ctl.c revision 284797 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id$
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 284797 2015-06-25 07:10:51Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/ctype.h>
50#include <sys/kernel.h>
51#include <sys/types.h>
52#include <sys/kthread.h>
53#include <sys/bio.h>
54#include <sys/fcntl.h>
55#include <sys/lock.h>
56#include <sys/module.h>
57#include <sys/mutex.h>
58#include <sys/condvar.h>
59#include <sys/malloc.h>
60#include <sys/conf.h>
61#include <sys/ioccom.h>
62#include <sys/queue.h>
63#include <sys/sbuf.h>
64#include <sys/smp.h>
65#include <sys/endian.h>
66#include <sys/sysctl.h>
67#include <vm/uma.h>
68
69#include <cam/cam.h>
70#include <cam/scsi/scsi_all.h>
71#include <cam/scsi/scsi_da.h>
72#include <cam/ctl/ctl_io.h>
73#include <cam/ctl/ctl.h>
74#include <cam/ctl/ctl_frontend.h>
75#include <cam/ctl/ctl_frontend_internal.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Size and alignment macros needed for Copan-specific HA hardware.  These
89 * can go away when the HA code is re-written, and uses busdma for any
90 * hardware.
91 */
92#define	CTL_ALIGN_8B(target, source, type)				\
93	if (((uint32_t)source & 0x7) != 0)				\
94		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
95	else								\
96		target = (type)source;
97
98#define	CTL_SIZE_8B(target, size)					\
99	if ((size & 0x7) != 0)						\
100		target = size + (0x8 - (size & 0x7));			\
101	else								\
102		target = size;
103
104#define CTL_ALIGN_8B_MARGIN	16
105
106/*
107 * Template mode pages.
108 */
109
110/*
111 * Note that these are default values only.  The actual values will be
112 * filled in when the user does a mode sense.
113 */
114const static struct copan_debugconf_subpage debugconf_page_default = {
115	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
116	DBGCNF_SUBPAGE_CODE,		/* subpage */
117	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
118	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
119	DBGCNF_VERSION,			/* page_version */
120	{CTL_TIME_IO_DEFAULT_SECS>>8,
121	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
122};
123
124const static struct copan_debugconf_subpage debugconf_page_changeable = {
125	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
126	DBGCNF_SUBPAGE_CODE,		/* subpage */
127	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
128	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
129	0,				/* page_version */
130	{0xff,0xff},			/* ctl_time_io_secs */
131};
132
133const static struct scsi_da_rw_recovery_page rw_er_page_default = {
134	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
135	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
136	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
137	/*read_retry_count*/0,
138	/*correction_span*/0,
139	/*head_offset_count*/0,
140	/*data_strobe_offset_cnt*/0,
141	/*byte8*/SMS_RWER_LBPERE,
142	/*write_retry_count*/0,
143	/*reserved2*/0,
144	/*recovery_time_limit*/{0, 0},
145};
146
147const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
148	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
149	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
150	/*byte3*/0,
151	/*read_retry_count*/0,
152	/*correction_span*/0,
153	/*head_offset_count*/0,
154	/*data_strobe_offset_cnt*/0,
155	/*byte8*/0,
156	/*write_retry_count*/0,
157	/*reserved2*/0,
158	/*recovery_time_limit*/{0, 0},
159};
160
161const static struct scsi_format_page format_page_default = {
162	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
163	/*page_length*/sizeof(struct scsi_format_page) - 2,
164	/*tracks_per_zone*/ {0, 0},
165	/*alt_sectors_per_zone*/ {0, 0},
166	/*alt_tracks_per_zone*/ {0, 0},
167	/*alt_tracks_per_lun*/ {0, 0},
168	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
169			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
170	/*bytes_per_sector*/ {0, 0},
171	/*interleave*/ {0, 0},
172	/*track_skew*/ {0, 0},
173	/*cylinder_skew*/ {0, 0},
174	/*flags*/ SFP_HSEC,
175	/*reserved*/ {0, 0, 0}
176};
177
178const static struct scsi_format_page format_page_changeable = {
179	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
180	/*page_length*/sizeof(struct scsi_format_page) - 2,
181	/*tracks_per_zone*/ {0, 0},
182	/*alt_sectors_per_zone*/ {0, 0},
183	/*alt_tracks_per_zone*/ {0, 0},
184	/*alt_tracks_per_lun*/ {0, 0},
185	/*sectors_per_track*/ {0, 0},
186	/*bytes_per_sector*/ {0, 0},
187	/*interleave*/ {0, 0},
188	/*track_skew*/ {0, 0},
189	/*cylinder_skew*/ {0, 0},
190	/*flags*/ 0,
191	/*reserved*/ {0, 0, 0}
192};
193
194const static struct scsi_rigid_disk_page rigid_disk_page_default = {
195	/*page_code*/SMS_RIGID_DISK_PAGE,
196	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
197	/*cylinders*/ {0, 0, 0},
198	/*heads*/ CTL_DEFAULT_HEADS,
199	/*start_write_precomp*/ {0, 0, 0},
200	/*start_reduced_current*/ {0, 0, 0},
201	/*step_rate*/ {0, 0},
202	/*landing_zone_cylinder*/ {0, 0, 0},
203	/*rpl*/ SRDP_RPL_DISABLED,
204	/*rotational_offset*/ 0,
205	/*reserved1*/ 0,
206	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
207			   CTL_DEFAULT_ROTATION_RATE & 0xff},
208	/*reserved2*/ {0, 0}
209};
210
211const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
212	/*page_code*/SMS_RIGID_DISK_PAGE,
213	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
214	/*cylinders*/ {0, 0, 0},
215	/*heads*/ 0,
216	/*start_write_precomp*/ {0, 0, 0},
217	/*start_reduced_current*/ {0, 0, 0},
218	/*step_rate*/ {0, 0},
219	/*landing_zone_cylinder*/ {0, 0, 0},
220	/*rpl*/ 0,
221	/*rotational_offset*/ 0,
222	/*reserved1*/ 0,
223	/*rotation_rate*/ {0, 0},
224	/*reserved2*/ {0, 0}
225};
226
227const static struct scsi_caching_page caching_page_default = {
228	/*page_code*/SMS_CACHING_PAGE,
229	/*page_length*/sizeof(struct scsi_caching_page) - 2,
230	/*flags1*/ SCP_DISC | SCP_WCE,
231	/*ret_priority*/ 0,
232	/*disable_pf_transfer_len*/ {0xff, 0xff},
233	/*min_prefetch*/ {0, 0},
234	/*max_prefetch*/ {0xff, 0xff},
235	/*max_pf_ceiling*/ {0xff, 0xff},
236	/*flags2*/ 0,
237	/*cache_segments*/ 0,
238	/*cache_seg_size*/ {0, 0},
239	/*reserved*/ 0,
240	/*non_cache_seg_size*/ {0, 0, 0}
241};
242
243const static struct scsi_caching_page caching_page_changeable = {
244	/*page_code*/SMS_CACHING_PAGE,
245	/*page_length*/sizeof(struct scsi_caching_page) - 2,
246	/*flags1*/ SCP_WCE | SCP_RCD,
247	/*ret_priority*/ 0,
248	/*disable_pf_transfer_len*/ {0, 0},
249	/*min_prefetch*/ {0, 0},
250	/*max_prefetch*/ {0, 0},
251	/*max_pf_ceiling*/ {0, 0},
252	/*flags2*/ 0,
253	/*cache_segments*/ 0,
254	/*cache_seg_size*/ {0, 0},
255	/*reserved*/ 0,
256	/*non_cache_seg_size*/ {0, 0, 0}
257};
258
259const static struct scsi_control_page control_page_default = {
260	/*page_code*/SMS_CONTROL_MODE_PAGE,
261	/*page_length*/sizeof(struct scsi_control_page) - 2,
262	/*rlec*/0,
263	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
264	/*eca_and_aen*/0,
265	/*flags4*/SCP_TAS,
266	/*aen_holdoff_period*/{0, 0},
267	/*busy_timeout_period*/{0, 0},
268	/*extended_selftest_completion_time*/{0, 0}
269};
270
271const static struct scsi_control_page control_page_changeable = {
272	/*page_code*/SMS_CONTROL_MODE_PAGE,
273	/*page_length*/sizeof(struct scsi_control_page) - 2,
274	/*rlec*/SCP_DSENSE,
275	/*queue_flags*/SCP_QUEUE_ALG_MASK,
276	/*eca_and_aen*/SCP_SWP,
277	/*flags4*/0,
278	/*aen_holdoff_period*/{0, 0},
279	/*busy_timeout_period*/{0, 0},
280	/*extended_selftest_completion_time*/{0, 0}
281};
282
283const static struct scsi_info_exceptions_page ie_page_default = {
284	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
285	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
286	/*info_flags*/SIEP_FLAGS_DEXCPT,
287	/*mrie*/0,
288	/*interval_timer*/{0, 0, 0, 0},
289	/*report_count*/{0, 0, 0, 0}
290};
291
292const static struct scsi_info_exceptions_page ie_page_changeable = {
293	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
294	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
295	/*info_flags*/0,
296	/*mrie*/0,
297	/*interval_timer*/{0, 0, 0, 0},
298	/*report_count*/{0, 0, 0, 0}
299};
300
301#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
302
303const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
304	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
305	/*subpage_code*/0x02,
306	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
307	/*flags*/0,
308	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
309	/*descr*/{}},
310	{{/*flags*/0,
311	  /*resource*/0x01,
312	  /*reserved*/{0, 0},
313	  /*count*/{0, 0, 0, 0}},
314	 {/*flags*/0,
315	  /*resource*/0x02,
316	  /*reserved*/{0, 0},
317	  /*count*/{0, 0, 0, 0}},
318	 {/*flags*/0,
319	  /*resource*/0xf1,
320	  /*reserved*/{0, 0},
321	  /*count*/{0, 0, 0, 0}},
322	 {/*flags*/0,
323	  /*resource*/0xf2,
324	  /*reserved*/{0, 0},
325	  /*count*/{0, 0, 0, 0}}
326	}
327};
328
329const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
330	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
331	/*subpage_code*/0x02,
332	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
333	/*flags*/0,
334	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
335	/*descr*/{}},
336	{{/*flags*/0,
337	  /*resource*/0,
338	  /*reserved*/{0, 0},
339	  /*count*/{0, 0, 0, 0}},
340	 {/*flags*/0,
341	  /*resource*/0,
342	  /*reserved*/{0, 0},
343	  /*count*/{0, 0, 0, 0}},
344	 {/*flags*/0,
345	  /*resource*/0,
346	  /*reserved*/{0, 0},
347	  /*count*/{0, 0, 0, 0}},
348	 {/*flags*/0,
349	  /*resource*/0,
350	  /*reserved*/{0, 0},
351	  /*count*/{0, 0, 0, 0}}
352	}
353};
354
355/*
356 * XXX KDM move these into the softc.
357 */
358static int rcv_sync_msg;
359static uint8_t ctl_pause_rtr;
360
361SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
362static int worker_threads = -1;
363TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
364SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
365    &worker_threads, 1, "Number of worker threads");
366static int ctl_debug = CTL_DEBUG_NONE;
367TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
368SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
369    &ctl_debug, 0, "Enabled debug flags");
370
371/*
372 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
373 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
374 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
375 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
376 */
377#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
378
379static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
380				  int param);
381static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
382static int ctl_init(void);
383void ctl_shutdown(void);
384static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
385static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
386static void ctl_ioctl_online(void *arg);
387static void ctl_ioctl_offline(void *arg);
388static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
389static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
390static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
391static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
392static int ctl_ioctl_submit_wait(union ctl_io *io);
393static void ctl_ioctl_datamove(union ctl_io *io);
394static void ctl_ioctl_done(union ctl_io *io);
395static void ctl_ioctl_hard_startstop_callback(void *arg,
396					      struct cfi_metatask *metatask);
397static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
398static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
399			      struct ctl_ooa *ooa_hdr,
400			      struct ctl_ooa_entry *kern_entries);
401static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
402		     struct thread *td);
403static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
404			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
405static int ctl_free_lun(struct ctl_lun *lun);
406static void ctl_create_lun(struct ctl_be_lun *be_lun);
407static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
408/**
409static void ctl_failover_change_pages(struct ctl_softc *softc,
410				      struct ctl_scsiio *ctsio, int master);
411**/
412
413static int ctl_do_mode_select(union ctl_io *io);
414static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
415			   uint64_t res_key, uint64_t sa_res_key,
416			   uint8_t type, uint32_t residx,
417			   struct ctl_scsiio *ctsio,
418			   struct scsi_per_res_out *cdb,
419			   struct scsi_per_res_out_parms* param);
420static void ctl_pro_preempt_other(struct ctl_lun *lun,
421				  union ctl_ha_msg *msg);
422static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
423static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
424static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
425static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
426static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
427static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
428static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
429					 int alloc_len);
430static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
431					 int alloc_len);
432static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
433static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
434static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
435static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
436static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
437static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
438    bool seq);
439static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
440static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
441    union ctl_io *pending_io, union ctl_io *ooa_io);
442static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
443				union ctl_io *starting_io);
444static int ctl_check_blocked(struct ctl_lun *lun);
445static int ctl_scsiio_lun_check(struct ctl_lun *lun,
446				const struct ctl_cmd_entry *entry,
447				struct ctl_scsiio *ctsio);
448//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
449static void ctl_failover(void);
450static void ctl_clear_ua(struct ctl_softc *ctl_softc, uint32_t initidx,
451			 ctl_ua_type ua_type);
452static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
453			       struct ctl_scsiio *ctsio);
454static int ctl_scsiio(struct ctl_scsiio *ctsio);
455
456static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
457static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
458			    ctl_ua_type ua_type);
459static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
460			 ctl_ua_type ua_type);
461static int ctl_abort_task(union ctl_io *io);
462static int ctl_abort_task_set(union ctl_io *io);
463static int ctl_i_t_nexus_reset(union ctl_io *io);
464static void ctl_run_task(union ctl_io *io);
465#ifdef CTL_IO_DELAY
466static void ctl_datamove_timer_wakeup(void *arg);
467static void ctl_done_timer_wakeup(void *arg);
468#endif /* CTL_IO_DELAY */
469
470static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
471static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
472static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
473static void ctl_datamove_remote_write(union ctl_io *io);
474static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
475static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
476static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
477static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
478				    ctl_ha_dt_cb callback);
479static void ctl_datamove_remote_read(union ctl_io *io);
480static void ctl_datamove_remote(union ctl_io *io);
481static int ctl_process_done(union ctl_io *io);
482static void ctl_lun_thread(void *arg);
483static void ctl_thresh_thread(void *arg);
484static void ctl_work_thread(void *arg);
485static void ctl_enqueue_incoming(union ctl_io *io);
486static void ctl_enqueue_rtr(union ctl_io *io);
487static void ctl_enqueue_done(union ctl_io *io);
488static void ctl_enqueue_isc(union ctl_io *io);
489static const struct ctl_cmd_entry *
490    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
491static const struct ctl_cmd_entry *
492    ctl_validate_command(struct ctl_scsiio *ctsio);
493static int ctl_cmd_applicable(uint8_t lun_type,
494    const struct ctl_cmd_entry *entry);
495
496/*
497 * Load the serialization table.  This isn't very pretty, but is probably
498 * the easiest way to do it.
499 */
500#include "ctl_ser_table.c"
501
502/*
503 * We only need to define open, close and ioctl routines for this driver.
504 */
505static struct cdevsw ctl_cdevsw = {
506	.d_version =	D_VERSION,
507	.d_flags =	0,
508	.d_open =	ctl_open,
509	.d_close =	ctl_close,
510	.d_ioctl =	ctl_ioctl,
511	.d_name =	"ctl",
512};
513
514
515MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
516MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
517
518static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
519
520static moduledata_t ctl_moduledata = {
521	"ctl",
522	ctl_module_event_handler,
523	NULL
524};
525
526DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
527MODULE_VERSION(ctl, 1);
528
529static struct ctl_frontend ioctl_frontend =
530{
531	.name = "ioctl",
532};
533
534static void
535ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
536			    union ctl_ha_msg *msg_info)
537{
538	struct ctl_scsiio *ctsio;
539
540	if (msg_info->hdr.original_sc == NULL) {
541		printf("%s: original_sc == NULL!\n", __func__);
542		/* XXX KDM now what? */
543		return;
544	}
545
546	ctsio = &msg_info->hdr.original_sc->scsiio;
547	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
548	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
549	ctsio->io_hdr.status = msg_info->hdr.status;
550	ctsio->scsi_status = msg_info->scsi.scsi_status;
551	ctsio->sense_len = msg_info->scsi.sense_len;
552	ctsio->sense_residual = msg_info->scsi.sense_residual;
553	ctsio->residual = msg_info->scsi.residual;
554	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
555	       sizeof(ctsio->sense_data));
556	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
557	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
558	ctl_enqueue_isc((union ctl_io *)ctsio);
559}
560
561static void
562ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
563				union ctl_ha_msg *msg_info)
564{
565	struct ctl_scsiio *ctsio;
566
567	if (msg_info->hdr.serializing_sc == NULL) {
568		printf("%s: serializing_sc == NULL!\n", __func__);
569		/* XXX KDM now what? */
570		return;
571	}
572
573	ctsio = &msg_info->hdr.serializing_sc->scsiio;
574#if 0
575	/*
576	 * Attempt to catch the situation where an I/O has
577	 * been freed, and we're using it again.
578	 */
579	if (ctsio->io_hdr.io_type == 0xff) {
580		union ctl_io *tmp_io;
581		tmp_io = (union ctl_io *)ctsio;
582		printf("%s: %p use after free!\n", __func__,
583		       ctsio);
584		printf("%s: type %d msg %d cdb %x iptl: "
585		       "%d:%d:%d:%d tag 0x%04x "
586		       "flag %#x status %x\n",
587			__func__,
588			tmp_io->io_hdr.io_type,
589			tmp_io->io_hdr.msg_type,
590			tmp_io->scsiio.cdb[0],
591			tmp_io->io_hdr.nexus.initid.id,
592			tmp_io->io_hdr.nexus.targ_port,
593			tmp_io->io_hdr.nexus.targ_target.id,
594			tmp_io->io_hdr.nexus.targ_lun,
595			(tmp_io->io_hdr.io_type ==
596			CTL_IO_TASK) ?
597			tmp_io->taskio.tag_num :
598			tmp_io->scsiio.tag_num,
599		        tmp_io->io_hdr.flags,
600			tmp_io->io_hdr.status);
601	}
602#endif
603	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
604	ctl_enqueue_isc((union ctl_io *)ctsio);
605}
606
607/*
608 * ISC (Inter Shelf Communication) event handler.  Events from the HA
609 * subsystem come in here.
610 */
611static void
612ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
613{
614	struct ctl_softc *softc;
615	union ctl_io *io;
616	struct ctl_prio *presio;
617	ctl_ha_status isc_status;
618
619	softc = control_softc;
620	io = NULL;
621
622
623#if 0
624	printf("CTL: Isc Msg event %d\n", event);
625#endif
626	if (event == CTL_HA_EVT_MSG_RECV) {
627		union ctl_ha_msg msg_info;
628
629		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
630					     sizeof(msg_info), /*wait*/ 0);
631#if 0
632		printf("CTL: msg_type %d\n", msg_info.msg_type);
633#endif
634		if (isc_status != 0) {
635			printf("Error receiving message, status = %d\n",
636			       isc_status);
637			return;
638		}
639
640		switch (msg_info.hdr.msg_type) {
641		case CTL_MSG_SERIALIZE:
642#if 0
643			printf("Serialize\n");
644#endif
645			io = ctl_alloc_io_nowait(softc->othersc_pool);
646			if (io == NULL) {
647				printf("ctl_isc_event_handler: can't allocate "
648				       "ctl_io!\n");
649				/* Bad Juju */
650				/* Need to set busy and send msg back */
651				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
652				msg_info.hdr.status = CTL_SCSI_ERROR;
653				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
654				msg_info.scsi.sense_len = 0;
655			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
656				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
657				}
658				goto bailout;
659			}
660			ctl_zero_io(io);
661			// populate ctsio from msg_info
662			io->io_hdr.io_type = CTL_IO_SCSI;
663			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
664			io->io_hdr.original_sc = msg_info.hdr.original_sc;
665#if 0
666			printf("pOrig %x\n", (int)msg_info.original_sc);
667#endif
668			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
669					    CTL_FLAG_IO_ACTIVE;
670			/*
671			 * If we're in serialization-only mode, we don't
672			 * want to go through full done processing.  Thus
673			 * the COPY flag.
674			 *
675			 * XXX KDM add another flag that is more specific.
676			 */
677			if (softc->ha_mode == CTL_HA_MODE_SER_ONLY)
678				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
679			io->io_hdr.nexus = msg_info.hdr.nexus;
680#if 0
681			printf("targ %d, port %d, iid %d, lun %d\n",
682			       io->io_hdr.nexus.targ_target.id,
683			       io->io_hdr.nexus.targ_port,
684			       io->io_hdr.nexus.initid.id,
685			       io->io_hdr.nexus.targ_lun);
686#endif
687			io->scsiio.tag_num = msg_info.scsi.tag_num;
688			io->scsiio.tag_type = msg_info.scsi.tag_type;
689			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
690			       CTL_MAX_CDBLEN);
691			if (softc->ha_mode == CTL_HA_MODE_XFER) {
692				const struct ctl_cmd_entry *entry;
693
694				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
695				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
696				io->io_hdr.flags |=
697					entry->flags & CTL_FLAG_DATA_MASK;
698			}
699			ctl_enqueue_isc(io);
700			break;
701
702		/* Performed on the Originating SC, XFER mode only */
703		case CTL_MSG_DATAMOVE: {
704			struct ctl_sg_entry *sgl;
705			int i, j;
706
707			io = msg_info.hdr.original_sc;
708			if (io == NULL) {
709				printf("%s: original_sc == NULL!\n", __func__);
710				/* XXX KDM do something here */
711				break;
712			}
713			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
714			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
715			/*
716			 * Keep track of this, we need to send it back over
717			 * when the datamove is complete.
718			 */
719			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
720
721			if (msg_info.dt.sg_sequence == 0) {
722				/*
723				 * XXX KDM we use the preallocated S/G list
724				 * here, but we'll need to change this to
725				 * dynamic allocation if we need larger S/G
726				 * lists.
727				 */
728				if (msg_info.dt.kern_sg_entries >
729				    sizeof(io->io_hdr.remote_sglist) /
730				    sizeof(io->io_hdr.remote_sglist[0])) {
731					printf("%s: number of S/G entries "
732					    "needed %u > allocated num %zd\n",
733					    __func__,
734					    msg_info.dt.kern_sg_entries,
735					    sizeof(io->io_hdr.remote_sglist)/
736					    sizeof(io->io_hdr.remote_sglist[0]));
737
738					/*
739					 * XXX KDM send a message back to
740					 * the other side to shut down the
741					 * DMA.  The error will come back
742					 * through via the normal channel.
743					 */
744					break;
745				}
746				sgl = io->io_hdr.remote_sglist;
747				memset(sgl, 0,
748				       sizeof(io->io_hdr.remote_sglist));
749
750				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
751
752				io->scsiio.kern_sg_entries =
753					msg_info.dt.kern_sg_entries;
754				io->scsiio.rem_sg_entries =
755					msg_info.dt.kern_sg_entries;
756				io->scsiio.kern_data_len =
757					msg_info.dt.kern_data_len;
758				io->scsiio.kern_total_len =
759					msg_info.dt.kern_total_len;
760				io->scsiio.kern_data_resid =
761					msg_info.dt.kern_data_resid;
762				io->scsiio.kern_rel_offset =
763					msg_info.dt.kern_rel_offset;
764				/*
765				 * Clear out per-DMA flags.
766				 */
767				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
768				/*
769				 * Add per-DMA flags that are set for this
770				 * particular DMA request.
771				 */
772				io->io_hdr.flags |= msg_info.dt.flags &
773						    CTL_FLAG_RDMA_MASK;
774			} else
775				sgl = (struct ctl_sg_entry *)
776					io->scsiio.kern_data_ptr;
777
778			for (i = msg_info.dt.sent_sg_entries, j = 0;
779			     i < (msg_info.dt.sent_sg_entries +
780			     msg_info.dt.cur_sg_entries); i++, j++) {
781				sgl[i].addr = msg_info.dt.sg_list[j].addr;
782				sgl[i].len = msg_info.dt.sg_list[j].len;
783
784#if 0
785				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
786				       __func__,
787				       msg_info.dt.sg_list[j].addr,
788				       msg_info.dt.sg_list[j].len,
789				       sgl[i].addr, sgl[i].len, j, i);
790#endif
791			}
792#if 0
793			memcpy(&sgl[msg_info.dt.sent_sg_entries],
794			       msg_info.dt.sg_list,
795			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
796#endif
797
798			/*
799			 * If this is the last piece of the I/O, we've got
800			 * the full S/G list.  Queue processing in the thread.
801			 * Otherwise wait for the next piece.
802			 */
803			if (msg_info.dt.sg_last != 0)
804				ctl_enqueue_isc(io);
805			break;
806		}
807		/* Performed on the Serializing (primary) SC, XFER mode only */
808		case CTL_MSG_DATAMOVE_DONE: {
809			if (msg_info.hdr.serializing_sc == NULL) {
810				printf("%s: serializing_sc == NULL!\n",
811				       __func__);
812				/* XXX KDM now what? */
813				break;
814			}
815			/*
816			 * We grab the sense information here in case
817			 * there was a failure, so we can return status
818			 * back to the initiator.
819			 */
820			io = msg_info.hdr.serializing_sc;
821			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
822			io->io_hdr.status = msg_info.hdr.status;
823			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
824			io->scsiio.sense_len = msg_info.scsi.sense_len;
825			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
826			io->io_hdr.port_status = msg_info.scsi.fetd_status;
827			io->scsiio.residual = msg_info.scsi.residual;
828			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
829			       sizeof(io->scsiio.sense_data));
830			ctl_enqueue_isc(io);
831			break;
832		}
833
834		/* Preformed on Originating SC, SER_ONLY mode */
835		case CTL_MSG_R2R:
836			io = msg_info.hdr.original_sc;
837			if (io == NULL) {
838				printf("%s: Major Bummer\n", __func__);
839				return;
840			} else {
841#if 0
842				printf("pOrig %x\n",(int) ctsio);
843#endif
844			}
845			io->io_hdr.msg_type = CTL_MSG_R2R;
846			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
847			ctl_enqueue_isc(io);
848			break;
849
850		/*
851		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
852		 * mode.
853		 * Performed on the Originating (i.e. secondary) SC in XFER
854		 * mode
855		 */
856		case CTL_MSG_FINISH_IO:
857			if (softc->ha_mode == CTL_HA_MODE_XFER)
858				ctl_isc_handler_finish_xfer(softc,
859							    &msg_info);
860			else
861				ctl_isc_handler_finish_ser_only(softc,
862								&msg_info);
863			break;
864
865		/* Preformed on Originating SC */
866		case CTL_MSG_BAD_JUJU:
867			io = msg_info.hdr.original_sc;
868			if (io == NULL) {
869				printf("%s: Bad JUJU!, original_sc is NULL!\n",
870				       __func__);
871				break;
872			}
873			ctl_copy_sense_data(&msg_info, io);
874			/*
875			 * IO should have already been cleaned up on other
876			 * SC so clear this flag so we won't send a message
877			 * back to finish the IO there.
878			 */
879			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
880			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
881
882			/* io = msg_info.hdr.serializing_sc; */
883			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
884			ctl_enqueue_isc(io);
885			break;
886
887		/* Handle resets sent from the other side */
888		case CTL_MSG_MANAGE_TASKS: {
889			struct ctl_taskio *taskio;
890			taskio = (struct ctl_taskio *)ctl_alloc_io_nowait(
891			    softc->othersc_pool);
892			if (taskio == NULL) {
893				printf("ctl_isc_event_handler: can't allocate "
894				       "ctl_io!\n");
895				/* Bad Juju */
896				/* should I just call the proper reset func
897				   here??? */
898				goto bailout;
899			}
900			ctl_zero_io((union ctl_io *)taskio);
901			taskio->io_hdr.io_type = CTL_IO_TASK;
902			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
903			taskio->io_hdr.nexus = msg_info.hdr.nexus;
904			taskio->task_action = msg_info.task.task_action;
905			taskio->tag_num = msg_info.task.tag_num;
906			taskio->tag_type = msg_info.task.tag_type;
907#ifdef CTL_TIME_IO
908			taskio->io_hdr.start_time = time_uptime;
909			getbintime(&taskio->io_hdr.start_bt);
910#if 0
911			cs_prof_gettime(&taskio->io_hdr.start_ticks);
912#endif
913#endif /* CTL_TIME_IO */
914			ctl_run_task((union ctl_io *)taskio);
915			break;
916		}
917		/* Persistent Reserve action which needs attention */
918		case CTL_MSG_PERS_ACTION:
919			presio = (struct ctl_prio *)ctl_alloc_io_nowait(
920			    softc->othersc_pool);
921			if (presio == NULL) {
922				printf("ctl_isc_event_handler: can't allocate "
923				       "ctl_io!\n");
924				/* Bad Juju */
925				/* Need to set busy and send msg back */
926				goto bailout;
927			}
928			ctl_zero_io((union ctl_io *)presio);
929			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
930			presio->pr_msg = msg_info.pr;
931			ctl_enqueue_isc((union ctl_io *)presio);
932			break;
933		case CTL_MSG_SYNC_FE:
934			rcv_sync_msg = 1;
935			break;
936		default:
937		        printf("How did I get here?\n");
938		}
939	} else if (event == CTL_HA_EVT_MSG_SENT) {
940		if (param != CTL_HA_STATUS_SUCCESS) {
941			printf("Bad status from ctl_ha_msg_send status %d\n",
942			       param);
943		}
944		return;
945	} else if (event == CTL_HA_EVT_DISCONNECT) {
946		printf("CTL: Got a disconnect from Isc\n");
947		return;
948	} else {
949		printf("ctl_isc_event_handler: Unknown event %d\n", event);
950		return;
951	}
952
953bailout:
954	return;
955}
956
957static void
958ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
959{
960	struct scsi_sense_data *sense;
961
962	sense = &dest->scsiio.sense_data;
963	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
964	dest->scsiio.scsi_status = src->scsi.scsi_status;
965	dest->scsiio.sense_len = src->scsi.sense_len;
966	dest->io_hdr.status = src->hdr.status;
967}
968
969static void
970ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
971{
972	ctl_ua_type *pu;
973
974	mtx_assert(&lun->lun_lock, MA_OWNED);
975	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
976	if (pu == NULL)
977		return;
978	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
979}
980
981static void
982ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
983{
984	int i, j;
985
986	mtx_assert(&lun->lun_lock, MA_OWNED);
987	for (i = 0; i < CTL_MAX_PORTS; i++) {
988		if (lun->pending_ua[i] == NULL)
989			continue;
990		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
991			if (i * CTL_MAX_INIT_PER_PORT + j == except)
992				continue;
993			lun->pending_ua[i][j] |= ua;
994		}
995	}
996}
997
998static void
999ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1000{
1001	ctl_ua_type *pu;
1002
1003	mtx_assert(&lun->lun_lock, MA_OWNED);
1004	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1005	if (pu == NULL)
1006		return;
1007	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1008}
1009
1010static void
1011ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1012{
1013	int i, j;
1014
1015	mtx_assert(&lun->lun_lock, MA_OWNED);
1016	for (i = 0; i < CTL_MAX_PORTS; i++) {
1017		if (lun->pending_ua[i] == NULL)
1018			continue;
1019		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1020			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1021				continue;
1022			lun->pending_ua[i][j] &= ~ua;
1023		}
1024	}
1025}
1026
1027static int
1028ctl_ha_state_sysctl(SYSCTL_HANDLER_ARGS)
1029{
1030	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1031	struct ctl_lun *lun;
1032	int error, value;
1033
1034	if (softc->flags & CTL_FLAG_ACTIVE_SHELF)
1035		value = 0;
1036	else
1037		value = 1;
1038
1039	error = sysctl_handle_int(oidp, &value, 0, req);
1040	if ((error != 0) || (req->newptr == NULL))
1041		return (error);
1042
1043	mtx_lock(&softc->ctl_lock);
1044	if (value == 0)
1045		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1046	else
1047		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1048	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1049		mtx_lock(&lun->lun_lock);
1050		ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1051		mtx_unlock(&lun->lun_lock);
1052	}
1053	mtx_unlock(&softc->ctl_lock);
1054	return (0);
1055}
1056
1057static int
1058ctl_init(void)
1059{
1060	struct ctl_softc *softc;
1061	void *other_pool;
1062	struct ctl_port *port;
1063	int i, error, retval;
1064	//int isc_retval;
1065
1066	retval = 0;
1067	ctl_pause_rtr = 0;
1068        rcv_sync_msg = 0;
1069
1070	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1071			       M_WAITOK | M_ZERO);
1072	softc = control_softc;
1073
1074	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1075			      "cam/ctl");
1076
1077	softc->dev->si_drv1 = softc;
1078
1079	/*
1080	 * By default, return a "bad LUN" peripheral qualifier for unknown
1081	 * LUNs.  The user can override this default using the tunable or
1082	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
1083	 */
1084	softc->inquiry_pq_no_lun = 1;
1085	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
1086			  &softc->inquiry_pq_no_lun);
1087	sysctl_ctx_init(&softc->sysctl_ctx);
1088	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1089		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1090		CTLFLAG_RD, 0, "CAM Target Layer");
1091
1092	if (softc->sysctl_tree == NULL) {
1093		printf("%s: unable to allocate sysctl tree\n", __func__);
1094		destroy_dev(softc->dev);
1095		free(control_softc, M_DEVBUF);
1096		control_softc = NULL;
1097		return (ENOMEM);
1098	}
1099
1100	SYSCTL_ADD_INT(&softc->sysctl_ctx,
1101		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
1102		       "inquiry_pq_no_lun", CTLFLAG_RW,
1103		       &softc->inquiry_pq_no_lun, 0,
1104		       "Report no lun possible for invalid LUNs");
1105
1106	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1107	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1108	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1109	softc->open_count = 0;
1110
1111	/*
1112	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1113	 * the drive.
1114	 */
1115	softc->flags = CTL_FLAG_REAL_SYNC;
1116
1117	/*
1118	 * In Copan's HA scheme, the "master" and "slave" roles are
1119	 * figured out through the slot the controller is in.  Although it
1120	 * is an active/active system, someone has to be in charge.
1121	 */
1122	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1123	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1124	    "HA head ID (0 - no HA)");
1125	if (softc->ha_id == 0) {
1126		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1127		softc->is_single = 1;
1128		softc->port_offset = 0;
1129	} else
1130		softc->port_offset = (softc->ha_id - 1) * CTL_MAX_PORTS;
1131	softc->persis_offset = softc->port_offset * CTL_MAX_INIT_PER_PORT;
1132
1133	/*
1134	 * XXX KDM need to figure out where we want to get our target ID
1135	 * and WWID.  Is it different on each port?
