ctl.c revision 360686 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2014-2017 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#include <sys/cdefs.h>
44__FBSDID("$FreeBSD: stable/11/sys/cam/ctl/ctl.c 360686 2020-05-06 08:24:47Z dim $");
45
46#include <sys/param.h>
47#include <sys/systm.h>
48#include <sys/ctype.h>
49#include <sys/kernel.h>
50#include <sys/types.h>
51#include <sys/kthread.h>
52#include <sys/bio.h>
53#include <sys/fcntl.h>
54#include <sys/lock.h>
55#include <sys/module.h>
56#include <sys/mutex.h>
57#include <sys/condvar.h>
58#include <sys/malloc.h>
59#include <sys/conf.h>
60#include <sys/ioccom.h>
61#include <sys/queue.h>
62#include <sys/sbuf.h>
63#include <sys/smp.h>
64#include <sys/endian.h>
65#include <sys/proc.h>
66#include <sys/sched.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_cd.h>
73#include <cam/scsi/scsi_da.h>
74#include <cam/ctl/ctl_io.h>
75#include <cam/ctl/ctl.h>
76#include <cam/ctl/ctl_frontend.h>
77#include <cam/ctl/ctl_util.h>
78#include <cam/ctl/ctl_backend.h>
79#include <cam/ctl/ctl_ioctl.h>
80#include <cam/ctl/ctl_ha.h>
81#include <cam/ctl/ctl_private.h>
82#include <cam/ctl/ctl_debug.h>
83#include <cam/ctl/ctl_scsi_all.h>
84#include <cam/ctl/ctl_error.h>
85
86struct ctl_softc *control_softc = NULL;
87
88/*
89 * Template mode pages.
90 */
91
92/*
93 * Note that these are default values only.  The actual values will be
94 * filled in when the user does a mode sense.
95 */
96const static struct scsi_da_rw_recovery_page rw_er_page_default = {
97	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
98	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
99	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
100	/*read_retry_count*/0,
101	/*correction_span*/0,
102	/*head_offset_count*/0,
103	/*data_strobe_offset_cnt*/0,
104	/*byte8*/SMS_RWER_LBPERE,
105	/*write_retry_count*/0,
106	/*reserved2*/0,
107	/*recovery_time_limit*/{0, 0},
108};
109
110const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
111	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
112	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
113	/*byte3*/SMS_RWER_PER,
114	/*read_retry_count*/0,
115	/*correction_span*/0,
116	/*head_offset_count*/0,
117	/*data_strobe_offset_cnt*/0,
118	/*byte8*/SMS_RWER_LBPERE,
119	/*write_retry_count*/0,
120	/*reserved2*/0,
121	/*recovery_time_limit*/{0, 0},
122};
123
124const static struct scsi_format_page format_page_default = {
125	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
126	/*page_length*/sizeof(struct scsi_format_page) - 2,
127	/*tracks_per_zone*/ {0, 0},
128	/*alt_sectors_per_zone*/ {0, 0},
129	/*alt_tracks_per_zone*/ {0, 0},
130	/*alt_tracks_per_lun*/ {0, 0},
131	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
132			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
133	/*bytes_per_sector*/ {0, 0},
134	/*interleave*/ {0, 0},
135	/*track_skew*/ {0, 0},
136	/*cylinder_skew*/ {0, 0},
137	/*flags*/ SFP_HSEC,
138	/*reserved*/ {0, 0, 0}
139};
140
141const static struct scsi_format_page format_page_changeable = {
142	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
143	/*page_length*/sizeof(struct scsi_format_page) - 2,
144	/*tracks_per_zone*/ {0, 0},
145	/*alt_sectors_per_zone*/ {0, 0},
146	/*alt_tracks_per_zone*/ {0, 0},
147	/*alt_tracks_per_lun*/ {0, 0},
148	/*sectors_per_track*/ {0, 0},
149	/*bytes_per_sector*/ {0, 0},
150	/*interleave*/ {0, 0},
151	/*track_skew*/ {0, 0},
152	/*cylinder_skew*/ {0, 0},
153	/*flags*/ 0,
154	/*reserved*/ {0, 0, 0}
155};
156
157const static struct scsi_rigid_disk_page rigid_disk_page_default = {
158	/*page_code*/SMS_RIGID_DISK_PAGE,
159	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
160	/*cylinders*/ {0, 0, 0},
161	/*heads*/ CTL_DEFAULT_HEADS,
162	/*start_write_precomp*/ {0, 0, 0},
163	/*start_reduced_current*/ {0, 0, 0},
164	/*step_rate*/ {0, 0},
165	/*landing_zone_cylinder*/ {0, 0, 0},
166	/*rpl*/ SRDP_RPL_DISABLED,
167	/*rotational_offset*/ 0,
168	/*reserved1*/ 0,
169	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
170			   CTL_DEFAULT_ROTATION_RATE & 0xff},
171	/*reserved2*/ {0, 0}
172};
173
174const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
175	/*page_code*/SMS_RIGID_DISK_PAGE,
176	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
177	/*cylinders*/ {0, 0, 0},
178	/*heads*/ 0,
179	/*start_write_precomp*/ {0, 0, 0},
180	/*start_reduced_current*/ {0, 0, 0},
181	/*step_rate*/ {0, 0},
182	/*landing_zone_cylinder*/ {0, 0, 0},
183	/*rpl*/ 0,
184	/*rotational_offset*/ 0,
185	/*reserved1*/ 0,
186	/*rotation_rate*/ {0, 0},
187	/*reserved2*/ {0, 0}
188};
189
190const static struct scsi_da_verify_recovery_page verify_er_page_default = {
191	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
192	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
193	/*byte3*/0,
194	/*read_retry_count*/0,
195	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
196	/*recovery_time_limit*/{0, 0},
197};
198
199const static struct scsi_da_verify_recovery_page verify_er_page_changeable = {
200	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
201	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
202	/*byte3*/SMS_VER_PER,
203	/*read_retry_count*/0,
204	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
205	/*recovery_time_limit*/{0, 0},
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK | SCP_NUAR,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0xff
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_EWASC,
288	/*mrie*/SIEP_MRIE_NO,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 1}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/SIEP_FLAGS_EWASC | SIEP_FLAGS_DEXCPT | SIEP_FLAGS_TEST |
297	    SIEP_FLAGS_LOGERR,
298	/*mrie*/0x0f,
299	/*interval_timer*/{0xff, 0xff, 0xff, 0xff},
300	/*report_count*/{0xff, 0xff, 0xff, 0xff}
301};
302
303#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
304
305const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
306	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
307	/*subpage_code*/0x02,
308	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
309	/*flags*/0,
310	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311	/*descr*/{}},
312	{{/*flags*/0,
313	  /*resource*/0x01,
314	  /*reserved*/{0, 0},
315	  /*count*/{0, 0, 0, 0}},
316	 {/*flags*/0,
317	  /*resource*/0x02,
318	  /*reserved*/{0, 0},
319	  /*count*/{0, 0, 0, 0}},
320	 {/*flags*/0,
321	  /*resource*/0xf1,
322	  /*reserved*/{0, 0},
323	  /*count*/{0, 0, 0, 0}},
324	 {/*flags*/0,
325	  /*resource*/0xf2,
326	  /*reserved*/{0, 0},
327	  /*count*/{0, 0, 0, 0}}
328	}
329};
330
331const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
332	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
333	/*subpage_code*/0x02,
334	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
335	/*flags*/SLBPP_SITUA,
336	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
337	/*descr*/{}},
338	{{/*flags*/0,
339	  /*resource*/0,
340	  /*reserved*/{0, 0},
341	  /*count*/{0, 0, 0, 0}},
342	 {/*flags*/0,
343	  /*resource*/0,
344	  /*reserved*/{0, 0},
345	  /*count*/{0, 0, 0, 0}},
346	 {/*flags*/0,
347	  /*resource*/0,
348	  /*reserved*/{0, 0},
349	  /*count*/{0, 0, 0, 0}},
350	 {/*flags*/0,
351	  /*resource*/0,
352	  /*reserved*/{0, 0},
353	  /*count*/{0, 0, 0, 0}}
354	}
355};
356
357const static struct scsi_cddvd_capabilities_page cddvd_page_default = {
358	/*page_code*/SMS_CDDVD_CAPS_PAGE,
359	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
360	/*caps1*/0x3f,
361	/*caps2*/0x00,
362	/*caps3*/0xf0,
363	/*caps4*/0x00,
364	/*caps5*/0x29,
365	/*caps6*/0x00,
366	/*obsolete*/{0, 0},
367	/*nvol_levels*/{0, 0},
368	/*buffer_size*/{8, 0},
369	/*obsolete2*/{0, 0},
370	/*reserved*/0,
371	/*digital*/0,
372	/*obsolete3*/0,
373	/*copy_management*/0,
374	/*reserved2*/0,
375	/*rotation_control*/0,
376	/*cur_write_speed*/0,
377	/*num_speed_descr*/0,
378};
379
380const static struct scsi_cddvd_capabilities_page cddvd_page_changeable = {
381	/*page_code*/SMS_CDDVD_CAPS_PAGE,
382	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
383	/*caps1*/0,
384	/*caps2*/0,
385	/*caps3*/0,
386	/*caps4*/0,
387	/*caps5*/0,
388	/*caps6*/0,
389	/*obsolete*/{0, 0},
390	/*nvol_levels*/{0, 0},
391	/*buffer_size*/{0, 0},
392	/*obsolete2*/{0, 0},
393	/*reserved*/0,
394	/*digital*/0,
395	/*obsolete3*/0,
396	/*copy_management*/0,
397	/*reserved2*/0,
398	/*rotation_control*/0,
399	/*cur_write_speed*/0,
400	/*num_speed_descr*/0,
401};
402
403SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
404static int worker_threads = -1;
405SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
406    &worker_threads, 1, "Number of worker threads");
407static int ctl_debug = CTL_DEBUG_NONE;
408SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
409    &ctl_debug, 0, "Enabled debug flags");
410static int ctl_lun_map_size = 1024;
411SYSCTL_INT(_kern_cam_ctl, OID_AUTO, lun_map_size, CTLFLAG_RWTUN,
412    &ctl_lun_map_size, 0, "Size of per-port LUN map (max LUN + 1)");
413#ifdef  CTL_TIME_IO
414static int ctl_time_io_secs = CTL_TIME_IO_DEFAULT_SECS;
415SYSCTL_INT(_kern_cam_ctl, OID_AUTO, time_io_secs, CTLFLAG_RWTUN,
416    &ctl_time_io_secs, 0, "Log requests taking more seconds");
417#endif
418
419/*
420 * Maximum number of LUNs we support.  MUST be a power of 2.
421 */
422#define	CTL_DEFAULT_MAX_LUNS	1024
423static int ctl_max_luns = CTL_DEFAULT_MAX_LUNS;
424TUNABLE_INT("kern.cam.ctl.max_luns", &ctl_max_luns);
425SYSCTL_INT(_kern_cam_ctl, OID_AUTO, max_luns, CTLFLAG_RDTUN,
426    &ctl_max_luns, CTL_DEFAULT_MAX_LUNS, "Maximum number of LUNs");
427
428/*
429 * Maximum number of ports registered at one time.
430 */
431#define	CTL_DEFAULT_MAX_PORTS		256
432static int ctl_max_ports = CTL_DEFAULT_MAX_PORTS;
433TUNABLE_INT("kern.cam.ctl.max_ports", &ctl_max_ports);
434SYSCTL_INT(_kern_cam_ctl, OID_AUTO, max_ports, CTLFLAG_RDTUN,
435    &ctl_max_ports, CTL_DEFAULT_MAX_LUNS, "Maximum number of ports");
436
437/*
438 * Maximum number of initiators we support.
439 */
440#define	CTL_MAX_INITIATORS	(CTL_MAX_INIT_PER_PORT * ctl_max_ports)
441
442/*
443 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
444 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
445 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
446 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
447 */
448#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
449
450static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
451				  int param);
452static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
453static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
454static int ctl_init(void);
455static int ctl_shutdown(void);
456static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
457static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
458static void ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
459static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
460			      struct ctl_ooa *ooa_hdr,
461			      struct ctl_ooa_entry *kern_entries);
462static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
463		     struct thread *td);
464static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
465			 struct ctl_be_lun *be_lun);
466static int ctl_free_lun(struct ctl_lun *lun);
467static void ctl_create_lun(struct ctl_be_lun *be_lun);
468
469static int ctl_do_mode_select(union ctl_io *io);
470static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
471			   uint64_t res_key, uint64_t sa_res_key,
472			   uint8_t type, uint32_t residx,
473			   struct ctl_scsiio *ctsio,
474			   struct scsi_per_res_out *cdb,
475			   struct scsi_per_res_out_parms* param);
476static void ctl_pro_preempt_other(struct ctl_lun *lun,
477				  union ctl_ha_msg *msg);
478static void ctl_hndl_per_res_out_on_other_sc(union ctl_io *io);
479static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
480static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
481static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
482static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
483static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
484static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
485					 int alloc_len);
486static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
487					 int alloc_len);
488static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
489static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
490static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
491static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
492static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
493static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
494    bool seq);
495static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
496static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
497    union ctl_io *pending_io, union ctl_io *ooa_io);
498static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
499				union ctl_io **starting_io);
500static void ctl_try_unblock_io(struct ctl_lun *lun, union ctl_io *io,
501    bool skip);
502static void ctl_try_unblock_others(struct ctl_lun *lun, union ctl_io *io,
503    bool skip);
504static int ctl_scsiio_lun_check(struct ctl_lun *lun,
505				const struct ctl_cmd_entry *entry,
506				struct ctl_scsiio *ctsio);
507static void ctl_failover_lun(union ctl_io *io);
508static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
509			       struct ctl_scsiio *ctsio);
510static int ctl_scsiio(struct ctl_scsiio *ctsio);
511
512static int ctl_target_reset(union ctl_io *io);
513static void ctl_do_lun_reset(struct ctl_lun *lun, uint32_t initidx,
514			 ctl_ua_type ua_type);
515static int ctl_lun_reset(union ctl_io *io);
516static int ctl_abort_task(union ctl_io *io);
517static int ctl_abort_task_set(union ctl_io *io);
518static int ctl_query_task(union ctl_io *io, int task_set);
519static void ctl_i_t_nexus_loss(struct ctl_softc *softc, uint32_t initidx,
520			      ctl_ua_type ua_type);
521static int ctl_i_t_nexus_reset(union ctl_io *io);
522static int ctl_query_async_event(union ctl_io *io);
523static void ctl_run_task(union ctl_io *io);
524#ifdef CTL_IO_DELAY
525static void ctl_datamove_timer_wakeup(void *arg);
526static void ctl_done_timer_wakeup(void *arg);
527#endif /* CTL_IO_DELAY */
528
529static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
530static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
531static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
532static void ctl_datamove_remote_write(union ctl_io *io);
533static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
534static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
535static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
536static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
537				    ctl_ha_dt_cb callback);
538static void ctl_datamove_remote_read(union ctl_io *io);
539static void ctl_datamove_remote(union ctl_io *io);
540static void ctl_process_done(union ctl_io *io);
541static void ctl_lun_thread(void *arg);
542static void ctl_thresh_thread(void *arg);
543static void ctl_work_thread(void *arg);
544static void ctl_enqueue_incoming(union ctl_io *io);
545static void ctl_enqueue_rtr(union ctl_io *io);
546static void ctl_enqueue_done(union ctl_io *io);
547static void ctl_enqueue_isc(union ctl_io *io);
548static const struct ctl_cmd_entry *
549    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
550static const struct ctl_cmd_entry *
551    ctl_validate_command(struct ctl_scsiio *ctsio);
552static int ctl_cmd_applicable(uint8_t lun_type,
553    const struct ctl_cmd_entry *entry);
554static int ctl_ha_init(void);
555static int ctl_ha_shutdown(void);
556
557static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
558static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
559static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
560static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
561
562/*
563 * Load the serialization table.  This isn't very pretty, but is probably
564 * the easiest way to do it.
565 */
566#include "ctl_ser_table.c"
567
568/*
569 * We only need to define open, close and ioctl routines for this driver.
570 */
571static struct cdevsw ctl_cdevsw = {
572	.d_version =	D_VERSION,
573	.d_flags =	0,
574	.d_open =	ctl_open,
575	.d_close =	ctl_close,
576	.d_ioctl =	ctl_ioctl,
577	.d_name =	"ctl",
578};
579
580
581MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
582
583static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
584
585static moduledata_t ctl_moduledata = {
586	"ctl",
587	ctl_module_event_handler,
588	NULL
589};
590
591DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
592MODULE_VERSION(ctl, 1);
593
594static struct ctl_frontend ha_frontend =
595{
596	.name = "ha",
597	.init = ctl_ha_init,
598	.shutdown = ctl_ha_shutdown,
599};
600
601static int
602ctl_ha_init(void)
603{
604	struct ctl_softc *softc = control_softc;
605
606	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
607	                    &softc->othersc_pool) != 0)
608		return (ENOMEM);
609	if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
610		ctl_pool_free(softc->othersc_pool);
611		return (EIO);
612	}
613	if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
614	    != CTL_HA_STATUS_SUCCESS) {
615		ctl_ha_msg_destroy(softc);
616		ctl_pool_free(softc->othersc_pool);
617		return (EIO);
618	}
619	return (0);
620};
621
622static int
623ctl_ha_shutdown(void)
624{
625	struct ctl_softc *softc = control_softc;
626	struct ctl_port *port;
627
628	ctl_ha_msg_shutdown(softc);
629	if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL) != CTL_HA_STATUS_SUCCESS)
630		return (EIO);
631	if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
632		return (EIO);
633	ctl_pool_free(softc->othersc_pool);
634	while ((port = STAILQ_FIRST(&ha_frontend.port_list)) != NULL) {
635		ctl_port_deregister(port);
636		free(port->port_name, M_CTL);
637		free(port, M_CTL);
638	}
639	return (0);
640};
641
642static void
643ctl_ha_datamove(union ctl_io *io)
644{
645	struct ctl_lun *lun = CTL_LUN(io);
646	struct ctl_sg_entry *sgl;
647	union ctl_ha_msg msg;
648	uint32_t sg_entries_sent;
649	int do_sg_copy, i, j;
650
651	memset(&msg.dt, 0, sizeof(msg.dt));
652	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
653	msg.hdr.original_sc = io->io_hdr.remote_io;
654	msg.hdr.serializing_sc = io;
655	msg.hdr.nexus = io->io_hdr.nexus;
656	msg.hdr.status = io->io_hdr.status;
657	msg.dt.flags = io->io_hdr.flags;
658
659	/*
660	 * We convert everything into a S/G list here.  We can't
661	 * pass by reference, only by value between controllers.
662	 * So we can't pass a pointer to the S/G list, only as many
663	 * S/G entries as we can fit in here.  If it's possible for
664	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
665	 * then we need to break this up into multiple transfers.
666	 */
667	if (io->scsiio.kern_sg_entries == 0) {
668		msg.dt.kern_sg_entries = 1;
669#if 0
670		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
671			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
672		} else {
673			/* XXX KDM use busdma here! */
674			msg.dt.sg_list[0].addr =
675			    (void *)vtophys(io->scsiio.kern_data_ptr);
676		}
677#else
678		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
679		    ("HA does not support BUS_ADDR"));
680		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
681#endif
682		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
683		do_sg_copy = 0;
684	} else {
685		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
686		do_sg_copy = 1;
687	}
688
689	msg.dt.kern_data_len = io->scsiio.kern_data_len;
690	msg.dt.kern_total_len = io->scsiio.kern_total_len;
691	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
692	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
693	msg.dt.sg_sequence = 0;
694
695	/*
696	 * Loop until we've sent all of the S/G entries.  On the
697	 * other end, we'll recompose these S/G entries into one
698	 * contiguous list before processing.
699	 */
700	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
701	    msg.dt.sg_sequence++) {
702		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
703		    sizeof(msg.dt.sg_list[0])),
704		    msg.dt.kern_sg_entries - sg_entries_sent);
705		if (do_sg_copy != 0) {
706			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
707			for (i = sg_entries_sent, j = 0;
708			     i < msg.dt.cur_sg_entries; i++, j++) {
709#if 0
710				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
711					msg.dt.sg_list[j].addr = sgl[i].addr;
712				} else {
713					/* XXX KDM use busdma here! */
714					msg.dt.sg_list[j].addr =
715					    (void *)vtophys(sgl[i].addr);
716				}
717#else
718				KASSERT((io->io_hdr.flags &
719				    CTL_FLAG_BUS_ADDR) == 0,
720				    ("HA does not support BUS_ADDR"));
721				msg.dt.sg_list[j].addr = sgl[i].addr;
722#endif
723				msg.dt.sg_list[j].len = sgl[i].len;
724			}
725		}
726
727		sg_entries_sent += msg.dt.cur_sg_entries;
728		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
729		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
730		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
731		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
732		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
733			io->io_hdr.port_status = 31341;
734			io->scsiio.be_move_done(io);
735			return;
736		}
737		msg.dt.sent_sg_entries = sg_entries_sent;
738	}
739
740	/*
741	 * Officially handover the request from us to peer.
742	 * If failover has just happened, then we must return error.
743	 * If failover happen just after, then it is not our problem.
744	 */
745	if (lun)
746		mtx_lock(&lun->lun_lock);
747	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
748		if (lun)
749			mtx_unlock(&lun->lun_lock);
750		io->io_hdr.port_status = 31342;
751		io->scsiio.be_move_done(io);
752		return;
753	}
754	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
755	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
756	if (lun)
757		mtx_unlock(&lun->lun_lock);
758}
759
760static void
761ctl_ha_done(union ctl_io *io)
762{
763	union ctl_ha_msg msg;
764
765	if (io->io_hdr.io_type == CTL_IO_SCSI) {
766		memset(&msg, 0, sizeof(msg));
767		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
768		msg.hdr.original_sc = io->io_hdr.remote_io;
769		msg.hdr.nexus = io->io_hdr.nexus;
770		msg.hdr.status = io->io_hdr.status;
771		msg.scsi.scsi_status = io->scsiio.scsi_status;
772		msg.scsi.tag_num = io->scsiio.tag_num;
773		msg.scsi.tag_type = io->scsiio.tag_type;
774		msg.scsi.sense_len = io->scsiio.sense_len;
775		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
776		    io->scsiio.sense_len);
777		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
778		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
779		    msg.scsi.sense_len, M_WAITOK);
780	}
781	ctl_free_io(io);
782}
783
784static void
785ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
786			    union ctl_ha_msg *msg_info)
787{
788	struct ctl_scsiio *ctsio;
789
790	if (msg_info->hdr.original_sc == NULL) {
791		printf("%s: original_sc == NULL!\n", __func__);
792		/* XXX KDM now what? */
793		return;
794	}
795
796	ctsio = &msg_info->hdr.original_sc->scsiio;
797	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
798	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
799	ctsio->io_hdr.status = msg_info->hdr.status;
800	ctsio->scsi_status = msg_info->scsi.scsi_status;
801	ctsio->sense_len = msg_info->scsi.sense_len;
802	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
803	       msg_info->scsi.sense_len);
804	ctl_enqueue_isc((union ctl_io *)ctsio);
805}
806
807static void
808ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
809				union ctl_ha_msg *msg_info)
810{
811	struct ctl_scsiio *ctsio;
812
813	if (msg_info->hdr.serializing_sc == NULL) {
814		printf("%s: serializing_sc == NULL!\n", __func__);
815		/* XXX KDM now what? */
816		return;
817	}
818
819	ctsio = &msg_info->hdr.serializing_sc->scsiio;
820	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
821	ctl_enqueue_isc((union ctl_io *)ctsio);
822}
823
824void
825ctl_isc_announce_lun(struct ctl_lun *lun)
826{
827	struct ctl_softc *softc = lun->ctl_softc;
828	union ctl_ha_msg *msg;
829	struct ctl_ha_msg_lun_pr_key pr_key;
830	int i, k;
831
832	if (softc->ha_link != CTL_HA_LINK_ONLINE)
833		return;
834	mtx_lock(&lun->lun_lock);
835	i = sizeof(msg->lun);
836	if (lun->lun_devid)
837		i += lun->lun_devid->len;
838	i += sizeof(pr_key) * lun->pr_key_count;
839alloc:
840	mtx_unlock(&lun->lun_lock);
841	msg = malloc(i, M_CTL, M_WAITOK);
842	mtx_lock(&lun->lun_lock);
843	k = sizeof(msg->lun);
844	if (lun->lun_devid)
845		k += lun->lun_devid->len;
846	k += sizeof(pr_key) * lun->pr_key_count;
847	if (i < k) {
848		free(msg, M_CTL);
849		i = k;
850		goto alloc;
851	}
852	bzero(&msg->lun, sizeof(msg->lun));
853	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
854	msg->hdr.nexus.targ_lun = lun->lun;
855	msg->hdr.nexus.targ_mapped_lun = lun->lun;
856	msg->lun.flags = lun->flags;
857	msg->lun.pr_generation = lun->pr_generation;
858	msg->lun.pr_res_idx = lun->pr_res_idx;
859	msg->lun.pr_res_type = lun->pr_res_type;
860	msg->lun.pr_key_count = lun->pr_key_count;
861	i = 0;
862	if (lun->lun_devid) {
863		msg->lun.lun_devid_len = lun->lun_devid->len;
864		memcpy(&msg->lun.data[i], lun->lun_devid->data,
865		    msg->lun.lun_devid_len);
866		i += msg->lun.lun_devid_len;
867	}
868	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
869		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
870			continue;
871		pr_key.pr_iid = k;
872		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
873		i += sizeof(pr_key);
874	}
875	mtx_unlock(&lun->lun_lock);
876	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
877	    M_WAITOK);
878	free(msg, M_CTL);
879
880	if (lun->flags & CTL_LUN_PRIMARY_SC) {
881		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
882			ctl_isc_announce_mode(lun, -1,
883			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
884			    lun->mode_pages.index[i].subpage);
885		}
886	}
887}
888
889void
890ctl_isc_announce_port(struct ctl_port *port)
891{
892	struct ctl_softc *softc = port->ctl_softc;
893	union ctl_ha_msg *msg;
894	int i;
895
896	if (port->targ_port < softc->port_min ||
897	    port->targ_port >= softc->port_max ||
898	    softc->ha_link != CTL_HA_LINK_ONLINE)
899		return;
900	i = sizeof(msg->port) + strlen(port->port_name) + 1;
901	if (port->lun_map)
902		i += port->lun_map_size * sizeof(uint32_t);
903	if (port->port_devid)
904		i += port->port_devid->len;
905	if (port->target_devid)
906		i += port->target_devid->len;
907	if (port->init_devid)
908		i += port->init_devid->len;
909	msg = malloc(i, M_CTL, M_WAITOK);
910	bzero(&msg->port, sizeof(msg->port));
911	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
912	msg->hdr.nexus.targ_port = port->targ_port;
913	msg->port.port_type = port->port_type;
914	msg->port.physical_port = port->physical_port;
915	msg->port.virtual_port = port->virtual_port;
916	msg->port.status = port->status;
917	i = 0;
918	msg->port.name_len = sprintf(&msg->port.data[i],
919	    "%d:%s", softc->ha_id, port->port_name) + 1;
920	i += msg->port.name_len;
921	if (port->lun_map) {
922		msg->port.lun_map_len = port->lun_map_size * sizeof(uint32_t);
923		memcpy(&msg->port.data[i], port->lun_map,
924		    msg->port.lun_map_len);
925		i += msg->port.lun_map_len;
926	}
927	if (port->port_devid) {
928		msg->port.port_devid_len = port->port_devid->len;
929		memcpy(&msg->port.data[i], port->port_devid->data,
930		    msg->port.port_devid_len);
931		i += msg->port.port_devid_len;
932	}
933	if (port->target_devid) {
934		msg->port.target_devid_len = port->target_devid->len;
935		memcpy(&msg->port.data[i], port->target_devid->data,
936		    msg->port.target_devid_len);
937		i += msg->port.target_devid_len;
938	}
939	if (port->init_devid) {
940		msg->port.init_devid_len = port->init_devid->len;
941		memcpy(&msg->port.data[i], port->init_devid->data,
942		    msg->port.init_devid_len);
943		i += msg->port.init_devid_len;
944	}
945	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
946	    M_WAITOK);
947	free(msg, M_CTL);
948}
949
950void
951ctl_isc_announce_iid(struct ctl_port *port, int iid)
952{
953	struct ctl_softc *softc = port->ctl_softc;
954	union ctl_ha_msg *msg;
955	int i, l;
956
957	if (port->targ_port < softc->port_min ||
958	    port->targ_port >= softc->port_max ||
959	    softc->ha_link != CTL_HA_LINK_ONLINE)
960		return;
961	mtx_lock(&softc->ctl_lock);
962	i = sizeof(msg->iid);
963	l = 0;
964	if (port->wwpn_iid[iid].name)
965		l = strlen(port->wwpn_iid[iid].name) + 1;
966	i += l;
967	msg = malloc(i, M_CTL, M_NOWAIT);
968	if (msg == NULL) {
969		mtx_unlock(&softc->ctl_lock);
970		return;
971	}
972	bzero(&msg->iid, sizeof(msg->iid));
973	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
974	msg->hdr.nexus.targ_port = port->targ_port;
975	msg->hdr.nexus.initid = iid;
976	msg->iid.in_use = port->wwpn_iid[iid].in_use;
977	msg->iid.name_len = l;
978	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
979	if (port->wwpn_iid[iid].name)
980		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
981	mtx_unlock(&softc->ctl_lock);
982	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
983	free(msg, M_CTL);
984}
985
986void
987ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
988    uint8_t page, uint8_t subpage)
989{
990	struct ctl_softc *softc = lun->ctl_softc;
991	union ctl_ha_msg msg;
992	u_int i;
993
994	if (softc->ha_link != CTL_HA_LINK_ONLINE)
995		return;
996	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
997		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
998		    page && lun->mode_pages.index[i].subpage == subpage)
999			break;
1000	}
1001	if (i == CTL_NUM_MODE_PAGES)
1002		return;
1003
1004	/* Don't try to replicate pages not present on this device. */
1005	if (lun->mode_pages.index[i].page_data == NULL)
1006		return;
1007
1008	bzero(&msg.mode, sizeof(msg.mode));
1009	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
1010	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
1011	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
1012	msg.hdr.nexus.targ_lun = lun->lun;
1013	msg.hdr.nexus.targ_mapped_lun = lun->lun;
1014	msg.mode.page_code = page;
1015	msg.mode.subpage = subpage;
1016	msg.mode.page_len = lun->mode_pages.index[i].page_len;
1017	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
1018	    msg.mode.page_len);
1019	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
1020	    M_WAITOK);
1021}
1022
1023static void
1024ctl_isc_ha_link_up(struct ctl_softc *softc)
1025{
1026	struct ctl_port *port;
1027	struct ctl_lun *lun;
1028	union ctl_ha_msg msg;
1029	int i;
1030
1031	/* Announce this node parameters to peer for validation. */
1032	msg.login.msg_type = CTL_MSG_LOGIN;
1033	msg.login.version = CTL_HA_VERSION;
1034	msg.login.ha_mode = softc->ha_mode;
1035	msg.login.ha_id = softc->ha_id;
1036	msg.login.max_luns = ctl_max_luns;
1037	msg.login.max_ports = ctl_max_ports;
1038	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
1039	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
1040	    M_WAITOK);
1041
1042	STAILQ_FOREACH(port, &softc->port_list, links) {
1043		ctl_isc_announce_port(port);
1044		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1045			if (port->wwpn_iid[i].in_use)
1046				ctl_isc_announce_iid(port, i);
1047		}
1048	}
1049	STAILQ_FOREACH(lun, &softc->lun_list, links)
1050		ctl_isc_announce_lun(lun);
1051}
1052
1053static void
1054ctl_isc_ha_link_down(struct ctl_softc *softc)
1055{
1056	struct ctl_port *port;
1057	struct ctl_lun *lun;
1058	union ctl_io *io;
1059	int i;
1060
1061	mtx_lock(&softc->ctl_lock);
1062	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1063		mtx_lock(&lun->lun_lock);
1064		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
1065			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1066			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1067		}
1068		mtx_unlock(&lun->lun_lock);
1069
1070		mtx_unlock(&softc->ctl_lock);
1071		io = ctl_alloc_io(softc->othersc_pool);
1072		mtx_lock(&softc->ctl_lock);
1073		ctl_zero_io(io);
1074		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
1075		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
1076		ctl_enqueue_isc(io);
1077	}
1078
1079	STAILQ_FOREACH(port, &softc->port_list, links) {
1080		if (port->targ_port >= softc->port_min &&
1081		    port->targ_port < softc->port_max)
1082			continue;
1083		port->status &= ~CTL_PORT_STATUS_ONLINE;
1084		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1085			port->wwpn_iid[i].in_use = 0;
1086			free(port->wwpn_iid[i].name, M_CTL);
1087			port->wwpn_iid[i].name = NULL;
1088		}
1089	}
1090	mtx_unlock(&softc->ctl_lock);
1091}
1092
1093static void
1094ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1095{
1096	struct ctl_lun *lun;
1097	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
1098
1099	mtx_lock(&softc->ctl_lock);
1100	if (msg->hdr.nexus.targ_mapped_lun >= ctl_max_luns ||
1101	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) == NULL) {
1102		mtx_unlock(&softc->ctl_lock);
1103		return;
1104	}
1105	mtx_lock(&lun->lun_lock);
1106	mtx_unlock(&softc->ctl_lock);
1107	if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES && msg->ua.ua_set)
1108		memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
1109	if (msg->ua.ua_all) {
1110		if (msg->ua.ua_set)
1111			ctl_est_ua_all(lun, iid, msg->ua.ua_type);
1112		else
1113			ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
1114	} else {
1115		if (msg->ua.ua_set)
1116			ctl_est_ua(lun, iid, msg->ua.ua_type);
1117		else
1118			ctl_clr_ua(lun, iid, msg->ua.ua_type);
1119	}
1120	mtx_unlock(&lun->lun_lock);
1121}
1122
1123static void
1124ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1125{
1126	struct ctl_lun *lun;
1127	struct ctl_ha_msg_lun_pr_key pr_key;
1128	int i, k;
1129	ctl_lun_flags oflags;
1130	uint32_t targ_lun;
1131
1132	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1133	mtx_lock(&softc->ctl_lock);
1134	if (targ_lun >= ctl_max_luns ||
1135	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
1136		mtx_unlock(&softc->ctl_lock);
1137		return;
1138	}
1139	mtx_lock(&lun->lun_lock);
1140	mtx_unlock(&softc->ctl_lock);
1141	if (lun->flags & CTL_LUN_DISABLED) {
1142		mtx_unlock(&lun->lun_lock);
1143		return;
1144	}
1145	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1146	if (msg->lun.lun_devid_len != i || (i > 0 &&
1147	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1148		mtx_unlock(&lun->lun_lock);
1149		printf("%s: Received conflicting HA LUN %d\n",
1150		    __func__, targ_lun);
1151		return;
1152	} else {
1153		/* Record whether peer is primary. */
1154		oflags = lun->flags;
1155		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1156		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1157			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1158		else
1159			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1160		if (oflags != lun->flags)
1161			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1162
1163		/* If peer is primary and we are not -- use data */
1164		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1165		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1166			lun->pr_generation = msg->lun.pr_generation;
1167			lun->pr_res_idx = msg->lun.pr_res_idx;
1168			lun->pr_res_type = msg->lun.pr_res_type;
1169			lun->pr_key_count = msg->lun.pr_key_count;
1170			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1171				ctl_clr_prkey(lun, k);
1172			for (k = 0; k < msg->lun.pr_key_count; k++) {
1173				memcpy(&pr_key, &msg->lun.data[i],
1174				    sizeof(pr_key));
1175				ctl_alloc_prkey(lun, pr_key.pr_iid);
1176				ctl_set_prkey(lun, pr_key.pr_iid,
1177				    pr_key.pr_key);
1178				i += sizeof(pr_key);
1179			}
1180		}
1181
1182		mtx_unlock(&lun->lun_lock);
1183		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1184		    __func__, targ_lun,
1185		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1186		    "primary" : "secondary"));
1187
1188		/* If we are primary but peer doesn't know -- notify */
1189		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1190		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1191			ctl_isc_announce_lun(lun);
1192	}
1193}
1194
1195static void
1196ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1197{
1198	struct ctl_port *port;
1199	struct ctl_lun *lun;
1200	int i, new;
1201
1202	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1203	if (port == NULL) {
1204		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1205		    msg->hdr.nexus.targ_port));
1206		new = 1;
1207		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1208		port->frontend = &ha_frontend;
1209		port->targ_port = msg->hdr.nexus.targ_port;
1210		port->fe_datamove = ctl_ha_datamove;
1211		port->fe_done = ctl_ha_done;
1212	} else if (port->frontend == &ha_frontend) {
1213		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1214		    msg->hdr.nexus.targ_port));
1215		new = 0;
1216	} else {
1217		printf("%s: Received conflicting HA port %d\n",
1218		    __func__, msg->hdr.nexus.targ_port);
1219		return;
1220	}
1221	port->port_type = msg->port.port_type;
1222	port->physical_port = msg->port.physical_port;
1223	port->virtual_port = msg->port.virtual_port;
1224	port->status = msg->port.status;
1225	i = 0;
1226	free(port->port_name, M_CTL);
1227	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1228	    M_CTL);
1229	i += msg->port.name_len;
1230	if (msg->port.lun_map_len != 0) {
1231		if (port->lun_map == NULL ||
1232		    port->lun_map_size * sizeof(uint32_t) <
1233		    msg->port.lun_map_len) {
1234			port->lun_map_size = 0;
1235			free(port->lun_map, M_CTL);
1236			port->lun_map = malloc(msg->port.lun_map_len,
1237			    M_CTL, M_WAITOK);
1238		}
1239		memcpy(port->lun_map, &msg->port.data[i], msg->port.lun_map_len);
1240		port->lun_map_size = msg->port.lun_map_len / sizeof(uint32_t);
1241		i += msg->port.lun_map_len;
1242	} else {
1243		port->lun_map_size = 0;
1244		free(port->lun_map, M_CTL);
1245		port->lun_map = NULL;
1246	}
1247	if (msg->port.port_devid_len != 0) {
1248		if (port->port_devid == NULL ||
1249		    port->port_devid->len < msg->port.port_devid_len) {
1250			free(port->port_devid, M_CTL);
1251			port->port_devid = malloc(sizeof(struct ctl_devid) +
1252			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1253		}
1254		memcpy(port->port_devid->data, &msg->port.data[i],
1255		    msg->port.port_devid_len);
1256		port->port_devid->len = msg->port.port_devid_len;
1257		i += msg->port.port_devid_len;
1258	} else {
1259		free(port->port_devid, M_CTL);
1260		port->port_devid = NULL;
1261	}
1262	if (msg->port.target_devid_len != 0) {
1263		if (port->target_devid == NULL ||
1264		    port->target_devid->len < msg->port.target_devid_len) {
1265			free(port->target_devid, M_CTL);
1266			port->target_devid = malloc(sizeof(struct ctl_devid) +
1267			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1268		}
1269		memcpy(port->target_devid->data, &msg->port.data[i],
1270		    msg->port.target_devid_len);
1271		port->target_devid->len = msg->port.target_devid_len;
1272		i += msg->port.target_devid_len;
1273	} else {
1274		free(port->target_devid, M_CTL);
1275		port->target_devid = NULL;
1276	}
1277	if (msg->port.init_devid_len != 0) {
1278		if (port->init_devid == NULL ||
1279		    port->init_devid->len < msg->port.init_devid_len) {
1280			free(port->init_devid, M_CTL);
1281			port->init_devid = malloc(sizeof(struct ctl_devid) +
1282			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1283		}
1284		memcpy(port->init_devid->data, &msg->port.data[i],
1285		    msg->port.init_devid_len);
1286		port->init_devid->len = msg->port.init_devid_len;
1287		i += msg->port.init_devid_len;
1288	} else {
1289		free(port->init_devid, M_CTL);
1290		port->init_devid = NULL;
1291	}
1292	if (new) {
1293		if (ctl_port_register(port) != 0) {
1294			printf("%s: ctl_port_register() failed with error\n",
1295			    __func__);
1296		}
1297	}
1298	mtx_lock(&softc->ctl_lock);
1299	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1300		if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
1301			continue;
1302		mtx_lock(&lun->lun_lock);
1303		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1304		mtx_unlock(&lun->lun_lock);
1305	}
1306	mtx_unlock(&softc->ctl_lock);
1307}
1308
1309static void
1310ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1311{
1312	struct ctl_port *port;
1313	int iid;
1314
1315	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1316	if (port == NULL) {
1317		printf("%s: Received IID for unknown port %d\n",
1318		    __func__, msg->hdr.nexus.targ_port);
1319		return;
1320	}
1321	iid = msg->hdr.nexus.initid;
1322	if (port->wwpn_iid[iid].in_use != 0 &&
1323	    msg->iid.in_use == 0)
1324		ctl_i_t_nexus_loss(softc, iid, CTL_UA_POWERON);
1325	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1326	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1327	free(port->wwpn_iid[iid].name, M_CTL);
1328	if (msg->iid.name_len) {
1329		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1330		    msg->iid.name_len, M_CTL);
1331	} else
1332		port->wwpn_iid[iid].name = NULL;
1333}
1334
1335static void
1336ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1337{
1338
1339	if (msg->login.version != CTL_HA_VERSION) {
1340		printf("CTL HA peers have different versions %d != %d\n",
1341		    msg->login.version, CTL_HA_VERSION);
1342		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1343		return;
1344	}
1345	if (msg->login.ha_mode != softc->ha_mode) {
1346		printf("CTL HA peers have different ha_mode %d != %d\n",
1347		    msg->login.ha_mode, softc->ha_mode);
1348		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1349		return;
1350	}
1351	if (msg->login.ha_id == softc->ha_id) {
1352		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1353		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1354		return;
1355	}
1356	if (msg->login.max_luns != ctl_max_luns ||
1357	    msg->login.max_ports != ctl_max_ports ||
1358	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1359		printf("CTL HA peers have different limits\n");
1360		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1361		return;
1362	}
1363}
1364
1365static void
1366ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1367{
1368	struct ctl_lun *lun;
1369	u_int i;
1370	uint32_t initidx, targ_lun;
1371
1372	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1373	mtx_lock(&softc->ctl_lock);
1374	if (targ_lun >= ctl_max_luns ||
1375	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
1376		mtx_unlock(&softc->ctl_lock);
1377		return;
1378	}
1379	mtx_lock(&lun->lun_lock);
1380	mtx_unlock(&softc->ctl_lock);
1381	if (lun->flags & CTL_LUN_DISABLED) {
1382		mtx_unlock(&lun->lun_lock);
1383		return;
1384	}
1385	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1386		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1387		    msg->mode.page_code &&
1388		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1389			break;
1390	}
1391	if (i == CTL_NUM_MODE_PAGES) {
1392		mtx_unlock(&lun->lun_lock);
1393		return;
1394	}
1395	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1396	    lun->mode_pages.index[i].page_len);
1397	initidx = ctl_get_initindex(&msg->hdr.nexus);
1398	if (initidx != -1)
1399		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1400	mtx_unlock(&lun->lun_lock);
1401}
1402
1403/*
1404 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1405 * subsystem come in here.
1406 */
1407static void
1408ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1409{
1410	struct ctl_softc *softc = control_softc;
1411	union ctl_io *io;
1412	struct ctl_prio *presio;
1413	ctl_ha_status isc_status;
1414
1415	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1416	if (event == CTL_HA_EVT_MSG_RECV) {
1417		union ctl_ha_msg *msg, msgbuf;
1418
1419		if (param > sizeof(msgbuf))
1420			msg = malloc(param, M_CTL, M_WAITOK);
1421		else
1422			msg = &msgbuf;
1423		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1424		    M_WAITOK);
1425		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1426			printf("%s: Error receiving message: %d\n",
1427			    __func__, isc_status);
1428			if (msg != &msgbuf)
1429				free(msg, M_CTL);
1430			return;
1431		}
1432
1433		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1434		switch (msg->hdr.msg_type) {
1435		case CTL_MSG_SERIALIZE:
1436			io = ctl_alloc_io(softc->othersc_pool);
1437			ctl_zero_io(io);
1438			// populate ctsio from msg
1439			io->io_hdr.io_type = CTL_IO_SCSI;
1440			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1441			io->io_hdr.remote_io = msg->hdr.original_sc;
1442			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1443					    CTL_FLAG_IO_ACTIVE;
1444			/*
1445			 * If we're in serialization-only mode, we don't
1446			 * want to go through full done processing.  Thus
1447			 * the COPY flag.
1448			 *
1449			 * XXX KDM add another flag that is more specific.
1450			 */
1451			if (softc->ha_mode != CTL_HA_MODE_XFER)
1452				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1453			io->io_hdr.nexus = msg->hdr.nexus;
1454			io->scsiio.tag_num = msg->scsi.tag_num;
1455			io->scsiio.tag_type = msg->scsi.tag_type;
1456#ifdef CTL_TIME_IO
1457			io->io_hdr.start_time = time_uptime;
1458			getbinuptime(&io->io_hdr.start_bt);
1459#endif /* CTL_TIME_IO */
1460			io->scsiio.cdb_len = msg->scsi.cdb_len;
1461			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1462			       CTL_MAX_CDBLEN);
1463			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1464				const struct ctl_cmd_entry *entry;
1465
1466				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1467				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1468				io->io_hdr.flags |=
1469					entry->flags & CTL_FLAG_DATA_MASK;
1470			}
1471			ctl_enqueue_isc(io);
1472			break;
1473
1474		/* Performed on the Originating SC, XFER mode only */
1475		case CTL_MSG_DATAMOVE: {
1476			struct ctl_sg_entry *sgl;
1477			int i, j;
1478
1479			io = msg->hdr.original_sc;
1480			if (io == NULL) {
1481				printf("%s: original_sc == NULL!\n", __func__);
1482				/* XXX KDM do something here */
1483				break;
1484			}
1485			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1486			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1487			/*
1488			 * Keep track of this, we need to send it back over
1489			 * when the datamove is complete.
1490			 */
1491			io->io_hdr.remote_io = msg->hdr.serializing_sc;
1492			if (msg->hdr.status == CTL_SUCCESS)
1493				io->io_hdr.status = msg->hdr.status;
1494
1495			if (msg->dt.sg_sequence == 0) {
1496#ifdef CTL_TIME_IO
1497				getbinuptime(&io->io_hdr.dma_start_bt);
1498#endif
1499				i = msg->dt.kern_sg_entries +
1500				    msg->dt.kern_data_len /
1501				    CTL_HA_DATAMOVE_SEGMENT + 1;
1502				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1503				    M_WAITOK | M_ZERO);
1504				CTL_RSGL(io) = sgl;
1505				CTL_LSGL(io) = &sgl[msg->dt.kern_sg_entries];
1506
1507				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1508
1509				io->scsiio.kern_sg_entries =
1510					msg->dt.kern_sg_entries;
1511				io->scsiio.rem_sg_entries =
1512					msg->dt.kern_sg_entries;
1513				io->scsiio.kern_data_len =
1514					msg->dt.kern_data_len;
1515				io->scsiio.kern_total_len =
1516					msg->dt.kern_total_len;
1517				io->scsiio.kern_data_resid =
1518					msg->dt.kern_data_resid;
1519				io->scsiio.kern_rel_offset =
1520					msg->dt.kern_rel_offset;
1521				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1522				io->io_hdr.flags |= msg->dt.flags &
1523				    CTL_FLAG_BUS_ADDR;
1524			} else
1525				sgl = (struct ctl_sg_entry *)
1526					io->scsiio.kern_data_ptr;
1527
1528			for (i = msg->dt.sent_sg_entries, j = 0;
1529			     i < (msg->dt.sent_sg_entries +
1530			     msg->dt.cur_sg_entries); i++, j++) {
1531				sgl[i].addr = msg->dt.sg_list[j].addr;
1532				sgl[i].len = msg->dt.sg_list[j].len;
1533			}
1534
1535			/*
1536			 * If this is the last piece of the I/O, we've got
1537			 * the full S/G list.  Queue processing in the thread.
1538			 * Otherwise wait for the next piece.
1539			 */
1540			if (msg->dt.sg_last != 0)
1541				ctl_enqueue_isc(io);
1542			break;
1543		}
1544		/* Performed on the Serializing (primary) SC, XFER mode only */
1545		case CTL_MSG_DATAMOVE_DONE: {
1546			if (msg->hdr.serializing_sc == NULL) {
1547				printf("%s: serializing_sc == NULL!\n",
1548				       __func__);
1549				/* XXX KDM now what? */
1550				break;
1551			}
1552			/*
1553			 * We grab the sense information here in case
1554			 * there was a failure, so we can return status
1555			 * back to the initiator.
1556			 */
1557			io = msg->hdr.serializing_sc;
1558			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1559			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1560			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1561			io->io_hdr.port_status = msg->scsi.port_status;
1562			io->scsiio.kern_data_resid = msg->scsi.kern_data_resid;
1563			if (msg->hdr.status != CTL_STATUS_NONE) {
1564				io->io_hdr.status = msg->hdr.status;
1565				io->scsiio.scsi_status = msg->scsi.scsi_status;
1566				io->scsiio.sense_len = msg->scsi.sense_len;
1567				memcpy(&io->scsiio.sense_data,
1568				    &msg->scsi.sense_data,
1569				    msg->scsi.sense_len);
1570				if (msg->hdr.status == CTL_SUCCESS)
1571					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1572			}
1573			ctl_enqueue_isc(io);
1574			break;
1575		}
1576
1577		/* Preformed on Originating SC, SER_ONLY mode */
1578		case CTL_MSG_R2R:
1579			io = msg->hdr.original_sc;
1580			if (io == NULL) {
1581				printf("%s: original_sc == NULL!\n",
1582				    __func__);
1583				break;
1584			}
1585			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1586			io->io_hdr.msg_type = CTL_MSG_R2R;
1587			io->io_hdr.remote_io = msg->hdr.serializing_sc;
1588			ctl_enqueue_isc(io);
1589			break;
1590
1591		/*
1592		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1593		 * mode.
1594		 * Performed on the Originating (i.e. secondary) SC in XFER
1595		 * mode
1596		 */
1597		case CTL_MSG_FINISH_IO:
1598			if (softc->ha_mode == CTL_HA_MODE_XFER)
1599				ctl_isc_handler_finish_xfer(softc, msg);
1600			else
1601				ctl_isc_handler_finish_ser_only(softc, msg);
1602			break;
1603
1604		/* Preformed on Originating SC */
1605		case CTL_MSG_BAD_JUJU:
1606			io = msg->hdr.original_sc;
1607			if (io == NULL) {
1608				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1609				       __func__);
1610				break;
1611			}
1612			ctl_copy_sense_data(msg, io);
1613			/*
1614			 * IO should have already been cleaned up on other
1615			 * SC so clear this flag so we won't send a message
1616			 * back to finish the IO there.
