ctl.c revision 273073 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 273073 2014-10-14 10:14:14Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/kernel.h>
50#include <sys/types.h>
51#include <sys/kthread.h>
52#include <sys/bio.h>
53#include <sys/fcntl.h>
54#include <sys/lock.h>
55#include <sys/module.h>
56#include <sys/mutex.h>
57#include <sys/condvar.h>
58#include <sys/malloc.h>
59#include <sys/conf.h>
60#include <sys/ioccom.h>
61#include <sys/queue.h>
62#include <sys/sbuf.h>
63#include <sys/smp.h>
64#include <sys/endian.h>
65#include <sys/sysctl.h>
66
67#include <cam/cam.h>
68#include <cam/scsi/scsi_all.h>
69#include <cam/scsi/scsi_da.h>
70#include <cam/ctl/ctl_io.h>
71#include <cam/ctl/ctl.h>
72#include <cam/ctl/ctl_frontend.h>
73#include <cam/ctl/ctl_frontend_internal.h>
74#include <cam/ctl/ctl_util.h>
75#include <cam/ctl/ctl_backend.h>
76#include <cam/ctl/ctl_ioctl.h>
77#include <cam/ctl/ctl_ha.h>
78#include <cam/ctl/ctl_private.h>
79#include <cam/ctl/ctl_debug.h>
80#include <cam/ctl/ctl_scsi_all.h>
81#include <cam/ctl/ctl_error.h>
82
83struct ctl_softc *control_softc = NULL;
84
85/*
86 * Size and alignment macros needed for Copan-specific HA hardware.  These
87 * can go away when the HA code is re-written, and uses busdma for any
88 * hardware.
89 */
90#define	CTL_ALIGN_8B(target, source, type)				\
91	if (((uint32_t)source & 0x7) != 0)				\
92		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
93	else								\
94		target = (type)source;
95
96#define	CTL_SIZE_8B(target, size)					\
97	if ((size & 0x7) != 0)						\
98		target = size + (0x8 - (size & 0x7));			\
99	else								\
100		target = size;
101
102#define CTL_ALIGN_8B_MARGIN	16
103
104/*
105 * Template mode pages.
106 */
107
108/*
109 * Note that these are default values only.  The actual values will be
110 * filled in when the user does a mode sense.
111 */
112static struct copan_power_subpage power_page_default = {
113	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
114	/*subpage*/ PWR_SUBPAGE_CODE,
115	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
116			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
117	/*page_version*/ PWR_VERSION,
118	/* total_luns */ 26,
119	/* max_active_luns*/ PWR_DFLT_MAX_LUNS,
120	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
121		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
122		      0, 0, 0, 0, 0, 0}
123};
124
125static struct copan_power_subpage power_page_changeable = {
126	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
127	/*subpage*/ PWR_SUBPAGE_CODE,
128	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
129			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
130	/*page_version*/ 0,
131	/* total_luns */ 0,
132	/* max_active_luns*/ 0,
133	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
134		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
135		      0, 0, 0, 0, 0, 0}
136};
137
138static struct copan_aps_subpage aps_page_default = {
139	APS_PAGE_CODE | SMPH_SPF, //page_code
140	APS_SUBPAGE_CODE, //subpage
141	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
142	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
143	APS_VERSION, //page_version
144	0, //lock_active
145	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
146	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
147	0, 0, 0, 0, 0} //reserved
148};
149
150static struct copan_aps_subpage aps_page_changeable = {
151	APS_PAGE_CODE | SMPH_SPF, //page_code
152	APS_SUBPAGE_CODE, //subpage
153	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
154	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
155	0, //page_version
156	0, //lock_active
157	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
158	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
159	0, 0, 0, 0, 0} //reserved
160};
161
162static struct copan_debugconf_subpage debugconf_page_default = {
163	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
164	DBGCNF_SUBPAGE_CODE,		/* subpage */
165	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
166	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
167	DBGCNF_VERSION,			/* page_version */
168	{CTL_TIME_IO_DEFAULT_SECS>>8,
169	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
170};
171
172static struct copan_debugconf_subpage debugconf_page_changeable = {
173	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
174	DBGCNF_SUBPAGE_CODE,		/* subpage */
175	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
176	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
177	0,				/* page_version */
178	{0xff,0xff},			/* ctl_time_io_secs */
179};
180
181static struct scsi_da_rw_recovery_page rw_er_page_default = {
182	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
183	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
184	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
185	/*read_retry_count*/0,
186	/*correction_span*/0,
187	/*head_offset_count*/0,
188	/*data_strobe_offset_cnt*/0,
189	/*byte8*/0,
190	/*write_retry_count*/0,
191	/*reserved2*/0,
192	/*recovery_time_limit*/{0, 0},
193};
194
195static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
196	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
197	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
198	/*byte3*/0,
199	/*read_retry_count*/0,
200	/*correction_span*/0,
201	/*head_offset_count*/0,
202	/*data_strobe_offset_cnt*/0,
203	/*byte8*/0,
204	/*write_retry_count*/0,
205	/*reserved2*/0,
206	/*recovery_time_limit*/{0, 0},
207};
208
209static struct scsi_format_page format_page_default = {
210	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
211	/*page_length*/sizeof(struct scsi_format_page) - 2,
212	/*tracks_per_zone*/ {0, 0},
213	/*alt_sectors_per_zone*/ {0, 0},
214	/*alt_tracks_per_zone*/ {0, 0},
215	/*alt_tracks_per_lun*/ {0, 0},
216	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
217			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
218	/*bytes_per_sector*/ {0, 0},
219	/*interleave*/ {0, 0},
220	/*track_skew*/ {0, 0},
221	/*cylinder_skew*/ {0, 0},
222	/*flags*/ SFP_HSEC,
223	/*reserved*/ {0, 0, 0}
224};
225
226static struct scsi_format_page format_page_changeable = {
227	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
228	/*page_length*/sizeof(struct scsi_format_page) - 2,
229	/*tracks_per_zone*/ {0, 0},
230	/*alt_sectors_per_zone*/ {0, 0},
231	/*alt_tracks_per_zone*/ {0, 0},
232	/*alt_tracks_per_lun*/ {0, 0},
233	/*sectors_per_track*/ {0, 0},
234	/*bytes_per_sector*/ {0, 0},
235	/*interleave*/ {0, 0},
236	/*track_skew*/ {0, 0},
237	/*cylinder_skew*/ {0, 0},
238	/*flags*/ 0,
239	/*reserved*/ {0, 0, 0}
240};
241
242static struct scsi_rigid_disk_page rigid_disk_page_default = {
243	/*page_code*/SMS_RIGID_DISK_PAGE,
244	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
245	/*cylinders*/ {0, 0, 0},
246	/*heads*/ CTL_DEFAULT_HEADS,
247	/*start_write_precomp*/ {0, 0, 0},
248	/*start_reduced_current*/ {0, 0, 0},
249	/*step_rate*/ {0, 0},
250	/*landing_zone_cylinder*/ {0, 0, 0},
251	/*rpl*/ SRDP_RPL_DISABLED,
252	/*rotational_offset*/ 0,
253	/*reserved1*/ 0,
254	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
255			   CTL_DEFAULT_ROTATION_RATE & 0xff},
256	/*reserved2*/ {0, 0}
257};
258
259static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
260	/*page_code*/SMS_RIGID_DISK_PAGE,
261	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
262	/*cylinders*/ {0, 0, 0},
263	/*heads*/ 0,
264	/*start_write_precomp*/ {0, 0, 0},
265	/*start_reduced_current*/ {0, 0, 0},
266	/*step_rate*/ {0, 0},
267	/*landing_zone_cylinder*/ {0, 0, 0},
268	/*rpl*/ 0,
269	/*rotational_offset*/ 0,
270	/*reserved1*/ 0,
271	/*rotation_rate*/ {0, 0},
272	/*reserved2*/ {0, 0}
273};
274
275static struct scsi_caching_page caching_page_default = {
276	/*page_code*/SMS_CACHING_PAGE,
277	/*page_length*/sizeof(struct scsi_caching_page) - 2,
278	/*flags1*/ SCP_DISC | SCP_WCE,
279	/*ret_priority*/ 0,
280	/*disable_pf_transfer_len*/ {0xff, 0xff},
281	/*min_prefetch*/ {0, 0},
282	/*max_prefetch*/ {0xff, 0xff},
283	/*max_pf_ceiling*/ {0xff, 0xff},
284	/*flags2*/ 0,
285	/*cache_segments*/ 0,
286	/*cache_seg_size*/ {0, 0},
287	/*reserved*/ 0,
288	/*non_cache_seg_size*/ {0, 0, 0}
289};
290
291static struct scsi_caching_page caching_page_changeable = {
292	/*page_code*/SMS_CACHING_PAGE,
293	/*page_length*/sizeof(struct scsi_caching_page) - 2,
294	/*flags1*/ SCP_WCE | SCP_RCD,
295	/*ret_priority*/ 0,
296	/*disable_pf_transfer_len*/ {0, 0},
297	/*min_prefetch*/ {0, 0},
298	/*max_prefetch*/ {0, 0},
299	/*max_pf_ceiling*/ {0, 0},
300	/*flags2*/ 0,
301	/*cache_segments*/ 0,
302	/*cache_seg_size*/ {0, 0},
303	/*reserved*/ 0,
304	/*non_cache_seg_size*/ {0, 0, 0}
305};
306
307static struct scsi_control_page control_page_default = {
308	/*page_code*/SMS_CONTROL_MODE_PAGE,
309	/*page_length*/sizeof(struct scsi_control_page) - 2,
310	/*rlec*/0,
311	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
312	/*eca_and_aen*/0,
313	/*flags4*/SCP_TAS,
314	/*aen_holdoff_period*/{0, 0},
315	/*busy_timeout_period*/{0, 0},
316	/*extended_selftest_completion_time*/{0, 0}
317};
318
319static struct scsi_control_page control_page_changeable = {
320	/*page_code*/SMS_CONTROL_MODE_PAGE,
321	/*page_length*/sizeof(struct scsi_control_page) - 2,
322	/*rlec*/SCP_DSENSE,
323	/*queue_flags*/SCP_QUEUE_ALG_MASK,
324	/*eca_and_aen*/SCP_SWP,
325	/*flags4*/0,
326	/*aen_holdoff_period*/{0, 0},
327	/*busy_timeout_period*/{0, 0},
328	/*extended_selftest_completion_time*/{0, 0}
329};
330
331static struct scsi_info_exceptions_page ie_page_default = {
332	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
333	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
334	/*info_flags*/SIEP_FLAGS_DEXCPT,
335	/*mrie*/0,
336	/*interval_timer*/{0, 0, 0, 0},
337	/*report_count*/{0, 0, 0, 0}
338};
339
340static struct scsi_info_exceptions_page ie_page_changeable = {
341	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
342	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
343	/*info_flags*/0,
344	/*mrie*/0,
345	/*interval_timer*/{0, 0, 0, 0},
346	/*report_count*/{0, 0, 0, 0}
347};
348
349static struct scsi_logical_block_provisioning_page lbp_page_default = {
350	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
351	/*subpage_code*/0x02,
352	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
353	/*flags*/0,
354	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
355	/*descr*/{}
356};
357
358static struct scsi_logical_block_provisioning_page lbp_page_changeable = {
359	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
360	/*subpage_code*/0x02,
361	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
362	/*flags*/0,
363	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
364	/*descr*/{}
365};
366
367/*
368 * XXX KDM move these into the softc.
369 */
370static int rcv_sync_msg;
371static int persis_offset;
372static uint8_t ctl_pause_rtr;
373static int     ctl_is_single = 1;
374static int     index_to_aps_page;
375
376SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
377static int worker_threads = -1;
378SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
379    &worker_threads, 1, "Number of worker threads");
380static int verbose = 0;
381SYSCTL_INT(_kern_cam_ctl, OID_AUTO, verbose, CTLFLAG_RWTUN,
382    &verbose, 0, "Show SCSI errors returned to initiator");
383
384/*
385 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
386 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
387 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
388 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
389 */
390#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
391
392static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
393				  int param);
394static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
395static int ctl_init(void);
396void ctl_shutdown(void);
397static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
398static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
399static void ctl_ioctl_online(void *arg);
400static void ctl_ioctl_offline(void *arg);
401static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
402static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
403static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
404static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
405static int ctl_ioctl_submit_wait(union ctl_io *io);
406static void ctl_ioctl_datamove(union ctl_io *io);
407static void ctl_ioctl_done(union ctl_io *io);
408static void ctl_ioctl_hard_startstop_callback(void *arg,
409					      struct cfi_metatask *metatask);
410static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
411static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
412			      struct ctl_ooa *ooa_hdr,
413			      struct ctl_ooa_entry *kern_entries);
414static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
415		     struct thread *td);
416static uint32_t ctl_map_lun(int port_num, uint32_t lun);
417static uint32_t ctl_map_lun_back(int port_num, uint32_t lun);
418#ifdef unused
419static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
420				   uint32_t targ_target, uint32_t targ_lun,
421				   int can_wait);
422static void ctl_kfree_io(union ctl_io *io);
423#endif /* unused */
424static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
425			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
426static int ctl_free_lun(struct ctl_lun *lun);
427static void ctl_create_lun(struct ctl_be_lun *be_lun);
428/**
429static void ctl_failover_change_pages(struct ctl_softc *softc,
430				      struct ctl_scsiio *ctsio, int master);
431**/
432
433static int ctl_do_mode_select(union ctl_io *io);
434static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
435			   uint64_t res_key, uint64_t sa_res_key,
436			   uint8_t type, uint32_t residx,
437			   struct ctl_scsiio *ctsio,
438			   struct scsi_per_res_out *cdb,
439			   struct scsi_per_res_out_parms* param);
440static void ctl_pro_preempt_other(struct ctl_lun *lun,
441				  union ctl_ha_msg *msg);
442static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
443static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
444static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
445static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
446static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
447static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
448static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
449					 int alloc_len);
450static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
451					 int alloc_len);
452static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
453static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
454static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
455static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
456static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
457static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
458static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
459    union ctl_io *pending_io, union ctl_io *ooa_io);
460static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
461				union ctl_io *starting_io);
462static int ctl_check_blocked(struct ctl_lun *lun);
463static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
464				struct ctl_lun *lun,
465				const struct ctl_cmd_entry *entry,
466				struct ctl_scsiio *ctsio);
467//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
468static void ctl_failover(void);
469static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
470			       struct ctl_scsiio *ctsio);
471static int ctl_scsiio(struct ctl_scsiio *ctsio);
472
473static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
474static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
475			    ctl_ua_type ua_type);
476static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
477			 ctl_ua_type ua_type);
478static int ctl_abort_task(union ctl_io *io);
479static int ctl_abort_task_set(union ctl_io *io);
480static int ctl_i_t_nexus_reset(union ctl_io *io);
481static void ctl_run_task(union ctl_io *io);
482#ifdef CTL_IO_DELAY
483static void ctl_datamove_timer_wakeup(void *arg);
484static void ctl_done_timer_wakeup(void *arg);
485#endif /* CTL_IO_DELAY */
486
487static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
488static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
489static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
490static void ctl_datamove_remote_write(union ctl_io *io);
491static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
492static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
493static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
494static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
495				    ctl_ha_dt_cb callback);
496static void ctl_datamove_remote_read(union ctl_io *io);
497static void ctl_datamove_remote(union ctl_io *io);
498static int ctl_process_done(union ctl_io *io);
499static void ctl_lun_thread(void *arg);
500static void ctl_work_thread(void *arg);
501static void ctl_enqueue_incoming(union ctl_io *io);
502static void ctl_enqueue_rtr(union ctl_io *io);
503static void ctl_enqueue_done(union ctl_io *io);
504static void ctl_enqueue_isc(union ctl_io *io);
505static const struct ctl_cmd_entry *
506    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
507static const struct ctl_cmd_entry *
508    ctl_validate_command(struct ctl_scsiio *ctsio);
509static int ctl_cmd_applicable(uint8_t lun_type,
510    const struct ctl_cmd_entry *entry);
511
512/*
513 * Load the serialization table.  This isn't very pretty, but is probably
514 * the easiest way to do it.
515 */
516#include "ctl_ser_table.c"
517
518/*
519 * We only need to define open, close and ioctl routines for this driver.
520 */
521static struct cdevsw ctl_cdevsw = {
522	.d_version =	D_VERSION,
523	.d_flags =	0,
524	.d_open =	ctl_open,
525	.d_close =	ctl_close,
526	.d_ioctl =	ctl_ioctl,
527	.d_name =	"ctl",
528};
529
530
531MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
532MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
533
534static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
535
536static moduledata_t ctl_moduledata = {
537	"ctl",
538	ctl_module_event_handler,
539	NULL
540};
541
542DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
543MODULE_VERSION(ctl, 1);
544
545static struct ctl_frontend ioctl_frontend =
546{
547	.name = "ioctl",
548};
549
550static void
551ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
552			    union ctl_ha_msg *msg_info)
553{
554	struct ctl_scsiio *ctsio;
555
556	if (msg_info->hdr.original_sc == NULL) {
557		printf("%s: original_sc == NULL!\n", __func__);
558		/* XXX KDM now what? */
559		return;
560	}
561
562	ctsio = &msg_info->hdr.original_sc->scsiio;
563	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
564	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
565	ctsio->io_hdr.status = msg_info->hdr.status;
566	ctsio->scsi_status = msg_info->scsi.scsi_status;
567	ctsio->sense_len = msg_info->scsi.sense_len;
568	ctsio->sense_residual = msg_info->scsi.sense_residual;
569	ctsio->residual = msg_info->scsi.residual;
570	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
571	       sizeof(ctsio->sense_data));
572	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
573	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
574	ctl_enqueue_isc((union ctl_io *)ctsio);
575}
576
577static void
578ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
579				union ctl_ha_msg *msg_info)
580{
581	struct ctl_scsiio *ctsio;
582
583	if (msg_info->hdr.serializing_sc == NULL) {
584		printf("%s: serializing_sc == NULL!\n", __func__);
585		/* XXX KDM now what? */
586		return;
587	}
588
589	ctsio = &msg_info->hdr.serializing_sc->scsiio;
590#if 0
591	/*
592	 * Attempt to catch the situation where an I/O has
593	 * been freed, and we're using it again.
594	 */
595	if (ctsio->io_hdr.io_type == 0xff) {
596		union ctl_io *tmp_io;
597		tmp_io = (union ctl_io *)ctsio;
598		printf("%s: %p use after free!\n", __func__,
599		       ctsio);
600		printf("%s: type %d msg %d cdb %x iptl: "
601		       "%d:%d:%d:%d tag 0x%04x "
602		       "flag %#x status %x\n",
603			__func__,
604			tmp_io->io_hdr.io_type,
605			tmp_io->io_hdr.msg_type,
606			tmp_io->scsiio.cdb[0],
607			tmp_io->io_hdr.nexus.initid.id,
608			tmp_io->io_hdr.nexus.targ_port,
609			tmp_io->io_hdr.nexus.targ_target.id,
610			tmp_io->io_hdr.nexus.targ_lun,
611			(tmp_io->io_hdr.io_type ==
612			CTL_IO_TASK) ?
613			tmp_io->taskio.tag_num :
614			tmp_io->scsiio.tag_num,
615		        tmp_io->io_hdr.flags,
616			tmp_io->io_hdr.status);
617	}
618#endif
619	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
620	ctl_enqueue_isc((union ctl_io *)ctsio);
621}
622
623/*
624 * ISC (Inter Shelf Communication) event handler.  Events from the HA
625 * subsystem come in here.
626 */
627static void
628ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
629{
630	struct ctl_softc *ctl_softc;
631	union ctl_io *io;
632	struct ctl_prio *presio;
633	ctl_ha_status isc_status;
634
635	ctl_softc = control_softc;
636	io = NULL;
637
638
639#if 0
640	printf("CTL: Isc Msg event %d\n", event);
641#endif
642	if (event == CTL_HA_EVT_MSG_RECV) {
643		union ctl_ha_msg msg_info;
644
645		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
646					     sizeof(msg_info), /*wait*/ 0);
647#if 0
648		printf("CTL: msg_type %d\n", msg_info.msg_type);
649#endif
650		if (isc_status != 0) {
651			printf("Error receiving message, status = %d\n",
652			       isc_status);
653			return;
654		}
655
656		switch (msg_info.hdr.msg_type) {
657		case CTL_MSG_SERIALIZE:
658#if 0
659			printf("Serialize\n");
660#endif
661			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
662			if (io == NULL) {
663				printf("ctl_isc_event_handler: can't allocate "
664				       "ctl_io!\n");
665				/* Bad Juju */
666				/* Need to set busy and send msg back */
667				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
668				msg_info.hdr.status = CTL_SCSI_ERROR;
669				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
670				msg_info.scsi.sense_len = 0;
671			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
672				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
673				}
674				goto bailout;
675			}
676			ctl_zero_io(io);
677			// populate ctsio from msg_info
678			io->io_hdr.io_type = CTL_IO_SCSI;
679			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
680			io->io_hdr.original_sc = msg_info.hdr.original_sc;
681#if 0
682			printf("pOrig %x\n", (int)msg_info.original_sc);
683#endif
684			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
685					    CTL_FLAG_IO_ACTIVE;
686			/*
687			 * If we're in serialization-only mode, we don't
688			 * want to go through full done processing.  Thus
689			 * the COPY flag.
690			 *
691			 * XXX KDM add another flag that is more specific.
692			 */
693			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
694				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
695			io->io_hdr.nexus = msg_info.hdr.nexus;
696#if 0
697			printf("targ %d, port %d, iid %d, lun %d\n",
698			       io->io_hdr.nexus.targ_target.id,
699			       io->io_hdr.nexus.targ_port,
700			       io->io_hdr.nexus.initid.id,
701			       io->io_hdr.nexus.targ_lun);
702#endif
703			io->scsiio.tag_num = msg_info.scsi.tag_num;
704			io->scsiio.tag_type = msg_info.scsi.tag_type;
705			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
706			       CTL_MAX_CDBLEN);
707			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
708				const struct ctl_cmd_entry *entry;
709
710				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
711				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
712				io->io_hdr.flags |=
713					entry->flags & CTL_FLAG_DATA_MASK;
714			}
715			ctl_enqueue_isc(io);
716			break;
717
718		/* Performed on the Originating SC, XFER mode only */
719		case CTL_MSG_DATAMOVE: {
720			struct ctl_sg_entry *sgl;
721			int i, j;
722
723			io = msg_info.hdr.original_sc;
724			if (io == NULL) {
725				printf("%s: original_sc == NULL!\n", __func__);
726				/* XXX KDM do something here */
727				break;
728			}
729			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
730			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
731			/*
732			 * Keep track of this, we need to send it back over
733			 * when the datamove is complete.
734			 */
735			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
736
737			if (msg_info.dt.sg_sequence == 0) {
738				/*
739				 * XXX KDM we use the preallocated S/G list
740				 * here, but we'll need to change this to
741				 * dynamic allocation if we need larger S/G
742				 * lists.
743				 */
744				if (msg_info.dt.kern_sg_entries >
745				    sizeof(io->io_hdr.remote_sglist) /
746				    sizeof(io->io_hdr.remote_sglist[0])) {
747					printf("%s: number of S/G entries "
748					    "needed %u > allocated num %zd\n",
749					    __func__,
750					    msg_info.dt.kern_sg_entries,
751					    sizeof(io->io_hdr.remote_sglist)/
752					    sizeof(io->io_hdr.remote_sglist[0]));
753
754					/*
755					 * XXX KDM send a message back to
756					 * the other side to shut down the
757					 * DMA.  The error will come back
758					 * through via the normal channel.
759					 */
760					break;
761				}
762				sgl = io->io_hdr.remote_sglist;
763				memset(sgl, 0,
764				       sizeof(io->io_hdr.remote_sglist));
765
766				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
767
768				io->scsiio.kern_sg_entries =
769					msg_info.dt.kern_sg_entries;
770				io->scsiio.rem_sg_entries =
771					msg_info.dt.kern_sg_entries;
772				io->scsiio.kern_data_len =
773					msg_info.dt.kern_data_len;
774				io->scsiio.kern_total_len =
775					msg_info.dt.kern_total_len;
776				io->scsiio.kern_data_resid =
777					msg_info.dt.kern_data_resid;
778				io->scsiio.kern_rel_offset =
779					msg_info.dt.kern_rel_offset;
780				/*
781				 * Clear out per-DMA flags.
782				 */
783				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
784				/*
785				 * Add per-DMA flags that are set for this
786				 * particular DMA request.
787				 */
788				io->io_hdr.flags |= msg_info.dt.flags &
789						    CTL_FLAG_RDMA_MASK;
790			} else
791				sgl = (struct ctl_sg_entry *)
792					io->scsiio.kern_data_ptr;
793
794			for (i = msg_info.dt.sent_sg_entries, j = 0;
795			     i < (msg_info.dt.sent_sg_entries +
796			     msg_info.dt.cur_sg_entries); i++, j++) {
797				sgl[i].addr = msg_info.dt.sg_list[j].addr;
798				sgl[i].len = msg_info.dt.sg_list[j].len;
799
800#if 0
801				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
802				       __func__,
803				       msg_info.dt.sg_list[j].addr,
804				       msg_info.dt.sg_list[j].len,
805				       sgl[i].addr, sgl[i].len, j, i);
806#endif
807			}
808#if 0
809			memcpy(&sgl[msg_info.dt.sent_sg_entries],
810			       msg_info.dt.sg_list,
811			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
812#endif
813
814			/*
815			 * If this is the last piece of the I/O, we've got
816			 * the full S/G list.  Queue processing in the thread.
817			 * Otherwise wait for the next piece.
818			 */
819			if (msg_info.dt.sg_last != 0)
820				ctl_enqueue_isc(io);
821			break;
822		}
823		/* Performed on the Serializing (primary) SC, XFER mode only */
824		case CTL_MSG_DATAMOVE_DONE: {
825			if (msg_info.hdr.serializing_sc == NULL) {
826				printf("%s: serializing_sc == NULL!\n",
827				       __func__);
828				/* XXX KDM now what? */
829				break;
830			}
831			/*
832			 * We grab the sense information here in case
833			 * there was a failure, so we can return status
834			 * back to the initiator.
835			 */
836			io = msg_info.hdr.serializing_sc;
837			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
838			io->io_hdr.status = msg_info.hdr.status;
839			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
840			io->scsiio.sense_len = msg_info.scsi.sense_len;
841			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
842			io->io_hdr.port_status = msg_info.scsi.fetd_status;
843			io->scsiio.residual = msg_info.scsi.residual;
844			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
845			       sizeof(io->scsiio.sense_data));
846			ctl_enqueue_isc(io);
847			break;
848		}
849
850		/* Preformed on Originating SC, SER_ONLY mode */
851		case CTL_MSG_R2R:
852			io = msg_info.hdr.original_sc;
853			if (io == NULL) {
854				printf("%s: Major Bummer\n", __func__);
855				return;
856			} else {
857#if 0
858				printf("pOrig %x\n",(int) ctsio);
859#endif
860			}
861			io->io_hdr.msg_type = CTL_MSG_R2R;
862			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
863			ctl_enqueue_isc(io);
864			break;
865
866		/*
867		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
868		 * mode.
869		 * Performed on the Originating (i.e. secondary) SC in XFER
870		 * mode
871		 */
872		case CTL_MSG_FINISH_IO:
873			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
874				ctl_isc_handler_finish_xfer(ctl_softc,
875							    &msg_info);
876			else
877				ctl_isc_handler_finish_ser_only(ctl_softc,
878								&msg_info);
879			break;
880
881		/* Preformed on Originating SC */
882		case CTL_MSG_BAD_JUJU:
883			io = msg_info.hdr.original_sc;
884			if (io == NULL) {
885				printf("%s: Bad JUJU!, original_sc is NULL!\n",
886				       __func__);
887				break;
888			}
889			ctl_copy_sense_data(&msg_info, io);
890			/*
891			 * IO should have already been cleaned up on other
892			 * SC so clear this flag so we won't send a message
893			 * back to finish the IO there.
894			 */
895			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
896			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
897
898			/* io = msg_info.hdr.serializing_sc; */
899			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
900			ctl_enqueue_isc(io);
901			break;
902
903		/* Handle resets sent from the other side */
904		case CTL_MSG_MANAGE_TASKS: {
905			struct ctl_taskio *taskio;
906			taskio = (struct ctl_taskio *)ctl_alloc_io(
907				(void *)ctl_softc->othersc_pool);
908			if (taskio == NULL) {
909				printf("ctl_isc_event_handler: can't allocate "
910				       "ctl_io!\n");
911				/* Bad Juju */
912				/* should I just call the proper reset func
913				   here??? */
914				goto bailout;
915			}
916			ctl_zero_io((union ctl_io *)taskio);
917			taskio->io_hdr.io_type = CTL_IO_TASK;
918			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
919			taskio->io_hdr.nexus = msg_info.hdr.nexus;
920			taskio->task_action = msg_info.task.task_action;
921			taskio->tag_num = msg_info.task.tag_num;
922			taskio->tag_type = msg_info.task.tag_type;
923#ifdef CTL_TIME_IO
924			taskio->io_hdr.start_time = time_uptime;
925			getbintime(&taskio->io_hdr.start_bt);
926#if 0
927			cs_prof_gettime(&taskio->io_hdr.start_ticks);
928#endif
929#endif /* CTL_TIME_IO */
930			ctl_run_task((union ctl_io *)taskio);
931			break;
932		}
933		/* Persistent Reserve action which needs attention */
934		case CTL_MSG_PERS_ACTION:
935			presio = (struct ctl_prio *)ctl_alloc_io(
936				(void *)ctl_softc->othersc_pool);
937			if (presio == NULL) {
938				printf("ctl_isc_event_handler: can't allocate "
939				       "ctl_io!\n");
940				/* Bad Juju */
941				/* Need to set busy and send msg back */
942				goto bailout;
943			}
944			ctl_zero_io((union ctl_io *)presio);
945			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
946			presio->pr_msg = msg_info.pr;
947			ctl_enqueue_isc((union ctl_io *)presio);
948			break;
949		case CTL_MSG_SYNC_FE:
950			rcv_sync_msg = 1;
951			break;
952		case CTL_MSG_APS_LOCK: {
953			// It's quicker to execute this then to
954			// queue it.
955			struct ctl_lun *lun;
956			struct ctl_page_index *page_index;
957			struct copan_aps_subpage *current_sp;
958			uint32_t targ_lun;
959
960			targ_lun = msg_info.hdr.nexus.targ_mapped_lun;
961			lun = ctl_softc->ctl_luns[targ_lun];
962			mtx_lock(&lun->lun_lock);
963			page_index = &lun->mode_pages.index[index_to_aps_page];
964			current_sp = (struct copan_aps_subpage *)
965				     (page_index->page_data +
966				     (page_index->page_len * CTL_PAGE_CURRENT));
967
968			current_sp->lock_active = msg_info.aps.lock_flag;
969			mtx_unlock(&lun->lun_lock);
970		        break;
971		}
972		default:
973		        printf("How did I get here?\n");
974		}
975	} else if (event == CTL_HA_EVT_MSG_SENT) {
976		if (param != CTL_HA_STATUS_SUCCESS) {
977			printf("Bad status from ctl_ha_msg_send status %d\n",
978			       param);
979		}
980		return;
981	} else if (event == CTL_HA_EVT_DISCONNECT) {
982		printf("CTL: Got a disconnect from Isc\n");
983		return;
984	} else {
985		printf("ctl_isc_event_handler: Unknown event %d\n", event);
986		return;
987	}
988
989bailout:
990	return;
991}
992
993static void
994ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
995{
996	struct scsi_sense_data *sense;
997
998	sense = &dest->scsiio.sense_data;
999	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
1000	dest->scsiio.scsi_status = src->scsi.scsi_status;
1001	dest->scsiio.sense_len = src->scsi.sense_len;
1002	dest->io_hdr.status = src->hdr.status;
1003}
1004
1005static int
1006ctl_init(void)
1007{
1008	struct ctl_softc *softc;
1009	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
1010	struct ctl_port *port;
1011        uint8_t sc_id =0;
1012	int i, error, retval;
1013	//int isc_retval;
1014
1015	retval = 0;
1016	ctl_pause_rtr = 0;
1017        rcv_sync_msg = 0;
1018
1019	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1020			       M_WAITOK | M_ZERO);
1021	softc = control_softc;
1022
1023	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1024			      "cam/ctl");
1025
1026	softc->dev->si_drv1 = softc;
1027
1028	/*
1029	 * By default, return a "bad LUN" peripheral qualifier for unknown
1030	 * LUNs.  The user can override this default using the tunable or
1031	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
1032	 */
1033	softc->inquiry_pq_no_lun = 1;
1034	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
1035			  &softc->inquiry_pq_no_lun);
1036	sysctl_ctx_init(&softc->sysctl_ctx);
1037	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1038		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1039		CTLFLAG_RD, 0, "CAM Target Layer");
1040
1041	if (softc->sysctl_tree == NULL) {
1042		printf("%s: unable to allocate sysctl tree\n", __func__);
1043		destroy_dev(softc->dev);
1044		free(control_softc, M_DEVBUF);
1045		control_softc = NULL;
1046		return (ENOMEM);
1047	}
1048
1049	SYSCTL_ADD_INT(&softc->sysctl_ctx,
1050		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
1051		       "inquiry_pq_no_lun", CTLFLAG_RW,
1052		       &softc->inquiry_pq_no_lun, 0,
1053		       "Report no lun possible for invalid LUNs");
1054
1055	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1056	mtx_init(&softc->pool_lock, "CTL pool mutex", NULL, MTX_DEF);
1057	softc->open_count = 0;
1058
1059	/*
1060	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1061	 * the drive.
1062	 */
1063	softc->flags = CTL_FLAG_REAL_SYNC;
1064
1065	/*
1066	 * In Copan's HA scheme, the "master" and "slave" roles are
1067	 * figured out through the slot the controller is in.  Although it
1068	 * is an active/active system, someone has to be in charge.
1069 	 */
1070#ifdef NEEDTOPORT
1071        scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
1072#endif
1073
1074        if (sc_id == 0) {
1075		softc->flags |= CTL_FLAG_MASTER_SHELF;
1076		persis_offset = 0;
1077	} else
1078		persis_offset = CTL_MAX_INITIATORS;
1079
1080	/*
1081	 * XXX KDM need to figure out where we want to get our target ID
1082	 * and WWID.  Is it different on each port?
1083	 */
1084	softc->target.id = 0;
1085	softc->target.wwid[0] = 0x12345678;
1086	softc->target.wwid[1] = 0x87654321;
1087	STAILQ_INIT(&softc->lun_list);
1088	STAILQ_INIT(&softc->pending_lun_queue);
1089	STAILQ_INIT(&softc->fe_list);
1090	STAILQ_INIT(&softc->port_list);
1091	STAILQ_INIT(&softc->be_list);
1092	STAILQ_INIT(&softc->io_pools);
1093	ctl_tpc_init(softc);
1094
1095	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1096			    &internal_pool)!= 0){
1097		printf("ctl: can't allocate %d entry internal pool, "
1098		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1099		return (ENOMEM);
1100	}
1101
1102	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1103			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1104		printf("ctl: can't allocate %d entry emergency pool, "
1105		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1106		ctl_pool_free(internal_pool);
1107		return (ENOMEM);
1108	}
1109
1110	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1111	                    &other_pool) != 0)
1112	{
1113		printf("ctl: can't allocate %d entry other SC pool, "
1114		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1115		ctl_pool_free(internal_pool);
1116		ctl_pool_free(emergency_pool);
1117		return (ENOMEM);
1118	}
1119
1120	softc->internal_pool = internal_pool;
1121	softc->emergency_pool = emergency_pool;
1122	softc->othersc_pool = other_pool;
1123
1124	if (worker_threads <= 0)
1125		worker_threads = max(1, mp_ncpus / 4);
1126	if (worker_threads > CTL_MAX_THREADS)
1127		worker_threads = CTL_MAX_THREADS;
1128
1129	for (i = 0; i < worker_threads; i++) {
1130		struct ctl_thread *thr = &softc->threads[i];
1131
1132		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1133		thr->ctl_softc = softc;
1134		STAILQ_INIT(&thr->incoming_queue);
1135		STAILQ_INIT(&thr->rtr_queue);
1136		STAILQ_INIT(&thr->done_queue);
1137		STAILQ_INIT(&thr->isc_queue);
1138
1139		error = kproc_kthread_add(ctl_work_thread, thr,
1140		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1141		if (error != 0) {
1142			printf("error creating CTL work thread!\n");
1143			ctl_pool_free(internal_pool);
1144			ctl_pool_free(emergency_pool);
1145			ctl_pool_free(other_pool);
1146			return (error);
1147		}
1148	}
1149	error = kproc_kthread_add(ctl_lun_thread, softc,
1150	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1151	if (error != 0) {
1152		printf("error creating CTL lun thread!\n");
1153		ctl_pool_free(internal_pool);
1154		ctl_pool_free(emergency_pool);
1155		ctl_pool_free(other_pool);
1156		return (error);
1157	}
1158	if (bootverbose)
1159		printf("ctl: CAM Target Layer loaded\n");
1160
1161	/*
1162	 * Initialize the ioctl front end.
1163	 */
1164	ctl_frontend_register(&ioctl_frontend);
1165	port = &softc->ioctl_info.port;
1166	port->frontend = &ioctl_frontend;
1167	sprintf(softc->ioctl_info.port_name, "ioctl");
1168	port->port_type = CTL_PORT_IOCTL;
1169	port->num_requested_ctl_io = 100;
1170	port->port_name = softc->ioctl_info.port_name;
1171	port->port_online = ctl_ioctl_online;
1172	port->port_offline = ctl_ioctl_offline;
1173	port->onoff_arg = &softc->ioctl_info;
1174	port->lun_enable = ctl_ioctl_lun_enable;
1175	port->lun_disable = ctl_ioctl_lun_disable;
1176	port->targ_lun_arg = &softc->ioctl_info;
1177	port->fe_datamove = ctl_ioctl_datamove;
1178	port->fe_done = ctl_ioctl_done;
1179	port->max_targets = 15;
1180	port->max_target_id = 15;
1181
1182	if (ctl_port_register(&softc->ioctl_info.port,
1183	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1184		printf("ctl: ioctl front end registration failed, will "
1185		       "continue anyway\n");
1186	}
1187
1188#ifdef CTL_IO_DELAY
1189	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1190		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1191		       sizeof(struct callout), CTL_TIMER_BYTES);
1192		return (EINVAL);
1193	}
1194#endif /* CTL_IO_DELAY */
1195
1196	return (0);
1197}
1198
1199void
1200ctl_shutdown(void)
1201{
1202	struct ctl_softc *softc;
1203	struct ctl_lun *lun, *next_lun;
1204	struct ctl_io_pool *pool;
1205
1206	softc = (struct ctl_softc *)control_softc;
1207
1208	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1209		printf("ctl: ioctl front end deregistration failed\n");
1210
1211	mtx_lock(&softc->ctl_lock);
1212
1213	/*
1214	 * Free up each LUN.
1215	 */
1216	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1217		next_lun = STAILQ_NEXT(lun, links);
1218		ctl_free_lun(lun);
1219	}
1220
1221	mtx_unlock(&softc->ctl_lock);
1222
1223	ctl_frontend_deregister(&ioctl_frontend);
1224
1225	/*
1226	 * This will rip the rug out from under any FETDs or anyone else
1227	 * that has a pool allocated.  Since we increment our module
1228	 * refcount any time someone outside the main CTL module allocates
1229	 * a pool, we shouldn't have any problems here.  The user won't be
1230	 * able to unload the CTL module until client modules have
1231	 * successfully unloaded.
1232	 */
1233	while ((pool = STAILQ_FIRST(&softc->io_pools)) != NULL)
1234		ctl_pool_free(pool);
1235
1236#if 0
1237	ctl_shutdown_thread(softc->work_thread);
1238	mtx_destroy(&softc->queue_lock);
1239#endif
1240
1241	ctl_tpc_shutdown(softc);
1242	mtx_destroy(&softc->pool_lock);
1243	mtx_destroy(&softc->ctl_lock);
1244
1245	destroy_dev(softc->dev);
1246
1247	sysctl_ctx_free(&softc->sysctl_ctx);
1248
1249	free(control_softc, M_DEVBUF);
1250	control_softc = NULL;
1251
1252	if (bootverbose)
1253		printf("ctl: CAM Target Layer unloaded\n");
1254}
1255
1256static int
1257ctl_module_event_handler(module_t mod, int what, void *arg)
1258{
1259
1260	switch (what) {
1261	case MOD_LOAD:
1262		return (ctl_init());
1263	case MOD_UNLOAD:
1264		return (EBUSY);
1265	default:
1266		return (EOPNOTSUPP);
1267	}
1268}
1269
1270/*
1271 * XXX KDM should we do some access checks here?  Bump a reference count to
1272 * prevent a CTL module from being unloaded while someone has it open?
1273 */
1274static int
1275ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1276{
1277	return (0);
1278}
1279
1280static int
1281ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1282{
1283	return (0);
1284}
1285
1286int
1287ctl_port_enable(ctl_port_type port_type)
1288{
1289	struct ctl_softc *softc;
1290	struct ctl_port *port;
1291
1292	if (ctl_is_single == 0) {
1293		union ctl_ha_msg msg_info;
1294		int isc_retval;
1295
1296#if 0
1297		printf("%s: HA mode, synchronizing frontend enable\n",
1298		        __func__);
1299#endif
1300		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1301	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1302		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1303			printf("Sync msg send error retval %d\n", isc_retval);
1304		}
1305		if (!rcv_sync_msg) {
1306			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1307			        sizeof(msg_info), 1);
1308		}
1309#if 0
1310        	printf("CTL:Frontend Enable\n");
1311	} else {
1312		printf("%s: single mode, skipping frontend synchronization\n",
1313		        __func__);
1314#endif
1315	}
1316
1317	softc = control_softc;
1318
1319	STAILQ_FOREACH(port, &softc->port_list, links) {
1320		if (port_type & port->port_type)
1321		{
1322#if 0
1323			printf("port %d\n", port->targ_port);
1324#endif
1325			ctl_port_online(port);
1326		}
1327	}
1328
1329	return (0);
1330}
1331
1332int
1333ctl_port_disable(ctl_port_type port_type)
1334{
1335	struct ctl_softc *softc;
1336	struct ctl_port *port;
1337
1338	softc = control_softc;
1339
1340	STAILQ_FOREACH(port, &softc->port_list, links) {
1341		if (port_type & port->port_type)
1342			ctl_port_offline(port);
1343	}
1344
1345	return (0);
1346}
1347
1348/*
1349 * Returns 0 for success, 1 for failure.
1350 * Currently the only failure mode is if there aren't enough entries
1351 * allocated.  So, in case of a failure, look at num_entries_dropped,
1352 * reallocate and try again.
1353 */
1354int
1355ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1356	      int *num_entries_filled, int *num_entries_dropped,
1357	      ctl_port_type port_type, int no_virtual)
1358{
1359	struct ctl_softc *softc;
1360	struct ctl_port *port;
1361	int entries_dropped, entries_filled;
1362	int retval;
1363	int i;
1364
1365	softc = control_softc;
1366
1367	retval = 0;
1368	entries_filled = 0;
1369	entries_dropped = 0;
1370
1371	i = 0;
1372	mtx_lock(&softc->ctl_lock);
1373	STAILQ_FOREACH(port, &softc->port_list, links) {
1374		struct ctl_port_entry *entry;
1375
1376		if ((port->port_type & port_type) == 0)
1377			continue;
1378
1379		if ((no_virtual != 0)
1380		 && (port->virtual_port != 0))
1381			continue;
1382
1383		if (entries_filled >= num_entries_alloced) {
1384			entries_dropped++;
1385			continue;
1386		}
1387		entry = &entries[i];
1388
1389		entry->port_type = port->port_type;
1390		strlcpy(entry->port_name, port->port_name,
1391			sizeof(entry->port_name));
1392		entry->physical_port = port->physical_port;
1393		entry->virtual_port = port->virtual_port;
1394		entry->wwnn = port->wwnn;
1395		entry->wwpn = port->wwpn;
1396
1397		i++;
1398		entries_filled++;
1399	}
1400
1401	mtx_unlock(&softc->ctl_lock);
1402
1403	if (entries_dropped > 0)
1404		retval = 1;
1405
1406	*num_entries_dropped = entries_dropped;
1407	*num_entries_filled = entries_filled;
1408
1409	return (retval);
1410}
1411
1412static void
1413ctl_ioctl_online(void *arg)
1414{
1415	struct ctl_ioctl_info *ioctl_info;
1416
1417	ioctl_info = (struct ctl_ioctl_info *)arg;
1418
1419	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1420}
1421
1422static void
1423ctl_ioctl_offline(void *arg)
1424{
1425	struct ctl_ioctl_info *ioctl_info;
1426
1427	ioctl_info = (struct ctl_ioctl_info *)arg;
1428
1429	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1430}
1431
1432/*
1433 * Remove an initiator by port number and initiator ID.
1434 * Returns 0 for success, -1 for failure.
1435 */
1436int
1437ctl_remove_initiator(struct ctl_port *port, int iid)
1438{
1439	struct ctl_softc *softc = control_softc;
1440
1441	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1442
1443	if (iid > CTL_MAX_INIT_PER_PORT) {
1444		printf("%s: initiator ID %u > maximun %u!\n",
1445		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1446		return (-1);
1447	}
1448
1449	mtx_lock(&softc->ctl_lock);
1450	port->wwpn_iid[iid].in_use--;
1451	port->wwpn_iid[iid].last_use = time_uptime;
1452	mtx_unlock(&softc->ctl_lock);
1453
1454	return (0);
1455}
1456
1457/*
1458 * Add an initiator to the initiator map.
1459 * Returns iid for success, < 0 for failure.
1460 */
1461int
1462ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1463{
1464	struct ctl_softc *softc = control_softc;
1465	time_t best_time;
1466	int i, best;
1467
1468	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1469
1470	if (iid >= CTL_MAX_INIT_PER_PORT) {
1471		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1472		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1473		free(name, M_CTL);
1474		return (-1);
1475	}
1476
1477	mtx_lock(&softc->ctl_lock);
1478
1479	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1480		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1481			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1482				iid = i;
1483				break;
1484			}
1485			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1486			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1487				iid = i;
1488				break;
1489			}
1490		}
1491	}
1492
1493	if (iid < 0) {
1494		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1495			if (port->wwpn_iid[i].in_use == 0 &&
1496			    port->wwpn_iid[i].wwpn == 0 &&
1497			    port->wwpn_iid[i].name == NULL) {
1498				iid = i;
1499				break;
1500			}
1501		}
1502	}
1503
1504	if (iid < 0) {
1505		best = -1;
1506		best_time = INT32_MAX;
1507		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1508			if (port->wwpn_iid[i].in_use == 0) {
1509				if (port->wwpn_iid[i].last_use < best_time) {
1510					best = i;
1511					best_time = port->wwpn_iid[i].last_use;
1512				}
1513			}
1514		}
1515		iid = best;
1516	}
1517
1518	if (iid < 0) {
1519		mtx_unlock(&softc->ctl_lock);
1520		free(name, M_CTL);
1521		return (-2);
1522	}
1523
1524	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1525		/*
1526		 * This is not an error yet.
1527		 */
1528		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1529#if 0
1530			printf("%s: port %d iid %u WWPN %#jx arrived"
1531			    " again\n", __func__, port->targ_port,
1532			    iid, (uintmax_t)wwpn);
1533#endif
1534			goto take;
1535		}
1536		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1537		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1538#if 0
1539			printf("%s: port %d iid %u name '%s' arrived"
1540			    " again\n", __func__, port->targ_port,
1541			    iid, name);
1542#endif
1543			goto take;
1544		}
1545
1546		/*
1547		 * This is an error, but what do we do about it?  The
1548		 * driver is telling us we have a new WWPN for this
1549		 * initiator ID, so we pretty much need to use it.
1550		 */
1551		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1552		    " but WWPN %#jx '%s' is still at that address\n",
1553		    __func__, port->targ_port, iid, wwpn, name,
1554		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1555		    port->wwpn_iid[iid].name);
1556
1557		/*
1558		 * XXX KDM clear have_ca and ua_pending on each LUN for
1559		 * this initiator.
1560		 */
1561	}
1562take:
1563	free(port->wwpn_iid[iid].name, M_CTL);
1564	port->wwpn_iid[iid].name = name;
1565	port->wwpn_iid[iid].wwpn = wwpn;
1566	port->wwpn_iid[iid].in_use++;
1567	mtx_unlock(&softc->ctl_lock);
1568
1569	return (iid);
1570}
1571
1572static int
1573ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1574{
1575	int len;
1576
1577	switch (port->port_type) {
1578	case CTL_PORT_FC:
1579	{
1580		struct scsi_transportid_fcp *id =
1581		    (struct scsi_transportid_fcp *)buf;
1582		if (port->wwpn_iid[iid].wwpn == 0)
1583			return (0);
1584		memset(id, 0, sizeof(*id));
1585		id->format_protocol = SCSI_PROTO_FC;
1586		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1587		return (sizeof(*id));
1588	}
1589	case CTL_PORT_ISCSI:
1590	{
1591		struct scsi_transportid_iscsi_port *id =
1592		    (struct scsi_transportid_iscsi_port *)buf;
1593		if (port->wwpn_iid[iid].name == NULL)
1594			return (0);
1595		memset(id, 0, 256);
1596		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1597		    SCSI_PROTO_ISCSI;
1598		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1599		len = roundup2(min(len, 252), 4);
1600		scsi_ulto2b(len, id->additional_length);
1601		return (sizeof(*id) + len);
1602	}
1603	case CTL_PORT_SAS:
1604	{
1605		struct scsi_transportid_sas *id =
1606		    (struct scsi_transportid_sas *)buf;
1607		if (port->wwpn_iid[iid].wwpn == 0)
1608			return (0);
1609		memset(id, 0, sizeof(*id));
1610		id->format_protocol = SCSI_PROTO_SAS;
1611		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1612		return (sizeof(*id));
1613	}
1614	default:
1615	{
1616		struct scsi_transportid_spi *id =
1617		    (struct scsi_transportid_spi *)buf;
1618		memset(id, 0, sizeof(*id));
1619		id->format_protocol = SCSI_PROTO_SPI;
1620		scsi_ulto2b(iid, id->scsi_addr);
1621		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1622		return (sizeof(*id));
1623	}
1624	}
1625}
1626
1627static int
1628ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1629{
1630	return (0);
1631}
1632
1633static int
1634ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1635{
1636	return (0);
1637}
1638
1639/*
1640 * Data movement routine for the CTL ioctl frontend port.
1641 */
1642static int
1643ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1644{
1645	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1646	struct ctl_sg_entry ext_entry, kern_entry;
1647	int ext_sglen, ext_sg_entries, kern_sg_entries;
1648	int ext_sg_start, ext_offset;
1649	int len_to_copy, len_copied;
1650	int kern_watermark, ext_watermark;
1651	int ext_sglist_malloced;
1652	int i, j;
1653
1654	ext_sglist_malloced = 0;
1655	ext_sg_start = 0;
1656	ext_offset = 0;
1657
1658	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1659
1660	/*
1661	 * If this flag is set, fake the data transfer.
1662	 */
1663	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1664		ctsio->ext_data_filled = ctsio->ext_data_len;
1665		goto bailout;
1666	}
1667
1668	/*
1669	 * To simplify things here, if we have a single buffer, stick it in
1670	 * a S/G entry and just make it a single entry S/G list.
1671	 */
1672	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1673		int len_seen;
1674
1675		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1676
1677		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1678							   M_WAITOK);
1679		ext_sglist_malloced = 1;
1680		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1681				   ext_sglen) != 0) {
1682			ctl_set_internal_failure(ctsio,
1683						 /*sks_valid*/ 0,
1684						 /*retry_count*/ 0);
1685			goto bailout;
1686		}
1687		ext_sg_entries = ctsio->ext_sg_entries;
1688		len_seen = 0;
1689		for (i = 0; i < ext_sg_entries; i++) {
1690			if ((len_seen + ext_sglist[i].len) >=
1691			     ctsio->ext_data_filled) {
1692				ext_sg_start = i;
1693				ext_offset = ctsio->ext_data_filled - len_seen;
1694				break;
1695			}
1696			len_seen += ext_sglist[i].len;
1697		}
1698	} else {
1699		ext_sglist = &ext_entry;
1700		ext_sglist->addr = ctsio->ext_data_ptr;
1701		ext_sglist->len = ctsio->ext_data_len;
1702		ext_sg_entries = 1;
1703		ext_sg_start = 0;
1704		ext_offset = ctsio->ext_data_filled;
1705	}
1706
1707	if (ctsio->kern_sg_entries > 0) {
1708		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1709		kern_sg_entries = ctsio->kern_sg_entries;
1710	} else {
1711		kern_sglist = &kern_entry;
1712		kern_sglist->addr = ctsio->kern_data_ptr;
1713		kern_sglist->len = ctsio->kern_data_len;
1714		kern_sg_entries = 1;
1715	}
1716
1717
1718	kern_watermark = 0;
1719	ext_watermark = ext_offset;
1720	len_copied = 0;
1721	for (i = ext_sg_start, j = 0;
1722	     i < ext_sg_entries && j < kern_sg_entries;) {
1723		uint8_t *ext_ptr, *kern_ptr;
1724
1725		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1726				      kern_sglist[j].len - kern_watermark);
1727
1728		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1729		ext_ptr = ext_ptr + ext_watermark;
1730		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1731			/*
1732			 * XXX KDM fix this!
1733			 */
1734			panic("need to implement bus address support");
1735#if 0
1736			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1737#endif
1738		} else
1739			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1740		kern_ptr = kern_ptr + kern_watermark;
1741
1742		kern_watermark += len_to_copy;
1743		ext_watermark += len_to_copy;
1744
1745		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1746		     CTL_FLAG_DATA_IN) {
1747			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1748					 "bytes to user\n", len_to_copy));
1749			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1750					 "to %p\n", kern_ptr, ext_ptr));
1751			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1752				ctl_set_internal_failure(ctsio,
1753							 /*sks_valid*/ 0,
1754							 /*retry_count*/ 0);
1755				goto bailout;
1756			}
1757		} else {
1758			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1759					 "bytes from user\n", len_to_copy));
1760			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1761					 "to %p\n", ext_ptr, kern_ptr));
1762			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1763				ctl_set_internal_failure(ctsio,
1764							 /*sks_valid*/ 0,
1765							 /*retry_count*/0);
1766				goto bailout;
1767			}
1768		}
1769
1770		len_copied += len_to_copy;
1771
1772		if (ext_sglist[i].len == ext_watermark) {
1773			i++;
1774			ext_watermark = 0;
1775		}
1776
1777		if (kern_sglist[j].len == kern_watermark) {
1778			j++;
1779			kern_watermark = 0;
1780		}
1781	}
1782
1783	ctsio->ext_data_filled += len_copied;
1784
1785	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1786			 "kern_sg_entries: %d\n", ext_sg_entries,
1787			 kern_sg_entries));
1788	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1789			 "kern_data_len = %d\n", ctsio->ext_data_len,
1790			 ctsio->kern_data_len));
1791
1792
1793	/* XXX KDM set residual?? */
1794bailout:
1795
1796	if (ext_sglist_malloced != 0)
1797		free(ext_sglist, M_CTL);
1798
1799	return (CTL_RETVAL_COMPLETE);
1800}
1801
1802/*
1803 * Serialize a command that went down the "wrong" side, and so was sent to
1804 * this controller for execution.  The logic is a little different than the
1805 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1806 * sent back to the other side, but in the success case, we execute the
1807 * command on this side (XFER mode) or tell the other side to execute it
1808 * (SER_ONLY mode).
1809 */
1810static int
1811ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1812{
1813	struct ctl_softc *ctl_softc;
1814	union ctl_ha_msg msg_info;
1815	struct ctl_lun *lun;
1816	int retval = 0;
1817	uint32_t targ_lun;
1818
1819	ctl_softc = control_softc;
1820
1821	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1822	lun = ctl_softc->ctl_luns[targ_lun];
1823	if (lun==NULL)
1824	{
1825		/*
1826		 * Why isn't LUN defined? The other side wouldn't
1827		 * send a cmd if the LUN is undefined.
