ctl.c revision 268685 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 268685 2014-07-15 17:08:04Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/kernel.h>
50#include <sys/types.h>
51#include <sys/kthread.h>
52#include <sys/bio.h>
53#include <sys/fcntl.h>
54#include <sys/lock.h>
55#include <sys/module.h>
56#include <sys/mutex.h>
57#include <sys/condvar.h>
58#include <sys/malloc.h>
59#include <sys/conf.h>
60#include <sys/ioccom.h>
61#include <sys/queue.h>
62#include <sys/sbuf.h>
63#include <sys/smp.h>
64#include <sys/endian.h>
65#include <sys/sysctl.h>
66
67#include <cam/cam.h>
68#include <cam/scsi/scsi_all.h>
69#include <cam/scsi/scsi_da.h>
70#include <cam/ctl/ctl_io.h>
71#include <cam/ctl/ctl.h>
72#include <cam/ctl/ctl_frontend.h>
73#include <cam/ctl/ctl_frontend_internal.h>
74#include <cam/ctl/ctl_util.h>
75#include <cam/ctl/ctl_backend.h>
76#include <cam/ctl/ctl_ioctl.h>
77#include <cam/ctl/ctl_ha.h>
78#include <cam/ctl/ctl_private.h>
79#include <cam/ctl/ctl_debug.h>
80#include <cam/ctl/ctl_scsi_all.h>
81#include <cam/ctl/ctl_error.h>
82
83struct ctl_softc *control_softc = NULL;
84
85/*
86 * Size and alignment macros needed for Copan-specific HA hardware.  These
87 * can go away when the HA code is re-written, and uses busdma for any
88 * hardware.
89 */
90#define	CTL_ALIGN_8B(target, source, type)				\
91	if (((uint32_t)source & 0x7) != 0)				\
92		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
93	else								\
94		target = (type)source;
95
96#define	CTL_SIZE_8B(target, size)					\
97	if ((size & 0x7) != 0)						\
98		target = size + (0x8 - (size & 0x7));			\
99	else								\
100		target = size;
101
102#define CTL_ALIGN_8B_MARGIN	16
103
104/*
105 * Template mode pages.
106 */
107
108/*
109 * Note that these are default values only.  The actual values will be
110 * filled in when the user does a mode sense.
111 */
112static struct copan_power_subpage power_page_default = {
113	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
114	/*subpage*/ PWR_SUBPAGE_CODE,
115	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
116			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
117	/*page_version*/ PWR_VERSION,
118	/* total_luns */ 26,
119	/* max_active_luns*/ PWR_DFLT_MAX_LUNS,
120	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
121		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
122		      0, 0, 0, 0, 0, 0}
123};
124
125static struct copan_power_subpage power_page_changeable = {
126	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
127	/*subpage*/ PWR_SUBPAGE_CODE,
128	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
129			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
130	/*page_version*/ 0,
131	/* total_luns */ 0,
132	/* max_active_luns*/ 0,
133	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
134		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
135		      0, 0, 0, 0, 0, 0}
136};
137
138static struct copan_aps_subpage aps_page_default = {
139	APS_PAGE_CODE | SMPH_SPF, //page_code
140	APS_SUBPAGE_CODE, //subpage
141	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
142	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
143	APS_VERSION, //page_version
144	0, //lock_active
145	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
146	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
147	0, 0, 0, 0, 0} //reserved
148};
149
150static struct copan_aps_subpage aps_page_changeable = {
151	APS_PAGE_CODE | SMPH_SPF, //page_code
152	APS_SUBPAGE_CODE, //subpage
153	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
154	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
155	0, //page_version
156	0, //lock_active
157	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
158	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
159	0, 0, 0, 0, 0} //reserved
160};
161
162static struct copan_debugconf_subpage debugconf_page_default = {
163	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
164	DBGCNF_SUBPAGE_CODE,		/* subpage */
165	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
166	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
167	DBGCNF_VERSION,			/* page_version */
168	{CTL_TIME_IO_DEFAULT_SECS>>8,
169	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
170};
171
172static struct copan_debugconf_subpage debugconf_page_changeable = {
173	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
174	DBGCNF_SUBPAGE_CODE,		/* subpage */
175	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
176	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
177	0,				/* page_version */
178	{0xff,0xff},			/* ctl_time_io_secs */
179};
180
181static struct scsi_format_page format_page_default = {
182	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
183	/*page_length*/sizeof(struct scsi_format_page) - 2,
184	/*tracks_per_zone*/ {0, 0},
185	/*alt_sectors_per_zone*/ {0, 0},
186	/*alt_tracks_per_zone*/ {0, 0},
187	/*alt_tracks_per_lun*/ {0, 0},
188	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
189			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
190	/*bytes_per_sector*/ {0, 0},
191	/*interleave*/ {0, 0},
192	/*track_skew*/ {0, 0},
193	/*cylinder_skew*/ {0, 0},
194	/*flags*/ SFP_HSEC,
195	/*reserved*/ {0, 0, 0}
196};
197
198static struct scsi_format_page format_page_changeable = {
199	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
200	/*page_length*/sizeof(struct scsi_format_page) - 2,
201	/*tracks_per_zone*/ {0, 0},
202	/*alt_sectors_per_zone*/ {0, 0},
203	/*alt_tracks_per_zone*/ {0, 0},
204	/*alt_tracks_per_lun*/ {0, 0},
205	/*sectors_per_track*/ {0, 0},
206	/*bytes_per_sector*/ {0, 0},
207	/*interleave*/ {0, 0},
208	/*track_skew*/ {0, 0},
209	/*cylinder_skew*/ {0, 0},
210	/*flags*/ 0,
211	/*reserved*/ {0, 0, 0}
212};
213
214static struct scsi_rigid_disk_page rigid_disk_page_default = {
215	/*page_code*/SMS_RIGID_DISK_PAGE,
216	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
217	/*cylinders*/ {0, 0, 0},
218	/*heads*/ CTL_DEFAULT_HEADS,
219	/*start_write_precomp*/ {0, 0, 0},
220	/*start_reduced_current*/ {0, 0, 0},
221	/*step_rate*/ {0, 0},
222	/*landing_zone_cylinder*/ {0, 0, 0},
223	/*rpl*/ SRDP_RPL_DISABLED,
224	/*rotational_offset*/ 0,
225	/*reserved1*/ 0,
226	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
227			   CTL_DEFAULT_ROTATION_RATE & 0xff},
228	/*reserved2*/ {0, 0}
229};
230
231static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
232	/*page_code*/SMS_RIGID_DISK_PAGE,
233	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
234	/*cylinders*/ {0, 0, 0},
235	/*heads*/ 0,
236	/*start_write_precomp*/ {0, 0, 0},
237	/*start_reduced_current*/ {0, 0, 0},
238	/*step_rate*/ {0, 0},
239	/*landing_zone_cylinder*/ {0, 0, 0},
240	/*rpl*/ 0,
241	/*rotational_offset*/ 0,
242	/*reserved1*/ 0,
243	/*rotation_rate*/ {0, 0},
244	/*reserved2*/ {0, 0}
245};
246
247static struct scsi_caching_page caching_page_default = {
248	/*page_code*/SMS_CACHING_PAGE,
249	/*page_length*/sizeof(struct scsi_caching_page) - 2,
250	/*flags1*/ SCP_DISC | SCP_WCE,
251	/*ret_priority*/ 0,
252	/*disable_pf_transfer_len*/ {0xff, 0xff},
253	/*min_prefetch*/ {0, 0},
254	/*max_prefetch*/ {0xff, 0xff},
255	/*max_pf_ceiling*/ {0xff, 0xff},
256	/*flags2*/ 0,
257	/*cache_segments*/ 0,
258	/*cache_seg_size*/ {0, 0},
259	/*reserved*/ 0,
260	/*non_cache_seg_size*/ {0, 0, 0}
261};
262
263static struct scsi_caching_page caching_page_changeable = {
264	/*page_code*/SMS_CACHING_PAGE,
265	/*page_length*/sizeof(struct scsi_caching_page) - 2,
266	/*flags1*/ 0,
267	/*ret_priority*/ 0,
268	/*disable_pf_transfer_len*/ {0, 0},
269	/*min_prefetch*/ {0, 0},
270	/*max_prefetch*/ {0, 0},
271	/*max_pf_ceiling*/ {0, 0},
272	/*flags2*/ 0,
273	/*cache_segments*/ 0,
274	/*cache_seg_size*/ {0, 0},
275	/*reserved*/ 0,
276	/*non_cache_seg_size*/ {0, 0, 0}
277};
278
279static struct scsi_control_page control_page_default = {
280	/*page_code*/SMS_CONTROL_MODE_PAGE,
281	/*page_length*/sizeof(struct scsi_control_page) - 2,
282	/*rlec*/0,
283	/*queue_flags*/0,
284	/*eca_and_aen*/0,
285	/*reserved*/0,
286	/*aen_holdoff_period*/{0, 0}
287};
288
289static struct scsi_control_page control_page_changeable = {
290	/*page_code*/SMS_CONTROL_MODE_PAGE,
291	/*page_length*/sizeof(struct scsi_control_page) - 2,
292	/*rlec*/SCP_DSENSE,
293	/*queue_flags*/0,
294	/*eca_and_aen*/0,
295	/*reserved*/0,
296	/*aen_holdoff_period*/{0, 0}
297};
298
299
300/*
301 * XXX KDM move these into the softc.
302 */
303static int rcv_sync_msg;
304static int persis_offset;
305static uint8_t ctl_pause_rtr;
306static int     ctl_is_single = 1;
307static int     index_to_aps_page;
308
309SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
310static int worker_threads = -1;
311TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
312SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
313    &worker_threads, 1, "Number of worker threads");
314static int verbose = 0;
315TUNABLE_INT("kern.cam.ctl.verbose", &verbose);
316SYSCTL_INT(_kern_cam_ctl, OID_AUTO, verbose, CTLFLAG_RWTUN,
317    &verbose, 0, "Show SCSI errors returned to initiator");
318
319/*
320 * Serial number (0x80), device id (0x83), supported pages (0x00),
321 * Block limits (0xB0) and Logical Block Provisioning (0xB2)
322 */
323#define SCSI_EVPD_NUM_SUPPORTED_PAGES	5
324
325static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
326				  int param);
327static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
328static int ctl_init(void);
329void ctl_shutdown(void);
330static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
331static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
332static void ctl_ioctl_online(void *arg);
333static void ctl_ioctl_offline(void *arg);
334static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
335static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
336static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
337static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
338static int ctl_ioctl_submit_wait(union ctl_io *io);
339static void ctl_ioctl_datamove(union ctl_io *io);
340static void ctl_ioctl_done(union ctl_io *io);
341static void ctl_ioctl_hard_startstop_callback(void *arg,
342					      struct cfi_metatask *metatask);
343static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
344static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
345			      struct ctl_ooa *ooa_hdr,
346			      struct ctl_ooa_entry *kern_entries);
347static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
348		     struct thread *td);
349uint32_t ctl_get_resindex(struct ctl_nexus *nexus);
350uint32_t ctl_port_idx(int port_num);
351static uint32_t ctl_map_lun(int port_num, uint32_t lun);
352#ifdef unused
353static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
354				   uint32_t targ_target, uint32_t targ_lun,
355				   int can_wait);
356static void ctl_kfree_io(union ctl_io *io);
357#endif /* unused */
358static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
359			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
360static int ctl_free_lun(struct ctl_lun *lun);
361static void ctl_create_lun(struct ctl_be_lun *be_lun);
362/**
363static void ctl_failover_change_pages(struct ctl_softc *softc,
364				      struct ctl_scsiio *ctsio, int master);
365**/
366
367static int ctl_do_mode_select(union ctl_io *io);
368static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
369			   uint64_t res_key, uint64_t sa_res_key,
370			   uint8_t type, uint32_t residx,
371			   struct ctl_scsiio *ctsio,
372			   struct scsi_per_res_out *cdb,
373			   struct scsi_per_res_out_parms* param);
374static void ctl_pro_preempt_other(struct ctl_lun *lun,
375				  union ctl_ha_msg *msg);
376static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
377static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
378static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
379static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
380static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
381					 int alloc_len);
382static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
383static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
384static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
385static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint32_t *len);
386static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
387static ctl_action ctl_check_for_blockage(union ctl_io *pending_io,
388					 union ctl_io *ooa_io);
389static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
390				union ctl_io *starting_io);
391static int ctl_check_blocked(struct ctl_lun *lun);
392static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
393				struct ctl_lun *lun,
394				const struct ctl_cmd_entry *entry,
395				struct ctl_scsiio *ctsio);
396//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
397static void ctl_failover(void);
398static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
399			       struct ctl_scsiio *ctsio);
400static int ctl_scsiio(struct ctl_scsiio *ctsio);
401
402static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
403static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
404			    ctl_ua_type ua_type);
405static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
406			 ctl_ua_type ua_type);
407static int ctl_abort_task(union ctl_io *io);
408static void ctl_run_task(union ctl_io *io);
409#ifdef CTL_IO_DELAY
410static void ctl_datamove_timer_wakeup(void *arg);
411static void ctl_done_timer_wakeup(void *arg);
412#endif /* CTL_IO_DELAY */
413
414static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
415static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
416static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
417static void ctl_datamove_remote_write(union ctl_io *io);
418static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
419static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
420static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
421static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
422				    ctl_ha_dt_cb callback);
423static void ctl_datamove_remote_read(union ctl_io *io);
424static void ctl_datamove_remote(union ctl_io *io);
425static int ctl_process_done(union ctl_io *io);
426static void ctl_lun_thread(void *arg);
427static void ctl_work_thread(void *arg);
428static void ctl_enqueue_incoming(union ctl_io *io);
429static void ctl_enqueue_rtr(union ctl_io *io);
430static void ctl_enqueue_done(union ctl_io *io);
431static void ctl_enqueue_isc(union ctl_io *io);
432static const struct ctl_cmd_entry *
433    ctl_get_cmd_entry(struct ctl_scsiio *ctsio);
434static const struct ctl_cmd_entry *
435    ctl_validate_command(struct ctl_scsiio *ctsio);
436static int ctl_cmd_applicable(uint8_t lun_type,
437    const struct ctl_cmd_entry *entry);
438
439/*
440 * Load the serialization table.  This isn't very pretty, but is probably
441 * the easiest way to do it.
442 */
443#include "ctl_ser_table.c"
444
445/*
446 * We only need to define open, close and ioctl routines for this driver.
447 */
448static struct cdevsw ctl_cdevsw = {
449	.d_version =	D_VERSION,
450	.d_flags =	0,
451	.d_open =	ctl_open,
452	.d_close =	ctl_close,
453	.d_ioctl =	ctl_ioctl,
454	.d_name =	"ctl",
455};
456
457
458MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
459MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
460
461static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
462
463static moduledata_t ctl_moduledata = {
464	"ctl",
465	ctl_module_event_handler,
466	NULL
467};
468
469DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
470MODULE_VERSION(ctl, 1);
471
472static struct ctl_frontend ioctl_frontend =
473{
474	.name = "ioctl",
475};
476
477static void
478ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
479			    union ctl_ha_msg *msg_info)
480{
481	struct ctl_scsiio *ctsio;
482
483	if (msg_info->hdr.original_sc == NULL) {
484		printf("%s: original_sc == NULL!\n", __func__);
485		/* XXX KDM now what? */
486		return;
487	}
488
489	ctsio = &msg_info->hdr.original_sc->scsiio;
490	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
491	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
492	ctsio->io_hdr.status = msg_info->hdr.status;
493	ctsio->scsi_status = msg_info->scsi.scsi_status;
494	ctsio->sense_len = msg_info->scsi.sense_len;
495	ctsio->sense_residual = msg_info->scsi.sense_residual;
496	ctsio->residual = msg_info->scsi.residual;
497	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
498	       sizeof(ctsio->sense_data));
499	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
500	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
501	ctl_enqueue_isc((union ctl_io *)ctsio);
502}
503
504static void
505ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
506				union ctl_ha_msg *msg_info)
507{
508	struct ctl_scsiio *ctsio;
509
510	if (msg_info->hdr.serializing_sc == NULL) {
511		printf("%s: serializing_sc == NULL!\n", __func__);
512		/* XXX KDM now what? */
513		return;
514	}
515
516	ctsio = &msg_info->hdr.serializing_sc->scsiio;
517#if 0
518	/*
519	 * Attempt to catch the situation where an I/O has
520	 * been freed, and we're using it again.
521	 */
522	if (ctsio->io_hdr.io_type == 0xff) {
523		union ctl_io *tmp_io;
524		tmp_io = (union ctl_io *)ctsio;
525		printf("%s: %p use after free!\n", __func__,
526		       ctsio);
527		printf("%s: type %d msg %d cdb %x iptl: "
528		       "%d:%d:%d:%d tag 0x%04x "
529		       "flag %#x status %x\n",
530			__func__,
531			tmp_io->io_hdr.io_type,
532			tmp_io->io_hdr.msg_type,
533			tmp_io->scsiio.cdb[0],
534			tmp_io->io_hdr.nexus.initid.id,
535			tmp_io->io_hdr.nexus.targ_port,
536			tmp_io->io_hdr.nexus.targ_target.id,
537			tmp_io->io_hdr.nexus.targ_lun,
538			(tmp_io->io_hdr.io_type ==
539			CTL_IO_TASK) ?
540			tmp_io->taskio.tag_num :
541			tmp_io->scsiio.tag_num,
542		        tmp_io->io_hdr.flags,
543			tmp_io->io_hdr.status);
544	}
545#endif
546	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
547	ctl_enqueue_isc((union ctl_io *)ctsio);
548}
549
550/*
551 * ISC (Inter Shelf Communication) event handler.  Events from the HA
552 * subsystem come in here.
553 */
554static void
555ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
556{
557	struct ctl_softc *ctl_softc;
558	union ctl_io *io;
559	struct ctl_prio *presio;
560	ctl_ha_status isc_status;
561
562	ctl_softc = control_softc;
563	io = NULL;
564
565
566#if 0
567	printf("CTL: Isc Msg event %d\n", event);
568#endif
569	if (event == CTL_HA_EVT_MSG_RECV) {
570		union ctl_ha_msg msg_info;
571
572		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
573					     sizeof(msg_info), /*wait*/ 0);
574#if 0
575		printf("CTL: msg_type %d\n", msg_info.msg_type);
576#endif
577		if (isc_status != 0) {
578			printf("Error receiving message, status = %d\n",
579			       isc_status);
580			return;
581		}
582
583		switch (msg_info.hdr.msg_type) {
584		case CTL_MSG_SERIALIZE:
585#if 0
586			printf("Serialize\n");
587#endif
588			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
589			if (io == NULL) {
590				printf("ctl_isc_event_handler: can't allocate "
591				       "ctl_io!\n");
592				/* Bad Juju */
593				/* Need to set busy and send msg back */
594				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
595				msg_info.hdr.status = CTL_SCSI_ERROR;
596				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
597				msg_info.scsi.sense_len = 0;
598			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
599				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
600				}
601				goto bailout;
602			}
603			ctl_zero_io(io);
604			// populate ctsio from msg_info
605			io->io_hdr.io_type = CTL_IO_SCSI;
606			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
607			io->io_hdr.original_sc = msg_info.hdr.original_sc;
608#if 0
609			printf("pOrig %x\n", (int)msg_info.original_sc);
610#endif
611			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
612					    CTL_FLAG_IO_ACTIVE;
613			/*
614			 * If we're in serialization-only mode, we don't
615			 * want to go through full done processing.  Thus
616			 * the COPY flag.
617			 *
618			 * XXX KDM add another flag that is more specific.
619			 */
620			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
621				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
622			io->io_hdr.nexus = msg_info.hdr.nexus;
623#if 0
624			printf("targ %d, port %d, iid %d, lun %d\n",
625			       io->io_hdr.nexus.targ_target.id,
626			       io->io_hdr.nexus.targ_port,
627			       io->io_hdr.nexus.initid.id,
628			       io->io_hdr.nexus.targ_lun);
629#endif
630			io->scsiio.tag_num = msg_info.scsi.tag_num;
631			io->scsiio.tag_type = msg_info.scsi.tag_type;
632			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
633			       CTL_MAX_CDBLEN);
634			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
635				const struct ctl_cmd_entry *entry;
636
637				entry = ctl_get_cmd_entry(&io->scsiio);
638				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
639				io->io_hdr.flags |=
640					entry->flags & CTL_FLAG_DATA_MASK;
641			}
642			ctl_enqueue_isc(io);
643			break;
644
645		/* Performed on the Originating SC, XFER mode only */
646		case CTL_MSG_DATAMOVE: {
647			struct ctl_sg_entry *sgl;
648			int i, j;
649
650			io = msg_info.hdr.original_sc;
651			if (io == NULL) {
652				printf("%s: original_sc == NULL!\n", __func__);
653				/* XXX KDM do something here */
654				break;
655			}
656			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
657			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
658			/*
659			 * Keep track of this, we need to send it back over
660			 * when the datamove is complete.
661			 */
662			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
663
664			if (msg_info.dt.sg_sequence == 0) {
665				/*
666				 * XXX KDM we use the preallocated S/G list
667				 * here, but we'll need to change this to
668				 * dynamic allocation if we need larger S/G
669				 * lists.
670				 */
671				if (msg_info.dt.kern_sg_entries >
672				    sizeof(io->io_hdr.remote_sglist) /
673				    sizeof(io->io_hdr.remote_sglist[0])) {
674					printf("%s: number of S/G entries "
675					    "needed %u > allocated num %zd\n",
676					    __func__,
677					    msg_info.dt.kern_sg_entries,
678					    sizeof(io->io_hdr.remote_sglist)/
679					    sizeof(io->io_hdr.remote_sglist[0]));
680
681					/*
682					 * XXX KDM send a message back to
683					 * the other side to shut down the
684					 * DMA.  The error will come back
685					 * through via the normal channel.
686					 */
687					break;
688				}
689				sgl = io->io_hdr.remote_sglist;
690				memset(sgl, 0,
691				       sizeof(io->io_hdr.remote_sglist));
692
693				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
694
695				io->scsiio.kern_sg_entries =
696					msg_info.dt.kern_sg_entries;
697				io->scsiio.rem_sg_entries =
698					msg_info.dt.kern_sg_entries;
699				io->scsiio.kern_data_len =
700					msg_info.dt.kern_data_len;
701				io->scsiio.kern_total_len =
702					msg_info.dt.kern_total_len;
703				io->scsiio.kern_data_resid =
704					msg_info.dt.kern_data_resid;
705				io->scsiio.kern_rel_offset =
706					msg_info.dt.kern_rel_offset;
707				/*
708				 * Clear out per-DMA flags.
709				 */
710				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
711				/*
712				 * Add per-DMA flags that are set for this
713				 * particular DMA request.
714				 */
715				io->io_hdr.flags |= msg_info.dt.flags &
716						    CTL_FLAG_RDMA_MASK;
717			} else
718				sgl = (struct ctl_sg_entry *)
719					io->scsiio.kern_data_ptr;
720
721			for (i = msg_info.dt.sent_sg_entries, j = 0;
722			     i < (msg_info.dt.sent_sg_entries +
723			     msg_info.dt.cur_sg_entries); i++, j++) {
724				sgl[i].addr = msg_info.dt.sg_list[j].addr;
725				sgl[i].len = msg_info.dt.sg_list[j].len;
726
727#if 0
728				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
729				       __func__,
730				       msg_info.dt.sg_list[j].addr,
731				       msg_info.dt.sg_list[j].len,
732				       sgl[i].addr, sgl[i].len, j, i);
733#endif
734			}
735#if 0
736			memcpy(&sgl[msg_info.dt.sent_sg_entries],
737			       msg_info.dt.sg_list,
738			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
739#endif
740
741			/*
742			 * If this is the last piece of the I/O, we've got
743			 * the full S/G list.  Queue processing in the thread.
744			 * Otherwise wait for the next piece.
745			 */
746			if (msg_info.dt.sg_last != 0)
747				ctl_enqueue_isc(io);
748			break;
749		}
750		/* Performed on the Serializing (primary) SC, XFER mode only */
751		case CTL_MSG_DATAMOVE_DONE: {
752			if (msg_info.hdr.serializing_sc == NULL) {
753				printf("%s: serializing_sc == NULL!\n",
754				       __func__);
755				/* XXX KDM now what? */
756				break;
757			}
758			/*
759			 * We grab the sense information here in case
760			 * there was a failure, so we can return status
761			 * back to the initiator.
762			 */
763			io = msg_info.hdr.serializing_sc;
764			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
765			io->io_hdr.status = msg_info.hdr.status;
766			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
767			io->scsiio.sense_len = msg_info.scsi.sense_len;
768			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
769			io->io_hdr.port_status = msg_info.scsi.fetd_status;
770			io->scsiio.residual = msg_info.scsi.residual;
771			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
772			       sizeof(io->scsiio.sense_data));
773			ctl_enqueue_isc(io);
774			break;
775		}
776
777		/* Preformed on Originating SC, SER_ONLY mode */
778		case CTL_MSG_R2R:
779			io = msg_info.hdr.original_sc;
780			if (io == NULL) {
781				printf("%s: Major Bummer\n", __func__);
782				return;
783			} else {
784#if 0
785				printf("pOrig %x\n",(int) ctsio);
786#endif
787			}
788			io->io_hdr.msg_type = CTL_MSG_R2R;
789			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
790			ctl_enqueue_isc(io);
791			break;
792
793		/*
794		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
795		 * mode.
796		 * Performed on the Originating (i.e. secondary) SC in XFER
797		 * mode
798		 */
799		case CTL_MSG_FINISH_IO:
800			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
801				ctl_isc_handler_finish_xfer(ctl_softc,
802							    &msg_info);
803			else
804				ctl_isc_handler_finish_ser_only(ctl_softc,
805								&msg_info);
806			break;
807
808		/* Preformed on Originating SC */
809		case CTL_MSG_BAD_JUJU:
810			io = msg_info.hdr.original_sc;
811			if (io == NULL) {
812				printf("%s: Bad JUJU!, original_sc is NULL!\n",
813				       __func__);
814				break;
815			}
816			ctl_copy_sense_data(&msg_info, io);
817			/*
818			 * IO should have already been cleaned up on other
819			 * SC so clear this flag so we won't send a message
820			 * back to finish the IO there.
821			 */
822			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
823			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
824
825			/* io = msg_info.hdr.serializing_sc; */
826			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
827			ctl_enqueue_isc(io);
828			break;
829
830		/* Handle resets sent from the other side */
831		case CTL_MSG_MANAGE_TASKS: {
832			struct ctl_taskio *taskio;
833			taskio = (struct ctl_taskio *)ctl_alloc_io(
834				(void *)ctl_softc->othersc_pool);
835			if (taskio == NULL) {
836				printf("ctl_isc_event_handler: can't allocate "
837				       "ctl_io!\n");
838				/* Bad Juju */
839				/* should I just call the proper reset func
840				   here??? */
841				goto bailout;
842			}
843			ctl_zero_io((union ctl_io *)taskio);
844			taskio->io_hdr.io_type = CTL_IO_TASK;
845			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
846			taskio->io_hdr.nexus = msg_info.hdr.nexus;
847			taskio->task_action = msg_info.task.task_action;
848			taskio->tag_num = msg_info.task.tag_num;
849			taskio->tag_type = msg_info.task.tag_type;
850#ifdef CTL_TIME_IO
851			taskio->io_hdr.start_time = time_uptime;
852			getbintime(&taskio->io_hdr.start_bt);
853#if 0
854			cs_prof_gettime(&taskio->io_hdr.start_ticks);
855#endif
856#endif /* CTL_TIME_IO */
857			ctl_run_task((union ctl_io *)taskio);
858			break;
859		}
860		/* Persistent Reserve action which needs attention */
861		case CTL_MSG_PERS_ACTION:
862			presio = (struct ctl_prio *)ctl_alloc_io(
863				(void *)ctl_softc->othersc_pool);
864			if (presio == NULL) {
865				printf("ctl_isc_event_handler: can't allocate "
866				       "ctl_io!\n");
867				/* Bad Juju */
868				/* Need to set busy and send msg back */
869				goto bailout;
870			}
871			ctl_zero_io((union ctl_io *)presio);
872			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
873			presio->pr_msg = msg_info.pr;
874			ctl_enqueue_isc((union ctl_io *)presio);
875			break;
876		case CTL_MSG_SYNC_FE:
877			rcv_sync_msg = 1;
878			break;
879		case CTL_MSG_APS_LOCK: {
880			// It's quicker to execute this then to
881			// queue it.
882			struct ctl_lun *lun;
883			struct ctl_page_index *page_index;
884			struct copan_aps_subpage *current_sp;
885			uint32_t targ_lun;
886
887			targ_lun = msg_info.hdr.nexus.targ_mapped_lun;
888			lun = ctl_softc->ctl_luns[targ_lun];
889			mtx_lock(&lun->lun_lock);
890			page_index = &lun->mode_pages.index[index_to_aps_page];
891			current_sp = (struct copan_aps_subpage *)
892				     (page_index->page_data +
893				     (page_index->page_len * CTL_PAGE_CURRENT));
894
895			current_sp->lock_active = msg_info.aps.lock_flag;
896			mtx_unlock(&lun->lun_lock);
897		        break;
898		}
899		default:
900		        printf("How did I get here?\n");
901		}
902	} else if (event == CTL_HA_EVT_MSG_SENT) {
903		if (param != CTL_HA_STATUS_SUCCESS) {
904			printf("Bad status from ctl_ha_msg_send status %d\n",
905			       param);
906		}
907		return;
908	} else if (event == CTL_HA_EVT_DISCONNECT) {
909		printf("CTL: Got a disconnect from Isc\n");
910		return;
911	} else {
912		printf("ctl_isc_event_handler: Unknown event %d\n", event);
913		return;
914	}
915
916bailout:
917	return;
918}
919
920static void
921ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
922{
923	struct scsi_sense_data *sense;
924
925	sense = &dest->scsiio.sense_data;
926	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
927	dest->scsiio.scsi_status = src->scsi.scsi_status;
928	dest->scsiio.sense_len = src->scsi.sense_len;
929	dest->io_hdr.status = src->hdr.status;
930}
931
932static int
933ctl_init(void)
934{
935	struct ctl_softc *softc;
936	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
937	struct ctl_port *port;
938        uint8_t sc_id =0;
939	int i, error, retval;
940	//int isc_retval;
941
942	retval = 0;
943	ctl_pause_rtr = 0;
944        rcv_sync_msg = 0;
945
946	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
947			       M_WAITOK | M_ZERO);
948	softc = control_softc;
949
950	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
951			      "cam/ctl");
952
953	softc->dev->si_drv1 = softc;
954
955	/*
956	 * By default, return a "bad LUN" peripheral qualifier for unknown
957	 * LUNs.  The user can override this default using the tunable or
958	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
959	 */
960	softc->inquiry_pq_no_lun = 1;
961	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
962			  &softc->inquiry_pq_no_lun);
963	sysctl_ctx_init(&softc->sysctl_ctx);
964	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
965		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
966		CTLFLAG_RD, 0, "CAM Target Layer");
967
968	if (softc->sysctl_tree == NULL) {
969		printf("%s: unable to allocate sysctl tree\n", __func__);
970		destroy_dev(softc->dev);
971		free(control_softc, M_DEVBUF);
972		control_softc = NULL;
973		return (ENOMEM);
974	}
975
976	SYSCTL_ADD_INT(&softc->sysctl_ctx,
977		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
978		       "inquiry_pq_no_lun", CTLFLAG_RW,
979		       &softc->inquiry_pq_no_lun, 0,
980		       "Report no lun possible for invalid LUNs");
981
982	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
983	mtx_init(&softc->pool_lock, "CTL pool mutex", NULL, MTX_DEF);
984	softc->open_count = 0;
985
986	/*
987	 * Default to actually sending a SYNCHRONIZE CACHE command down to
988	 * the drive.
989	 */
990	softc->flags = CTL_FLAG_REAL_SYNC;
991
992	/*
993	 * In Copan's HA scheme, the "master" and "slave" roles are
994	 * figured out through the slot the controller is in.  Although it
995	 * is an active/active system, someone has to be in charge.
996 	 */
997#ifdef NEEDTOPORT
998        scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
999#endif
1000
1001        if (sc_id == 0) {
1002		softc->flags |= CTL_FLAG_MASTER_SHELF;
1003		persis_offset = 0;
1004	} else
1005		persis_offset = CTL_MAX_INITIATORS;
1006
1007	/*
1008	 * XXX KDM need to figure out where we want to get our target ID
1009	 * and WWID.  Is it different on each port?
1010	 */
1011	softc->target.id = 0;
1012	softc->target.wwid[0] = 0x12345678;
1013	softc->target.wwid[1] = 0x87654321;
1014	STAILQ_INIT(&softc->lun_list);
1015	STAILQ_INIT(&softc->pending_lun_queue);
1016	STAILQ_INIT(&softc->fe_list);
1017	STAILQ_INIT(&softc->port_list);
1018	STAILQ_INIT(&softc->be_list);
1019	STAILQ_INIT(&softc->io_pools);
1020
1021	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1022			    &internal_pool)!= 0){
1023		printf("ctl: can't allocate %d entry internal pool, "
1024		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1025		return (ENOMEM);
1026	}
1027
1028	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1029			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1030		printf("ctl: can't allocate %d entry emergency pool, "
1031		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1032		ctl_pool_free(internal_pool);
1033		return (ENOMEM);
1034	}
1035
1036	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1037	                    &other_pool) != 0)
1038	{
1039		printf("ctl: can't allocate %d entry other SC pool, "
1040		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1041		ctl_pool_free(internal_pool);
1042		ctl_pool_free(emergency_pool);
1043		return (ENOMEM);
1044	}
1045
1046	softc->internal_pool = internal_pool;
1047	softc->emergency_pool = emergency_pool;
1048	softc->othersc_pool = other_pool;
1049
1050	if (worker_threads <= 0)
1051		worker_threads = max(1, mp_ncpus / 4);
1052	if (worker_threads > CTL_MAX_THREADS)
1053		worker_threads = CTL_MAX_THREADS;
1054
1055	for (i = 0; i < worker_threads; i++) {
1056		struct ctl_thread *thr = &softc->threads[i];
1057
1058		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1059		thr->ctl_softc = softc;
1060		STAILQ_INIT(&thr->incoming_queue);
1061		STAILQ_INIT(&thr->rtr_queue);
1062		STAILQ_INIT(&thr->done_queue);
1063		STAILQ_INIT(&thr->isc_queue);
1064
1065		error = kproc_kthread_add(ctl_work_thread, thr,
1066		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1067		if (error != 0) {
1068			printf("error creating CTL work thread!\n");
1069			ctl_pool_free(internal_pool);
1070			ctl_pool_free(emergency_pool);
1071			ctl_pool_free(other_pool);
1072			return (error);
1073		}
1074	}
1075	error = kproc_kthread_add(ctl_lun_thread, softc,
1076	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1077	if (error != 0) {
1078		printf("error creating CTL lun thread!\n");
1079		ctl_pool_free(internal_pool);
1080		ctl_pool_free(emergency_pool);
1081		ctl_pool_free(other_pool);
1082		return (error);
1083	}
1084	if (bootverbose)
1085		printf("ctl: CAM Target Layer loaded\n");
1086
1087	/*
1088	 * Initialize the initiator and portname mappings
1089	 */
1090	memset(softc->wwpn_iid, 0, sizeof(softc->wwpn_iid));
1091
1092	/*
1093	 * Initialize the ioctl front end.
1094	 */
1095	ctl_frontend_register(&ioctl_frontend);
1096	port = &softc->ioctl_info.port;
1097	port->frontend = &ioctl_frontend;
1098	sprintf(softc->ioctl_info.port_name, "ioctl");
1099	port->port_type = CTL_PORT_IOCTL;
1100	port->num_requested_ctl_io = 100;
1101	port->port_name = softc->ioctl_info.port_name;
1102	port->port_online = ctl_ioctl_online;
1103	port->port_offline = ctl_ioctl_offline;
1104	port->onoff_arg = &softc->ioctl_info;
1105	port->lun_enable = ctl_ioctl_lun_enable;
1106	port->lun_disable = ctl_ioctl_lun_disable;
1107	port->targ_lun_arg = &softc->ioctl_info;
1108	port->fe_datamove = ctl_ioctl_datamove;
1109	port->fe_done = ctl_ioctl_done;
1110	port->max_targets = 15;
1111	port->max_target_id = 15;
1112
1113	if (ctl_port_register(&softc->ioctl_info.port,
1114	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1115		printf("ctl: ioctl front end registration failed, will "
1116		       "continue anyway\n");
1117	}
1118
1119#ifdef CTL_IO_DELAY
1120	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1121		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1122		       sizeof(struct callout), CTL_TIMER_BYTES);
1123		return (EINVAL);
1124	}
1125#endif /* CTL_IO_DELAY */
1126
1127	return (0);
1128}
1129
1130void
1131ctl_shutdown(void)
1132{
1133	struct ctl_softc *softc;
1134	struct ctl_lun *lun, *next_lun;
1135	struct ctl_io_pool *pool;
1136
1137	softc = (struct ctl_softc *)control_softc;
1138
1139	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1140		printf("ctl: ioctl front end deregistration failed\n");
1141
1142	mtx_lock(&softc->ctl_lock);
1143
1144	/*
1145	 * Free up each LUN.
1146	 */
1147	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1148		next_lun = STAILQ_NEXT(lun, links);
1149		ctl_free_lun(lun);
1150	}
1151
1152	mtx_unlock(&softc->ctl_lock);
1153
1154	ctl_frontend_deregister(&ioctl_frontend);
1155
1156	/*
1157	 * This will rip the rug out from under any FETDs or anyone else
1158	 * that has a pool allocated.  Since we increment our module
1159	 * refcount any time someone outside the main CTL module allocates
1160	 * a pool, we shouldn't have any problems here.  The user won't be
1161	 * able to unload the CTL module until client modules have
1162	 * successfully unloaded.
1163	 */
1164	while ((pool = STAILQ_FIRST(&softc->io_pools)) != NULL)
1165		ctl_pool_free(pool);
1166
1167#if 0
1168	ctl_shutdown_thread(softc->work_thread);
1169	mtx_destroy(&softc->queue_lock);
1170#endif
1171
1172	mtx_destroy(&softc->pool_lock);
1173	mtx_destroy(&softc->ctl_lock);
1174
1175	destroy_dev(softc->dev);
1176
1177	sysctl_ctx_free(&softc->sysctl_ctx);
1178
1179	free(control_softc, M_DEVBUF);
1180	control_softc = NULL;
1181
1182	if (bootverbose)
1183		printf("ctl: CAM Target Layer unloaded\n");
1184}
1185
1186static int
1187ctl_module_event_handler(module_t mod, int what, void *arg)
1188{
1189
1190	switch (what) {
1191	case MOD_LOAD:
1192		return (ctl_init());
1193	case MOD_UNLOAD:
1194		return (EBUSY);
1195	default:
1196		return (EOPNOTSUPP);
1197	}
1198}
1199
1200/*
1201 * XXX KDM should we do some access checks here?  Bump a reference count to
1202 * prevent a CTL module from being unloaded while someone has it open?
1203 */
1204static int
1205ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1206{
1207	return (0);
1208}
1209
1210static int
1211ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1212{
1213	return (0);
1214}
1215
1216int
1217ctl_port_enable(ctl_port_type port_type)
1218{
1219	struct ctl_softc *softc;
1220	struct ctl_port *port;
1221
1222	if (ctl_is_single == 0) {
1223		union ctl_ha_msg msg_info;
1224		int isc_retval;
1225
1226#if 0
1227		printf("%s: HA mode, synchronizing frontend enable\n",
1228		        __func__);
1229#endif
1230		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1231	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1232		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1233			printf("Sync msg send error retval %d\n", isc_retval);
1234		}
1235		if (!rcv_sync_msg) {
1236			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1237			        sizeof(msg_info), 1);
1238		}
1239#if 0
1240        	printf("CTL:Frontend Enable\n");
1241	} else {
1242		printf("%s: single mode, skipping frontend synchronization\n",
1243		        __func__);
1244#endif
1245	}
1246
1247	softc = control_softc;
1248
1249	STAILQ_FOREACH(port, &softc->port_list, links) {
1250		if (port_type & port->port_type)
1251		{
1252#if 0
1253			printf("port %d\n", port->targ_port);
1254#endif
1255			ctl_port_online(port);
1256		}
1257	}
1258
1259	return (0);
1260}
1261
1262int
1263ctl_port_disable(ctl_port_type port_type)
1264{
1265	struct ctl_softc *softc;
1266	struct ctl_port *port;
1267
1268	softc = control_softc;
1269
1270	STAILQ_FOREACH(port, &softc->port_list, links) {
1271		if (port_type & port->port_type)
1272			ctl_port_offline(port);
1273	}
1274
1275	return (0);
1276}
1277
1278/*
1279 * Returns 0 for success, 1 for failure.
1280 * Currently the only failure mode is if there aren't enough entries
1281 * allocated.  So, in case of a failure, look at num_entries_dropped,
1282 * reallocate and try again.
1283 */
1284int
1285ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1286	      int *num_entries_filled, int *num_entries_dropped,
1287	      ctl_port_type port_type, int no_virtual)
1288{
1289	struct ctl_softc *softc;
1290	struct ctl_port *port;
1291	int entries_dropped, entries_filled;
1292	int retval;
1293	int i;
1294
1295	softc = control_softc;
1296
1297	retval = 0;
1298	entries_filled = 0;
1299	entries_dropped = 0;
1300
1301	i = 0;
1302	mtx_lock(&softc->ctl_lock);
1303	STAILQ_FOREACH(port, &softc->port_list, links) {
1304		struct ctl_port_entry *entry;
1305
1306		if ((port->port_type & port_type) == 0)
1307			continue;
1308
1309		if ((no_virtual != 0)
1310		 && (port->virtual_port != 0))
1311			continue;
1312
1313		if (entries_filled >= num_entries_alloced) {
1314			entries_dropped++;
1315			continue;
1316		}
1317		entry = &entries[i];
1318
1319		entry->port_type = port->port_type;
1320		strlcpy(entry->port_name, port->port_name,
1321			sizeof(entry->port_name));
1322		entry->physical_port = port->physical_port;
1323		entry->virtual_port = port->virtual_port;
1324		entry->wwnn = port->wwnn;
1325		entry->wwpn = port->wwpn;
1326
1327		i++;
1328		entries_filled++;
1329	}
1330
1331	mtx_unlock(&softc->ctl_lock);
1332
1333	if (entries_dropped > 0)
1334		retval = 1;
1335
1336	*num_entries_dropped = entries_dropped;
1337	*num_entries_filled = entries_filled;
1338
1339	return (retval);
1340}
1341
1342static void
1343ctl_ioctl_online(void *arg)
1344{
1345	struct ctl_ioctl_info *ioctl_info;
1346
1347	ioctl_info = (struct ctl_ioctl_info *)arg;
1348
1349	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1350}
1351
1352static void
1353ctl_ioctl_offline(void *arg)
1354{
1355	struct ctl_ioctl_info *ioctl_info;
1356
1357	ioctl_info = (struct ctl_ioctl_info *)arg;
1358
1359	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1360}
1361
1362/*
1363 * Remove an initiator by port number and initiator ID.
1364 * Returns 0 for success, 1 for failure.
1365 */
1366int
1367ctl_remove_initiator(int32_t targ_port, uint32_t iid)
1368{
1369	struct ctl_softc *softc;
1370
1371	softc = control_softc;
1372
1373	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1374
1375	if ((targ_port < 0)
1376	 || (targ_port > CTL_MAX_PORTS)) {
1377		printf("%s: invalid port number %d\n", __func__, targ_port);
1378		return (1);
1379	}
1380	if (iid > CTL_MAX_INIT_PER_PORT) {
1381		printf("%s: initiator ID %u > maximun %u!\n",
1382		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1383		return (1);
1384	}
1385
1386	mtx_lock(&softc->ctl_lock);
1387
1388	softc->wwpn_iid[targ_port][iid].in_use = 0;
1389
1390	mtx_unlock(&softc->ctl_lock);
1391
1392	return (0);
1393}
1394
1395/*
1396 * Add an initiator to the initiator map.
1397 * Returns 0 for success, 1 for failure.
1398 */
1399int
1400ctl_add_initiator(uint64_t wwpn, int32_t targ_port, uint32_t iid)
1401{
1402	struct ctl_softc *softc;
1403	int retval;
1404
1405	softc = control_softc;
1406
1407	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1408
1409	retval = 0;
1410
1411	if ((targ_port < 0)
1412	 || (targ_port > CTL_MAX_PORTS)) {
1413		printf("%s: invalid port number %d\n", __func__, targ_port);
1414		return (1);
1415	}
1416	if (iid > CTL_MAX_INIT_PER_PORT) {
1417		printf("%s: WWPN %#jx initiator ID %u > maximun %u!\n",
1418		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1419		return (1);
1420	}
1421
1422	mtx_lock(&softc->ctl_lock);
1423
1424	if (softc->wwpn_iid[targ_port][iid].in_use != 0) {
1425		/*
1426		 * We don't treat this as an error.
1427		 */
1428		if (softc->wwpn_iid[targ_port][iid].wwpn == wwpn) {
1429			printf("%s: port %d iid %u WWPN %#jx arrived again?\n",
1430			       __func__, targ_port, iid, (uintmax_t)wwpn);
1431			goto bailout;
1432		}
1433
1434		/*
1435		 * This is an error, but what do we do about it?  The
1436		 * driver is telling us we have a new WWPN for this
1437		 * initiator ID, so we pretty much need to use it.
1438		 */
1439		printf("%s: port %d iid %u WWPN %#jx arrived, WWPN %#jx is "
1440		       "still at that address\n", __func__, targ_port, iid,
1441		       (uintmax_t)wwpn,
1442		       (uintmax_t)softc->wwpn_iid[targ_port][iid].wwpn);
1443
1444		/*
1445		 * XXX KDM clear have_ca and ua_pending on each LUN for
1446		 * this initiator.
1447		 */
1448	}
1449	softc->wwpn_iid[targ_port][iid].in_use = 1;
1450	softc->wwpn_iid[targ_port][iid].iid = iid;
1451	softc->wwpn_iid[targ_port][iid].wwpn = wwpn;
1452	softc->wwpn_iid[targ_port][iid].port = targ_port;
1453
1454bailout:
1455
1456	mtx_unlock(&softc->ctl_lock);
1457
1458	return (retval);
1459}
1460
1461static int
1462ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1463{
1464	return (0);
1465}
1466
1467static int
1468ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1469{
1470	return (0);
1471}
1472
1473/*
1474 * Data movement routine for the CTL ioctl frontend port.
1475 */
1476static int
1477ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1478{
1479	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1480	struct ctl_sg_entry ext_entry, kern_entry;
1481	int ext_sglen, ext_sg_entries, kern_sg_entries;
1482	int ext_sg_start, ext_offset;
1483	int len_to_copy, len_copied;
1484	int kern_watermark, ext_watermark;
1485	int ext_sglist_malloced;
1486	int i, j;
1487
1488	ext_sglist_malloced = 0;
1489	ext_sg_start = 0;
1490	ext_offset = 0;
1491
1492	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1493
1494	/*
1495	 * If this flag is set, fake the data transfer.
1496	 */
1497	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1498		ctsio->ext_data_filled = ctsio->ext_data_len;
1499		goto bailout;
1500	}
1501
1502	/*
1503	 * To simplify things here, if we have a single buffer, stick it in
1504	 * a S/G entry and just make it a single entry S/G list.
1505	 */
1506	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1507		int len_seen;
1508
1509		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1510
1511		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1512							   M_WAITOK);
1513		ext_sglist_malloced = 1;
1514		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1515				   ext_sglen) != 0) {
1516			ctl_set_internal_failure(ctsio,
1517						 /*sks_valid*/ 0,
1518						 /*retry_count*/ 0);
1519			goto bailout;
1520		}
1521		ext_sg_entries = ctsio->ext_sg_entries;
1522		len_seen = 0;
1523		for (i = 0; i < ext_sg_entries; i++) {
1524			if ((len_seen + ext_sglist[i].len) >=
1525			     ctsio->ext_data_filled) {
1526				ext_sg_start = i;
1527				ext_offset = ctsio->ext_data_filled - len_seen;
1528				break;
1529			}
1530			len_seen += ext_sglist[i].len;
1531		}
1532	} else {
1533		ext_sglist = &ext_entry;
1534		ext_sglist->addr = ctsio->ext_data_ptr;
1535		ext_sglist->len = ctsio->ext_data_len;
1536		ext_sg_entries = 1;
1537		ext_sg_start = 0;
1538		ext_offset = ctsio->ext_data_filled;
1539	}
1540
1541	if (ctsio->kern_sg_entries > 0) {
1542		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1543		kern_sg_entries = ctsio->kern_sg_entries;
1544	} else {
1545		kern_sglist = &kern_entry;
1546		kern_sglist->addr = ctsio->kern_data_ptr;
1547		kern_sglist->len = ctsio->kern_data_len;
1548		kern_sg_entries = 1;
1549	}
1550
1551
1552	kern_watermark = 0;
1553	ext_watermark = ext_offset;
1554	len_copied = 0;
1555	for (i = ext_sg_start, j = 0;
1556	     i < ext_sg_entries && j < kern_sg_entries;) {
1557		uint8_t *ext_ptr, *kern_ptr;
1558
1559		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1560				      kern_sglist[j].len - kern_watermark);
1561
1562		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1563		ext_ptr = ext_ptr + ext_watermark;
1564		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1565			/*
1566			 * XXX KDM fix this!
1567			 */
1568			panic("need to implement bus address support");
1569#if 0
1570			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1571#endif
1572		} else
1573			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1574		kern_ptr = kern_ptr + kern_watermark;
1575
1576		kern_watermark += len_to_copy;
1577		ext_watermark += len_to_copy;
1578
1579		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1580		     CTL_FLAG_DATA_IN) {
1581			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1582					 "bytes to user\n", len_to_copy));
1583			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1584					 "to %p\n", kern_ptr, ext_ptr));
1585			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1586				ctl_set_internal_failure(ctsio,
1587							 /*sks_valid*/ 0,
1588							 /*retry_count*/ 0);
1589				goto bailout;
1590			}
1591		} else {
1592			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1593					 "bytes from user\n", len_to_copy));
1594			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1595					 "to %p\n", ext_ptr, kern_ptr));
1596			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1597				ctl_set_internal_failure(ctsio,
1598							 /*sks_valid*/ 0,
1599							 /*retry_count*/0);
1600				goto bailout;
1601			}
1602		}
1603
1604		len_copied += len_to_copy;
1605
1606		if (ext_sglist[i].len == ext_watermark) {
1607			i++;
1608			ext_watermark = 0;
1609		}
1610
1611		if (kern_sglist[j].len == kern_watermark) {
1612			j++;
1613			kern_watermark = 0;
1614		}
1615	}
1616
1617	ctsio->ext_data_filled += len_copied;
1618
1619	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1620			 "kern_sg_entries: %d\n", ext_sg_entries,
1621			 kern_sg_entries));
1622	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1623			 "kern_data_len = %d\n", ctsio->ext_data_len,
1624			 ctsio->kern_data_len));
1625
1626
1627	/* XXX KDM set residual?? */
1628bailout:
1629
1630	if (ext_sglist_malloced != 0)
1631		free(ext_sglist, M_CTL);
1632
1633	return (CTL_RETVAL_COMPLETE);
1634}
1635
1636/*
1637 * Serialize a command that went down the "wrong" side, and so was sent to
1638 * this controller for execution.  The logic is a little different than the
1639 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1640 * sent back to the other side, but in the success case, we execute the
1641 * command on this side (XFER mode) or tell the other side to execute it
1642 * (SER_ONLY mode).
1643 */
1644static int
1645ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1646{
1647	struct ctl_softc *ctl_softc;
1648	union ctl_ha_msg msg_info;
1649	struct ctl_lun *lun;
1650	int retval = 0;
1651	uint32_t targ_lun;
1652
1653	ctl_softc = control_softc;
1654
1655	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1656	lun = ctl_softc->ctl_luns[targ_lun];
1657	if (lun==NULL)
1658	{
1659		/*
1660		 * Why isn't LUN defined? The other side wouldn't
1661		 * send a cmd if the LUN is undefined.
