ctl.c revision 274562 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 274562 2014-11-16 01:47:43Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/ctype.h>
50#include <sys/kernel.h>
51#include <sys/types.h>
52#include <sys/kthread.h>
53#include <sys/bio.h>
54#include <sys/fcntl.h>
55#include <sys/lock.h>
56#include <sys/module.h>
57#include <sys/mutex.h>
58#include <sys/condvar.h>
59#include <sys/malloc.h>
60#include <sys/conf.h>
61#include <sys/ioccom.h>
62#include <sys/queue.h>
63#include <sys/sbuf.h>
64#include <sys/smp.h>
65#include <sys/endian.h>
66#include <sys/sysctl.h>
67
68#include <cam/cam.h>
69#include <cam/scsi/scsi_all.h>
70#include <cam/scsi/scsi_da.h>
71#include <cam/ctl/ctl_io.h>
72#include <cam/ctl/ctl.h>
73#include <cam/ctl/ctl_frontend.h>
74#include <cam/ctl/ctl_frontend_internal.h>
75#include <cam/ctl/ctl_util.h>
76#include <cam/ctl/ctl_backend.h>
77#include <cam/ctl/ctl_ioctl.h>
78#include <cam/ctl/ctl_ha.h>
79#include <cam/ctl/ctl_private.h>
80#include <cam/ctl/ctl_debug.h>
81#include <cam/ctl/ctl_scsi_all.h>
82#include <cam/ctl/ctl_error.h>
83
84struct ctl_softc *control_softc = NULL;
85
86/*
87 * Size and alignment macros needed for Copan-specific HA hardware.  These
88 * can go away when the HA code is re-written, and uses busdma for any
89 * hardware.
90 */
91#define	CTL_ALIGN_8B(target, source, type)				\
92	if (((uint32_t)source & 0x7) != 0)				\
93		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
94	else								\
95		target = (type)source;
96
97#define	CTL_SIZE_8B(target, size)					\
98	if ((size & 0x7) != 0)						\
99		target = size + (0x8 - (size & 0x7));			\
100	else								\
101		target = size;
102
103#define CTL_ALIGN_8B_MARGIN	16
104
105/*
106 * Template mode pages.
107 */
108
109/*
110 * Note that these are default values only.  The actual values will be
111 * filled in when the user does a mode sense.
112 */
113static struct copan_debugconf_subpage debugconf_page_default = {
114	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
115	DBGCNF_SUBPAGE_CODE,		/* subpage */
116	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
117	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
118	DBGCNF_VERSION,			/* page_version */
119	{CTL_TIME_IO_DEFAULT_SECS>>8,
120	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
121};
122
123static struct copan_debugconf_subpage debugconf_page_changeable = {
124	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
125	DBGCNF_SUBPAGE_CODE,		/* subpage */
126	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
127	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
128	0,				/* page_version */
129	{0xff,0xff},			/* ctl_time_io_secs */
130};
131
132static struct scsi_da_rw_recovery_page rw_er_page_default = {
133	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
134	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
135	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
136	/*read_retry_count*/0,
137	/*correction_span*/0,
138	/*head_offset_count*/0,
139	/*data_strobe_offset_cnt*/0,
140	/*byte8*/0,
141	/*write_retry_count*/0,
142	/*reserved2*/0,
143	/*recovery_time_limit*/{0, 0},
144};
145
146static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
147	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
148	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
149	/*byte3*/0,
150	/*read_retry_count*/0,
151	/*correction_span*/0,
152	/*head_offset_count*/0,
153	/*data_strobe_offset_cnt*/0,
154	/*byte8*/0,
155	/*write_retry_count*/0,
156	/*reserved2*/0,
157	/*recovery_time_limit*/{0, 0},
158};
159
160static struct scsi_format_page format_page_default = {
161	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
162	/*page_length*/sizeof(struct scsi_format_page) - 2,
163	/*tracks_per_zone*/ {0, 0},
164	/*alt_sectors_per_zone*/ {0, 0},
165	/*alt_tracks_per_zone*/ {0, 0},
166	/*alt_tracks_per_lun*/ {0, 0},
167	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
168			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
169	/*bytes_per_sector*/ {0, 0},
170	/*interleave*/ {0, 0},
171	/*track_skew*/ {0, 0},
172	/*cylinder_skew*/ {0, 0},
173	/*flags*/ SFP_HSEC,
174	/*reserved*/ {0, 0, 0}
175};
176
177static struct scsi_format_page format_page_changeable = {
178	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
179	/*page_length*/sizeof(struct scsi_format_page) - 2,
180	/*tracks_per_zone*/ {0, 0},
181	/*alt_sectors_per_zone*/ {0, 0},
182	/*alt_tracks_per_zone*/ {0, 0},
183	/*alt_tracks_per_lun*/ {0, 0},
184	/*sectors_per_track*/ {0, 0},
185	/*bytes_per_sector*/ {0, 0},
186	/*interleave*/ {0, 0},
187	/*track_skew*/ {0, 0},
188	/*cylinder_skew*/ {0, 0},
189	/*flags*/ 0,
190	/*reserved*/ {0, 0, 0}
191};
192
193static struct scsi_rigid_disk_page rigid_disk_page_default = {
194	/*page_code*/SMS_RIGID_DISK_PAGE,
195	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
196	/*cylinders*/ {0, 0, 0},
197	/*heads*/ CTL_DEFAULT_HEADS,
198	/*start_write_precomp*/ {0, 0, 0},
199	/*start_reduced_current*/ {0, 0, 0},
200	/*step_rate*/ {0, 0},
201	/*landing_zone_cylinder*/ {0, 0, 0},
202	/*rpl*/ SRDP_RPL_DISABLED,
203	/*rotational_offset*/ 0,
204	/*reserved1*/ 0,
205	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
206			   CTL_DEFAULT_ROTATION_RATE & 0xff},
207	/*reserved2*/ {0, 0}
208};
209
210static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
211	/*page_code*/SMS_RIGID_DISK_PAGE,
212	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
213	/*cylinders*/ {0, 0, 0},
214	/*heads*/ 0,
215	/*start_write_precomp*/ {0, 0, 0},
216	/*start_reduced_current*/ {0, 0, 0},
217	/*step_rate*/ {0, 0},
218	/*landing_zone_cylinder*/ {0, 0, 0},
219	/*rpl*/ 0,
220	/*rotational_offset*/ 0,
221	/*reserved1*/ 0,
222	/*rotation_rate*/ {0, 0},
223	/*reserved2*/ {0, 0}
224};
225
226static struct scsi_caching_page caching_page_default = {
227	/*page_code*/SMS_CACHING_PAGE,
228	/*page_length*/sizeof(struct scsi_caching_page) - 2,
229	/*flags1*/ SCP_DISC | SCP_WCE,
230	/*ret_priority*/ 0,
231	/*disable_pf_transfer_len*/ {0xff, 0xff},
232	/*min_prefetch*/ {0, 0},
233	/*max_prefetch*/ {0xff, 0xff},
234	/*max_pf_ceiling*/ {0xff, 0xff},
235	/*flags2*/ 0,
236	/*cache_segments*/ 0,
237	/*cache_seg_size*/ {0, 0},
238	/*reserved*/ 0,
239	/*non_cache_seg_size*/ {0, 0, 0}
240};
241
242static struct scsi_caching_page caching_page_changeable = {
243	/*page_code*/SMS_CACHING_PAGE,
244	/*page_length*/sizeof(struct scsi_caching_page) - 2,
245	/*flags1*/ SCP_WCE | SCP_RCD,
246	/*ret_priority*/ 0,
247	/*disable_pf_transfer_len*/ {0, 0},
248	/*min_prefetch*/ {0, 0},
249	/*max_prefetch*/ {0, 0},
250	/*max_pf_ceiling*/ {0, 0},
251	/*flags2*/ 0,
252	/*cache_segments*/ 0,
253	/*cache_seg_size*/ {0, 0},
254	/*reserved*/ 0,
255	/*non_cache_seg_size*/ {0, 0, 0}
256};
257
258static struct scsi_control_page control_page_default = {
259	/*page_code*/SMS_CONTROL_MODE_PAGE,
260	/*page_length*/sizeof(struct scsi_control_page) - 2,
261	/*rlec*/0,
262	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
263	/*eca_and_aen*/0,
264	/*flags4*/SCP_TAS,
265	/*aen_holdoff_period*/{0, 0},
266	/*busy_timeout_period*/{0, 0},
267	/*extended_selftest_completion_time*/{0, 0}
268};
269
270static struct scsi_control_page control_page_changeable = {
271	/*page_code*/SMS_CONTROL_MODE_PAGE,
272	/*page_length*/sizeof(struct scsi_control_page) - 2,
273	/*rlec*/SCP_DSENSE,
274	/*queue_flags*/SCP_QUEUE_ALG_MASK,
275	/*eca_and_aen*/SCP_SWP,
276	/*flags4*/0,
277	/*aen_holdoff_period*/{0, 0},
278	/*busy_timeout_period*/{0, 0},
279	/*extended_selftest_completion_time*/{0, 0}
280};
281
282static struct scsi_info_exceptions_page ie_page_default = {
283	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
284	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
285	/*info_flags*/SIEP_FLAGS_DEXCPT,
286	/*mrie*/0,
287	/*interval_timer*/{0, 0, 0, 0},
288	/*report_count*/{0, 0, 0, 0}
289};
290
291static struct scsi_info_exceptions_page ie_page_changeable = {
292	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
293	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
294	/*info_flags*/0,
295	/*mrie*/0,
296	/*interval_timer*/{0, 0, 0, 0},
297	/*report_count*/{0, 0, 0, 0}
298};
299
300static struct scsi_logical_block_provisioning_page lbp_page_default = {
301	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
302	/*subpage_code*/0x02,
303	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
304	/*flags*/0,
305	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
306	/*descr*/{}
307};
308
309static struct scsi_logical_block_provisioning_page lbp_page_changeable = {
310	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
311	/*subpage_code*/0x02,
312	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
313	/*flags*/0,
314	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
315	/*descr*/{}
316};
317
318/*
319 * XXX KDM move these into the softc.
320 */
321static int rcv_sync_msg;
322static int persis_offset;
323static uint8_t ctl_pause_rtr;
324static int     ctl_is_single = 1;
325
326SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
327static int worker_threads = -1;
328TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
329SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
330    &worker_threads, 1, "Number of worker threads");
331static int ctl_debug = CTL_DEBUG_NONE;
332TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
333SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
334    &ctl_debug, 0, "Enabled debug flags");
335
336/*
337 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
338 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
339 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
340 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
341 */
342#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
343
344static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
345				  int param);
346static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
347static int ctl_init(void);
348void ctl_shutdown(void);
349static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
350static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
351static void ctl_ioctl_online(void *arg);
352static void ctl_ioctl_offline(void *arg);
353static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
354static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
355static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
356static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
357static int ctl_ioctl_submit_wait(union ctl_io *io);
358static void ctl_ioctl_datamove(union ctl_io *io);
359static void ctl_ioctl_done(union ctl_io *io);
360static void ctl_ioctl_hard_startstop_callback(void *arg,
361					      struct cfi_metatask *metatask);
362static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
363static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
364			      struct ctl_ooa *ooa_hdr,
365			      struct ctl_ooa_entry *kern_entries);
366static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
367		     struct thread *td);
368static uint32_t ctl_map_lun(int port_num, uint32_t lun);
369static uint32_t ctl_map_lun_back(int port_num, uint32_t lun);
370#ifdef unused
371static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
372				   uint32_t targ_target, uint32_t targ_lun,
373				   int can_wait);
374static void ctl_kfree_io(union ctl_io *io);
375#endif /* unused */
376static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
377			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
378static int ctl_free_lun(struct ctl_lun *lun);
379static void ctl_create_lun(struct ctl_be_lun *be_lun);
380/**
381static void ctl_failover_change_pages(struct ctl_softc *softc,
382				      struct ctl_scsiio *ctsio, int master);
383**/
384
385static int ctl_do_mode_select(union ctl_io *io);
386static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
387			   uint64_t res_key, uint64_t sa_res_key,
388			   uint8_t type, uint32_t residx,
389			   struct ctl_scsiio *ctsio,
390			   struct scsi_per_res_out *cdb,
391			   struct scsi_per_res_out_parms* param);
392static void ctl_pro_preempt_other(struct ctl_lun *lun,
393				  union ctl_ha_msg *msg);
394static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
395static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
396static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
397static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
398static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
399static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
400static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
401					 int alloc_len);
402static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
403					 int alloc_len);
404static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
407static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
408static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
409static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
410static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
411    union ctl_io *pending_io, union ctl_io *ooa_io);
412static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
413				union ctl_io *starting_io);
414static int ctl_check_blocked(struct ctl_lun *lun);
415static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
416				struct ctl_lun *lun,
417				const struct ctl_cmd_entry *entry,
418				struct ctl_scsiio *ctsio);
419//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
420static void ctl_failover(void);
421static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
422			       struct ctl_scsiio *ctsio);
423static int ctl_scsiio(struct ctl_scsiio *ctsio);
424
425static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
426static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
427			    ctl_ua_type ua_type);
428static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
429			 ctl_ua_type ua_type);
430static int ctl_abort_task(union ctl_io *io);
431static int ctl_abort_task_set(union ctl_io *io);
432static int ctl_i_t_nexus_reset(union ctl_io *io);
433static void ctl_run_task(union ctl_io *io);
434#ifdef CTL_IO_DELAY
435static void ctl_datamove_timer_wakeup(void *arg);
436static void ctl_done_timer_wakeup(void *arg);
437#endif /* CTL_IO_DELAY */
438
439static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
440static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
441static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
442static void ctl_datamove_remote_write(union ctl_io *io);
443static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
444static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
445static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
446static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
447				    ctl_ha_dt_cb callback);
448static void ctl_datamove_remote_read(union ctl_io *io);
449static void ctl_datamove_remote(union ctl_io *io);
450static int ctl_process_done(union ctl_io *io);
451static void ctl_lun_thread(void *arg);
452static void ctl_work_thread(void *arg);
453static void ctl_enqueue_incoming(union ctl_io *io);
454static void ctl_enqueue_rtr(union ctl_io *io);
455static void ctl_enqueue_done(union ctl_io *io);
456static void ctl_enqueue_isc(union ctl_io *io);
457static const struct ctl_cmd_entry *
458    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
459static const struct ctl_cmd_entry *
460    ctl_validate_command(struct ctl_scsiio *ctsio);
461static int ctl_cmd_applicable(uint8_t lun_type,
462    const struct ctl_cmd_entry *entry);
463
464/*
465 * Load the serialization table.  This isn't very pretty, but is probably
466 * the easiest way to do it.
467 */
468#include "ctl_ser_table.c"
469
470/*
471 * We only need to define open, close and ioctl routines for this driver.
472 */
473static struct cdevsw ctl_cdevsw = {
474	.d_version =	D_VERSION,
475	.d_flags =	0,
476	.d_open =	ctl_open,
477	.d_close =	ctl_close,
478	.d_ioctl =	ctl_ioctl,
479	.d_name =	"ctl",
480};
481
482
483MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
484MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
485
486static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
487
488static moduledata_t ctl_moduledata = {
489	"ctl",
490	ctl_module_event_handler,
491	NULL
492};
493
494DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
495MODULE_VERSION(ctl, 1);
496
497static struct ctl_frontend ioctl_frontend =
498{
499	.name = "ioctl",
500};
501
502static void
503ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
504			    union ctl_ha_msg *msg_info)
505{
506	struct ctl_scsiio *ctsio;
507
508	if (msg_info->hdr.original_sc == NULL) {
509		printf("%s: original_sc == NULL!\n", __func__);
510		/* XXX KDM now what? */
511		return;
512	}
513
514	ctsio = &msg_info->hdr.original_sc->scsiio;
515	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
516	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
517	ctsio->io_hdr.status = msg_info->hdr.status;
518	ctsio->scsi_status = msg_info->scsi.scsi_status;
519	ctsio->sense_len = msg_info->scsi.sense_len;
520	ctsio->sense_residual = msg_info->scsi.sense_residual;
521	ctsio->residual = msg_info->scsi.residual;
522	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
523	       sizeof(ctsio->sense_data));
524	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
525	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
526	ctl_enqueue_isc((union ctl_io *)ctsio);
527}
528
529static void
530ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
531				union ctl_ha_msg *msg_info)
532{
533	struct ctl_scsiio *ctsio;
534
535	if (msg_info->hdr.serializing_sc == NULL) {
536		printf("%s: serializing_sc == NULL!\n", __func__);
537		/* XXX KDM now what? */
538		return;
539	}
540
541	ctsio = &msg_info->hdr.serializing_sc->scsiio;
542#if 0
543	/*
544	 * Attempt to catch the situation where an I/O has
545	 * been freed, and we're using it again.
546	 */
547	if (ctsio->io_hdr.io_type == 0xff) {
548		union ctl_io *tmp_io;
549		tmp_io = (union ctl_io *)ctsio;
550		printf("%s: %p use after free!\n", __func__,
551		       ctsio);
552		printf("%s: type %d msg %d cdb %x iptl: "
553		       "%d:%d:%d:%d tag 0x%04x "
554		       "flag %#x status %x\n",
555			__func__,
556			tmp_io->io_hdr.io_type,
557			tmp_io->io_hdr.msg_type,
558			tmp_io->scsiio.cdb[0],
559			tmp_io->io_hdr.nexus.initid.id,
560			tmp_io->io_hdr.nexus.targ_port,
561			tmp_io->io_hdr.nexus.targ_target.id,
562			tmp_io->io_hdr.nexus.targ_lun,
563			(tmp_io->io_hdr.io_type ==
564			CTL_IO_TASK) ?
565			tmp_io->taskio.tag_num :
566			tmp_io->scsiio.tag_num,
567		        tmp_io->io_hdr.flags,
568			tmp_io->io_hdr.status);
569	}
570#endif
571	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
572	ctl_enqueue_isc((union ctl_io *)ctsio);
573}
574
575/*
576 * ISC (Inter Shelf Communication) event handler.  Events from the HA
577 * subsystem come in here.
578 */
579static void
580ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
581{
582	struct ctl_softc *ctl_softc;
583	union ctl_io *io;
584	struct ctl_prio *presio;
585	ctl_ha_status isc_status;
586
587	ctl_softc = control_softc;
588	io = NULL;
589
590
591#if 0
592	printf("CTL: Isc Msg event %d\n", event);
593#endif
594	if (event == CTL_HA_EVT_MSG_RECV) {
595		union ctl_ha_msg msg_info;
596
597		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
598					     sizeof(msg_info), /*wait*/ 0);
599#if 0
600		printf("CTL: msg_type %d\n", msg_info.msg_type);
601#endif
602		if (isc_status != 0) {
603			printf("Error receiving message, status = %d\n",
604			       isc_status);
605			return;
606		}
607
608		switch (msg_info.hdr.msg_type) {
609		case CTL_MSG_SERIALIZE:
610#if 0
611			printf("Serialize\n");
612#endif
613			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
614			if (io == NULL) {
615				printf("ctl_isc_event_handler: can't allocate "
616				       "ctl_io!\n");
617				/* Bad Juju */
618				/* Need to set busy and send msg back */
619				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
620				msg_info.hdr.status = CTL_SCSI_ERROR;
621				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
622				msg_info.scsi.sense_len = 0;
623			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
624				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
625				}
626				goto bailout;
627			}
628			ctl_zero_io(io);
629			// populate ctsio from msg_info
630			io->io_hdr.io_type = CTL_IO_SCSI;
631			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
632			io->io_hdr.original_sc = msg_info.hdr.original_sc;
633#if 0
634			printf("pOrig %x\n", (int)msg_info.original_sc);
635#endif
636			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
637					    CTL_FLAG_IO_ACTIVE;
638			/*
639			 * If we're in serialization-only mode, we don't
640			 * want to go through full done processing.  Thus
641			 * the COPY flag.
642			 *
643			 * XXX KDM add another flag that is more specific.
644			 */
645			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
646				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
647			io->io_hdr.nexus = msg_info.hdr.nexus;
648#if 0
649			printf("targ %d, port %d, iid %d, lun %d\n",
650			       io->io_hdr.nexus.targ_target.id,
651			       io->io_hdr.nexus.targ_port,
652			       io->io_hdr.nexus.initid.id,
653			       io->io_hdr.nexus.targ_lun);
654#endif
655			io->scsiio.tag_num = msg_info.scsi.tag_num;
656			io->scsiio.tag_type = msg_info.scsi.tag_type;
657			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
658			       CTL_MAX_CDBLEN);
659			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
660				const struct ctl_cmd_entry *entry;
661
662				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
663				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
664				io->io_hdr.flags |=
665					entry->flags & CTL_FLAG_DATA_MASK;
666			}
667			ctl_enqueue_isc(io);
668			break;
669
670		/* Performed on the Originating SC, XFER mode only */
671		case CTL_MSG_DATAMOVE: {
672			struct ctl_sg_entry *sgl;
673			int i, j;
674
675			io = msg_info.hdr.original_sc;
676			if (io == NULL) {
677				printf("%s: original_sc == NULL!\n", __func__);
678				/* XXX KDM do something here */
679				break;
680			}
681			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
682			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
683			/*
684			 * Keep track of this, we need to send it back over
685			 * when the datamove is complete.
686			 */
687			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
688
689			if (msg_info.dt.sg_sequence == 0) {
690				/*
691				 * XXX KDM we use the preallocated S/G list
692				 * here, but we'll need to change this to
693				 * dynamic allocation if we need larger S/G
694				 * lists.
695				 */
696				if (msg_info.dt.kern_sg_entries >
697				    sizeof(io->io_hdr.remote_sglist) /
698				    sizeof(io->io_hdr.remote_sglist[0])) {
699					printf("%s: number of S/G entries "
700					    "needed %u > allocated num %zd\n",
701					    __func__,
702					    msg_info.dt.kern_sg_entries,
703					    sizeof(io->io_hdr.remote_sglist)/
704					    sizeof(io->io_hdr.remote_sglist[0]));
705
706					/*
707					 * XXX KDM send a message back to
708					 * the other side to shut down the
709					 * DMA.  The error will come back
710					 * through via the normal channel.
711					 */
712					break;
713				}
714				sgl = io->io_hdr.remote_sglist;
715				memset(sgl, 0,
716				       sizeof(io->io_hdr.remote_sglist));
717
718				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
719
720				io->scsiio.kern_sg_entries =
721					msg_info.dt.kern_sg_entries;
722				io->scsiio.rem_sg_entries =
723					msg_info.dt.kern_sg_entries;
724				io->scsiio.kern_data_len =
725					msg_info.dt.kern_data_len;
726				io->scsiio.kern_total_len =
727					msg_info.dt.kern_total_len;
728				io->scsiio.kern_data_resid =
729					msg_info.dt.kern_data_resid;
730				io->scsiio.kern_rel_offset =
731					msg_info.dt.kern_rel_offset;
732				/*
733				 * Clear out per-DMA flags.
734				 */
735				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
736				/*
737				 * Add per-DMA flags that are set for this
738				 * particular DMA request.
739				 */
740				io->io_hdr.flags |= msg_info.dt.flags &
741						    CTL_FLAG_RDMA_MASK;
742			} else
743				sgl = (struct ctl_sg_entry *)
744					io->scsiio.kern_data_ptr;
745
746			for (i = msg_info.dt.sent_sg_entries, j = 0;
747			     i < (msg_info.dt.sent_sg_entries +
748			     msg_info.dt.cur_sg_entries); i++, j++) {
749				sgl[i].addr = msg_info.dt.sg_list[j].addr;
750				sgl[i].len = msg_info.dt.sg_list[j].len;
751
752#if 0
753				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
754				       __func__,
755				       msg_info.dt.sg_list[j].addr,
756				       msg_info.dt.sg_list[j].len,
757				       sgl[i].addr, sgl[i].len, j, i);
758#endif
759			}
760#if 0
761			memcpy(&sgl[msg_info.dt.sent_sg_entries],
762			       msg_info.dt.sg_list,
763			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
764#endif
765
766			/*
767			 * If this is the last piece of the I/O, we've got
768			 * the full S/G list.  Queue processing in the thread.
769			 * Otherwise wait for the next piece.
770			 */
771			if (msg_info.dt.sg_last != 0)
772				ctl_enqueue_isc(io);
773			break;
774		}
775		/* Performed on the Serializing (primary) SC, XFER mode only */
776		case CTL_MSG_DATAMOVE_DONE: {
777			if (msg_info.hdr.serializing_sc == NULL) {
778				printf("%s: serializing_sc == NULL!\n",
779				       __func__);
780				/* XXX KDM now what? */
781				break;
782			}
783			/*
784			 * We grab the sense information here in case
785			 * there was a failure, so we can return status
786			 * back to the initiator.
787			 */
788			io = msg_info.hdr.serializing_sc;
789			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
790			io->io_hdr.status = msg_info.hdr.status;
791			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
792			io->scsiio.sense_len = msg_info.scsi.sense_len;
793			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
794			io->io_hdr.port_status = msg_info.scsi.fetd_status;
795			io->scsiio.residual = msg_info.scsi.residual;
796			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
797			       sizeof(io->scsiio.sense_data));
798			ctl_enqueue_isc(io);
799			break;
800		}
801
802		/* Preformed on Originating SC, SER_ONLY mode */
803		case CTL_MSG_R2R:
804			io = msg_info.hdr.original_sc;
805			if (io == NULL) {
806				printf("%s: Major Bummer\n", __func__);
807				return;
808			} else {
809#if 0
810				printf("pOrig %x\n",(int) ctsio);
811#endif
812			}
813			io->io_hdr.msg_type = CTL_MSG_R2R;
814			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
815			ctl_enqueue_isc(io);
816			break;
817
818		/*
819		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
820		 * mode.
821		 * Performed on the Originating (i.e. secondary) SC in XFER
822		 * mode
823		 */
824		case CTL_MSG_FINISH_IO:
825			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
826				ctl_isc_handler_finish_xfer(ctl_softc,
827							    &msg_info);
828			else
829				ctl_isc_handler_finish_ser_only(ctl_softc,
830								&msg_info);
831			break;
832
833		/* Preformed on Originating SC */
834		case CTL_MSG_BAD_JUJU:
835			io = msg_info.hdr.original_sc;
836			if (io == NULL) {
837				printf("%s: Bad JUJU!, original_sc is NULL!\n",
838				       __func__);
839				break;
840			}
841			ctl_copy_sense_data(&msg_info, io);
842			/*
843			 * IO should have already been cleaned up on other
844			 * SC so clear this flag so we won't send a message
845			 * back to finish the IO there.
846			 */
847			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
848			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
849
850			/* io = msg_info.hdr.serializing_sc; */
851			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
852			ctl_enqueue_isc(io);
853			break;
854
855		/* Handle resets sent from the other side */
856		case CTL_MSG_MANAGE_TASKS: {
857			struct ctl_taskio *taskio;
858			taskio = (struct ctl_taskio *)ctl_alloc_io(
859				(void *)ctl_softc->othersc_pool);
860			if (taskio == NULL) {
861				printf("ctl_isc_event_handler: can't allocate "
862				       "ctl_io!\n");
863				/* Bad Juju */
864				/* should I just call the proper reset func
865				   here??? */
866				goto bailout;
867			}
868			ctl_zero_io((union ctl_io *)taskio);
869			taskio->io_hdr.io_type = CTL_IO_TASK;
870			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
871			taskio->io_hdr.nexus = msg_info.hdr.nexus;
872			taskio->task_action = msg_info.task.task_action;
873			taskio->tag_num = msg_info.task.tag_num;
874			taskio->tag_type = msg_info.task.tag_type;
875#ifdef CTL_TIME_IO
876			taskio->io_hdr.start_time = time_uptime;
877			getbintime(&taskio->io_hdr.start_bt);
878#if 0
879			cs_prof_gettime(&taskio->io_hdr.start_ticks);
880#endif
881#endif /* CTL_TIME_IO */
882			ctl_run_task((union ctl_io *)taskio);
883			break;
884		}
885		/* Persistent Reserve action which needs attention */
886		case CTL_MSG_PERS_ACTION:
887			presio = (struct ctl_prio *)ctl_alloc_io(
888				(void *)ctl_softc->othersc_pool);
889			if (presio == NULL) {
890				printf("ctl_isc_event_handler: can't allocate "
891				       "ctl_io!\n");
892				/* Bad Juju */
893				/* Need to set busy and send msg back */
894				goto bailout;
895			}
896			ctl_zero_io((union ctl_io *)presio);
897			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
898			presio->pr_msg = msg_info.pr;
899			ctl_enqueue_isc((union ctl_io *)presio);
900			break;
901		case CTL_MSG_SYNC_FE:
902			rcv_sync_msg = 1;
903			break;
904		default:
905		        printf("How did I get here?\n");
906		}
907	} else if (event == CTL_HA_EVT_MSG_SENT) {
908		if (param != CTL_HA_STATUS_SUCCESS) {
909			printf("Bad status from ctl_ha_msg_send status %d\n",
910			       param);
911		}
912		return;
913	} else if (event == CTL_HA_EVT_DISCONNECT) {
914		printf("CTL: Got a disconnect from Isc\n");
915		return;
916	} else {
917		printf("ctl_isc_event_handler: Unknown event %d\n", event);
918		return;
919	}
920
921bailout:
922	return;
923}
924
925static void
926ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
927{
928	struct scsi_sense_data *sense;
929
930	sense = &dest->scsiio.sense_data;
931	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
932	dest->scsiio.scsi_status = src->scsi.scsi_status;
933	dest->scsiio.sense_len = src->scsi.sense_len;
934	dest->io_hdr.status = src->hdr.status;
935}
936
937static int
938ctl_init(void)
939{
940	struct ctl_softc *softc;
941	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
942	struct ctl_port *port;
943        uint8_t sc_id =0;
944	int i, error, retval;
945	//int isc_retval;
946
947	retval = 0;
948	ctl_pause_rtr = 0;
949        rcv_sync_msg = 0;
950
951	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
952			       M_WAITOK | M_ZERO);
953	softc = control_softc;
954
955	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
956			      "cam/ctl");
957
958	softc->dev->si_drv1 = softc;
959
960	/*
961	 * By default, return a "bad LUN" peripheral qualifier for unknown
962	 * LUNs.  The user can override this default using the tunable or
963	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
964	 */
965	softc->inquiry_pq_no_lun = 1;
966	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
967			  &softc->inquiry_pq_no_lun);
968	sysctl_ctx_init(&softc->sysctl_ctx);
969	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
970		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
971		CTLFLAG_RD, 0, "CAM Target Layer");
972
973	if (softc->sysctl_tree == NULL) {
974		printf("%s: unable to allocate sysctl tree\n", __func__);
975		destroy_dev(softc->dev);
976		free(control_softc, M_DEVBUF);
977		control_softc = NULL;
978		return (ENOMEM);
979	}
980
981	SYSCTL_ADD_INT(&softc->sysctl_ctx,
982		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
983		       "inquiry_pq_no_lun", CTLFLAG_RW,
984		       &softc->inquiry_pq_no_lun, 0,
985		       "Report no lun possible for invalid LUNs");
986
987	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
988	mtx_init(&softc->pool_lock, "CTL pool mutex", NULL, MTX_DEF);
989	softc->open_count = 0;
990
991	/*
992	 * Default to actually sending a SYNCHRONIZE CACHE command down to
993	 * the drive.
994	 */
995	softc->flags = CTL_FLAG_REAL_SYNC;
996
997	/*
998	 * In Copan's HA scheme, the "master" and "slave" roles are
999	 * figured out through the slot the controller is in.  Although it
1000	 * is an active/active system, someone has to be in charge.
1001 	 */
1002#ifdef NEEDTOPORT
1003        scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
1004#endif
1005
1006        if (sc_id == 0) {
1007		softc->flags |= CTL_FLAG_MASTER_SHELF;
1008		persis_offset = 0;
1009	} else
1010		persis_offset = CTL_MAX_INITIATORS;
1011
1012	/*
1013	 * XXX KDM need to figure out where we want to get our target ID
1014	 * and WWID.  Is it different on each port?
1015	 */
1016	softc->target.id = 0;
1017	softc->target.wwid[0] = 0x12345678;
1018	softc->target.wwid[1] = 0x87654321;
1019	STAILQ_INIT(&softc->lun_list);
1020	STAILQ_INIT(&softc->pending_lun_queue);
1021	STAILQ_INIT(&softc->fe_list);
1022	STAILQ_INIT(&softc->port_list);
1023	STAILQ_INIT(&softc->be_list);
1024	STAILQ_INIT(&softc->io_pools);
1025	ctl_tpc_init(softc);
1026
1027	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1028			    &internal_pool)!= 0){
1029		printf("ctl: can't allocate %d entry internal pool, "
1030		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1031		return (ENOMEM);
1032	}
1033
1034	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1035			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1036		printf("ctl: can't allocate %d entry emergency pool, "
1037		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1038		ctl_pool_free(internal_pool);
1039		return (ENOMEM);
1040	}
1041
1042	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1043	                    &other_pool) != 0)
1044	{
1045		printf("ctl: can't allocate %d entry other SC pool, "
1046		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1047		ctl_pool_free(internal_pool);
1048		ctl_pool_free(emergency_pool);
1049		return (ENOMEM);
1050	}
1051
1052	softc->internal_pool = internal_pool;
1053	softc->emergency_pool = emergency_pool;
1054	softc->othersc_pool = other_pool;
1055
1056	if (worker_threads <= 0)
1057		worker_threads = max(1, mp_ncpus / 4);
1058	if (worker_threads > CTL_MAX_THREADS)
1059		worker_threads = CTL_MAX_THREADS;
1060
1061	for (i = 0; i < worker_threads; i++) {
1062		struct ctl_thread *thr = &softc->threads[i];
1063
1064		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1065		thr->ctl_softc = softc;
1066		STAILQ_INIT(&thr->incoming_queue);
1067		STAILQ_INIT(&thr->rtr_queue);
1068		STAILQ_INIT(&thr->done_queue);
1069		STAILQ_INIT(&thr->isc_queue);
1070
1071		error = kproc_kthread_add(ctl_work_thread, thr,
1072		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1073		if (error != 0) {
1074			printf("error creating CTL work thread!\n");
1075			ctl_pool_free(internal_pool);
1076			ctl_pool_free(emergency_pool);
1077			ctl_pool_free(other_pool);
1078			return (error);
1079		}
1080	}
1081	error = kproc_kthread_add(ctl_lun_thread, softc,
1082	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1083	if (error != 0) {
1084		printf("error creating CTL lun thread!\n");
1085		ctl_pool_free(internal_pool);
1086		ctl_pool_free(emergency_pool);
1087		ctl_pool_free(other_pool);
1088		return (error);
1089	}
1090	if (bootverbose)
1091		printf("ctl: CAM Target Layer loaded\n");
1092
1093	/*
1094	 * Initialize the ioctl front end.
1095	 */
1096	ctl_frontend_register(&ioctl_frontend);
1097	port = &softc->ioctl_info.port;
1098	port->frontend = &ioctl_frontend;
1099	sprintf(softc->ioctl_info.port_name, "ioctl");
1100	port->port_type = CTL_PORT_IOCTL;
1101	port->num_requested_ctl_io = 100;
1102	port->port_name = softc->ioctl_info.port_name;
1103	port->port_online = ctl_ioctl_online;
1104	port->port_offline = ctl_ioctl_offline;
1105	port->onoff_arg = &softc->ioctl_info;
1106	port->lun_enable = ctl_ioctl_lun_enable;
1107	port->lun_disable = ctl_ioctl_lun_disable;
1108	port->targ_lun_arg = &softc->ioctl_info;
1109	port->fe_datamove = ctl_ioctl_datamove;
1110	port->fe_done = ctl_ioctl_done;
1111	port->max_targets = 15;
1112	port->max_target_id = 15;
1113
1114	if (ctl_port_register(&softc->ioctl_info.port,
1115	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1116		printf("ctl: ioctl front end registration failed, will "
1117		       "continue anyway\n");
1118	}
1119
1120#ifdef CTL_IO_DELAY
1121	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1122		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1123		       sizeof(struct callout), CTL_TIMER_BYTES);
1124		return (EINVAL);
1125	}
1126#endif /* CTL_IO_DELAY */
1127
1128	return (0);
1129}
1130
1131void
1132ctl_shutdown(void)
1133{
1134	struct ctl_softc *softc;
1135	struct ctl_lun *lun, *next_lun;
1136	struct ctl_io_pool *pool;
1137
1138	softc = (struct ctl_softc *)control_softc;
1139
1140	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1141		printf("ctl: ioctl front end deregistration failed\n");
1142
1143	mtx_lock(&softc->ctl_lock);
1144
1145	/*
1146	 * Free up each LUN.
1147	 */
1148	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1149		next_lun = STAILQ_NEXT(lun, links);
1150		ctl_free_lun(lun);
1151	}
1152
1153	mtx_unlock(&softc->ctl_lock);
1154
1155	ctl_frontend_deregister(&ioctl_frontend);
1156
1157	/*
1158	 * This will rip the rug out from under any FETDs or anyone else
1159	 * that has a pool allocated.  Since we increment our module
1160	 * refcount any time someone outside the main CTL module allocates
1161	 * a pool, we shouldn't have any problems here.  The user won't be
1162	 * able to unload the CTL module until client modules have
1163	 * successfully unloaded.
1164	 */
1165	while ((pool = STAILQ_FIRST(&softc->io_pools)) != NULL)
1166		ctl_pool_free(pool);
1167
1168#if 0
1169	ctl_shutdown_thread(softc->work_thread);
1170	mtx_destroy(&softc->queue_lock);
1171#endif
1172
1173	ctl_tpc_shutdown(softc);
1174	mtx_destroy(&softc->pool_lock);
1175	mtx_destroy(&softc->ctl_lock);
1176
1177	destroy_dev(softc->dev);
1178
1179	sysctl_ctx_free(&softc->sysctl_ctx);
1180
1181	free(control_softc, M_DEVBUF);
1182	control_softc = NULL;
1183
1184	if (bootverbose)
1185		printf("ctl: CAM Target Layer unloaded\n");
1186}
1187
1188static int
1189ctl_module_event_handler(module_t mod, int what, void *arg)
1190{
1191
1192	switch (what) {
1193	case MOD_LOAD:
1194		return (ctl_init());
1195	case MOD_UNLOAD:
1196		return (EBUSY);
1197	default:
1198		return (EOPNOTSUPP);
1199	}
1200}
1201
1202/*
1203 * XXX KDM should we do some access checks here?  Bump a reference count to
1204 * prevent a CTL module from being unloaded while someone has it open?
1205 */
1206static int
1207ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1208{
1209	return (0);
1210}
1211
1212static int
1213ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1214{
1215	return (0);
1216}
1217
1218int
1219ctl_port_enable(ctl_port_type port_type)
1220{
1221	struct ctl_softc *softc;
1222	struct ctl_port *port;
1223
1224	if (ctl_is_single == 0) {
1225		union ctl_ha_msg msg_info;
1226		int isc_retval;
1227
1228#if 0
1229		printf("%s: HA mode, synchronizing frontend enable\n",
1230		        __func__);
1231#endif
1232		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1233	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1234		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1235			printf("Sync msg send error retval %d\n", isc_retval);
1236		}
1237		if (!rcv_sync_msg) {
1238			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1239			        sizeof(msg_info), 1);
1240		}
1241#if 0
1242        	printf("CTL:Frontend Enable\n");
1243	} else {
1244		printf("%s: single mode, skipping frontend synchronization\n",
1245		        __func__);
1246#endif
1247	}
1248
1249	softc = control_softc;
1250
1251	STAILQ_FOREACH(port, &softc->port_list, links) {
1252		if (port_type & port->port_type)
1253		{
1254#if 0
1255			printf("port %d\n", port->targ_port);
1256#endif
1257			ctl_port_online(port);
1258		}
1259	}
1260
1261	return (0);
1262}
1263
1264int
1265ctl_port_disable(ctl_port_type port_type)
1266{
1267	struct ctl_softc *softc;
1268	struct ctl_port *port;
1269
1270	softc = control_softc;
1271
1272	STAILQ_FOREACH(port, &softc->port_list, links) {
1273		if (port_type & port->port_type)
1274			ctl_port_offline(port);
1275	}
1276
1277	return (0);
1278}
1279
1280/*
1281 * Returns 0 for success, 1 for failure.
1282 * Currently the only failure mode is if there aren't enough entries
1283 * allocated.  So, in case of a failure, look at num_entries_dropped,
1284 * reallocate and try again.
1285 */
1286int
1287ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1288	      int *num_entries_filled, int *num_entries_dropped,
1289	      ctl_port_type port_type, int no_virtual)
1290{
1291	struct ctl_softc *softc;
1292	struct ctl_port *port;
1293	int entries_dropped, entries_filled;
1294	int retval;
1295	int i;
1296
1297	softc = control_softc;
1298
1299	retval = 0;
1300	entries_filled = 0;
1301	entries_dropped = 0;
1302
1303	i = 0;
1304	mtx_lock(&softc->ctl_lock);
1305	STAILQ_FOREACH(port, &softc->port_list, links) {
1306		struct ctl_port_entry *entry;
1307
1308		if ((port->port_type & port_type) == 0)
1309			continue;
1310
1311		if ((no_virtual != 0)
1312		 && (port->virtual_port != 0))
1313			continue;
1314
1315		if (entries_filled >= num_entries_alloced) {
1316			entries_dropped++;
1317			continue;
1318		}
1319		entry = &entries[i];
1320
1321		entry->port_type = port->port_type;
1322		strlcpy(entry->port_name, port->port_name,
1323			sizeof(entry->port_name));
1324		entry->physical_port = port->physical_port;
1325		entry->virtual_port = port->virtual_port;
1326		entry->wwnn = port->wwnn;
1327		entry->wwpn = port->wwpn;
1328
1329		i++;
1330		entries_filled++;
1331	}
1332
1333	mtx_unlock(&softc->ctl_lock);
1334
1335	if (entries_dropped > 0)
1336		retval = 1;
1337
1338	*num_entries_dropped = entries_dropped;
1339	*num_entries_filled = entries_filled;
1340
1341	return (retval);
1342}
1343
1344static void
1345ctl_ioctl_online(void *arg)
1346{
1347	struct ctl_ioctl_info *ioctl_info;
1348
1349	ioctl_info = (struct ctl_ioctl_info *)arg;
1350
1351	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1352}
1353
1354static void
1355ctl_ioctl_offline(void *arg)
1356{
1357	struct ctl_ioctl_info *ioctl_info;
1358
1359	ioctl_info = (struct ctl_ioctl_info *)arg;
1360
1361	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1362}
1363
1364/*
1365 * Remove an initiator by port number and initiator ID.
1366 * Returns 0 for success, -1 for failure.
1367 */
1368int
1369ctl_remove_initiator(struct ctl_port *port, int iid)
1370{
1371	struct ctl_softc *softc = control_softc;
1372
1373	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1374
1375	if (iid > CTL_MAX_INIT_PER_PORT) {
1376		printf("%s: initiator ID %u > maximun %u!\n",
1377		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1378		return (-1);
1379	}
1380
1381	mtx_lock(&softc->ctl_lock);
1382	port->wwpn_iid[iid].in_use--;
1383	port->wwpn_iid[iid].last_use = time_uptime;
1384	mtx_unlock(&softc->ctl_lock);
1385
1386	return (0);
1387}
1388
1389/*
1390 * Add an initiator to the initiator map.
1391 * Returns iid for success, < 0 for failure.
1392 */
1393int
1394ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1395{
1396	struct ctl_softc *softc = control_softc;
1397	time_t best_time;
1398	int i, best;
1399
1400	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1401
1402	if (iid >= CTL_MAX_INIT_PER_PORT) {
1403		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1404		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1405		free(name, M_CTL);
1406		return (-1);
1407	}
1408
1409	mtx_lock(&softc->ctl_lock);
1410
1411	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1412		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1413			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1414				iid = i;
1415				break;
1416			}
1417			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1418			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1419				iid = i;
1420				break;
1421			}
1422		}
1423	}
1424
1425	if (iid < 0) {
1426		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1427			if (port->wwpn_iid[i].in_use == 0 &&
1428			    port->wwpn_iid[i].wwpn == 0 &&
1429			    port->wwpn_iid[i].name == NULL) {
1430				iid = i;
1431				break;
1432			}
1433		}
1434	}
1435
1436	if (iid < 0) {
1437		best = -1;
1438		best_time = INT32_MAX;
1439		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1440			if (port->wwpn_iid[i].in_use == 0) {
1441				if (port->wwpn_iid[i].last_use < best_time) {
1442					best = i;
1443					best_time = port->wwpn_iid[i].last_use;
1444				}
1445			}
1446		}
1447		iid = best;
1448	}
1449
1450	if (iid < 0) {
1451		mtx_unlock(&softc->ctl_lock);
1452		free(name, M_CTL);
1453		return (-2);
1454	}
1455
1456	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1457		/*
1458		 * This is not an error yet.
1459		 */
1460		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1461#if 0
1462			printf("%s: port %d iid %u WWPN %#jx arrived"
1463			    " again\n", __func__, port->targ_port,
1464			    iid, (uintmax_t)wwpn);
1465#endif
1466			goto take;
1467		}
1468		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1469		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1470#if 0
1471			printf("%s: port %d iid %u name '%s' arrived"
1472			    " again\n", __func__, port->targ_port,
1473			    iid, name);
1474#endif
1475			goto take;
1476		}
1477
1478		/*
1479		 * This is an error, but what do we do about it?  The
1480		 * driver is telling us we have a new WWPN for this
1481		 * initiator ID, so we pretty much need to use it.
1482		 */
1483		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1484		    " but WWPN %#jx '%s' is still at that address\n",
1485		    __func__, port->targ_port, iid, wwpn, name,
1486		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1487		    port->wwpn_iid[iid].name);
1488
1489		/*
1490		 * XXX KDM clear have_ca and ua_pending on each LUN for
1491		 * this initiator.
1492		 */
1493	}
1494take:
1495	free(port->wwpn_iid[iid].name, M_CTL);
1496	port->wwpn_iid[iid].name = name;
1497	port->wwpn_iid[iid].wwpn = wwpn;
1498	port->wwpn_iid[iid].in_use++;
1499	mtx_unlock(&softc->ctl_lock);
1500
1501	return (iid);
1502}
1503
1504static int
1505ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1506{
1507	int len;
1508
1509	switch (port->port_type) {
1510	case CTL_PORT_FC:
1511	{
1512		struct scsi_transportid_fcp *id =
1513		    (struct scsi_transportid_fcp *)buf;
1514		if (port->wwpn_iid[iid].wwpn == 0)
1515			return (0);
1516		memset(id, 0, sizeof(*id));
1517		id->format_protocol = SCSI_PROTO_FC;
1518		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1519		return (sizeof(*id));
1520	}
1521	case CTL_PORT_ISCSI:
1522	{
1523		struct scsi_transportid_iscsi_port *id =
1524		    (struct scsi_transportid_iscsi_port *)buf;
1525		if (port->wwpn_iid[iid].name == NULL)
1526			return (0);
1527		memset(id, 0, 256);
1528		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1529		    SCSI_PROTO_ISCSI;
1530		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1531		len = roundup2(min(len, 252), 4);
1532		scsi_ulto2b(len, id->additional_length);
1533		return (sizeof(*id) + len);
1534	}
1535	case CTL_PORT_SAS:
1536	{
1537		struct scsi_transportid_sas *id =
1538		    (struct scsi_transportid_sas *)buf;
1539		if (port->wwpn_iid[iid].wwpn == 0)
1540			return (0);
1541		memset(id, 0, sizeof(*id));
1542		id->format_protocol = SCSI_PROTO_SAS;
1543		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1544		return (sizeof(*id));
1545	}
1546	default:
1547	{
1548		struct scsi_transportid_spi *id =
1549		    (struct scsi_transportid_spi *)buf;
1550		memset(id, 0, sizeof(*id));
1551		id->format_protocol = SCSI_PROTO_SPI;
1552		scsi_ulto2b(iid, id->scsi_addr);
1553		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1554		return (sizeof(*id));
1555	}
1556	}
1557}
1558
1559static int
1560ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1561{
1562	return (0);
1563}
1564
1565static int
1566ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1567{
1568	return (0);
1569}
1570
1571/*
1572 * Data movement routine for the CTL ioctl frontend port.
1573 */
1574static int
1575ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1576{
1577	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1578	struct ctl_sg_entry ext_entry, kern_entry;
1579	int ext_sglen, ext_sg_entries, kern_sg_entries;
1580	int ext_sg_start, ext_offset;
1581	int len_to_copy, len_copied;
1582	int kern_watermark, ext_watermark;
1583	int ext_sglist_malloced;
1584	int i, j;
1585
1586	ext_sglist_malloced = 0;
1587	ext_sg_start = 0;
1588	ext_offset = 0;
1589
1590	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1591
1592	/*
1593	 * If this flag is set, fake the data transfer.
1594	 */
1595	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1596		ctsio->ext_data_filled = ctsio->ext_data_len;
1597		goto bailout;
1598	}
1599
1600	/*
1601	 * To simplify things here, if we have a single buffer, stick it in
1602	 * a S/G entry and just make it a single entry S/G list.
1603	 */
1604	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1605		int len_seen;
1606
1607		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1608
1609		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1610							   M_WAITOK);
1611		ext_sglist_malloced = 1;
1612		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1613				   ext_sglen) != 0) {
1614			ctl_set_internal_failure(ctsio,
1615						 /*sks_valid*/ 0,
1616						 /*retry_count*/ 0);
1617			goto bailout;
1618		}
1619		ext_sg_entries = ctsio->ext_sg_entries;
1620		len_seen = 0;
1621		for (i = 0; i < ext_sg_entries; i++) {
1622			if ((len_seen + ext_sglist[i].len) >=
1623			     ctsio->ext_data_filled) {
1624				ext_sg_start = i;
1625				ext_offset = ctsio->ext_data_filled - len_seen;
1626				break;
1627			}
1628			len_seen += ext_sglist[i].len;
1629		}
1630	} else {
1631		ext_sglist = &ext_entry;
1632		ext_sglist->addr = ctsio->ext_data_ptr;
1633		ext_sglist->len = ctsio->ext_data_len;
1634		ext_sg_entries = 1;
1635		ext_sg_start = 0;
1636		ext_offset = ctsio->ext_data_filled;
1637	}
1638
1639	if (ctsio->kern_sg_entries > 0) {
1640		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1641		kern_sg_entries = ctsio->kern_sg_entries;
1642	} else {
1643		kern_sglist = &kern_entry;
1644		kern_sglist->addr = ctsio->kern_data_ptr;
1645		kern_sglist->len = ctsio->kern_data_len;
1646		kern_sg_entries = 1;
1647	}
1648
1649
1650	kern_watermark = 0;
1651	ext_watermark = ext_offset;
1652	len_copied = 0;
1653	for (i = ext_sg_start, j = 0;
1654	     i < ext_sg_entries && j < kern_sg_entries;) {
1655		uint8_t *ext_ptr, *kern_ptr;
1656
1657		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1658				      kern_sglist[j].len - kern_watermark);
1659
1660		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1661		ext_ptr = ext_ptr + ext_watermark;
1662		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1663			/*
1664			 * XXX KDM fix this!
1665			 */
1666			panic("need to implement bus address support");
1667#if 0
1668			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1669#endif
1670		} else
1671			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1672		kern_ptr = kern_ptr + kern_watermark;
1673
1674		kern_watermark += len_to_copy;
1675		ext_watermark += len_to_copy;
1676
1677		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1678		     CTL_FLAG_DATA_IN) {
1679			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1680					 "bytes to user\n", len_to_copy));
1681			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1682					 "to %p\n", kern_ptr, ext_ptr));
1683			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1684				ctl_set_internal_failure(ctsio,
1685							 /*sks_valid*/ 0,
1686							 /*retry_count*/ 0);
1687				goto bailout;
1688			}
1689		} else {
1690			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1691					 "bytes from user\n", len_to_copy));
1692			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1693					 "to %p\n", ext_ptr, kern_ptr));
1694			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1695				ctl_set_internal_failure(ctsio,
1696							 /*sks_valid*/ 0,
1697							 /*retry_count*/0);
1698				goto bailout;
1699			}
1700		}
1701
1702		len_copied += len_to_copy;
1703
1704		if (ext_sglist[i].len == ext_watermark) {
1705			i++;
1706			ext_watermark = 0;
1707		}
1708
1709		if (kern_sglist[j].len == kern_watermark) {
1710			j++;
1711			kern_watermark = 0;
1712		}
1713	}
1714
1715	ctsio->ext_data_filled += len_copied;
1716
1717	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1718			 "kern_sg_entries: %d\n", ext_sg_entries,
1719			 kern_sg_entries));
1720	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1721			 "kern_data_len = %d\n", ctsio->ext_data_len,
1722			 ctsio->kern_data_len));
1723
1724
1725	/* XXX KDM set residual?? */
1726bailout:
1727
1728	if (ext_sglist_malloced != 0)
1729		free(ext_sglist, M_CTL);
1730
1731	return (CTL_RETVAL_COMPLETE);
1732}
1733
1734/*
1735 * Serialize a command that went down the "wrong" side, and so was sent to
1736 * this controller for execution.  The logic is a little different than the
1737 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1738 * sent back to the other side, but in the success case, we execute the
1739 * command on this side (XFER mode) or tell the other side to execute it
1740 * (SER_ONLY mode).
1741 */
1742static int
1743ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1744{
1745	struct ctl_softc *ctl_softc;
1746	union ctl_ha_msg msg_info;
1747	struct ctl_lun *lun;
1748	int retval = 0;
1749	uint32_t targ_lun;
1750
1751	ctl_softc = control_softc;
1752
1753	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1754	lun = ctl_softc->ctl_luns[targ_lun];
1755	if (lun==NULL)
1756	{
1757		/*
1758		 * Why isn't LUN defined? The other side wouldn't
1759		 * send a cmd if the LUN is undefined.