1828		 */
1829		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1830
1831		/* "Logical unit not supported" */
1832		ctl_set_sense_data(&msg_info.scsi.sense_data,
1833				   lun,
1834				   /*sense_format*/SSD_TYPE_NONE,
1835				   /*current_error*/ 1,
1836				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1837				   /*asc*/ 0x25,
1838				   /*ascq*/ 0x00,
1839				   SSD_ELEM_NONE);
1840
1841		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1842		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1843		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1844		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1845		msg_info.hdr.serializing_sc = NULL;
1846		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1847	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1848				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1849		}
1850		return(1);
1851
1852	}
1853
1854	mtx_lock(&lun->lun_lock);
1855    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1856
1857	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1858		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1859		 ooa_links))) {
1860	case CTL_ACTION_BLOCK:
1861		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1862		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1863				  blocked_links);
1864		break;
1865	case CTL_ACTION_PASS:
1866	case CTL_ACTION_SKIP:
1867		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1868			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1869			ctl_enqueue_rtr((union ctl_io *)ctsio);
1870		} else {
1871
1872			/* send msg back to other side */
1873			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1874			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1875			msg_info.hdr.msg_type = CTL_MSG_R2R;
1876#if 0
1877			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1878#endif
1879		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1880			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1881			}
1882		}
1883		break;
1884	case CTL_ACTION_OVERLAP:
1885		/* OVERLAPPED COMMANDS ATTEMPTED */
1886		ctl_set_sense_data(&msg_info.scsi.sense_data,
1887				   lun,
1888				   /*sense_format*/SSD_TYPE_NONE,
1889				   /*current_error*/ 1,
1890				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1891				   /*asc*/ 0x4E,
1892				   /*ascq*/ 0x00,
1893				   SSD_ELEM_NONE);
1894
1895		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1896		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1897		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1898		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1899		msg_info.hdr.serializing_sc = NULL;
1900		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1901#if 0
1902		printf("BAD JUJU:Major Bummer Overlap\n");
1903#endif
1904		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1905		retval = 1;
1906		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1907		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1908		}
1909		break;
1910	case CTL_ACTION_OVERLAP_TAG:
1911		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1912		ctl_set_sense_data(&msg_info.scsi.sense_data,
1913				   lun,
1914				   /*sense_format*/SSD_TYPE_NONE,
1915				   /*current_error*/ 1,
1916				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1917				   /*asc*/ 0x4D,
1918				   /*ascq*/ ctsio->tag_num & 0xff,
1919				   SSD_ELEM_NONE);
1920
1921		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1922		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1923		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1924		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1925		msg_info.hdr.serializing_sc = NULL;
1926		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1927#if 0
1928		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1929#endif
1930		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1931		retval = 1;
1932		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1933		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1934		}
1935		break;
1936	case CTL_ACTION_ERROR:
1937	default:
1938		/* "Internal target failure" */
1939		ctl_set_sense_data(&msg_info.scsi.sense_data,
1940				   lun,
1941				   /*sense_format*/SSD_TYPE_NONE,
1942				   /*current_error*/ 1,
1943				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1944				   /*asc*/ 0x44,
1945				   /*ascq*/ 0x00,
1946				   SSD_ELEM_NONE);
1947
1948		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1949		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1950		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1951		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1952		msg_info.hdr.serializing_sc = NULL;
1953		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1954#if 0
1955		printf("BAD JUJU:Major Bummer HW Error\n");
1956#endif
1957		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1958		retval = 1;
1959		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1960		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1961		}
1962		break;
1963	}
1964	mtx_unlock(&lun->lun_lock);
1965	return (retval);
1966}
1967
1968static int
1969ctl_ioctl_submit_wait(union ctl_io *io)
1970{
1971	struct ctl_fe_ioctl_params params;
1972	ctl_fe_ioctl_state last_state;
1973	int done, retval;
1974
1975	retval = 0;
1976
1977	bzero(&params, sizeof(params));
1978
1979	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1980	cv_init(&params.sem, "ctlioccv");
1981	params.state = CTL_IOCTL_INPROG;
1982	last_state = params.state;
1983
1984	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1985
1986	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1987
1988	/* This shouldn't happen */
1989	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1990		return (retval);
1991
1992	done = 0;
1993
1994	do {
1995		mtx_lock(&params.ioctl_mtx);
1996		/*
1997		 * Check the state here, and don't sleep if the state has
1998		 * already changed (i.e. wakeup has already occured, but we
1999		 * weren't waiting yet).
2000		 */
2001		if (params.state == last_state) {
2002			/* XXX KDM cv_wait_sig instead? */
2003			cv_wait(&params.sem, &params.ioctl_mtx);
2004		}
2005		last_state = params.state;
2006
2007		switch (params.state) {
2008		case CTL_IOCTL_INPROG:
2009			/* Why did we wake up? */
2010			/* XXX KDM error here? */
2011			mtx_unlock(&params.ioctl_mtx);
2012			break;
2013		case CTL_IOCTL_DATAMOVE:
2014			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
2015
2016			/*
2017			 * change last_state back to INPROG to avoid
2018			 * deadlock on subsequent data moves.
2019			 */
2020			params.state = last_state = CTL_IOCTL_INPROG;
2021
2022			mtx_unlock(&params.ioctl_mtx);
2023			ctl_ioctl_do_datamove(&io->scsiio);
2024			/*
2025			 * Note that in some cases, most notably writes,
2026			 * this will queue the I/O and call us back later.
2027			 * In other cases, generally reads, this routine
2028			 * will immediately call back and wake us up,
2029			 * probably using our own context.
2030			 */
2031			io->scsiio.be_move_done(io);
2032			break;
2033		case CTL_IOCTL_DONE:
2034			mtx_unlock(&params.ioctl_mtx);
2035			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
2036			done = 1;
2037			break;
2038		default:
2039			mtx_unlock(&params.ioctl_mtx);
2040			/* XXX KDM error here? */
2041			break;
2042		}
2043	} while (done == 0);
2044
2045	mtx_destroy(&params.ioctl_mtx);
2046	cv_destroy(&params.sem);
2047
2048	return (CTL_RETVAL_COMPLETE);
2049}
2050
2051static void
2052ctl_ioctl_datamove(union ctl_io *io)
2053{
2054	struct ctl_fe_ioctl_params *params;
2055
2056	params = (struct ctl_fe_ioctl_params *)
2057		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2058
2059	mtx_lock(&params->ioctl_mtx);
2060	params->state = CTL_IOCTL_DATAMOVE;
2061	cv_broadcast(&params->sem);
2062	mtx_unlock(&params->ioctl_mtx);
2063}
2064
2065static void
2066ctl_ioctl_done(union ctl_io *io)
2067{
2068	struct ctl_fe_ioctl_params *params;
2069
2070	params = (struct ctl_fe_ioctl_params *)
2071		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2072
2073	mtx_lock(&params->ioctl_mtx);
2074	params->state = CTL_IOCTL_DONE;
2075	cv_broadcast(&params->sem);
2076	mtx_unlock(&params->ioctl_mtx);
2077}
2078
2079static void
2080ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
2081{
2082	struct ctl_fe_ioctl_startstop_info *sd_info;
2083
2084	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
2085
2086	sd_info->hs_info.status = metatask->status;
2087	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
2088	sd_info->hs_info.luns_complete =
2089		metatask->taskinfo.startstop.luns_complete;
2090	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
2091
2092	cv_broadcast(&sd_info->sem);
2093}
2094
2095static void
2096ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
2097{
2098	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
2099
2100	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
2101
2102	mtx_lock(fe_bbr_info->lock);
2103	fe_bbr_info->bbr_info->status = metatask->status;
2104	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2105	fe_bbr_info->wakeup_done = 1;
2106	mtx_unlock(fe_bbr_info->lock);
2107
2108	cv_broadcast(&fe_bbr_info->sem);
2109}
2110
2111/*
2112 * Returns 0 for success, errno for failure.
2113 */
2114static int
2115ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2116		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2117{
2118	union ctl_io *io;
2119	int retval;
2120
2121	retval = 0;
2122
2123	mtx_lock(&lun->lun_lock);
2124	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2125	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2126	     ooa_links)) {
2127		struct ctl_ooa_entry *entry;
2128
2129		/*
2130		 * If we've got more than we can fit, just count the
2131		 * remaining entries.
2132		 */
2133		if (*cur_fill_num >= ooa_hdr->alloc_num)
2134			continue;
2135
2136		entry = &kern_entries[*cur_fill_num];
2137
2138		entry->tag_num = io->scsiio.tag_num;
2139		entry->lun_num = lun->lun;
2140#ifdef CTL_TIME_IO
2141		entry->start_bt = io->io_hdr.start_bt;
2142#endif
2143		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2144		entry->cdb_len = io->scsiio.cdb_len;
2145		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2146			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2147
2148		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2149			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2150
2151		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2152			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2153
2154		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2155			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2156
2157		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2158			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2159	}
2160	mtx_unlock(&lun->lun_lock);
2161
2162	return (retval);
2163}
2164
2165static void *
2166ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2167		 size_t error_str_len)
2168{
2169	void *kptr;
2170
2171	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2172
2173	if (copyin(user_addr, kptr, len) != 0) {
2174		snprintf(error_str, error_str_len, "Error copying %d bytes "
2175			 "from user address %p to kernel address %p", len,
2176			 user_addr, kptr);
2177		free(kptr, M_CTL);
2178		return (NULL);
2179	}
2180
2181	return (kptr);
2182}
2183
2184static void
2185ctl_free_args(int num_args, struct ctl_be_arg *args)
2186{
2187	int i;
2188
2189	if (args == NULL)
2190		return;
2191
2192	for (i = 0; i < num_args; i++) {
2193		free(args[i].kname, M_CTL);
2194		free(args[i].kvalue, M_CTL);
2195	}
2196
2197	free(args, M_CTL);
2198}
2199
2200static struct ctl_be_arg *
2201ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2202		char *error_str, size_t error_str_len)
2203{
2204	struct ctl_be_arg *args;
2205	int i;
2206
2207	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2208				error_str, error_str_len);
2209
2210	if (args == NULL)
2211		goto bailout;
2212
2213	for (i = 0; i < num_args; i++) {
2214		args[i].kname = NULL;
2215		args[i].kvalue = NULL;
2216	}
2217
2218	for (i = 0; i < num_args; i++) {
2219		uint8_t *tmpptr;
2220
2221		args[i].kname = ctl_copyin_alloc(args[i].name,
2222			args[i].namelen, error_str, error_str_len);
2223		if (args[i].kname == NULL)
2224			goto bailout;
2225
2226		if (args[i].kname[args[i].namelen - 1] != '\0') {
2227			snprintf(error_str, error_str_len, "Argument %d "
2228				 "name is not NUL-terminated", i);
2229			goto bailout;
2230		}
2231
2232		if (args[i].flags & CTL_BEARG_RD) {
2233			tmpptr = ctl_copyin_alloc(args[i].value,
2234				args[i].vallen, error_str, error_str_len);
2235			if (tmpptr == NULL)
2236				goto bailout;
2237			if ((args[i].flags & CTL_BEARG_ASCII)
2238			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2239				snprintf(error_str, error_str_len, "Argument "
2240				    "%d value is not NUL-terminated", i);
2241				goto bailout;
2242			}
2243			args[i].kvalue = tmpptr;
2244		} else {
2245			args[i].kvalue = malloc(args[i].vallen,
2246			    M_CTL, M_WAITOK | M_ZERO);
2247		}
2248	}
2249
2250	return (args);
2251bailout:
2252
2253	ctl_free_args(num_args, args);
2254
2255	return (NULL);
2256}
2257
2258static void
2259ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2260{
2261	int i;
2262
2263	for (i = 0; i < num_args; i++) {
2264		if (args[i].flags & CTL_BEARG_WR)
2265			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2266	}
2267}
2268
2269/*
2270 * Escape characters that are illegal or not recommended in XML.
2271 */
2272int
2273ctl_sbuf_printf_esc(struct sbuf *sb, char *str)
2274{
2275	int retval;
2276
2277	retval = 0;
2278
2279	for (; *str; str++) {
2280		switch (*str) {
2281		case '&':
2282			retval = sbuf_printf(sb, "&amp;");
2283			break;
2284		case '>':
2285			retval = sbuf_printf(sb, "&gt;");
2286			break;
2287		case '<':
2288			retval = sbuf_printf(sb, "&lt;");
2289			break;
2290		default:
2291			retval = sbuf_putc(sb, *str);
2292			break;
2293		}
2294
2295		if (retval != 0)
2296			break;
2297
2298	}
2299
2300	return (retval);
2301}
2302
2303static void
2304ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2305{
2306	struct scsi_vpd_id_descriptor *desc;
2307	int i;
2308
2309	if (id == NULL || id->len < 4)
2310		return;
2311	desc = (struct scsi_vpd_id_descriptor *)id->data;
2312	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2313	case SVPD_ID_TYPE_T10:
2314		sbuf_printf(sb, "t10.");
2315		break;
2316	case SVPD_ID_TYPE_EUI64:
2317		sbuf_printf(sb, "eui.");
2318		break;
2319	case SVPD_ID_TYPE_NAA:
2320		sbuf_printf(sb, "naa.");
2321		break;
2322	case SVPD_ID_TYPE_SCSI_NAME:
2323		break;
2324	}
2325	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2326	case SVPD_ID_CODESET_BINARY:
2327		for (i = 0; i < desc->length; i++)
2328			sbuf_printf(sb, "%02x", desc->identifier[i]);
2329		break;
2330	case SVPD_ID_CODESET_ASCII:
2331		sbuf_printf(sb, "%.*s", (int)desc->length,
2332		    (char *)desc->identifier);
2333		break;
2334	case SVPD_ID_CODESET_UTF8:
2335		sbuf_printf(sb, "%s", (char *)desc->identifier);
2336		break;
2337	}
2338}
2339
2340static int
2341ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2342	  struct thread *td)
2343{
2344	struct ctl_softc *softc;
2345	int retval;
2346
2347	softc = control_softc;
2348
2349	retval = 0;
2350
2351	switch (cmd) {
2352	case CTL_IO: {
2353		union ctl_io *io;
2354		void *pool_tmp;
2355
2356		/*
2357		 * If we haven't been "enabled", don't allow any SCSI I/O
2358		 * to this FETD.
2359		 */
2360		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2361			retval = EPERM;
2362			break;
2363		}
2364
2365		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2366		if (io == NULL) {
2367			printf("ctl_ioctl: can't allocate ctl_io!\n");
2368			retval = ENOSPC;
2369			break;
2370		}
2371
2372		/*
2373		 * Need to save the pool reference so it doesn't get
2374		 * spammed by the user's ctl_io.
2375		 */
2376		pool_tmp = io->io_hdr.pool;
2377
2378		memcpy(io, (void *)addr, sizeof(*io));
2379
2380		io->io_hdr.pool = pool_tmp;
2381		/*
2382		 * No status yet, so make sure the status is set properly.
2383		 */
2384		io->io_hdr.status = CTL_STATUS_NONE;
2385
2386		/*
2387		 * The user sets the initiator ID, target and LUN IDs.
2388		 */
2389		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2390		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2391		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2392		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2393			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2394
2395		retval = ctl_ioctl_submit_wait(io);
2396
2397		if (retval != 0) {
2398			ctl_free_io(io);
2399			break;
2400		}
2401
2402		memcpy((void *)addr, io, sizeof(*io));
2403
2404		/* return this to our pool */
2405		ctl_free_io(io);
2406
2407		break;
2408	}
2409	case CTL_ENABLE_PORT:
2410	case CTL_DISABLE_PORT:
2411	case CTL_SET_PORT_WWNS: {
2412		struct ctl_port *port;
2413		struct ctl_port_entry *entry;
2414
2415		entry = (struct ctl_port_entry *)addr;
2416
2417		mtx_lock(&softc->ctl_lock);
2418		STAILQ_FOREACH(port, &softc->port_list, links) {
2419			int action, done;
2420
2421			action = 0;
2422			done = 0;
2423
2424			if ((entry->port_type == CTL_PORT_NONE)
2425			 && (entry->targ_port == port->targ_port)) {
2426				/*
2427				 * If the user only wants to enable or
2428				 * disable or set WWNs on a specific port,
2429				 * do the operation and we're done.
2430				 */
2431				action = 1;
2432				done = 1;
2433			} else if (entry->port_type & port->port_type) {
2434				/*
2435				 * Compare the user's type mask with the
2436				 * particular frontend type to see if we
2437				 * have a match.
2438				 */
2439				action = 1;
2440				done = 0;
2441
2442				/*
2443				 * Make sure the user isn't trying to set
2444				 * WWNs on multiple ports at the same time.
2445				 */
2446				if (cmd == CTL_SET_PORT_WWNS) {
2447					printf("%s: Can't set WWNs on "
2448					       "multiple ports\n", __func__);
2449					retval = EINVAL;
2450					break;
2451				}
2452			}
2453			if (action != 0) {
2454				/*
2455				 * XXX KDM we have to drop the lock here,
2456				 * because the online/offline operations
2457				 * can potentially block.  We need to
2458				 * reference count the frontends so they
2459				 * can't go away,
2460				 */
2461				mtx_unlock(&softc->ctl_lock);
2462
2463				if (cmd == CTL_ENABLE_PORT) {
2464					struct ctl_lun *lun;
2465
2466					STAILQ_FOREACH(lun, &softc->lun_list,
2467						       links) {
2468						port->lun_enable(port->targ_lun_arg,
2469						    lun->target,
2470						    lun->lun);
2471					}
2472
2473					ctl_port_online(port);
2474				} else if (cmd == CTL_DISABLE_PORT) {
2475					struct ctl_lun *lun;
2476
2477					ctl_port_offline(port);
2478
2479					STAILQ_FOREACH(lun, &softc->lun_list,
2480						       links) {
2481						port->lun_disable(
2482						    port->targ_lun_arg,
2483						    lun->target,
2484						    lun->lun);
2485					}
2486				}
2487
2488				mtx_lock(&softc->ctl_lock);
2489
2490				if (cmd == CTL_SET_PORT_WWNS)
2491					ctl_port_set_wwns(port,
2492					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2493					    1 : 0, entry->wwnn,
2494					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2495					    1 : 0, entry->wwpn);
2496			}
2497			if (done != 0)
2498				break;
2499		}
2500		mtx_unlock(&softc->ctl_lock);
2501		break;
2502	}
2503	case CTL_GET_PORT_LIST: {
2504		struct ctl_port *port;
2505		struct ctl_port_list *list;
2506		int i;
2507
2508		list = (struct ctl_port_list *)addr;
2509
2510		if (list->alloc_len != (list->alloc_num *
2511		    sizeof(struct ctl_port_entry))) {
2512			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2513			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2514			       "%zu\n", __func__, list->alloc_len,
2515			       list->alloc_num, sizeof(struct ctl_port_entry));
2516			retval = EINVAL;
2517			break;
2518		}
2519		list->fill_len = 0;
2520		list->fill_num = 0;
2521		list->dropped_num = 0;
2522		i = 0;
2523		mtx_lock(&softc->ctl_lock);
2524		STAILQ_FOREACH(port, &softc->port_list, links) {
2525			struct ctl_port_entry entry, *list_entry;
2526
2527			if (list->fill_num >= list->alloc_num) {
2528				list->dropped_num++;
2529				continue;
2530			}
2531
2532			entry.port_type = port->port_type;
2533			strlcpy(entry.port_name, port->port_name,
2534				sizeof(entry.port_name));
2535			entry.targ_port = port->targ_port;
2536			entry.physical_port = port->physical_port;
2537			entry.virtual_port = port->virtual_port;
2538			entry.wwnn = port->wwnn;
2539			entry.wwpn = port->wwpn;
2540			if (port->status & CTL_PORT_STATUS_ONLINE)
2541				entry.online = 1;
2542			else
2543				entry.online = 0;
2544
2545			list_entry = &list->entries[i];
2546
2547			retval = copyout(&entry, list_entry, sizeof(entry));
2548			if (retval != 0) {
2549				printf("%s: CTL_GET_PORT_LIST: copyout "
2550				       "returned %d\n", __func__, retval);
2551				break;
2552			}
2553			i++;
2554			list->fill_num++;
2555			list->fill_len += sizeof(entry);
2556		}
2557		mtx_unlock(&softc->ctl_lock);
2558
2559		/*
2560		 * If this is non-zero, we had a copyout fault, so there's
2561		 * probably no point in attempting to set the status inside
2562		 * the structure.
2563		 */
2564		if (retval != 0)
2565			break;
2566
2567		if (list->dropped_num > 0)
2568			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2569		else
2570			list->status = CTL_PORT_LIST_OK;
2571		break;
2572	}
2573	case CTL_DUMP_OOA: {
2574		struct ctl_lun *lun;
2575		union ctl_io *io;
2576		char printbuf[128];
2577		struct sbuf sb;
2578
2579		mtx_lock(&softc->ctl_lock);
2580		printf("Dumping OOA queues:\n");
2581		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2582			mtx_lock(&lun->lun_lock);
2583			for (io = (union ctl_io *)TAILQ_FIRST(
2584			     &lun->ooa_queue); io != NULL;
2585			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2586			     ooa_links)) {
2587				sbuf_new(&sb, printbuf, sizeof(printbuf),
2588					 SBUF_FIXEDLEN);
2589				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2590					    (intmax_t)lun->lun,
2591					    io->scsiio.tag_num,
2592					    (io->io_hdr.flags &
2593					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2594					    (io->io_hdr.flags &
2595					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2596					    (io->io_hdr.flags &
2597					    CTL_FLAG_ABORT) ? " ABORT" : "",
2598			                    (io->io_hdr.flags &
2599		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2600				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2601				sbuf_finish(&sb);
2602				printf("%s\n", sbuf_data(&sb));
2603			}
2604			mtx_unlock(&lun->lun_lock);
2605		}
2606		printf("OOA queues dump done\n");
2607		mtx_unlock(&softc->ctl_lock);
2608		break;
2609	}
2610	case CTL_GET_OOA: {
2611		struct ctl_lun *lun;
2612		struct ctl_ooa *ooa_hdr;
2613		struct ctl_ooa_entry *entries;
2614		uint32_t cur_fill_num;
2615
2616		ooa_hdr = (struct ctl_ooa *)addr;
2617
2618		if ((ooa_hdr->alloc_len == 0)
2619		 || (ooa_hdr->alloc_num == 0)) {
2620			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2621			       "must be non-zero\n", __func__,
2622			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2623			retval = EINVAL;
2624			break;
2625		}
2626
2627		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2628		    sizeof(struct ctl_ooa_entry))) {
2629			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2630			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2631			       __func__, ooa_hdr->alloc_len,
2632			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2633			retval = EINVAL;
2634			break;
2635		}
2636
2637		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2638		if (entries == NULL) {
2639			printf("%s: could not allocate %d bytes for OOA "
2640			       "dump\n", __func__, ooa_hdr->alloc_len);
2641			retval = ENOMEM;
2642			break;
2643		}
2644
2645		mtx_lock(&softc->ctl_lock);
2646		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2647		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2648		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2649			mtx_unlock(&softc->ctl_lock);
2650			free(entries, M_CTL);
2651			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2652			       __func__, (uintmax_t)ooa_hdr->lun_num);
2653			retval = EINVAL;
2654			break;
2655		}
2656
2657		cur_fill_num = 0;
2658
2659		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2660			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2661				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2662					ooa_hdr, entries);
2663				if (retval != 0)
2664					break;
2665			}
2666			if (retval != 0) {
2667				mtx_unlock(&softc->ctl_lock);
2668				free(entries, M_CTL);
2669				break;
2670			}
2671		} else {
2672			lun = softc->ctl_luns[ooa_hdr->lun_num];
2673
2674			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2675						    entries);
2676		}
2677		mtx_unlock(&softc->ctl_lock);
2678
2679		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2680		ooa_hdr->fill_len = ooa_hdr->fill_num *
2681			sizeof(struct ctl_ooa_entry);
2682		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2683		if (retval != 0) {
2684			printf("%s: error copying out %d bytes for OOA dump\n",
2685			       __func__, ooa_hdr->fill_len);
2686		}
2687
2688		getbintime(&ooa_hdr->cur_bt);
2689
2690		if (cur_fill_num > ooa_hdr->alloc_num) {
2691			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2692			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2693		} else {
2694			ooa_hdr->dropped_num = 0;
2695			ooa_hdr->status = CTL_OOA_OK;
2696		}
2697
2698		free(entries, M_CTL);
2699		break;
2700	}
2701	case CTL_CHECK_OOA: {
2702		union ctl_io *io;
2703		struct ctl_lun *lun;
2704		struct ctl_ooa_info *ooa_info;
2705
2706
2707		ooa_info = (struct ctl_ooa_info *)addr;
2708
2709		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2710			ooa_info->status = CTL_OOA_INVALID_LUN;
2711			break;
2712		}
2713		mtx_lock(&softc->ctl_lock);
2714		lun = softc->ctl_luns[ooa_info->lun_id];
2715		if (lun == NULL) {
2716			mtx_unlock(&softc->ctl_lock);
2717			ooa_info->status = CTL_OOA_INVALID_LUN;
2718			break;
2719		}
2720		mtx_lock(&lun->lun_lock);
2721		mtx_unlock(&softc->ctl_lock);
2722		ooa_info->num_entries = 0;
2723		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2724		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2725		     &io->io_hdr, ooa_links)) {
2726			ooa_info->num_entries++;
2727		}
2728		mtx_unlock(&lun->lun_lock);
2729
2730		ooa_info->status = CTL_OOA_SUCCESS;
2731
2732		break;
2733	}
2734	case CTL_HARD_START:
2735	case CTL_HARD_STOP: {
2736		struct ctl_fe_ioctl_startstop_info ss_info;
2737		struct cfi_metatask *metatask;
2738		struct mtx hs_mtx;
2739
2740		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2741
2742		cv_init(&ss_info.sem, "hard start/stop cv" );
2743
2744		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2745		if (metatask == NULL) {
2746			retval = ENOMEM;
2747			mtx_destroy(&hs_mtx);
2748			break;
2749		}
2750
2751		if (cmd == CTL_HARD_START)
2752			metatask->tasktype = CFI_TASK_STARTUP;
2753		else
2754			metatask->tasktype = CFI_TASK_SHUTDOWN;
2755
2756		metatask->callback = ctl_ioctl_hard_startstop_callback;
2757		metatask->callback_arg = &ss_info;
2758
2759		cfi_action(metatask);
2760
2761		/* Wait for the callback */
2762		mtx_lock(&hs_mtx);
2763		cv_wait_sig(&ss_info.sem, &hs_mtx);
2764		mtx_unlock(&hs_mtx);
2765
2766		/*
2767		 * All information has been copied from the metatask by the
2768		 * time cv_broadcast() is called, so we free the metatask here.
2769		 */
2770		cfi_free_metatask(metatask);
2771
2772		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2773
2774		mtx_destroy(&hs_mtx);
2775		break;
2776	}
2777	case CTL_BBRREAD: {
2778		struct ctl_bbrread_info *bbr_info;
2779		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2780		struct mtx bbr_mtx;
2781		struct cfi_metatask *metatask;
2782
2783		bbr_info = (struct ctl_bbrread_info *)addr;
2784
2785		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2786
2787		bzero(&bbr_mtx, sizeof(bbr_mtx));
2788		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2789
2790		fe_bbr_info.bbr_info = bbr_info;
2791		fe_bbr_info.lock = &bbr_mtx;
2792
2793		cv_init(&fe_bbr_info.sem, "BBR read cv");
2794		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2795
2796		if (metatask == NULL) {
2797			mtx_destroy(&bbr_mtx);
2798			cv_destroy(&fe_bbr_info.sem);
2799			retval = ENOMEM;
2800			break;
2801		}
2802		metatask->tasktype = CFI_TASK_BBRREAD;
2803		metatask->callback = ctl_ioctl_bbrread_callback;
2804		metatask->callback_arg = &fe_bbr_info;
2805		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2806		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2807		metatask->taskinfo.bbrread.len = bbr_info->len;
2808
2809		cfi_action(metatask);
2810
2811		mtx_lock(&bbr_mtx);
2812		while (fe_bbr_info.wakeup_done == 0)
2813			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2814		mtx_unlock(&bbr_mtx);
2815
2816		bbr_info->status = metatask->status;
2817		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2818		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2819		memcpy(&bbr_info->sense_data,
2820		       &metatask->taskinfo.bbrread.sense_data,
2821		       ctl_min(sizeof(bbr_info->sense_data),
2822			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2823
2824		cfi_free_metatask(metatask);
2825
2826		mtx_destroy(&bbr_mtx);
2827		cv_destroy(&fe_bbr_info.sem);
2828
2829		break;
2830	}
2831	case CTL_DELAY_IO: {
2832		struct ctl_io_delay_info *delay_info;
2833#ifdef CTL_IO_DELAY
2834		struct ctl_lun *lun;
2835#endif /* CTL_IO_DELAY */
2836
2837		delay_info = (struct ctl_io_delay_info *)addr;
2838
2839#ifdef CTL_IO_DELAY
2840		mtx_lock(&softc->ctl_lock);
2841
2842		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2843		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2844			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2845		} else {
2846			lun = softc->ctl_luns[delay_info->lun_id];
2847			mtx_lock(&lun->lun_lock);
2848
2849			delay_info->status = CTL_DELAY_STATUS_OK;
2850
2851			switch (delay_info->delay_type) {
2852			case CTL_DELAY_TYPE_CONT:
2853				break;
2854			case CTL_DELAY_TYPE_ONESHOT:
2855				break;
2856			default:
2857				delay_info->status =
2858					CTL_DELAY_STATUS_INVALID_TYPE;
2859				break;
2860			}
2861
2862			switch (delay_info->delay_loc) {
2863			case CTL_DELAY_LOC_DATAMOVE:
2864				lun->delay_info.datamove_type =
2865					delay_info->delay_type;
2866				lun->delay_info.datamove_delay =
2867					delay_info->delay_secs;
2868				break;
2869			case CTL_DELAY_LOC_DONE:
2870				lun->delay_info.done_type =
2871					delay_info->delay_type;
2872				lun->delay_info.done_delay =
2873					delay_info->delay_secs;
2874				break;
2875			default:
2876				delay_info->status =
2877					CTL_DELAY_STATUS_INVALID_LOC;
2878				break;
2879			}
2880			mtx_unlock(&lun->lun_lock);
2881		}
2882
2883		mtx_unlock(&softc->ctl_lock);
2884#else
2885		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2886#endif /* CTL_IO_DELAY */
2887		break;
2888	}
2889	case CTL_REALSYNC_SET: {
2890		int *syncstate;
2891
2892		syncstate = (int *)addr;
2893
2894		mtx_lock(&softc->ctl_lock);
2895		switch (*syncstate) {
2896		case 0:
2897			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2898			break;
2899		case 1:
2900			softc->flags |= CTL_FLAG_REAL_SYNC;
2901			break;
2902		default:
2903			retval = EINVAL;
2904			break;
2905		}
2906		mtx_unlock(&softc->ctl_lock);
2907		break;
2908	}
2909	case CTL_REALSYNC_GET: {
2910		int *syncstate;
2911
2912		syncstate = (int*)addr;
2913
2914		mtx_lock(&softc->ctl_lock);
2915		if (softc->flags & CTL_FLAG_REAL_SYNC)
2916			*syncstate = 1;
2917		else
2918			*syncstate = 0;
2919		mtx_unlock(&softc->ctl_lock);
2920
2921		break;
2922	}
2923	case CTL_SETSYNC:
2924	case CTL_GETSYNC: {
2925		struct ctl_sync_info *sync_info;
2926		struct ctl_lun *lun;
2927
2928		sync_info = (struct ctl_sync_info *)addr;
2929
2930		mtx_lock(&softc->ctl_lock);
2931		lun = softc->ctl_luns[sync_info->lun_id];
2932		if (lun == NULL) {
2933			mtx_unlock(&softc->ctl_lock);
2934			sync_info->status = CTL_GS_SYNC_NO_LUN;
2935		}
2936		/*
2937		 * Get or set the sync interval.  We're not bounds checking
2938		 * in the set case, hopefully the user won't do something
2939		 * silly.
2940		 */
2941		mtx_lock(&lun->lun_lock);
2942		mtx_unlock(&softc->ctl_lock);
2943		if (cmd == CTL_GETSYNC)
2944			sync_info->sync_interval = lun->sync_interval;
2945		else
2946			lun->sync_interval = sync_info->sync_interval;
2947		mtx_unlock(&lun->lun_lock);
2948
2949		sync_info->status = CTL_GS_SYNC_OK;
2950
2951		break;
2952	}
2953	case CTL_GETSTATS: {
2954		struct ctl_stats *stats;
2955		struct ctl_lun *lun;
2956		int i;
2957
2958		stats = (struct ctl_stats *)addr;
2959
2960		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2961		     stats->alloc_len) {
2962			stats->status = CTL_SS_NEED_MORE_SPACE;
2963			stats->num_luns = softc->num_luns;
2964			break;
2965		}
2966		/*
2967		 * XXX KDM no locking here.  If the LUN list changes,
2968		 * things can blow up.
2969		 */
2970		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2971		     i++, lun = STAILQ_NEXT(lun, links)) {
2972			retval = copyout(&lun->stats, &stats->lun_stats[i],
2973					 sizeof(lun->stats));
2974			if (retval != 0)
2975				break;
2976		}
2977		stats->num_luns = softc->num_luns;
2978		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2979				 softc->num_luns;
2980		stats->status = CTL_SS_OK;
2981#ifdef CTL_TIME_IO
2982		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2983#else
2984		stats->flags = CTL_STATS_FLAG_NONE;
2985#endif
2986		getnanouptime(&stats->timestamp);
2987		break;
2988	}
2989	case CTL_ERROR_INJECT: {
2990		struct ctl_error_desc *err_desc, *new_err_desc;
2991		struct ctl_lun *lun;
2992
2993		err_desc = (struct ctl_error_desc *)addr;
2994
2995		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2996				      M_WAITOK | M_ZERO);
2997		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2998
2999		mtx_lock(&softc->ctl_lock);
3000		lun = softc->ctl_luns[err_desc->lun_id];
3001		if (lun == NULL) {
3002			mtx_unlock(&softc->ctl_lock);
3003			free(new_err_desc, M_CTL);
3004			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
3005			       __func__, (uintmax_t)err_desc->lun_id);
3006			retval = EINVAL;
3007			break;
3008		}
3009		mtx_lock(&lun->lun_lock);
3010		mtx_unlock(&softc->ctl_lock);
3011
3012		/*
3013		 * We could do some checking here to verify the validity
3014		 * of the request, but given the complexity of error
3015		 * injection requests, the checking logic would be fairly
3016		 * complex.
3017		 *
3018		 * For now, if the request is invalid, it just won't get
3019		 * executed and might get deleted.
3020		 */
3021		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
3022
3023		/*
3024		 * XXX KDM check to make sure the serial number is unique,
3025		 * in case we somehow manage to wrap.  That shouldn't
3026		 * happen for a very long time, but it's the right thing to
3027		 * do.
3028		 */
3029		new_err_desc->serial = lun->error_serial;
3030		err_desc->serial = lun->error_serial;
3031		lun->error_serial++;
3032
3033		mtx_unlock(&lun->lun_lock);
3034		break;
3035	}
3036	case CTL_ERROR_INJECT_DELETE: {
3037		struct ctl_error_desc *delete_desc, *desc, *desc2;
3038		struct ctl_lun *lun;
3039		int delete_done;
3040
3041		delete_desc = (struct ctl_error_desc *)addr;
3042		delete_done = 0;
3043
3044		mtx_lock(&softc->ctl_lock);
3045		lun = softc->ctl_luns[delete_desc->lun_id];
3046		if (lun == NULL) {
3047			mtx_unlock(&softc->ctl_lock);
3048			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
3049			       __func__, (uintmax_t)delete_desc->lun_id);
3050			retval = EINVAL;
3051			break;
3052		}
3053		mtx_lock(&lun->lun_lock);
3054		mtx_unlock(&softc->ctl_lock);
3055		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
3056			if (desc->serial != delete_desc->serial)
3057				continue;
3058
3059			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
3060				      links);
3061			free(desc, M_CTL);
3062			delete_done = 1;
3063		}
3064		mtx_unlock(&lun->lun_lock);
3065		if (delete_done == 0) {
3066			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
3067			       "error serial %ju on LUN %u\n", __func__,
3068			       delete_desc->serial, delete_desc->lun_id);
3069			retval = EINVAL;
3070			break;
3071		}
3072		break;
3073	}
3074	case CTL_DUMP_STRUCTS: {
3075		int i, j, k, idx;
3076		struct ctl_port *port;
3077		struct ctl_frontend *fe;
3078
3079		mtx_lock(&softc->ctl_lock);
3080		printf("CTL Persistent Reservation information start:\n");
3081		for (i = 0; i < CTL_MAX_LUNS; i++) {
3082			struct ctl_lun *lun;
3083
3084			lun = softc->ctl_luns[i];
3085
3086			if ((lun == NULL)
3087			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3088				continue;
3089
3090			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
3091				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3092					idx = j * CTL_MAX_INIT_PER_PORT + k;
3093					if (lun->pr_keys[idx] == 0)
3094						continue;
3095					printf("  LUN %d port %d iid %d key "
3096					       "%#jx\n", i, j, k,
3097					       (uintmax_t)lun->pr_keys[idx]);
3098				}
3099			}
3100		}
3101		printf("CTL Persistent Reservation information end\n");
3102		printf("CTL Ports:\n");
3103		STAILQ_FOREACH(port, &softc->port_list, links) {
3104			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3105			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3106			       port->frontend->name, port->port_type,
3107			       port->physical_port, port->virtual_port,
3108			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3109			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3110				if (port->wwpn_iid[j].in_use == 0 &&
3111				    port->wwpn_iid[j].wwpn == 0 &&
3112				    port->wwpn_iid[j].name == NULL)
3113					continue;
3114
3115				printf("    iid %u use %d WWPN %#jx '%s'\n",
3116				    j, port->wwpn_iid[j].in_use,
3117				    (uintmax_t)port->wwpn_iid[j].wwpn,
3118				    port->wwpn_iid[j].name);
3119			}
3120		}
3121		printf("CTL Port information end\n");
3122		mtx_unlock(&softc->ctl_lock);
3123		/*
3124		 * XXX KDM calling this without a lock.  We'd likely want
3125		 * to drop the lock before calling the frontend's dump
3126		 * routine anyway.
3127		 */
3128		printf("CTL Frontends:\n");
3129		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3130			printf("  Frontend '%s'\n", fe->name);
3131			if (fe->fe_dump != NULL)
3132				fe->fe_dump();
3133		}
3134		printf("CTL Frontend information end\n");
3135		break;
3136	}
3137	case CTL_LUN_REQ: {
3138		struct ctl_lun_req *lun_req;
3139		struct ctl_backend_driver *backend;
3140
3141		lun_req = (struct ctl_lun_req *)addr;
3142
3143		backend = ctl_backend_find(lun_req->backend);
3144		if (backend == NULL) {
3145			lun_req->status = CTL_LUN_ERROR;
3146			snprintf(lun_req->error_str,
3147				 sizeof(lun_req->error_str),
3148				 "Backend \"%s\" not found.",
3149				 lun_req->backend);
3150			break;
3151		}
3152		if (lun_req->num_be_args > 0) {
3153			lun_req->kern_be_args = ctl_copyin_args(
3154				lun_req->num_be_args,
3155				lun_req->be_args,
3156				lun_req->error_str,
3157				sizeof(lun_req->error_str));
3158			if (lun_req->kern_be_args == NULL) {
3159				lun_req->status = CTL_LUN_ERROR;
3160				break;
3161			}
3162		}
3163
3164		retval = backend->ioctl(dev, cmd, addr, flag, td);
3165
3166		if (lun_req->num_be_args > 0) {
3167			ctl_copyout_args(lun_req->num_be_args,
3168				      lun_req->kern_be_args);
3169			ctl_free_args(lun_req->num_be_args,
3170				      lun_req->kern_be_args);
3171		}
3172		break;
3173	}
3174	case CTL_LUN_LIST: {
3175		struct sbuf *sb;
3176		struct ctl_lun *lun;
3177		struct ctl_lun_list *list;
3178		struct ctl_option *opt;
3179
3180		list = (struct ctl_lun_list *)addr;
3181
3182		/*
3183		 * Allocate a fixed length sbuf here, based on the length
3184		 * of the user's buffer.  We could allocate an auto-extending
3185		 * buffer, and then tell the user how much larger our
3186		 * amount of data is than his buffer, but that presents
3187		 * some problems:
3188		 *
3189		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3190		 *     we can't hold a lock while calling them with an
3191		 *     auto-extending buffer.
3192 		 *
3193		 * 2.  There is not currently a LUN reference counting
3194		 *     mechanism, outside of outstanding transactions on
3195		 *     the LUN's OOA queue.  So a LUN could go away on us
3196		 *     while we're getting the LUN number, backend-specific
3197		 *     information, etc.  Thus, given the way things
3198		 *     currently work, we need to hold the CTL lock while
3199		 *     grabbing LUN information.
3200		 *
3201		 * So, from the user's standpoint, the best thing to do is
3202		 * allocate what he thinks is a reasonable buffer length,
3203		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3204		 * double the buffer length and try again.  (And repeat
3205		 * that until he succeeds.)
3206		 */
3207		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3208		if (sb == NULL) {
3209			list->status = CTL_LUN_LIST_ERROR;
3210			snprintf(list->error_str, sizeof(list->error_str),
3211				 "Unable to allocate %d bytes for LUN list",
3212				 list->alloc_len);
3213			break;
3214		}
3215
3216		sbuf_printf(sb, "<ctllunlist>\n");
3217
3218		mtx_lock(&softc->ctl_lock);
3219		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3220			mtx_lock(&lun->lun_lock);
3221			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3222					     (uintmax_t)lun->lun);
3223
3224			/*
3225			 * Bail out as soon as we see that we've overfilled
3226			 * the buffer.
3227			 */
3228			if (retval != 0)
3229				break;
3230
3231			retval = sbuf_printf(sb, "\t<backend_type>%s"
3232					     "</backend_type>\n",
3233					     (lun->backend == NULL) ?  "none" :
3234					     lun->backend->name);
3235
3236			if (retval != 0)
3237				break;
3238
3239			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3240					     lun->be_lun->lun_type);
3241
3242			if (retval != 0)
3243				break;
3244
3245			if (lun->backend == NULL) {
3246				retval = sbuf_printf(sb, "</lun>\n");
3247				if (retval != 0)
3248					break;
3249				continue;
3250			}
3251
3252			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3253					     (lun->be_lun->maxlba > 0) ?
3254					     lun->be_lun->maxlba + 1 : 0);
3255
3256			if (retval != 0)
3257				break;
3258
3259			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3260					     lun->be_lun->blocksize);
3261
3262			if (retval != 0)
3263				break;
3264
3265			retval = sbuf_printf(sb, "\t<serial_number>");
3266
3267			if (retval != 0)
3268				break;
3269
3270			retval = ctl_sbuf_printf_esc(sb,
3271						     lun->be_lun->serial_num);
3272
3273			if (retval != 0)
3274				break;
3275
3276			retval = sbuf_printf(sb, "</serial_number>\n");
3277
3278			if (retval != 0)
3279				break;
3280
3281			retval = sbuf_printf(sb, "\t<device_id>");
3282
3283			if (retval != 0)
3284				break;
3285
3286			retval = ctl_sbuf_printf_esc(sb,lun->be_lun->device_id);
3287
3288			if (retval != 0)
3289				break;
3290
3291			retval = sbuf_printf(sb, "</device_id>\n");
3292
3293			if (retval != 0)
3294				break;
3295
3296			if (lun->backend->lun_info != NULL) {
3297				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3298				if (retval != 0)
3299					break;
3300			}
3301			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3302				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3303				    opt->name, opt->value, opt->name);
3304				if (retval != 0)
3305					break;
3306			}
3307
3308			retval = sbuf_printf(sb, "</lun>\n");
3309
3310			if (retval != 0)
3311				break;
3312			mtx_unlock(&lun->lun_lock);
3313		}
3314		if (lun != NULL)
3315			mtx_unlock(&lun->lun_lock);
3316		mtx_unlock(&softc->ctl_lock);
3317
3318		if ((retval != 0)
3319		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3320			retval = 0;
3321			sbuf_delete(sb);
3322			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3323			snprintf(list->error_str, sizeof(list->error_str),
3324				 "Out of space, %d bytes is too small",
3325				 list->alloc_len);
3326			break;
3327		}
3328
3329		sbuf_finish(sb);
3330
3331		retval = copyout(sbuf_data(sb), list->lun_xml,
3332				 sbuf_len(sb) + 1);
3333
3334		list->fill_len = sbuf_len(sb) + 1;
3335		list->status = CTL_LUN_LIST_OK;
3336		sbuf_delete(sb);
3337		break;
3338	}
3339	case CTL_ISCSI: {
3340		struct ctl_iscsi *ci;
3341		struct ctl_frontend *fe;
3342
3343		ci = (struct ctl_iscsi *)addr;
3344
3345		fe = ctl_frontend_find("iscsi");
3346		if (fe == NULL) {
3347			ci->status = CTL_ISCSI_ERROR;
3348			snprintf(ci->error_str, sizeof(ci->error_str),
3349			    "Frontend \"iscsi\" not found.");
3350			break;
3351		}
3352
3353		retval = fe->ioctl(dev, cmd, addr, flag, td);
3354		break;
3355	}
3356	case CTL_PORT_REQ: {
3357		struct ctl_req *req;
3358		struct ctl_frontend *fe;
3359
3360		req = (struct ctl_req *)addr;
3361
3362		fe = ctl_frontend_find(req->driver);
3363		if (fe == NULL) {
3364			req->status = CTL_LUN_ERROR;
3365			snprintf(req->error_str, sizeof(req->error_str),
3366			    "Frontend \"%s\" not found.", req->driver);
3367			break;
3368		}
3369		if (req->num_args > 0) {
3370			req->kern_args = ctl_copyin_args(req->num_args,
3371			    req->args, req->error_str, sizeof(req->error_str));
3372			if (req->kern_args == NULL) {
3373				req->status = CTL_LUN_ERROR;
3374				break;
3375			}
3376		}
3377
3378		retval = fe->ioctl(dev, cmd, addr, flag, td);
3379
3380		if (req->num_args > 0) {
3381			ctl_copyout_args(req->num_args, req->kern_args);
3382			ctl_free_args(req->num_args, req->kern_args);
3383		}
3384		break;
3385	}
3386	case CTL_PORT_LIST: {
3387		struct sbuf *sb;
3388		struct ctl_port *port;
3389		struct ctl_lun_list *list;
3390		struct ctl_option *opt;
3391		int j;
3392
3393		list = (struct ctl_lun_list *)addr;
3394
3395		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3396		if (sb == NULL) {
3397			list->status = CTL_LUN_LIST_ERROR;
3398			snprintf(list->error_str, sizeof(list->error_str),
3399				 "Unable to allocate %d bytes for LUN list",
3400				 list->alloc_len);
3401			break;
3402		}
3403
3404		sbuf_printf(sb, "<ctlportlist>\n");
3405
3406		mtx_lock(&softc->ctl_lock);
3407		STAILQ_FOREACH(port, &softc->port_list, links) {
3408			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3409					     (uintmax_t)port->targ_port);
3410
3411			/*
3412			 * Bail out as soon as we see that we've overfilled
3413			 * the buffer.
3414			 */
3415			if (retval != 0)
3416				break;
3417
3418			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3419			    "</frontend_type>\n", port->frontend->name);
3420			if (retval != 0)
3421				break;
3422
3423			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3424					     port->port_type);
3425			if (retval != 0)
3426				break;
3427
3428			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3429			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3430			if (retval != 0)
3431				break;
3432
3433			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3434			    port->port_name);
3435			if (retval != 0)
3436				break;
3437
3438			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3439			    port->physical_port);
3440			if (retval != 0)
3441				break;
3442
3443			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3444			    port->virtual_port);
3445			if (retval != 0)
3446				break;
3447
3448			if (port->target_devid != NULL) {
3449				sbuf_printf(sb, "\t<target>");
3450				ctl_id_sbuf(port->target_devid, sb);
3451				sbuf_printf(sb, "</target>\n");
3452			}
3453
3454			if (port->port_devid != NULL) {
3455				sbuf_printf(sb, "\t<port>");
3456				ctl_id_sbuf(port->port_devid, sb);
3457				sbuf_printf(sb, "</port>\n");
3458			}
3459
3460			if (port->port_info != NULL) {
3461				retval = port->port_info(port->onoff_arg, sb);
3462				if (retval != 0)
3463					break;
3464			}
3465			STAILQ_FOREACH(opt, &port->options, links) {
3466				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3467				    opt->name, opt->value, opt->name);
3468				if (retval != 0)
3469					break;
3470			}
3471
3472			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3473				if (port->wwpn_iid[j].in_use == 0 ||
3474				    (port->wwpn_iid[j].wwpn == 0 &&
3475				     port->wwpn_iid[j].name == NULL))
3476					continue;
3477
3478				if (port->wwpn_iid[j].name != NULL)
3479					retval = sbuf_printf(sb,
3480					    "\t<initiator>%u %s</initiator>\n",
3481					    j, port->wwpn_iid[j].name);
3482				else
3483					retval = sbuf_printf(sb,
3484					    "\t<initiator>%u naa.%08jx</initiator>\n",
3485					    j, port->wwpn_iid[j].wwpn);
3486				if (retval != 0)
3487					break;
3488			}
3489			if (retval != 0)
3490				break;
3491
3492			retval = sbuf_printf(sb, "</targ_port>\n");
3493			if (retval != 0)
3494				break;
3495		}
3496		mtx_unlock(&softc->ctl_lock);
3497
3498		if ((retval != 0)
3499		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3500			retval = 0;
3501			sbuf_delete(sb);
3502			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3503			snprintf(list->error_str, sizeof(list->error_str),
3504				 "Out of space, %d bytes is too small",
3505				 list->alloc_len);
3506			break;
3507		}
3508
3509		sbuf_finish(sb);
3510
3511		retval = copyout(sbuf_data(sb), list->lun_xml,
3512				 sbuf_len(sb) + 1);
3513
3514		list->fill_len = sbuf_len(sb) + 1;
3515		list->status = CTL_LUN_LIST_OK;
3516		sbuf_delete(sb);
3517		break;
3518	}
3519	default: {
3520		/* XXX KDM should we fix this? */
3521#if 0
3522		struct ctl_backend_driver *backend;
3523		unsigned int type;
3524		int found;
3525
3526		found = 0;
3527
3528		/*
3529		 * We encode the backend type as the ioctl type for backend
3530		 * ioctls.  So parse it out here, and then search for a
3531		 * backend of this type.
3532		 */
3533		type = _IOC_TYPE(cmd);
3534
3535		STAILQ_FOREACH(backend, &softc->be_list, links) {
3536			if (backend->type == type) {
3537				found = 1;
3538				break;
3539			}
3540		}
3541		if (found == 0) {
3542			printf("ctl: unknown ioctl command %#lx or backend "
3543			       "%d\n", cmd, type);
3544			retval = EINVAL;
3545			break;
3546		}
3547		retval = backend->ioctl(dev, cmd, addr, flag, td);
3548#endif
3549		retval = ENOTTY;
3550		break;
3551	}
3552	}
3553	return (retval);
3554}
3555
3556uint32_t
3557ctl_get_initindex(struct ctl_nexus *nexus)
3558{
3559	if (nexus->targ_port < CTL_MAX_PORTS)
3560		return (nexus->initid.id +
3561			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3562	else
3563		return (nexus->initid.id +
3564		       ((nexus->targ_port - CTL_MAX_PORTS) *
3565			CTL_MAX_INIT_PER_PORT));
3566}
3567
3568uint32_t
3569ctl_get_resindex(struct ctl_nexus *nexus)
3570{
3571	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3572}
3573
3574uint32_t
3575ctl_port_idx(int port_num)
3576{
3577	if (port_num < CTL_MAX_PORTS)
3578		return(port_num);
3579	else
3580		return(port_num - CTL_MAX_PORTS);
3581}
3582
3583static uint32_t
3584ctl_map_lun(int port_num, uint32_t lun_id)
3585{
3586	struct ctl_port *port;
3587
3588	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3589	if (port == NULL)
3590		return (UINT32_MAX);
3591	if (port->lun_map == NULL)
3592		return (lun_id);
3593	return (port->lun_map(port->targ_lun_arg, lun_id));
3594}
3595
3596static uint32_t
3597ctl_map_lun_back(int port_num, uint32_t lun_id)
3598{
3599	struct ctl_port *port;
3600	uint32_t i;
3601
3602	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3603	if (port->lun_map == NULL)
3604		return (lun_id);
3605	for (i = 0; i < CTL_MAX_LUNS; i++) {
3606		if (port->lun_map(port->targ_lun_arg, i) == lun_id)
3607			return (i);
3608	}
3609	return (UINT32_MAX);
3610}
3611
3612/*
3613 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3614 * that are a power of 2.
3615 */
3616int
3617ctl_ffz(uint32_t *mask, uint32_t size)
3618{
3619	uint32_t num_chunks, num_pieces;
3620	int i, j;
3621
3622	num_chunks = (size >> 5);
3623	if (num_chunks == 0)
3624		num_chunks++;
3625	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3626
3627	for (i = 0; i < num_chunks; i++) {
3628		for (j = 0; j < num_pieces; j++) {
3629			if ((mask[i] & (1 << j)) == 0)
3630				return ((i << 5) + j);
3631		}
3632	}
3633
3634	return (-1);
3635}
3636
3637int
3638ctl_set_mask(uint32_t *mask, uint32_t bit)
3639{
3640	uint32_t chunk, piece;
3641
3642	chunk = bit >> 5;
3643	piece = bit % (sizeof(uint32_t) * 8);
3644
3645	if ((mask[chunk] & (1 << piece)) != 0)
3646		return (-1);
3647	else
3648		mask[chunk] |= (1 << piece);
3649
3650	return (0);
3651}
3652
3653int
3654ctl_clear_mask(uint32_t *mask, uint32_t bit)
3655{
3656	uint32_t chunk, piece;
3657
3658	chunk = bit >> 5;
3659	piece = bit % (sizeof(uint32_t) * 8);
3660
3661	if ((mask[chunk] & (1 << piece)) == 0)
3662		return (-1);
3663	else
3664		mask[chunk] &= ~(1 << piece);
3665
3666	return (0);
3667}
3668
3669int
3670ctl_is_set(uint32_t *mask, uint32_t bit)
3671{
3672	uint32_t chunk, piece;
3673
3674	chunk = bit >> 5;
3675	piece = bit % (sizeof(uint32_t) * 8);
3676
3677	if ((mask[chunk] & (1 << piece)) == 0)
3678		return (0);
3679	else
3680		return (1);
3681}
3682
3683#ifdef unused
3684/*
3685 * The bus, target and lun are optional, they can be filled in later.
3686 * can_wait is used to determine whether we can wait on the malloc or not.
3687 */
3688union ctl_io*
3689ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3690	      uint32_t targ_lun, int can_wait)
3691{
3692	union ctl_io *io;
3693
3694	if (can_wait)
3695		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3696	else
3697		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3698
3699	if (io != NULL) {
3700		io->io_hdr.io_type = io_type;
3701		io->io_hdr.targ_port = targ_port;
3702		/*
3703		 * XXX KDM this needs to change/go away.  We need to move
3704		 * to a preallocated pool of ctl_scsiio structures.
3705		 */
3706		io->io_hdr.nexus.targ_target.id = targ_target;
3707		io->io_hdr.nexus.targ_lun = targ_lun;
3708	}
3709
3710	return (io);
3711}
3712
3713void
3714ctl_kfree_io(union ctl_io *io)
3715{
3716	free(io, M_CTL);
3717}
3718#endif /* unused */
3719
3720/*
3721 * ctl_softc, pool_type, total_ctl_io are passed in.
3722 * npool is passed out.
3723 */
3724int
3725ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3726		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3727{
3728	uint32_t i;
3729	union ctl_io *cur_io, *next_io;
3730	struct ctl_io_pool *pool;
3731	int retval;
3732
3733	retval = 0;
3734
3735	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3736					    M_NOWAIT | M_ZERO);
3737	if (pool == NULL) {
3738		retval = ENOMEM;
3739		goto bailout;
3740	}
3741
3742	pool->type = pool_type;
3743	pool->ctl_softc = ctl_softc;
3744
3745	mtx_lock(&ctl_softc->pool_lock);
3746	pool->id = ctl_softc->cur_pool_id++;
3747	mtx_unlock(&ctl_softc->pool_lock);
3748
3749	pool->flags = CTL_POOL_FLAG_NONE;
3750	pool->refcount = 1;		/* Reference for validity. */
3751	STAILQ_INIT(&pool->free_queue);
3752
3753	/*
3754	 * XXX KDM other options here:
3755	 * - allocate a page at a time
3756	 * - allocate one big chunk of memory.
3757	 * Page allocation might work well, but would take a little more
3758	 * tracking.
3759	 */
3760	for (i = 0; i < total_ctl_io; i++) {
3761		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTLIO,
3762						M_NOWAIT);
3763		if (cur_io == NULL) {
3764			retval = ENOMEM;
3765			break;
3766		}
3767		cur_io->io_hdr.pool = pool;
3768		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3769		pool->total_ctl_io++;
3770		pool->free_ctl_io++;
3771	}
3772
3773	if (retval != 0) {
3774		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3775		     cur_io != NULL; cur_io = next_io) {
3776			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3777							      links);
3778			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3779				      ctl_io_hdr, links);
3780			free(cur_io, M_CTLIO);
3781		}
3782
3783		free(pool, M_CTL);
3784		goto bailout;
3785	}
3786	mtx_lock(&ctl_softc->pool_lock);
3787	ctl_softc->num_pools++;
3788	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3789	/*
3790	 * Increment our usage count if this is an external consumer, so we
3791	 * can't get unloaded until the external consumer (most likely a
3792	 * FETD) unloads and frees his pool.
3793	 *
3794	 * XXX KDM will this increment the caller's module use count, or
3795	 * mine?
3796	 */
3797#if 0
3798	if ((pool_type != CTL_POOL_EMERGENCY)
3799	 && (pool_type != CTL_POOL_INTERNAL)
3800	 && (pool_type != CTL_POOL_4OTHERSC))
3801		MOD_INC_USE_COUNT;
3802#endif
3803
3804	mtx_unlock(&ctl_softc->pool_lock);
3805
3806	*npool = pool;
3807
3808bailout:
3809
3810	return (retval);
3811}
3812
3813static int
3814ctl_pool_acquire(struct ctl_io_pool *pool)
3815{
3816
3817	mtx_assert(&pool->ctl_softc->pool_lock, MA_OWNED);
3818
3819	if (pool->flags & CTL_POOL_FLAG_INVALID)
3820		return (EINVAL);
3821
3822	pool->refcount++;
3823
3824	return (0);
3825}
3826
3827static void
3828ctl_pool_release(struct ctl_io_pool *pool)
3829{
3830	struct ctl_softc *ctl_softc = pool->ctl_softc;
3831	union ctl_io *io;
3832
3833	mtx_assert(&ctl_softc->pool_lock, MA_OWNED);
3834
3835	if (--pool->refcount != 0)
3836		return;
3837
3838	while ((io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue)) != NULL) {
3839		STAILQ_REMOVE(&pool->free_queue, &io->io_hdr, ctl_io_hdr,
3840			      links);
3841		free(io, M_CTLIO);
3842	}
3843
3844	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3845	ctl_softc->num_pools--;
3846
3847	/*
3848	 * XXX KDM will this decrement the caller's usage count or mine?