1662		 */
1663		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1664
1665		/* "Logical unit not supported" */
1666		ctl_set_sense_data(&msg_info.scsi.sense_data,
1667				   lun,
1668				   /*sense_format*/SSD_TYPE_NONE,
1669				   /*current_error*/ 1,
1670				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1671				   /*asc*/ 0x25,
1672				   /*ascq*/ 0x00,
1673				   SSD_ELEM_NONE);
1674
1675		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1676		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1677		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1678		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1679		msg_info.hdr.serializing_sc = NULL;
1680		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1681	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1682				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1683		}
1684		return(1);
1685
1686	}
1687
1688	mtx_lock(&lun->lun_lock);
1689    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1690
1691	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1692		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1693		 ooa_links))) {
1694	case CTL_ACTION_BLOCK:
1695		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1696		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1697				  blocked_links);
1698		break;
1699	case CTL_ACTION_PASS:
1700	case CTL_ACTION_SKIP:
1701		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1702			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1703			ctl_enqueue_rtr((union ctl_io *)ctsio);
1704		} else {
1705
1706			/* send msg back to other side */
1707			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1708			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1709			msg_info.hdr.msg_type = CTL_MSG_R2R;
1710#if 0
1711			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1712#endif
1713		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1714			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1715			}
1716		}
1717		break;
1718	case CTL_ACTION_OVERLAP:
1719		/* OVERLAPPED COMMANDS ATTEMPTED */
1720		ctl_set_sense_data(&msg_info.scsi.sense_data,
1721				   lun,
1722				   /*sense_format*/SSD_TYPE_NONE,
1723				   /*current_error*/ 1,
1724				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1725				   /*asc*/ 0x4E,
1726				   /*ascq*/ 0x00,
1727				   SSD_ELEM_NONE);
1728
1729		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1730		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1731		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1732		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1733		msg_info.hdr.serializing_sc = NULL;
1734		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1735#if 0
1736		printf("BAD JUJU:Major Bummer Overlap\n");
1737#endif
1738		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1739		retval = 1;
1740		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1741		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1742		}
1743		break;
1744	case CTL_ACTION_OVERLAP_TAG:
1745		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1746		ctl_set_sense_data(&msg_info.scsi.sense_data,
1747				   lun,
1748				   /*sense_format*/SSD_TYPE_NONE,
1749				   /*current_error*/ 1,
1750				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1751				   /*asc*/ 0x4D,
1752				   /*ascq*/ ctsio->tag_num & 0xff,
1753				   SSD_ELEM_NONE);
1754
1755		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1756		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1757		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1758		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1759		msg_info.hdr.serializing_sc = NULL;
1760		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1761#if 0
1762		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1763#endif
1764		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1765		retval = 1;
1766		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1767		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1768		}
1769		break;
1770	case CTL_ACTION_ERROR:
1771	default:
1772		/* "Internal target failure" */
1773		ctl_set_sense_data(&msg_info.scsi.sense_data,
1774				   lun,
1775				   /*sense_format*/SSD_TYPE_NONE,
1776				   /*current_error*/ 1,
1777				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1778				   /*asc*/ 0x44,
1779				   /*ascq*/ 0x00,
1780				   SSD_ELEM_NONE);
1781
1782		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1783		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1784		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1785		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1786		msg_info.hdr.serializing_sc = NULL;
1787		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1788#if 0
1789		printf("BAD JUJU:Major Bummer HW Error\n");
1790#endif
1791		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1792		retval = 1;
1793		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1794		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1795		}
1796		break;
1797	}
1798	mtx_unlock(&lun->lun_lock);
1799	return (retval);
1800}
1801
1802static int
1803ctl_ioctl_submit_wait(union ctl_io *io)
1804{
1805	struct ctl_fe_ioctl_params params;
1806	ctl_fe_ioctl_state last_state;
1807	int done, retval;
1808
1809	retval = 0;
1810
1811	bzero(&params, sizeof(params));
1812
1813	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1814	cv_init(&params.sem, "ctlioccv");
1815	params.state = CTL_IOCTL_INPROG;
1816	last_state = params.state;
1817
1818	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1819
1820	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1821
1822	/* This shouldn't happen */
1823	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1824		return (retval);
1825
1826	done = 0;
1827
1828	do {
1829		mtx_lock(&params.ioctl_mtx);
1830		/*
1831		 * Check the state here, and don't sleep if the state has
1832		 * already changed (i.e. wakeup has already occured, but we
1833		 * weren't waiting yet).
1834		 */
1835		if (params.state == last_state) {
1836			/* XXX KDM cv_wait_sig instead? */
1837			cv_wait(&params.sem, &params.ioctl_mtx);
1838		}
1839		last_state = params.state;
1840
1841		switch (params.state) {
1842		case CTL_IOCTL_INPROG:
1843			/* Why did we wake up? */
1844			/* XXX KDM error here? */
1845			mtx_unlock(&params.ioctl_mtx);
1846			break;
1847		case CTL_IOCTL_DATAMOVE:
1848			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
1849
1850			/*
1851			 * change last_state back to INPROG to avoid
1852			 * deadlock on subsequent data moves.
1853			 */
1854			params.state = last_state = CTL_IOCTL_INPROG;
1855
1856			mtx_unlock(&params.ioctl_mtx);
1857			ctl_ioctl_do_datamove(&io->scsiio);
1858			/*
1859			 * Note that in some cases, most notably writes,
1860			 * this will queue the I/O and call us back later.
1861			 * In other cases, generally reads, this routine
1862			 * will immediately call back and wake us up,
1863			 * probably using our own context.
1864			 */
1865			io->scsiio.be_move_done(io);
1866			break;
1867		case CTL_IOCTL_DONE:
1868			mtx_unlock(&params.ioctl_mtx);
1869			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
1870			done = 1;
1871			break;
1872		default:
1873			mtx_unlock(&params.ioctl_mtx);
1874			/* XXX KDM error here? */
1875			break;
1876		}
1877	} while (done == 0);
1878
1879	mtx_destroy(&params.ioctl_mtx);
1880	cv_destroy(&params.sem);
1881
1882	return (CTL_RETVAL_COMPLETE);
1883}
1884
1885static void
1886ctl_ioctl_datamove(union ctl_io *io)
1887{
1888	struct ctl_fe_ioctl_params *params;
1889
1890	params = (struct ctl_fe_ioctl_params *)
1891		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1892
1893	mtx_lock(&params->ioctl_mtx);
1894	params->state = CTL_IOCTL_DATAMOVE;
1895	cv_broadcast(&params->sem);
1896	mtx_unlock(&params->ioctl_mtx);
1897}
1898
1899static void
1900ctl_ioctl_done(union ctl_io *io)
1901{
1902	struct ctl_fe_ioctl_params *params;
1903
1904	params = (struct ctl_fe_ioctl_params *)
1905		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1906
1907	mtx_lock(&params->ioctl_mtx);
1908	params->state = CTL_IOCTL_DONE;
1909	cv_broadcast(&params->sem);
1910	mtx_unlock(&params->ioctl_mtx);
1911}
1912
1913static void
1914ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
1915{
1916	struct ctl_fe_ioctl_startstop_info *sd_info;
1917
1918	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
1919
1920	sd_info->hs_info.status = metatask->status;
1921	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
1922	sd_info->hs_info.luns_complete =
1923		metatask->taskinfo.startstop.luns_complete;
1924	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
1925
1926	cv_broadcast(&sd_info->sem);
1927}
1928
1929static void
1930ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
1931{
1932	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
1933
1934	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
1935
1936	mtx_lock(fe_bbr_info->lock);
1937	fe_bbr_info->bbr_info->status = metatask->status;
1938	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
1939	fe_bbr_info->wakeup_done = 1;
1940	mtx_unlock(fe_bbr_info->lock);
1941
1942	cv_broadcast(&fe_bbr_info->sem);
1943}
1944
1945/*
1946 * Returns 0 for success, errno for failure.
1947 */
1948static int
1949ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1950		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1951{
1952	union ctl_io *io;
1953	int retval;
1954
1955	retval = 0;
1956
1957	mtx_lock(&lun->lun_lock);
1958	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1959	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1960	     ooa_links)) {
1961		struct ctl_ooa_entry *entry;
1962
1963		/*
1964		 * If we've got more than we can fit, just count the
1965		 * remaining entries.
1966		 */
1967		if (*cur_fill_num >= ooa_hdr->alloc_num)
1968			continue;
1969
1970		entry = &kern_entries[*cur_fill_num];
1971
1972		entry->tag_num = io->scsiio.tag_num;
1973		entry->lun_num = lun->lun;
1974#ifdef CTL_TIME_IO
1975		entry->start_bt = io->io_hdr.start_bt;
1976#endif
1977		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
1978		entry->cdb_len = io->scsiio.cdb_len;
1979		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1980			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1981
1982		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1983			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
1984
1985		if (io->io_hdr.flags & CTL_FLAG_ABORT)
1986			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
1987
1988		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
1989			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
1990
1991		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
1992			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
1993	}
1994	mtx_unlock(&lun->lun_lock);
1995
1996	return (retval);
1997}
1998
1999static void *
2000ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2001		 size_t error_str_len)
2002{
2003	void *kptr;
2004
2005	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2006
2007	if (copyin(user_addr, kptr, len) != 0) {
2008		snprintf(error_str, error_str_len, "Error copying %d bytes "
2009			 "from user address %p to kernel address %p", len,
2010			 user_addr, kptr);
2011		free(kptr, M_CTL);
2012		return (NULL);
2013	}
2014
2015	return (kptr);
2016}
2017
2018static void
2019ctl_free_args(int num_args, struct ctl_be_arg *args)
2020{
2021	int i;
2022
2023	if (args == NULL)
2024		return;
2025
2026	for (i = 0; i < num_args; i++) {
2027		free(args[i].kname, M_CTL);
2028		free(args[i].kvalue, M_CTL);
2029	}
2030
2031	free(args, M_CTL);
2032}
2033
2034static struct ctl_be_arg *
2035ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2036		char *error_str, size_t error_str_len)
2037{
2038	struct ctl_be_arg *args;
2039	int i;
2040
2041	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2042				error_str, error_str_len);
2043
2044	if (args == NULL)
2045		goto bailout;
2046
2047	for (i = 0; i < num_args; i++) {
2048		args[i].kname = NULL;
2049		args[i].kvalue = NULL;
2050	}
2051
2052	for (i = 0; i < num_args; i++) {
2053		uint8_t *tmpptr;
2054
2055		args[i].kname = ctl_copyin_alloc(args[i].name,
2056			args[i].namelen, error_str, error_str_len);
2057		if (args[i].kname == NULL)
2058			goto bailout;
2059
2060		if (args[i].kname[args[i].namelen - 1] != '\0') {
2061			snprintf(error_str, error_str_len, "Argument %d "
2062				 "name is not NUL-terminated", i);
2063			goto bailout;
2064		}
2065
2066		if (args[i].flags & CTL_BEARG_RD) {
2067			tmpptr = ctl_copyin_alloc(args[i].value,
2068				args[i].vallen, error_str, error_str_len);
2069			if (tmpptr == NULL)
2070				goto bailout;
2071			if ((args[i].flags & CTL_BEARG_ASCII)
2072			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2073				snprintf(error_str, error_str_len, "Argument "
2074				    "%d value is not NUL-terminated", i);
2075				goto bailout;
2076			}
2077			args[i].kvalue = tmpptr;
2078		} else {
2079			args[i].kvalue = malloc(args[i].vallen,
2080			    M_CTL, M_WAITOK | M_ZERO);
2081		}
2082	}
2083
2084	return (args);
2085bailout:
2086
2087	ctl_free_args(num_args, args);
2088
2089	return (NULL);
2090}
2091
2092static void
2093ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2094{
2095	int i;
2096
2097	for (i = 0; i < num_args; i++) {
2098		if (args[i].flags & CTL_BEARG_WR)
2099			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2100	}
2101}
2102
2103/*
2104 * Escape characters that are illegal or not recommended in XML.
2105 */
2106int
2107ctl_sbuf_printf_esc(struct sbuf *sb, char *str)
2108{
2109	int retval;
2110
2111	retval = 0;
2112
2113	for (; *str; str++) {
2114		switch (*str) {
2115		case '&':
2116			retval = sbuf_printf(sb, "&amp;");
2117			break;
2118		case '>':
2119			retval = sbuf_printf(sb, "&gt;");
2120			break;
2121		case '<':
2122			retval = sbuf_printf(sb, "&lt;");
2123			break;
2124		default:
2125			retval = sbuf_putc(sb, *str);
2126			break;
2127		}
2128
2129		if (retval != 0)
2130			break;
2131
2132	}
2133
2134	return (retval);
2135}
2136
2137static int
2138ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2139	  struct thread *td)
2140{
2141	struct ctl_softc *softc;
2142	int retval;
2143
2144	softc = control_softc;
2145
2146	retval = 0;
2147
2148	switch (cmd) {
2149	case CTL_IO: {
2150		union ctl_io *io;
2151		void *pool_tmp;
2152
2153		/*
2154		 * If we haven't been "enabled", don't allow any SCSI I/O
2155		 * to this FETD.
2156		 */
2157		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2158			retval = EPERM;
2159			break;
2160		}
2161
2162		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2163		if (io == NULL) {
2164			printf("ctl_ioctl: can't allocate ctl_io!\n");
2165			retval = ENOSPC;
2166			break;
2167		}
2168
2169		/*
2170		 * Need to save the pool reference so it doesn't get
2171		 * spammed by the user's ctl_io.
2172		 */
2173		pool_tmp = io->io_hdr.pool;
2174
2175		memcpy(io, (void *)addr, sizeof(*io));
2176
2177		io->io_hdr.pool = pool_tmp;
2178		/*
2179		 * No status yet, so make sure the status is set properly.
2180		 */
2181		io->io_hdr.status = CTL_STATUS_NONE;
2182
2183		/*
2184		 * The user sets the initiator ID, target and LUN IDs.
2185		 */
2186		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2187		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2188		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2189		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2190			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2191
2192		retval = ctl_ioctl_submit_wait(io);
2193
2194		if (retval != 0) {
2195			ctl_free_io(io);
2196			break;
2197		}
2198
2199		memcpy((void *)addr, io, sizeof(*io));
2200
2201		/* return this to our pool */
2202		ctl_free_io(io);
2203
2204		break;
2205	}
2206	case CTL_ENABLE_PORT:
2207	case CTL_DISABLE_PORT:
2208	case CTL_SET_PORT_WWNS: {
2209		struct ctl_port *port;
2210		struct ctl_port_entry *entry;
2211
2212		entry = (struct ctl_port_entry *)addr;
2213
2214		mtx_lock(&softc->ctl_lock);
2215		STAILQ_FOREACH(port, &softc->port_list, links) {
2216			int action, done;
2217
2218			action = 0;
2219			done = 0;
2220
2221			if ((entry->port_type == CTL_PORT_NONE)
2222			 && (entry->targ_port == port->targ_port)) {
2223				/*
2224				 * If the user only wants to enable or
2225				 * disable or set WWNs on a specific port,
2226				 * do the operation and we're done.
2227				 */
2228				action = 1;
2229				done = 1;
2230			} else if (entry->port_type & port->port_type) {
2231				/*
2232				 * Compare the user's type mask with the
2233				 * particular frontend type to see if we
2234				 * have a match.
2235				 */
2236				action = 1;
2237				done = 0;
2238
2239				/*
2240				 * Make sure the user isn't trying to set
2241				 * WWNs on multiple ports at the same time.
2242				 */
2243				if (cmd == CTL_SET_PORT_WWNS) {
2244					printf("%s: Can't set WWNs on "
2245					       "multiple ports\n", __func__);
2246					retval = EINVAL;
2247					break;
2248				}
2249			}
2250			if (action != 0) {
2251				/*
2252				 * XXX KDM we have to drop the lock here,
2253				 * because the online/offline operations
2254				 * can potentially block.  We need to
2255				 * reference count the frontends so they
2256				 * can't go away,
2257				 */
2258				mtx_unlock(&softc->ctl_lock);
2259
2260				if (cmd == CTL_ENABLE_PORT) {
2261					struct ctl_lun *lun;
2262
2263					STAILQ_FOREACH(lun, &softc->lun_list,
2264						       links) {
2265						port->lun_enable(port->targ_lun_arg,
2266						    lun->target,
2267						    lun->lun);
2268					}
2269
2270					ctl_port_online(port);
2271				} else if (cmd == CTL_DISABLE_PORT) {
2272					struct ctl_lun *lun;
2273
2274					ctl_port_offline(port);
2275
2276					STAILQ_FOREACH(lun, &softc->lun_list,
2277						       links) {
2278						port->lun_disable(
2279						    port->targ_lun_arg,
2280						    lun->target,
2281						    lun->lun);
2282					}
2283				}
2284
2285				mtx_lock(&softc->ctl_lock);
2286
2287				if (cmd == CTL_SET_PORT_WWNS)
2288					ctl_port_set_wwns(port,
2289					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2290					    1 : 0, entry->wwnn,
2291					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2292					    1 : 0, entry->wwpn);
2293			}
2294			if (done != 0)
2295				break;
2296		}
2297		mtx_unlock(&softc->ctl_lock);
2298		break;
2299	}
2300	case CTL_GET_PORT_LIST: {
2301		struct ctl_port *port;
2302		struct ctl_port_list *list;
2303		int i;
2304
2305		list = (struct ctl_port_list *)addr;
2306
2307		if (list->alloc_len != (list->alloc_num *
2308		    sizeof(struct ctl_port_entry))) {
2309			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2310			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2311			       "%zu\n", __func__, list->alloc_len,
2312			       list->alloc_num, sizeof(struct ctl_port_entry));
2313			retval = EINVAL;
2314			break;
2315		}
2316		list->fill_len = 0;
2317		list->fill_num = 0;
2318		list->dropped_num = 0;
2319		i = 0;
2320		mtx_lock(&softc->ctl_lock);
2321		STAILQ_FOREACH(port, &softc->port_list, links) {
2322			struct ctl_port_entry entry, *list_entry;
2323
2324			if (list->fill_num >= list->alloc_num) {
2325				list->dropped_num++;
2326				continue;
2327			}
2328
2329			entry.port_type = port->port_type;
2330			strlcpy(entry.port_name, port->port_name,
2331				sizeof(entry.port_name));
2332			entry.targ_port = port->targ_port;
2333			entry.physical_port = port->physical_port;
2334			entry.virtual_port = port->virtual_port;
2335			entry.wwnn = port->wwnn;
2336			entry.wwpn = port->wwpn;
2337			if (port->status & CTL_PORT_STATUS_ONLINE)
2338				entry.online = 1;
2339			else
2340				entry.online = 0;
2341
2342			list_entry = &list->entries[i];
2343
2344			retval = copyout(&entry, list_entry, sizeof(entry));
2345			if (retval != 0) {
2346				printf("%s: CTL_GET_PORT_LIST: copyout "
2347				       "returned %d\n", __func__, retval);
2348				break;
2349			}
2350			i++;
2351			list->fill_num++;
2352			list->fill_len += sizeof(entry);
2353		}
2354		mtx_unlock(&softc->ctl_lock);
2355
2356		/*
2357		 * If this is non-zero, we had a copyout fault, so there's
2358		 * probably no point in attempting to set the status inside
2359		 * the structure.
2360		 */
2361		if (retval != 0)
2362			break;
2363
2364		if (list->dropped_num > 0)
2365			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2366		else
2367			list->status = CTL_PORT_LIST_OK;
2368		break;
2369	}
2370	case CTL_DUMP_OOA: {
2371		struct ctl_lun *lun;
2372		union ctl_io *io;
2373		char printbuf[128];
2374		struct sbuf sb;
2375
2376		mtx_lock(&softc->ctl_lock);
2377		printf("Dumping OOA queues:\n");
2378		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2379			mtx_lock(&lun->lun_lock);
2380			for (io = (union ctl_io *)TAILQ_FIRST(
2381			     &lun->ooa_queue); io != NULL;
2382			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2383			     ooa_links)) {
2384				sbuf_new(&sb, printbuf, sizeof(printbuf),
2385					 SBUF_FIXEDLEN);
2386				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2387					    (intmax_t)lun->lun,
2388					    io->scsiio.tag_num,
2389					    (io->io_hdr.flags &
2390					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2391					    (io->io_hdr.flags &
2392					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2393					    (io->io_hdr.flags &
2394					    CTL_FLAG_ABORT) ? " ABORT" : "",
2395			                    (io->io_hdr.flags &
2396		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2397				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2398				sbuf_finish(&sb);
2399				printf("%s\n", sbuf_data(&sb));
2400			}
2401			mtx_unlock(&lun->lun_lock);
2402		}
2403		printf("OOA queues dump done\n");
2404		mtx_unlock(&softc->ctl_lock);
2405		break;
2406	}
2407	case CTL_GET_OOA: {
2408		struct ctl_lun *lun;
2409		struct ctl_ooa *ooa_hdr;
2410		struct ctl_ooa_entry *entries;
2411		uint32_t cur_fill_num;
2412
2413		ooa_hdr = (struct ctl_ooa *)addr;
2414
2415		if ((ooa_hdr->alloc_len == 0)
2416		 || (ooa_hdr->alloc_num == 0)) {
2417			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2418			       "must be non-zero\n", __func__,
2419			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2420			retval = EINVAL;
2421			break;
2422		}
2423
2424		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2425		    sizeof(struct ctl_ooa_entry))) {
2426			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2427			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2428			       __func__, ooa_hdr->alloc_len,
2429			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2430			retval = EINVAL;
2431			break;
2432		}
2433
2434		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2435		if (entries == NULL) {
2436			printf("%s: could not allocate %d bytes for OOA "
2437			       "dump\n", __func__, ooa_hdr->alloc_len);
2438			retval = ENOMEM;
2439			break;
2440		}
2441
2442		mtx_lock(&softc->ctl_lock);
2443		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2444		 && ((ooa_hdr->lun_num > CTL_MAX_LUNS)
2445		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2446			mtx_unlock(&softc->ctl_lock);
2447			free(entries, M_CTL);
2448			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2449			       __func__, (uintmax_t)ooa_hdr->lun_num);
2450			retval = EINVAL;
2451			break;
2452		}
2453
2454		cur_fill_num = 0;
2455
2456		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2457			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2458				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2459					ooa_hdr, entries);
2460				if (retval != 0)
2461					break;
2462			}
2463			if (retval != 0) {
2464				mtx_unlock(&softc->ctl_lock);
2465				free(entries, M_CTL);
2466				break;
2467			}
2468		} else {
2469			lun = softc->ctl_luns[ooa_hdr->lun_num];
2470
2471			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2472						    entries);
2473		}
2474		mtx_unlock(&softc->ctl_lock);
2475
2476		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2477		ooa_hdr->fill_len = ooa_hdr->fill_num *
2478			sizeof(struct ctl_ooa_entry);
2479		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2480		if (retval != 0) {
2481			printf("%s: error copying out %d bytes for OOA dump\n",
2482			       __func__, ooa_hdr->fill_len);
2483		}
2484
2485		getbintime(&ooa_hdr->cur_bt);
2486
2487		if (cur_fill_num > ooa_hdr->alloc_num) {
2488			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2489			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2490		} else {
2491			ooa_hdr->dropped_num = 0;
2492			ooa_hdr->status = CTL_OOA_OK;
2493		}
2494
2495		free(entries, M_CTL);
2496		break;
2497	}
2498	case CTL_CHECK_OOA: {
2499		union ctl_io *io;
2500		struct ctl_lun *lun;
2501		struct ctl_ooa_info *ooa_info;
2502
2503
2504		ooa_info = (struct ctl_ooa_info *)addr;
2505
2506		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2507			ooa_info->status = CTL_OOA_INVALID_LUN;
2508			break;
2509		}
2510		mtx_lock(&softc->ctl_lock);
2511		lun = softc->ctl_luns[ooa_info->lun_id];
2512		if (lun == NULL) {
2513			mtx_unlock(&softc->ctl_lock);
2514			ooa_info->status = CTL_OOA_INVALID_LUN;
2515			break;
2516		}
2517		mtx_lock(&lun->lun_lock);
2518		mtx_unlock(&softc->ctl_lock);
2519		ooa_info->num_entries = 0;
2520		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2521		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2522		     &io->io_hdr, ooa_links)) {
2523			ooa_info->num_entries++;
2524		}
2525		mtx_unlock(&lun->lun_lock);
2526
2527		ooa_info->status = CTL_OOA_SUCCESS;
2528
2529		break;
2530	}
2531	case CTL_HARD_START:
2532	case CTL_HARD_STOP: {
2533		struct ctl_fe_ioctl_startstop_info ss_info;
2534		struct cfi_metatask *metatask;
2535		struct mtx hs_mtx;
2536
2537		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2538
2539		cv_init(&ss_info.sem, "hard start/stop cv" );
2540
2541		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2542		if (metatask == NULL) {
2543			retval = ENOMEM;
2544			mtx_destroy(&hs_mtx);
2545			break;
2546		}
2547
2548		if (cmd == CTL_HARD_START)
2549			metatask->tasktype = CFI_TASK_STARTUP;
2550		else
2551			metatask->tasktype = CFI_TASK_SHUTDOWN;
2552
2553		metatask->callback = ctl_ioctl_hard_startstop_callback;
2554		metatask->callback_arg = &ss_info;
2555
2556		cfi_action(metatask);
2557
2558		/* Wait for the callback */
2559		mtx_lock(&hs_mtx);
2560		cv_wait_sig(&ss_info.sem, &hs_mtx);
2561		mtx_unlock(&hs_mtx);
2562
2563		/*
2564		 * All information has been copied from the metatask by the
2565		 * time cv_broadcast() is called, so we free the metatask here.
2566		 */
2567		cfi_free_metatask(metatask);
2568
2569		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2570
2571		mtx_destroy(&hs_mtx);
2572		break;
2573	}
2574	case CTL_BBRREAD: {
2575		struct ctl_bbrread_info *bbr_info;
2576		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2577		struct mtx bbr_mtx;
2578		struct cfi_metatask *metatask;
2579
2580		bbr_info = (struct ctl_bbrread_info *)addr;
2581
2582		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2583
2584		bzero(&bbr_mtx, sizeof(bbr_mtx));
2585		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2586
2587		fe_bbr_info.bbr_info = bbr_info;
2588		fe_bbr_info.lock = &bbr_mtx;
2589
2590		cv_init(&fe_bbr_info.sem, "BBR read cv");
2591		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2592
2593		if (metatask == NULL) {
2594			mtx_destroy(&bbr_mtx);
2595			cv_destroy(&fe_bbr_info.sem);
2596			retval = ENOMEM;
2597			break;
2598		}
2599		metatask->tasktype = CFI_TASK_BBRREAD;
2600		metatask->callback = ctl_ioctl_bbrread_callback;
2601		metatask->callback_arg = &fe_bbr_info;
2602		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2603		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2604		metatask->taskinfo.bbrread.len = bbr_info->len;
2605
2606		cfi_action(metatask);
2607
2608		mtx_lock(&bbr_mtx);
2609		while (fe_bbr_info.wakeup_done == 0)
2610			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2611		mtx_unlock(&bbr_mtx);
2612
2613		bbr_info->status = metatask->status;
2614		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2615		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2616		memcpy(&bbr_info->sense_data,
2617		       &metatask->taskinfo.bbrread.sense_data,
2618		       ctl_min(sizeof(bbr_info->sense_data),
2619			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2620
2621		cfi_free_metatask(metatask);
2622
2623		mtx_destroy(&bbr_mtx);
2624		cv_destroy(&fe_bbr_info.sem);
2625
2626		break;
2627	}
2628	case CTL_DELAY_IO: {
2629		struct ctl_io_delay_info *delay_info;
2630#ifdef CTL_IO_DELAY
2631		struct ctl_lun *lun;
2632#endif /* CTL_IO_DELAY */
2633
2634		delay_info = (struct ctl_io_delay_info *)addr;
2635
2636#ifdef CTL_IO_DELAY
2637		mtx_lock(&softc->ctl_lock);
2638
2639		if ((delay_info->lun_id > CTL_MAX_LUNS)
2640		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2641			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2642		} else {
2643			lun = softc->ctl_luns[delay_info->lun_id];
2644			mtx_lock(&lun->lun_lock);
2645
2646			delay_info->status = CTL_DELAY_STATUS_OK;
2647
2648			switch (delay_info->delay_type) {
2649			case CTL_DELAY_TYPE_CONT:
2650				break;
2651			case CTL_DELAY_TYPE_ONESHOT:
2652				break;
2653			default:
2654				delay_info->status =
2655					CTL_DELAY_STATUS_INVALID_TYPE;
2656				break;
2657			}
2658
2659			switch (delay_info->delay_loc) {
2660			case CTL_DELAY_LOC_DATAMOVE:
2661				lun->delay_info.datamove_type =
2662					delay_info->delay_type;
2663				lun->delay_info.datamove_delay =
2664					delay_info->delay_secs;
2665				break;
2666			case CTL_DELAY_LOC_DONE:
2667				lun->delay_info.done_type =
2668					delay_info->delay_type;
2669				lun->delay_info.done_delay =
2670					delay_info->delay_secs;
2671				break;
2672			default:
2673				delay_info->status =
2674					CTL_DELAY_STATUS_INVALID_LOC;
2675				break;
2676			}
2677			mtx_unlock(&lun->lun_lock);
2678		}
2679
2680		mtx_unlock(&softc->ctl_lock);
2681#else
2682		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2683#endif /* CTL_IO_DELAY */
2684		break;
2685	}
2686	case CTL_REALSYNC_SET: {
2687		int *syncstate;
2688
2689		syncstate = (int *)addr;
2690
2691		mtx_lock(&softc->ctl_lock);
2692		switch (*syncstate) {
2693		case 0:
2694			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2695			break;
2696		case 1:
2697			softc->flags |= CTL_FLAG_REAL_SYNC;
2698			break;
2699		default:
2700			retval = EINVAL;
2701			break;
2702		}
2703		mtx_unlock(&softc->ctl_lock);
2704		break;
2705	}
2706	case CTL_REALSYNC_GET: {
2707		int *syncstate;
2708
2709		syncstate = (int*)addr;
2710
2711		mtx_lock(&softc->ctl_lock);
2712		if (softc->flags & CTL_FLAG_REAL_SYNC)
2713			*syncstate = 1;
2714		else
2715			*syncstate = 0;
2716		mtx_unlock(&softc->ctl_lock);
2717
2718		break;
2719	}
2720	case CTL_SETSYNC:
2721	case CTL_GETSYNC: {
2722		struct ctl_sync_info *sync_info;
2723		struct ctl_lun *lun;
2724
2725		sync_info = (struct ctl_sync_info *)addr;
2726
2727		mtx_lock(&softc->ctl_lock);
2728		lun = softc->ctl_luns[sync_info->lun_id];
2729		if (lun == NULL) {
2730			mtx_unlock(&softc->ctl_lock);
2731			sync_info->status = CTL_GS_SYNC_NO_LUN;
2732		}
2733		/*
2734		 * Get or set the sync interval.  We're not bounds checking
2735		 * in the set case, hopefully the user won't do something
2736		 * silly.
2737		 */
2738		mtx_lock(&lun->lun_lock);
2739		mtx_unlock(&softc->ctl_lock);
2740		if (cmd == CTL_GETSYNC)
2741			sync_info->sync_interval = lun->sync_interval;
2742		else
2743			lun->sync_interval = sync_info->sync_interval;
2744		mtx_unlock(&lun->lun_lock);
2745
2746		sync_info->status = CTL_GS_SYNC_OK;
2747
2748		break;
2749	}
2750	case CTL_GETSTATS: {
2751		struct ctl_stats *stats;
2752		struct ctl_lun *lun;
2753		int i;
2754
2755		stats = (struct ctl_stats *)addr;
2756
2757		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2758		     stats->alloc_len) {
2759			stats->status = CTL_SS_NEED_MORE_SPACE;
2760			stats->num_luns = softc->num_luns;
2761			break;
2762		}
2763		/*
2764		 * XXX KDM no locking here.  If the LUN list changes,
2765		 * things can blow up.
2766		 */
2767		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2768		     i++, lun = STAILQ_NEXT(lun, links)) {
2769			retval = copyout(&lun->stats, &stats->lun_stats[i],
2770					 sizeof(lun->stats));
2771			if (retval != 0)
2772				break;
2773		}
2774		stats->num_luns = softc->num_luns;
2775		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2776				 softc->num_luns;
2777		stats->status = CTL_SS_OK;
2778#ifdef CTL_TIME_IO
2779		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2780#else
2781		stats->flags = CTL_STATS_FLAG_NONE;
2782#endif
2783		getnanouptime(&stats->timestamp);
2784		break;
2785	}
2786	case CTL_ERROR_INJECT: {
2787		struct ctl_error_desc *err_desc, *new_err_desc;
2788		struct ctl_lun *lun;
2789
2790		err_desc = (struct ctl_error_desc *)addr;
2791
2792		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2793				      M_WAITOK | M_ZERO);
2794		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2795
2796		mtx_lock(&softc->ctl_lock);
2797		lun = softc->ctl_luns[err_desc->lun_id];
2798		if (lun == NULL) {
2799			mtx_unlock(&softc->ctl_lock);
2800			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2801			       __func__, (uintmax_t)err_desc->lun_id);
2802			retval = EINVAL;
2803			break;
2804		}
2805		mtx_lock(&lun->lun_lock);
2806		mtx_unlock(&softc->ctl_lock);
2807
2808		/*
2809		 * We could do some checking here to verify the validity
2810		 * of the request, but given the complexity of error
2811		 * injection requests, the checking logic would be fairly
2812		 * complex.
2813		 *
2814		 * For now, if the request is invalid, it just won't get
2815		 * executed and might get deleted.
2816		 */
2817		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2818
2819		/*
2820		 * XXX KDM check to make sure the serial number is unique,
2821		 * in case we somehow manage to wrap.  That shouldn't
2822		 * happen for a very long time, but it's the right thing to
2823		 * do.
2824		 */
2825		new_err_desc->serial = lun->error_serial;
2826		err_desc->serial = lun->error_serial;
2827		lun->error_serial++;
2828
2829		mtx_unlock(&lun->lun_lock);
2830		break;
2831	}
2832	case CTL_ERROR_INJECT_DELETE: {
2833		struct ctl_error_desc *delete_desc, *desc, *desc2;
2834		struct ctl_lun *lun;
2835		int delete_done;
2836
2837		delete_desc = (struct ctl_error_desc *)addr;
2838		delete_done = 0;
2839
2840		mtx_lock(&softc->ctl_lock);
2841		lun = softc->ctl_luns[delete_desc->lun_id];
2842		if (lun == NULL) {
2843			mtx_unlock(&softc->ctl_lock);
2844			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2845			       __func__, (uintmax_t)delete_desc->lun_id);
2846			retval = EINVAL;
2847			break;
2848		}
2849		mtx_lock(&lun->lun_lock);
2850		mtx_unlock(&softc->ctl_lock);
2851		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2852			if (desc->serial != delete_desc->serial)
2853				continue;
2854
2855			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2856				      links);
2857			free(desc, M_CTL);
2858			delete_done = 1;
2859		}
2860		mtx_unlock(&lun->lun_lock);
2861		if (delete_done == 0) {
2862			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2863			       "error serial %ju on LUN %u\n", __func__,
2864			       delete_desc->serial, delete_desc->lun_id);
2865			retval = EINVAL;
2866			break;
2867		}
2868		break;
2869	}
2870	case CTL_DUMP_STRUCTS: {
2871		int i, j, k;
2872		struct ctl_port *port;
2873		struct ctl_frontend *fe;
2874
2875		printf("CTL IID to WWPN map start:\n");
2876		for (i = 0; i < CTL_MAX_PORTS; i++) {
2877			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2878				if (softc->wwpn_iid[i][j].in_use == 0)
2879					continue;
2880
2881				printf("port %d iid %u WWPN %#jx\n",
2882				       softc->wwpn_iid[i][j].port,
2883				       softc->wwpn_iid[i][j].iid,
2884				       (uintmax_t)softc->wwpn_iid[i][j].wwpn);
2885			}
2886		}
2887		printf("CTL IID to WWPN map end\n");
2888		printf("CTL Persistent Reservation information start:\n");
2889		for (i = 0; i < CTL_MAX_LUNS; i++) {
2890			struct ctl_lun *lun;
2891
2892			lun = softc->ctl_luns[i];
2893
2894			if ((lun == NULL)
2895			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2896				continue;
2897
2898			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
2899				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2900					if (lun->per_res[j+k].registered == 0)
2901						continue;
2902					printf("LUN %d port %d iid %d key "
2903					       "%#jx\n", i, j, k,
2904					       (uintmax_t)scsi_8btou64(
2905					       lun->per_res[j+k].res_key.key));
2906				}
2907			}
2908		}
2909		printf("CTL Persistent Reservation information end\n");
2910		printf("CTL Ports:\n");
2911		/*
2912		 * XXX KDM calling this without a lock.  We'd likely want
2913		 * to drop the lock before calling the frontend's dump
2914		 * routine anyway.
2915		 */
2916		STAILQ_FOREACH(port, &softc->port_list, links) {
2917			printf("Port %s Frontend %s Type %u pport %d vport %d WWNN "
2918			       "%#jx WWPN %#jx\n", port->port_name,
2919			       port->frontend->name, port->port_type,
2920			       port->physical_port, port->virtual_port,
2921			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2922		}
2923		printf("CTL Port information end\n");
2924		printf("CTL Frontends:\n");
2925		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2926			printf("Frontend %s\n", fe->name);
2927			if (fe->fe_dump != NULL)
2928				fe->fe_dump();
2929		}
2930		printf("CTL Frontend information end\n");
2931		break;
2932	}
2933	case CTL_LUN_REQ: {
2934		struct ctl_lun_req *lun_req;
2935		struct ctl_backend_driver *backend;
2936
2937		lun_req = (struct ctl_lun_req *)addr;
2938
2939		backend = ctl_backend_find(lun_req->backend);
2940		if (backend == NULL) {
2941			lun_req->status = CTL_LUN_ERROR;
2942			snprintf(lun_req->error_str,
2943				 sizeof(lun_req->error_str),
2944				 "Backend \"%s\" not found.",
2945				 lun_req->backend);
2946			break;
2947		}
2948		if (lun_req->num_be_args > 0) {
2949			lun_req->kern_be_args = ctl_copyin_args(
2950				lun_req->num_be_args,
2951				lun_req->be_args,
2952				lun_req->error_str,
2953				sizeof(lun_req->error_str));
2954			if (lun_req->kern_be_args == NULL) {
2955				lun_req->status = CTL_LUN_ERROR;
2956				break;
2957			}
2958		}
2959
2960		retval = backend->ioctl(dev, cmd, addr, flag, td);
2961
2962		if (lun_req->num_be_args > 0) {
2963			ctl_copyout_args(lun_req->num_be_args,
2964				      lun_req->kern_be_args);
2965			ctl_free_args(lun_req->num_be_args,
2966				      lun_req->kern_be_args);
2967		}
2968		break;
2969	}
2970	case CTL_LUN_LIST: {
2971		struct sbuf *sb;
2972		struct ctl_lun *lun;
2973		struct ctl_lun_list *list;
2974		struct ctl_option *opt;
2975
2976		list = (struct ctl_lun_list *)addr;
2977
2978		/*
2979		 * Allocate a fixed length sbuf here, based on the length
2980		 * of the user's buffer.  We could allocate an auto-extending
2981		 * buffer, and then tell the user how much larger our
2982		 * amount of data is than his buffer, but that presents
2983		 * some problems:
2984		 *
2985		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2986		 *     we can't hold a lock while calling them with an
2987		 *     auto-extending buffer.
2988 		 *
2989		 * 2.  There is not currently a LUN reference counting
2990		 *     mechanism, outside of outstanding transactions on
2991		 *     the LUN's OOA queue.  So a LUN could go away on us
2992		 *     while we're getting the LUN number, backend-specific
2993		 *     information, etc.  Thus, given the way things
2994		 *     currently work, we need to hold the CTL lock while
2995		 *     grabbing LUN information.
2996		 *
2997		 * So, from the user's standpoint, the best thing to do is
2998		 * allocate what he thinks is a reasonable buffer length,
2999		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3000		 * double the buffer length and try again.  (And repeat
3001		 * that until he succeeds.)
3002		 */
3003		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3004		if (sb == NULL) {
3005			list->status = CTL_LUN_LIST_ERROR;
3006			snprintf(list->error_str, sizeof(list->error_str),
3007				 "Unable to allocate %d bytes for LUN list",
3008				 list->alloc_len);
3009			break;
3010		}
3011
3012		sbuf_printf(sb, "<ctllunlist>\n");
3013
3014		mtx_lock(&softc->ctl_lock);
3015		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3016			mtx_lock(&lun->lun_lock);
3017			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3018					     (uintmax_t)lun->lun);
3019
3020			/*
3021			 * Bail out as soon as we see that we've overfilled
3022			 * the buffer.
3023			 */
3024			if (retval != 0)
3025				break;
3026
3027			retval = sbuf_printf(sb, "\t<backend_type>%s"
3028					     "</backend_type>\n",
3029					     (lun->backend == NULL) ?  "none" :
3030					     lun->backend->name);
3031
3032			if (retval != 0)
3033				break;
3034
3035			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3036					     lun->be_lun->lun_type);
3037
3038			if (retval != 0)
3039				break;
3040
3041			if (lun->backend == NULL) {
3042				retval = sbuf_printf(sb, "</lun>\n");
3043				if (retval != 0)
3044					break;
3045				continue;
3046			}
3047
3048			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3049					     (lun->be_lun->maxlba > 0) ?
3050					     lun->be_lun->maxlba + 1 : 0);
3051
3052			if (retval != 0)
3053				break;
3054
3055			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3056					     lun->be_lun->blocksize);
3057
3058			if (retval != 0)
3059				break;
3060
3061			retval = sbuf_printf(sb, "\t<serial_number>");
3062
3063			if (retval != 0)
3064				break;
3065
3066			retval = ctl_sbuf_printf_esc(sb,
3067						     lun->be_lun->serial_num);
3068
3069			if (retval != 0)
3070				break;
3071
3072			retval = sbuf_printf(sb, "</serial_number>\n");
3073
3074			if (retval != 0)
3075				break;
3076
3077			retval = sbuf_printf(sb, "\t<device_id>");
3078
3079			if (retval != 0)
3080				break;
3081
3082			retval = ctl_sbuf_printf_esc(sb,lun->be_lun->device_id);
3083
3084			if (retval != 0)
3085				break;
3086
3087			retval = sbuf_printf(sb, "</device_id>\n");
3088
3089			if (retval != 0)
3090				break;
3091
3092			if (lun->backend->lun_info != NULL) {
3093				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3094				if (retval != 0)
3095					break;
3096			}
3097			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3098				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3099				    opt->name, opt->value, opt->name);
3100				if (retval != 0)
3101					break;
3102			}
3103
3104			retval = sbuf_printf(sb, "</lun>\n");
3105
3106			if (retval != 0)
3107				break;
3108			mtx_unlock(&lun->lun_lock);
3109		}
3110		if (lun != NULL)
3111			mtx_unlock(&lun->lun_lock);
3112		mtx_unlock(&softc->ctl_lock);
3113
3114		if ((retval != 0)
3115		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3116			retval = 0;
3117			sbuf_delete(sb);
3118			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3119			snprintf(list->error_str, sizeof(list->error_str),
3120				 "Out of space, %d bytes is too small",
3121				 list->alloc_len);
3122			break;
3123		}
3124
3125		sbuf_finish(sb);
3126
3127		retval = copyout(sbuf_data(sb), list->lun_xml,
3128				 sbuf_len(sb) + 1);
3129
3130		list->fill_len = sbuf_len(sb) + 1;
3131		list->status = CTL_LUN_LIST_OK;
3132		sbuf_delete(sb);
3133		break;
3134	}
3135	case CTL_ISCSI: {
3136		struct ctl_iscsi *ci;
3137		struct ctl_frontend *fe;
3138
3139		ci = (struct ctl_iscsi *)addr;
3140
3141		fe = ctl_frontend_find("iscsi");
3142		if (fe == NULL) {
3143			ci->status = CTL_ISCSI_ERROR;
3144			snprintf(ci->error_str, sizeof(ci->error_str),
3145			    "Frontend \"iscsi\" not found.");
3146			break;
3147		}
3148
3149		retval = fe->ioctl(dev, cmd, addr, flag, td);
3150		break;
3151	}
3152	case CTL_PORT_REQ: {
3153		struct ctl_req *req;
3154		struct ctl_frontend *fe;
3155
3156		req = (struct ctl_req *)addr;
3157
3158		fe = ctl_frontend_find(req->driver);
3159		if (fe == NULL) {
3160			req->status = CTL_LUN_ERROR;
3161			snprintf(req->error_str, sizeof(req->error_str),
3162			    "Frontend \"%s\" not found.", req->driver);
3163			break;
3164		}
3165		if (req->num_args > 0) {
3166			req->kern_args = ctl_copyin_args(req->num_args,
3167			    req->args, req->error_str, sizeof(req->error_str));
3168			if (req->kern_args == NULL) {
3169				req->status = CTL_LUN_ERROR;
3170				break;
3171			}
3172		}
3173
3174		retval = fe->ioctl(dev, cmd, addr, flag, td);
3175
3176		if (req->num_args > 0) {
3177			ctl_copyout_args(req->num_args, req->kern_args);
3178			ctl_free_args(req->num_args, req->kern_args);
3179		}
3180		break;
3181	}
3182	case CTL_PORT_LIST: {
3183		struct sbuf *sb;
3184		struct ctl_port *port;
3185		struct ctl_lun_list *list;
3186		struct ctl_option *opt;
3187
3188		list = (struct ctl_lun_list *)addr;
3189
3190		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3191		if (sb == NULL) {
3192			list->status = CTL_LUN_LIST_ERROR;
3193			snprintf(list->error_str, sizeof(list->error_str),
3194				 "Unable to allocate %d bytes for LUN list",
3195				 list->alloc_len);
3196			break;
3197		}
3198
3199		sbuf_printf(sb, "<ctlportlist>\n");
3200
3201		mtx_lock(&softc->ctl_lock);
3202		STAILQ_FOREACH(port, &softc->port_list, links) {
3203			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3204					     (uintmax_t)port->targ_port);
3205
3206			/*
3207			 * Bail out as soon as we see that we've overfilled
3208			 * the buffer.
3209			 */
3210			if (retval != 0)
3211				break;
3212
3213			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3214			    "</frontend_type>\n", port->frontend->name);
3215			if (retval != 0)
3216				break;
3217
3218			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3219					     port->port_type);
3220			if (retval != 0)
3221				break;
3222
3223			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3224			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3225			if (retval != 0)
3226				break;
3227
3228			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3229			    port->port_name);
3230			if (retval != 0)
3231				break;
3232
3233			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3234			    port->physical_port);
3235			if (retval != 0)
3236				break;
3237
3238			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3239			    port->virtual_port);
3240			if (retval != 0)
3241				break;
3242
3243			retval = sbuf_printf(sb, "\t<wwnn>%#jx</wwnn>\n",
3244			    (uintmax_t)port->wwnn);
3245			if (retval != 0)
3246				break;
3247
3248			retval = sbuf_printf(sb, "\t<wwpn>%#jx</wwpn>\n",
3249			    (uintmax_t)port->wwpn);
3250			if (retval != 0)
3251				break;
3252
3253			STAILQ_FOREACH(opt, &port->options, links) {
3254				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3255				    opt->name, opt->value, opt->name);
3256				if (retval != 0)
3257					break;
3258			}
3259
3260			retval = sbuf_printf(sb, "</targ_port>\n");
3261			if (retval != 0)
3262				break;
3263		}
3264		mtx_unlock(&softc->ctl_lock);
3265
3266		if ((retval != 0)
3267		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3268			retval = 0;
3269			sbuf_delete(sb);
3270			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3271			snprintf(list->error_str, sizeof(list->error_str),
3272				 "Out of space, %d bytes is too small",
3273				 list->alloc_len);
3274			break;
3275		}
3276
3277		sbuf_finish(sb);
3278
3279		retval = copyout(sbuf_data(sb), list->lun_xml,
3280				 sbuf_len(sb) + 1);
3281
3282		list->fill_len = sbuf_len(sb) + 1;
3283		list->status = CTL_LUN_LIST_OK;
3284		sbuf_delete(sb);
3285		break;
3286	}
3287	default: {
3288		/* XXX KDM should we fix this? */
3289#if 0
3290		struct ctl_backend_driver *backend;
3291		unsigned int type;
3292		int found;
3293
3294		found = 0;
3295
3296		/*
3297		 * We encode the backend type as the ioctl type for backend
3298		 * ioctls.  So parse it out here, and then search for a
3299		 * backend of this type.
3300		 */
3301		type = _IOC_TYPE(cmd);
3302
3303		STAILQ_FOREACH(backend, &softc->be_list, links) {
3304			if (backend->type == type) {
3305				found = 1;
3306				break;
3307			}
3308		}
3309		if (found == 0) {
3310			printf("ctl: unknown ioctl command %#lx or backend "
3311			       "%d\n", cmd, type);
3312			retval = EINVAL;
3313			break;
3314		}
3315		retval = backend->ioctl(dev, cmd, addr, flag, td);
3316#endif
3317		retval = ENOTTY;
3318		break;
3319	}
3320	}
3321	return (retval);
3322}
3323
3324uint32_t
3325ctl_get_initindex(struct ctl_nexus *nexus)
3326{
3327	if (nexus->targ_port < CTL_MAX_PORTS)
3328		return (nexus->initid.id +
3329			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3330	else
3331		return (nexus->initid.id +
3332		       ((nexus->targ_port - CTL_MAX_PORTS) *
3333			CTL_MAX_INIT_PER_PORT));
3334}
3335
3336uint32_t
3337ctl_get_resindex(struct ctl_nexus *nexus)
3338{
3339	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3340}
3341
3342uint32_t
3343ctl_port_idx(int port_num)
3344{
3345	if (port_num < CTL_MAX_PORTS)
3346		return(port_num);
3347	else
3348		return(port_num - CTL_MAX_PORTS);
3349}
3350
3351static uint32_t
3352ctl_map_lun(int port_num, uint32_t lun_id)
3353{
3354	struct ctl_port *port;
3355
3356	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3357	if (port == NULL)
3358		return (UINT32_MAX);
3359	if (port->lun_map == NULL)
3360		return (lun_id);
3361	return (port->lun_map(port->targ_lun_arg, lun_id));
3362}
3363
3364/*
3365 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3366 * that are a power of 2.
3367 */
3368int
3369ctl_ffz(uint32_t *mask, uint32_t size)
3370{
3371	uint32_t num_chunks, num_pieces;
3372	int i, j;
3373
3374	num_chunks = (size >> 5);
3375	if (num_chunks == 0)
3376		num_chunks++;
3377	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3378
3379	for (i = 0; i < num_chunks; i++) {
3380		for (j = 0; j < num_pieces; j++) {
3381			if ((mask[i] & (1 << j)) == 0)
3382				return ((i << 5) + j);
3383		}
3384	}
3385
3386	return (-1);
3387}
3388
3389int
3390ctl_set_mask(uint32_t *mask, uint32_t bit)
3391{
3392	uint32_t chunk, piece;
3393
3394	chunk = bit >> 5;
3395	piece = bit % (sizeof(uint32_t) * 8);
3396
3397	if ((mask[chunk] & (1 << piece)) != 0)
3398		return (-1);
3399	else
3400		mask[chunk] |= (1 << piece);
3401
3402	return (0);
3403}
3404
3405int
3406ctl_clear_mask(uint32_t *mask, uint32_t bit)
3407{
3408	uint32_t chunk, piece;
3409
3410	chunk = bit >> 5;
3411	piece = bit % (sizeof(uint32_t) * 8);
3412
3413	if ((mask[chunk] & (1 << piece)) == 0)
3414		return (-1);
3415	else
3416		mask[chunk] &= ~(1 << piece);
3417
3418	return (0);
3419}
3420
3421int
3422ctl_is_set(uint32_t *mask, uint32_t bit)
3423{
3424	uint32_t chunk, piece;
3425
3426	chunk = bit >> 5;
3427	piece = bit % (sizeof(uint32_t) * 8);
3428
3429	if ((mask[chunk] & (1 << piece)) == 0)
3430		return (0);
3431	else
3432		return (1);
3433}
3434
3435#ifdef unused
3436/*
3437 * The bus, target and lun are optional, they can be filled in later.
3438 * can_wait is used to determine whether we can wait on the malloc or not.
3439 */
3440union ctl_io*
3441ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3442	      uint32_t targ_lun, int can_wait)
3443{
3444	union ctl_io *io;
3445
3446	if (can_wait)
3447		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3448	else
3449		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3450
3451	if (io != NULL) {
3452		io->io_hdr.io_type = io_type;
3453		io->io_hdr.targ_port = targ_port;
3454		/*
3455		 * XXX KDM this needs to change/go away.  We need to move
3456		 * to a preallocated pool of ctl_scsiio structures.
3457		 */
3458		io->io_hdr.nexus.targ_target.id = targ_target;
3459		io->io_hdr.nexus.targ_lun = targ_lun;
3460	}
3461
3462	return (io);
3463}
3464
3465void
3466ctl_kfree_io(union ctl_io *io)
3467{
3468	free(io, M_CTL);
3469}
3470#endif /* unused */
3471
3472/*
3473 * ctl_softc, pool_type, total_ctl_io are passed in.
3474 * npool is passed out.
3475 */
3476int
3477ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3478		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3479{
3480	uint32_t i;
3481	union ctl_io *cur_io, *next_io;
3482	struct ctl_io_pool *pool;
3483	int retval;
3484
3485	retval = 0;
3486
3487	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3488					    M_NOWAIT | M_ZERO);
3489	if (pool == NULL) {
3490		retval = ENOMEM;
3491		goto bailout;
3492	}
3493
3494	pool->type = pool_type;
3495	pool->ctl_softc = ctl_softc;
3496
3497	mtx_lock(&ctl_softc->pool_lock);
3498	pool->id = ctl_softc->cur_pool_id++;
3499	mtx_unlock(&ctl_softc->pool_lock);
3500
3501	pool->flags = CTL_POOL_FLAG_NONE;
3502	pool->refcount = 1;		/* Reference for validity. */
3503	STAILQ_INIT(&pool->free_queue);
3504
3505	/*
3506	 * XXX KDM other options here:
3507	 * - allocate a page at a time
3508	 * - allocate one big chunk of memory.
3509	 * Page allocation might work well, but would take a little more
3510	 * tracking.
3511	 */
3512	for (i = 0; i < total_ctl_io; i++) {
3513		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTLIO,
3514						M_NOWAIT);
3515		if (cur_io == NULL) {
3516			retval = ENOMEM;
3517			break;
3518		}
3519		cur_io->io_hdr.pool = pool;
3520		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3521		pool->total_ctl_io++;
3522		pool->free_ctl_io++;
3523	}
3524
3525	if (retval != 0) {
3526		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3527		     cur_io != NULL; cur_io = next_io) {
3528			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3529							      links);
3530			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3531				      ctl_io_hdr, links);
3532			free(cur_io, M_CTLIO);
3533		}
3534
3535		free(pool, M_CTL);
3536		goto bailout;
3537	}
3538	mtx_lock(&ctl_softc->pool_lock);
3539	ctl_softc->num_pools++;
3540	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3541	/*
3542	 * Increment our usage count if this is an external consumer, so we
3543	 * can't get unloaded until the external consumer (most likely a
3544	 * FETD) unloads and frees his pool.
3545	 *
3546	 * XXX KDM will this increment the caller's module use count, or
3547	 * mine?
