ctl.c revision 273978 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 273978 2014-11-02 17:28:44Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/kernel.h>
50#include <sys/types.h>
51#include <sys/kthread.h>
52#include <sys/bio.h>
53#include <sys/fcntl.h>
54#include <sys/lock.h>
55#include <sys/module.h>
56#include <sys/mutex.h>
57#include <sys/condvar.h>
58#include <sys/malloc.h>
59#include <sys/conf.h>
60#include <sys/ioccom.h>
61#include <sys/queue.h>
62#include <sys/sbuf.h>
63#include <sys/smp.h>
64#include <sys/endian.h>
65#include <sys/sysctl.h>
66
67#include <cam/cam.h>
68#include <cam/scsi/scsi_all.h>
69#include <cam/scsi/scsi_da.h>
70#include <cam/ctl/ctl_io.h>
71#include <cam/ctl/ctl.h>
72#include <cam/ctl/ctl_frontend.h>
73#include <cam/ctl/ctl_frontend_internal.h>
74#include <cam/ctl/ctl_util.h>
75#include <cam/ctl/ctl_backend.h>
76#include <cam/ctl/ctl_ioctl.h>
77#include <cam/ctl/ctl_ha.h>
78#include <cam/ctl/ctl_private.h>
79#include <cam/ctl/ctl_debug.h>
80#include <cam/ctl/ctl_scsi_all.h>
81#include <cam/ctl/ctl_error.h>
82
83struct ctl_softc *control_softc = NULL;
84
85/*
86 * Size and alignment macros needed for Copan-specific HA hardware.  These
87 * can go away when the HA code is re-written, and uses busdma for any
88 * hardware.
89 */
90#define	CTL_ALIGN_8B(target, source, type)				\
91	if (((uint32_t)source & 0x7) != 0)				\
92		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
93	else								\
94		target = (type)source;
95
96#define	CTL_SIZE_8B(target, size)					\
97	if ((size & 0x7) != 0)						\
98		target = size + (0x8 - (size & 0x7));			\
99	else								\
100		target = size;
101
102#define CTL_ALIGN_8B_MARGIN	16
103
104/*
105 * Template mode pages.
106 */
107
108/*
109 * Note that these are default values only.  The actual values will be
110 * filled in when the user does a mode sense.
111 */
112static struct copan_debugconf_subpage debugconf_page_default = {
113	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
114	DBGCNF_SUBPAGE_CODE,		/* subpage */
115	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
116	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
117	DBGCNF_VERSION,			/* page_version */
118	{CTL_TIME_IO_DEFAULT_SECS>>8,
119	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
120};
121
122static struct copan_debugconf_subpage debugconf_page_changeable = {
123	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
124	DBGCNF_SUBPAGE_CODE,		/* subpage */
125	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
126	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
127	0,				/* page_version */
128	{0xff,0xff},			/* ctl_time_io_secs */
129};
130
131static struct scsi_da_rw_recovery_page rw_er_page_default = {
132	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
133	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
134	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
135	/*read_retry_count*/0,
136	/*correction_span*/0,
137	/*head_offset_count*/0,
138	/*data_strobe_offset_cnt*/0,
139	/*byte8*/0,
140	/*write_retry_count*/0,
141	/*reserved2*/0,
142	/*recovery_time_limit*/{0, 0},
143};
144
145static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
146	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
147	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
148	/*byte3*/0,
149	/*read_retry_count*/0,
150	/*correction_span*/0,
151	/*head_offset_count*/0,
152	/*data_strobe_offset_cnt*/0,
153	/*byte8*/0,
154	/*write_retry_count*/0,
155	/*reserved2*/0,
156	/*recovery_time_limit*/{0, 0},
157};
158
159static struct scsi_format_page format_page_default = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
167			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
168	/*bytes_per_sector*/ {0, 0},
169	/*interleave*/ {0, 0},
170	/*track_skew*/ {0, 0},
171	/*cylinder_skew*/ {0, 0},
172	/*flags*/ SFP_HSEC,
173	/*reserved*/ {0, 0, 0}
174};
175
176static struct scsi_format_page format_page_changeable = {
177	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
178	/*page_length*/sizeof(struct scsi_format_page) - 2,
179	/*tracks_per_zone*/ {0, 0},
180	/*alt_sectors_per_zone*/ {0, 0},
181	/*alt_tracks_per_zone*/ {0, 0},
182	/*alt_tracks_per_lun*/ {0, 0},
183	/*sectors_per_track*/ {0, 0},
184	/*bytes_per_sector*/ {0, 0},
185	/*interleave*/ {0, 0},
186	/*track_skew*/ {0, 0},
187	/*cylinder_skew*/ {0, 0},
188	/*flags*/ 0,
189	/*reserved*/ {0, 0, 0}
190};
191
192static struct scsi_rigid_disk_page rigid_disk_page_default = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ CTL_DEFAULT_HEADS,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ SRDP_RPL_DISABLED,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
205			   CTL_DEFAULT_ROTATION_RATE & 0xff},
206	/*reserved2*/ {0, 0}
207};
208
209static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
210	/*page_code*/SMS_RIGID_DISK_PAGE,
211	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
212	/*cylinders*/ {0, 0, 0},
213	/*heads*/ 0,
214	/*start_write_precomp*/ {0, 0, 0},
215	/*start_reduced_current*/ {0, 0, 0},
216	/*step_rate*/ {0, 0},
217	/*landing_zone_cylinder*/ {0, 0, 0},
218	/*rpl*/ 0,
219	/*rotational_offset*/ 0,
220	/*reserved1*/ 0,
221	/*rotation_rate*/ {0, 0},
222	/*reserved2*/ {0, 0}
223};
224
225static struct scsi_caching_page caching_page_default = {
226	/*page_code*/SMS_CACHING_PAGE,
227	/*page_length*/sizeof(struct scsi_caching_page) - 2,
228	/*flags1*/ SCP_DISC | SCP_WCE,
229	/*ret_priority*/ 0,
230	/*disable_pf_transfer_len*/ {0xff, 0xff},
231	/*min_prefetch*/ {0, 0},
232	/*max_prefetch*/ {0xff, 0xff},
233	/*max_pf_ceiling*/ {0xff, 0xff},
234	/*flags2*/ 0,
235	/*cache_segments*/ 0,
236	/*cache_seg_size*/ {0, 0},
237	/*reserved*/ 0,
238	/*non_cache_seg_size*/ {0, 0, 0}
239};
240
241static struct scsi_caching_page caching_page_changeable = {
242	/*page_code*/SMS_CACHING_PAGE,
243	/*page_length*/sizeof(struct scsi_caching_page) - 2,
244	/*flags1*/ SCP_WCE | SCP_RCD,
245	/*ret_priority*/ 0,
246	/*disable_pf_transfer_len*/ {0, 0},
247	/*min_prefetch*/ {0, 0},
248	/*max_prefetch*/ {0, 0},
249	/*max_pf_ceiling*/ {0, 0},
250	/*flags2*/ 0,
251	/*cache_segments*/ 0,
252	/*cache_seg_size*/ {0, 0},
253	/*reserved*/ 0,
254	/*non_cache_seg_size*/ {0, 0, 0}
255};
256
257static struct scsi_control_page control_page_default = {
258	/*page_code*/SMS_CONTROL_MODE_PAGE,
259	/*page_length*/sizeof(struct scsi_control_page) - 2,
260	/*rlec*/0,
261	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
262	/*eca_and_aen*/0,
263	/*flags4*/SCP_TAS,
264	/*aen_holdoff_period*/{0, 0},
265	/*busy_timeout_period*/{0, 0},
266	/*extended_selftest_completion_time*/{0, 0}
267};
268
269static struct scsi_control_page control_page_changeable = {
270	/*page_code*/SMS_CONTROL_MODE_PAGE,
271	/*page_length*/sizeof(struct scsi_control_page) - 2,
272	/*rlec*/SCP_DSENSE,
273	/*queue_flags*/SCP_QUEUE_ALG_MASK,
274	/*eca_and_aen*/SCP_SWP,
275	/*flags4*/0,
276	/*aen_holdoff_period*/{0, 0},
277	/*busy_timeout_period*/{0, 0},
278	/*extended_selftest_completion_time*/{0, 0}
279};
280
281static struct scsi_info_exceptions_page ie_page_default = {
282	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
283	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
284	/*info_flags*/SIEP_FLAGS_DEXCPT,
285	/*mrie*/0,
286	/*interval_timer*/{0, 0, 0, 0},
287	/*report_count*/{0, 0, 0, 0}
288};
289
290static struct scsi_info_exceptions_page ie_page_changeable = {
291	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
292	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
293	/*info_flags*/0,
294	/*mrie*/0,
295	/*interval_timer*/{0, 0, 0, 0},
296	/*report_count*/{0, 0, 0, 0}
297};
298
299static struct scsi_logical_block_provisioning_page lbp_page_default = {
300	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
301	/*subpage_code*/0x02,
302	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
303	/*flags*/0,
304	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
305	/*descr*/{}
306};
307
308static struct scsi_logical_block_provisioning_page lbp_page_changeable = {
309	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
310	/*subpage_code*/0x02,
311	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
312	/*flags*/0,
313	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
314	/*descr*/{}
315};
316
317/*
318 * XXX KDM move these into the softc.
319 */
320static int rcv_sync_msg;
321static int persis_offset;
322static uint8_t ctl_pause_rtr;
323static int     ctl_is_single = 1;
324
325SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
326static int worker_threads = -1;
327TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
328SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
329    &worker_threads, 1, "Number of worker threads");
330static int ctl_debug = CTL_DEBUG_NONE;
331TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
332SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
333    &ctl_debug, 0, "Enabled debug flags");
334
335/*
336 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
337 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
338 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
339 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
340 */
341#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
342
343static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
344				  int param);
345static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
346static int ctl_init(void);
347void ctl_shutdown(void);
348static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
349static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
350static void ctl_ioctl_online(void *arg);
351static void ctl_ioctl_offline(void *arg);
352static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
353static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
354static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
355static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
356static int ctl_ioctl_submit_wait(union ctl_io *io);
357static void ctl_ioctl_datamove(union ctl_io *io);
358static void ctl_ioctl_done(union ctl_io *io);
359static void ctl_ioctl_hard_startstop_callback(void *arg,
360					      struct cfi_metatask *metatask);
361static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
362static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
363			      struct ctl_ooa *ooa_hdr,
364			      struct ctl_ooa_entry *kern_entries);
365static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
366		     struct thread *td);
367static uint32_t ctl_map_lun(int port_num, uint32_t lun);
368static uint32_t ctl_map_lun_back(int port_num, uint32_t lun);
369#ifdef unused
370static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
371				   uint32_t targ_target, uint32_t targ_lun,
372				   int can_wait);
373static void ctl_kfree_io(union ctl_io *io);
374#endif /* unused */
375static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
376			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
377static int ctl_free_lun(struct ctl_lun *lun);
378static void ctl_create_lun(struct ctl_be_lun *be_lun);
379/**
380static void ctl_failover_change_pages(struct ctl_softc *softc,
381				      struct ctl_scsiio *ctsio, int master);
382**/
383
384static int ctl_do_mode_select(union ctl_io *io);
385static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
386			   uint64_t res_key, uint64_t sa_res_key,
387			   uint8_t type, uint32_t residx,
388			   struct ctl_scsiio *ctsio,
389			   struct scsi_per_res_out *cdb,
390			   struct scsi_per_res_out_parms* param);
391static void ctl_pro_preempt_other(struct ctl_lun *lun,
392				  union ctl_ha_msg *msg);
393static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
394static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
395static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
396static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
397static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
398static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
399static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
400					 int alloc_len);
401static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
402					 int alloc_len);
403static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
404static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
406static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
407static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
408static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
409static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
410    union ctl_io *pending_io, union ctl_io *ooa_io);
411static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
412				union ctl_io *starting_io);
413static int ctl_check_blocked(struct ctl_lun *lun);
414static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
415				struct ctl_lun *lun,
416				const struct ctl_cmd_entry *entry,
417				struct ctl_scsiio *ctsio);
418//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
419static void ctl_failover(void);
420static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
421			       struct ctl_scsiio *ctsio);
422static int ctl_scsiio(struct ctl_scsiio *ctsio);
423
424static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
425static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
426			    ctl_ua_type ua_type);
427static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
428			 ctl_ua_type ua_type);
429static int ctl_abort_task(union ctl_io *io);
430static int ctl_abort_task_set(union ctl_io *io);
431static int ctl_i_t_nexus_reset(union ctl_io *io);
432static void ctl_run_task(union ctl_io *io);
433#ifdef CTL_IO_DELAY
434static void ctl_datamove_timer_wakeup(void *arg);
435static void ctl_done_timer_wakeup(void *arg);
436#endif /* CTL_IO_DELAY */
437
438static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
439static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
440static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
441static void ctl_datamove_remote_write(union ctl_io *io);
442static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
443static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
444static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
445static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
446				    ctl_ha_dt_cb callback);
447static void ctl_datamove_remote_read(union ctl_io *io);
448static void ctl_datamove_remote(union ctl_io *io);
449static int ctl_process_done(union ctl_io *io);
450static void ctl_lun_thread(void *arg);
451static void ctl_work_thread(void *arg);
452static void ctl_enqueue_incoming(union ctl_io *io);
453static void ctl_enqueue_rtr(union ctl_io *io);
454static void ctl_enqueue_done(union ctl_io *io);
455static void ctl_enqueue_isc(union ctl_io *io);
456static const struct ctl_cmd_entry *
457    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
458static const struct ctl_cmd_entry *
459    ctl_validate_command(struct ctl_scsiio *ctsio);
460static int ctl_cmd_applicable(uint8_t lun_type,
461    const struct ctl_cmd_entry *entry);
462
463/*
464 * Load the serialization table.  This isn't very pretty, but is probably
465 * the easiest way to do it.
466 */
467#include "ctl_ser_table.c"
468
469/*
470 * We only need to define open, close and ioctl routines for this driver.
471 */
472static struct cdevsw ctl_cdevsw = {
473	.d_version =	D_VERSION,
474	.d_flags =	0,
475	.d_open =	ctl_open,
476	.d_close =	ctl_close,
477	.d_ioctl =	ctl_ioctl,
478	.d_name =	"ctl",
479};
480
481
482MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
483MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
484
485static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
486
487static moduledata_t ctl_moduledata = {
488	"ctl",
489	ctl_module_event_handler,
490	NULL
491};
492
493DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
494MODULE_VERSION(ctl, 1);
495
496static struct ctl_frontend ioctl_frontend =
497{
498	.name = "ioctl",
499};
500
501static void
502ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
503			    union ctl_ha_msg *msg_info)
504{
505	struct ctl_scsiio *ctsio;
506
507	if (msg_info->hdr.original_sc == NULL) {
508		printf("%s: original_sc == NULL!\n", __func__);
509		/* XXX KDM now what? */
510		return;
511	}
512
513	ctsio = &msg_info->hdr.original_sc->scsiio;
514	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
515	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
516	ctsio->io_hdr.status = msg_info->hdr.status;
517	ctsio->scsi_status = msg_info->scsi.scsi_status;
518	ctsio->sense_len = msg_info->scsi.sense_len;
519	ctsio->sense_residual = msg_info->scsi.sense_residual;
520	ctsio->residual = msg_info->scsi.residual;
521	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
522	       sizeof(ctsio->sense_data));
523	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
524	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
525	ctl_enqueue_isc((union ctl_io *)ctsio);
526}
527
528static void
529ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
530				union ctl_ha_msg *msg_info)
531{
532	struct ctl_scsiio *ctsio;
533
534	if (msg_info->hdr.serializing_sc == NULL) {
535		printf("%s: serializing_sc == NULL!\n", __func__);
536		/* XXX KDM now what? */
537		return;
538	}
539
540	ctsio = &msg_info->hdr.serializing_sc->scsiio;
541#if 0
542	/*
543	 * Attempt to catch the situation where an I/O has
544	 * been freed, and we're using it again.
545	 */
546	if (ctsio->io_hdr.io_type == 0xff) {
547		union ctl_io *tmp_io;
548		tmp_io = (union ctl_io *)ctsio;
549		printf("%s: %p use after free!\n", __func__,
550		       ctsio);
551		printf("%s: type %d msg %d cdb %x iptl: "
552		       "%d:%d:%d:%d tag 0x%04x "
553		       "flag %#x status %x\n",
554			__func__,
555			tmp_io->io_hdr.io_type,
556			tmp_io->io_hdr.msg_type,
557			tmp_io->scsiio.cdb[0],
558			tmp_io->io_hdr.nexus.initid.id,
559			tmp_io->io_hdr.nexus.targ_port,
560			tmp_io->io_hdr.nexus.targ_target.id,
561			tmp_io->io_hdr.nexus.targ_lun,
562			(tmp_io->io_hdr.io_type ==
563			CTL_IO_TASK) ?
564			tmp_io->taskio.tag_num :
565			tmp_io->scsiio.tag_num,
566		        tmp_io->io_hdr.flags,
567			tmp_io->io_hdr.status);
568	}
569#endif
570	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
571	ctl_enqueue_isc((union ctl_io *)ctsio);
572}
573
574/*
575 * ISC (Inter Shelf Communication) event handler.  Events from the HA
576 * subsystem come in here.
577 */
578static void
579ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
580{
581	struct ctl_softc *ctl_softc;
582	union ctl_io *io;
583	struct ctl_prio *presio;
584	ctl_ha_status isc_status;
585
586	ctl_softc = control_softc;
587	io = NULL;
588
589
590#if 0
591	printf("CTL: Isc Msg event %d\n", event);
592#endif
593	if (event == CTL_HA_EVT_MSG_RECV) {
594		union ctl_ha_msg msg_info;
595
596		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
597					     sizeof(msg_info), /*wait*/ 0);
598#if 0
599		printf("CTL: msg_type %d\n", msg_info.msg_type);
600#endif
601		if (isc_status != 0) {
602			printf("Error receiving message, status = %d\n",
603			       isc_status);
604			return;
605		}
606
607		switch (msg_info.hdr.msg_type) {
608		case CTL_MSG_SERIALIZE:
609#if 0
610			printf("Serialize\n");
611#endif
612			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
613			if (io == NULL) {
614				printf("ctl_isc_event_handler: can't allocate "
615				       "ctl_io!\n");
616				/* Bad Juju */
617				/* Need to set busy and send msg back */
618				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
619				msg_info.hdr.status = CTL_SCSI_ERROR;
620				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
621				msg_info.scsi.sense_len = 0;
622			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
623				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
624				}
625				goto bailout;
626			}
627			ctl_zero_io(io);
628			// populate ctsio from msg_info
629			io->io_hdr.io_type = CTL_IO_SCSI;
630			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
631			io->io_hdr.original_sc = msg_info.hdr.original_sc;
632#if 0
633			printf("pOrig %x\n", (int)msg_info.original_sc);
634#endif
635			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
636					    CTL_FLAG_IO_ACTIVE;
637			/*
638			 * If we're in serialization-only mode, we don't
639			 * want to go through full done processing.  Thus
640			 * the COPY flag.
641			 *
642			 * XXX KDM add another flag that is more specific.
643			 */
644			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
645				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
646			io->io_hdr.nexus = msg_info.hdr.nexus;
647#if 0
648			printf("targ %d, port %d, iid %d, lun %d\n",
649			       io->io_hdr.nexus.targ_target.id,
650			       io->io_hdr.nexus.targ_port,
651			       io->io_hdr.nexus.initid.id,
652			       io->io_hdr.nexus.targ_lun);
653#endif
654			io->scsiio.tag_num = msg_info.scsi.tag_num;
655			io->scsiio.tag_type = msg_info.scsi.tag_type;
656			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
657			       CTL_MAX_CDBLEN);
658			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
659				const struct ctl_cmd_entry *entry;
660
661				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
662				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
663				io->io_hdr.flags |=
664					entry->flags & CTL_FLAG_DATA_MASK;
665			}
666			ctl_enqueue_isc(io);
667			break;
668
669		/* Performed on the Originating SC, XFER mode only */
670		case CTL_MSG_DATAMOVE: {
671			struct ctl_sg_entry *sgl;
672			int i, j;
673
674			io = msg_info.hdr.original_sc;
675			if (io == NULL) {
676				printf("%s: original_sc == NULL!\n", __func__);
677				/* XXX KDM do something here */
678				break;
679			}
680			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
681			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
682			/*
683			 * Keep track of this, we need to send it back over
684			 * when the datamove is complete.
685			 */
686			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
687
688			if (msg_info.dt.sg_sequence == 0) {
689				/*
690				 * XXX KDM we use the preallocated S/G list
691				 * here, but we'll need to change this to
692				 * dynamic allocation if we need larger S/G
693				 * lists.
694				 */
695				if (msg_info.dt.kern_sg_entries >
696				    sizeof(io->io_hdr.remote_sglist) /
697				    sizeof(io->io_hdr.remote_sglist[0])) {
698					printf("%s: number of S/G entries "
699					    "needed %u > allocated num %zd\n",
700					    __func__,
701					    msg_info.dt.kern_sg_entries,
702					    sizeof(io->io_hdr.remote_sglist)/
703					    sizeof(io->io_hdr.remote_sglist[0]));
704
705					/*
706					 * XXX KDM send a message back to
707					 * the other side to shut down the
708					 * DMA.  The error will come back
709					 * through via the normal channel.
710					 */
711					break;
712				}
713				sgl = io->io_hdr.remote_sglist;
714				memset(sgl, 0,
715				       sizeof(io->io_hdr.remote_sglist));
716
717				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
718
719				io->scsiio.kern_sg_entries =
720					msg_info.dt.kern_sg_entries;
721				io->scsiio.rem_sg_entries =
722					msg_info.dt.kern_sg_entries;
723				io->scsiio.kern_data_len =
724					msg_info.dt.kern_data_len;
725				io->scsiio.kern_total_len =
726					msg_info.dt.kern_total_len;
727				io->scsiio.kern_data_resid =
728					msg_info.dt.kern_data_resid;
729				io->scsiio.kern_rel_offset =
730					msg_info.dt.kern_rel_offset;
731				/*
732				 * Clear out per-DMA flags.
733				 */
734				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
735				/*
736				 * Add per-DMA flags that are set for this
737				 * particular DMA request.
738				 */
739				io->io_hdr.flags |= msg_info.dt.flags &
740						    CTL_FLAG_RDMA_MASK;
741			} else
742				sgl = (struct ctl_sg_entry *)
743					io->scsiio.kern_data_ptr;
744
745			for (i = msg_info.dt.sent_sg_entries, j = 0;
746			     i < (msg_info.dt.sent_sg_entries +
747			     msg_info.dt.cur_sg_entries); i++, j++) {
748				sgl[i].addr = msg_info.dt.sg_list[j].addr;
749				sgl[i].len = msg_info.dt.sg_list[j].len;
750
751#if 0
752				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
753				       __func__,
754				       msg_info.dt.sg_list[j].addr,
755				       msg_info.dt.sg_list[j].len,
756				       sgl[i].addr, sgl[i].len, j, i);
757#endif
758			}
759#if 0
760			memcpy(&sgl[msg_info.dt.sent_sg_entries],
761			       msg_info.dt.sg_list,
762			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
763#endif
764
765			/*
766			 * If this is the last piece of the I/O, we've got
767			 * the full S/G list.  Queue processing in the thread.
768			 * Otherwise wait for the next piece.
769			 */
770			if (msg_info.dt.sg_last != 0)
771				ctl_enqueue_isc(io);
772			break;
773		}
774		/* Performed on the Serializing (primary) SC, XFER mode only */
775		case CTL_MSG_DATAMOVE_DONE: {
776			if (msg_info.hdr.serializing_sc == NULL) {
777				printf("%s: serializing_sc == NULL!\n",
778				       __func__);
779				/* XXX KDM now what? */
780				break;
781			}
782			/*
783			 * We grab the sense information here in case
784			 * there was a failure, so we can return status
785			 * back to the initiator.
786			 */
787			io = msg_info.hdr.serializing_sc;
788			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
789			io->io_hdr.status = msg_info.hdr.status;
790			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
791			io->scsiio.sense_len = msg_info.scsi.sense_len;
792			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
793			io->io_hdr.port_status = msg_info.scsi.fetd_status;
794			io->scsiio.residual = msg_info.scsi.residual;
795			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
796			       sizeof(io->scsiio.sense_data));
797			ctl_enqueue_isc(io);
798			break;
799		}
800
801		/* Preformed on Originating SC, SER_ONLY mode */
802		case CTL_MSG_R2R:
803			io = msg_info.hdr.original_sc;
804			if (io == NULL) {
805				printf("%s: Major Bummer\n", __func__);
806				return;
807			} else {
808#if 0
809				printf("pOrig %x\n",(int) ctsio);
810#endif
811			}
812			io->io_hdr.msg_type = CTL_MSG_R2R;
813			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
814			ctl_enqueue_isc(io);
815			break;
816
817		/*
818		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
819		 * mode.
820		 * Performed on the Originating (i.e. secondary) SC in XFER
821		 * mode
822		 */
823		case CTL_MSG_FINISH_IO:
824			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
825				ctl_isc_handler_finish_xfer(ctl_softc,
826							    &msg_info);
827			else
828				ctl_isc_handler_finish_ser_only(ctl_softc,
829								&msg_info);
830			break;
831
832		/* Preformed on Originating SC */
833		case CTL_MSG_BAD_JUJU:
834			io = msg_info.hdr.original_sc;
835			if (io == NULL) {
836				printf("%s: Bad JUJU!, original_sc is NULL!\n",
837				       __func__);
838				break;
839			}
840			ctl_copy_sense_data(&msg_info, io);
841			/*
842			 * IO should have already been cleaned up on other
843			 * SC so clear this flag so we won't send a message
844			 * back to finish the IO there.
845			 */
846			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
847			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
848
849			/* io = msg_info.hdr.serializing_sc; */
850			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
851			ctl_enqueue_isc(io);
852			break;
853
854		/* Handle resets sent from the other side */
855		case CTL_MSG_MANAGE_TASKS: {
856			struct ctl_taskio *taskio;
857			taskio = (struct ctl_taskio *)ctl_alloc_io(
858				(void *)ctl_softc->othersc_pool);
859			if (taskio == NULL) {
860				printf("ctl_isc_event_handler: can't allocate "
861				       "ctl_io!\n");
862				/* Bad Juju */
863				/* should I just call the proper reset func
864				   here??? */
865				goto bailout;
866			}
867			ctl_zero_io((union ctl_io *)taskio);
868			taskio->io_hdr.io_type = CTL_IO_TASK;
869			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
870			taskio->io_hdr.nexus = msg_info.hdr.nexus;
871			taskio->task_action = msg_info.task.task_action;
872			taskio->tag_num = msg_info.task.tag_num;
873			taskio->tag_type = msg_info.task.tag_type;
874#ifdef CTL_TIME_IO
875			taskio->io_hdr.start_time = time_uptime;
876			getbintime(&taskio->io_hdr.start_bt);
877#if 0
878			cs_prof_gettime(&taskio->io_hdr.start_ticks);
879#endif
880#endif /* CTL_TIME_IO */
881			ctl_run_task((union ctl_io *)taskio);
882			break;
883		}
884		/* Persistent Reserve action which needs attention */
885		case CTL_MSG_PERS_ACTION:
886			presio = (struct ctl_prio *)ctl_alloc_io(
887				(void *)ctl_softc->othersc_pool);
888			if (presio == NULL) {
889				printf("ctl_isc_event_handler: can't allocate "
890				       "ctl_io!\n");
891				/* Bad Juju */
892				/* Need to set busy and send msg back */
893				goto bailout;
894			}
895			ctl_zero_io((union ctl_io *)presio);
896			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
897			presio->pr_msg = msg_info.pr;
898			ctl_enqueue_isc((union ctl_io *)presio);
899			break;
900		case CTL_MSG_SYNC_FE:
901			rcv_sync_msg = 1;
902			break;
903		default:
904		        printf("How did I get here?\n");
905		}
906	} else if (event == CTL_HA_EVT_MSG_SENT) {
907		if (param != CTL_HA_STATUS_SUCCESS) {
908			printf("Bad status from ctl_ha_msg_send status %d\n",
909			       param);
910		}
911		return;
912	} else if (event == CTL_HA_EVT_DISCONNECT) {
913		printf("CTL: Got a disconnect from Isc\n");
914		return;
915	} else {
916		printf("ctl_isc_event_handler: Unknown event %d\n", event);
917		return;
918	}
919
920bailout:
921	return;
922}
923
924static void
925ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
926{
927	struct scsi_sense_data *sense;
928
929	sense = &dest->scsiio.sense_data;
930	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
931	dest->scsiio.scsi_status = src->scsi.scsi_status;
932	dest->scsiio.sense_len = src->scsi.sense_len;
933	dest->io_hdr.status = src->hdr.status;
934}
935
936static int
937ctl_init(void)
938{
939	struct ctl_softc *softc;
940	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
941	struct ctl_port *port;
942        uint8_t sc_id =0;
943	int i, error, retval;
944	//int isc_retval;
945
946	retval = 0;
947	ctl_pause_rtr = 0;
948        rcv_sync_msg = 0;
949
950	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
951			       M_WAITOK | M_ZERO);
952	softc = control_softc;
953
954	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
955			      "cam/ctl");
956
957	softc->dev->si_drv1 = softc;
958
959	/*
960	 * By default, return a "bad LUN" peripheral qualifier for unknown
961	 * LUNs.  The user can override this default using the tunable or
962	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
963	 */
964	softc->inquiry_pq_no_lun = 1;
965	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
966			  &softc->inquiry_pq_no_lun);
967	sysctl_ctx_init(&softc->sysctl_ctx);
968	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
969		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
970		CTLFLAG_RD, 0, "CAM Target Layer");
971
972	if (softc->sysctl_tree == NULL) {
973		printf("%s: unable to allocate sysctl tree\n", __func__);
974		destroy_dev(softc->dev);
975		free(control_softc, M_DEVBUF);
976		control_softc = NULL;
977		return (ENOMEM);
978	}
979
980	SYSCTL_ADD_INT(&softc->sysctl_ctx,
981		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
982		       "inquiry_pq_no_lun", CTLFLAG_RW,
983		       &softc->inquiry_pq_no_lun, 0,
984		       "Report no lun possible for invalid LUNs");
985
986	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
987	mtx_init(&softc->pool_lock, "CTL pool mutex", NULL, MTX_DEF);
988	softc->open_count = 0;
989
990	/*
991	 * Default to actually sending a SYNCHRONIZE CACHE command down to
992	 * the drive.
993	 */
994	softc->flags = CTL_FLAG_REAL_SYNC;
995
996	/*
997	 * In Copan's HA scheme, the "master" and "slave" roles are
998	 * figured out through the slot the controller is in.  Although it
999	 * is an active/active system, someone has to be in charge.
1000 	 */
1001#ifdef NEEDTOPORT
1002        scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
1003#endif
1004
1005        if (sc_id == 0) {
1006		softc->flags |= CTL_FLAG_MASTER_SHELF;
1007		persis_offset = 0;
1008	} else
1009		persis_offset = CTL_MAX_INITIATORS;
1010
1011	/*
1012	 * XXX KDM need to figure out where we want to get our target ID
1013	 * and WWID.  Is it different on each port?
1014	 */
1015	softc->target.id = 0;
1016	softc->target.wwid[0] = 0x12345678;
1017	softc->target.wwid[1] = 0x87654321;
1018	STAILQ_INIT(&softc->lun_list);
1019	STAILQ_INIT(&softc->pending_lun_queue);
1020	STAILQ_INIT(&softc->fe_list);
1021	STAILQ_INIT(&softc->port_list);
1022	STAILQ_INIT(&softc->be_list);
1023	STAILQ_INIT(&softc->io_pools);
1024	ctl_tpc_init(softc);
1025
1026	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1027			    &internal_pool)!= 0){
1028		printf("ctl: can't allocate %d entry internal pool, "
1029		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1030		return (ENOMEM);
1031	}
1032
1033	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1034			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1035		printf("ctl: can't allocate %d entry emergency pool, "
1036		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1037		ctl_pool_free(internal_pool);
1038		return (ENOMEM);
1039	}
1040
1041	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1042	                    &other_pool) != 0)
1043	{
1044		printf("ctl: can't allocate %d entry other SC pool, "
1045		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1046		ctl_pool_free(internal_pool);
1047		ctl_pool_free(emergency_pool);
1048		return (ENOMEM);
1049	}
1050
1051	softc->internal_pool = internal_pool;
1052	softc->emergency_pool = emergency_pool;
1053	softc->othersc_pool = other_pool;
1054
1055	if (worker_threads <= 0)
1056		worker_threads = max(1, mp_ncpus / 4);
1057	if (worker_threads > CTL_MAX_THREADS)
1058		worker_threads = CTL_MAX_THREADS;
1059
1060	for (i = 0; i < worker_threads; i++) {
1061		struct ctl_thread *thr = &softc->threads[i];
1062
1063		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1064		thr->ctl_softc = softc;
1065		STAILQ_INIT(&thr->incoming_queue);
1066		STAILQ_INIT(&thr->rtr_queue);
1067		STAILQ_INIT(&thr->done_queue);
1068		STAILQ_INIT(&thr->isc_queue);
1069
1070		error = kproc_kthread_add(ctl_work_thread, thr,
1071		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1072		if (error != 0) {
1073			printf("error creating CTL work thread!\n");
1074			ctl_pool_free(internal_pool);
1075			ctl_pool_free(emergency_pool);
1076			ctl_pool_free(other_pool);
1077			return (error);
1078		}
1079	}
1080	error = kproc_kthread_add(ctl_lun_thread, softc,
1081	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1082	if (error != 0) {
1083		printf("error creating CTL lun thread!\n");
1084		ctl_pool_free(internal_pool);
1085		ctl_pool_free(emergency_pool);
1086		ctl_pool_free(other_pool);
1087		return (error);
1088	}
1089	if (bootverbose)
1090		printf("ctl: CAM Target Layer loaded\n");
1091
1092	/*
1093	 * Initialize the ioctl front end.
1094	 */
1095	ctl_frontend_register(&ioctl_frontend);
1096	port = &softc->ioctl_info.port;
1097	port->frontend = &ioctl_frontend;
1098	sprintf(softc->ioctl_info.port_name, "ioctl");
1099	port->port_type = CTL_PORT_IOCTL;
1100	port->num_requested_ctl_io = 100;
1101	port->port_name = softc->ioctl_info.port_name;
1102	port->port_online = ctl_ioctl_online;
1103	port->port_offline = ctl_ioctl_offline;
1104	port->onoff_arg = &softc->ioctl_info;
1105	port->lun_enable = ctl_ioctl_lun_enable;
1106	port->lun_disable = ctl_ioctl_lun_disable;
1107	port->targ_lun_arg = &softc->ioctl_info;
1108	port->fe_datamove = ctl_ioctl_datamove;
1109	port->fe_done = ctl_ioctl_done;
1110	port->max_targets = 15;
1111	port->max_target_id = 15;
1112
1113	if (ctl_port_register(&softc->ioctl_info.port,
1114	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1115		printf("ctl: ioctl front end registration failed, will "
1116		       "continue anyway\n");
1117	}
1118
1119#ifdef CTL_IO_DELAY
1120	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1121		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1122		       sizeof(struct callout), CTL_TIMER_BYTES);
1123		return (EINVAL);
1124	}
1125#endif /* CTL_IO_DELAY */
1126
1127	return (0);
1128}
1129
1130void
1131ctl_shutdown(void)
1132{
1133	struct ctl_softc *softc;
1134	struct ctl_lun *lun, *next_lun;
1135	struct ctl_io_pool *pool;
1136
1137	softc = (struct ctl_softc *)control_softc;
1138
1139	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1140		printf("ctl: ioctl front end deregistration failed\n");
1141
1142	mtx_lock(&softc->ctl_lock);
1143
1144	/*
1145	 * Free up each LUN.
1146	 */
1147	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1148		next_lun = STAILQ_NEXT(lun, links);
1149		ctl_free_lun(lun);
1150	}
1151
1152	mtx_unlock(&softc->ctl_lock);
1153
1154	ctl_frontend_deregister(&ioctl_frontend);
1155
1156	/*
1157	 * This will rip the rug out from under any FETDs or anyone else
1158	 * that has a pool allocated.  Since we increment our module
1159	 * refcount any time someone outside the main CTL module allocates
1160	 * a pool, we shouldn't have any problems here.  The user won't be
1161	 * able to unload the CTL module until client modules have
1162	 * successfully unloaded.
1163	 */
1164	while ((pool = STAILQ_FIRST(&softc->io_pools)) != NULL)
1165		ctl_pool_free(pool);
1166
1167#if 0
1168	ctl_shutdown_thread(softc->work_thread);
1169	mtx_destroy(&softc->queue_lock);
1170#endif
1171
1172	ctl_tpc_shutdown(softc);
1173	mtx_destroy(&softc->pool_lock);
1174	mtx_destroy(&softc->ctl_lock);
1175
1176	destroy_dev(softc->dev);
1177
1178	sysctl_ctx_free(&softc->sysctl_ctx);
1179
1180	free(control_softc, M_DEVBUF);
1181	control_softc = NULL;
1182
1183	if (bootverbose)
1184		printf("ctl: CAM Target Layer unloaded\n");
1185}
1186
1187static int
1188ctl_module_event_handler(module_t mod, int what, void *arg)
1189{
1190
1191	switch (what) {
1192	case MOD_LOAD:
1193		return (ctl_init());
1194	case MOD_UNLOAD:
1195		return (EBUSY);
1196	default:
1197		return (EOPNOTSUPP);
1198	}
1199}
1200
1201/*
1202 * XXX KDM should we do some access checks here?  Bump a reference count to
1203 * prevent a CTL module from being unloaded while someone has it open?
1204 */
1205static int
1206ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1207{
1208	return (0);
1209}
1210
1211static int
1212ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1213{
1214	return (0);
1215}
1216
1217int
1218ctl_port_enable(ctl_port_type port_type)
1219{
1220	struct ctl_softc *softc;
1221	struct ctl_port *port;
1222
1223	if (ctl_is_single == 0) {
1224		union ctl_ha_msg msg_info;
1225		int isc_retval;
1226
1227#if 0
1228		printf("%s: HA mode, synchronizing frontend enable\n",
1229		        __func__);
1230#endif
1231		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1232	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1233		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1234			printf("Sync msg send error retval %d\n", isc_retval);
1235		}
1236		if (!rcv_sync_msg) {
1237			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1238			        sizeof(msg_info), 1);
1239		}
1240#if 0
1241        	printf("CTL:Frontend Enable\n");
1242	} else {
1243		printf("%s: single mode, skipping frontend synchronization\n",
1244		        __func__);
1245#endif
1246	}
1247
1248	softc = control_softc;
1249
1250	STAILQ_FOREACH(port, &softc->port_list, links) {
1251		if (port_type & port->port_type)
1252		{
1253#if 0
1254			printf("port %d\n", port->targ_port);
1255#endif
1256			ctl_port_online(port);
1257		}
1258	}
1259
1260	return (0);
1261}
1262
1263int
1264ctl_port_disable(ctl_port_type port_type)
1265{
1266	struct ctl_softc *softc;
1267	struct ctl_port *port;
1268
1269	softc = control_softc;
1270
1271	STAILQ_FOREACH(port, &softc->port_list, links) {
1272		if (port_type & port->port_type)
1273			ctl_port_offline(port);
1274	}
1275
1276	return (0);
1277}
1278
1279/*
1280 * Returns 0 for success, 1 for failure.
1281 * Currently the only failure mode is if there aren't enough entries
1282 * allocated.  So, in case of a failure, look at num_entries_dropped,
1283 * reallocate and try again.
1284 */
1285int
1286ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1287	      int *num_entries_filled, int *num_entries_dropped,
1288	      ctl_port_type port_type, int no_virtual)
1289{
1290	struct ctl_softc *softc;
1291	struct ctl_port *port;
1292	int entries_dropped, entries_filled;
1293	int retval;
1294	int i;
1295
1296	softc = control_softc;
1297
1298	retval = 0;
1299	entries_filled = 0;
1300	entries_dropped = 0;
1301
1302	i = 0;
1303	mtx_lock(&softc->ctl_lock);
1304	STAILQ_FOREACH(port, &softc->port_list, links) {
1305		struct ctl_port_entry *entry;
1306
1307		if ((port->port_type & port_type) == 0)
1308			continue;
1309
1310		if ((no_virtual != 0)
1311		 && (port->virtual_port != 0))
1312			continue;
1313
1314		if (entries_filled >= num_entries_alloced) {
1315			entries_dropped++;
1316			continue;
1317		}
1318		entry = &entries[i];
1319
1320		entry->port_type = port->port_type;
1321		strlcpy(entry->port_name, port->port_name,
1322			sizeof(entry->port_name));
1323		entry->physical_port = port->physical_port;
1324		entry->virtual_port = port->virtual_port;
1325		entry->wwnn = port->wwnn;
1326		entry->wwpn = port->wwpn;
1327
1328		i++;
1329		entries_filled++;
1330	}
1331
1332	mtx_unlock(&softc->ctl_lock);
1333
1334	if (entries_dropped > 0)
1335		retval = 1;
1336
1337	*num_entries_dropped = entries_dropped;
1338	*num_entries_filled = entries_filled;
1339
1340	return (retval);
1341}
1342
1343static void
1344ctl_ioctl_online(void *arg)
1345{
1346	struct ctl_ioctl_info *ioctl_info;
1347
1348	ioctl_info = (struct ctl_ioctl_info *)arg;
1349
1350	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1351}
1352
1353static void
1354ctl_ioctl_offline(void *arg)
1355{
1356	struct ctl_ioctl_info *ioctl_info;
1357
1358	ioctl_info = (struct ctl_ioctl_info *)arg;
1359
1360	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1361}
1362
1363/*
1364 * Remove an initiator by port number and initiator ID.
1365 * Returns 0 for success, -1 for failure.
1366 */
1367int
1368ctl_remove_initiator(struct ctl_port *port, int iid)
1369{
1370	struct ctl_softc *softc = control_softc;
1371
1372	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1373
1374	if (iid > CTL_MAX_INIT_PER_PORT) {
1375		printf("%s: initiator ID %u > maximun %u!\n",
1376		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1377		return (-1);
1378	}
1379
1380	mtx_lock(&softc->ctl_lock);
1381	port->wwpn_iid[iid].in_use--;
1382	port->wwpn_iid[iid].last_use = time_uptime;
1383	mtx_unlock(&softc->ctl_lock);
1384
1385	return (0);
1386}
1387
1388/*
1389 * Add an initiator to the initiator map.
1390 * Returns iid for success, < 0 for failure.
1391 */
1392int
1393ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1394{
1395	struct ctl_softc *softc = control_softc;
1396	time_t best_time;
1397	int i, best;
1398
1399	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1400
1401	if (iid >= CTL_MAX_INIT_PER_PORT) {
1402		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1403		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1404		free(name, M_CTL);
1405		return (-1);
1406	}
1407
1408	mtx_lock(&softc->ctl_lock);
1409
1410	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1411		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1412			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1413				iid = i;
1414				break;
1415			}
1416			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1417			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1418				iid = i;
1419				break;
1420			}
1421		}
1422	}
1423
1424	if (iid < 0) {
1425		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1426			if (port->wwpn_iid[i].in_use == 0 &&
1427			    port->wwpn_iid[i].wwpn == 0 &&
1428			    port->wwpn_iid[i].name == NULL) {
1429				iid = i;
1430				break;
1431			}
1432		}
1433	}
1434
1435	if (iid < 0) {
1436		best = -1;
1437		best_time = INT32_MAX;
1438		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1439			if (port->wwpn_iid[i].in_use == 0) {
1440				if (port->wwpn_iid[i].last_use < best_time) {
1441					best = i;
1442					best_time = port->wwpn_iid[i].last_use;
1443				}
1444			}
1445		}
1446		iid = best;
1447	}
1448
1449	if (iid < 0) {
1450		mtx_unlock(&softc->ctl_lock);
1451		free(name, M_CTL);
1452		return (-2);
1453	}
1454
1455	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1456		/*
1457		 * This is not an error yet.
1458		 */
1459		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1460#if 0
1461			printf("%s: port %d iid %u WWPN %#jx arrived"
1462			    " again\n", __func__, port->targ_port,
1463			    iid, (uintmax_t)wwpn);
1464#endif
1465			goto take;
1466		}
1467		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1468		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1469#if 0
1470			printf("%s: port %d iid %u name '%s' arrived"
1471			    " again\n", __func__, port->targ_port,
1472			    iid, name);
1473#endif
1474			goto take;
1475		}
1476
1477		/*
1478		 * This is an error, but what do we do about it?  The
1479		 * driver is telling us we have a new WWPN for this
1480		 * initiator ID, so we pretty much need to use it.
1481		 */
1482		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1483		    " but WWPN %#jx '%s' is still at that address\n",
1484		    __func__, port->targ_port, iid, wwpn, name,
1485		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1486		    port->wwpn_iid[iid].name);
1487
1488		/*
1489		 * XXX KDM clear have_ca and ua_pending on each LUN for
1490		 * this initiator.
1491		 */
1492	}
1493take:
1494	free(port->wwpn_iid[iid].name, M_CTL);
1495	port->wwpn_iid[iid].name = name;
1496	port->wwpn_iid[iid].wwpn = wwpn;
1497	port->wwpn_iid[iid].in_use++;
1498	mtx_unlock(&softc->ctl_lock);
1499
1500	return (iid);
1501}
1502
1503static int
1504ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1505{
1506	int len;
1507
1508	switch (port->port_type) {
1509	case CTL_PORT_FC:
1510	{
1511		struct scsi_transportid_fcp *id =
1512		    (struct scsi_transportid_fcp *)buf;
1513		if (port->wwpn_iid[iid].wwpn == 0)
1514			return (0);
1515		memset(id, 0, sizeof(*id));
1516		id->format_protocol = SCSI_PROTO_FC;
1517		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1518		return (sizeof(*id));
1519	}
1520	case CTL_PORT_ISCSI:
1521	{
1522		struct scsi_transportid_iscsi_port *id =
1523		    (struct scsi_transportid_iscsi_port *)buf;
1524		if (port->wwpn_iid[iid].name == NULL)
1525			return (0);
1526		memset(id, 0, 256);
1527		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1528		    SCSI_PROTO_ISCSI;
1529		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1530		len = roundup2(min(len, 252), 4);
1531		scsi_ulto2b(len, id->additional_length);
1532		return (sizeof(*id) + len);
1533	}
1534	case CTL_PORT_SAS:
1535	{
1536		struct scsi_transportid_sas *id =
1537		    (struct scsi_transportid_sas *)buf;
1538		if (port->wwpn_iid[iid].wwpn == 0)
1539			return (0);
1540		memset(id, 0, sizeof(*id));
1541		id->format_protocol = SCSI_PROTO_SAS;
1542		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1543		return (sizeof(*id));
1544	}
1545	default:
1546	{
1547		struct scsi_transportid_spi *id =
1548		    (struct scsi_transportid_spi *)buf;
1549		memset(id, 0, sizeof(*id));
1550		id->format_protocol = SCSI_PROTO_SPI;
1551		scsi_ulto2b(iid, id->scsi_addr);
1552		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1553		return (sizeof(*id));
1554	}
1555	}
1556}
1557
1558static int
1559ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1560{
1561	return (0);
1562}
1563
1564static int
1565ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1566{
1567	return (0);
1568}
1569
1570/*
1571 * Data movement routine for the CTL ioctl frontend port.
1572 */
1573static int
1574ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1575{
1576	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1577	struct ctl_sg_entry ext_entry, kern_entry;
1578	int ext_sglen, ext_sg_entries, kern_sg_entries;
1579	int ext_sg_start, ext_offset;
1580	int len_to_copy, len_copied;
1581	int kern_watermark, ext_watermark;
1582	int ext_sglist_malloced;
1583	int i, j;
1584
1585	ext_sglist_malloced = 0;
1586	ext_sg_start = 0;
1587	ext_offset = 0;
1588
1589	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1590
1591	/*
1592	 * If this flag is set, fake the data transfer.
1593	 */
1594	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1595		ctsio->ext_data_filled = ctsio->ext_data_len;
1596		goto bailout;
1597	}
1598
1599	/*
1600	 * To simplify things here, if we have a single buffer, stick it in
1601	 * a S/G entry and just make it a single entry S/G list.
1602	 */
1603	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1604		int len_seen;
1605
1606		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1607
1608		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1609							   M_WAITOK);
1610		ext_sglist_malloced = 1;
1611		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1612				   ext_sglen) != 0) {
1613			ctl_set_internal_failure(ctsio,
1614						 /*sks_valid*/ 0,
1615						 /*retry_count*/ 0);
1616			goto bailout;
1617		}
1618		ext_sg_entries = ctsio->ext_sg_entries;
1619		len_seen = 0;
1620		for (i = 0; i < ext_sg_entries; i++) {
1621			if ((len_seen + ext_sglist[i].len) >=
1622			     ctsio->ext_data_filled) {
1623				ext_sg_start = i;
1624				ext_offset = ctsio->ext_data_filled - len_seen;
1625				break;
1626			}
1627			len_seen += ext_sglist[i].len;
1628		}
1629	} else {
1630		ext_sglist = &ext_entry;
1631		ext_sglist->addr = ctsio->ext_data_ptr;
1632		ext_sglist->len = ctsio->ext_data_len;
1633		ext_sg_entries = 1;
1634		ext_sg_start = 0;
1635		ext_offset = ctsio->ext_data_filled;
1636	}
1637
1638	if (ctsio->kern_sg_entries > 0) {
1639		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1640		kern_sg_entries = ctsio->kern_sg_entries;
1641	} else {
1642		kern_sglist = &kern_entry;
1643		kern_sglist->addr = ctsio->kern_data_ptr;
1644		kern_sglist->len = ctsio->kern_data_len;
1645		kern_sg_entries = 1;
1646	}
1647
1648
1649	kern_watermark = 0;
1650	ext_watermark = ext_offset;
1651	len_copied = 0;
1652	for (i = ext_sg_start, j = 0;
1653	     i < ext_sg_entries && j < kern_sg_entries;) {
1654		uint8_t *ext_ptr, *kern_ptr;
1655
1656		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1657				      kern_sglist[j].len - kern_watermark);
1658
1659		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1660		ext_ptr = ext_ptr + ext_watermark;
1661		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1662			/*
1663			 * XXX KDM fix this!
1664			 */
1665			panic("need to implement bus address support");
1666#if 0
1667			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1668#endif
1669		} else
1670			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1671		kern_ptr = kern_ptr + kern_watermark;
1672
1673		kern_watermark += len_to_copy;
1674		ext_watermark += len_to_copy;
1675
1676		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1677		     CTL_FLAG_DATA_IN) {
1678			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1679					 "bytes to user\n", len_to_copy));
1680			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1681					 "to %p\n", kern_ptr, ext_ptr));
1682			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1683				ctl_set_internal_failure(ctsio,
1684							 /*sks_valid*/ 0,
1685							 /*retry_count*/ 0);
1686				goto bailout;
1687			}
1688		} else {
1689			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1690					 "bytes from user\n", len_to_copy));
1691			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1692					 "to %p\n", ext_ptr, kern_ptr));
1693			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1694				ctl_set_internal_failure(ctsio,
1695							 /*sks_valid*/ 0,
1696							 /*retry_count*/0);
1697				goto bailout;
1698			}
1699		}
1700
1701		len_copied += len_to_copy;
1702
1703		if (ext_sglist[i].len == ext_watermark) {
1704			i++;
1705			ext_watermark = 0;
1706		}
1707
1708		if (kern_sglist[j].len == kern_watermark) {
1709			j++;
1710			kern_watermark = 0;
1711		}
1712	}
1713
1714	ctsio->ext_data_filled += len_copied;
1715
1716	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1717			 "kern_sg_entries: %d\n", ext_sg_entries,
1718			 kern_sg_entries));
1719	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1720			 "kern_data_len = %d\n", ctsio->ext_data_len,
1721			 ctsio->kern_data_len));
1722
1723
1724	/* XXX KDM set residual?? */
1725bailout:
1726
1727	if (ext_sglist_malloced != 0)
1728		free(ext_sglist, M_CTL);
1729
1730	return (CTL_RETVAL_COMPLETE);
1731}
1732
1733/*
1734 * Serialize a command that went down the "wrong" side, and so was sent to
1735 * this controller for execution.  The logic is a little different than the
1736 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1737 * sent back to the other side, but in the success case, we execute the
1738 * command on this side (XFER mode) or tell the other side to execute it
1739 * (SER_ONLY mode).
1740 */
1741static int
1742ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1743{
1744	struct ctl_softc *ctl_softc;
1745	union ctl_ha_msg msg_info;
1746	struct ctl_lun *lun;
1747	int retval = 0;
1748	uint32_t targ_lun;
1749
1750	ctl_softc = control_softc;
1751
1752	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1753	lun = ctl_softc->ctl_luns[targ_lun];
1754	if (lun==NULL)
1755	{
1756		/*
1757		 * Why isn't LUN defined? The other side wouldn't
1758		 * send a cmd if the LUN is undefined.