1617			 */
1618			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1619			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1620
1621			/* io = msg->hdr.serializing_sc; */
1622			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1623			ctl_enqueue_isc(io);
1624			break;
1625
1626		/* Handle resets sent from the other side */
1627		case CTL_MSG_MANAGE_TASKS: {
1628			struct ctl_taskio *taskio;
1629			taskio = (struct ctl_taskio *)ctl_alloc_io(
1630			    softc->othersc_pool);
1631			ctl_zero_io((union ctl_io *)taskio);
1632			taskio->io_hdr.io_type = CTL_IO_TASK;
1633			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1634			taskio->io_hdr.nexus = msg->hdr.nexus;
1635			taskio->task_action = msg->task.task_action;
1636			taskio->tag_num = msg->task.tag_num;
1637			taskio->tag_type = msg->task.tag_type;
1638#ifdef CTL_TIME_IO
1639			taskio->io_hdr.start_time = time_uptime;
1640			getbinuptime(&taskio->io_hdr.start_bt);
1641#endif /* CTL_TIME_IO */
1642			ctl_run_task((union ctl_io *)taskio);
1643			break;
1644		}
1645		/* Persistent Reserve action which needs attention */
1646		case CTL_MSG_PERS_ACTION:
1647			presio = (struct ctl_prio *)ctl_alloc_io(
1648			    softc->othersc_pool);
1649			ctl_zero_io((union ctl_io *)presio);
1650			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1651			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1652			presio->io_hdr.nexus = msg->hdr.nexus;
1653			presio->pr_msg = msg->pr;
1654			ctl_enqueue_isc((union ctl_io *)presio);
1655			break;
1656		case CTL_MSG_UA:
1657			ctl_isc_ua(softc, msg, param);
1658			break;
1659		case CTL_MSG_PORT_SYNC:
1660			ctl_isc_port_sync(softc, msg, param);
1661			break;
1662		case CTL_MSG_LUN_SYNC:
1663			ctl_isc_lun_sync(softc, msg, param);
1664			break;
1665		case CTL_MSG_IID_SYNC:
1666			ctl_isc_iid_sync(softc, msg, param);
1667			break;
1668		case CTL_MSG_LOGIN:
1669			ctl_isc_login(softc, msg, param);
1670			break;
1671		case CTL_MSG_MODE_SYNC:
1672			ctl_isc_mode_sync(softc, msg, param);
1673			break;
1674		default:
1675			printf("Received HA message of unknown type %d\n",
1676			    msg->hdr.msg_type);
1677			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1678			break;
1679		}
1680		if (msg != &msgbuf)
1681			free(msg, M_CTL);
1682	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1683		printf("CTL: HA link status changed from %d to %d\n",
1684		    softc->ha_link, param);
1685		if (param == softc->ha_link)
1686			return;
1687		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1688			softc->ha_link = param;
1689			ctl_isc_ha_link_down(softc);
1690		} else {
1691			softc->ha_link = param;
1692			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1693				ctl_isc_ha_link_up(softc);
1694		}
1695		return;
1696	} else {
1697		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1698		return;
1699	}
1700}
1701
1702static void
1703ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1704{
1705
1706	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1707	    src->scsi.sense_len);
1708	dest->scsiio.scsi_status = src->scsi.scsi_status;
1709	dest->scsiio.sense_len = src->scsi.sense_len;
1710	dest->io_hdr.status = src->hdr.status;
1711}
1712
1713static void
1714ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1715{
1716
1717	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1718	    src->scsiio.sense_len);
1719	dest->scsi.scsi_status = src->scsiio.scsi_status;
1720	dest->scsi.sense_len = src->scsiio.sense_len;
1721	dest->hdr.status = src->io_hdr.status;
1722}
1723
1724void
1725ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1726{
1727	struct ctl_softc *softc = lun->ctl_softc;
1728	ctl_ua_type *pu;
1729
1730	if (initidx < softc->init_min || initidx >= softc->init_max)
1731		return;
1732	mtx_assert(&lun->lun_lock, MA_OWNED);
1733	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1734	if (pu == NULL)
1735		return;
1736	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1737}
1738
1739void
1740ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1741{
1742	int i;
1743
1744	mtx_assert(&lun->lun_lock, MA_OWNED);
1745	if (lun->pending_ua[port] == NULL)
1746		return;
1747	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1748		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1749			continue;
1750		lun->pending_ua[port][i] |= ua;
1751	}
1752}
1753
1754void
1755ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1756{
1757	struct ctl_softc *softc = lun->ctl_softc;
1758	int i;
1759
1760	mtx_assert(&lun->lun_lock, MA_OWNED);
1761	for (i = softc->port_min; i < softc->port_max; i++)
1762		ctl_est_ua_port(lun, i, except, ua);
1763}
1764
1765void
1766ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1767{
1768	struct ctl_softc *softc = lun->ctl_softc;
1769	ctl_ua_type *pu;
1770
1771	if (initidx < softc->init_min || initidx >= softc->init_max)
1772		return;
1773	mtx_assert(&lun->lun_lock, MA_OWNED);
1774	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1775	if (pu == NULL)
1776		return;
1777	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1778}
1779
1780void
1781ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1782{
1783	struct ctl_softc *softc = lun->ctl_softc;
1784	int i, j;
1785
1786	mtx_assert(&lun->lun_lock, MA_OWNED);
1787	for (i = softc->port_min; i < softc->port_max; i++) {
1788		if (lun->pending_ua[i] == NULL)
1789			continue;
1790		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1791			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1792				continue;
1793			lun->pending_ua[i][j] &= ~ua;
1794		}
1795	}
1796}
1797
1798void
1799ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1800    ctl_ua_type ua_type)
1801{
1802	struct ctl_lun *lun;
1803
1804	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1805	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1806		mtx_lock(&lun->lun_lock);
1807		ctl_clr_ua(lun, initidx, ua_type);
1808		mtx_unlock(&lun->lun_lock);
1809	}
1810}
1811
1812static int
1813ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1814{
1815	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1816	struct ctl_lun *lun;
1817	struct ctl_lun_req ireq;
1818	int error, value;
1819
1820	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1821	error = sysctl_handle_int(oidp, &value, 0, req);
1822	if ((error != 0) || (req->newptr == NULL))
1823		return (error);
1824
1825	mtx_lock(&softc->ctl_lock);
1826	if (value == 0)
1827		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1828	else
1829		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1830	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1831		mtx_unlock(&softc->ctl_lock);
1832		bzero(&ireq, sizeof(ireq));
1833		ireq.reqtype = CTL_LUNREQ_MODIFY;
1834		ireq.reqdata.modify.lun_id = lun->lun;
1835		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1836		    curthread);
1837		if (ireq.status != CTL_LUN_OK) {
1838			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1839			    __func__, ireq.status, ireq.error_str);
1840		}
1841		mtx_lock(&softc->ctl_lock);
1842	}
1843	mtx_unlock(&softc->ctl_lock);
1844	return (0);
1845}
1846
1847static int
1848ctl_init(void)
1849{
1850	struct make_dev_args args;
1851	struct ctl_softc *softc;
1852	int i, error;
1853
1854	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1855			       M_WAITOK | M_ZERO);
1856
1857	make_dev_args_init(&args);
1858	args.mda_devsw = &ctl_cdevsw;
1859	args.mda_uid = UID_ROOT;
1860	args.mda_gid = GID_OPERATOR;
1861	args.mda_mode = 0600;
1862	args.mda_si_drv1 = softc;
1863	error = make_dev_s(&args, &softc->dev, "cam/ctl");
1864	if (error != 0) {
1865		free(softc, M_DEVBUF);
1866		control_softc = NULL;
1867		return (error);
1868	}
1869
1870	sysctl_ctx_init(&softc->sysctl_ctx);
1871	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1872		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1873		CTLFLAG_RD, 0, "CAM Target Layer");
1874
1875	if (softc->sysctl_tree == NULL) {
1876		printf("%s: unable to allocate sysctl tree\n", __func__);
1877		destroy_dev(softc->dev);
1878		free(softc, M_DEVBUF);
1879		control_softc = NULL;
1880		return (ENOMEM);
1881	}
1882
1883	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1884	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1885	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1886	softc->flags = 0;
1887
1888	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1889	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1890	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1891
1892	if (ctl_max_luns <= 0 || powerof2(ctl_max_luns) == 0) {
1893		printf("Bad value %d for kern.cam.ctl.max_luns, must be a power of two, using %d\n",
1894		    ctl_max_luns, CTL_DEFAULT_MAX_LUNS);
1895		ctl_max_luns = CTL_DEFAULT_MAX_LUNS;
1896	}
1897	softc->ctl_luns = malloc(sizeof(struct ctl_lun *) * ctl_max_luns,
1898	    M_DEVBUF, M_WAITOK | M_ZERO);
1899	softc->ctl_lun_mask = malloc(sizeof(uint32_t) *
1900	    ((ctl_max_luns + 31) / 32), M_DEVBUF, M_WAITOK | M_ZERO);
1901	if (ctl_max_ports <= 0 || powerof2(ctl_max_ports) == 0) {
1902		printf("Bad value %d for kern.cam.ctl.max_ports, must be a power of two, using %d\n",
1903		    ctl_max_ports, CTL_DEFAULT_MAX_PORTS);
1904		ctl_max_ports = CTL_DEFAULT_MAX_PORTS;
1905	}
1906	softc->ctl_port_mask = malloc(sizeof(uint32_t) *
1907	  ((ctl_max_ports + 31) / 32), M_DEVBUF, M_WAITOK | M_ZERO);
1908	softc->ctl_ports = malloc(sizeof(struct ctl_port *) * ctl_max_ports,
1909	     M_DEVBUF, M_WAITOK | M_ZERO);
1910
1911
1912	/*
1913	 * In Copan's HA scheme, the "master" and "slave" roles are
1914	 * figured out through the slot the controller is in.  Although it
1915	 * is an active/active system, someone has to be in charge.
1916	 */
1917	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1918	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1919	    "HA head ID (0 - no HA)");
1920	if (softc->ha_id == 0 || softc->ha_id > NUM_HA_SHELVES) {
1921		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1922		softc->is_single = 1;
1923		softc->port_cnt = ctl_max_ports;
1924		softc->port_min = 0;
1925	} else {
1926		softc->port_cnt = ctl_max_ports / NUM_HA_SHELVES;
1927		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1928	}
1929	softc->port_max = softc->port_min + softc->port_cnt;
1930	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1931	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1932
1933	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1934	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1935	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1936
1937	STAILQ_INIT(&softc->lun_list);
1938	STAILQ_INIT(&softc->pending_lun_queue);
1939	STAILQ_INIT(&softc->fe_list);
1940	STAILQ_INIT(&softc->port_list);
1941	STAILQ_INIT(&softc->be_list);
1942	ctl_tpc_init(softc);
1943
1944	if (worker_threads <= 0)
1945		worker_threads = max(1, mp_ncpus / 4);
1946	if (worker_threads > CTL_MAX_THREADS)
1947		worker_threads = CTL_MAX_THREADS;
1948
1949	for (i = 0; i < worker_threads; i++) {
1950		struct ctl_thread *thr = &softc->threads[i];
1951
1952		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1953		thr->ctl_softc = softc;
1954		STAILQ_INIT(&thr->incoming_queue);
1955		STAILQ_INIT(&thr->rtr_queue);
1956		STAILQ_INIT(&thr->done_queue);
1957		STAILQ_INIT(&thr->isc_queue);
1958
1959		error = kproc_kthread_add(ctl_work_thread, thr,
1960		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1961		if (error != 0) {
1962			printf("error creating CTL work thread!\n");
1963			return (error);
1964		}
1965	}
1966	error = kproc_kthread_add(ctl_lun_thread, softc,
1967	    &softc->ctl_proc, &softc->lun_thread, 0, 0, "ctl", "lun");
1968	if (error != 0) {
1969		printf("error creating CTL lun thread!\n");
1970		return (error);
1971	}
1972	error = kproc_kthread_add(ctl_thresh_thread, softc,
1973	    &softc->ctl_proc, &softc->thresh_thread, 0, 0, "ctl", "thresh");
1974	if (error != 0) {
1975		printf("error creating CTL threshold thread!\n");
1976		return (error);
1977	}
1978
1979	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1980	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1981	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1982
1983	if (softc->is_single == 0) {
1984		if (ctl_frontend_register(&ha_frontend) != 0)
1985			softc->is_single = 1;
1986	}
1987	return (0);
1988}
1989
1990static int
1991ctl_shutdown(void)
1992{
1993	struct ctl_softc *softc = control_softc;
1994	int i;
1995
1996	if (softc->is_single == 0)
1997		ctl_frontend_deregister(&ha_frontend);
1998
1999	destroy_dev(softc->dev);
2000
2001	/* Shutdown CTL threads. */
2002	softc->shutdown = 1;
2003	for (i = 0; i < worker_threads; i++) {
2004		struct ctl_thread *thr = &softc->threads[i];
2005		while (thr->thread != NULL) {
2006			wakeup(thr);
2007			if (thr->thread != NULL)
2008				pause("CTL thr shutdown", 1);
2009		}
2010		mtx_destroy(&thr->queue_lock);
2011	}
2012	while (softc->lun_thread != NULL) {
2013		wakeup(&softc->pending_lun_queue);
2014		if (softc->lun_thread != NULL)
2015			pause("CTL thr shutdown", 1);
2016	}
2017	while (softc->thresh_thread != NULL) {
2018		wakeup(softc->thresh_thread);
2019		if (softc->thresh_thread != NULL)
2020			pause("CTL thr shutdown", 1);
2021	}
2022
2023	ctl_tpc_shutdown(softc);
2024	uma_zdestroy(softc->io_zone);
2025	mtx_destroy(&softc->ctl_lock);
2026
2027	free(softc->ctl_luns, M_DEVBUF);
2028	free(softc->ctl_lun_mask, M_DEVBUF);
2029	free(softc->ctl_port_mask, M_DEVBUF);
2030	free(softc->ctl_ports, M_DEVBUF);
2031
2032	sysctl_ctx_free(&softc->sysctl_ctx);
2033
2034	free(softc, M_DEVBUF);
2035	control_softc = NULL;
2036	return (0);
2037}
2038
2039static int
2040ctl_module_event_handler(module_t mod, int what, void *arg)
2041{
2042
2043	switch (what) {
2044	case MOD_LOAD:
2045		return (ctl_init());
2046	case MOD_UNLOAD:
2047		return (ctl_shutdown());
2048	default:
2049		return (EOPNOTSUPP);
2050	}
2051}
2052
2053/*
2054 * XXX KDM should we do some access checks here?  Bump a reference count to
2055 * prevent a CTL module from being unloaded while someone has it open?
2056 */
2057static int
2058ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
2059{
2060	return (0);
2061}
2062
2063static int
2064ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
2065{
2066	return (0);
2067}
2068
2069/*
2070 * Remove an initiator by port number and initiator ID.
2071 * Returns 0 for success, -1 for failure.
2072 */
2073int
2074ctl_remove_initiator(struct ctl_port *port, int iid)
2075{
2076	struct ctl_softc *softc = port->ctl_softc;
2077	int last;
2078
2079	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2080
2081	if (iid > CTL_MAX_INIT_PER_PORT) {
2082		printf("%s: initiator ID %u > maximun %u!\n",
2083		       __func__, iid, CTL_MAX_INIT_PER_PORT);
2084		return (-1);
2085	}
2086
2087	mtx_lock(&softc->ctl_lock);
2088	last = (--port->wwpn_iid[iid].in_use == 0);
2089	port->wwpn_iid[iid].last_use = time_uptime;
2090	mtx_unlock(&softc->ctl_lock);
2091	if (last)
2092		ctl_i_t_nexus_loss(softc, iid, CTL_UA_POWERON);
2093	ctl_isc_announce_iid(port, iid);
2094
2095	return (0);
2096}
2097
2098/*
2099 * Add an initiator to the initiator map.
2100 * Returns iid for success, < 0 for failure.
2101 */
2102int
2103ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
2104{
2105	struct ctl_softc *softc = port->ctl_softc;
2106	time_t best_time;
2107	int i, best;
2108
2109	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2110
2111	if (iid >= CTL_MAX_INIT_PER_PORT) {
2112		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
2113		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
2114		free(name, M_CTL);
2115		return (-1);
2116	}
2117
2118	mtx_lock(&softc->ctl_lock);
2119
2120	if (iid < 0 && (wwpn != 0 || name != NULL)) {
2121		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2122			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
2123				iid = i;
2124				break;
2125			}
2126			if (name != NULL && port->wwpn_iid[i].name != NULL &&
2127			    strcmp(name, port->wwpn_iid[i].name) == 0) {
2128				iid = i;
2129				break;
2130			}
2131		}
2132	}
2133
2134	if (iid < 0) {
2135		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2136			if (port->wwpn_iid[i].in_use == 0 &&
2137			    port->wwpn_iid[i].wwpn == 0 &&
2138			    port->wwpn_iid[i].name == NULL) {
2139				iid = i;
2140				break;
2141			}
2142		}
2143	}
2144
2145	if (iid < 0) {
2146		best = -1;
2147		best_time = INT32_MAX;
2148		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2149			if (port->wwpn_iid[i].in_use == 0) {
2150				if (port->wwpn_iid[i].last_use < best_time) {
2151					best = i;
2152					best_time = port->wwpn_iid[i].last_use;
2153				}
2154			}
2155		}
2156		iid = best;
2157	}
2158
2159	if (iid < 0) {
2160		mtx_unlock(&softc->ctl_lock);
2161		free(name, M_CTL);
2162		return (-2);
2163	}
2164
2165	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2166		/*
2167		 * This is not an error yet.
2168		 */
2169		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2170#if 0
2171			printf("%s: port %d iid %u WWPN %#jx arrived"
2172			    " again\n", __func__, port->targ_port,
2173			    iid, (uintmax_t)wwpn);
2174#endif
2175			goto take;
2176		}
2177		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2178		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2179#if 0
2180			printf("%s: port %d iid %u name '%s' arrived"
2181			    " again\n", __func__, port->targ_port,
2182			    iid, name);
2183#endif
2184			goto take;
2185		}
2186
2187		/*
2188		 * This is an error, but what do we do about it?  The
2189		 * driver is telling us we have a new WWPN for this
2190		 * initiator ID, so we pretty much need to use it.
2191		 */
2192		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2193		    " but WWPN %#jx '%s' is still at that address\n",
2194		    __func__, port->targ_port, iid, wwpn, name,
2195		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2196		    port->wwpn_iid[iid].name);
2197	}
2198take:
2199	free(port->wwpn_iid[iid].name, M_CTL);
2200	port->wwpn_iid[iid].name = name;
2201	port->wwpn_iid[iid].wwpn = wwpn;
2202	port->wwpn_iid[iid].in_use++;
2203	mtx_unlock(&softc->ctl_lock);
2204	ctl_isc_announce_iid(port, iid);
2205
2206	return (iid);
2207}
2208
2209static int
2210ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2211{
2212	int len;
2213
2214	switch (port->port_type) {
2215	case CTL_PORT_FC:
2216	{
2217		struct scsi_transportid_fcp *id =
2218		    (struct scsi_transportid_fcp *)buf;
2219		if (port->wwpn_iid[iid].wwpn == 0)
2220			return (0);
2221		memset(id, 0, sizeof(*id));
2222		id->format_protocol = SCSI_PROTO_FC;
2223		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2224		return (sizeof(*id));
2225	}
2226	case CTL_PORT_ISCSI:
2227	{
2228		struct scsi_transportid_iscsi_port *id =
2229		    (struct scsi_transportid_iscsi_port *)buf;
2230		if (port->wwpn_iid[iid].name == NULL)
2231			return (0);
2232		memset(id, 0, 256);
2233		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2234		    SCSI_PROTO_ISCSI;
2235		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2236		len = roundup2(min(len, 252), 4);
2237		scsi_ulto2b(len, id->additional_length);
2238		return (sizeof(*id) + len);
2239	}
2240	case CTL_PORT_SAS:
2241	{
2242		struct scsi_transportid_sas *id =
2243		    (struct scsi_transportid_sas *)buf;
2244		if (port->wwpn_iid[iid].wwpn == 0)
2245			return (0);
2246		memset(id, 0, sizeof(*id));
2247		id->format_protocol = SCSI_PROTO_SAS;
2248		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2249		return (sizeof(*id));
2250	}
2251	default:
2252	{
2253		struct scsi_transportid_spi *id =
2254		    (struct scsi_transportid_spi *)buf;
2255		memset(id, 0, sizeof(*id));
2256		id->format_protocol = SCSI_PROTO_SPI;
2257		scsi_ulto2b(iid, id->scsi_addr);
2258		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2259		return (sizeof(*id));
2260	}
2261	}
2262}
2263
2264/*
2265 * Serialize a command that went down the "wrong" side, and so was sent to
2266 * this controller for execution.  The logic is a little different than the
2267 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2268 * sent back to the other side, but in the success case, we execute the
2269 * command on this side (XFER mode) or tell the other side to execute it
2270 * (SER_ONLY mode).
2271 */
2272static void
2273ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2274{
2275	struct ctl_softc *softc = CTL_SOFTC(ctsio);
2276	struct ctl_port *port = CTL_PORT(ctsio);
2277	union ctl_ha_msg msg_info;
2278	struct ctl_lun *lun;
2279	const struct ctl_cmd_entry *entry;
2280	union ctl_io *bio;
2281	uint32_t targ_lun;
2282
2283	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2284
2285	/* Make sure that we know about this port. */
2286	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2287		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2288					 /*retry_count*/ 1);
2289		goto badjuju;
2290	}
2291
2292	/* Make sure that we know about this LUN. */
2293	mtx_lock(&softc->ctl_lock);
2294	if (targ_lun >= ctl_max_luns ||
2295	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
2296		mtx_unlock(&softc->ctl_lock);
2297
2298		/*
2299		 * The other node would not send this request to us unless
2300		 * received announce that we are primary node for this LUN.
2301		 * If this LUN does not exist now, it is probably result of
2302		 * a race, so respond to initiator in the most opaque way.
2303		 */
2304		ctl_set_busy(ctsio);
2305		goto badjuju;
2306	}
2307	mtx_lock(&lun->lun_lock);
2308	mtx_unlock(&softc->ctl_lock);
2309
2310	/*
2311	 * If the LUN is invalid, pretend that it doesn't exist.
2312	 * It will go away as soon as all pending I/Os completed.
2313	 */
2314	if (lun->flags & CTL_LUN_DISABLED) {
2315		mtx_unlock(&lun->lun_lock);
2316		ctl_set_busy(ctsio);
2317		goto badjuju;
2318	}
2319
2320	entry = ctl_get_cmd_entry(ctsio, NULL);
2321	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2322		mtx_unlock(&lun->lun_lock);
2323		goto badjuju;
2324	}
2325
2326	CTL_LUN(ctsio) = lun;
2327	CTL_BACKEND_LUN(ctsio) = lun->be_lun;
2328
2329	/*
2330	 * Every I/O goes into the OOA queue for a
2331	 * particular LUN, and stays there until completion.
2332	 */
2333#ifdef CTL_TIME_IO
2334	if (TAILQ_EMPTY(&lun->ooa_queue))
2335		lun->idle_time += getsbinuptime() - lun->last_busy;
2336#endif
2337	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2338
2339	bio = (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq, ooa_links);
2340	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio, &bio)) {
2341	case CTL_ACTION_BLOCK:
2342		ctsio->io_hdr.blocker = bio;
2343		TAILQ_INSERT_TAIL(&bio->io_hdr.blocked_queue, &ctsio->io_hdr,
2344				  blocked_links);
2345		mtx_unlock(&lun->lun_lock);
2346		break;
2347	case CTL_ACTION_PASS:
2348	case CTL_ACTION_SKIP:
2349		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2350			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2351			ctl_enqueue_rtr((union ctl_io *)ctsio);
2352			mtx_unlock(&lun->lun_lock);
2353		} else {
2354			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2355			mtx_unlock(&lun->lun_lock);
2356
2357			/* send msg back to other side */
2358			msg_info.hdr.original_sc = ctsio->io_hdr.remote_io;
2359			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2360			msg_info.hdr.msg_type = CTL_MSG_R2R;
2361			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2362			    sizeof(msg_info.hdr), M_WAITOK);
2363		}
2364		break;
2365	case CTL_ACTION_OVERLAP:
2366		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2367		mtx_unlock(&lun->lun_lock);
2368		ctl_set_overlapped_cmd(ctsio);
2369		goto badjuju;
2370	case CTL_ACTION_OVERLAP_TAG:
2371		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2372		mtx_unlock(&lun->lun_lock);
2373		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2374		goto badjuju;
2375	case CTL_ACTION_ERROR:
2376	default:
2377		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2378		mtx_unlock(&lun->lun_lock);
2379
2380		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2381					 /*retry_count*/ 0);
2382badjuju:
2383		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2384		msg_info.hdr.original_sc = ctsio->io_hdr.remote_io;
2385		msg_info.hdr.serializing_sc = NULL;
2386		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2387		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2388		    sizeof(msg_info.scsi), M_WAITOK);
2389		ctl_free_io((union ctl_io *)ctsio);
2390		break;
2391	}
2392}
2393
2394/*
2395 * Returns 0 for success, errno for failure.
2396 */
2397static void
2398ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2399		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2400{
2401	union ctl_io *io;
2402
2403	mtx_lock(&lun->lun_lock);
2404	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2405	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2406	     ooa_links)) {
2407		struct ctl_ooa_entry *entry;
2408
2409		/*
2410		 * If we've got more than we can fit, just count the
2411		 * remaining entries.
2412		 */
2413		if (*cur_fill_num >= ooa_hdr->alloc_num)
2414			continue;
2415
2416		entry = &kern_entries[*cur_fill_num];
2417
2418		entry->tag_num = io->scsiio.tag_num;
2419		entry->lun_num = lun->lun;
2420#ifdef CTL_TIME_IO
2421		entry->start_bt = io->io_hdr.start_bt;
2422#endif
2423		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2424		entry->cdb_len = io->scsiio.cdb_len;
2425		if (io->io_hdr.blocker != NULL)
2426			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2427
2428		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2429			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2430
2431		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2432			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2433
2434		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2435			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2436
2437		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2438			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2439	}
2440	mtx_unlock(&lun->lun_lock);
2441}
2442
2443static void *
2444ctl_copyin_alloc(void *user_addr, unsigned int len, char *error_str,
2445		 size_t error_str_len)
2446{
2447	void *kptr;
2448
2449	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2450
2451	if (copyin(user_addr, kptr, len) != 0) {
2452		snprintf(error_str, error_str_len, "Error copying %d bytes "
2453			 "from user address %p to kernel address %p", len,
2454			 user_addr, kptr);
2455		free(kptr, M_CTL);
2456		return (NULL);
2457	}
2458
2459	return (kptr);
2460}
2461
2462static void
2463ctl_free_args(int num_args, struct ctl_be_arg *args)
2464{
2465	int i;
2466
2467	if (args == NULL)
2468		return;
2469
2470	for (i = 0; i < num_args; i++) {
2471		free(args[i].kname, M_CTL);
2472		free(args[i].kvalue, M_CTL);
2473	}
2474
2475	free(args, M_CTL);
2476}
2477
2478static struct ctl_be_arg *
2479ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2480		char *error_str, size_t error_str_len)
2481{
2482	struct ctl_be_arg *args;
2483	int i;
2484
2485	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2486				error_str, error_str_len);
2487
2488	if (args == NULL)
2489		goto bailout;
2490
2491	for (i = 0; i < num_args; i++) {
2492		args[i].kname = NULL;
2493		args[i].kvalue = NULL;
2494	}
2495
2496	for (i = 0; i < num_args; i++) {
2497		uint8_t *tmpptr;
2498
2499		if (args[i].namelen == 0) {
2500			snprintf(error_str, error_str_len, "Argument %d "
2501				 "name length is zero", i);
2502			goto bailout;
2503		}
2504
2505		args[i].kname = ctl_copyin_alloc(args[i].name,
2506			args[i].namelen, error_str, error_str_len);
2507		if (args[i].kname == NULL)
2508			goto bailout;
2509
2510		if (args[i].kname[args[i].namelen - 1] != '\0') {
2511			snprintf(error_str, error_str_len, "Argument %d "
2512				 "name is not NUL-terminated", i);
2513			goto bailout;
2514		}
2515
2516		if (args[i].flags & CTL_BEARG_RD) {
2517			if (args[i].vallen == 0) {
2518				snprintf(error_str, error_str_len, "Argument %d "
2519					 "value length is zero", i);
2520				goto bailout;
2521			}
2522
2523			tmpptr = ctl_copyin_alloc(args[i].value,
2524				args[i].vallen, error_str, error_str_len);
2525			if (tmpptr == NULL)
2526				goto bailout;
2527
2528			if ((args[i].flags & CTL_BEARG_ASCII)
2529			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2530				snprintf(error_str, error_str_len, "Argument "
2531				    "%d value is not NUL-terminated", i);
2532				free(tmpptr, M_CTL);
2533				goto bailout;
2534			}
2535			args[i].kvalue = tmpptr;
2536		} else {
2537			args[i].kvalue = malloc(args[i].vallen,
2538			    M_CTL, M_WAITOK | M_ZERO);
2539		}
2540	}
2541
2542	return (args);
2543bailout:
2544
2545	ctl_free_args(num_args, args);
2546
2547	return (NULL);
2548}
2549
2550static void
2551ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2552{
2553	int i;
2554
2555	for (i = 0; i < num_args; i++) {
2556		if (args[i].flags & CTL_BEARG_WR)
2557			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2558	}
2559}
2560
2561/*
2562 * Escape characters that are illegal or not recommended in XML.
2563 */
2564int
2565ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2566{
2567	char *end = str + size;
2568	int retval;
2569
2570	retval = 0;
2571
2572	for (; *str && str < end; str++) {
2573		switch (*str) {
2574		case '&':
2575			retval = sbuf_printf(sb, "&amp;");
2576			break;
2577		case '>':
2578			retval = sbuf_printf(sb, "&gt;");
2579			break;
2580		case '<':
2581			retval = sbuf_printf(sb, "&lt;");
2582			break;
2583		default:
2584			retval = sbuf_putc(sb, *str);
2585			break;
2586		}
2587
2588		if (retval != 0)
2589			break;
2590
2591	}
2592
2593	return (retval);
2594}
2595
2596static void
2597ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2598{
2599	struct scsi_vpd_id_descriptor *desc;
2600	int i;
2601
2602	if (id == NULL || id->len < 4)
2603		return;
2604	desc = (struct scsi_vpd_id_descriptor *)id->data;
2605	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2606	case SVPD_ID_TYPE_T10:
2607		sbuf_printf(sb, "t10.");
2608		break;
2609	case SVPD_ID_TYPE_EUI64:
2610		sbuf_printf(sb, "eui.");
2611		break;
2612	case SVPD_ID_TYPE_NAA:
2613		sbuf_printf(sb, "naa.");
2614		break;
2615	case SVPD_ID_TYPE_SCSI_NAME:
2616		break;
2617	}
2618	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2619	case SVPD_ID_CODESET_BINARY:
2620		for (i = 0; i < desc->length; i++)
2621			sbuf_printf(sb, "%02x", desc->identifier[i]);
2622		break;
2623	case SVPD_ID_CODESET_ASCII:
2624		sbuf_printf(sb, "%.*s", (int)desc->length,
2625		    (char *)desc->identifier);
2626		break;
2627	case SVPD_ID_CODESET_UTF8:
2628		sbuf_printf(sb, "%s", (char *)desc->identifier);
2629		break;
2630	}
2631}
2632
2633static int
2634ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2635	  struct thread *td)
2636{
2637	struct ctl_softc *softc = dev->si_drv1;
2638	struct ctl_port *port;
2639	struct ctl_lun *lun;
2640	int retval;
2641
2642	retval = 0;
2643
2644	switch (cmd) {
2645	case CTL_IO:
2646		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2647		break;
2648	case CTL_ENABLE_PORT:
2649	case CTL_DISABLE_PORT:
2650	case CTL_SET_PORT_WWNS: {
2651		struct ctl_port *port;
2652		struct ctl_port_entry *entry;
2653
2654		entry = (struct ctl_port_entry *)addr;
2655
2656		mtx_lock(&softc->ctl_lock);
2657		STAILQ_FOREACH(port, &softc->port_list, links) {
2658			int action, done;
2659
2660			if (port->targ_port < softc->port_min ||
2661			    port->targ_port >= softc->port_max)
2662				continue;
2663
2664			action = 0;
2665			done = 0;
2666			if ((entry->port_type == CTL_PORT_NONE)
2667			 && (entry->targ_port == port->targ_port)) {
2668				/*
2669				 * If the user only wants to enable or
2670				 * disable or set WWNs on a specific port,
2671				 * do the operation and we're done.
2672				 */
2673				action = 1;
2674				done = 1;
2675			} else if (entry->port_type & port->port_type) {
2676				/*
2677				 * Compare the user's type mask with the
2678				 * particular frontend type to see if we
2679				 * have a match.
2680				 */
2681				action = 1;
2682				done = 0;
2683
2684				/*
2685				 * Make sure the user isn't trying to set
2686				 * WWNs on multiple ports at the same time.
2687				 */
2688				if (cmd == CTL_SET_PORT_WWNS) {
2689					printf("%s: Can't set WWNs on "
2690					       "multiple ports\n", __func__);
2691					retval = EINVAL;
2692					break;
2693				}
2694			}
2695			if (action == 0)
2696				continue;
2697
2698			/*
2699			 * XXX KDM we have to drop the lock here, because
2700			 * the online/offline operations can potentially
2701			 * block.  We need to reference count the frontends
2702			 * so they can't go away,
2703			 */
2704			if (cmd == CTL_ENABLE_PORT) {
2705				mtx_unlock(&softc->ctl_lock);
2706				ctl_port_online(port);
2707				mtx_lock(&softc->ctl_lock);
2708			} else if (cmd == CTL_DISABLE_PORT) {
2709				mtx_unlock(&softc->ctl_lock);
2710				ctl_port_offline(port);
2711				mtx_lock(&softc->ctl_lock);
2712			} else if (cmd == CTL_SET_PORT_WWNS) {
2713				ctl_port_set_wwns(port,
2714				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2715				    1 : 0, entry->wwnn,
2716				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2717				    1 : 0, entry->wwpn);
2718			}
2719			if (done != 0)
2720				break;
2721		}
2722		mtx_unlock(&softc->ctl_lock);
2723		break;
2724	}
2725	case CTL_GET_OOA: {
2726		struct ctl_ooa *ooa_hdr;
2727		struct ctl_ooa_entry *entries;
2728		uint32_t cur_fill_num;
2729
2730		ooa_hdr = (struct ctl_ooa *)addr;
2731
2732		if ((ooa_hdr->alloc_len == 0)
2733		 || (ooa_hdr->alloc_num == 0)) {
2734			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2735			       "must be non-zero\n", __func__,
2736			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2737			retval = EINVAL;
2738			break;
2739		}
2740
2741		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2742		    sizeof(struct ctl_ooa_entry))) {
2743			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2744			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2745			       __func__, ooa_hdr->alloc_len,
2746			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2747			retval = EINVAL;
2748			break;
2749		}
2750
2751		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2752		if (entries == NULL) {
2753			printf("%s: could not allocate %d bytes for OOA "
2754			       "dump\n", __func__, ooa_hdr->alloc_len);
2755			retval = ENOMEM;
2756			break;
2757		}
2758
2759		mtx_lock(&softc->ctl_lock);
2760		if ((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0 &&
2761		    (ooa_hdr->lun_num >= ctl_max_luns ||
2762		     softc->ctl_luns[ooa_hdr->lun_num] == NULL)) {
2763			mtx_unlock(&softc->ctl_lock);
2764			free(entries, M_CTL);
2765			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2766			       __func__, (uintmax_t)ooa_hdr->lun_num);
2767			retval = EINVAL;
2768			break;
2769		}
2770
2771		cur_fill_num = 0;
2772
2773		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2774			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2775				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2776				    ooa_hdr, entries);
2777			}
2778		} else {
2779			lun = softc->ctl_luns[ooa_hdr->lun_num];
2780			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2781			    entries);
2782		}
2783		mtx_unlock(&softc->ctl_lock);
2784
2785		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2786		ooa_hdr->fill_len = ooa_hdr->fill_num *
2787			sizeof(struct ctl_ooa_entry);
2788		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2789		if (retval != 0) {
2790			printf("%s: error copying out %d bytes for OOA dump\n",
2791			       __func__, ooa_hdr->fill_len);
2792		}
2793
2794		getbinuptime(&ooa_hdr->cur_bt);
2795
2796		if (cur_fill_num > ooa_hdr->alloc_num) {
2797			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2798			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2799		} else {
2800			ooa_hdr->dropped_num = 0;
2801			ooa_hdr->status = CTL_OOA_OK;
2802		}
2803
2804		free(entries, M_CTL);
2805		break;
2806	}
2807	case CTL_DELAY_IO: {
2808		struct ctl_io_delay_info *delay_info;
2809
2810		delay_info = (struct ctl_io_delay_info *)addr;
2811
2812#ifdef CTL_IO_DELAY
2813		mtx_lock(&softc->ctl_lock);
2814		if (delay_info->lun_id >= ctl_max_luns ||
2815		    (lun = softc->ctl_luns[delay_info->lun_id]) == NULL) {
2816			mtx_unlock(&softc->ctl_lock);
2817			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2818			break;
2819		}
2820		mtx_lock(&lun->lun_lock);
2821		mtx_unlock(&softc->ctl_lock);
2822		delay_info->status = CTL_DELAY_STATUS_OK;
2823		switch (delay_info->delay_type) {
2824		case CTL_DELAY_TYPE_CONT:
2825		case CTL_DELAY_TYPE_ONESHOT:
2826			break;
2827		default:
2828			delay_info->status = CTL_DELAY_STATUS_INVALID_TYPE;
2829			break;
2830		}
2831		switch (delay_info->delay_loc) {
2832		case CTL_DELAY_LOC_DATAMOVE:
2833			lun->delay_info.datamove_type = delay_info->delay_type;
2834			lun->delay_info.datamove_delay = delay_info->delay_secs;
2835			break;
2836		case CTL_DELAY_LOC_DONE:
2837			lun->delay_info.done_type = delay_info->delay_type;
2838			lun->delay_info.done_delay = delay_info->delay_secs;
2839			break;
2840		default:
2841			delay_info->status = CTL_DELAY_STATUS_INVALID_LOC;
2842			break;
2843		}
2844		mtx_unlock(&lun->lun_lock);
2845#else
2846		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2847#endif /* CTL_IO_DELAY */
2848		break;
2849	}
2850#ifdef CTL_LEGACY_STATS
2851	case CTL_GETSTATS: {
2852		struct ctl_stats *stats = (struct ctl_stats *)addr;
2853		int i;
2854
2855		/*
2856		 * XXX KDM no locking here.  If the LUN list changes,
2857		 * things can blow up.
2858		 */
2859		i = 0;
2860		stats->status = CTL_SS_OK;
2861		stats->fill_len = 0;
2862		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2863			if (stats->fill_len + sizeof(lun->legacy_stats) >
2864			    stats->alloc_len) {
2865				stats->status = CTL_SS_NEED_MORE_SPACE;
2866				break;
2867			}
2868			retval = copyout(&lun->legacy_stats, &stats->lun_stats[i++],
2869					 sizeof(lun->legacy_stats));
2870			if (retval != 0)
2871				break;
2872			stats->fill_len += sizeof(lun->legacy_stats);
2873		}
2874		stats->num_luns = softc->num_luns;
2875		stats->flags = CTL_STATS_FLAG_NONE;
2876#ifdef CTL_TIME_IO
2877		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
2878#endif
2879		getnanouptime(&stats->timestamp);
2880		break;
2881	}
2882#endif /* CTL_LEGACY_STATS */
2883	case CTL_ERROR_INJECT: {
2884		struct ctl_error_desc *err_desc, *new_err_desc;
2885
2886		err_desc = (struct ctl_error_desc *)addr;
2887
2888		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2889				      M_WAITOK | M_ZERO);
2890		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2891
2892		mtx_lock(&softc->ctl_lock);
2893		if (err_desc->lun_id >= ctl_max_luns ||
2894		    (lun = softc->ctl_luns[err_desc->lun_id]) == NULL) {
2895			mtx_unlock(&softc->ctl_lock);
2896			free(new_err_desc, M_CTL);
2897			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2898			       __func__, (uintmax_t)err_desc->lun_id);
2899			retval = EINVAL;
2900			break;
2901		}
2902		mtx_lock(&lun->lun_lock);
2903		mtx_unlock(&softc->ctl_lock);
2904
2905		/*
2906		 * We could do some checking here to verify the validity
2907		 * of the request, but given the complexity of error
2908		 * injection requests, the checking logic would be fairly
2909		 * complex.
2910		 *
2911		 * For now, if the request is invalid, it just won't get
2912		 * executed and might get deleted.
2913		 */
2914		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2915
2916		/*
2917		 * XXX KDM check to make sure the serial number is unique,
2918		 * in case we somehow manage to wrap.  That shouldn't
2919		 * happen for a very long time, but it's the right thing to
2920		 * do.
2921		 */
2922		new_err_desc->serial = lun->error_serial;
2923		err_desc->serial = lun->error_serial;
2924		lun->error_serial++;
2925
2926		mtx_unlock(&lun->lun_lock);
2927		break;
2928	}
2929	case CTL_ERROR_INJECT_DELETE: {
2930		struct ctl_error_desc *delete_desc, *desc, *desc2;
2931		int delete_done;
2932
2933		delete_desc = (struct ctl_error_desc *)addr;
2934		delete_done = 0;
2935
2936		mtx_lock(&softc->ctl_lock);
2937		if (delete_desc->lun_id >= ctl_max_luns ||
2938		    (lun = softc->ctl_luns[delete_desc->lun_id]) == NULL) {
2939			mtx_unlock(&softc->ctl_lock);
2940			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2941			       __func__, (uintmax_t)delete_desc->lun_id);
2942			retval = EINVAL;
2943			break;
2944		}
2945		mtx_lock(&lun->lun_lock);
2946		mtx_unlock(&softc->ctl_lock);
2947		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2948			if (desc->serial != delete_desc->serial)
2949				continue;
2950
2951			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2952				      links);
2953			free(desc, M_CTL);
2954			delete_done = 1;
2955		}
2956		mtx_unlock(&lun->lun_lock);
2957		if (delete_done == 0) {
2958			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2959			       "error serial %ju on LUN %u\n", __func__,
2960			       delete_desc->serial, delete_desc->lun_id);
2961			retval = EINVAL;
2962			break;
2963		}
2964		break;
2965	}
2966	case CTL_DUMP_STRUCTS: {
2967		int j, k;
2968		struct ctl_port *port;
2969		struct ctl_frontend *fe;
2970
2971		mtx_lock(&softc->ctl_lock);
2972		printf("CTL Persistent Reservation information start:\n");
2973		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2974			mtx_lock(&lun->lun_lock);
2975			if ((lun->flags & CTL_LUN_DISABLED) != 0) {
2976				mtx_unlock(&lun->lun_lock);
2977				continue;
2978			}
2979
2980			for (j = 0; j < ctl_max_ports; j++) {
2981				if (lun->pr_keys[j] == NULL)
2982					continue;
2983				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2984					if (lun->pr_keys[j][k] == 0)
2985						continue;
2986					printf("  LUN %ju port %d iid %d key "
2987					       "%#jx\n", lun->lun, j, k,
2988					       (uintmax_t)lun->pr_keys[j][k]);
2989				}
2990			}
2991			mtx_unlock(&lun->lun_lock);
2992		}
2993		printf("CTL Persistent Reservation information end\n");
2994		printf("CTL Ports:\n");
2995		STAILQ_FOREACH(port, &softc->port_list, links) {
2996			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2997			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2998			       port->frontend->name, port->port_type,
2999			       port->physical_port, port->virtual_port,
3000			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3001			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3002				if (port->wwpn_iid[j].in_use == 0 &&
3003				    port->wwpn_iid[j].wwpn == 0 &&
3004				    port->wwpn_iid[j].name == NULL)
3005					continue;
3006
3007				printf("    iid %u use %d WWPN %#jx '%s'\n",
3008				    j, port->wwpn_iid[j].in_use,
3009				    (uintmax_t)port->wwpn_iid[j].wwpn,
3010				    port->wwpn_iid[j].name);
3011			}
3012		}
3013		printf("CTL Port information end\n");
3014		mtx_unlock(&softc->ctl_lock);
3015		/*
3016		 * XXX KDM calling this without a lock.  We'd likely want
3017		 * to drop the lock before calling the frontend's dump
3018		 * routine anyway.
3019		 */
3020		printf("CTL Frontends:\n");
3021		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3022			printf("  Frontend '%s'\n", fe->name);
3023			if (fe->fe_dump != NULL)
3024				fe->fe_dump();
3025		}
3026		printf("CTL Frontend information end\n");
3027		break;
3028	}
3029	case CTL_LUN_REQ: {
3030		struct ctl_lun_req *lun_req;
3031		struct ctl_backend_driver *backend;
3032
3033		lun_req = (struct ctl_lun_req *)addr;
3034
3035		backend = ctl_backend_find(lun_req->backend);
3036		if (backend == NULL) {
3037			lun_req->status = CTL_LUN_ERROR;
3038			snprintf(lun_req->error_str,
3039				 sizeof(lun_req->error_str),
3040				 "Backend \"%s\" not found.",
3041				 lun_req->backend);
3042			break;
3043		}
3044		if (lun_req->num_be_args > 0) {
3045			lun_req->kern_be_args = ctl_copyin_args(
3046				lun_req->num_be_args,
3047				lun_req->be_args,
3048				lun_req->error_str,
3049				sizeof(lun_req->error_str));
3050			if (lun_req->kern_be_args == NULL) {
3051				lun_req->status = CTL_LUN_ERROR;
3052				break;
3053			}
3054		}
3055
3056		retval = backend->ioctl(dev, cmd, addr, flag, td);
3057
3058		if (lun_req->num_be_args > 0) {
3059			ctl_copyout_args(lun_req->num_be_args,
3060				      lun_req->kern_be_args);
3061			ctl_free_args(lun_req->num_be_args,
3062				      lun_req->kern_be_args);
3063		}
3064		break;
3065	}
3066	case CTL_LUN_LIST: {
3067		struct sbuf *sb;
3068		struct ctl_lun_list *list;
3069		struct ctl_option *opt;
3070
3071		list = (struct ctl_lun_list *)addr;
3072
3073		/*
3074		 * Allocate a fixed length sbuf here, based on the length
3075		 * of the user's buffer.  We could allocate an auto-extending
3076		 * buffer, and then tell the user how much larger our
3077		 * amount of data is than his buffer, but that presents
3078		 * some problems:
3079		 *
3080		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3081		 *     we can't hold a lock while calling them with an
3082		 *     auto-extending buffer.
3083 		 *
3084		 * 2.  There is not currently a LUN reference counting
3085		 *     mechanism, outside of outstanding transactions on
3086		 *     the LUN's OOA queue.  So a LUN could go away on us
3087		 *     while we're getting the LUN number, backend-specific
3088		 *     information, etc.  Thus, given the way things
3089		 *     currently work, we need to hold the CTL lock while
3090		 *     grabbing LUN information.
3091		 *
3092		 * So, from the user's standpoint, the best thing to do is
3093		 * allocate what he thinks is a reasonable buffer length,
3094		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3095		 * double the buffer length and try again.  (And repeat
3096		 * that until he succeeds.)
3097		 */
3098		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3099		if (sb == NULL) {
3100			list->status = CTL_LUN_LIST_ERROR;
3101			snprintf(list->error_str, sizeof(list->error_str),
3102				 "Unable to allocate %d bytes for LUN list",
3103				 list->alloc_len);
3104			break;
3105		}
3106
3107		sbuf_printf(sb, "<ctllunlist>\n");
3108
3109		mtx_lock(&softc->ctl_lock);
3110		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3111			mtx_lock(&lun->lun_lock);
3112			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3113					     (uintmax_t)lun->lun);
3114
3115			/*
3116			 * Bail out as soon as we see that we've overfilled
3117			 * the buffer.
3118			 */
3119			if (retval != 0)
3120				break;
3121
3122			retval = sbuf_printf(sb, "\t<backend_type>%s"
3123					     "</backend_type>\n",
3124					     (lun->backend == NULL) ?  "none" :
3125					     lun->backend->name);
3126
3127			if (retval != 0)
3128				break;
3129
3130			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3131					     lun->be_lun->lun_type);
3132
3133			if (retval != 0)
3134				break;
3135
3136			if (lun->backend == NULL) {
3137				retval = sbuf_printf(sb, "</lun>\n");
3138				if (retval != 0)
3139					break;
3140				continue;
3141			}
3142
3143			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3144					     (lun->be_lun->maxlba > 0) ?
3145					     lun->be_lun->maxlba + 1 : 0);
3146
3147			if (retval != 0)
3148				break;
3149
3150			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3151					     lun->be_lun->blocksize);
3152
3153			if (retval != 0)
3154				break;
3155
3156			retval = sbuf_printf(sb, "\t<serial_number>");
3157
3158			if (retval != 0)
3159				break;
3160
3161			retval = ctl_sbuf_printf_esc(sb,
3162			    lun->be_lun->serial_num,
3163			    sizeof(lun->be_lun->serial_num));
3164
3165			if (retval != 0)
3166				break;
3167
3168			retval = sbuf_printf(sb, "</serial_number>\n");
3169
3170			if (retval != 0)
3171				break;
3172
3173			retval = sbuf_printf(sb, "\t<device_id>");
3174
3175			if (retval != 0)
3176				break;
3177
3178			retval = ctl_sbuf_printf_esc(sb,
3179			    lun->be_lun->device_id,
3180			    sizeof(lun->be_lun->device_id));
3181
3182			if (retval != 0)
3183				break;
3184
3185			retval = sbuf_printf(sb, "</device_id>\n");
3186
3187			if (retval != 0)
3188				break;
3189
3190			if (lun->backend->lun_info != NULL) {
3191				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3192				if (retval != 0)
3193					break;
3194			}
3195			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3196				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3197				    opt->name, opt->value, opt->name);
3198				if (retval != 0)
3199					break;
3200			}
3201
3202			retval = sbuf_printf(sb, "</lun>\n");
3203
3204			if (retval != 0)
3205				break;
3206			mtx_unlock(&lun->lun_lock);
3207		}
3208		if (lun != NULL)
3209			mtx_unlock(&lun->lun_lock);
3210		mtx_unlock(&softc->ctl_lock);
3211
3212		if ((retval != 0)
3213		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3214			retval = 0;
3215			sbuf_delete(sb);
3216			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3217			snprintf(list->error_str, sizeof(list->error_str),
3218				 "Out of space, %d bytes is too small",
3219				 list->alloc_len);
3220			break;
3221		}
3222
3223		sbuf_finish(sb);
3224
3225		retval = copyout(sbuf_data(sb), list->lun_xml,
3226				 sbuf_len(sb) + 1);
3227
3228		list->fill_len = sbuf_len(sb) + 1;
3229		list->status = CTL_LUN_LIST_OK;
3230		sbuf_delete(sb);
3231		break;
3232	}
3233	case CTL_ISCSI: {
3234		struct ctl_iscsi *ci;
3235		struct ctl_frontend *fe;
3236
3237		ci = (struct ctl_iscsi *)addr;
3238
3239		fe = ctl_frontend_find("iscsi");
3240		if (fe == NULL) {
3241			ci->status = CTL_ISCSI_ERROR;
3242			snprintf(ci->error_str, sizeof(ci->error_str),
3243			    "Frontend \"iscsi\" not found.");
3244			break;
3245		}
3246
3247		retval = fe->ioctl(dev, cmd, addr, flag, td);
3248		break;
3249	}
3250	case CTL_PORT_REQ: {
3251		struct ctl_req *req;
3252		struct ctl_frontend *fe;
3253
3254		req = (struct ctl_req *)addr;
3255
3256		fe = ctl_frontend_find(req->driver);
3257		if (fe == NULL) {
3258			req->status = CTL_LUN_ERROR;
3259			snprintf(req->error_str, sizeof(req->error_str),
3260			    "Frontend \"%s\" not found.", req->driver);
3261			break;
3262		}
3263		if (req->num_args > 0) {
3264			req->kern_args = ctl_copyin_args(req->num_args,
3265			    req->args, req->error_str, sizeof(req->error_str));
3266			if (req->kern_args == NULL) {
3267				req->status = CTL_LUN_ERROR;
3268				break;
3269			}
3270		}
3271
3272		if (fe->ioctl)
3273			retval = fe->ioctl(dev, cmd, addr, flag, td);
3274		else
3275			retval = ENODEV;
3276
3277		if (req->num_args > 0) {
3278			ctl_copyout_args(req->num_args, req->kern_args);
3279			ctl_free_args(req->num_args, req->kern_args);
3280		}
3281		break;
3282	}
3283	case CTL_PORT_LIST: {
3284		struct sbuf *sb;
3285		struct ctl_port *port;
3286		struct ctl_lun_list *list;
3287		struct ctl_option *opt;
3288		int j;
3289		uint32_t plun;
3290
3291		list = (struct ctl_lun_list *)addr;
3292
3293		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3294		if (sb == NULL) {
3295			list->status = CTL_LUN_LIST_ERROR;
3296			snprintf(list->error_str, sizeof(list->error_str),
3297				 "Unable to allocate %d bytes for LUN list",
3298				 list->alloc_len);
3299			break;
3300		}
3301
3302		sbuf_printf(sb, "<ctlportlist>\n");
3303
3304		mtx_lock(&softc->ctl_lock);
3305		STAILQ_FOREACH(port, &softc->port_list, links) {
3306			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3307					     (uintmax_t)port->targ_port);
3308
3309			/*
3310			 * Bail out as soon as we see that we've overfilled
3311			 * the buffer.
3312			 */
3313			if (retval != 0)
3314				break;
3315
3316			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3317			    "</frontend_type>\n", port->frontend->name);
3318			if (retval != 0)
3319				break;
3320
3321			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3322					     port->port_type);
3323			if (retval != 0)
3324				break;
3325
3326			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3327			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3328			if (retval != 0)
3329				break;
3330
3331			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3332			    port->port_name);
3333			if (retval != 0)
3334				break;
3335
3336			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3337			    port->physical_port);
3338			if (retval != 0)
3339				break;
3340
3341			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3342			    port->virtual_port);
3343			if (retval != 0)
3344				break;
3345
3346			if (port->target_devid != NULL) {
3347				sbuf_printf(sb, "\t<target>");
3348				ctl_id_sbuf(port->target_devid, sb);
3349				sbuf_printf(sb, "</target>\n");
3350			}
3351
3352			if (port->port_devid != NULL) {
3353				sbuf_printf(sb, "\t<port>");
3354				ctl_id_sbuf(port->port_devid, sb);
3355				sbuf_printf(sb, "</port>\n");
3356			}
3357
3358			if (port->port_info != NULL) {
3359				retval = port->port_info(port->onoff_arg, sb);
3360				if (retval != 0)
3361					break;
3362			}
3363			STAILQ_FOREACH(opt, &port->options, links) {
3364				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3365				    opt->name, opt->value, opt->name);
3366				if (retval != 0)
3367					break;
3368			}
3369
3370			if (port->lun_map != NULL) {
3371				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3372				for (j = 0; j < port->lun_map_size; j++) {
3373					plun = ctl_lun_map_from_port(port, j);
3374					if (plun == UINT32_MAX)
3375						continue;
3376					sbuf_printf(sb,
3377					    "\t<lun id=\"%u\">%u</lun>\n",
3378					    j, plun);
3379				}
3380			}
3381
3382			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3383				if (port->wwpn_iid[j].in_use == 0 ||
3384				    (port->wwpn_iid[j].wwpn == 0 &&
3385				     port->wwpn_iid[j].name == NULL))
3386					continue;
3387
3388				if (port->wwpn_iid[j].name != NULL)
3389					retval = sbuf_printf(sb,
3390					    "\t<initiator id=\"%u\">%s</initiator>\n",
3391					    j, port->wwpn_iid[j].name);
3392				else
3393					retval = sbuf_printf(sb,
3394					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3395					    j, port->wwpn_iid[j].wwpn);
3396				if (retval != 0)
3397					break;
3398			}
3399			if (retval != 0)
3400				break;
3401
3402			retval = sbuf_printf(sb, "</targ_port>\n");
3403			if (retval != 0)
3404				break;
3405		}
3406		mtx_unlock(&softc->ctl_lock);
3407
3408		if ((retval != 0)
3409		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3410			retval = 0;
3411			sbuf_delete(sb);
3412			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3413			snprintf(list->error_str, sizeof(list->error_str),
3414				 "Out of space, %d bytes is too small",
3415				 list->alloc_len);
3416			break;
3417		}
3418
3419		sbuf_finish(sb);
3420
3421		retval = copyout(sbuf_data(sb), list->lun_xml,
3422				 sbuf_len(sb) + 1);
3423
3424		list->fill_len = sbuf_len(sb) + 1;
3425		list->status = CTL_LUN_LIST_OK;
3426		sbuf_delete(sb);
3427		break;
3428	}
3429	case CTL_LUN_MAP: {
3430		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3431		struct ctl_port *port;
3432
3433		mtx_lock(&softc->ctl_lock);
3434		if (lm->port < softc->port_min ||
3435		    lm->port >= softc->port_max ||
3436		    (port = softc->ctl_ports[lm->port]) == NULL) {
3437			mtx_unlock(&softc->ctl_lock);
3438			return (ENXIO);
3439		}
3440		if (port->status & CTL_PORT_STATUS_ONLINE) {
3441			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3442				if (ctl_lun_map_to_port(port, lun->lun) ==
3443				    UINT32_MAX)
3444					continue;
3445				mtx_lock(&lun->lun_lock);
3446				ctl_est_ua_port(lun, lm->port, -1,
3447				    CTL_UA_LUN_CHANGE);
3448				mtx_unlock(&lun->lun_lock);
3449			}
3450		}
3451		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3452		if (lm->plun != UINT32_MAX) {
3453			if (lm->lun == UINT32_MAX)
3454				retval = ctl_lun_map_unset(port, lm->plun);
3455			else if (lm->lun < ctl_max_luns &&
3456			    softc->ctl_luns[lm->lun] != NULL)
3457				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3458			else
3459				return (ENXIO);
3460		} else {
3461			if (lm->lun == UINT32_MAX)
3462				retval = ctl_lun_map_deinit(port);
3463			else
3464				retval = ctl_lun_map_init(port);
3465		}
3466		if (port->status & CTL_PORT_STATUS_ONLINE)
3467			ctl_isc_announce_port(port);
3468		break;
3469	}
3470	case CTL_GET_LUN_STATS: {
3471		struct ctl_get_io_stats *stats = (struct ctl_get_io_stats *)addr;
3472		int i;
3473
3474		/*
3475		 * XXX KDM no locking here.  If the LUN list changes,
3476		 * things can blow up.
3477		 */
3478		i = 0;
3479		stats->status = CTL_SS_OK;
3480		stats->fill_len = 0;
3481		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3482			if (lun->lun < stats->first_item)
3483				continue;
3484			if (stats->fill_len + sizeof(lun->stats) >
3485			    stats->alloc_len) {
3486				stats->status = CTL_SS_NEED_MORE_SPACE;
3487				break;
3488			}
3489			retval = copyout(&lun->stats, &stats->stats[i++],
3490					 sizeof(lun->stats));
3491			if (retval != 0)
3492				break;
3493			stats->fill_len += sizeof(lun->stats);
3494		}
3495		stats->num_items = softc->num_luns;
3496		stats->flags = CTL_STATS_FLAG_NONE;
3497#ifdef CTL_TIME_IO
3498		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
3499#endif
3500		getnanouptime(&stats->timestamp);
3501		break;
3502	}
3503	case CTL_GET_PORT_STATS: {
3504		struct ctl_get_io_stats *stats = (struct ctl_get_io_stats *)addr;
3505		int i;
3506
3507		/*
3508		 * XXX KDM no locking here.  If the LUN list changes,
3509		 * things can blow up.