1136	 */
1137	softc->target.id = 0;
1138	softc->target.wwid[0] = 0x12345678;
1139	softc->target.wwid[1] = 0x87654321;
1140	STAILQ_INIT(&softc->lun_list);
1141	STAILQ_INIT(&softc->pending_lun_queue);
1142	STAILQ_INIT(&softc->fe_list);
1143	STAILQ_INIT(&softc->port_list);
1144	STAILQ_INIT(&softc->be_list);
1145	ctl_tpc_init(softc);
1146
1147	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1148	                    &other_pool) != 0)
1149	{
1150		printf("ctl: can't allocate %d entry other SC pool, "
1151		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1152		return (ENOMEM);
1153	}
1154	softc->othersc_pool = other_pool;
1155
1156	if (worker_threads <= 0)
1157		worker_threads = max(1, mp_ncpus / 4);
1158	if (worker_threads > CTL_MAX_THREADS)
1159		worker_threads = CTL_MAX_THREADS;
1160
1161	for (i = 0; i < worker_threads; i++) {
1162		struct ctl_thread *thr = &softc->threads[i];
1163
1164		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1165		thr->ctl_softc = softc;
1166		STAILQ_INIT(&thr->incoming_queue);
1167		STAILQ_INIT(&thr->rtr_queue);
1168		STAILQ_INIT(&thr->done_queue);
1169		STAILQ_INIT(&thr->isc_queue);
1170
1171		error = kproc_kthread_add(ctl_work_thread, thr,
1172		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1173		if (error != 0) {
1174			printf("error creating CTL work thread!\n");
1175			ctl_pool_free(other_pool);
1176			return (error);
1177		}
1178	}
1179	error = kproc_kthread_add(ctl_lun_thread, softc,
1180	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1181	if (error != 0) {
1182		printf("error creating CTL lun thread!\n");
1183		ctl_pool_free(other_pool);
1184		return (error);
1185	}
1186	error = kproc_kthread_add(ctl_thresh_thread, softc,
1187	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1188	if (error != 0) {
1189		printf("error creating CTL threshold thread!\n");
1190		ctl_pool_free(other_pool);
1191		return (error);
1192	}
1193	if (bootverbose)
1194		printf("ctl: CAM Target Layer loaded\n");
1195
1196	/*
1197	 * Initialize the ioctl front end.
1198	 */
1199	ctl_frontend_register(&ioctl_frontend);
1200	port = &softc->ioctl_info.port;
1201	port->frontend = &ioctl_frontend;
1202	sprintf(softc->ioctl_info.port_name, "ioctl");
1203	port->port_type = CTL_PORT_IOCTL;
1204	port->num_requested_ctl_io = 100;
1205	port->port_name = softc->ioctl_info.port_name;
1206	port->port_online = ctl_ioctl_online;
1207	port->port_offline = ctl_ioctl_offline;
1208	port->onoff_arg = &softc->ioctl_info;
1209	port->lun_enable = ctl_ioctl_lun_enable;
1210	port->lun_disable = ctl_ioctl_lun_disable;
1211	port->targ_lun_arg = &softc->ioctl_info;
1212	port->fe_datamove = ctl_ioctl_datamove;
1213	port->fe_done = ctl_ioctl_done;
1214	port->max_targets = 15;
1215	port->max_target_id = 15;
1216
1217	if (ctl_port_register(&softc->ioctl_info.port) != 0) {
1218		printf("ctl: ioctl front end registration failed, will "
1219		       "continue anyway\n");
1220	}
1221
1222	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1223	    OID_AUTO, "ha_state", CTLTYPE_INT | CTLFLAG_RWTUN,
1224	    softc, 0, ctl_ha_state_sysctl, "I", "HA state for this head");
1225
1226#ifdef CTL_IO_DELAY
1227	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1228		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1229		       sizeof(struct callout), CTL_TIMER_BYTES);
1230		return (EINVAL);
1231	}
1232#endif /* CTL_IO_DELAY */
1233
1234	return (0);
1235}
1236
1237void
1238ctl_shutdown(void)
1239{
1240	struct ctl_softc *softc;
1241	struct ctl_lun *lun, *next_lun;
1242
1243	softc = (struct ctl_softc *)control_softc;
1244
1245	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1246		printf("ctl: ioctl front end deregistration failed\n");
1247
1248	mtx_lock(&softc->ctl_lock);
1249
1250	/*
1251	 * Free up each LUN.
1252	 */
1253	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1254		next_lun = STAILQ_NEXT(lun, links);
1255		ctl_free_lun(lun);
1256	}
1257
1258	mtx_unlock(&softc->ctl_lock);
1259
1260	ctl_frontend_deregister(&ioctl_frontend);
1261
1262#if 0
1263	ctl_shutdown_thread(softc->work_thread);
1264	mtx_destroy(&softc->queue_lock);
1265#endif
1266
1267	ctl_tpc_shutdown(softc);
1268	uma_zdestroy(softc->io_zone);
1269	mtx_destroy(&softc->ctl_lock);
1270
1271	destroy_dev(softc->dev);
1272
1273	sysctl_ctx_free(&softc->sysctl_ctx);
1274
1275	free(control_softc, M_DEVBUF);
1276	control_softc = NULL;
1277
1278	if (bootverbose)
1279		printf("ctl: CAM Target Layer unloaded\n");
1280}
1281
1282static int
1283ctl_module_event_handler(module_t mod, int what, void *arg)
1284{
1285
1286	switch (what) {
1287	case MOD_LOAD:
1288		return (ctl_init());
1289	case MOD_UNLOAD:
1290		return (EBUSY);
1291	default:
1292		return (EOPNOTSUPP);
1293	}
1294}
1295
1296/*
1297 * XXX KDM should we do some access checks here?  Bump a reference count to
1298 * prevent a CTL module from being unloaded while someone has it open?
1299 */
1300static int
1301ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1302{
1303	return (0);
1304}
1305
1306static int
1307ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1308{
1309	return (0);
1310}
1311
1312int
1313ctl_port_enable(ctl_port_type port_type)
1314{
1315	struct ctl_softc *softc = control_softc;
1316	struct ctl_port *port;
1317
1318	if (softc->is_single == 0) {
1319		union ctl_ha_msg msg_info;
1320		int isc_retval;
1321
1322#if 0
1323		printf("%s: HA mode, synchronizing frontend enable\n",
1324		        __func__);
1325#endif
1326		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1327	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1328		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1329			printf("Sync msg send error retval %d\n", isc_retval);
1330		}
1331		if (!rcv_sync_msg) {
1332			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1333			        sizeof(msg_info), 1);
1334		}
1335#if 0
1336        	printf("CTL:Frontend Enable\n");
1337	} else {
1338		printf("%s: single mode, skipping frontend synchronization\n",
1339		        __func__);
1340#endif
1341	}
1342
1343	STAILQ_FOREACH(port, &softc->port_list, links) {
1344		if (port_type & port->port_type)
1345		{
1346#if 0
1347			printf("port %d\n", port->targ_port);
1348#endif
1349			ctl_port_online(port);
1350		}
1351	}
1352
1353	return (0);
1354}
1355
1356int
1357ctl_port_disable(ctl_port_type port_type)
1358{
1359	struct ctl_softc *softc;
1360	struct ctl_port *port;
1361
1362	softc = control_softc;
1363
1364	STAILQ_FOREACH(port, &softc->port_list, links) {
1365		if (port_type & port->port_type)
1366			ctl_port_offline(port);
1367	}
1368
1369	return (0);
1370}
1371
1372/*
1373 * Returns 0 for success, 1 for failure.
1374 * Currently the only failure mode is if there aren't enough entries
1375 * allocated.  So, in case of a failure, look at num_entries_dropped,
1376 * reallocate and try again.
1377 */
1378int
1379ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1380	      int *num_entries_filled, int *num_entries_dropped,
1381	      ctl_port_type port_type, int no_virtual)
1382{
1383	struct ctl_softc *softc;
1384	struct ctl_port *port;
1385	int entries_dropped, entries_filled;
1386	int retval;
1387	int i;
1388
1389	softc = control_softc;
1390
1391	retval = 0;
1392	entries_filled = 0;
1393	entries_dropped = 0;
1394
1395	i = 0;
1396	mtx_lock(&softc->ctl_lock);
1397	STAILQ_FOREACH(port, &softc->port_list, links) {
1398		struct ctl_port_entry *entry;
1399
1400		if ((port->port_type & port_type) == 0)
1401			continue;
1402
1403		if ((no_virtual != 0)
1404		 && (port->virtual_port != 0))
1405			continue;
1406
1407		if (entries_filled >= num_entries_alloced) {
1408			entries_dropped++;
1409			continue;
1410		}
1411		entry = &entries[i];
1412
1413		entry->port_type = port->port_type;
1414		strlcpy(entry->port_name, port->port_name,
1415			sizeof(entry->port_name));
1416		entry->physical_port = port->physical_port;
1417		entry->virtual_port = port->virtual_port;
1418		entry->wwnn = port->wwnn;
1419		entry->wwpn = port->wwpn;
1420
1421		i++;
1422		entries_filled++;
1423	}
1424
1425	mtx_unlock(&softc->ctl_lock);
1426
1427	if (entries_dropped > 0)
1428		retval = 1;
1429
1430	*num_entries_dropped = entries_dropped;
1431	*num_entries_filled = entries_filled;
1432
1433	return (retval);
1434}
1435
1436static void
1437ctl_ioctl_online(void *arg)
1438{
1439	struct ctl_ioctl_info *ioctl_info;
1440
1441	ioctl_info = (struct ctl_ioctl_info *)arg;
1442
1443	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1444}
1445
1446static void
1447ctl_ioctl_offline(void *arg)
1448{
1449	struct ctl_ioctl_info *ioctl_info;
1450
1451	ioctl_info = (struct ctl_ioctl_info *)arg;
1452
1453	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1454}
1455
1456/*
1457 * Remove an initiator by port number and initiator ID.
1458 * Returns 0 for success, -1 for failure.
1459 */
1460int
1461ctl_remove_initiator(struct ctl_port *port, int iid)
1462{
1463	struct ctl_softc *softc = control_softc;
1464
1465	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1466
1467	if (iid > CTL_MAX_INIT_PER_PORT) {
1468		printf("%s: initiator ID %u > maximun %u!\n",
1469		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1470		return (-1);
1471	}
1472
1473	mtx_lock(&softc->ctl_lock);
1474	port->wwpn_iid[iid].in_use--;
1475	port->wwpn_iid[iid].last_use = time_uptime;
1476	mtx_unlock(&softc->ctl_lock);
1477
1478	return (0);
1479}
1480
1481/*
1482 * Add an initiator to the initiator map.
1483 * Returns iid for success, < 0 for failure.
1484 */
1485int
1486ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1487{
1488	struct ctl_softc *softc = control_softc;
1489	time_t best_time;
1490	int i, best;
1491
1492	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1493
1494	if (iid >= CTL_MAX_INIT_PER_PORT) {
1495		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1496		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1497		free(name, M_CTL);
1498		return (-1);
1499	}
1500
1501	mtx_lock(&softc->ctl_lock);
1502
1503	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1504		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1505			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1506				iid = i;
1507				break;
1508			}
1509			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1510			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1511				iid = i;
1512				break;
1513			}
1514		}
1515	}
1516
1517	if (iid < 0) {
1518		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1519			if (port->wwpn_iid[i].in_use == 0 &&
1520			    port->wwpn_iid[i].wwpn == 0 &&
1521			    port->wwpn_iid[i].name == NULL) {
1522				iid = i;
1523				break;
1524			}
1525		}
1526	}
1527
1528	if (iid < 0) {
1529		best = -1;
1530		best_time = INT32_MAX;
1531		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1532			if (port->wwpn_iid[i].in_use == 0) {
1533				if (port->wwpn_iid[i].last_use < best_time) {
1534					best = i;
1535					best_time = port->wwpn_iid[i].last_use;
1536				}
1537			}
1538		}
1539		iid = best;
1540	}
1541
1542	if (iid < 0) {
1543		mtx_unlock(&softc->ctl_lock);
1544		free(name, M_CTL);
1545		return (-2);
1546	}
1547
1548	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1549		/*
1550		 * This is not an error yet.
1551		 */
1552		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1553#if 0
1554			printf("%s: port %d iid %u WWPN %#jx arrived"
1555			    " again\n", __func__, port->targ_port,
1556			    iid, (uintmax_t)wwpn);
1557#endif
1558			goto take;
1559		}
1560		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1561		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1562#if 0
1563			printf("%s: port %d iid %u name '%s' arrived"
1564			    " again\n", __func__, port->targ_port,
1565			    iid, name);
1566#endif
1567			goto take;
1568		}
1569
1570		/*
1571		 * This is an error, but what do we do about it?  The
1572		 * driver is telling us we have a new WWPN for this
1573		 * initiator ID, so we pretty much need to use it.
1574		 */
1575		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1576		    " but WWPN %#jx '%s' is still at that address\n",
1577		    __func__, port->targ_port, iid, wwpn, name,
1578		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1579		    port->wwpn_iid[iid].name);
1580
1581		/*
1582		 * XXX KDM clear have_ca and ua_pending on each LUN for
1583		 * this initiator.
1584		 */
1585	}
1586take:
1587	free(port->wwpn_iid[iid].name, M_CTL);
1588	port->wwpn_iid[iid].name = name;
1589	port->wwpn_iid[iid].wwpn = wwpn;
1590	port->wwpn_iid[iid].in_use++;
1591	mtx_unlock(&softc->ctl_lock);
1592
1593	return (iid);
1594}
1595
1596static int
1597ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1598{
1599	int len;
1600
1601	switch (port->port_type) {
1602	case CTL_PORT_FC:
1603	{
1604		struct scsi_transportid_fcp *id =
1605		    (struct scsi_transportid_fcp *)buf;
1606		if (port->wwpn_iid[iid].wwpn == 0)
1607			return (0);
1608		memset(id, 0, sizeof(*id));
1609		id->format_protocol = SCSI_PROTO_FC;
1610		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1611		return (sizeof(*id));
1612	}
1613	case CTL_PORT_ISCSI:
1614	{
1615		struct scsi_transportid_iscsi_port *id =
1616		    (struct scsi_transportid_iscsi_port *)buf;
1617		if (port->wwpn_iid[iid].name == NULL)
1618			return (0);
1619		memset(id, 0, 256);
1620		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1621		    SCSI_PROTO_ISCSI;
1622		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1623		len = roundup2(min(len, 252), 4);
1624		scsi_ulto2b(len, id->additional_length);
1625		return (sizeof(*id) + len);
1626	}
1627	case CTL_PORT_SAS:
1628	{
1629		struct scsi_transportid_sas *id =
1630		    (struct scsi_transportid_sas *)buf;
1631		if (port->wwpn_iid[iid].wwpn == 0)
1632			return (0);
1633		memset(id, 0, sizeof(*id));
1634		id->format_protocol = SCSI_PROTO_SAS;
1635		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1636		return (sizeof(*id));
1637	}
1638	default:
1639	{
1640		struct scsi_transportid_spi *id =
1641		    (struct scsi_transportid_spi *)buf;
1642		memset(id, 0, sizeof(*id));
1643		id->format_protocol = SCSI_PROTO_SPI;
1644		scsi_ulto2b(iid, id->scsi_addr);
1645		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1646		return (sizeof(*id));
1647	}
1648	}
1649}
1650
1651static int
1652ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1653{
1654	return (0);
1655}
1656
1657static int
1658ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1659{
1660	return (0);
1661}
1662
1663/*
1664 * Data movement routine for the CTL ioctl frontend port.
1665 */
1666static int
1667ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1668{
1669	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1670	struct ctl_sg_entry ext_entry, kern_entry;
1671	int ext_sglen, ext_sg_entries, kern_sg_entries;
1672	int ext_sg_start, ext_offset;
1673	int len_to_copy, len_copied;
1674	int kern_watermark, ext_watermark;
1675	int ext_sglist_malloced;
1676	int i, j;
1677
1678	ext_sglist_malloced = 0;
1679	ext_sg_start = 0;
1680	ext_offset = 0;
1681
1682	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1683
1684	/*
1685	 * If this flag is set, fake the data transfer.
1686	 */
1687	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1688		ctsio->ext_data_filled = ctsio->ext_data_len;
1689		goto bailout;
1690	}
1691
1692	/*
1693	 * To simplify things here, if we have a single buffer, stick it in
1694	 * a S/G entry and just make it a single entry S/G list.
1695	 */
1696	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1697		int len_seen;
1698
1699		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1700
1701		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1702							   M_WAITOK);
1703		ext_sglist_malloced = 1;
1704		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1705				   ext_sglen) != 0) {
1706			ctl_set_internal_failure(ctsio,
1707						 /*sks_valid*/ 0,
1708						 /*retry_count*/ 0);
1709			goto bailout;
1710		}
1711		ext_sg_entries = ctsio->ext_sg_entries;
1712		len_seen = 0;
1713		for (i = 0; i < ext_sg_entries; i++) {
1714			if ((len_seen + ext_sglist[i].len) >=
1715			     ctsio->ext_data_filled) {
1716				ext_sg_start = i;
1717				ext_offset = ctsio->ext_data_filled - len_seen;
1718				break;
1719			}
1720			len_seen += ext_sglist[i].len;
1721		}
1722	} else {
1723		ext_sglist = &ext_entry;
1724		ext_sglist->addr = ctsio->ext_data_ptr;
1725		ext_sglist->len = ctsio->ext_data_len;
1726		ext_sg_entries = 1;
1727		ext_sg_start = 0;
1728		ext_offset = ctsio->ext_data_filled;
1729	}
1730
1731	if (ctsio->kern_sg_entries > 0) {
1732		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1733		kern_sg_entries = ctsio->kern_sg_entries;
1734	} else {
1735		kern_sglist = &kern_entry;
1736		kern_sglist->addr = ctsio->kern_data_ptr;
1737		kern_sglist->len = ctsio->kern_data_len;
1738		kern_sg_entries = 1;
1739	}
1740
1741
1742	kern_watermark = 0;
1743	ext_watermark = ext_offset;
1744	len_copied = 0;
1745	for (i = ext_sg_start, j = 0;
1746	     i < ext_sg_entries && j < kern_sg_entries;) {
1747		uint8_t *ext_ptr, *kern_ptr;
1748
1749		len_to_copy = MIN(ext_sglist[i].len - ext_watermark,
1750				  kern_sglist[j].len - kern_watermark);
1751
1752		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1753		ext_ptr = ext_ptr + ext_watermark;
1754		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1755			/*
1756			 * XXX KDM fix this!
1757			 */
1758			panic("need to implement bus address support");
1759#if 0
1760			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1761#endif
1762		} else
1763			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1764		kern_ptr = kern_ptr + kern_watermark;
1765
1766		kern_watermark += len_to_copy;
1767		ext_watermark += len_to_copy;
1768
1769		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1770		     CTL_FLAG_DATA_IN) {
1771			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1772					 "bytes to user\n", len_to_copy));
1773			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1774					 "to %p\n", kern_ptr, ext_ptr));
1775			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1776				ctl_set_internal_failure(ctsio,
1777							 /*sks_valid*/ 0,
1778							 /*retry_count*/ 0);
1779				goto bailout;
1780			}
1781		} else {
1782			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1783					 "bytes from user\n", len_to_copy));
1784			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1785					 "to %p\n", ext_ptr, kern_ptr));
1786			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1787				ctl_set_internal_failure(ctsio,
1788							 /*sks_valid*/ 0,
1789							 /*retry_count*/0);
1790				goto bailout;
1791			}
1792		}
1793
1794		len_copied += len_to_copy;
1795
1796		if (ext_sglist[i].len == ext_watermark) {
1797			i++;
1798			ext_watermark = 0;
1799		}
1800
1801		if (kern_sglist[j].len == kern_watermark) {
1802			j++;
1803			kern_watermark = 0;
1804		}
1805	}
1806
1807	ctsio->ext_data_filled += len_copied;
1808
1809	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1810			 "kern_sg_entries: %d\n", ext_sg_entries,
1811			 kern_sg_entries));
1812	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1813			 "kern_data_len = %d\n", ctsio->ext_data_len,
1814			 ctsio->kern_data_len));
1815
1816
1817	/* XXX KDM set residual?? */
1818bailout:
1819
1820	if (ext_sglist_malloced != 0)
1821		free(ext_sglist, M_CTL);
1822
1823	return (CTL_RETVAL_COMPLETE);
1824}
1825
1826/*
1827 * Serialize a command that went down the "wrong" side, and so was sent to
1828 * this controller for execution.  The logic is a little different than the
1829 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1830 * sent back to the other side, but in the success case, we execute the
1831 * command on this side (XFER mode) or tell the other side to execute it
1832 * (SER_ONLY mode).
1833 */
1834static int
1835ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1836{
1837	struct ctl_softc *softc;
1838	union ctl_ha_msg msg_info;
1839	struct ctl_lun *lun;
1840	int retval = 0;
1841	uint32_t targ_lun;
1842
1843	softc = control_softc;
1844
1845	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1846	lun = softc->ctl_luns[targ_lun];
1847	if (lun==NULL)
1848	{
1849		/*
1850		 * Why isn't LUN defined? The other side wouldn't
1851		 * send a cmd if the LUN is undefined.
1852		 */
1853		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1854
1855		/* "Logical unit not supported" */
1856		ctl_set_sense_data(&msg_info.scsi.sense_data,
1857				   lun,
1858				   /*sense_format*/SSD_TYPE_NONE,
1859				   /*current_error*/ 1,
1860				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1861				   /*asc*/ 0x25,
1862				   /*ascq*/ 0x00,
1863				   SSD_ELEM_NONE);
1864
1865		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1866		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1867		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1868		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1869		msg_info.hdr.serializing_sc = NULL;
1870		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1871	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1872				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1873		}
1874		return(1);
1875
1876	}
1877
1878	mtx_lock(&lun->lun_lock);
1879    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1880
1881	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1882		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1883		 ooa_links))) {
1884	case CTL_ACTION_BLOCK:
1885		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1886		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1887				  blocked_links);
1888		break;
1889	case CTL_ACTION_PASS:
1890	case CTL_ACTION_SKIP:
1891		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1892			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1893			ctl_enqueue_rtr((union ctl_io *)ctsio);
1894		} else {
1895
1896			/* send msg back to other side */
1897			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1898			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1899			msg_info.hdr.msg_type = CTL_MSG_R2R;
1900#if 0
1901			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1902#endif
1903		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1904			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1905			}
1906		}
1907		break;
1908	case CTL_ACTION_OVERLAP:
1909		/* OVERLAPPED COMMANDS ATTEMPTED */
1910		ctl_set_sense_data(&msg_info.scsi.sense_data,
1911				   lun,
1912				   /*sense_format*/SSD_TYPE_NONE,
1913				   /*current_error*/ 1,
1914				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1915				   /*asc*/ 0x4E,
1916				   /*ascq*/ 0x00,
1917				   SSD_ELEM_NONE);
1918
1919		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1920		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1921		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1922		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1923		msg_info.hdr.serializing_sc = NULL;
1924		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1925#if 0
1926		printf("BAD JUJU:Major Bummer Overlap\n");
1927#endif
1928		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1929		retval = 1;
1930		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1931		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1932		}
1933		break;
1934	case CTL_ACTION_OVERLAP_TAG:
1935		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1936		ctl_set_sense_data(&msg_info.scsi.sense_data,
1937				   lun,
1938				   /*sense_format*/SSD_TYPE_NONE,
1939				   /*current_error*/ 1,
1940				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1941				   /*asc*/ 0x4D,
1942				   /*ascq*/ ctsio->tag_num & 0xff,
1943				   SSD_ELEM_NONE);
1944
1945		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1946		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1947		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1948		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1949		msg_info.hdr.serializing_sc = NULL;
1950		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1951#if 0
1952		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1953#endif
1954		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1955		retval = 1;
1956		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1957		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1958		}
1959		break;
1960	case CTL_ACTION_ERROR:
1961	default:
1962		/* "Internal target failure" */
1963		ctl_set_sense_data(&msg_info.scsi.sense_data,
1964				   lun,
1965				   /*sense_format*/SSD_TYPE_NONE,
1966				   /*current_error*/ 1,
1967				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1968				   /*asc*/ 0x44,
1969				   /*ascq*/ 0x00,
1970				   SSD_ELEM_NONE);
1971
1972		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1973		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1974		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1975		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1976		msg_info.hdr.serializing_sc = NULL;
1977		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1978#if 0
1979		printf("BAD JUJU:Major Bummer HW Error\n");
1980#endif
1981		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1982		retval = 1;
1983		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1984		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1985		}
1986		break;
1987	}
1988	mtx_unlock(&lun->lun_lock);
1989	return (retval);
1990}
1991
1992static int
1993ctl_ioctl_submit_wait(union ctl_io *io)
1994{
1995	struct ctl_fe_ioctl_params params;
1996	ctl_fe_ioctl_state last_state;
1997	int done, retval;
1998
1999	retval = 0;
2000
2001	bzero(&params, sizeof(params));
2002
2003	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
2004	cv_init(&params.sem, "ctlioccv");
2005	params.state = CTL_IOCTL_INPROG;
2006	last_state = params.state;
2007
2008	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
2009
2010	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
2011
2012	/* This shouldn't happen */
2013	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
2014		return (retval);
2015
2016	done = 0;
2017
2018	do {
2019		mtx_lock(&params.ioctl_mtx);
2020		/*
2021		 * Check the state here, and don't sleep if the state has
2022		 * already changed (i.e. wakeup has already occured, but we
2023		 * weren't waiting yet).
2024		 */
2025		if (params.state == last_state) {
2026			/* XXX KDM cv_wait_sig instead? */
2027			cv_wait(&params.sem, &params.ioctl_mtx);
2028		}
2029		last_state = params.state;
2030
2031		switch (params.state) {
2032		case CTL_IOCTL_INPROG:
2033			/* Why did we wake up? */
2034			/* XXX KDM error here? */
2035			mtx_unlock(&params.ioctl_mtx);
2036			break;
2037		case CTL_IOCTL_DATAMOVE:
2038			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
2039
2040			/*
2041			 * change last_state back to INPROG to avoid
2042			 * deadlock on subsequent data moves.
2043			 */
2044			params.state = last_state = CTL_IOCTL_INPROG;
2045
2046			mtx_unlock(&params.ioctl_mtx);
2047			ctl_ioctl_do_datamove(&io->scsiio);
2048			/*
2049			 * Note that in some cases, most notably writes,
2050			 * this will queue the I/O and call us back later.
2051			 * In other cases, generally reads, this routine
2052			 * will immediately call back and wake us up,
2053			 * probably using our own context.
2054			 */
2055			io->scsiio.be_move_done(io);
2056			break;
2057		case CTL_IOCTL_DONE:
2058			mtx_unlock(&params.ioctl_mtx);
2059			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
2060			done = 1;
2061			break;
2062		default:
2063			mtx_unlock(&params.ioctl_mtx);
2064			/* XXX KDM error here? */
2065			break;
2066		}
2067	} while (done == 0);
2068
2069	mtx_destroy(&params.ioctl_mtx);
2070	cv_destroy(&params.sem);
2071
2072	return (CTL_RETVAL_COMPLETE);
2073}
2074
2075static void
2076ctl_ioctl_datamove(union ctl_io *io)
2077{
2078	struct ctl_fe_ioctl_params *params;
2079
2080	params = (struct ctl_fe_ioctl_params *)
2081		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2082
2083	mtx_lock(&params->ioctl_mtx);
2084	params->state = CTL_IOCTL_DATAMOVE;
2085	cv_broadcast(&params->sem);
2086	mtx_unlock(&params->ioctl_mtx);
2087}
2088
2089static void
2090ctl_ioctl_done(union ctl_io *io)
2091{
2092	struct ctl_fe_ioctl_params *params;
2093
2094	params = (struct ctl_fe_ioctl_params *)
2095		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2096
2097	mtx_lock(&params->ioctl_mtx);
2098	params->state = CTL_IOCTL_DONE;
2099	cv_broadcast(&params->sem);
2100	mtx_unlock(&params->ioctl_mtx);
2101}
2102
2103static void
2104ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
2105{
2106	struct ctl_fe_ioctl_startstop_info *sd_info;
2107
2108	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
2109
2110	sd_info->hs_info.status = metatask->status;
2111	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
2112	sd_info->hs_info.luns_complete =
2113		metatask->taskinfo.startstop.luns_complete;
2114	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
2115
2116	cv_broadcast(&sd_info->sem);
2117}
2118
2119static void
2120ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
2121{
2122	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
2123
2124	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
2125
2126	mtx_lock(fe_bbr_info->lock);
2127	fe_bbr_info->bbr_info->status = metatask->status;
2128	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2129	fe_bbr_info->wakeup_done = 1;
2130	mtx_unlock(fe_bbr_info->lock);
2131
2132	cv_broadcast(&fe_bbr_info->sem);
2133}
2134
2135/*
2136 * Returns 0 for success, errno for failure.
2137 */
2138static int
2139ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2140		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2141{
2142	union ctl_io *io;
2143	int retval;
2144
2145	retval = 0;
2146
2147	mtx_lock(&lun->lun_lock);
2148	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2149	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2150	     ooa_links)) {
2151		struct ctl_ooa_entry *entry;
2152
2153		/*
2154		 * If we've got more than we can fit, just count the
2155		 * remaining entries.
2156		 */
2157		if (*cur_fill_num >= ooa_hdr->alloc_num)
2158			continue;
2159
2160		entry = &kern_entries[*cur_fill_num];
2161
2162		entry->tag_num = io->scsiio.tag_num;
2163		entry->lun_num = lun->lun;
2164#ifdef CTL_TIME_IO
2165		entry->start_bt = io->io_hdr.start_bt;
2166#endif
2167		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2168		entry->cdb_len = io->scsiio.cdb_len;
2169		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2170			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2171
2172		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2173			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2174
2175		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2176			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2177
2178		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2179			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2180
2181		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2182			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2183	}
2184	mtx_unlock(&lun->lun_lock);
2185
2186	return (retval);
2187}
2188
2189static void *
2190ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2191		 size_t error_str_len)
2192{
2193	void *kptr;
2194
2195	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2196
2197	if (copyin(user_addr, kptr, len) != 0) {
2198		snprintf(error_str, error_str_len, "Error copying %d bytes "
2199			 "from user address %p to kernel address %p", len,
2200			 user_addr, kptr);
2201		free(kptr, M_CTL);
2202		return (NULL);
2203	}
2204
2205	return (kptr);
2206}
2207
2208static void
2209ctl_free_args(int num_args, struct ctl_be_arg *args)
2210{
2211	int i;
2212
2213	if (args == NULL)
2214		return;
2215
2216	for (i = 0; i < num_args; i++) {
2217		free(args[i].kname, M_CTL);
2218		free(args[i].kvalue, M_CTL);
2219	}
2220
2221	free(args, M_CTL);
2222}
2223
2224static struct ctl_be_arg *
2225ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2226		char *error_str, size_t error_str_len)
2227{
2228	struct ctl_be_arg *args;
2229	int i;
2230
2231	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2232				error_str, error_str_len);
2233
2234	if (args == NULL)
2235		goto bailout;
2236
2237	for (i = 0; i < num_args; i++) {
2238		args[i].kname = NULL;
2239		args[i].kvalue = NULL;
2240	}
2241
2242	for (i = 0; i < num_args; i++) {
2243		uint8_t *tmpptr;
2244
2245		args[i].kname = ctl_copyin_alloc(args[i].name,
2246			args[i].namelen, error_str, error_str_len);
2247		if (args[i].kname == NULL)
2248			goto bailout;
2249
2250		if (args[i].kname[args[i].namelen - 1] != '\0') {
2251			snprintf(error_str, error_str_len, "Argument %d "
2252				 "name is not NUL-terminated", i);
2253			goto bailout;
2254		}
2255
2256		if (args[i].flags & CTL_BEARG_RD) {
2257			tmpptr = ctl_copyin_alloc(args[i].value,
2258				args[i].vallen, error_str, error_str_len);
2259			if (tmpptr == NULL)
2260				goto bailout;
2261			if ((args[i].flags & CTL_BEARG_ASCII)
2262			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2263				snprintf(error_str, error_str_len, "Argument "
2264				    "%d value is not NUL-terminated", i);
2265				goto bailout;
2266			}
2267			args[i].kvalue = tmpptr;
2268		} else {
2269			args[i].kvalue = malloc(args[i].vallen,
2270			    M_CTL, M_WAITOK | M_ZERO);
2271		}
2272	}
2273
2274	return (args);
2275bailout:
2276
2277	ctl_free_args(num_args, args);
2278
2279	return (NULL);
2280}
2281
2282static void
2283ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2284{
2285	int i;
2286
2287	for (i = 0; i < num_args; i++) {
2288		if (args[i].flags & CTL_BEARG_WR)
2289			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2290	}
2291}
2292
2293/*
2294 * Escape characters that are illegal or not recommended in XML.
2295 */
2296int
2297ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2298{
2299	char *end = str + size;
2300	int retval;
2301
2302	retval = 0;
2303
2304	for (; *str && str < end; str++) {
2305		switch (*str) {
2306		case '&':
2307			retval = sbuf_printf(sb, "&amp;");
2308			break;
2309		case '>':
2310			retval = sbuf_printf(sb, "&gt;");
2311			break;
2312		case '<':
2313			retval = sbuf_printf(sb, "&lt;");
2314			break;
2315		default:
2316			retval = sbuf_putc(sb, *str);
2317			break;
2318		}
2319
2320		if (retval != 0)
2321			break;
2322
2323	}
2324
2325	return (retval);
2326}
2327
2328static void
2329ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2330{
2331	struct scsi_vpd_id_descriptor *desc;
2332	int i;
2333
2334	if (id == NULL || id->len < 4)
2335		return;
2336	desc = (struct scsi_vpd_id_descriptor *)id->data;
2337	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2338	case SVPD_ID_TYPE_T10:
2339		sbuf_printf(sb, "t10.");
2340		break;
2341	case SVPD_ID_TYPE_EUI64:
2342		sbuf_printf(sb, "eui.");
2343		break;
2344	case SVPD_ID_TYPE_NAA:
2345		sbuf_printf(sb, "naa.");
2346		break;
2347	case SVPD_ID_TYPE_SCSI_NAME:
2348		break;
2349	}
2350	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2351	case SVPD_ID_CODESET_BINARY:
2352		for (i = 0; i < desc->length; i++)
2353			sbuf_printf(sb, "%02x", desc->identifier[i]);
2354		break;
2355	case SVPD_ID_CODESET_ASCII:
2356		sbuf_printf(sb, "%.*s", (int)desc->length,
2357		    (char *)desc->identifier);
2358		break;
2359	case SVPD_ID_CODESET_UTF8:
2360		sbuf_printf(sb, "%s", (char *)desc->identifier);
2361		break;
2362	}
2363}
2364
2365static int
2366ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2367	  struct thread *td)
2368{
2369	struct ctl_softc *softc;
2370	int retval;
2371
2372	softc = control_softc;
2373
2374	retval = 0;
2375
2376	switch (cmd) {
2377	case CTL_IO: {
2378		union ctl_io *io;
2379		void *pool_tmp;
2380
2381		/*
2382		 * If we haven't been "enabled", don't allow any SCSI I/O
2383		 * to this FETD.
2384		 */
2385		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2386			retval = EPERM;
2387			break;
2388		}
2389
2390		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2391
2392		/*
2393		 * Need to save the pool reference so it doesn't get
2394		 * spammed by the user's ctl_io.
2395		 */
2396		pool_tmp = io->io_hdr.pool;
2397		memcpy(io, (void *)addr, sizeof(*io));
2398		io->io_hdr.pool = pool_tmp;
2399
2400		/*
2401		 * No status yet, so make sure the status is set properly.
2402		 */
2403		io->io_hdr.status = CTL_STATUS_NONE;
2404
2405		/*
2406		 * The user sets the initiator ID, target and LUN IDs.