1759		 */
1760		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1761
1762		/* "Logical unit not supported" */
1763		ctl_set_sense_data(&msg_info.scsi.sense_data,
1764				   lun,
1765				   /*sense_format*/SSD_TYPE_NONE,
1766				   /*current_error*/ 1,
1767				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1768				   /*asc*/ 0x25,
1769				   /*ascq*/ 0x00,
1770				   SSD_ELEM_NONE);
1771
1772		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1773		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1774		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1775		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1776		msg_info.hdr.serializing_sc = NULL;
1777		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1778	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1779				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1780		}
1781		return(1);
1782
1783	}
1784
1785	mtx_lock(&lun->lun_lock);
1786    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1787
1788	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1789		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1790		 ooa_links))) {
1791	case CTL_ACTION_BLOCK:
1792		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1793		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1794				  blocked_links);
1795		break;
1796	case CTL_ACTION_PASS:
1797	case CTL_ACTION_SKIP:
1798		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1799			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1800			ctl_enqueue_rtr((union ctl_io *)ctsio);
1801		} else {
1802
1803			/* send msg back to other side */
1804			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1805			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1806			msg_info.hdr.msg_type = CTL_MSG_R2R;
1807#if 0
1808			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1809#endif
1810		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1811			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1812			}
1813		}
1814		break;
1815	case CTL_ACTION_OVERLAP:
1816		/* OVERLAPPED COMMANDS ATTEMPTED */
1817		ctl_set_sense_data(&msg_info.scsi.sense_data,
1818				   lun,
1819				   /*sense_format*/SSD_TYPE_NONE,
1820				   /*current_error*/ 1,
1821				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1822				   /*asc*/ 0x4E,
1823				   /*ascq*/ 0x00,
1824				   SSD_ELEM_NONE);
1825
1826		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1827		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1828		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1829		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1830		msg_info.hdr.serializing_sc = NULL;
1831		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1832#if 0
1833		printf("BAD JUJU:Major Bummer Overlap\n");
1834#endif
1835		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1836		retval = 1;
1837		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1838		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1839		}
1840		break;
1841	case CTL_ACTION_OVERLAP_TAG:
1842		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1843		ctl_set_sense_data(&msg_info.scsi.sense_data,
1844				   lun,
1845				   /*sense_format*/SSD_TYPE_NONE,
1846				   /*current_error*/ 1,
1847				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1848				   /*asc*/ 0x4D,
1849				   /*ascq*/ ctsio->tag_num & 0xff,
1850				   SSD_ELEM_NONE);
1851
1852		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1853		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1854		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1855		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1856		msg_info.hdr.serializing_sc = NULL;
1857		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1858#if 0
1859		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1860#endif
1861		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1862		retval = 1;
1863		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1864		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1865		}
1866		break;
1867	case CTL_ACTION_ERROR:
1868	default:
1869		/* "Internal target failure" */
1870		ctl_set_sense_data(&msg_info.scsi.sense_data,
1871				   lun,
1872				   /*sense_format*/SSD_TYPE_NONE,
1873				   /*current_error*/ 1,
1874				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1875				   /*asc*/ 0x44,
1876				   /*ascq*/ 0x00,
1877				   SSD_ELEM_NONE);
1878
1879		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1880		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1881		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1882		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1883		msg_info.hdr.serializing_sc = NULL;
1884		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1885#if 0
1886		printf("BAD JUJU:Major Bummer HW Error\n");
1887#endif
1888		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1889		retval = 1;
1890		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1891		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1892		}
1893		break;
1894	}
1895	mtx_unlock(&lun->lun_lock);
1896	return (retval);
1897}
1898
1899static int
1900ctl_ioctl_submit_wait(union ctl_io *io)
1901{
1902	struct ctl_fe_ioctl_params params;
1903	ctl_fe_ioctl_state last_state;
1904	int done, retval;
1905
1906	retval = 0;
1907
1908	bzero(&params, sizeof(params));
1909
1910	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1911	cv_init(&params.sem, "ctlioccv");
1912	params.state = CTL_IOCTL_INPROG;
1913	last_state = params.state;
1914
1915	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1916
1917	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1918
1919	/* This shouldn't happen */
1920	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1921		return (retval);
1922
1923	done = 0;
1924
1925	do {
1926		mtx_lock(&params.ioctl_mtx);
1927		/*
1928		 * Check the state here, and don't sleep if the state has
1929		 * already changed (i.e. wakeup has already occured, but we
1930		 * weren't waiting yet).
1931		 */
1932		if (params.state == last_state) {
1933			/* XXX KDM cv_wait_sig instead? */
1934			cv_wait(&params.sem, &params.ioctl_mtx);
1935		}
1936		last_state = params.state;
1937
1938		switch (params.state) {
1939		case CTL_IOCTL_INPROG:
1940			/* Why did we wake up? */
1941			/* XXX KDM error here? */
1942			mtx_unlock(&params.ioctl_mtx);
1943			break;
1944		case CTL_IOCTL_DATAMOVE:
1945			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
1946
1947			/*
1948			 * change last_state back to INPROG to avoid
1949			 * deadlock on subsequent data moves.
1950			 */
1951			params.state = last_state = CTL_IOCTL_INPROG;
1952
1953			mtx_unlock(&params.ioctl_mtx);
1954			ctl_ioctl_do_datamove(&io->scsiio);
1955			/*
1956			 * Note that in some cases, most notably writes,
1957			 * this will queue the I/O and call us back later.
1958			 * In other cases, generally reads, this routine
1959			 * will immediately call back and wake us up,
1960			 * probably using our own context.
1961			 */
1962			io->scsiio.be_move_done(io);
1963			break;
1964		case CTL_IOCTL_DONE:
1965			mtx_unlock(&params.ioctl_mtx);
1966			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
1967			done = 1;
1968			break;
1969		default:
1970			mtx_unlock(&params.ioctl_mtx);
1971			/* XXX KDM error here? */
1972			break;
1973		}
1974	} while (done == 0);
1975
1976	mtx_destroy(&params.ioctl_mtx);
1977	cv_destroy(&params.sem);
1978
1979	return (CTL_RETVAL_COMPLETE);
1980}
1981
1982static void
1983ctl_ioctl_datamove(union ctl_io *io)
1984{
1985	struct ctl_fe_ioctl_params *params;
1986
1987	params = (struct ctl_fe_ioctl_params *)
1988		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1989
1990	mtx_lock(&params->ioctl_mtx);
1991	params->state = CTL_IOCTL_DATAMOVE;
1992	cv_broadcast(&params->sem);
1993	mtx_unlock(&params->ioctl_mtx);
1994}
1995
1996static void
1997ctl_ioctl_done(union ctl_io *io)
1998{
1999	struct ctl_fe_ioctl_params *params;
2000
2001	params = (struct ctl_fe_ioctl_params *)
2002		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2003
2004	mtx_lock(&params->ioctl_mtx);
2005	params->state = CTL_IOCTL_DONE;
2006	cv_broadcast(&params->sem);
2007	mtx_unlock(&params->ioctl_mtx);
2008}
2009
2010static void
2011ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
2012{
2013	struct ctl_fe_ioctl_startstop_info *sd_info;
2014
2015	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
2016
2017	sd_info->hs_info.status = metatask->status;
2018	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
2019	sd_info->hs_info.luns_complete =
2020		metatask->taskinfo.startstop.luns_complete;
2021	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
2022
2023	cv_broadcast(&sd_info->sem);
2024}
2025
2026static void
2027ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
2028{
2029	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
2030
2031	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
2032
2033	mtx_lock(fe_bbr_info->lock);
2034	fe_bbr_info->bbr_info->status = metatask->status;
2035	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2036	fe_bbr_info->wakeup_done = 1;
2037	mtx_unlock(fe_bbr_info->lock);
2038
2039	cv_broadcast(&fe_bbr_info->sem);
2040}
2041
2042/*
2043 * Returns 0 for success, errno for failure.
2044 */
2045static int
2046ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2047		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2048{
2049	union ctl_io *io;
2050	int retval;
2051
2052	retval = 0;
2053
2054	mtx_lock(&lun->lun_lock);
2055	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2056	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2057	     ooa_links)) {
2058		struct ctl_ooa_entry *entry;
2059
2060		/*
2061		 * If we've got more than we can fit, just count the
2062		 * remaining entries.
2063		 */
2064		if (*cur_fill_num >= ooa_hdr->alloc_num)
2065			continue;
2066
2067		entry = &kern_entries[*cur_fill_num];
2068
2069		entry->tag_num = io->scsiio.tag_num;
2070		entry->lun_num = lun->lun;
2071#ifdef CTL_TIME_IO
2072		entry->start_bt = io->io_hdr.start_bt;
2073#endif
2074		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2075		entry->cdb_len = io->scsiio.cdb_len;
2076		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2077			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2078
2079		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2080			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2081
2082		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2083			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2084
2085		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2086			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2087
2088		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2089			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2090	}
2091	mtx_unlock(&lun->lun_lock);
2092
2093	return (retval);
2094}
2095
2096static void *
2097ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2098		 size_t error_str_len)
2099{
2100	void *kptr;
2101
2102	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2103
2104	if (copyin(user_addr, kptr, len) != 0) {
2105		snprintf(error_str, error_str_len, "Error copying %d bytes "
2106			 "from user address %p to kernel address %p", len,
2107			 user_addr, kptr);
2108		free(kptr, M_CTL);
2109		return (NULL);
2110	}
2111
2112	return (kptr);
2113}
2114
2115static void
2116ctl_free_args(int num_args, struct ctl_be_arg *args)
2117{
2118	int i;
2119
2120	if (args == NULL)
2121		return;
2122
2123	for (i = 0; i < num_args; i++) {
2124		free(args[i].kname, M_CTL);
2125		free(args[i].kvalue, M_CTL);
2126	}
2127
2128	free(args, M_CTL);
2129}
2130
2131static struct ctl_be_arg *
2132ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2133		char *error_str, size_t error_str_len)
2134{
2135	struct ctl_be_arg *args;
2136	int i;
2137
2138	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2139				error_str, error_str_len);
2140
2141	if (args == NULL)
2142		goto bailout;
2143
2144	for (i = 0; i < num_args; i++) {
2145		args[i].kname = NULL;
2146		args[i].kvalue = NULL;
2147	}
2148
2149	for (i = 0; i < num_args; i++) {
2150		uint8_t *tmpptr;
2151
2152		args[i].kname = ctl_copyin_alloc(args[i].name,
2153			args[i].namelen, error_str, error_str_len);
2154		if (args[i].kname == NULL)
2155			goto bailout;
2156
2157		if (args[i].kname[args[i].namelen - 1] != '\0') {
2158			snprintf(error_str, error_str_len, "Argument %d "
2159				 "name is not NUL-terminated", i);
2160			goto bailout;
2161		}
2162
2163		if (args[i].flags & CTL_BEARG_RD) {
2164			tmpptr = ctl_copyin_alloc(args[i].value,
2165				args[i].vallen, error_str, error_str_len);
2166			if (tmpptr == NULL)
2167				goto bailout;
2168			if ((args[i].flags & CTL_BEARG_ASCII)
2169			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2170				snprintf(error_str, error_str_len, "Argument "
2171				    "%d value is not NUL-terminated", i);
2172				goto bailout;
2173			}
2174			args[i].kvalue = tmpptr;
2175		} else {
2176			args[i].kvalue = malloc(args[i].vallen,
2177			    M_CTL, M_WAITOK | M_ZERO);
2178		}
2179	}
2180
2181	return (args);
2182bailout:
2183
2184	ctl_free_args(num_args, args);
2185
2186	return (NULL);
2187}
2188
2189static void
2190ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2191{
2192	int i;
2193
2194	for (i = 0; i < num_args; i++) {
2195		if (args[i].flags & CTL_BEARG_WR)
2196			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2197	}
2198}
2199
2200/*
2201 * Escape characters that are illegal or not recommended in XML.
2202 */
2203int
2204ctl_sbuf_printf_esc(struct sbuf *sb, char *str)
2205{
2206	int retval;
2207
2208	retval = 0;
2209
2210	for (; *str; str++) {
2211		switch (*str) {
2212		case '&':
2213			retval = sbuf_printf(sb, "&amp;");
2214			break;
2215		case '>':
2216			retval = sbuf_printf(sb, "&gt;");
2217			break;
2218		case '<':
2219			retval = sbuf_printf(sb, "&lt;");
2220			break;
2221		default:
2222			retval = sbuf_putc(sb, *str);
2223			break;
2224		}
2225
2226		if (retval != 0)
2227			break;
2228
2229	}
2230
2231	return (retval);
2232}
2233
2234static void
2235ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2236{
2237	struct scsi_vpd_id_descriptor *desc;
2238	int i;
2239
2240	if (id == NULL || id->len < 4)
2241		return;
2242	desc = (struct scsi_vpd_id_descriptor *)id->data;
2243	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2244	case SVPD_ID_TYPE_T10:
2245		sbuf_printf(sb, "t10.");
2246		break;
2247	case SVPD_ID_TYPE_EUI64:
2248		sbuf_printf(sb, "eui.");
2249		break;
2250	case SVPD_ID_TYPE_NAA:
2251		sbuf_printf(sb, "naa.");
2252		break;
2253	case SVPD_ID_TYPE_SCSI_NAME:
2254		break;
2255	}
2256	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2257	case SVPD_ID_CODESET_BINARY:
2258		for (i = 0; i < desc->length; i++)
2259			sbuf_printf(sb, "%02x", desc->identifier[i]);
2260		break;
2261	case SVPD_ID_CODESET_ASCII:
2262		sbuf_printf(sb, "%.*s", (int)desc->length,
2263		    (char *)desc->identifier);
2264		break;
2265	case SVPD_ID_CODESET_UTF8:
2266		sbuf_printf(sb, "%s", (char *)desc->identifier);
2267		break;
2268	}
2269}
2270
2271static int
2272ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2273	  struct thread *td)
2274{
2275	struct ctl_softc *softc;
2276	int retval;
2277
2278	softc = control_softc;
2279
2280	retval = 0;
2281
2282	switch (cmd) {
2283	case CTL_IO: {
2284		union ctl_io *io;
2285		void *pool_tmp;
2286
2287		/*
2288		 * If we haven't been "enabled", don't allow any SCSI I/O
2289		 * to this FETD.
2290		 */
2291		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2292			retval = EPERM;
2293			break;
2294		}
2295
2296		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2297		if (io == NULL) {
2298			printf("ctl_ioctl: can't allocate ctl_io!\n");
2299			retval = ENOSPC;
2300			break;
2301		}
2302
2303		/*
2304		 * Need to save the pool reference so it doesn't get
2305		 * spammed by the user's ctl_io.
2306		 */
2307		pool_tmp = io->io_hdr.pool;
2308
2309		memcpy(io, (void *)addr, sizeof(*io));
2310
2311		io->io_hdr.pool = pool_tmp;
2312		/*
2313		 * No status yet, so make sure the status is set properly.
2314		 */
2315		io->io_hdr.status = CTL_STATUS_NONE;
2316
2317		/*
2318		 * The user sets the initiator ID, target and LUN IDs.
2319		 */
2320		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2321		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2322		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2323		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2324			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2325
2326		retval = ctl_ioctl_submit_wait(io);
2327
2328		if (retval != 0) {
2329			ctl_free_io(io);
2330			break;
2331		}
2332
2333		memcpy((void *)addr, io, sizeof(*io));
2334
2335		/* return this to our pool */
2336		ctl_free_io(io);
2337
2338		break;
2339	}
2340	case CTL_ENABLE_PORT:
2341	case CTL_DISABLE_PORT:
2342	case CTL_SET_PORT_WWNS: {
2343		struct ctl_port *port;
2344		struct ctl_port_entry *entry;
2345
2346		entry = (struct ctl_port_entry *)addr;
2347
2348		mtx_lock(&softc->ctl_lock);
2349		STAILQ_FOREACH(port, &softc->port_list, links) {
2350			int action, done;
2351
2352			action = 0;
2353			done = 0;
2354
2355			if ((entry->port_type == CTL_PORT_NONE)
2356			 && (entry->targ_port == port->targ_port)) {
2357				/*
2358				 * If the user only wants to enable or
2359				 * disable or set WWNs on a specific port,
2360				 * do the operation and we're done.
2361				 */
2362				action = 1;
2363				done = 1;
2364			} else if (entry->port_type & port->port_type) {
2365				/*
2366				 * Compare the user's type mask with the
2367				 * particular frontend type to see if we
2368				 * have a match.
2369				 */
2370				action = 1;
2371				done = 0;
2372
2373				/*
2374				 * Make sure the user isn't trying to set
2375				 * WWNs on multiple ports at the same time.
2376				 */
2377				if (cmd == CTL_SET_PORT_WWNS) {
2378					printf("%s: Can't set WWNs on "
2379					       "multiple ports\n", __func__);
2380					retval = EINVAL;
2381					break;
2382				}
2383			}
2384			if (action != 0) {
2385				/*
2386				 * XXX KDM we have to drop the lock here,
2387				 * because the online/offline operations
2388				 * can potentially block.  We need to
2389				 * reference count the frontends so they
2390				 * can't go away,
2391				 */
2392				mtx_unlock(&softc->ctl_lock);
2393
2394				if (cmd == CTL_ENABLE_PORT) {
2395					struct ctl_lun *lun;
2396
2397					STAILQ_FOREACH(lun, &softc->lun_list,
2398						       links) {
2399						port->lun_enable(port->targ_lun_arg,
2400						    lun->target,
2401						    lun->lun);
2402					}
2403
2404					ctl_port_online(port);
2405				} else if (cmd == CTL_DISABLE_PORT) {
2406					struct ctl_lun *lun;
2407
2408					ctl_port_offline(port);
2409
2410					STAILQ_FOREACH(lun, &softc->lun_list,
2411						       links) {
2412						port->lun_disable(
2413						    port->targ_lun_arg,
2414						    lun->target,
2415						    lun->lun);
2416					}
2417				}
2418
2419				mtx_lock(&softc->ctl_lock);
2420
2421				if (cmd == CTL_SET_PORT_WWNS)
2422					ctl_port_set_wwns(port,
2423					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2424					    1 : 0, entry->wwnn,
2425					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2426					    1 : 0, entry->wwpn);
2427			}
2428			if (done != 0)
2429				break;
2430		}
2431		mtx_unlock(&softc->ctl_lock);
2432		break;
2433	}
2434	case CTL_GET_PORT_LIST: {
2435		struct ctl_port *port;
2436		struct ctl_port_list *list;
2437		int i;
2438
2439		list = (struct ctl_port_list *)addr;
2440
2441		if (list->alloc_len != (list->alloc_num *
2442		    sizeof(struct ctl_port_entry))) {
2443			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2444			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2445			       "%zu\n", __func__, list->alloc_len,
2446			       list->alloc_num, sizeof(struct ctl_port_entry));
2447			retval = EINVAL;
2448			break;
2449		}
2450		list->fill_len = 0;
2451		list->fill_num = 0;
2452		list->dropped_num = 0;
2453		i = 0;
2454		mtx_lock(&softc->ctl_lock);
2455		STAILQ_FOREACH(port, &softc->port_list, links) {
2456			struct ctl_port_entry entry, *list_entry;
2457
2458			if (list->fill_num >= list->alloc_num) {
2459				list->dropped_num++;
2460				continue;
2461			}
2462
2463			entry.port_type = port->port_type;
2464			strlcpy(entry.port_name, port->port_name,
2465				sizeof(entry.port_name));
2466			entry.targ_port = port->targ_port;
2467			entry.physical_port = port->physical_port;
2468			entry.virtual_port = port->virtual_port;
2469			entry.wwnn = port->wwnn;
2470			entry.wwpn = port->wwpn;
2471			if (port->status & CTL_PORT_STATUS_ONLINE)
2472				entry.online = 1;
2473			else
2474				entry.online = 0;
2475
2476			list_entry = &list->entries[i];
2477
2478			retval = copyout(&entry, list_entry, sizeof(entry));
2479			if (retval != 0) {
2480				printf("%s: CTL_GET_PORT_LIST: copyout "
2481				       "returned %d\n", __func__, retval);
2482				break;
2483			}
2484			i++;
2485			list->fill_num++;
2486			list->fill_len += sizeof(entry);
2487		}
2488		mtx_unlock(&softc->ctl_lock);
2489
2490		/*
2491		 * If this is non-zero, we had a copyout fault, so there's
2492		 * probably no point in attempting to set the status inside
2493		 * the structure.
2494		 */
2495		if (retval != 0)
2496			break;
2497
2498		if (list->dropped_num > 0)
2499			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2500		else
2501			list->status = CTL_PORT_LIST_OK;
2502		break;
2503	}
2504	case CTL_DUMP_OOA: {
2505		struct ctl_lun *lun;
2506		union ctl_io *io;
2507		char printbuf[128];
2508		struct sbuf sb;
2509
2510		mtx_lock(&softc->ctl_lock);
2511		printf("Dumping OOA queues:\n");
2512		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2513			mtx_lock(&lun->lun_lock);
2514			for (io = (union ctl_io *)TAILQ_FIRST(
2515			     &lun->ooa_queue); io != NULL;
2516			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2517			     ooa_links)) {
2518				sbuf_new(&sb, printbuf, sizeof(printbuf),
2519					 SBUF_FIXEDLEN);
2520				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2521					    (intmax_t)lun->lun,
2522					    io->scsiio.tag_num,
2523					    (io->io_hdr.flags &
2524					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2525					    (io->io_hdr.flags &
2526					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2527					    (io->io_hdr.flags &
2528					    CTL_FLAG_ABORT) ? " ABORT" : "",
2529			                    (io->io_hdr.flags &
2530		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2531				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2532				sbuf_finish(&sb);
2533				printf("%s\n", sbuf_data(&sb));
2534			}
2535			mtx_unlock(&lun->lun_lock);
2536		}
2537		printf("OOA queues dump done\n");
2538		mtx_unlock(&softc->ctl_lock);
2539		break;
2540	}
2541	case CTL_GET_OOA: {
2542		struct ctl_lun *lun;
2543		struct ctl_ooa *ooa_hdr;
2544		struct ctl_ooa_entry *entries;
2545		uint32_t cur_fill_num;
2546
2547		ooa_hdr = (struct ctl_ooa *)addr;
2548
2549		if ((ooa_hdr->alloc_len == 0)
2550		 || (ooa_hdr->alloc_num == 0)) {
2551			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2552			       "must be non-zero\n", __func__,
2553			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2554			retval = EINVAL;
2555			break;
2556		}
2557
2558		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2559		    sizeof(struct ctl_ooa_entry))) {
2560			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2561			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2562			       __func__, ooa_hdr->alloc_len,
2563			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2564			retval = EINVAL;
2565			break;
2566		}
2567
2568		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2569		if (entries == NULL) {
2570			printf("%s: could not allocate %d bytes for OOA "
2571			       "dump\n", __func__, ooa_hdr->alloc_len);
2572			retval = ENOMEM;
2573			break;
2574		}
2575
2576		mtx_lock(&softc->ctl_lock);
2577		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2578		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2579		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2580			mtx_unlock(&softc->ctl_lock);
2581			free(entries, M_CTL);
2582			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2583			       __func__, (uintmax_t)ooa_hdr->lun_num);
2584			retval = EINVAL;
2585			break;
2586		}
2587
2588		cur_fill_num = 0;
2589
2590		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2591			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2592				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2593					ooa_hdr, entries);
2594				if (retval != 0)
2595					break;
2596			}
2597			if (retval != 0) {
2598				mtx_unlock(&softc->ctl_lock);
2599				free(entries, M_CTL);
2600				break;
2601			}
2602		} else {
2603			lun = softc->ctl_luns[ooa_hdr->lun_num];
2604
2605			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2606						    entries);
2607		}
2608		mtx_unlock(&softc->ctl_lock);
2609
2610		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2611		ooa_hdr->fill_len = ooa_hdr->fill_num *
2612			sizeof(struct ctl_ooa_entry);
2613		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2614		if (retval != 0) {
2615			printf("%s: error copying out %d bytes for OOA dump\n",
2616			       __func__, ooa_hdr->fill_len);
2617		}
2618
2619		getbintime(&ooa_hdr->cur_bt);
2620
2621		if (cur_fill_num > ooa_hdr->alloc_num) {
2622			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2623			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2624		} else {
2625			ooa_hdr->dropped_num = 0;
2626			ooa_hdr->status = CTL_OOA_OK;
2627		}
2628
2629		free(entries, M_CTL);
2630		break;
2631	}
2632	case CTL_CHECK_OOA: {
2633		union ctl_io *io;
2634		struct ctl_lun *lun;
2635		struct ctl_ooa_info *ooa_info;
2636
2637
2638		ooa_info = (struct ctl_ooa_info *)addr;
2639
2640		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2641			ooa_info->status = CTL_OOA_INVALID_LUN;
2642			break;
2643		}
2644		mtx_lock(&softc->ctl_lock);
2645		lun = softc->ctl_luns[ooa_info->lun_id];
2646		if (lun == NULL) {
2647			mtx_unlock(&softc->ctl_lock);
2648			ooa_info->status = CTL_OOA_INVALID_LUN;
2649			break;
2650		}
2651		mtx_lock(&lun->lun_lock);
2652		mtx_unlock(&softc->ctl_lock);
2653		ooa_info->num_entries = 0;
2654		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2655		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2656		     &io->io_hdr, ooa_links)) {
2657			ooa_info->num_entries++;
2658		}
2659		mtx_unlock(&lun->lun_lock);
2660
2661		ooa_info->status = CTL_OOA_SUCCESS;
2662
2663		break;
2664	}
2665	case CTL_HARD_START:
2666	case CTL_HARD_STOP: {
2667		struct ctl_fe_ioctl_startstop_info ss_info;
2668		struct cfi_metatask *metatask;
2669		struct mtx hs_mtx;
2670
2671		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2672
2673		cv_init(&ss_info.sem, "hard start/stop cv" );
2674
2675		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2676		if (metatask == NULL) {
2677			retval = ENOMEM;
2678			mtx_destroy(&hs_mtx);
2679			break;
2680		}
2681
2682		if (cmd == CTL_HARD_START)
2683			metatask->tasktype = CFI_TASK_STARTUP;
2684		else
2685			metatask->tasktype = CFI_TASK_SHUTDOWN;
2686
2687		metatask->callback = ctl_ioctl_hard_startstop_callback;
2688		metatask->callback_arg = &ss_info;
2689
2690		cfi_action(metatask);
2691
2692		/* Wait for the callback */
2693		mtx_lock(&hs_mtx);
2694		cv_wait_sig(&ss_info.sem, &hs_mtx);
2695		mtx_unlock(&hs_mtx);
2696
2697		/*
2698		 * All information has been copied from the metatask by the
2699		 * time cv_broadcast() is called, so we free the metatask here.
2700		 */
2701		cfi_free_metatask(metatask);
2702
2703		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2704
2705		mtx_destroy(&hs_mtx);
2706		break;
2707	}
2708	case CTL_BBRREAD: {
2709		struct ctl_bbrread_info *bbr_info;
2710		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2711		struct mtx bbr_mtx;
2712		struct cfi_metatask *metatask;
2713
2714		bbr_info = (struct ctl_bbrread_info *)addr;
2715
2716		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2717
2718		bzero(&bbr_mtx, sizeof(bbr_mtx));
2719		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2720
2721		fe_bbr_info.bbr_info = bbr_info;
2722		fe_bbr_info.lock = &bbr_mtx;
2723
2724		cv_init(&fe_bbr_info.sem, "BBR read cv");
2725		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2726
2727		if (metatask == NULL) {
2728			mtx_destroy(&bbr_mtx);
2729			cv_destroy(&fe_bbr_info.sem);
2730			retval = ENOMEM;
2731			break;
2732		}
2733		metatask->tasktype = CFI_TASK_BBRREAD;
2734		metatask->callback = ctl_ioctl_bbrread_callback;
2735		metatask->callback_arg = &fe_bbr_info;
2736		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2737		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2738		metatask->taskinfo.bbrread.len = bbr_info->len;
2739
2740		cfi_action(metatask);
2741
2742		mtx_lock(&bbr_mtx);
2743		while (fe_bbr_info.wakeup_done == 0)
2744			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2745		mtx_unlock(&bbr_mtx);
2746
2747		bbr_info->status = metatask->status;
2748		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2749		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2750		memcpy(&bbr_info->sense_data,
2751		       &metatask->taskinfo.bbrread.sense_data,
2752		       ctl_min(sizeof(bbr_info->sense_data),
2753			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2754
2755		cfi_free_metatask(metatask);
2756
2757		mtx_destroy(&bbr_mtx);
2758		cv_destroy(&fe_bbr_info.sem);
2759
2760		break;
2761	}
2762	case CTL_DELAY_IO: {
2763		struct ctl_io_delay_info *delay_info;
2764#ifdef CTL_IO_DELAY
2765		struct ctl_lun *lun;
2766#endif /* CTL_IO_DELAY */
2767
2768		delay_info = (struct ctl_io_delay_info *)addr;
2769
2770#ifdef CTL_IO_DELAY
2771		mtx_lock(&softc->ctl_lock);
2772
2773		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2774		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2775			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2776		} else {
2777			lun = softc->ctl_luns[delay_info->lun_id];
2778			mtx_lock(&lun->lun_lock);
2779
2780			delay_info->status = CTL_DELAY_STATUS_OK;
2781
2782			switch (delay_info->delay_type) {
2783			case CTL_DELAY_TYPE_CONT:
2784				break;
2785			case CTL_DELAY_TYPE_ONESHOT:
2786				break;
2787			default:
2788				delay_info->status =
2789					CTL_DELAY_STATUS_INVALID_TYPE;
2790				break;
2791			}
2792
2793			switch (delay_info->delay_loc) {
2794			case CTL_DELAY_LOC_DATAMOVE:
2795				lun->delay_info.datamove_type =
2796					delay_info->delay_type;
2797				lun->delay_info.datamove_delay =
2798					delay_info->delay_secs;
2799				break;
2800			case CTL_DELAY_LOC_DONE:
2801				lun->delay_info.done_type =
2802					delay_info->delay_type;
2803				lun->delay_info.done_delay =
2804					delay_info->delay_secs;
2805				break;
2806			default:
2807				delay_info->status =
2808					CTL_DELAY_STATUS_INVALID_LOC;
2809				break;
2810			}
2811			mtx_unlock(&lun->lun_lock);
2812		}
2813
2814		mtx_unlock(&softc->ctl_lock);
2815#else
2816		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2817#endif /* CTL_IO_DELAY */
2818		break;
2819	}
2820	case CTL_REALSYNC_SET: {
2821		int *syncstate;
2822
2823		syncstate = (int *)addr;
2824
2825		mtx_lock(&softc->ctl_lock);
2826		switch (*syncstate) {
2827		case 0:
2828			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2829			break;
2830		case 1:
2831			softc->flags |= CTL_FLAG_REAL_SYNC;
2832			break;
2833		default:
2834			retval = EINVAL;
2835			break;
2836		}
2837		mtx_unlock(&softc->ctl_lock);
2838		break;
2839	}
2840	case CTL_REALSYNC_GET: {
2841		int *syncstate;
2842
2843		syncstate = (int*)addr;
2844
2845		mtx_lock(&softc->ctl_lock);
2846		if (softc->flags & CTL_FLAG_REAL_SYNC)
2847			*syncstate = 1;
2848		else
2849			*syncstate = 0;
2850		mtx_unlock(&softc->ctl_lock);
2851
2852		break;
2853	}
2854	case CTL_SETSYNC:
2855	case CTL_GETSYNC: {
2856		struct ctl_sync_info *sync_info;
2857		struct ctl_lun *lun;
2858
2859		sync_info = (struct ctl_sync_info *)addr;
2860
2861		mtx_lock(&softc->ctl_lock);
2862		lun = softc->ctl_luns[sync_info->lun_id];
2863		if (lun == NULL) {
2864			mtx_unlock(&softc->ctl_lock);
2865			sync_info->status = CTL_GS_SYNC_NO_LUN;
2866		}
2867		/*
2868		 * Get or set the sync interval.  We're not bounds checking
2869		 * in the set case, hopefully the user won't do something
2870		 * silly.
2871		 */
2872		mtx_lock(&lun->lun_lock);
2873		mtx_unlock(&softc->ctl_lock);
2874		if (cmd == CTL_GETSYNC)
2875			sync_info->sync_interval = lun->sync_interval;
2876		else
2877			lun->sync_interval = sync_info->sync_interval;
2878		mtx_unlock(&lun->lun_lock);
2879
2880		sync_info->status = CTL_GS_SYNC_OK;
2881
2882		break;
2883	}
2884	case CTL_GETSTATS: {
2885		struct ctl_stats *stats;
2886		struct ctl_lun *lun;
2887		int i;
2888
2889		stats = (struct ctl_stats *)addr;
2890
2891		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2892		     stats->alloc_len) {
2893			stats->status = CTL_SS_NEED_MORE_SPACE;
2894			stats->num_luns = softc->num_luns;
2895			break;
2896		}
2897		/*
2898		 * XXX KDM no locking here.  If the LUN list changes,
2899		 * things can blow up.
2900		 */
2901		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2902		     i++, lun = STAILQ_NEXT(lun, links)) {
2903			retval = copyout(&lun->stats, &stats->lun_stats[i],
2904					 sizeof(lun->stats));
2905			if (retval != 0)
2906				break;
2907		}
2908		stats->num_luns = softc->num_luns;
2909		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2910				 softc->num_luns;
2911		stats->status = CTL_SS_OK;
2912#ifdef CTL_TIME_IO
2913		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2914#else
2915		stats->flags = CTL_STATS_FLAG_NONE;
2916#endif
2917		getnanouptime(&stats->timestamp);
2918		break;
2919	}
2920	case CTL_ERROR_INJECT: {
2921		struct ctl_error_desc *err_desc, *new_err_desc;
2922		struct ctl_lun *lun;
2923
2924		err_desc = (struct ctl_error_desc *)addr;
2925
2926		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2927				      M_WAITOK | M_ZERO);
2928		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2929
2930		mtx_lock(&softc->ctl_lock);
2931		lun = softc->ctl_luns[err_desc->lun_id];
2932		if (lun == NULL) {
2933			mtx_unlock(&softc->ctl_lock);
2934			free(new_err_desc, M_CTL);
2935			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2936			       __func__, (uintmax_t)err_desc->lun_id);
2937			retval = EINVAL;
2938			break;
2939		}
2940		mtx_lock(&lun->lun_lock);
2941		mtx_unlock(&softc->ctl_lock);
2942
2943		/*
2944		 * We could do some checking here to verify the validity
2945		 * of the request, but given the complexity of error
2946		 * injection requests, the checking logic would be fairly
2947		 * complex.
2948		 *
2949		 * For now, if the request is invalid, it just won't get
2950		 * executed and might get deleted.
2951		 */
2952		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2953
2954		/*
2955		 * XXX KDM check to make sure the serial number is unique,
2956		 * in case we somehow manage to wrap.  That shouldn't
2957		 * happen for a very long time, but it's the right thing to
2958		 * do.
2959		 */
2960		new_err_desc->serial = lun->error_serial;
2961		err_desc->serial = lun->error_serial;
2962		lun->error_serial++;
2963
2964		mtx_unlock(&lun->lun_lock);
2965		break;
2966	}
2967	case CTL_ERROR_INJECT_DELETE: {
2968		struct ctl_error_desc *delete_desc, *desc, *desc2;
2969		struct ctl_lun *lun;
2970		int delete_done;
2971
2972		delete_desc = (struct ctl_error_desc *)addr;
2973		delete_done = 0;
2974
2975		mtx_lock(&softc->ctl_lock);
2976		lun = softc->ctl_luns[delete_desc->lun_id];
2977		if (lun == NULL) {
2978			mtx_unlock(&softc->ctl_lock);
2979			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2980			       __func__, (uintmax_t)delete_desc->lun_id);
2981			retval = EINVAL;
2982			break;
2983		}
2984		mtx_lock(&lun->lun_lock);
2985		mtx_unlock(&softc->ctl_lock);
2986		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2987			if (desc->serial != delete_desc->serial)
2988				continue;
2989
2990			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2991				      links);
2992			free(desc, M_CTL);
2993			delete_done = 1;
2994		}
2995		mtx_unlock(&lun->lun_lock);
2996		if (delete_done == 0) {
2997			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2998			       "error serial %ju on LUN %u\n", __func__,
2999			       delete_desc->serial, delete_desc->lun_id);
3000			retval = EINVAL;
3001			break;
3002		}
3003		break;
3004	}
3005	case CTL_DUMP_STRUCTS: {
3006		int i, j, k, idx;
3007		struct ctl_port *port;
3008		struct ctl_frontend *fe;
3009
3010		mtx_lock(&softc->ctl_lock);
3011		printf("CTL Persistent Reservation information start:\n");
3012		for (i = 0; i < CTL_MAX_LUNS; i++) {
3013			struct ctl_lun *lun;
3014
3015			lun = softc->ctl_luns[i];
3016
3017			if ((lun == NULL)
3018			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3019				continue;
3020
3021			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
3022				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3023					idx = j * CTL_MAX_INIT_PER_PORT + k;
3024					if (lun->pr_keys[idx] == 0)
3025						continue;
3026					printf("  LUN %d port %d iid %d key "
3027					       "%#jx\n", i, j, k,
3028					       (uintmax_t)lun->pr_keys[idx]);
3029				}
3030			}
3031		}
3032		printf("CTL Persistent Reservation information end\n");
3033		printf("CTL Ports:\n");
3034		STAILQ_FOREACH(port, &softc->port_list, links) {
3035			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3036			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3037			       port->frontend->name, port->port_type,
3038			       port->physical_port, port->virtual_port,
3039			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3040			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3041				if (port->wwpn_iid[j].in_use == 0 &&
3042				    port->wwpn_iid[j].wwpn == 0 &&
3043				    port->wwpn_iid[j].name == NULL)
3044					continue;
3045
3046				printf("    iid %u use %d WWPN %#jx '%s'\n",
3047				    j, port->wwpn_iid[j].in_use,
3048				    (uintmax_t)port->wwpn_iid[j].wwpn,
3049				    port->wwpn_iid[j].name);
3050			}
3051		}
3052		printf("CTL Port information end\n");
3053		mtx_unlock(&softc->ctl_lock);
3054		/*
3055		 * XXX KDM calling this without a lock.  We'd likely want
3056		 * to drop the lock before calling the frontend's dump
3057		 * routine anyway.
3058		 */
3059		printf("CTL Frontends:\n");
3060		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3061			printf("  Frontend '%s'\n", fe->name);
3062			if (fe->fe_dump != NULL)
3063				fe->fe_dump();
3064		}
3065		printf("CTL Frontend information end\n");
3066		break;
3067	}
3068	case CTL_LUN_REQ: {
3069		struct ctl_lun_req *lun_req;
3070		struct ctl_backend_driver *backend;
3071
3072		lun_req = (struct ctl_lun_req *)addr;
3073
3074		backend = ctl_backend_find(lun_req->backend);
3075		if (backend == NULL) {
3076			lun_req->status = CTL_LUN_ERROR;
3077			snprintf(lun_req->error_str,
3078				 sizeof(lun_req->error_str),
3079				 "Backend \"%s\" not found.",
3080				 lun_req->backend);
3081			break;
3082		}
3083		if (lun_req->num_be_args > 0) {
3084			lun_req->kern_be_args = ctl_copyin_args(
3085				lun_req->num_be_args,
3086				lun_req->be_args,
3087				lun_req->error_str,
3088				sizeof(lun_req->error_str));
3089			if (lun_req->kern_be_args == NULL) {
3090				lun_req->status = CTL_LUN_ERROR;
3091				break;
3092			}
3093		}
3094
3095		retval = backend->ioctl(dev, cmd, addr, flag, td);
3096
3097		if (lun_req->num_be_args > 0) {
3098			ctl_copyout_args(lun_req->num_be_args,
3099				      lun_req->kern_be_args);
3100			ctl_free_args(lun_req->num_be_args,
3101				      lun_req->kern_be_args);
3102		}
3103		break;
3104	}
3105	case CTL_LUN_LIST: {
3106		struct sbuf *sb;
3107		struct ctl_lun *lun;
3108		struct ctl_lun_list *list;
3109		struct ctl_option *opt;
3110
3111		list = (struct ctl_lun_list *)addr;
3112
3113		/*
3114		 * Allocate a fixed length sbuf here, based on the length
3115		 * of the user's buffer.  We could allocate an auto-extending
3116		 * buffer, and then tell the user how much larger our
3117		 * amount of data is than his buffer, but that presents
3118		 * some problems:
3119		 *
3120		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3121		 *     we can't hold a lock while calling them with an
3122		 *     auto-extending buffer.
3123 		 *
3124		 * 2.  There is not currently a LUN reference counting
3125		 *     mechanism, outside of outstanding transactions on
3126		 *     the LUN's OOA queue.  So a LUN could go away on us
3127		 *     while we're getting the LUN number, backend-specific
3128		 *     information, etc.  Thus, given the way things
3129		 *     currently work, we need to hold the CTL lock while
3130		 *     grabbing LUN information.
3131		 *
3132		 * So, from the user's standpoint, the best thing to do is
3133		 * allocate what he thinks is a reasonable buffer length,
3134		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3135		 * double the buffer length and try again.  (And repeat
3136		 * that until he succeeds.)
3137		 */
3138		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3139		if (sb == NULL) {
3140			list->status = CTL_LUN_LIST_ERROR;
3141			snprintf(list->error_str, sizeof(list->error_str),
3142				 "Unable to allocate %d bytes for LUN list",
3143				 list->alloc_len);
3144			break;
3145		}
3146
3147		sbuf_printf(sb, "<ctllunlist>\n");
3148
3149		mtx_lock(&softc->ctl_lock);
3150		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3151			mtx_lock(&lun->lun_lock);
3152			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3153					     (uintmax_t)lun->lun);
3154
3155			/*
3156			 * Bail out as soon as we see that we've overfilled
3157			 * the buffer.
3158			 */
3159			if (retval != 0)
3160				break;
3161
3162			retval = sbuf_printf(sb, "\t<backend_type>%s"
3163					     "</backend_type>\n",
3164					     (lun->backend == NULL) ?  "none" :
3165					     lun->backend->name);
3166
3167			if (retval != 0)
3168				break;
3169
3170			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3171					     lun->be_lun->lun_type);
3172
3173			if (retval != 0)
3174				break;
3175
3176			if (lun->backend == NULL) {
3177				retval = sbuf_printf(sb, "</lun>\n");
3178				if (retval != 0)
3179					break;
3180				continue;
3181			}
3182
3183			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3184					     (lun->be_lun->maxlba > 0) ?
3185					     lun->be_lun->maxlba + 1 : 0);
3186
3187			if (retval != 0)
3188				break;
3189
3190			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3191					     lun->be_lun->blocksize);
3192
3193			if (retval != 0)
3194				break;
3195
3196			retval = sbuf_printf(sb, "\t<serial_number>");
3197
3198			if (retval != 0)
3199				break;
3200
3201			retval = ctl_sbuf_printf_esc(sb,
3202						     lun->be_lun->serial_num);
3203
3204			if (retval != 0)
3205				break;
3206
3207			retval = sbuf_printf(sb, "</serial_number>\n");
3208
3209			if (retval != 0)
3210				break;
3211
3212			retval = sbuf_printf(sb, "\t<device_id>");
3213
3214			if (retval != 0)
3215				break;
3216
3217			retval = ctl_sbuf_printf_esc(sb,lun->be_lun->device_id);
3218
3219			if (retval != 0)
3220				break;
3221
3222			retval = sbuf_printf(sb, "</device_id>\n");
3223
3224			if (retval != 0)
3225				break;
3226
3227			if (lun->backend->lun_info != NULL) {
3228				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3229				if (retval != 0)
3230					break;
3231			}
3232			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3233				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3234				    opt->name, opt->value, opt->name);
3235				if (retval != 0)
3236					break;
3237			}
3238
3239			retval = sbuf_printf(sb, "</lun>\n");
3240
3241			if (retval != 0)
3242				break;
3243			mtx_unlock(&lun->lun_lock);
3244		}
3245		if (lun != NULL)
3246			mtx_unlock(&lun->lun_lock);
3247		mtx_unlock(&softc->ctl_lock);
3248
3249		if ((retval != 0)
3250		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3251			retval = 0;
3252			sbuf_delete(sb);
3253			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3254			snprintf(list->error_str, sizeof(list->error_str),
3255				 "Out of space, %d bytes is too small",
3256				 list->alloc_len);
3257			break;
3258		}
3259
3260		sbuf_finish(sb);
3261
3262		retval = copyout(sbuf_data(sb), list->lun_xml,
3263				 sbuf_len(sb) + 1);
3264
3265		list->fill_len = sbuf_len(sb) + 1;
3266		list->status = CTL_LUN_LIST_OK;
3267		sbuf_delete(sb);
3268		break;
3269	}
3270	case CTL_ISCSI: {
3271		struct ctl_iscsi *ci;
3272		struct ctl_frontend *fe;
3273
3274		ci = (struct ctl_iscsi *)addr;
3275
3276		fe = ctl_frontend_find("iscsi");
3277		if (fe == NULL) {
3278			ci->status = CTL_ISCSI_ERROR;
3279			snprintf(ci->error_str, sizeof(ci->error_str),
3280			    "Frontend \"iscsi\" not found.");
3281			break;
3282		}
3283
3284		retval = fe->ioctl(dev, cmd, addr, flag, td);
3285		break;
3286	}
3287	case CTL_PORT_REQ: {
3288		struct ctl_req *req;
3289		struct ctl_frontend *fe;
3290
3291		req = (struct ctl_req *)addr;
3292
3293		fe = ctl_frontend_find(req->driver);
3294		if (fe == NULL) {
3295			req->status = CTL_LUN_ERROR;
3296			snprintf(req->error_str, sizeof(req->error_str),
3297			    "Frontend \"%s\" not found.", req->driver);
3298			break;
3299		}
3300		if (req->num_args > 0) {
3301			req->kern_args = ctl_copyin_args(req->num_args,
3302			    req->args, req->error_str, sizeof(req->error_str));
3303			if (req->kern_args == NULL) {
3304				req->status = CTL_LUN_ERROR;
3305				break;
3306			}
3307		}
3308
3309		retval = fe->ioctl(dev, cmd, addr, flag, td);
3310
3311		if (req->num_args > 0) {
3312			ctl_copyout_args(req->num_args, req->kern_args);
3313			ctl_free_args(req->num_args, req->kern_args);
3314		}
3315		break;
3316	}
3317	case CTL_PORT_LIST: {
3318		struct sbuf *sb;
3319		struct ctl_port *port;
3320		struct ctl_lun_list *list;
3321		struct ctl_option *opt;
3322		int j;
3323
3324		list = (struct ctl_lun_list *)addr;
3325
3326		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3327		if (sb == NULL) {
3328			list->status = CTL_LUN_LIST_ERROR;
3329			snprintf(list->error_str, sizeof(list->error_str),
3330				 "Unable to allocate %d bytes for LUN list",
3331				 list->alloc_len);
3332			break;
3333		}
3334
3335		sbuf_printf(sb, "<ctlportlist>\n");
3336
3337		mtx_lock(&softc->ctl_lock);
3338		STAILQ_FOREACH(port, &softc->port_list, links) {
3339			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3340					     (uintmax_t)port->targ_port);
3341
3342			/*
3343			 * Bail out as soon as we see that we've overfilled
3344			 * the buffer.
3345			 */
3346			if (retval != 0)
3347				break;
3348
3349			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3350			    "</frontend_type>\n", port->frontend->name);
3351			if (retval != 0)
3352				break;
3353
3354			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3355					     port->port_type);
3356			if (retval != 0)
3357				break;
3358
3359			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3360			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3361			if (retval != 0)
3362				break;
3363
3364			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3365			    port->port_name);
3366			if (retval != 0)
3367				break;
3368
3369			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3370			    port->physical_port);
3371			if (retval != 0)
3372				break;
3373
3374			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3375			    port->virtual_port);
3376			if (retval != 0)
3377				break;
3378
3379			if (port->target_devid != NULL) {
3380				sbuf_printf(sb, "\t<target>");
3381				ctl_id_sbuf(port->target_devid, sb);
3382				sbuf_printf(sb, "</target>\n");
3383			}
3384
3385			if (port->port_devid != NULL) {
3386				sbuf_printf(sb, "\t<port>");
3387				ctl_id_sbuf(port->port_devid, sb);
3388				sbuf_printf(sb, "</port>\n");
3389			}
3390
3391			if (port->port_info != NULL) {
3392				retval = port->port_info(port->onoff_arg, sb);
3393				if (retval != 0)
3394					break;
3395			}
3396			STAILQ_FOREACH(opt, &port->options, links) {
3397				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3398				    opt->name, opt->value, opt->name);
3399				if (retval != 0)
3400					break;
3401			}
3402
3403			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3404				if (port->wwpn_iid[j].in_use == 0 ||
3405				    (port->wwpn_iid[j].wwpn == 0 &&
3406				     port->wwpn_iid[j].name == NULL))
3407					continue;
3408
3409				if (port->wwpn_iid[j].name != NULL)
3410					retval = sbuf_printf(sb,
3411					    "\t<initiator>%u %s</initiator>\n",
3412					    j, port->wwpn_iid[j].name);
3413				else
3414					retval = sbuf_printf(sb,
3415					    "\t<initiator>%u naa.%08jx</initiator>\n",
3416					    j, port->wwpn_iid[j].wwpn);
3417				if (retval != 0)
3418					break;
3419			}
3420			if (retval != 0)
3421				break;
3422
3423			retval = sbuf_printf(sb, "</targ_port>\n");
3424			if (retval != 0)
3425				break;
3426		}
3427		mtx_unlock(&softc->ctl_lock);
3428
3429		if ((retval != 0)
3430		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3431			retval = 0;
3432			sbuf_delete(sb);
3433			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3434			snprintf(list->error_str, sizeof(list->error_str),
3435				 "Out of space, %d bytes is too small",
3436				 list->alloc_len);
3437			break;
3438		}
3439
3440		sbuf_finish(sb);
3441
3442		retval = copyout(sbuf_data(sb), list->lun_xml,
3443				 sbuf_len(sb) + 1);
3444
3445		list->fill_len = sbuf_len(sb) + 1;
3446		list->status = CTL_LUN_LIST_OK;
3447		sbuf_delete(sb);
3448		break;
3449	}
3450	default: {
3451		/* XXX KDM should we fix this? */
3452#if 0
3453		struct ctl_backend_driver *backend;
3454		unsigned int type;
3455		int found;
3456
3457		found = 0;
3458
3459		/*
3460		 * We encode the backend type as the ioctl type for backend
3461		 * ioctls.  So parse it out here, and then search for a
3462		 * backend of this type.
3463		 */
3464		type = _IOC_TYPE(cmd);
3465
3466		STAILQ_FOREACH(backend, &softc->be_list, links) {
3467			if (backend->type == type) {
3468				found = 1;
3469				break;
3470			}
3471		}
3472		if (found == 0) {
3473			printf("ctl: unknown ioctl command %#lx or backend "
3474			       "%d\n", cmd, type);
3475			retval = EINVAL;
3476			break;
3477		}
3478		retval = backend->ioctl(dev, cmd, addr, flag, td);
3479#endif
3480		retval = ENOTTY;
3481		break;
3482	}
3483	}
3484	return (retval);
3485}
3486
3487uint32_t
3488ctl_get_initindex(struct ctl_nexus *nexus)
3489{
3490	if (nexus->targ_port < CTL_MAX_PORTS)
3491		return (nexus->initid.id +
3492			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3493	else
3494		return (nexus->initid.id +
3495		       ((nexus->targ_port - CTL_MAX_PORTS) *
3496			CTL_MAX_INIT_PER_PORT));
3497}
3498
3499uint32_t
3500ctl_get_resindex(struct ctl_nexus *nexus)
3501{
3502	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3503}
3504
3505uint32_t
3506ctl_port_idx(int port_num)
3507{
3508	if (port_num < CTL_MAX_PORTS)
3509		return(port_num);
3510	else
3511		return(port_num - CTL_MAX_PORTS);
3512}
3513
3514static uint32_t
3515ctl_map_lun(int port_num, uint32_t lun_id)
3516{
3517	struct ctl_port *port;
3518
3519	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3520	if (port == NULL)
3521		return (UINT32_MAX);
3522	if (port->lun_map == NULL)
3523		return (lun_id);
3524	return (port->lun_map(port->targ_lun_arg, lun_id));
3525}
3526
3527static uint32_t
3528ctl_map_lun_back(int port_num, uint32_t lun_id)
3529{
3530	struct ctl_port *port;
3531	uint32_t i;
3532
3533	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3534	if (port->lun_map == NULL)
3535		return (lun_id);
3536	for (i = 0; i < CTL_MAX_LUNS; i++) {
3537		if (port->lun_map(port->targ_lun_arg, i) == lun_id)
3538			return (i);
3539	}
3540	return (UINT32_MAX);
3541}
3542
3543/*
3544 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3545 * that are a power of 2.
3546 */
3547int
3548ctl_ffz(uint32_t *mask, uint32_t size)
3549{
3550	uint32_t num_chunks, num_pieces;
3551	int i, j;
3552
3553	num_chunks = (size >> 5);
3554	if (num_chunks == 0)
3555		num_chunks++;
3556	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3557
3558	for (i = 0; i < num_chunks; i++) {
3559		for (j = 0; j < num_pieces; j++) {
3560			if ((mask[i] & (1 << j)) == 0)
3561				return ((i << 5) + j);
3562		}
3563	}
3564
3565	return (-1);
3566}
3567
3568int
3569ctl_set_mask(uint32_t *mask, uint32_t bit)
3570{
3571	uint32_t chunk, piece;
3572
3573	chunk = bit >> 5;
3574	piece = bit % (sizeof(uint32_t) * 8);
3575
3576	if ((mask[chunk] & (1 << piece)) != 0)
3577		return (-1);
3578	else
3579		mask[chunk] |= (1 << piece);
3580
3581	return (0);
3582}
3583
3584int
3585ctl_clear_mask(uint32_t *mask, uint32_t bit)
3586{
3587	uint32_t chunk, piece;
3588
3589	chunk = bit >> 5;
3590	piece = bit % (sizeof(uint32_t) * 8);
3591
3592	if ((mask[chunk] & (1 << piece)) == 0)
3593		return (-1);
3594	else
3595		mask[chunk] &= ~(1 << piece);
3596
3597	return (0);
3598}
3599
3600int
3601ctl_is_set(uint32_t *mask, uint32_t bit)
3602{
3603	uint32_t chunk, piece;
3604
3605	chunk = bit >> 5;
3606	piece = bit % (sizeof(uint32_t) * 8);
3607
3608	if ((mask[chunk] & (1 << piece)) == 0)
3609		return (0);
3610	else
3611		return (1);
3612}
3613
3614#ifdef unused
3615/*
3616 * The bus, target and lun are optional, they can be filled in later.
3617 * can_wait is used to determine whether we can wait on the malloc or not.
3618 */
3619union ctl_io*
3620ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3621	      uint32_t targ_lun, int can_wait)
3622{
3623	union ctl_io *io;
3624
3625	if (can_wait)
3626		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3627	else
3628		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3629
3630	if (io != NULL) {
3631		io->io_hdr.io_type = io_type;
3632		io->io_hdr.targ_port = targ_port;
3633		/*
3634		 * XXX KDM this needs to change/go away.  We need to move
3635		 * to a preallocated pool of ctl_scsiio structures.
3636		 */
3637		io->io_hdr.nexus.targ_target.id = targ_target;
3638		io->io_hdr.nexus.targ_lun = targ_lun;
3639	}
3640
3641	return (io);
3642}
3643
3644void
3645ctl_kfree_io(union ctl_io *io)
3646{
3647	free(io, M_CTL);
3648}
3649#endif /* unused */
3650
3651/*
3652 * ctl_softc, pool_type, total_ctl_io are passed in.
3653 * npool is passed out.
3654 */
3655int
3656ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3657		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3658{
3659	uint32_t i;
3660	union ctl_io *cur_io, *next_io;
3661	struct ctl_io_pool *pool;
3662	int retval;
3663
3664	retval = 0;
3665
3666	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3667					    M_NOWAIT | M_ZERO);
3668	if (pool == NULL) {
3669		retval = ENOMEM;
3670		goto bailout;
3671	}
3672
3673	pool->type = pool_type;
3674	pool->ctl_softc = ctl_softc;
3675
3676	mtx_lock(&ctl_softc->pool_lock);
3677	pool->id = ctl_softc->cur_pool_id++;
3678	mtx_unlock(&ctl_softc->pool_lock);
3679
3680	pool->flags = CTL_POOL_FLAG_NONE;
3681	pool->refcount = 1;		/* Reference for validity. */
3682	STAILQ_INIT(&pool->free_queue);
3683
3684	/*
3685	 * XXX KDM other options here:
3686	 * - allocate a page at a time
3687	 * - allocate one big chunk of memory.
3688	 * Page allocation might work well, but would take a little more
3689	 * tracking.
