);
9993}
9994
9995/*
9996 * Standard INQUIRY data.
9997 */
9998static int
9999ctl_inquiry_std(struct ctl_scsiio *ctsio)
10000{
10001	struct ctl_softc *softc = CTL_SOFTC(ctsio);
10002	struct ctl_port *port = CTL_PORT(ctsio);
10003	struct ctl_lun *lun = CTL_LUN(ctsio);
10004	struct scsi_inquiry_data *inq_ptr;
10005	struct scsi_inquiry *cdb;
10006	char *val;
10007	uint32_t alloc_len, data_len;
10008	ctl_port_type port_type;
10009
10010	port_type = port->port_type;
10011	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10012		port_type = CTL_PORT_SCSI;
10013
10014	cdb = (struct scsi_inquiry *)ctsio->cdb;
10015	alloc_len = scsi_2btoul(cdb->length);
10016
10017	/*
10018	 * We malloc the full inquiry data size here and fill it
10019	 * in.  If the user only asks for less, we'll give him
10020	 * that much.
10021	 */
10022	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10023	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10024	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10025	ctsio->kern_sg_entries = 0;
10026	ctsio->kern_rel_offset = 0;
10027	ctsio->kern_data_len = min(data_len, alloc_len);
10028	ctsio->kern_total_len = ctsio->kern_data_len;
10029
10030	if (lun != NULL) {
10031		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10032		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10033			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10034			    lun->be_lun->lun_type;
10035		} else {
10036			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10037			    lun->be_lun->lun_type;
10038		}
10039		if (lun->flags & CTL_LUN_REMOVABLE)
10040			inq_ptr->dev_qual2 |= SID_RMB;
10041	} else
10042		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10043
10044	/* RMB in byte 2 is 0 */
10045	inq_ptr->version = SCSI_REV_SPC5;
10046
10047	/*
10048	 * According to SAM-3, even if a device only supports a single
10049	 * level of LUN addressing, it should still set the HISUP bit:
10050	 *
10051	 * 4.9.1 Logical unit numbers overview
10052	 *
10053	 * All logical unit number formats described in this standard are
10054	 * hierarchical in structure even when only a single level in that
10055	 * hierarchy is used. The HISUP bit shall be set to one in the
10056	 * standard INQUIRY data (see SPC-2) when any logical unit number
10057	 * format described in this standard is used.  Non-hierarchical
10058	 * formats are outside the scope of this standard.
10059	 *
10060	 * Therefore we set the HiSup bit here.
10061	 *
10062	 * The response format is 2, per SPC-3.
10063	 */
10064	inq_ptr->response_format = SID_HiSup | 2;
10065
10066	inq_ptr->additional_length = data_len -
10067	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10068	CTL_DEBUG_PRINT(("additional_length = %d\n",
10069			 inq_ptr->additional_length));
10070
10071	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10072	if (port_type == CTL_PORT_SCSI)
10073		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10074	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10075	inq_ptr->flags = SID_CmdQue;
10076	if (port_type == CTL_PORT_SCSI)
10077		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10078
10079	/*
10080	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10081	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10082	 * name and 4 bytes for the revision.
10083	 */
10084	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10085	    "vendor")) == NULL) {
10086		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10087	} else {
10088		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10089		strncpy(inq_ptr->vendor, val,
10090		    min(sizeof(inq_ptr->vendor), strlen(val)));
10091	}
10092	if (lun == NULL) {
10093		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10094		    sizeof(inq_ptr->product));
10095	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10096		switch (lun->be_lun->lun_type) {
10097		case T_DIRECT:
10098			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10099			    sizeof(inq_ptr->product));
10100			break;
10101		case T_PROCESSOR:
10102			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10103			    sizeof(inq_ptr->product));
10104			break;
10105		case T_CDROM:
10106			strncpy(inq_ptr->product, CTL_CDROM_PRODUCT,
10107			    sizeof(inq_ptr->product));
10108			break;
10109		default:
10110			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10111			    sizeof(inq_ptr->product));
10112			break;
10113		}
10114	} else {
10115		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10116		strncpy(inq_ptr->product, val,
10117		    min(sizeof(inq_ptr->product), strlen(val)));
10118	}
10119
10120	/*
10121	 * XXX make this a macro somewhere so it automatically gets
10122	 * incremented when we make changes.
10123	 */
10124	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10125	    "revision")) == NULL) {
10126		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10127	} else {
10128		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10129		strncpy(inq_ptr->revision, val,
10130		    min(sizeof(inq_ptr->revision), strlen(val)));
10131	}
10132
10133	/*
10134	 * For parallel SCSI, we support double transition and single
10135	 * transition clocking.  We also support QAS (Quick Arbitration
10136	 * and Selection) and Information Unit transfers on both the
10137	 * control and array devices.
10138	 */
10139	if (port_type == CTL_PORT_SCSI)
10140		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10141				    SID_SPI_IUS;
10142
10143	/* SAM-6 (no version claimed) */
10144	scsi_ulto2b(0x00C0, inq_ptr->version1);
10145	/* SPC-5 (no version claimed) */
10146	scsi_ulto2b(0x05C0, inq_ptr->version2);
10147	if (port_type == CTL_PORT_FC) {
10148		/* FCP-2 ANSI INCITS.350:2003 */
10149		scsi_ulto2b(0x0917, inq_ptr->version3);
10150	} else if (port_type == CTL_PORT_SCSI) {
10151		/* SPI-4 ANSI INCITS.362:200x */
10152		scsi_ulto2b(0x0B56, inq_ptr->version3);
10153	} else if (port_type == CTL_PORT_ISCSI) {
10154		/* iSCSI (no version claimed) */
10155		scsi_ulto2b(0x0960, inq_ptr->version3);
10156	} else if (port_type == CTL_PORT_SAS) {
10157		/* SAS (no version claimed) */
10158		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10159	} else if (port_type == CTL_PORT_UMASS) {
10160		/* USB Mass Storage Class Bulk-Only Transport, Revision 1.0 */
10161		scsi_ulto2b(0x1730, inq_ptr->version3);
10162	}
10163
10164	if (lun == NULL) {
10165		/* SBC-4 (no version claimed) */
10166		scsi_ulto2b(0x0600, inq_ptr->version4);
10167	} else {
10168		switch (lun->be_lun->lun_type) {
10169		case T_DIRECT:
10170			/* SBC-4 (no version claimed) */
10171			scsi_ulto2b(0x0600, inq_ptr->version4);
10172			break;
10173		case T_PROCESSOR:
10174			break;
10175		case T_CDROM:
10176			/* MMC-6 (no version claimed) */
10177			scsi_ulto2b(0x04E0, inq_ptr->version4);
10178			break;
10179		default:
10180			break;
10181		}
10182	}
10183
10184	ctl_set_success(ctsio);
10185	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10186	ctsio->be_move_done = ctl_config_move_done;
10187	ctl_datamove((union ctl_io *)ctsio);
10188	return (CTL_RETVAL_COMPLETE);
10189}
10190
10191int
10192ctl_inquiry(struct ctl_scsiio *ctsio)
10193{
10194	struct scsi_inquiry *cdb;
10195	int retval;
10196
10197	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10198
10199	cdb = (struct scsi_inquiry *)ctsio->cdb;
10200	if (cdb->byte2 & SI_EVPD)
10201		retval = ctl_inquiry_evpd(ctsio);
10202	else if (cdb->page_code == 0)
10203		retval = ctl_inquiry_std(ctsio);
10204	else {
10205		ctl_set_invalid_field(ctsio,
10206				      /*sks_valid*/ 1,
10207				      /*command*/ 1,
10208				      /*field*/ 2,
10209				      /*bit_valid*/ 0,
10210				      /*bit*/ 0);
10211		ctl_done((union ctl_io *)ctsio);
10212		return (CTL_RETVAL_COMPLETE);
10213	}
10214
10215	return (retval);
10216}
10217
10218int
10219ctl_get_config(struct ctl_scsiio *ctsio)
10220{
10221	struct ctl_lun *lun = CTL_LUN(ctsio);
10222	struct scsi_get_config_header *hdr;
10223	struct scsi_get_config_feature *feature;
10224	struct scsi_get_config *cdb;
10225	uint32_t alloc_len, data_len;
10226	int rt, starting;
10227
10228	cdb = (struct scsi_get_config *)ctsio->cdb;
10229	rt = (cdb->rt & SGC_RT_MASK);
10230	starting = scsi_2btoul(cdb->starting_feature);
10231	alloc_len = scsi_2btoul(cdb->length);
10232
10233	data_len = sizeof(struct scsi_get_config_header) +
10234	    sizeof(struct scsi_get_config_feature) + 8 +
10235	    sizeof(struct scsi_get_config_feature) + 8 +
10236	    sizeof(struct scsi_get_config_feature) + 4 +
10237	    sizeof(struct scsi_get_config_feature) + 4 +
10238	    sizeof(struct scsi_get_config_feature) + 8 +
10239	    sizeof(struct scsi_get_config_feature) +
10240	    sizeof(struct scsi_get_config_feature) + 4 +
10241	    sizeof(struct scsi_get_config_feature) + 4 +
10242	    sizeof(struct scsi_get_config_feature) + 4 +
10243	    sizeof(struct scsi_get_config_feature) + 4 +
10244	    sizeof(struct scsi_get_config_feature) + 4 +
10245	    sizeof(struct scsi_get_config_feature) + 4;
10246	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10247	ctsio->kern_sg_entries = 0;
10248	ctsio->kern_rel_offset = 0;
10249
10250	hdr = (struct scsi_get_config_header *)ctsio->kern_data_ptr;
10251	if (lun->flags & CTL_LUN_NO_MEDIA)
10252		scsi_ulto2b(0x0000, hdr->current_profile);
10253	else
10254		scsi_ulto2b(0x0010, hdr->current_profile);
10255	feature = (struct scsi_get_config_feature *)(hdr + 1);
10256
10257	if (starting > 0x003b)
10258		goto done;
10259	if (starting > 0x003a)
10260		goto f3b;
10261	if (starting > 0x002b)
10262		goto f3a;
10263	if (starting > 0x002a)
10264		goto f2b;
10265	if (starting > 0x001f)
10266		goto f2a;
10267	if (starting > 0x001e)
10268		goto f1f;
10269	if (starting > 0x001d)
10270		goto f1e;
10271	if (starting > 0x0010)
10272		goto f1d;
10273	if (starting > 0x0003)
10274		goto f10;
10275	if (starting > 0x0002)
10276		goto f3;
10277	if (starting > 0x0001)
10278		goto f2;
10279	if (starting > 0x0000)
10280		goto f1;
10281
10282	/* Profile List */
10283	scsi_ulto2b(0x0000, feature->feature_code);
10284	feature->flags = SGC_F_PERSISTENT | SGC_F_CURRENT;
10285	feature->add_length = 8;
10286	scsi_ulto2b(0x0008, &feature->feature_data[0]);	/* CD-ROM */
10287	feature->feature_data[2] = 0x00;
10288	scsi_ulto2b(0x0010, &feature->feature_data[4]);	/* DVD-ROM */
10289	feature->feature_data[6] = 0x01;
10290	feature = (struct scsi_get_config_feature *)
10291	    &feature->feature_data[feature->add_length];
10292
10293f1:	/* Core */
10294	scsi_ulto2b(0x0001, feature->feature_code);
10295	feature->flags = 0x08 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10296	feature->add_length = 8;
10297	scsi_ulto4b(0x00000000, &feature->feature_data[0]);
10298	feature->feature_data[4] = 0x03;
10299	feature = (struct scsi_get_config_feature *)
10300	    &feature->feature_data[feature->add_length];
10301
10302f2:	/* Morphing */
10303	scsi_ulto2b(0x0002, feature->feature_code);
10304	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10305	feature->add_length = 4;
10306	feature->feature_data[0] = 0x02;
10307	feature = (struct scsi_get_config_feature *)
10308	    &feature->feature_data[feature->add_length];
10309
10310f3:	/* Removable Medium */
10311	scsi_ulto2b(0x0003, feature->feature_code);
10312	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10313	feature->add_length = 4;
10314	feature->feature_data[0] = 0x39;
10315	feature = (struct scsi_get_config_feature *)
10316	    &feature->feature_data[feature->add_length];
10317
10318	if (rt == SGC_RT_CURRENT && (lun->flags & CTL_LUN_NO_MEDIA))
10319		goto done;
10320
10321f10:	/* Random Read */
10322	scsi_ulto2b(0x0010, feature->feature_code);
10323	feature->flags = 0x00;
10324	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10325		feature->flags |= SGC_F_CURRENT;
10326	feature->add_length = 8;
10327	scsi_ulto4b(lun->be_lun->blocksize, &feature->feature_data[0]);
10328	scsi_ulto2b(1, &feature->feature_data[4]);
10329	feature->feature_data[6] = 0x00;
10330	feature = (struct scsi_get_config_feature *)
10331	    &feature->feature_data[feature->add_length];
10332
10333f1d:	/* Multi-Read */
10334	scsi_ulto2b(0x001D, feature->feature_code);
10335	feature->flags = 0x00;
10336	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10337		feature->flags |= SGC_F_CURRENT;
10338	feature->add_length = 0;
10339	feature = (struct scsi_get_config_feature *)
10340	    &feature->feature_data[feature->add_length];
10341
10342f1e:	/* CD Read */
10343	scsi_ulto2b(0x001E, feature->feature_code);
10344	feature->flags = 0x00;
10345	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10346		feature->flags |= SGC_F_CURRENT;
10347	feature->add_length = 4;
10348	feature->feature_data[0] = 0x00;
10349	feature = (struct scsi_get_config_feature *)
10350	    &feature->feature_data[feature->add_length];
10351
10352f1f:	/* DVD Read */
10353	scsi_ulto2b(0x001F, feature->feature_code);
10354	feature->flags = 0x08;
10355	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10356		feature->flags |= SGC_F_CURRENT;
10357	feature->add_length = 4;
10358	feature->feature_data[0] = 0x01;
10359	feature->feature_data[2] = 0x03;
10360	feature = (struct scsi_get_config_feature *)
10361	    &feature->feature_data[feature->add_length];
10362
10363f2a:	/* DVD+RW */
10364	scsi_ulto2b(0x002A, feature->feature_code);
10365	feature->flags = 0x04;
10366	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10367		feature->flags |= SGC_F_CURRENT;
10368	feature->add_length = 4;
10369	feature->feature_data[0] = 0x00;
10370	feature->feature_data[1] = 0x00;
10371	feature = (struct scsi_get_config_feature *)
10372	    &feature->feature_data[feature->add_length];
10373
10374f2b:	/* DVD+R */
10375	scsi_ulto2b(0x002B, feature->feature_code);
10376	feature->flags = 0x00;
10377	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10378		feature->flags |= SGC_F_CURRENT;