1760		 */
1761		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1762
1763		/* "Logical unit not supported" */
1764		ctl_set_sense_data(&msg_info.scsi.sense_data,
1765				   lun,
1766				   /*sense_format*/SSD_TYPE_NONE,
1767				   /*current_error*/ 1,
1768				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1769				   /*asc*/ 0x25,
1770				   /*ascq*/ 0x00,
1771				   SSD_ELEM_NONE);
1772
1773		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1774		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1775		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1776		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1777		msg_info.hdr.serializing_sc = NULL;
1778		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1779	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1780				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1781		}
1782		return(1);
1783
1784	}
1785
1786	mtx_lock(&lun->lun_lock);
1787    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1788
1789	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1790		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1791		 ooa_links))) {
1792	case CTL_ACTION_BLOCK:
1793		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1794		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1795				  blocked_links);
1796		break;
1797	case CTL_ACTION_PASS:
1798	case CTL_ACTION_SKIP:
1799		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1800			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1801			ctl_enqueue_rtr((union ctl_io *)ctsio);
1802		} else {
1803
1804			/* send msg back to other side */
1805			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1806			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1807			msg_info.hdr.msg_type = CTL_MSG_R2R;
1808#if 0
1809			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1810#endif
1811		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1812			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1813			}
1814		}
1815		break;
1816	case CTL_ACTION_OVERLAP:
1817		/* OVERLAPPED COMMANDS ATTEMPTED */
1818		ctl_set_sense_data(&msg_info.scsi.sense_data,
1819				   lun,
1820				   /*sense_format*/SSD_TYPE_NONE,
1821				   /*current_error*/ 1,
1822				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1823				   /*asc*/ 0x4E,
1824				   /*ascq*/ 0x00,
1825				   SSD_ELEM_NONE);
1826
1827		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1828		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1829		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1830		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1831		msg_info.hdr.serializing_sc = NULL;
1832		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1833#if 0
1834		printf("BAD JUJU:Major Bummer Overlap\n");
1835#endif
1836		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1837		retval = 1;
1838		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1839		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1840		}
1841		break;
1842	case CTL_ACTION_OVERLAP_TAG:
1843		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1844		ctl_set_sense_data(&msg_info.scsi.sense_data,
1845				   lun,
1846				   /*sense_format*/SSD_TYPE_NONE,
1847				   /*current_error*/ 1,
1848				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1849				   /*asc*/ 0x4D,
1850				   /*ascq*/ ctsio->tag_num & 0xff,
1851				   SSD_ELEM_NONE);
1852
1853		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1854		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1855		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1856		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1857		msg_info.hdr.serializing_sc = NULL;
1858		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1859#if 0
1860		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1861#endif
1862		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1863		retval = 1;
1864		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1865		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1866		}
1867		break;
1868	case CTL_ACTION_ERROR:
1869	default:
1870		/* "Internal target failure" */
1871		ctl_set_sense_data(&msg_info.scsi.sense_data,
1872				   lun,
1873				   /*sense_format*/SSD_TYPE_NONE,
1874				   /*current_error*/ 1,
1875				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1876				   /*asc*/ 0x44,
1877				   /*ascq*/ 0x00,
1878				   SSD_ELEM_NONE);
1879
1880		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1881		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1882		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1883		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1884		msg_info.hdr.serializing_sc = NULL;
1885		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1886#if 0
1887		printf("BAD JUJU:Major Bummer HW Error\n");
1888#endif
1889		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1890		retval = 1;
1891		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1892		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1893		}
1894		break;
1895	}
1896	mtx_unlock(&lun->lun_lock);
1897	return (retval);
1898}
1899
1900static int
1901ctl_ioctl_submit_wait(union ctl_io *io)
1902{
1903	struct ctl_fe_ioctl_params params;
1904	ctl_fe_ioctl_state last_state;
1905	int done, retval;
1906
1907	retval = 0;
1908
1909	bzero(&params, sizeof(params));
1910
1911	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1912	cv_init(&params.sem, "ctlioccv");
1913	params.state = CTL_IOCTL_INPROG;
1914	last_state = params.state;
1915
1916	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1917
1918	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1919
1920	/* This shouldn't happen */
1921	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1922		return (retval);
1923
1924	done = 0;
1925
1926	do {
1927		mtx_lock(&params.ioctl_mtx);
1928		/*
1929		 * Check the state here, and don't sleep if the state has
1930		 * already changed (i.e. wakeup has already occured, but we
1931		 * weren't waiting yet).
1932		 */
1933		if (params.state == last_state) {
1934			/* XXX KDM cv_wait_sig instead? */
1935			cv_wait(&params.sem, &params.ioctl_mtx);
1936		}
1937		last_state = params.state;
1938
1939		switch (params.state) {
1940		case CTL_IOCTL_INPROG:
1941			/* Why did we wake up? */
1942			/* XXX KDM error here? */
1943			mtx_unlock(&params.ioctl_mtx);
1944			break;
1945		case CTL_IOCTL_DATAMOVE:
1946			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
1947
1948			/*
1949			 * change last_state back to INPROG to avoid
1950			 * deadlock on subsequent data moves.
1951			 */
1952			params.state = last_state = CTL_IOCTL_INPROG;
1953
1954			mtx_unlock(&params.ioctl_mtx);
1955			ctl_ioctl_do_datamove(&io->scsiio);
1956			/*
1957			 * Note that in some cases, most notably writes,
1958			 * this will queue the I/O and call us back later.
1959			 * In other cases, generally reads, this routine
1960			 * will immediately call back and wake us up,
1961			 * probably using our own context.
1962			 */
1963			io->scsiio.be_move_done(io);
1964			break;
1965		case CTL_IOCTL_DONE:
1966			mtx_unlock(&params.ioctl_mtx);
1967			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
1968			done = 1;
1969			break;
1970		default:
1971			mtx_unlock(&params.ioctl_mtx);
1972			/* XXX KDM error here? */
1973			break;
1974		}
1975	} while (done == 0);
1976
1977	mtx_destroy(&params.ioctl_mtx);
1978	cv_destroy(&params.sem);
1979
1980	return (CTL_RETVAL_COMPLETE);
1981}
1982
1983static void
1984ctl_ioctl_datamove(union ctl_io *io)
1985{
1986	struct ctl_fe_ioctl_params *params;
1987
1988	params = (struct ctl_fe_ioctl_params *)
1989		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1990
1991	mtx_lock(&params->ioctl_mtx);
1992	params->state = CTL_IOCTL_DATAMOVE;
1993	cv_broadcast(&params->sem);
1994	mtx_unlock(&params->ioctl_mtx);
1995}
1996
1997static void
1998ctl_ioctl_done(union ctl_io *io)
1999{
2000	struct ctl_fe_ioctl_params *params;
2001
2002	params = (struct ctl_fe_ioctl_params *)
2003		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2004
2005	mtx_lock(&params->ioctl_mtx);
2006	params->state = CTL_IOCTL_DONE;
2007	cv_broadcast(&params->sem);
2008	mtx_unlock(&params->ioctl_mtx);
2009}
2010
2011static void
2012ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
2013{
2014	struct ctl_fe_ioctl_startstop_info *sd_info;
2015
2016	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
2017
2018	sd_info->hs_info.status = metatask->status;
2019	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
2020	sd_info->hs_info.luns_complete =
2021		metatask->taskinfo.startstop.luns_complete;
2022	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
2023
2024	cv_broadcast(&sd_info->sem);
2025}
2026
2027static void
2028ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
2029{
2030	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
2031
2032	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
2033
2034	mtx_lock(fe_bbr_info->lock);
2035	fe_bbr_info->bbr_info->status = metatask->status;
2036	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2037	fe_bbr_info->wakeup_done = 1;
2038	mtx_unlock(fe_bbr_info->lock);
2039
2040	cv_broadcast(&fe_bbr_info->sem);
2041}
2042
2043/*
2044 * Returns 0 for success, errno for failure.
2045 */
2046static int
2047ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2048		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2049{
2050	union ctl_io *io;
2051	int retval;
2052
2053	retval = 0;
2054
2055	mtx_lock(&lun->lun_lock);
2056	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2057	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2058	     ooa_links)) {
2059		struct ctl_ooa_entry *entry;
2060
2061		/*
2062		 * If we've got more than we can fit, just count the
2063		 * remaining entries.
2064		 */
2065		if (*cur_fill_num >= ooa_hdr->alloc_num)
2066			continue;
2067
2068		entry = &kern_entries[*cur_fill_num];
2069
2070		entry->tag_num = io->scsiio.tag_num;
2071		entry->lun_num = lun->lun;
2072#ifdef CTL_TIME_IO
2073		entry->start_bt = io->io_hdr.start_bt;
2074#endif
2075		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2076		entry->cdb_len = io->scsiio.cdb_len;
2077		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2078			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2079
2080		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2081			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2082
2083		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2084			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2085
2086		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2087			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2088
2089		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2090			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2091	}
2092	mtx_unlock(&lun->lun_lock);
2093
2094	return (retval);
2095}
2096
2097static void *
2098ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2099		 size_t error_str_len)
2100{
2101	void *kptr;
2102
2103	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2104
2105	if (copyin(user_addr, kptr, len) != 0) {
2106		snprintf(error_str, error_str_len, "Error copying %d bytes "
2107			 "from user address %p to kernel address %p", len,
2108			 user_addr, kptr);
2109		free(kptr, M_CTL);
2110		return (NULL);
2111	}
2112
2113	return (kptr);
2114}
2115
2116static void
2117ctl_free_args(int num_args, struct ctl_be_arg *args)
2118{
2119	int i;
2120
2121	if (args == NULL)
2122		return;
2123
2124	for (i = 0; i < num_args; i++) {
2125		free(args[i].kname, M_CTL);
2126		free(args[i].kvalue, M_CTL);
2127	}
2128
2129	free(args, M_CTL);
2130}
2131
2132static struct ctl_be_arg *
2133ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2134		char *error_str, size_t error_str_len)
2135{
2136	struct ctl_be_arg *args;
2137	int i;
2138
2139	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2140				error_str, error_str_len);
2141
2142	if (args == NULL)
2143		goto bailout;
2144
2145	for (i = 0; i < num_args; i++) {
2146		args[i].kname = NULL;
2147		args[i].kvalue = NULL;
2148	}
2149
2150	for (i = 0; i < num_args; i++) {
2151		uint8_t *tmpptr;
2152
2153		args[i].kname = ctl_copyin_alloc(args[i].name,
2154			args[i].namelen, error_str, error_str_len);
2155		if (args[i].kname == NULL)
2156			goto bailout;
2157
2158		if (args[i].kname[args[i].namelen - 1] != '\0') {
2159			snprintf(error_str, error_str_len, "Argument %d "
2160				 "name is not NUL-terminated", i);
2161			goto bailout;
2162		}
2163
2164		if (args[i].flags & CTL_BEARG_RD) {
2165			tmpptr = ctl_copyin_alloc(args[i].value,
2166				args[i].vallen, error_str, error_str_len);
2167			if (tmpptr == NULL)
2168				goto bailout;
2169			if ((args[i].flags & CTL_BEARG_ASCII)
2170			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2171				snprintf(error_str, error_str_len, "Argument "
2172				    "%d value is not NUL-terminated", i);
2173				goto bailout;
2174			}
2175			args[i].kvalue = tmpptr;
2176		} else {
2177			args[i].kvalue = malloc(args[i].vallen,
2178			    M_CTL, M_WAITOK | M_ZERO);
2179		}
2180	}
2181
2182	return (args);
2183bailout:
2184
2185	ctl_free_args(num_args, args);
2186
2187	return (NULL);
2188}
2189
2190static void
2191ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2192{
2193	int i;
2194
2195	for (i = 0; i < num_args; i++) {
2196		if (args[i].flags & CTL_BEARG_WR)
2197			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2198	}
2199}
2200
2201/*
2202 * Escape characters that are illegal or not recommended in XML.
2203 */
2204int
2205ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2206{
2207	char *end = str + size;
2208	int retval;
2209
2210	retval = 0;
2211
2212	for (; *str && str < end; str++) {
2213		switch (*str) {
2214		case '&':
2215			retval = sbuf_printf(sb, "&amp;");
2216			break;
2217		case '>':
2218			retval = sbuf_printf(sb, "&gt;");
2219			break;
2220		case '<':
2221			retval = sbuf_printf(sb, "&lt;");
2222			break;
2223		default:
2224			retval = sbuf_putc(sb, *str);
2225			break;
2226		}
2227
2228		if (retval != 0)
2229			break;
2230
2231	}
2232
2233	return (retval);
2234}
2235
2236static void
2237ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2238{
2239	struct scsi_vpd_id_descriptor *desc;
2240	int i;
2241
2242	if (id == NULL || id->len < 4)
2243		return;
2244	desc = (struct scsi_vpd_id_descriptor *)id->data;
2245	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2246	case SVPD_ID_TYPE_T10:
2247		sbuf_printf(sb, "t10.");
2248		break;
2249	case SVPD_ID_TYPE_EUI64:
2250		sbuf_printf(sb, "eui.");
2251		break;
2252	case SVPD_ID_TYPE_NAA:
2253		sbuf_printf(sb, "naa.");
2254		break;
2255	case SVPD_ID_TYPE_SCSI_NAME:
2256		break;
2257	}
2258	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2259	case SVPD_ID_CODESET_BINARY:
2260		for (i = 0; i < desc->length; i++)
2261			sbuf_printf(sb, "%02x", desc->identifier[i]);
2262		break;
2263	case SVPD_ID_CODESET_ASCII:
2264		sbuf_printf(sb, "%.*s", (int)desc->length,
2265		    (char *)desc->identifier);
2266		break;
2267	case SVPD_ID_CODESET_UTF8:
2268		sbuf_printf(sb, "%s", (char *)desc->identifier);
2269		break;
2270	}
2271}
2272
2273static int
2274ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2275	  struct thread *td)
2276{
2277	struct ctl_softc *softc;
2278	int retval;
2279
2280	softc = control_softc;
2281
2282	retval = 0;
2283
2284	switch (cmd) {
2285	case CTL_IO: {
2286		union ctl_io *io;
2287		void *pool_tmp;
2288
2289		/*
2290		 * If we haven't been "enabled", don't allow any SCSI I/O
2291		 * to this FETD.
2292		 */
2293		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2294			retval = EPERM;
2295			break;
2296		}
2297
2298		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2299		if (io == NULL) {
2300			printf("ctl_ioctl: can't allocate ctl_io!\n");
2301			retval = ENOSPC;
2302			break;
2303		}
2304
2305		/*
2306		 * Need to save the pool reference so it doesn't get
2307		 * spammed by the user's ctl_io.
2308		 */
2309		pool_tmp = io->io_hdr.pool;
2310
2311		memcpy(io, (void *)addr, sizeof(*io));
2312
2313		io->io_hdr.pool = pool_tmp;
2314		/*
2315		 * No status yet, so make sure the status is set properly.
2316		 */
2317		io->io_hdr.status = CTL_STATUS_NONE;
2318
2319		/*
2320		 * The user sets the initiator ID, target and LUN IDs.
2321		 */
2322		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2323		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2324		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2325		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2326			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2327
2328		retval = ctl_ioctl_submit_wait(io);
2329
2330		if (retval != 0) {
2331			ctl_free_io(io);
2332			break;
2333		}
2334
2335		memcpy((void *)addr, io, sizeof(*io));
2336
2337		/* return this to our pool */
2338		ctl_free_io(io);
2339
2340		break;
2341	}
2342	case CTL_ENABLE_PORT:
2343	case CTL_DISABLE_PORT:
2344	case CTL_SET_PORT_WWNS: {
2345		struct ctl_port *port;
2346		struct ctl_port_entry *entry;
2347
2348		entry = (struct ctl_port_entry *)addr;
2349
2350		mtx_lock(&softc->ctl_lock);
2351		STAILQ_FOREACH(port, &softc->port_list, links) {
2352			int action, done;
2353
2354			action = 0;
2355			done = 0;
2356
2357			if ((entry->port_type == CTL_PORT_NONE)
2358			 && (entry->targ_port == port->targ_port)) {
2359				/*
2360				 * If the user only wants to enable or
2361				 * disable or set WWNs on a specific port,
2362				 * do the operation and we're done.
2363				 */
2364				action = 1;
2365				done = 1;
2366			} else if (entry->port_type & port->port_type) {
2367				/*
2368				 * Compare the user's type mask with the
2369				 * particular frontend type to see if we
2370				 * have a match.
2371				 */
2372				action = 1;
2373				done = 0;
2374
2375				/*
2376				 * Make sure the user isn't trying to set
2377				 * WWNs on multiple ports at the same time.
2378				 */
2379				if (cmd == CTL_SET_PORT_WWNS) {
2380					printf("%s: Can't set WWNs on "
2381					       "multiple ports\n", __func__);
2382					retval = EINVAL;
2383					break;
2384				}
2385			}
2386			if (action != 0) {
2387				/*
2388				 * XXX KDM we have to drop the lock here,
2389				 * because the online/offline operations
2390				 * can potentially block.  We need to
2391				 * reference count the frontends so they
2392				 * can't go away,
2393				 */
2394				mtx_unlock(&softc->ctl_lock);
2395
2396				if (cmd == CTL_ENABLE_PORT) {
2397					struct ctl_lun *lun;
2398
2399					STAILQ_FOREACH(lun, &softc->lun_list,
2400						       links) {
2401						port->lun_enable(port->targ_lun_arg,
2402						    lun->target,
2403						    lun->lun);
2404					}
2405
2406					ctl_port_online(port);
2407				} else if (cmd == CTL_DISABLE_PORT) {
2408					struct ctl_lun *lun;
2409
2410					ctl_port_offline(port);
2411
2412					STAILQ_FOREACH(lun, &softc->lun_list,
2413						       links) {
2414						port->lun_disable(
2415						    port->targ_lun_arg,
2416						    lun->target,
2417						    lun->lun);
2418					}
2419				}
2420
2421				mtx_lock(&softc->ctl_lock);
2422
2423				if (cmd == CTL_SET_PORT_WWNS)
2424					ctl_port_set_wwns(port,
2425					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2426					    1 : 0, entry->wwnn,
2427					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2428					    1 : 0, entry->wwpn);
2429			}
2430			if (done != 0)
2431				break;
2432		}
2433		mtx_unlock(&softc->ctl_lock);
2434		break;
2435	}
2436	case CTL_GET_PORT_LIST: {
2437		struct ctl_port *port;
2438		struct ctl_port_list *list;
2439		int i;
2440
2441		list = (struct ctl_port_list *)addr;
2442
2443		if (list->alloc_len != (list->alloc_num *
2444		    sizeof(struct ctl_port_entry))) {
2445			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2446			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2447			       "%zu\n", __func__, list->alloc_len,
2448			       list->alloc_num, sizeof(struct ctl_port_entry));
2449			retval = EINVAL;
2450			break;
2451		}
2452		list->fill_len = 0;
2453		list->fill_num = 0;
2454		list->dropped_num = 0;
2455		i = 0;
2456		mtx_lock(&softc->ctl_lock);
2457		STAILQ_FOREACH(port, &softc->port_list, links) {
2458			struct ctl_port_entry entry, *list_entry;
2459
2460			if (list->fill_num >= list->alloc_num) {
2461				list->dropped_num++;
2462				continue;
2463			}
2464
2465			entry.port_type = port->port_type;
2466			strlcpy(entry.port_name, port->port_name,
2467				sizeof(entry.port_name));
2468			entry.targ_port = port->targ_port;
2469			entry.physical_port = port->physical_port;
2470			entry.virtual_port = port->virtual_port;
2471			entry.wwnn = port->wwnn;
2472			entry.wwpn = port->wwpn;
2473			if (port->status & CTL_PORT_STATUS_ONLINE)
2474				entry.online = 1;
2475			else
2476				entry.online = 0;
2477
2478			list_entry = &list->entries[i];
2479
2480			retval = copyout(&entry, list_entry, sizeof(entry));
2481			if (retval != 0) {
2482				printf("%s: CTL_GET_PORT_LIST: copyout "
2483				       "returned %d\n", __func__, retval);
2484				break;
2485			}
2486			i++;
2487			list->fill_num++;
2488			list->fill_len += sizeof(entry);
2489		}
2490		mtx_unlock(&softc->ctl_lock);
2491
2492		/*
2493		 * If this is non-zero, we had a copyout fault, so there's
2494		 * probably no point in attempting to set the status inside
2495		 * the structure.
2496		 */
2497		if (retval != 0)
2498			break;
2499
2500		if (list->dropped_num > 0)
2501			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2502		else
2503			list->status = CTL_PORT_LIST_OK;
2504		break;
2505	}
2506	case CTL_DUMP_OOA: {
2507		struct ctl_lun *lun;
2508		union ctl_io *io;
2509		char printbuf[128];
2510		struct sbuf sb;
2511
2512		mtx_lock(&softc->ctl_lock);
2513		printf("Dumping OOA queues:\n");
2514		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2515			mtx_lock(&lun->lun_lock);
2516			for (io = (union ctl_io *)TAILQ_FIRST(
2517			     &lun->ooa_queue); io != NULL;
2518			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2519			     ooa_links)) {
2520				sbuf_new(&sb, printbuf, sizeof(printbuf),
2521					 SBUF_FIXEDLEN);
2522				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2523					    (intmax_t)lun->lun,
2524					    io->scsiio.tag_num,
2525					    (io->io_hdr.flags &
2526					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2527					    (io->io_hdr.flags &
2528					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2529					    (io->io_hdr.flags &
2530					    CTL_FLAG_ABORT) ? " ABORT" : "",
2531			                    (io->io_hdr.flags &
2532		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2533				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2534				sbuf_finish(&sb);
2535				printf("%s\n", sbuf_data(&sb));
2536			}
2537			mtx_unlock(&lun->lun_lock);
2538		}
2539		printf("OOA queues dump done\n");
2540		mtx_unlock(&softc->ctl_lock);
2541		break;
2542	}
2543	case CTL_GET_OOA: {
2544		struct ctl_lun *lun;
2545		struct ctl_ooa *ooa_hdr;
2546		struct ctl_ooa_entry *entries;
2547		uint32_t cur_fill_num;
2548
2549		ooa_hdr = (struct ctl_ooa *)addr;
2550
2551		if ((ooa_hdr->alloc_len == 0)
2552		 || (ooa_hdr->alloc_num == 0)) {
2553			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2554			       "must be non-zero\n", __func__,
2555			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2556			retval = EINVAL;
2557			break;
2558		}
2559
2560		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2561		    sizeof(struct ctl_ooa_entry))) {
2562			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2563			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2564			       __func__, ooa_hdr->alloc_len,
2565			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2566			retval = EINVAL;
2567			break;
2568		}
2569
2570		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2571		if (entries == NULL) {
2572			printf("%s: could not allocate %d bytes for OOA "
2573			       "dump\n", __func__, ooa_hdr->alloc_len);
2574			retval = ENOMEM;
2575			break;
2576		}
2577
2578		mtx_lock(&softc->ctl_lock);
2579		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2580		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2581		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2582			mtx_unlock(&softc->ctl_lock);
2583			free(entries, M_CTL);
2584			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2585			       __func__, (uintmax_t)ooa_hdr->lun_num);
2586			retval = EINVAL;
2587			break;
2588		}
2589
2590		cur_fill_num = 0;
2591
2592		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2593			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2594				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2595					ooa_hdr, entries);
2596				if (retval != 0)
2597					break;
2598			}
2599			if (retval != 0) {
2600				mtx_unlock(&softc->ctl_lock);
2601				free(entries, M_CTL);
2602				break;
2603			}
2604		} else {
2605			lun = softc->ctl_luns[ooa_hdr->lun_num];
2606
2607			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2608						    entries);
2609		}
2610		mtx_unlock(&softc->ctl_lock);
2611
2612		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2613		ooa_hdr->fill_len = ooa_hdr->fill_num *
2614			sizeof(struct ctl_ooa_entry);
2615		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2616		if (retval != 0) {
2617			printf("%s: error copying out %d bytes for OOA dump\n",
2618			       __func__, ooa_hdr->fill_len);
2619		}
2620
2621		getbintime(&ooa_hdr->cur_bt);
2622
2623		if (cur_fill_num > ooa_hdr->alloc_num) {
2624			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2625			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2626		} else {
2627			ooa_hdr->dropped_num = 0;
2628			ooa_hdr->status = CTL_OOA_OK;
2629		}
2630
2631		free(entries, M_CTL);
2632		break;
2633	}
2634	case CTL_CHECK_OOA: {
2635		union ctl_io *io;
2636		struct ctl_lun *lun;
2637		struct ctl_ooa_info *ooa_info;
2638
2639
2640		ooa_info = (struct ctl_ooa_info *)addr;
2641
2642		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2643			ooa_info->status = CTL_OOA_INVALID_LUN;
2644			break;
2645		}
2646		mtx_lock(&softc->ctl_lock);
2647		lun = softc->ctl_luns[ooa_info->lun_id];
2648		if (lun == NULL) {
2649			mtx_unlock(&softc->ctl_lock);
2650			ooa_info->status = CTL_OOA_INVALID_LUN;
2651			break;
2652		}
2653		mtx_lock(&lun->lun_lock);
2654		mtx_unlock(&softc->ctl_lock);
2655		ooa_info->num_entries = 0;
2656		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2657		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2658		     &io->io_hdr, ooa_links)) {
2659			ooa_info->num_entries++;
2660		}
2661		mtx_unlock(&lun->lun_lock);
2662
2663		ooa_info->status = CTL_OOA_SUCCESS;
2664
2665		break;
2666	}
2667	case CTL_HARD_START:
2668	case CTL_HARD_STOP: {
2669		struct ctl_fe_ioctl_startstop_info ss_info;
2670		struct cfi_metatask *metatask;
2671		struct mtx hs_mtx;
2672
2673		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2674
2675		cv_init(&ss_info.sem, "hard start/stop cv" );
2676
2677		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2678		if (metatask == NULL) {
2679			retval = ENOMEM;
2680			mtx_destroy(&hs_mtx);
2681			break;
2682		}
2683
2684		if (cmd == CTL_HARD_START)
2685			metatask->tasktype = CFI_TASK_STARTUP;
2686		else
2687			metatask->tasktype = CFI_TASK_SHUTDOWN;
2688
2689		metatask->callback = ctl_ioctl_hard_startstop_callback;
2690		metatask->callback_arg = &ss_info;
2691
2692		cfi_action(metatask);
2693
2694		/* Wait for the callback */
2695		mtx_lock(&hs_mtx);
2696		cv_wait_sig(&ss_info.sem, &hs_mtx);
2697		mtx_unlock(&hs_mtx);
2698
2699		/*
2700		 * All information has been copied from the metatask by the
2701		 * time cv_broadcast() is called, so we free the metatask here.
2702		 */
2703		cfi_free_metatask(metatask);
2704
2705		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2706
2707		mtx_destroy(&hs_mtx);
2708		break;
2709	}
2710	case CTL_BBRREAD: {
2711		struct ctl_bbrread_info *bbr_info;
2712		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2713		struct mtx bbr_mtx;
2714		struct cfi_metatask *metatask;
2715
2716		bbr_info = (struct ctl_bbrread_info *)addr;
2717
2718		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2719
2720		bzero(&bbr_mtx, sizeof(bbr_mtx));
2721		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2722
2723		fe_bbr_info.bbr_info = bbr_info;
2724		fe_bbr_info.lock = &bbr_mtx;
2725
2726		cv_init(&fe_bbr_info.sem, "BBR read cv");
2727		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2728
2729		if (metatask == NULL) {
2730			mtx_destroy(&bbr_mtx);
2731			cv_destroy(&fe_bbr_info.sem);
2732			retval = ENOMEM;
2733			break;
2734		}
2735		metatask->tasktype = CFI_TASK_BBRREAD;
2736		metatask->callback = ctl_ioctl_bbrread_callback;
2737		metatask->callback_arg = &fe_bbr_info;
2738		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2739		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2740		metatask->taskinfo.bbrread.len = bbr_info->len;
2741
2742		cfi_action(metatask);
2743
2744		mtx_lock(&bbr_mtx);
2745		while (fe_bbr_info.wakeup_done == 0)
2746			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2747		mtx_unlock(&bbr_mtx);
2748
2749		bbr_info->status = metatask->status;
2750		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2751		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2752		memcpy(&bbr_info->sense_data,
2753		       &metatask->taskinfo.bbrread.sense_data,
2754		       ctl_min(sizeof(bbr_info->sense_data),
2755			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2756
2757		cfi_free_metatask(metatask);
2758
2759		mtx_destroy(&bbr_mtx);
2760		cv_destroy(&fe_bbr_info.sem);
2761
2762		break;
2763	}
2764	case CTL_DELAY_IO: {
2765		struct ctl_io_delay_info *delay_info;
2766#ifdef CTL_IO_DELAY
2767		struct ctl_lun *lun;
2768#endif /* CTL_IO_DELAY */
2769
2770		delay_info = (struct ctl_io_delay_info *)addr;
2771
2772#ifdef CTL_IO_DELAY
2773		mtx_lock(&softc->ctl_lock);
2774
2775		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2776		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2777			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2778		} else {
2779			lun = softc->ctl_luns[delay_info->lun_id];
2780			mtx_lock(&lun->lun_lock);
2781
2782			delay_info->status = CTL_DELAY_STATUS_OK;
2783
2784			switch (delay_info->delay_type) {
2785			case CTL_DELAY_TYPE_CONT:
2786				break;
2787			case CTL_DELAY_TYPE_ONESHOT:
2788				break;
2789			default:
2790				delay_info->status =
2791					CTL_DELAY_STATUS_INVALID_TYPE;
2792				break;
2793			}
2794
2795			switch (delay_info->delay_loc) {
2796			case CTL_DELAY_LOC_DATAMOVE:
2797				lun->delay_info.datamove_type =
2798					delay_info->delay_type;
2799				lun->delay_info.datamove_delay =
2800					delay_info->delay_secs;
2801				break;
2802			case CTL_DELAY_LOC_DONE:
2803				lun->delay_info.done_type =
2804					delay_info->delay_type;
2805				lun->delay_info.done_delay =
2806					delay_info->delay_secs;
2807				break;
2808			default:
2809				delay_info->status =
2810					CTL_DELAY_STATUS_INVALID_LOC;
2811				break;
2812			}
2813			mtx_unlock(&lun->lun_lock);
2814		}
2815
2816		mtx_unlock(&softc->ctl_lock);
2817#else
2818		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2819#endif /* CTL_IO_DELAY */
2820		break;
2821	}
2822	case CTL_REALSYNC_SET: {
2823		int *syncstate;
2824
2825		syncstate = (int *)addr;
2826
2827		mtx_lock(&softc->ctl_lock);
2828		switch (*syncstate) {
2829		case 0:
2830			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2831			break;
2832		case 1:
2833			softc->flags |= CTL_FLAG_REAL_SYNC;
2834			break;
2835		default:
2836			retval = EINVAL;
2837			break;
2838		}
2839		mtx_unlock(&softc->ctl_lock);
2840		break;
2841	}
2842	case CTL_REALSYNC_GET: {
2843		int *syncstate;
2844
2845		syncstate = (int*)addr;
2846
2847		mtx_lock(&softc->ctl_lock);
2848		if (softc->flags & CTL_FLAG_REAL_SYNC)
2849			*syncstate = 1;
2850		else
2851			*syncstate = 0;
2852		mtx_unlock(&softc->ctl_lock);
2853
2854		break;
2855	}
2856	case CTL_SETSYNC:
2857	case CTL_GETSYNC: {
2858		struct ctl_sync_info *sync_info;
2859		struct ctl_lun *lun;
2860
2861		sync_info = (struct ctl_sync_info *)addr;
2862
2863		mtx_lock(&softc->ctl_lock);
2864		lun = softc->ctl_luns[sync_info->lun_id];
2865		if (lun == NULL) {
2866			mtx_unlock(&softc->ctl_lock);
2867			sync_info->status = CTL_GS_SYNC_NO_LUN;
2868		}
2869		/*
2870		 * Get or set the sync interval.  We're not bounds checking
2871		 * in the set case, hopefully the user won't do something
2872		 * silly.
2873		 */
2874		mtx_lock(&lun->lun_lock);
2875		mtx_unlock(&softc->ctl_lock);
2876		if (cmd == CTL_GETSYNC)
2877			sync_info->sync_interval = lun->sync_interval;
2878		else
2879			lun->sync_interval = sync_info->sync_interval;
2880		mtx_unlock(&lun->lun_lock);
2881
2882		sync_info->status = CTL_GS_SYNC_OK;
2883
2884		break;
2885	}
2886	case CTL_GETSTATS: {
2887		struct ctl_stats *stats;
2888		struct ctl_lun *lun;
2889		int i;
2890
2891		stats = (struct ctl_stats *)addr;
2892
2893		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2894		     stats->alloc_len) {
2895			stats->status = CTL_SS_NEED_MORE_SPACE;
2896			stats->num_luns = softc->num_luns;
2897			break;
2898		}
2899		/*
2900		 * XXX KDM no locking here.  If the LUN list changes,
2901		 * things can blow up.
2902		 */
2903		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2904		     i++, lun = STAILQ_NEXT(lun, links)) {
2905			retval = copyout(&lun->stats, &stats->lun_stats[i],
2906					 sizeof(lun->stats));
2907			if (retval != 0)
2908				break;
2909		}
2910		stats->num_luns = softc->num_luns;
2911		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2912				 softc->num_luns;
2913		stats->status = CTL_SS_OK;
2914#ifdef CTL_TIME_IO
2915		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2916#else
2917		stats->flags = CTL_STATS_FLAG_NONE;
2918#endif
2919		getnanouptime(&stats->timestamp);
2920		break;
2921	}
2922	case CTL_ERROR_INJECT: {
2923		struct ctl_error_desc *err_desc, *new_err_desc;
2924		struct ctl_lun *lun;
2925
2926		err_desc = (struct ctl_error_desc *)addr;
2927
2928		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2929				      M_WAITOK | M_ZERO);
2930		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2931
2932		mtx_lock(&softc->ctl_lock);
2933		lun = softc->ctl_luns[err_desc->lun_id];
2934		if (lun == NULL) {
2935			mtx_unlock(&softc->ctl_lock);
2936			free(new_err_desc, M_CTL);
2937			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2938			       __func__, (uintmax_t)err_desc->lun_id);
2939			retval = EINVAL;
2940			break;
2941		}
2942		mtx_lock(&lun->lun_lock);
2943		mtx_unlock(&softc->ctl_lock);
2944
2945		/*
2946		 * We could do some checking here to verify the validity
2947		 * of the request, but given the complexity of error
2948		 * injection requests, the checking logic would be fairly
2949		 * complex.
2950		 *
2951		 * For now, if the request is invalid, it just won't get
2952		 * executed and might get deleted.
2953		 */
2954		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2955
2956		/*
2957		 * XXX KDM check to make sure the serial number is unique,
2958		 * in case we somehow manage to wrap.  That shouldn't
2959		 * happen for a very long time, but it's the right thing to
2960		 * do.
2961		 */
2962		new_err_desc->serial = lun->error_serial;
2963		err_desc->serial = lun->error_serial;
2964		lun->error_serial++;
2965
2966		mtx_unlock(&lun->lun_lock);
2967		break;
2968	}
2969	case CTL_ERROR_INJECT_DELETE: {
2970		struct ctl_error_desc *delete_desc, *desc, *desc2;
2971		struct ctl_lun *lun;
2972		int delete_done;
2973
2974		delete_desc = (struct ctl_error_desc *)addr;
2975		delete_done = 0;
2976
2977		mtx_lock(&softc->ctl_lock);
2978		lun = softc->ctl_luns[delete_desc->lun_id];
2979		if (lun == NULL) {
2980			mtx_unlock(&softc->ctl_lock);
2981			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2982			       __func__, (uintmax_t)delete_desc->lun_id);
2983			retval = EINVAL;
2984			break;
2985		}
2986		mtx_lock(&lun->lun_lock);
2987		mtx_unlock(&softc->ctl_lock);
2988		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2989			if (desc->serial != delete_desc->serial)
2990				continue;
2991
2992			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2993				      links);
2994			free(desc, M_CTL);
2995			delete_done = 1;
2996		}
2997		mtx_unlock(&lun->lun_lock);
2998		if (delete_done == 0) {
2999			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
3000			       "error serial %ju on LUN %u\n", __func__,
3001			       delete_desc->serial, delete_desc->lun_id);
3002			retval = EINVAL;
3003			break;
3004		}
3005		break;
3006	}
3007	case CTL_DUMP_STRUCTS: {
3008		int i, j, k, idx;
3009		struct ctl_port *port;
3010		struct ctl_frontend *fe;
3011
3012		mtx_lock(&softc->ctl_lock);
3013		printf("CTL Persistent Reservation information start:\n");
3014		for (i = 0; i < CTL_MAX_LUNS; i++) {
3015			struct ctl_lun *lun;
3016
3017			lun = softc->ctl_luns[i];
3018
3019			if ((lun == NULL)
3020			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3021				continue;
3022
3023			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
3024				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3025					idx = j * CTL_MAX_INIT_PER_PORT + k;
3026					if (lun->pr_keys[idx] == 0)
3027						continue;
3028					printf("  LUN %d port %d iid %d key "
3029					       "%#jx\n", i, j, k,
3030					       (uintmax_t)lun->pr_keys[idx]);
3031				}
3032			}
3033		}
3034		printf("CTL Persistent Reservation information end\n");
3035		printf("CTL Ports:\n");
3036		STAILQ_FOREACH(port, &softc->port_list, links) {
3037			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3038			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3039			       port->frontend->name, port->port_type,
3040			       port->physical_port, port->virtual_port,
3041			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3042			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3043				if (port->wwpn_iid[j].in_use == 0 &&
3044				    port->wwpn_iid[j].wwpn == 0 &&
3045				    port->wwpn_iid[j].name == NULL)
3046					continue;
3047
3048				printf("    iid %u use %d WWPN %#jx '%s'\n",
3049				    j, port->wwpn_iid[j].in_use,
3050				    (uintmax_t)port->wwpn_iid[j].wwpn,
3051				    port->wwpn_iid[j].name);
3052			}
3053		}
3054		printf("CTL Port information end\n");
3055		mtx_unlock(&softc->ctl_lock);
3056		/*
3057		 * XXX KDM calling this without a lock.  We'd likely want
3058		 * to drop the lock before calling the frontend's dump
3059		 * routine anyway.
3060		 */
3061		printf("CTL Frontends:\n");
3062		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3063			printf("  Frontend '%s'\n", fe->name);
3064			if (fe->fe_dump != NULL)
3065				fe->fe_dump();
3066		}
3067		printf("CTL Frontend information end\n");
3068		break;
3069	}
3070	case CTL_LUN_REQ: {
3071		struct ctl_lun_req *lun_req;
3072		struct ctl_backend_driver *backend;
3073
3074		lun_req = (struct ctl_lun_req *)addr;
3075
3076		backend = ctl_backend_find(lun_req->backend);
3077		if (backend == NULL) {
3078			lun_req->status = CTL_LUN_ERROR;
3079			snprintf(lun_req->error_str,
3080				 sizeof(lun_req->error_str),
3081				 "Backend \"%s\" not found.",
3082				 lun_req->backend);
3083			break;
3084		}
3085		if (lun_req->num_be_args > 0) {
3086			lun_req->kern_be_args = ctl_copyin_args(
3087				lun_req->num_be_args,
3088				lun_req->be_args,
3089				lun_req->error_str,
3090				sizeof(lun_req->error_str));
3091			if (lun_req->kern_be_args == NULL) {
3092				lun_req->status = CTL_LUN_ERROR;
3093				break;
3094			}
3095		}
3096
3097		retval = backend->ioctl(dev, cmd, addr, flag, td);
3098
3099		if (lun_req->num_be_args > 0) {
3100			ctl_copyout_args(lun_req->num_be_args,
3101				      lun_req->kern_be_args);
3102			ctl_free_args(lun_req->num_be_args,
3103				      lun_req->kern_be_args);
3104		}
3105		break;
3106	}
3107	case CTL_LUN_LIST: {
3108		struct sbuf *sb;
3109		struct ctl_lun *lun;
3110		struct ctl_lun_list *list;
3111		struct ctl_option *opt;
3112
3113		list = (struct ctl_lun_list *)addr;
3114
3115		/*
3116		 * Allocate a fixed length sbuf here, based on the length
3117		 * of the user's buffer.  We could allocate an auto-extending
3118		 * buffer, and then tell the user how much larger our
3119		 * amount of data is than his buffer, but that presents
3120		 * some problems:
3121		 *
3122		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3123		 *     we can't hold a lock while calling them with an
3124		 *     auto-extending buffer.
3125 		 *
3126		 * 2.  There is not currently a LUN reference counting
3127		 *     mechanism, outside of outstanding transactions on
3128		 *     the LUN's OOA queue.  So a LUN could go away on us
3129		 *     while we're getting the LUN number, backend-specific
3130		 *     information, etc.  Thus, given the way things
3131		 *     currently work, we need to hold the CTL lock while
3132		 *     grabbing LUN information.
3133		 *
3134		 * So, from the user's standpoint, the best thing to do is
3135		 * allocate what he thinks is a reasonable buffer length,
3136		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3137		 * double the buffer length and try again.  (And repeat
3138		 * that until he succeeds.)
3139		 */
3140		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3141		if (sb == NULL) {
3142			list->status = CTL_LUN_LIST_ERROR;
3143			snprintf(list->error_str, sizeof(list->error_str),
3144				 "Unable to allocate %d bytes for LUN list",
3145				 list->alloc_len);
3146			break;
3147		}
3148
3149		sbuf_printf(sb, "<ctllunlist>\n");
3150
3151		mtx_lock(&softc->ctl_lock);
3152		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3153			mtx_lock(&lun->lun_lock);
3154			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3155					     (uintmax_t)lun->lun);
3156
3157			/*
3158			 * Bail out as soon as we see that we've overfilled
3159			 * the buffer.
3160			 */
3161			if (retval != 0)
3162				break;
3163
3164			retval = sbuf_printf(sb, "\t<backend_type>%s"
3165					     "</backend_type>\n",
3166					     (lun->backend == NULL) ?  "none" :
3167					     lun->backend->name);
3168
3169			if (retval != 0)
3170				break;
3171
3172			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3173					     lun->be_lun->lun_type);
3174
3175			if (retval != 0)
3176				break;
3177
3178			if (lun->backend == NULL) {
3179				retval = sbuf_printf(sb, "</lun>\n");
3180				if (retval != 0)
3181					break;
3182				continue;
3183			}
3184
3185			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3186					     (lun->be_lun->maxlba > 0) ?
3187					     lun->be_lun->maxlba + 1 : 0);
3188
3189			if (retval != 0)
3190				break;
3191
3192			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3193					     lun->be_lun->blocksize);
3194
3195			if (retval != 0)
3196				break;
3197
3198			retval = sbuf_printf(sb, "\t<serial_number>");
3199
3200			if (retval != 0)
3201				break;
3202
3203			retval = ctl_sbuf_printf_esc(sb,
3204			    lun->be_lun->serial_num,
3205			    sizeof(lun->be_lun->serial_num));
3206
3207			if (retval != 0)
3208				break;
3209
3210			retval = sbuf_printf(sb, "</serial_number>\n");
3211
3212			if (retval != 0)
3213				break;
3214
3215			retval = sbuf_printf(sb, "\t<device_id>");
3216
3217			if (retval != 0)
3218				break;
3219
3220			retval = ctl_sbuf_printf_esc(sb,
3221			    lun->be_lun->device_id,
3222			    sizeof(lun->be_lun->device_id));
3223
3224			if (retval != 0)
3225				break;
3226
3227			retval = sbuf_printf(sb, "</device_id>\n");
3228
3229			if (retval != 0)
3230				break;
3231
3232			if (lun->backend->lun_info != NULL) {
3233				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3234				if (retval != 0)
3235					break;
3236			}
3237			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3238				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3239				    opt->name, opt->value, opt->name);
3240				if (retval != 0)
3241					break;
3242			}
3243
3244			retval = sbuf_printf(sb, "</lun>\n");
3245
3246			if (retval != 0)
3247				break;
3248			mtx_unlock(&lun->lun_lock);
3249		}
3250		if (lun != NULL)
3251			mtx_unlock(&lun->lun_lock);
3252		mtx_unlock(&softc->ctl_lock);
3253
3254		if ((retval != 0)
3255		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3256			retval = 0;
3257			sbuf_delete(sb);
3258			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3259			snprintf(list->error_str, sizeof(list->error_str),
3260				 "Out of space, %d bytes is too small",
3261				 list->alloc_len);
3262			break;
3263		}
3264
3265		sbuf_finish(sb);
3266
3267		retval = copyout(sbuf_data(sb), list->lun_xml,
3268				 sbuf_len(sb) + 1);
3269
3270		list->fill_len = sbuf_len(sb) + 1;
3271		list->status = CTL_LUN_LIST_OK;
3272		sbuf_delete(sb);
3273		break;
3274	}
3275	case CTL_ISCSI: {
3276		struct ctl_iscsi *ci;
3277		struct ctl_frontend *fe;
3278
3279		ci = (struct ctl_iscsi *)addr;
3280
3281		fe = ctl_frontend_find("iscsi");
3282		if (fe == NULL) {
3283			ci->status = CTL_ISCSI_ERROR;
3284			snprintf(ci->error_str, sizeof(ci->error_str),
3285			    "Frontend \"iscsi\" not found.");
3286			break;
3287		}
3288
3289		retval = fe->ioctl(dev, cmd, addr, flag, td);
3290		break;
3291	}
3292	case CTL_PORT_REQ: {
3293		struct ctl_req *req;
3294		struct ctl_frontend *fe;
3295
3296		req = (struct ctl_req *)addr;
3297
3298		fe = ctl_frontend_find(req->driver);
3299		if (fe == NULL) {
3300			req->status = CTL_LUN_ERROR;
3301			snprintf(req->error_str, sizeof(req->error_str),
3302			    "Frontend \"%s\" not found.", req->driver);
3303			break;
3304		}
3305		if (req->num_args > 0) {
3306			req->kern_args = ctl_copyin_args(req->num_args,
3307			    req->args, req->error_str, sizeof(req->error_str));
3308			if (req->kern_args == NULL) {
3309				req->status = CTL_LUN_ERROR;
3310				break;
3311			}
3312		}
3313
3314		retval = fe->ioctl(dev, cmd, addr, flag, td);
3315
3316		if (req->num_args > 0) {
3317			ctl_copyout_args(req->num_args, req->kern_args);
3318			ctl_free_args(req->num_args, req->kern_args);
3319		}
3320		break;
3321	}
3322	case CTL_PORT_LIST: {
3323		struct sbuf *sb;
3324		struct ctl_port *port;
3325		struct ctl_lun_list *list;
3326		struct ctl_option *opt;
3327		int j;
3328
3329		list = (struct ctl_lun_list *)addr;
3330
3331		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3332		if (sb == NULL) {
3333			list->status = CTL_LUN_LIST_ERROR;
3334			snprintf(list->error_str, sizeof(list->error_str),
3335				 "Unable to allocate %d bytes for LUN list",
3336				 list->alloc_len);
3337			break;
3338		}
3339
3340		sbuf_printf(sb, "<ctlportlist>\n");
3341
3342		mtx_lock(&softc->ctl_lock);
3343		STAILQ_FOREACH(port, &softc->port_list, links) {
3344			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3345					     (uintmax_t)port->targ_port);
3346
3347			/*
3348			 * Bail out as soon as we see that we've overfilled
3349			 * the buffer.
3350			 */
3351			if (retval != 0)
3352				break;
3353
3354			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3355			    "</frontend_type>\n", port->frontend->name);
3356			if (retval != 0)
3357				break;
3358
3359			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3360					     port->port_type);
3361			if (retval != 0)
3362				break;
3363
3364			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3365			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3366			if (retval != 0)
3367				break;
3368
3369			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3370			    port->port_name);
3371			if (retval != 0)
3372				break;
3373
3374			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3375			    port->physical_port);
3376			if (retval != 0)
3377				break;
3378
3379			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3380			    port->virtual_port);
3381			if (retval != 0)
3382				break;
3383
3384			if (port->target_devid != NULL) {
3385				sbuf_printf(sb, "\t<target>");
3386				ctl_id_sbuf(port->target_devid, sb);
3387				sbuf_printf(sb, "</target>\n");
3388			}
3389
3390			if (port->port_devid != NULL) {
3391				sbuf_printf(sb, "\t<port>");
3392				ctl_id_sbuf(port->port_devid, sb);
3393				sbuf_printf(sb, "</port>\n");
3394			}
3395
3396			if (port->port_info != NULL) {
3397				retval = port->port_info(port->onoff_arg, sb);
3398				if (retval != 0)
3399					break;
3400			}
3401			STAILQ_FOREACH(opt, &port->options, links) {
3402				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3403				    opt->name, opt->value, opt->name);
3404				if (retval != 0)
3405					break;
3406			}
3407
3408			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3409				if (port->wwpn_iid[j].in_use == 0 ||
3410				    (port->wwpn_iid[j].wwpn == 0 &&
3411				     port->wwpn_iid[j].name == NULL))
3412					continue;
3413
3414				if (port->wwpn_iid[j].name != NULL)
3415					retval = sbuf_printf(sb,
3416					    "\t<initiator>%u %s</initiator>\n",
3417					    j, port->wwpn_iid[j].name);
3418				else
3419					retval = sbuf_printf(sb,
3420					    "\t<initiator>%u naa.%08jx</initiator>\n",
3421					    j, port->wwpn_iid[j].wwpn);
3422				if (retval != 0)
3423					break;
3424			}
3425			if (retval != 0)
3426				break;
3427
3428			retval = sbuf_printf(sb, "</targ_port>\n");
3429			if (retval != 0)
3430				break;
3431		}
3432		mtx_unlock(&softc->ctl_lock);
3433
3434		if ((retval != 0)
3435		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3436			retval = 0;
3437			sbuf_delete(sb);
3438			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3439			snprintf(list->error_str, sizeof(list->error_str),
3440				 "Out of space, %d bytes is too small",
3441				 list->alloc_len);
3442			break;
3443		}
3444
3445		sbuf_finish(sb);
3446
3447		retval = copyout(sbuf_data(sb), list->lun_xml,
3448				 sbuf_len(sb) + 1);
3449
3450		list->fill_len = sbuf_len(sb) + 1;
3451		list->status = CTL_LUN_LIST_OK;
3452		sbuf_delete(sb);
3453		break;
3454	}
3455	default: {
3456		/* XXX KDM should we fix this? */
3457#if 0
3458		struct ctl_backend_driver *backend;
3459		unsigned int type;
3460		int found;
3461
3462		found = 0;
3463
3464		/*
3465		 * We encode the backend type as the ioctl type for backend
3466		 * ioctls.  So parse it out here, and then search for a
3467		 * backend of this type.
3468		 */
3469		type = _IOC_TYPE(cmd);
3470
3471		STAILQ_FOREACH(backend, &softc->be_list, links) {
3472			if (backend->type == type) {
3473				found = 1;
3474				break;
3475			}
3476		}
3477		if (found == 0) {
3478			printf("ctl: unknown ioctl command %#lx or backend "
3479			       "%d\n", cmd, type);
3480			retval = EINVAL;
3481			break;
3482		}
3483		retval = backend->ioctl(dev, cmd, addr, flag, td);
3484#endif
3485		retval = ENOTTY;
3486		break;
3487	}
3488	}
3489	return (retval);
3490}
3491
3492uint32_t
3493ctl_get_initindex(struct ctl_nexus *nexus)
3494{
3495	if (nexus->targ_port < CTL_MAX_PORTS)
3496		return (nexus->initid.id +
3497			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3498	else
3499		return (nexus->initid.id +
3500		       ((nexus->targ_port - CTL_MAX_PORTS) *
3501			CTL_MAX_INIT_PER_PORT));
3502}
3503
3504uint32_t
3505ctl_get_resindex(struct ctl_nexus *nexus)
3506{
3507	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3508}
3509
3510uint32_t
3511ctl_port_idx(int port_num)
3512{
3513	if (port_num < CTL_MAX_PORTS)
3514		return(port_num);
3515	else
3516		return(port_num - CTL_MAX_PORTS);
3517}
3518
3519static uint32_t
3520ctl_map_lun(int port_num, uint32_t lun_id)
3521{
3522	struct ctl_port *port;
3523
3524	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3525	if (port == NULL)
3526		return (UINT32_MAX);
3527	if (port->lun_map == NULL)
3528		return (lun_id);
3529	return (port->lun_map(port->targ_lun_arg, lun_id));
3530}
3531
3532static uint32_t
3533ctl_map_lun_back(int port_num, uint32_t lun_id)
3534{
3535	struct ctl_port *port;
3536	uint32_t i;
3537
3538	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3539	if (port->lun_map == NULL)
3540		return (lun_id);
3541	for (i = 0; i < CTL_MAX_LUNS; i++) {
3542		if (port->lun_map(port->targ_lun_arg, i) == lun_id)
3543			return (i);
3544	}
3545	return (UINT32_MAX);
3546}
3547
3548/*
3549 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3550 * that are a power of 2.
3551 */
3552int
3553ctl_ffz(uint32_t *mask, uint32_t size)
3554{
3555	uint32_t num_chunks, num_pieces;
3556	int i, j;
3557
3558	num_chunks = (size >> 5);
3559	if (num_chunks == 0)
3560		num_chunks++;
3561	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3562
3563	for (i = 0; i < num_chunks; i++) {
3564		for (j = 0; j < num_pieces; j++) {
3565			if ((mask[i] & (1 << j)) == 0)
3566				return ((i << 5) + j);
3567		}
3568	}
3569
3570	return (-1);
3571}
3572
3573int
3574ctl_set_mask(uint32_t *mask, uint32_t bit)
3575{
3576	uint32_t chunk, piece;
3577
3578	chunk = bit >> 5;
3579	piece = bit % (sizeof(uint32_t) * 8);
3580
3581	if ((mask[chunk] & (1 << piece)) != 0)
3582		return (-1);
3583	else
3584		mask[chunk] |= (1 << piece);
3585
3586	return (0);
3587}
3588
3589int
3590ctl_clear_mask(uint32_t *mask, uint32_t bit)
3591{
3592	uint32_t chunk, piece;
3593
3594	chunk = bit >> 5;
3595	piece = bit % (sizeof(uint32_t) * 8);
3596
3597	if ((mask[chunk] & (1 << piece)) == 0)
3598		return (-1);
3599	else
3600		mask[chunk] &= ~(1 << piece);
3601
3602	return (0);
3603}
3604
3605int
3606ctl_is_set(uint32_t *mask, uint32_t bit)
3607{
3608	uint32_t chunk, piece;
3609
3610	chunk = bit >> 5;
3611	piece = bit % (sizeof(uint32_t) * 8);
3612
3613	if ((mask[chunk] & (1 << piece)) == 0)
3614		return (0);
3615	else
3616		return (1);
3617}
3618
3619#ifdef unused
3620/*
3621 * The bus, target and lun are optional, they can be filled in later.
3622 * can_wait is used to determine whether we can wait on the malloc or not.
3623 */
3624union ctl_io*
3625ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3626	      uint32_t targ_lun, int can_wait)
3627{
3628	union ctl_io *io;
3629
3630	if (can_wait)
3631		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3632	else
3633		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3634
3635	if (io != NULL) {
3636		io->io_hdr.io_type = io_type;
3637		io->io_hdr.targ_port = targ_port;
3638		/*
3639		 * XXX KDM this needs to change/go away.  We need to move
3640		 * to a preallocated pool of ctl_scsiio structures.
3641		 */
3642		io->io_hdr.nexus.targ_target.id = targ_target;
3643		io->io_hdr.nexus.targ_lun = targ_lun;
3644	}
3645
3646	return (io);
3647}
3648
3649void
3650ctl_kfree_io(union ctl_io *io)
3651{
3652	free(io, M_CTL);
3653}
3654#endif /* unused */
3655
3656/*
3657 * ctl_softc, pool_type, total_ctl_io are passed in.
3658 * npool is passed out.