3690	 */
3691	for (i = 0; i < total_ctl_io; i++) {
3692		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTLIO,
3693						M_NOWAIT);
3694		if (cur_io == NULL) {
3695			retval = ENOMEM;
3696			break;
3697		}
3698		cur_io->io_hdr.pool = pool;
3699		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3700		pool->total_ctl_io++;
3701		pool->free_ctl_io++;
3702	}
3703
3704	if (retval != 0) {
3705		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3706		     cur_io != NULL; cur_io = next_io) {
3707			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3708							      links);
3709			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3710				      ctl_io_hdr, links);
3711			free(cur_io, M_CTLIO);
3712		}
3713
3714		free(pool, M_CTL);
3715		goto bailout;
3716	}
3717	mtx_lock(&ctl_softc->pool_lock);
3718	ctl_softc->num_pools++;
3719	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3720	/*
3721	 * Increment our usage count if this is an external consumer, so we
3722	 * can't get unloaded until the external consumer (most likely a
3723	 * FETD) unloads and frees his pool.
3724	 *
3725	 * XXX KDM will this increment the caller's module use count, or
3726	 * mine?
3727	 */
3728#if 0
3729	if ((pool_type != CTL_POOL_EMERGENCY)
3730	 && (pool_type != CTL_POOL_INTERNAL)
3731	 && (pool_type != CTL_POOL_4OTHERSC))
3732		MOD_INC_USE_COUNT;
3733#endif
3734
3735	mtx_unlock(&ctl_softc->pool_lock);
3736
3737	*npool = pool;
3738
3739bailout:
3740
3741	return (retval);
3742}
3743
3744static int
3745ctl_pool_acquire(struct ctl_io_pool *pool)
3746{
3747
3748	mtx_assert(&pool->ctl_softc->pool_lock, MA_OWNED);
3749
3750	if (pool->flags & CTL_POOL_FLAG_INVALID)
3751		return (EINVAL);
3752
3753	pool->refcount++;
3754
3755	return (0);
3756}
3757
3758static void
3759ctl_pool_release(struct ctl_io_pool *pool)
3760{
3761	struct ctl_softc *ctl_softc = pool->ctl_softc;
3762	union ctl_io *io;
3763
3764	mtx_assert(&ctl_softc->pool_lock, MA_OWNED);
3765
3766	if (--pool->refcount != 0)
3767		return;
3768
3769	while ((io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue)) != NULL) {
3770		STAILQ_REMOVE(&pool->free_queue, &io->io_hdr, ctl_io_hdr,
3771			      links);
3772		free(io, M_CTLIO);
3773	}
3774
3775	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3776	ctl_softc->num_pools--;
3777
3778	/*
3779	 * XXX KDM will this decrement the caller's usage count or mine?
3780	 */
3781#if 0
3782	if ((pool->type != CTL_POOL_EMERGENCY)
3783	 && (pool->type != CTL_POOL_INTERNAL)
3784	 && (pool->type != CTL_POOL_4OTHERSC))
3785		MOD_DEC_USE_COUNT;
3786#endif
3787
3788	free(pool, M_CTL);
3789}
3790
3791void
3792ctl_pool_free(struct ctl_io_pool *pool)
3793{
3794	struct ctl_softc *ctl_softc;
3795
3796	if (pool == NULL)
3797		return;
3798
3799	ctl_softc = pool->ctl_softc;
3800	mtx_lock(&ctl_softc->pool_lock);
3801	pool->flags |= CTL_POOL_FLAG_INVALID;
3802	ctl_pool_release(pool);
3803	mtx_unlock(&ctl_softc->pool_lock);
3804}
3805
3806/*
3807 * This routine does not block (except for spinlocks of course).
3808 * It tries to allocate a ctl_io union from the caller's pool as quickly as
3809 * possible.
3810 */
3811union ctl_io *
3812ctl_alloc_io(void *pool_ref)
3813{
3814	union ctl_io *io;
3815	struct ctl_softc *ctl_softc;
3816	struct ctl_io_pool *pool, *npool;
3817	struct ctl_io_pool *emergency_pool;
3818
3819	pool = (struct ctl_io_pool *)pool_ref;
3820
3821	if (pool == NULL) {
3822		printf("%s: pool is NULL\n", __func__);
3823		return (NULL);
3824	}
3825
3826	emergency_pool = NULL;
3827
3828	ctl_softc = pool->ctl_softc;
3829
3830	mtx_lock(&ctl_softc->pool_lock);
3831	/*
3832	 * First, try to get the io structure from the user's pool.
3833	 */
3834	if (ctl_pool_acquire(pool) == 0) {
3835		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3836		if (io != NULL) {
3837			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3838			pool->total_allocated++;
3839			pool->free_ctl_io--;
3840			mtx_unlock(&ctl_softc->pool_lock);
3841			return (io);
3842		} else
3843			ctl_pool_release(pool);
3844	}
3845	/*
3846	 * If he doesn't have any io structures left, search for an
3847	 * emergency pool and grab one from there.
3848	 */
3849	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3850		if (npool->type != CTL_POOL_EMERGENCY)
3851			continue;
3852
3853		if (ctl_pool_acquire(npool) != 0)
3854			continue;
3855
3856		emergency_pool = npool;
3857
3858		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3859		if (io != NULL) {
3860			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3861			npool->total_allocated++;
3862			npool->free_ctl_io--;
3863			mtx_unlock(&ctl_softc->pool_lock);
3864			return (io);
3865		} else
3866			ctl_pool_release(npool);
3867	}
3868
3869	/* Drop the spinlock before we malloc */
3870	mtx_unlock(&ctl_softc->pool_lock);
3871
3872	/*
3873	 * The emergency pool (if it exists) didn't have one, so try an
3874	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3875	 */
3876	io = (union ctl_io *)malloc(sizeof(*io), M_CTLIO, M_NOWAIT);
3877	if (io != NULL) {
3878		/*
3879		 * If the emergency pool exists but is empty, add this
3880		 * ctl_io to its list when it gets freed.
3881		 */
3882		if (emergency_pool != NULL) {
3883			mtx_lock(&ctl_softc->pool_lock);
3884			if (ctl_pool_acquire(emergency_pool) == 0) {
3885				io->io_hdr.pool = emergency_pool;
3886				emergency_pool->total_ctl_io++;
3887				/*
3888				 * Need to bump this, otherwise
3889				 * total_allocated and total_freed won't
3890				 * match when we no longer have anything
3891				 * outstanding.
3892				 */
3893				emergency_pool->total_allocated++;
3894			}
3895			mtx_unlock(&ctl_softc->pool_lock);
3896		} else
3897			io->io_hdr.pool = NULL;
3898	}
3899
3900	return (io);
3901}
3902
3903void
3904ctl_free_io(union ctl_io *io)
3905{
3906	if (io == NULL)
3907		return;
3908
3909	/*
3910	 * If this ctl_io has a pool, return it to that pool.
3911	 */
3912	if (io->io_hdr.pool != NULL) {
3913		struct ctl_io_pool *pool;
3914
3915		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3916		mtx_lock(&pool->ctl_softc->pool_lock);
3917		io->io_hdr.io_type = 0xff;
3918		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3919		pool->total_freed++;
3920		pool->free_ctl_io++;
3921		ctl_pool_release(pool);
3922		mtx_unlock(&pool->ctl_softc->pool_lock);
3923	} else {
3924		/*
3925		 * Otherwise, just free it.  We probably malloced it and
3926		 * the emergency pool wasn't available.
3927		 */
3928		free(io, M_CTLIO);
3929	}
3930
3931}
3932
3933void
3934ctl_zero_io(union ctl_io *io)
3935{
3936	void *pool_ref;
3937
3938	if (io == NULL)
3939		return;
3940
3941	/*
3942	 * May need to preserve linked list pointers at some point too.
3943	 */
3944	pool_ref = io->io_hdr.pool;
3945
3946	memset(io, 0, sizeof(*io));
3947
3948	io->io_hdr.pool = pool_ref;
3949}
3950
3951/*
3952 * This routine is currently used for internal copies of ctl_ios that need
3953 * to persist for some reason after we've already returned status to the
3954 * FETD.  (Thus the flag set.)
3955 *
3956 * XXX XXX
3957 * Note that this makes a blind copy of all fields in the ctl_io, except
3958 * for the pool reference.  This includes any memory that has been
3959 * allocated!  That memory will no longer be valid after done has been
3960 * called, so this would be VERY DANGEROUS for command that actually does
3961 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3962 * start and stop commands, which don't transfer any data, so this is not a
3963 * problem.  If it is used for anything else, the caller would also need to
3964 * allocate data buffer space and this routine would need to be modified to
3965 * copy the data buffer(s) as well.
3966 */
3967void
3968ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3969{
3970	void *pool_ref;
3971
3972	if ((src == NULL)
3973	 || (dest == NULL))
3974		return;
3975
3976	/*
3977	 * May need to preserve linked list pointers at some point too.
3978	 */
3979	pool_ref = dest->io_hdr.pool;
3980
3981	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
3982
3983	dest->io_hdr.pool = pool_ref;
3984	/*
3985	 * We need to know that this is an internal copy, and doesn't need
3986	 * to get passed back to the FETD that allocated it.
3987	 */
3988	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3989}
3990
3991/*
3992 * This routine could be used in the future to load default and/or saved
3993 * mode page parameters for a particuar lun.
3994 */
3995static int
3996ctl_init_page_index(struct ctl_lun *lun)
3997{
3998	int i;
3999	struct ctl_page_index *page_index;
4000	const char *value;
4001
4002	memcpy(&lun->mode_pages.index, page_index_template,
4003	       sizeof(page_index_template));
4004
4005	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4006
4007		page_index = &lun->mode_pages.index[i];
4008		/*
4009		 * If this is a disk-only mode page, there's no point in
4010		 * setting it up.  For some pages, we have to have some
4011		 * basic information about the disk in order to calculate the
4012		 * mode page data.
4013		 */
4014		if ((lun->be_lun->lun_type != T_DIRECT)
4015		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4016			continue;
4017
4018		switch (page_index->page_code & SMPH_PC_MASK) {
4019		case SMS_RW_ERROR_RECOVERY_PAGE: {
4020			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4021				panic("subpage is incorrect!");
4022			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4023			       &rw_er_page_default,
4024			       sizeof(rw_er_page_default));
4025			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4026			       &rw_er_page_changeable,
4027			       sizeof(rw_er_page_changeable));
4028			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4029			       &rw_er_page_default,
4030			       sizeof(rw_er_page_default));
4031			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4032			       &rw_er_page_default,
4033			       sizeof(rw_er_page_default));
4034			page_index->page_data =
4035				(uint8_t *)lun->mode_pages.rw_er_page;
4036			break;
4037		}
4038		case SMS_FORMAT_DEVICE_PAGE: {
4039			struct scsi_format_page *format_page;
4040
4041			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4042				panic("subpage is incorrect!");
4043
4044			/*
4045			 * Sectors per track are set above.  Bytes per
4046			 * sector need to be set here on a per-LUN basis.
4047			 */
4048			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4049			       &format_page_default,
4050			       sizeof(format_page_default));
4051			memcpy(&lun->mode_pages.format_page[
4052			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4053			       sizeof(format_page_changeable));
4054			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4055			       &format_page_default,
4056			       sizeof(format_page_default));
4057			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4058			       &format_page_default,
4059			       sizeof(format_page_default));
4060
4061			format_page = &lun->mode_pages.format_page[
4062				CTL_PAGE_CURRENT];
4063			scsi_ulto2b(lun->be_lun->blocksize,
4064				    format_page->bytes_per_sector);
4065
4066			format_page = &lun->mode_pages.format_page[
4067				CTL_PAGE_DEFAULT];
4068			scsi_ulto2b(lun->be_lun->blocksize,
4069				    format_page->bytes_per_sector);
4070
4071			format_page = &lun->mode_pages.format_page[
4072				CTL_PAGE_SAVED];
4073			scsi_ulto2b(lun->be_lun->blocksize,
4074				    format_page->bytes_per_sector);
4075
4076			page_index->page_data =
4077				(uint8_t *)lun->mode_pages.format_page;
4078			break;
4079		}
4080		case SMS_RIGID_DISK_PAGE: {
4081			struct scsi_rigid_disk_page *rigid_disk_page;
4082			uint32_t sectors_per_cylinder;
4083			uint64_t cylinders;
4084#ifndef	__XSCALE__
4085			int shift;
4086#endif /* !__XSCALE__ */
4087
4088			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4089				panic("invalid subpage value %d",
4090				      page_index->subpage);
4091
4092			/*
4093			 * Rotation rate and sectors per track are set
4094			 * above.  We calculate the cylinders here based on
4095			 * capacity.  Due to the number of heads and
4096			 * sectors per track we're using, smaller arrays
4097			 * may turn out to have 0 cylinders.  Linux and
4098			 * FreeBSD don't pay attention to these mode pages
4099			 * to figure out capacity, but Solaris does.  It
4100			 * seems to deal with 0 cylinders just fine, and
4101			 * works out a fake geometry based on the capacity.
4102			 */
4103			memcpy(&lun->mode_pages.rigid_disk_page[
4104			       CTL_PAGE_CURRENT], &rigid_disk_page_default,
4105			       sizeof(rigid_disk_page_default));
4106			memcpy(&lun->mode_pages.rigid_disk_page[
4107			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4108			       sizeof(rigid_disk_page_changeable));
4109			memcpy(&lun->mode_pages.rigid_disk_page[
4110			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4111			       sizeof(rigid_disk_page_default));
4112			memcpy(&lun->mode_pages.rigid_disk_page[
4113			       CTL_PAGE_SAVED], &rigid_disk_page_default,
4114			       sizeof(rigid_disk_page_default));
4115
4116			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4117				CTL_DEFAULT_HEADS;
4118
4119			/*
4120			 * The divide method here will be more accurate,
4121			 * probably, but results in floating point being
4122			 * used in the kernel on i386 (__udivdi3()).  On the
4123			 * XScale, though, __udivdi3() is implemented in
4124			 * software.
4125			 *
4126			 * The shift method for cylinder calculation is
4127			 * accurate if sectors_per_cylinder is a power of
4128			 * 2.  Otherwise it might be slightly off -- you
4129			 * might have a bit of a truncation problem.
4130			 */
4131#ifdef	__XSCALE__
4132			cylinders = (lun->be_lun->maxlba + 1) /
4133				sectors_per_cylinder;
4134#else
4135			for (shift = 31; shift > 0; shift--) {
4136				if (sectors_per_cylinder & (1 << shift))
4137					break;
4138			}
4139			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4140#endif
4141
4142			/*
4143			 * We've basically got 3 bytes, or 24 bits for the
4144			 * cylinder size in the mode page.  If we're over,
4145			 * just round down to 2^24.
4146			 */
4147			if (cylinders > 0xffffff)
4148				cylinders = 0xffffff;
4149
4150			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4151				CTL_PAGE_CURRENT];
4152			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4153
4154			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4155				CTL_PAGE_DEFAULT];
4156			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4157
4158			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4159				CTL_PAGE_SAVED];
4160			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4161
4162			page_index->page_data =
4163				(uint8_t *)lun->mode_pages.rigid_disk_page;
4164			break;
4165		}
4166		case SMS_CACHING_PAGE: {
4167			struct scsi_caching_page *caching_page;
4168
4169			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4170				panic("invalid subpage value %d",
4171				      page_index->subpage);
4172			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4173			       &caching_page_default,
4174			       sizeof(caching_page_default));
4175			memcpy(&lun->mode_pages.caching_page[
4176			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4177			       sizeof(caching_page_changeable));
4178			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4179			       &caching_page_default,
4180			       sizeof(caching_page_default));
4181			caching_page = &lun->mode_pages.caching_page[
4182			    CTL_PAGE_SAVED];
4183			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4184			if (value != NULL && strcmp(value, "off") == 0)
4185				caching_page->flags1 &= ~SCP_WCE;
4186			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4187			if (value != NULL && strcmp(value, "off") == 0)
4188				caching_page->flags1 |= SCP_RCD;
4189			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4190			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4191			       sizeof(caching_page_default));
4192			page_index->page_data =
4193				(uint8_t *)lun->mode_pages.caching_page;
4194			break;
4195		}
4196		case SMS_CONTROL_MODE_PAGE: {
4197			struct scsi_control_page *control_page;
4198
4199			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4200				panic("invalid subpage value %d",
4201				      page_index->subpage);
4202
4203			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4204			       &control_page_default,
4205			       sizeof(control_page_default));
4206			memcpy(&lun->mode_pages.control_page[
4207			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4208			       sizeof(control_page_changeable));
4209			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4210			       &control_page_default,
4211			       sizeof(control_page_default));
4212			control_page = &lun->mode_pages.control_page[
4213			    CTL_PAGE_SAVED];
4214			value = ctl_get_opt(&lun->be_lun->options, "reordering");
4215			if (value != NULL && strcmp(value, "unrestricted") == 0) {
4216				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
4217				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
4218			}
4219			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4220			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
4221			       sizeof(control_page_default));
4222			page_index->page_data =
4223				(uint8_t *)lun->mode_pages.control_page;
4224			break;
4225
4226		}
4227		case SMS_INFO_EXCEPTIONS_PAGE: {
4228			switch (page_index->subpage) {
4229			case SMS_SUBPAGE_PAGE_0:
4230				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4231				       &ie_page_default,
4232				       sizeof(ie_page_default));
4233				memcpy(&lun->mode_pages.ie_page[
4234				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4235				       sizeof(ie_page_changeable));
4236				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4237				       &ie_page_default,
4238				       sizeof(ie_page_default));
4239				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4240				       &ie_page_default,
4241				       sizeof(ie_page_default));
4242				page_index->page_data =
4243					(uint8_t *)lun->mode_pages.ie_page;
4244				break;
4245			case 0x02:
4246				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4247				       &lbp_page_default,
4248				       sizeof(lbp_page_default));
4249				memcpy(&lun->mode_pages.lbp_page[
4250				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4251				       sizeof(lbp_page_changeable));
4252				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4253				       &lbp_page_default,
4254				       sizeof(lbp_page_default));
4255				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4256				       &lbp_page_default,
4257				       sizeof(lbp_page_default));
4258				page_index->page_data =
4259					(uint8_t *)lun->mode_pages.lbp_page;
4260			}
4261			break;
4262		}
4263		case SMS_VENDOR_SPECIFIC_PAGE:{
4264			switch (page_index->subpage) {
4265			case DBGCNF_SUBPAGE_CODE: {
4266				struct copan_debugconf_subpage *current_page,
4267							       *saved_page;
4268
4269				memcpy(&lun->mode_pages.debugconf_subpage[
4270				       CTL_PAGE_CURRENT],
4271				       &debugconf_page_default,
4272				       sizeof(debugconf_page_default));
4273				memcpy(&lun->mode_pages.debugconf_subpage[
4274				       CTL_PAGE_CHANGEABLE],
4275				       &debugconf_page_changeable,
4276				       sizeof(debugconf_page_changeable));
4277				memcpy(&lun->mode_pages.debugconf_subpage[
4278				       CTL_PAGE_DEFAULT],
4279				       &debugconf_page_default,
4280				       sizeof(debugconf_page_default));
4281				memcpy(&lun->mode_pages.debugconf_subpage[
4282				       CTL_PAGE_SAVED],
4283				       &debugconf_page_default,
4284				       sizeof(debugconf_page_default));
4285				page_index->page_data =
4286					(uint8_t *)lun->mode_pages.debugconf_subpage;
4287
4288				current_page = (struct copan_debugconf_subpage *)
4289					(page_index->page_data +
4290					 (page_index->page_len *
4291					  CTL_PAGE_CURRENT));
4292				saved_page = (struct copan_debugconf_subpage *)
4293					(page_index->page_data +
4294					 (page_index->page_len *
4295					  CTL_PAGE_SAVED));
4296				break;
4297			}
4298			default:
4299				panic("invalid subpage value %d",
4300				      page_index->subpage);
4301				break;
4302			}
4303   			break;
4304		}
4305		default:
4306			panic("invalid page value %d",
4307			      page_index->page_code & SMPH_PC_MASK);
4308			break;
4309    	}
4310	}
4311
4312	return (CTL_RETVAL_COMPLETE);
4313}
4314
4315static int
4316ctl_init_log_page_index(struct ctl_lun *lun)
4317{
4318	struct ctl_page_index *page_index;
4319	int i, j, prev;
4320
4321	memcpy(&lun->log_pages.index, log_page_index_template,
4322	       sizeof(log_page_index_template));
4323
4324	prev = -1;
4325	for (i = 0, j = 0; i < CTL_NUM_LOG_PAGES; i++) {
4326
4327		page_index = &lun->log_pages.index[i];
4328		/*
4329		 * If this is a disk-only mode page, there's no point in
4330		 * setting it up.  For some pages, we have to have some
4331		 * basic information about the disk in order to calculate the
4332		 * mode page data.
4333		 */
4334		if ((lun->be_lun->lun_type != T_DIRECT)
4335		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4336			continue;
4337
4338		if (page_index->page_code != prev) {
4339			lun->log_pages.pages_page[j] = page_index->page_code;
4340			prev = page_index->page_code;
4341			j++;
4342		}
4343		lun->log_pages.subpages_page[i*2] = page_index->page_code;
4344		lun->log_pages.subpages_page[i*2+1] = page_index->subpage;
4345	}
4346	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4347	lun->log_pages.index[0].page_len = j;
4348	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4349	lun->log_pages.index[1].page_len = i * 2;
4350
4351	return (CTL_RETVAL_COMPLETE);
4352}
4353
4354/*
4355 * LUN allocation.
4356 *
4357 * Requirements:
4358 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4359 *   wants us to allocate the LUN and he can block.
4360 * - ctl_softc is always set
4361 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4362 *
4363 * Returns 0 for success, non-zero (errno) for failure.
4364 */
4365static int
4366ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4367	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4368{
4369	struct ctl_lun *nlun, *lun;
4370	struct ctl_port *port;
4371	struct scsi_vpd_id_descriptor *desc;
4372	struct scsi_vpd_id_t10 *t10id;
4373	const char *eui, *naa, *scsiname, *vendor, *value;
4374	int lun_number, i, lun_malloced;
4375	int devidlen, idlen1, idlen2 = 0, len;
4376
4377	if (be_lun == NULL)
4378		return (EINVAL);
4379
4380	/*
4381	 * We currently only support Direct Access or Processor LUN types.
4382	 */
4383	switch (be_lun->lun_type) {
4384	case T_DIRECT:
4385		break;
4386	case T_PROCESSOR:
4387		break;
4388	case T_SEQUENTIAL:
4389	case T_CHANGER:
4390	default:
4391		be_lun->lun_config_status(be_lun->be_lun,
4392					  CTL_LUN_CONFIG_FAILURE);
4393		break;
4394	}
4395	if (ctl_lun == NULL) {
4396		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4397		lun_malloced = 1;
4398	} else {
4399		lun_malloced = 0;
4400		lun = ctl_lun;
4401	}
4402
4403	memset(lun, 0, sizeof(*lun));
4404	if (lun_malloced)
4405		lun->flags = CTL_LUN_MALLOCED;
4406
4407	/* Generate LUN ID. */
4408	devidlen = max(CTL_DEVID_MIN_LEN,
4409	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4410	idlen1 = sizeof(*t10id) + devidlen;
4411	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4412	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4413	if (scsiname != NULL) {
4414		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4415		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4416	}
4417	eui = ctl_get_opt(&be_lun->options, "eui");
4418	if (eui != NULL) {
4419		len += sizeof(struct scsi_vpd_id_descriptor) + 8;
4420	}
4421	naa = ctl_get_opt(&be_lun->options, "naa");
4422	if (naa != NULL) {
4423		len += sizeof(struct scsi_vpd_id_descriptor) + 8;
4424	}
4425	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4426	    M_CTL, M_WAITOK | M_ZERO);
4427	lun->lun_devid->len = len;
4428	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4429	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4430	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4431	desc->length = idlen1;
4432	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4433	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4434	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4435		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4436	} else {
4437		strncpy(t10id->vendor, vendor,
4438		    min(sizeof(t10id->vendor), strlen(vendor)));
4439	}
4440	strncpy((char *)t10id->vendor_spec_id,
4441	    (char *)be_lun->device_id, devidlen);
4442	if (scsiname != NULL) {
4443		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4444		    desc->length);
4445		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4446		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4447		    SVPD_ID_TYPE_SCSI_NAME;
4448		desc->length = idlen2;
4449		strlcpy(desc->identifier, scsiname, idlen2);
4450	}
4451	if (eui != NULL) {
4452		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4453		    desc->length);
4454		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4455		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4456		    SVPD_ID_TYPE_EUI64;
4457		desc->length = 8;
4458		scsi_u64to8b(strtouq(eui, NULL, 0), desc->identifier);
4459	}
4460	if (naa != NULL) {
4461		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4462		    desc->length);
4463		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4464		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4465		    SVPD_ID_TYPE_NAA;
4466		desc->length = 8;
4467		scsi_u64to8b(strtouq(naa, NULL, 0), desc->identifier);
4468	}
4469
4470	mtx_lock(&ctl_softc->ctl_lock);
4471	/*
4472	 * See if the caller requested a particular LUN number.  If so, see
4473	 * if it is available.  Otherwise, allocate the first available LUN.
4474	 */
4475	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4476		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4477		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4478			mtx_unlock(&ctl_softc->ctl_lock);
4479			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4480				printf("ctl: requested LUN ID %d is higher "
4481				       "than CTL_MAX_LUNS - 1 (%d)\n",
4482				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4483			} else {
4484				/*
4485				 * XXX KDM return an error, or just assign
4486				 * another LUN ID in this case??
4487				 */
4488				printf("ctl: requested LUN ID %d is already "
4489				       "in use\n", be_lun->req_lun_id);
4490			}
4491			if (lun->flags & CTL_LUN_MALLOCED)
4492				free(lun, M_CTL);
4493			be_lun->lun_config_status(be_lun->be_lun,
4494						  CTL_LUN_CONFIG_FAILURE);
4495			return (ENOSPC);
4496		}
4497		lun_number = be_lun->req_lun_id;
4498	} else {
4499		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4500		if (lun_number == -1) {
4501			mtx_unlock(&ctl_softc->ctl_lock);
4502			printf("ctl: can't allocate LUN on target %ju, out of "
4503			       "LUNs\n", (uintmax_t)target_id.id);
4504			if (lun->flags & CTL_LUN_MALLOCED)
4505				free(lun, M_CTL);
4506			be_lun->lun_config_status(be_lun->be_lun,
4507						  CTL_LUN_CONFIG_FAILURE);
4508			return (ENOSPC);
4509		}
4510	}
4511	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4512
4513	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4514	lun->target = target_id;
4515	lun->lun = lun_number;
4516	lun->be_lun = be_lun;
4517	/*
4518	 * The processor LUN is always enabled.  Disk LUNs come on line
4519	 * disabled, and must be enabled by the backend.
4520	 */
4521	lun->flags |= CTL_LUN_DISABLED;
4522	lun->backend = be_lun->be;
4523	be_lun->ctl_lun = lun;
4524	be_lun->lun_id = lun_number;
4525	atomic_add_int(&be_lun->be->num_luns, 1);
4526	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4527		lun->flags |= CTL_LUN_OFFLINE;
4528
4529	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4530		lun->flags |= CTL_LUN_STOPPED;
4531
4532	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4533		lun->flags |= CTL_LUN_INOPERABLE;
4534
4535	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4536		lun->flags |= CTL_LUN_PRIMARY_SC;
4537
4538	value = ctl_get_opt(&be_lun->options, "readonly");
4539	if (value != NULL && strcmp(value, "on") == 0)
4540		lun->flags |= CTL_LUN_READONLY;
4541
4542	lun->ctl_softc = ctl_softc;
4543	TAILQ_INIT(&lun->ooa_queue);
4544	TAILQ_INIT(&lun->blocked_queue);
4545	STAILQ_INIT(&lun->error_list);
4546	ctl_tpc_lun_init(lun);
4547
4548	/*
4549	 * Initialize the mode and log page index.
4550	 */
4551	ctl_init_page_index(lun);
4552	ctl_init_log_page_index(lun);
4553
4554	/*
4555	 * Set the poweron UA for all initiators on this LUN only.
4556	 */
4557	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4558		lun->pending_ua[i] = CTL_UA_POWERON;
4559
4560	/*
4561	 * Now, before we insert this lun on the lun list, set the lun
4562	 * inventory changed UA for all other luns.
4563	 */
4564	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4565		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4566			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4567		}
4568	}
4569
4570	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4571
4572	ctl_softc->ctl_luns[lun_number] = lun;
4573
4574	ctl_softc->num_luns++;
4575
4576	/* Setup statistics gathering */
4577	lun->stats.device_type = be_lun->lun_type;
4578	lun->stats.lun_number = lun_number;
4579	if (lun->stats.device_type == T_DIRECT)
4580		lun->stats.blocksize = be_lun->blocksize;
4581	else
4582		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4583	for (i = 0;i < CTL_MAX_PORTS;i++)
4584		lun->stats.ports[i].targ_port = i;
4585
4586	mtx_unlock(&ctl_softc->ctl_lock);
4587
4588	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4589
4590	/*
4591	 * Run through each registered FETD and bring it online if it isn't
4592	 * already.  Enable the target ID if it hasn't been enabled, and
4593	 * enable this particular LUN.
4594	 */
4595	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4596		int retval;
4597
4598		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4599		if (retval != 0) {
4600			printf("ctl_alloc_lun: FETD %s port %d returned error "
4601			       "%d for lun_enable on target %ju lun %d\n",
4602			       port->port_name, port->targ_port, retval,
4603			       (uintmax_t)target_id.id, lun_number);
4604		} else
4605			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4606	}
4607	return (0);
4608}
4609
4610/*
4611 * Delete a LUN.
4612 * Assumptions:
4613 * - LUN has already been marked invalid and any pending I/O has been taken
4614 *   care of.
4615 */
4616static int
4617ctl_free_lun(struct ctl_lun *lun)
4618{
4619	struct ctl_softc *softc;
4620#if 0
4621	struct ctl_port *port;
4622#endif
4623	struct ctl_lun *nlun;
4624	int i;
4625
4626	softc = lun->ctl_softc;
4627
4628	mtx_assert(&softc->ctl_lock, MA_OWNED);
4629
4630	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4631
4632	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4633
4634	softc->ctl_luns[lun->lun] = NULL;
4635
4636	if (!TAILQ_EMPTY(&lun->ooa_queue))
4637		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4638
4639	softc->num_luns--;
4640
4641	/*
4642	 * XXX KDM this scheme only works for a single target/multiple LUN
4643	 * setup.  It needs to be revamped for a multiple target scheme.
4644	 *
4645	 * XXX KDM this results in port->lun_disable() getting called twice,
4646	 * once when ctl_disable_lun() is called, and a second time here.
4647	 * We really need to re-think the LUN disable semantics.  There
4648	 * should probably be several steps/levels to LUN removal:
4649	 *  - disable
4650	 *  - invalidate
4651	 *  - free
4652 	 *
4653	 * Right now we only have a disable method when communicating to
4654	 * the front end ports, at least for individual LUNs.
4655	 */
4656#if 0
4657	STAILQ_FOREACH(port, &softc->port_list, links) {
4658		int retval;
4659
4660		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4661					 lun->lun);
4662		if (retval != 0) {
4663			printf("ctl_free_lun: FETD %s port %d returned error "
4664			       "%d for lun_disable on target %ju lun %jd\n",
4665			       port->port_name, port->targ_port, retval,
4666			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4667		}
4668
4669		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4670			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4671
4672			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4673			if (retval != 0) {
4674				printf("ctl_free_lun: FETD %s port %d "
4675				       "returned error %d for targ_disable on "
4676				       "target %ju\n", port->port_name,
4677				       port->targ_port, retval,
4678				       (uintmax_t)lun->target.id);
4679			} else
4680				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4681
4682			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4683				continue;
4684
4685#if 0
4686			port->port_offline(port->onoff_arg);
4687			port->status &= ~CTL_PORT_STATUS_ONLINE;
4688#endif
4689		}
4690	}
4691#endif
4692
4693	/*
4694	 * Tell the backend to free resources, if this LUN has a backend.
4695	 */
4696	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4697	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4698
4699	ctl_tpc_lun_shutdown(lun);
4700	mtx_destroy(&lun->lun_lock);
4701	free(lun->lun_devid, M_CTL);
4702	if (lun->flags & CTL_LUN_MALLOCED)
4703		free(lun, M_CTL);
4704
4705	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4706		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4707			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4708		}
4709	}
4710
4711	return (0);
4712}
4713
4714static void
4715ctl_create_lun(struct ctl_be_lun *be_lun)
4716{
4717	struct ctl_softc *ctl_softc;
4718
4719	ctl_softc = control_softc;
4720
4721	/*
4722	 * ctl_alloc_lun() should handle all potential failure cases.
4723	 */
4724	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4725}
4726
4727int
4728ctl_add_lun(struct ctl_be_lun *be_lun)
4729{
4730	struct ctl_softc *ctl_softc = control_softc;
4731
4732	mtx_lock(&ctl_softc->ctl_lock);
4733	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4734	mtx_unlock(&ctl_softc->ctl_lock);
4735	wakeup(&ctl_softc->pending_lun_queue);
4736
4737	return (0);
4738}
4739
4740int
4741ctl_enable_lun(struct ctl_be_lun *be_lun)
4742{
4743	struct ctl_softc *ctl_softc;
4744	struct ctl_port *port, *nport;
4745	struct ctl_lun *lun;
4746	int retval;
4747
4748	ctl_softc = control_softc;
4749
4750	lun = (struct ctl_lun *)be_lun->ctl_lun;
4751
4752	mtx_lock(&ctl_softc->ctl_lock);
4753	mtx_lock(&lun->lun_lock);
4754	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4755		/*
4756		 * eh?  Why did we get called if the LUN is already
4757		 * enabled?
4758		 */
4759		mtx_unlock(&lun->lun_lock);
4760		mtx_unlock(&ctl_softc->ctl_lock);
4761		return (0);
4762	}
4763	lun->flags &= ~CTL_LUN_DISABLED;
4764	mtx_unlock(&lun->lun_lock);
4765
4766	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
4767		nport = STAILQ_NEXT(port, links);
4768
4769		/*
4770		 * Drop the lock while we call the FETD's enable routine.
4771		 * This can lead to a callback into CTL (at least in the
4772		 * case of the internal initiator frontend.
4773		 */
4774		mtx_unlock(&ctl_softc->ctl_lock);
4775		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4776		mtx_lock(&ctl_softc->ctl_lock);
4777		if (retval != 0) {
4778			printf("%s: FETD %s port %d returned error "
4779			       "%d for lun_enable on target %ju lun %jd\n",
4780			       __func__, port->port_name, port->targ_port, retval,
4781			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4782		}
4783#if 0
4784		 else {
4785            /* NOTE:  TODO:  why does lun enable affect port status? */
4786			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4787		}
4788#endif
4789	}
4790
4791	mtx_unlock(&ctl_softc->ctl_lock);
4792
4793	return (0);
4794}
4795
4796int
4797ctl_disable_lun(struct ctl_be_lun *be_lun)
4798{
4799	struct ctl_softc *ctl_softc;
4800	struct ctl_port *port;
4801	struct ctl_lun *lun;
4802	int retval;
4803
4804	ctl_softc = control_softc;
4805
4806	lun = (struct ctl_lun *)be_lun->ctl_lun;
4807
4808	mtx_lock(&ctl_softc->ctl_lock);
4809	mtx_lock(&lun->lun_lock);
4810	if (lun->flags & CTL_LUN_DISABLED) {
4811		mtx_unlock(&lun->lun_lock);
4812		mtx_unlock(&ctl_softc->ctl_lock);
4813		return (0);
4814	}
4815	lun->flags |= CTL_LUN_DISABLED;
4816	mtx_unlock(&lun->lun_lock);
4817
4818	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4819		mtx_unlock(&ctl_softc->ctl_lock);
4820		/*
4821		 * Drop the lock before we call the frontend's disable
4822		 * routine, to avoid lock order reversals.
4823		 *
4824		 * XXX KDM what happens if the frontend list changes while
4825		 * we're traversing it?  It's unlikely, but should be handled.
4826		 */
4827		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4828					 lun->lun);
4829		mtx_lock(&ctl_softc->ctl_lock);
4830		if (retval != 0) {
4831			printf("ctl_alloc_lun: FETD %s port %d returned error "
4832			       "%d for lun_disable on target %ju lun %jd\n",
4833			       port->port_name, port->targ_port, retval,
4834			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4835		}
4836	}
4837
4838	mtx_unlock(&ctl_softc->ctl_lock);
4839
4840	return (0);
4841}
4842
4843int
4844ctl_start_lun(struct ctl_be_lun *be_lun)
4845{
4846	struct ctl_softc *ctl_softc;
4847	struct ctl_lun *lun;
4848
4849	ctl_softc = control_softc;
4850
4851	lun = (struct ctl_lun *)be_lun->ctl_lun;
4852
4853	mtx_lock(&lun->lun_lock);
4854	lun->flags &= ~CTL_LUN_STOPPED;
4855	mtx_unlock(&lun->lun_lock);
4856
4857	return (0);
4858}
4859
4860int
4861ctl_stop_lun(struct ctl_be_lun *be_lun)
4862{
4863	struct ctl_softc *ctl_softc;
4864	struct ctl_lun *lun;
4865
4866	ctl_softc = control_softc;
4867
4868	lun = (struct ctl_lun *)be_lun->ctl_lun;
4869
4870	mtx_lock(&lun->lun_lock);
4871	lun->flags |= CTL_LUN_STOPPED;
4872	mtx_unlock(&lun->lun_lock);
4873
4874	return (0);
4875}
4876
4877int
4878ctl_lun_offline(struct ctl_be_lun *be_lun)
4879{
4880	struct ctl_softc *ctl_softc;
4881	struct ctl_lun *lun;
4882
4883	ctl_softc = control_softc;
4884
4885	lun = (struct ctl_lun *)be_lun->ctl_lun;
4886
4887	mtx_lock(&lun->lun_lock);
4888	lun->flags |= CTL_LUN_OFFLINE;
4889	mtx_unlock(&lun->lun_lock);
4890
4891	return (0);
4892}
4893
4894int
4895ctl_lun_online(struct ctl_be_lun *be_lun)
4896{
4897	struct ctl_softc *ctl_softc;
4898	struct ctl_lun *lun;
4899
4900	ctl_softc = control_softc;
4901
4902	lun = (struct ctl_lun *)be_lun->ctl_lun;
4903
4904	mtx_lock(&lun->lun_lock);
4905	lun->flags &= ~CTL_LUN_OFFLINE;
4906	mtx_unlock(&lun->lun_lock);
4907
4908	return (0);
4909}
4910
4911int
4912ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4913{
4914	struct ctl_softc *ctl_softc;
4915	struct ctl_lun *lun;
4916
4917	ctl_softc = control_softc;
4918
4919	lun = (struct ctl_lun *)be_lun->ctl_lun;
4920
4921	mtx_lock(&lun->lun_lock);
4922
4923	/*
4924	 * The LUN needs to be disabled before it can be marked invalid.
4925	 */
4926	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4927		mtx_unlock(&lun->lun_lock);
4928		return (-1);
4929	}
4930	/*
4931	 * Mark the LUN invalid.
4932	 */
4933	lun->flags |= CTL_LUN_INVALID;
4934
4935	/*
4936	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4937	 * If we have something in the OOA queue, we'll free it when the
4938	 * last I/O completes.
4939	 */
4940	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4941		mtx_unlock(&lun->lun_lock);
4942		mtx_lock(&ctl_softc->ctl_lock);
4943		ctl_free_lun(lun);
4944		mtx_unlock(&ctl_softc->ctl_lock);
4945	} else
4946		mtx_unlock(&lun->lun_lock);
4947
4948	return (0);
4949}
4950
4951int
4952ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4953{
4954	struct ctl_softc *ctl_softc;
4955	struct ctl_lun *lun;
4956
4957	ctl_softc = control_softc;
4958	lun = (struct ctl_lun *)be_lun->ctl_lun;
4959
4960	mtx_lock(&lun->lun_lock);
4961	lun->flags |= CTL_LUN_INOPERABLE;
4962	mtx_unlock(&lun->lun_lock);
4963
4964	return (0);
4965}
4966
4967int
4968ctl_lun_operable(struct ctl_be_lun *be_lun)
4969{
4970	struct ctl_softc *ctl_softc;
4971	struct ctl_lun *lun;
4972
4973	ctl_softc = control_softc;
4974	lun = (struct ctl_lun *)be_lun->ctl_lun;
4975
4976	mtx_lock(&lun->lun_lock);
4977	lun->flags &= ~CTL_LUN_INOPERABLE;
4978	mtx_unlock(&lun->lun_lock);
4979
4980	return (0);
4981}
4982
4983void
4984ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4985{
4986	struct ctl_lun *lun;
4987	struct ctl_softc *softc;
4988	int i;
4989
4990	softc = control_softc;
4991
4992	lun = (struct ctl_lun *)be_lun->ctl_lun;
4993
4994	mtx_lock(&lun->lun_lock);
4995
4996	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4997		lun->pending_ua[i] |= CTL_UA_CAPACITY_CHANGED;
4998
4999	mtx_unlock(&lun->lun_lock);
5000}
5001
5002/*
5003 * Backend "memory move is complete" callback for requests that never
5004 * make it down to say RAIDCore's configuration code.
5005 */
5006int
5007ctl_config_move_done(union ctl_io *io)
5008{
5009	int retval;
5010
5011	retval = CTL_RETVAL_COMPLETE;
5012
5013
5014	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5015	/*
5016	 * XXX KDM this shouldn't happen, but what if it does?
5017	 */
5018	if (io->io_hdr.io_type != CTL_IO_SCSI)
5019		panic("I/O type isn't CTL_IO_SCSI!");
5020
5021	if ((io->io_hdr.port_status == 0)
5022	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5023	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
5024		io->io_hdr.status = CTL_SUCCESS;
5025	else if ((io->io_hdr.port_status != 0)
5026	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5027	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
5028		/*
5029		 * For hardware error sense keys, the sense key
5030		 * specific value is defined to be a retry count,
5031		 * but we use it to pass back an internal FETD
5032		 * error code.  XXX KDM  Hopefully the FETD is only
5033		 * using 16 bits for an error code, since that's
5034		 * all the space we have in the sks field.
5035		 */
5036		ctl_set_internal_failure(&io->scsiio,
5037					 /*sks_valid*/ 1,
5038					 /*retry_count*/
5039					 io->io_hdr.port_status);
5040		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5041			free(io->scsiio.kern_data_ptr, M_CTL);
5042		ctl_done(io);
5043		goto bailout;
5044	}
5045
5046	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
5047	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
5048	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5049		/*
5050		 * XXX KDM just assuming a single pointer here, and not a
5051		 * S/G list.  If we start using S/G lists for config data,
5052		 * we'll need to know how to clean them up here as well.
5053		 */
5054		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5055			free(io->scsiio.kern_data_ptr, M_CTL);
5056		/* Hopefully the user has already set the status... */
5057		ctl_done(io);
5058	} else {
5059		/*
5060		 * XXX KDM now we need to continue data movement.  Some
5061		 * options:
5062		 * - call ctl_scsiio() again?  We don't do this for data
5063		 *   writes, because for those at least we know ahead of
5064		 *   time where the write will go and how long it is.  For
5065		 *   config writes, though, that information is largely
5066		 *   contained within the write itself, thus we need to
5067		 *   parse out the data again.
5068		 *
5069		 * - Call some other function once the data is in?
5070		 */
5071		if (ctl_debug & CTL_DEBUG_CDB_DATA)
5072			ctl_data_print(io);
5073
5074		/*
5075		 * XXX KDM call ctl_scsiio() again for now, and check flag
5076		 * bits to see whether we're allocated or not.
5077		 */
5078		retval = ctl_scsiio(&io->scsiio);
5079	}
5080bailout:
5081	return (retval);
5082}
5083
5084/*
5085 * This gets called by a backend driver when it is done with a
5086 * data_submit method.
5087 */
5088void
5089ctl_data_submit_done(union ctl_io *io)
5090{
5091	/*
5092	 * If the IO_CONT flag is set, we need to call the supplied
5093	 * function to continue processing the I/O, instead of completing
5094	 * the I/O just yet.
5095	 *
5096	 * If there is an error, though, we don't want to keep processing.
5097	 * Instead, just send status back to the initiator.
5098	 */
5099	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5100	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5101	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5102	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5103		io->scsiio.io_cont(io);
5104		return;
5105	}
5106	ctl_done(io);
5107}
5108
5109/*
5110 * This gets called by a backend driver when it is done with a
5111 * configuration write.
5112 */
5113void
5114ctl_config_write_done(union ctl_io *io)
5115{
5116	uint8_t *buf;
5117
5118	/*
5119	 * If the IO_CONT flag is set, we need to call the supplied
5120	 * function to continue processing the I/O, instead of completing
5121	 * the I/O just yet.
5122	 *
5123	 * If there is an error, though, we don't want to keep processing.
5124	 * Instead, just send status back to the initiator.
5125	 */
5126	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5127	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5128	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5129	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5130		io->scsiio.io_cont(io);
5131		return;
5132	}
5133	/*
5134	 * Since a configuration write can be done for commands that actually
5135	 * have data allocated, like write buffer, and commands that have
5136	 * no data, like start/stop unit, we need to check here.
5137	 */
5138	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5139		buf = io->scsiio.kern_data_ptr;
5140	else
5141		buf = NULL;
5142	ctl_done(io);
5143	if (buf)
5144		free(buf, M_CTL);
5145}
5146
5147/*
5148 * SCSI release command.
5149 */
5150int
5151ctl_scsi_release(struct ctl_scsiio *ctsio)
5152{
5153	int length, longid, thirdparty_id, resv_id;
5154	struct ctl_softc *ctl_softc;
5155	struct ctl_lun *lun;
5156	uint32_t residx;
5157
5158	length = 0;
5159	resv_id = 0;
5160
5161	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5162
5163	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5164	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5165	ctl_softc = control_softc;
5166
5167	switch (ctsio->cdb[0]) {
5168	case RELEASE_10: {
5169		struct scsi_release_10 *cdb;
5170
5171		cdb = (struct scsi_release_10 *)ctsio->cdb;
5172
5173		if (cdb->byte2 & SR10_LONGID)
5174			longid = 1;
5175		else
5176			thirdparty_id = cdb->thirdparty_id;
5177
5178		resv_id = cdb->resv_id;
5179		length = scsi_2btoul(cdb->length);
5180		break;
5181	}
5182	}
5183
5184
5185	/*
5186	 * XXX KDM right now, we only support LUN reservation.  We don't
5187	 * support 3rd party reservations, or extent reservations, which
5188	 * might actually need the parameter list.  If we've gotten this
5189	 * far, we've got a LUN reservation.  Anything else got kicked out
5190	 * above.  So, according to SPC, ignore the length.
5191	 */
5192	length = 0;
5193
5194	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5195	 && (length > 0)) {
5196		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5197		ctsio->kern_data_len = length;
5198		ctsio->kern_total_len = length;
5199		ctsio->kern_data_resid = 0;
5200		ctsio->kern_rel_offset = 0;
5201		ctsio->kern_sg_entries = 0;
5202		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5203		ctsio->be_move_done = ctl_config_move_done;
5204		ctl_datamove((union ctl_io *)ctsio);
5205
5206		return (CTL_RETVAL_COMPLETE);
5207	}
5208
5209	if (length > 0)
5210		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5211
5212	mtx_lock(&lun->lun_lock);
5213
5214	/*
5215	 * According to SPC, it is not an error for an intiator to attempt
5216	 * to release a reservation on a LUN that isn't reserved, or that
5217	 * is reserved by another initiator.  The reservation can only be
5218	 * released, though, by the initiator who made it or by one of
5219	 * several reset type events.
5220	 */
5221	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5222			lun->flags &= ~CTL_LUN_RESERVED;
5223
5224	mtx_unlock(&lun->lun_lock);
5225
5226	ctsio->scsi_status = SCSI_STATUS_OK;
5227	ctsio->io_hdr.status = CTL_SUCCESS;
5228
5229	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5230		free(ctsio->kern_data_ptr, M_CTL);
5231		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5232	}
5233
5234	ctl_done((union ctl_io *)ctsio);
5235	return (CTL_RETVAL_COMPLETE);
5236}
5237
5238int
5239ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5240{
5241	int extent, thirdparty, longid;
5242	int resv_id, length;
5243	uint64_t thirdparty_id;
5244	struct ctl_softc *ctl_softc;
5245	struct ctl_lun *lun;
5246	uint32_t residx;
5247
5248	extent = 0;
5249	thirdparty = 0;
5250	longid = 0;
5251	resv_id = 0;
5252	length = 0;
5253	thirdparty_id = 0;
5254
5255	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5256
5257	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5258	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5259	ctl_softc = control_softc;
5260
5261	switch (ctsio->cdb[0]) {
5262	case RESERVE_10: {
5263		struct scsi_reserve_10 *cdb;
5264
5265		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5266
5267		if (cdb->byte2 & SR10_LONGID)
5268			longid = 1;
5269		else
5270			thirdparty_id = cdb->thirdparty_id;
5271
5272		resv_id = cdb->resv_id;
5273		length = scsi_2btoul(cdb->length);
5274		break;
5275	}
5276	}
5277
5278	/*
5279	 * XXX KDM right now, we only support LUN reservation.  We don't
5280	 * support 3rd party reservations, or extent reservations, which
5281	 * might actually need the parameter list.  If we've gotten this
5282	 * far, we've got a LUN reservation.  Anything else got kicked out
5283	 * above.  So, according to SPC, ignore the length.
5284	 */
5285	length = 0;
5286
5287	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5288	 && (length > 0)) {
5289		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5290		ctsio->kern_data_len = length;
5291		ctsio->kern_total_len = length;
5292		ctsio->kern_data_resid = 0;
5293		ctsio->kern_rel_offset = 0;
5294		ctsio->kern_sg_entries = 0;
5295		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5296		ctsio->be_move_done = ctl_config_move_done;
5297		ctl_datamove((union ctl_io *)ctsio);
5298
5299		return (CTL_RETVAL_COMPLETE);
5300	}
5301
5302	if (length > 0)
5303		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5304
5305	mtx_lock(&lun->lun_lock);
5306	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5307		ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
5308		ctsio->io_hdr.status = CTL_SCSI_ERROR;
5309		goto bailout;
5310	}
5311
5312	lun->flags |= CTL_LUN_RESERVED;
5313	lun->res_idx = residx;
5314
5315	ctsio->scsi_status = SCSI_STATUS_OK;
5316	ctsio->io_hdr.status = CTL_SUCCESS;
5317
5318bailout:
5319	mtx_unlock(&lun->lun_lock);
5320
5321	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5322		free(ctsio->kern_data_ptr, M_CTL);
5323		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5324	}
5325
5326	ctl_done((union ctl_io *)ctsio);
5327	return (CTL_RETVAL_COMPLETE);
5328}
5329
5330int
5331ctl_start_stop(struct ctl_scsiio *ctsio)
5332{
5333	struct scsi_start_stop_unit *cdb;
5334	struct ctl_lun *lun;
5335	struct ctl_softc *ctl_softc;
5336	int retval;
5337
5338	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5339
5340	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5341	ctl_softc = control_softc;
5342	retval = 0;
5343
5344	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5345
5346	/*
5347	 * XXX KDM
5348	 * We don't support the immediate bit on a stop unit.  In order to
5349	 * do that, we would need to code up a way to know that a stop is
5350	 * pending, and hold off any new commands until it completes, one
5351	 * way or another.  Then we could accept or reject those commands
5352	 * depending on its status.  We would almost need to do the reverse
5353	 * of what we do below for an immediate start -- return the copy of
5354	 * the ctl_io to the FETD with status to send to the host (and to
5355	 * free the copy!) and then free the original I/O once the stop
5356	 * actually completes.  That way, the OOA queue mechanism can work
5357	 * to block commands that shouldn't proceed.  Another alternative
5358	 * would be to put the copy in the queue in place of the original,
5359	 * and return the original back to the caller.  That could be
5360	 * slightly safer..
5361	 */
5362	if ((cdb->byte2 & SSS_IMMED)
5363	 && ((cdb->how & SSS_START) == 0)) {
5364		ctl_set_invalid_field(ctsio,
5365				      /*sks_valid*/ 1,
5366				      /*command*/ 1,
5367				      /*field*/ 1,
5368				      /*bit_valid*/ 1,
5369				      /*bit*/ 0);
5370		ctl_done((union ctl_io *)ctsio);
5371		return (CTL_RETVAL_COMPLETE);
5372	}
5373
5374	if ((lun->flags & CTL_LUN_PR_RESERVED)
5375	 && ((cdb->how & SSS_START)==0)) {
5376		uint32_t residx;
5377
5378		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5379		if (lun->pr_keys[residx] == 0
5380		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5381
5382			ctl_set_reservation_conflict(ctsio);
5383			ctl_done((union ctl_io *)ctsio);
5384			return (CTL_RETVAL_COMPLETE);
5385		}
5386	}
5387
5388	/*
5389	 * If there is no backend on this device, we can't start or stop
5390	 * it.  In theory we shouldn't get any start/stop commands in the
5391	 * first place at this level if the LUN doesn't have a backend.
5392	 * That should get stopped by the command decode code.
5393	 */
5394	if (lun->backend == NULL) {
5395		ctl_set_invalid_opcode(ctsio);
5396		ctl_done((union ctl_io *)ctsio);
5397		return (CTL_RETVAL_COMPLETE);
5398	}
5399
5400	/*
5401	 * XXX KDM Copan-specific offline behavior.
5402	 * Figure out a reasonable way to port this?
5403	 */
5404#ifdef NEEDTOPORT
5405	mtx_lock(&lun->lun_lock);
5406
5407	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5408	 && (lun->flags & CTL_LUN_OFFLINE)) {
5409		/*
5410		 * If the LUN is offline, and the on/offline bit isn't set,
5411		 * reject the start or stop.  Otherwise, let it through.
5412		 */
5413		mtx_unlock(&lun->lun_lock);
5414		ctl_set_lun_not_ready(ctsio);
5415		ctl_done((union ctl_io *)ctsio);
5416	} else {
5417		mtx_unlock(&lun->lun_lock);
5418#endif /* NEEDTOPORT */
5419		/*
5420		 * This could be a start or a stop when we're online,
5421		 * or a stop/offline or start/online.  A start or stop when
5422		 * we're offline is covered in the case above.
5423		 */
5424		/*
5425		 * In the non-immediate case, we send the request to
5426		 * the backend and return status to the user when
5427		 * it is done.
5428		 *
5429		 * In the immediate case, we allocate a new ctl_io
5430		 * to hold a copy of the request, and send that to
5431		 * the backend.  We then set good status on the
5432		 * user's request and return it immediately.
5433		 */
5434		if (cdb->byte2 & SSS_IMMED) {
5435			union ctl_io *new_io;
5436
5437			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5438			if (new_io == NULL) {
5439				ctl_set_busy(ctsio);
5440				ctl_done((union ctl_io *)ctsio);
5441			} else {
5442				ctl_copy_io((union ctl_io *)ctsio,
5443					    new_io);
5444				retval = lun->backend->config_write(new_io);
5445				ctl_set_success(ctsio);
5446				ctl_done((union ctl_io *)ctsio);
5447			}
5448		} else {
5449			retval = lun->backend->config_write(
5450				(union ctl_io *)ctsio);
5451		}
5452#ifdef NEEDTOPORT
5453	}
5454#endif
5455	return (retval);
5456}
5457
5458/*
5459 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5460 * we don't really do anything with the LBA and length fields if the user
5461 * passes them in.  Instead we'll just flush out the cache for the entire
5462 * LUN.