3510		 */
3511		i = 0;
3512		stats->status = CTL_SS_OK;
3513		stats->fill_len = 0;
3514		STAILQ_FOREACH(port, &softc->port_list, links) {
3515			if (port->targ_port < stats->first_item)
3516				continue;
3517			if (stats->fill_len + sizeof(port->stats) >
3518			    stats->alloc_len) {
3519				stats->status = CTL_SS_NEED_MORE_SPACE;
3520				break;
3521			}
3522			retval = copyout(&port->stats, &stats->stats[i++],
3523					 sizeof(port->stats));
3524			if (retval != 0)
3525				break;
3526			stats->fill_len += sizeof(port->stats);
3527		}
3528		stats->num_items = softc->num_ports;
3529		stats->flags = CTL_STATS_FLAG_NONE;
3530#ifdef CTL_TIME_IO
3531		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
3532#endif
3533		getnanouptime(&stats->timestamp);
3534		break;
3535	}
3536	default: {
3537		/* XXX KDM should we fix this? */
3538#if 0
3539		struct ctl_backend_driver *backend;
3540		unsigned int type;
3541		int found;
3542
3543		found = 0;
3544
3545		/*
3546		 * We encode the backend type as the ioctl type for backend
3547		 * ioctls.  So parse it out here, and then search for a
3548		 * backend of this type.
3549		 */
3550		type = _IOC_TYPE(cmd);
3551
3552		STAILQ_FOREACH(backend, &softc->be_list, links) {
3553			if (backend->type == type) {
3554				found = 1;
3555				break;
3556			}
3557		}
3558		if (found == 0) {
3559			printf("ctl: unknown ioctl command %#lx or backend "
3560			       "%d\n", cmd, type);
3561			retval = EINVAL;
3562			break;
3563		}
3564		retval = backend->ioctl(dev, cmd, addr, flag, td);
3565#endif
3566		retval = ENOTTY;
3567		break;
3568	}
3569	}
3570	return (retval);
3571}
3572
3573uint32_t
3574ctl_get_initindex(struct ctl_nexus *nexus)
3575{
3576	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3577}
3578
3579int
3580ctl_lun_map_init(struct ctl_port *port)
3581{
3582	struct ctl_softc *softc = port->ctl_softc;
3583	struct ctl_lun *lun;
3584	int size = ctl_lun_map_size;
3585	uint32_t i;
3586
3587	if (port->lun_map == NULL || port->lun_map_size < size) {
3588		port->lun_map_size = 0;
3589		free(port->lun_map, M_CTL);
3590		port->lun_map = malloc(size * sizeof(uint32_t),
3591		    M_CTL, M_NOWAIT);
3592	}
3593	if (port->lun_map == NULL)
3594		return (ENOMEM);
3595	for (i = 0; i < size; i++)
3596		port->lun_map[i] = UINT32_MAX;
3597	port->lun_map_size = size;
3598	if (port->status & CTL_PORT_STATUS_ONLINE) {
3599		if (port->lun_disable != NULL) {
3600			STAILQ_FOREACH(lun, &softc->lun_list, links)
3601				port->lun_disable(port->targ_lun_arg, lun->lun);
3602		}
3603		ctl_isc_announce_port(port);
3604	}
3605	return (0);
3606}
3607
3608int
3609ctl_lun_map_deinit(struct ctl_port *port)
3610{
3611	struct ctl_softc *softc = port->ctl_softc;
3612	struct ctl_lun *lun;
3613
3614	if (port->lun_map == NULL)
3615		return (0);
3616	port->lun_map_size = 0;
3617	free(port->lun_map, M_CTL);
3618	port->lun_map = NULL;
3619	if (port->status & CTL_PORT_STATUS_ONLINE) {
3620		if (port->lun_enable != NULL) {
3621			STAILQ_FOREACH(lun, &softc->lun_list, links)
3622				port->lun_enable(port->targ_lun_arg, lun->lun);
3623		}
3624		ctl_isc_announce_port(port);
3625	}
3626	return (0);
3627}
3628
3629int
3630ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3631{
3632	int status;
3633	uint32_t old;
3634
3635	if (port->lun_map == NULL) {
3636		status = ctl_lun_map_init(port);
3637		if (status != 0)
3638			return (status);
3639	}
3640	if (plun >= port->lun_map_size)
3641		return (EINVAL);
3642	old = port->lun_map[plun];
3643	port->lun_map[plun] = glun;
3644	if ((port->status & CTL_PORT_STATUS_ONLINE) && old == UINT32_MAX) {
3645		if (port->lun_enable != NULL)
3646			port->lun_enable(port->targ_lun_arg, plun);
3647		ctl_isc_announce_port(port);
3648	}
3649	return (0);
3650}
3651
3652int
3653ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3654{
3655	uint32_t old;
3656
3657	if (port->lun_map == NULL || plun >= port->lun_map_size)
3658		return (0);
3659	old = port->lun_map[plun];
3660	port->lun_map[plun] = UINT32_MAX;
3661	if ((port->status & CTL_PORT_STATUS_ONLINE) && old != UINT32_MAX) {
3662		if (port->lun_disable != NULL)
3663			port->lun_disable(port->targ_lun_arg, plun);
3664		ctl_isc_announce_port(port);
3665	}
3666	return (0);
3667}
3668
3669uint32_t
3670ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3671{
3672
3673	if (port == NULL)
3674		return (UINT32_MAX);
3675	if (port->lun_map == NULL)
3676		return (lun_id);
3677	if (lun_id > port->lun_map_size)
3678		return (UINT32_MAX);
3679	return (port->lun_map[lun_id]);
3680}
3681
3682uint32_t
3683ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3684{
3685	uint32_t i;
3686
3687	if (port == NULL)
3688		return (UINT32_MAX);
3689	if (port->lun_map == NULL)
3690		return (lun_id);
3691	for (i = 0; i < port->lun_map_size; i++) {
3692		if (port->lun_map[i] == lun_id)
3693			return (i);
3694	}
3695	return (UINT32_MAX);
3696}
3697
3698uint32_t
3699ctl_decode_lun(uint64_t encoded)
3700{
3701	uint8_t lun[8];
3702	uint32_t result = 0xffffffff;
3703
3704	be64enc(lun, encoded);
3705	switch (lun[0] & RPL_LUNDATA_ATYP_MASK) {
3706	case RPL_LUNDATA_ATYP_PERIPH:
3707		if ((lun[0] & 0x3f) == 0 && lun[2] == 0 && lun[3] == 0 &&
3708		    lun[4] == 0 && lun[5] == 0 && lun[6] == 0 && lun[7] == 0)
3709			result = lun[1];
3710		break;
3711	case RPL_LUNDATA_ATYP_FLAT:
3712		if (lun[2] == 0 && lun[3] == 0 && lun[4] == 0 && lun[5] == 0 &&
3713		    lun[6] == 0 && lun[7] == 0)
3714			result = ((lun[0] & 0x3f) << 8) + lun[1];
3715		break;
3716	case RPL_LUNDATA_ATYP_EXTLUN:
3717		switch (lun[0] & RPL_LUNDATA_EXT_EAM_MASK) {
3718		case 0x02:
3719			switch (lun[0] & RPL_LUNDATA_EXT_LEN_MASK) {
3720			case 0x00:
3721				result = lun[1];
3722				break;
3723			case 0x10:
3724				result = (lun[1] << 16) + (lun[2] << 8) +
3725				    lun[3];
3726				break;
3727			case 0x20:
3728				if (lun[1] == 0 && lun[6] == 0 && lun[7] == 0)
3729					result = (lun[2] << 24) +
3730					    (lun[3] << 16) + (lun[4] << 8) +
3731					    lun[5];
3732				break;
3733			}
3734			break;
3735		case RPL_LUNDATA_EXT_EAM_NOT_SPEC:
3736			result = 0xffffffff;
3737			break;
3738		}
3739		break;
3740	}
3741	return (result);
3742}
3743
3744uint64_t
3745ctl_encode_lun(uint32_t decoded)
3746{
3747	uint64_t l = decoded;
3748
3749	if (l <= 0xff)
3750		return (((uint64_t)RPL_LUNDATA_ATYP_PERIPH << 56) | (l << 48));
3751	if (l <= 0x3fff)
3752		return (((uint64_t)RPL_LUNDATA_ATYP_FLAT << 56) | (l << 48));
3753	if (l <= 0xffffff)
3754		return (((uint64_t)(RPL_LUNDATA_ATYP_EXTLUN | 0x12) << 56) |
3755		    (l << 32));
3756	return ((((uint64_t)RPL_LUNDATA_ATYP_EXTLUN | 0x22) << 56) | (l << 16));
3757}
3758
3759int
3760ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3761{
3762	int i;
3763
3764	for (i = first; i < last; i++) {
3765		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3766			return (i);
3767	}
3768	return (-1);
3769}
3770
3771int
3772ctl_set_mask(uint32_t *mask, uint32_t bit)
3773{
3774	uint32_t chunk, piece;
3775
3776	chunk = bit >> 5;
3777	piece = bit % (sizeof(uint32_t) * 8);
3778
3779	if ((mask[chunk] & (1 << piece)) != 0)
3780		return (-1);
3781	else
3782		mask[chunk] |= (1 << piece);
3783
3784	return (0);
3785}
3786
3787int
3788ctl_clear_mask(uint32_t *mask, uint32_t bit)
3789{
3790	uint32_t chunk, piece;
3791
3792	chunk = bit >> 5;
3793	piece = bit % (sizeof(uint32_t) * 8);
3794
3795	if ((mask[chunk] & (1 << piece)) == 0)
3796		return (-1);
3797	else
3798		mask[chunk] &= ~(1 << piece);
3799
3800	return (0);
3801}
3802
3803int
3804ctl_is_set(uint32_t *mask, uint32_t bit)
3805{
3806	uint32_t chunk, piece;
3807
3808	chunk = bit >> 5;
3809	piece = bit % (sizeof(uint32_t) * 8);
3810
3811	if ((mask[chunk] & (1 << piece)) == 0)
3812		return (0);
3813	else
3814		return (1);
3815}
3816
3817static uint64_t
3818ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3819{
3820	uint64_t *t;
3821
3822	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3823	if (t == NULL)
3824		return (0);
3825	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3826}
3827
3828static void
3829ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3830{
3831	uint64_t *t;
3832
3833	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3834	if (t == NULL)
3835		return;
3836	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3837}
3838
3839static void
3840ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3841{
3842	uint64_t *p;
3843	u_int i;
3844
3845	i = residx/CTL_MAX_INIT_PER_PORT;
3846	if (lun->pr_keys[i] != NULL)
3847		return;
3848	mtx_unlock(&lun->lun_lock);
3849	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3850	    M_WAITOK | M_ZERO);
3851	mtx_lock(&lun->lun_lock);
3852	if (lun->pr_keys[i] == NULL)
3853		lun->pr_keys[i] = p;
3854	else
3855		free(p, M_CTL);
3856}
3857
3858static void
3859ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3860{
3861	uint64_t *t;
3862
3863	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3864	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3865	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3866}
3867
3868/*
3869 * ctl_softc, pool_name, total_ctl_io are passed in.
3870 * npool is passed out.
3871 */
3872int
3873ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3874		uint32_t total_ctl_io, void **npool)
3875{
3876	struct ctl_io_pool *pool;
3877
3878	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3879					    M_NOWAIT | M_ZERO);
3880	if (pool == NULL)
3881		return (ENOMEM);
3882
3883	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3884	pool->ctl_softc = ctl_softc;
3885#ifdef IO_POOLS
3886	pool->zone = uma_zsecond_create(pool->name, NULL,
3887	    NULL, NULL, NULL, ctl_softc->io_zone);
3888	/* uma_prealloc(pool->zone, total_ctl_io); */
3889#else
3890	pool->zone = ctl_softc->io_zone;
3891#endif
3892
3893	*npool = pool;
3894	return (0);
3895}
3896
3897void
3898ctl_pool_free(struct ctl_io_pool *pool)
3899{
3900
3901	if (pool == NULL)
3902		return;
3903
3904#ifdef IO_POOLS
3905	uma_zdestroy(pool->zone);
3906#endif
3907	free(pool, M_CTL);
3908}
3909
3910union ctl_io *
3911ctl_alloc_io(void *pool_ref)
3912{
3913	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3914	union ctl_io *io;
3915
3916	io = uma_zalloc(pool->zone, M_WAITOK);
3917	if (io != NULL) {
3918		io->io_hdr.pool = pool_ref;
3919		CTL_SOFTC(io) = pool->ctl_softc;
3920		TAILQ_INIT(&io->io_hdr.blocked_queue);
3921	}
3922	return (io);
3923}
3924
3925union ctl_io *
3926ctl_alloc_io_nowait(void *pool_ref)
3927{
3928	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3929	union ctl_io *io;
3930
3931	io = uma_zalloc(pool->zone, M_NOWAIT);
3932	if (io != NULL) {
3933		io->io_hdr.pool = pool_ref;
3934		CTL_SOFTC(io) = pool->ctl_softc;
3935		TAILQ_INIT(&io->io_hdr.blocked_queue);
3936	}
3937	return (io);
3938}
3939
3940void
3941ctl_free_io(union ctl_io *io)
3942{
3943	struct ctl_io_pool *pool;
3944
3945	if (io == NULL)
3946		return;
3947
3948	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3949	uma_zfree(pool->zone, io);
3950}
3951
3952void
3953ctl_zero_io(union ctl_io *io)
3954{
3955	struct ctl_io_pool *pool;
3956
3957	if (io == NULL)
3958		return;
3959
3960	/*
3961	 * May need to preserve linked list pointers at some point too.
3962	 */
3963	pool = io->io_hdr.pool;
3964	memset(io, 0, sizeof(*io));
3965	io->io_hdr.pool = pool;
3966	CTL_SOFTC(io) = pool->ctl_softc;
3967	TAILQ_INIT(&io->io_hdr.blocked_queue);
3968}
3969
3970int
3971ctl_expand_number(const char *buf, uint64_t *num)
3972{
3973	char *endptr;
3974	uint64_t number;
3975	unsigned shift;
3976
3977	number = strtoq(buf, &endptr, 0);
3978
3979	switch (tolower((unsigned char)*endptr)) {
3980	case 'e':
3981		shift = 60;
3982		break;
3983	case 'p':
3984		shift = 50;
3985		break;
3986	case 't':
3987		shift = 40;
3988		break;
3989	case 'g':
3990		shift = 30;
3991		break;
3992	case 'm':
3993		shift = 20;
3994		break;
3995	case 'k':
3996		shift = 10;
3997		break;
3998	case 'b':
3999	case '\0': /* No unit. */
4000		*num = number;
4001		return (0);
4002	default:
4003		/* Unrecognized unit. */
4004		return (-1);
4005	}
4006
4007	if ((number << shift) >> shift != number) {
4008		/* Overflow */
4009		return (-1);
4010	}
4011	*num = number << shift;
4012	return (0);
4013}
4014
4015
4016/*
4017 * This routine could be used in the future to load default and/or saved
4018 * mode page parameters for a particuar lun.
4019 */
4020static int
4021ctl_init_page_index(struct ctl_lun *lun)
4022{
4023	int i, page_code;
4024	struct ctl_page_index *page_index;
4025	const char *value;
4026	uint64_t ival;
4027
4028	memcpy(&lun->mode_pages.index, page_index_template,
4029	       sizeof(page_index_template));
4030
4031	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4032
4033		page_index = &lun->mode_pages.index[i];
4034		if (lun->be_lun->lun_type == T_DIRECT &&
4035		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4036			continue;
4037		if (lun->be_lun->lun_type == T_PROCESSOR &&
4038		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4039			continue;
4040		if (lun->be_lun->lun_type == T_CDROM &&
4041		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4042			continue;
4043
4044		page_code = page_index->page_code & SMPH_PC_MASK;
4045		switch (page_code) {
4046		case SMS_RW_ERROR_RECOVERY_PAGE: {
4047			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4048			    ("subpage %#x for page %#x is incorrect!",
4049			    page_index->subpage, page_code));
4050			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4051			       &rw_er_page_default,
4052			       sizeof(rw_er_page_default));
4053			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4054			       &rw_er_page_changeable,
4055			       sizeof(rw_er_page_changeable));
4056			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4057			       &rw_er_page_default,
4058			       sizeof(rw_er_page_default));
4059			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4060			       &rw_er_page_default,
4061			       sizeof(rw_er_page_default));
4062			page_index->page_data =
4063				(uint8_t *)lun->mode_pages.rw_er_page;
4064			break;
4065		}
4066		case SMS_FORMAT_DEVICE_PAGE: {
4067			struct scsi_format_page *format_page;
4068
4069			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4070			    ("subpage %#x for page %#x is incorrect!",
4071			    page_index->subpage, page_code));
4072
4073			/*
4074			 * Sectors per track are set above.  Bytes per
4075			 * sector need to be set here on a per-LUN basis.
4076			 */
4077			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4078			       &format_page_default,
4079			       sizeof(format_page_default));
4080			memcpy(&lun->mode_pages.format_page[
4081			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4082			       sizeof(format_page_changeable));
4083			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4084			       &format_page_default,
4085			       sizeof(format_page_default));
4086			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4087			       &format_page_default,
4088			       sizeof(format_page_default));
4089
4090			format_page = &lun->mode_pages.format_page[
4091				CTL_PAGE_CURRENT];
4092			scsi_ulto2b(lun->be_lun->blocksize,
4093				    format_page->bytes_per_sector);
4094
4095			format_page = &lun->mode_pages.format_page[
4096				CTL_PAGE_DEFAULT];
4097			scsi_ulto2b(lun->be_lun->blocksize,
4098				    format_page->bytes_per_sector);
4099
4100			format_page = &lun->mode_pages.format_page[
4101				CTL_PAGE_SAVED];
4102			scsi_ulto2b(lun->be_lun->blocksize,
4103				    format_page->bytes_per_sector);
4104
4105			page_index->page_data =
4106				(uint8_t *)lun->mode_pages.format_page;
4107			break;
4108		}
4109		case SMS_RIGID_DISK_PAGE: {
4110			struct scsi_rigid_disk_page *rigid_disk_page;
4111			uint32_t sectors_per_cylinder;
4112			uint64_t cylinders;
4113#ifndef	__XSCALE__
4114			int shift;
4115#endif /* !__XSCALE__ */
4116
4117			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4118			    ("subpage %#x for page %#x is incorrect!",
4119			    page_index->subpage, page_code));
4120
4121			/*
4122			 * Rotation rate and sectors per track are set
4123			 * above.  We calculate the cylinders here based on
4124			 * capacity.  Due to the number of heads and
4125			 * sectors per track we're using, smaller arrays
4126			 * may turn out to have 0 cylinders.  Linux and
4127			 * FreeBSD don't pay attention to these mode pages
4128			 * to figure out capacity, but Solaris does.  It
4129			 * seems to deal with 0 cylinders just fine, and
4130			 * works out a fake geometry based on the capacity.
4131			 */
4132			memcpy(&lun->mode_pages.rigid_disk_page[
4133			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4134			       sizeof(rigid_disk_page_default));
4135			memcpy(&lun->mode_pages.rigid_disk_page[
4136			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4137			       sizeof(rigid_disk_page_changeable));
4138
4139			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4140				CTL_DEFAULT_HEADS;
4141
4142			/*
4143			 * The divide method here will be more accurate,
4144			 * probably, but results in floating point being
4145			 * used in the kernel on i386 (__udivdi3()).  On the
4146			 * XScale, though, __udivdi3() is implemented in
4147			 * software.
4148			 *
4149			 * The shift method for cylinder calculation is
4150			 * accurate if sectors_per_cylinder is a power of
4151			 * 2.  Otherwise it might be slightly off -- you
4152			 * might have a bit of a truncation problem.
4153			 */
4154#ifdef	__XSCALE__
4155			cylinders = (lun->be_lun->maxlba + 1) /
4156				sectors_per_cylinder;
4157#else
4158			for (shift = 31; shift > 0; shift--) {
4159				if (sectors_per_cylinder & (1 << shift))
4160					break;
4161			}
4162			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4163#endif
4164
4165			/*
4166			 * We've basically got 3 bytes, or 24 bits for the
4167			 * cylinder size in the mode page.  If we're over,
4168			 * just round down to 2^24.
4169			 */
4170			if (cylinders > 0xffffff)
4171				cylinders = 0xffffff;
4172
4173			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4174				CTL_PAGE_DEFAULT];
4175			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4176
4177			if ((value = ctl_get_opt(&lun->be_lun->options,
4178			    "rpm")) != NULL) {
4179				scsi_ulto2b(strtol(value, NULL, 0),
4180				     rigid_disk_page->rotation_rate);
4181			}
4182
4183			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4184			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4185			       sizeof(rigid_disk_page_default));
4186			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4187			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4188			       sizeof(rigid_disk_page_default));
4189
4190			page_index->page_data =
4191				(uint8_t *)lun->mode_pages.rigid_disk_page;
4192			break;
4193		}
4194		case SMS_VERIFY_ERROR_RECOVERY_PAGE: {
4195			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4196			    ("subpage %#x for page %#x is incorrect!",
4197			    page_index->subpage, page_code));
4198			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CURRENT],
4199			       &verify_er_page_default,
4200			       sizeof(verify_er_page_default));
4201			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CHANGEABLE],
4202			       &verify_er_page_changeable,
4203			       sizeof(verify_er_page_changeable));
4204			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_DEFAULT],
4205			       &verify_er_page_default,
4206			       sizeof(verify_er_page_default));
4207			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_SAVED],
4208			       &verify_er_page_default,
4209			       sizeof(verify_er_page_default));
4210			page_index->page_data =
4211				(uint8_t *)lun->mode_pages.verify_er_page;
4212			break;
4213		}
4214		case SMS_CACHING_PAGE: {
4215			struct scsi_caching_page *caching_page;
4216
4217			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4218			    ("subpage %#x for page %#x is incorrect!",
4219			    page_index->subpage, page_code));
4220			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4221			       &caching_page_default,
4222			       sizeof(caching_page_default));
4223			memcpy(&lun->mode_pages.caching_page[
4224			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4225			       sizeof(caching_page_changeable));
4226			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4227			       &caching_page_default,
4228			       sizeof(caching_page_default));
4229			caching_page = &lun->mode_pages.caching_page[
4230			    CTL_PAGE_SAVED];
4231			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4232			if (value != NULL && strcmp(value, "off") == 0)
4233				caching_page->flags1 &= ~SCP_WCE;
4234			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4235			if (value != NULL && strcmp(value, "off") == 0)
4236				caching_page->flags1 |= SCP_RCD;
4237			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4238			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4239			       sizeof(caching_page_default));
4240			page_index->page_data =
4241				(uint8_t *)lun->mode_pages.caching_page;
4242			break;
4243		}
4244		case SMS_CONTROL_MODE_PAGE: {
4245			switch (page_index->subpage) {
4246			case SMS_SUBPAGE_PAGE_0: {
4247				struct scsi_control_page *control_page;
4248
4249				memcpy(&lun->mode_pages.control_page[
4250				    CTL_PAGE_DEFAULT],
4251				       &control_page_default,
4252				       sizeof(control_page_default));
4253				memcpy(&lun->mode_pages.control_page[
4254				    CTL_PAGE_CHANGEABLE],
4255				       &control_page_changeable,
4256				       sizeof(control_page_changeable));
4257				memcpy(&lun->mode_pages.control_page[
4258				    CTL_PAGE_SAVED],
4259				       &control_page_default,
4260				       sizeof(control_page_default));
4261				control_page = &lun->mode_pages.control_page[
4262				    CTL_PAGE_SAVED];
4263				value = ctl_get_opt(&lun->be_lun->options,
4264				    "reordering");
4265				if (value != NULL &&
4266				    strcmp(value, "unrestricted") == 0) {
4267					control_page->queue_flags &=
4268					    ~SCP_QUEUE_ALG_MASK;
4269					control_page->queue_flags |=
4270					    SCP_QUEUE_ALG_UNRESTRICTED;
4271				}
4272				memcpy(&lun->mode_pages.control_page[
4273				    CTL_PAGE_CURRENT],
4274				       &lun->mode_pages.control_page[
4275				    CTL_PAGE_SAVED],
4276				       sizeof(control_page_default));
4277				page_index->page_data =
4278				    (uint8_t *)lun->mode_pages.control_page;
4279				break;
4280			}
4281			case 0x01:
4282				memcpy(&lun->mode_pages.control_ext_page[
4283				    CTL_PAGE_DEFAULT],
4284				       &control_ext_page_default,
4285				       sizeof(control_ext_page_default));
4286				memcpy(&lun->mode_pages.control_ext_page[
4287				    CTL_PAGE_CHANGEABLE],
4288				       &control_ext_page_changeable,
4289				       sizeof(control_ext_page_changeable));
4290				memcpy(&lun->mode_pages.control_ext_page[
4291				    CTL_PAGE_SAVED],
4292				       &control_ext_page_default,
4293				       sizeof(control_ext_page_default));
4294				memcpy(&lun->mode_pages.control_ext_page[
4295				    CTL_PAGE_CURRENT],
4296				       &lun->mode_pages.control_ext_page[
4297				    CTL_PAGE_SAVED],
4298				       sizeof(control_ext_page_default));
4299				page_index->page_data =
4300				    (uint8_t *)lun->mode_pages.control_ext_page;
4301				break;
4302			default:
4303				panic("subpage %#x for page %#x is incorrect!",
4304				      page_index->subpage, page_code);
4305			}
4306			break;
4307		}
4308		case SMS_INFO_EXCEPTIONS_PAGE: {
4309			switch (page_index->subpage) {
4310			case SMS_SUBPAGE_PAGE_0:
4311				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4312				       &ie_page_default,
4313				       sizeof(ie_page_default));
4314				memcpy(&lun->mode_pages.ie_page[
4315				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4316				       sizeof(ie_page_changeable));
4317				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4318				       &ie_page_default,
4319				       sizeof(ie_page_default));
4320				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4321				       &ie_page_default,
4322				       sizeof(ie_page_default));
4323				page_index->page_data =
4324					(uint8_t *)lun->mode_pages.ie_page;
4325				break;
4326			case 0x02: {
4327				struct ctl_logical_block_provisioning_page *page;
4328
4329				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4330				       &lbp_page_default,
4331				       sizeof(lbp_page_default));
4332				memcpy(&lun->mode_pages.lbp_page[
4333				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4334				       sizeof(lbp_page_changeable));
4335				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4336				       &lbp_page_default,
4337				       sizeof(lbp_page_default));
4338				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4339				value = ctl_get_opt(&lun->be_lun->options,
4340				    "avail-threshold");
4341				if (value != NULL &&
4342				    ctl_expand_number(value, &ival) == 0) {
4343					page->descr[0].flags |= SLBPPD_ENABLED |
4344					    SLBPPD_ARMING_DEC;
4345					if (lun->be_lun->blocksize)
4346						ival /= lun->be_lun->blocksize;
4347					else
4348						ival /= 512;
4349					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4350					    page->descr[0].count);
4351				}
4352				value = ctl_get_opt(&lun->be_lun->options,
4353				    "used-threshold");
4354				if (value != NULL &&
4355				    ctl_expand_number(value, &ival) == 0) {
4356					page->descr[1].flags |= SLBPPD_ENABLED |
4357					    SLBPPD_ARMING_INC;
4358					if (lun->be_lun->blocksize)
4359						ival /= lun->be_lun->blocksize;
4360					else
4361						ival /= 512;
4362					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4363					    page->descr[1].count);
4364				}
4365				value = ctl_get_opt(&lun->be_lun->options,
4366				    "pool-avail-threshold");
4367				if (value != NULL &&
4368				    ctl_expand_number(value, &ival) == 0) {
4369					page->descr[2].flags |= SLBPPD_ENABLED |
4370					    SLBPPD_ARMING_DEC;
4371					if (lun->be_lun->blocksize)
4372						ival /= lun->be_lun->blocksize;
4373					else
4374						ival /= 512;
4375					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4376					    page->descr[2].count);
4377				}
4378				value = ctl_get_opt(&lun->be_lun->options,
4379				    "pool-used-threshold");
4380				if (value != NULL &&
4381				    ctl_expand_number(value, &ival) == 0) {
4382					page->descr[3].flags |= SLBPPD_ENABLED |
4383					    SLBPPD_ARMING_INC;
4384					if (lun->be_lun->blocksize)
4385						ival /= lun->be_lun->blocksize;
4386					else
4387						ival /= 512;
4388					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4389					    page->descr[3].count);
4390				}
4391				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4392				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4393				       sizeof(lbp_page_default));
4394				page_index->page_data =
4395					(uint8_t *)lun->mode_pages.lbp_page;
4396				break;
4397			}
4398			default:
4399				panic("subpage %#x for page %#x is incorrect!",
4400				      page_index->subpage, page_code);
4401			}
4402			break;
4403		}
4404		case SMS_CDDVD_CAPS_PAGE:{
4405			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4406			    ("subpage %#x for page %#x is incorrect!",
4407			    page_index->subpage, page_code));
4408			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_DEFAULT],
4409			       &cddvd_page_default,
4410			       sizeof(cddvd_page_default));
4411			memcpy(&lun->mode_pages.cddvd_page[
4412			       CTL_PAGE_CHANGEABLE], &cddvd_page_changeable,
4413			       sizeof(cddvd_page_changeable));
4414			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4415			       &cddvd_page_default,
4416			       sizeof(cddvd_page_default));
4417			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_CURRENT],
4418			       &lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4419			       sizeof(cddvd_page_default));
4420			page_index->page_data =
4421				(uint8_t *)lun->mode_pages.cddvd_page;
4422			break;
4423		}
4424		default:
4425			panic("invalid page code value %#x", page_code);
4426		}
4427	}
4428
4429	return (CTL_RETVAL_COMPLETE);
4430}
4431
4432static int
4433ctl_init_log_page_index(struct ctl_lun *lun)
4434{
4435	struct ctl_page_index *page_index;
4436	int i, j, k, prev;
4437
4438	memcpy(&lun->log_pages.index, log_page_index_template,
4439	       sizeof(log_page_index_template));
4440
4441	prev = -1;
4442	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4443
4444		page_index = &lun->log_pages.index[i];
4445		if (lun->be_lun->lun_type == T_DIRECT &&
4446		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4447			continue;
4448		if (lun->be_lun->lun_type == T_PROCESSOR &&
4449		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4450			continue;
4451		if (lun->be_lun->lun_type == T_CDROM &&
4452		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4453			continue;
4454
4455		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4456		    lun->backend->lun_attr == NULL)
4457			continue;
4458
4459		if (page_index->page_code != prev) {
4460			lun->log_pages.pages_page[j] = page_index->page_code;
4461			prev = page_index->page_code;
4462			j++;
4463		}
4464		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4465		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4466		k++;
4467	}
4468	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4469	lun->log_pages.index[0].page_len = j;
4470	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4471	lun->log_pages.index[1].page_len = k * 2;
4472	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4473	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4474	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4475	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4476	lun->log_pages.index[4].page_data = (uint8_t *)&lun->log_pages.ie_page;
4477	lun->log_pages.index[4].page_len = sizeof(lun->log_pages.ie_page);
4478
4479	return (CTL_RETVAL_COMPLETE);
4480}
4481
4482static int
4483hex2bin(const char *str, uint8_t *buf, int buf_size)
4484{
4485	int i;
4486	u_char c;
4487
4488	memset(buf, 0, buf_size);
4489	while (isspace(str[0]))
4490		str++;
4491	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4492		str += 2;
4493	buf_size *= 2;
4494	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4495		while (str[i] == '-')	/* Skip dashes in UUIDs. */
4496			str++;
4497		c = str[i];
4498		if (isdigit(c))
4499			c -= '0';
4500		else if (isalpha(c))
4501			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4502		else
4503			break;
4504		if (c >= 16)
4505			break;
4506		if ((i & 1) == 0)
4507			buf[i / 2] |= (c << 4);
4508		else
4509			buf[i / 2] |= c;
4510	}
4511	return ((i + 1) / 2);
4512}
4513
4514/*
4515 * LUN allocation.
4516 *
4517 * Requirements:
4518 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4519 *   wants us to allocate the LUN and he can block.
4520 * - ctl_softc is always set
4521 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4522 *
4523 * Returns 0 for success, non-zero (errno) for failure.
4524 */
4525static int
4526ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4527	      struct ctl_be_lun *const be_lun)
4528{
4529	struct ctl_lun *nlun, *lun;
4530	struct scsi_vpd_id_descriptor *desc;
4531	struct scsi_vpd_id_t10 *t10id;
4532	const char *eui, *naa, *scsiname, *uuid, *vendor, *value;
4533	int lun_number, lun_malloced;
4534	int devidlen, idlen1, idlen2 = 0, len;
4535
4536	if (be_lun == NULL)
4537		return (EINVAL);
4538
4539	/*
4540	 * We currently only support Direct Access or Processor LUN types.
4541	 */
4542	switch (be_lun->lun_type) {
4543	case T_DIRECT:
4544	case T_PROCESSOR:
4545	case T_CDROM:
4546		break;
4547	case T_SEQUENTIAL:
4548	case T_CHANGER:
4549	default:
4550		be_lun->lun_config_status(be_lun->be_lun,
4551					  CTL_LUN_CONFIG_FAILURE);
4552		break;
4553	}
4554	if (ctl_lun == NULL) {
4555		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4556		lun_malloced = 1;
4557	} else {
4558		lun_malloced = 0;
4559		lun = ctl_lun;
4560	}
4561
4562	memset(lun, 0, sizeof(*lun));
4563	if (lun_malloced)
4564		lun->flags = CTL_LUN_MALLOCED;
4565
4566	lun->pending_sense = malloc(sizeof(struct scsi_sense_data *) *
4567	    ctl_max_ports, M_DEVBUF, M_WAITOK | M_ZERO);
4568	lun->pending_ua = malloc(sizeof(ctl_ua_type *) * ctl_max_ports,
4569	    M_DEVBUF, M_WAITOK | M_ZERO);
4570	lun->pr_keys = malloc(sizeof(uint64_t *) * ctl_max_ports,
4571	    M_DEVBUF, M_WAITOK | M_ZERO);
4572
4573	/* Generate LUN ID. */
4574	devidlen = max(CTL_DEVID_MIN_LEN,
4575	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4576	idlen1 = sizeof(*t10id) + devidlen;
4577	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4578	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4579	if (scsiname != NULL) {
4580		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4581		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4582	}
4583	eui = ctl_get_opt(&be_lun->options, "eui");
4584	if (eui != NULL) {
4585		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4586	}
4587	naa = ctl_get_opt(&be_lun->options, "naa");
4588	if (naa != NULL) {
4589		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4590	}
4591	uuid = ctl_get_opt(&be_lun->options, "uuid");
4592	if (uuid != NULL) {
4593		len += sizeof(struct scsi_vpd_id_descriptor) + 18;
4594	}
4595	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4596	    M_CTL, M_WAITOK | M_ZERO);
4597	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4598	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4599	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4600	desc->length = idlen1;
4601	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4602	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4603	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4604		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4605	} else {
4606		strncpy(t10id->vendor, vendor,
4607		    min(sizeof(t10id->vendor), strlen(vendor)));
4608	}
4609	strncpy((char *)t10id->vendor_spec_id,
4610	    (char *)be_lun->device_id, devidlen);
4611	if (scsiname != NULL) {
4612		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4613		    desc->length);
4614		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4615		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4616		    SVPD_ID_TYPE_SCSI_NAME;
4617		desc->length = idlen2;
4618		strlcpy(desc->identifier, scsiname, idlen2);
4619	}
4620	if (eui != NULL) {
4621		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4622		    desc->length);
4623		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4624		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4625		    SVPD_ID_TYPE_EUI64;
4626		desc->length = hex2bin(eui, desc->identifier, 16);
4627		desc->length = desc->length > 12 ? 16 :
4628		    (desc->length > 8 ? 12 : 8);
4629		len -= 16 - desc->length;
4630	}
4631	if (naa != NULL) {
4632		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4633		    desc->length);
4634		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4635		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4636		    SVPD_ID_TYPE_NAA;
4637		desc->length = hex2bin(naa, desc->identifier, 16);
4638		desc->length = desc->length > 8 ? 16 : 8;
4639		len -= 16 - desc->length;
4640	}
4641	if (uuid != NULL) {
4642		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4643		    desc->length);
4644		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4645		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4646		    SVPD_ID_TYPE_UUID;
4647		desc->identifier[0] = 0x10;
4648		hex2bin(uuid, &desc->identifier[2], 16);
4649		desc->length = 18;
4650	}
4651	lun->lun_devid->len = len;
4652
4653	mtx_lock(&ctl_softc->ctl_lock);
4654	/*
4655	 * See if the caller requested a particular LUN number.  If so, see
4656	 * if it is available.  Otherwise, allocate the first available LUN.
4657	 */
4658	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4659		if ((be_lun->req_lun_id > (ctl_max_luns - 1))
4660		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4661			mtx_unlock(&ctl_softc->ctl_lock);
4662			if (be_lun->req_lun_id > (ctl_max_luns - 1)) {
4663				printf("ctl: requested LUN ID %d is higher "
4664				       "than ctl_max_luns - 1 (%d)\n",
4665				       be_lun->req_lun_id, ctl_max_luns - 1);
4666			} else {
4667				/*
4668				 * XXX KDM return an error, or just assign
4669				 * another LUN ID in this case??
4670				 */
4671				printf("ctl: requested LUN ID %d is already "
4672				       "in use\n", be_lun->req_lun_id);
4673			}
4674fail:
4675			free(lun->lun_devid, M_CTL);
4676			if (lun->flags & CTL_LUN_MALLOCED)
4677				free(lun, M_CTL);
4678			be_lun->lun_config_status(be_lun->be_lun,
4679						  CTL_LUN_CONFIG_FAILURE);
4680			return (ENOSPC);
4681		}
4682		lun_number = be_lun->req_lun_id;
4683	} else {
4684		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, ctl_max_luns);
4685		if (lun_number == -1) {
4686			mtx_unlock(&ctl_softc->ctl_lock);
4687			printf("ctl: can't allocate LUN, out of LUNs\n");
4688			goto fail;
4689		}
4690	}
4691	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4692	mtx_unlock(&ctl_softc->ctl_lock);
4693
4694	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4695	lun->lun = lun_number;
4696	lun->be_lun = be_lun;
4697	/*
4698	 * The processor LUN is always enabled.  Disk LUNs come on line
4699	 * disabled, and must be enabled by the backend.
4700	 */
4701	lun->flags |= CTL_LUN_DISABLED;
4702	lun->backend = be_lun->be;
4703	be_lun->ctl_lun = lun;
4704	be_lun->lun_id = lun_number;
4705	atomic_add_int(&be_lun->be->num_luns, 1);
4706	if (be_lun->flags & CTL_LUN_FLAG_EJECTED)
4707		lun->flags |= CTL_LUN_EJECTED;
4708	if (be_lun->flags & CTL_LUN_FLAG_NO_MEDIA)
4709		lun->flags |= CTL_LUN_NO_MEDIA;
4710	if (be_lun->flags & CTL_LUN_FLAG_STOPPED)
4711		lun->flags |= CTL_LUN_STOPPED;
4712
4713	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4714		lun->flags |= CTL_LUN_PRIMARY_SC;
4715
4716	value = ctl_get_opt(&be_lun->options, "removable");
4717	if (value != NULL) {
4718		if (strcmp(value, "on") == 0)
4719			lun->flags |= CTL_LUN_REMOVABLE;
4720	} else if (be_lun->lun_type == T_CDROM)
4721		lun->flags |= CTL_LUN_REMOVABLE;
4722
4723	lun->ctl_softc = ctl_softc;
4724#ifdef CTL_TIME_IO
4725	lun->last_busy = getsbinuptime();
4726#endif
4727	TAILQ_INIT(&lun->ooa_queue);
4728	STAILQ_INIT(&lun->error_list);
4729	lun->ie_reported = 1;
4730	callout_init_mtx(&lun->ie_callout, &lun->lun_lock, 0);
4731	ctl_tpc_lun_init(lun);
4732	if (lun->flags & CTL_LUN_REMOVABLE) {
4733		lun->prevent = malloc((CTL_MAX_INITIATORS + 31) / 32 * 4,
4734		    M_CTL, M_WAITOK);
4735	}
4736
4737	/*
4738	 * Initialize the mode and log page index.
4739	 */
4740	ctl_init_page_index(lun);
4741	ctl_init_log_page_index(lun);
4742
4743	/* Setup statistics gathering */
4744#ifdef CTL_LEGACY_STATS
4745	lun->legacy_stats.device_type = be_lun->lun_type;
4746	lun->legacy_stats.lun_number = lun_number;
4747	lun->legacy_stats.blocksize = be_lun->blocksize;
4748	if (be_lun->blocksize == 0)
4749		lun->legacy_stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4750	lun->legacy_stats.ports = malloc(sizeof(struct ctl_lun_io_port_stats) *
4751	    ctl_max_ports, M_DEVBUF, M_WAITOK | M_ZERO);
4752	for (len = 0; len < ctl_max_ports; len++)
4753		lun->legacy_stats.ports[len].targ_port = len;
4754#endif /* CTL_LEGACY_STATS */
4755	lun->stats.item = lun_number;
4756
4757	/*
4758	 * Now, before we insert this lun on the lun list, set the lun
4759	 * inventory changed UA for all other luns.
4760	 */
4761	mtx_lock(&ctl_softc->ctl_lock);
4762	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4763		mtx_lock(&nlun->lun_lock);
4764		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4765		mtx_unlock(&nlun->lun_lock);
4766	}
4767	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4768	ctl_softc->ctl_luns[lun_number] = lun;
4769	ctl_softc->num_luns++;
4770	mtx_unlock(&ctl_softc->ctl_lock);
4771
4772	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4773	return (0);
4774}
4775
4776/*
4777 * Delete a LUN.
4778 * Assumptions:
4779 * - LUN has already been marked invalid and any pending I/O has been taken
4780 *   care of.
4781 */
4782static int
4783ctl_free_lun(struct ctl_lun *lun)
4784{
4785	struct ctl_softc *softc = lun->ctl_softc;
4786	struct ctl_lun *nlun;
4787	int i;
4788
4789	KASSERT(TAILQ_EMPTY(&lun->ooa_queue),
4790	    ("Freeing a LUN %p with outstanding I/O!\n", lun));
4791
4792	mtx_lock(&softc->ctl_lock);
4793	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4794	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4795	softc->ctl_luns[lun->lun] = NULL;
4796	softc->num_luns--;
4797	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4798		mtx_lock(&nlun->lun_lock);
4799		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4800		mtx_unlock(&nlun->lun_lock);
4801	}
4802	mtx_unlock(&softc->ctl_lock);
4803
4804	/*
4805	 * Tell the backend to free resources, if this LUN has a backend.
4806	 */
4807	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4808	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4809
4810	lun->ie_reportcnt = UINT32_MAX;
4811	callout_drain(&lun->ie_callout);
4812	ctl_tpc_lun_shutdown(lun);
4813	mtx_destroy(&lun->lun_lock);
4814	free(lun->lun_devid, M_CTL);
4815	for (i = 0; i < ctl_max_ports; i++)
4816		free(lun->pending_ua[i], M_CTL);
4817	free(lun->pending_ua, M_DEVBUF);
4818	for (i = 0; i < ctl_max_ports; i++)
4819		free(lun->pr_keys[i], M_CTL);
4820	free(lun->pr_keys, M_DEVBUF);
4821	free(lun->write_buffer, M_CTL);
4822	free(lun->prevent, M_CTL);
4823	if (lun->flags & CTL_LUN_MALLOCED)
4824		free(lun, M_CTL);
4825
4826	return (0);
4827}
4828
4829static void
4830ctl_create_lun(struct ctl_be_lun *be_lun)
4831{
4832
4833	/*
4834	 * ctl_alloc_lun() should handle all potential failure cases.
4835	 */
4836	ctl_alloc_lun(control_softc, NULL, be_lun);
4837}
4838
4839int
4840ctl_add_lun(struct ctl_be_lun *be_lun)
4841{
4842	struct ctl_softc *softc = control_softc;
4843
4844	mtx_lock(&softc->ctl_lock);
4845	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4846	mtx_unlock(&softc->ctl_lock);
4847	wakeup(&softc->pending_lun_queue);
4848
4849	return (0);
4850}
4851
4852int
4853ctl_enable_lun(struct ctl_be_lun *be_lun)
4854{
4855	struct ctl_softc *softc;
4856	struct ctl_port *port, *nport;
4857	struct ctl_lun *lun;
4858	int retval;
4859
4860	lun = (struct ctl_lun *)be_lun->ctl_lun;
4861	softc = lun->ctl_softc;
4862
4863	mtx_lock(&softc->ctl_lock);
4864	mtx_lock(&lun->lun_lock);
4865	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4866		/*
4867		 * eh?  Why did we get called if the LUN is already
4868		 * enabled?
4869		 */
4870		mtx_unlock(&lun->lun_lock);
4871		mtx_unlock(&softc->ctl_lock);
4872		return (0);
4873	}
4874	lun->flags &= ~CTL_LUN_DISABLED;
4875	mtx_unlock(&lun->lun_lock);
4876
4877	STAILQ_FOREACH_SAFE(port, &softc->port_list, links, nport) {
4878		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4879		    port->lun_map != NULL || port->lun_enable == NULL)
4880			continue;
4881
4882		/*
4883		 * Drop the lock while we call the FETD's enable routine.
4884		 * This can lead to a callback into CTL (at least in the
4885		 * case of the internal initiator frontend.
4886		 */
4887		mtx_unlock(&softc->ctl_lock);
4888		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4889		mtx_lock(&softc->ctl_lock);
4890		if (retval != 0) {
4891			printf("%s: FETD %s port %d returned error "
4892			       "%d for lun_enable on lun %jd\n",
4893			       __func__, port->port_name, port->targ_port,
4894			       retval, (intmax_t)lun->lun);
4895		}
4896	}
4897
4898	mtx_unlock(&softc->ctl_lock);
4899	ctl_isc_announce_lun(lun);
4900
4901	return (0);
4902}
4903
4904int
4905ctl_disable_lun(struct ctl_be_lun *be_lun)
4906{
4907	struct ctl_softc *softc;
4908	struct ctl_port *port;
4909	struct ctl_lun *lun;
4910	int retval;
4911
4912	lun = (struct ctl_lun *)be_lun->ctl_lun;
4913	softc = lun->ctl_softc;
4914
4915	mtx_lock(&softc->ctl_lock);
4916	mtx_lock(&lun->lun_lock);
4917	if (lun->flags & CTL_LUN_DISABLED) {
4918		mtx_unlock(&lun->lun_lock);
4919		mtx_unlock(&softc->ctl_lock);
4920		return (0);
4921	}
4922	lun->flags |= CTL_LUN_DISABLED;
4923	mtx_unlock(&lun->lun_lock);
4924
4925	STAILQ_FOREACH(port, &softc->port_list, links) {
4926		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4927		    port->lun_map != NULL || port->lun_disable == NULL)
4928			continue;
4929
4930		/*
4931		 * Drop the lock before we call the frontend's disable
4932		 * routine, to avoid lock order reversals.
4933		 *
4934		 * XXX KDM what happens if the frontend list changes while
4935		 * we're traversing it?  It's unlikely, but should be handled.
4936		 */
4937		mtx_unlock(&softc->ctl_lock);
4938		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4939		mtx_lock(&softc->ctl_lock);
4940		if (retval != 0) {
4941			printf("%s: FETD %s port %d returned error "
4942			       "%d for lun_disable on lun %jd\n",
4943			       __func__, port->port_name, port->targ_port,
4944			       retval, (intmax_t)lun->lun);
4945		}
4946	}
4947
4948	mtx_unlock(&softc->ctl_lock);
4949	ctl_isc_announce_lun(lun);
4950
4951	return (0);
4952}
4953
4954int
4955ctl_start_lun(struct ctl_be_lun *be_lun)
4956{
4957	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4958
4959	mtx_lock(&lun->lun_lock);
4960	lun->flags &= ~CTL_LUN_STOPPED;
4961	mtx_unlock(&lun->lun_lock);
4962	return (0);
4963}
4964
4965int
4966ctl_stop_lun(struct ctl_be_lun *be_lun)
4967{
4968	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4969
4970	mtx_lock(&lun->lun_lock);
4971	lun->flags |= CTL_LUN_STOPPED;
4972	mtx_unlock(&lun->lun_lock);
4973	return (0);
4974}
4975
4976int
4977ctl_lun_no_media(struct ctl_be_lun *be_lun)
4978{
4979	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4980
4981	mtx_lock(&lun->lun_lock);
4982	lun->flags |= CTL_LUN_NO_MEDIA;
4983	mtx_unlock(&lun->lun_lock);
4984	return (0);
4985}
4986
4987int
4988ctl_lun_has_media(struct ctl_be_lun *be_lun)
4989{
4990	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4991	union ctl_ha_msg msg;
4992
4993	mtx_lock(&lun->lun_lock);
4994	lun->flags &= ~(CTL_LUN_NO_MEDIA | CTL_LUN_EJECTED);
4995	if (lun->flags & CTL_LUN_REMOVABLE)
4996		ctl_est_ua_all(lun, -1, CTL_UA_MEDIUM_CHANGE);
4997	mtx_unlock(&lun->lun_lock);
4998	if ((lun->flags & CTL_LUN_REMOVABLE) &&
4999	    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
5000		bzero(&msg.ua, sizeof(msg.ua));
5001		msg.hdr.msg_type = CTL_MSG_UA;
5002		msg.hdr.nexus.initid = -1;
5003		msg.hdr.nexus.targ_port = -1;
5004		msg.hdr.nexus.targ_lun = lun->lun;
5005		msg.hdr.nexus.targ_mapped_lun = lun->lun;
5006		msg.ua.ua_all = 1;
5007		msg.ua.ua_set = 1;
5008		msg.ua.ua_type = CTL_UA_MEDIUM_CHANGE;
5009		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
5010		    M_WAITOK);
5011	}
5012	return (0);
5013}
5014
5015int
5016ctl_lun_ejected(struct ctl_be_lun *be_lun)
5017{
5018	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5019
5020	mtx_lock(&lun->lun_lock);
5021	lun->flags |= CTL_LUN_EJECTED;
5022	mtx_unlock(&lun->lun_lock);
5023	return (0);
5024}
5025
5026int
5027ctl_lun_primary(struct ctl_be_lun *be_lun)
5028{
5029	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5030
5031	mtx_lock(&lun->lun_lock);
5032	lun->flags |= CTL_LUN_PRIMARY_SC;
5033	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
5034	mtx_unlock(&lun->lun_lock);
5035	ctl_isc_announce_lun(lun);
5036	return (0);
5037}
5038
5039int
5040ctl_lun_secondary(struct ctl_be_lun *be_lun)
5041{
5042	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5043
5044	mtx_lock(&lun->lun_lock);
5045	lun->flags &= ~CTL_LUN_PRIMARY_SC;
5046	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
5047	mtx_unlock(&lun->lun_lock);
5048	ctl_isc_announce_lun(lun);
5049	return (0);
5050}
5051
5052int
5053ctl_invalidate_lun(struct ctl_be_lun *be_lun)
5054{
5055	struct ctl_softc *softc;
5056	struct ctl_lun *lun;
5057
5058	lun = (struct ctl_lun *)be_lun->ctl_lun;
5059	softc = lun->ctl_softc;
5060
5061	mtx_lock(&lun->lun_lock);
5062
5063	/*
5064	 * The LUN needs to be disabled before it can be marked invalid.
5065	 */
5066	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
5067		mtx_unlock(&lun->lun_lock);
5068		return (-1);
5069	}
5070	/*
5071	 * Mark the LUN invalid.
5072	 */
5073	lun->flags |= CTL_LUN_INVALID;
5074
5075	/*
5076	 * If there is nothing in the OOA queue, go ahead and free the LUN.
5077	 * If we have something in the OOA queue, we'll free it when the
5078	 * last I/O completes.
5079	 */
5080	if (TAILQ_EMPTY(&lun->ooa_queue)) {
5081		mtx_unlock(&lun->lun_lock);
5082		ctl_free_lun(lun);
5083	} else
5084		mtx_unlock(&lun->lun_lock);
5085
5086	return (0);
5087}
5088
5089void
5090ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5091{
5092	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5093	union ctl_ha_msg msg;
5094
5095	mtx_lock(&lun->lun_lock);
5096	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGE);
5097	mtx_unlock(&lun->lun_lock);
5098	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
5099		/* Send msg to other side. */
5100		bzero(&msg.ua, sizeof(msg.ua));
5101		msg.hdr.msg_type = CTL_MSG_UA;
5102		msg.hdr.nexus.initid = -1;
5103		msg.hdr.nexus.targ_port = -1;
5104		msg.hdr.nexus.targ_lun = lun->lun;
5105		msg.hdr.nexus.targ_mapped_lun = lun->lun;
5106		msg.ua.ua_all = 1;
5107		msg.ua.ua_set = 1;
5108		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGE;
5109		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
5110		    M_WAITOK);
5111	}
5112}
5113
5114/*
5115 * Backend "memory move is complete" callback for requests that never
5116 * make it down to say RAIDCore's configuration code.
5117 */
5118int
5119ctl_config_move_done(union ctl_io *io)
5120{
5121	int retval;
5122
5123	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5124	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
5125	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
5126
5127	if ((io->io_hdr.port_status != 0) &&
5128	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5129	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5130		ctl_set_internal_failure(&io->scsiio, /*sks_valid*/ 1,
5131		    /*retry_count*/ io->io_hdr.port_status);
5132	} else if (io->scsiio.kern_data_resid != 0 &&
5133	    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT &&
5134	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5135	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5136		ctl_set_invalid_field_ciu(&io->scsiio);
5137	}
5138
5139	if (ctl_debug & CTL_DEBUG_CDB_DATA)
5140		ctl_data_print(io);
5141	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
5142	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5143	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
5144	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5145		/*
5146		 * XXX KDM just assuming a single pointer here, and not a
5147		 * S/G list.  If we start using S/G lists for config data,
5148		 * we'll need to know how to clean them up here as well.
5149		 */
5150		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5151			free(io->scsiio.kern_data_ptr, M_CTL);
5152		ctl_done(io);
5153		retval = CTL_RETVAL_COMPLETE;
5154	} else {
5155		/*
5156		 * XXX KDM now we need to continue data movement.  Some
5157		 * options:
5158		 * - call ctl_scsiio() again?  We don't do this for data
5159		 *   writes, because for those at least we know ahead of
5160		 *   time where the write will go and how long it is.  For
5161		 *   config writes, though, that information is largely
5162		 *   contained within the write itself, thus we need to
5163		 *   parse out the data again.
5164		 *
5165		 * - Call some other function once the data is in?