2407		 */
2408		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2409		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2410		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2411		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2412			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2413
2414		retval = ctl_ioctl_submit_wait(io);
2415
2416		if (retval != 0) {
2417			ctl_free_io(io);
2418			break;
2419		}
2420
2421		memcpy((void *)addr, io, sizeof(*io));
2422
2423		/* return this to our pool */
2424		ctl_free_io(io);
2425
2426		break;
2427	}
2428	case CTL_ENABLE_PORT:
2429	case CTL_DISABLE_PORT:
2430	case CTL_SET_PORT_WWNS: {
2431		struct ctl_port *port;
2432		struct ctl_port_entry *entry;
2433
2434		entry = (struct ctl_port_entry *)addr;
2435
2436		mtx_lock(&softc->ctl_lock);
2437		STAILQ_FOREACH(port, &softc->port_list, links) {
2438			int action, done;
2439
2440			action = 0;
2441			done = 0;
2442
2443			if ((entry->port_type == CTL_PORT_NONE)
2444			 && (entry->targ_port == port->targ_port)) {
2445				/*
2446				 * If the user only wants to enable or
2447				 * disable or set WWNs on a specific port,
2448				 * do the operation and we're done.
2449				 */
2450				action = 1;
2451				done = 1;
2452			} else if (entry->port_type & port->port_type) {
2453				/*
2454				 * Compare the user's type mask with the
2455				 * particular frontend type to see if we
2456				 * have a match.
2457				 */
2458				action = 1;
2459				done = 0;
2460
2461				/*
2462				 * Make sure the user isn't trying to set
2463				 * WWNs on multiple ports at the same time.
2464				 */
2465				if (cmd == CTL_SET_PORT_WWNS) {
2466					printf("%s: Can't set WWNs on "
2467					       "multiple ports\n", __func__);
2468					retval = EINVAL;
2469					break;
2470				}
2471			}
2472			if (action != 0) {
2473				/*
2474				 * XXX KDM we have to drop the lock here,
2475				 * because the online/offline operations
2476				 * can potentially block.  We need to
2477				 * reference count the frontends so they
2478				 * can't go away,
2479				 */
2480				mtx_unlock(&softc->ctl_lock);
2481
2482				if (cmd == CTL_ENABLE_PORT) {
2483					struct ctl_lun *lun;
2484
2485					STAILQ_FOREACH(lun, &softc->lun_list,
2486						       links) {
2487						port->lun_enable(port->targ_lun_arg,
2488						    lun->target,
2489						    lun->lun);
2490					}
2491
2492					ctl_port_online(port);
2493				} else if (cmd == CTL_DISABLE_PORT) {
2494					struct ctl_lun *lun;
2495
2496					ctl_port_offline(port);
2497
2498					STAILQ_FOREACH(lun, &softc->lun_list,
2499						       links) {
2500						port->lun_disable(
2501						    port->targ_lun_arg,
2502						    lun->target,
2503						    lun->lun);
2504					}
2505				}
2506
2507				mtx_lock(&softc->ctl_lock);
2508
2509				if (cmd == CTL_SET_PORT_WWNS)
2510					ctl_port_set_wwns(port,
2511					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2512					    1 : 0, entry->wwnn,
2513					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2514					    1 : 0, entry->wwpn);
2515			}
2516			if (done != 0)
2517				break;
2518		}
2519		mtx_unlock(&softc->ctl_lock);
2520		break;
2521	}
2522	case CTL_GET_PORT_LIST: {
2523		struct ctl_port *port;
2524		struct ctl_port_list *list;
2525		int i;
2526
2527		list = (struct ctl_port_list *)addr;
2528
2529		if (list->alloc_len != (list->alloc_num *
2530		    sizeof(struct ctl_port_entry))) {
2531			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2532			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2533			       "%zu\n", __func__, list->alloc_len,
2534			       list->alloc_num, sizeof(struct ctl_port_entry));
2535			retval = EINVAL;
2536			break;
2537		}
2538		list->fill_len = 0;
2539		list->fill_num = 0;
2540		list->dropped_num = 0;
2541		i = 0;
2542		mtx_lock(&softc->ctl_lock);
2543		STAILQ_FOREACH(port, &softc->port_list, links) {
2544			struct ctl_port_entry entry, *list_entry;
2545
2546			if (list->fill_num >= list->alloc_num) {
2547				list->dropped_num++;
2548				continue;
2549			}
2550
2551			entry.port_type = port->port_type;
2552			strlcpy(entry.port_name, port->port_name,
2553				sizeof(entry.port_name));
2554			entry.targ_port = port->targ_port;
2555			entry.physical_port = port->physical_port;
2556			entry.virtual_port = port->virtual_port;
2557			entry.wwnn = port->wwnn;
2558			entry.wwpn = port->wwpn;
2559			if (port->status & CTL_PORT_STATUS_ONLINE)
2560				entry.online = 1;
2561			else
2562				entry.online = 0;
2563
2564			list_entry = &list->entries[i];
2565
2566			retval = copyout(&entry, list_entry, sizeof(entry));
2567			if (retval != 0) {
2568				printf("%s: CTL_GET_PORT_LIST: copyout "
2569				       "returned %d\n", __func__, retval);
2570				break;
2571			}
2572			i++;
2573			list->fill_num++;
2574			list->fill_len += sizeof(entry);
2575		}
2576		mtx_unlock(&softc->ctl_lock);
2577
2578		/*
2579		 * If this is non-zero, we had a copyout fault, so there's
2580		 * probably no point in attempting to set the status inside
2581		 * the structure.
2582		 */
2583		if (retval != 0)
2584			break;
2585
2586		if (list->dropped_num > 0)
2587			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2588		else
2589			list->status = CTL_PORT_LIST_OK;
2590		break;
2591	}
2592	case CTL_DUMP_OOA: {
2593		struct ctl_lun *lun;
2594		union ctl_io *io;
2595		char printbuf[128];
2596		struct sbuf sb;
2597
2598		mtx_lock(&softc->ctl_lock);
2599		printf("Dumping OOA queues:\n");
2600		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2601			mtx_lock(&lun->lun_lock);
2602			for (io = (union ctl_io *)TAILQ_FIRST(
2603			     &lun->ooa_queue); io != NULL;
2604			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2605			     ooa_links)) {
2606				sbuf_new(&sb, printbuf, sizeof(printbuf),
2607					 SBUF_FIXEDLEN);
2608				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2609					    (intmax_t)lun->lun,
2610					    io->scsiio.tag_num,
2611					    (io->io_hdr.flags &
2612					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2613					    (io->io_hdr.flags &
2614					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2615					    (io->io_hdr.flags &
2616					    CTL_FLAG_ABORT) ? " ABORT" : "",
2617			                    (io->io_hdr.flags &
2618		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2619				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2620				sbuf_finish(&sb);
2621				printf("%s\n", sbuf_data(&sb));
2622			}
2623			mtx_unlock(&lun->lun_lock);
2624		}
2625		printf("OOA queues dump done\n");
2626		mtx_unlock(&softc->ctl_lock);
2627		break;
2628	}
2629	case CTL_GET_OOA: {
2630		struct ctl_lun *lun;
2631		struct ctl_ooa *ooa_hdr;
2632		struct ctl_ooa_entry *entries;
2633		uint32_t cur_fill_num;
2634
2635		ooa_hdr = (struct ctl_ooa *)addr;
2636
2637		if ((ooa_hdr->alloc_len == 0)
2638		 || (ooa_hdr->alloc_num == 0)) {
2639			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2640			       "must be non-zero\n", __func__,
2641			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2642			retval = EINVAL;
2643			break;
2644		}
2645
2646		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2647		    sizeof(struct ctl_ooa_entry))) {
2648			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2649			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2650			       __func__, ooa_hdr->alloc_len,
2651			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2652			retval = EINVAL;
2653			break;
2654		}
2655
2656		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2657		if (entries == NULL) {
2658			printf("%s: could not allocate %d bytes for OOA "
2659			       "dump\n", __func__, ooa_hdr->alloc_len);
2660			retval = ENOMEM;
2661			break;
2662		}
2663
2664		mtx_lock(&softc->ctl_lock);
2665		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2666		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2667		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2668			mtx_unlock(&softc->ctl_lock);
2669			free(entries, M_CTL);
2670			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2671			       __func__, (uintmax_t)ooa_hdr->lun_num);
2672			retval = EINVAL;
2673			break;
2674		}
2675
2676		cur_fill_num = 0;
2677
2678		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2679			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2680				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2681					ooa_hdr, entries);
2682				if (retval != 0)
2683					break;
2684			}
2685			if (retval != 0) {
2686				mtx_unlock(&softc->ctl_lock);
2687				free(entries, M_CTL);
2688				break;
2689			}
2690		} else {
2691			lun = softc->ctl_luns[ooa_hdr->lun_num];
2692
2693			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2694						    entries);
2695		}
2696		mtx_unlock(&softc->ctl_lock);
2697
2698		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2699		ooa_hdr->fill_len = ooa_hdr->fill_num *
2700			sizeof(struct ctl_ooa_entry);
2701		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2702		if (retval != 0) {
2703			printf("%s: error copying out %d bytes for OOA dump\n",
2704			       __func__, ooa_hdr->fill_len);
2705		}
2706
2707		getbintime(&ooa_hdr->cur_bt);
2708
2709		if (cur_fill_num > ooa_hdr->alloc_num) {
2710			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2711			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2712		} else {
2713			ooa_hdr->dropped_num = 0;
2714			ooa_hdr->status = CTL_OOA_OK;
2715		}
2716
2717		free(entries, M_CTL);
2718		break;
2719	}
2720	case CTL_CHECK_OOA: {
2721		union ctl_io *io;
2722		struct ctl_lun *lun;
2723		struct ctl_ooa_info *ooa_info;
2724
2725
2726		ooa_info = (struct ctl_ooa_info *)addr;
2727
2728		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2729			ooa_info->status = CTL_OOA_INVALID_LUN;
2730			break;
2731		}
2732		mtx_lock(&softc->ctl_lock);
2733		lun = softc->ctl_luns[ooa_info->lun_id];
2734		if (lun == NULL) {
2735			mtx_unlock(&softc->ctl_lock);
2736			ooa_info->status = CTL_OOA_INVALID_LUN;
2737			break;
2738		}
2739		mtx_lock(&lun->lun_lock);
2740		mtx_unlock(&softc->ctl_lock);
2741		ooa_info->num_entries = 0;
2742		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2743		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2744		     &io->io_hdr, ooa_links)) {
2745			ooa_info->num_entries++;
2746		}
2747		mtx_unlock(&lun->lun_lock);
2748
2749		ooa_info->status = CTL_OOA_SUCCESS;
2750
2751		break;
2752	}
2753	case CTL_HARD_START:
2754	case CTL_HARD_STOP: {
2755		struct ctl_fe_ioctl_startstop_info ss_info;
2756		struct cfi_metatask *metatask;
2757		struct mtx hs_mtx;
2758
2759		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2760
2761		cv_init(&ss_info.sem, "hard start/stop cv" );
2762
2763		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2764		if (metatask == NULL) {
2765			retval = ENOMEM;
2766			mtx_destroy(&hs_mtx);
2767			break;
2768		}
2769
2770		if (cmd == CTL_HARD_START)
2771			metatask->tasktype = CFI_TASK_STARTUP;
2772		else
2773			metatask->tasktype = CFI_TASK_SHUTDOWN;
2774
2775		metatask->callback = ctl_ioctl_hard_startstop_callback;
2776		metatask->callback_arg = &ss_info;
2777
2778		cfi_action(metatask);
2779
2780		/* Wait for the callback */
2781		mtx_lock(&hs_mtx);
2782		cv_wait_sig(&ss_info.sem, &hs_mtx);
2783		mtx_unlock(&hs_mtx);
2784
2785		/*
2786		 * All information has been copied from the metatask by the
2787		 * time cv_broadcast() is called, so we free the metatask here.
2788		 */
2789		cfi_free_metatask(metatask);
2790
2791		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2792
2793		mtx_destroy(&hs_mtx);
2794		break;
2795	}
2796	case CTL_BBRREAD: {
2797		struct ctl_bbrread_info *bbr_info;
2798		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2799		struct mtx bbr_mtx;
2800		struct cfi_metatask *metatask;
2801
2802		bbr_info = (struct ctl_bbrread_info *)addr;
2803
2804		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2805
2806		bzero(&bbr_mtx, sizeof(bbr_mtx));
2807		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2808
2809		fe_bbr_info.bbr_info = bbr_info;
2810		fe_bbr_info.lock = &bbr_mtx;
2811
2812		cv_init(&fe_bbr_info.sem, "BBR read cv");
2813		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2814
2815		if (metatask == NULL) {
2816			mtx_destroy(&bbr_mtx);
2817			cv_destroy(&fe_bbr_info.sem);
2818			retval = ENOMEM;
2819			break;
2820		}
2821		metatask->tasktype = CFI_TASK_BBRREAD;
2822		metatask->callback = ctl_ioctl_bbrread_callback;
2823		metatask->callback_arg = &fe_bbr_info;
2824		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2825		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2826		metatask->taskinfo.bbrread.len = bbr_info->len;
2827
2828		cfi_action(metatask);
2829
2830		mtx_lock(&bbr_mtx);
2831		while (fe_bbr_info.wakeup_done == 0)
2832			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2833		mtx_unlock(&bbr_mtx);
2834
2835		bbr_info->status = metatask->status;
2836		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2837		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2838		memcpy(&bbr_info->sense_data,
2839		       &metatask->taskinfo.bbrread.sense_data,
2840		       MIN(sizeof(bbr_info->sense_data),
2841			   sizeof(metatask->taskinfo.bbrread.sense_data)));
2842
2843		cfi_free_metatask(metatask);
2844
2845		mtx_destroy(&bbr_mtx);
2846		cv_destroy(&fe_bbr_info.sem);
2847
2848		break;
2849	}
2850	case CTL_DELAY_IO: {
2851		struct ctl_io_delay_info *delay_info;
2852#ifdef CTL_IO_DELAY
2853		struct ctl_lun *lun;
2854#endif /* CTL_IO_DELAY */
2855
2856		delay_info = (struct ctl_io_delay_info *)addr;
2857
2858#ifdef CTL_IO_DELAY
2859		mtx_lock(&softc->ctl_lock);
2860
2861		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2862		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2863			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2864		} else {
2865			lun = softc->ctl_luns[delay_info->lun_id];
2866			mtx_lock(&lun->lun_lock);
2867
2868			delay_info->status = CTL_DELAY_STATUS_OK;
2869
2870			switch (delay_info->delay_type) {
2871			case CTL_DELAY_TYPE_CONT:
2872				break;
2873			case CTL_DELAY_TYPE_ONESHOT:
2874				break;
2875			default:
2876				delay_info->status =
2877					CTL_DELAY_STATUS_INVALID_TYPE;
2878				break;
2879			}
2880
2881			switch (delay_info->delay_loc) {
2882			case CTL_DELAY_LOC_DATAMOVE:
2883				lun->delay_info.datamove_type =
2884					delay_info->delay_type;
2885				lun->delay_info.datamove_delay =
2886					delay_info->delay_secs;
2887				break;
2888			case CTL_DELAY_LOC_DONE:
2889				lun->delay_info.done_type =
2890					delay_info->delay_type;
2891				lun->delay_info.done_delay =
2892					delay_info->delay_secs;
2893				break;
2894			default:
2895				delay_info->status =
2896					CTL_DELAY_STATUS_INVALID_LOC;
2897				break;
2898			}
2899			mtx_unlock(&lun->lun_lock);
2900		}
2901
2902		mtx_unlock(&softc->ctl_lock);
2903#else
2904		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2905#endif /* CTL_IO_DELAY */
2906		break;
2907	}
2908	case CTL_REALSYNC_SET: {
2909		int *syncstate;
2910
2911		syncstate = (int *)addr;
2912
2913		mtx_lock(&softc->ctl_lock);
2914		switch (*syncstate) {
2915		case 0:
2916			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2917			break;
2918		case 1:
2919			softc->flags |= CTL_FLAG_REAL_SYNC;
2920			break;
2921		default:
2922			retval = EINVAL;
2923			break;
2924		}
2925		mtx_unlock(&softc->ctl_lock);
2926		break;
2927	}
2928	case CTL_REALSYNC_GET: {
2929		int *syncstate;
2930
2931		syncstate = (int*)addr;
2932
2933		mtx_lock(&softc->ctl_lock);
2934		if (softc->flags & CTL_FLAG_REAL_SYNC)
2935			*syncstate = 1;
2936		else
2937			*syncstate = 0;
2938		mtx_unlock(&softc->ctl_lock);
2939
2940		break;
2941	}
2942	case CTL_SETSYNC:
2943	case CTL_GETSYNC: {
2944		struct ctl_sync_info *sync_info;
2945		struct ctl_lun *lun;
2946
2947		sync_info = (struct ctl_sync_info *)addr;
2948
2949		mtx_lock(&softc->ctl_lock);
2950		lun = softc->ctl_luns[sync_info->lun_id];
2951		if (lun == NULL) {
2952			mtx_unlock(&softc->ctl_lock);
2953			sync_info->status = CTL_GS_SYNC_NO_LUN;
2954		}
2955		/*
2956		 * Get or set the sync interval.  We're not bounds checking
2957		 * in the set case, hopefully the user won't do something
2958		 * silly.
2959		 */
2960		mtx_lock(&lun->lun_lock);
2961		mtx_unlock(&softc->ctl_lock);
2962		if (cmd == CTL_GETSYNC)
2963			sync_info->sync_interval = lun->sync_interval;
2964		else
2965			lun->sync_interval = sync_info->sync_interval;
2966		mtx_unlock(&lun->lun_lock);
2967
2968		sync_info->status = CTL_GS_SYNC_OK;
2969
2970		break;
2971	}
2972	case CTL_GETSTATS: {
2973		struct ctl_stats *stats;
2974		struct ctl_lun *lun;
2975		int i;
2976
2977		stats = (struct ctl_stats *)addr;
2978
2979		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2980		     stats->alloc_len) {
2981			stats->status = CTL_SS_NEED_MORE_SPACE;
2982			stats->num_luns = softc->num_luns;
2983			break;
2984		}
2985		/*
2986		 * XXX KDM no locking here.  If the LUN list changes,
2987		 * things can blow up.
2988		 */
2989		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2990		     i++, lun = STAILQ_NEXT(lun, links)) {
2991			retval = copyout(&lun->stats, &stats->lun_stats[i],
2992					 sizeof(lun->stats));
2993			if (retval != 0)
2994				break;
2995		}
2996		stats->num_luns = softc->num_luns;
2997		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2998				 softc->num_luns;
2999		stats->status = CTL_SS_OK;
3000#ifdef CTL_TIME_IO
3001		stats->flags = CTL_STATS_FLAG_TIME_VALID;
3002#else
3003		stats->flags = CTL_STATS_FLAG_NONE;
3004#endif
3005		getnanouptime(&stats->timestamp);
3006		break;
3007	}
3008	case CTL_ERROR_INJECT: {
3009		struct ctl_error_desc *err_desc, *new_err_desc;
3010		struct ctl_lun *lun;
3011
3012		err_desc = (struct ctl_error_desc *)addr;
3013
3014		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
3015				      M_WAITOK | M_ZERO);
3016		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
3017
3018		mtx_lock(&softc->ctl_lock);
3019		lun = softc->ctl_luns[err_desc->lun_id];
3020		if (lun == NULL) {
3021			mtx_unlock(&softc->ctl_lock);
3022			free(new_err_desc, M_CTL);
3023			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
3024			       __func__, (uintmax_t)err_desc->lun_id);
3025			retval = EINVAL;
3026			break;
3027		}
3028		mtx_lock(&lun->lun_lock);
3029		mtx_unlock(&softc->ctl_lock);
3030
3031		/*
3032		 * We could do some checking here to verify the validity
3033		 * of the request, but given the complexity of error
3034		 * injection requests, the checking logic would be fairly
3035		 * complex.
3036		 *
3037		 * For now, if the request is invalid, it just won't get
3038		 * executed and might get deleted.
3039		 */
3040		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
3041
3042		/*
3043		 * XXX KDM check to make sure the serial number is unique,
3044		 * in case we somehow manage to wrap.  That shouldn't
3045		 * happen for a very long time, but it's the right thing to
3046		 * do.
3047		 */
3048		new_err_desc->serial = lun->error_serial;
3049		err_desc->serial = lun->error_serial;
3050		lun->error_serial++;
3051
3052		mtx_unlock(&lun->lun_lock);
3053		break;
3054	}
3055	case CTL_ERROR_INJECT_DELETE: {
3056		struct ctl_error_desc *delete_desc, *desc, *desc2;
3057		struct ctl_lun *lun;
3058		int delete_done;
3059
3060		delete_desc = (struct ctl_error_desc *)addr;
3061		delete_done = 0;
3062
3063		mtx_lock(&softc->ctl_lock);
3064		lun = softc->ctl_luns[delete_desc->lun_id];
3065		if (lun == NULL) {
3066			mtx_unlock(&softc->ctl_lock);
3067			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
3068			       __func__, (uintmax_t)delete_desc->lun_id);
3069			retval = EINVAL;
3070			break;
3071		}
3072		mtx_lock(&lun->lun_lock);
3073		mtx_unlock(&softc->ctl_lock);
3074		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
3075			if (desc->serial != delete_desc->serial)
3076				continue;
3077
3078			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
3079				      links);
3080			free(desc, M_CTL);
3081			delete_done = 1;
3082		}
3083		mtx_unlock(&lun->lun_lock);
3084		if (delete_done == 0) {
3085			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
3086			       "error serial %ju on LUN %u\n", __func__,
3087			       delete_desc->serial, delete_desc->lun_id);
3088			retval = EINVAL;
3089			break;
3090		}
3091		break;
3092	}
3093	case CTL_DUMP_STRUCTS: {
3094		int i, j, k;
3095		struct ctl_port *port;
3096		struct ctl_frontend *fe;
3097
3098		mtx_lock(&softc->ctl_lock);
3099		printf("CTL Persistent Reservation information start:\n");
3100		for (i = 0; i < CTL_MAX_LUNS; i++) {
3101			struct ctl_lun *lun;
3102
3103			lun = softc->ctl_luns[i];
3104
3105			if ((lun == NULL)
3106			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3107				continue;
3108
3109			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
3110				if (lun->pr_keys[j] == NULL)
3111					continue;
3112				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3113					if (lun->pr_keys[j][k] == 0)
3114						continue;
3115					printf("  LUN %d port %d iid %d key "
3116					       "%#jx\n", i, j, k,
3117					       (uintmax_t)lun->pr_keys[j][k]);
3118				}
3119			}
3120		}
3121		printf("CTL Persistent Reservation information end\n");
3122		printf("CTL Ports:\n");
3123		STAILQ_FOREACH(port, &softc->port_list, links) {
3124			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3125			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3126			       port->frontend->name, port->port_type,
3127			       port->physical_port, port->virtual_port,
3128			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3129			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3130				if (port->wwpn_iid[j].in_use == 0 &&
3131				    port->wwpn_iid[j].wwpn == 0 &&
3132				    port->wwpn_iid[j].name == NULL)
3133					continue;
3134
3135				printf("    iid %u use %d WWPN %#jx '%s'\n",
3136				    j, port->wwpn_iid[j].in_use,
3137				    (uintmax_t)port->wwpn_iid[j].wwpn,
3138				    port->wwpn_iid[j].name);
3139			}
3140		}
3141		printf("CTL Port information end\n");
3142		mtx_unlock(&softc->ctl_lock);
3143		/*
3144		 * XXX KDM calling this without a lock.  We'd likely want
3145		 * to drop the lock before calling the frontend's dump
3146		 * routine anyway.
3147		 */
3148		printf("CTL Frontends:\n");
3149		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3150			printf("  Frontend '%s'\n", fe->name);
3151			if (fe->fe_dump != NULL)
3152				fe->fe_dump();
3153		}
3154		printf("CTL Frontend information end\n");
3155		break;
3156	}
3157	case CTL_LUN_REQ: {
3158		struct ctl_lun_req *lun_req;
3159		struct ctl_backend_driver *backend;
3160
3161		lun_req = (struct ctl_lun_req *)addr;
3162
3163		backend = ctl_backend_find(lun_req->backend);
3164		if (backend == NULL) {
3165			lun_req->status = CTL_LUN_ERROR;
3166			snprintf(lun_req->error_str,
3167				 sizeof(lun_req->error_str),
3168				 "Backend \"%s\" not found.",
3169				 lun_req->backend);
3170			break;
3171		}
3172		if (lun_req->num_be_args > 0) {
3173			lun_req->kern_be_args = ctl_copyin_args(
3174				lun_req->num_be_args,
3175				lun_req->be_args,
3176				lun_req->error_str,
3177				sizeof(lun_req->error_str));
3178			if (lun_req->kern_be_args == NULL) {
3179				lun_req->status = CTL_LUN_ERROR;
3180				break;
3181			}
3182		}
3183
3184		retval = backend->ioctl(dev, cmd, addr, flag, td);
3185
3186		if (lun_req->num_be_args > 0) {
3187			ctl_copyout_args(lun_req->num_be_args,
3188				      lun_req->kern_be_args);
3189			ctl_free_args(lun_req->num_be_args,
3190				      lun_req->kern_be_args);
3191		}
3192		break;
3193	}
3194	case CTL_LUN_LIST: {
3195		struct sbuf *sb;
3196		struct ctl_lun *lun;
3197		struct ctl_lun_list *list;
3198		struct ctl_option *opt;
3199
3200		list = (struct ctl_lun_list *)addr;
3201
3202		/*
3203		 * Allocate a fixed length sbuf here, based on the length
3204		 * of the user's buffer.  We could allocate an auto-extending
3205		 * buffer, and then tell the user how much larger our
3206		 * amount of data is than his buffer, but that presents
3207		 * some problems:
3208		 *
3209		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3210		 *     we can't hold a lock while calling them with an
3211		 *     auto-extending buffer.
3212 		 *
3213		 * 2.  There is not currently a LUN reference counting
3214		 *     mechanism, outside of outstanding transactions on
3215		 *     the LUN's OOA queue.  So a LUN could go away on us
3216		 *     while we're getting the LUN number, backend-specific
3217		 *     information, etc.  Thus, given the way things
3218		 *     currently work, we need to hold the CTL lock while
3219		 *     grabbing LUN information.
3220		 *
3221		 * So, from the user's standpoint, the best thing to do is
3222		 * allocate what he thinks is a reasonable buffer length,
3223		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3224		 * double the buffer length and try again.  (And repeat
3225		 * that until he succeeds.)
3226		 */
3227		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3228		if (sb == NULL) {
3229			list->status = CTL_LUN_LIST_ERROR;
3230			snprintf(list->error_str, sizeof(list->error_str),
3231				 "Unable to allocate %d bytes for LUN list",
3232				 list->alloc_len);
3233			break;
3234		}
3235
3236		sbuf_printf(sb, "<ctllunlist>\n");
3237
3238		mtx_lock(&softc->ctl_lock);
3239		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3240			mtx_lock(&lun->lun_lock);
3241			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3242					     (uintmax_t)lun->lun);
3243
3244			/*
3245			 * Bail out as soon as we see that we've overfilled
3246			 * the buffer.
3247			 */
3248			if (retval != 0)
3249				break;
3250
3251			retval = sbuf_printf(sb, "\t<backend_type>%s"
3252					     "</backend_type>\n",
3253					     (lun->backend == NULL) ?  "none" :
3254					     lun->backend->name);
3255
3256			if (retval != 0)
3257				break;
3258
3259			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3260					     lun->be_lun->lun_type);
3261
3262			if (retval != 0)
3263				break;
3264
3265			if (lun->backend == NULL) {
3266				retval = sbuf_printf(sb, "</lun>\n");
3267				if (retval != 0)
3268					break;
3269				continue;
3270			}
3271
3272			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3273					     (lun->be_lun->maxlba > 0) ?
3274					     lun->be_lun->maxlba + 1 : 0);
3275
3276			if (retval != 0)
3277				break;
3278
3279			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3280					     lun->be_lun->blocksize);
3281
3282			if (retval != 0)
3283				break;
3284
3285			retval = sbuf_printf(sb, "\t<serial_number>");
3286
3287			if (retval != 0)
3288				break;
3289
3290			retval = ctl_sbuf_printf_esc(sb,
3291			    lun->be_lun->serial_num,
3292			    sizeof(lun->be_lun->serial_num));
3293
3294			if (retval != 0)
3295				break;
3296
3297			retval = sbuf_printf(sb, "</serial_number>\n");
3298
3299			if (retval != 0)
3300				break;
3301
3302			retval = sbuf_printf(sb, "\t<device_id>");
3303
3304			if (retval != 0)
3305				break;
3306
3307			retval = ctl_sbuf_printf_esc(sb,
3308			    lun->be_lun->device_id,
3309			    sizeof(lun->be_lun->device_id));
3310
3311			if (retval != 0)
3312				break;
3313
3314			retval = sbuf_printf(sb, "</device_id>\n");
3315
3316			if (retval != 0)
3317				break;
3318
3319			if (lun->backend->lun_info != NULL) {
3320				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3321				if (retval != 0)
3322					break;
3323			}
3324			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3325				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3326				    opt->name, opt->value, opt->name);
3327				if (retval != 0)
3328					break;
3329			}
3330
3331			retval = sbuf_printf(sb, "</lun>\n");
3332
3333			if (retval != 0)
3334				break;
3335			mtx_unlock(&lun->lun_lock);
3336		}
3337		if (lun != NULL)
3338			mtx_unlock(&lun->lun_lock);
3339		mtx_unlock(&softc->ctl_lock);
3340
3341		if ((retval != 0)
3342		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3343			retval = 0;
3344			sbuf_delete(sb);
3345			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3346			snprintf(list->error_str, sizeof(list->error_str),
3347				 "Out of space, %d bytes is too small",
3348				 list->alloc_len);
3349			break;
3350		}
3351
3352		sbuf_finish(sb);
3353
3354		retval = copyout(sbuf_data(sb), list->lun_xml,
3355				 sbuf_len(sb) + 1);
3356
3357		list->fill_len = sbuf_len(sb) + 1;
3358		list->status = CTL_LUN_LIST_OK;
3359		sbuf_delete(sb);
3360		break;
3361	}
3362	case CTL_ISCSI: {
3363		struct ctl_iscsi *ci;
3364		struct ctl_frontend *fe;
3365
3366		ci = (struct ctl_iscsi *)addr;
3367
3368		fe = ctl_frontend_find("iscsi");
3369		if (fe == NULL) {
3370			ci->status = CTL_ISCSI_ERROR;
3371			snprintf(ci->error_str, sizeof(ci->error_str),
3372			    "Frontend \"iscsi\" not found.");
3373			break;
3374		}
3375
3376		retval = fe->ioctl(dev, cmd, addr, flag, td);
3377		break;
3378	}
3379	case CTL_PORT_REQ: {
3380		struct ctl_req *req;
3381		struct ctl_frontend *fe;
3382
3383		req = (struct ctl_req *)addr;
3384
3385		fe = ctl_frontend_find(req->driver);
3386		if (fe == NULL) {
3387			req->status = CTL_LUN_ERROR;
3388			snprintf(req->error_str, sizeof(req->error_str),
3389			    "Frontend \"%s\" not found.", req->driver);
3390			break;
3391		}
3392		if (req->num_args > 0) {
3393			req->kern_args = ctl_copyin_args(req->num_args,
3394			    req->args, req->error_str, sizeof(req->error_str));
3395			if (req->kern_args == NULL) {
3396				req->status = CTL_LUN_ERROR;
3397				break;
3398			}
3399		}
3400
3401		retval = fe->ioctl(dev, cmd, addr, flag, td);
3402
3403		if (req->num_args > 0) {
3404			ctl_copyout_args(req->num_args, req->kern_args);
3405			ctl_free_args(req->num_args, req->kern_args);
3406		}
3407		break;
3408	}
3409	case CTL_PORT_LIST: {
3410		struct sbuf *sb;
3411		struct ctl_port *port;
3412		struct ctl_lun_list *list;
3413		struct ctl_option *opt;
3414		int j;
3415		uint32_t plun;
3416
3417		list = (struct ctl_lun_list *)addr;
3418
3419		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3420		if (sb == NULL) {
3421			list->status = CTL_LUN_LIST_ERROR;
3422			snprintf(list->error_str, sizeof(list->error_str),
3423				 "Unable to allocate %d bytes for LUN list",
3424				 list->alloc_len);
3425			break;
3426		}
3427
3428		sbuf_printf(sb, "<ctlportlist>\n");
3429
3430		mtx_lock(&softc->ctl_lock);
3431		STAILQ_FOREACH(port, &softc->port_list, links) {
3432			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3433					     (uintmax_t)port->targ_port);
3434
3435			/*
3436			 * Bail out as soon as we see that we've overfilled
3437			 * the buffer.
3438			 */
3439			if (retval != 0)
3440				break;
3441
3442			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3443			    "</frontend_type>\n", port->frontend->name);
3444			if (retval != 0)
3445				break;
3446
3447			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3448					     port->port_type);
3449			if (retval != 0)
3450				break;
3451
3452			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3453			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3454			if (retval != 0)
3455				break;
3456
3457			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3458			    port->port_name);
3459			if (retval != 0)
3460				break;
3461
3462			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3463			    port->physical_port);
3464			if (retval != 0)
3465				break;
3466
3467			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3468			    port->virtual_port);
3469			if (retval != 0)
3470				break;
3471
3472			if (port->target_devid != NULL) {
3473				sbuf_printf(sb, "\t<target>");
3474				ctl_id_sbuf(port->target_devid, sb);
3475				sbuf_printf(sb, "</target>\n");
3476			}
3477
3478			if (port->port_devid != NULL) {
3479				sbuf_printf(sb, "\t<port>");
3480				ctl_id_sbuf(port->port_devid, sb);
3481				sbuf_printf(sb, "</port>\n");
3482			}
3483
3484			if (port->port_info != NULL) {
3485				retval = port->port_info(port->onoff_arg, sb);
3486				if (retval != 0)
3487					break;
3488			}
3489			STAILQ_FOREACH(opt, &port->options, links) {
3490				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3491				    opt->name, opt->value, opt->name);
3492				if (retval != 0)
3493					break;
3494			}
3495
3496			if (port->lun_map != NULL) {
3497				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3498				for (j = 0; j < CTL_MAX_LUNS; j++) {
3499					plun = ctl_lun_map_from_port(port, j);
3500					if (plun >= CTL_MAX_LUNS)
3501						continue;
3502					sbuf_printf(sb,
3503					    "\t<lun id=\"%u\">%u</lun>\n",
3504					    j, plun);
3505				}
3506			}
3507
3508			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3509				if (port->wwpn_iid[j].in_use == 0 ||
3510				    (port->wwpn_iid[j].wwpn == 0 &&
3511				     port->wwpn_iid[j].name == NULL))
3512					continue;
3513
3514				if (port->wwpn_iid[j].name != NULL)
3515					retval = sbuf_printf(sb,
3516					    "\t<initiator id=\"%u\">%s</initiator>\n",
3517					    j, port->wwpn_iid[j].name);
3518				else
3519					retval = sbuf_printf(sb,
3520					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3521					    j, port->wwpn_iid[j].wwpn);
3522				if (retval != 0)
3523					break;
3524			}
3525			if (retval != 0)
3526				break;
3527
3528			retval = sbuf_printf(sb, "</targ_port>\n");
3529			if (retval != 0)
3530				break;
3531		}
3532		mtx_unlock(&softc->ctl_lock);
3533
3534		if ((retval != 0)
3535		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3536			retval = 0;
3537			sbuf_delete(sb);
3538			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3539			snprintf(list->error_str, sizeof(list->error_str),
3540				 "Out of space, %d bytes is too small",
3541				 list->alloc_len);
3542			break;
3543		}
3544
3545		sbuf_finish(sb);
3546
3547		retval = copyout(sbuf_data(sb), list->lun_xml,
3548				 sbuf_len(sb) + 1);
3549
3550		list->fill_len = sbuf_len(sb) + 1;
3551		list->status = CTL_LUN_LIST_OK;
3552		sbuf_delete(sb);
3553		break;
3554	}
3555	case CTL_LUN_MAP: {
3556		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3557		struct ctl_port *port;
3558
3559		mtx_lock(&softc->ctl_lock);
3560		if (lm->port >= CTL_MAX_PORTS ||
3561		    (port = softc->ctl_ports[lm->port]) == NULL) {
3562			mtx_unlock(&softc->ctl_lock);
3563			return (ENXIO);
3564		}
3565		if (lm->plun < CTL_MAX_LUNS) {
3566			if (lm->lun == UINT32_MAX)
3567				retval = ctl_lun_map_unset(port, lm->plun);
3568			else if (lm->lun < CTL_MAX_LUNS &&
3569			    softc->ctl_luns[lm->lun] != NULL)
3570				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3571			else {
3572				mtx_unlock(&softc->ctl_lock);
3573				return (ENXIO);
3574			}
3575		} else if (lm->plun == UINT32_MAX) {
3576			if (lm->lun == UINT32_MAX)
3577				retval = ctl_lun_map_deinit(port);
3578			else
3579				retval = ctl_lun_map_init(port);
3580		} else {
3581			mtx_unlock(&softc->ctl_lock);
3582			return (ENXIO);
3583		}
3584		mtx_unlock(&softc->ctl_lock);
3585		break;
3586	}
3587	default: {
3588		/* XXX KDM should we fix this? */
3589#if 0
3590		struct ctl_backend_driver *backend;
3591		unsigned int type;
3592		int found;
3593
3594		found = 0;
3595
3596		/*
3597		 * We encode the backend type as the ioctl type for backend
3598		 * ioctls.  So parse it out here, and then search for a
3599		 * backend of this type.