5463 */
5464int
5465ctl_sync_cache(struct ctl_scsiio *ctsio)
5466{
5467	struct ctl_lun *lun;
5468	struct ctl_softc *ctl_softc;
5469	uint64_t starting_lba;
5470	uint32_t block_count;
5471	int retval;
5472
5473	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5474
5475	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5476	ctl_softc = control_softc;
5477	retval = 0;
5478
5479	switch (ctsio->cdb[0]) {
5480	case SYNCHRONIZE_CACHE: {
5481		struct scsi_sync_cache *cdb;
5482		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5483
5484		starting_lba = scsi_4btoul(cdb->begin_lba);
5485		block_count = scsi_2btoul(cdb->lb_count);
5486		break;
5487	}
5488	case SYNCHRONIZE_CACHE_16: {
5489		struct scsi_sync_cache_16 *cdb;
5490		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5491
5492		starting_lba = scsi_8btou64(cdb->begin_lba);
5493		block_count = scsi_4btoul(cdb->lb_count);
5494		break;
5495	}
5496	default:
5497		ctl_set_invalid_opcode(ctsio);
5498		ctl_done((union ctl_io *)ctsio);
5499		goto bailout;
5500		break; /* NOTREACHED */
5501	}
5502
5503	/*
5504	 * We check the LBA and length, but don't do anything with them.
5505	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5506	 * get flushed.  This check will just help satisfy anyone who wants
5507	 * to see an error for an out of range LBA.
5508	 */
5509	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5510		ctl_set_lba_out_of_range(ctsio);
5511		ctl_done((union ctl_io *)ctsio);
5512		goto bailout;
5513	}
5514
5515	/*
5516	 * If this LUN has no backend, we can't flush the cache anyway.
5517	 */
5518	if (lun->backend == NULL) {
5519		ctl_set_invalid_opcode(ctsio);
5520		ctl_done((union ctl_io *)ctsio);
5521		goto bailout;
5522	}
5523
5524	/*
5525	 * Check to see whether we're configured to send the SYNCHRONIZE
5526	 * CACHE command directly to the back end.
5527	 */
5528	mtx_lock(&lun->lun_lock);
5529	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5530	 && (++(lun->sync_count) >= lun->sync_interval)) {
5531		lun->sync_count = 0;
5532		mtx_unlock(&lun->lun_lock);
5533		retval = lun->backend->config_write((union ctl_io *)ctsio);
5534	} else {
5535		mtx_unlock(&lun->lun_lock);
5536		ctl_set_success(ctsio);
5537		ctl_done((union ctl_io *)ctsio);
5538	}
5539
5540bailout:
5541
5542	return (retval);
5543}
5544
5545int
5546ctl_format(struct ctl_scsiio *ctsio)
5547{
5548	struct scsi_format *cdb;
5549	struct ctl_lun *lun;
5550	struct ctl_softc *ctl_softc;
5551	int length, defect_list_len;
5552
5553	CTL_DEBUG_PRINT(("ctl_format\n"));
5554
5555	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5556	ctl_softc = control_softc;
5557
5558	cdb = (struct scsi_format *)ctsio->cdb;
5559
5560	length = 0;
5561	if (cdb->byte2 & SF_FMTDATA) {
5562		if (cdb->byte2 & SF_LONGLIST)
5563			length = sizeof(struct scsi_format_header_long);
5564		else
5565			length = sizeof(struct scsi_format_header_short);
5566	}
5567
5568	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5569	 && (length > 0)) {
5570		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5571		ctsio->kern_data_len = length;
5572		ctsio->kern_total_len = length;
5573		ctsio->kern_data_resid = 0;
5574		ctsio->kern_rel_offset = 0;
5575		ctsio->kern_sg_entries = 0;
5576		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5577		ctsio->be_move_done = ctl_config_move_done;
5578		ctl_datamove((union ctl_io *)ctsio);
5579
5580		return (CTL_RETVAL_COMPLETE);
5581	}
5582
5583	defect_list_len = 0;
5584
5585	if (cdb->byte2 & SF_FMTDATA) {
5586		if (cdb->byte2 & SF_LONGLIST) {
5587			struct scsi_format_header_long *header;
5588
5589			header = (struct scsi_format_header_long *)
5590				ctsio->kern_data_ptr;
5591
5592			defect_list_len = scsi_4btoul(header->defect_list_len);
5593			if (defect_list_len != 0) {
5594				ctl_set_invalid_field(ctsio,
5595						      /*sks_valid*/ 1,
5596						      /*command*/ 0,
5597						      /*field*/ 2,
5598						      /*bit_valid*/ 0,
5599						      /*bit*/ 0);
5600				goto bailout;
5601			}
5602		} else {
5603			struct scsi_format_header_short *header;
5604
5605			header = (struct scsi_format_header_short *)
5606				ctsio->kern_data_ptr;
5607
5608			defect_list_len = scsi_2btoul(header->defect_list_len);
5609			if (defect_list_len != 0) {
5610				ctl_set_invalid_field(ctsio,
5611						      /*sks_valid*/ 1,
5612						      /*command*/ 0,
5613						      /*field*/ 2,
5614						      /*bit_valid*/ 0,
5615						      /*bit*/ 0);
5616				goto bailout;
5617			}
5618		}
5619	}
5620
5621	/*
5622	 * The format command will clear out the "Medium format corrupted"
5623	 * status if set by the configuration code.  That status is really
5624	 * just a way to notify the host that we have lost the media, and
5625	 * get them to issue a command that will basically make them think
5626	 * they're blowing away the media.
5627	 */
5628	mtx_lock(&lun->lun_lock);
5629	lun->flags &= ~CTL_LUN_INOPERABLE;
5630	mtx_unlock(&lun->lun_lock);
5631
5632	ctsio->scsi_status = SCSI_STATUS_OK;
5633	ctsio->io_hdr.status = CTL_SUCCESS;
5634bailout:
5635
5636	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5637		free(ctsio->kern_data_ptr, M_CTL);
5638		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5639	}
5640
5641	ctl_done((union ctl_io *)ctsio);
5642	return (CTL_RETVAL_COMPLETE);
5643}
5644
5645int
5646ctl_read_buffer(struct ctl_scsiio *ctsio)
5647{
5648	struct scsi_read_buffer *cdb;
5649	struct ctl_lun *lun;
5650	int buffer_offset, len;
5651	static uint8_t descr[4];
5652	static uint8_t echo_descr[4] = { 0 };
5653
5654	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5655
5656	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5657	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5658
5659	if (lun->flags & CTL_LUN_PR_RESERVED) {
5660		uint32_t residx;
5661
5662		/*
5663		 * XXX KDM need a lock here.
5664		 */
5665		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5666		if ((lun->res_type == SPR_TYPE_EX_AC
5667		  && residx != lun->pr_res_idx)
5668		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
5669		   || lun->res_type == SPR_TYPE_EX_AC_AR)
5670		  && lun->pr_keys[residx] == 0)) {
5671			ctl_set_reservation_conflict(ctsio);
5672			ctl_done((union ctl_io *)ctsio);
5673			return (CTL_RETVAL_COMPLETE);
5674	        }
5675	}
5676
5677	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5678	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5679	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5680		ctl_set_invalid_field(ctsio,
5681				      /*sks_valid*/ 1,
5682				      /*command*/ 1,
5683				      /*field*/ 1,
5684				      /*bit_valid*/ 1,
5685				      /*bit*/ 4);
5686		ctl_done((union ctl_io *)ctsio);
5687		return (CTL_RETVAL_COMPLETE);
5688	}
5689
5690	len = scsi_3btoul(cdb->length);
5691	buffer_offset = scsi_3btoul(cdb->offset);
5692
5693	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5694		ctl_set_invalid_field(ctsio,
5695				      /*sks_valid*/ 1,
5696				      /*command*/ 1,
5697				      /*field*/ 6,
5698				      /*bit_valid*/ 0,
5699				      /*bit*/ 0);
5700		ctl_done((union ctl_io *)ctsio);
5701		return (CTL_RETVAL_COMPLETE);
5702	}
5703
5704	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5705		descr[0] = 0;
5706		scsi_ulto3b(sizeof(lun->write_buffer), &descr[1]);
5707		ctsio->kern_data_ptr = descr;
5708		len = min(len, sizeof(descr));
5709	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5710		ctsio->kern_data_ptr = echo_descr;
5711		len = min(len, sizeof(echo_descr));
5712	} else
5713		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5714	ctsio->kern_data_len = len;
5715	ctsio->kern_total_len = len;
5716	ctsio->kern_data_resid = 0;
5717	ctsio->kern_rel_offset = 0;
5718	ctsio->kern_sg_entries = 0;
5719	ctsio->be_move_done = ctl_config_move_done;
5720	ctl_datamove((union ctl_io *)ctsio);
5721
5722	return (CTL_RETVAL_COMPLETE);
5723}
5724
5725int
5726ctl_write_buffer(struct ctl_scsiio *ctsio)
5727{
5728	struct scsi_write_buffer *cdb;
5729	struct ctl_lun *lun;
5730	int buffer_offset, len;
5731
5732	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5733
5734	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5735	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5736
5737	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5738		ctl_set_invalid_field(ctsio,
5739				      /*sks_valid*/ 1,
5740				      /*command*/ 1,
5741				      /*field*/ 1,
5742				      /*bit_valid*/ 1,
5743				      /*bit*/ 4);
5744		ctl_done((union ctl_io *)ctsio);
5745		return (CTL_RETVAL_COMPLETE);
5746	}
5747
5748	len = scsi_3btoul(cdb->length);
5749	buffer_offset = scsi_3btoul(cdb->offset);
5750
5751	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5752		ctl_set_invalid_field(ctsio,
5753				      /*sks_valid*/ 1,
5754				      /*command*/ 1,
5755				      /*field*/ 6,
5756				      /*bit_valid*/ 0,
5757				      /*bit*/ 0);
5758		ctl_done((union ctl_io *)ctsio);
5759		return (CTL_RETVAL_COMPLETE);
5760	}
5761
5762	/*
5763	 * If we've got a kernel request that hasn't been malloced yet,
5764	 * malloc it and tell the caller the data buffer is here.
5765	 */
5766	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5767		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5768		ctsio->kern_data_len = len;
5769		ctsio->kern_total_len = len;
5770		ctsio->kern_data_resid = 0;
5771		ctsio->kern_rel_offset = 0;
5772		ctsio->kern_sg_entries = 0;
5773		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5774		ctsio->be_move_done = ctl_config_move_done;
5775		ctl_datamove((union ctl_io *)ctsio);
5776
5777		return (CTL_RETVAL_COMPLETE);
5778	}
5779
5780	ctl_done((union ctl_io *)ctsio);
5781
5782	return (CTL_RETVAL_COMPLETE);
5783}
5784
5785int
5786ctl_write_same(struct ctl_scsiio *ctsio)
5787{
5788	struct ctl_lun *lun;
5789	struct ctl_lba_len_flags *lbalen;
5790	uint64_t lba;
5791	uint32_t num_blocks;
5792	int len, retval;
5793	uint8_t byte2;
5794
5795	retval = CTL_RETVAL_COMPLETE;
5796
5797	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5798
5799	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5800
5801	switch (ctsio->cdb[0]) {
5802	case WRITE_SAME_10: {
5803		struct scsi_write_same_10 *cdb;
5804
5805		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5806
5807		lba = scsi_4btoul(cdb->addr);
5808		num_blocks = scsi_2btoul(cdb->length);
5809		byte2 = cdb->byte2;
5810		break;
5811	}
5812	case WRITE_SAME_16: {
5813		struct scsi_write_same_16 *cdb;
5814
5815		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5816
5817		lba = scsi_8btou64(cdb->addr);
5818		num_blocks = scsi_4btoul(cdb->length);
5819		byte2 = cdb->byte2;
5820		break;
5821	}
5822	default:
5823		/*
5824		 * We got a command we don't support.  This shouldn't
5825		 * happen, commands should be filtered out above us.
5826		 */
5827		ctl_set_invalid_opcode(ctsio);
5828		ctl_done((union ctl_io *)ctsio);
5829
5830		return (CTL_RETVAL_COMPLETE);
5831		break; /* NOTREACHED */
5832	}
5833
5834	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5835	if ((byte2 & SWS_UNMAP) == 0 &&
5836	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5837		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5838		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5839		ctl_done((union ctl_io *)ctsio);
5840		return (CTL_RETVAL_COMPLETE);
5841	}
5842
5843	/*
5844	 * The first check is to make sure we're in bounds, the second
5845	 * check is to catch wrap-around problems.  If the lba + num blocks
5846	 * is less than the lba, then we've wrapped around and the block
5847	 * range is invalid anyway.
5848	 */
5849	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5850	 || ((lba + num_blocks) < lba)) {
5851		ctl_set_lba_out_of_range(ctsio);
5852		ctl_done((union ctl_io *)ctsio);
5853		return (CTL_RETVAL_COMPLETE);
5854	}
5855
5856	/* Zero number of blocks means "to the last logical block" */
5857	if (num_blocks == 0) {
5858		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5859			ctl_set_invalid_field(ctsio,
5860					      /*sks_valid*/ 0,
5861					      /*command*/ 1,
5862					      /*field*/ 0,
5863					      /*bit_valid*/ 0,
5864					      /*bit*/ 0);
5865			ctl_done((union ctl_io *)ctsio);
5866			return (CTL_RETVAL_COMPLETE);
5867		}
5868		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5869	}
5870
5871	len = lun->be_lun->blocksize;
5872
5873	/*
5874	 * If we've got a kernel request that hasn't been malloced yet,
5875	 * malloc it and tell the caller the data buffer is here.
5876	 */
5877	if ((byte2 & SWS_NDOB) == 0 &&
5878	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5879		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5880		ctsio->kern_data_len = len;
5881		ctsio->kern_total_len = len;
5882		ctsio->kern_data_resid = 0;
5883		ctsio->kern_rel_offset = 0;
5884		ctsio->kern_sg_entries = 0;
5885		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5886		ctsio->be_move_done = ctl_config_move_done;
5887		ctl_datamove((union ctl_io *)ctsio);
5888
5889		return (CTL_RETVAL_COMPLETE);
5890	}
5891
5892	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5893	lbalen->lba = lba;
5894	lbalen->len = num_blocks;
5895	lbalen->flags = byte2;
5896	retval = lun->backend->config_write((union ctl_io *)ctsio);
5897
5898	return (retval);
5899}
5900
5901int
5902ctl_unmap(struct ctl_scsiio *ctsio)
5903{
5904	struct ctl_lun *lun;
5905	struct scsi_unmap *cdb;
5906	struct ctl_ptr_len_flags *ptrlen;
5907	struct scsi_unmap_header *hdr;
5908	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5909	uint64_t lba;
5910	uint32_t num_blocks;
5911	int len, retval;
5912	uint8_t byte2;
5913
5914	retval = CTL_RETVAL_COMPLETE;
5915
5916	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5917
5918	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5919	cdb = (struct scsi_unmap *)ctsio->cdb;
5920
5921	len = scsi_2btoul(cdb->length);
5922	byte2 = cdb->byte2;
5923
5924	/*
5925	 * If we've got a kernel request that hasn't been malloced yet,
5926	 * malloc it and tell the caller the data buffer is here.
5927	 */
5928	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5929		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5930		ctsio->kern_data_len = len;
5931		ctsio->kern_total_len = len;
5932		ctsio->kern_data_resid = 0;
5933		ctsio->kern_rel_offset = 0;
5934		ctsio->kern_sg_entries = 0;
5935		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5936		ctsio->be_move_done = ctl_config_move_done;
5937		ctl_datamove((union ctl_io *)ctsio);
5938
5939		return (CTL_RETVAL_COMPLETE);
5940	}
5941
5942	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5943	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5944	if (len < sizeof (*hdr) ||
5945	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5946	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5947	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5948		ctl_set_invalid_field(ctsio,
5949				      /*sks_valid*/ 0,
5950				      /*command*/ 0,
5951				      /*field*/ 0,
5952				      /*bit_valid*/ 0,
5953				      /*bit*/ 0);
5954		ctl_done((union ctl_io *)ctsio);
5955		return (CTL_RETVAL_COMPLETE);
5956	}
5957	len = scsi_2btoul(hdr->desc_length);
5958	buf = (struct scsi_unmap_desc *)(hdr + 1);
5959	end = buf + len / sizeof(*buf);
5960
5961	endnz = buf;
5962	for (range = buf; range < end; range++) {
5963		lba = scsi_8btou64(range->lba);
5964		num_blocks = scsi_4btoul(range->length);
5965		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5966		 || ((lba + num_blocks) < lba)) {
5967			ctl_set_lba_out_of_range(ctsio);
5968			ctl_done((union ctl_io *)ctsio);
5969			return (CTL_RETVAL_COMPLETE);
5970		}
5971		if (num_blocks != 0)
5972			endnz = range + 1;
5973	}
5974
5975	/*
5976	 * Block backend can not handle zero last range.
5977	 * Filter it out and return if there is nothing left.
5978	 */
5979	len = (uint8_t *)endnz - (uint8_t *)buf;
5980	if (len == 0) {
5981		ctl_set_success(ctsio);
5982		ctl_done((union ctl_io *)ctsio);
5983		return (CTL_RETVAL_COMPLETE);
5984	}
5985
5986	mtx_lock(&lun->lun_lock);
5987	ptrlen = (struct ctl_ptr_len_flags *)
5988	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5989	ptrlen->ptr = (void *)buf;
5990	ptrlen->len = len;
5991	ptrlen->flags = byte2;
5992	ctl_check_blocked(lun);
5993	mtx_unlock(&lun->lun_lock);
5994
5995	retval = lun->backend->config_write((union ctl_io *)ctsio);
5996	return (retval);
5997}
5998
5999/*
6000 * Note that this function currently doesn't actually do anything inside
6001 * CTL to enforce things if the DQue bit is turned on.
6002 *
6003 * Also note that this function can't be used in the default case, because
6004 * the DQue bit isn't set in the changeable mask for the control mode page
6005 * anyway.  This is just here as an example for how to implement a page
6006 * handler, and a placeholder in case we want to allow the user to turn
6007 * tagged queueing on and off.
6008 *
6009 * The D_SENSE bit handling is functional, however, and will turn
6010 * descriptor sense on and off for a given LUN.
6011 */
6012int
6013ctl_control_page_handler(struct ctl_scsiio *ctsio,
6014			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6015{
6016	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6017	struct ctl_lun *lun;
6018	struct ctl_softc *softc;
6019	int set_ua;
6020	uint32_t initidx;
6021
6022	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6023	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6024	set_ua = 0;
6025
6026	user_cp = (struct scsi_control_page *)page_ptr;
6027	current_cp = (struct scsi_control_page *)
6028		(page_index->page_data + (page_index->page_len *
6029		CTL_PAGE_CURRENT));
6030	saved_cp = (struct scsi_control_page *)
6031		(page_index->page_data + (page_index->page_len *
6032		CTL_PAGE_SAVED));
6033
6034	softc = control_softc;
6035
6036	mtx_lock(&lun->lun_lock);
6037	if (((current_cp->rlec & SCP_DSENSE) == 0)
6038	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6039		/*
6040		 * Descriptor sense is currently turned off and the user
6041		 * wants to turn it on.
6042		 */
6043		current_cp->rlec |= SCP_DSENSE;
6044		saved_cp->rlec |= SCP_DSENSE;
6045		lun->flags |= CTL_LUN_SENSE_DESC;
6046		set_ua = 1;
6047	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6048		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6049		/*
6050		 * Descriptor sense is currently turned on, and the user
6051		 * wants to turn it off.
6052		 */
6053		current_cp->rlec &= ~SCP_DSENSE;
6054		saved_cp->rlec &= ~SCP_DSENSE;
6055		lun->flags &= ~CTL_LUN_SENSE_DESC;
6056		set_ua = 1;
6057	}
6058	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6059	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6060		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6061		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6062		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6063		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6064		set_ua = 1;
6065	}
6066	if ((current_cp->eca_and_aen & SCP_SWP) !=
6067	    (user_cp->eca_and_aen & SCP_SWP)) {
6068		current_cp->eca_and_aen &= ~SCP_SWP;
6069		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6070		saved_cp->eca_and_aen &= ~SCP_SWP;
6071		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6072		set_ua = 1;
6073	}
6074	if (set_ua != 0) {
6075		int i;
6076		/*
6077		 * Let other initiators know that the mode
6078		 * parameters for this LUN have changed.
6079		 */
6080		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6081			if (i == initidx)
6082				continue;
6083
6084			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6085		}
6086	}
6087	mtx_unlock(&lun->lun_lock);
6088
6089	return (0);
6090}
6091
6092int
6093ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6094		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6095{
6096	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6097	struct ctl_lun *lun;
6098	int set_ua;
6099	uint32_t initidx;
6100
6101	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6102	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6103	set_ua = 0;
6104
6105	user_cp = (struct scsi_caching_page *)page_ptr;
6106	current_cp = (struct scsi_caching_page *)
6107		(page_index->page_data + (page_index->page_len *
6108		CTL_PAGE_CURRENT));
6109	saved_cp = (struct scsi_caching_page *)
6110		(page_index->page_data + (page_index->page_len *
6111		CTL_PAGE_SAVED));
6112
6113	mtx_lock(&lun->lun_lock);
6114	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6115	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6116		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6117		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6118		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6119		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6120		set_ua = 1;
6121	}
6122	if (set_ua != 0) {
6123		int i;
6124		/*
6125		 * Let other initiators know that the mode
6126		 * parameters for this LUN have changed.
6127		 */
6128		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6129			if (i == initidx)
6130				continue;
6131
6132			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6133		}
6134	}
6135	mtx_unlock(&lun->lun_lock);
6136
6137	return (0);
6138}
6139
6140int
6141ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6142				struct ctl_page_index *page_index,
6143				uint8_t *page_ptr)
6144{
6145	uint8_t *c;
6146	int i;
6147
6148	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6149	ctl_time_io_secs =
6150		(c[0] << 8) |
6151		(c[1] << 0) |
6152		0;
6153	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6154	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6155	printf("page data:");
6156	for (i=0; i<8; i++)
6157		printf(" %.2x",page_ptr[i]);
6158	printf("\n");
6159	return (0);
6160}
6161
6162int
6163ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6164			       struct ctl_page_index *page_index,
6165			       int pc)
6166{
6167	struct copan_debugconf_subpage *page;
6168
6169	page = (struct copan_debugconf_subpage *)page_index->page_data +
6170		(page_index->page_len * pc);
6171
6172	switch (pc) {
6173	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6174	case SMS_PAGE_CTRL_DEFAULT >> 6:
6175	case SMS_PAGE_CTRL_SAVED >> 6:
6176		/*
6177		 * We don't update the changable or default bits for this page.
6178		 */
6179		break;
6180	case SMS_PAGE_CTRL_CURRENT >> 6:
6181		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6182		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6183		break;
6184	default:
6185#ifdef NEEDTOPORT
6186		EPRINT(0, "Invalid PC %d!!", pc);
6187#endif /* NEEDTOPORT */
6188		break;
6189	}
6190	return (0);
6191}
6192
6193
6194static int
6195ctl_do_mode_select(union ctl_io *io)
6196{
6197	struct scsi_mode_page_header *page_header;
6198	struct ctl_page_index *page_index;
6199	struct ctl_scsiio *ctsio;
6200	int control_dev, page_len;
6201	int page_len_offset, page_len_size;
6202	union ctl_modepage_info *modepage_info;
6203	struct ctl_lun *lun;
6204	int *len_left, *len_used;
6205	int retval, i;
6206
6207	ctsio = &io->scsiio;
6208	page_index = NULL;
6209	page_len = 0;
6210	retval = CTL_RETVAL_COMPLETE;
6211
6212	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6213
6214	if (lun->be_lun->lun_type != T_DIRECT)
6215		control_dev = 1;
6216	else
6217		control_dev = 0;
6218
6219	modepage_info = (union ctl_modepage_info *)
6220		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6221	len_left = &modepage_info->header.len_left;
6222	len_used = &modepage_info->header.len_used;
6223
6224do_next_page:
6225
6226	page_header = (struct scsi_mode_page_header *)
6227		(ctsio->kern_data_ptr + *len_used);
6228
6229	if (*len_left == 0) {
6230		free(ctsio->kern_data_ptr, M_CTL);
6231		ctl_set_success(ctsio);
6232		ctl_done((union ctl_io *)ctsio);
6233		return (CTL_RETVAL_COMPLETE);
6234	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6235
6236		free(ctsio->kern_data_ptr, M_CTL);
6237		ctl_set_param_len_error(ctsio);
6238		ctl_done((union ctl_io *)ctsio);
6239		return (CTL_RETVAL_COMPLETE);
6240
6241	} else if ((page_header->page_code & SMPH_SPF)
6242		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6243
6244		free(ctsio->kern_data_ptr, M_CTL);
6245		ctl_set_param_len_error(ctsio);
6246		ctl_done((union ctl_io *)ctsio);
6247		return (CTL_RETVAL_COMPLETE);
6248	}
6249
6250
6251	/*
6252	 * XXX KDM should we do something with the block descriptor?
6253	 */
6254	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6255
6256		if ((control_dev != 0)
6257		 && (lun->mode_pages.index[i].page_flags &
6258		     CTL_PAGE_FLAG_DISK_ONLY))
6259			continue;
6260
6261		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6262		    (page_header->page_code & SMPH_PC_MASK))
6263			continue;
6264
6265		/*
6266		 * If neither page has a subpage code, then we've got a
6267		 * match.
6268		 */
6269		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6270		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6271			page_index = &lun->mode_pages.index[i];
6272			page_len = page_header->page_length;
6273			break;
6274		}
6275
6276		/*
6277		 * If both pages have subpages, then the subpage numbers
6278		 * have to match.
6279		 */
6280		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6281		  && (page_header->page_code & SMPH_SPF)) {
6282			struct scsi_mode_page_header_sp *sph;
6283
6284			sph = (struct scsi_mode_page_header_sp *)page_header;
6285
6286			if (lun->mode_pages.index[i].subpage ==
6287			    sph->subpage) {
6288				page_index = &lun->mode_pages.index[i];
6289				page_len = scsi_2btoul(sph->page_length);
6290				break;
6291			}
6292		}
6293	}
6294
6295	/*
6296	 * If we couldn't find the page, or if we don't have a mode select
6297	 * handler for it, send back an error to the user.
6298	 */
6299	if ((page_index == NULL)
6300	 || (page_index->select_handler == NULL)) {
6301		ctl_set_invalid_field(ctsio,
6302				      /*sks_valid*/ 1,
6303				      /*command*/ 0,
6304				      /*field*/ *len_used,
6305				      /*bit_valid*/ 0,
6306				      /*bit*/ 0);
6307		free(ctsio->kern_data_ptr, M_CTL);
6308		ctl_done((union ctl_io *)ctsio);
6309		return (CTL_RETVAL_COMPLETE);
6310	}
6311
6312	if (page_index->page_code & SMPH_SPF) {
6313		page_len_offset = 2;
6314		page_len_size = 2;
6315	} else {
6316		page_len_size = 1;
6317		page_len_offset = 1;
6318	}
6319
6320	/*
6321	 * If the length the initiator gives us isn't the one we specify in
6322	 * the mode page header, or if they didn't specify enough data in
6323	 * the CDB to avoid truncating this page, kick out the request.
6324	 */
6325	if ((page_len != (page_index->page_len - page_len_offset -
6326			  page_len_size))
6327	 || (*len_left < page_index->page_len)) {
6328
6329
6330		ctl_set_invalid_field(ctsio,
6331				      /*sks_valid*/ 1,
6332				      /*command*/ 0,
6333				      /*field*/ *len_used + page_len_offset,
6334				      /*bit_valid*/ 0,
6335				      /*bit*/ 0);
6336		free(ctsio->kern_data_ptr, M_CTL);
6337		ctl_done((union ctl_io *)ctsio);
6338		return (CTL_RETVAL_COMPLETE);
6339	}
6340
6341	/*
6342	 * Run through the mode page, checking to make sure that the bits
6343	 * the user changed are actually legal for him to change.
6344	 */
6345	for (i = 0; i < page_index->page_len; i++) {
6346		uint8_t *user_byte, *change_mask, *current_byte;
6347		int bad_bit;
6348		int j;
6349
6350		user_byte = (uint8_t *)page_header + i;
6351		change_mask = page_index->page_data +
6352			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6353		current_byte = page_index->page_data +
6354			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6355
6356		/*
6357		 * Check to see whether the user set any bits in this byte
6358		 * that he is not allowed to set.
6359		 */
6360		if ((*user_byte & ~(*change_mask)) ==
6361		    (*current_byte & ~(*change_mask)))
6362			continue;
6363
6364		/*
6365		 * Go through bit by bit to determine which one is illegal.
6366		 */
6367		bad_bit = 0;
6368		for (j = 7; j >= 0; j--) {
6369			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6370			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6371				bad_bit = i;
6372				break;
6373			}
6374		}
6375		ctl_set_invalid_field(ctsio,
6376				      /*sks_valid*/ 1,
6377				      /*command*/ 0,
6378				      /*field*/ *len_used + i,
6379				      /*bit_valid*/ 1,
6380				      /*bit*/ bad_bit);
6381		free(ctsio->kern_data_ptr, M_CTL);
6382		ctl_done((union ctl_io *)ctsio);
6383		return (CTL_RETVAL_COMPLETE);
6384	}
6385
6386	/*
6387	 * Decrement these before we call the page handler, since we may
6388	 * end up getting called back one way or another before the handler
6389	 * returns to this context.
6390	 */
6391	*len_left -= page_index->page_len;
6392	*len_used += page_index->page_len;
6393
6394	retval = page_index->select_handler(ctsio, page_index,
6395					    (uint8_t *)page_header);
6396
6397	/*
6398	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6399	 * wait until this queued command completes to finish processing
6400	 * the mode page.  If it returns anything other than
6401	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6402	 * already set the sense information, freed the data pointer, and
6403	 * completed the io for us.
6404	 */
6405	if (retval != CTL_RETVAL_COMPLETE)
6406		goto bailout_no_done;
6407
6408	/*
6409	 * If the initiator sent us more than one page, parse the next one.
6410	 */
6411	if (*len_left > 0)
6412		goto do_next_page;
6413
6414	ctl_set_success(ctsio);
6415	free(ctsio->kern_data_ptr, M_CTL);
6416	ctl_done((union ctl_io *)ctsio);
6417
6418bailout_no_done:
6419
6420	return (CTL_RETVAL_COMPLETE);
6421
6422}
6423
6424int
6425ctl_mode_select(struct ctl_scsiio *ctsio)
6426{
6427	int param_len, pf, sp;
6428	int header_size, bd_len;
6429	int len_left, len_used;
6430	struct ctl_page_index *page_index;
6431	struct ctl_lun *lun;
6432	int control_dev, page_len;
6433	union ctl_modepage_info *modepage_info;
6434	int retval;
6435
6436	pf = 0;
6437	sp = 0;
6438	page_len = 0;
6439	len_used = 0;
6440	len_left = 0;
6441	retval = 0;
6442	bd_len = 0;
6443	page_index = NULL;
6444
6445	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6446
6447	if (lun->be_lun->lun_type != T_DIRECT)
6448		control_dev = 1;
6449	else
6450		control_dev = 0;
6451
6452	switch (ctsio->cdb[0]) {
6453	case MODE_SELECT_6: {
6454		struct scsi_mode_select_6 *cdb;
6455
6456		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6457
6458		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6459		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6460
6461		param_len = cdb->length;
6462		header_size = sizeof(struct scsi_mode_header_6);
6463		break;
6464	}
6465	case MODE_SELECT_10: {
6466		struct scsi_mode_select_10 *cdb;
6467
6468		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6469
6470		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6471		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6472
6473		param_len = scsi_2btoul(cdb->length);
6474		header_size = sizeof(struct scsi_mode_header_10);
6475		break;
6476	}
6477	default:
6478		ctl_set_invalid_opcode(ctsio);
6479		ctl_done((union ctl_io *)ctsio);
6480		return (CTL_RETVAL_COMPLETE);
6481		break; /* NOTREACHED */
6482	}
6483
6484	/*
6485	 * From SPC-3:
6486	 * "A parameter list length of zero indicates that the Data-Out Buffer
6487	 * shall be empty. This condition shall not be considered as an error."
6488	 */
6489	if (param_len == 0) {
6490		ctl_set_success(ctsio);
6491		ctl_done((union ctl_io *)ctsio);
6492		return (CTL_RETVAL_COMPLETE);
6493	}
6494
6495	/*
6496	 * Since we'll hit this the first time through, prior to
6497	 * allocation, we don't need to free a data buffer here.
6498	 */
6499	if (param_len < header_size) {
6500		ctl_set_param_len_error(ctsio);
6501		ctl_done((union ctl_io *)ctsio);
6502		return (CTL_RETVAL_COMPLETE);
6503	}
6504
6505	/*
6506	 * Allocate the data buffer and grab the user's data.  In theory,
6507	 * we shouldn't have to sanity check the parameter list length here
6508	 * because the maximum size is 64K.  We should be able to malloc
6509	 * that much without too many problems.
6510	 */
6511	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6512		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6513		ctsio->kern_data_len = param_len;
6514		ctsio->kern_total_len = param_len;
6515		ctsio->kern_data_resid = 0;
6516		ctsio->kern_rel_offset = 0;
6517		ctsio->kern_sg_entries = 0;
6518		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6519		ctsio->be_move_done = ctl_config_move_done;
6520		ctl_datamove((union ctl_io *)ctsio);
6521
6522		return (CTL_RETVAL_COMPLETE);
6523	}
6524
6525	switch (ctsio->cdb[0]) {
6526	case MODE_SELECT_6: {
6527		struct scsi_mode_header_6 *mh6;
6528
6529		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6530		bd_len = mh6->blk_desc_len;
6531		break;
6532	}
6533	case MODE_SELECT_10: {
6534		struct scsi_mode_header_10 *mh10;
6535
6536		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6537		bd_len = scsi_2btoul(mh10->blk_desc_len);
6538		break;
6539	}
6540	default:
6541		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6542		break;
6543	}
6544
6545	if (param_len < (header_size + bd_len)) {
6546		free(ctsio->kern_data_ptr, M_CTL);
6547		ctl_set_param_len_error(ctsio);
6548		ctl_done((union ctl_io *)ctsio);
6549		return (CTL_RETVAL_COMPLETE);
6550	}
6551
6552	/*
6553	 * Set the IO_CONT flag, so that if this I/O gets passed to
6554	 * ctl_config_write_done(), it'll get passed back to
6555	 * ctl_do_mode_select() for further processing, or completion if
6556	 * we're all done.
6557	 */
6558	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6559	ctsio->io_cont = ctl_do_mode_select;
6560
6561	modepage_info = (union ctl_modepage_info *)
6562		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6563
6564	memset(modepage_info, 0, sizeof(*modepage_info));
6565
6566	len_left = param_len - header_size - bd_len;
6567	len_used = header_size + bd_len;
6568
6569	modepage_info->header.len_left = len_left;
6570	modepage_info->header.len_used = len_used;
6571
6572	return (ctl_do_mode_select((union ctl_io *)ctsio));
6573}
6574
6575int
6576ctl_mode_sense(struct ctl_scsiio *ctsio)
6577{
6578	struct ctl_lun *lun;
6579	int pc, page_code, dbd, llba, subpage;
6580	int alloc_len, page_len, header_len, total_len;
6581	struct scsi_mode_block_descr *block_desc;
6582	struct ctl_page_index *page_index;
6583	int control_dev;
6584
6585	dbd = 0;
6586	llba = 0;
6587	block_desc = NULL;
6588	page_index = NULL;
6589
6590	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6591
6592	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6593
6594	if (lun->be_lun->lun_type != T_DIRECT)
6595		control_dev = 1;
6596	else
6597		control_dev = 0;
6598
6599	if (lun->flags & CTL_LUN_PR_RESERVED) {
6600		uint32_t residx;
6601
6602		/*
6603		 * XXX KDM need a lock here.
6604		 */
6605		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
6606		if ((lun->res_type == SPR_TYPE_EX_AC
6607		  && residx != lun->pr_res_idx)
6608		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
6609		   || lun->res_type == SPR_TYPE_EX_AC_AR)
6610		  && lun->pr_keys[residx] == 0)) {
6611			ctl_set_reservation_conflict(ctsio);
6612			ctl_done((union ctl_io *)ctsio);
6613			return (CTL_RETVAL_COMPLETE);
6614		}
6615	}
6616
6617	switch (ctsio->cdb[0]) {
6618	case MODE_SENSE_6: {
6619		struct scsi_mode_sense_6 *cdb;
6620
6621		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6622
6623		header_len = sizeof(struct scsi_mode_hdr_6);
6624		if (cdb->byte2 & SMS_DBD)
6625			dbd = 1;
6626		else
6627			header_len += sizeof(struct scsi_mode_block_descr);
6628
6629		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6630		page_code = cdb->page & SMS_PAGE_CODE;
6631		subpage = cdb->subpage;
6632		alloc_len = cdb->length;
6633		break;
6634	}
6635	case MODE_SENSE_10: {
6636		struct scsi_mode_sense_10 *cdb;
6637
6638		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6639
6640		header_len = sizeof(struct scsi_mode_hdr_10);
6641
6642		if (cdb->byte2 & SMS_DBD)
6643			dbd = 1;
6644		else
6645			header_len += sizeof(struct scsi_mode_block_descr);
6646		if (cdb->byte2 & SMS10_LLBAA)
6647			llba = 1;
6648		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6649		page_code = cdb->page & SMS_PAGE_CODE;
6650		subpage = cdb->subpage;
6651		alloc_len = scsi_2btoul(cdb->length);
6652		break;
6653	}
6654	default:
6655		ctl_set_invalid_opcode(ctsio);
6656		ctl_done((union ctl_io *)ctsio);
6657		return (CTL_RETVAL_COMPLETE);
6658		break; /* NOTREACHED */
6659	}
6660
6661	/*
6662	 * We have to make a first pass through to calculate the size of
6663	 * the pages that match the user's query.  Then we allocate enough
6664	 * memory to hold it, and actually copy the data into the buffer.
6665	 */
6666	switch (page_code) {
6667	case SMS_ALL_PAGES_PAGE: {
6668		int i;
6669
6670		page_len = 0;
6671
6672		/*
6673		 * At the moment, values other than 0 and 0xff here are
6674		 * reserved according to SPC-3.
6675		 */
6676		if ((subpage != SMS_SUBPAGE_PAGE_0)
6677		 && (subpage != SMS_SUBPAGE_ALL)) {
6678			ctl_set_invalid_field(ctsio,
6679					      /*sks_valid*/ 1,
6680					      /*command*/ 1,
6681					      /*field*/ 3,
6682					      /*bit_valid*/ 0,
6683					      /*bit*/ 0);
6684			ctl_done((union ctl_io *)ctsio);
6685			return (CTL_RETVAL_COMPLETE);
6686		}
6687
6688		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6689			if ((control_dev != 0)
6690			 && (lun->mode_pages.index[i].page_flags &
6691			     CTL_PAGE_FLAG_DISK_ONLY))
6692				continue;
6693
6694			/*
6695			 * We don't use this subpage if the user didn't
6696			 * request all subpages.
6697			 */
6698			if ((lun->mode_pages.index[i].subpage != 0)
6699			 && (subpage == SMS_SUBPAGE_PAGE_0))
6700				continue;
6701
6702#if 0
6703			printf("found page %#x len %d\n",
6704			       lun->mode_pages.index[i].page_code &
6705			       SMPH_PC_MASK,
6706			       lun->mode_pages.index[i].page_len);
6707#endif
6708			page_len += lun->mode_pages.index[i].page_len;
6709		}
6710		break;
6711	}
6712	default: {
6713		int i;
6714
6715		page_len = 0;
6716
6717		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6718			/* Look for the right page code */
6719			if ((lun->mode_pages.index[i].page_code &
6720			     SMPH_PC_MASK) != page_code)
6721				continue;
6722
6723			/* Look for the right subpage or the subpage wildcard*/
6724			if ((lun->mode_pages.index[i].subpage != subpage)
6725			 && (subpage != SMS_SUBPAGE_ALL))
6726				continue;
6727
6728			/* Make sure the page is supported for this dev type */
6729			if ((control_dev != 0)
6730			 && (lun->mode_pages.index[i].page_flags &
6731			     CTL_PAGE_FLAG_DISK_ONLY))
6732				continue;
6733
6734#if 0
6735			printf("found page %#x len %d\n",
6736			       lun->mode_pages.index[i].page_code &
6737			       SMPH_PC_MASK,
6738			       lun->mode_pages.index[i].page_len);
6739#endif
6740
6741			page_len += lun->mode_pages.index[i].page_len;
6742		}
6743
6744		if (page_len == 0) {
6745			ctl_set_invalid_field(ctsio,
6746					      /*sks_valid*/ 1,
6747					      /*command*/ 1,
6748					      /*field*/ 2,
6749					      /*bit_valid*/ 1,
6750					      /*bit*/ 5);
6751			ctl_done((union ctl_io *)ctsio);
6752			return (CTL_RETVAL_COMPLETE);
6753		}
6754		break;
6755	}
6756	}
6757
6758	total_len = header_len + page_len;
6759#if 0
6760	printf("header_len = %d, page_len = %d, total_len = %d\n",
6761	       header_len, page_len, total_len);
6762#endif
6763
6764	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6765	ctsio->kern_sg_entries = 0;
6766	ctsio->kern_data_resid = 0;
6767	ctsio->kern_rel_offset = 0;
6768	if (total_len < alloc_len) {
6769		ctsio->residual = alloc_len - total_len;
6770		ctsio->kern_data_len = total_len;
6771		ctsio->kern_total_len = total_len;
6772	} else {
6773		ctsio->residual = 0;
6774		ctsio->kern_data_len = alloc_len;
6775		ctsio->kern_total_len = alloc_len;
6776	}
6777
6778	switch (ctsio->cdb[0]) {
6779	case MODE_SENSE_6: {
6780		struct scsi_mode_hdr_6 *header;
6781
6782		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6783
6784		header->datalen = ctl_min(total_len - 1, 254);
6785		if (control_dev == 0) {
6786			header->dev_specific = 0x10; /* DPOFUA */
6787			if ((lun->flags & CTL_LUN_READONLY) ||
6788			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6789			    .eca_and_aen & SCP_SWP) != 0)
6790				    header->dev_specific |= 0x80; /* WP */
6791		}
6792		if (dbd)
6793			header->block_descr_len = 0;
6794		else
6795			header->block_descr_len =
6796				sizeof(struct scsi_mode_block_descr);
6797		block_desc = (struct scsi_mode_block_descr *)&header[1];
6798		break;
6799	}
6800	case MODE_SENSE_10: {
6801		struct scsi_mode_hdr_10 *header;
6802		int datalen;
6803
6804		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6805
6806		datalen = ctl_min(total_len - 2, 65533);
6807		scsi_ulto2b(datalen, header->datalen);
6808		if (control_dev == 0) {
6809			header->dev_specific = 0x10; /* DPOFUA */
6810			if ((lun->flags & CTL_LUN_READONLY) ||
6811			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6812			    .eca_and_aen & SCP_SWP) != 0)
6813				    header->dev_specific |= 0x80; /* WP */
6814		}
6815		if (dbd)
6816			scsi_ulto2b(0, header->block_descr_len);
6817		else
6818			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6819				    header->block_descr_len);
6820		block_desc = (struct scsi_mode_block_descr *)&header[1];
6821		break;
6822	}
6823	default:
6824		panic("invalid CDB type %#x", ctsio->cdb[0]);
6825		break; /* NOTREACHED */
6826	}
6827
6828	/*
6829	 * If we've got a disk, use its blocksize in the block
6830	 * descriptor.  Otherwise, just set it to 0.
6831	 */
6832	if (dbd == 0) {
6833		if (control_dev == 0)
6834			scsi_ulto3b(lun->be_lun->blocksize,
6835				    block_desc->block_len);
6836		else
6837			scsi_ulto3b(0, block_desc->block_len);
6838	}
6839
6840	switch (page_code) {
6841	case SMS_ALL_PAGES_PAGE: {
6842		int i, data_used;
6843
6844		data_used = header_len;
6845		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6846			struct ctl_page_index *page_index;
6847
6848			page_index = &lun->mode_pages.index[i];
6849
6850			if ((control_dev != 0)
6851			 && (page_index->page_flags &
6852			    CTL_PAGE_FLAG_DISK_ONLY))
6853				continue;
6854
6855			/*
6856			 * We don't use this subpage if the user didn't
6857			 * request all subpages.  We already checked (above)
6858			 * to make sure the user only specified a subpage
6859			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6860			 */
6861			if ((page_index->subpage != 0)
6862			 && (subpage == SMS_SUBPAGE_PAGE_0))
6863				continue;
6864
6865			/*
6866			 * Call the handler, if it exists, to update the
6867			 * page to the latest values.
6868			 */
6869			if (page_index->sense_handler != NULL)
6870				page_index->sense_handler(ctsio, page_index,pc);
6871
6872			memcpy(ctsio->kern_data_ptr + data_used,
6873			       page_index->page_data +
6874			       (page_index->page_len * pc),
6875			       page_index->page_len);
6876			data_used += page_index->page_len;
6877		}
6878		break;
6879	}
6880	default: {
6881		int i, data_used;
6882
6883		data_used = header_len;
6884
6885		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6886			struct ctl_page_index *page_index;
6887
6888			page_index = &lun->mode_pages.index[i];
6889
6890			/* Look for the right page code */
6891			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6892				continue;
6893
6894			/* Look for the right subpage or the subpage wildcard*/
6895			if ((page_index->subpage != subpage)
6896			 && (subpage != SMS_SUBPAGE_ALL))
6897				continue;
6898
6899			/* Make sure the page is supported for this dev type */
6900			if ((control_dev != 0)
6901			 && (page_index->page_flags &
6902			     CTL_PAGE_FLAG_DISK_ONLY))
6903				continue;
6904
6905			/*
6906			 * Call the handler, if it exists, to update the
6907			 * page to the latest values.
6908			 */
6909			if (page_index->sense_handler != NULL)
6910				page_index->sense_handler(ctsio, page_index,pc);
6911
6912			memcpy(ctsio->kern_data_ptr + data_used,
6913			       page_index->page_data +
6914			       (page_index->page_len * pc),
6915			       page_index->page_len);
6916			data_used += page_index->page_len;
6917		}
6918		break;
6919	}
6920	}
6921
6922	ctsio->scsi_status = SCSI_STATUS_OK;
6923
6924	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6925	ctsio->be_move_done = ctl_config_move_done;
6926	ctl_datamove((union ctl_io *)ctsio);
6927
6928	return (CTL_RETVAL_COMPLETE);
6929}
6930
6931int
6932ctl_log_sense(struct ctl_scsiio *ctsio)
6933{
6934	struct ctl_lun *lun;
6935	int i, pc, page_code, subpage;
6936	int alloc_len, total_len;
6937	struct ctl_page_index *page_index;
6938	struct scsi_log_sense *cdb;
6939	struct scsi_log_header *header;
6940
6941	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6942
6943	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6944	cdb = (struct scsi_log_sense *)ctsio->cdb;
6945	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6946	page_code = cdb->page & SLS_PAGE_CODE;
6947	subpage = cdb->subpage;
6948	alloc_len = scsi_2btoul(cdb->length);
6949
6950	page_index = NULL;
6951	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6952		page_index = &lun->log_pages.index[i];
6953
6954		/* Look for the right page code */
6955		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6956			continue;
6957
6958		/* Look for the right subpage or the subpage wildcard*/
6959		if (page_index->subpage != subpage)
6960			continue;
6961
6962		break;
6963	}
6964	if (i >= CTL_NUM_LOG_PAGES) {
6965		ctl_set_invalid_field(ctsio,
6966				      /*sks_valid*/ 1,
6967				      /*command*/ 1,
6968				      /*field*/ 2,
6969				      /*bit_valid*/ 0,
6970				      /*bit*/ 0);
6971		ctl_done((union ctl_io *)ctsio);
6972		return (CTL_RETVAL_COMPLETE);
6973	}
6974
6975	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6976
6977	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6978	ctsio->kern_sg_entries = 0;
6979	ctsio->kern_data_resid = 0;
6980	ctsio->kern_rel_offset = 0;
6981	if (total_len < alloc_len) {
6982		ctsio->residual = alloc_len - total_len;
6983		ctsio->kern_data_len = total_len;
6984		ctsio->kern_total_len = total_len;
6985	} else {
6986		ctsio->residual = 0;
6987		ctsio->kern_data_len = alloc_len;
6988		ctsio->kern_total_len = alloc_len;
6989	}
6990
6991	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6992	header->page = page_index->page_code;
6993	if (page_index->subpage) {
6994		header->page |= SL_SPF;
6995		header->subpage = page_index->subpage;
6996	}
6997	scsi_ulto2b(page_index->page_len, header->datalen);
6998
6999	/*
7000	 * Call the handler, if it exists, to update the
7001	 * page to the latest values.
7002	 */
7003	if (page_index->sense_handler != NULL)
7004		page_index->sense_handler(ctsio, page_index, pc);
7005
7006	memcpy(header + 1, page_index->page_data, page_index->page_len);
7007
7008	ctsio->scsi_status = SCSI_STATUS_OK;
7009	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7010	ctsio->be_move_done = ctl_config_move_done;
7011	ctl_datamove((union ctl_io *)ctsio);
7012
7013	return (CTL_RETVAL_COMPLETE);
7014}
7015
7016int
7017ctl_read_capacity(struct ctl_scsiio *ctsio)
7018{
7019	struct scsi_read_capacity *cdb;
7020	struct scsi_read_capacity_data *data;
7021	struct ctl_lun *lun;
7022	uint32_t lba;
7023
7024	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7025
7026	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7027
7028	lba = scsi_4btoul(cdb->addr);
7029	if (((cdb->pmi & SRC_PMI) == 0)
7030	 && (lba != 0)) {
7031		ctl_set_invalid_field(/*ctsio*/ ctsio,
7032				      /*sks_valid*/ 1,
7033				      /*command*/ 1,
7034				      /*field*/ 2,
7035				      /*bit_valid*/ 0,
7036				      /*bit*/ 0);
7037		ctl_done((union ctl_io *)ctsio);
7038		return (CTL_RETVAL_COMPLETE);
7039	}
7040
7041	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7042
7043	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7044	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7045	ctsio->residual = 0;
7046	ctsio->kern_data_len = sizeof(*data);
7047	ctsio->kern_total_len = sizeof(*data);
7048	ctsio->kern_data_resid = 0;
7049	ctsio->kern_rel_offset = 0;
7050	ctsio->kern_sg_entries = 0;
7051
7052	/*
7053	 * If the maximum LBA is greater than 0xfffffffe, the user must
7054	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7055	 * serivce action set.
7056	 */
7057	if (lun->be_lun->maxlba > 0xfffffffe)
7058		scsi_ulto4b(0xffffffff, data->addr);
7059	else
7060		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7061
7062	/*
7063	 * XXX KDM this may not be 512 bytes...
7064	 */
7065	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7066
7067	ctsio->scsi_status = SCSI_STATUS_OK;
7068
7069	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7070	ctsio->be_move_done = ctl_config_move_done;
7071	ctl_datamove((union ctl_io *)ctsio);
7072
7073	return (CTL_RETVAL_COMPLETE);
7074}
7075
7076int
7077ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7078{
7079	struct scsi_read_capacity_16 *cdb;
7080	struct scsi_read_capacity_data_long *data;
7081	struct ctl_lun *lun;
7082	uint64_t lba;
7083	uint32_t alloc_len;
7084
7085	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7086
7087	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7088
7089	alloc_len = scsi_4btoul(cdb->alloc_len);
7090	lba = scsi_8btou64(cdb->addr);
7091
7092	if ((cdb->reladr & SRC16_PMI)
7093	 && (lba != 0)) {
7094		ctl_set_invalid_field(/*ctsio*/ ctsio,
7095				      /*sks_valid*/ 1,
7096				      /*command*/ 1,
7097				      /*field*/ 2,
7098				      /*bit_valid*/ 0,
7099				      /*bit*/ 0);
7100		ctl_done((union ctl_io *)ctsio);
7101		return (CTL_RETVAL_COMPLETE);
7102	}
7103
7104	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7105
7106	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7107	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7108
7109	if (sizeof(*data) < alloc_len) {
7110		ctsio->residual = alloc_len - sizeof(*data);
7111		ctsio->kern_data_len = sizeof(*data);
7112		ctsio->kern_total_len = sizeof(*data);
7113	} else {
7114		ctsio->residual = 0;
7115		ctsio->kern_data_len = alloc_len;
7116		ctsio->kern_total_len = alloc_len;
7117	}
7118	ctsio->kern_data_resid = 0;
7119	ctsio->kern_rel_offset = 0;
7120	ctsio->kern_sg_entries = 0;
7121
7122	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7123	/* XXX KDM this may not be 512 bytes... */
7124	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7125	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7126	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7127	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7128		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7129
7130	ctsio->scsi_status = SCSI_STATUS_OK;
7131
7132	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7133	ctsio->be_move_done = ctl_config_move_done;
7134	ctl_datamove((union ctl_io *)ctsio);
7135
7136	return (CTL_RETVAL_COMPLETE);
7137}
7138
7139int
7140ctl_read_defect(struct ctl_scsiio *ctsio)
7141{
7142	struct scsi_read_defect_data_10 *ccb10;
7143	struct scsi_read_defect_data_12 *ccb12;
7144	struct scsi_read_defect_data_hdr_10 *data10;
7145	struct scsi_read_defect_data_hdr_12 *data12;
7146	struct ctl_lun *lun;
7147	uint32_t alloc_len, data_len;
7148	uint8_t format;
7149
7150	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7151
7152	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7153	if (lun->flags & CTL_LUN_PR_RESERVED) {
7154		uint32_t residx;
7155
7156		/*
7157		 * XXX KDM need a lock here.