3548	 */
3549#if 0
3550	if ((pool_type != CTL_POOL_EMERGENCY)
3551	 && (pool_type != CTL_POOL_INTERNAL)
3552	 && (pool_type != CTL_POOL_4OTHERSC))
3553		MOD_INC_USE_COUNT;
3554#endif
3555
3556	mtx_unlock(&ctl_softc->pool_lock);
3557
3558	*npool = pool;
3559
3560bailout:
3561
3562	return (retval);
3563}
3564
3565static int
3566ctl_pool_acquire(struct ctl_io_pool *pool)
3567{
3568
3569	mtx_assert(&pool->ctl_softc->pool_lock, MA_OWNED);
3570
3571	if (pool->flags & CTL_POOL_FLAG_INVALID)
3572		return (EINVAL);
3573
3574	pool->refcount++;
3575
3576	return (0);
3577}
3578
3579static void
3580ctl_pool_release(struct ctl_io_pool *pool)
3581{
3582	struct ctl_softc *ctl_softc = pool->ctl_softc;
3583	union ctl_io *io;
3584
3585	mtx_assert(&ctl_softc->pool_lock, MA_OWNED);
3586
3587	if (--pool->refcount != 0)
3588		return;
3589
3590	while ((io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue)) != NULL) {
3591		STAILQ_REMOVE(&pool->free_queue, &io->io_hdr, ctl_io_hdr,
3592			      links);
3593		free(io, M_CTLIO);
3594	}
3595
3596	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3597	ctl_softc->num_pools--;
3598
3599	/*
3600	 * XXX KDM will this decrement the caller's usage count or mine?
3601	 */
3602#if 0
3603	if ((pool->type != CTL_POOL_EMERGENCY)
3604	 && (pool->type != CTL_POOL_INTERNAL)
3605	 && (pool->type != CTL_POOL_4OTHERSC))
3606		MOD_DEC_USE_COUNT;
3607#endif
3608
3609	free(pool, M_CTL);
3610}
3611
3612void
3613ctl_pool_free(struct ctl_io_pool *pool)
3614{
3615	struct ctl_softc *ctl_softc;
3616
3617	if (pool == NULL)
3618		return;
3619
3620	ctl_softc = pool->ctl_softc;
3621	mtx_lock(&ctl_softc->pool_lock);
3622	pool->flags |= CTL_POOL_FLAG_INVALID;
3623	ctl_pool_release(pool);
3624	mtx_unlock(&ctl_softc->pool_lock);
3625}
3626
3627/*
3628 * This routine does not block (except for spinlocks of course).
3629 * It tries to allocate a ctl_io union from the caller's pool as quickly as
3630 * possible.
3631 */
3632union ctl_io *
3633ctl_alloc_io(void *pool_ref)
3634{
3635	union ctl_io *io;
3636	struct ctl_softc *ctl_softc;
3637	struct ctl_io_pool *pool, *npool;
3638	struct ctl_io_pool *emergency_pool;
3639
3640	pool = (struct ctl_io_pool *)pool_ref;
3641
3642	if (pool == NULL) {
3643		printf("%s: pool is NULL\n", __func__);
3644		return (NULL);
3645	}
3646
3647	emergency_pool = NULL;
3648
3649	ctl_softc = pool->ctl_softc;
3650
3651	mtx_lock(&ctl_softc->pool_lock);
3652	/*
3653	 * First, try to get the io structure from the user's pool.
3654	 */
3655	if (ctl_pool_acquire(pool) == 0) {
3656		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3657		if (io != NULL) {
3658			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3659			pool->total_allocated++;
3660			pool->free_ctl_io--;
3661			mtx_unlock(&ctl_softc->pool_lock);
3662			return (io);
3663		} else
3664			ctl_pool_release(pool);
3665	}
3666	/*
3667	 * If he doesn't have any io structures left, search for an
3668	 * emergency pool and grab one from there.
3669	 */
3670	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3671		if (npool->type != CTL_POOL_EMERGENCY)
3672			continue;
3673
3674		if (ctl_pool_acquire(npool) != 0)
3675			continue;
3676
3677		emergency_pool = npool;
3678
3679		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3680		if (io != NULL) {
3681			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3682			npool->total_allocated++;
3683			npool->free_ctl_io--;
3684			mtx_unlock(&ctl_softc->pool_lock);
3685			return (io);
3686		} else
3687			ctl_pool_release(npool);
3688	}
3689
3690	/* Drop the spinlock before we malloc */
3691	mtx_unlock(&ctl_softc->pool_lock);
3692
3693	/*
3694	 * The emergency pool (if it exists) didn't have one, so try an
3695	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3696	 */
3697	io = (union ctl_io *)malloc(sizeof(*io), M_CTLIO, M_NOWAIT);
3698	if (io != NULL) {
3699		/*
3700		 * If the emergency pool exists but is empty, add this
3701		 * ctl_io to its list when it gets freed.
3702		 */
3703		if (emergency_pool != NULL) {
3704			mtx_lock(&ctl_softc->pool_lock);
3705			if (ctl_pool_acquire(emergency_pool) == 0) {
3706				io->io_hdr.pool = emergency_pool;
3707				emergency_pool->total_ctl_io++;
3708				/*
3709				 * Need to bump this, otherwise
3710				 * total_allocated and total_freed won't
3711				 * match when we no longer have anything
3712				 * outstanding.
3713				 */
3714				emergency_pool->total_allocated++;
3715			}
3716			mtx_unlock(&ctl_softc->pool_lock);
3717		} else
3718			io->io_hdr.pool = NULL;
3719	}
3720
3721	return (io);
3722}
3723
3724void
3725ctl_free_io(union ctl_io *io)
3726{
3727	if (io == NULL)
3728		return;
3729
3730	/*
3731	 * If this ctl_io has a pool, return it to that pool.
3732	 */
3733	if (io->io_hdr.pool != NULL) {
3734		struct ctl_io_pool *pool;
3735
3736		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3737		mtx_lock(&pool->ctl_softc->pool_lock);
3738		io->io_hdr.io_type = 0xff;
3739		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3740		pool->total_freed++;
3741		pool->free_ctl_io++;
3742		ctl_pool_release(pool);
3743		mtx_unlock(&pool->ctl_softc->pool_lock);
3744	} else {
3745		/*
3746		 * Otherwise, just free it.  We probably malloced it and
3747		 * the emergency pool wasn't available.
3748		 */
3749		free(io, M_CTLIO);
3750	}
3751
3752}
3753
3754void
3755ctl_zero_io(union ctl_io *io)
3756{
3757	void *pool_ref;
3758
3759	if (io == NULL)
3760		return;
3761
3762	/*
3763	 * May need to preserve linked list pointers at some point too.
3764	 */
3765	pool_ref = io->io_hdr.pool;
3766
3767	memset(io, 0, sizeof(*io));
3768
3769	io->io_hdr.pool = pool_ref;
3770}
3771
3772/*
3773 * This routine is currently used for internal copies of ctl_ios that need
3774 * to persist for some reason after we've already returned status to the
3775 * FETD.  (Thus the flag set.)
3776 *
3777 * XXX XXX
3778 * Note that this makes a blind copy of all fields in the ctl_io, except
3779 * for the pool reference.  This includes any memory that has been
3780 * allocated!  That memory will no longer be valid after done has been
3781 * called, so this would be VERY DANGEROUS for command that actually does
3782 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3783 * start and stop commands, which don't transfer any data, so this is not a
3784 * problem.  If it is used for anything else, the caller would also need to
3785 * allocate data buffer space and this routine would need to be modified to
3786 * copy the data buffer(s) as well.
3787 */
3788void
3789ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3790{
3791	void *pool_ref;
3792
3793	if ((src == NULL)
3794	 || (dest == NULL))
3795		return;
3796
3797	/*
3798	 * May need to preserve linked list pointers at some point too.
3799	 */
3800	pool_ref = dest->io_hdr.pool;
3801
3802	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
3803
3804	dest->io_hdr.pool = pool_ref;
3805	/*
3806	 * We need to know that this is an internal copy, and doesn't need
3807	 * to get passed back to the FETD that allocated it.
3808	 */
3809	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3810}
3811
3812#ifdef NEEDTOPORT
3813static void
3814ctl_update_power_subpage(struct copan_power_subpage *page)
3815{
3816	int num_luns, num_partitions, config_type;
3817	struct ctl_softc *softc;
3818	cs_BOOL_t aor_present, shelf_50pct_power;
3819	cs_raidset_personality_t rs_type;
3820	int max_active_luns;
3821
3822	softc = control_softc;
3823
3824	/* subtract out the processor LUN */
3825	num_luns = softc->num_luns - 1;
3826	/*
3827	 * Default to 7 LUNs active, which was the only number we allowed
3828	 * in the past.
3829	 */
3830	max_active_luns = 7;
3831
3832	num_partitions = config_GetRsPartitionInfo();
3833	config_type = config_GetConfigType();
3834	shelf_50pct_power = config_GetShelfPowerMode();
3835	aor_present = config_IsAorRsPresent();
3836
3837	rs_type = ddb_GetRsRaidType(1);
3838	if ((rs_type != CS_RAIDSET_PERSONALITY_RAID5)
3839	 && (rs_type != CS_RAIDSET_PERSONALITY_RAID1)) {
3840		EPRINT(0, "Unsupported RS type %d!", rs_type);
3841	}
3842
3843
3844	page->total_luns = num_luns;
3845
3846	switch (config_type) {
3847	case 40:
3848		/*
3849		 * In a 40 drive configuration, it doesn't matter what DC
3850		 * cards we have, whether we have AOR enabled or not,
3851		 * partitioning or not, or what type of RAIDset we have.
3852		 * In that scenario, we can power up every LUN we present
3853		 * to the user.
3854		 */
3855		max_active_luns = num_luns;
3856
3857		break;
3858	case 64:
3859		if (shelf_50pct_power == CS_FALSE) {
3860			/* 25% power */
3861			if (aor_present == CS_TRUE) {
3862				if (rs_type ==
3863				     CS_RAIDSET_PERSONALITY_RAID5) {
3864					max_active_luns = 7;
3865				} else if (rs_type ==
3866					 CS_RAIDSET_PERSONALITY_RAID1){
3867					max_active_luns = 14;
3868				} else {
3869					/* XXX KDM now what?? */
3870				}
3871			} else {
3872				if (rs_type ==
3873				     CS_RAIDSET_PERSONALITY_RAID5) {
3874					max_active_luns = 8;
3875				} else if (rs_type ==
3876					 CS_RAIDSET_PERSONALITY_RAID1){
3877					max_active_luns = 16;
3878				} else {
3879					/* XXX KDM now what?? */
3880				}
3881			}
3882		} else {
3883			/* 50% power */
3884			/*
3885			 * With 50% power in a 64 drive configuration, we
3886			 * can power all LUNs we present.
3887			 */
3888			max_active_luns = num_luns;
3889		}
3890		break;
3891	case 112:
3892		if (shelf_50pct_power == CS_FALSE) {
3893			/* 25% power */
3894			if (aor_present == CS_TRUE) {
3895				if (rs_type ==
3896				     CS_RAIDSET_PERSONALITY_RAID5) {
3897					max_active_luns = 7;
3898				} else if (rs_type ==
3899					 CS_RAIDSET_PERSONALITY_RAID1){
3900					max_active_luns = 14;
3901				} else {
3902					/* XXX KDM now what?? */
3903				}
3904			} else {
3905				if (rs_type ==
3906				     CS_RAIDSET_PERSONALITY_RAID5) {
3907					max_active_luns = 8;
3908				} else if (rs_type ==
3909					 CS_RAIDSET_PERSONALITY_RAID1){
3910					max_active_luns = 16;
3911				} else {
3912					/* XXX KDM now what?? */
3913				}
3914			}
3915		} else {
3916			/* 50% power */
3917			if (aor_present == CS_TRUE) {
3918				if (rs_type ==
3919				     CS_RAIDSET_PERSONALITY_RAID5) {
3920					max_active_luns = 14;
3921				} else if (rs_type ==
3922					 CS_RAIDSET_PERSONALITY_RAID1){
3923					/*
3924					 * We're assuming here that disk
3925					 * caching is enabled, and so we're
3926					 * able to power up half of each
3927					 * LUN, and cache all writes.
3928					 */
3929					max_active_luns = num_luns;
3930				} else {
3931					/* XXX KDM now what?? */
3932				}
3933			} else {
3934				if (rs_type ==
3935				     CS_RAIDSET_PERSONALITY_RAID5) {
3936					max_active_luns = 15;
3937				} else if (rs_type ==
3938					 CS_RAIDSET_PERSONALITY_RAID1){
3939					max_active_luns = 30;
3940				} else {
3941					/* XXX KDM now what?? */
3942				}
3943			}
3944		}
3945		break;
3946	default:
3947		/*
3948		 * In this case, we have an unknown configuration, so we
3949		 * just use the default from above.
3950		 */
3951		break;
3952	}
3953
3954	page->max_active_luns = max_active_luns;
3955#if 0
3956	printk("%s: total_luns = %d, max_active_luns = %d\n", __func__,
3957	       page->total_luns, page->max_active_luns);
3958#endif
3959}
3960#endif /* NEEDTOPORT */
3961
3962/*
3963 * This routine could be used in the future to load default and/or saved
3964 * mode page parameters for a particuar lun.
3965 */
3966static int
3967ctl_init_page_index(struct ctl_lun *lun)
3968{
3969	int i;
3970	struct ctl_page_index *page_index;
3971	struct ctl_softc *softc;
3972
3973	memcpy(&lun->mode_pages.index, page_index_template,
3974	       sizeof(page_index_template));
3975
3976	softc = lun->ctl_softc;
3977
3978	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3979
3980		page_index = &lun->mode_pages.index[i];
3981		/*
3982		 * If this is a disk-only mode page, there's no point in
3983		 * setting it up.  For some pages, we have to have some
3984		 * basic information about the disk in order to calculate the
3985		 * mode page data.
3986		 */
3987		if ((lun->be_lun->lun_type != T_DIRECT)
3988		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3989			continue;
3990
3991		switch (page_index->page_code & SMPH_PC_MASK) {
3992		case SMS_FORMAT_DEVICE_PAGE: {
3993			struct scsi_format_page *format_page;
3994
3995			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3996				panic("subpage is incorrect!");
3997
3998			/*
3999			 * Sectors per track are set above.  Bytes per
4000			 * sector need to be set here on a per-LUN basis.
4001			 */
4002			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4003			       &format_page_default,
4004			       sizeof(format_page_default));
4005			memcpy(&lun->mode_pages.format_page[
4006			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4007			       sizeof(format_page_changeable));
4008			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4009			       &format_page_default,
4010			       sizeof(format_page_default));
4011			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4012			       &format_page_default,
4013			       sizeof(format_page_default));
4014
4015			format_page = &lun->mode_pages.format_page[
4016				CTL_PAGE_CURRENT];
4017			scsi_ulto2b(lun->be_lun->blocksize,
4018				    format_page->bytes_per_sector);
4019
4020			format_page = &lun->mode_pages.format_page[
4021				CTL_PAGE_DEFAULT];
4022			scsi_ulto2b(lun->be_lun->blocksize,
4023				    format_page->bytes_per_sector);
4024
4025			format_page = &lun->mode_pages.format_page[
4026				CTL_PAGE_SAVED];
4027			scsi_ulto2b(lun->be_lun->blocksize,
4028				    format_page->bytes_per_sector);
4029
4030			page_index->page_data =
4031				(uint8_t *)lun->mode_pages.format_page;
4032			break;
4033		}
4034		case SMS_RIGID_DISK_PAGE: {
4035			struct scsi_rigid_disk_page *rigid_disk_page;
4036			uint32_t sectors_per_cylinder;
4037			uint64_t cylinders;
4038#ifndef	__XSCALE__
4039			int shift;
4040#endif /* !__XSCALE__ */
4041
4042			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4043				panic("invalid subpage value %d",
4044				      page_index->subpage);
4045
4046			/*
4047			 * Rotation rate and sectors per track are set
4048			 * above.  We calculate the cylinders here based on
4049			 * capacity.  Due to the number of heads and
4050			 * sectors per track we're using, smaller arrays
4051			 * may turn out to have 0 cylinders.  Linux and
4052			 * FreeBSD don't pay attention to these mode pages
4053			 * to figure out capacity, but Solaris does.  It
4054			 * seems to deal with 0 cylinders just fine, and
4055			 * works out a fake geometry based on the capacity.
4056			 */
4057			memcpy(&lun->mode_pages.rigid_disk_page[
4058			       CTL_PAGE_CURRENT], &rigid_disk_page_default,
4059			       sizeof(rigid_disk_page_default));
4060			memcpy(&lun->mode_pages.rigid_disk_page[
4061			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4062			       sizeof(rigid_disk_page_changeable));
4063			memcpy(&lun->mode_pages.rigid_disk_page[
4064			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4065			       sizeof(rigid_disk_page_default));
4066			memcpy(&lun->mode_pages.rigid_disk_page[
4067			       CTL_PAGE_SAVED], &rigid_disk_page_default,
4068			       sizeof(rigid_disk_page_default));
4069
4070			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4071				CTL_DEFAULT_HEADS;
4072
4073			/*
4074			 * The divide method here will be more accurate,
4075			 * probably, but results in floating point being
4076			 * used in the kernel on i386 (__udivdi3()).  On the
4077			 * XScale, though, __udivdi3() is implemented in
4078			 * software.
4079			 *
4080			 * The shift method for cylinder calculation is
4081			 * accurate if sectors_per_cylinder is a power of
4082			 * 2.  Otherwise it might be slightly off -- you
4083			 * might have a bit of a truncation problem.
4084			 */
4085#ifdef	__XSCALE__
4086			cylinders = (lun->be_lun->maxlba + 1) /
4087				sectors_per_cylinder;
4088#else
4089			for (shift = 31; shift > 0; shift--) {
4090				if (sectors_per_cylinder & (1 << shift))
4091					break;
4092			}
4093			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4094#endif
4095
4096			/*
4097			 * We've basically got 3 bytes, or 24 bits for the
4098			 * cylinder size in the mode page.  If we're over,
4099			 * just round down to 2^24.
4100			 */
4101			if (cylinders > 0xffffff)
4102				cylinders = 0xffffff;
4103
4104			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4105				CTL_PAGE_CURRENT];
4106			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4107
4108			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4109				CTL_PAGE_DEFAULT];
4110			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4111
4112			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4113				CTL_PAGE_SAVED];
4114			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4115
4116			page_index->page_data =
4117				(uint8_t *)lun->mode_pages.rigid_disk_page;
4118			break;
4119		}
4120		case SMS_CACHING_PAGE: {
4121
4122			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4123				panic("invalid subpage value %d",
4124				      page_index->subpage);
4125			/*
4126			 * Defaults should be okay here, no calculations
4127			 * needed.
4128			 */
4129			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4130			       &caching_page_default,
4131			       sizeof(caching_page_default));
4132			memcpy(&lun->mode_pages.caching_page[
4133			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4134			       sizeof(caching_page_changeable));
4135			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4136			       &caching_page_default,
4137			       sizeof(caching_page_default));
4138			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4139			       &caching_page_default,
4140			       sizeof(caching_page_default));
4141			page_index->page_data =
4142				(uint8_t *)lun->mode_pages.caching_page;
4143			break;
4144		}
4145		case SMS_CONTROL_MODE_PAGE: {
4146
4147			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4148				panic("invalid subpage value %d",
4149				      page_index->subpage);
4150
4151			/*
4152			 * Defaults should be okay here, no calculations
4153			 * needed.
4154			 */
4155			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4156			       &control_page_default,
4157			       sizeof(control_page_default));
4158			memcpy(&lun->mode_pages.control_page[
4159			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4160			       sizeof(control_page_changeable));
4161			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4162			       &control_page_default,
4163			       sizeof(control_page_default));
4164			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4165			       &control_page_default,
4166			       sizeof(control_page_default));
4167			page_index->page_data =
4168				(uint8_t *)lun->mode_pages.control_page;
4169			break;
4170
4171		}
4172		case SMS_VENDOR_SPECIFIC_PAGE:{
4173			switch (page_index->subpage) {
4174			case PWR_SUBPAGE_CODE: {
4175				struct copan_power_subpage *current_page,
4176							   *saved_page;
4177
4178				memcpy(&lun->mode_pages.power_subpage[
4179				       CTL_PAGE_CURRENT],
4180				       &power_page_default,
4181				       sizeof(power_page_default));
4182				memcpy(&lun->mode_pages.power_subpage[
4183				       CTL_PAGE_CHANGEABLE],
4184				       &power_page_changeable,
4185				       sizeof(power_page_changeable));
4186				memcpy(&lun->mode_pages.power_subpage[
4187				       CTL_PAGE_DEFAULT],
4188				       &power_page_default,
4189				       sizeof(power_page_default));
4190				memcpy(&lun->mode_pages.power_subpage[
4191				       CTL_PAGE_SAVED],
4192				       &power_page_default,
4193				       sizeof(power_page_default));
4194				page_index->page_data =
4195				    (uint8_t *)lun->mode_pages.power_subpage;
4196
4197				current_page = (struct copan_power_subpage *)
4198					(page_index->page_data +
4199					 (page_index->page_len *
4200					  CTL_PAGE_CURRENT));
4201			        saved_page = (struct copan_power_subpage *)
4202				        (page_index->page_data +
4203					 (page_index->page_len *
4204					  CTL_PAGE_SAVED));
4205				break;
4206			}
4207			case APS_SUBPAGE_CODE: {
4208				struct copan_aps_subpage *current_page,
4209							 *saved_page;
4210
4211				// This gets set multiple times but
4212				// it should always be the same. It's
4213				// only done during init so who cares.
4214				index_to_aps_page = i;
4215
4216				memcpy(&lun->mode_pages.aps_subpage[
4217				       CTL_PAGE_CURRENT],
4218				       &aps_page_default,
4219				       sizeof(aps_page_default));
4220				memcpy(&lun->mode_pages.aps_subpage[
4221				       CTL_PAGE_CHANGEABLE],
4222				       &aps_page_changeable,
4223				       sizeof(aps_page_changeable));
4224				memcpy(&lun->mode_pages.aps_subpage[
4225				       CTL_PAGE_DEFAULT],
4226				       &aps_page_default,
4227				       sizeof(aps_page_default));
4228				memcpy(&lun->mode_pages.aps_subpage[
4229				       CTL_PAGE_SAVED],
4230				       &aps_page_default,
4231				       sizeof(aps_page_default));
4232				page_index->page_data =
4233					(uint8_t *)lun->mode_pages.aps_subpage;
4234
4235				current_page = (struct copan_aps_subpage *)
4236					(page_index->page_data +
4237					 (page_index->page_len *
4238					  CTL_PAGE_CURRENT));
4239				saved_page = (struct copan_aps_subpage *)
4240					(page_index->page_data +
4241					 (page_index->page_len *
4242					  CTL_PAGE_SAVED));
4243				break;
4244			}
4245			case DBGCNF_SUBPAGE_CODE: {
4246				struct copan_debugconf_subpage *current_page,
4247							       *saved_page;
4248
4249				memcpy(&lun->mode_pages.debugconf_subpage[
4250				       CTL_PAGE_CURRENT],
4251				       &debugconf_page_default,
4252				       sizeof(debugconf_page_default));
4253				memcpy(&lun->mode_pages.debugconf_subpage[
4254				       CTL_PAGE_CHANGEABLE],
4255				       &debugconf_page_changeable,
4256				       sizeof(debugconf_page_changeable));
4257				memcpy(&lun->mode_pages.debugconf_subpage[
4258				       CTL_PAGE_DEFAULT],
4259				       &debugconf_page_default,
4260				       sizeof(debugconf_page_default));
4261				memcpy(&lun->mode_pages.debugconf_subpage[
4262				       CTL_PAGE_SAVED],
4263				       &debugconf_page_default,
4264				       sizeof(debugconf_page_default));
4265				page_index->page_data =
4266					(uint8_t *)lun->mode_pages.debugconf_subpage;
4267
4268				current_page = (struct copan_debugconf_subpage *)
4269					(page_index->page_data +
4270					 (page_index->page_len *
4271					  CTL_PAGE_CURRENT));
4272				saved_page = (struct copan_debugconf_subpage *)
4273					(page_index->page_data +
4274					 (page_index->page_len *
4275					  CTL_PAGE_SAVED));
4276				break;
4277			}
4278			default:
4279				panic("invalid subpage value %d",
4280				      page_index->subpage);
4281				break;
4282			}
4283   			break;
4284		}
4285		default:
4286			panic("invalid page value %d",
4287			      page_index->page_code & SMPH_PC_MASK);
4288			break;
4289    	}
4290	}
4291
4292	return (CTL_RETVAL_COMPLETE);
4293}
4294
4295/*
4296 * LUN allocation.
4297 *
4298 * Requirements:
4299 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4300 *   wants us to allocate the LUN and he can block.
4301 * - ctl_softc is always set
4302 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4303 *
4304 * Returns 0 for success, non-zero (errno) for failure.
4305 */
4306static int
4307ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4308	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4309{
4310	struct ctl_lun *nlun, *lun;
4311	struct ctl_port *port;
4312	struct scsi_vpd_id_descriptor *desc;
4313	struct scsi_vpd_id_t10 *t10id;
4314	const char *scsiname, *vendor;
4315	int lun_number, i, lun_malloced;
4316	int devidlen, idlen1, idlen2, len;
4317
4318	if (be_lun == NULL)
4319		return (EINVAL);
4320
4321	/*
4322	 * We currently only support Direct Access or Processor LUN types.
4323	 */
4324	switch (be_lun->lun_type) {
4325	case T_DIRECT:
4326		break;
4327	case T_PROCESSOR:
4328		break;
4329	case T_SEQUENTIAL:
4330	case T_CHANGER:
4331	default:
4332		be_lun->lun_config_status(be_lun->be_lun,
4333					  CTL_LUN_CONFIG_FAILURE);
4334		break;
4335	}
4336	if (ctl_lun == NULL) {
4337		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4338		lun_malloced = 1;
4339	} else {
4340		lun_malloced = 0;
4341		lun = ctl_lun;
4342	}
4343
4344	memset(lun, 0, sizeof(*lun));
4345	if (lun_malloced)
4346		lun->flags = CTL_LUN_MALLOCED;
4347
4348	/* Generate LUN ID. */
4349	devidlen = max(CTL_DEVID_MIN_LEN,
4350	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4351	idlen1 = sizeof(*t10id) + devidlen;
4352	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4353	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4354	if (scsiname != NULL) {
4355		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4356		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4357	}
4358	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4359	    M_CTL, M_WAITOK | M_ZERO);
4360	lun->lun_devid->len = len;
4361	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4362	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4363	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4364	desc->length = idlen1;
4365	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4366	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4367	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4368		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4369	} else {
4370		strncpy(t10id->vendor, vendor,
4371		    min(sizeof(t10id->vendor), strlen(vendor)));
4372	}
4373	strncpy((char *)t10id->vendor_spec_id,
4374	    (char *)be_lun->device_id, devidlen);
4375	if (scsiname != NULL) {
4376		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4377		    desc->length);
4378		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4379		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4380		    SVPD_ID_TYPE_SCSI_NAME;
4381		desc->length = idlen2;
4382		strlcpy(desc->identifier, scsiname, idlen2);
4383	}
4384
4385	mtx_lock(&ctl_softc->ctl_lock);
4386	/*
4387	 * See if the caller requested a particular LUN number.  If so, see
4388	 * if it is available.  Otherwise, allocate the first available LUN.
4389	 */
4390	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4391		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4392		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4393			mtx_unlock(&ctl_softc->ctl_lock);
4394			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4395				printf("ctl: requested LUN ID %d is higher "
4396				       "than CTL_MAX_LUNS - 1 (%d)\n",
4397				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4398			} else {
4399				/*
4400				 * XXX KDM return an error, or just assign
4401				 * another LUN ID in this case??
4402				 */
4403				printf("ctl: requested LUN ID %d is already "
4404				       "in use\n", be_lun->req_lun_id);
4405			}
4406			if (lun->flags & CTL_LUN_MALLOCED)
4407				free(lun, M_CTL);
4408			be_lun->lun_config_status(be_lun->be_lun,
4409						  CTL_LUN_CONFIG_FAILURE);
4410			return (ENOSPC);
4411		}
4412		lun_number = be_lun->req_lun_id;
4413	} else {
4414		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4415		if (lun_number == -1) {
4416			mtx_unlock(&ctl_softc->ctl_lock);
4417			printf("ctl: can't allocate LUN on target %ju, out of "
4418			       "LUNs\n", (uintmax_t)target_id.id);
4419			if (lun->flags & CTL_LUN_MALLOCED)
4420				free(lun, M_CTL);
4421			be_lun->lun_config_status(be_lun->be_lun,
4422						  CTL_LUN_CONFIG_FAILURE);
4423			return (ENOSPC);
4424		}
4425	}
4426	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4427
4428	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4429	lun->target = target_id;
4430	lun->lun = lun_number;
4431	lun->be_lun = be_lun;
4432	/*
4433	 * The processor LUN is always enabled.  Disk LUNs come on line
4434	 * disabled, and must be enabled by the backend.
4435	 */
4436	lun->flags |= CTL_LUN_DISABLED;
4437	lun->backend = be_lun->be;
4438	be_lun->ctl_lun = lun;
4439	be_lun->lun_id = lun_number;
4440	atomic_add_int(&be_lun->be->num_luns, 1);
4441	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4442		lun->flags |= CTL_LUN_STOPPED;
4443
4444	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4445		lun->flags |= CTL_LUN_INOPERABLE;
4446
4447	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4448		lun->flags |= CTL_LUN_PRIMARY_SC;
4449
4450	lun->ctl_softc = ctl_softc;
4451	TAILQ_INIT(&lun->ooa_queue);
4452	TAILQ_INIT(&lun->blocked_queue);
4453	STAILQ_INIT(&lun->error_list);
4454
4455	/*
4456	 * Initialize the mode page index.
4457	 */
4458	ctl_init_page_index(lun);
4459
4460	/*
4461	 * Set the poweron UA for all initiators on this LUN only.
4462	 */
4463	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4464		lun->pending_sense[i].ua_pending = CTL_UA_POWERON;
4465
4466	/*
4467	 * Now, before we insert this lun on the lun list, set the lun
4468	 * inventory changed UA for all other luns.
4469	 */
4470	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4471		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4472			nlun->pending_sense[i].ua_pending |= CTL_UA_LUN_CHANGE;
4473		}
4474	}
4475
4476	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4477
4478	ctl_softc->ctl_luns[lun_number] = lun;
4479
4480	ctl_softc->num_luns++;
4481
4482	/* Setup statistics gathering */
4483	lun->stats.device_type = be_lun->lun_type;
4484	lun->stats.lun_number = lun_number;
4485	if (lun->stats.device_type == T_DIRECT)
4486		lun->stats.blocksize = be_lun->blocksize;
4487	else
4488		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4489	for (i = 0;i < CTL_MAX_PORTS;i++)
4490		lun->stats.ports[i].targ_port = i;
4491
4492	mtx_unlock(&ctl_softc->ctl_lock);
4493
4494	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4495
4496	/*
4497	 * Run through each registered FETD and bring it online if it isn't
4498	 * already.  Enable the target ID if it hasn't been enabled, and
4499	 * enable this particular LUN.
4500	 */
4501	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4502		int retval;
4503
4504		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4505		if (retval != 0) {
4506			printf("ctl_alloc_lun: FETD %s port %d returned error "
4507			       "%d for lun_enable on target %ju lun %d\n",
4508			       port->port_name, port->targ_port, retval,
4509			       (uintmax_t)target_id.id, lun_number);
4510		} else
4511			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4512	}
4513	return (0);
4514}
4515
4516/*
4517 * Delete a LUN.
4518 * Assumptions:
4519 * - LUN has already been marked invalid and any pending I/O has been taken
4520 *   care of.
4521 */
4522static int
4523ctl_free_lun(struct ctl_lun *lun)
4524{
4525	struct ctl_softc *softc;
4526#if 0
4527	struct ctl_port *port;
4528#endif
4529	struct ctl_lun *nlun;
4530	int i;
4531
4532	softc = lun->ctl_softc;
4533
4534	mtx_assert(&softc->ctl_lock, MA_OWNED);
4535
4536	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4537
4538	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4539
4540	softc->ctl_luns[lun->lun] = NULL;
4541
4542	if (!TAILQ_EMPTY(&lun->ooa_queue))
4543		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4544
4545	softc->num_luns--;
4546
4547	/*
4548	 * XXX KDM this scheme only works for a single target/multiple LUN
4549	 * setup.  It needs to be revamped for a multiple target scheme.
4550	 *
4551	 * XXX KDM this results in port->lun_disable() getting called twice,
4552	 * once when ctl_disable_lun() is called, and a second time here.
4553	 * We really need to re-think the LUN disable semantics.  There
4554	 * should probably be several steps/levels to LUN removal:
4555	 *  - disable
4556	 *  - invalidate
4557	 *  - free
4558 	 *
4559	 * Right now we only have a disable method when communicating to
4560	 * the front end ports, at least for individual LUNs.
4561	 */
4562#if 0
4563	STAILQ_FOREACH(port, &softc->port_list, links) {
4564		int retval;
4565
4566		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4567					 lun->lun);
4568		if (retval != 0) {
4569			printf("ctl_free_lun: FETD %s port %d returned error "
4570			       "%d for lun_disable on target %ju lun %jd\n",
4571			       port->port_name, port->targ_port, retval,
4572			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4573		}
4574
4575		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4576			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4577
4578			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4579			if (retval != 0) {
4580				printf("ctl_free_lun: FETD %s port %d "
4581				       "returned error %d for targ_disable on "
4582				       "target %ju\n", port->port_name,
4583				       port->targ_port, retval,
4584				       (uintmax_t)lun->target.id);
4585			} else
4586				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4587
4588			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4589				continue;
4590
4591#if 0
4592			port->port_offline(port->onoff_arg);
4593			port->status &= ~CTL_PORT_STATUS_ONLINE;
4594#endif
4595		}
4596	}
4597#endif
4598
4599	/*
4600	 * Tell the backend to free resources, if this LUN has a backend.
4601	 */
4602	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4603	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4604
4605	mtx_destroy(&lun->lun_lock);
4606	free(lun->lun_devid, M_CTL);
4607	if (lun->flags & CTL_LUN_MALLOCED)
4608		free(lun, M_CTL);
4609
4610	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4611		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4612			nlun->pending_sense[i].ua_pending |= CTL_UA_LUN_CHANGE;
4613		}
4614	}
4615
4616	return (0);
4617}
4618
4619static void
4620ctl_create_lun(struct ctl_be_lun *be_lun)
4621{
4622	struct ctl_softc *ctl_softc;
4623
4624	ctl_softc = control_softc;
4625
4626	/*
4627	 * ctl_alloc_lun() should handle all potential failure cases.
4628	 */
4629	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4630}
4631
4632int
4633ctl_add_lun(struct ctl_be_lun *be_lun)
4634{
4635	struct ctl_softc *ctl_softc = control_softc;
4636
4637	mtx_lock(&ctl_softc->ctl_lock);
4638	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4639	mtx_unlock(&ctl_softc->ctl_lock);
4640	wakeup(&ctl_softc->pending_lun_queue);
4641
4642	return (0);
4643}
4644
4645int
4646ctl_enable_lun(struct ctl_be_lun *be_lun)
4647{
4648	struct ctl_softc *ctl_softc;
4649	struct ctl_port *port, *nport;
4650	struct ctl_lun *lun;
4651	int retval;
4652
4653	ctl_softc = control_softc;
4654
4655	lun = (struct ctl_lun *)be_lun->ctl_lun;
4656
4657	mtx_lock(&ctl_softc->ctl_lock);
4658	mtx_lock(&lun->lun_lock);
4659	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4660		/*
4661		 * eh?  Why did we get called if the LUN is already
4662		 * enabled?
4663		 */
4664		mtx_unlock(&lun->lun_lock);
4665		mtx_unlock(&ctl_softc->ctl_lock);
4666		return (0);
4667	}
4668	lun->flags &= ~CTL_LUN_DISABLED;
4669	mtx_unlock(&lun->lun_lock);
4670
4671	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
4672		nport = STAILQ_NEXT(port, links);
4673
4674		/*
4675		 * Drop the lock while we call the FETD's enable routine.
4676		 * This can lead to a callback into CTL (at least in the
4677		 * case of the internal initiator frontend.
4678		 */
4679		mtx_unlock(&ctl_softc->ctl_lock);
4680		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4681		mtx_lock(&ctl_softc->ctl_lock);
4682		if (retval != 0) {
4683			printf("%s: FETD %s port %d returned error "
4684			       "%d for lun_enable on target %ju lun %jd\n",
4685			       __func__, port->port_name, port->targ_port, retval,
4686			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4687		}
4688#if 0
4689		 else {
4690            /* NOTE:  TODO:  why does lun enable affect port status? */
4691			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4692		}
4693#endif
4694	}
4695
4696	mtx_unlock(&ctl_softc->ctl_lock);
4697
4698	return (0);
4699}
4700
4701int
4702ctl_disable_lun(struct ctl_be_lun *be_lun)
4703{
4704	struct ctl_softc *ctl_softc;
4705	struct ctl_port *port;
4706	struct ctl_lun *lun;
4707	int retval;
4708
4709	ctl_softc = control_softc;
4710
4711	lun = (struct ctl_lun *)be_lun->ctl_lun;
4712
4713	mtx_lock(&ctl_softc->ctl_lock);
4714	mtx_lock(&lun->lun_lock);
4715	if (lun->flags & CTL_LUN_DISABLED) {
4716		mtx_unlock(&lun->lun_lock);
4717		mtx_unlock(&ctl_softc->ctl_lock);
4718		return (0);
4719	}
4720	lun->flags |= CTL_LUN_DISABLED;
4721	mtx_unlock(&lun->lun_lock);
4722
4723	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4724		mtx_unlock(&ctl_softc->ctl_lock);
4725		/*
4726		 * Drop the lock before we call the frontend's disable
4727		 * routine, to avoid lock order reversals.
4728		 *
4729		 * XXX KDM what happens if the frontend list changes while
4730		 * we're traversing it?  It's unlikely, but should be handled.
4731		 */
4732		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4733					 lun->lun);
4734		mtx_lock(&ctl_softc->ctl_lock);
4735		if (retval != 0) {
4736			printf("ctl_alloc_lun: FETD %s port %d returned error "
4737			       "%d for lun_disable on target %ju lun %jd\n",
4738			       port->port_name, port->targ_port, retval,
4739			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4740		}
4741	}
4742
4743	mtx_unlock(&ctl_softc->ctl_lock);
4744
4745	return (0);
4746}
4747
4748int
4749ctl_start_lun(struct ctl_be_lun *be_lun)
4750{
4751	struct ctl_softc *ctl_softc;
4752	struct ctl_lun *lun;
4753
4754	ctl_softc = control_softc;
4755
4756	lun = (struct ctl_lun *)be_lun->ctl_lun;
4757
4758	mtx_lock(&lun->lun_lock);
4759	lun->flags &= ~CTL_LUN_STOPPED;
4760	mtx_unlock(&lun->lun_lock);
4761
4762	return (0);
4763}
4764
4765int
4766ctl_stop_lun(struct ctl_be_lun *be_lun)
4767{
4768	struct ctl_softc *ctl_softc;
4769	struct ctl_lun *lun;
4770
4771	ctl_softc = control_softc;
4772
4773	lun = (struct ctl_lun *)be_lun->ctl_lun;
4774
4775	mtx_lock(&lun->lun_lock);
4776	lun->flags |= CTL_LUN_STOPPED;
4777	mtx_unlock(&lun->lun_lock);
4778
4779	return (0);
4780}
4781
4782int
4783ctl_lun_offline(struct ctl_be_lun *be_lun)
4784{
4785	struct ctl_softc *ctl_softc;
4786	struct ctl_lun *lun;
4787
4788	ctl_softc = control_softc;
4789
4790	lun = (struct ctl_lun *)be_lun->ctl_lun;
4791
4792	mtx_lock(&lun->lun_lock);
4793	lun->flags |= CTL_LUN_OFFLINE;
4794	mtx_unlock(&lun->lun_lock);
4795
4796	return (0);
4797}
4798
4799int
4800ctl_lun_online(struct ctl_be_lun *be_lun)
4801{
4802	struct ctl_softc *ctl_softc;
4803	struct ctl_lun *lun;
4804
4805	ctl_softc = control_softc;
4806
4807	lun = (struct ctl_lun *)be_lun->ctl_lun;
4808
4809	mtx_lock(&lun->lun_lock);
4810	lun->flags &= ~CTL_LUN_OFFLINE;
4811	mtx_unlock(&lun->lun_lock);
4812
4813	return (0);
4814}
4815
4816int
4817ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4818{
4819	struct ctl_softc *ctl_softc;
4820	struct ctl_lun *lun;
4821
4822	ctl_softc = control_softc;
4823
4824	lun = (struct ctl_lun *)be_lun->ctl_lun;
4825
4826	mtx_lock(&lun->lun_lock);
4827
4828	/*
4829	 * The LUN needs to be disabled before it can be marked invalid.
4830	 */
4831	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4832		mtx_unlock(&lun->lun_lock);
4833		return (-1);
4834	}
4835	/*
4836	 * Mark the LUN invalid.
4837	 */
4838	lun->flags |= CTL_LUN_INVALID;
4839
4840	/*
4841	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4842	 * If we have something in the OOA queue, we'll free it when the
4843	 * last I/O completes.
4844	 */
4845	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4846		mtx_unlock(&lun->lun_lock);
4847		mtx_lock(&ctl_softc->ctl_lock);
4848		ctl_free_lun(lun);
4849		mtx_unlock(&ctl_softc->ctl_lock);
4850	} else
4851		mtx_unlock(&lun->lun_lock);
4852
4853	return (0);
4854}
4855
4856int
4857ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4858{
4859	struct ctl_softc *ctl_softc;
4860	struct ctl_lun *lun;
4861
4862	ctl_softc = control_softc;
4863	lun = (struct ctl_lun *)be_lun->ctl_lun;
4864
4865	mtx_lock(&lun->lun_lock);
4866	lun->flags |= CTL_LUN_INOPERABLE;
4867	mtx_unlock(&lun->lun_lock);
4868
4869	return (0);
4870}
4871
4872int
4873ctl_lun_operable(struct ctl_be_lun *be_lun)
4874{
4875	struct ctl_softc *ctl_softc;
4876	struct ctl_lun *lun;
4877
4878	ctl_softc = control_softc;
4879	lun = (struct ctl_lun *)be_lun->ctl_lun;
4880
4881	mtx_lock(&lun->lun_lock);
4882	lun->flags &= ~CTL_LUN_INOPERABLE;
4883	mtx_unlock(&lun->lun_lock);
4884
4885	return (0);
4886}
4887
4888int
4889ctl_lun_power_lock(struct ctl_be_lun *be_lun, struct ctl_nexus *nexus,
4890		   int lock)
4891{
4892	struct ctl_softc *softc;
4893	struct ctl_lun *lun;
4894	struct copan_aps_subpage *current_sp;
4895	struct ctl_page_index *page_index;
4896	int i;
4897
4898	softc = control_softc;
4899
4900	mtx_lock(&softc->ctl_lock);
4901
4902	lun = (struct ctl_lun *)be_lun->ctl_lun;
4903	mtx_lock(&lun->lun_lock);
4904
4905	page_index = NULL;
4906	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4907		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
4908		     APS_PAGE_CODE)
4909			continue;
4910
4911		if (lun->mode_pages.index[i].subpage != APS_SUBPAGE_CODE)
4912			continue;
4913		page_index = &lun->mode_pages.index[i];
4914	}
4915
4916	if (page_index == NULL) {
4917		mtx_unlock(&lun->lun_lock);
4918		mtx_unlock(&softc->ctl_lock);
4919		printf("%s: APS subpage not found for lun %ju!\n", __func__,
4920		       (uintmax_t)lun->lun);
4921		return (1);
4922	}
4923#if 0
4924	if ((softc->aps_locked_lun != 0)
4925	 && (softc->aps_locked_lun != lun->lun)) {
4926		printf("%s: attempt to lock LUN %llu when %llu is already "
4927		       "locked\n");
4928		mtx_unlock(&lun->lun_lock);
4929		mtx_unlock(&softc->ctl_lock);
4930		return (1);
4931	}
4932#endif
4933
4934	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
4935		(page_index->page_len * CTL_PAGE_CURRENT));
4936
4937	if (lock != 0) {
4938		current_sp->lock_active = APS_LOCK_ACTIVE;
4939		softc->aps_locked_lun = lun->lun;
4940	} else {
4941		current_sp->lock_active = 0;
4942		softc->aps_locked_lun = 0;
4943	}
4944
4945
4946	/*
4947	 * If we're in HA mode, try to send the lock message to the other
4948	 * side.
4949	 */
4950	if (ctl_is_single == 0) {
4951		int isc_retval;
4952		union ctl_ha_msg lock_msg;
4953
4954		lock_msg.hdr.nexus = *nexus;
4955		lock_msg.hdr.msg_type = CTL_MSG_APS_LOCK;
4956		if (lock != 0)
4957			lock_msg.aps.lock_flag = 1;
4958		else
4959			lock_msg.aps.lock_flag = 0;
4960		isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &lock_msg,
4961					 sizeof(lock_msg), 0);
4962		if (isc_retval > CTL_HA_STATUS_SUCCESS) {
4963			printf("%s: APS (lock=%d) error returned from "
4964			       "ctl_ha_msg_send: %d\n", __func__, lock, isc_retval);
4965			mtx_unlock(&lun->lun_lock);
4966			mtx_unlock(&softc->ctl_lock);
4967			return (1);
4968		}
4969	}
4970
4971	mtx_unlock(&lun->lun_lock);
4972	mtx_unlock(&softc->ctl_lock);
4973
4974	return (0);
4975}
4976
4977void
4978ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4979{
4980	struct ctl_lun *lun;
4981	struct ctl_softc *softc;
4982	int i;
4983
4984	softc = control_softc;
4985
4986	lun = (struct ctl_lun *)be_lun->ctl_lun;
4987
4988	mtx_lock(&lun->lun_lock);
4989
4990	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4991		lun->pending_sense[i].ua_pending |= CTL_UA_CAPACITY_CHANGED;
4992
4993	mtx_unlock(&lun->lun_lock);
4994}
4995
4996/*
4997 * Backend "memory move is complete" callback for requests that never
4998 * make it down to say RAIDCore's configuration code.
4999 */
5000int
5001ctl_config_move_done(union ctl_io *io)
5002{
5003	int retval;
5004
5005	retval = CTL_RETVAL_COMPLETE;
5006
5007
5008	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5009	/*
5010	 * XXX KDM this shouldn't happen, but what if it does?
5011	 */
5012	if (io->io_hdr.io_type != CTL_IO_SCSI)
5013		panic("I/O type isn't CTL_IO_SCSI!");
5014
5015	if ((io->io_hdr.port_status == 0)
5016	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5017	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
5018		io->io_hdr.status = CTL_SUCCESS;
5019	else if ((io->io_hdr.port_status != 0)
5020	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5021	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
5022		/*
5023		 * For hardware error sense keys, the sense key
5024		 * specific value is defined to be a retry count,
5025		 * but we use it to pass back an internal FETD
5026		 * error code.  XXX KDM  Hopefully the FETD is only
5027		 * using 16 bits for an error code, since that's
5028		 * all the space we have in the sks field.
5029		 */
5030		ctl_set_internal_failure(&io->scsiio,
5031					 /*sks_valid*/ 1,
5032					 /*retry_count*/
5033					 io->io_hdr.port_status);
5034		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5035			free(io->scsiio.kern_data_ptr, M_CTL);
5036		ctl_done(io);
5037		goto bailout;
5038	}
5039
5040	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
5041	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
5042	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5043		/*
5044		 * XXX KDM just assuming a single pointer here, and not a
5045		 * S/G list.  If we start using S/G lists for config data,
5046		 * we'll need to know how to clean them up here as well.
5047		 */
5048		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5049			free(io->scsiio.kern_data_ptr, M_CTL);
5050		/* Hopefully the user has already set the status... */
5051		ctl_done(io);
5052	} else {
5053		/*
5054		 * XXX KDM now we need to continue data movement.  Some
5055		 * options:
5056		 * - call ctl_scsiio() again?  We don't do this for data
5057		 *   writes, because for those at least we know ahead of
5058		 *   time where the write will go and how long it is.  For
5059		 *   config writes, though, that information is largely
5060		 *   contained within the write itself, thus we need to
5061		 *   parse out the data again.
5062		 *
5063		 * - Call some other function once the data is in?
5064		 */
5065
5066		/*
5067		 * XXX KDM call ctl_scsiio() again for now, and check flag
5068		 * bits to see whether we're allocated or not.
5069		 */
5070		retval = ctl_scsiio(&io->scsiio);
5071	}
5072bailout:
5073	return (retval);
5074}
5075
5076/*
5077 * This gets called by a backend driver when it is done with a
5078 * data_submit method.
5079 */
5080void
5081ctl_data_submit_done(union ctl_io *io)
5082{
5083	/*
5084	 * If the IO_CONT flag is set, we need to call the supplied
5085	 * function to continue processing the I/O, instead of completing
5086	 * the I/O just yet.
5087	 *
5088	 * If there is an error, though, we don't want to keep processing.
5089	 * Instead, just send status back to the initiator.
5090	 */
5091	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5092	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5093	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5094	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5095		io->scsiio.io_cont(io);
5096		return;
5097	}
5098	ctl_done(io);
5099}
5100
5101/*
5102 * This gets called by a backend driver when it is done with a
5103 * configuration write.
5104 */
5105void
5106ctl_config_write_done(union ctl_io *io)
5107{
5108	/*
5109	 * If the IO_CONT flag is set, we need to call the supplied
5110	 * function to continue processing the I/O, instead of completing
5111	 * the I/O just yet.
5112	 *
5113	 * If there is an error, though, we don't want to keep processing.
5114	 * Instead, just send status back to the initiator.
5115	 */
5116	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT)
5117	 && (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)
5118	  || ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))) {
5119		io->scsiio.io_cont(io);
5120		return;
5121	}
5122	/*
5123	 * Since a configuration write can be done for commands that actually
5124	 * have data allocated, like write buffer, and commands that have
5125	 * no data, like start/stop unit, we need to check here.
5126	 */
5127	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
5128		free(io->scsiio.kern_data_ptr, M_CTL);
5129	ctl_done(io);
5130}
5131
5132/*
5133 * SCSI release command.
5134 */
5135int
5136ctl_scsi_release(struct ctl_scsiio *ctsio)
5137{
5138	int length, longid, thirdparty_id, resv_id;
5139	struct ctl_softc *ctl_softc;
5140	struct ctl_lun *lun;
5141
5142	length = 0;
5143	resv_id = 0;
5144
5145	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5146
5147	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5148	ctl_softc = control_softc;
5149
5150	switch (ctsio->cdb[0]) {
5151	case RELEASE_10: {
5152		struct scsi_release_10 *cdb;
5153
5154		cdb = (struct scsi_release_10 *)ctsio->cdb;
5155
5156		if (cdb->byte2 & SR10_LONGID)
5157			longid = 1;
5158		else
5159			thirdparty_id = cdb->thirdparty_id;
5160
5161		resv_id = cdb->resv_id;
5162		length = scsi_2btoul(cdb->length);
5163		break;
5164	}
5165	}
5166
5167
5168	/*
5169	 * XXX KDM right now, we only support LUN reservation.  We don't
5170	 * support 3rd party reservations, or extent reservations, which
5171	 * might actually need the parameter list.  If we've gotten this
5172	 * far, we've got a LUN reservation.  Anything else got kicked out
5173	 * above.  So, according to SPC, ignore the length.
5174	 */
5175	length = 0;
5176
5177	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5178	 && (length > 0)) {
5179		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5180		ctsio->kern_data_len = length;
5181		ctsio->kern_total_len = length;
5182		ctsio->kern_data_resid = 0;
5183		ctsio->kern_rel_offset = 0;
5184		ctsio->kern_sg_entries = 0;
5185		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5186		ctsio->be_move_done = ctl_config_move_done;
5187		ctl_datamove((union ctl_io *)ctsio);
5188
5189		return (CTL_RETVAL_COMPLETE);
5190	}
5191
5192	if (length > 0)
5193		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5194
5195	mtx_lock(&lun->lun_lock);
5196
5197	/*
5198	 * According to SPC, it is not an error for an intiator to attempt
5199	 * to release a reservation on a LUN that isn't reserved, or that
5200	 * is reserved by another initiator.  The reservation can only be
5201	 * released, though, by the initiator who made it or by one of
5202	 * several reset type events.
5203	 */
5204	if (lun->flags & CTL_LUN_RESERVED) {
5205		if ((ctsio->io_hdr.nexus.initid.id == lun->rsv_nexus.initid.id)
5206		 && (ctsio->io_hdr.nexus.targ_port == lun->rsv_nexus.targ_port)
5207		 && (ctsio->io_hdr.nexus.targ_target.id ==
5208		     lun->rsv_nexus.targ_target.id)) {
5209			lun->flags &= ~CTL_LUN_RESERVED;
5210		}
5211	}
5212
5213	mtx_unlock(&lun->lun_lock);
5214
5215	ctsio->scsi_status = SCSI_STATUS_OK;
5216	ctsio->io_hdr.status = CTL_SUCCESS;
5217
5218	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5219		free(ctsio->kern_data_ptr, M_CTL);
5220		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5221	}
5222
5223	ctl_done((union ctl_io *)ctsio);
5224	return (CTL_RETVAL_COMPLETE);
5225}
5226
5227int
5228ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5229{
5230	int extent, thirdparty, longid;
5231	int resv_id, length;
5232	uint64_t thirdparty_id;
5233	struct ctl_softc *ctl_softc;
5234	struct ctl_lun *lun;
5235
5236	extent = 0;
5237	thirdparty = 0;
5238	longid = 0;
5239	resv_id = 0;
5240	length = 0;
5241	thirdparty_id = 0;
5242
5243	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5244
5245	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5246	ctl_softc = control_softc;
5247
5248	switch (ctsio->cdb[0]) {
5249	case RESERVE_10: {
5250		struct scsi_reserve_10 *cdb;
5251
5252		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5253
5254		if (cdb->byte2 & SR10_LONGID)
5255			longid = 1;
5256		else
5257			thirdparty_id = cdb->thirdparty_id;
5258
5259		resv_id = cdb->resv_id;
5260		length = scsi_2btoul(cdb->length);
5261		break;
5262	}
5263	}
5264
5265	/*
5266	 * XXX KDM right now, we only support LUN reservation.  We don't
5267	 * support 3rd party reservations, or extent reservations, which
5268	 * might actually need the parameter list.  If we've gotten this
5269	 * far, we've got a LUN reservation.  Anything else got kicked out
5270	 * above.  So, according to SPC, ignore the length.