5166		 */
5167
5168		/*
5169		 * XXX KDM call ctl_scsiio() again for now, and check flag
5170		 * bits to see whether we're allocated or not.
5171		 */
5172		retval = ctl_scsiio(&io->scsiio);
5173	}
5174	return (retval);
5175}
5176
5177/*
5178 * This gets called by a backend driver when it is done with a
5179 * data_submit method.
5180 */
5181void
5182ctl_data_submit_done(union ctl_io *io)
5183{
5184	/*
5185	 * If the IO_CONT flag is set, we need to call the supplied
5186	 * function to continue processing the I/O, instead of completing
5187	 * the I/O just yet.
5188	 *
5189	 * If there is an error, though, we don't want to keep processing.
5190	 * Instead, just send status back to the initiator.
5191	 */
5192	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5193	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5194	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5195	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5196		io->scsiio.io_cont(io);
5197		return;
5198	}
5199	ctl_done(io);
5200}
5201
5202/*
5203 * This gets called by a backend driver when it is done with a
5204 * configuration write.
5205 */
5206void
5207ctl_config_write_done(union ctl_io *io)
5208{
5209	uint8_t *buf;
5210
5211	/*
5212	 * If the IO_CONT flag is set, we need to call the supplied
5213	 * function to continue processing the I/O, instead of completing
5214	 * the I/O just yet.
5215	 *
5216	 * If there is an error, though, we don't want to keep processing.
5217	 * Instead, just send status back to the initiator.
5218	 */
5219	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5220	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5221	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5222	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5223		io->scsiio.io_cont(io);
5224		return;
5225	}
5226	/*
5227	 * Since a configuration write can be done for commands that actually
5228	 * have data allocated, like write buffer, and commands that have
5229	 * no data, like start/stop unit, we need to check here.
5230	 */
5231	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5232		buf = io->scsiio.kern_data_ptr;
5233	else
5234		buf = NULL;
5235	ctl_done(io);
5236	if (buf)
5237		free(buf, M_CTL);
5238}
5239
5240void
5241ctl_config_read_done(union ctl_io *io)
5242{
5243	uint8_t *buf;
5244
5245	/*
5246	 * If there is some error -- we are done, skip data transfer.
5247	 */
5248	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5249	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5250	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5251		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5252			buf = io->scsiio.kern_data_ptr;
5253		else
5254			buf = NULL;
5255		ctl_done(io);
5256		if (buf)
5257			free(buf, M_CTL);
5258		return;
5259	}
5260
5261	/*
5262	 * If the IO_CONT flag is set, we need to call the supplied
5263	 * function to continue processing the I/O, instead of completing
5264	 * the I/O just yet.
5265	 */
5266	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5267		io->scsiio.io_cont(io);
5268		return;
5269	}
5270
5271	ctl_datamove(io);
5272}
5273
5274/*
5275 * SCSI release command.
5276 */
5277int
5278ctl_scsi_release(struct ctl_scsiio *ctsio)
5279{
5280	struct ctl_lun *lun = CTL_LUN(ctsio);
5281	uint32_t residx;
5282
5283	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5284
5285	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5286
5287	/*
5288	 * XXX KDM right now, we only support LUN reservation.  We don't
5289	 * support 3rd party reservations, or extent reservations, which
5290	 * might actually need the parameter list.  If we've gotten this
5291	 * far, we've got a LUN reservation.  Anything else got kicked out
5292	 * above.  So, according to SPC, ignore the length.
5293	 */
5294
5295	mtx_lock(&lun->lun_lock);
5296
5297	/*
5298	 * According to SPC, it is not an error for an intiator to attempt
5299	 * to release a reservation on a LUN that isn't reserved, or that
5300	 * is reserved by another initiator.  The reservation can only be
5301	 * released, though, by the initiator who made it or by one of
5302	 * several reset type events.
5303	 */
5304	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5305			lun->flags &= ~CTL_LUN_RESERVED;
5306
5307	mtx_unlock(&lun->lun_lock);
5308
5309	ctl_set_success(ctsio);
5310	ctl_done((union ctl_io *)ctsio);
5311	return (CTL_RETVAL_COMPLETE);
5312}
5313
5314int
5315ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5316{
5317	struct ctl_lun *lun = CTL_LUN(ctsio);
5318	uint32_t residx;
5319
5320	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5321
5322	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5323
5324	/*
5325	 * XXX KDM right now, we only support LUN reservation.  We don't
5326	 * support 3rd party reservations, or extent reservations, which
5327	 * might actually need the parameter list.  If we've gotten this
5328	 * far, we've got a LUN reservation.  Anything else got kicked out
5329	 * above.  So, according to SPC, ignore the length.
5330	 */
5331
5332	mtx_lock(&lun->lun_lock);
5333	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5334		ctl_set_reservation_conflict(ctsio);
5335		goto bailout;
5336	}
5337
5338	/* SPC-3 exceptions to SPC-2 RESERVE and RELEASE behavior. */
5339	if (lun->flags & CTL_LUN_PR_RESERVED) {
5340		ctl_set_success(ctsio);
5341		goto bailout;
5342	}
5343
5344	lun->flags |= CTL_LUN_RESERVED;
5345	lun->res_idx = residx;
5346	ctl_set_success(ctsio);
5347
5348bailout:
5349	mtx_unlock(&lun->lun_lock);
5350	ctl_done((union ctl_io *)ctsio);
5351	return (CTL_RETVAL_COMPLETE);
5352}
5353
5354int
5355ctl_start_stop(struct ctl_scsiio *ctsio)
5356{
5357	struct ctl_lun *lun = CTL_LUN(ctsio);
5358	struct scsi_start_stop_unit *cdb;
5359	int retval;
5360
5361	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5362
5363	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5364
5365	if ((cdb->how & SSS_PC_MASK) == 0) {
5366		if ((lun->flags & CTL_LUN_PR_RESERVED) &&
5367		    (cdb->how & SSS_START) == 0) {
5368			uint32_t residx;
5369
5370			residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5371			if (ctl_get_prkey(lun, residx) == 0 ||
5372			    (lun->pr_res_idx != residx && lun->pr_res_type < 4)) {
5373
5374				ctl_set_reservation_conflict(ctsio);
5375				ctl_done((union ctl_io *)ctsio);
5376				return (CTL_RETVAL_COMPLETE);
5377			}
5378		}
5379
5380		if ((cdb->how & SSS_LOEJ) &&
5381		    (lun->flags & CTL_LUN_REMOVABLE) == 0) {
5382			ctl_set_invalid_field(ctsio,
5383					      /*sks_valid*/ 1,
5384					      /*command*/ 1,
5385					      /*field*/ 4,
5386					      /*bit_valid*/ 1,
5387					      /*bit*/ 1);
5388			ctl_done((union ctl_io *)ctsio);
5389			return (CTL_RETVAL_COMPLETE);
5390		}
5391
5392		if ((cdb->how & SSS_START) == 0 && (cdb->how & SSS_LOEJ) &&
5393		    lun->prevent_count > 0) {
5394			/* "Medium removal prevented" */
5395			ctl_set_sense(ctsio, /*current_error*/ 1,
5396			    /*sense_key*/(lun->flags & CTL_LUN_NO_MEDIA) ?
5397			     SSD_KEY_NOT_READY : SSD_KEY_ILLEGAL_REQUEST,
5398			    /*asc*/ 0x53, /*ascq*/ 0x02, SSD_ELEM_NONE);
5399			ctl_done((union ctl_io *)ctsio);
5400			return (CTL_RETVAL_COMPLETE);
5401		}
5402	}
5403
5404	retval = lun->backend->config_write((union ctl_io *)ctsio);
5405	return (retval);
5406}
5407
5408int
5409ctl_prevent_allow(struct ctl_scsiio *ctsio)
5410{
5411	struct ctl_lun *lun = CTL_LUN(ctsio);
5412	struct scsi_prevent *cdb;
5413	int retval;
5414	uint32_t initidx;
5415
5416	CTL_DEBUG_PRINT(("ctl_prevent_allow\n"));
5417
5418	cdb = (struct scsi_prevent *)ctsio->cdb;
5419
5420	if ((lun->flags & CTL_LUN_REMOVABLE) == 0 || lun->prevent == NULL) {
5421		ctl_set_invalid_opcode(ctsio);
5422		ctl_done((union ctl_io *)ctsio);
5423		return (CTL_RETVAL_COMPLETE);
5424	}
5425
5426	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5427	mtx_lock(&lun->lun_lock);
5428	if ((cdb->how & PR_PREVENT) &&
5429	    ctl_is_set(lun->prevent, initidx) == 0) {
5430		ctl_set_mask(lun->prevent, initidx);
5431		lun->prevent_count++;
5432	} else if ((cdb->how & PR_PREVENT) == 0 &&
5433	    ctl_is_set(lun->prevent, initidx)) {
5434		ctl_clear_mask(lun->prevent, initidx);
5435		lun->prevent_count--;
5436	}
5437	mtx_unlock(&lun->lun_lock);
5438	retval = lun->backend->config_write((union ctl_io *)ctsio);
5439	return (retval);
5440}
5441
5442/*
5443 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5444 * we don't really do anything with the LBA and length fields if the user
5445 * passes them in.  Instead we'll just flush out the cache for the entire
5446 * LUN.
5447 */
5448int
5449ctl_sync_cache(struct ctl_scsiio *ctsio)
5450{
5451	struct ctl_lun *lun = CTL_LUN(ctsio);
5452	struct ctl_lba_len_flags *lbalen;
5453	uint64_t starting_lba;
5454	uint32_t block_count;
5455	int retval;
5456	uint8_t byte2;
5457
5458	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5459
5460	retval = 0;
5461
5462	switch (ctsio->cdb[0]) {
5463	case SYNCHRONIZE_CACHE: {
5464		struct scsi_sync_cache *cdb;
5465		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5466
5467		starting_lba = scsi_4btoul(cdb->begin_lba);
5468		block_count = scsi_2btoul(cdb->lb_count);
5469		byte2 = cdb->byte2;
5470		break;
5471	}
5472	case SYNCHRONIZE_CACHE_16: {
5473		struct scsi_sync_cache_16 *cdb;
5474		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5475
5476		starting_lba = scsi_8btou64(cdb->begin_lba);
5477		block_count = scsi_4btoul(cdb->lb_count);
5478		byte2 = cdb->byte2;
5479		break;
5480	}
5481	default:
5482		ctl_set_invalid_opcode(ctsio);
5483		ctl_done((union ctl_io *)ctsio);
5484		goto bailout;
5485		break; /* NOTREACHED */
5486	}
5487
5488	/*
5489	 * We check the LBA and length, but don't do anything with them.
5490	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5491	 * get flushed.  This check will just help satisfy anyone who wants
5492	 * to see an error for an out of range LBA.
5493	 */
5494	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5495		ctl_set_lba_out_of_range(ctsio,
5496		    MAX(starting_lba, lun->be_lun->maxlba + 1));
5497		ctl_done((union ctl_io *)ctsio);
5498		goto bailout;
5499	}
5500
5501	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5502	lbalen->lba = starting_lba;
5503	lbalen->len = block_count;
5504	lbalen->flags = byte2;
5505	retval = lun->backend->config_write((union ctl_io *)ctsio);
5506
5507bailout:
5508	return (retval);
5509}
5510
5511int
5512ctl_format(struct ctl_scsiio *ctsio)
5513{
5514	struct scsi_format *cdb;
5515	int length, defect_list_len;
5516
5517	CTL_DEBUG_PRINT(("ctl_format\n"));
5518
5519	cdb = (struct scsi_format *)ctsio->cdb;
5520
5521	length = 0;
5522	if (cdb->byte2 & SF_FMTDATA) {
5523		if (cdb->byte2 & SF_LONGLIST)
5524			length = sizeof(struct scsi_format_header_long);
5525		else
5526			length = sizeof(struct scsi_format_header_short);
5527	}
5528
5529	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5530	 && (length > 0)) {
5531		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5532		ctsio->kern_data_len = length;
5533		ctsio->kern_total_len = length;
5534		ctsio->kern_rel_offset = 0;
5535		ctsio->kern_sg_entries = 0;
5536		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5537		ctsio->be_move_done = ctl_config_move_done;
5538		ctl_datamove((union ctl_io *)ctsio);
5539
5540		return (CTL_RETVAL_COMPLETE);
5541	}
5542
5543	defect_list_len = 0;
5544
5545	if (cdb->byte2 & SF_FMTDATA) {
5546		if (cdb->byte2 & SF_LONGLIST) {
5547			struct scsi_format_header_long *header;
5548
5549			header = (struct scsi_format_header_long *)
5550				ctsio->kern_data_ptr;
5551
5552			defect_list_len = scsi_4btoul(header->defect_list_len);
5553			if (defect_list_len != 0) {
5554				ctl_set_invalid_field(ctsio,
5555						      /*sks_valid*/ 1,
5556						      /*command*/ 0,
5557						      /*field*/ 2,
5558						      /*bit_valid*/ 0,
5559						      /*bit*/ 0);
5560				goto bailout;
5561			}
5562		} else {
5563			struct scsi_format_header_short *header;
5564
5565			header = (struct scsi_format_header_short *)
5566				ctsio->kern_data_ptr;
5567
5568			defect_list_len = scsi_2btoul(header->defect_list_len);
5569			if (defect_list_len != 0) {
5570				ctl_set_invalid_field(ctsio,
5571						      /*sks_valid*/ 1,
5572						      /*command*/ 0,
5573						      /*field*/ 2,
5574						      /*bit_valid*/ 0,
5575						      /*bit*/ 0);
5576				goto bailout;
5577			}
5578		}
5579	}
5580
5581	ctl_set_success(ctsio);
5582bailout:
5583
5584	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5585		free(ctsio->kern_data_ptr, M_CTL);
5586		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5587	}
5588
5589	ctl_done((union ctl_io *)ctsio);
5590	return (CTL_RETVAL_COMPLETE);
5591}
5592
5593int
5594ctl_read_buffer(struct ctl_scsiio *ctsio)
5595{
5596	struct ctl_lun *lun = CTL_LUN(ctsio);
5597	uint64_t buffer_offset;
5598	uint32_t len;
5599	uint8_t byte2;
5600	static uint8_t descr[4];
5601	static uint8_t echo_descr[4] = { 0 };
5602
5603	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5604
5605	switch (ctsio->cdb[0]) {
5606	case READ_BUFFER: {
5607		struct scsi_read_buffer *cdb;
5608
5609		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5610		buffer_offset = scsi_3btoul(cdb->offset);
5611		len = scsi_3btoul(cdb->length);
5612		byte2 = cdb->byte2;
5613		break;
5614	}
5615	case READ_BUFFER_16: {
5616		struct scsi_read_buffer_16 *cdb;
5617
5618		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5619		buffer_offset = scsi_8btou64(cdb->offset);
5620		len = scsi_4btoul(cdb->length);
5621		byte2 = cdb->byte2;
5622		break;
5623	}
5624	default: /* This shouldn't happen. */
5625		ctl_set_invalid_opcode(ctsio);
5626		ctl_done((union ctl_io *)ctsio);
5627		return (CTL_RETVAL_COMPLETE);
5628	}
5629
5630	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5631	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5632		ctl_set_invalid_field(ctsio,
5633				      /*sks_valid*/ 1,
5634				      /*command*/ 1,
5635				      /*field*/ 6,
5636				      /*bit_valid*/ 0,
5637				      /*bit*/ 0);
5638		ctl_done((union ctl_io *)ctsio);
5639		return (CTL_RETVAL_COMPLETE);
5640	}
5641
5642	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5643		descr[0] = 0;
5644		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5645		ctsio->kern_data_ptr = descr;
5646		len = min(len, sizeof(descr));
5647	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5648		ctsio->kern_data_ptr = echo_descr;
5649		len = min(len, sizeof(echo_descr));
5650	} else {
5651		if (lun->write_buffer == NULL) {
5652			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5653			    M_CTL, M_WAITOK);
5654		}
5655		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5656	}
5657	ctsio->kern_data_len = len;
5658	ctsio->kern_total_len = len;
5659	ctsio->kern_rel_offset = 0;
5660	ctsio->kern_sg_entries = 0;
5661	ctl_set_success(ctsio);
5662	ctsio->be_move_done = ctl_config_move_done;
5663	ctl_datamove((union ctl_io *)ctsio);
5664	return (CTL_RETVAL_COMPLETE);
5665}
5666
5667int
5668ctl_write_buffer(struct ctl_scsiio *ctsio)
5669{
5670	struct ctl_lun *lun = CTL_LUN(ctsio);
5671	struct scsi_write_buffer *cdb;
5672	int buffer_offset, len;
5673
5674	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5675
5676	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5677
5678	len = scsi_3btoul(cdb->length);
5679	buffer_offset = scsi_3btoul(cdb->offset);
5680
5681	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5682		ctl_set_invalid_field(ctsio,
5683				      /*sks_valid*/ 1,
5684				      /*command*/ 1,
5685				      /*field*/ 6,
5686				      /*bit_valid*/ 0,
5687				      /*bit*/ 0);
5688		ctl_done((union ctl_io *)ctsio);
5689		return (CTL_RETVAL_COMPLETE);
5690	}
5691
5692	/*
5693	 * If we've got a kernel request that hasn't been malloced yet,
5694	 * malloc it and tell the caller the data buffer is here.
5695	 */
5696	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5697		if (lun->write_buffer == NULL) {
5698			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5699			    M_CTL, M_WAITOK);
5700		}
5701		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5702		ctsio->kern_data_len = len;
5703		ctsio->kern_total_len = len;
5704		ctsio->kern_rel_offset = 0;
5705		ctsio->kern_sg_entries = 0;
5706		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5707		ctsio->be_move_done = ctl_config_move_done;
5708		ctl_datamove((union ctl_io *)ctsio);
5709
5710		return (CTL_RETVAL_COMPLETE);
5711	}
5712
5713	ctl_set_success(ctsio);
5714	ctl_done((union ctl_io *)ctsio);
5715	return (CTL_RETVAL_COMPLETE);
5716}
5717
5718int
5719ctl_write_same(struct ctl_scsiio *ctsio)
5720{
5721	struct ctl_lun *lun = CTL_LUN(ctsio);
5722	struct ctl_lba_len_flags *lbalen;
5723	uint64_t lba;
5724	uint32_t num_blocks;
5725	int len, retval;
5726	uint8_t byte2;
5727
5728	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5729
5730	switch (ctsio->cdb[0]) {
5731	case WRITE_SAME_10: {
5732		struct scsi_write_same_10 *cdb;
5733
5734		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5735
5736		lba = scsi_4btoul(cdb->addr);
5737		num_blocks = scsi_2btoul(cdb->length);
5738		byte2 = cdb->byte2;
5739		break;
5740	}
5741	case WRITE_SAME_16: {
5742		struct scsi_write_same_16 *cdb;
5743
5744		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5745
5746		lba = scsi_8btou64(cdb->addr);
5747		num_blocks = scsi_4btoul(cdb->length);
5748		byte2 = cdb->byte2;
5749		break;
5750	}
5751	default:
5752		/*
5753		 * We got a command we don't support.  This shouldn't
5754		 * happen, commands should be filtered out above us.
5755		 */
5756		ctl_set_invalid_opcode(ctsio);
5757		ctl_done((union ctl_io *)ctsio);
5758
5759		return (CTL_RETVAL_COMPLETE);
5760		break; /* NOTREACHED */
5761	}
5762
5763	/* ANCHOR flag can be used only together with UNMAP */
5764	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5765		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5766		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5767		ctl_done((union ctl_io *)ctsio);
5768		return (CTL_RETVAL_COMPLETE);
5769	}
5770
5771	/*
5772	 * The first check is to make sure we're in bounds, the second
5773	 * check is to catch wrap-around problems.  If the lba + num blocks
5774	 * is less than the lba, then we've wrapped around and the block
5775	 * range is invalid anyway.
5776	 */
5777	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5778	 || ((lba + num_blocks) < lba)) {
5779		ctl_set_lba_out_of_range(ctsio,
5780		    MAX(lba, lun->be_lun->maxlba + 1));
5781		ctl_done((union ctl_io *)ctsio);
5782		return (CTL_RETVAL_COMPLETE);
5783	}
5784
5785	/* Zero number of blocks means "to the last logical block" */
5786	if (num_blocks == 0) {
5787		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5788			ctl_set_invalid_field(ctsio,
5789					      /*sks_valid*/ 0,
5790					      /*command*/ 1,
5791					      /*field*/ 0,
5792					      /*bit_valid*/ 0,
5793					      /*bit*/ 0);
5794			ctl_done((union ctl_io *)ctsio);
5795			return (CTL_RETVAL_COMPLETE);
5796		}
5797		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5798	}
5799
5800	len = lun->be_lun->blocksize;
5801
5802	/*
5803	 * If we've got a kernel request that hasn't been malloced yet,
5804	 * malloc it and tell the caller the data buffer is here.
5805	 */
5806	if ((byte2 & SWS_NDOB) == 0 &&
5807	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5808		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5809		ctsio->kern_data_len = len;
5810		ctsio->kern_total_len = len;
5811		ctsio->kern_rel_offset = 0;
5812		ctsio->kern_sg_entries = 0;
5813		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5814		ctsio->be_move_done = ctl_config_move_done;
5815		ctl_datamove((union ctl_io *)ctsio);
5816
5817		return (CTL_RETVAL_COMPLETE);
5818	}
5819
5820	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5821	lbalen->lba = lba;
5822	lbalen->len = num_blocks;
5823	lbalen->flags = byte2;
5824	retval = lun->backend->config_write((union ctl_io *)ctsio);
5825
5826	return (retval);
5827}
5828
5829int
5830ctl_unmap(struct ctl_scsiio *ctsio)
5831{
5832	struct ctl_lun *lun = CTL_LUN(ctsio);
5833	struct scsi_unmap *cdb;
5834	struct ctl_ptr_len_flags *ptrlen;
5835	struct scsi_unmap_header *hdr;
5836	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5837	uint64_t lba;
5838	uint32_t num_blocks;
5839	int len, retval;
5840	uint8_t byte2;
5841
5842	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5843
5844	cdb = (struct scsi_unmap *)ctsio->cdb;
5845	len = scsi_2btoul(cdb->length);
5846	byte2 = cdb->byte2;
5847
5848	/*
5849	 * If we've got a kernel request that hasn't been malloced yet,
5850	 * malloc it and tell the caller the data buffer is here.
5851	 */
5852	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5853		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5854		ctsio->kern_data_len = len;
5855		ctsio->kern_total_len = len;
5856		ctsio->kern_rel_offset = 0;
5857		ctsio->kern_sg_entries = 0;
5858		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5859		ctsio->be_move_done = ctl_config_move_done;
5860		ctl_datamove((union ctl_io *)ctsio);
5861
5862		return (CTL_RETVAL_COMPLETE);
5863	}
5864
5865	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5866	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5867	if (len < sizeof (*hdr) ||
5868	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5869	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5870	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5871		ctl_set_invalid_field(ctsio,
5872				      /*sks_valid*/ 0,
5873				      /*command*/ 0,
5874				      /*field*/ 0,
5875				      /*bit_valid*/ 0,
5876				      /*bit*/ 0);
5877		goto done;
5878	}
5879	len = scsi_2btoul(hdr->desc_length);
5880	buf = (struct scsi_unmap_desc *)(hdr + 1);
5881	end = buf + len / sizeof(*buf);
5882
5883	endnz = buf;
5884	for (range = buf; range < end; range++) {
5885		lba = scsi_8btou64(range->lba);
5886		num_blocks = scsi_4btoul(range->length);
5887		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5888		 || ((lba + num_blocks) < lba)) {
5889			ctl_set_lba_out_of_range(ctsio,
5890			    MAX(lba, lun->be_lun->maxlba + 1));
5891			ctl_done((union ctl_io *)ctsio);
5892			return (CTL_RETVAL_COMPLETE);
5893		}
5894		if (num_blocks != 0)
5895			endnz = range + 1;
5896	}
5897
5898	/*
5899	 * Block backend can not handle zero last range.
5900	 * Filter it out and return if there is nothing left.
5901	 */
5902	len = (uint8_t *)endnz - (uint8_t *)buf;
5903	if (len == 0) {
5904		ctl_set_success(ctsio);
5905		goto done;
5906	}
5907
5908	mtx_lock(&lun->lun_lock);
5909	ptrlen = (struct ctl_ptr_len_flags *)
5910	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5911	ptrlen->ptr = (void *)buf;
5912	ptrlen->len = len;
5913	ptrlen->flags = byte2;
5914	ctl_try_unblock_others(lun, (union ctl_io *)ctsio, FALSE);
5915	mtx_unlock(&lun->lun_lock);
5916
5917	retval = lun->backend->config_write((union ctl_io *)ctsio);
5918	return (retval);
5919
5920done:
5921	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5922		free(ctsio->kern_data_ptr, M_CTL);
5923		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5924	}
5925	ctl_done((union ctl_io *)ctsio);
5926	return (CTL_RETVAL_COMPLETE);
5927}
5928
5929int
5930ctl_default_page_handler(struct ctl_scsiio *ctsio,
5931			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5932{
5933	struct ctl_lun *lun = CTL_LUN(ctsio);
5934	uint8_t *current_cp;
5935	int set_ua;
5936	uint32_t initidx;
5937
5938	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5939	set_ua = 0;
5940
5941	current_cp = (page_index->page_data + (page_index->page_len *
5942	    CTL_PAGE_CURRENT));
5943
5944	mtx_lock(&lun->lun_lock);
5945	if (memcmp(current_cp, page_ptr, page_index->page_len)) {
5946		memcpy(current_cp, page_ptr, page_index->page_len);
5947		set_ua = 1;
5948	}
5949	if (set_ua != 0)
5950		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5951	mtx_unlock(&lun->lun_lock);
5952	if (set_ua) {
5953		ctl_isc_announce_mode(lun,
5954		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5955		    page_index->page_code, page_index->subpage);
5956	}
5957	return (CTL_RETVAL_COMPLETE);
5958}
5959
5960static void
5961ctl_ie_timer(void *arg)
5962{
5963	struct ctl_lun *lun = arg;
5964	uint64_t t;
5965
5966	if (lun->ie_asc == 0)
5967		return;
5968
5969	if (lun->MODE_IE.mrie == SIEP_MRIE_UA)
5970		ctl_est_ua_all(lun, -1, CTL_UA_IE);
5971	else
5972		lun->ie_reported = 0;
5973
5974	if (lun->ie_reportcnt < scsi_4btoul(lun->MODE_IE.report_count)) {
5975		lun->ie_reportcnt++;
5976		t = scsi_4btoul(lun->MODE_IE.interval_timer);
5977		if (t == 0 || t == UINT32_MAX)
5978			t = 3000;  /* 5 min */
5979		callout_schedule(&lun->ie_callout, t * hz / 10);
5980	}
5981}
5982
5983int
5984ctl_ie_page_handler(struct ctl_scsiio *ctsio,
5985			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5986{
5987	struct ctl_lun *lun = CTL_LUN(ctsio);
5988	struct scsi_info_exceptions_page *pg;
5989	uint64_t t;
5990
5991	(void)ctl_default_page_handler(ctsio, page_index, page_ptr);
5992
5993	pg = (struct scsi_info_exceptions_page *)page_ptr;
5994	mtx_lock(&lun->lun_lock);
5995	if (pg->info_flags & SIEP_FLAGS_TEST) {
5996		lun->ie_asc = 0x5d;
5997		lun->ie_ascq = 0xff;
5998		if (pg->mrie == SIEP_MRIE_UA) {
5999			ctl_est_ua_all(lun, -1, CTL_UA_IE);
6000			lun->ie_reported = 1;
6001		} else {
6002			ctl_clr_ua_all(lun, -1, CTL_UA_IE);
6003			lun->ie_reported = -1;
6004		}
6005		lun->ie_reportcnt = 1;
6006		if (lun->ie_reportcnt < scsi_4btoul(pg->report_count)) {
6007			lun->ie_reportcnt++;
6008			t = scsi_4btoul(pg->interval_timer);
6009			if (t == 0 || t == UINT32_MAX)
6010				t = 3000;  /* 5 min */
6011			callout_reset(&lun->ie_callout, t * hz / 10,
6012			    ctl_ie_timer, lun);
6013		}
6014	} else {
6015		lun->ie_asc = 0;
6016		lun->ie_ascq = 0;
6017		lun->ie_reported = 1;
6018		ctl_clr_ua_all(lun, -1, CTL_UA_IE);
6019		lun->ie_reportcnt = UINT32_MAX;
6020		callout_stop(&lun->ie_callout);
6021	}
6022	mtx_unlock(&lun->lun_lock);
6023	return (CTL_RETVAL_COMPLETE);
6024}
6025
6026static int
6027ctl_do_mode_select(union ctl_io *io)
6028{
6029	struct ctl_lun *lun = CTL_LUN(io);
6030	struct scsi_mode_page_header *page_header;
6031	struct ctl_page_index *page_index;
6032	struct ctl_scsiio *ctsio;
6033	int page_len, page_len_offset, page_len_size;
6034	union ctl_modepage_info *modepage_info;
6035	uint16_t *len_left, *len_used;
6036	int retval, i;
6037
6038	ctsio = &io->scsiio;
6039	page_index = NULL;
6040	page_len = 0;
6041
6042	modepage_info = (union ctl_modepage_info *)
6043		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6044	len_left = &modepage_info->header.len_left;
6045	len_used = &modepage_info->header.len_used;
6046
6047do_next_page:
6048
6049	page_header = (struct scsi_mode_page_header *)
6050		(ctsio->kern_data_ptr + *len_used);
6051
6052	if (*len_left == 0) {
6053		free(ctsio->kern_data_ptr, M_CTL);
6054		ctl_set_success(ctsio);
6055		ctl_done((union ctl_io *)ctsio);
6056		return (CTL_RETVAL_COMPLETE);
6057	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6058
6059		free(ctsio->kern_data_ptr, M_CTL);
6060		ctl_set_param_len_error(ctsio);
6061		ctl_done((union ctl_io *)ctsio);
6062		return (CTL_RETVAL_COMPLETE);
6063
6064	} else if ((page_header->page_code & SMPH_SPF)
6065		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6066
6067		free(ctsio->kern_data_ptr, M_CTL);
6068		ctl_set_param_len_error(ctsio);
6069		ctl_done((union ctl_io *)ctsio);
6070		return (CTL_RETVAL_COMPLETE);
6071	}
6072
6073
6074	/*
6075	 * XXX KDM should we do something with the block descriptor?
6076	 */
6077	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6078		page_index = &lun->mode_pages.index[i];
6079		if (lun->be_lun->lun_type == T_DIRECT &&
6080		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6081			continue;
6082		if (lun->be_lun->lun_type == T_PROCESSOR &&
6083		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6084			continue;
6085		if (lun->be_lun->lun_type == T_CDROM &&
6086		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6087			continue;
6088
6089		if ((page_index->page_code & SMPH_PC_MASK) !=
6090		    (page_header->page_code & SMPH_PC_MASK))
6091			continue;
6092
6093		/*
6094		 * If neither page has a subpage code, then we've got a
6095		 * match.
6096		 */
6097		if (((page_index->page_code & SMPH_SPF) == 0)
6098		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6099			page_len = page_header->page_length;
6100			break;
6101		}
6102
6103		/*
6104		 * If both pages have subpages, then the subpage numbers
6105		 * have to match.
6106		 */
6107		if ((page_index->page_code & SMPH_SPF)
6108		  && (page_header->page_code & SMPH_SPF)) {
6109			struct scsi_mode_page_header_sp *sph;
6110
6111			sph = (struct scsi_mode_page_header_sp *)page_header;
6112			if (page_index->subpage == sph->subpage) {
6113				page_len = scsi_2btoul(sph->page_length);
6114				break;
6115			}
6116		}
6117	}
6118
6119	/*
6120	 * If we couldn't find the page, or if we don't have a mode select
6121	 * handler for it, send back an error to the user.
6122	 */
6123	if ((i >= CTL_NUM_MODE_PAGES)
6124	 || (page_index->select_handler == NULL)) {
6125		ctl_set_invalid_field(ctsio,
6126				      /*sks_valid*/ 1,
6127				      /*command*/ 0,
6128				      /*field*/ *len_used,
6129				      /*bit_valid*/ 0,
6130				      /*bit*/ 0);
6131		free(ctsio->kern_data_ptr, M_CTL);
6132		ctl_done((union ctl_io *)ctsio);
6133		return (CTL_RETVAL_COMPLETE);
6134	}
6135
6136	if (page_index->page_code & SMPH_SPF) {
6137		page_len_offset = 2;
6138		page_len_size = 2;
6139	} else {
6140		page_len_size = 1;
6141		page_len_offset = 1;
6142	}
6143
6144	/*
6145	 * If the length the initiator gives us isn't the one we specify in
6146	 * the mode page header, or if they didn't specify enough data in
6147	 * the CDB to avoid truncating this page, kick out the request.
6148	 */
6149	if (page_len != page_index->page_len - page_len_offset - page_len_size) {
6150		ctl_set_invalid_field(ctsio,
6151				      /*sks_valid*/ 1,
6152				      /*command*/ 0,
6153				      /*field*/ *len_used + page_len_offset,
6154				      /*bit_valid*/ 0,
6155				      /*bit*/ 0);
6156		free(ctsio->kern_data_ptr, M_CTL);
6157		ctl_done((union ctl_io *)ctsio);
6158		return (CTL_RETVAL_COMPLETE);
6159	}
6160	if (*len_left < page_index->page_len) {
6161		free(ctsio->kern_data_ptr, M_CTL);
6162		ctl_set_param_len_error(ctsio);
6163		ctl_done((union ctl_io *)ctsio);
6164		return (CTL_RETVAL_COMPLETE);
6165	}
6166
6167	/*
6168	 * Run through the mode page, checking to make sure that the bits
6169	 * the user changed are actually legal for him to change.
6170	 */
6171	for (i = 0; i < page_index->page_len; i++) {
6172		uint8_t *user_byte, *change_mask, *current_byte;
6173		int bad_bit;
6174		int j;
6175
6176		user_byte = (uint8_t *)page_header + i;
6177		change_mask = page_index->page_data +
6178			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6179		current_byte = page_index->page_data +
6180			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6181
6182		/*
6183		 * Check to see whether the user set any bits in this byte
6184		 * that he is not allowed to set.
6185		 */
6186		if ((*user_byte & ~(*change_mask)) ==
6187		    (*current_byte & ~(*change_mask)))
6188			continue;
6189
6190		/*
6191		 * Go through bit by bit to determine which one is illegal.
6192		 */
6193		bad_bit = 0;
6194		for (j = 7; j >= 0; j--) {
6195			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6196			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6197				bad_bit = i;
6198				break;
6199			}
6200		}
6201		ctl_set_invalid_field(ctsio,
6202				      /*sks_valid*/ 1,
6203				      /*command*/ 0,
6204				      /*field*/ *len_used + i,
6205				      /*bit_valid*/ 1,
6206				      /*bit*/ bad_bit);
6207		free(ctsio->kern_data_ptr, M_CTL);
6208		ctl_done((union ctl_io *)ctsio);
6209		return (CTL_RETVAL_COMPLETE);
6210	}
6211
6212	/*
6213	 * Decrement these before we call the page handler, since we may
6214	 * end up getting called back one way or another before the handler
6215	 * returns to this context.
6216	 */
6217	*len_left -= page_index->page_len;
6218	*len_used += page_index->page_len;
6219
6220	retval = page_index->select_handler(ctsio, page_index,
6221					    (uint8_t *)page_header);
6222
6223	/*
6224	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6225	 * wait until this queued command completes to finish processing
6226	 * the mode page.  If it returns anything other than
6227	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6228	 * already set the sense information, freed the data pointer, and
6229	 * completed the io for us.
6230	 */
6231	if (retval != CTL_RETVAL_COMPLETE)
6232		goto bailout_no_done;
6233
6234	/*
6235	 * If the initiator sent us more than one page, parse the next one.
6236	 */
6237	if (*len_left > 0)
6238		goto do_next_page;
6239
6240	ctl_set_success(ctsio);
6241	free(ctsio->kern_data_ptr, M_CTL);
6242	ctl_done((union ctl_io *)ctsio);
6243
6244bailout_no_done:
6245
6246	return (CTL_RETVAL_COMPLETE);
6247
6248}
6249
6250int
6251ctl_mode_select(struct ctl_scsiio *ctsio)
6252{
6253	struct ctl_lun *lun = CTL_LUN(ctsio);
6254	union ctl_modepage_info *modepage_info;
6255	int bd_len, i, header_size, param_len, pf, rtd, sp;
6256	uint32_t initidx;
6257
6258	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6259	switch (ctsio->cdb[0]) {
6260	case MODE_SELECT_6: {
6261		struct scsi_mode_select_6 *cdb;
6262
6263		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6264
6265		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6266		rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
6267		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6268		param_len = cdb->length;
6269		header_size = sizeof(struct scsi_mode_header_6);
6270		break;
6271	}
6272	case MODE_SELECT_10: {
6273		struct scsi_mode_select_10 *cdb;
6274
6275		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6276
6277		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6278		rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
6279		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6280		param_len = scsi_2btoul(cdb->length);
6281		header_size = sizeof(struct scsi_mode_header_10);
6282		break;
6283	}
6284	default:
6285		ctl_set_invalid_opcode(ctsio);
6286		ctl_done((union ctl_io *)ctsio);
6287		return (CTL_RETVAL_COMPLETE);
6288	}
6289
6290	if (rtd) {
6291		if (param_len != 0) {
6292			ctl_set_invalid_field(ctsio, /*sks_valid*/ 0,
6293			    /*command*/ 1, /*field*/ 0,
6294			    /*bit_valid*/ 0, /*bit*/ 0);
6295			ctl_done((union ctl_io *)ctsio);
6296			return (CTL_RETVAL_COMPLETE);
6297		}
6298
6299		/* Revert to defaults. */
6300		ctl_init_page_index(lun);
6301		mtx_lock(&lun->lun_lock);
6302		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6303		mtx_unlock(&lun->lun_lock);
6304		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6305			ctl_isc_announce_mode(lun, -1,
6306			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
6307			    lun->mode_pages.index[i].subpage);
6308		}
6309		ctl_set_success(ctsio);
6310		ctl_done((union ctl_io *)ctsio);
6311		return (CTL_RETVAL_COMPLETE);
6312	}
6313
6314	/*
6315	 * From SPC-3:
6316	 * "A parameter list length of zero indicates that the Data-Out Buffer
6317	 * shall be empty. This condition shall not be considered as an error."
6318	 */
6319	if (param_len == 0) {
6320		ctl_set_success(ctsio);
6321		ctl_done((union ctl_io *)ctsio);
6322		return (CTL_RETVAL_COMPLETE);
6323	}
6324
6325	/*
6326	 * Since we'll hit this the first time through, prior to
6327	 * allocation, we don't need to free a data buffer here.
6328	 */
6329	if (param_len < header_size) {
6330		ctl_set_param_len_error(ctsio);
6331		ctl_done((union ctl_io *)ctsio);
6332		return (CTL_RETVAL_COMPLETE);
6333	}
6334
6335	/*
6336	 * Allocate the data buffer and grab the user's data.  In theory,
6337	 * we shouldn't have to sanity check the parameter list length here
6338	 * because the maximum size is 64K.  We should be able to malloc
6339	 * that much without too many problems.
6340	 */
6341	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6342		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6343		ctsio->kern_data_len = param_len;
6344		ctsio->kern_total_len = param_len;
6345		ctsio->kern_rel_offset = 0;
6346		ctsio->kern_sg_entries = 0;
6347		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6348		ctsio->be_move_done = ctl_config_move_done;
6349		ctl_datamove((union ctl_io *)ctsio);
6350
6351		return (CTL_RETVAL_COMPLETE);
6352	}
6353
6354	switch (ctsio->cdb[0]) {
6355	case MODE_SELECT_6: {
6356		struct scsi_mode_header_6 *mh6;
6357
6358		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6359		bd_len = mh6->blk_desc_len;
6360		break;
6361	}
6362	case MODE_SELECT_10: {
6363		struct scsi_mode_header_10 *mh10;
6364
6365		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6366		bd_len = scsi_2btoul(mh10->blk_desc_len);
6367		break;
6368	}
6369	default:
6370		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6371	}
6372
6373	if (param_len < (header_size + bd_len)) {
6374		free(ctsio->kern_data_ptr, M_CTL);
6375		ctl_set_param_len_error(ctsio);
6376		ctl_done((union ctl_io *)ctsio);
6377		return (CTL_RETVAL_COMPLETE);
6378	}
6379
6380	/*
6381	 * Set the IO_CONT flag, so that if this I/O gets passed to
6382	 * ctl_config_write_done(), it'll get passed back to
6383	 * ctl_do_mode_select() for further processing, or completion if
6384	 * we're all done.
6385	 */
6386	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6387	ctsio->io_cont = ctl_do_mode_select;
6388
6389	modepage_info = (union ctl_modepage_info *)
6390		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6391	memset(modepage_info, 0, sizeof(*modepage_info));
6392	modepage_info->header.len_left = param_len - header_size - bd_len;
6393	modepage_info->header.len_used = header_size + bd_len;
6394
6395	return (ctl_do_mode_select((union ctl_io *)ctsio));
6396}
6397
6398int
6399ctl_mode_sense(struct ctl_scsiio *ctsio)
6400{
6401	struct ctl_lun *lun = CTL_LUN(ctsio);
6402	int pc, page_code, dbd, llba, subpage;
6403	int alloc_len, page_len, header_len, total_len;
6404	struct scsi_mode_block_descr *block_desc;
6405	struct ctl_page_index *page_index;
6406
6407	dbd = 0;
6408	llba = 0;
6409	block_desc = NULL;
6410
6411	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6412
6413	switch (ctsio->cdb[0]) {
6414	case MODE_SENSE_6: {
6415		struct scsi_mode_sense_6 *cdb;
6416
6417		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6418
6419		header_len = sizeof(struct scsi_mode_hdr_6);
6420		if (cdb->byte2 & SMS_DBD)
6421			dbd = 1;
6422		else
6423			header_len += sizeof(struct scsi_mode_block_descr);
6424
6425		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6426		page_code = cdb->page & SMS_PAGE_CODE;
6427		subpage = cdb->subpage;
6428		alloc_len = cdb->length;
6429		break;
6430	}
6431	case MODE_SENSE_10: {
6432		struct scsi_mode_sense_10 *cdb;
6433
6434		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6435
6436		header_len = sizeof(struct scsi_mode_hdr_10);
6437
6438		if (cdb->byte2 & SMS_DBD)
6439			dbd = 1;
6440		else
6441			header_len += sizeof(struct scsi_mode_block_descr);
6442		if (cdb->byte2 & SMS10_LLBAA)
6443			llba = 1;
6444		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6445		page_code = cdb->page & SMS_PAGE_CODE;
6446		subpage = cdb->subpage;
6447		alloc_len = scsi_2btoul(cdb->length);
6448		break;
6449	}
6450	default:
6451		ctl_set_invalid_opcode(ctsio);
6452		ctl_done((union ctl_io *)ctsio);
6453		return (CTL_RETVAL_COMPLETE);
6454		break; /* NOTREACHED */
6455	}
6456
6457	/*
6458	 * We have to make a first pass through to calculate the size of
6459	 * the pages that match the user's query.  Then we allocate enough
6460	 * memory to hold it, and actually copy the data into the buffer.
6461	 */
6462	switch (page_code) {
6463	case SMS_ALL_PAGES_PAGE: {
6464		u_int i;
6465
6466		page_len = 0;
6467
6468		/*
6469		 * At the moment, values other than 0 and 0xff here are
6470		 * reserved according to SPC-3.
6471		 */
6472		if ((subpage != SMS_SUBPAGE_PAGE_0)
6473		 && (subpage != SMS_SUBPAGE_ALL)) {
6474			ctl_set_invalid_field(ctsio,
6475					      /*sks_valid*/ 1,
6476					      /*command*/ 1,
6477					      /*field*/ 3,
6478					      /*bit_valid*/ 0,
6479					      /*bit*/ 0);
6480			ctl_done((union ctl_io *)ctsio);
6481			return (CTL_RETVAL_COMPLETE);
6482		}
6483
6484		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6485			page_index = &lun->mode_pages.index[i];
6486
6487			/* Make sure the page is supported for this dev type */
6488			if (lun->be_lun->lun_type == T_DIRECT &&
6489			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6490				continue;
6491			if (lun->be_lun->lun_type == T_PROCESSOR &&
6492			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6493				continue;
6494			if (lun->be_lun->lun_type == T_CDROM &&
6495			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6496				continue;
6497
6498			/*
6499			 * We don't use this subpage if the user didn't
6500			 * request all subpages.
6501			 */
6502			if ((page_index->subpage != 0)
6503			 && (subpage == SMS_SUBPAGE_PAGE_0))
6504				continue;
6505
6506			page_len += page_index->page_len;
6507		}
6508		break;
6509	}
6510	default: {
6511		u_int i;
6512
6513		page_len = 0;
6514
6515		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6516			page_index = &lun->mode_pages.index[i];
6517
6518			/* Make sure the page is supported for this dev type */
6519			if (lun->be_lun->lun_type == T_DIRECT &&
6520			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6521				continue;
6522			if (lun->be_lun->lun_type == T_PROCESSOR &&
6523			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6524				continue;
6525			if (lun->be_lun->lun_type == T_CDROM &&
6526			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6527				continue;
6528
6529			/* Look for the right page code */
6530			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6531				continue;
6532
6533			/* Look for the right subpage or the subpage wildcard*/
6534			if ((page_index->subpage != subpage)
6535			 && (subpage != SMS_SUBPAGE_ALL))
6536				continue;
6537
6538			page_len += page_index->page_len;
6539		}
6540
6541		if (page_len == 0) {
6542			ctl_set_invalid_field(ctsio,
6543					      /*sks_valid*/ 1,
6544					      /*command*/ 1,
6545					      /*field*/ 2,
6546					      /*bit_valid*/ 1,
6547					      /*bit*/ 5);
6548			ctl_done((union ctl_io *)ctsio);
6549			return (CTL_RETVAL_COMPLETE);
6550		}
6551		break;
6552	}
6553	}
6554
6555	total_len = header_len + page_len;
6556
6557	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6558	ctsio->kern_sg_entries = 0;
6559	ctsio->kern_rel_offset = 0;
6560	ctsio->kern_data_len = min(total_len, alloc_len);
6561	ctsio->kern_total_len = ctsio->kern_data_len;
6562
6563	switch (ctsio->cdb[0]) {
6564	case MODE_SENSE_6: {
6565		struct scsi_mode_hdr_6 *header;
6566
6567		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6568
6569		header->datalen = MIN(total_len - 1, 254);
6570		if (lun->be_lun->lun_type == T_DIRECT) {
6571			header->dev_specific = 0x10; /* DPOFUA */
6572			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6573			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6574				header->dev_specific |= 0x80; /* WP */
6575		}
6576		if (dbd)
6577			header->block_descr_len = 0;
6578		else
6579			header->block_descr_len =
6580				sizeof(struct scsi_mode_block_descr);
6581		block_desc = (struct scsi_mode_block_descr *)&header[1];
6582		break;
6583	}
6584	case MODE_SENSE_10: {
6585		struct scsi_mode_hdr_10 *header;
6586		int datalen;
6587
6588		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6589
6590		datalen = MIN(total_len - 2, 65533);
6591		scsi_ulto2b(datalen, header->datalen);
6592		if (lun->be_lun->lun_type == T_DIRECT) {
6593			header->dev_specific = 0x10; /* DPOFUA */
6594			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6595			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6596				header->dev_specific |= 0x80; /* WP */
6597		}
6598		if (dbd)
6599			scsi_ulto2b(0, header->block_descr_len);
6600		else
6601			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6602				    header->block_descr_len);
6603		block_desc = (struct scsi_mode_block_descr *)&header[1];
6604		break;
6605	}
6606	default:
6607		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6608	}
6609
6610	/*
6611	 * If we've got a disk, use its blocksize in the block
6612	 * descriptor.  Otherwise, just set it to 0.
6613	 */
6614	if (dbd == 0) {
6615		if (lun->be_lun->lun_type == T_DIRECT)
6616			scsi_ulto3b(lun->be_lun->blocksize,
6617				    block_desc->block_len);
6618		else
6619			scsi_ulto3b(0, block_desc->block_len);
6620	}
6621
6622	switch (page_code) {
6623	case SMS_ALL_PAGES_PAGE: {
6624		int i, data_used;
6625
6626		data_used = header_len;
6627		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6628			struct ctl_page_index *page_index;
6629
6630			page_index = &lun->mode_pages.index[i];
6631			if (lun->be_lun->lun_type == T_DIRECT &&
6632			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6633				continue;
6634			if (lun->be_lun->lun_type == T_PROCESSOR &&
6635			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6636				continue;
6637			if (lun->be_lun->lun_type == T_CDROM &&
6638			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6639				continue;
6640
6641			/*
6642			 * We don't use this subpage if the user didn't
6643			 * request all subpages.  We already checked (above)
6644			 * to make sure the user only specified a subpage
6645			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6646			 */
6647			if ((page_index->subpage != 0)
6648			 && (subpage == SMS_SUBPAGE_PAGE_0))
6649				continue;
6650
6651			/*
6652			 * Call the handler, if it exists, to update the
6653			 * page to the latest values.
6654			 */
6655			if (page_index->sense_handler != NULL)
6656				page_index->sense_handler(ctsio, page_index,pc);
6657
6658			memcpy(ctsio->kern_data_ptr + data_used,
6659			       page_index->page_data +
6660			       (page_index->page_len * pc),
6661			       page_index->page_len);
6662			data_used += page_index->page_len;
6663		}
6664		break;
6665	}
6666	default: {
6667		int i, data_used;
6668
6669		data_used = header_len;
6670
6671		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6672			struct ctl_page_index *page_index;
6673
6674			page_index = &lun->mode_pages.index[i];
6675
6676			/* Look for the right page code */
6677			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6678				continue;
6679
6680			/* Look for the right subpage or the subpage wildcard*/
6681			if ((page_index->subpage != subpage)
6682			 && (subpage != SMS_SUBPAGE_ALL))
6683				continue;
6684
6685			/* Make sure the page is supported for this dev type */
6686			if (lun->be_lun->lun_type == T_DIRECT &&
6687			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6688				continue;
6689			if (lun->be_lun->lun_type == T_PROCESSOR &&
6690			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6691				continue;
6692			if (lun->be_lun->lun_type == T_CDROM &&
6693			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6694				continue;
6695
6696			/*
6697			 * Call the handler, if it exists, to update the
6698			 * page to the latest values.
6699			 */
6700			if (page_index->sense_handler != NULL)
6701				page_index->sense_handler(ctsio, page_index,pc);
6702
6703			memcpy(ctsio->kern_data_ptr + data_used,
6704			       page_index->page_data +
6705			       (page_index->page_len * pc),
6706			       page_index->page_len);
6707			data_used += page_index->page_len;
6708		}
6709		break;
6710	}
6711	}
6712
6713	ctl_set_success(ctsio);
6714	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6715	ctsio->be_move_done = ctl_config_move_done;
6716	ctl_datamove((union ctl_io *)ctsio);
6717	return (CTL_RETVAL_COMPLETE);
6718}
6719
6720int
6721ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6722			       struct ctl_page_index *page_index,
6723			       int pc)
6724{
6725	struct ctl_lun *lun = CTL_LUN(ctsio);
6726	struct scsi_log_param_header *phdr;
6727	uint8_t *data;
6728	uint64_t val;
6729
6730	data = page_index->page_data;
6731
6732	if (lun->backend->lun_attr != NULL &&
6733	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6734	     != UINT64_MAX) {
6735		phdr = (struct scsi_log_param_header *)data;
6736		scsi_ulto2b(0x0001, phdr->param_code);
6737		phdr->param_control = SLP_LBIN | SLP_LP;
6738		phdr->param_len = 8;
6739		data = (uint8_t *)(phdr + 1);
6740		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6741		data[4] = 0x02; /* per-pool */
6742		data += phdr->param_len;
6743	}
6744
6745	if (lun->backend->lun_attr != NULL &&
6746	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6747	     != UINT64_MAX) {
6748		phdr = (struct scsi_log_param_header *)data;
6749		scsi_ulto2b(0x0002, phdr->param_code);
6750		phdr->param_control = SLP_LBIN | SLP_LP;
6751		phdr->param_len = 8;
6752		data = (uint8_t *)(phdr + 1);
6753		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6754		data[4] = 0x01; /* per-LUN */
6755		data += phdr->param_len;
6756	}
6757
6758	if (lun->backend->lun_attr != NULL &&
6759	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6760	     != UINT64_MAX) {
6761		phdr = (struct scsi_log_param_header *)data;
6762		scsi_ulto2b(0x00f1, phdr->param_code);
6763		phdr->param_control = SLP_LBIN | SLP_LP;
6764		phdr->param_len = 8;
6765		data = (uint8_t *)(phdr + 1);
6766		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6767		data[4] = 0x02; /* per-pool */
6768		data += phdr->param_len;
6769	}
6770
6771	if (lun->backend->lun_attr != NULL &&
6772	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6773	     != UINT64_MAX) {
6774		phdr = (struct scsi_log_param_header *)data;
6775		scsi_ulto2b(0x00f2, phdr->param_code);
6776		phdr->param_control = SLP_LBIN | SLP_LP;
6777		phdr->param_len = 8;
6778		data = (uint8_t *)(phdr + 1);
6779		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6780		data[4] = 0x02; /* per-pool */
6781		data += phdr->param_len;
6782	}
6783
6784	page_index->page_len = data - page_index->page_data;
6785	return (0);
6786}
6787
6788int
6789ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6790			       struct ctl_page_index *page_index,
6791			       int pc)
6792{
6793	struct ctl_lun *lun = CTL_LUN(ctsio);
6794	struct stat_page *data;
6795	struct bintime *t;
6796
6797	data = (struct stat_page *)page_index->page_data;
6798
6799	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6800	data->sap.hdr.param_control = SLP_LBIN;
6801	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6802	    sizeof(struct scsi_log_param_header);
6803	scsi_u64to8b(lun->stats.operations[CTL_STATS_READ],
6804	    data->sap.read_num);
6805	scsi_u64to8b(lun->stats.operations[CTL_STATS_WRITE],
6806	    data->sap.write_num);
6807	if (lun->be_lun->blocksize > 0) {
6808		scsi_u64to8b(lun->stats.bytes[CTL_STATS_WRITE] /
6809		    lun->be_lun->blocksize, data->sap.recvieved_lba);
6810		scsi_u64to8b(lun->stats.bytes[CTL_STATS_READ] /
6811		    lun->be_lun->blocksize, data->sap.transmitted_lba);
6812	}
6813	t = &lun->stats.time[CTL_STATS_READ];
6814	scsi_u64to8b((uint64_t)t->sec * 1000 + t->frac / (UINT64_MAX / 1000),
6815	    data->sap.read_int);
6816	t = &lun->stats.time[CTL_STATS_WRITE];
6817	scsi_u64to8b((uint64_t)t->sec * 1000 + t->frac / (UINT64_MAX / 1000),
6818	    data->sap.write_int);
6819	scsi_u64to8b(0, data->sap.weighted_num);
6820	scsi_u64to8b(0, data->sap.weighted_int);
6821	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6822	data->it.hdr.param_control = SLP_LBIN;
6823	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6824	    sizeof(struct scsi_log_param_header);
6825#ifdef CTL_TIME_IO
6826	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6827#endif
6828	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6829	data->it.hdr.param_control = SLP_LBIN;
6830	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6831	    sizeof(struct scsi_log_param_header);
6832	scsi_ulto4b(3, data->ti.exponent);
6833	scsi_ulto4b(1, data->ti.integer);
6834	return (0);
6835}
6836
6837int
6838ctl_ie_log_sense_handler(struct ctl_scsiio *ctsio,
6839			       struct ctl_page_index *page_index,
6840			       int pc)
6841{
6842	struct ctl_lun *lun = CTL_LUN(ctsio);
6843	struct scsi_log_informational_exceptions *data;
6844
6845	data = (struct scsi_log_informational_exceptions *)page_index->page_data;
6846
6847	scsi_ulto2b(SLP_IE_GEN, data->hdr.param_code);
6848	data->hdr.param_control = SLP_LBIN;
6849	data->hdr.param_len = sizeof(struct scsi_log_informational_exceptions) -
6850	    sizeof(struct scsi_log_param_header);
6851	data->ie_asc = lun->ie_asc;
6852	data->ie_ascq = lun->ie_ascq;
6853	data->temperature = 0xff;
6854	return (0);
6855}
6856
6857int
6858ctl_log_sense(struct ctl_scsiio *ctsio)
6859{
6860	struct ctl_lun *lun = CTL_LUN(ctsio);
6861	int i, pc, page_code, subpage;
6862	int alloc_len, total_len;
6863	struct ctl_page_index *page_index;
6864	struct scsi_log_sense *cdb;
6865	struct scsi_log_header *header;
6866
6867	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6868
6869	cdb = (struct scsi_log_sense *)ctsio->cdb;
6870	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6871	page_code = cdb->page & SLS_PAGE_CODE;
6872	subpage = cdb->subpage;
6873	alloc_len = scsi_2btoul(cdb->length);
6874
6875	page_index = NULL;
6876	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6877		page_index = &lun->log_pages.index[i];
6878
6879		/* Look for the right page code */
6880		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6881			continue;
6882
6883		/* Look for the right subpage or the subpage wildcard*/
6884		if (page_index->subpage != subpage)
6885			continue;
6886
6887		break;
6888	}
6889	if (i >= CTL_NUM_LOG_PAGES) {
6890		ctl_set_invalid_field(ctsio,
6891				      /*sks_valid*/ 1,
6892				      /*command*/ 1,
6893				      /*field*/ 2,
6894				      /*bit_valid*/ 0,
6895				      /*bit*/ 0);
6896		ctl_done((union ctl_io *)ctsio);
6897		return (CTL_RETVAL_COMPLETE);
6898	}
6899
6900	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6901
6902	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6903	ctsio->kern_sg_entries = 0;
6904	ctsio->kern_rel_offset = 0;
6905	ctsio->kern_data_len = min(total_len, alloc_len);
6906	ctsio->kern_total_len = ctsio->kern_data_len;
6907
6908	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6909	header->page = page_index->page_code;
6910	if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING)
6911		header->page |= SL_DS;
6912	if (page_index->subpage) {
6913		header->page |= SL_SPF;
6914		header->subpage = page_index->subpage;
6915	}
6916	scsi_ulto2b(page_index->page_len, header->datalen);
6917
6918	/*
6919	 * Call the handler, if it exists, to update the
6920	 * page to the latest values.