7158		 */
7159		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
7160		if ((lun->res_type == SPR_TYPE_EX_AC
7161		  && residx != lun->pr_res_idx)
7162		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
7163		   || lun->res_type == SPR_TYPE_EX_AC_AR)
7164		  && lun->pr_keys[residx] == 0)) {
7165			ctl_set_reservation_conflict(ctsio);
7166			ctl_done((union ctl_io *)ctsio);
7167			return (CTL_RETVAL_COMPLETE);
7168	        }
7169	}
7170
7171	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7172		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7173		format = ccb10->format;
7174		alloc_len = scsi_2btoul(ccb10->alloc_length);
7175		data_len = sizeof(*data10);
7176	} else {
7177		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7178		format = ccb12->format;
7179		alloc_len = scsi_4btoul(ccb12->alloc_length);
7180		data_len = sizeof(*data12);
7181	}
7182	if (alloc_len == 0) {
7183		ctl_set_success(ctsio);
7184		ctl_done((union ctl_io *)ctsio);
7185		return (CTL_RETVAL_COMPLETE);
7186	}
7187
7188	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7189	if (data_len < alloc_len) {
7190		ctsio->residual = alloc_len - data_len;
7191		ctsio->kern_data_len = data_len;
7192		ctsio->kern_total_len = data_len;
7193	} else {
7194		ctsio->residual = 0;
7195		ctsio->kern_data_len = alloc_len;
7196		ctsio->kern_total_len = alloc_len;
7197	}
7198	ctsio->kern_data_resid = 0;
7199	ctsio->kern_rel_offset = 0;
7200	ctsio->kern_sg_entries = 0;
7201
7202	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7203		data10 = (struct scsi_read_defect_data_hdr_10 *)
7204		    ctsio->kern_data_ptr;
7205		data10->format = format;
7206		scsi_ulto2b(0, data10->length);
7207	} else {
7208		data12 = (struct scsi_read_defect_data_hdr_12 *)
7209		    ctsio->kern_data_ptr;
7210		data12->format = format;
7211		scsi_ulto2b(0, data12->generation);
7212		scsi_ulto4b(0, data12->length);
7213	}
7214
7215	ctsio->scsi_status = SCSI_STATUS_OK;
7216	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7217	ctsio->be_move_done = ctl_config_move_done;
7218	ctl_datamove((union ctl_io *)ctsio);
7219	return (CTL_RETVAL_COMPLETE);
7220}
7221
7222int
7223ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7224{
7225	struct scsi_maintenance_in *cdb;
7226	int retval;
7227	int alloc_len, ext, total_len = 0, g, p, pc, pg;
7228	int num_target_port_groups, num_target_ports, single;
7229	struct ctl_lun *lun;
7230	struct ctl_softc *softc;
7231	struct ctl_port *port;
7232	struct scsi_target_group_data *rtg_ptr;
7233	struct scsi_target_group_data_extended *rtg_ext_ptr;
7234	struct scsi_target_port_group_descriptor *tpg_desc;
7235
7236	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7237
7238	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7239	softc = control_softc;
7240	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7241
7242	retval = CTL_RETVAL_COMPLETE;
7243
7244	switch (cdb->byte2 & STG_PDF_MASK) {
7245	case STG_PDF_LENGTH:
7246		ext = 0;
7247		break;
7248	case STG_PDF_EXTENDED:
7249		ext = 1;
7250		break;
7251	default:
7252		ctl_set_invalid_field(/*ctsio*/ ctsio,
7253				      /*sks_valid*/ 1,
7254				      /*command*/ 1,
7255				      /*field*/ 2,
7256				      /*bit_valid*/ 1,
7257				      /*bit*/ 5);
7258		ctl_done((union ctl_io *)ctsio);
7259		return(retval);
7260	}
7261
7262	single = ctl_is_single;
7263	if (single)
7264		num_target_port_groups = 1;
7265	else
7266		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7267	num_target_ports = 0;
7268	mtx_lock(&softc->ctl_lock);
7269	STAILQ_FOREACH(port, &softc->port_list, links) {
7270		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7271			continue;
7272		if (ctl_map_lun_back(port->targ_port, lun->lun) >= CTL_MAX_LUNS)
7273			continue;
7274		num_target_ports++;
7275	}
7276	mtx_unlock(&softc->ctl_lock);
7277
7278	if (ext)
7279		total_len = sizeof(struct scsi_target_group_data_extended);
7280	else
7281		total_len = sizeof(struct scsi_target_group_data);
7282	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7283		num_target_port_groups +
7284	    sizeof(struct scsi_target_port_descriptor) *
7285		num_target_ports * num_target_port_groups;
7286
7287	alloc_len = scsi_4btoul(cdb->length);
7288
7289	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7290
7291	ctsio->kern_sg_entries = 0;
7292
7293	if (total_len < alloc_len) {
7294		ctsio->residual = alloc_len - total_len;
7295		ctsio->kern_data_len = total_len;
7296		ctsio->kern_total_len = total_len;
7297	} else {
7298		ctsio->residual = 0;
7299		ctsio->kern_data_len = alloc_len;
7300		ctsio->kern_total_len = alloc_len;
7301	}
7302	ctsio->kern_data_resid = 0;
7303	ctsio->kern_rel_offset = 0;
7304
7305	if (ext) {
7306		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7307		    ctsio->kern_data_ptr;
7308		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7309		rtg_ext_ptr->format_type = 0x10;
7310		rtg_ext_ptr->implicit_transition_time = 0;
7311		tpg_desc = &rtg_ext_ptr->groups[0];
7312	} else {
7313		rtg_ptr = (struct scsi_target_group_data *)
7314		    ctsio->kern_data_ptr;
7315		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7316		tpg_desc = &rtg_ptr->groups[0];
7317	}
7318
7319	pg = ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS;
7320	mtx_lock(&softc->ctl_lock);
7321	for (g = 0; g < num_target_port_groups; g++) {
7322		if (g == pg)
7323			tpg_desc->pref_state = TPG_PRIMARY |
7324			    TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7325		else
7326			tpg_desc->pref_state =
7327			    TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7328		tpg_desc->support = TPG_AO_SUP;
7329		if (!single)
7330			tpg_desc->support |= TPG_AN_SUP;
7331		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7332		tpg_desc->status = TPG_IMPLICIT;
7333		pc = 0;
7334		STAILQ_FOREACH(port, &softc->port_list, links) {
7335			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7336				continue;
7337			if (ctl_map_lun_back(port->targ_port, lun->lun) >=
7338			    CTL_MAX_LUNS)
7339				continue;
7340			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
7341			scsi_ulto2b(p, tpg_desc->descriptors[pc].
7342			    relative_target_port_identifier);
7343			pc++;
7344		}
7345		tpg_desc->target_port_count = pc;
7346		tpg_desc = (struct scsi_target_port_group_descriptor *)
7347		    &tpg_desc->descriptors[pc];
7348	}
7349	mtx_unlock(&softc->ctl_lock);
7350
7351	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7352	ctsio->be_move_done = ctl_config_move_done;
7353
7354	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7355			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7356			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7357			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7358			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7359
7360	ctl_datamove((union ctl_io *)ctsio);
7361	return(retval);
7362}
7363
7364int
7365ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7366{
7367	struct ctl_lun *lun;
7368	struct scsi_report_supported_opcodes *cdb;
7369	const struct ctl_cmd_entry *entry, *sentry;
7370	struct scsi_report_supported_opcodes_all *all;
7371	struct scsi_report_supported_opcodes_descr *descr;
7372	struct scsi_report_supported_opcodes_one *one;
7373	int retval;
7374	int alloc_len, total_len;
7375	int opcode, service_action, i, j, num;
7376
7377	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7378
7379	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7380	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7381
7382	retval = CTL_RETVAL_COMPLETE;
7383
7384	opcode = cdb->requested_opcode;
7385	service_action = scsi_2btoul(cdb->requested_service_action);
7386	switch (cdb->options & RSO_OPTIONS_MASK) {
7387	case RSO_OPTIONS_ALL:
7388		num = 0;
7389		for (i = 0; i < 256; i++) {
7390			entry = &ctl_cmd_table[i];
7391			if (entry->flags & CTL_CMD_FLAG_SA5) {
7392				for (j = 0; j < 32; j++) {
7393					sentry = &((const struct ctl_cmd_entry *)
7394					    entry->execute)[j];
7395					if (ctl_cmd_applicable(
7396					    lun->be_lun->lun_type, sentry))
7397						num++;
7398				}
7399			} else {
7400				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7401				    entry))
7402					num++;
7403			}
7404		}
7405		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7406		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7407		break;
7408	case RSO_OPTIONS_OC:
7409		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7410			ctl_set_invalid_field(/*ctsio*/ ctsio,
7411					      /*sks_valid*/ 1,
7412					      /*command*/ 1,
7413					      /*field*/ 2,
7414					      /*bit_valid*/ 1,
7415					      /*bit*/ 2);
7416			ctl_done((union ctl_io *)ctsio);
7417			return (CTL_RETVAL_COMPLETE);
7418		}
7419		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7420		break;
7421	case RSO_OPTIONS_OC_SA:
7422		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7423		    service_action >= 32) {
7424			ctl_set_invalid_field(/*ctsio*/ ctsio,
7425					      /*sks_valid*/ 1,
7426					      /*command*/ 1,
7427					      /*field*/ 2,
7428					      /*bit_valid*/ 1,
7429					      /*bit*/ 2);
7430			ctl_done((union ctl_io *)ctsio);
7431			return (CTL_RETVAL_COMPLETE);
7432		}
7433		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7434		break;
7435	default:
7436		ctl_set_invalid_field(/*ctsio*/ ctsio,
7437				      /*sks_valid*/ 1,
7438				      /*command*/ 1,
7439				      /*field*/ 2,
7440				      /*bit_valid*/ 1,
7441				      /*bit*/ 2);
7442		ctl_done((union ctl_io *)ctsio);
7443		return (CTL_RETVAL_COMPLETE);
7444	}
7445
7446	alloc_len = scsi_4btoul(cdb->length);
7447
7448	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7449
7450	ctsio->kern_sg_entries = 0;
7451
7452	if (total_len < alloc_len) {
7453		ctsio->residual = alloc_len - total_len;
7454		ctsio->kern_data_len = total_len;
7455		ctsio->kern_total_len = total_len;
7456	} else {
7457		ctsio->residual = 0;
7458		ctsio->kern_data_len = alloc_len;
7459		ctsio->kern_total_len = alloc_len;
7460	}
7461	ctsio->kern_data_resid = 0;
7462	ctsio->kern_rel_offset = 0;
7463
7464	switch (cdb->options & RSO_OPTIONS_MASK) {
7465	case RSO_OPTIONS_ALL:
7466		all = (struct scsi_report_supported_opcodes_all *)
7467		    ctsio->kern_data_ptr;
7468		num = 0;
7469		for (i = 0; i < 256; i++) {
7470			entry = &ctl_cmd_table[i];
7471			if (entry->flags & CTL_CMD_FLAG_SA5) {
7472				for (j = 0; j < 32; j++) {
7473					sentry = &((const struct ctl_cmd_entry *)
7474					    entry->execute)[j];
7475					if (!ctl_cmd_applicable(
7476					    lun->be_lun->lun_type, sentry))
7477						continue;
7478					descr = &all->descr[num++];
7479					descr->opcode = i;
7480					scsi_ulto2b(j, descr->service_action);
7481					descr->flags = RSO_SERVACTV;
7482					scsi_ulto2b(sentry->length,
7483					    descr->cdb_length);
7484				}
7485			} else {
7486				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7487				    entry))
7488					continue;
7489				descr = &all->descr[num++];
7490				descr->opcode = i;
7491				scsi_ulto2b(0, descr->service_action);
7492				descr->flags = 0;
7493				scsi_ulto2b(entry->length, descr->cdb_length);
7494			}
7495		}
7496		scsi_ulto4b(
7497		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7498		    all->length);
7499		break;
7500	case RSO_OPTIONS_OC:
7501		one = (struct scsi_report_supported_opcodes_one *)
7502		    ctsio->kern_data_ptr;
7503		entry = &ctl_cmd_table[opcode];
7504		goto fill_one;
7505	case RSO_OPTIONS_OC_SA:
7506		one = (struct scsi_report_supported_opcodes_one *)
7507		    ctsio->kern_data_ptr;
7508		entry = &ctl_cmd_table[opcode];
7509		entry = &((const struct ctl_cmd_entry *)
7510		    entry->execute)[service_action];
7511fill_one:
7512		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7513			one->support = 3;
7514			scsi_ulto2b(entry->length, one->cdb_length);
7515			one->cdb_usage[0] = opcode;
7516			memcpy(&one->cdb_usage[1], entry->usage,
7517			    entry->length - 1);
7518		} else
7519			one->support = 1;
7520		break;
7521	}
7522
7523	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7524	ctsio->be_move_done = ctl_config_move_done;
7525
7526	ctl_datamove((union ctl_io *)ctsio);
7527	return(retval);
7528}
7529
7530int
7531ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7532{
7533	struct ctl_lun *lun;
7534	struct scsi_report_supported_tmf *cdb;
7535	struct scsi_report_supported_tmf_data *data;
7536	int retval;
7537	int alloc_len, total_len;
7538
7539	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7540
7541	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7542	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7543
7544	retval = CTL_RETVAL_COMPLETE;
7545
7546	total_len = sizeof(struct scsi_report_supported_tmf_data);
7547	alloc_len = scsi_4btoul(cdb->length);
7548
7549	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7550
7551	ctsio->kern_sg_entries = 0;
7552
7553	if (total_len < alloc_len) {
7554		ctsio->residual = alloc_len - total_len;
7555		ctsio->kern_data_len = total_len;
7556		ctsio->kern_total_len = total_len;
7557	} else {
7558		ctsio->residual = 0;
7559		ctsio->kern_data_len = alloc_len;
7560		ctsio->kern_total_len = alloc_len;
7561	}
7562	ctsio->kern_data_resid = 0;
7563	ctsio->kern_rel_offset = 0;
7564
7565	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7566	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7567	data->byte2 |= RST_ITNRS;
7568
7569	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7570	ctsio->be_move_done = ctl_config_move_done;
7571
7572	ctl_datamove((union ctl_io *)ctsio);
7573	return (retval);
7574}
7575
7576int
7577ctl_report_timestamp(struct ctl_scsiio *ctsio)
7578{
7579	struct ctl_lun *lun;
7580	struct scsi_report_timestamp *cdb;
7581	struct scsi_report_timestamp_data *data;
7582	struct timeval tv;
7583	int64_t timestamp;
7584	int retval;
7585	int alloc_len, total_len;
7586
7587	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7588
7589	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7590	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7591
7592	retval = CTL_RETVAL_COMPLETE;
7593
7594	total_len = sizeof(struct scsi_report_timestamp_data);
7595	alloc_len = scsi_4btoul(cdb->length);
7596
7597	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7598
7599	ctsio->kern_sg_entries = 0;
7600
7601	if (total_len < alloc_len) {
7602		ctsio->residual = alloc_len - total_len;
7603		ctsio->kern_data_len = total_len;
7604		ctsio->kern_total_len = total_len;
7605	} else {
7606		ctsio->residual = 0;
7607		ctsio->kern_data_len = alloc_len;
7608		ctsio->kern_total_len = alloc_len;
7609	}
7610	ctsio->kern_data_resid = 0;
7611	ctsio->kern_rel_offset = 0;
7612
7613	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7614	scsi_ulto2b(sizeof(*data) - 2, data->length);
7615	data->origin = RTS_ORIG_OUTSIDE;
7616	getmicrotime(&tv);
7617	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7618	scsi_ulto4b(timestamp >> 16, data->timestamp);
7619	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7620
7621	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7622	ctsio->be_move_done = ctl_config_move_done;
7623
7624	ctl_datamove((union ctl_io *)ctsio);
7625	return (retval);
7626}
7627
7628int
7629ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7630{
7631	struct scsi_per_res_in *cdb;
7632	int alloc_len, total_len = 0;
7633	/* struct scsi_per_res_in_rsrv in_data; */
7634	struct ctl_lun *lun;
7635	struct ctl_softc *softc;
7636
7637	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7638
7639	softc = control_softc;
7640
7641	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7642
7643	alloc_len = scsi_2btoul(cdb->length);
7644
7645	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7646
7647retry:
7648	mtx_lock(&lun->lun_lock);
7649	switch (cdb->action) {
7650	case SPRI_RK: /* read keys */
7651		total_len = sizeof(struct scsi_per_res_in_keys) +
7652			lun->pr_key_count *
7653			sizeof(struct scsi_per_res_key);
7654		break;
7655	case SPRI_RR: /* read reservation */
7656		if (lun->flags & CTL_LUN_PR_RESERVED)
7657			total_len = sizeof(struct scsi_per_res_in_rsrv);
7658		else
7659			total_len = sizeof(struct scsi_per_res_in_header);
7660		break;
7661	case SPRI_RC: /* report capabilities */
7662		total_len = sizeof(struct scsi_per_res_cap);
7663		break;
7664	case SPRI_RS: /* read full status */
7665		total_len = sizeof(struct scsi_per_res_in_header) +
7666		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7667		    lun->pr_key_count;
7668		break;
7669	default:
7670		panic("Invalid PR type %x", cdb->action);
7671	}
7672	mtx_unlock(&lun->lun_lock);
7673
7674	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7675
7676	if (total_len < alloc_len) {
7677		ctsio->residual = alloc_len - total_len;
7678		ctsio->kern_data_len = total_len;
7679		ctsio->kern_total_len = total_len;
7680	} else {
7681		ctsio->residual = 0;
7682		ctsio->kern_data_len = alloc_len;
7683		ctsio->kern_total_len = alloc_len;
7684	}
7685
7686	ctsio->kern_data_resid = 0;
7687	ctsio->kern_rel_offset = 0;
7688	ctsio->kern_sg_entries = 0;
7689
7690	mtx_lock(&lun->lun_lock);
7691	switch (cdb->action) {
7692	case SPRI_RK: { // read keys
7693        struct scsi_per_res_in_keys *res_keys;
7694		int i, key_count;
7695
7696		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7697
7698		/*
7699		 * We had to drop the lock to allocate our buffer, which
7700		 * leaves time for someone to come in with another
7701		 * persistent reservation.  (That is unlikely, though,
7702		 * since this should be the only persistent reservation
7703		 * command active right now.)
7704		 */
7705		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7706		    (lun->pr_key_count *
7707		     sizeof(struct scsi_per_res_key)))){
7708			mtx_unlock(&lun->lun_lock);
7709			free(ctsio->kern_data_ptr, M_CTL);
7710			printf("%s: reservation length changed, retrying\n",
7711			       __func__);
7712			goto retry;
7713		}
7714
7715		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7716
7717		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7718			     lun->pr_key_count, res_keys->header.length);
7719
7720		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7721			if (lun->pr_keys[i] == 0)
7722				continue;
7723
7724			/*
7725			 * We used lun->pr_key_count to calculate the
7726			 * size to allocate.  If it turns out the number of
7727			 * initiators with the registered flag set is
7728			 * larger than that (i.e. they haven't been kept in
7729			 * sync), we've got a problem.
7730			 */
7731			if (key_count >= lun->pr_key_count) {
7732#ifdef NEEDTOPORT
7733				csevent_log(CSC_CTL | CSC_SHELF_SW |
7734					    CTL_PR_ERROR,
7735					    csevent_LogType_Fault,
7736					    csevent_AlertLevel_Yellow,
7737					    csevent_FRU_ShelfController,
7738					    csevent_FRU_Firmware,
7739				        csevent_FRU_Unknown,
7740					    "registered keys %d >= key "
7741					    "count %d", key_count,
7742					    lun->pr_key_count);
7743#endif
7744				key_count++;
7745				continue;
7746			}
7747			scsi_u64to8b(lun->pr_keys[i],
7748			    res_keys->keys[key_count].key);
7749			key_count++;
7750		}
7751		break;
7752	}
7753	case SPRI_RR: { // read reservation
7754		struct scsi_per_res_in_rsrv *res;
7755		int tmp_len, header_only;
7756
7757		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7758
7759		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7760
7761		if (lun->flags & CTL_LUN_PR_RESERVED)
7762		{
7763			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7764			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7765				    res->header.length);
7766			header_only = 0;
7767		} else {
7768			tmp_len = sizeof(struct scsi_per_res_in_header);
7769			scsi_ulto4b(0, res->header.length);
7770			header_only = 1;
7771		}
7772
7773		/*
7774		 * We had to drop the lock to allocate our buffer, which
7775		 * leaves time for someone to come in with another
7776		 * persistent reservation.  (That is unlikely, though,
7777		 * since this should be the only persistent reservation
7778		 * command active right now.)
7779		 */
7780		if (tmp_len != total_len) {
7781			mtx_unlock(&lun->lun_lock);
7782			free(ctsio->kern_data_ptr, M_CTL);
7783			printf("%s: reservation status changed, retrying\n",
7784			       __func__);
7785			goto retry;
7786		}
7787
7788		/*
7789		 * No reservation held, so we're done.
7790		 */
7791		if (header_only != 0)
7792			break;
7793
7794		/*
7795		 * If the registration is an All Registrants type, the key
7796		 * is 0, since it doesn't really matter.
7797		 */
7798		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7799			scsi_u64to8b(lun->pr_keys[lun->pr_res_idx],
7800			    res->data.reservation);
7801		}
7802		res->data.scopetype = lun->res_type;
7803		break;
7804	}
7805	case SPRI_RC:     //report capabilities
7806	{
7807		struct scsi_per_res_cap *res_cap;
7808		uint16_t type_mask;
7809
7810		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7811		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7812		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7813		type_mask = SPRI_TM_WR_EX_AR |
7814			    SPRI_TM_EX_AC_RO |
7815			    SPRI_TM_WR_EX_RO |
7816			    SPRI_TM_EX_AC |
7817			    SPRI_TM_WR_EX |
7818			    SPRI_TM_EX_AC_AR;
7819		scsi_ulto2b(type_mask, res_cap->type_mask);
7820		break;
7821	}
7822	case SPRI_RS: { // read full status
7823		struct scsi_per_res_in_full *res_status;
7824		struct scsi_per_res_in_full_desc *res_desc;
7825		struct ctl_port *port;
7826		int i, len;
7827
7828		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7829
7830		/*
7831		 * We had to drop the lock to allocate our buffer, which
7832		 * leaves time for someone to come in with another
7833		 * persistent reservation.  (That is unlikely, though,
7834		 * since this should be the only persistent reservation
7835		 * command active right now.)
7836		 */
7837		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7838		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7839		     lun->pr_key_count)){
7840			mtx_unlock(&lun->lun_lock);
7841			free(ctsio->kern_data_ptr, M_CTL);
7842			printf("%s: reservation length changed, retrying\n",
7843			       __func__);
7844			goto retry;
7845		}
7846
7847		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7848
7849		res_desc = &res_status->desc[0];
7850		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7851			if (lun->pr_keys[i] == 0)
7852				continue;
7853
7854			scsi_u64to8b(lun->pr_keys[i], res_desc->res_key.key);
7855			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7856			    (lun->pr_res_idx == i ||
7857			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7858				res_desc->flags = SPRI_FULL_R_HOLDER;
7859				res_desc->scopetype = lun->res_type;
7860			}
7861			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7862			    res_desc->rel_trgt_port_id);
7863			len = 0;
7864			port = softc->ctl_ports[
7865			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
7866			if (port != NULL)
7867				len = ctl_create_iid(port,
7868				    i % CTL_MAX_INIT_PER_PORT,
7869				    res_desc->transport_id);
7870			scsi_ulto4b(len, res_desc->additional_length);
7871			res_desc = (struct scsi_per_res_in_full_desc *)
7872			    &res_desc->transport_id[len];
7873		}
7874		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7875		    res_status->header.length);
7876		break;
7877	}
7878	default:
7879		/*
7880		 * This is a bug, because we just checked for this above,
7881		 * and should have returned an error.
7882		 */
7883		panic("Invalid PR type %x", cdb->action);
7884		break; /* NOTREACHED */
7885	}
7886	mtx_unlock(&lun->lun_lock);
7887
7888	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7889	ctsio->be_move_done = ctl_config_move_done;
7890
7891	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7892			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7893			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7894			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7895			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7896
7897	ctl_datamove((union ctl_io *)ctsio);
7898
7899	return (CTL_RETVAL_COMPLETE);
7900}
7901
7902/*
7903 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7904 * it should return.
7905 */
7906static int
7907ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7908		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7909		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7910		struct scsi_per_res_out_parms* param)
7911{
7912	union ctl_ha_msg persis_io;
7913	int retval, i;
7914	int isc_retval;
7915
7916	retval = 0;
7917
7918	mtx_lock(&lun->lun_lock);
7919	if (sa_res_key == 0) {
7920		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7921			/* validate scope and type */
7922			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7923			     SPR_LU_SCOPE) {
7924				mtx_unlock(&lun->lun_lock);
7925				ctl_set_invalid_field(/*ctsio*/ ctsio,
7926						      /*sks_valid*/ 1,
7927						      /*command*/ 1,
7928						      /*field*/ 2,
7929						      /*bit_valid*/ 1,
7930						      /*bit*/ 4);
7931				ctl_done((union ctl_io *)ctsio);
7932				return (1);
7933			}
7934
7935		        if (type>8 || type==2 || type==4 || type==0) {
7936				mtx_unlock(&lun->lun_lock);
7937				ctl_set_invalid_field(/*ctsio*/ ctsio,
7938       	           				      /*sks_valid*/ 1,
7939						      /*command*/ 1,
7940						      /*field*/ 2,
7941						      /*bit_valid*/ 1,
7942						      /*bit*/ 0);
7943				ctl_done((union ctl_io *)ctsio);
7944				return (1);
7945		        }
7946
7947			/*
7948			 * Unregister everybody else and build UA for
7949			 * them
7950			 */
7951			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7952				if (i == residx || lun->pr_keys[i] == 0)
7953					continue;
7954
7955				if (!persis_offset
7956				 && i <CTL_MAX_INITIATORS)
7957					lun->pending_ua[i] |=
7958						CTL_UA_REG_PREEMPT;
7959				else if (persis_offset
7960				      && i >= persis_offset)
7961					lun->pending_ua[i-persis_offset] |=
7962						CTL_UA_REG_PREEMPT;
7963				lun->pr_keys[i] = 0;
7964			}
7965			lun->pr_key_count = 1;
7966			lun->res_type = type;
7967			if (lun->res_type != SPR_TYPE_WR_EX_AR
7968			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7969				lun->pr_res_idx = residx;
7970
7971			/* send msg to other side */
7972			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7973			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7974			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7975			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7976			persis_io.pr.pr_info.res_type = type;
7977			memcpy(persis_io.pr.pr_info.sa_res_key,
7978			       param->serv_act_res_key,
7979			       sizeof(param->serv_act_res_key));
7980			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7981			     &persis_io, sizeof(persis_io), 0)) >
7982			     CTL_HA_STATUS_SUCCESS) {
7983				printf("CTL:Persis Out error returned "
7984				       "from ctl_ha_msg_send %d\n",
7985				       isc_retval);
7986			}
7987		} else {
7988			/* not all registrants */
7989			mtx_unlock(&lun->lun_lock);
7990			free(ctsio->kern_data_ptr, M_CTL);
7991			ctl_set_invalid_field(ctsio,
7992					      /*sks_valid*/ 1,
7993					      /*command*/ 0,
7994					      /*field*/ 8,
7995					      /*bit_valid*/ 0,
7996					      /*bit*/ 0);
7997			ctl_done((union ctl_io *)ctsio);
7998			return (1);
7999		}
8000	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8001		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8002		int found = 0;
8003
8004		if (res_key == sa_res_key) {
8005			/* special case */
8006			/*
8007			 * The spec implies this is not good but doesn't
8008			 * say what to do. There are two choices either
8009			 * generate a res conflict or check condition
8010			 * with illegal field in parameter data. Since
8011			 * that is what is done when the sa_res_key is
8012			 * zero I'll take that approach since this has
8013			 * to do with the sa_res_key.
8014			 */
8015			mtx_unlock(&lun->lun_lock);
8016			free(ctsio->kern_data_ptr, M_CTL);
8017			ctl_set_invalid_field(ctsio,
8018					      /*sks_valid*/ 1,
8019					      /*command*/ 0,
8020					      /*field*/ 8,
8021					      /*bit_valid*/ 0,
8022					      /*bit*/ 0);
8023			ctl_done((union ctl_io *)ctsio);
8024			return (1);
8025		}
8026
8027		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8028			if (lun->pr_keys[i] != sa_res_key)
8029				continue;
8030
8031			found = 1;
8032			lun->pr_keys[i] = 0;
8033			lun->pr_key_count--;
8034
8035			if (!persis_offset && i < CTL_MAX_INITIATORS)
8036				lun->pending_ua[i] |= CTL_UA_REG_PREEMPT;
8037			else if (persis_offset && i >= persis_offset)
8038				lun->pending_ua[i-persis_offset] |=
8039					CTL_UA_REG_PREEMPT;
8040		}
8041		if (!found) {
8042			mtx_unlock(&lun->lun_lock);
8043			free(ctsio->kern_data_ptr, M_CTL);
8044			ctl_set_reservation_conflict(ctsio);
8045			ctl_done((union ctl_io *)ctsio);
8046			return (CTL_RETVAL_COMPLETE);
8047		}
8048		/* send msg to other side */
8049		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8050		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8051		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8052		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8053		persis_io.pr.pr_info.res_type = type;
8054		memcpy(persis_io.pr.pr_info.sa_res_key,
8055		       param->serv_act_res_key,
8056		       sizeof(param->serv_act_res_key));
8057		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8058		     &persis_io, sizeof(persis_io), 0)) >
8059		     CTL_HA_STATUS_SUCCESS) {
8060			printf("CTL:Persis Out error returned from "
8061			       "ctl_ha_msg_send %d\n", isc_retval);
8062		}
8063	} else {
8064		/* Reserved but not all registrants */
8065		/* sa_res_key is res holder */
8066		if (sa_res_key == lun->pr_keys[lun->pr_res_idx]) {
8067			/* validate scope and type */
8068			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8069			     SPR_LU_SCOPE) {
8070				mtx_unlock(&lun->lun_lock);
8071				ctl_set_invalid_field(/*ctsio*/ ctsio,
8072						      /*sks_valid*/ 1,
8073						      /*command*/ 1,
8074						      /*field*/ 2,
8075						      /*bit_valid*/ 1,
8076						      /*bit*/ 4);
8077				ctl_done((union ctl_io *)ctsio);
8078				return (1);
8079			}
8080
8081			if (type>8 || type==2 || type==4 || type==0) {
8082				mtx_unlock(&lun->lun_lock);
8083				ctl_set_invalid_field(/*ctsio*/ ctsio,
8084						      /*sks_valid*/ 1,
8085						      /*command*/ 1,
8086						      /*field*/ 2,
8087						      /*bit_valid*/ 1,
8088						      /*bit*/ 0);
8089				ctl_done((union ctl_io *)ctsio);
8090				return (1);
8091			}
8092
8093			/*
8094			 * Do the following:
8095			 * if sa_res_key != res_key remove all
8096			 * registrants w/sa_res_key and generate UA
8097			 * for these registrants(Registrations
8098			 * Preempted) if it wasn't an exclusive
8099			 * reservation generate UA(Reservations
8100			 * Preempted) for all other registered nexuses
8101			 * if the type has changed. Establish the new
8102			 * reservation and holder. If res_key and
8103			 * sa_res_key are the same do the above
8104			 * except don't unregister the res holder.
8105			 */
8106
8107			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8108				if (i == residx || lun->pr_keys[i] == 0)
8109					continue;
8110
8111				if (sa_res_key == lun->pr_keys[i]) {
8112					lun->pr_keys[i] = 0;
8113					lun->pr_key_count--;
8114
8115					if (!persis_offset
8116					 && i < CTL_MAX_INITIATORS)
8117						lun->pending_ua[i] |=
8118							CTL_UA_REG_PREEMPT;
8119					else if (persis_offset
8120					      && i >= persis_offset)
8121						lun->pending_ua[i-persis_offset] |=
8122						  CTL_UA_REG_PREEMPT;
8123				} else if (type != lun->res_type
8124					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8125					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8126						if (!persis_offset
8127						 && i < CTL_MAX_INITIATORS)
8128							lun->pending_ua[i] |=
8129							CTL_UA_RES_RELEASE;
8130						else if (persis_offset
8131						      && i >= persis_offset)
8132							lun->pending_ua[
8133							i-persis_offset] |=
8134							CTL_UA_RES_RELEASE;
8135				}
8136			}
8137			lun->res_type = type;
8138			if (lun->res_type != SPR_TYPE_WR_EX_AR
8139			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8140				lun->pr_res_idx = residx;
8141			else
8142				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8143
8144			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8145			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8146			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8147			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8148			persis_io.pr.pr_info.res_type = type;
8149			memcpy(persis_io.pr.pr_info.sa_res_key,
8150			       param->serv_act_res_key,
8151			       sizeof(param->serv_act_res_key));
8152			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8153			     &persis_io, sizeof(persis_io), 0)) >
8154			     CTL_HA_STATUS_SUCCESS) {
8155				printf("CTL:Persis Out error returned "
8156				       "from ctl_ha_msg_send %d\n",
8157				       isc_retval);
8158			}
8159		} else {
8160			/*
8161			 * sa_res_key is not the res holder just
8162			 * remove registrants
8163			 */
8164			int found=0;
8165
8166			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8167				if (sa_res_key != lun->pr_keys[i])
8168					continue;
8169
8170				found = 1;
8171				lun->pr_keys[i] = 0;
8172				lun->pr_key_count--;
8173
8174				if (!persis_offset
8175				 && i < CTL_MAX_INITIATORS)
8176					lun->pending_ua[i] |=
8177						CTL_UA_REG_PREEMPT;
8178				else if (persis_offset
8179				      && i >= persis_offset)
8180					lun->pending_ua[i-persis_offset] |=
8181						CTL_UA_REG_PREEMPT;
8182			}
8183
8184			if (!found) {
8185				mtx_unlock(&lun->lun_lock);
8186				free(ctsio->kern_data_ptr, M_CTL);
8187				ctl_set_reservation_conflict(ctsio);
8188				ctl_done((union ctl_io *)ctsio);
8189		        	return (1);
8190			}
8191			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8192			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8193			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8194			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8195			persis_io.pr.pr_info.res_type = type;
8196			memcpy(persis_io.pr.pr_info.sa_res_key,
8197			       param->serv_act_res_key,
8198			       sizeof(param->serv_act_res_key));
8199			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8200			     &persis_io, sizeof(persis_io), 0)) >
8201			     CTL_HA_STATUS_SUCCESS) {
8202				printf("CTL:Persis Out error returned "
8203				       "from ctl_ha_msg_send %d\n",
8204				isc_retval);
8205			}
8206		}
8207	}
8208
8209	lun->PRGeneration++;
8210	mtx_unlock(&lun->lun_lock);
8211
8212	return (retval);
8213}
8214
8215static void
8216ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8217{
8218	uint64_t sa_res_key;
8219	int i;
8220
8221	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8222
8223	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8224	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8225	 || sa_res_key != lun->pr_keys[lun->pr_res_idx]) {
8226		if (sa_res_key == 0) {
8227			/*
8228			 * Unregister everybody else and build UA for
8229			 * them
8230			 */
8231			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8232				if (i == msg->pr.pr_info.residx ||
8233				    lun->pr_keys[i] == 0)
8234					continue;
8235
8236				if (!persis_offset
8237				 && i < CTL_MAX_INITIATORS)
8238					lun->pending_ua[i] |=
8239						CTL_UA_REG_PREEMPT;
8240				else if (persis_offset && i >= persis_offset)
8241					lun->pending_ua[i - persis_offset] |=
8242						CTL_UA_REG_PREEMPT;
8243				lun->pr_keys[i] = 0;
8244			}
8245
8246			lun->pr_key_count = 1;
8247			lun->res_type = msg->pr.pr_info.res_type;
8248			if (lun->res_type != SPR_TYPE_WR_EX_AR
8249			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8250				lun->pr_res_idx = msg->pr.pr_info.residx;
8251		} else {
8252		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8253				if (sa_res_key == lun->pr_keys[i])
8254					continue;
8255
8256				lun->pr_keys[i] = 0;
8257				lun->pr_key_count--;
8258
8259				if (!persis_offset
8260				 && i < persis_offset)
8261					lun->pending_ua[i] |=
8262						CTL_UA_REG_PREEMPT;
8263				else if (persis_offset
8264				      && i >= persis_offset)
8265					lun->pending_ua[i - persis_offset] |=
8266						CTL_UA_REG_PREEMPT;
8267			}
8268		}
8269	} else {
8270		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8271			if (i == msg->pr.pr_info.residx ||
8272			    lun->pr_keys[i] == 0)
8273				continue;
8274
8275			if (sa_res_key == lun->pr_keys[i]) {
8276				lun->pr_keys[i] = 0;
8277				lun->pr_key_count--;
8278				if (!persis_offset
8279				 && i < CTL_MAX_INITIATORS)
8280					lun->pending_ua[i] |=
8281						CTL_UA_REG_PREEMPT;
8282				else if (persis_offset
8283				      && i >= persis_offset)
8284					lun->pending_ua[i - persis_offset] |=
8285						CTL_UA_REG_PREEMPT;
8286			} else if (msg->pr.pr_info.res_type != lun->res_type
8287				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8288				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8289					if (!persis_offset
8290					 && i < persis_offset)
8291						lun->pending_ua[i] |=
8292							CTL_UA_RES_RELEASE;
8293					else if (persis_offset
8294					      && i >= persis_offset)
8295					lun->pending_ua[i - persis_offset] |=
8296						CTL_UA_RES_RELEASE;
8297			}
8298		}
8299		lun->res_type = msg->pr.pr_info.res_type;
8300		if (lun->res_type != SPR_TYPE_WR_EX_AR
8301		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8302			lun->pr_res_idx = msg->pr.pr_info.residx;
8303		else
8304			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8305	}
8306	lun->PRGeneration++;
8307
8308}
8309
8310
8311int
8312ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8313{
8314	int retval;
8315	int isc_retval;
8316	u_int32_t param_len;
8317	struct scsi_per_res_out *cdb;
8318	struct ctl_lun *lun;
8319	struct scsi_per_res_out_parms* param;
8320	struct ctl_softc *softc;
8321	uint32_t residx;
8322	uint64_t res_key, sa_res_key;
8323	uint8_t type;
8324	union ctl_ha_msg persis_io;
8325	int    i;
8326
8327	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8328
8329	retval = CTL_RETVAL_COMPLETE;
8330
8331	softc = control_softc;
8332
8333	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8334	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8335
8336	/*
8337	 * We only support whole-LUN scope.  The scope & type are ignored for
8338	 * register, register and ignore existing key and clear.
8339	 * We sometimes ignore scope and type on preempts too!!
8340	 * Verify reservation type here as well.
8341	 */
8342	type = cdb->scope_type & SPR_TYPE_MASK;
8343	if ((cdb->action == SPRO_RESERVE)
8344	 || (cdb->action == SPRO_RELEASE)) {
8345		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8346			ctl_set_invalid_field(/*ctsio*/ ctsio,
8347					      /*sks_valid*/ 1,
8348					      /*command*/ 1,
8349					      /*field*/ 2,
8350					      /*bit_valid*/ 1,
8351					      /*bit*/ 4);
8352			ctl_done((union ctl_io *)ctsio);
8353			return (CTL_RETVAL_COMPLETE);
8354		}
8355
8356		if (type>8 || type==2 || type==4 || type==0) {
8357			ctl_set_invalid_field(/*ctsio*/ ctsio,
8358					      /*sks_valid*/ 1,
8359					      /*command*/ 1,
8360					      /*field*/ 2,
8361					      /*bit_valid*/ 1,
8362					      /*bit*/ 0);
8363			ctl_done((union ctl_io *)ctsio);
8364			return (CTL_RETVAL_COMPLETE);
8365		}
8366	}
8367
8368	param_len = scsi_4btoul(cdb->length);
8369
8370	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8371		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8372		ctsio->kern_data_len = param_len;
8373		ctsio->kern_total_len = param_len;
8374		ctsio->kern_data_resid = 0;
8375		ctsio->kern_rel_offset = 0;
8376		ctsio->kern_sg_entries = 0;
8377		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8378		ctsio->be_move_done = ctl_config_move_done;
8379		ctl_datamove((union ctl_io *)ctsio);
8380
8381		return (CTL_RETVAL_COMPLETE);
8382	}
8383
8384	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8385
8386	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8387	res_key = scsi_8btou64(param->res_key.key);
8388	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8389
8390	/*
8391	 * Validate the reservation key here except for SPRO_REG_IGNO
8392	 * This must be done for all other service actions
8393	 */
8394	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8395		mtx_lock(&lun->lun_lock);
8396		if (lun->pr_keys[residx] != 0) {
8397		    if (res_key != lun->pr_keys[residx]) {
8398				/*
8399				 * The current key passed in doesn't match
8400				 * the one the initiator previously
8401				 * registered.
8402				 */
8403				mtx_unlock(&lun->lun_lock);
8404				free(ctsio->kern_data_ptr, M_CTL);
8405				ctl_set_reservation_conflict(ctsio);
8406				ctl_done((union ctl_io *)ctsio);
8407				return (CTL_RETVAL_COMPLETE);
8408			}
8409		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8410			/*
8411			 * We are not registered
8412			 */
8413			mtx_unlock(&lun->lun_lock);
8414			free(ctsio->kern_data_ptr, M_CTL);
8415			ctl_set_reservation_conflict(ctsio);
8416			ctl_done((union ctl_io *)ctsio);
8417			return (CTL_RETVAL_COMPLETE);
8418		} else if (res_key != 0) {
8419			/*
8420			 * We are not registered and trying to register but
8421			 * the register key isn't zero.
8422			 */
8423			mtx_unlock(&lun->lun_lock);
8424			free(ctsio->kern_data_ptr, M_CTL);
8425			ctl_set_reservation_conflict(ctsio);
8426			ctl_done((union ctl_io *)ctsio);
8427			return (CTL_RETVAL_COMPLETE);
8428		}
8429		mtx_unlock(&lun->lun_lock);
8430	}
8431
8432	switch (cdb->action & SPRO_ACTION_MASK) {
8433	case SPRO_REGISTER:
8434	case SPRO_REG_IGNO: {
8435
8436#if 0
8437		printf("Registration received\n");
8438#endif
8439
8440		/*
8441		 * We don't support any of these options, as we report in
8442		 * the read capabilities request (see
8443		 * ctl_persistent_reserve_in(), above).
8444		 */
8445		if ((param->flags & SPR_SPEC_I_PT)
8446		 || (param->flags & SPR_ALL_TG_PT)
8447		 || (param->flags & SPR_APTPL)) {
8448			int bit_ptr;
8449
8450			if (param->flags & SPR_APTPL)
8451				bit_ptr = 0;
8452			else if (param->flags & SPR_ALL_TG_PT)
8453				bit_ptr = 2;
8454			else /* SPR_SPEC_I_PT */
8455				bit_ptr = 3;
8456
8457			free(ctsio->kern_data_ptr, M_CTL);
8458			ctl_set_invalid_field(ctsio,
8459					      /*sks_valid*/ 1,
8460					      /*command*/ 0,
8461					      /*field*/ 20,
8462					      /*bit_valid*/ 1,
8463					      /*bit*/ bit_ptr);
8464			ctl_done((union ctl_io *)ctsio);
8465			return (CTL_RETVAL_COMPLETE);
8466		}
8467
8468		mtx_lock(&lun->lun_lock);
8469
8470		/*
8471		 * The initiator wants to clear the
8472		 * key/unregister.
8473		 */
8474		if (sa_res_key == 0) {
8475			if ((res_key == 0
8476			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8477			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8478			  && lun->pr_keys[residx] == 0)) {
8479				mtx_unlock(&lun->lun_lock);
8480				goto done;
8481			}
8482
8483			lun->pr_keys[residx] = 0;
8484			lun->pr_key_count--;
8485
8486			if (residx == lun->pr_res_idx) {
8487				lun->flags &= ~CTL_LUN_PR_RESERVED;
8488				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8489
8490				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8491				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8492				 && lun->pr_key_count) {
8493					/*
8494					 * If the reservation is a registrants
8495					 * only type we need to generate a UA
8496					 * for other registered inits.  The
8497					 * sense code should be RESERVATIONS
8498					 * RELEASED
8499					 */
8500
8501					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8502						if (lun->pr_keys[
8503						    i + persis_offset] == 0)
8504							continue;
8505						lun->pending_ua[i] |=
8506							CTL_UA_RES_RELEASE;
8507					}
8508				}
8509				lun->res_type = 0;
8510			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8511				if (lun->pr_key_count==0) {
8512					lun->flags &= ~CTL_LUN_PR_RESERVED;
8513					lun->res_type = 0;
8514					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8515				}
8516			}
8517			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8518			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8519			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8520			persis_io.pr.pr_info.residx = residx;
8521			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8522			     &persis_io, sizeof(persis_io), 0 )) >
8523			     CTL_HA_STATUS_SUCCESS) {
8524				printf("CTL:Persis Out error returned from "
8525				       "ctl_ha_msg_send %d\n", isc_retval);
8526			}
8527		} else /* sa_res_key != 0 */ {
8528
8529			/*
8530			 * If we aren't registered currently then increment
8531			 * the key count and set the registered flag.
8532			 */
8533			if (lun->pr_keys[residx] == 0)
8534				lun->pr_key_count++;
8535			lun->pr_keys[residx] = sa_res_key;
8536
8537			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8538			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8539			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8540			persis_io.pr.pr_info.residx = residx;
8541			memcpy(persis_io.pr.pr_info.sa_res_key,
8542			       param->serv_act_res_key,
8543			       sizeof(param->serv_act_res_key));
8544			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8545			     &persis_io, sizeof(persis_io), 0)) >
8546			     CTL_HA_STATUS_SUCCESS) {
8547				printf("CTL:Persis Out error returned from "
8548				       "ctl_ha_msg_send %d\n", isc_retval);
8549			}
8550		}
8551		lun->PRGeneration++;
8552		mtx_unlock(&lun->lun_lock);
8553
8554		break;
8555	}
8556	case SPRO_RESERVE:
8557#if 0
8558                printf("Reserve executed type %d\n", type);
8559#endif
8560		mtx_lock(&lun->lun_lock);
8561		if (lun->flags & CTL_LUN_PR_RESERVED) {
8562			/*
8563			 * if this isn't the reservation holder and it's
8564			 * not a "all registrants" type or if the type is
8565			 * different then we have a conflict
8566			 */
8567			if ((lun->pr_res_idx != residx
8568			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8569			 || lun->res_type != type) {
8570				mtx_unlock(&lun->lun_lock);
8571				free(ctsio->kern_data_ptr, M_CTL);
8572				ctl_set_reservation_conflict(ctsio);
8573				ctl_done((union ctl_io *)ctsio);
8574				return (CTL_RETVAL_COMPLETE);
8575			}
8576			mtx_unlock(&lun->lun_lock);
8577		} else /* create a reservation */ {
8578			/*
8579			 * If it's not an "all registrants" type record
8580			 * reservation holder
8581			 */
8582			if (type != SPR_TYPE_WR_EX_AR
8583			 && type != SPR_TYPE_EX_AC_AR)
8584				lun->pr_res_idx = residx; /* Res holder */
8585			else
8586				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8587
8588			lun->flags |= CTL_LUN_PR_RESERVED;
8589			lun->res_type = type;
8590
8591			mtx_unlock(&lun->lun_lock);
8592
8593			/* send msg to other side */
8594			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8595			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8596			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8597			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8598			persis_io.pr.pr_info.res_type = type;
8599			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8600			     &persis_io, sizeof(persis_io), 0)) >
8601			     CTL_HA_STATUS_SUCCESS) {
8602				printf("CTL:Persis Out error returned from "
8603				       "ctl_ha_msg_send %d\n", isc_retval);
8604			}
8605		}
8606		break;
8607
8608	case SPRO_RELEASE:
8609		mtx_lock(&lun->lun_lock);
8610		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8611			/* No reservation exists return good status */
8612			mtx_unlock(&lun->lun_lock);
8613			goto done;
8614		}
8615		/*
8616		 * Is this nexus a reservation holder?
8617		 */
8618		if (lun->pr_res_idx != residx
8619		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8620			/*
8621			 * not a res holder return good status but
8622			 * do nothing
8623			 */
8624			mtx_unlock(&lun->lun_lock);
8625			goto done;
8626		}
8627
8628		if (lun->res_type != type) {
8629			mtx_unlock(&lun->lun_lock);
8630			free(ctsio->kern_data_ptr, M_CTL);
8631			ctl_set_illegal_pr_release(ctsio);
8632			ctl_done((union ctl_io *)ctsio);
8633			return (CTL_RETVAL_COMPLETE);
8634		}
8635
8636		/* okay to release */
8637		lun->flags &= ~CTL_LUN_PR_RESERVED;
8638		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8639		lun->res_type = 0;
8640
8641		/*
8642		 * if this isn't an exclusive access
8643		 * res generate UA for all other
8644		 * registrants.
8645		 */
8646		if (type != SPR_TYPE_EX_AC
8647		 && type != SPR_TYPE_WR_EX) {
8648			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8649				if (i == residx ||
8650				    lun->pr_keys[i + persis_offset] == 0)
8651					continue;
8652				lun->pending_ua[i] |= CTL_UA_RES_RELEASE;
8653			}
8654		}
8655		mtx_unlock(&lun->lun_lock);
8656		/* Send msg to other side */
8657		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8658		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8659		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8660		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8661		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8662			printf("CTL:Persis Out error returned from "
8663			       "ctl_ha_msg_send %d\n", isc_retval);
8664		}
8665		break;
8666
8667	case SPRO_CLEAR:
8668		/* send msg to other side */
8669
8670		mtx_lock(&lun->lun_lock);
8671		lun->flags &= ~CTL_LUN_PR_RESERVED;
8672		lun->res_type = 0;
8673		lun->pr_key_count = 0;
8674		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8675
8676		lun->pr_keys[residx] = 0;
8677
8678		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8679			if (lun->pr_keys[i] != 0) {
8680				if (!persis_offset && i < CTL_MAX_INITIATORS)
8681					lun->pending_ua[i] |=
8682						CTL_UA_RES_PREEMPT;
8683				else if (persis_offset && i >= persis_offset)
8684					lun->pending_ua[i-persis_offset] |=
8685					    CTL_UA_RES_PREEMPT;
8686
8687				lun->pr_keys[i] = 0;
8688			}
8689		lun->PRGeneration++;
8690		mtx_unlock(&lun->lun_lock);
8691		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8692		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8693		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8694		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8695		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8696			printf("CTL:Persis Out error returned from "
8697			       "ctl_ha_msg_send %d\n", isc_retval);
8698		}
8699		break;
8700
8701	case SPRO_PREEMPT: {
8702		int nretval;
8703
8704		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8705					  residx, ctsio, cdb, param);
8706		if (nretval != 0)
8707			return (CTL_RETVAL_COMPLETE);
8708		break;
8709	}
8710	default:
8711		panic("Invalid PR type %x", cdb->action);
8712	}
8713
8714done:
8715	free(ctsio->kern_data_ptr, M_CTL);
8716	ctl_set_success(ctsio);
8717	ctl_done((union ctl_io *)ctsio);
8718
8719	return (retval);
8720}
8721
8722/*
8723 * This routine is for handling a message from the other SC pertaining to
8724 * persistent reserve out. All the error checking will have been done
8725 * so only perorming the action need be done here to keep the two
8726 * in sync.
8727 */
8728static void
8729ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8730{
8731	struct ctl_lun *lun;
8732	struct ctl_softc *softc;
8733	int i;
8734	uint32_t targ_lun;
8735
8736	softc = control_softc;
8737
8738	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8739	lun = softc->ctl_luns[targ_lun];
8740	mtx_lock(&lun->lun_lock);
8741	switch(msg->pr.pr_info.action) {
8742	case CTL_PR_REG_KEY:
8743		if (lun->pr_keys[msg->pr.pr_info.residx] == 0)
8744			lun->pr_key_count++;
8745		lun->pr_keys[msg->pr.pr_info.residx] =
8746		    scsi_8btou64(msg->pr.pr_info.sa_res_key);
8747		lun->PRGeneration++;
8748		break;
8749
8750	case CTL_PR_UNREG_KEY:
8751		lun->pr_keys[msg->pr.pr_info.residx] = 0;
8752		lun->pr_key_count--;
8753
8754		/* XXX Need to see if the reservation has been released */
8755		/* if so do we need to generate UA? */
8756		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8757			lun->flags &= ~CTL_LUN_PR_RESERVED;
8758			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8759
8760			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8761			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8762			 && lun->pr_key_count) {
8763				/*
8764				 * If the reservation is a registrants
8765				 * only type we need to generate a UA
8766				 * for other registered inits.  The
8767				 * sense code should be RESERVATIONS
8768				 * RELEASED
8769				 */
8770
8771				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8772					if (lun->pr_keys[i+
8773					    persis_offset] == 0)
8774						continue;
8775
8776					lun->pending_ua[i] |=
8777						CTL_UA_RES_RELEASE;
8778				}
8779			}
8780			lun->res_type = 0;
8781		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8782			if (lun->pr_key_count==0) {
8783				lun->flags &= ~CTL_LUN_PR_RESERVED;
8784				lun->res_type = 0;
8785				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8786			}
8787		}
8788		lun->PRGeneration++;
8789		break;
8790
8791	case CTL_PR_RESERVE:
8792		lun->flags |= CTL_LUN_PR_RESERVED;
8793		lun->res_type = msg->pr.pr_info.res_type;
8794		lun->pr_res_idx = msg->pr.pr_info.residx;
8795
8796		break;
8797
8798	case CTL_PR_RELEASE:
8799		/*
8800		 * if this isn't an exclusive access res generate UA for all
8801		 * other registrants.
8802		 */
8803		if (lun->res_type != SPR_TYPE_EX_AC
8804		 && lun->res_type != SPR_TYPE_WR_EX) {
8805			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8806				if (lun->pr_keys[i+persis_offset] != 0)
8807					lun->pending_ua[i] |=
8808						CTL_UA_RES_RELEASE;
8809		}
8810
8811		lun->flags &= ~CTL_LUN_PR_RESERVED;
8812		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8813		lun->res_type = 0;
8814		break;
8815
8816	case CTL_PR_PREEMPT:
8817		ctl_pro_preempt_other(lun, msg);
8818		break;
8819	case CTL_PR_CLEAR:
8820		lun->flags &= ~CTL_LUN_PR_RESERVED;
8821		lun->res_type = 0;
8822		lun->pr_key_count = 0;
8823		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8824
8825		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8826			if (lun->pr_keys[i] == 0)
8827				continue;
8828			if (!persis_offset
8829			 && i < CTL_MAX_INITIATORS)
8830				lun->pending_ua[i] |= CTL_UA_RES_PREEMPT;
8831			else if (persis_offset
8832			      && i >= persis_offset)
8833				lun->pending_ua[i-persis_offset] |=
8834					CTL_UA_RES_PREEMPT;
8835			lun->pr_keys[i] = 0;
8836		}
8837		lun->PRGeneration++;
8838		break;
8839	}
8840
8841	mtx_unlock(&lun->lun_lock);
8842}
8843
8844int
8845ctl_read_write(struct ctl_scsiio *ctsio)
8846{
8847	struct ctl_lun *lun;
8848	struct ctl_lba_len_flags *lbalen;
8849	uint64_t lba;
8850	uint32_t num_blocks;
8851	int flags, retval;
8852	int isread;
8853
8854	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8855
8856	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8857
8858	flags = 0;
8859	retval = CTL_RETVAL_COMPLETE;
8860
8861	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8862	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8863	if (lun->flags & CTL_LUN_PR_RESERVED && isread) {
8864		uint32_t residx;
8865
8866		/*
8867		 * XXX KDM need a lock here.