3659 */
3660int
3661ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3662		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3663{
3664	uint32_t i;
3665	union ctl_io *cur_io, *next_io;
3666	struct ctl_io_pool *pool;
3667	int retval;
3668
3669	retval = 0;
3670
3671	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3672					    M_NOWAIT | M_ZERO);
3673	if (pool == NULL) {
3674		retval = ENOMEM;
3675		goto bailout;
3676	}
3677
3678	pool->type = pool_type;
3679	pool->ctl_softc = ctl_softc;
3680
3681	mtx_lock(&ctl_softc->pool_lock);
3682	pool->id = ctl_softc->cur_pool_id++;
3683	mtx_unlock(&ctl_softc->pool_lock);
3684
3685	pool->flags = CTL_POOL_FLAG_NONE;
3686	pool->refcount = 1;		/* Reference for validity. */
3687	STAILQ_INIT(&pool->free_queue);
3688
3689	/*
3690	 * XXX KDM other options here:
3691	 * - allocate a page at a time
3692	 * - allocate one big chunk of memory.
3693	 * Page allocation might work well, but would take a little more
3694	 * tracking.
3695	 */
3696	for (i = 0; i < total_ctl_io; i++) {
3697		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTLIO,
3698						M_NOWAIT);
3699		if (cur_io == NULL) {
3700			retval = ENOMEM;
3701			break;
3702		}
3703		cur_io->io_hdr.pool = pool;
3704		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3705		pool->total_ctl_io++;
3706		pool->free_ctl_io++;
3707	}
3708
3709	if (retval != 0) {
3710		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3711		     cur_io != NULL; cur_io = next_io) {
3712			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3713							      links);
3714			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3715				      ctl_io_hdr, links);
3716			free(cur_io, M_CTLIO);
3717		}
3718
3719		free(pool, M_CTL);
3720		goto bailout;
3721	}
3722	mtx_lock(&ctl_softc->pool_lock);
3723	ctl_softc->num_pools++;
3724	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3725	/*
3726	 * Increment our usage count if this is an external consumer, so we
3727	 * can't get unloaded until the external consumer (most likely a
3728	 * FETD) unloads and frees his pool.
3729	 *
3730	 * XXX KDM will this increment the caller's module use count, or
3731	 * mine?
3732	 */
3733#if 0
3734	if ((pool_type != CTL_POOL_EMERGENCY)
3735	 && (pool_type != CTL_POOL_INTERNAL)
3736	 && (pool_type != CTL_POOL_4OTHERSC))
3737		MOD_INC_USE_COUNT;
3738#endif
3739
3740	mtx_unlock(&ctl_softc->pool_lock);
3741
3742	*npool = pool;
3743
3744bailout:
3745
3746	return (retval);
3747}
3748
3749static int
3750ctl_pool_acquire(struct ctl_io_pool *pool)
3751{
3752
3753	mtx_assert(&pool->ctl_softc->pool_lock, MA_OWNED);
3754
3755	if (pool->flags & CTL_POOL_FLAG_INVALID)
3756		return (EINVAL);
3757
3758	pool->refcount++;
3759
3760	return (0);
3761}
3762
3763static void
3764ctl_pool_release(struct ctl_io_pool *pool)
3765{
3766	struct ctl_softc *ctl_softc = pool->ctl_softc;
3767	union ctl_io *io;
3768
3769	mtx_assert(&ctl_softc->pool_lock, MA_OWNED);
3770
3771	if (--pool->refcount != 0)
3772		return;
3773
3774	while ((io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue)) != NULL) {
3775		STAILQ_REMOVE(&pool->free_queue, &io->io_hdr, ctl_io_hdr,
3776			      links);
3777		free(io, M_CTLIO);
3778	}
3779
3780	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3781	ctl_softc->num_pools--;
3782
3783	/*
3784	 * XXX KDM will this decrement the caller's usage count or mine?
3785	 */
3786#if 0
3787	if ((pool->type != CTL_POOL_EMERGENCY)
3788	 && (pool->type != CTL_POOL_INTERNAL)
3789	 && (pool->type != CTL_POOL_4OTHERSC))
3790		MOD_DEC_USE_COUNT;
3791#endif
3792
3793	free(pool, M_CTL);
3794}
3795
3796void
3797ctl_pool_free(struct ctl_io_pool *pool)
3798{
3799	struct ctl_softc *ctl_softc;
3800
3801	if (pool == NULL)
3802		return;
3803
3804	ctl_softc = pool->ctl_softc;
3805	mtx_lock(&ctl_softc->pool_lock);
3806	pool->flags |= CTL_POOL_FLAG_INVALID;
3807	ctl_pool_release(pool);
3808	mtx_unlock(&ctl_softc->pool_lock);
3809}
3810
3811/*
3812 * This routine does not block (except for spinlocks of course).
3813 * It tries to allocate a ctl_io union from the caller's pool as quickly as
3814 * possible.
3815 */
3816union ctl_io *
3817ctl_alloc_io(void *pool_ref)
3818{
3819	union ctl_io *io;
3820	struct ctl_softc *ctl_softc;
3821	struct ctl_io_pool *pool, *npool;
3822	struct ctl_io_pool *emergency_pool;
3823
3824	pool = (struct ctl_io_pool *)pool_ref;
3825
3826	if (pool == NULL) {
3827		printf("%s: pool is NULL\n", __func__);
3828		return (NULL);
3829	}
3830
3831	emergency_pool = NULL;
3832
3833	ctl_softc = pool->ctl_softc;
3834
3835	mtx_lock(&ctl_softc->pool_lock);
3836	/*
3837	 * First, try to get the io structure from the user's pool.
3838	 */
3839	if (ctl_pool_acquire(pool) == 0) {
3840		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3841		if (io != NULL) {
3842			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3843			pool->total_allocated++;
3844			pool->free_ctl_io--;
3845			mtx_unlock(&ctl_softc->pool_lock);
3846			return (io);
3847		} else
3848			ctl_pool_release(pool);
3849	}
3850	/*
3851	 * If he doesn't have any io structures left, search for an
3852	 * emergency pool and grab one from there.
3853	 */
3854	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3855		if (npool->type != CTL_POOL_EMERGENCY)
3856			continue;
3857
3858		if (ctl_pool_acquire(npool) != 0)
3859			continue;
3860
3861		emergency_pool = npool;
3862
3863		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3864		if (io != NULL) {
3865			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3866			npool->total_allocated++;
3867			npool->free_ctl_io--;
3868			mtx_unlock(&ctl_softc->pool_lock);
3869			return (io);
3870		} else
3871			ctl_pool_release(npool);
3872	}
3873
3874	/* Drop the spinlock before we malloc */
3875	mtx_unlock(&ctl_softc->pool_lock);
3876
3877	/*
3878	 * The emergency pool (if it exists) didn't have one, so try an
3879	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3880	 */
3881	io = (union ctl_io *)malloc(sizeof(*io), M_CTLIO, M_NOWAIT);
3882	if (io != NULL) {
3883		/*
3884		 * If the emergency pool exists but is empty, add this
3885		 * ctl_io to its list when it gets freed.
3886		 */
3887		if (emergency_pool != NULL) {
3888			mtx_lock(&ctl_softc->pool_lock);
3889			if (ctl_pool_acquire(emergency_pool) == 0) {
3890				io->io_hdr.pool = emergency_pool;
3891				emergency_pool->total_ctl_io++;
3892				/*
3893				 * Need to bump this, otherwise
3894				 * total_allocated and total_freed won't
3895				 * match when we no longer have anything
3896				 * outstanding.
3897				 */
3898				emergency_pool->total_allocated++;
3899			}
3900			mtx_unlock(&ctl_softc->pool_lock);
3901		} else
3902			io->io_hdr.pool = NULL;
3903	}
3904
3905	return (io);
3906}
3907
3908void
3909ctl_free_io(union ctl_io *io)
3910{
3911	if (io == NULL)
3912		return;
3913
3914	/*
3915	 * If this ctl_io has a pool, return it to that pool.
3916	 */
3917	if (io->io_hdr.pool != NULL) {
3918		struct ctl_io_pool *pool;
3919
3920		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3921		mtx_lock(&pool->ctl_softc->pool_lock);
3922		io->io_hdr.io_type = 0xff;
3923		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3924		pool->total_freed++;
3925		pool->free_ctl_io++;
3926		ctl_pool_release(pool);
3927		mtx_unlock(&pool->ctl_softc->pool_lock);
3928	} else {
3929		/*
3930		 * Otherwise, just free it.  We probably malloced it and
3931		 * the emergency pool wasn't available.
3932		 */
3933		free(io, M_CTLIO);
3934	}
3935
3936}
3937
3938void
3939ctl_zero_io(union ctl_io *io)
3940{
3941	void *pool_ref;
3942
3943	if (io == NULL)
3944		return;
3945
3946	/*
3947	 * May need to preserve linked list pointers at some point too.
3948	 */
3949	pool_ref = io->io_hdr.pool;
3950
3951	memset(io, 0, sizeof(*io));
3952
3953	io->io_hdr.pool = pool_ref;
3954}
3955
3956/*
3957 * This routine is currently used for internal copies of ctl_ios that need
3958 * to persist for some reason after we've already returned status to the
3959 * FETD.  (Thus the flag set.)
3960 *
3961 * XXX XXX
3962 * Note that this makes a blind copy of all fields in the ctl_io, except
3963 * for the pool reference.  This includes any memory that has been
3964 * allocated!  That memory will no longer be valid after done has been
3965 * called, so this would be VERY DANGEROUS for command that actually does
3966 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3967 * start and stop commands, which don't transfer any data, so this is not a
3968 * problem.  If it is used for anything else, the caller would also need to
3969 * allocate data buffer space and this routine would need to be modified to
3970 * copy the data buffer(s) as well.
3971 */
3972void
3973ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3974{
3975	void *pool_ref;
3976
3977	if ((src == NULL)
3978	 || (dest == NULL))
3979		return;
3980
3981	/*
3982	 * May need to preserve linked list pointers at some point too.
3983	 */
3984	pool_ref = dest->io_hdr.pool;
3985
3986	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
3987
3988	dest->io_hdr.pool = pool_ref;
3989	/*
3990	 * We need to know that this is an internal copy, and doesn't need
3991	 * to get passed back to the FETD that allocated it.
3992	 */
3993	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3994}
3995
3996/*
3997 * This routine could be used in the future to load default and/or saved
3998 * mode page parameters for a particuar lun.
3999 */
4000static int
4001ctl_init_page_index(struct ctl_lun *lun)
4002{
4003	int i;
4004	struct ctl_page_index *page_index;
4005	const char *value;
4006
4007	memcpy(&lun->mode_pages.index, page_index_template,
4008	       sizeof(page_index_template));
4009
4010	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4011
4012		page_index = &lun->mode_pages.index[i];
4013		/*
4014		 * If this is a disk-only mode page, there's no point in
4015		 * setting it up.  For some pages, we have to have some
4016		 * basic information about the disk in order to calculate the
4017		 * mode page data.
4018		 */
4019		if ((lun->be_lun->lun_type != T_DIRECT)
4020		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4021			continue;
4022
4023		switch (page_index->page_code & SMPH_PC_MASK) {
4024		case SMS_RW_ERROR_RECOVERY_PAGE: {
4025			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4026				panic("subpage is incorrect!");
4027			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4028			       &rw_er_page_default,
4029			       sizeof(rw_er_page_default));
4030			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4031			       &rw_er_page_changeable,
4032			       sizeof(rw_er_page_changeable));
4033			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4034			       &rw_er_page_default,
4035			       sizeof(rw_er_page_default));
4036			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4037			       &rw_er_page_default,
4038			       sizeof(rw_er_page_default));
4039			page_index->page_data =
4040				(uint8_t *)lun->mode_pages.rw_er_page;
4041			break;
4042		}
4043		case SMS_FORMAT_DEVICE_PAGE: {
4044			struct scsi_format_page *format_page;
4045
4046			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4047				panic("subpage is incorrect!");
4048
4049			/*
4050			 * Sectors per track are set above.  Bytes per
4051			 * sector need to be set here on a per-LUN basis.
4052			 */
4053			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4054			       &format_page_default,
4055			       sizeof(format_page_default));
4056			memcpy(&lun->mode_pages.format_page[
4057			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4058			       sizeof(format_page_changeable));
4059			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4060			       &format_page_default,
4061			       sizeof(format_page_default));
4062			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4063			       &format_page_default,
4064			       sizeof(format_page_default));
4065
4066			format_page = &lun->mode_pages.format_page[
4067				CTL_PAGE_CURRENT];
4068			scsi_ulto2b(lun->be_lun->blocksize,
4069				    format_page->bytes_per_sector);
4070
4071			format_page = &lun->mode_pages.format_page[
4072				CTL_PAGE_DEFAULT];
4073			scsi_ulto2b(lun->be_lun->blocksize,
4074				    format_page->bytes_per_sector);
4075
4076			format_page = &lun->mode_pages.format_page[
4077				CTL_PAGE_SAVED];
4078			scsi_ulto2b(lun->be_lun->blocksize,
4079				    format_page->bytes_per_sector);
4080
4081			page_index->page_data =
4082				(uint8_t *)lun->mode_pages.format_page;
4083			break;
4084		}
4085		case SMS_RIGID_DISK_PAGE: {
4086			struct scsi_rigid_disk_page *rigid_disk_page;
4087			uint32_t sectors_per_cylinder;
4088			uint64_t cylinders;
4089#ifndef	__XSCALE__
4090			int shift;
4091#endif /* !__XSCALE__ */
4092
4093			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4094				panic("invalid subpage value %d",
4095				      page_index->subpage);
4096
4097			/*
4098			 * Rotation rate and sectors per track are set
4099			 * above.  We calculate the cylinders here based on
4100			 * capacity.  Due to the number of heads and
4101			 * sectors per track we're using, smaller arrays
4102			 * may turn out to have 0 cylinders.  Linux and
4103			 * FreeBSD don't pay attention to these mode pages
4104			 * to figure out capacity, but Solaris does.  It
4105			 * seems to deal with 0 cylinders just fine, and
4106			 * works out a fake geometry based on the capacity.
4107			 */
4108			memcpy(&lun->mode_pages.rigid_disk_page[
4109			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4110			       sizeof(rigid_disk_page_default));
4111			memcpy(&lun->mode_pages.rigid_disk_page[
4112			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4113			       sizeof(rigid_disk_page_changeable));
4114
4115			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4116				CTL_DEFAULT_HEADS;
4117
4118			/*
4119			 * The divide method here will be more accurate,
4120			 * probably, but results in floating point being
4121			 * used in the kernel on i386 (__udivdi3()).  On the
4122			 * XScale, though, __udivdi3() is implemented in
4123			 * software.
4124			 *
4125			 * The shift method for cylinder calculation is
4126			 * accurate if sectors_per_cylinder is a power of
4127			 * 2.  Otherwise it might be slightly off -- you
4128			 * might have a bit of a truncation problem.
4129			 */
4130#ifdef	__XSCALE__
4131			cylinders = (lun->be_lun->maxlba + 1) /
4132				sectors_per_cylinder;
4133#else
4134			for (shift = 31; shift > 0; shift--) {
4135				if (sectors_per_cylinder & (1 << shift))
4136					break;
4137			}
4138			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4139#endif
4140
4141			/*
4142			 * We've basically got 3 bytes, or 24 bits for the
4143			 * cylinder size in the mode page.  If we're over,
4144			 * just round down to 2^24.
4145			 */
4146			if (cylinders > 0xffffff)
4147				cylinders = 0xffffff;
4148
4149			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4150				CTL_PAGE_DEFAULT];
4151			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4152
4153			if ((value = ctl_get_opt(&lun->be_lun->options,
4154			    "rpm")) != NULL) {
4155				scsi_ulto2b(strtol(value, NULL, 0),
4156				     rigid_disk_page->rotation_rate);
4157			}
4158
4159			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4160			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4161			       sizeof(rigid_disk_page_default));
4162			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4163			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4164			       sizeof(rigid_disk_page_default));
4165
4166			page_index->page_data =
4167				(uint8_t *)lun->mode_pages.rigid_disk_page;
4168			break;
4169		}
4170		case SMS_CACHING_PAGE: {
4171			struct scsi_caching_page *caching_page;
4172
4173			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4174				panic("invalid subpage value %d",
4175				      page_index->subpage);
4176			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4177			       &caching_page_default,
4178			       sizeof(caching_page_default));
4179			memcpy(&lun->mode_pages.caching_page[
4180			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4181			       sizeof(caching_page_changeable));
4182			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4183			       &caching_page_default,
4184			       sizeof(caching_page_default));
4185			caching_page = &lun->mode_pages.caching_page[
4186			    CTL_PAGE_SAVED];
4187			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4188			if (value != NULL && strcmp(value, "off") == 0)
4189				caching_page->flags1 &= ~SCP_WCE;
4190			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4191			if (value != NULL && strcmp(value, "off") == 0)
4192				caching_page->flags1 |= SCP_RCD;
4193			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4194			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4195			       sizeof(caching_page_default));
4196			page_index->page_data =
4197				(uint8_t *)lun->mode_pages.caching_page;
4198			break;
4199		}
4200		case SMS_CONTROL_MODE_PAGE: {
4201			struct scsi_control_page *control_page;
4202
4203			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4204				panic("invalid subpage value %d",
4205				      page_index->subpage);
4206
4207			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4208			       &control_page_default,
4209			       sizeof(control_page_default));
4210			memcpy(&lun->mode_pages.control_page[
4211			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4212			       sizeof(control_page_changeable));
4213			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4214			       &control_page_default,
4215			       sizeof(control_page_default));
4216			control_page = &lun->mode_pages.control_page[
4217			    CTL_PAGE_SAVED];
4218			value = ctl_get_opt(&lun->be_lun->options, "reordering");
4219			if (value != NULL && strcmp(value, "unrestricted") == 0) {
4220				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
4221				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
4222			}
4223			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4224			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
4225			       sizeof(control_page_default));
4226			page_index->page_data =
4227				(uint8_t *)lun->mode_pages.control_page;
4228			break;
4229
4230		}
4231		case SMS_INFO_EXCEPTIONS_PAGE: {
4232			switch (page_index->subpage) {
4233			case SMS_SUBPAGE_PAGE_0:
4234				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4235				       &ie_page_default,
4236				       sizeof(ie_page_default));
4237				memcpy(&lun->mode_pages.ie_page[
4238				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4239				       sizeof(ie_page_changeable));
4240				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4241				       &ie_page_default,
4242				       sizeof(ie_page_default));
4243				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4244				       &ie_page_default,
4245				       sizeof(ie_page_default));
4246				page_index->page_data =
4247					(uint8_t *)lun->mode_pages.ie_page;
4248				break;
4249			case 0x02:
4250				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4251				       &lbp_page_default,
4252				       sizeof(lbp_page_default));
4253				memcpy(&lun->mode_pages.lbp_page[
4254				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4255				       sizeof(lbp_page_changeable));
4256				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4257				       &lbp_page_default,
4258				       sizeof(lbp_page_default));
4259				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4260				       &lbp_page_default,
4261				       sizeof(lbp_page_default));
4262				page_index->page_data =
4263					(uint8_t *)lun->mode_pages.lbp_page;
4264			}
4265			break;
4266		}
4267		case SMS_VENDOR_SPECIFIC_PAGE:{
4268			switch (page_index->subpage) {
4269			case DBGCNF_SUBPAGE_CODE: {
4270				struct copan_debugconf_subpage *current_page,
4271							       *saved_page;
4272
4273				memcpy(&lun->mode_pages.debugconf_subpage[
4274				       CTL_PAGE_CURRENT],
4275				       &debugconf_page_default,
4276				       sizeof(debugconf_page_default));
4277				memcpy(&lun->mode_pages.debugconf_subpage[
4278				       CTL_PAGE_CHANGEABLE],
4279				       &debugconf_page_changeable,
4280				       sizeof(debugconf_page_changeable));
4281				memcpy(&lun->mode_pages.debugconf_subpage[
4282				       CTL_PAGE_DEFAULT],
4283				       &debugconf_page_default,
4284				       sizeof(debugconf_page_default));
4285				memcpy(&lun->mode_pages.debugconf_subpage[
4286				       CTL_PAGE_SAVED],
4287				       &debugconf_page_default,
4288				       sizeof(debugconf_page_default));
4289				page_index->page_data =
4290					(uint8_t *)lun->mode_pages.debugconf_subpage;
4291
4292				current_page = (struct copan_debugconf_subpage *)
4293					(page_index->page_data +
4294					 (page_index->page_len *
4295					  CTL_PAGE_CURRENT));
4296				saved_page = (struct copan_debugconf_subpage *)
4297					(page_index->page_data +
4298					 (page_index->page_len *
4299					  CTL_PAGE_SAVED));
4300				break;
4301			}
4302			default:
4303				panic("invalid subpage value %d",
4304				      page_index->subpage);
4305				break;
4306			}
4307   			break;
4308		}
4309		default:
4310			panic("invalid page value %d",
4311			      page_index->page_code & SMPH_PC_MASK);
4312			break;
4313    	}
4314	}
4315
4316	return (CTL_RETVAL_COMPLETE);
4317}
4318
4319static int
4320ctl_init_log_page_index(struct ctl_lun *lun)
4321{
4322	struct ctl_page_index *page_index;
4323	int i, j, prev;
4324
4325	memcpy(&lun->log_pages.index, log_page_index_template,
4326	       sizeof(log_page_index_template));
4327
4328	prev = -1;
4329	for (i = 0, j = 0; i < CTL_NUM_LOG_PAGES; i++) {
4330
4331		page_index = &lun->log_pages.index[i];
4332		/*
4333		 * If this is a disk-only mode page, there's no point in
4334		 * setting it up.  For some pages, we have to have some
4335		 * basic information about the disk in order to calculate the
4336		 * mode page data.
4337		 */
4338		if ((lun->be_lun->lun_type != T_DIRECT)
4339		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4340			continue;
4341
4342		if (page_index->page_code != prev) {
4343			lun->log_pages.pages_page[j] = page_index->page_code;
4344			prev = page_index->page_code;
4345			j++;
4346		}
4347		lun->log_pages.subpages_page[i*2] = page_index->page_code;
4348		lun->log_pages.subpages_page[i*2+1] = page_index->subpage;
4349	}
4350	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4351	lun->log_pages.index[0].page_len = j;
4352	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4353	lun->log_pages.index[1].page_len = i * 2;
4354
4355	return (CTL_RETVAL_COMPLETE);
4356}
4357
4358static int
4359hex2bin(const char *str, uint8_t *buf, int buf_size)
4360{
4361	int i;
4362	u_char c;
4363
4364	memset(buf, 0, buf_size);
4365	while (isspace(str[0]))
4366		str++;
4367	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4368		str += 2;
4369	buf_size *= 2;
4370	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4371		c = str[i];
4372		if (isdigit(c))
4373			c -= '0';
4374		else if (isalpha(c))
4375			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4376		else
4377			break;
4378		if (c >= 16)
4379			break;
4380		if ((i & 1) == 0)
4381			buf[i / 2] |= (c << 4);
4382		else
4383			buf[i / 2] |= c;
4384	}
4385	return ((i + 1) / 2);
4386}
4387
4388/*
4389 * LUN allocation.
4390 *
4391 * Requirements:
4392 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4393 *   wants us to allocate the LUN and he can block.
4394 * - ctl_softc is always set
4395 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4396 *
4397 * Returns 0 for success, non-zero (errno) for failure.
4398 */
4399static int
4400ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4401	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4402{
4403	struct ctl_lun *nlun, *lun;
4404	struct ctl_port *port;
4405	struct scsi_vpd_id_descriptor *desc;
4406	struct scsi_vpd_id_t10 *t10id;
4407	const char *eui, *naa, *scsiname, *vendor, *value;
4408	int lun_number, i, lun_malloced;
4409	int devidlen, idlen1, idlen2 = 0, len;
4410
4411	if (be_lun == NULL)
4412		return (EINVAL);
4413
4414	/*
4415	 * We currently only support Direct Access or Processor LUN types.
4416	 */
4417	switch (be_lun->lun_type) {
4418	case T_DIRECT:
4419		break;
4420	case T_PROCESSOR:
4421		break;
4422	case T_SEQUENTIAL:
4423	case T_CHANGER:
4424	default:
4425		be_lun->lun_config_status(be_lun->be_lun,
4426					  CTL_LUN_CONFIG_FAILURE);
4427		break;
4428	}
4429	if (ctl_lun == NULL) {
4430		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4431		lun_malloced = 1;
4432	} else {
4433		lun_malloced = 0;
4434		lun = ctl_lun;
4435	}
4436
4437	memset(lun, 0, sizeof(*lun));
4438	if (lun_malloced)
4439		lun->flags = CTL_LUN_MALLOCED;
4440
4441	/* Generate LUN ID. */
4442	devidlen = max(CTL_DEVID_MIN_LEN,
4443	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4444	idlen1 = sizeof(*t10id) + devidlen;
4445	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4446	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4447	if (scsiname != NULL) {
4448		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4449		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4450	}
4451	eui = ctl_get_opt(&be_lun->options, "eui");
4452	if (eui != NULL) {
4453		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4454	}
4455	naa = ctl_get_opt(&be_lun->options, "naa");
4456	if (naa != NULL) {
4457		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4458	}
4459	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4460	    M_CTL, M_WAITOK | M_ZERO);
4461	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4462	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4463	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4464	desc->length = idlen1;
4465	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4466	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4467	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4468		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4469	} else {
4470		strncpy(t10id->vendor, vendor,
4471		    min(sizeof(t10id->vendor), strlen(vendor)));
4472	}
4473	strncpy((char *)t10id->vendor_spec_id,
4474	    (char *)be_lun->device_id, devidlen);
4475	if (scsiname != NULL) {
4476		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4477		    desc->length);
4478		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4479		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4480		    SVPD_ID_TYPE_SCSI_NAME;
4481		desc->length = idlen2;
4482		strlcpy(desc->identifier, scsiname, idlen2);
4483	}
4484	if (eui != NULL) {
4485		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4486		    desc->length);
4487		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4488		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4489		    SVPD_ID_TYPE_EUI64;
4490		desc->length = hex2bin(eui, desc->identifier, 16);
4491		desc->length = desc->length > 12 ? 16 :
4492		    (desc->length > 8 ? 12 : 8);
4493		len -= 16 - desc->length;
4494	}
4495	if (naa != NULL) {
4496		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4497		    desc->length);
4498		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4499		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4500		    SVPD_ID_TYPE_NAA;
4501		desc->length = hex2bin(naa, desc->identifier, 16);
4502		desc->length = desc->length > 8 ? 16 : 8;
4503		len -= 16 - desc->length;
4504	}
4505	lun->lun_devid->len = len;
4506
4507	mtx_lock(&ctl_softc->ctl_lock);
4508	/*
4509	 * See if the caller requested a particular LUN number.  If so, see
4510	 * if it is available.  Otherwise, allocate the first available LUN.
4511	 */
4512	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4513		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4514		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4515			mtx_unlock(&ctl_softc->ctl_lock);
4516			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4517				printf("ctl: requested LUN ID %d is higher "
4518				       "than CTL_MAX_LUNS - 1 (%d)\n",
4519				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4520			} else {
4521				/*
4522				 * XXX KDM return an error, or just assign
4523				 * another LUN ID in this case??
4524				 */
4525				printf("ctl: requested LUN ID %d is already "
4526				       "in use\n", be_lun->req_lun_id);
4527			}
4528			if (lun->flags & CTL_LUN_MALLOCED)
4529				free(lun, M_CTL);
4530			be_lun->lun_config_status(be_lun->be_lun,
4531						  CTL_LUN_CONFIG_FAILURE);
4532			return (ENOSPC);
4533		}
4534		lun_number = be_lun->req_lun_id;
4535	} else {
4536		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4537		if (lun_number == -1) {
4538			mtx_unlock(&ctl_softc->ctl_lock);
4539			printf("ctl: can't allocate LUN on target %ju, out of "
4540			       "LUNs\n", (uintmax_t)target_id.id);
4541			if (lun->flags & CTL_LUN_MALLOCED)
4542				free(lun, M_CTL);
4543			be_lun->lun_config_status(be_lun->be_lun,
4544						  CTL_LUN_CONFIG_FAILURE);
4545			return (ENOSPC);
4546		}
4547	}
4548	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4549
4550	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4551	lun->target = target_id;
4552	lun->lun = lun_number;
4553	lun->be_lun = be_lun;
4554	/*
4555	 * The processor LUN is always enabled.  Disk LUNs come on line
4556	 * disabled, and must be enabled by the backend.
4557	 */
4558	lun->flags |= CTL_LUN_DISABLED;
4559	lun->backend = be_lun->be;
4560	be_lun->ctl_lun = lun;
4561	be_lun->lun_id = lun_number;
4562	atomic_add_int(&be_lun->be->num_luns, 1);
4563	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4564		lun->flags |= CTL_LUN_OFFLINE;
4565
4566	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4567		lun->flags |= CTL_LUN_STOPPED;
4568
4569	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4570		lun->flags |= CTL_LUN_INOPERABLE;
4571
4572	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4573		lun->flags |= CTL_LUN_PRIMARY_SC;
4574
4575	value = ctl_get_opt(&be_lun->options, "readonly");
4576	if (value != NULL && strcmp(value, "on") == 0)
4577		lun->flags |= CTL_LUN_READONLY;
4578
4579	lun->ctl_softc = ctl_softc;
4580	TAILQ_INIT(&lun->ooa_queue);
4581	TAILQ_INIT(&lun->blocked_queue);
4582	STAILQ_INIT(&lun->error_list);
4583	ctl_tpc_lun_init(lun);
4584
4585	/*
4586	 * Initialize the mode and log page index.
4587	 */
4588	ctl_init_page_index(lun);
4589	ctl_init_log_page_index(lun);
4590
4591	/*
4592	 * Set the poweron UA for all initiators on this LUN only.
4593	 */
4594	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4595		lun->pending_ua[i] = CTL_UA_POWERON;
4596
4597	/*
4598	 * Now, before we insert this lun on the lun list, set the lun
4599	 * inventory changed UA for all other luns.
4600	 */
4601	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4602		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4603			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4604		}
4605	}
4606
4607	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4608
4609	ctl_softc->ctl_luns[lun_number] = lun;
4610
4611	ctl_softc->num_luns++;
4612
4613	/* Setup statistics gathering */
4614	lun->stats.device_type = be_lun->lun_type;
4615	lun->stats.lun_number = lun_number;
4616	if (lun->stats.device_type == T_DIRECT)
4617		lun->stats.blocksize = be_lun->blocksize;
4618	else
4619		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4620	for (i = 0;i < CTL_MAX_PORTS;i++)
4621		lun->stats.ports[i].targ_port = i;
4622
4623	mtx_unlock(&ctl_softc->ctl_lock);
4624
4625	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4626
4627	/*
4628	 * Run through each registered FETD and bring it online if it isn't
4629	 * already.  Enable the target ID if it hasn't been enabled, and
4630	 * enable this particular LUN.
4631	 */
4632	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4633		int retval;
4634
4635		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4636		if (retval != 0) {
4637			printf("ctl_alloc_lun: FETD %s port %d returned error "
4638			       "%d for lun_enable on target %ju lun %d\n",
4639			       port->port_name, port->targ_port, retval,
4640			       (uintmax_t)target_id.id, lun_number);
4641		} else
4642			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4643	}
4644	return (0);
4645}
4646
4647/*
4648 * Delete a LUN.
4649 * Assumptions:
4650 * - LUN has already been marked invalid and any pending I/O has been taken
4651 *   care of.
4652 */
4653static int
4654ctl_free_lun(struct ctl_lun *lun)
4655{
4656	struct ctl_softc *softc;
4657#if 0
4658	struct ctl_port *port;
4659#endif
4660	struct ctl_lun *nlun;
4661	int i;
4662
4663	softc = lun->ctl_softc;
4664
4665	mtx_assert(&softc->ctl_lock, MA_OWNED);
4666
4667	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4668
4669	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4670
4671	softc->ctl_luns[lun->lun] = NULL;
4672
4673	if (!TAILQ_EMPTY(&lun->ooa_queue))
4674		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4675
4676	softc->num_luns--;
4677
4678	/*
4679	 * XXX KDM this scheme only works for a single target/multiple LUN
4680	 * setup.  It needs to be revamped for a multiple target scheme.
4681	 *
4682	 * XXX KDM this results in port->lun_disable() getting called twice,
4683	 * once when ctl_disable_lun() is called, and a second time here.
4684	 * We really need to re-think the LUN disable semantics.  There
4685	 * should probably be several steps/levels to LUN removal:
4686	 *  - disable
4687	 *  - invalidate
4688	 *  - free
4689 	 *
4690	 * Right now we only have a disable method when communicating to
4691	 * the front end ports, at least for individual LUNs.
4692	 */
4693#if 0
4694	STAILQ_FOREACH(port, &softc->port_list, links) {
4695		int retval;
4696
4697		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4698					 lun->lun);
4699		if (retval != 0) {
4700			printf("ctl_free_lun: FETD %s port %d returned error "
4701			       "%d for lun_disable on target %ju lun %jd\n",
4702			       port->port_name, port->targ_port, retval,
4703			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4704		}
4705
4706		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4707			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4708
4709			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4710			if (retval != 0) {
4711				printf("ctl_free_lun: FETD %s port %d "
4712				       "returned error %d for targ_disable on "
4713				       "target %ju\n", port->port_name,
4714				       port->targ_port, retval,
4715				       (uintmax_t)lun->target.id);
4716			} else
4717				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4718
4719			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4720				continue;
4721
4722#if 0
4723			port->port_offline(port->onoff_arg);
4724			port->status &= ~CTL_PORT_STATUS_ONLINE;
4725#endif
4726		}
4727	}
4728#endif
4729
4730	/*
4731	 * Tell the backend to free resources, if this LUN has a backend.
4732	 */
4733	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4734	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4735
4736	ctl_tpc_lun_shutdown(lun);
4737	mtx_destroy(&lun->lun_lock);
4738	free(lun->lun_devid, M_CTL);
4739	free(lun->write_buffer, M_CTL);
4740	if (lun->flags & CTL_LUN_MALLOCED)
4741		free(lun, M_CTL);
4742
4743	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4744		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4745			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4746		}
4747	}
4748
4749	return (0);
4750}
4751
4752static void
4753ctl_create_lun(struct ctl_be_lun *be_lun)
4754{
4755	struct ctl_softc *ctl_softc;
4756
4757	ctl_softc = control_softc;
4758
4759	/*
4760	 * ctl_alloc_lun() should handle all potential failure cases.
4761	 */
4762	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4763}
4764
4765int
4766ctl_add_lun(struct ctl_be_lun *be_lun)
4767{
4768	struct ctl_softc *ctl_softc = control_softc;
4769
4770	mtx_lock(&ctl_softc->ctl_lock);
4771	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4772	mtx_unlock(&ctl_softc->ctl_lock);
4773	wakeup(&ctl_softc->pending_lun_queue);
4774
4775	return (0);
4776}
4777
4778int
4779ctl_enable_lun(struct ctl_be_lun *be_lun)
4780{
4781	struct ctl_softc *ctl_softc;
4782	struct ctl_port *port, *nport;
4783	struct ctl_lun *lun;
4784	int retval;
4785
4786	ctl_softc = control_softc;
4787
4788	lun = (struct ctl_lun *)be_lun->ctl_lun;
4789
4790	mtx_lock(&ctl_softc->ctl_lock);
4791	mtx_lock(&lun->lun_lock);
4792	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4793		/*
4794		 * eh?  Why did we get called if the LUN is already
4795		 * enabled?
4796		 */
4797		mtx_unlock(&lun->lun_lock);
4798		mtx_unlock(&ctl_softc->ctl_lock);
4799		return (0);
4800	}
4801	lun->flags &= ~CTL_LUN_DISABLED;
4802	mtx_unlock(&lun->lun_lock);
4803
4804	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
4805		nport = STAILQ_NEXT(port, links);
4806
4807		/*
4808		 * Drop the lock while we call the FETD's enable routine.
4809		 * This can lead to a callback into CTL (at least in the
4810		 * case of the internal initiator frontend.
4811		 */
4812		mtx_unlock(&ctl_softc->ctl_lock);
4813		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4814		mtx_lock(&ctl_softc->ctl_lock);
4815		if (retval != 0) {
4816			printf("%s: FETD %s port %d returned error "
4817			       "%d for lun_enable on target %ju lun %jd\n",
4818			       __func__, port->port_name, port->targ_port, retval,
4819			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4820		}
4821#if 0
4822		 else {
4823            /* NOTE:  TODO:  why does lun enable affect port status? */
4824			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4825		}
4826#endif
4827	}
4828
4829	mtx_unlock(&ctl_softc->ctl_lock);
4830
4831	return (0);
4832}
4833
4834int
4835ctl_disable_lun(struct ctl_be_lun *be_lun)
4836{
4837	struct ctl_softc *ctl_softc;
4838	struct ctl_port *port;
4839	struct ctl_lun *lun;
4840	int retval;
4841
4842	ctl_softc = control_softc;
4843
4844	lun = (struct ctl_lun *)be_lun->ctl_lun;
4845
4846	mtx_lock(&ctl_softc->ctl_lock);
4847	mtx_lock(&lun->lun_lock);
4848	if (lun->flags & CTL_LUN_DISABLED) {
4849		mtx_unlock(&lun->lun_lock);
4850		mtx_unlock(&ctl_softc->ctl_lock);
4851		return (0);
4852	}
4853	lun->flags |= CTL_LUN_DISABLED;
4854	mtx_unlock(&lun->lun_lock);
4855
4856	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4857		mtx_unlock(&ctl_softc->ctl_lock);
4858		/*
4859		 * Drop the lock before we call the frontend's disable
4860		 * routine, to avoid lock order reversals.
4861		 *
4862		 * XXX KDM what happens if the frontend list changes while
4863		 * we're traversing it?  It's unlikely, but should be handled.
4864		 */
4865		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4866					 lun->lun);
4867		mtx_lock(&ctl_softc->ctl_lock);
4868		if (retval != 0) {
4869			printf("ctl_alloc_lun: FETD %s port %d returned error "
4870			       "%d for lun_disable on target %ju lun %jd\n",
4871			       port->port_name, port->targ_port, retval,
4872			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4873		}
4874	}
4875
4876	mtx_unlock(&ctl_softc->ctl_lock);
4877
4878	return (0);
4879}
4880
4881int
4882ctl_start_lun(struct ctl_be_lun *be_lun)
4883{
4884	struct ctl_softc *ctl_softc;
4885	struct ctl_lun *lun;
4886
4887	ctl_softc = control_softc;
4888
4889	lun = (struct ctl_lun *)be_lun->ctl_lun;
4890
4891	mtx_lock(&lun->lun_lock);
4892	lun->flags &= ~CTL_LUN_STOPPED;
4893	mtx_unlock(&lun->lun_lock);
4894
4895	return (0);
4896}
4897
4898int
4899ctl_stop_lun(struct ctl_be_lun *be_lun)
4900{
4901	struct ctl_softc *ctl_softc;
4902	struct ctl_lun *lun;
4903
4904	ctl_softc = control_softc;
4905
4906	lun = (struct ctl_lun *)be_lun->ctl_lun;
4907
4908	mtx_lock(&lun->lun_lock);
4909	lun->flags |= CTL_LUN_STOPPED;
4910	mtx_unlock(&lun->lun_lock);
4911
4912	return (0);
4913}
4914
4915int
4916ctl_lun_offline(struct ctl_be_lun *be_lun)
4917{
4918	struct ctl_softc *ctl_softc;
4919	struct ctl_lun *lun;
4920
4921	ctl_softc = control_softc;
4922
4923	lun = (struct ctl_lun *)be_lun->ctl_lun;
4924
4925	mtx_lock(&lun->lun_lock);
4926	lun->flags |= CTL_LUN_OFFLINE;
4927	mtx_unlock(&lun->lun_lock);
4928
4929	return (0);
4930}
4931
4932int
4933ctl_lun_online(struct ctl_be_lun *be_lun)
4934{
4935	struct ctl_softc *ctl_softc;
4936	struct ctl_lun *lun;
4937
4938	ctl_softc = control_softc;
4939
4940	lun = (struct ctl_lun *)be_lun->ctl_lun;
4941
4942	mtx_lock(&lun->lun_lock);
4943	lun->flags &= ~CTL_LUN_OFFLINE;
4944	mtx_unlock(&lun->lun_lock);
4945
4946	return (0);
4947}
4948
4949int
4950ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4951{
4952	struct ctl_softc *ctl_softc;
4953	struct ctl_lun *lun;
4954
4955	ctl_softc = control_softc;
4956
4957	lun = (struct ctl_lun *)be_lun->ctl_lun;
4958
4959	mtx_lock(&lun->lun_lock);
4960
4961	/*
4962	 * The LUN needs to be disabled before it can be marked invalid.
4963	 */
4964	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4965		mtx_unlock(&lun->lun_lock);
4966		return (-1);
4967	}
4968	/*
4969	 * Mark the LUN invalid.
4970	 */
4971	lun->flags |= CTL_LUN_INVALID;
4972
4973	/*
4974	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4975	 * If we have something in the OOA queue, we'll free it when the
4976	 * last I/O completes.
4977	 */
4978	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4979		mtx_unlock(&lun->lun_lock);
4980		mtx_lock(&ctl_softc->ctl_lock);
4981		ctl_free_lun(lun);
4982		mtx_unlock(&ctl_softc->ctl_lock);
4983	} else
4984		mtx_unlock(&lun->lun_lock);
4985
4986	return (0);
4987}
4988
4989int
4990ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4991{
4992	struct ctl_softc *ctl_softc;
4993	struct ctl_lun *lun;
4994
4995	ctl_softc = control_softc;
4996	lun = (struct ctl_lun *)be_lun->ctl_lun;
4997
4998	mtx_lock(&lun->lun_lock);
4999	lun->flags |= CTL_LUN_INOPERABLE;
5000	mtx_unlock(&lun->lun_lock);
5001
5002	return (0);
5003}
5004
5005int
5006ctl_lun_operable(struct ctl_be_lun *be_lun)
5007{
5008	struct ctl_softc *ctl_softc;
5009	struct ctl_lun *lun;
5010
5011	ctl_softc = control_softc;
5012	lun = (struct ctl_lun *)be_lun->ctl_lun;
5013
5014	mtx_lock(&lun->lun_lock);
5015	lun->flags &= ~CTL_LUN_INOPERABLE;
5016	mtx_unlock(&lun->lun_lock);
5017
5018	return (0);
5019}
5020
5021void
5022ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5023{
5024	struct ctl_lun *lun;
5025	struct ctl_softc *softc;
5026	int i;
5027
5028	softc = control_softc;
5029
5030	lun = (struct ctl_lun *)be_lun->ctl_lun;
5031
5032	mtx_lock(&lun->lun_lock);
5033
5034	for (i = 0; i < CTL_MAX_INITIATORS; i++)
5035		lun->pending_ua[i] |= CTL_UA_CAPACITY_CHANGED;
5036
5037	mtx_unlock(&lun->lun_lock);
5038}
5039
5040/*
5041 * Backend "memory move is complete" callback for requests that never
5042 * make it down to say RAIDCore's configuration code.
5043 */
5044int
5045ctl_config_move_done(union ctl_io *io)
5046{
5047	int retval;
5048
5049	retval = CTL_RETVAL_COMPLETE;
5050
5051
5052	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5053	/*
5054	 * XXX KDM this shouldn't happen, but what if it does?
5055	 */
5056	if (io->io_hdr.io_type != CTL_IO_SCSI)
5057		panic("I/O type isn't CTL_IO_SCSI!");
5058
5059	if ((io->io_hdr.port_status == 0)
5060	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5061	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
5062		io->io_hdr.status = CTL_SUCCESS;
5063	else if ((io->io_hdr.port_status != 0)
5064	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5065	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
5066		/*
5067		 * For hardware error sense keys, the sense key
5068		 * specific value is defined to be a retry count,
5069		 * but we use it to pass back an internal FETD
5070		 * error code.  XXX KDM  Hopefully the FETD is only
5071		 * using 16 bits for an error code, since that's
5072		 * all the space we have in the sks field.
5073		 */
5074		ctl_set_internal_failure(&io->scsiio,
5075					 /*sks_valid*/ 1,
5076					 /*retry_count*/
5077					 io->io_hdr.port_status);
5078		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5079			free(io->scsiio.kern_data_ptr, M_CTL);
5080		ctl_done(io);
5081		goto bailout;
5082	}
5083
5084	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
5085	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
5086	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5087		/*
5088		 * XXX KDM just assuming a single pointer here, and not a
5089		 * S/G list.  If we start using S/G lists for config data,
5090		 * we'll need to know how to clean them up here as well.
5091		 */
5092		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5093			free(io->scsiio.kern_data_ptr, M_CTL);
5094		/* Hopefully the user has already set the status... */
5095		ctl_done(io);
5096	} else {
5097		/*
5098		 * XXX KDM now we need to continue data movement.  Some
5099		 * options:
5100		 * - call ctl_scsiio() again?  We don't do this for data
5101		 *   writes, because for those at least we know ahead of
5102		 *   time where the write will go and how long it is.  For
5103		 *   config writes, though, that information is largely
5104		 *   contained within the write itself, thus we need to
5105		 *   parse out the data again.
5106		 *
5107		 * - Call some other function once the data is in?
5108		 */
5109		if (ctl_debug & CTL_DEBUG_CDB_DATA)
5110			ctl_data_print(io);
5111
5112		/*
5113		 * XXX KDM call ctl_scsiio() again for now, and check flag
5114		 * bits to see whether we're allocated or not.
5115		 */
5116		retval = ctl_scsiio(&io->scsiio);
5117	}
5118bailout:
5119	return (retval);
5120}
5121
5122/*
5123 * This gets called by a backend driver when it is done with a
5124 * data_submit method.
5125 */
5126void
5127ctl_data_submit_done(union ctl_io *io)
5128{
5129	/*
5130	 * If the IO_CONT flag is set, we need to call the supplied
5131	 * function to continue processing the I/O, instead of completing
5132	 * the I/O just yet.
5133	 *
5134	 * If there is an error, though, we don't want to keep processing.
5135	 * Instead, just send status back to the initiator.
5136	 */
5137	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5138	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5139	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5140	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5141		io->scsiio.io_cont(io);
5142		return;
5143	}
5144	ctl_done(io);
5145}
5146
5147/*
5148 * This gets called by a backend driver when it is done with a
5149 * configuration write.
5150 */
5151void
5152ctl_config_write_done(union ctl_io *io)
5153{
5154	uint8_t *buf;
5155
5156	/*
5157	 * If the IO_CONT flag is set, we need to call the supplied
5158	 * function to continue processing the I/O, instead of completing
5159	 * the I/O just yet.
5160	 *
5161	 * If there is an error, though, we don't want to keep processing.
5162	 * Instead, just send status back to the initiator.
5163	 */
5164	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5165	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5166	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5167	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5168		io->scsiio.io_cont(io);
5169		return;
5170	}
5171	/*
5172	 * Since a configuration write can be done for commands that actually
5173	 * have data allocated, like write buffer, and commands that have
5174	 * no data, like start/stop unit, we need to check here.
5175	 */
5176	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5177		buf = io->scsiio.kern_data_ptr;
5178	else
5179		buf = NULL;
5180	ctl_done(io);
5181	if (buf)
5182		free(buf, M_CTL);
5183}
5184
5185/*
5186 * SCSI release command.
5187 */
5188int
5189ctl_scsi_release(struct ctl_scsiio *ctsio)
5190{
5191	int length, longid, thirdparty_id, resv_id;
5192	struct ctl_softc *ctl_softc;
5193	struct ctl_lun *lun;
5194	uint32_t residx;
5195
5196	length = 0;
5197	resv_id = 0;
5198
5199	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5200
5201	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5202	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5203	ctl_softc = control_softc;
5204
5205	switch (ctsio->cdb[0]) {
5206	case RELEASE_10: {
5207		struct scsi_release_10 *cdb;
5208
5209		cdb = (struct scsi_release_10 *)ctsio->cdb;
5210
5211		if (cdb->byte2 & SR10_LONGID)
5212			longid = 1;
5213		else
5214			thirdparty_id = cdb->thirdparty_id;
5215
5216		resv_id = cdb->resv_id;
5217		length = scsi_2btoul(cdb->length);
5218		break;
5219	}
5220	}
5221
5222
5223	/*
5224	 * XXX KDM right now, we only support LUN reservation.  We don't
5225	 * support 3rd party reservations, or extent reservations, which
5226	 * might actually need the parameter list.  If we've gotten this
5227	 * far, we've got a LUN reservation.  Anything else got kicked out
5228	 * above.  So, according to SPC, ignore the length.
5229	 */
5230	length = 0;
5231
5232	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5233	 && (length > 0)) {
5234		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5235		ctsio->kern_data_len = length;
5236		ctsio->kern_total_len = length;
5237		ctsio->kern_data_resid = 0;
5238		ctsio->kern_rel_offset = 0;
5239		ctsio->kern_sg_entries = 0;
5240		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5241		ctsio->be_move_done = ctl_config_move_done;
5242		ctl_datamove((union ctl_io *)ctsio);
5243
5244		return (CTL_RETVAL_COMPLETE);
5245	}
5246
5247	if (length > 0)
5248		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5249
5250	mtx_lock(&lun->lun_lock);
5251
5252	/*
5253	 * According to SPC, it is not an error for an intiator to attempt
5254	 * to release a reservation on a LUN that isn't reserved, or that
5255	 * is reserved by another initiator.  The reservation can only be
5256	 * released, though, by the initiator who made it or by one of
5257	 * several reset type events.
5258	 */
5259	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5260			lun->flags &= ~CTL_LUN_RESERVED;
5261
5262	mtx_unlock(&lun->lun_lock);
5263
5264	ctsio->scsi_status = SCSI_STATUS_OK;
5265	ctsio->io_hdr.status = CTL_SUCCESS;
5266
5267	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5268		free(ctsio->kern_data_ptr, M_CTL);
5269		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5270	}
5271
5272	ctl_done((union ctl_io *)ctsio);
5273	return (CTL_RETVAL_COMPLETE);
5274}
5275
5276int
5277ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5278{
5279	int extent, thirdparty, longid;
5280	int resv_id, length;
5281	uint64_t thirdparty_id;
5282	struct ctl_softc *ctl_softc;
5283	struct ctl_lun *lun;
5284	uint32_t residx;
5285
5286	extent = 0;
5287	thirdparty = 0;
5288	longid = 0;
5289	resv_id = 0;
5290	length = 0;
5291	thirdparty_id = 0;
5292
5293	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5294
5295	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5296	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5297	ctl_softc = control_softc;
5298
5299	switch (ctsio->cdb[0]) {
5300	case RESERVE_10: {
5301		struct scsi_reserve_10 *cdb;
5302
5303		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5304
5305		if (cdb->byte2 & SR10_LONGID)
5306			longid = 1;
5307		else
5308			thirdparty_id = cdb->thirdparty_id;
5309
5310		resv_id = cdb->resv_id;
5311		length = scsi_2btoul(cdb->length);
5312		break;
5313	}
5314	}
5315
5316	/*
5317	 * XXX KDM right now, we only support LUN reservation.  We don't
5318	 * support 3rd party reservations, or extent reservations, which
5319	 * might actually need the parameter list.  If we've gotten this
5320	 * far, we've got a LUN reservation.  Anything else got kicked out
5321	 * above.  So, according to SPC, ignore the length.
5322	 */
5323	length = 0;
5324
5325	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5326	 && (length > 0)) {
5327		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5328		ctsio->kern_data_len = length;
5329		ctsio->kern_total_len = length;
5330		ctsio->kern_data_resid = 0;
5331		ctsio->kern_rel_offset = 0;
5332		ctsio->kern_sg_entries = 0;
5333		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5334		ctsio->be_move_done = ctl_config_move_done;
5335		ctl_datamove((union ctl_io *)ctsio);
5336
5337		return (CTL_RETVAL_COMPLETE);
5338	}
5339
5340	if (length > 0)
5341		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5342
5343	mtx_lock(&lun->lun_lock);
5344	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5345		ctl_set_reservation_conflict(ctsio);
5346		goto bailout;
5347	}
5348
5349	lun->flags |= CTL_LUN_RESERVED;
5350	lun->res_idx = residx;
5351
5352	ctsio->scsi_status = SCSI_STATUS_OK;
5353	ctsio->io_hdr.status = CTL_SUCCESS;
5354
5355bailout:
5356	mtx_unlock(&lun->lun_lock);
5357
5358	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5359		free(ctsio->kern_data_ptr, M_CTL);
5360		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5361	}
5362
5363	ctl_done((union ctl_io *)ctsio);
5364	return (CTL_RETVAL_COMPLETE);
5365}
5366
5367int
5368ctl_start_stop(struct ctl_scsiio *ctsio)
5369{
5370	struct scsi_start_stop_unit *cdb;
5371	struct ctl_lun *lun;
5372	struct ctl_softc *ctl_softc;
5373	int retval;
5374
5375	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5376
5377	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5378	ctl_softc = control_softc;
5379	retval = 0;
5380
5381	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5382
5383	/*
5384	 * XXX KDM
5385	 * We don't support the immediate bit on a stop unit.  In order to
5386	 * do that, we would need to code up a way to know that a stop is
5387	 * pending, and hold off any new commands until it completes, one
5388	 * way or another.  Then we could accept or reject those commands
5389	 * depending on its status.  We would almost need to do the reverse
5390	 * of what we do below for an immediate start -- return the copy of
5391	 * the ctl_io to the FETD with status to send to the host (and to
5392	 * free the copy!) and then free the original I/O once the stop
5393	 * actually completes.  That way, the OOA queue mechanism can work
5394	 * to block commands that shouldn't proceed.  Another alternative
5395	 * would be to put the copy in the queue in place of the original,
5396	 * and return the original back to the caller.  That could be
5397	 * slightly safer..
5398	 */
5399	if ((cdb->byte2 & SSS_IMMED)
5400	 && ((cdb->how & SSS_START) == 0)) {
5401		ctl_set_invalid_field(ctsio,
5402				      /*sks_valid*/ 1,
5403				      /*command*/ 1,
5404				      /*field*/ 1,
5405				      /*bit_valid*/ 1,
5406				      /*bit*/ 0);
5407		ctl_done((union ctl_io *)ctsio);
5408		return (CTL_RETVAL_COMPLETE);
5409	}
5410
5411	if ((lun->flags & CTL_LUN_PR_RESERVED)
5412	 && ((cdb->how & SSS_START)==0)) {
5413		uint32_t residx;
5414
5415		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5416		if (lun->pr_keys[residx] == 0
5417		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5418
5419			ctl_set_reservation_conflict(ctsio);
5420			ctl_done((union ctl_io *)ctsio);
5421			return (CTL_RETVAL_COMPLETE);
5422		}
5423	}
5424
5425	/*
5426	 * If there is no backend on this device, we can't start or stop
5427	 * it.  In theory we shouldn't get any start/stop commands in the
5428	 * first place at this level if the LUN doesn't have a backend.
5429	 * That should get stopped by the command decode code.