3849	 */
3850#if 0
3851	if ((pool->type != CTL_POOL_EMERGENCY)
3852	 && (pool->type != CTL_POOL_INTERNAL)
3853	 && (pool->type != CTL_POOL_4OTHERSC))
3854		MOD_DEC_USE_COUNT;
3855#endif
3856
3857	free(pool, M_CTL);
3858}
3859
3860void
3861ctl_pool_free(struct ctl_io_pool *pool)
3862{
3863	struct ctl_softc *ctl_softc;
3864
3865	if (pool == NULL)
3866		return;
3867
3868	ctl_softc = pool->ctl_softc;
3869	mtx_lock(&ctl_softc->pool_lock);
3870	pool->flags |= CTL_POOL_FLAG_INVALID;
3871	ctl_pool_release(pool);
3872	mtx_unlock(&ctl_softc->pool_lock);
3873}
3874
3875/*
3876 * This routine does not block (except for spinlocks of course).
3877 * It tries to allocate a ctl_io union from the caller's pool as quickly as
3878 * possible.
3879 */
3880union ctl_io *
3881ctl_alloc_io(void *pool_ref)
3882{
3883	union ctl_io *io;
3884	struct ctl_softc *ctl_softc;
3885	struct ctl_io_pool *pool, *npool;
3886	struct ctl_io_pool *emergency_pool;
3887
3888	pool = (struct ctl_io_pool *)pool_ref;
3889
3890	if (pool == NULL) {
3891		printf("%s: pool is NULL\n", __func__);
3892		return (NULL);
3893	}
3894
3895	emergency_pool = NULL;
3896
3897	ctl_softc = pool->ctl_softc;
3898
3899	mtx_lock(&ctl_softc->pool_lock);
3900	/*
3901	 * First, try to get the io structure from the user's pool.
3902	 */
3903	if (ctl_pool_acquire(pool) == 0) {
3904		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3905		if (io != NULL) {
3906			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3907			pool->total_allocated++;
3908			pool->free_ctl_io--;
3909			mtx_unlock(&ctl_softc->pool_lock);
3910			return (io);
3911		} else
3912			ctl_pool_release(pool);
3913	}
3914	/*
3915	 * If he doesn't have any io structures left, search for an
3916	 * emergency pool and grab one from there.
3917	 */
3918	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3919		if (npool->type != CTL_POOL_EMERGENCY)
3920			continue;
3921
3922		if (ctl_pool_acquire(npool) != 0)
3923			continue;
3924
3925		emergency_pool = npool;
3926
3927		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3928		if (io != NULL) {
3929			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3930			npool->total_allocated++;
3931			npool->free_ctl_io--;
3932			mtx_unlock(&ctl_softc->pool_lock);
3933			return (io);
3934		} else
3935			ctl_pool_release(npool);
3936	}
3937
3938	/* Drop the spinlock before we malloc */
3939	mtx_unlock(&ctl_softc->pool_lock);
3940
3941	/*
3942	 * The emergency pool (if it exists) didn't have one, so try an
3943	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3944	 */
3945	io = (union ctl_io *)malloc(sizeof(*io), M_CTLIO, M_NOWAIT);
3946	if (io != NULL) {
3947		/*
3948		 * If the emergency pool exists but is empty, add this
3949		 * ctl_io to its list when it gets freed.
3950		 */
3951		if (emergency_pool != NULL) {
3952			mtx_lock(&ctl_softc->pool_lock);
3953			if (ctl_pool_acquire(emergency_pool) == 0) {
3954				io->io_hdr.pool = emergency_pool;
3955				emergency_pool->total_ctl_io++;
3956				/*
3957				 * Need to bump this, otherwise
3958				 * total_allocated and total_freed won't
3959				 * match when we no longer have anything
3960				 * outstanding.
3961				 */
3962				emergency_pool->total_allocated++;
3963			}
3964			mtx_unlock(&ctl_softc->pool_lock);
3965		} else
3966			io->io_hdr.pool = NULL;
3967	}
3968
3969	return (io);
3970}
3971
3972void
3973ctl_free_io(union ctl_io *io)
3974{
3975	if (io == NULL)
3976		return;
3977
3978	/*
3979	 * If this ctl_io has a pool, return it to that pool.
3980	 */
3981	if (io->io_hdr.pool != NULL) {
3982		struct ctl_io_pool *pool;
3983
3984		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3985		mtx_lock(&pool->ctl_softc->pool_lock);
3986		io->io_hdr.io_type = 0xff;
3987		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3988		pool->total_freed++;
3989		pool->free_ctl_io++;
3990		ctl_pool_release(pool);
3991		mtx_unlock(&pool->ctl_softc->pool_lock);
3992	} else {
3993		/*
3994		 * Otherwise, just free it.  We probably malloced it and
3995		 * the emergency pool wasn't available.
3996		 */
3997		free(io, M_CTLIO);
3998	}
3999
4000}
4001
4002void
4003ctl_zero_io(union ctl_io *io)
4004{
4005	void *pool_ref;
4006
4007	if (io == NULL)
4008		return;
4009
4010	/*
4011	 * May need to preserve linked list pointers at some point too.
4012	 */
4013	pool_ref = io->io_hdr.pool;
4014
4015	memset(io, 0, sizeof(*io));
4016
4017	io->io_hdr.pool = pool_ref;
4018}
4019
4020/*
4021 * This routine is currently used for internal copies of ctl_ios that need
4022 * to persist for some reason after we've already returned status to the
4023 * FETD.  (Thus the flag set.)
4024 *
4025 * XXX XXX
4026 * Note that this makes a blind copy of all fields in the ctl_io, except
4027 * for the pool reference.  This includes any memory that has been
4028 * allocated!  That memory will no longer be valid after done has been
4029 * called, so this would be VERY DANGEROUS for command that actually does
4030 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
4031 * start and stop commands, which don't transfer any data, so this is not a
4032 * problem.  If it is used for anything else, the caller would also need to
4033 * allocate data buffer space and this routine would need to be modified to
4034 * copy the data buffer(s) as well.
4035 */
4036void
4037ctl_copy_io(union ctl_io *src, union ctl_io *dest)
4038{
4039	void *pool_ref;
4040
4041	if ((src == NULL)
4042	 || (dest == NULL))
4043		return;
4044
4045	/*
4046	 * May need to preserve linked list pointers at some point too.
4047	 */
4048	pool_ref = dest->io_hdr.pool;
4049
4050	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
4051
4052	dest->io_hdr.pool = pool_ref;
4053	/*
4054	 * We need to know that this is an internal copy, and doesn't need
4055	 * to get passed back to the FETD that allocated it.
4056	 */
4057	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
4058}
4059
4060#ifdef NEEDTOPORT
4061static void
4062ctl_update_power_subpage(struct copan_power_subpage *page)
4063{
4064	int num_luns, num_partitions, config_type;
4065	struct ctl_softc *softc;
4066	cs_BOOL_t aor_present, shelf_50pct_power;
4067	cs_raidset_personality_t rs_type;
4068	int max_active_luns;
4069
4070	softc = control_softc;
4071
4072	/* subtract out the processor LUN */
4073	num_luns = softc->num_luns - 1;
4074	/*
4075	 * Default to 7 LUNs active, which was the only number we allowed
4076	 * in the past.
4077	 */
4078	max_active_luns = 7;
4079
4080	num_partitions = config_GetRsPartitionInfo();
4081	config_type = config_GetConfigType();
4082	shelf_50pct_power = config_GetShelfPowerMode();
4083	aor_present = config_IsAorRsPresent();
4084
4085	rs_type = ddb_GetRsRaidType(1);
4086	if ((rs_type != CS_RAIDSET_PERSONALITY_RAID5)
4087	 && (rs_type != CS_RAIDSET_PERSONALITY_RAID1)) {
4088		EPRINT(0, "Unsupported RS type %d!", rs_type);
4089	}
4090
4091
4092	page->total_luns = num_luns;
4093
4094	switch (config_type) {
4095	case 40:
4096		/*
4097		 * In a 40 drive configuration, it doesn't matter what DC
4098		 * cards we have, whether we have AOR enabled or not,
4099		 * partitioning or not, or what type of RAIDset we have.
4100		 * In that scenario, we can power up every LUN we present
4101		 * to the user.
4102		 */
4103		max_active_luns = num_luns;
4104
4105		break;
4106	case 64:
4107		if (shelf_50pct_power == CS_FALSE) {
4108			/* 25% power */
4109			if (aor_present == CS_TRUE) {
4110				if (rs_type ==
4111				     CS_RAIDSET_PERSONALITY_RAID5) {
4112					max_active_luns = 7;
4113				} else if (rs_type ==
4114					 CS_RAIDSET_PERSONALITY_RAID1){
4115					max_active_luns = 14;
4116				} else {
4117					/* XXX KDM now what?? */
4118				}
4119			} else {
4120				if (rs_type ==
4121				     CS_RAIDSET_PERSONALITY_RAID5) {
4122					max_active_luns = 8;
4123				} else if (rs_type ==
4124					 CS_RAIDSET_PERSONALITY_RAID1){
4125					max_active_luns = 16;
4126				} else {
4127					/* XXX KDM now what?? */
4128				}
4129			}
4130		} else {
4131			/* 50% power */
4132			/*
4133			 * With 50% power in a 64 drive configuration, we
4134			 * can power all LUNs we present.
4135			 */
4136			max_active_luns = num_luns;
4137		}
4138		break;
4139	case 112:
4140		if (shelf_50pct_power == CS_FALSE) {
4141			/* 25% power */
4142			if (aor_present == CS_TRUE) {
4143				if (rs_type ==
4144				     CS_RAIDSET_PERSONALITY_RAID5) {
4145					max_active_luns = 7;
4146				} else if (rs_type ==
4147					 CS_RAIDSET_PERSONALITY_RAID1){
4148					max_active_luns = 14;
4149				} else {
4150					/* XXX KDM now what?? */
4151				}
4152			} else {
4153				if (rs_type ==
4154				     CS_RAIDSET_PERSONALITY_RAID5) {
4155					max_active_luns = 8;
4156				} else if (rs_type ==
4157					 CS_RAIDSET_PERSONALITY_RAID1){
4158					max_active_luns = 16;
4159				} else {
4160					/* XXX KDM now what?? */
4161				}
4162			}
4163		} else {
4164			/* 50% power */
4165			if (aor_present == CS_TRUE) {
4166				if (rs_type ==
4167				     CS_RAIDSET_PERSONALITY_RAID5) {
4168					max_active_luns = 14;
4169				} else if (rs_type ==
4170					 CS_RAIDSET_PERSONALITY_RAID1){
4171					/*
4172					 * We're assuming here that disk
4173					 * caching is enabled, and so we're
4174					 * able to power up half of each
4175					 * LUN, and cache all writes.
4176					 */
4177					max_active_luns = num_luns;
4178				} else {
4179					/* XXX KDM now what?? */
4180				}
4181			} else {
4182				if (rs_type ==
4183				     CS_RAIDSET_PERSONALITY_RAID5) {
4184					max_active_luns = 15;
4185				} else if (rs_type ==
4186					 CS_RAIDSET_PERSONALITY_RAID1){
4187					max_active_luns = 30;
4188				} else {
4189					/* XXX KDM now what?? */
4190				}
4191			}
4192		}
4193		break;
4194	default:
4195		/*
4196		 * In this case, we have an unknown configuration, so we
4197		 * just use the default from above.
4198		 */
4199		break;
4200	}
4201
4202	page->max_active_luns = max_active_luns;
4203#if 0
4204	printk("%s: total_luns = %d, max_active_luns = %d\n", __func__,
4205	       page->total_luns, page->max_active_luns);
4206#endif
4207}
4208#endif /* NEEDTOPORT */
4209
4210/*
4211 * This routine could be used in the future to load default and/or saved
4212 * mode page parameters for a particuar lun.
4213 */
4214static int
4215ctl_init_page_index(struct ctl_lun *lun)
4216{
4217	int i;
4218	struct ctl_page_index *page_index;
4219	const char *value;
4220
4221	memcpy(&lun->mode_pages.index, page_index_template,
4222	       sizeof(page_index_template));
4223
4224	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4225
4226		page_index = &lun->mode_pages.index[i];
4227		/*
4228		 * If this is a disk-only mode page, there's no point in
4229		 * setting it up.  For some pages, we have to have some
4230		 * basic information about the disk in order to calculate the
4231		 * mode page data.
4232		 */
4233		if ((lun->be_lun->lun_type != T_DIRECT)
4234		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4235			continue;
4236
4237		switch (page_index->page_code & SMPH_PC_MASK) {
4238		case SMS_RW_ERROR_RECOVERY_PAGE: {
4239			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4240				panic("subpage is incorrect!");
4241			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4242			       &rw_er_page_default,
4243			       sizeof(rw_er_page_default));
4244			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4245			       &rw_er_page_changeable,
4246			       sizeof(rw_er_page_changeable));
4247			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4248			       &rw_er_page_default,
4249			       sizeof(rw_er_page_default));
4250			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4251			       &rw_er_page_default,
4252			       sizeof(rw_er_page_default));
4253			page_index->page_data =
4254				(uint8_t *)lun->mode_pages.rw_er_page;
4255			break;
4256		}
4257		case SMS_FORMAT_DEVICE_PAGE: {
4258			struct scsi_format_page *format_page;
4259
4260			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4261				panic("subpage is incorrect!");
4262
4263			/*
4264			 * Sectors per track are set above.  Bytes per
4265			 * sector need to be set here on a per-LUN basis.
4266			 */
4267			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4268			       &format_page_default,
4269			       sizeof(format_page_default));
4270			memcpy(&lun->mode_pages.format_page[
4271			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4272			       sizeof(format_page_changeable));
4273			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4274			       &format_page_default,
4275			       sizeof(format_page_default));
4276			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4277			       &format_page_default,
4278			       sizeof(format_page_default));
4279
4280			format_page = &lun->mode_pages.format_page[
4281				CTL_PAGE_CURRENT];
4282			scsi_ulto2b(lun->be_lun->blocksize,
4283				    format_page->bytes_per_sector);
4284
4285			format_page = &lun->mode_pages.format_page[
4286				CTL_PAGE_DEFAULT];
4287			scsi_ulto2b(lun->be_lun->blocksize,
4288				    format_page->bytes_per_sector);
4289
4290			format_page = &lun->mode_pages.format_page[
4291				CTL_PAGE_SAVED];
4292			scsi_ulto2b(lun->be_lun->blocksize,
4293				    format_page->bytes_per_sector);
4294
4295			page_index->page_data =
4296				(uint8_t *)lun->mode_pages.format_page;
4297			break;
4298		}
4299		case SMS_RIGID_DISK_PAGE: {
4300			struct scsi_rigid_disk_page *rigid_disk_page;
4301			uint32_t sectors_per_cylinder;
4302			uint64_t cylinders;
4303#ifndef	__XSCALE__
4304			int shift;
4305#endif /* !__XSCALE__ */
4306
4307			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4308				panic("invalid subpage value %d",
4309				      page_index->subpage);
4310
4311			/*
4312			 * Rotation rate and sectors per track are set
4313			 * above.  We calculate the cylinders here based on
4314			 * capacity.  Due to the number of heads and
4315			 * sectors per track we're using, smaller arrays
4316			 * may turn out to have 0 cylinders.  Linux and
4317			 * FreeBSD don't pay attention to these mode pages
4318			 * to figure out capacity, but Solaris does.  It
4319			 * seems to deal with 0 cylinders just fine, and
4320			 * works out a fake geometry based on the capacity.
4321			 */
4322			memcpy(&lun->mode_pages.rigid_disk_page[
4323			       CTL_PAGE_CURRENT], &rigid_disk_page_default,
4324			       sizeof(rigid_disk_page_default));
4325			memcpy(&lun->mode_pages.rigid_disk_page[
4326			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4327			       sizeof(rigid_disk_page_changeable));
4328			memcpy(&lun->mode_pages.rigid_disk_page[
4329			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4330			       sizeof(rigid_disk_page_default));
4331			memcpy(&lun->mode_pages.rigid_disk_page[
4332			       CTL_PAGE_SAVED], &rigid_disk_page_default,
4333			       sizeof(rigid_disk_page_default));
4334
4335			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4336				CTL_DEFAULT_HEADS;
4337
4338			/*
4339			 * The divide method here will be more accurate,
4340			 * probably, but results in floating point being
4341			 * used in the kernel on i386 (__udivdi3()).  On the
4342			 * XScale, though, __udivdi3() is implemented in
4343			 * software.
4344			 *
4345			 * The shift method for cylinder calculation is
4346			 * accurate if sectors_per_cylinder is a power of
4347			 * 2.  Otherwise it might be slightly off -- you
4348			 * might have a bit of a truncation problem.
4349			 */
4350#ifdef	__XSCALE__
4351			cylinders = (lun->be_lun->maxlba + 1) /
4352				sectors_per_cylinder;
4353#else
4354			for (shift = 31; shift > 0; shift--) {
4355				if (sectors_per_cylinder & (1 << shift))
4356					break;
4357			}
4358			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4359#endif
4360
4361			/*
4362			 * We've basically got 3 bytes, or 24 bits for the
4363			 * cylinder size in the mode page.  If we're over,
4364			 * just round down to 2^24.
4365			 */
4366			if (cylinders > 0xffffff)
4367				cylinders = 0xffffff;
4368
4369			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4370				CTL_PAGE_CURRENT];
4371			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4372
4373			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4374				CTL_PAGE_DEFAULT];
4375			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4376
4377			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4378				CTL_PAGE_SAVED];
4379			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4380
4381			page_index->page_data =
4382				(uint8_t *)lun->mode_pages.rigid_disk_page;
4383			break;
4384		}
4385		case SMS_CACHING_PAGE: {
4386			struct scsi_caching_page *caching_page;
4387
4388			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4389				panic("invalid subpage value %d",
4390				      page_index->subpage);
4391			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4392			       &caching_page_default,
4393			       sizeof(caching_page_default));
4394			memcpy(&lun->mode_pages.caching_page[
4395			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4396			       sizeof(caching_page_changeable));
4397			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4398			       &caching_page_default,
4399			       sizeof(caching_page_default));
4400			caching_page = &lun->mode_pages.caching_page[
4401			    CTL_PAGE_SAVED];
4402			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4403			if (value != NULL && strcmp(value, "off") == 0)
4404				caching_page->flags1 &= ~SCP_WCE;
4405			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4406			if (value != NULL && strcmp(value, "off") == 0)
4407				caching_page->flags1 |= SCP_RCD;
4408			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4409			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4410			       sizeof(caching_page_default));
4411			page_index->page_data =
4412				(uint8_t *)lun->mode_pages.caching_page;
4413			break;
4414		}
4415		case SMS_CONTROL_MODE_PAGE: {
4416			struct scsi_control_page *control_page;
4417
4418			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4419				panic("invalid subpage value %d",
4420				      page_index->subpage);
4421
4422			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4423			       &control_page_default,
4424			       sizeof(control_page_default));
4425			memcpy(&lun->mode_pages.control_page[
4426			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4427			       sizeof(control_page_changeable));
4428			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4429			       &control_page_default,
4430			       sizeof(control_page_default));
4431			control_page = &lun->mode_pages.control_page[
4432			    CTL_PAGE_SAVED];
4433			value = ctl_get_opt(&lun->be_lun->options, "reordering");
4434			if (value != NULL && strcmp(value, "unrestricted") == 0) {
4435				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
4436				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
4437			}
4438			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4439			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
4440			       sizeof(control_page_default));
4441			page_index->page_data =
4442				(uint8_t *)lun->mode_pages.control_page;
4443			break;
4444
4445		}
4446		case SMS_INFO_EXCEPTIONS_PAGE: {
4447			switch (page_index->subpage) {
4448			case SMS_SUBPAGE_PAGE_0:
4449				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4450				       &ie_page_default,
4451				       sizeof(ie_page_default));
4452				memcpy(&lun->mode_pages.ie_page[
4453				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4454				       sizeof(ie_page_changeable));
4455				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4456				       &ie_page_default,
4457				       sizeof(ie_page_default));
4458				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4459				       &ie_page_default,
4460				       sizeof(ie_page_default));
4461				page_index->page_data =
4462					(uint8_t *)lun->mode_pages.ie_page;
4463				break;
4464			case 0x02:
4465				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4466				       &lbp_page_default,
4467				       sizeof(lbp_page_default));
4468				memcpy(&lun->mode_pages.lbp_page[
4469				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4470				       sizeof(lbp_page_changeable));
4471				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4472				       &lbp_page_default,
4473				       sizeof(lbp_page_default));
4474				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4475				       &lbp_page_default,
4476				       sizeof(lbp_page_default));
4477				page_index->page_data =
4478					(uint8_t *)lun->mode_pages.lbp_page;
4479			}
4480			break;
4481		}
4482		case SMS_VENDOR_SPECIFIC_PAGE:{
4483			switch (page_index->subpage) {
4484			case PWR_SUBPAGE_CODE: {
4485				struct copan_power_subpage *current_page,
4486							   *saved_page;
4487
4488				memcpy(&lun->mode_pages.power_subpage[
4489				       CTL_PAGE_CURRENT],
4490				       &power_page_default,
4491				       sizeof(power_page_default));
4492				memcpy(&lun->mode_pages.power_subpage[
4493				       CTL_PAGE_CHANGEABLE],
4494				       &power_page_changeable,
4495				       sizeof(power_page_changeable));
4496				memcpy(&lun->mode_pages.power_subpage[
4497				       CTL_PAGE_DEFAULT],
4498				       &power_page_default,
4499				       sizeof(power_page_default));
4500				memcpy(&lun->mode_pages.power_subpage[
4501				       CTL_PAGE_SAVED],
4502				       &power_page_default,
4503				       sizeof(power_page_default));
4504				page_index->page_data =
4505				    (uint8_t *)lun->mode_pages.power_subpage;
4506
4507				current_page = (struct copan_power_subpage *)
4508					(page_index->page_data +
4509					 (page_index->page_len *
4510					  CTL_PAGE_CURRENT));
4511			        saved_page = (struct copan_power_subpage *)
4512				        (page_index->page_data +
4513					 (page_index->page_len *
4514					  CTL_PAGE_SAVED));
4515				break;
4516			}
4517			case APS_SUBPAGE_CODE: {
4518				struct copan_aps_subpage *current_page,
4519							 *saved_page;
4520
4521				// This gets set multiple times but
4522				// it should always be the same. It's
4523				// only done during init so who cares.
4524				index_to_aps_page = i;
4525
4526				memcpy(&lun->mode_pages.aps_subpage[
4527				       CTL_PAGE_CURRENT],
4528				       &aps_page_default,
4529				       sizeof(aps_page_default));
4530				memcpy(&lun->mode_pages.aps_subpage[
4531				       CTL_PAGE_CHANGEABLE],
4532				       &aps_page_changeable,
4533				       sizeof(aps_page_changeable));
4534				memcpy(&lun->mode_pages.aps_subpage[
4535				       CTL_PAGE_DEFAULT],
4536				       &aps_page_default,
4537				       sizeof(aps_page_default));
4538				memcpy(&lun->mode_pages.aps_subpage[
4539				       CTL_PAGE_SAVED],
4540				       &aps_page_default,
4541				       sizeof(aps_page_default));
4542				page_index->page_data =
4543					(uint8_t *)lun->mode_pages.aps_subpage;
4544
4545				current_page = (struct copan_aps_subpage *)
4546					(page_index->page_data +
4547					 (page_index->page_len *
4548					  CTL_PAGE_CURRENT));
4549				saved_page = (struct copan_aps_subpage *)
4550					(page_index->page_data +
4551					 (page_index->page_len *
4552					  CTL_PAGE_SAVED));
4553				break;
4554			}
4555			case DBGCNF_SUBPAGE_CODE: {
4556				struct copan_debugconf_subpage *current_page,
4557							       *saved_page;
4558
4559				memcpy(&lun->mode_pages.debugconf_subpage[
4560				       CTL_PAGE_CURRENT],
4561				       &debugconf_page_default,
4562				       sizeof(debugconf_page_default));
4563				memcpy(&lun->mode_pages.debugconf_subpage[
4564				       CTL_PAGE_CHANGEABLE],
4565				       &debugconf_page_changeable,
4566				       sizeof(debugconf_page_changeable));
4567				memcpy(&lun->mode_pages.debugconf_subpage[
4568				       CTL_PAGE_DEFAULT],
4569				       &debugconf_page_default,
4570				       sizeof(debugconf_page_default));
4571				memcpy(&lun->mode_pages.debugconf_subpage[
4572				       CTL_PAGE_SAVED],
4573				       &debugconf_page_default,
4574				       sizeof(debugconf_page_default));
4575				page_index->page_data =
4576					(uint8_t *)lun->mode_pages.debugconf_subpage;
4577
4578				current_page = (struct copan_debugconf_subpage *)
4579					(page_index->page_data +
4580					 (page_index->page_len *
4581					  CTL_PAGE_CURRENT));
4582				saved_page = (struct copan_debugconf_subpage *)
4583					(page_index->page_data +
4584					 (page_index->page_len *
4585					  CTL_PAGE_SAVED));
4586				break;
4587			}
4588			default:
4589				panic("invalid subpage value %d",
4590				      page_index->subpage);
4591				break;
4592			}
4593   			break;
4594		}
4595		default:
4596			panic("invalid page value %d",
4597			      page_index->page_code & SMPH_PC_MASK);
4598			break;
4599    	}
4600	}
4601
4602	return (CTL_RETVAL_COMPLETE);
4603}
4604
4605static int
4606ctl_init_log_page_index(struct ctl_lun *lun)
4607{
4608	struct ctl_page_index *page_index;
4609	int i, j, prev;
4610
4611	memcpy(&lun->log_pages.index, log_page_index_template,
4612	       sizeof(log_page_index_template));
4613
4614	prev = -1;
4615	for (i = 0, j = 0; i < CTL_NUM_LOG_PAGES; i++) {
4616
4617		page_index = &lun->log_pages.index[i];
4618		/*
4619		 * If this is a disk-only mode page, there's no point in
4620		 * setting it up.  For some pages, we have to have some
4621		 * basic information about the disk in order to calculate the
4622		 * mode page data.
4623		 */
4624		if ((lun->be_lun->lun_type != T_DIRECT)
4625		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4626			continue;
4627
4628		if (page_index->page_code != prev) {
4629			lun->log_pages.pages_page[j] = page_index->page_code;
4630			prev = page_index->page_code;
4631			j++;
4632		}
4633		lun->log_pages.subpages_page[i*2] = page_index->page_code;
4634		lun->log_pages.subpages_page[i*2+1] = page_index->subpage;
4635	}
4636	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4637	lun->log_pages.index[0].page_len = j;
4638	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4639	lun->log_pages.index[1].page_len = i * 2;
4640
4641	return (CTL_RETVAL_COMPLETE);
4642}
4643
4644/*
4645 * LUN allocation.
4646 *
4647 * Requirements:
4648 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4649 *   wants us to allocate the LUN and he can block.
4650 * - ctl_softc is always set
4651 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4652 *
4653 * Returns 0 for success, non-zero (errno) for failure.
4654 */
4655static int
4656ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4657	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4658{
4659	struct ctl_lun *nlun, *lun;
4660	struct ctl_port *port;
4661	struct scsi_vpd_id_descriptor *desc;
4662	struct scsi_vpd_id_t10 *t10id;
4663	const char *eui, *naa, *scsiname, *vendor, *value;
4664	int lun_number, i, lun_malloced;
4665	int devidlen, idlen1, idlen2 = 0, len;
4666
4667	if (be_lun == NULL)
4668		return (EINVAL);
4669
4670	/*
4671	 * We currently only support Direct Access or Processor LUN types.
4672	 */
4673	switch (be_lun->lun_type) {
4674	case T_DIRECT:
4675		break;
4676	case T_PROCESSOR:
4677		break;
4678	case T_SEQUENTIAL:
4679	case T_CHANGER:
4680	default:
4681		be_lun->lun_config_status(be_lun->be_lun,
4682					  CTL_LUN_CONFIG_FAILURE);
4683		break;
4684	}
4685	if (ctl_lun == NULL) {
4686		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4687		lun_malloced = 1;
4688	} else {
4689		lun_malloced = 0;
4690		lun = ctl_lun;
4691	}
4692
4693	memset(lun, 0, sizeof(*lun));
4694	if (lun_malloced)
4695		lun->flags = CTL_LUN_MALLOCED;
4696
4697	/* Generate LUN ID. */
4698	devidlen = max(CTL_DEVID_MIN_LEN,
4699	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4700	idlen1 = sizeof(*t10id) + devidlen;
4701	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4702	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4703	if (scsiname != NULL) {
4704		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4705		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4706	}
4707	eui = ctl_get_opt(&be_lun->options, "eui");
4708	if (eui != NULL) {
4709		len += sizeof(struct scsi_vpd_id_descriptor) + 8;
4710	}
4711	naa = ctl_get_opt(&be_lun->options, "naa");
4712	if (naa != NULL) {
4713		len += sizeof(struct scsi_vpd_id_descriptor) + 8;
4714	}
4715	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4716	    M_CTL, M_WAITOK | M_ZERO);
4717	lun->lun_devid->len = len;
4718	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4719	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4720	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4721	desc->length = idlen1;
4722	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4723	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4724	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4725		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4726	} else {
4727		strncpy(t10id->vendor, vendor,
4728		    min(sizeof(t10id->vendor), strlen(vendor)));
4729	}
4730	strncpy((char *)t10id->vendor_spec_id,
4731	    (char *)be_lun->device_id, devidlen);
4732	if (scsiname != NULL) {
4733		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4734		    desc->length);
4735		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4736		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4737		    SVPD_ID_TYPE_SCSI_NAME;
4738		desc->length = idlen2;
4739		strlcpy(desc->identifier, scsiname, idlen2);
4740	}
4741	if (eui != NULL) {
4742		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4743		    desc->length);
4744		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4745		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4746		    SVPD_ID_TYPE_EUI64;
4747		desc->length = 8;
4748		scsi_u64to8b(strtouq(eui, NULL, 0), desc->identifier);
4749	}
4750	if (naa != NULL) {
4751		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4752		    desc->length);
4753		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4754		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4755		    SVPD_ID_TYPE_NAA;
4756		desc->length = 8;
4757		scsi_u64to8b(strtouq(naa, NULL, 0), desc->identifier);
4758	}
4759
4760	mtx_lock(&ctl_softc->ctl_lock);
4761	/*
4762	 * See if the caller requested a particular LUN number.  If so, see
4763	 * if it is available.  Otherwise, allocate the first available LUN.
4764	 */
4765	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4766		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4767		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4768			mtx_unlock(&ctl_softc->ctl_lock);
4769			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4770				printf("ctl: requested LUN ID %d is higher "
4771				       "than CTL_MAX_LUNS - 1 (%d)\n",
4772				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4773			} else {
4774				/*
4775				 * XXX KDM return an error, or just assign
4776				 * another LUN ID in this case??
4777				 */
4778				printf("ctl: requested LUN ID %d is already "
4779				       "in use\n", be_lun->req_lun_id);
4780			}
4781			if (lun->flags & CTL_LUN_MALLOCED)
4782				free(lun, M_CTL);
4783			be_lun->lun_config_status(be_lun->be_lun,
4784						  CTL_LUN_CONFIG_FAILURE);
4785			return (ENOSPC);
4786		}
4787		lun_number = be_lun->req_lun_id;
4788	} else {
4789		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4790		if (lun_number == -1) {
4791			mtx_unlock(&ctl_softc->ctl_lock);
4792			printf("ctl: can't allocate LUN on target %ju, out of "
4793			       "LUNs\n", (uintmax_t)target_id.id);
4794			if (lun->flags & CTL_LUN_MALLOCED)
4795				free(lun, M_CTL);
4796			be_lun->lun_config_status(be_lun->be_lun,
4797						  CTL_LUN_CONFIG_FAILURE);
4798			return (ENOSPC);
4799		}
4800	}
4801	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4802
4803	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4804	lun->target = target_id;
4805	lun->lun = lun_number;
4806	lun->be_lun = be_lun;
4807	/*
4808	 * The processor LUN is always enabled.  Disk LUNs come on line
4809	 * disabled, and must be enabled by the backend.
4810	 */
4811	lun->flags |= CTL_LUN_DISABLED;
4812	lun->backend = be_lun->be;
4813	be_lun->ctl_lun = lun;
4814	be_lun->lun_id = lun_number;
4815	atomic_add_int(&be_lun->be->num_luns, 1);
4816	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4817		lun->flags |= CTL_LUN_OFFLINE;
4818
4819	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4820		lun->flags |= CTL_LUN_STOPPED;
4821
4822	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4823		lun->flags |= CTL_LUN_INOPERABLE;
4824
4825	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4826		lun->flags |= CTL_LUN_PRIMARY_SC;
4827
4828	value = ctl_get_opt(&be_lun->options, "readonly");
4829	if (value != NULL && strcmp(value, "on") == 0)
4830		lun->flags |= CTL_LUN_READONLY;
4831
4832	lun->ctl_softc = ctl_softc;
4833	TAILQ_INIT(&lun->ooa_queue);
4834	TAILQ_INIT(&lun->blocked_queue);
4835	STAILQ_INIT(&lun->error_list);
4836	ctl_tpc_lun_init(lun);
4837
4838	/*
4839	 * Initialize the mode and log page index.
4840	 */
4841	ctl_init_page_index(lun);
4842	ctl_init_log_page_index(lun);
4843
4844	/*
4845	 * Set the poweron UA for all initiators on this LUN only.
4846	 */
4847	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4848		lun->pending_ua[i] = CTL_UA_POWERON;
4849
4850	/*
4851	 * Now, before we insert this lun on the lun list, set the lun
4852	 * inventory changed UA for all other luns.
4853	 */
4854	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4855		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4856			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4857		}
4858	}
4859
4860	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4861
4862	ctl_softc->ctl_luns[lun_number] = lun;
4863
4864	ctl_softc->num_luns++;
4865
4866	/* Setup statistics gathering */
4867	lun->stats.device_type = be_lun->lun_type;
4868	lun->stats.lun_number = lun_number;
4869	if (lun->stats.device_type == T_DIRECT)
4870		lun->stats.blocksize = be_lun->blocksize;
4871	else
4872		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4873	for (i = 0;i < CTL_MAX_PORTS;i++)
4874		lun->stats.ports[i].targ_port = i;
4875
4876	mtx_unlock(&ctl_softc->ctl_lock);
4877
4878	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4879
4880	/*
4881	 * Run through each registered FETD and bring it online if it isn't
4882	 * already.  Enable the target ID if it hasn't been enabled, and
4883	 * enable this particular LUN.
4884	 */
4885	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4886		int retval;
4887
4888		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4889		if (retval != 0) {
4890			printf("ctl_alloc_lun: FETD %s port %d returned error "
4891			       "%d for lun_enable on target %ju lun %d\n",
4892			       port->port_name, port->targ_port, retval,
4893			       (uintmax_t)target_id.id, lun_number);
4894		} else
4895			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4896	}
4897	return (0);
4898}
4899
4900/*
4901 * Delete a LUN.
4902 * Assumptions:
4903 * - LUN has already been marked invalid and any pending I/O has been taken
4904 *   care of.
4905 */
4906static int
4907ctl_free_lun(struct ctl_lun *lun)
4908{
4909	struct ctl_softc *softc;
4910#if 0
4911	struct ctl_port *port;
4912#endif
4913	struct ctl_lun *nlun;
4914	int i;
4915
4916	softc = lun->ctl_softc;
4917
4918	mtx_assert(&softc->ctl_lock, MA_OWNED);
4919
4920	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4921
4922	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4923
4924	softc->ctl_luns[lun->lun] = NULL;
4925
4926	if (!TAILQ_EMPTY(&lun->ooa_queue))
4927		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4928
4929	softc->num_luns--;
4930
4931	/*
4932	 * XXX KDM this scheme only works for a single target/multiple LUN
4933	 * setup.  It needs to be revamped for a multiple target scheme.
4934	 *
4935	 * XXX KDM this results in port->lun_disable() getting called twice,
4936	 * once when ctl_disable_lun() is called, and a second time here.
4937	 * We really need to re-think the LUN disable semantics.  There
4938	 * should probably be several steps/levels to LUN removal:
4939	 *  - disable
4940	 *  - invalidate
4941	 *  - free
4942 	 *
4943	 * Right now we only have a disable method when communicating to
4944	 * the front end ports, at least for individual LUNs.
4945	 */
4946#if 0
4947	STAILQ_FOREACH(port, &softc->port_list, links) {
4948		int retval;
4949
4950		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4951					 lun->lun);
4952		if (retval != 0) {
4953			printf("ctl_free_lun: FETD %s port %d returned error "
4954			       "%d for lun_disable on target %ju lun %jd\n",
4955			       port->port_name, port->targ_port, retval,
4956			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4957		}
4958
4959		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4960			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4961
4962			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4963			if (retval != 0) {
4964				printf("ctl_free_lun: FETD %s port %d "
4965				       "returned error %d for targ_disable on "
4966				       "target %ju\n", port->port_name,
4967				       port->targ_port, retval,
4968				       (uintmax_t)lun->target.id);
4969			} else
4970				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4971
4972			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4973				continue;
4974
4975#if 0
4976			port->port_offline(port->onoff_arg);
4977			port->status &= ~CTL_PORT_STATUS_ONLINE;
4978#endif
4979		}
4980	}
4981#endif
4982
4983	/*
4984	 * Tell the backend to free resources, if this LUN has a backend.
4985	 */
4986	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4987	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4988
4989	ctl_tpc_lun_shutdown(lun);
4990	mtx_destroy(&lun->lun_lock);
4991	free(lun->lun_devid, M_CTL);
4992	if (lun->flags & CTL_LUN_MALLOCED)
4993		free(lun, M_CTL);
4994
4995	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4996		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4997			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4998		}
4999	}
5000
5001	return (0);
5002}
5003
5004static void
5005ctl_create_lun(struct ctl_be_lun *be_lun)
5006{
5007	struct ctl_softc *ctl_softc;
5008
5009	ctl_softc = control_softc;
5010
5011	/*
5012	 * ctl_alloc_lun() should handle all potential failure cases.
5013	 */
5014	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
5015}
5016
5017int
5018ctl_add_lun(struct ctl_be_lun *be_lun)
5019{
5020	struct ctl_softc *ctl_softc = control_softc;
5021
5022	mtx_lock(&ctl_softc->ctl_lock);
5023	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
5024	mtx_unlock(&ctl_softc->ctl_lock);
5025	wakeup(&ctl_softc->pending_lun_queue);
5026
5027	return (0);
5028}
5029
5030int
5031ctl_enable_lun(struct ctl_be_lun *be_lun)
5032{
5033	struct ctl_softc *ctl_softc;
5034	struct ctl_port *port, *nport;
5035	struct ctl_lun *lun;
5036	int retval;
5037
5038	ctl_softc = control_softc;
5039
5040	lun = (struct ctl_lun *)be_lun->ctl_lun;
5041
5042	mtx_lock(&ctl_softc->ctl_lock);
5043	mtx_lock(&lun->lun_lock);
5044	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
5045		/*
5046		 * eh?  Why did we get called if the LUN is already
5047		 * enabled?
5048		 */
5049		mtx_unlock(&lun->lun_lock);
5050		mtx_unlock(&ctl_softc->ctl_lock);
5051		return (0);
5052	}
5053	lun->flags &= ~CTL_LUN_DISABLED;
5054	mtx_unlock(&lun->lun_lock);
5055
5056	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
5057		nport = STAILQ_NEXT(port, links);
5058
5059		/*
5060		 * Drop the lock while we call the FETD's enable routine.
5061		 * This can lead to a callback into CTL (at least in the
5062		 * case of the internal initiator frontend.
5063		 */
5064		mtx_unlock(&ctl_softc->ctl_lock);
5065		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
5066		mtx_lock(&ctl_softc->ctl_lock);
5067		if (retval != 0) {
5068			printf("%s: FETD %s port %d returned error "
5069			       "%d for lun_enable on target %ju lun %jd\n",
5070			       __func__, port->port_name, port->targ_port, retval,
5071			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
5072		}
5073#if 0
5074		 else {
5075            /* NOTE:  TODO:  why does lun enable affect port status? */
5076			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
5077		}
5078#endif
5079	}
5080
5081	mtx_unlock(&ctl_softc->ctl_lock);
5082
5083	return (0);
5084}
5085
5086int
5087ctl_disable_lun(struct ctl_be_lun *be_lun)
5088{
5089	struct ctl_softc *ctl_softc;
5090	struct ctl_port *port;
5091	struct ctl_lun *lun;
5092	int retval;
5093
5094	ctl_softc = control_softc;
5095
5096	lun = (struct ctl_lun *)be_lun->ctl_lun;
5097
5098	mtx_lock(&ctl_softc->ctl_lock);
5099	mtx_lock(&lun->lun_lock);
5100	if (lun->flags & CTL_LUN_DISABLED) {
5101		mtx_unlock(&lun->lun_lock);
5102		mtx_unlock(&ctl_softc->ctl_lock);
5103		return (0);
5104	}
5105	lun->flags |= CTL_LUN_DISABLED;
5106	mtx_unlock(&lun->lun_lock);
5107
5108	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
5109		mtx_unlock(&ctl_softc->ctl_lock);
5110		/*
5111		 * Drop the lock before we call the frontend's disable
5112		 * routine, to avoid lock order reversals.
5113		 *
5114		 * XXX KDM what happens if the frontend list changes while
5115		 * we're traversing it?  It's unlikely, but should be handled.
5116		 */
5117		retval = port->lun_disable(port->targ_lun_arg, lun->target,
5118					 lun->lun);
5119		mtx_lock(&ctl_softc->ctl_lock);
5120		if (retval != 0) {
5121			printf("ctl_alloc_lun: FETD %s port %d returned error "
5122			       "%d for lun_disable on target %ju lun %jd\n",
5123			       port->port_name, port->targ_port, retval,
5124			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
5125		}
5126	}
5127
5128	mtx_unlock(&ctl_softc->ctl_lock);
5129
5130	return (0);
5131}
5132
5133int
5134ctl_start_lun(struct ctl_be_lun *be_lun)
5135{
5136	struct ctl_softc *ctl_softc;
5137	struct ctl_lun *lun;
5138
5139	ctl_softc = control_softc;
5140
5141	lun = (struct ctl_lun *)be_lun->ctl_lun;
5142
5143	mtx_lock(&lun->lun_lock);
5144	lun->flags &= ~CTL_LUN_STOPPED;
5145	mtx_unlock(&lun->lun_lock);
5146
5147	return (0);
5148}
5149
5150int
5151ctl_stop_lun(struct ctl_be_lun *be_lun)
5152{
5153	struct ctl_softc *ctl_softc;
5154	struct ctl_lun *lun;
5155
5156	ctl_softc = control_softc;
5157
5158	lun = (struct ctl_lun *)be_lun->ctl_lun;
5159
5160	mtx_lock(&lun->lun_lock);
5161	lun->flags |= CTL_LUN_STOPPED;
5162	mtx_unlock(&lun->lun_lock);
5163
5164	return (0);
5165}
5166
5167int
5168ctl_lun_offline(struct ctl_be_lun *be_lun)
5169{
5170	struct ctl_softc *ctl_softc;
5171	struct ctl_lun *lun;
5172
5173	ctl_softc = control_softc;
5174
5175	lun = (struct ctl_lun *)be_lun->ctl_lun;
5176
5177	mtx_lock(&lun->lun_lock);
5178	lun->flags |= CTL_LUN_OFFLINE;
5179	mtx_unlock(&lun->lun_lock);
5180
5181	return (0);
5182}
5183
5184int
5185ctl_lun_online(struct ctl_be_lun *be_lun)
5186{
5187	struct ctl_softc *ctl_softc;
5188	struct ctl_lun *lun;
5189
5190	ctl_softc = control_softc;
5191
5192	lun = (struct ctl_lun *)be_lun->ctl_lun;
5193
5194	mtx_lock(&lun->lun_lock);
5195	lun->flags &= ~CTL_LUN_OFFLINE;
5196	mtx_unlock(&lun->lun_lock);
5197
5198	return (0);
5199}
5200
5201int
5202ctl_invalidate_lun(struct ctl_be_lun *be_lun)
5203{
5204	struct ctl_softc *ctl_softc;
5205	struct ctl_lun *lun;
5206
5207	ctl_softc = control_softc;
5208
5209	lun = (struct ctl_lun *)be_lun->ctl_lun;
5210
5211	mtx_lock(&lun->lun_lock);
5212
5213	/*
5214	 * The LUN needs to be disabled before it can be marked invalid.
5215	 */
5216	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
5217		mtx_unlock(&lun->lun_lock);
5218		return (-1);
5219	}
5220	/*
5221	 * Mark the LUN invalid.
5222	 */
5223	lun->flags |= CTL_LUN_INVALID;
5224
5225	/*
5226	 * If there is nothing in the OOA queue, go ahead and free the LUN.
5227	 * If we have something in the OOA queue, we'll free it when the
5228	 * last I/O completes.
5229	 */
5230	if (TAILQ_EMPTY(&lun->ooa_queue)) {
5231		mtx_unlock(&lun->lun_lock);
5232		mtx_lock(&ctl_softc->ctl_lock);
5233		ctl_free_lun(lun);
5234		mtx_unlock(&ctl_softc->ctl_lock);
5235	} else
5236		mtx_unlock(&lun->lun_lock);
5237
5238	return (0);
5239}
5240
5241int
5242ctl_lun_inoperable(struct ctl_be_lun *be_lun)
5243{
5244	struct ctl_softc *ctl_softc;
5245	struct ctl_lun *lun;
5246
5247	ctl_softc = control_softc;
5248	lun = (struct ctl_lun *)be_lun->ctl_lun;
5249
5250	mtx_lock(&lun->lun_lock);
5251	lun->flags |= CTL_LUN_INOPERABLE;
5252	mtx_unlock(&lun->lun_lock);
5253
5254	return (0);
5255}
5256
5257int
5258ctl_lun_operable(struct ctl_be_lun *be_lun)
5259{
5260	struct ctl_softc *ctl_softc;
5261	struct ctl_lun *lun;
5262
5263	ctl_softc = control_softc;
5264	lun = (struct ctl_lun *)be_lun->ctl_lun;
5265
5266	mtx_lock(&lun->lun_lock);
5267	lun->flags &= ~CTL_LUN_INOPERABLE;
5268	mtx_unlock(&lun->lun_lock);
5269
5270	return (0);
5271}
5272
5273int
5274ctl_lun_power_lock(struct ctl_be_lun *be_lun, struct ctl_nexus *nexus,
5275		   int lock)
5276{
5277	struct ctl_softc *softc;
5278	struct ctl_lun *lun;
5279	struct copan_aps_subpage *current_sp;
5280	struct ctl_page_index *page_index;
5281	int i;
5282
5283	softc = control_softc;
5284
5285	mtx_lock(&softc->ctl_lock);
5286
5287	lun = (struct ctl_lun *)be_lun->ctl_lun;
5288	mtx_lock(&lun->lun_lock);
5289
5290	page_index = NULL;
5291	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5292		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5293		     APS_PAGE_CODE)
5294			continue;
5295
5296		if (lun->mode_pages.index[i].subpage != APS_SUBPAGE_CODE)
5297			continue;
5298		page_index = &lun->mode_pages.index[i];
5299	}
5300
5301	if (page_index == NULL) {
5302		mtx_unlock(&lun->lun_lock);
5303		mtx_unlock(&softc->ctl_lock);
5304		printf("%s: APS subpage not found for lun %ju!\n", __func__,
5305		       (uintmax_t)lun->lun);
5306		return (1);
5307	}
5308#if 0
5309	if ((softc->aps_locked_lun != 0)
5310	 && (softc->aps_locked_lun != lun->lun)) {
5311		printf("%s: attempt to lock LUN %llu when %llu is already "
5312		       "locked\n");
5313		mtx_unlock(&lun->lun_lock);
5314		mtx_unlock(&softc->ctl_lock);
5315		return (1);
5316	}
5317#endif
5318
5319	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
5320		(page_index->page_len * CTL_PAGE_CURRENT));
5321
5322	if (lock != 0) {
5323		current_sp->lock_active = APS_LOCK_ACTIVE;
5324		softc->aps_locked_lun = lun->lun;
5325	} else {
5326		current_sp->lock_active = 0;
5327		softc->aps_locked_lun = 0;
5328	}
5329
5330
5331	/*
5332	 * If we're in HA mode, try to send the lock message to the other
5333	 * side.
5334	 */
5335	if (ctl_is_single == 0) {
5336		int isc_retval;
5337		union ctl_ha_msg lock_msg;
5338
5339		lock_msg.hdr.nexus = *nexus;
5340		lock_msg.hdr.msg_type = CTL_MSG_APS_LOCK;
5341		if (lock != 0)
5342			lock_msg.aps.lock_flag = 1;
5343		else
5344			lock_msg.aps.lock_flag = 0;
5345		isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &lock_msg,
5346					 sizeof(lock_msg), 0);
5347		if (isc_retval > CTL_HA_STATUS_SUCCESS) {
5348			printf("%s: APS (lock=%d) error returned from "
5349			       "ctl_ha_msg_send: %d\n", __func__, lock, isc_retval);
5350			mtx_unlock(&lun->lun_lock);
5351			mtx_unlock(&softc->ctl_lock);
5352			return (1);
5353		}
5354	}
5355
5356	mtx_unlock(&lun->lun_lock);
5357	mtx_unlock(&softc->ctl_lock);
5358
5359	return (0);
5360}
5361
5362void
5363ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5364{
5365	struct ctl_lun *lun;
5366	struct ctl_softc *softc;
5367	int i;
5368
5369	softc = control_softc;
5370
5371	lun = (struct ctl_lun *)be_lun->ctl_lun;
5372
5373	mtx_lock(&lun->lun_lock);
5374
5375	for (i = 0; i < CTL_MAX_INITIATORS; i++)
5376		lun->pending_ua[i] |= CTL_UA_CAPACITY_CHANGED;
5377
5378	mtx_unlock(&lun->lun_lock);
5379}
5380
5381/*
5382 * Backend "memory move is complete" callback for requests that never
5383 * make it down to say RAIDCore's configuration code.
5384 */
5385int
5386ctl_config_move_done(union ctl_io *io)
5387{
5388	int retval;
5389
5390	retval = CTL_RETVAL_COMPLETE;
5391
5392
5393	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5394	/*
5395	 * XXX KDM this shouldn't happen, but what if it does?
5396	 */
5397	if (io->io_hdr.io_type != CTL_IO_SCSI)
5398		panic("I/O type isn't CTL_IO_SCSI!");
5399
5400	if ((io->io_hdr.port_status == 0)
5401	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5402	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
5403		io->io_hdr.status = CTL_SUCCESS;
5404	else if ((io->io_hdr.port_status != 0)
5405	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5406	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
5407		/*
5408		 * For hardware error sense keys, the sense key
5409		 * specific value is defined to be a retry count,
5410		 * but we use it to pass back an internal FETD
5411		 * error code.  XXX KDM  Hopefully the FETD is only
5412		 * using 16 bits for an error code, since that's
5413		 * all the space we have in the sks field.
5414		 */
5415		ctl_set_internal_failure(&io->scsiio,
5416					 /*sks_valid*/ 1,
5417					 /*retry_count*/
5418					 io->io_hdr.port_status);
5419		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5420			free(io->scsiio.kern_data_ptr, M_CTL);
5421		ctl_done(io);
5422		goto bailout;
5423	}
5424
5425	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
5426	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
5427	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5428		/*
5429		 * XXX KDM just assuming a single pointer here, and not a
5430		 * S/G list.  If we start using S/G lists for config data,
5431		 * we'll need to know how to clean them up here as well.
5432		 */
5433		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5434			free(io->scsiio.kern_data_ptr, M_CTL);
5435		/* Hopefully the user has already set the status... */
5436		ctl_done(io);
5437	} else {
5438		/*
5439		 * XXX KDM now we need to continue data movement.  Some
5440		 * options:
5441		 * - call ctl_scsiio() again?  We don't do this for data
5442		 *   writes, because for those at least we know ahead of
5443		 *   time where the write will go and how long it is.  For
5444		 *   config writes, though, that information is largely
5445		 *   contained within the write itself, thus we need to
5446		 *   parse out the data again.
5447		 *
5448		 * - Call some other function once the data is in?
5449		 */
5450
5451		/*
5452		 * XXX KDM call ctl_scsiio() again for now, and check flag
5453		 * bits to see whether we're allocated or not.
5454		 */
5455		retval = ctl_scsiio(&io->scsiio);
5456	}
5457bailout:
5458	return (retval);
5459}
5460
5461/*
5462 * This gets called by a backend driver when it is done with a
5463 * data_submit method.
5464 */
5465void
5466ctl_data_submit_done(union ctl_io *io)
5467{
5468	/*
5469	 * If the IO_CONT flag is set, we need to call the supplied
5470	 * function to continue processing the I/O, instead of completing
5471	 * the I/O just yet.
5472	 *
5473	 * If there is an error, though, we don't want to keep processing.
5474	 * Instead, just send status back to the initiator.
5475	 */
5476	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5477	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5478	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5479	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5480		io->scsiio.io_cont(io);
5481		return;
5482	}
5483	ctl_done(io);
5484}
5485
5486/*
5487 * This gets called by a backend driver when it is done with a
5488 * configuration write.
5489 */
5490void
5491ctl_config_write_done(union ctl_io *io)
5492{
5493	uint8_t *buf;
5494
5495	/*
5496	 * If the IO_CONT flag is set, we need to call the supplied
5497	 * function to continue processing the I/O, instead of completing
5498	 * the I/O just yet.
5499	 *
5500	 * If there is an error, though, we don't want to keep processing.
5501	 * Instead, just send status back to the initiator.
5502	 */
5503	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5504	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5505	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5506	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5507		io->scsiio.io_cont(io);
5508		return;
5509	}
5510	/*
5511	 * Since a configuration write can be done for commands that actually
5512	 * have data allocated, like write buffer, and commands that have
5513	 * no data, like start/stop unit, we need to check here.
5514	 */
5515	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5516		buf = io->scsiio.kern_data_ptr;
5517	else
5518		buf = NULL;
5519	ctl_done(io);
5520	if (buf)
5521		free(buf, M_CTL);
5522}
5523
5524/*
5525 * SCSI release command.
5526 */
5527int
5528ctl_scsi_release(struct ctl_scsiio *ctsio)
5529{
5530	int length, longid, thirdparty_id, resv_id;
5531	struct ctl_softc *ctl_softc;
5532	struct ctl_lun *lun;
5533	uint32_t residx;
5534
5535	length = 0;
5536	resv_id = 0;
5537
5538	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5539
5540	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5541	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5542	ctl_softc = control_softc;
5543
5544	switch (ctsio->cdb[0]) {
5545	case RELEASE_10: {
5546		struct scsi_release_10 *cdb;
5547
5548		cdb = (struct scsi_release_10 *)ctsio->cdb;
5549
5550		if (cdb->byte2 & SR10_LONGID)
5551			longid = 1;
5552		else
5553			thirdparty_id = cdb->thirdparty_id;
5554
5555		resv_id = cdb->resv_id;
5556		length = scsi_2btoul(cdb->length);
5557		break;
5558	}
5559	}
5560
5561
5562	/*
5563	 * XXX KDM right now, we only support LUN reservation.  We don't
5564	 * support 3rd party reservations, or extent reservations, which
5565	 * might actually need the parameter list.  If we've gotten this
5566	 * far, we've got a LUN reservation.  Anything else got kicked out
5567	 * above.  So, according to SPC, ignore the length.
5568	 */
5569	length = 0;
5570
5571	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5572	 && (length > 0)) {
5573		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5574		ctsio->kern_data_len = length;
5575		ctsio->kern_total_len = length;
5576		ctsio->kern_data_resid = 0;
5577		ctsio->kern_rel_offset = 0;
5578		ctsio->kern_sg_entries = 0;
5579		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5580		ctsio->be_move_done = ctl_config_move_done;
5581		ctl_datamove((union ctl_io *)ctsio);
5582
5583		return (CTL_RETVAL_COMPLETE);
5584	}
5585
5586	if (length > 0)
5587		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5588
5589	mtx_lock(&lun->lun_lock);
5590
5591	/*
5592	 * According to SPC, it is not an error for an intiator to attempt
5593	 * to release a reservation on a LUN that isn't reserved, or that
5594	 * is reserved by another initiator.  The reservation can only be
5595	 * released, though, by the initiator who made it or by one of
5596	 * several reset type events.
5597	 */
5598	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5599			lun->flags &= ~CTL_LUN_RESERVED;
5600
5601	mtx_unlock(&lun->lun_lock);
5602
5603	ctsio->scsi_status = SCSI_STATUS_OK;
5604	ctsio->io_hdr.status = CTL_SUCCESS;
5605
5606	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5607		free(ctsio->kern_data_ptr, M_CTL);
5608		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5609	}
5610
5611	ctl_done((union ctl_io *)ctsio);
5612	return (CTL_RETVAL_COMPLETE);
5613}
5614
5615int
5616ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5617{
5618	int extent, thirdparty, longid;
5619	int resv_id, length;
5620	uint64_t thirdparty_id;
5621	struct ctl_softc *ctl_softc;
5622	struct ctl_lun *lun;
5623	uint32_t residx;
5624
5625	extent = 0;
5626	thirdparty = 0;
5627	longid = 0;
5628	resv_id = 0;
5629	length = 0;
5630	thirdparty_id = 0;
5631
5632	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5633
5634	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5635	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5636	ctl_softc = control_softc;
5637
5638	switch (ctsio->cdb[0]) {
5639	case RESERVE_10: {
5640		struct scsi_reserve_10 *cdb;
5641
5642		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5643
5644		if (cdb->byte2 & SR10_LONGID)
5645			longid = 1;
5646		else
5647			thirdparty_id = cdb->thirdparty_id;
5648
5649		resv_id = cdb->resv_id;
5650		length = scsi_2btoul(cdb->length);
5651		break;
5652	}
5653	}
5654
5655	/*
5656	 * XXX KDM right now, we only support LUN reservation.  We don't
5657	 * support 3rd party reservations, or extent reservations, which
5658	 * might actually need the parameter list.  If we've gotten this
5659	 * far, we've got a LUN reservation.  Anything else got kicked out
5660	 * above.  So, according to SPC, ignore the length.