10379	feature->add_length = 4;
10380	feature->feature_data[0] = 0x00;
10381	feature = (struct scsi_get_config_feature *)
10382	    &feature->feature_data[feature->add_length];
10383
10384f3a:	/* DVD+RW Dual Layer */
10385	scsi_ulto2b(0x003A, feature->feature_code);
10386	feature->flags = 0x00;
10387	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10388		feature->flags |= SGC_F_CURRENT;
10389	feature->add_length = 4;
10390	feature->feature_data[0] = 0x00;
10391	feature->feature_data[1] = 0x00;
10392	feature = (struct scsi_get_config_feature *)
10393	    &feature->feature_data[feature->add_length];
10394
10395f3b:	/* DVD+R Dual Layer */
10396	scsi_ulto2b(0x003B, feature->feature_code);
10397	feature->flags = 0x00;
10398	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10399		feature->flags |= SGC_F_CURRENT;
10400	feature->add_length = 4;
10401	feature->feature_data[0] = 0x00;
10402	feature = (struct scsi_get_config_feature *)
10403	    &feature->feature_data[feature->add_length];
10404
10405done:
10406	data_len = (uint8_t *)feature - (uint8_t *)hdr;
10407	if (rt == SGC_RT_SPECIFIC && data_len > 4) {
10408		feature = (struct scsi_get_config_feature *)(hdr + 1);
10409		if (scsi_2btoul(feature->feature_code) == starting)
10410			feature = (struct scsi_get_config_feature *)
10411			    &feature->feature_data[feature->add_length];
10412		data_len = (uint8_t *)feature - (uint8_t *)hdr;
10413	}
10414	scsi_ulto4b(data_len - 4, hdr->data_length);
10415	ctsio->kern_data_len = min(data_len, alloc_len);
10416	ctsio->kern_total_len = ctsio->kern_data_len;
10417
10418	ctl_set_success(ctsio);
10419	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10420	ctsio->be_move_done = ctl_config_move_done;
10421	ctl_datamove((union ctl_io *)ctsio);
10422	return (CTL_RETVAL_COMPLETE);
10423}
10424
10425int
10426ctl_get_event_status(struct ctl_scsiio *ctsio)
10427{
10428	struct scsi_get_event_status_header *hdr;
10429	struct scsi_get_event_status *cdb;
10430	uint32_t alloc_len, data_len;
10431	int notif_class;
10432
10433	cdb = (struct scsi_get_event_status *)ctsio->cdb;
10434	if ((cdb->byte2 & SGESN_POLLED) == 0) {
10435		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
10436		    /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
10437		ctl_done((union ctl_io *)ctsio);
10438		return (CTL_RETVAL_COMPLETE);
10439	}
10440	notif_class = cdb->notif_class;
10441	alloc_len = scsi_2btoul(cdb->length);
10442
10443	data_len = sizeof(struct scsi_get_event_status_header);
10444	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10445	ctsio->kern_sg_entries = 0;
10446	ctsio->kern_rel_offset = 0;
10447	ctsio->kern_data_len = min(data_len, alloc_len);
10448	ctsio->kern_total_len = ctsio->kern_data_len;
10449
10450	hdr = (struct scsi_get_event_status_header *)ctsio->kern_data_ptr;
10451	scsi_ulto2b(0, hdr->descr_length);
10452	hdr->nea_class = SGESN_NEA;
10453	hdr->supported_class = 0;
10454
10455	ctl_set_success(ctsio);
10456	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10457	ctsio->be_move_done = ctl_config_move_done;
10458	ctl_datamove((union ctl_io *)ctsio);
10459	return (CTL_RETVAL_COMPLETE);
10460}
10461
10462int
10463ctl_mechanism_status(struct ctl_scsiio *ctsio)
10464{
10465	struct scsi_mechanism_status_header *hdr;
10466	struct scsi_mechanism_status *cdb;
10467	uint32_t alloc_len, data_len;
10468
10469	cdb = (struct scsi_mechanism_status *)ctsio->cdb;
10470	alloc_len = scsi_2btoul(cdb->length);
10471
10472	data_len = sizeof(struct scsi_mechanism_status_header);
10473	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10474	ctsio->kern_sg_entries = 0;
10475	ctsio->kern_rel_offset = 0;
10476	ctsio->kern_data_len = min(data_len, alloc_len);
10477	ctsio->kern_total_len = ctsio->kern_data_len;
10478
10479	hdr = (struct scsi_mechanism_status_header *)ctsio->kern_data_ptr;
10480	hdr->state1 = 0x00;
10481	hdr->state2 = 0xe0;
10482	scsi_ulto3b(0, hdr->lba);
10483	hdr->slots_num = 0;
10484	scsi_ulto2b(0, hdr->slots_length);
10485
10486	ctl_set_success(ctsio);
10487	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10488	ctsio->be_move_done = ctl_config_move_done;
10489	ctl_datamove((union ctl_io *)ctsio);
10490	return (CTL_RETVAL_COMPLETE);
10491}
10492
10493static void
10494ctl_ultomsf(uint32_t lba, uint8_t *buf)
10495{
10496
10497	lba += 150;
10498	buf[0] = 0;
10499	buf[1] = bin2bcd((lba / 75) / 60);
10500	buf[2] = bin2bcd((lba / 75) % 60);
10501	buf[3] = bin2bcd(lba % 75);
10502}
10503
10504int
10505ctl_read_toc(struct ctl_scsiio *ctsio)
10506{
10507	struct ctl_lun *lun = CTL_LUN(ctsio);
10508	struct scsi_read_toc_hdr *hdr;
10509	struct scsi_read_toc_type01_descr *descr;
10510	struct scsi_read_toc *cdb;
10511	uint32_t alloc_len, data_len;
10512	int format, msf;
10513
10514	cdb = (struct scsi_read_toc *)ctsio->cdb;
10515	msf = (cdb->byte2 & CD_MSF) != 0;
10516	format = cdb->format;
10517	alloc_len = scsi_2btoul(cdb->data_len);
10518
10519	data_len = sizeof(struct scsi_read_toc_hdr);
10520	if (format == 0)
10521		data_len += 2 * sizeof(struct scsi_read_toc_type01_descr);
10522	else
10523		data_len += sizeof(struct scsi_read_toc_type01_descr);
10524	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10525	ctsio->kern_sg_entries = 0;
10526	ctsio->kern_rel_offset = 0;
10527	ctsio->kern_data_len = min(data_len, alloc_len);
10528	ctsio->kern_total_len = ctsio->kern_data_len;
10529
10530	hdr = (struct scsi_read_toc_hdr *)ctsio->kern_data_ptr;
10531	if (format == 0) {
10532		scsi_ulto2b(0x12, hdr->data_length);
10533		hdr->first = 1;
10534		hdr->last = 1;
10535		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10536		descr->addr_ctl = 0x14;
10537		descr->track_number = 1;
10538		if (msf)
10539			ctl_ultomsf(0, descr->track_start);
10540		else
10541			scsi_ulto4b(0, descr->track_start);
10542		descr++;
10543		descr->addr_ctl = 0x14;
10544		descr->track_number = 0xaa;
10545		if (msf)
10546			ctl_ultomsf(lun->be_lun->maxlba+1, descr->track_start);
10547		else
10548			scsi_ulto4b(lun->be_lun->maxlba+1, descr->track_start);
10549	} else {
10550		scsi_ulto2b(0x0a, hdr->data_length);
10551		hdr->first = 1;
10552		hdr->last = 1;
10553		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10554		descr->addr_ctl = 0x14;
10555		descr->track_number = 1;
10556		if (msf)
10557			ctl_ultomsf(0, descr->track_start);
10558		else
10559			scsi_ulto4b(0, descr->track_start);
10560	}
10561
10562	ctl_set_success(ctsio);
10563	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10564	ctsio->be_move_done = ctl_config_move_done;
10565	ctl_datamove((union ctl_io *)ctsio);
10566	return (CTL_RETVAL_COMPLETE);
10567}
10568
10569/*
10570 * For known CDB types, parse the LBA and length.
10571 */
10572static int
10573ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10574{
10575	if (io->io_hdr.io_type != CTL_IO_SCSI)
10576		return (1);
10577
10578	switch (io->scsiio.cdb[0]) {
10579	case COMPARE_AND_WRITE: {
10580		struct scsi_compare_and_write *cdb;
10581
10582		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10583
10584		*lba = scsi_8btou64(cdb->addr);
10585		*len = cdb->length;
10586		break;
10587	}
10588	case READ_6:
10589	case WRITE_6: {
10590		struct scsi_rw_6 *cdb;
10591
10592		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10593
10594		*lba = scsi_3btoul(cdb->addr);
10595		/* only 5 bits are valid in the most significant address byte */
10596		*lba &= 0x1fffff;
10597		*len = cdb->length;
10598		break;
10599	}
10600	case READ_10:
10601	case WRITE_10: {
10602		struct scsi_rw_10 *cdb;
10603
10604		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10605
10606		*lba = scsi_4btoul(cdb->addr);
10607		*len = scsi_2btoul(cdb->length);
10608		break;
10609	}
10610	case WRITE_VERIFY_10: {
10611		struct scsi_write_verify_10 *cdb;
10612
10613		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10614
10615		*lba = scsi_4btoul(cdb->addr);
10616		*len = scsi_2btoul(cdb->length);
10617		break;
10618	}
10619	case READ_12:
10620	case WRITE_12: {
10621		struct scsi_rw_12 *cdb;
10622
10623		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10624
10625		*lba = scsi_4btoul(cdb->addr);
10626		*len = scsi_4btoul(cdb->length);
10627		break;
10628	}
10629	case WRITE_VERIFY_12: {
10630		struct scsi_write_verify_12 *cdb;
10631
10632		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10633
10634		*lba = scsi_4btoul(cdb->addr);
10635		*len = scsi_4btoul(cdb->length);
10636		break;
10637	}
10638	case READ_16:
10639	case WRITE_16: {
10640		struct scsi_rw_16 *cdb;
10641
10642		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10643
10644		*lba = scsi_8btou64(cdb->addr);
10645		*len = scsi_4btoul(cdb->length);
10646		break;
10647	}
10648	case WRITE_ATOMIC_16: {
10649		struct scsi_write_atomic_16 *cdb;
10650
10651		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10652
10653		*lba = scsi_8btou64(cdb->addr);
10654		*len = scsi_2btoul(cdb->length);
10655		break;
10656	}
10657	case WRITE_VERIFY_16: {
10658		struct scsi_write_verify_16 *cdb;
10659
10660		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10661
10662		*lba = scsi_8btou64(cdb->addr);
10663		*len = scsi_4btoul(cdb->length);
10664		break;
10665	}
10666	case WRITE_SAME_10: {
10667		struct scsi_write_same_10 *cdb;
10668
10669		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10670
10671		*lba = scsi_4btoul(cdb->addr);
10672		*len = scsi_2btoul(cdb->length);
10673		break;
10674	}
10675	case WRITE_SAME_16: {
10676		struct scsi_write_same_16 *cdb;
10677
10678		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10679
10680		*lba = scsi_8btou64(cdb->addr);
10681		*len = scsi_4btoul(cdb->length);
10682		break;
10683	}
10684	case VERIFY_10: {
10685		struct scsi_verify_10 *cdb;
10686
10687		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10688
10689		*lba = scsi_4btoul(cdb->addr);
10690		*len = scsi_2btoul(cdb->length);
10691		break;
10692	}
10693	case VERIFY_12: {
10694		struct scsi_verify_12 *cdb;
10695
10696		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10697
10698		*lba = scsi_4btoul(cdb->addr);
10699		*len = scsi_4btoul(cdb->length);
10700		break;
10701	}
10702	case VERIFY_16: {
10703		struct scsi_verify_16 *cdb;
10704
10705		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10706
10707		*lba = scsi_8btou64(cdb->addr);
10708		*len = scsi_4btoul(cdb->length);
10709		break;
10710	}
10711	case UNMAP: {
10712		*lba = 0;
10713		*len = UINT64_MAX;
10714		break;
10715	}
10716	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10717		struct scsi_get_lba_status *cdb;
10718
10719		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10720		*lba = scsi_8btou64(cdb->addr);
10721		*len = UINT32_MAX;
10722		break;
10723	}
10724	default:
10725		return (1);
10726		break; /* NOTREACHED */
10727	}
10728
10729	return (0);
10730}
10731
10732static ctl_action
10733ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10734    bool seq)
10735{
10736	uint64_t endlba1, endlba2;
10737
10738	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10739	endlba2 = lba2 + len2 - 1;
10740
10741	if ((endlba1 < lba2) || (endlba2 < lba1))
10742		return (CTL_ACTION_PASS);
10743	else
10744		return (CTL_ACTION_BLOCK);
10745}
10746
10747static int
10748ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10749{
10750	struct ctl_ptr_len_flags *ptrlen;
10751	struct scsi_unmap_desc *buf, *end, *range;
10752	uint64_t lba;
10753	uint32_t len;
10754
10755	/* If not UNMAP -- go other way. */
10756	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10757	    io->scsiio.cdb[0] != UNMAP)
10758		return (CTL_ACTION_ERROR);
10759
10760	/* If UNMAP without data -- block and wait for data. */
10761	ptrlen = (struct ctl_ptr_len_flags *)
10762	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10763	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10764	    ptrlen->ptr == NULL)
10765		return (CTL_ACTION_BLOCK);
10766
10767	/* UNMAP with data -- check for collision. */
10768	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10769	end = buf + ptrlen->len / sizeof(*buf);
10770	for (range = buf; range < end; range++) {
10771		lba = scsi_8btou64(range->lba);
10772		len = scsi_4btoul(range->length);
10773		if ((lba < lba2 + len2) && (lba + len > lba2))
10774			return (CTL_ACTION_BLOCK);
10775	}
10776	return (CTL_ACTION_PASS);
10777}
10778
10779static ctl_action
10780ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10781{
10782	uint64_t lba1, lba2;
10783	uint64_t len1, len2;
10784	int retval;
10785
10786	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10787		return (CTL_ACTION_ERROR);
10788
10789	retval = ctl_extent_check_unmap(io1, lba2, len2);
10790	if (retval != CTL_ACTION_ERROR)
10791		return (retval);
10792
10793	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10794		return (CTL_ACTION_ERROR);
10795
10796	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10797		seq = FALSE;
10798	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10799}
10800
10801static ctl_action
10802ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10803{
10804	uint64_t lba1, lba2;
10805	uint64_t len1, len2;
10806
10807	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10808		return (CTL_ACTION_PASS);
10809	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10810		return (CTL_ACTION_ERROR);
10811	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10812		return (CTL_ACTION_ERROR);
10813
10814	if (lba1 + len1 == lba2)
10815		return (CTL_ACTION_BLOCK);
10816	return (CTL_ACTION_PASS);
10817}
10818
10819static ctl_action
10820ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10821    union ctl_io *ooa_io)
10822{
10823	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10824	const ctl_serialize_action *serialize_row;
10825
10826	/*
10827	 * The initiator attempted multiple untagged commands at the same
10828	 * time.  Can't do that.