3600		 */
3601		type = _IOC_TYPE(cmd);
3602
3603		STAILQ_FOREACH(backend, &softc->be_list, links) {
3604			if (backend->type == type) {
3605				found = 1;
3606				break;
3607			}
3608		}
3609		if (found == 0) {
3610			printf("ctl: unknown ioctl command %#lx or backend "
3611			       "%d\n", cmd, type);
3612			retval = EINVAL;
3613			break;
3614		}
3615		retval = backend->ioctl(dev, cmd, addr, flag, td);
3616#endif
3617		retval = ENOTTY;
3618		break;
3619	}
3620	}
3621	return (retval);
3622}
3623
3624uint32_t
3625ctl_get_initindex(struct ctl_nexus *nexus)
3626{
3627	if (nexus->targ_port < CTL_MAX_PORTS)
3628		return (nexus->initid.id +
3629			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3630	else
3631		return (nexus->initid.id +
3632		       ((nexus->targ_port - CTL_MAX_PORTS) *
3633			CTL_MAX_INIT_PER_PORT));
3634}
3635
3636uint32_t
3637ctl_get_resindex(struct ctl_nexus *nexus)
3638{
3639	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3640}
3641
3642uint32_t
3643ctl_port_idx(int port_num)
3644{
3645	if (port_num < CTL_MAX_PORTS)
3646		return(port_num);
3647	else
3648		return(port_num - CTL_MAX_PORTS);
3649}
3650
3651int
3652ctl_lun_map_init(struct ctl_port *port)
3653{
3654	uint32_t i;
3655
3656	if (port->lun_map == NULL)
3657		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3658		    M_CTL, M_NOWAIT);
3659	if (port->lun_map == NULL)
3660		return (ENOMEM);
3661	for (i = 0; i < CTL_MAX_LUNS; i++)
3662		port->lun_map[i] = UINT32_MAX;
3663	return (0);
3664}
3665
3666int
3667ctl_lun_map_deinit(struct ctl_port *port)
3668{
3669
3670	if (port->lun_map == NULL)
3671		return (0);
3672	free(port->lun_map, M_CTL);
3673	port->lun_map = NULL;
3674	return (0);
3675}
3676
3677int
3678ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3679{
3680	int status;
3681
3682	if (port->lun_map == NULL) {
3683		status = ctl_lun_map_init(port);
3684		if (status != 0)
3685			return (status);
3686	}
3687	port->lun_map[plun] = glun;
3688	return (0);
3689}
3690
3691int
3692ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3693{
3694
3695	if (port->lun_map == NULL)
3696		return (0);
3697	port->lun_map[plun] = UINT32_MAX;
3698	return (0);
3699}
3700
3701int
3702ctl_lun_map_unsetg(struct ctl_port *port, uint32_t glun)
3703{
3704	int i;
3705
3706	if (port->lun_map == NULL)
3707		return (0);
3708	for (i = 0; i < CTL_MAX_LUNS; i++) {
3709		if (port->lun_map[i] == glun)
3710			port->lun_map[i] = UINT32_MAX;
3711	}
3712	return (0);
3713}
3714
3715uint32_t
3716ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3717{
3718
3719	if (port == NULL)
3720		return (UINT32_MAX);
3721	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3722		return (lun_id);
3723	return (port->lun_map[lun_id]);
3724}
3725
3726uint32_t
3727ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3728{
3729	uint32_t i;
3730
3731	if (port == NULL)
3732		return (UINT32_MAX);
3733	if (port->lun_map == NULL)
3734		return (lun_id);
3735	for (i = 0; i < CTL_MAX_LUNS; i++) {
3736		if (port->lun_map[i] == lun_id)
3737			return (i);
3738	}
3739	return (UINT32_MAX);
3740}
3741
3742static struct ctl_port *
3743ctl_io_port(struct ctl_io_hdr *io_hdr)
3744{
3745	int port_num;
3746
3747	port_num = io_hdr->nexus.targ_port;
3748	return (control_softc->ctl_ports[ctl_port_idx(port_num)]);
3749}
3750
3751/*
3752 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3753 * that are a power of 2.
3754 */
3755int
3756ctl_ffz(uint32_t *mask, uint32_t size)
3757{
3758	uint32_t num_chunks, num_pieces;
3759	int i, j;
3760
3761	num_chunks = (size >> 5);
3762	if (num_chunks == 0)
3763		num_chunks++;
3764	num_pieces = MIN((sizeof(uint32_t) * 8), size);
3765
3766	for (i = 0; i < num_chunks; i++) {
3767		for (j = 0; j < num_pieces; j++) {
3768			if ((mask[i] & (1 << j)) == 0)
3769				return ((i << 5) + j);
3770		}
3771	}
3772
3773	return (-1);
3774}
3775
3776int
3777ctl_set_mask(uint32_t *mask, uint32_t bit)
3778{
3779	uint32_t chunk, piece;
3780
3781	chunk = bit >> 5;
3782	piece = bit % (sizeof(uint32_t) * 8);
3783
3784	if ((mask[chunk] & (1 << piece)) != 0)
3785		return (-1);
3786	else
3787		mask[chunk] |= (1 << piece);
3788
3789	return (0);
3790}
3791
3792int
3793ctl_clear_mask(uint32_t *mask, uint32_t bit)
3794{
3795	uint32_t chunk, piece;
3796
3797	chunk = bit >> 5;
3798	piece = bit % (sizeof(uint32_t) * 8);
3799
3800	if ((mask[chunk] & (1 << piece)) == 0)
3801		return (-1);
3802	else
3803		mask[chunk] &= ~(1 << piece);
3804
3805	return (0);
3806}
3807
3808int
3809ctl_is_set(uint32_t *mask, uint32_t bit)
3810{
3811	uint32_t chunk, piece;
3812
3813	chunk = bit >> 5;
3814	piece = bit % (sizeof(uint32_t) * 8);
3815
3816	if ((mask[chunk] & (1 << piece)) == 0)
3817		return (0);
3818	else
3819		return (1);
3820}
3821
3822static uint64_t
3823ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3824{
3825	uint64_t *t;
3826
3827	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3828	if (t == NULL)
3829		return (0);
3830	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3831}
3832
3833static void
3834ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3835{
3836	uint64_t *t;
3837
3838	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3839	if (t == NULL)
3840		return;
3841	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3842}
3843
3844static void
3845ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3846{
3847	uint64_t *p;
3848	u_int i;
3849
3850	i = residx/CTL_MAX_INIT_PER_PORT;
3851	if (lun->pr_keys[i] != NULL)
3852		return;
3853	mtx_unlock(&lun->lun_lock);
3854	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3855	    M_WAITOK | M_ZERO);
3856	mtx_lock(&lun->lun_lock);
3857	if (lun->pr_keys[i] == NULL)
3858		lun->pr_keys[i] = p;
3859	else
3860		free(p, M_CTL);
3861}
3862
3863static void
3864ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3865{
3866	uint64_t *t;
3867
3868	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3869	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3870	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3871}
3872
3873/*
3874 * ctl_softc, pool_name, total_ctl_io are passed in.
3875 * npool is passed out.
3876 */
3877int
3878ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3879		uint32_t total_ctl_io, void **npool)
3880{
3881#ifdef IO_POOLS
3882	struct ctl_io_pool *pool;
3883
3884	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3885					    M_NOWAIT | M_ZERO);
3886	if (pool == NULL)
3887		return (ENOMEM);
3888
3889	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3890	pool->ctl_softc = ctl_softc;
3891	pool->zone = uma_zsecond_create(pool->name, NULL,
3892	    NULL, NULL, NULL, ctl_softc->io_zone);
3893	/* uma_prealloc(pool->zone, total_ctl_io); */
3894
3895	*npool = pool;
3896#else
3897	*npool = ctl_softc->io_zone;
3898#endif
3899	return (0);
3900}
3901
3902void
3903ctl_pool_free(struct ctl_io_pool *pool)
3904{
3905
3906	if (pool == NULL)
3907		return;
3908
3909#ifdef IO_POOLS
3910	uma_zdestroy(pool->zone);
3911	free(pool, M_CTL);
3912#endif
3913}
3914
3915union ctl_io *
3916ctl_alloc_io(void *pool_ref)
3917{
3918	union ctl_io *io;
3919#ifdef IO_POOLS
3920	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3921
3922	io = uma_zalloc(pool->zone, M_WAITOK);
3923#else
3924	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3925#endif
3926	if (io != NULL)
3927		io->io_hdr.pool = pool_ref;
3928	return (io);
3929}
3930
3931union ctl_io *
3932ctl_alloc_io_nowait(void *pool_ref)
3933{
3934	union ctl_io *io;
3935#ifdef IO_POOLS
3936	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3937
3938	io = uma_zalloc(pool->zone, M_NOWAIT);
3939#else
3940	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3941#endif
3942	if (io != NULL)
3943		io->io_hdr.pool = pool_ref;
3944	return (io);
3945}
3946
3947void
3948ctl_free_io(union ctl_io *io)
3949{
3950#ifdef IO_POOLS
3951	struct ctl_io_pool *pool;
3952#endif
3953
3954	if (io == NULL)
3955		return;
3956
3957#ifdef IO_POOLS
3958	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3959	uma_zfree(pool->zone, io);
3960#else
3961	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3962#endif
3963}
3964
3965void
3966ctl_zero_io(union ctl_io *io)
3967{
3968	void *pool_ref;
3969
3970	if (io == NULL)
3971		return;
3972
3973	/*
3974	 * May need to preserve linked list pointers at some point too.
3975	 */
3976	pool_ref = io->io_hdr.pool;
3977	memset(io, 0, sizeof(*io));
3978	io->io_hdr.pool = pool_ref;
3979}
3980
3981/*
3982 * This routine is currently used for internal copies of ctl_ios that need
3983 * to persist for some reason after we've already returned status to the
3984 * FETD.  (Thus the flag set.)
3985 *
3986 * XXX XXX
3987 * Note that this makes a blind copy of all fields in the ctl_io, except
3988 * for the pool reference.  This includes any memory that has been
3989 * allocated!  That memory will no longer be valid after done has been
3990 * called, so this would be VERY DANGEROUS for command that actually does
3991 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3992 * start and stop commands, which don't transfer any data, so this is not a
3993 * problem.  If it is used for anything else, the caller would also need to
3994 * allocate data buffer space and this routine would need to be modified to
3995 * copy the data buffer(s) as well.
3996 */
3997void
3998ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3999{
4000	void *pool_ref;
4001
4002	if ((src == NULL)
4003	 || (dest == NULL))
4004		return;
4005
4006	/*
4007	 * May need to preserve linked list pointers at some point too.
4008	 */
4009	pool_ref = dest->io_hdr.pool;
4010
4011	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
4012
4013	dest->io_hdr.pool = pool_ref;
4014	/*
4015	 * We need to know that this is an internal copy, and doesn't need
4016	 * to get passed back to the FETD that allocated it.
4017	 */
4018	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
4019}
4020
4021int
4022ctl_expand_number(const char *buf, uint64_t *num)
4023{
4024	char *endptr;
4025	uint64_t number;
4026	unsigned shift;
4027
4028	number = strtoq(buf, &endptr, 0);
4029
4030	switch (tolower((unsigned char)*endptr)) {
4031	case 'e':
4032		shift = 60;
4033		break;
4034	case 'p':
4035		shift = 50;
4036		break;
4037	case 't':
4038		shift = 40;
4039		break;
4040	case 'g':
4041		shift = 30;
4042		break;
4043	case 'm':
4044		shift = 20;
4045		break;
4046	case 'k':
4047		shift = 10;
4048		break;
4049	case 'b':
4050	case '\0': /* No unit. */
4051		*num = number;
4052		return (0);
4053	default:
4054		/* Unrecognized unit. */
4055		return (-1);
4056	}
4057
4058	if ((number << shift) >> shift != number) {
4059		/* Overflow */
4060		return (-1);
4061	}
4062	*num = number << shift;
4063	return (0);
4064}
4065
4066
4067/*
4068 * This routine could be used in the future to load default and/or saved
4069 * mode page parameters for a particuar lun.
4070 */
4071static int
4072ctl_init_page_index(struct ctl_lun *lun)
4073{
4074	int i;
4075	struct ctl_page_index *page_index;
4076	const char *value;
4077	uint64_t ival;
4078
4079	memcpy(&lun->mode_pages.index, page_index_template,
4080	       sizeof(page_index_template));
4081
4082	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4083
4084		page_index = &lun->mode_pages.index[i];
4085		/*
4086		 * If this is a disk-only mode page, there's no point in
4087		 * setting it up.  For some pages, we have to have some
4088		 * basic information about the disk in order to calculate the
4089		 * mode page data.
4090		 */
4091		if ((lun->be_lun->lun_type != T_DIRECT)
4092		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4093			continue;
4094
4095		switch (page_index->page_code & SMPH_PC_MASK) {
4096		case SMS_RW_ERROR_RECOVERY_PAGE: {
4097			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4098				panic("subpage is incorrect!");
4099			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4100			       &rw_er_page_default,
4101			       sizeof(rw_er_page_default));
4102			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4103			       &rw_er_page_changeable,
4104			       sizeof(rw_er_page_changeable));
4105			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4106			       &rw_er_page_default,
4107			       sizeof(rw_er_page_default));
4108			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4109			       &rw_er_page_default,
4110			       sizeof(rw_er_page_default));
4111			page_index->page_data =
4112				(uint8_t *)lun->mode_pages.rw_er_page;
4113			break;
4114		}
4115		case SMS_FORMAT_DEVICE_PAGE: {
4116			struct scsi_format_page *format_page;
4117
4118			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4119				panic("subpage is incorrect!");
4120
4121			/*
4122			 * Sectors per track are set above.  Bytes per
4123			 * sector need to be set here on a per-LUN basis.
4124			 */
4125			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4126			       &format_page_default,
4127			       sizeof(format_page_default));
4128			memcpy(&lun->mode_pages.format_page[
4129			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4130			       sizeof(format_page_changeable));
4131			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4132			       &format_page_default,
4133			       sizeof(format_page_default));
4134			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4135			       &format_page_default,
4136			       sizeof(format_page_default));
4137
4138			format_page = &lun->mode_pages.format_page[
4139				CTL_PAGE_CURRENT];
4140			scsi_ulto2b(lun->be_lun->blocksize,
4141				    format_page->bytes_per_sector);
4142
4143			format_page = &lun->mode_pages.format_page[
4144				CTL_PAGE_DEFAULT];
4145			scsi_ulto2b(lun->be_lun->blocksize,
4146				    format_page->bytes_per_sector);
4147
4148			format_page = &lun->mode_pages.format_page[
4149				CTL_PAGE_SAVED];
4150			scsi_ulto2b(lun->be_lun->blocksize,
4151				    format_page->bytes_per_sector);
4152
4153			page_index->page_data =
4154				(uint8_t *)lun->mode_pages.format_page;
4155			break;
4156		}
4157		case SMS_RIGID_DISK_PAGE: {
4158			struct scsi_rigid_disk_page *rigid_disk_page;
4159			uint32_t sectors_per_cylinder;
4160			uint64_t cylinders;
4161#ifndef	__XSCALE__
4162			int shift;
4163#endif /* !__XSCALE__ */
4164
4165			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4166				panic("invalid subpage value %d",
4167				      page_index->subpage);
4168
4169			/*
4170			 * Rotation rate and sectors per track are set
4171			 * above.  We calculate the cylinders here based on
4172			 * capacity.  Due to the number of heads and
4173			 * sectors per track we're using, smaller arrays
4174			 * may turn out to have 0 cylinders.  Linux and
4175			 * FreeBSD don't pay attention to these mode pages
4176			 * to figure out capacity, but Solaris does.  It
4177			 * seems to deal with 0 cylinders just fine, and
4178			 * works out a fake geometry based on the capacity.
4179			 */
4180			memcpy(&lun->mode_pages.rigid_disk_page[
4181			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4182			       sizeof(rigid_disk_page_default));
4183			memcpy(&lun->mode_pages.rigid_disk_page[
4184			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4185			       sizeof(rigid_disk_page_changeable));
4186
4187			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4188				CTL_DEFAULT_HEADS;
4189
4190			/*
4191			 * The divide method here will be more accurate,
4192			 * probably, but results in floating point being
4193			 * used in the kernel on i386 (__udivdi3()).  On the
4194			 * XScale, though, __udivdi3() is implemented in
4195			 * software.
4196			 *
4197			 * The shift method for cylinder calculation is
4198			 * accurate if sectors_per_cylinder is a power of
4199			 * 2.  Otherwise it might be slightly off -- you
4200			 * might have a bit of a truncation problem.
4201			 */
4202#ifdef	__XSCALE__
4203			cylinders = (lun->be_lun->maxlba + 1) /
4204				sectors_per_cylinder;
4205#else
4206			for (shift = 31; shift > 0; shift--) {
4207				if (sectors_per_cylinder & (1 << shift))
4208					break;
4209			}
4210			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4211#endif
4212
4213			/*
4214			 * We've basically got 3 bytes, or 24 bits for the
4215			 * cylinder size in the mode page.  If we're over,
4216			 * just round down to 2^24.
4217			 */
4218			if (cylinders > 0xffffff)
4219				cylinders = 0xffffff;
4220
4221			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4222				CTL_PAGE_DEFAULT];
4223			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4224
4225			if ((value = ctl_get_opt(&lun->be_lun->options,
4226			    "rpm")) != NULL) {
4227				scsi_ulto2b(strtol(value, NULL, 0),
4228				     rigid_disk_page->rotation_rate);
4229			}
4230
4231			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4232			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4233			       sizeof(rigid_disk_page_default));
4234			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4235			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4236			       sizeof(rigid_disk_page_default));
4237
4238			page_index->page_data =
4239				(uint8_t *)lun->mode_pages.rigid_disk_page;
4240			break;
4241		}
4242		case SMS_CACHING_PAGE: {
4243			struct scsi_caching_page *caching_page;
4244
4245			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4246				panic("invalid subpage value %d",
4247				      page_index->subpage);
4248			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4249			       &caching_page_default,
4250			       sizeof(caching_page_default));
4251			memcpy(&lun->mode_pages.caching_page[
4252			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4253			       sizeof(caching_page_changeable));
4254			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4255			       &caching_page_default,
4256			       sizeof(caching_page_default));
4257			caching_page = &lun->mode_pages.caching_page[
4258			    CTL_PAGE_SAVED];
4259			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4260			if (value != NULL && strcmp(value, "off") == 0)
4261				caching_page->flags1 &= ~SCP_WCE;
4262			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4263			if (value != NULL && strcmp(value, "off") == 0)
4264				caching_page->flags1 |= SCP_RCD;
4265			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4266			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4267			       sizeof(caching_page_default));
4268			page_index->page_data =
4269				(uint8_t *)lun->mode_pages.caching_page;
4270			break;
4271		}
4272		case SMS_CONTROL_MODE_PAGE: {
4273			struct scsi_control_page *control_page;
4274
4275			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4276				panic("invalid subpage value %d",
4277				      page_index->subpage);
4278
4279			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4280			       &control_page_default,
4281			       sizeof(control_page_default));
4282			memcpy(&lun->mode_pages.control_page[
4283			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4284			       sizeof(control_page_changeable));
4285			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4286			       &control_page_default,
4287			       sizeof(control_page_default));
4288			control_page = &lun->mode_pages.control_page[
4289			    CTL_PAGE_SAVED];
4290			value = ctl_get_opt(&lun->be_lun->options, "reordering");
4291			if (value != NULL && strcmp(value, "unrestricted") == 0) {
4292				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
4293				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
4294			}
4295			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4296			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
4297			       sizeof(control_page_default));
4298			page_index->page_data =
4299				(uint8_t *)lun->mode_pages.control_page;
4300			break;
4301
4302		}
4303		case SMS_INFO_EXCEPTIONS_PAGE: {
4304			switch (page_index->subpage) {
4305			case SMS_SUBPAGE_PAGE_0:
4306				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4307				       &ie_page_default,
4308				       sizeof(ie_page_default));
4309				memcpy(&lun->mode_pages.ie_page[
4310				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4311				       sizeof(ie_page_changeable));
4312				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4313				       &ie_page_default,
4314				       sizeof(ie_page_default));
4315				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4316				       &ie_page_default,
4317				       sizeof(ie_page_default));
4318				page_index->page_data =
4319					(uint8_t *)lun->mode_pages.ie_page;
4320				break;
4321			case 0x02: {
4322				struct ctl_logical_block_provisioning_page *page;
4323
4324				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4325				       &lbp_page_default,
4326				       sizeof(lbp_page_default));
4327				memcpy(&lun->mode_pages.lbp_page[
4328				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4329				       sizeof(lbp_page_changeable));
4330				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4331				       &lbp_page_default,
4332				       sizeof(lbp_page_default));
4333				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4334				value = ctl_get_opt(&lun->be_lun->options,
4335				    "avail-threshold");
4336				if (value != NULL &&
4337				    ctl_expand_number(value, &ival) == 0) {
4338					page->descr[0].flags |= SLBPPD_ENABLED |
4339					    SLBPPD_ARMING_DEC;
4340					if (lun->be_lun->blocksize)
4341						ival /= lun->be_lun->blocksize;
4342					else
4343						ival /= 512;
4344					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4345					    page->descr[0].count);
4346				}
4347				value = ctl_get_opt(&lun->be_lun->options,
4348				    "used-threshold");
4349				if (value != NULL &&
4350				    ctl_expand_number(value, &ival) == 0) {
4351					page->descr[1].flags |= SLBPPD_ENABLED |
4352					    SLBPPD_ARMING_INC;
4353					if (lun->be_lun->blocksize)
4354						ival /= lun->be_lun->blocksize;
4355					else
4356						ival /= 512;
4357					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4358					    page->descr[1].count);
4359				}
4360				value = ctl_get_opt(&lun->be_lun->options,
4361				    "pool-avail-threshold");
4362				if (value != NULL &&
4363				    ctl_expand_number(value, &ival) == 0) {
4364					page->descr[2].flags |= SLBPPD_ENABLED |
4365					    SLBPPD_ARMING_DEC;
4366					if (lun->be_lun->blocksize)
4367						ival /= lun->be_lun->blocksize;
4368					else
4369						ival /= 512;
4370					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4371					    page->descr[2].count);
4372				}
4373				value = ctl_get_opt(&lun->be_lun->options,
4374				    "pool-used-threshold");
4375				if (value != NULL &&
4376				    ctl_expand_number(value, &ival) == 0) {
4377					page->descr[3].flags |= SLBPPD_ENABLED |
4378					    SLBPPD_ARMING_INC;
4379					if (lun->be_lun->blocksize)
4380						ival /= lun->be_lun->blocksize;
4381					else
4382						ival /= 512;
4383					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4384					    page->descr[3].count);
4385				}
4386				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4387				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4388				       sizeof(lbp_page_default));
4389				page_index->page_data =
4390					(uint8_t *)lun->mode_pages.lbp_page;
4391			}}
4392			break;
4393		}
4394		case SMS_VENDOR_SPECIFIC_PAGE:{
4395			switch (page_index->subpage) {
4396			case DBGCNF_SUBPAGE_CODE: {
4397				struct copan_debugconf_subpage *current_page,
4398							       *saved_page;
4399
4400				memcpy(&lun->mode_pages.debugconf_subpage[
4401				       CTL_PAGE_CURRENT],
4402				       &debugconf_page_default,
4403				       sizeof(debugconf_page_default));
4404				memcpy(&lun->mode_pages.debugconf_subpage[
4405				       CTL_PAGE_CHANGEABLE],
4406				       &debugconf_page_changeable,
4407				       sizeof(debugconf_page_changeable));
4408				memcpy(&lun->mode_pages.debugconf_subpage[
4409				       CTL_PAGE_DEFAULT],
4410				       &debugconf_page_default,
4411				       sizeof(debugconf_page_default));
4412				memcpy(&lun->mode_pages.debugconf_subpage[
4413				       CTL_PAGE_SAVED],
4414				       &debugconf_page_default,
4415				       sizeof(debugconf_page_default));
4416				page_index->page_data =
4417					(uint8_t *)lun->mode_pages.debugconf_subpage;
4418
4419				current_page = (struct copan_debugconf_subpage *)
4420					(page_index->page_data +
4421					 (page_index->page_len *
4422					  CTL_PAGE_CURRENT));
4423				saved_page = (struct copan_debugconf_subpage *)
4424					(page_index->page_data +
4425					 (page_index->page_len *
4426					  CTL_PAGE_SAVED));
4427				break;
4428			}
4429			default:
4430				panic("invalid subpage value %d",
4431				      page_index->subpage);
4432				break;
4433			}
4434   			break;
4435		}
4436		default:
4437			panic("invalid page value %d",
4438			      page_index->page_code & SMPH_PC_MASK);
4439			break;
4440    	}
4441	}
4442
4443	return (CTL_RETVAL_COMPLETE);
4444}
4445
4446static int
4447ctl_init_log_page_index(struct ctl_lun *lun)
4448{
4449	struct ctl_page_index *page_index;
4450	int i, j, k, prev;
4451
4452	memcpy(&lun->log_pages.index, log_page_index_template,
4453	       sizeof(log_page_index_template));
4454
4455	prev = -1;
4456	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4457
4458		page_index = &lun->log_pages.index[i];
4459		/*
4460		 * If this is a disk-only mode page, there's no point in
4461		 * setting it up.  For some pages, we have to have some
4462		 * basic information about the disk in order to calculate the
4463		 * mode page data.
4464		 */
4465		if ((lun->be_lun->lun_type != T_DIRECT)
4466		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4467			continue;
4468
4469		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4470		     lun->backend->lun_attr == NULL)
4471			continue;
4472
4473		if (page_index->page_code != prev) {
4474			lun->log_pages.pages_page[j] = page_index->page_code;
4475			prev = page_index->page_code;
4476			j++;
4477		}
4478		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4479		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4480		k++;
4481	}
4482	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4483	lun->log_pages.index[0].page_len = j;
4484	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4485	lun->log_pages.index[1].page_len = k * 2;
4486	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4487	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4488	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4489	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4490
4491	return (CTL_RETVAL_COMPLETE);
4492}
4493
4494static int
4495hex2bin(const char *str, uint8_t *buf, int buf_size)
4496{
4497	int i;
4498	u_char c;
4499
4500	memset(buf, 0, buf_size);
4501	while (isspace(str[0]))
4502		str++;
4503	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4504		str += 2;
4505	buf_size *= 2;
4506	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4507		c = str[i];
4508		if (isdigit(c))
4509			c -= '0';
4510		else if (isalpha(c))
4511			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4512		else
4513			break;
4514		if (c >= 16)
4515			break;
4516		if ((i & 1) == 0)
4517			buf[i / 2] |= (c << 4);
4518		else
4519			buf[i / 2] |= c;
4520	}
4521	return ((i + 1) / 2);
4522}
4523
4524/*
4525 * LUN allocation.
4526 *
4527 * Requirements:
4528 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4529 *   wants us to allocate the LUN and he can block.
4530 * - ctl_softc is always set
4531 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4532 *
4533 * Returns 0 for success, non-zero (errno) for failure.
4534 */
4535static int
4536ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4537	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4538{
4539	struct ctl_lun *nlun, *lun;
4540	struct scsi_vpd_id_descriptor *desc;
4541	struct scsi_vpd_id_t10 *t10id;
4542	const char *eui, *naa, *scsiname, *vendor, *value;
4543	int lun_number, i, lun_malloced;
4544	int devidlen, idlen1, idlen2 = 0, len;
4545
4546	if (be_lun == NULL)
4547		return (EINVAL);
4548
4549	/*
4550	 * We currently only support Direct Access or Processor LUN types.
4551	 */
4552	switch (be_lun->lun_type) {
4553	case T_DIRECT:
4554		break;
4555	case T_PROCESSOR:
4556		break;
4557	case T_SEQUENTIAL:
4558	case T_CHANGER:
4559	default:
4560		be_lun->lun_config_status(be_lun->be_lun,
4561					  CTL_LUN_CONFIG_FAILURE);
4562		break;
4563	}
4564	if (ctl_lun == NULL) {
4565		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4566		lun_malloced = 1;
4567	} else {
4568		lun_malloced = 0;
4569		lun = ctl_lun;
4570	}
4571
4572	memset(lun, 0, sizeof(*lun));
4573	if (lun_malloced)
4574		lun->flags = CTL_LUN_MALLOCED;
4575
4576	/* Generate LUN ID. */
4577	devidlen = max(CTL_DEVID_MIN_LEN,
4578	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4579	idlen1 = sizeof(*t10id) + devidlen;
4580	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4581	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4582	if (scsiname != NULL) {
4583		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4584		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4585	}
4586	eui = ctl_get_opt(&be_lun->options, "eui");
4587	if (eui != NULL) {
4588		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4589	}
4590	naa = ctl_get_opt(&be_lun->options, "naa");
4591	if (naa != NULL) {
4592		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4593	}
4594	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4595	    M_CTL, M_WAITOK | M_ZERO);
4596	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4597	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4598	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4599	desc->length = idlen1;
4600	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4601	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4602	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4603		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4604	} else {
4605		strncpy(t10id->vendor, vendor,
4606		    min(sizeof(t10id->vendor), strlen(vendor)));
4607	}
4608	strncpy((char *)t10id->vendor_spec_id,
4609	    (char *)be_lun->device_id, devidlen);
4610	if (scsiname != NULL) {
4611		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4612		    desc->length);
4613		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4614		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4615		    SVPD_ID_TYPE_SCSI_NAME;
4616		desc->length = idlen2;
4617		strlcpy(desc->identifier, scsiname, idlen2);
4618	}
4619	if (eui != NULL) {
4620		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4621		    desc->length);
4622		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4623		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4624		    SVPD_ID_TYPE_EUI64;
4625		desc->length = hex2bin(eui, desc->identifier, 16);
4626		desc->length = desc->length > 12 ? 16 :
4627		    (desc->length > 8 ? 12 : 8);
4628		len -= 16 - desc->length;
4629	}
4630	if (naa != NULL) {
4631		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4632		    desc->length);
4633		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4634		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4635		    SVPD_ID_TYPE_NAA;
4636		desc->length = hex2bin(naa, desc->identifier, 16);
4637		desc->length = desc->length > 8 ? 16 : 8;
4638		len -= 16 - desc->length;
4639	}
4640	lun->lun_devid->len = len;
4641
4642	mtx_lock(&ctl_softc->ctl_lock);
4643	/*
4644	 * See if the caller requested a particular LUN number.  If so, see
4645	 * if it is available.  Otherwise, allocate the first available LUN.
4646	 */
4647	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4648		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4649		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4650			mtx_unlock(&ctl_softc->ctl_lock);
4651			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4652				printf("ctl: requested LUN ID %d is higher "
4653				       "than CTL_MAX_LUNS - 1 (%d)\n",
4654				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4655			} else {
4656				/*
4657				 * XXX KDM return an error, or just assign
4658				 * another LUN ID in this case??
4659				 */
4660				printf("ctl: requested LUN ID %d is already "
4661				       "in use\n", be_lun->req_lun_id);
4662			}
4663			if (lun->flags & CTL_LUN_MALLOCED)
4664				free(lun, M_CTL);
4665			be_lun->lun_config_status(be_lun->be_lun,
4666						  CTL_LUN_CONFIG_FAILURE);
4667			return (ENOSPC);
4668		}
4669		lun_number = be_lun->req_lun_id;
4670	} else {
4671		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4672		if (lun_number == -1) {
4673			mtx_unlock(&ctl_softc->ctl_lock);
4674			printf("ctl: can't allocate LUN on target %ju, out of "
4675			       "LUNs\n", (uintmax_t)target_id.id);
4676			if (lun->flags & CTL_LUN_MALLOCED)
4677				free(lun, M_CTL);
4678			be_lun->lun_config_status(be_lun->be_lun,
4679						  CTL_LUN_CONFIG_FAILURE);
4680			return (ENOSPC);
4681		}
4682	}
4683	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4684
4685	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4686	lun->target = target_id;
4687	lun->lun = lun_number;
4688	lun->be_lun = be_lun;
4689	/*
4690	 * The processor LUN is always enabled.  Disk LUNs come on line
4691	 * disabled, and must be enabled by the backend.
4692	 */
4693	lun->flags |= CTL_LUN_DISABLED;
4694	lun->backend = be_lun->be;
4695	be_lun->ctl_lun = lun;
4696	be_lun->lun_id = lun_number;
4697	atomic_add_int(&be_lun->be->num_luns, 1);
4698	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4699		lun->flags |= CTL_LUN_OFFLINE;
4700
4701	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4702		lun->flags |= CTL_LUN_STOPPED;
4703
4704	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4705		lun->flags |= CTL_LUN_INOPERABLE;
4706
4707	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4708		lun->flags |= CTL_LUN_PRIMARY_SC;
4709
4710	value = ctl_get_opt(&be_lun->options, "readonly");
4711	if (value != NULL && strcmp(value, "on") == 0)
4712		lun->flags |= CTL_LUN_READONLY;
4713
4714	lun->serseq = CTL_LUN_SERSEQ_OFF;
4715	if (be_lun->flags & CTL_LUN_FLAG_SERSEQ_READ)
4716		lun->serseq = CTL_LUN_SERSEQ_READ;
4717	value = ctl_get_opt(&be_lun->options, "serseq");
4718	if (value != NULL && strcmp(value, "on") == 0)
4719		lun->serseq = CTL_LUN_SERSEQ_ON;
4720	else if (value != NULL && strcmp(value, "read") == 0)
4721		lun->serseq = CTL_LUN_SERSEQ_READ;
4722	else if (value != NULL && strcmp(value, "off") == 0)
4723		lun->serseq = CTL_LUN_SERSEQ_OFF;
4724
4725	lun->ctl_softc = ctl_softc;
4726#ifdef CTL_TIME_IO
4727	lun->last_busy = getsbinuptime();
4728#endif
4729	TAILQ_INIT(&lun->ooa_queue);
4730	TAILQ_INIT(&lun->blocked_queue);
4731	STAILQ_INIT(&lun->error_list);
4732	ctl_tpc_lun_init(lun);
4733
4734	/*
4735	 * Initialize the mode and log page index.