5661	 */
5662	length = 0;
5663
5664	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5665	 && (length > 0)) {
5666		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5667		ctsio->kern_data_len = length;
5668		ctsio->kern_total_len = length;
5669		ctsio->kern_data_resid = 0;
5670		ctsio->kern_rel_offset = 0;
5671		ctsio->kern_sg_entries = 0;
5672		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5673		ctsio->be_move_done = ctl_config_move_done;
5674		ctl_datamove((union ctl_io *)ctsio);
5675
5676		return (CTL_RETVAL_COMPLETE);
5677	}
5678
5679	if (length > 0)
5680		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5681
5682	mtx_lock(&lun->lun_lock);
5683	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5684		ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
5685		ctsio->io_hdr.status = CTL_SCSI_ERROR;
5686		goto bailout;
5687	}
5688
5689	lun->flags |= CTL_LUN_RESERVED;
5690	lun->res_idx = residx;
5691
5692	ctsio->scsi_status = SCSI_STATUS_OK;
5693	ctsio->io_hdr.status = CTL_SUCCESS;
5694
5695bailout:
5696	mtx_unlock(&lun->lun_lock);
5697
5698	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5699		free(ctsio->kern_data_ptr, M_CTL);
5700		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5701	}
5702
5703	ctl_done((union ctl_io *)ctsio);
5704	return (CTL_RETVAL_COMPLETE);
5705}
5706
5707int
5708ctl_start_stop(struct ctl_scsiio *ctsio)
5709{
5710	struct scsi_start_stop_unit *cdb;
5711	struct ctl_lun *lun;
5712	struct ctl_softc *ctl_softc;
5713	int retval;
5714
5715	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5716
5717	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5718	ctl_softc = control_softc;
5719	retval = 0;
5720
5721	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5722
5723	/*
5724	 * XXX KDM
5725	 * We don't support the immediate bit on a stop unit.  In order to
5726	 * do that, we would need to code up a way to know that a stop is
5727	 * pending, and hold off any new commands until it completes, one
5728	 * way or another.  Then we could accept or reject those commands
5729	 * depending on its status.  We would almost need to do the reverse
5730	 * of what we do below for an immediate start -- return the copy of
5731	 * the ctl_io to the FETD with status to send to the host (and to
5732	 * free the copy!) and then free the original I/O once the stop
5733	 * actually completes.  That way, the OOA queue mechanism can work
5734	 * to block commands that shouldn't proceed.  Another alternative
5735	 * would be to put the copy in the queue in place of the original,
5736	 * and return the original back to the caller.  That could be
5737	 * slightly safer..
5738	 */
5739	if ((cdb->byte2 & SSS_IMMED)
5740	 && ((cdb->how & SSS_START) == 0)) {
5741		ctl_set_invalid_field(ctsio,
5742				      /*sks_valid*/ 1,
5743				      /*command*/ 1,
5744				      /*field*/ 1,
5745				      /*bit_valid*/ 1,
5746				      /*bit*/ 0);
5747		ctl_done((union ctl_io *)ctsio);
5748		return (CTL_RETVAL_COMPLETE);
5749	}
5750
5751	if ((lun->flags & CTL_LUN_PR_RESERVED)
5752	 && ((cdb->how & SSS_START)==0)) {
5753		uint32_t residx;
5754
5755		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5756		if (lun->pr_keys[residx] == 0
5757		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5758
5759			ctl_set_reservation_conflict(ctsio);
5760			ctl_done((union ctl_io *)ctsio);
5761			return (CTL_RETVAL_COMPLETE);
5762		}
5763	}
5764
5765	/*
5766	 * If there is no backend on this device, we can't start or stop
5767	 * it.  In theory we shouldn't get any start/stop commands in the
5768	 * first place at this level if the LUN doesn't have a backend.
5769	 * That should get stopped by the command decode code.
5770	 */
5771	if (lun->backend == NULL) {
5772		ctl_set_invalid_opcode(ctsio);
5773		ctl_done((union ctl_io *)ctsio);
5774		return (CTL_RETVAL_COMPLETE);
5775	}
5776
5777	/*
5778	 * XXX KDM Copan-specific offline behavior.
5779	 * Figure out a reasonable way to port this?
5780	 */
5781#ifdef NEEDTOPORT
5782	mtx_lock(&lun->lun_lock);
5783
5784	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5785	 && (lun->flags & CTL_LUN_OFFLINE)) {
5786		/*
5787		 * If the LUN is offline, and the on/offline bit isn't set,
5788		 * reject the start or stop.  Otherwise, let it through.
5789		 */
5790		mtx_unlock(&lun->lun_lock);
5791		ctl_set_lun_not_ready(ctsio);
5792		ctl_done((union ctl_io *)ctsio);
5793	} else {
5794		mtx_unlock(&lun->lun_lock);
5795#endif /* NEEDTOPORT */
5796		/*
5797		 * This could be a start or a stop when we're online,
5798		 * or a stop/offline or start/online.  A start or stop when
5799		 * we're offline is covered in the case above.
5800		 */
5801		/*
5802		 * In the non-immediate case, we send the request to
5803		 * the backend and return status to the user when
5804		 * it is done.
5805		 *
5806		 * In the immediate case, we allocate a new ctl_io
5807		 * to hold a copy of the request, and send that to
5808		 * the backend.  We then set good status on the
5809		 * user's request and return it immediately.
5810		 */
5811		if (cdb->byte2 & SSS_IMMED) {
5812			union ctl_io *new_io;
5813
5814			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5815			if (new_io == NULL) {
5816				ctl_set_busy(ctsio);
5817				ctl_done((union ctl_io *)ctsio);
5818			} else {
5819				ctl_copy_io((union ctl_io *)ctsio,
5820					    new_io);
5821				retval = lun->backend->config_write(new_io);
5822				ctl_set_success(ctsio);
5823				ctl_done((union ctl_io *)ctsio);
5824			}
5825		} else {
5826			retval = lun->backend->config_write(
5827				(union ctl_io *)ctsio);
5828		}
5829#ifdef NEEDTOPORT
5830	}
5831#endif
5832	return (retval);
5833}
5834
5835/*
5836 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5837 * we don't really do anything with the LBA and length fields if the user
5838 * passes them in.  Instead we'll just flush out the cache for the entire
5839 * LUN.
5840 */
5841int
5842ctl_sync_cache(struct ctl_scsiio *ctsio)
5843{
5844	struct ctl_lun *lun;
5845	struct ctl_softc *ctl_softc;
5846	uint64_t starting_lba;
5847	uint32_t block_count;
5848	int retval;
5849
5850	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5851
5852	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5853	ctl_softc = control_softc;
5854	retval = 0;
5855
5856	switch (ctsio->cdb[0]) {
5857	case SYNCHRONIZE_CACHE: {
5858		struct scsi_sync_cache *cdb;
5859		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5860
5861		starting_lba = scsi_4btoul(cdb->begin_lba);
5862		block_count = scsi_2btoul(cdb->lb_count);
5863		break;
5864	}
5865	case SYNCHRONIZE_CACHE_16: {
5866		struct scsi_sync_cache_16 *cdb;
5867		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5868
5869		starting_lba = scsi_8btou64(cdb->begin_lba);
5870		block_count = scsi_4btoul(cdb->lb_count);
5871		break;
5872	}
5873	default:
5874		ctl_set_invalid_opcode(ctsio);
5875		ctl_done((union ctl_io *)ctsio);
5876		goto bailout;
5877		break; /* NOTREACHED */
5878	}
5879
5880	/*
5881	 * We check the LBA and length, but don't do anything with them.
5882	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5883	 * get flushed.  This check will just help satisfy anyone who wants
5884	 * to see an error for an out of range LBA.
5885	 */
5886	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5887		ctl_set_lba_out_of_range(ctsio);
5888		ctl_done((union ctl_io *)ctsio);
5889		goto bailout;
5890	}
5891
5892	/*
5893	 * If this LUN has no backend, we can't flush the cache anyway.
5894	 */
5895	if (lun->backend == NULL) {
5896		ctl_set_invalid_opcode(ctsio);
5897		ctl_done((union ctl_io *)ctsio);
5898		goto bailout;
5899	}
5900
5901	/*
5902	 * Check to see whether we're configured to send the SYNCHRONIZE
5903	 * CACHE command directly to the back end.
5904	 */
5905	mtx_lock(&lun->lun_lock);
5906	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5907	 && (++(lun->sync_count) >= lun->sync_interval)) {
5908		lun->sync_count = 0;
5909		mtx_unlock(&lun->lun_lock);
5910		retval = lun->backend->config_write((union ctl_io *)ctsio);
5911	} else {
5912		mtx_unlock(&lun->lun_lock);
5913		ctl_set_success(ctsio);
5914		ctl_done((union ctl_io *)ctsio);
5915	}
5916
5917bailout:
5918
5919	return (retval);
5920}
5921
5922int
5923ctl_format(struct ctl_scsiio *ctsio)
5924{
5925	struct scsi_format *cdb;
5926	struct ctl_lun *lun;
5927	struct ctl_softc *ctl_softc;
5928	int length, defect_list_len;
5929
5930	CTL_DEBUG_PRINT(("ctl_format\n"));
5931
5932	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5933	ctl_softc = control_softc;
5934
5935	cdb = (struct scsi_format *)ctsio->cdb;
5936
5937	length = 0;
5938	if (cdb->byte2 & SF_FMTDATA) {
5939		if (cdb->byte2 & SF_LONGLIST)
5940			length = sizeof(struct scsi_format_header_long);
5941		else
5942			length = sizeof(struct scsi_format_header_short);
5943	}
5944
5945	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5946	 && (length > 0)) {
5947		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5948		ctsio->kern_data_len = length;
5949		ctsio->kern_total_len = length;
5950		ctsio->kern_data_resid = 0;
5951		ctsio->kern_rel_offset = 0;
5952		ctsio->kern_sg_entries = 0;
5953		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5954		ctsio->be_move_done = ctl_config_move_done;
5955		ctl_datamove((union ctl_io *)ctsio);
5956
5957		return (CTL_RETVAL_COMPLETE);
5958	}
5959
5960	defect_list_len = 0;
5961
5962	if (cdb->byte2 & SF_FMTDATA) {
5963		if (cdb->byte2 & SF_LONGLIST) {
5964			struct scsi_format_header_long *header;
5965
5966			header = (struct scsi_format_header_long *)
5967				ctsio->kern_data_ptr;
5968
5969			defect_list_len = scsi_4btoul(header->defect_list_len);
5970			if (defect_list_len != 0) {
5971				ctl_set_invalid_field(ctsio,
5972						      /*sks_valid*/ 1,
5973						      /*command*/ 0,
5974						      /*field*/ 2,
5975						      /*bit_valid*/ 0,
5976						      /*bit*/ 0);
5977				goto bailout;
5978			}
5979		} else {
5980			struct scsi_format_header_short *header;
5981
5982			header = (struct scsi_format_header_short *)
5983				ctsio->kern_data_ptr;
5984
5985			defect_list_len = scsi_2btoul(header->defect_list_len);
5986			if (defect_list_len != 0) {
5987				ctl_set_invalid_field(ctsio,
5988						      /*sks_valid*/ 1,
5989						      /*command*/ 0,
5990						      /*field*/ 2,
5991						      /*bit_valid*/ 0,
5992						      /*bit*/ 0);
5993				goto bailout;
5994			}
5995		}
5996	}
5997
5998	/*
5999	 * The format command will clear out the "Medium format corrupted"
6000	 * status if set by the configuration code.  That status is really
6001	 * just a way to notify the host that we have lost the media, and
6002	 * get them to issue a command that will basically make them think
6003	 * they're blowing away the media.
6004	 */
6005	mtx_lock(&lun->lun_lock);
6006	lun->flags &= ~CTL_LUN_INOPERABLE;
6007	mtx_unlock(&lun->lun_lock);
6008
6009	ctsio->scsi_status = SCSI_STATUS_OK;
6010	ctsio->io_hdr.status = CTL_SUCCESS;
6011bailout:
6012
6013	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
6014		free(ctsio->kern_data_ptr, M_CTL);
6015		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
6016	}
6017
6018	ctl_done((union ctl_io *)ctsio);
6019	return (CTL_RETVAL_COMPLETE);
6020}
6021
6022int
6023ctl_read_buffer(struct ctl_scsiio *ctsio)
6024{
6025	struct scsi_read_buffer *cdb;
6026	struct ctl_lun *lun;
6027	int buffer_offset, len;
6028	static uint8_t descr[4];
6029	static uint8_t echo_descr[4] = { 0 };
6030
6031	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
6032
6033	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6034	cdb = (struct scsi_read_buffer *)ctsio->cdb;
6035
6036	if (lun->flags & CTL_LUN_PR_RESERVED) {
6037		uint32_t residx;
6038
6039		/*
6040		 * XXX KDM need a lock here.
6041		 */
6042		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
6043		if ((lun->res_type == SPR_TYPE_EX_AC
6044		  && residx != lun->pr_res_idx)
6045		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
6046		   || lun->res_type == SPR_TYPE_EX_AC_AR)
6047		  && lun->pr_keys[residx] == 0)) {
6048			ctl_set_reservation_conflict(ctsio);
6049			ctl_done((union ctl_io *)ctsio);
6050			return (CTL_RETVAL_COMPLETE);
6051	        }
6052	}
6053
6054	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
6055	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
6056	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
6057		ctl_set_invalid_field(ctsio,
6058				      /*sks_valid*/ 1,
6059				      /*command*/ 1,
6060				      /*field*/ 1,
6061				      /*bit_valid*/ 1,
6062				      /*bit*/ 4);
6063		ctl_done((union ctl_io *)ctsio);
6064		return (CTL_RETVAL_COMPLETE);
6065	}
6066
6067	len = scsi_3btoul(cdb->length);
6068	buffer_offset = scsi_3btoul(cdb->offset);
6069
6070	if (buffer_offset + len > sizeof(lun->write_buffer)) {
6071		ctl_set_invalid_field(ctsio,
6072				      /*sks_valid*/ 1,
6073				      /*command*/ 1,
6074				      /*field*/ 6,
6075				      /*bit_valid*/ 0,
6076				      /*bit*/ 0);
6077		ctl_done((union ctl_io *)ctsio);
6078		return (CTL_RETVAL_COMPLETE);
6079	}
6080
6081	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
6082		descr[0] = 0;
6083		scsi_ulto3b(sizeof(lun->write_buffer), &descr[1]);
6084		ctsio->kern_data_ptr = descr;
6085		len = min(len, sizeof(descr));
6086	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
6087		ctsio->kern_data_ptr = echo_descr;
6088		len = min(len, sizeof(echo_descr));
6089	} else
6090		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
6091	ctsio->kern_data_len = len;
6092	ctsio->kern_total_len = len;
6093	ctsio->kern_data_resid = 0;
6094	ctsio->kern_rel_offset = 0;
6095	ctsio->kern_sg_entries = 0;
6096	ctsio->be_move_done = ctl_config_move_done;
6097	ctl_datamove((union ctl_io *)ctsio);
6098
6099	return (CTL_RETVAL_COMPLETE);
6100}
6101
6102int
6103ctl_write_buffer(struct ctl_scsiio *ctsio)
6104{
6105	struct scsi_write_buffer *cdb;
6106	struct ctl_lun *lun;
6107	int buffer_offset, len;
6108
6109	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
6110
6111	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6112	cdb = (struct scsi_write_buffer *)ctsio->cdb;
6113
6114	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
6115		ctl_set_invalid_field(ctsio,
6116				      /*sks_valid*/ 1,
6117				      /*command*/ 1,
6118				      /*field*/ 1,
6119				      /*bit_valid*/ 1,
6120				      /*bit*/ 4);
6121		ctl_done((union ctl_io *)ctsio);
6122		return (CTL_RETVAL_COMPLETE);
6123	}
6124
6125	len = scsi_3btoul(cdb->length);
6126	buffer_offset = scsi_3btoul(cdb->offset);
6127
6128	if (buffer_offset + len > sizeof(lun->write_buffer)) {
6129		ctl_set_invalid_field(ctsio,
6130				      /*sks_valid*/ 1,
6131				      /*command*/ 1,
6132				      /*field*/ 6,
6133				      /*bit_valid*/ 0,
6134				      /*bit*/ 0);
6135		ctl_done((union ctl_io *)ctsio);
6136		return (CTL_RETVAL_COMPLETE);
6137	}
6138
6139	/*
6140	 * If we've got a kernel request that hasn't been malloced yet,
6141	 * malloc it and tell the caller the data buffer is here.
6142	 */
6143	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6144		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
6145		ctsio->kern_data_len = len;
6146		ctsio->kern_total_len = len;
6147		ctsio->kern_data_resid = 0;
6148		ctsio->kern_rel_offset = 0;
6149		ctsio->kern_sg_entries = 0;
6150		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6151		ctsio->be_move_done = ctl_config_move_done;
6152		ctl_datamove((union ctl_io *)ctsio);
6153
6154		return (CTL_RETVAL_COMPLETE);
6155	}
6156
6157	ctl_done((union ctl_io *)ctsio);
6158
6159	return (CTL_RETVAL_COMPLETE);
6160}
6161
6162int
6163ctl_write_same(struct ctl_scsiio *ctsio)
6164{
6165	struct ctl_lun *lun;
6166	struct ctl_lba_len_flags *lbalen;
6167	uint64_t lba;
6168	uint32_t num_blocks;
6169	int len, retval;
6170	uint8_t byte2;
6171
6172	retval = CTL_RETVAL_COMPLETE;
6173
6174	CTL_DEBUG_PRINT(("ctl_write_same\n"));
6175
6176	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6177
6178	switch (ctsio->cdb[0]) {
6179	case WRITE_SAME_10: {
6180		struct scsi_write_same_10 *cdb;
6181
6182		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
6183
6184		lba = scsi_4btoul(cdb->addr);
6185		num_blocks = scsi_2btoul(cdb->length);
6186		byte2 = cdb->byte2;
6187		break;
6188	}
6189	case WRITE_SAME_16: {
6190		struct scsi_write_same_16 *cdb;
6191
6192		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
6193
6194		lba = scsi_8btou64(cdb->addr);
6195		num_blocks = scsi_4btoul(cdb->length);
6196		byte2 = cdb->byte2;
6197		break;
6198	}
6199	default:
6200		/*
6201		 * We got a command we don't support.  This shouldn't
6202		 * happen, commands should be filtered out above us.
6203		 */
6204		ctl_set_invalid_opcode(ctsio);
6205		ctl_done((union ctl_io *)ctsio);
6206
6207		return (CTL_RETVAL_COMPLETE);
6208		break; /* NOTREACHED */
6209	}
6210
6211	/* NDOB and ANCHOR flags can be used only together with UNMAP */
6212	if ((byte2 & SWS_UNMAP) == 0 &&
6213	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
6214		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
6215		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
6216		ctl_done((union ctl_io *)ctsio);
6217		return (CTL_RETVAL_COMPLETE);
6218	}
6219
6220	/*
6221	 * The first check is to make sure we're in bounds, the second
6222	 * check is to catch wrap-around problems.  If the lba + num blocks
6223	 * is less than the lba, then we've wrapped around and the block
6224	 * range is invalid anyway.
6225	 */
6226	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6227	 || ((lba + num_blocks) < lba)) {
6228		ctl_set_lba_out_of_range(ctsio);
6229		ctl_done((union ctl_io *)ctsio);
6230		return (CTL_RETVAL_COMPLETE);
6231	}
6232
6233	/* Zero number of blocks means "to the last logical block" */
6234	if (num_blocks == 0) {
6235		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
6236			ctl_set_invalid_field(ctsio,
6237					      /*sks_valid*/ 0,
6238					      /*command*/ 1,
6239					      /*field*/ 0,
6240					      /*bit_valid*/ 0,
6241					      /*bit*/ 0);
6242			ctl_done((union ctl_io *)ctsio);
6243			return (CTL_RETVAL_COMPLETE);
6244		}
6245		num_blocks = (lun->be_lun->maxlba + 1) - lba;
6246	}
6247
6248	len = lun->be_lun->blocksize;
6249
6250	/*
6251	 * If we've got a kernel request that hasn't been malloced yet,
6252	 * malloc it and tell the caller the data buffer is here.
6253	 */
6254	if ((byte2 & SWS_NDOB) == 0 &&
6255	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6256		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
6257		ctsio->kern_data_len = len;
6258		ctsio->kern_total_len = len;
6259		ctsio->kern_data_resid = 0;
6260		ctsio->kern_rel_offset = 0;
6261		ctsio->kern_sg_entries = 0;
6262		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6263		ctsio->be_move_done = ctl_config_move_done;
6264		ctl_datamove((union ctl_io *)ctsio);
6265
6266		return (CTL_RETVAL_COMPLETE);
6267	}
6268
6269	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6270	lbalen->lba = lba;
6271	lbalen->len = num_blocks;
6272	lbalen->flags = byte2;
6273	retval = lun->backend->config_write((union ctl_io *)ctsio);
6274
6275	return (retval);
6276}
6277
6278int
6279ctl_unmap(struct ctl_scsiio *ctsio)
6280{
6281	struct ctl_lun *lun;
6282	struct scsi_unmap *cdb;
6283	struct ctl_ptr_len_flags *ptrlen;
6284	struct scsi_unmap_header *hdr;
6285	struct scsi_unmap_desc *buf, *end, *endnz, *range;
6286	uint64_t lba;
6287	uint32_t num_blocks;
6288	int len, retval;
6289	uint8_t byte2;
6290
6291	retval = CTL_RETVAL_COMPLETE;
6292
6293	CTL_DEBUG_PRINT(("ctl_unmap\n"));
6294
6295	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6296	cdb = (struct scsi_unmap *)ctsio->cdb;
6297
6298	len = scsi_2btoul(cdb->length);
6299	byte2 = cdb->byte2;
6300
6301	/*
6302	 * If we've got a kernel request that hasn't been malloced yet,
6303	 * malloc it and tell the caller the data buffer is here.
6304	 */
6305	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6306		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
6307		ctsio->kern_data_len = len;
6308		ctsio->kern_total_len = len;
6309		ctsio->kern_data_resid = 0;
6310		ctsio->kern_rel_offset = 0;
6311		ctsio->kern_sg_entries = 0;
6312		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6313		ctsio->be_move_done = ctl_config_move_done;
6314		ctl_datamove((union ctl_io *)ctsio);
6315
6316		return (CTL_RETVAL_COMPLETE);
6317	}
6318
6319	len = ctsio->kern_total_len - ctsio->kern_data_resid;
6320	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
6321	if (len < sizeof (*hdr) ||
6322	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
6323	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
6324	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
6325		ctl_set_invalid_field(ctsio,
6326				      /*sks_valid*/ 0,
6327				      /*command*/ 0,
6328				      /*field*/ 0,
6329				      /*bit_valid*/ 0,
6330				      /*bit*/ 0);
6331		ctl_done((union ctl_io *)ctsio);
6332		return (CTL_RETVAL_COMPLETE);
6333	}
6334	len = scsi_2btoul(hdr->desc_length);
6335	buf = (struct scsi_unmap_desc *)(hdr + 1);
6336	end = buf + len / sizeof(*buf);
6337
6338	endnz = buf;
6339	for (range = buf; range < end; range++) {
6340		lba = scsi_8btou64(range->lba);
6341		num_blocks = scsi_4btoul(range->length);
6342		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6343		 || ((lba + num_blocks) < lba)) {
6344			ctl_set_lba_out_of_range(ctsio);
6345			ctl_done((union ctl_io *)ctsio);
6346			return (CTL_RETVAL_COMPLETE);
6347		}
6348		if (num_blocks != 0)
6349			endnz = range + 1;
6350	}
6351
6352	/*
6353	 * Block backend can not handle zero last range.
6354	 * Filter it out and return if there is nothing left.
6355	 */
6356	len = (uint8_t *)endnz - (uint8_t *)buf;
6357	if (len == 0) {
6358		ctl_set_success(ctsio);
6359		ctl_done((union ctl_io *)ctsio);
6360		return (CTL_RETVAL_COMPLETE);
6361	}
6362
6363	mtx_lock(&lun->lun_lock);
6364	ptrlen = (struct ctl_ptr_len_flags *)
6365	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6366	ptrlen->ptr = (void *)buf;
6367	ptrlen->len = len;
6368	ptrlen->flags = byte2;
6369	ctl_check_blocked(lun);
6370	mtx_unlock(&lun->lun_lock);
6371
6372	retval = lun->backend->config_write((union ctl_io *)ctsio);
6373	return (retval);
6374}
6375
6376/*
6377 * Note that this function currently doesn't actually do anything inside
6378 * CTL to enforce things if the DQue bit is turned on.
6379 *
6380 * Also note that this function can't be used in the default case, because
6381 * the DQue bit isn't set in the changeable mask for the control mode page
6382 * anyway.  This is just here as an example for how to implement a page
6383 * handler, and a placeholder in case we want to allow the user to turn
6384 * tagged queueing on and off.
6385 *
6386 * The D_SENSE bit handling is functional, however, and will turn
6387 * descriptor sense on and off for a given LUN.
6388 */
6389int
6390ctl_control_page_handler(struct ctl_scsiio *ctsio,
6391			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6392{
6393	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6394	struct ctl_lun *lun;
6395	struct ctl_softc *softc;
6396	int set_ua;
6397	uint32_t initidx;
6398
6399	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6400	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6401	set_ua = 0;
6402
6403	user_cp = (struct scsi_control_page *)page_ptr;
6404	current_cp = (struct scsi_control_page *)
6405		(page_index->page_data + (page_index->page_len *
6406		CTL_PAGE_CURRENT));
6407	saved_cp = (struct scsi_control_page *)
6408		(page_index->page_data + (page_index->page_len *
6409		CTL_PAGE_SAVED));
6410
6411	softc = control_softc;
6412
6413	mtx_lock(&lun->lun_lock);
6414	if (((current_cp->rlec & SCP_DSENSE) == 0)
6415	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6416		/*
6417		 * Descriptor sense is currently turned off and the user
6418		 * wants to turn it on.
6419		 */
6420		current_cp->rlec |= SCP_DSENSE;
6421		saved_cp->rlec |= SCP_DSENSE;
6422		lun->flags |= CTL_LUN_SENSE_DESC;
6423		set_ua = 1;
6424	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6425		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6426		/*
6427		 * Descriptor sense is currently turned on, and the user
6428		 * wants to turn it off.
6429		 */
6430		current_cp->rlec &= ~SCP_DSENSE;
6431		saved_cp->rlec &= ~SCP_DSENSE;
6432		lun->flags &= ~CTL_LUN_SENSE_DESC;
6433		set_ua = 1;
6434	}
6435	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6436	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6437		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6438		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6439		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6440		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6441		set_ua = 1;
6442	}
6443	if ((current_cp->eca_and_aen & SCP_SWP) !=
6444	    (user_cp->eca_and_aen & SCP_SWP)) {
6445		current_cp->eca_and_aen &= ~SCP_SWP;
6446		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6447		saved_cp->eca_and_aen &= ~SCP_SWP;
6448		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6449		set_ua = 1;
6450	}
6451	if (set_ua != 0) {
6452		int i;
6453		/*
6454		 * Let other initiators know that the mode
6455		 * parameters for this LUN have changed.
6456		 */
6457		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6458			if (i == initidx)
6459				continue;
6460
6461			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6462		}
6463	}
6464	mtx_unlock(&lun->lun_lock);
6465
6466	return (0);
6467}
6468
6469int
6470ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6471		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6472{
6473	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6474	struct ctl_lun *lun;
6475	int set_ua;
6476	uint32_t initidx;
6477
6478	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6479	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6480	set_ua = 0;
6481
6482	user_cp = (struct scsi_caching_page *)page_ptr;
6483	current_cp = (struct scsi_caching_page *)
6484		(page_index->page_data + (page_index->page_len *
6485		CTL_PAGE_CURRENT));
6486	saved_cp = (struct scsi_caching_page *)
6487		(page_index->page_data + (page_index->page_len *
6488		CTL_PAGE_SAVED));
6489
6490	mtx_lock(&lun->lun_lock);
6491	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6492	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6493		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6494		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6495		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6496		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6497		set_ua = 1;
6498	}
6499	if (set_ua != 0) {
6500		int i;
6501		/*
6502		 * Let other initiators know that the mode
6503		 * parameters for this LUN have changed.
6504		 */
6505		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6506			if (i == initidx)
6507				continue;
6508
6509			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6510		}
6511	}
6512	mtx_unlock(&lun->lun_lock);
6513
6514	return (0);
6515}
6516
6517int
6518ctl_power_sp_handler(struct ctl_scsiio *ctsio,
6519		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6520{
6521	return (0);
6522}
6523
6524int
6525ctl_power_sp_sense_handler(struct ctl_scsiio *ctsio,
6526			   struct ctl_page_index *page_index, int pc)
6527{
6528	struct copan_power_subpage *page;
6529
6530	page = (struct copan_power_subpage *)page_index->page_data +
6531		(page_index->page_len * pc);
6532
6533	switch (pc) {
6534	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6535		/*
6536		 * We don't update the changable bits for this page.
6537		 */
6538		break;
6539	case SMS_PAGE_CTRL_CURRENT >> 6:
6540	case SMS_PAGE_CTRL_DEFAULT >> 6:
6541	case SMS_PAGE_CTRL_SAVED >> 6:
6542#ifdef NEEDTOPORT
6543		ctl_update_power_subpage(page);
6544#endif
6545		break;
6546	default:
6547#ifdef NEEDTOPORT
6548		EPRINT(0, "Invalid PC %d!!", pc);
6549#endif
6550		break;
6551	}
6552	return (0);
6553}
6554
6555
6556int
6557ctl_aps_sp_handler(struct ctl_scsiio *ctsio,
6558		   struct ctl_page_index *page_index, uint8_t *page_ptr)
6559{
6560	struct copan_aps_subpage *user_sp;
6561	struct copan_aps_subpage *current_sp;
6562	union ctl_modepage_info *modepage_info;
6563	struct ctl_softc *softc;
6564	struct ctl_lun *lun;
6565	int retval;
6566
6567	retval = CTL_RETVAL_COMPLETE;
6568	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
6569		     (page_index->page_len * CTL_PAGE_CURRENT));
6570	softc = control_softc;
6571	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6572
6573	user_sp = (struct copan_aps_subpage *)page_ptr;
6574
6575	modepage_info = (union ctl_modepage_info *)
6576		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6577
6578	modepage_info->header.page_code = page_index->page_code & SMPH_PC_MASK;
6579	modepage_info->header.subpage = page_index->subpage;
6580	modepage_info->aps.lock_active = user_sp->lock_active;
6581
6582	mtx_lock(&softc->ctl_lock);
6583
6584	/*
6585	 * If there is a request to lock the LUN and another LUN is locked
6586	 * this is an error. If the requested LUN is already locked ignore
6587	 * the request. If no LUN is locked attempt to lock it.
6588	 * if there is a request to unlock the LUN and the LUN is currently
6589	 * locked attempt to unlock it. Otherwise ignore the request. i.e.
6590	 * if another LUN is locked or no LUN is locked.
6591	 */
6592	if (user_sp->lock_active & APS_LOCK_ACTIVE) {
6593		if (softc->aps_locked_lun == lun->lun) {
6594			/*
6595			 * This LUN is already locked, so we're done.
6596			 */
6597			retval = CTL_RETVAL_COMPLETE;
6598		} else if (softc->aps_locked_lun == 0) {
6599			/*
6600			 * No one has the lock, pass the request to the
6601			 * backend.
6602			 */
6603			retval = lun->backend->config_write(
6604				(union ctl_io *)ctsio);
6605		} else {
6606			/*
6607			 * Someone else has the lock, throw out the request.
6608			 */
6609			ctl_set_already_locked(ctsio);
6610			free(ctsio->kern_data_ptr, M_CTL);
6611			ctl_done((union ctl_io *)ctsio);
6612
6613			/*
6614			 * Set the return value so that ctl_do_mode_select()
6615			 * won't try to complete the command.  We already
6616			 * completed it here.
6617			 */
6618			retval = CTL_RETVAL_ERROR;
6619		}
6620	} else if (softc->aps_locked_lun == lun->lun) {
6621		/*
6622		 * This LUN is locked, so pass the unlock request to the
6623		 * backend.
6624		 */
6625		retval = lun->backend->config_write((union ctl_io *)ctsio);
6626	}
6627	mtx_unlock(&softc->ctl_lock);
6628
6629	return (retval);
6630}
6631
6632int
6633ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6634				struct ctl_page_index *page_index,
6635				uint8_t *page_ptr)
6636{
6637	uint8_t *c;
6638	int i;
6639
6640	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6641	ctl_time_io_secs =
6642		(c[0] << 8) |
6643		(c[1] << 0) |
6644		0;
6645	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6646	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6647	printf("page data:");
6648	for (i=0; i<8; i++)
6649		printf(" %.2x",page_ptr[i]);
6650	printf("\n");
6651	return (0);
6652}
6653
6654int
6655ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6656			       struct ctl_page_index *page_index,
6657			       int pc)
6658{
6659	struct copan_debugconf_subpage *page;
6660
6661	page = (struct copan_debugconf_subpage *)page_index->page_data +
6662		(page_index->page_len * pc);
6663
6664	switch (pc) {
6665	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6666	case SMS_PAGE_CTRL_DEFAULT >> 6:
6667	case SMS_PAGE_CTRL_SAVED >> 6:
6668		/*
6669		 * We don't update the changable or default bits for this page.
6670		 */
6671		break;
6672	case SMS_PAGE_CTRL_CURRENT >> 6:
6673		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6674		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6675		break;
6676	default:
6677#ifdef NEEDTOPORT
6678		EPRINT(0, "Invalid PC %d!!", pc);
6679#endif /* NEEDTOPORT */
6680		break;
6681	}
6682	return (0);
6683}
6684
6685
6686static int
6687ctl_do_mode_select(union ctl_io *io)
6688{
6689	struct scsi_mode_page_header *page_header;
6690	struct ctl_page_index *page_index;
6691	struct ctl_scsiio *ctsio;
6692	int control_dev, page_len;
6693	int page_len_offset, page_len_size;
6694	union ctl_modepage_info *modepage_info;
6695	struct ctl_lun *lun;
6696	int *len_left, *len_used;
6697	int retval, i;
6698
6699	ctsio = &io->scsiio;
6700	page_index = NULL;
6701	page_len = 0;
6702	retval = CTL_RETVAL_COMPLETE;
6703
6704	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6705
6706	if (lun->be_lun->lun_type != T_DIRECT)
6707		control_dev = 1;
6708	else
6709		control_dev = 0;
6710
6711	modepage_info = (union ctl_modepage_info *)
6712		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6713	len_left = &modepage_info->header.len_left;
6714	len_used = &modepage_info->header.len_used;
6715
6716do_next_page:
6717
6718	page_header = (struct scsi_mode_page_header *)
6719		(ctsio->kern_data_ptr + *len_used);
6720
6721	if (*len_left == 0) {
6722		free(ctsio->kern_data_ptr, M_CTL);
6723		ctl_set_success(ctsio);
6724		ctl_done((union ctl_io *)ctsio);
6725		return (CTL_RETVAL_COMPLETE);
6726	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6727
6728		free(ctsio->kern_data_ptr, M_CTL);
6729		ctl_set_param_len_error(ctsio);
6730		ctl_done((union ctl_io *)ctsio);
6731		return (CTL_RETVAL_COMPLETE);
6732
6733	} else if ((page_header->page_code & SMPH_SPF)
6734		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6735
6736		free(ctsio->kern_data_ptr, M_CTL);
6737		ctl_set_param_len_error(ctsio);
6738		ctl_done((union ctl_io *)ctsio);
6739		return (CTL_RETVAL_COMPLETE);
6740	}
6741
6742
6743	/*
6744	 * XXX KDM should we do something with the block descriptor?
6745	 */
6746	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6747
6748		if ((control_dev != 0)
6749		 && (lun->mode_pages.index[i].page_flags &
6750		     CTL_PAGE_FLAG_DISK_ONLY))
6751			continue;
6752
6753		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6754		    (page_header->page_code & SMPH_PC_MASK))
6755			continue;
6756
6757		/*
6758		 * If neither page has a subpage code, then we've got a
6759		 * match.
6760		 */
6761		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6762		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6763			page_index = &lun->mode_pages.index[i];
6764			page_len = page_header->page_length;
6765			break;
6766		}
6767
6768		/*
6769		 * If both pages have subpages, then the subpage numbers
6770		 * have to match.
6771		 */
6772		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6773		  && (page_header->page_code & SMPH_SPF)) {
6774			struct scsi_mode_page_header_sp *sph;
6775
6776			sph = (struct scsi_mode_page_header_sp *)page_header;
6777
6778			if (lun->mode_pages.index[i].subpage ==
6779			    sph->subpage) {
6780				page_index = &lun->mode_pages.index[i];
6781				page_len = scsi_2btoul(sph->page_length);
6782				break;
6783			}
6784		}
6785	}
6786
6787	/*
6788	 * If we couldn't find the page, or if we don't have a mode select
6789	 * handler for it, send back an error to the user.
6790	 */
6791	if ((page_index == NULL)
6792	 || (page_index->select_handler == NULL)) {
6793		ctl_set_invalid_field(ctsio,
6794				      /*sks_valid*/ 1,
6795				      /*command*/ 0,
6796				      /*field*/ *len_used,
6797				      /*bit_valid*/ 0,
6798				      /*bit*/ 0);
6799		free(ctsio->kern_data_ptr, M_CTL);
6800		ctl_done((union ctl_io *)ctsio);
6801		return (CTL_RETVAL_COMPLETE);
6802	}
6803
6804	if (page_index->page_code & SMPH_SPF) {
6805		page_len_offset = 2;
6806		page_len_size = 2;
6807	} else {
6808		page_len_size = 1;
6809		page_len_offset = 1;
6810	}
6811
6812	/*
6813	 * If the length the initiator gives us isn't the one we specify in
6814	 * the mode page header, or if they didn't specify enough data in
6815	 * the CDB to avoid truncating this page, kick out the request.
6816	 */
6817	if ((page_len != (page_index->page_len - page_len_offset -
6818			  page_len_size))
6819	 || (*len_left < page_index->page_len)) {
6820
6821
6822		ctl_set_invalid_field(ctsio,
6823				      /*sks_valid*/ 1,
6824				      /*command*/ 0,
6825				      /*field*/ *len_used + page_len_offset,
6826				      /*bit_valid*/ 0,
6827				      /*bit*/ 0);
6828		free(ctsio->kern_data_ptr, M_CTL);
6829		ctl_done((union ctl_io *)ctsio);
6830		return (CTL_RETVAL_COMPLETE);
6831	}
6832
6833	/*
6834	 * Run through the mode page, checking to make sure that the bits
6835	 * the user changed are actually legal for him to change.
6836	 */
6837	for (i = 0; i < page_index->page_len; i++) {
6838		uint8_t *user_byte, *change_mask, *current_byte;
6839		int bad_bit;
6840		int j;
6841
6842		user_byte = (uint8_t *)page_header + i;
6843		change_mask = page_index->page_data +
6844			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6845		current_byte = page_index->page_data +
6846			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6847
6848		/*
6849		 * Check to see whether the user set any bits in this byte
6850		 * that he is not allowed to set.
6851		 */
6852		if ((*user_byte & ~(*change_mask)) ==
6853		    (*current_byte & ~(*change_mask)))
6854			continue;
6855
6856		/*
6857		 * Go through bit by bit to determine which one is illegal.
6858		 */
6859		bad_bit = 0;
6860		for (j = 7; j >= 0; j--) {
6861			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6862			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6863				bad_bit = i;
6864				break;
6865			}
6866		}
6867		ctl_set_invalid_field(ctsio,
6868				      /*sks_valid*/ 1,
6869				      /*command*/ 0,
6870				      /*field*/ *len_used + i,
6871				      /*bit_valid*/ 1,
6872				      /*bit*/ bad_bit);
6873		free(ctsio->kern_data_ptr, M_CTL);
6874		ctl_done((union ctl_io *)ctsio);
6875		return (CTL_RETVAL_COMPLETE);
6876	}
6877
6878	/*
6879	 * Decrement these before we call the page handler, since we may
6880	 * end up getting called back one way or another before the handler
6881	 * returns to this context.
6882	 */
6883	*len_left -= page_index->page_len;
6884	*len_used += page_index->page_len;
6885
6886	retval = page_index->select_handler(ctsio, page_index,
6887					    (uint8_t *)page_header);
6888
6889	/*
6890	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6891	 * wait until this queued command completes to finish processing
6892	 * the mode page.  If it returns anything other than
6893	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6894	 * already set the sense information, freed the data pointer, and
6895	 * completed the io for us.
6896	 */
6897	if (retval != CTL_RETVAL_COMPLETE)
6898		goto bailout_no_done;
6899
6900	/*
6901	 * If the initiator sent us more than one page, parse the next one.
6902	 */
6903	if (*len_left > 0)
6904		goto do_next_page;
6905
6906	ctl_set_success(ctsio);
6907	free(ctsio->kern_data_ptr, M_CTL);
6908	ctl_done((union ctl_io *)ctsio);
6909
6910bailout_no_done:
6911
6912	return (CTL_RETVAL_COMPLETE);
6913
6914}
6915
6916int
6917ctl_mode_select(struct ctl_scsiio *ctsio)
6918{
6919	int param_len, pf, sp;
6920	int header_size, bd_len;
6921	int len_left, len_used;
6922	struct ctl_page_index *page_index;
6923	struct ctl_lun *lun;
6924	int control_dev, page_len;
6925	union ctl_modepage_info *modepage_info;
6926	int retval;
6927
6928	pf = 0;
6929	sp = 0;
6930	page_len = 0;
6931	len_used = 0;
6932	len_left = 0;
6933	retval = 0;
6934	bd_len = 0;
6935	page_index = NULL;
6936
6937	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6938
6939	if (lun->be_lun->lun_type != T_DIRECT)
6940		control_dev = 1;
6941	else
6942		control_dev = 0;
6943
6944	switch (ctsio->cdb[0]) {
6945	case MODE_SELECT_6: {
6946		struct scsi_mode_select_6 *cdb;
6947
6948		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6949
6950		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6951		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6952
6953		param_len = cdb->length;
6954		header_size = sizeof(struct scsi_mode_header_6);
6955		break;
6956	}
6957	case MODE_SELECT_10: {
6958		struct scsi_mode_select_10 *cdb;
6959
6960		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6961
6962		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6963		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6964
6965		param_len = scsi_2btoul(cdb->length);
6966		header_size = sizeof(struct scsi_mode_header_10);
6967		break;
6968	}
6969	default:
6970		ctl_set_invalid_opcode(ctsio);
6971		ctl_done((union ctl_io *)ctsio);
6972		return (CTL_RETVAL_COMPLETE);
6973		break; /* NOTREACHED */
6974	}
6975
6976	/*
6977	 * From SPC-3:
6978	 * "A parameter list length of zero indicates that the Data-Out Buffer
6979	 * shall be empty. This condition shall not be considered as an error."
6980	 */
6981	if (param_len == 0) {
6982		ctl_set_success(ctsio);
6983		ctl_done((union ctl_io *)ctsio);
6984		return (CTL_RETVAL_COMPLETE);
6985	}
6986
6987	/*
6988	 * Since we'll hit this the first time through, prior to
6989	 * allocation, we don't need to free a data buffer here.
6990	 */
6991	if (param_len < header_size) {
6992		ctl_set_param_len_error(ctsio);
6993		ctl_done((union ctl_io *)ctsio);
6994		return (CTL_RETVAL_COMPLETE);
6995	}
6996
6997	/*
6998	 * Allocate the data buffer and grab the user's data.  In theory,
6999	 * we shouldn't have to sanity check the parameter list length here
7000	 * because the maximum size is 64K.  We should be able to malloc
7001	 * that much without too many problems.
7002	 */
7003	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
7004		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
7005		ctsio->kern_data_len = param_len;
7006		ctsio->kern_total_len = param_len;
7007		ctsio->kern_data_resid = 0;
7008		ctsio->kern_rel_offset = 0;
7009		ctsio->kern_sg_entries = 0;
7010		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7011		ctsio->be_move_done = ctl_config_move_done;
7012		ctl_datamove((union ctl_io *)ctsio);
7013
7014		return (CTL_RETVAL_COMPLETE);
7015	}
7016
7017	switch (ctsio->cdb[0]) {
7018	case MODE_SELECT_6: {
7019		struct scsi_mode_header_6 *mh6;
7020
7021		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
7022		bd_len = mh6->blk_desc_len;
7023		break;
7024	}
7025	case MODE_SELECT_10: {
7026		struct scsi_mode_header_10 *mh10;
7027
7028		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
7029		bd_len = scsi_2btoul(mh10->blk_desc_len);
7030		break;
7031	}
7032	default:
7033		panic("Invalid CDB type %#x", ctsio->cdb[0]);
7034		break;
7035	}
7036
7037	if (param_len < (header_size + bd_len)) {
7038		free(ctsio->kern_data_ptr, M_CTL);
7039		ctl_set_param_len_error(ctsio);
7040		ctl_done((union ctl_io *)ctsio);
7041		return (CTL_RETVAL_COMPLETE);
7042	}
7043
7044	/*
7045	 * Set the IO_CONT flag, so that if this I/O gets passed to
7046	 * ctl_config_write_done(), it'll get passed back to
7047	 * ctl_do_mode_select() for further processing, or completion if
7048	 * we're all done.
7049	 */
7050	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
7051	ctsio->io_cont = ctl_do_mode_select;
7052
7053	modepage_info = (union ctl_modepage_info *)
7054		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
7055
7056	memset(modepage_info, 0, sizeof(*modepage_info));
7057
7058	len_left = param_len - header_size - bd_len;
7059	len_used = header_size + bd_len;
7060
7061	modepage_info->header.len_left = len_left;
7062	modepage_info->header.len_used = len_used;
7063
7064	return (ctl_do_mode_select((union ctl_io *)ctsio));
7065}
7066
7067int
7068ctl_mode_sense(struct ctl_scsiio *ctsio)
7069{
7070	struct ctl_lun *lun;
7071	int pc, page_code, dbd, llba, subpage;
7072	int alloc_len, page_len, header_len, total_len;
7073	struct scsi_mode_block_descr *block_desc;
7074	struct ctl_page_index *page_index;
7075	int control_dev;
7076
7077	dbd = 0;
7078	llba = 0;
7079	block_desc = NULL;
7080	page_index = NULL;
7081
7082	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
7083
7084	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7085
7086	if (lun->be_lun->lun_type != T_DIRECT)
7087		control_dev = 1;
7088	else
7089		control_dev = 0;
7090
7091	if (lun->flags & CTL_LUN_PR_RESERVED) {
7092		uint32_t residx;
7093
7094		/*
7095		 * XXX KDM need a lock here.
7096		 */
7097		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
7098		if ((lun->res_type == SPR_TYPE_EX_AC
7099		  && residx != lun->pr_res_idx)
7100		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
7101		   || lun->res_type == SPR_TYPE_EX_AC_AR)
7102		  && lun->pr_keys[residx] == 0)) {
7103			ctl_set_reservation_conflict(ctsio);
7104			ctl_done((union ctl_io *)ctsio);
7105			return (CTL_RETVAL_COMPLETE);
7106		}
7107	}
7108
7109	switch (ctsio->cdb[0]) {
7110	case MODE_SENSE_6: {
7111		struct scsi_mode_sense_6 *cdb;
7112
7113		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
7114
7115		header_len = sizeof(struct scsi_mode_hdr_6);
7116		if (cdb->byte2 & SMS_DBD)
7117			dbd = 1;
7118		else
7119			header_len += sizeof(struct scsi_mode_block_descr);
7120
7121		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
7122		page_code = cdb->page & SMS_PAGE_CODE;
7123		subpage = cdb->subpage;
7124		alloc_len = cdb->length;
7125		break;
7126	}
7127	case MODE_SENSE_10: {
7128		struct scsi_mode_sense_10 *cdb;
7129
7130		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
7131
7132		header_len = sizeof(struct scsi_mode_hdr_10);
7133
7134		if (cdb->byte2 & SMS_DBD)
7135			dbd = 1;
7136		else
7137			header_len += sizeof(struct scsi_mode_block_descr);
7138		if (cdb->byte2 & SMS10_LLBAA)
7139			llba = 1;
7140		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
7141		page_code = cdb->page & SMS_PAGE_CODE;
7142		subpage = cdb->subpage;
7143		alloc_len = scsi_2btoul(cdb->length);
7144		break;
7145	}
7146	default:
7147		ctl_set_invalid_opcode(ctsio);
7148		ctl_done((union ctl_io *)ctsio);
7149		return (CTL_RETVAL_COMPLETE);
7150		break; /* NOTREACHED */
7151	}
7152
7153	/*
7154	 * We have to make a first pass through to calculate the size of
7155	 * the pages that match the user's query.  Then we allocate enough
7156	 * memory to hold it, and actually copy the data into the buffer.
7157	 */
7158	switch (page_code) {
7159	case SMS_ALL_PAGES_PAGE: {
7160		int i;
7161
7162		page_len = 0;
7163
7164		/*
7165		 * At the moment, values other than 0 and 0xff here are
7166		 * reserved according to SPC-3.
7167		 */
7168		if ((subpage != SMS_SUBPAGE_PAGE_0)
7169		 && (subpage != SMS_SUBPAGE_ALL)) {
7170			ctl_set_invalid_field(ctsio,
7171					      /*sks_valid*/ 1,
7172					      /*command*/ 1,
7173					      /*field*/ 3,
7174					      /*bit_valid*/ 0,
7175					      /*bit*/ 0);
7176			ctl_done((union ctl_io *)ctsio);
7177			return (CTL_RETVAL_COMPLETE);
7178		}
7179
7180		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
7181			if ((control_dev != 0)
7182			 && (lun->mode_pages.index[i].page_flags &
7183			     CTL_PAGE_FLAG_DISK_ONLY))
7184				continue;
7185
7186			/*
7187			 * We don't use this subpage if the user didn't
7188			 * request all subpages.
7189			 */
7190			if ((lun->mode_pages.index[i].subpage != 0)
7191			 && (subpage == SMS_SUBPAGE_PAGE_0))
7192				continue;
7193
7194#if 0
7195			printf("found page %#x len %d\n",
7196			       lun->mode_pages.index[i].page_code &
7197			       SMPH_PC_MASK,
7198			       lun->mode_pages.index[i].page_len);
7199#endif
7200			page_len += lun->mode_pages.index[i].page_len;
7201		}
7202		break;
7203	}
7204	default: {
7205		int i;
7206
7207		page_len = 0;
7208
7209		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
7210			/* Look for the right page code */
7211			if ((lun->mode_pages.index[i].page_code &
7212			     SMPH_PC_MASK) != page_code)
7213				continue;
7214
7215			/* Look for the right subpage or the subpage wildcard*/
7216			if ((lun->mode_pages.index[i].subpage != subpage)
7217			 && (subpage != SMS_SUBPAGE_ALL))
7218				continue;
7219
7220			/* Make sure the page is supported for this dev type */
7221			if ((control_dev != 0)
7222			 && (lun->mode_pages.index[i].page_flags &
7223			     CTL_PAGE_FLAG_DISK_ONLY))
7224				continue;
7225
7226#if 0
7227			printf("found page %#x len %d\n",
7228			       lun->mode_pages.index[i].page_code &
7229			       SMPH_PC_MASK,
7230			       lun->mode_pages.index[i].page_len);
7231#endif
7232
7233			page_len += lun->mode_pages.index[i].page_len;
7234		}
7235
7236		if (page_len == 0) {
7237			ctl_set_invalid_field(ctsio,
7238					      /*sks_valid*/ 1,
7239					      /*command*/ 1,
7240					      /*field*/ 2,
7241					      /*bit_valid*/ 1,
7242					      /*bit*/ 5);
7243			ctl_done((union ctl_io *)ctsio);
7244			return (CTL_RETVAL_COMPLETE);
7245		}
7246		break;
7247	}
7248	}
7249
7250	total_len = header_len + page_len;
7251#if 0
7252	printf("header_len = %d, page_len = %d, total_len = %d\n",
7253	       header_len, page_len, total_len);
7254#endif
7255
7256	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7257	ctsio->kern_sg_entries = 0;
7258	ctsio->kern_data_resid = 0;
7259	ctsio->kern_rel_offset = 0;
7260	if (total_len < alloc_len) {
7261		ctsio->residual = alloc_len - total_len;
7262		ctsio->kern_data_len = total_len;
7263		ctsio->kern_total_len = total_len;
7264	} else {
7265		ctsio->residual = 0;
7266		ctsio->kern_data_len = alloc_len;
7267		ctsio->kern_total_len = alloc_len;
7268	}
7269
7270	switch (ctsio->cdb[0]) {
7271	case MODE_SENSE_6: {
7272		struct scsi_mode_hdr_6 *header;
7273
7274		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
7275
7276		header->datalen = ctl_min(total_len - 1, 254);
7277		if (control_dev == 0) {
7278			header->dev_specific = 0x10; /* DPOFUA */
7279			if ((lun->flags & CTL_LUN_READONLY) ||
7280			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
7281			    .eca_and_aen & SCP_SWP) != 0)
7282				    header->dev_specific |= 0x80; /* WP */
7283		}
7284		if (dbd)
7285			header->block_descr_len = 0;
7286		else
7287			header->block_descr_len =
7288				sizeof(struct scsi_mode_block_descr);
7289		block_desc = (struct scsi_mode_block_descr *)&header[1];
7290		break;
7291	}
7292	case MODE_SENSE_10: {
7293		struct scsi_mode_hdr_10 *header;
7294		int datalen;
7295
7296		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
7297
7298		datalen = ctl_min(total_len - 2, 65533);
7299		scsi_ulto2b(datalen, header->datalen);
7300		if (control_dev == 0) {
7301			header->dev_specific = 0x10; /* DPOFUA */
7302			if ((lun->flags & CTL_LUN_READONLY) ||
7303			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
7304			    .eca_and_aen & SCP_SWP) != 0)
7305				    header->dev_specific |= 0x80; /* WP */
7306		}
7307		if (dbd)
7308			scsi_ulto2b(0, header->block_descr_len);
7309		else
7310			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
7311				    header->block_descr_len);
7312		block_desc = (struct scsi_mode_block_descr *)&header[1];
7313		break;
7314	}
7315	default:
7316		panic("invalid CDB type %#x", ctsio->cdb[0]);
7317		break; /* NOTREACHED */
7318	}
7319
7320	/*
7321	 * If we've got a disk, use its blocksize in the block
7322	 * descriptor.  Otherwise, just set it to 0.
7323	 */
7324	if (dbd == 0) {
7325		if (control_dev == 0)
7326			scsi_ulto3b(lun->be_lun->blocksize,
7327				    block_desc->block_len);
7328		else
7329			scsi_ulto3b(0, block_desc->block_len);
7330	}
7331
7332	switch (page_code) {
7333	case SMS_ALL_PAGES_PAGE: {
7334		int i, data_used;
7335
7336		data_used = header_len;
7337		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
7338			struct ctl_page_index *page_index;
7339
7340			page_index = &lun->mode_pages.index[i];
7341
7342			if ((control_dev != 0)
7343			 && (page_index->page_flags &
7344			    CTL_PAGE_FLAG_DISK_ONLY))
7345				continue;
7346
7347			/*
7348			 * We don't use this subpage if the user didn't
7349			 * request all subpages.  We already checked (above)
7350			 * to make sure the user only specified a subpage
7351			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
7352			 */
7353			if ((page_index->subpage != 0)
7354			 && (subpage == SMS_SUBPAGE_PAGE_0))
7355				continue;
7356
7357			/*
7358			 * Call the handler, if it exists, to update the
7359			 * page to the latest values.
7360			 */
7361			if (page_index->sense_handler != NULL)
7362				page_index->sense_handler(ctsio, page_index,pc);
7363
7364			memcpy(ctsio->kern_data_ptr + data_used,
7365			       page_index->page_data +
7366			       (page_index->page_len * pc),
7367			       page_index->page_len);
7368			data_used += page_index->page_len;
7369		}
7370		break;
7371	}
7372	default: {
7373		int i, data_used;
7374
7375		data_used = header_len;
7376
7377		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
7378			struct ctl_page_index *page_index;
7379
7380			page_index = &lun->mode_pages.index[i];
7381
7382			/* Look for the right page code */
7383			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
7384				continue;
7385
7386			/* Look for the right subpage or the subpage wildcard*/
7387			if ((page_index->subpage != subpage)
7388			 && (subpage != SMS_SUBPAGE_ALL))
7389				continue;
7390
7391			/* Make sure the page is supported for this dev type */
7392			if ((control_dev != 0)
7393			 && (page_index->page_flags &
7394			     CTL_PAGE_FLAG_DISK_ONLY))
7395				continue;
7396
7397			/*
7398			 * Call the handler, if it exists, to update the
7399			 * page to the latest values.