10829	 */
10830	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10831	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10832	 && ((pending_io->io_hdr.nexus.targ_port ==
10833	      ooa_io->io_hdr.nexus.targ_port)
10834	  && (pending_io->io_hdr.nexus.initid ==
10835	      ooa_io->io_hdr.nexus.initid))
10836	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10837	      CTL_FLAG_STATUS_SENT)) == 0))
10838		return (CTL_ACTION_OVERLAP);
10839
10840	/*
10841	 * The initiator attempted to send multiple tagged commands with
10842	 * the same ID.  (It's fine if different initiators have the same
10843	 * tag ID.)
10844	 *
10845	 * Even if all of those conditions are true, we don't kill the I/O
10846	 * if the command ahead of us has been aborted.  We won't end up
10847	 * sending it to the FETD, and it's perfectly legal to resend a
10848	 * command with the same tag number as long as the previous
10849	 * instance of this tag number has been aborted somehow.
10850	 */
10851	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10852	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10853	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10854	 && ((pending_io->io_hdr.nexus.targ_port ==
10855	      ooa_io->io_hdr.nexus.targ_port)
10856	  && (pending_io->io_hdr.nexus.initid ==
10857	      ooa_io->io_hdr.nexus.initid))
10858	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10859	      CTL_FLAG_STATUS_SENT)) == 0))
10860		return (CTL_ACTION_OVERLAP_TAG);
10861
10862	/*
10863	 * If we get a head of queue tag, SAM-3 says that we should
10864	 * immediately execute it.
10865	 *
10866	 * What happens if this command would normally block for some other
10867	 * reason?  e.g. a request sense with a head of queue tag
10868	 * immediately after a write.  Normally that would block, but this
10869	 * will result in its getting executed immediately...
10870	 *
10871	 * We currently return "pass" instead of "skip", so we'll end up
10872	 * going through the rest of the queue to check for overlapped tags.
10873	 *
10874	 * XXX KDM check for other types of blockage first??
10875	 */
10876	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10877		return (CTL_ACTION_PASS);
10878
10879	/*
10880	 * Ordered tags have to block until all items ahead of them
10881	 * have completed.  If we get called with an ordered tag, we always
10882	 * block, if something else is ahead of us in the queue.
10883	 */
10884	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10885		return (CTL_ACTION_BLOCK);
10886
10887	/*
10888	 * Simple tags get blocked until all head of queue and ordered tags
10889	 * ahead of them have completed.  I'm lumping untagged commands in
10890	 * with simple tags here.  XXX KDM is that the right thing to do?
10891	 */
10892	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10893	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10894	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10895	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10896		return (CTL_ACTION_BLOCK);
10897
10898	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10899	KASSERT(pending_entry->seridx < CTL_SERIDX_COUNT,
10900	    ("%s: Invalid seridx %d for pending CDB %02x %02x @ %p",
10901	     __func__, pending_entry->seridx, pending_io->scsiio.cdb[0],
10902	     pending_io->scsiio.cdb[1], pending_io));
10903	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10904	if (ooa_entry->seridx == CTL_SERIDX_INVLD)
10905		return (CTL_ACTION_PASS); /* Unsupported command in OOA queue */
10906	KASSERT(ooa_entry->seridx < CTL_SERIDX_COUNT,
10907	    ("%s: Invalid seridx %d for ooa CDB %02x %02x @ %p",
10908	     __func__, ooa_entry->seridx, ooa_io->scsiio.cdb[0],
10909	     ooa_io->scsiio.cdb[1], ooa_io));
10910
10911	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10912
10913	switch (serialize_row[pending_entry->seridx]) {
10914	case CTL_SER_BLOCK:
10915		return (CTL_ACTION_BLOCK);
10916	case CTL_SER_EXTENT:
10917		return (ctl_extent_check(ooa_io, pending_io,
10918		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10919	case CTL_SER_EXTENTOPT:
10920		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
10921		    SCP_QUEUE_ALG_UNRESTRICTED)
10922			return (ctl_extent_check(ooa_io, pending_io,
10923			    (lun->be_lun &&
10924			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10925		return (CTL_ACTION_PASS);
10926	case CTL_SER_EXTENTSEQ:
10927		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10928			return (ctl_extent_check_seq(ooa_io, pending_io));
10929		return (CTL_ACTION_PASS);
10930	case CTL_SER_PASS:
10931		return (CTL_ACTION_PASS);
10932	case CTL_SER_BLOCKOPT:
10933		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
10934		    SCP_QUEUE_ALG_UNRESTRICTED)
10935			return (CTL_ACTION_BLOCK);
10936		return (CTL_ACTION_PASS);
10937	case CTL_SER_SKIP:
10938		return (CTL_ACTION_SKIP);
10939	default:
10940		panic("%s: Invalid serialization value %d for %d => %d",
10941		    __func__, serialize_row[pending_entry->seridx],
10942		    pending_entry->seridx, ooa_entry->seridx);
10943	}
10944
10945	return (CTL_ACTION_ERROR);
10946}
10947
10948/*
10949 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10950 * Assumptions:
10951 * - pending_io is generally either incoming, or on the blocked queue
10952 * - starting I/O is the I/O we want to start the check with.
10953 */
10954static ctl_action
10955ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10956	      union ctl_io *starting_io)
10957{
10958	union ctl_io *ooa_io;
10959	ctl_action action;
10960
10961	mtx_assert(&lun->lun_lock, MA_OWNED);
10962
10963	/*
10964	 * Run back along the OOA queue, starting with the current
10965	 * blocked I/O and going through every I/O before it on the
10966	 * queue.  If starting_io is NULL, we'll just end up returning
10967	 * CTL_ACTION_PASS.
10968	 */
10969	for (ooa_io = starting_io; ooa_io != NULL;
10970	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10971	     ooa_links)){
10972
10973		/*
10974		 * This routine just checks to see whether
10975		 * cur_blocked is blocked by ooa_io, which is ahead
10976		 * of it in the queue.  It doesn't queue/dequeue
10977		 * cur_blocked.
10978		 */
10979		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10980		switch (action) {
10981		case CTL_ACTION_BLOCK:
10982		case CTL_ACTION_OVERLAP:
10983		case CTL_ACTION_OVERLAP_TAG:
10984		case CTL_ACTION_SKIP:
10985		case CTL_ACTION_ERROR:
10986			return (action);
10987			break; /* NOTREACHED */
10988		case CTL_ACTION_PASS:
10989			break;
10990		default:
10991			panic("%s: Invalid action %d\n", __func__, action);
10992		}
10993	}
10994
10995	return (CTL_ACTION_PASS);
10996}
10997
10998/*
10999 * Assumptions:
11000 * - An I/O has just completed, and has been removed from the per-LUN OOA
11001 *   queue, so some items on the blocked queue may now be unblocked.
11002 */
11003static int
11004ctl_check_blocked(struct ctl_lun *lun)
11005{
11006	struct ctl_softc *softc = lun->ctl_softc;
11007	union ctl_io *cur_blocked, *next_blocked;
11008
11009	mtx_assert(&lun->lun_lock, MA_OWNED);
11010
11011	/*
11012	 * Run forward from the head of the blocked queue, checking each
11013	 * entry against the I/Os prior to it on the OOA queue to see if
11014	 * there is still any blockage.
11015	 *
11016	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11017	 * with our removing a variable on it while it is traversing the
11018	 * list.
11019	 */
11020	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11021	     cur_blocked != NULL; cur_blocked = next_blocked) {
11022		union ctl_io *prev_ooa;
11023		ctl_action action;
11024
11025		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11026							  blocked_links);
11027
11028		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11029						      ctl_ooaq, ooa_links);
11030
11031		/*
11032		 * If cur_blocked happens to be the first item in the OOA
11033		 * queue now, prev_ooa will be NULL, and the action
11034		 * returned will just be CTL_ACTION_PASS.
11035		 */
11036		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11037
11038		switch (action) {
11039		case CTL_ACTION_BLOCK:
11040			/* Nothing to do here, still blocked */
11041			break;
11042		case CTL_ACTION_OVERLAP:
11043		case CTL_ACTION_OVERLAP_TAG:
11044			/*
11045			 * This shouldn't happen!  In theory we've already
11046			 * checked this command for overlap...
11047			 */
11048			break;
11049		case CTL_ACTION_PASS:
11050		case CTL_ACTION_SKIP: {
11051			const struct ctl_cmd_entry *entry;
11052
11053			/*
11054			 * The skip case shouldn't happen, this transaction
11055			 * should have never made it onto the blocked queue.
11056			 */
11057			/*
11058			 * This I/O is no longer blocked, we can remove it
11059			 * from the blocked queue.  Since this is a TAILQ
11060			 * (doubly linked list), we can do O(1) removals
11061			 * from any place on the list.
11062			 */
11063			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11064				     blocked_links);
11065			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11066
11067			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11068			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11069				/*
11070				 * Need to send IO back to original side to
11071				 * run
11072				 */
11073				union ctl_ha_msg msg_info;
11074
11075				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11076				msg_info.hdr.original_sc =
11077					cur_blocked->io_hdr.remote_io;
11078				msg_info.hdr.serializing_sc = cur_blocked;
11079				msg_info.hdr.msg_type = CTL_MSG_R2R;
11080				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11081				    sizeof(msg_info.hdr), M_NOWAIT);
11082				break;
11083			}
11084			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11085
11086			/*
11087			 * Check this I/O for LUN state changes that may
11088			 * have happened while this command was blocked.
11089			 * The LUN state may have been changed by a command
11090			 * ahead of us in the queue, so we need to re-check
11091			 * for any states that can be caused by SCSI
11092			 * commands.
11093			 */
11094			if (ctl_scsiio_lun_check(lun, entry,
11095						 &cur_blocked->scsiio) == 0) {
11096				cur_blocked->io_hdr.flags |=
11097				                      CTL_FLAG_IS_WAS_ON_RTR;
11098				ctl_enqueue_rtr(cur_blocked);
11099			} else
11100				ctl_done(cur_blocked);
11101			break;
11102		}
11103		default:
11104			/*
11105			 * This probably shouldn't happen -- we shouldn't
11106			 * get CTL_ACTION_ERROR, or anything else.
11107			 */
11108			break;
11109		}
11110	}
11111
11112	return (CTL_RETVAL_COMPLETE);
11113}
11114
11115/*
11116 * This routine (with one exception) checks LUN flags that can be set by
11117 * commands ahead of us in the OOA queue.  These flags have to be checked
11118 * when a command initially comes in, and when we pull a command off the
11119 * blocked queue and are preparing to execute it.  The reason we have to
11120 * check these flags for commands on the blocked queue is that the LUN
11121 * state may have been changed by a command ahead of us while we're on the
11122 * blocked queue.
11123 *
11124 * Ordering is somewhat important with these checks, so please pay
11125 * careful attention to the placement of any new checks.
11126 */
11127static int
11128ctl_scsiio_lun_check(struct ctl_lun *lun,
11129    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11130{
11131	struct ctl_softc *softc = lun->ctl_softc;
11132	int retval;
11133	uint32_t residx;
11134
11135	retval = 0;
11136
11137	mtx_assert(&lun->lun_lock, MA_OWNED);
11138
11139	/*
11140	 * If this shelf is a secondary shelf controller, we may have to
11141	 * reject some commands disallowed by HA mode and link state.
11142	 */
11143	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11144		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11145		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11146			ctl_set_lun_unavail(ctsio);
11147			retval = 1;
11148			goto bailout;
11149		}
11150		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11151		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11152			ctl_set_lun_transit(ctsio);
11153			retval = 1;
11154			goto bailout;
11155		}
11156		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11157		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11158			ctl_set_lun_standby(ctsio);
11159			retval = 1;
11160			goto bailout;
11161		}
11162
11163		/* The rest of checks are only done on executing side */
11164		if (softc->ha_mode == CTL_HA_MODE_XFER)
11165			goto bailout;
11166	}
11167
11168	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11169		if (lun->be_lun &&
11170		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11171			ctl_set_hw_write_protected(ctsio);
11172			retval = 1;
11173			goto bailout;
11174		}
11175		if ((lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0) {
11176			ctl_set_sense(ctsio, /*current_error*/ 1,
11177			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11178			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11179			retval = 1;
11180			goto bailout;
11181		}
11182	}
11183
11184	/*
11185	 * Check for a reservation conflict.  If this command isn't allowed
11186	 * even on reserved LUNs, and if this initiator isn't the one who
11187	 * reserved us, reject the command with a reservation conflict.
11188	 */
11189	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11190	if ((lun->flags & CTL_LUN_RESERVED)
11191	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11192		if (lun->res_idx != residx) {
11193			ctl_set_reservation_conflict(ctsio);
11194			retval = 1;
11195			goto bailout;
11196		}
11197	}
11198
11199	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11200	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11201		/* No reservation or command is allowed. */;
11202	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11203	    (lun->pr_res_type == SPR_TYPE_WR_EX ||
11204	     lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
11205	     lun->pr_res_type == SPR_TYPE_WR_EX_AR)) {
11206		/* The command is allowed for Write Exclusive resv. */;
11207	} else {
11208		/*
11209		 * if we aren't registered or it's a res holder type
11210		 * reservation and this isn't the res holder then set a
11211		 * conflict.