6921	 */
6922	if (page_index->sense_handler != NULL)
6923		page_index->sense_handler(ctsio, page_index, pc);
6924
6925	memcpy(header + 1, page_index->page_data, page_index->page_len);
6926
6927	ctl_set_success(ctsio);
6928	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6929	ctsio->be_move_done = ctl_config_move_done;
6930	ctl_datamove((union ctl_io *)ctsio);
6931	return (CTL_RETVAL_COMPLETE);
6932}
6933
6934int
6935ctl_read_capacity(struct ctl_scsiio *ctsio)
6936{
6937	struct ctl_lun *lun = CTL_LUN(ctsio);
6938	struct scsi_read_capacity *cdb;
6939	struct scsi_read_capacity_data *data;
6940	uint32_t lba;
6941
6942	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6943
6944	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6945
6946	lba = scsi_4btoul(cdb->addr);
6947	if (((cdb->pmi & SRC_PMI) == 0)
6948	 && (lba != 0)) {
6949		ctl_set_invalid_field(/*ctsio*/ ctsio,
6950				      /*sks_valid*/ 1,
6951				      /*command*/ 1,
6952				      /*field*/ 2,
6953				      /*bit_valid*/ 0,
6954				      /*bit*/ 0);
6955		ctl_done((union ctl_io *)ctsio);
6956		return (CTL_RETVAL_COMPLETE);
6957	}
6958
6959	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6960	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6961	ctsio->kern_data_len = sizeof(*data);
6962	ctsio->kern_total_len = sizeof(*data);
6963	ctsio->kern_rel_offset = 0;
6964	ctsio->kern_sg_entries = 0;
6965
6966	/*
6967	 * If the maximum LBA is greater than 0xfffffffe, the user must
6968	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6969	 * serivce action set.
6970	 */
6971	if (lun->be_lun->maxlba > 0xfffffffe)
6972		scsi_ulto4b(0xffffffff, data->addr);
6973	else
6974		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6975
6976	/*
6977	 * XXX KDM this may not be 512 bytes...
6978	 */
6979	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6980
6981	ctl_set_success(ctsio);
6982	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6983	ctsio->be_move_done = ctl_config_move_done;
6984	ctl_datamove((union ctl_io *)ctsio);
6985	return (CTL_RETVAL_COMPLETE);
6986}
6987
6988int
6989ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6990{
6991	struct ctl_lun *lun = CTL_LUN(ctsio);
6992	struct scsi_read_capacity_16 *cdb;
6993	struct scsi_read_capacity_data_long *data;
6994	uint64_t lba;
6995	uint32_t alloc_len;
6996
6997	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6998
6999	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7000
7001	alloc_len = scsi_4btoul(cdb->alloc_len);
7002	lba = scsi_8btou64(cdb->addr);
7003
7004	if ((cdb->reladr & SRC16_PMI)
7005	 && (lba != 0)) {
7006		ctl_set_invalid_field(/*ctsio*/ ctsio,
7007				      /*sks_valid*/ 1,
7008				      /*command*/ 1,
7009				      /*field*/ 2,
7010				      /*bit_valid*/ 0,
7011				      /*bit*/ 0);
7012		ctl_done((union ctl_io *)ctsio);
7013		return (CTL_RETVAL_COMPLETE);
7014	}
7015
7016	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7017	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7018	ctsio->kern_rel_offset = 0;
7019	ctsio->kern_sg_entries = 0;
7020	ctsio->kern_data_len = min(sizeof(*data), alloc_len);
7021	ctsio->kern_total_len = ctsio->kern_data_len;
7022
7023	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7024	/* XXX KDM this may not be 512 bytes... */
7025	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7026	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7027	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7028	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7029		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7030
7031	ctl_set_success(ctsio);
7032	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7033	ctsio->be_move_done = ctl_config_move_done;
7034	ctl_datamove((union ctl_io *)ctsio);
7035	return (CTL_RETVAL_COMPLETE);
7036}
7037
7038int
7039ctl_get_lba_status(struct ctl_scsiio *ctsio)
7040{
7041	struct ctl_lun *lun = CTL_LUN(ctsio);
7042	struct scsi_get_lba_status *cdb;
7043	struct scsi_get_lba_status_data *data;
7044	struct ctl_lba_len_flags *lbalen;
7045	uint64_t lba;
7046	uint32_t alloc_len, total_len;
7047	int retval;
7048
7049	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7050
7051	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7052	lba = scsi_8btou64(cdb->addr);
7053	alloc_len = scsi_4btoul(cdb->alloc_len);
7054
7055	if (lba > lun->be_lun->maxlba) {
7056		ctl_set_lba_out_of_range(ctsio, lba);
7057		ctl_done((union ctl_io *)ctsio);
7058		return (CTL_RETVAL_COMPLETE);
7059	}
7060
7061	total_len = sizeof(*data) + sizeof(data->descr[0]);
7062	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7063	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7064	ctsio->kern_rel_offset = 0;
7065	ctsio->kern_sg_entries = 0;
7066	ctsio->kern_data_len = min(total_len, alloc_len);
7067	ctsio->kern_total_len = ctsio->kern_data_len;
7068
7069	/* Fill dummy data in case backend can't tell anything. */
7070	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7071	scsi_u64to8b(lba, data->descr[0].addr);
7072	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7073	    data->descr[0].length);
7074	data->descr[0].status = 0; /* Mapped or unknown. */
7075
7076	ctl_set_success(ctsio);
7077	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7078	ctsio->be_move_done = ctl_config_move_done;
7079
7080	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7081	lbalen->lba = lba;
7082	lbalen->len = total_len;
7083	lbalen->flags = 0;
7084	retval = lun->backend->config_read((union ctl_io *)ctsio);
7085	return (retval);
7086}
7087
7088int
7089ctl_read_defect(struct ctl_scsiio *ctsio)
7090{
7091	struct scsi_read_defect_data_10 *ccb10;
7092	struct scsi_read_defect_data_12 *ccb12;
7093	struct scsi_read_defect_data_hdr_10 *data10;
7094	struct scsi_read_defect_data_hdr_12 *data12;
7095	uint32_t alloc_len, data_len;
7096	uint8_t format;
7097
7098	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7099
7100	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7101		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7102		format = ccb10->format;
7103		alloc_len = scsi_2btoul(ccb10->alloc_length);
7104		data_len = sizeof(*data10);
7105	} else {
7106		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7107		format = ccb12->format;
7108		alloc_len = scsi_4btoul(ccb12->alloc_length);
7109		data_len = sizeof(*data12);
7110	}
7111	if (alloc_len == 0) {
7112		ctl_set_success(ctsio);
7113		ctl_done((union ctl_io *)ctsio);
7114		return (CTL_RETVAL_COMPLETE);
7115	}
7116
7117	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7118	ctsio->kern_rel_offset = 0;
7119	ctsio->kern_sg_entries = 0;
7120	ctsio->kern_data_len = min(data_len, alloc_len);
7121	ctsio->kern_total_len = ctsio->kern_data_len;
7122
7123	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7124		data10 = (struct scsi_read_defect_data_hdr_10 *)
7125		    ctsio->kern_data_ptr;
7126		data10->format = format;
7127		scsi_ulto2b(0, data10->length);
7128	} else {
7129		data12 = (struct scsi_read_defect_data_hdr_12 *)
7130		    ctsio->kern_data_ptr;
7131		data12->format = format;
7132		scsi_ulto2b(0, data12->generation);
7133		scsi_ulto4b(0, data12->length);
7134	}
7135
7136	ctl_set_success(ctsio);
7137	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7138	ctsio->be_move_done = ctl_config_move_done;
7139	ctl_datamove((union ctl_io *)ctsio);
7140	return (CTL_RETVAL_COMPLETE);
7141}
7142
7143int
7144ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7145{
7146	struct ctl_softc *softc = CTL_SOFTC(ctsio);
7147	struct ctl_lun *lun = CTL_LUN(ctsio);
7148	struct scsi_maintenance_in *cdb;
7149	int retval;
7150	int alloc_len, ext, total_len = 0, g, pc, pg, ts, os;
7151	int num_ha_groups, num_target_ports, shared_group;
7152	struct ctl_port *port;
7153	struct scsi_target_group_data *rtg_ptr;
7154	struct scsi_target_group_data_extended *rtg_ext_ptr;
7155	struct scsi_target_port_group_descriptor *tpg_desc;
7156
7157	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7158
7159	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7160	retval = CTL_RETVAL_COMPLETE;
7161
7162	switch (cdb->byte2 & STG_PDF_MASK) {
7163	case STG_PDF_LENGTH:
7164		ext = 0;
7165		break;
7166	case STG_PDF_EXTENDED:
7167		ext = 1;
7168		break;
7169	default:
7170		ctl_set_invalid_field(/*ctsio*/ ctsio,
7171				      /*sks_valid*/ 1,
7172				      /*command*/ 1,
7173				      /*field*/ 2,
7174				      /*bit_valid*/ 1,
7175				      /*bit*/ 5);
7176		ctl_done((union ctl_io *)ctsio);
7177		return(retval);
7178	}
7179
7180	num_target_ports = 0;
7181	shared_group = (softc->is_single != 0);
7182	mtx_lock(&softc->ctl_lock);
7183	STAILQ_FOREACH(port, &softc->port_list, links) {
7184		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7185			continue;
7186		if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7187			continue;
7188		num_target_ports++;
7189		if (port->status & CTL_PORT_STATUS_HA_SHARED)
7190			shared_group = 1;
7191	}
7192	mtx_unlock(&softc->ctl_lock);
7193	num_ha_groups = (softc->is_single) ? 0 : NUM_HA_SHELVES;
7194
7195	if (ext)
7196		total_len = sizeof(struct scsi_target_group_data_extended);
7197	else
7198		total_len = sizeof(struct scsi_target_group_data);
7199	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7200		(shared_group + num_ha_groups) +
7201	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7202
7203	alloc_len = scsi_4btoul(cdb->length);
7204
7205	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7206	ctsio->kern_sg_entries = 0;
7207	ctsio->kern_rel_offset = 0;
7208	ctsio->kern_data_len = min(total_len, alloc_len);
7209	ctsio->kern_total_len = ctsio->kern_data_len;
7210
7211	if (ext) {
7212		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7213		    ctsio->kern_data_ptr;
7214		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7215		rtg_ext_ptr->format_type = 0x10;
7216		rtg_ext_ptr->implicit_transition_time = 0;
7217		tpg_desc = &rtg_ext_ptr->groups[0];
7218	} else {
7219		rtg_ptr = (struct scsi_target_group_data *)
7220		    ctsio->kern_data_ptr;
7221		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7222		tpg_desc = &rtg_ptr->groups[0];
7223	}
7224
7225	mtx_lock(&softc->ctl_lock);
7226	pg = softc->port_min / softc->port_cnt;
7227	if (lun->flags & (CTL_LUN_PRIMARY_SC | CTL_LUN_PEER_SC_PRIMARY)) {
7228		/* Some shelf is known to be primary. */
7229		if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7230			os = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7231		else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7232			os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7233		else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7234			os = TPG_ASYMMETRIC_ACCESS_STANDBY;
7235		else
7236			os = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7237		if (lun->flags & CTL_LUN_PRIMARY_SC) {
7238			ts = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7239		} else {
7240			ts = os;
7241			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7242		}
7243	} else {
7244		/* No known primary shelf. */
7245		if (softc->ha_link == CTL_HA_LINK_OFFLINE) {
7246			ts = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7247			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7248		} else if (softc->ha_link == CTL_HA_LINK_UNKNOWN) {
7249			ts = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7250			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7251		} else {
7252			ts = os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7253		}
7254	}
7255	if (shared_group) {
7256		tpg_desc->pref_state = ts;
7257		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7258		    TPG_U_SUP | TPG_T_SUP;
7259		scsi_ulto2b(1, tpg_desc->target_port_group);
7260		tpg_desc->status = TPG_IMPLICIT;
7261		pc = 0;
7262		STAILQ_FOREACH(port, &softc->port_list, links) {
7263			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7264				continue;
7265			if (!softc->is_single &&
7266			    (port->status & CTL_PORT_STATUS_HA_SHARED) == 0)
7267				continue;
7268			if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7269				continue;
7270			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7271			    relative_target_port_identifier);
7272			pc++;
7273		}
7274		tpg_desc->target_port_count = pc;
7275		tpg_desc = (struct scsi_target_port_group_descriptor *)
7276		    &tpg_desc->descriptors[pc];
7277	}
7278	for (g = 0; g < num_ha_groups; g++) {
7279		tpg_desc->pref_state = (g == pg) ? ts : os;
7280		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7281		    TPG_U_SUP | TPG_T_SUP;
7282		scsi_ulto2b(2 + g, tpg_desc->target_port_group);
7283		tpg_desc->status = TPG_IMPLICIT;
7284		pc = 0;
7285		STAILQ_FOREACH(port, &softc->port_list, links) {
7286			if (port->targ_port < g * softc->port_cnt ||
7287			    port->targ_port >= (g + 1) * softc->port_cnt)
7288				continue;
7289			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7290				continue;
7291			if (port->status & CTL_PORT_STATUS_HA_SHARED)
7292				continue;
7293			if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7294				continue;
7295			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7296			    relative_target_port_identifier);
7297			pc++;
7298		}
7299		tpg_desc->target_port_count = pc;
7300		tpg_desc = (struct scsi_target_port_group_descriptor *)
7301		    &tpg_desc->descriptors[pc];
7302	}
7303	mtx_unlock(&softc->ctl_lock);
7304
7305	ctl_set_success(ctsio);
7306	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7307	ctsio->be_move_done = ctl_config_move_done;
7308	ctl_datamove((union ctl_io *)ctsio);
7309	return(retval);
7310}
7311
7312int
7313ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7314{
7315	struct ctl_lun *lun = CTL_LUN(ctsio);
7316	struct scsi_report_supported_opcodes *cdb;
7317	const struct ctl_cmd_entry *entry, *sentry;
7318	struct scsi_report_supported_opcodes_all *all;
7319	struct scsi_report_supported_opcodes_descr *descr;
7320	struct scsi_report_supported_opcodes_one *one;
7321	int retval;
7322	int alloc_len, total_len;
7323	int opcode, service_action, i, j, num;
7324
7325	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7326
7327	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7328	retval = CTL_RETVAL_COMPLETE;
7329
7330	opcode = cdb->requested_opcode;
7331	service_action = scsi_2btoul(cdb->requested_service_action);
7332	switch (cdb->options & RSO_OPTIONS_MASK) {
7333	case RSO_OPTIONS_ALL:
7334		num = 0;
7335		for (i = 0; i < 256; i++) {
7336			entry = &ctl_cmd_table[i];
7337			if (entry->flags & CTL_CMD_FLAG_SA5) {
7338				for (j = 0; j < 32; j++) {
7339					sentry = &((const struct ctl_cmd_entry *)
7340					    entry->execute)[j];
7341					if (ctl_cmd_applicable(
7342					    lun->be_lun->lun_type, sentry))
7343						num++;
7344				}
7345			} else {
7346				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7347				    entry))
7348					num++;
7349			}
7350		}
7351		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7352		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7353		break;
7354	case RSO_OPTIONS_OC:
7355		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7356			ctl_set_invalid_field(/*ctsio*/ ctsio,
7357					      /*sks_valid*/ 1,
7358					      /*command*/ 1,
7359					      /*field*/ 2,
7360					      /*bit_valid*/ 1,
7361					      /*bit*/ 2);
7362			ctl_done((union ctl_io *)ctsio);
7363			return (CTL_RETVAL_COMPLETE);
7364		}
7365		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7366		break;
7367	case RSO_OPTIONS_OC_SA:
7368		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7369		    service_action >= 32) {
7370			ctl_set_invalid_field(/*ctsio*/ ctsio,
7371					      /*sks_valid*/ 1,
7372					      /*command*/ 1,
7373					      /*field*/ 2,
7374					      /*bit_valid*/ 1,
7375					      /*bit*/ 2);
7376			ctl_done((union ctl_io *)ctsio);
7377			return (CTL_RETVAL_COMPLETE);
7378		}
7379		/* FALLTHROUGH */
7380	case RSO_OPTIONS_OC_ASA:
7381		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7382		break;
7383	default:
7384		ctl_set_invalid_field(/*ctsio*/ ctsio,
7385				      /*sks_valid*/ 1,
7386				      /*command*/ 1,
7387				      /*field*/ 2,
7388				      /*bit_valid*/ 1,
7389				      /*bit*/ 2);
7390		ctl_done((union ctl_io *)ctsio);
7391		return (CTL_RETVAL_COMPLETE);
7392	}
7393
7394	alloc_len = scsi_4btoul(cdb->length);
7395
7396	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7397	ctsio->kern_sg_entries = 0;
7398	ctsio->kern_rel_offset = 0;
7399	ctsio->kern_data_len = min(total_len, alloc_len);
7400	ctsio->kern_total_len = ctsio->kern_data_len;
7401
7402	switch (cdb->options & RSO_OPTIONS_MASK) {
7403	case RSO_OPTIONS_ALL:
7404		all = (struct scsi_report_supported_opcodes_all *)
7405		    ctsio->kern_data_ptr;
7406		num = 0;
7407		for (i = 0; i < 256; i++) {
7408			entry = &ctl_cmd_table[i];
7409			if (entry->flags & CTL_CMD_FLAG_SA5) {
7410				for (j = 0; j < 32; j++) {
7411					sentry = &((const struct ctl_cmd_entry *)
7412					    entry->execute)[j];
7413					if (!ctl_cmd_applicable(
7414					    lun->be_lun->lun_type, sentry))
7415						continue;
7416					descr = &all->descr[num++];
7417					descr->opcode = i;
7418					scsi_ulto2b(j, descr->service_action);
7419					descr->flags = RSO_SERVACTV;
7420					scsi_ulto2b(sentry->length,
7421					    descr->cdb_length);
7422				}
7423			} else {
7424				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7425				    entry))
7426					continue;
7427				descr = &all->descr[num++];
7428				descr->opcode = i;
7429				scsi_ulto2b(0, descr->service_action);
7430				descr->flags = 0;
7431				scsi_ulto2b(entry->length, descr->cdb_length);
7432			}
7433		}
7434		scsi_ulto4b(
7435		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7436		    all->length);
7437		break;
7438	case RSO_OPTIONS_OC:
7439		one = (struct scsi_report_supported_opcodes_one *)
7440		    ctsio->kern_data_ptr;
7441		entry = &ctl_cmd_table[opcode];
7442		goto fill_one;
7443	case RSO_OPTIONS_OC_SA:
7444		one = (struct scsi_report_supported_opcodes_one *)
7445		    ctsio->kern_data_ptr;
7446		entry = &ctl_cmd_table[opcode];
7447		entry = &((const struct ctl_cmd_entry *)
7448		    entry->execute)[service_action];
7449fill_one:
7450		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7451			one->support = 3;
7452			scsi_ulto2b(entry->length, one->cdb_length);
7453			one->cdb_usage[0] = opcode;
7454			memcpy(&one->cdb_usage[1], entry->usage,
7455			    entry->length - 1);
7456		} else
7457			one->support = 1;
7458		break;
7459	case RSO_OPTIONS_OC_ASA:
7460		one = (struct scsi_report_supported_opcodes_one *)
7461		    ctsio->kern_data_ptr;
7462		entry = &ctl_cmd_table[opcode];
7463		if (entry->flags & CTL_CMD_FLAG_SA5) {
7464			entry = &((const struct ctl_cmd_entry *)
7465			    entry->execute)[service_action];
7466		} else if (service_action != 0) {
7467			one->support = 1;
7468			break;
7469		}
7470		goto fill_one;
7471	}
7472
7473	ctl_set_success(ctsio);
7474	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7475	ctsio->be_move_done = ctl_config_move_done;
7476	ctl_datamove((union ctl_io *)ctsio);
7477	return(retval);
7478}
7479
7480int
7481ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7482{
7483	struct scsi_report_supported_tmf *cdb;
7484	struct scsi_report_supported_tmf_ext_data *data;
7485	int retval;
7486	int alloc_len, total_len;
7487
7488	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7489
7490	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7491
7492	retval = CTL_RETVAL_COMPLETE;
7493
7494	if (cdb->options & RST_REPD)
7495		total_len = sizeof(struct scsi_report_supported_tmf_ext_data);
7496	else
7497		total_len = sizeof(struct scsi_report_supported_tmf_data);
7498	alloc_len = scsi_4btoul(cdb->length);
7499
7500	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7501	ctsio->kern_sg_entries = 0;
7502	ctsio->kern_rel_offset = 0;
7503	ctsio->kern_data_len = min(total_len, alloc_len);
7504	ctsio->kern_total_len = ctsio->kern_data_len;
7505
7506	data = (struct scsi_report_supported_tmf_ext_data *)ctsio->kern_data_ptr;
7507	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7508	    RST_TRS;
7509	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7510	data->length = total_len - 4;
7511
7512	ctl_set_success(ctsio);
7513	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7514	ctsio->be_move_done = ctl_config_move_done;
7515	ctl_datamove((union ctl_io *)ctsio);
7516	return (retval);
7517}
7518
7519int
7520ctl_report_timestamp(struct ctl_scsiio *ctsio)
7521{
7522	struct scsi_report_timestamp *cdb;
7523	struct scsi_report_timestamp_data *data;
7524	struct timeval tv;
7525	int64_t timestamp;
7526	int retval;
7527	int alloc_len, total_len;
7528
7529	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7530
7531	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7532
7533	retval = CTL_RETVAL_COMPLETE;
7534
7535	total_len = sizeof(struct scsi_report_timestamp_data);
7536	alloc_len = scsi_4btoul(cdb->length);
7537
7538	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7539	ctsio->kern_sg_entries = 0;
7540	ctsio->kern_rel_offset = 0;
7541	ctsio->kern_data_len = min(total_len, alloc_len);
7542	ctsio->kern_total_len = ctsio->kern_data_len;
7543
7544	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7545	scsi_ulto2b(sizeof(*data) - 2, data->length);
7546	data->origin = RTS_ORIG_OUTSIDE;
7547	getmicrotime(&tv);
7548	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7549	scsi_ulto4b(timestamp >> 16, data->timestamp);
7550	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7551
7552	ctl_set_success(ctsio);
7553	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7554	ctsio->be_move_done = ctl_config_move_done;
7555	ctl_datamove((union ctl_io *)ctsio);
7556	return (retval);
7557}
7558
7559int
7560ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7561{
7562	struct ctl_softc *softc = CTL_SOFTC(ctsio);
7563	struct ctl_lun *lun = CTL_LUN(ctsio);
7564	struct scsi_per_res_in *cdb;
7565	int alloc_len, total_len = 0;
7566	/* struct scsi_per_res_in_rsrv in_data; */
7567	uint64_t key;
7568
7569	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7570
7571	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7572
7573	alloc_len = scsi_2btoul(cdb->length);
7574
7575retry:
7576	mtx_lock(&lun->lun_lock);
7577	switch (cdb->action) {
7578	case SPRI_RK: /* read keys */
7579		total_len = sizeof(struct scsi_per_res_in_keys) +
7580			lun->pr_key_count *
7581			sizeof(struct scsi_per_res_key);
7582		break;
7583	case SPRI_RR: /* read reservation */
7584		if (lun->flags & CTL_LUN_PR_RESERVED)
7585			total_len = sizeof(struct scsi_per_res_in_rsrv);
7586		else
7587			total_len = sizeof(struct scsi_per_res_in_header);
7588		break;
7589	case SPRI_RC: /* report capabilities */
7590		total_len = sizeof(struct scsi_per_res_cap);
7591		break;
7592	case SPRI_RS: /* read full status */
7593		total_len = sizeof(struct scsi_per_res_in_header) +
7594		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7595		    lun->pr_key_count;
7596		break;
7597	default:
7598		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7599	}
7600	mtx_unlock(&lun->lun_lock);
7601
7602	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7603	ctsio->kern_rel_offset = 0;
7604	ctsio->kern_sg_entries = 0;
7605	ctsio->kern_data_len = min(total_len, alloc_len);
7606	ctsio->kern_total_len = ctsio->kern_data_len;
7607
7608	mtx_lock(&lun->lun_lock);
7609	switch (cdb->action) {
7610	case SPRI_RK: { // read keys
7611        struct scsi_per_res_in_keys *res_keys;
7612		int i, key_count;
7613
7614		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7615
7616		/*
7617		 * We had to drop the lock to allocate our buffer, which
7618		 * leaves time for someone to come in with another
7619		 * persistent reservation.  (That is unlikely, though,
7620		 * since this should be the only persistent reservation
7621		 * command active right now.)
7622		 */
7623		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7624		    (lun->pr_key_count *
7625		     sizeof(struct scsi_per_res_key)))){
7626			mtx_unlock(&lun->lun_lock);
7627			free(ctsio->kern_data_ptr, M_CTL);
7628			printf("%s: reservation length changed, retrying\n",
7629			       __func__);
7630			goto retry;
7631		}
7632
7633		scsi_ulto4b(lun->pr_generation, res_keys->header.generation);
7634
7635		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7636			     lun->pr_key_count, res_keys->header.length);
7637
7638		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7639			if ((key = ctl_get_prkey(lun, i)) == 0)
7640				continue;
7641
7642			/*
7643			 * We used lun->pr_key_count to calculate the
7644			 * size to allocate.  If it turns out the number of
7645			 * initiators with the registered flag set is
7646			 * larger than that (i.e. they haven't been kept in
7647			 * sync), we've got a problem.
7648			 */
7649			if (key_count >= lun->pr_key_count) {
7650				key_count++;
7651				continue;
7652			}
7653			scsi_u64to8b(key, res_keys->keys[key_count].key);
7654			key_count++;
7655		}
7656		break;
7657	}
7658	case SPRI_RR: { // read reservation
7659		struct scsi_per_res_in_rsrv *res;
7660		int tmp_len, header_only;
7661
7662		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7663
7664		scsi_ulto4b(lun->pr_generation, res->header.generation);
7665
7666		if (lun->flags & CTL_LUN_PR_RESERVED)
7667		{
7668			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7669			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7670				    res->header.length);
7671			header_only = 0;
7672		} else {
7673			tmp_len = sizeof(struct scsi_per_res_in_header);
7674			scsi_ulto4b(0, res->header.length);
7675			header_only = 1;
7676		}
7677
7678		/*
7679		 * We had to drop the lock to allocate our buffer, which
7680		 * leaves time for someone to come in with another
7681		 * persistent reservation.  (That is unlikely, though,
7682		 * since this should be the only persistent reservation
7683		 * command active right now.)
7684		 */
7685		if (tmp_len != total_len) {
7686			mtx_unlock(&lun->lun_lock);
7687			free(ctsio->kern_data_ptr, M_CTL);
7688			printf("%s: reservation status changed, retrying\n",
7689			       __func__);
7690			goto retry;
7691		}
7692
7693		/*
7694		 * No reservation held, so we're done.
7695		 */
7696		if (header_only != 0)
7697			break;
7698
7699		/*
7700		 * If the registration is an All Registrants type, the key
7701		 * is 0, since it doesn't really matter.
7702		 */
7703		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7704			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7705			    res->data.reservation);
7706		}
7707		res->data.scopetype = lun->pr_res_type;
7708		break;
7709	}
7710	case SPRI_RC:     //report capabilities
7711	{
7712		struct scsi_per_res_cap *res_cap;
7713		uint16_t type_mask;
7714
7715		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7716		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7717		res_cap->flags1 = SPRI_CRH;
7718		res_cap->flags2 = SPRI_TMV | SPRI_ALLOW_5;
7719		type_mask = SPRI_TM_WR_EX_AR |
7720			    SPRI_TM_EX_AC_RO |
7721			    SPRI_TM_WR_EX_RO |
7722			    SPRI_TM_EX_AC |
7723			    SPRI_TM_WR_EX |
7724			    SPRI_TM_EX_AC_AR;
7725		scsi_ulto2b(type_mask, res_cap->type_mask);
7726		break;
7727	}
7728	case SPRI_RS: { // read full status
7729		struct scsi_per_res_in_full *res_status;
7730		struct scsi_per_res_in_full_desc *res_desc;
7731		struct ctl_port *port;
7732		int i, len;
7733
7734		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7735
7736		/*
7737		 * We had to drop the lock to allocate our buffer, which
7738		 * leaves time for someone to come in with another
7739		 * persistent reservation.  (That is unlikely, though,
7740		 * since this should be the only persistent reservation
7741		 * command active right now.)
7742		 */
7743		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7744		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7745		     lun->pr_key_count)){
7746			mtx_unlock(&lun->lun_lock);
7747			free(ctsio->kern_data_ptr, M_CTL);
7748			printf("%s: reservation length changed, retrying\n",
7749			       __func__);
7750			goto retry;
7751		}
7752
7753		scsi_ulto4b(lun->pr_generation, res_status->header.generation);
7754
7755		res_desc = &res_status->desc[0];
7756		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7757			if ((key = ctl_get_prkey(lun, i)) == 0)
7758				continue;
7759
7760			scsi_u64to8b(key, res_desc->res_key.key);
7761			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7762			    (lun->pr_res_idx == i ||
7763			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7764				res_desc->flags = SPRI_FULL_R_HOLDER;
7765				res_desc->scopetype = lun->pr_res_type;
7766			}
7767			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7768			    res_desc->rel_trgt_port_id);
7769			len = 0;
7770			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7771			if (port != NULL)
7772				len = ctl_create_iid(port,
7773				    i % CTL_MAX_INIT_PER_PORT,
7774				    res_desc->transport_id);
7775			scsi_ulto4b(len, res_desc->additional_length);
7776			res_desc = (struct scsi_per_res_in_full_desc *)
7777			    &res_desc->transport_id[len];
7778		}
7779		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7780		    res_status->header.length);
7781		break;
7782	}
7783	default:
7784		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7785	}
7786	mtx_unlock(&lun->lun_lock);
7787
7788	ctl_set_success(ctsio);
7789	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7790	ctsio->be_move_done = ctl_config_move_done;
7791	ctl_datamove((union ctl_io *)ctsio);
7792	return (CTL_RETVAL_COMPLETE);
7793}
7794
7795/*
7796 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7797 * it should return.
7798 */
7799static int
7800ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7801		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7802		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7803		struct scsi_per_res_out_parms* param)
7804{
7805	union ctl_ha_msg persis_io;
7806	int i;
7807
7808	mtx_lock(&lun->lun_lock);
7809	if (sa_res_key == 0) {
7810		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7811			/* validate scope and type */
7812			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7813			     SPR_LU_SCOPE) {
7814				mtx_unlock(&lun->lun_lock);
7815				ctl_set_invalid_field(/*ctsio*/ ctsio,
7816						      /*sks_valid*/ 1,
7817						      /*command*/ 1,
7818						      /*field*/ 2,
7819						      /*bit_valid*/ 1,
7820						      /*bit*/ 4);
7821				ctl_done((union ctl_io *)ctsio);
7822				return (1);
7823			}
7824
7825		        if (type>8 || type==2 || type==4 || type==0) {
7826				mtx_unlock(&lun->lun_lock);
7827				ctl_set_invalid_field(/*ctsio*/ ctsio,
7828       	           				      /*sks_valid*/ 1,
7829						      /*command*/ 1,
7830						      /*field*/ 2,
7831						      /*bit_valid*/ 1,
7832						      /*bit*/ 0);
7833				ctl_done((union ctl_io *)ctsio);
7834				return (1);
7835		        }
7836
7837			/*
7838			 * Unregister everybody else and build UA for
7839			 * them
7840			 */
7841			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7842				if (i == residx || ctl_get_prkey(lun, i) == 0)
7843					continue;
7844
7845				ctl_clr_prkey(lun, i);
7846				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7847			}
7848			lun->pr_key_count = 1;
7849			lun->pr_res_type = type;
7850			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7851			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7852				lun->pr_res_idx = residx;
7853			lun->pr_generation++;
7854			mtx_unlock(&lun->lun_lock);
7855
7856			/* send msg to other side */
7857			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7858			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7859			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7860			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7861			persis_io.pr.pr_info.res_type = type;
7862			memcpy(persis_io.pr.pr_info.sa_res_key,
7863			       param->serv_act_res_key,
7864			       sizeof(param->serv_act_res_key));
7865			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7866			    sizeof(persis_io.pr), M_WAITOK);
7867		} else {
7868			/* not all registrants */
7869			mtx_unlock(&lun->lun_lock);
7870			free(ctsio->kern_data_ptr, M_CTL);
7871			ctl_set_invalid_field(ctsio,
7872					      /*sks_valid*/ 1,
7873					      /*command*/ 0,
7874					      /*field*/ 8,
7875					      /*bit_valid*/ 0,
7876					      /*bit*/ 0);
7877			ctl_done((union ctl_io *)ctsio);
7878			return (1);
7879		}
7880	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7881		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7882		int found = 0;
7883
7884		if (res_key == sa_res_key) {
7885			/* special case */
7886			/*
7887			 * The spec implies this is not good but doesn't
7888			 * say what to do. There are two choices either
7889			 * generate a res conflict or check condition
7890			 * with illegal field in parameter data. Since
7891			 * that is what is done when the sa_res_key is
7892			 * zero I'll take that approach since this has
7893			 * to do with the sa_res_key.
7894			 */
7895			mtx_unlock(&lun->lun_lock);
7896			free(ctsio->kern_data_ptr, M_CTL);
7897			ctl_set_invalid_field(ctsio,
7898					      /*sks_valid*/ 1,
7899					      /*command*/ 0,
7900					      /*field*/ 8,
7901					      /*bit_valid*/ 0,
7902					      /*bit*/ 0);
7903			ctl_done((union ctl_io *)ctsio);
7904			return (1);
7905		}
7906
7907		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7908			if (ctl_get_prkey(lun, i) != sa_res_key)
7909				continue;
7910
7911			found = 1;
7912			ctl_clr_prkey(lun, i);
7913			lun->pr_key_count--;
7914			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7915		}
7916		if (!found) {
7917			mtx_unlock(&lun->lun_lock);
7918			free(ctsio->kern_data_ptr, M_CTL);
7919			ctl_set_reservation_conflict(ctsio);
7920			ctl_done((union ctl_io *)ctsio);
7921			return (CTL_RETVAL_COMPLETE);
7922		}
7923		lun->pr_generation++;
7924		mtx_unlock(&lun->lun_lock);
7925
7926		/* send msg to other side */
7927		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7928		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7929		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7930		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7931		persis_io.pr.pr_info.res_type = type;
7932		memcpy(persis_io.pr.pr_info.sa_res_key,
7933		       param->serv_act_res_key,
7934		       sizeof(param->serv_act_res_key));
7935		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7936		    sizeof(persis_io.pr), M_WAITOK);
7937	} else {
7938		/* Reserved but not all registrants */
7939		/* sa_res_key is res holder */
7940		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7941			/* validate scope and type */
7942			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7943			     SPR_LU_SCOPE) {
7944				mtx_unlock(&lun->lun_lock);
7945				ctl_set_invalid_field(/*ctsio*/ ctsio,
7946						      /*sks_valid*/ 1,
7947						      /*command*/ 1,
7948						      /*field*/ 2,
7949						      /*bit_valid*/ 1,
7950						      /*bit*/ 4);
7951				ctl_done((union ctl_io *)ctsio);
7952				return (1);
7953			}
7954
7955			if (type>8 || type==2 || type==4 || type==0) {
7956				mtx_unlock(&lun->lun_lock);
7957				ctl_set_invalid_field(/*ctsio*/ ctsio,
7958						      /*sks_valid*/ 1,
7959						      /*command*/ 1,
7960						      /*field*/ 2,
7961						      /*bit_valid*/ 1,
7962						      /*bit*/ 0);
7963				ctl_done((union ctl_io *)ctsio);
7964				return (1);
7965			}
7966
7967			/*
7968			 * Do the following:
7969			 * if sa_res_key != res_key remove all
7970			 * registrants w/sa_res_key and generate UA
7971			 * for these registrants(Registrations
7972			 * Preempted) if it wasn't an exclusive
7973			 * reservation generate UA(Reservations
7974			 * Preempted) for all other registered nexuses
7975			 * if the type has changed. Establish the new
7976			 * reservation and holder. If res_key and
7977			 * sa_res_key are the same do the above
7978			 * except don't unregister the res holder.
7979			 */
7980
7981			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7982				if (i == residx || ctl_get_prkey(lun, i) == 0)
7983					continue;
7984
7985				if (sa_res_key == ctl_get_prkey(lun, i)) {
7986					ctl_clr_prkey(lun, i);
7987					lun->pr_key_count--;
7988					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7989				} else if (type != lun->pr_res_type &&
7990				    (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
7991				     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
7992					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7993				}
7994			}
7995			lun->pr_res_type = type;
7996			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7997			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7998				lun->pr_res_idx = residx;
7999			else
8000				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8001			lun->pr_generation++;
8002			mtx_unlock(&lun->lun_lock);
8003
8004			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8005			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8006			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8007			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8008			persis_io.pr.pr_info.res_type = type;
8009			memcpy(persis_io.pr.pr_info.sa_res_key,
8010			       param->serv_act_res_key,
8011			       sizeof(param->serv_act_res_key));
8012			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8013			    sizeof(persis_io.pr), M_WAITOK);
8014		} else {
8015			/*
8016			 * sa_res_key is not the res holder just
8017			 * remove registrants
8018			 */
8019			int found=0;
8020
8021			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8022				if (sa_res_key != ctl_get_prkey(lun, i))
8023					continue;
8024
8025				found = 1;
8026				ctl_clr_prkey(lun, i);
8027				lun->pr_key_count--;
8028				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8029			}
8030
8031			if (!found) {
8032				mtx_unlock(&lun->lun_lock);
8033				free(ctsio->kern_data_ptr, M_CTL);
8034				ctl_set_reservation_conflict(ctsio);
8035				ctl_done((union ctl_io *)ctsio);
8036		        	return (1);
8037			}
8038			lun->pr_generation++;
8039			mtx_unlock(&lun->lun_lock);
8040
8041			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8042			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8043			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8044			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8045			persis_io.pr.pr_info.res_type = type;
8046			memcpy(persis_io.pr.pr_info.sa_res_key,
8047			       param->serv_act_res_key,
8048			       sizeof(param->serv_act_res_key));
8049			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8050			    sizeof(persis_io.pr), M_WAITOK);
8051		}
8052	}
8053	return (0);
8054}
8055
8056static void
8057ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8058{
8059	uint64_t sa_res_key;
8060	int i;
8061
8062	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8063
8064	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8065	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8066	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8067		if (sa_res_key == 0) {
8068			/*
8069			 * Unregister everybody else and build UA for
8070			 * them
8071			 */
8072			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8073				if (i == msg->pr.pr_info.residx ||
8074				    ctl_get_prkey(lun, i) == 0)
8075					continue;
8076
8077				ctl_clr_prkey(lun, i);
8078				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8079			}
8080
8081			lun->pr_key_count = 1;
8082			lun->pr_res_type = msg->pr.pr_info.res_type;
8083			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8084			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8085				lun->pr_res_idx = msg->pr.pr_info.residx;
8086		} else {
8087		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8088				if (sa_res_key == ctl_get_prkey(lun, i))
8089					continue;
8090
8091				ctl_clr_prkey(lun, i);
8092				lun->pr_key_count--;
8093				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8094			}
8095		}
8096	} else {
8097		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8098			if (i == msg->pr.pr_info.residx ||
8099			    ctl_get_prkey(lun, i) == 0)
8100				continue;
8101
8102			if (sa_res_key == ctl_get_prkey(lun, i)) {
8103				ctl_clr_prkey(lun, i);
8104				lun->pr_key_count--;
8105				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8106			} else if (msg->pr.pr_info.res_type != lun->pr_res_type
8107			    && (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8108			     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
8109				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8110			}
8111		}
8112		lun->pr_res_type = msg->pr.pr_info.res_type;
8113		if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8114		    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8115			lun->pr_res_idx = msg->pr.pr_info.residx;
8116		else
8117			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8118	}
8119	lun->pr_generation++;
8120
8121}
8122
8123
8124int
8125ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8126{
8127	struct ctl_softc *softc = CTL_SOFTC(ctsio);
8128	struct ctl_lun *lun = CTL_LUN(ctsio);
8129	int retval;
8130	u_int32_t param_len;
8131	struct scsi_per_res_out *cdb;
8132	struct scsi_per_res_out_parms* param;
8133	uint32_t residx;
8134	uint64_t res_key, sa_res_key, key;
8135	uint8_t type;
8136	union ctl_ha_msg persis_io;
8137	int    i;
8138
8139	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8140
8141	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8142	retval = CTL_RETVAL_COMPLETE;
8143
8144	/*
8145	 * We only support whole-LUN scope.  The scope & type are ignored for
8146	 * register, register and ignore existing key and clear.
8147	 * We sometimes ignore scope and type on preempts too!!
8148	 * Verify reservation type here as well.
8149	 */
8150	type = cdb->scope_type & SPR_TYPE_MASK;
8151	if ((cdb->action == SPRO_RESERVE)
8152	 || (cdb->action == SPRO_RELEASE)) {
8153		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8154			ctl_set_invalid_field(/*ctsio*/ ctsio,
8155					      /*sks_valid*/ 1,
8156					      /*command*/ 1,
8157					      /*field*/ 2,
8158					      /*bit_valid*/ 1,
8159					      /*bit*/ 4);
8160			ctl_done((union ctl_io *)ctsio);
8161			return (CTL_RETVAL_COMPLETE);
8162		}
8163
8164		if (type>8 || type==2 || type==4 || type==0) {
8165			ctl_set_invalid_field(/*ctsio*/ ctsio,
8166					      /*sks_valid*/ 1,
8167					      /*command*/ 1,
8168					      /*field*/ 2,
8169					      /*bit_valid*/ 1,
8170					      /*bit*/ 0);
8171			ctl_done((union ctl_io *)ctsio);
8172			return (CTL_RETVAL_COMPLETE);
8173		}
8174	}
8175
8176	param_len = scsi_4btoul(cdb->length);
8177
8178	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8179		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8180		ctsio->kern_data_len = param_len;
8181		ctsio->kern_total_len = param_len;
8182		ctsio->kern_rel_offset = 0;
8183		ctsio->kern_sg_entries = 0;
8184		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8185		ctsio->be_move_done = ctl_config_move_done;
8186		ctl_datamove((union ctl_io *)ctsio);
8187
8188		return (CTL_RETVAL_COMPLETE);
8189	}
8190
8191	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8192
8193	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8194	res_key = scsi_8btou64(param->res_key.key);
8195	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8196
8197	/*
8198	 * Validate the reservation key here except for SPRO_REG_IGNO
8199	 * This must be done for all other service actions
8200	 */
8201	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8202		mtx_lock(&lun->lun_lock);
8203		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8204			if (res_key != key) {
8205				/*
8206				 * The current key passed in doesn't match
8207				 * the one the initiator previously
8208				 * registered.
8209				 */
8210				mtx_unlock(&lun->lun_lock);
8211				free(ctsio->kern_data_ptr, M_CTL);
8212				ctl_set_reservation_conflict(ctsio);
8213				ctl_done((union ctl_io *)ctsio);
8214				return (CTL_RETVAL_COMPLETE);
8215			}
8216		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8217			/*
8218			 * We are not registered
8219			 */
8220			mtx_unlock(&lun->lun_lock);
8221			free(ctsio->kern_data_ptr, M_CTL);
8222			ctl_set_reservation_conflict(ctsio);
8223			ctl_done((union ctl_io *)ctsio);
8224			return (CTL_RETVAL_COMPLETE);
8225		} else if (res_key != 0) {
8226			/*
8227			 * We are not registered and trying to register but
8228			 * the register key isn't zero.
8229			 */
8230			mtx_unlock(&lun->lun_lock);
8231			free(ctsio->kern_data_ptr, M_CTL);
8232			ctl_set_reservation_conflict(ctsio);
8233			ctl_done((union ctl_io *)ctsio);
8234			return (CTL_RETVAL_COMPLETE);
8235		}
8236		mtx_unlock(&lun->lun_lock);
8237	}
8238
8239	switch (cdb->action & SPRO_ACTION_MASK) {
8240	case SPRO_REGISTER:
8241	case SPRO_REG_IGNO: {
8242
8243		/*
8244		 * We don't support any of these options, as we report in
8245		 * the read capabilities request (see
8246		 * ctl_persistent_reserve_in(), above).
8247		 */
8248		if ((param->flags & SPR_SPEC_I_PT)
8249		 || (param->flags & SPR_ALL_TG_PT)
8250		 || (param->flags & SPR_APTPL)) {
8251			int bit_ptr;
8252
8253			if (param->flags & SPR_APTPL)
8254				bit_ptr = 0;
8255			else if (param->flags & SPR_ALL_TG_PT)
8256				bit_ptr = 2;
8257			else /* SPR_SPEC_I_PT */
8258				bit_ptr = 3;
8259
8260			free(ctsio->kern_data_ptr, M_CTL);
8261			ctl_set_invalid_field(ctsio,
8262					      /*sks_valid*/ 1,
8263					      /*command*/ 0,
8264					      /*field*/ 20,
8265					      /*bit_valid*/ 1,
8266					      /*bit*/ bit_ptr);
8267			ctl_done((union ctl_io *)ctsio);
8268			return (CTL_RETVAL_COMPLETE);
8269		}
8270
8271		mtx_lock(&lun->lun_lock);
8272
8273		/*
8274		 * The initiator wants to clear the
8275		 * key/unregister.
8276		 */
8277		if (sa_res_key == 0) {
8278			if ((res_key == 0
8279			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8280			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8281			  && ctl_get_prkey(lun, residx) == 0)) {
8282				mtx_unlock(&lun->lun_lock);
8283				goto done;
8284			}
8285
8286			ctl_clr_prkey(lun, residx);
8287			lun->pr_key_count--;
8288
8289			if (residx == lun->pr_res_idx) {
8290				lun->flags &= ~CTL_LUN_PR_RESERVED;
8291				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8292
8293				if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8294				     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8295				    lun->pr_key_count) {
8296					/*
8297					 * If the reservation is a registrants
8298					 * only type we need to generate a UA
8299					 * for other registered inits.  The
8300					 * sense code should be RESERVATIONS
8301					 * RELEASED
8302					 */
8303
8304					for (i = softc->init_min; i < softc->init_max; i++){
8305						if (ctl_get_prkey(lun, i) == 0)
8306							continue;
8307						ctl_est_ua(lun, i,
8308						    CTL_UA_RES_RELEASE);
8309					}
8310				}
8311				lun->pr_res_type = 0;
8312			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8313				if (lun->pr_key_count==0) {
8314					lun->flags &= ~CTL_LUN_PR_RESERVED;
8315					lun->pr_res_type = 0;
8316					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8317				}
8318			}
8319			lun->pr_generation++;
8320			mtx_unlock(&lun->lun_lock);
8321
8322			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8323			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8324			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8325			persis_io.pr.pr_info.residx = residx;
8326			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8327			    sizeof(persis_io.pr), M_WAITOK);
8328		} else /* sa_res_key != 0 */ {
8329
8330			/*
8331			 * If we aren't registered currently then increment
8332			 * the key count and set the registered flag.
8333			 */
8334			ctl_alloc_prkey(lun, residx);
8335			if (ctl_get_prkey(lun, residx) == 0)
8336				lun->pr_key_count++;
8337			ctl_set_prkey(lun, residx, sa_res_key);
8338			lun->pr_generation++;
8339			mtx_unlock(&lun->lun_lock);
8340
8341			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8342			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8343			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8344			persis_io.pr.pr_info.residx = residx;
8345			memcpy(persis_io.pr.pr_info.sa_res_key,
8346			       param->serv_act_res_key,
8347			       sizeof(param->serv_act_res_key));
8348			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8349			    sizeof(persis_io.pr), M_WAITOK);
8350		}
8351
8352		break;
8353	}
8354	case SPRO_RESERVE:
8355		mtx_lock(&lun->lun_lock);
8356		if (lun->flags & CTL_LUN_PR_RESERVED) {
8357			/*
8358			 * if this isn't the reservation holder and it's
8359			 * not a "all registrants" type or if the type is
8360			 * different then we have a conflict
8361			 */
8362			if ((lun->pr_res_idx != residx
8363			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8364			 || lun->pr_res_type != type) {
8365				mtx_unlock(&lun->lun_lock);
8366				free(ctsio->kern_data_ptr, M_CTL);
8367				ctl_set_reservation_conflict(ctsio);
8368				ctl_done((union ctl_io *)ctsio);
8369				return (CTL_RETVAL_COMPLETE);
8370			}
8371			mtx_unlock(&lun->lun_lock);
8372		} else /* create a reservation */ {
8373			/*
8374			 * If it's not an "all registrants" type record
8375			 * reservation holder
8376			 */
8377			if (type != SPR_TYPE_WR_EX_AR
8378			 && type != SPR_TYPE_EX_AC_AR)
8379				lun->pr_res_idx = residx; /* Res holder */
8380			else
8381				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8382
8383			lun->flags |= CTL_LUN_PR_RESERVED;
8384			lun->pr_res_type = type;
8385
8386			mtx_unlock(&lun->lun_lock);
8387
8388			/* send msg to other side */
8389			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8390			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8391			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8392			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8393			persis_io.pr.pr_info.res_type = type;
8394			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8395			    sizeof(persis_io.pr), M_WAITOK);
8396		}
8397		break;
8398
8399	case SPRO_RELEASE:
8400		mtx_lock(&lun->lun_lock);
8401		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8402			/* No reservation exists return good status */
8403			mtx_unlock(&lun->lun_lock);
8404			goto done;
8405		}
8406		/*
8407		 * Is this nexus a reservation holder?
8408		 */
8409		if (lun->pr_res_idx != residx
8410		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8411			/*
8412			 * not a res holder return good status but
8413			 * do nothing
8414			 */
8415			mtx_unlock(&lun->lun_lock);
8416			goto done;
8417		}
8418
8419		if (lun->pr_res_type != type) {
8420			mtx_unlock(&lun->lun_lock);
8421			free(ctsio->kern_data_ptr, M_CTL);
8422			ctl_set_illegal_pr_release(ctsio);
8423			ctl_done((union ctl_io *)ctsio);
8424			return (CTL_RETVAL_COMPLETE);
8425		}
8426
8427		/* okay to release */
8428		lun->flags &= ~CTL_LUN_PR_RESERVED;
8429		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8430		lun->pr_res_type = 0;
8431
8432		/*
8433		 * If this isn't an exclusive access reservation and NUAR
8434		 * is not set, generate UA for all other registrants.
8435		 */
8436		if (type != SPR_TYPE_EX_AC && type != SPR_TYPE_WR_EX &&
8437		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8438			for (i = softc->init_min; i < softc->init_max; i++) {
8439				if (i == residx || ctl_get_prkey(lun, i) == 0)
8440					continue;
8441				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8442			}
8443		}
8444		mtx_unlock(&lun->lun_lock);
8445
8446		/* Send msg to other side */
8447		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8448		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8449		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8450		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8451		     sizeof(persis_io.pr), M_WAITOK);
8452		break;
8453
8454	case SPRO_CLEAR:
8455		/* send msg to other side */
8456
8457		mtx_lock(&lun->lun_lock);
8458		lun->flags &= ~CTL_LUN_PR_RESERVED;
8459		lun->pr_res_type = 0;
8460		lun->pr_key_count = 0;
8461		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8462
8463		ctl_clr_prkey(lun, residx);
8464		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8465			if (ctl_get_prkey(lun, i) != 0) {
8466				ctl_clr_prkey(lun, i);
8467				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8468			}
8469		lun->pr_generation++;
8470		mtx_unlock(&lun->lun_lock);
8471
8472		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8473		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8474		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8475		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8476		     sizeof(persis_io.pr), M_WAITOK);
8477		break;
8478
8479	case SPRO_PREEMPT:
8480	case SPRO_PRE_ABO: {
8481		int nretval;
8482
8483		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8484					  residx, ctsio, cdb, param);
8485		if (nretval != 0)
8486			return (CTL_RETVAL_COMPLETE);
8487		break;
8488	}
8489	default:
8490		panic("%s: Invalid PR type %#x", __func__, cdb->action);
8491	}
8492
8493done:
8494	free(ctsio->kern_data_ptr, M_CTL);
8495	ctl_set_success(ctsio);
8496	ctl_done((union ctl_io *)ctsio);
8497
8498	return (retval);
8499}
8500
8501/*
8502 * This routine is for handling a message from the other SC pertaining to
8503 * persistent reserve out. All the error checking will have been done
8504 * so only perorming the action need be done here to keep the two
8505 * in sync.