7400			 */
7401			if (page_index->sense_handler != NULL)
7402				page_index->sense_handler(ctsio, page_index,pc);
7403
7404			memcpy(ctsio->kern_data_ptr + data_used,
7405			       page_index->page_data +
7406			       (page_index->page_len * pc),
7407			       page_index->page_len);
7408			data_used += page_index->page_len;
7409		}
7410		break;
7411	}
7412	}
7413
7414	ctsio->scsi_status = SCSI_STATUS_OK;
7415
7416	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7417	ctsio->be_move_done = ctl_config_move_done;
7418	ctl_datamove((union ctl_io *)ctsio);
7419
7420	return (CTL_RETVAL_COMPLETE);
7421}
7422
7423int
7424ctl_log_sense(struct ctl_scsiio *ctsio)
7425{
7426	struct ctl_lun *lun;
7427	int i, pc, page_code, subpage;
7428	int alloc_len, total_len;
7429	struct ctl_page_index *page_index;
7430	struct scsi_log_sense *cdb;
7431	struct scsi_log_header *header;
7432
7433	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
7434
7435	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7436	cdb = (struct scsi_log_sense *)ctsio->cdb;
7437	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
7438	page_code = cdb->page & SLS_PAGE_CODE;
7439	subpage = cdb->subpage;
7440	alloc_len = scsi_2btoul(cdb->length);
7441
7442	page_index = NULL;
7443	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
7444		page_index = &lun->log_pages.index[i];
7445
7446		/* Look for the right page code */
7447		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
7448			continue;
7449
7450		/* Look for the right subpage or the subpage wildcard*/
7451		if (page_index->subpage != subpage)
7452			continue;
7453
7454		break;
7455	}
7456	if (i >= CTL_NUM_LOG_PAGES) {
7457		ctl_set_invalid_field(ctsio,
7458				      /*sks_valid*/ 1,
7459				      /*command*/ 1,
7460				      /*field*/ 2,
7461				      /*bit_valid*/ 0,
7462				      /*bit*/ 0);
7463		ctl_done((union ctl_io *)ctsio);
7464		return (CTL_RETVAL_COMPLETE);
7465	}
7466
7467	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7468
7469	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7470	ctsio->kern_sg_entries = 0;
7471	ctsio->kern_data_resid = 0;
7472	ctsio->kern_rel_offset = 0;
7473	if (total_len < alloc_len) {
7474		ctsio->residual = alloc_len - total_len;
7475		ctsio->kern_data_len = total_len;
7476		ctsio->kern_total_len = total_len;
7477	} else {
7478		ctsio->residual = 0;
7479		ctsio->kern_data_len = alloc_len;
7480		ctsio->kern_total_len = alloc_len;
7481	}
7482
7483	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7484	header->page = page_index->page_code;
7485	if (page_index->subpage) {
7486		header->page |= SL_SPF;
7487		header->subpage = page_index->subpage;
7488	}
7489	scsi_ulto2b(page_index->page_len, header->datalen);
7490
7491	/*
7492	 * Call the handler, if it exists, to update the
7493	 * page to the latest values.
7494	 */
7495	if (page_index->sense_handler != NULL)
7496		page_index->sense_handler(ctsio, page_index, pc);
7497
7498	memcpy(header + 1, page_index->page_data, page_index->page_len);
7499
7500	ctsio->scsi_status = SCSI_STATUS_OK;
7501	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7502	ctsio->be_move_done = ctl_config_move_done;
7503	ctl_datamove((union ctl_io *)ctsio);
7504
7505	return (CTL_RETVAL_COMPLETE);
7506}
7507
7508int
7509ctl_read_capacity(struct ctl_scsiio *ctsio)
7510{
7511	struct scsi_read_capacity *cdb;
7512	struct scsi_read_capacity_data *data;
7513	struct ctl_lun *lun;
7514	uint32_t lba;
7515
7516	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7517
7518	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7519
7520	lba = scsi_4btoul(cdb->addr);
7521	if (((cdb->pmi & SRC_PMI) == 0)
7522	 && (lba != 0)) {
7523		ctl_set_invalid_field(/*ctsio*/ ctsio,
7524				      /*sks_valid*/ 1,
7525				      /*command*/ 1,
7526				      /*field*/ 2,
7527				      /*bit_valid*/ 0,
7528				      /*bit*/ 0);
7529		ctl_done((union ctl_io *)ctsio);
7530		return (CTL_RETVAL_COMPLETE);
7531	}
7532
7533	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7534
7535	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7536	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7537	ctsio->residual = 0;
7538	ctsio->kern_data_len = sizeof(*data);
7539	ctsio->kern_total_len = sizeof(*data);
7540	ctsio->kern_data_resid = 0;
7541	ctsio->kern_rel_offset = 0;
7542	ctsio->kern_sg_entries = 0;
7543
7544	/*
7545	 * If the maximum LBA is greater than 0xfffffffe, the user must
7546	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7547	 * serivce action set.
7548	 */
7549	if (lun->be_lun->maxlba > 0xfffffffe)
7550		scsi_ulto4b(0xffffffff, data->addr);
7551	else
7552		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7553
7554	/*
7555	 * XXX KDM this may not be 512 bytes...
7556	 */
7557	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7558
7559	ctsio->scsi_status = SCSI_STATUS_OK;
7560
7561	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7562	ctsio->be_move_done = ctl_config_move_done;
7563	ctl_datamove((union ctl_io *)ctsio);
7564
7565	return (CTL_RETVAL_COMPLETE);
7566}
7567
7568int
7569ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7570{
7571	struct scsi_read_capacity_16 *cdb;
7572	struct scsi_read_capacity_data_long *data;
7573	struct ctl_lun *lun;
7574	uint64_t lba;
7575	uint32_t alloc_len;
7576
7577	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7578
7579	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7580
7581	alloc_len = scsi_4btoul(cdb->alloc_len);
7582	lba = scsi_8btou64(cdb->addr);
7583
7584	if ((cdb->reladr & SRC16_PMI)
7585	 && (lba != 0)) {
7586		ctl_set_invalid_field(/*ctsio*/ ctsio,
7587				      /*sks_valid*/ 1,
7588				      /*command*/ 1,
7589				      /*field*/ 2,
7590				      /*bit_valid*/ 0,
7591				      /*bit*/ 0);
7592		ctl_done((union ctl_io *)ctsio);
7593		return (CTL_RETVAL_COMPLETE);
7594	}
7595
7596	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7597
7598	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7599	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7600
7601	if (sizeof(*data) < alloc_len) {
7602		ctsio->residual = alloc_len - sizeof(*data);
7603		ctsio->kern_data_len = sizeof(*data);
7604		ctsio->kern_total_len = sizeof(*data);
7605	} else {
7606		ctsio->residual = 0;
7607		ctsio->kern_data_len = alloc_len;
7608		ctsio->kern_total_len = alloc_len;
7609	}
7610	ctsio->kern_data_resid = 0;
7611	ctsio->kern_rel_offset = 0;
7612	ctsio->kern_sg_entries = 0;
7613
7614	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7615	/* XXX KDM this may not be 512 bytes... */
7616	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7617	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7618	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7619	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7620		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7621
7622	ctsio->scsi_status = SCSI_STATUS_OK;
7623
7624	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7625	ctsio->be_move_done = ctl_config_move_done;
7626	ctl_datamove((union ctl_io *)ctsio);
7627
7628	return (CTL_RETVAL_COMPLETE);
7629}
7630
7631int
7632ctl_read_defect(struct ctl_scsiio *ctsio)
7633{
7634	struct scsi_read_defect_data_10 *ccb10;
7635	struct scsi_read_defect_data_12 *ccb12;
7636	struct scsi_read_defect_data_hdr_10 *data10;
7637	struct scsi_read_defect_data_hdr_12 *data12;
7638	struct ctl_lun *lun;
7639	uint32_t alloc_len, data_len;
7640	uint8_t format;
7641
7642	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7643
7644	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7645	if (lun->flags & CTL_LUN_PR_RESERVED) {
7646		uint32_t residx;
7647
7648		/*
7649		 * XXX KDM need a lock here.
7650		 */
7651		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
7652		if ((lun->res_type == SPR_TYPE_EX_AC
7653		  && residx != lun->pr_res_idx)
7654		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
7655		   || lun->res_type == SPR_TYPE_EX_AC_AR)
7656		  && lun->pr_keys[residx] == 0)) {
7657			ctl_set_reservation_conflict(ctsio);
7658			ctl_done((union ctl_io *)ctsio);
7659			return (CTL_RETVAL_COMPLETE);
7660	        }
7661	}
7662
7663	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7664		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7665		format = ccb10->format;
7666		alloc_len = scsi_2btoul(ccb10->alloc_length);
7667		data_len = sizeof(*data10);
7668	} else {
7669		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7670		format = ccb12->format;
7671		alloc_len = scsi_4btoul(ccb12->alloc_length);
7672		data_len = sizeof(*data12);
7673	}
7674	if (alloc_len == 0) {
7675		ctl_set_success(ctsio);
7676		ctl_done((union ctl_io *)ctsio);
7677		return (CTL_RETVAL_COMPLETE);
7678	}
7679
7680	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7681	if (data_len < alloc_len) {
7682		ctsio->residual = alloc_len - data_len;
7683		ctsio->kern_data_len = data_len;
7684		ctsio->kern_total_len = data_len;
7685	} else {
7686		ctsio->residual = 0;
7687		ctsio->kern_data_len = alloc_len;
7688		ctsio->kern_total_len = alloc_len;
7689	}
7690	ctsio->kern_data_resid = 0;
7691	ctsio->kern_rel_offset = 0;
7692	ctsio->kern_sg_entries = 0;
7693
7694	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7695		data10 = (struct scsi_read_defect_data_hdr_10 *)
7696		    ctsio->kern_data_ptr;
7697		data10->format = format;
7698		scsi_ulto2b(0, data10->length);
7699	} else {
7700		data12 = (struct scsi_read_defect_data_hdr_12 *)
7701		    ctsio->kern_data_ptr;
7702		data12->format = format;
7703		scsi_ulto2b(0, data12->generation);
7704		scsi_ulto4b(0, data12->length);
7705	}
7706
7707	ctsio->scsi_status = SCSI_STATUS_OK;
7708	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7709	ctsio->be_move_done = ctl_config_move_done;
7710	ctl_datamove((union ctl_io *)ctsio);
7711	return (CTL_RETVAL_COMPLETE);
7712}
7713
7714int
7715ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7716{
7717	struct scsi_maintenance_in *cdb;
7718	int retval;
7719	int alloc_len, ext, total_len = 0, g, p, pc, pg;
7720	int num_target_port_groups, num_target_ports, single;
7721	struct ctl_lun *lun;
7722	struct ctl_softc *softc;
7723	struct ctl_port *port;
7724	struct scsi_target_group_data *rtg_ptr;
7725	struct scsi_target_group_data_extended *rtg_ext_ptr;
7726	struct scsi_target_port_group_descriptor *tpg_desc;
7727
7728	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7729
7730	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7731	softc = control_softc;
7732	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7733
7734	retval = CTL_RETVAL_COMPLETE;
7735
7736	switch (cdb->byte2 & STG_PDF_MASK) {
7737	case STG_PDF_LENGTH:
7738		ext = 0;
7739		break;
7740	case STG_PDF_EXTENDED:
7741		ext = 1;
7742		break;
7743	default:
7744		ctl_set_invalid_field(/*ctsio*/ ctsio,
7745				      /*sks_valid*/ 1,
7746				      /*command*/ 1,
7747				      /*field*/ 2,
7748				      /*bit_valid*/ 1,
7749				      /*bit*/ 5);
7750		ctl_done((union ctl_io *)ctsio);
7751		return(retval);
7752	}
7753
7754	single = ctl_is_single;
7755	if (single)
7756		num_target_port_groups = 1;
7757	else
7758		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7759	num_target_ports = 0;
7760	mtx_lock(&softc->ctl_lock);
7761	STAILQ_FOREACH(port, &softc->port_list, links) {
7762		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7763			continue;
7764		if (ctl_map_lun_back(port->targ_port, lun->lun) >= CTL_MAX_LUNS)
7765			continue;
7766		num_target_ports++;
7767	}
7768	mtx_unlock(&softc->ctl_lock);
7769
7770	if (ext)
7771		total_len = sizeof(struct scsi_target_group_data_extended);
7772	else
7773		total_len = sizeof(struct scsi_target_group_data);
7774	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7775		num_target_port_groups +
7776	    sizeof(struct scsi_target_port_descriptor) *
7777		num_target_ports * num_target_port_groups;
7778
7779	alloc_len = scsi_4btoul(cdb->length);
7780
7781	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7782
7783	ctsio->kern_sg_entries = 0;
7784
7785	if (total_len < alloc_len) {
7786		ctsio->residual = alloc_len - total_len;
7787		ctsio->kern_data_len = total_len;
7788		ctsio->kern_total_len = total_len;
7789	} else {
7790		ctsio->residual = 0;
7791		ctsio->kern_data_len = alloc_len;
7792		ctsio->kern_total_len = alloc_len;
7793	}
7794	ctsio->kern_data_resid = 0;
7795	ctsio->kern_rel_offset = 0;
7796
7797	if (ext) {
7798		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7799		    ctsio->kern_data_ptr;
7800		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7801		rtg_ext_ptr->format_type = 0x10;
7802		rtg_ext_ptr->implicit_transition_time = 0;
7803		tpg_desc = &rtg_ext_ptr->groups[0];
7804	} else {
7805		rtg_ptr = (struct scsi_target_group_data *)
7806		    ctsio->kern_data_ptr;
7807		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7808		tpg_desc = &rtg_ptr->groups[0];
7809	}
7810
7811	pg = ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS;
7812	mtx_lock(&softc->ctl_lock);
7813	for (g = 0; g < num_target_port_groups; g++) {
7814		if (g == pg)
7815			tpg_desc->pref_state = TPG_PRIMARY |
7816			    TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7817		else
7818			tpg_desc->pref_state =
7819			    TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7820		tpg_desc->support = TPG_AO_SUP;
7821		if (!single)
7822			tpg_desc->support |= TPG_AN_SUP;
7823		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7824		tpg_desc->status = TPG_IMPLICIT;
7825		pc = 0;
7826		STAILQ_FOREACH(port, &softc->port_list, links) {
7827			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7828				continue;
7829			if (ctl_map_lun_back(port->targ_port, lun->lun) >=
7830			    CTL_MAX_LUNS)
7831				continue;
7832			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
7833			scsi_ulto2b(p, tpg_desc->descriptors[pc].
7834			    relative_target_port_identifier);
7835			pc++;
7836		}
7837		tpg_desc->target_port_count = pc;
7838		tpg_desc = (struct scsi_target_port_group_descriptor *)
7839		    &tpg_desc->descriptors[pc];
7840	}
7841	mtx_unlock(&softc->ctl_lock);
7842
7843	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7844	ctsio->be_move_done = ctl_config_move_done;
7845
7846	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7847			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7848			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7849			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7850			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7851
7852	ctl_datamove((union ctl_io *)ctsio);
7853	return(retval);
7854}
7855
7856int
7857ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7858{
7859	struct ctl_lun *lun;
7860	struct scsi_report_supported_opcodes *cdb;
7861	const struct ctl_cmd_entry *entry, *sentry;
7862	struct scsi_report_supported_opcodes_all *all;
7863	struct scsi_report_supported_opcodes_descr *descr;
7864	struct scsi_report_supported_opcodes_one *one;
7865	int retval;
7866	int alloc_len, total_len;
7867	int opcode, service_action, i, j, num;
7868
7869	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7870
7871	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7872	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7873
7874	retval = CTL_RETVAL_COMPLETE;
7875
7876	opcode = cdb->requested_opcode;
7877	service_action = scsi_2btoul(cdb->requested_service_action);
7878	switch (cdb->options & RSO_OPTIONS_MASK) {
7879	case RSO_OPTIONS_ALL:
7880		num = 0;
7881		for (i = 0; i < 256; i++) {
7882			entry = &ctl_cmd_table[i];
7883			if (entry->flags & CTL_CMD_FLAG_SA5) {
7884				for (j = 0; j < 32; j++) {
7885					sentry = &((const struct ctl_cmd_entry *)
7886					    entry->execute)[j];
7887					if (ctl_cmd_applicable(
7888					    lun->be_lun->lun_type, sentry))
7889						num++;
7890				}
7891			} else {
7892				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7893				    entry))
7894					num++;
7895			}
7896		}
7897		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7898		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7899		break;
7900	case RSO_OPTIONS_OC:
7901		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7902			ctl_set_invalid_field(/*ctsio*/ ctsio,
7903					      /*sks_valid*/ 1,
7904					      /*command*/ 1,
7905					      /*field*/ 2,
7906					      /*bit_valid*/ 1,
7907					      /*bit*/ 2);
7908			ctl_done((union ctl_io *)ctsio);
7909			return (CTL_RETVAL_COMPLETE);
7910		}
7911		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7912		break;
7913	case RSO_OPTIONS_OC_SA:
7914		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7915		    service_action >= 32) {
7916			ctl_set_invalid_field(/*ctsio*/ ctsio,
7917					      /*sks_valid*/ 1,
7918					      /*command*/ 1,
7919					      /*field*/ 2,
7920					      /*bit_valid*/ 1,
7921					      /*bit*/ 2);
7922			ctl_done((union ctl_io *)ctsio);
7923			return (CTL_RETVAL_COMPLETE);
7924		}
7925		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7926		break;
7927	default:
7928		ctl_set_invalid_field(/*ctsio*/ ctsio,
7929				      /*sks_valid*/ 1,
7930				      /*command*/ 1,
7931				      /*field*/ 2,
7932				      /*bit_valid*/ 1,
7933				      /*bit*/ 2);
7934		ctl_done((union ctl_io *)ctsio);
7935		return (CTL_RETVAL_COMPLETE);
7936	}
7937
7938	alloc_len = scsi_4btoul(cdb->length);
7939
7940	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7941
7942	ctsio->kern_sg_entries = 0;
7943
7944	if (total_len < alloc_len) {
7945		ctsio->residual = alloc_len - total_len;
7946		ctsio->kern_data_len = total_len;
7947		ctsio->kern_total_len = total_len;
7948	} else {
7949		ctsio->residual = 0;
7950		ctsio->kern_data_len = alloc_len;
7951		ctsio->kern_total_len = alloc_len;
7952	}
7953	ctsio->kern_data_resid = 0;
7954	ctsio->kern_rel_offset = 0;
7955
7956	switch (cdb->options & RSO_OPTIONS_MASK) {
7957	case RSO_OPTIONS_ALL:
7958		all = (struct scsi_report_supported_opcodes_all *)
7959		    ctsio->kern_data_ptr;
7960		num = 0;
7961		for (i = 0; i < 256; i++) {
7962			entry = &ctl_cmd_table[i];
7963			if (entry->flags & CTL_CMD_FLAG_SA5) {
7964				for (j = 0; j < 32; j++) {
7965					sentry = &((const struct ctl_cmd_entry *)
7966					    entry->execute)[j];
7967					if (!ctl_cmd_applicable(
7968					    lun->be_lun->lun_type, sentry))
7969						continue;
7970					descr = &all->descr[num++];
7971					descr->opcode = i;
7972					scsi_ulto2b(j, descr->service_action);
7973					descr->flags = RSO_SERVACTV;
7974					scsi_ulto2b(sentry->length,
7975					    descr->cdb_length);
7976				}
7977			} else {
7978				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7979				    entry))
7980					continue;
7981				descr = &all->descr[num++];
7982				descr->opcode = i;
7983				scsi_ulto2b(0, descr->service_action);
7984				descr->flags = 0;
7985				scsi_ulto2b(entry->length, descr->cdb_length);
7986			}
7987		}
7988		scsi_ulto4b(
7989		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7990		    all->length);
7991		break;
7992	case RSO_OPTIONS_OC:
7993		one = (struct scsi_report_supported_opcodes_one *)
7994		    ctsio->kern_data_ptr;
7995		entry = &ctl_cmd_table[opcode];
7996		goto fill_one;
7997	case RSO_OPTIONS_OC_SA:
7998		one = (struct scsi_report_supported_opcodes_one *)
7999		    ctsio->kern_data_ptr;
8000		entry = &ctl_cmd_table[opcode];
8001		entry = &((const struct ctl_cmd_entry *)
8002		    entry->execute)[service_action];
8003fill_one:
8004		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
8005			one->support = 3;
8006			scsi_ulto2b(entry->length, one->cdb_length);
8007			one->cdb_usage[0] = opcode;
8008			memcpy(&one->cdb_usage[1], entry->usage,
8009			    entry->length - 1);
8010		} else
8011			one->support = 1;
8012		break;
8013	}
8014
8015	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8016	ctsio->be_move_done = ctl_config_move_done;
8017
8018	ctl_datamove((union ctl_io *)ctsio);
8019	return(retval);
8020}
8021
8022int
8023ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
8024{
8025	struct ctl_lun *lun;
8026	struct scsi_report_supported_tmf *cdb;
8027	struct scsi_report_supported_tmf_data *data;
8028	int retval;
8029	int alloc_len, total_len;
8030
8031	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
8032
8033	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
8034	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8035
8036	retval = CTL_RETVAL_COMPLETE;
8037
8038	total_len = sizeof(struct scsi_report_supported_tmf_data);
8039	alloc_len = scsi_4btoul(cdb->length);
8040
8041	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
8042
8043	ctsio->kern_sg_entries = 0;
8044
8045	if (total_len < alloc_len) {
8046		ctsio->residual = alloc_len - total_len;
8047		ctsio->kern_data_len = total_len;
8048		ctsio->kern_total_len = total_len;
8049	} else {
8050		ctsio->residual = 0;
8051		ctsio->kern_data_len = alloc_len;
8052		ctsio->kern_total_len = alloc_len;
8053	}
8054	ctsio->kern_data_resid = 0;
8055	ctsio->kern_rel_offset = 0;
8056
8057	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
8058	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
8059	data->byte2 |= RST_ITNRS;
8060
8061	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8062	ctsio->be_move_done = ctl_config_move_done;
8063
8064	ctl_datamove((union ctl_io *)ctsio);
8065	return (retval);
8066}
8067
8068int
8069ctl_report_timestamp(struct ctl_scsiio *ctsio)
8070{
8071	struct ctl_lun *lun;
8072	struct scsi_report_timestamp *cdb;
8073	struct scsi_report_timestamp_data *data;
8074	struct timeval tv;
8075	int64_t timestamp;
8076	int retval;
8077	int alloc_len, total_len;
8078
8079	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
8080
8081	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
8082	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8083
8084	retval = CTL_RETVAL_COMPLETE;
8085
8086	total_len = sizeof(struct scsi_report_timestamp_data);
8087	alloc_len = scsi_4btoul(cdb->length);
8088
8089	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
8090
8091	ctsio->kern_sg_entries = 0;
8092
8093	if (total_len < alloc_len) {
8094		ctsio->residual = alloc_len - total_len;
8095		ctsio->kern_data_len = total_len;
8096		ctsio->kern_total_len = total_len;
8097	} else {
8098		ctsio->residual = 0;
8099		ctsio->kern_data_len = alloc_len;
8100		ctsio->kern_total_len = alloc_len;
8101	}
8102	ctsio->kern_data_resid = 0;
8103	ctsio->kern_rel_offset = 0;
8104
8105	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
8106	scsi_ulto2b(sizeof(*data) - 2, data->length);
8107	data->origin = RTS_ORIG_OUTSIDE;
8108	getmicrotime(&tv);
8109	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
8110	scsi_ulto4b(timestamp >> 16, data->timestamp);
8111	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
8112
8113	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8114	ctsio->be_move_done = ctl_config_move_done;
8115
8116	ctl_datamove((union ctl_io *)ctsio);
8117	return (retval);
8118}
8119
8120int
8121ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
8122{
8123	struct scsi_per_res_in *cdb;
8124	int alloc_len, total_len = 0;
8125	/* struct scsi_per_res_in_rsrv in_data; */
8126	struct ctl_lun *lun;
8127	struct ctl_softc *softc;
8128
8129	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
8130
8131	softc = control_softc;
8132
8133	cdb = (struct scsi_per_res_in *)ctsio->cdb;
8134
8135	alloc_len = scsi_2btoul(cdb->length);
8136
8137	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8138
8139retry:
8140	mtx_lock(&lun->lun_lock);
8141	switch (cdb->action) {
8142	case SPRI_RK: /* read keys */
8143		total_len = sizeof(struct scsi_per_res_in_keys) +
8144			lun->pr_key_count *
8145			sizeof(struct scsi_per_res_key);
8146		break;
8147	case SPRI_RR: /* read reservation */
8148		if (lun->flags & CTL_LUN_PR_RESERVED)
8149			total_len = sizeof(struct scsi_per_res_in_rsrv);
8150		else
8151			total_len = sizeof(struct scsi_per_res_in_header);
8152		break;
8153	case SPRI_RC: /* report capabilities */
8154		total_len = sizeof(struct scsi_per_res_cap);
8155		break;
8156	case SPRI_RS: /* read full status */
8157		total_len = sizeof(struct scsi_per_res_in_header) +
8158		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
8159		    lun->pr_key_count;
8160		break;
8161	default:
8162		panic("Invalid PR type %x", cdb->action);
8163	}
8164	mtx_unlock(&lun->lun_lock);
8165
8166	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
8167
8168	if (total_len < alloc_len) {
8169		ctsio->residual = alloc_len - total_len;
8170		ctsio->kern_data_len = total_len;
8171		ctsio->kern_total_len = total_len;
8172	} else {
8173		ctsio->residual = 0;
8174		ctsio->kern_data_len = alloc_len;
8175		ctsio->kern_total_len = alloc_len;
8176	}
8177
8178	ctsio->kern_data_resid = 0;
8179	ctsio->kern_rel_offset = 0;
8180	ctsio->kern_sg_entries = 0;
8181
8182	mtx_lock(&lun->lun_lock);
8183	switch (cdb->action) {
8184	case SPRI_RK: { // read keys
8185        struct scsi_per_res_in_keys *res_keys;
8186		int i, key_count;
8187
8188		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
8189
8190		/*
8191		 * We had to drop the lock to allocate our buffer, which
8192		 * leaves time for someone to come in with another
8193		 * persistent reservation.  (That is unlikely, though,
8194		 * since this should be the only persistent reservation
8195		 * command active right now.)
8196		 */
8197		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
8198		    (lun->pr_key_count *
8199		     sizeof(struct scsi_per_res_key)))){
8200			mtx_unlock(&lun->lun_lock);
8201			free(ctsio->kern_data_ptr, M_CTL);
8202			printf("%s: reservation length changed, retrying\n",
8203			       __func__);
8204			goto retry;
8205		}
8206
8207		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
8208
8209		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
8210			     lun->pr_key_count, res_keys->header.length);
8211
8212		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
8213			if (lun->pr_keys[i] == 0)
8214				continue;
8215
8216			/*
8217			 * We used lun->pr_key_count to calculate the
8218			 * size to allocate.  If it turns out the number of
8219			 * initiators with the registered flag set is
8220			 * larger than that (i.e. they haven't been kept in
8221			 * sync), we've got a problem.
8222			 */
8223			if (key_count >= lun->pr_key_count) {
8224#ifdef NEEDTOPORT
8225				csevent_log(CSC_CTL | CSC_SHELF_SW |
8226					    CTL_PR_ERROR,
8227					    csevent_LogType_Fault,
8228					    csevent_AlertLevel_Yellow,
8229					    csevent_FRU_ShelfController,
8230					    csevent_FRU_Firmware,
8231				        csevent_FRU_Unknown,
8232					    "registered keys %d >= key "
8233					    "count %d", key_count,
8234					    lun->pr_key_count);
8235#endif
8236				key_count++;
8237				continue;
8238			}
8239			scsi_u64to8b(lun->pr_keys[i],
8240			    res_keys->keys[key_count].key);
8241			key_count++;
8242		}
8243		break;
8244	}
8245	case SPRI_RR: { // read reservation
8246		struct scsi_per_res_in_rsrv *res;
8247		int tmp_len, header_only;
8248
8249		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
8250
8251		scsi_ulto4b(lun->PRGeneration, res->header.generation);
8252
8253		if (lun->flags & CTL_LUN_PR_RESERVED)
8254		{
8255			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
8256			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
8257				    res->header.length);
8258			header_only = 0;
8259		} else {
8260			tmp_len = sizeof(struct scsi_per_res_in_header);
8261			scsi_ulto4b(0, res->header.length);
8262			header_only = 1;
8263		}
8264
8265		/*
8266		 * We had to drop the lock to allocate our buffer, which
8267		 * leaves time for someone to come in with another
8268		 * persistent reservation.  (That is unlikely, though,
8269		 * since this should be the only persistent reservation
8270		 * command active right now.)
8271		 */
8272		if (tmp_len != total_len) {
8273			mtx_unlock(&lun->lun_lock);
8274			free(ctsio->kern_data_ptr, M_CTL);
8275			printf("%s: reservation status changed, retrying\n",
8276			       __func__);
8277			goto retry;
8278		}
8279
8280		/*
8281		 * No reservation held, so we're done.
8282		 */
8283		if (header_only != 0)
8284			break;
8285
8286		/*
8287		 * If the registration is an All Registrants type, the key
8288		 * is 0, since it doesn't really matter.
8289		 */
8290		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8291			scsi_u64to8b(lun->pr_keys[lun->pr_res_idx],
8292			    res->data.reservation);
8293		}
8294		res->data.scopetype = lun->res_type;
8295		break;
8296	}
8297	case SPRI_RC:     //report capabilities
8298	{
8299		struct scsi_per_res_cap *res_cap;
8300		uint16_t type_mask;
8301
8302		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
8303		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
8304		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
8305		type_mask = SPRI_TM_WR_EX_AR |
8306			    SPRI_TM_EX_AC_RO |
8307			    SPRI_TM_WR_EX_RO |
8308			    SPRI_TM_EX_AC |
8309			    SPRI_TM_WR_EX |
8310			    SPRI_TM_EX_AC_AR;
8311		scsi_ulto2b(type_mask, res_cap->type_mask);
8312		break;
8313	}
8314	case SPRI_RS: { // read full status
8315		struct scsi_per_res_in_full *res_status;
8316		struct scsi_per_res_in_full_desc *res_desc;
8317		struct ctl_port *port;
8318		int i, len;
8319
8320		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
8321
8322		/*
8323		 * We had to drop the lock to allocate our buffer, which
8324		 * leaves time for someone to come in with another
8325		 * persistent reservation.  (That is unlikely, though,
8326		 * since this should be the only persistent reservation
8327		 * command active right now.)
8328		 */
8329		if (total_len < (sizeof(struct scsi_per_res_in_header) +
8330		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
8331		     lun->pr_key_count)){
8332			mtx_unlock(&lun->lun_lock);
8333			free(ctsio->kern_data_ptr, M_CTL);
8334			printf("%s: reservation length changed, retrying\n",
8335			       __func__);
8336			goto retry;
8337		}
8338
8339		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
8340
8341		res_desc = &res_status->desc[0];
8342		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
8343			if (lun->pr_keys[i] == 0)
8344				continue;
8345
8346			scsi_u64to8b(lun->pr_keys[i], res_desc->res_key.key);
8347			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
8348			    (lun->pr_res_idx == i ||
8349			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
8350				res_desc->flags = SPRI_FULL_R_HOLDER;
8351				res_desc->scopetype = lun->res_type;
8352			}
8353			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
8354			    res_desc->rel_trgt_port_id);
8355			len = 0;
8356			port = softc->ctl_ports[
8357			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
8358			if (port != NULL)
8359				len = ctl_create_iid(port,
8360				    i % CTL_MAX_INIT_PER_PORT,
8361				    res_desc->transport_id);
8362			scsi_ulto4b(len, res_desc->additional_length);
8363			res_desc = (struct scsi_per_res_in_full_desc *)
8364			    &res_desc->transport_id[len];
8365		}
8366		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
8367		    res_status->header.length);
8368		break;
8369	}
8370	default:
8371		/*
8372		 * This is a bug, because we just checked for this above,
8373		 * and should have returned an error.
8374		 */
8375		panic("Invalid PR type %x", cdb->action);
8376		break; /* NOTREACHED */
8377	}
8378	mtx_unlock(&lun->lun_lock);
8379
8380	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8381	ctsio->be_move_done = ctl_config_move_done;
8382
8383	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
8384			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
8385			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
8386			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
8387			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
8388
8389	ctl_datamove((union ctl_io *)ctsio);
8390
8391	return (CTL_RETVAL_COMPLETE);
8392}
8393
8394/*
8395 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
8396 * it should return.
8397 */
8398static int
8399ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
8400		uint64_t sa_res_key, uint8_t type, uint32_t residx,
8401		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
8402		struct scsi_per_res_out_parms* param)
8403{
8404	union ctl_ha_msg persis_io;
8405	int retval, i;
8406	int isc_retval;
8407
8408	retval = 0;
8409
8410	mtx_lock(&lun->lun_lock);
8411	if (sa_res_key == 0) {
8412		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8413			/* validate scope and type */
8414			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8415			     SPR_LU_SCOPE) {
8416				mtx_unlock(&lun->lun_lock);
8417				ctl_set_invalid_field(/*ctsio*/ ctsio,
8418						      /*sks_valid*/ 1,
8419						      /*command*/ 1,
8420						      /*field*/ 2,
8421						      /*bit_valid*/ 1,
8422						      /*bit*/ 4);
8423				ctl_done((union ctl_io *)ctsio);
8424				return (1);
8425			}
8426
8427		        if (type>8 || type==2 || type==4 || type==0) {
8428				mtx_unlock(&lun->lun_lock);
8429				ctl_set_invalid_field(/*ctsio*/ ctsio,
8430       	           				      /*sks_valid*/ 1,
8431						      /*command*/ 1,
8432						      /*field*/ 2,
8433						      /*bit_valid*/ 1,
8434						      /*bit*/ 0);
8435				ctl_done((union ctl_io *)ctsio);
8436				return (1);
8437		        }
8438
8439			/*
8440			 * Unregister everybody else and build UA for
8441			 * them
8442			 */
8443			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8444				if (i == residx || lun->pr_keys[i] == 0)
8445					continue;
8446
8447				if (!persis_offset
8448				 && i <CTL_MAX_INITIATORS)
8449					lun->pending_ua[i] |=
8450						CTL_UA_REG_PREEMPT;
8451				else if (persis_offset
8452				      && i >= persis_offset)
8453					lun->pending_ua[i-persis_offset] |=
8454						CTL_UA_REG_PREEMPT;
8455				lun->pr_keys[i] = 0;
8456			}
8457			lun->pr_key_count = 1;
8458			lun->res_type = type;
8459			if (lun->res_type != SPR_TYPE_WR_EX_AR
8460			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8461				lun->pr_res_idx = residx;
8462
8463			/* send msg to other side */
8464			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8465			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8466			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8467			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8468			persis_io.pr.pr_info.res_type = type;
8469			memcpy(persis_io.pr.pr_info.sa_res_key,
8470			       param->serv_act_res_key,
8471			       sizeof(param->serv_act_res_key));
8472			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8473			     &persis_io, sizeof(persis_io), 0)) >
8474			     CTL_HA_STATUS_SUCCESS) {
8475				printf("CTL:Persis Out error returned "
8476				       "from ctl_ha_msg_send %d\n",
8477				       isc_retval);
8478			}
8479		} else {
8480			/* not all registrants */
8481			mtx_unlock(&lun->lun_lock);
8482			free(ctsio->kern_data_ptr, M_CTL);
8483			ctl_set_invalid_field(ctsio,
8484					      /*sks_valid*/ 1,
8485					      /*command*/ 0,
8486					      /*field*/ 8,
8487					      /*bit_valid*/ 0,
8488					      /*bit*/ 0);
8489			ctl_done((union ctl_io *)ctsio);
8490			return (1);
8491		}
8492	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8493		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8494		int found = 0;
8495
8496		if (res_key == sa_res_key) {
8497			/* special case */
8498			/*
8499			 * The spec implies this is not good but doesn't
8500			 * say what to do. There are two choices either
8501			 * generate a res conflict or check condition
8502			 * with illegal field in parameter data. Since
8503			 * that is what is done when the sa_res_key is
8504			 * zero I'll take that approach since this has
8505			 * to do with the sa_res_key.
8506			 */
8507			mtx_unlock(&lun->lun_lock);
8508			free(ctsio->kern_data_ptr, M_CTL);
8509			ctl_set_invalid_field(ctsio,
8510					      /*sks_valid*/ 1,
8511					      /*command*/ 0,
8512					      /*field*/ 8,
8513					      /*bit_valid*/ 0,
8514					      /*bit*/ 0);
8515			ctl_done((union ctl_io *)ctsio);
8516			return (1);
8517		}
8518
8519		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8520			if (lun->pr_keys[i] != sa_res_key)
8521				continue;
8522
8523			found = 1;
8524			lun->pr_keys[i] = 0;
8525			lun->pr_key_count--;
8526
8527			if (!persis_offset && i < CTL_MAX_INITIATORS)
8528				lun->pending_ua[i] |= CTL_UA_REG_PREEMPT;
8529			else if (persis_offset && i >= persis_offset)
8530				lun->pending_ua[i-persis_offset] |=
8531					CTL_UA_REG_PREEMPT;
8532		}
8533		if (!found) {
8534			mtx_unlock(&lun->lun_lock);
8535			free(ctsio->kern_data_ptr, M_CTL);
8536			ctl_set_reservation_conflict(ctsio);
8537			ctl_done((union ctl_io *)ctsio);
8538			return (CTL_RETVAL_COMPLETE);
8539		}
8540		/* send msg to other side */
8541		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8542		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8543		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8544		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8545		persis_io.pr.pr_info.res_type = type;
8546		memcpy(persis_io.pr.pr_info.sa_res_key,
8547		       param->serv_act_res_key,
8548		       sizeof(param->serv_act_res_key));
8549		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8550		     &persis_io, sizeof(persis_io), 0)) >
8551		     CTL_HA_STATUS_SUCCESS) {
8552			printf("CTL:Persis Out error returned from "
8553			       "ctl_ha_msg_send %d\n", isc_retval);
8554		}
8555	} else {
8556		/* Reserved but not all registrants */
8557		/* sa_res_key is res holder */
8558		if (sa_res_key == lun->pr_keys[lun->pr_res_idx]) {
8559			/* validate scope and type */
8560			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8561			     SPR_LU_SCOPE) {
8562				mtx_unlock(&lun->lun_lock);
8563				ctl_set_invalid_field(/*ctsio*/ ctsio,
8564						      /*sks_valid*/ 1,
8565						      /*command*/ 1,
8566						      /*field*/ 2,
8567						      /*bit_valid*/ 1,
8568						      /*bit*/ 4);
8569				ctl_done((union ctl_io *)ctsio);
8570				return (1);
8571			}
8572
8573			if (type>8 || type==2 || type==4 || type==0) {
8574				mtx_unlock(&lun->lun_lock);
8575				ctl_set_invalid_field(/*ctsio*/ ctsio,
8576						      /*sks_valid*/ 1,
8577						      /*command*/ 1,
8578						      /*field*/ 2,
8579						      /*bit_valid*/ 1,
8580						      /*bit*/ 0);
8581				ctl_done((union ctl_io *)ctsio);
8582				return (1);
8583			}
8584
8585			/*
8586			 * Do the following:
8587			 * if sa_res_key != res_key remove all
8588			 * registrants w/sa_res_key and generate UA
8589			 * for these registrants(Registrations
8590			 * Preempted) if it wasn't an exclusive
8591			 * reservation generate UA(Reservations
8592			 * Preempted) for all other registered nexuses
8593			 * if the type has changed. Establish the new
8594			 * reservation and holder. If res_key and
8595			 * sa_res_key are the same do the above
8596			 * except don't unregister the res holder.
8597			 */
8598
8599			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8600				if (i == residx || lun->pr_keys[i] == 0)
8601					continue;
8602
8603				if (sa_res_key == lun->pr_keys[i]) {
8604					lun->pr_keys[i] = 0;
8605					lun->pr_key_count--;
8606
8607					if (!persis_offset
8608					 && i < CTL_MAX_INITIATORS)
8609						lun->pending_ua[i] |=
8610							CTL_UA_REG_PREEMPT;
8611					else if (persis_offset
8612					      && i >= persis_offset)
8613						lun->pending_ua[i-persis_offset] |=
8614						  CTL_UA_REG_PREEMPT;
8615				} else if (type != lun->res_type
8616					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8617					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8618						if (!persis_offset
8619						 && i < CTL_MAX_INITIATORS)
8620							lun->pending_ua[i] |=
8621							CTL_UA_RES_RELEASE;
8622						else if (persis_offset
8623						      && i >= persis_offset)
8624							lun->pending_ua[
8625							i-persis_offset] |=
8626							CTL_UA_RES_RELEASE;
8627				}
8628			}
8629			lun->res_type = type;
8630			if (lun->res_type != SPR_TYPE_WR_EX_AR
8631			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8632				lun->pr_res_idx = residx;
8633			else
8634				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8635
8636			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8637			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8638			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8639			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8640			persis_io.pr.pr_info.res_type = type;
8641			memcpy(persis_io.pr.pr_info.sa_res_key,
8642			       param->serv_act_res_key,
8643			       sizeof(param->serv_act_res_key));
8644			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8645			     &persis_io, sizeof(persis_io), 0)) >
8646			     CTL_HA_STATUS_SUCCESS) {
8647				printf("CTL:Persis Out error returned "
8648				       "from ctl_ha_msg_send %d\n",
8649				       isc_retval);
8650			}
8651		} else {
8652			/*
8653			 * sa_res_key is not the res holder just
8654			 * remove registrants
8655			 */
8656			int found=0;
8657
8658			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8659				if (sa_res_key != lun->pr_keys[i])
8660					continue;
8661
8662				found = 1;
8663				lun->pr_keys[i] = 0;
8664				lun->pr_key_count--;
8665
8666				if (!persis_offset
8667				 && i < CTL_MAX_INITIATORS)
8668					lun->pending_ua[i] |=
8669						CTL_UA_REG_PREEMPT;
8670				else if (persis_offset
8671				      && i >= persis_offset)
8672					lun->pending_ua[i-persis_offset] |=
8673						CTL_UA_REG_PREEMPT;
8674			}
8675
8676			if (!found) {
8677				mtx_unlock(&lun->lun_lock);
8678				free(ctsio->kern_data_ptr, M_CTL);
8679				ctl_set_reservation_conflict(ctsio);
8680				ctl_done((union ctl_io *)ctsio);
8681		        	return (1);
8682			}
8683			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8684			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8685			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8686			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8687			persis_io.pr.pr_info.res_type = type;
8688			memcpy(persis_io.pr.pr_info.sa_res_key,
8689			       param->serv_act_res_key,
8690			       sizeof(param->serv_act_res_key));
8691			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8692			     &persis_io, sizeof(persis_io), 0)) >
8693			     CTL_HA_STATUS_SUCCESS) {
8694				printf("CTL:Persis Out error returned "
8695				       "from ctl_ha_msg_send %d\n",
8696				isc_retval);
8697			}
8698		}
8699	}
8700
8701	lun->PRGeneration++;
8702	mtx_unlock(&lun->lun_lock);
8703
8704	return (retval);
8705}
8706
8707static void
8708ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8709{
8710	uint64_t sa_res_key;
8711	int i;
8712
8713	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8714
8715	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8716	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8717	 || sa_res_key != lun->pr_keys[lun->pr_res_idx]) {
8718		if (sa_res_key == 0) {
8719			/*
8720			 * Unregister everybody else and build UA for
8721			 * them
8722			 */
8723			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8724				if (i == msg->pr.pr_info.residx ||
8725				    lun->pr_keys[i] == 0)
8726					continue;
8727
8728				if (!persis_offset
8729				 && i < CTL_MAX_INITIATORS)
8730					lun->pending_ua[i] |=
8731						CTL_UA_REG_PREEMPT;
8732				else if (persis_offset && i >= persis_offset)
8733					lun->pending_ua[i - persis_offset] |=
8734						CTL_UA_REG_PREEMPT;
8735				lun->pr_keys[i] = 0;
8736			}
8737
8738			lun->pr_key_count = 1;
8739			lun->res_type = msg->pr.pr_info.res_type;
8740			if (lun->res_type != SPR_TYPE_WR_EX_AR
8741			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8742				lun->pr_res_idx = msg->pr.pr_info.residx;
8743		} else {
8744		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8745				if (sa_res_key == lun->pr_keys[i])
8746					continue;
8747
8748				lun->pr_keys[i] = 0;
8749				lun->pr_key_count--;
8750
8751				if (!persis_offset
8752				 && i < persis_offset)
8753					lun->pending_ua[i] |=
8754						CTL_UA_REG_PREEMPT;
8755				else if (persis_offset
8756				      && i >= persis_offset)
8757					lun->pending_ua[i - persis_offset] |=
8758						CTL_UA_REG_PREEMPT;
8759			}
8760		}
8761	} else {
8762		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8763			if (i == msg->pr.pr_info.residx ||
8764			    lun->pr_keys[i] == 0)
8765				continue;
8766
8767			if (sa_res_key == lun->pr_keys[i]) {
8768				lun->pr_keys[i] = 0;
8769				lun->pr_key_count--;
8770				if (!persis_offset
8771				 && i < CTL_MAX_INITIATORS)
8772					lun->pending_ua[i] |=
8773						CTL_UA_REG_PREEMPT;
8774				else if (persis_offset
8775				      && i >= persis_offset)
8776					lun->pending_ua[i - persis_offset] |=
8777						CTL_UA_REG_PREEMPT;
8778			} else if (msg->pr.pr_info.res_type != lun->res_type
8779				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8780				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8781					if (!persis_offset
8782					 && i < persis_offset)
8783						lun->pending_ua[i] |=
8784							CTL_UA_RES_RELEASE;
8785					else if (persis_offset
8786					      && i >= persis_offset)
8787					lun->pending_ua[i - persis_offset] |=
8788						CTL_UA_RES_RELEASE;
8789			}
8790		}
8791		lun->res_type = msg->pr.pr_info.res_type;
8792		if (lun->res_type != SPR_TYPE_WR_EX_AR
8793		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8794			lun->pr_res_idx = msg->pr.pr_info.residx;
8795		else
8796			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8797	}
8798	lun->PRGeneration++;
8799
8800}
8801
8802
8803int
8804ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8805{
8806	int retval;
8807	int isc_retval;
8808	u_int32_t param_len;
8809	struct scsi_per_res_out *cdb;
8810	struct ctl_lun *lun;
8811	struct scsi_per_res_out_parms* param;
8812	struct ctl_softc *softc;
8813	uint32_t residx;
8814	uint64_t res_key, sa_res_key;
8815	uint8_t type;
8816	union ctl_ha_msg persis_io;
8817	int    i;
8818
8819	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8820
8821	retval = CTL_RETVAL_COMPLETE;
8822
8823	softc = control_softc;
8824
8825	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8826	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8827
8828	/*
8829	 * We only support whole-LUN scope.  The scope & type are ignored for
8830	 * register, register and ignore existing key and clear.
8831	 * We sometimes ignore scope and type on preempts too!!
8832	 * Verify reservation type here as well.
8833	 */
8834	type = cdb->scope_type & SPR_TYPE_MASK;
8835	if ((cdb->action == SPRO_RESERVE)
8836	 || (cdb->action == SPRO_RELEASE)) {
8837		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8838			ctl_set_invalid_field(/*ctsio*/ ctsio,
8839					      /*sks_valid*/ 1,
8840					      /*command*/ 1,
8841					      /*field*/ 2,
8842					      /*bit_valid*/ 1,
8843					      /*bit*/ 4);
8844			ctl_done((union ctl_io *)ctsio);
8845			return (CTL_RETVAL_COMPLETE);
8846		}
8847
8848		if (type>8 || type==2 || type==4 || type==0) {
8849			ctl_set_invalid_field(/*ctsio*/ ctsio,
8850					      /*sks_valid*/ 1,
8851					      /*command*/ 1,
8852					      /*field*/ 2,
8853					      /*bit_valid*/ 1,
8854					      /*bit*/ 0);
8855			ctl_done((union ctl_io *)ctsio);
8856			return (CTL_RETVAL_COMPLETE);
8857		}
8858	}
8859
8860	param_len = scsi_4btoul(cdb->length);
8861
8862	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8863		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8864		ctsio->kern_data_len = param_len;
8865		ctsio->kern_total_len = param_len;
8866		ctsio->kern_data_resid = 0;
8867		ctsio->kern_rel_offset = 0;
8868		ctsio->kern_sg_entries = 0;
8869		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8870		ctsio->be_move_done = ctl_config_move_done;
8871		ctl_datamove((union ctl_io *)ctsio);
8872
8873		return (CTL_RETVAL_COMPLETE);
8874	}
8875
8876	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8877
8878	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8879	res_key = scsi_8btou64(param->res_key.key);
8880	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8881
8882	/*
8883	 * Validate the reservation key here except for SPRO_REG_IGNO
8884	 * This must be done for all other service actions
8885	 */
8886	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8887		mtx_lock(&lun->lun_lock);
8888		if (lun->pr_keys[residx] != 0) {
8889		    if (res_key != lun->pr_keys[residx]) {
8890				/*
8891				 * The current key passed in doesn't match
8892				 * the one the initiator previously
8893				 * registered.
8894				 */
8895				mtx_unlock(&lun->lun_lock);
8896				free(ctsio->kern_data_ptr, M_CTL);
8897				ctl_set_reservation_conflict(ctsio);
8898				ctl_done((union ctl_io *)ctsio);
8899				return (CTL_RETVAL_COMPLETE);
8900			}
8901		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8902			/*
8903			 * We are not registered
8904			 */
8905			mtx_unlock(&lun->lun_lock);
8906			free(ctsio->kern_data_ptr, M_CTL);
8907			ctl_set_reservation_conflict(ctsio);
8908			ctl_done((union ctl_io *)ctsio);
8909			return (CTL_RETVAL_COMPLETE);
8910		} else if (res_key != 0) {
8911			/*
8912			 * We are not registered and trying to register but
8913			 * the register key isn't zero.
8914			 */
8915			mtx_unlock(&lun->lun_lock);
8916			free(ctsio->kern_data_ptr, M_CTL);
8917			ctl_set_reservation_conflict(ctsio);
8918			ctl_done((union ctl_io *)ctsio);
8919			return (CTL_RETVAL_COMPLETE);
8920		}
8921		mtx_unlock(&lun->lun_lock);
8922	}
8923
8924	switch (cdb->action & SPRO_ACTION_MASK) {
8925	case SPRO_REGISTER:
8926	case SPRO_REG_IGNO: {
8927
8928#if 0
8929		printf("Registration received\n");
8930#endif
8931
8932		/*
8933		 * We don't support any of these options, as we report in
8934		 * the read capabilities request (see
8935		 * ctl_persistent_reserve_in(), above).
8936		 */
8937		if ((param->flags & SPR_SPEC_I_PT)
8938		 || (param->flags & SPR_ALL_TG_PT)
8939		 || (param->flags & SPR_APTPL)) {
8940			int bit_ptr;
8941
8942			if (param->flags & SPR_APTPL)
8943				bit_ptr = 0;
8944			else if (param->flags & SPR_ALL_TG_PT)
8945				bit_ptr = 2;
8946			else /* SPR_SPEC_I_PT */
8947				bit_ptr = 3;
8948
8949			free(ctsio->kern_data_ptr, M_CTL);
8950			ctl_set_invalid_field(ctsio,
8951					      /*sks_valid*/ 1,
8952					      /*command*/ 0,
8953					      /*field*/ 20,
8954					      /*bit_valid*/ 1,
8955					      /*bit*/ bit_ptr);
8956			ctl_done((union ctl_io *)ctsio);
8957			return (CTL_RETVAL_COMPLETE);
8958		}
8959
8960		mtx_lock(&lun->lun_lock);
8961
8962		/*
8963		 * The initiator wants to clear the
8964		 * key/unregister.
8965		 */
8966		if (sa_res_key == 0) {
8967			if ((res_key == 0
8968			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8969			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8970			  && lun->pr_keys[residx] == 0)) {
8971				mtx_unlock(&lun->lun_lock);
8972				goto done;
8973			}
8974
8975			lun->pr_keys[residx] = 0;
8976			lun->pr_key_count--;
8977
8978			if (residx == lun->pr_res_idx) {
8979				lun->flags &= ~CTL_LUN_PR_RESERVED;
8980				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8981
8982				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8983				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8984				 && lun->pr_key_count) {
8985					/*
8986					 * If the reservation is a registrants
8987					 * only type we need to generate a UA
8988					 * for other registered inits.  The
8989					 * sense code should be RESERVATIONS
8990					 * RELEASED
8991					 */
8992
8993					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8994						if (lun->pr_keys[
8995						    i + persis_offset] == 0)
8996							continue;
8997						lun->pending_ua[i] |=
8998							CTL_UA_RES_RELEASE;
8999					}
9000				}
9001				lun->res_type = 0;
9002			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
9003				if (lun->pr_key_count==0) {
9004					lun->flags &= ~CTL_LUN_PR_RESERVED;
9005					lun->res_type = 0;
9006					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9007				}
9008			}
9009			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
9010			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
9011			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
9012			persis_io.pr.pr_info.residx = residx;
9013			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
9014			     &persis_io, sizeof(persis_io), 0 )) >
9015			     CTL_HA_STATUS_SUCCESS) {
9016				printf("CTL:Persis Out error returned from "
9017				       "ctl_ha_msg_send %d\n", isc_retval);
9018			}
9019		} else /* sa_res_key != 0 */ {
9020
9021			/*
9022			 * If we aren't registered currently then increment
9023			 * the key count and set the registered flag.
9024			 */
9025			if (lun->pr_keys[residx] == 0)
9026				lun->pr_key_count++;
9027			lun->pr_keys[residx] = sa_res_key;
9028
9029			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
9030			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
9031			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
9032			persis_io.pr.pr_info.residx = residx;
9033			memcpy(persis_io.pr.pr_info.sa_res_key,
9034			       param->serv_act_res_key,
9035			       sizeof(param->serv_act_res_key));
9036			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
9037			     &persis_io, sizeof(persis_io), 0)) >
9038			     CTL_HA_STATUS_SUCCESS) {
9039				printf("CTL:Persis Out error returned from "
9040				       "ctl_ha_msg_send %d\n", isc_retval);
9041			}
9042		}
9043		lun->PRGeneration++;
9044		mtx_unlock(&lun->lun_lock);
9045
9046		break;
9047	}
9048	case SPRO_RESERVE:
9049#if 0
9050                printf("Reserve executed type %d\n", type);
9051#endif
9052		mtx_lock(&lun->lun_lock);
9053		if (lun->flags & CTL_LUN_PR_RESERVED) {
9054			/*
9055			 * if this isn't the reservation holder and it's
9056			 * not a "all registrants" type or if the type is
9057			 * different then we have a conflict
9058			 */
9059			if ((lun->pr_res_idx != residx
9060			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
9061			 || lun->res_type != type) {
9062				mtx_unlock(&lun->lun_lock);
9063				free(ctsio->kern_data_ptr, M_CTL);
9064				ctl_set_reservation_conflict(ctsio);
9065				ctl_done((union ctl_io *)ctsio);
9066				return (CTL_RETVAL_COMPLETE);
9067			}
9068			mtx_unlock(&lun->lun_lock);
9069		} else /* create a reservation */ {
9070			/*
9071			 * If it's not an "all registrants" type record
9072			 * reservation holder
9073			 */
9074			if (type != SPR_TYPE_WR_EX_AR
9075			 && type != SPR_TYPE_EX_AC_AR)
9076				lun->pr_res_idx = residx; /* Res holder */
9077			else
9078				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
9079
9080			lun->flags |= CTL_LUN_PR_RESERVED;
9081			lun->res_type = type;
9082
9083			mtx_unlock(&lun->lun_lock);
9084
9085			/* send msg to other side */
9086			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
9087			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
9088			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
9089			persis_io.pr.pr_info.residx = lun->pr_res_idx;
9090			persis_io.pr.pr_info.res_type = type;
9091			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
9092			     &persis_io, sizeof(persis_io), 0)) >
9093			     CTL_HA_STATUS_SUCCESS) {
9094				printf("CTL:Persis Out error returned from "
9095				       "ctl_ha_msg_send %d\n", isc_retval);
9096			}
9097		}
9098		break;
9099
9100	case SPRO_RELEASE:
9101		mtx_lock(&lun->lun_lock);
9102		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
9103			/* No reservation exists return good status */
9104			mtx_unlock(&lun->lun_lock);
9105			goto done;
9106		}
9107		/*
9108		 * Is this nexus a reservation holder?
9109		 */
9110		if (lun->pr_res_idx != residx
9111		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
9112			/*
9113			 * not a res holder return good status but
9114			 * do nothing
9115			 */
9116			mtx_unlock(&lun->lun_lock);
9117			goto done;
9118		}
9119
9120		if (lun->res_type != type) {
9121			mtx_unlock(&lun->lun_lock);
9122			free(ctsio->kern_data_ptr, M_CTL);
9123			ctl_set_illegal_pr_release(ctsio);
9124			ctl_done((union ctl_io *)ctsio);
9125			return (CTL_RETVAL_COMPLETE);
9126		}
9127
9128		/* okay to release */
9129		lun->flags &= ~CTL_LUN_PR_RESERVED;
9130		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9131		lun->res_type = 0;
9132
9133		/*
9134		 * if this isn't an exclusive access
9135		 * res generate UA for all other
9136		 * registrants.
9137		 */
9138		if (type != SPR_TYPE_EX_AC
9139		 && type != SPR_TYPE_WR_EX) {
9140			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
9141				if (i == residx ||
9142				    lun->pr_keys[i + persis_offset] == 0)
9143					continue;
9144				lun->pending_ua[i] |= CTL_UA_RES_RELEASE;
9145			}
9146		}
9147		mtx_unlock(&lun->lun_lock);
9148		/* Send msg to other side */
9149		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
9150		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
9151		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
9152		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
9153		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
9154			printf("CTL:Persis Out error returned from "
9155			       "ctl_ha_msg_send %d\n", isc_retval);
9156		}
9157		break;
9158
9159	case SPRO_CLEAR:
9160		/* send msg to other side */
9161
9162		mtx_lock(&lun->lun_lock);
9163		lun->flags &= ~CTL_LUN_PR_RESERVED;
9164		lun->res_type = 0;
9165		lun->pr_key_count = 0;
9166		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9167
9168		lun->pr_keys[residx] = 0;
9169
9170		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
9171			if (lun->pr_keys[i] != 0) {
9172				if (!persis_offset && i < CTL_MAX_INITIATORS)
9173					lun->pending_ua[i] |=
9174						CTL_UA_RES_PREEMPT;
9175				else if (persis_offset && i >= persis_offset)
9176					lun->pending_ua[i-persis_offset] |=
9177					    CTL_UA_RES_PREEMPT;
9178
9179				lun->pr_keys[i] = 0;
9180			}
9181		lun->PRGeneration++;
9182		mtx_unlock(&lun->lun_lock);
9183		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
9184		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
9185		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
9186		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
9187		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
9188			printf("CTL:Persis Out error returned from "
9189			       "ctl_ha_msg_send %d\n", isc_retval);
9190		}
9191		break;
9192
9193	case SPRO_PREEMPT: {
9194		int nretval;
9195
9196		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
9197					  residx, ctsio, cdb, param);
9198		if (nretval != 0)
9199			return (CTL_RETVAL_COMPLETE);
9200		break;
9201	}
9202	default:
9203		panic("Invalid PR type %x", cdb->action);
9204	}
9205
9206done:
9207	free(ctsio->kern_data_ptr, M_CTL);
9208	ctl_set_success(ctsio);
9209	ctl_done((union ctl_io *)ctsio);
9210
9211	return (retval);
9212}
9213
9214/*
9215 * This routine is for handling a message from the other SC pertaining to
9216 * persistent reserve out. All the error checking will have been done
9217 * so only perorming the action need be done here to keep the two
9218 * in sync.