8868		 */
8869		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8870		if ((lun->res_type == SPR_TYPE_EX_AC
8871		  && residx != lun->pr_res_idx)
8872		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
8873		   || lun->res_type == SPR_TYPE_EX_AC_AR)
8874		  && lun->pr_keys[residx] == 0)) {
8875			ctl_set_reservation_conflict(ctsio);
8876			ctl_done((union ctl_io *)ctsio);
8877			return (CTL_RETVAL_COMPLETE);
8878	        }
8879	}
8880
8881	switch (ctsio->cdb[0]) {
8882	case READ_6:
8883	case WRITE_6: {
8884		struct scsi_rw_6 *cdb;
8885
8886		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8887
8888		lba = scsi_3btoul(cdb->addr);
8889		/* only 5 bits are valid in the most significant address byte */
8890		lba &= 0x1fffff;
8891		num_blocks = cdb->length;
8892		/*
8893		 * This is correct according to SBC-2.
8894		 */
8895		if (num_blocks == 0)
8896			num_blocks = 256;
8897		break;
8898	}
8899	case READ_10:
8900	case WRITE_10: {
8901		struct scsi_rw_10 *cdb;
8902
8903		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8904		if (cdb->byte2 & SRW10_FUA)
8905			flags |= CTL_LLF_FUA;
8906		if (cdb->byte2 & SRW10_DPO)
8907			flags |= CTL_LLF_DPO;
8908		lba = scsi_4btoul(cdb->addr);
8909		num_blocks = scsi_2btoul(cdb->length);
8910		break;
8911	}
8912	case WRITE_VERIFY_10: {
8913		struct scsi_write_verify_10 *cdb;
8914
8915		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8916		flags |= CTL_LLF_FUA;
8917		if (cdb->byte2 & SWV_DPO)
8918			flags |= CTL_LLF_DPO;
8919		lba = scsi_4btoul(cdb->addr);
8920		num_blocks = scsi_2btoul(cdb->length);
8921		break;
8922	}
8923	case READ_12:
8924	case WRITE_12: {
8925		struct scsi_rw_12 *cdb;
8926
8927		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8928		if (cdb->byte2 & SRW12_FUA)
8929			flags |= CTL_LLF_FUA;
8930		if (cdb->byte2 & SRW12_DPO)
8931			flags |= CTL_LLF_DPO;
8932		lba = scsi_4btoul(cdb->addr);
8933		num_blocks = scsi_4btoul(cdb->length);
8934		break;
8935	}
8936	case WRITE_VERIFY_12: {
8937		struct scsi_write_verify_12 *cdb;
8938
8939		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8940		flags |= CTL_LLF_FUA;
8941		if (cdb->byte2 & SWV_DPO)
8942			flags |= CTL_LLF_DPO;
8943		lba = scsi_4btoul(cdb->addr);
8944		num_blocks = scsi_4btoul(cdb->length);
8945		break;
8946	}
8947	case READ_16:
8948	case WRITE_16: {
8949		struct scsi_rw_16 *cdb;
8950
8951		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8952		if (cdb->byte2 & SRW12_FUA)
8953			flags |= CTL_LLF_FUA;
8954		if (cdb->byte2 & SRW12_DPO)
8955			flags |= CTL_LLF_DPO;
8956		lba = scsi_8btou64(cdb->addr);
8957		num_blocks = scsi_4btoul(cdb->length);
8958		break;
8959	}
8960	case WRITE_ATOMIC_16: {
8961		struct scsi_rw_16 *cdb;
8962
8963		if (lun->be_lun->atomicblock == 0) {
8964			ctl_set_invalid_opcode(ctsio);
8965			ctl_done((union ctl_io *)ctsio);
8966			return (CTL_RETVAL_COMPLETE);
8967		}
8968
8969		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8970		if (cdb->byte2 & SRW12_FUA)
8971			flags |= CTL_LLF_FUA;
8972		if (cdb->byte2 & SRW12_DPO)
8973			flags |= CTL_LLF_DPO;
8974		lba = scsi_8btou64(cdb->addr);
8975		num_blocks = scsi_4btoul(cdb->length);
8976		if (num_blocks > lun->be_lun->atomicblock) {
8977			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8978			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8979			    /*bit*/ 0);
8980			ctl_done((union ctl_io *)ctsio);
8981			return (CTL_RETVAL_COMPLETE);
8982		}
8983		break;
8984	}
8985	case WRITE_VERIFY_16: {
8986		struct scsi_write_verify_16 *cdb;
8987
8988		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8989		flags |= CTL_LLF_FUA;
8990		if (cdb->byte2 & SWV_DPO)
8991			flags |= CTL_LLF_DPO;
8992		lba = scsi_8btou64(cdb->addr);
8993		num_blocks = scsi_4btoul(cdb->length);
8994		break;
8995	}
8996	default:
8997		/*
8998		 * We got a command we don't support.  This shouldn't
8999		 * happen, commands should be filtered out above us.
9000		 */
9001		ctl_set_invalid_opcode(ctsio);
9002		ctl_done((union ctl_io *)ctsio);
9003
9004		return (CTL_RETVAL_COMPLETE);
9005		break; /* NOTREACHED */
9006	}
9007
9008	/*
9009	 * The first check is to make sure we're in bounds, the second
9010	 * check is to catch wrap-around problems.  If the lba + num blocks
9011	 * is less than the lba, then we've wrapped around and the block
9012	 * range is invalid anyway.
9013	 */
9014	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9015	 || ((lba + num_blocks) < lba)) {
9016		ctl_set_lba_out_of_range(ctsio);
9017		ctl_done((union ctl_io *)ctsio);
9018		return (CTL_RETVAL_COMPLETE);
9019	}
9020
9021	/*
9022	 * According to SBC-3, a transfer length of 0 is not an error.
9023	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9024	 * translates to 256 blocks for those commands.
9025	 */
9026	if (num_blocks == 0) {
9027		ctl_set_success(ctsio);
9028		ctl_done((union ctl_io *)ctsio);
9029		return (CTL_RETVAL_COMPLETE);
9030	}
9031
9032	/* Set FUA and/or DPO if caches are disabled. */
9033	if (isread) {
9034		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9035		    SCP_RCD) != 0)
9036			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9037	} else {
9038		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9039		    SCP_WCE) == 0)
9040			flags |= CTL_LLF_FUA;
9041	}
9042
9043	lbalen = (struct ctl_lba_len_flags *)
9044	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9045	lbalen->lba = lba;
9046	lbalen->len = num_blocks;
9047	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9048
9049	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9050	ctsio->kern_rel_offset = 0;
9051
9052	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9053
9054	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9055
9056	return (retval);
9057}
9058
9059static int
9060ctl_cnw_cont(union ctl_io *io)
9061{
9062	struct ctl_scsiio *ctsio;
9063	struct ctl_lun *lun;
9064	struct ctl_lba_len_flags *lbalen;
9065	int retval;
9066
9067	ctsio = &io->scsiio;
9068	ctsio->io_hdr.status = CTL_STATUS_NONE;
9069	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9070	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9071	lbalen = (struct ctl_lba_len_flags *)
9072	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9073	lbalen->flags &= ~CTL_LLF_COMPARE;
9074	lbalen->flags |= CTL_LLF_WRITE;
9075
9076	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9077	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9078	return (retval);
9079}
9080
9081int
9082ctl_cnw(struct ctl_scsiio *ctsio)
9083{
9084	struct ctl_lun *lun;
9085	struct ctl_lba_len_flags *lbalen;
9086	uint64_t lba;
9087	uint32_t num_blocks;
9088	int flags, retval;
9089
9090	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9091
9092	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9093
9094	flags = 0;
9095	retval = CTL_RETVAL_COMPLETE;
9096
9097	switch (ctsio->cdb[0]) {
9098	case COMPARE_AND_WRITE: {
9099		struct scsi_compare_and_write *cdb;
9100
9101		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9102		if (cdb->byte2 & SRW10_FUA)
9103			flags |= CTL_LLF_FUA;
9104		if (cdb->byte2 & SRW10_DPO)
9105			flags |= CTL_LLF_DPO;
9106		lba = scsi_8btou64(cdb->addr);
9107		num_blocks = cdb->length;
9108		break;
9109	}
9110	default:
9111		/*
9112		 * We got a command we don't support.  This shouldn't
9113		 * happen, commands should be filtered out above us.
9114		 */
9115		ctl_set_invalid_opcode(ctsio);
9116		ctl_done((union ctl_io *)ctsio);
9117
9118		return (CTL_RETVAL_COMPLETE);
9119		break; /* NOTREACHED */
9120	}
9121
9122	/*
9123	 * The first check is to make sure we're in bounds, the second
9124	 * check is to catch wrap-around problems.  If the lba + num blocks
9125	 * is less than the lba, then we've wrapped around and the block
9126	 * range is invalid anyway.
9127	 */
9128	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9129	 || ((lba + num_blocks) < lba)) {
9130		ctl_set_lba_out_of_range(ctsio);
9131		ctl_done((union ctl_io *)ctsio);
9132		return (CTL_RETVAL_COMPLETE);
9133	}
9134
9135	/*
9136	 * According to SBC-3, a transfer length of 0 is not an error.
9137	 */
9138	if (num_blocks == 0) {
9139		ctl_set_success(ctsio);
9140		ctl_done((union ctl_io *)ctsio);
9141		return (CTL_RETVAL_COMPLETE);
9142	}
9143
9144	/* Set FUA if write cache is disabled. */
9145	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9146	    SCP_WCE) == 0)
9147		flags |= CTL_LLF_FUA;
9148
9149	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9150	ctsio->kern_rel_offset = 0;
9151
9152	/*
9153	 * Set the IO_CONT flag, so that if this I/O gets passed to
9154	 * ctl_data_submit_done(), it'll get passed back to
9155	 * ctl_ctl_cnw_cont() for further processing.
9156	 */
9157	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9158	ctsio->io_cont = ctl_cnw_cont;
9159
9160	lbalen = (struct ctl_lba_len_flags *)
9161	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9162	lbalen->lba = lba;
9163	lbalen->len = num_blocks;
9164	lbalen->flags = CTL_LLF_COMPARE | flags;
9165
9166	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9167	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9168	return (retval);
9169}
9170
9171int
9172ctl_verify(struct ctl_scsiio *ctsio)
9173{
9174	struct ctl_lun *lun;
9175	struct ctl_lba_len_flags *lbalen;
9176	uint64_t lba;
9177	uint32_t num_blocks;
9178	int bytchk, flags;
9179	int retval;
9180
9181	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9182
9183	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9184
9185	bytchk = 0;
9186	flags = CTL_LLF_FUA;
9187	retval = CTL_RETVAL_COMPLETE;
9188
9189	switch (ctsio->cdb[0]) {
9190	case VERIFY_10: {
9191		struct scsi_verify_10 *cdb;
9192
9193		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9194		if (cdb->byte2 & SVFY_BYTCHK)
9195			bytchk = 1;
9196		if (cdb->byte2 & SVFY_DPO)
9197			flags |= CTL_LLF_DPO;
9198		lba = scsi_4btoul(cdb->addr);
9199		num_blocks = scsi_2btoul(cdb->length);
9200		break;
9201	}
9202	case VERIFY_12: {
9203		struct scsi_verify_12 *cdb;
9204
9205		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9206		if (cdb->byte2 & SVFY_BYTCHK)
9207			bytchk = 1;
9208		if (cdb->byte2 & SVFY_DPO)
9209			flags |= CTL_LLF_DPO;
9210		lba = scsi_4btoul(cdb->addr);
9211		num_blocks = scsi_4btoul(cdb->length);
9212		break;
9213	}
9214	case VERIFY_16: {
9215		struct scsi_rw_16 *cdb;
9216
9217		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9218		if (cdb->byte2 & SVFY_BYTCHK)
9219			bytchk = 1;
9220		if (cdb->byte2 & SVFY_DPO)
9221			flags |= CTL_LLF_DPO;
9222		lba = scsi_8btou64(cdb->addr);
9223		num_blocks = scsi_4btoul(cdb->length);
9224		break;
9225	}
9226	default:
9227		/*
9228		 * We got a command we don't support.  This shouldn't
9229		 * happen, commands should be filtered out above us.
9230		 */
9231		ctl_set_invalid_opcode(ctsio);
9232		ctl_done((union ctl_io *)ctsio);
9233		return (CTL_RETVAL_COMPLETE);
9234	}
9235
9236	/*
9237	 * The first check is to make sure we're in bounds, the second
9238	 * check is to catch wrap-around problems.  If the lba + num blocks
9239	 * is less than the lba, then we've wrapped around and the block
9240	 * range is invalid anyway.
9241	 */
9242	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9243	 || ((lba + num_blocks) < lba)) {
9244		ctl_set_lba_out_of_range(ctsio);
9245		ctl_done((union ctl_io *)ctsio);
9246		return (CTL_RETVAL_COMPLETE);
9247	}
9248
9249	/*
9250	 * According to SBC-3, a transfer length of 0 is not an error.
9251	 */
9252	if (num_blocks == 0) {
9253		ctl_set_success(ctsio);
9254		ctl_done((union ctl_io *)ctsio);
9255		return (CTL_RETVAL_COMPLETE);
9256	}
9257
9258	lbalen = (struct ctl_lba_len_flags *)
9259	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9260	lbalen->lba = lba;
9261	lbalen->len = num_blocks;
9262	if (bytchk) {
9263		lbalen->flags = CTL_LLF_COMPARE | flags;
9264		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9265	} else {
9266		lbalen->flags = CTL_LLF_VERIFY | flags;
9267		ctsio->kern_total_len = 0;
9268	}
9269	ctsio->kern_rel_offset = 0;
9270
9271	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9272	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9273	return (retval);
9274}
9275
9276int
9277ctl_report_luns(struct ctl_scsiio *ctsio)
9278{
9279	struct scsi_report_luns *cdb;
9280	struct scsi_report_luns_data *lun_data;
9281	struct ctl_lun *lun, *request_lun;
9282	int num_luns, retval;
9283	uint32_t alloc_len, lun_datalen;
9284	int num_filled, well_known;
9285	uint32_t initidx, targ_lun_id, lun_id;
9286
9287	retval = CTL_RETVAL_COMPLETE;
9288	well_known = 0;
9289
9290	cdb = (struct scsi_report_luns *)ctsio->cdb;
9291
9292	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9293
9294	mtx_lock(&control_softc->ctl_lock);
9295	num_luns = control_softc->num_luns;
9296	mtx_unlock(&control_softc->ctl_lock);
9297
9298	switch (cdb->select_report) {
9299	case RPL_REPORT_DEFAULT:
9300	case RPL_REPORT_ALL:
9301		break;
9302	case RPL_REPORT_WELLKNOWN:
9303		well_known = 1;
9304		num_luns = 0;
9305		break;
9306	default:
9307		ctl_set_invalid_field(ctsio,
9308				      /*sks_valid*/ 1,
9309				      /*command*/ 1,
9310				      /*field*/ 2,
9311				      /*bit_valid*/ 0,
9312				      /*bit*/ 0);
9313		ctl_done((union ctl_io *)ctsio);
9314		return (retval);
9315		break; /* NOTREACHED */
9316	}
9317
9318	alloc_len = scsi_4btoul(cdb->length);
9319	/*
9320	 * The initiator has to allocate at least 16 bytes for this request,
9321	 * so he can at least get the header and the first LUN.  Otherwise
9322	 * we reject the request (per SPC-3 rev 14, section 6.21).
9323	 */
9324	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9325	    sizeof(struct scsi_report_luns_lundata))) {
9326		ctl_set_invalid_field(ctsio,
9327				      /*sks_valid*/ 1,
9328				      /*command*/ 1,
9329				      /*field*/ 6,
9330				      /*bit_valid*/ 0,
9331				      /*bit*/ 0);
9332		ctl_done((union ctl_io *)ctsio);
9333		return (retval);
9334	}
9335
9336	request_lun = (struct ctl_lun *)
9337		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9338
9339	lun_datalen = sizeof(*lun_data) +
9340		(num_luns * sizeof(struct scsi_report_luns_lundata));
9341
9342	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9343	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9344	ctsio->kern_sg_entries = 0;
9345
9346	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9347
9348	mtx_lock(&control_softc->ctl_lock);
9349	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9350		lun_id = ctl_map_lun(ctsio->io_hdr.nexus.targ_port, targ_lun_id);
9351		if (lun_id >= CTL_MAX_LUNS)
9352			continue;
9353		lun = control_softc->ctl_luns[lun_id];
9354		if (lun == NULL)
9355			continue;
9356
9357		if (targ_lun_id <= 0xff) {
9358			/*
9359			 * Peripheral addressing method, bus number 0.
9360			 */
9361			lun_data->luns[num_filled].lundata[0] =
9362				RPL_LUNDATA_ATYP_PERIPH;
9363			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9364			num_filled++;
9365		} else if (targ_lun_id <= 0x3fff) {
9366			/*
9367			 * Flat addressing method.
9368			 */
9369			lun_data->luns[num_filled].lundata[0] =
9370				RPL_LUNDATA_ATYP_FLAT |
9371				(targ_lun_id & RPL_LUNDATA_FLAT_LUN_MASK);
9372#ifdef OLDCTLHEADERS
9373				(SRLD_ADDR_FLAT << SRLD_ADDR_SHIFT) |
9374				(targ_lun_id & SRLD_BUS_LUN_MASK);
9375#endif
9376			lun_data->luns[num_filled].lundata[1] =
9377#ifdef OLDCTLHEADERS
9378				targ_lun_id >> SRLD_BUS_LUN_BITS;
9379#endif
9380				targ_lun_id >> RPL_LUNDATA_FLAT_LUN_BITS;
9381			num_filled++;
9382		} else {
9383			printf("ctl_report_luns: bogus LUN number %jd, "
9384			       "skipping\n", (intmax_t)targ_lun_id);
9385		}
9386		/*
9387		 * According to SPC-3, rev 14 section 6.21:
9388		 *
9389		 * "The execution of a REPORT LUNS command to any valid and
9390		 * installed logical unit shall clear the REPORTED LUNS DATA
9391		 * HAS CHANGED unit attention condition for all logical
9392		 * units of that target with respect to the requesting
9393		 * initiator. A valid and installed logical unit is one
9394		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9395		 * INQUIRY data (see 6.4.2)."
9396		 *
9397		 * If request_lun is NULL, the LUN this report luns command
9398		 * was issued to is either disabled or doesn't exist. In that
9399		 * case, we shouldn't clear any pending lun change unit
9400		 * attention.
9401		 */
9402		if (request_lun != NULL) {
9403			mtx_lock(&lun->lun_lock);
9404			lun->pending_ua[initidx] &= ~CTL_UA_LUN_CHANGE;
9405			mtx_unlock(&lun->lun_lock);
9406		}
9407	}
9408	mtx_unlock(&control_softc->ctl_lock);
9409
9410	/*
9411	 * It's quite possible that we've returned fewer LUNs than we allocated
9412	 * space for.  Trim it.
9413	 */
9414	lun_datalen = sizeof(*lun_data) +
9415		(num_filled * sizeof(struct scsi_report_luns_lundata));
9416
9417	if (lun_datalen < alloc_len) {
9418		ctsio->residual = alloc_len - lun_datalen;
9419		ctsio->kern_data_len = lun_datalen;
9420		ctsio->kern_total_len = lun_datalen;
9421	} else {
9422		ctsio->residual = 0;
9423		ctsio->kern_data_len = alloc_len;
9424		ctsio->kern_total_len = alloc_len;
9425	}
9426	ctsio->kern_data_resid = 0;
9427	ctsio->kern_rel_offset = 0;
9428	ctsio->kern_sg_entries = 0;
9429
9430	/*
9431	 * We set this to the actual data length, regardless of how much
9432	 * space we actually have to return results.  If the user looks at
9433	 * this value, he'll know whether or not he allocated enough space
9434	 * and reissue the command if necessary.  We don't support well
9435	 * known logical units, so if the user asks for that, return none.
9436	 */
9437	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9438
9439	/*
9440	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9441	 * this request.
9442	 */
9443	ctsio->scsi_status = SCSI_STATUS_OK;
9444
9445	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9446	ctsio->be_move_done = ctl_config_move_done;
9447	ctl_datamove((union ctl_io *)ctsio);
9448
9449	return (retval);
9450}
9451
9452int
9453ctl_request_sense(struct ctl_scsiio *ctsio)
9454{
9455	struct scsi_request_sense *cdb;
9456	struct scsi_sense_data *sense_ptr;
9457	struct ctl_lun *lun;
9458	uint32_t initidx;
9459	int have_error;
9460	scsi_sense_data_type sense_format;
9461
9462	cdb = (struct scsi_request_sense *)ctsio->cdb;
9463
9464	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9465
9466	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9467
9468	/*
9469	 * Determine which sense format the user wants.
9470	 */
9471	if (cdb->byte2 & SRS_DESC)
9472		sense_format = SSD_TYPE_DESC;
9473	else
9474		sense_format = SSD_TYPE_FIXED;
9475
9476	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9477	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9478	ctsio->kern_sg_entries = 0;
9479
9480	/*
9481	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9482	 * larger than the largest allowed value for the length field in the
9483	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9484	 */
9485	ctsio->residual = 0;
9486	ctsio->kern_data_len = cdb->length;
9487	ctsio->kern_total_len = cdb->length;
9488
9489	ctsio->kern_data_resid = 0;
9490	ctsio->kern_rel_offset = 0;
9491	ctsio->kern_sg_entries = 0;
9492
9493	/*
9494	 * If we don't have a LUN, we don't have any pending sense.
9495	 */
9496	if (lun == NULL)
9497		goto no_sense;
9498
9499	have_error = 0;
9500	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9501	/*
9502	 * Check for pending sense, and then for pending unit attentions.
9503	 * Pending sense gets returned first, then pending unit attentions.
9504	 */
9505	mtx_lock(&lun->lun_lock);
9506#ifdef CTL_WITH_CA
9507	if (ctl_is_set(lun->have_ca, initidx)) {
9508		scsi_sense_data_type stored_format;
9509
9510		/*
9511		 * Check to see which sense format was used for the stored
9512		 * sense data.
9513		 */
9514		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9515
9516		/*
9517		 * If the user requested a different sense format than the
9518		 * one we stored, then we need to convert it to the other
9519		 * format.  If we're going from descriptor to fixed format
9520		 * sense data, we may lose things in translation, depending
9521		 * on what options were used.
9522		 *
9523		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9524		 * for some reason we'll just copy it out as-is.
9525		 */
9526		if ((stored_format == SSD_TYPE_FIXED)
9527		 && (sense_format == SSD_TYPE_DESC))
9528			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9529			    &lun->pending_sense[initidx],
9530			    (struct scsi_sense_data_desc *)sense_ptr);
9531		else if ((stored_format == SSD_TYPE_DESC)
9532		      && (sense_format == SSD_TYPE_FIXED))
9533			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9534			    &lun->pending_sense[initidx],
9535			    (struct scsi_sense_data_fixed *)sense_ptr);
9536		else
9537			memcpy(sense_ptr, &lun->pending_sense[initidx],
9538			       ctl_min(sizeof(*sense_ptr),
9539			       sizeof(lun->pending_sense[initidx])));
9540
9541		ctl_clear_mask(lun->have_ca, initidx);
9542		have_error = 1;
9543	} else
9544#endif
9545	if (lun->pending_ua[initidx] != CTL_UA_NONE) {
9546		ctl_ua_type ua_type;
9547
9548		ua_type = ctl_build_ua(&lun->pending_ua[initidx],
9549				       sense_ptr, sense_format);
9550		if (ua_type != CTL_UA_NONE)
9551			have_error = 1;
9552	}
9553	mtx_unlock(&lun->lun_lock);
9554
9555	/*
9556	 * We already have a pending error, return it.
9557	 */
9558	if (have_error != 0) {
9559		/*
9560		 * We report the SCSI status as OK, since the status of the
9561		 * request sense command itself is OK.
9562		 */
9563		ctsio->scsi_status = SCSI_STATUS_OK;
9564
9565		/*
9566		 * We report 0 for the sense length, because we aren't doing
9567		 * autosense in this case.  We're reporting sense as
9568		 * parameter data.
9569		 */
9570		ctsio->sense_len = 0;
9571		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9572		ctsio->be_move_done = ctl_config_move_done;
9573		ctl_datamove((union ctl_io *)ctsio);
9574
9575		return (CTL_RETVAL_COMPLETE);
9576	}
9577
9578no_sense:
9579
9580	/*
9581	 * No sense information to report, so we report that everything is
9582	 * okay.
9583	 */
9584	ctl_set_sense_data(sense_ptr,
9585			   lun,
9586			   sense_format,
9587			   /*current_error*/ 1,
9588			   /*sense_key*/ SSD_KEY_NO_SENSE,
9589			   /*asc*/ 0x00,
9590			   /*ascq*/ 0x00,
9591			   SSD_ELEM_NONE);
9592
9593	ctsio->scsi_status = SCSI_STATUS_OK;
9594
9595	/*
9596	 * We report 0 for the sense length, because we aren't doing
9597	 * autosense in this case.  We're reporting sense as parameter data.
9598	 */
9599	ctsio->sense_len = 0;
9600	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9601	ctsio->be_move_done = ctl_config_move_done;
9602	ctl_datamove((union ctl_io *)ctsio);
9603
9604	return (CTL_RETVAL_COMPLETE);
9605}
9606
9607int
9608ctl_tur(struct ctl_scsiio *ctsio)
9609{
9610	struct ctl_lun *lun;
9611
9612	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9613
9614	CTL_DEBUG_PRINT(("ctl_tur\n"));
9615
9616	if (lun == NULL)
9617		return (EINVAL);
9618
9619	ctsio->scsi_status = SCSI_STATUS_OK;
9620	ctsio->io_hdr.status = CTL_SUCCESS;
9621
9622	ctl_done((union ctl_io *)ctsio);
9623
9624	return (CTL_RETVAL_COMPLETE);
9625}
9626
9627#ifdef notyet
9628static int
9629ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9630{
9631
9632}
9633#endif
9634
9635static int
9636ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9637{
9638	struct scsi_vpd_supported_pages *pages;
9639	int sup_page_size;
9640	struct ctl_lun *lun;
9641
9642	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9643
9644	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9645	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9646	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9647	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9648	ctsio->kern_sg_entries = 0;
9649
9650	if (sup_page_size < alloc_len) {
9651		ctsio->residual = alloc_len - sup_page_size;
9652		ctsio->kern_data_len = sup_page_size;
9653		ctsio->kern_total_len = sup_page_size;
9654	} else {
9655		ctsio->residual = 0;
9656		ctsio->kern_data_len = alloc_len;
9657		ctsio->kern_total_len = alloc_len;
9658	}
9659	ctsio->kern_data_resid = 0;
9660	ctsio->kern_rel_offset = 0;
9661	ctsio->kern_sg_entries = 0;
9662
9663	/*
9664	 * The control device is always connected.  The disk device, on the
9665	 * other hand, may not be online all the time.  Need to change this
9666	 * to figure out whether the disk device is actually online or not.
9667	 */
9668	if (lun != NULL)
9669		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9670				lun->be_lun->lun_type;
9671	else
9672		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9673
9674	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
9675	/* Supported VPD pages */
9676	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
9677	/* Serial Number */
9678	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
9679	/* Device Identification */
9680	pages->page_list[2] = SVPD_DEVICE_ID;
9681	/* Extended INQUIRY Data */
9682	pages->page_list[3] = SVPD_EXTENDED_INQUIRY_DATA;
9683	/* Mode Page Policy */
9684	pages->page_list[4] = SVPD_MODE_PAGE_POLICY;
9685	/* SCSI Ports */
9686	pages->page_list[5] = SVPD_SCSI_PORTS;
9687	/* Third-party Copy */
9688	pages->page_list[6] = SVPD_SCSI_TPC;
9689	/* Block limits */
9690	pages->page_list[7] = SVPD_BLOCK_LIMITS;
9691	/* Block Device Characteristics */
9692	pages->page_list[8] = SVPD_BDC;
9693	/* Logical Block Provisioning */
9694	pages->page_list[9] = SVPD_LBP;
9695
9696	ctsio->scsi_status = SCSI_STATUS_OK;
9697
9698	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9699	ctsio->be_move_done = ctl_config_move_done;
9700	ctl_datamove((union ctl_io *)ctsio);
9701
9702	return (CTL_RETVAL_COMPLETE);
9703}
9704
9705static int
9706ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9707{
9708	struct scsi_vpd_unit_serial_number *sn_ptr;
9709	struct ctl_lun *lun;
9710	int data_len;
9711
9712	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9713
9714	data_len = 4 + CTL_SN_LEN;
9715	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9716	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9717	if (data_len < alloc_len) {
9718		ctsio->residual = alloc_len - data_len;
9719		ctsio->kern_data_len = data_len;
9720		ctsio->kern_total_len = data_len;
9721	} else {
9722		ctsio->residual = 0;
9723		ctsio->kern_data_len = alloc_len;
9724		ctsio->kern_total_len = alloc_len;
9725	}
9726	ctsio->kern_data_resid = 0;
9727	ctsio->kern_rel_offset = 0;
9728	ctsio->kern_sg_entries = 0;
9729
9730	/*
9731	 * The control device is always connected.  The disk device, on the
9732	 * other hand, may not be online all the time.  Need to change this
9733	 * to figure out whether the disk device is actually online or not.
9734	 */
9735	if (lun != NULL)
9736		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9737				  lun->be_lun->lun_type;
9738	else
9739		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9740
9741	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9742	sn_ptr->length = CTL_SN_LEN;
9743	/*
9744	 * If we don't have a LUN, we just leave the serial number as
9745	 * all spaces.
9746	 */
9747	if (lun != NULL) {
9748		strncpy((char *)sn_ptr->serial_num,
9749			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9750	} else
9751		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9752	ctsio->scsi_status = SCSI_STATUS_OK;
9753
9754	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9755	ctsio->be_move_done = ctl_config_move_done;
9756	ctl_datamove((union ctl_io *)ctsio);
9757
9758	return (CTL_RETVAL_COMPLETE);
9759}
9760
9761
9762static int
9763ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9764{
9765	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9766	struct ctl_lun *lun;
9767	int data_len;
9768
9769	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9770
9771	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9772	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9773	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9774	ctsio->kern_sg_entries = 0;
9775
9776	if (data_len < alloc_len) {
9777		ctsio->residual = alloc_len - data_len;
9778		ctsio->kern_data_len = data_len;
9779		ctsio->kern_total_len = data_len;
9780	} else {
9781		ctsio->residual = 0;
9782		ctsio->kern_data_len = alloc_len;
9783		ctsio->kern_total_len = alloc_len;
9784	}
9785	ctsio->kern_data_resid = 0;
9786	ctsio->kern_rel_offset = 0;
9787	ctsio->kern_sg_entries = 0;
9788
9789	/*
9790	 * The control device is always connected.  The disk device, on the
9791	 * other hand, may not be online all the time.
9792	 */
9793	if (lun != NULL)
9794		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9795				     lun->be_lun->lun_type;
9796	else
9797		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9798	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9799	eid_ptr->page_length = data_len - 4;
9800	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9801	eid_ptr->flags3 = SVPD_EID_V_SUP;
9802
9803	ctsio->scsi_status = SCSI_STATUS_OK;
9804	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9805	ctsio->be_move_done = ctl_config_move_done;
9806	ctl_datamove((union ctl_io *)ctsio);
9807
9808	return (CTL_RETVAL_COMPLETE);
9809}
9810
9811static int
9812ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9813{
9814	struct scsi_vpd_mode_page_policy *mpp_ptr;
9815	struct ctl_lun *lun;
9816	int data_len;
9817
9818	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9819
9820	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9821	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9822
9823	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9824	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9825	ctsio->kern_sg_entries = 0;
9826
9827	if (data_len < alloc_len) {
9828		ctsio->residual = alloc_len - data_len;
9829		ctsio->kern_data_len = data_len;
9830		ctsio->kern_total_len = data_len;
9831	} else {
9832		ctsio->residual = 0;
9833		ctsio->kern_data_len = alloc_len;
9834		ctsio->kern_total_len = alloc_len;
9835	}
9836	ctsio->kern_data_resid = 0;
9837	ctsio->kern_rel_offset = 0;
9838	ctsio->kern_sg_entries = 0;
9839
9840	/*
9841	 * The control device is always connected.  The disk device, on the
9842	 * other hand, may not be online all the time.
9843	 */
9844	if (lun != NULL)
9845		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9846				     lun->be_lun->lun_type;
9847	else
9848		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9849	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9850	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9851	mpp_ptr->descr[0].page_code = 0x3f;
9852	mpp_ptr->descr[0].subpage_code = 0xff;
9853	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9854
9855	ctsio->scsi_status = SCSI_STATUS_OK;
9856	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9857	ctsio->be_move_done = ctl_config_move_done;
9858	ctl_datamove((union ctl_io *)ctsio);
9859
9860	return (CTL_RETVAL_COMPLETE);
9861}
9862
9863static int
9864ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9865{
9866	struct scsi_vpd_device_id *devid_ptr;
9867	struct scsi_vpd_id_descriptor *desc;
9868	struct ctl_softc *ctl_softc;
9869	struct ctl_lun *lun;
9870	struct ctl_port *port;
9871	int data_len;
9872	uint8_t proto;
9873
9874	ctl_softc = control_softc;
9875
9876	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9877	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9878
9879	data_len = sizeof(struct scsi_vpd_device_id) +
9880	    sizeof(struct scsi_vpd_id_descriptor) +
9881		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9882	    sizeof(struct scsi_vpd_id_descriptor) +
9883		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9884	if (lun && lun->lun_devid)
9885		data_len += lun->lun_devid->len;
9886	if (port->port_devid)
9887		data_len += port->port_devid->len;
9888	if (port->target_devid)
9889		data_len += port->target_devid->len;
9890
9891	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9892	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9893	ctsio->kern_sg_entries = 0;
9894
9895	if (data_len < alloc_len) {
9896		ctsio->residual = alloc_len - data_len;
9897		ctsio->kern_data_len = data_len;
9898		ctsio->kern_total_len = data_len;
9899	} else {
9900		ctsio->residual = 0;
9901		ctsio->kern_data_len = alloc_len;
9902		ctsio->kern_total_len = alloc_len;
9903	}
9904	ctsio->kern_data_resid = 0;
9905	ctsio->kern_rel_offset = 0;
9906	ctsio->kern_sg_entries = 0;
9907
9908	/*
9909	 * The control device is always connected.  The disk device, on the
9910	 * other hand, may not be online all the time.
9911	 */
9912	if (lun != NULL)
9913		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9914				     lun->be_lun->lun_type;
9915	else
9916		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9917	devid_ptr->page_code = SVPD_DEVICE_ID;
9918	scsi_ulto2b(data_len - 4, devid_ptr->length);
9919
9920	if (port->port_type == CTL_PORT_FC)
9921		proto = SCSI_PROTO_FC << 4;
9922	else if (port->port_type == CTL_PORT_ISCSI)
9923		proto = SCSI_PROTO_ISCSI << 4;
9924	else
9925		proto = SCSI_PROTO_SPI << 4;
9926	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9927
9928	/*
9929	 * We're using a LUN association here.  i.e., this device ID is a
9930	 * per-LUN identifier.
9931	 */
9932	if (lun && lun->lun_devid) {
9933		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9934		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9935		    lun->lun_devid->len);
9936	}
9937
9938	/*
9939	 * This is for the WWPN which is a port association.
9940	 */
9941	if (port->port_devid) {
9942		memcpy(desc, port->port_devid->data, port->port_devid->len);
9943		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9944		    port->port_devid->len);
9945	}
9946
9947	/*
9948	 * This is for the Relative Target Port(type 4h) identifier
9949	 */
9950	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9951	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9952	    SVPD_ID_TYPE_RELTARG;
9953	desc->length = 4;
9954	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9955	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9956	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9957
9958	/*
9959	 * This is for the Target Port Group(type 5h) identifier
9960	 */
9961	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9962	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9963	    SVPD_ID_TYPE_TPORTGRP;
9964	desc->length = 4;
9965	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
9966	    &desc->identifier[2]);
9967	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9968	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9969
9970	/*
9971	 * This is for the Target identifier
9972	 */
9973	if (port->target_devid) {
9974		memcpy(desc, port->target_devid->data, port->target_devid->len);
9975	}
9976
9977	ctsio->scsi_status = SCSI_STATUS_OK;
9978	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9979	ctsio->be_move_done = ctl_config_move_done;
9980	ctl_datamove((union ctl_io *)ctsio);
9981
9982	return (CTL_RETVAL_COMPLETE);
9983}
9984
9985static int
9986ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9987{
9988	struct ctl_softc *softc = control_softc;
9989	struct scsi_vpd_scsi_ports *sp;
9990	struct scsi_vpd_port_designation *pd;
9991	struct scsi_vpd_port_designation_cont *pdc;
9992	struct ctl_lun *lun;
9993	struct ctl_port *port;
9994	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
9995	int num_target_port_groups, single;
9996
9997	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9998
9999	single = ctl_is_single;
10000	if (single)
10001		num_target_port_groups = 1;
10002	else
10003		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
10004	num_target_ports = 0;
10005	iid_len = 0;
10006	id_len = 0;
10007	mtx_lock(&softc->ctl_lock);
10008	STAILQ_FOREACH(port, &softc->port_list, links) {
10009		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10010			continue;
10011		if (lun != NULL &&
10012		    ctl_map_lun_back(port->targ_port, lun->lun) >=
10013		    CTL_MAX_LUNS)
10014			continue;
10015		num_target_ports++;
10016		if (port->init_devid)
10017			iid_len += port->init_devid->len;
10018		if (port->port_devid)
10019			id_len += port->port_devid->len;
10020	}
10021	mtx_unlock(&softc->ctl_lock);
10022
10023	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
10024	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10025	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10026	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10027	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10028	ctsio->kern_sg_entries = 0;
10029
10030	if (data_len < alloc_len) {
10031		ctsio->residual = alloc_len - data_len;
10032		ctsio->kern_data_len = data_len;
10033		ctsio->kern_total_len = data_len;
10034	} else {
10035		ctsio->residual = 0;
10036		ctsio->kern_data_len = alloc_len;
10037		ctsio->kern_total_len = alloc_len;
10038	}
10039	ctsio->kern_data_resid = 0;
10040	ctsio->kern_rel_offset = 0;
10041	ctsio->kern_sg_entries = 0;
10042
10043	/*
10044	 * The control device is always connected.  The disk device, on the
10045	 * other hand, may not be online all the time.  Need to change this
10046	 * to figure out whether the disk device is actually online or not.
10047	 */
10048	if (lun != NULL)
10049		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10050				  lun->be_lun->lun_type;
10051	else
10052		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10053
10054	sp->page_code = SVPD_SCSI_PORTS;
10055	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10056	    sp->page_length);
10057	pd = &sp->design[0];
10058
10059	mtx_lock(&softc->ctl_lock);
10060	if (softc->flags & CTL_FLAG_MASTER_SHELF)
10061		pg = 0;
10062	else
10063		pg = 1;
10064	for (g = 0; g < num_target_port_groups; g++) {
10065		STAILQ_FOREACH(port, &softc->port_list, links) {
10066			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10067				continue;
10068			if (lun != NULL &&
10069			    ctl_map_lun_back(port->targ_port, lun->lun) >=
10070			    CTL_MAX_LUNS)
10071				continue;
10072			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
10073			scsi_ulto2b(p, pd->relative_port_id);
10074			if (port->init_devid && g == pg) {
10075				iid_len = port->init_devid->len;
10076				memcpy(pd->initiator_transportid,
10077				    port->init_devid->data, port->init_devid->len);
10078			} else
10079				iid_len = 0;
10080			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10081			pdc = (struct scsi_vpd_port_designation_cont *)
10082			    (&pd->initiator_transportid[iid_len]);
10083			if (port->port_devid && g == pg) {
10084				id_len = port->port_devid->len;
10085				memcpy(pdc->target_port_descriptors,
10086				    port->port_devid->data, port->port_devid->len);
10087			} else
10088				id_len = 0;
10089			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10090			pd = (struct scsi_vpd_port_designation *)
10091			    ((uint8_t *)pdc->target_port_descriptors + id_len);
10092		}
10093	}
10094	mtx_unlock(&softc->ctl_lock);
10095
10096	ctsio->scsi_status = SCSI_STATUS_OK;
10097	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10098	ctsio->be_move_done = ctl_config_move_done;
10099	ctl_datamove((union ctl_io *)ctsio);
10100
10101	return (CTL_RETVAL_COMPLETE);
10102}
10103
10104static int
10105ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10106{
10107	struct scsi_vpd_block_limits *bl_ptr;
10108	struct ctl_lun *lun;
10109	int bs;
10110
10111	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10112
10113	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10114	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10115	ctsio->kern_sg_entries = 0;
10116
10117	if (sizeof(*bl_ptr) < alloc_len) {
10118		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10119		ctsio->kern_data_len = sizeof(*bl_ptr);
10120		ctsio->kern_total_len = sizeof(*bl_ptr);
10121	} else {
10122		ctsio->residual = 0;
10123		ctsio->kern_data_len = alloc_len;
10124		ctsio->kern_total_len = alloc_len;
10125	}
10126	ctsio->kern_data_resid = 0;
10127	ctsio->kern_rel_offset = 0;
10128	ctsio->kern_sg_entries = 0;
10129
10130	/*
10131	 * The control device is always connected.  The disk device, on the
10132	 * other hand, may not be online all the time.  Need to change this
10133	 * to figure out whether the disk device is actually online or not.
10134	 */
10135	if (lun != NULL)
10136		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10137				  lun->be_lun->lun_type;
10138	else
10139		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10140
10141	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10142	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10143	bl_ptr->max_cmp_write_len = 0xff;
10144	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10145	if (lun != NULL) {
10146		bs = lun->be_lun->blocksize;
10147		scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
10148		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10149			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10150			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10151			if (lun->be_lun->pblockexp != 0) {
10152				scsi_ulto4b((1 << lun->be_lun->pblockexp),
10153				    bl_ptr->opt_unmap_grain);
10154				scsi_ulto4b(0x80000000 | lun->be_lun->pblockoff,
10155				    bl_ptr->unmap_grain_align);
10156			}
10157		}
10158		scsi_ulto4b(lun->be_lun->atomicblock,
10159		    bl_ptr->max_atomic_transfer_length);
10160		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10161		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10162	}
10163	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10164
10165	ctsio->scsi_status = SCSI_STATUS_OK;
10166	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10167	ctsio->be_move_done = ctl_config_move_done;
10168	ctl_datamove((union ctl_io *)ctsio);
10169
10170	return (CTL_RETVAL_COMPLETE);
10171}
10172
10173static int
10174ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10175{
10176	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10177	struct ctl_lun *lun;
10178
10179	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10180
10181	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10182	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10183	ctsio->kern_sg_entries = 0;
10184
10185	if (sizeof(*bdc_ptr) < alloc_len) {
10186		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10187		ctsio->kern_data_len = sizeof(*bdc_ptr);
10188		ctsio->kern_total_len = sizeof(*bdc_ptr);
10189	} else {
10190		ctsio->residual = 0;
10191		ctsio->kern_data_len = alloc_len;
10192		ctsio->kern_total_len = alloc_len;
10193	}
10194	ctsio->kern_data_resid = 0;
10195	ctsio->kern_rel_offset = 0;
10196	ctsio->kern_sg_entries = 0;
10197
10198	/*
10199	 * The control device is always connected.  The disk device, on the
10200	 * other hand, may not be online all the time.  Need to change this
10201	 * to figure out whether the disk device is actually online or not.
10202	 */
10203	if (lun != NULL)
10204		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10205				  lun->be_lun->lun_type;
10206	else
10207		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10208	bdc_ptr->page_code = SVPD_BDC;
10209	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10210	scsi_ulto2b(SVPD_NON_ROTATING, bdc_ptr->medium_rotation_rate);
10211	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10212
10213	ctsio->scsi_status = SCSI_STATUS_OK;
10214	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10215	ctsio->be_move_done = ctl_config_move_done;
10216	ctl_datamove((union ctl_io *)ctsio);
10217
10218	return (CTL_RETVAL_COMPLETE);
10219}
10220
10221static int
10222ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10223{
10224	struct scsi_vpd_logical_block_prov *lbp_ptr;
10225	struct ctl_lun *lun;
10226
10227	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10228
10229	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10230	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10231	ctsio->kern_sg_entries = 0;
10232
10233	if (sizeof(*lbp_ptr) < alloc_len) {
10234		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10235		ctsio->kern_data_len = sizeof(*lbp_ptr);
10236		ctsio->kern_total_len = sizeof(*lbp_ptr);
10237	} else {
10238		ctsio->residual = 0;
10239		ctsio->kern_data_len = alloc_len;
10240		ctsio->kern_total_len = alloc_len;
10241	}
10242	ctsio->kern_data_resid = 0;
10243	ctsio->kern_rel_offset = 0;
10244	ctsio->kern_sg_entries = 0;
10245
10246	/*
10247	 * The control device is always connected.  The disk device, on the
10248	 * other hand, may not be online all the time.  Need to change this
10249	 * to figure out whether the disk device is actually online or not.
10250	 */
10251	if (lun != NULL)
10252		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10253				  lun->be_lun->lun_type;
10254	else
10255		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10256
10257	lbp_ptr->page_code = SVPD_LBP;
10258	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10259	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10260		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10261		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10262		lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
10263	}
10264
10265	ctsio->scsi_status = SCSI_STATUS_OK;
10266	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10267	ctsio->be_move_done = ctl_config_move_done;
10268	ctl_datamove((union ctl_io *)ctsio);
10269
10270	return (CTL_RETVAL_COMPLETE);
10271}
10272
10273static int
10274ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10275{
10276	struct scsi_inquiry *cdb;
10277	struct ctl_lun *lun;
10278	int alloc_len, retval;
10279
10280	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10281	cdb = (struct scsi_inquiry *)ctsio->cdb;
10282
10283	retval = CTL_RETVAL_COMPLETE;
10284
10285	alloc_len = scsi_2btoul(cdb->length);
10286
10287	switch (cdb->page_code) {
10288	case SVPD_SUPPORTED_PAGES:
10289		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10290		break;
10291	case SVPD_UNIT_SERIAL_NUMBER:
10292		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10293		break;
10294	case SVPD_DEVICE_ID:
10295		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10296		break;
10297	case SVPD_EXTENDED_INQUIRY_DATA:
10298		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10299		break;
10300	case SVPD_MODE_PAGE_POLICY:
10301		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10302		break;
10303	case SVPD_SCSI_PORTS:
10304		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10305		break;
10306	case SVPD_SCSI_TPC:
10307		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10308		break;
10309	case SVPD_BLOCK_LIMITS:
10310		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10311		break;
10312	case SVPD_BDC:
10313		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10314		break;
10315	case SVPD_LBP:
10316		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10317		break;
10318	default:
10319		ctl_set_invalid_field(ctsio,
10320				      /*sks_valid*/ 1,
10321				      /*command*/ 1,
10322				      /*field*/ 2,
10323				      /*bit_valid*/ 0,
10324				      /*bit*/ 0);
10325		ctl_done((union ctl_io *)ctsio);
10326		retval = CTL_RETVAL_COMPLETE;
10327		break;
10328	}
10329
10330	return (retval);
10331}
10332
10333static int
10334ctl_inquiry_std(struct ctl_scsiio *ctsio)
10335{
10336	struct scsi_inquiry_data *inq_ptr;
10337	struct scsi_inquiry *cdb;
10338	struct ctl_softc *ctl_softc;
10339	struct ctl_lun *lun;
10340	char *val;
10341	uint32_t alloc_len, data_len;
10342	ctl_port_type port_type;
10343
10344	ctl_softc = control_softc;
10345
10346	/*
10347	 * Figure out whether we're talking to a Fibre Channel port or not.
10348	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10349	 * SCSI front ends.
10350	 */
10351	port_type = ctl_softc->ctl_ports[
10352	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
10353	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10354		port_type = CTL_PORT_SCSI;
10355
10356	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10357	cdb = (struct scsi_inquiry *)ctsio->cdb;
10358	alloc_len = scsi_2btoul(cdb->length);
10359
10360	/*
10361	 * We malloc the full inquiry data size here and fill it
10362	 * in.  If the user only asks for less, we'll give him
10363	 * that much.
10364	 */
10365	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10366	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10367	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10368	ctsio->kern_sg_entries = 0;
10369	ctsio->kern_data_resid = 0;
10370	ctsio->kern_rel_offset = 0;
10371
10372	if (data_len < alloc_len) {
10373		ctsio->residual = alloc_len - data_len;
10374		ctsio->kern_data_len = data_len;
10375		ctsio->kern_total_len = data_len;
10376	} else {
10377		ctsio->residual = 0;
10378		ctsio->kern_data_len = alloc_len;
10379		ctsio->kern_total_len = alloc_len;
10380	}
10381
10382	/*
10383	 * If we have a LUN configured, report it as connected.  Otherwise,
10384	 * report that it is offline or no device is supported, depending
10385	 * on the value of inquiry_pq_no_lun.
10386	 *
10387	 * According to the spec (SPC-4 r34), the peripheral qualifier
10388	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10389	 *
10390	 * "A peripheral device having the specified peripheral device type
10391	 * is not connected to this logical unit. However, the device
10392	 * server is capable of supporting the specified peripheral device
10393	 * type on this logical unit."
10394	 *
10395	 * According to the same spec, the peripheral qualifier
10396	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10397	 *
10398	 * "The device server is not capable of supporting a peripheral
10399	 * device on this logical unit. For this peripheral qualifier the
10400	 * peripheral device type shall be set to 1Fh. All other peripheral
10401	 * device type values are reserved for this peripheral qualifier."
10402	 *
10403	 * Given the text, it would seem that we probably want to report that
10404	 * the LUN is offline here.  There is no LUN connected, but we can
10405	 * support a LUN at the given LUN number.
10406	 *
10407	 * In the real world, though, it sounds like things are a little
10408	 * different:
10409	 *
10410	 * - Linux, when presented with a LUN with the offline peripheral
10411	 *   qualifier, will create an sg driver instance for it.  So when
10412	 *   you attach it to CTL, you wind up with a ton of sg driver
10413	 *   instances.  (One for every LUN that Linux bothered to probe.)
10414	 *   Linux does this despite the fact that it issues a REPORT LUNs
10415	 *   to LUN 0 to get the inventory of supported LUNs.
10416	 *
10417	 * - There is other anecdotal evidence (from Emulex folks) about
10418	 *   arrays that use the offline peripheral qualifier for LUNs that
10419	 *   are on the "passive" path in an active/passive array.
10420	 *
10421	 * So the solution is provide a hopefully reasonable default
10422	 * (return bad/no LUN) and allow the user to change the behavior
10423	 * with a tunable/sysctl variable.
10424	 */
10425	if (lun != NULL)
10426		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10427				  lun->be_lun->lun_type;
10428	else if (ctl_softc->inquiry_pq_no_lun == 0)
10429		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10430	else
10431		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10432
10433	/* RMB in byte 2 is 0 */
10434	inq_ptr->version = SCSI_REV_SPC4;
10435
10436	/*
10437	 * According to SAM-3, even if a device only supports a single
10438	 * level of LUN addressing, it should still set the HISUP bit:
10439	 *
10440	 * 4.9.1 Logical unit numbers overview
10441	 *
10442	 * All logical unit number formats described in this standard are
10443	 * hierarchical in structure even when only a single level in that
10444	 * hierarchy is used. The HISUP bit shall be set to one in the
10445	 * standard INQUIRY data (see SPC-2) when any logical unit number
10446	 * format described in this standard is used.  Non-hierarchical
10447	 * formats are outside the scope of this standard.
10448	 *
10449	 * Therefore we set the HiSup bit here.
10450	 *
10451	 * The reponse format is 2, per SPC-3.
10452	 */
10453	inq_ptr->response_format = SID_HiSup | 2;
10454
10455	inq_ptr->additional_length = data_len -
10456	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10457	CTL_DEBUG_PRINT(("additional_length = %d\n",
10458			 inq_ptr->additional_length));
10459
10460	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10461	/* 16 bit addressing */
10462	if (port_type == CTL_PORT_SCSI)
10463		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10464	/* XXX set the SID_MultiP bit here if we're actually going to
10465	   respond on multiple ports */
10466	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10467
10468	/* 16 bit data bus, synchronous transfers */
10469	if (port_type == CTL_PORT_SCSI)
10470		inq_ptr->flags = SID_WBus16 | SID_Sync;
10471	/*
10472	 * XXX KDM do we want to support tagged queueing on the control
10473	 * device at all?
10474	 */
10475	if ((lun == NULL)
10476	 || (lun->be_lun->lun_type != T_PROCESSOR))
10477		inq_ptr->flags |= SID_CmdQue;
10478	/*
10479	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10480	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10481	 * name and 4 bytes for the revision.
10482	 */
10483	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10484	    "vendor")) == NULL) {
10485		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10486	} else {
10487		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10488		strncpy(inq_ptr->vendor, val,
10489		    min(sizeof(inq_ptr->vendor), strlen(val)));
10490	}
10491	if (lun == NULL) {
10492		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10493		    sizeof(inq_ptr->product));
10494	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10495		switch (lun->be_lun->lun_type) {
10496		case T_DIRECT:
10497			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10498			    sizeof(inq_ptr->product));
10499			break;
10500		case T_PROCESSOR:
10501			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10502			    sizeof(inq_ptr->product));
10503			break;
10504		default:
10505			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10506			    sizeof(inq_ptr->product));
10507			break;
10508		}
10509	} else {
10510		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10511		strncpy(inq_ptr->product, val,
10512		    min(sizeof(inq_ptr->product), strlen(val)));
10513	}
10514
10515	/*
10516	 * XXX make this a macro somewhere so it automatically gets
10517	 * incremented when we make changes.
10518	 */
10519	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10520	    "revision")) == NULL) {
10521		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10522	} else {
10523		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10524		strncpy(inq_ptr->revision, val,
10525		    min(sizeof(inq_ptr->revision), strlen(val)));
10526	}
10527
10528	/*
10529	 * For parallel SCSI, we support double transition and single
10530	 * transition clocking.  We also support QAS (Quick Arbitration
10531	 * and Selection) and Information Unit transfers on both the
10532	 * control and array devices.