8506 */
8507static void
8508ctl_hndl_per_res_out_on_other_sc(union ctl_io *io)
8509{
8510	struct ctl_softc *softc = CTL_SOFTC(io);
8511	union ctl_ha_msg *msg = (union ctl_ha_msg *)&io->presio.pr_msg;
8512	struct ctl_lun *lun;
8513	int i;
8514	uint32_t residx, targ_lun;
8515
8516	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8517	mtx_lock(&softc->ctl_lock);
8518	if (targ_lun >= ctl_max_luns ||
8519	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
8520		mtx_unlock(&softc->ctl_lock);
8521		return;
8522	}
8523	mtx_lock(&lun->lun_lock);
8524	mtx_unlock(&softc->ctl_lock);
8525	if (lun->flags & CTL_LUN_DISABLED) {
8526		mtx_unlock(&lun->lun_lock);
8527		return;
8528	}
8529	residx = ctl_get_initindex(&msg->hdr.nexus);
8530	switch(msg->pr.pr_info.action) {
8531	case CTL_PR_REG_KEY:
8532		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8533		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8534			lun->pr_key_count++;
8535		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8536		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8537		lun->pr_generation++;
8538		break;
8539
8540	case CTL_PR_UNREG_KEY:
8541		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8542		lun->pr_key_count--;
8543
8544		/* XXX Need to see if the reservation has been released */
8545		/* if so do we need to generate UA? */
8546		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8547			lun->flags &= ~CTL_LUN_PR_RESERVED;
8548			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8549
8550			if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8551			     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8552			    lun->pr_key_count) {
8553				/*
8554				 * If the reservation is a registrants
8555				 * only type we need to generate a UA
8556				 * for other registered inits.  The
8557				 * sense code should be RESERVATIONS
8558				 * RELEASED
8559				 */
8560
8561				for (i = softc->init_min; i < softc->init_max; i++) {
8562					if (ctl_get_prkey(lun, i) == 0)
8563						continue;
8564
8565					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8566				}
8567			}
8568			lun->pr_res_type = 0;
8569		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8570			if (lun->pr_key_count==0) {
8571				lun->flags &= ~CTL_LUN_PR_RESERVED;
8572				lun->pr_res_type = 0;
8573				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8574			}
8575		}
8576		lun->pr_generation++;
8577		break;
8578
8579	case CTL_PR_RESERVE:
8580		lun->flags |= CTL_LUN_PR_RESERVED;
8581		lun->pr_res_type = msg->pr.pr_info.res_type;
8582		lun->pr_res_idx = msg->pr.pr_info.residx;
8583
8584		break;
8585
8586	case CTL_PR_RELEASE:
8587		/*
8588		 * If this isn't an exclusive access reservation and NUAR
8589		 * is not set, generate UA for all other registrants.
8590		 */
8591		if (lun->pr_res_type != SPR_TYPE_EX_AC &&
8592		    lun->pr_res_type != SPR_TYPE_WR_EX &&
8593		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8594			for (i = softc->init_min; i < softc->init_max; i++)
8595				if (i == residx || ctl_get_prkey(lun, i) == 0)
8596					continue;
8597				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8598		}
8599
8600		lun->flags &= ~CTL_LUN_PR_RESERVED;
8601		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8602		lun->pr_res_type = 0;
8603		break;
8604
8605	case CTL_PR_PREEMPT:
8606		ctl_pro_preempt_other(lun, msg);
8607		break;
8608	case CTL_PR_CLEAR:
8609		lun->flags &= ~CTL_LUN_PR_RESERVED;
8610		lun->pr_res_type = 0;
8611		lun->pr_key_count = 0;
8612		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8613
8614		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8615			if (ctl_get_prkey(lun, i) == 0)
8616				continue;
8617			ctl_clr_prkey(lun, i);
8618			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8619		}
8620		lun->pr_generation++;
8621		break;
8622	}
8623
8624	mtx_unlock(&lun->lun_lock);
8625}
8626
8627int
8628ctl_read_write(struct ctl_scsiio *ctsio)
8629{
8630	struct ctl_lun *lun = CTL_LUN(ctsio);
8631	struct ctl_lba_len_flags *lbalen;
8632	uint64_t lba;
8633	uint32_t num_blocks;
8634	int flags, retval;
8635	int isread;
8636
8637	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8638
8639	flags = 0;
8640	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8641	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8642	switch (ctsio->cdb[0]) {
8643	case READ_6:
8644	case WRITE_6: {
8645		struct scsi_rw_6 *cdb;
8646
8647		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8648
8649		lba = scsi_3btoul(cdb->addr);
8650		/* only 5 bits are valid in the most significant address byte */
8651		lba &= 0x1fffff;
8652		num_blocks = cdb->length;
8653		/*
8654		 * This is correct according to SBC-2.
8655		 */
8656		if (num_blocks == 0)
8657			num_blocks = 256;
8658		break;
8659	}
8660	case READ_10:
8661	case WRITE_10: {
8662		struct scsi_rw_10 *cdb;
8663
8664		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8665		if (cdb->byte2 & SRW10_FUA)
8666			flags |= CTL_LLF_FUA;
8667		if (cdb->byte2 & SRW10_DPO)
8668			flags |= CTL_LLF_DPO;
8669		lba = scsi_4btoul(cdb->addr);
8670		num_blocks = scsi_2btoul(cdb->length);
8671		break;
8672	}
8673	case WRITE_VERIFY_10: {
8674		struct scsi_write_verify_10 *cdb;
8675
8676		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8677		flags |= CTL_LLF_FUA;
8678		if (cdb->byte2 & SWV_DPO)
8679			flags |= CTL_LLF_DPO;
8680		lba = scsi_4btoul(cdb->addr);
8681		num_blocks = scsi_2btoul(cdb->length);
8682		break;
8683	}
8684	case READ_12:
8685	case WRITE_12: {
8686		struct scsi_rw_12 *cdb;
8687
8688		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8689		if (cdb->byte2 & SRW12_FUA)
8690			flags |= CTL_LLF_FUA;
8691		if (cdb->byte2 & SRW12_DPO)
8692			flags |= CTL_LLF_DPO;
8693		lba = scsi_4btoul(cdb->addr);
8694		num_blocks = scsi_4btoul(cdb->length);
8695		break;
8696	}
8697	case WRITE_VERIFY_12: {
8698		struct scsi_write_verify_12 *cdb;
8699
8700		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8701		flags |= CTL_LLF_FUA;
8702		if (cdb->byte2 & SWV_DPO)
8703			flags |= CTL_LLF_DPO;
8704		lba = scsi_4btoul(cdb->addr);
8705		num_blocks = scsi_4btoul(cdb->length);
8706		break;
8707	}
8708	case READ_16:
8709	case WRITE_16: {
8710		struct scsi_rw_16 *cdb;
8711
8712		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8713		if (cdb->byte2 & SRW12_FUA)
8714			flags |= CTL_LLF_FUA;
8715		if (cdb->byte2 & SRW12_DPO)
8716			flags |= CTL_LLF_DPO;
8717		lba = scsi_8btou64(cdb->addr);
8718		num_blocks = scsi_4btoul(cdb->length);
8719		break;
8720	}
8721	case WRITE_ATOMIC_16: {
8722		struct scsi_write_atomic_16 *cdb;
8723
8724		if (lun->be_lun->atomicblock == 0) {
8725			ctl_set_invalid_opcode(ctsio);
8726			ctl_done((union ctl_io *)ctsio);
8727			return (CTL_RETVAL_COMPLETE);
8728		}
8729
8730		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8731		if (cdb->byte2 & SRW12_FUA)
8732			flags |= CTL_LLF_FUA;
8733		if (cdb->byte2 & SRW12_DPO)
8734			flags |= CTL_LLF_DPO;
8735		lba = scsi_8btou64(cdb->addr);
8736		num_blocks = scsi_2btoul(cdb->length);
8737		if (num_blocks > lun->be_lun->atomicblock) {
8738			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8739			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8740			    /*bit*/ 0);
8741			ctl_done((union ctl_io *)ctsio);
8742			return (CTL_RETVAL_COMPLETE);
8743		}
8744		break;
8745	}
8746	case WRITE_VERIFY_16: {
8747		struct scsi_write_verify_16 *cdb;
8748
8749		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8750		flags |= CTL_LLF_FUA;
8751		if (cdb->byte2 & SWV_DPO)
8752			flags |= CTL_LLF_DPO;
8753		lba = scsi_8btou64(cdb->addr);
8754		num_blocks = scsi_4btoul(cdb->length);
8755		break;
8756	}
8757	default:
8758		/*
8759		 * We got a command we don't support.  This shouldn't
8760		 * happen, commands should be filtered out above us.
8761		 */
8762		ctl_set_invalid_opcode(ctsio);
8763		ctl_done((union ctl_io *)ctsio);
8764
8765		return (CTL_RETVAL_COMPLETE);
8766		break; /* NOTREACHED */
8767	}
8768
8769	/*
8770	 * The first check is to make sure we're in bounds, the second
8771	 * check is to catch wrap-around problems.  If the lba + num blocks
8772	 * is less than the lba, then we've wrapped around and the block
8773	 * range is invalid anyway.
8774	 */
8775	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8776	 || ((lba + num_blocks) < lba)) {
8777		ctl_set_lba_out_of_range(ctsio,
8778		    MAX(lba, lun->be_lun->maxlba + 1));
8779		ctl_done((union ctl_io *)ctsio);
8780		return (CTL_RETVAL_COMPLETE);
8781	}
8782
8783	/*
8784	 * According to SBC-3, a transfer length of 0 is not an error.
8785	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8786	 * translates to 256 blocks for those commands.
8787	 */
8788	if (num_blocks == 0) {
8789		ctl_set_success(ctsio);
8790		ctl_done((union ctl_io *)ctsio);
8791		return (CTL_RETVAL_COMPLETE);
8792	}
8793
8794	/* Set FUA and/or DPO if caches are disabled. */
8795	if (isread) {
8796		if ((lun->MODE_CACHING.flags1 & SCP_RCD) != 0)
8797			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8798	} else {
8799		if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8800			flags |= CTL_LLF_FUA;
8801	}
8802
8803	lbalen = (struct ctl_lba_len_flags *)
8804	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8805	lbalen->lba = lba;
8806	lbalen->len = num_blocks;
8807	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8808
8809	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8810	ctsio->kern_rel_offset = 0;
8811
8812	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8813
8814	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8815	return (retval);
8816}
8817
8818static int
8819ctl_cnw_cont(union ctl_io *io)
8820{
8821	struct ctl_lun *lun = CTL_LUN(io);
8822	struct ctl_scsiio *ctsio;
8823	struct ctl_lba_len_flags *lbalen;
8824	int retval;
8825
8826	ctsio = &io->scsiio;
8827	ctsio->io_hdr.status = CTL_STATUS_NONE;
8828	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8829	lbalen = (struct ctl_lba_len_flags *)
8830	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8831	lbalen->flags &= ~CTL_LLF_COMPARE;
8832	lbalen->flags |= CTL_LLF_WRITE;
8833
8834	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8835	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8836	return (retval);
8837}
8838
8839int
8840ctl_cnw(struct ctl_scsiio *ctsio)
8841{
8842	struct ctl_lun *lun = CTL_LUN(ctsio);
8843	struct ctl_lba_len_flags *lbalen;
8844	uint64_t lba;
8845	uint32_t num_blocks;
8846	int flags, retval;
8847
8848	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8849
8850	flags = 0;
8851	switch (ctsio->cdb[0]) {
8852	case COMPARE_AND_WRITE: {
8853		struct scsi_compare_and_write *cdb;
8854
8855		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8856		if (cdb->byte2 & SRW10_FUA)
8857			flags |= CTL_LLF_FUA;
8858		if (cdb->byte2 & SRW10_DPO)
8859			flags |= CTL_LLF_DPO;
8860		lba = scsi_8btou64(cdb->addr);
8861		num_blocks = cdb->length;
8862		break;
8863	}
8864	default:
8865		/*
8866		 * We got a command we don't support.  This shouldn't
8867		 * happen, commands should be filtered out above us.
8868		 */
8869		ctl_set_invalid_opcode(ctsio);
8870		ctl_done((union ctl_io *)ctsio);
8871
8872		return (CTL_RETVAL_COMPLETE);
8873		break; /* NOTREACHED */
8874	}
8875
8876	/*
8877	 * The first check is to make sure we're in bounds, the second
8878	 * check is to catch wrap-around problems.  If the lba + num blocks
8879	 * is less than the lba, then we've wrapped around and the block
8880	 * range is invalid anyway.
8881	 */
8882	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8883	 || ((lba + num_blocks) < lba)) {
8884		ctl_set_lba_out_of_range(ctsio,
8885		    MAX(lba, lun->be_lun->maxlba + 1));
8886		ctl_done((union ctl_io *)ctsio);
8887		return (CTL_RETVAL_COMPLETE);
8888	}
8889
8890	/*
8891	 * According to SBC-3, a transfer length of 0 is not an error.
8892	 */
8893	if (num_blocks == 0) {
8894		ctl_set_success(ctsio);
8895		ctl_done((union ctl_io *)ctsio);
8896		return (CTL_RETVAL_COMPLETE);
8897	}
8898
8899	/* Set FUA if write cache is disabled. */
8900	if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8901		flags |= CTL_LLF_FUA;
8902
8903	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8904	ctsio->kern_rel_offset = 0;
8905
8906	/*
8907	 * Set the IO_CONT flag, so that if this I/O gets passed to
8908	 * ctl_data_submit_done(), it'll get passed back to
8909	 * ctl_ctl_cnw_cont() for further processing.
8910	 */
8911	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8912	ctsio->io_cont = ctl_cnw_cont;
8913
8914	lbalen = (struct ctl_lba_len_flags *)
8915	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8916	lbalen->lba = lba;
8917	lbalen->len = num_blocks;
8918	lbalen->flags = CTL_LLF_COMPARE | flags;
8919
8920	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8921	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8922	return (retval);
8923}
8924
8925int
8926ctl_verify(struct ctl_scsiio *ctsio)
8927{
8928	struct ctl_lun *lun = CTL_LUN(ctsio);
8929	struct ctl_lba_len_flags *lbalen;
8930	uint64_t lba;
8931	uint32_t num_blocks;
8932	int bytchk, flags;
8933	int retval;
8934
8935	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8936
8937	bytchk = 0;
8938	flags = CTL_LLF_FUA;
8939	switch (ctsio->cdb[0]) {
8940	case VERIFY_10: {
8941		struct scsi_verify_10 *cdb;
8942
8943		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8944		if (cdb->byte2 & SVFY_BYTCHK)
8945			bytchk = 1;
8946		if (cdb->byte2 & SVFY_DPO)
8947			flags |= CTL_LLF_DPO;
8948		lba = scsi_4btoul(cdb->addr);
8949		num_blocks = scsi_2btoul(cdb->length);
8950		break;
8951	}
8952	case VERIFY_12: {
8953		struct scsi_verify_12 *cdb;
8954
8955		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8956		if (cdb->byte2 & SVFY_BYTCHK)
8957			bytchk = 1;
8958		if (cdb->byte2 & SVFY_DPO)
8959			flags |= CTL_LLF_DPO;
8960		lba = scsi_4btoul(cdb->addr);
8961		num_blocks = scsi_4btoul(cdb->length);
8962		break;
8963	}
8964	case VERIFY_16: {
8965		struct scsi_rw_16 *cdb;
8966
8967		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8968		if (cdb->byte2 & SVFY_BYTCHK)
8969			bytchk = 1;
8970		if (cdb->byte2 & SVFY_DPO)
8971			flags |= CTL_LLF_DPO;
8972		lba = scsi_8btou64(cdb->addr);
8973		num_blocks = scsi_4btoul(cdb->length);
8974		break;
8975	}
8976	default:
8977		/*
8978		 * We got a command we don't support.  This shouldn't
8979		 * happen, commands should be filtered out above us.
8980		 */
8981		ctl_set_invalid_opcode(ctsio);
8982		ctl_done((union ctl_io *)ctsio);
8983		return (CTL_RETVAL_COMPLETE);
8984	}
8985
8986	/*
8987	 * The first check is to make sure we're in bounds, the second
8988	 * check is to catch wrap-around problems.  If the lba + num blocks
8989	 * is less than the lba, then we've wrapped around and the block
8990	 * range is invalid anyway.
8991	 */
8992	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8993	 || ((lba + num_blocks) < lba)) {
8994		ctl_set_lba_out_of_range(ctsio,
8995		    MAX(lba, lun->be_lun->maxlba + 1));
8996		ctl_done((union ctl_io *)ctsio);
8997		return (CTL_RETVAL_COMPLETE);
8998	}
8999
9000	/*
9001	 * According to SBC-3, a transfer length of 0 is not an error.
9002	 */
9003	if (num_blocks == 0) {
9004		ctl_set_success(ctsio);
9005		ctl_done((union ctl_io *)ctsio);
9006		return (CTL_RETVAL_COMPLETE);
9007	}
9008
9009	lbalen = (struct ctl_lba_len_flags *)
9010	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9011	lbalen->lba = lba;
9012	lbalen->len = num_blocks;
9013	if (bytchk) {
9014		lbalen->flags = CTL_LLF_COMPARE | flags;
9015		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9016	} else {
9017		lbalen->flags = CTL_LLF_VERIFY | flags;
9018		ctsio->kern_total_len = 0;
9019	}
9020	ctsio->kern_rel_offset = 0;
9021
9022	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9023	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9024	return (retval);
9025}
9026
9027int
9028ctl_report_luns(struct ctl_scsiio *ctsio)
9029{
9030	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9031	struct ctl_port *port = CTL_PORT(ctsio);
9032	struct ctl_lun *lun, *request_lun = CTL_LUN(ctsio);
9033	struct scsi_report_luns *cdb;
9034	struct scsi_report_luns_data *lun_data;
9035	int num_filled, num_luns, num_port_luns, retval;
9036	uint32_t alloc_len, lun_datalen;
9037	uint32_t initidx, targ_lun_id, lun_id;
9038
9039	retval = CTL_RETVAL_COMPLETE;
9040	cdb = (struct scsi_report_luns *)ctsio->cdb;
9041
9042	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9043
9044	num_luns = 0;
9045	num_port_luns = port->lun_map ? port->lun_map_size : ctl_max_luns;
9046	mtx_lock(&softc->ctl_lock);
9047	for (targ_lun_id = 0; targ_lun_id < num_port_luns; targ_lun_id++) {
9048		if (ctl_lun_map_from_port(port, targ_lun_id) != UINT32_MAX)
9049			num_luns++;
9050	}
9051	mtx_unlock(&softc->ctl_lock);
9052
9053	switch (cdb->select_report) {
9054	case RPL_REPORT_DEFAULT:
9055	case RPL_REPORT_ALL:
9056	case RPL_REPORT_NONSUBSID:
9057		break;
9058	case RPL_REPORT_WELLKNOWN:
9059	case RPL_REPORT_ADMIN:
9060	case RPL_REPORT_CONGLOM:
9061		num_luns = 0;
9062		break;
9063	default:
9064		ctl_set_invalid_field(ctsio,
9065				      /*sks_valid*/ 1,
9066				      /*command*/ 1,
9067				      /*field*/ 2,
9068				      /*bit_valid*/ 0,
9069				      /*bit*/ 0);
9070		ctl_done((union ctl_io *)ctsio);
9071		return (retval);
9072		break; /* NOTREACHED */
9073	}
9074
9075	alloc_len = scsi_4btoul(cdb->length);
9076	/*
9077	 * The initiator has to allocate at least 16 bytes for this request,
9078	 * so he can at least get the header and the first LUN.  Otherwise
9079	 * we reject the request (per SPC-3 rev 14, section 6.21).
9080	 */
9081	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9082	    sizeof(struct scsi_report_luns_lundata))) {
9083		ctl_set_invalid_field(ctsio,
9084				      /*sks_valid*/ 1,
9085				      /*command*/ 1,
9086				      /*field*/ 6,
9087				      /*bit_valid*/ 0,
9088				      /*bit*/ 0);
9089		ctl_done((union ctl_io *)ctsio);
9090		return (retval);
9091	}
9092
9093	lun_datalen = sizeof(*lun_data) +
9094		(num_luns * sizeof(struct scsi_report_luns_lundata));
9095
9096	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9097	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9098	ctsio->kern_sg_entries = 0;
9099
9100	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9101
9102	mtx_lock(&softc->ctl_lock);
9103	for (targ_lun_id = 0, num_filled = 0;
9104	    targ_lun_id < num_port_luns && num_filled < num_luns;
9105	    targ_lun_id++) {
9106		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9107		if (lun_id == UINT32_MAX)
9108			continue;
9109		lun = softc->ctl_luns[lun_id];
9110		if (lun == NULL)
9111			continue;
9112
9113		be64enc(lun_data->luns[num_filled++].lundata,
9114		    ctl_encode_lun(targ_lun_id));
9115
9116		/*
9117		 * According to SPC-3, rev 14 section 6.21:
9118		 *
9119		 * "The execution of a REPORT LUNS command to any valid and
9120		 * installed logical unit shall clear the REPORTED LUNS DATA
9121		 * HAS CHANGED unit attention condition for all logical
9122		 * units of that target with respect to the requesting
9123		 * initiator. A valid and installed logical unit is one
9124		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9125		 * INQUIRY data (see 6.4.2)."
9126		 *
9127		 * If request_lun is NULL, the LUN this report luns command
9128		 * was issued to is either disabled or doesn't exist. In that
9129		 * case, we shouldn't clear any pending lun change unit
9130		 * attention.
9131		 */
9132		if (request_lun != NULL) {
9133			mtx_lock(&lun->lun_lock);
9134			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9135			mtx_unlock(&lun->lun_lock);
9136		}
9137	}
9138	mtx_unlock(&softc->ctl_lock);
9139
9140	/*
9141	 * It's quite possible that we've returned fewer LUNs than we allocated
9142	 * space for.  Trim it.
9143	 */
9144	lun_datalen = sizeof(*lun_data) +
9145		(num_filled * sizeof(struct scsi_report_luns_lundata));
9146	ctsio->kern_rel_offset = 0;
9147	ctsio->kern_sg_entries = 0;
9148	ctsio->kern_data_len = min(lun_datalen, alloc_len);
9149	ctsio->kern_total_len = ctsio->kern_data_len;
9150
9151	/*
9152	 * We set this to the actual data length, regardless of how much
9153	 * space we actually have to return results.  If the user looks at
9154	 * this value, he'll know whether or not he allocated enough space
9155	 * and reissue the command if necessary.  We don't support well
9156	 * known logical units, so if the user asks for that, return none.
9157	 */
9158	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9159
9160	/*
9161	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9162	 * this request.
9163	 */
9164	ctl_set_success(ctsio);
9165	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9166	ctsio->be_move_done = ctl_config_move_done;
9167	ctl_datamove((union ctl_io *)ctsio);
9168	return (retval);
9169}
9170
9171int
9172ctl_request_sense(struct ctl_scsiio *ctsio)
9173{
9174	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9175	struct ctl_lun *lun = CTL_LUN(ctsio);
9176	struct scsi_request_sense *cdb;
9177	struct scsi_sense_data *sense_ptr, *ps;
9178	uint32_t initidx;
9179	int have_error;
9180	u_int sense_len = SSD_FULL_SIZE;
9181	scsi_sense_data_type sense_format;
9182	ctl_ua_type ua_type;
9183	uint8_t asc = 0, ascq = 0;
9184
9185	cdb = (struct scsi_request_sense *)ctsio->cdb;
9186
9187	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9188
9189	/*
9190	 * Determine which sense format the user wants.
9191	 */
9192	if (cdb->byte2 & SRS_DESC)
9193		sense_format = SSD_TYPE_DESC;
9194	else
9195		sense_format = SSD_TYPE_FIXED;
9196
9197	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9198	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9199	ctsio->kern_sg_entries = 0;
9200	ctsio->kern_rel_offset = 0;
9201
9202	/*
9203	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9204	 * larger than the largest allowed value for the length field in the
9205	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9206	 */
9207	ctsio->kern_data_len = cdb->length;
9208	ctsio->kern_total_len = cdb->length;
9209
9210	/*
9211	 * If we don't have a LUN, we don't have any pending sense.
9212	 */
9213	if (lun == NULL ||
9214	    ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
9215	     softc->ha_link < CTL_HA_LINK_UNKNOWN)) {
9216		/* "Logical unit not supported" */
9217		ctl_set_sense_data(sense_ptr, &sense_len, NULL, sense_format,
9218		    /*current_error*/ 1,
9219		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
9220		    /*asc*/ 0x25,
9221		    /*ascq*/ 0x00,
9222		    SSD_ELEM_NONE);
9223		goto send;
9224	}
9225
9226	have_error = 0;
9227	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9228	/*
9229	 * Check for pending sense, and then for pending unit attentions.
9230	 * Pending sense gets returned first, then pending unit attentions.
9231	 */
9232	mtx_lock(&lun->lun_lock);
9233	ps = lun->pending_sense[initidx / CTL_MAX_INIT_PER_PORT];
9234	if (ps != NULL)
9235		ps += initidx % CTL_MAX_INIT_PER_PORT;
9236	if (ps != NULL && ps->error_code != 0) {
9237		scsi_sense_data_type stored_format;
9238
9239		/*
9240		 * Check to see which sense format was used for the stored
9241		 * sense data.
9242		 */
9243		stored_format = scsi_sense_type(ps);
9244
9245		/*
9246		 * If the user requested a different sense format than the
9247		 * one we stored, then we need to convert it to the other
9248		 * format.  If we're going from descriptor to fixed format
9249		 * sense data, we may lose things in translation, depending
9250		 * on what options were used.
9251		 *
9252		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9253		 * for some reason we'll just copy it out as-is.
9254		 */
9255		if ((stored_format == SSD_TYPE_FIXED)
9256		 && (sense_format == SSD_TYPE_DESC))
9257			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9258			    ps, (struct scsi_sense_data_desc *)sense_ptr);
9259		else if ((stored_format == SSD_TYPE_DESC)
9260		      && (sense_format == SSD_TYPE_FIXED))
9261			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9262			    ps, (struct scsi_sense_data_fixed *)sense_ptr);
9263		else
9264			memcpy(sense_ptr, ps, sizeof(*sense_ptr));
9265
9266		ps->error_code = 0;
9267		have_error = 1;
9268	} else {
9269		ua_type = ctl_build_ua(lun, initidx, sense_ptr, &sense_len,
9270		    sense_format);
9271		if (ua_type != CTL_UA_NONE)
9272			have_error = 1;
9273	}
9274	if (have_error == 0) {
9275		/*
9276		 * Report informational exception if have one and allowed.
9277		 */
9278		if (lun->MODE_IE.mrie != SIEP_MRIE_NO) {
9279			asc = lun->ie_asc;
9280			ascq = lun->ie_ascq;
9281		}
9282		ctl_set_sense_data(sense_ptr, &sense_len, lun, sense_format,
9283		    /*current_error*/ 1,
9284		    /*sense_key*/ SSD_KEY_NO_SENSE,
9285		    /*asc*/ asc,
9286		    /*ascq*/ ascq,
9287		    SSD_ELEM_NONE);
9288	}
9289	mtx_unlock(&lun->lun_lock);
9290
9291send:
9292	/*
9293	 * We report the SCSI status as OK, since the status of the command
9294	 * itself is OK.  We're reporting sense as parameter data.
9295	 */
9296	ctl_set_success(ctsio);
9297	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9298	ctsio->be_move_done = ctl_config_move_done;
9299	ctl_datamove((union ctl_io *)ctsio);
9300	return (CTL_RETVAL_COMPLETE);
9301}
9302
9303int
9304ctl_tur(struct ctl_scsiio *ctsio)
9305{
9306
9307	CTL_DEBUG_PRINT(("ctl_tur\n"));
9308
9309	ctl_set_success(ctsio);
9310	ctl_done((union ctl_io *)ctsio);
9311
9312	return (CTL_RETVAL_COMPLETE);
9313}
9314
9315/*
9316 * SCSI VPD page 0x00, the Supported VPD Pages page.
9317 */
9318static int
9319ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9320{
9321	struct ctl_lun *lun = CTL_LUN(ctsio);
9322	struct scsi_vpd_supported_pages *pages;
9323	int sup_page_size;
9324	int p;
9325
9326	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9327	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9328	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9329	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9330	ctsio->kern_rel_offset = 0;
9331	ctsio->kern_sg_entries = 0;
9332	ctsio->kern_data_len = min(sup_page_size, alloc_len);
9333	ctsio->kern_total_len = ctsio->kern_data_len;
9334
9335	/*
9336	 * The control device is always connected.  The disk device, on the
9337	 * other hand, may not be online all the time.  Need to change this
9338	 * to figure out whether the disk device is actually online or not.
9339	 */
9340	if (lun != NULL)
9341		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9342				lun->be_lun->lun_type;
9343	else
9344		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9345
9346	p = 0;
9347	/* Supported VPD pages */
9348	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9349	/* Serial Number */
9350	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9351	/* Device Identification */
9352	pages->page_list[p++] = SVPD_DEVICE_ID;
9353	/* Extended INQUIRY Data */
9354	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9355	/* Mode Page Policy */
9356	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9357	/* SCSI Ports */
9358	pages->page_list[p++] = SVPD_SCSI_PORTS;
9359	/* Third-party Copy */
9360	pages->page_list[p++] = SVPD_SCSI_TPC;
9361	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9362		/* Block limits */
9363		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9364		/* Block Device Characteristics */
9365		pages->page_list[p++] = SVPD_BDC;
9366		/* Logical Block Provisioning */
9367		pages->page_list[p++] = SVPD_LBP;
9368	}
9369	pages->length = p;
9370
9371	ctl_set_success(ctsio);
9372	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9373	ctsio->be_move_done = ctl_config_move_done;
9374	ctl_datamove((union ctl_io *)ctsio);
9375	return (CTL_RETVAL_COMPLETE);
9376}
9377
9378/*
9379 * SCSI VPD page 0x80, the Unit Serial Number page.
9380 */
9381static int
9382ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9383{
9384	struct ctl_lun *lun = CTL_LUN(ctsio);
9385	struct scsi_vpd_unit_serial_number *sn_ptr;
9386	int data_len;
9387
9388	data_len = 4 + CTL_SN_LEN;
9389	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9390	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9391	ctsio->kern_rel_offset = 0;
9392	ctsio->kern_sg_entries = 0;
9393	ctsio->kern_data_len = min(data_len, alloc_len);
9394	ctsio->kern_total_len = ctsio->kern_data_len;
9395
9396	/*
9397	 * The control device is always connected.  The disk device, on the
9398	 * other hand, may not be online all the time.  Need to change this
9399	 * to figure out whether the disk device is actually online or not.
9400	 */
9401	if (lun != NULL)
9402		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9403				  lun->be_lun->lun_type;
9404	else
9405		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9406
9407	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9408	sn_ptr->length = CTL_SN_LEN;
9409	/*
9410	 * If we don't have a LUN, we just leave the serial number as
9411	 * all spaces.
9412	 */
9413	if (lun != NULL) {
9414		strncpy((char *)sn_ptr->serial_num,
9415			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9416	} else
9417		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9418
9419	ctl_set_success(ctsio);
9420	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9421	ctsio->be_move_done = ctl_config_move_done;
9422	ctl_datamove((union ctl_io *)ctsio);
9423	return (CTL_RETVAL_COMPLETE);
9424}
9425
9426
9427/*
9428 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9429 */
9430static int
9431ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9432{
9433	struct ctl_lun *lun = CTL_LUN(ctsio);
9434	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9435	int data_len;
9436
9437	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9438	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9439	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9440	ctsio->kern_sg_entries = 0;
9441	ctsio->kern_rel_offset = 0;
9442	ctsio->kern_data_len = min(data_len, alloc_len);
9443	ctsio->kern_total_len = ctsio->kern_data_len;
9444
9445	/*
9446	 * The control device is always connected.  The disk device, on the
9447	 * other hand, may not be online all the time.
9448	 */
9449	if (lun != NULL)
9450		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9451				     lun->be_lun->lun_type;
9452	else
9453		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9454	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9455	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9456	/*
9457	 * We support head of queue, ordered and simple tags.
9458	 */
9459	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9460	/*
9461	 * Volatile cache supported.
9462	 */
9463	eid_ptr->flags3 = SVPD_EID_V_SUP;
9464
9465	/*
9466	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9467	 * attention for a particular IT nexus on all LUNs once we report
9468	 * it to that nexus once.  This bit is required as of SPC-4.
9469	 */
9470	eid_ptr->flags4 = SVPD_EID_LUICLR;
9471
9472	/*
9473	 * We support revert to defaults (RTD) bit in MODE SELECT.
9474	 */
9475	eid_ptr->flags5 = SVPD_EID_RTD_SUP;
9476
9477	/*
9478	 * XXX KDM in order to correctly answer this, we would need
9479	 * information from the SIM to determine how much sense data it
9480	 * can send.  So this would really be a path inquiry field, most
9481	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9482	 * but the hardware may or may not be able to support that much.
9483	 * 0 just means that the maximum sense data length is not reported.
9484	 */
9485	eid_ptr->max_sense_length = 0;
9486
9487	ctl_set_success(ctsio);
9488	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9489	ctsio->be_move_done = ctl_config_move_done;
9490	ctl_datamove((union ctl_io *)ctsio);
9491	return (CTL_RETVAL_COMPLETE);
9492}
9493
9494static int
9495ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9496{
9497	struct ctl_lun *lun = CTL_LUN(ctsio);
9498	struct scsi_vpd_mode_page_policy *mpp_ptr;
9499	int data_len;
9500
9501	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9502	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9503
9504	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9505	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9506	ctsio->kern_rel_offset = 0;
9507	ctsio->kern_sg_entries = 0;
9508	ctsio->kern_data_len = min(data_len, alloc_len);
9509	ctsio->kern_total_len = ctsio->kern_data_len;
9510
9511	/*
9512	 * The control device is always connected.  The disk device, on the
9513	 * other hand, may not be online all the time.
9514	 */
9515	if (lun != NULL)
9516		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9517				     lun->be_lun->lun_type;
9518	else
9519		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9520	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9521	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9522	mpp_ptr->descr[0].page_code = 0x3f;
9523	mpp_ptr->descr[0].subpage_code = 0xff;
9524	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9525
9526	ctl_set_success(ctsio);
9527	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9528	ctsio->be_move_done = ctl_config_move_done;
9529	ctl_datamove((union ctl_io *)ctsio);
9530	return (CTL_RETVAL_COMPLETE);
9531}
9532
9533/*
9534 * SCSI VPD page 0x83, the Device Identification page.
9535 */
9536static int
9537ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9538{
9539	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9540	struct ctl_port *port = CTL_PORT(ctsio);
9541	struct ctl_lun *lun = CTL_LUN(ctsio);
9542	struct scsi_vpd_device_id *devid_ptr;
9543	struct scsi_vpd_id_descriptor *desc;
9544	int data_len, g;
9545	uint8_t proto;
9546
9547	data_len = sizeof(struct scsi_vpd_device_id) +
9548	    sizeof(struct scsi_vpd_id_descriptor) +
9549		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9550	    sizeof(struct scsi_vpd_id_descriptor) +
9551		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9552	if (lun && lun->lun_devid)
9553		data_len += lun->lun_devid->len;
9554	if (port && port->port_devid)
9555		data_len += port->port_devid->len;
9556	if (port && port->target_devid)
9557		data_len += port->target_devid->len;
9558
9559	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9560	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9561	ctsio->kern_sg_entries = 0;
9562	ctsio->kern_rel_offset = 0;
9563	ctsio->kern_sg_entries = 0;
9564	ctsio->kern_data_len = min(data_len, alloc_len);
9565	ctsio->kern_total_len = ctsio->kern_data_len;
9566
9567	/*
9568	 * The control device is always connected.  The disk device, on the
9569	 * other hand, may not be online all the time.
9570	 */
9571	if (lun != NULL)
9572		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9573				     lun->be_lun->lun_type;
9574	else
9575		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9576	devid_ptr->page_code = SVPD_DEVICE_ID;
9577	scsi_ulto2b(data_len - 4, devid_ptr->length);
9578
9579	if (port && port->port_type == CTL_PORT_FC)
9580		proto = SCSI_PROTO_FC << 4;
9581	else if (port && port->port_type == CTL_PORT_SAS)
9582		proto = SCSI_PROTO_SAS << 4;
9583	else if (port && port->port_type == CTL_PORT_ISCSI)
9584		proto = SCSI_PROTO_ISCSI << 4;
9585	else
9586		proto = SCSI_PROTO_SPI << 4;
9587	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9588
9589	/*
9590	 * We're using a LUN association here.  i.e., this device ID is a
9591	 * per-LUN identifier.
9592	 */
9593	if (lun && lun->lun_devid) {
9594		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9595		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9596		    lun->lun_devid->len);
9597	}
9598
9599	/*
9600	 * This is for the WWPN which is a port association.
9601	 */
9602	if (port && port->port_devid) {
9603		memcpy(desc, port->port_devid->data, port->port_devid->len);
9604		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9605		    port->port_devid->len);
9606	}
9607
9608	/*
9609	 * This is for the Relative Target Port(type 4h) identifier
9610	 */
9611	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9612	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9613	    SVPD_ID_TYPE_RELTARG;
9614	desc->length = 4;
9615	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9616	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9617	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9618
9619	/*
9620	 * This is for the Target Port Group(type 5h) identifier
9621	 */
9622	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9623	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9624	    SVPD_ID_TYPE_TPORTGRP;
9625	desc->length = 4;
9626	if (softc->is_single ||
9627	    (port && port->status & CTL_PORT_STATUS_HA_SHARED))
9628		g = 1;
9629	else
9630		g = 2 + ctsio->io_hdr.nexus.targ_port / softc->port_cnt;
9631	scsi_ulto2b(g, &desc->identifier[2]);
9632	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9633	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9634
9635	/*
9636	 * This is for the Target identifier
9637	 */
9638	if (port && port->target_devid) {
9639		memcpy(desc, port->target_devid->data, port->target_devid->len);
9640	}
9641
9642	ctl_set_success(ctsio);
9643	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9644	ctsio->be_move_done = ctl_config_move_done;
9645	ctl_datamove((union ctl_io *)ctsio);
9646	return (CTL_RETVAL_COMPLETE);
9647}
9648
9649static int
9650ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9651{
9652	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9653	struct ctl_lun *lun = CTL_LUN(ctsio);
9654	struct scsi_vpd_scsi_ports *sp;
9655	struct scsi_vpd_port_designation *pd;
9656	struct scsi_vpd_port_designation_cont *pdc;
9657	struct ctl_port *port;
9658	int data_len, num_target_ports, iid_len, id_len;
9659
9660	num_target_ports = 0;
9661	iid_len = 0;
9662	id_len = 0;
9663	mtx_lock(&softc->ctl_lock);
9664	STAILQ_FOREACH(port, &softc->port_list, links) {
9665		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9666			continue;
9667		if (lun != NULL &&
9668		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
9669			continue;
9670		num_target_ports++;
9671		if (port->init_devid)
9672			iid_len += port->init_devid->len;
9673		if (port->port_devid)
9674			id_len += port->port_devid->len;
9675	}
9676	mtx_unlock(&softc->ctl_lock);
9677
9678	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9679	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9680	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9681	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9682	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9683	ctsio->kern_sg_entries = 0;
9684	ctsio->kern_rel_offset = 0;
9685	ctsio->kern_sg_entries = 0;
9686	ctsio->kern_data_len = min(data_len, alloc_len);
9687	ctsio->kern_total_len = ctsio->kern_data_len;
9688
9689	/*
9690	 * The control device is always connected.  The disk device, on the
9691	 * other hand, may not be online all the time.  Need to change this
9692	 * to figure out whether the disk device is actually online or not.
9693	 */
9694	if (lun != NULL)
9695		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9696				  lun->be_lun->lun_type;
9697	else
9698		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9699
9700	sp->page_code = SVPD_SCSI_PORTS;
9701	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9702	    sp->page_length);
9703	pd = &sp->design[0];
9704
9705	mtx_lock(&softc->ctl_lock);
9706	STAILQ_FOREACH(port, &softc->port_list, links) {
9707		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9708			continue;
9709		if (lun != NULL &&
9710		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
9711			continue;
9712		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9713		if (port->init_devid) {
9714			iid_len = port->init_devid->len;
9715			memcpy(pd->initiator_transportid,
9716			    port->init_devid->data, port->init_devid->len);
9717		} else
9718			iid_len = 0;
9719		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9720		pdc = (struct scsi_vpd_port_designation_cont *)
9721		    (&pd->initiator_transportid[iid_len]);
9722		if (port->port_devid) {
9723			id_len = port->port_devid->len;
9724			memcpy(pdc->target_port_descriptors,
9725			    port->port_devid->data, port->port_devid->len);
9726		} else
9727			id_len = 0;
9728		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9729		pd = (struct scsi_vpd_port_designation *)
9730		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9731	}
9732	mtx_unlock(&softc->ctl_lock);
9733
9734	ctl_set_success(ctsio);
9735	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9736	ctsio->be_move_done = ctl_config_move_done;
9737	ctl_datamove((union ctl_io *)ctsio);
9738	return (CTL_RETVAL_COMPLETE);
9739}
9740
9741static int
9742ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9743{
9744	struct ctl_lun *lun = CTL_LUN(ctsio);
9745	struct scsi_vpd_block_limits *bl_ptr;
9746	uint64_t ival;
9747
9748	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9749	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9750	ctsio->kern_sg_entries = 0;
9751	ctsio->kern_rel_offset = 0;
9752	ctsio->kern_sg_entries = 0;
9753	ctsio->kern_data_len = min(sizeof(*bl_ptr), alloc_len);
9754	ctsio->kern_total_len = ctsio->kern_data_len;
9755
9756	/*
9757	 * The control device is always connected.  The disk device, on the
9758	 * other hand, may not be online all the time.  Need to change this
9759	 * to figure out whether the disk device is actually online or not.
9760	 */
9761	if (lun != NULL)
9762		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9763				  lun->be_lun->lun_type;
9764	else
9765		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9766
9767	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9768	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9769	bl_ptr->max_cmp_write_len = 0xff;
9770	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9771	if (lun != NULL) {
9772		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9773		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9774			ival = 0xffffffff;
9775			ctl_get_opt_number(&lun->be_lun->options,
9776			    "unmap_max_lba", &ival);
9777			scsi_ulto4b(ival, bl_ptr->max_unmap_lba_cnt);
9778			ival = 0xffffffff;
9779			ctl_get_opt_number(&lun->be_lun->options,
9780			    "unmap_max_descr", &ival);
9781			scsi_ulto4b(ival, bl_ptr->max_unmap_blk_cnt);
9782			if (lun->be_lun->ublockexp != 0) {
9783				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9784				    bl_ptr->opt_unmap_grain);
9785				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9786				    bl_ptr->unmap_grain_align);
9787			}
9788		}
9789		scsi_ulto4b(lun->be_lun->atomicblock,
9790		    bl_ptr->max_atomic_transfer_length);
9791		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9792		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9793		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9794		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9795		ival = UINT64_MAX;
9796		ctl_get_opt_number(&lun->be_lun->options, "write_same_max_lba", &ival);
9797		scsi_u64to8b(ival, bl_ptr->max_write_same_length);
9798	}
9799
9800	ctl_set_success(ctsio);
9801	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9802	ctsio->be_move_done = ctl_config_move_done;
9803	ctl_datamove((union ctl_io *)ctsio);
9804	return (CTL_RETVAL_COMPLETE);
9805}
9806
9807static int
9808ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9809{
9810	struct ctl_lun *lun = CTL_LUN(ctsio);
9811	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9812	const char *value;
9813	u_int i;
9814
9815	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9816	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9817	ctsio->kern_sg_entries = 0;
9818	ctsio->kern_rel_offset = 0;
9819	ctsio->kern_data_len = min(sizeof(*bdc_ptr), alloc_len);
9820	ctsio->kern_total_len = ctsio->kern_data_len;
9821
9822	/*
9823	 * The control device is always connected.  The disk device, on the
9824	 * other hand, may not be online all the time.  Need to change this
9825	 * to figure out whether the disk device is actually online or not.
9826	 */
9827	if (lun != NULL)
9828		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9829				  lun->be_lun->lun_type;
9830	else
9831		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9832	bdc_ptr->page_code = SVPD_BDC;
9833	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9834	if (lun != NULL &&
9835	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9836		i = strtol(value, NULL, 0);
9837	else
9838		i = CTL_DEFAULT_ROTATION_RATE;
9839	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9840	if (lun != NULL &&
9841	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9842		i = strtol(value, NULL, 0);
9843	else
9844		i = 0;
9845	bdc_ptr->wab_wac_ff = (i & 0x0f);
9846	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9847
9848	ctl_set_success(ctsio);
9849	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9850	ctsio->be_move_done = ctl_config_move_done;
9851	ctl_datamove((union ctl_io *)ctsio);
9852	return (CTL_RETVAL_COMPLETE);
9853}
9854
9855static int
9856ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9857{
9858	struct ctl_lun *lun = CTL_LUN(ctsio);
9859	struct scsi_vpd_logical_block_prov *lbp_ptr;
9860	const char *value;
9861
9862	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9863	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9864	ctsio->kern_sg_entries = 0;
9865	ctsio->kern_rel_offset = 0;
9866	ctsio->kern_data_len = min(sizeof(*lbp_ptr), alloc_len);
9867	ctsio->kern_total_len = ctsio->kern_data_len;
9868
9869	/*
9870	 * The control device is always connected.  The disk device, on the
9871	 * other hand, may not be online all the time.  Need to change this
9872	 * to figure out whether the disk device is actually online or not.
9873	 */
9874	if (lun != NULL)
9875		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9876				  lun->be_lun->lun_type;
9877	else
9878		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9879
9880	lbp_ptr->page_code = SVPD_LBP;
9881	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9882	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9883	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9884		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9885		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9886		value = ctl_get_opt(&lun->be_lun->options, "provisioning_type");
9887		if (value != NULL) {
9888			if (strcmp(value, "resource") == 0)
9889				lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
9890			else if (strcmp(value, "thin") == 0)
9891				lbp_ptr->prov_type = SVPD_LBP_THIN;
9892		} else
9893			lbp_ptr->prov_type = SVPD_LBP_THIN;
9894	}
9895
9896	ctl_set_success(ctsio);
9897	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9898	ctsio->be_move_done = ctl_config_move_done;
9899	ctl_datamove((union ctl_io *)ctsio);
9900	return (CTL_RETVAL_COMPLETE);
9901}
9902
9903/*
9904 * INQUIRY with the EVPD bit set.
9905 */
9906static int
9907ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9908{
9909	struct ctl_lun *lun = CTL_LUN(ctsio);
9910	struct scsi_inquiry *cdb;
9911	int alloc_len, retval;
9912
9913	cdb = (struct scsi_inquiry *)ctsio->cdb;
9914	alloc_len = scsi_2btoul(cdb->length);
9915
9916	switch (cdb->page_code) {
9917	case SVPD_SUPPORTED_PAGES:
9918		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9919		break;
9920	case SVPD_UNIT_SERIAL_NUMBER:
9921		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9922		break;
9923	case SVPD_DEVICE_ID:
9924		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9925		break;
9926	case SVPD_EXTENDED_INQUIRY_DATA:
9927		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9928		break;
9929	case SVPD_MODE_PAGE_POLICY:
9930		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9931		break;
9932	case SVPD_SCSI_PORTS:
9933		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9934		break;
9935	case SVPD_SCSI_TPC:
9936		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9937		break;
9938	case SVPD_BLOCK_LIMITS:
9939		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9940			goto err;
9941		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9942		break;
9943	case SVPD_BDC:
9944		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9945			goto err;
9946		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9947		break;
9948	case SVPD_LBP:
9949		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9950			goto err;
9951		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9952		break;
9953	default:
9954err:
9955		ctl_set_invalid_field(ctsio,
9956				      /*sks_valid*/ 1,
9957				      /*command*/ 1,
9958				      /*field*/ 2,
9959				      /*bit_valid*/ 0,
9960				      /*bit*/ 0);
9961		ctl_done((union ctl_io *)ctsio);
9962		retval = CTL_RETVAL_COMPLETE;
9963		break;
9964	}
9965
9966	return (retval);
9967}
9968
9969/*
9970 * Standard INQUIRY data.
9971 */
9972static int
9973ctl_inquiry_std(struct ctl_scsiio *ctsio)
9974{
9975	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9976	struct ctl_port *port = CTL_PORT(ctsio);
9977	struct ctl_lun *lun = CTL_LUN(ctsio);
9978	struct scsi_inquiry_data *inq_ptr;
9979	struct scsi_inquiry *cdb;
9980	char *val;
9981	uint32_t alloc_len, data_len;
9982	ctl_port_type port_type;
9983
9984	port_type = port->port_type;
9985	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
9986		port_type = CTL_PORT_SCSI;
9987
9988	cdb = (struct scsi_inquiry *)ctsio->cdb;
9989	alloc_len = scsi_2btoul(cdb->length);
9990
9991	/*
9992	 * We malloc the full inquiry data size here and fill it
9993	 * in.  If the user only asks for less, we'll give him
9994	 * that much.
9995	 */
9996	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
9997	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9998	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
9999	ctsio->kern_sg_entries = 0;
10000	ctsio->kern_rel_offset = 0;
10001	ctsio->kern_data_len = min(data_len, alloc_len);
10002	ctsio->kern_total_len = ctsio->kern_data_len;
10003
10004	if (lun != NULL) {
10005		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10006		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10007			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10008			    lun->be_lun->lun_type;
10009		} else {
10010			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10011			    lun->be_lun->lun_type;
10012		}
10013		if (lun->flags & CTL_LUN_REMOVABLE)
10014			inq_ptr->dev_qual2 |= SID_RMB;
10015	} else
10016		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10017
10018	/* RMB in byte 2 is 0 */
10019	inq_ptr->version = SCSI_REV_SPC5;
10020
10021	/*
10022	 * According to SAM-3, even if a device only supports a single
10023	 * level of LUN addressing, it should still set the HISUP bit:
10024	 *
10025	 * 4.9.1 Logical unit numbers overview
10026	 *
10027	 * All logical unit number formats described in this standard are
10028	 * hierarchical in structure even when only a single level in that
10029	 * hierarchy is used. The HISUP bit shall be set to one in the
10030	 * standard INQUIRY data (see SPC-2) when any logical unit number
10031	 * format described in this standard is used.  Non-hierarchical
10032	 * formats are outside the scope of this standard.
10033	 *
10034	 * Therefore we set the HiSup bit here.
10035	 *
10036	 * The response format is 2, per SPC-3.
10037	 */
10038	inq_ptr->response_format = SID_HiSup | 2;
10039
10040	inq_ptr->additional_length = data_len -
10041	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10042	CTL_DEBUG_PRINT(("additional_length = %d\n",
10043			 inq_ptr->additional_length));
10044
10045	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10046	if (port_type == CTL_PORT_SCSI)
10047		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10048	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10049	inq_ptr->flags = SID_CmdQue;
10050	if (port_type == CTL_PORT_SCSI)
10051		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10052
10053	/*
10054	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10055	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10056	 * name and 4 bytes for the revision.
10057	 */
10058	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10059	    "vendor")) == NULL) {
10060		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10061	} else {
10062		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10063		strncpy(inq_ptr->vendor, val,
10064		    min(sizeof(inq_ptr->vendor), strlen(val)));
10065	}
10066	if (lun == NULL) {
10067		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10068		    sizeof(inq_ptr->product));
10069	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10070		switch (lun->be_lun->lun_type) {
10071		case T_DIRECT:
10072			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10073			    sizeof(inq_ptr->product));
10074			break;
10075		case T_PROCESSOR:
10076			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10077			    sizeof(inq_ptr->product));
10078			break;
10079		case T_CDROM:
10080			strncpy(inq_ptr->product, CTL_CDROM_PRODUCT,
10081			    sizeof(inq_ptr->product));
10082			break;
10083		default:
10084			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10085			    sizeof(inq_ptr->product));
10086			break;
10087		}
10088	} else {
10089		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10090		strncpy(inq_ptr->product, val,
10091		    min(sizeof(inq_ptr->product), strlen(val)));
10092	}
10093
10094	/*
10095	 * XXX make this a macro somewhere so it automatically gets
10096	 * incremented when we make changes.
10097	 */
10098	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10099	    "revision")) == NULL) {
10100		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10101	} else {
10102		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10103		strncpy(inq_ptr->revision, val,
10104		    min(sizeof(inq_ptr->revision), strlen(val)));
10105	}
10106
10107	/*
10108	 * For parallel SCSI, we support double transition and single
10109	 * transition clocking.  We also support QAS (Quick Arbitration
10110	 * and Selection) and Information Unit transfers on both the
10111	 * control and array devices.