9219 */
9220static void
9221ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
9222{
9223	struct ctl_lun *lun;
9224	struct ctl_softc *softc;
9225	int i;
9226	uint32_t targ_lun;
9227
9228	softc = control_softc;
9229
9230	targ_lun = msg->hdr.nexus.targ_mapped_lun;
9231	lun = softc->ctl_luns[targ_lun];
9232	mtx_lock(&lun->lun_lock);
9233	switch(msg->pr.pr_info.action) {
9234	case CTL_PR_REG_KEY:
9235		if (lun->pr_keys[msg->pr.pr_info.residx] == 0)
9236			lun->pr_key_count++;
9237		lun->pr_keys[msg->pr.pr_info.residx] =
9238		    scsi_8btou64(msg->pr.pr_info.sa_res_key);
9239		lun->PRGeneration++;
9240		break;
9241
9242	case CTL_PR_UNREG_KEY:
9243		lun->pr_keys[msg->pr.pr_info.residx] = 0;
9244		lun->pr_key_count--;
9245
9246		/* XXX Need to see if the reservation has been released */
9247		/* if so do we need to generate UA? */
9248		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
9249			lun->flags &= ~CTL_LUN_PR_RESERVED;
9250			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9251
9252			if ((lun->res_type == SPR_TYPE_WR_EX_RO
9253			  || lun->res_type == SPR_TYPE_EX_AC_RO)
9254			 && lun->pr_key_count) {
9255				/*
9256				 * If the reservation is a registrants
9257				 * only type we need to generate a UA
9258				 * for other registered inits.  The
9259				 * sense code should be RESERVATIONS
9260				 * RELEASED
9261				 */
9262
9263				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
9264					if (lun->pr_keys[i+
9265					    persis_offset] == 0)
9266						continue;
9267
9268					lun->pending_ua[i] |=
9269						CTL_UA_RES_RELEASE;
9270				}
9271			}
9272			lun->res_type = 0;
9273		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
9274			if (lun->pr_key_count==0) {
9275				lun->flags &= ~CTL_LUN_PR_RESERVED;
9276				lun->res_type = 0;
9277				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9278			}
9279		}
9280		lun->PRGeneration++;
9281		break;
9282
9283	case CTL_PR_RESERVE:
9284		lun->flags |= CTL_LUN_PR_RESERVED;
9285		lun->res_type = msg->pr.pr_info.res_type;
9286		lun->pr_res_idx = msg->pr.pr_info.residx;
9287
9288		break;
9289
9290	case CTL_PR_RELEASE:
9291		/*
9292		 * if this isn't an exclusive access res generate UA for all
9293		 * other registrants.
9294		 */
9295		if (lun->res_type != SPR_TYPE_EX_AC
9296		 && lun->res_type != SPR_TYPE_WR_EX) {
9297			for (i = 0; i < CTL_MAX_INITIATORS; i++)
9298				if (lun->pr_keys[i+persis_offset] != 0)
9299					lun->pending_ua[i] |=
9300						CTL_UA_RES_RELEASE;
9301		}
9302
9303		lun->flags &= ~CTL_LUN_PR_RESERVED;
9304		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9305		lun->res_type = 0;
9306		break;
9307
9308	case CTL_PR_PREEMPT:
9309		ctl_pro_preempt_other(lun, msg);
9310		break;
9311	case CTL_PR_CLEAR:
9312		lun->flags &= ~CTL_LUN_PR_RESERVED;
9313		lun->res_type = 0;
9314		lun->pr_key_count = 0;
9315		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9316
9317		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
9318			if (lun->pr_keys[i] == 0)
9319				continue;
9320			if (!persis_offset
9321			 && i < CTL_MAX_INITIATORS)
9322				lun->pending_ua[i] |= CTL_UA_RES_PREEMPT;
9323			else if (persis_offset
9324			      && i >= persis_offset)
9325				lun->pending_ua[i-persis_offset] |=
9326					CTL_UA_RES_PREEMPT;
9327			lun->pr_keys[i] = 0;
9328		}
9329		lun->PRGeneration++;
9330		break;
9331	}
9332
9333	mtx_unlock(&lun->lun_lock);
9334}
9335
9336int
9337ctl_read_write(struct ctl_scsiio *ctsio)
9338{
9339	struct ctl_lun *lun;
9340	struct ctl_lba_len_flags *lbalen;
9341	uint64_t lba;
9342	uint32_t num_blocks;
9343	int flags, retval;
9344	int isread;
9345
9346	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9347
9348	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
9349
9350	flags = 0;
9351	retval = CTL_RETVAL_COMPLETE;
9352
9353	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
9354	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
9355	if (lun->flags & CTL_LUN_PR_RESERVED && isread) {
9356		uint32_t residx;
9357
9358		/*
9359		 * XXX KDM need a lock here.
9360		 */
9361		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
9362		if ((lun->res_type == SPR_TYPE_EX_AC
9363		  && residx != lun->pr_res_idx)
9364		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
9365		   || lun->res_type == SPR_TYPE_EX_AC_AR)
9366		  && lun->pr_keys[residx] == 0)) {
9367			ctl_set_reservation_conflict(ctsio);
9368			ctl_done((union ctl_io *)ctsio);
9369			return (CTL_RETVAL_COMPLETE);
9370	        }
9371	}
9372
9373	switch (ctsio->cdb[0]) {
9374	case READ_6:
9375	case WRITE_6: {
9376		struct scsi_rw_6 *cdb;
9377
9378		cdb = (struct scsi_rw_6 *)ctsio->cdb;
9379
9380		lba = scsi_3btoul(cdb->addr);
9381		/* only 5 bits are valid in the most significant address byte */
9382		lba &= 0x1fffff;
9383		num_blocks = cdb->length;
9384		/*
9385		 * This is correct according to SBC-2.
9386		 */
9387		if (num_blocks == 0)
9388			num_blocks = 256;
9389		break;
9390	}
9391	case READ_10:
9392	case WRITE_10: {
9393		struct scsi_rw_10 *cdb;
9394
9395		cdb = (struct scsi_rw_10 *)ctsio->cdb;
9396		if (cdb->byte2 & SRW10_FUA)
9397			flags |= CTL_LLF_FUA;
9398		if (cdb->byte2 & SRW10_DPO)
9399			flags |= CTL_LLF_DPO;
9400		lba = scsi_4btoul(cdb->addr);
9401		num_blocks = scsi_2btoul(cdb->length);
9402		break;
9403	}
9404	case WRITE_VERIFY_10: {
9405		struct scsi_write_verify_10 *cdb;
9406
9407		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
9408		flags |= CTL_LLF_FUA;
9409		if (cdb->byte2 & SWV_DPO)
9410			flags |= CTL_LLF_DPO;
9411		lba = scsi_4btoul(cdb->addr);
9412		num_blocks = scsi_2btoul(cdb->length);
9413		break;
9414	}
9415	case READ_12:
9416	case WRITE_12: {
9417		struct scsi_rw_12 *cdb;
9418
9419		cdb = (struct scsi_rw_12 *)ctsio->cdb;
9420		if (cdb->byte2 & SRW12_FUA)
9421			flags |= CTL_LLF_FUA;
9422		if (cdb->byte2 & SRW12_DPO)
9423			flags |= CTL_LLF_DPO;
9424		lba = scsi_4btoul(cdb->addr);
9425		num_blocks = scsi_4btoul(cdb->length);
9426		break;
9427	}
9428	case WRITE_VERIFY_12: {
9429		struct scsi_write_verify_12 *cdb;
9430
9431		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
9432		flags |= CTL_LLF_FUA;
9433		if (cdb->byte2 & SWV_DPO)
9434			flags |= CTL_LLF_DPO;
9435		lba = scsi_4btoul(cdb->addr);
9436		num_blocks = scsi_4btoul(cdb->length);
9437		break;
9438	}
9439	case READ_16:
9440	case WRITE_16: {
9441		struct scsi_rw_16 *cdb;
9442
9443		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9444		if (cdb->byte2 & SRW12_FUA)
9445			flags |= CTL_LLF_FUA;
9446		if (cdb->byte2 & SRW12_DPO)
9447			flags |= CTL_LLF_DPO;
9448		lba = scsi_8btou64(cdb->addr);
9449		num_blocks = scsi_4btoul(cdb->length);
9450		break;
9451	}
9452	case WRITE_ATOMIC_16: {
9453		struct scsi_rw_16 *cdb;
9454
9455		if (lun->be_lun->atomicblock == 0) {
9456			ctl_set_invalid_opcode(ctsio);
9457			ctl_done((union ctl_io *)ctsio);
9458			return (CTL_RETVAL_COMPLETE);
9459		}
9460
9461		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9462		if (cdb->byte2 & SRW12_FUA)
9463			flags |= CTL_LLF_FUA;
9464		if (cdb->byte2 & SRW12_DPO)
9465			flags |= CTL_LLF_DPO;
9466		lba = scsi_8btou64(cdb->addr);
9467		num_blocks = scsi_4btoul(cdb->length);
9468		if (num_blocks > lun->be_lun->atomicblock) {
9469			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
9470			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
9471			    /*bit*/ 0);
9472			ctl_done((union ctl_io *)ctsio);
9473			return (CTL_RETVAL_COMPLETE);
9474		}
9475		break;
9476	}
9477	case WRITE_VERIFY_16: {
9478		struct scsi_write_verify_16 *cdb;
9479
9480		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
9481		flags |= CTL_LLF_FUA;
9482		if (cdb->byte2 & SWV_DPO)
9483			flags |= CTL_LLF_DPO;
9484		lba = scsi_8btou64(cdb->addr);
9485		num_blocks = scsi_4btoul(cdb->length);
9486		break;
9487	}
9488	default:
9489		/*
9490		 * We got a command we don't support.  This shouldn't
9491		 * happen, commands should be filtered out above us.
9492		 */
9493		ctl_set_invalid_opcode(ctsio);
9494		ctl_done((union ctl_io *)ctsio);
9495
9496		return (CTL_RETVAL_COMPLETE);
9497		break; /* NOTREACHED */
9498	}
9499
9500	/*
9501	 * The first check is to make sure we're in bounds, the second
9502	 * check is to catch wrap-around problems.  If the lba + num blocks
9503	 * is less than the lba, then we've wrapped around and the block
9504	 * range is invalid anyway.
9505	 */
9506	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9507	 || ((lba + num_blocks) < lba)) {
9508		ctl_set_lba_out_of_range(ctsio);
9509		ctl_done((union ctl_io *)ctsio);
9510		return (CTL_RETVAL_COMPLETE);
9511	}
9512
9513	/*
9514	 * According to SBC-3, a transfer length of 0 is not an error.
9515	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9516	 * translates to 256 blocks for those commands.
9517	 */
9518	if (num_blocks == 0) {
9519		ctl_set_success(ctsio);
9520		ctl_done((union ctl_io *)ctsio);
9521		return (CTL_RETVAL_COMPLETE);
9522	}
9523
9524	/* Set FUA and/or DPO if caches are disabled. */
9525	if (isread) {
9526		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9527		    SCP_RCD) != 0)
9528			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9529	} else {
9530		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9531		    SCP_WCE) == 0)
9532			flags |= CTL_LLF_FUA;
9533	}
9534
9535	lbalen = (struct ctl_lba_len_flags *)
9536	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9537	lbalen->lba = lba;
9538	lbalen->len = num_blocks;
9539	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9540
9541	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9542	ctsio->kern_rel_offset = 0;
9543
9544	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9545
9546	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9547
9548	return (retval);
9549}
9550
9551static int
9552ctl_cnw_cont(union ctl_io *io)
9553{
9554	struct ctl_scsiio *ctsio;
9555	struct ctl_lun *lun;
9556	struct ctl_lba_len_flags *lbalen;
9557	int retval;
9558
9559	ctsio = &io->scsiio;
9560	ctsio->io_hdr.status = CTL_STATUS_NONE;
9561	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9562	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9563	lbalen = (struct ctl_lba_len_flags *)
9564	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9565	lbalen->flags &= ~CTL_LLF_COMPARE;
9566	lbalen->flags |= CTL_LLF_WRITE;
9567
9568	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9569	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9570	return (retval);
9571}
9572
9573int
9574ctl_cnw(struct ctl_scsiio *ctsio)
9575{
9576	struct ctl_lun *lun;
9577	struct ctl_lba_len_flags *lbalen;
9578	uint64_t lba;
9579	uint32_t num_blocks;
9580	int flags, retval;
9581
9582	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9583
9584	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9585
9586	flags = 0;
9587	retval = CTL_RETVAL_COMPLETE;
9588
9589	switch (ctsio->cdb[0]) {
9590	case COMPARE_AND_WRITE: {
9591		struct scsi_compare_and_write *cdb;
9592
9593		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9594		if (cdb->byte2 & SRW10_FUA)
9595			flags |= CTL_LLF_FUA;
9596		if (cdb->byte2 & SRW10_DPO)
9597			flags |= CTL_LLF_DPO;
9598		lba = scsi_8btou64(cdb->addr);
9599		num_blocks = cdb->length;
9600		break;
9601	}
9602	default:
9603		/*
9604		 * We got a command we don't support.  This shouldn't
9605		 * happen, commands should be filtered out above us.
9606		 */
9607		ctl_set_invalid_opcode(ctsio);
9608		ctl_done((union ctl_io *)ctsio);
9609
9610		return (CTL_RETVAL_COMPLETE);
9611		break; /* NOTREACHED */
9612	}
9613
9614	/*
9615	 * The first check is to make sure we're in bounds, the second
9616	 * check is to catch wrap-around problems.  If the lba + num blocks
9617	 * is less than the lba, then we've wrapped around and the block
9618	 * range is invalid anyway.
9619	 */
9620	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9621	 || ((lba + num_blocks) < lba)) {
9622		ctl_set_lba_out_of_range(ctsio);
9623		ctl_done((union ctl_io *)ctsio);
9624		return (CTL_RETVAL_COMPLETE);
9625	}
9626
9627	/*
9628	 * According to SBC-3, a transfer length of 0 is not an error.
9629	 */
9630	if (num_blocks == 0) {
9631		ctl_set_success(ctsio);
9632		ctl_done((union ctl_io *)ctsio);
9633		return (CTL_RETVAL_COMPLETE);
9634	}
9635
9636	/* Set FUA if write cache is disabled. */
9637	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9638	    SCP_WCE) == 0)
9639		flags |= CTL_LLF_FUA;
9640
9641	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9642	ctsio->kern_rel_offset = 0;
9643
9644	/*
9645	 * Set the IO_CONT flag, so that if this I/O gets passed to
9646	 * ctl_data_submit_done(), it'll get passed back to
9647	 * ctl_ctl_cnw_cont() for further processing.
9648	 */
9649	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9650	ctsio->io_cont = ctl_cnw_cont;
9651
9652	lbalen = (struct ctl_lba_len_flags *)
9653	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9654	lbalen->lba = lba;
9655	lbalen->len = num_blocks;
9656	lbalen->flags = CTL_LLF_COMPARE | flags;
9657
9658	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9659	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9660	return (retval);
9661}
9662
9663int
9664ctl_verify(struct ctl_scsiio *ctsio)
9665{
9666	struct ctl_lun *lun;
9667	struct ctl_lba_len_flags *lbalen;
9668	uint64_t lba;
9669	uint32_t num_blocks;
9670	int bytchk, flags;
9671	int retval;
9672
9673	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9674
9675	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9676
9677	bytchk = 0;
9678	flags = CTL_LLF_FUA;
9679	retval = CTL_RETVAL_COMPLETE;
9680
9681	switch (ctsio->cdb[0]) {
9682	case VERIFY_10: {
9683		struct scsi_verify_10 *cdb;
9684
9685		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9686		if (cdb->byte2 & SVFY_BYTCHK)
9687			bytchk = 1;
9688		if (cdb->byte2 & SVFY_DPO)
9689			flags |= CTL_LLF_DPO;
9690		lba = scsi_4btoul(cdb->addr);
9691		num_blocks = scsi_2btoul(cdb->length);
9692		break;
9693	}
9694	case VERIFY_12: {
9695		struct scsi_verify_12 *cdb;
9696
9697		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9698		if (cdb->byte2 & SVFY_BYTCHK)
9699			bytchk = 1;
9700		if (cdb->byte2 & SVFY_DPO)
9701			flags |= CTL_LLF_DPO;
9702		lba = scsi_4btoul(cdb->addr);
9703		num_blocks = scsi_4btoul(cdb->length);
9704		break;
9705	}
9706	case VERIFY_16: {
9707		struct scsi_rw_16 *cdb;
9708
9709		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9710		if (cdb->byte2 & SVFY_BYTCHK)
9711			bytchk = 1;
9712		if (cdb->byte2 & SVFY_DPO)
9713			flags |= CTL_LLF_DPO;
9714		lba = scsi_8btou64(cdb->addr);
9715		num_blocks = scsi_4btoul(cdb->length);
9716		break;
9717	}
9718	default:
9719		/*
9720		 * We got a command we don't support.  This shouldn't
9721		 * happen, commands should be filtered out above us.
9722		 */
9723		ctl_set_invalid_opcode(ctsio);
9724		ctl_done((union ctl_io *)ctsio);
9725		return (CTL_RETVAL_COMPLETE);
9726	}
9727
9728	/*
9729	 * The first check is to make sure we're in bounds, the second
9730	 * check is to catch wrap-around problems.  If the lba + num blocks
9731	 * is less than the lba, then we've wrapped around and the block
9732	 * range is invalid anyway.
9733	 */
9734	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9735	 || ((lba + num_blocks) < lba)) {
9736		ctl_set_lba_out_of_range(ctsio);
9737		ctl_done((union ctl_io *)ctsio);
9738		return (CTL_RETVAL_COMPLETE);
9739	}
9740
9741	/*
9742	 * According to SBC-3, a transfer length of 0 is not an error.
9743	 */
9744	if (num_blocks == 0) {
9745		ctl_set_success(ctsio);
9746		ctl_done((union ctl_io *)ctsio);
9747		return (CTL_RETVAL_COMPLETE);
9748	}
9749
9750	lbalen = (struct ctl_lba_len_flags *)
9751	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9752	lbalen->lba = lba;
9753	lbalen->len = num_blocks;
9754	if (bytchk) {
9755		lbalen->flags = CTL_LLF_COMPARE | flags;
9756		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9757	} else {
9758		lbalen->flags = CTL_LLF_VERIFY | flags;
9759		ctsio->kern_total_len = 0;
9760	}
9761	ctsio->kern_rel_offset = 0;
9762
9763	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9764	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9765	return (retval);
9766}
9767
9768int
9769ctl_report_luns(struct ctl_scsiio *ctsio)
9770{
9771	struct scsi_report_luns *cdb;
9772	struct scsi_report_luns_data *lun_data;
9773	struct ctl_lun *lun, *request_lun;
9774	int num_luns, retval;
9775	uint32_t alloc_len, lun_datalen;
9776	int num_filled, well_known;
9777	uint32_t initidx, targ_lun_id, lun_id;
9778
9779	retval = CTL_RETVAL_COMPLETE;
9780	well_known = 0;
9781
9782	cdb = (struct scsi_report_luns *)ctsio->cdb;
9783
9784	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9785
9786	mtx_lock(&control_softc->ctl_lock);
9787	num_luns = control_softc->num_luns;
9788	mtx_unlock(&control_softc->ctl_lock);
9789
9790	switch (cdb->select_report) {
9791	case RPL_REPORT_DEFAULT:
9792	case RPL_REPORT_ALL:
9793		break;
9794	case RPL_REPORT_WELLKNOWN:
9795		well_known = 1;
9796		num_luns = 0;
9797		break;
9798	default:
9799		ctl_set_invalid_field(ctsio,
9800				      /*sks_valid*/ 1,
9801				      /*command*/ 1,
9802				      /*field*/ 2,
9803				      /*bit_valid*/ 0,
9804				      /*bit*/ 0);
9805		ctl_done((union ctl_io *)ctsio);
9806		return (retval);
9807		break; /* NOTREACHED */
9808	}
9809
9810	alloc_len = scsi_4btoul(cdb->length);
9811	/*
9812	 * The initiator has to allocate at least 16 bytes for this request,
9813	 * so he can at least get the header and the first LUN.  Otherwise
9814	 * we reject the request (per SPC-3 rev 14, section 6.21).
9815	 */
9816	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9817	    sizeof(struct scsi_report_luns_lundata))) {
9818		ctl_set_invalid_field(ctsio,
9819				      /*sks_valid*/ 1,
9820				      /*command*/ 1,
9821				      /*field*/ 6,
9822				      /*bit_valid*/ 0,
9823				      /*bit*/ 0);
9824		ctl_done((union ctl_io *)ctsio);
9825		return (retval);
9826	}
9827
9828	request_lun = (struct ctl_lun *)
9829		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9830
9831	lun_datalen = sizeof(*lun_data) +
9832		(num_luns * sizeof(struct scsi_report_luns_lundata));
9833
9834	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9835	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9836	ctsio->kern_sg_entries = 0;
9837
9838	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9839
9840	mtx_lock(&control_softc->ctl_lock);
9841	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9842		lun_id = ctl_map_lun(ctsio->io_hdr.nexus.targ_port, targ_lun_id);
9843		if (lun_id >= CTL_MAX_LUNS)
9844			continue;
9845		lun = control_softc->ctl_luns[lun_id];
9846		if (lun == NULL)
9847			continue;
9848
9849		if (targ_lun_id <= 0xff) {
9850			/*
9851			 * Peripheral addressing method, bus number 0.
9852			 */
9853			lun_data->luns[num_filled].lundata[0] =
9854				RPL_LUNDATA_ATYP_PERIPH;
9855			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9856			num_filled++;
9857		} else if (targ_lun_id <= 0x3fff) {
9858			/*
9859			 * Flat addressing method.
9860			 */
9861			lun_data->luns[num_filled].lundata[0] =
9862				RPL_LUNDATA_ATYP_FLAT |
9863				(targ_lun_id & RPL_LUNDATA_FLAT_LUN_MASK);
9864#ifdef OLDCTLHEADERS
9865				(SRLD_ADDR_FLAT << SRLD_ADDR_SHIFT) |
9866				(targ_lun_id & SRLD_BUS_LUN_MASK);
9867#endif
9868			lun_data->luns[num_filled].lundata[1] =
9869#ifdef OLDCTLHEADERS
9870				targ_lun_id >> SRLD_BUS_LUN_BITS;
9871#endif
9872				targ_lun_id >> RPL_LUNDATA_FLAT_LUN_BITS;
9873			num_filled++;
9874		} else {
9875			printf("ctl_report_luns: bogus LUN number %jd, "
9876			       "skipping\n", (intmax_t)targ_lun_id);
9877		}
9878		/*
9879		 * According to SPC-3, rev 14 section 6.21:
9880		 *
9881		 * "The execution of a REPORT LUNS command to any valid and
9882		 * installed logical unit shall clear the REPORTED LUNS DATA
9883		 * HAS CHANGED unit attention condition for all logical
9884		 * units of that target with respect to the requesting
9885		 * initiator. A valid and installed logical unit is one
9886		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9887		 * INQUIRY data (see 6.4.2)."
9888		 *
9889		 * If request_lun is NULL, the LUN this report luns command
9890		 * was issued to is either disabled or doesn't exist. In that
9891		 * case, we shouldn't clear any pending lun change unit
9892		 * attention.
9893		 */
9894		if (request_lun != NULL) {
9895			mtx_lock(&lun->lun_lock);
9896			lun->pending_ua[initidx] &= ~CTL_UA_LUN_CHANGE;
9897			mtx_unlock(&lun->lun_lock);
9898		}
9899	}
9900	mtx_unlock(&control_softc->ctl_lock);
9901
9902	/*
9903	 * It's quite possible that we've returned fewer LUNs than we allocated
9904	 * space for.  Trim it.
9905	 */
9906	lun_datalen = sizeof(*lun_data) +
9907		(num_filled * sizeof(struct scsi_report_luns_lundata));
9908
9909	if (lun_datalen < alloc_len) {
9910		ctsio->residual = alloc_len - lun_datalen;
9911		ctsio->kern_data_len = lun_datalen;
9912		ctsio->kern_total_len = lun_datalen;
9913	} else {
9914		ctsio->residual = 0;
9915		ctsio->kern_data_len = alloc_len;
9916		ctsio->kern_total_len = alloc_len;
9917	}
9918	ctsio->kern_data_resid = 0;
9919	ctsio->kern_rel_offset = 0;
9920	ctsio->kern_sg_entries = 0;
9921
9922	/*
9923	 * We set this to the actual data length, regardless of how much
9924	 * space we actually have to return results.  If the user looks at
9925	 * this value, he'll know whether or not he allocated enough space
9926	 * and reissue the command if necessary.  We don't support well
9927	 * known logical units, so if the user asks for that, return none.
9928	 */
9929	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9930
9931	/*
9932	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9933	 * this request.
9934	 */
9935	ctsio->scsi_status = SCSI_STATUS_OK;
9936
9937	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9938	ctsio->be_move_done = ctl_config_move_done;
9939	ctl_datamove((union ctl_io *)ctsio);
9940
9941	return (retval);
9942}
9943
9944int
9945ctl_request_sense(struct ctl_scsiio *ctsio)
9946{
9947	struct scsi_request_sense *cdb;
9948	struct scsi_sense_data *sense_ptr;
9949	struct ctl_lun *lun;
9950	uint32_t initidx;
9951	int have_error;
9952	scsi_sense_data_type sense_format;
9953
9954	cdb = (struct scsi_request_sense *)ctsio->cdb;
9955
9956	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9957
9958	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9959
9960	/*
9961	 * Determine which sense format the user wants.
9962	 */
9963	if (cdb->byte2 & SRS_DESC)
9964		sense_format = SSD_TYPE_DESC;
9965	else
9966		sense_format = SSD_TYPE_FIXED;
9967
9968	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9969	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9970	ctsio->kern_sg_entries = 0;
9971
9972	/*
9973	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9974	 * larger than the largest allowed value for the length field in the
9975	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9976	 */
9977	ctsio->residual = 0;
9978	ctsio->kern_data_len = cdb->length;
9979	ctsio->kern_total_len = cdb->length;
9980
9981	ctsio->kern_data_resid = 0;
9982	ctsio->kern_rel_offset = 0;
9983	ctsio->kern_sg_entries = 0;
9984
9985	/*
9986	 * If we don't have a LUN, we don't have any pending sense.
9987	 */
9988	if (lun == NULL)
9989		goto no_sense;
9990
9991	have_error = 0;
9992	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9993	/*
9994	 * Check for pending sense, and then for pending unit attentions.
9995	 * Pending sense gets returned first, then pending unit attentions.
9996	 */
9997	mtx_lock(&lun->lun_lock);
9998#ifdef CTL_WITH_CA
9999	if (ctl_is_set(lun->have_ca, initidx)) {
10000		scsi_sense_data_type stored_format;
10001
10002		/*
10003		 * Check to see which sense format was used for the stored
10004		 * sense data.
10005		 */
10006		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
10007
10008		/*
10009		 * If the user requested a different sense format than the
10010		 * one we stored, then we need to convert it to the other
10011		 * format.  If we're going from descriptor to fixed format
10012		 * sense data, we may lose things in translation, depending
10013		 * on what options were used.
10014		 *
10015		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
10016		 * for some reason we'll just copy it out as-is.
10017		 */
10018		if ((stored_format == SSD_TYPE_FIXED)
10019		 && (sense_format == SSD_TYPE_DESC))
10020			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
10021			    &lun->pending_sense[initidx],
10022			    (struct scsi_sense_data_desc *)sense_ptr);
10023		else if ((stored_format == SSD_TYPE_DESC)
10024		      && (sense_format == SSD_TYPE_FIXED))
10025			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
10026			    &lun->pending_sense[initidx],
10027			    (struct scsi_sense_data_fixed *)sense_ptr);
10028		else
10029			memcpy(sense_ptr, &lun->pending_sense[initidx],
10030			       ctl_min(sizeof(*sense_ptr),
10031			       sizeof(lun->pending_sense[initidx])));
10032
10033		ctl_clear_mask(lun->have_ca, initidx);
10034		have_error = 1;
10035	} else
10036#endif
10037	if (lun->pending_ua[initidx] != CTL_UA_NONE) {
10038		ctl_ua_type ua_type;
10039
10040		ua_type = ctl_build_ua(&lun->pending_ua[initidx],
10041				       sense_ptr, sense_format);
10042		if (ua_type != CTL_UA_NONE)
10043			have_error = 1;
10044	}
10045	mtx_unlock(&lun->lun_lock);
10046
10047	/*
10048	 * We already have a pending error, return it.
10049	 */
10050	if (have_error != 0) {
10051		/*
10052		 * We report the SCSI status as OK, since the status of the
10053		 * request sense command itself is OK.
10054		 */
10055		ctsio->scsi_status = SCSI_STATUS_OK;
10056
10057		/*
10058		 * We report 0 for the sense length, because we aren't doing
10059		 * autosense in this case.  We're reporting sense as
10060		 * parameter data.
10061		 */
10062		ctsio->sense_len = 0;
10063		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10064		ctsio->be_move_done = ctl_config_move_done;
10065		ctl_datamove((union ctl_io *)ctsio);
10066
10067		return (CTL_RETVAL_COMPLETE);
10068	}
10069
10070no_sense:
10071
10072	/*
10073	 * No sense information to report, so we report that everything is
10074	 * okay.
10075	 */
10076	ctl_set_sense_data(sense_ptr,
10077			   lun,
10078			   sense_format,
10079			   /*current_error*/ 1,
10080			   /*sense_key*/ SSD_KEY_NO_SENSE,
10081			   /*asc*/ 0x00,
10082			   /*ascq*/ 0x00,
10083			   SSD_ELEM_NONE);
10084
10085	ctsio->scsi_status = SCSI_STATUS_OK;
10086
10087	/*
10088	 * We report 0 for the sense length, because we aren't doing
10089	 * autosense in this case.  We're reporting sense as parameter data.
10090	 */
10091	ctsio->sense_len = 0;
10092	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10093	ctsio->be_move_done = ctl_config_move_done;
10094	ctl_datamove((union ctl_io *)ctsio);
10095
10096	return (CTL_RETVAL_COMPLETE);
10097}
10098
10099int
10100ctl_tur(struct ctl_scsiio *ctsio)
10101{
10102	struct ctl_lun *lun;
10103
10104	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10105
10106	CTL_DEBUG_PRINT(("ctl_tur\n"));
10107
10108	if (lun == NULL)
10109		return (EINVAL);
10110
10111	ctsio->scsi_status = SCSI_STATUS_OK;
10112	ctsio->io_hdr.status = CTL_SUCCESS;
10113
10114	ctl_done((union ctl_io *)ctsio);
10115
10116	return (CTL_RETVAL_COMPLETE);
10117}
10118
10119#ifdef notyet
10120static int
10121ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
10122{
10123
10124}
10125#endif
10126
10127static int
10128ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
10129{
10130	struct scsi_vpd_supported_pages *pages;
10131	int sup_page_size;
10132	struct ctl_lun *lun;
10133
10134	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10135
10136	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
10137	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
10138	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
10139	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
10140	ctsio->kern_sg_entries = 0;
10141
10142	if (sup_page_size < alloc_len) {
10143		ctsio->residual = alloc_len - sup_page_size;
10144		ctsio->kern_data_len = sup_page_size;
10145		ctsio->kern_total_len = sup_page_size;
10146	} else {
10147		ctsio->residual = 0;
10148		ctsio->kern_data_len = alloc_len;
10149		ctsio->kern_total_len = alloc_len;
10150	}
10151	ctsio->kern_data_resid = 0;
10152	ctsio->kern_rel_offset = 0;
10153	ctsio->kern_sg_entries = 0;
10154
10155	/*
10156	 * The control device is always connected.  The disk device, on the
10157	 * other hand, may not be online all the time.  Need to change this
10158	 * to figure out whether the disk device is actually online or not.
10159	 */
10160	if (lun != NULL)
10161		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
10162				lun->be_lun->lun_type;
10163	else
10164		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10165
10166	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
10167	/* Supported VPD pages */
10168	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
10169	/* Serial Number */
10170	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
10171	/* Device Identification */
10172	pages->page_list[2] = SVPD_DEVICE_ID;
10173	/* Extended INQUIRY Data */
10174	pages->page_list[3] = SVPD_EXTENDED_INQUIRY_DATA;
10175	/* Mode Page Policy */
10176	pages->page_list[4] = SVPD_MODE_PAGE_POLICY;
10177	/* SCSI Ports */
10178	pages->page_list[5] = SVPD_SCSI_PORTS;
10179	/* Third-party Copy */
10180	pages->page_list[6] = SVPD_SCSI_TPC;
10181	/* Block limits */
10182	pages->page_list[7] = SVPD_BLOCK_LIMITS;
10183	/* Block Device Characteristics */
10184	pages->page_list[8] = SVPD_BDC;
10185	/* Logical Block Provisioning */
10186	pages->page_list[9] = SVPD_LBP;
10187
10188	ctsio->scsi_status = SCSI_STATUS_OK;
10189
10190	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10191	ctsio->be_move_done = ctl_config_move_done;
10192	ctl_datamove((union ctl_io *)ctsio);
10193
10194	return (CTL_RETVAL_COMPLETE);
10195}
10196
10197static int
10198ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
10199{
10200	struct scsi_vpd_unit_serial_number *sn_ptr;
10201	struct ctl_lun *lun;
10202
10203	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10204
10205	ctsio->kern_data_ptr = malloc(sizeof(*sn_ptr), M_CTL, M_WAITOK | M_ZERO);
10206	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
10207	ctsio->kern_sg_entries = 0;
10208
10209	if (sizeof(*sn_ptr) < alloc_len) {
10210		ctsio->residual = alloc_len - sizeof(*sn_ptr);
10211		ctsio->kern_data_len = sizeof(*sn_ptr);
10212		ctsio->kern_total_len = sizeof(*sn_ptr);
10213	} else {
10214		ctsio->residual = 0;
10215		ctsio->kern_data_len = alloc_len;
10216		ctsio->kern_total_len = alloc_len;
10217	}
10218	ctsio->kern_data_resid = 0;
10219	ctsio->kern_rel_offset = 0;
10220	ctsio->kern_sg_entries = 0;
10221
10222	/*
10223	 * The control device is always connected.  The disk device, on the
10224	 * other hand, may not be online all the time.  Need to change this
10225	 * to figure out whether the disk device is actually online or not.
10226	 */
10227	if (lun != NULL)
10228		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10229				  lun->be_lun->lun_type;
10230	else
10231		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10232
10233	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
10234	sn_ptr->length = ctl_min(sizeof(*sn_ptr) - 4, CTL_SN_LEN);
10235	/*
10236	 * If we don't have a LUN, we just leave the serial number as
10237	 * all spaces.
10238	 */
10239	memset(sn_ptr->serial_num, 0x20, sizeof(sn_ptr->serial_num));
10240	if (lun != NULL) {
10241		strncpy((char *)sn_ptr->serial_num,
10242			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
10243	}
10244	ctsio->scsi_status = SCSI_STATUS_OK;
10245
10246	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10247	ctsio->be_move_done = ctl_config_move_done;
10248	ctl_datamove((union ctl_io *)ctsio);
10249
10250	return (CTL_RETVAL_COMPLETE);
10251}
10252
10253
10254static int
10255ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
10256{
10257	struct scsi_vpd_extended_inquiry_data *eid_ptr;
10258	struct ctl_lun *lun;
10259	int data_len;
10260
10261	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10262
10263	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
10264	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10265	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
10266	ctsio->kern_sg_entries = 0;
10267
10268	if (data_len < alloc_len) {
10269		ctsio->residual = alloc_len - data_len;
10270		ctsio->kern_data_len = data_len;
10271		ctsio->kern_total_len = data_len;
10272	} else {
10273		ctsio->residual = 0;
10274		ctsio->kern_data_len = alloc_len;
10275		ctsio->kern_total_len = alloc_len;
10276	}
10277	ctsio->kern_data_resid = 0;
10278	ctsio->kern_rel_offset = 0;
10279	ctsio->kern_sg_entries = 0;
10280
10281	/*
10282	 * The control device is always connected.  The disk device, on the
10283	 * other hand, may not be online all the time.
10284	 */
10285	if (lun != NULL)
10286		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10287				     lun->be_lun->lun_type;
10288	else
10289		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10290	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
10291	eid_ptr->page_length = data_len - 4;
10292	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
10293	eid_ptr->flags3 = SVPD_EID_V_SUP;
10294
10295	ctsio->scsi_status = SCSI_STATUS_OK;
10296	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10297	ctsio->be_move_done = ctl_config_move_done;
10298	ctl_datamove((union ctl_io *)ctsio);
10299
10300	return (CTL_RETVAL_COMPLETE);
10301}
10302
10303static int
10304ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
10305{
10306	struct scsi_vpd_mode_page_policy *mpp_ptr;
10307	struct ctl_lun *lun;
10308	int data_len;
10309
10310	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10311
10312	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
10313	    sizeof(struct scsi_vpd_mode_page_policy_descr);
10314
10315	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10316	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
10317	ctsio->kern_sg_entries = 0;
10318
10319	if (data_len < alloc_len) {
10320		ctsio->residual = alloc_len - data_len;
10321		ctsio->kern_data_len = data_len;
10322		ctsio->kern_total_len = data_len;
10323	} else {
10324		ctsio->residual = 0;
10325		ctsio->kern_data_len = alloc_len;
10326		ctsio->kern_total_len = alloc_len;
10327	}
10328	ctsio->kern_data_resid = 0;
10329	ctsio->kern_rel_offset = 0;
10330	ctsio->kern_sg_entries = 0;
10331
10332	/*
10333	 * The control device is always connected.  The disk device, on the
10334	 * other hand, may not be online all the time.
10335	 */
10336	if (lun != NULL)
10337		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10338				     lun->be_lun->lun_type;
10339	else
10340		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10341	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
10342	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
10343	mpp_ptr->descr[0].page_code = 0x3f;
10344	mpp_ptr->descr[0].subpage_code = 0xff;
10345	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
10346
10347	ctsio->scsi_status = SCSI_STATUS_OK;
10348	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10349	ctsio->be_move_done = ctl_config_move_done;
10350	ctl_datamove((union ctl_io *)ctsio);
10351
10352	return (CTL_RETVAL_COMPLETE);
10353}
10354
10355static int
10356ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
10357{
10358	struct scsi_vpd_device_id *devid_ptr;
10359	struct scsi_vpd_id_descriptor *desc;
10360	struct ctl_softc *ctl_softc;
10361	struct ctl_lun *lun;
10362	struct ctl_port *port;
10363	int data_len;
10364	uint8_t proto;
10365
10366	ctl_softc = control_softc;
10367
10368	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
10369	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10370
10371	data_len = sizeof(struct scsi_vpd_device_id) +
10372	    sizeof(struct scsi_vpd_id_descriptor) +
10373		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
10374	    sizeof(struct scsi_vpd_id_descriptor) +
10375		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
10376	if (lun && lun->lun_devid)
10377		data_len += lun->lun_devid->len;
10378	if (port->port_devid)
10379		data_len += port->port_devid->len;
10380	if (port->target_devid)
10381		data_len += port->target_devid->len;
10382
10383	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10384	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
10385	ctsio->kern_sg_entries = 0;
10386
10387	if (data_len < alloc_len) {
10388		ctsio->residual = alloc_len - data_len;
10389		ctsio->kern_data_len = data_len;
10390		ctsio->kern_total_len = data_len;
10391	} else {
10392		ctsio->residual = 0;
10393		ctsio->kern_data_len = alloc_len;
10394		ctsio->kern_total_len = alloc_len;
10395	}
10396	ctsio->kern_data_resid = 0;
10397	ctsio->kern_rel_offset = 0;
10398	ctsio->kern_sg_entries = 0;
10399
10400	/*
10401	 * The control device is always connected.  The disk device, on the
10402	 * other hand, may not be online all the time.
10403	 */
10404	if (lun != NULL)
10405		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10406				     lun->be_lun->lun_type;
10407	else
10408		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10409	devid_ptr->page_code = SVPD_DEVICE_ID;
10410	scsi_ulto2b(data_len - 4, devid_ptr->length);
10411
10412	if (port->port_type == CTL_PORT_FC)
10413		proto = SCSI_PROTO_FC << 4;
10414	else if (port->port_type == CTL_PORT_ISCSI)
10415		proto = SCSI_PROTO_ISCSI << 4;
10416	else
10417		proto = SCSI_PROTO_SPI << 4;
10418	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
10419
10420	/*
10421	 * We're using a LUN association here.  i.e., this device ID is a
10422	 * per-LUN identifier.
10423	 */
10424	if (lun && lun->lun_devid) {
10425		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
10426		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
10427		    lun->lun_devid->len);
10428	}
10429
10430	/*
10431	 * This is for the WWPN which is a port association.
10432	 */
10433	if (port->port_devid) {
10434		memcpy(desc, port->port_devid->data, port->port_devid->len);
10435		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
10436		    port->port_devid->len);
10437	}
10438
10439	/*
10440	 * This is for the Relative Target Port(type 4h) identifier
10441	 */
10442	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
10443	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
10444	    SVPD_ID_TYPE_RELTARG;
10445	desc->length = 4;
10446	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
10447	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10448	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
10449
10450	/*
10451	 * This is for the Target Port Group(type 5h) identifier
10452	 */
10453	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
10454	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
10455	    SVPD_ID_TYPE_TPORTGRP;
10456	desc->length = 4;
10457	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
10458	    &desc->identifier[2]);
10459	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10460	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
10461
10462	/*
10463	 * This is for the Target identifier
10464	 */
10465	if (port->target_devid) {
10466		memcpy(desc, port->target_devid->data, port->target_devid->len);
10467	}
10468
10469	ctsio->scsi_status = SCSI_STATUS_OK;
10470	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10471	ctsio->be_move_done = ctl_config_move_done;
10472	ctl_datamove((union ctl_io *)ctsio);
10473
10474	return (CTL_RETVAL_COMPLETE);
10475}
10476
10477static int
10478ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
10479{
10480	struct ctl_softc *softc = control_softc;
10481	struct scsi_vpd_scsi_ports *sp;
10482	struct scsi_vpd_port_designation *pd;
10483	struct scsi_vpd_port_designation_cont *pdc;
10484	struct ctl_lun *lun;
10485	struct ctl_port *port;
10486	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
10487	int num_target_port_groups, single;
10488
10489	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10490
10491	single = ctl_is_single;
10492	if (single)
10493		num_target_port_groups = 1;
10494	else
10495		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
10496	num_target_ports = 0;
10497	iid_len = 0;
10498	id_len = 0;
10499	mtx_lock(&softc->ctl_lock);
10500	STAILQ_FOREACH(port, &softc->port_list, links) {
10501		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10502			continue;
10503		if (lun != NULL &&
10504		    ctl_map_lun_back(port->targ_port, lun->lun) >=
10505		    CTL_MAX_LUNS)
10506			continue;
10507		num_target_ports++;
10508		if (port->init_devid)
10509			iid_len += port->init_devid->len;
10510		if (port->port_devid)
10511			id_len += port->port_devid->len;
10512	}
10513	mtx_unlock(&softc->ctl_lock);
10514
10515	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
10516	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10517	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10518	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10519	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10520	ctsio->kern_sg_entries = 0;
10521
10522	if (data_len < alloc_len) {
10523		ctsio->residual = alloc_len - data_len;
10524		ctsio->kern_data_len = data_len;
10525		ctsio->kern_total_len = data_len;
10526	} else {
10527		ctsio->residual = 0;
10528		ctsio->kern_data_len = alloc_len;
10529		ctsio->kern_total_len = alloc_len;
10530	}
10531	ctsio->kern_data_resid = 0;
10532	ctsio->kern_rel_offset = 0;
10533	ctsio->kern_sg_entries = 0;
10534
10535	/*
10536	 * The control device is always connected.  The disk device, on the
10537	 * other hand, may not be online all the time.  Need to change this
10538	 * to figure out whether the disk device is actually online or not.
10539	 */
10540	if (lun != NULL)
10541		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10542				  lun->be_lun->lun_type;
10543	else
10544		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10545
10546	sp->page_code = SVPD_SCSI_PORTS;
10547	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10548	    sp->page_length);
10549	pd = &sp->design[0];
10550
10551	mtx_lock(&softc->ctl_lock);
10552	if (softc->flags & CTL_FLAG_MASTER_SHELF)
10553		pg = 0;
10554	else
10555		pg = 1;
10556	for (g = 0; g < num_target_port_groups; g++) {
10557		STAILQ_FOREACH(port, &softc->port_list, links) {
10558			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10559				continue;
10560			if (lun != NULL &&
10561			    ctl_map_lun_back(port->targ_port, lun->lun) >=
10562			    CTL_MAX_LUNS)
10563				continue;
10564			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
10565			scsi_ulto2b(p, pd->relative_port_id);
10566			if (port->init_devid && g == pg) {
10567				iid_len = port->init_devid->len;
10568				memcpy(pd->initiator_transportid,
10569				    port->init_devid->data, port->init_devid->len);
10570			} else
10571				iid_len = 0;
10572			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10573			pdc = (struct scsi_vpd_port_designation_cont *)
10574			    (&pd->initiator_transportid[iid_len]);
10575			if (port->port_devid && g == pg) {
10576				id_len = port->port_devid->len;
10577				memcpy(pdc->target_port_descriptors,
10578				    port->port_devid->data, port->port_devid->len);
10579			} else
10580				id_len = 0;
10581			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10582			pd = (struct scsi_vpd_port_designation *)
10583			    ((uint8_t *)pdc->target_port_descriptors + id_len);
10584		}
10585	}
10586	mtx_unlock(&softc->ctl_lock);
10587
10588	ctsio->scsi_status = SCSI_STATUS_OK;
10589	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10590	ctsio->be_move_done = ctl_config_move_done;
10591	ctl_datamove((union ctl_io *)ctsio);
10592
10593	return (CTL_RETVAL_COMPLETE);
10594}
10595
10596static int
10597ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10598{
10599	struct scsi_vpd_block_limits *bl_ptr;
10600	struct ctl_lun *lun;
10601	int bs;
10602
10603	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10604
10605	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10606	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10607	ctsio->kern_sg_entries = 0;
10608
10609	if (sizeof(*bl_ptr) < alloc_len) {
10610		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10611		ctsio->kern_data_len = sizeof(*bl_ptr);
10612		ctsio->kern_total_len = sizeof(*bl_ptr);
10613	} else {
10614		ctsio->residual = 0;
10615		ctsio->kern_data_len = alloc_len;
10616		ctsio->kern_total_len = alloc_len;
10617	}
10618	ctsio->kern_data_resid = 0;
10619	ctsio->kern_rel_offset = 0;
10620	ctsio->kern_sg_entries = 0;
10621
10622	/*
10623	 * The control device is always connected.  The disk device, on the
10624	 * other hand, may not be online all the time.  Need to change this
10625	 * to figure out whether the disk device is actually online or not.
10626	 */
10627	if (lun != NULL)
10628		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10629				  lun->be_lun->lun_type;
10630	else
10631		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10632
10633	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10634	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10635	bl_ptr->max_cmp_write_len = 0xff;
10636	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10637	if (lun != NULL) {
10638		bs = lun->be_lun->blocksize;
10639		scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
10640		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10641			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10642			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10643			if (lun->be_lun->pblockexp != 0) {
10644				scsi_ulto4b((1 << lun->be_lun->pblockexp),
10645				    bl_ptr->opt_unmap_grain);
10646				scsi_ulto4b(0x80000000 | lun->be_lun->pblockoff,
10647				    bl_ptr->unmap_grain_align);
10648			}
10649		}
10650		scsi_ulto4b(lun->be_lun->atomicblock,
10651		    bl_ptr->max_atomic_transfer_length);
10652		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10653		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10654	}
10655	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10656
10657	ctsio->scsi_status = SCSI_STATUS_OK;
10658	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10659	ctsio->be_move_done = ctl_config_move_done;
10660	ctl_datamove((union ctl_io *)ctsio);
10661
10662	return (CTL_RETVAL_COMPLETE);
10663}
10664
10665static int
10666ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10667{
10668	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10669	struct ctl_lun *lun;
10670
10671	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10672
10673	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10674	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10675	ctsio->kern_sg_entries = 0;
10676
10677	if (sizeof(*bdc_ptr) < alloc_len) {
10678		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10679		ctsio->kern_data_len = sizeof(*bdc_ptr);
10680		ctsio->kern_total_len = sizeof(*bdc_ptr);
10681	} else {
10682		ctsio->residual = 0;
10683		ctsio->kern_data_len = alloc_len;
10684		ctsio->kern_total_len = alloc_len;
10685	}
10686	ctsio->kern_data_resid = 0;
10687	ctsio->kern_rel_offset = 0;
10688	ctsio->kern_sg_entries = 0;
10689
10690	/*
10691	 * The control device is always connected.  The disk device, on the
10692	 * other hand, may not be online all the time.  Need to change this
10693	 * to figure out whether the disk device is actually online or not.
10694	 */
10695	if (lun != NULL)
10696		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10697				  lun->be_lun->lun_type;
10698	else
10699		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10700	bdc_ptr->page_code = SVPD_BDC;
10701	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10702	scsi_ulto2b(SVPD_NON_ROTATING, bdc_ptr->medium_rotation_rate);
10703	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10704
10705	ctsio->scsi_status = SCSI_STATUS_OK;
10706	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10707	ctsio->be_move_done = ctl_config_move_done;
10708	ctl_datamove((union ctl_io *)ctsio);
10709
10710	return (CTL_RETVAL_COMPLETE);
10711}
10712
10713static int
10714ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10715{
10716	struct scsi_vpd_logical_block_prov *lbp_ptr;
10717	struct ctl_lun *lun;
10718
10719	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10720
10721	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10722	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10723	ctsio->kern_sg_entries = 0;
10724
10725	if (sizeof(*lbp_ptr) < alloc_len) {
10726		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10727		ctsio->kern_data_len = sizeof(*lbp_ptr);
10728		ctsio->kern_total_len = sizeof(*lbp_ptr);
10729	} else {
10730		ctsio->residual = 0;
10731		ctsio->kern_data_len = alloc_len;
10732		ctsio->kern_total_len = alloc_len;
10733	}
10734	ctsio->kern_data_resid = 0;
10735	ctsio->kern_rel_offset = 0;
10736	ctsio->kern_sg_entries = 0;
10737
10738	/*
10739	 * The control device is always connected.  The disk device, on the
10740	 * other hand, may not be online all the time.  Need to change this
10741	 * to figure out whether the disk device is actually online or not.
10742	 */
10743	if (lun != NULL)
10744		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10745				  lun->be_lun->lun_type;
10746	else
10747		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10748
10749	lbp_ptr->page_code = SVPD_LBP;
10750	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10751	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10752		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10753		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10754		lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
10755	}
10756
10757	ctsio->scsi_status = SCSI_STATUS_OK;
10758	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10759	ctsio->be_move_done = ctl_config_move_done;
10760	ctl_datamove((union ctl_io *)ctsio);
10761
10762	return (CTL_RETVAL_COMPLETE);
10763}
10764
10765static int
10766ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10767{
10768	struct scsi_inquiry *cdb;
10769	struct ctl_lun *lun;
10770	int alloc_len, retval;
10771
10772	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10773	cdb = (struct scsi_inquiry *)ctsio->cdb;
10774
10775	retval = CTL_RETVAL_COMPLETE;
10776
10777	alloc_len = scsi_2btoul(cdb->length);
10778
10779	switch (cdb->page_code) {
10780	case SVPD_SUPPORTED_PAGES:
10781		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10782		break;
10783	case SVPD_UNIT_SERIAL_NUMBER:
10784		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10785		break;
10786	case SVPD_DEVICE_ID:
10787		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10788		break;
10789	case SVPD_EXTENDED_INQUIRY_DATA:
10790		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10791		break;
10792	case SVPD_MODE_PAGE_POLICY:
10793		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10794		break;
10795	case SVPD_SCSI_PORTS:
10796		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10797		break;
10798	case SVPD_SCSI_TPC:
10799		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10800		break;
10801	case SVPD_BLOCK_LIMITS:
10802		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10803		break;
10804	case SVPD_BDC:
10805		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10806		break;
10807	case SVPD_LBP:
10808		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10809		break;
10810	default:
10811		ctl_set_invalid_field(ctsio,
10812				      /*sks_valid*/ 1,
10813				      /*command*/ 1,
10814				      /*field*/ 2,
10815				      /*bit_valid*/ 0,
10816				      /*bit*/ 0);
10817		ctl_done((union ctl_io *)ctsio);
10818		retval = CTL_RETVAL_COMPLETE;
10819		break;
10820	}
10821
10822	return (retval);
10823}
10824
10825static int
10826ctl_inquiry_std(struct ctl_scsiio *ctsio)
10827{
10828	struct scsi_inquiry_data *inq_ptr;
10829	struct scsi_inquiry *cdb;
10830	struct ctl_softc *ctl_softc;
10831	struct ctl_lun *lun;
10832	char *val;
10833	uint32_t alloc_len, data_len;
10834	ctl_port_type port_type;
10835
10836	ctl_softc = control_softc;
10837
10838	/*
10839	 * Figure out whether we're talking to a Fibre Channel port or not.
10840	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10841	 * SCSI front ends.
10842	 */
10843	port_type = ctl_softc->ctl_ports[
10844	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
10845	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10846		port_type = CTL_PORT_SCSI;
10847
10848	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10849	cdb = (struct scsi_inquiry *)ctsio->cdb;
10850	alloc_len = scsi_2btoul(cdb->length);
10851
10852	/*
10853	 * We malloc the full inquiry data size here and fill it
10854	 * in.  If the user only asks for less, we'll give him
10855	 * that much.
10856	 */
10857	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10858	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10859	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10860	ctsio->kern_sg_entries = 0;
10861	ctsio->kern_data_resid = 0;
10862	ctsio->kern_rel_offset = 0;
10863
10864	if (data_len < alloc_len) {
10865		ctsio->residual = alloc_len - data_len;
10866		ctsio->kern_data_len = data_len;
10867		ctsio->kern_total_len = data_len;
10868	} else {
10869		ctsio->residual = 0;
10870		ctsio->kern_data_len = alloc_len;
10871		ctsio->kern_total_len = alloc_len;
10872	}
10873
10874	/*
10875	 * If we have a LUN configured, report it as connected.  Otherwise,
10876	 * report that it is offline or no device is supported, depending
10877	 * on the value of inquiry_pq_no_lun.
10878	 *
10879	 * According to the spec (SPC-4 r34), the peripheral qualifier
10880	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10881	 *
10882	 * "A peripheral device having the specified peripheral device type
10883	 * is not connected to this logical unit. However, the device
10884	 * server is capable of supporting the specified peripheral device
10885	 * type on this logical unit."
10886	 *
10887	 * According to the same spec, the peripheral qualifier
10888	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10889	 *
10890	 * "The device server is not capable of supporting a peripheral
10891	 * device on this logical unit. For this peripheral qualifier the
10892	 * peripheral device type shall be set to 1Fh. All other peripheral
10893	 * device type values are reserved for this peripheral qualifier."
10894	 *
10895	 * Given the text, it would seem that we probably want to report that
10896	 * the LUN is offline here.  There is no LUN connected, but we can
10897	 * support a LUN at the given LUN number.
10898	 *
10899	 * In the real world, though, it sounds like things are a little
10900	 * different:
10901	 *
10902	 * - Linux, when presented with a LUN with the offline peripheral
10903	 *   qualifier, will create an sg driver instance for it.  So when
10904	 *   you attach it to CTL, you wind up with a ton of sg driver
10905	 *   instances.  (One for every LUN that Linux bothered to probe.)
10906	 *   Linux does this despite the fact that it issues a REPORT LUNs
10907	 *   to LUN 0 to get the inventory of supported LUNs.
10908	 *
10909	 * - There is other anecdotal evidence (from Emulex folks) about
10910	 *   arrays that use the offline peripheral qualifier for LUNs that
10911	 *   are on the "passive" path in an active/passive array.
10912	 *
10913	 * So the solution is provide a hopefully reasonable default
10914	 * (return bad/no LUN) and allow the user to change the behavior
10915	 * with a tunable/sysctl variable.
10916	 */
10917	if (lun != NULL)
10918		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10919				  lun->be_lun->lun_type;
10920	else if (ctl_softc->inquiry_pq_no_lun == 0)
10921		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10922	else
10923		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10924
10925	/* RMB in byte 2 is 0 */
10926	inq_ptr->version = SCSI_REV_SPC4;
10927
10928	/*
10929	 * According to SAM-3, even if a device only supports a single
10930	 * level of LUN addressing, it should still set the HISUP bit:
10931	 *
10932	 * 4.9.1 Logical unit numbers overview
10933	 *
10934	 * All logical unit number formats described in this standard are
10935	 * hierarchical in structure even when only a single level in that
10936	 * hierarchy is used. The HISUP bit shall be set to one in the
10937	 * standard INQUIRY data (see SPC-2) when any logical unit number
10938	 * format described in this standard is used.  Non-hierarchical
10939	 * formats are outside the scope of this standard.
10940	 *
10941	 * Therefore we set the HiSup bit here.
10942	 *
10943	 * The reponse format is 2, per SPC-3.
10944	 */
10945	inq_ptr->response_format = SID_HiSup | 2;
10946
10947	inq_ptr->additional_length = data_len -
10948	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10949	CTL_DEBUG_PRINT(("additional_length = %d\n",
10950			 inq_ptr->additional_length));
10951
10952	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10953	/* 16 bit addressing */
10954	if (port_type == CTL_PORT_SCSI)
10955		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10956	/* XXX set the SID_MultiP bit here if we're actually going to
10957	   respond on multiple ports */
10958	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10959
10960	/* 16 bit data bus, synchronous transfers */
10961	if (port_type == CTL_PORT_SCSI)
10962		inq_ptr->flags = SID_WBus16 | SID_Sync;
10963	/*
10964	 * XXX KDM do we want to support tagged queueing on the control
10965	 * device at all?