5430	 */
5431	if (lun->backend == NULL) {
5432		ctl_set_invalid_opcode(ctsio);
5433		ctl_done((union ctl_io *)ctsio);
5434		return (CTL_RETVAL_COMPLETE);
5435	}
5436
5437	/*
5438	 * XXX KDM Copan-specific offline behavior.
5439	 * Figure out a reasonable way to port this?
5440	 */
5441#ifdef NEEDTOPORT
5442	mtx_lock(&lun->lun_lock);
5443
5444	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5445	 && (lun->flags & CTL_LUN_OFFLINE)) {
5446		/*
5447		 * If the LUN is offline, and the on/offline bit isn't set,
5448		 * reject the start or stop.  Otherwise, let it through.
5449		 */
5450		mtx_unlock(&lun->lun_lock);
5451		ctl_set_lun_not_ready(ctsio);
5452		ctl_done((union ctl_io *)ctsio);
5453	} else {
5454		mtx_unlock(&lun->lun_lock);
5455#endif /* NEEDTOPORT */
5456		/*
5457		 * This could be a start or a stop when we're online,
5458		 * or a stop/offline or start/online.  A start or stop when
5459		 * we're offline is covered in the case above.
5460		 */
5461		/*
5462		 * In the non-immediate case, we send the request to
5463		 * the backend and return status to the user when
5464		 * it is done.
5465		 *
5466		 * In the immediate case, we allocate a new ctl_io
5467		 * to hold a copy of the request, and send that to
5468		 * the backend.  We then set good status on the
5469		 * user's request and return it immediately.
5470		 */
5471		if (cdb->byte2 & SSS_IMMED) {
5472			union ctl_io *new_io;
5473
5474			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5475			if (new_io == NULL) {
5476				ctl_set_busy(ctsio);
5477				ctl_done((union ctl_io *)ctsio);
5478			} else {
5479				ctl_copy_io((union ctl_io *)ctsio,
5480					    new_io);
5481				retval = lun->backend->config_write(new_io);
5482				ctl_set_success(ctsio);
5483				ctl_done((union ctl_io *)ctsio);
5484			}
5485		} else {
5486			retval = lun->backend->config_write(
5487				(union ctl_io *)ctsio);
5488		}
5489#ifdef NEEDTOPORT
5490	}
5491#endif
5492	return (retval);
5493}
5494
5495/*
5496 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5497 * we don't really do anything with the LBA and length fields if the user
5498 * passes them in.  Instead we'll just flush out the cache for the entire
5499 * LUN.
5500 */
5501int
5502ctl_sync_cache(struct ctl_scsiio *ctsio)
5503{
5504	struct ctl_lun *lun;
5505	struct ctl_softc *ctl_softc;
5506	uint64_t starting_lba;
5507	uint32_t block_count;
5508	int retval;
5509
5510	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5511
5512	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5513	ctl_softc = control_softc;
5514	retval = 0;
5515
5516	switch (ctsio->cdb[0]) {
5517	case SYNCHRONIZE_CACHE: {
5518		struct scsi_sync_cache *cdb;
5519		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5520
5521		starting_lba = scsi_4btoul(cdb->begin_lba);
5522		block_count = scsi_2btoul(cdb->lb_count);
5523		break;
5524	}
5525	case SYNCHRONIZE_CACHE_16: {
5526		struct scsi_sync_cache_16 *cdb;
5527		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5528
5529		starting_lba = scsi_8btou64(cdb->begin_lba);
5530		block_count = scsi_4btoul(cdb->lb_count);
5531		break;
5532	}
5533	default:
5534		ctl_set_invalid_opcode(ctsio);
5535		ctl_done((union ctl_io *)ctsio);
5536		goto bailout;
5537		break; /* NOTREACHED */
5538	}
5539
5540	/*
5541	 * We check the LBA and length, but don't do anything with them.
5542	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5543	 * get flushed.  This check will just help satisfy anyone who wants
5544	 * to see an error for an out of range LBA.
5545	 */
5546	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5547		ctl_set_lba_out_of_range(ctsio);
5548		ctl_done((union ctl_io *)ctsio);
5549		goto bailout;
5550	}
5551
5552	/*
5553	 * If this LUN has no backend, we can't flush the cache anyway.
5554	 */
5555	if (lun->backend == NULL) {
5556		ctl_set_invalid_opcode(ctsio);
5557		ctl_done((union ctl_io *)ctsio);
5558		goto bailout;
5559	}
5560
5561	/*
5562	 * Check to see whether we're configured to send the SYNCHRONIZE
5563	 * CACHE command directly to the back end.
5564	 */
5565	mtx_lock(&lun->lun_lock);
5566	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5567	 && (++(lun->sync_count) >= lun->sync_interval)) {
5568		lun->sync_count = 0;
5569		mtx_unlock(&lun->lun_lock);
5570		retval = lun->backend->config_write((union ctl_io *)ctsio);
5571	} else {
5572		mtx_unlock(&lun->lun_lock);
5573		ctl_set_success(ctsio);
5574		ctl_done((union ctl_io *)ctsio);
5575	}
5576
5577bailout:
5578
5579	return (retval);
5580}
5581
5582int
5583ctl_format(struct ctl_scsiio *ctsio)
5584{
5585	struct scsi_format *cdb;
5586	struct ctl_lun *lun;
5587	struct ctl_softc *ctl_softc;
5588	int length, defect_list_len;
5589
5590	CTL_DEBUG_PRINT(("ctl_format\n"));
5591
5592	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5593	ctl_softc = control_softc;
5594
5595	cdb = (struct scsi_format *)ctsio->cdb;
5596
5597	length = 0;
5598	if (cdb->byte2 & SF_FMTDATA) {
5599		if (cdb->byte2 & SF_LONGLIST)
5600			length = sizeof(struct scsi_format_header_long);
5601		else
5602			length = sizeof(struct scsi_format_header_short);
5603	}
5604
5605	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5606	 && (length > 0)) {
5607		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5608		ctsio->kern_data_len = length;
5609		ctsio->kern_total_len = length;
5610		ctsio->kern_data_resid = 0;
5611		ctsio->kern_rel_offset = 0;
5612		ctsio->kern_sg_entries = 0;
5613		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5614		ctsio->be_move_done = ctl_config_move_done;
5615		ctl_datamove((union ctl_io *)ctsio);
5616
5617		return (CTL_RETVAL_COMPLETE);
5618	}
5619
5620	defect_list_len = 0;
5621
5622	if (cdb->byte2 & SF_FMTDATA) {
5623		if (cdb->byte2 & SF_LONGLIST) {
5624			struct scsi_format_header_long *header;
5625
5626			header = (struct scsi_format_header_long *)
5627				ctsio->kern_data_ptr;
5628
5629			defect_list_len = scsi_4btoul(header->defect_list_len);
5630			if (defect_list_len != 0) {
5631				ctl_set_invalid_field(ctsio,
5632						      /*sks_valid*/ 1,
5633						      /*command*/ 0,
5634						      /*field*/ 2,
5635						      /*bit_valid*/ 0,
5636						      /*bit*/ 0);
5637				goto bailout;
5638			}
5639		} else {
5640			struct scsi_format_header_short *header;
5641
5642			header = (struct scsi_format_header_short *)
5643				ctsio->kern_data_ptr;
5644
5645			defect_list_len = scsi_2btoul(header->defect_list_len);
5646			if (defect_list_len != 0) {
5647				ctl_set_invalid_field(ctsio,
5648						      /*sks_valid*/ 1,
5649						      /*command*/ 0,
5650						      /*field*/ 2,
5651						      /*bit_valid*/ 0,
5652						      /*bit*/ 0);
5653				goto bailout;
5654			}
5655		}
5656	}
5657
5658	/*
5659	 * The format command will clear out the "Medium format corrupted"
5660	 * status if set by the configuration code.  That status is really
5661	 * just a way to notify the host that we have lost the media, and
5662	 * get them to issue a command that will basically make them think
5663	 * they're blowing away the media.
5664	 */
5665	mtx_lock(&lun->lun_lock);
5666	lun->flags &= ~CTL_LUN_INOPERABLE;
5667	mtx_unlock(&lun->lun_lock);
5668
5669	ctsio->scsi_status = SCSI_STATUS_OK;
5670	ctsio->io_hdr.status = CTL_SUCCESS;
5671bailout:
5672
5673	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5674		free(ctsio->kern_data_ptr, M_CTL);
5675		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5676	}
5677
5678	ctl_done((union ctl_io *)ctsio);
5679	return (CTL_RETVAL_COMPLETE);
5680}
5681
5682int
5683ctl_read_buffer(struct ctl_scsiio *ctsio)
5684{
5685	struct scsi_read_buffer *cdb;
5686	struct ctl_lun *lun;
5687	int buffer_offset, len;
5688	static uint8_t descr[4];
5689	static uint8_t echo_descr[4] = { 0 };
5690
5691	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5692
5693	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5694	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5695
5696	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5697	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5698	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5699		ctl_set_invalid_field(ctsio,
5700				      /*sks_valid*/ 1,
5701				      /*command*/ 1,
5702				      /*field*/ 1,
5703				      /*bit_valid*/ 1,
5704				      /*bit*/ 4);
5705		ctl_done((union ctl_io *)ctsio);
5706		return (CTL_RETVAL_COMPLETE);
5707	}
5708
5709	len = scsi_3btoul(cdb->length);
5710	buffer_offset = scsi_3btoul(cdb->offset);
5711
5712	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5713		ctl_set_invalid_field(ctsio,
5714				      /*sks_valid*/ 1,
5715				      /*command*/ 1,
5716				      /*field*/ 6,
5717				      /*bit_valid*/ 0,
5718				      /*bit*/ 0);
5719		ctl_done((union ctl_io *)ctsio);
5720		return (CTL_RETVAL_COMPLETE);
5721	}
5722
5723	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5724		descr[0] = 0;
5725		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5726		ctsio->kern_data_ptr = descr;
5727		len = min(len, sizeof(descr));
5728	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5729		ctsio->kern_data_ptr = echo_descr;
5730		len = min(len, sizeof(echo_descr));
5731	} else {
5732		if (lun->write_buffer == NULL) {
5733			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5734			    M_CTL, M_WAITOK);
5735		}
5736		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5737	}
5738	ctsio->kern_data_len = len;
5739	ctsio->kern_total_len = len;
5740	ctsio->kern_data_resid = 0;
5741	ctsio->kern_rel_offset = 0;
5742	ctsio->kern_sg_entries = 0;
5743	ctsio->be_move_done = ctl_config_move_done;
5744	ctl_datamove((union ctl_io *)ctsio);
5745
5746	return (CTL_RETVAL_COMPLETE);
5747}
5748
5749int
5750ctl_write_buffer(struct ctl_scsiio *ctsio)
5751{
5752	struct scsi_write_buffer *cdb;
5753	struct ctl_lun *lun;
5754	int buffer_offset, len;
5755
5756	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5757
5758	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5759	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5760
5761	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5762		ctl_set_invalid_field(ctsio,
5763				      /*sks_valid*/ 1,
5764				      /*command*/ 1,
5765				      /*field*/ 1,
5766				      /*bit_valid*/ 1,
5767				      /*bit*/ 4);
5768		ctl_done((union ctl_io *)ctsio);
5769		return (CTL_RETVAL_COMPLETE);
5770	}
5771
5772	len = scsi_3btoul(cdb->length);
5773	buffer_offset = scsi_3btoul(cdb->offset);
5774
5775	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5776		ctl_set_invalid_field(ctsio,
5777				      /*sks_valid*/ 1,
5778				      /*command*/ 1,
5779				      /*field*/ 6,
5780				      /*bit_valid*/ 0,
5781				      /*bit*/ 0);
5782		ctl_done((union ctl_io *)ctsio);
5783		return (CTL_RETVAL_COMPLETE);
5784	}
5785
5786	/*
5787	 * If we've got a kernel request that hasn't been malloced yet,
5788	 * malloc it and tell the caller the data buffer is here.
5789	 */
5790	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5791		if (lun->write_buffer == NULL) {
5792			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5793			    M_CTL, M_WAITOK);
5794		}
5795		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5796		ctsio->kern_data_len = len;
5797		ctsio->kern_total_len = len;
5798		ctsio->kern_data_resid = 0;
5799		ctsio->kern_rel_offset = 0;
5800		ctsio->kern_sg_entries = 0;
5801		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5802		ctsio->be_move_done = ctl_config_move_done;
5803		ctl_datamove((union ctl_io *)ctsio);
5804
5805		return (CTL_RETVAL_COMPLETE);
5806	}
5807
5808	ctl_done((union ctl_io *)ctsio);
5809
5810	return (CTL_RETVAL_COMPLETE);
5811}
5812
5813int
5814ctl_write_same(struct ctl_scsiio *ctsio)
5815{
5816	struct ctl_lun *lun;
5817	struct ctl_lba_len_flags *lbalen;
5818	uint64_t lba;
5819	uint32_t num_blocks;
5820	int len, retval;
5821	uint8_t byte2;
5822
5823	retval = CTL_RETVAL_COMPLETE;
5824
5825	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5826
5827	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5828
5829	switch (ctsio->cdb[0]) {
5830	case WRITE_SAME_10: {
5831		struct scsi_write_same_10 *cdb;
5832
5833		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5834
5835		lba = scsi_4btoul(cdb->addr);
5836		num_blocks = scsi_2btoul(cdb->length);
5837		byte2 = cdb->byte2;
5838		break;
5839	}
5840	case WRITE_SAME_16: {
5841		struct scsi_write_same_16 *cdb;
5842
5843		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5844
5845		lba = scsi_8btou64(cdb->addr);
5846		num_blocks = scsi_4btoul(cdb->length);
5847		byte2 = cdb->byte2;
5848		break;
5849	}
5850	default:
5851		/*
5852		 * We got a command we don't support.  This shouldn't
5853		 * happen, commands should be filtered out above us.
5854		 */
5855		ctl_set_invalid_opcode(ctsio);
5856		ctl_done((union ctl_io *)ctsio);
5857
5858		return (CTL_RETVAL_COMPLETE);
5859		break; /* NOTREACHED */
5860	}
5861
5862	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5863	if ((byte2 & SWS_UNMAP) == 0 &&
5864	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5865		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5866		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5867		ctl_done((union ctl_io *)ctsio);
5868		return (CTL_RETVAL_COMPLETE);
5869	}
5870
5871	/*
5872	 * The first check is to make sure we're in bounds, the second
5873	 * check is to catch wrap-around problems.  If the lba + num blocks
5874	 * is less than the lba, then we've wrapped around and the block
5875	 * range is invalid anyway.
5876	 */
5877	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5878	 || ((lba + num_blocks) < lba)) {
5879		ctl_set_lba_out_of_range(ctsio);
5880		ctl_done((union ctl_io *)ctsio);
5881		return (CTL_RETVAL_COMPLETE);
5882	}
5883
5884	/* Zero number of blocks means "to the last logical block" */
5885	if (num_blocks == 0) {
5886		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5887			ctl_set_invalid_field(ctsio,
5888					      /*sks_valid*/ 0,
5889					      /*command*/ 1,
5890					      /*field*/ 0,
5891					      /*bit_valid*/ 0,
5892					      /*bit*/ 0);
5893			ctl_done((union ctl_io *)ctsio);
5894			return (CTL_RETVAL_COMPLETE);
5895		}
5896		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5897	}
5898
5899	len = lun->be_lun->blocksize;
5900
5901	/*
5902	 * If we've got a kernel request that hasn't been malloced yet,
5903	 * malloc it and tell the caller the data buffer is here.
5904	 */
5905	if ((byte2 & SWS_NDOB) == 0 &&
5906	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5907		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5908		ctsio->kern_data_len = len;
5909		ctsio->kern_total_len = len;
5910		ctsio->kern_data_resid = 0;
5911		ctsio->kern_rel_offset = 0;
5912		ctsio->kern_sg_entries = 0;
5913		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5914		ctsio->be_move_done = ctl_config_move_done;
5915		ctl_datamove((union ctl_io *)ctsio);
5916
5917		return (CTL_RETVAL_COMPLETE);
5918	}
5919
5920	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5921	lbalen->lba = lba;
5922	lbalen->len = num_blocks;
5923	lbalen->flags = byte2;
5924	retval = lun->backend->config_write((union ctl_io *)ctsio);
5925
5926	return (retval);
5927}
5928
5929int
5930ctl_unmap(struct ctl_scsiio *ctsio)
5931{
5932	struct ctl_lun *lun;
5933	struct scsi_unmap *cdb;
5934	struct ctl_ptr_len_flags *ptrlen;
5935	struct scsi_unmap_header *hdr;
5936	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5937	uint64_t lba;
5938	uint32_t num_blocks;
5939	int len, retval;
5940	uint8_t byte2;
5941
5942	retval = CTL_RETVAL_COMPLETE;
5943
5944	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5945
5946	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5947	cdb = (struct scsi_unmap *)ctsio->cdb;
5948
5949	len = scsi_2btoul(cdb->length);
5950	byte2 = cdb->byte2;
5951
5952	/*
5953	 * If we've got a kernel request that hasn't been malloced yet,
5954	 * malloc it and tell the caller the data buffer is here.
5955	 */
5956	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5957		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5958		ctsio->kern_data_len = len;
5959		ctsio->kern_total_len = len;
5960		ctsio->kern_data_resid = 0;
5961		ctsio->kern_rel_offset = 0;
5962		ctsio->kern_sg_entries = 0;
5963		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5964		ctsio->be_move_done = ctl_config_move_done;
5965		ctl_datamove((union ctl_io *)ctsio);
5966
5967		return (CTL_RETVAL_COMPLETE);
5968	}
5969
5970	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5971	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5972	if (len < sizeof (*hdr) ||
5973	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5974	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5975	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5976		ctl_set_invalid_field(ctsio,
5977				      /*sks_valid*/ 0,
5978				      /*command*/ 0,
5979				      /*field*/ 0,
5980				      /*bit_valid*/ 0,
5981				      /*bit*/ 0);
5982		ctl_done((union ctl_io *)ctsio);
5983		return (CTL_RETVAL_COMPLETE);
5984	}
5985	len = scsi_2btoul(hdr->desc_length);
5986	buf = (struct scsi_unmap_desc *)(hdr + 1);
5987	end = buf + len / sizeof(*buf);
5988
5989	endnz = buf;
5990	for (range = buf; range < end; range++) {
5991		lba = scsi_8btou64(range->lba);
5992		num_blocks = scsi_4btoul(range->length);
5993		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5994		 || ((lba + num_blocks) < lba)) {
5995			ctl_set_lba_out_of_range(ctsio);
5996			ctl_done((union ctl_io *)ctsio);
5997			return (CTL_RETVAL_COMPLETE);
5998		}
5999		if (num_blocks != 0)
6000			endnz = range + 1;
6001	}
6002
6003	/*
6004	 * Block backend can not handle zero last range.
6005	 * Filter it out and return if there is nothing left.
6006	 */
6007	len = (uint8_t *)endnz - (uint8_t *)buf;
6008	if (len == 0) {
6009		ctl_set_success(ctsio);
6010		ctl_done((union ctl_io *)ctsio);
6011		return (CTL_RETVAL_COMPLETE);
6012	}
6013
6014	mtx_lock(&lun->lun_lock);
6015	ptrlen = (struct ctl_ptr_len_flags *)
6016	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6017	ptrlen->ptr = (void *)buf;
6018	ptrlen->len = len;
6019	ptrlen->flags = byte2;
6020	ctl_check_blocked(lun);
6021	mtx_unlock(&lun->lun_lock);
6022
6023	retval = lun->backend->config_write((union ctl_io *)ctsio);
6024	return (retval);
6025}
6026
6027/*
6028 * Note that this function currently doesn't actually do anything inside
6029 * CTL to enforce things if the DQue bit is turned on.
6030 *
6031 * Also note that this function can't be used in the default case, because
6032 * the DQue bit isn't set in the changeable mask for the control mode page
6033 * anyway.  This is just here as an example for how to implement a page
6034 * handler, and a placeholder in case we want to allow the user to turn
6035 * tagged queueing on and off.
6036 *
6037 * The D_SENSE bit handling is functional, however, and will turn
6038 * descriptor sense on and off for a given LUN.
6039 */
6040int
6041ctl_control_page_handler(struct ctl_scsiio *ctsio,
6042			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6043{
6044	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6045	struct ctl_lun *lun;
6046	struct ctl_softc *softc;
6047	int set_ua;
6048	uint32_t initidx;
6049
6050	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6051	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6052	set_ua = 0;
6053
6054	user_cp = (struct scsi_control_page *)page_ptr;
6055	current_cp = (struct scsi_control_page *)
6056		(page_index->page_data + (page_index->page_len *
6057		CTL_PAGE_CURRENT));
6058	saved_cp = (struct scsi_control_page *)
6059		(page_index->page_data + (page_index->page_len *
6060		CTL_PAGE_SAVED));
6061
6062	softc = control_softc;
6063
6064	mtx_lock(&lun->lun_lock);
6065	if (((current_cp->rlec & SCP_DSENSE) == 0)
6066	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6067		/*
6068		 * Descriptor sense is currently turned off and the user
6069		 * wants to turn it on.
6070		 */
6071		current_cp->rlec |= SCP_DSENSE;
6072		saved_cp->rlec |= SCP_DSENSE;
6073		lun->flags |= CTL_LUN_SENSE_DESC;
6074		set_ua = 1;
6075	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6076		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6077		/*
6078		 * Descriptor sense is currently turned on, and the user
6079		 * wants to turn it off.
6080		 */
6081		current_cp->rlec &= ~SCP_DSENSE;
6082		saved_cp->rlec &= ~SCP_DSENSE;
6083		lun->flags &= ~CTL_LUN_SENSE_DESC;
6084		set_ua = 1;
6085	}
6086	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6087	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6088		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6089		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6090		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6091		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6092		set_ua = 1;
6093	}
6094	if ((current_cp->eca_and_aen & SCP_SWP) !=
6095	    (user_cp->eca_and_aen & SCP_SWP)) {
6096		current_cp->eca_and_aen &= ~SCP_SWP;
6097		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6098		saved_cp->eca_and_aen &= ~SCP_SWP;
6099		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6100		set_ua = 1;
6101	}
6102	if (set_ua != 0) {
6103		int i;
6104		/*
6105		 * Let other initiators know that the mode
6106		 * parameters for this LUN have changed.
6107		 */
6108		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6109			if (i == initidx)
6110				continue;
6111
6112			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6113		}
6114	}
6115	mtx_unlock(&lun->lun_lock);
6116
6117	return (0);
6118}
6119
6120int
6121ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6122		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6123{
6124	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6125	struct ctl_lun *lun;
6126	int set_ua;
6127	uint32_t initidx;
6128
6129	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6130	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6131	set_ua = 0;
6132
6133	user_cp = (struct scsi_caching_page *)page_ptr;
6134	current_cp = (struct scsi_caching_page *)
6135		(page_index->page_data + (page_index->page_len *
6136		CTL_PAGE_CURRENT));
6137	saved_cp = (struct scsi_caching_page *)
6138		(page_index->page_data + (page_index->page_len *
6139		CTL_PAGE_SAVED));
6140
6141	mtx_lock(&lun->lun_lock);
6142	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6143	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6144		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6145		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6146		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6147		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6148		set_ua = 1;
6149	}
6150	if (set_ua != 0) {
6151		int i;
6152		/*
6153		 * Let other initiators know that the mode
6154		 * parameters for this LUN have changed.
6155		 */
6156		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6157			if (i == initidx)
6158				continue;
6159
6160			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6161		}
6162	}
6163	mtx_unlock(&lun->lun_lock);
6164
6165	return (0);
6166}
6167
6168int
6169ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6170				struct ctl_page_index *page_index,
6171				uint8_t *page_ptr)
6172{
6173	uint8_t *c;
6174	int i;
6175
6176	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6177	ctl_time_io_secs =
6178		(c[0] << 8) |
6179		(c[1] << 0) |
6180		0;
6181	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6182	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6183	printf("page data:");
6184	for (i=0; i<8; i++)
6185		printf(" %.2x",page_ptr[i]);
6186	printf("\n");
6187	return (0);
6188}
6189
6190int
6191ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6192			       struct ctl_page_index *page_index,
6193			       int pc)
6194{
6195	struct copan_debugconf_subpage *page;
6196
6197	page = (struct copan_debugconf_subpage *)page_index->page_data +
6198		(page_index->page_len * pc);
6199
6200	switch (pc) {
6201	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6202	case SMS_PAGE_CTRL_DEFAULT >> 6:
6203	case SMS_PAGE_CTRL_SAVED >> 6:
6204		/*
6205		 * We don't update the changable or default bits for this page.
6206		 */
6207		break;
6208	case SMS_PAGE_CTRL_CURRENT >> 6:
6209		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6210		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6211		break;
6212	default:
6213#ifdef NEEDTOPORT
6214		EPRINT(0, "Invalid PC %d!!", pc);
6215#endif /* NEEDTOPORT */
6216		break;
6217	}
6218	return (0);
6219}
6220
6221
6222static int
6223ctl_do_mode_select(union ctl_io *io)
6224{
6225	struct scsi_mode_page_header *page_header;
6226	struct ctl_page_index *page_index;
6227	struct ctl_scsiio *ctsio;
6228	int control_dev, page_len;
6229	int page_len_offset, page_len_size;
6230	union ctl_modepage_info *modepage_info;
6231	struct ctl_lun *lun;
6232	int *len_left, *len_used;
6233	int retval, i;
6234
6235	ctsio = &io->scsiio;
6236	page_index = NULL;
6237	page_len = 0;
6238	retval = CTL_RETVAL_COMPLETE;
6239
6240	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6241
6242	if (lun->be_lun->lun_type != T_DIRECT)
6243		control_dev = 1;
6244	else
6245		control_dev = 0;
6246
6247	modepage_info = (union ctl_modepage_info *)
6248		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6249	len_left = &modepage_info->header.len_left;
6250	len_used = &modepage_info->header.len_used;
6251
6252do_next_page:
6253
6254	page_header = (struct scsi_mode_page_header *)
6255		(ctsio->kern_data_ptr + *len_used);
6256
6257	if (*len_left == 0) {
6258		free(ctsio->kern_data_ptr, M_CTL);
6259		ctl_set_success(ctsio);
6260		ctl_done((union ctl_io *)ctsio);
6261		return (CTL_RETVAL_COMPLETE);
6262	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6263
6264		free(ctsio->kern_data_ptr, M_CTL);
6265		ctl_set_param_len_error(ctsio);
6266		ctl_done((union ctl_io *)ctsio);
6267		return (CTL_RETVAL_COMPLETE);
6268
6269	} else if ((page_header->page_code & SMPH_SPF)
6270		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6271
6272		free(ctsio->kern_data_ptr, M_CTL);
6273		ctl_set_param_len_error(ctsio);
6274		ctl_done((union ctl_io *)ctsio);
6275		return (CTL_RETVAL_COMPLETE);
6276	}
6277
6278
6279	/*
6280	 * XXX KDM should we do something with the block descriptor?
6281	 */
6282	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6283
6284		if ((control_dev != 0)
6285		 && (lun->mode_pages.index[i].page_flags &
6286		     CTL_PAGE_FLAG_DISK_ONLY))
6287			continue;
6288
6289		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6290		    (page_header->page_code & SMPH_PC_MASK))
6291			continue;
6292
6293		/*
6294		 * If neither page has a subpage code, then we've got a
6295		 * match.
6296		 */
6297		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6298		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6299			page_index = &lun->mode_pages.index[i];
6300			page_len = page_header->page_length;
6301			break;
6302		}
6303
6304		/*
6305		 * If both pages have subpages, then the subpage numbers
6306		 * have to match.
6307		 */
6308		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6309		  && (page_header->page_code & SMPH_SPF)) {
6310			struct scsi_mode_page_header_sp *sph;
6311
6312			sph = (struct scsi_mode_page_header_sp *)page_header;
6313
6314			if (lun->mode_pages.index[i].subpage ==
6315			    sph->subpage) {
6316				page_index = &lun->mode_pages.index[i];
6317				page_len = scsi_2btoul(sph->page_length);
6318				break;
6319			}
6320		}
6321	}
6322
6323	/*
6324	 * If we couldn't find the page, or if we don't have a mode select
6325	 * handler for it, send back an error to the user.
6326	 */
6327	if ((page_index == NULL)
6328	 || (page_index->select_handler == NULL)) {
6329		ctl_set_invalid_field(ctsio,
6330				      /*sks_valid*/ 1,
6331				      /*command*/ 0,
6332				      /*field*/ *len_used,
6333				      /*bit_valid*/ 0,
6334				      /*bit*/ 0);
6335		free(ctsio->kern_data_ptr, M_CTL);
6336		ctl_done((union ctl_io *)ctsio);
6337		return (CTL_RETVAL_COMPLETE);
6338	}
6339
6340	if (page_index->page_code & SMPH_SPF) {
6341		page_len_offset = 2;
6342		page_len_size = 2;
6343	} else {
6344		page_len_size = 1;
6345		page_len_offset = 1;
6346	}
6347
6348	/*
6349	 * If the length the initiator gives us isn't the one we specify in
6350	 * the mode page header, or if they didn't specify enough data in
6351	 * the CDB to avoid truncating this page, kick out the request.
6352	 */
6353	if ((page_len != (page_index->page_len - page_len_offset -
6354			  page_len_size))
6355	 || (*len_left < page_index->page_len)) {
6356
6357
6358		ctl_set_invalid_field(ctsio,
6359				      /*sks_valid*/ 1,
6360				      /*command*/ 0,
6361				      /*field*/ *len_used + page_len_offset,
6362				      /*bit_valid*/ 0,
6363				      /*bit*/ 0);
6364		free(ctsio->kern_data_ptr, M_CTL);
6365		ctl_done((union ctl_io *)ctsio);
6366		return (CTL_RETVAL_COMPLETE);
6367	}
6368
6369	/*
6370	 * Run through the mode page, checking to make sure that the bits
6371	 * the user changed are actually legal for him to change.
6372	 */
6373	for (i = 0; i < page_index->page_len; i++) {
6374		uint8_t *user_byte, *change_mask, *current_byte;
6375		int bad_bit;
6376		int j;
6377
6378		user_byte = (uint8_t *)page_header + i;
6379		change_mask = page_index->page_data +
6380			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6381		current_byte = page_index->page_data +
6382			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6383
6384		/*
6385		 * Check to see whether the user set any bits in this byte
6386		 * that he is not allowed to set.
6387		 */
6388		if ((*user_byte & ~(*change_mask)) ==
6389		    (*current_byte & ~(*change_mask)))
6390			continue;
6391
6392		/*
6393		 * Go through bit by bit to determine which one is illegal.
6394		 */
6395		bad_bit = 0;
6396		for (j = 7; j >= 0; j--) {
6397			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6398			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6399				bad_bit = i;
6400				break;
6401			}
6402		}
6403		ctl_set_invalid_field(ctsio,
6404				      /*sks_valid*/ 1,
6405				      /*command*/ 0,
6406				      /*field*/ *len_used + i,
6407				      /*bit_valid*/ 1,
6408				      /*bit*/ bad_bit);
6409		free(ctsio->kern_data_ptr, M_CTL);
6410		ctl_done((union ctl_io *)ctsio);
6411		return (CTL_RETVAL_COMPLETE);
6412	}
6413
6414	/*
6415	 * Decrement these before we call the page handler, since we may
6416	 * end up getting called back one way or another before the handler
6417	 * returns to this context.
6418	 */
6419	*len_left -= page_index->page_len;
6420	*len_used += page_index->page_len;
6421
6422	retval = page_index->select_handler(ctsio, page_index,
6423					    (uint8_t *)page_header);
6424
6425	/*
6426	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6427	 * wait until this queued command completes to finish processing
6428	 * the mode page.  If it returns anything other than
6429	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6430	 * already set the sense information, freed the data pointer, and
6431	 * completed the io for us.
6432	 */
6433	if (retval != CTL_RETVAL_COMPLETE)
6434		goto bailout_no_done;
6435
6436	/*
6437	 * If the initiator sent us more than one page, parse the next one.
6438	 */
6439	if (*len_left > 0)
6440		goto do_next_page;
6441
6442	ctl_set_success(ctsio);
6443	free(ctsio->kern_data_ptr, M_CTL);
6444	ctl_done((union ctl_io *)ctsio);
6445
6446bailout_no_done:
6447
6448	return (CTL_RETVAL_COMPLETE);
6449
6450}
6451
6452int
6453ctl_mode_select(struct ctl_scsiio *ctsio)
6454{
6455	int param_len, pf, sp;
6456	int header_size, bd_len;
6457	int len_left, len_used;
6458	struct ctl_page_index *page_index;
6459	struct ctl_lun *lun;
6460	int control_dev, page_len;
6461	union ctl_modepage_info *modepage_info;
6462	int retval;
6463
6464	pf = 0;
6465	sp = 0;
6466	page_len = 0;
6467	len_used = 0;
6468	len_left = 0;
6469	retval = 0;
6470	bd_len = 0;
6471	page_index = NULL;
6472
6473	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6474
6475	if (lun->be_lun->lun_type != T_DIRECT)
6476		control_dev = 1;
6477	else
6478		control_dev = 0;
6479
6480	switch (ctsio->cdb[0]) {
6481	case MODE_SELECT_6: {
6482		struct scsi_mode_select_6 *cdb;
6483
6484		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6485
6486		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6487		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6488
6489		param_len = cdb->length;
6490		header_size = sizeof(struct scsi_mode_header_6);
6491		break;
6492	}
6493	case MODE_SELECT_10: {
6494		struct scsi_mode_select_10 *cdb;
6495
6496		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6497
6498		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6499		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6500
6501		param_len = scsi_2btoul(cdb->length);
6502		header_size = sizeof(struct scsi_mode_header_10);
6503		break;
6504	}
6505	default:
6506		ctl_set_invalid_opcode(ctsio);
6507		ctl_done((union ctl_io *)ctsio);
6508		return (CTL_RETVAL_COMPLETE);
6509		break; /* NOTREACHED */
6510	}
6511
6512	/*
6513	 * From SPC-3:
6514	 * "A parameter list length of zero indicates that the Data-Out Buffer
6515	 * shall be empty. This condition shall not be considered as an error."
6516	 */
6517	if (param_len == 0) {
6518		ctl_set_success(ctsio);
6519		ctl_done((union ctl_io *)ctsio);
6520		return (CTL_RETVAL_COMPLETE);
6521	}
6522
6523	/*
6524	 * Since we'll hit this the first time through, prior to
6525	 * allocation, we don't need to free a data buffer here.
6526	 */
6527	if (param_len < header_size) {
6528		ctl_set_param_len_error(ctsio);
6529		ctl_done((union ctl_io *)ctsio);
6530		return (CTL_RETVAL_COMPLETE);
6531	}
6532
6533	/*
6534	 * Allocate the data buffer and grab the user's data.  In theory,
6535	 * we shouldn't have to sanity check the parameter list length here
6536	 * because the maximum size is 64K.  We should be able to malloc
6537	 * that much without too many problems.
6538	 */
6539	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6540		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6541		ctsio->kern_data_len = param_len;
6542		ctsio->kern_total_len = param_len;
6543		ctsio->kern_data_resid = 0;
6544		ctsio->kern_rel_offset = 0;
6545		ctsio->kern_sg_entries = 0;
6546		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6547		ctsio->be_move_done = ctl_config_move_done;
6548		ctl_datamove((union ctl_io *)ctsio);
6549
6550		return (CTL_RETVAL_COMPLETE);
6551	}
6552
6553	switch (ctsio->cdb[0]) {
6554	case MODE_SELECT_6: {
6555		struct scsi_mode_header_6 *mh6;
6556
6557		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6558		bd_len = mh6->blk_desc_len;
6559		break;
6560	}
6561	case MODE_SELECT_10: {
6562		struct scsi_mode_header_10 *mh10;
6563
6564		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6565		bd_len = scsi_2btoul(mh10->blk_desc_len);
6566		break;
6567	}
6568	default:
6569		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6570		break;
6571	}
6572
6573	if (param_len < (header_size + bd_len)) {
6574		free(ctsio->kern_data_ptr, M_CTL);
6575		ctl_set_param_len_error(ctsio);
6576		ctl_done((union ctl_io *)ctsio);
6577		return (CTL_RETVAL_COMPLETE);
6578	}
6579
6580	/*
6581	 * Set the IO_CONT flag, so that if this I/O gets passed to
6582	 * ctl_config_write_done(), it'll get passed back to
6583	 * ctl_do_mode_select() for further processing, or completion if
6584	 * we're all done.
6585	 */
6586	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6587	ctsio->io_cont = ctl_do_mode_select;
6588
6589	modepage_info = (union ctl_modepage_info *)
6590		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6591
6592	memset(modepage_info, 0, sizeof(*modepage_info));
6593
6594	len_left = param_len - header_size - bd_len;
6595	len_used = header_size + bd_len;
6596
6597	modepage_info->header.len_left = len_left;
6598	modepage_info->header.len_used = len_used;
6599
6600	return (ctl_do_mode_select((union ctl_io *)ctsio));
6601}
6602
6603int
6604ctl_mode_sense(struct ctl_scsiio *ctsio)
6605{
6606	struct ctl_lun *lun;
6607	int pc, page_code, dbd, llba, subpage;
6608	int alloc_len, page_len, header_len, total_len;
6609	struct scsi_mode_block_descr *block_desc;
6610	struct ctl_page_index *page_index;
6611	int control_dev;
6612
6613	dbd = 0;
6614	llba = 0;
6615	block_desc = NULL;
6616	page_index = NULL;
6617
6618	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6619
6620	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6621
6622	if (lun->be_lun->lun_type != T_DIRECT)
6623		control_dev = 1;
6624	else
6625		control_dev = 0;
6626
6627	switch (ctsio->cdb[0]) {
6628	case MODE_SENSE_6: {
6629		struct scsi_mode_sense_6 *cdb;
6630
6631		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6632
6633		header_len = sizeof(struct scsi_mode_hdr_6);
6634		if (cdb->byte2 & SMS_DBD)
6635			dbd = 1;
6636		else
6637			header_len += sizeof(struct scsi_mode_block_descr);
6638
6639		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6640		page_code = cdb->page & SMS_PAGE_CODE;
6641		subpage = cdb->subpage;
6642		alloc_len = cdb->length;
6643		break;
6644	}
6645	case MODE_SENSE_10: {
6646		struct scsi_mode_sense_10 *cdb;
6647
6648		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6649
6650		header_len = sizeof(struct scsi_mode_hdr_10);
6651
6652		if (cdb->byte2 & SMS_DBD)
6653			dbd = 1;
6654		else
6655			header_len += sizeof(struct scsi_mode_block_descr);
6656		if (cdb->byte2 & SMS10_LLBAA)
6657			llba = 1;
6658		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6659		page_code = cdb->page & SMS_PAGE_CODE;
6660		subpage = cdb->subpage;
6661		alloc_len = scsi_2btoul(cdb->length);
6662		break;
6663	}
6664	default:
6665		ctl_set_invalid_opcode(ctsio);
6666		ctl_done((union ctl_io *)ctsio);
6667		return (CTL_RETVAL_COMPLETE);
6668		break; /* NOTREACHED */
6669	}
6670
6671	/*
6672	 * We have to make a first pass through to calculate the size of
6673	 * the pages that match the user's query.  Then we allocate enough
6674	 * memory to hold it, and actually copy the data into the buffer.
6675	 */
6676	switch (page_code) {
6677	case SMS_ALL_PAGES_PAGE: {
6678		int i;
6679
6680		page_len = 0;
6681
6682		/*
6683		 * At the moment, values other than 0 and 0xff here are
6684		 * reserved according to SPC-3.
6685		 */
6686		if ((subpage != SMS_SUBPAGE_PAGE_0)
6687		 && (subpage != SMS_SUBPAGE_ALL)) {
6688			ctl_set_invalid_field(ctsio,
6689					      /*sks_valid*/ 1,
6690					      /*command*/ 1,
6691					      /*field*/ 3,
6692					      /*bit_valid*/ 0,
6693					      /*bit*/ 0);
6694			ctl_done((union ctl_io *)ctsio);
6695			return (CTL_RETVAL_COMPLETE);
6696		}
6697
6698		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6699			if ((control_dev != 0)
6700			 && (lun->mode_pages.index[i].page_flags &
6701			     CTL_PAGE_FLAG_DISK_ONLY))
6702				continue;
6703
6704			/*
6705			 * We don't use this subpage if the user didn't
6706			 * request all subpages.
6707			 */
6708			if ((lun->mode_pages.index[i].subpage != 0)
6709			 && (subpage == SMS_SUBPAGE_PAGE_0))
6710				continue;
6711
6712#if 0
6713			printf("found page %#x len %d\n",
6714			       lun->mode_pages.index[i].page_code &
6715			       SMPH_PC_MASK,
6716			       lun->mode_pages.index[i].page_len);
6717#endif
6718			page_len += lun->mode_pages.index[i].page_len;
6719		}
6720		break;
6721	}
6722	default: {
6723		int i;
6724
6725		page_len = 0;
6726
6727		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6728			/* Look for the right page code */
6729			if ((lun->mode_pages.index[i].page_code &
6730			     SMPH_PC_MASK) != page_code)
6731				continue;
6732
6733			/* Look for the right subpage or the subpage wildcard*/
6734			if ((lun->mode_pages.index[i].subpage != subpage)
6735			 && (subpage != SMS_SUBPAGE_ALL))
6736				continue;
6737
6738			/* Make sure the page is supported for this dev type */
6739			if ((control_dev != 0)
6740			 && (lun->mode_pages.index[i].page_flags &
6741			     CTL_PAGE_FLAG_DISK_ONLY))
6742				continue;
6743
6744#if 0
6745			printf("found page %#x len %d\n",
6746			       lun->mode_pages.index[i].page_code &
6747			       SMPH_PC_MASK,
6748			       lun->mode_pages.index[i].page_len);
6749#endif
6750
6751			page_len += lun->mode_pages.index[i].page_len;
6752		}
6753
6754		if (page_len == 0) {
6755			ctl_set_invalid_field(ctsio,
6756					      /*sks_valid*/ 1,
6757					      /*command*/ 1,
6758					      /*field*/ 2,
6759					      /*bit_valid*/ 1,
6760					      /*bit*/ 5);
6761			ctl_done((union ctl_io *)ctsio);
6762			return (CTL_RETVAL_COMPLETE);
6763		}
6764		break;
6765	}
6766	}
6767
6768	total_len = header_len + page_len;
6769#if 0
6770	printf("header_len = %d, page_len = %d, total_len = %d\n",
6771	       header_len, page_len, total_len);
6772#endif
6773
6774	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6775	ctsio->kern_sg_entries = 0;
6776	ctsio->kern_data_resid = 0;
6777	ctsio->kern_rel_offset = 0;
6778	if (total_len < alloc_len) {
6779		ctsio->residual = alloc_len - total_len;
6780		ctsio->kern_data_len = total_len;
6781		ctsio->kern_total_len = total_len;
6782	} else {
6783		ctsio->residual = 0;
6784		ctsio->kern_data_len = alloc_len;
6785		ctsio->kern_total_len = alloc_len;
6786	}
6787
6788	switch (ctsio->cdb[0]) {
6789	case MODE_SENSE_6: {
6790		struct scsi_mode_hdr_6 *header;
6791
6792		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6793
6794		header->datalen = ctl_min(total_len - 1, 254);
6795		if (control_dev == 0) {
6796			header->dev_specific = 0x10; /* DPOFUA */
6797			if ((lun->flags & CTL_LUN_READONLY) ||
6798			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6799			    .eca_and_aen & SCP_SWP) != 0)
6800				    header->dev_specific |= 0x80; /* WP */
6801		}
6802		if (dbd)
6803			header->block_descr_len = 0;
6804		else
6805			header->block_descr_len =
6806				sizeof(struct scsi_mode_block_descr);
6807		block_desc = (struct scsi_mode_block_descr *)&header[1];
6808		break;
6809	}
6810	case MODE_SENSE_10: {
6811		struct scsi_mode_hdr_10 *header;
6812		int datalen;
6813
6814		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6815
6816		datalen = ctl_min(total_len - 2, 65533);
6817		scsi_ulto2b(datalen, header->datalen);
6818		if (control_dev == 0) {
6819			header->dev_specific = 0x10; /* DPOFUA */
6820			if ((lun->flags & CTL_LUN_READONLY) ||
6821			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6822			    .eca_and_aen & SCP_SWP) != 0)
6823				    header->dev_specific |= 0x80; /* WP */
6824		}
6825		if (dbd)
6826			scsi_ulto2b(0, header->block_descr_len);
6827		else
6828			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6829				    header->block_descr_len);
6830		block_desc = (struct scsi_mode_block_descr *)&header[1];
6831		break;
6832	}
6833	default:
6834		panic("invalid CDB type %#x", ctsio->cdb[0]);
6835		break; /* NOTREACHED */
6836	}
6837
6838	/*
6839	 * If we've got a disk, use its blocksize in the block
6840	 * descriptor.  Otherwise, just set it to 0.
6841	 */
6842	if (dbd == 0) {
6843		if (control_dev == 0)
6844			scsi_ulto3b(lun->be_lun->blocksize,
6845				    block_desc->block_len);
6846		else
6847			scsi_ulto3b(0, block_desc->block_len);
6848	}
6849
6850	switch (page_code) {
6851	case SMS_ALL_PAGES_PAGE: {
6852		int i, data_used;
6853
6854		data_used = header_len;
6855		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6856			struct ctl_page_index *page_index;
6857
6858			page_index = &lun->mode_pages.index[i];
6859
6860			if ((control_dev != 0)
6861			 && (page_index->page_flags &
6862			    CTL_PAGE_FLAG_DISK_ONLY))
6863				continue;
6864
6865			/*
6866			 * We don't use this subpage if the user didn't
6867			 * request all subpages.  We already checked (above)
6868			 * to make sure the user only specified a subpage
6869			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6870			 */
6871			if ((page_index->subpage != 0)
6872			 && (subpage == SMS_SUBPAGE_PAGE_0))
6873				continue;
6874
6875			/*
6876			 * Call the handler, if it exists, to update the
6877			 * page to the latest values.
6878			 */
6879			if (page_index->sense_handler != NULL)
6880				page_index->sense_handler(ctsio, page_index,pc);
6881
6882			memcpy(ctsio->kern_data_ptr + data_used,
6883			       page_index->page_data +
6884			       (page_index->page_len * pc),
6885			       page_index->page_len);
6886			data_used += page_index->page_len;
6887		}
6888		break;
6889	}
6890	default: {
6891		int i, data_used;
6892
6893		data_used = header_len;
6894
6895		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6896			struct ctl_page_index *page_index;
6897
6898			page_index = &lun->mode_pages.index[i];
6899
6900			/* Look for the right page code */
6901			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6902				continue;
6903
6904			/* Look for the right subpage or the subpage wildcard*/
6905			if ((page_index->subpage != subpage)
6906			 && (subpage != SMS_SUBPAGE_ALL))
6907				continue;
6908
6909			/* Make sure the page is supported for this dev type */
6910			if ((control_dev != 0)
6911			 && (page_index->page_flags &
6912			     CTL_PAGE_FLAG_DISK_ONLY))
6913				continue;
6914
6915			/*
6916			 * Call the handler, if it exists, to update the
6917			 * page to the latest values.
6918			 */
6919			if (page_index->sense_handler != NULL)
6920				page_index->sense_handler(ctsio, page_index,pc);
6921
6922			memcpy(ctsio->kern_data_ptr + data_used,
6923			       page_index->page_data +
6924			       (page_index->page_len * pc),
6925			       page_index->page_len);
6926			data_used += page_index->page_len;
6927		}
6928		break;
6929	}
6930	}
6931
6932	ctsio->scsi_status = SCSI_STATUS_OK;
6933
6934	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6935	ctsio->be_move_done = ctl_config_move_done;
6936	ctl_datamove((union ctl_io *)ctsio);
6937
6938	return (CTL_RETVAL_COMPLETE);
6939}
6940
6941int
6942ctl_log_sense(struct ctl_scsiio *ctsio)
6943{
6944	struct ctl_lun *lun;
6945	int i, pc, page_code, subpage;
6946	int alloc_len, total_len;
6947	struct ctl_page_index *page_index;
6948	struct scsi_log_sense *cdb;
6949	struct scsi_log_header *header;
6950
6951	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6952
6953	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6954	cdb = (struct scsi_log_sense *)ctsio->cdb;
6955	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6956	page_code = cdb->page & SLS_PAGE_CODE;
6957	subpage = cdb->subpage;
6958	alloc_len = scsi_2btoul(cdb->length);
6959
6960	page_index = NULL;
6961	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6962		page_index = &lun->log_pages.index[i];
6963
6964		/* Look for the right page code */
6965		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6966			continue;
6967
6968		/* Look for the right subpage or the subpage wildcard*/
6969		if (page_index->subpage != subpage)
6970			continue;
6971
6972		break;
6973	}
6974	if (i >= CTL_NUM_LOG_PAGES) {
6975		ctl_set_invalid_field(ctsio,
6976				      /*sks_valid*/ 1,
6977				      /*command*/ 1,
6978				      /*field*/ 2,
6979				      /*bit_valid*/ 0,
6980				      /*bit*/ 0);
6981		ctl_done((union ctl_io *)ctsio);
6982		return (CTL_RETVAL_COMPLETE);
6983	}
6984
6985	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6986
6987	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6988	ctsio->kern_sg_entries = 0;
6989	ctsio->kern_data_resid = 0;
6990	ctsio->kern_rel_offset = 0;
6991	if (total_len < alloc_len) {
6992		ctsio->residual = alloc_len - total_len;
6993		ctsio->kern_data_len = total_len;
6994		ctsio->kern_total_len = total_len;
6995	} else {
6996		ctsio->residual = 0;
6997		ctsio->kern_data_len = alloc_len;
6998		ctsio->kern_total_len = alloc_len;
6999	}
7000
7001	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7002	header->page = page_index->page_code;
7003	if (page_index->subpage) {
7004		header->page |= SL_SPF;
7005		header->subpage = page_index->subpage;
7006	}
7007	scsi_ulto2b(page_index->page_len, header->datalen);
7008
7009	/*
7010	 * Call the handler, if it exists, to update the
7011	 * page to the latest values.
7012	 */
7013	if (page_index->sense_handler != NULL)
7014		page_index->sense_handler(ctsio, page_index, pc);
7015
7016	memcpy(header + 1, page_index->page_data, page_index->page_len);
7017
7018	ctsio->scsi_status = SCSI_STATUS_OK;
7019	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7020	ctsio->be_move_done = ctl_config_move_done;
7021	ctl_datamove((union ctl_io *)ctsio);
7022
7023	return (CTL_RETVAL_COMPLETE);
7024}
7025
7026int
7027ctl_read_capacity(struct ctl_scsiio *ctsio)
7028{
7029	struct scsi_read_capacity *cdb;
7030	struct scsi_read_capacity_data *data;
7031	struct ctl_lun *lun;
7032	uint32_t lba;
7033
7034	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7035
7036	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7037
7038	lba = scsi_4btoul(cdb->addr);
7039	if (((cdb->pmi & SRC_PMI) == 0)
7040	 && (lba != 0)) {
7041		ctl_set_invalid_field(/*ctsio*/ ctsio,
7042				      /*sks_valid*/ 1,
7043				      /*command*/ 1,
7044				      /*field*/ 2,
7045				      /*bit_valid*/ 0,
7046				      /*bit*/ 0);
7047		ctl_done((union ctl_io *)ctsio);
7048		return (CTL_RETVAL_COMPLETE);
7049	}
7050
7051	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7052
7053	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7054	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7055	ctsio->residual = 0;
7056	ctsio->kern_data_len = sizeof(*data);
7057	ctsio->kern_total_len = sizeof(*data);
7058	ctsio->kern_data_resid = 0;
7059	ctsio->kern_rel_offset = 0;
7060	ctsio->kern_sg_entries = 0;
7061
7062	/*
7063	 * If the maximum LBA is greater than 0xfffffffe, the user must
7064	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7065	 * serivce action set.
7066	 */
7067	if (lun->be_lun->maxlba > 0xfffffffe)
7068		scsi_ulto4b(0xffffffff, data->addr);
7069	else
7070		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7071
7072	/*
7073	 * XXX KDM this may not be 512 bytes...