10533	 */
10534	if (port_type == CTL_PORT_SCSI)
10535		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10536				    SID_SPI_IUS;
10537
10538	/* SAM-5 (no version claimed) */
10539	scsi_ulto2b(0x00A0, inq_ptr->version1);
10540	/* SPC-4 (no version claimed) */
10541	scsi_ulto2b(0x0460, inq_ptr->version2);
10542	if (port_type == CTL_PORT_FC) {
10543		/* FCP-2 ANSI INCITS.350:2003 */
10544		scsi_ulto2b(0x0917, inq_ptr->version3);
10545	} else if (port_type == CTL_PORT_SCSI) {
10546		/* SPI-4 ANSI INCITS.362:200x */
10547		scsi_ulto2b(0x0B56, inq_ptr->version3);
10548	} else if (port_type == CTL_PORT_ISCSI) {
10549		/* iSCSI (no version claimed) */
10550		scsi_ulto2b(0x0960, inq_ptr->version3);
10551	} else if (port_type == CTL_PORT_SAS) {
10552		/* SAS (no version claimed) */
10553		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10554	}
10555
10556	if (lun == NULL) {
10557		/* SBC-4 (no version claimed) */
10558		scsi_ulto2b(0x0600, inq_ptr->version4);
10559	} else {
10560		switch (lun->be_lun->lun_type) {
10561		case T_DIRECT:
10562			/* SBC-4 (no version claimed) */
10563			scsi_ulto2b(0x0600, inq_ptr->version4);
10564			break;
10565		case T_PROCESSOR:
10566		default:
10567			break;
10568		}
10569	}
10570
10571	ctsio->scsi_status = SCSI_STATUS_OK;
10572	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10573	ctsio->be_move_done = ctl_config_move_done;
10574	ctl_datamove((union ctl_io *)ctsio);
10575	return (CTL_RETVAL_COMPLETE);
10576}
10577
10578int
10579ctl_inquiry(struct ctl_scsiio *ctsio)
10580{
10581	struct scsi_inquiry *cdb;
10582	int retval;
10583
10584	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10585
10586	cdb = (struct scsi_inquiry *)ctsio->cdb;
10587	if (cdb->byte2 & SI_EVPD)
10588		retval = ctl_inquiry_evpd(ctsio);
10589	else if (cdb->page_code == 0)
10590		retval = ctl_inquiry_std(ctsio);
10591	else {
10592		ctl_set_invalid_field(ctsio,
10593				      /*sks_valid*/ 1,
10594				      /*command*/ 1,
10595				      /*field*/ 2,
10596				      /*bit_valid*/ 0,
10597				      /*bit*/ 0);
10598		ctl_done((union ctl_io *)ctsio);
10599		return (CTL_RETVAL_COMPLETE);
10600	}
10601
10602	return (retval);
10603}
10604
10605/*
10606 * For known CDB types, parse the LBA and length.
10607 */
10608static int
10609ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10610{
10611	if (io->io_hdr.io_type != CTL_IO_SCSI)
10612		return (1);
10613
10614	switch (io->scsiio.cdb[0]) {
10615	case COMPARE_AND_WRITE: {
10616		struct scsi_compare_and_write *cdb;
10617
10618		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10619
10620		*lba = scsi_8btou64(cdb->addr);
10621		*len = cdb->length;
10622		break;
10623	}
10624	case READ_6:
10625	case WRITE_6: {
10626		struct scsi_rw_6 *cdb;
10627
10628		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10629
10630		*lba = scsi_3btoul(cdb->addr);
10631		/* only 5 bits are valid in the most significant address byte */
10632		*lba &= 0x1fffff;
10633		*len = cdb->length;
10634		break;
10635	}
10636	case READ_10:
10637	case WRITE_10: {
10638		struct scsi_rw_10 *cdb;
10639
10640		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10641
10642		*lba = scsi_4btoul(cdb->addr);
10643		*len = scsi_2btoul(cdb->length);
10644		break;
10645	}
10646	case WRITE_VERIFY_10: {
10647		struct scsi_write_verify_10 *cdb;
10648
10649		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10650
10651		*lba = scsi_4btoul(cdb->addr);
10652		*len = scsi_2btoul(cdb->length);
10653		break;
10654	}
10655	case READ_12:
10656	case WRITE_12: {
10657		struct scsi_rw_12 *cdb;
10658
10659		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10660
10661		*lba = scsi_4btoul(cdb->addr);
10662		*len = scsi_4btoul(cdb->length);
10663		break;
10664	}
10665	case WRITE_VERIFY_12: {
10666		struct scsi_write_verify_12 *cdb;
10667
10668		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10669
10670		*lba = scsi_4btoul(cdb->addr);
10671		*len = scsi_4btoul(cdb->length);
10672		break;
10673	}
10674	case READ_16:
10675	case WRITE_16:
10676	case WRITE_ATOMIC_16: {
10677		struct scsi_rw_16 *cdb;
10678
10679		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10680
10681		*lba = scsi_8btou64(cdb->addr);
10682		*len = scsi_4btoul(cdb->length);
10683		break;
10684	}
10685	case WRITE_VERIFY_16: {
10686		struct scsi_write_verify_16 *cdb;
10687
10688		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10689
10690		*lba = scsi_8btou64(cdb->addr);
10691		*len = scsi_4btoul(cdb->length);
10692		break;
10693	}
10694	case WRITE_SAME_10: {
10695		struct scsi_write_same_10 *cdb;
10696
10697		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10698
10699		*lba = scsi_4btoul(cdb->addr);
10700		*len = scsi_2btoul(cdb->length);
10701		break;
10702	}
10703	case WRITE_SAME_16: {
10704		struct scsi_write_same_16 *cdb;
10705
10706		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10707
10708		*lba = scsi_8btou64(cdb->addr);
10709		*len = scsi_4btoul(cdb->length);
10710		break;
10711	}
10712	case VERIFY_10: {
10713		struct scsi_verify_10 *cdb;
10714
10715		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10716
10717		*lba = scsi_4btoul(cdb->addr);
10718		*len = scsi_2btoul(cdb->length);
10719		break;
10720	}
10721	case VERIFY_12: {
10722		struct scsi_verify_12 *cdb;
10723
10724		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10725
10726		*lba = scsi_4btoul(cdb->addr);
10727		*len = scsi_4btoul(cdb->length);
10728		break;
10729	}
10730	case VERIFY_16: {
10731		struct scsi_verify_16 *cdb;
10732
10733		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10734
10735		*lba = scsi_8btou64(cdb->addr);
10736		*len = scsi_4btoul(cdb->length);
10737		break;
10738	}
10739	case UNMAP: {
10740		*lba = 0;
10741		*len = UINT64_MAX;
10742		break;
10743	}
10744	default:
10745		return (1);
10746		break; /* NOTREACHED */
10747	}
10748
10749	return (0);
10750}
10751
10752static ctl_action
10753ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2)
10754{
10755	uint64_t endlba1, endlba2;
10756
10757	endlba1 = lba1 + len1 - 1;
10758	endlba2 = lba2 + len2 - 1;
10759
10760	if ((endlba1 < lba2)
10761	 || (endlba2 < lba1))
10762		return (CTL_ACTION_PASS);
10763	else
10764		return (CTL_ACTION_BLOCK);
10765}
10766
10767static int
10768ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10769{
10770	struct ctl_ptr_len_flags *ptrlen;
10771	struct scsi_unmap_desc *buf, *end, *range;
10772	uint64_t lba;
10773	uint32_t len;
10774
10775	/* If not UNMAP -- go other way. */
10776	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10777	    io->scsiio.cdb[0] != UNMAP)
10778		return (CTL_ACTION_ERROR);
10779
10780	/* If UNMAP without data -- block and wait for data. */
10781	ptrlen = (struct ctl_ptr_len_flags *)
10782	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10783	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10784	    ptrlen->ptr == NULL)
10785		return (CTL_ACTION_BLOCK);
10786
10787	/* UNMAP with data -- check for collision. */
10788	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10789	end = buf + ptrlen->len / sizeof(*buf);
10790	for (range = buf; range < end; range++) {
10791		lba = scsi_8btou64(range->lba);
10792		len = scsi_4btoul(range->length);
10793		if ((lba < lba2 + len2) && (lba + len > lba2))
10794			return (CTL_ACTION_BLOCK);
10795	}
10796	return (CTL_ACTION_PASS);
10797}
10798
10799static ctl_action
10800ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
10801{
10802	uint64_t lba1, lba2;
10803	uint64_t len1, len2;
10804	int retval;
10805
10806	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10807		return (CTL_ACTION_ERROR);
10808
10809	retval = ctl_extent_check_unmap(io2, lba1, len1);
10810	if (retval != CTL_ACTION_ERROR)
10811		return (retval);
10812
10813	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10814		return (CTL_ACTION_ERROR);
10815
10816	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
10817}
10818
10819static ctl_action
10820ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10821    union ctl_io *ooa_io)
10822{
10823	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10824	ctl_serialize_action *serialize_row;
10825
10826	/*
10827	 * The initiator attempted multiple untagged commands at the same
10828	 * time.  Can't do that.
10829	 */
10830	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10831	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10832	 && ((pending_io->io_hdr.nexus.targ_port ==
10833	      ooa_io->io_hdr.nexus.targ_port)
10834	  && (pending_io->io_hdr.nexus.initid.id ==
10835	      ooa_io->io_hdr.nexus.initid.id))
10836	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10837		return (CTL_ACTION_OVERLAP);
10838
10839	/*
10840	 * The initiator attempted to send multiple tagged commands with
10841	 * the same ID.  (It's fine if different initiators have the same
10842	 * tag ID.)
10843	 *
10844	 * Even if all of those conditions are true, we don't kill the I/O
10845	 * if the command ahead of us has been aborted.  We won't end up
10846	 * sending it to the FETD, and it's perfectly legal to resend a
10847	 * command with the same tag number as long as the previous
10848	 * instance of this tag number has been aborted somehow.
10849	 */
10850	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10851	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10852	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10853	 && ((pending_io->io_hdr.nexus.targ_port ==
10854	      ooa_io->io_hdr.nexus.targ_port)
10855	  && (pending_io->io_hdr.nexus.initid.id ==
10856	      ooa_io->io_hdr.nexus.initid.id))
10857	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10858		return (CTL_ACTION_OVERLAP_TAG);
10859
10860	/*
10861	 * If we get a head of queue tag, SAM-3 says that we should
10862	 * immediately execute it.
10863	 *
10864	 * What happens if this command would normally block for some other
10865	 * reason?  e.g. a request sense with a head of queue tag
10866	 * immediately after a write.  Normally that would block, but this
10867	 * will result in its getting executed immediately...
10868	 *
10869	 * We currently return "pass" instead of "skip", so we'll end up
10870	 * going through the rest of the queue to check for overlapped tags.
10871	 *
10872	 * XXX KDM check for other types of blockage first??
10873	 */
10874	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10875		return (CTL_ACTION_PASS);
10876
10877	/*
10878	 * Ordered tags have to block until all items ahead of them
10879	 * have completed.  If we get called with an ordered tag, we always
10880	 * block, if something else is ahead of us in the queue.
10881	 */
10882	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10883		return (CTL_ACTION_BLOCK);
10884
10885	/*
10886	 * Simple tags get blocked until all head of queue and ordered tags
10887	 * ahead of them have completed.  I'm lumping untagged commands in
10888	 * with simple tags here.  XXX KDM is that the right thing to do?
10889	 */
10890	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10891	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10892	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10893	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10894		return (CTL_ACTION_BLOCK);
10895
10896	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10897	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10898
10899	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10900
10901	switch (serialize_row[pending_entry->seridx]) {
10902	case CTL_SER_BLOCK:
10903		return (CTL_ACTION_BLOCK);
10904	case CTL_SER_EXTENT:
10905		return (ctl_extent_check(pending_io, ooa_io));
10906	case CTL_SER_EXTENTOPT:
10907		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10908		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10909			return (ctl_extent_check(pending_io, ooa_io));
10910		/* FALLTHROUGH */
10911	case CTL_SER_PASS:
10912		return (CTL_ACTION_PASS);
10913	case CTL_SER_BLOCKOPT:
10914		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10915		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10916			return (CTL_ACTION_BLOCK);
10917		return (CTL_ACTION_PASS);
10918	case CTL_SER_SKIP:
10919		return (CTL_ACTION_SKIP);
10920	default:
10921		panic("invalid serialization value %d",
10922		      serialize_row[pending_entry->seridx]);
10923	}
10924
10925	return (CTL_ACTION_ERROR);
10926}
10927
10928/*
10929 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10930 * Assumptions:
10931 * - pending_io is generally either incoming, or on the blocked queue
10932 * - starting I/O is the I/O we want to start the check with.
10933 */
10934static ctl_action
10935ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10936	      union ctl_io *starting_io)
10937{
10938	union ctl_io *ooa_io;
10939	ctl_action action;
10940
10941	mtx_assert(&lun->lun_lock, MA_OWNED);
10942
10943	/*
10944	 * Run back along the OOA queue, starting with the current
10945	 * blocked I/O and going through every I/O before it on the
10946	 * queue.  If starting_io is NULL, we'll just end up returning
10947	 * CTL_ACTION_PASS.
10948	 */
10949	for (ooa_io = starting_io; ooa_io != NULL;
10950	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10951	     ooa_links)){
10952
10953		/*
10954		 * This routine just checks to see whether
10955		 * cur_blocked is blocked by ooa_io, which is ahead
10956		 * of it in the queue.  It doesn't queue/dequeue
10957		 * cur_blocked.
10958		 */
10959		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10960		switch (action) {
10961		case CTL_ACTION_BLOCK:
10962		case CTL_ACTION_OVERLAP:
10963		case CTL_ACTION_OVERLAP_TAG:
10964		case CTL_ACTION_SKIP:
10965		case CTL_ACTION_ERROR:
10966			return (action);
10967			break; /* NOTREACHED */
10968		case CTL_ACTION_PASS:
10969			break;
10970		default:
10971			panic("invalid action %d", action);
10972			break;  /* NOTREACHED */
10973		}
10974	}
10975
10976	return (CTL_ACTION_PASS);
10977}
10978
10979/*
10980 * Assumptions:
10981 * - An I/O has just completed, and has been removed from the per-LUN OOA
10982 *   queue, so some items on the blocked queue may now be unblocked.
10983 */
10984static int
10985ctl_check_blocked(struct ctl_lun *lun)
10986{
10987	union ctl_io *cur_blocked, *next_blocked;
10988
10989	mtx_assert(&lun->lun_lock, MA_OWNED);
10990
10991	/*
10992	 * Run forward from the head of the blocked queue, checking each
10993	 * entry against the I/Os prior to it on the OOA queue to see if
10994	 * there is still any blockage.
10995	 *
10996	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10997	 * with our removing a variable on it while it is traversing the
10998	 * list.
10999	 */
11000	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11001	     cur_blocked != NULL; cur_blocked = next_blocked) {
11002		union ctl_io *prev_ooa;
11003		ctl_action action;
11004
11005		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11006							  blocked_links);
11007
11008		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11009						      ctl_ooaq, ooa_links);
11010
11011		/*
11012		 * If cur_blocked happens to be the first item in the OOA
11013		 * queue now, prev_ooa will be NULL, and the action
11014		 * returned will just be CTL_ACTION_PASS.
11015		 */
11016		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11017
11018		switch (action) {
11019		case CTL_ACTION_BLOCK:
11020			/* Nothing to do here, still blocked */
11021			break;
11022		case CTL_ACTION_OVERLAP:
11023		case CTL_ACTION_OVERLAP_TAG:
11024			/*
11025			 * This shouldn't happen!  In theory we've already
11026			 * checked this command for overlap...
11027			 */
11028			break;
11029		case CTL_ACTION_PASS:
11030		case CTL_ACTION_SKIP: {
11031			struct ctl_softc *softc;
11032			const struct ctl_cmd_entry *entry;
11033			uint32_t initidx;
11034			int isc_retval;
11035
11036			/*
11037			 * The skip case shouldn't happen, this transaction
11038			 * should have never made it onto the blocked queue.
11039			 */
11040			/*
11041			 * This I/O is no longer blocked, we can remove it
11042			 * from the blocked queue.  Since this is a TAILQ
11043			 * (doubly linked list), we can do O(1) removals
11044			 * from any place on the list.
11045			 */
11046			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11047				     blocked_links);
11048			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11049
11050			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
11051				/*
11052				 * Need to send IO back to original side to
11053				 * run
11054				 */
11055				union ctl_ha_msg msg_info;
11056
11057				msg_info.hdr.original_sc =
11058					cur_blocked->io_hdr.original_sc;
11059				msg_info.hdr.serializing_sc = cur_blocked;
11060				msg_info.hdr.msg_type = CTL_MSG_R2R;
11061				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11062				     &msg_info, sizeof(msg_info), 0)) >
11063				     CTL_HA_STATUS_SUCCESS) {
11064					printf("CTL:Check Blocked error from "
11065					       "ctl_ha_msg_send %d\n",
11066					       isc_retval);
11067				}
11068				break;
11069			}
11070			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11071			softc = control_softc;
11072
11073			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
11074
11075			/*
11076			 * Check this I/O for LUN state changes that may
11077			 * have happened while this command was blocked.
11078			 * The LUN state may have been changed by a command
11079			 * ahead of us in the queue, so we need to re-check
11080			 * for any states that can be caused by SCSI
11081			 * commands.
11082			 */
11083			if (ctl_scsiio_lun_check(softc, lun, entry,
11084						 &cur_blocked->scsiio) == 0) {
11085				cur_blocked->io_hdr.flags |=
11086				                      CTL_FLAG_IS_WAS_ON_RTR;
11087				ctl_enqueue_rtr(cur_blocked);
11088			} else
11089				ctl_done(cur_blocked);
11090			break;
11091		}
11092		default:
11093			/*
11094			 * This probably shouldn't happen -- we shouldn't
11095			 * get CTL_ACTION_ERROR, or anything else.
11096			 */
11097			break;
11098		}
11099	}
11100
11101	return (CTL_RETVAL_COMPLETE);
11102}
11103
11104/*
11105 * This routine (with one exception) checks LUN flags that can be set by
11106 * commands ahead of us in the OOA queue.  These flags have to be checked
11107 * when a command initially comes in, and when we pull a command off the
11108 * blocked queue and are preparing to execute it.  The reason we have to
11109 * check these flags for commands on the blocked queue is that the LUN
11110 * state may have been changed by a command ahead of us while we're on the
11111 * blocked queue.
11112 *
11113 * Ordering is somewhat important with these checks, so please pay
11114 * careful attention to the placement of any new checks.
11115 */
11116static int
11117ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
11118    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11119{
11120	int retval;
11121	uint32_t residx;
11122
11123	retval = 0;
11124
11125	mtx_assert(&lun->lun_lock, MA_OWNED);
11126
11127	/*
11128	 * If this shelf is a secondary shelf controller, we have to reject
11129	 * any media access commands.
11130	 */
11131#if 0
11132	/* No longer needed for HA */
11133	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
11134	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
11135		ctl_set_lun_standby(ctsio);
11136		retval = 1;
11137		goto bailout;
11138	}
11139#endif
11140
11141	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11142		if (lun->flags & CTL_LUN_READONLY) {
11143			ctl_set_sense(ctsio, /*current_error*/ 1,
11144			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11145			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
11146			retval = 1;
11147			goto bailout;
11148		}
11149		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11150		    .eca_and_aen & SCP_SWP) != 0) {
11151			ctl_set_sense(ctsio, /*current_error*/ 1,
11152			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11153			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11154			retval = 1;
11155			goto bailout;
11156		}
11157	}
11158
11159	/*
11160	 * Check for a reservation conflict.  If this command isn't allowed
11161	 * even on reserved LUNs, and if this initiator isn't the one who
11162	 * reserved us, reject the command with a reservation conflict.
11163	 */
11164	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
11165	if ((lun->flags & CTL_LUN_RESERVED)
11166	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11167		if (lun->res_idx != residx) {
11168			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
11169			ctsio->io_hdr.status = CTL_SCSI_ERROR;
11170			retval = 1;
11171			goto bailout;
11172		}
11173	}
11174
11175	if ((lun->flags & CTL_LUN_PR_RESERVED)
11176	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV) == 0)) {
11177		/*
11178		 * if we aren't registered or it's a res holder type
11179		 * reservation and this isn't the res holder then set a
11180		 * conflict.
11181		 * NOTE: Commands which might be allowed on write exclusive
11182		 * type reservations are checked in the particular command
11183		 * for a conflict. Read and SSU are the only ones.
11184		 */
11185		if (lun->pr_keys[residx] == 0
11186		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11187			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
11188			ctsio->io_hdr.status = CTL_SCSI_ERROR;
11189			retval = 1;
11190			goto bailout;
11191		}
11192
11193	}
11194
11195	if ((lun->flags & CTL_LUN_OFFLINE)
11196	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
11197		ctl_set_lun_not_ready(ctsio);
11198		retval = 1;
11199		goto bailout;
11200	}
11201
11202	/*
11203	 * If the LUN is stopped, see if this particular command is allowed
11204	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
11205	 */
11206	if ((lun->flags & CTL_LUN_STOPPED)
11207	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11208		/* "Logical unit not ready, initializing cmd. required" */
11209		ctl_set_lun_stopped(ctsio);
11210		retval = 1;
11211		goto bailout;
11212	}
11213
11214	if ((lun->flags & CTL_LUN_INOPERABLE)
11215	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11216		/* "Medium format corrupted" */
11217		ctl_set_medium_format_corrupted(ctsio);
11218		retval = 1;
11219		goto bailout;
11220	}
11221
11222bailout:
11223	return (retval);
11224
11225}
11226
11227static void
11228ctl_failover_io(union ctl_io *io, int have_lock)
11229{
11230	ctl_set_busy(&io->scsiio);
11231	ctl_done(io);
11232}
11233
11234static void
11235ctl_failover(void)
11236{
11237	struct ctl_lun *lun;
11238	struct ctl_softc *ctl_softc;
11239	union ctl_io *next_io, *pending_io;
11240	union ctl_io *io;
11241	int lun_idx;
11242	int i;
11243
11244	ctl_softc = control_softc;
11245
11246	mtx_lock(&ctl_softc->ctl_lock);
11247	/*
11248	 * Remove any cmds from the other SC from the rtr queue.  These
11249	 * will obviously only be for LUNs for which we're the primary.
11250	 * We can't send status or get/send data for these commands.
11251	 * Since they haven't been executed yet, we can just remove them.
11252	 * We'll either abort them or delete them below, depending on
11253	 * which HA mode we're in.
11254	 */
11255#ifdef notyet
11256	mtx_lock(&ctl_softc->queue_lock);
11257	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
11258	     io != NULL; io = next_io) {
11259		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
11260		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11261			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
11262				      ctl_io_hdr, links);
11263	}
11264	mtx_unlock(&ctl_softc->queue_lock);
11265#endif
11266
11267	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
11268		lun = ctl_softc->ctl_luns[lun_idx];
11269		if (lun==NULL)
11270			continue;
11271
11272		/*
11273		 * Processor LUNs are primary on both sides.
11274		 * XXX will this always be true?
11275		 */
11276		if (lun->be_lun->lun_type == T_PROCESSOR)
11277			continue;
11278
11279		if ((lun->flags & CTL_LUN_PRIMARY_SC)
11280		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11281			printf("FAILOVER: primary lun %d\n", lun_idx);
11282		        /*
11283			 * Remove all commands from the other SC. First from the
11284			 * blocked queue then from the ooa queue. Once we have
11285			 * removed them. Call ctl_check_blocked to see if there
11286			 * is anything that can run.
11287			 */
11288			for (io = (union ctl_io *)TAILQ_FIRST(
11289			     &lun->blocked_queue); io != NULL; io = next_io) {
11290
11291		        	next_io = (union ctl_io *)TAILQ_NEXT(
11292				    &io->io_hdr, blocked_links);
11293
11294				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11295					TAILQ_REMOVE(&lun->blocked_queue,
11296						     &io->io_hdr,blocked_links);
11297					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11298					TAILQ_REMOVE(&lun->ooa_queue,
11299						     &io->io_hdr, ooa_links);
11300
11301					ctl_free_io(io);
11302				}
11303			}
11304
11305			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11306	     		     io != NULL; io = next_io) {
11307
11308		        	next_io = (union ctl_io *)TAILQ_NEXT(
11309				    &io->io_hdr, ooa_links);
11310
11311				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11312
11313					TAILQ_REMOVE(&lun->ooa_queue,
11314						&io->io_hdr,
11315					     	ooa_links);
11316
11317					ctl_free_io(io);
11318				}
11319			}
11320			ctl_check_blocked(lun);
11321		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
11322			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11323
11324			printf("FAILOVER: primary lun %d\n", lun_idx);
11325			/*
11326			 * Abort all commands from the other SC.  We can't
11327			 * send status back for them now.  These should get
11328			 * cleaned up when they are completed or come out
11329			 * for a datamove operation.
11330			 */
11331			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11332	     		     io != NULL; io = next_io) {
11333		        	next_io = (union ctl_io *)TAILQ_NEXT(
11334					&io->io_hdr, ooa_links);
11335
11336				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11337					io->io_hdr.flags |= CTL_FLAG_ABORT;
11338			}
11339		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11340			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11341
11342			printf("FAILOVER: secondary lun %d\n", lun_idx);
11343
11344			lun->flags |= CTL_LUN_PRIMARY_SC;
11345
11346			/*
11347			 * We send all I/O that was sent to this controller
11348			 * and redirected to the other side back with
11349			 * busy status, and have the initiator retry it.
11350			 * Figuring out how much data has been transferred,
11351			 * etc. and picking up where we left off would be
11352			 * very tricky.
11353			 *
11354			 * XXX KDM need to remove I/O from the blocked
11355			 * queue as well!
11356			 */
11357			for (pending_io = (union ctl_io *)TAILQ_FIRST(
11358			     &lun->ooa_queue); pending_io != NULL;
11359			     pending_io = next_io) {
11360
11361				next_io =  (union ctl_io *)TAILQ_NEXT(
11362					&pending_io->io_hdr, ooa_links);
11363
11364				pending_io->io_hdr.flags &=
11365					~CTL_FLAG_SENT_2OTHER_SC;
11366
11367				if (pending_io->io_hdr.flags &
11368				    CTL_FLAG_IO_ACTIVE) {
11369					pending_io->io_hdr.flags |=
11370						CTL_FLAG_FAILOVER;
11371				} else {
11372					ctl_set_busy(&pending_io->scsiio);
11373					ctl_done(pending_io);
11374				}
11375			}
11376
11377			/*
11378			 * Build Unit Attention
11379			 */
11380			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11381				lun->pending_ua[i] |=
11382				                     CTL_UA_ASYM_ACC_CHANGE;
11383			}
11384		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11385			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11386			printf("FAILOVER: secondary lun %d\n", lun_idx);
11387			/*
11388			 * if the first io on the OOA is not on the RtR queue
11389			 * add it.
11390			 */
11391			lun->flags |= CTL_LUN_PRIMARY_SC;
11392
11393			pending_io = (union ctl_io *)TAILQ_FIRST(
11394			    &lun->ooa_queue);
11395			if (pending_io==NULL) {
11396				printf("Nothing on OOA queue\n");
11397				continue;
11398			}
11399
11400			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11401			if ((pending_io->io_hdr.flags &
11402			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11403				pending_io->io_hdr.flags |=
11404				    CTL_FLAG_IS_WAS_ON_RTR;
11405				ctl_enqueue_rtr(pending_io);
11406			}
11407#if 0
11408			else
11409			{
11410				printf("Tag 0x%04x is running\n",
11411				      pending_io->scsiio.tag_num);
11412			}
11413#endif
11414
11415			next_io = (union ctl_io *)TAILQ_NEXT(
11416			    &pending_io->io_hdr, ooa_links);
11417			for (pending_io=next_io; pending_io != NULL;
11418			     pending_io = next_io) {
11419				pending_io->io_hdr.flags &=
11420				    ~CTL_FLAG_SENT_2OTHER_SC;
11421				next_io = (union ctl_io *)TAILQ_NEXT(
11422					&pending_io->io_hdr, ooa_links);
11423				if (pending_io->io_hdr.flags &
11424				    CTL_FLAG_IS_WAS_ON_RTR) {
11425#if 0
11426				        printf("Tag 0x%04x is running\n",
11427				      		pending_io->scsiio.tag_num);
11428#endif
11429					continue;
11430				}
11431
11432				switch (ctl_check_ooa(lun, pending_io,
11433			            (union ctl_io *)TAILQ_PREV(
11434				    &pending_io->io_hdr, ctl_ooaq,
11435				    ooa_links))) {
11436
11437				case CTL_ACTION_BLOCK:
11438					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11439							  &pending_io->io_hdr,
11440							  blocked_links);
11441					pending_io->io_hdr.flags |=
11442					    CTL_FLAG_BLOCKED;
11443					break;
11444				case CTL_ACTION_PASS:
11445				case CTL_ACTION_SKIP:
11446					pending_io->io_hdr.flags |=
11447					    CTL_FLAG_IS_WAS_ON_RTR;
11448					ctl_enqueue_rtr(pending_io);
11449					break;
11450				case CTL_ACTION_OVERLAP:
11451					ctl_set_overlapped_cmd(
11452					    (struct ctl_scsiio *)pending_io);
11453					ctl_done(pending_io);
11454					break;
11455				case CTL_ACTION_OVERLAP_TAG:
11456					ctl_set_overlapped_tag(
11457					    (struct ctl_scsiio *)pending_io,
11458					    pending_io->scsiio.tag_num & 0xff);
11459					ctl_done(pending_io);
11460					break;
11461				case CTL_ACTION_ERROR:
11462				default:
11463					ctl_set_internal_failure(
11464						(struct ctl_scsiio *)pending_io,
11465						0,  // sks_valid
11466						0); //retry count
11467					ctl_done(pending_io);
11468					break;
11469				}
11470			}
11471
11472			/*
11473			 * Build Unit Attention
11474			 */
11475			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11476				lun->pending_ua[i] |=
11477				                     CTL_UA_ASYM_ACC_CHANGE;
11478			}
11479		} else {
11480			panic("Unhandled HA mode failover, LUN flags = %#x, "
11481			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
11482		}
11483	}
11484	ctl_pause_rtr = 0;
11485	mtx_unlock(&ctl_softc->ctl_lock);
11486}
11487
11488static int
11489ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
11490{
11491	struct ctl_lun *lun;
11492	const struct ctl_cmd_entry *entry;
11493	uint32_t initidx, targ_lun;
11494	int retval;
11495
11496	retval = 0;
11497
11498	lun = NULL;
11499
11500	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11501	if ((targ_lun < CTL_MAX_LUNS)
11502	 && (ctl_softc->ctl_luns[targ_lun] != NULL)) {
11503		lun = ctl_softc->ctl_luns[targ_lun];
11504		/*
11505		 * If the LUN is invalid, pretend that it doesn't exist.
11506		 * It will go away as soon as all pending I/O has been
11507		 * completed.
11508		 */
11509		if (lun->flags & CTL_LUN_DISABLED) {
11510			lun = NULL;
11511		} else {
11512			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11513			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11514				lun->be_lun;
11515			if (lun->be_lun->lun_type == T_PROCESSOR) {
11516				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11517			}
11518
11519			/*
11520			 * Every I/O goes into the OOA queue for a
11521			 * particular LUN, and stays there until completion.
11522			 */
11523			mtx_lock(&lun->lun_lock);
11524			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11525			    ooa_links);
11526		}
11527	} else {
11528		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11529		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11530	}
11531
11532	/* Get command entry and return error if it is unsuppotyed. */
11533	entry = ctl_validate_command(ctsio);
11534	if (entry == NULL) {
11535		if (lun)
11536			mtx_unlock(&lun->lun_lock);
11537		return (retval);
11538	}
11539
11540	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11541	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11542
11543	/*
11544	 * Check to see whether we can send this command to LUNs that don't
11545	 * exist.  This should pretty much only be the case for inquiry
11546	 * and request sense.  Further checks, below, really require having
11547	 * a LUN, so we can't really check the command anymore.  Just put
11548	 * it on the rtr queue.
11549	 */
11550	if (lun == NULL) {
11551		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11552			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11553			ctl_enqueue_rtr((union ctl_io *)ctsio);
11554			return (retval);
11555		}
11556
11557		ctl_set_unsupported_lun(ctsio);
11558		ctl_done((union ctl_io *)ctsio);
11559		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11560		return (retval);
11561	} else {
11562		/*
11563		 * Make sure we support this particular command on this LUN.
11564		 * e.g., we don't support writes to the control LUN.
11565		 */
11566		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11567			mtx_unlock(&lun->lun_lock);
11568			ctl_set_invalid_opcode(ctsio);
11569			ctl_done((union ctl_io *)ctsio);
11570			return (retval);
11571		}
11572	}
11573
11574	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11575
11576#ifdef CTL_WITH_CA
11577	/*
11578	 * If we've got a request sense, it'll clear the contingent
11579	 * allegiance condition.  Otherwise, if we have a CA condition for
11580	 * this initiator, clear it, because it sent down a command other
11581	 * than request sense.
11582	 */
11583	if ((ctsio->cdb[0] != REQUEST_SENSE)
11584	 && (ctl_is_set(lun->have_ca, initidx)))
11585		ctl_clear_mask(lun->have_ca, initidx);
11586#endif
11587
11588	/*
11589	 * If the command has this flag set, it handles its own unit
11590	 * attention reporting, we shouldn't do anything.  Otherwise we
11591	 * check for any pending unit attentions, and send them back to the
11592	 * initiator.  We only do this when a command initially comes in,
11593	 * not when we pull it off the blocked queue.
11594	 *
11595	 * According to SAM-3, section 5.3.2, the order that things get
11596	 * presented back to the host is basically unit attentions caused
11597	 * by some sort of reset event, busy status, reservation conflicts
11598	 * or task set full, and finally any other status.
11599	 *
11600	 * One issue here is that some of the unit attentions we report
11601	 * don't fall into the "reset" category (e.g. "reported luns data
11602	 * has changed").  So reporting it here, before the reservation
11603	 * check, may be technically wrong.  I guess the only thing to do
11604	 * would be to check for and report the reset events here, and then
11605	 * check for the other unit attention types after we check for a
11606	 * reservation conflict.
11607	 *
11608	 * XXX KDM need to fix this
11609	 */
11610	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11611		ctl_ua_type ua_type;
11612
11613		if (lun->pending_ua[initidx] != CTL_UA_NONE) {
11614			scsi_sense_data_type sense_format;
11615
11616			if (lun != NULL)
11617				sense_format = (lun->flags &
11618				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
11619				    SSD_TYPE_FIXED;
11620			else
11621				sense_format = SSD_TYPE_FIXED;
11622
11623			ua_type = ctl_build_ua(&lun->pending_ua[initidx],
11624			    &ctsio->sense_data, sense_format);
11625			if (ua_type != CTL_UA_NONE) {
11626				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11627				ctsio->io_hdr.status = CTL_SCSI_ERROR |
11628						       CTL_AUTOSENSE;
11629				ctsio->sense_len = SSD_FULL_SIZE;
11630				mtx_unlock(&lun->lun_lock);
11631				ctl_done((union ctl_io *)ctsio);
11632				return (retval);
11633			}
11634		}
11635	}
11636
11637
11638	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
11639		mtx_unlock(&lun->lun_lock);
11640		ctl_done((union ctl_io *)ctsio);
11641		return (retval);
11642	}
11643
11644	/*
11645	 * XXX CHD this is where we want to send IO to other side if
11646	 * this LUN is secondary on this SC. We will need to make a copy
11647	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11648	 * the copy we send as FROM_OTHER.
11649	 * We also need to stuff the address of the original IO so we can
11650	 * find it easily. Something similar will need be done on the other
11651	 * side so when we are done we can find the copy.
11652	 */
11653	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11654		union ctl_ha_msg msg_info;
11655		int isc_retval;
11656
11657		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11658
11659		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11660		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11661#if 0
11662		printf("1. ctsio %p\n", ctsio);
11663#endif
11664		msg_info.hdr.serializing_sc = NULL;
11665		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11666		msg_info.scsi.tag_num = ctsio->tag_num;
11667		msg_info.scsi.tag_type = ctsio->tag_type;
11668		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11669
11670		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11671
11672		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11673		    (void *)&msg_info, sizeof(msg_info), 0)) >
11674		    CTL_HA_STATUS_SUCCESS) {
11675			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11676			       isc_retval);
11677			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11678		} else {
11679#if 0
11680			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11681#endif
11682		}
11683
11684		/*
11685		 * XXX KDM this I/O is off the incoming queue, but hasn't
11686		 * been inserted on any other queue.  We may need to come
11687		 * up with a holding queue while we wait for serialization
11688		 * so that we have an idea of what we're waiting for from
11689		 * the other side.
11690		 */
11691		mtx_unlock(&lun->lun_lock);
11692		return (retval);
11693	}
11694
11695	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11696			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11697			      ctl_ooaq, ooa_links))) {
11698	case CTL_ACTION_BLOCK:
11699		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11700		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11701				  blocked_links);
11702		mtx_unlock(&lun->lun_lock);
11703		return (retval);
11704	case CTL_ACTION_PASS:
11705	case CTL_ACTION_SKIP:
11706		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11707		mtx_unlock(&lun->lun_lock);
11708		ctl_enqueue_rtr((union ctl_io *)ctsio);
11709		break;
11710	case CTL_ACTION_OVERLAP:
11711		mtx_unlock(&lun->lun_lock);
11712		ctl_set_overlapped_cmd(ctsio);
11713		ctl_done((union ctl_io *)ctsio);
11714		break;
11715	case CTL_ACTION_OVERLAP_TAG:
11716		mtx_unlock(&lun->lun_lock);
11717		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11718		ctl_done((union ctl_io *)ctsio);
11719		break;
11720	case CTL_ACTION_ERROR:
11721	default:
11722		mtx_unlock(&lun->lun_lock);
11723		ctl_set_internal_failure(ctsio,
11724					 /*sks_valid*/ 0,
11725					 /*retry_count*/ 0);
11726		ctl_done((union ctl_io *)ctsio);
11727		break;
11728	}
11729	return (retval);
11730}
11731
11732const struct ctl_cmd_entry *
11733ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11734{
11735	const struct ctl_cmd_entry *entry;
11736	int service_action;
11737
11738	entry = &ctl_cmd_table[ctsio->cdb[0]];
11739	if (sa)
11740		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11741	if (entry->flags & CTL_CMD_FLAG_SA5) {
11742		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11743		entry = &((const struct ctl_cmd_entry *)
11744		    entry->execute)[service_action];
11745	}
11746	return (entry);
11747}
11748
11749const struct ctl_cmd_entry *
11750ctl_validate_command(struct ctl_scsiio *ctsio)
11751{
11752	const struct ctl_cmd_entry *entry;
11753	int i, sa;
11754	uint8_t diff;
11755
11756	entry = ctl_get_cmd_entry(ctsio, &sa);
11757	if (entry->execute == NULL) {
11758		if (sa)
11759			ctl_set_invalid_field(ctsio,
11760					      /*sks_valid*/ 1,
11761					      /*command*/ 1,
11762					      /*field*/ 1,
11763					      /*bit_valid*/ 1,
11764					      /*bit*/ 4);
11765		else
11766			ctl_set_invalid_opcode(ctsio);
11767		ctl_done((union ctl_io *)ctsio);
11768		return (NULL);
11769	}
11770	KASSERT(entry->length > 0,
11771	    ("Not defined length for command 0x%02x/0x%02x",
11772	     ctsio->cdb[0], ctsio->cdb[1]));
11773	for (i = 1; i < entry->length; i++) {
11774		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11775		if (diff == 0)
11776			continue;
11777		ctl_set_invalid_field(ctsio,
11778				      /*sks_valid*/ 1,
11779				      /*command*/ 1,
11780				      /*field*/ i,
11781				      /*bit_valid*/ 1,
11782				      /*bit*/ fls(diff) - 1);
11783		ctl_done((union ctl_io *)ctsio);
11784		return (NULL);
11785	}
11786	return (entry);
11787}
11788
11789static int
11790ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11791{
11792
11793	switch (lun_type) {
11794	case T_PROCESSOR:
11795		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11796		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11797			return (0);
11798		break;
11799	case T_DIRECT:
11800		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11801		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11802			return (0);
11803		break;
11804	default:
11805		return (0);
11806	}
11807	return (1);
11808}
11809
11810static int
11811ctl_scsiio(struct ctl_scsiio *ctsio)
11812{
11813	int retval;
11814	const struct ctl_cmd_entry *entry;
11815
11816	retval = CTL_RETVAL_COMPLETE;
11817
11818	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11819
11820	entry = ctl_get_cmd_entry(ctsio, NULL);
11821
11822	/*
11823	 * If this I/O has been aborted, just send it straight to
11824	 * ctl_done() without executing it.
11825	 */
11826	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11827		ctl_done((union ctl_io *)ctsio);
11828		goto bailout;
11829	}
11830
11831	/*
11832	 * All the checks should have been handled by ctl_scsiio_precheck().
11833	 * We should be clear now to just execute the I/O.
11834	 */
11835	retval = entry->execute(ctsio);
11836
11837bailout:
11838	return (retval);
11839}
11840
11841/*
11842 * Since we only implement one target right now, a bus reset simply resets
11843 * our single target.
11844 */
11845static int
11846ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
11847{
11848	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
11849}
11850
11851static int
11852ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
11853		 ctl_ua_type ua_type)
11854{
11855	struct ctl_lun *lun;
11856	int retval;
11857
11858	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11859		union ctl_ha_msg msg_info;
11860
11861		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11862		msg_info.hdr.nexus = io->io_hdr.nexus;
11863		if (ua_type==CTL_UA_TARG_RESET)
11864			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11865		else
11866			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11867		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11868		msg_info.hdr.original_sc = NULL;
11869		msg_info.hdr.serializing_sc = NULL;
11870		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11871		    (void *)&msg_info, sizeof(msg_info), 0)) {
11872		}
11873	}
11874	retval = 0;
11875
11876	mtx_lock(&ctl_softc->ctl_lock);
11877	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
11878		retval += ctl_lun_reset(lun, io, ua_type);
11879	mtx_unlock(&ctl_softc->ctl_lock);
11880
11881	return (retval);
11882}
11883
11884/*
11885 * The LUN should always be set.  The I/O is optional, and is used to
11886 * distinguish between I/Os sent by this initiator, and by other
11887 * initiators.  We set unit attention for initiators other than this one.
11888 * SAM-3 is vague on this point.  It does say that a unit attention should
11889 * be established for other initiators when a LUN is reset (see section
11890 * 5.7.3), but it doesn't specifically say that the unit attention should
11891 * be established for this particular initiator when a LUN is reset.  Here
11892 * is the relevant text, from SAM-3 rev 8:
11893 *
11894 * 5.7.2 When a SCSI initiator port aborts its own tasks
11895 *
11896 * When a SCSI initiator port causes its own task(s) to be aborted, no
11897 * notification that the task(s) have been aborted shall be returned to
11898 * the SCSI initiator port other than the completion response for the
11899 * command or task management function action that caused the task(s) to
11900 * be aborted and notification(s) associated with related effects of the
11901 * action (e.g., a reset unit attention condition).
11902 *
11903 * XXX KDM for now, we're setting unit attention for all initiators.
11904 */
11905static int
11906ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11907{
11908	union ctl_io *xio;
11909#if 0
11910	uint32_t initindex;
11911#endif
11912	int i;
11913
11914	mtx_lock(&lun->lun_lock);
11915	/*
11916	 * Run through the OOA queue and abort each I/O.
11917	 */
11918#if 0
11919	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11920#endif
11921	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11922	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11923		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11924	}
11925
11926	/*
11927	 * This version sets unit attention for every
11928	 */
11929#if 0
11930	initindex = ctl_get_initindex(&io->io_hdr.nexus);
11931	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11932		if (initindex == i)
11933			continue;
11934		lun->pending_ua[i] |= ua_type;
11935	}
11936#endif
11937
11938	/*
11939	 * A reset (any kind, really) clears reservations established with
11940	 * RESERVE/RELEASE.  It does not clear reservations established
11941	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11942	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11943	 * reservations made with the RESERVE/RELEASE commands, because
11944	 * those commands are obsolete in SPC-3.
11945	 */
11946	lun->flags &= ~CTL_LUN_RESERVED;
11947
11948	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11949#ifdef CTL_WITH_CA
11950		ctl_clear_mask(lun->have_ca, i);
11951#endif
11952		lun->pending_ua[i] |= ua_type;
11953	}
11954	mtx_unlock(&lun->lun_lock);
11955
11956	return (0);
11957}
11958
11959static void
11960ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11961    int other_sc)
11962{
11963	union ctl_io *xio;
11964
11965	mtx_assert(&lun->lun_lock, MA_OWNED);
11966
11967	/*
11968	 * Run through the OOA queue and attempt to find the given I/O.
11969	 * The target port, initiator ID, tag type and tag number have to
11970	 * match the values that we got from the initiator.  If we have an
11971	 * untagged command to abort, simply abort the first untagged command
11972	 * we come to.  We only allow one untagged command at a time of course.
11973	 */
11974	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11975	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11976
11977		if ((targ_port == UINT32_MAX ||
11978		     targ_port == xio->io_hdr.nexus.targ_port) &&
11979		    (init_id == UINT32_MAX ||
11980		     init_id == xio->io_hdr.nexus.initid.id)) {
11981			if (targ_port != xio->io_hdr.nexus.targ_port ||
11982			    init_id != xio->io_hdr.nexus.initid.id)
11983				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11984			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11985			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11986				union ctl_ha_msg msg_info;
11987
11988				msg_info.hdr.nexus = xio->io_hdr.nexus;
11989				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11990				msg_info.task.tag_num = xio->scsiio.tag_num;
11991				msg_info.task.tag_type = xio->scsiio.tag_type;
11992				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11993				msg_info.hdr.original_sc = NULL;
11994				msg_info.hdr.serializing_sc = NULL;
11995				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11996				    (void *)&msg_info, sizeof(msg_info), 0);
11997			}
11998		}
11999	}
12000}
12001
12002static int
12003ctl_abort_task_set(union ctl_io *io)
12004{
12005	struct ctl_softc *softc = control_softc;
12006	struct ctl_lun *lun;
12007	uint32_t targ_lun;
12008
12009	/*
12010	 * Look up the LUN.
12011	 */
12012	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12013	mtx_lock(&softc->ctl_lock);
12014	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
12015		lun = softc->ctl_luns[targ_lun];
12016	else {
12017		mtx_unlock(&softc->ctl_lock);
12018		return (1);
12019	}
12020
12021	mtx_lock(&lun->lun_lock);
12022	mtx_unlock(&softc->ctl_lock);
12023	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12024		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12025		    io->io_hdr.nexus.initid.id,
12026		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12027	} else { /* CTL_TASK_CLEAR_TASK_SET */
12028		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12029		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12030	}
12031	mtx_unlock(&lun->lun_lock);
12032	return (0);
12033}
12034
12035static int
12036ctl_i_t_nexus_reset(union ctl_io *io)
12037{
12038	struct ctl_softc *softc = control_softc;
12039	struct ctl_lun *lun;
12040	uint32_t initindex, residx;
12041
12042	initindex = ctl_get_initindex(&io->io_hdr.nexus);
12043	residx = ctl_get_resindex(&io->io_hdr.nexus);
12044	mtx_lock(&softc->ctl_lock);
12045	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12046		mtx_lock(&lun->lun_lock);
12047		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12048		    io->io_hdr.nexus.initid.id,
12049		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12050#ifdef CTL_WITH_CA
12051		ctl_clear_mask(lun->have_ca, initindex);
12052#endif
12053		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
12054			lun->flags &= ~CTL_LUN_RESERVED;
12055		lun->pending_ua[initindex] |= CTL_UA_I_T_NEXUS_LOSS;
12056		mtx_unlock(&lun->lun_lock);
12057	}
12058	mtx_unlock(&softc->ctl_lock);
12059	return (0);
12060}
12061
12062static int
12063ctl_abort_task(union ctl_io *io)
12064{
12065	union ctl_io *xio;
12066	struct ctl_lun *lun;
12067	struct ctl_softc *ctl_softc;
12068#if 0
12069	struct sbuf sb;
12070	char printbuf[128];
12071#endif
12072	int found;
12073	uint32_t targ_lun;
12074
12075	ctl_softc = control_softc;
12076	found = 0;
12077
12078	/*
12079	 * Look up the LUN.
12080	 */
12081	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12082	mtx_lock(&ctl_softc->ctl_lock);
12083	if ((targ_lun < CTL_MAX_LUNS)
12084	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12085		lun = ctl_softc->ctl_luns[targ_lun];
12086	else {
12087		mtx_unlock(&ctl_softc->ctl_lock);
12088		return (1);
12089	}
12090
12091#if 0
12092	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12093	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12094#endif
12095
12096	mtx_lock(&lun->lun_lock);
12097	mtx_unlock(&ctl_softc->ctl_lock);
12098	/*
12099	 * Run through the OOA queue and attempt to find the given I/O.
12100	 * The target port, initiator ID, tag type and tag number have to
12101	 * match the values that we got from the initiator.  If we have an
12102	 * untagged command to abort, simply abort the first untagged command
12103	 * we come to.  We only allow one untagged command at a time of course.
12104	 */
12105#if 0
12106	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
12107#endif
12108	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12109	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12110#if 0
12111		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12112
12113		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12114			    lun->lun, xio->scsiio.tag_num,
12115			    xio->scsiio.tag_type,
12116			    (xio->io_hdr.blocked_links.tqe_prev
12117			    == NULL) ? "" : " BLOCKED",
12118			    (xio->io_hdr.flags &
12119			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12120			    (xio->io_hdr.flags &
12121			    CTL_FLAG_ABORT) ? " ABORT" : "",
12122			    (xio->io_hdr.flags &
12123			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12124		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12125		sbuf_finish(&sb);
12126		printf("%s\n", sbuf_data(&sb));
12127#endif
12128
12129		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
12130		 && (xio->io_hdr.nexus.initid.id ==
12131		     io->io_hdr.nexus.initid.id)) {
12132			/*
12133			 * If the abort says that the task is untagged, the
12134			 * task in the queue must be untagged.  Otherwise,
12135			 * we just check to see whether the tag numbers
12136			 * match.  This is because the QLogic firmware
12137			 * doesn't pass back the tag type in an abort
12138			 * request.
12139			 */
12140#if 0
12141			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12142			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12143			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
12144#endif
12145			/*
12146			 * XXX KDM we've got problems with FC, because it
12147			 * doesn't send down a tag type with aborts.  So we
12148			 * can only really go by the tag number...
12149			 * This may cause problems with parallel SCSI.
12150			 * Need to figure that out!!
12151			 */
12152			if (xio->scsiio.tag_num == io->taskio.tag_num) {
12153				xio->io_hdr.flags |= CTL_FLAG_ABORT;
12154				found = 1;
12155				if ((io->io_hdr.flags &
12156				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
12157				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12158					union ctl_ha_msg msg_info;
12159
12160					io->io_hdr.flags |=
12161					                CTL_FLAG_SENT_2OTHER_SC;
12162					msg_info.hdr.nexus = io->io_hdr.nexus;
12163					msg_info.task.task_action =
12164						CTL_TASK_ABORT_TASK;
12165					msg_info.task.tag_num =
12166						io->taskio.tag_num;
12167					msg_info.task.tag_type =
12168						io->taskio.tag_type;
12169					msg_info.hdr.msg_type =
12170						CTL_MSG_MANAGE_TASKS;
12171					msg_info.hdr.original_sc = NULL;
12172					msg_info.hdr.serializing_sc = NULL;
12173#if 0
12174					printf("Sent Abort to other side\n");
12175#endif
12176					if (CTL_HA_STATUS_SUCCESS !=
12177					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12178		    				(void *)&msg_info,
12179						sizeof(msg_info), 0)) {
12180					}
12181				}
12182#if 0
12183				printf("ctl_abort_task: found I/O to abort\n");
12184#endif
12185				break;
12186			}
12187		}
12188	}
12189	mtx_unlock(&lun->lun_lock);
12190
12191	if (found == 0) {
12192		/*
12193		 * This isn't really an error.  It's entirely possible for
12194		 * the abort and command completion to cross on the wire.
12195		 * This is more of an informative/diagnostic error.
12196		 */
12197#if 0
12198		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12199		       "%d:%d:%d:%d tag %d type %d\n",
12200		       io->io_hdr.nexus.initid.id,
12201		       io->io_hdr.nexus.targ_port,
12202		       io->io_hdr.nexus.targ_target.id,
12203		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12204		       io->taskio.tag_type);
12205#endif
12206	}
12207	return (0);
12208}
12209
12210static void
12211ctl_run_task(union ctl_io *io)
12212{
12213	struct ctl_softc *ctl_softc = control_softc;
12214	int retval = 1;
12215	const char *task_desc;
12216
12217	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12218
12219	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12220	    ("ctl_run_task: Unextected io_type %d\n",
12221	     io->io_hdr.io_type));
12222
12223	task_desc = ctl_scsi_task_string(&io->taskio);
12224	if (task_desc != NULL) {
12225#ifdef NEEDTOPORT
12226		csevent_log(CSC_CTL | CSC_SHELF_SW |
12227			    CTL_TASK_REPORT,
12228			    csevent_LogType_Trace,
12229			    csevent_Severity_Information,
12230			    csevent_AlertLevel_Green,
12231			    csevent_FRU_Firmware,
12232			    csevent_FRU_Unknown,
12233			    "CTL: received task: %s",task_desc);
12234#endif
12235	} else {
12236#ifdef NEEDTOPORT
12237		csevent_log(CSC_CTL | CSC_SHELF_SW |
12238			    CTL_TASK_REPORT,
12239			    csevent_LogType_Trace,
12240			    csevent_Severity_Information,
12241			    csevent_AlertLevel_Green,
12242			    csevent_FRU_Firmware,
12243			    csevent_FRU_Unknown,
12244			    "CTL: received unknown task "
12245			    "type: %d (%#x)",
12246			    io->taskio.task_action,
12247			    io->taskio.task_action);
12248#endif
12249	}
12250	switch (io->taskio.task_action) {
12251	case CTL_TASK_ABORT_TASK:
12252		retval = ctl_abort_task(io);
12253		break;
12254	case CTL_TASK_ABORT_TASK_SET:
12255	case CTL_TASK_CLEAR_TASK_SET:
12256		retval = ctl_abort_task_set(io);
12257		break;
12258	case CTL_TASK_CLEAR_ACA:
12259		break;
12260	case CTL_TASK_I_T_NEXUS_RESET:
12261		retval = ctl_i_t_nexus_reset(io);
12262		break;
12263	case CTL_TASK_LUN_RESET: {
12264		struct ctl_lun *lun;
12265		uint32_t targ_lun;
12266
12267		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12268		mtx_lock(&ctl_softc->ctl_lock);
12269		if ((targ_lun < CTL_MAX_LUNS)
12270		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12271			lun = ctl_softc->ctl_luns[targ_lun];
12272		else {
12273			mtx_unlock(&ctl_softc->ctl_lock);
12274			retval = 1;
12275			break;
12276		}
12277
12278		if (!(io->io_hdr.flags &
12279		    CTL_FLAG_FROM_OTHER_SC)) {
12280			union ctl_ha_msg msg_info;
12281
12282			io->io_hdr.flags |=
12283				CTL_FLAG_SENT_2OTHER_SC;
12284			msg_info.hdr.msg_type =
12285				CTL_MSG_MANAGE_TASKS;
12286			msg_info.hdr.nexus = io->io_hdr.nexus;
12287			msg_info.task.task_action =
12288				CTL_TASK_LUN_RESET;
12289			msg_info.hdr.original_sc = NULL;
12290			msg_info.hdr.serializing_sc = NULL;
12291			if (CTL_HA_STATUS_SUCCESS !=
12292			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12293			    (void *)&msg_info,
12294			    sizeof(msg_info), 0)) {
12295			}
12296		}
12297
12298		retval = ctl_lun_reset(lun, io,
12299				       CTL_UA_LUN_RESET);
12300		mtx_unlock(&ctl_softc->ctl_lock);
12301		break;
12302	}
12303	case CTL_TASK_TARGET_RESET:
12304		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
12305		break;
12306	case CTL_TASK_BUS_RESET:
12307		retval = ctl_bus_reset(ctl_softc, io);
12308		break;
12309	case CTL_TASK_PORT_LOGIN:
12310		break;
12311	case CTL_TASK_PORT_LOGOUT:
12312		break;
12313	default:
12314		printf("ctl_run_task: got unknown task management event %d\n",
12315		       io->taskio.task_action);
12316		break;
12317	}
12318	if (retval == 0)
12319		io->io_hdr.status = CTL_SUCCESS;
12320	else
12321		io->io_hdr.status = CTL_ERROR;
12322	ctl_done(io);
12323}
12324
12325/*
12326 * For HA operation.  Handle commands that come in from the other
12327 * controller.