10966	 */
10967	if ((lun == NULL)
10968	 || (lun->be_lun->lun_type != T_PROCESSOR))
10969		inq_ptr->flags |= SID_CmdQue;
10970	/*
10971	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10972	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10973	 * name and 4 bytes for the revision.
10974	 */
10975	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10976	    "vendor")) == NULL) {
10977		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10978	} else {
10979		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10980		strncpy(inq_ptr->vendor, val,
10981		    min(sizeof(inq_ptr->vendor), strlen(val)));
10982	}
10983	if (lun == NULL) {
10984		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10985		    sizeof(inq_ptr->product));
10986	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10987		switch (lun->be_lun->lun_type) {
10988		case T_DIRECT:
10989			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10990			    sizeof(inq_ptr->product));
10991			break;
10992		case T_PROCESSOR:
10993			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10994			    sizeof(inq_ptr->product));
10995			break;
10996		default:
10997			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10998			    sizeof(inq_ptr->product));
10999			break;
11000		}
11001	} else {
11002		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
11003		strncpy(inq_ptr->product, val,
11004		    min(sizeof(inq_ptr->product), strlen(val)));
11005	}
11006
11007	/*
11008	 * XXX make this a macro somewhere so it automatically gets
11009	 * incremented when we make changes.
11010	 */
11011	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
11012	    "revision")) == NULL) {
11013		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
11014	} else {
11015		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
11016		strncpy(inq_ptr->revision, val,
11017		    min(sizeof(inq_ptr->revision), strlen(val)));
11018	}
11019
11020	/*
11021	 * For parallel SCSI, we support double transition and single
11022	 * transition clocking.  We also support QAS (Quick Arbitration
11023	 * and Selection) and Information Unit transfers on both the
11024	 * control and array devices.
11025	 */
11026	if (port_type == CTL_PORT_SCSI)
11027		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
11028				    SID_SPI_IUS;
11029
11030	/* SAM-5 (no version claimed) */
11031	scsi_ulto2b(0x00A0, inq_ptr->version1);
11032	/* SPC-4 (no version claimed) */
11033	scsi_ulto2b(0x0460, inq_ptr->version2);
11034	if (port_type == CTL_PORT_FC) {
11035		/* FCP-2 ANSI INCITS.350:2003 */
11036		scsi_ulto2b(0x0917, inq_ptr->version3);
11037	} else if (port_type == CTL_PORT_SCSI) {
11038		/* SPI-4 ANSI INCITS.362:200x */
11039		scsi_ulto2b(0x0B56, inq_ptr->version3);
11040	} else if (port_type == CTL_PORT_ISCSI) {
11041		/* iSCSI (no version claimed) */
11042		scsi_ulto2b(0x0960, inq_ptr->version3);
11043	} else if (port_type == CTL_PORT_SAS) {
11044		/* SAS (no version claimed) */
11045		scsi_ulto2b(0x0BE0, inq_ptr->version3);
11046	}
11047
11048	if (lun == NULL) {
11049		/* SBC-4 (no version claimed) */
11050		scsi_ulto2b(0x0600, inq_ptr->version4);
11051	} else {
11052		switch (lun->be_lun->lun_type) {
11053		case T_DIRECT:
11054			/* SBC-4 (no version claimed) */
11055			scsi_ulto2b(0x0600, inq_ptr->version4);
11056			break;
11057		case T_PROCESSOR:
11058		default:
11059			break;
11060		}
11061	}
11062
11063	ctsio->scsi_status = SCSI_STATUS_OK;
11064	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
11065	ctsio->be_move_done = ctl_config_move_done;
11066	ctl_datamove((union ctl_io *)ctsio);
11067	return (CTL_RETVAL_COMPLETE);
11068}
11069
11070int
11071ctl_inquiry(struct ctl_scsiio *ctsio)
11072{
11073	struct scsi_inquiry *cdb;
11074	int retval;
11075
11076	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
11077
11078	cdb = (struct scsi_inquiry *)ctsio->cdb;
11079	if (cdb->byte2 & SI_EVPD)
11080		retval = ctl_inquiry_evpd(ctsio);
11081	else if (cdb->page_code == 0)
11082		retval = ctl_inquiry_std(ctsio);
11083	else {
11084		ctl_set_invalid_field(ctsio,
11085				      /*sks_valid*/ 1,
11086				      /*command*/ 1,
11087				      /*field*/ 2,
11088				      /*bit_valid*/ 0,
11089				      /*bit*/ 0);
11090		ctl_done((union ctl_io *)ctsio);
11091		return (CTL_RETVAL_COMPLETE);
11092	}
11093
11094	return (retval);
11095}
11096
11097/*
11098 * For known CDB types, parse the LBA and length.
11099 */
11100static int
11101ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
11102{
11103	if (io->io_hdr.io_type != CTL_IO_SCSI)
11104		return (1);
11105
11106	switch (io->scsiio.cdb[0]) {
11107	case COMPARE_AND_WRITE: {
11108		struct scsi_compare_and_write *cdb;
11109
11110		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
11111
11112		*lba = scsi_8btou64(cdb->addr);
11113		*len = cdb->length;
11114		break;
11115	}
11116	case READ_6:
11117	case WRITE_6: {
11118		struct scsi_rw_6 *cdb;
11119
11120		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
11121
11122		*lba = scsi_3btoul(cdb->addr);
11123		/* only 5 bits are valid in the most significant address byte */
11124		*lba &= 0x1fffff;
11125		*len = cdb->length;
11126		break;
11127	}
11128	case READ_10:
11129	case WRITE_10: {
11130		struct scsi_rw_10 *cdb;
11131
11132		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
11133
11134		*lba = scsi_4btoul(cdb->addr);
11135		*len = scsi_2btoul(cdb->length);
11136		break;
11137	}
11138	case WRITE_VERIFY_10: {
11139		struct scsi_write_verify_10 *cdb;
11140
11141		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
11142
11143		*lba = scsi_4btoul(cdb->addr);
11144		*len = scsi_2btoul(cdb->length);
11145		break;
11146	}
11147	case READ_12:
11148	case WRITE_12: {
11149		struct scsi_rw_12 *cdb;
11150
11151		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
11152
11153		*lba = scsi_4btoul(cdb->addr);
11154		*len = scsi_4btoul(cdb->length);
11155		break;
11156	}
11157	case WRITE_VERIFY_12: {
11158		struct scsi_write_verify_12 *cdb;
11159
11160		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
11161
11162		*lba = scsi_4btoul(cdb->addr);
11163		*len = scsi_4btoul(cdb->length);
11164		break;
11165	}
11166	case READ_16:
11167	case WRITE_16:
11168	case WRITE_ATOMIC_16: {
11169		struct scsi_rw_16 *cdb;
11170
11171		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
11172
11173		*lba = scsi_8btou64(cdb->addr);
11174		*len = scsi_4btoul(cdb->length);
11175		break;
11176	}
11177	case WRITE_VERIFY_16: {
11178		struct scsi_write_verify_16 *cdb;
11179
11180		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
11181
11182		*lba = scsi_8btou64(cdb->addr);
11183		*len = scsi_4btoul(cdb->length);
11184		break;
11185	}
11186	case WRITE_SAME_10: {
11187		struct scsi_write_same_10 *cdb;
11188
11189		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
11190
11191		*lba = scsi_4btoul(cdb->addr);
11192		*len = scsi_2btoul(cdb->length);
11193		break;
11194	}
11195	case WRITE_SAME_16: {
11196		struct scsi_write_same_16 *cdb;
11197
11198		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
11199
11200		*lba = scsi_8btou64(cdb->addr);
11201		*len = scsi_4btoul(cdb->length);
11202		break;
11203	}
11204	case VERIFY_10: {
11205		struct scsi_verify_10 *cdb;
11206
11207		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
11208
11209		*lba = scsi_4btoul(cdb->addr);
11210		*len = scsi_2btoul(cdb->length);
11211		break;
11212	}
11213	case VERIFY_12: {
11214		struct scsi_verify_12 *cdb;
11215
11216		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
11217
11218		*lba = scsi_4btoul(cdb->addr);
11219		*len = scsi_4btoul(cdb->length);
11220		break;
11221	}
11222	case VERIFY_16: {
11223		struct scsi_verify_16 *cdb;
11224
11225		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
11226
11227		*lba = scsi_8btou64(cdb->addr);
11228		*len = scsi_4btoul(cdb->length);
11229		break;
11230	}
11231	case UNMAP: {
11232		*lba = 0;
11233		*len = UINT64_MAX;
11234		break;
11235	}
11236	default:
11237		return (1);
11238		break; /* NOTREACHED */
11239	}
11240
11241	return (0);
11242}
11243
11244static ctl_action
11245ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2)
11246{
11247	uint64_t endlba1, endlba2;
11248
11249	endlba1 = lba1 + len1 - 1;
11250	endlba2 = lba2 + len2 - 1;
11251
11252	if ((endlba1 < lba2)
11253	 || (endlba2 < lba1))
11254		return (CTL_ACTION_PASS);
11255	else
11256		return (CTL_ACTION_BLOCK);
11257}
11258
11259static int
11260ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
11261{
11262	struct ctl_ptr_len_flags *ptrlen;
11263	struct scsi_unmap_desc *buf, *end, *range;
11264	uint64_t lba;
11265	uint32_t len;
11266
11267	/* If not UNMAP -- go other way. */
11268	if (io->io_hdr.io_type != CTL_IO_SCSI ||
11269	    io->scsiio.cdb[0] != UNMAP)
11270		return (CTL_ACTION_ERROR);
11271
11272	/* If UNMAP without data -- block and wait for data. */
11273	ptrlen = (struct ctl_ptr_len_flags *)
11274	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
11275	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
11276	    ptrlen->ptr == NULL)
11277		return (CTL_ACTION_BLOCK);
11278
11279	/* UNMAP with data -- check for collision. */
11280	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
11281	end = buf + ptrlen->len / sizeof(*buf);
11282	for (range = buf; range < end; range++) {
11283		lba = scsi_8btou64(range->lba);
11284		len = scsi_4btoul(range->length);
11285		if ((lba < lba2 + len2) && (lba + len > lba2))
11286			return (CTL_ACTION_BLOCK);
11287	}
11288	return (CTL_ACTION_PASS);
11289}
11290
11291static ctl_action
11292ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
11293{
11294	uint64_t lba1, lba2;
11295	uint64_t len1, len2;
11296	int retval;
11297
11298	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
11299		return (CTL_ACTION_ERROR);
11300
11301	retval = ctl_extent_check_unmap(io2, lba1, len1);
11302	if (retval != CTL_ACTION_ERROR)
11303		return (retval);
11304
11305	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
11306		return (CTL_ACTION_ERROR);
11307
11308	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
11309}
11310
11311static ctl_action
11312ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
11313    union ctl_io *ooa_io)
11314{
11315	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
11316	ctl_serialize_action *serialize_row;
11317
11318	/*
11319	 * The initiator attempted multiple untagged commands at the same
11320	 * time.  Can't do that.
11321	 */
11322	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11323	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11324	 && ((pending_io->io_hdr.nexus.targ_port ==
11325	      ooa_io->io_hdr.nexus.targ_port)
11326	  && (pending_io->io_hdr.nexus.initid.id ==
11327	      ooa_io->io_hdr.nexus.initid.id))
11328	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
11329		return (CTL_ACTION_OVERLAP);
11330
11331	/*
11332	 * The initiator attempted to send multiple tagged commands with
11333	 * the same ID.  (It's fine if different initiators have the same
11334	 * tag ID.)
11335	 *
11336	 * Even if all of those conditions are true, we don't kill the I/O
11337	 * if the command ahead of us has been aborted.  We won't end up
11338	 * sending it to the FETD, and it's perfectly legal to resend a
11339	 * command with the same tag number as long as the previous
11340	 * instance of this tag number has been aborted somehow.
11341	 */
11342	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
11343	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
11344	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
11345	 && ((pending_io->io_hdr.nexus.targ_port ==
11346	      ooa_io->io_hdr.nexus.targ_port)
11347	  && (pending_io->io_hdr.nexus.initid.id ==
11348	      ooa_io->io_hdr.nexus.initid.id))
11349	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
11350		return (CTL_ACTION_OVERLAP_TAG);
11351
11352	/*
11353	 * If we get a head of queue tag, SAM-3 says that we should
11354	 * immediately execute it.
11355	 *
11356	 * What happens if this command would normally block for some other
11357	 * reason?  e.g. a request sense with a head of queue tag
11358	 * immediately after a write.  Normally that would block, but this
11359	 * will result in its getting executed immediately...
11360	 *
11361	 * We currently return "pass" instead of "skip", so we'll end up
11362	 * going through the rest of the queue to check for overlapped tags.
11363	 *
11364	 * XXX KDM check for other types of blockage first??
11365	 */
11366	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11367		return (CTL_ACTION_PASS);
11368
11369	/*
11370	 * Ordered tags have to block until all items ahead of them
11371	 * have completed.  If we get called with an ordered tag, we always
11372	 * block, if something else is ahead of us in the queue.
11373	 */
11374	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
11375		return (CTL_ACTION_BLOCK);
11376
11377	/*
11378	 * Simple tags get blocked until all head of queue and ordered tags
11379	 * ahead of them have completed.  I'm lumping untagged commands in
11380	 * with simple tags here.  XXX KDM is that the right thing to do?
11381	 */
11382	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11383	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
11384	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11385	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
11386		return (CTL_ACTION_BLOCK);
11387
11388	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
11389	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
11390
11391	serialize_row = ctl_serialize_table[ooa_entry->seridx];
11392
11393	switch (serialize_row[pending_entry->seridx]) {
11394	case CTL_SER_BLOCK:
11395		return (CTL_ACTION_BLOCK);
11396	case CTL_SER_EXTENT:
11397		return (ctl_extent_check(pending_io, ooa_io));
11398	case CTL_SER_EXTENTOPT:
11399		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11400		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11401			return (ctl_extent_check(pending_io, ooa_io));
11402		/* FALLTHROUGH */
11403	case CTL_SER_PASS:
11404		return (CTL_ACTION_PASS);
11405	case CTL_SER_BLOCKOPT:
11406		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11407		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11408			return (CTL_ACTION_BLOCK);
11409		return (CTL_ACTION_PASS);
11410	case CTL_SER_SKIP:
11411		return (CTL_ACTION_SKIP);
11412	default:
11413		panic("invalid serialization value %d",
11414		      serialize_row[pending_entry->seridx]);
11415	}
11416
11417	return (CTL_ACTION_ERROR);
11418}
11419
11420/*
11421 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
11422 * Assumptions:
11423 * - pending_io is generally either incoming, or on the blocked queue
11424 * - starting I/O is the I/O we want to start the check with.
11425 */
11426static ctl_action
11427ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
11428	      union ctl_io *starting_io)
11429{
11430	union ctl_io *ooa_io;
11431	ctl_action action;
11432
11433	mtx_assert(&lun->lun_lock, MA_OWNED);
11434
11435	/*
11436	 * Run back along the OOA queue, starting with the current
11437	 * blocked I/O and going through every I/O before it on the
11438	 * queue.  If starting_io is NULL, we'll just end up returning
11439	 * CTL_ACTION_PASS.
11440	 */
11441	for (ooa_io = starting_io; ooa_io != NULL;
11442	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11443	     ooa_links)){
11444
11445		/*
11446		 * This routine just checks to see whether
11447		 * cur_blocked is blocked by ooa_io, which is ahead
11448		 * of it in the queue.  It doesn't queue/dequeue
11449		 * cur_blocked.
11450		 */
11451		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11452		switch (action) {
11453		case CTL_ACTION_BLOCK:
11454		case CTL_ACTION_OVERLAP:
11455		case CTL_ACTION_OVERLAP_TAG:
11456		case CTL_ACTION_SKIP:
11457		case CTL_ACTION_ERROR:
11458			return (action);
11459			break; /* NOTREACHED */
11460		case CTL_ACTION_PASS:
11461			break;
11462		default:
11463			panic("invalid action %d", action);
11464			break;  /* NOTREACHED */
11465		}
11466	}
11467
11468	return (CTL_ACTION_PASS);
11469}
11470
11471/*
11472 * Assumptions:
11473 * - An I/O has just completed, and has been removed from the per-LUN OOA
11474 *   queue, so some items on the blocked queue may now be unblocked.
11475 */
11476static int
11477ctl_check_blocked(struct ctl_lun *lun)
11478{
11479	union ctl_io *cur_blocked, *next_blocked;
11480
11481	mtx_assert(&lun->lun_lock, MA_OWNED);
11482
11483	/*
11484	 * Run forward from the head of the blocked queue, checking each
11485	 * entry against the I/Os prior to it on the OOA queue to see if
11486	 * there is still any blockage.
11487	 *
11488	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11489	 * with our removing a variable on it while it is traversing the
11490	 * list.
11491	 */
11492	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11493	     cur_blocked != NULL; cur_blocked = next_blocked) {
11494		union ctl_io *prev_ooa;
11495		ctl_action action;
11496
11497		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11498							  blocked_links);
11499
11500		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11501						      ctl_ooaq, ooa_links);
11502
11503		/*
11504		 * If cur_blocked happens to be the first item in the OOA
11505		 * queue now, prev_ooa will be NULL, and the action
11506		 * returned will just be CTL_ACTION_PASS.
11507		 */
11508		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11509
11510		switch (action) {
11511		case CTL_ACTION_BLOCK:
11512			/* Nothing to do here, still blocked */
11513			break;
11514		case CTL_ACTION_OVERLAP:
11515		case CTL_ACTION_OVERLAP_TAG:
11516			/*
11517			 * This shouldn't happen!  In theory we've already
11518			 * checked this command for overlap...
11519			 */
11520			break;
11521		case CTL_ACTION_PASS:
11522		case CTL_ACTION_SKIP: {
11523			struct ctl_softc *softc;
11524			const struct ctl_cmd_entry *entry;
11525			uint32_t initidx;
11526			int isc_retval;
11527
11528			/*
11529			 * The skip case shouldn't happen, this transaction
11530			 * should have never made it onto the blocked queue.
11531			 */
11532			/*
11533			 * This I/O is no longer blocked, we can remove it
11534			 * from the blocked queue.  Since this is a TAILQ
11535			 * (doubly linked list), we can do O(1) removals
11536			 * from any place on the list.
11537			 */
11538			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11539				     blocked_links);
11540			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11541
11542			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
11543				/*
11544				 * Need to send IO back to original side to
11545				 * run
11546				 */
11547				union ctl_ha_msg msg_info;
11548
11549				msg_info.hdr.original_sc =
11550					cur_blocked->io_hdr.original_sc;
11551				msg_info.hdr.serializing_sc = cur_blocked;
11552				msg_info.hdr.msg_type = CTL_MSG_R2R;
11553				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11554				     &msg_info, sizeof(msg_info), 0)) >
11555				     CTL_HA_STATUS_SUCCESS) {
11556					printf("CTL:Check Blocked error from "
11557					       "ctl_ha_msg_send %d\n",
11558					       isc_retval);
11559				}
11560				break;
11561			}
11562			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11563			softc = control_softc;
11564
11565			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
11566
11567			/*
11568			 * Check this I/O for LUN state changes that may
11569			 * have happened while this command was blocked.
11570			 * The LUN state may have been changed by a command
11571			 * ahead of us in the queue, so we need to re-check
11572			 * for any states that can be caused by SCSI
11573			 * commands.
11574			 */
11575			if (ctl_scsiio_lun_check(softc, lun, entry,
11576						 &cur_blocked->scsiio) == 0) {
11577				cur_blocked->io_hdr.flags |=
11578				                      CTL_FLAG_IS_WAS_ON_RTR;
11579				ctl_enqueue_rtr(cur_blocked);
11580			} else
11581				ctl_done(cur_blocked);
11582			break;
11583		}
11584		default:
11585			/*
11586			 * This probably shouldn't happen -- we shouldn't
11587			 * get CTL_ACTION_ERROR, or anything else.
11588			 */
11589			break;
11590		}
11591	}
11592
11593	return (CTL_RETVAL_COMPLETE);
11594}
11595
11596/*
11597 * This routine (with one exception) checks LUN flags that can be set by
11598 * commands ahead of us in the OOA queue.  These flags have to be checked
11599 * when a command initially comes in, and when we pull a command off the
11600 * blocked queue and are preparing to execute it.  The reason we have to
11601 * check these flags for commands on the blocked queue is that the LUN
11602 * state may have been changed by a command ahead of us while we're on the
11603 * blocked queue.
11604 *
11605 * Ordering is somewhat important with these checks, so please pay
11606 * careful attention to the placement of any new checks.
11607 */
11608static int
11609ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
11610    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11611{
11612	int retval;
11613	uint32_t residx;
11614
11615	retval = 0;
11616
11617	mtx_assert(&lun->lun_lock, MA_OWNED);
11618
11619	/*
11620	 * If this shelf is a secondary shelf controller, we have to reject
11621	 * any media access commands.
11622	 */
11623#if 0
11624	/* No longer needed for HA */
11625	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
11626	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
11627		ctl_set_lun_standby(ctsio);
11628		retval = 1;
11629		goto bailout;
11630	}
11631#endif
11632
11633	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11634		if (lun->flags & CTL_LUN_READONLY) {
11635			ctl_set_sense(ctsio, /*current_error*/ 1,
11636			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11637			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
11638			retval = 1;
11639			goto bailout;
11640		}
11641		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11642		    .eca_and_aen & SCP_SWP) != 0) {
11643			ctl_set_sense(ctsio, /*current_error*/ 1,
11644			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11645			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11646			retval = 1;
11647			goto bailout;
11648		}
11649	}
11650
11651	/*
11652	 * Check for a reservation conflict.  If this command isn't allowed
11653	 * even on reserved LUNs, and if this initiator isn't the one who
11654	 * reserved us, reject the command with a reservation conflict.
11655	 */
11656	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
11657	if ((lun->flags & CTL_LUN_RESERVED)
11658	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11659		if (lun->res_idx != residx) {
11660			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
11661			ctsio->io_hdr.status = CTL_SCSI_ERROR;
11662			retval = 1;
11663			goto bailout;
11664		}
11665	}
11666
11667	if ((lun->flags & CTL_LUN_PR_RESERVED)
11668	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV) == 0)) {
11669		/*
11670		 * if we aren't registered or it's a res holder type
11671		 * reservation and this isn't the res holder then set a
11672		 * conflict.
11673		 * NOTE: Commands which might be allowed on write exclusive
11674		 * type reservations are checked in the particular command
11675		 * for a conflict. Read and SSU are the only ones.
11676		 */
11677		if (lun->pr_keys[residx] == 0
11678		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11679			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
11680			ctsio->io_hdr.status = CTL_SCSI_ERROR;
11681			retval = 1;
11682			goto bailout;
11683		}
11684
11685	}
11686
11687	if ((lun->flags & CTL_LUN_OFFLINE)
11688	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
11689		ctl_set_lun_not_ready(ctsio);
11690		retval = 1;
11691		goto bailout;
11692	}
11693
11694	/*
11695	 * If the LUN is stopped, see if this particular command is allowed
11696	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
11697	 */
11698	if ((lun->flags & CTL_LUN_STOPPED)
11699	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11700		/* "Logical unit not ready, initializing cmd. required" */
11701		ctl_set_lun_stopped(ctsio);
11702		retval = 1;
11703		goto bailout;
11704	}
11705
11706	if ((lun->flags & CTL_LUN_INOPERABLE)
11707	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11708		/* "Medium format corrupted" */
11709		ctl_set_medium_format_corrupted(ctsio);
11710		retval = 1;
11711		goto bailout;
11712	}
11713
11714bailout:
11715	return (retval);
11716
11717}
11718
11719static void
11720ctl_failover_io(union ctl_io *io, int have_lock)
11721{
11722	ctl_set_busy(&io->scsiio);
11723	ctl_done(io);
11724}
11725
11726static void
11727ctl_failover(void)
11728{
11729	struct ctl_lun *lun;
11730	struct ctl_softc *ctl_softc;
11731	union ctl_io *next_io, *pending_io;
11732	union ctl_io *io;
11733	int lun_idx;
11734	int i;
11735
11736	ctl_softc = control_softc;
11737
11738	mtx_lock(&ctl_softc->ctl_lock);
11739	/*
11740	 * Remove any cmds from the other SC from the rtr queue.  These
11741	 * will obviously only be for LUNs for which we're the primary.
11742	 * We can't send status or get/send data for these commands.
11743	 * Since they haven't been executed yet, we can just remove them.
11744	 * We'll either abort them or delete them below, depending on
11745	 * which HA mode we're in.
11746	 */
11747#ifdef notyet
11748	mtx_lock(&ctl_softc->queue_lock);
11749	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
11750	     io != NULL; io = next_io) {
11751		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
11752		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11753			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
11754				      ctl_io_hdr, links);
11755	}
11756	mtx_unlock(&ctl_softc->queue_lock);
11757#endif
11758
11759	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
11760		lun = ctl_softc->ctl_luns[lun_idx];
11761		if (lun==NULL)
11762			continue;
11763
11764		/*
11765		 * Processor LUNs are primary on both sides.
11766		 * XXX will this always be true?
11767		 */
11768		if (lun->be_lun->lun_type == T_PROCESSOR)
11769			continue;
11770
11771		if ((lun->flags & CTL_LUN_PRIMARY_SC)
11772		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11773			printf("FAILOVER: primary lun %d\n", lun_idx);
11774		        /*
11775			 * Remove all commands from the other SC. First from the
11776			 * blocked queue then from the ooa queue. Once we have
11777			 * removed them. Call ctl_check_blocked to see if there
11778			 * is anything that can run.
11779			 */
11780			for (io = (union ctl_io *)TAILQ_FIRST(
11781			     &lun->blocked_queue); io != NULL; io = next_io) {
11782
11783		        	next_io = (union ctl_io *)TAILQ_NEXT(
11784				    &io->io_hdr, blocked_links);
11785
11786				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11787					TAILQ_REMOVE(&lun->blocked_queue,
11788						     &io->io_hdr,blocked_links);
11789					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11790					TAILQ_REMOVE(&lun->ooa_queue,
11791						     &io->io_hdr, ooa_links);
11792
11793					ctl_free_io(io);
11794				}
11795			}
11796
11797			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11798	     		     io != NULL; io = next_io) {
11799
11800		        	next_io = (union ctl_io *)TAILQ_NEXT(
11801				    &io->io_hdr, ooa_links);
11802
11803				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11804
11805					TAILQ_REMOVE(&lun->ooa_queue,
11806						&io->io_hdr,
11807					     	ooa_links);
11808
11809					ctl_free_io(io);
11810				}
11811			}
11812			ctl_check_blocked(lun);
11813		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
11814			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11815
11816			printf("FAILOVER: primary lun %d\n", lun_idx);
11817			/*
11818			 * Abort all commands from the other SC.  We can't
11819			 * send status back for them now.  These should get
11820			 * cleaned up when they are completed or come out
11821			 * for a datamove operation.
11822			 */
11823			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11824	     		     io != NULL; io = next_io) {
11825		        	next_io = (union ctl_io *)TAILQ_NEXT(
11826					&io->io_hdr, ooa_links);
11827
11828				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11829					io->io_hdr.flags |= CTL_FLAG_ABORT;
11830			}
11831		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11832			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11833
11834			printf("FAILOVER: secondary lun %d\n", lun_idx);
11835
11836			lun->flags |= CTL_LUN_PRIMARY_SC;
11837
11838			/*
11839			 * We send all I/O that was sent to this controller
11840			 * and redirected to the other side back with
11841			 * busy status, and have the initiator retry it.
11842			 * Figuring out how much data has been transferred,
11843			 * etc. and picking up where we left off would be
11844			 * very tricky.
11845			 *
11846			 * XXX KDM need to remove I/O from the blocked
11847			 * queue as well!
11848			 */
11849			for (pending_io = (union ctl_io *)TAILQ_FIRST(
11850			     &lun->ooa_queue); pending_io != NULL;
11851			     pending_io = next_io) {
11852
11853				next_io =  (union ctl_io *)TAILQ_NEXT(
11854					&pending_io->io_hdr, ooa_links);
11855
11856				pending_io->io_hdr.flags &=
11857					~CTL_FLAG_SENT_2OTHER_SC;
11858
11859				if (pending_io->io_hdr.flags &
11860				    CTL_FLAG_IO_ACTIVE) {
11861					pending_io->io_hdr.flags |=
11862						CTL_FLAG_FAILOVER;
11863				} else {
11864					ctl_set_busy(&pending_io->scsiio);
11865					ctl_done(pending_io);
11866				}
11867			}
11868
11869			/*
11870			 * Build Unit Attention
11871			 */
11872			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11873				lun->pending_ua[i] |=
11874				                     CTL_UA_ASYM_ACC_CHANGE;
11875			}
11876		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11877			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11878			printf("FAILOVER: secondary lun %d\n", lun_idx);
11879			/*
11880			 * if the first io on the OOA is not on the RtR queue
11881			 * add it.
11882			 */
11883			lun->flags |= CTL_LUN_PRIMARY_SC;
11884
11885			pending_io = (union ctl_io *)TAILQ_FIRST(
11886			    &lun->ooa_queue);
11887			if (pending_io==NULL) {
11888				printf("Nothing on OOA queue\n");
11889				continue;
11890			}
11891
11892			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11893			if ((pending_io->io_hdr.flags &
11894			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11895				pending_io->io_hdr.flags |=
11896				    CTL_FLAG_IS_WAS_ON_RTR;
11897				ctl_enqueue_rtr(pending_io);
11898			}
11899#if 0
11900			else
11901			{
11902				printf("Tag 0x%04x is running\n",
11903				      pending_io->scsiio.tag_num);
11904			}
11905#endif
11906
11907			next_io = (union ctl_io *)TAILQ_NEXT(
11908			    &pending_io->io_hdr, ooa_links);
11909			for (pending_io=next_io; pending_io != NULL;
11910			     pending_io = next_io) {
11911				pending_io->io_hdr.flags &=
11912				    ~CTL_FLAG_SENT_2OTHER_SC;
11913				next_io = (union ctl_io *)TAILQ_NEXT(
11914					&pending_io->io_hdr, ooa_links);
11915				if (pending_io->io_hdr.flags &
11916				    CTL_FLAG_IS_WAS_ON_RTR) {
11917#if 0
11918				        printf("Tag 0x%04x is running\n",
11919				      		pending_io->scsiio.tag_num);
11920#endif
11921					continue;
11922				}
11923
11924				switch (ctl_check_ooa(lun, pending_io,
11925			            (union ctl_io *)TAILQ_PREV(
11926				    &pending_io->io_hdr, ctl_ooaq,
11927				    ooa_links))) {
11928
11929				case CTL_ACTION_BLOCK:
11930					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11931							  &pending_io->io_hdr,
11932							  blocked_links);
11933					pending_io->io_hdr.flags |=
11934					    CTL_FLAG_BLOCKED;
11935					break;
11936				case CTL_ACTION_PASS:
11937				case CTL_ACTION_SKIP:
11938					pending_io->io_hdr.flags |=
11939					    CTL_FLAG_IS_WAS_ON_RTR;
11940					ctl_enqueue_rtr(pending_io);
11941					break;
11942				case CTL_ACTION_OVERLAP:
11943					ctl_set_overlapped_cmd(
11944					    (struct ctl_scsiio *)pending_io);
11945					ctl_done(pending_io);
11946					break;
11947				case CTL_ACTION_OVERLAP_TAG:
11948					ctl_set_overlapped_tag(
11949					    (struct ctl_scsiio *)pending_io,
11950					    pending_io->scsiio.tag_num & 0xff);
11951					ctl_done(pending_io);
11952					break;
11953				case CTL_ACTION_ERROR:
11954				default:
11955					ctl_set_internal_failure(
11956						(struct ctl_scsiio *)pending_io,
11957						0,  // sks_valid
11958						0); //retry count
11959					ctl_done(pending_io);
11960					break;
11961				}
11962			}
11963
11964			/*
11965			 * Build Unit Attention
11966			 */
11967			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11968				lun->pending_ua[i] |=
11969				                     CTL_UA_ASYM_ACC_CHANGE;
11970			}
11971		} else {
11972			panic("Unhandled HA mode failover, LUN flags = %#x, "
11973			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
11974		}
11975	}
11976	ctl_pause_rtr = 0;
11977	mtx_unlock(&ctl_softc->ctl_lock);
11978}
11979
11980static int
11981ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
11982{
11983	struct ctl_lun *lun;
11984	const struct ctl_cmd_entry *entry;
11985	uint32_t initidx, targ_lun;
11986	int retval;
11987
11988	retval = 0;
11989
11990	lun = NULL;
11991
11992	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11993	if ((targ_lun < CTL_MAX_LUNS)
11994	 && (ctl_softc->ctl_luns[targ_lun] != NULL)) {
11995		lun = ctl_softc->ctl_luns[targ_lun];
11996		/*
11997		 * If the LUN is invalid, pretend that it doesn't exist.
11998		 * It will go away as soon as all pending I/O has been
11999		 * completed.
12000		 */
12001		if (lun->flags & CTL_LUN_DISABLED) {
12002			lun = NULL;
12003		} else {
12004			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
12005			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
12006				lun->be_lun;
12007			if (lun->be_lun->lun_type == T_PROCESSOR) {
12008				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
12009			}
12010
12011			/*
12012			 * Every I/O goes into the OOA queue for a
12013			 * particular LUN, and stays there until completion.
12014			 */
12015			mtx_lock(&lun->lun_lock);
12016			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
12017			    ooa_links);
12018		}
12019	} else {
12020		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
12021		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
12022	}
12023
12024	/* Get command entry and return error if it is unsuppotyed. */
12025	entry = ctl_validate_command(ctsio);
12026	if (entry == NULL) {
12027		if (lun)
12028			mtx_unlock(&lun->lun_lock);
12029		return (retval);
12030	}
12031
12032	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
12033	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
12034
12035	/*
12036	 * Check to see whether we can send this command to LUNs that don't
12037	 * exist.  This should pretty much only be the case for inquiry
12038	 * and request sense.  Further checks, below, really require having
12039	 * a LUN, so we can't really check the command anymore.  Just put
12040	 * it on the rtr queue.
12041	 */
12042	if (lun == NULL) {
12043		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
12044			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12045			ctl_enqueue_rtr((union ctl_io *)ctsio);
12046			return (retval);
12047		}
12048
12049		ctl_set_unsupported_lun(ctsio);
12050		ctl_done((union ctl_io *)ctsio);
12051		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
12052		return (retval);
12053	} else {
12054		/*
12055		 * Make sure we support this particular command on this LUN.
12056		 * e.g., we don't support writes to the control LUN.
12057		 */
12058		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
12059			mtx_unlock(&lun->lun_lock);
12060			ctl_set_invalid_opcode(ctsio);
12061			ctl_done((union ctl_io *)ctsio);
12062			return (retval);
12063		}
12064	}
12065
12066	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
12067
12068#ifdef CTL_WITH_CA
12069	/*
12070	 * If we've got a request sense, it'll clear the contingent
12071	 * allegiance condition.  Otherwise, if we have a CA condition for
12072	 * this initiator, clear it, because it sent down a command other
12073	 * than request sense.
12074	 */
12075	if ((ctsio->cdb[0] != REQUEST_SENSE)
12076	 && (ctl_is_set(lun->have_ca, initidx)))
12077		ctl_clear_mask(lun->have_ca, initidx);
12078#endif
12079
12080	/*
12081	 * If the command has this flag set, it handles its own unit
12082	 * attention reporting, we shouldn't do anything.  Otherwise we
12083	 * check for any pending unit attentions, and send them back to the
12084	 * initiator.  We only do this when a command initially comes in,
12085	 * not when we pull it off the blocked queue.
12086	 *
12087	 * According to SAM-3, section 5.3.2, the order that things get
12088	 * presented back to the host is basically unit attentions caused
12089	 * by some sort of reset event, busy status, reservation conflicts
12090	 * or task set full, and finally any other status.
12091	 *
12092	 * One issue here is that some of the unit attentions we report
12093	 * don't fall into the "reset" category (e.g. "reported luns data
12094	 * has changed").  So reporting it here, before the reservation
12095	 * check, may be technically wrong.  I guess the only thing to do
12096	 * would be to check for and report the reset events here, and then
12097	 * check for the other unit attention types after we check for a
12098	 * reservation conflict.
12099	 *
12100	 * XXX KDM need to fix this
12101	 */
12102	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
12103		ctl_ua_type ua_type;
12104
12105		if (lun->pending_ua[initidx] != CTL_UA_NONE) {
12106			scsi_sense_data_type sense_format;
12107
12108			if (lun != NULL)
12109				sense_format = (lun->flags &
12110				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
12111				    SSD_TYPE_FIXED;
12112			else
12113				sense_format = SSD_TYPE_FIXED;
12114
12115			ua_type = ctl_build_ua(&lun->pending_ua[initidx],
12116			    &ctsio->sense_data, sense_format);
12117			if (ua_type != CTL_UA_NONE) {
12118				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
12119				ctsio->io_hdr.status = CTL_SCSI_ERROR |
12120						       CTL_AUTOSENSE;
12121				ctsio->sense_len = SSD_FULL_SIZE;
12122				mtx_unlock(&lun->lun_lock);
12123				ctl_done((union ctl_io *)ctsio);
12124				return (retval);
12125			}
12126		}
12127	}
12128
12129
12130	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
12131		mtx_unlock(&lun->lun_lock);
12132		ctl_done((union ctl_io *)ctsio);
12133		return (retval);
12134	}
12135
12136	/*
12137	 * XXX CHD this is where we want to send IO to other side if
12138	 * this LUN is secondary on this SC. We will need to make a copy
12139	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
12140	 * the copy we send as FROM_OTHER.
12141	 * We also need to stuff the address of the original IO so we can
12142	 * find it easily. Something similar will need be done on the other
12143	 * side so when we are done we can find the copy.
12144	 */
12145	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
12146		union ctl_ha_msg msg_info;
12147		int isc_retval;
12148
12149		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
12150
12151		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
12152		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
12153#if 0
12154		printf("1. ctsio %p\n", ctsio);
12155#endif
12156		msg_info.hdr.serializing_sc = NULL;
12157		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
12158		msg_info.scsi.tag_num = ctsio->tag_num;
12159		msg_info.scsi.tag_type = ctsio->tag_type;
12160		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
12161
12162		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12163
12164		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12165		    (void *)&msg_info, sizeof(msg_info), 0)) >
12166		    CTL_HA_STATUS_SUCCESS) {
12167			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
12168			       isc_retval);
12169			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
12170		} else {
12171#if 0
12172			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
12173#endif
12174		}
12175
12176		/*
12177		 * XXX KDM this I/O is off the incoming queue, but hasn't
12178		 * been inserted on any other queue.  We may need to come
12179		 * up with a holding queue while we wait for serialization
12180		 * so that we have an idea of what we're waiting for from
12181		 * the other side.
12182		 */
12183		mtx_unlock(&lun->lun_lock);
12184		return (retval);
12185	}
12186
12187	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
12188			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
12189			      ctl_ooaq, ooa_links))) {
12190	case CTL_ACTION_BLOCK:
12191		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
12192		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
12193				  blocked_links);
12194		mtx_unlock(&lun->lun_lock);
12195		return (retval);
12196	case CTL_ACTION_PASS:
12197	case CTL_ACTION_SKIP:
12198		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12199		mtx_unlock(&lun->lun_lock);
12200		ctl_enqueue_rtr((union ctl_io *)ctsio);
12201		break;
12202	case CTL_ACTION_OVERLAP:
12203		mtx_unlock(&lun->lun_lock);
12204		ctl_set_overlapped_cmd(ctsio);
12205		ctl_done((union ctl_io *)ctsio);
12206		break;
12207	case CTL_ACTION_OVERLAP_TAG:
12208		mtx_unlock(&lun->lun_lock);
12209		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
12210		ctl_done((union ctl_io *)ctsio);
12211		break;
12212	case CTL_ACTION_ERROR:
12213	default:
12214		mtx_unlock(&lun->lun_lock);
12215		ctl_set_internal_failure(ctsio,
12216					 /*sks_valid*/ 0,
12217					 /*retry_count*/ 0);
12218		ctl_done((union ctl_io *)ctsio);
12219		break;
12220	}
12221	return (retval);
12222}
12223
12224const struct ctl_cmd_entry *
12225ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
12226{
12227	const struct ctl_cmd_entry *entry;
12228	int service_action;
12229
12230	entry = &ctl_cmd_table[ctsio->cdb[0]];
12231	if (sa)
12232		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
12233	if (entry->flags & CTL_CMD_FLAG_SA5) {
12234		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
12235		entry = &((const struct ctl_cmd_entry *)
12236		    entry->execute)[service_action];
12237	}
12238	return (entry);
12239}
12240
12241const struct ctl_cmd_entry *
12242ctl_validate_command(struct ctl_scsiio *ctsio)
12243{
12244	const struct ctl_cmd_entry *entry;
12245	int i, sa;
12246	uint8_t diff;
12247
12248	entry = ctl_get_cmd_entry(ctsio, &sa);
12249	if (entry->execute == NULL) {
12250		if (sa)
12251			ctl_set_invalid_field(ctsio,
12252					      /*sks_valid*/ 1,
12253					      /*command*/ 1,
12254					      /*field*/ 1,
12255					      /*bit_valid*/ 1,
12256					      /*bit*/ 4);
12257		else
12258			ctl_set_invalid_opcode(ctsio);
12259		ctl_done((union ctl_io *)ctsio);
12260		return (NULL);
12261	}
12262	KASSERT(entry->length > 0,
12263	    ("Not defined length for command 0x%02x/0x%02x",
12264	     ctsio->cdb[0], ctsio->cdb[1]));
12265	for (i = 1; i < entry->length; i++) {
12266		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
12267		if (diff == 0)
12268			continue;
12269		ctl_set_invalid_field(ctsio,
12270				      /*sks_valid*/ 1,
12271				      /*command*/ 1,
12272				      /*field*/ i,
12273				      /*bit_valid*/ 1,
12274				      /*bit*/ fls(diff) - 1);
12275		ctl_done((union ctl_io *)ctsio);
12276		return (NULL);
12277	}
12278	return (entry);
12279}
12280
12281static int
12282ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
12283{
12284
12285	switch (lun_type) {
12286	case T_PROCESSOR:
12287		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
12288		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
12289			return (0);
12290		break;
12291	case T_DIRECT:
12292		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
12293		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
12294			return (0);
12295		break;
12296	default:
12297		return (0);
12298	}
12299	return (1);
12300}
12301
12302static int
12303ctl_scsiio(struct ctl_scsiio *ctsio)
12304{
12305	int retval;
12306	const struct ctl_cmd_entry *entry;
12307
12308	retval = CTL_RETVAL_COMPLETE;
12309
12310	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
12311
12312	entry = ctl_get_cmd_entry(ctsio, NULL);
12313
12314	/*
12315	 * If this I/O has been aborted, just send it straight to
12316	 * ctl_done() without executing it.
12317	 */
12318	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
12319		ctl_done((union ctl_io *)ctsio);
12320		goto bailout;
12321	}
12322
12323	/*
12324	 * All the checks should have been handled by ctl_scsiio_precheck().
12325	 * We should be clear now to just execute the I/O.
12326	 */
12327	retval = entry->execute(ctsio);
12328
12329bailout:
12330	return (retval);
12331}
12332
12333/*
12334 * Since we only implement one target right now, a bus reset simply resets
12335 * our single target.
12336 */
12337static int
12338ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
12339{
12340	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
12341}
12342
12343static int
12344ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
12345		 ctl_ua_type ua_type)
12346{
12347	struct ctl_lun *lun;
12348	int retval;
12349
12350	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12351		union ctl_ha_msg msg_info;
12352
12353		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
12354		msg_info.hdr.nexus = io->io_hdr.nexus;
12355		if (ua_type==CTL_UA_TARG_RESET)
12356			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
12357		else
12358			msg_info.task.task_action = CTL_TASK_BUS_RESET;
12359		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12360		msg_info.hdr.original_sc = NULL;
12361		msg_info.hdr.serializing_sc = NULL;
12362		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12363		    (void *)&msg_info, sizeof(msg_info), 0)) {
12364		}
12365	}
12366	retval = 0;
12367
12368	mtx_lock(&ctl_softc->ctl_lock);
12369	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
12370		retval += ctl_lun_reset(lun, io, ua_type);
12371	mtx_unlock(&ctl_softc->ctl_lock);
12372
12373	return (retval);
12374}
12375
12376/*
12377 * The LUN should always be set.  The I/O is optional, and is used to
12378 * distinguish between I/Os sent by this initiator, and by other
12379 * initiators.  We set unit attention for initiators other than this one.
12380 * SAM-3 is vague on this point.  It does say that a unit attention should
12381 * be established for other initiators when a LUN is reset (see section
12382 * 5.7.3), but it doesn't specifically say that the unit attention should
12383 * be established for this particular initiator when a LUN is reset.  Here
12384 * is the relevant text, from SAM-3 rev 8:
12385 *
12386 * 5.7.2 When a SCSI initiator port aborts its own tasks
12387 *
12388 * When a SCSI initiator port causes its own task(s) to be aborted, no
12389 * notification that the task(s) have been aborted shall be returned to
12390 * the SCSI initiator port other than the completion response for the
12391 * command or task management function action that caused the task(s) to
12392 * be aborted and notification(s) associated with related effects of the
12393 * action (e.g., a reset unit attention condition).
12394 *
12395 * XXX KDM for now, we're setting unit attention for all initiators.
12396 */
12397static int
12398ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
12399{
12400	union ctl_io *xio;
12401#if 0
12402	uint32_t initindex;
12403#endif
12404	int i;
12405
12406	mtx_lock(&lun->lun_lock);
12407	/*
12408	 * Run through the OOA queue and abort each I/O.
12409	 */
12410#if 0
12411	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
12412#endif
12413	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12414	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12415		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
12416	}
12417
12418	/*
12419	 * This version sets unit attention for every
12420	 */
12421#if 0
12422	initindex = ctl_get_initindex(&io->io_hdr.nexus);
12423	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
12424		if (initindex == i)
12425			continue;
12426		lun->pending_ua[i] |= ua_type;
12427	}
12428#endif
12429
12430	/*
12431	 * A reset (any kind, really) clears reservations established with
12432	 * RESERVE/RELEASE.  It does not clear reservations established
12433	 * with PERSISTENT RESERVE OUT, but we don't support that at the
12434	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
12435	 * reservations made with the RESERVE/RELEASE commands, because
12436	 * those commands are obsolete in SPC-3.
12437	 */
12438	lun->flags &= ~CTL_LUN_RESERVED;
12439
12440	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
12441#ifdef CTL_WITH_CA
12442		ctl_clear_mask(lun->have_ca, i);
12443#endif
12444		lun->pending_ua[i] |= ua_type;
12445	}
12446	mtx_unlock(&lun->lun_lock);
12447
12448	return (0);
12449}
12450
12451static void
12452ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
12453    int other_sc)
12454{
12455	union ctl_io *xio;
12456
12457	mtx_assert(&lun->lun_lock, MA_OWNED);
12458
12459	/*
12460	 * Run through the OOA queue and attempt to find the given I/O.
12461	 * The target port, initiator ID, tag type and tag number have to
12462	 * match the values that we got from the initiator.  If we have an
12463	 * untagged command to abort, simply abort the first untagged command
12464	 * we come to.  We only allow one untagged command at a time of course.
12465	 */
12466	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12467	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12468
12469		if ((targ_port == UINT32_MAX ||
12470		     targ_port == xio->io_hdr.nexus.targ_port) &&
12471		    (init_id == UINT32_MAX ||
12472		     init_id == xio->io_hdr.nexus.initid.id)) {
12473			if (targ_port != xio->io_hdr.nexus.targ_port ||
12474			    init_id != xio->io_hdr.nexus.initid.id)
12475				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
12476			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12477			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12478				union ctl_ha_msg msg_info;
12479
12480				msg_info.hdr.nexus = xio->io_hdr.nexus;
12481				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12482				msg_info.task.tag_num = xio->scsiio.tag_num;
12483				msg_info.task.tag_type = xio->scsiio.tag_type;
12484				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12485				msg_info.hdr.original_sc = NULL;
12486				msg_info.hdr.serializing_sc = NULL;
12487				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12488				    (void *)&msg_info, sizeof(msg_info), 0);
12489			}
12490		}
12491	}
12492}
12493
12494static int
12495ctl_abort_task_set(union ctl_io *io)
12496{
12497	struct ctl_softc *softc = control_softc;
12498	struct ctl_lun *lun;
12499	uint32_t targ_lun;
12500
12501	/*
12502	 * Look up the LUN.
12503	 */
12504	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12505	mtx_lock(&softc->ctl_lock);
12506	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
12507		lun = softc->ctl_luns[targ_lun];
12508	else {
12509		mtx_unlock(&softc->ctl_lock);
12510		return (1);
12511	}
12512
12513	mtx_lock(&lun->lun_lock);
12514	mtx_unlock(&softc->ctl_lock);
12515	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12516		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12517		    io->io_hdr.nexus.initid.id,
12518		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12519	} else { /* CTL_TASK_CLEAR_TASK_SET */
12520		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12521		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12522	}
12523	mtx_unlock(&lun->lun_lock);
12524	return (0);
12525}
12526
12527static int
12528ctl_i_t_nexus_reset(union ctl_io *io)
12529{
12530	struct ctl_softc *softc = control_softc;
12531	struct ctl_lun *lun;
12532	uint32_t initindex, residx;
12533
12534	initindex = ctl_get_initindex(&io->io_hdr.nexus);
12535	residx = ctl_get_resindex(&io->io_hdr.nexus);
12536	mtx_lock(&softc->ctl_lock);
12537	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12538		mtx_lock(&lun->lun_lock);
12539		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12540		    io->io_hdr.nexus.initid.id,
12541		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12542#ifdef CTL_WITH_CA
12543		ctl_clear_mask(lun->have_ca, initindex);
12544#endif
12545		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
12546			lun->flags &= ~CTL_LUN_RESERVED;
12547		lun->pending_ua[initindex] |= CTL_UA_I_T_NEXUS_LOSS;
12548		mtx_unlock(&lun->lun_lock);
12549	}
12550	mtx_unlock(&softc->ctl_lock);
12551	return (0);
12552}
12553
12554static int
12555ctl_abort_task(union ctl_io *io)
12556{
12557	union ctl_io *xio;
12558	struct ctl_lun *lun;
12559	struct ctl_softc *ctl_softc;
12560#if 0
12561	struct sbuf sb;
12562	char printbuf[128];
12563#endif
12564	int found;
12565	uint32_t targ_lun;
12566
12567	ctl_softc = control_softc;
12568	found = 0;
12569
12570	/*
12571	 * Look up the LUN.
12572	 */
12573	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12574	mtx_lock(&ctl_softc->ctl_lock);
12575	if ((targ_lun < CTL_MAX_LUNS)
12576	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12577		lun = ctl_softc->ctl_luns[targ_lun];
12578	else {
12579		mtx_unlock(&ctl_softc->ctl_lock);
12580		return (1);
12581	}
12582
12583#if 0
12584	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12585	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12586#endif
12587
12588	mtx_lock(&lun->lun_lock);
12589	mtx_unlock(&ctl_softc->ctl_lock);
12590	/*
12591	 * Run through the OOA queue and attempt to find the given I/O.
12592	 * The target port, initiator ID, tag type and tag number have to
12593	 * match the values that we got from the initiator.  If we have an
12594	 * untagged command to abort, simply abort the first untagged command
12595	 * we come to.  We only allow one untagged command at a time of course.
12596	 */
12597#if 0
12598	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
12599#endif
12600	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12601	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12602#if 0
12603		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12604
12605		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12606			    lun->lun, xio->scsiio.tag_num,
12607			    xio->scsiio.tag_type,
12608			    (xio->io_hdr.blocked_links.tqe_prev
12609			    == NULL) ? "" : " BLOCKED",
12610			    (xio->io_hdr.flags &
12611			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12612			    (xio->io_hdr.flags &
12613			    CTL_FLAG_ABORT) ? " ABORT" : "",
12614			    (xio->io_hdr.flags &
12615			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12616		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12617		sbuf_finish(&sb);
12618		printf("%s\n", sbuf_data(&sb));
12619#endif
12620
12621		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
12622		 && (xio->io_hdr.nexus.initid.id ==
12623		     io->io_hdr.nexus.initid.id)) {
12624			/*
12625			 * If the abort says that the task is untagged, the
12626			 * task in the queue must be untagged.  Otherwise,
12627			 * we just check to see whether the tag numbers
12628			 * match.  This is because the QLogic firmware
12629			 * doesn't pass back the tag type in an abort
12630			 * request.
12631			 */
12632#if 0
12633			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12634			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12635			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
12636#endif
12637			/*
12638			 * XXX KDM we've got problems with FC, because it
12639			 * doesn't send down a tag type with aborts.  So we
12640			 * can only really go by the tag number...
12641			 * This may cause problems with parallel SCSI.
12642			 * Need to figure that out!!
12643			 */
12644			if (xio->scsiio.tag_num == io->taskio.tag_num) {
12645				xio->io_hdr.flags |= CTL_FLAG_ABORT;
12646				found = 1;
12647				if ((io->io_hdr.flags &
12648				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
12649				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12650					union ctl_ha_msg msg_info;
12651
12652					io->io_hdr.flags |=
12653					                CTL_FLAG_SENT_2OTHER_SC;
12654					msg_info.hdr.nexus = io->io_hdr.nexus;
12655					msg_info.task.task_action =
12656						CTL_TASK_ABORT_TASK;
12657					msg_info.task.tag_num =
12658						io->taskio.tag_num;
12659					msg_info.task.tag_type =
12660						io->taskio.tag_type;
12661					msg_info.hdr.msg_type =
12662						CTL_MSG_MANAGE_TASKS;
12663					msg_info.hdr.original_sc = NULL;
12664					msg_info.hdr.serializing_sc = NULL;
12665#if 0
12666					printf("Sent Abort to other side\n");
12667#endif
12668					if (CTL_HA_STATUS_SUCCESS !=
12669					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12670		    				(void *)&msg_info,
12671						sizeof(msg_info), 0)) {
12672					}
12673				}
12674#if 0
12675				printf("ctl_abort_task: found I/O to abort\n");
12676#endif
12677				break;
12678			}
12679		}
12680	}
12681	mtx_unlock(&lun->lun_lock);
12682
12683	if (found == 0) {
12684		/*
12685		 * This isn't really an error.  It's entirely possible for
12686		 * the abort and command completion to cross on the wire.
12687		 * This is more of an informative/diagnostic error.
12688		 */
12689#if 0
12690		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12691		       "%d:%d:%d:%d tag %d type %d\n",
12692		       io->io_hdr.nexus.initid.id,
12693		       io->io_hdr.nexus.targ_port,
12694		       io->io_hdr.nexus.targ_target.id,
12695		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12696		       io->taskio.tag_type);
12697#endif
12698	}
12699	return (0);
12700}
12701
12702static void
12703ctl_run_task(union ctl_io *io)
12704{
12705	struct ctl_softc *ctl_softc = control_softc;
12706	int retval = 1;
12707	const char *task_desc;
12708
12709	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12710
12711	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12712	    ("ctl_run_task: Unextected io_type %d\n",
12713	     io->io_hdr.io_type));
12714
12715	task_desc = ctl_scsi_task_string(&io->taskio);
12716	if (task_desc != NULL) {
12717#ifdef NEEDTOPORT
12718		csevent_log(CSC_CTL | CSC_SHELF_SW |
12719			    CTL_TASK_REPORT,
12720			    csevent_LogType_Trace,
12721			    csevent_Severity_Information,
12722			    csevent_AlertLevel_Green,
12723			    csevent_FRU_Firmware,
12724			    csevent_FRU_Unknown,
12725			    "CTL: received task: %s",task_desc);
12726#endif
12727	} else {
12728#ifdef NEEDTOPORT
12729		csevent_log(CSC_CTL | CSC_SHELF_SW |
12730			    CTL_TASK_REPORT,
12731			    csevent_LogType_Trace,
12732			    csevent_Severity_Information,
12733			    csevent_AlertLevel_Green,
12734			    csevent_FRU_Firmware,
12735			    csevent_FRU_Unknown,
12736			    "CTL: received unknown task "
12737			    "type: %d (%#x)",
12738			    io->taskio.task_action,
12739			    io->taskio.task_action);
12740#endif
12741	}
12742	switch (io->taskio.task_action) {
12743	case CTL_TASK_ABORT_TASK:
12744		retval = ctl_abort_task(io);
12745		break;
12746	case CTL_TASK_ABORT_TASK_SET:
12747	case CTL_TASK_CLEAR_TASK_SET:
12748		retval = ctl_abort_task_set(io);
12749		break;
12750	case CTL_TASK_CLEAR_ACA:
12751		break;
12752	case CTL_TASK_I_T_NEXUS_RESET:
12753		retval = ctl_i_t_nexus_reset(io);
12754		break;
12755	case CTL_TASK_LUN_RESET: {
12756		struct ctl_lun *lun;
12757		uint32_t targ_lun;
12758
12759		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12760		mtx_lock(&ctl_softc->ctl_lock);
12761		if ((targ_lun < CTL_MAX_LUNS)
12762		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12763			lun = ctl_softc->ctl_luns[targ_lun];
12764		else {
12765			mtx_unlock(&ctl_softc->ctl_lock);
12766			retval = 1;
12767			break;
12768		}
12769
12770		if (!(io->io_hdr.flags &
12771		    CTL_FLAG_FROM_OTHER_SC)) {
12772			union ctl_ha_msg msg_info;
12773
12774			io->io_hdr.flags |=
12775				CTL_FLAG_SENT_2OTHER_SC;
12776			msg_info.hdr.msg_type =
12777				CTL_MSG_MANAGE_TASKS;
12778			msg_info.hdr.nexus = io->io_hdr.nexus;
12779			msg_info.task.task_action =
12780				CTL_TASK_LUN_RESET;
12781			msg_info.hdr.original_sc = NULL;
12782			msg_info.hdr.serializing_sc = NULL;
12783			if (CTL_HA_STATUS_SUCCESS !=
12784			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12785			    (void *)&msg_info,
12786			    sizeof(msg_info), 0)) {
12787			}
12788		}
12789
12790		retval = ctl_lun_reset(lun, io,
12791				       CTL_UA_LUN_RESET);
12792		mtx_unlock(&ctl_softc->ctl_lock);
12793		break;
12794	}
12795	case CTL_TASK_TARGET_RESET:
12796		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
12797		break;
12798	case CTL_TASK_BUS_RESET:
12799		retval = ctl_bus_reset(ctl_softc, io);
12800		break;
12801	case CTL_TASK_PORT_LOGIN:
12802		break;
12803	case CTL_TASK_PORT_LOGOUT:
12804		break;
12805	default:
12806		printf("ctl_run_task: got unknown task management event %d\n",
12807		       io->taskio.task_action);
12808		break;
12809	}
12810	if (retval == 0)
12811		io->io_hdr.status = CTL_SUCCESS;
12812	else
12813		io->io_hdr.status = CTL_ERROR;
12814	ctl_done(io);
12815}
12816
12817/*
12818 * For HA operation.  Handle commands that come in from the other
12819 * controller.