7074	 */
7075	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7076
7077	ctsio->scsi_status = SCSI_STATUS_OK;
7078
7079	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7080	ctsio->be_move_done = ctl_config_move_done;
7081	ctl_datamove((union ctl_io *)ctsio);
7082
7083	return (CTL_RETVAL_COMPLETE);
7084}
7085
7086int
7087ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7088{
7089	struct scsi_read_capacity_16 *cdb;
7090	struct scsi_read_capacity_data_long *data;
7091	struct ctl_lun *lun;
7092	uint64_t lba;
7093	uint32_t alloc_len;
7094
7095	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7096
7097	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7098
7099	alloc_len = scsi_4btoul(cdb->alloc_len);
7100	lba = scsi_8btou64(cdb->addr);
7101
7102	if ((cdb->reladr & SRC16_PMI)
7103	 && (lba != 0)) {
7104		ctl_set_invalid_field(/*ctsio*/ ctsio,
7105				      /*sks_valid*/ 1,
7106				      /*command*/ 1,
7107				      /*field*/ 2,
7108				      /*bit_valid*/ 0,
7109				      /*bit*/ 0);
7110		ctl_done((union ctl_io *)ctsio);
7111		return (CTL_RETVAL_COMPLETE);
7112	}
7113
7114	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7115
7116	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7117	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7118
7119	if (sizeof(*data) < alloc_len) {
7120		ctsio->residual = alloc_len - sizeof(*data);
7121		ctsio->kern_data_len = sizeof(*data);
7122		ctsio->kern_total_len = sizeof(*data);
7123	} else {
7124		ctsio->residual = 0;
7125		ctsio->kern_data_len = alloc_len;
7126		ctsio->kern_total_len = alloc_len;
7127	}
7128	ctsio->kern_data_resid = 0;
7129	ctsio->kern_rel_offset = 0;
7130	ctsio->kern_sg_entries = 0;
7131
7132	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7133	/* XXX KDM this may not be 512 bytes... */
7134	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7135	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7136	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7137	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7138		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7139
7140	ctsio->scsi_status = SCSI_STATUS_OK;
7141
7142	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7143	ctsio->be_move_done = ctl_config_move_done;
7144	ctl_datamove((union ctl_io *)ctsio);
7145
7146	return (CTL_RETVAL_COMPLETE);
7147}
7148
7149int
7150ctl_read_defect(struct ctl_scsiio *ctsio)
7151{
7152	struct scsi_read_defect_data_10 *ccb10;
7153	struct scsi_read_defect_data_12 *ccb12;
7154	struct scsi_read_defect_data_hdr_10 *data10;
7155	struct scsi_read_defect_data_hdr_12 *data12;
7156	struct ctl_lun *lun;
7157	uint32_t alloc_len, data_len;
7158	uint8_t format;
7159
7160	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7161
7162	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7163
7164	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7165		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7166		format = ccb10->format;
7167		alloc_len = scsi_2btoul(ccb10->alloc_length);
7168		data_len = sizeof(*data10);
7169	} else {
7170		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7171		format = ccb12->format;
7172		alloc_len = scsi_4btoul(ccb12->alloc_length);
7173		data_len = sizeof(*data12);
7174	}
7175	if (alloc_len == 0) {
7176		ctl_set_success(ctsio);
7177		ctl_done((union ctl_io *)ctsio);
7178		return (CTL_RETVAL_COMPLETE);
7179	}
7180
7181	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7182	if (data_len < alloc_len) {
7183		ctsio->residual = alloc_len - data_len;
7184		ctsio->kern_data_len = data_len;
7185		ctsio->kern_total_len = data_len;
7186	} else {
7187		ctsio->residual = 0;
7188		ctsio->kern_data_len = alloc_len;
7189		ctsio->kern_total_len = alloc_len;
7190	}
7191	ctsio->kern_data_resid = 0;
7192	ctsio->kern_rel_offset = 0;
7193	ctsio->kern_sg_entries = 0;
7194
7195	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7196		data10 = (struct scsi_read_defect_data_hdr_10 *)
7197		    ctsio->kern_data_ptr;
7198		data10->format = format;
7199		scsi_ulto2b(0, data10->length);
7200	} else {
7201		data12 = (struct scsi_read_defect_data_hdr_12 *)
7202		    ctsio->kern_data_ptr;
7203		data12->format = format;
7204		scsi_ulto2b(0, data12->generation);
7205		scsi_ulto4b(0, data12->length);
7206	}
7207
7208	ctsio->scsi_status = SCSI_STATUS_OK;
7209	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7210	ctsio->be_move_done = ctl_config_move_done;
7211	ctl_datamove((union ctl_io *)ctsio);
7212	return (CTL_RETVAL_COMPLETE);
7213}
7214
7215int
7216ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7217{
7218	struct scsi_maintenance_in *cdb;
7219	int retval;
7220	int alloc_len, ext, total_len = 0, g, p, pc, pg;
7221	int num_target_port_groups, num_target_ports, single;
7222	struct ctl_lun *lun;
7223	struct ctl_softc *softc;
7224	struct ctl_port *port;
7225	struct scsi_target_group_data *rtg_ptr;
7226	struct scsi_target_group_data_extended *rtg_ext_ptr;
7227	struct scsi_target_port_group_descriptor *tpg_desc;
7228
7229	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7230
7231	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7232	softc = control_softc;
7233	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7234
7235	retval = CTL_RETVAL_COMPLETE;
7236
7237	switch (cdb->byte2 & STG_PDF_MASK) {
7238	case STG_PDF_LENGTH:
7239		ext = 0;
7240		break;
7241	case STG_PDF_EXTENDED:
7242		ext = 1;
7243		break;
7244	default:
7245		ctl_set_invalid_field(/*ctsio*/ ctsio,
7246				      /*sks_valid*/ 1,
7247				      /*command*/ 1,
7248				      /*field*/ 2,
7249				      /*bit_valid*/ 1,
7250				      /*bit*/ 5);
7251		ctl_done((union ctl_io *)ctsio);
7252		return(retval);
7253	}
7254
7255	single = ctl_is_single;
7256	if (single)
7257		num_target_port_groups = 1;
7258	else
7259		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7260	num_target_ports = 0;
7261	mtx_lock(&softc->ctl_lock);
7262	STAILQ_FOREACH(port, &softc->port_list, links) {
7263		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7264			continue;
7265		if (ctl_map_lun_back(port->targ_port, lun->lun) >= CTL_MAX_LUNS)
7266			continue;
7267		num_target_ports++;
7268	}
7269	mtx_unlock(&softc->ctl_lock);
7270
7271	if (ext)
7272		total_len = sizeof(struct scsi_target_group_data_extended);
7273	else
7274		total_len = sizeof(struct scsi_target_group_data);
7275	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7276		num_target_port_groups +
7277	    sizeof(struct scsi_target_port_descriptor) *
7278		num_target_ports * num_target_port_groups;
7279
7280	alloc_len = scsi_4btoul(cdb->length);
7281
7282	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7283
7284	ctsio->kern_sg_entries = 0;
7285
7286	if (total_len < alloc_len) {
7287		ctsio->residual = alloc_len - total_len;
7288		ctsio->kern_data_len = total_len;
7289		ctsio->kern_total_len = total_len;
7290	} else {
7291		ctsio->residual = 0;
7292		ctsio->kern_data_len = alloc_len;
7293		ctsio->kern_total_len = alloc_len;
7294	}
7295	ctsio->kern_data_resid = 0;
7296	ctsio->kern_rel_offset = 0;
7297
7298	if (ext) {
7299		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7300		    ctsio->kern_data_ptr;
7301		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7302		rtg_ext_ptr->format_type = 0x10;
7303		rtg_ext_ptr->implicit_transition_time = 0;
7304		tpg_desc = &rtg_ext_ptr->groups[0];
7305	} else {
7306		rtg_ptr = (struct scsi_target_group_data *)
7307		    ctsio->kern_data_ptr;
7308		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7309		tpg_desc = &rtg_ptr->groups[0];
7310	}
7311
7312	pg = ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS;
7313	mtx_lock(&softc->ctl_lock);
7314	for (g = 0; g < num_target_port_groups; g++) {
7315		if (g == pg)
7316			tpg_desc->pref_state = TPG_PRIMARY |
7317			    TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7318		else
7319			tpg_desc->pref_state =
7320			    TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7321		tpg_desc->support = TPG_AO_SUP;
7322		if (!single)
7323			tpg_desc->support |= TPG_AN_SUP;
7324		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7325		tpg_desc->status = TPG_IMPLICIT;
7326		pc = 0;
7327		STAILQ_FOREACH(port, &softc->port_list, links) {
7328			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7329				continue;
7330			if (ctl_map_lun_back(port->targ_port, lun->lun) >=
7331			    CTL_MAX_LUNS)
7332				continue;
7333			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
7334			scsi_ulto2b(p, tpg_desc->descriptors[pc].
7335			    relative_target_port_identifier);
7336			pc++;
7337		}
7338		tpg_desc->target_port_count = pc;
7339		tpg_desc = (struct scsi_target_port_group_descriptor *)
7340		    &tpg_desc->descriptors[pc];
7341	}
7342	mtx_unlock(&softc->ctl_lock);
7343
7344	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7345	ctsio->be_move_done = ctl_config_move_done;
7346
7347	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7348			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7349			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7350			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7351			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7352
7353	ctl_datamove((union ctl_io *)ctsio);
7354	return(retval);
7355}
7356
7357int
7358ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7359{
7360	struct ctl_lun *lun;
7361	struct scsi_report_supported_opcodes *cdb;
7362	const struct ctl_cmd_entry *entry, *sentry;
7363	struct scsi_report_supported_opcodes_all *all;
7364	struct scsi_report_supported_opcodes_descr *descr;
7365	struct scsi_report_supported_opcodes_one *one;
7366	int retval;
7367	int alloc_len, total_len;
7368	int opcode, service_action, i, j, num;
7369
7370	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7371
7372	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7373	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7374
7375	retval = CTL_RETVAL_COMPLETE;
7376
7377	opcode = cdb->requested_opcode;
7378	service_action = scsi_2btoul(cdb->requested_service_action);
7379	switch (cdb->options & RSO_OPTIONS_MASK) {
7380	case RSO_OPTIONS_ALL:
7381		num = 0;
7382		for (i = 0; i < 256; i++) {
7383			entry = &ctl_cmd_table[i];
7384			if (entry->flags & CTL_CMD_FLAG_SA5) {
7385				for (j = 0; j < 32; j++) {
7386					sentry = &((const struct ctl_cmd_entry *)
7387					    entry->execute)[j];
7388					if (ctl_cmd_applicable(
7389					    lun->be_lun->lun_type, sentry))
7390						num++;
7391				}
7392			} else {
7393				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7394				    entry))
7395					num++;
7396			}
7397		}
7398		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7399		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7400		break;
7401	case RSO_OPTIONS_OC:
7402		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7403			ctl_set_invalid_field(/*ctsio*/ ctsio,
7404					      /*sks_valid*/ 1,
7405					      /*command*/ 1,
7406					      /*field*/ 2,
7407					      /*bit_valid*/ 1,
7408					      /*bit*/ 2);
7409			ctl_done((union ctl_io *)ctsio);
7410			return (CTL_RETVAL_COMPLETE);
7411		}
7412		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7413		break;
7414	case RSO_OPTIONS_OC_SA:
7415		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7416		    service_action >= 32) {
7417			ctl_set_invalid_field(/*ctsio*/ ctsio,
7418					      /*sks_valid*/ 1,
7419					      /*command*/ 1,
7420					      /*field*/ 2,
7421					      /*bit_valid*/ 1,
7422					      /*bit*/ 2);
7423			ctl_done((union ctl_io *)ctsio);
7424			return (CTL_RETVAL_COMPLETE);
7425		}
7426		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7427		break;
7428	default:
7429		ctl_set_invalid_field(/*ctsio*/ ctsio,
7430				      /*sks_valid*/ 1,
7431				      /*command*/ 1,
7432				      /*field*/ 2,
7433				      /*bit_valid*/ 1,
7434				      /*bit*/ 2);
7435		ctl_done((union ctl_io *)ctsio);
7436		return (CTL_RETVAL_COMPLETE);
7437	}
7438
7439	alloc_len = scsi_4btoul(cdb->length);
7440
7441	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7442
7443	ctsio->kern_sg_entries = 0;
7444
7445	if (total_len < alloc_len) {
7446		ctsio->residual = alloc_len - total_len;
7447		ctsio->kern_data_len = total_len;
7448		ctsio->kern_total_len = total_len;
7449	} else {
7450		ctsio->residual = 0;
7451		ctsio->kern_data_len = alloc_len;
7452		ctsio->kern_total_len = alloc_len;
7453	}
7454	ctsio->kern_data_resid = 0;
7455	ctsio->kern_rel_offset = 0;
7456
7457	switch (cdb->options & RSO_OPTIONS_MASK) {
7458	case RSO_OPTIONS_ALL:
7459		all = (struct scsi_report_supported_opcodes_all *)
7460		    ctsio->kern_data_ptr;
7461		num = 0;
7462		for (i = 0; i < 256; i++) {
7463			entry = &ctl_cmd_table[i];
7464			if (entry->flags & CTL_CMD_FLAG_SA5) {
7465				for (j = 0; j < 32; j++) {
7466					sentry = &((const struct ctl_cmd_entry *)
7467					    entry->execute)[j];
7468					if (!ctl_cmd_applicable(
7469					    lun->be_lun->lun_type, sentry))
7470						continue;
7471					descr = &all->descr[num++];
7472					descr->opcode = i;
7473					scsi_ulto2b(j, descr->service_action);
7474					descr->flags = RSO_SERVACTV;
7475					scsi_ulto2b(sentry->length,
7476					    descr->cdb_length);
7477				}
7478			} else {
7479				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7480				    entry))
7481					continue;
7482				descr = &all->descr[num++];
7483				descr->opcode = i;
7484				scsi_ulto2b(0, descr->service_action);
7485				descr->flags = 0;
7486				scsi_ulto2b(entry->length, descr->cdb_length);
7487			}
7488		}
7489		scsi_ulto4b(
7490		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7491		    all->length);
7492		break;
7493	case RSO_OPTIONS_OC:
7494		one = (struct scsi_report_supported_opcodes_one *)
7495		    ctsio->kern_data_ptr;
7496		entry = &ctl_cmd_table[opcode];
7497		goto fill_one;
7498	case RSO_OPTIONS_OC_SA:
7499		one = (struct scsi_report_supported_opcodes_one *)
7500		    ctsio->kern_data_ptr;
7501		entry = &ctl_cmd_table[opcode];
7502		entry = &((const struct ctl_cmd_entry *)
7503		    entry->execute)[service_action];
7504fill_one:
7505		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7506			one->support = 3;
7507			scsi_ulto2b(entry->length, one->cdb_length);
7508			one->cdb_usage[0] = opcode;
7509			memcpy(&one->cdb_usage[1], entry->usage,
7510			    entry->length - 1);
7511		} else
7512			one->support = 1;
7513		break;
7514	}
7515
7516	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7517	ctsio->be_move_done = ctl_config_move_done;
7518
7519	ctl_datamove((union ctl_io *)ctsio);
7520	return(retval);
7521}
7522
7523int
7524ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7525{
7526	struct ctl_lun *lun;
7527	struct scsi_report_supported_tmf *cdb;
7528	struct scsi_report_supported_tmf_data *data;
7529	int retval;
7530	int alloc_len, total_len;
7531
7532	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7533
7534	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7535	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7536
7537	retval = CTL_RETVAL_COMPLETE;
7538
7539	total_len = sizeof(struct scsi_report_supported_tmf_data);
7540	alloc_len = scsi_4btoul(cdb->length);
7541
7542	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7543
7544	ctsio->kern_sg_entries = 0;
7545
7546	if (total_len < alloc_len) {
7547		ctsio->residual = alloc_len - total_len;
7548		ctsio->kern_data_len = total_len;
7549		ctsio->kern_total_len = total_len;
7550	} else {
7551		ctsio->residual = 0;
7552		ctsio->kern_data_len = alloc_len;
7553		ctsio->kern_total_len = alloc_len;
7554	}
7555	ctsio->kern_data_resid = 0;
7556	ctsio->kern_rel_offset = 0;
7557
7558	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7559	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7560	data->byte2 |= RST_ITNRS;
7561
7562	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7563	ctsio->be_move_done = ctl_config_move_done;
7564
7565	ctl_datamove((union ctl_io *)ctsio);
7566	return (retval);
7567}
7568
7569int
7570ctl_report_timestamp(struct ctl_scsiio *ctsio)
7571{
7572	struct ctl_lun *lun;
7573	struct scsi_report_timestamp *cdb;
7574	struct scsi_report_timestamp_data *data;
7575	struct timeval tv;
7576	int64_t timestamp;
7577	int retval;
7578	int alloc_len, total_len;
7579
7580	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7581
7582	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7583	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7584
7585	retval = CTL_RETVAL_COMPLETE;
7586
7587	total_len = sizeof(struct scsi_report_timestamp_data);
7588	alloc_len = scsi_4btoul(cdb->length);
7589
7590	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7591
7592	ctsio->kern_sg_entries = 0;
7593
7594	if (total_len < alloc_len) {
7595		ctsio->residual = alloc_len - total_len;
7596		ctsio->kern_data_len = total_len;
7597		ctsio->kern_total_len = total_len;
7598	} else {
7599		ctsio->residual = 0;
7600		ctsio->kern_data_len = alloc_len;
7601		ctsio->kern_total_len = alloc_len;
7602	}
7603	ctsio->kern_data_resid = 0;
7604	ctsio->kern_rel_offset = 0;
7605
7606	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7607	scsi_ulto2b(sizeof(*data) - 2, data->length);
7608	data->origin = RTS_ORIG_OUTSIDE;
7609	getmicrotime(&tv);
7610	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7611	scsi_ulto4b(timestamp >> 16, data->timestamp);
7612	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7613
7614	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7615	ctsio->be_move_done = ctl_config_move_done;
7616
7617	ctl_datamove((union ctl_io *)ctsio);
7618	return (retval);
7619}
7620
7621int
7622ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7623{
7624	struct scsi_per_res_in *cdb;
7625	int alloc_len, total_len = 0;
7626	/* struct scsi_per_res_in_rsrv in_data; */
7627	struct ctl_lun *lun;
7628	struct ctl_softc *softc;
7629
7630	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7631
7632	softc = control_softc;
7633
7634	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7635
7636	alloc_len = scsi_2btoul(cdb->length);
7637
7638	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7639
7640retry:
7641	mtx_lock(&lun->lun_lock);
7642	switch (cdb->action) {
7643	case SPRI_RK: /* read keys */
7644		total_len = sizeof(struct scsi_per_res_in_keys) +
7645			lun->pr_key_count *
7646			sizeof(struct scsi_per_res_key);
7647		break;
7648	case SPRI_RR: /* read reservation */
7649		if (lun->flags & CTL_LUN_PR_RESERVED)
7650			total_len = sizeof(struct scsi_per_res_in_rsrv);
7651		else
7652			total_len = sizeof(struct scsi_per_res_in_header);
7653		break;
7654	case SPRI_RC: /* report capabilities */
7655		total_len = sizeof(struct scsi_per_res_cap);
7656		break;
7657	case SPRI_RS: /* read full status */
7658		total_len = sizeof(struct scsi_per_res_in_header) +
7659		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7660		    lun->pr_key_count;
7661		break;
7662	default:
7663		panic("Invalid PR type %x", cdb->action);
7664	}
7665	mtx_unlock(&lun->lun_lock);
7666
7667	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7668
7669	if (total_len < alloc_len) {
7670		ctsio->residual = alloc_len - total_len;
7671		ctsio->kern_data_len = total_len;
7672		ctsio->kern_total_len = total_len;
7673	} else {
7674		ctsio->residual = 0;
7675		ctsio->kern_data_len = alloc_len;
7676		ctsio->kern_total_len = alloc_len;
7677	}
7678
7679	ctsio->kern_data_resid = 0;
7680	ctsio->kern_rel_offset = 0;
7681	ctsio->kern_sg_entries = 0;
7682
7683	mtx_lock(&lun->lun_lock);
7684	switch (cdb->action) {
7685	case SPRI_RK: { // read keys
7686        struct scsi_per_res_in_keys *res_keys;
7687		int i, key_count;
7688
7689		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7690
7691		/*
7692		 * We had to drop the lock to allocate our buffer, which
7693		 * leaves time for someone to come in with another
7694		 * persistent reservation.  (That is unlikely, though,
7695		 * since this should be the only persistent reservation
7696		 * command active right now.)
7697		 */
7698		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7699		    (lun->pr_key_count *
7700		     sizeof(struct scsi_per_res_key)))){
7701			mtx_unlock(&lun->lun_lock);
7702			free(ctsio->kern_data_ptr, M_CTL);
7703			printf("%s: reservation length changed, retrying\n",
7704			       __func__);
7705			goto retry;
7706		}
7707
7708		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7709
7710		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7711			     lun->pr_key_count, res_keys->header.length);
7712
7713		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7714			if (lun->pr_keys[i] == 0)
7715				continue;
7716
7717			/*
7718			 * We used lun->pr_key_count to calculate the
7719			 * size to allocate.  If it turns out the number of
7720			 * initiators with the registered flag set is
7721			 * larger than that (i.e. they haven't been kept in
7722			 * sync), we've got a problem.
7723			 */
7724			if (key_count >= lun->pr_key_count) {
7725#ifdef NEEDTOPORT
7726				csevent_log(CSC_CTL | CSC_SHELF_SW |
7727					    CTL_PR_ERROR,
7728					    csevent_LogType_Fault,
7729					    csevent_AlertLevel_Yellow,
7730					    csevent_FRU_ShelfController,
7731					    csevent_FRU_Firmware,
7732				        csevent_FRU_Unknown,
7733					    "registered keys %d >= key "
7734					    "count %d", key_count,
7735					    lun->pr_key_count);
7736#endif
7737				key_count++;
7738				continue;
7739			}
7740			scsi_u64to8b(lun->pr_keys[i],
7741			    res_keys->keys[key_count].key);
7742			key_count++;
7743		}
7744		break;
7745	}
7746	case SPRI_RR: { // read reservation
7747		struct scsi_per_res_in_rsrv *res;
7748		int tmp_len, header_only;
7749
7750		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7751
7752		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7753
7754		if (lun->flags & CTL_LUN_PR_RESERVED)
7755		{
7756			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7757			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7758				    res->header.length);
7759			header_only = 0;
7760		} else {
7761			tmp_len = sizeof(struct scsi_per_res_in_header);
7762			scsi_ulto4b(0, res->header.length);
7763			header_only = 1;
7764		}
7765
7766		/*
7767		 * We had to drop the lock to allocate our buffer, which
7768		 * leaves time for someone to come in with another
7769		 * persistent reservation.  (That is unlikely, though,
7770		 * since this should be the only persistent reservation
7771		 * command active right now.)
7772		 */
7773		if (tmp_len != total_len) {
7774			mtx_unlock(&lun->lun_lock);
7775			free(ctsio->kern_data_ptr, M_CTL);
7776			printf("%s: reservation status changed, retrying\n",
7777			       __func__);
7778			goto retry;
7779		}
7780
7781		/*
7782		 * No reservation held, so we're done.
7783		 */
7784		if (header_only != 0)
7785			break;
7786
7787		/*
7788		 * If the registration is an All Registrants type, the key
7789		 * is 0, since it doesn't really matter.
7790		 */
7791		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7792			scsi_u64to8b(lun->pr_keys[lun->pr_res_idx],
7793			    res->data.reservation);
7794		}
7795		res->data.scopetype = lun->res_type;
7796		break;
7797	}
7798	case SPRI_RC:     //report capabilities
7799	{
7800		struct scsi_per_res_cap *res_cap;
7801		uint16_t type_mask;
7802
7803		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7804		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7805		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7806		type_mask = SPRI_TM_WR_EX_AR |
7807			    SPRI_TM_EX_AC_RO |
7808			    SPRI_TM_WR_EX_RO |
7809			    SPRI_TM_EX_AC |
7810			    SPRI_TM_WR_EX |
7811			    SPRI_TM_EX_AC_AR;
7812		scsi_ulto2b(type_mask, res_cap->type_mask);
7813		break;
7814	}
7815	case SPRI_RS: { // read full status
7816		struct scsi_per_res_in_full *res_status;
7817		struct scsi_per_res_in_full_desc *res_desc;
7818		struct ctl_port *port;
7819		int i, len;
7820
7821		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7822
7823		/*
7824		 * We had to drop the lock to allocate our buffer, which
7825		 * leaves time for someone to come in with another
7826		 * persistent reservation.  (That is unlikely, though,
7827		 * since this should be the only persistent reservation
7828		 * command active right now.)
7829		 */
7830		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7831		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7832		     lun->pr_key_count)){
7833			mtx_unlock(&lun->lun_lock);
7834			free(ctsio->kern_data_ptr, M_CTL);
7835			printf("%s: reservation length changed, retrying\n",
7836			       __func__);
7837			goto retry;
7838		}
7839
7840		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7841
7842		res_desc = &res_status->desc[0];
7843		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7844			if (lun->pr_keys[i] == 0)
7845				continue;
7846
7847			scsi_u64to8b(lun->pr_keys[i], res_desc->res_key.key);
7848			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7849			    (lun->pr_res_idx == i ||
7850			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7851				res_desc->flags = SPRI_FULL_R_HOLDER;
7852				res_desc->scopetype = lun->res_type;
7853			}
7854			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7855			    res_desc->rel_trgt_port_id);
7856			len = 0;
7857			port = softc->ctl_ports[
7858			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
7859			if (port != NULL)
7860				len = ctl_create_iid(port,
7861				    i % CTL_MAX_INIT_PER_PORT,
7862				    res_desc->transport_id);
7863			scsi_ulto4b(len, res_desc->additional_length);
7864			res_desc = (struct scsi_per_res_in_full_desc *)
7865			    &res_desc->transport_id[len];
7866		}
7867		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7868		    res_status->header.length);
7869		break;
7870	}
7871	default:
7872		/*
7873		 * This is a bug, because we just checked for this above,
7874		 * and should have returned an error.
7875		 */
7876		panic("Invalid PR type %x", cdb->action);
7877		break; /* NOTREACHED */
7878	}
7879	mtx_unlock(&lun->lun_lock);
7880
7881	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7882	ctsio->be_move_done = ctl_config_move_done;
7883
7884	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7885			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7886			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7887			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7888			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7889
7890	ctl_datamove((union ctl_io *)ctsio);
7891
7892	return (CTL_RETVAL_COMPLETE);
7893}
7894
7895/*
7896 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7897 * it should return.
7898 */
7899static int
7900ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7901		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7902		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7903		struct scsi_per_res_out_parms* param)
7904{
7905	union ctl_ha_msg persis_io;
7906	int retval, i;
7907	int isc_retval;
7908
7909	retval = 0;
7910
7911	mtx_lock(&lun->lun_lock);
7912	if (sa_res_key == 0) {
7913		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7914			/* validate scope and type */
7915			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7916			     SPR_LU_SCOPE) {
7917				mtx_unlock(&lun->lun_lock);
7918				ctl_set_invalid_field(/*ctsio*/ ctsio,
7919						      /*sks_valid*/ 1,
7920						      /*command*/ 1,
7921						      /*field*/ 2,
7922						      /*bit_valid*/ 1,
7923						      /*bit*/ 4);
7924				ctl_done((union ctl_io *)ctsio);
7925				return (1);
7926			}
7927
7928		        if (type>8 || type==2 || type==4 || type==0) {
7929				mtx_unlock(&lun->lun_lock);
7930				ctl_set_invalid_field(/*ctsio*/ ctsio,
7931       	           				      /*sks_valid*/ 1,
7932						      /*command*/ 1,
7933						      /*field*/ 2,
7934						      /*bit_valid*/ 1,
7935						      /*bit*/ 0);
7936				ctl_done((union ctl_io *)ctsio);
7937				return (1);
7938		        }
7939
7940			/*
7941			 * Unregister everybody else and build UA for
7942			 * them
7943			 */
7944			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7945				if (i == residx || lun->pr_keys[i] == 0)
7946					continue;
7947
7948				if (!persis_offset
7949				 && i <CTL_MAX_INITIATORS)
7950					lun->pending_ua[i] |=
7951						CTL_UA_REG_PREEMPT;
7952				else if (persis_offset
7953				      && i >= persis_offset)
7954					lun->pending_ua[i-persis_offset] |=
7955						CTL_UA_REG_PREEMPT;
7956				lun->pr_keys[i] = 0;
7957			}
7958			lun->pr_key_count = 1;
7959			lun->res_type = type;
7960			if (lun->res_type != SPR_TYPE_WR_EX_AR
7961			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7962				lun->pr_res_idx = residx;
7963
7964			/* send msg to other side */
7965			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7966			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7967			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7968			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7969			persis_io.pr.pr_info.res_type = type;
7970			memcpy(persis_io.pr.pr_info.sa_res_key,
7971			       param->serv_act_res_key,
7972			       sizeof(param->serv_act_res_key));
7973			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7974			     &persis_io, sizeof(persis_io), 0)) >
7975			     CTL_HA_STATUS_SUCCESS) {
7976				printf("CTL:Persis Out error returned "
7977				       "from ctl_ha_msg_send %d\n",
7978				       isc_retval);
7979			}
7980		} else {
7981			/* not all registrants */
7982			mtx_unlock(&lun->lun_lock);
7983			free(ctsio->kern_data_ptr, M_CTL);
7984			ctl_set_invalid_field(ctsio,
7985					      /*sks_valid*/ 1,
7986					      /*command*/ 0,
7987					      /*field*/ 8,
7988					      /*bit_valid*/ 0,
7989					      /*bit*/ 0);
7990			ctl_done((union ctl_io *)ctsio);
7991			return (1);
7992		}
7993	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7994		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7995		int found = 0;
7996
7997		if (res_key == sa_res_key) {
7998			/* special case */
7999			/*
8000			 * The spec implies this is not good but doesn't
8001			 * say what to do. There are two choices either
8002			 * generate a res conflict or check condition
8003			 * with illegal field in parameter data. Since
8004			 * that is what is done when the sa_res_key is
8005			 * zero I'll take that approach since this has
8006			 * to do with the sa_res_key.
8007			 */
8008			mtx_unlock(&lun->lun_lock);
8009			free(ctsio->kern_data_ptr, M_CTL);
8010			ctl_set_invalid_field(ctsio,
8011					      /*sks_valid*/ 1,
8012					      /*command*/ 0,
8013					      /*field*/ 8,
8014					      /*bit_valid*/ 0,
8015					      /*bit*/ 0);
8016			ctl_done((union ctl_io *)ctsio);
8017			return (1);
8018		}
8019
8020		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8021			if (lun->pr_keys[i] != sa_res_key)
8022				continue;
8023
8024			found = 1;
8025			lun->pr_keys[i] = 0;
8026			lun->pr_key_count--;
8027
8028			if (!persis_offset && i < CTL_MAX_INITIATORS)
8029				lun->pending_ua[i] |= CTL_UA_REG_PREEMPT;
8030			else if (persis_offset && i >= persis_offset)
8031				lun->pending_ua[i-persis_offset] |=
8032					CTL_UA_REG_PREEMPT;
8033		}
8034		if (!found) {
8035			mtx_unlock(&lun->lun_lock);
8036			free(ctsio->kern_data_ptr, M_CTL);
8037			ctl_set_reservation_conflict(ctsio);
8038			ctl_done((union ctl_io *)ctsio);
8039			return (CTL_RETVAL_COMPLETE);
8040		}
8041		/* send msg to other side */
8042		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8043		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8044		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8045		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8046		persis_io.pr.pr_info.res_type = type;
8047		memcpy(persis_io.pr.pr_info.sa_res_key,
8048		       param->serv_act_res_key,
8049		       sizeof(param->serv_act_res_key));
8050		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8051		     &persis_io, sizeof(persis_io), 0)) >
8052		     CTL_HA_STATUS_SUCCESS) {
8053			printf("CTL:Persis Out error returned from "
8054			       "ctl_ha_msg_send %d\n", isc_retval);
8055		}
8056	} else {
8057		/* Reserved but not all registrants */
8058		/* sa_res_key is res holder */
8059		if (sa_res_key == lun->pr_keys[lun->pr_res_idx]) {
8060			/* validate scope and type */
8061			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8062			     SPR_LU_SCOPE) {
8063				mtx_unlock(&lun->lun_lock);
8064				ctl_set_invalid_field(/*ctsio*/ ctsio,
8065						      /*sks_valid*/ 1,
8066						      /*command*/ 1,
8067						      /*field*/ 2,
8068						      /*bit_valid*/ 1,
8069						      /*bit*/ 4);
8070				ctl_done((union ctl_io *)ctsio);
8071				return (1);
8072			}
8073
8074			if (type>8 || type==2 || type==4 || type==0) {
8075				mtx_unlock(&lun->lun_lock);
8076				ctl_set_invalid_field(/*ctsio*/ ctsio,
8077						      /*sks_valid*/ 1,
8078						      /*command*/ 1,
8079						      /*field*/ 2,
8080						      /*bit_valid*/ 1,
8081						      /*bit*/ 0);
8082				ctl_done((union ctl_io *)ctsio);
8083				return (1);
8084			}
8085
8086			/*
8087			 * Do the following:
8088			 * if sa_res_key != res_key remove all
8089			 * registrants w/sa_res_key and generate UA
8090			 * for these registrants(Registrations
8091			 * Preempted) if it wasn't an exclusive
8092			 * reservation generate UA(Reservations
8093			 * Preempted) for all other registered nexuses
8094			 * if the type has changed. Establish the new
8095			 * reservation and holder. If res_key and
8096			 * sa_res_key are the same do the above
8097			 * except don't unregister the res holder.
8098			 */
8099
8100			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8101				if (i == residx || lun->pr_keys[i] == 0)
8102					continue;
8103
8104				if (sa_res_key == lun->pr_keys[i]) {
8105					lun->pr_keys[i] = 0;
8106					lun->pr_key_count--;
8107
8108					if (!persis_offset
8109					 && i < CTL_MAX_INITIATORS)
8110						lun->pending_ua[i] |=
8111							CTL_UA_REG_PREEMPT;
8112					else if (persis_offset
8113					      && i >= persis_offset)
8114						lun->pending_ua[i-persis_offset] |=
8115						  CTL_UA_REG_PREEMPT;
8116				} else if (type != lun->res_type
8117					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8118					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8119						if (!persis_offset
8120						 && i < CTL_MAX_INITIATORS)
8121							lun->pending_ua[i] |=
8122							CTL_UA_RES_RELEASE;
8123						else if (persis_offset
8124						      && i >= persis_offset)
8125							lun->pending_ua[
8126							i-persis_offset] |=
8127							CTL_UA_RES_RELEASE;
8128				}
8129			}
8130			lun->res_type = type;
8131			if (lun->res_type != SPR_TYPE_WR_EX_AR
8132			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8133				lun->pr_res_idx = residx;
8134			else
8135				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8136
8137			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8138			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8139			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8140			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8141			persis_io.pr.pr_info.res_type = type;
8142			memcpy(persis_io.pr.pr_info.sa_res_key,
8143			       param->serv_act_res_key,
8144			       sizeof(param->serv_act_res_key));
8145			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8146			     &persis_io, sizeof(persis_io), 0)) >
8147			     CTL_HA_STATUS_SUCCESS) {
8148				printf("CTL:Persis Out error returned "
8149				       "from ctl_ha_msg_send %d\n",
8150				       isc_retval);
8151			}
8152		} else {
8153			/*
8154			 * sa_res_key is not the res holder just
8155			 * remove registrants
8156			 */
8157			int found=0;
8158
8159			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8160				if (sa_res_key != lun->pr_keys[i])
8161					continue;
8162
8163				found = 1;
8164				lun->pr_keys[i] = 0;
8165				lun->pr_key_count--;
8166
8167				if (!persis_offset
8168				 && i < CTL_MAX_INITIATORS)
8169					lun->pending_ua[i] |=
8170						CTL_UA_REG_PREEMPT;
8171				else if (persis_offset
8172				      && i >= persis_offset)
8173					lun->pending_ua[i-persis_offset] |=
8174						CTL_UA_REG_PREEMPT;
8175			}
8176
8177			if (!found) {
8178				mtx_unlock(&lun->lun_lock);
8179				free(ctsio->kern_data_ptr, M_CTL);
8180				ctl_set_reservation_conflict(ctsio);
8181				ctl_done((union ctl_io *)ctsio);
8182		        	return (1);
8183			}
8184			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8185			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8186			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8187			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8188			persis_io.pr.pr_info.res_type = type;
8189			memcpy(persis_io.pr.pr_info.sa_res_key,
8190			       param->serv_act_res_key,
8191			       sizeof(param->serv_act_res_key));
8192			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8193			     &persis_io, sizeof(persis_io), 0)) >
8194			     CTL_HA_STATUS_SUCCESS) {
8195				printf("CTL:Persis Out error returned "
8196				       "from ctl_ha_msg_send %d\n",
8197				isc_retval);
8198			}
8199		}
8200	}
8201
8202	lun->PRGeneration++;
8203	mtx_unlock(&lun->lun_lock);
8204
8205	return (retval);
8206}
8207
8208static void
8209ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8210{
8211	uint64_t sa_res_key;
8212	int i;
8213
8214	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8215
8216	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8217	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8218	 || sa_res_key != lun->pr_keys[lun->pr_res_idx]) {
8219		if (sa_res_key == 0) {
8220			/*
8221			 * Unregister everybody else and build UA for
8222			 * them
8223			 */
8224			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8225				if (i == msg->pr.pr_info.residx ||
8226				    lun->pr_keys[i] == 0)
8227					continue;
8228
8229				if (!persis_offset
8230				 && i < CTL_MAX_INITIATORS)
8231					lun->pending_ua[i] |=
8232						CTL_UA_REG_PREEMPT;
8233				else if (persis_offset && i >= persis_offset)
8234					lun->pending_ua[i - persis_offset] |=
8235						CTL_UA_REG_PREEMPT;
8236				lun->pr_keys[i] = 0;
8237			}
8238
8239			lun->pr_key_count = 1;
8240			lun->res_type = msg->pr.pr_info.res_type;
8241			if (lun->res_type != SPR_TYPE_WR_EX_AR
8242			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8243				lun->pr_res_idx = msg->pr.pr_info.residx;
8244		} else {
8245		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8246				if (sa_res_key == lun->pr_keys[i])
8247					continue;
8248
8249				lun->pr_keys[i] = 0;
8250				lun->pr_key_count--;
8251
8252				if (!persis_offset
8253				 && i < persis_offset)
8254					lun->pending_ua[i] |=
8255						CTL_UA_REG_PREEMPT;
8256				else if (persis_offset
8257				      && i >= persis_offset)
8258					lun->pending_ua[i - persis_offset] |=
8259						CTL_UA_REG_PREEMPT;
8260			}
8261		}
8262	} else {
8263		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8264			if (i == msg->pr.pr_info.residx ||
8265			    lun->pr_keys[i] == 0)
8266				continue;
8267
8268			if (sa_res_key == lun->pr_keys[i]) {
8269				lun->pr_keys[i] = 0;
8270				lun->pr_key_count--;
8271				if (!persis_offset
8272				 && i < CTL_MAX_INITIATORS)
8273					lun->pending_ua[i] |=
8274						CTL_UA_REG_PREEMPT;
8275				else if (persis_offset
8276				      && i >= persis_offset)
8277					lun->pending_ua[i - persis_offset] |=
8278						CTL_UA_REG_PREEMPT;
8279			} else if (msg->pr.pr_info.res_type != lun->res_type
8280				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8281				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8282					if (!persis_offset
8283					 && i < persis_offset)
8284						lun->pending_ua[i] |=
8285							CTL_UA_RES_RELEASE;
8286					else if (persis_offset
8287					      && i >= persis_offset)
8288					lun->pending_ua[i - persis_offset] |=
8289						CTL_UA_RES_RELEASE;
8290			}
8291		}
8292		lun->res_type = msg->pr.pr_info.res_type;
8293		if (lun->res_type != SPR_TYPE_WR_EX_AR
8294		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8295			lun->pr_res_idx = msg->pr.pr_info.residx;
8296		else
8297			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8298	}
8299	lun->PRGeneration++;
8300
8301}
8302
8303
8304int
8305ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8306{
8307	int retval;
8308	int isc_retval;
8309	u_int32_t param_len;
8310	struct scsi_per_res_out *cdb;
8311	struct ctl_lun *lun;
8312	struct scsi_per_res_out_parms* param;
8313	struct ctl_softc *softc;
8314	uint32_t residx;
8315	uint64_t res_key, sa_res_key;
8316	uint8_t type;
8317	union ctl_ha_msg persis_io;
8318	int    i;
8319
8320	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8321
8322	retval = CTL_RETVAL_COMPLETE;
8323
8324	softc = control_softc;
8325
8326	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8327	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8328
8329	/*
8330	 * We only support whole-LUN scope.  The scope & type are ignored for
8331	 * register, register and ignore existing key and clear.
8332	 * We sometimes ignore scope and type on preempts too!!
8333	 * Verify reservation type here as well.
8334	 */
8335	type = cdb->scope_type & SPR_TYPE_MASK;
8336	if ((cdb->action == SPRO_RESERVE)
8337	 || (cdb->action == SPRO_RELEASE)) {
8338		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8339			ctl_set_invalid_field(/*ctsio*/ ctsio,
8340					      /*sks_valid*/ 1,
8341					      /*command*/ 1,
8342					      /*field*/ 2,
8343					      /*bit_valid*/ 1,
8344					      /*bit*/ 4);
8345			ctl_done((union ctl_io *)ctsio);
8346			return (CTL_RETVAL_COMPLETE);
8347		}
8348
8349		if (type>8 || type==2 || type==4 || type==0) {
8350			ctl_set_invalid_field(/*ctsio*/ ctsio,
8351					      /*sks_valid*/ 1,
8352					      /*command*/ 1,
8353					      /*field*/ 2,
8354					      /*bit_valid*/ 1,
8355					      /*bit*/ 0);
8356			ctl_done((union ctl_io *)ctsio);
8357			return (CTL_RETVAL_COMPLETE);
8358		}
8359	}
8360
8361	param_len = scsi_4btoul(cdb->length);
8362
8363	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8364		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8365		ctsio->kern_data_len = param_len;
8366		ctsio->kern_total_len = param_len;
8367		ctsio->kern_data_resid = 0;
8368		ctsio->kern_rel_offset = 0;
8369		ctsio->kern_sg_entries = 0;
8370		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8371		ctsio->be_move_done = ctl_config_move_done;
8372		ctl_datamove((union ctl_io *)ctsio);
8373
8374		return (CTL_RETVAL_COMPLETE);
8375	}
8376
8377	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8378
8379	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8380	res_key = scsi_8btou64(param->res_key.key);
8381	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8382
8383	/*
8384	 * Validate the reservation key here except for SPRO_REG_IGNO
8385	 * This must be done for all other service actions
8386	 */
8387	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8388		mtx_lock(&lun->lun_lock);
8389		if (lun->pr_keys[residx] != 0) {
8390		    if (res_key != lun->pr_keys[residx]) {
8391				/*
8392				 * The current key passed in doesn't match
8393				 * the one the initiator previously
8394				 * registered.
8395				 */
8396				mtx_unlock(&lun->lun_lock);
8397				free(ctsio->kern_data_ptr, M_CTL);
8398				ctl_set_reservation_conflict(ctsio);
8399				ctl_done((union ctl_io *)ctsio);
8400				return (CTL_RETVAL_COMPLETE);
8401			}
8402		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8403			/*
8404			 * We are not registered
8405			 */
8406			mtx_unlock(&lun->lun_lock);
8407			free(ctsio->kern_data_ptr, M_CTL);
8408			ctl_set_reservation_conflict(ctsio);
8409			ctl_done((union ctl_io *)ctsio);
8410			return (CTL_RETVAL_COMPLETE);
8411		} else if (res_key != 0) {
8412			/*
8413			 * We are not registered and trying to register but
8414			 * the register key isn't zero.
8415			 */
8416			mtx_unlock(&lun->lun_lock);
8417			free(ctsio->kern_data_ptr, M_CTL);
8418			ctl_set_reservation_conflict(ctsio);
8419			ctl_done((union ctl_io *)ctsio);
8420			return (CTL_RETVAL_COMPLETE);
8421		}
8422		mtx_unlock(&lun->lun_lock);
8423	}
8424
8425	switch (cdb->action & SPRO_ACTION_MASK) {
8426	case SPRO_REGISTER:
8427	case SPRO_REG_IGNO: {
8428
8429#if 0
8430		printf("Registration received\n");
8431#endif
8432
8433		/*
8434		 * We don't support any of these options, as we report in
8435		 * the read capabilities request (see
8436		 * ctl_persistent_reserve_in(), above).
8437		 */
8438		if ((param->flags & SPR_SPEC_I_PT)
8439		 || (param->flags & SPR_ALL_TG_PT)
8440		 || (param->flags & SPR_APTPL)) {
8441			int bit_ptr;
8442
8443			if (param->flags & SPR_APTPL)
8444				bit_ptr = 0;
8445			else if (param->flags & SPR_ALL_TG_PT)
8446				bit_ptr = 2;
8447			else /* SPR_SPEC_I_PT */
8448				bit_ptr = 3;
8449
8450			free(ctsio->kern_data_ptr, M_CTL);
8451			ctl_set_invalid_field(ctsio,
8452					      /*sks_valid*/ 1,
8453					      /*command*/ 0,
8454					      /*field*/ 20,
8455					      /*bit_valid*/ 1,
8456					      /*bit*/ bit_ptr);
8457			ctl_done((union ctl_io *)ctsio);
8458			return (CTL_RETVAL_COMPLETE);
8459		}
8460
8461		mtx_lock(&lun->lun_lock);
8462
8463		/*
8464		 * The initiator wants to clear the
8465		 * key/unregister.
8466		 */
8467		if (sa_res_key == 0) {
8468			if ((res_key == 0
8469			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8470			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8471			  && lun->pr_keys[residx] == 0)) {
8472				mtx_unlock(&lun->lun_lock);
8473				goto done;
8474			}
8475
8476			lun->pr_keys[residx] = 0;
8477			lun->pr_key_count--;
8478
8479			if (residx == lun->pr_res_idx) {
8480				lun->flags &= ~CTL_LUN_PR_RESERVED;
8481				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8482
8483				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8484				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8485				 && lun->pr_key_count) {
8486					/*
8487					 * If the reservation is a registrants
8488					 * only type we need to generate a UA
8489					 * for other registered inits.  The
8490					 * sense code should be RESERVATIONS
8491					 * RELEASED
8492					 */
8493
8494					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8495						if (lun->pr_keys[
8496						    i + persis_offset] == 0)
8497							continue;
8498						lun->pending_ua[i] |=
8499							CTL_UA_RES_RELEASE;
8500					}
8501				}
8502				lun->res_type = 0;
8503			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8504				if (lun->pr_key_count==0) {
8505					lun->flags &= ~CTL_LUN_PR_RESERVED;
8506					lun->res_type = 0;
8507					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8508				}
8509			}
8510			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8511			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8512			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8513			persis_io.pr.pr_info.residx = residx;
8514			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8515			     &persis_io, sizeof(persis_io), 0 )) >
8516			     CTL_HA_STATUS_SUCCESS) {
8517				printf("CTL:Persis Out error returned from "
8518				       "ctl_ha_msg_send %d\n", isc_retval);
8519			}
8520		} else /* sa_res_key != 0 */ {
8521
8522			/*
8523			 * If we aren't registered currently then increment
8524			 * the key count and set the registered flag.
8525			 */
8526			if (lun->pr_keys[residx] == 0)
8527				lun->pr_key_count++;
8528			lun->pr_keys[residx] = sa_res_key;
8529
8530			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8531			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8532			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8533			persis_io.pr.pr_info.residx = residx;
8534			memcpy(persis_io.pr.pr_info.sa_res_key,
8535			       param->serv_act_res_key,
8536			       sizeof(param->serv_act_res_key));
8537			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8538			     &persis_io, sizeof(persis_io), 0)) >
8539			     CTL_HA_STATUS_SUCCESS) {
8540				printf("CTL:Persis Out error returned from "
8541				       "ctl_ha_msg_send %d\n", isc_retval);
8542			}
8543		}
8544		lun->PRGeneration++;
8545		mtx_unlock(&lun->lun_lock);
8546
8547		break;
8548	}
8549	case SPRO_RESERVE:
8550#if 0
8551                printf("Reserve executed type %d\n", type);
8552#endif
8553		mtx_lock(&lun->lun_lock);
8554		if (lun->flags & CTL_LUN_PR_RESERVED) {
8555			/*
8556			 * if this isn't the reservation holder and it's
8557			 * not a "all registrants" type or if the type is
8558			 * different then we have a conflict
8559			 */
8560			if ((lun->pr_res_idx != residx
8561			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8562			 || lun->res_type != type) {
8563				mtx_unlock(&lun->lun_lock);
8564				free(ctsio->kern_data_ptr, M_CTL);
8565				ctl_set_reservation_conflict(ctsio);
8566				ctl_done((union ctl_io *)ctsio);
8567				return (CTL_RETVAL_COMPLETE);
8568			}
8569			mtx_unlock(&lun->lun_lock);
8570		} else /* create a reservation */ {
8571			/*
8572			 * If it's not an "all registrants" type record
8573			 * reservation holder
8574			 */
8575			if (type != SPR_TYPE_WR_EX_AR
8576			 && type != SPR_TYPE_EX_AC_AR)
8577				lun->pr_res_idx = residx; /* Res holder */
8578			else
8579				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8580
8581			lun->flags |= CTL_LUN_PR_RESERVED;
8582			lun->res_type = type;
8583
8584			mtx_unlock(&lun->lun_lock);
8585
8586			/* send msg to other side */
8587			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8588			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8589			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8590			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8591			persis_io.pr.pr_info.res_type = type;
8592			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8593			     &persis_io, sizeof(persis_io), 0)) >
8594			     CTL_HA_STATUS_SUCCESS) {
8595				printf("CTL:Persis Out error returned from "
8596				       "ctl_ha_msg_send %d\n", isc_retval);
8597			}
8598		}
8599		break;
8600
8601	case SPRO_RELEASE:
8602		mtx_lock(&lun->lun_lock);
8603		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8604			/* No reservation exists return good status */
8605			mtx_unlock(&lun->lun_lock);
8606			goto done;
8607		}
8608		/*
8609		 * Is this nexus a reservation holder?
8610		 */
8611		if (lun->pr_res_idx != residx
8612		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8613			/*
8614			 * not a res holder return good status but
8615			 * do nothing
8616			 */
8617			mtx_unlock(&lun->lun_lock);
8618			goto done;
8619		}
8620
8621		if (lun->res_type != type) {
8622			mtx_unlock(&lun->lun_lock);
8623			free(ctsio->kern_data_ptr, M_CTL);
8624			ctl_set_illegal_pr_release(ctsio);
8625			ctl_done((union ctl_io *)ctsio);
8626			return (CTL_RETVAL_COMPLETE);
8627		}
8628
8629		/* okay to release */
8630		lun->flags &= ~CTL_LUN_PR_RESERVED;
8631		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8632		lun->res_type = 0;
8633
8634		/*
8635		 * if this isn't an exclusive access
8636		 * res generate UA for all other
8637		 * registrants.
8638		 */
8639		if (type != SPR_TYPE_EX_AC
8640		 && type != SPR_TYPE_WR_EX) {
8641			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8642				if (i == residx ||
8643				    lun->pr_keys[i + persis_offset] == 0)
8644					continue;
8645				lun->pending_ua[i] |= CTL_UA_RES_RELEASE;
8646			}
8647		}
8648		mtx_unlock(&lun->lun_lock);
8649		/* Send msg to other side */
8650		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8651		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8652		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8653		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8654		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8655			printf("CTL:Persis Out error returned from "
8656			       "ctl_ha_msg_send %d\n", isc_retval);
8657		}
8658		break;
8659
8660	case SPRO_CLEAR:
8661		/* send msg to other side */
8662
8663		mtx_lock(&lun->lun_lock);
8664		lun->flags &= ~CTL_LUN_PR_RESERVED;
8665		lun->res_type = 0;
8666		lun->pr_key_count = 0;
8667		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8668
8669		lun->pr_keys[residx] = 0;
8670
8671		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8672			if (lun->pr_keys[i] != 0) {
8673				if (!persis_offset && i < CTL_MAX_INITIATORS)
8674					lun->pending_ua[i] |=
8675						CTL_UA_RES_PREEMPT;
8676				else if (persis_offset && i >= persis_offset)
8677					lun->pending_ua[i-persis_offset] |=
8678					    CTL_UA_RES_PREEMPT;
8679
8680				lun->pr_keys[i] = 0;
8681			}
8682		lun->PRGeneration++;
8683		mtx_unlock(&lun->lun_lock);
8684		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8685		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8686		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8687		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8688		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8689			printf("CTL:Persis Out error returned from "
8690			       "ctl_ha_msg_send %d\n", isc_retval);
8691		}
8692		break;
8693
8694	case SPRO_PREEMPT:
8695	case SPRO_PRE_ABO: {
8696		int nretval;
8697
8698		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8699					  residx, ctsio, cdb, param);
8700		if (nretval != 0)
8701			return (CTL_RETVAL_COMPLETE);
8702		break;
8703	}
8704	default:
8705		panic("Invalid PR type %x", cdb->action);
8706	}
8707
8708done:
8709	free(ctsio->kern_data_ptr, M_CTL);
8710	ctl_set_success(ctsio);
8711	ctl_done((union ctl_io *)ctsio);
8712
8713	return (retval);
8714}
8715
8716/*
8717 * This routine is for handling a message from the other SC pertaining to
8718 * persistent reserve out. All the error checking will have been done
8719 * so only perorming the action need be done here to keep the two
8720 * in sync.
8721 */
8722static void
8723ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8724{
8725	struct ctl_lun *lun;
8726	struct ctl_softc *softc;
8727	int i;
8728	uint32_t targ_lun;
8729
8730	softc = control_softc;
8731
8732	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8733	lun = softc->ctl_luns[targ_lun];
8734	mtx_lock(&lun->lun_lock);
8735	switch(msg->pr.pr_info.action) {
8736	case CTL_PR_REG_KEY:
8737		if (lun->pr_keys[msg->pr.pr_info.residx] == 0)
8738			lun->pr_key_count++;
8739		lun->pr_keys[msg->pr.pr_info.residx] =
8740		    scsi_8btou64(msg->pr.pr_info.sa_res_key);
8741		lun->PRGeneration++;
8742		break;
8743
8744	case CTL_PR_UNREG_KEY:
8745		lun->pr_keys[msg->pr.pr_info.residx] = 0;
8746		lun->pr_key_count--;
8747
8748		/* XXX Need to see if the reservation has been released */
8749		/* if so do we need to generate UA? */
8750		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8751			lun->flags &= ~CTL_LUN_PR_RESERVED;
8752			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8753
8754			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8755			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8756			 && lun->pr_key_count) {
8757				/*
8758				 * If the reservation is a registrants
8759				 * only type we need to generate a UA
8760				 * for other registered inits.  The
8761				 * sense code should be RESERVATIONS
8762				 * RELEASED
8763				 */
8764
8765				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8766					if (lun->pr_keys[i+
8767					    persis_offset] == 0)
8768						continue;
8769
8770					lun->pending_ua[i] |=
8771						CTL_UA_RES_RELEASE;
8772				}
8773			}
8774			lun->res_type = 0;
8775		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8776			if (lun->pr_key_count==0) {
8777				lun->flags &= ~CTL_LUN_PR_RESERVED;
8778				lun->res_type = 0;
8779				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8780			}
8781		}
8782		lun->PRGeneration++;
8783		break;
8784
8785	case CTL_PR_RESERVE:
8786		lun->flags |= CTL_LUN_PR_RESERVED;
8787		lun->res_type = msg->pr.pr_info.res_type;
8788		lun->pr_res_idx = msg->pr.pr_info.residx;
8789
8790		break;
8791
8792	case CTL_PR_RELEASE:
8793		/*
8794		 * if this isn't an exclusive access res generate UA for all
8795		 * other registrants.
8796		 */
8797		if (lun->res_type != SPR_TYPE_EX_AC
8798		 && lun->res_type != SPR_TYPE_WR_EX) {
8799			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8800				if (lun->pr_keys[i+persis_offset] != 0)
8801					lun->pending_ua[i] |=
8802						CTL_UA_RES_RELEASE;
8803		}
8804
8805		lun->flags &= ~CTL_LUN_PR_RESERVED;
8806		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8807		lun->res_type = 0;
8808		break;
8809
8810	case CTL_PR_PREEMPT:
8811		ctl_pro_preempt_other(lun, msg);
8812		break;
8813	case CTL_PR_CLEAR:
8814		lun->flags &= ~CTL_LUN_PR_RESERVED;
8815		lun->res_type = 0;
8816		lun->pr_key_count = 0;
8817		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8818
8819		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8820			if (lun->pr_keys[i] == 0)
8821				continue;
8822			if (!persis_offset
8823			 && i < CTL_MAX_INITIATORS)
8824				lun->pending_ua[i] |= CTL_UA_RES_PREEMPT;
8825			else if (persis_offset
8826			      && i >= persis_offset)
8827				lun->pending_ua[i-persis_offset] |=
8828					CTL_UA_RES_PREEMPT;
8829			lun->pr_keys[i] = 0;
8830		}
8831		lun->PRGeneration++;
8832		break;
8833	}
8834
8835	mtx_unlock(&lun->lun_lock);
8836}
8837
8838int
8839ctl_read_write(struct ctl_scsiio *ctsio)
8840{
8841	struct ctl_lun *lun;
8842	struct ctl_lba_len_flags *lbalen;
8843	uint64_t lba;
8844	uint32_t num_blocks;
8845	int flags, retval;
8846	int isread;
8847
8848	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8849
8850	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8851
8852	flags = 0;
8853	retval = CTL_RETVAL_COMPLETE;
8854
8855	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8856	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8857	switch (ctsio->cdb[0]) {
8858	case READ_6:
8859	case WRITE_6: {
8860		struct scsi_rw_6 *cdb;
8861
8862		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8863
8864		lba = scsi_3btoul(cdb->addr);
8865		/* only 5 bits are valid in the most significant address byte */
8866		lba &= 0x1fffff;
8867		num_blocks = cdb->length;
8868		/*
8869		 * This is correct according to SBC-2.