12328 */
12329static void
12330ctl_handle_isc(union ctl_io *io)
12331{
12332	int free_io;
12333	struct ctl_lun *lun;
12334	struct ctl_softc *ctl_softc;
12335	uint32_t targ_lun;
12336
12337	ctl_softc = control_softc;
12338
12339	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12340	lun = ctl_softc->ctl_luns[targ_lun];
12341
12342	switch (io->io_hdr.msg_type) {
12343	case CTL_MSG_SERIALIZE:
12344		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12345		break;
12346	case CTL_MSG_R2R: {
12347		const struct ctl_cmd_entry *entry;
12348
12349		/*
12350		 * This is only used in SER_ONLY mode.
12351		 */
12352		free_io = 0;
12353		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12354		mtx_lock(&lun->lun_lock);
12355		if (ctl_scsiio_lun_check(ctl_softc, lun,
12356		    entry, (struct ctl_scsiio *)io) != 0) {
12357			mtx_unlock(&lun->lun_lock);
12358			ctl_done(io);
12359			break;
12360		}
12361		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12362		mtx_unlock(&lun->lun_lock);
12363		ctl_enqueue_rtr(io);
12364		break;
12365	}
12366	case CTL_MSG_FINISH_IO:
12367		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
12368			free_io = 0;
12369			ctl_done(io);
12370		} else {
12371			free_io = 1;
12372			mtx_lock(&lun->lun_lock);
12373			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12374				     ooa_links);
12375			ctl_check_blocked(lun);
12376			mtx_unlock(&lun->lun_lock);
12377		}
12378		break;
12379	case CTL_MSG_PERS_ACTION:
12380		ctl_hndl_per_res_out_on_other_sc(
12381			(union ctl_ha_msg *)&io->presio.pr_msg);
12382		free_io = 1;
12383		break;
12384	case CTL_MSG_BAD_JUJU:
12385		free_io = 0;
12386		ctl_done(io);
12387		break;
12388	case CTL_MSG_DATAMOVE:
12389		/* Only used in XFER mode */
12390		free_io = 0;
12391		ctl_datamove_remote(io);
12392		break;
12393	case CTL_MSG_DATAMOVE_DONE:
12394		/* Only used in XFER mode */
12395		free_io = 0;
12396		io->scsiio.be_move_done(io);
12397		break;
12398	default:
12399		free_io = 1;
12400		printf("%s: Invalid message type %d\n",
12401		       __func__, io->io_hdr.msg_type);
12402		break;
12403	}
12404	if (free_io)
12405		ctl_free_io(io);
12406
12407}
12408
12409
12410/*
12411 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12412 * there is no match.
12413 */
12414static ctl_lun_error_pattern
12415ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12416{
12417	const struct ctl_cmd_entry *entry;
12418	ctl_lun_error_pattern filtered_pattern, pattern;
12419
12420	pattern = desc->error_pattern;
12421
12422	/*
12423	 * XXX KDM we need more data passed into this function to match a
12424	 * custom pattern, and we actually need to implement custom pattern
12425	 * matching.
12426	 */
12427	if (pattern & CTL_LUN_PAT_CMD)
12428		return (CTL_LUN_PAT_CMD);
12429
12430	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12431		return (CTL_LUN_PAT_ANY);
12432
12433	entry = ctl_get_cmd_entry(ctsio, NULL);
12434
12435	filtered_pattern = entry->pattern & pattern;
12436
12437	/*
12438	 * If the user requested specific flags in the pattern (e.g.
12439	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12440	 * flags.
12441	 *
12442	 * If the user did not specify any flags, it doesn't matter whether
12443	 * or not the command supports the flags.
12444	 */
12445	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12446	     (pattern & ~CTL_LUN_PAT_MASK))
12447		return (CTL_LUN_PAT_NONE);
12448
12449	/*
12450	 * If the user asked for a range check, see if the requested LBA
12451	 * range overlaps with this command's LBA range.
12452	 */
12453	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12454		uint64_t lba1;
12455		uint64_t len1;
12456		ctl_action action;
12457		int retval;
12458
12459		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12460		if (retval != 0)
12461			return (CTL_LUN_PAT_NONE);
12462
12463		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12464					      desc->lba_range.len);
12465		/*
12466		 * A "pass" means that the LBA ranges don't overlap, so
12467		 * this doesn't match the user's range criteria.
12468		 */
12469		if (action == CTL_ACTION_PASS)
12470			return (CTL_LUN_PAT_NONE);
12471	}
12472
12473	return (filtered_pattern);
12474}
12475
12476static void
12477ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12478{
12479	struct ctl_error_desc *desc, *desc2;
12480
12481	mtx_assert(&lun->lun_lock, MA_OWNED);
12482
12483	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12484		ctl_lun_error_pattern pattern;
12485		/*
12486		 * Check to see whether this particular command matches
12487		 * the pattern in the descriptor.
12488		 */
12489		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12490		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12491			continue;
12492
12493		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12494		case CTL_LUN_INJ_ABORTED:
12495			ctl_set_aborted(&io->scsiio);
12496			break;
12497		case CTL_LUN_INJ_MEDIUM_ERR:
12498			ctl_set_medium_error(&io->scsiio);
12499			break;
12500		case CTL_LUN_INJ_UA:
12501			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12502			 * OCCURRED */
12503			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12504			break;
12505		case CTL_LUN_INJ_CUSTOM:
12506			/*
12507			 * We're assuming the user knows what he is doing.
12508			 * Just copy the sense information without doing
12509			 * checks.
12510			 */
12511			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12512			      ctl_min(sizeof(desc->custom_sense),
12513				      sizeof(io->scsiio.sense_data)));
12514			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12515			io->scsiio.sense_len = SSD_FULL_SIZE;
12516			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12517			break;
12518		case CTL_LUN_INJ_NONE:
12519		default:
12520			/*
12521			 * If this is an error injection type we don't know
12522			 * about, clear the continuous flag (if it is set)
12523			 * so it will get deleted below.
12524			 */
12525			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12526			break;
12527		}
12528		/*
12529		 * By default, each error injection action is a one-shot
12530		 */
12531		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12532			continue;
12533
12534		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12535
12536		free(desc, M_CTL);
12537	}
12538}
12539
12540#ifdef CTL_IO_DELAY
12541static void
12542ctl_datamove_timer_wakeup(void *arg)
12543{
12544	union ctl_io *io;
12545
12546	io = (union ctl_io *)arg;
12547
12548	ctl_datamove(io);
12549}
12550#endif /* CTL_IO_DELAY */
12551
12552void
12553ctl_datamove(union ctl_io *io)
12554{
12555	void (*fe_datamove)(union ctl_io *io);
12556
12557	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12558
12559	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12560
12561#ifdef CTL_TIME_IO
12562	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12563		char str[256];
12564		char path_str[64];
12565		struct sbuf sb;
12566
12567		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12568		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12569
12570		sbuf_cat(&sb, path_str);
12571		switch (io->io_hdr.io_type) {
12572		case CTL_IO_SCSI:
12573			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12574			sbuf_printf(&sb, "\n");
12575			sbuf_cat(&sb, path_str);
12576			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12577				    io->scsiio.tag_num, io->scsiio.tag_type);
12578			break;
12579		case CTL_IO_TASK:
12580			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12581				    "Tag Type: %d\n", io->taskio.task_action,
12582				    io->taskio.tag_num, io->taskio.tag_type);
12583			break;
12584		default:
12585			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12586			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12587			break;
12588		}
12589		sbuf_cat(&sb, path_str);
12590		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12591			    (intmax_t)time_uptime - io->io_hdr.start_time);
12592		sbuf_finish(&sb);
12593		printf("%s", sbuf_data(&sb));
12594	}
12595#endif /* CTL_TIME_IO */
12596
12597#ifdef CTL_IO_DELAY
12598	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12599		struct ctl_lun *lun;
12600
12601		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12602
12603		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12604	} else {
12605		struct ctl_lun *lun;
12606
12607		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12608		if ((lun != NULL)
12609		 && (lun->delay_info.datamove_delay > 0)) {
12610			struct callout *callout;
12611
12612			callout = (struct callout *)&io->io_hdr.timer_bytes;
12613			callout_init(callout, /*mpsafe*/ 1);
12614			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12615			callout_reset(callout,
12616				      lun->delay_info.datamove_delay * hz,
12617				      ctl_datamove_timer_wakeup, io);
12618			if (lun->delay_info.datamove_type ==
12619			    CTL_DELAY_TYPE_ONESHOT)
12620				lun->delay_info.datamove_delay = 0;
12621			return;
12622		}
12623	}
12624#endif
12625
12626	/*
12627	 * This command has been aborted.  Set the port status, so we fail
12628	 * the data move.
12629	 */
12630	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12631		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12632		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12633		       io->io_hdr.nexus.targ_port,
12634		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12635		       io->io_hdr.nexus.targ_lun);
12636		io->io_hdr.port_status = 31337;
12637		/*
12638		 * Note that the backend, in this case, will get the
12639		 * callback in its context.  In other cases it may get
12640		 * called in the frontend's interrupt thread context.
12641		 */
12642		io->scsiio.be_move_done(io);
12643		return;
12644	}
12645
12646	/* Don't confuse frontend with zero length data move. */
12647	if (io->scsiio.kern_data_len == 0) {
12648		io->scsiio.be_move_done(io);
12649		return;
12650	}
12651
12652	/*
12653	 * If we're in XFER mode and this I/O is from the other shelf
12654	 * controller, we need to send the DMA to the other side to
12655	 * actually transfer the data to/from the host.  In serialize only
12656	 * mode the transfer happens below CTL and ctl_datamove() is only
12657	 * called on the machine that originally received the I/O.
12658	 */
12659	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12660	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12661		union ctl_ha_msg msg;
12662		uint32_t sg_entries_sent;
12663		int do_sg_copy;
12664		int i;
12665
12666		memset(&msg, 0, sizeof(msg));
12667		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12668		msg.hdr.original_sc = io->io_hdr.original_sc;
12669		msg.hdr.serializing_sc = io;
12670		msg.hdr.nexus = io->io_hdr.nexus;
12671		msg.dt.flags = io->io_hdr.flags;
12672		/*
12673		 * We convert everything into a S/G list here.  We can't
12674		 * pass by reference, only by value between controllers.
12675		 * So we can't pass a pointer to the S/G list, only as many
12676		 * S/G entries as we can fit in here.  If it's possible for
12677		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12678		 * then we need to break this up into multiple transfers.
12679		 */
12680		if (io->scsiio.kern_sg_entries == 0) {
12681			msg.dt.kern_sg_entries = 1;
12682			/*
12683			 * If this is in cached memory, flush the cache
12684			 * before we send the DMA request to the other
12685			 * controller.  We want to do this in either the
12686			 * read or the write case.  The read case is
12687			 * straightforward.  In the write case, we want to
12688			 * make sure nothing is in the local cache that
12689			 * could overwrite the DMAed data.
12690			 */
12691			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12692				/*
12693				 * XXX KDM use bus_dmamap_sync() here.
12694				 */
12695			}
12696
12697			/*
12698			 * Convert to a physical address if this is a
12699			 * virtual address.
12700			 */
12701			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12702				msg.dt.sg_list[0].addr =
12703					io->scsiio.kern_data_ptr;
12704			} else {
12705				/*
12706				 * XXX KDM use busdma here!
12707				 */
12708#if 0
12709				msg.dt.sg_list[0].addr = (void *)
12710					vtophys(io->scsiio.kern_data_ptr);
12711#endif
12712			}
12713
12714			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12715			do_sg_copy = 0;
12716		} else {
12717			struct ctl_sg_entry *sgl;
12718
12719			do_sg_copy = 1;
12720			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12721			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12722			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12723				/*
12724				 * XXX KDM use bus_dmamap_sync() here.
12725				 */
12726			}
12727		}
12728
12729		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12730		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12731		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12732		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12733		msg.dt.sg_sequence = 0;
12734
12735		/*
12736		 * Loop until we've sent all of the S/G entries.  On the
12737		 * other end, we'll recompose these S/G entries into one
12738		 * contiguous list before passing it to the
12739		 */
12740		for (sg_entries_sent = 0; sg_entries_sent <
12741		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12742			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
12743				sizeof(msg.dt.sg_list[0])),
12744				msg.dt.kern_sg_entries - sg_entries_sent);
12745
12746			if (do_sg_copy != 0) {
12747				struct ctl_sg_entry *sgl;
12748				int j;
12749
12750				sgl = (struct ctl_sg_entry *)
12751					io->scsiio.kern_data_ptr;
12752				/*
12753				 * If this is in cached memory, flush the cache
12754				 * before we send the DMA request to the other
12755				 * controller.  We want to do this in either
12756				 * the * read or the write case.  The read
12757				 * case is straightforward.  In the write
12758				 * case, we want to make sure nothing is
12759				 * in the local cache that could overwrite
12760				 * the DMAed data.
12761				 */
12762
12763				for (i = sg_entries_sent, j = 0;
12764				     i < msg.dt.cur_sg_entries; i++, j++) {
12765					if ((io->io_hdr.flags &
12766					     CTL_FLAG_NO_DATASYNC) == 0) {
12767						/*
12768						 * XXX KDM use bus_dmamap_sync()
12769						 */
12770					}
12771					if ((io->io_hdr.flags &
12772					     CTL_FLAG_BUS_ADDR) == 0) {
12773						/*
12774						 * XXX KDM use busdma.
12775						 */
12776#if 0
12777						msg.dt.sg_list[j].addr =(void *)
12778						       vtophys(sgl[i].addr);
12779#endif
12780					} else {
12781						msg.dt.sg_list[j].addr =
12782							sgl[i].addr;
12783					}
12784					msg.dt.sg_list[j].len = sgl[i].len;
12785				}
12786			}
12787
12788			sg_entries_sent += msg.dt.cur_sg_entries;
12789			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12790				msg.dt.sg_last = 1;
12791			else
12792				msg.dt.sg_last = 0;
12793
12794			/*
12795			 * XXX KDM drop and reacquire the lock here?
12796			 */
12797			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12798			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12799				/*
12800				 * XXX do something here.
12801				 */
12802			}
12803
12804			msg.dt.sent_sg_entries = sg_entries_sent;
12805		}
12806		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12807		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12808			ctl_failover_io(io, /*have_lock*/ 0);
12809
12810	} else {
12811
12812		/*
12813		 * Lookup the fe_datamove() function for this particular
12814		 * front end.
12815		 */
12816		fe_datamove =
12817		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12818
12819		fe_datamove(io);
12820	}
12821}
12822
12823static void
12824ctl_send_datamove_done(union ctl_io *io, int have_lock)
12825{
12826	union ctl_ha_msg msg;
12827	int isc_status;
12828
12829	memset(&msg, 0, sizeof(msg));
12830
12831	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12832	msg.hdr.original_sc = io;
12833	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12834	msg.hdr.nexus = io->io_hdr.nexus;
12835	msg.hdr.status = io->io_hdr.status;
12836	msg.scsi.tag_num = io->scsiio.tag_num;
12837	msg.scsi.tag_type = io->scsiio.tag_type;
12838	msg.scsi.scsi_status = io->scsiio.scsi_status;
12839	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12840	       sizeof(io->scsiio.sense_data));
12841	msg.scsi.sense_len = io->scsiio.sense_len;
12842	msg.scsi.sense_residual = io->scsiio.sense_residual;
12843	msg.scsi.fetd_status = io->io_hdr.port_status;
12844	msg.scsi.residual = io->scsiio.residual;
12845	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12846
12847	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12848		ctl_failover_io(io, /*have_lock*/ have_lock);
12849		return;
12850	}
12851
12852	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12853	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12854		/* XXX do something if this fails */
12855	}
12856
12857}
12858
12859/*
12860 * The DMA to the remote side is done, now we need to tell the other side
12861 * we're done so it can continue with its data movement.
12862 */
12863static void
12864ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12865{
12866	union ctl_io *io;
12867
12868	io = rq->context;
12869
12870	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12871		printf("%s: ISC DMA write failed with error %d", __func__,
12872		       rq->ret);
12873		ctl_set_internal_failure(&io->scsiio,
12874					 /*sks_valid*/ 1,
12875					 /*retry_count*/ rq->ret);
12876	}
12877
12878	ctl_dt_req_free(rq);
12879
12880	/*
12881	 * In this case, we had to malloc the memory locally.  Free it.
12882	 */
12883	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12884		int i;
12885		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12886			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12887	}
12888	/*
12889	 * The data is in local and remote memory, so now we need to send
12890	 * status (good or back) back to the other side.
12891	 */
12892	ctl_send_datamove_done(io, /*have_lock*/ 0);
12893}
12894
12895/*
12896 * We've moved the data from the host/controller into local memory.  Now we
12897 * need to push it over to the remote controller's memory.
12898 */
12899static int
12900ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12901{
12902	int retval;
12903
12904	retval = 0;
12905
12906	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12907					  ctl_datamove_remote_write_cb);
12908
12909	return (retval);
12910}
12911
12912static void
12913ctl_datamove_remote_write(union ctl_io *io)
12914{
12915	int retval;
12916	void (*fe_datamove)(union ctl_io *io);
12917
12918	/*
12919	 * - Get the data from the host/HBA into local memory.
12920	 * - DMA memory from the local controller to the remote controller.
12921	 * - Send status back to the remote controller.
12922	 */
12923
12924	retval = ctl_datamove_remote_sgl_setup(io);
12925	if (retval != 0)
12926		return;
12927
12928	/* Switch the pointer over so the FETD knows what to do */
12929	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12930
12931	/*
12932	 * Use a custom move done callback, since we need to send completion
12933	 * back to the other controller, not to the backend on this side.
12934	 */
12935	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12936
12937	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12938
12939	fe_datamove(io);
12940
12941	return;
12942
12943}
12944
12945static int
12946ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12947{
12948#if 0
12949	char str[256];
12950	char path_str[64];
12951	struct sbuf sb;
12952#endif
12953
12954	/*
12955	 * In this case, we had to malloc the memory locally.  Free it.
12956	 */
12957	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12958		int i;
12959		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12960			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12961	}
12962
12963#if 0
12964	scsi_path_string(io, path_str, sizeof(path_str));
12965	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12966	sbuf_cat(&sb, path_str);
12967	scsi_command_string(&io->scsiio, NULL, &sb);
12968	sbuf_printf(&sb, "\n");
12969	sbuf_cat(&sb, path_str);
12970	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12971		    io->scsiio.tag_num, io->scsiio.tag_type);
12972	sbuf_cat(&sb, path_str);
12973	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12974		    io->io_hdr.flags, io->io_hdr.status);
12975	sbuf_finish(&sb);
12976	printk("%s", sbuf_data(&sb));
12977#endif
12978
12979
12980	/*
12981	 * The read is done, now we need to send status (good or bad) back
12982	 * to the other side.
12983	 */
12984	ctl_send_datamove_done(io, /*have_lock*/ 0);
12985
12986	return (0);
12987}
12988
12989static void
12990ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12991{
12992	union ctl_io *io;
12993	void (*fe_datamove)(union ctl_io *io);
12994
12995	io = rq->context;
12996
12997	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12998		printf("%s: ISC DMA read failed with error %d", __func__,
12999		       rq->ret);
13000		ctl_set_internal_failure(&io->scsiio,
13001					 /*sks_valid*/ 1,
13002					 /*retry_count*/ rq->ret);
13003	}
13004
13005	ctl_dt_req_free(rq);
13006
13007	/* Switch the pointer over so the FETD knows what to do */
13008	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13009
13010	/*
13011	 * Use a custom move done callback, since we need to send completion
13012	 * back to the other controller, not to the backend on this side.
13013	 */
13014	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
13015
13016	/* XXX KDM add checks like the ones in ctl_datamove? */
13017
13018	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13019
13020	fe_datamove(io);
13021}
13022
13023static int
13024ctl_datamove_remote_sgl_setup(union ctl_io *io)
13025{
13026	struct ctl_sg_entry *local_sglist, *remote_sglist;
13027	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
13028	struct ctl_softc *softc;
13029	int retval;
13030	int i;
13031
13032	retval = 0;
13033	softc = control_softc;
13034
13035	local_sglist = io->io_hdr.local_sglist;
13036	local_dma_sglist = io->io_hdr.local_dma_sglist;
13037	remote_sglist = io->io_hdr.remote_sglist;
13038	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13039
13040	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
13041		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
13042			local_sglist[i].len = remote_sglist[i].len;
13043
13044			/*
13045			 * XXX Detect the situation where the RS-level I/O
13046			 * redirector on the other side has already read the
13047			 * data off of the AOR RS on this side, and
13048			 * transferred it to remote (mirror) memory on the
13049			 * other side.  Since we already have the data in
13050			 * memory here, we just need to use it.
13051			 *
13052			 * XXX KDM this can probably be removed once we
13053			 * get the cache device code in and take the
13054			 * current AOR implementation out.
13055			 */
13056#ifdef NEEDTOPORT
13057			if ((remote_sglist[i].addr >=
13058			     (void *)vtophys(softc->mirr->addr))
13059			 && (remote_sglist[i].addr <
13060			     ((void *)vtophys(softc->mirr->addr) +
13061			     CacheMirrorOffset))) {
13062				local_sglist[i].addr = remote_sglist[i].addr -
13063					CacheMirrorOffset;
13064				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13065				     CTL_FLAG_DATA_IN)
13066					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
13067			} else {
13068				local_sglist[i].addr = remote_sglist[i].addr +
13069					CacheMirrorOffset;
13070			}
13071#endif
13072#if 0
13073			printf("%s: local %p, remote %p, len %d\n",
13074			       __func__, local_sglist[i].addr,
13075			       remote_sglist[i].addr, local_sglist[i].len);
13076#endif
13077		}
13078	} else {
13079		uint32_t len_to_go;
13080
13081		/*
13082		 * In this case, we don't have automatically allocated
13083		 * memory for this I/O on this controller.  This typically
13084		 * happens with internal CTL I/O -- e.g. inquiry, mode
13085		 * sense, etc.  Anything coming from RAIDCore will have
13086		 * a mirror area available.
13087		 */
13088		len_to_go = io->scsiio.kern_data_len;
13089
13090		/*
13091		 * Clear the no datasync flag, we have to use malloced
13092		 * buffers.
13093		 */
13094		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
13095
13096		/*
13097		 * The difficult thing here is that the size of the various
13098		 * S/G segments may be different than the size from the
13099		 * remote controller.  That'll make it harder when DMAing
13100		 * the data back to the other side.
13101		 */
13102		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
13103		     sizeof(io->io_hdr.remote_sglist[0])) &&
13104		     (len_to_go > 0); i++) {
13105			local_sglist[i].len = ctl_min(len_to_go, 131072);
13106			CTL_SIZE_8B(local_dma_sglist[i].len,
13107				    local_sglist[i].len);
13108			local_sglist[i].addr =
13109				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
13110
13111			local_dma_sglist[i].addr = local_sglist[i].addr;
13112
13113			if (local_sglist[i].addr == NULL) {
13114				int j;
13115
13116				printf("malloc failed for %zd bytes!",
13117				       local_dma_sglist[i].len);
13118				for (j = 0; j < i; j++) {
13119					free(local_sglist[j].addr, M_CTL);
13120				}
13121				ctl_set_internal_failure(&io->scsiio,
13122							 /*sks_valid*/ 1,
13123							 /*retry_count*/ 4857);
13124				retval = 1;
13125				goto bailout_error;
13126
13127			}
13128			/* XXX KDM do we need a sync here? */
13129
13130			len_to_go -= local_sglist[i].len;
13131		}
13132		/*
13133		 * Reset the number of S/G entries accordingly.  The
13134		 * original number of S/G entries is available in
13135		 * rem_sg_entries.
13136		 */
13137		io->scsiio.kern_sg_entries = i;
13138
13139#if 0
13140		printf("%s: kern_sg_entries = %d\n", __func__,
13141		       io->scsiio.kern_sg_entries);
13142		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13143			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
13144			       local_sglist[i].addr, local_sglist[i].len,
13145			       local_dma_sglist[i].len);
13146#endif
13147	}
13148
13149
13150	return (retval);
13151
13152bailout_error:
13153
13154	ctl_send_datamove_done(io, /*have_lock*/ 0);
13155
13156	return (retval);
13157}
13158
13159static int
13160ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
13161			 ctl_ha_dt_cb callback)
13162{
13163	struct ctl_ha_dt_req *rq;
13164	struct ctl_sg_entry *remote_sglist, *local_sglist;
13165	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
13166	uint32_t local_used, remote_used, total_used;
13167	int retval;
13168	int i, j;
13169
13170	retval = 0;
13171
13172	rq = ctl_dt_req_alloc();
13173
13174	/*
13175	 * If we failed to allocate the request, and if the DMA didn't fail
13176	 * anyway, set busy status.  This is just a resource allocation
13177	 * failure.
13178	 */
13179	if ((rq == NULL)
13180	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
13181		ctl_set_busy(&io->scsiio);
13182
13183	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
13184
13185		if (rq != NULL)
13186			ctl_dt_req_free(rq);
13187
13188		/*
13189		 * The data move failed.  We need to return status back
13190		 * to the other controller.  No point in trying to DMA
13191		 * data to the remote controller.
13192		 */
13193
13194		ctl_send_datamove_done(io, /*have_lock*/ 0);
13195
13196		retval = 1;
13197
13198		goto bailout;
13199	}
13200
13201	local_sglist = io->io_hdr.local_sglist;
13202	local_dma_sglist = io->io_hdr.local_dma_sglist;
13203	remote_sglist = io->io_hdr.remote_sglist;
13204	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13205	local_used = 0;
13206	remote_used = 0;
13207	total_used = 0;
13208
13209	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
13210		rq->ret = CTL_HA_STATUS_SUCCESS;
13211		rq->context = io;
13212		callback(rq);
13213		goto bailout;
13214	}
13215
13216	/*
13217	 * Pull/push the data over the wire from/to the other controller.
13218	 * This takes into account the possibility that the local and
13219	 * remote sglists may not be identical in terms of the size of
13220	 * the elements and the number of elements.
13221	 *
13222	 * One fundamental assumption here is that the length allocated for
13223	 * both the local and remote sglists is identical.  Otherwise, we've
13224	 * essentially got a coding error of some sort.
13225	 */
13226	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
13227		int isc_ret;
13228		uint32_t cur_len, dma_length;
13229		uint8_t *tmp_ptr;
13230
13231		rq->id = CTL_HA_DATA_CTL;
13232		rq->command = command;
13233		rq->context = io;
13234
13235		/*
13236		 * Both pointers should be aligned.  But it is possible
13237		 * that the allocation length is not.  They should both
13238		 * also have enough slack left over at the end, though,
13239		 * to round up to the next 8 byte boundary.
13240		 */
13241		cur_len = ctl_min(local_sglist[i].len - local_used,
13242				  remote_sglist[j].len - remote_used);
13243
13244		/*
13245		 * In this case, we have a size issue and need to decrease
13246		 * the size, except in the case where we actually have less
13247		 * than 8 bytes left.  In that case, we need to increase
13248		 * the DMA length to get the last bit.
13249		 */
13250		if ((cur_len & 0x7) != 0) {
13251			if (cur_len > 0x7) {
13252				cur_len = cur_len - (cur_len & 0x7);
13253				dma_length = cur_len;
13254			} else {
13255				CTL_SIZE_8B(dma_length, cur_len);
13256			}
13257
13258		} else
13259			dma_length = cur_len;
13260
13261		/*
13262		 * If we had to allocate memory for this I/O, instead of using
13263		 * the non-cached mirror memory, we'll need to flush the cache
13264		 * before trying to DMA to the other controller.
13265		 *
13266		 * We could end up doing this multiple times for the same
13267		 * segment if we have a larger local segment than remote
13268		 * segment.  That shouldn't be an issue.
13269		 */
13270		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13271			/*
13272			 * XXX KDM use bus_dmamap_sync() here.
13273			 */
13274		}
13275
13276		rq->size = dma_length;
13277
13278		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13279		tmp_ptr += local_used;
13280
13281		/* Use physical addresses when talking to ISC hardware */
13282		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13283			/* XXX KDM use busdma */
13284#if 0
13285			rq->local = vtophys(tmp_ptr);
13286#endif
13287		} else
13288			rq->local = tmp_ptr;
13289
13290		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13291		tmp_ptr += remote_used;
13292		rq->remote = tmp_ptr;
13293
13294		rq->callback = NULL;
13295
13296		local_used += cur_len;
13297		if (local_used >= local_sglist[i].len) {
13298			i++;
13299			local_used = 0;
13300		}
13301
13302		remote_used += cur_len;
13303		if (remote_used >= remote_sglist[j].len) {
13304			j++;
13305			remote_used = 0;
13306		}
13307		total_used += cur_len;
13308
13309		if (total_used >= io->scsiio.kern_data_len)
13310			rq->callback = callback;
13311
13312		if ((rq->size & 0x7) != 0) {
13313			printf("%s: warning: size %d is not on 8b boundary\n",
13314			       __func__, rq->size);
13315		}
13316		if (((uintptr_t)rq->local & 0x7) != 0) {
13317			printf("%s: warning: local %p not on 8b boundary\n",
13318			       __func__, rq->local);
13319		}
13320		if (((uintptr_t)rq->remote & 0x7) != 0) {
13321			printf("%s: warning: remote %p not on 8b boundary\n",
13322			       __func__, rq->local);
13323		}
13324#if 0
13325		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
13326		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13327		       rq->local, rq->remote, rq->size);
13328#endif
13329
13330		isc_ret = ctl_dt_single(rq);
13331		if (isc_ret == CTL_HA_STATUS_WAIT)
13332			continue;
13333
13334		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
13335			rq->ret = CTL_HA_STATUS_SUCCESS;
13336		} else {
13337			rq->ret = isc_ret;
13338		}
13339		callback(rq);
13340		goto bailout;
13341	}
13342
13343bailout:
13344	return (retval);
13345
13346}
13347
13348static void
13349ctl_datamove_remote_read(union ctl_io *io)
13350{
13351	int retval;
13352	int i;
13353
13354	/*
13355	 * This will send an error to the other controller in the case of a
13356	 * failure.
13357	 */
13358	retval = ctl_datamove_remote_sgl_setup(io);
13359	if (retval != 0)
13360		return;
13361
13362	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13363					  ctl_datamove_remote_read_cb);
13364	if ((retval != 0)
13365	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
13366		/*
13367		 * Make sure we free memory if there was an error..  The
13368		 * ctl_datamove_remote_xfer() function will send the
13369		 * datamove done message, or call the callback with an
13370		 * error if there is a problem.
13371		 */
13372		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13373			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13374	}
13375
13376	return;
13377}
13378
13379/*
13380 * Process a datamove request from the other controller.  This is used for
13381 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13382 * first.  Once that is complete, the data gets DMAed into the remote
13383 * controller's memory.  For reads, we DMA from the remote controller's
13384 * memory into our memory first, and then move it out to the FETD.
13385 */
13386static void
13387ctl_datamove_remote(union ctl_io *io)
13388{
13389	struct ctl_softc *softc;
13390
13391	softc = control_softc;
13392
13393	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13394
13395	/*
13396	 * Note that we look for an aborted I/O here, but don't do some of
13397	 * the other checks that ctl_datamove() normally does.
13398	 * We don't need to run the datamove delay code, since that should
13399	 * have been done if need be on the other controller.
13400	 */
13401	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13402		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13403		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13404		       io->io_hdr.nexus.targ_port,
13405		       io->io_hdr.nexus.targ_target.id,
13406		       io->io_hdr.nexus.targ_lun);
13407		io->io_hdr.port_status = 31338;
13408		ctl_send_datamove_done(io, /*have_lock*/ 0);
13409		return;
13410	}
13411
13412	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13413		ctl_datamove_remote_write(io);
13414	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13415		ctl_datamove_remote_read(io);
13416	} else {
13417		union ctl_ha_msg msg;
13418		struct scsi_sense_data *sense;
13419		uint8_t sks[3];
13420		int retry_count;
13421
13422		memset(&msg, 0, sizeof(msg));
13423
13424		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13425		msg.hdr.status = CTL_SCSI_ERROR;
13426		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13427
13428		retry_count = 4243;
13429
13430		sense = &msg.scsi.sense_data;
13431		sks[0] = SSD_SCS_VALID;
13432		sks[1] = (retry_count >> 8) & 0xff;
13433		sks[2] = retry_count & 0xff;
13434
13435		/* "Internal target failure" */
13436		scsi_set_sense_data(sense,
13437				    /*sense_format*/ SSD_TYPE_NONE,
13438				    /*current_error*/ 1,
13439				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13440				    /*asc*/ 0x44,
13441				    /*ascq*/ 0x00,
13442				    /*type*/ SSD_ELEM_SKS,
13443				    /*size*/ sizeof(sks),
13444				    /*data*/ sks,
13445				    SSD_ELEM_NONE);
13446
13447		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13448		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13449			ctl_failover_io(io, /*have_lock*/ 1);
13450			return;
13451		}
13452
13453		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13454		    CTL_HA_STATUS_SUCCESS) {
13455			/* XXX KDM what to do if this fails? */
13456		}
13457		return;
13458	}
13459
13460}
13461
13462static int
13463ctl_process_done(union ctl_io *io)
13464{
13465	struct ctl_lun *lun;
13466	struct ctl_softc *ctl_softc;
13467	void (*fe_done)(union ctl_io *io);
13468	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13469
13470	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13471
13472	fe_done =
13473	    control_softc->ctl_ports[targ_port]->fe_done;
13474
13475#ifdef CTL_TIME_IO
13476	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13477		char str[256];
13478		char path_str[64];
13479		struct sbuf sb;
13480
13481		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13482		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13483
13484		sbuf_cat(&sb, path_str);
13485		switch (io->io_hdr.io_type) {
13486		case CTL_IO_SCSI:
13487			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13488			sbuf_printf(&sb, "\n");
13489			sbuf_cat(&sb, path_str);
13490			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13491				    io->scsiio.tag_num, io->scsiio.tag_type);
13492			break;
13493		case CTL_IO_TASK:
13494			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13495				    "Tag Type: %d\n", io->taskio.task_action,
13496				    io->taskio.tag_num, io->taskio.tag_type);
13497			break;
13498		default:
13499			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13500			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13501			break;
13502		}
13503		sbuf_cat(&sb, path_str);
13504		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13505			    (intmax_t)time_uptime - io->io_hdr.start_time);
13506		sbuf_finish(&sb);
13507		printf("%s", sbuf_data(&sb));
13508	}
13509#endif /* CTL_TIME_IO */
13510
13511	switch (io->io_hdr.io_type) {
13512	case CTL_IO_SCSI:
13513		break;
13514	case CTL_IO_TASK:
13515		if (bootverbose || (ctl_debug & CTL_DEBUG_INFO))
13516			ctl_io_error_print(io, NULL);
13517		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13518			ctl_free_io(io);
13519		else
13520			fe_done(io);
13521		return (CTL_RETVAL_COMPLETE);
13522	default:
13523		panic("ctl_process_done: invalid io type %d\n",
13524		      io->io_hdr.io_type);
13525		break; /* NOTREACHED */
13526	}
13527
13528	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13529	if (lun == NULL) {
13530		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13531				 io->io_hdr.nexus.targ_mapped_lun));
13532		fe_done(io);
13533		goto bailout;
13534	}
13535	ctl_softc = lun->ctl_softc;
13536
13537	mtx_lock(&lun->lun_lock);
13538
13539	/*
13540	 * Check to see if we have any errors to inject here.  We only
13541	 * inject errors for commands that don't already have errors set.
13542	 */
13543	if ((STAILQ_FIRST(&lun->error_list) != NULL)
13544	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
13545		ctl_inject_error(lun, io);
13546
13547	/*
13548	 * XXX KDM how do we treat commands that aren't completed
13549	 * successfully?
13550	 *
13551	 * XXX KDM should we also track I/O latency?
13552	 */
13553	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13554	    io->io_hdr.io_type == CTL_IO_SCSI) {
13555#ifdef CTL_TIME_IO
13556		struct bintime cur_bt;
13557#endif
13558		int type;
13559
13560		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13561		    CTL_FLAG_DATA_IN)
13562			type = CTL_STATS_READ;
13563		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13564		    CTL_FLAG_DATA_OUT)
13565			type = CTL_STATS_WRITE;
13566		else
13567			type = CTL_STATS_NO_IO;
13568
13569		lun->stats.ports[targ_port].bytes[type] +=
13570		    io->scsiio.kern_total_len;
13571		lun->stats.ports[targ_port].operations[type]++;
13572#ifdef CTL_TIME_IO
13573		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13574		   &io->io_hdr.dma_bt);
13575		lun->stats.ports[targ_port].num_dmas[type] +=
13576		    io->io_hdr.num_dmas;
13577		getbintime(&cur_bt);
13578		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13579		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13580#endif
13581	}
13582
13583	/*
13584	 * Remove this from the OOA queue.
13585	 */
13586	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13587
13588	/*
13589	 * Run through the blocked queue on this LUN and see if anything
13590	 * has become unblocked, now that this transaction is done.
13591	 */
13592	ctl_check_blocked(lun);
13593
13594	/*
13595	 * If the LUN has been invalidated, free it if there is nothing
13596	 * left on its OOA queue.
13597	 */
13598	if ((lun->flags & CTL_LUN_INVALID)
13599	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13600		mtx_unlock(&lun->lun_lock);
13601		mtx_lock(&ctl_softc->ctl_lock);
13602		ctl_free_lun(lun);
13603		mtx_unlock(&ctl_softc->ctl_lock);
13604	} else
13605		mtx_unlock(&lun->lun_lock);
13606
13607	/*
13608	 * If this command has been aborted, make sure we set the status
13609	 * properly.  The FETD is responsible for freeing the I/O and doing
13610	 * whatever it needs to do to clean up its state.
13611	 */
13612	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13613		ctl_set_task_aborted(&io->scsiio);
13614
13615	/*
13616	 * If enabled, print command error status.
13617	 * We don't print UAs unless debugging was enabled explicitly.
13618	 */
13619	do {
13620		if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)
13621			break;
13622		if (!bootverbose && (ctl_debug & CTL_DEBUG_INFO) == 0)
13623			break;
13624		if ((ctl_debug & CTL_DEBUG_INFO) == 0 &&
13625		    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR) &&
13626		     (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
13627			int error_code, sense_key, asc, ascq;
13628
13629			scsi_extract_sense_len(&io->scsiio.sense_data,
13630			    io->scsiio.sense_len, &error_code, &sense_key,
13631			    &asc, &ascq, /*show_errors*/ 0);
13632			if (sense_key == SSD_KEY_UNIT_ATTENTION)
13633				break;
13634		}
13635
13636		ctl_io_error_print(io, NULL);
13637	} while (0);
13638
13639	/*
13640	 * Tell the FETD or the other shelf controller we're done with this
13641	 * command.  Note that only SCSI commands get to this point.  Task
13642	 * management commands are completed above.
13643	 *
13644	 * We only send status to the other controller if we're in XFER
13645	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13646	 * received the I/O (from CTL's perspective), and so the status is
13647	 * generated there.
13648	 *
13649	 * XXX KDM if we hold the lock here, we could cause a deadlock
13650	 * if the frontend comes back in in this context to queue
13651	 * something.
13652	 */
13653	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
13654	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13655		union ctl_ha_msg msg;
13656
13657		memset(&msg, 0, sizeof(msg));
13658		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13659		msg.hdr.original_sc = io->io_hdr.original_sc;
13660		msg.hdr.nexus = io->io_hdr.nexus;
13661		msg.hdr.status = io->io_hdr.status;
13662		msg.scsi.scsi_status = io->scsiio.scsi_status;
13663		msg.scsi.tag_num = io->scsiio.tag_num;
13664		msg.scsi.tag_type = io->scsiio.tag_type;
13665		msg.scsi.sense_len = io->scsiio.sense_len;
13666		msg.scsi.sense_residual = io->scsiio.sense_residual;
13667		msg.scsi.residual = io->scsiio.residual;
13668		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13669		       sizeof(io->scsiio.sense_data));
13670		/*
13671		 * We copy this whether or not this is an I/O-related
13672		 * command.  Otherwise, we'd have to go and check to see
13673		 * whether it's a read/write command, and it really isn't
13674		 * worth it.
13675		 */
13676		memcpy(&msg.scsi.lbalen,
13677		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13678		       sizeof(msg.scsi.lbalen));
13679
13680		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13681				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13682			/* XXX do something here */
13683		}
13684
13685		ctl_free_io(io);
13686	} else
13687		fe_done(io);
13688
13689bailout:
13690
13691	return (CTL_RETVAL_COMPLETE);
13692}
13693
13694#ifdef CTL_WITH_CA
13695/*
13696 * Front end should call this if it doesn't do autosense.  When the request
13697 * sense comes back in from the initiator, we'll dequeue this and send it.
13698 */
13699int
13700ctl_queue_sense(union ctl_io *io)
13701{
13702	struct ctl_lun *lun;
13703	struct ctl_softc *ctl_softc;
13704	uint32_t initidx, targ_lun;
13705
13706	ctl_softc = control_softc;
13707
13708	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13709
13710	/*
13711	 * LUN lookup will likely move to the ctl_work_thread() once we
13712	 * have our new queueing infrastructure (that doesn't put things on
13713	 * a per-LUN queue initially).  That is so that we can handle
13714	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13715	 * can't deal with that right now.
13716	 */
13717	mtx_lock(&ctl_softc->ctl_lock);
13718
13719	/*
13720	 * If we don't have a LUN for this, just toss the sense
13721	 * information.
13722	 */
13723	targ_lun = io->io_hdr.nexus.targ_lun;
13724	targ_lun = ctl_map_lun(io->io_hdr.nexus.targ_port, targ_lun);
13725	if ((targ_lun < CTL_MAX_LUNS)
13726	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
13727		lun = ctl_softc->ctl_luns[targ_lun];
13728	else
13729		goto bailout;
13730
13731	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13732
13733	mtx_lock(&lun->lun_lock);
13734	/*
13735	 * Already have CA set for this LUN...toss the sense information.
13736	 */
13737	if (ctl_is_set(lun->have_ca, initidx)) {
13738		mtx_unlock(&lun->lun_lock);
13739		goto bailout;
13740	}
13741
13742	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13743	       ctl_min(sizeof(lun->pending_sense[initidx]),
13744	       sizeof(io->scsiio.sense_data)));
13745	ctl_set_mask(lun->have_ca, initidx);
13746	mtx_unlock(&lun->lun_lock);
13747
13748bailout:
13749	mtx_unlock(&ctl_softc->ctl_lock);
13750
13751	ctl_free_io(io);
13752
13753	return (CTL_RETVAL_COMPLETE);
13754}
13755#endif
13756
13757/*
13758 * Primary command inlet from frontend ports.  All SCSI and task I/O
13759 * requests must go through this function.
13760 */
13761int
13762ctl_queue(union ctl_io *io)
13763{
13764	struct ctl_softc *ctl_softc;
13765
13766	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13767
13768	ctl_softc = control_softc;
13769
13770#ifdef CTL_TIME_IO
13771	io->io_hdr.start_time = time_uptime;
13772	getbintime(&io->io_hdr.start_bt);
13773#endif /* CTL_TIME_IO */
13774
13775	/* Map FE-specific LUN ID into global one. */
13776	io->io_hdr.nexus.targ_mapped_lun =
13777	    ctl_map_lun(io->io_hdr.nexus.targ_port, io->io_hdr.nexus.targ_lun);
13778
13779	switch (io->io_hdr.io_type) {
13780	case CTL_IO_SCSI:
13781	case CTL_IO_TASK:
13782		if (ctl_debug & CTL_DEBUG_CDB)
13783			ctl_io_print(io);
13784		ctl_enqueue_incoming(io);
13785		break;
13786	default:
13787		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13788		return (EINVAL);
13789	}
13790
13791	return (CTL_RETVAL_COMPLETE);
13792}
13793
13794#ifdef CTL_IO_DELAY
13795static void
13796ctl_done_timer_wakeup(void *arg)
13797{
13798	union ctl_io *io;
13799
13800	io = (union ctl_io *)arg;
13801	ctl_done(io);
13802}
13803#endif /* CTL_IO_DELAY */
13804
13805void
13806ctl_done(union ctl_io *io)
13807{
13808	struct ctl_softc *ctl_softc;
13809
13810	ctl_softc = control_softc;
13811
13812	/*
13813	 * Enable this to catch duplicate completion issues.
13814	 */
13815#if 0
13816	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13817		printf("%s: type %d msg %d cdb %x iptl: "
13818		       "%d:%d:%d:%d tag 0x%04x "
13819		       "flag %#x status %x\n",
13820			__func__,
13821			io->io_hdr.io_type,
13822			io->io_hdr.msg_type,
13823			io->scsiio.cdb[0],
13824			io->io_hdr.nexus.initid.id,
13825			io->io_hdr.nexus.targ_port,
13826			io->io_hdr.nexus.targ_target.id,
13827			io->io_hdr.nexus.targ_lun,
13828			(io->io_hdr.io_type ==
13829			CTL_IO_TASK) ?
13830			io->taskio.tag_num :
13831			io->scsiio.tag_num,
13832		        io->io_hdr.flags,
13833			io->io_hdr.status);
13834	} else
13835		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13836#endif
13837
13838	/*
13839	 * This is an internal copy of an I/O, and should not go through
13840	 * the normal done processing logic.
13841	 */
13842	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13843		return;
13844
13845	/*
13846	 * We need to send a msg to the serializing shelf to finish the IO
13847	 * as well.  We don't send a finish message to the other shelf if
13848	 * this is a task management command.  Task management commands
13849	 * aren't serialized in the OOA queue, but rather just executed on
13850	 * both shelf controllers for commands that originated on that
13851	 * controller.
13852	 */
13853	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13854	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13855		union ctl_ha_msg msg_io;
13856
13857		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13858		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13859		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13860		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13861		}
13862		/* continue on to finish IO */
13863	}
13864#ifdef CTL_IO_DELAY
13865	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13866		struct ctl_lun *lun;
13867
13868		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13869
13870		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13871	} else {
13872		struct ctl_lun *lun;
13873
13874		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13875
13876		if ((lun != NULL)
13877		 && (lun->delay_info.done_delay > 0)) {
13878			struct callout *callout;
13879
13880			callout = (struct callout *)&io->io_hdr.timer_bytes;
13881			callout_init(callout, /*mpsafe*/ 1);
13882			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13883			callout_reset(callout,
13884				      lun->delay_info.done_delay * hz,
13885				      ctl_done_timer_wakeup, io);
13886			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13887				lun->delay_info.done_delay = 0;
13888			return;
13889		}
13890	}
13891#endif /* CTL_IO_DELAY */
13892
13893	ctl_enqueue_done(io);
13894}
13895
13896int
13897ctl_isc(struct ctl_scsiio *ctsio)
13898{
13899	struct ctl_lun *lun;
13900	int retval;
13901
13902	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13903
13904	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13905
13906	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13907
13908	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13909
13910	return (retval);
13911}
13912
13913
13914static void
13915ctl_work_thread(void *arg)
13916{
13917	struct ctl_thread *thr = (struct ctl_thread *)arg;
13918	struct ctl_softc *softc = thr->ctl_softc;
13919	union ctl_io *io;
13920	int retval;
13921
13922	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13923
13924	for (;;) {
13925		retval = 0;
13926
13927		/*
13928		 * We handle the queues in this order:
13929		 * - ISC
13930		 * - done queue (to free up resources, unblock other commands)
13931		 * - RtR queue
13932		 * - incoming queue
13933		 *
13934		 * If those queues are empty, we break out of the loop and
13935		 * go to sleep.
13936		 */
13937		mtx_lock(&thr->queue_lock);
13938		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13939		if (io != NULL) {
13940			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13941			mtx_unlock(&thr->queue_lock);
13942			ctl_handle_isc(io);
13943			continue;
13944		}
13945		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13946		if (io != NULL) {
13947			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13948			/* clear any blocked commands, call fe_done */
13949			mtx_unlock(&thr->queue_lock);
13950			retval = ctl_process_done(io);
13951			continue;
13952		}
13953		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13954		if (io != NULL) {
13955			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13956			mtx_unlock(&thr->queue_lock);
13957			if (io->io_hdr.io_type == CTL_IO_TASK)
13958				ctl_run_task(io);
13959			else
13960				ctl_scsiio_precheck(softc, &io->scsiio);
13961			continue;
13962		}
13963		if (!ctl_pause_rtr) {
13964			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13965			if (io != NULL) {
13966				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13967				mtx_unlock(&thr->queue_lock);
13968				retval = ctl_scsiio(&io->scsiio);
13969				if (retval != CTL_RETVAL_COMPLETE)
13970					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13971				continue;
13972			}
13973		}
13974
13975		/* Sleep until we have something to do. */
13976		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13977	}
13978}
13979
13980static void
13981ctl_lun_thread(void *arg)
13982{
13983	struct ctl_softc *softc = (struct ctl_softc *)arg;
13984	struct ctl_be_lun *be_lun;
13985	int retval;
13986
13987	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13988
13989	for (;;) {
13990		retval = 0;
13991		mtx_lock(&softc->ctl_lock);
13992		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13993		if (be_lun != NULL) {
13994			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13995			mtx_unlock(&softc->ctl_lock);
13996			ctl_create_lun(be_lun);
13997			continue;
13998		}
13999
14000		/* Sleep until we have something to do. */
14001		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
14002		    PDROP | PRIBIO, "-", 0);
14003	}
14004}
14005
14006static void
14007ctl_enqueue_incoming(union ctl_io *io)
14008{
14009	struct ctl_softc *softc = control_softc;
14010	struct ctl_thread *thr;
14011	u_int idx;
14012
14013	idx = (io->io_hdr.nexus.targ_port * 127 +
14014	       io->io_hdr.nexus.initid.id) % worker_threads;
14015	thr = &softc->threads[idx];
14016	mtx_lock(&thr->queue_lock);
14017	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
14018	mtx_unlock(&thr->queue_lock);
14019	wakeup(thr);
14020}
14021
14022static void
14023ctl_enqueue_rtr(union ctl_io *io)
14024{
14025	struct ctl_softc *softc = control_softc;
14026	struct ctl_thread *thr;
14027
14028	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14029	mtx_lock(&thr->queue_lock);
14030	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
14031	mtx_unlock(&thr->queue_lock);
14032	wakeup(thr);
14033}
14034
14035static void
14036ctl_enqueue_done(union ctl_io *io)
14037{
14038	struct ctl_softc *softc = control_softc;
14039	struct ctl_thread *thr;
14040
14041	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14042	mtx_lock(&thr->queue_lock);
14043	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
14044	mtx_unlock(&thr->queue_lock);
14045	wakeup(thr);
14046}
14047
14048static void
14049ctl_enqueue_isc(union ctl_io *io)
14050{
14051	struct ctl_softc *softc = control_softc;
14052	struct ctl_thread *thr;
14053
14054	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14055	mtx_lock(&thr->queue_lock);
14056	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
14057	mtx_unlock(&thr->queue_lock);
14058	wakeup(thr);
14059}
14060
14061/* Initialization and failover */
14062
14063void
14064ctl_init_isc_msg(void)
14065{
14066	printf("CTL: Still calling this thing\n");
14067}
14068
14069/*
14070 * Init component
14071 * 	Initializes component into configuration defined by bootMode
14072 *	(see hasc-sv.c)
14073 *  	returns hasc_Status:
14074 * 		OK
14075 *		ERROR - fatal error
14076 */
14077static ctl_ha_comp_status
14078ctl_isc_init(struct ctl_ha_component *c)
14079{
14080	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14081
14082	c->status = ret;
14083	return ret;
14084}
14085
14086/* Start component
14087 * 	Starts component in state requested. If component starts successfully,
14088 *	it must set its own state to the requestrd state
14089 *	When requested state is HASC_STATE_HA, the component may refine it
14090 * 	by adding _SLAVE or _MASTER flags.
14091 *	Currently allowed state transitions are:
14092 *	UNKNOWN->HA		- initial startup
14093 *	UNKNOWN->SINGLE - initial startup when no parter detected
14094 *	HA->SINGLE		- failover
14095 * returns ctl_ha_comp_status:
14096 * 		OK	- component successfully started in requested state
14097 *		FAILED  - could not start the requested state, failover may
14098 * 			  be possible
14099 *		ERROR	- fatal error detected, no future startup possible
14100 */
14101static ctl_ha_comp_status
14102ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
14103{
14104	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14105
14106	printf("%s: go\n", __func__);
14107
14108	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
14109	if (c->state == CTL_HA_STATE_UNKNOWN ) {
14110		ctl_is_single = 0;
14111		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
14112		    != CTL_HA_STATUS_SUCCESS) {
14113			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
14114			ret = CTL_HA_COMP_STATUS_ERROR;
14115		}
14116	} else if (CTL_HA_STATE_IS_HA(c->state)
14117		&& CTL_HA_STATE_IS_SINGLE(state)){
14118		// HA->SINGLE transition
14119	        ctl_failover();
14120		ctl_is_single = 1;
14121	} else {
14122		printf("ctl_isc_start:Invalid state transition %X->%X\n",
14123		       c->state, state);
14124		ret = CTL_HA_COMP_STATUS_ERROR;
14125	}
14126	if (CTL_HA_STATE_IS_SINGLE(state))
14127		ctl_is_single = 1;
14128
14129	c->state = state;
14130	c->status = ret;
14131	return ret;
14132}
14133
14134/*
14135 * Quiesce component
14136 * The component must clear any error conditions (set status to OK) and
14137 * prepare itself to another Start call
14138 * returns ctl_ha_comp_status:
14139 * 	OK
14140 *	ERROR
14141 */
14142static ctl_ha_comp_status
14143ctl_isc_quiesce(struct ctl_ha_component *c)
14144{
14145	int ret = CTL_HA_COMP_STATUS_OK;
14146
14147	ctl_pause_rtr = 1;
14148	c->status = ret;
14149	return ret;
14150}
14151
14152struct ctl_ha_component ctl_ha_component_ctlisc =
14153{
14154	.name = "CTL ISC",
14155	.state = CTL_HA_STATE_UNKNOWN,
14156	.init = ctl_isc_init,
14157	.start = ctl_isc_start,
14158	.quiesce = ctl_isc_quiesce
14159};
14160
14161/*
14162 *  vim: ts=8
14163 */
14164