5271	 */
5272	length = 0;
5273
5274	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5275	 && (length > 0)) {
5276		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5277		ctsio->kern_data_len = length;
5278		ctsio->kern_total_len = length;
5279		ctsio->kern_data_resid = 0;
5280		ctsio->kern_rel_offset = 0;
5281		ctsio->kern_sg_entries = 0;
5282		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5283		ctsio->be_move_done = ctl_config_move_done;
5284		ctl_datamove((union ctl_io *)ctsio);
5285
5286		return (CTL_RETVAL_COMPLETE);
5287	}
5288
5289	if (length > 0)
5290		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5291
5292	mtx_lock(&lun->lun_lock);
5293	if (lun->flags & CTL_LUN_RESERVED) {
5294		if ((ctsio->io_hdr.nexus.initid.id != lun->rsv_nexus.initid.id)
5295		 || (ctsio->io_hdr.nexus.targ_port != lun->rsv_nexus.targ_port)
5296		 || (ctsio->io_hdr.nexus.targ_target.id !=
5297		     lun->rsv_nexus.targ_target.id)) {
5298			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
5299			ctsio->io_hdr.status = CTL_SCSI_ERROR;
5300			goto bailout;
5301		}
5302	}
5303
5304	lun->flags |= CTL_LUN_RESERVED;
5305	lun->rsv_nexus = ctsio->io_hdr.nexus;
5306
5307	ctsio->scsi_status = SCSI_STATUS_OK;
5308	ctsio->io_hdr.status = CTL_SUCCESS;
5309
5310bailout:
5311	mtx_unlock(&lun->lun_lock);
5312
5313	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5314		free(ctsio->kern_data_ptr, M_CTL);
5315		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5316	}
5317
5318	ctl_done((union ctl_io *)ctsio);
5319	return (CTL_RETVAL_COMPLETE);
5320}
5321
5322int
5323ctl_start_stop(struct ctl_scsiio *ctsio)
5324{
5325	struct scsi_start_stop_unit *cdb;
5326	struct ctl_lun *lun;
5327	struct ctl_softc *ctl_softc;
5328	int retval;
5329
5330	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5331
5332	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5333	ctl_softc = control_softc;
5334	retval = 0;
5335
5336	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5337
5338	/*
5339	 * XXX KDM
5340	 * We don't support the immediate bit on a stop unit.  In order to
5341	 * do that, we would need to code up a way to know that a stop is
5342	 * pending, and hold off any new commands until it completes, one
5343	 * way or another.  Then we could accept or reject those commands
5344	 * depending on its status.  We would almost need to do the reverse
5345	 * of what we do below for an immediate start -- return the copy of
5346	 * the ctl_io to the FETD with status to send to the host (and to
5347	 * free the copy!) and then free the original I/O once the stop
5348	 * actually completes.  That way, the OOA queue mechanism can work
5349	 * to block commands that shouldn't proceed.  Another alternative
5350	 * would be to put the copy in the queue in place of the original,
5351	 * and return the original back to the caller.  That could be
5352	 * slightly safer..
5353	 */
5354	if ((cdb->byte2 & SSS_IMMED)
5355	 && ((cdb->how & SSS_START) == 0)) {
5356		ctl_set_invalid_field(ctsio,
5357				      /*sks_valid*/ 1,
5358				      /*command*/ 1,
5359				      /*field*/ 1,
5360				      /*bit_valid*/ 1,
5361				      /*bit*/ 0);
5362		ctl_done((union ctl_io *)ctsio);
5363		return (CTL_RETVAL_COMPLETE);
5364	}
5365
5366	if ((lun->flags & CTL_LUN_PR_RESERVED)
5367	 && ((cdb->how & SSS_START)==0)) {
5368		uint32_t residx;
5369
5370		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5371		if (!lun->per_res[residx].registered
5372		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5373
5374			ctl_set_reservation_conflict(ctsio);
5375			ctl_done((union ctl_io *)ctsio);
5376			return (CTL_RETVAL_COMPLETE);
5377		}
5378	}
5379
5380	/*
5381	 * If there is no backend on this device, we can't start or stop
5382	 * it.  In theory we shouldn't get any start/stop commands in the
5383	 * first place at this level if the LUN doesn't have a backend.
5384	 * That should get stopped by the command decode code.
5385	 */
5386	if (lun->backend == NULL) {
5387		ctl_set_invalid_opcode(ctsio);
5388		ctl_done((union ctl_io *)ctsio);
5389		return (CTL_RETVAL_COMPLETE);
5390	}
5391
5392	/*
5393	 * XXX KDM Copan-specific offline behavior.
5394	 * Figure out a reasonable way to port this?
5395	 */
5396#ifdef NEEDTOPORT
5397	mtx_lock(&lun->lun_lock);
5398
5399	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5400	 && (lun->flags & CTL_LUN_OFFLINE)) {
5401		/*
5402		 * If the LUN is offline, and the on/offline bit isn't set,
5403		 * reject the start or stop.  Otherwise, let it through.
5404		 */
5405		mtx_unlock(&lun->lun_lock);
5406		ctl_set_lun_not_ready(ctsio);
5407		ctl_done((union ctl_io *)ctsio);
5408	} else {
5409		mtx_unlock(&lun->lun_lock);
5410#endif /* NEEDTOPORT */
5411		/*
5412		 * This could be a start or a stop when we're online,
5413		 * or a stop/offline or start/online.  A start or stop when
5414		 * we're offline is covered in the case above.
5415		 */
5416		/*
5417		 * In the non-immediate case, we send the request to
5418		 * the backend and return status to the user when
5419		 * it is done.
5420		 *
5421		 * In the immediate case, we allocate a new ctl_io
5422		 * to hold a copy of the request, and send that to
5423		 * the backend.  We then set good status on the
5424		 * user's request and return it immediately.
5425		 */
5426		if (cdb->byte2 & SSS_IMMED) {
5427			union ctl_io *new_io;
5428
5429			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5430			if (new_io == NULL) {
5431				ctl_set_busy(ctsio);
5432				ctl_done((union ctl_io *)ctsio);
5433			} else {
5434				ctl_copy_io((union ctl_io *)ctsio,
5435					    new_io);
5436				retval = lun->backend->config_write(new_io);
5437				ctl_set_success(ctsio);
5438				ctl_done((union ctl_io *)ctsio);
5439			}
5440		} else {
5441			retval = lun->backend->config_write(
5442				(union ctl_io *)ctsio);
5443		}
5444#ifdef NEEDTOPORT
5445	}
5446#endif
5447	return (retval);
5448}
5449
5450/*
5451 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5452 * we don't really do anything with the LBA and length fields if the user
5453 * passes them in.  Instead we'll just flush out the cache for the entire
5454 * LUN.
5455 */
5456int
5457ctl_sync_cache(struct ctl_scsiio *ctsio)
5458{
5459	struct ctl_lun *lun;
5460	struct ctl_softc *ctl_softc;
5461	uint64_t starting_lba;
5462	uint32_t block_count;
5463	int retval;
5464
5465	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5466
5467	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5468	ctl_softc = control_softc;
5469	retval = 0;
5470
5471	switch (ctsio->cdb[0]) {
5472	case SYNCHRONIZE_CACHE: {
5473		struct scsi_sync_cache *cdb;
5474		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5475
5476		starting_lba = scsi_4btoul(cdb->begin_lba);
5477		block_count = scsi_2btoul(cdb->lb_count);
5478		break;
5479	}
5480	case SYNCHRONIZE_CACHE_16: {
5481		struct scsi_sync_cache_16 *cdb;
5482		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5483
5484		starting_lba = scsi_8btou64(cdb->begin_lba);
5485		block_count = scsi_4btoul(cdb->lb_count);
5486		break;
5487	}
5488	default:
5489		ctl_set_invalid_opcode(ctsio);
5490		ctl_done((union ctl_io *)ctsio);
5491		goto bailout;
5492		break; /* NOTREACHED */
5493	}
5494
5495	/*
5496	 * We check the LBA and length, but don't do anything with them.
5497	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5498	 * get flushed.  This check will just help satisfy anyone who wants
5499	 * to see an error for an out of range LBA.
5500	 */
5501	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5502		ctl_set_lba_out_of_range(ctsio);
5503		ctl_done((union ctl_io *)ctsio);
5504		goto bailout;
5505	}
5506
5507	/*
5508	 * If this LUN has no backend, we can't flush the cache anyway.
5509	 */
5510	if (lun->backend == NULL) {
5511		ctl_set_invalid_opcode(ctsio);
5512		ctl_done((union ctl_io *)ctsio);
5513		goto bailout;
5514	}
5515
5516	/*
5517	 * Check to see whether we're configured to send the SYNCHRONIZE
5518	 * CACHE command directly to the back end.
5519	 */
5520	mtx_lock(&lun->lun_lock);
5521	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5522	 && (++(lun->sync_count) >= lun->sync_interval)) {
5523		lun->sync_count = 0;
5524		mtx_unlock(&lun->lun_lock);
5525		retval = lun->backend->config_write((union ctl_io *)ctsio);
5526	} else {
5527		mtx_unlock(&lun->lun_lock);
5528		ctl_set_success(ctsio);
5529		ctl_done((union ctl_io *)ctsio);
5530	}
5531
5532bailout:
5533
5534	return (retval);
5535}
5536
5537int
5538ctl_format(struct ctl_scsiio *ctsio)
5539{
5540	struct scsi_format *cdb;
5541	struct ctl_lun *lun;
5542	struct ctl_softc *ctl_softc;
5543	int length, defect_list_len;
5544
5545	CTL_DEBUG_PRINT(("ctl_format\n"));
5546
5547	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5548	ctl_softc = control_softc;
5549
5550	cdb = (struct scsi_format *)ctsio->cdb;
5551
5552	length = 0;
5553	if (cdb->byte2 & SF_FMTDATA) {
5554		if (cdb->byte2 & SF_LONGLIST)
5555			length = sizeof(struct scsi_format_header_long);
5556		else
5557			length = sizeof(struct scsi_format_header_short);
5558	}
5559
5560	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5561	 && (length > 0)) {
5562		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5563		ctsio->kern_data_len = length;
5564		ctsio->kern_total_len = length;
5565		ctsio->kern_data_resid = 0;
5566		ctsio->kern_rel_offset = 0;
5567		ctsio->kern_sg_entries = 0;
5568		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5569		ctsio->be_move_done = ctl_config_move_done;
5570		ctl_datamove((union ctl_io *)ctsio);
5571
5572		return (CTL_RETVAL_COMPLETE);
5573	}
5574
5575	defect_list_len = 0;
5576
5577	if (cdb->byte2 & SF_FMTDATA) {
5578		if (cdb->byte2 & SF_LONGLIST) {
5579			struct scsi_format_header_long *header;
5580
5581			header = (struct scsi_format_header_long *)
5582				ctsio->kern_data_ptr;
5583
5584			defect_list_len = scsi_4btoul(header->defect_list_len);
5585			if (defect_list_len != 0) {
5586				ctl_set_invalid_field(ctsio,
5587						      /*sks_valid*/ 1,
5588						      /*command*/ 0,
5589						      /*field*/ 2,
5590						      /*bit_valid*/ 0,
5591						      /*bit*/ 0);
5592				goto bailout;
5593			}
5594		} else {
5595			struct scsi_format_header_short *header;
5596
5597			header = (struct scsi_format_header_short *)
5598				ctsio->kern_data_ptr;
5599
5600			defect_list_len = scsi_2btoul(header->defect_list_len);
5601			if (defect_list_len != 0) {
5602				ctl_set_invalid_field(ctsio,
5603						      /*sks_valid*/ 1,
5604						      /*command*/ 0,
5605						      /*field*/ 2,
5606						      /*bit_valid*/ 0,
5607						      /*bit*/ 0);
5608				goto bailout;
5609			}
5610		}
5611	}
5612
5613	/*
5614	 * The format command will clear out the "Medium format corrupted"
5615	 * status if set by the configuration code.  That status is really
5616	 * just a way to notify the host that we have lost the media, and
5617	 * get them to issue a command that will basically make them think
5618	 * they're blowing away the media.
5619	 */
5620	mtx_lock(&lun->lun_lock);
5621	lun->flags &= ~CTL_LUN_INOPERABLE;
5622	mtx_unlock(&lun->lun_lock);
5623
5624	ctsio->scsi_status = SCSI_STATUS_OK;
5625	ctsio->io_hdr.status = CTL_SUCCESS;
5626bailout:
5627
5628	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5629		free(ctsio->kern_data_ptr, M_CTL);
5630		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5631	}
5632
5633	ctl_done((union ctl_io *)ctsio);
5634	return (CTL_RETVAL_COMPLETE);
5635}
5636
5637int
5638ctl_read_buffer(struct ctl_scsiio *ctsio)
5639{
5640	struct scsi_read_buffer *cdb;
5641	struct ctl_lun *lun;
5642	int buffer_offset, len;
5643	static uint8_t descr[4];
5644	static uint8_t echo_descr[4] = { 0 };
5645
5646	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5647
5648	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5649	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5650
5651	if (lun->flags & CTL_LUN_PR_RESERVED) {
5652		uint32_t residx;
5653
5654		/*
5655		 * XXX KDM need a lock here.
5656		 */
5657		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5658		if ((lun->res_type == SPR_TYPE_EX_AC
5659		  && residx != lun->pr_res_idx)
5660		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
5661		   || lun->res_type == SPR_TYPE_EX_AC_AR)
5662		  && !lun->per_res[residx].registered)) {
5663			ctl_set_reservation_conflict(ctsio);
5664			ctl_done((union ctl_io *)ctsio);
5665			return (CTL_RETVAL_COMPLETE);
5666	        }
5667	}
5668
5669	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5670	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5671	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5672		ctl_set_invalid_field(ctsio,
5673				      /*sks_valid*/ 1,
5674				      /*command*/ 1,
5675				      /*field*/ 1,
5676				      /*bit_valid*/ 1,
5677				      /*bit*/ 4);
5678		ctl_done((union ctl_io *)ctsio);
5679		return (CTL_RETVAL_COMPLETE);
5680	}
5681
5682	len = scsi_3btoul(cdb->length);
5683	buffer_offset = scsi_3btoul(cdb->offset);
5684
5685	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5686		ctl_set_invalid_field(ctsio,
5687				      /*sks_valid*/ 1,
5688				      /*command*/ 1,
5689				      /*field*/ 6,
5690				      /*bit_valid*/ 0,
5691				      /*bit*/ 0);
5692		ctl_done((union ctl_io *)ctsio);
5693		return (CTL_RETVAL_COMPLETE);
5694	}
5695
5696	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5697		descr[0] = 0;
5698		scsi_ulto3b(sizeof(lun->write_buffer), &descr[1]);
5699		ctsio->kern_data_ptr = descr;
5700		len = min(len, sizeof(descr));
5701	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5702		ctsio->kern_data_ptr = echo_descr;
5703		len = min(len, sizeof(echo_descr));
5704	} else
5705		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5706	ctsio->kern_data_len = len;
5707	ctsio->kern_total_len = len;
5708	ctsio->kern_data_resid = 0;
5709	ctsio->kern_rel_offset = 0;
5710	ctsio->kern_sg_entries = 0;
5711	ctsio->be_move_done = ctl_config_move_done;
5712	ctl_datamove((union ctl_io *)ctsio);
5713
5714	return (CTL_RETVAL_COMPLETE);
5715}
5716
5717int
5718ctl_write_buffer(struct ctl_scsiio *ctsio)
5719{
5720	struct scsi_write_buffer *cdb;
5721	struct ctl_lun *lun;
5722	int buffer_offset, len;
5723
5724	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5725
5726	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5727	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5728
5729	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5730		ctl_set_invalid_field(ctsio,
5731				      /*sks_valid*/ 1,
5732				      /*command*/ 1,
5733				      /*field*/ 1,
5734				      /*bit_valid*/ 1,
5735				      /*bit*/ 4);
5736		ctl_done((union ctl_io *)ctsio);
5737		return (CTL_RETVAL_COMPLETE);
5738	}
5739
5740	len = scsi_3btoul(cdb->length);
5741	buffer_offset = scsi_3btoul(cdb->offset);
5742
5743	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5744		ctl_set_invalid_field(ctsio,
5745				      /*sks_valid*/ 1,
5746				      /*command*/ 1,
5747				      /*field*/ 6,
5748				      /*bit_valid*/ 0,
5749				      /*bit*/ 0);
5750		ctl_done((union ctl_io *)ctsio);
5751		return (CTL_RETVAL_COMPLETE);
5752	}
5753
5754	/*
5755	 * If we've got a kernel request that hasn't been malloced yet,
5756	 * malloc it and tell the caller the data buffer is here.
5757	 */
5758	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5759		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5760		ctsio->kern_data_len = len;
5761		ctsio->kern_total_len = len;
5762		ctsio->kern_data_resid = 0;
5763		ctsio->kern_rel_offset = 0;
5764		ctsio->kern_sg_entries = 0;
5765		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5766		ctsio->be_move_done = ctl_config_move_done;
5767		ctl_datamove((union ctl_io *)ctsio);
5768
5769		return (CTL_RETVAL_COMPLETE);
5770	}
5771
5772	ctl_done((union ctl_io *)ctsio);
5773
5774	return (CTL_RETVAL_COMPLETE);
5775}
5776
5777int
5778ctl_write_same(struct ctl_scsiio *ctsio)
5779{
5780	struct ctl_lun *lun;
5781	struct ctl_lba_len_flags *lbalen;
5782	uint64_t lba;
5783	uint32_t num_blocks;
5784	int len, retval;
5785	uint8_t byte2;
5786
5787	retval = CTL_RETVAL_COMPLETE;
5788
5789	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5790
5791	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5792
5793	switch (ctsio->cdb[0]) {
5794	case WRITE_SAME_10: {
5795		struct scsi_write_same_10 *cdb;
5796
5797		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5798
5799		lba = scsi_4btoul(cdb->addr);
5800		num_blocks = scsi_2btoul(cdb->length);
5801		byte2 = cdb->byte2;
5802		break;
5803	}
5804	case WRITE_SAME_16: {
5805		struct scsi_write_same_16 *cdb;
5806
5807		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5808
5809		lba = scsi_8btou64(cdb->addr);
5810		num_blocks = scsi_4btoul(cdb->length);
5811		byte2 = cdb->byte2;
5812		break;
5813	}
5814	default:
5815		/*
5816		 * We got a command we don't support.  This shouldn't
5817		 * happen, commands should be filtered out above us.
5818		 */
5819		ctl_set_invalid_opcode(ctsio);
5820		ctl_done((union ctl_io *)ctsio);
5821
5822		return (CTL_RETVAL_COMPLETE);
5823		break; /* NOTREACHED */
5824	}
5825
5826	/*
5827	 * The first check is to make sure we're in bounds, the second
5828	 * check is to catch wrap-around problems.  If the lba + num blocks
5829	 * is less than the lba, then we've wrapped around and the block
5830	 * range is invalid anyway.
5831	 */
5832	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5833	 || ((lba + num_blocks) < lba)) {
5834		ctl_set_lba_out_of_range(ctsio);
5835		ctl_done((union ctl_io *)ctsio);
5836		return (CTL_RETVAL_COMPLETE);
5837	}
5838
5839	/* Zero number of blocks means "to the last logical block" */
5840	if (num_blocks == 0) {
5841		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5842			ctl_set_invalid_field(ctsio,
5843					      /*sks_valid*/ 0,
5844					      /*command*/ 1,
5845					      /*field*/ 0,
5846					      /*bit_valid*/ 0,
5847					      /*bit*/ 0);
5848			ctl_done((union ctl_io *)ctsio);
5849			return (CTL_RETVAL_COMPLETE);
5850		}
5851		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5852	}
5853
5854	len = lun->be_lun->blocksize;
5855
5856	/*
5857	 * If we've got a kernel request that hasn't been malloced yet,
5858	 * malloc it and tell the caller the data buffer is here.
5859	 */
5860	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5861		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5862		ctsio->kern_data_len = len;
5863		ctsio->kern_total_len = len;
5864		ctsio->kern_data_resid = 0;
5865		ctsio->kern_rel_offset = 0;
5866		ctsio->kern_sg_entries = 0;
5867		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5868		ctsio->be_move_done = ctl_config_move_done;
5869		ctl_datamove((union ctl_io *)ctsio);
5870
5871		return (CTL_RETVAL_COMPLETE);
5872	}
5873
5874	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5875	lbalen->lba = lba;
5876	lbalen->len = num_blocks;
5877	lbalen->flags = byte2;
5878	retval = lun->backend->config_write((union ctl_io *)ctsio);
5879
5880	return (retval);
5881}
5882
5883int
5884ctl_unmap(struct ctl_scsiio *ctsio)
5885{
5886	struct ctl_lun *lun;
5887	struct scsi_unmap *cdb;
5888	struct ctl_ptr_len_flags *ptrlen;
5889	struct scsi_unmap_header *hdr;
5890	struct scsi_unmap_desc *buf, *end;
5891	uint64_t lba;
5892	uint32_t num_blocks;
5893	int len, retval;
5894	uint8_t byte2;
5895
5896	retval = CTL_RETVAL_COMPLETE;
5897
5898	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5899
5900	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5901	cdb = (struct scsi_unmap *)ctsio->cdb;
5902
5903	len = scsi_2btoul(cdb->length);
5904	byte2 = cdb->byte2;
5905
5906	/*
5907	 * If we've got a kernel request that hasn't been malloced yet,
5908	 * malloc it and tell the caller the data buffer is here.
5909	 */
5910	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5911		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5912		ctsio->kern_data_len = len;
5913		ctsio->kern_total_len = len;
5914		ctsio->kern_data_resid = 0;
5915		ctsio->kern_rel_offset = 0;
5916		ctsio->kern_sg_entries = 0;
5917		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5918		ctsio->be_move_done = ctl_config_move_done;
5919		ctl_datamove((union ctl_io *)ctsio);
5920
5921		return (CTL_RETVAL_COMPLETE);
5922	}
5923
5924	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5925	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5926	if (len < sizeof (*hdr) ||
5927	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5928	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5929	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5930		ctl_set_invalid_field(ctsio,
5931				      /*sks_valid*/ 0,
5932				      /*command*/ 0,
5933				      /*field*/ 0,
5934				      /*bit_valid*/ 0,
5935				      /*bit*/ 0);
5936		ctl_done((union ctl_io *)ctsio);
5937		return (CTL_RETVAL_COMPLETE);
5938	}
5939	len = scsi_2btoul(hdr->desc_length);
5940	buf = (struct scsi_unmap_desc *)(hdr + 1);
5941	end = buf + len / sizeof(*buf);
5942
5943	ptrlen = (struct ctl_ptr_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5944	ptrlen->ptr = (void *)buf;
5945	ptrlen->len = len;
5946	ptrlen->flags = byte2;
5947
5948	for (; buf < end; buf++) {
5949		lba = scsi_8btou64(buf->lba);
5950		num_blocks = scsi_4btoul(buf->length);
5951		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5952		 || ((lba + num_blocks) < lba)) {
5953			ctl_set_lba_out_of_range(ctsio);
5954			ctl_done((union ctl_io *)ctsio);
5955			return (CTL_RETVAL_COMPLETE);
5956		}
5957	}
5958
5959	retval = lun->backend->config_write((union ctl_io *)ctsio);
5960
5961	return (retval);
5962}
5963
5964/*
5965 * Note that this function currently doesn't actually do anything inside
5966 * CTL to enforce things if the DQue bit is turned on.
5967 *
5968 * Also note that this function can't be used in the default case, because
5969 * the DQue bit isn't set in the changeable mask for the control mode page
5970 * anyway.  This is just here as an example for how to implement a page
5971 * handler, and a placeholder in case we want to allow the user to turn
5972 * tagged queueing on and off.
5973 *
5974 * The D_SENSE bit handling is functional, however, and will turn
5975 * descriptor sense on and off for a given LUN.
5976 */
5977int
5978ctl_control_page_handler(struct ctl_scsiio *ctsio,
5979			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5980{
5981	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5982	struct ctl_lun *lun;
5983	struct ctl_softc *softc;
5984	int set_ua;
5985	uint32_t initidx;
5986
5987	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5988	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5989	set_ua = 0;
5990
5991	user_cp = (struct scsi_control_page *)page_ptr;
5992	current_cp = (struct scsi_control_page *)
5993		(page_index->page_data + (page_index->page_len *
5994		CTL_PAGE_CURRENT));
5995	saved_cp = (struct scsi_control_page *)
5996		(page_index->page_data + (page_index->page_len *
5997		CTL_PAGE_SAVED));
5998
5999	softc = control_softc;
6000
6001	mtx_lock(&lun->lun_lock);
6002	if (((current_cp->rlec & SCP_DSENSE) == 0)
6003	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6004		/*
6005		 * Descriptor sense is currently turned off and the user
6006		 * wants to turn it on.
6007		 */
6008		current_cp->rlec |= SCP_DSENSE;
6009		saved_cp->rlec |= SCP_DSENSE;
6010		lun->flags |= CTL_LUN_SENSE_DESC;
6011		set_ua = 1;
6012	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6013		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6014		/*
6015		 * Descriptor sense is currently turned on, and the user
6016		 * wants to turn it off.
6017		 */
6018		current_cp->rlec &= ~SCP_DSENSE;
6019		saved_cp->rlec &= ~SCP_DSENSE;
6020		lun->flags &= ~CTL_LUN_SENSE_DESC;
6021		set_ua = 1;
6022	}
6023	if (current_cp->queue_flags & SCP_QUEUE_DQUE) {
6024		if (user_cp->queue_flags & SCP_QUEUE_DQUE) {
6025#ifdef NEEDTOPORT
6026			csevent_log(CSC_CTL | CSC_SHELF_SW |
6027				    CTL_UNTAG_TO_UNTAG,
6028				    csevent_LogType_Trace,
6029				    csevent_Severity_Information,
6030				    csevent_AlertLevel_Green,
6031				    csevent_FRU_Firmware,
6032				    csevent_FRU_Unknown,
6033				    "Received untagged to untagged transition");
6034#endif /* NEEDTOPORT */
6035		} else {
6036#ifdef NEEDTOPORT
6037			csevent_log(CSC_CTL | CSC_SHELF_SW |
6038				    CTL_UNTAG_TO_TAG,
6039				    csevent_LogType_ConfigChange,
6040				    csevent_Severity_Information,
6041				    csevent_AlertLevel_Green,
6042				    csevent_FRU_Firmware,
6043				    csevent_FRU_Unknown,
6044				    "Received untagged to tagged "
6045				    "queueing transition");
6046#endif /* NEEDTOPORT */
6047
6048			current_cp->queue_flags &= ~SCP_QUEUE_DQUE;
6049			saved_cp->queue_flags &= ~SCP_QUEUE_DQUE;
6050			set_ua = 1;
6051		}
6052	} else {
6053		if (user_cp->queue_flags & SCP_QUEUE_DQUE) {
6054#ifdef NEEDTOPORT
6055			csevent_log(CSC_CTL | CSC_SHELF_SW |
6056				    CTL_TAG_TO_UNTAG,
6057				    csevent_LogType_ConfigChange,
6058				    csevent_Severity_Warning,
6059				    csevent_AlertLevel_Yellow,
6060				    csevent_FRU_Firmware,
6061				    csevent_FRU_Unknown,
6062				    "Received tagged queueing to untagged "
6063				    "transition");
6064#endif /* NEEDTOPORT */
6065
6066			current_cp->queue_flags |= SCP_QUEUE_DQUE;
6067			saved_cp->queue_flags |= SCP_QUEUE_DQUE;
6068			set_ua = 1;
6069		} else {
6070#ifdef NEEDTOPORT
6071			csevent_log(CSC_CTL | CSC_SHELF_SW |
6072				    CTL_TAG_TO_TAG,
6073				    csevent_LogType_Trace,
6074				    csevent_Severity_Information,
6075				    csevent_AlertLevel_Green,
6076				    csevent_FRU_Firmware,
6077				    csevent_FRU_Unknown,
6078				    "Received tagged queueing to tagged "
6079				    "queueing transition");
6080#endif /* NEEDTOPORT */
6081		}
6082	}
6083	if (set_ua != 0) {
6084		int i;
6085		/*
6086		 * Let other initiators know that the mode
6087		 * parameters for this LUN have changed.
6088		 */
6089		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6090			if (i == initidx)
6091				continue;
6092
6093			lun->pending_sense[i].ua_pending |=
6094				CTL_UA_MODE_CHANGE;
6095		}
6096	}
6097	mtx_unlock(&lun->lun_lock);
6098
6099	return (0);
6100}
6101
6102int
6103ctl_power_sp_handler(struct ctl_scsiio *ctsio,
6104		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6105{
6106	return (0);
6107}
6108
6109int
6110ctl_power_sp_sense_handler(struct ctl_scsiio *ctsio,
6111			   struct ctl_page_index *page_index, int pc)
6112{
6113	struct copan_power_subpage *page;
6114
6115	page = (struct copan_power_subpage *)page_index->page_data +
6116		(page_index->page_len * pc);
6117
6118	switch (pc) {
6119	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6120		/*
6121		 * We don't update the changable bits for this page.
6122		 */
6123		break;
6124	case SMS_PAGE_CTRL_CURRENT >> 6:
6125	case SMS_PAGE_CTRL_DEFAULT >> 6:
6126	case SMS_PAGE_CTRL_SAVED >> 6:
6127#ifdef NEEDTOPORT
6128		ctl_update_power_subpage(page);
6129#endif
6130		break;
6131	default:
6132#ifdef NEEDTOPORT
6133		EPRINT(0, "Invalid PC %d!!", pc);
6134#endif
6135		break;
6136	}
6137	return (0);
6138}
6139
6140
6141int
6142ctl_aps_sp_handler(struct ctl_scsiio *ctsio,
6143		   struct ctl_page_index *page_index, uint8_t *page_ptr)
6144{
6145	struct copan_aps_subpage *user_sp;
6146	struct copan_aps_subpage *current_sp;
6147	union ctl_modepage_info *modepage_info;
6148	struct ctl_softc *softc;
6149	struct ctl_lun *lun;
6150	int retval;
6151
6152	retval = CTL_RETVAL_COMPLETE;
6153	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
6154		     (page_index->page_len * CTL_PAGE_CURRENT));
6155	softc = control_softc;
6156	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6157
6158	user_sp = (struct copan_aps_subpage *)page_ptr;
6159
6160	modepage_info = (union ctl_modepage_info *)
6161		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6162
6163	modepage_info->header.page_code = page_index->page_code & SMPH_PC_MASK;
6164	modepage_info->header.subpage = page_index->subpage;
6165	modepage_info->aps.lock_active = user_sp->lock_active;
6166
6167	mtx_lock(&softc->ctl_lock);
6168
6169	/*
6170	 * If there is a request to lock the LUN and another LUN is locked
6171	 * this is an error. If the requested LUN is already locked ignore
6172	 * the request. If no LUN is locked attempt to lock it.
6173	 * if there is a request to unlock the LUN and the LUN is currently
6174	 * locked attempt to unlock it. Otherwise ignore the request. i.e.
6175	 * if another LUN is locked or no LUN is locked.
6176	 */
6177	if (user_sp->lock_active & APS_LOCK_ACTIVE) {
6178		if (softc->aps_locked_lun == lun->lun) {
6179			/*
6180			 * This LUN is already locked, so we're done.
6181			 */
6182			retval = CTL_RETVAL_COMPLETE;
6183		} else if (softc->aps_locked_lun == 0) {
6184			/*
6185			 * No one has the lock, pass the request to the
6186			 * backend.
6187			 */
6188			retval = lun->backend->config_write(
6189				(union ctl_io *)ctsio);
6190		} else {
6191			/*
6192			 * Someone else has the lock, throw out the request.
6193			 */
6194			ctl_set_already_locked(ctsio);
6195			free(ctsio->kern_data_ptr, M_CTL);
6196			ctl_done((union ctl_io *)ctsio);
6197
6198			/*
6199			 * Set the return value so that ctl_do_mode_select()
6200			 * won't try to complete the command.  We already
6201			 * completed it here.
6202			 */
6203			retval = CTL_RETVAL_ERROR;
6204		}
6205	} else if (softc->aps_locked_lun == lun->lun) {
6206		/*
6207		 * This LUN is locked, so pass the unlock request to the
6208		 * backend.
6209		 */
6210		retval = lun->backend->config_write((union ctl_io *)ctsio);
6211	}
6212	mtx_unlock(&softc->ctl_lock);
6213
6214	return (retval);
6215}
6216
6217int
6218ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6219				struct ctl_page_index *page_index,
6220				uint8_t *page_ptr)
6221{
6222	uint8_t *c;
6223	int i;
6224
6225	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6226	ctl_time_io_secs =
6227		(c[0] << 8) |
6228		(c[1] << 0) |
6229		0;
6230	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6231	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6232	printf("page data:");
6233	for (i=0; i<8; i++)
6234		printf(" %.2x",page_ptr[i]);
6235	printf("\n");
6236	return (0);
6237}
6238
6239int
6240ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6241			       struct ctl_page_index *page_index,
6242			       int pc)
6243{
6244	struct copan_debugconf_subpage *page;
6245
6246	page = (struct copan_debugconf_subpage *)page_index->page_data +
6247		(page_index->page_len * pc);
6248
6249	switch (pc) {
6250	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6251	case SMS_PAGE_CTRL_DEFAULT >> 6:
6252	case SMS_PAGE_CTRL_SAVED >> 6:
6253		/*
6254		 * We don't update the changable or default bits for this page.
6255		 */
6256		break;
6257	case SMS_PAGE_CTRL_CURRENT >> 6:
6258		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6259		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6260		break;
6261	default:
6262#ifdef NEEDTOPORT
6263		EPRINT(0, "Invalid PC %d!!", pc);
6264#endif /* NEEDTOPORT */
6265		break;
6266	}
6267	return (0);
6268}
6269
6270
6271static int
6272ctl_do_mode_select(union ctl_io *io)
6273{
6274	struct scsi_mode_page_header *page_header;
6275	struct ctl_page_index *page_index;
6276	struct ctl_scsiio *ctsio;
6277	int control_dev, page_len;
6278	int page_len_offset, page_len_size;
6279	union ctl_modepage_info *modepage_info;
6280	struct ctl_lun *lun;
6281	int *len_left, *len_used;
6282	int retval, i;
6283
6284	ctsio = &io->scsiio;
6285	page_index = NULL;
6286	page_len = 0;
6287	retval = CTL_RETVAL_COMPLETE;
6288
6289	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6290
6291	if (lun->be_lun->lun_type != T_DIRECT)
6292		control_dev = 1;
6293	else
6294		control_dev = 0;
6295
6296	modepage_info = (union ctl_modepage_info *)
6297		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6298	len_left = &modepage_info->header.len_left;
6299	len_used = &modepage_info->header.len_used;
6300
6301do_next_page:
6302
6303	page_header = (struct scsi_mode_page_header *)
6304		(ctsio->kern_data_ptr + *len_used);
6305
6306	if (*len_left == 0) {
6307		free(ctsio->kern_data_ptr, M_CTL);
6308		ctl_set_success(ctsio);
6309		ctl_done((union ctl_io *)ctsio);
6310		return (CTL_RETVAL_COMPLETE);
6311	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6312
6313		free(ctsio->kern_data_ptr, M_CTL);
6314		ctl_set_param_len_error(ctsio);
6315		ctl_done((union ctl_io *)ctsio);
6316		return (CTL_RETVAL_COMPLETE);
6317
6318	} else if ((page_header->page_code & SMPH_SPF)
6319		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6320
6321		free(ctsio->kern_data_ptr, M_CTL);
6322		ctl_set_param_len_error(ctsio);
6323		ctl_done((union ctl_io *)ctsio);
6324		return (CTL_RETVAL_COMPLETE);
6325	}
6326
6327
6328	/*
6329	 * XXX KDM should we do something with the block descriptor?
6330	 */
6331	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6332
6333		if ((control_dev != 0)
6334		 && (lun->mode_pages.index[i].page_flags &
6335		     CTL_PAGE_FLAG_DISK_ONLY))
6336			continue;
6337
6338		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6339		    (page_header->page_code & SMPH_PC_MASK))
6340			continue;
6341
6342		/*
6343		 * If neither page has a subpage code, then we've got a
6344		 * match.
6345		 */
6346		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6347		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6348			page_index = &lun->mode_pages.index[i];
6349			page_len = page_header->page_length;
6350			break;
6351		}
6352
6353		/*
6354		 * If both pages have subpages, then the subpage numbers
6355		 * have to match.
6356		 */
6357		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6358		  && (page_header->page_code & SMPH_SPF)) {
6359			struct scsi_mode_page_header_sp *sph;
6360
6361			sph = (struct scsi_mode_page_header_sp *)page_header;
6362
6363			if (lun->mode_pages.index[i].subpage ==
6364			    sph->subpage) {
6365				page_index = &lun->mode_pages.index[i];
6366				page_len = scsi_2btoul(sph->page_length);
6367				break;
6368			}
6369		}
6370	}
6371
6372	/*
6373	 * If we couldn't find the page, or if we don't have a mode select
6374	 * handler for it, send back an error to the user.
6375	 */
6376	if ((page_index == NULL)
6377	 || (page_index->select_handler == NULL)) {
6378		ctl_set_invalid_field(ctsio,
6379				      /*sks_valid*/ 1,
6380				      /*command*/ 0,
6381				      /*field*/ *len_used,
6382				      /*bit_valid*/ 0,
6383				      /*bit*/ 0);
6384		free(ctsio->kern_data_ptr, M_CTL);
6385		ctl_done((union ctl_io *)ctsio);
6386		return (CTL_RETVAL_COMPLETE);
6387	}
6388
6389	if (page_index->page_code & SMPH_SPF) {
6390		page_len_offset = 2;
6391		page_len_size = 2;
6392	} else {
6393		page_len_size = 1;
6394		page_len_offset = 1;
6395	}
6396
6397	/*
6398	 * If the length the initiator gives us isn't the one we specify in
6399	 * the mode page header, or if they didn't specify enough data in
6400	 * the CDB to avoid truncating this page, kick out the request.
6401	 */
6402	if ((page_len != (page_index->page_len - page_len_offset -
6403			  page_len_size))
6404	 || (*len_left < page_index->page_len)) {
6405
6406
6407		ctl_set_invalid_field(ctsio,
6408				      /*sks_valid*/ 1,
6409				      /*command*/ 0,
6410				      /*field*/ *len_used + page_len_offset,
6411				      /*bit_valid*/ 0,
6412				      /*bit*/ 0);
6413		free(ctsio->kern_data_ptr, M_CTL);
6414		ctl_done((union ctl_io *)ctsio);
6415		return (CTL_RETVAL_COMPLETE);
6416	}
6417
6418	/*
6419	 * Run through the mode page, checking to make sure that the bits
6420	 * the user changed are actually legal for him to change.
6421	 */
6422	for (i = 0; i < page_index->page_len; i++) {
6423		uint8_t *user_byte, *change_mask, *current_byte;
6424		int bad_bit;
6425		int j;
6426
6427		user_byte = (uint8_t *)page_header + i;
6428		change_mask = page_index->page_data +
6429			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6430		current_byte = page_index->page_data +
6431			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6432
6433		/*
6434		 * Check to see whether the user set any bits in this byte
6435		 * that he is not allowed to set.
6436		 */
6437		if ((*user_byte & ~(*change_mask)) ==
6438		    (*current_byte & ~(*change_mask)))
6439			continue;
6440
6441		/*
6442		 * Go through bit by bit to determine which one is illegal.
6443		 */
6444		bad_bit = 0;
6445		for (j = 7; j >= 0; j--) {
6446			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6447			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6448				bad_bit = i;
6449				break;
6450			}
6451		}
6452		ctl_set_invalid_field(ctsio,
6453				      /*sks_valid*/ 1,
6454				      /*command*/ 0,
6455				      /*field*/ *len_used + i,
6456				      /*bit_valid*/ 1,
6457				      /*bit*/ bad_bit);
6458		free(ctsio->kern_data_ptr, M_CTL);
6459		ctl_done((union ctl_io *)ctsio);
6460		return (CTL_RETVAL_COMPLETE);
6461	}
6462
6463	/*
6464	 * Decrement these before we call the page handler, since we may
6465	 * end up getting called back one way or another before the handler
6466	 * returns to this context.
6467	 */
6468	*len_left -= page_index->page_len;
6469	*len_used += page_index->page_len;
6470
6471	retval = page_index->select_handler(ctsio, page_index,
6472					    (uint8_t *)page_header);
6473
6474	/*
6475	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6476	 * wait until this queued command completes to finish processing
6477	 * the mode page.  If it returns anything other than
6478	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6479	 * already set the sense information, freed the data pointer, and
6480	 * completed the io for us.
6481	 */
6482	if (retval != CTL_RETVAL_COMPLETE)
6483		goto bailout_no_done;
6484
6485	/*
6486	 * If the initiator sent us more than one page, parse the next one.
6487	 */
6488	if (*len_left > 0)
6489		goto do_next_page;
6490
6491	ctl_set_success(ctsio);
6492	free(ctsio->kern_data_ptr, M_CTL);
6493	ctl_done((union ctl_io *)ctsio);
6494
6495bailout_no_done:
6496
6497	return (CTL_RETVAL_COMPLETE);
6498
6499}
6500
6501int
6502ctl_mode_select(struct ctl_scsiio *ctsio)
6503{
6504	int param_len, pf, sp;
6505	int header_size, bd_len;
6506	int len_left, len_used;
6507	struct ctl_page_index *page_index;
6508	struct ctl_lun *lun;
6509	int control_dev, page_len;
6510	union ctl_modepage_info *modepage_info;
6511	int retval;
6512
6513	pf = 0;
6514	sp = 0;
6515	page_len = 0;
6516	len_used = 0;
6517	len_left = 0;
6518	retval = 0;
6519	bd_len = 0;
6520	page_index = NULL;
6521
6522	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6523
6524	if (lun->be_lun->lun_type != T_DIRECT)
6525		control_dev = 1;
6526	else
6527		control_dev = 0;
6528
6529	switch (ctsio->cdb[0]) {
6530	case MODE_SELECT_6: {
6531		struct scsi_mode_select_6 *cdb;
6532
6533		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6534
6535		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6536		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6537
6538		param_len = cdb->length;
6539		header_size = sizeof(struct scsi_mode_header_6);
6540		break;
6541	}
6542	case MODE_SELECT_10: {
6543		struct scsi_mode_select_10 *cdb;
6544
6545		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6546
6547		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6548		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6549
6550		param_len = scsi_2btoul(cdb->length);
6551		header_size = sizeof(struct scsi_mode_header_10);
6552		break;
6553	}
6554	default:
6555		ctl_set_invalid_opcode(ctsio);
6556		ctl_done((union ctl_io *)ctsio);
6557		return (CTL_RETVAL_COMPLETE);
6558		break; /* NOTREACHED */
6559	}
6560
6561	/*
6562	 * From SPC-3:
6563	 * "A parameter list length of zero indicates that the Data-Out Buffer
6564	 * shall be empty. This condition shall not be considered as an error."
6565	 */
6566	if (param_len == 0) {
6567		ctl_set_success(ctsio);
6568		ctl_done((union ctl_io *)ctsio);
6569		return (CTL_RETVAL_COMPLETE);
6570	}
6571
6572	/*
6573	 * Since we'll hit this the first time through, prior to
6574	 * allocation, we don't need to free a data buffer here.
6575	 */
6576	if (param_len < header_size) {
6577		ctl_set_param_len_error(ctsio);
6578		ctl_done((union ctl_io *)ctsio);
6579		return (CTL_RETVAL_COMPLETE);
6580	}
6581
6582	/*
6583	 * Allocate the data buffer and grab the user's data.  In theory,
6584	 * we shouldn't have to sanity check the parameter list length here
6585	 * because the maximum size is 64K.  We should be able to malloc
6586	 * that much without too many problems.
6587	 */
6588	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6589		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6590		ctsio->kern_data_len = param_len;
6591		ctsio->kern_total_len = param_len;
6592		ctsio->kern_data_resid = 0;
6593		ctsio->kern_rel_offset = 0;
6594		ctsio->kern_sg_entries = 0;
6595		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6596		ctsio->be_move_done = ctl_config_move_done;
6597		ctl_datamove((union ctl_io *)ctsio);
6598
6599		return (CTL_RETVAL_COMPLETE);
6600	}
6601
6602	switch (ctsio->cdb[0]) {
6603	case MODE_SELECT_6: {
6604		struct scsi_mode_header_6 *mh6;
6605
6606		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6607		bd_len = mh6->blk_desc_len;
6608		break;
6609	}
6610	case MODE_SELECT_10: {
6611		struct scsi_mode_header_10 *mh10;
6612
6613		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6614		bd_len = scsi_2btoul(mh10->blk_desc_len);
6615		break;
6616	}
6617	default:
6618		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6619		break;
6620	}
6621
6622	if (param_len < (header_size + bd_len)) {
6623		free(ctsio->kern_data_ptr, M_CTL);
6624		ctl_set_param_len_error(ctsio);
6625		ctl_done((union ctl_io *)ctsio);
6626		return (CTL_RETVAL_COMPLETE);
6627	}
6628
6629	/*
6630	 * Set the IO_CONT flag, so that if this I/O gets passed to
6631	 * ctl_config_write_done(), it'll get passed back to
6632	 * ctl_do_mode_select() for further processing, or completion if
6633	 * we're all done.
6634	 */
6635	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6636	ctsio->io_cont = ctl_do_mode_select;
6637
6638	modepage_info = (union ctl_modepage_info *)
6639		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6640
6641	memset(modepage_info, 0, sizeof(*modepage_info));
6642
6643	len_left = param_len - header_size - bd_len;
6644	len_used = header_size + bd_len;
6645
6646	modepage_info->header.len_left = len_left;
6647	modepage_info->header.len_used = len_used;
6648
6649	return (ctl_do_mode_select((union ctl_io *)ctsio));
6650}
6651
6652int
6653ctl_mode_sense(struct ctl_scsiio *ctsio)
6654{
6655	struct ctl_lun *lun;
6656	int pc, page_code, dbd, llba, subpage;
6657	int alloc_len, page_len, header_len, total_len;
6658	struct scsi_mode_block_descr *block_desc;
6659	struct ctl_page_index *page_index;
6660	int control_dev;
6661
6662	dbd = 0;
6663	llba = 0;
6664	block_desc = NULL;
6665	page_index = NULL;
6666
6667	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6668
6669	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6670
6671	if (lun->be_lun->lun_type != T_DIRECT)
6672		control_dev = 1;
6673	else
6674		control_dev = 0;
6675
6676	if (lun->flags & CTL_LUN_PR_RESERVED) {
6677		uint32_t residx;
6678
6679		/*
6680		 * XXX KDM need a lock here.
6681		 */
6682		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
6683		if ((lun->res_type == SPR_TYPE_EX_AC
6684		  && residx != lun->pr_res_idx)
6685		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
6686		   || lun->res_type == SPR_TYPE_EX_AC_AR)
6687		  && !lun->per_res[residx].registered)) {
6688			ctl_set_reservation_conflict(ctsio);
6689			ctl_done((union ctl_io *)ctsio);
6690			return (CTL_RETVAL_COMPLETE);
6691		}
6692	}
6693
6694	switch (ctsio->cdb[0]) {
6695	case MODE_SENSE_6: {
6696		struct scsi_mode_sense_6 *cdb;
6697
6698		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6699
6700		header_len = sizeof(struct scsi_mode_hdr_6);
6701		if (cdb->byte2 & SMS_DBD)
6702			dbd = 1;
6703		else
6704			header_len += sizeof(struct scsi_mode_block_descr);
6705
6706		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6707		page_code = cdb->page & SMS_PAGE_CODE;
6708		subpage = cdb->subpage;
6709		alloc_len = cdb->length;
6710		break;
6711	}
6712	case MODE_SENSE_10: {
6713		struct scsi_mode_sense_10 *cdb;
6714
6715		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6716
6717		header_len = sizeof(struct scsi_mode_hdr_10);
6718
6719		if (cdb->byte2 & SMS_DBD)
6720			dbd = 1;
6721		else
6722			header_len += sizeof(struct scsi_mode_block_descr);
6723		if (cdb->byte2 & SMS10_LLBAA)
6724			llba = 1;
6725		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6726		page_code = cdb->page & SMS_PAGE_CODE;
6727		subpage = cdb->subpage;
6728		alloc_len = scsi_2btoul(cdb->length);
6729		break;
6730	}
6731	default:
6732		ctl_set_invalid_opcode(ctsio);
6733		ctl_done((union ctl_io *)ctsio);
6734		return (CTL_RETVAL_COMPLETE);
6735		break; /* NOTREACHED */
6736	}
6737
6738	/*
6739	 * We have to make a first pass through to calculate the size of
6740	 * the pages that match the user's query.  Then we allocate enough
6741	 * memory to hold it, and actually copy the data into the buffer.
6742	 */
6743	switch (page_code) {
6744	case SMS_ALL_PAGES_PAGE: {
6745		int i;
6746
6747		page_len = 0;
6748
6749		/*
6750		 * At the moment, values other than 0 and 0xff here are
6751		 * reserved according to SPC-3.
6752		 */
6753		if ((subpage != SMS_SUBPAGE_PAGE_0)
6754		 && (subpage != SMS_SUBPAGE_ALL)) {
6755			ctl_set_invalid_field(ctsio,
6756					      /*sks_valid*/ 1,
6757					      /*command*/ 1,
6758					      /*field*/ 3,
6759					      /*bit_valid*/ 0,
6760					      /*bit*/ 0);
6761			ctl_done((union ctl_io *)ctsio);
6762			return (CTL_RETVAL_COMPLETE);
6763		}
6764
6765		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6766			if ((control_dev != 0)
6767			 && (lun->mode_pages.index[i].page_flags &
6768			     CTL_PAGE_FLAG_DISK_ONLY))
6769				continue;
6770
6771			/*
6772			 * We don't use this subpage if the user didn't
6773			 * request all subpages.
6774			 */
6775			if ((lun->mode_pages.index[i].subpage != 0)
6776			 && (subpage == SMS_SUBPAGE_PAGE_0))
6777				continue;
6778
6779#if 0
6780			printf("found page %#x len %d\n",
6781			       lun->mode_pages.index[i].page_code &
6782			       SMPH_PC_MASK,
6783			       lun->mode_pages.index[i].page_len);
6784#endif
6785			page_len += lun->mode_pages.index[i].page_len;
6786		}
6787		break;
6788	}
6789	default: {
6790		int i;
6791
6792		page_len = 0;
6793
6794		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6795			/* Look for the right page code */
6796			if ((lun->mode_pages.index[i].page_code &
6797			     SMPH_PC_MASK) != page_code)
6798				continue;
6799
6800			/* Look for the right subpage or the subpage wildcard*/
6801			if ((lun->mode_pages.index[i].subpage != subpage)
6802			 && (subpage != SMS_SUBPAGE_ALL))
6803				continue;
6804
6805			/* Make sure the page is supported for this dev type */
6806			if ((control_dev != 0)
6807			 && (lun->mode_pages.index[i].page_flags &
6808			     CTL_PAGE_FLAG_DISK_ONLY))
6809				continue;
6810
6811#if 0
6812			printf("found page %#x len %d\n",
6813			       lun->mode_pages.index[i].page_code &
6814			       SMPH_PC_MASK,
6815			       lun->mode_pages.index[i].page_len);
6816#endif
6817
6818			page_len += lun->mode_pages.index[i].page_len;
6819		}
6820
6821		if (page_len == 0) {
6822			ctl_set_invalid_field(ctsio,
6823					      /*sks_valid*/ 1,
6824					      /*command*/ 1,
6825					      /*field*/ 2,
6826					      /*bit_valid*/ 1,
6827					      /*bit*/ 5);
6828			ctl_done((union ctl_io *)ctsio);
6829			return (CTL_RETVAL_COMPLETE);
6830		}
6831		break;
6832	}
6833	}
6834
6835	total_len = header_len + page_len;
6836#if 0
6837	printf("header_len = %d, page_len = %d, total_len = %d\n",
6838	       header_len, page_len, total_len);
6839#endif
6840
6841	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6842	ctsio->kern_sg_entries = 0;
6843	ctsio->kern_data_resid = 0;
6844	ctsio->kern_rel_offset = 0;
6845	if (total_len < alloc_len) {
6846		ctsio->residual = alloc_len - total_len;
6847		ctsio->kern_data_len = total_len;
6848		ctsio->kern_total_len = total_len;
6849	} else {
6850		ctsio->residual = 0;
6851		ctsio->kern_data_len = alloc_len;
6852		ctsio->kern_total_len = alloc_len;
6853	}
6854
6855	switch (ctsio->cdb[0]) {
6856	case MODE_SENSE_6: {
6857		struct scsi_mode_hdr_6 *header;
6858
6859		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6860
6861		header->datalen = ctl_min(total_len - 1, 254);
6862
6863		if (dbd)
6864			header->block_descr_len = 0;
6865		else
6866			header->block_descr_len =
6867				sizeof(struct scsi_mode_block_descr);
6868		block_desc = (struct scsi_mode_block_descr *)&header[1];
6869		break;
6870	}
6871	case MODE_SENSE_10: {
6872		struct scsi_mode_hdr_10 *header;
6873		int datalen;
6874
6875		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6876
6877		datalen = ctl_min(total_len - 2, 65533);
6878		scsi_ulto2b(datalen, header->datalen);
6879		if (dbd)
6880			scsi_ulto2b(0, header->block_descr_len);
6881		else
6882			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6883				    header->block_descr_len);
6884		block_desc = (struct scsi_mode_block_descr *)&header[1];
6885		break;
6886	}
6887	default:
6888		panic("invalid CDB type %#x", ctsio->cdb[0]);
6889		break; /* NOTREACHED */
6890	}
6891
6892	/*
6893	 * If we've got a disk, use its blocksize in the block
6894	 * descriptor.  Otherwise, just set it to 0.
6895	 */
6896	if (dbd == 0) {
6897		if (control_dev != 0)
6898			scsi_ulto3b(lun->be_lun->blocksize,
6899				    block_desc->block_len);
6900		else
6901			scsi_ulto3b(0, block_desc->block_len);
6902	}
6903
6904	switch (page_code) {
6905	case SMS_ALL_PAGES_PAGE: {
6906		int i, data_used;
6907
6908		data_used = header_len;
6909		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6910			struct ctl_page_index *page_index;
6911
6912			page_index = &lun->mode_pages.index[i];
6913
6914			if ((control_dev != 0)
6915			 && (page_index->page_flags &
6916			    CTL_PAGE_FLAG_DISK_ONLY))
6917				continue;
6918
6919			/*
6920			 * We don't use this subpage if the user didn't
6921			 * request all subpages.  We already checked (above)
6922			 * to make sure the user only specified a subpage
6923			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6924			 */
6925			if ((page_index->subpage != 0)
6926			 && (subpage == SMS_SUBPAGE_PAGE_0))
6927				continue;
6928
6929			/*
6930			 * Call the handler, if it exists, to update the
6931			 * page to the latest values.