8870		 */
8871		if (num_blocks == 0)
8872			num_blocks = 256;
8873		break;
8874	}
8875	case READ_10:
8876	case WRITE_10: {
8877		struct scsi_rw_10 *cdb;
8878
8879		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8880		if (cdb->byte2 & SRW10_FUA)
8881			flags |= CTL_LLF_FUA;
8882		if (cdb->byte2 & SRW10_DPO)
8883			flags |= CTL_LLF_DPO;
8884		lba = scsi_4btoul(cdb->addr);
8885		num_blocks = scsi_2btoul(cdb->length);
8886		break;
8887	}
8888	case WRITE_VERIFY_10: {
8889		struct scsi_write_verify_10 *cdb;
8890
8891		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8892		flags |= CTL_LLF_FUA;
8893		if (cdb->byte2 & SWV_DPO)
8894			flags |= CTL_LLF_DPO;
8895		lba = scsi_4btoul(cdb->addr);
8896		num_blocks = scsi_2btoul(cdb->length);
8897		break;
8898	}
8899	case READ_12:
8900	case WRITE_12: {
8901		struct scsi_rw_12 *cdb;
8902
8903		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8904		if (cdb->byte2 & SRW12_FUA)
8905			flags |= CTL_LLF_FUA;
8906		if (cdb->byte2 & SRW12_DPO)
8907			flags |= CTL_LLF_DPO;
8908		lba = scsi_4btoul(cdb->addr);
8909		num_blocks = scsi_4btoul(cdb->length);
8910		break;
8911	}
8912	case WRITE_VERIFY_12: {
8913		struct scsi_write_verify_12 *cdb;
8914
8915		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8916		flags |= CTL_LLF_FUA;
8917		if (cdb->byte2 & SWV_DPO)
8918			flags |= CTL_LLF_DPO;
8919		lba = scsi_4btoul(cdb->addr);
8920		num_blocks = scsi_4btoul(cdb->length);
8921		break;
8922	}
8923	case READ_16:
8924	case WRITE_16: {
8925		struct scsi_rw_16 *cdb;
8926
8927		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8928		if (cdb->byte2 & SRW12_FUA)
8929			flags |= CTL_LLF_FUA;
8930		if (cdb->byte2 & SRW12_DPO)
8931			flags |= CTL_LLF_DPO;
8932		lba = scsi_8btou64(cdb->addr);
8933		num_blocks = scsi_4btoul(cdb->length);
8934		break;
8935	}
8936	case WRITE_ATOMIC_16: {
8937		struct scsi_rw_16 *cdb;
8938
8939		if (lun->be_lun->atomicblock == 0) {
8940			ctl_set_invalid_opcode(ctsio);
8941			ctl_done((union ctl_io *)ctsio);
8942			return (CTL_RETVAL_COMPLETE);
8943		}
8944
8945		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8946		if (cdb->byte2 & SRW12_FUA)
8947			flags |= CTL_LLF_FUA;
8948		if (cdb->byte2 & SRW12_DPO)
8949			flags |= CTL_LLF_DPO;
8950		lba = scsi_8btou64(cdb->addr);
8951		num_blocks = scsi_4btoul(cdb->length);
8952		if (num_blocks > lun->be_lun->atomicblock) {
8953			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8954			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8955			    /*bit*/ 0);
8956			ctl_done((union ctl_io *)ctsio);
8957			return (CTL_RETVAL_COMPLETE);
8958		}
8959		break;
8960	}
8961	case WRITE_VERIFY_16: {
8962		struct scsi_write_verify_16 *cdb;
8963
8964		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8965		flags |= CTL_LLF_FUA;
8966		if (cdb->byte2 & SWV_DPO)
8967			flags |= CTL_LLF_DPO;
8968		lba = scsi_8btou64(cdb->addr);
8969		num_blocks = scsi_4btoul(cdb->length);
8970		break;
8971	}
8972	default:
8973		/*
8974		 * We got a command we don't support.  This shouldn't
8975		 * happen, commands should be filtered out above us.
8976		 */
8977		ctl_set_invalid_opcode(ctsio);
8978		ctl_done((union ctl_io *)ctsio);
8979
8980		return (CTL_RETVAL_COMPLETE);
8981		break; /* NOTREACHED */
8982	}
8983
8984	/*
8985	 * The first check is to make sure we're in bounds, the second
8986	 * check is to catch wrap-around problems.  If the lba + num blocks
8987	 * is less than the lba, then we've wrapped around and the block
8988	 * range is invalid anyway.
8989	 */
8990	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8991	 || ((lba + num_blocks) < lba)) {
8992		ctl_set_lba_out_of_range(ctsio);
8993		ctl_done((union ctl_io *)ctsio);
8994		return (CTL_RETVAL_COMPLETE);
8995	}
8996
8997	/*
8998	 * According to SBC-3, a transfer length of 0 is not an error.
8999	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9000	 * translates to 256 blocks for those commands.
9001	 */
9002	if (num_blocks == 0) {
9003		ctl_set_success(ctsio);
9004		ctl_done((union ctl_io *)ctsio);
9005		return (CTL_RETVAL_COMPLETE);
9006	}
9007
9008	/* Set FUA and/or DPO if caches are disabled. */
9009	if (isread) {
9010		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9011		    SCP_RCD) != 0)
9012			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9013	} else {
9014		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9015		    SCP_WCE) == 0)
9016			flags |= CTL_LLF_FUA;
9017	}
9018
9019	lbalen = (struct ctl_lba_len_flags *)
9020	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9021	lbalen->lba = lba;
9022	lbalen->len = num_blocks;
9023	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9024
9025	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9026	ctsio->kern_rel_offset = 0;
9027
9028	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9029
9030	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9031
9032	return (retval);
9033}
9034
9035static int
9036ctl_cnw_cont(union ctl_io *io)
9037{
9038	struct ctl_scsiio *ctsio;
9039	struct ctl_lun *lun;
9040	struct ctl_lba_len_flags *lbalen;
9041	int retval;
9042
9043	ctsio = &io->scsiio;
9044	ctsio->io_hdr.status = CTL_STATUS_NONE;
9045	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9046	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9047	lbalen = (struct ctl_lba_len_flags *)
9048	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9049	lbalen->flags &= ~CTL_LLF_COMPARE;
9050	lbalen->flags |= CTL_LLF_WRITE;
9051
9052	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9053	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9054	return (retval);
9055}
9056
9057int
9058ctl_cnw(struct ctl_scsiio *ctsio)
9059{
9060	struct ctl_lun *lun;
9061	struct ctl_lba_len_flags *lbalen;
9062	uint64_t lba;
9063	uint32_t num_blocks;
9064	int flags, retval;
9065
9066	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9067
9068	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9069
9070	flags = 0;
9071	retval = CTL_RETVAL_COMPLETE;
9072
9073	switch (ctsio->cdb[0]) {
9074	case COMPARE_AND_WRITE: {
9075		struct scsi_compare_and_write *cdb;
9076
9077		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9078		if (cdb->byte2 & SRW10_FUA)
9079			flags |= CTL_LLF_FUA;
9080		if (cdb->byte2 & SRW10_DPO)
9081			flags |= CTL_LLF_DPO;
9082		lba = scsi_8btou64(cdb->addr);
9083		num_blocks = cdb->length;
9084		break;
9085	}
9086	default:
9087		/*
9088		 * We got a command we don't support.  This shouldn't
9089		 * happen, commands should be filtered out above us.
9090		 */
9091		ctl_set_invalid_opcode(ctsio);
9092		ctl_done((union ctl_io *)ctsio);
9093
9094		return (CTL_RETVAL_COMPLETE);
9095		break; /* NOTREACHED */
9096	}
9097
9098	/*
9099	 * The first check is to make sure we're in bounds, the second
9100	 * check is to catch wrap-around problems.  If the lba + num blocks
9101	 * is less than the lba, then we've wrapped around and the block
9102	 * range is invalid anyway.
9103	 */
9104	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9105	 || ((lba + num_blocks) < lba)) {
9106		ctl_set_lba_out_of_range(ctsio);
9107		ctl_done((union ctl_io *)ctsio);
9108		return (CTL_RETVAL_COMPLETE);
9109	}
9110
9111	/*
9112	 * According to SBC-3, a transfer length of 0 is not an error.
9113	 */
9114	if (num_blocks == 0) {
9115		ctl_set_success(ctsio);
9116		ctl_done((union ctl_io *)ctsio);
9117		return (CTL_RETVAL_COMPLETE);
9118	}
9119
9120	/* Set FUA if write cache is disabled. */
9121	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9122	    SCP_WCE) == 0)
9123		flags |= CTL_LLF_FUA;
9124
9125	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9126	ctsio->kern_rel_offset = 0;
9127
9128	/*
9129	 * Set the IO_CONT flag, so that if this I/O gets passed to
9130	 * ctl_data_submit_done(), it'll get passed back to
9131	 * ctl_ctl_cnw_cont() for further processing.
9132	 */
9133	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9134	ctsio->io_cont = ctl_cnw_cont;
9135
9136	lbalen = (struct ctl_lba_len_flags *)
9137	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9138	lbalen->lba = lba;
9139	lbalen->len = num_blocks;
9140	lbalen->flags = CTL_LLF_COMPARE | flags;
9141
9142	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9143	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9144	return (retval);
9145}
9146
9147int
9148ctl_verify(struct ctl_scsiio *ctsio)
9149{
9150	struct ctl_lun *lun;
9151	struct ctl_lba_len_flags *lbalen;
9152	uint64_t lba;
9153	uint32_t num_blocks;
9154	int bytchk, flags;
9155	int retval;
9156
9157	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9158
9159	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9160
9161	bytchk = 0;
9162	flags = CTL_LLF_FUA;
9163	retval = CTL_RETVAL_COMPLETE;
9164
9165	switch (ctsio->cdb[0]) {
9166	case VERIFY_10: {
9167		struct scsi_verify_10 *cdb;
9168
9169		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9170		if (cdb->byte2 & SVFY_BYTCHK)
9171			bytchk = 1;
9172		if (cdb->byte2 & SVFY_DPO)
9173			flags |= CTL_LLF_DPO;
9174		lba = scsi_4btoul(cdb->addr);
9175		num_blocks = scsi_2btoul(cdb->length);
9176		break;
9177	}
9178	case VERIFY_12: {
9179		struct scsi_verify_12 *cdb;
9180
9181		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9182		if (cdb->byte2 & SVFY_BYTCHK)
9183			bytchk = 1;
9184		if (cdb->byte2 & SVFY_DPO)
9185			flags |= CTL_LLF_DPO;
9186		lba = scsi_4btoul(cdb->addr);
9187		num_blocks = scsi_4btoul(cdb->length);
9188		break;
9189	}
9190	case VERIFY_16: {
9191		struct scsi_rw_16 *cdb;
9192
9193		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9194		if (cdb->byte2 & SVFY_BYTCHK)
9195			bytchk = 1;
9196		if (cdb->byte2 & SVFY_DPO)
9197			flags |= CTL_LLF_DPO;
9198		lba = scsi_8btou64(cdb->addr);
9199		num_blocks = scsi_4btoul(cdb->length);
9200		break;
9201	}
9202	default:
9203		/*
9204		 * We got a command we don't support.  This shouldn't
9205		 * happen, commands should be filtered out above us.
9206		 */
9207		ctl_set_invalid_opcode(ctsio);
9208		ctl_done((union ctl_io *)ctsio);
9209		return (CTL_RETVAL_COMPLETE);
9210	}
9211
9212	/*
9213	 * The first check is to make sure we're in bounds, the second
9214	 * check is to catch wrap-around problems.  If the lba + num blocks
9215	 * is less than the lba, then we've wrapped around and the block
9216	 * range is invalid anyway.
9217	 */
9218	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9219	 || ((lba + num_blocks) < lba)) {
9220		ctl_set_lba_out_of_range(ctsio);
9221		ctl_done((union ctl_io *)ctsio);
9222		return (CTL_RETVAL_COMPLETE);
9223	}
9224
9225	/*
9226	 * According to SBC-3, a transfer length of 0 is not an error.
9227	 */
9228	if (num_blocks == 0) {
9229		ctl_set_success(ctsio);
9230		ctl_done((union ctl_io *)ctsio);
9231		return (CTL_RETVAL_COMPLETE);
9232	}
9233
9234	lbalen = (struct ctl_lba_len_flags *)
9235	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9236	lbalen->lba = lba;
9237	lbalen->len = num_blocks;
9238	if (bytchk) {
9239		lbalen->flags = CTL_LLF_COMPARE | flags;
9240		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9241	} else {
9242		lbalen->flags = CTL_LLF_VERIFY | flags;
9243		ctsio->kern_total_len = 0;
9244	}
9245	ctsio->kern_rel_offset = 0;
9246
9247	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9248	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9249	return (retval);
9250}
9251
9252int
9253ctl_report_luns(struct ctl_scsiio *ctsio)
9254{
9255	struct scsi_report_luns *cdb;
9256	struct scsi_report_luns_data *lun_data;
9257	struct ctl_lun *lun, *request_lun;
9258	int num_luns, retval;
9259	uint32_t alloc_len, lun_datalen;
9260	int num_filled, well_known;
9261	uint32_t initidx, targ_lun_id, lun_id;
9262
9263	retval = CTL_RETVAL_COMPLETE;
9264	well_known = 0;
9265
9266	cdb = (struct scsi_report_luns *)ctsio->cdb;
9267
9268	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9269
9270	mtx_lock(&control_softc->ctl_lock);
9271	num_luns = control_softc->num_luns;
9272	mtx_unlock(&control_softc->ctl_lock);
9273
9274	switch (cdb->select_report) {
9275	case RPL_REPORT_DEFAULT:
9276	case RPL_REPORT_ALL:
9277		break;
9278	case RPL_REPORT_WELLKNOWN:
9279		well_known = 1;
9280		num_luns = 0;
9281		break;
9282	default:
9283		ctl_set_invalid_field(ctsio,
9284				      /*sks_valid*/ 1,
9285				      /*command*/ 1,
9286				      /*field*/ 2,
9287				      /*bit_valid*/ 0,
9288				      /*bit*/ 0);
9289		ctl_done((union ctl_io *)ctsio);
9290		return (retval);
9291		break; /* NOTREACHED */
9292	}
9293
9294	alloc_len = scsi_4btoul(cdb->length);
9295	/*
9296	 * The initiator has to allocate at least 16 bytes for this request,
9297	 * so he can at least get the header and the first LUN.  Otherwise
9298	 * we reject the request (per SPC-3 rev 14, section 6.21).
9299	 */
9300	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9301	    sizeof(struct scsi_report_luns_lundata))) {
9302		ctl_set_invalid_field(ctsio,
9303				      /*sks_valid*/ 1,
9304				      /*command*/ 1,
9305				      /*field*/ 6,
9306				      /*bit_valid*/ 0,
9307				      /*bit*/ 0);
9308		ctl_done((union ctl_io *)ctsio);
9309		return (retval);
9310	}
9311
9312	request_lun = (struct ctl_lun *)
9313		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9314
9315	lun_datalen = sizeof(*lun_data) +
9316		(num_luns * sizeof(struct scsi_report_luns_lundata));
9317
9318	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9319	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9320	ctsio->kern_sg_entries = 0;
9321
9322	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9323
9324	mtx_lock(&control_softc->ctl_lock);
9325	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9326		lun_id = ctl_map_lun(ctsio->io_hdr.nexus.targ_port, targ_lun_id);
9327		if (lun_id >= CTL_MAX_LUNS)
9328			continue;
9329		lun = control_softc->ctl_luns[lun_id];
9330		if (lun == NULL)
9331			continue;
9332
9333		if (targ_lun_id <= 0xff) {
9334			/*
9335			 * Peripheral addressing method, bus number 0.
9336			 */
9337			lun_data->luns[num_filled].lundata[0] =
9338				RPL_LUNDATA_ATYP_PERIPH;
9339			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9340			num_filled++;
9341		} else if (targ_lun_id <= 0x3fff) {
9342			/*
9343			 * Flat addressing method.
9344			 */
9345			lun_data->luns[num_filled].lundata[0] =
9346				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9347			lun_data->luns[num_filled].lundata[1] =
9348				(targ_lun_id & 0xff);
9349			num_filled++;
9350		} else if (targ_lun_id <= 0xffffff) {
9351			/*
9352			 * Extended flat addressing method.
9353			 */
9354			lun_data->luns[num_filled].lundata[0] =
9355			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9356			scsi_ulto3b(targ_lun_id,
9357			    &lun_data->luns[num_filled].lundata[1]);
9358			num_filled++;
9359		} else {
9360			printf("ctl_report_luns: bogus LUN number %jd, "
9361			       "skipping\n", (intmax_t)targ_lun_id);
9362		}
9363		/*
9364		 * According to SPC-3, rev 14 section 6.21:
9365		 *
9366		 * "The execution of a REPORT LUNS command to any valid and
9367		 * installed logical unit shall clear the REPORTED LUNS DATA
9368		 * HAS CHANGED unit attention condition for all logical
9369		 * units of that target with respect to the requesting
9370		 * initiator. A valid and installed logical unit is one
9371		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9372		 * INQUIRY data (see 6.4.2)."
9373		 *
9374		 * If request_lun is NULL, the LUN this report luns command
9375		 * was issued to is either disabled or doesn't exist. In that
9376		 * case, we shouldn't clear any pending lun change unit
9377		 * attention.
9378		 */
9379		if (request_lun != NULL) {
9380			mtx_lock(&lun->lun_lock);
9381			lun->pending_ua[initidx] &= ~CTL_UA_LUN_CHANGE;
9382			mtx_unlock(&lun->lun_lock);
9383		}
9384	}
9385	mtx_unlock(&control_softc->ctl_lock);
9386
9387	/*
9388	 * It's quite possible that we've returned fewer LUNs than we allocated
9389	 * space for.  Trim it.
9390	 */
9391	lun_datalen = sizeof(*lun_data) +
9392		(num_filled * sizeof(struct scsi_report_luns_lundata));
9393
9394	if (lun_datalen < alloc_len) {
9395		ctsio->residual = alloc_len - lun_datalen;
9396		ctsio->kern_data_len = lun_datalen;
9397		ctsio->kern_total_len = lun_datalen;
9398	} else {
9399		ctsio->residual = 0;
9400		ctsio->kern_data_len = alloc_len;
9401		ctsio->kern_total_len = alloc_len;
9402	}
9403	ctsio->kern_data_resid = 0;
9404	ctsio->kern_rel_offset = 0;
9405	ctsio->kern_sg_entries = 0;
9406
9407	/*
9408	 * We set this to the actual data length, regardless of how much
9409	 * space we actually have to return results.  If the user looks at
9410	 * this value, he'll know whether or not he allocated enough space
9411	 * and reissue the command if necessary.  We don't support well
9412	 * known logical units, so if the user asks for that, return none.
9413	 */
9414	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9415
9416	/*
9417	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9418	 * this request.
9419	 */
9420	ctsio->scsi_status = SCSI_STATUS_OK;
9421
9422	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9423	ctsio->be_move_done = ctl_config_move_done;
9424	ctl_datamove((union ctl_io *)ctsio);
9425
9426	return (retval);
9427}
9428
9429int
9430ctl_request_sense(struct ctl_scsiio *ctsio)
9431{
9432	struct scsi_request_sense *cdb;
9433	struct scsi_sense_data *sense_ptr;
9434	struct ctl_lun *lun;
9435	uint32_t initidx;
9436	int have_error;
9437	scsi_sense_data_type sense_format;
9438
9439	cdb = (struct scsi_request_sense *)ctsio->cdb;
9440
9441	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9442
9443	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9444
9445	/*
9446	 * Determine which sense format the user wants.
9447	 */
9448	if (cdb->byte2 & SRS_DESC)
9449		sense_format = SSD_TYPE_DESC;
9450	else
9451		sense_format = SSD_TYPE_FIXED;
9452
9453	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9454	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9455	ctsio->kern_sg_entries = 0;
9456
9457	/*
9458	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9459	 * larger than the largest allowed value for the length field in the
9460	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9461	 */
9462	ctsio->residual = 0;
9463	ctsio->kern_data_len = cdb->length;
9464	ctsio->kern_total_len = cdb->length;
9465
9466	ctsio->kern_data_resid = 0;
9467	ctsio->kern_rel_offset = 0;
9468	ctsio->kern_sg_entries = 0;
9469
9470	/*
9471	 * If we don't have a LUN, we don't have any pending sense.
9472	 */
9473	if (lun == NULL)
9474		goto no_sense;
9475
9476	have_error = 0;
9477	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9478	/*
9479	 * Check for pending sense, and then for pending unit attentions.
9480	 * Pending sense gets returned first, then pending unit attentions.
9481	 */
9482	mtx_lock(&lun->lun_lock);
9483#ifdef CTL_WITH_CA
9484	if (ctl_is_set(lun->have_ca, initidx)) {
9485		scsi_sense_data_type stored_format;
9486
9487		/*
9488		 * Check to see which sense format was used for the stored
9489		 * sense data.
9490		 */
9491		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9492
9493		/*
9494		 * If the user requested a different sense format than the
9495		 * one we stored, then we need to convert it to the other
9496		 * format.  If we're going from descriptor to fixed format
9497		 * sense data, we may lose things in translation, depending
9498		 * on what options were used.
9499		 *
9500		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9501		 * for some reason we'll just copy it out as-is.
9502		 */
9503		if ((stored_format == SSD_TYPE_FIXED)
9504		 && (sense_format == SSD_TYPE_DESC))
9505			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9506			    &lun->pending_sense[initidx],
9507			    (struct scsi_sense_data_desc *)sense_ptr);
9508		else if ((stored_format == SSD_TYPE_DESC)
9509		      && (sense_format == SSD_TYPE_FIXED))
9510			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9511			    &lun->pending_sense[initidx],
9512			    (struct scsi_sense_data_fixed *)sense_ptr);
9513		else
9514			memcpy(sense_ptr, &lun->pending_sense[initidx],
9515			       ctl_min(sizeof(*sense_ptr),
9516			       sizeof(lun->pending_sense[initidx])));
9517
9518		ctl_clear_mask(lun->have_ca, initidx);
9519		have_error = 1;
9520	} else
9521#endif
9522	if (lun->pending_ua[initidx] != CTL_UA_NONE) {
9523		ctl_ua_type ua_type;
9524
9525		ua_type = ctl_build_ua(&lun->pending_ua[initidx],
9526				       sense_ptr, sense_format);
9527		if (ua_type != CTL_UA_NONE)
9528			have_error = 1;
9529	}
9530	mtx_unlock(&lun->lun_lock);
9531
9532	/*
9533	 * We already have a pending error, return it.
9534	 */
9535	if (have_error != 0) {
9536		/*
9537		 * We report the SCSI status as OK, since the status of the
9538		 * request sense command itself is OK.
9539		 */
9540		ctsio->scsi_status = SCSI_STATUS_OK;
9541
9542		/*
9543		 * We report 0 for the sense length, because we aren't doing
9544		 * autosense in this case.  We're reporting sense as
9545		 * parameter data.
9546		 */
9547		ctsio->sense_len = 0;
9548		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9549		ctsio->be_move_done = ctl_config_move_done;
9550		ctl_datamove((union ctl_io *)ctsio);
9551
9552		return (CTL_RETVAL_COMPLETE);
9553	}
9554
9555no_sense:
9556
9557	/*
9558	 * No sense information to report, so we report that everything is
9559	 * okay.
9560	 */
9561	ctl_set_sense_data(sense_ptr,
9562			   lun,
9563			   sense_format,
9564			   /*current_error*/ 1,
9565			   /*sense_key*/ SSD_KEY_NO_SENSE,
9566			   /*asc*/ 0x00,
9567			   /*ascq*/ 0x00,
9568			   SSD_ELEM_NONE);
9569
9570	ctsio->scsi_status = SCSI_STATUS_OK;
9571
9572	/*
9573	 * We report 0 for the sense length, because we aren't doing
9574	 * autosense in this case.  We're reporting sense as parameter data.
9575	 */
9576	ctsio->sense_len = 0;
9577	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9578	ctsio->be_move_done = ctl_config_move_done;
9579	ctl_datamove((union ctl_io *)ctsio);
9580
9581	return (CTL_RETVAL_COMPLETE);
9582}
9583
9584int
9585ctl_tur(struct ctl_scsiio *ctsio)
9586{
9587	struct ctl_lun *lun;
9588
9589	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9590
9591	CTL_DEBUG_PRINT(("ctl_tur\n"));
9592
9593	if (lun == NULL)
9594		return (EINVAL);
9595
9596	ctsio->scsi_status = SCSI_STATUS_OK;
9597	ctsio->io_hdr.status = CTL_SUCCESS;
9598
9599	ctl_done((union ctl_io *)ctsio);
9600
9601	return (CTL_RETVAL_COMPLETE);
9602}
9603
9604#ifdef notyet
9605static int
9606ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9607{
9608
9609}
9610#endif
9611
9612static int
9613ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9614{
9615	struct scsi_vpd_supported_pages *pages;
9616	int sup_page_size;
9617	struct ctl_lun *lun;
9618
9619	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9620
9621	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9622	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9623	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9624	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9625	ctsio->kern_sg_entries = 0;
9626
9627	if (sup_page_size < alloc_len) {
9628		ctsio->residual = alloc_len - sup_page_size;
9629		ctsio->kern_data_len = sup_page_size;
9630		ctsio->kern_total_len = sup_page_size;
9631	} else {
9632		ctsio->residual = 0;
9633		ctsio->kern_data_len = alloc_len;
9634		ctsio->kern_total_len = alloc_len;
9635	}
9636	ctsio->kern_data_resid = 0;
9637	ctsio->kern_rel_offset = 0;
9638	ctsio->kern_sg_entries = 0;
9639
9640	/*
9641	 * The control device is always connected.  The disk device, on the
9642	 * other hand, may not be online all the time.  Need to change this
9643	 * to figure out whether the disk device is actually online or not.
9644	 */
9645	if (lun != NULL)
9646		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9647				lun->be_lun->lun_type;
9648	else
9649		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9650
9651	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
9652	/* Supported VPD pages */
9653	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
9654	/* Serial Number */
9655	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
9656	/* Device Identification */
9657	pages->page_list[2] = SVPD_DEVICE_ID;
9658	/* Extended INQUIRY Data */
9659	pages->page_list[3] = SVPD_EXTENDED_INQUIRY_DATA;
9660	/* Mode Page Policy */
9661	pages->page_list[4] = SVPD_MODE_PAGE_POLICY;
9662	/* SCSI Ports */
9663	pages->page_list[5] = SVPD_SCSI_PORTS;
9664	/* Third-party Copy */
9665	pages->page_list[6] = SVPD_SCSI_TPC;
9666	/* Block limits */
9667	pages->page_list[7] = SVPD_BLOCK_LIMITS;
9668	/* Block Device Characteristics */
9669	pages->page_list[8] = SVPD_BDC;
9670	/* Logical Block Provisioning */
9671	pages->page_list[9] = SVPD_LBP;
9672
9673	ctsio->scsi_status = SCSI_STATUS_OK;
9674
9675	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9676	ctsio->be_move_done = ctl_config_move_done;
9677	ctl_datamove((union ctl_io *)ctsio);
9678
9679	return (CTL_RETVAL_COMPLETE);
9680}
9681
9682static int
9683ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9684{
9685	struct scsi_vpd_unit_serial_number *sn_ptr;
9686	struct ctl_lun *lun;
9687	int data_len;
9688
9689	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9690
9691	data_len = 4 + CTL_SN_LEN;
9692	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9693	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9694	if (data_len < alloc_len) {
9695		ctsio->residual = alloc_len - data_len;
9696		ctsio->kern_data_len = data_len;
9697		ctsio->kern_total_len = data_len;
9698	} else {
9699		ctsio->residual = 0;
9700		ctsio->kern_data_len = alloc_len;
9701		ctsio->kern_total_len = alloc_len;
9702	}
9703	ctsio->kern_data_resid = 0;
9704	ctsio->kern_rel_offset = 0;
9705	ctsio->kern_sg_entries = 0;
9706
9707	/*
9708	 * The control device is always connected.  The disk device, on the
9709	 * other hand, may not be online all the time.  Need to change this
9710	 * to figure out whether the disk device is actually online or not.
9711	 */
9712	if (lun != NULL)
9713		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9714				  lun->be_lun->lun_type;
9715	else
9716		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9717
9718	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9719	sn_ptr->length = CTL_SN_LEN;
9720	/*
9721	 * If we don't have a LUN, we just leave the serial number as
9722	 * all spaces.
9723	 */
9724	if (lun != NULL) {
9725		strncpy((char *)sn_ptr->serial_num,
9726			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9727	} else
9728		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9729	ctsio->scsi_status = SCSI_STATUS_OK;
9730
9731	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9732	ctsio->be_move_done = ctl_config_move_done;
9733	ctl_datamove((union ctl_io *)ctsio);
9734
9735	return (CTL_RETVAL_COMPLETE);
9736}
9737
9738
9739static int
9740ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9741{
9742	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9743	struct ctl_lun *lun;
9744	int data_len;
9745
9746	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9747
9748	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9749	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9750	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9751	ctsio->kern_sg_entries = 0;
9752
9753	if (data_len < alloc_len) {
9754		ctsio->residual = alloc_len - data_len;
9755		ctsio->kern_data_len = data_len;
9756		ctsio->kern_total_len = data_len;
9757	} else {
9758		ctsio->residual = 0;
9759		ctsio->kern_data_len = alloc_len;
9760		ctsio->kern_total_len = alloc_len;
9761	}
9762	ctsio->kern_data_resid = 0;
9763	ctsio->kern_rel_offset = 0;
9764	ctsio->kern_sg_entries = 0;
9765
9766	/*
9767	 * The control device is always connected.  The disk device, on the
9768	 * other hand, may not be online all the time.
9769	 */
9770	if (lun != NULL)
9771		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9772				     lun->be_lun->lun_type;
9773	else
9774		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9775	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9776	eid_ptr->page_length = data_len - 4;
9777	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9778	eid_ptr->flags3 = SVPD_EID_V_SUP;
9779
9780	ctsio->scsi_status = SCSI_STATUS_OK;
9781	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9782	ctsio->be_move_done = ctl_config_move_done;
9783	ctl_datamove((union ctl_io *)ctsio);
9784
9785	return (CTL_RETVAL_COMPLETE);
9786}
9787
9788static int
9789ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9790{
9791	struct scsi_vpd_mode_page_policy *mpp_ptr;
9792	struct ctl_lun *lun;
9793	int data_len;
9794
9795	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9796
9797	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9798	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9799
9800	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9801	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9802	ctsio->kern_sg_entries = 0;
9803
9804	if (data_len < alloc_len) {
9805		ctsio->residual = alloc_len - data_len;
9806		ctsio->kern_data_len = data_len;
9807		ctsio->kern_total_len = data_len;
9808	} else {
9809		ctsio->residual = 0;
9810		ctsio->kern_data_len = alloc_len;
9811		ctsio->kern_total_len = alloc_len;
9812	}
9813	ctsio->kern_data_resid = 0;
9814	ctsio->kern_rel_offset = 0;
9815	ctsio->kern_sg_entries = 0;
9816
9817	/*
9818	 * The control device is always connected.  The disk device, on the
9819	 * other hand, may not be online all the time.
9820	 */
9821	if (lun != NULL)
9822		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9823				     lun->be_lun->lun_type;
9824	else
9825		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9826	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9827	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9828	mpp_ptr->descr[0].page_code = 0x3f;
9829	mpp_ptr->descr[0].subpage_code = 0xff;
9830	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9831
9832	ctsio->scsi_status = SCSI_STATUS_OK;
9833	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9834	ctsio->be_move_done = ctl_config_move_done;
9835	ctl_datamove((union ctl_io *)ctsio);
9836
9837	return (CTL_RETVAL_COMPLETE);
9838}
9839
9840static int
9841ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9842{
9843	struct scsi_vpd_device_id *devid_ptr;
9844	struct scsi_vpd_id_descriptor *desc;
9845	struct ctl_softc *ctl_softc;
9846	struct ctl_lun *lun;
9847	struct ctl_port *port;
9848	int data_len;
9849	uint8_t proto;
9850
9851	ctl_softc = control_softc;
9852
9853	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9854	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9855
9856	data_len = sizeof(struct scsi_vpd_device_id) +
9857	    sizeof(struct scsi_vpd_id_descriptor) +
9858		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9859	    sizeof(struct scsi_vpd_id_descriptor) +
9860		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9861	if (lun && lun->lun_devid)
9862		data_len += lun->lun_devid->len;
9863	if (port->port_devid)
9864		data_len += port->port_devid->len;
9865	if (port->target_devid)
9866		data_len += port->target_devid->len;
9867
9868	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9869	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9870	ctsio->kern_sg_entries = 0;
9871
9872	if (data_len < alloc_len) {
9873		ctsio->residual = alloc_len - data_len;
9874		ctsio->kern_data_len = data_len;
9875		ctsio->kern_total_len = data_len;
9876	} else {
9877		ctsio->residual = 0;
9878		ctsio->kern_data_len = alloc_len;
9879		ctsio->kern_total_len = alloc_len;
9880	}
9881	ctsio->kern_data_resid = 0;
9882	ctsio->kern_rel_offset = 0;
9883	ctsio->kern_sg_entries = 0;
9884
9885	/*
9886	 * The control device is always connected.  The disk device, on the
9887	 * other hand, may not be online all the time.
9888	 */
9889	if (lun != NULL)
9890		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9891				     lun->be_lun->lun_type;
9892	else
9893		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9894	devid_ptr->page_code = SVPD_DEVICE_ID;
9895	scsi_ulto2b(data_len - 4, devid_ptr->length);
9896
9897	if (port->port_type == CTL_PORT_FC)
9898		proto = SCSI_PROTO_FC << 4;
9899	else if (port->port_type == CTL_PORT_ISCSI)
9900		proto = SCSI_PROTO_ISCSI << 4;
9901	else
9902		proto = SCSI_PROTO_SPI << 4;
9903	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9904
9905	/*
9906	 * We're using a LUN association here.  i.e., this device ID is a
9907	 * per-LUN identifier.
9908	 */
9909	if (lun && lun->lun_devid) {
9910		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9911		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9912		    lun->lun_devid->len);
9913	}
9914
9915	/*
9916	 * This is for the WWPN which is a port association.
9917	 */
9918	if (port->port_devid) {
9919		memcpy(desc, port->port_devid->data, port->port_devid->len);
9920		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9921		    port->port_devid->len);
9922	}
9923
9924	/*
9925	 * This is for the Relative Target Port(type 4h) identifier
9926	 */
9927	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9928	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9929	    SVPD_ID_TYPE_RELTARG;
9930	desc->length = 4;
9931	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9932	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9933	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9934
9935	/*
9936	 * This is for the Target Port Group(type 5h) identifier
9937	 */
9938	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9939	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9940	    SVPD_ID_TYPE_TPORTGRP;
9941	desc->length = 4;
9942	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
9943	    &desc->identifier[2]);
9944	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9945	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9946
9947	/*
9948	 * This is for the Target identifier
9949	 */
9950	if (port->target_devid) {
9951		memcpy(desc, port->target_devid->data, port->target_devid->len);
9952	}
9953
9954	ctsio->scsi_status = SCSI_STATUS_OK;
9955	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9956	ctsio->be_move_done = ctl_config_move_done;
9957	ctl_datamove((union ctl_io *)ctsio);
9958
9959	return (CTL_RETVAL_COMPLETE);
9960}
9961
9962static int
9963ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9964{
9965	struct ctl_softc *softc = control_softc;
9966	struct scsi_vpd_scsi_ports *sp;
9967	struct scsi_vpd_port_designation *pd;
9968	struct scsi_vpd_port_designation_cont *pdc;
9969	struct ctl_lun *lun;
9970	struct ctl_port *port;
9971	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
9972	int num_target_port_groups, single;
9973
9974	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9975
9976	single = ctl_is_single;
9977	if (single)
9978		num_target_port_groups = 1;
9979	else
9980		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
9981	num_target_ports = 0;
9982	iid_len = 0;
9983	id_len = 0;
9984	mtx_lock(&softc->ctl_lock);
9985	STAILQ_FOREACH(port, &softc->port_list, links) {
9986		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9987			continue;
9988		if (lun != NULL &&
9989		    ctl_map_lun_back(port->targ_port, lun->lun) >=
9990		    CTL_MAX_LUNS)
9991			continue;
9992		num_target_ports++;
9993		if (port->init_devid)
9994			iid_len += port->init_devid->len;
9995		if (port->port_devid)
9996			id_len += port->port_devid->len;
9997	}
9998	mtx_unlock(&softc->ctl_lock);
9999
10000	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
10001	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10002	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10003	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10004	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10005	ctsio->kern_sg_entries = 0;
10006
10007	if (data_len < alloc_len) {
10008		ctsio->residual = alloc_len - data_len;
10009		ctsio->kern_data_len = data_len;
10010		ctsio->kern_total_len = data_len;
10011	} else {
10012		ctsio->residual = 0;
10013		ctsio->kern_data_len = alloc_len;
10014		ctsio->kern_total_len = alloc_len;
10015	}
10016	ctsio->kern_data_resid = 0;
10017	ctsio->kern_rel_offset = 0;
10018	ctsio->kern_sg_entries = 0;
10019
10020	/*
10021	 * The control device is always connected.  The disk device, on the
10022	 * other hand, may not be online all the time.  Need to change this
10023	 * to figure out whether the disk device is actually online or not.
10024	 */
10025	if (lun != NULL)
10026		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10027				  lun->be_lun->lun_type;
10028	else
10029		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10030
10031	sp->page_code = SVPD_SCSI_PORTS;
10032	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10033	    sp->page_length);
10034	pd = &sp->design[0];
10035
10036	mtx_lock(&softc->ctl_lock);
10037	if (softc->flags & CTL_FLAG_MASTER_SHELF)
10038		pg = 0;
10039	else
10040		pg = 1;
10041	for (g = 0; g < num_target_port_groups; g++) {
10042		STAILQ_FOREACH(port, &softc->port_list, links) {
10043			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10044				continue;
10045			if (lun != NULL &&
10046			    ctl_map_lun_back(port->targ_port, lun->lun) >=
10047			    CTL_MAX_LUNS)
10048				continue;
10049			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
10050			scsi_ulto2b(p, pd->relative_port_id);
10051			if (port->init_devid && g == pg) {
10052				iid_len = port->init_devid->len;
10053				memcpy(pd->initiator_transportid,
10054				    port->init_devid->data, port->init_devid->len);
10055			} else
10056				iid_len = 0;
10057			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10058			pdc = (struct scsi_vpd_port_designation_cont *)
10059			    (&pd->initiator_transportid[iid_len]);
10060			if (port->port_devid && g == pg) {
10061				id_len = port->port_devid->len;
10062				memcpy(pdc->target_port_descriptors,
10063				    port->port_devid->data, port->port_devid->len);
10064			} else
10065				id_len = 0;
10066			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10067			pd = (struct scsi_vpd_port_designation *)
10068			    ((uint8_t *)pdc->target_port_descriptors + id_len);
10069		}
10070	}
10071	mtx_unlock(&softc->ctl_lock);
10072
10073	ctsio->scsi_status = SCSI_STATUS_OK;
10074	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10075	ctsio->be_move_done = ctl_config_move_done;
10076	ctl_datamove((union ctl_io *)ctsio);
10077
10078	return (CTL_RETVAL_COMPLETE);
10079}
10080
10081static int
10082ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10083{
10084	struct scsi_vpd_block_limits *bl_ptr;
10085	struct ctl_lun *lun;
10086	int bs;
10087
10088	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10089
10090	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10091	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10092	ctsio->kern_sg_entries = 0;
10093
10094	if (sizeof(*bl_ptr) < alloc_len) {
10095		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10096		ctsio->kern_data_len = sizeof(*bl_ptr);
10097		ctsio->kern_total_len = sizeof(*bl_ptr);
10098	} else {
10099		ctsio->residual = 0;
10100		ctsio->kern_data_len = alloc_len;
10101		ctsio->kern_total_len = alloc_len;
10102	}
10103	ctsio->kern_data_resid = 0;
10104	ctsio->kern_rel_offset = 0;
10105	ctsio->kern_sg_entries = 0;
10106
10107	/*
10108	 * The control device is always connected.  The disk device, on the
10109	 * other hand, may not be online all the time.  Need to change this
10110	 * to figure out whether the disk device is actually online or not.
10111	 */
10112	if (lun != NULL)
10113		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10114				  lun->be_lun->lun_type;
10115	else
10116		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10117
10118	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10119	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10120	bl_ptr->max_cmp_write_len = 0xff;
10121	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10122	if (lun != NULL) {
10123		bs = lun->be_lun->blocksize;
10124		scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
10125		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10126			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10127			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10128			if (lun->be_lun->pblockexp != 0) {
10129				scsi_ulto4b((1 << lun->be_lun->pblockexp),
10130				    bl_ptr->opt_unmap_grain);
10131				scsi_ulto4b(0x80000000 | lun->be_lun->pblockoff,
10132				    bl_ptr->unmap_grain_align);
10133			}
10134		}
10135		scsi_ulto4b(lun->be_lun->atomicblock,
10136		    bl_ptr->max_atomic_transfer_length);
10137		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10138		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10139	}
10140	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10141
10142	ctsio->scsi_status = SCSI_STATUS_OK;
10143	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10144	ctsio->be_move_done = ctl_config_move_done;
10145	ctl_datamove((union ctl_io *)ctsio);
10146
10147	return (CTL_RETVAL_COMPLETE);
10148}
10149
10150static int
10151ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10152{
10153	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10154	struct ctl_lun *lun;
10155	const char *value;
10156	u_int i;
10157
10158	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10159
10160	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10161	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10162	ctsio->kern_sg_entries = 0;
10163
10164	if (sizeof(*bdc_ptr) < alloc_len) {
10165		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10166		ctsio->kern_data_len = sizeof(*bdc_ptr);
10167		ctsio->kern_total_len = sizeof(*bdc_ptr);
10168	} else {
10169		ctsio->residual = 0;
10170		ctsio->kern_data_len = alloc_len;
10171		ctsio->kern_total_len = alloc_len;
10172	}
10173	ctsio->kern_data_resid = 0;
10174	ctsio->kern_rel_offset = 0;
10175	ctsio->kern_sg_entries = 0;
10176
10177	/*
10178	 * The control device is always connected.  The disk device, on the
10179	 * other hand, may not be online all the time.  Need to change this
10180	 * to figure out whether the disk device is actually online or not.
10181	 */
10182	if (lun != NULL)
10183		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10184				  lun->be_lun->lun_type;
10185	else
10186		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10187	bdc_ptr->page_code = SVPD_BDC;
10188	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10189	if (lun != NULL &&
10190	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10191		i = strtol(value, NULL, 0);
10192	else
10193		i = CTL_DEFAULT_ROTATION_RATE;
10194	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10195	if (lun != NULL &&
10196	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10197		i = strtol(value, NULL, 0);
10198	else
10199		i = 0;
10200	bdc_ptr->wab_wac_ff = (i & 0x0f);
10201	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10202
10203	ctsio->scsi_status = SCSI_STATUS_OK;
10204	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10205	ctsio->be_move_done = ctl_config_move_done;
10206	ctl_datamove((union ctl_io *)ctsio);
10207
10208	return (CTL_RETVAL_COMPLETE);
10209}
10210
10211static int
10212ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10213{
10214	struct scsi_vpd_logical_block_prov *lbp_ptr;
10215	struct ctl_lun *lun;
10216
10217	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10218
10219	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10220	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10221	ctsio->kern_sg_entries = 0;
10222
10223	if (sizeof(*lbp_ptr) < alloc_len) {
10224		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10225		ctsio->kern_data_len = sizeof(*lbp_ptr);
10226		ctsio->kern_total_len = sizeof(*lbp_ptr);
10227	} else {
10228		ctsio->residual = 0;
10229		ctsio->kern_data_len = alloc_len;
10230		ctsio->kern_total_len = alloc_len;
10231	}
10232	ctsio->kern_data_resid = 0;
10233	ctsio->kern_rel_offset = 0;
10234	ctsio->kern_sg_entries = 0;
10235
10236	/*
10237	 * The control device is always connected.  The disk device, on the
10238	 * other hand, may not be online all the time.  Need to change this
10239	 * to figure out whether the disk device is actually online or not.
10240	 */
10241	if (lun != NULL)
10242		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10243				  lun->be_lun->lun_type;
10244	else
10245		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10246
10247	lbp_ptr->page_code = SVPD_LBP;
10248	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10249	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10250		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10251		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10252		lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
10253	}
10254
10255	ctsio->scsi_status = SCSI_STATUS_OK;
10256	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10257	ctsio->be_move_done = ctl_config_move_done;
10258	ctl_datamove((union ctl_io *)ctsio);
10259
10260	return (CTL_RETVAL_COMPLETE);
10261}
10262
10263static int
10264ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10265{
10266	struct scsi_inquiry *cdb;
10267	struct ctl_lun *lun;
10268	int alloc_len, retval;
10269
10270	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10271	cdb = (struct scsi_inquiry *)ctsio->cdb;
10272
10273	retval = CTL_RETVAL_COMPLETE;
10274
10275	alloc_len = scsi_2btoul(cdb->length);
10276
10277	switch (cdb->page_code) {
10278	case SVPD_SUPPORTED_PAGES:
10279		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10280		break;
10281	case SVPD_UNIT_SERIAL_NUMBER:
10282		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10283		break;
10284	case SVPD_DEVICE_ID:
10285		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10286		break;
10287	case SVPD_EXTENDED_INQUIRY_DATA:
10288		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10289		break;
10290	case SVPD_MODE_PAGE_POLICY:
10291		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10292		break;
10293	case SVPD_SCSI_PORTS:
10294		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10295		break;
10296	case SVPD_SCSI_TPC:
10297		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10298		break;
10299	case SVPD_BLOCK_LIMITS:
10300		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10301		break;
10302	case SVPD_BDC:
10303		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10304		break;
10305	case SVPD_LBP:
10306		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10307		break;
10308	default:
10309		ctl_set_invalid_field(ctsio,
10310				      /*sks_valid*/ 1,
10311				      /*command*/ 1,
10312				      /*field*/ 2,
10313				      /*bit_valid*/ 0,
10314				      /*bit*/ 0);
10315		ctl_done((union ctl_io *)ctsio);
10316		retval = CTL_RETVAL_COMPLETE;
10317		break;
10318	}
10319
10320	return (retval);
10321}
10322
10323static int
10324ctl_inquiry_std(struct ctl_scsiio *ctsio)
10325{
10326	struct scsi_inquiry_data *inq_ptr;
10327	struct scsi_inquiry *cdb;
10328	struct ctl_softc *ctl_softc;
10329	struct ctl_lun *lun;
10330	char *val;
10331	uint32_t alloc_len, data_len;
10332	ctl_port_type port_type;
10333
10334	ctl_softc = control_softc;
10335
10336	/*
10337	 * Figure out whether we're talking to a Fibre Channel port or not.
10338	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10339	 * SCSI front ends.
10340	 */
10341	port_type = ctl_softc->ctl_ports[
10342	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
10343	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10344		port_type = CTL_PORT_SCSI;
10345
10346	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10347	cdb = (struct scsi_inquiry *)ctsio->cdb;
10348	alloc_len = scsi_2btoul(cdb->length);
10349
10350	/*
10351	 * We malloc the full inquiry data size here and fill it
10352	 * in.  If the user only asks for less, we'll give him
10353	 * that much.
10354	 */
10355	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10356	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10357	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10358	ctsio->kern_sg_entries = 0;
10359	ctsio->kern_data_resid = 0;
10360	ctsio->kern_rel_offset = 0;
10361
10362	if (data_len < alloc_len) {
10363		ctsio->residual = alloc_len - data_len;
10364		ctsio->kern_data_len = data_len;
10365		ctsio->kern_total_len = data_len;
10366	} else {
10367		ctsio->residual = 0;
10368		ctsio->kern_data_len = alloc_len;
10369		ctsio->kern_total_len = alloc_len;
10370	}
10371
10372	/*
10373	 * If we have a LUN configured, report it as connected.  Otherwise,
10374	 * report that it is offline or no device is supported, depending
10375	 * on the value of inquiry_pq_no_lun.
10376	 *
10377	 * According to the spec (SPC-4 r34), the peripheral qualifier
10378	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10379	 *
10380	 * "A peripheral device having the specified peripheral device type
10381	 * is not connected to this logical unit. However, the device
10382	 * server is capable of supporting the specified peripheral device
10383	 * type on this logical unit."
10384	 *
10385	 * According to the same spec, the peripheral qualifier
10386	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10387	 *
10388	 * "The device server is not capable of supporting a peripheral
10389	 * device on this logical unit. For this peripheral qualifier the
10390	 * peripheral device type shall be set to 1Fh. All other peripheral
10391	 * device type values are reserved for this peripheral qualifier."
10392	 *
10393	 * Given the text, it would seem that we probably want to report that
10394	 * the LUN is offline here.  There is no LUN connected, but we can
10395	 * support a LUN at the given LUN number.
10396	 *
10397	 * In the real world, though, it sounds like things are a little
10398	 * different:
10399	 *
10400	 * - Linux, when presented with a LUN with the offline peripheral
10401	 *   qualifier, will create an sg driver instance for it.  So when
10402	 *   you attach it to CTL, you wind up with a ton of sg driver
10403	 *   instances.  (One for every LUN that Linux bothered to probe.)
10404	 *   Linux does this despite the fact that it issues a REPORT LUNs
10405	 *   to LUN 0 to get the inventory of supported LUNs.
10406	 *
10407	 * - There is other anecdotal evidence (from Emulex folks) about
10408	 *   arrays that use the offline peripheral qualifier for LUNs that
10409	 *   are on the "passive" path in an active/passive array.
10410	 *
10411	 * So the solution is provide a hopefully reasonable default
10412	 * (return bad/no LUN) and allow the user to change the behavior
10413	 * with a tunable/sysctl variable.
10414	 */
10415	if (lun != NULL)
10416		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10417				  lun->be_lun->lun_type;
10418	else if (ctl_softc->inquiry_pq_no_lun == 0)
10419		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10420	else
10421		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10422
10423	/* RMB in byte 2 is 0 */
10424	inq_ptr->version = SCSI_REV_SPC4;
10425
10426	/*
10427	 * According to SAM-3, even if a device only supports a single
10428	 * level of LUN addressing, it should still set the HISUP bit:
10429	 *
10430	 * 4.9.1 Logical unit numbers overview
10431	 *
10432	 * All logical unit number formats described in this standard are
10433	 * hierarchical in structure even when only a single level in that
10434	 * hierarchy is used. The HISUP bit shall be set to one in the
10435	 * standard INQUIRY data (see SPC-2) when any logical unit number
10436	 * format described in this standard is used.  Non-hierarchical
10437	 * formats are outside the scope of this standard.
10438	 *
10439	 * Therefore we set the HiSup bit here.
10440	 *
10441	 * The reponse format is 2, per SPC-3.
10442	 */
10443	inq_ptr->response_format = SID_HiSup | 2;
10444
10445	inq_ptr->additional_length = data_len -
10446	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10447	CTL_DEBUG_PRINT(("additional_length = %d\n",
10448			 inq_ptr->additional_length));
10449
10450	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10451	/* 16 bit addressing */
10452	if (port_type == CTL_PORT_SCSI)
10453		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10454	/* XXX set the SID_MultiP bit here if we're actually going to
10455	   respond on multiple ports */
10456	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10457
10458	/* 16 bit data bus, synchronous transfers */
10459	if (port_type == CTL_PORT_SCSI)
10460		inq_ptr->flags = SID_WBus16 | SID_Sync;
10461	/*
10462	 * XXX KDM do we want to support tagged queueing on the control
10463	 * device at all?
10464	 */
10465	if ((lun == NULL)
10466	 || (lun->be_lun->lun_type != T_PROCESSOR))
10467		inq_ptr->flags |= SID_CmdQue;
10468	/*
10469	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10470	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10471	 * name and 4 bytes for the revision.
10472	 */
10473	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10474	    "vendor")) == NULL) {
10475		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10476	} else {
10477		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10478		strncpy(inq_ptr->vendor, val,
10479		    min(sizeof(inq_ptr->vendor), strlen(val)));
10480	}
10481	if (lun == NULL) {
10482		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10483		    sizeof(inq_ptr->product));
10484	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10485		switch (lun->be_lun->lun_type) {
10486		case T_DIRECT:
10487			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10488			    sizeof(inq_ptr->product));
10489			break;
10490		case T_PROCESSOR:
10491			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10492			    sizeof(inq_ptr->product));
10493			break;
10494		default:
10495			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10496			    sizeof(inq_ptr->product));
10497			break;
10498		}
10499	} else {
10500		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10501		strncpy(inq_ptr->product, val,
10502		    min(sizeof(inq_ptr->product), strlen(val)));
10503	}
10504
10505	/*
10506	 * XXX make this a macro somewhere so it automatically gets
10507	 * incremented when we make changes.
10508	 */
10509	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10510	    "revision")) == NULL) {
10511		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10512	} else {
10513		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10514		strncpy(inq_ptr->revision, val,
10515		    min(sizeof(inq_ptr->revision), strlen(val)));
10516	}
10517
10518	/*
10519	 * For parallel SCSI, we support double transition and single
10520	 * transition clocking.  We also support QAS (Quick Arbitration
10521	 * and Selection) and Information Unit transfers on both the
10522	 * control and array devices.