11212		 */
11213		if (ctl_get_prkey(lun, residx) == 0 ||
11214		    (residx != lun->pr_res_idx && lun->pr_res_type < 4)) {
11215			ctl_set_reservation_conflict(ctsio);
11216			retval = 1;
11217			goto bailout;
11218		}
11219	}
11220
11221	if ((entry->flags & CTL_CMD_FLAG_OK_ON_NO_MEDIA) == 0) {
11222		if (lun->flags & CTL_LUN_EJECTED)
11223			ctl_set_lun_ejected(ctsio);
11224		else if (lun->flags & CTL_LUN_NO_MEDIA) {
11225			if (lun->flags & CTL_LUN_REMOVABLE)
11226				ctl_set_lun_no_media(ctsio);
11227			else
11228				ctl_set_lun_int_reqd(ctsio);
11229		} else if (lun->flags & CTL_LUN_STOPPED)
11230			ctl_set_lun_stopped(ctsio);
11231		else
11232			goto bailout;
11233		retval = 1;
11234		goto bailout;
11235	}
11236
11237bailout:
11238	return (retval);
11239}
11240
11241static void
11242ctl_failover_io(union ctl_io *io, int have_lock)
11243{
11244	ctl_set_busy(&io->scsiio);
11245	ctl_done(io);
11246}
11247
11248static void
11249ctl_failover_lun(union ctl_io *rio)
11250{
11251	struct ctl_softc *softc = CTL_SOFTC(rio);
11252	struct ctl_lun *lun;
11253	struct ctl_io_hdr *io, *next_io;
11254	uint32_t targ_lun;
11255
11256	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
11257	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
11258
11259	/* Find and lock the LUN. */
11260	mtx_lock(&softc->ctl_lock);
11261	if (targ_lun > ctl_max_luns ||
11262	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11263		mtx_unlock(&softc->ctl_lock);
11264		return;
11265	}
11266	mtx_lock(&lun->lun_lock);
11267	mtx_unlock(&softc->ctl_lock);
11268	if (lun->flags & CTL_LUN_DISABLED) {
11269		mtx_unlock(&lun->lun_lock);
11270		return;
11271	}
11272
11273	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11274		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11275			/* We are master */
11276			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11277				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11278					io->flags |= CTL_FLAG_ABORT;
11279					io->flags |= CTL_FLAG_FAILOVER;
11280				} else { /* This can be only due to DATAMOVE */
11281					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11282					io->flags &= ~CTL_FLAG_DMA_INPROG;
11283					io->flags |= CTL_FLAG_IO_ACTIVE;
11284					io->port_status = 31340;
11285					ctl_enqueue_isc((union ctl_io *)io);
11286				}
11287			}
11288			/* We are slave */
11289			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11290				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11291				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11292					io->flags |= CTL_FLAG_FAILOVER;
11293				} else {
11294					ctl_set_busy(&((union ctl_io *)io)->
11295					    scsiio);
11296					ctl_done((union ctl_io *)io);
11297				}
11298			}
11299		}
11300	} else { /* SERIALIZE modes */
11301		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11302		    next_io) {
11303			/* We are master */
11304			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11305				TAILQ_REMOVE(&lun->blocked_queue, io,
11306				    blocked_links);
11307				io->flags &= ~CTL_FLAG_BLOCKED;
11308				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11309				ctl_free_io((union ctl_io *)io);
11310			}
11311		}
11312		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11313			/* We are master */
11314			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11315				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11316				ctl_free_io((union ctl_io *)io);
11317			}
11318			/* We are slave */
11319			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11320				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11321				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11322					ctl_set_busy(&((union ctl_io *)io)->
11323					    scsiio);
11324					ctl_done((union ctl_io *)io);
11325				}
11326			}
11327		}
11328		ctl_check_blocked(lun);
11329	}
11330	mtx_unlock(&lun->lun_lock);
11331}
11332
11333static int
11334ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11335{
11336	struct ctl_lun *lun;
11337	const struct ctl_cmd_entry *entry;
11338	uint32_t initidx, targ_lun;
11339	int retval = 0;
11340
11341	lun = NULL;
11342	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11343	if (targ_lun < ctl_max_luns)
11344		lun = softc->ctl_luns[targ_lun];
11345	if (lun) {
11346		/*
11347		 * If the LUN is invalid, pretend that it doesn't exist.
11348		 * It will go away as soon as all pending I/O has been
11349		 * completed.
11350		 */
11351		mtx_lock(&lun->lun_lock);
11352		if (lun->flags & CTL_LUN_DISABLED) {
11353			mtx_unlock(&lun->lun_lock);
11354			lun = NULL;
11355		}
11356	}
11357	CTL_LUN(ctsio) = lun;
11358	if (lun) {
11359		CTL_BACKEND_LUN(ctsio) = lun->be_lun;
11360
11361		/*
11362		 * Every I/O goes into the OOA queue for a particular LUN,
11363		 * and stays there until completion.
11364		 */
11365#ifdef CTL_TIME_IO
11366		if (TAILQ_EMPTY(&lun->ooa_queue))
11367			lun->idle_time += getsbinuptime() - lun->last_busy;
11368#endif
11369		TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
11370	}
11371
11372	/* Get command entry and return error if it is unsuppotyed. */
11373	entry = ctl_validate_command(ctsio);
11374	if (entry == NULL) {
11375		if (lun)
11376			mtx_unlock(&lun->lun_lock);
11377		return (retval);
11378	}
11379
11380	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11381	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11382
11383	/*
11384	 * Check to see whether we can send this command to LUNs that don't
11385	 * exist.  This should pretty much only be the case for inquiry
11386	 * and request sense.  Further checks, below, really require having
11387	 * a LUN, so we can't really check the command anymore.  Just put
11388	 * it on the rtr queue.
11389	 */
11390	if (lun == NULL) {
11391		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11392			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11393			ctl_enqueue_rtr((union ctl_io *)ctsio);
11394			return (retval);
11395		}
11396
11397		ctl_set_unsupported_lun(ctsio);
11398		ctl_done((union ctl_io *)ctsio);
11399		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11400		return (retval);
11401	} else {
11402		/*
11403		 * Make sure we support this particular command on this LUN.
11404		 * e.g., we don't support writes to the control LUN.
11405		 */
11406		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11407			mtx_unlock(&lun->lun_lock);
11408			ctl_set_invalid_opcode(ctsio);
11409			ctl_done((union ctl_io *)ctsio);
11410			return (retval);
11411		}
11412	}
11413
11414	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11415
11416	/*
11417	 * If we've got a request sense, it'll clear the contingent
11418	 * allegiance condition.  Otherwise, if we have a CA condition for
11419	 * this initiator, clear it, because it sent down a command other
11420	 * than request sense.
11421	 */
11422	if (ctsio->cdb[0] != REQUEST_SENSE) {
11423		struct scsi_sense_data *ps;
11424
11425		ps = lun->pending_sense[initidx / CTL_MAX_INIT_PER_PORT];
11426		if (ps != NULL)
11427			ps[initidx % CTL_MAX_INIT_PER_PORT].error_code = 0;
11428	}
11429
11430	/*
11431	 * If the command has this flag set, it handles its own unit
11432	 * attention reporting, we shouldn't do anything.  Otherwise we
11433	 * check for any pending unit attentions, and send them back to the
11434	 * initiator.  We only do this when a command initially comes in,
11435	 * not when we pull it off the blocked queue.
11436	 *
11437	 * According to SAM-3, section 5.3.2, the order that things get
11438	 * presented back to the host is basically unit attentions caused
11439	 * by some sort of reset event, busy status, reservation conflicts
11440	 * or task set full, and finally any other status.
11441	 *
11442	 * One issue here is that some of the unit attentions we report
11443	 * don't fall into the "reset" category (e.g. "reported luns data
11444	 * has changed").  So reporting it here, before the reservation
11445	 * check, may be technically wrong.  I guess the only thing to do
11446	 * would be to check for and report the reset events here, and then
11447	 * check for the other unit attention types after we check for a
11448	 * reservation conflict.
11449	 *
11450	 * XXX KDM need to fix this
11451	 */
11452	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11453		ctl_ua_type ua_type;
11454		u_int sense_len = 0;
11455
11456		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11457		    &sense_len, SSD_TYPE_NONE);
11458		if (ua_type != CTL_UA_NONE) {
11459			mtx_unlock(&lun->lun_lock);
11460			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11461			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11462			ctsio->sense_len = sense_len;
11463			ctl_done((union ctl_io *)ctsio);
11464			return (retval);
11465		}
11466	}
11467
11468
11469	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11470		mtx_unlock(&lun->lun_lock);
11471		ctl_done((union ctl_io *)ctsio);
11472		return (retval);
11473	}
11474
11475	/*
11476	 * XXX CHD this is where we want to send IO to other side if
11477	 * this LUN is secondary on this SC. We will need to make a copy
11478	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11479	 * the copy we send as FROM_OTHER.
11480	 * We also need to stuff the address of the original IO so we can
11481	 * find it easily. Something similar will need be done on the other
11482	 * side so when we are done we can find the copy.
11483	 */
11484	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11485	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11486	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11487		union ctl_ha_msg msg_info;
11488		int isc_retval;
11489
11490		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11491		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11492		mtx_unlock(&lun->lun_lock);
11493
11494		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11495		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11496		msg_info.hdr.serializing_sc = NULL;
11497		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11498		msg_info.scsi.tag_num = ctsio->tag_num;
11499		msg_info.scsi.tag_type = ctsio->tag_type;
11500		msg_info.scsi.cdb_len = ctsio->cdb_len;
11501		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11502
11503		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11504		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11505		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11506			ctl_set_busy(ctsio);
11507			ctl_done((union ctl_io *)ctsio);
11508			return (retval);
11509		}
11510		return (retval);
11511	}
11512
11513	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11514			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11515			      ctl_ooaq, ooa_links))) {
11516	case CTL_ACTION_BLOCK:
11517		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11518		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11519				  blocked_links);
11520		mtx_unlock(&lun->lun_lock);
11521		return (retval);
11522	case CTL_ACTION_PASS:
11523	case CTL_ACTION_SKIP:
11524		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11525		mtx_unlock(&lun->lun_lock);
11526		ctl_enqueue_rtr((union ctl_io *)ctsio);
11527		break;
11528	case CTL_ACTION_OVERLAP:
11529		mtx_unlock(&lun->lun_lock);
11530		ctl_set_overlapped_cmd(ctsio);
11531		ctl_done((union ctl_io *)ctsio);
11532		break;
11533	case CTL_ACTION_OVERLAP_TAG:
11534		mtx_unlock(&lun->lun_lock);
11535		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11536		ctl_done((union ctl_io *)ctsio);
11537		break;
11538	case CTL_ACTION_ERROR:
11539	default:
11540		mtx_unlock(&lun->lun_lock);
11541		ctl_set_internal_failure(ctsio,
11542					 /*sks_valid*/ 0,
11543					 /*retry_count*/ 0);
11544		ctl_done((union ctl_io *)ctsio);
11545		break;
11546	}
11547	return (retval);
11548}
11549
11550const struct ctl_cmd_entry *
11551ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11552{
11553	const struct ctl_cmd_entry *entry;
11554	int service_action;
11555
11556	entry = &ctl_cmd_table[ctsio->cdb[0]];
11557	if (sa)
11558		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11559	if (entry->flags & CTL_CMD_FLAG_SA5) {
11560		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11561		entry = &((const struct ctl_cmd_entry *)
11562		    entry->execute)[service_action];
11563	}
11564	return (entry);
11565}
11566
11567const struct ctl_cmd_entry *
11568ctl_validate_command(struct ctl_scsiio *ctsio)
11569{
11570	const struct ctl_cmd_entry *entry;
11571	int i, sa;
11572	uint8_t diff;
11573
11574	entry = ctl_get_cmd_entry(ctsio, &sa);
11575	if (entry->execute == NULL) {
11576		if (sa)
11577			ctl_set_invalid_field(ctsio,
11578					      /*sks_valid*/ 1,
11579					      /*command*/ 1,
11580					      /*field*/ 1,
11581					      /*bit_valid*/ 1,
11582					      /*bit*/ 4);
11583		else
11584			ctl_set_invalid_opcode(ctsio);
11585		ctl_done((union ctl_io *)ctsio);
11586		return (NULL);
11587	}
11588	KASSERT(entry->length > 0,
11589	    ("Not defined length for command 0x%02x/0x%02x",
11590	     ctsio->cdb[0], ctsio->cdb[1]));
11591	for (i = 1; i < entry->length; i++) {
11592		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11593		if (diff == 0)
11594			continue;
11595		ctl_set_invalid_field(ctsio,
11596				      /*sks_valid*/ 1,
11597				      /*command*/ 1,
11598				      /*field*/ i,
11599				      /*bit_valid*/ 1,
11600				      /*bit*/ fls(diff) - 1);
11601		ctl_done((union ctl_io *)ctsio);
11602		return (NULL);
11603	}
11604	return (entry);
11605}
11606
11607static int
11608ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11609{
11610
11611	switch (lun_type) {
11612	case T_DIRECT:
11613		if ((entry->flags & CTL_CMD_FLAG_OK_ON_DIRECT) == 0)
11614			return (0);
11615		break;
11616	case T_PROCESSOR:
11617		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11618			return (0);
11619		break;
11620	case T_CDROM:
11621		if ((entry->flags & CTL_CMD_FLAG_OK_ON_CDROM) == 0)
11622			return (0);
11623		break;
11624	default:
11625		return (0);
11626	}
11627	return (1);
11628}
11629
11630static int
11631ctl_scsiio(struct ctl_scsiio *ctsio)
11632{
11633	int retval;
11634	const struct ctl_cmd_entry *entry;
11635
11636	retval = CTL_RETVAL_COMPLETE;
11637
11638	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11639
11640	entry = ctl_get_cmd_entry(ctsio, NULL);
11641
11642	/*
11643	 * If this I/O has been aborted, just send it straight to
11644	 * ctl_done() without executing it.
11645	 */
11646	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11647		ctl_done((union ctl_io *)ctsio);
11648		goto bailout;
11649	}
11650
11651	/*
11652	 * All the checks should have been handled by ctl_scsiio_precheck().
11653	 * We should be clear now to just execute the I/O.
11654	 */
11655	retval = entry->execute(ctsio);
11656
11657bailout:
11658	return (retval);
11659}
11660
11661static int
11662ctl_target_reset(union ctl_io *io)
11663{
11664	struct ctl_softc *softc = CTL_SOFTC(io);
11665	struct ctl_port *port = CTL_PORT(io);
11666	struct ctl_lun *lun;
11667	uint32_t initidx;
11668	ctl_ua_type ua_type;
11669
11670	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11671		union ctl_ha_msg msg_info;
11672
11673		msg_info.hdr.nexus = io->io_hdr.nexus;
11674		msg_info.task.task_action = io->taskio.task_action;
11675		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11676		msg_info.hdr.original_sc = NULL;
11677		msg_info.hdr.serializing_sc = NULL;
11678		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11679		    sizeof(msg_info.task), M_WAITOK);
11680	}
11681
11682	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11683	if (io->taskio.task_action == CTL_TASK_TARGET_RESET)
11684		ua_type = CTL_UA_TARG_RESET;
11685	else
11686		ua_type = CTL_UA_BUS_RESET;
11687	mtx_lock(&softc->ctl_lock);
11688	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11689		if (port != NULL &&
11690		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
11691			continue;
11692		ctl_do_lun_reset(lun, initidx, ua_type);
11693	}
11694	mtx_unlock(&softc->ctl_lock);
11695	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11696	return (0);
11697}
11698
11699/*
11700 * The LUN should always be set.  The I/O is optional, and is used to
11701 * distinguish between I/Os sent by this initiator, and by other
11702 * initiators.  We set unit attention for initiators other than this one.
11703 * SAM-3 is vague on this point.  It does say that a unit attention should
11704 * be established for other initiators when a LUN is reset (see section
11705 * 5.7.3), but it doesn't specifically say that the unit attention should
11706 * be established for this particular initiator when a LUN is reset.  Here
11707 * is the relevant text, from SAM-3 rev 8:
11708 *
11709 * 5.7.2 When a SCSI initiator port aborts its own tasks
11710 *
11711 * When a SCSI initiator port causes its own task(s) to be aborted, no
11712 * notification that the task(s) have been aborted shall be returned to
11713 * the SCSI initiator port other than the completion response for the
11714 * command or task management function action that caused the task(s) to
11715 * be aborted and notification(s) associated with related effects of the
11716 * action (e.g., a reset unit attention condition).