6932			 */
6933			if (page_index->sense_handler != NULL)
6934				page_index->sense_handler(ctsio, page_index,pc);
6935
6936			memcpy(ctsio->kern_data_ptr + data_used,
6937			       page_index->page_data +
6938			       (page_index->page_len * pc),
6939			       page_index->page_len);
6940			data_used += page_index->page_len;
6941		}
6942		break;
6943	}
6944	default: {
6945		int i, data_used;
6946
6947		data_used = header_len;
6948
6949		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6950			struct ctl_page_index *page_index;
6951
6952			page_index = &lun->mode_pages.index[i];
6953
6954			/* Look for the right page code */
6955			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6956				continue;
6957
6958			/* Look for the right subpage or the subpage wildcard*/
6959			if ((page_index->subpage != subpage)
6960			 && (subpage != SMS_SUBPAGE_ALL))
6961				continue;
6962
6963			/* Make sure the page is supported for this dev type */
6964			if ((control_dev != 0)
6965			 && (page_index->page_flags &
6966			     CTL_PAGE_FLAG_DISK_ONLY))
6967				continue;
6968
6969			/*
6970			 * Call the handler, if it exists, to update the
6971			 * page to the latest values.
6972			 */
6973			if (page_index->sense_handler != NULL)
6974				page_index->sense_handler(ctsio, page_index,pc);
6975
6976			memcpy(ctsio->kern_data_ptr + data_used,
6977			       page_index->page_data +
6978			       (page_index->page_len * pc),
6979			       page_index->page_len);
6980			data_used += page_index->page_len;
6981		}
6982		break;
6983	}
6984	}
6985
6986	ctsio->scsi_status = SCSI_STATUS_OK;
6987
6988	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6989	ctsio->be_move_done = ctl_config_move_done;
6990	ctl_datamove((union ctl_io *)ctsio);
6991
6992	return (CTL_RETVAL_COMPLETE);
6993}
6994
6995int
6996ctl_read_capacity(struct ctl_scsiio *ctsio)
6997{
6998	struct scsi_read_capacity *cdb;
6999	struct scsi_read_capacity_data *data;
7000	struct ctl_lun *lun;
7001	uint32_t lba;
7002
7003	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7004
7005	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7006
7007	lba = scsi_4btoul(cdb->addr);
7008	if (((cdb->pmi & SRC_PMI) == 0)
7009	 && (lba != 0)) {
7010		ctl_set_invalid_field(/*ctsio*/ ctsio,
7011				      /*sks_valid*/ 1,
7012				      /*command*/ 1,
7013				      /*field*/ 2,
7014				      /*bit_valid*/ 0,
7015				      /*bit*/ 0);
7016		ctl_done((union ctl_io *)ctsio);
7017		return (CTL_RETVAL_COMPLETE);
7018	}
7019
7020	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7021
7022	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7023	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7024	ctsio->residual = 0;
7025	ctsio->kern_data_len = sizeof(*data);
7026	ctsio->kern_total_len = sizeof(*data);
7027	ctsio->kern_data_resid = 0;
7028	ctsio->kern_rel_offset = 0;
7029	ctsio->kern_sg_entries = 0;
7030
7031	/*
7032	 * If the maximum LBA is greater than 0xfffffffe, the user must
7033	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7034	 * serivce action set.
7035	 */
7036	if (lun->be_lun->maxlba > 0xfffffffe)
7037		scsi_ulto4b(0xffffffff, data->addr);
7038	else
7039		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7040
7041	/*
7042	 * XXX KDM this may not be 512 bytes...
7043	 */
7044	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7045
7046	ctsio->scsi_status = SCSI_STATUS_OK;
7047
7048	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7049	ctsio->be_move_done = ctl_config_move_done;
7050	ctl_datamove((union ctl_io *)ctsio);
7051
7052	return (CTL_RETVAL_COMPLETE);
7053}
7054
7055int
7056ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7057{
7058	struct scsi_read_capacity_16 *cdb;
7059	struct scsi_read_capacity_data_long *data;
7060	struct ctl_lun *lun;
7061	uint64_t lba;
7062	uint32_t alloc_len;
7063
7064	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7065
7066	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7067
7068	alloc_len = scsi_4btoul(cdb->alloc_len);
7069	lba = scsi_8btou64(cdb->addr);
7070
7071	if ((cdb->reladr & SRC16_PMI)
7072	 && (lba != 0)) {
7073		ctl_set_invalid_field(/*ctsio*/ ctsio,
7074				      /*sks_valid*/ 1,
7075				      /*command*/ 1,
7076				      /*field*/ 2,
7077				      /*bit_valid*/ 0,
7078				      /*bit*/ 0);
7079		ctl_done((union ctl_io *)ctsio);
7080		return (CTL_RETVAL_COMPLETE);
7081	}
7082
7083	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7084
7085	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7086	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7087
7088	if (sizeof(*data) < alloc_len) {
7089		ctsio->residual = alloc_len - sizeof(*data);
7090		ctsio->kern_data_len = sizeof(*data);
7091		ctsio->kern_total_len = sizeof(*data);
7092	} else {
7093		ctsio->residual = 0;
7094		ctsio->kern_data_len = alloc_len;
7095		ctsio->kern_total_len = alloc_len;
7096	}
7097	ctsio->kern_data_resid = 0;
7098	ctsio->kern_rel_offset = 0;
7099	ctsio->kern_sg_entries = 0;
7100
7101	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7102	/* XXX KDM this may not be 512 bytes... */
7103	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7104	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7105	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7106	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7107		data->lalba_lbp[0] |= SRC16_LBPME;
7108
7109	ctsio->scsi_status = SCSI_STATUS_OK;
7110
7111	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7112	ctsio->be_move_done = ctl_config_move_done;
7113	ctl_datamove((union ctl_io *)ctsio);
7114
7115	return (CTL_RETVAL_COMPLETE);
7116}
7117
7118int
7119ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7120{
7121	struct scsi_maintenance_in *cdb;
7122	int retval;
7123	int alloc_len, total_len = 0;
7124	int num_target_port_groups, single;
7125	struct ctl_lun *lun;
7126	struct ctl_softc *softc;
7127	struct scsi_target_group_data *rtg_ptr;
7128	struct scsi_target_port_group_descriptor *tpg_desc_ptr1, *tpg_desc_ptr2;
7129	struct scsi_target_port_descriptor  *tp_desc_ptr1_1, *tp_desc_ptr1_2,
7130	                                    *tp_desc_ptr2_1, *tp_desc_ptr2_2;
7131
7132	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7133
7134	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7135	softc = control_softc;
7136	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7137
7138	retval = CTL_RETVAL_COMPLETE;
7139
7140	single = ctl_is_single;
7141	if (single)
7142        	num_target_port_groups = NUM_TARGET_PORT_GROUPS - 1;
7143	else
7144        	num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7145
7146	total_len = sizeof(struct scsi_target_group_data) +
7147		sizeof(struct scsi_target_port_group_descriptor) *
7148		num_target_port_groups +
7149		sizeof(struct scsi_target_port_descriptor) *
7150		NUM_PORTS_PER_GRP * num_target_port_groups;
7151
7152	alloc_len = scsi_4btoul(cdb->length);
7153
7154	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7155
7156	ctsio->kern_sg_entries = 0;
7157
7158	if (total_len < alloc_len) {
7159		ctsio->residual = alloc_len - total_len;
7160		ctsio->kern_data_len = total_len;
7161		ctsio->kern_total_len = total_len;
7162	} else {
7163		ctsio->residual = 0;
7164		ctsio->kern_data_len = alloc_len;
7165		ctsio->kern_total_len = alloc_len;
7166	}
7167	ctsio->kern_data_resid = 0;
7168	ctsio->kern_rel_offset = 0;
7169
7170	rtg_ptr = (struct scsi_target_group_data *)ctsio->kern_data_ptr;
7171
7172	tpg_desc_ptr1 = &rtg_ptr->groups[0];
7173	tp_desc_ptr1_1 = &tpg_desc_ptr1->descriptors[0];
7174	tp_desc_ptr1_2 = (struct scsi_target_port_descriptor *)
7175	        &tp_desc_ptr1_1->desc_list[0];
7176
7177	if (single == 0) {
7178		tpg_desc_ptr2 = (struct scsi_target_port_group_descriptor *)
7179	                &tp_desc_ptr1_2->desc_list[0];
7180		tp_desc_ptr2_1 = &tpg_desc_ptr2->descriptors[0];
7181		tp_desc_ptr2_2 = (struct scsi_target_port_descriptor *)
7182	        	&tp_desc_ptr2_1->desc_list[0];
7183        } else {
7184		tpg_desc_ptr2 = NULL;
7185		tp_desc_ptr2_1 = NULL;
7186		tp_desc_ptr2_2 = NULL;
7187	}
7188
7189	scsi_ulto4b(total_len - 4, rtg_ptr->length);
7190	if (single == 0) {
7191        	if (ctsio->io_hdr.nexus.targ_port < CTL_MAX_PORTS) {
7192			if (lun->flags & CTL_LUN_PRIMARY_SC) {
7193				tpg_desc_ptr1->pref_state = TPG_PRIMARY;
7194				tpg_desc_ptr2->pref_state =
7195					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7196			} else {
7197				tpg_desc_ptr1->pref_state =
7198					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7199				tpg_desc_ptr2->pref_state = TPG_PRIMARY;
7200			}
7201		} else {
7202			if (lun->flags & CTL_LUN_PRIMARY_SC) {
7203				tpg_desc_ptr1->pref_state =
7204					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7205				tpg_desc_ptr2->pref_state = TPG_PRIMARY;
7206			} else {
7207				tpg_desc_ptr1->pref_state = TPG_PRIMARY;
7208				tpg_desc_ptr2->pref_state =
7209					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7210			}
7211		}
7212	} else {
7213		tpg_desc_ptr1->pref_state = TPG_PRIMARY;
7214	}
7215	tpg_desc_ptr1->support = 0;
7216	tpg_desc_ptr1->target_port_group[1] = 1;
7217	tpg_desc_ptr1->status = TPG_IMPLICIT;
7218	tpg_desc_ptr1->target_port_count= NUM_PORTS_PER_GRP;
7219
7220	if (single == 0) {
7221		tpg_desc_ptr2->support = 0;
7222		tpg_desc_ptr2->target_port_group[1] = 2;
7223		tpg_desc_ptr2->status = TPG_IMPLICIT;
7224		tpg_desc_ptr2->target_port_count = NUM_PORTS_PER_GRP;
7225
7226		tp_desc_ptr1_1->relative_target_port_identifier[1] = 1;
7227		tp_desc_ptr1_2->relative_target_port_identifier[1] = 2;
7228
7229		tp_desc_ptr2_1->relative_target_port_identifier[1] = 9;
7230		tp_desc_ptr2_2->relative_target_port_identifier[1] = 10;
7231	} else {
7232        	if (ctsio->io_hdr.nexus.targ_port < CTL_MAX_PORTS) {
7233			tp_desc_ptr1_1->relative_target_port_identifier[1] = 1;
7234			tp_desc_ptr1_2->relative_target_port_identifier[1] = 2;
7235		} else {
7236			tp_desc_ptr1_1->relative_target_port_identifier[1] = 9;
7237			tp_desc_ptr1_2->relative_target_port_identifier[1] = 10;
7238		}
7239	}
7240
7241	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7242	ctsio->be_move_done = ctl_config_move_done;
7243
7244	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7245			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7246			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7247			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7248			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7249
7250	ctl_datamove((union ctl_io *)ctsio);
7251	return(retval);
7252}
7253
7254int
7255ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7256{
7257	struct ctl_lun *lun;
7258	struct scsi_report_supported_opcodes *cdb;
7259	const struct ctl_cmd_entry *entry, *sentry;
7260	struct scsi_report_supported_opcodes_all *all;
7261	struct scsi_report_supported_opcodes_descr *descr;
7262	struct scsi_report_supported_opcodes_one *one;
7263	int retval;
7264	int alloc_len, total_len;
7265	int opcode, service_action, i, j, num;
7266
7267	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7268
7269	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7270	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7271
7272	retval = CTL_RETVAL_COMPLETE;
7273
7274	opcode = cdb->requested_opcode;
7275	service_action = scsi_2btoul(cdb->requested_service_action);
7276	switch (cdb->options & RSO_OPTIONS_MASK) {
7277	case RSO_OPTIONS_ALL:
7278		num = 0;
7279		for (i = 0; i < 256; i++) {
7280			entry = &ctl_cmd_table[i];
7281			if (entry->flags & CTL_CMD_FLAG_SA5) {
7282				for (j = 0; j < 32; j++) {
7283					sentry = &((const struct ctl_cmd_entry *)
7284					    entry->execute)[j];
7285					if (ctl_cmd_applicable(
7286					    lun->be_lun->lun_type, sentry))
7287						num++;
7288				}
7289			} else {
7290				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7291				    entry))
7292					num++;
7293			}
7294		}
7295		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7296		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7297		break;
7298	case RSO_OPTIONS_OC:
7299		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7300			ctl_set_invalid_field(/*ctsio*/ ctsio,
7301					      /*sks_valid*/ 1,
7302					      /*command*/ 1,
7303					      /*field*/ 2,
7304					      /*bit_valid*/ 1,
7305					      /*bit*/ 2);
7306			ctl_done((union ctl_io *)ctsio);
7307			return (CTL_RETVAL_COMPLETE);
7308		}
7309		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7310		break;
7311	case RSO_OPTIONS_OC_SA:
7312		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7313		    service_action >= 32) {
7314			ctl_set_invalid_field(/*ctsio*/ ctsio,
7315					      /*sks_valid*/ 1,
7316					      /*command*/ 1,
7317					      /*field*/ 2,
7318					      /*bit_valid*/ 1,
7319					      /*bit*/ 2);
7320			ctl_done((union ctl_io *)ctsio);
7321			return (CTL_RETVAL_COMPLETE);
7322		}
7323		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7324		break;
7325	default:
7326		ctl_set_invalid_field(/*ctsio*/ ctsio,
7327				      /*sks_valid*/ 1,
7328				      /*command*/ 1,
7329				      /*field*/ 2,
7330				      /*bit_valid*/ 1,
7331				      /*bit*/ 2);
7332		ctl_done((union ctl_io *)ctsio);
7333		return (CTL_RETVAL_COMPLETE);
7334	}
7335
7336	alloc_len = scsi_4btoul(cdb->length);
7337
7338	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7339
7340	ctsio->kern_sg_entries = 0;
7341
7342	if (total_len < alloc_len) {
7343		ctsio->residual = alloc_len - total_len;
7344		ctsio->kern_data_len = total_len;
7345		ctsio->kern_total_len = total_len;
7346	} else {
7347		ctsio->residual = 0;
7348		ctsio->kern_data_len = alloc_len;
7349		ctsio->kern_total_len = alloc_len;
7350	}
7351	ctsio->kern_data_resid = 0;
7352	ctsio->kern_rel_offset = 0;
7353
7354	switch (cdb->options & RSO_OPTIONS_MASK) {
7355	case RSO_OPTIONS_ALL:
7356		all = (struct scsi_report_supported_opcodes_all *)
7357		    ctsio->kern_data_ptr;
7358		num = 0;
7359		for (i = 0; i < 256; i++) {
7360			entry = &ctl_cmd_table[i];
7361			if (entry->flags & CTL_CMD_FLAG_SA5) {
7362				for (j = 0; j < 32; j++) {
7363					sentry = &((const struct ctl_cmd_entry *)
7364					    entry->execute)[j];
7365					if (!ctl_cmd_applicable(
7366					    lun->be_lun->lun_type, sentry))
7367						continue;
7368					descr = &all->descr[num++];
7369					descr->opcode = i;
7370					scsi_ulto2b(j, descr->service_action);
7371					descr->flags = RSO_SERVACTV;
7372					scsi_ulto2b(sentry->length,
7373					    descr->cdb_length);
7374				}
7375			} else {
7376				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7377				    entry))
7378					continue;
7379				descr = &all->descr[num++];
7380				descr->opcode = i;
7381				scsi_ulto2b(0, descr->service_action);
7382				descr->flags = 0;
7383				scsi_ulto2b(entry->length, descr->cdb_length);
7384			}
7385		}
7386		scsi_ulto4b(
7387		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7388		    all->length);
7389		break;
7390	case RSO_OPTIONS_OC:
7391		one = (struct scsi_report_supported_opcodes_one *)
7392		    ctsio->kern_data_ptr;
7393		entry = &ctl_cmd_table[opcode];
7394		goto fill_one;
7395	case RSO_OPTIONS_OC_SA:
7396		one = (struct scsi_report_supported_opcodes_one *)
7397		    ctsio->kern_data_ptr;
7398		entry = &ctl_cmd_table[opcode];
7399		entry = &((const struct ctl_cmd_entry *)
7400		    entry->execute)[service_action];
7401fill_one:
7402		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7403			one->support = 3;
7404			scsi_ulto2b(entry->length, one->cdb_length);
7405			one->cdb_usage[0] = opcode;
7406			memcpy(&one->cdb_usage[1], entry->usage,
7407			    entry->length - 1);
7408		} else
7409			one->support = 1;
7410		break;
7411	}
7412
7413	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7414	ctsio->be_move_done = ctl_config_move_done;
7415
7416	ctl_datamove((union ctl_io *)ctsio);
7417	return(retval);
7418}
7419
7420int
7421ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7422{
7423	struct ctl_lun *lun;
7424	struct scsi_report_supported_tmf *cdb;
7425	struct scsi_report_supported_tmf_data *data;
7426	int retval;
7427	int alloc_len, total_len;
7428
7429	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7430
7431	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7432	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7433
7434	retval = CTL_RETVAL_COMPLETE;
7435
7436	total_len = sizeof(struct scsi_report_supported_tmf_data);
7437	alloc_len = scsi_4btoul(cdb->length);
7438
7439	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7440
7441	ctsio->kern_sg_entries = 0;
7442
7443	if (total_len < alloc_len) {
7444		ctsio->residual = alloc_len - total_len;
7445		ctsio->kern_data_len = total_len;
7446		ctsio->kern_total_len = total_len;
7447	} else {
7448		ctsio->residual = 0;
7449		ctsio->kern_data_len = alloc_len;
7450		ctsio->kern_total_len = alloc_len;
7451	}
7452	ctsio->kern_data_resid = 0;
7453	ctsio->kern_rel_offset = 0;
7454
7455	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7456	data->byte1 |= RST_ATS | RST_LURS | RST_TRS;
7457
7458	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7459	ctsio->be_move_done = ctl_config_move_done;
7460
7461	ctl_datamove((union ctl_io *)ctsio);
7462	return (retval);
7463}
7464
7465int
7466ctl_report_timestamp(struct ctl_scsiio *ctsio)
7467{
7468	struct ctl_lun *lun;
7469	struct scsi_report_timestamp *cdb;
7470	struct scsi_report_timestamp_data *data;
7471	struct timeval tv;
7472	int64_t timestamp;
7473	int retval;
7474	int alloc_len, total_len;
7475
7476	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7477
7478	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7479	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7480
7481	retval = CTL_RETVAL_COMPLETE;
7482
7483	total_len = sizeof(struct scsi_report_timestamp_data);
7484	alloc_len = scsi_4btoul(cdb->length);
7485
7486	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7487
7488	ctsio->kern_sg_entries = 0;
7489
7490	if (total_len < alloc_len) {
7491		ctsio->residual = alloc_len - total_len;
7492		ctsio->kern_data_len = total_len;
7493		ctsio->kern_total_len = total_len;
7494	} else {
7495		ctsio->residual = 0;
7496		ctsio->kern_data_len = alloc_len;
7497		ctsio->kern_total_len = alloc_len;
7498	}
7499	ctsio->kern_data_resid = 0;
7500	ctsio->kern_rel_offset = 0;
7501
7502	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7503	scsi_ulto2b(sizeof(*data) - 2, data->length);
7504	data->origin = RTS_ORIG_OUTSIDE;
7505	getmicrotime(&tv);
7506	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7507	scsi_ulto4b(timestamp >> 16, data->timestamp);
7508	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7509
7510	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7511	ctsio->be_move_done = ctl_config_move_done;
7512
7513	ctl_datamove((union ctl_io *)ctsio);
7514	return (retval);
7515}
7516
7517int
7518ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7519{
7520	struct scsi_per_res_in *cdb;
7521	int alloc_len, total_len = 0;
7522	/* struct scsi_per_res_in_rsrv in_data; */
7523	struct ctl_lun *lun;
7524	struct ctl_softc *softc;
7525
7526	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7527
7528	softc = control_softc;
7529
7530	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7531
7532	alloc_len = scsi_2btoul(cdb->length);
7533
7534	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7535
7536retry:
7537	mtx_lock(&lun->lun_lock);
7538	switch (cdb->action) {
7539	case SPRI_RK: /* read keys */
7540		total_len = sizeof(struct scsi_per_res_in_keys) +
7541			lun->pr_key_count *
7542			sizeof(struct scsi_per_res_key);
7543		break;
7544	case SPRI_RR: /* read reservation */
7545		if (lun->flags & CTL_LUN_PR_RESERVED)
7546			total_len = sizeof(struct scsi_per_res_in_rsrv);
7547		else
7548			total_len = sizeof(struct scsi_per_res_in_header);
7549		break;
7550	case SPRI_RC: /* report capabilities */
7551		total_len = sizeof(struct scsi_per_res_cap);
7552		break;
7553	default:
7554		panic("Invalid PR type %x", cdb->action);
7555	}
7556	mtx_unlock(&lun->lun_lock);
7557
7558	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7559
7560	if (total_len < alloc_len) {
7561		ctsio->residual = alloc_len - total_len;
7562		ctsio->kern_data_len = total_len;
7563		ctsio->kern_total_len = total_len;
7564	} else {
7565		ctsio->residual = 0;
7566		ctsio->kern_data_len = alloc_len;
7567		ctsio->kern_total_len = alloc_len;
7568	}
7569
7570	ctsio->kern_data_resid = 0;
7571	ctsio->kern_rel_offset = 0;
7572	ctsio->kern_sg_entries = 0;
7573
7574	mtx_lock(&lun->lun_lock);
7575	switch (cdb->action) {
7576	case SPRI_RK: { // read keys
7577        struct scsi_per_res_in_keys *res_keys;
7578		int i, key_count;
7579
7580		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7581
7582		/*
7583		 * We had to drop the lock to allocate our buffer, which
7584		 * leaves time for someone to come in with another
7585		 * persistent reservation.  (That is unlikely, though,
7586		 * since this should be the only persistent reservation
7587		 * command active right now.)
7588		 */
7589		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7590		    (lun->pr_key_count *
7591		     sizeof(struct scsi_per_res_key)))){
7592			mtx_unlock(&lun->lun_lock);
7593			free(ctsio->kern_data_ptr, M_CTL);
7594			printf("%s: reservation length changed, retrying\n",
7595			       __func__);
7596			goto retry;
7597		}
7598
7599		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7600
7601		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7602			     lun->pr_key_count, res_keys->header.length);
7603
7604		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7605			if (!lun->per_res[i].registered)
7606				continue;
7607
7608			/*
7609			 * We used lun->pr_key_count to calculate the
7610			 * size to allocate.  If it turns out the number of
7611			 * initiators with the registered flag set is
7612			 * larger than that (i.e. they haven't been kept in
7613			 * sync), we've got a problem.
7614			 */
7615			if (key_count >= lun->pr_key_count) {
7616#ifdef NEEDTOPORT
7617				csevent_log(CSC_CTL | CSC_SHELF_SW |
7618					    CTL_PR_ERROR,
7619					    csevent_LogType_Fault,
7620					    csevent_AlertLevel_Yellow,
7621					    csevent_FRU_ShelfController,
7622					    csevent_FRU_Firmware,
7623				        csevent_FRU_Unknown,
7624					    "registered keys %d >= key "
7625					    "count %d", key_count,
7626					    lun->pr_key_count);
7627#endif
7628				key_count++;
7629				continue;
7630			}
7631			memcpy(res_keys->keys[key_count].key,
7632			       lun->per_res[i].res_key.key,
7633			       ctl_min(sizeof(res_keys->keys[key_count].key),
7634			       sizeof(lun->per_res[i].res_key)));
7635			key_count++;
7636		}
7637		break;
7638	}
7639	case SPRI_RR: { // read reservation
7640		struct scsi_per_res_in_rsrv *res;
7641		int tmp_len, header_only;
7642
7643		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7644
7645		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7646
7647		if (lun->flags & CTL_LUN_PR_RESERVED)
7648		{
7649			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7650			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7651				    res->header.length);
7652			header_only = 0;
7653		} else {
7654			tmp_len = sizeof(struct scsi_per_res_in_header);
7655			scsi_ulto4b(0, res->header.length);
7656			header_only = 1;
7657		}
7658
7659		/*
7660		 * We had to drop the lock to allocate our buffer, which
7661		 * leaves time for someone to come in with another
7662		 * persistent reservation.  (That is unlikely, though,
7663		 * since this should be the only persistent reservation
7664		 * command active right now.)
7665		 */
7666		if (tmp_len != total_len) {
7667			mtx_unlock(&lun->lun_lock);
7668			free(ctsio->kern_data_ptr, M_CTL);
7669			printf("%s: reservation status changed, retrying\n",
7670			       __func__);
7671			goto retry;
7672		}
7673
7674		/*
7675		 * No reservation held, so we're done.
7676		 */
7677		if (header_only != 0)
7678			break;
7679
7680		/*
7681		 * If the registration is an All Registrants type, the key
7682		 * is 0, since it doesn't really matter.
7683		 */
7684		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7685			memcpy(res->data.reservation,
7686			       &lun->per_res[lun->pr_res_idx].res_key,
7687			       sizeof(struct scsi_per_res_key));
7688		}
7689		res->data.scopetype = lun->res_type;
7690		break;
7691	}
7692	case SPRI_RC:     //report capabilities
7693	{
7694		struct scsi_per_res_cap *res_cap;
7695		uint16_t type_mask;
7696
7697		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7698		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7699		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_3;
7700		type_mask = SPRI_TM_WR_EX_AR |
7701			    SPRI_TM_EX_AC_RO |
7702			    SPRI_TM_WR_EX_RO |
7703			    SPRI_TM_EX_AC |
7704			    SPRI_TM_WR_EX |
7705			    SPRI_TM_EX_AC_AR;
7706		scsi_ulto2b(type_mask, res_cap->type_mask);
7707		break;
7708	}
7709	case SPRI_RS: //read full status
7710	default:
7711		/*
7712		 * This is a bug, because we just checked for this above,
7713		 * and should have returned an error.
7714		 */
7715		panic("Invalid PR type %x", cdb->action);
7716		break; /* NOTREACHED */
7717	}
7718	mtx_unlock(&lun->lun_lock);
7719
7720	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7721	ctsio->be_move_done = ctl_config_move_done;
7722
7723	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7724			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7725			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7726			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7727			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7728
7729	ctl_datamove((union ctl_io *)ctsio);
7730
7731	return (CTL_RETVAL_COMPLETE);
7732}
7733
7734/*
7735 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7736 * it should return.
7737 */
7738static int
7739ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7740		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7741		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7742		struct scsi_per_res_out_parms* param)
7743{
7744	union ctl_ha_msg persis_io;
7745	int retval, i;
7746	int isc_retval;
7747
7748	retval = 0;
7749
7750	mtx_lock(&lun->lun_lock);
7751	if (sa_res_key == 0) {
7752		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7753			/* validate scope and type */
7754			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7755			     SPR_LU_SCOPE) {
7756				mtx_unlock(&lun->lun_lock);
7757				ctl_set_invalid_field(/*ctsio*/ ctsio,
7758						      /*sks_valid*/ 1,
7759						      /*command*/ 1,
7760						      /*field*/ 2,
7761						      /*bit_valid*/ 1,
7762						      /*bit*/ 4);
7763				ctl_done((union ctl_io *)ctsio);
7764				return (1);
7765			}
7766
7767		        if (type>8 || type==2 || type==4 || type==0) {
7768				mtx_unlock(&lun->lun_lock);
7769				ctl_set_invalid_field(/*ctsio*/ ctsio,
7770       	           				      /*sks_valid*/ 1,
7771						      /*command*/ 1,
7772						      /*field*/ 2,
7773						      /*bit_valid*/ 1,
7774						      /*bit*/ 0);
7775				ctl_done((union ctl_io *)ctsio);
7776				return (1);
7777		        }
7778
7779			/* temporarily unregister this nexus */
7780			lun->per_res[residx].registered = 0;
7781
7782			/*
7783			 * Unregister everybody else and build UA for
7784			 * them
7785			 */
7786			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7787				if (lun->per_res[i].registered == 0)
7788					continue;
7789
7790				if (!persis_offset
7791				 && i <CTL_MAX_INITIATORS)
7792					lun->pending_sense[i].ua_pending |=
7793						CTL_UA_REG_PREEMPT;
7794				else if (persis_offset
7795				      && i >= persis_offset)
7796					lun->pending_sense[i-persis_offset
7797						].ua_pending |=
7798						CTL_UA_REG_PREEMPT;
7799				lun->per_res[i].registered = 0;
7800				memset(&lun->per_res[i].res_key, 0,
7801				       sizeof(struct scsi_per_res_key));
7802			}
7803			lun->per_res[residx].registered = 1;
7804			lun->pr_key_count = 1;
7805			lun->res_type = type;
7806			if (lun->res_type != SPR_TYPE_WR_EX_AR
7807			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7808				lun->pr_res_idx = residx;
7809
7810			/* send msg to other side */
7811			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7812			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7813			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7814			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7815			persis_io.pr.pr_info.res_type = type;
7816			memcpy(persis_io.pr.pr_info.sa_res_key,
7817			       param->serv_act_res_key,
7818			       sizeof(param->serv_act_res_key));
7819			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7820			     &persis_io, sizeof(persis_io), 0)) >
7821			     CTL_HA_STATUS_SUCCESS) {
7822				printf("CTL:Persis Out error returned "
7823				       "from ctl_ha_msg_send %d\n",
7824				       isc_retval);
7825			}
7826		} else {
7827			/* not all registrants */
7828			mtx_unlock(&lun->lun_lock);
7829			free(ctsio->kern_data_ptr, M_CTL);
7830			ctl_set_invalid_field(ctsio,
7831					      /*sks_valid*/ 1,
7832					      /*command*/ 0,
7833					      /*field*/ 8,
7834					      /*bit_valid*/ 0,
7835					      /*bit*/ 0);
7836			ctl_done((union ctl_io *)ctsio);
7837			return (1);
7838		}
7839	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7840		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7841		int found = 0;
7842
7843		if (res_key == sa_res_key) {
7844			/* special case */
7845			/*
7846			 * The spec implies this is not good but doesn't
7847			 * say what to do. There are two choices either
7848			 * generate a res conflict or check condition
7849			 * with illegal field in parameter data. Since
7850			 * that is what is done when the sa_res_key is
7851			 * zero I'll take that approach since this has
7852			 * to do with the sa_res_key.
7853			 */
7854			mtx_unlock(&lun->lun_lock);
7855			free(ctsio->kern_data_ptr, M_CTL);
7856			ctl_set_invalid_field(ctsio,
7857					      /*sks_valid*/ 1,
7858					      /*command*/ 0,
7859					      /*field*/ 8,
7860					      /*bit_valid*/ 0,
7861					      /*bit*/ 0);
7862			ctl_done((union ctl_io *)ctsio);
7863			return (1);
7864		}
7865
7866		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7867			if (lun->per_res[i].registered
7868			 && memcmp(param->serv_act_res_key,
7869			    lun->per_res[i].res_key.key,
7870			    sizeof(struct scsi_per_res_key)) != 0)
7871				continue;
7872
7873			found = 1;
7874			lun->per_res[i].registered = 0;
7875			memset(&lun->per_res[i].res_key, 0,
7876			       sizeof(struct scsi_per_res_key));
7877			lun->pr_key_count--;
7878
7879			if (!persis_offset
7880			 && i < CTL_MAX_INITIATORS)
7881				lun->pending_sense[i].ua_pending |=
7882					CTL_UA_REG_PREEMPT;
7883			else if (persis_offset
7884			      && i >= persis_offset)
7885				lun->pending_sense[i-persis_offset].ua_pending|=
7886					CTL_UA_REG_PREEMPT;
7887		}
7888		if (!found) {
7889			mtx_unlock(&lun->lun_lock);
7890			free(ctsio->kern_data_ptr, M_CTL);
7891			ctl_set_reservation_conflict(ctsio);
7892			ctl_done((union ctl_io *)ctsio);
7893			return (CTL_RETVAL_COMPLETE);
7894		}
7895		/* send msg to other side */
7896		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7897		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7898		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7899		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7900		persis_io.pr.pr_info.res_type = type;
7901		memcpy(persis_io.pr.pr_info.sa_res_key,
7902		       param->serv_act_res_key,
7903		       sizeof(param->serv_act_res_key));
7904		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7905		     &persis_io, sizeof(persis_io), 0)) >
7906		     CTL_HA_STATUS_SUCCESS) {
7907			printf("CTL:Persis Out error returned from "
7908			       "ctl_ha_msg_send %d\n", isc_retval);
7909		}
7910	} else {
7911		/* Reserved but not all registrants */
7912		/* sa_res_key is res holder */
7913		if (memcmp(param->serv_act_res_key,
7914                   lun->per_res[lun->pr_res_idx].res_key.key,
7915                   sizeof(struct scsi_per_res_key)) == 0) {
7916			/* validate scope and type */
7917			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7918			     SPR_LU_SCOPE) {
7919				mtx_unlock(&lun->lun_lock);
7920				ctl_set_invalid_field(/*ctsio*/ ctsio,
7921						      /*sks_valid*/ 1,
7922						      /*command*/ 1,
7923						      /*field*/ 2,
7924						      /*bit_valid*/ 1,
7925						      /*bit*/ 4);
7926				ctl_done((union ctl_io *)ctsio);
7927				return (1);
7928			}
7929
7930			if (type>8 || type==2 || type==4 || type==0) {
7931				mtx_unlock(&lun->lun_lock);
7932				ctl_set_invalid_field(/*ctsio*/ ctsio,
7933						      /*sks_valid*/ 1,
7934						      /*command*/ 1,
7935						      /*field*/ 2,
7936						      /*bit_valid*/ 1,
7937						      /*bit*/ 0);
7938				ctl_done((union ctl_io *)ctsio);
7939				return (1);
7940			}
7941
7942			/*
7943			 * Do the following:
7944			 * if sa_res_key != res_key remove all
7945			 * registrants w/sa_res_key and generate UA
7946			 * for these registrants(Registrations
7947			 * Preempted) if it wasn't an exclusive
7948			 * reservation generate UA(Reservations
7949			 * Preempted) for all other registered nexuses
7950			 * if the type has changed. Establish the new
7951			 * reservation and holder. If res_key and
7952			 * sa_res_key are the same do the above
7953			 * except don't unregister the res holder.
7954			 */
7955
7956			/*
7957			 * Temporarily unregister so it won't get
7958			 * removed or UA generated
7959			 */
7960			lun->per_res[residx].registered = 0;
7961			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7962				if (lun->per_res[i].registered == 0)
7963					continue;
7964
7965				if (memcmp(param->serv_act_res_key,
7966				    lun->per_res[i].res_key.key,
7967				    sizeof(struct scsi_per_res_key)) == 0) {
7968					lun->per_res[i].registered = 0;
7969					memset(&lun->per_res[i].res_key,
7970					       0,
7971					       sizeof(struct scsi_per_res_key));
7972					lun->pr_key_count--;
7973
7974					if (!persis_offset
7975					 && i < CTL_MAX_INITIATORS)
7976						lun->pending_sense[i
7977							].ua_pending |=
7978							CTL_UA_REG_PREEMPT;
7979					else if (persis_offset
7980					      && i >= persis_offset)
7981						lun->pending_sense[
7982						  i-persis_offset].ua_pending |=
7983						  CTL_UA_REG_PREEMPT;
7984				} else if (type != lun->res_type
7985					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7986					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7987						if (!persis_offset
7988						 && i < CTL_MAX_INITIATORS)
7989							lun->pending_sense[i
7990							].ua_pending |=
7991							CTL_UA_RES_RELEASE;
7992						else if (persis_offset
7993						      && i >= persis_offset)
7994							lun->pending_sense[
7995							i-persis_offset
7996							].ua_pending |=
7997							CTL_UA_RES_RELEASE;
7998				}
7999			}
8000			lun->per_res[residx].registered = 1;
8001			lun->res_type = type;
8002			if (lun->res_type != SPR_TYPE_WR_EX_AR
8003			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8004				lun->pr_res_idx = residx;
8005			else
8006				lun->pr_res_idx =
8007					CTL_PR_ALL_REGISTRANTS;
8008
8009			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8010			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8011			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8012			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8013			persis_io.pr.pr_info.res_type = type;
8014			memcpy(persis_io.pr.pr_info.sa_res_key,
8015			       param->serv_act_res_key,
8016			       sizeof(param->serv_act_res_key));
8017			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8018			     &persis_io, sizeof(persis_io), 0)) >
8019			     CTL_HA_STATUS_SUCCESS) {
8020				printf("CTL:Persis Out error returned "
8021				       "from ctl_ha_msg_send %d\n",
8022				       isc_retval);
8023			}
8024		} else {
8025			/*
8026			 * sa_res_key is not the res holder just
8027			 * remove registrants
8028			 */
8029			int found=0;
8030
8031			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8032				if (memcmp(param->serv_act_res_key,
8033				    lun->per_res[i].res_key.key,
8034				    sizeof(struct scsi_per_res_key)) != 0)
8035					continue;
8036
8037				found = 1;
8038				lun->per_res[i].registered = 0;
8039				memset(&lun->per_res[i].res_key, 0,
8040				       sizeof(struct scsi_per_res_key));
8041				lun->pr_key_count--;
8042
8043				if (!persis_offset
8044				 && i < CTL_MAX_INITIATORS)
8045					lun->pending_sense[i].ua_pending |=
8046						CTL_UA_REG_PREEMPT;
8047				else if (persis_offset
8048				      && i >= persis_offset)
8049					lun->pending_sense[
8050						i-persis_offset].ua_pending |=
8051						CTL_UA_REG_PREEMPT;
8052			}
8053
8054			if (!found) {
8055				mtx_unlock(&lun->lun_lock);
8056				free(ctsio->kern_data_ptr, M_CTL);
8057				ctl_set_reservation_conflict(ctsio);
8058				ctl_done((union ctl_io *)ctsio);
8059		        	return (1);
8060			}
8061			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8062			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8063			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8064			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8065			persis_io.pr.pr_info.res_type = type;
8066			memcpy(persis_io.pr.pr_info.sa_res_key,
8067			       param->serv_act_res_key,
8068			       sizeof(param->serv_act_res_key));
8069			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8070			     &persis_io, sizeof(persis_io), 0)) >
8071			     CTL_HA_STATUS_SUCCESS) {
8072				printf("CTL:Persis Out error returned "
8073				       "from ctl_ha_msg_send %d\n",
8074				isc_retval);
8075			}
8076		}
8077	}
8078
8079	lun->PRGeneration++;
8080	mtx_unlock(&lun->lun_lock);
8081
8082	return (retval);
8083}
8084
8085static void
8086ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8087{
8088	int i;
8089
8090	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8091	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8092	 || memcmp(&lun->per_res[lun->pr_res_idx].res_key,
8093		   msg->pr.pr_info.sa_res_key,
8094		   sizeof(struct scsi_per_res_key)) != 0) {
8095		uint64_t sa_res_key;
8096		sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8097
8098		if (sa_res_key == 0) {
8099			/* temporarily unregister this nexus */
8100			lun->per_res[msg->pr.pr_info.residx].registered = 0;
8101
8102			/*
8103			 * Unregister everybody else and build UA for
8104			 * them
8105			 */
8106			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8107				if (lun->per_res[i].registered == 0)
8108					continue;
8109
8110				if (!persis_offset
8111				 && i < CTL_MAX_INITIATORS)
8112					lun->pending_sense[i].ua_pending |=
8113						CTL_UA_REG_PREEMPT;
8114				else if (persis_offset && i >= persis_offset)
8115					lun->pending_sense[i -
8116						persis_offset].ua_pending |=
8117						CTL_UA_REG_PREEMPT;
8118				lun->per_res[i].registered = 0;
8119				memset(&lun->per_res[i].res_key, 0,
8120				       sizeof(struct scsi_per_res_key));
8121			}
8122
8123			lun->per_res[msg->pr.pr_info.residx].registered = 1;
8124			lun->pr_key_count = 1;
8125			lun->res_type = msg->pr.pr_info.res_type;
8126			if (lun->res_type != SPR_TYPE_WR_EX_AR
8127			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8128				lun->pr_res_idx = msg->pr.pr_info.residx;
8129		} else {
8130		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8131				if (memcmp(msg->pr.pr_info.sa_res_key,
8132		                   lun->per_res[i].res_key.key,
8133		                   sizeof(struct scsi_per_res_key)) != 0)
8134					continue;
8135
8136				lun->per_res[i].registered = 0;
8137				memset(&lun->per_res[i].res_key, 0,
8138				       sizeof(struct scsi_per_res_key));
8139				lun->pr_key_count--;
8140
8141				if (!persis_offset
8142				 && i < persis_offset)
8143					lun->pending_sense[i].ua_pending |=
8144						CTL_UA_REG_PREEMPT;
8145				else if (persis_offset
8146				      && i >= persis_offset)
8147					lun->pending_sense[i -
8148						persis_offset].ua_pending |=
8149						CTL_UA_REG_PREEMPT;
8150			}
8151		}
8152	} else {
8153		/*
8154		 * Temporarily unregister so it won't get removed
8155		 * or UA generated
8156		 */
8157		lun->per_res[msg->pr.pr_info.residx].registered = 0;
8158		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8159			if (lun->per_res[i].registered == 0)
8160				continue;
8161
8162			if (memcmp(msg->pr.pr_info.sa_res_key,
8163	                   lun->per_res[i].res_key.key,
8164	                   sizeof(struct scsi_per_res_key)) == 0) {
8165				lun->per_res[i].registered = 0;
8166				memset(&lun->per_res[i].res_key, 0,
8167				       sizeof(struct scsi_per_res_key));
8168				lun->pr_key_count--;
8169				if (!persis_offset
8170				 && i < CTL_MAX_INITIATORS)
8171					lun->pending_sense[i].ua_pending |=
8172						CTL_UA_REG_PREEMPT;
8173				else if (persis_offset
8174				      && i >= persis_offset)
8175					lun->pending_sense[i -
8176						persis_offset].ua_pending |=
8177						CTL_UA_REG_PREEMPT;
8178			} else if (msg->pr.pr_info.res_type != lun->res_type
8179				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8180				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8181					if (!persis_offset
8182					 && i < persis_offset)
8183						lun->pending_sense[i
8184							].ua_pending |=
8185							CTL_UA_RES_RELEASE;
8186					else if (persis_offset
8187					      && i >= persis_offset)
8188					lun->pending_sense[i -
8189						persis_offset].ua_pending |=
8190						CTL_UA_RES_RELEASE;
8191			}
8192		}
8193		lun->per_res[msg->pr.pr_info.residx].registered = 1;
8194		lun->res_type = msg->pr.pr_info.res_type;
8195		if (lun->res_type != SPR_TYPE_WR_EX_AR
8196		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8197			lun->pr_res_idx = msg->pr.pr_info.residx;
8198		else
8199			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8200	}
8201	lun->PRGeneration++;
8202
8203}
8204
8205
8206int
8207ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8208{
8209	int retval;
8210	int isc_retval;
8211	u_int32_t param_len;
8212	struct scsi_per_res_out *cdb;
8213	struct ctl_lun *lun;
8214	struct scsi_per_res_out_parms* param;
8215	struct ctl_softc *softc;
8216	uint32_t residx;
8217	uint64_t res_key, sa_res_key;
8218	uint8_t type;
8219	union ctl_ha_msg persis_io;
8220	int    i;
8221
8222	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8223
8224	retval = CTL_RETVAL_COMPLETE;
8225
8226	softc = control_softc;
8227
8228	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8229	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8230
8231	/*
8232	 * We only support whole-LUN scope.  The scope & type are ignored for
8233	 * register, register and ignore existing key and clear.
8234	 * We sometimes ignore scope and type on preempts too!!
8235	 * Verify reservation type here as well.
8236	 */
8237	type = cdb->scope_type & SPR_TYPE_MASK;
8238	if ((cdb->action == SPRO_RESERVE)
8239	 || (cdb->action == SPRO_RELEASE)) {
8240		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8241			ctl_set_invalid_field(/*ctsio*/ ctsio,
8242					      /*sks_valid*/ 1,
8243					      /*command*/ 1,
8244					      /*field*/ 2,
8245					      /*bit_valid*/ 1,
8246					      /*bit*/ 4);
8247			ctl_done((union ctl_io *)ctsio);
8248			return (CTL_RETVAL_COMPLETE);
8249		}
8250
8251		if (type>8 || type==2 || type==4 || type==0) {
8252			ctl_set_invalid_field(/*ctsio*/ ctsio,
8253					      /*sks_valid*/ 1,
8254					      /*command*/ 1,
8255					      /*field*/ 2,
8256					      /*bit_valid*/ 1,
8257					      /*bit*/ 0);
8258			ctl_done((union ctl_io *)ctsio);
8259			return (CTL_RETVAL_COMPLETE);
8260		}
8261	}
8262
8263	param_len = scsi_4btoul(cdb->length);
8264
8265	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8266		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8267		ctsio->kern_data_len = param_len;
8268		ctsio->kern_total_len = param_len;
8269		ctsio->kern_data_resid = 0;
8270		ctsio->kern_rel_offset = 0;
8271		ctsio->kern_sg_entries = 0;
8272		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8273		ctsio->be_move_done = ctl_config_move_done;
8274		ctl_datamove((union ctl_io *)ctsio);
8275
8276		return (CTL_RETVAL_COMPLETE);
8277	}
8278
8279	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8280
8281	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8282	res_key = scsi_8btou64(param->res_key.key);
8283	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8284
8285	/*
8286	 * Validate the reservation key here except for SPRO_REG_IGNO
8287	 * This must be done for all other service actions
8288	 */
8289	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8290		mtx_lock(&lun->lun_lock);
8291		if (lun->per_res[residx].registered) {
8292		    if (memcmp(param->res_key.key,
8293			       lun->per_res[residx].res_key.key,
8294			       ctl_min(sizeof(param->res_key),
8295			       sizeof(lun->per_res[residx].res_key))) != 0) {
8296				/*
8297				 * The current key passed in doesn't match
8298				 * the one the initiator previously
8299				 * registered.
8300				 */
8301				mtx_unlock(&lun->lun_lock);
8302				free(ctsio->kern_data_ptr, M_CTL);
8303				ctl_set_reservation_conflict(ctsio);
8304				ctl_done((union ctl_io *)ctsio);
8305				return (CTL_RETVAL_COMPLETE);
8306			}
8307		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8308			/*
8309			 * We are not registered
8310			 */
8311			mtx_unlock(&lun->lun_lock);
8312			free(ctsio->kern_data_ptr, M_CTL);
8313			ctl_set_reservation_conflict(ctsio);
8314			ctl_done((union ctl_io *)ctsio);
8315			return (CTL_RETVAL_COMPLETE);
8316		} else if (res_key != 0) {
8317			/*
8318			 * We are not registered and trying to register but
8319			 * the register key isn't zero.
8320			 */
8321			mtx_unlock(&lun->lun_lock);
8322			free(ctsio->kern_data_ptr, M_CTL);
8323			ctl_set_reservation_conflict(ctsio);
8324			ctl_done((union ctl_io *)ctsio);
8325			return (CTL_RETVAL_COMPLETE);
8326		}
8327		mtx_unlock(&lun->lun_lock);
8328	}
8329
8330	switch (cdb->action & SPRO_ACTION_MASK) {
8331	case SPRO_REGISTER:
8332	case SPRO_REG_IGNO: {
8333
8334#if 0
8335		printf("Registration received\n");
8336#endif
8337
8338		/*
8339		 * We don't support any of these options, as we report in
8340		 * the read capabilities request (see
8341		 * ctl_persistent_reserve_in(), above).
8342		 */
8343		if ((param->flags & SPR_SPEC_I_PT)
8344		 || (param->flags & SPR_ALL_TG_PT)
8345		 || (param->flags & SPR_APTPL)) {
8346			int bit_ptr;
8347
8348			if (param->flags & SPR_APTPL)
8349				bit_ptr = 0;
8350			else if (param->flags & SPR_ALL_TG_PT)
8351				bit_ptr = 2;
8352			else /* SPR_SPEC_I_PT */
8353				bit_ptr = 3;
8354
8355			free(ctsio->kern_data_ptr, M_CTL);
8356			ctl_set_invalid_field(ctsio,
8357					      /*sks_valid*/ 1,
8358					      /*command*/ 0,
8359					      /*field*/ 20,
8360					      /*bit_valid*/ 1,
8361					      /*bit*/ bit_ptr);
8362			ctl_done((union ctl_io *)ctsio);
8363			return (CTL_RETVAL_COMPLETE);
8364		}
8365
8366		mtx_lock(&lun->lun_lock);
8367
8368		/*
8369		 * The initiator wants to clear the
8370		 * key/unregister.
8371		 */
8372		if (sa_res_key == 0) {
8373			if ((res_key == 0
8374			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8375			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8376			  && !lun->per_res[residx].registered)) {
8377				mtx_unlock(&lun->lun_lock);
8378				goto done;
8379			}
8380
8381			lun->per_res[residx].registered = 0;
8382			memset(&lun->per_res[residx].res_key,
8383			       0, sizeof(lun->per_res[residx].res_key));
8384			lun->pr_key_count--;
8385
8386			if (residx == lun->pr_res_idx) {
8387				lun->flags &= ~CTL_LUN_PR_RESERVED;
8388				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8389
8390				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8391				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8392				 && lun->pr_key_count) {
8393					/*
8394					 * If the reservation is a registrants
8395					 * only type we need to generate a UA
8396					 * for other registered inits.  The
8397					 * sense code should be RESERVATIONS
8398					 * RELEASED
8399					 */
8400
8401					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8402						if (lun->per_res[
8403						    i+persis_offset].registered
8404						    == 0)
8405							continue;
8406						lun->pending_sense[i
8407							].ua_pending |=
8408							CTL_UA_RES_RELEASE;
8409					}
8410				}
8411				lun->res_type = 0;
8412			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8413				if (lun->pr_key_count==0) {
8414					lun->flags &= ~CTL_LUN_PR_RESERVED;
8415					lun->res_type = 0;
8416					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8417				}
8418			}
8419			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8420			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8421			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8422			persis_io.pr.pr_info.residx = residx;
8423			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8424			     &persis_io, sizeof(persis_io), 0 )) >
8425			     CTL_HA_STATUS_SUCCESS) {
8426				printf("CTL:Persis Out error returned from "
8427				       "ctl_ha_msg_send %d\n", isc_retval);
8428			}
8429		} else /* sa_res_key != 0 */ {
8430
8431			/*
8432			 * If we aren't registered currently then increment
8433			 * the key count and set the registered flag.
8434			 */
8435			if (!lun->per_res[residx].registered) {
8436				lun->pr_key_count++;
8437				lun->per_res[residx].registered = 1;
8438			}
8439
8440			memcpy(&lun->per_res[residx].res_key,
8441			       param->serv_act_res_key,
8442			       ctl_min(sizeof(param->serv_act_res_key),
8443			       sizeof(lun->per_res[residx].res_key)));
8444
8445			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8446			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8447			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8448			persis_io.pr.pr_info.residx = residx;
8449			memcpy(persis_io.pr.pr_info.sa_res_key,
8450			       param->serv_act_res_key,
8451			       sizeof(param->serv_act_res_key));
8452			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8453			     &persis_io, sizeof(persis_io), 0)) >
8454			     CTL_HA_STATUS_SUCCESS) {
8455				printf("CTL:Persis Out error returned from "
8456				       "ctl_ha_msg_send %d\n", isc_retval);
8457			}
8458		}
8459		lun->PRGeneration++;
8460		mtx_unlock(&lun->lun_lock);
8461
8462		break;
8463	}
8464	case SPRO_RESERVE:
8465#if 0
8466                printf("Reserve executed type %d\n", type);
8467#endif
8468		mtx_lock(&lun->lun_lock);
8469		if (lun->flags & CTL_LUN_PR_RESERVED) {
8470			/*
8471			 * if this isn't the reservation holder and it's
8472			 * not a "all registrants" type or if the type is
8473			 * different then we have a conflict
8474			 */
8475			if ((lun->pr_res_idx != residx
8476			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8477			 || lun->res_type != type) {
8478				mtx_unlock(&lun->lun_lock);
8479				free(ctsio->kern_data_ptr, M_CTL);
8480				ctl_set_reservation_conflict(ctsio);
8481				ctl_done((union ctl_io *)ctsio);
8482				return (CTL_RETVAL_COMPLETE);
8483			}
8484			mtx_unlock(&lun->lun_lock);
8485		} else /* create a reservation */ {
8486			/*
8487			 * If it's not an "all registrants" type record
8488			 * reservation holder
8489			 */
8490			if (type != SPR_TYPE_WR_EX_AR
8491			 && type != SPR_TYPE_EX_AC_AR)
8492				lun->pr_res_idx = residx; /* Res holder */
8493			else
8494				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8495
8496			lun->flags |= CTL_LUN_PR_RESERVED;
8497			lun->res_type = type;
8498
8499			mtx_unlock(&lun->lun_lock);
8500
8501			/* send msg to other side */
8502			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8503			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8504			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8505			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8506			persis_io.pr.pr_info.res_type = type;
8507			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8508			     &persis_io, sizeof(persis_io), 0)) >
8509			     CTL_HA_STATUS_SUCCESS) {
8510				printf("CTL:Persis Out error returned from "
8511				       "ctl_ha_msg_send %d\n", isc_retval);
8512			}
8513		}
8514		break;
8515
8516	case SPRO_RELEASE:
8517		mtx_lock(&lun->lun_lock);
8518		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8519			/* No reservation exists return good status */
8520			mtx_unlock(&lun->lun_lock);
8521			goto done;
8522		}
8523		/*
8524		 * Is this nexus a reservation holder?