10523	 */
10524	if (port_type == CTL_PORT_SCSI)
10525		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10526				    SID_SPI_IUS;
10527
10528	/* SAM-5 (no version claimed) */
10529	scsi_ulto2b(0x00A0, inq_ptr->version1);
10530	/* SPC-4 (no version claimed) */
10531	scsi_ulto2b(0x0460, inq_ptr->version2);
10532	if (port_type == CTL_PORT_FC) {
10533		/* FCP-2 ANSI INCITS.350:2003 */
10534		scsi_ulto2b(0x0917, inq_ptr->version3);
10535	} else if (port_type == CTL_PORT_SCSI) {
10536		/* SPI-4 ANSI INCITS.362:200x */
10537		scsi_ulto2b(0x0B56, inq_ptr->version3);
10538	} else if (port_type == CTL_PORT_ISCSI) {
10539		/* iSCSI (no version claimed) */
10540		scsi_ulto2b(0x0960, inq_ptr->version3);
10541	} else if (port_type == CTL_PORT_SAS) {
10542		/* SAS (no version claimed) */
10543		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10544	}
10545
10546	if (lun == NULL) {
10547		/* SBC-4 (no version claimed) */
10548		scsi_ulto2b(0x0600, inq_ptr->version4);
10549	} else {
10550		switch (lun->be_lun->lun_type) {
10551		case T_DIRECT:
10552			/* SBC-4 (no version claimed) */
10553			scsi_ulto2b(0x0600, inq_ptr->version4);
10554			break;
10555		case T_PROCESSOR:
10556		default:
10557			break;
10558		}
10559	}
10560
10561	ctsio->scsi_status = SCSI_STATUS_OK;
10562	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10563	ctsio->be_move_done = ctl_config_move_done;
10564	ctl_datamove((union ctl_io *)ctsio);
10565	return (CTL_RETVAL_COMPLETE);
10566}
10567
10568int
10569ctl_inquiry(struct ctl_scsiio *ctsio)
10570{
10571	struct scsi_inquiry *cdb;
10572	int retval;
10573
10574	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10575
10576	cdb = (struct scsi_inquiry *)ctsio->cdb;
10577	if (cdb->byte2 & SI_EVPD)
10578		retval = ctl_inquiry_evpd(ctsio);
10579	else if (cdb->page_code == 0)
10580		retval = ctl_inquiry_std(ctsio);
10581	else {
10582		ctl_set_invalid_field(ctsio,
10583				      /*sks_valid*/ 1,
10584				      /*command*/ 1,
10585				      /*field*/ 2,
10586				      /*bit_valid*/ 0,
10587				      /*bit*/ 0);
10588		ctl_done((union ctl_io *)ctsio);
10589		return (CTL_RETVAL_COMPLETE);
10590	}
10591
10592	return (retval);
10593}
10594
10595/*
10596 * For known CDB types, parse the LBA and length.
10597 */
10598static int
10599ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10600{
10601	if (io->io_hdr.io_type != CTL_IO_SCSI)
10602		return (1);
10603
10604	switch (io->scsiio.cdb[0]) {
10605	case COMPARE_AND_WRITE: {
10606		struct scsi_compare_and_write *cdb;
10607
10608		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10609
10610		*lba = scsi_8btou64(cdb->addr);
10611		*len = cdb->length;
10612		break;
10613	}
10614	case READ_6:
10615	case WRITE_6: {
10616		struct scsi_rw_6 *cdb;
10617
10618		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10619
10620		*lba = scsi_3btoul(cdb->addr);
10621		/* only 5 bits are valid in the most significant address byte */
10622		*lba &= 0x1fffff;
10623		*len = cdb->length;
10624		break;
10625	}
10626	case READ_10:
10627	case WRITE_10: {
10628		struct scsi_rw_10 *cdb;
10629
10630		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10631
10632		*lba = scsi_4btoul(cdb->addr);
10633		*len = scsi_2btoul(cdb->length);
10634		break;
10635	}
10636	case WRITE_VERIFY_10: {
10637		struct scsi_write_verify_10 *cdb;
10638
10639		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10640
10641		*lba = scsi_4btoul(cdb->addr);
10642		*len = scsi_2btoul(cdb->length);
10643		break;
10644	}
10645	case READ_12:
10646	case WRITE_12: {
10647		struct scsi_rw_12 *cdb;
10648
10649		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10650
10651		*lba = scsi_4btoul(cdb->addr);
10652		*len = scsi_4btoul(cdb->length);
10653		break;
10654	}
10655	case WRITE_VERIFY_12: {
10656		struct scsi_write_verify_12 *cdb;
10657
10658		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10659
10660		*lba = scsi_4btoul(cdb->addr);
10661		*len = scsi_4btoul(cdb->length);
10662		break;
10663	}
10664	case READ_16:
10665	case WRITE_16:
10666	case WRITE_ATOMIC_16: {
10667		struct scsi_rw_16 *cdb;
10668
10669		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10670
10671		*lba = scsi_8btou64(cdb->addr);
10672		*len = scsi_4btoul(cdb->length);
10673		break;
10674	}
10675	case WRITE_VERIFY_16: {
10676		struct scsi_write_verify_16 *cdb;
10677
10678		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10679
10680		*lba = scsi_8btou64(cdb->addr);
10681		*len = scsi_4btoul(cdb->length);
10682		break;
10683	}
10684	case WRITE_SAME_10: {
10685		struct scsi_write_same_10 *cdb;
10686
10687		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10688
10689		*lba = scsi_4btoul(cdb->addr);
10690		*len = scsi_2btoul(cdb->length);
10691		break;
10692	}
10693	case WRITE_SAME_16: {
10694		struct scsi_write_same_16 *cdb;
10695
10696		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10697
10698		*lba = scsi_8btou64(cdb->addr);
10699		*len = scsi_4btoul(cdb->length);
10700		break;
10701	}
10702	case VERIFY_10: {
10703		struct scsi_verify_10 *cdb;
10704
10705		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10706
10707		*lba = scsi_4btoul(cdb->addr);
10708		*len = scsi_2btoul(cdb->length);
10709		break;
10710	}
10711	case VERIFY_12: {
10712		struct scsi_verify_12 *cdb;
10713
10714		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10715
10716		*lba = scsi_4btoul(cdb->addr);
10717		*len = scsi_4btoul(cdb->length);
10718		break;
10719	}
10720	case VERIFY_16: {
10721		struct scsi_verify_16 *cdb;
10722
10723		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10724
10725		*lba = scsi_8btou64(cdb->addr);
10726		*len = scsi_4btoul(cdb->length);
10727		break;
10728	}
10729	case UNMAP: {
10730		*lba = 0;
10731		*len = UINT64_MAX;
10732		break;
10733	}
10734	default:
10735		return (1);
10736		break; /* NOTREACHED */
10737	}
10738
10739	return (0);
10740}
10741
10742static ctl_action
10743ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2)
10744{
10745	uint64_t endlba1, endlba2;
10746
10747	endlba1 = lba1 + len1 - 1;
10748	endlba2 = lba2 + len2 - 1;
10749
10750	if ((endlba1 < lba2)
10751	 || (endlba2 < lba1))
10752		return (CTL_ACTION_PASS);
10753	else
10754		return (CTL_ACTION_BLOCK);
10755}
10756
10757static int
10758ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10759{
10760	struct ctl_ptr_len_flags *ptrlen;
10761	struct scsi_unmap_desc *buf, *end, *range;
10762	uint64_t lba;
10763	uint32_t len;
10764
10765	/* If not UNMAP -- go other way. */
10766	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10767	    io->scsiio.cdb[0] != UNMAP)
10768		return (CTL_ACTION_ERROR);
10769
10770	/* If UNMAP without data -- block and wait for data. */
10771	ptrlen = (struct ctl_ptr_len_flags *)
10772	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10773	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10774	    ptrlen->ptr == NULL)
10775		return (CTL_ACTION_BLOCK);
10776
10777	/* UNMAP with data -- check for collision. */
10778	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10779	end = buf + ptrlen->len / sizeof(*buf);
10780	for (range = buf; range < end; range++) {
10781		lba = scsi_8btou64(range->lba);
10782		len = scsi_4btoul(range->length);
10783		if ((lba < lba2 + len2) && (lba + len > lba2))
10784			return (CTL_ACTION_BLOCK);
10785	}
10786	return (CTL_ACTION_PASS);
10787}
10788
10789static ctl_action
10790ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
10791{
10792	uint64_t lba1, lba2;
10793	uint64_t len1, len2;
10794	int retval;
10795
10796	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10797		return (CTL_ACTION_ERROR);
10798
10799	retval = ctl_extent_check_unmap(io2, lba1, len1);
10800	if (retval != CTL_ACTION_ERROR)
10801		return (retval);
10802
10803	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10804		return (CTL_ACTION_ERROR);
10805
10806	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
10807}
10808
10809static ctl_action
10810ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10811    union ctl_io *ooa_io)
10812{
10813	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10814	ctl_serialize_action *serialize_row;
10815
10816	/*
10817	 * The initiator attempted multiple untagged commands at the same
10818	 * time.  Can't do that.
10819	 */
10820	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10821	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10822	 && ((pending_io->io_hdr.nexus.targ_port ==
10823	      ooa_io->io_hdr.nexus.targ_port)
10824	  && (pending_io->io_hdr.nexus.initid.id ==
10825	      ooa_io->io_hdr.nexus.initid.id))
10826	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10827		return (CTL_ACTION_OVERLAP);
10828
10829	/*
10830	 * The initiator attempted to send multiple tagged commands with
10831	 * the same ID.  (It's fine if different initiators have the same
10832	 * tag ID.)
10833	 *
10834	 * Even if all of those conditions are true, we don't kill the I/O
10835	 * if the command ahead of us has been aborted.  We won't end up
10836	 * sending it to the FETD, and it's perfectly legal to resend a
10837	 * command with the same tag number as long as the previous
10838	 * instance of this tag number has been aborted somehow.
10839	 */
10840	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10841	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10842	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10843	 && ((pending_io->io_hdr.nexus.targ_port ==
10844	      ooa_io->io_hdr.nexus.targ_port)
10845	  && (pending_io->io_hdr.nexus.initid.id ==
10846	      ooa_io->io_hdr.nexus.initid.id))
10847	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10848		return (CTL_ACTION_OVERLAP_TAG);
10849
10850	/*
10851	 * If we get a head of queue tag, SAM-3 says that we should
10852	 * immediately execute it.
10853	 *
10854	 * What happens if this command would normally block for some other
10855	 * reason?  e.g. a request sense with a head of queue tag
10856	 * immediately after a write.  Normally that would block, but this
10857	 * will result in its getting executed immediately...
10858	 *
10859	 * We currently return "pass" instead of "skip", so we'll end up
10860	 * going through the rest of the queue to check for overlapped tags.
10861	 *
10862	 * XXX KDM check for other types of blockage first??
10863	 */
10864	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10865		return (CTL_ACTION_PASS);
10866
10867	/*
10868	 * Ordered tags have to block until all items ahead of them
10869	 * have completed.  If we get called with an ordered tag, we always
10870	 * block, if something else is ahead of us in the queue.
10871	 */
10872	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10873		return (CTL_ACTION_BLOCK);
10874
10875	/*
10876	 * Simple tags get blocked until all head of queue and ordered tags
10877	 * ahead of them have completed.  I'm lumping untagged commands in
10878	 * with simple tags here.  XXX KDM is that the right thing to do?
10879	 */
10880	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10881	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10882	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10883	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10884		return (CTL_ACTION_BLOCK);
10885
10886	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10887	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10888
10889	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10890
10891	switch (serialize_row[pending_entry->seridx]) {
10892	case CTL_SER_BLOCK:
10893		return (CTL_ACTION_BLOCK);
10894	case CTL_SER_EXTENT:
10895		return (ctl_extent_check(pending_io, ooa_io));
10896	case CTL_SER_EXTENTOPT:
10897		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10898		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10899			return (ctl_extent_check(pending_io, ooa_io));
10900		/* FALLTHROUGH */
10901	case CTL_SER_PASS:
10902		return (CTL_ACTION_PASS);
10903	case CTL_SER_BLOCKOPT:
10904		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10905		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10906			return (CTL_ACTION_BLOCK);
10907		return (CTL_ACTION_PASS);
10908	case CTL_SER_SKIP:
10909		return (CTL_ACTION_SKIP);
10910	default:
10911		panic("invalid serialization value %d",
10912		      serialize_row[pending_entry->seridx]);
10913	}
10914
10915	return (CTL_ACTION_ERROR);
10916}
10917
10918/*
10919 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10920 * Assumptions:
10921 * - pending_io is generally either incoming, or on the blocked queue
10922 * - starting I/O is the I/O we want to start the check with.
10923 */
10924static ctl_action
10925ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10926	      union ctl_io *starting_io)
10927{
10928	union ctl_io *ooa_io;
10929	ctl_action action;
10930
10931	mtx_assert(&lun->lun_lock, MA_OWNED);
10932
10933	/*
10934	 * Run back along the OOA queue, starting with the current
10935	 * blocked I/O and going through every I/O before it on the
10936	 * queue.  If starting_io is NULL, we'll just end up returning
10937	 * CTL_ACTION_PASS.
10938	 */
10939	for (ooa_io = starting_io; ooa_io != NULL;
10940	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10941	     ooa_links)){
10942
10943		/*
10944		 * This routine just checks to see whether
10945		 * cur_blocked is blocked by ooa_io, which is ahead
10946		 * of it in the queue.  It doesn't queue/dequeue
10947		 * cur_blocked.
10948		 */
10949		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10950		switch (action) {
10951		case CTL_ACTION_BLOCK:
10952		case CTL_ACTION_OVERLAP:
10953		case CTL_ACTION_OVERLAP_TAG:
10954		case CTL_ACTION_SKIP:
10955		case CTL_ACTION_ERROR:
10956			return (action);
10957			break; /* NOTREACHED */
10958		case CTL_ACTION_PASS:
10959			break;
10960		default:
10961			panic("invalid action %d", action);
10962			break;  /* NOTREACHED */
10963		}
10964	}
10965
10966	return (CTL_ACTION_PASS);
10967}
10968
10969/*
10970 * Assumptions:
10971 * - An I/O has just completed, and has been removed from the per-LUN OOA
10972 *   queue, so some items on the blocked queue may now be unblocked.
10973 */
10974static int
10975ctl_check_blocked(struct ctl_lun *lun)
10976{
10977	union ctl_io *cur_blocked, *next_blocked;
10978
10979	mtx_assert(&lun->lun_lock, MA_OWNED);
10980
10981	/*
10982	 * Run forward from the head of the blocked queue, checking each
10983	 * entry against the I/Os prior to it on the OOA queue to see if
10984	 * there is still any blockage.
10985	 *
10986	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10987	 * with our removing a variable on it while it is traversing the
10988	 * list.
10989	 */
10990	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10991	     cur_blocked != NULL; cur_blocked = next_blocked) {
10992		union ctl_io *prev_ooa;
10993		ctl_action action;
10994
10995		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10996							  blocked_links);
10997
10998		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10999						      ctl_ooaq, ooa_links);
11000
11001		/*
11002		 * If cur_blocked happens to be the first item in the OOA
11003		 * queue now, prev_ooa will be NULL, and the action
11004		 * returned will just be CTL_ACTION_PASS.
11005		 */
11006		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11007
11008		switch (action) {
11009		case CTL_ACTION_BLOCK:
11010			/* Nothing to do here, still blocked */
11011			break;
11012		case CTL_ACTION_OVERLAP:
11013		case CTL_ACTION_OVERLAP_TAG:
11014			/*
11015			 * This shouldn't happen!  In theory we've already
11016			 * checked this command for overlap...
11017			 */
11018			break;
11019		case CTL_ACTION_PASS:
11020		case CTL_ACTION_SKIP: {
11021			struct ctl_softc *softc;
11022			const struct ctl_cmd_entry *entry;
11023			uint32_t initidx;
11024			int isc_retval;
11025
11026			/*
11027			 * The skip case shouldn't happen, this transaction
11028			 * should have never made it onto the blocked queue.
11029			 */
11030			/*
11031			 * This I/O is no longer blocked, we can remove it
11032			 * from the blocked queue.  Since this is a TAILQ
11033			 * (doubly linked list), we can do O(1) removals
11034			 * from any place on the list.
11035			 */
11036			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11037				     blocked_links);
11038			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11039
11040			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
11041				/*
11042				 * Need to send IO back to original side to
11043				 * run
11044				 */
11045				union ctl_ha_msg msg_info;
11046
11047				msg_info.hdr.original_sc =
11048					cur_blocked->io_hdr.original_sc;
11049				msg_info.hdr.serializing_sc = cur_blocked;
11050				msg_info.hdr.msg_type = CTL_MSG_R2R;
11051				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11052				     &msg_info, sizeof(msg_info), 0)) >
11053				     CTL_HA_STATUS_SUCCESS) {
11054					printf("CTL:Check Blocked error from "
11055					       "ctl_ha_msg_send %d\n",
11056					       isc_retval);
11057				}
11058				break;
11059			}
11060			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11061			softc = control_softc;
11062
11063			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
11064
11065			/*
11066			 * Check this I/O for LUN state changes that may
11067			 * have happened while this command was blocked.
11068			 * The LUN state may have been changed by a command
11069			 * ahead of us in the queue, so we need to re-check
11070			 * for any states that can be caused by SCSI
11071			 * commands.
11072			 */
11073			if (ctl_scsiio_lun_check(softc, lun, entry,
11074						 &cur_blocked->scsiio) == 0) {
11075				cur_blocked->io_hdr.flags |=
11076				                      CTL_FLAG_IS_WAS_ON_RTR;
11077				ctl_enqueue_rtr(cur_blocked);
11078			} else
11079				ctl_done(cur_blocked);
11080			break;
11081		}
11082		default:
11083			/*
11084			 * This probably shouldn't happen -- we shouldn't
11085			 * get CTL_ACTION_ERROR, or anything else.
11086			 */
11087			break;
11088		}
11089	}
11090
11091	return (CTL_RETVAL_COMPLETE);
11092}
11093
11094/*
11095 * This routine (with one exception) checks LUN flags that can be set by
11096 * commands ahead of us in the OOA queue.  These flags have to be checked
11097 * when a command initially comes in, and when we pull a command off the
11098 * blocked queue and are preparing to execute it.  The reason we have to
11099 * check these flags for commands on the blocked queue is that the LUN
11100 * state may have been changed by a command ahead of us while we're on the
11101 * blocked queue.
11102 *
11103 * Ordering is somewhat important with these checks, so please pay
11104 * careful attention to the placement of any new checks.
11105 */
11106static int
11107ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
11108    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11109{
11110	int retval;
11111	uint32_t residx;
11112
11113	retval = 0;
11114
11115	mtx_assert(&lun->lun_lock, MA_OWNED);
11116
11117	/*
11118	 * If this shelf is a secondary shelf controller, we have to reject
11119	 * any media access commands.
11120	 */
11121#if 0
11122	/* No longer needed for HA */
11123	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
11124	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
11125		ctl_set_lun_standby(ctsio);
11126		retval = 1;
11127		goto bailout;
11128	}
11129#endif
11130
11131	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11132		if (lun->flags & CTL_LUN_READONLY) {
11133			ctl_set_sense(ctsio, /*current_error*/ 1,
11134			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11135			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
11136			retval = 1;
11137			goto bailout;
11138		}
11139		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11140		    .eca_and_aen & SCP_SWP) != 0) {
11141			ctl_set_sense(ctsio, /*current_error*/ 1,
11142			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11143			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11144			retval = 1;
11145			goto bailout;
11146		}
11147	}
11148
11149	/*
11150	 * Check for a reservation conflict.  If this command isn't allowed
11151	 * even on reserved LUNs, and if this initiator isn't the one who
11152	 * reserved us, reject the command with a reservation conflict.
11153	 */
11154	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
11155	if ((lun->flags & CTL_LUN_RESERVED)
11156	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11157		if (lun->res_idx != residx) {
11158			ctl_set_reservation_conflict(ctsio);
11159			retval = 1;
11160			goto bailout;
11161		}
11162	}
11163
11164	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11165	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11166		/* No reservation or command is allowed. */;
11167	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11168	    (lun->res_type == SPR_TYPE_WR_EX ||
11169	     lun->res_type == SPR_TYPE_WR_EX_RO ||
11170	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
11171		/* The command is allowed for Write Exclusive resv. */;
11172	} else {
11173		/*
11174		 * if we aren't registered or it's a res holder type
11175		 * reservation and this isn't the res holder then set a
11176		 * conflict.
11177		 */
11178		if (lun->pr_keys[residx] == 0
11179		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11180			ctl_set_reservation_conflict(ctsio);
11181			retval = 1;
11182			goto bailout;
11183		}
11184
11185	}
11186
11187	if ((lun->flags & CTL_LUN_OFFLINE)
11188	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
11189		ctl_set_lun_not_ready(ctsio);
11190		retval = 1;
11191		goto bailout;
11192	}
11193
11194	/*
11195	 * If the LUN is stopped, see if this particular command is allowed
11196	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
11197	 */
11198	if ((lun->flags & CTL_LUN_STOPPED)
11199	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11200		/* "Logical unit not ready, initializing cmd. required" */
11201		ctl_set_lun_stopped(ctsio);
11202		retval = 1;
11203		goto bailout;
11204	}
11205
11206	if ((lun->flags & CTL_LUN_INOPERABLE)
11207	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11208		/* "Medium format corrupted" */
11209		ctl_set_medium_format_corrupted(ctsio);
11210		retval = 1;
11211		goto bailout;
11212	}
11213
11214bailout:
11215	return (retval);
11216
11217}
11218
11219static void
11220ctl_failover_io(union ctl_io *io, int have_lock)
11221{
11222	ctl_set_busy(&io->scsiio);
11223	ctl_done(io);
11224}
11225
11226static void
11227ctl_failover(void)
11228{
11229	struct ctl_lun *lun;
11230	struct ctl_softc *ctl_softc;
11231	union ctl_io *next_io, *pending_io;
11232	union ctl_io *io;
11233	int lun_idx;
11234	int i;
11235
11236	ctl_softc = control_softc;
11237
11238	mtx_lock(&ctl_softc->ctl_lock);
11239	/*
11240	 * Remove any cmds from the other SC from the rtr queue.  These
11241	 * will obviously only be for LUNs for which we're the primary.
11242	 * We can't send status or get/send data for these commands.
11243	 * Since they haven't been executed yet, we can just remove them.
11244	 * We'll either abort them or delete them below, depending on
11245	 * which HA mode we're in.
11246	 */
11247#ifdef notyet
11248	mtx_lock(&ctl_softc->queue_lock);
11249	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
11250	     io != NULL; io = next_io) {
11251		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
11252		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11253			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
11254				      ctl_io_hdr, links);
11255	}
11256	mtx_unlock(&ctl_softc->queue_lock);
11257#endif
11258
11259	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
11260		lun = ctl_softc->ctl_luns[lun_idx];
11261		if (lun==NULL)
11262			continue;
11263
11264		/*
11265		 * Processor LUNs are primary on both sides.
11266		 * XXX will this always be true?
11267		 */
11268		if (lun->be_lun->lun_type == T_PROCESSOR)
11269			continue;
11270
11271		if ((lun->flags & CTL_LUN_PRIMARY_SC)
11272		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11273			printf("FAILOVER: primary lun %d\n", lun_idx);
11274		        /*
11275			 * Remove all commands from the other SC. First from the
11276			 * blocked queue then from the ooa queue. Once we have
11277			 * removed them. Call ctl_check_blocked to see if there
11278			 * is anything that can run.
11279			 */
11280			for (io = (union ctl_io *)TAILQ_FIRST(
11281			     &lun->blocked_queue); io != NULL; io = next_io) {
11282
11283		        	next_io = (union ctl_io *)TAILQ_NEXT(
11284				    &io->io_hdr, blocked_links);
11285
11286				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11287					TAILQ_REMOVE(&lun->blocked_queue,
11288						     &io->io_hdr,blocked_links);
11289					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11290					TAILQ_REMOVE(&lun->ooa_queue,
11291						     &io->io_hdr, ooa_links);
11292
11293					ctl_free_io(io);
11294				}
11295			}
11296
11297			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11298	     		     io != NULL; io = next_io) {
11299
11300		        	next_io = (union ctl_io *)TAILQ_NEXT(
11301				    &io->io_hdr, ooa_links);
11302
11303				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11304
11305					TAILQ_REMOVE(&lun->ooa_queue,
11306						&io->io_hdr,
11307					     	ooa_links);
11308
11309					ctl_free_io(io);
11310				}
11311			}
11312			ctl_check_blocked(lun);
11313		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
11314			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11315
11316			printf("FAILOVER: primary lun %d\n", lun_idx);
11317			/*
11318			 * Abort all commands from the other SC.  We can't
11319			 * send status back for them now.  These should get
11320			 * cleaned up when they are completed or come out
11321			 * for a datamove operation.
11322			 */
11323			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11324	     		     io != NULL; io = next_io) {
11325		        	next_io = (union ctl_io *)TAILQ_NEXT(
11326					&io->io_hdr, ooa_links);
11327
11328				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11329					io->io_hdr.flags |= CTL_FLAG_ABORT;
11330			}
11331		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11332			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11333
11334			printf("FAILOVER: secondary lun %d\n", lun_idx);
11335
11336			lun->flags |= CTL_LUN_PRIMARY_SC;
11337
11338			/*
11339			 * We send all I/O that was sent to this controller
11340			 * and redirected to the other side back with
11341			 * busy status, and have the initiator retry it.
11342			 * Figuring out how much data has been transferred,
11343			 * etc. and picking up where we left off would be
11344			 * very tricky.
11345			 *
11346			 * XXX KDM need to remove I/O from the blocked
11347			 * queue as well!
11348			 */
11349			for (pending_io = (union ctl_io *)TAILQ_FIRST(
11350			     &lun->ooa_queue); pending_io != NULL;
11351			     pending_io = next_io) {
11352
11353				next_io =  (union ctl_io *)TAILQ_NEXT(
11354					&pending_io->io_hdr, ooa_links);
11355
11356				pending_io->io_hdr.flags &=
11357					~CTL_FLAG_SENT_2OTHER_SC;
11358
11359				if (pending_io->io_hdr.flags &
11360				    CTL_FLAG_IO_ACTIVE) {
11361					pending_io->io_hdr.flags |=
11362						CTL_FLAG_FAILOVER;
11363				} else {
11364					ctl_set_busy(&pending_io->scsiio);
11365					ctl_done(pending_io);
11366				}
11367			}
11368
11369			/*
11370			 * Build Unit Attention
11371			 */
11372			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11373				lun->pending_ua[i] |=
11374				                     CTL_UA_ASYM_ACC_CHANGE;
11375			}
11376		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11377			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11378			printf("FAILOVER: secondary lun %d\n", lun_idx);
11379			/*
11380			 * if the first io on the OOA is not on the RtR queue
11381			 * add it.
11382			 */
11383			lun->flags |= CTL_LUN_PRIMARY_SC;
11384
11385			pending_io = (union ctl_io *)TAILQ_FIRST(
11386			    &lun->ooa_queue);
11387			if (pending_io==NULL) {
11388				printf("Nothing on OOA queue\n");
11389				continue;
11390			}
11391
11392			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11393			if ((pending_io->io_hdr.flags &
11394			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11395				pending_io->io_hdr.flags |=
11396				    CTL_FLAG_IS_WAS_ON_RTR;
11397				ctl_enqueue_rtr(pending_io);
11398			}
11399#if 0
11400			else
11401			{
11402				printf("Tag 0x%04x is running\n",
11403				      pending_io->scsiio.tag_num);
11404			}
11405#endif
11406
11407			next_io = (union ctl_io *)TAILQ_NEXT(
11408			    &pending_io->io_hdr, ooa_links);
11409			for (pending_io=next_io; pending_io != NULL;
11410			     pending_io = next_io) {
11411				pending_io->io_hdr.flags &=
11412				    ~CTL_FLAG_SENT_2OTHER_SC;
11413				next_io = (union ctl_io *)TAILQ_NEXT(
11414					&pending_io->io_hdr, ooa_links);
11415				if (pending_io->io_hdr.flags &
11416				    CTL_FLAG_IS_WAS_ON_RTR) {
11417#if 0
11418				        printf("Tag 0x%04x is running\n",
11419				      		pending_io->scsiio.tag_num);
11420#endif
11421					continue;
11422				}
11423
11424				switch (ctl_check_ooa(lun, pending_io,
11425			            (union ctl_io *)TAILQ_PREV(
11426				    &pending_io->io_hdr, ctl_ooaq,
11427				    ooa_links))) {
11428
11429				case CTL_ACTION_BLOCK:
11430					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11431							  &pending_io->io_hdr,
11432							  blocked_links);
11433					pending_io->io_hdr.flags |=
11434					    CTL_FLAG_BLOCKED;
11435					break;
11436				case CTL_ACTION_PASS:
11437				case CTL_ACTION_SKIP:
11438					pending_io->io_hdr.flags |=
11439					    CTL_FLAG_IS_WAS_ON_RTR;
11440					ctl_enqueue_rtr(pending_io);
11441					break;
11442				case CTL_ACTION_OVERLAP:
11443					ctl_set_overlapped_cmd(
11444					    (struct ctl_scsiio *)pending_io);
11445					ctl_done(pending_io);
11446					break;
11447				case CTL_ACTION_OVERLAP_TAG:
11448					ctl_set_overlapped_tag(
11449					    (struct ctl_scsiio *)pending_io,
11450					    pending_io->scsiio.tag_num & 0xff);
11451					ctl_done(pending_io);
11452					break;
11453				case CTL_ACTION_ERROR:
11454				default:
11455					ctl_set_internal_failure(
11456						(struct ctl_scsiio *)pending_io,
11457						0,  // sks_valid
11458						0); //retry count
11459					ctl_done(pending_io);
11460					break;
11461				}
11462			}
11463
11464			/*
11465			 * Build Unit Attention
11466			 */
11467			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11468				lun->pending_ua[i] |=
11469				                     CTL_UA_ASYM_ACC_CHANGE;
11470			}
11471		} else {
11472			panic("Unhandled HA mode failover, LUN flags = %#x, "
11473			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
11474		}
11475	}
11476	ctl_pause_rtr = 0;
11477	mtx_unlock(&ctl_softc->ctl_lock);
11478}
11479
11480static int
11481ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
11482{
11483	struct ctl_lun *lun;
11484	const struct ctl_cmd_entry *entry;
11485	uint32_t initidx, targ_lun;
11486	int retval;
11487
11488	retval = 0;
11489
11490	lun = NULL;
11491
11492	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11493	if ((targ_lun < CTL_MAX_LUNS)
11494	 && (ctl_softc->ctl_luns[targ_lun] != NULL)) {
11495		lun = ctl_softc->ctl_luns[targ_lun];
11496		/*
11497		 * If the LUN is invalid, pretend that it doesn't exist.
11498		 * It will go away as soon as all pending I/O has been
11499		 * completed.
11500		 */
11501		if (lun->flags & CTL_LUN_DISABLED) {
11502			lun = NULL;
11503		} else {
11504			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11505			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11506				lun->be_lun;
11507			if (lun->be_lun->lun_type == T_PROCESSOR) {
11508				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11509			}
11510
11511			/*
11512			 * Every I/O goes into the OOA queue for a
11513			 * particular LUN, and stays there until completion.
11514			 */
11515			mtx_lock(&lun->lun_lock);
11516			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11517			    ooa_links);
11518		}
11519	} else {
11520		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11521		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11522	}
11523
11524	/* Get command entry and return error if it is unsuppotyed. */
11525	entry = ctl_validate_command(ctsio);
11526	if (entry == NULL) {
11527		if (lun)
11528			mtx_unlock(&lun->lun_lock);
11529		return (retval);
11530	}
11531
11532	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11533	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11534
11535	/*
11536	 * Check to see whether we can send this command to LUNs that don't
11537	 * exist.  This should pretty much only be the case for inquiry
11538	 * and request sense.  Further checks, below, really require having
11539	 * a LUN, so we can't really check the command anymore.  Just put
11540	 * it on the rtr queue.
11541	 */
11542	if (lun == NULL) {
11543		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11544			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11545			ctl_enqueue_rtr((union ctl_io *)ctsio);
11546			return (retval);
11547		}
11548
11549		ctl_set_unsupported_lun(ctsio);
11550		ctl_done((union ctl_io *)ctsio);
11551		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11552		return (retval);
11553	} else {
11554		/*
11555		 * Make sure we support this particular command on this LUN.
11556		 * e.g., we don't support writes to the control LUN.
11557		 */
11558		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11559			mtx_unlock(&lun->lun_lock);
11560			ctl_set_invalid_opcode(ctsio);
11561			ctl_done((union ctl_io *)ctsio);
11562			return (retval);
11563		}
11564	}
11565
11566	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11567
11568#ifdef CTL_WITH_CA
11569	/*
11570	 * If we've got a request sense, it'll clear the contingent
11571	 * allegiance condition.  Otherwise, if we have a CA condition for
11572	 * this initiator, clear it, because it sent down a command other
11573	 * than request sense.
11574	 */
11575	if ((ctsio->cdb[0] != REQUEST_SENSE)
11576	 && (ctl_is_set(lun->have_ca, initidx)))
11577		ctl_clear_mask(lun->have_ca, initidx);
11578#endif
11579
11580	/*
11581	 * If the command has this flag set, it handles its own unit
11582	 * attention reporting, we shouldn't do anything.  Otherwise we
11583	 * check for any pending unit attentions, and send them back to the
11584	 * initiator.  We only do this when a command initially comes in,
11585	 * not when we pull it off the blocked queue.
11586	 *
11587	 * According to SAM-3, section 5.3.2, the order that things get
11588	 * presented back to the host is basically unit attentions caused
11589	 * by some sort of reset event, busy status, reservation conflicts
11590	 * or task set full, and finally any other status.
11591	 *
11592	 * One issue here is that some of the unit attentions we report
11593	 * don't fall into the "reset" category (e.g. "reported luns data
11594	 * has changed").  So reporting it here, before the reservation
11595	 * check, may be technically wrong.  I guess the only thing to do
11596	 * would be to check for and report the reset events here, and then
11597	 * check for the other unit attention types after we check for a
11598	 * reservation conflict.
11599	 *
11600	 * XXX KDM need to fix this
11601	 */
11602	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11603		ctl_ua_type ua_type;
11604
11605		if (lun->pending_ua[initidx] != CTL_UA_NONE) {
11606			scsi_sense_data_type sense_format;
11607
11608			if (lun != NULL)
11609				sense_format = (lun->flags &
11610				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
11611				    SSD_TYPE_FIXED;
11612			else
11613				sense_format = SSD_TYPE_FIXED;
11614
11615			ua_type = ctl_build_ua(&lun->pending_ua[initidx],
11616			    &ctsio->sense_data, sense_format);
11617			if (ua_type != CTL_UA_NONE) {
11618				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11619				ctsio->io_hdr.status = CTL_SCSI_ERROR |
11620						       CTL_AUTOSENSE;
11621				ctsio->sense_len = SSD_FULL_SIZE;
11622				mtx_unlock(&lun->lun_lock);
11623				ctl_done((union ctl_io *)ctsio);
11624				return (retval);
11625			}
11626		}
11627	}
11628
11629
11630	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
11631		mtx_unlock(&lun->lun_lock);
11632		ctl_done((union ctl_io *)ctsio);
11633		return (retval);
11634	}
11635
11636	/*
11637	 * XXX CHD this is where we want to send IO to other side if
11638	 * this LUN is secondary on this SC. We will need to make a copy
11639	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11640	 * the copy we send as FROM_OTHER.
11641	 * We also need to stuff the address of the original IO so we can
11642	 * find it easily. Something similar will need be done on the other
11643	 * side so when we are done we can find the copy.
11644	 */
11645	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11646		union ctl_ha_msg msg_info;
11647		int isc_retval;
11648
11649		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11650
11651		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11652		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11653#if 0
11654		printf("1. ctsio %p\n", ctsio);
11655#endif
11656		msg_info.hdr.serializing_sc = NULL;
11657		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11658		msg_info.scsi.tag_num = ctsio->tag_num;
11659		msg_info.scsi.tag_type = ctsio->tag_type;
11660		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11661
11662		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11663
11664		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11665		    (void *)&msg_info, sizeof(msg_info), 0)) >
11666		    CTL_HA_STATUS_SUCCESS) {
11667			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11668			       isc_retval);
11669			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11670		} else {
11671#if 0
11672			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11673#endif
11674		}
11675
11676		/*
11677		 * XXX KDM this I/O is off the incoming queue, but hasn't
11678		 * been inserted on any other queue.  We may need to come
11679		 * up with a holding queue while we wait for serialization
11680		 * so that we have an idea of what we're waiting for from
11681		 * the other side.
11682		 */
11683		mtx_unlock(&lun->lun_lock);
11684		return (retval);
11685	}
11686
11687	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11688			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11689			      ctl_ooaq, ooa_links))) {
11690	case CTL_ACTION_BLOCK:
11691		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11692		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11693				  blocked_links);
11694		mtx_unlock(&lun->lun_lock);
11695		return (retval);
11696	case CTL_ACTION_PASS:
11697	case CTL_ACTION_SKIP:
11698		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11699		mtx_unlock(&lun->lun_lock);
11700		ctl_enqueue_rtr((union ctl_io *)ctsio);
11701		break;
11702	case CTL_ACTION_OVERLAP:
11703		mtx_unlock(&lun->lun_lock);
11704		ctl_set_overlapped_cmd(ctsio);
11705		ctl_done((union ctl_io *)ctsio);
11706		break;
11707	case CTL_ACTION_OVERLAP_TAG:
11708		mtx_unlock(&lun->lun_lock);
11709		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11710		ctl_done((union ctl_io *)ctsio);
11711		break;
11712	case CTL_ACTION_ERROR:
11713	default:
11714		mtx_unlock(&lun->lun_lock);
11715		ctl_set_internal_failure(ctsio,
11716					 /*sks_valid*/ 0,
11717					 /*retry_count*/ 0);
11718		ctl_done((union ctl_io *)ctsio);
11719		break;
11720	}
11721	return (retval);
11722}
11723
11724const struct ctl_cmd_entry *
11725ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11726{
11727	const struct ctl_cmd_entry *entry;
11728	int service_action;
11729
11730	entry = &ctl_cmd_table[ctsio->cdb[0]];
11731	if (sa)
11732		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11733	if (entry->flags & CTL_CMD_FLAG_SA5) {
11734		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11735		entry = &((const struct ctl_cmd_entry *)
11736		    entry->execute)[service_action];
11737	}
11738	return (entry);
11739}
11740
11741const struct ctl_cmd_entry *
11742ctl_validate_command(struct ctl_scsiio *ctsio)
11743{
11744	const struct ctl_cmd_entry *entry;
11745	int i, sa;
11746	uint8_t diff;
11747
11748	entry = ctl_get_cmd_entry(ctsio, &sa);
11749	if (entry->execute == NULL) {
11750		if (sa)
11751			ctl_set_invalid_field(ctsio,
11752					      /*sks_valid*/ 1,
11753					      /*command*/ 1,
11754					      /*field*/ 1,
11755					      /*bit_valid*/ 1,
11756					      /*bit*/ 4);
11757		else
11758			ctl_set_invalid_opcode(ctsio);
11759		ctl_done((union ctl_io *)ctsio);
11760		return (NULL);
11761	}
11762	KASSERT(entry->length > 0,
11763	    ("Not defined length for command 0x%02x/0x%02x",
11764	     ctsio->cdb[0], ctsio->cdb[1]));
11765	for (i = 1; i < entry->length; i++) {
11766		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11767		if (diff == 0)
11768			continue;
11769		ctl_set_invalid_field(ctsio,
11770				      /*sks_valid*/ 1,
11771				      /*command*/ 1,
11772				      /*field*/ i,
11773				      /*bit_valid*/ 1,
11774				      /*bit*/ fls(diff) - 1);
11775		ctl_done((union ctl_io *)ctsio);
11776		return (NULL);
11777	}
11778	return (entry);
11779}
11780
11781static int
11782ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11783{
11784
11785	switch (lun_type) {
11786	case T_PROCESSOR:
11787		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11788		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11789			return (0);
11790		break;
11791	case T_DIRECT:
11792		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11793		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11794			return (0);
11795		break;
11796	default:
11797		return (0);
11798	}
11799	return (1);
11800}
11801
11802static int
11803ctl_scsiio(struct ctl_scsiio *ctsio)
11804{
11805	int retval;
11806	const struct ctl_cmd_entry *entry;
11807
11808	retval = CTL_RETVAL_COMPLETE;
11809
11810	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11811
11812	entry = ctl_get_cmd_entry(ctsio, NULL);
11813
11814	/*
11815	 * If this I/O has been aborted, just send it straight to
11816	 * ctl_done() without executing it.
11817	 */
11818	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11819		ctl_done((union ctl_io *)ctsio);
11820		goto bailout;
11821	}
11822
11823	/*
11824	 * All the checks should have been handled by ctl_scsiio_precheck().
11825	 * We should be clear now to just execute the I/O.
11826	 */
11827	retval = entry->execute(ctsio);
11828
11829bailout:
11830	return (retval);
11831}
11832
11833/*
11834 * Since we only implement one target right now, a bus reset simply resets
11835 * our single target.
11836 */
11837static int
11838ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
11839{
11840	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
11841}
11842
11843static int
11844ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
11845		 ctl_ua_type ua_type)
11846{
11847	struct ctl_lun *lun;
11848	int retval;
11849
11850	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11851		union ctl_ha_msg msg_info;
11852
11853		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11854		msg_info.hdr.nexus = io->io_hdr.nexus;
11855		if (ua_type==CTL_UA_TARG_RESET)
11856			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11857		else
11858			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11859		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11860		msg_info.hdr.original_sc = NULL;
11861		msg_info.hdr.serializing_sc = NULL;
11862		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11863		    (void *)&msg_info, sizeof(msg_info), 0)) {
11864		}
11865	}
11866	retval = 0;
11867
11868	mtx_lock(&ctl_softc->ctl_lock);
11869	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
11870		retval += ctl_lun_reset(lun, io, ua_type);
11871	mtx_unlock(&ctl_softc->ctl_lock);
11872
11873	return (retval);
11874}
11875
11876/*
11877 * The LUN should always be set.  The I/O is optional, and is used to
11878 * distinguish between I/Os sent by this initiator, and by other
11879 * initiators.  We set unit attention for initiators other than this one.
11880 * SAM-3 is vague on this point.  It does say that a unit attention should
11881 * be established for other initiators when a LUN is reset (see section
11882 * 5.7.3), but it doesn't specifically say that the unit attention should
11883 * be established for this particular initiator when a LUN is reset.  Here
11884 * is the relevant text, from SAM-3 rev 8:
11885 *
11886 * 5.7.2 When a SCSI initiator port aborts its own tasks
11887 *
11888 * When a SCSI initiator port causes its own task(s) to be aborted, no
11889 * notification that the task(s) have been aborted shall be returned to
11890 * the SCSI initiator port other than the completion response for the
11891 * command or task management function action that caused the task(s) to
11892 * be aborted and notification(s) associated with related effects of the
11893 * action (e.g., a reset unit attention condition).
11894 *
11895 * XXX KDM for now, we're setting unit attention for all initiators.
11896 */
11897static int
11898ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11899{
11900	union ctl_io *xio;
11901#if 0
11902	uint32_t initindex;
11903#endif
11904	int i;
11905
11906	mtx_lock(&lun->lun_lock);
11907	/*
11908	 * Run through the OOA queue and abort each I/O.
11909	 */
11910#if 0
11911	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11912#endif
11913	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11914	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11915		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11916	}
11917
11918	/*
11919	 * This version sets unit attention for every
11920	 */
11921#if 0
11922	initindex = ctl_get_initindex(&io->io_hdr.nexus);
11923	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11924		if (initindex == i)
11925			continue;
11926		lun->pending_ua[i] |= ua_type;
11927	}
11928#endif
11929
11930	/*
11931	 * A reset (any kind, really) clears reservations established with
11932	 * RESERVE/RELEASE.  It does not clear reservations established
11933	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11934	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11935	 * reservations made with the RESERVE/RELEASE commands, because
11936	 * those commands are obsolete in SPC-3.
11937	 */
11938	lun->flags &= ~CTL_LUN_RESERVED;
11939
11940	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11941#ifdef CTL_WITH_CA
11942		ctl_clear_mask(lun->have_ca, i);
11943#endif
11944		lun->pending_ua[i] |= ua_type;
11945	}
11946	mtx_unlock(&lun->lun_lock);
11947
11948	return (0);
11949}
11950
11951static void
11952ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11953    int other_sc)
11954{
11955	union ctl_io *xio;
11956
11957	mtx_assert(&lun->lun_lock, MA_OWNED);
11958
11959	/*
11960	 * Run through the OOA queue and attempt to find the given I/O.
11961	 * The target port, initiator ID, tag type and tag number have to
11962	 * match the values that we got from the initiator.  If we have an
11963	 * untagged command to abort, simply abort the first untagged command
11964	 * we come to.  We only allow one untagged command at a time of course.
11965	 */
11966	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11967	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11968
11969		if ((targ_port == UINT32_MAX ||
11970		     targ_port == xio->io_hdr.nexus.targ_port) &&
11971		    (init_id == UINT32_MAX ||
11972		     init_id == xio->io_hdr.nexus.initid.id)) {
11973			if (targ_port != xio->io_hdr.nexus.targ_port ||
11974			    init_id != xio->io_hdr.nexus.initid.id)
11975				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11976			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11977			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11978				union ctl_ha_msg msg_info;
11979
11980				msg_info.hdr.nexus = xio->io_hdr.nexus;
11981				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11982				msg_info.task.tag_num = xio->scsiio.tag_num;
11983				msg_info.task.tag_type = xio->scsiio.tag_type;
11984				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11985				msg_info.hdr.original_sc = NULL;
11986				msg_info.hdr.serializing_sc = NULL;
11987				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11988				    (void *)&msg_info, sizeof(msg_info), 0);
11989			}
11990		}
11991	}
11992}
11993
11994static int
11995ctl_abort_task_set(union ctl_io *io)
11996{
11997	struct ctl_softc *softc = control_softc;
11998	struct ctl_lun *lun;
11999	uint32_t targ_lun;
12000
12001	/*
12002	 * Look up the LUN.
12003	 */
12004	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12005	mtx_lock(&softc->ctl_lock);
12006	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
12007		lun = softc->ctl_luns[targ_lun];
12008	else {
12009		mtx_unlock(&softc->ctl_lock);
12010		return (1);
12011	}
12012
12013	mtx_lock(&lun->lun_lock);
12014	mtx_unlock(&softc->ctl_lock);
12015	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12016		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12017		    io->io_hdr.nexus.initid.id,
12018		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12019	} else { /* CTL_TASK_CLEAR_TASK_SET */
12020		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12021		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12022	}
12023	mtx_unlock(&lun->lun_lock);
12024	return (0);
12025}
12026
12027static int
12028ctl_i_t_nexus_reset(union ctl_io *io)
12029{
12030	struct ctl_softc *softc = control_softc;
12031	struct ctl_lun *lun;
12032	uint32_t initindex, residx;
12033
12034	initindex = ctl_get_initindex(&io->io_hdr.nexus);
12035	residx = ctl_get_resindex(&io->io_hdr.nexus);
12036	mtx_lock(&softc->ctl_lock);
12037	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12038		mtx_lock(&lun->lun_lock);
12039		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12040		    io->io_hdr.nexus.initid.id,
12041		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12042#ifdef CTL_WITH_CA
12043		ctl_clear_mask(lun->have_ca, initindex);
12044#endif
12045		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
12046			lun->flags &= ~CTL_LUN_RESERVED;
12047		lun->pending_ua[initindex] |= CTL_UA_I_T_NEXUS_LOSS;
12048		mtx_unlock(&lun->lun_lock);
12049	}
12050	mtx_unlock(&softc->ctl_lock);
12051	return (0);
12052}
12053
12054static int
12055ctl_abort_task(union ctl_io *io)
12056{
12057	union ctl_io *xio;
12058	struct ctl_lun *lun;
12059	struct ctl_softc *ctl_softc;
12060#if 0
12061	struct sbuf sb;
12062	char printbuf[128];
12063#endif
12064	int found;
12065	uint32_t targ_lun;
12066
12067	ctl_softc = control_softc;
12068	found = 0;
12069
12070	/*
12071	 * Look up the LUN.
12072	 */
12073	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12074	mtx_lock(&ctl_softc->ctl_lock);
12075	if ((targ_lun < CTL_MAX_LUNS)
12076	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12077		lun = ctl_softc->ctl_luns[targ_lun];
12078	else {
12079		mtx_unlock(&ctl_softc->ctl_lock);
12080		return (1);
12081	}
12082
12083#if 0
12084	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12085	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12086#endif
12087
12088	mtx_lock(&lun->lun_lock);
12089	mtx_unlock(&ctl_softc->ctl_lock);
12090	/*
12091	 * Run through the OOA queue and attempt to find the given I/O.
12092	 * The target port, initiator ID, tag type and tag number have to
12093	 * match the values that we got from the initiator.  If we have an
12094	 * untagged command to abort, simply abort the first untagged command
12095	 * we come to.  We only allow one untagged command at a time of course.
12096	 */
12097#if 0
12098	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
12099#endif
12100	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12101	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12102#if 0
12103		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12104
12105		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12106			    lun->lun, xio->scsiio.tag_num,
12107			    xio->scsiio.tag_type,
12108			    (xio->io_hdr.blocked_links.tqe_prev
12109			    == NULL) ? "" : " BLOCKED",
12110			    (xio->io_hdr.flags &
12111			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12112			    (xio->io_hdr.flags &
12113			    CTL_FLAG_ABORT) ? " ABORT" : "",
12114			    (xio->io_hdr.flags &
12115			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12116		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12117		sbuf_finish(&sb);
12118		printf("%s\n", sbuf_data(&sb));
12119#endif
12120
12121		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
12122		 && (xio->io_hdr.nexus.initid.id ==
12123		     io->io_hdr.nexus.initid.id)) {
12124			/*
12125			 * If the abort says that the task is untagged, the
12126			 * task in the queue must be untagged.  Otherwise,
12127			 * we just check to see whether the tag numbers
12128			 * match.  This is because the QLogic firmware
12129			 * doesn't pass back the tag type in an abort
12130			 * request.
12131			 */
12132#if 0
12133			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12134			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12135			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
12136#endif
12137			/*
12138			 * XXX KDM we've got problems with FC, because it
12139			 * doesn't send down a tag type with aborts.  So we
12140			 * can only really go by the tag number...
12141			 * This may cause problems with parallel SCSI.
12142			 * Need to figure that out!!
12143			 */
12144			if (xio->scsiio.tag_num == io->taskio.tag_num) {
12145				xio->io_hdr.flags |= CTL_FLAG_ABORT;
12146				found = 1;
12147				if ((io->io_hdr.flags &
12148				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
12149				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12150					union ctl_ha_msg msg_info;
12151
12152					io->io_hdr.flags |=
12153					                CTL_FLAG_SENT_2OTHER_SC;
12154					msg_info.hdr.nexus = io->io_hdr.nexus;
12155					msg_info.task.task_action =
12156						CTL_TASK_ABORT_TASK;
12157					msg_info.task.tag_num =
12158						io->taskio.tag_num;
12159					msg_info.task.tag_type =
12160						io->taskio.tag_type;
12161					msg_info.hdr.msg_type =
12162						CTL_MSG_MANAGE_TASKS;
12163					msg_info.hdr.original_sc = NULL;
12164					msg_info.hdr.serializing_sc = NULL;
12165#if 0
12166					printf("Sent Abort to other side\n");
12167#endif
12168					if (CTL_HA_STATUS_SUCCESS !=
12169					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12170		    				(void *)&msg_info,
12171						sizeof(msg_info), 0)) {
12172					}
12173				}
12174#if 0
12175				printf("ctl_abort_task: found I/O to abort\n");
12176#endif
12177				break;
12178			}
12179		}
12180	}
12181	mtx_unlock(&lun->lun_lock);
12182
12183	if (found == 0) {
12184		/*
12185		 * This isn't really an error.  It's entirely possible for
12186		 * the abort and command completion to cross on the wire.
12187		 * This is more of an informative/diagnostic error.
12188		 */
12189#if 0
12190		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12191		       "%d:%d:%d:%d tag %d type %d\n",
12192		       io->io_hdr.nexus.initid.id,
12193		       io->io_hdr.nexus.targ_port,
12194		       io->io_hdr.nexus.targ_target.id,
12195		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12196		       io->taskio.tag_type);
12197#endif
12198	}
12199	return (0);
12200}
12201
12202static void
12203ctl_run_task(union ctl_io *io)
12204{
12205	struct ctl_softc *ctl_softc = control_softc;
12206	int retval = 1;
12207	const char *task_desc;
12208
12209	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12210
12211	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12212	    ("ctl_run_task: Unextected io_type %d\n",
12213	     io->io_hdr.io_type));
12214
12215	task_desc = ctl_scsi_task_string(&io->taskio);
12216	if (task_desc != NULL) {
12217#ifdef NEEDTOPORT
12218		csevent_log(CSC_CTL | CSC_SHELF_SW |
12219			    CTL_TASK_REPORT,
12220			    csevent_LogType_Trace,
12221			    csevent_Severity_Information,
12222			    csevent_AlertLevel_Green,
12223			    csevent_FRU_Firmware,
12224			    csevent_FRU_Unknown,
12225			    "CTL: received task: %s",task_desc);
12226#endif
12227	} else {
12228#ifdef NEEDTOPORT
12229		csevent_log(CSC_CTL | CSC_SHELF_SW |
12230			    CTL_TASK_REPORT,
12231			    csevent_LogType_Trace,
12232			    csevent_Severity_Information,
12233			    csevent_AlertLevel_Green,
12234			    csevent_FRU_Firmware,
12235			    csevent_FRU_Unknown,
12236			    "CTL: received unknown task "
12237			    "type: %d (%#x)",
12238			    io->taskio.task_action,
12239			    io->taskio.task_action);
12240#endif
12241	}
12242	switch (io->taskio.task_action) {
12243	case CTL_TASK_ABORT_TASK:
12244		retval = ctl_abort_task(io);
12245		break;
12246	case CTL_TASK_ABORT_TASK_SET:
12247	case CTL_TASK_CLEAR_TASK_SET:
12248		retval = ctl_abort_task_set(io);
12249		break;
12250	case CTL_TASK_CLEAR_ACA:
12251		break;
12252	case CTL_TASK_I_T_NEXUS_RESET:
12253		retval = ctl_i_t_nexus_reset(io);
12254		break;
12255	case CTL_TASK_LUN_RESET: {
12256		struct ctl_lun *lun;
12257		uint32_t targ_lun;
12258
12259		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12260		mtx_lock(&ctl_softc->ctl_lock);
12261		if ((targ_lun < CTL_MAX_LUNS)
12262		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12263			lun = ctl_softc->ctl_luns[targ_lun];
12264		else {
12265			mtx_unlock(&ctl_softc->ctl_lock);
12266			retval = 1;
12267			break;
12268		}
12269
12270		if (!(io->io_hdr.flags &
12271		    CTL_FLAG_FROM_OTHER_SC)) {
12272			union ctl_ha_msg msg_info;
12273
12274			io->io_hdr.flags |=
12275				CTL_FLAG_SENT_2OTHER_SC;
12276			msg_info.hdr.msg_type =
12277				CTL_MSG_MANAGE_TASKS;
12278			msg_info.hdr.nexus = io->io_hdr.nexus;
12279			msg_info.task.task_action =
12280				CTL_TASK_LUN_RESET;
12281			msg_info.hdr.original_sc = NULL;
12282			msg_info.hdr.serializing_sc = NULL;
12283			if (CTL_HA_STATUS_SUCCESS !=
12284			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12285			    (void *)&msg_info,
12286			    sizeof(msg_info), 0)) {
12287			}
12288		}
12289
12290		retval = ctl_lun_reset(lun, io,
12291				       CTL_UA_LUN_RESET);
12292		mtx_unlock(&ctl_softc->ctl_lock);
12293		break;
12294	}
12295	case CTL_TASK_TARGET_RESET:
12296		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
12297		break;
12298	case CTL_TASK_BUS_RESET:
12299		retval = ctl_bus_reset(ctl_softc, io);
12300		break;
12301	case CTL_TASK_PORT_LOGIN:
12302		break;
12303	case CTL_TASK_PORT_LOGOUT:
12304		break;
12305	default:
12306		printf("ctl_run_task: got unknown task management event %d\n",
12307		       io->taskio.task_action);
12308		break;
12309	}
12310	if (retval == 0)
12311		io->io_hdr.status = CTL_SUCCESS;
12312	else
12313		io->io_hdr.status = CTL_ERROR;
12314	ctl_done(io);
12315}
12316
12317/*
12318 * For HA operation.  Handle commands that come in from the other
12319 * controller.