11717 *
11718 * XXX KDM for now, we're setting unit attention for all initiators.
11719 */
11720static void
11721ctl_do_lun_reset(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua_type)
11722{
11723	union ctl_io *xio;
11724	int i;
11725
11726	mtx_lock(&lun->lun_lock);
11727	/* Abort tasks. */
11728	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11729	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11730		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11731	}
11732	/* Clear CA. */
11733	for (i = 0; i < ctl_max_ports; i++) {
11734		free(lun->pending_sense[i], M_CTL);
11735		lun->pending_sense[i] = NULL;
11736	}
11737	/* Clear reservation. */
11738	lun->flags &= ~CTL_LUN_RESERVED;
11739	/* Clear prevent media removal. */
11740	if (lun->prevent) {
11741		for (i = 0; i < CTL_MAX_INITIATORS; i++)
11742			ctl_clear_mask(lun->prevent, i);
11743		lun->prevent_count = 0;
11744	}
11745	/* Clear TPC status */
11746	ctl_tpc_lun_clear(lun, -1);
11747	/* Establish UA. */
11748#if 0
11749	ctl_est_ua_all(lun, initidx, ua_type);
11750#else
11751	ctl_est_ua_all(lun, -1, ua_type);
11752#endif
11753	mtx_unlock(&lun->lun_lock);
11754}
11755
11756static int
11757ctl_lun_reset(union ctl_io *io)
11758{
11759	struct ctl_softc *softc = CTL_SOFTC(io);
11760	struct ctl_lun *lun;
11761	uint32_t targ_lun, initidx;
11762
11763	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11764	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11765	mtx_lock(&softc->ctl_lock);
11766	if (targ_lun >= ctl_max_luns ||
11767	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11768		mtx_unlock(&softc->ctl_lock);
11769		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11770		return (1);
11771	}
11772	ctl_do_lun_reset(lun, initidx, CTL_UA_LUN_RESET);
11773	mtx_unlock(&softc->ctl_lock);
11774	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11775
11776	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11777		union ctl_ha_msg msg_info;
11778
11779		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11780		msg_info.hdr.nexus = io->io_hdr.nexus;
11781		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11782		msg_info.hdr.original_sc = NULL;
11783		msg_info.hdr.serializing_sc = NULL;
11784		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11785		    sizeof(msg_info.task), M_WAITOK);
11786	}
11787	return (0);
11788}
11789
11790static void
11791ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11792    int other_sc)
11793{
11794	union ctl_io *xio;
11795
11796	mtx_assert(&lun->lun_lock, MA_OWNED);
11797
11798	/*
11799	 * Run through the OOA queue and attempt to find the given I/O.
11800	 * The target port, initiator ID, tag type and tag number have to
11801	 * match the values that we got from the initiator.  If we have an
11802	 * untagged command to abort, simply abort the first untagged command
11803	 * we come to.  We only allow one untagged command at a time of course.
11804	 */
11805	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11806	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11807
11808		if ((targ_port == UINT32_MAX ||
11809		     targ_port == xio->io_hdr.nexus.targ_port) &&
11810		    (init_id == UINT32_MAX ||
11811		     init_id == xio->io_hdr.nexus.initid)) {
11812			if (targ_port != xio->io_hdr.nexus.targ_port ||
11813			    init_id != xio->io_hdr.nexus.initid)
11814				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11815			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11816			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11817				union ctl_ha_msg msg_info;
11818
11819				msg_info.hdr.nexus = xio->io_hdr.nexus;
11820				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11821				msg_info.task.tag_num = xio->scsiio.tag_num;
11822				msg_info.task.tag_type = xio->scsiio.tag_type;
11823				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11824				msg_info.hdr.original_sc = NULL;
11825				msg_info.hdr.serializing_sc = NULL;
11826				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11827				    sizeof(msg_info.task), M_NOWAIT);
11828			}
11829		}
11830	}
11831}
11832
11833static int
11834ctl_abort_task_set(union ctl_io *io)
11835{
11836	struct ctl_softc *softc = CTL_SOFTC(io);
11837	struct ctl_lun *lun;
11838	uint32_t targ_lun;
11839
11840	/*
11841	 * Look up the LUN.
11842	 */
11843	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11844	mtx_lock(&softc->ctl_lock);
11845	if (targ_lun >= ctl_max_luns ||
11846	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11847		mtx_unlock(&softc->ctl_lock);
11848		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11849		return (1);
11850	}
11851
11852	mtx_lock(&lun->lun_lock);
11853	mtx_unlock(&softc->ctl_lock);
11854	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11855		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11856		    io->io_hdr.nexus.initid,
11857		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11858	} else { /* CTL_TASK_CLEAR_TASK_SET */
11859		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11860		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11861	}
11862	mtx_unlock(&lun->lun_lock);
11863	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11864	return (0);
11865}
11866
11867static void
11868ctl_i_t_nexus_loss(struct ctl_softc *softc, uint32_t initidx,
11869    ctl_ua_type ua_type)
11870{
11871	struct ctl_lun *lun;
11872	struct scsi_sense_data *ps;
11873	uint32_t p, i;
11874
11875	p = initidx / CTL_MAX_INIT_PER_PORT;
11876	i = initidx % CTL_MAX_INIT_PER_PORT;
11877	mtx_lock(&softc->ctl_lock);
11878	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11879		mtx_lock(&lun->lun_lock);
11880		/* Abort tasks. */
11881		ctl_abort_tasks_lun(lun, p, i, 1);
11882		/* Clear CA. */
11883		ps = lun->pending_sense[p];
11884		if (ps != NULL)
11885			ps[i].error_code = 0;
11886		/* Clear reservation. */
11887		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11888			lun->flags &= ~CTL_LUN_RESERVED;
11889		/* Clear prevent media removal. */
11890		if (lun->prevent && ctl_is_set(lun->prevent, initidx)) {
11891			ctl_clear_mask(lun->prevent, initidx);
11892			lun->prevent_count--;
11893		}
11894		/* Clear TPC status */
11895		ctl_tpc_lun_clear(lun, initidx);
11896		/* Establish UA. */
11897		ctl_est_ua(lun, initidx, ua_type);
11898		mtx_unlock(&lun->lun_lock);
11899	}
11900	mtx_unlock(&softc->ctl_lock);
11901}
11902
11903static int
11904ctl_i_t_nexus_reset(union ctl_io *io)
11905{
11906	struct ctl_softc *softc = CTL_SOFTC(io);
11907	uint32_t initidx;
11908
11909	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11910		union ctl_ha_msg msg_info;
11911
11912		msg_info.hdr.nexus = io->io_hdr.nexus;
11913		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11914		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11915		msg_info.hdr.original_sc = NULL;
11916		msg_info.hdr.serializing_sc = NULL;
11917		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11918		    sizeof(msg_info.task), M_WAITOK);
11919	}
11920
11921	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11922	ctl_i_t_nexus_loss(softc, initidx, CTL_UA_I_T_NEXUS_LOSS);
11923	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11924	return (0);
11925}
11926
11927static int
11928ctl_abort_task(union ctl_io *io)
11929{
11930	struct ctl_softc *softc = CTL_SOFTC(io);
11931	union ctl_io *xio;
11932	struct ctl_lun *lun;
11933#if 0
11934	struct sbuf sb;
11935	char printbuf[128];
11936#endif
11937	int found;
11938	uint32_t targ_lun;
11939
11940	found = 0;
11941
11942	/*
11943	 * Look up the LUN.
11944	 */
11945	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11946	mtx_lock(&softc->ctl_lock);
11947	if (targ_lun >= ctl_max_luns ||
11948	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11949		mtx_unlock(&softc->ctl_lock);
11950		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11951		return (1);
11952	}
11953
11954#if 0
11955	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11956	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11957#endif
11958
11959	mtx_lock(&lun->lun_lock);
11960	mtx_unlock(&softc->ctl_lock);
11961	/*
11962	 * Run through the OOA queue and attempt to find the given I/O.
11963	 * The target port, initiator ID, tag type and tag number have to
11964	 * match the values that we got from the initiator.  If we have an
11965	 * untagged command to abort, simply abort the first untagged command
11966	 * we come to.  We only allow one untagged command at a time of course.
11967	 */
11968	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11969	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11970#if 0
11971		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11972
11973		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11974			    lun->lun, xio->scsiio.tag_num,
11975			    xio->scsiio.tag_type,
11976			    (xio->io_hdr.blocked_links.tqe_prev
11977			    == NULL) ? "" : " BLOCKED",
11978			    (xio->io_hdr.flags &
11979			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11980			    (xio->io_hdr.flags &
11981			    CTL_FLAG_ABORT) ? " ABORT" : "",
11982			    (xio->io_hdr.flags &
11983			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11984		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11985		sbuf_finish(&sb);
11986		printf("%s\n", sbuf_data(&sb));
11987#endif
11988
11989		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11990		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11991		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11992			continue;
11993
11994		/*
11995		 * If the abort says that the task is untagged, the
11996		 * task in the queue must be untagged.  Otherwise,
11997		 * we just check to see whether the tag numbers
11998		 * match.  This is because the QLogic firmware
11999		 * doesn't pass back the tag type in an abort
12000		 * request.
12001		 */
12002#if 0
12003		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12004		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12005		 || (xio->scsiio.tag_num == io->taskio.tag_num))
12006#endif
12007		/*
12008		 * XXX KDM we've got problems with FC, because it
12009		 * doesn't send down a tag type with aborts.  So we
12010		 * can only really go by the tag number...
12011		 * This may cause problems with parallel SCSI.
12012		 * Need to figure that out!!
12013		 */
12014		if (xio->scsiio.tag_num == io->taskio.tag_num) {
12015			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12016			found = 1;
12017			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
12018			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12019				union ctl_ha_msg msg_info;
12020
12021				msg_info.hdr.nexus = io->io_hdr.nexus;
12022				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12023				msg_info.task.tag_num = io->taskio.tag_num;
12024				msg_info.task.tag_type = io->taskio.tag_type;
12025				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12026				msg_info.hdr.original_sc = NULL;
12027				msg_info.hdr.serializing_sc = NULL;
12028#if 0
12029				printf("Sent Abort to other side\n");
12030#endif
12031				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12032				    sizeof(msg_info.task), M_NOWAIT);
12033			}
12034#if 0
12035			printf("ctl_abort_task: found I/O to abort\n");
12036#endif
12037		}
12038	}
12039	mtx_unlock(&lun->lun_lock);
12040
12041	if (found == 0) {
12042		/*
12043		 * This isn't really an error.  It's entirely possible for
12044		 * the abort and command completion to cross on the wire.
12045		 * This is more of an informative/diagnostic error.
12046		 */
12047#if 0
12048		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12049		       "%u:%u:%u tag %d type %d\n",
12050		       io->io_hdr.nexus.initid,
12051		       io->io_hdr.nexus.targ_port,
12052		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12053		       io->taskio.tag_type);
12054#endif
12055	}
12056	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12057	return (0);
12058}
12059
12060static int
12061ctl_query_task(union ctl_io *io, int task_set)
12062{
12063	struct ctl_softc *softc = CTL_SOFTC(io);
12064	union ctl_io *xio;
12065	struct ctl_lun *lun;
12066	int found = 0;
12067	uint32_t targ_lun;
12068
12069	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12070	mtx_lock(&softc->ctl_lock);
12071	if (targ_lun >= ctl_max_luns ||
12072	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12073		mtx_unlock(&softc->ctl_lock);
12074		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12075		return (1);
12076	}
12077	mtx_lock(&lun->lun_lock);
12078	mtx_unlock(&softc->ctl_lock);
12079	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12080	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12081
12082		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12083		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12084		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12085			continue;
12086
12087		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12088			found = 1;
12089			break;
12090		}
12091	}
12092	mtx_unlock(&lun->lun_lock);
12093	if (found)
12094		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12095	else
12096		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12097	return (0);
12098}
12099
12100static int
12101ctl_query_async_event(union ctl_io *io)
12102{
12103	struct ctl_softc *softc = CTL_SOFTC(io);
12104	struct ctl_lun *lun;
12105	ctl_ua_type ua;
12106	uint32_t targ_lun, initidx;
12107
12108	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12109	mtx_lock(&softc->ctl_lock);
12110	if (targ_lun >= ctl_max_luns ||
12111	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12112		mtx_unlock(&softc->ctl_lock);
12113		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12114		return (1);
12115	}
12116	mtx_lock(&lun->lun_lock);
12117	mtx_unlock(&softc->ctl_lock);
12118	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12119	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12120	mtx_unlock(&lun->lun_lock);
12121	if (ua != CTL_UA_NONE)
12122		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12123	else
12124		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12125	return (0);
12126}
12127
12128static void
12129ctl_run_task(union ctl_io *io)
12130{
12131	int retval = 1;
12132
12133	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12134	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12135	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12136	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12137	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12138	switch (io->taskio.task_action) {
12139	case CTL_TASK_ABORT_TASK:
12140		retval = ctl_abort_task(io);
12141		break;
12142	case CTL_TASK_ABORT_TASK_SET:
12143	case CTL_TASK_CLEAR_TASK_SET:
12144		retval = ctl_abort_task_set(io);
12145		break;
12146	case CTL_TASK_CLEAR_ACA:
12147		break;
12148	case CTL_TASK_I_T_NEXUS_RESET:
12149		retval = ctl_i_t_nexus_reset(io);
12150		break;
12151	case CTL_TASK_LUN_RESET:
12152		retval = ctl_lun_reset(io);
12153		break;
12154	case CTL_TASK_TARGET_RESET:
12155	case CTL_TASK_BUS_RESET:
12156		retval = ctl_target_reset(io);
12157		break;
12158	case CTL_TASK_PORT_LOGIN:
12159		break;
12160	case CTL_TASK_PORT_LOGOUT:
12161		break;
12162	case CTL_TASK_QUERY_TASK:
12163		retval = ctl_query_task(io, 0);
12164		break;
12165	case CTL_TASK_QUERY_TASK_SET:
12166		retval = ctl_query_task(io, 1);
12167		break;
12168	case CTL_TASK_QUERY_ASYNC_EVENT:
12169		retval = ctl_query_async_event(io);
12170		break;
12171	default:
12172		printf("%s: got unknown task management event %d\n",
12173		       __func__, io->taskio.task_action);
12174		break;
12175	}
12176	if (retval == 0)
12177		io->io_hdr.status = CTL_SUCCESS;
12178	else
12179		io->io_hdr.status = CTL_ERROR;
12180	ctl_done(io);
12181}
12182
12183/*
12184 * For HA operation.  Handle commands that come in from the other
12185 * controller.