8525		 */
8526		if (lun->pr_res_idx != residx
8527		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8528			/*
8529			 * not a res holder return good status but
8530			 * do nothing
8531			 */
8532			mtx_unlock(&lun->lun_lock);
8533			goto done;
8534		}
8535
8536		if (lun->res_type != type) {
8537			mtx_unlock(&lun->lun_lock);
8538			free(ctsio->kern_data_ptr, M_CTL);
8539			ctl_set_illegal_pr_release(ctsio);
8540			ctl_done((union ctl_io *)ctsio);
8541			return (CTL_RETVAL_COMPLETE);
8542		}
8543
8544		/* okay to release */
8545		lun->flags &= ~CTL_LUN_PR_RESERVED;
8546		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8547		lun->res_type = 0;
8548
8549		/*
8550		 * if this isn't an exclusive access
8551		 * res generate UA for all other
8552		 * registrants.
8553		 */
8554		if (type != SPR_TYPE_EX_AC
8555		 && type != SPR_TYPE_WR_EX) {
8556			/*
8557			 * temporarily unregister so we don't generate UA
8558			 */
8559			lun->per_res[residx].registered = 0;
8560
8561			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8562				if (lun->per_res[i+persis_offset].registered
8563				    == 0)
8564					continue;
8565				lun->pending_sense[i].ua_pending |=
8566					CTL_UA_RES_RELEASE;
8567			}
8568
8569			lun->per_res[residx].registered = 1;
8570		}
8571		mtx_unlock(&lun->lun_lock);
8572		/* Send msg to other side */
8573		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8574		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8575		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8576		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8577		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8578			printf("CTL:Persis Out error returned from "
8579			       "ctl_ha_msg_send %d\n", isc_retval);
8580		}
8581		break;
8582
8583	case SPRO_CLEAR:
8584		/* send msg to other side */
8585
8586		mtx_lock(&lun->lun_lock);
8587		lun->flags &= ~CTL_LUN_PR_RESERVED;
8588		lun->res_type = 0;
8589		lun->pr_key_count = 0;
8590		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8591
8592
8593		memset(&lun->per_res[residx].res_key,
8594		       0, sizeof(lun->per_res[residx].res_key));
8595		lun->per_res[residx].registered = 0;
8596
8597		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8598			if (lun->per_res[i].registered) {
8599				if (!persis_offset && i < CTL_MAX_INITIATORS)
8600					lun->pending_sense[i].ua_pending |=
8601						CTL_UA_RES_PREEMPT;
8602				else if (persis_offset && i >= persis_offset)
8603					lun->pending_sense[i-persis_offset
8604					    ].ua_pending |= CTL_UA_RES_PREEMPT;
8605
8606				memset(&lun->per_res[i].res_key,
8607				       0, sizeof(struct scsi_per_res_key));
8608				lun->per_res[i].registered = 0;
8609			}
8610		lun->PRGeneration++;
8611		mtx_unlock(&lun->lun_lock);
8612		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8613		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8614		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8615		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8616		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8617			printf("CTL:Persis Out error returned from "
8618			       "ctl_ha_msg_send %d\n", isc_retval);
8619		}
8620		break;
8621
8622	case SPRO_PREEMPT: {
8623		int nretval;
8624
8625		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8626					  residx, ctsio, cdb, param);
8627		if (nretval != 0)
8628			return (CTL_RETVAL_COMPLETE);
8629		break;
8630	}
8631	default:
8632		panic("Invalid PR type %x", cdb->action);
8633	}
8634
8635done:
8636	free(ctsio->kern_data_ptr, M_CTL);
8637	ctl_set_success(ctsio);
8638	ctl_done((union ctl_io *)ctsio);
8639
8640	return (retval);
8641}
8642
8643/*
8644 * This routine is for handling a message from the other SC pertaining to
8645 * persistent reserve out. All the error checking will have been done
8646 * so only perorming the action need be done here to keep the two
8647 * in sync.
8648 */
8649static void
8650ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8651{
8652	struct ctl_lun *lun;
8653	struct ctl_softc *softc;
8654	int i;
8655	uint32_t targ_lun;
8656
8657	softc = control_softc;
8658
8659	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8660	lun = softc->ctl_luns[targ_lun];
8661	mtx_lock(&lun->lun_lock);
8662	switch(msg->pr.pr_info.action) {
8663	case CTL_PR_REG_KEY:
8664		if (!lun->per_res[msg->pr.pr_info.residx].registered) {
8665			lun->per_res[msg->pr.pr_info.residx].registered = 1;
8666			lun->pr_key_count++;
8667		}
8668		lun->PRGeneration++;
8669		memcpy(&lun->per_res[msg->pr.pr_info.residx].res_key,
8670		       msg->pr.pr_info.sa_res_key,
8671		       sizeof(struct scsi_per_res_key));
8672		break;
8673
8674	case CTL_PR_UNREG_KEY:
8675		lun->per_res[msg->pr.pr_info.residx].registered = 0;
8676		memset(&lun->per_res[msg->pr.pr_info.residx].res_key,
8677		       0, sizeof(struct scsi_per_res_key));
8678		lun->pr_key_count--;
8679
8680		/* XXX Need to see if the reservation has been released */
8681		/* if so do we need to generate UA? */
8682		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8683			lun->flags &= ~CTL_LUN_PR_RESERVED;
8684			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8685
8686			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8687			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8688			 && lun->pr_key_count) {
8689				/*
8690				 * If the reservation is a registrants
8691				 * only type we need to generate a UA
8692				 * for other registered inits.  The
8693				 * sense code should be RESERVATIONS
8694				 * RELEASED
8695				 */
8696
8697				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8698					if (lun->per_res[i+
8699					    persis_offset].registered == 0)
8700						continue;
8701
8702					lun->pending_sense[i
8703						].ua_pending |=
8704						CTL_UA_RES_RELEASE;
8705				}
8706			}
8707			lun->res_type = 0;
8708		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8709			if (lun->pr_key_count==0) {
8710				lun->flags &= ~CTL_LUN_PR_RESERVED;
8711				lun->res_type = 0;
8712				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8713			}
8714		}
8715		lun->PRGeneration++;
8716		break;
8717
8718	case CTL_PR_RESERVE:
8719		lun->flags |= CTL_LUN_PR_RESERVED;
8720		lun->res_type = msg->pr.pr_info.res_type;
8721		lun->pr_res_idx = msg->pr.pr_info.residx;
8722
8723		break;
8724
8725	case CTL_PR_RELEASE:
8726		/*
8727		 * if this isn't an exclusive access res generate UA for all
8728		 * other registrants.
8729		 */
8730		if (lun->res_type != SPR_TYPE_EX_AC
8731		 && lun->res_type != SPR_TYPE_WR_EX) {
8732			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8733				if (lun->per_res[i+persis_offset].registered)
8734					lun->pending_sense[i].ua_pending |=
8735						CTL_UA_RES_RELEASE;
8736		}
8737
8738		lun->flags &= ~CTL_LUN_PR_RESERVED;
8739		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8740		lun->res_type = 0;
8741		break;
8742
8743	case CTL_PR_PREEMPT:
8744		ctl_pro_preempt_other(lun, msg);
8745		break;
8746	case CTL_PR_CLEAR:
8747		lun->flags &= ~CTL_LUN_PR_RESERVED;
8748		lun->res_type = 0;
8749		lun->pr_key_count = 0;
8750		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8751
8752		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8753			if (lun->per_res[i].registered == 0)
8754				continue;
8755			if (!persis_offset
8756			 && i < CTL_MAX_INITIATORS)
8757				lun->pending_sense[i].ua_pending |=
8758					CTL_UA_RES_PREEMPT;
8759			else if (persis_offset
8760			      && i >= persis_offset)
8761   				lun->pending_sense[i-persis_offset].ua_pending|=
8762					CTL_UA_RES_PREEMPT;
8763			memset(&lun->per_res[i].res_key, 0,
8764			       sizeof(struct scsi_per_res_key));
8765			lun->per_res[i].registered = 0;
8766		}
8767		lun->PRGeneration++;
8768		break;
8769	}
8770
8771	mtx_unlock(&lun->lun_lock);
8772}
8773
8774int
8775ctl_read_write(struct ctl_scsiio *ctsio)
8776{
8777	struct ctl_lun *lun;
8778	struct ctl_lba_len_flags *lbalen;
8779	uint64_t lba;
8780	uint32_t num_blocks;
8781	int fua, dpo;
8782	int retval;
8783	int isread;
8784
8785	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8786
8787	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8788
8789	fua = 0;
8790	dpo = 0;
8791
8792	retval = CTL_RETVAL_COMPLETE;
8793
8794	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8795	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8796	if (lun->flags & CTL_LUN_PR_RESERVED && isread) {
8797		uint32_t residx;
8798
8799		/*
8800		 * XXX KDM need a lock here.
8801		 */
8802		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8803		if ((lun->res_type == SPR_TYPE_EX_AC
8804		  && residx != lun->pr_res_idx)
8805		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
8806		   || lun->res_type == SPR_TYPE_EX_AC_AR)
8807		  && !lun->per_res[residx].registered)) {
8808			ctl_set_reservation_conflict(ctsio);
8809			ctl_done((union ctl_io *)ctsio);
8810			return (CTL_RETVAL_COMPLETE);
8811	        }
8812	}
8813
8814	switch (ctsio->cdb[0]) {
8815	case READ_6:
8816	case WRITE_6: {
8817		struct scsi_rw_6 *cdb;
8818
8819		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8820
8821		lba = scsi_3btoul(cdb->addr);
8822		/* only 5 bits are valid in the most significant address byte */
8823		lba &= 0x1fffff;
8824		num_blocks = cdb->length;
8825		/*
8826		 * This is correct according to SBC-2.
8827		 */
8828		if (num_blocks == 0)
8829			num_blocks = 256;
8830		break;
8831	}
8832	case READ_10:
8833	case WRITE_10: {
8834		struct scsi_rw_10 *cdb;
8835
8836		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8837
8838		if (cdb->byte2 & SRW10_FUA)
8839			fua = 1;
8840		if (cdb->byte2 & SRW10_DPO)
8841			dpo = 1;
8842
8843		lba = scsi_4btoul(cdb->addr);
8844		num_blocks = scsi_2btoul(cdb->length);
8845		break;
8846	}
8847	case WRITE_VERIFY_10: {
8848		struct scsi_write_verify_10 *cdb;
8849
8850		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8851
8852		/*
8853		 * XXX KDM we should do actual write verify support at some
8854		 * point.  This is obviously fake, we're just translating
8855		 * things to a write.  So we don't even bother checking the
8856		 * BYTCHK field, since we don't do any verification.  If
8857		 * the user asks for it, we'll just pretend we did it.
8858		 */
8859		if (cdb->byte2 & SWV_DPO)
8860			dpo = 1;
8861
8862		lba = scsi_4btoul(cdb->addr);
8863		num_blocks = scsi_2btoul(cdb->length);
8864		break;
8865	}
8866	case READ_12:
8867	case WRITE_12: {
8868		struct scsi_rw_12 *cdb;
8869
8870		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8871
8872		if (cdb->byte2 & SRW12_FUA)
8873			fua = 1;
8874		if (cdb->byte2 & SRW12_DPO)
8875			dpo = 1;
8876		lba = scsi_4btoul(cdb->addr);
8877		num_blocks = scsi_4btoul(cdb->length);
8878		break;
8879	}
8880	case WRITE_VERIFY_12: {
8881		struct scsi_write_verify_12 *cdb;
8882
8883		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8884
8885		if (cdb->byte2 & SWV_DPO)
8886			dpo = 1;
8887
8888		lba = scsi_4btoul(cdb->addr);
8889		num_blocks = scsi_4btoul(cdb->length);
8890
8891		break;
8892	}
8893	case READ_16:
8894	case WRITE_16: {
8895		struct scsi_rw_16 *cdb;
8896
8897		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8898
8899		if (cdb->byte2 & SRW12_FUA)
8900			fua = 1;
8901		if (cdb->byte2 & SRW12_DPO)
8902			dpo = 1;
8903
8904		lba = scsi_8btou64(cdb->addr);
8905		num_blocks = scsi_4btoul(cdb->length);
8906		break;
8907	}
8908	case WRITE_VERIFY_16: {
8909		struct scsi_write_verify_16 *cdb;
8910
8911		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8912
8913		if (cdb->byte2 & SWV_DPO)
8914			dpo = 1;
8915
8916		lba = scsi_8btou64(cdb->addr);
8917		num_blocks = scsi_4btoul(cdb->length);
8918		break;
8919	}
8920	default:
8921		/*
8922		 * We got a command we don't support.  This shouldn't
8923		 * happen, commands should be filtered out above us.
8924		 */
8925		ctl_set_invalid_opcode(ctsio);
8926		ctl_done((union ctl_io *)ctsio);
8927
8928		return (CTL_RETVAL_COMPLETE);
8929		break; /* NOTREACHED */
8930	}
8931
8932	/*
8933	 * XXX KDM what do we do with the DPO and FUA bits?  FUA might be
8934	 * interesting for us, but if RAIDCore is in write-back mode,
8935	 * getting it to do write-through for a particular transaction may
8936	 * not be possible.
8937	 */
8938
8939	/*
8940	 * The first check is to make sure we're in bounds, the second
8941	 * check is to catch wrap-around problems.  If the lba + num blocks
8942	 * is less than the lba, then we've wrapped around and the block
8943	 * range is invalid anyway.
8944	 */
8945	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8946	 || ((lba + num_blocks) < lba)) {
8947		ctl_set_lba_out_of_range(ctsio);
8948		ctl_done((union ctl_io *)ctsio);
8949		return (CTL_RETVAL_COMPLETE);
8950	}
8951
8952	/*
8953	 * According to SBC-3, a transfer length of 0 is not an error.
8954	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8955	 * translates to 256 blocks for those commands.
8956	 */
8957	if (num_blocks == 0) {
8958		ctl_set_success(ctsio);
8959		ctl_done((union ctl_io *)ctsio);
8960		return (CTL_RETVAL_COMPLETE);
8961	}
8962
8963	lbalen = (struct ctl_lba_len_flags *)
8964	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8965	lbalen->lba = lba;
8966	lbalen->len = num_blocks;
8967	lbalen->flags = isread ? CTL_LLF_READ : CTL_LLF_WRITE;
8968
8969	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8970	ctsio->kern_rel_offset = 0;
8971
8972	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8973
8974	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8975
8976	return (retval);
8977}
8978
8979static int
8980ctl_cnw_cont(union ctl_io *io)
8981{
8982	struct ctl_scsiio *ctsio;
8983	struct ctl_lun *lun;
8984	struct ctl_lba_len_flags *lbalen;
8985	int retval;
8986
8987	ctsio = &io->scsiio;
8988	ctsio->io_hdr.status = CTL_STATUS_NONE;
8989	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8990	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8991	lbalen = (struct ctl_lba_len_flags *)
8992	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8993	lbalen->flags = CTL_LLF_WRITE;
8994
8995	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8996	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8997	return (retval);
8998}
8999
9000int
9001ctl_cnw(struct ctl_scsiio *ctsio)
9002{
9003	struct ctl_lun *lun;
9004	struct ctl_lba_len_flags *lbalen;
9005	uint64_t lba;
9006	uint32_t num_blocks;
9007	int fua, dpo;
9008	int retval;
9009
9010	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9011
9012	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9013
9014	fua = 0;
9015	dpo = 0;
9016
9017	retval = CTL_RETVAL_COMPLETE;
9018
9019	switch (ctsio->cdb[0]) {
9020	case COMPARE_AND_WRITE: {
9021		struct scsi_compare_and_write *cdb;
9022
9023		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9024
9025		if (cdb->byte2 & SRW10_FUA)
9026			fua = 1;
9027		if (cdb->byte2 & SRW10_DPO)
9028			dpo = 1;
9029		lba = scsi_8btou64(cdb->addr);
9030		num_blocks = cdb->length;
9031		break;
9032	}
9033	default:
9034		/*
9035		 * We got a command we don't support.  This shouldn't
9036		 * happen, commands should be filtered out above us.
9037		 */
9038		ctl_set_invalid_opcode(ctsio);
9039		ctl_done((union ctl_io *)ctsio);
9040
9041		return (CTL_RETVAL_COMPLETE);
9042		break; /* NOTREACHED */
9043	}
9044
9045	/*
9046	 * XXX KDM what do we do with the DPO and FUA bits?  FUA might be
9047	 * interesting for us, but if RAIDCore is in write-back mode,
9048	 * getting it to do write-through for a particular transaction may
9049	 * not be possible.
9050	 */
9051
9052	/*
9053	 * The first check is to make sure we're in bounds, the second
9054	 * check is to catch wrap-around problems.  If the lba + num blocks
9055	 * is less than the lba, then we've wrapped around and the block
9056	 * range is invalid anyway.
9057	 */
9058	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9059	 || ((lba + num_blocks) < lba)) {
9060		ctl_set_lba_out_of_range(ctsio);
9061		ctl_done((union ctl_io *)ctsio);
9062		return (CTL_RETVAL_COMPLETE);
9063	}
9064
9065	/*
9066	 * According to SBC-3, a transfer length of 0 is not an error.
9067	 */
9068	if (num_blocks == 0) {
9069		ctl_set_success(ctsio);
9070		ctl_done((union ctl_io *)ctsio);
9071		return (CTL_RETVAL_COMPLETE);
9072	}
9073
9074	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9075	ctsio->kern_rel_offset = 0;
9076
9077	/*
9078	 * Set the IO_CONT flag, so that if this I/O gets passed to
9079	 * ctl_data_submit_done(), it'll get passed back to
9080	 * ctl_ctl_cnw_cont() for further processing.
9081	 */
9082	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9083	ctsio->io_cont = ctl_cnw_cont;
9084
9085	lbalen = (struct ctl_lba_len_flags *)
9086	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9087	lbalen->lba = lba;
9088	lbalen->len = num_blocks;
9089	lbalen->flags = CTL_LLF_COMPARE;
9090
9091	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9092	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9093	return (retval);
9094}
9095
9096int
9097ctl_verify(struct ctl_scsiio *ctsio)
9098{
9099	struct ctl_lun *lun;
9100	struct ctl_lba_len_flags *lbalen;
9101	uint64_t lba;
9102	uint32_t num_blocks;
9103	int bytchk, dpo;
9104	int retval;
9105
9106	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9107
9108	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9109
9110	bytchk = 0;
9111	dpo = 0;
9112	retval = CTL_RETVAL_COMPLETE;
9113
9114	switch (ctsio->cdb[0]) {
9115	case VERIFY_10: {
9116		struct scsi_verify_10 *cdb;
9117
9118		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9119		if (cdb->byte2 & SVFY_BYTCHK)
9120			bytchk = 1;
9121		if (cdb->byte2 & SVFY_DPO)
9122			dpo = 1;
9123		lba = scsi_4btoul(cdb->addr);
9124		num_blocks = scsi_2btoul(cdb->length);
9125		break;
9126	}
9127	case VERIFY_12: {
9128		struct scsi_verify_12 *cdb;
9129
9130		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9131		if (cdb->byte2 & SVFY_BYTCHK)
9132			bytchk = 1;
9133		if (cdb->byte2 & SVFY_DPO)
9134			dpo = 1;
9135		lba = scsi_4btoul(cdb->addr);
9136		num_blocks = scsi_4btoul(cdb->length);
9137		break;
9138	}
9139	case VERIFY_16: {
9140		struct scsi_rw_16 *cdb;
9141
9142		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9143		if (cdb->byte2 & SVFY_BYTCHK)
9144			bytchk = 1;
9145		if (cdb->byte2 & SVFY_DPO)
9146			dpo = 1;
9147		lba = scsi_8btou64(cdb->addr);
9148		num_blocks = scsi_4btoul(cdb->length);
9149		break;
9150	}
9151	default:
9152		/*
9153		 * We got a command we don't support.  This shouldn't
9154		 * happen, commands should be filtered out above us.
9155		 */
9156		ctl_set_invalid_opcode(ctsio);
9157		ctl_done((union ctl_io *)ctsio);
9158		return (CTL_RETVAL_COMPLETE);
9159	}
9160
9161	/*
9162	 * The first check is to make sure we're in bounds, the second
9163	 * check is to catch wrap-around problems.  If the lba + num blocks
9164	 * is less than the lba, then we've wrapped around and the block
9165	 * range is invalid anyway.
9166	 */
9167	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9168	 || ((lba + num_blocks) < lba)) {
9169		ctl_set_lba_out_of_range(ctsio);
9170		ctl_done((union ctl_io *)ctsio);
9171		return (CTL_RETVAL_COMPLETE);
9172	}
9173
9174	/*
9175	 * According to SBC-3, a transfer length of 0 is not an error.
9176	 */
9177	if (num_blocks == 0) {
9178		ctl_set_success(ctsio);
9179		ctl_done((union ctl_io *)ctsio);
9180		return (CTL_RETVAL_COMPLETE);
9181	}
9182
9183	lbalen = (struct ctl_lba_len_flags *)
9184	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9185	lbalen->lba = lba;
9186	lbalen->len = num_blocks;
9187	if (bytchk) {
9188		lbalen->flags = CTL_LLF_COMPARE;
9189		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9190	} else {
9191		lbalen->flags = CTL_LLF_VERIFY;
9192		ctsio->kern_total_len = 0;
9193	}
9194	ctsio->kern_rel_offset = 0;
9195
9196	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9197	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9198	return (retval);
9199}
9200
9201int
9202ctl_report_luns(struct ctl_scsiio *ctsio)
9203{
9204	struct scsi_report_luns *cdb;
9205	struct scsi_report_luns_data *lun_data;
9206	struct ctl_lun *lun, *request_lun;
9207	int num_luns, retval;
9208	uint32_t alloc_len, lun_datalen;
9209	int num_filled, well_known;
9210	uint32_t initidx, targ_lun_id, lun_id;
9211
9212	retval = CTL_RETVAL_COMPLETE;
9213	well_known = 0;
9214
9215	cdb = (struct scsi_report_luns *)ctsio->cdb;
9216
9217	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9218
9219	mtx_lock(&control_softc->ctl_lock);
9220	num_luns = control_softc->num_luns;
9221	mtx_unlock(&control_softc->ctl_lock);
9222
9223	switch (cdb->select_report) {
9224	case RPL_REPORT_DEFAULT:
9225	case RPL_REPORT_ALL:
9226		break;
9227	case RPL_REPORT_WELLKNOWN:
9228		well_known = 1;
9229		num_luns = 0;
9230		break;
9231	default:
9232		ctl_set_invalid_field(ctsio,
9233				      /*sks_valid*/ 1,
9234				      /*command*/ 1,
9235				      /*field*/ 2,
9236				      /*bit_valid*/ 0,
9237				      /*bit*/ 0);
9238		ctl_done((union ctl_io *)ctsio);
9239		return (retval);
9240		break; /* NOTREACHED */
9241	}
9242
9243	alloc_len = scsi_4btoul(cdb->length);
9244	/*
9245	 * The initiator has to allocate at least 16 bytes for this request,
9246	 * so he can at least get the header and the first LUN.  Otherwise
9247	 * we reject the request (per SPC-3 rev 14, section 6.21).
9248	 */
9249	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9250	    sizeof(struct scsi_report_luns_lundata))) {
9251		ctl_set_invalid_field(ctsio,
9252				      /*sks_valid*/ 1,
9253				      /*command*/ 1,
9254				      /*field*/ 6,
9255				      /*bit_valid*/ 0,
9256				      /*bit*/ 0);
9257		ctl_done((union ctl_io *)ctsio);
9258		return (retval);
9259	}
9260
9261	request_lun = (struct ctl_lun *)
9262		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9263
9264	lun_datalen = sizeof(*lun_data) +
9265		(num_luns * sizeof(struct scsi_report_luns_lundata));
9266
9267	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9268	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9269	ctsio->kern_sg_entries = 0;
9270
9271	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9272
9273	mtx_lock(&control_softc->ctl_lock);
9274	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9275		lun_id = ctl_map_lun(ctsio->io_hdr.nexus.targ_port, targ_lun_id);
9276		if (lun_id >= CTL_MAX_LUNS)
9277			continue;
9278		lun = control_softc->ctl_luns[lun_id];
9279		if (lun == NULL)
9280			continue;
9281
9282		if (targ_lun_id <= 0xff) {
9283			/*
9284			 * Peripheral addressing method, bus number 0.
9285			 */
9286			lun_data->luns[num_filled].lundata[0] =
9287				RPL_LUNDATA_ATYP_PERIPH;
9288			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9289			num_filled++;
9290		} else if (targ_lun_id <= 0x3fff) {
9291			/*
9292			 * Flat addressing method.
9293			 */
9294			lun_data->luns[num_filled].lundata[0] =
9295				RPL_LUNDATA_ATYP_FLAT |
9296				(targ_lun_id & RPL_LUNDATA_FLAT_LUN_MASK);
9297#ifdef OLDCTLHEADERS
9298				(SRLD_ADDR_FLAT << SRLD_ADDR_SHIFT) |
9299				(targ_lun_id & SRLD_BUS_LUN_MASK);
9300#endif
9301			lun_data->luns[num_filled].lundata[1] =
9302#ifdef OLDCTLHEADERS
9303				targ_lun_id >> SRLD_BUS_LUN_BITS;
9304#endif
9305				targ_lun_id >> RPL_LUNDATA_FLAT_LUN_BITS;
9306			num_filled++;
9307		} else {
9308			printf("ctl_report_luns: bogus LUN number %jd, "
9309			       "skipping\n", (intmax_t)targ_lun_id);
9310		}
9311		/*
9312		 * According to SPC-3, rev 14 section 6.21:
9313		 *
9314		 * "The execution of a REPORT LUNS command to any valid and
9315		 * installed logical unit shall clear the REPORTED LUNS DATA
9316		 * HAS CHANGED unit attention condition for all logical
9317		 * units of that target with respect to the requesting
9318		 * initiator. A valid and installed logical unit is one
9319		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9320		 * INQUIRY data (see 6.4.2)."
9321		 *
9322		 * If request_lun is NULL, the LUN this report luns command
9323		 * was issued to is either disabled or doesn't exist. In that
9324		 * case, we shouldn't clear any pending lun change unit
9325		 * attention.
9326		 */
9327		if (request_lun != NULL) {
9328			mtx_lock(&lun->lun_lock);
9329			lun->pending_sense[initidx].ua_pending &=
9330				~CTL_UA_LUN_CHANGE;
9331			mtx_unlock(&lun->lun_lock);
9332		}
9333	}
9334	mtx_unlock(&control_softc->ctl_lock);
9335
9336	/*
9337	 * It's quite possible that we've returned fewer LUNs than we allocated
9338	 * space for.  Trim it.
9339	 */
9340	lun_datalen = sizeof(*lun_data) +
9341		(num_filled * sizeof(struct scsi_report_luns_lundata));
9342
9343	if (lun_datalen < alloc_len) {
9344		ctsio->residual = alloc_len - lun_datalen;
9345		ctsio->kern_data_len = lun_datalen;
9346		ctsio->kern_total_len = lun_datalen;
9347	} else {
9348		ctsio->residual = 0;
9349		ctsio->kern_data_len = alloc_len;
9350		ctsio->kern_total_len = alloc_len;
9351	}
9352	ctsio->kern_data_resid = 0;
9353	ctsio->kern_rel_offset = 0;
9354	ctsio->kern_sg_entries = 0;
9355
9356	/*
9357	 * We set this to the actual data length, regardless of how much
9358	 * space we actually have to return results.  If the user looks at
9359	 * this value, he'll know whether or not he allocated enough space
9360	 * and reissue the command if necessary.  We don't support well
9361	 * known logical units, so if the user asks for that, return none.
9362	 */
9363	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9364
9365	/*
9366	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9367	 * this request.
9368	 */
9369	ctsio->scsi_status = SCSI_STATUS_OK;
9370
9371	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9372	ctsio->be_move_done = ctl_config_move_done;
9373	ctl_datamove((union ctl_io *)ctsio);
9374
9375	return (retval);
9376}
9377
9378int
9379ctl_request_sense(struct ctl_scsiio *ctsio)
9380{
9381	struct scsi_request_sense *cdb;
9382	struct scsi_sense_data *sense_ptr;
9383	struct ctl_lun *lun;
9384	uint32_t initidx;
9385	int have_error;
9386	scsi_sense_data_type sense_format;
9387
9388	cdb = (struct scsi_request_sense *)ctsio->cdb;
9389
9390	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9391
9392	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9393
9394	/*
9395	 * Determine which sense format the user wants.
9396	 */
9397	if (cdb->byte2 & SRS_DESC)
9398		sense_format = SSD_TYPE_DESC;
9399	else
9400		sense_format = SSD_TYPE_FIXED;
9401
9402	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9403	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9404	ctsio->kern_sg_entries = 0;
9405
9406	/*
9407	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9408	 * larger than the largest allowed value for the length field in the
9409	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9410	 */
9411	ctsio->residual = 0;
9412	ctsio->kern_data_len = cdb->length;
9413	ctsio->kern_total_len = cdb->length;
9414
9415	ctsio->kern_data_resid = 0;
9416	ctsio->kern_rel_offset = 0;
9417	ctsio->kern_sg_entries = 0;
9418
9419	/*
9420	 * If we don't have a LUN, we don't have any pending sense.
9421	 */
9422	if (lun == NULL)
9423		goto no_sense;
9424
9425	have_error = 0;
9426	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9427	/*
9428	 * Check for pending sense, and then for pending unit attentions.
9429	 * Pending sense gets returned first, then pending unit attentions.
9430	 */
9431	mtx_lock(&lun->lun_lock);
9432	if (ctl_is_set(lun->have_ca, initidx)) {
9433		scsi_sense_data_type stored_format;
9434
9435		/*
9436		 * Check to see which sense format was used for the stored
9437		 * sense data.
9438		 */
9439		stored_format = scsi_sense_type(
9440		    &lun->pending_sense[initidx].sense);
9441
9442		/*
9443		 * If the user requested a different sense format than the
9444		 * one we stored, then we need to convert it to the other
9445		 * format.  If we're going from descriptor to fixed format
9446		 * sense data, we may lose things in translation, depending
9447		 * on what options were used.
9448		 *
9449		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9450		 * for some reason we'll just copy it out as-is.
9451		 */
9452		if ((stored_format == SSD_TYPE_FIXED)
9453		 && (sense_format == SSD_TYPE_DESC))
9454			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9455			    &lun->pending_sense[initidx].sense,
9456			    (struct scsi_sense_data_desc *)sense_ptr);
9457		else if ((stored_format == SSD_TYPE_DESC)
9458		      && (sense_format == SSD_TYPE_FIXED))
9459			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9460			    &lun->pending_sense[initidx].sense,
9461			    (struct scsi_sense_data_fixed *)sense_ptr);
9462		else
9463			memcpy(sense_ptr, &lun->pending_sense[initidx].sense,
9464			       ctl_min(sizeof(*sense_ptr),
9465			       sizeof(lun->pending_sense[initidx].sense)));
9466
9467		ctl_clear_mask(lun->have_ca, initidx);
9468		have_error = 1;
9469	} else if (lun->pending_sense[initidx].ua_pending != CTL_UA_NONE) {
9470		ctl_ua_type ua_type;
9471
9472		ua_type = ctl_build_ua(lun->pending_sense[initidx].ua_pending,
9473				       sense_ptr, sense_format);
9474		if (ua_type != CTL_UA_NONE) {
9475			have_error = 1;
9476			/* We're reporting this UA, so clear it */
9477			lun->pending_sense[initidx].ua_pending &= ~ua_type;
9478		}
9479	}
9480	mtx_unlock(&lun->lun_lock);
9481
9482	/*
9483	 * We already have a pending error, return it.
9484	 */
9485	if (have_error != 0) {
9486		/*
9487		 * We report the SCSI status as OK, since the status of the
9488		 * request sense command itself is OK.
9489		 */
9490		ctsio->scsi_status = SCSI_STATUS_OK;
9491
9492		/*
9493		 * We report 0 for the sense length, because we aren't doing
9494		 * autosense in this case.  We're reporting sense as
9495		 * parameter data.
9496		 */
9497		ctsio->sense_len = 0;
9498		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9499		ctsio->be_move_done = ctl_config_move_done;
9500		ctl_datamove((union ctl_io *)ctsio);
9501
9502		return (CTL_RETVAL_COMPLETE);
9503	}
9504
9505no_sense:
9506
9507	/*
9508	 * No sense information to report, so we report that everything is
9509	 * okay.
9510	 */
9511	ctl_set_sense_data(sense_ptr,
9512			   lun,
9513			   sense_format,
9514			   /*current_error*/ 1,
9515			   /*sense_key*/ SSD_KEY_NO_SENSE,
9516			   /*asc*/ 0x00,
9517			   /*ascq*/ 0x00,
9518			   SSD_ELEM_NONE);
9519
9520	ctsio->scsi_status = SCSI_STATUS_OK;
9521
9522	/*
9523	 * We report 0 for the sense length, because we aren't doing
9524	 * autosense in this case.  We're reporting sense as parameter data.
9525	 */
9526	ctsio->sense_len = 0;
9527	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9528	ctsio->be_move_done = ctl_config_move_done;
9529	ctl_datamove((union ctl_io *)ctsio);
9530
9531	return (CTL_RETVAL_COMPLETE);
9532}
9533
9534int
9535ctl_tur(struct ctl_scsiio *ctsio)
9536{
9537	struct ctl_lun *lun;
9538
9539	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9540
9541	CTL_DEBUG_PRINT(("ctl_tur\n"));
9542
9543	if (lun == NULL)
9544		return (EINVAL);
9545
9546	ctsio->scsi_status = SCSI_STATUS_OK;
9547	ctsio->io_hdr.status = CTL_SUCCESS;
9548
9549	ctl_done((union ctl_io *)ctsio);
9550
9551	return (CTL_RETVAL_COMPLETE);
9552}
9553
9554#ifdef notyet
9555static int
9556ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9557{
9558
9559}
9560#endif
9561
9562static int
9563ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9564{
9565	struct scsi_vpd_supported_pages *pages;
9566	int sup_page_size;
9567	struct ctl_lun *lun;
9568
9569	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9570
9571	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9572	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9573	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9574	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9575	ctsio->kern_sg_entries = 0;
9576
9577	if (sup_page_size < alloc_len) {
9578		ctsio->residual = alloc_len - sup_page_size;
9579		ctsio->kern_data_len = sup_page_size;
9580		ctsio->kern_total_len = sup_page_size;
9581	} else {
9582		ctsio->residual = 0;
9583		ctsio->kern_data_len = alloc_len;
9584		ctsio->kern_total_len = alloc_len;
9585	}
9586	ctsio->kern_data_resid = 0;
9587	ctsio->kern_rel_offset = 0;
9588	ctsio->kern_sg_entries = 0;
9589
9590	/*
9591	 * The control device is always connected.  The disk device, on the
9592	 * other hand, may not be online all the time.  Need to change this
9593	 * to figure out whether the disk device is actually online or not.
9594	 */
9595	if (lun != NULL)
9596		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9597				lun->be_lun->lun_type;
9598	else
9599		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9600
9601	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
9602	/* Supported VPD pages */
9603	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
9604	/* Serial Number */
9605	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
9606	/* Device Identification */
9607	pages->page_list[2] = SVPD_DEVICE_ID;
9608	/* Block limits */
9609	pages->page_list[3] = SVPD_BLOCK_LIMITS;
9610	/* Logical Block Provisioning */
9611	pages->page_list[4] = SVPD_LBP;
9612
9613	ctsio->scsi_status = SCSI_STATUS_OK;
9614
9615	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9616	ctsio->be_move_done = ctl_config_move_done;
9617	ctl_datamove((union ctl_io *)ctsio);
9618
9619	return (CTL_RETVAL_COMPLETE);
9620}
9621
9622static int
9623ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9624{
9625	struct scsi_vpd_unit_serial_number *sn_ptr;
9626	struct ctl_lun *lun;
9627
9628	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9629
9630	ctsio->kern_data_ptr = malloc(sizeof(*sn_ptr), M_CTL, M_WAITOK | M_ZERO);
9631	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9632	ctsio->kern_sg_entries = 0;
9633
9634	if (sizeof(*sn_ptr) < alloc_len) {
9635		ctsio->residual = alloc_len - sizeof(*sn_ptr);
9636		ctsio->kern_data_len = sizeof(*sn_ptr);
9637		ctsio->kern_total_len = sizeof(*sn_ptr);
9638	} else {
9639		ctsio->residual = 0;
9640		ctsio->kern_data_len = alloc_len;
9641		ctsio->kern_total_len = alloc_len;
9642	}
9643	ctsio->kern_data_resid = 0;
9644	ctsio->kern_rel_offset = 0;
9645	ctsio->kern_sg_entries = 0;
9646
9647	/*
9648	 * The control device is always connected.  The disk device, on the
9649	 * other hand, may not be online all the time.  Need to change this
9650	 * to figure out whether the disk device is actually online or not.
9651	 */
9652	if (lun != NULL)
9653		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9654				  lun->be_lun->lun_type;
9655	else
9656		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9657
9658	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9659	sn_ptr->length = ctl_min(sizeof(*sn_ptr) - 4, CTL_SN_LEN);
9660	/*
9661	 * If we don't have a LUN, we just leave the serial number as
9662	 * all spaces.
9663	 */
9664	memset(sn_ptr->serial_num, 0x20, sizeof(sn_ptr->serial_num));
9665	if (lun != NULL) {
9666		strncpy((char *)sn_ptr->serial_num,
9667			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9668	}
9669	ctsio->scsi_status = SCSI_STATUS_OK;
9670
9671	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9672	ctsio->be_move_done = ctl_config_move_done;
9673	ctl_datamove((union ctl_io *)ctsio);
9674
9675	return (CTL_RETVAL_COMPLETE);
9676}
9677
9678
9679static int
9680ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9681{
9682	struct scsi_vpd_device_id *devid_ptr;
9683	struct scsi_vpd_id_descriptor *desc;
9684	struct ctl_softc *ctl_softc;
9685	struct ctl_lun *lun;
9686	struct ctl_port *port;
9687	int data_len;
9688	uint8_t proto;
9689
9690	ctl_softc = control_softc;
9691
9692	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9693	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9694
9695	data_len = sizeof(struct scsi_vpd_device_id) +
9696	    sizeof(struct scsi_vpd_id_descriptor) +
9697		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9698	    sizeof(struct scsi_vpd_id_descriptor) +
9699		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9700	if (lun && lun->lun_devid)
9701		data_len += lun->lun_devid->len;
9702	if (port->port_devid)
9703		data_len += port->port_devid->len;
9704	if (port->target_devid)
9705		data_len += port->target_devid->len;
9706
9707	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9708	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9709	ctsio->kern_sg_entries = 0;
9710
9711	if (data_len < alloc_len) {
9712		ctsio->residual = alloc_len - data_len;
9713		ctsio->kern_data_len = data_len;
9714		ctsio->kern_total_len = data_len;
9715	} else {
9716		ctsio->residual = 0;
9717		ctsio->kern_data_len = alloc_len;
9718		ctsio->kern_total_len = alloc_len;
9719	}
9720	ctsio->kern_data_resid = 0;
9721	ctsio->kern_rel_offset = 0;
9722	ctsio->kern_sg_entries = 0;
9723
9724	/*
9725	 * The control device is always connected.  The disk device, on the
9726	 * other hand, may not be online all the time.
9727	 */
9728	if (lun != NULL)
9729		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9730				     lun->be_lun->lun_type;
9731	else
9732		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9733	devid_ptr->page_code = SVPD_DEVICE_ID;
9734	scsi_ulto2b(data_len - 4, devid_ptr->length);
9735
9736	if (port->port_type == CTL_PORT_FC)
9737		proto = SCSI_PROTO_FC << 4;
9738	else if (port->port_type == CTL_PORT_ISCSI)
9739		proto = SCSI_PROTO_ISCSI << 4;
9740	else
9741		proto = SCSI_PROTO_SPI << 4;
9742	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9743
9744	/*
9745	 * We're using a LUN association here.  i.e., this device ID is a
9746	 * per-LUN identifier.
9747	 */
9748	if (lun && lun->lun_devid) {
9749		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9750		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9751		    lun->lun_devid->len);
9752	}
9753
9754	/*
9755	 * This is for the WWPN which is a port association.
9756	 */
9757	if (port->port_devid) {
9758		memcpy(desc, port->port_devid->data, port->port_devid->len);
9759		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9760		    port->port_devid->len);
9761	}
9762
9763	/*
9764	 * This is for the Relative Target Port(type 4h) identifier
9765	 */
9766	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9767	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9768	    SVPD_ID_TYPE_RELTARG;
9769	desc->length = 4;
9770	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9771	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9772	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9773
9774	/*
9775	 * This is for the Target Port Group(type 5h) identifier
9776	 */
9777	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9778	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9779	    SVPD_ID_TYPE_TPORTGRP;
9780	desc->length = 4;
9781	if (ctsio->io_hdr.nexus.targ_port < CTL_MAX_PORTS || ctl_is_single)
9782		scsi_ulto2b(1, &desc->identifier[2]);
9783	else
9784		scsi_ulto2b(2, &desc->identifier[2]);
9785	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9786	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9787
9788	/*
9789	 * This is for the Target identifier
9790	 */
9791	if (port->target_devid) {
9792		memcpy(desc, port->target_devid->data, port->target_devid->len);
9793	}
9794
9795	ctsio->scsi_status = SCSI_STATUS_OK;
9796	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9797	ctsio->be_move_done = ctl_config_move_done;
9798	ctl_datamove((union ctl_io *)ctsio);
9799
9800	return (CTL_RETVAL_COMPLETE);
9801}
9802
9803static int
9804ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9805{
9806	struct scsi_vpd_block_limits *bl_ptr;
9807	struct ctl_lun *lun;
9808	int bs;
9809
9810	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9811	bs = lun->be_lun->blocksize;
9812
9813	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9814	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9815	ctsio->kern_sg_entries = 0;
9816
9817	if (sizeof(*bl_ptr) < alloc_len) {
9818		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9819		ctsio->kern_data_len = sizeof(*bl_ptr);
9820		ctsio->kern_total_len = sizeof(*bl_ptr);
9821	} else {
9822		ctsio->residual = 0;
9823		ctsio->kern_data_len = alloc_len;
9824		ctsio->kern_total_len = alloc_len;
9825	}
9826	ctsio->kern_data_resid = 0;
9827	ctsio->kern_rel_offset = 0;
9828	ctsio->kern_sg_entries = 0;
9829
9830	/*
9831	 * The control device is always connected.  The disk device, on the
9832	 * other hand, may not be online all the time.  Need to change this
9833	 * to figure out whether the disk device is actually online or not.
9834	 */
9835	if (lun != NULL)
9836		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9837				  lun->be_lun->lun_type;
9838	else
9839		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9840
9841	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9842	scsi_ulto2b(sizeof(*bl_ptr), bl_ptr->page_length);
9843	bl_ptr->max_cmp_write_len = 0xff;
9844	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9845	scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
9846	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9847		scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9848		scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9849	}
9850	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9851
9852	ctsio->scsi_status = SCSI_STATUS_OK;
9853	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9854	ctsio->be_move_done = ctl_config_move_done;
9855	ctl_datamove((union ctl_io *)ctsio);
9856
9857	return (CTL_RETVAL_COMPLETE);
9858}
9859
9860static int
9861ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9862{
9863	struct scsi_vpd_logical_block_prov *lbp_ptr;
9864	struct ctl_lun *lun;
9865	int bs;
9866
9867	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9868	bs = lun->be_lun->blocksize;
9869
9870	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9871	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9872	ctsio->kern_sg_entries = 0;
9873
9874	if (sizeof(*lbp_ptr) < alloc_len) {
9875		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9876		ctsio->kern_data_len = sizeof(*lbp_ptr);
9877		ctsio->kern_total_len = sizeof(*lbp_ptr);
9878	} else {
9879		ctsio->residual = 0;
9880		ctsio->kern_data_len = alloc_len;
9881		ctsio->kern_total_len = alloc_len;
9882	}
9883	ctsio->kern_data_resid = 0;
9884	ctsio->kern_rel_offset = 0;
9885	ctsio->kern_sg_entries = 0;
9886
9887	/*
9888	 * The control device is always connected.  The disk device, on the
9889	 * other hand, may not be online all the time.  Need to change this
9890	 * to figure out whether the disk device is actually online or not.
9891	 */
9892	if (lun != NULL)
9893		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9894				  lun->be_lun->lun_type;
9895	else
9896		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9897
9898	lbp_ptr->page_code = SVPD_LBP;
9899	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
9900		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 | SVPD_LBP_WS10;
9901
9902	ctsio->scsi_status = SCSI_STATUS_OK;
9903	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9904	ctsio->be_move_done = ctl_config_move_done;
9905	ctl_datamove((union ctl_io *)ctsio);
9906
9907	return (CTL_RETVAL_COMPLETE);
9908}
9909
9910static int
9911ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9912{
9913	struct scsi_inquiry *cdb;
9914	struct ctl_lun *lun;
9915	int alloc_len, retval;
9916
9917	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9918	cdb = (struct scsi_inquiry *)ctsio->cdb;
9919
9920	retval = CTL_RETVAL_COMPLETE;
9921
9922	alloc_len = scsi_2btoul(cdb->length);
9923
9924	switch (cdb->page_code) {
9925	case SVPD_SUPPORTED_PAGES:
9926		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9927		break;
9928	case SVPD_UNIT_SERIAL_NUMBER:
9929		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9930		break;
9931	case SVPD_DEVICE_ID:
9932		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9933		break;
9934	case SVPD_BLOCK_LIMITS:
9935		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9936		break;
9937	case SVPD_LBP:
9938		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9939		break;
9940	default:
9941		ctl_set_invalid_field(ctsio,
9942				      /*sks_valid*/ 1,
9943				      /*command*/ 1,
9944				      /*field*/ 2,
9945				      /*bit_valid*/ 0,
9946				      /*bit*/ 0);
9947		ctl_done((union ctl_io *)ctsio);
9948		retval = CTL_RETVAL_COMPLETE;
9949		break;
9950	}
9951
9952	return (retval);
9953}
9954
9955static int
9956ctl_inquiry_std(struct ctl_scsiio *ctsio)
9957{
9958	struct scsi_inquiry_data *inq_ptr;
9959	struct scsi_inquiry *cdb;
9960	struct ctl_softc *ctl_softc;
9961	struct ctl_lun *lun;
9962	char *val;
9963	uint32_t alloc_len;
9964	int is_fc;
9965
9966	ctl_softc = control_softc;
9967
9968	/*
9969	 * Figure out whether we're talking to a Fibre Channel port or not.
9970	 * We treat the ioctl front end, and any SCSI adapters, as packetized
9971	 * SCSI front ends.
9972	 */
9973	if (ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type !=
9974	    CTL_PORT_FC)
9975		is_fc = 0;
9976	else
9977		is_fc = 1;
9978
9979	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9980	cdb = (struct scsi_inquiry *)ctsio->cdb;
9981	alloc_len = scsi_2btoul(cdb->length);
9982
9983	/*
9984	 * We malloc the full inquiry data size here and fill it
9985	 * in.  If the user only asks for less, we'll give him
9986	 * that much.
9987	 */
9988	ctsio->kern_data_ptr = malloc(sizeof(*inq_ptr), M_CTL, M_WAITOK | M_ZERO);
9989	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
9990	ctsio->kern_sg_entries = 0;
9991	ctsio->kern_data_resid = 0;
9992	ctsio->kern_rel_offset = 0;
9993
9994	if (sizeof(*inq_ptr) < alloc_len) {
9995		ctsio->residual = alloc_len - sizeof(*inq_ptr);
9996		ctsio->kern_data_len = sizeof(*inq_ptr);
9997		ctsio->kern_total_len = sizeof(*inq_ptr);
9998	} else {
9999		ctsio->residual = 0;
10000		ctsio->kern_data_len = alloc_len;
10001		ctsio->kern_total_len = alloc_len;
10002	}
10003
10004	/*
10005	 * If we have a LUN configured, report it as connected.  Otherwise,
10006	 * report that it is offline or no device is supported, depending
10007	 * on the value of inquiry_pq_no_lun.
10008	 *
10009	 * According to the spec (SPC-4 r34), the peripheral qualifier
10010	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10011	 *
10012	 * "A peripheral device having the specified peripheral device type
10013	 * is not connected to this logical unit. However, the device
10014	 * server is capable of supporting the specified peripheral device
10015	 * type on this logical unit."
10016	 *
10017	 * According to the same spec, the peripheral qualifier
10018	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10019	 *
10020	 * "The device server is not capable of supporting a peripheral
10021	 * device on this logical unit. For this peripheral qualifier the
10022	 * peripheral device type shall be set to 1Fh. All other peripheral
10023	 * device type values are reserved for this peripheral qualifier."
10024	 *
10025	 * Given the text, it would seem that we probably want to report that
10026	 * the LUN is offline here.  There is no LUN connected, but we can
10027	 * support a LUN at the given LUN number.
10028	 *
10029	 * In the real world, though, it sounds like things are a little
10030	 * different:
10031	 *
10032	 * - Linux, when presented with a LUN with the offline peripheral
10033	 *   qualifier, will create an sg driver instance for it.  So when
10034	 *   you attach it to CTL, you wind up with a ton of sg driver
10035	 *   instances.  (One for every LUN that Linux bothered to probe.)
10036	 *   Linux does this despite the fact that it issues a REPORT LUNs
10037	 *   to LUN 0 to get the inventory of supported LUNs.
10038	 *
10039	 * - There is other anecdotal evidence (from Emulex folks) about
10040	 *   arrays that use the offline peripheral qualifier for LUNs that
10041	 *   are on the "passive" path in an active/passive array.
10042	 *
10043	 * So the solution is provide a hopefully reasonable default
10044	 * (return bad/no LUN) and allow the user to change the behavior
10045	 * with a tunable/sysctl variable.
10046	 */
10047	if (lun != NULL)
10048		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10049				  lun->be_lun->lun_type;
10050	else if (ctl_softc->inquiry_pq_no_lun == 0)
10051		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10052	else
10053		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10054
10055	/* RMB in byte 2 is 0 */
10056	inq_ptr->version = SCSI_REV_SPC3;
10057
10058	/*
10059	 * According to SAM-3, even if a device only supports a single
10060	 * level of LUN addressing, it should still set the HISUP bit:
10061	 *
10062	 * 4.9.1 Logical unit numbers overview
10063	 *
10064	 * All logical unit number formats described in this standard are
10065	 * hierarchical in structure even when only a single level in that
10066	 * hierarchy is used. The HISUP bit shall be set to one in the
10067	 * standard INQUIRY data (see SPC-2) when any logical unit number
10068	 * format described in this standard is used.  Non-hierarchical
10069	 * formats are outside the scope of this standard.
10070	 *
10071	 * Therefore we set the HiSup bit here.
10072	 *
10073	 * The reponse format is 2, per SPC-3.
10074	 */
10075	inq_ptr->response_format = SID_HiSup | 2;
10076
10077	inq_ptr->additional_length = sizeof(*inq_ptr) - 4;
10078	CTL_DEBUG_PRINT(("additional_length = %d\n",
10079			 inq_ptr->additional_length));
10080
10081	inq_ptr->spc3_flags = SPC3_SID_TPGS_IMPLICIT;
10082	/* 16 bit addressing */
10083	if (is_fc == 0)
10084		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10085	/* XXX set the SID_MultiP bit here if we're actually going to
10086	   respond on multiple ports */
10087	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10088
10089	/* 16 bit data bus, synchronous transfers */
10090	/* XXX these flags don't apply for FC */
10091	if (is_fc == 0)
10092		inq_ptr->flags = SID_WBus16 | SID_Sync;
10093	/*
10094	 * XXX KDM do we want to support tagged queueing on the control
10095	 * device at all?
10096	 */
10097	if ((lun == NULL)
10098	 || (lun->be_lun->lun_type != T_PROCESSOR))
10099		inq_ptr->flags |= SID_CmdQue;
10100	/*
10101	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10102	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10103	 * name and 4 bytes for the revision.
10104	 */
10105	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10106	    "vendor")) == NULL) {
10107		strcpy(inq_ptr->vendor, CTL_VENDOR);
10108	} else {
10109		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10110		strncpy(inq_ptr->vendor, val,
10111		    min(sizeof(inq_ptr->vendor), strlen(val)));
10112	}
10113	if (lun == NULL) {
10114		strcpy(inq_ptr->product, CTL_DIRECT_PRODUCT);
10115	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10116		switch (lun->be_lun->lun_type) {
10117		case T_DIRECT:
10118			strcpy(inq_ptr->product, CTL_DIRECT_PRODUCT);
10119			break;
10120		case T_PROCESSOR:
10121			strcpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT);
10122			break;
10123		default:
10124			strcpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT);
10125			break;
10126		}
10127	} else {
10128		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10129		strncpy(inq_ptr->product, val,
10130		    min(sizeof(inq_ptr->product), strlen(val)));
10131	}
10132
10133	/*
10134	 * XXX make this a macro somewhere so it automatically gets
10135	 * incremented when we make changes.
10136	 */
10137	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10138	    "revision")) == NULL) {
10139		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10140	} else {
10141		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10142		strncpy(inq_ptr->revision, val,
10143		    min(sizeof(inq_ptr->revision), strlen(val)));
10144	}
10145
10146	/*
10147	 * For parallel SCSI, we support double transition and single
10148	 * transition clocking.  We also support QAS (Quick Arbitration
10149	 * and Selection) and Information Unit transfers on both the
10150	 * control and array devices.