4736	 */
4737	ctl_init_page_index(lun);
4738	ctl_init_log_page_index(lun);
4739
4740	/*
4741	 * Now, before we insert this lun on the lun list, set the lun
4742	 * inventory changed UA for all other luns.
4743	 */
4744	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4745		mtx_lock(&nlun->lun_lock);
4746		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4747		mtx_unlock(&nlun->lun_lock);
4748	}
4749
4750	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4751
4752	ctl_softc->ctl_luns[lun_number] = lun;
4753
4754	ctl_softc->num_luns++;
4755
4756	/* Setup statistics gathering */
4757	lun->stats.device_type = be_lun->lun_type;
4758	lun->stats.lun_number = lun_number;
4759	if (lun->stats.device_type == T_DIRECT)
4760		lun->stats.blocksize = be_lun->blocksize;
4761	else
4762		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4763	for (i = 0;i < CTL_MAX_PORTS;i++)
4764		lun->stats.ports[i].targ_port = i;
4765
4766	mtx_unlock(&ctl_softc->ctl_lock);
4767
4768	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4769	return (0);
4770}
4771
4772/*
4773 * Delete a LUN.
4774 * Assumptions:
4775 * - LUN has already been marked invalid and any pending I/O has been taken
4776 *   care of.
4777 */
4778static int
4779ctl_free_lun(struct ctl_lun *lun)
4780{
4781	struct ctl_softc *softc;
4782	struct ctl_port *port;
4783	struct ctl_lun *nlun;
4784	int i;
4785
4786	softc = lun->ctl_softc;
4787
4788	mtx_assert(&softc->ctl_lock, MA_OWNED);
4789
4790	STAILQ_FOREACH(port, &softc->port_list, links)
4791		ctl_lun_map_unsetg(port, lun->lun);
4792
4793	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4794
4795	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4796
4797	softc->ctl_luns[lun->lun] = NULL;
4798
4799	if (!TAILQ_EMPTY(&lun->ooa_queue))
4800		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4801
4802	softc->num_luns--;
4803
4804	/*
4805	 * Tell the backend to free resources, if this LUN has a backend.
4806	 */
4807	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4808	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4809
4810	ctl_tpc_lun_shutdown(lun);
4811	mtx_destroy(&lun->lun_lock);
4812	free(lun->lun_devid, M_CTL);
4813	for (i = 0; i < CTL_MAX_PORTS; i++)
4814		free(lun->pending_ua[i], M_CTL);
4815	for (i = 0; i < 2 * CTL_MAX_PORTS; i++)
4816		free(lun->pr_keys[i], M_CTL);
4817	free(lun->write_buffer, M_CTL);
4818	if (lun->flags & CTL_LUN_MALLOCED)
4819		free(lun, M_CTL);
4820
4821	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4822		mtx_lock(&nlun->lun_lock);
4823		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4824		mtx_unlock(&nlun->lun_lock);
4825	}
4826
4827	return (0);
4828}
4829
4830static void
4831ctl_create_lun(struct ctl_be_lun *be_lun)
4832{
4833	struct ctl_softc *softc;
4834
4835	softc = control_softc;
4836
4837	/*
4838	 * ctl_alloc_lun() should handle all potential failure cases.
4839	 */
4840	ctl_alloc_lun(softc, NULL, be_lun, softc->target);
4841}
4842
4843int
4844ctl_add_lun(struct ctl_be_lun *be_lun)
4845{
4846	struct ctl_softc *softc = control_softc;
4847
4848	mtx_lock(&softc->ctl_lock);
4849	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4850	mtx_unlock(&softc->ctl_lock);
4851	wakeup(&softc->pending_lun_queue);
4852
4853	return (0);
4854}
4855
4856int
4857ctl_enable_lun(struct ctl_be_lun *be_lun)
4858{
4859	struct ctl_softc *softc;
4860	struct ctl_port *port, *nport;
4861	struct ctl_lun *lun;
4862	int retval;
4863
4864	lun = (struct ctl_lun *)be_lun->ctl_lun;
4865	softc = lun->ctl_softc;
4866
4867	mtx_lock(&softc->ctl_lock);
4868	mtx_lock(&lun->lun_lock);
4869	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4870		/*
4871		 * eh?  Why did we get called if the LUN is already
4872		 * enabled?
4873		 */
4874		mtx_unlock(&lun->lun_lock);
4875		mtx_unlock(&softc->ctl_lock);
4876		return (0);
4877	}
4878	lun->flags &= ~CTL_LUN_DISABLED;
4879	mtx_unlock(&lun->lun_lock);
4880
4881	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4882		nport = STAILQ_NEXT(port, links);
4883
4884		/*
4885		 * Drop the lock while we call the FETD's enable routine.
4886		 * This can lead to a callback into CTL (at least in the
4887		 * case of the internal initiator frontend.
4888		 */
4889		mtx_unlock(&softc->ctl_lock);
4890		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4891		mtx_lock(&softc->ctl_lock);
4892		if (retval != 0) {
4893			printf("%s: FETD %s port %d returned error "
4894			       "%d for lun_enable on target %ju lun %jd\n",
4895			       __func__, port->port_name, port->targ_port, retval,
4896			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4897		}
4898	}
4899
4900	mtx_unlock(&softc->ctl_lock);
4901
4902	return (0);
4903}
4904
4905int
4906ctl_disable_lun(struct ctl_be_lun *be_lun)
4907{
4908	struct ctl_softc *softc;
4909	struct ctl_port *port;
4910	struct ctl_lun *lun;
4911	int retval;
4912
4913	lun = (struct ctl_lun *)be_lun->ctl_lun;
4914	softc = lun->ctl_softc;
4915
4916	mtx_lock(&softc->ctl_lock);
4917	mtx_lock(&lun->lun_lock);
4918	if (lun->flags & CTL_LUN_DISABLED) {
4919		mtx_unlock(&lun->lun_lock);
4920		mtx_unlock(&softc->ctl_lock);
4921		return (0);
4922	}
4923	lun->flags |= CTL_LUN_DISABLED;
4924	mtx_unlock(&lun->lun_lock);
4925
4926	STAILQ_FOREACH(port, &softc->port_list, links) {
4927		mtx_unlock(&softc->ctl_lock);
4928		/*
4929		 * Drop the lock before we call the frontend's disable
4930		 * routine, to avoid lock order reversals.
4931		 *
4932		 * XXX KDM what happens if the frontend list changes while
4933		 * we're traversing it?  It's unlikely, but should be handled.
4934		 */
4935		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4936					 lun->lun);
4937		mtx_lock(&softc->ctl_lock);
4938		if (retval != 0) {
4939			printf("%s: FETD %s port %d returned error "
4940			       "%d for lun_disable on target %ju lun %jd\n",
4941			       __func__, port->port_name, port->targ_port, retval,
4942			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4943		}
4944	}
4945
4946	mtx_unlock(&softc->ctl_lock);
4947
4948	return (0);
4949}
4950
4951int
4952ctl_start_lun(struct ctl_be_lun *be_lun)
4953{
4954	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4955
4956	mtx_lock(&lun->lun_lock);
4957	lun->flags &= ~CTL_LUN_STOPPED;
4958	mtx_unlock(&lun->lun_lock);
4959	return (0);
4960}
4961
4962int
4963ctl_stop_lun(struct ctl_be_lun *be_lun)
4964{
4965	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4966
4967	mtx_lock(&lun->lun_lock);
4968	lun->flags |= CTL_LUN_STOPPED;
4969	mtx_unlock(&lun->lun_lock);
4970	return (0);
4971}
4972
4973int
4974ctl_lun_offline(struct ctl_be_lun *be_lun)
4975{
4976	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4977
4978	mtx_lock(&lun->lun_lock);
4979	lun->flags |= CTL_LUN_OFFLINE;
4980	mtx_unlock(&lun->lun_lock);
4981	return (0);
4982}
4983
4984int
4985ctl_lun_online(struct ctl_be_lun *be_lun)
4986{
4987	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4988
4989	mtx_lock(&lun->lun_lock);
4990	lun->flags &= ~CTL_LUN_OFFLINE;
4991	mtx_unlock(&lun->lun_lock);
4992	return (0);
4993}
4994
4995int
4996ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4997{
4998	struct ctl_softc *softc;
4999	struct ctl_lun *lun;
5000
5001	lun = (struct ctl_lun *)be_lun->ctl_lun;
5002	softc = lun->ctl_softc;
5003
5004	mtx_lock(&lun->lun_lock);
5005
5006	/*
5007	 * The LUN needs to be disabled before it can be marked invalid.
5008	 */
5009	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
5010		mtx_unlock(&lun->lun_lock);
5011		return (-1);
5012	}
5013	/*
5014	 * Mark the LUN invalid.
5015	 */
5016	lun->flags |= CTL_LUN_INVALID;
5017
5018	/*
5019	 * If there is nothing in the OOA queue, go ahead and free the LUN.
5020	 * If we have something in the OOA queue, we'll free it when the
5021	 * last I/O completes.
5022	 */
5023	if (TAILQ_EMPTY(&lun->ooa_queue)) {
5024		mtx_unlock(&lun->lun_lock);
5025		mtx_lock(&softc->ctl_lock);
5026		ctl_free_lun(lun);
5027		mtx_unlock(&softc->ctl_lock);
5028	} else
5029		mtx_unlock(&lun->lun_lock);
5030
5031	return (0);
5032}
5033
5034int
5035ctl_lun_inoperable(struct ctl_be_lun *be_lun)
5036{
5037	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5038
5039	mtx_lock(&lun->lun_lock);
5040	lun->flags |= CTL_LUN_INOPERABLE;
5041	mtx_unlock(&lun->lun_lock);
5042	return (0);
5043}
5044
5045int
5046ctl_lun_operable(struct ctl_be_lun *be_lun)
5047{
5048	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5049
5050	mtx_lock(&lun->lun_lock);
5051	lun->flags &= ~CTL_LUN_INOPERABLE;
5052	mtx_unlock(&lun->lun_lock);
5053	return (0);
5054}
5055
5056void
5057ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5058{
5059	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5060
5061	mtx_lock(&lun->lun_lock);
5062	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
5063	mtx_unlock(&lun->lun_lock);
5064}
5065
5066/*
5067 * Backend "memory move is complete" callback for requests that never
5068 * make it down to say RAIDCore's configuration code.
5069 */
5070int
5071ctl_config_move_done(union ctl_io *io)
5072{
5073	int retval;
5074
5075	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5076	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
5077	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
5078
5079	if ((io->io_hdr.port_status != 0) &&
5080	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5081	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5082		/*
5083		 * For hardware error sense keys, the sense key
5084		 * specific value is defined to be a retry count,
5085		 * but we use it to pass back an internal FETD
5086		 * error code.  XXX KDM  Hopefully the FETD is only
5087		 * using 16 bits for an error code, since that's
5088		 * all the space we have in the sks field.
5089		 */
5090		ctl_set_internal_failure(&io->scsiio,
5091					 /*sks_valid*/ 1,
5092					 /*retry_count*/
5093					 io->io_hdr.port_status);
5094	}
5095
5096	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
5097	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5098	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
5099	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5100		/*
5101		 * XXX KDM just assuming a single pointer here, and not a
5102		 * S/G list.  If we start using S/G lists for config data,
5103		 * we'll need to know how to clean them up here as well.
5104		 */
5105		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5106			free(io->scsiio.kern_data_ptr, M_CTL);
5107		ctl_done(io);
5108		retval = CTL_RETVAL_COMPLETE;
5109	} else {
5110		/*
5111		 * XXX KDM now we need to continue data movement.  Some
5112		 * options:
5113		 * - call ctl_scsiio() again?  We don't do this for data
5114		 *   writes, because for those at least we know ahead of
5115		 *   time where the write will go and how long it is.  For
5116		 *   config writes, though, that information is largely
5117		 *   contained within the write itself, thus we need to
5118		 *   parse out the data again.
5119		 *
5120		 * - Call some other function once the data is in?
5121		 */
5122		if (ctl_debug & CTL_DEBUG_CDB_DATA)
5123			ctl_data_print(io);
5124
5125		/*
5126		 * XXX KDM call ctl_scsiio() again for now, and check flag
5127		 * bits to see whether we're allocated or not.
5128		 */
5129		retval = ctl_scsiio(&io->scsiio);
5130	}
5131	return (retval);
5132}
5133
5134/*
5135 * This gets called by a backend driver when it is done with a
5136 * data_submit method.
5137 */
5138void
5139ctl_data_submit_done(union ctl_io *io)
5140{
5141	/*
5142	 * If the IO_CONT flag is set, we need to call the supplied
5143	 * function to continue processing the I/O, instead of completing
5144	 * the I/O just yet.
5145	 *
5146	 * If there is an error, though, we don't want to keep processing.
5147	 * Instead, just send status back to the initiator.
5148	 */
5149	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5150	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5151	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5152	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5153		io->scsiio.io_cont(io);
5154		return;
5155	}
5156	ctl_done(io);
5157}
5158
5159/*
5160 * This gets called by a backend driver when it is done with a
5161 * configuration write.
5162 */
5163void
5164ctl_config_write_done(union ctl_io *io)
5165{
5166	uint8_t *buf;
5167
5168	/*
5169	 * If the IO_CONT flag is set, we need to call the supplied
5170	 * function to continue processing the I/O, instead of completing
5171	 * the I/O just yet.
5172	 *
5173	 * If there is an error, though, we don't want to keep processing.
5174	 * Instead, just send status back to the initiator.
5175	 */
5176	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5177	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5178	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5179	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5180		io->scsiio.io_cont(io);
5181		return;
5182	}
5183	/*
5184	 * Since a configuration write can be done for commands that actually
5185	 * have data allocated, like write buffer, and commands that have
5186	 * no data, like start/stop unit, we need to check here.
5187	 */
5188	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5189		buf = io->scsiio.kern_data_ptr;
5190	else
5191		buf = NULL;
5192	ctl_done(io);
5193	if (buf)
5194		free(buf, M_CTL);
5195}
5196
5197void
5198ctl_config_read_done(union ctl_io *io)
5199{
5200	uint8_t *buf;
5201
5202	/*
5203	 * If there is some error -- we are done, skip data transfer.
5204	 */
5205	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5206	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5207	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5208		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5209			buf = io->scsiio.kern_data_ptr;
5210		else
5211			buf = NULL;
5212		ctl_done(io);
5213		if (buf)
5214			free(buf, M_CTL);
5215		return;
5216	}
5217
5218	/*
5219	 * If the IO_CONT flag is set, we need to call the supplied
5220	 * function to continue processing the I/O, instead of completing
5221	 * the I/O just yet.
5222	 */
5223	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5224		io->scsiio.io_cont(io);
5225		return;
5226	}
5227
5228	ctl_datamove(io);
5229}
5230
5231/*
5232 * SCSI release command.
5233 */
5234int
5235ctl_scsi_release(struct ctl_scsiio *ctsio)
5236{
5237	int length, longid, thirdparty_id, resv_id;
5238	struct ctl_lun *lun;
5239	uint32_t residx;
5240
5241	length = 0;
5242	resv_id = 0;
5243
5244	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5245
5246	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5247	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5248
5249	switch (ctsio->cdb[0]) {
5250	case RELEASE_10: {
5251		struct scsi_release_10 *cdb;
5252
5253		cdb = (struct scsi_release_10 *)ctsio->cdb;
5254
5255		if (cdb->byte2 & SR10_LONGID)
5256			longid = 1;
5257		else
5258			thirdparty_id = cdb->thirdparty_id;
5259
5260		resv_id = cdb->resv_id;
5261		length = scsi_2btoul(cdb->length);
5262		break;
5263	}
5264	}
5265
5266
5267	/*
5268	 * XXX KDM right now, we only support LUN reservation.  We don't
5269	 * support 3rd party reservations, or extent reservations, which
5270	 * might actually need the parameter list.  If we've gotten this
5271	 * far, we've got a LUN reservation.  Anything else got kicked out
5272	 * above.  So, according to SPC, ignore the length.
5273	 */
5274	length = 0;
5275
5276	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5277	 && (length > 0)) {
5278		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5279		ctsio->kern_data_len = length;
5280		ctsio->kern_total_len = length;
5281		ctsio->kern_data_resid = 0;
5282		ctsio->kern_rel_offset = 0;
5283		ctsio->kern_sg_entries = 0;
5284		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5285		ctsio->be_move_done = ctl_config_move_done;
5286		ctl_datamove((union ctl_io *)ctsio);
5287
5288		return (CTL_RETVAL_COMPLETE);
5289	}
5290
5291	if (length > 0)
5292		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5293
5294	mtx_lock(&lun->lun_lock);
5295
5296	/*
5297	 * According to SPC, it is not an error for an intiator to attempt
5298	 * to release a reservation on a LUN that isn't reserved, or that
5299	 * is reserved by another initiator.  The reservation can only be
5300	 * released, though, by the initiator who made it or by one of
5301	 * several reset type events.
5302	 */
5303	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5304			lun->flags &= ~CTL_LUN_RESERVED;
5305
5306	mtx_unlock(&lun->lun_lock);
5307
5308	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5309		free(ctsio->kern_data_ptr, M_CTL);
5310		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5311	}
5312
5313	ctl_set_success(ctsio);
5314	ctl_done((union ctl_io *)ctsio);
5315	return (CTL_RETVAL_COMPLETE);
5316}
5317
5318int
5319ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5320{
5321	int extent, thirdparty, longid;
5322	int resv_id, length;
5323	uint64_t thirdparty_id;
5324	struct ctl_lun *lun;
5325	uint32_t residx;
5326
5327	extent = 0;
5328	thirdparty = 0;
5329	longid = 0;
5330	resv_id = 0;
5331	length = 0;
5332	thirdparty_id = 0;
5333
5334	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5335
5336	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5337	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5338
5339	switch (ctsio->cdb[0]) {
5340	case RESERVE_10: {
5341		struct scsi_reserve_10 *cdb;
5342
5343		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5344
5345		if (cdb->byte2 & SR10_LONGID)
5346			longid = 1;
5347		else
5348			thirdparty_id = cdb->thirdparty_id;
5349
5350		resv_id = cdb->resv_id;
5351		length = scsi_2btoul(cdb->length);
5352		break;
5353	}
5354	}
5355
5356	/*
5357	 * XXX KDM right now, we only support LUN reservation.  We don't
5358	 * support 3rd party reservations, or extent reservations, which
5359	 * might actually need the parameter list.  If we've gotten this
5360	 * far, we've got a LUN reservation.  Anything else got kicked out
5361	 * above.  So, according to SPC, ignore the length.
5362	 */
5363	length = 0;
5364
5365	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5366	 && (length > 0)) {
5367		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5368		ctsio->kern_data_len = length;
5369		ctsio->kern_total_len = length;
5370		ctsio->kern_data_resid = 0;
5371		ctsio->kern_rel_offset = 0;
5372		ctsio->kern_sg_entries = 0;
5373		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5374		ctsio->be_move_done = ctl_config_move_done;
5375		ctl_datamove((union ctl_io *)ctsio);
5376
5377		return (CTL_RETVAL_COMPLETE);
5378	}
5379
5380	if (length > 0)
5381		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5382
5383	mtx_lock(&lun->lun_lock);
5384	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5385		ctl_set_reservation_conflict(ctsio);
5386		goto bailout;
5387	}
5388
5389	lun->flags |= CTL_LUN_RESERVED;
5390	lun->res_idx = residx;
5391
5392	ctl_set_success(ctsio);
5393
5394bailout:
5395	mtx_unlock(&lun->lun_lock);
5396
5397	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5398		free(ctsio->kern_data_ptr, M_CTL);
5399		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5400	}
5401
5402	ctl_done((union ctl_io *)ctsio);
5403	return (CTL_RETVAL_COMPLETE);
5404}
5405
5406int
5407ctl_start_stop(struct ctl_scsiio *ctsio)
5408{
5409	struct scsi_start_stop_unit *cdb;
5410	struct ctl_lun *lun;
5411	int retval;
5412
5413	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5414
5415	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5416	retval = 0;
5417
5418	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5419
5420	/*
5421	 * XXX KDM
5422	 * We don't support the immediate bit on a stop unit.  In order to
5423	 * do that, we would need to code up a way to know that a stop is
5424	 * pending, and hold off any new commands until it completes, one
5425	 * way or another.  Then we could accept or reject those commands
5426	 * depending on its status.  We would almost need to do the reverse
5427	 * of what we do below for an immediate start -- return the copy of
5428	 * the ctl_io to the FETD with status to send to the host (and to
5429	 * free the copy!) and then free the original I/O once the stop
5430	 * actually completes.  That way, the OOA queue mechanism can work
5431	 * to block commands that shouldn't proceed.  Another alternative
5432	 * would be to put the copy in the queue in place of the original,
5433	 * and return the original back to the caller.  That could be
5434	 * slightly safer..
5435	 */
5436	if ((cdb->byte2 & SSS_IMMED)
5437	 && ((cdb->how & SSS_START) == 0)) {
5438		ctl_set_invalid_field(ctsio,
5439				      /*sks_valid*/ 1,
5440				      /*command*/ 1,
5441				      /*field*/ 1,
5442				      /*bit_valid*/ 1,
5443				      /*bit*/ 0);
5444		ctl_done((union ctl_io *)ctsio);
5445		return (CTL_RETVAL_COMPLETE);
5446	}
5447
5448	if ((lun->flags & CTL_LUN_PR_RESERVED)
5449	 && ((cdb->how & SSS_START)==0)) {
5450		uint32_t residx;
5451
5452		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5453		if (ctl_get_prkey(lun, residx) == 0
5454		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5455
5456			ctl_set_reservation_conflict(ctsio);
5457			ctl_done((union ctl_io *)ctsio);
5458			return (CTL_RETVAL_COMPLETE);
5459		}
5460	}
5461
5462	/*
5463	 * If there is no backend on this device, we can't start or stop
5464	 * it.  In theory we shouldn't get any start/stop commands in the
5465	 * first place at this level if the LUN doesn't have a backend.
5466	 * That should get stopped by the command decode code.
5467	 */
5468	if (lun->backend == NULL) {
5469		ctl_set_invalid_opcode(ctsio);
5470		ctl_done((union ctl_io *)ctsio);
5471		return (CTL_RETVAL_COMPLETE);
5472	}
5473
5474	/*
5475	 * XXX KDM Copan-specific offline behavior.
5476	 * Figure out a reasonable way to port this?
5477	 */
5478#ifdef NEEDTOPORT
5479	mtx_lock(&lun->lun_lock);
5480
5481	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5482	 && (lun->flags & CTL_LUN_OFFLINE)) {
5483		/*
5484		 * If the LUN is offline, and the on/offline bit isn't set,
5485		 * reject the start or stop.  Otherwise, let it through.
5486		 */
5487		mtx_unlock(&lun->lun_lock);
5488		ctl_set_lun_not_ready(ctsio);
5489		ctl_done((union ctl_io *)ctsio);
5490	} else {
5491		mtx_unlock(&lun->lun_lock);
5492#endif /* NEEDTOPORT */
5493		/*
5494		 * This could be a start or a stop when we're online,
5495		 * or a stop/offline or start/online.  A start or stop when
5496		 * we're offline is covered in the case above.
5497		 */
5498		/*
5499		 * In the non-immediate case, we send the request to
5500		 * the backend and return status to the user when
5501		 * it is done.
5502		 *
5503		 * In the immediate case, we allocate a new ctl_io
5504		 * to hold a copy of the request, and send that to
5505		 * the backend.  We then set good status on the
5506		 * user's request and return it immediately.
5507		 */
5508		if (cdb->byte2 & SSS_IMMED) {
5509			union ctl_io *new_io;
5510
5511			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5512			ctl_copy_io((union ctl_io *)ctsio, new_io);
5513			retval = lun->backend->config_write(new_io);
5514			ctl_set_success(ctsio);
5515			ctl_done((union ctl_io *)ctsio);
5516		} else {
5517			retval = lun->backend->config_write(
5518				(union ctl_io *)ctsio);
5519		}
5520#ifdef NEEDTOPORT
5521	}
5522#endif
5523	return (retval);
5524}
5525
5526/*
5527 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5528 * we don't really do anything with the LBA and length fields if the user
5529 * passes them in.  Instead we'll just flush out the cache for the entire
5530 * LUN.
5531 */
5532int
5533ctl_sync_cache(struct ctl_scsiio *ctsio)
5534{
5535	struct ctl_lun *lun;
5536	struct ctl_softc *softc;
5537	uint64_t starting_lba;
5538	uint32_t block_count;
5539	int retval;
5540
5541	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5542
5543	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5544	softc = lun->ctl_softc;
5545	retval = 0;
5546
5547	switch (ctsio->cdb[0]) {
5548	case SYNCHRONIZE_CACHE: {
5549		struct scsi_sync_cache *cdb;
5550		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5551
5552		starting_lba = scsi_4btoul(cdb->begin_lba);
5553		block_count = scsi_2btoul(cdb->lb_count);
5554		break;
5555	}
5556	case SYNCHRONIZE_CACHE_16: {
5557		struct scsi_sync_cache_16 *cdb;
5558		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5559
5560		starting_lba = scsi_8btou64(cdb->begin_lba);
5561		block_count = scsi_4btoul(cdb->lb_count);
5562		break;
5563	}
5564	default:
5565		ctl_set_invalid_opcode(ctsio);
5566		ctl_done((union ctl_io *)ctsio);
5567		goto bailout;
5568		break; /* NOTREACHED */
5569	}
5570
5571	/*
5572	 * We check the LBA and length, but don't do anything with them.
5573	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5574	 * get flushed.  This check will just help satisfy anyone who wants
5575	 * to see an error for an out of range LBA.
5576	 */
5577	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5578		ctl_set_lba_out_of_range(ctsio);
5579		ctl_done((union ctl_io *)ctsio);
5580		goto bailout;
5581	}
5582
5583	/*
5584	 * If this LUN has no backend, we can't flush the cache anyway.
5585	 */
5586	if (lun->backend == NULL) {
5587		ctl_set_invalid_opcode(ctsio);
5588		ctl_done((union ctl_io *)ctsio);
5589		goto bailout;
5590	}
5591
5592	/*
5593	 * Check to see whether we're configured to send the SYNCHRONIZE
5594	 * CACHE command directly to the back end.
5595	 */
5596	mtx_lock(&lun->lun_lock);
5597	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5598	 && (++(lun->sync_count) >= lun->sync_interval)) {
5599		lun->sync_count = 0;
5600		mtx_unlock(&lun->lun_lock);
5601		retval = lun->backend->config_write((union ctl_io *)ctsio);
5602	} else {
5603		mtx_unlock(&lun->lun_lock);
5604		ctl_set_success(ctsio);
5605		ctl_done((union ctl_io *)ctsio);
5606	}
5607
5608bailout:
5609
5610	return (retval);
5611}
5612
5613int
5614ctl_format(struct ctl_scsiio *ctsio)
5615{
5616	struct scsi_format *cdb;
5617	struct ctl_lun *lun;
5618	int length, defect_list_len;
5619
5620	CTL_DEBUG_PRINT(("ctl_format\n"));
5621
5622	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5623
5624	cdb = (struct scsi_format *)ctsio->cdb;
5625
5626	length = 0;
5627	if (cdb->byte2 & SF_FMTDATA) {
5628		if (cdb->byte2 & SF_LONGLIST)
5629			length = sizeof(struct scsi_format_header_long);
5630		else
5631			length = sizeof(struct scsi_format_header_short);
5632	}
5633
5634	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5635	 && (length > 0)) {
5636		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5637		ctsio->kern_data_len = length;
5638		ctsio->kern_total_len = length;
5639		ctsio->kern_data_resid = 0;
5640		ctsio->kern_rel_offset = 0;
5641		ctsio->kern_sg_entries = 0;
5642		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5643		ctsio->be_move_done = ctl_config_move_done;
5644		ctl_datamove((union ctl_io *)ctsio);
5645
5646		return (CTL_RETVAL_COMPLETE);
5647	}
5648
5649	defect_list_len = 0;
5650
5651	if (cdb->byte2 & SF_FMTDATA) {
5652		if (cdb->byte2 & SF_LONGLIST) {
5653			struct scsi_format_header_long *header;
5654
5655			header = (struct scsi_format_header_long *)
5656				ctsio->kern_data_ptr;
5657
5658			defect_list_len = scsi_4btoul(header->defect_list_len);
5659			if (defect_list_len != 0) {
5660				ctl_set_invalid_field(ctsio,
5661						      /*sks_valid*/ 1,
5662						      /*command*/ 0,
5663						      /*field*/ 2,
5664						      /*bit_valid*/ 0,
5665						      /*bit*/ 0);
5666				goto bailout;
5667			}
5668		} else {
5669			struct scsi_format_header_short *header;
5670
5671			header = (struct scsi_format_header_short *)
5672				ctsio->kern_data_ptr;
5673
5674			defect_list_len = scsi_2btoul(header->defect_list_len);
5675			if (defect_list_len != 0) {
5676				ctl_set_invalid_field(ctsio,
5677						      /*sks_valid*/ 1,
5678						      /*command*/ 0,
5679						      /*field*/ 2,
5680						      /*bit_valid*/ 0,
5681						      /*bit*/ 0);
5682				goto bailout;
5683			}
5684		}
5685	}
5686
5687	/*
5688	 * The format command will clear out the "Medium format corrupted"
5689	 * status if set by the configuration code.  That status is really
5690	 * just a way to notify the host that we have lost the media, and
5691	 * get them to issue a command that will basically make them think
5692	 * they're blowing away the media.
5693	 */
5694	mtx_lock(&lun->lun_lock);
5695	lun->flags &= ~CTL_LUN_INOPERABLE;
5696	mtx_unlock(&lun->lun_lock);
5697
5698	ctl_set_success(ctsio);
5699bailout:
5700
5701	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5702		free(ctsio->kern_data_ptr, M_CTL);
5703		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5704	}
5705
5706	ctl_done((union ctl_io *)ctsio);
5707	return (CTL_RETVAL_COMPLETE);
5708}
5709
5710int
5711ctl_read_buffer(struct ctl_scsiio *ctsio)
5712{
5713	struct scsi_read_buffer *cdb;
5714	struct ctl_lun *lun;
5715	int buffer_offset, len;
5716	static uint8_t descr[4];
5717	static uint8_t echo_descr[4] = { 0 };
5718
5719	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5720
5721	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5722	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5723
5724	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5725	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5726	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5727		ctl_set_invalid_field(ctsio,
5728				      /*sks_valid*/ 1,
5729				      /*command*/ 1,
5730				      /*field*/ 1,
5731				      /*bit_valid*/ 1,
5732				      /*bit*/ 4);
5733		ctl_done((union ctl_io *)ctsio);
5734		return (CTL_RETVAL_COMPLETE);
5735	}
5736
5737	len = scsi_3btoul(cdb->length);
5738	buffer_offset = scsi_3btoul(cdb->offset);
5739
5740	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5741		ctl_set_invalid_field(ctsio,
5742				      /*sks_valid*/ 1,
5743				      /*command*/ 1,
5744				      /*field*/ 6,
5745				      /*bit_valid*/ 0,
5746				      /*bit*/ 0);
5747		ctl_done((union ctl_io *)ctsio);
5748		return (CTL_RETVAL_COMPLETE);
5749	}
5750
5751	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5752		descr[0] = 0;
5753		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5754		ctsio->kern_data_ptr = descr;
5755		len = min(len, sizeof(descr));
5756	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5757		ctsio->kern_data_ptr = echo_descr;
5758		len = min(len, sizeof(echo_descr));
5759	} else {
5760		if (lun->write_buffer == NULL) {
5761			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5762			    M_CTL, M_WAITOK);
5763		}
5764		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5765	}
5766	ctsio->kern_data_len = len;
5767	ctsio->kern_total_len = len;
5768	ctsio->kern_data_resid = 0;
5769	ctsio->kern_rel_offset = 0;
5770	ctsio->kern_sg_entries = 0;
5771	ctl_set_success(ctsio);
5772	ctsio->be_move_done = ctl_config_move_done;
5773	ctl_datamove((union ctl_io *)ctsio);
5774	return (CTL_RETVAL_COMPLETE);
5775}
5776
5777int
5778ctl_write_buffer(struct ctl_scsiio *ctsio)
5779{
5780	struct scsi_write_buffer *cdb;
5781	struct ctl_lun *lun;
5782	int buffer_offset, len;
5783
5784	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5785
5786	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5787	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5788
5789	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5790		ctl_set_invalid_field(ctsio,
5791				      /*sks_valid*/ 1,
5792				      /*command*/ 1,
5793				      /*field*/ 1,
5794				      /*bit_valid*/ 1,
5795				      /*bit*/ 4);
5796		ctl_done((union ctl_io *)ctsio);
5797		return (CTL_RETVAL_COMPLETE);
5798	}
5799
5800	len = scsi_3btoul(cdb->length);
5801	buffer_offset = scsi_3btoul(cdb->offset);
5802
5803	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5804		ctl_set_invalid_field(ctsio,
5805				      /*sks_valid*/ 1,
5806				      /*command*/ 1,
5807				      /*field*/ 6,
5808				      /*bit_valid*/ 0,
5809				      /*bit*/ 0);
5810		ctl_done((union ctl_io *)ctsio);
5811		return (CTL_RETVAL_COMPLETE);
5812	}
5813
5814	/*
5815	 * If we've got a kernel request that hasn't been malloced yet,
5816	 * malloc it and tell the caller the data buffer is here.
5817	 */
5818	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5819		if (lun->write_buffer == NULL) {
5820			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5821			    M_CTL, M_WAITOK);
5822		}
5823		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5824		ctsio->kern_data_len = len;
5825		ctsio->kern_total_len = len;
5826		ctsio->kern_data_resid = 0;
5827		ctsio->kern_rel_offset = 0;
5828		ctsio->kern_sg_entries = 0;
5829		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5830		ctsio->be_move_done = ctl_config_move_done;
5831		ctl_datamove((union ctl_io *)ctsio);
5832
5833		return (CTL_RETVAL_COMPLETE);
5834	}
5835
5836	ctl_set_success(ctsio);
5837	ctl_done((union ctl_io *)ctsio);
5838	return (CTL_RETVAL_COMPLETE);
5839}
5840
5841int
5842ctl_write_same(struct ctl_scsiio *ctsio)
5843{
5844	struct ctl_lun *lun;
5845	struct ctl_lba_len_flags *lbalen;
5846	uint64_t lba;
5847	uint32_t num_blocks;
5848	int len, retval;
5849	uint8_t byte2;
5850
5851	retval = CTL_RETVAL_COMPLETE;
5852
5853	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5854
5855	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5856
5857	switch (ctsio->cdb[0]) {
5858	case WRITE_SAME_10: {
5859		struct scsi_write_same_10 *cdb;
5860
5861		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5862
5863		lba = scsi_4btoul(cdb->addr);
5864		num_blocks = scsi_2btoul(cdb->length);
5865		byte2 = cdb->byte2;
5866		break;
5867	}
5868	case WRITE_SAME_16: {
5869		struct scsi_write_same_16 *cdb;
5870
5871		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5872
5873		lba = scsi_8btou64(cdb->addr);
5874		num_blocks = scsi_4btoul(cdb->length);
5875		byte2 = cdb->byte2;
5876		break;
5877	}
5878	default:
5879		/*
5880		 * We got a command we don't support.  This shouldn't
5881		 * happen, commands should be filtered out above us.