12186 */
12187static void
12188ctl_handle_isc(union ctl_io *io)
12189{
12190	struct ctl_softc *softc = CTL_SOFTC(io);
12191	struct ctl_lun *lun;
12192	const struct ctl_cmd_entry *entry;
12193	uint32_t targ_lun;
12194
12195	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12196	switch (io->io_hdr.msg_type) {
12197	case CTL_MSG_SERIALIZE:
12198		ctl_serialize_other_sc_cmd(&io->scsiio);
12199		break;
12200	case CTL_MSG_R2R:		/* Only used in SER_ONLY mode. */
12201		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12202		if (targ_lun >= ctl_max_luns ||
12203		    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12204			ctl_done(io);
12205			break;
12206		}
12207		mtx_lock(&lun->lun_lock);
12208		if (ctl_scsiio_lun_check(lun, entry, &io->scsiio) != 0) {
12209			mtx_unlock(&lun->lun_lock);
12210			ctl_done(io);
12211			break;
12212		}
12213		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12214		mtx_unlock(&lun->lun_lock);
12215		ctl_enqueue_rtr(io);
12216		break;
12217	case CTL_MSG_FINISH_IO:
12218		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12219			ctl_done(io);
12220			break;
12221		}
12222		if (targ_lun >= ctl_max_luns ||
12223		    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12224			ctl_free_io(io);
12225			break;
12226		}
12227		mtx_lock(&lun->lun_lock);
12228		TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12229		ctl_check_blocked(lun);
12230		mtx_unlock(&lun->lun_lock);
12231		ctl_free_io(io);
12232		break;
12233	case CTL_MSG_PERS_ACTION:
12234		ctl_hndl_per_res_out_on_other_sc(io);
12235		ctl_free_io(io);
12236		break;
12237	case CTL_MSG_BAD_JUJU:
12238		ctl_done(io);
12239		break;
12240	case CTL_MSG_DATAMOVE:		/* Only used in XFER mode */
12241		ctl_datamove_remote(io);
12242		break;
12243	case CTL_MSG_DATAMOVE_DONE:	/* Only used in XFER mode */
12244		io->scsiio.be_move_done(io);
12245		break;
12246	case CTL_MSG_FAILOVER:
12247		ctl_failover_lun(io);
12248		ctl_free_io(io);
12249		break;
12250	default:
12251		printf("%s: Invalid message type %d\n",
12252		       __func__, io->io_hdr.msg_type);
12253		ctl_free_io(io);
12254		break;
12255	}
12256
12257}
12258
12259
12260/*
12261 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12262 * there is no match.
12263 */
12264static ctl_lun_error_pattern
12265ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12266{
12267	const struct ctl_cmd_entry *entry;
12268	ctl_lun_error_pattern filtered_pattern, pattern;
12269
12270	pattern = desc->error_pattern;
12271
12272	/*
12273	 * XXX KDM we need more data passed into this function to match a
12274	 * custom pattern, and we actually need to implement custom pattern
12275	 * matching.
12276	 */
12277	if (pattern & CTL_LUN_PAT_CMD)
12278		return (CTL_LUN_PAT_CMD);
12279
12280	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12281		return (CTL_LUN_PAT_ANY);
12282
12283	entry = ctl_get_cmd_entry(ctsio, NULL);
12284
12285	filtered_pattern = entry->pattern & pattern;
12286
12287	/*
12288	 * If the user requested specific flags in the pattern (e.g.
12289	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12290	 * flags.
12291	 *
12292	 * If the user did not specify any flags, it doesn't matter whether
12293	 * or not the command supports the flags.
12294	 */
12295	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12296	     (pattern & ~CTL_LUN_PAT_MASK))
12297		return (CTL_LUN_PAT_NONE);
12298
12299	/*
12300	 * If the user asked for a range check, see if the requested LBA
12301	 * range overlaps with this command's LBA range.
12302	 */
12303	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12304		uint64_t lba1;
12305		uint64_t len1;
12306		ctl_action action;
12307		int retval;
12308
12309		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12310		if (retval != 0)
12311			return (CTL_LUN_PAT_NONE);
12312
12313		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12314					      desc->lba_range.len, FALSE);
12315		/*
12316		 * A "pass" means that the LBA ranges don't overlap, so
12317		 * this doesn't match the user's range criteria.
12318		 */
12319		if (action == CTL_ACTION_PASS)
12320			return (CTL_LUN_PAT_NONE);
12321	}
12322
12323	return (filtered_pattern);
12324}
12325
12326static void
12327ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12328{
12329	struct ctl_error_desc *desc, *desc2;
12330
12331	mtx_assert(&lun->lun_lock, MA_OWNED);
12332
12333	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12334		ctl_lun_error_pattern pattern;
12335		/*
12336		 * Check to see whether this particular command matches
12337		 * the pattern in the descriptor.
12338		 */
12339		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12340		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12341			continue;
12342
12343		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12344		case CTL_LUN_INJ_ABORTED:
12345			ctl_set_aborted(&io->scsiio);
12346			break;
12347		case CTL_LUN_INJ_MEDIUM_ERR:
12348			ctl_set_medium_error(&io->scsiio,
12349			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12350			     CTL_FLAG_DATA_OUT);
12351			break;
12352		case CTL_LUN_INJ_UA:
12353			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12354			 * OCCURRED */
12355			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12356			break;
12357		case CTL_LUN_INJ_CUSTOM:
12358			/*
12359			 * We're assuming the user knows what he is doing.
12360			 * Just copy the sense information without doing
12361			 * checks.
12362			 */
12363			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12364			      MIN(sizeof(desc->custom_sense),
12365				  sizeof(io->scsiio.sense_data)));
12366			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12367			io->scsiio.sense_len = SSD_FULL_SIZE;
12368			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12369			break;
12370		case CTL_LUN_INJ_NONE:
12371		default:
12372			/*
12373			 * If this is an error injection type we don't know
12374			 * about, clear the continuous flag (if it is set)
12375			 * so it will get deleted below.
12376			 */
12377			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12378			break;
12379		}
12380		/*
12381		 * By default, each error injection action is a one-shot
12382		 */
12383		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12384			continue;
12385
12386		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12387
12388		free(desc, M_CTL);
12389	}
12390}
12391
12392#ifdef CTL_IO_DELAY
12393static void
12394ctl_datamove_timer_wakeup(void *arg)
12395{
12396	union ctl_io *io;
12397
12398	io = (union ctl_io *)arg;
12399
12400	ctl_datamove(io);
12401}
12402#endif /* CTL_IO_DELAY */
12403
12404void
12405ctl_datamove(union ctl_io *io)
12406{
12407	void (*fe_datamove)(union ctl_io *io);
12408
12409	mtx_assert(&((struct ctl_softc *)CTL_SOFTC(io))->ctl_lock, MA_NOTOWNED);
12410
12411	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12412
12413	/* No data transferred yet.  Frontend must update this when done. */
12414	io->scsiio.kern_data_resid = io->scsiio.kern_data_len;
12415
12416#ifdef CTL_TIME_IO
12417	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12418		char str[256];
12419		char path_str[64];
12420		struct sbuf sb;
12421
12422		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12423		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12424
12425		sbuf_cat(&sb, path_str);
12426		switch (io->io_hdr.io_type) {
12427		case CTL_IO_SCSI:
12428			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12429			sbuf_printf(&sb, "\n");
12430			sbuf_cat(&sb, path_str);
12431			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12432				    io->scsiio.tag_num, io->scsiio.tag_type);
12433			break;
12434		case CTL_IO_TASK:
12435			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12436				    "Tag Type: %d\n", io->taskio.task_action,
12437				    io->taskio.tag_num, io->taskio.tag_type);
12438			break;
12439		default:
12440			panic("%s: Invalid CTL I/O type %d\n",
12441			    __func__, io->io_hdr.io_type);
12442		}
12443		sbuf_cat(&sb, path_str);
12444		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12445			    (intmax_t)time_uptime - io->io_hdr.start_time);
12446		sbuf_finish(&sb);
12447		printf("%s", sbuf_data(&sb));
12448	}
12449#endif /* CTL_TIME_IO */
12450
12451#ifdef CTL_IO_DELAY
12452	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12453		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12454	} else {
12455		struct ctl_lun *lun;
12456
12457		lun = CTL_LUN(io);
12458		if ((lun != NULL)
12459		 && (lun->delay_info.datamove_delay > 0)) {
12460
12461			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12462			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12463			callout_reset(&io->io_hdr.delay_callout,
12464				      lun->delay_info.datamove_delay * hz,
12465				      ctl_datamove_timer_wakeup, io);
12466			if (lun->delay_info.datamove_type ==
12467			    CTL_DELAY_TYPE_ONESHOT)
12468				lun->delay_info.datamove_delay = 0;
12469			return;
12470		}
12471	}
12472#endif
12473
12474	/*
12475	 * This command has been aborted.  Set the port status, so we fail
12476	 * the data move.
12477	 */
12478	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12479		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12480		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12481		       io->io_hdr.nexus.targ_port,
12482		       io->io_hdr.nexus.targ_lun);
12483		io->io_hdr.port_status = 31337;
12484		/*
12485		 * Note that the backend, in this case, will get the
12486		 * callback in its context.  In other cases it may get
12487		 * called in the frontend's interrupt thread context.
12488		 */
12489		io->scsiio.be_move_done(io);
12490		return;
12491	}
12492
12493	/* Don't confuse frontend with zero length data move. */
12494	if (io->scsiio.kern_data_len == 0) {
12495		io->scsiio.be_move_done(io);
12496		return;
12497	}
12498
12499	fe_datamove = CTL_PORT(io)->fe_datamove;
12500	fe_datamove(io);
12501}
12502
12503static void
12504ctl_send_datamove_done(union ctl_io *io, int have_lock)
12505{
12506	union ctl_ha_msg msg;
12507#ifdef CTL_TIME_IO
12508	struct bintime cur_bt;
12509#endif
12510
12511	memset(&msg, 0, sizeof(msg));
12512	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12513	msg.hdr.original_sc = io;
12514	msg.hdr.serializing_sc = io->io_hdr.remote_io;
12515	msg.hdr.nexus = io->io_hdr.nexus;
12516	msg.hdr.status = io->io_hdr.status;
12517	msg.scsi.kern_data_resid = io->scsiio.kern_data_resid;
12518	msg.scsi.tag_num = io->scsiio.tag_num;
12519	msg.scsi.tag_type = io->scsiio.tag_type;
12520	msg.scsi.scsi_status = io->scsiio.scsi_status;
12521	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12522	       io->scsiio.sense_len);
12523	msg.scsi.sense_len = io->scsiio.sense_len;
12524	msg.scsi.port_status = io->io_hdr.port_status;
12525	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12526	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12527		ctl_failover_io(io, /*have_lock*/ have_lock);
12528		return;
12529	}
12530	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12531	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12532	    msg.scsi.sense_len, M_WAITOK);
12533
12534#ifdef CTL_TIME_IO
12535	getbinuptime(&cur_bt);
12536	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12537	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12538#endif
12539	io->io_hdr.num_dmas++;
12540}
12541
12542/*
12543 * The DMA to the remote side is done, now we need to tell the other side
12544 * we're done so it can continue with its data movement.
12545 */
12546static void
12547ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12548{
12549	union ctl_io *io;
12550	uint32_t i;
12551
12552	io = rq->context;
12553
12554	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12555		printf("%s: ISC DMA write failed with error %d", __func__,
12556		       rq->ret);
12557		ctl_set_internal_failure(&io->scsiio,
12558					 /*sks_valid*/ 1,
12559					 /*retry_count*/ rq->ret);
12560	}
12561
12562	ctl_dt_req_free(rq);
12563
12564	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12565		free(CTL_LSGLT(io)[i].addr, M_CTL);
12566	free(CTL_RSGL(io), M_CTL);
12567	CTL_RSGL(io) = NULL;
12568	CTL_LSGL(io) = NULL;
12569
12570	/*
12571	 * The data is in local and remote memory, so now we need to send
12572	 * status (good or back) back to the other side.
12573	 */
12574	ctl_send_datamove_done(io, /*have_lock*/ 0);
12575}
12576
12577/*
12578 * We've moved the data from the host/controller into local memory.  Now we
12579 * need to push it over to the remote controller's memory.
12580 */
12581static int
12582ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12583{
12584	int retval;
12585
12586	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12587					  ctl_datamove_remote_write_cb);
12588	return (retval);
12589}
12590
12591static void
12592ctl_datamove_remote_write(union ctl_io *io)
12593{
12594	int retval;
12595	void (*fe_datamove)(union ctl_io *io);
12596
12597	/*
12598	 * - Get the data from the host/HBA into local memory.
12599	 * - DMA memory from the local controller to the remote controller.
12600	 * - Send status back to the remote controller.
12601	 */
12602
12603	retval = ctl_datamove_remote_sgl_setup(io);
12604	if (retval != 0)
12605		return;
12606
12607	/* Switch the pointer over so the FETD knows what to do */
12608	io->scsiio.kern_data_ptr = (uint8_t *)CTL_LSGL(io);
12609
12610	/*
12611	 * Use a custom move done callback, since we need to send completion
12612	 * back to the other controller, not to the backend on this side.
12613	 */
12614	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12615
12616	fe_datamove = CTL_PORT(io)->fe_datamove;
12617	fe_datamove(io);
12618}
12619
12620static int
12621ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12622{
12623#if 0
12624	char str[256];
12625	char path_str[64];
12626	struct sbuf sb;
12627#endif
12628	uint32_t i;
12629
12630	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12631		free(CTL_LSGLT(io)[i].addr, M_CTL);
12632	free(CTL_RSGL(io), M_CTL);
12633	CTL_RSGL(io) = NULL;
12634	CTL_LSGL(io) = NULL;
12635
12636#if 0
12637	scsi_path_string(io, path_str, sizeof(path_str));
12638	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12639	sbuf_cat(&sb, path_str);
12640	scsi_command_string(&io->scsiio, NULL, &sb);
12641	sbuf_printf(&sb, "\n");
12642	sbuf_cat(&sb, path_str);
12643	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12644		    io->scsiio.tag_num, io->scsiio.tag_type);
12645	sbuf_cat(&sb, path_str);
12646	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12647		    io->io_hdr.flags, io->io_hdr.status);
12648	sbuf_finish(&sb);
12649	printk("%s", sbuf_data(&sb));
12650#endif
12651
12652
12653	/*
12654	 * The read is done, now we need to send status (good or bad) back
12655	 * to the other side.
12656	 */
12657	ctl_send_datamove_done(io, /*have_lock*/ 0);
12658
12659	return (0);
12660}
12661
12662static void
12663ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12664{
12665	union ctl_io *io;
12666	void (*fe_datamove)(union ctl_io *io);
12667
12668	io = rq->context;
12669
12670	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12671		printf("%s: ISC DMA read failed with error %d\n", __func__,
12672		       rq->ret);
12673		ctl_set_internal_failure(&io->scsiio,
12674					 /*sks_valid*/ 1,
12675					 /*retry_count*/ rq->ret);
12676	}
12677
12678	ctl_dt_req_free(rq);
12679
12680	/* Switch the pointer over so the FETD knows what to do */
12681	io->scsiio.kern_data_ptr = (uint8_t *)CTL_LSGL(io);
12682
12683	/*
12684	 * Use a custom move done callback, since we need to send completion
12685	 * back to the other controller, not to the backend on this side.