10151	 */
10152	if (is_fc == 0)
10153		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10154				    SID_SPI_IUS;
10155
10156	/* SAM-3 */
10157	scsi_ulto2b(0x0060, inq_ptr->version1);
10158	/* SPC-3 (no version claimed) XXX should we claim a version? */
10159	scsi_ulto2b(0x0300, inq_ptr->version2);
10160	if (is_fc) {
10161		/* FCP-2 ANSI INCITS.350:2003 */
10162		scsi_ulto2b(0x0917, inq_ptr->version3);
10163	} else {
10164		/* SPI-4 ANSI INCITS.362:200x */
10165		scsi_ulto2b(0x0B56, inq_ptr->version3);
10166	}
10167
10168	if (lun == NULL) {
10169		/* SBC-2 (no version claimed) XXX should we claim a version? */
10170		scsi_ulto2b(0x0320, inq_ptr->version4);
10171	} else {
10172		switch (lun->be_lun->lun_type) {
10173		case T_DIRECT:
10174			/*
10175			 * SBC-2 (no version claimed) XXX should we claim a
10176			 * version?
10177			 */
10178			scsi_ulto2b(0x0320, inq_ptr->version4);
10179			break;
10180		case T_PROCESSOR:
10181		default:
10182			break;
10183		}
10184	}
10185
10186	ctsio->scsi_status = SCSI_STATUS_OK;
10187	if (ctsio->kern_data_len > 0) {
10188		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10189		ctsio->be_move_done = ctl_config_move_done;
10190		ctl_datamove((union ctl_io *)ctsio);
10191	} else {
10192		ctsio->io_hdr.status = CTL_SUCCESS;
10193		ctl_done((union ctl_io *)ctsio);
10194	}
10195
10196	return (CTL_RETVAL_COMPLETE);
10197}
10198
10199int
10200ctl_inquiry(struct ctl_scsiio *ctsio)
10201{
10202	struct scsi_inquiry *cdb;
10203	int retval;
10204
10205	cdb = (struct scsi_inquiry *)ctsio->cdb;
10206
10207	retval = 0;
10208
10209	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10210
10211	/*
10212	 * Right now, we don't support the CmdDt inquiry information.
10213	 * This would be nice to support in the future.  When we do
10214	 * support it, we should change this test so that it checks to make
10215	 * sure SI_EVPD and SI_CMDDT aren't both set at the same time.
10216	 */
10217#ifdef notyet
10218	if (((cdb->byte2 & SI_EVPD)
10219	 && (cdb->byte2 & SI_CMDDT)))
10220#endif
10221	if (cdb->byte2 & SI_CMDDT) {
10222		/*
10223		 * Point to the SI_CMDDT bit.  We might change this
10224		 * when we support SI_CMDDT, but since both bits would be
10225		 * "wrong", this should probably just stay as-is then.
10226		 */
10227		ctl_set_invalid_field(ctsio,
10228				      /*sks_valid*/ 1,
10229				      /*command*/ 1,
10230				      /*field*/ 1,
10231				      /*bit_valid*/ 1,
10232				      /*bit*/ 1);
10233		ctl_done((union ctl_io *)ctsio);
10234		return (CTL_RETVAL_COMPLETE);
10235	}
10236	if (cdb->byte2 & SI_EVPD)
10237		retval = ctl_inquiry_evpd(ctsio);
10238#ifdef notyet
10239	else if (cdb->byte2 & SI_CMDDT)
10240		retval = ctl_inquiry_cmddt(ctsio);
10241#endif
10242	else
10243		retval = ctl_inquiry_std(ctsio);
10244
10245	return (retval);
10246}
10247
10248/*
10249 * For known CDB types, parse the LBA and length.
10250 */
10251static int
10252ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint32_t *len)
10253{
10254	if (io->io_hdr.io_type != CTL_IO_SCSI)
10255		return (1);
10256
10257	switch (io->scsiio.cdb[0]) {
10258	case COMPARE_AND_WRITE: {
10259		struct scsi_compare_and_write *cdb;
10260
10261		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10262
10263		*lba = scsi_8btou64(cdb->addr);
10264		*len = cdb->length;
10265		break;
10266	}
10267	case READ_6:
10268	case WRITE_6: {
10269		struct scsi_rw_6 *cdb;
10270
10271		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10272
10273		*lba = scsi_3btoul(cdb->addr);
10274		/* only 5 bits are valid in the most significant address byte */
10275		*lba &= 0x1fffff;
10276		*len = cdb->length;
10277		break;
10278	}
10279	case READ_10:
10280	case WRITE_10: {
10281		struct scsi_rw_10 *cdb;
10282
10283		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10284
10285		*lba = scsi_4btoul(cdb->addr);
10286		*len = scsi_2btoul(cdb->length);
10287		break;
10288	}
10289	case WRITE_VERIFY_10: {
10290		struct scsi_write_verify_10 *cdb;
10291
10292		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10293
10294		*lba = scsi_4btoul(cdb->addr);
10295		*len = scsi_2btoul(cdb->length);
10296		break;
10297	}
10298	case READ_12:
10299	case WRITE_12: {
10300		struct scsi_rw_12 *cdb;
10301
10302		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10303
10304		*lba = scsi_4btoul(cdb->addr);
10305		*len = scsi_4btoul(cdb->length);
10306		break;
10307	}
10308	case WRITE_VERIFY_12: {
10309		struct scsi_write_verify_12 *cdb;
10310
10311		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10312
10313		*lba = scsi_4btoul(cdb->addr);
10314		*len = scsi_4btoul(cdb->length);
10315		break;
10316	}
10317	case READ_16:
10318	case WRITE_16: {
10319		struct scsi_rw_16 *cdb;
10320
10321		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10322
10323		*lba = scsi_8btou64(cdb->addr);
10324		*len = scsi_4btoul(cdb->length);
10325		break;
10326	}
10327	case WRITE_VERIFY_16: {
10328		struct scsi_write_verify_16 *cdb;
10329
10330		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10331
10332
10333		*lba = scsi_8btou64(cdb->addr);
10334		*len = scsi_4btoul(cdb->length);
10335		break;
10336	}
10337	case WRITE_SAME_10: {
10338		struct scsi_write_same_10 *cdb;
10339
10340		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10341
10342		*lba = scsi_4btoul(cdb->addr);
10343		*len = scsi_2btoul(cdb->length);
10344		break;
10345	}
10346	case WRITE_SAME_16: {
10347		struct scsi_write_same_16 *cdb;
10348
10349		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10350
10351		*lba = scsi_8btou64(cdb->addr);
10352		*len = scsi_4btoul(cdb->length);
10353		break;
10354	}
10355	case VERIFY_10: {
10356		struct scsi_verify_10 *cdb;
10357
10358		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10359
10360		*lba = scsi_4btoul(cdb->addr);
10361		*len = scsi_2btoul(cdb->length);
10362		break;
10363	}
10364	case VERIFY_12: {
10365		struct scsi_verify_12 *cdb;
10366
10367		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10368
10369		*lba = scsi_4btoul(cdb->addr);
10370		*len = scsi_4btoul(cdb->length);
10371		break;
10372	}
10373	case VERIFY_16: {
10374		struct scsi_verify_16 *cdb;
10375
10376		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10377
10378		*lba = scsi_8btou64(cdb->addr);
10379		*len = scsi_4btoul(cdb->length);
10380		break;
10381	}
10382	default:
10383		return (1);
10384		break; /* NOTREACHED */
10385	}
10386
10387	return (0);
10388}
10389
10390static ctl_action
10391ctl_extent_check_lba(uint64_t lba1, uint32_t len1, uint64_t lba2, uint32_t len2)
10392{
10393	uint64_t endlba1, endlba2;
10394
10395	endlba1 = lba1 + len1 - 1;
10396	endlba2 = lba2 + len2 - 1;
10397
10398	if ((endlba1 < lba2)
10399	 || (endlba2 < lba1))
10400		return (CTL_ACTION_PASS);
10401	else
10402		return (CTL_ACTION_BLOCK);
10403}
10404
10405static ctl_action
10406ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
10407{
10408	uint64_t lba1, lba2;
10409	uint32_t len1, len2;
10410	int retval;
10411
10412	retval = ctl_get_lba_len(io1, &lba1, &len1);
10413	if (retval != 0)
10414		return (CTL_ACTION_ERROR);
10415
10416	retval = ctl_get_lba_len(io2, &lba2, &len2);
10417	if (retval != 0)
10418		return (CTL_ACTION_ERROR);
10419
10420	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
10421}
10422
10423static ctl_action
10424ctl_check_for_blockage(union ctl_io *pending_io, union ctl_io *ooa_io)
10425{
10426	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10427	ctl_serialize_action *serialize_row;
10428
10429	/*
10430	 * The initiator attempted multiple untagged commands at the same
10431	 * time.  Can't do that.
10432	 */
10433	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10434	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10435	 && ((pending_io->io_hdr.nexus.targ_port ==
10436	      ooa_io->io_hdr.nexus.targ_port)
10437	  && (pending_io->io_hdr.nexus.initid.id ==
10438	      ooa_io->io_hdr.nexus.initid.id))
10439	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10440		return (CTL_ACTION_OVERLAP);
10441
10442	/*
10443	 * The initiator attempted to send multiple tagged commands with
10444	 * the same ID.  (It's fine if different initiators have the same
10445	 * tag ID.)
10446	 *
10447	 * Even if all of those conditions are true, we don't kill the I/O
10448	 * if the command ahead of us has been aborted.  We won't end up
10449	 * sending it to the FETD, and it's perfectly legal to resend a
10450	 * command with the same tag number as long as the previous
10451	 * instance of this tag number has been aborted somehow.
10452	 */
10453	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10454	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10455	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10456	 && ((pending_io->io_hdr.nexus.targ_port ==
10457	      ooa_io->io_hdr.nexus.targ_port)
10458	  && (pending_io->io_hdr.nexus.initid.id ==
10459	      ooa_io->io_hdr.nexus.initid.id))
10460	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10461		return (CTL_ACTION_OVERLAP_TAG);
10462
10463	/*
10464	 * If we get a head of queue tag, SAM-3 says that we should
10465	 * immediately execute it.
10466	 *
10467	 * What happens if this command would normally block for some other
10468	 * reason?  e.g. a request sense with a head of queue tag
10469	 * immediately after a write.  Normally that would block, but this
10470	 * will result in its getting executed immediately...
10471	 *
10472	 * We currently return "pass" instead of "skip", so we'll end up
10473	 * going through the rest of the queue to check for overlapped tags.
10474	 *
10475	 * XXX KDM check for other types of blockage first??
10476	 */
10477	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10478		return (CTL_ACTION_PASS);
10479
10480	/*
10481	 * Ordered tags have to block until all items ahead of them
10482	 * have completed.  If we get called with an ordered tag, we always
10483	 * block, if something else is ahead of us in the queue.
10484	 */
10485	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10486		return (CTL_ACTION_BLOCK);
10487
10488	/*
10489	 * Simple tags get blocked until all head of queue and ordered tags
10490	 * ahead of them have completed.  I'm lumping untagged commands in
10491	 * with simple tags here.  XXX KDM is that the right thing to do?
10492	 */
10493	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10494	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10495	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10496	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10497		return (CTL_ACTION_BLOCK);
10498
10499	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio);
10500	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio);
10501
10502	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10503
10504	switch (serialize_row[pending_entry->seridx]) {
10505	case CTL_SER_BLOCK:
10506		return (CTL_ACTION_BLOCK);
10507		break; /* NOTREACHED */
10508	case CTL_SER_EXTENT:
10509		return (ctl_extent_check(pending_io, ooa_io));
10510		break; /* NOTREACHED */
10511	case CTL_SER_PASS:
10512		return (CTL_ACTION_PASS);
10513		break; /* NOTREACHED */
10514	case CTL_SER_SKIP:
10515		return (CTL_ACTION_SKIP);
10516		break;
10517	default:
10518		panic("invalid serialization value %d",
10519		      serialize_row[pending_entry->seridx]);
10520		break; /* NOTREACHED */
10521	}
10522
10523	return (CTL_ACTION_ERROR);
10524}
10525
10526/*
10527 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10528 * Assumptions:
10529 * - pending_io is generally either incoming, or on the blocked queue
10530 * - starting I/O is the I/O we want to start the check with.
10531 */
10532static ctl_action
10533ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10534	      union ctl_io *starting_io)
10535{
10536	union ctl_io *ooa_io;
10537	ctl_action action;
10538
10539	mtx_assert(&lun->lun_lock, MA_OWNED);
10540
10541	/*
10542	 * Run back along the OOA queue, starting with the current
10543	 * blocked I/O and going through every I/O before it on the
10544	 * queue.  If starting_io is NULL, we'll just end up returning
10545	 * CTL_ACTION_PASS.
10546	 */
10547	for (ooa_io = starting_io; ooa_io != NULL;
10548	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10549	     ooa_links)){
10550
10551		/*
10552		 * This routine just checks to see whether
10553		 * cur_blocked is blocked by ooa_io, which is ahead
10554		 * of it in the queue.  It doesn't queue/dequeue
10555		 * cur_blocked.
10556		 */
10557		action = ctl_check_for_blockage(pending_io, ooa_io);
10558		switch (action) {
10559		case CTL_ACTION_BLOCK:
10560		case CTL_ACTION_OVERLAP:
10561		case CTL_ACTION_OVERLAP_TAG:
10562		case CTL_ACTION_SKIP:
10563		case CTL_ACTION_ERROR:
10564			return (action);
10565			break; /* NOTREACHED */
10566		case CTL_ACTION_PASS:
10567			break;
10568		default:
10569			panic("invalid action %d", action);
10570			break;  /* NOTREACHED */
10571		}
10572	}
10573
10574	return (CTL_ACTION_PASS);
10575}
10576
10577/*
10578 * Assumptions:
10579 * - An I/O has just completed, and has been removed from the per-LUN OOA
10580 *   queue, so some items on the blocked queue may now be unblocked.
10581 */
10582static int
10583ctl_check_blocked(struct ctl_lun *lun)
10584{
10585	union ctl_io *cur_blocked, *next_blocked;
10586
10587	mtx_assert(&lun->lun_lock, MA_OWNED);
10588
10589	/*
10590	 * Run forward from the head of the blocked queue, checking each
10591	 * entry against the I/Os prior to it on the OOA queue to see if
10592	 * there is still any blockage.
10593	 *
10594	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10595	 * with our removing a variable on it while it is traversing the
10596	 * list.
10597	 */
10598	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10599	     cur_blocked != NULL; cur_blocked = next_blocked) {
10600		union ctl_io *prev_ooa;
10601		ctl_action action;
10602
10603		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10604							  blocked_links);
10605
10606		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10607						      ctl_ooaq, ooa_links);
10608
10609		/*
10610		 * If cur_blocked happens to be the first item in the OOA
10611		 * queue now, prev_ooa will be NULL, and the action
10612		 * returned will just be CTL_ACTION_PASS.
10613		 */
10614		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10615
10616		switch (action) {
10617		case CTL_ACTION_BLOCK:
10618			/* Nothing to do here, still blocked */
10619			break;
10620		case CTL_ACTION_OVERLAP:
10621		case CTL_ACTION_OVERLAP_TAG:
10622			/*
10623			 * This shouldn't happen!  In theory we've already
10624			 * checked this command for overlap...
10625			 */
10626			break;
10627		case CTL_ACTION_PASS:
10628		case CTL_ACTION_SKIP: {
10629			struct ctl_softc *softc;
10630			const struct ctl_cmd_entry *entry;
10631			uint32_t initidx;
10632			int isc_retval;
10633
10634			/*
10635			 * The skip case shouldn't happen, this transaction
10636			 * should have never made it onto the blocked queue.
10637			 */
10638			/*
10639			 * This I/O is no longer blocked, we can remove it
10640			 * from the blocked queue.  Since this is a TAILQ
10641			 * (doubly linked list), we can do O(1) removals
10642			 * from any place on the list.
10643			 */
10644			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10645				     blocked_links);
10646			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10647
10648			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
10649				/*
10650				 * Need to send IO back to original side to
10651				 * run
10652				 */
10653				union ctl_ha_msg msg_info;
10654
10655				msg_info.hdr.original_sc =
10656					cur_blocked->io_hdr.original_sc;
10657				msg_info.hdr.serializing_sc = cur_blocked;
10658				msg_info.hdr.msg_type = CTL_MSG_R2R;
10659				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
10660				     &msg_info, sizeof(msg_info), 0)) >
10661				     CTL_HA_STATUS_SUCCESS) {
10662					printf("CTL:Check Blocked error from "
10663					       "ctl_ha_msg_send %d\n",
10664					       isc_retval);
10665				}
10666				break;
10667			}
10668			entry = ctl_get_cmd_entry(&cur_blocked->scsiio);
10669			softc = control_softc;
10670
10671			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
10672
10673			/*
10674			 * Check this I/O for LUN state changes that may
10675			 * have happened while this command was blocked.
10676			 * The LUN state may have been changed by a command
10677			 * ahead of us in the queue, so we need to re-check
10678			 * for any states that can be caused by SCSI
10679			 * commands.
10680			 */
10681			if (ctl_scsiio_lun_check(softc, lun, entry,
10682						 &cur_blocked->scsiio) == 0) {
10683				cur_blocked->io_hdr.flags |=
10684				                      CTL_FLAG_IS_WAS_ON_RTR;
10685				ctl_enqueue_rtr(cur_blocked);
10686			} else
10687				ctl_done(cur_blocked);
10688			break;
10689		}
10690		default:
10691			/*
10692			 * This probably shouldn't happen -- we shouldn't
10693			 * get CTL_ACTION_ERROR, or anything else.
10694			 */
10695			break;
10696		}
10697	}
10698
10699	return (CTL_RETVAL_COMPLETE);
10700}
10701
10702/*
10703 * This routine (with one exception) checks LUN flags that can be set by
10704 * commands ahead of us in the OOA queue.  These flags have to be checked
10705 * when a command initially comes in, and when we pull a command off the
10706 * blocked queue and are preparing to execute it.  The reason we have to
10707 * check these flags for commands on the blocked queue is that the LUN
10708 * state may have been changed by a command ahead of us while we're on the
10709 * blocked queue.
10710 *
10711 * Ordering is somewhat important with these checks, so please pay
10712 * careful attention to the placement of any new checks.
10713 */
10714static int
10715ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
10716    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10717{
10718	int retval;
10719
10720	retval = 0;
10721
10722	mtx_assert(&lun->lun_lock, MA_OWNED);
10723
10724	/*
10725	 * If this shelf is a secondary shelf controller, we have to reject
10726	 * any media access commands.
10727	 */
10728#if 0
10729	/* No longer needed for HA */
10730	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
10731	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
10732		ctl_set_lun_standby(ctsio);
10733		retval = 1;
10734		goto bailout;
10735	}
10736#endif
10737
10738	/*
10739	 * Check for a reservation conflict.  If this command isn't allowed
10740	 * even on reserved LUNs, and if this initiator isn't the one who
10741	 * reserved us, reject the command with a reservation conflict.
10742	 */
10743	if ((lun->flags & CTL_LUN_RESERVED)
10744	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10745		if ((ctsio->io_hdr.nexus.initid.id != lun->rsv_nexus.initid.id)
10746		 || (ctsio->io_hdr.nexus.targ_port != lun->rsv_nexus.targ_port)
10747		 || (ctsio->io_hdr.nexus.targ_target.id !=
10748		     lun->rsv_nexus.targ_target.id)) {
10749			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
10750			ctsio->io_hdr.status = CTL_SCSI_ERROR;
10751			retval = 1;
10752			goto bailout;
10753		}
10754	}
10755
10756	if ( (lun->flags & CTL_LUN_PR_RESERVED)
10757	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV) == 0)) {
10758		uint32_t residx;
10759
10760		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
10761		/*
10762		 * if we aren't registered or it's a res holder type
10763		 * reservation and this isn't the res holder then set a
10764		 * conflict.
10765		 * NOTE: Commands which might be allowed on write exclusive
10766		 * type reservations are checked in the particular command
10767		 * for a conflict. Read and SSU are the only ones.
10768		 */
10769		if (!lun->per_res[residx].registered
10770		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10771			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
10772			ctsio->io_hdr.status = CTL_SCSI_ERROR;
10773			retval = 1;
10774			goto bailout;
10775		}
10776
10777	}
10778
10779	if ((lun->flags & CTL_LUN_OFFLINE)
10780	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
10781		ctl_set_lun_not_ready(ctsio);
10782		retval = 1;
10783		goto bailout;
10784	}
10785
10786	/*
10787	 * If the LUN is stopped, see if this particular command is allowed
10788	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
10789	 */
10790	if ((lun->flags & CTL_LUN_STOPPED)
10791	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10792		/* "Logical unit not ready, initializing cmd. required" */
10793		ctl_set_lun_stopped(ctsio);
10794		retval = 1;
10795		goto bailout;
10796	}
10797
10798	if ((lun->flags & CTL_LUN_INOPERABLE)
10799	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10800		/* "Medium format corrupted" */
10801		ctl_set_medium_format_corrupted(ctsio);
10802		retval = 1;
10803		goto bailout;
10804	}
10805
10806bailout:
10807	return (retval);
10808
10809}
10810
10811static void
10812ctl_failover_io(union ctl_io *io, int have_lock)
10813{
10814	ctl_set_busy(&io->scsiio);
10815	ctl_done(io);
10816}
10817
10818static void
10819ctl_failover(void)
10820{
10821	struct ctl_lun *lun;
10822	struct ctl_softc *ctl_softc;
10823	union ctl_io *next_io, *pending_io;
10824	union ctl_io *io;
10825	int lun_idx;
10826	int i;
10827
10828	ctl_softc = control_softc;
10829
10830	mtx_lock(&ctl_softc->ctl_lock);
10831	/*
10832	 * Remove any cmds from the other SC from the rtr queue.  These
10833	 * will obviously only be for LUNs for which we're the primary.
10834	 * We can't send status or get/send data for these commands.
10835	 * Since they haven't been executed yet, we can just remove them.
10836	 * We'll either abort them or delete them below, depending on
10837	 * which HA mode we're in.
10838	 */
10839#ifdef notyet
10840	mtx_lock(&ctl_softc->queue_lock);
10841	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
10842	     io != NULL; io = next_io) {
10843		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
10844		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10845			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
10846				      ctl_io_hdr, links);
10847	}
10848	mtx_unlock(&ctl_softc->queue_lock);
10849#endif
10850
10851	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
10852		lun = ctl_softc->ctl_luns[lun_idx];
10853		if (lun==NULL)
10854			continue;
10855
10856		/*
10857		 * Processor LUNs are primary on both sides.
10858		 * XXX will this always be true?
10859		 */
10860		if (lun->be_lun->lun_type == T_PROCESSOR)
10861			continue;
10862
10863		if ((lun->flags & CTL_LUN_PRIMARY_SC)
10864		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10865			printf("FAILOVER: primary lun %d\n", lun_idx);
10866		        /*
10867			 * Remove all commands from the other SC. First from the
10868			 * blocked queue then from the ooa queue. Once we have
10869			 * removed them. Call ctl_check_blocked to see if there
10870			 * is anything that can run.
10871			 */
10872			for (io = (union ctl_io *)TAILQ_FIRST(
10873			     &lun->blocked_queue); io != NULL; io = next_io) {
10874
10875		        	next_io = (union ctl_io *)TAILQ_NEXT(
10876				    &io->io_hdr, blocked_links);
10877
10878				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10879					TAILQ_REMOVE(&lun->blocked_queue,
10880						     &io->io_hdr,blocked_links);
10881					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10882					TAILQ_REMOVE(&lun->ooa_queue,
10883						     &io->io_hdr, ooa_links);
10884
10885					ctl_free_io(io);
10886				}
10887			}
10888
10889			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10890	     		     io != NULL; io = next_io) {
10891
10892		        	next_io = (union ctl_io *)TAILQ_NEXT(
10893				    &io->io_hdr, ooa_links);
10894
10895				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10896
10897					TAILQ_REMOVE(&lun->ooa_queue,
10898						&io->io_hdr,
10899					     	ooa_links);
10900
10901					ctl_free_io(io);
10902				}
10903			}
10904			ctl_check_blocked(lun);
10905		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
10906			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
10907
10908			printf("FAILOVER: primary lun %d\n", lun_idx);
10909			/*
10910			 * Abort all commands from the other SC.  We can't
10911			 * send status back for them now.  These should get
10912			 * cleaned up when they are completed or come out
10913			 * for a datamove operation.
10914			 */
10915			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10916	     		     io != NULL; io = next_io) {
10917		        	next_io = (union ctl_io *)TAILQ_NEXT(
10918					&io->io_hdr, ooa_links);
10919
10920				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10921					io->io_hdr.flags |= CTL_FLAG_ABORT;
10922			}
10923		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10924			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
10925
10926			printf("FAILOVER: secondary lun %d\n", lun_idx);
10927
10928			lun->flags |= CTL_LUN_PRIMARY_SC;
10929
10930			/*
10931			 * We send all I/O that was sent to this controller
10932			 * and redirected to the other side back with
10933			 * busy status, and have the initiator retry it.
10934			 * Figuring out how much data has been transferred,
10935			 * etc. and picking up where we left off would be
10936			 * very tricky.
10937			 *
10938			 * XXX KDM need to remove I/O from the blocked
10939			 * queue as well!
10940			 */
10941			for (pending_io = (union ctl_io *)TAILQ_FIRST(
10942			     &lun->ooa_queue); pending_io != NULL;
10943			     pending_io = next_io) {
10944
10945				next_io =  (union ctl_io *)TAILQ_NEXT(
10946					&pending_io->io_hdr, ooa_links);
10947
10948				pending_io->io_hdr.flags &=
10949					~CTL_FLAG_SENT_2OTHER_SC;
10950
10951				if (pending_io->io_hdr.flags &
10952				    CTL_FLAG_IO_ACTIVE) {
10953					pending_io->io_hdr.flags |=
10954						CTL_FLAG_FAILOVER;
10955				} else {
10956					ctl_set_busy(&pending_io->scsiio);
10957					ctl_done(pending_io);
10958				}
10959			}
10960
10961			/*
10962			 * Build Unit Attention
10963			 */
10964			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
10965				lun->pending_sense[i].ua_pending |=
10966				                     CTL_UA_ASYM_ACC_CHANGE;
10967			}
10968		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10969			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10970			printf("FAILOVER: secondary lun %d\n", lun_idx);
10971			/*
10972			 * if the first io on the OOA is not on the RtR queue
10973			 * add it.
10974			 */
10975			lun->flags |= CTL_LUN_PRIMARY_SC;
10976
10977			pending_io = (union ctl_io *)TAILQ_FIRST(
10978			    &lun->ooa_queue);
10979			if (pending_io==NULL) {
10980				printf("Nothing on OOA queue\n");
10981				continue;
10982			}
10983
10984			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10985			if ((pending_io->io_hdr.flags &
10986			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
10987				pending_io->io_hdr.flags |=
10988				    CTL_FLAG_IS_WAS_ON_RTR;
10989				ctl_enqueue_rtr(pending_io);
10990			}
10991#if 0
10992			else
10993			{
10994				printf("Tag 0x%04x is running\n",
10995				      pending_io->scsiio.tag_num);
10996			}
10997#endif
10998
10999			next_io = (union ctl_io *)TAILQ_NEXT(
11000			    &pending_io->io_hdr, ooa_links);
11001			for (pending_io=next_io; pending_io != NULL;
11002			     pending_io = next_io) {
11003				pending_io->io_hdr.flags &=
11004				    ~CTL_FLAG_SENT_2OTHER_SC;
11005				next_io = (union ctl_io *)TAILQ_NEXT(
11006					&pending_io->io_hdr, ooa_links);
11007				if (pending_io->io_hdr.flags &
11008				    CTL_FLAG_IS_WAS_ON_RTR) {
11009#if 0
11010				        printf("Tag 0x%04x is running\n",
11011				      		pending_io->scsiio.tag_num);
11012#endif
11013					continue;
11014				}
11015
11016				switch (ctl_check_ooa(lun, pending_io,
11017			            (union ctl_io *)TAILQ_PREV(
11018				    &pending_io->io_hdr, ctl_ooaq,
11019				    ooa_links))) {
11020
11021				case CTL_ACTION_BLOCK:
11022					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11023							  &pending_io->io_hdr,
11024							  blocked_links);
11025					pending_io->io_hdr.flags |=
11026					    CTL_FLAG_BLOCKED;
11027					break;
11028				case CTL_ACTION_PASS:
11029				case CTL_ACTION_SKIP:
11030					pending_io->io_hdr.flags |=
11031					    CTL_FLAG_IS_WAS_ON_RTR;
11032					ctl_enqueue_rtr(pending_io);
11033					break;
11034				case CTL_ACTION_OVERLAP:
11035					ctl_set_overlapped_cmd(
11036					    (struct ctl_scsiio *)pending_io);
11037					ctl_done(pending_io);
11038					break;
11039				case CTL_ACTION_OVERLAP_TAG:
11040					ctl_set_overlapped_tag(
11041					    (struct ctl_scsiio *)pending_io,
11042					    pending_io->scsiio.tag_num & 0xff);
11043					ctl_done(pending_io);
11044					break;
11045				case CTL_ACTION_ERROR:
11046				default:
11047					ctl_set_internal_failure(
11048						(struct ctl_scsiio *)pending_io,
11049						0,  // sks_valid
11050						0); //retry count
11051					ctl_done(pending_io);
11052					break;
11053				}
11054			}
11055
11056			/*
11057			 * Build Unit Attention
11058			 */
11059			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11060				lun->pending_sense[i].ua_pending |=
11061				                     CTL_UA_ASYM_ACC_CHANGE;
11062			}
11063		} else {
11064			panic("Unhandled HA mode failover, LUN flags = %#x, "
11065			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
11066		}
11067	}
11068	ctl_pause_rtr = 0;
11069	mtx_unlock(&ctl_softc->ctl_lock);
11070}
11071
11072static int
11073ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
11074{
11075	struct ctl_lun *lun;
11076	const struct ctl_cmd_entry *entry;
11077	uint32_t initidx, targ_lun;
11078	int retval;
11079
11080	retval = 0;
11081
11082	lun = NULL;
11083
11084	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11085	if ((targ_lun < CTL_MAX_LUNS)
11086	 && (ctl_softc->ctl_luns[targ_lun] != NULL)) {
11087		lun = ctl_softc->ctl_luns[targ_lun];
11088		/*
11089		 * If the LUN is invalid, pretend that it doesn't exist.
11090		 * It will go away as soon as all pending I/O has been
11091		 * completed.
11092		 */
11093		if (lun->flags & CTL_LUN_DISABLED) {
11094			lun = NULL;
11095		} else {
11096			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11097			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11098				lun->be_lun;
11099			if (lun->be_lun->lun_type == T_PROCESSOR) {
11100				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11101			}
11102
11103			/*
11104			 * Every I/O goes into the OOA queue for a
11105			 * particular LUN, and stays there until completion.
11106			 */
11107			mtx_lock(&lun->lun_lock);
11108			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11109			    ooa_links);
11110		}
11111	} else {
11112		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11113		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11114	}
11115
11116	/* Get command entry and return error if it is unsuppotyed. */
11117	entry = ctl_validate_command(ctsio);
11118	if (entry == NULL) {
11119		if (lun)
11120			mtx_unlock(&lun->lun_lock);
11121		return (retval);
11122	}
11123
11124	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11125	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11126
11127	/*
11128	 * Check to see whether we can send this command to LUNs that don't
11129	 * exist.  This should pretty much only be the case for inquiry
11130	 * and request sense.  Further checks, below, really require having
11131	 * a LUN, so we can't really check the command anymore.  Just put
11132	 * it on the rtr queue.
11133	 */
11134	if (lun == NULL) {
11135		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11136			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11137			ctl_enqueue_rtr((union ctl_io *)ctsio);
11138			return (retval);
11139		}
11140
11141		ctl_set_unsupported_lun(ctsio);
11142		ctl_done((union ctl_io *)ctsio);
11143		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11144		return (retval);
11145	} else {
11146		/*
11147		 * Make sure we support this particular command on this LUN.
11148		 * e.g., we don't support writes to the control LUN.
11149		 */
11150		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11151			mtx_unlock(&lun->lun_lock);
11152			ctl_set_invalid_opcode(ctsio);
11153			ctl_done((union ctl_io *)ctsio);
11154			return (retval);
11155		}
11156	}
11157
11158	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11159
11160	/*
11161	 * If we've got a request sense, it'll clear the contingent
11162	 * allegiance condition.  Otherwise, if we have a CA condition for
11163	 * this initiator, clear it, because it sent down a command other
11164	 * than request sense.
11165	 */
11166	if ((ctsio->cdb[0] != REQUEST_SENSE)
11167	 && (ctl_is_set(lun->have_ca, initidx)))
11168		ctl_clear_mask(lun->have_ca, initidx);
11169
11170	/*
11171	 * If the command has this flag set, it handles its own unit
11172	 * attention reporting, we shouldn't do anything.  Otherwise we
11173	 * check for any pending unit attentions, and send them back to the
11174	 * initiator.  We only do this when a command initially comes in,
11175	 * not when we pull it off the blocked queue.
11176	 *
11177	 * According to SAM-3, section 5.3.2, the order that things get
11178	 * presented back to the host is basically unit attentions caused
11179	 * by some sort of reset event, busy status, reservation conflicts
11180	 * or task set full, and finally any other status.
11181	 *
11182	 * One issue here is that some of the unit attentions we report
11183	 * don't fall into the "reset" category (e.g. "reported luns data
11184	 * has changed").  So reporting it here, before the reservation
11185	 * check, may be technically wrong.  I guess the only thing to do
11186	 * would be to check for and report the reset events here, and then
11187	 * check for the other unit attention types after we check for a
11188	 * reservation conflict.
11189	 *
11190	 * XXX KDM need to fix this
11191	 */
11192	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11193		ctl_ua_type ua_type;
11194
11195		ua_type = lun->pending_sense[initidx].ua_pending;
11196		if (ua_type != CTL_UA_NONE) {
11197			scsi_sense_data_type sense_format;
11198
11199			if (lun != NULL)
11200				sense_format = (lun->flags &
11201				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
11202				    SSD_TYPE_FIXED;
11203			else
11204				sense_format = SSD_TYPE_FIXED;
11205
11206			ua_type = ctl_build_ua(ua_type, &ctsio->sense_data,
11207					       sense_format);
11208			if (ua_type != CTL_UA_NONE) {
11209				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11210				ctsio->io_hdr.status = CTL_SCSI_ERROR |
11211						       CTL_AUTOSENSE;
11212				ctsio->sense_len = SSD_FULL_SIZE;
11213				lun->pending_sense[initidx].ua_pending &=
11214					~ua_type;
11215				mtx_unlock(&lun->lun_lock);
11216				ctl_done((union ctl_io *)ctsio);
11217				return (retval);
11218			}
11219		}
11220	}
11221
11222
11223	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
11224		mtx_unlock(&lun->lun_lock);
11225		ctl_done((union ctl_io *)ctsio);
11226		return (retval);
11227	}
11228
11229	/*
11230	 * XXX CHD this is where we want to send IO to other side if
11231	 * this LUN is secondary on this SC. We will need to make a copy
11232	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11233	 * the copy we send as FROM_OTHER.
11234	 * We also need to stuff the address of the original IO so we can
11235	 * find it easily. Something similar will need be done on the other
11236	 * side so when we are done we can find the copy.
11237	 */
11238	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11239		union ctl_ha_msg msg_info;
11240		int isc_retval;
11241
11242		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11243
11244		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11245		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11246#if 0
11247		printf("1. ctsio %p\n", ctsio);
11248#endif
11249		msg_info.hdr.serializing_sc = NULL;
11250		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11251		msg_info.scsi.tag_num = ctsio->tag_num;
11252		msg_info.scsi.tag_type = ctsio->tag_type;
11253		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11254
11255		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11256
11257		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11258		    (void *)&msg_info, sizeof(msg_info), 0)) >
11259		    CTL_HA_STATUS_SUCCESS) {
11260			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11261			       isc_retval);
11262			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11263		} else {
11264#if 0
11265			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11266#endif
11267		}
11268
11269		/*
11270		 * XXX KDM this I/O is off the incoming queue, but hasn't
11271		 * been inserted on any other queue.  We may need to come
11272		 * up with a holding queue while we wait for serialization
11273		 * so that we have an idea of what we're waiting for from
11274		 * the other side.
11275		 */
11276		mtx_unlock(&lun->lun_lock);
11277		return (retval);
11278	}
11279
11280	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11281			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11282			      ctl_ooaq, ooa_links))) {
11283	case CTL_ACTION_BLOCK:
11284		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11285		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11286				  blocked_links);
11287		mtx_unlock(&lun->lun_lock);
11288		return (retval);
11289	case CTL_ACTION_PASS:
11290	case CTL_ACTION_SKIP:
11291		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11292		mtx_unlock(&lun->lun_lock);
11293		ctl_enqueue_rtr((union ctl_io *)ctsio);
11294		break;
11295	case CTL_ACTION_OVERLAP:
11296		mtx_unlock(&lun->lun_lock);
11297		ctl_set_overlapped_cmd(ctsio);
11298		ctl_done((union ctl_io *)ctsio);
11299		break;
11300	case CTL_ACTION_OVERLAP_TAG:
11301		mtx_unlock(&lun->lun_lock);
11302		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11303		ctl_done((union ctl_io *)ctsio);
11304		break;
11305	case CTL_ACTION_ERROR:
11306	default:
11307		mtx_unlock(&lun->lun_lock);
11308		ctl_set_internal_failure(ctsio,
11309					 /*sks_valid*/ 0,
11310					 /*retry_count*/ 0);
11311		ctl_done((union ctl_io *)ctsio);
11312		break;
11313	}
11314	return (retval);
11315}
11316
11317const struct ctl_cmd_entry *
11318ctl_get_cmd_entry(struct ctl_scsiio *ctsio)
11319{
11320	const struct ctl_cmd_entry *entry;
11321	int service_action;
11322
11323	entry = &ctl_cmd_table[ctsio->cdb[0]];
11324	if (entry->flags & CTL_CMD_FLAG_SA5) {
11325		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11326		entry = &((const struct ctl_cmd_entry *)
11327		    entry->execute)[service_action];
11328	}
11329	return (entry);
11330}
11331
11332const struct ctl_cmd_entry *
11333ctl_validate_command(struct ctl_scsiio *ctsio)
11334{
11335	const struct ctl_cmd_entry *entry;
11336	int i;
11337	uint8_t diff;
11338
11339	entry = ctl_get_cmd_entry(ctsio);
11340	if (entry->execute == NULL) {
11341		ctl_set_invalid_opcode(ctsio);
11342		ctl_done((union ctl_io *)ctsio);
11343		return (NULL);
11344	}
11345	KASSERT(entry->length > 0,
11346	    ("Not defined length for command 0x%02x/0x%02x",
11347	     ctsio->cdb[0], ctsio->cdb[1]));
11348	for (i = 1; i < entry->length; i++) {
11349		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11350		if (diff == 0)
11351			continue;
11352		ctl_set_invalid_field(ctsio,
11353				      /*sks_valid*/ 1,
11354				      /*command*/ 1,
11355				      /*field*/ i,
11356				      /*bit_valid*/ 1,
11357				      /*bit*/ fls(diff) - 1);
11358		ctl_done((union ctl_io *)ctsio);
11359		return (NULL);
11360	}
11361	return (entry);
11362}
11363
11364static int
11365ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11366{
11367
11368	switch (lun_type) {
11369	case T_PROCESSOR:
11370		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11371		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11372			return (0);
11373		break;
11374	case T_DIRECT:
11375		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11376		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11377			return (0);
11378		break;
11379	default:
11380		return (0);
11381	}
11382	return (1);
11383}
11384
11385static int
11386ctl_scsiio(struct ctl_scsiio *ctsio)
11387{
11388	int retval;
11389	const struct ctl_cmd_entry *entry;
11390
11391	retval = CTL_RETVAL_COMPLETE;
11392
11393	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11394
11395	entry = ctl_get_cmd_entry(ctsio);
11396
11397	/*
11398	 * If this I/O has been aborted, just send it straight to
11399	 * ctl_done() without executing it.
11400	 */
11401	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11402		ctl_done((union ctl_io *)ctsio);
11403		goto bailout;
11404	}
11405
11406	/*
11407	 * All the checks should have been handled by ctl_scsiio_precheck().
11408	 * We should be clear now to just execute the I/O.
11409	 */
11410	retval = entry->execute(ctsio);
11411
11412bailout:
11413	return (retval);
11414}
11415
11416/*
11417 * Since we only implement one target right now, a bus reset simply resets
11418 * our single target.
11419 */
11420static int
11421ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
11422{
11423	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
11424}
11425
11426static int
11427ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
11428		 ctl_ua_type ua_type)
11429{
11430	struct ctl_lun *lun;
11431	int retval;
11432
11433	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11434		union ctl_ha_msg msg_info;
11435
11436		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11437		msg_info.hdr.nexus = io->io_hdr.nexus;
11438		if (ua_type==CTL_UA_TARG_RESET)
11439			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11440		else
11441			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11442		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11443		msg_info.hdr.original_sc = NULL;
11444		msg_info.hdr.serializing_sc = NULL;
11445		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11446		    (void *)&msg_info, sizeof(msg_info), 0)) {
11447		}
11448	}
11449	retval = 0;
11450
11451	mtx_lock(&ctl_softc->ctl_lock);
11452	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
11453		retval += ctl_lun_reset(lun, io, ua_type);
11454	mtx_unlock(&ctl_softc->ctl_lock);
11455
11456	return (retval);
11457}
11458
11459/*
11460 * The LUN should always be set.  The I/O is optional, and is used to
11461 * distinguish between I/Os sent by this initiator, and by other
11462 * initiators.  We set unit attention for initiators other than this one.
11463 * SAM-3 is vague on this point.  It does say that a unit attention should
11464 * be established for other initiators when a LUN is reset (see section
11465 * 5.7.3), but it doesn't specifically say that the unit attention should
11466 * be established for this particular initiator when a LUN is reset.  Here
11467 * is the relevant text, from SAM-3 rev 8:
11468 *
11469 * 5.7.2 When a SCSI initiator port aborts its own tasks
11470 *
11471 * When a SCSI initiator port causes its own task(s) to be aborted, no
11472 * notification that the task(s) have been aborted shall be returned to
11473 * the SCSI initiator port other than the completion response for the
11474 * command or task management function action that caused the task(s) to
11475 * be aborted and notification(s) associated with related effects of the
11476 * action (e.g., a reset unit attention condition).
11477 *
11478 * XXX KDM for now, we're setting unit attention for all initiators.
11479 */
11480static int
11481ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11482{
11483	union ctl_io *xio;
11484#if 0
11485	uint32_t initindex;
11486#endif
11487	int i;
11488
11489	mtx_lock(&lun->lun_lock);
11490	/*
11491	 * Run through the OOA queue and abort each I/O.
11492	 */
11493#if 0
11494	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11495#endif
11496	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11497	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11498		xio->io_hdr.flags |= CTL_FLAG_ABORT;
11499	}
11500
11501	/*
11502	 * This version sets unit attention for every
11503	 */
11504#if 0
11505	initindex = ctl_get_initindex(&io->io_hdr.nexus);
11506	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11507		if (initindex == i)
11508			continue;
11509		lun->pending_sense[i].ua_pending |= ua_type;
11510	}
11511#endif
11512
11513	/*
11514	 * A reset (any kind, really) clears reservations established with
11515	 * RESERVE/RELEASE.  It does not clear reservations established
11516	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11517	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11518	 * reservations made with the RESERVE/RELEASE commands, because
11519	 * those commands are obsolete in SPC-3.
11520	 */
11521	lun->flags &= ~CTL_LUN_RESERVED;
11522
11523	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11524		ctl_clear_mask(lun->have_ca, i);
11525		lun->pending_sense[i].ua_pending |= ua_type;
11526	}
11527	mtx_unlock(&lun->lun_lock);
11528
11529	return (0);
11530}
11531
11532static int
11533ctl_abort_task(union ctl_io *io)
11534{
11535	union ctl_io *xio;
11536	struct ctl_lun *lun;
11537	struct ctl_softc *ctl_softc;
11538#if 0
11539	struct sbuf sb;
11540	char printbuf[128];
11541#endif
11542	int found;
11543	uint32_t targ_lun;
11544
11545	ctl_softc = control_softc;
11546	found = 0;
11547
11548	/*
11549	 * Look up the LUN.
11550	 */
11551	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11552	mtx_lock(&ctl_softc->ctl_lock);
11553	if ((targ_lun < CTL_MAX_LUNS)
11554	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
11555		lun = ctl_softc->ctl_luns[targ_lun];
11556	else {
11557		mtx_unlock(&ctl_softc->ctl_lock);
11558		goto bailout;
11559	}
11560
11561#if 0
11562	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11563	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11564#endif
11565
11566	mtx_lock(&lun->lun_lock);
11567	mtx_unlock(&ctl_softc->ctl_lock);
11568	/*
11569	 * Run through the OOA queue and attempt to find the given I/O.
11570	 * The target port, initiator ID, tag type and tag number have to
11571	 * match the values that we got from the initiator.  If we have an
11572	 * untagged command to abort, simply abort the first untagged command
11573	 * we come to.  We only allow one untagged command at a time of course.
11574	 */
11575#if 0
11576	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11577#endif
11578	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11579	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11580#if 0
11581		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11582
11583		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11584			    lun->lun, xio->scsiio.tag_num,
11585			    xio->scsiio.tag_type,
11586			    (xio->io_hdr.blocked_links.tqe_prev
11587			    == NULL) ? "" : " BLOCKED",
11588			    (xio->io_hdr.flags &
11589			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11590			    (xio->io_hdr.flags &
11591			    CTL_FLAG_ABORT) ? " ABORT" : "",
11592			    (xio->io_hdr.flags &
11593			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11594		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11595		sbuf_finish(&sb);
11596		printf("%s\n", sbuf_data(&sb));
11597#endif
11598
11599		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
11600		 && (xio->io_hdr.nexus.initid.id ==
11601		     io->io_hdr.nexus.initid.id)) {
11602			/*
11603			 * If the abort says that the task is untagged, the
11604			 * task in the queue must be untagged.  Otherwise,
11605			 * we just check to see whether the tag numbers
11606			 * match.  This is because the QLogic firmware
11607			 * doesn't pass back the tag type in an abort
11608			 * request.
11609			 */
11610#if 0
11611			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11612			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11613			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
11614#endif
11615			/*
11616			 * XXX KDM we've got problems with FC, because it
11617			 * doesn't send down a tag type with aborts.  So we
11618			 * can only really go by the tag number...
11619			 * This may cause problems with parallel SCSI.
11620			 * Need to figure that out!!
11621			 */
11622			if (xio->scsiio.tag_num == io->taskio.tag_num) {
11623				xio->io_hdr.flags |= CTL_FLAG_ABORT;
11624				found = 1;
11625				if ((io->io_hdr.flags &
11626				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
11627				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11628					union ctl_ha_msg msg_info;
11629
11630					io->io_hdr.flags |=
11631					                CTL_FLAG_SENT_2OTHER_SC;
11632					msg_info.hdr.nexus = io->io_hdr.nexus;
11633					msg_info.task.task_action =
11634						CTL_TASK_ABORT_TASK;
11635					msg_info.task.tag_num =
11636						io->taskio.tag_num;
11637					msg_info.task.tag_type =
11638						io->taskio.tag_type;
11639					msg_info.hdr.msg_type =
11640						CTL_MSG_MANAGE_TASKS;
11641					msg_info.hdr.original_sc = NULL;
11642					msg_info.hdr.serializing_sc = NULL;
11643#if 0
11644					printf("Sent Abort to other side\n");
11645#endif
11646					if (CTL_HA_STATUS_SUCCESS !=
11647					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11648		    				(void *)&msg_info,
11649						sizeof(msg_info), 0)) {
11650					}
11651				}
11652#if 0
11653				printf("ctl_abort_task: found I/O to abort\n");
11654#endif
11655				break;
11656			}
11657		}
11658	}
11659	mtx_unlock(&lun->lun_lock);
11660
11661bailout:
11662
11663	if (found == 0) {
11664		/*
11665		 * This isn't really an error.  It's entirely possible for
11666		 * the abort and command completion to cross on the wire.
11667		 * This is more of an informative/diagnostic error.
11668		 */
11669#if 0
11670		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11671		       "%d:%d:%d:%d tag %d type %d\n",
11672		       io->io_hdr.nexus.initid.id,
11673		       io->io_hdr.nexus.targ_port,
11674		       io->io_hdr.nexus.targ_target.id,
11675		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11676		       io->taskio.tag_type);
11677#endif
11678		return (1);
11679	} else
11680		return (0);
11681}
11682
11683static void
11684ctl_run_task(union ctl_io *io)
11685{
11686	struct ctl_softc *ctl_softc;
11687	int retval;
11688	const char *task_desc;
11689
11690	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11691
11692	ctl_softc = control_softc;
11693	retval = 0;
11694
11695	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11696	    ("ctl_run_task: Unextected io_type %d\n",
11697	     io->io_hdr.io_type));
11698
11699	task_desc = ctl_scsi_task_string(&io->taskio);
11700	if (task_desc != NULL) {
11701#ifdef NEEDTOPORT
11702		csevent_log(CSC_CTL | CSC_SHELF_SW |
11703			    CTL_TASK_REPORT,
11704			    csevent_LogType_Trace,
11705			    csevent_Severity_Information,
11706			    csevent_AlertLevel_Green,
11707			    csevent_FRU_Firmware,
11708			    csevent_FRU_Unknown,
11709			    "CTL: received task: %s",task_desc);
11710#endif
11711	} else {
11712#ifdef NEEDTOPORT
11713		csevent_log(CSC_CTL | CSC_SHELF_SW |
11714			    CTL_TASK_REPORT,
11715			    csevent_LogType_Trace,
11716			    csevent_Severity_Information,
11717			    csevent_AlertLevel_Green,
11718			    csevent_FRU_Firmware,
11719			    csevent_FRU_Unknown,
11720			    "CTL: received unknown task "
11721			    "type: %d (%#x)",
11722			    io->taskio.task_action,
11723			    io->taskio.task_action);
11724#endif
11725	}
11726	switch (io->taskio.task_action) {
11727	case CTL_TASK_ABORT_TASK:
11728		retval = ctl_abort_task(io);
11729		break;
11730	case CTL_TASK_ABORT_TASK_SET:
11731		break;
11732	case CTL_TASK_CLEAR_ACA:
11733		break;
11734	case CTL_TASK_CLEAR_TASK_SET:
11735		break;
11736	case CTL_TASK_LUN_RESET: {
11737		struct ctl_lun *lun;
11738		uint32_t targ_lun;
11739		int retval;
11740
11741		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11742		mtx_lock(&ctl_softc->ctl_lock);
11743		if ((targ_lun < CTL_MAX_LUNS)
11744		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
11745			lun = ctl_softc->ctl_luns[targ_lun];
11746		else {
11747			mtx_unlock(&ctl_softc->ctl_lock);
11748			retval = 1;
11749			break;
11750		}
11751
11752		if (!(io->io_hdr.flags &
11753		    CTL_FLAG_FROM_OTHER_SC)) {
11754			union ctl_ha_msg msg_info;
11755
11756			io->io_hdr.flags |=
11757				CTL_FLAG_SENT_2OTHER_SC;
11758			msg_info.hdr.msg_type =
11759				CTL_MSG_MANAGE_TASKS;
11760			msg_info.hdr.nexus = io->io_hdr.nexus;
11761			msg_info.task.task_action =
11762				CTL_TASK_LUN_RESET;
11763			msg_info.hdr.original_sc = NULL;
11764			msg_info.hdr.serializing_sc = NULL;
11765			if (CTL_HA_STATUS_SUCCESS !=
11766			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11767			    (void *)&msg_info,
11768			    sizeof(msg_info), 0)) {
11769			}
11770		}
11771
11772		retval = ctl_lun_reset(lun, io,
11773				       CTL_UA_LUN_RESET);
11774		mtx_unlock(&ctl_softc->ctl_lock);
11775		break;
11776	}
11777	case CTL_TASK_TARGET_RESET:
11778		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
11779		break;
11780	case CTL_TASK_BUS_RESET:
11781		retval = ctl_bus_reset(ctl_softc, io);
11782		break;
11783	case CTL_TASK_PORT_LOGIN:
11784		break;
11785	case CTL_TASK_PORT_LOGOUT:
11786		break;
11787	default:
11788		printf("ctl_run_task: got unknown task management event %d\n",
11789		       io->taskio.task_action);
11790		break;
11791	}
11792	if (retval == 0)
11793		io->io_hdr.status = CTL_SUCCESS;
11794	else
11795		io->io_hdr.status = CTL_ERROR;
11796
11797	/*
11798	 * This will queue this I/O to the done queue, but the
11799	 * work thread won't be able to process it until we
11800	 * return and the lock is released.
11801	 */
11802	ctl_done(io);
11803}
11804
11805/*
11806 * For HA operation.  Handle commands that come in from the other
11807 * controller.
11808 */
11809static void
11810ctl_handle_isc(union ctl_io *io)
11811{
11812	int free_io;
11813	struct ctl_lun *lun;
11814	struct ctl_softc *ctl_softc;
11815	uint32_t targ_lun;
11816
11817	ctl_softc = control_softc;
11818
11819	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11820	lun = ctl_softc->ctl_luns[targ_lun];
11821
11822	switch (io->io_hdr.msg_type) {
11823	case CTL_MSG_SERIALIZE:
11824		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11825		break;
11826	case CTL_MSG_R2R: {
11827		const struct ctl_cmd_entry *entry;
11828
11829		/*
11830		 * This is only used in SER_ONLY mode.
11831		 */
11832		free_io = 0;
11833		entry = ctl_get_cmd_entry(&io->scsiio);
11834		mtx_lock(&lun->lun_lock);
11835		if (ctl_scsiio_lun_check(ctl_softc, lun,
11836		    entry, (struct ctl_scsiio *)io) != 0) {
11837			mtx_unlock(&lun->lun_lock);
11838			ctl_done(io);
11839			break;
11840		}
11841		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11842		mtx_unlock(&lun->lun_lock);
11843		ctl_enqueue_rtr(io);
11844		break;
11845	}
11846	case CTL_MSG_FINISH_IO:
11847		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
11848			free_io = 0;
11849			ctl_done(io);
11850		} else {
11851			free_io = 1;
11852			mtx_lock(&lun->lun_lock);
11853			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11854				     ooa_links);
11855			ctl_check_blocked(lun);
11856			mtx_unlock(&lun->lun_lock);
11857		}
11858		break;
11859	case CTL_MSG_PERS_ACTION:
11860		ctl_hndl_per_res_out_on_other_sc(
11861			(union ctl_ha_msg *)&io->presio.pr_msg);
11862		free_io = 1;
11863		break;
11864	case CTL_MSG_BAD_JUJU:
11865		free_io = 0;
11866		ctl_done(io);
11867		break;
11868	case CTL_MSG_DATAMOVE:
11869		/* Only used in XFER mode */
11870		free_io = 0;
11871		ctl_datamove_remote(io);
11872		break;
11873	case CTL_MSG_DATAMOVE_DONE:
11874		/* Only used in XFER mode */
11875		free_io = 0;
11876		io->scsiio.be_move_done(io);
11877		break;
11878	default:
11879		free_io = 1;
11880		printf("%s: Invalid message type %d\n",
11881		       __func__, io->io_hdr.msg_type);
11882		break;
11883	}
11884	if (free_io)
11885		ctl_free_io(io);
11886
11887}
11888
11889
11890/*
11891 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11892 * there is no match.