10112	 */
10113	if (port_type == CTL_PORT_SCSI)
10114		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10115				    SID_SPI_IUS;
10116
10117	/* SAM-6 (no version claimed) */
10118	scsi_ulto2b(0x00C0, inq_ptr->version1);
10119	/* SPC-5 (no version claimed) */
10120	scsi_ulto2b(0x05C0, inq_ptr->version2);
10121	if (port_type == CTL_PORT_FC) {
10122		/* FCP-2 ANSI INCITS.350:2003 */
10123		scsi_ulto2b(0x0917, inq_ptr->version3);
10124	} else if (port_type == CTL_PORT_SCSI) {
10125		/* SPI-4 ANSI INCITS.362:200x */
10126		scsi_ulto2b(0x0B56, inq_ptr->version3);
10127	} else if (port_type == CTL_PORT_ISCSI) {
10128		/* iSCSI (no version claimed) */
10129		scsi_ulto2b(0x0960, inq_ptr->version3);
10130	} else if (port_type == CTL_PORT_SAS) {
10131		/* SAS (no version claimed) */
10132		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10133	} else if (port_type == CTL_PORT_UMASS) {
10134		/* USB Mass Storage Class Bulk-Only Transport, Revision 1.0 */
10135		scsi_ulto2b(0x1730, inq_ptr->version3);
10136	}
10137
10138	if (lun == NULL) {
10139		/* SBC-4 (no version claimed) */
10140		scsi_ulto2b(0x0600, inq_ptr->version4);
10141	} else {
10142		switch (lun->be_lun->lun_type) {
10143		case T_DIRECT:
10144			/* SBC-4 (no version claimed) */
10145			scsi_ulto2b(0x0600, inq_ptr->version4);
10146			break;
10147		case T_PROCESSOR:
10148			break;
10149		case T_CDROM:
10150			/* MMC-6 (no version claimed) */
10151			scsi_ulto2b(0x04E0, inq_ptr->version4);
10152			break;
10153		default:
10154			break;
10155		}
10156	}
10157
10158	ctl_set_success(ctsio);
10159	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10160	ctsio->be_move_done = ctl_config_move_done;
10161	ctl_datamove((union ctl_io *)ctsio);
10162	return (CTL_RETVAL_COMPLETE);
10163}
10164
10165int
10166ctl_inquiry(struct ctl_scsiio *ctsio)
10167{
10168	struct scsi_inquiry *cdb;
10169	int retval;
10170
10171	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10172
10173	cdb = (struct scsi_inquiry *)ctsio->cdb;
10174	if (cdb->byte2 & SI_EVPD)
10175		retval = ctl_inquiry_evpd(ctsio);
10176	else if (cdb->page_code == 0)
10177		retval = ctl_inquiry_std(ctsio);
10178	else {
10179		ctl_set_invalid_field(ctsio,
10180				      /*sks_valid*/ 1,
10181				      /*command*/ 1,
10182				      /*field*/ 2,
10183				      /*bit_valid*/ 0,
10184				      /*bit*/ 0);
10185		ctl_done((union ctl_io *)ctsio);
10186		return (CTL_RETVAL_COMPLETE);
10187	}
10188
10189	return (retval);
10190}
10191
10192int
10193ctl_get_config(struct ctl_scsiio *ctsio)
10194{
10195	struct ctl_lun *lun = CTL_LUN(ctsio);
10196	struct scsi_get_config_header *hdr;
10197	struct scsi_get_config_feature *feature;
10198	struct scsi_get_config *cdb;
10199	uint32_t alloc_len, data_len;
10200	int rt, starting;
10201
10202	cdb = (struct scsi_get_config *)ctsio->cdb;
10203	rt = (cdb->rt & SGC_RT_MASK);
10204	starting = scsi_2btoul(cdb->starting_feature);
10205	alloc_len = scsi_2btoul(cdb->length);
10206
10207	data_len = sizeof(struct scsi_get_config_header) +
10208	    sizeof(struct scsi_get_config_feature) + 8 +
10209	    sizeof(struct scsi_get_config_feature) + 8 +
10210	    sizeof(struct scsi_get_config_feature) + 4 +
10211	    sizeof(struct scsi_get_config_feature) + 4 +
10212	    sizeof(struct scsi_get_config_feature) + 8 +
10213	    sizeof(struct scsi_get_config_feature) +
10214	    sizeof(struct scsi_get_config_feature) + 4 +
10215	    sizeof(struct scsi_get_config_feature) + 4 +
10216	    sizeof(struct scsi_get_config_feature) + 4 +
10217	    sizeof(struct scsi_get_config_feature) + 4 +
10218	    sizeof(struct scsi_get_config_feature) + 4 +
10219	    sizeof(struct scsi_get_config_feature) + 4;
10220	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10221	ctsio->kern_sg_entries = 0;
10222	ctsio->kern_rel_offset = 0;
10223
10224	hdr = (struct scsi_get_config_header *)ctsio->kern_data_ptr;
10225	if (lun->flags & CTL_LUN_NO_MEDIA)
10226		scsi_ulto2b(0x0000, hdr->current_profile);
10227	else
10228		scsi_ulto2b(0x0010, hdr->current_profile);
10229	feature = (struct scsi_get_config_feature *)(hdr + 1);
10230
10231	if (starting > 0x003b)
10232		goto done;
10233	if (starting > 0x003a)
10234		goto f3b;
10235	if (starting > 0x002b)
10236		goto f3a;
10237	if (starting > 0x002a)
10238		goto f2b;
10239	if (starting > 0x001f)
10240		goto f2a;
10241	if (starting > 0x001e)
10242		goto f1f;
10243	if (starting > 0x001d)
10244		goto f1e;
10245	if (starting > 0x0010)
10246		goto f1d;
10247	if (starting > 0x0003)
10248		goto f10;
10249	if (starting > 0x0002)
10250		goto f3;
10251	if (starting > 0x0001)
10252		goto f2;
10253	if (starting > 0x0000)
10254		goto f1;
10255
10256	/* Profile List */
10257	scsi_ulto2b(0x0000, feature->feature_code);
10258	feature->flags = SGC_F_PERSISTENT | SGC_F_CURRENT;
10259	feature->add_length = 8;
10260	scsi_ulto2b(0x0008, &feature->feature_data[0]);	/* CD-ROM */
10261	feature->feature_data[2] = 0x00;
10262	scsi_ulto2b(0x0010, &feature->feature_data[4]);	/* DVD-ROM */
10263	feature->feature_data[6] = 0x01;
10264	feature = (struct scsi_get_config_feature *)
10265	    &feature->feature_data[feature->add_length];
10266
10267f1:	/* Core */
10268	scsi_ulto2b(0x0001, feature->feature_code);
10269	feature->flags = 0x08 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10270	feature->add_length = 8;
10271	scsi_ulto4b(0x00000000, &feature->feature_data[0]);
10272	feature->feature_data[4] = 0x03;
10273	feature = (struct scsi_get_config_feature *)
10274	    &feature->feature_data[feature->add_length];
10275
10276f2:	/* Morphing */
10277	scsi_ulto2b(0x0002, feature->feature_code);
10278	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10279	feature->add_length = 4;
10280	feature->feature_data[0] = 0x02;
10281	feature = (struct scsi_get_config_feature *)
10282	    &feature->feature_data[feature->add_length];
10283
10284f3:	/* Removable Medium */
10285	scsi_ulto2b(0x0003, feature->feature_code);
10286	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10287	feature->add_length = 4;
10288	feature->feature_data[0] = 0x39;
10289	feature = (struct scsi_get_config_feature *)
10290	    &feature->feature_data[feature->add_length];
10291
10292	if (rt == SGC_RT_CURRENT && (lun->flags & CTL_LUN_NO_MEDIA))
10293		goto done;
10294
10295f10:	/* Random Read */
10296	scsi_ulto2b(0x0010, feature->feature_code);
10297	feature->flags = 0x00;
10298	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10299		feature->flags |= SGC_F_CURRENT;
10300	feature->add_length = 8;
10301	scsi_ulto4b(lun->be_lun->blocksize, &feature->feature_data[0]);
10302	scsi_ulto2b(1, &feature->feature_data[4]);
10303	feature->feature_data[6] = 0x00;
10304	feature = (struct scsi_get_config_feature *)
10305	    &feature->feature_data[feature->add_length];
10306
10307f1d:	/* Multi-Read */
10308	scsi_ulto2b(0x001D, feature->feature_code);
10309	feature->flags = 0x00;
10310	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10311		feature->flags |= SGC_F_CURRENT;
10312	feature->add_length = 0;
10313	feature = (struct scsi_get_config_feature *)
10314	    &feature->feature_data[feature->add_length];
10315
10316f1e:	/* CD Read */
10317	scsi_ulto2b(0x001E, feature->feature_code);
10318	feature->flags = 0x00;
10319	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10320		feature->flags |= SGC_F_CURRENT;
10321	feature->add_length = 4;
10322	feature->feature_data[0] = 0x00;
10323	feature = (struct scsi_get_config_feature *)
10324	    &feature->feature_data[feature->add_length];
10325
10326f1f:	/* DVD Read */
10327	scsi_ulto2b(0x001F, feature->feature_code);
10328	feature->flags = 0x08;
10329	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10330		feature->flags |= SGC_F_CURRENT;
10331	feature->add_length = 4;
10332	feature->feature_data[0] = 0x01;
10333	feature->feature_data[2] = 0x03;
10334	feature = (struct scsi_get_config_feature *)
10335	    &feature->feature_data[feature->add_length];
10336
10337f2a:	/* DVD+RW */
10338	scsi_ulto2b(0x002A, feature->feature_code);
10339	feature->flags = 0x04;
10340	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10341		feature->flags |= SGC_F_CURRENT;
10342	feature->add_length = 4;
10343	feature->feature_data[0] = 0x00;
10344	feature->feature_data[1] = 0x00;
10345	feature = (struct scsi_get_config_feature *)
10346	    &feature->feature_data[feature->add_length];
10347
10348f2b:	/* DVD+R */
10349	scsi_ulto2b(0x002B, feature->feature_code);
10350	feature->flags = 0x00;
10351	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10352		feature->flags |= SGC_F_CURRENT;
10353	feature->add_length = 4;
10354	feature->feature_data[0] = 0x00;
10355	feature = (struct scsi_get_config_feature *)
10356	    &feature->feature_data[feature->add_length];
10357
10358f3a:	/* DVD+RW Dual Layer */
10359	scsi_ulto2b(0x003A, feature->feature_code);
10360	feature->flags = 0x00;
10361	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10362		feature->flags |= SGC_F_CURRENT;
10363	feature->add_length = 4;
10364	feature->feature_data[0] = 0x00;
10365	feature->feature_data[1] = 0x00;
10366	feature = (struct scsi_get_config_feature *)
10367	    &feature->feature_data[feature->add_length];
10368
10369f3b:	/* DVD+R Dual Layer */
10370	scsi_ulto2b(0x003B, feature->feature_code);
10371	feature->flags = 0x00;
10372	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10373		feature->flags |= SGC_F_CURRENT;
10374	feature->add_length = 4;
10375	feature->feature_data[0] = 0x00;
10376	feature = (struct scsi_get_config_feature *)
10377	    &feature->feature_data[feature->add_length];
10378
10379done:
10380	data_len = (uint8_t *)feature - (uint8_t *)hdr;
10381	if (rt == SGC_RT_SPECIFIC && data_len > 4) {
10382		feature = (struct scsi_get_config_feature *)(hdr + 1);
10383		if (scsi_2btoul(feature->feature_code) == starting)
10384			feature = (struct scsi_get_config_feature *)
10385			    &feature->feature_data[feature->add_length];
10386		data_len = (uint8_t *)feature - (uint8_t *)hdr;
10387	}
10388	scsi_ulto4b(data_len - 4, hdr->data_length);
10389	ctsio->kern_data_len = min(data_len, alloc_len);
10390	ctsio->kern_total_len = ctsio->kern_data_len;
10391
10392	ctl_set_success(ctsio);
10393	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10394	ctsio->be_move_done = ctl_config_move_done;
10395	ctl_datamove((union ctl_io *)ctsio);
10396	return (CTL_RETVAL_COMPLETE);
10397}
10398
10399int
10400ctl_get_event_status(struct ctl_scsiio *ctsio)
10401{
10402	struct scsi_get_event_status_header *hdr;
10403	struct scsi_get_event_status *cdb;
10404	uint32_t alloc_len, data_len;
10405	int notif_class;
10406
10407	cdb = (struct scsi_get_event_status *)ctsio->cdb;
10408	if ((cdb->byte2 & SGESN_POLLED) == 0) {
10409		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
10410		    /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
10411		ctl_done((union ctl_io *)ctsio);
10412		return (CTL_RETVAL_COMPLETE);
10413	}
10414	notif_class = cdb->notif_class;
10415	alloc_len = scsi_2btoul(cdb->length);
10416
10417	data_len = sizeof(struct scsi_get_event_status_header);
10418	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10419	ctsio->kern_sg_entries = 0;
10420	ctsio->kern_rel_offset = 0;
10421	ctsio->kern_data_len = min(data_len, alloc_len);
10422	ctsio->kern_total_len = ctsio->kern_data_len;
10423
10424	hdr = (struct scsi_get_event_status_header *)ctsio->kern_data_ptr;
10425	scsi_ulto2b(0, hdr->descr_length);
10426	hdr->nea_class = SGESN_NEA;
10427	hdr->supported_class = 0;
10428
10429	ctl_set_success(ctsio);
10430	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10431	ctsio->be_move_done = ctl_config_move_done;
10432	ctl_datamove((union ctl_io *)ctsio);
10433	return (CTL_RETVAL_COMPLETE);
10434}
10435
10436int
10437ctl_mechanism_status(struct ctl_scsiio *ctsio)
10438{
10439	struct scsi_mechanism_status_header *hdr;
10440	struct scsi_mechanism_status *cdb;
10441	uint32_t alloc_len, data_len;
10442
10443	cdb = (struct scsi_mechanism_status *)ctsio->cdb;
10444	alloc_len = scsi_2btoul(cdb->length);
10445
10446	data_len = sizeof(struct scsi_mechanism_status_header);
10447	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10448	ctsio->kern_sg_entries = 0;
10449	ctsio->kern_rel_offset = 0;
10450	ctsio->kern_data_len = min(data_len, alloc_len);
10451	ctsio->kern_total_len = ctsio->kern_data_len;
10452
10453	hdr = (struct scsi_mechanism_status_header *)ctsio->kern_data_ptr;
10454	hdr->state1 = 0x00;
10455	hdr->state2 = 0xe0;
10456	scsi_ulto3b(0, hdr->lba);
10457	hdr->slots_num = 0;
10458	scsi_ulto2b(0, hdr->slots_length);
10459
10460	ctl_set_success(ctsio);
10461	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10462	ctsio->be_move_done = ctl_config_move_done;
10463	ctl_datamove((union ctl_io *)ctsio);
10464	return (CTL_RETVAL_COMPLETE);
10465}
10466
10467static void
10468ctl_ultomsf(uint32_t lba, uint8_t *buf)
10469{
10470
10471	lba += 150;
10472	buf[0] = 0;
10473	buf[1] = bin2bcd((lba / 75) / 60);
10474	buf[2] = bin2bcd((lba / 75) % 60);
10475	buf[3] = bin2bcd(lba % 75);
10476}
10477
10478int
10479ctl_read_toc(struct ctl_scsiio *ctsio)
10480{
10481	struct ctl_lun *lun = CTL_LUN(ctsio);
10482	struct scsi_read_toc_hdr *hdr;
10483	struct scsi_read_toc_type01_descr *descr;
10484	struct scsi_read_toc *cdb;
10485	uint32_t alloc_len, data_len;
10486	int format, msf;
10487
10488	cdb = (struct scsi_read_toc *)ctsio->cdb;
10489	msf = (cdb->byte2 & CD_MSF) != 0;
10490	format = cdb->format;
10491	alloc_len = scsi_2btoul(cdb->data_len);
10492
10493	data_len = sizeof(struct scsi_read_toc_hdr);
10494	if (format == 0)
10495		data_len += 2 * sizeof(struct scsi_read_toc_type01_descr);
10496	else
10497		data_len += sizeof(struct scsi_read_toc_type01_descr);
10498	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10499	ctsio->kern_sg_entries = 0;
10500	ctsio->kern_rel_offset = 0;
10501	ctsio->kern_data_len = min(data_len, alloc_len);
10502	ctsio->kern_total_len = ctsio->kern_data_len;
10503
10504	hdr = (struct scsi_read_toc_hdr *)ctsio->kern_data_ptr;
10505	if (format == 0) {
10506		scsi_ulto2b(0x12, hdr->data_length);
10507		hdr->first = 1;
10508		hdr->last = 1;
10509		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10510		descr->addr_ctl = 0x14;
10511		descr->track_number = 1;
10512		if (msf)
10513			ctl_ultomsf(0, descr->track_start);
10514		else
10515			scsi_ulto4b(0, descr->track_start);
10516		descr++;
10517		descr->addr_ctl = 0x14;
10518		descr->track_number = 0xaa;
10519		if (msf)
10520			ctl_ultomsf(lun->be_lun->maxlba+1, descr->track_start);
10521		else
10522			scsi_ulto4b(lun->be_lun->maxlba+1, descr->track_start);
10523	} else {
10524		scsi_ulto2b(0x0a, hdr->data_length);
10525		hdr->first = 1;
10526		hdr->last = 1;
10527		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10528		descr->addr_ctl = 0x14;
10529		descr->track_number = 1;
10530		if (msf)
10531			ctl_ultomsf(0, descr->track_start);
10532		else
10533			scsi_ulto4b(0, descr->track_start);
10534	}
10535
10536	ctl_set_success(ctsio);
10537	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10538	ctsio->be_move_done = ctl_config_move_done;
10539	ctl_datamove((union ctl_io *)ctsio);
10540	return (CTL_RETVAL_COMPLETE);
10541}
10542
10543/*
10544 * For known CDB types, parse the LBA and length.
10545 */
10546static int
10547ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10548{
10549	if (io->io_hdr.io_type != CTL_IO_SCSI)
10550		return (1);
10551
10552	switch (io->scsiio.cdb[0]) {
10553	case COMPARE_AND_WRITE: {
10554		struct scsi_compare_and_write *cdb;
10555
10556		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10557
10558		*lba = scsi_8btou64(cdb->addr);
10559		*len = cdb->length;
10560		break;
10561	}
10562	case READ_6:
10563	case WRITE_6: {
10564		struct scsi_rw_6 *cdb;
10565
10566		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10567
10568		*lba = scsi_3btoul(cdb->addr);
10569		/* only 5 bits are valid in the most significant address byte */
10570		*lba &= 0x1fffff;
10571		*len = cdb->length;
10572		break;
10573	}
10574	case READ_10:
10575	case WRITE_10: {
10576		struct scsi_rw_10 *cdb;
10577
10578		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10579
10580		*lba = scsi_4btoul(cdb->addr);
10581		*len = scsi_2btoul(cdb->length);
10582		break;
10583	}
10584	case WRITE_VERIFY_10: {
10585		struct scsi_write_verify_10 *cdb;
10586
10587		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10588
10589		*lba = scsi_4btoul(cdb->addr);
10590		*len = scsi_2btoul(cdb->length);
10591		break;
10592	}
10593	case READ_12:
10594	case WRITE_12: {
10595		struct scsi_rw_12 *cdb;
10596
10597		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10598
10599		*lba = scsi_4btoul(cdb->addr);
10600		*len = scsi_4btoul(cdb->length);
10601		break;
10602	}
10603	case WRITE_VERIFY_12: {
10604		struct scsi_write_verify_12 *cdb;
10605
10606		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10607
10608		*lba = scsi_4btoul(cdb->addr);
10609		*len = scsi_4btoul(cdb->length);
10610		break;
10611	}
10612	case READ_16:
10613	case WRITE_16: {
10614		struct scsi_rw_16 *cdb;
10615
10616		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10617
10618		*lba = scsi_8btou64(cdb->addr);
10619		*len = scsi_4btoul(cdb->length);
10620		break;
10621	}
10622	case WRITE_ATOMIC_16: {
10623		struct scsi_write_atomic_16 *cdb;
10624
10625		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10626
10627		*lba = scsi_8btou64(cdb->addr);
10628		*len = scsi_2btoul(cdb->length);
10629		break;
10630	}
10631	case WRITE_VERIFY_16: {
10632		struct scsi_write_verify_16 *cdb;
10633
10634		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10635
10636		*lba = scsi_8btou64(cdb->addr);
10637		*len = scsi_4btoul(cdb->length);
10638		break;
10639	}
10640	case WRITE_SAME_10: {
10641		struct scsi_write_same_10 *cdb;
10642
10643		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10644
10645		*lba = scsi_4btoul(cdb->addr);
10646		*len = scsi_2btoul(cdb->length);
10647		break;
10648	}
10649	case WRITE_SAME_16: {
10650		struct scsi_write_same_16 *cdb;
10651
10652		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10653
10654		*lba = scsi_8btou64(cdb->addr);
10655		*len = scsi_4btoul(cdb->length);
10656		break;
10657	}
10658	case VERIFY_10: {
10659		struct scsi_verify_10 *cdb;
10660
10661		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10662
10663		*lba = scsi_4btoul(cdb->addr);
10664		*len = scsi_2btoul(cdb->length);
10665		break;
10666	}
10667	case VERIFY_12: {
10668		struct scsi_verify_12 *cdb;
10669
10670		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10671
10672		*lba = scsi_4btoul(cdb->addr);
10673		*len = scsi_4btoul(cdb->length);
10674		break;
10675	}
10676	case VERIFY_16: {
10677		struct scsi_verify_16 *cdb;
10678
10679		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10680
10681		*lba = scsi_8btou64(cdb->addr);
10682		*len = scsi_4btoul(cdb->length);
10683		break;
10684	}
10685	case UNMAP: {
10686		*lba = 0;
10687		*len = UINT64_MAX;
10688		break;
10689	}
10690	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10691		struct scsi_get_lba_status *cdb;
10692
10693		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10694		*lba = scsi_8btou64(cdb->addr);
10695		*len = UINT32_MAX;
10696		break;
10697	}
10698	default:
10699		return (1);
10700		break; /* NOTREACHED */
10701	}
10702
10703	return (0);
10704}
10705
10706static ctl_action
10707ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10708    bool seq)
10709{
10710	uint64_t endlba1, endlba2;
10711
10712	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10713	endlba2 = lba2 + len2 - 1;
10714
10715	if ((endlba1 < lba2) || (endlba2 < lba1))
10716		return (CTL_ACTION_PASS);
10717	else
10718		return (CTL_ACTION_BLOCK);
10719}
10720
10721static int
10722ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10723{
10724	struct ctl_ptr_len_flags *ptrlen;
10725	struct scsi_unmap_desc *buf, *end, *range;
10726	uint64_t lba;
10727	uint32_t len;
10728
10729	/* If not UNMAP -- go other way. */
10730	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10731	    io->scsiio.cdb[0] != UNMAP)
10732		return (CTL_ACTION_ERROR);
10733
10734	/* If UNMAP without data -- block and wait for data. */
10735	ptrlen = (struct ctl_ptr_len_flags *)
10736	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10737	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10738	    ptrlen->ptr == NULL)
10739		return (CTL_ACTION_BLOCK);
10740
10741	/* UNMAP with data -- check for collision. */
10742	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10743	end = buf + ptrlen->len / sizeof(*buf);
10744	for (range = buf; range < end; range++) {
10745		lba = scsi_8btou64(range->lba);
10746		len = scsi_4btoul(range->length);
10747		if ((lba < lba2 + len2) && (lba + len > lba2))
10748			return (CTL_ACTION_BLOCK);
10749	}
10750	return (CTL_ACTION_PASS);
10751}
10752
10753static ctl_action
10754ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10755{
10756	uint64_t lba1, lba2;
10757	uint64_t len1, len2;
10758	int retval;
10759
10760	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10761		return (CTL_ACTION_ERROR);
10762
10763	retval = ctl_extent_check_unmap(io1, lba2, len2);
10764	if (retval != CTL_ACTION_ERROR)
10765		return (retval);
10766
10767	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10768		return (CTL_ACTION_ERROR);
10769
10770	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10771		seq = FALSE;
10772	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10773}
10774
10775static ctl_action
10776ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10777{
10778	uint64_t lba1, lba2;
10779	uint64_t len1, len2;
10780
10781	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10782		return (CTL_ACTION_PASS);
10783	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10784		return (CTL_ACTION_ERROR);
10785	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10786		return (CTL_ACTION_ERROR);
10787
10788	if (lba1 + len1 == lba2)
10789		return (CTL_ACTION_BLOCK);
10790	return (CTL_ACTION_PASS);
10791}
10792
10793static ctl_action
10794ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10795    union ctl_io *ooa_io)
10796{
10797	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10798	const ctl_serialize_action *serialize_row;
10799
10800	/*
10801	 * Aborted commands are not going to be executed and may even
10802	 * not report completion, so we don't care about their order.
10803	 * Let them complete ASAP to clean the OOA queue.
10804	 */
10805	if (pending_io->io_hdr.flags & CTL_FLAG_ABORT)
10806		return (CTL_ACTION_SKIP);
10807
10808	/*
10809	 * The initiator attempted multiple untagged commands at the same
10810	 * time.  Can't do that.
10811	 */
10812	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10813	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10814	 && ((pending_io->io_hdr.nexus.targ_port ==
10815	      ooa_io->io_hdr.nexus.targ_port)
10816	  && (pending_io->io_hdr.nexus.initid ==
10817	      ooa_io->io_hdr.nexus.initid))
10818	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10819	      CTL_FLAG_STATUS_SENT)) == 0))
10820		return (CTL_ACTION_OVERLAP);
10821
10822	/*
10823	 * The initiator attempted to send multiple tagged commands with
10824	 * the same ID.  (It's fine if different initiators have the same
10825	 * tag ID.)
10826	 *
10827	 * Even if all of those conditions are true, we don't kill the I/O
10828	 * if the command ahead of us has been aborted.  We won't end up
10829	 * sending it to the FETD, and it's perfectly legal to resend a
10830	 * command with the same tag number as long as the previous
10831	 * instance of this tag number has been aborted somehow.
10832	 */
10833	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10834	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10835	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10836	 && ((pending_io->io_hdr.nexus.targ_port ==
10837	      ooa_io->io_hdr.nexus.targ_port)
10838	  && (pending_io->io_hdr.nexus.initid ==
10839	      ooa_io->io_hdr.nexus.initid))
10840	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10841	      CTL_FLAG_STATUS_SENT)) == 0))
10842		return (CTL_ACTION_OVERLAP_TAG);
10843
10844	/*
10845	 * If we get a head of queue tag, SAM-3 says that we should
10846	 * immediately execute it.
10847	 *
10848	 * What happens if this command would normally block for some other
10849	 * reason?  e.g. a request sense with a head of queue tag
10850	 * immediately after a write.  Normally that would block, but this
10851	 * will result in its getting executed immediately...
10852	 *
10853	 * We currently return "pass" instead of "skip", so we'll end up
10854	 * going through the rest of the queue to check for overlapped tags.
10855	 *
10856	 * XXX KDM check for other types of blockage first??
10857	 */
10858	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10859		return (CTL_ACTION_PASS);
10860
10861	/*
10862	 * Ordered tags have to block until all items ahead of them
10863	 * have completed.  If we get called with an ordered tag, we always
10864	 * block, if something else is ahead of us in the queue.
10865	 */
10866	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10867		return (CTL_ACTION_BLOCK);
10868
10869	/*
10870	 * Simple tags get blocked until all head of queue and ordered tags
10871	 * ahead of them have completed.  I'm lumping untagged commands in
10872	 * with simple tags here.  XXX KDM is that the right thing to do?
10873	 */
10874	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10875	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10876	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10877	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10878		return (CTL_ACTION_BLOCK);
10879
10880	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10881	KASSERT(pending_entry->seridx < CTL_SERIDX_COUNT,
10882	    ("%s: Invalid seridx %d for pending CDB %02x %02x @ %p",
10883	     __func__, pending_entry->seridx, pending_io->scsiio.cdb[0],
10884	     pending_io->scsiio.cdb[1], pending_io));
10885	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10886	if (ooa_entry->seridx == CTL_SERIDX_INVLD)
10887		return (CTL_ACTION_PASS); /* Unsupported command in OOA queue */
10888	KASSERT(ooa_entry->seridx < CTL_SERIDX_COUNT,
10889	    ("%s: Invalid seridx %d for ooa CDB %02x %02x @ %p",
10890	     __func__, ooa_entry->seridx, ooa_io->scsiio.cdb[0],
10891	     ooa_io->scsiio.cdb[1], ooa_io));
10892
10893	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10894
10895	switch (serialize_row[pending_entry->seridx]) {
10896	case CTL_SER_BLOCK:
10897		return (CTL_ACTION_BLOCK);
10898	case CTL_SER_EXTENT:
10899		return (ctl_extent_check(ooa_io, pending_io,
10900		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10901	case CTL_SER_EXTENTOPT:
10902		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
10903		    SCP_QUEUE_ALG_UNRESTRICTED)
10904			return (ctl_extent_check(ooa_io, pending_io,
10905			    (lun->be_lun &&
10906			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10907		return (CTL_ACTION_PASS);
10908	case CTL_SER_EXTENTSEQ:
10909		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10910			return (ctl_extent_check_seq(ooa_io, pending_io));
10911		return (CTL_ACTION_PASS);
10912	case CTL_SER_PASS:
10913		return (CTL_ACTION_PASS);
10914	case CTL_SER_BLOCKOPT:
10915		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
10916		    SCP_QUEUE_ALG_UNRESTRICTED)
10917			return (CTL_ACTION_BLOCK);
10918		return (CTL_ACTION_PASS);
10919	case CTL_SER_SKIP:
10920		return (CTL_ACTION_SKIP);
10921	default:
10922		panic("%s: Invalid serialization value %d for %d => %d",
10923		    __func__, serialize_row[pending_entry->seridx],
10924		    pending_entry->seridx, ooa_entry->seridx);
10925	}
10926
10927	return (CTL_ACTION_ERROR);
10928}
10929
10930/*
10931 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10932 * Assumptions:
10933 * - pending_io is generally either incoming, or on the blocked queue
10934 * - starting I/O is the I/O we want to start the check with.
10935 */
10936static ctl_action
10937ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10938	      union ctl_io **starting_io)
10939{
10940	union ctl_io *ooa_io;
10941	ctl_action action;
10942
10943	mtx_assert(&lun->lun_lock, MA_OWNED);
10944
10945	/*
10946	 * Run back along the OOA queue, starting with the current
10947	 * blocked I/O and going through every I/O before it on the
10948	 * queue.  If starting_io is NULL, we'll just end up returning
10949	 * CTL_ACTION_PASS.
10950	 */
10951	for (ooa_io = *starting_io; ooa_io != NULL;
10952	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10953	     ooa_links)){
10954		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10955		if (action != CTL_ACTION_PASS) {
10956			*starting_io = ooa_io;
10957			return (action);
10958		}
10959	}
10960
10961	*starting_io = NULL;
10962	return (CTL_ACTION_PASS);
10963}
10964
10965/*
10966 * Try to unblock the specified I/O.
10967 *
10968 * skip parameter allows explicitly skip present blocker of the I/O,
10969 * starting from the previous one on OOA queue.  It can be used when
10970 * we know for sure that the blocker I/O does no longer count.
10971 */
10972static void
10973ctl_try_unblock_io(struct ctl_lun *lun, union ctl_io *io, bool skip)
10974{
10975	struct ctl_softc *softc = lun->ctl_softc;
10976	union ctl_io *bio, *obio;
10977	const struct ctl_cmd_entry *entry;
10978	union ctl_ha_msg msg_info;
10979	ctl_action action;
10980
10981	mtx_assert(&lun->lun_lock, MA_OWNED);
10982
10983	if (io->io_hdr.blocker == NULL)
10984		return;
10985
10986	obio = bio = io->io_hdr.blocker;
10987	if (skip)
10988		bio = (union ctl_io *)TAILQ_PREV(&bio->io_hdr, ctl_ooaq,
10989		    ooa_links);
10990	action = ctl_check_ooa(lun, io, &bio);
10991	if (action == CTL_ACTION_BLOCK) {
10992		/* Still blocked, but may be by different I/O now. */
10993		if (bio != obio) {
10994			TAILQ_REMOVE(&obio->io_hdr.blocked_queue,
10995			    &io->io_hdr, blocked_links);
10996			TAILQ_INSERT_TAIL(&bio->io_hdr.blocked_queue,
10997			    &io->io_hdr, blocked_links);
10998			io->io_hdr.blocker = bio;
10999		}
11000		return;
11001	}
11002
11003	/* No longer blocked, one way or another. */
11004	TAILQ_REMOVE(&obio->io_hdr.blocked_queue, &io->io_hdr, blocked_links);
11005	io->io_hdr.blocker = NULL;
11006
11007	switch (action) {
11008	case CTL_ACTION_OVERLAP:
11009		ctl_set_overlapped_cmd(&io->scsiio);
11010		goto error;
11011	case CTL_ACTION_OVERLAP_TAG:
11012		ctl_set_overlapped_tag(&io->scsiio,
11013		    io->scsiio.tag_num & 0xff);
11014		goto error;
11015	case CTL_ACTION_PASS:
11016	case CTL_ACTION_SKIP:
11017
11018		/* Serializing commands from the other SC retire there. */
11019		if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) &&
11020		    (softc->ha_mode != CTL_HA_MODE_XFER)) {
11021			io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11022			msg_info.hdr.original_sc = io->io_hdr.remote_io;
11023			msg_info.hdr.serializing_sc = io;
11024			msg_info.hdr.msg_type = CTL_MSG_R2R;
11025			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11026			    sizeof(msg_info.hdr), M_NOWAIT);
11027			break;
11028		}
11029
11030		/*
11031		 * Check this I/O for LUN state changes that may have happened
11032		 * while this command was blocked. The LUN state may have been
11033		 * changed by a command ahead of us in the queue.
11034		 */
11035		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11036		if (ctl_scsiio_lun_check(lun, entry, &io->scsiio) != 0) {
11037			ctl_done(io);
11038			break;
11039		}
11040
11041		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11042		ctl_enqueue_rtr(io);
11043		break;
11044	case CTL_ACTION_ERROR:
11045	default:
11046		ctl_set_internal_failure(&io->scsiio,
11047					 /*sks_valid*/ 0,
11048					 /*retry_count*/ 0);
11049
11050error:
11051		/* Serializing commands from the other SC are done here. */
11052		if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) &&
11053		    (softc->ha_mode != CTL_HA_MODE_XFER)) {
11054			ctl_try_unblock_others(lun, io, TRUE);
11055			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
11056
11057			ctl_copy_sense_data_back(io, &msg_info);
11058			msg_info.hdr.original_sc = io->io_hdr.remote_io;
11059			msg_info.hdr.serializing_sc = NULL;
11060			msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
11061			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11062			    sizeof(msg_info.scsi), M_WAITOK);
11063			ctl_free_io(io);
11064			break;
11065		}
11066
11067		ctl_done(io);
11068		break;
11069	}
11070}
11071
11072/*
11073 * Try to unblock I/Os blocked by the specified I/O.
11074 *
11075 * skip parameter allows explicitly skip the specified I/O as blocker,
11076 * starting from the previous one on the OOA queue.  It can be used when
11077 * we know for sure that the specified I/O does no longer count (done).
11078 * It has to be still on OOA queue though so that we know where to start.
11079 */
11080static void
11081ctl_try_unblock_others(struct ctl_lun *lun, union ctl_io *bio, bool skip)
11082{
11083	union ctl_io *io, *next_io;
11084
11085	mtx_assert(&lun->lun_lock, MA_OWNED);
11086
11087	for (io = (union ctl_io *)TAILQ_FIRST(&bio->io_hdr.blocked_queue);
11088	     io != NULL; io = next_io) {
11089		next_io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr, blocked_links);
11090
11091		KASSERT(io->io_hdr.blocker != NULL,
11092		    ("I/O %p on blocked list without blocker", io));
11093		ctl_try_unblock_io(lun, io, skip);
11094	}
11095	KASSERT(!skip || TAILQ_EMPTY(&bio->io_hdr.blocked_queue),
11096	    ("blocked_queue is not empty after skipping %p", bio));
11097}
11098
11099/*
11100 * This routine (with one exception) checks LUN flags that can be set by
11101 * commands ahead of us in the OOA queue.  These flags have to be checked
11102 * when a command initially comes in, and when we pull a command off the
11103 * blocked queue and are preparing to execute it.  The reason we have to
11104 * check these flags for commands on the blocked queue is that the LUN
11105 * state may have been changed by a command ahead of us while we're on the
11106 * blocked queue.
11107 *
11108 * Ordering is somewhat important with these checks, so please pay
11109 * careful attention to the placement of any new checks.
11110 */
11111static int
11112ctl_scsiio_lun_check(struct ctl_lun *lun,
11113    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11114{
11115	struct ctl_softc *softc = lun->ctl_softc;
11116	int retval;
11117	uint32_t residx;
11118
11119	retval = 0;
11120
11121	mtx_assert(&lun->lun_lock, MA_OWNED);
11122
11123	/*
11124	 * If this shelf is a secondary shelf controller, we may have to
11125	 * reject some commands disallowed by HA mode and link state.
11126	 */
11127	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11128		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11129		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11130			ctl_set_lun_unavail(ctsio);
11131			retval = 1;
11132			goto bailout;
11133		}
11134		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11135		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11136			ctl_set_lun_transit(ctsio);
11137			retval = 1;
11138			goto bailout;
11139		}
11140		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11141		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11142			ctl_set_lun_standby(ctsio);
11143			retval = 1;
11144			goto bailout;
11145		}
11146
11147		/* The rest of checks are only done on executing side */
11148		if (softc->ha_mode == CTL_HA_MODE_XFER)
11149			goto bailout;
11150	}
11151
11152	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11153		if (lun->be_lun &&
11154		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11155			ctl_set_hw_write_protected(ctsio);
11156			retval = 1;
11157			goto bailout;
11158		}
11159		if ((lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0) {
11160			ctl_set_sense(ctsio, /*current_error*/ 1,
11161			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11162			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11163			retval = 1;
11164			goto bailout;
11165		}
11166	}
11167
11168	/*
11169	 * Check for a reservation conflict.  If this command isn't allowed
11170	 * even on reserved LUNs, and if this initiator isn't the one who
11171	 * reserved us, reject the command with a reservation conflict.
11172	 */
11173	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11174	if ((lun->flags & CTL_LUN_RESERVED)
11175	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11176		if (lun->res_idx != residx) {
11177			ctl_set_reservation_conflict(ctsio);
11178			retval = 1;
11179			goto bailout;
11180		}
11181	}
11182
11183	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11184	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11185		/* No reservation or command is allowed. */;
11186	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11187	    (lun->pr_res_type == SPR_TYPE_WR_EX ||
11188	     lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
11189	     lun->pr_res_type == SPR_TYPE_WR_EX_AR)) {
11190		/* The command is allowed for Write Exclusive resv. */;
11191	} else {
11192		/*
11193		 * if we aren't registered or it's a res holder type
11194		 * reservation and this isn't the res holder then set a
11195		 * conflict.
11196		 */
11197		if (ctl_get_prkey(lun, residx) == 0 ||
11198		    (residx != lun->pr_res_idx && lun->pr_res_type < 4)) {
11199			ctl_set_reservation_conflict(ctsio);
11200			retval = 1;
11201			goto bailout;
11202		}
11203	}
11204
11205	if ((entry->flags & CTL_CMD_FLAG_OK_ON_NO_MEDIA) == 0) {
11206		if (lun->flags & CTL_LUN_EJECTED)
11207			ctl_set_lun_ejected(ctsio);
11208		else if (lun->flags & CTL_LUN_NO_MEDIA) {
11209			if (lun->flags & CTL_LUN_REMOVABLE)
11210				ctl_set_lun_no_media(ctsio);
11211			else
11212				ctl_set_lun_int_reqd(ctsio);
11213		} else if (lun->flags & CTL_LUN_STOPPED)
11214			ctl_set_lun_stopped(ctsio);
11215		else
11216			goto bailout;
11217		retval = 1;
11218		goto bailout;
11219	}
11220
11221bailout:
11222	return (retval);
11223}
11224
11225static void
11226ctl_failover_io(union ctl_io *io, int have_lock)
11227{
11228	ctl_set_busy(&io->scsiio);
11229	ctl_done(io);
11230}
11231
11232static void
11233ctl_failover_lun(union ctl_io *rio)
11234{
11235	struct ctl_softc *softc = CTL_SOFTC(rio);
11236	struct ctl_lun *lun;
11237	struct ctl_io_hdr *io, *next_io;
11238	uint32_t targ_lun;
11239
11240	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
11241	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
11242
11243	/* Find and lock the LUN. */
11244	mtx_lock(&softc->ctl_lock);
11245	if (targ_lun > ctl_max_luns ||
11246	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11247		mtx_unlock(&softc->ctl_lock);
11248		return;
11249	}
11250	mtx_lock(&lun->lun_lock);
11251	mtx_unlock(&softc->ctl_lock);
11252	if (lun->flags & CTL_LUN_DISABLED) {
11253		mtx_unlock(&lun->lun_lock);
11254		return;
11255	}
11256
11257	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11258		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11259			/* We are master */
11260			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11261				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11262					io->flags |= CTL_FLAG_ABORT;
11263					io->flags |= CTL_FLAG_FAILOVER;
11264					ctl_try_unblock_io(lun,
11265					    (union ctl_io *)io, FALSE);
11266				} else { /* This can be only due to DATAMOVE */
11267					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11268					io->flags &= ~CTL_FLAG_DMA_INPROG;
11269					io->flags |= CTL_FLAG_IO_ACTIVE;
11270					io->port_status = 31340;
11271					ctl_enqueue_isc((union ctl_io *)io);
11272				}
11273			} else
11274			/* We are slave */
11275			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11276				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11277				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11278					io->flags |= CTL_FLAG_FAILOVER;
11279				} else {
11280					ctl_set_busy(&((union ctl_io *)io)->
11281					    scsiio);
11282					ctl_done((union ctl_io *)io);
11283				}
11284			}
11285		}
11286	} else { /* SERIALIZE modes */
11287		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11288			/* We are master */
11289			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11290				if (io->blocker != NULL) {
11291					TAILQ_REMOVE(&io->blocker->io_hdr.blocked_queue,
11292					    io, blocked_links);
11293					io->blocker = NULL;
11294				}
11295				ctl_try_unblock_others(lun, (union ctl_io *)io,
11296				    TRUE);
11297				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11298				ctl_free_io((union ctl_io *)io);
11299			} else
11300			/* We are slave */
11301			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11302				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11303				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11304					ctl_set_busy(&((union ctl_io *)io)->
11305					    scsiio);
11306					ctl_done((union ctl_io *)io);
11307				}
11308			}
11309		}
11310	}
11311	mtx_unlock(&lun->lun_lock);
11312}
11313
11314static int
11315ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11316{
11317	struct ctl_lun *lun;
11318	const struct ctl_cmd_entry *entry;
11319	union ctl_io *bio;
11320	uint32_t initidx, targ_lun;
11321	int retval = 0;
11322
11323	lun = NULL;
11324	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11325	if (targ_lun < ctl_max_luns)
11326		lun = softc->ctl_luns[targ_lun];
11327	if (lun) {
11328		/*
11329		 * If the LUN is invalid, pretend that it doesn't exist.
11330		 * It will go away as soon as all pending I/O has been
11331		 * completed.
11332		 */
11333		mtx_lock(&lun->lun_lock);
11334		if (lun->flags & CTL_LUN_DISABLED) {
11335			mtx_unlock(&lun->lun_lock);
11336			lun = NULL;
11337		}
11338	}
11339	CTL_LUN(ctsio) = lun;
11340	if (lun) {
11341		CTL_BACKEND_LUN(ctsio) = lun->be_lun;
11342
11343		/*
11344		 * Every I/O goes into the OOA queue for a particular LUN,
11345		 * and stays there until completion.
11346		 */
11347#ifdef CTL_TIME_IO
11348		if (TAILQ_EMPTY(&lun->ooa_queue))
11349			lun->idle_time += getsbinuptime() - lun->last_busy;
11350#endif
11351		TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
11352	}
11353
11354	/* Get command entry and return error if it is unsuppotyed. */
11355	entry = ctl_validate_command(ctsio);
11356	if (entry == NULL) {
11357		if (lun)
11358			mtx_unlock(&lun->lun_lock);
11359		return (retval);
11360	}
11361
11362	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11363	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11364
11365	/*
11366	 * Check to see whether we can send this command to LUNs that don't
11367	 * exist.  This should pretty much only be the case for inquiry
11368	 * and request sense.  Further checks, below, really require having
11369	 * a LUN, so we can't really check the command anymore.  Just put
11370	 * it on the rtr queue.
11371	 */
11372	if (lun == NULL) {
11373		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11374			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11375			ctl_enqueue_rtr((union ctl_io *)ctsio);
11376			return (retval);
11377		}
11378
11379		ctl_set_unsupported_lun(ctsio);
11380		ctl_done((union ctl_io *)ctsio);
11381		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11382		return (retval);
11383	} else {
11384		/*
11385		 * Make sure we support this particular command on this LUN.
11386		 * e.g., we don't support writes to the control LUN.
11387		 */
11388		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11389			mtx_unlock(&lun->lun_lock);
11390			ctl_set_invalid_opcode(ctsio);
11391			ctl_done((union ctl_io *)ctsio);
11392			return (retval);
11393		}
11394	}
11395
11396	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11397
11398	/*
11399	 * If we've got a request sense, it'll clear the contingent
11400	 * allegiance condition.  Otherwise, if we have a CA condition for
11401	 * this initiator, clear it, because it sent down a command other
11402	 * than request sense.
11403	 */
11404	if (ctsio->cdb[0] != REQUEST_SENSE) {
11405		struct scsi_sense_data *ps;
11406
11407		ps = lun->pending_sense[initidx / CTL_MAX_INIT_PER_PORT];
11408		if (ps != NULL)
11409			ps[initidx % CTL_MAX_INIT_PER_PORT].error_code = 0;
11410	}
11411
11412	/*
11413	 * If the command has this flag set, it handles its own unit
11414	 * attention reporting, we shouldn't do anything.  Otherwise we
11415	 * check for any pending unit attentions, and send them back to the
11416	 * initiator.  We only do this when a command initially comes in,
11417	 * not when we pull it off the blocked queue.
11418	 *
11419	 * According to SAM-3, section 5.3.2, the order that things get
11420	 * presented back to the host is basically unit attentions caused
11421	 * by some sort of reset event, busy status, reservation conflicts
11422	 * or task set full, and finally any other status.
11423	 *
11424	 * One issue here is that some of the unit attentions we report
11425	 * don't fall into the "reset" category (e.g. "reported luns data
11426	 * has changed").  So reporting it here, before the reservation
11427	 * check, may be technically wrong.  I guess the only thing to do
11428	 * would be to check for and report the reset events here, and then
11429	 * check for the other unit attention types after we check for a
11430	 * reservation conflict.
11431	 *
11432	 * XXX KDM need to fix this
11433	 */
11434	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11435		ctl_ua_type ua_type;
11436		u_int sense_len = 0;
11437
11438		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11439		    &sense_len, SSD_TYPE_NONE);
11440		if (ua_type != CTL_UA_NONE) {
11441			mtx_unlock(&lun->lun_lock);
11442			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11443			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11444			ctsio->sense_len = sense_len;
11445			ctl_done((union ctl_io *)ctsio);
11446			return (retval);
11447		}
11448	}
11449
11450
11451	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11452		mtx_unlock(&lun->lun_lock);
11453		ctl_done((union ctl_io *)ctsio);
11454		return (retval);
11455	}
11456
11457	/*
11458	 * XXX CHD this is where we want to send IO to other side if
11459	 * this LUN is secondary on this SC. We will need to make a copy
11460	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11461	 * the copy we send as FROM_OTHER.
11462	 * We also need to stuff the address of the original IO so we can
11463	 * find it easily. Something similar will need be done on the other
11464	 * side so when we are done we can find the copy.
11465	 */
11466	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11467	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11468	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11469		union ctl_ha_msg msg_info;
11470		int isc_retval;
11471
11472		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11473		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11474		mtx_unlock(&lun->lun_lock);
11475
11476		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11477		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11478		msg_info.hdr.serializing_sc = NULL;
11479		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11480		msg_info.scsi.tag_num = ctsio->tag_num;
11481		msg_info.scsi.tag_type = ctsio->tag_type;
11482		msg_info.scsi.cdb_len = ctsio->cdb_len;
11483		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11484
11485		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11486		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11487		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11488			ctl_set_busy(ctsio);
11489			ctl_done((union ctl_io *)ctsio);
11490			return (retval);
11491		}
11492		return (retval);
11493	}
11494
11495	bio = (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq, ooa_links);
11496	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio, &bio)) {
11497	case CTL_ACTION_BLOCK:
11498		ctsio->io_hdr.blocker = bio;
11499		TAILQ_INSERT_TAIL(&bio->io_hdr.blocked_queue, &ctsio->io_hdr,
11500				  blocked_links);
11501		mtx_unlock(&lun->lun_lock);
11502		return (retval);
11503	case CTL_ACTION_PASS:
11504	case CTL_ACTION_SKIP:
11505		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11506		mtx_unlock(&lun->lun_lock);
11507		ctl_enqueue_rtr((union ctl_io *)ctsio);
11508		break;
11509	case CTL_ACTION_OVERLAP:
11510		mtx_unlock(&lun->lun_lock);
11511		ctl_set_overlapped_cmd(ctsio);
11512		ctl_done((union ctl_io *)ctsio);
11513		break;
11514	case CTL_ACTION_OVERLAP_TAG:
11515		mtx_unlock(&lun->lun_lock);
11516		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11517		ctl_done((union ctl_io *)ctsio);
11518		break;
11519	case CTL_ACTION_ERROR:
11520	default:
11521		mtx_unlock(&lun->lun_lock);
11522		ctl_set_internal_failure(ctsio,
11523					 /*sks_valid*/ 0,
11524					 /*retry_count*/ 0);
11525		ctl_done((union ctl_io *)ctsio);
11526		break;
11527	}
11528	return (retval);
11529}
11530
11531const struct ctl_cmd_entry *
11532ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11533{
11534	const struct ctl_cmd_entry *entry;
11535	int service_action;
11536
11537	entry = &ctl_cmd_table[ctsio->cdb[0]];
11538	if (sa)
11539		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11540	if (entry->flags & CTL_CMD_FLAG_SA5) {
11541		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11542		entry = &((const struct ctl_cmd_entry *)
11543		    entry->execute)[service_action];
11544	}
11545	return (entry);
11546}
11547
11548const struct ctl_cmd_entry *
11549ctl_validate_command(struct ctl_scsiio *ctsio)
11550{
11551	const struct ctl_cmd_entry *entry;
11552	int i, sa;
11553	uint8_t diff;
11554
11555	entry = ctl_get_cmd_entry(ctsio, &sa);
11556	if (entry->execute == NULL) {
11557		if (sa)
11558			ctl_set_invalid_field(ctsio,
11559					      /*sks_valid*/ 1,
11560					      /*command*/ 1,
11561					      /*field*/ 1,
11562					      /*bit_valid*/ 1,
11563					      /*bit*/ 4);
11564		else
11565			ctl_set_invalid_opcode(ctsio);
11566		ctl_done((union ctl_io *)ctsio);
11567		return (NULL);
11568	}
11569	KASSERT(entry->length > 0,
11570	    ("Not defined length for command 0x%02x/0x%02x",
11571	     ctsio->cdb[0], ctsio->cdb[1]));
11572	for (i = 1; i < entry->length; i++) {
11573		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11574		if (diff == 0)
11575			continue;
11576		ctl_set_invalid_field(ctsio,
11577				      /*sks_valid*/ 1,
11578				      /*command*/ 1,
11579				      /*field*/ i,
11580				      /*bit_valid*/ 1,
11581				      /*bit*/ fls(diff) - 1);
11582		ctl_done((union ctl_io *)ctsio);
11583		return (NULL);
11584	}
11585	return (entry);
11586}
11587
11588static int
11589ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11590{
11591
11592	switch (lun_type) {
11593	case T_DIRECT:
11594		if ((entry->flags & CTL_CMD_FLAG_OK_ON_DIRECT) == 0)
11595			return (0);
11596		break;
11597	case T_PROCESSOR:
11598		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11599			return (0);
11600		break;
11601	case T_CDROM:
11602		if ((entry->flags & CTL_CMD_FLAG_OK_ON_CDROM) == 0)
11603			return (0);
11604		break;
11605	default:
11606		return (0);
11607	}
11608	return (1);
11609}
11610
11611static int
11612ctl_scsiio(struct ctl_scsiio *ctsio)
11613{
11614	int retval;
11615	const struct ctl_cmd_entry *entry;
11616
11617	retval = CTL_RETVAL_COMPLETE;
11618
11619	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11620
11621	entry = ctl_get_cmd_entry(ctsio, NULL);
11622
11623	/*
11624	 * If this I/O has been aborted, just send it straight to
11625	 * ctl_done() without executing it.
11626	 */
11627	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11628		ctl_done((union ctl_io *)ctsio);
11629		goto bailout;
11630	}
11631
11632	/*
11633	 * All the checks should have been handled by ctl_scsiio_precheck().
11634	 * We should be clear now to just execute the I/O.
11635	 */
11636	retval = entry->execute(ctsio);
11637
11638bailout:
11639	return (retval);
11640}
11641
11642static int
11643ctl_target_reset(union ctl_io *io)
11644{
11645	struct ctl_softc *softc = CTL_SOFTC(io);
11646	struct ctl_port *port = CTL_PORT(io);
11647	struct ctl_lun *lun;
11648	uint32_t initidx;
11649	ctl_ua_type ua_type;
11650
11651	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11652		union ctl_ha_msg msg_info;
11653
11654		msg_info.hdr.nexus = io->io_hdr.nexus;
11655		msg_info.task.task_action = io->taskio.task_action;
11656		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11657		msg_info.hdr.original_sc = NULL;
11658		msg_info.hdr.serializing_sc = NULL;
11659		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11660		    sizeof(msg_info.task), M_WAITOK);
11661	}
11662
11663	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11664	if (io->taskio.task_action == CTL_TASK_TARGET_RESET)
11665		ua_type = CTL_UA_TARG_RESET;
11666	else
11667		ua_type = CTL_UA_BUS_RESET;
11668	mtx_lock(&softc->ctl_lock);
11669	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11670		if (port != NULL &&
11671		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
11672			continue;
11673		ctl_do_lun_reset(lun, initidx, ua_type);
11674	}
11675	mtx_unlock(&softc->ctl_lock);
11676	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11677	return (0);
11678}
11679
11680/*
11681 * The LUN should always be set.  The I/O is optional, and is used to
11682 * distinguish between I/Os sent by this initiator, and by other
11683 * initiators.  We set unit attention for initiators other than this one.
11684 * SAM-3 is vague on this point.  It does say that a unit attention should
11685 * be established for other initiators when a LUN is reset (see section
11686 * 5.7.3), but it doesn't specifically say that the unit attention should
11687 * be established for this particular initiator when a LUN is reset.  Here
11688 * is the relevant text, from SAM-3 rev 8:
11689 *
11690 * 5.7.2 When a SCSI initiator port aborts its own tasks
11691 *
11692 * When a SCSI initiator port causes its own task(s) to be aborted, no
11693 * notification that the task(s) have been aborted shall be returned to
11694 * the SCSI initiator port other than the completion response for the
11695 * command or task management function action that caused the task(s) to
11696 * be aborted and notification(s) associated with related effects of the
11697 * action (e.g., a reset unit attention condition).
11698 *
11699 * XXX KDM for now, we're setting unit attention for all initiators.