12686	 */
12687	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12688
12689	/* XXX KDM add checks like the ones in ctl_datamove? */
12690
12691	fe_datamove = CTL_PORT(io)->fe_datamove;
12692	fe_datamove(io);
12693}
12694
12695static int
12696ctl_datamove_remote_sgl_setup(union ctl_io *io)
12697{
12698	struct ctl_sg_entry *local_sglist;
12699	uint32_t len_to_go;
12700	int retval;
12701	int i;
12702
12703	retval = 0;
12704	local_sglist = CTL_LSGL(io);
12705	len_to_go = io->scsiio.kern_data_len;
12706
12707	/*
12708	 * The difficult thing here is that the size of the various
12709	 * S/G segments may be different than the size from the
12710	 * remote controller.  That'll make it harder when DMAing
12711	 * the data back to the other side.
12712	 */
12713	for (i = 0; len_to_go > 0; i++) {
12714		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12715		local_sglist[i].addr =
12716		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12717
12718		len_to_go -= local_sglist[i].len;
12719	}
12720	/*
12721	 * Reset the number of S/G entries accordingly.  The original
12722	 * number of S/G entries is available in rem_sg_entries.
12723	 */
12724	io->scsiio.kern_sg_entries = i;
12725
12726#if 0
12727	printf("%s: kern_sg_entries = %d\n", __func__,
12728	       io->scsiio.kern_sg_entries);
12729	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12730		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12731		       local_sglist[i].addr, local_sglist[i].len);
12732#endif
12733
12734	return (retval);
12735}
12736
12737static int
12738ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12739			 ctl_ha_dt_cb callback)
12740{
12741	struct ctl_ha_dt_req *rq;
12742	struct ctl_sg_entry *remote_sglist, *local_sglist;
12743	uint32_t local_used, remote_used, total_used;
12744	int i, j, isc_ret;
12745
12746	rq = ctl_dt_req_alloc();
12747
12748	/*
12749	 * If we failed to allocate the request, and if the DMA didn't fail
12750	 * anyway, set busy status.  This is just a resource allocation
12751	 * failure.
12752	 */
12753	if ((rq == NULL)
12754	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12755	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12756		ctl_set_busy(&io->scsiio);
12757
12758	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12759	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12760
12761		if (rq != NULL)
12762			ctl_dt_req_free(rq);
12763
12764		/*
12765		 * The data move failed.  We need to return status back
12766		 * to the other controller.  No point in trying to DMA
12767		 * data to the remote controller.
12768		 */
12769
12770		ctl_send_datamove_done(io, /*have_lock*/ 0);
12771
12772		return (1);
12773	}
12774
12775	local_sglist = CTL_LSGL(io);
12776	remote_sglist = CTL_RSGL(io);
12777	local_used = 0;
12778	remote_used = 0;
12779	total_used = 0;
12780
12781	/*
12782	 * Pull/push the data over the wire from/to the other controller.
12783	 * This takes into account the possibility that the local and
12784	 * remote sglists may not be identical in terms of the size of
12785	 * the elements and the number of elements.
12786	 *
12787	 * One fundamental assumption here is that the length allocated for
12788	 * both the local and remote sglists is identical.  Otherwise, we've
12789	 * essentially got a coding error of some sort.
12790	 */
12791	isc_ret = CTL_HA_STATUS_SUCCESS;
12792	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12793		uint32_t cur_len;
12794		uint8_t *tmp_ptr;
12795
12796		rq->command = command;
12797		rq->context = io;
12798
12799		/*
12800		 * Both pointers should be aligned.  But it is possible
12801		 * that the allocation length is not.  They should both
12802		 * also have enough slack left over at the end, though,
12803		 * to round up to the next 8 byte boundary.
12804		 */
12805		cur_len = MIN(local_sglist[i].len - local_used,
12806			      remote_sglist[j].len - remote_used);
12807		rq->size = cur_len;
12808
12809		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12810		tmp_ptr += local_used;
12811
12812#if 0
12813		/* Use physical addresses when talking to ISC hardware */
12814		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12815			/* XXX KDM use busdma */
12816			rq->local = vtophys(tmp_ptr);
12817		} else
12818			rq->local = tmp_ptr;
12819#else
12820		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12821		    ("HA does not support BUS_ADDR"));
12822		rq->local = tmp_ptr;
12823#endif
12824
12825		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12826		tmp_ptr += remote_used;
12827		rq->remote = tmp_ptr;
12828
12829		rq->callback = NULL;
12830
12831		local_used += cur_len;
12832		if (local_used >= local_sglist[i].len) {
12833			i++;
12834			local_used = 0;
12835		}
12836
12837		remote_used += cur_len;
12838		if (remote_used >= remote_sglist[j].len) {
12839			j++;
12840			remote_used = 0;
12841		}
12842		total_used += cur_len;
12843
12844		if (total_used >= io->scsiio.kern_data_len)
12845			rq->callback = callback;
12846
12847#if 0
12848		printf("%s: %s: local %p remote %p size %d\n", __func__,
12849		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12850		       rq->local, rq->remote, rq->size);
12851#endif
12852
12853		isc_ret = ctl_dt_single(rq);
12854		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12855			break;
12856	}
12857	if (isc_ret != CTL_HA_STATUS_WAIT) {
12858		rq->ret = isc_ret;
12859		callback(rq);
12860	}
12861
12862	return (0);
12863}
12864
12865static void
12866ctl_datamove_remote_read(union ctl_io *io)
12867{
12868	int retval;
12869	uint32_t i;
12870
12871	/*
12872	 * This will send an error to the other controller in the case of a
12873	 * failure.
12874	 */
12875	retval = ctl_datamove_remote_sgl_setup(io);
12876	if (retval != 0)
12877		return;
12878
12879	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12880					  ctl_datamove_remote_read_cb);
12881	if (retval != 0) {
12882		/*
12883		 * Make sure we free memory if there was an error..  The
12884		 * ctl_datamove_remote_xfer() function will send the
12885		 * datamove done message, or call the callback with an
12886		 * error if there is a problem.
12887		 */
12888		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12889			free(CTL_LSGLT(io)[i].addr, M_CTL);
12890		free(CTL_RSGL(io), M_CTL);
12891		CTL_RSGL(io) = NULL;
12892		CTL_LSGL(io) = NULL;
12893	}
12894}
12895
12896/*
12897 * Process a datamove request from the other controller.  This is used for
12898 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12899 * first.  Once that is complete, the data gets DMAed into the remote
12900 * controller's memory.  For reads, we DMA from the remote controller's
12901 * memory into our memory first, and then move it out to the FETD.
12902 */
12903static void
12904ctl_datamove_remote(union ctl_io *io)
12905{
12906
12907	mtx_assert(&((struct ctl_softc *)CTL_SOFTC(io))->ctl_lock, MA_NOTOWNED);
12908
12909	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12910		ctl_failover_io(io, /*have_lock*/ 0);
12911		return;
12912	}
12913
12914	/*
12915	 * Note that we look for an aborted I/O here, but don't do some of
12916	 * the other checks that ctl_datamove() normally does.
12917	 * We don't need to run the datamove delay code, since that should
12918	 * have been done if need be on the other controller.
12919	 */
12920	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12921		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12922		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12923		       io->io_hdr.nexus.targ_port,
12924		       io->io_hdr.nexus.targ_lun);
12925		io->io_hdr.port_status = 31338;
12926		ctl_send_datamove_done(io, /*have_lock*/ 0);
12927		return;
12928	}
12929
12930	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12931		ctl_datamove_remote_write(io);
12932	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12933		ctl_datamove_remote_read(io);
12934	else {
12935		io->io_hdr.port_status = 31339;
12936		ctl_send_datamove_done(io, /*have_lock*/ 0);
12937	}
12938}
12939
12940static void
12941ctl_process_done(union ctl_io *io)
12942{
12943	struct ctl_softc *softc = CTL_SOFTC(io);
12944	struct ctl_port *port = CTL_PORT(io);
12945	struct ctl_lun *lun = CTL_LUN(io);
12946	void (*fe_done)(union ctl_io *io);
12947	union ctl_ha_msg msg;
12948
12949	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12950	fe_done = port->fe_done;
12951
12952#ifdef CTL_TIME_IO
12953	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12954		char str[256];
12955		char path_str[64];
12956		struct sbuf sb;
12957
12958		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12959		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12960
12961		sbuf_cat(&sb, path_str);
12962		switch (io->io_hdr.io_type) {
12963		case CTL_IO_SCSI:
12964			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12965			sbuf_printf(&sb, "\n");
12966			sbuf_cat(&sb, path_str);
12967			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12968				    io->scsiio.tag_num, io->scsiio.tag_type);
12969			break;
12970		case CTL_IO_TASK:
12971			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12972				    "Tag Type: %d\n", io->taskio.task_action,
12973				    io->taskio.tag_num, io->taskio.tag_type);
12974			break;
12975		default:
12976			panic("%s: Invalid CTL I/O type %d\n",
12977			    __func__, io->io_hdr.io_type);
12978		}
12979		sbuf_cat(&sb, path_str);
12980		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12981			    (intmax_t)time_uptime - io->io_hdr.start_time);
12982		sbuf_finish(&sb);
12983		printf("%s", sbuf_data(&sb));
12984	}
12985#endif /* CTL_TIME_IO */
12986
12987	switch (io->io_hdr.io_type) {
12988	case CTL_IO_SCSI:
12989		break;
12990	case CTL_IO_TASK:
12991		if (ctl_debug & CTL_DEBUG_INFO)
12992			ctl_io_error_print(io, NULL);
12993		fe_done(io);
12994		return;
12995	default:
12996		panic("%s: Invalid CTL I/O type %d\n",
12997		    __func__, io->io_hdr.io_type);
12998	}
12999
13000	if (lun == NULL) {
13001		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13002				 io->io_hdr.nexus.targ_mapped_lun));
13003		goto bailout;
13004	}
13005
13006	mtx_lock(&lun->lun_lock);
13007
13008	/*
13009	 * Check to see if we have any informational exception and status
13010	 * of this command can be modified to report it in form of either
13011	 * RECOVERED ERROR or NO SENSE, depending on MRIE mode page field.
13012	 */
13013	if (lun->ie_reported == 0 && lun->ie_asc != 0 &&
13014	    io->io_hdr.status == CTL_SUCCESS &&
13015	    (io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0) {
13016		uint8_t mrie = lun->MODE_IE.mrie;
13017		uint8_t per = ((lun->MODE_RWER.byte3 & SMS_RWER_PER) ||
13018		    (lun->MODE_VER.byte3 & SMS_VER_PER));
13019		if (((mrie == SIEP_MRIE_REC_COND && per) ||
13020		     mrie == SIEP_MRIE_REC_UNCOND ||
13021		     mrie == SIEP_MRIE_NO_SENSE) &&
13022		    (ctl_get_cmd_entry(&io->scsiio, NULL)->flags &
13023		     CTL_CMD_FLAG_NO_SENSE) == 0) {
13024			ctl_set_sense(&io->scsiio,
13025			      /*current_error*/ 1,
13026			      /*sense_key*/ (mrie == SIEP_MRIE_NO_SENSE) ?
13027			        SSD_KEY_NO_SENSE : SSD_KEY_RECOVERED_ERROR,
13028			      /*asc*/ lun->ie_asc,
13029			      /*ascq*/ lun->ie_ascq,
13030			      SSD_ELEM_NONE);
13031			lun->ie_reported = 1;
13032		}
13033	} else if (lun->ie_reported < 0)
13034		lun->ie_reported = 0;
13035
13036	/*
13037	 * Check to see if we have any errors to inject here.  We only
13038	 * inject errors for commands that don't already have errors set.
13039	 */
13040	if (!STAILQ_EMPTY(&lun->error_list) &&
13041	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13042	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13043		ctl_inject_error(lun, io);
13044
13045	/*
13046	 * XXX KDM how do we treat commands that aren't completed
13047	 * successfully?
13048	 *
13049	 * XXX KDM should we also track I/O latency?
13050	 */
13051	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13052	    io->io_hdr.io_type == CTL_IO_SCSI) {
13053		int type;
13054#ifdef CTL_TIME_IO
13055		struct bintime bt;
13056
13057		getbinuptime(&bt);
13058		bintime_sub(&bt, &io->io_hdr.start_bt);
13059#endif
13060		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13061		    CTL_FLAG_DATA_IN)
13062			type = CTL_STATS_READ;
13063		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13064		    CTL_FLAG_DATA_OUT)
13065			type = CTL_STATS_WRITE;
13066		else
13067			type = CTL_STATS_NO_IO;
13068
13069#ifdef CTL_LEGACY_STATS
13070		uint32_t targ_port = port->targ_port;
13071		lun->legacy_stats.ports[targ_port].bytes[type] +=
13072		    io->scsiio.kern_total_len;
13073		lun->legacy_stats.ports[targ_port].operations[type] ++;
13074		lun->legacy_stats.ports[targ_port].num_dmas[type] +=
13075		    io->io_hdr.num_dmas;
13076#ifdef CTL_TIME_IO
13077		bintime_add(&lun->legacy_stats.ports[targ_port].dma_time[type],
13078		   &io->io_hdr.dma_bt);
13079		bintime_add(&lun->legacy_stats.ports[targ_port].time[type],
13080		    &bt);
13081#endif
13082#endif /* CTL_LEGACY_STATS */
13083
13084		lun->stats.bytes[type] += io->scsiio.kern_total_len;
13085		lun->stats.operations[type] ++;
13086		lun->stats.dmas[type] += io->io_hdr.num_dmas;
13087#ifdef CTL_TIME_IO
13088		bintime_add(&lun->stats.dma_time[type], &io->io_hdr.dma_bt);
13089		bintime_add(&lun->stats.time[type], &bt);
13090#endif
13091
13092		mtx_lock(&port->port_lock);
13093		port->stats.bytes[type] += io->scsiio.kern_total_len;
13094		port->stats.operations[type] ++;
13095		port->stats.dmas[type] += io->io_hdr.num_dmas;
13096#ifdef CTL_TIME_IO
13097		bintime_add(&port->stats.dma_time[type], &io->io_hdr.dma_bt);
13098		bintime_add(&port->stats.time[type], &bt);
13099#endif
13100		mtx_unlock(&port->port_lock);
13101	}
13102
13103	/*
13104	 * Remove this from the OOA queue.
13105	 */
13106	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13107#ifdef CTL_TIME_IO
13108	if (TAILQ_EMPTY(&lun->ooa_queue))
13109		lun->last_busy = getsbinuptime();
13110#endif
13111
13112	/*
13113	 * Run through the blocked queue on this LUN and see if anything
13114	 * has become unblocked, now that this transaction is done.