5882		 */
5883		ctl_set_invalid_opcode(ctsio);
5884		ctl_done((union ctl_io *)ctsio);
5885
5886		return (CTL_RETVAL_COMPLETE);
5887		break; /* NOTREACHED */
5888	}
5889
5890	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5891	if ((byte2 & SWS_UNMAP) == 0 &&
5892	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5893		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5894		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5895		ctl_done((union ctl_io *)ctsio);
5896		return (CTL_RETVAL_COMPLETE);
5897	}
5898
5899	/*
5900	 * The first check is to make sure we're in bounds, the second
5901	 * check is to catch wrap-around problems.  If the lba + num blocks
5902	 * is less than the lba, then we've wrapped around and the block
5903	 * range is invalid anyway.
5904	 */
5905	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5906	 || ((lba + num_blocks) < lba)) {
5907		ctl_set_lba_out_of_range(ctsio);
5908		ctl_done((union ctl_io *)ctsio);
5909		return (CTL_RETVAL_COMPLETE);
5910	}
5911
5912	/* Zero number of blocks means "to the last logical block" */
5913	if (num_blocks == 0) {
5914		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5915			ctl_set_invalid_field(ctsio,
5916					      /*sks_valid*/ 0,
5917					      /*command*/ 1,
5918					      /*field*/ 0,
5919					      /*bit_valid*/ 0,
5920					      /*bit*/ 0);
5921			ctl_done((union ctl_io *)ctsio);
5922			return (CTL_RETVAL_COMPLETE);
5923		}
5924		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5925	}
5926
5927	len = lun->be_lun->blocksize;
5928
5929	/*
5930	 * If we've got a kernel request that hasn't been malloced yet,
5931	 * malloc it and tell the caller the data buffer is here.
5932	 */
5933	if ((byte2 & SWS_NDOB) == 0 &&
5934	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5935		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5936		ctsio->kern_data_len = len;
5937		ctsio->kern_total_len = len;
5938		ctsio->kern_data_resid = 0;
5939		ctsio->kern_rel_offset = 0;
5940		ctsio->kern_sg_entries = 0;
5941		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5942		ctsio->be_move_done = ctl_config_move_done;
5943		ctl_datamove((union ctl_io *)ctsio);
5944
5945		return (CTL_RETVAL_COMPLETE);
5946	}
5947
5948	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5949	lbalen->lba = lba;
5950	lbalen->len = num_blocks;
5951	lbalen->flags = byte2;
5952	retval = lun->backend->config_write((union ctl_io *)ctsio);
5953
5954	return (retval);
5955}
5956
5957int
5958ctl_unmap(struct ctl_scsiio *ctsio)
5959{
5960	struct ctl_lun *lun;
5961	struct scsi_unmap *cdb;
5962	struct ctl_ptr_len_flags *ptrlen;
5963	struct scsi_unmap_header *hdr;
5964	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5965	uint64_t lba;
5966	uint32_t num_blocks;
5967	int len, retval;
5968	uint8_t byte2;
5969
5970	retval = CTL_RETVAL_COMPLETE;
5971
5972	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5973
5974	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5975	cdb = (struct scsi_unmap *)ctsio->cdb;
5976
5977	len = scsi_2btoul(cdb->length);
5978	byte2 = cdb->byte2;
5979
5980	/*
5981	 * If we've got a kernel request that hasn't been malloced yet,
5982	 * malloc it and tell the caller the data buffer is here.
5983	 */
5984	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5985		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5986		ctsio->kern_data_len = len;
5987		ctsio->kern_total_len = len;
5988		ctsio->kern_data_resid = 0;
5989		ctsio->kern_rel_offset = 0;
5990		ctsio->kern_sg_entries = 0;
5991		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5992		ctsio->be_move_done = ctl_config_move_done;
5993		ctl_datamove((union ctl_io *)ctsio);
5994
5995		return (CTL_RETVAL_COMPLETE);
5996	}
5997
5998	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5999	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
6000	if (len < sizeof (*hdr) ||
6001	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
6002	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
6003	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
6004		ctl_set_invalid_field(ctsio,
6005				      /*sks_valid*/ 0,
6006				      /*command*/ 0,
6007				      /*field*/ 0,
6008				      /*bit_valid*/ 0,
6009				      /*bit*/ 0);
6010		goto done;
6011	}
6012	len = scsi_2btoul(hdr->desc_length);
6013	buf = (struct scsi_unmap_desc *)(hdr + 1);
6014	end = buf + len / sizeof(*buf);
6015
6016	endnz = buf;
6017	for (range = buf; range < end; range++) {
6018		lba = scsi_8btou64(range->lba);
6019		num_blocks = scsi_4btoul(range->length);
6020		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6021		 || ((lba + num_blocks) < lba)) {
6022			ctl_set_lba_out_of_range(ctsio);
6023			ctl_done((union ctl_io *)ctsio);
6024			return (CTL_RETVAL_COMPLETE);
6025		}
6026		if (num_blocks != 0)
6027			endnz = range + 1;
6028	}
6029
6030	/*
6031	 * Block backend can not handle zero last range.
6032	 * Filter it out and return if there is nothing left.
6033	 */
6034	len = (uint8_t *)endnz - (uint8_t *)buf;
6035	if (len == 0) {
6036		ctl_set_success(ctsio);
6037		goto done;
6038	}
6039
6040	mtx_lock(&lun->lun_lock);
6041	ptrlen = (struct ctl_ptr_len_flags *)
6042	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6043	ptrlen->ptr = (void *)buf;
6044	ptrlen->len = len;
6045	ptrlen->flags = byte2;
6046	ctl_check_blocked(lun);
6047	mtx_unlock(&lun->lun_lock);
6048
6049	retval = lun->backend->config_write((union ctl_io *)ctsio);
6050	return (retval);
6051
6052done:
6053	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
6054		free(ctsio->kern_data_ptr, M_CTL);
6055		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
6056	}
6057	ctl_done((union ctl_io *)ctsio);
6058	return (CTL_RETVAL_COMPLETE);
6059}
6060
6061/*
6062 * Note that this function currently doesn't actually do anything inside
6063 * CTL to enforce things if the DQue bit is turned on.
6064 *
6065 * Also note that this function can't be used in the default case, because
6066 * the DQue bit isn't set in the changeable mask for the control mode page
6067 * anyway.  This is just here as an example for how to implement a page
6068 * handler, and a placeholder in case we want to allow the user to turn
6069 * tagged queueing on and off.
6070 *
6071 * The D_SENSE bit handling is functional, however, and will turn
6072 * descriptor sense on and off for a given LUN.
6073 */
6074int
6075ctl_control_page_handler(struct ctl_scsiio *ctsio,
6076			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6077{
6078	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6079	struct ctl_lun *lun;
6080	int set_ua;
6081	uint32_t initidx;
6082
6083	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6084	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6085	set_ua = 0;
6086
6087	user_cp = (struct scsi_control_page *)page_ptr;
6088	current_cp = (struct scsi_control_page *)
6089		(page_index->page_data + (page_index->page_len *
6090		CTL_PAGE_CURRENT));
6091	saved_cp = (struct scsi_control_page *)
6092		(page_index->page_data + (page_index->page_len *
6093		CTL_PAGE_SAVED));
6094
6095	mtx_lock(&lun->lun_lock);
6096	if (((current_cp->rlec & SCP_DSENSE) == 0)
6097	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6098		/*
6099		 * Descriptor sense is currently turned off and the user
6100		 * wants to turn it on.
6101		 */
6102		current_cp->rlec |= SCP_DSENSE;
6103		saved_cp->rlec |= SCP_DSENSE;
6104		lun->flags |= CTL_LUN_SENSE_DESC;
6105		set_ua = 1;
6106	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6107		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6108		/*
6109		 * Descriptor sense is currently turned on, and the user
6110		 * wants to turn it off.
6111		 */
6112		current_cp->rlec &= ~SCP_DSENSE;
6113		saved_cp->rlec &= ~SCP_DSENSE;
6114		lun->flags &= ~CTL_LUN_SENSE_DESC;
6115		set_ua = 1;
6116	}
6117	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6118	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6119		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6120		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6121		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6122		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6123		set_ua = 1;
6124	}
6125	if ((current_cp->eca_and_aen & SCP_SWP) !=
6126	    (user_cp->eca_and_aen & SCP_SWP)) {
6127		current_cp->eca_and_aen &= ~SCP_SWP;
6128		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6129		saved_cp->eca_and_aen &= ~SCP_SWP;
6130		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6131		set_ua = 1;
6132	}
6133	if (set_ua != 0)
6134		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6135	mtx_unlock(&lun->lun_lock);
6136
6137	return (0);
6138}
6139
6140int
6141ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6142		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6143{
6144	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6145	struct ctl_lun *lun;
6146	int set_ua;
6147	uint32_t initidx;
6148
6149	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6150	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6151	set_ua = 0;
6152
6153	user_cp = (struct scsi_caching_page *)page_ptr;
6154	current_cp = (struct scsi_caching_page *)
6155		(page_index->page_data + (page_index->page_len *
6156		CTL_PAGE_CURRENT));
6157	saved_cp = (struct scsi_caching_page *)
6158		(page_index->page_data + (page_index->page_len *
6159		CTL_PAGE_SAVED));
6160
6161	mtx_lock(&lun->lun_lock);
6162	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6163	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6164		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6165		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6166		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6167		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6168		set_ua = 1;
6169	}
6170	if (set_ua != 0)
6171		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6172	mtx_unlock(&lun->lun_lock);
6173
6174	return (0);
6175}
6176
6177int
6178ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6179				struct ctl_page_index *page_index,
6180				uint8_t *page_ptr)
6181{
6182	uint8_t *c;
6183	int i;
6184
6185	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6186	ctl_time_io_secs =
6187		(c[0] << 8) |
6188		(c[1] << 0) |
6189		0;
6190	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6191	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6192	printf("page data:");
6193	for (i=0; i<8; i++)
6194		printf(" %.2x",page_ptr[i]);
6195	printf("\n");
6196	return (0);
6197}
6198
6199int
6200ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6201			       struct ctl_page_index *page_index,
6202			       int pc)
6203{
6204	struct copan_debugconf_subpage *page;
6205
6206	page = (struct copan_debugconf_subpage *)page_index->page_data +
6207		(page_index->page_len * pc);
6208
6209	switch (pc) {
6210	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6211	case SMS_PAGE_CTRL_DEFAULT >> 6:
6212	case SMS_PAGE_CTRL_SAVED >> 6:
6213		/*
6214		 * We don't update the changable or default bits for this page.
6215		 */
6216		break;
6217	case SMS_PAGE_CTRL_CURRENT >> 6:
6218		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6219		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6220		break;
6221	default:
6222#ifdef NEEDTOPORT
6223		EPRINT(0, "Invalid PC %d!!", pc);
6224#endif /* NEEDTOPORT */
6225		break;
6226	}
6227	return (0);
6228}
6229
6230
6231static int
6232ctl_do_mode_select(union ctl_io *io)
6233{
6234	struct scsi_mode_page_header *page_header;
6235	struct ctl_page_index *page_index;
6236	struct ctl_scsiio *ctsio;
6237	int control_dev, page_len;
6238	int page_len_offset, page_len_size;
6239	union ctl_modepage_info *modepage_info;
6240	struct ctl_lun *lun;
6241	int *len_left, *len_used;
6242	int retval, i;
6243
6244	ctsio = &io->scsiio;
6245	page_index = NULL;
6246	page_len = 0;
6247	retval = CTL_RETVAL_COMPLETE;
6248
6249	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6250
6251	if (lun->be_lun->lun_type != T_DIRECT)
6252		control_dev = 1;
6253	else
6254		control_dev = 0;
6255
6256	modepage_info = (union ctl_modepage_info *)
6257		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6258	len_left = &modepage_info->header.len_left;
6259	len_used = &modepage_info->header.len_used;
6260
6261do_next_page:
6262
6263	page_header = (struct scsi_mode_page_header *)
6264		(ctsio->kern_data_ptr + *len_used);
6265
6266	if (*len_left == 0) {
6267		free(ctsio->kern_data_ptr, M_CTL);
6268		ctl_set_success(ctsio);
6269		ctl_done((union ctl_io *)ctsio);
6270		return (CTL_RETVAL_COMPLETE);
6271	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6272
6273		free(ctsio->kern_data_ptr, M_CTL);
6274		ctl_set_param_len_error(ctsio);
6275		ctl_done((union ctl_io *)ctsio);
6276		return (CTL_RETVAL_COMPLETE);
6277
6278	} else if ((page_header->page_code & SMPH_SPF)
6279		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6280
6281		free(ctsio->kern_data_ptr, M_CTL);
6282		ctl_set_param_len_error(ctsio);
6283		ctl_done((union ctl_io *)ctsio);
6284		return (CTL_RETVAL_COMPLETE);
6285	}
6286
6287
6288	/*
6289	 * XXX KDM should we do something with the block descriptor?
6290	 */
6291	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6292
6293		if ((control_dev != 0)
6294		 && (lun->mode_pages.index[i].page_flags &
6295		     CTL_PAGE_FLAG_DISK_ONLY))
6296			continue;
6297
6298		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6299		    (page_header->page_code & SMPH_PC_MASK))
6300			continue;
6301
6302		/*
6303		 * If neither page has a subpage code, then we've got a
6304		 * match.
6305		 */
6306		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6307		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6308			page_index = &lun->mode_pages.index[i];
6309			page_len = page_header->page_length;
6310			break;
6311		}
6312
6313		/*
6314		 * If both pages have subpages, then the subpage numbers
6315		 * have to match.
6316		 */
6317		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6318		  && (page_header->page_code & SMPH_SPF)) {
6319			struct scsi_mode_page_header_sp *sph;
6320
6321			sph = (struct scsi_mode_page_header_sp *)page_header;
6322
6323			if (lun->mode_pages.index[i].subpage ==
6324			    sph->subpage) {
6325				page_index = &lun->mode_pages.index[i];
6326				page_len = scsi_2btoul(sph->page_length);
6327				break;
6328			}
6329		}
6330	}
6331
6332	/*
6333	 * If we couldn't find the page, or if we don't have a mode select
6334	 * handler for it, send back an error to the user.
6335	 */
6336	if ((page_index == NULL)
6337	 || (page_index->select_handler == NULL)) {
6338		ctl_set_invalid_field(ctsio,
6339				      /*sks_valid*/ 1,
6340				      /*command*/ 0,
6341				      /*field*/ *len_used,
6342				      /*bit_valid*/ 0,
6343				      /*bit*/ 0);
6344		free(ctsio->kern_data_ptr, M_CTL);
6345		ctl_done((union ctl_io *)ctsio);
6346		return (CTL_RETVAL_COMPLETE);
6347	}
6348
6349	if (page_index->page_code & SMPH_SPF) {
6350		page_len_offset = 2;
6351		page_len_size = 2;
6352	} else {
6353		page_len_size = 1;
6354		page_len_offset = 1;
6355	}
6356
6357	/*
6358	 * If the length the initiator gives us isn't the one we specify in
6359	 * the mode page header, or if they didn't specify enough data in
6360	 * the CDB to avoid truncating this page, kick out the request.
6361	 */
6362	if ((page_len != (page_index->page_len - page_len_offset -
6363			  page_len_size))
6364	 || (*len_left < page_index->page_len)) {
6365
6366
6367		ctl_set_invalid_field(ctsio,
6368				      /*sks_valid*/ 1,
6369				      /*command*/ 0,
6370				      /*field*/ *len_used + page_len_offset,
6371				      /*bit_valid*/ 0,
6372				      /*bit*/ 0);
6373		free(ctsio->kern_data_ptr, M_CTL);
6374		ctl_done((union ctl_io *)ctsio);
6375		return (CTL_RETVAL_COMPLETE);
6376	}
6377
6378	/*
6379	 * Run through the mode page, checking to make sure that the bits
6380	 * the user changed are actually legal for him to change.
6381	 */
6382	for (i = 0; i < page_index->page_len; i++) {
6383		uint8_t *user_byte, *change_mask, *current_byte;
6384		int bad_bit;
6385		int j;
6386
6387		user_byte = (uint8_t *)page_header + i;
6388		change_mask = page_index->page_data +
6389			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6390		current_byte = page_index->page_data +
6391			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6392
6393		/*
6394		 * Check to see whether the user set any bits in this byte
6395		 * that he is not allowed to set.
6396		 */
6397		if ((*user_byte & ~(*change_mask)) ==
6398		    (*current_byte & ~(*change_mask)))
6399			continue;
6400
6401		/*
6402		 * Go through bit by bit to determine which one is illegal.
6403		 */
6404		bad_bit = 0;
6405		for (j = 7; j >= 0; j--) {
6406			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6407			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6408				bad_bit = i;
6409				break;
6410			}
6411		}
6412		ctl_set_invalid_field(ctsio,
6413				      /*sks_valid*/ 1,
6414				      /*command*/ 0,
6415				      /*field*/ *len_used + i,
6416				      /*bit_valid*/ 1,
6417				      /*bit*/ bad_bit);
6418		free(ctsio->kern_data_ptr, M_CTL);
6419		ctl_done((union ctl_io *)ctsio);
6420		return (CTL_RETVAL_COMPLETE);
6421	}
6422
6423	/*
6424	 * Decrement these before we call the page handler, since we may
6425	 * end up getting called back one way or another before the handler
6426	 * returns to this context.
6427	 */
6428	*len_left -= page_index->page_len;
6429	*len_used += page_index->page_len;
6430
6431	retval = page_index->select_handler(ctsio, page_index,
6432					    (uint8_t *)page_header);
6433
6434	/*
6435	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6436	 * wait until this queued command completes to finish processing
6437	 * the mode page.  If it returns anything other than
6438	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6439	 * already set the sense information, freed the data pointer, and
6440	 * completed the io for us.
6441	 */
6442	if (retval != CTL_RETVAL_COMPLETE)
6443		goto bailout_no_done;
6444
6445	/*
6446	 * If the initiator sent us more than one page, parse the next one.
6447	 */
6448	if (*len_left > 0)
6449		goto do_next_page;
6450
6451	ctl_set_success(ctsio);
6452	free(ctsio->kern_data_ptr, M_CTL);
6453	ctl_done((union ctl_io *)ctsio);
6454
6455bailout_no_done:
6456
6457	return (CTL_RETVAL_COMPLETE);
6458
6459}
6460
6461int
6462ctl_mode_select(struct ctl_scsiio *ctsio)
6463{
6464	int param_len, pf, sp;
6465	int header_size, bd_len;
6466	int len_left, len_used;
6467	struct ctl_page_index *page_index;
6468	struct ctl_lun *lun;
6469	int control_dev, page_len;
6470	union ctl_modepage_info *modepage_info;
6471	int retval;
6472
6473	pf = 0;
6474	sp = 0;
6475	page_len = 0;
6476	len_used = 0;
6477	len_left = 0;
6478	retval = 0;
6479	bd_len = 0;
6480	page_index = NULL;
6481
6482	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6483
6484	if (lun->be_lun->lun_type != T_DIRECT)
6485		control_dev = 1;
6486	else
6487		control_dev = 0;
6488
6489	switch (ctsio->cdb[0]) {
6490	case MODE_SELECT_6: {
6491		struct scsi_mode_select_6 *cdb;
6492
6493		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6494
6495		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6496		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6497
6498		param_len = cdb->length;
6499		header_size = sizeof(struct scsi_mode_header_6);
6500		break;
6501	}
6502	case MODE_SELECT_10: {
6503		struct scsi_mode_select_10 *cdb;
6504
6505		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6506
6507		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6508		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6509
6510		param_len = scsi_2btoul(cdb->length);
6511		header_size = sizeof(struct scsi_mode_header_10);
6512		break;
6513	}
6514	default:
6515		ctl_set_invalid_opcode(ctsio);
6516		ctl_done((union ctl_io *)ctsio);
6517		return (CTL_RETVAL_COMPLETE);
6518		break; /* NOTREACHED */
6519	}
6520
6521	/*
6522	 * From SPC-3:
6523	 * "A parameter list length of zero indicates that the Data-Out Buffer
6524	 * shall be empty. This condition shall not be considered as an error."
6525	 */
6526	if (param_len == 0) {
6527		ctl_set_success(ctsio);
6528		ctl_done((union ctl_io *)ctsio);
6529		return (CTL_RETVAL_COMPLETE);
6530	}
6531
6532	/*
6533	 * Since we'll hit this the first time through, prior to
6534	 * allocation, we don't need to free a data buffer here.
6535	 */
6536	if (param_len < header_size) {
6537		ctl_set_param_len_error(ctsio);
6538		ctl_done((union ctl_io *)ctsio);
6539		return (CTL_RETVAL_COMPLETE);
6540	}
6541
6542	/*
6543	 * Allocate the data buffer and grab the user's data.  In theory,
6544	 * we shouldn't have to sanity check the parameter list length here
6545	 * because the maximum size is 64K.  We should be able to malloc
6546	 * that much without too many problems.
6547	 */
6548	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6549		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6550		ctsio->kern_data_len = param_len;
6551		ctsio->kern_total_len = param_len;
6552		ctsio->kern_data_resid = 0;
6553		ctsio->kern_rel_offset = 0;
6554		ctsio->kern_sg_entries = 0;
6555		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6556		ctsio->be_move_done = ctl_config_move_done;
6557		ctl_datamove((union ctl_io *)ctsio);
6558
6559		return (CTL_RETVAL_COMPLETE);
6560	}
6561
6562	switch (ctsio->cdb[0]) {
6563	case MODE_SELECT_6: {
6564		struct scsi_mode_header_6 *mh6;
6565
6566		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6567		bd_len = mh6->blk_desc_len;
6568		break;
6569	}
6570	case MODE_SELECT_10: {
6571		struct scsi_mode_header_10 *mh10;
6572
6573		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6574		bd_len = scsi_2btoul(mh10->blk_desc_len);
6575		break;
6576	}
6577	default:
6578		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6579		break;
6580	}
6581
6582	if (param_len < (header_size + bd_len)) {
6583		free(ctsio->kern_data_ptr, M_CTL);
6584		ctl_set_param_len_error(ctsio);
6585		ctl_done((union ctl_io *)ctsio);
6586		return (CTL_RETVAL_COMPLETE);
6587	}
6588
6589	/*
6590	 * Set the IO_CONT flag, so that if this I/O gets passed to
6591	 * ctl_config_write_done(), it'll get passed back to
6592	 * ctl_do_mode_select() for further processing, or completion if
6593	 * we're all done.
6594	 */
6595	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6596	ctsio->io_cont = ctl_do_mode_select;
6597
6598	modepage_info = (union ctl_modepage_info *)
6599		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6600
6601	memset(modepage_info, 0, sizeof(*modepage_info));
6602
6603	len_left = param_len - header_size - bd_len;
6604	len_used = header_size + bd_len;
6605
6606	modepage_info->header.len_left = len_left;
6607	modepage_info->header.len_used = len_used;
6608
6609	return (ctl_do_mode_select((union ctl_io *)ctsio));
6610}
6611
6612int
6613ctl_mode_sense(struct ctl_scsiio *ctsio)
6614{
6615	struct ctl_lun *lun;
6616	int pc, page_code, dbd, llba, subpage;
6617	int alloc_len, page_len, header_len, total_len;
6618	struct scsi_mode_block_descr *block_desc;
6619	struct ctl_page_index *page_index;
6620	int control_dev;
6621
6622	dbd = 0;
6623	llba = 0;
6624	block_desc = NULL;
6625	page_index = NULL;
6626
6627	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6628
6629	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6630
6631	if (lun->be_lun->lun_type != T_DIRECT)
6632		control_dev = 1;
6633	else
6634		control_dev = 0;
6635
6636	switch (ctsio->cdb[0]) {
6637	case MODE_SENSE_6: {
6638		struct scsi_mode_sense_6 *cdb;
6639
6640		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6641
6642		header_len = sizeof(struct scsi_mode_hdr_6);
6643		if (cdb->byte2 & SMS_DBD)
6644			dbd = 1;
6645		else
6646			header_len += sizeof(struct scsi_mode_block_descr);
6647
6648		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6649		page_code = cdb->page & SMS_PAGE_CODE;
6650		subpage = cdb->subpage;
6651		alloc_len = cdb->length;
6652		break;
6653	}
6654	case MODE_SENSE_10: {
6655		struct scsi_mode_sense_10 *cdb;
6656
6657		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6658
6659		header_len = sizeof(struct scsi_mode_hdr_10);
6660
6661		if (cdb->byte2 & SMS_DBD)
6662			dbd = 1;
6663		else
6664			header_len += sizeof(struct scsi_mode_block_descr);
6665		if (cdb->byte2 & SMS10_LLBAA)
6666			llba = 1;
6667		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6668		page_code = cdb->page & SMS_PAGE_CODE;
6669		subpage = cdb->subpage;
6670		alloc_len = scsi_2btoul(cdb->length);
6671		break;
6672	}
6673	default:
6674		ctl_set_invalid_opcode(ctsio);
6675		ctl_done((union ctl_io *)ctsio);
6676		return (CTL_RETVAL_COMPLETE);
6677		break; /* NOTREACHED */
6678	}
6679
6680	/*
6681	 * We have to make a first pass through to calculate the size of
6682	 * the pages that match the user's query.  Then we allocate enough
6683	 * memory to hold it, and actually copy the data into the buffer.
6684	 */
6685	switch (page_code) {
6686	case SMS_ALL_PAGES_PAGE: {
6687		int i;
6688
6689		page_len = 0;
6690
6691		/*
6692		 * At the moment, values other than 0 and 0xff here are
6693		 * reserved according to SPC-3.
6694		 */
6695		if ((subpage != SMS_SUBPAGE_PAGE_0)
6696		 && (subpage != SMS_SUBPAGE_ALL)) {
6697			ctl_set_invalid_field(ctsio,
6698					      /*sks_valid*/ 1,
6699					      /*command*/ 1,
6700					      /*field*/ 3,
6701					      /*bit_valid*/ 0,
6702					      /*bit*/ 0);
6703			ctl_done((union ctl_io *)ctsio);
6704			return (CTL_RETVAL_COMPLETE);
6705		}
6706
6707		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6708			if ((control_dev != 0)
6709			 && (lun->mode_pages.index[i].page_flags &
6710			     CTL_PAGE_FLAG_DISK_ONLY))
6711				continue;
6712
6713			/*
6714			 * We don't use this subpage if the user didn't
6715			 * request all subpages.
6716			 */
6717			if ((lun->mode_pages.index[i].subpage != 0)
6718			 && (subpage == SMS_SUBPAGE_PAGE_0))
6719				continue;
6720
6721#if 0
6722			printf("found page %#x len %d\n",
6723			       lun->mode_pages.index[i].page_code &
6724			       SMPH_PC_MASK,
6725			       lun->mode_pages.index[i].page_len);
6726#endif
6727			page_len += lun->mode_pages.index[i].page_len;
6728		}
6729		break;
6730	}
6731	default: {
6732		int i;
6733
6734		page_len = 0;
6735
6736		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6737			/* Look for the right page code */
6738			if ((lun->mode_pages.index[i].page_code &
6739			     SMPH_PC_MASK) != page_code)
6740				continue;
6741
6742			/* Look for the right subpage or the subpage wildcard*/
6743			if ((lun->mode_pages.index[i].subpage != subpage)
6744			 && (subpage != SMS_SUBPAGE_ALL))
6745				continue;
6746
6747			/* Make sure the page is supported for this dev type */
6748			if ((control_dev != 0)
6749			 && (lun->mode_pages.index[i].page_flags &
6750			     CTL_PAGE_FLAG_DISK_ONLY))
6751				continue;
6752
6753#if 0
6754			printf("found page %#x len %d\n",
6755			       lun->mode_pages.index[i].page_code &
6756			       SMPH_PC_MASK,
6757			       lun->mode_pages.index[i].page_len);
6758#endif
6759
6760			page_len += lun->mode_pages.index[i].page_len;
6761		}
6762
6763		if (page_len == 0) {
6764			ctl_set_invalid_field(ctsio,
6765					      /*sks_valid*/ 1,
6766					      /*command*/ 1,
6767					      /*field*/ 2,
6768					      /*bit_valid*/ 1,
6769					      /*bit*/ 5);
6770			ctl_done((union ctl_io *)ctsio);
6771			return (CTL_RETVAL_COMPLETE);
6772		}
6773		break;
6774	}
6775	}
6776
6777	total_len = header_len + page_len;
6778#if 0
6779	printf("header_len = %d, page_len = %d, total_len = %d\n",
6780	       header_len, page_len, total_len);
6781#endif
6782
6783	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6784	ctsio->kern_sg_entries = 0;
6785	ctsio->kern_data_resid = 0;
6786	ctsio->kern_rel_offset = 0;
6787	if (total_len < alloc_len) {
6788		ctsio->residual = alloc_len - total_len;
6789		ctsio->kern_data_len = total_len;
6790		ctsio->kern_total_len = total_len;
6791	} else {
6792		ctsio->residual = 0;
6793		ctsio->kern_data_len = alloc_len;
6794		ctsio->kern_total_len = alloc_len;
6795	}
6796
6797	switch (ctsio->cdb[0]) {
6798	case MODE_SENSE_6: {
6799		struct scsi_mode_hdr_6 *header;
6800
6801		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6802
6803		header->datalen = MIN(total_len - 1, 254);
6804		if (control_dev == 0) {
6805			header->dev_specific = 0x10; /* DPOFUA */
6806			if ((lun->flags & CTL_LUN_READONLY) ||
6807			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6808			    .eca_and_aen & SCP_SWP) != 0)
6809				    header->dev_specific |= 0x80; /* WP */
6810		}
6811		if (dbd)
6812			header->block_descr_len = 0;
6813		else
6814			header->block_descr_len =
6815				sizeof(struct scsi_mode_block_descr);
6816		block_desc = (struct scsi_mode_block_descr *)&header[1];
6817		break;
6818	}
6819	case MODE_SENSE_10: {
6820		struct scsi_mode_hdr_10 *header;
6821		int datalen;
6822
6823		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6824
6825		datalen = MIN(total_len - 2, 65533);
6826		scsi_ulto2b(datalen, header->datalen);
6827		if (control_dev == 0) {
6828			header->dev_specific = 0x10; /* DPOFUA */
6829			if ((lun->flags & CTL_LUN_READONLY) ||
6830			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6831			    .eca_and_aen & SCP_SWP) != 0)
6832				    header->dev_specific |= 0x80; /* WP */
6833		}
6834		if (dbd)
6835			scsi_ulto2b(0, header->block_descr_len);
6836		else
6837			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6838				    header->block_descr_len);
6839		block_desc = (struct scsi_mode_block_descr *)&header[1];
6840		break;
6841	}
6842	default:
6843		panic("invalid CDB type %#x", ctsio->cdb[0]);
6844		break; /* NOTREACHED */
6845	}
6846
6847	/*
6848	 * If we've got a disk, use its blocksize in the block
6849	 * descriptor.  Otherwise, just set it to 0.
6850	 */
6851	if (dbd == 0) {
6852		if (control_dev == 0)
6853			scsi_ulto3b(lun->be_lun->blocksize,
6854				    block_desc->block_len);
6855		else
6856			scsi_ulto3b(0, block_desc->block_len);
6857	}
6858
6859	switch (page_code) {
6860	case SMS_ALL_PAGES_PAGE: {
6861		int i, data_used;
6862
6863		data_used = header_len;
6864		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6865			struct ctl_page_index *page_index;
6866
6867			page_index = &lun->mode_pages.index[i];
6868
6869			if ((control_dev != 0)
6870			 && (page_index->page_flags &
6871			    CTL_PAGE_FLAG_DISK_ONLY))
6872				continue;
6873
6874			/*
6875			 * We don't use this subpage if the user didn't
6876			 * request all subpages.  We already checked (above)
6877			 * to make sure the user only specified a subpage
6878			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6879			 */
6880			if ((page_index->subpage != 0)
6881			 && (subpage == SMS_SUBPAGE_PAGE_0))
6882				continue;
6883
6884			/*
6885			 * Call the handler, if it exists, to update the
6886			 * page to the latest values.
6887			 */
6888			if (page_index->sense_handler != NULL)
6889				page_index->sense_handler(ctsio, page_index,pc);
6890
6891			memcpy(ctsio->kern_data_ptr + data_used,
6892			       page_index->page_data +
6893			       (page_index->page_len * pc),
6894			       page_index->page_len);
6895			data_used += page_index->page_len;
6896		}
6897		break;
6898	}
6899	default: {
6900		int i, data_used;
6901
6902		data_used = header_len;
6903
6904		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6905			struct ctl_page_index *page_index;
6906
6907			page_index = &lun->mode_pages.index[i];
6908
6909			/* Look for the right page code */
6910			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6911				continue;
6912
6913			/* Look for the right subpage or the subpage wildcard*/
6914			if ((page_index->subpage != subpage)
6915			 && (subpage != SMS_SUBPAGE_ALL))
6916				continue;
6917
6918			/* Make sure the page is supported for this dev type */
6919			if ((control_dev != 0)
6920			 && (page_index->page_flags &
6921			     CTL_PAGE_FLAG_DISK_ONLY))
6922				continue;
6923
6924			/*
6925			 * Call the handler, if it exists, to update the
6926			 * page to the latest values.