11700 */
11701static void
11702ctl_do_lun_reset(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua_type)
11703{
11704	union ctl_io *xio;
11705	int i;
11706
11707	mtx_lock(&lun->lun_lock);
11708	/* Abort tasks. */
11709	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11710	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11711		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11712		ctl_try_unblock_io(lun, xio, FALSE);
11713	}
11714	/* Clear CA. */
11715	for (i = 0; i < ctl_max_ports; i++) {
11716		free(lun->pending_sense[i], M_CTL);
11717		lun->pending_sense[i] = NULL;
11718	}
11719	/* Clear reservation. */
11720	lun->flags &= ~CTL_LUN_RESERVED;
11721	/* Clear prevent media removal. */
11722	if (lun->prevent) {
11723		for (i = 0; i < CTL_MAX_INITIATORS; i++)
11724			ctl_clear_mask(lun->prevent, i);
11725		lun->prevent_count = 0;
11726	}
11727	/* Clear TPC status */
11728	ctl_tpc_lun_clear(lun, -1);
11729	/* Establish UA. */
11730#if 0
11731	ctl_est_ua_all(lun, initidx, ua_type);
11732#else
11733	ctl_est_ua_all(lun, -1, ua_type);
11734#endif
11735	mtx_unlock(&lun->lun_lock);
11736}
11737
11738static int
11739ctl_lun_reset(union ctl_io *io)
11740{
11741	struct ctl_softc *softc = CTL_SOFTC(io);
11742	struct ctl_lun *lun;
11743	uint32_t targ_lun, initidx;
11744
11745	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11746	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11747	mtx_lock(&softc->ctl_lock);
11748	if (targ_lun >= ctl_max_luns ||
11749	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11750		mtx_unlock(&softc->ctl_lock);
11751		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11752		return (1);
11753	}
11754	ctl_do_lun_reset(lun, initidx, CTL_UA_LUN_RESET);
11755	mtx_unlock(&softc->ctl_lock);
11756	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11757
11758	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11759		union ctl_ha_msg msg_info;
11760
11761		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11762		msg_info.hdr.nexus = io->io_hdr.nexus;
11763		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11764		msg_info.hdr.original_sc = NULL;
11765		msg_info.hdr.serializing_sc = NULL;
11766		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11767		    sizeof(msg_info.task), M_WAITOK);
11768	}
11769	return (0);
11770}
11771
11772static void
11773ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11774    int other_sc)
11775{
11776	union ctl_io *xio;
11777
11778	mtx_assert(&lun->lun_lock, MA_OWNED);
11779
11780	/*
11781	 * Run through the OOA queue and attempt to find the given I/O.
11782	 * The target port, initiator ID, tag type and tag number have to
11783	 * match the values that we got from the initiator.  If we have an
11784	 * untagged command to abort, simply abort the first untagged command
11785	 * we come to.  We only allow one untagged command at a time of course.
11786	 */
11787	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11788	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11789
11790		if ((targ_port == UINT32_MAX ||
11791		     targ_port == xio->io_hdr.nexus.targ_port) &&
11792		    (init_id == UINT32_MAX ||
11793		     init_id == xio->io_hdr.nexus.initid)) {
11794			if (targ_port != xio->io_hdr.nexus.targ_port ||
11795			    init_id != xio->io_hdr.nexus.initid)
11796				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11797			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11798			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11799				union ctl_ha_msg msg_info;
11800
11801				msg_info.hdr.nexus = xio->io_hdr.nexus;
11802				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11803				msg_info.task.tag_num = xio->scsiio.tag_num;
11804				msg_info.task.tag_type = xio->scsiio.tag_type;
11805				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11806				msg_info.hdr.original_sc = NULL;
11807				msg_info.hdr.serializing_sc = NULL;
11808				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11809				    sizeof(msg_info.task), M_NOWAIT);
11810			}
11811			ctl_try_unblock_io(lun, xio, FALSE);
11812		}
11813	}
11814}
11815
11816static int
11817ctl_abort_task_set(union ctl_io *io)
11818{
11819	struct ctl_softc *softc = CTL_SOFTC(io);
11820	struct ctl_lun *lun;
11821	uint32_t targ_lun;
11822
11823	/*
11824	 * Look up the LUN.
11825	 */
11826	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11827	mtx_lock(&softc->ctl_lock);
11828	if (targ_lun >= ctl_max_luns ||
11829	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11830		mtx_unlock(&softc->ctl_lock);
11831		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11832		return (1);
11833	}
11834
11835	mtx_lock(&lun->lun_lock);
11836	mtx_unlock(&softc->ctl_lock);
11837	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11838		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11839		    io->io_hdr.nexus.initid,
11840		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11841	} else { /* CTL_TASK_CLEAR_TASK_SET */
11842		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11843		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11844	}
11845	mtx_unlock(&lun->lun_lock);
11846	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11847	return (0);
11848}
11849
11850static void
11851ctl_i_t_nexus_loss(struct ctl_softc *softc, uint32_t initidx,
11852    ctl_ua_type ua_type)
11853{
11854	struct ctl_lun *lun;
11855	struct scsi_sense_data *ps;
11856	uint32_t p, i;
11857
11858	p = initidx / CTL_MAX_INIT_PER_PORT;
11859	i = initidx % CTL_MAX_INIT_PER_PORT;
11860	mtx_lock(&softc->ctl_lock);
11861	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11862		mtx_lock(&lun->lun_lock);
11863		/* Abort tasks. */
11864		ctl_abort_tasks_lun(lun, p, i, 1);
11865		/* Clear CA. */
11866		ps = lun->pending_sense[p];
11867		if (ps != NULL)
11868			ps[i].error_code = 0;
11869		/* Clear reservation. */
11870		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11871			lun->flags &= ~CTL_LUN_RESERVED;
11872		/* Clear prevent media removal. */
11873		if (lun->prevent && ctl_is_set(lun->prevent, initidx)) {
11874			ctl_clear_mask(lun->prevent, initidx);
11875			lun->prevent_count--;
11876		}
11877		/* Clear TPC status */
11878		ctl_tpc_lun_clear(lun, initidx);
11879		/* Establish UA. */
11880		ctl_est_ua(lun, initidx, ua_type);
11881		mtx_unlock(&lun->lun_lock);
11882	}
11883	mtx_unlock(&softc->ctl_lock);
11884}
11885
11886static int
11887ctl_i_t_nexus_reset(union ctl_io *io)
11888{
11889	struct ctl_softc *softc = CTL_SOFTC(io);
11890	uint32_t initidx;
11891
11892	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11893		union ctl_ha_msg msg_info;
11894
11895		msg_info.hdr.nexus = io->io_hdr.nexus;
11896		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11897		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11898		msg_info.hdr.original_sc = NULL;
11899		msg_info.hdr.serializing_sc = NULL;
11900		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11901		    sizeof(msg_info.task), M_WAITOK);
11902	}
11903
11904	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11905	ctl_i_t_nexus_loss(softc, initidx, CTL_UA_I_T_NEXUS_LOSS);
11906	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11907	return (0);
11908}
11909
11910static int
11911ctl_abort_task(union ctl_io *io)
11912{
11913	struct ctl_softc *softc = CTL_SOFTC(io);
11914	union ctl_io *xio;
11915	struct ctl_lun *lun;
11916	uint32_t targ_lun;
11917
11918	/*
11919	 * Look up the LUN.
11920	 */
11921	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11922	mtx_lock(&softc->ctl_lock);
11923	if (targ_lun >= ctl_max_luns ||
11924	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11925		mtx_unlock(&softc->ctl_lock);
11926		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11927		return (1);
11928	}
11929
11930	mtx_lock(&lun->lun_lock);
11931	mtx_unlock(&softc->ctl_lock);
11932	/*
11933	 * Run through the OOA queue and attempt to find the given I/O.
11934	 * The target port, initiator ID, tag type and tag number have to
11935	 * match the values that we got from the initiator.  If we have an
11936	 * untagged command to abort, simply abort the first untagged command
11937	 * we come to.  We only allow one untagged command at a time of course.
11938	 */
11939	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11940	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11941
11942		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11943		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11944		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11945			continue;
11946
11947		/*
11948		 * If the abort says that the task is untagged, the
11949		 * task in the queue must be untagged.  Otherwise,
11950		 * we just check to see whether the tag numbers
11951		 * match.  This is because the QLogic firmware
11952		 * doesn't pass back the tag type in an abort
11953		 * request.
11954		 */
11955#if 0
11956		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11957		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11958		 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
11959#else
11960		/*
11961		 * XXX KDM we've got problems with FC, because it
11962		 * doesn't send down a tag type with aborts.  So we
11963		 * can only really go by the tag number...
11964		 * This may cause problems with parallel SCSI.
11965		 * Need to figure that out!!
11966		 */
11967		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11968#endif
11969			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11970			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11971			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11972				union ctl_ha_msg msg_info;
11973
11974				msg_info.hdr.nexus = io->io_hdr.nexus;
11975				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11976				msg_info.task.tag_num = io->taskio.tag_num;
11977				msg_info.task.tag_type = io->taskio.tag_type;
11978				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11979				msg_info.hdr.original_sc = NULL;
11980				msg_info.hdr.serializing_sc = NULL;
11981				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11982				    sizeof(msg_info.task), M_NOWAIT);
11983			}
11984			ctl_try_unblock_io(lun, xio, FALSE);
11985		}
11986	}
11987	mtx_unlock(&lun->lun_lock);
11988	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11989	return (0);
11990}
11991
11992static int
11993ctl_query_task(union ctl_io *io, int task_set)
11994{
11995	struct ctl_softc *softc = CTL_SOFTC(io);
11996	union ctl_io *xio;
11997	struct ctl_lun *lun;
11998	int found = 0;
11999	uint32_t targ_lun;
12000
12001	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12002	mtx_lock(&softc->ctl_lock);
12003	if (targ_lun >= ctl_max_luns ||
12004	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12005		mtx_unlock(&softc->ctl_lock);
12006		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12007		return (1);
12008	}
12009	mtx_lock(&lun->lun_lock);
12010	mtx_unlock(&softc->ctl_lock);
12011	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12012	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12013
12014		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12015		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12016		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12017			continue;
12018
12019		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12020			found = 1;
12021			break;
12022		}
12023	}
12024	mtx_unlock(&lun->lun_lock);
12025	if (found)
12026		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12027	else
12028		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12029	return (0);
12030}
12031
12032static int
12033ctl_query_async_event(union ctl_io *io)
12034{
12035	struct ctl_softc *softc = CTL_SOFTC(io);
12036	struct ctl_lun *lun;
12037	ctl_ua_type ua;
12038	uint32_t targ_lun, initidx;
12039
12040	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12041	mtx_lock(&softc->ctl_lock);
12042	if (targ_lun >= ctl_max_luns ||
12043	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12044		mtx_unlock(&softc->ctl_lock);
12045		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12046		return (1);
12047	}
12048	mtx_lock(&lun->lun_lock);
12049	mtx_unlock(&softc->ctl_lock);
12050	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12051	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12052	mtx_unlock(&lun->lun_lock);
12053	if (ua != CTL_UA_NONE)
12054		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12055	else
12056		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12057	return (0);
12058}
12059
12060static void
12061ctl_run_task(union ctl_io *io)
12062{
12063	int retval = 1;
12064
12065	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12066	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12067	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12068	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12069	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12070	switch (io->taskio.task_action) {
12071	case CTL_TASK_ABORT_TASK:
12072		retval = ctl_abort_task(io);
12073		break;
12074	case CTL_TASK_ABORT_TASK_SET:
12075	case CTL_TASK_CLEAR_TASK_SET:
12076		retval = ctl_abort_task_set(io);
12077		break;
12078	case CTL_TASK_CLEAR_ACA:
12079		break;
12080	case CTL_TASK_I_T_NEXUS_RESET:
12081		retval = ctl_i_t_nexus_reset(io);
12082		break;
12083	case CTL_TASK_LUN_RESET:
12084		retval = ctl_lun_reset(io);
12085		break;
12086	case CTL_TASK_TARGET_RESET:
12087	case CTL_TASK_BUS_RESET:
12088		retval = ctl_target_reset(io);
12089		break;
12090	case CTL_TASK_PORT_LOGIN:
12091		break;
12092	case CTL_TASK_PORT_LOGOUT:
12093		break;
12094	case CTL_TASK_QUERY_TASK:
12095		retval = ctl_query_task(io, 0);
12096		break;
12097	case CTL_TASK_QUERY_TASK_SET:
12098		retval = ctl_query_task(io, 1);
12099		break;
12100	case CTL_TASK_QUERY_ASYNC_EVENT:
12101		retval = ctl_query_async_event(io);
12102		break;
12103	default:
12104		printf("%s: got unknown task management event %d\n",
12105		       __func__, io->taskio.task_action);
12106		break;
12107	}
12108	if (retval == 0)
12109		io->io_hdr.status = CTL_SUCCESS;
12110	else
12111		io->io_hdr.status = CTL_ERROR;
12112	ctl_done(io);
12113}
12114
12115/*
12116 * For HA operation.  Handle commands that come in from the other
12117 * controller.
12118 */
12119static void
12120ctl_handle_isc(union ctl_io *io)
12121{
12122	struct ctl_softc *softc = CTL_SOFTC(io);
12123	struct ctl_lun *lun;
12124	const struct ctl_cmd_entry *entry;
12125	uint32_t targ_lun;
12126
12127	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12128	switch (io->io_hdr.msg_type) {
12129	case CTL_MSG_SERIALIZE:
12130		ctl_serialize_other_sc_cmd(&io->scsiio);
12131		break;
12132	case CTL_MSG_R2R:		/* Only used in SER_ONLY mode. */
12133		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12134		if (targ_lun >= ctl_max_luns ||
12135		    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12136			ctl_done(io);
12137			break;
12138		}
12139		mtx_lock(&lun->lun_lock);
12140		if (ctl_scsiio_lun_check(lun, entry, &io->scsiio) != 0) {
12141			mtx_unlock(&lun->lun_lock);
12142			ctl_done(io);
12143			break;
12144		}
12145		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12146		mtx_unlock(&lun->lun_lock);
12147		ctl_enqueue_rtr(io);
12148		break;
12149	case CTL_MSG_FINISH_IO:
12150		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12151			ctl_done(io);
12152			break;
12153		}
12154		if (targ_lun >= ctl_max_luns ||
12155		    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12156			ctl_free_io(io);
12157			break;
12158		}
12159		mtx_lock(&lun->lun_lock);
12160		ctl_try_unblock_others(lun, io, TRUE);
12161		TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12162		mtx_unlock(&lun->lun_lock);
12163		ctl_free_io(io);
12164		break;
12165	case CTL_MSG_PERS_ACTION:
12166		ctl_hndl_per_res_out_on_other_sc(io);
12167		ctl_free_io(io);
12168		break;
12169	case CTL_MSG_BAD_JUJU:
12170		ctl_done(io);
12171		break;
12172	case CTL_MSG_DATAMOVE:		/* Only used in XFER mode */
12173		ctl_datamove_remote(io);
12174		break;
12175	case CTL_MSG_DATAMOVE_DONE:	/* Only used in XFER mode */
12176		io->scsiio.be_move_done(io);
12177		break;
12178	case CTL_MSG_FAILOVER:
12179		ctl_failover_lun(io);
12180		ctl_free_io(io);
12181		break;
12182	default:
12183		printf("%s: Invalid message type %d\n",
12184		       __func__, io->io_hdr.msg_type);
12185		ctl_free_io(io);
12186		break;
12187	}
12188
12189}
12190
12191
12192/*
12193 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12194 * there is no match.
12195 */
12196static ctl_lun_error_pattern
12197ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12198{
12199	const struct ctl_cmd_entry *entry;
12200	ctl_lun_error_pattern filtered_pattern, pattern;
12201
12202	pattern = desc->error_pattern;
12203
12204	/*
12205	 * XXX KDM we need more data passed into this function to match a
12206	 * custom pattern, and we actually need to implement custom pattern
12207	 * matching.
12208	 */
12209	if (pattern & CTL_LUN_PAT_CMD)
12210		return (CTL_LUN_PAT_CMD);
12211
12212	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12213		return (CTL_LUN_PAT_ANY);
12214
12215	entry = ctl_get_cmd_entry(ctsio, NULL);
12216
12217	filtered_pattern = entry->pattern & pattern;
12218
12219	/*
12220	 * If the user requested specific flags in the pattern (e.g.
12221	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12222	 * flags.
12223	 *
12224	 * If the user did not specify any flags, it doesn't matter whether
12225	 * or not the command supports the flags.
12226	 */
12227	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12228	     (pattern & ~CTL_LUN_PAT_MASK))
12229		return (CTL_LUN_PAT_NONE);
12230
12231	/*
12232	 * If the user asked for a range check, see if the requested LBA
12233	 * range overlaps with this command's LBA range.
12234	 */
12235	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12236		uint64_t lba1;
12237		uint64_t len1;
12238		ctl_action action;
12239		int retval;
12240
12241		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12242		if (retval != 0)
12243			return (CTL_LUN_PAT_NONE);
12244
12245		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12246					      desc->lba_range.len, FALSE);
12247		/*
12248		 * A "pass" means that the LBA ranges don't overlap, so
12249		 * this doesn't match the user's range criteria.
12250		 */
12251		if (action == CTL_ACTION_PASS)
12252			return (CTL_LUN_PAT_NONE);
12253	}
12254
12255	return (filtered_pattern);
12256}
12257
12258static void
12259ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12260{
12261	struct ctl_error_desc *desc, *desc2;
12262
12263	mtx_assert(&lun->lun_lock, MA_OWNED);
12264
12265	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12266		ctl_lun_error_pattern pattern;
12267		/*
12268		 * Check to see whether this particular command matches
12269		 * the pattern in the descriptor.
12270		 */
12271		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12272		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12273			continue;
12274
12275		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12276		case CTL_LUN_INJ_ABORTED:
12277			ctl_set_aborted(&io->scsiio);
12278			break;
12279		case CTL_LUN_INJ_MEDIUM_ERR:
12280			ctl_set_medium_error(&io->scsiio,
12281			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12282			     CTL_FLAG_DATA_OUT);
12283			break;
12284		case CTL_LUN_INJ_UA:
12285			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12286			 * OCCURRED */
12287			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12288			break;
12289		case CTL_LUN_INJ_CUSTOM:
12290			/*
12291			 * We're assuming the user knows what he is doing.
12292			 * Just copy the sense information without doing
12293			 * checks.
12294			 */
12295			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12296			      MIN(sizeof(desc->custom_sense),
12297				  sizeof(io->scsiio.sense_data)));
12298			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12299			io->scsiio.sense_len = SSD_FULL_SIZE;
12300			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12301			break;
12302		case CTL_LUN_INJ_NONE:
12303		default:
12304			/*
12305			 * If this is an error injection type we don't know
12306			 * about, clear the continuous flag (if it is set)
12307			 * so it will get deleted below.
12308			 */
12309			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12310			break;
12311		}
12312		/*
12313		 * By default, each error injection action is a one-shot
12314		 */
12315		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12316			continue;
12317
12318		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12319
12320		free(desc, M_CTL);
12321	}
12322}
12323
12324#ifdef CTL_IO_DELAY
12325static void
12326ctl_datamove_timer_wakeup(void *arg)
12327{
12328	union ctl_io *io;
12329
12330	io = (union ctl_io *)arg;
12331
12332	ctl_datamove(io);
12333}
12334#endif /* CTL_IO_DELAY */
12335
12336void
12337ctl_datamove(union ctl_io *io)
12338{
12339	void (*fe_datamove)(union ctl_io *io);
12340
12341	mtx_assert(&((struct ctl_softc *)CTL_SOFTC(io))->ctl_lock, MA_NOTOWNED);
12342
12343	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12344
12345	/* No data transferred yet.  Frontend must update this when done. */
12346	io->scsiio.kern_data_resid = io->scsiio.kern_data_len;
12347
12348#ifdef CTL_TIME_IO
12349	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12350		char str[256];
12351		char path_str[64];
12352		struct sbuf sb;
12353
12354		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12355		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12356
12357		sbuf_cat(&sb, path_str);
12358		switch (io->io_hdr.io_type) {
12359		case CTL_IO_SCSI:
12360			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12361			sbuf_printf(&sb, "\n");
12362			sbuf_cat(&sb, path_str);
12363			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12364				    io->scsiio.tag_num, io->scsiio.tag_type);
12365			break;
12366		case CTL_IO_TASK:
12367			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12368				    "Tag Type: %d\n", io->taskio.task_action,
12369				    io->taskio.tag_num, io->taskio.tag_type);
12370			break;
12371		default:
12372			panic("%s: Invalid CTL I/O type %d\n",
12373			    __func__, io->io_hdr.io_type);
12374		}
12375		sbuf_cat(&sb, path_str);
12376		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12377			    (intmax_t)time_uptime - io->io_hdr.start_time);
12378		sbuf_finish(&sb);
12379		printf("%s", sbuf_data(&sb));
12380	}
12381#endif /* CTL_TIME_IO */
12382
12383#ifdef CTL_IO_DELAY
12384	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12385		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12386	} else {
12387		struct ctl_lun *lun;
12388
12389		lun = CTL_LUN(io);
12390		if ((lun != NULL)
12391		 && (lun->delay_info.datamove_delay > 0)) {
12392
12393			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12394			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12395			callout_reset(&io->io_hdr.delay_callout,
12396				      lun->delay_info.datamove_delay * hz,
12397				      ctl_datamove_timer_wakeup, io);
12398			if (lun->delay_info.datamove_type ==
12399			    CTL_DELAY_TYPE_ONESHOT)
12400				lun->delay_info.datamove_delay = 0;
12401			return;
12402		}
12403	}
12404#endif
12405
12406	/*
12407	 * This command has been aborted.  Set the port status, so we fail
12408	 * the data move.
12409	 */
12410	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12411		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12412		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12413		       io->io_hdr.nexus.targ_port,
12414		       io->io_hdr.nexus.targ_lun);
12415		io->io_hdr.port_status = 31337;
12416		/*
12417		 * Note that the backend, in this case, will get the
12418		 * callback in its context.  In other cases it may get
12419		 * called in the frontend's interrupt thread context.
12420		 */
12421		io->scsiio.be_move_done(io);
12422		return;
12423	}
12424
12425	/* Don't confuse frontend with zero length data move. */
12426	if (io->scsiio.kern_data_len == 0) {
12427		io->scsiio.be_move_done(io);
12428		return;
12429	}
12430
12431	fe_datamove = CTL_PORT(io)->fe_datamove;
12432	fe_datamove(io);
12433}
12434
12435static void
12436ctl_send_datamove_done(union ctl_io *io, int have_lock)
12437{
12438	union ctl_ha_msg msg;
12439#ifdef CTL_TIME_IO
12440	struct bintime cur_bt;
12441#endif
12442
12443	memset(&msg, 0, sizeof(msg));
12444	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12445	msg.hdr.original_sc = io;
12446	msg.hdr.serializing_sc = io->io_hdr.remote_io;
12447	msg.hdr.nexus = io->io_hdr.nexus;
12448	msg.hdr.status = io->io_hdr.status;
12449	msg.scsi.kern_data_resid = io->scsiio.kern_data_resid;
12450	msg.scsi.tag_num = io->scsiio.tag_num;
12451	msg.scsi.tag_type = io->scsiio.tag_type;
12452	msg.scsi.scsi_status = io->scsiio.scsi_status;
12453	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12454	       io->scsiio.sense_len);
12455	msg.scsi.sense_len = io->scsiio.sense_len;
12456	msg.scsi.port_status = io->io_hdr.port_status;
12457	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12458	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12459		ctl_failover_io(io, /*have_lock*/ have_lock);
12460		return;
12461	}
12462	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12463	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12464	    msg.scsi.sense_len, M_WAITOK);
12465
12466#ifdef CTL_TIME_IO
12467	getbinuptime(&cur_bt);
12468	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12469	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12470#endif
12471	io->io_hdr.num_dmas++;
12472}
12473
12474/*
12475 * The DMA to the remote side is done, now we need to tell the other side
12476 * we're done so it can continue with its data movement.
12477 */
12478static void
12479ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12480{
12481	union ctl_io *io;
12482	uint32_t i;
12483
12484	io = rq->context;
12485
12486	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12487		printf("%s: ISC DMA write failed with error %d", __func__,
12488		       rq->ret);
12489		ctl_set_internal_failure(&io->scsiio,
12490					 /*sks_valid*/ 1,
12491					 /*retry_count*/ rq->ret);
12492	}
12493
12494	ctl_dt_req_free(rq);
12495
12496	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12497		free(CTL_LSGLT(io)[i].addr, M_CTL);
12498	free(CTL_RSGL(io), M_CTL);
12499	CTL_RSGL(io) = NULL;
12500	CTL_LSGL(io) = NULL;
12501
12502	/*
12503	 * The data is in local and remote memory, so now we need to send
12504	 * status (good or back) back to the other side.
12505	 */
12506	ctl_send_datamove_done(io, /*have_lock*/ 0);
12507}
12508
12509/*
12510 * We've moved the data from the host/controller into local memory.  Now we
12511 * need to push it over to the remote controller's memory.
12512 */
12513static int
12514ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12515{
12516	int retval;
12517
12518	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12519					  ctl_datamove_remote_write_cb);
12520	return (retval);
12521}
12522
12523static void
12524ctl_datamove_remote_write(union ctl_io *io)
12525{
12526	int retval;
12527	void (*fe_datamove)(union ctl_io *io);
12528
12529	/*
12530	 * - Get the data from the host/HBA into local memory.
12531	 * - DMA memory from the local controller to the remote controller.
12532	 * - Send status back to the remote controller.
12533	 */
12534
12535	retval = ctl_datamove_remote_sgl_setup(io);
12536	if (retval != 0)
12537		return;
12538
12539	/* Switch the pointer over so the FETD knows what to do */
12540	io->scsiio.kern_data_ptr = (uint8_t *)CTL_LSGL(io);
12541
12542	/*
12543	 * Use a custom move done callback, since we need to send completion
12544	 * back to the other controller, not to the backend on this side.
12545	 */
12546	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12547
12548	fe_datamove = CTL_PORT(io)->fe_datamove;
12549	fe_datamove(io);
12550}
12551
12552static int
12553ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12554{
12555	uint32_t i;
12556
12557	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12558		free(CTL_LSGLT(io)[i].addr, M_CTL);
12559	free(CTL_RSGL(io), M_CTL);
12560	CTL_RSGL(io) = NULL;
12561	CTL_LSGL(io) = NULL;
12562
12563	/*
12564	 * The read is done, now we need to send status (good or bad) back
12565	 * to the other side.
12566	 */
12567	ctl_send_datamove_done(io, /*have_lock*/ 0);
12568
12569	return (0);
12570}
12571
12572static void
12573ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12574{
12575	union ctl_io *io;
12576	void (*fe_datamove)(union ctl_io *io);
12577
12578	io = rq->context;
12579
12580	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12581		printf("%s: ISC DMA read failed with error %d\n", __func__,
12582		       rq->ret);
12583		ctl_set_internal_failure(&io->scsiio,
12584					 /*sks_valid*/ 1,
12585					 /*retry_count*/ rq->ret);
12586	}
12587
12588	ctl_dt_req_free(rq);
12589
12590	/* Switch the pointer over so the FETD knows what to do */
12591	io->scsiio.kern_data_ptr = (uint8_t *)CTL_LSGL(io);
12592
12593	/*
12594	 * Use a custom move done callback, since we need to send completion
12595	 * back to the other controller, not to the backend on this side.
12596	 */
12597	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12598
12599	/* XXX KDM add checks like the ones in ctl_datamove? */
12600
12601	fe_datamove = CTL_PORT(io)->fe_datamove;
12602	fe_datamove(io);
12603}
12604
12605static int
12606ctl_datamove_remote_sgl_setup(union ctl_io *io)
12607{
12608	struct ctl_sg_entry *local_sglist;
12609	uint32_t len_to_go;
12610	int retval;
12611	int i;
12612
12613	retval = 0;
12614	local_sglist = CTL_LSGL(io);
12615	len_to_go = io->scsiio.kern_data_len;
12616
12617	/*
12618	 * The difficult thing here is that the size of the various
12619	 * S/G segments may be different than the size from the
12620	 * remote controller.  That'll make it harder when DMAing
12621	 * the data back to the other side.
12622	 */
12623	for (i = 0; len_to_go > 0; i++) {
12624		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12625		local_sglist[i].addr =
12626		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12627
12628		len_to_go -= local_sglist[i].len;
12629	}
12630	/*
12631	 * Reset the number of S/G entries accordingly.  The original
12632	 * number of S/G entries is available in rem_sg_entries.
12633	 */
12634	io->scsiio.kern_sg_entries = i;
12635
12636	return (retval);
12637}
12638
12639static int
12640ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12641			 ctl_ha_dt_cb callback)
12642{
12643	struct ctl_ha_dt_req *rq;
12644	struct ctl_sg_entry *remote_sglist, *local_sglist;
12645	uint32_t local_used, remote_used, total_used;
12646	int i, j, isc_ret;
12647
12648	rq = ctl_dt_req_alloc();
12649
12650	/*
12651	 * If we failed to allocate the request, and if the DMA didn't fail
12652	 * anyway, set busy status.  This is just a resource allocation
12653	 * failure.
12654	 */
12655	if ((rq == NULL)
12656	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12657	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12658		ctl_set_busy(&io->scsiio);
12659
12660	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12661	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12662
12663		if (rq != NULL)
12664			ctl_dt_req_free(rq);
12665
12666		/*
12667		 * The data move failed.  We need to return status back
12668		 * to the other controller.  No point in trying to DMA
12669		 * data to the remote controller.
12670		 */
12671
12672		ctl_send_datamove_done(io, /*have_lock*/ 0);
12673
12674		return (1);
12675	}
12676
12677	local_sglist = CTL_LSGL(io);
12678	remote_sglist = CTL_RSGL(io);
12679	local_used = 0;
12680	remote_used = 0;
12681	total_used = 0;
12682
12683	/*
12684	 * Pull/push the data over the wire from/to the other controller.
12685	 * This takes into account the possibility that the local and
12686	 * remote sglists may not be identical in terms of the size of
12687	 * the elements and the number of elements.
12688	 *
12689	 * One fundamental assumption here is that the length allocated for
12690	 * both the local and remote sglists is identical.  Otherwise, we've
12691	 * essentially got a coding error of some sort.
12692	 */
12693	isc_ret = CTL_HA_STATUS_SUCCESS;
12694	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12695		uint32_t cur_len;
12696		uint8_t *tmp_ptr;
12697
12698		rq->command = command;
12699		rq->context = io;
12700
12701		/*
12702		 * Both pointers should be aligned.  But it is possible
12703		 * that the allocation length is not.  They should both
12704		 * also have enough slack left over at the end, though,
12705		 * to round up to the next 8 byte boundary.
12706		 */
12707		cur_len = MIN(local_sglist[i].len - local_used,
12708			      remote_sglist[j].len - remote_used);
12709		rq->size = cur_len;
12710
12711		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12712		tmp_ptr += local_used;
12713
12714#if 0
12715		/* Use physical addresses when talking to ISC hardware */
12716		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12717			/* XXX KDM use busdma */
12718			rq->local = vtophys(tmp_ptr);
12719		} else
12720			rq->local = tmp_ptr;
12721#else
12722		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12723		    ("HA does not support BUS_ADDR"));
12724		rq->local = tmp_ptr;
12725#endif
12726
12727		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12728		tmp_ptr += remote_used;
12729		rq->remote = tmp_ptr;
12730
12731		rq->callback = NULL;
12732
12733		local_used += cur_len;
12734		if (local_used >= local_sglist[i].len) {
12735			i++;
12736			local_used = 0;
12737		}
12738
12739		remote_used += cur_len;
12740		if (remote_used >= remote_sglist[j].len) {
12741			j++;
12742			remote_used = 0;
12743		}
12744		total_used += cur_len;
12745
12746		if (total_used >= io->scsiio.kern_data_len)
12747			rq->callback = callback;
12748
12749		isc_ret = ctl_dt_single(rq);
12750		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12751			break;
12752	}
12753	if (isc_ret != CTL_HA_STATUS_WAIT) {
12754		rq->ret = isc_ret;
12755		callback(rq);
12756	}
12757
12758	return (0);
12759}
12760
12761static void
12762ctl_datamove_remote_read(union ctl_io *io)
12763{
12764	int retval;
12765	uint32_t i;
12766
12767	/*
12768	 * This will send an error to the other controller in the case of a
12769	 * failure.
12770	 */
12771	retval = ctl_datamove_remote_sgl_setup(io);
12772	if (retval != 0)
12773		return;
12774
12775	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12776					  ctl_datamove_remote_read_cb);
12777	if (retval != 0) {
12778		/*
12779		 * Make sure we free memory if there was an error..  The
12780		 * ctl_datamove_remote_xfer() function will send the
12781		 * datamove done message, or call the callback with an
12782		 * error if there is a problem.
12783		 */
12784		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12785			free(CTL_LSGLT(io)[i].addr, M_CTL);
12786		free(CTL_RSGL(io), M_CTL);
12787		CTL_RSGL(io) = NULL;
12788		CTL_LSGL(io) = NULL;
12789	}
12790}
12791
12792/*
12793 * Process a datamove request from the other controller.  This is used for
12794 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12795 * first.  Once that is complete, the data gets DMAed into the remote
12796 * controller's memory.  For reads, we DMA from the remote controller's
12797 * memory into our memory first, and then move it out to the FETD.
12798 */
12799static void
12800ctl_datamove_remote(union ctl_io *io)
12801{
12802
12803	mtx_assert(&((struct ctl_softc *)CTL_SOFTC(io))->ctl_lock, MA_NOTOWNED);
12804
12805	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12806		ctl_failover_io(io, /*have_lock*/ 0);
12807		return;
12808	}
12809
12810	/*
12811	 * Note that we look for an aborted I/O here, but don't do some of
12812	 * the other checks that ctl_datamove() normally does.
12813	 * We don't need to run the datamove delay code, since that should
12814	 * have been done if need be on the other controller.
12815	 */
12816	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12817		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12818		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12819		       io->io_hdr.nexus.targ_port,
12820		       io->io_hdr.nexus.targ_lun);
12821		io->io_hdr.port_status = 31338;
12822		ctl_send_datamove_done(io, /*have_lock*/ 0);
12823		return;
12824	}
12825
12826	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12827		ctl_datamove_remote_write(io);
12828	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12829		ctl_datamove_remote_read(io);
12830	else {
12831		io->io_hdr.port_status = 31339;
12832		ctl_send_datamove_done(io, /*have_lock*/ 0);
12833	}
12834}
12835
12836static void
12837ctl_process_done(union ctl_io *io)
12838{
12839	struct ctl_softc *softc = CTL_SOFTC(io);
12840	struct ctl_port *port = CTL_PORT(io);
12841	struct ctl_lun *lun = CTL_LUN(io);
12842	void (*fe_done)(union ctl_io *io);
12843	union ctl_ha_msg msg;
12844
12845	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12846	fe_done = port->fe_done;
12847
12848#ifdef CTL_TIME_IO
12849	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12850		char str[256];
12851		char path_str[64];
12852		struct sbuf sb;
12853
12854		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12855		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12856
12857		sbuf_cat(&sb, path_str);
12858		switch (io->io_hdr.io_type) {
12859		case CTL_IO_SCSI:
12860			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12861			sbuf_printf(&sb, "\n");
12862			sbuf_cat(&sb, path_str);
12863			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12864				    io->scsiio.tag_num, io->scsiio.tag_type);
12865			break;
12866		case CTL_IO_TASK:
12867			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12868				    "Tag Type: %d\n", io->taskio.task_action,
12869				    io->taskio.tag_num, io->taskio.tag_type);
12870			break;
12871		default:
12872			panic("%s: Invalid CTL I/O type %d\n",
12873			    __func__, io->io_hdr.io_type);
12874		}
12875		sbuf_cat(&sb, path_str);
12876		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12877			    (intmax_t)time_uptime - io->io_hdr.start_time);
12878		sbuf_finish(&sb);
12879		printf("%s", sbuf_data(&sb));
12880	}
12881#endif /* CTL_TIME_IO */
12882
12883	switch (io->io_hdr.io_type) {
12884	case CTL_IO_SCSI:
12885		break;
12886	case CTL_IO_TASK:
12887		if (ctl_debug & CTL_DEBUG_INFO)
12888			ctl_io_error_print(io, NULL);
12889		fe_done(io);
12890		return;
12891	default:
12892		panic("%s: Invalid CTL I/O type %d\n",
12893		    __func__, io->io_hdr.io_type);
12894	}
12895
12896	if (lun == NULL) {
12897		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12898				 io->io_hdr.nexus.targ_mapped_lun));
12899		goto bailout;
12900	}
12901
12902	mtx_lock(&lun->lun_lock);
12903
12904	/*
12905	 * Check to see if we have any informational exception and status
12906	 * of this command can be modified to report it in form of either
12907	 * RECOVERED ERROR or NO SENSE, depending on MRIE mode page field.
12908	 */
12909	if (lun->ie_reported == 0 && lun->ie_asc != 0 &&
12910	    io->io_hdr.status == CTL_SUCCESS &&
12911	    (io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0) {
12912		uint8_t mrie = lun->MODE_IE.mrie;
12913		uint8_t per = ((lun->MODE_RWER.byte3 & SMS_RWER_PER) ||
12914		    (lun->MODE_VER.byte3 & SMS_VER_PER));
12915		if (((mrie == SIEP_MRIE_REC_COND && per) ||
12916		     mrie == SIEP_MRIE_REC_UNCOND ||
12917		     mrie == SIEP_MRIE_NO_SENSE) &&
12918		    (ctl_get_cmd_entry(&io->scsiio, NULL)->flags &
12919		     CTL_CMD_FLAG_NO_SENSE) == 0) {
12920			ctl_set_sense(&io->scsiio,
12921			      /*current_error*/ 1,
12922			      /*sense_key*/ (mrie == SIEP_MRIE_NO_SENSE) ?
12923			        SSD_KEY_NO_SENSE : SSD_KEY_RECOVERED_ERROR,
12924			      /*asc*/ lun->ie_asc,
12925			      /*ascq*/ lun->ie_ascq,
12926			      SSD_ELEM_NONE);
12927			lun->ie_reported = 1;
12928		}
12929	} else if (lun->ie_reported < 0)
12930		lun->ie_reported = 0;
12931
12932	/*
12933	 * Check to see if we have any errors to inject here.  We only
12934	 * inject errors for commands that don't already have errors set.
12935	 */
12936	if (!STAILQ_EMPTY(&lun->error_list) &&
12937	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12938	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12939		ctl_inject_error(lun, io);
12940
12941	/*
12942	 * XXX KDM how do we treat commands that aren't completed
12943	 * successfully?
12944	 *
12945	 * XXX KDM should we also track I/O latency?
12946	 */
12947	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12948	    io->io_hdr.io_type == CTL_IO_SCSI) {
12949		int type;
12950#ifdef CTL_TIME_IO
12951		struct bintime bt;
12952
12953		getbinuptime(&bt);
12954		bintime_sub(&bt, &io->io_hdr.start_bt);
12955#endif
12956		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12957		    CTL_FLAG_DATA_IN)
12958			type = CTL_STATS_READ;
12959		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12960		    CTL_FLAG_DATA_OUT)
12961			type = CTL_STATS_WRITE;
12962		else
12963			type = CTL_STATS_NO_IO;
12964
12965#ifdef CTL_LEGACY_STATS
12966		uint32_t targ_port = port->targ_port;
12967		lun->legacy_stats.ports[targ_port].bytes[type] +=
12968		    io->scsiio.kern_total_len;
12969		lun->legacy_stats.ports[targ_port].operations[type] ++;
12970		lun->legacy_stats.ports[targ_port].num_dmas[type] +=
12971		    io->io_hdr.num_dmas;
12972#ifdef CTL_TIME_IO
12973		bintime_add(&lun->legacy_stats.ports[targ_port].dma_time[type],
12974		   &io->io_hdr.dma_bt);
12975		bintime_add(&lun->legacy_stats.ports[targ_port].time[type],
12976		    &bt);
12977#endif
12978#endif /* CTL_LEGACY_STATS */
12979
12980		lun->stats.bytes[type] += io->scsiio.kern_total_len;
12981		lun->stats.operations[type] ++;
12982		lun->stats.dmas[type] += io->io_hdr.num_dmas;
12983#ifdef CTL_TIME_IO
12984		bintime_add(&lun->stats.dma_time[type], &io->io_hdr.dma_bt);
12985		bintime_add(&lun->stats.time[type], &bt);
12986#endif
12987
12988		mtx_lock(&port->port_lock);
12989		port->stats.bytes[type] += io->scsiio.kern_total_len;
12990		port->stats.operations[type] ++;
12991		port->stats.dmas[type] += io->io_hdr.num_dmas;
12992#ifdef CTL_TIME_IO
12993		bintime_add(&port->stats.dma_time[type], &io->io_hdr.dma_bt);
12994		bintime_add(&port->stats.time[type], &bt);
12995#endif
12996		mtx_unlock(&port->port_lock);
12997	}
12998
12999	/*
13000	 * Run through the blocked queue of this I/O and see if anything
13001	 * can be unblocked, now that this I/O is done and will be removed.
13002	 * We need to do it before removal to have OOA position to start.
13003	 */
13004	ctl_try_unblock_others(lun, io, TRUE);
13005
13006	/*
13007	 * Remove this from the OOA queue.
13008	 */
13009	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13010#ifdef CTL_TIME_IO
13011	if (TAILQ_EMPTY(&lun->ooa_queue))
13012		lun->last_busy = getsbinuptime();
13013#endif
13014
13015	/*
13016	 * If the LUN has been invalidated, free it if there is nothing
13017	 * left on its OOA queue.
13018	 */
13019	if ((lun->flags & CTL_LUN_INVALID)
13020	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13021		mtx_unlock(&lun->lun_lock);
13022		ctl_free_lun(lun);
13023	} else
13024		mtx_unlock(&lun->lun_lock);
13025
13026bailout:
13027
13028	/*
13029	 * If this command has been aborted, make sure we set the status
13030	 * properly.  The FETD is responsible for freeing the I/O and doing
13031	 * whatever it needs to do to clean up its state.
13032	 */
13033	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13034		ctl_set_task_aborted(&io->scsiio);
13035
13036	/*
13037	 * If enabled, print command error status.
13038	 */
13039	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13040	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13041		ctl_io_error_print(io, NULL);
13042
13043	/*
13044	 * Tell the FETD or the other shelf controller we're done with this
13045	 * command.  Note that only SCSI commands get to this point.  Task
13046	 * management commands are completed above.
13047	 */
13048	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13049	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13050		memset(&msg, 0, sizeof(msg));
13051		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13052		msg.hdr.serializing_sc = io->io_hdr.remote_io;
13053		msg.hdr.nexus = io->io_hdr.nexus;
13054		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13055		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13056		    M_WAITOK);
13057	}
13058
13059	fe_done(io);
13060}
13061
13062/*
13063 * Front end should call this if it doesn't do autosense.  When the request
13064 * sense comes back in from the initiator, we'll dequeue this and send it.
13065 */
13066int
13067ctl_queue_sense(union ctl_io *io)
13068{
13069	struct ctl_softc *softc = CTL_SOFTC(io);
13070	struct ctl_port *port = CTL_PORT(io);
13071	struct ctl_lun *lun;
13072	struct scsi_sense_data *ps;
13073	uint32_t initidx, p, targ_lun;
13074
13075	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13076
13077	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13078
13079	/*
13080	 * LUN lookup will likely move to the ctl_work_thread() once we
13081	 * have our new queueing infrastructure (that doesn't put things on
13082	 * a per-LUN queue initially).  That is so that we can handle
13083	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13084	 * can't deal with that right now.
13085	 * If we don't have a LUN for this, just toss the sense information.
13086	 */
13087	mtx_lock(&softc->ctl_lock);
13088	if (targ_lun >= ctl_max_luns ||
13089	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
13090		mtx_unlock(&softc->ctl_lock);
13091		goto bailout;
13092	}
13093	mtx_lock(&lun->lun_lock);
13094	mtx_unlock(&softc->ctl_lock);
13095
13096	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13097	p = initidx / CTL_MAX_INIT_PER_PORT;
13098	if (lun->pending_sense[p] == NULL) {
13099		lun->pending_sense[p] = malloc(sizeof(*ps) * CTL_MAX_INIT_PER_PORT,
13100		    M_CTL, M_NOWAIT | M_ZERO);
13101	}
13102	if ((ps = lun->pending_sense[p]) != NULL) {
13103		ps += initidx % CTL_MAX_INIT_PER_PORT;
13104		memset(ps, 0, sizeof(*ps));
13105		memcpy(ps, &io->scsiio.sense_data, io->scsiio.sense_len);
13106	}
13107	mtx_unlock(&lun->lun_lock);
13108
13109bailout:
13110	ctl_free_io(io);
13111	return (CTL_RETVAL_COMPLETE);
13112}
13113
13114/*
13115 * Primary command inlet from frontend ports.  All SCSI and task I/O
13116 * requests must go through this function.
13117 */
13118int
13119ctl_queue(union ctl_io *io)
13120{
13121	struct ctl_port *port = CTL_PORT(io);
13122
13123	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13124
13125#ifdef CTL_TIME_IO
13126	io->io_hdr.start_time = time_uptime;
13127	getbinuptime(&io->io_hdr.start_bt);
13128#endif /* CTL_TIME_IO */
13129
13130	/* Map FE-specific LUN ID into global one. */
13131	io->io_hdr.nexus.targ_mapped_lun =
13132	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13133
13134	switch (io->io_hdr.io_type) {
13135	case CTL_IO_SCSI:
13136	case CTL_IO_TASK:
13137		if (ctl_debug & CTL_DEBUG_CDB)
13138			ctl_io_print(io);
13139		ctl_enqueue_incoming(io);
13140		break;
13141	default:
13142		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13143		return (EINVAL);
13144	}
13145
13146	return (CTL_RETVAL_COMPLETE);
13147}
13148
13149#ifdef CTL_IO_DELAY
13150static void
13151ctl_done_timer_wakeup(void *arg)
13152{
13153	union ctl_io *io;
13154
13155	io = (union ctl_io *)arg;
13156	ctl_done(io);
13157}
13158#endif /* CTL_IO_DELAY */
13159
13160void
13161ctl_serseq_done(union ctl_io *io)
13162{
13163	struct ctl_lun *lun = CTL_LUN(io);;
13164
13165	if (lun->be_lun == NULL ||
13166	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13167		return;
13168	mtx_lock(&lun->lun_lock);
13169	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13170	ctl_try_unblock_others(lun, io, FALSE);
13171	mtx_unlock(&lun->lun_lock);
13172}
13173
13174void
13175ctl_done(union ctl_io *io)
13176{
13177
13178	/*
13179	 * Enable this to catch duplicate completion issues.
13180	 */
13181#if 0
13182	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13183		printf("%s: type %d msg %d cdb %x iptl: "
13184		       "%u:%u:%u tag 0x%04x "
13185		       "flag %#x status %x\n",
13186			__func__,
13187			io->io_hdr.io_type,
13188			io->io_hdr.msg_type,
13189			io->scsiio.cdb[0],
13190			io->io_hdr.nexus.initid,
13191			io->io_hdr.nexus.targ_port,
13192			io->io_hdr.nexus.targ_lun,
13193			(io->io_hdr.io_type ==
13194			CTL_IO_TASK) ?
13195			io->taskio.tag_num :
13196			io->scsiio.tag_num,
13197		        io->io_hdr.flags,
13198			io->io_hdr.status);
13199	} else
13200		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13201#endif
13202
13203	/*
13204	 * This is an internal copy of an I/O, and should not go through
13205	 * the normal done processing logic.
13206	 */
13207	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13208		return;
13209
13210#ifdef CTL_IO_DELAY
13211	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13212		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13213	} else {
13214		struct ctl_lun *lun = CTL_LUN(io);
13215
13216		if ((lun != NULL)
13217		 && (lun->delay_info.done_delay > 0)) {
13218
13219			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13220			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13221			callout_reset(&io->io_hdr.delay_callout,
13222				      lun->delay_info.done_delay * hz,
13223				      ctl_done_timer_wakeup, io);
13224			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13225				lun->delay_info.done_delay = 0;
13226			return;
13227		}
13228	}
13229#endif /* CTL_IO_DELAY */
13230
13231	ctl_enqueue_done(io);
13232}
13233
13234static void
13235ctl_work_thread(void *arg)
13236{
13237	struct ctl_thread *thr = (struct ctl_thread *)arg;
13238	struct ctl_softc *softc = thr->ctl_softc;
13239	union ctl_io *io;
13240	int retval;
13241
13242	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13243	thread_lock(curthread);
13244	sched_prio(curthread, PUSER - 1);
13245	thread_unlock(curthread);
13246
13247	while (!softc->shutdown) {
13248		/*
13249		 * We handle the queues in this order:
13250		 * - ISC
13251		 * - done queue (to free up resources, unblock other commands)
13252		 * - incoming queue
13253		 * - RtR queue
13254		 *
13255		 * If those queues are empty, we break out of the loop and
13256		 * go to sleep.
13257		 */
13258		mtx_lock(&thr->queue_lock);
13259		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13260		if (io != NULL) {
13261			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13262			mtx_unlock(&thr->queue_lock);
13263			ctl_handle_isc(io);
13264			continue;
13265		}
13266		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13267		if (io != NULL) {
13268			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13269			/* clear any blocked commands, call fe_done */
13270			mtx_unlock(&thr->queue_lock);
13271			ctl_process_done(io);
13272			continue;
13273		}
13274		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13275		if (io != NULL) {
13276			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13277			mtx_unlock(&thr->queue_lock);
13278			if (io->io_hdr.io_type == CTL_IO_TASK)
13279				ctl_run_task(io);
13280			else
13281				ctl_scsiio_precheck(softc, &io->scsiio);
13282			continue;
13283		}
13284		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13285		if (io != NULL) {
13286			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13287			mtx_unlock(&thr->queue_lock);
13288			retval = ctl_scsiio(&io->scsiio);
13289			if (retval != CTL_RETVAL_COMPLETE)
13290				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13291			continue;
13292		}
13293
13294		/* Sleep until we have something to do. */
13295		mtx_sleep(thr, &thr->queue_lock, PDROP, "-", 0);
13296	}
13297	thr->thread = NULL;
13298	kthread_exit();
13299}
13300
13301static void
13302ctl_lun_thread(void *arg)
13303{
13304	struct ctl_softc *softc = (struct ctl_softc *)arg;
13305	struct ctl_be_lun *be_lun;
13306
13307	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13308	thread_lock(curthread);
13309	sched_prio(curthread, PUSER - 1);
13310	thread_unlock(curthread);
13311
13312	while (!softc->shutdown) {
13313		mtx_lock(&softc->ctl_lock);
13314		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13315		if (be_lun != NULL) {
13316			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13317			mtx_unlock(&softc->ctl_lock);
13318			ctl_create_lun(be_lun);
13319			continue;
13320		}
13321
13322		/* Sleep until we have something to do. */
13323		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13324		    PDROP, "-", 0);
13325	}
13326	softc->lun_thread = NULL;
13327	kthread_exit();
13328}
13329
13330static void
13331ctl_thresh_thread(void *arg)
13332{
13333	struct ctl_softc *softc = (struct ctl_softc *)arg;
13334	struct ctl_lun *lun;
13335	struct ctl_logical_block_provisioning_page *page;
13336	const char *attr;
13337	union ctl_ha_msg msg;
13338	uint64_t thres, val;
13339	int i, e, set;
13340
13341	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13342	thread_lock(curthread);
13343	sched_prio(curthread, PUSER - 1);
13344	thread_unlock(curthread);
13345
13346	while (!softc->shutdown) {
13347		mtx_lock(&softc->ctl_lock);
13348		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13349			if ((lun->flags & CTL_LUN_DISABLED) ||
13350			    (lun->flags & CTL_LUN_NO_MEDIA) ||
13351			    lun->backend->lun_attr == NULL)
13352				continue;
13353			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13354			    softc->ha_mode == CTL_HA_MODE_XFER)
13355				continue;
13356			if ((lun->MODE_RWER.byte8 & SMS_RWER_LBPERE) == 0)
13357				continue;
13358			e = 0;
13359			page = &lun->MODE_LBP;
13360			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13361				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13362					continue;
13363				thres = scsi_4btoul(page->descr[i].count);
13364				thres <<= CTL_LBP_EXPONENT;
13365				switch (page->descr[i].resource) {
13366				case 0x01:
13367					attr = "blocksavail";
13368					break;
13369				case 0x02:
13370					attr = "blocksused";
13371					break;
13372				case 0xf1:
13373					attr = "poolblocksavail";
13374					break;
13375				case 0xf2:
13376					attr = "poolblocksused";
13377					break;
13378				default:
13379					continue;
13380				}
13381				mtx_unlock(&softc->ctl_lock); // XXX
13382				val = lun->backend->lun_attr(
13383				    lun->be_lun->be_lun, attr);
13384				mtx_lock(&softc->ctl_lock);
13385				if (val == UINT64_MAX)
13386					continue;
13387				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13388				    == SLBPPD_ARMING_INC)
13389					e = (val >= thres);
13390				else
13391					e = (val <= thres);
13392				if (e)
13393					break;
13394			}
13395			mtx_lock(&lun->lun_lock);
13396			if (e) {
13397				scsi_u64to8b((uint8_t *)&page->descr[i] -
13398				    (uint8_t *)page, lun->ua_tpt_info);
13399				if (lun->lasttpt == 0 ||
13400				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13401					lun->lasttpt = time_uptime;
13402					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13403					set = 1;
13404				} else
13405					set = 0;
13406			} else {
13407				lun->lasttpt = 0;
13408				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13409				set = -1;
13410			}
13411			mtx_unlock(&lun->lun_lock);
13412			if (set != 0 &&
13413			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13414				/* Send msg to other side. */
13415				bzero(&msg.ua, sizeof(msg.ua));
13416				msg.hdr.msg_type = CTL_MSG_UA;
13417				msg.hdr.nexus.initid = -1;
13418				msg.hdr.nexus.targ_port = -1;
13419				msg.hdr.nexus.targ_lun = lun->lun;
13420				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13421				msg.ua.ua_all = 1;
13422				msg.ua.ua_set = (set > 0);
13423				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13424				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13425				mtx_unlock(&softc->ctl_lock); // XXX
13426				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13427				    sizeof(msg.ua), M_WAITOK);
13428				mtx_lock(&softc->ctl_lock);
13429			}
13430		}
13431		mtx_sleep(&softc->thresh_thread, &softc->ctl_lock,
13432		    PDROP, "-", CTL_LBP_PERIOD * hz);
13433	}
13434	softc->thresh_thread = NULL;
13435	kthread_exit();
13436}
13437
13438static void
13439ctl_enqueue_incoming(union ctl_io *io)
13440{
13441	struct ctl_softc *softc = CTL_SOFTC(io);
13442	struct ctl_thread *thr;
13443	u_int idx;
13444
13445	idx = (io->io_hdr.nexus.targ_port * 127 +
13446	       io->io_hdr.nexus.initid) % worker_threads;
13447	thr = &softc->threads[idx];
13448	mtx_lock(&thr->queue_lock);
13449	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13450	mtx_unlock(&thr->queue_lock);
13451	wakeup(thr);
13452}
13453
13454static void
13455ctl_enqueue_rtr(union ctl_io *io)
13456{
13457	struct ctl_softc *softc = CTL_SOFTC(io);
13458	struct ctl_thread *thr;
13459
13460	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13461	mtx_lock(&thr->queue_lock);
13462	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13463	mtx_unlock(&thr->queue_lock);
13464	wakeup(thr);
13465}
13466
13467static void
13468ctl_enqueue_done(union ctl_io *io)
13469{
13470	struct ctl_softc *softc = CTL_SOFTC(io);
13471	struct ctl_thread *thr;
13472
13473	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13474	mtx_lock(&thr->queue_lock);
13475	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13476	mtx_unlock(&thr->queue_lock);
13477	wakeup(thr);
13478}
13479
13480static void
13481ctl_enqueue_isc(union ctl_io *io)
13482{
13483	struct ctl_softc *softc = CTL_SOFTC(io);
13484	struct ctl_thread *thr;
13485
13486	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13487	mtx_lock(&thr->queue_lock);
13488	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13489	mtx_unlock(&thr->queue_lock);
13490	wakeup(thr);
13491}
13492
13493/*
13494 *  vim: ts=8
13495 */
13496