12820 */
12821static void
12822ctl_handle_isc(union ctl_io *io)
12823{
12824	int free_io;
12825	struct ctl_lun *lun;
12826	struct ctl_softc *ctl_softc;
12827	uint32_t targ_lun;
12828
12829	ctl_softc = control_softc;
12830
12831	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12832	lun = ctl_softc->ctl_luns[targ_lun];
12833
12834	switch (io->io_hdr.msg_type) {
12835	case CTL_MSG_SERIALIZE:
12836		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12837		break;
12838	case CTL_MSG_R2R: {
12839		const struct ctl_cmd_entry *entry;
12840
12841		/*
12842		 * This is only used in SER_ONLY mode.
12843		 */
12844		free_io = 0;
12845		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12846		mtx_lock(&lun->lun_lock);
12847		if (ctl_scsiio_lun_check(ctl_softc, lun,
12848		    entry, (struct ctl_scsiio *)io) != 0) {
12849			mtx_unlock(&lun->lun_lock);
12850			ctl_done(io);
12851			break;
12852		}
12853		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12854		mtx_unlock(&lun->lun_lock);
12855		ctl_enqueue_rtr(io);
12856		break;
12857	}
12858	case CTL_MSG_FINISH_IO:
12859		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
12860			free_io = 0;
12861			ctl_done(io);
12862		} else {
12863			free_io = 1;
12864			mtx_lock(&lun->lun_lock);
12865			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12866				     ooa_links);
12867			ctl_check_blocked(lun);
12868			mtx_unlock(&lun->lun_lock);
12869		}
12870		break;
12871	case CTL_MSG_PERS_ACTION:
12872		ctl_hndl_per_res_out_on_other_sc(
12873			(union ctl_ha_msg *)&io->presio.pr_msg);
12874		free_io = 1;
12875		break;
12876	case CTL_MSG_BAD_JUJU:
12877		free_io = 0;
12878		ctl_done(io);
12879		break;
12880	case CTL_MSG_DATAMOVE:
12881		/* Only used in XFER mode */
12882		free_io = 0;
12883		ctl_datamove_remote(io);
12884		break;
12885	case CTL_MSG_DATAMOVE_DONE:
12886		/* Only used in XFER mode */
12887		free_io = 0;
12888		io->scsiio.be_move_done(io);
12889		break;
12890	default:
12891		free_io = 1;
12892		printf("%s: Invalid message type %d\n",
12893		       __func__, io->io_hdr.msg_type);
12894		break;
12895	}
12896	if (free_io)
12897		ctl_free_io(io);
12898
12899}
12900
12901
12902/*
12903 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12904 * there is no match.
12905 */
12906static ctl_lun_error_pattern
12907ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12908{
12909	const struct ctl_cmd_entry *entry;
12910	ctl_lun_error_pattern filtered_pattern, pattern;
12911
12912	pattern = desc->error_pattern;
12913
12914	/*
12915	 * XXX KDM we need more data passed into this function to match a
12916	 * custom pattern, and we actually need to implement custom pattern
12917	 * matching.
12918	 */
12919	if (pattern & CTL_LUN_PAT_CMD)
12920		return (CTL_LUN_PAT_CMD);
12921
12922	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12923		return (CTL_LUN_PAT_ANY);
12924
12925	entry = ctl_get_cmd_entry(ctsio, NULL);
12926
12927	filtered_pattern = entry->pattern & pattern;
12928
12929	/*
12930	 * If the user requested specific flags in the pattern (e.g.
12931	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12932	 * flags.
12933	 *
12934	 * If the user did not specify any flags, it doesn't matter whether
12935	 * or not the command supports the flags.
12936	 */
12937	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12938	     (pattern & ~CTL_LUN_PAT_MASK))
12939		return (CTL_LUN_PAT_NONE);
12940
12941	/*
12942	 * If the user asked for a range check, see if the requested LBA
12943	 * range overlaps with this command's LBA range.
12944	 */
12945	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12946		uint64_t lba1;
12947		uint64_t len1;
12948		ctl_action action;
12949		int retval;
12950
12951		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12952		if (retval != 0)
12953			return (CTL_LUN_PAT_NONE);
12954
12955		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12956					      desc->lba_range.len);
12957		/*
12958		 * A "pass" means that the LBA ranges don't overlap, so
12959		 * this doesn't match the user's range criteria.
12960		 */
12961		if (action == CTL_ACTION_PASS)
12962			return (CTL_LUN_PAT_NONE);
12963	}
12964
12965	return (filtered_pattern);
12966}
12967
12968static void
12969ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12970{
12971	struct ctl_error_desc *desc, *desc2;
12972
12973	mtx_assert(&lun->lun_lock, MA_OWNED);
12974
12975	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12976		ctl_lun_error_pattern pattern;
12977		/*
12978		 * Check to see whether this particular command matches
12979		 * the pattern in the descriptor.
12980		 */
12981		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12982		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12983			continue;
12984
12985		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12986		case CTL_LUN_INJ_ABORTED:
12987			ctl_set_aborted(&io->scsiio);
12988			break;
12989		case CTL_LUN_INJ_MEDIUM_ERR:
12990			ctl_set_medium_error(&io->scsiio);
12991			break;
12992		case CTL_LUN_INJ_UA:
12993			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12994			 * OCCURRED */
12995			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12996			break;
12997		case CTL_LUN_INJ_CUSTOM:
12998			/*
12999			 * We're assuming the user knows what he is doing.
13000			 * Just copy the sense information without doing
13001			 * checks.
13002			 */
13003			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
13004			      ctl_min(sizeof(desc->custom_sense),
13005				      sizeof(io->scsiio.sense_data)));
13006			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
13007			io->scsiio.sense_len = SSD_FULL_SIZE;
13008			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
13009			break;
13010		case CTL_LUN_INJ_NONE:
13011		default:
13012			/*
13013			 * If this is an error injection type we don't know
13014			 * about, clear the continuous flag (if it is set)
13015			 * so it will get deleted below.
13016			 */
13017			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
13018			break;
13019		}
13020		/*
13021		 * By default, each error injection action is a one-shot
13022		 */
13023		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
13024			continue;
13025
13026		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
13027
13028		free(desc, M_CTL);
13029	}
13030}
13031
13032#ifdef CTL_IO_DELAY
13033static void
13034ctl_datamove_timer_wakeup(void *arg)
13035{
13036	union ctl_io *io;
13037
13038	io = (union ctl_io *)arg;
13039
13040	ctl_datamove(io);
13041}
13042#endif /* CTL_IO_DELAY */
13043
13044void
13045ctl_datamove(union ctl_io *io)
13046{
13047	void (*fe_datamove)(union ctl_io *io);
13048
13049	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
13050
13051	CTL_DEBUG_PRINT(("ctl_datamove\n"));
13052
13053#ifdef CTL_TIME_IO
13054	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13055		char str[256];
13056		char path_str[64];
13057		struct sbuf sb;
13058
13059		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13060		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13061
13062		sbuf_cat(&sb, path_str);
13063		switch (io->io_hdr.io_type) {
13064		case CTL_IO_SCSI:
13065			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13066			sbuf_printf(&sb, "\n");
13067			sbuf_cat(&sb, path_str);
13068			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13069				    io->scsiio.tag_num, io->scsiio.tag_type);
13070			break;
13071		case CTL_IO_TASK:
13072			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13073				    "Tag Type: %d\n", io->taskio.task_action,
13074				    io->taskio.tag_num, io->taskio.tag_type);
13075			break;
13076		default:
13077			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13078			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13079			break;
13080		}
13081		sbuf_cat(&sb, path_str);
13082		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
13083			    (intmax_t)time_uptime - io->io_hdr.start_time);
13084		sbuf_finish(&sb);
13085		printf("%s", sbuf_data(&sb));
13086	}
13087#endif /* CTL_TIME_IO */
13088
13089#ifdef CTL_IO_DELAY
13090	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13091		struct ctl_lun *lun;
13092
13093		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13094
13095		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13096	} else {
13097		struct ctl_lun *lun;
13098
13099		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13100		if ((lun != NULL)
13101		 && (lun->delay_info.datamove_delay > 0)) {
13102			struct callout *callout;
13103
13104			callout = (struct callout *)&io->io_hdr.timer_bytes;
13105			callout_init(callout, /*mpsafe*/ 1);
13106			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13107			callout_reset(callout,
13108				      lun->delay_info.datamove_delay * hz,
13109				      ctl_datamove_timer_wakeup, io);
13110			if (lun->delay_info.datamove_type ==
13111			    CTL_DELAY_TYPE_ONESHOT)
13112				lun->delay_info.datamove_delay = 0;
13113			return;
13114		}
13115	}
13116#endif
13117
13118	/*
13119	 * This command has been aborted.  Set the port status, so we fail
13120	 * the data move.
13121	 */
13122	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13123		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
13124		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
13125		       io->io_hdr.nexus.targ_port,
13126		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
13127		       io->io_hdr.nexus.targ_lun);
13128		io->io_hdr.port_status = 31337;
13129		/*
13130		 * Note that the backend, in this case, will get the
13131		 * callback in its context.  In other cases it may get
13132		 * called in the frontend's interrupt thread context.
13133		 */
13134		io->scsiio.be_move_done(io);
13135		return;
13136	}
13137
13138	/* Don't confuse frontend with zero length data move. */
13139	if (io->scsiio.kern_data_len == 0) {
13140		io->scsiio.be_move_done(io);
13141		return;
13142	}
13143
13144	/*
13145	 * If we're in XFER mode and this I/O is from the other shelf
13146	 * controller, we need to send the DMA to the other side to
13147	 * actually transfer the data to/from the host.  In serialize only
13148	 * mode the transfer happens below CTL and ctl_datamove() is only
13149	 * called on the machine that originally received the I/O.
13150	 */
13151	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
13152	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13153		union ctl_ha_msg msg;
13154		uint32_t sg_entries_sent;
13155		int do_sg_copy;
13156		int i;
13157
13158		memset(&msg, 0, sizeof(msg));
13159		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
13160		msg.hdr.original_sc = io->io_hdr.original_sc;
13161		msg.hdr.serializing_sc = io;
13162		msg.hdr.nexus = io->io_hdr.nexus;
13163		msg.dt.flags = io->io_hdr.flags;
13164		/*
13165		 * We convert everything into a S/G list here.  We can't
13166		 * pass by reference, only by value between controllers.
13167		 * So we can't pass a pointer to the S/G list, only as many
13168		 * S/G entries as we can fit in here.  If it's possible for
13169		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
13170		 * then we need to break this up into multiple transfers.
13171		 */
13172		if (io->scsiio.kern_sg_entries == 0) {
13173			msg.dt.kern_sg_entries = 1;
13174			/*
13175			 * If this is in cached memory, flush the cache
13176			 * before we send the DMA request to the other
13177			 * controller.  We want to do this in either the
13178			 * read or the write case.  The read case is
13179			 * straightforward.  In the write case, we want to
13180			 * make sure nothing is in the local cache that
13181			 * could overwrite the DMAed data.
13182			 */
13183			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13184				/*
13185				 * XXX KDM use bus_dmamap_sync() here.
13186				 */
13187			}
13188
13189			/*
13190			 * Convert to a physical address if this is a
13191			 * virtual address.
13192			 */
13193			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
13194				msg.dt.sg_list[0].addr =
13195					io->scsiio.kern_data_ptr;
13196			} else {
13197				/*
13198				 * XXX KDM use busdma here!
13199				 */
13200#if 0
13201				msg.dt.sg_list[0].addr = (void *)
13202					vtophys(io->scsiio.kern_data_ptr);
13203#endif
13204			}
13205
13206			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
13207			do_sg_copy = 0;
13208		} else {
13209			struct ctl_sg_entry *sgl;
13210
13211			do_sg_copy = 1;
13212			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
13213			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
13214			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13215				/*
13216				 * XXX KDM use bus_dmamap_sync() here.
13217				 */
13218			}
13219		}
13220
13221		msg.dt.kern_data_len = io->scsiio.kern_data_len;
13222		msg.dt.kern_total_len = io->scsiio.kern_total_len;
13223		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
13224		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
13225		msg.dt.sg_sequence = 0;
13226
13227		/*
13228		 * Loop until we've sent all of the S/G entries.  On the
13229		 * other end, we'll recompose these S/G entries into one
13230		 * contiguous list before passing it to the
13231		 */
13232		for (sg_entries_sent = 0; sg_entries_sent <
13233		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
13234			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
13235				sizeof(msg.dt.sg_list[0])),
13236				msg.dt.kern_sg_entries - sg_entries_sent);
13237
13238			if (do_sg_copy != 0) {
13239				struct ctl_sg_entry *sgl;
13240				int j;
13241
13242				sgl = (struct ctl_sg_entry *)
13243					io->scsiio.kern_data_ptr;
13244				/*
13245				 * If this is in cached memory, flush the cache
13246				 * before we send the DMA request to the other
13247				 * controller.  We want to do this in either
13248				 * the * read or the write case.  The read
13249				 * case is straightforward.  In the write
13250				 * case, we want to make sure nothing is
13251				 * in the local cache that could overwrite
13252				 * the DMAed data.
13253				 */
13254
13255				for (i = sg_entries_sent, j = 0;
13256				     i < msg.dt.cur_sg_entries; i++, j++) {
13257					if ((io->io_hdr.flags &
13258					     CTL_FLAG_NO_DATASYNC) == 0) {
13259						/*
13260						 * XXX KDM use bus_dmamap_sync()
13261						 */
13262					}
13263					if ((io->io_hdr.flags &
13264					     CTL_FLAG_BUS_ADDR) == 0) {
13265						/*
13266						 * XXX KDM use busdma.
13267						 */
13268#if 0
13269						msg.dt.sg_list[j].addr =(void *)
13270						       vtophys(sgl[i].addr);
13271#endif
13272					} else {
13273						msg.dt.sg_list[j].addr =
13274							sgl[i].addr;
13275					}
13276					msg.dt.sg_list[j].len = sgl[i].len;
13277				}
13278			}
13279
13280			sg_entries_sent += msg.dt.cur_sg_entries;
13281			if (sg_entries_sent >= msg.dt.kern_sg_entries)
13282				msg.dt.sg_last = 1;
13283			else
13284				msg.dt.sg_last = 0;
13285
13286			/*
13287			 * XXX KDM drop and reacquire the lock here?
13288			 */
13289			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13290			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13291				/*
13292				 * XXX do something here.
13293				 */
13294			}
13295
13296			msg.dt.sent_sg_entries = sg_entries_sent;
13297		}
13298		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13299		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
13300			ctl_failover_io(io, /*have_lock*/ 0);
13301
13302	} else {
13303
13304		/*
13305		 * Lookup the fe_datamove() function for this particular
13306		 * front end.
13307		 */
13308		fe_datamove =
13309		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13310
13311		fe_datamove(io);
13312	}
13313}
13314
13315static void
13316ctl_send_datamove_done(union ctl_io *io, int have_lock)
13317{
13318	union ctl_ha_msg msg;
13319	int isc_status;
13320
13321	memset(&msg, 0, sizeof(msg));
13322
13323	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
13324	msg.hdr.original_sc = io;
13325	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13326	msg.hdr.nexus = io->io_hdr.nexus;
13327	msg.hdr.status = io->io_hdr.status;
13328	msg.scsi.tag_num = io->scsiio.tag_num;
13329	msg.scsi.tag_type = io->scsiio.tag_type;
13330	msg.scsi.scsi_status = io->scsiio.scsi_status;
13331	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13332	       sizeof(io->scsiio.sense_data));
13333	msg.scsi.sense_len = io->scsiio.sense_len;
13334	msg.scsi.sense_residual = io->scsiio.sense_residual;
13335	msg.scsi.fetd_status = io->io_hdr.port_status;
13336	msg.scsi.residual = io->scsiio.residual;
13337	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13338
13339	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13340		ctl_failover_io(io, /*have_lock*/ have_lock);
13341		return;
13342	}
13343
13344	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
13345	if (isc_status > CTL_HA_STATUS_SUCCESS) {
13346		/* XXX do something if this fails */
13347	}
13348
13349}
13350
13351/*
13352 * The DMA to the remote side is done, now we need to tell the other side
13353 * we're done so it can continue with its data movement.
13354 */
13355static void
13356ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
13357{
13358	union ctl_io *io;
13359
13360	io = rq->context;
13361
13362	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
13363		printf("%s: ISC DMA write failed with error %d", __func__,
13364		       rq->ret);
13365		ctl_set_internal_failure(&io->scsiio,
13366					 /*sks_valid*/ 1,
13367					 /*retry_count*/ rq->ret);
13368	}
13369
13370	ctl_dt_req_free(rq);
13371
13372	/*
13373	 * In this case, we had to malloc the memory locally.  Free it.
13374	 */
13375	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
13376		int i;
13377		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13378			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13379	}
13380	/*
13381	 * The data is in local and remote memory, so now we need to send
13382	 * status (good or back) back to the other side.
13383	 */
13384	ctl_send_datamove_done(io, /*have_lock*/ 0);
13385}
13386
13387/*
13388 * We've moved the data from the host/controller into local memory.  Now we
13389 * need to push it over to the remote controller's memory.
13390 */
13391static int
13392ctl_datamove_remote_dm_write_cb(union ctl_io *io)
13393{
13394	int retval;
13395
13396	retval = 0;
13397
13398	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
13399					  ctl_datamove_remote_write_cb);
13400
13401	return (retval);
13402}
13403
13404static void
13405ctl_datamove_remote_write(union ctl_io *io)
13406{
13407	int retval;
13408	void (*fe_datamove)(union ctl_io *io);
13409
13410	/*
13411	 * - Get the data from the host/HBA into local memory.
13412	 * - DMA memory from the local controller to the remote controller.
13413	 * - Send status back to the remote controller.
13414	 */
13415
13416	retval = ctl_datamove_remote_sgl_setup(io);
13417	if (retval != 0)
13418		return;
13419
13420	/* Switch the pointer over so the FETD knows what to do */
13421	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13422
13423	/*
13424	 * Use a custom move done callback, since we need to send completion
13425	 * back to the other controller, not to the backend on this side.
13426	 */
13427	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
13428
13429	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13430
13431	fe_datamove(io);
13432
13433	return;
13434
13435}
13436
13437static int
13438ctl_datamove_remote_dm_read_cb(union ctl_io *io)
13439{
13440#if 0
13441	char str[256];
13442	char path_str[64];
13443	struct sbuf sb;
13444#endif
13445
13446	/*
13447	 * In this case, we had to malloc the memory locally.  Free it.
13448	 */
13449	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
13450		int i;
13451		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13452			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13453	}
13454
13455#if 0
13456	scsi_path_string(io, path_str, sizeof(path_str));
13457	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13458	sbuf_cat(&sb, path_str);
13459	scsi_command_string(&io->scsiio, NULL, &sb);
13460	sbuf_printf(&sb, "\n");
13461	sbuf_cat(&sb, path_str);
13462	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13463		    io->scsiio.tag_num, io->scsiio.tag_type);
13464	sbuf_cat(&sb, path_str);
13465	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
13466		    io->io_hdr.flags, io->io_hdr.status);
13467	sbuf_finish(&sb);
13468	printk("%s", sbuf_data(&sb));
13469#endif
13470
13471
13472	/*
13473	 * The read is done, now we need to send status (good or bad) back
13474	 * to the other side.
13475	 */
13476	ctl_send_datamove_done(io, /*have_lock*/ 0);
13477
13478	return (0);
13479}
13480
13481static void
13482ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
13483{
13484	union ctl_io *io;
13485	void (*fe_datamove)(union ctl_io *io);
13486
13487	io = rq->context;
13488
13489	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
13490		printf("%s: ISC DMA read failed with error %d", __func__,
13491		       rq->ret);
13492		ctl_set_internal_failure(&io->scsiio,
13493					 /*sks_valid*/ 1,
13494					 /*retry_count*/ rq->ret);
13495	}
13496
13497	ctl_dt_req_free(rq);
13498
13499	/* Switch the pointer over so the FETD knows what to do */
13500	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13501
13502	/*
13503	 * Use a custom move done callback, since we need to send completion
13504	 * back to the other controller, not to the backend on this side.
13505	 */
13506	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
13507
13508	/* XXX KDM add checks like the ones in ctl_datamove? */
13509
13510	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13511
13512	fe_datamove(io);
13513}
13514
13515static int
13516ctl_datamove_remote_sgl_setup(union ctl_io *io)
13517{
13518	struct ctl_sg_entry *local_sglist, *remote_sglist;
13519	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
13520	struct ctl_softc *softc;
13521	int retval;
13522	int i;
13523
13524	retval = 0;
13525	softc = control_softc;
13526
13527	local_sglist = io->io_hdr.local_sglist;
13528	local_dma_sglist = io->io_hdr.local_dma_sglist;
13529	remote_sglist = io->io_hdr.remote_sglist;
13530	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13531
13532	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
13533		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
13534			local_sglist[i].len = remote_sglist[i].len;
13535
13536			/*
13537			 * XXX Detect the situation where the RS-level I/O
13538			 * redirector on the other side has already read the
13539			 * data off of the AOR RS on this side, and
13540			 * transferred it to remote (mirror) memory on the
13541			 * other side.  Since we already have the data in
13542			 * memory here, we just need to use it.
13543			 *
13544			 * XXX KDM this can probably be removed once we
13545			 * get the cache device code in and take the
13546			 * current AOR implementation out.
13547			 */
13548#ifdef NEEDTOPORT
13549			if ((remote_sglist[i].addr >=
13550			     (void *)vtophys(softc->mirr->addr))
13551			 && (remote_sglist[i].addr <
13552			     ((void *)vtophys(softc->mirr->addr) +
13553			     CacheMirrorOffset))) {
13554				local_sglist[i].addr = remote_sglist[i].addr -
13555					CacheMirrorOffset;
13556				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13557				     CTL_FLAG_DATA_IN)
13558					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
13559			} else {
13560				local_sglist[i].addr = remote_sglist[i].addr +
13561					CacheMirrorOffset;
13562			}
13563#endif
13564#if 0
13565			printf("%s: local %p, remote %p, len %d\n",
13566			       __func__, local_sglist[i].addr,
13567			       remote_sglist[i].addr, local_sglist[i].len);
13568#endif
13569		}
13570	} else {
13571		uint32_t len_to_go;
13572
13573		/*
13574		 * In this case, we don't have automatically allocated
13575		 * memory for this I/O on this controller.  This typically
13576		 * happens with internal CTL I/O -- e.g. inquiry, mode
13577		 * sense, etc.  Anything coming from RAIDCore will have
13578		 * a mirror area available.
13579		 */
13580		len_to_go = io->scsiio.kern_data_len;
13581
13582		/*
13583		 * Clear the no datasync flag, we have to use malloced
13584		 * buffers.
13585		 */
13586		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
13587
13588		/*
13589		 * The difficult thing here is that the size of the various
13590		 * S/G segments may be different than the size from the
13591		 * remote controller.  That'll make it harder when DMAing
13592		 * the data back to the other side.
13593		 */
13594		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
13595		     sizeof(io->io_hdr.remote_sglist[0])) &&
13596		     (len_to_go > 0); i++) {
13597			local_sglist[i].len = ctl_min(len_to_go, 131072);
13598			CTL_SIZE_8B(local_dma_sglist[i].len,
13599				    local_sglist[i].len);
13600			local_sglist[i].addr =
13601				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
13602
13603			local_dma_sglist[i].addr = local_sglist[i].addr;
13604
13605			if (local_sglist[i].addr == NULL) {
13606				int j;
13607
13608				printf("malloc failed for %zd bytes!",
13609				       local_dma_sglist[i].len);
13610				for (j = 0; j < i; j++) {
13611					free(local_sglist[j].addr, M_CTL);
13612				}
13613				ctl_set_internal_failure(&io->scsiio,
13614							 /*sks_valid*/ 1,
13615							 /*retry_count*/ 4857);
13616				retval = 1;
13617				goto bailout_error;
13618
13619			}
13620			/* XXX KDM do we need a sync here? */
13621
13622			len_to_go -= local_sglist[i].len;
13623		}
13624		/*
13625		 * Reset the number of S/G entries accordingly.  The
13626		 * original number of S/G entries is available in
13627		 * rem_sg_entries.
13628		 */
13629		io->scsiio.kern_sg_entries = i;
13630
13631#if 0
13632		printf("%s: kern_sg_entries = %d\n", __func__,
13633		       io->scsiio.kern_sg_entries);
13634		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13635			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
13636			       local_sglist[i].addr, local_sglist[i].len,
13637			       local_dma_sglist[i].len);
13638#endif
13639	}
13640
13641
13642	return (retval);
13643
13644bailout_error:
13645
13646	ctl_send_datamove_done(io, /*have_lock*/ 0);
13647
13648	return (retval);
13649}
13650
13651static int
13652ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
13653			 ctl_ha_dt_cb callback)
13654{
13655	struct ctl_ha_dt_req *rq;
13656	struct ctl_sg_entry *remote_sglist, *local_sglist;
13657	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
13658	uint32_t local_used, remote_used, total_used;
13659	int retval;
13660	int i, j;
13661
13662	retval = 0;
13663
13664	rq = ctl_dt_req_alloc();
13665
13666	/*
13667	 * If we failed to allocate the request, and if the DMA didn't fail
13668	 * anyway, set busy status.  This is just a resource allocation
13669	 * failure.
13670	 */
13671	if ((rq == NULL)
13672	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
13673		ctl_set_busy(&io->scsiio);
13674
13675	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
13676
13677		if (rq != NULL)
13678			ctl_dt_req_free(rq);
13679
13680		/*
13681		 * The data move failed.  We need to return status back
13682		 * to the other controller.  No point in trying to DMA
13683		 * data to the remote controller.
13684		 */
13685
13686		ctl_send_datamove_done(io, /*have_lock*/ 0);
13687
13688		retval = 1;
13689
13690		goto bailout;
13691	}
13692
13693	local_sglist = io->io_hdr.local_sglist;
13694	local_dma_sglist = io->io_hdr.local_dma_sglist;
13695	remote_sglist = io->io_hdr.remote_sglist;
13696	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13697	local_used = 0;
13698	remote_used = 0;
13699	total_used = 0;
13700
13701	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
13702		rq->ret = CTL_HA_STATUS_SUCCESS;
13703		rq->context = io;
13704		callback(rq);
13705		goto bailout;
13706	}
13707
13708	/*
13709	 * Pull/push the data over the wire from/to the other controller.
13710	 * This takes into account the possibility that the local and
13711	 * remote sglists may not be identical in terms of the size of
13712	 * the elements and the number of elements.
13713	 *
13714	 * One fundamental assumption here is that the length allocated for
13715	 * both the local and remote sglists is identical.  Otherwise, we've
13716	 * essentially got a coding error of some sort.
13717	 */
13718	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
13719		int isc_ret;
13720		uint32_t cur_len, dma_length;
13721		uint8_t *tmp_ptr;
13722
13723		rq->id = CTL_HA_DATA_CTL;
13724		rq->command = command;
13725		rq->context = io;
13726
13727		/*
13728		 * Both pointers should be aligned.  But it is possible
13729		 * that the allocation length is not.  They should both
13730		 * also have enough slack left over at the end, though,
13731		 * to round up to the next 8 byte boundary.
13732		 */
13733		cur_len = ctl_min(local_sglist[i].len - local_used,
13734				  remote_sglist[j].len - remote_used);
13735
13736		/*
13737		 * In this case, we have a size issue and need to decrease
13738		 * the size, except in the case where we actually have less
13739		 * than 8 bytes left.  In that case, we need to increase
13740		 * the DMA length to get the last bit.
13741		 */
13742		if ((cur_len & 0x7) != 0) {
13743			if (cur_len > 0x7) {
13744				cur_len = cur_len - (cur_len & 0x7);
13745				dma_length = cur_len;
13746			} else {
13747				CTL_SIZE_8B(dma_length, cur_len);
13748			}
13749
13750		} else
13751			dma_length = cur_len;
13752
13753		/*
13754		 * If we had to allocate memory for this I/O, instead of using
13755		 * the non-cached mirror memory, we'll need to flush the cache
13756		 * before trying to DMA to the other controller.
13757		 *
13758		 * We could end up doing this multiple times for the same
13759		 * segment if we have a larger local segment than remote
13760		 * segment.  That shouldn't be an issue.
13761		 */
13762		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13763			/*
13764			 * XXX KDM use bus_dmamap_sync() here.
13765			 */
13766		}
13767
13768		rq->size = dma_length;
13769
13770		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13771		tmp_ptr += local_used;
13772
13773		/* Use physical addresses when talking to ISC hardware */
13774		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13775			/* XXX KDM use busdma */
13776#if 0
13777			rq->local = vtophys(tmp_ptr);
13778#endif
13779		} else
13780			rq->local = tmp_ptr;
13781
13782		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13783		tmp_ptr += remote_used;
13784		rq->remote = tmp_ptr;
13785
13786		rq->callback = NULL;
13787
13788		local_used += cur_len;
13789		if (local_used >= local_sglist[i].len) {
13790			i++;
13791			local_used = 0;
13792		}
13793
13794		remote_used += cur_len;
13795		if (remote_used >= remote_sglist[j].len) {
13796			j++;
13797			remote_used = 0;
13798		}
13799		total_used += cur_len;
13800
13801		if (total_used >= io->scsiio.kern_data_len)
13802			rq->callback = callback;
13803
13804		if ((rq->size & 0x7) != 0) {
13805			printf("%s: warning: size %d is not on 8b boundary\n",
13806			       __func__, rq->size);
13807		}
13808		if (((uintptr_t)rq->local & 0x7) != 0) {
13809			printf("%s: warning: local %p not on 8b boundary\n",
13810			       __func__, rq->local);
13811		}
13812		if (((uintptr_t)rq->remote & 0x7) != 0) {
13813			printf("%s: warning: remote %p not on 8b boundary\n",
13814			       __func__, rq->local);
13815		}
13816#if 0
13817		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
13818		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13819		       rq->local, rq->remote, rq->size);
13820#endif
13821
13822		isc_ret = ctl_dt_single(rq);
13823		if (isc_ret == CTL_HA_STATUS_WAIT)
13824			continue;
13825
13826		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
13827			rq->ret = CTL_HA_STATUS_SUCCESS;
13828		} else {
13829			rq->ret = isc_ret;
13830		}
13831		callback(rq);
13832		goto bailout;
13833	}
13834
13835bailout:
13836	return (retval);
13837
13838}
13839
13840static void
13841ctl_datamove_remote_read(union ctl_io *io)
13842{
13843	int retval;
13844	int i;
13845
13846	/*
13847	 * This will send an error to the other controller in the case of a
13848	 * failure.
13849	 */
13850	retval = ctl_datamove_remote_sgl_setup(io);
13851	if (retval != 0)
13852		return;
13853
13854	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13855					  ctl_datamove_remote_read_cb);
13856	if ((retval != 0)
13857	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
13858		/*
13859		 * Make sure we free memory if there was an error..  The
13860		 * ctl_datamove_remote_xfer() function will send the
13861		 * datamove done message, or call the callback with an
13862		 * error if there is a problem.
13863		 */
13864		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13865			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13866	}
13867
13868	return;
13869}
13870
13871/*
13872 * Process a datamove request from the other controller.  This is used for
13873 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13874 * first.  Once that is complete, the data gets DMAed into the remote
13875 * controller's memory.  For reads, we DMA from the remote controller's
13876 * memory into our memory first, and then move it out to the FETD.
13877 */
13878static void
13879ctl_datamove_remote(union ctl_io *io)
13880{
13881	struct ctl_softc *softc;
13882
13883	softc = control_softc;
13884
13885	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13886
13887	/*
13888	 * Note that we look for an aborted I/O here, but don't do some of
13889	 * the other checks that ctl_datamove() normally does.
13890	 * We don't need to run the datamove delay code, since that should
13891	 * have been done if need be on the other controller.
13892	 */
13893	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13894		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13895		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13896		       io->io_hdr.nexus.targ_port,
13897		       io->io_hdr.nexus.targ_target.id,
13898		       io->io_hdr.nexus.targ_lun);
13899		io->io_hdr.port_status = 31338;
13900		ctl_send_datamove_done(io, /*have_lock*/ 0);
13901		return;
13902	}
13903
13904	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13905		ctl_datamove_remote_write(io);
13906	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13907		ctl_datamove_remote_read(io);
13908	} else {
13909		union ctl_ha_msg msg;
13910		struct scsi_sense_data *sense;
13911		uint8_t sks[3];
13912		int retry_count;
13913
13914		memset(&msg, 0, sizeof(msg));
13915
13916		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13917		msg.hdr.status = CTL_SCSI_ERROR;
13918		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13919
13920		retry_count = 4243;
13921
13922		sense = &msg.scsi.sense_data;
13923		sks[0] = SSD_SCS_VALID;
13924		sks[1] = (retry_count >> 8) & 0xff;
13925		sks[2] = retry_count & 0xff;
13926
13927		/* "Internal target failure" */
13928		scsi_set_sense_data(sense,
13929				    /*sense_format*/ SSD_TYPE_NONE,
13930				    /*current_error*/ 1,
13931				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13932				    /*asc*/ 0x44,
13933				    /*ascq*/ 0x00,
13934				    /*type*/ SSD_ELEM_SKS,
13935				    /*size*/ sizeof(sks),
13936				    /*data*/ sks,
13937				    SSD_ELEM_NONE);
13938
13939		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13940		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13941			ctl_failover_io(io, /*have_lock*/ 1);
13942			return;
13943		}
13944
13945		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13946		    CTL_HA_STATUS_SUCCESS) {
13947			/* XXX KDM what to do if this fails? */
13948		}
13949		return;
13950	}
13951
13952}
13953
13954static int
13955ctl_process_done(union ctl_io *io)
13956{
13957	struct ctl_lun *lun;
13958	struct ctl_softc *ctl_softc;
13959	void (*fe_done)(union ctl_io *io);
13960	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13961
13962	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13963
13964	fe_done =
13965	    control_softc->ctl_ports[targ_port]->fe_done;
13966
13967#ifdef CTL_TIME_IO
13968	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13969		char str[256];
13970		char path_str[64];
13971		struct sbuf sb;
13972
13973		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13974		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13975
13976		sbuf_cat(&sb, path_str);
13977		switch (io->io_hdr.io_type) {
13978		case CTL_IO_SCSI:
13979			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13980			sbuf_printf(&sb, "\n");
13981			sbuf_cat(&sb, path_str);
13982			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13983				    io->scsiio.tag_num, io->scsiio.tag_type);
13984			break;
13985		case CTL_IO_TASK:
13986			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13987				    "Tag Type: %d\n", io->taskio.task_action,
13988				    io->taskio.tag_num, io->taskio.tag_type);
13989			break;
13990		default:
13991			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13992			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13993			break;
13994		}
13995		sbuf_cat(&sb, path_str);
13996		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13997			    (intmax_t)time_uptime - io->io_hdr.start_time);
13998		sbuf_finish(&sb);
13999		printf("%s", sbuf_data(&sb));
14000	}
14001#endif /* CTL_TIME_IO */
14002
14003	switch (io->io_hdr.io_type) {
14004	case CTL_IO_SCSI:
14005		break;
14006	case CTL_IO_TASK:
14007		if (bootverbose || verbose > 0)
14008			ctl_io_error_print(io, NULL);
14009		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
14010			ctl_free_io(io);
14011		else
14012			fe_done(io);
14013		return (CTL_RETVAL_COMPLETE);
14014		break;
14015	default:
14016		printf("ctl_process_done: invalid io type %d\n",
14017		       io->io_hdr.io_type);
14018		panic("ctl_process_done: invalid io type %d\n",
14019		      io->io_hdr.io_type);
14020		break; /* NOTREACHED */
14021	}
14022
14023	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14024	if (lun == NULL) {
14025		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
14026				 io->io_hdr.nexus.targ_mapped_lun));
14027		fe_done(io);
14028		goto bailout;
14029	}
14030	ctl_softc = lun->ctl_softc;
14031
14032	mtx_lock(&lun->lun_lock);
14033
14034	/*
14035	 * Check to see if we have any errors to inject here.  We only
14036	 * inject errors for commands that don't already have errors set.
14037	 */
14038	if ((STAILQ_FIRST(&lun->error_list) != NULL)
14039	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
14040		ctl_inject_error(lun, io);
14041
14042	/*
14043	 * XXX KDM how do we treat commands that aren't completed
14044	 * successfully?
14045	 *
14046	 * XXX KDM should we also track I/O latency?
14047	 */
14048	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
14049	    io->io_hdr.io_type == CTL_IO_SCSI) {
14050#ifdef CTL_TIME_IO
14051		struct bintime cur_bt;
14052#endif
14053		int type;
14054
14055		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
14056		    CTL_FLAG_DATA_IN)
14057			type = CTL_STATS_READ;
14058		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
14059		    CTL_FLAG_DATA_OUT)
14060			type = CTL_STATS_WRITE;
14061		else
14062			type = CTL_STATS_NO_IO;
14063
14064		lun->stats.ports[targ_port].bytes[type] +=
14065		    io->scsiio.kern_total_len;
14066		lun->stats.ports[targ_port].operations[type]++;
14067#ifdef CTL_TIME_IO
14068		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
14069		   &io->io_hdr.dma_bt);
14070		lun->stats.ports[targ_port].num_dmas[type] +=
14071		    io->io_hdr.num_dmas;
14072		getbintime(&cur_bt);
14073		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
14074		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
14075#endif
14076	}
14077
14078	/*
14079	 * Remove this from the OOA queue.
14080	 */
14081	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
14082
14083	/*
14084	 * Run through the blocked queue on this LUN and see if anything
14085	 * has become unblocked, now that this transaction is done.
14086	 */
14087	ctl_check_blocked(lun);
14088
14089	/*
14090	 * If the LUN has been invalidated, free it if there is nothing
14091	 * left on its OOA queue.
14092	 */
14093	if ((lun->flags & CTL_LUN_INVALID)
14094	 && TAILQ_EMPTY(&lun->ooa_queue)) {
14095		mtx_unlock(&lun->lun_lock);
14096		mtx_lock(&ctl_softc->ctl_lock);
14097		ctl_free_lun(lun);
14098		mtx_unlock(&ctl_softc->ctl_lock);
14099	} else
14100		mtx_unlock(&lun->lun_lock);
14101
14102	/*
14103	 * If this command has been aborted, make sure we set the status
14104	 * properly.  The FETD is responsible for freeing the I/O and doing
14105	 * whatever it needs to do to clean up its state.
14106	 */
14107	if (io->io_hdr.flags & CTL_FLAG_ABORT)
14108		ctl_set_task_aborted(&io->scsiio);
14109
14110	/*
14111	 * We print out status for every task management command.  For SCSI
14112	 * commands, we filter out any unit attention errors; they happen
14113	 * on every boot, and would clutter up the log.  Note:  task
14114	 * management commands aren't printed here, they are printed above,
14115	 * since they should never even make it down here.
14116	 */
14117	switch (io->io_hdr.io_type) {
14118	case CTL_IO_SCSI: {
14119		int error_code, sense_key, asc, ascq;
14120
14121		sense_key = 0;
14122
14123		if (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR)
14124		 && (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
14125			/*
14126			 * Since this is just for printing, no need to
14127			 * show errors here.
14128			 */
14129			scsi_extract_sense_len(&io->scsiio.sense_data,
14130					       io->scsiio.sense_len,
14131					       &error_code,
14132					       &sense_key,
14133					       &asc,
14134					       &ascq,
14135					       /*show_errors*/ 0);
14136		}
14137
14138		if (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
14139		 && (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SCSI_ERROR)
14140		  || (io->scsiio.scsi_status != SCSI_STATUS_CHECK_COND)
14141		  || (sense_key != SSD_KEY_UNIT_ATTENTION))) {
14142
14143			if ((time_uptime - ctl_softc->last_print_jiffies) <= 0){
14144				ctl_softc->skipped_prints++;
14145			} else {
14146				uint32_t skipped_prints;
14147
14148				skipped_prints = ctl_softc->skipped_prints;
14149
14150				ctl_softc->skipped_prints = 0;
14151				ctl_softc->last_print_jiffies = time_uptime;
14152
14153				if (skipped_prints > 0) {
14154#ifdef NEEDTOPORT
14155					csevent_log(CSC_CTL | CSC_SHELF_SW |
14156					    CTL_ERROR_REPORT,
14157					    csevent_LogType_Trace,
14158					    csevent_Severity_Information,
14159					    csevent_AlertLevel_Green,
14160					    csevent_FRU_Firmware,
14161					    csevent_FRU_Unknown,
14162					    "High CTL error volume, %d prints "
14163					    "skipped", skipped_prints);
14164#endif
14165				}
14166				if (bootverbose || verbose > 0)
14167					ctl_io_error_print(io, NULL);
14168			}
14169		}
14170		break;
14171	}
14172	case CTL_IO_TASK:
14173		if (bootverbose || verbose > 0)
14174			ctl_io_error_print(io, NULL);
14175		break;
14176	default:
14177		break;
14178	}
14179
14180	/*
14181	 * Tell the FETD or the other shelf controller we're done with this
14182	 * command.  Note that only SCSI commands get to this point.  Task
14183	 * management commands are completed above.
14184	 *
14185	 * We only send status to the other controller if we're in XFER
14186	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
14187	 * received the I/O (from CTL's perspective), and so the status is
14188	 * generated there.
14189	 *
14190	 * XXX KDM if we hold the lock here, we could cause a deadlock
14191	 * if the frontend comes back in in this context to queue
14192	 * something.
14193	 */
14194	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
14195	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
14196		union ctl_ha_msg msg;
14197
14198		memset(&msg, 0, sizeof(msg));
14199		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
14200		msg.hdr.original_sc = io->io_hdr.original_sc;
14201		msg.hdr.nexus = io->io_hdr.nexus;
14202		msg.hdr.status = io->io_hdr.status;
14203		msg.scsi.scsi_status = io->scsiio.scsi_status;
14204		msg.scsi.tag_num = io->scsiio.tag_num;
14205		msg.scsi.tag_type = io->scsiio.tag_type;
14206		msg.scsi.sense_len = io->scsiio.sense_len;
14207		msg.scsi.sense_residual = io->scsiio.sense_residual;
14208		msg.scsi.residual = io->scsiio.residual;
14209		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
14210		       sizeof(io->scsiio.sense_data));
14211		/*
14212		 * We copy this whether or not this is an I/O-related
14213		 * command.  Otherwise, we'd have to go and check to see
14214		 * whether it's a read/write command, and it really isn't
14215		 * worth it.
14216		 */
14217		memcpy(&msg.scsi.lbalen,
14218		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
14219		       sizeof(msg.scsi.lbalen));
14220
14221		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
14222				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
14223			/* XXX do something here */
14224		}
14225
14226		ctl_free_io(io);
14227	} else
14228		fe_done(io);
14229
14230bailout:
14231
14232	return (CTL_RETVAL_COMPLETE);
14233}
14234
14235#ifdef CTL_WITH_CA
14236/*
14237 * Front end should call this if it doesn't do autosense.  When the request
14238 * sense comes back in from the initiator, we'll dequeue this and send it.
14239 */
14240int
14241ctl_queue_sense(union ctl_io *io)
14242{
14243	struct ctl_lun *lun;
14244	struct ctl_softc *ctl_softc;
14245	uint32_t initidx, targ_lun;
14246
14247	ctl_softc = control_softc;
14248
14249	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
14250
14251	/*
14252	 * LUN lookup will likely move to the ctl_work_thread() once we
14253	 * have our new queueing infrastructure (that doesn't put things on
14254	 * a per-LUN queue initially).  That is so that we can handle
14255	 * things like an INQUIRY to a LUN that we don't have enabled.  We
14256	 * can't deal with that right now.
14257	 */
14258	mtx_lock(&ctl_softc->ctl_lock);
14259
14260	/*
14261	 * If we don't have a LUN for this, just toss the sense
14262	 * information.
14263	 */
14264	targ_lun = io->io_hdr.nexus.targ_lun;
14265	targ_lun = ctl_map_lun(io->io_hdr.nexus.targ_port, targ_lun);
14266	if ((targ_lun < CTL_MAX_LUNS)
14267	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
14268		lun = ctl_softc->ctl_luns[targ_lun];
14269	else
14270		goto bailout;
14271
14272	initidx = ctl_get_initindex(&io->io_hdr.nexus);
14273
14274	mtx_lock(&lun->lun_lock);
14275	/*
14276	 * Already have CA set for this LUN...toss the sense information.
14277	 */
14278	if (ctl_is_set(lun->have_ca, initidx)) {
14279		mtx_unlock(&lun->lun_lock);
14280		goto bailout;
14281	}
14282
14283	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
14284	       ctl_min(sizeof(lun->pending_sense[initidx]),
14285	       sizeof(io->scsiio.sense_data)));
14286	ctl_set_mask(lun->have_ca, initidx);
14287	mtx_unlock(&lun->lun_lock);
14288
14289bailout:
14290	mtx_unlock(&ctl_softc->ctl_lock);
14291
14292	ctl_free_io(io);
14293
14294	return (CTL_RETVAL_COMPLETE);
14295}
14296#endif
14297
14298/*
14299 * Primary command inlet from frontend ports.  All SCSI and task I/O
14300 * requests must go through this function.
14301 */
14302int
14303ctl_queue(union ctl_io *io)
14304{
14305	struct ctl_softc *ctl_softc;
14306
14307	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
14308
14309	ctl_softc = control_softc;
14310
14311#ifdef CTL_TIME_IO
14312	io->io_hdr.start_time = time_uptime;
14313	getbintime(&io->io_hdr.start_bt);
14314#endif /* CTL_TIME_IO */
14315
14316	/* Map FE-specific LUN ID into global one. */
14317	io->io_hdr.nexus.targ_mapped_lun =
14318	    ctl_map_lun(io->io_hdr.nexus.targ_port, io->io_hdr.nexus.targ_lun);
14319
14320	switch (io->io_hdr.io_type) {
14321	case CTL_IO_SCSI:
14322	case CTL_IO_TASK:
14323		ctl_enqueue_incoming(io);
14324		break;
14325	default:
14326		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
14327		return (EINVAL);
14328	}
14329
14330	return (CTL_RETVAL_COMPLETE);
14331}
14332
14333#ifdef CTL_IO_DELAY
14334static void
14335ctl_done_timer_wakeup(void *arg)
14336{
14337	union ctl_io *io;
14338
14339	io = (union ctl_io *)arg;
14340	ctl_done(io);
14341}
14342#endif /* CTL_IO_DELAY */
14343
14344void
14345ctl_done(union ctl_io *io)
14346{
14347	struct ctl_softc *ctl_softc;
14348
14349	ctl_softc = control_softc;
14350
14351	/*
14352	 * Enable this to catch duplicate completion issues.
14353	 */
14354#if 0
14355	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
14356		printf("%s: type %d msg %d cdb %x iptl: "
14357		       "%d:%d:%d:%d tag 0x%04x "
14358		       "flag %#x status %x\n",
14359			__func__,
14360			io->io_hdr.io_type,
14361			io->io_hdr.msg_type,
14362			io->scsiio.cdb[0],
14363			io->io_hdr.nexus.initid.id,
14364			io->io_hdr.nexus.targ_port,
14365			io->io_hdr.nexus.targ_target.id,
14366			io->io_hdr.nexus.targ_lun,
14367			(io->io_hdr.io_type ==
14368			CTL_IO_TASK) ?
14369			io->taskio.tag_num :
14370			io->scsiio.tag_num,
14371		        io->io_hdr.flags,
14372			io->io_hdr.status);
14373	} else
14374		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
14375#endif
14376
14377	/*
14378	 * This is an internal copy of an I/O, and should not go through
14379	 * the normal done processing logic.
14380	 */
14381	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
14382		return;
14383
14384	/*
14385	 * We need to send a msg to the serializing shelf to finish the IO
14386	 * as well.  We don't send a finish message to the other shelf if
14387	 * this is a task management command.  Task management commands
14388	 * aren't serialized in the OOA queue, but rather just executed on
14389	 * both shelf controllers for commands that originated on that
14390	 * controller.
14391	 */
14392	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
14393	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
14394		union ctl_ha_msg msg_io;
14395
14396		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
14397		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
14398		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
14399		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
14400		}
14401		/* continue on to finish IO */
14402	}
14403#ifdef CTL_IO_DELAY
14404	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
14405		struct ctl_lun *lun;
14406
14407		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14408
14409		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
14410	} else {
14411		struct ctl_lun *lun;
14412
14413		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14414
14415		if ((lun != NULL)
14416		 && (lun->delay_info.done_delay > 0)) {
14417			struct callout *callout;
14418
14419			callout = (struct callout *)&io->io_hdr.timer_bytes;
14420			callout_init(callout, /*mpsafe*/ 1);
14421			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
14422			callout_reset(callout,
14423				      lun->delay_info.done_delay * hz,
14424				      ctl_done_timer_wakeup, io);
14425			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
14426				lun->delay_info.done_delay = 0;
14427			return;
14428		}
14429	}
14430#endif /* CTL_IO_DELAY */
14431
14432	ctl_enqueue_done(io);
14433}
14434
14435int
14436ctl_isc(struct ctl_scsiio *ctsio)
14437{
14438	struct ctl_lun *lun;
14439	int retval;
14440
14441	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14442
14443	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
14444
14445	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
14446
14447	retval = lun->backend->data_submit((union ctl_io *)ctsio);
14448
14449	return (retval);
14450}
14451
14452
14453static void
14454ctl_work_thread(void *arg)
14455{
14456	struct ctl_thread *thr = (struct ctl_thread *)arg;
14457	struct ctl_softc *softc = thr->ctl_softc;
14458	union ctl_io *io;
14459	int retval;
14460
14461	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
14462
14463	for (;;) {
14464		retval = 0;
14465
14466		/*
14467		 * We handle the queues in this order:
14468		 * - ISC
14469		 * - done queue (to free up resources, unblock other commands)
14470		 * - RtR queue
14471		 * - incoming queue
14472		 *
14473		 * If those queues are empty, we break out of the loop and
14474		 * go to sleep.
14475		 */
14476		mtx_lock(&thr->queue_lock);
14477		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
14478		if (io != NULL) {
14479			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
14480			mtx_unlock(&thr->queue_lock);
14481			ctl_handle_isc(io);
14482			continue;
14483		}
14484		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
14485		if (io != NULL) {
14486			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
14487			/* clear any blocked commands, call fe_done */
14488			mtx_unlock(&thr->queue_lock);
14489			retval = ctl_process_done(io);
14490			continue;
14491		}
14492		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
14493		if (io != NULL) {
14494			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
14495			mtx_unlock(&thr->queue_lock);
14496			if (io->io_hdr.io_type == CTL_IO_TASK)
14497				ctl_run_task(io);
14498			else
14499				ctl_scsiio_precheck(softc, &io->scsiio);
14500			continue;
14501		}
14502		if (!ctl_pause_rtr) {
14503			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
14504			if (io != NULL) {
14505				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
14506				mtx_unlock(&thr->queue_lock);
14507				retval = ctl_scsiio(&io->scsiio);
14508				if (retval != CTL_RETVAL_COMPLETE)
14509					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
14510				continue;
14511			}
14512		}
14513
14514		/* Sleep until we have something to do. */
14515		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
14516	}
14517}
14518
14519static void
14520ctl_lun_thread(void *arg)
14521{
14522	struct ctl_softc *softc = (struct ctl_softc *)arg;
14523	struct ctl_be_lun *be_lun;
14524	int retval;
14525
14526	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
14527
14528	for (;;) {
14529		retval = 0;
14530		mtx_lock(&softc->ctl_lock);
14531		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
14532		if (be_lun != NULL) {
14533			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
14534			mtx_unlock(&softc->ctl_lock);
14535			ctl_create_lun(be_lun);
14536			continue;
14537		}
14538
14539		/* Sleep until we have something to do. */
14540		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
14541		    PDROP | PRIBIO, "-", 0);
14542	}
14543}
14544
14545static void
14546ctl_enqueue_incoming(union ctl_io *io)
14547{
14548	struct ctl_softc *softc = control_softc;
14549	struct ctl_thread *thr;
14550	u_int idx;
14551
14552	idx = (io->io_hdr.nexus.targ_port * 127 +
14553	       io->io_hdr.nexus.initid.id) % worker_threads;
14554	thr = &softc->threads[idx];
14555	mtx_lock(&thr->queue_lock);
14556	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
14557	mtx_unlock(&thr->queue_lock);
14558	wakeup(thr);
14559}
14560
14561static void
14562ctl_enqueue_rtr(union ctl_io *io)
14563{
14564	struct ctl_softc *softc = control_softc;
14565	struct ctl_thread *thr;
14566
14567	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14568	mtx_lock(&thr->queue_lock);
14569	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
14570	mtx_unlock(&thr->queue_lock);
14571	wakeup(thr);
14572}
14573
14574static void
14575ctl_enqueue_done(union ctl_io *io)
14576{
14577	struct ctl_softc *softc = control_softc;
14578	struct ctl_thread *thr;
14579
14580	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14581	mtx_lock(&thr->queue_lock);
14582	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
14583	mtx_unlock(&thr->queue_lock);
14584	wakeup(thr);
14585}
14586
14587static void
14588ctl_enqueue_isc(union ctl_io *io)
14589{
14590	struct ctl_softc *softc = control_softc;
14591	struct ctl_thread *thr;
14592
14593	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14594	mtx_lock(&thr->queue_lock);
14595	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
14596	mtx_unlock(&thr->queue_lock);
14597	wakeup(thr);
14598}
14599
14600/* Initialization and failover */
14601
14602void
14603ctl_init_isc_msg(void)
14604{
14605	printf("CTL: Still calling this thing\n");
14606}
14607
14608/*
14609 * Init component
14610 * 	Initializes component into configuration defined by bootMode
14611 *	(see hasc-sv.c)
14612 *  	returns hasc_Status:
14613 * 		OK
14614 *		ERROR - fatal error
14615 */
14616static ctl_ha_comp_status
14617ctl_isc_init(struct ctl_ha_component *c)
14618{
14619	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14620
14621	c->status = ret;
14622	return ret;
14623}
14624
14625/* Start component
14626 * 	Starts component in state requested. If component starts successfully,
14627 *	it must set its own state to the requestrd state
14628 *	When requested state is HASC_STATE_HA, the component may refine it
14629 * 	by adding _SLAVE or _MASTER flags.
14630 *	Currently allowed state transitions are:
14631 *	UNKNOWN->HA		- initial startup
14632 *	UNKNOWN->SINGLE - initial startup when no parter detected
14633 *	HA->SINGLE		- failover
14634 * returns ctl_ha_comp_status:
14635 * 		OK	- component successfully started in requested state
14636 *		FAILED  - could not start the requested state, failover may
14637 * 			  be possible
14638 *		ERROR	- fatal error detected, no future startup possible
14639 */
14640static ctl_ha_comp_status
14641ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
14642{
14643	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14644
14645	printf("%s: go\n", __func__);
14646
14647	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
14648	if (c->state == CTL_HA_STATE_UNKNOWN ) {
14649		ctl_is_single = 0;
14650		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
14651		    != CTL_HA_STATUS_SUCCESS) {
14652			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
14653			ret = CTL_HA_COMP_STATUS_ERROR;
14654		}
14655	} else if (CTL_HA_STATE_IS_HA(c->state)
14656		&& CTL_HA_STATE_IS_SINGLE(state)){
14657		// HA->SINGLE transition
14658	        ctl_failover();
14659		ctl_is_single = 1;
14660	} else {
14661		printf("ctl_isc_start:Invalid state transition %X->%X\n",
14662		       c->state, state);
14663		ret = CTL_HA_COMP_STATUS_ERROR;
14664	}
14665	if (CTL_HA_STATE_IS_SINGLE(state))
14666		ctl_is_single = 1;
14667
14668	c->state = state;
14669	c->status = ret;
14670	return ret;
14671}
14672
14673/*
14674 * Quiesce component
14675 * The component must clear any error conditions (set status to OK) and
14676 * prepare itself to another Start call
14677 * returns ctl_ha_comp_status:
14678 * 	OK
14679 *	ERROR
14680 */
14681static ctl_ha_comp_status
14682ctl_isc_quiesce(struct ctl_ha_component *c)
14683{
14684	int ret = CTL_HA_COMP_STATUS_OK;
14685
14686	ctl_pause_rtr = 1;
14687	c->status = ret;
14688	return ret;
14689}
14690
14691struct ctl_ha_component ctl_ha_component_ctlisc =
14692{
14693	.name = "CTL ISC",
14694	.state = CTL_HA_STATE_UNKNOWN,
14695	.init = ctl_isc_init,
14696	.start = ctl_isc_start,
14697	.quiesce = ctl_isc_quiesce
14698};
14699
14700/*
14701 *  vim: ts=8
14702 */
14703