6927			 */
6928			if (page_index->sense_handler != NULL)
6929				page_index->sense_handler(ctsio, page_index,pc);
6930
6931			memcpy(ctsio->kern_data_ptr + data_used,
6932			       page_index->page_data +
6933			       (page_index->page_len * pc),
6934			       page_index->page_len);
6935			data_used += page_index->page_len;
6936		}
6937		break;
6938	}
6939	}
6940
6941	ctl_set_success(ctsio);
6942	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6943	ctsio->be_move_done = ctl_config_move_done;
6944	ctl_datamove((union ctl_io *)ctsio);
6945	return (CTL_RETVAL_COMPLETE);
6946}
6947
6948int
6949ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6950			       struct ctl_page_index *page_index,
6951			       int pc)
6952{
6953	struct ctl_lun *lun;
6954	struct scsi_log_param_header *phdr;
6955	uint8_t *data;
6956	uint64_t val;
6957
6958	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6959	data = page_index->page_data;
6960
6961	if (lun->backend->lun_attr != NULL &&
6962	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6963	     != UINT64_MAX) {
6964		phdr = (struct scsi_log_param_header *)data;
6965		scsi_ulto2b(0x0001, phdr->param_code);
6966		phdr->param_control = SLP_LBIN | SLP_LP;
6967		phdr->param_len = 8;
6968		data = (uint8_t *)(phdr + 1);
6969		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6970		data[4] = 0x02; /* per-pool */
6971		data += phdr->param_len;
6972	}
6973
6974	if (lun->backend->lun_attr != NULL &&
6975	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6976	     != UINT64_MAX) {
6977		phdr = (struct scsi_log_param_header *)data;
6978		scsi_ulto2b(0x0002, phdr->param_code);
6979		phdr->param_control = SLP_LBIN | SLP_LP;
6980		phdr->param_len = 8;
6981		data = (uint8_t *)(phdr + 1);
6982		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6983		data[4] = 0x01; /* per-LUN */
6984		data += phdr->param_len;
6985	}
6986
6987	if (lun->backend->lun_attr != NULL &&
6988	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6989	     != UINT64_MAX) {
6990		phdr = (struct scsi_log_param_header *)data;
6991		scsi_ulto2b(0x00f1, phdr->param_code);
6992		phdr->param_control = SLP_LBIN | SLP_LP;
6993		phdr->param_len = 8;
6994		data = (uint8_t *)(phdr + 1);
6995		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6996		data[4] = 0x02; /* per-pool */
6997		data += phdr->param_len;
6998	}
6999
7000	if (lun->backend->lun_attr != NULL &&
7001	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
7002	     != UINT64_MAX) {
7003		phdr = (struct scsi_log_param_header *)data;
7004		scsi_ulto2b(0x00f2, phdr->param_code);
7005		phdr->param_control = SLP_LBIN | SLP_LP;
7006		phdr->param_len = 8;
7007		data = (uint8_t *)(phdr + 1);
7008		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
7009		data[4] = 0x02; /* per-pool */
7010		data += phdr->param_len;
7011	}
7012
7013	page_index->page_len = data - page_index->page_data;
7014	return (0);
7015}
7016
7017int
7018ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
7019			       struct ctl_page_index *page_index,
7020			       int pc)
7021{
7022	struct ctl_lun *lun;
7023	struct stat_page *data;
7024	uint64_t rn, wn, rb, wb;
7025	struct bintime rt, wt;
7026	int i;
7027
7028	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7029	data = (struct stat_page *)page_index->page_data;
7030
7031	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
7032	data->sap.hdr.param_control = SLP_LBIN;
7033	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
7034	    sizeof(struct scsi_log_param_header);
7035	rn = wn = rb = wb = 0;
7036	bintime_clear(&rt);
7037	bintime_clear(&wt);
7038	for (i = 0; i < CTL_MAX_PORTS; i++) {
7039		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
7040		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
7041		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
7042		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
7043		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
7044		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
7045	}
7046	scsi_u64to8b(rn, data->sap.read_num);
7047	scsi_u64to8b(wn, data->sap.write_num);
7048	if (lun->stats.blocksize > 0) {
7049		scsi_u64to8b(wb / lun->stats.blocksize,
7050		    data->sap.recvieved_lba);
7051		scsi_u64to8b(rb / lun->stats.blocksize,
7052		    data->sap.transmitted_lba);
7053	}
7054	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
7055	    data->sap.read_int);
7056	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
7057	    data->sap.write_int);
7058	scsi_u64to8b(0, data->sap.weighted_num);
7059	scsi_u64to8b(0, data->sap.weighted_int);
7060	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
7061	data->it.hdr.param_control = SLP_LBIN;
7062	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
7063	    sizeof(struct scsi_log_param_header);
7064#ifdef CTL_TIME_IO
7065	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
7066#endif
7067	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
7068	data->it.hdr.param_control = SLP_LBIN;
7069	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
7070	    sizeof(struct scsi_log_param_header);
7071	scsi_ulto4b(3, data->ti.exponent);
7072	scsi_ulto4b(1, data->ti.integer);
7073
7074	page_index->page_len = sizeof(*data);
7075	return (0);
7076}
7077
7078int
7079ctl_log_sense(struct ctl_scsiio *ctsio)
7080{
7081	struct ctl_lun *lun;
7082	int i, pc, page_code, subpage;
7083	int alloc_len, total_len;
7084	struct ctl_page_index *page_index;
7085	struct scsi_log_sense *cdb;
7086	struct scsi_log_header *header;
7087
7088	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
7089
7090	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7091	cdb = (struct scsi_log_sense *)ctsio->cdb;
7092	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
7093	page_code = cdb->page & SLS_PAGE_CODE;
7094	subpage = cdb->subpage;
7095	alloc_len = scsi_2btoul(cdb->length);
7096
7097	page_index = NULL;
7098	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
7099		page_index = &lun->log_pages.index[i];
7100
7101		/* Look for the right page code */
7102		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
7103			continue;
7104
7105		/* Look for the right subpage or the subpage wildcard*/
7106		if (page_index->subpage != subpage)
7107			continue;
7108
7109		break;
7110	}
7111	if (i >= CTL_NUM_LOG_PAGES) {
7112		ctl_set_invalid_field(ctsio,
7113				      /*sks_valid*/ 1,
7114				      /*command*/ 1,
7115				      /*field*/ 2,
7116				      /*bit_valid*/ 0,
7117				      /*bit*/ 0);
7118		ctl_done((union ctl_io *)ctsio);
7119		return (CTL_RETVAL_COMPLETE);
7120	}
7121
7122	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7123
7124	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7125	ctsio->kern_sg_entries = 0;
7126	ctsio->kern_data_resid = 0;
7127	ctsio->kern_rel_offset = 0;
7128	if (total_len < alloc_len) {
7129		ctsio->residual = alloc_len - total_len;
7130		ctsio->kern_data_len = total_len;
7131		ctsio->kern_total_len = total_len;
7132	} else {
7133		ctsio->residual = 0;
7134		ctsio->kern_data_len = alloc_len;
7135		ctsio->kern_total_len = alloc_len;
7136	}
7137
7138	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7139	header->page = page_index->page_code;
7140	if (page_index->subpage) {
7141		header->page |= SL_SPF;
7142		header->subpage = page_index->subpage;
7143	}
7144	scsi_ulto2b(page_index->page_len, header->datalen);
7145
7146	/*
7147	 * Call the handler, if it exists, to update the
7148	 * page to the latest values.
7149	 */
7150	if (page_index->sense_handler != NULL)
7151		page_index->sense_handler(ctsio, page_index, pc);
7152
7153	memcpy(header + 1, page_index->page_data, page_index->page_len);
7154
7155	ctl_set_success(ctsio);
7156	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7157	ctsio->be_move_done = ctl_config_move_done;
7158	ctl_datamove((union ctl_io *)ctsio);
7159	return (CTL_RETVAL_COMPLETE);
7160}
7161
7162int
7163ctl_read_capacity(struct ctl_scsiio *ctsio)
7164{
7165	struct scsi_read_capacity *cdb;
7166	struct scsi_read_capacity_data *data;
7167	struct ctl_lun *lun;
7168	uint32_t lba;
7169
7170	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7171
7172	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7173
7174	lba = scsi_4btoul(cdb->addr);
7175	if (((cdb->pmi & SRC_PMI) == 0)
7176	 && (lba != 0)) {
7177		ctl_set_invalid_field(/*ctsio*/ ctsio,
7178				      /*sks_valid*/ 1,
7179				      /*command*/ 1,
7180				      /*field*/ 2,
7181				      /*bit_valid*/ 0,
7182				      /*bit*/ 0);
7183		ctl_done((union ctl_io *)ctsio);
7184		return (CTL_RETVAL_COMPLETE);
7185	}
7186
7187	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7188
7189	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7190	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7191	ctsio->residual = 0;
7192	ctsio->kern_data_len = sizeof(*data);
7193	ctsio->kern_total_len = sizeof(*data);
7194	ctsio->kern_data_resid = 0;
7195	ctsio->kern_rel_offset = 0;
7196	ctsio->kern_sg_entries = 0;
7197
7198	/*
7199	 * If the maximum LBA is greater than 0xfffffffe, the user must
7200	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7201	 * serivce action set.
7202	 */
7203	if (lun->be_lun->maxlba > 0xfffffffe)
7204		scsi_ulto4b(0xffffffff, data->addr);
7205	else
7206		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7207
7208	/*
7209	 * XXX KDM this may not be 512 bytes...
7210	 */
7211	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7212
7213	ctl_set_success(ctsio);
7214	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7215	ctsio->be_move_done = ctl_config_move_done;
7216	ctl_datamove((union ctl_io *)ctsio);
7217	return (CTL_RETVAL_COMPLETE);
7218}
7219
7220int
7221ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7222{
7223	struct scsi_read_capacity_16 *cdb;
7224	struct scsi_read_capacity_data_long *data;
7225	struct ctl_lun *lun;
7226	uint64_t lba;
7227	uint32_t alloc_len;
7228
7229	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7230
7231	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7232
7233	alloc_len = scsi_4btoul(cdb->alloc_len);
7234	lba = scsi_8btou64(cdb->addr);
7235
7236	if ((cdb->reladr & SRC16_PMI)
7237	 && (lba != 0)) {
7238		ctl_set_invalid_field(/*ctsio*/ ctsio,
7239				      /*sks_valid*/ 1,
7240				      /*command*/ 1,
7241				      /*field*/ 2,
7242				      /*bit_valid*/ 0,
7243				      /*bit*/ 0);
7244		ctl_done((union ctl_io *)ctsio);
7245		return (CTL_RETVAL_COMPLETE);
7246	}
7247
7248	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7249
7250	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7251	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7252
7253	if (sizeof(*data) < alloc_len) {
7254		ctsio->residual = alloc_len - sizeof(*data);
7255		ctsio->kern_data_len = sizeof(*data);
7256		ctsio->kern_total_len = sizeof(*data);
7257	} else {
7258		ctsio->residual = 0;
7259		ctsio->kern_data_len = alloc_len;
7260		ctsio->kern_total_len = alloc_len;
7261	}
7262	ctsio->kern_data_resid = 0;
7263	ctsio->kern_rel_offset = 0;
7264	ctsio->kern_sg_entries = 0;
7265
7266	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7267	/* XXX KDM this may not be 512 bytes... */
7268	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7269	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7270	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7271	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7272		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7273
7274	ctl_set_success(ctsio);
7275	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7276	ctsio->be_move_done = ctl_config_move_done;
7277	ctl_datamove((union ctl_io *)ctsio);
7278	return (CTL_RETVAL_COMPLETE);
7279}
7280
7281int
7282ctl_get_lba_status(struct ctl_scsiio *ctsio)
7283{
7284	struct scsi_get_lba_status *cdb;
7285	struct scsi_get_lba_status_data *data;
7286	struct ctl_lun *lun;
7287	struct ctl_lba_len_flags *lbalen;
7288	uint64_t lba;
7289	uint32_t alloc_len, total_len;
7290	int retval;
7291
7292	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7293
7294	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7295	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7296	lba = scsi_8btou64(cdb->addr);
7297	alloc_len = scsi_4btoul(cdb->alloc_len);
7298
7299	if (lba > lun->be_lun->maxlba) {
7300		ctl_set_lba_out_of_range(ctsio);
7301		ctl_done((union ctl_io *)ctsio);
7302		return (CTL_RETVAL_COMPLETE);
7303	}
7304
7305	total_len = sizeof(*data) + sizeof(data->descr[0]);
7306	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7307	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7308
7309	if (total_len < alloc_len) {
7310		ctsio->residual = alloc_len - total_len;
7311		ctsio->kern_data_len = total_len;
7312		ctsio->kern_total_len = total_len;
7313	} else {
7314		ctsio->residual = 0;
7315		ctsio->kern_data_len = alloc_len;
7316		ctsio->kern_total_len = alloc_len;
7317	}
7318	ctsio->kern_data_resid = 0;
7319	ctsio->kern_rel_offset = 0;
7320	ctsio->kern_sg_entries = 0;
7321
7322	/* Fill dummy data in case backend can't tell anything. */
7323	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7324	scsi_u64to8b(lba, data->descr[0].addr);
7325	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7326	    data->descr[0].length);
7327	data->descr[0].status = 0; /* Mapped or unknown. */
7328
7329	ctl_set_success(ctsio);
7330	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7331	ctsio->be_move_done = ctl_config_move_done;
7332
7333	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7334	lbalen->lba = lba;
7335	lbalen->len = total_len;
7336	lbalen->flags = 0;
7337	retval = lun->backend->config_read((union ctl_io *)ctsio);
7338	return (CTL_RETVAL_COMPLETE);
7339}
7340
7341int
7342ctl_read_defect(struct ctl_scsiio *ctsio)
7343{
7344	struct scsi_read_defect_data_10 *ccb10;
7345	struct scsi_read_defect_data_12 *ccb12;
7346	struct scsi_read_defect_data_hdr_10 *data10;
7347	struct scsi_read_defect_data_hdr_12 *data12;
7348	uint32_t alloc_len, data_len;
7349	uint8_t format;
7350
7351	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7352
7353	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7354		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7355		format = ccb10->format;
7356		alloc_len = scsi_2btoul(ccb10->alloc_length);
7357		data_len = sizeof(*data10);
7358	} else {
7359		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7360		format = ccb12->format;
7361		alloc_len = scsi_4btoul(ccb12->alloc_length);
7362		data_len = sizeof(*data12);
7363	}
7364	if (alloc_len == 0) {
7365		ctl_set_success(ctsio);
7366		ctl_done((union ctl_io *)ctsio);
7367		return (CTL_RETVAL_COMPLETE);
7368	}
7369
7370	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7371	if (data_len < alloc_len) {
7372		ctsio->residual = alloc_len - data_len;
7373		ctsio->kern_data_len = data_len;
7374		ctsio->kern_total_len = data_len;
7375	} else {
7376		ctsio->residual = 0;
7377		ctsio->kern_data_len = alloc_len;
7378		ctsio->kern_total_len = alloc_len;
7379	}
7380	ctsio->kern_data_resid = 0;
7381	ctsio->kern_rel_offset = 0;
7382	ctsio->kern_sg_entries = 0;
7383
7384	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7385		data10 = (struct scsi_read_defect_data_hdr_10 *)
7386		    ctsio->kern_data_ptr;
7387		data10->format = format;
7388		scsi_ulto2b(0, data10->length);
7389	} else {
7390		data12 = (struct scsi_read_defect_data_hdr_12 *)
7391		    ctsio->kern_data_ptr;
7392		data12->format = format;
7393		scsi_ulto2b(0, data12->generation);
7394		scsi_ulto4b(0, data12->length);
7395	}
7396
7397	ctl_set_success(ctsio);
7398	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7399	ctsio->be_move_done = ctl_config_move_done;
7400	ctl_datamove((union ctl_io *)ctsio);
7401	return (CTL_RETVAL_COMPLETE);
7402}
7403
7404int
7405ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7406{
7407	struct scsi_maintenance_in *cdb;
7408	int retval;
7409	int alloc_len, ext, total_len = 0, g, p, pc, pg, gs, os;
7410	int num_target_port_groups, num_target_ports;
7411	struct ctl_lun *lun;
7412	struct ctl_softc *softc;
7413	struct ctl_port *port;
7414	struct scsi_target_group_data *rtg_ptr;
7415	struct scsi_target_group_data_extended *rtg_ext_ptr;
7416	struct scsi_target_port_group_descriptor *tpg_desc;
7417
7418	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7419
7420	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7421	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7422	softc = lun->ctl_softc;
7423
7424	retval = CTL_RETVAL_COMPLETE;
7425
7426	switch (cdb->byte2 & STG_PDF_MASK) {
7427	case STG_PDF_LENGTH:
7428		ext = 0;
7429		break;
7430	case STG_PDF_EXTENDED:
7431		ext = 1;
7432		break;
7433	default:
7434		ctl_set_invalid_field(/*ctsio*/ ctsio,
7435				      /*sks_valid*/ 1,
7436				      /*command*/ 1,
7437				      /*field*/ 2,
7438				      /*bit_valid*/ 1,
7439				      /*bit*/ 5);
7440		ctl_done((union ctl_io *)ctsio);
7441		return(retval);
7442	}
7443
7444	if (softc->is_single)
7445		num_target_port_groups = 1;
7446	else
7447		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7448	num_target_ports = 0;
7449	mtx_lock(&softc->ctl_lock);
7450	STAILQ_FOREACH(port, &softc->port_list, links) {
7451		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7452			continue;
7453		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7454			continue;
7455		num_target_ports++;
7456	}
7457	mtx_unlock(&softc->ctl_lock);
7458
7459	if (ext)
7460		total_len = sizeof(struct scsi_target_group_data_extended);
7461	else
7462		total_len = sizeof(struct scsi_target_group_data);
7463	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7464		num_target_port_groups +
7465	    sizeof(struct scsi_target_port_descriptor) *
7466		num_target_ports * num_target_port_groups;
7467
7468	alloc_len = scsi_4btoul(cdb->length);
7469
7470	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7471
7472	ctsio->kern_sg_entries = 0;
7473
7474	if (total_len < alloc_len) {
7475		ctsio->residual = alloc_len - total_len;
7476		ctsio->kern_data_len = total_len;
7477		ctsio->kern_total_len = total_len;
7478	} else {
7479		ctsio->residual = 0;
7480		ctsio->kern_data_len = alloc_len;
7481		ctsio->kern_total_len = alloc_len;
7482	}
7483	ctsio->kern_data_resid = 0;
7484	ctsio->kern_rel_offset = 0;
7485
7486	if (ext) {
7487		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7488		    ctsio->kern_data_ptr;
7489		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7490		rtg_ext_ptr->format_type = 0x10;
7491		rtg_ext_ptr->implicit_transition_time = 0;
7492		tpg_desc = &rtg_ext_ptr->groups[0];
7493	} else {
7494		rtg_ptr = (struct scsi_target_group_data *)
7495		    ctsio->kern_data_ptr;
7496		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7497		tpg_desc = &rtg_ptr->groups[0];
7498	}
7499
7500	mtx_lock(&softc->ctl_lock);
7501	pg = softc->port_offset / CTL_MAX_PORTS;
7502	if (softc->flags & CTL_FLAG_ACTIVE_SHELF) {
7503		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY) {
7504			gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7505			os = TPG_ASYMMETRIC_ACCESS_STANDBY;
7506		} else if (lun->flags & CTL_LUN_PRIMARY_SC) {
7507			gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7508			os = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7509		} else {
7510			gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7511			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7512		}
7513	} else {
7514		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7515		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7516	}
7517	for (g = 0; g < num_target_port_groups; g++) {
7518		tpg_desc->pref_state = (g == pg) ? gs : os;
7519		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP;
7520		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7521		tpg_desc->status = TPG_IMPLICIT;
7522		pc = 0;
7523		STAILQ_FOREACH(port, &softc->port_list, links) {
7524			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7525				continue;
7526			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7527				continue;
7528			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
7529			scsi_ulto2b(p, tpg_desc->descriptors[pc].
7530			    relative_target_port_identifier);
7531			pc++;
7532		}
7533		tpg_desc->target_port_count = pc;
7534		tpg_desc = (struct scsi_target_port_group_descriptor *)
7535		    &tpg_desc->descriptors[pc];
7536	}
7537	mtx_unlock(&softc->ctl_lock);
7538
7539	ctl_set_success(ctsio);
7540	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7541	ctsio->be_move_done = ctl_config_move_done;
7542	ctl_datamove((union ctl_io *)ctsio);
7543	return(retval);
7544}
7545
7546int
7547ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7548{
7549	struct ctl_lun *lun;
7550	struct scsi_report_supported_opcodes *cdb;
7551	const struct ctl_cmd_entry *entry, *sentry;
7552	struct scsi_report_supported_opcodes_all *all;
7553	struct scsi_report_supported_opcodes_descr *descr;
7554	struct scsi_report_supported_opcodes_one *one;
7555	int retval;
7556	int alloc_len, total_len;
7557	int opcode, service_action, i, j, num;
7558
7559	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7560
7561	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7562	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7563
7564	retval = CTL_RETVAL_COMPLETE;
7565
7566	opcode = cdb->requested_opcode;
7567	service_action = scsi_2btoul(cdb->requested_service_action);
7568	switch (cdb->options & RSO_OPTIONS_MASK) {
7569	case RSO_OPTIONS_ALL:
7570		num = 0;
7571		for (i = 0; i < 256; i++) {
7572			entry = &ctl_cmd_table[i];
7573			if (entry->flags & CTL_CMD_FLAG_SA5) {
7574				for (j = 0; j < 32; j++) {
7575					sentry = &((const struct ctl_cmd_entry *)
7576					    entry->execute)[j];
7577					if (ctl_cmd_applicable(
7578					    lun->be_lun->lun_type, sentry))
7579						num++;
7580				}
7581			} else {
7582				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7583				    entry))
7584					num++;
7585			}
7586		}
7587		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7588		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7589		break;
7590	case RSO_OPTIONS_OC:
7591		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7592			ctl_set_invalid_field(/*ctsio*/ ctsio,
7593					      /*sks_valid*/ 1,
7594					      /*command*/ 1,
7595					      /*field*/ 2,
7596					      /*bit_valid*/ 1,
7597					      /*bit*/ 2);
7598			ctl_done((union ctl_io *)ctsio);
7599			return (CTL_RETVAL_COMPLETE);
7600		}
7601		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7602		break;
7603	case RSO_OPTIONS_OC_SA:
7604		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7605		    service_action >= 32) {
7606			ctl_set_invalid_field(/*ctsio*/ ctsio,
7607					      /*sks_valid*/ 1,
7608					      /*command*/ 1,
7609					      /*field*/ 2,
7610					      /*bit_valid*/ 1,
7611					      /*bit*/ 2);
7612			ctl_done((union ctl_io *)ctsio);
7613			return (CTL_RETVAL_COMPLETE);
7614		}
7615		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7616		break;
7617	default:
7618		ctl_set_invalid_field(/*ctsio*/ ctsio,
7619				      /*sks_valid*/ 1,
7620				      /*command*/ 1,
7621				      /*field*/ 2,
7622				      /*bit_valid*/ 1,
7623				      /*bit*/ 2);
7624		ctl_done((union ctl_io *)ctsio);
7625		return (CTL_RETVAL_COMPLETE);
7626	}
7627
7628	alloc_len = scsi_4btoul(cdb->length);
7629
7630	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7631
7632	ctsio->kern_sg_entries = 0;
7633
7634	if (total_len < alloc_len) {
7635		ctsio->residual = alloc_len - total_len;
7636		ctsio->kern_data_len = total_len;
7637		ctsio->kern_total_len = total_len;
7638	} else {
7639		ctsio->residual = 0;
7640		ctsio->kern_data_len = alloc_len;
7641		ctsio->kern_total_len = alloc_len;
7642	}
7643	ctsio->kern_data_resid = 0;
7644	ctsio->kern_rel_offset = 0;
7645
7646	switch (cdb->options & RSO_OPTIONS_MASK) {
7647	case RSO_OPTIONS_ALL:
7648		all = (struct scsi_report_supported_opcodes_all *)
7649		    ctsio->kern_data_ptr;
7650		num = 0;
7651		for (i = 0; i < 256; i++) {
7652			entry = &ctl_cmd_table[i];
7653			if (entry->flags & CTL_CMD_FLAG_SA5) {
7654				for (j = 0; j < 32; j++) {
7655					sentry = &((const struct ctl_cmd_entry *)
7656					    entry->execute)[j];
7657					if (!ctl_cmd_applicable(
7658					    lun->be_lun->lun_type, sentry))
7659						continue;
7660					descr = &all->descr[num++];
7661					descr->opcode = i;
7662					scsi_ulto2b(j, descr->service_action);
7663					descr->flags = RSO_SERVACTV;
7664					scsi_ulto2b(sentry->length,
7665					    descr->cdb_length);
7666				}
7667			} else {
7668				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7669				    entry))
7670					continue;
7671				descr = &all->descr[num++];
7672				descr->opcode = i;
7673				scsi_ulto2b(0, descr->service_action);
7674				descr->flags = 0;
7675				scsi_ulto2b(entry->length, descr->cdb_length);
7676			}
7677		}
7678		scsi_ulto4b(
7679		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7680		    all->length);
7681		break;
7682	case RSO_OPTIONS_OC:
7683		one = (struct scsi_report_supported_opcodes_one *)
7684		    ctsio->kern_data_ptr;
7685		entry = &ctl_cmd_table[opcode];
7686		goto fill_one;
7687	case RSO_OPTIONS_OC_SA:
7688		one = (struct scsi_report_supported_opcodes_one *)
7689		    ctsio->kern_data_ptr;
7690		entry = &ctl_cmd_table[opcode];
7691		entry = &((const struct ctl_cmd_entry *)
7692		    entry->execute)[service_action];
7693fill_one:
7694		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7695			one->support = 3;
7696			scsi_ulto2b(entry->length, one->cdb_length);
7697			one->cdb_usage[0] = opcode;
7698			memcpy(&one->cdb_usage[1], entry->usage,
7699			    entry->length - 1);
7700		} else
7701			one->support = 1;
7702		break;
7703	}
7704
7705	ctl_set_success(ctsio);
7706	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7707	ctsio->be_move_done = ctl_config_move_done;
7708	ctl_datamove((union ctl_io *)ctsio);
7709	return(retval);
7710}
7711
7712int
7713ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7714{
7715	struct scsi_report_supported_tmf *cdb;
7716	struct scsi_report_supported_tmf_data *data;
7717	int retval;
7718	int alloc_len, total_len;
7719
7720	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7721
7722	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7723
7724	retval = CTL_RETVAL_COMPLETE;
7725
7726	total_len = sizeof(struct scsi_report_supported_tmf_data);
7727	alloc_len = scsi_4btoul(cdb->length);
7728
7729	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7730
7731	ctsio->kern_sg_entries = 0;
7732
7733	if (total_len < alloc_len) {
7734		ctsio->residual = alloc_len - total_len;
7735		ctsio->kern_data_len = total_len;
7736		ctsio->kern_total_len = total_len;
7737	} else {
7738		ctsio->residual = 0;
7739		ctsio->kern_data_len = alloc_len;
7740		ctsio->kern_total_len = alloc_len;
7741	}
7742	ctsio->kern_data_resid = 0;
7743	ctsio->kern_rel_offset = 0;
7744
7745	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7746	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7747	data->byte2 |= RST_ITNRS;
7748
7749	ctl_set_success(ctsio);
7750	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7751	ctsio->be_move_done = ctl_config_move_done;
7752	ctl_datamove((union ctl_io *)ctsio);
7753	return (retval);
7754}
7755
7756int
7757ctl_report_timestamp(struct ctl_scsiio *ctsio)
7758{
7759	struct scsi_report_timestamp *cdb;
7760	struct scsi_report_timestamp_data *data;
7761	struct timeval tv;
7762	int64_t timestamp;
7763	int retval;
7764	int alloc_len, total_len;
7765
7766	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7767
7768	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7769
7770	retval = CTL_RETVAL_COMPLETE;
7771
7772	total_len = sizeof(struct scsi_report_timestamp_data);
7773	alloc_len = scsi_4btoul(cdb->length);
7774
7775	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7776
7777	ctsio->kern_sg_entries = 0;
7778
7779	if (total_len < alloc_len) {
7780		ctsio->residual = alloc_len - total_len;
7781		ctsio->kern_data_len = total_len;
7782		ctsio->kern_total_len = total_len;
7783	} else {
7784		ctsio->residual = 0;
7785		ctsio->kern_data_len = alloc_len;
7786		ctsio->kern_total_len = alloc_len;
7787	}
7788	ctsio->kern_data_resid = 0;
7789	ctsio->kern_rel_offset = 0;
7790
7791	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7792	scsi_ulto2b(sizeof(*data) - 2, data->length);
7793	data->origin = RTS_ORIG_OUTSIDE;
7794	getmicrotime(&tv);
7795	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7796	scsi_ulto4b(timestamp >> 16, data->timestamp);
7797	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7798
7799	ctl_set_success(ctsio);
7800	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7801	ctsio->be_move_done = ctl_config_move_done;
7802	ctl_datamove((union ctl_io *)ctsio);
7803	return (retval);
7804}
7805
7806int
7807ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7808{
7809	struct scsi_per_res_in *cdb;
7810	int alloc_len, total_len = 0;
7811	/* struct scsi_per_res_in_rsrv in_data; */
7812	struct ctl_lun *lun;
7813	struct ctl_softc *softc;
7814	uint64_t key;
7815
7816	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7817
7818	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7819
7820	alloc_len = scsi_2btoul(cdb->length);
7821
7822	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7823	softc = lun->ctl_softc;
7824
7825retry:
7826	mtx_lock(&lun->lun_lock);
7827	switch (cdb->action) {
7828	case SPRI_RK: /* read keys */
7829		total_len = sizeof(struct scsi_per_res_in_keys) +
7830			lun->pr_key_count *
7831			sizeof(struct scsi_per_res_key);
7832		break;
7833	case SPRI_RR: /* read reservation */
7834		if (lun->flags & CTL_LUN_PR_RESERVED)
7835			total_len = sizeof(struct scsi_per_res_in_rsrv);
7836		else
7837			total_len = sizeof(struct scsi_per_res_in_header);
7838		break;
7839	case SPRI_RC: /* report capabilities */
7840		total_len = sizeof(struct scsi_per_res_cap);
7841		break;
7842	case SPRI_RS: /* read full status */
7843		total_len = sizeof(struct scsi_per_res_in_header) +
7844		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7845		    lun->pr_key_count;
7846		break;
7847	default:
7848		panic("Invalid PR type %x", cdb->action);
7849	}
7850	mtx_unlock(&lun->lun_lock);
7851
7852	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7853
7854	if (total_len < alloc_len) {
7855		ctsio->residual = alloc_len - total_len;
7856		ctsio->kern_data_len = total_len;
7857		ctsio->kern_total_len = total_len;
7858	} else {
7859		ctsio->residual = 0;
7860		ctsio->kern_data_len = alloc_len;
7861		ctsio->kern_total_len = alloc_len;
7862	}
7863
7864	ctsio->kern_data_resid = 0;
7865	ctsio->kern_rel_offset = 0;
7866	ctsio->kern_sg_entries = 0;
7867
7868	mtx_lock(&lun->lun_lock);
7869	switch (cdb->action) {
7870	case SPRI_RK: { // read keys
7871        struct scsi_per_res_in_keys *res_keys;
7872		int i, key_count;
7873
7874		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7875
7876		/*
7877		 * We had to drop the lock to allocate our buffer, which
7878		 * leaves time for someone to come in with another
7879		 * persistent reservation.  (That is unlikely, though,
7880		 * since this should be the only persistent reservation
7881		 * command active right now.)
7882		 */
7883		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7884		    (lun->pr_key_count *
7885		     sizeof(struct scsi_per_res_key)))){
7886			mtx_unlock(&lun->lun_lock);
7887			free(ctsio->kern_data_ptr, M_CTL);
7888			printf("%s: reservation length changed, retrying\n",
7889			       __func__);
7890			goto retry;
7891		}
7892
7893		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7894
7895		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7896			     lun->pr_key_count, res_keys->header.length);
7897
7898		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7899			if ((key = ctl_get_prkey(lun, i)) == 0)
7900				continue;
7901
7902			/*
7903			 * We used lun->pr_key_count to calculate the
7904			 * size to allocate.  If it turns out the number of
7905			 * initiators with the registered flag set is
7906			 * larger than that (i.e. they haven't been kept in
7907			 * sync), we've got a problem.
7908			 */
7909			if (key_count >= lun->pr_key_count) {
7910#ifdef NEEDTOPORT
7911				csevent_log(CSC_CTL | CSC_SHELF_SW |
7912					    CTL_PR_ERROR,
7913					    csevent_LogType_Fault,
7914					    csevent_AlertLevel_Yellow,
7915					    csevent_FRU_ShelfController,
7916					    csevent_FRU_Firmware,
7917				        csevent_FRU_Unknown,
7918					    "registered keys %d >= key "
7919					    "count %d", key_count,
7920					    lun->pr_key_count);
7921#endif
7922				key_count++;
7923				continue;
7924			}
7925			scsi_u64to8b(key, res_keys->keys[key_count].key);
7926			key_count++;
7927		}
7928		break;
7929	}
7930	case SPRI_RR: { // read reservation
7931		struct scsi_per_res_in_rsrv *res;
7932		int tmp_len, header_only;
7933
7934		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7935
7936		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7937
7938		if (lun->flags & CTL_LUN_PR_RESERVED)
7939		{
7940			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7941			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7942				    res->header.length);
7943			header_only = 0;
7944		} else {
7945			tmp_len = sizeof(struct scsi_per_res_in_header);
7946			scsi_ulto4b(0, res->header.length);
7947			header_only = 1;
7948		}
7949
7950		/*
7951		 * We had to drop the lock to allocate our buffer, which
7952		 * leaves time for someone to come in with another
7953		 * persistent reservation.  (That is unlikely, though,
7954		 * since this should be the only persistent reservation
7955		 * command active right now.)
7956		 */
7957		if (tmp_len != total_len) {
7958			mtx_unlock(&lun->lun_lock);
7959			free(ctsio->kern_data_ptr, M_CTL);
7960			printf("%s: reservation status changed, retrying\n",
7961			       __func__);
7962			goto retry;
7963		}
7964
7965		/*
7966		 * No reservation held, so we're done.
7967		 */
7968		if (header_only != 0)
7969			break;
7970
7971		/*
7972		 * If the registration is an All Registrants type, the key
7973		 * is 0, since it doesn't really matter.
7974		 */
7975		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7976			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7977			    res->data.reservation);
7978		}
7979		res->data.scopetype = lun->res_type;
7980		break;
7981	}
7982	case SPRI_RC:     //report capabilities
7983	{
7984		struct scsi_per_res_cap *res_cap;
7985		uint16_t type_mask;
7986
7987		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7988		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7989		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7990		type_mask = SPRI_TM_WR_EX_AR |
7991			    SPRI_TM_EX_AC_RO |
7992			    SPRI_TM_WR_EX_RO |
7993			    SPRI_TM_EX_AC |
7994			    SPRI_TM_WR_EX |
7995			    SPRI_TM_EX_AC_AR;
7996		scsi_ulto2b(type_mask, res_cap->type_mask);
7997		break;
7998	}
7999	case SPRI_RS: { // read full status
8000		struct scsi_per_res_in_full *res_status;
8001		struct scsi_per_res_in_full_desc *res_desc;
8002		struct ctl_port *port;
8003		int i, len;
8004
8005		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
8006
8007		/*
8008		 * We had to drop the lock to allocate our buffer, which
8009		 * leaves time for someone to come in with another
8010		 * persistent reservation.  (That is unlikely, though,
8011		 * since this should be the only persistent reservation
8012		 * command active right now.)
8013		 */
8014		if (total_len < (sizeof(struct scsi_per_res_in_header) +
8015		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
8016		     lun->pr_key_count)){
8017			mtx_unlock(&lun->lun_lock);
8018			free(ctsio->kern_data_ptr, M_CTL);
8019			printf("%s: reservation length changed, retrying\n",
8020			       __func__);
8021			goto retry;
8022		}
8023
8024		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
8025
8026		res_desc = &res_status->desc[0];
8027		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
8028			if ((key = ctl_get_prkey(lun, i)) == 0)
8029				continue;
8030
8031			scsi_u64to8b(key, res_desc->res_key.key);
8032			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
8033			    (lun->pr_res_idx == i ||
8034			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
8035				res_desc->flags = SPRI_FULL_R_HOLDER;
8036				res_desc->scopetype = lun->res_type;
8037			}
8038			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
8039			    res_desc->rel_trgt_port_id);
8040			len = 0;
8041			port = softc->ctl_ports[
8042			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
8043			if (port != NULL)
8044				len = ctl_create_iid(port,
8045				    i % CTL_MAX_INIT_PER_PORT,
8046				    res_desc->transport_id);
8047			scsi_ulto4b(len, res_desc->additional_length);
8048			res_desc = (struct scsi_per_res_in_full_desc *)
8049			    &res_desc->transport_id[len];
8050		}
8051		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
8052		    res_status->header.length);
8053		break;
8054	}
8055	default:
8056		/*
8057		 * This is a bug, because we just checked for this above,
8058		 * and should have returned an error.