13115	 */
13116	ctl_check_blocked(lun);
13117
13118	/*
13119	 * If the LUN has been invalidated, free it if there is nothing
13120	 * left on its OOA queue.
13121	 */
13122	if ((lun->flags & CTL_LUN_INVALID)
13123	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13124		mtx_unlock(&lun->lun_lock);
13125		ctl_free_lun(lun);
13126	} else
13127		mtx_unlock(&lun->lun_lock);
13128
13129bailout:
13130
13131	/*
13132	 * If this command has been aborted, make sure we set the status
13133	 * properly.  The FETD is responsible for freeing the I/O and doing
13134	 * whatever it needs to do to clean up its state.
13135	 */
13136	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13137		ctl_set_task_aborted(&io->scsiio);
13138
13139	/*
13140	 * If enabled, print command error status.
13141	 */
13142	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13143	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13144		ctl_io_error_print(io, NULL);
13145
13146	/*
13147	 * Tell the FETD or the other shelf controller we're done with this
13148	 * command.  Note that only SCSI commands get to this point.  Task
13149	 * management commands are completed above.
13150	 */
13151	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13152	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13153		memset(&msg, 0, sizeof(msg));
13154		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13155		msg.hdr.serializing_sc = io->io_hdr.remote_io;
13156		msg.hdr.nexus = io->io_hdr.nexus;
13157		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13158		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13159		    M_WAITOK);
13160	}
13161
13162	fe_done(io);
13163}
13164
13165/*
13166 * Front end should call this if it doesn't do autosense.  When the request
13167 * sense comes back in from the initiator, we'll dequeue this and send it.
13168 */
13169int
13170ctl_queue_sense(union ctl_io *io)
13171{
13172	struct ctl_softc *softc = CTL_SOFTC(io);
13173	struct ctl_port *port = CTL_PORT(io);
13174	struct ctl_lun *lun;
13175	struct scsi_sense_data *ps;
13176	uint32_t initidx, p, targ_lun;
13177
13178	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13179
13180	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13181
13182	/*
13183	 * LUN lookup will likely move to the ctl_work_thread() once we
13184	 * have our new queueing infrastructure (that doesn't put things on
13185	 * a per-LUN queue initially).  That is so that we can handle
13186	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13187	 * can't deal with that right now.
13188	 * If we don't have a LUN for this, just toss the sense information.
13189	 */
13190	mtx_lock(&softc->ctl_lock);
13191	if (targ_lun >= ctl_max_luns ||
13192	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
13193		mtx_unlock(&softc->ctl_lock);
13194		goto bailout;
13195	}
13196	mtx_lock(&lun->lun_lock);
13197	mtx_unlock(&softc->ctl_lock);
13198
13199	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13200	p = initidx / CTL_MAX_INIT_PER_PORT;
13201	if (lun->pending_sense[p] == NULL) {
13202		lun->pending_sense[p] = malloc(sizeof(*ps) * CTL_MAX_INIT_PER_PORT,
13203		    M_CTL, M_NOWAIT | M_ZERO);
13204	}
13205	if ((ps = lun->pending_sense[p]) != NULL) {
13206		ps += initidx % CTL_MAX_INIT_PER_PORT;
13207		memset(ps, 0, sizeof(*ps));
13208		memcpy(ps, &io->scsiio.sense_data, io->scsiio.sense_len);
13209	}
13210	mtx_unlock(&lun->lun_lock);
13211
13212bailout:
13213	ctl_free_io(io);
13214	return (CTL_RETVAL_COMPLETE);
13215}
13216
13217/*
13218 * Primary command inlet from frontend ports.  All SCSI and task I/O
13219 * requests must go through this function.
13220 */
13221int
13222ctl_queue(union ctl_io *io)
13223{
13224	struct ctl_port *port = CTL_PORT(io);
13225
13226	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13227
13228#ifdef CTL_TIME_IO
13229	io->io_hdr.start_time = time_uptime;
13230	getbinuptime(&io->io_hdr.start_bt);
13231#endif /* CTL_TIME_IO */
13232
13233	/* Map FE-specific LUN ID into global one. */
13234	io->io_hdr.nexus.targ_mapped_lun =
13235	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13236
13237	switch (io->io_hdr.io_type) {
13238	case CTL_IO_SCSI:
13239	case CTL_IO_TASK:
13240		if (ctl_debug & CTL_DEBUG_CDB)
13241			ctl_io_print(io);
13242		ctl_enqueue_incoming(io);
13243		break;
13244	default:
13245		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13246		return (EINVAL);
13247	}
13248
13249	return (CTL_RETVAL_COMPLETE);
13250}
13251
13252#ifdef CTL_IO_DELAY
13253static void
13254ctl_done_timer_wakeup(void *arg)
13255{
13256	union ctl_io *io;
13257
13258	io = (union ctl_io *)arg;
13259	ctl_done(io);
13260}
13261#endif /* CTL_IO_DELAY */
13262
13263void
13264ctl_serseq_done(union ctl_io *io)
13265{
13266	struct ctl_lun *lun = CTL_LUN(io);;
13267
13268	if (lun->be_lun == NULL ||
13269	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13270		return;
13271	mtx_lock(&lun->lun_lock);
13272	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13273	ctl_check_blocked(lun);
13274	mtx_unlock(&lun->lun_lock);
13275}
13276
13277void
13278ctl_done(union ctl_io *io)
13279{
13280
13281	/*
13282	 * Enable this to catch duplicate completion issues.
13283	 */
13284#if 0
13285	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13286		printf("%s: type %d msg %d cdb %x iptl: "
13287		       "%u:%u:%u tag 0x%04x "
13288		       "flag %#x status %x\n",
13289			__func__,
13290			io->io_hdr.io_type,
13291			io->io_hdr.msg_type,
13292			io->scsiio.cdb[0],
13293			io->io_hdr.nexus.initid,
13294			io->io_hdr.nexus.targ_port,
13295			io->io_hdr.nexus.targ_lun,
13296			(io->io_hdr.io_type ==
13297			CTL_IO_TASK) ?
13298			io->taskio.tag_num :
13299			io->scsiio.tag_num,
13300		        io->io_hdr.flags,
13301			io->io_hdr.status);
13302	} else
13303		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13304#endif
13305
13306	/*
13307	 * This is an internal copy of an I/O, and should not go through
13308	 * the normal done processing logic.
13309	 */
13310	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13311		return;
13312
13313#ifdef CTL_IO_DELAY
13314	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13315		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13316	} else {
13317		struct ctl_lun *lun = CTL_LUN(io);
13318
13319		if ((lun != NULL)
13320		 && (lun->delay_info.done_delay > 0)) {
13321
13322			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13323			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13324			callout_reset(&io->io_hdr.delay_callout,
13325				      lun->delay_info.done_delay * hz,
13326				      ctl_done_timer_wakeup, io);
13327			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13328				lun->delay_info.done_delay = 0;
13329			return;
13330		}
13331	}
13332#endif /* CTL_IO_DELAY */
13333
13334	ctl_enqueue_done(io);
13335}
13336
13337static void
13338ctl_work_thread(void *arg)
13339{
13340	struct ctl_thread *thr = (struct ctl_thread *)arg;
13341	struct ctl_softc *softc = thr->ctl_softc;
13342	union ctl_io *io;
13343	int retval;
13344
13345	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13346
13347	while (!softc->shutdown) {
13348		/*
13349		 * We handle the queues in this order:
13350		 * - ISC
13351		 * - done queue (to free up resources, unblock other commands)
13352		 * - RtR queue
13353		 * - incoming queue
13354		 *
13355		 * If those queues are empty, we break out of the loop and
13356		 * go to sleep.
13357		 */
13358		mtx_lock(&thr->queue_lock);
13359		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13360		if (io != NULL) {
13361			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13362			mtx_unlock(&thr->queue_lock);
13363			ctl_handle_isc(io);
13364			continue;
13365		}
13366		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13367		if (io != NULL) {
13368			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13369			/* clear any blocked commands, call fe_done */
13370			mtx_unlock(&thr->queue_lock);
13371			ctl_process_done(io);
13372			continue;
13373		}
13374		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13375		if (io != NULL) {
13376			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13377			mtx_unlock(&thr->queue_lock);
13378			if (io->io_hdr.io_type == CTL_IO_TASK)
13379				ctl_run_task(io);
13380			else
13381				ctl_scsiio_precheck(softc, &io->scsiio);
13382			continue;
13383		}
13384		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13385		if (io != NULL) {
13386			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13387			mtx_unlock(&thr->queue_lock);
13388			retval = ctl_scsiio(&io->scsiio);
13389			if (retval != CTL_RETVAL_COMPLETE)
13390				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13391			continue;
13392		}
13393
13394		/* Sleep until we have something to do. */
13395		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13396	}
13397	thr->thread = NULL;
13398	kthread_exit();
13399}
13400
13401static void
13402ctl_lun_thread(void *arg)
13403{
13404	struct ctl_softc *softc = (struct ctl_softc *)arg;
13405	struct ctl_be_lun *be_lun;
13406
13407	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13408
13409	while (!softc->shutdown) {
13410		mtx_lock(&softc->ctl_lock);
13411		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13412		if (be_lun != NULL) {
13413			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13414			mtx_unlock(&softc->ctl_lock);
13415			ctl_create_lun(be_lun);
13416			continue;
13417		}
13418
13419		/* Sleep until we have something to do. */
13420		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13421		    PDROP | PRIBIO, "-", 0);
13422	}
13423	softc->lun_thread = NULL;
13424	kthread_exit();
13425}
13426
13427static void
13428ctl_thresh_thread(void *arg)
13429{
13430	struct ctl_softc *softc = (struct ctl_softc *)arg;
13431	struct ctl_lun *lun;
13432	struct ctl_logical_block_provisioning_page *page;
13433	const char *attr;
13434	union ctl_ha_msg msg;
13435	uint64_t thres, val;
13436	int i, e, set;
13437
13438	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13439
13440	while (!softc->shutdown) {
13441		mtx_lock(&softc->ctl_lock);
13442		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13443			if ((lun->flags & CTL_LUN_DISABLED) ||
13444			    (lun->flags & CTL_LUN_NO_MEDIA) ||
13445			    lun->backend->lun_attr == NULL)
13446				continue;
13447			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13448			    softc->ha_mode == CTL_HA_MODE_XFER)
13449				continue;
13450			if ((lun->MODE_RWER.byte8 & SMS_RWER_LBPERE) == 0)
13451				continue;
13452			e = 0;
13453			page = &lun->MODE_LBP;
13454			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13455				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13456					continue;
13457				thres = scsi_4btoul(page->descr[i].count);
13458				thres <<= CTL_LBP_EXPONENT;
13459				switch (page->descr[i].resource) {
13460				case 0x01:
13461					attr = "blocksavail";
13462					break;
13463				case 0x02:
13464					attr = "blocksused";
13465					break;
13466				case 0xf1:
13467					attr = "poolblocksavail";
13468					break;
13469				case 0xf2:
13470					attr = "poolblocksused";
13471					break;
13472				default:
13473					continue;
13474				}
13475				mtx_unlock(&softc->ctl_lock); // XXX
13476				val = lun->backend->lun_attr(
13477				    lun->be_lun->be_lun, attr);
13478				mtx_lock(&softc->ctl_lock);
13479				if (val == UINT64_MAX)
13480					continue;
13481				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13482				    == SLBPPD_ARMING_INC)
13483					e = (val >= thres);
13484				else
13485					e = (val <= thres);
13486				if (e)
13487					break;
13488			}
13489			mtx_lock(&lun->lun_lock);
13490			if (e) {
13491				scsi_u64to8b((uint8_t *)&page->descr[i] -
13492				    (uint8_t *)page, lun->ua_tpt_info);
13493				if (lun->lasttpt == 0 ||
13494				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13495					lun->lasttpt = time_uptime;
13496					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13497					set = 1;
13498				} else
13499					set = 0;
13500			} else {
13501				lun->lasttpt = 0;
13502				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13503				set = -1;
13504			}
13505			mtx_unlock(&lun->lun_lock);
13506			if (set != 0 &&
13507			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13508				/* Send msg to other side. */
13509				bzero(&msg.ua, sizeof(msg.ua));
13510				msg.hdr.msg_type = CTL_MSG_UA;
13511				msg.hdr.nexus.initid = -1;
13512				msg.hdr.nexus.targ_port = -1;
13513				msg.hdr.nexus.targ_lun = lun->lun;
13514				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13515				msg.ua.ua_all = 1;
13516				msg.ua.ua_set = (set > 0);
13517				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13518				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13519				mtx_unlock(&softc->ctl_lock); // XXX
13520				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13521				    sizeof(msg.ua), M_WAITOK);
13522				mtx_lock(&softc->ctl_lock);
13523			}
13524		}
13525		mtx_sleep(&softc->thresh_thread, &softc->ctl_lock,
13526		    PDROP | PRIBIO, "-", CTL_LBP_PERIOD * hz);
13527	}
13528	softc->thresh_thread = NULL;
13529	kthread_exit();
13530}
13531
13532static void
13533ctl_enqueue_incoming(union ctl_io *io)
13534{
13535	struct ctl_softc *softc = CTL_SOFTC(io);
13536	struct ctl_thread *thr;
13537	u_int idx;
13538
13539	idx = (io->io_hdr.nexus.targ_port * 127 +
13540	       io->io_hdr.nexus.initid) % worker_threads;
13541	thr = &softc->threads[idx];
13542	mtx_lock(&thr->queue_lock);
13543	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13544	mtx_unlock(&thr->queue_lock);
13545	wakeup(thr);
13546}
13547
13548static void
13549ctl_enqueue_rtr(union ctl_io *io)
13550{
13551	struct ctl_softc *softc = CTL_SOFTC(io);
13552	struct ctl_thread *thr;
13553
13554	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13555	mtx_lock(&thr->queue_lock);
13556	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13557	mtx_unlock(&thr->queue_lock);
13558	wakeup(thr);
13559}
13560
13561static void
13562ctl_enqueue_done(union ctl_io *io)
13563{
13564	struct ctl_softc *softc = CTL_SOFTC(io);
13565	struct ctl_thread *thr;
13566
13567	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13568	mtx_lock(&thr->queue_lock);
13569	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13570	mtx_unlock(&thr->queue_lock);
13571	wakeup(thr);
13572}
13573
13574static void
13575ctl_enqueue_isc(union ctl_io *io)
13576{
13577	struct ctl_softc *softc = CTL_SOFTC(io);
13578	struct ctl_thread *thr;
13579
13580	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13581	mtx_lock(&thr->queue_lock);
13582	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13583	mtx_unlock(&thr->queue_lock);
13584	wakeup(thr);
13585}
13586
13587/*
13588 *  vim: ts=8
13589 */
13590