12320 */
12321static void
12322ctl_handle_isc(union ctl_io *io)
12323{
12324	int free_io;
12325	struct ctl_lun *lun;
12326	struct ctl_softc *ctl_softc;
12327	uint32_t targ_lun;
12328
12329	ctl_softc = control_softc;
12330
12331	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12332	lun = ctl_softc->ctl_luns[targ_lun];
12333
12334	switch (io->io_hdr.msg_type) {
12335	case CTL_MSG_SERIALIZE:
12336		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12337		break;
12338	case CTL_MSG_R2R: {
12339		const struct ctl_cmd_entry *entry;
12340
12341		/*
12342		 * This is only used in SER_ONLY mode.
12343		 */
12344		free_io = 0;
12345		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12346		mtx_lock(&lun->lun_lock);
12347		if (ctl_scsiio_lun_check(ctl_softc, lun,
12348		    entry, (struct ctl_scsiio *)io) != 0) {
12349			mtx_unlock(&lun->lun_lock);
12350			ctl_done(io);
12351			break;
12352		}
12353		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12354		mtx_unlock(&lun->lun_lock);
12355		ctl_enqueue_rtr(io);
12356		break;
12357	}
12358	case CTL_MSG_FINISH_IO:
12359		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
12360			free_io = 0;
12361			ctl_done(io);
12362		} else {
12363			free_io = 1;
12364			mtx_lock(&lun->lun_lock);
12365			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12366				     ooa_links);
12367			ctl_check_blocked(lun);
12368			mtx_unlock(&lun->lun_lock);
12369		}
12370		break;
12371	case CTL_MSG_PERS_ACTION:
12372		ctl_hndl_per_res_out_on_other_sc(
12373			(union ctl_ha_msg *)&io->presio.pr_msg);
12374		free_io = 1;
12375		break;
12376	case CTL_MSG_BAD_JUJU:
12377		free_io = 0;
12378		ctl_done(io);
12379		break;
12380	case CTL_MSG_DATAMOVE:
12381		/* Only used in XFER mode */
12382		free_io = 0;
12383		ctl_datamove_remote(io);
12384		break;
12385	case CTL_MSG_DATAMOVE_DONE:
12386		/* Only used in XFER mode */
12387		free_io = 0;
12388		io->scsiio.be_move_done(io);
12389		break;
12390	default:
12391		free_io = 1;
12392		printf("%s: Invalid message type %d\n",
12393		       __func__, io->io_hdr.msg_type);
12394		break;
12395	}
12396	if (free_io)
12397		ctl_free_io(io);
12398
12399}
12400
12401
12402/*
12403 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12404 * there is no match.
12405 */
12406static ctl_lun_error_pattern
12407ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12408{
12409	const struct ctl_cmd_entry *entry;
12410	ctl_lun_error_pattern filtered_pattern, pattern;
12411
12412	pattern = desc->error_pattern;
12413
12414	/*
12415	 * XXX KDM we need more data passed into this function to match a
12416	 * custom pattern, and we actually need to implement custom pattern
12417	 * matching.
12418	 */
12419	if (pattern & CTL_LUN_PAT_CMD)
12420		return (CTL_LUN_PAT_CMD);
12421
12422	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12423		return (CTL_LUN_PAT_ANY);
12424
12425	entry = ctl_get_cmd_entry(ctsio, NULL);
12426
12427	filtered_pattern = entry->pattern & pattern;
12428
12429	/*
12430	 * If the user requested specific flags in the pattern (e.g.
12431	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12432	 * flags.
12433	 *
12434	 * If the user did not specify any flags, it doesn't matter whether
12435	 * or not the command supports the flags.
12436	 */
12437	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12438	     (pattern & ~CTL_LUN_PAT_MASK))
12439		return (CTL_LUN_PAT_NONE);
12440
12441	/*
12442	 * If the user asked for a range check, see if the requested LBA
12443	 * range overlaps with this command's LBA range.
12444	 */
12445	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12446		uint64_t lba1;
12447		uint64_t len1;
12448		ctl_action action;
12449		int retval;
12450
12451		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12452		if (retval != 0)
12453			return (CTL_LUN_PAT_NONE);
12454
12455		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12456					      desc->lba_range.len);
12457		/*
12458		 * A "pass" means that the LBA ranges don't overlap, so
12459		 * this doesn't match the user's range criteria.
12460		 */
12461		if (action == CTL_ACTION_PASS)
12462			return (CTL_LUN_PAT_NONE);
12463	}
12464
12465	return (filtered_pattern);
12466}
12467
12468static void
12469ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12470{
12471	struct ctl_error_desc *desc, *desc2;
12472
12473	mtx_assert(&lun->lun_lock, MA_OWNED);
12474
12475	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12476		ctl_lun_error_pattern pattern;
12477		/*
12478		 * Check to see whether this particular command matches
12479		 * the pattern in the descriptor.
12480		 */
12481		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12482		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12483			continue;
12484
12485		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12486		case CTL_LUN_INJ_ABORTED:
12487			ctl_set_aborted(&io->scsiio);
12488			break;
12489		case CTL_LUN_INJ_MEDIUM_ERR:
12490			ctl_set_medium_error(&io->scsiio);
12491			break;
12492		case CTL_LUN_INJ_UA:
12493			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12494			 * OCCURRED */
12495			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12496			break;
12497		case CTL_LUN_INJ_CUSTOM:
12498			/*
12499			 * We're assuming the user knows what he is doing.
12500			 * Just copy the sense information without doing
12501			 * checks.
12502			 */
12503			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12504			      ctl_min(sizeof(desc->custom_sense),
12505				      sizeof(io->scsiio.sense_data)));
12506			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12507			io->scsiio.sense_len = SSD_FULL_SIZE;
12508			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12509			break;
12510		case CTL_LUN_INJ_NONE:
12511		default:
12512			/*
12513			 * If this is an error injection type we don't know
12514			 * about, clear the continuous flag (if it is set)
12515			 * so it will get deleted below.
12516			 */
12517			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12518			break;
12519		}
12520		/*
12521		 * By default, each error injection action is a one-shot
12522		 */
12523		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12524			continue;
12525
12526		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12527
12528		free(desc, M_CTL);
12529	}
12530}
12531
12532#ifdef CTL_IO_DELAY
12533static void
12534ctl_datamove_timer_wakeup(void *arg)
12535{
12536	union ctl_io *io;
12537
12538	io = (union ctl_io *)arg;
12539
12540	ctl_datamove(io);
12541}
12542#endif /* CTL_IO_DELAY */
12543
12544void
12545ctl_datamove(union ctl_io *io)
12546{
12547	void (*fe_datamove)(union ctl_io *io);
12548
12549	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12550
12551	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12552
12553#ifdef CTL_TIME_IO
12554	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12555		char str[256];
12556		char path_str[64];
12557		struct sbuf sb;
12558
12559		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12560		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12561
12562		sbuf_cat(&sb, path_str);
12563		switch (io->io_hdr.io_type) {
12564		case CTL_IO_SCSI:
12565			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12566			sbuf_printf(&sb, "\n");
12567			sbuf_cat(&sb, path_str);
12568			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12569				    io->scsiio.tag_num, io->scsiio.tag_type);
12570			break;
12571		case CTL_IO_TASK:
12572			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12573				    "Tag Type: %d\n", io->taskio.task_action,
12574				    io->taskio.tag_num, io->taskio.tag_type);
12575			break;
12576		default:
12577			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12578			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12579			break;
12580		}
12581		sbuf_cat(&sb, path_str);
12582		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12583			    (intmax_t)time_uptime - io->io_hdr.start_time);
12584		sbuf_finish(&sb);
12585		printf("%s", sbuf_data(&sb));
12586	}
12587#endif /* CTL_TIME_IO */
12588
12589#ifdef CTL_IO_DELAY
12590	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12591		struct ctl_lun *lun;
12592
12593		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12594
12595		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12596	} else {
12597		struct ctl_lun *lun;
12598
12599		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12600		if ((lun != NULL)
12601		 && (lun->delay_info.datamove_delay > 0)) {
12602			struct callout *callout;
12603
12604			callout = (struct callout *)&io->io_hdr.timer_bytes;
12605			callout_init(callout, /*mpsafe*/ 1);
12606			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12607			callout_reset(callout,
12608				      lun->delay_info.datamove_delay * hz,
12609				      ctl_datamove_timer_wakeup, io);
12610			if (lun->delay_info.datamove_type ==
12611			    CTL_DELAY_TYPE_ONESHOT)
12612				lun->delay_info.datamove_delay = 0;
12613			return;
12614		}
12615	}
12616#endif
12617
12618	/*
12619	 * This command has been aborted.  Set the port status, so we fail
12620	 * the data move.
12621	 */
12622	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12623		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12624		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12625		       io->io_hdr.nexus.targ_port,
12626		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12627		       io->io_hdr.nexus.targ_lun);
12628		io->io_hdr.port_status = 31337;
12629		/*
12630		 * Note that the backend, in this case, will get the
12631		 * callback in its context.  In other cases it may get
12632		 * called in the frontend's interrupt thread context.
12633		 */
12634		io->scsiio.be_move_done(io);
12635		return;
12636	}
12637
12638	/* Don't confuse frontend with zero length data move. */
12639	if (io->scsiio.kern_data_len == 0) {
12640		io->scsiio.be_move_done(io);
12641		return;
12642	}
12643
12644	/*
12645	 * If we're in XFER mode and this I/O is from the other shelf
12646	 * controller, we need to send the DMA to the other side to
12647	 * actually transfer the data to/from the host.  In serialize only
12648	 * mode the transfer happens below CTL and ctl_datamove() is only
12649	 * called on the machine that originally received the I/O.
12650	 */
12651	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12652	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12653		union ctl_ha_msg msg;
12654		uint32_t sg_entries_sent;
12655		int do_sg_copy;
12656		int i;
12657
12658		memset(&msg, 0, sizeof(msg));
12659		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12660		msg.hdr.original_sc = io->io_hdr.original_sc;
12661		msg.hdr.serializing_sc = io;
12662		msg.hdr.nexus = io->io_hdr.nexus;
12663		msg.dt.flags = io->io_hdr.flags;
12664		/*
12665		 * We convert everything into a S/G list here.  We can't
12666		 * pass by reference, only by value between controllers.
12667		 * So we can't pass a pointer to the S/G list, only as many
12668		 * S/G entries as we can fit in here.  If it's possible for
12669		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12670		 * then we need to break this up into multiple transfers.
12671		 */
12672		if (io->scsiio.kern_sg_entries == 0) {
12673			msg.dt.kern_sg_entries = 1;
12674			/*
12675			 * If this is in cached memory, flush the cache
12676			 * before we send the DMA request to the other
12677			 * controller.  We want to do this in either the
12678			 * read or the write case.  The read case is
12679			 * straightforward.  In the write case, we want to
12680			 * make sure nothing is in the local cache that
12681			 * could overwrite the DMAed data.
12682			 */
12683			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12684				/*
12685				 * XXX KDM use bus_dmamap_sync() here.
12686				 */
12687			}
12688
12689			/*
12690			 * Convert to a physical address if this is a
12691			 * virtual address.
12692			 */
12693			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12694				msg.dt.sg_list[0].addr =
12695					io->scsiio.kern_data_ptr;
12696			} else {
12697				/*
12698				 * XXX KDM use busdma here!
12699				 */
12700#if 0
12701				msg.dt.sg_list[0].addr = (void *)
12702					vtophys(io->scsiio.kern_data_ptr);
12703#endif
12704			}
12705
12706			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12707			do_sg_copy = 0;
12708		} else {
12709			struct ctl_sg_entry *sgl;
12710
12711			do_sg_copy = 1;
12712			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12713			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12714			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12715				/*
12716				 * XXX KDM use bus_dmamap_sync() here.
12717				 */
12718			}
12719		}
12720
12721		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12722		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12723		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12724		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12725		msg.dt.sg_sequence = 0;
12726
12727		/*
12728		 * Loop until we've sent all of the S/G entries.  On the
12729		 * other end, we'll recompose these S/G entries into one
12730		 * contiguous list before passing it to the
12731		 */
12732		for (sg_entries_sent = 0; sg_entries_sent <
12733		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12734			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
12735				sizeof(msg.dt.sg_list[0])),
12736				msg.dt.kern_sg_entries - sg_entries_sent);
12737
12738			if (do_sg_copy != 0) {
12739				struct ctl_sg_entry *sgl;
12740				int j;
12741
12742				sgl = (struct ctl_sg_entry *)
12743					io->scsiio.kern_data_ptr;
12744				/*
12745				 * If this is in cached memory, flush the cache
12746				 * before we send the DMA request to the other
12747				 * controller.  We want to do this in either
12748				 * the * read or the write case.  The read
12749				 * case is straightforward.  In the write
12750				 * case, we want to make sure nothing is
12751				 * in the local cache that could overwrite
12752				 * the DMAed data.
12753				 */
12754
12755				for (i = sg_entries_sent, j = 0;
12756				     i < msg.dt.cur_sg_entries; i++, j++) {
12757					if ((io->io_hdr.flags &
12758					     CTL_FLAG_NO_DATASYNC) == 0) {
12759						/*
12760						 * XXX KDM use bus_dmamap_sync()
12761						 */
12762					}
12763					if ((io->io_hdr.flags &
12764					     CTL_FLAG_BUS_ADDR) == 0) {
12765						/*
12766						 * XXX KDM use busdma.
12767						 */
12768#if 0
12769						msg.dt.sg_list[j].addr =(void *)
12770						       vtophys(sgl[i].addr);
12771#endif
12772					} else {
12773						msg.dt.sg_list[j].addr =
12774							sgl[i].addr;
12775					}
12776					msg.dt.sg_list[j].len = sgl[i].len;
12777				}
12778			}
12779
12780			sg_entries_sent += msg.dt.cur_sg_entries;
12781			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12782				msg.dt.sg_last = 1;
12783			else
12784				msg.dt.sg_last = 0;
12785
12786			/*
12787			 * XXX KDM drop and reacquire the lock here?
12788			 */
12789			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12790			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12791				/*
12792				 * XXX do something here.
12793				 */
12794			}
12795
12796			msg.dt.sent_sg_entries = sg_entries_sent;
12797		}
12798		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12799		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12800			ctl_failover_io(io, /*have_lock*/ 0);
12801
12802	} else {
12803
12804		/*
12805		 * Lookup the fe_datamove() function for this particular
12806		 * front end.
12807		 */
12808		fe_datamove =
12809		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12810
12811		fe_datamove(io);
12812	}
12813}
12814
12815static void
12816ctl_send_datamove_done(union ctl_io *io, int have_lock)
12817{
12818	union ctl_ha_msg msg;
12819	int isc_status;
12820
12821	memset(&msg, 0, sizeof(msg));
12822
12823	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12824	msg.hdr.original_sc = io;
12825	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12826	msg.hdr.nexus = io->io_hdr.nexus;
12827	msg.hdr.status = io->io_hdr.status;
12828	msg.scsi.tag_num = io->scsiio.tag_num;
12829	msg.scsi.tag_type = io->scsiio.tag_type;
12830	msg.scsi.scsi_status = io->scsiio.scsi_status;
12831	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12832	       sizeof(io->scsiio.sense_data));
12833	msg.scsi.sense_len = io->scsiio.sense_len;
12834	msg.scsi.sense_residual = io->scsiio.sense_residual;
12835	msg.scsi.fetd_status = io->io_hdr.port_status;
12836	msg.scsi.residual = io->scsiio.residual;
12837	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12838
12839	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12840		ctl_failover_io(io, /*have_lock*/ have_lock);
12841		return;
12842	}
12843
12844	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12845	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12846		/* XXX do something if this fails */
12847	}
12848
12849}
12850
12851/*
12852 * The DMA to the remote side is done, now we need to tell the other side
12853 * we're done so it can continue with its data movement.
12854 */
12855static void
12856ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12857{
12858	union ctl_io *io;
12859
12860	io = rq->context;
12861
12862	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12863		printf("%s: ISC DMA write failed with error %d", __func__,
12864		       rq->ret);
12865		ctl_set_internal_failure(&io->scsiio,
12866					 /*sks_valid*/ 1,
12867					 /*retry_count*/ rq->ret);
12868	}
12869
12870	ctl_dt_req_free(rq);
12871
12872	/*
12873	 * In this case, we had to malloc the memory locally.  Free it.
12874	 */
12875	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12876		int i;
12877		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12878			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12879	}
12880	/*
12881	 * The data is in local and remote memory, so now we need to send
12882	 * status (good or back) back to the other side.
12883	 */
12884	ctl_send_datamove_done(io, /*have_lock*/ 0);
12885}
12886
12887/*
12888 * We've moved the data from the host/controller into local memory.  Now we
12889 * need to push it over to the remote controller's memory.
12890 */
12891static int
12892ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12893{
12894	int retval;
12895
12896	retval = 0;
12897
12898	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12899					  ctl_datamove_remote_write_cb);
12900
12901	return (retval);
12902}
12903
12904static void
12905ctl_datamove_remote_write(union ctl_io *io)
12906{
12907	int retval;
12908	void (*fe_datamove)(union ctl_io *io);
12909
12910	/*
12911	 * - Get the data from the host/HBA into local memory.
12912	 * - DMA memory from the local controller to the remote controller.
12913	 * - Send status back to the remote controller.
12914	 */
12915
12916	retval = ctl_datamove_remote_sgl_setup(io);
12917	if (retval != 0)
12918		return;
12919
12920	/* Switch the pointer over so the FETD knows what to do */
12921	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12922
12923	/*
12924	 * Use a custom move done callback, since we need to send completion
12925	 * back to the other controller, not to the backend on this side.
12926	 */
12927	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12928
12929	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12930
12931	fe_datamove(io);
12932
12933	return;
12934
12935}
12936
12937static int
12938ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12939{
12940#if 0
12941	char str[256];
12942	char path_str[64];
12943	struct sbuf sb;
12944#endif
12945
12946	/*
12947	 * In this case, we had to malloc the memory locally.  Free it.
12948	 */
12949	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12950		int i;
12951		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12952			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12953	}
12954
12955#if 0
12956	scsi_path_string(io, path_str, sizeof(path_str));
12957	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12958	sbuf_cat(&sb, path_str);
12959	scsi_command_string(&io->scsiio, NULL, &sb);
12960	sbuf_printf(&sb, "\n");
12961	sbuf_cat(&sb, path_str);
12962	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12963		    io->scsiio.tag_num, io->scsiio.tag_type);
12964	sbuf_cat(&sb, path_str);
12965	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12966		    io->io_hdr.flags, io->io_hdr.status);
12967	sbuf_finish(&sb);
12968	printk("%s", sbuf_data(&sb));
12969#endif
12970
12971
12972	/*
12973	 * The read is done, now we need to send status (good or bad) back
12974	 * to the other side.
12975	 */
12976	ctl_send_datamove_done(io, /*have_lock*/ 0);
12977
12978	return (0);
12979}
12980
12981static void
12982ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12983{
12984	union ctl_io *io;
12985	void (*fe_datamove)(union ctl_io *io);
12986
12987	io = rq->context;
12988
12989	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12990		printf("%s: ISC DMA read failed with error %d", __func__,
12991		       rq->ret);
12992		ctl_set_internal_failure(&io->scsiio,
12993					 /*sks_valid*/ 1,
12994					 /*retry_count*/ rq->ret);
12995	}
12996
12997	ctl_dt_req_free(rq);
12998
12999	/* Switch the pointer over so the FETD knows what to do */
13000	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13001
13002	/*
13003	 * Use a custom move done callback, since we need to send completion
13004	 * back to the other controller, not to the backend on this side.
13005	 */
13006	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
13007
13008	/* XXX KDM add checks like the ones in ctl_datamove? */
13009
13010	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13011
13012	fe_datamove(io);
13013}
13014
13015static int
13016ctl_datamove_remote_sgl_setup(union ctl_io *io)
13017{
13018	struct ctl_sg_entry *local_sglist, *remote_sglist;
13019	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
13020	struct ctl_softc *softc;
13021	int retval;
13022	int i;
13023
13024	retval = 0;
13025	softc = control_softc;
13026
13027	local_sglist = io->io_hdr.local_sglist;
13028	local_dma_sglist = io->io_hdr.local_dma_sglist;
13029	remote_sglist = io->io_hdr.remote_sglist;
13030	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13031
13032	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
13033		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
13034			local_sglist[i].len = remote_sglist[i].len;
13035
13036			/*
13037			 * XXX Detect the situation where the RS-level I/O
13038			 * redirector on the other side has already read the
13039			 * data off of the AOR RS on this side, and
13040			 * transferred it to remote (mirror) memory on the
13041			 * other side.  Since we already have the data in
13042			 * memory here, we just need to use it.
13043			 *
13044			 * XXX KDM this can probably be removed once we
13045			 * get the cache device code in and take the
13046			 * current AOR implementation out.
13047			 */
13048#ifdef NEEDTOPORT
13049			if ((remote_sglist[i].addr >=
13050			     (void *)vtophys(softc->mirr->addr))
13051			 && (remote_sglist[i].addr <
13052			     ((void *)vtophys(softc->mirr->addr) +
13053			     CacheMirrorOffset))) {
13054				local_sglist[i].addr = remote_sglist[i].addr -
13055					CacheMirrorOffset;
13056				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13057				     CTL_FLAG_DATA_IN)
13058					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
13059			} else {
13060				local_sglist[i].addr = remote_sglist[i].addr +
13061					CacheMirrorOffset;
13062			}
13063#endif
13064#if 0
13065			printf("%s: local %p, remote %p, len %d\n",
13066			       __func__, local_sglist[i].addr,
13067			       remote_sglist[i].addr, local_sglist[i].len);
13068#endif
13069		}
13070	} else {
13071		uint32_t len_to_go;
13072
13073		/*
13074		 * In this case, we don't have automatically allocated
13075		 * memory for this I/O on this controller.  This typically
13076		 * happens with internal CTL I/O -- e.g. inquiry, mode
13077		 * sense, etc.  Anything coming from RAIDCore will have
13078		 * a mirror area available.
13079		 */
13080		len_to_go = io->scsiio.kern_data_len;
13081
13082		/*
13083		 * Clear the no datasync flag, we have to use malloced
13084		 * buffers.
13085		 */
13086		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
13087
13088		/*
13089		 * The difficult thing here is that the size of the various
13090		 * S/G segments may be different than the size from the
13091		 * remote controller.  That'll make it harder when DMAing
13092		 * the data back to the other side.
13093		 */
13094		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
13095		     sizeof(io->io_hdr.remote_sglist[0])) &&
13096		     (len_to_go > 0); i++) {
13097			local_sglist[i].len = ctl_min(len_to_go, 131072);
13098			CTL_SIZE_8B(local_dma_sglist[i].len,
13099				    local_sglist[i].len);
13100			local_sglist[i].addr =
13101				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
13102
13103			local_dma_sglist[i].addr = local_sglist[i].addr;
13104
13105			if (local_sglist[i].addr == NULL) {
13106				int j;
13107
13108				printf("malloc failed for %zd bytes!",
13109				       local_dma_sglist[i].len);
13110				for (j = 0; j < i; j++) {
13111					free(local_sglist[j].addr, M_CTL);
13112				}
13113				ctl_set_internal_failure(&io->scsiio,
13114							 /*sks_valid*/ 1,
13115							 /*retry_count*/ 4857);
13116				retval = 1;
13117				goto bailout_error;
13118
13119			}
13120			/* XXX KDM do we need a sync here? */
13121
13122			len_to_go -= local_sglist[i].len;
13123		}
13124		/*
13125		 * Reset the number of S/G entries accordingly.  The
13126		 * original number of S/G entries is available in
13127		 * rem_sg_entries.
13128		 */
13129		io->scsiio.kern_sg_entries = i;
13130
13131#if 0
13132		printf("%s: kern_sg_entries = %d\n", __func__,
13133		       io->scsiio.kern_sg_entries);
13134		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13135			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
13136			       local_sglist[i].addr, local_sglist[i].len,
13137			       local_dma_sglist[i].len);
13138#endif
13139	}
13140
13141
13142	return (retval);
13143
13144bailout_error:
13145
13146	ctl_send_datamove_done(io, /*have_lock*/ 0);
13147
13148	return (retval);
13149}
13150
13151static int
13152ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
13153			 ctl_ha_dt_cb callback)
13154{
13155	struct ctl_ha_dt_req *rq;
13156	struct ctl_sg_entry *remote_sglist, *local_sglist;
13157	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
13158	uint32_t local_used, remote_used, total_used;
13159	int retval;
13160	int i, j;
13161
13162	retval = 0;
13163
13164	rq = ctl_dt_req_alloc();
13165
13166	/*
13167	 * If we failed to allocate the request, and if the DMA didn't fail
13168	 * anyway, set busy status.  This is just a resource allocation
13169	 * failure.
13170	 */
13171	if ((rq == NULL)
13172	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
13173		ctl_set_busy(&io->scsiio);
13174
13175	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
13176
13177		if (rq != NULL)
13178			ctl_dt_req_free(rq);
13179
13180		/*
13181		 * The data move failed.  We need to return status back
13182		 * to the other controller.  No point in trying to DMA
13183		 * data to the remote controller.
13184		 */
13185
13186		ctl_send_datamove_done(io, /*have_lock*/ 0);
13187
13188		retval = 1;
13189
13190		goto bailout;
13191	}
13192
13193	local_sglist = io->io_hdr.local_sglist;
13194	local_dma_sglist = io->io_hdr.local_dma_sglist;
13195	remote_sglist = io->io_hdr.remote_sglist;
13196	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13197	local_used = 0;
13198	remote_used = 0;
13199	total_used = 0;
13200
13201	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
13202		rq->ret = CTL_HA_STATUS_SUCCESS;
13203		rq->context = io;
13204		callback(rq);
13205		goto bailout;
13206	}
13207
13208	/*
13209	 * Pull/push the data over the wire from/to the other controller.
13210	 * This takes into account the possibility that the local and
13211	 * remote sglists may not be identical in terms of the size of
13212	 * the elements and the number of elements.
13213	 *
13214	 * One fundamental assumption here is that the length allocated for
13215	 * both the local and remote sglists is identical.  Otherwise, we've
13216	 * essentially got a coding error of some sort.
13217	 */
13218	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
13219		int isc_ret;
13220		uint32_t cur_len, dma_length;
13221		uint8_t *tmp_ptr;
13222
13223		rq->id = CTL_HA_DATA_CTL;
13224		rq->command = command;
13225		rq->context = io;
13226
13227		/*
13228		 * Both pointers should be aligned.  But it is possible
13229		 * that the allocation length is not.  They should both
13230		 * also have enough slack left over at the end, though,
13231		 * to round up to the next 8 byte boundary.
13232		 */
13233		cur_len = ctl_min(local_sglist[i].len - local_used,
13234				  remote_sglist[j].len - remote_used);
13235
13236		/*
13237		 * In this case, we have a size issue and need to decrease
13238		 * the size, except in the case where we actually have less
13239		 * than 8 bytes left.  In that case, we need to increase
13240		 * the DMA length to get the last bit.
13241		 */
13242		if ((cur_len & 0x7) != 0) {
13243			if (cur_len > 0x7) {
13244				cur_len = cur_len - (cur_len & 0x7);
13245				dma_length = cur_len;
13246			} else {
13247				CTL_SIZE_8B(dma_length, cur_len);
13248			}
13249
13250		} else
13251			dma_length = cur_len;
13252
13253		/*
13254		 * If we had to allocate memory for this I/O, instead of using
13255		 * the non-cached mirror memory, we'll need to flush the cache
13256		 * before trying to DMA to the other controller.
13257		 *
13258		 * We could end up doing this multiple times for the same
13259		 * segment if we have a larger local segment than remote
13260		 * segment.  That shouldn't be an issue.
13261		 */
13262		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13263			/*
13264			 * XXX KDM use bus_dmamap_sync() here.
13265			 */
13266		}
13267
13268		rq->size = dma_length;
13269
13270		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13271		tmp_ptr += local_used;
13272
13273		/* Use physical addresses when talking to ISC hardware */
13274		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13275			/* XXX KDM use busdma */
13276#if 0
13277			rq->local = vtophys(tmp_ptr);
13278#endif
13279		} else
13280			rq->local = tmp_ptr;
13281
13282		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13283		tmp_ptr += remote_used;
13284		rq->remote = tmp_ptr;
13285
13286		rq->callback = NULL;
13287
13288		local_used += cur_len;
13289		if (local_used >= local_sglist[i].len) {
13290			i++;
13291			local_used = 0;
13292		}
13293
13294		remote_used += cur_len;
13295		if (remote_used >= remote_sglist[j].len) {
13296			j++;
13297			remote_used = 0;
13298		}
13299		total_used += cur_len;
13300
13301		if (total_used >= io->scsiio.kern_data_len)
13302			rq->callback = callback;
13303
13304		if ((rq->size & 0x7) != 0) {
13305			printf("%s: warning: size %d is not on 8b boundary\n",
13306			       __func__, rq->size);
13307		}
13308		if (((uintptr_t)rq->local & 0x7) != 0) {
13309			printf("%s: warning: local %p not on 8b boundary\n",
13310			       __func__, rq->local);
13311		}
13312		if (((uintptr_t)rq->remote & 0x7) != 0) {
13313			printf("%s: warning: remote %p not on 8b boundary\n",
13314			       __func__, rq->local);
13315		}
13316#if 0
13317		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
13318		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13319		       rq->local, rq->remote, rq->size);
13320#endif
13321
13322		isc_ret = ctl_dt_single(rq);
13323		if (isc_ret == CTL_HA_STATUS_WAIT)
13324			continue;
13325
13326		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
13327			rq->ret = CTL_HA_STATUS_SUCCESS;
13328		} else {
13329			rq->ret = isc_ret;
13330		}
13331		callback(rq);
13332		goto bailout;
13333	}
13334
13335bailout:
13336	return (retval);
13337
13338}
13339
13340static void
13341ctl_datamove_remote_read(union ctl_io *io)
13342{
13343	int retval;
13344	int i;
13345
13346	/*
13347	 * This will send an error to the other controller in the case of a
13348	 * failure.
13349	 */
13350	retval = ctl_datamove_remote_sgl_setup(io);
13351	if (retval != 0)
13352		return;
13353
13354	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13355					  ctl_datamove_remote_read_cb);
13356	if ((retval != 0)
13357	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
13358		/*
13359		 * Make sure we free memory if there was an error..  The
13360		 * ctl_datamove_remote_xfer() function will send the
13361		 * datamove done message, or call the callback with an
13362		 * error if there is a problem.
13363		 */
13364		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13365			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13366	}
13367
13368	return;
13369}
13370
13371/*
13372 * Process a datamove request from the other controller.  This is used for
13373 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13374 * first.  Once that is complete, the data gets DMAed into the remote
13375 * controller's memory.  For reads, we DMA from the remote controller's
13376 * memory into our memory first, and then move it out to the FETD.
13377 */
13378static void
13379ctl_datamove_remote(union ctl_io *io)
13380{
13381	struct ctl_softc *softc;
13382
13383	softc = control_softc;
13384
13385	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13386
13387	/*
13388	 * Note that we look for an aborted I/O here, but don't do some of
13389	 * the other checks that ctl_datamove() normally does.
13390	 * We don't need to run the datamove delay code, since that should
13391	 * have been done if need be on the other controller.
13392	 */
13393	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13394		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13395		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13396		       io->io_hdr.nexus.targ_port,
13397		       io->io_hdr.nexus.targ_target.id,
13398		       io->io_hdr.nexus.targ_lun);
13399		io->io_hdr.port_status = 31338;
13400		ctl_send_datamove_done(io, /*have_lock*/ 0);
13401		return;
13402	}
13403
13404	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13405		ctl_datamove_remote_write(io);
13406	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13407		ctl_datamove_remote_read(io);
13408	} else {
13409		union ctl_ha_msg msg;
13410		struct scsi_sense_data *sense;
13411		uint8_t sks[3];
13412		int retry_count;
13413
13414		memset(&msg, 0, sizeof(msg));
13415
13416		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13417		msg.hdr.status = CTL_SCSI_ERROR;
13418		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13419
13420		retry_count = 4243;
13421
13422		sense = &msg.scsi.sense_data;
13423		sks[0] = SSD_SCS_VALID;
13424		sks[1] = (retry_count >> 8) & 0xff;
13425		sks[2] = retry_count & 0xff;
13426
13427		/* "Internal target failure" */
13428		scsi_set_sense_data(sense,
13429				    /*sense_format*/ SSD_TYPE_NONE,
13430				    /*current_error*/ 1,
13431				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13432				    /*asc*/ 0x44,
13433				    /*ascq*/ 0x00,
13434				    /*type*/ SSD_ELEM_SKS,
13435				    /*size*/ sizeof(sks),
13436				    /*data*/ sks,
13437				    SSD_ELEM_NONE);
13438
13439		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13440		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13441			ctl_failover_io(io, /*have_lock*/ 1);
13442			return;
13443		}
13444
13445		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13446		    CTL_HA_STATUS_SUCCESS) {
13447			/* XXX KDM what to do if this fails? */
13448		}
13449		return;
13450	}
13451
13452}
13453
13454static int
13455ctl_process_done(union ctl_io *io)
13456{
13457	struct ctl_lun *lun;
13458	struct ctl_softc *ctl_softc;
13459	void (*fe_done)(union ctl_io *io);
13460	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13461
13462	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13463
13464	fe_done =
13465	    control_softc->ctl_ports[targ_port]->fe_done;
13466
13467#ifdef CTL_TIME_IO
13468	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13469		char str[256];
13470		char path_str[64];
13471		struct sbuf sb;
13472
13473		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13474		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13475
13476		sbuf_cat(&sb, path_str);
13477		switch (io->io_hdr.io_type) {
13478		case CTL_IO_SCSI:
13479			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13480			sbuf_printf(&sb, "\n");
13481			sbuf_cat(&sb, path_str);
13482			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13483				    io->scsiio.tag_num, io->scsiio.tag_type);
13484			break;
13485		case CTL_IO_TASK:
13486			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13487				    "Tag Type: %d\n", io->taskio.task_action,
13488				    io->taskio.tag_num, io->taskio.tag_type);
13489			break;
13490		default:
13491			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13492			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13493			break;
13494		}
13495		sbuf_cat(&sb, path_str);
13496		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13497			    (intmax_t)time_uptime - io->io_hdr.start_time);
13498		sbuf_finish(&sb);
13499		printf("%s", sbuf_data(&sb));
13500	}
13501#endif /* CTL_TIME_IO */
13502
13503	switch (io->io_hdr.io_type) {
13504	case CTL_IO_SCSI:
13505		break;
13506	case CTL_IO_TASK:
13507		if (bootverbose || (ctl_debug & CTL_DEBUG_INFO))
13508			ctl_io_error_print(io, NULL);
13509		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13510			ctl_free_io(io);
13511		else
13512			fe_done(io);
13513		return (CTL_RETVAL_COMPLETE);
13514	default:
13515		panic("ctl_process_done: invalid io type %d\n",
13516		      io->io_hdr.io_type);
13517		break; /* NOTREACHED */
13518	}
13519
13520	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13521	if (lun == NULL) {
13522		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13523				 io->io_hdr.nexus.targ_mapped_lun));
13524		fe_done(io);
13525		goto bailout;
13526	}
13527	ctl_softc = lun->ctl_softc;
13528
13529	mtx_lock(&lun->lun_lock);
13530
13531	/*
13532	 * Check to see if we have any errors to inject here.  We only
13533	 * inject errors for commands that don't already have errors set.
13534	 */
13535	if ((STAILQ_FIRST(&lun->error_list) != NULL)
13536	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
13537		ctl_inject_error(lun, io);
13538
13539	/*
13540	 * XXX KDM how do we treat commands that aren't completed
13541	 * successfully?
13542	 *
13543	 * XXX KDM should we also track I/O latency?
13544	 */
13545	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13546	    io->io_hdr.io_type == CTL_IO_SCSI) {
13547#ifdef CTL_TIME_IO
13548		struct bintime cur_bt;
13549#endif
13550		int type;
13551
13552		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13553		    CTL_FLAG_DATA_IN)
13554			type = CTL_STATS_READ;
13555		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13556		    CTL_FLAG_DATA_OUT)
13557			type = CTL_STATS_WRITE;
13558		else
13559			type = CTL_STATS_NO_IO;
13560
13561		lun->stats.ports[targ_port].bytes[type] +=
13562		    io->scsiio.kern_total_len;
13563		lun->stats.ports[targ_port].operations[type]++;
13564#ifdef CTL_TIME_IO
13565		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13566		   &io->io_hdr.dma_bt);
13567		lun->stats.ports[targ_port].num_dmas[type] +=
13568		    io->io_hdr.num_dmas;
13569		getbintime(&cur_bt);
13570		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13571		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13572#endif
13573	}
13574
13575	/*
13576	 * Remove this from the OOA queue.
13577	 */
13578	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13579
13580	/*
13581	 * Run through the blocked queue on this LUN and see if anything
13582	 * has become unblocked, now that this transaction is done.
13583	 */
13584	ctl_check_blocked(lun);
13585
13586	/*
13587	 * If the LUN has been invalidated, free it if there is nothing
13588	 * left on its OOA queue.
13589	 */
13590	if ((lun->flags & CTL_LUN_INVALID)
13591	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13592		mtx_unlock(&lun->lun_lock);
13593		mtx_lock(&ctl_softc->ctl_lock);
13594		ctl_free_lun(lun);
13595		mtx_unlock(&ctl_softc->ctl_lock);
13596	} else
13597		mtx_unlock(&lun->lun_lock);
13598
13599	/*
13600	 * If this command has been aborted, make sure we set the status
13601	 * properly.  The FETD is responsible for freeing the I/O and doing
13602	 * whatever it needs to do to clean up its state.
13603	 */
13604	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13605		ctl_set_task_aborted(&io->scsiio);
13606
13607	/*
13608	 * If enabled, print command error status.
13609	 * We don't print UAs unless debugging was enabled explicitly.
13610	 */
13611	do {
13612		if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)
13613			break;
13614		if (!bootverbose && (ctl_debug & CTL_DEBUG_INFO) == 0)
13615			break;
13616		if ((ctl_debug & CTL_DEBUG_INFO) == 0 &&
13617		    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR) &&
13618		     (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
13619			int error_code, sense_key, asc, ascq;
13620
13621			scsi_extract_sense_len(&io->scsiio.sense_data,
13622			    io->scsiio.sense_len, &error_code, &sense_key,
13623			    &asc, &ascq, /*show_errors*/ 0);
13624			if (sense_key == SSD_KEY_UNIT_ATTENTION)
13625				break;
13626		}
13627
13628		ctl_io_error_print(io, NULL);
13629	} while (0);
13630
13631	/*
13632	 * Tell the FETD or the other shelf controller we're done with this
13633	 * command.  Note that only SCSI commands get to this point.  Task
13634	 * management commands are completed above.
13635	 *
13636	 * We only send status to the other controller if we're in XFER
13637	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13638	 * received the I/O (from CTL's perspective), and so the status is
13639	 * generated there.
13640	 *
13641	 * XXX KDM if we hold the lock here, we could cause a deadlock
13642	 * if the frontend comes back in in this context to queue
13643	 * something.
13644	 */
13645	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
13646	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13647		union ctl_ha_msg msg;
13648
13649		memset(&msg, 0, sizeof(msg));
13650		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13651		msg.hdr.original_sc = io->io_hdr.original_sc;
13652		msg.hdr.nexus = io->io_hdr.nexus;
13653		msg.hdr.status = io->io_hdr.status;
13654		msg.scsi.scsi_status = io->scsiio.scsi_status;
13655		msg.scsi.tag_num = io->scsiio.tag_num;
13656		msg.scsi.tag_type = io->scsiio.tag_type;
13657		msg.scsi.sense_len = io->scsiio.sense_len;
13658		msg.scsi.sense_residual = io->scsiio.sense_residual;
13659		msg.scsi.residual = io->scsiio.residual;
13660		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13661		       sizeof(io->scsiio.sense_data));
13662		/*
13663		 * We copy this whether or not this is an I/O-related
13664		 * command.  Otherwise, we'd have to go and check to see
13665		 * whether it's a read/write command, and it really isn't
13666		 * worth it.
13667		 */
13668		memcpy(&msg.scsi.lbalen,
13669		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13670		       sizeof(msg.scsi.lbalen));
13671
13672		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13673				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13674			/* XXX do something here */
13675		}
13676
13677		ctl_free_io(io);
13678	} else
13679		fe_done(io);
13680
13681bailout:
13682
13683	return (CTL_RETVAL_COMPLETE);
13684}
13685
13686#ifdef CTL_WITH_CA
13687/*
13688 * Front end should call this if it doesn't do autosense.  When the request
13689 * sense comes back in from the initiator, we'll dequeue this and send it.
13690 */
13691int
13692ctl_queue_sense(union ctl_io *io)
13693{
13694	struct ctl_lun *lun;
13695	struct ctl_softc *ctl_softc;
13696	uint32_t initidx, targ_lun;
13697
13698	ctl_softc = control_softc;
13699
13700	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13701
13702	/*
13703	 * LUN lookup will likely move to the ctl_work_thread() once we
13704	 * have our new queueing infrastructure (that doesn't put things on
13705	 * a per-LUN queue initially).  That is so that we can handle
13706	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13707	 * can't deal with that right now.
13708	 */
13709	mtx_lock(&ctl_softc->ctl_lock);
13710
13711	/*
13712	 * If we don't have a LUN for this, just toss the sense
13713	 * information.
13714	 */
13715	targ_lun = io->io_hdr.nexus.targ_lun;
13716	targ_lun = ctl_map_lun(io->io_hdr.nexus.targ_port, targ_lun);
13717	if ((targ_lun < CTL_MAX_LUNS)
13718	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
13719		lun = ctl_softc->ctl_luns[targ_lun];
13720	else
13721		goto bailout;
13722
13723	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13724
13725	mtx_lock(&lun->lun_lock);
13726	/*
13727	 * Already have CA set for this LUN...toss the sense information.
13728	 */
13729	if (ctl_is_set(lun->have_ca, initidx)) {
13730		mtx_unlock(&lun->lun_lock);
13731		goto bailout;
13732	}
13733
13734	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13735	       ctl_min(sizeof(lun->pending_sense[initidx]),
13736	       sizeof(io->scsiio.sense_data)));
13737	ctl_set_mask(lun->have_ca, initidx);
13738	mtx_unlock(&lun->lun_lock);
13739
13740bailout:
13741	mtx_unlock(&ctl_softc->ctl_lock);
13742
13743	ctl_free_io(io);
13744
13745	return (CTL_RETVAL_COMPLETE);
13746}
13747#endif
13748
13749/*
13750 * Primary command inlet from frontend ports.  All SCSI and task I/O
13751 * requests must go through this function.
13752 */
13753int
13754ctl_queue(union ctl_io *io)
13755{
13756	struct ctl_softc *ctl_softc;
13757
13758	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13759
13760	ctl_softc = control_softc;
13761
13762#ifdef CTL_TIME_IO
13763	io->io_hdr.start_time = time_uptime;
13764	getbintime(&io->io_hdr.start_bt);
13765#endif /* CTL_TIME_IO */
13766
13767	/* Map FE-specific LUN ID into global one. */
13768	io->io_hdr.nexus.targ_mapped_lun =
13769	    ctl_map_lun(io->io_hdr.nexus.targ_port, io->io_hdr.nexus.targ_lun);
13770
13771	switch (io->io_hdr.io_type) {
13772	case CTL_IO_SCSI:
13773	case CTL_IO_TASK:
13774		if (ctl_debug & CTL_DEBUG_CDB)
13775			ctl_io_print(io);
13776		ctl_enqueue_incoming(io);
13777		break;
13778	default:
13779		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13780		return (EINVAL);
13781	}
13782
13783	return (CTL_RETVAL_COMPLETE);
13784}
13785
13786#ifdef CTL_IO_DELAY
13787static void
13788ctl_done_timer_wakeup(void *arg)
13789{
13790	union ctl_io *io;
13791
13792	io = (union ctl_io *)arg;
13793	ctl_done(io);
13794}
13795#endif /* CTL_IO_DELAY */
13796
13797void
13798ctl_done(union ctl_io *io)
13799{
13800	struct ctl_softc *ctl_softc;
13801
13802	ctl_softc = control_softc;
13803
13804	/*
13805	 * Enable this to catch duplicate completion issues.
13806	 */
13807#if 0
13808	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13809		printf("%s: type %d msg %d cdb %x iptl: "
13810		       "%d:%d:%d:%d tag 0x%04x "
13811		       "flag %#x status %x\n",
13812			__func__,
13813			io->io_hdr.io_type,
13814			io->io_hdr.msg_type,
13815			io->scsiio.cdb[0],
13816			io->io_hdr.nexus.initid.id,
13817			io->io_hdr.nexus.targ_port,
13818			io->io_hdr.nexus.targ_target.id,
13819			io->io_hdr.nexus.targ_lun,
13820			(io->io_hdr.io_type ==
13821			CTL_IO_TASK) ?
13822			io->taskio.tag_num :
13823			io->scsiio.tag_num,
13824		        io->io_hdr.flags,
13825			io->io_hdr.status);
13826	} else
13827		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13828#endif
13829
13830	/*
13831	 * This is an internal copy of an I/O, and should not go through
13832	 * the normal done processing logic.
13833	 */
13834	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13835		return;
13836
13837	/*
13838	 * We need to send a msg to the serializing shelf to finish the IO
13839	 * as well.  We don't send a finish message to the other shelf if
13840	 * this is a task management command.  Task management commands
13841	 * aren't serialized in the OOA queue, but rather just executed on
13842	 * both shelf controllers for commands that originated on that
13843	 * controller.
13844	 */
13845	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13846	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13847		union ctl_ha_msg msg_io;
13848
13849		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13850		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13851		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13852		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13853		}
13854		/* continue on to finish IO */
13855	}
13856#ifdef CTL_IO_DELAY
13857	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13858		struct ctl_lun *lun;
13859
13860		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13861
13862		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13863	} else {
13864		struct ctl_lun *lun;
13865
13866		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13867
13868		if ((lun != NULL)
13869		 && (lun->delay_info.done_delay > 0)) {
13870			struct callout *callout;
13871
13872			callout = (struct callout *)&io->io_hdr.timer_bytes;
13873			callout_init(callout, /*mpsafe*/ 1);
13874			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13875			callout_reset(callout,
13876				      lun->delay_info.done_delay * hz,
13877				      ctl_done_timer_wakeup, io);
13878			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13879				lun->delay_info.done_delay = 0;
13880			return;
13881		}
13882	}
13883#endif /* CTL_IO_DELAY */
13884
13885	ctl_enqueue_done(io);
13886}
13887
13888int
13889ctl_isc(struct ctl_scsiio *ctsio)
13890{
13891	struct ctl_lun *lun;
13892	int retval;
13893
13894	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13895
13896	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13897
13898	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13899
13900	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13901
13902	return (retval);
13903}
13904
13905
13906static void
13907ctl_work_thread(void *arg)
13908{
13909	struct ctl_thread *thr = (struct ctl_thread *)arg;
13910	struct ctl_softc *softc = thr->ctl_softc;
13911	union ctl_io *io;
13912	int retval;
13913
13914	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13915
13916	for (;;) {
13917		retval = 0;
13918
13919		/*
13920		 * We handle the queues in this order:
13921		 * - ISC
13922		 * - done queue (to free up resources, unblock other commands)
13923		 * - RtR queue
13924		 * - incoming queue
13925		 *
13926		 * If those queues are empty, we break out of the loop and
13927		 * go to sleep.
13928		 */
13929		mtx_lock(&thr->queue_lock);
13930		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13931		if (io != NULL) {
13932			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13933			mtx_unlock(&thr->queue_lock);
13934			ctl_handle_isc(io);
13935			continue;
13936		}
13937		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13938		if (io != NULL) {
13939			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13940			/* clear any blocked commands, call fe_done */
13941			mtx_unlock(&thr->queue_lock);
13942			retval = ctl_process_done(io);
13943			continue;
13944		}
13945		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13946		if (io != NULL) {
13947			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13948			mtx_unlock(&thr->queue_lock);
13949			if (io->io_hdr.io_type == CTL_IO_TASK)
13950				ctl_run_task(io);
13951			else
13952				ctl_scsiio_precheck(softc, &io->scsiio);
13953			continue;
13954		}
13955		if (!ctl_pause_rtr) {
13956			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13957			if (io != NULL) {
13958				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13959				mtx_unlock(&thr->queue_lock);
13960				retval = ctl_scsiio(&io->scsiio);
13961				if (retval != CTL_RETVAL_COMPLETE)
13962					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13963				continue;
13964			}
13965		}
13966
13967		/* Sleep until we have something to do. */
13968		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13969	}
13970}
13971
13972static void
13973ctl_lun_thread(void *arg)
13974{
13975	struct ctl_softc *softc = (struct ctl_softc *)arg;
13976	struct ctl_be_lun *be_lun;
13977	int retval;
13978
13979	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13980
13981	for (;;) {
13982		retval = 0;
13983		mtx_lock(&softc->ctl_lock);
13984		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13985		if (be_lun != NULL) {
13986			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13987			mtx_unlock(&softc->ctl_lock);
13988			ctl_create_lun(be_lun);
13989			continue;
13990		}
13991
13992		/* Sleep until we have something to do. */
13993		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13994		    PDROP | PRIBIO, "-", 0);
13995	}
13996}
13997
13998static void
13999ctl_enqueue_incoming(union ctl_io *io)
14000{
14001	struct ctl_softc *softc = control_softc;
14002	struct ctl_thread *thr;
14003	u_int idx;
14004
14005	idx = (io->io_hdr.nexus.targ_port * 127 +
14006	       io->io_hdr.nexus.initid.id) % worker_threads;
14007	thr = &softc->threads[idx];
14008	mtx_lock(&thr->queue_lock);
14009	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
14010	mtx_unlock(&thr->queue_lock);
14011	wakeup(thr);
14012}
14013
14014static void
14015ctl_enqueue_rtr(union ctl_io *io)
14016{
14017	struct ctl_softc *softc = control_softc;
14018	struct ctl_thread *thr;
14019
14020	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14021	mtx_lock(&thr->queue_lock);
14022	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
14023	mtx_unlock(&thr->queue_lock);
14024	wakeup(thr);
14025}
14026
14027static void
14028ctl_enqueue_done(union ctl_io *io)
14029{
14030	struct ctl_softc *softc = control_softc;
14031	struct ctl_thread *thr;
14032
14033	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14034	mtx_lock(&thr->queue_lock);
14035	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
14036	mtx_unlock(&thr->queue_lock);
14037	wakeup(thr);
14038}
14039
14040static void
14041ctl_enqueue_isc(union ctl_io *io)
14042{
14043	struct ctl_softc *softc = control_softc;
14044	struct ctl_thread *thr;
14045
14046	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14047	mtx_lock(&thr->queue_lock);
14048	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
14049	mtx_unlock(&thr->queue_lock);
14050	wakeup(thr);
14051}
14052
14053/* Initialization and failover */
14054
14055void
14056ctl_init_isc_msg(void)
14057{
14058	printf("CTL: Still calling this thing\n");
14059}
14060
14061/*
14062 * Init component
14063 * 	Initializes component into configuration defined by bootMode
14064 *	(see hasc-sv.c)
14065 *  	returns hasc_Status:
14066 * 		OK
14067 *		ERROR - fatal error
14068 */
14069static ctl_ha_comp_status
14070ctl_isc_init(struct ctl_ha_component *c)
14071{
14072	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14073
14074	c->status = ret;
14075	return ret;
14076}
14077
14078/* Start component
14079 * 	Starts component in state requested. If component starts successfully,
14080 *	it must set its own state to the requestrd state
14081 *	When requested state is HASC_STATE_HA, the component may refine it
14082 * 	by adding _SLAVE or _MASTER flags.
14083 *	Currently allowed state transitions are:
14084 *	UNKNOWN->HA		- initial startup
14085 *	UNKNOWN->SINGLE - initial startup when no parter detected
14086 *	HA->SINGLE		- failover
14087 * returns ctl_ha_comp_status:
14088 * 		OK	- component successfully started in requested state
14089 *		FAILED  - could not start the requested state, failover may
14090 * 			  be possible
14091 *		ERROR	- fatal error detected, no future startup possible
14092 */
14093static ctl_ha_comp_status
14094ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
14095{
14096	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14097
14098	printf("%s: go\n", __func__);
14099
14100	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
14101	if (c->state == CTL_HA_STATE_UNKNOWN ) {
14102		ctl_is_single = 0;
14103		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
14104		    != CTL_HA_STATUS_SUCCESS) {
14105			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
14106			ret = CTL_HA_COMP_STATUS_ERROR;
14107		}
14108	} else if (CTL_HA_STATE_IS_HA(c->state)
14109		&& CTL_HA_STATE_IS_SINGLE(state)){
14110		// HA->SINGLE transition
14111	        ctl_failover();
14112		ctl_is_single = 1;
14113	} else {
14114		printf("ctl_isc_start:Invalid state transition %X->%X\n",
14115		       c->state, state);
14116		ret = CTL_HA_COMP_STATUS_ERROR;
14117	}
14118	if (CTL_HA_STATE_IS_SINGLE(state))
14119		ctl_is_single = 1;
14120
14121	c->state = state;
14122	c->status = ret;
14123	return ret;
14124}
14125
14126/*
14127 * Quiesce component
14128 * The component must clear any error conditions (set status to OK) and
14129 * prepare itself to another Start call
14130 * returns ctl_ha_comp_status:
14131 * 	OK
14132 *	ERROR
14133 */
14134static ctl_ha_comp_status
14135ctl_isc_quiesce(struct ctl_ha_component *c)
14136{
14137	int ret = CTL_HA_COMP_STATUS_OK;
14138
14139	ctl_pause_rtr = 1;
14140	c->status = ret;
14141	return ret;
14142}
14143
14144struct ctl_ha_component ctl_ha_component_ctlisc =
14145{
14146	.name = "CTL ISC",
14147	.state = CTL_HA_STATE_UNKNOWN,
14148	.init = ctl_isc_init,
14149	.start = ctl_isc_start,
14150	.quiesce = ctl_isc_quiesce
14151};
14152
14153/*
14154 *  vim: ts=8
14155 */
14156