11893 */
11894static ctl_lun_error_pattern
11895ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11896{
11897	const struct ctl_cmd_entry *entry;
11898	ctl_lun_error_pattern filtered_pattern, pattern;
11899
11900	pattern = desc->error_pattern;
11901
11902	/*
11903	 * XXX KDM we need more data passed into this function to match a
11904	 * custom pattern, and we actually need to implement custom pattern
11905	 * matching.
11906	 */
11907	if (pattern & CTL_LUN_PAT_CMD)
11908		return (CTL_LUN_PAT_CMD);
11909
11910	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11911		return (CTL_LUN_PAT_ANY);
11912
11913	entry = ctl_get_cmd_entry(ctsio);
11914
11915	filtered_pattern = entry->pattern & pattern;
11916
11917	/*
11918	 * If the user requested specific flags in the pattern (e.g.
11919	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11920	 * flags.
11921	 *
11922	 * If the user did not specify any flags, it doesn't matter whether
11923	 * or not the command supports the flags.
11924	 */
11925	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11926	     (pattern & ~CTL_LUN_PAT_MASK))
11927		return (CTL_LUN_PAT_NONE);
11928
11929	/*
11930	 * If the user asked for a range check, see if the requested LBA
11931	 * range overlaps with this command's LBA range.
11932	 */
11933	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
11934		uint64_t lba1;
11935		uint32_t len1;
11936		ctl_action action;
11937		int retval;
11938
11939		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
11940		if (retval != 0)
11941			return (CTL_LUN_PAT_NONE);
11942
11943		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
11944					      desc->lba_range.len);
11945		/*
11946		 * A "pass" means that the LBA ranges don't overlap, so
11947		 * this doesn't match the user's range criteria.
11948		 */
11949		if (action == CTL_ACTION_PASS)
11950			return (CTL_LUN_PAT_NONE);
11951	}
11952
11953	return (filtered_pattern);
11954}
11955
11956static void
11957ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
11958{
11959	struct ctl_error_desc *desc, *desc2;
11960
11961	mtx_assert(&lun->lun_lock, MA_OWNED);
11962
11963	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
11964		ctl_lun_error_pattern pattern;
11965		/*
11966		 * Check to see whether this particular command matches
11967		 * the pattern in the descriptor.
11968		 */
11969		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
11970		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
11971			continue;
11972
11973		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
11974		case CTL_LUN_INJ_ABORTED:
11975			ctl_set_aborted(&io->scsiio);
11976			break;
11977		case CTL_LUN_INJ_MEDIUM_ERR:
11978			ctl_set_medium_error(&io->scsiio);
11979			break;
11980		case CTL_LUN_INJ_UA:
11981			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
11982			 * OCCURRED */
11983			ctl_set_ua(&io->scsiio, 0x29, 0x00);
11984			break;
11985		case CTL_LUN_INJ_CUSTOM:
11986			/*
11987			 * We're assuming the user knows what he is doing.
11988			 * Just copy the sense information without doing
11989			 * checks.
11990			 */
11991			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
11992			      ctl_min(sizeof(desc->custom_sense),
11993				      sizeof(io->scsiio.sense_data)));
11994			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
11995			io->scsiio.sense_len = SSD_FULL_SIZE;
11996			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11997			break;
11998		case CTL_LUN_INJ_NONE:
11999		default:
12000			/*
12001			 * If this is an error injection type we don't know
12002			 * about, clear the continuous flag (if it is set)
12003			 * so it will get deleted below.
12004			 */
12005			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12006			break;
12007		}
12008		/*
12009		 * By default, each error injection action is a one-shot
12010		 */
12011		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12012			continue;
12013
12014		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12015
12016		free(desc, M_CTL);
12017	}
12018}
12019
12020#ifdef CTL_IO_DELAY
12021static void
12022ctl_datamove_timer_wakeup(void *arg)
12023{
12024	union ctl_io *io;
12025
12026	io = (union ctl_io *)arg;
12027
12028	ctl_datamove(io);
12029}
12030#endif /* CTL_IO_DELAY */
12031
12032void
12033ctl_datamove(union ctl_io *io)
12034{
12035	void (*fe_datamove)(union ctl_io *io);
12036
12037	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12038
12039	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12040
12041#ifdef CTL_TIME_IO
12042	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12043		char str[256];
12044		char path_str[64];
12045		struct sbuf sb;
12046
12047		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12048		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12049
12050		sbuf_cat(&sb, path_str);
12051		switch (io->io_hdr.io_type) {
12052		case CTL_IO_SCSI:
12053			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12054			sbuf_printf(&sb, "\n");
12055			sbuf_cat(&sb, path_str);
12056			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12057				    io->scsiio.tag_num, io->scsiio.tag_type);
12058			break;
12059		case CTL_IO_TASK:
12060			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12061				    "Tag Type: %d\n", io->taskio.task_action,
12062				    io->taskio.tag_num, io->taskio.tag_type);
12063			break;
12064		default:
12065			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12066			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12067			break;
12068		}
12069		sbuf_cat(&sb, path_str);
12070		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12071			    (intmax_t)time_uptime - io->io_hdr.start_time);
12072		sbuf_finish(&sb);
12073		printf("%s", sbuf_data(&sb));
12074	}
12075#endif /* CTL_TIME_IO */
12076
12077#ifdef CTL_IO_DELAY
12078	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12079		struct ctl_lun *lun;
12080
12081		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12082
12083		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12084	} else {
12085		struct ctl_lun *lun;
12086
12087		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12088		if ((lun != NULL)
12089		 && (lun->delay_info.datamove_delay > 0)) {
12090			struct callout *callout;
12091
12092			callout = (struct callout *)&io->io_hdr.timer_bytes;
12093			callout_init(callout, /*mpsafe*/ 1);
12094			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12095			callout_reset(callout,
12096				      lun->delay_info.datamove_delay * hz,
12097				      ctl_datamove_timer_wakeup, io);
12098			if (lun->delay_info.datamove_type ==
12099			    CTL_DELAY_TYPE_ONESHOT)
12100				lun->delay_info.datamove_delay = 0;
12101			return;
12102		}
12103	}
12104#endif
12105
12106	/*
12107	 * This command has been aborted.  Set the port status, so we fail
12108	 * the data move.
12109	 */
12110	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12111		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12112		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12113		       io->io_hdr.nexus.targ_port,
12114		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12115		       io->io_hdr.nexus.targ_lun);
12116		io->io_hdr.status = CTL_CMD_ABORTED;
12117		io->io_hdr.port_status = 31337;
12118		/*
12119		 * Note that the backend, in this case, will get the
12120		 * callback in its context.  In other cases it may get
12121		 * called in the frontend's interrupt thread context.
12122		 */
12123		io->scsiio.be_move_done(io);
12124		return;
12125	}
12126
12127	/*
12128	 * If we're in XFER mode and this I/O is from the other shelf
12129	 * controller, we need to send the DMA to the other side to
12130	 * actually transfer the data to/from the host.  In serialize only
12131	 * mode the transfer happens below CTL and ctl_datamove() is only
12132	 * called on the machine that originally received the I/O.
12133	 */
12134	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12135	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12136		union ctl_ha_msg msg;
12137		uint32_t sg_entries_sent;
12138		int do_sg_copy;
12139		int i;
12140
12141		memset(&msg, 0, sizeof(msg));
12142		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12143		msg.hdr.original_sc = io->io_hdr.original_sc;
12144		msg.hdr.serializing_sc = io;
12145		msg.hdr.nexus = io->io_hdr.nexus;
12146		msg.dt.flags = io->io_hdr.flags;
12147		/*
12148		 * We convert everything into a S/G list here.  We can't
12149		 * pass by reference, only by value between controllers.
12150		 * So we can't pass a pointer to the S/G list, only as many
12151		 * S/G entries as we can fit in here.  If it's possible for
12152		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12153		 * then we need to break this up into multiple transfers.
12154		 */
12155		if (io->scsiio.kern_sg_entries == 0) {
12156			msg.dt.kern_sg_entries = 1;
12157			/*
12158			 * If this is in cached memory, flush the cache
12159			 * before we send the DMA request to the other
12160			 * controller.  We want to do this in either the
12161			 * read or the write case.  The read case is
12162			 * straightforward.  In the write case, we want to
12163			 * make sure nothing is in the local cache that
12164			 * could overwrite the DMAed data.
12165			 */
12166			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12167				/*
12168				 * XXX KDM use bus_dmamap_sync() here.
12169				 */
12170			}
12171
12172			/*
12173			 * Convert to a physical address if this is a
12174			 * virtual address.
12175			 */
12176			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12177				msg.dt.sg_list[0].addr =
12178					io->scsiio.kern_data_ptr;
12179			} else {
12180				/*
12181				 * XXX KDM use busdma here!
12182				 */
12183#if 0
12184				msg.dt.sg_list[0].addr = (void *)
12185					vtophys(io->scsiio.kern_data_ptr);
12186#endif
12187			}
12188
12189			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12190			do_sg_copy = 0;
12191		} else {
12192			struct ctl_sg_entry *sgl;
12193
12194			do_sg_copy = 1;
12195			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12196			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12197			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12198				/*
12199				 * XXX KDM use bus_dmamap_sync() here.
12200				 */
12201			}
12202		}
12203
12204		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12205		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12206		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12207		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12208		msg.dt.sg_sequence = 0;
12209
12210		/*
12211		 * Loop until we've sent all of the S/G entries.  On the
12212		 * other end, we'll recompose these S/G entries into one
12213		 * contiguous list before passing it to the
12214		 */
12215		for (sg_entries_sent = 0; sg_entries_sent <
12216		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12217			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
12218				sizeof(msg.dt.sg_list[0])),
12219				msg.dt.kern_sg_entries - sg_entries_sent);
12220
12221			if (do_sg_copy != 0) {
12222				struct ctl_sg_entry *sgl;
12223				int j;
12224
12225				sgl = (struct ctl_sg_entry *)
12226					io->scsiio.kern_data_ptr;
12227				/*
12228				 * If this is in cached memory, flush the cache
12229				 * before we send the DMA request to the other
12230				 * controller.  We want to do this in either
12231				 * the * read or the write case.  The read
12232				 * case is straightforward.  In the write
12233				 * case, we want to make sure nothing is
12234				 * in the local cache that could overwrite
12235				 * the DMAed data.
12236				 */
12237
12238				for (i = sg_entries_sent, j = 0;
12239				     i < msg.dt.cur_sg_entries; i++, j++) {
12240					if ((io->io_hdr.flags &
12241					     CTL_FLAG_NO_DATASYNC) == 0) {
12242						/*
12243						 * XXX KDM use bus_dmamap_sync()
12244						 */
12245					}
12246					if ((io->io_hdr.flags &
12247					     CTL_FLAG_BUS_ADDR) == 0) {
12248						/*
12249						 * XXX KDM use busdma.
12250						 */
12251#if 0
12252						msg.dt.sg_list[j].addr =(void *)
12253						       vtophys(sgl[i].addr);
12254#endif
12255					} else {
12256						msg.dt.sg_list[j].addr =
12257							sgl[i].addr;
12258					}
12259					msg.dt.sg_list[j].len = sgl[i].len;
12260				}
12261			}
12262
12263			sg_entries_sent += msg.dt.cur_sg_entries;
12264			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12265				msg.dt.sg_last = 1;
12266			else
12267				msg.dt.sg_last = 0;
12268
12269			/*
12270			 * XXX KDM drop and reacquire the lock here?
12271			 */
12272			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12273			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12274				/*
12275				 * XXX do something here.
12276				 */
12277			}
12278
12279			msg.dt.sent_sg_entries = sg_entries_sent;
12280		}
12281		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12282		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12283			ctl_failover_io(io, /*have_lock*/ 0);
12284
12285	} else {
12286
12287		/*
12288		 * Lookup the fe_datamove() function for this particular
12289		 * front end.
12290		 */
12291		fe_datamove =
12292		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12293
12294		fe_datamove(io);
12295	}
12296}
12297
12298static void
12299ctl_send_datamove_done(union ctl_io *io, int have_lock)
12300{
12301	union ctl_ha_msg msg;
12302	int isc_status;
12303
12304	memset(&msg, 0, sizeof(msg));
12305
12306	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12307	msg.hdr.original_sc = io;
12308	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12309	msg.hdr.nexus = io->io_hdr.nexus;
12310	msg.hdr.status = io->io_hdr.status;
12311	msg.scsi.tag_num = io->scsiio.tag_num;
12312	msg.scsi.tag_type = io->scsiio.tag_type;
12313	msg.scsi.scsi_status = io->scsiio.scsi_status;
12314	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12315	       sizeof(io->scsiio.sense_data));
12316	msg.scsi.sense_len = io->scsiio.sense_len;
12317	msg.scsi.sense_residual = io->scsiio.sense_residual;
12318	msg.scsi.fetd_status = io->io_hdr.port_status;
12319	msg.scsi.residual = io->scsiio.residual;
12320	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12321
12322	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12323		ctl_failover_io(io, /*have_lock*/ have_lock);
12324		return;
12325	}
12326
12327	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12328	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12329		/* XXX do something if this fails */
12330	}
12331
12332}
12333
12334/*
12335 * The DMA to the remote side is done, now we need to tell the other side
12336 * we're done so it can continue with its data movement.
12337 */
12338static void
12339ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12340{
12341	union ctl_io *io;
12342
12343	io = rq->context;
12344
12345	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12346		printf("%s: ISC DMA write failed with error %d", __func__,
12347		       rq->ret);
12348		ctl_set_internal_failure(&io->scsiio,
12349					 /*sks_valid*/ 1,
12350					 /*retry_count*/ rq->ret);
12351	}
12352
12353	ctl_dt_req_free(rq);
12354
12355	/*
12356	 * In this case, we had to malloc the memory locally.  Free it.
12357	 */
12358	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12359		int i;
12360		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12361			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12362	}
12363	/*
12364	 * The data is in local and remote memory, so now we need to send
12365	 * status (good or back) back to the other side.
12366	 */
12367	ctl_send_datamove_done(io, /*have_lock*/ 0);
12368}
12369
12370/*
12371 * We've moved the data from the host/controller into local memory.  Now we
12372 * need to push it over to the remote controller's memory.
12373 */
12374static int
12375ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12376{
12377	int retval;
12378
12379	retval = 0;
12380
12381	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12382					  ctl_datamove_remote_write_cb);
12383
12384	return (retval);
12385}
12386
12387static void
12388ctl_datamove_remote_write(union ctl_io *io)
12389{
12390	int retval;
12391	void (*fe_datamove)(union ctl_io *io);
12392
12393	/*
12394	 * - Get the data from the host/HBA into local memory.
12395	 * - DMA memory from the local controller to the remote controller.
12396	 * - Send status back to the remote controller.
12397	 */
12398
12399	retval = ctl_datamove_remote_sgl_setup(io);
12400	if (retval != 0)
12401		return;
12402
12403	/* Switch the pointer over so the FETD knows what to do */
12404	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12405
12406	/*
12407	 * Use a custom move done callback, since we need to send completion
12408	 * back to the other controller, not to the backend on this side.
12409	 */
12410	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12411
12412	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12413
12414	fe_datamove(io);
12415
12416	return;
12417
12418}
12419
12420static int
12421ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12422{
12423#if 0
12424	char str[256];
12425	char path_str[64];
12426	struct sbuf sb;
12427#endif
12428
12429	/*
12430	 * In this case, we had to malloc the memory locally.  Free it.
12431	 */
12432	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12433		int i;
12434		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12435			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12436	}
12437
12438#if 0
12439	scsi_path_string(io, path_str, sizeof(path_str));
12440	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12441	sbuf_cat(&sb, path_str);
12442	scsi_command_string(&io->scsiio, NULL, &sb);
12443	sbuf_printf(&sb, "\n");
12444	sbuf_cat(&sb, path_str);
12445	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12446		    io->scsiio.tag_num, io->scsiio.tag_type);
12447	sbuf_cat(&sb, path_str);
12448	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12449		    io->io_hdr.flags, io->io_hdr.status);
12450	sbuf_finish(&sb);
12451	printk("%s", sbuf_data(&sb));
12452#endif
12453
12454
12455	/*
12456	 * The read is done, now we need to send status (good or bad) back
12457	 * to the other side.
12458	 */
12459	ctl_send_datamove_done(io, /*have_lock*/ 0);
12460
12461	return (0);
12462}
12463
12464static void
12465ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12466{
12467	union ctl_io *io;
12468	void (*fe_datamove)(union ctl_io *io);
12469
12470	io = rq->context;
12471
12472	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12473		printf("%s: ISC DMA read failed with error %d", __func__,
12474		       rq->ret);
12475		ctl_set_internal_failure(&io->scsiio,
12476					 /*sks_valid*/ 1,
12477					 /*retry_count*/ rq->ret);
12478	}
12479
12480	ctl_dt_req_free(rq);
12481
12482	/* Switch the pointer over so the FETD knows what to do */
12483	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12484
12485	/*
12486	 * Use a custom move done callback, since we need to send completion
12487	 * back to the other controller, not to the backend on this side.
12488	 */
12489	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12490
12491	/* XXX KDM add checks like the ones in ctl_datamove? */
12492
12493	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12494
12495	fe_datamove(io);
12496}
12497
12498static int
12499ctl_datamove_remote_sgl_setup(union ctl_io *io)
12500{
12501	struct ctl_sg_entry *local_sglist, *remote_sglist;
12502	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
12503	struct ctl_softc *softc;
12504	int retval;
12505	int i;
12506
12507	retval = 0;
12508	softc = control_softc;
12509
12510	local_sglist = io->io_hdr.local_sglist;
12511	local_dma_sglist = io->io_hdr.local_dma_sglist;
12512	remote_sglist = io->io_hdr.remote_sglist;
12513	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12514
12515	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
12516		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
12517			local_sglist[i].len = remote_sglist[i].len;
12518
12519			/*
12520			 * XXX Detect the situation where the RS-level I/O
12521			 * redirector on the other side has already read the
12522			 * data off of the AOR RS on this side, and
12523			 * transferred it to remote (mirror) memory on the
12524			 * other side.  Since we already have the data in
12525			 * memory here, we just need to use it.
12526			 *
12527			 * XXX KDM this can probably be removed once we
12528			 * get the cache device code in and take the
12529			 * current AOR implementation out.
12530			 */
12531#ifdef NEEDTOPORT
12532			if ((remote_sglist[i].addr >=
12533			     (void *)vtophys(softc->mirr->addr))
12534			 && (remote_sglist[i].addr <
12535			     ((void *)vtophys(softc->mirr->addr) +
12536			     CacheMirrorOffset))) {
12537				local_sglist[i].addr = remote_sglist[i].addr -
12538					CacheMirrorOffset;
12539				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12540				     CTL_FLAG_DATA_IN)
12541					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
12542			} else {
12543				local_sglist[i].addr = remote_sglist[i].addr +
12544					CacheMirrorOffset;
12545			}
12546#endif
12547#if 0
12548			printf("%s: local %p, remote %p, len %d\n",
12549			       __func__, local_sglist[i].addr,
12550			       remote_sglist[i].addr, local_sglist[i].len);
12551#endif
12552		}
12553	} else {
12554		uint32_t len_to_go;
12555
12556		/*
12557		 * In this case, we don't have automatically allocated
12558		 * memory for this I/O on this controller.  This typically
12559		 * happens with internal CTL I/O -- e.g. inquiry, mode
12560		 * sense, etc.  Anything coming from RAIDCore will have
12561		 * a mirror area available.
12562		 */
12563		len_to_go = io->scsiio.kern_data_len;
12564
12565		/*
12566		 * Clear the no datasync flag, we have to use malloced
12567		 * buffers.
12568		 */
12569		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
12570
12571		/*
12572		 * The difficult thing here is that the size of the various
12573		 * S/G segments may be different than the size from the
12574		 * remote controller.  That'll make it harder when DMAing
12575		 * the data back to the other side.
12576		 */
12577		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
12578		     sizeof(io->io_hdr.remote_sglist[0])) &&
12579		     (len_to_go > 0); i++) {
12580			local_sglist[i].len = ctl_min(len_to_go, 131072);
12581			CTL_SIZE_8B(local_dma_sglist[i].len,
12582				    local_sglist[i].len);
12583			local_sglist[i].addr =
12584				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
12585
12586			local_dma_sglist[i].addr = local_sglist[i].addr;
12587
12588			if (local_sglist[i].addr == NULL) {
12589				int j;
12590
12591				printf("malloc failed for %zd bytes!",
12592				       local_dma_sglist[i].len);
12593				for (j = 0; j < i; j++) {
12594					free(local_sglist[j].addr, M_CTL);
12595				}
12596				ctl_set_internal_failure(&io->scsiio,
12597							 /*sks_valid*/ 1,
12598							 /*retry_count*/ 4857);
12599				retval = 1;
12600				goto bailout_error;
12601
12602			}
12603			/* XXX KDM do we need a sync here? */
12604
12605			len_to_go -= local_sglist[i].len;
12606		}
12607		/*
12608		 * Reset the number of S/G entries accordingly.  The
12609		 * original number of S/G entries is available in
12610		 * rem_sg_entries.
12611		 */
12612		io->scsiio.kern_sg_entries = i;
12613
12614#if 0
12615		printf("%s: kern_sg_entries = %d\n", __func__,
12616		       io->scsiio.kern_sg_entries);
12617		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12618			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
12619			       local_sglist[i].addr, local_sglist[i].len,
12620			       local_dma_sglist[i].len);
12621#endif
12622	}
12623
12624
12625	return (retval);
12626
12627bailout_error:
12628
12629	ctl_send_datamove_done(io, /*have_lock*/ 0);
12630
12631	return (retval);
12632}
12633
12634static int
12635ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12636			 ctl_ha_dt_cb callback)
12637{
12638	struct ctl_ha_dt_req *rq;
12639	struct ctl_sg_entry *remote_sglist, *local_sglist;
12640	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
12641	uint32_t local_used, remote_used, total_used;
12642	int retval;
12643	int i, j;
12644
12645	retval = 0;
12646
12647	rq = ctl_dt_req_alloc();
12648
12649	/*
12650	 * If we failed to allocate the request, and if the DMA didn't fail
12651	 * anyway, set busy status.  This is just a resource allocation
12652	 * failure.
12653	 */
12654	if ((rq == NULL)
12655	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
12656		ctl_set_busy(&io->scsiio);
12657
12658	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
12659
12660		if (rq != NULL)
12661			ctl_dt_req_free(rq);
12662
12663		/*
12664		 * The data move failed.  We need to return status back
12665		 * to the other controller.  No point in trying to DMA
12666		 * data to the remote controller.
12667		 */
12668
12669		ctl_send_datamove_done(io, /*have_lock*/ 0);
12670
12671		retval = 1;
12672
12673		goto bailout;
12674	}
12675
12676	local_sglist = io->io_hdr.local_sglist;
12677	local_dma_sglist = io->io_hdr.local_dma_sglist;
12678	remote_sglist = io->io_hdr.remote_sglist;
12679	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12680	local_used = 0;
12681	remote_used = 0;
12682	total_used = 0;
12683
12684	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
12685		rq->ret = CTL_HA_STATUS_SUCCESS;
12686		rq->context = io;
12687		callback(rq);
12688		goto bailout;
12689	}
12690
12691	/*
12692	 * Pull/push the data over the wire from/to the other controller.
12693	 * This takes into account the possibility that the local and
12694	 * remote sglists may not be identical in terms of the size of
12695	 * the elements and the number of elements.
12696	 *
12697	 * One fundamental assumption here is that the length allocated for
12698	 * both the local and remote sglists is identical.  Otherwise, we've
12699	 * essentially got a coding error of some sort.
12700	 */
12701	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12702		int isc_ret;
12703		uint32_t cur_len, dma_length;
12704		uint8_t *tmp_ptr;
12705
12706		rq->id = CTL_HA_DATA_CTL;
12707		rq->command = command;
12708		rq->context = io;
12709
12710		/*
12711		 * Both pointers should be aligned.  But it is possible
12712		 * that the allocation length is not.  They should both
12713		 * also have enough slack left over at the end, though,
12714		 * to round up to the next 8 byte boundary.
12715		 */
12716		cur_len = ctl_min(local_sglist[i].len - local_used,
12717				  remote_sglist[j].len - remote_used);
12718
12719		/*
12720		 * In this case, we have a size issue and need to decrease
12721		 * the size, except in the case where we actually have less
12722		 * than 8 bytes left.  In that case, we need to increase
12723		 * the DMA length to get the last bit.
12724		 */
12725		if ((cur_len & 0x7) != 0) {
12726			if (cur_len > 0x7) {
12727				cur_len = cur_len - (cur_len & 0x7);
12728				dma_length = cur_len;
12729			} else {
12730				CTL_SIZE_8B(dma_length, cur_len);
12731			}
12732
12733		} else
12734			dma_length = cur_len;
12735
12736		/*
12737		 * If we had to allocate memory for this I/O, instead of using
12738		 * the non-cached mirror memory, we'll need to flush the cache
12739		 * before trying to DMA to the other controller.
12740		 *
12741		 * We could end up doing this multiple times for the same
12742		 * segment if we have a larger local segment than remote
12743		 * segment.  That shouldn't be an issue.
12744		 */
12745		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12746			/*
12747			 * XXX KDM use bus_dmamap_sync() here.
12748			 */
12749		}
12750
12751		rq->size = dma_length;
12752
12753		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12754		tmp_ptr += local_used;
12755
12756		/* Use physical addresses when talking to ISC hardware */
12757		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12758			/* XXX KDM use busdma */
12759#if 0
12760			rq->local = vtophys(tmp_ptr);
12761#endif
12762		} else
12763			rq->local = tmp_ptr;
12764
12765		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12766		tmp_ptr += remote_used;
12767		rq->remote = tmp_ptr;
12768
12769		rq->callback = NULL;
12770
12771		local_used += cur_len;
12772		if (local_used >= local_sglist[i].len) {
12773			i++;
12774			local_used = 0;
12775		}
12776
12777		remote_used += cur_len;
12778		if (remote_used >= remote_sglist[j].len) {
12779			j++;
12780			remote_used = 0;
12781		}
12782		total_used += cur_len;
12783
12784		if (total_used >= io->scsiio.kern_data_len)
12785			rq->callback = callback;
12786
12787		if ((rq->size & 0x7) != 0) {
12788			printf("%s: warning: size %d is not on 8b boundary\n",
12789			       __func__, rq->size);
12790		}
12791		if (((uintptr_t)rq->local & 0x7) != 0) {
12792			printf("%s: warning: local %p not on 8b boundary\n",
12793			       __func__, rq->local);
12794		}
12795		if (((uintptr_t)rq->remote & 0x7) != 0) {
12796			printf("%s: warning: remote %p not on 8b boundary\n",
12797			       __func__, rq->local);
12798		}
12799#if 0
12800		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12801		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12802		       rq->local, rq->remote, rq->size);
12803#endif
12804
12805		isc_ret = ctl_dt_single(rq);
12806		if (isc_ret == CTL_HA_STATUS_WAIT)
12807			continue;
12808
12809		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
12810			rq->ret = CTL_HA_STATUS_SUCCESS;
12811		} else {
12812			rq->ret = isc_ret;
12813		}
12814		callback(rq);
12815		goto bailout;
12816	}
12817
12818bailout:
12819	return (retval);
12820
12821}
12822
12823static void
12824ctl_datamove_remote_read(union ctl_io *io)
12825{
12826	int retval;
12827	int i;
12828
12829	/*
12830	 * This will send an error to the other controller in the case of a
12831	 * failure.
12832	 */
12833	retval = ctl_datamove_remote_sgl_setup(io);
12834	if (retval != 0)
12835		return;
12836
12837	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12838					  ctl_datamove_remote_read_cb);
12839	if ((retval != 0)
12840	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
12841		/*
12842		 * Make sure we free memory if there was an error..  The
12843		 * ctl_datamove_remote_xfer() function will send the
12844		 * datamove done message, or call the callback with an
12845		 * error if there is a problem.
12846		 */
12847		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12848			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12849	}
12850
12851	return;
12852}
12853
12854/*
12855 * Process a datamove request from the other controller.  This is used for
12856 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12857 * first.  Once that is complete, the data gets DMAed into the remote
12858 * controller's memory.  For reads, we DMA from the remote controller's
12859 * memory into our memory first, and then move it out to the FETD.
12860 */
12861static void
12862ctl_datamove_remote(union ctl_io *io)
12863{
12864	struct ctl_softc *softc;
12865
12866	softc = control_softc;
12867
12868	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
12869
12870	/*
12871	 * Note that we look for an aborted I/O here, but don't do some of
12872	 * the other checks that ctl_datamove() normally does.  We don't
12873	 * need to run the task queue, because this I/O is on the ISC
12874	 * queue, which is executed by the work thread after the task queue.
12875	 * We don't need to run the datamove delay code, since that should
12876	 * have been done if need be on the other controller.
12877	 */
12878	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12879
12880		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
12881		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
12882		       io->io_hdr.nexus.targ_port,
12883		       io->io_hdr.nexus.targ_target.id,
12884		       io->io_hdr.nexus.targ_lun);
12885		io->io_hdr.status = CTL_CMD_ABORTED;
12886		io->io_hdr.port_status = 31338;
12887
12888		ctl_send_datamove_done(io, /*have_lock*/ 0);
12889
12890		return;
12891	}
12892
12893	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
12894		ctl_datamove_remote_write(io);
12895	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
12896		ctl_datamove_remote_read(io);
12897	} else {
12898		union ctl_ha_msg msg;
12899		struct scsi_sense_data *sense;
12900		uint8_t sks[3];
12901		int retry_count;
12902
12903		memset(&msg, 0, sizeof(msg));
12904
12905		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
12906		msg.hdr.status = CTL_SCSI_ERROR;
12907		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
12908
12909		retry_count = 4243;
12910
12911		sense = &msg.scsi.sense_data;
12912		sks[0] = SSD_SCS_VALID;
12913		sks[1] = (retry_count >> 8) & 0xff;
12914		sks[2] = retry_count & 0xff;
12915
12916		/* "Internal target failure" */
12917		scsi_set_sense_data(sense,
12918				    /*sense_format*/ SSD_TYPE_NONE,
12919				    /*current_error*/ 1,
12920				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
12921				    /*asc*/ 0x44,
12922				    /*ascq*/ 0x00,
12923				    /*type*/ SSD_ELEM_SKS,
12924				    /*size*/ sizeof(sks),
12925				    /*data*/ sks,
12926				    SSD_ELEM_NONE);
12927
12928		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12929		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12930			ctl_failover_io(io, /*have_lock*/ 1);
12931			return;
12932		}
12933
12934		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
12935		    CTL_HA_STATUS_SUCCESS) {
12936			/* XXX KDM what to do if this fails? */
12937		}
12938		return;
12939	}
12940
12941}
12942
12943static int
12944ctl_process_done(union ctl_io *io)
12945{
12946	struct ctl_lun *lun;
12947	struct ctl_softc *ctl_softc;
12948	void (*fe_done)(union ctl_io *io);
12949	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
12950
12951	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12952
12953	fe_done =
12954	    control_softc->ctl_ports[targ_port]->fe_done;
12955
12956#ifdef CTL_TIME_IO
12957	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12958		char str[256];
12959		char path_str[64];
12960		struct sbuf sb;
12961
12962		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12963		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12964
12965		sbuf_cat(&sb, path_str);
12966		switch (io->io_hdr.io_type) {
12967		case CTL_IO_SCSI:
12968			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12969			sbuf_printf(&sb, "\n");
12970			sbuf_cat(&sb, path_str);
12971			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12972				    io->scsiio.tag_num, io->scsiio.tag_type);
12973			break;
12974		case CTL_IO_TASK:
12975			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12976				    "Tag Type: %d\n", io->taskio.task_action,
12977				    io->taskio.tag_num, io->taskio.tag_type);
12978			break;
12979		default:
12980			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12981			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12982			break;
12983		}
12984		sbuf_cat(&sb, path_str);
12985		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12986			    (intmax_t)time_uptime - io->io_hdr.start_time);
12987		sbuf_finish(&sb);
12988		printf("%s", sbuf_data(&sb));
12989	}
12990#endif /* CTL_TIME_IO */
12991
12992	switch (io->io_hdr.io_type) {
12993	case CTL_IO_SCSI:
12994		break;
12995	case CTL_IO_TASK:
12996		if (bootverbose || verbose > 0)
12997			ctl_io_error_print(io, NULL);
12998		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12999			ctl_free_io(io);
13000		else
13001			fe_done(io);
13002		return (CTL_RETVAL_COMPLETE);
13003		break;
13004	default:
13005		printf("ctl_process_done: invalid io type %d\n",
13006		       io->io_hdr.io_type);
13007		panic("ctl_process_done: invalid io type %d\n",
13008		      io->io_hdr.io_type);
13009		break; /* NOTREACHED */
13010	}
13011
13012	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13013	if (lun == NULL) {
13014		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13015				 io->io_hdr.nexus.targ_mapped_lun));
13016		fe_done(io);
13017		goto bailout;
13018	}
13019	ctl_softc = lun->ctl_softc;
13020
13021	mtx_lock(&lun->lun_lock);
13022
13023	/*
13024	 * Check to see if we have any errors to inject here.  We only
13025	 * inject errors for commands that don't already have errors set.
13026	 */
13027	if ((STAILQ_FIRST(&lun->error_list) != NULL)
13028	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
13029		ctl_inject_error(lun, io);
13030
13031	/*
13032	 * XXX KDM how do we treat commands that aren't completed
13033	 * successfully?
13034	 *
13035	 * XXX KDM should we also track I/O latency?
13036	 */
13037	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13038	    io->io_hdr.io_type == CTL_IO_SCSI) {
13039#ifdef CTL_TIME_IO
13040		struct bintime cur_bt;
13041#endif
13042		int type;
13043
13044		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13045		    CTL_FLAG_DATA_IN)
13046			type = CTL_STATS_READ;
13047		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13048		    CTL_FLAG_DATA_OUT)
13049			type = CTL_STATS_WRITE;
13050		else
13051			type = CTL_STATS_NO_IO;
13052
13053		lun->stats.ports[targ_port].bytes[type] +=
13054		    io->scsiio.kern_total_len;
13055		lun->stats.ports[targ_port].operations[type]++;
13056#ifdef CTL_TIME_IO
13057		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13058		   &io->io_hdr.dma_bt);
13059		lun->stats.ports[targ_port].num_dmas[type] +=
13060		    io->io_hdr.num_dmas;
13061		getbintime(&cur_bt);
13062		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13063		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13064#endif
13065	}
13066
13067	/*
13068	 * Remove this from the OOA queue.
13069	 */
13070	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13071
13072	/*
13073	 * Run through the blocked queue on this LUN and see if anything
13074	 * has become unblocked, now that this transaction is done.
13075	 */
13076	ctl_check_blocked(lun);
13077
13078	/*
13079	 * If the LUN has been invalidated, free it if there is nothing
13080	 * left on its OOA queue.
13081	 */
13082	if ((lun->flags & CTL_LUN_INVALID)
13083	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13084		mtx_unlock(&lun->lun_lock);
13085		mtx_lock(&ctl_softc->ctl_lock);
13086		ctl_free_lun(lun);
13087		mtx_unlock(&ctl_softc->ctl_lock);
13088	} else
13089		mtx_unlock(&lun->lun_lock);
13090
13091	/*
13092	 * If this command has been aborted, make sure we set the status
13093	 * properly.  The FETD is responsible for freeing the I/O and doing
13094	 * whatever it needs to do to clean up its state.
13095	 */
13096	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13097		io->io_hdr.status = CTL_CMD_ABORTED;
13098
13099	/*
13100	 * We print out status for every task management command.  For SCSI
13101	 * commands, we filter out any unit attention errors; they happen
13102	 * on every boot, and would clutter up the log.  Note:  task
13103	 * management commands aren't printed here, they are printed above,
13104	 * since they should never even make it down here.
13105	 */
13106	switch (io->io_hdr.io_type) {
13107	case CTL_IO_SCSI: {
13108		int error_code, sense_key, asc, ascq;
13109
13110		sense_key = 0;
13111
13112		if (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR)
13113		 && (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
13114			/*
13115			 * Since this is just for printing, no need to
13116			 * show errors here.
13117			 */
13118			scsi_extract_sense_len(&io->scsiio.sense_data,
13119					       io->scsiio.sense_len,
13120					       &error_code,
13121					       &sense_key,
13122					       &asc,
13123					       &ascq,
13124					       /*show_errors*/ 0);
13125		}
13126
13127		if (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
13128		 && (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SCSI_ERROR)
13129		  || (io->scsiio.scsi_status != SCSI_STATUS_CHECK_COND)
13130		  || (sense_key != SSD_KEY_UNIT_ATTENTION))) {
13131
13132			if ((time_uptime - ctl_softc->last_print_jiffies) <= 0){
13133				ctl_softc->skipped_prints++;
13134			} else {
13135				uint32_t skipped_prints;
13136
13137				skipped_prints = ctl_softc->skipped_prints;
13138
13139				ctl_softc->skipped_prints = 0;
13140				ctl_softc->last_print_jiffies = time_uptime;
13141
13142				if (skipped_prints > 0) {
13143#ifdef NEEDTOPORT
13144					csevent_log(CSC_CTL | CSC_SHELF_SW |
13145					    CTL_ERROR_REPORT,
13146					    csevent_LogType_Trace,
13147					    csevent_Severity_Information,
13148					    csevent_AlertLevel_Green,
13149					    csevent_FRU_Firmware,
13150					    csevent_FRU_Unknown,
13151					    "High CTL error volume, %d prints "
13152					    "skipped", skipped_prints);
13153#endif
13154				}
13155				if (bootverbose || verbose > 0)
13156					ctl_io_error_print(io, NULL);
13157			}
13158		}
13159		break;
13160	}
13161	case CTL_IO_TASK:
13162		if (bootverbose || verbose > 0)
13163			ctl_io_error_print(io, NULL);
13164		break;
13165	default:
13166		break;
13167	}
13168
13169	/*
13170	 * Tell the FETD or the other shelf controller we're done with this
13171	 * command.  Note that only SCSI commands get to this point.  Task
13172	 * management commands are completed above.
13173	 *
13174	 * We only send status to the other controller if we're in XFER
13175	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13176	 * received the I/O (from CTL's perspective), and so the status is
13177	 * generated there.
13178	 *
13179	 * XXX KDM if we hold the lock here, we could cause a deadlock
13180	 * if the frontend comes back in in this context to queue
13181	 * something.
13182	 */
13183	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
13184	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13185		union ctl_ha_msg msg;
13186
13187		memset(&msg, 0, sizeof(msg));
13188		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13189		msg.hdr.original_sc = io->io_hdr.original_sc;
13190		msg.hdr.nexus = io->io_hdr.nexus;
13191		msg.hdr.status = io->io_hdr.status;
13192		msg.scsi.scsi_status = io->scsiio.scsi_status;
13193		msg.scsi.tag_num = io->scsiio.tag_num;
13194		msg.scsi.tag_type = io->scsiio.tag_type;
13195		msg.scsi.sense_len = io->scsiio.sense_len;
13196		msg.scsi.sense_residual = io->scsiio.sense_residual;
13197		msg.scsi.residual = io->scsiio.residual;
13198		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13199		       sizeof(io->scsiio.sense_data));
13200		/*
13201		 * We copy this whether or not this is an I/O-related
13202		 * command.  Otherwise, we'd have to go and check to see
13203		 * whether it's a read/write command, and it really isn't
13204		 * worth it.
13205		 */
13206		memcpy(&msg.scsi.lbalen,
13207		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13208		       sizeof(msg.scsi.lbalen));
13209
13210		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13211				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13212			/* XXX do something here */
13213		}
13214
13215		ctl_free_io(io);
13216	} else
13217		fe_done(io);
13218
13219bailout:
13220
13221	return (CTL_RETVAL_COMPLETE);
13222}
13223
13224/*
13225 * Front end should call this if it doesn't do autosense.  When the request
13226 * sense comes back in from the initiator, we'll dequeue this and send it.
13227 */
13228int
13229ctl_queue_sense(union ctl_io *io)
13230{
13231	struct ctl_lun *lun;
13232	struct ctl_softc *ctl_softc;
13233	uint32_t initidx, targ_lun;
13234
13235	ctl_softc = control_softc;
13236
13237	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13238
13239	/*
13240	 * LUN lookup will likely move to the ctl_work_thread() once we
13241	 * have our new queueing infrastructure (that doesn't put things on
13242	 * a per-LUN queue initially).  That is so that we can handle
13243	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13244	 * can't deal with that right now.
13245	 */
13246	mtx_lock(&ctl_softc->ctl_lock);
13247
13248	/*
13249	 * If we don't have a LUN for this, just toss the sense
13250	 * information.
13251	 */
13252	targ_lun = io->io_hdr.nexus.targ_lun;
13253	targ_lun = ctl_map_lun(io->io_hdr.nexus.targ_port, targ_lun);
13254	if ((targ_lun < CTL_MAX_LUNS)
13255	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
13256		lun = ctl_softc->ctl_luns[targ_lun];
13257	else
13258		goto bailout;
13259
13260	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13261
13262	mtx_lock(&lun->lun_lock);
13263	/*
13264	 * Already have CA set for this LUN...toss the sense information.
13265	 */
13266	if (ctl_is_set(lun->have_ca, initidx)) {
13267		mtx_unlock(&lun->lun_lock);
13268		goto bailout;
13269	}
13270
13271	memcpy(&lun->pending_sense[initidx].sense, &io->scsiio.sense_data,
13272	       ctl_min(sizeof(lun->pending_sense[initidx].sense),
13273	       sizeof(io->scsiio.sense_data)));
13274	ctl_set_mask(lun->have_ca, initidx);
13275	mtx_unlock(&lun->lun_lock);
13276
13277bailout:
13278	mtx_unlock(&ctl_softc->ctl_lock);
13279
13280	ctl_free_io(io);
13281
13282	return (CTL_RETVAL_COMPLETE);
13283}
13284
13285/*
13286 * Primary command inlet from frontend ports.  All SCSI and task I/O
13287 * requests must go through this function.
13288 */
13289int
13290ctl_queue(union ctl_io *io)
13291{
13292	struct ctl_softc *ctl_softc;
13293
13294	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13295
13296	ctl_softc = control_softc;
13297
13298#ifdef CTL_TIME_IO
13299	io->io_hdr.start_time = time_uptime;
13300	getbintime(&io->io_hdr.start_bt);
13301#endif /* CTL_TIME_IO */
13302
13303	/* Map FE-specific LUN ID into global one. */
13304	io->io_hdr.nexus.targ_mapped_lun =
13305	    ctl_map_lun(io->io_hdr.nexus.targ_port, io->io_hdr.nexus.targ_lun);
13306
13307	switch (io->io_hdr.io_type) {
13308	case CTL_IO_SCSI:
13309	case CTL_IO_TASK:
13310		ctl_enqueue_incoming(io);
13311		break;
13312	default:
13313		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13314		return (EINVAL);
13315	}
13316
13317	return (CTL_RETVAL_COMPLETE);
13318}
13319
13320#ifdef CTL_IO_DELAY
13321static void
13322ctl_done_timer_wakeup(void *arg)
13323{
13324	union ctl_io *io;
13325
13326	io = (union ctl_io *)arg;
13327	ctl_done(io);
13328}
13329#endif /* CTL_IO_DELAY */
13330
13331void
13332ctl_done(union ctl_io *io)
13333{
13334	struct ctl_softc *ctl_softc;
13335
13336	ctl_softc = control_softc;
13337
13338	/*
13339	 * Enable this to catch duplicate completion issues.
13340	 */
13341#if 0
13342	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13343		printf("%s: type %d msg %d cdb %x iptl: "
13344		       "%d:%d:%d:%d tag 0x%04x "
13345		       "flag %#x status %x\n",
13346			__func__,
13347			io->io_hdr.io_type,
13348			io->io_hdr.msg_type,
13349			io->scsiio.cdb[0],
13350			io->io_hdr.nexus.initid.id,
13351			io->io_hdr.nexus.targ_port,
13352			io->io_hdr.nexus.targ_target.id,
13353			io->io_hdr.nexus.targ_lun,
13354			(io->io_hdr.io_type ==
13355			CTL_IO_TASK) ?
13356			io->taskio.tag_num :
13357			io->scsiio.tag_num,
13358		        io->io_hdr.flags,
13359			io->io_hdr.status);
13360	} else
13361		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13362#endif
13363
13364	/*
13365	 * This is an internal copy of an I/O, and should not go through
13366	 * the normal done processing logic.
13367	 */
13368	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13369		return;
13370
13371	/*
13372	 * We need to send a msg to the serializing shelf to finish the IO
13373	 * as well.  We don't send a finish message to the other shelf if
13374	 * this is a task management command.  Task management commands
13375	 * aren't serialized in the OOA queue, but rather just executed on
13376	 * both shelf controllers for commands that originated on that
13377	 * controller.
13378	 */
13379	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13380	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13381		union ctl_ha_msg msg_io;
13382
13383		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13384		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13385		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13386		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13387		}
13388		/* continue on to finish IO */
13389	}
13390#ifdef CTL_IO_DELAY
13391	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13392		struct ctl_lun *lun;
13393
13394		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13395
13396		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13397	} else {
13398		struct ctl_lun *lun;
13399
13400		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13401
13402		if ((lun != NULL)
13403		 && (lun->delay_info.done_delay > 0)) {
13404			struct callout *callout;
13405
13406			callout = (struct callout *)&io->io_hdr.timer_bytes;
13407			callout_init(callout, /*mpsafe*/ 1);
13408			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13409			callout_reset(callout,
13410				      lun->delay_info.done_delay * hz,
13411				      ctl_done_timer_wakeup, io);
13412			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13413				lun->delay_info.done_delay = 0;
13414			return;
13415		}
13416	}
13417#endif /* CTL_IO_DELAY */
13418
13419	ctl_enqueue_done(io);
13420}
13421
13422int
13423ctl_isc(struct ctl_scsiio *ctsio)
13424{
13425	struct ctl_lun *lun;
13426	int retval;
13427
13428	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13429
13430	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13431
13432	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13433
13434	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13435
13436	return (retval);
13437}
13438
13439
13440static void
13441ctl_work_thread(void *arg)
13442{
13443	struct ctl_thread *thr = (struct ctl_thread *)arg;
13444	struct ctl_softc *softc = thr->ctl_softc;
13445	union ctl_io *io;
13446	int retval;
13447
13448	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13449
13450	for (;;) {
13451		retval = 0;
13452
13453		/*
13454		 * We handle the queues in this order:
13455		 * - ISC
13456		 * - done queue (to free up resources, unblock other commands)
13457		 * - RtR queue
13458		 * - incoming queue
13459		 *
13460		 * If those queues are empty, we break out of the loop and
13461		 * go to sleep.
13462		 */
13463		mtx_lock(&thr->queue_lock);
13464		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13465		if (io != NULL) {
13466			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13467			mtx_unlock(&thr->queue_lock);
13468			ctl_handle_isc(io);
13469			continue;
13470		}
13471		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13472		if (io != NULL) {
13473			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13474			/* clear any blocked commands, call fe_done */
13475			mtx_unlock(&thr->queue_lock);
13476			retval = ctl_process_done(io);
13477			continue;
13478		}
13479		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13480		if (io != NULL) {
13481			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13482			mtx_unlock(&thr->queue_lock);
13483			if (io->io_hdr.io_type == CTL_IO_TASK)
13484				ctl_run_task(io);
13485			else
13486				ctl_scsiio_precheck(softc, &io->scsiio);
13487			continue;
13488		}
13489		if (!ctl_pause_rtr) {
13490			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13491			if (io != NULL) {
13492				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13493				mtx_unlock(&thr->queue_lock);
13494				retval = ctl_scsiio(&io->scsiio);
13495				if (retval != CTL_RETVAL_COMPLETE)
13496					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13497				continue;
13498			}
13499		}
13500
13501		/* Sleep until we have something to do. */
13502		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13503	}
13504}
13505
13506static void
13507ctl_lun_thread(void *arg)
13508{
13509	struct ctl_softc *softc = (struct ctl_softc *)arg;
13510	struct ctl_be_lun *be_lun;
13511	int retval;
13512
13513	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13514
13515	for (;;) {
13516		retval = 0;
13517		mtx_lock(&softc->ctl_lock);
13518		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13519		if (be_lun != NULL) {
13520			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13521			mtx_unlock(&softc->ctl_lock);
13522			ctl_create_lun(be_lun);
13523			continue;
13524		}
13525
13526		/* Sleep until we have something to do. */
13527		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13528		    PDROP | PRIBIO, "-", 0);
13529	}
13530}
13531
13532static void
13533ctl_enqueue_incoming(union ctl_io *io)
13534{
13535	struct ctl_softc *softc = control_softc;
13536	struct ctl_thread *thr;
13537	u_int idx;
13538
13539	idx = (io->io_hdr.nexus.targ_port * 127 +
13540	       io->io_hdr.nexus.initid.id) % worker_threads;
13541	thr = &softc->threads[idx];
13542	mtx_lock(&thr->queue_lock);
13543	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13544	mtx_unlock(&thr->queue_lock);
13545	wakeup(thr);
13546}
13547
13548static void
13549ctl_enqueue_rtr(union ctl_io *io)
13550{
13551	struct ctl_softc *softc = control_softc;
13552	struct ctl_thread *thr;
13553
13554	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13555	mtx_lock(&thr->queue_lock);
13556	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13557	mtx_unlock(&thr->queue_lock);
13558	wakeup(thr);
13559}
13560
13561static void
13562ctl_enqueue_done(union ctl_io *io)
13563{
13564	struct ctl_softc *softc = control_softc;
13565	struct ctl_thread *thr;
13566
13567	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13568	mtx_lock(&thr->queue_lock);
13569	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13570	mtx_unlock(&thr->queue_lock);
13571	wakeup(thr);
13572}
13573
13574static void
13575ctl_enqueue_isc(union ctl_io *io)
13576{
13577	struct ctl_softc *softc = control_softc;
13578	struct ctl_thread *thr;
13579
13580	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13581	mtx_lock(&thr->queue_lock);
13582	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13583	mtx_unlock(&thr->queue_lock);
13584	wakeup(thr);
13585}
13586
13587/* Initialization and failover */
13588
13589void
13590ctl_init_isc_msg(void)
13591{
13592	printf("CTL: Still calling this thing\n");
13593}
13594
13595/*
13596 * Init component
13597 * 	Initializes component into configuration defined by bootMode
13598 *	(see hasc-sv.c)
13599 *  	returns hasc_Status:
13600 * 		OK
13601 *		ERROR - fatal error
13602 */
13603static ctl_ha_comp_status
13604ctl_isc_init(struct ctl_ha_component *c)
13605{
13606	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13607
13608	c->status = ret;
13609	return ret;
13610}
13611
13612/* Start component
13613 * 	Starts component in state requested. If component starts successfully,
13614 *	it must set its own state to the requestrd state
13615 *	When requested state is HASC_STATE_HA, the component may refine it
13616 * 	by adding _SLAVE or _MASTER flags.
13617 *	Currently allowed state transitions are:
13618 *	UNKNOWN->HA		- initial startup
13619 *	UNKNOWN->SINGLE - initial startup when no parter detected
13620 *	HA->SINGLE		- failover
13621 * returns ctl_ha_comp_status:
13622 * 		OK	- component successfully started in requested state
13623 *		FAILED  - could not start the requested state, failover may
13624 * 			  be possible
13625 *		ERROR	- fatal error detected, no future startup possible
13626 */
13627static ctl_ha_comp_status
13628ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
13629{
13630	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13631
13632	printf("%s: go\n", __func__);
13633
13634	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
13635	if (c->state == CTL_HA_STATE_UNKNOWN ) {
13636		ctl_is_single = 0;
13637		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
13638		    != CTL_HA_STATUS_SUCCESS) {
13639			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
13640			ret = CTL_HA_COMP_STATUS_ERROR;
13641		}
13642	} else if (CTL_HA_STATE_IS_HA(c->state)
13643		&& CTL_HA_STATE_IS_SINGLE(state)){
13644		// HA->SINGLE transition
13645	        ctl_failover();
13646		ctl_is_single = 1;
13647	} else {
13648		printf("ctl_isc_start:Invalid state transition %X->%X\n",
13649		       c->state, state);
13650		ret = CTL_HA_COMP_STATUS_ERROR;
13651	}
13652	if (CTL_HA_STATE_IS_SINGLE(state))
13653		ctl_is_single = 1;
13654
13655	c->state = state;
13656	c->status = ret;
13657	return ret;
13658}
13659
13660/*
13661 * Quiesce component
13662 * The component must clear any error conditions (set status to OK) and
13663 * prepare itself to another Start call
13664 * returns ctl_ha_comp_status:
13665 * 	OK
13666 *	ERROR
13667 */
13668static ctl_ha_comp_status
13669ctl_isc_quiesce(struct ctl_ha_component *c)
13670{
13671	int ret = CTL_HA_COMP_STATUS_OK;
13672
13673	ctl_pause_rtr = 1;
13674	c->status = ret;
13675	return ret;
13676}
13677
13678struct ctl_ha_component ctl_ha_component_ctlisc =
13679{
13680	.name = "CTL ISC",
13681	.state = CTL_HA_STATE_UNKNOWN,
13682	.init = ctl_isc_init,
13683	.start = ctl_isc_start,
13684	.quiesce = ctl_isc_quiesce
13685};
13686
13687/*
13688 *  vim: ts=8
13689 */
13690