8059		 */
8060		panic("Invalid PR type %x", cdb->action);
8061		break; /* NOTREACHED */
8062	}
8063	mtx_unlock(&lun->lun_lock);
8064
8065	ctl_set_success(ctsio);
8066	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8067	ctsio->be_move_done = ctl_config_move_done;
8068	ctl_datamove((union ctl_io *)ctsio);
8069	return (CTL_RETVAL_COMPLETE);
8070}
8071
8072static void
8073ctl_est_res_ua(struct ctl_lun *lun, uint32_t residx, ctl_ua_type ua)
8074{
8075	int off = lun->ctl_softc->persis_offset;
8076
8077	if (residx >= off && residx < off + CTL_MAX_INITIATORS)
8078		ctl_est_ua(lun, residx - off, ua);
8079}
8080
8081/*
8082 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
8083 * it should return.
8084 */
8085static int
8086ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
8087		uint64_t sa_res_key, uint8_t type, uint32_t residx,
8088		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
8089		struct scsi_per_res_out_parms* param)
8090{
8091	union ctl_ha_msg persis_io;
8092	int retval, i;
8093	int isc_retval;
8094
8095	retval = 0;
8096
8097	mtx_lock(&lun->lun_lock);
8098	if (sa_res_key == 0) {
8099		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8100			/* validate scope and type */
8101			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8102			     SPR_LU_SCOPE) {
8103				mtx_unlock(&lun->lun_lock);
8104				ctl_set_invalid_field(/*ctsio*/ ctsio,
8105						      /*sks_valid*/ 1,
8106						      /*command*/ 1,
8107						      /*field*/ 2,
8108						      /*bit_valid*/ 1,
8109						      /*bit*/ 4);
8110				ctl_done((union ctl_io *)ctsio);
8111				return (1);
8112			}
8113
8114		        if (type>8 || type==2 || type==4 || type==0) {
8115				mtx_unlock(&lun->lun_lock);
8116				ctl_set_invalid_field(/*ctsio*/ ctsio,
8117       	           				      /*sks_valid*/ 1,
8118						      /*command*/ 1,
8119						      /*field*/ 2,
8120						      /*bit_valid*/ 1,
8121						      /*bit*/ 0);
8122				ctl_done((union ctl_io *)ctsio);
8123				return (1);
8124		        }
8125
8126			/*
8127			 * Unregister everybody else and build UA for
8128			 * them
8129			 */
8130			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8131				if (i == residx || ctl_get_prkey(lun, i) == 0)
8132					continue;
8133
8134				ctl_clr_prkey(lun, i);
8135				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8136			}
8137			lun->pr_key_count = 1;
8138			lun->res_type = type;
8139			if (lun->res_type != SPR_TYPE_WR_EX_AR
8140			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8141				lun->pr_res_idx = residx;
8142
8143			/* send msg to other side */
8144			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8145			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8146			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8147			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8148			persis_io.pr.pr_info.res_type = type;
8149			memcpy(persis_io.pr.pr_info.sa_res_key,
8150			       param->serv_act_res_key,
8151			       sizeof(param->serv_act_res_key));
8152			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8153			     &persis_io, sizeof(persis_io), 0)) >
8154			     CTL_HA_STATUS_SUCCESS) {
8155				printf("CTL:Persis Out error returned "
8156				       "from ctl_ha_msg_send %d\n",
8157				       isc_retval);
8158			}
8159		} else {
8160			/* not all registrants */
8161			mtx_unlock(&lun->lun_lock);
8162			free(ctsio->kern_data_ptr, M_CTL);
8163			ctl_set_invalid_field(ctsio,
8164					      /*sks_valid*/ 1,
8165					      /*command*/ 0,
8166					      /*field*/ 8,
8167					      /*bit_valid*/ 0,
8168					      /*bit*/ 0);
8169			ctl_done((union ctl_io *)ctsio);
8170			return (1);
8171		}
8172	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8173		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8174		int found = 0;
8175
8176		if (res_key == sa_res_key) {
8177			/* special case */
8178			/*
8179			 * The spec implies this is not good but doesn't
8180			 * say what to do. There are two choices either
8181			 * generate a res conflict or check condition
8182			 * with illegal field in parameter data. Since
8183			 * that is what is done when the sa_res_key is
8184			 * zero I'll take that approach since this has
8185			 * to do with the sa_res_key.
8186			 */
8187			mtx_unlock(&lun->lun_lock);
8188			free(ctsio->kern_data_ptr, M_CTL);
8189			ctl_set_invalid_field(ctsio,
8190					      /*sks_valid*/ 1,
8191					      /*command*/ 0,
8192					      /*field*/ 8,
8193					      /*bit_valid*/ 0,
8194					      /*bit*/ 0);
8195			ctl_done((union ctl_io *)ctsio);
8196			return (1);
8197		}
8198
8199		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8200			if (ctl_get_prkey(lun, i) != sa_res_key)
8201				continue;
8202
8203			found = 1;
8204			ctl_clr_prkey(lun, i);
8205			lun->pr_key_count--;
8206			ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8207		}
8208		if (!found) {
8209			mtx_unlock(&lun->lun_lock);
8210			free(ctsio->kern_data_ptr, M_CTL);
8211			ctl_set_reservation_conflict(ctsio);
8212			ctl_done((union ctl_io *)ctsio);
8213			return (CTL_RETVAL_COMPLETE);
8214		}
8215		/* send msg to other side */
8216		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8217		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8218		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8219		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8220		persis_io.pr.pr_info.res_type = type;
8221		memcpy(persis_io.pr.pr_info.sa_res_key,
8222		       param->serv_act_res_key,
8223		       sizeof(param->serv_act_res_key));
8224		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8225		     &persis_io, sizeof(persis_io), 0)) >
8226		     CTL_HA_STATUS_SUCCESS) {
8227			printf("CTL:Persis Out error returned from "
8228			       "ctl_ha_msg_send %d\n", isc_retval);
8229		}
8230	} else {
8231		/* Reserved but not all registrants */
8232		/* sa_res_key is res holder */
8233		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
8234			/* validate scope and type */
8235			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8236			     SPR_LU_SCOPE) {
8237				mtx_unlock(&lun->lun_lock);
8238				ctl_set_invalid_field(/*ctsio*/ ctsio,
8239						      /*sks_valid*/ 1,
8240						      /*command*/ 1,
8241						      /*field*/ 2,
8242						      /*bit_valid*/ 1,
8243						      /*bit*/ 4);
8244				ctl_done((union ctl_io *)ctsio);
8245				return (1);
8246			}
8247
8248			if (type>8 || type==2 || type==4 || type==0) {
8249				mtx_unlock(&lun->lun_lock);
8250				ctl_set_invalid_field(/*ctsio*/ ctsio,
8251						      /*sks_valid*/ 1,
8252						      /*command*/ 1,
8253						      /*field*/ 2,
8254						      /*bit_valid*/ 1,
8255						      /*bit*/ 0);
8256				ctl_done((union ctl_io *)ctsio);
8257				return (1);
8258			}
8259
8260			/*
8261			 * Do the following:
8262			 * if sa_res_key != res_key remove all
8263			 * registrants w/sa_res_key and generate UA
8264			 * for these registrants(Registrations
8265			 * Preempted) if it wasn't an exclusive
8266			 * reservation generate UA(Reservations
8267			 * Preempted) for all other registered nexuses
8268			 * if the type has changed. Establish the new
8269			 * reservation and holder. If res_key and
8270			 * sa_res_key are the same do the above
8271			 * except don't unregister the res holder.
8272			 */
8273
8274			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8275				if (i == residx || ctl_get_prkey(lun, i) == 0)
8276					continue;
8277
8278				if (sa_res_key == ctl_get_prkey(lun, i)) {
8279					ctl_clr_prkey(lun, i);
8280					lun->pr_key_count--;
8281					ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8282				} else if (type != lun->res_type
8283					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8284					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8285					ctl_est_res_ua(lun, i, CTL_UA_RES_RELEASE);
8286				}
8287			}
8288			lun->res_type = type;
8289			if (lun->res_type != SPR_TYPE_WR_EX_AR
8290			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8291				lun->pr_res_idx = residx;
8292			else
8293				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8294
8295			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8296			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8297			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8298			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8299			persis_io.pr.pr_info.res_type = type;
8300			memcpy(persis_io.pr.pr_info.sa_res_key,
8301			       param->serv_act_res_key,
8302			       sizeof(param->serv_act_res_key));
8303			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8304			     &persis_io, sizeof(persis_io), 0)) >
8305			     CTL_HA_STATUS_SUCCESS) {
8306				printf("CTL:Persis Out error returned "
8307				       "from ctl_ha_msg_send %d\n",
8308				       isc_retval);
8309			}
8310		} else {
8311			/*
8312			 * sa_res_key is not the res holder just
8313			 * remove registrants
8314			 */
8315			int found=0;
8316
8317			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8318				if (sa_res_key != ctl_get_prkey(lun, i))
8319					continue;
8320
8321				found = 1;
8322				ctl_clr_prkey(lun, i);
8323				lun->pr_key_count--;
8324				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8325			}
8326
8327			if (!found) {
8328				mtx_unlock(&lun->lun_lock);
8329				free(ctsio->kern_data_ptr, M_CTL);
8330				ctl_set_reservation_conflict(ctsio);
8331				ctl_done((union ctl_io *)ctsio);
8332		        	return (1);
8333			}
8334			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8335			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8336			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8337			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8338			persis_io.pr.pr_info.res_type = type;
8339			memcpy(persis_io.pr.pr_info.sa_res_key,
8340			       param->serv_act_res_key,
8341			       sizeof(param->serv_act_res_key));
8342			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8343			     &persis_io, sizeof(persis_io), 0)) >
8344			     CTL_HA_STATUS_SUCCESS) {
8345				printf("CTL:Persis Out error returned "
8346				       "from ctl_ha_msg_send %d\n",
8347				isc_retval);
8348			}
8349		}
8350	}
8351
8352	lun->PRGeneration++;
8353	mtx_unlock(&lun->lun_lock);
8354
8355	return (retval);
8356}
8357
8358static void
8359ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8360{
8361	uint64_t sa_res_key;
8362	int i;
8363
8364	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8365
8366	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8367	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8368	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8369		if (sa_res_key == 0) {
8370			/*
8371			 * Unregister everybody else and build UA for
8372			 * them
8373			 */
8374			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8375				if (i == msg->pr.pr_info.residx ||
8376				    ctl_get_prkey(lun, i) == 0)
8377					continue;
8378
8379				ctl_clr_prkey(lun, i);
8380				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8381			}
8382
8383			lun->pr_key_count = 1;
8384			lun->res_type = msg->pr.pr_info.res_type;
8385			if (lun->res_type != SPR_TYPE_WR_EX_AR
8386			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8387				lun->pr_res_idx = msg->pr.pr_info.residx;
8388		} else {
8389		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8390				if (sa_res_key == ctl_get_prkey(lun, i))
8391					continue;
8392
8393				ctl_clr_prkey(lun, i);
8394				lun->pr_key_count--;
8395				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8396			}
8397		}
8398	} else {
8399		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8400			if (i == msg->pr.pr_info.residx ||
8401			    ctl_get_prkey(lun, i) == 0)
8402				continue;
8403
8404			if (sa_res_key == ctl_get_prkey(lun, i)) {
8405				ctl_clr_prkey(lun, i);
8406				lun->pr_key_count--;
8407				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8408			} else if (msg->pr.pr_info.res_type != lun->res_type
8409				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8410				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8411				ctl_est_res_ua(lun, i, CTL_UA_RES_RELEASE);
8412			}
8413		}
8414		lun->res_type = msg->pr.pr_info.res_type;
8415		if (lun->res_type != SPR_TYPE_WR_EX_AR
8416		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8417			lun->pr_res_idx = msg->pr.pr_info.residx;
8418		else
8419			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8420	}
8421	lun->PRGeneration++;
8422
8423}
8424
8425
8426int
8427ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8428{
8429	int retval;
8430	int isc_retval;
8431	u_int32_t param_len;
8432	struct scsi_per_res_out *cdb;
8433	struct ctl_lun *lun;
8434	struct scsi_per_res_out_parms* param;
8435	struct ctl_softc *softc;
8436	uint32_t residx;
8437	uint64_t res_key, sa_res_key, key;
8438	uint8_t type;
8439	union ctl_ha_msg persis_io;
8440	int    i;
8441
8442	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8443
8444	retval = CTL_RETVAL_COMPLETE;
8445
8446	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8447	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8448	softc = lun->ctl_softc;
8449
8450	/*
8451	 * We only support whole-LUN scope.  The scope & type are ignored for
8452	 * register, register and ignore existing key and clear.
8453	 * We sometimes ignore scope and type on preempts too!!
8454	 * Verify reservation type here as well.
8455	 */
8456	type = cdb->scope_type & SPR_TYPE_MASK;
8457	if ((cdb->action == SPRO_RESERVE)
8458	 || (cdb->action == SPRO_RELEASE)) {
8459		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8460			ctl_set_invalid_field(/*ctsio*/ ctsio,
8461					      /*sks_valid*/ 1,
8462					      /*command*/ 1,
8463					      /*field*/ 2,
8464					      /*bit_valid*/ 1,
8465					      /*bit*/ 4);
8466			ctl_done((union ctl_io *)ctsio);
8467			return (CTL_RETVAL_COMPLETE);
8468		}
8469
8470		if (type>8 || type==2 || type==4 || type==0) {
8471			ctl_set_invalid_field(/*ctsio*/ ctsio,
8472					      /*sks_valid*/ 1,
8473					      /*command*/ 1,
8474					      /*field*/ 2,
8475					      /*bit_valid*/ 1,
8476					      /*bit*/ 0);
8477			ctl_done((union ctl_io *)ctsio);
8478			return (CTL_RETVAL_COMPLETE);
8479		}
8480	}
8481
8482	param_len = scsi_4btoul(cdb->length);
8483
8484	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8485		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8486		ctsio->kern_data_len = param_len;
8487		ctsio->kern_total_len = param_len;
8488		ctsio->kern_data_resid = 0;
8489		ctsio->kern_rel_offset = 0;
8490		ctsio->kern_sg_entries = 0;
8491		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8492		ctsio->be_move_done = ctl_config_move_done;
8493		ctl_datamove((union ctl_io *)ctsio);
8494
8495		return (CTL_RETVAL_COMPLETE);
8496	}
8497
8498	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8499
8500	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8501	res_key = scsi_8btou64(param->res_key.key);
8502	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8503
8504	/*
8505	 * Validate the reservation key here except for SPRO_REG_IGNO
8506	 * This must be done for all other service actions
8507	 */
8508	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8509		mtx_lock(&lun->lun_lock);
8510		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8511			if (res_key != key) {
8512				/*
8513				 * The current key passed in doesn't match
8514				 * the one the initiator previously
8515				 * registered.
8516				 */
8517				mtx_unlock(&lun->lun_lock);
8518				free(ctsio->kern_data_ptr, M_CTL);
8519				ctl_set_reservation_conflict(ctsio);
8520				ctl_done((union ctl_io *)ctsio);
8521				return (CTL_RETVAL_COMPLETE);
8522			}
8523		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8524			/*
8525			 * We are not registered
8526			 */
8527			mtx_unlock(&lun->lun_lock);
8528			free(ctsio->kern_data_ptr, M_CTL);
8529			ctl_set_reservation_conflict(ctsio);
8530			ctl_done((union ctl_io *)ctsio);
8531			return (CTL_RETVAL_COMPLETE);
8532		} else if (res_key != 0) {
8533			/*
8534			 * We are not registered and trying to register but
8535			 * the register key isn't zero.
8536			 */
8537			mtx_unlock(&lun->lun_lock);
8538			free(ctsio->kern_data_ptr, M_CTL);
8539			ctl_set_reservation_conflict(ctsio);
8540			ctl_done((union ctl_io *)ctsio);
8541			return (CTL_RETVAL_COMPLETE);
8542		}
8543		mtx_unlock(&lun->lun_lock);
8544	}
8545
8546	switch (cdb->action & SPRO_ACTION_MASK) {
8547	case SPRO_REGISTER:
8548	case SPRO_REG_IGNO: {
8549
8550#if 0
8551		printf("Registration received\n");
8552#endif
8553
8554		/*
8555		 * We don't support any of these options, as we report in
8556		 * the read capabilities request (see
8557		 * ctl_persistent_reserve_in(), above).
8558		 */
8559		if ((param->flags & SPR_SPEC_I_PT)
8560		 || (param->flags & SPR_ALL_TG_PT)
8561		 || (param->flags & SPR_APTPL)) {
8562			int bit_ptr;
8563
8564			if (param->flags & SPR_APTPL)
8565				bit_ptr = 0;
8566			else if (param->flags & SPR_ALL_TG_PT)
8567				bit_ptr = 2;
8568			else /* SPR_SPEC_I_PT */
8569				bit_ptr = 3;
8570
8571			free(ctsio->kern_data_ptr, M_CTL);
8572			ctl_set_invalid_field(ctsio,
8573					      /*sks_valid*/ 1,
8574					      /*command*/ 0,
8575					      /*field*/ 20,
8576					      /*bit_valid*/ 1,
8577					      /*bit*/ bit_ptr);
8578			ctl_done((union ctl_io *)ctsio);
8579			return (CTL_RETVAL_COMPLETE);
8580		}
8581
8582		mtx_lock(&lun->lun_lock);
8583
8584		/*
8585		 * The initiator wants to clear the
8586		 * key/unregister.
8587		 */
8588		if (sa_res_key == 0) {
8589			if ((res_key == 0
8590			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8591			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8592			  && ctl_get_prkey(lun, residx) == 0)) {
8593				mtx_unlock(&lun->lun_lock);
8594				goto done;
8595			}
8596
8597			ctl_clr_prkey(lun, residx);
8598			lun->pr_key_count--;
8599
8600			if (residx == lun->pr_res_idx) {
8601				lun->flags &= ~CTL_LUN_PR_RESERVED;
8602				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8603
8604				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8605				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8606				 && lun->pr_key_count) {
8607					/*
8608					 * If the reservation is a registrants
8609					 * only type we need to generate a UA
8610					 * for other registered inits.  The
8611					 * sense code should be RESERVATIONS
8612					 * RELEASED
8613					 */
8614
8615					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8616						if (ctl_get_prkey(lun, i +
8617						    softc->persis_offset) == 0)
8618							continue;
8619						ctl_est_ua(lun, i,
8620						    CTL_UA_RES_RELEASE);
8621					}
8622				}
8623				lun->res_type = 0;
8624			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8625				if (lun->pr_key_count==0) {
8626					lun->flags &= ~CTL_LUN_PR_RESERVED;
8627					lun->res_type = 0;
8628					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8629				}
8630			}
8631			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8632			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8633			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8634			persis_io.pr.pr_info.residx = residx;
8635			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8636			     &persis_io, sizeof(persis_io), 0 )) >
8637			     CTL_HA_STATUS_SUCCESS) {
8638				printf("CTL:Persis Out error returned from "
8639				       "ctl_ha_msg_send %d\n", isc_retval);
8640			}
8641		} else /* sa_res_key != 0 */ {
8642
8643			/*
8644			 * If we aren't registered currently then increment
8645			 * the key count and set the registered flag.
8646			 */
8647			ctl_alloc_prkey(lun, residx);
8648			if (ctl_get_prkey(lun, residx) == 0)
8649				lun->pr_key_count++;
8650			ctl_set_prkey(lun, residx, sa_res_key);
8651
8652			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8653			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8654			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8655			persis_io.pr.pr_info.residx = residx;
8656			memcpy(persis_io.pr.pr_info.sa_res_key,
8657			       param->serv_act_res_key,
8658			       sizeof(param->serv_act_res_key));
8659			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8660			     &persis_io, sizeof(persis_io), 0)) >
8661			     CTL_HA_STATUS_SUCCESS) {
8662				printf("CTL:Persis Out error returned from "
8663				       "ctl_ha_msg_send %d\n", isc_retval);
8664			}
8665		}
8666		lun->PRGeneration++;
8667		mtx_unlock(&lun->lun_lock);
8668
8669		break;
8670	}
8671	case SPRO_RESERVE:
8672#if 0
8673                printf("Reserve executed type %d\n", type);
8674#endif
8675		mtx_lock(&lun->lun_lock);
8676		if (lun->flags & CTL_LUN_PR_RESERVED) {
8677			/*
8678			 * if this isn't the reservation holder and it's
8679			 * not a "all registrants" type or if the type is
8680			 * different then we have a conflict
8681			 */
8682			if ((lun->pr_res_idx != residx
8683			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8684			 || lun->res_type != type) {
8685				mtx_unlock(&lun->lun_lock);
8686				free(ctsio->kern_data_ptr, M_CTL);
8687				ctl_set_reservation_conflict(ctsio);
8688				ctl_done((union ctl_io *)ctsio);
8689				return (CTL_RETVAL_COMPLETE);
8690			}
8691			mtx_unlock(&lun->lun_lock);
8692		} else /* create a reservation */ {
8693			/*
8694			 * If it's not an "all registrants" type record
8695			 * reservation holder
8696			 */
8697			if (type != SPR_TYPE_WR_EX_AR
8698			 && type != SPR_TYPE_EX_AC_AR)
8699				lun->pr_res_idx = residx; /* Res holder */
8700			else
8701				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8702
8703			lun->flags |= CTL_LUN_PR_RESERVED;
8704			lun->res_type = type;
8705
8706			mtx_unlock(&lun->lun_lock);
8707
8708			/* send msg to other side */
8709			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8710			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8711			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8712			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8713			persis_io.pr.pr_info.res_type = type;
8714			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8715			     &persis_io, sizeof(persis_io), 0)) >
8716			     CTL_HA_STATUS_SUCCESS) {
8717				printf("CTL:Persis Out error returned from "
8718				       "ctl_ha_msg_send %d\n", isc_retval);
8719			}
8720		}
8721		break;
8722
8723	case SPRO_RELEASE:
8724		mtx_lock(&lun->lun_lock);
8725		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8726			/* No reservation exists return good status */
8727			mtx_unlock(&lun->lun_lock);
8728			goto done;
8729		}
8730		/*
8731		 * Is this nexus a reservation holder?
8732		 */
8733		if (lun->pr_res_idx != residx
8734		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8735			/*
8736			 * not a res holder return good status but
8737			 * do nothing
8738			 */
8739			mtx_unlock(&lun->lun_lock);
8740			goto done;
8741		}
8742
8743		if (lun->res_type != type) {
8744			mtx_unlock(&lun->lun_lock);
8745			free(ctsio->kern_data_ptr, M_CTL);
8746			ctl_set_illegal_pr_release(ctsio);
8747			ctl_done((union ctl_io *)ctsio);
8748			return (CTL_RETVAL_COMPLETE);
8749		}
8750
8751		/* okay to release */
8752		lun->flags &= ~CTL_LUN_PR_RESERVED;
8753		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8754		lun->res_type = 0;
8755
8756		/*
8757		 * if this isn't an exclusive access
8758		 * res generate UA for all other
8759		 * registrants.
8760		 */
8761		if (type != SPR_TYPE_EX_AC
8762		 && type != SPR_TYPE_WR_EX) {
8763			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8764				if (i == residx ||
8765				    ctl_get_prkey(lun,
8766				     i + softc->persis_offset) == 0)
8767					continue;
8768				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8769			}
8770		}
8771		mtx_unlock(&lun->lun_lock);
8772		/* Send msg to other side */
8773		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8774		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8775		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8776		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8777		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8778			printf("CTL:Persis Out error returned from "
8779			       "ctl_ha_msg_send %d\n", isc_retval);
8780		}
8781		break;
8782
8783	case SPRO_CLEAR:
8784		/* send msg to other side */
8785
8786		mtx_lock(&lun->lun_lock);
8787		lun->flags &= ~CTL_LUN_PR_RESERVED;
8788		lun->res_type = 0;
8789		lun->pr_key_count = 0;
8790		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8791
8792		ctl_clr_prkey(lun, residx);
8793		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8794			if (ctl_get_prkey(lun, i) != 0) {
8795				ctl_clr_prkey(lun, i);
8796				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8797			}
8798		lun->PRGeneration++;
8799		mtx_unlock(&lun->lun_lock);
8800		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8801		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8802		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8803		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8804		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8805			printf("CTL:Persis Out error returned from "
8806			       "ctl_ha_msg_send %d\n", isc_retval);
8807		}
8808		break;
8809
8810	case SPRO_PREEMPT:
8811	case SPRO_PRE_ABO: {
8812		int nretval;
8813
8814		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8815					  residx, ctsio, cdb, param);
8816		if (nretval != 0)
8817			return (CTL_RETVAL_COMPLETE);
8818		break;
8819	}
8820	default:
8821		panic("Invalid PR type %x", cdb->action);
8822	}
8823
8824done:
8825	free(ctsio->kern_data_ptr, M_CTL);
8826	ctl_set_success(ctsio);
8827	ctl_done((union ctl_io *)ctsio);
8828
8829	return (retval);
8830}
8831
8832/*
8833 * This routine is for handling a message from the other SC pertaining to
8834 * persistent reserve out. All the error checking will have been done
8835 * so only perorming the action need be done here to keep the two
8836 * in sync.
8837 */
8838static void
8839ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8840{
8841	struct ctl_lun *lun;
8842	struct ctl_softc *softc;
8843	int i;
8844	uint32_t targ_lun;
8845
8846	softc = control_softc;
8847
8848	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8849	lun = softc->ctl_luns[targ_lun];
8850	mtx_lock(&lun->lun_lock);
8851	switch(msg->pr.pr_info.action) {
8852	case CTL_PR_REG_KEY:
8853		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8854		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8855			lun->pr_key_count++;
8856		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8857		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8858		lun->PRGeneration++;
8859		break;
8860
8861	case CTL_PR_UNREG_KEY:
8862		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8863		lun->pr_key_count--;
8864
8865		/* XXX Need to see if the reservation has been released */
8866		/* if so do we need to generate UA? */
8867		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8868			lun->flags &= ~CTL_LUN_PR_RESERVED;
8869			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8870
8871			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8872			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8873			 && lun->pr_key_count) {
8874				/*
8875				 * If the reservation is a registrants
8876				 * only type we need to generate a UA
8877				 * for other registered inits.  The
8878				 * sense code should be RESERVATIONS
8879				 * RELEASED
8880				 */
8881
8882				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8883					if (ctl_get_prkey(lun, i +
8884					    softc->persis_offset) == 0)
8885						continue;
8886
8887					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8888				}
8889			}
8890			lun->res_type = 0;
8891		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8892			if (lun->pr_key_count==0) {
8893				lun->flags &= ~CTL_LUN_PR_RESERVED;
8894				lun->res_type = 0;
8895				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8896			}
8897		}
8898		lun->PRGeneration++;
8899		break;
8900
8901	case CTL_PR_RESERVE:
8902		lun->flags |= CTL_LUN_PR_RESERVED;
8903		lun->res_type = msg->pr.pr_info.res_type;
8904		lun->pr_res_idx = msg->pr.pr_info.residx;
8905
8906		break;
8907
8908	case CTL_PR_RELEASE:
8909		/*
8910		 * if this isn't an exclusive access res generate UA for all
8911		 * other registrants.
8912		 */
8913		if (lun->res_type != SPR_TYPE_EX_AC
8914		 && lun->res_type != SPR_TYPE_WR_EX) {
8915			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8916				if (ctl_get_prkey(lun, i + softc->persis_offset) != 0)
8917					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8918		}
8919
8920		lun->flags &= ~CTL_LUN_PR_RESERVED;
8921		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8922		lun->res_type = 0;
8923		break;
8924
8925	case CTL_PR_PREEMPT:
8926		ctl_pro_preempt_other(lun, msg);
8927		break;
8928	case CTL_PR_CLEAR:
8929		lun->flags &= ~CTL_LUN_PR_RESERVED;
8930		lun->res_type = 0;
8931		lun->pr_key_count = 0;
8932		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8933
8934		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8935			if (ctl_get_prkey(lun, i) == 0)
8936				continue;
8937			ctl_clr_prkey(lun, i);
8938			ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8939		}
8940		lun->PRGeneration++;
8941		break;
8942	}
8943
8944	mtx_unlock(&lun->lun_lock);
8945}
8946
8947int
8948ctl_read_write(struct ctl_scsiio *ctsio)
8949{
8950	struct ctl_lun *lun;
8951	struct ctl_lba_len_flags *lbalen;
8952	uint64_t lba;
8953	uint32_t num_blocks;
8954	int flags, retval;
8955	int isread;
8956
8957	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8958
8959	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8960
8961	flags = 0;
8962	retval = CTL_RETVAL_COMPLETE;
8963
8964	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8965	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8966	switch (ctsio->cdb[0]) {
8967	case READ_6:
8968	case WRITE_6: {
8969		struct scsi_rw_6 *cdb;
8970
8971		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8972
8973		lba = scsi_3btoul(cdb->addr);
8974		/* only 5 bits are valid in the most significant address byte */
8975		lba &= 0x1fffff;
8976		num_blocks = cdb->length;
8977		/*
8978		 * This is correct according to SBC-2.
8979		 */
8980		if (num_blocks == 0)
8981			num_blocks = 256;
8982		break;
8983	}
8984	case READ_10:
8985	case WRITE_10: {
8986		struct scsi_rw_10 *cdb;
8987
8988		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8989		if (cdb->byte2 & SRW10_FUA)
8990			flags |= CTL_LLF_FUA;
8991		if (cdb->byte2 & SRW10_DPO)
8992			flags |= CTL_LLF_DPO;
8993		lba = scsi_4btoul(cdb->addr);
8994		num_blocks = scsi_2btoul(cdb->length);
8995		break;
8996	}
8997	case WRITE_VERIFY_10: {
8998		struct scsi_write_verify_10 *cdb;
8999
9000		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
9001		flags |= CTL_LLF_FUA;
9002		if (cdb->byte2 & SWV_DPO)
9003			flags |= CTL_LLF_DPO;
9004		lba = scsi_4btoul(cdb->addr);
9005		num_blocks = scsi_2btoul(cdb->length);
9006		break;
9007	}
9008	case READ_12:
9009	case WRITE_12: {
9010		struct scsi_rw_12 *cdb;
9011
9012		cdb = (struct scsi_rw_12 *)ctsio->cdb;
9013		if (cdb->byte2 & SRW12_FUA)
9014			flags |= CTL_LLF_FUA;
9015		if (cdb->byte2 & SRW12_DPO)
9016			flags |= CTL_LLF_DPO;
9017		lba = scsi_4btoul(cdb->addr);
9018		num_blocks = scsi_4btoul(cdb->length);
9019		break;
9020	}
9021	case WRITE_VERIFY_12: {
9022		struct scsi_write_verify_12 *cdb;
9023
9024		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
9025		flags |= CTL_LLF_FUA;
9026		if (cdb->byte2 & SWV_DPO)
9027			flags |= CTL_LLF_DPO;
9028		lba = scsi_4btoul(cdb->addr);
9029		num_blocks = scsi_4btoul(cdb->length);
9030		break;
9031	}
9032	case READ_16:
9033	case WRITE_16: {
9034		struct scsi_rw_16 *cdb;
9035
9036		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9037		if (cdb->byte2 & SRW12_FUA)
9038			flags |= CTL_LLF_FUA;
9039		if (cdb->byte2 & SRW12_DPO)
9040			flags |= CTL_LLF_DPO;
9041		lba = scsi_8btou64(cdb->addr);
9042		num_blocks = scsi_4btoul(cdb->length);
9043		break;
9044	}
9045	case WRITE_ATOMIC_16: {
9046		struct scsi_rw_16 *cdb;
9047
9048		if (lun->be_lun->atomicblock == 0) {
9049			ctl_set_invalid_opcode(ctsio);
9050			ctl_done((union ctl_io *)ctsio);
9051			return (CTL_RETVAL_COMPLETE);
9052		}
9053
9054		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9055		if (cdb->byte2 & SRW12_FUA)
9056			flags |= CTL_LLF_FUA;
9057		if (cdb->byte2 & SRW12_DPO)
9058			flags |= CTL_LLF_DPO;
9059		lba = scsi_8btou64(cdb->addr);
9060		num_blocks = scsi_4btoul(cdb->length);
9061		if (num_blocks > lun->be_lun->atomicblock) {
9062			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
9063			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
9064			    /*bit*/ 0);
9065			ctl_done((union ctl_io *)ctsio);
9066			return (CTL_RETVAL_COMPLETE);
9067		}
9068		break;
9069	}
9070	case WRITE_VERIFY_16: {
9071		struct scsi_write_verify_16 *cdb;
9072
9073		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
9074		flags |= CTL_LLF_FUA;
9075		if (cdb->byte2 & SWV_DPO)
9076			flags |= CTL_LLF_DPO;
9077		lba = scsi_8btou64(cdb->addr);
9078		num_blocks = scsi_4btoul(cdb->length);
9079		break;
9080	}
9081	default:
9082		/*
9083		 * We got a command we don't support.  This shouldn't
9084		 * happen, commands should be filtered out above us.
9085		 */
9086		ctl_set_invalid_opcode(ctsio);
9087		ctl_done((union ctl_io *)ctsio);
9088
9089		return (CTL_RETVAL_COMPLETE);
9090		break; /* NOTREACHED */
9091	}
9092
9093	/*
9094	 * The first check is to make sure we're in bounds, the second
9095	 * check is to catch wrap-around problems.  If the lba + num blocks
9096	 * is less than the lba, then we've wrapped around and the block
9097	 * range is invalid anyway.
9098	 */
9099	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9100	 || ((lba + num_blocks) < lba)) {
9101		ctl_set_lba_out_of_range(ctsio);
9102		ctl_done((union ctl_io *)ctsio);
9103		return (CTL_RETVAL_COMPLETE);
9104	}
9105
9106	/*
9107	 * According to SBC-3, a transfer length of 0 is not an error.
9108	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9109	 * translates to 256 blocks for those commands.
9110	 */
9111	if (num_blocks == 0) {
9112		ctl_set_success(ctsio);
9113		ctl_done((union ctl_io *)ctsio);
9114		return (CTL_RETVAL_COMPLETE);
9115	}
9116
9117	/* Set FUA and/or DPO if caches are disabled. */
9118	if (isread) {
9119		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9120		    SCP_RCD) != 0)
9121			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9122	} else {
9123		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9124		    SCP_WCE) == 0)
9125			flags |= CTL_LLF_FUA;
9126	}
9127
9128	lbalen = (struct ctl_lba_len_flags *)
9129	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9130	lbalen->lba = lba;
9131	lbalen->len = num_blocks;
9132	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9133
9134	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9135	ctsio->kern_rel_offset = 0;
9136
9137	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9138
9139	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9140
9141	return (retval);
9142}
9143
9144static int
9145ctl_cnw_cont(union ctl_io *io)
9146{
9147	struct ctl_scsiio *ctsio;
9148	struct ctl_lun *lun;
9149	struct ctl_lba_len_flags *lbalen;
9150	int retval;
9151
9152	ctsio = &io->scsiio;
9153	ctsio->io_hdr.status = CTL_STATUS_NONE;
9154	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9155	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9156	lbalen = (struct ctl_lba_len_flags *)
9157	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9158	lbalen->flags &= ~CTL_LLF_COMPARE;
9159	lbalen->flags |= CTL_LLF_WRITE;
9160
9161	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9162	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9163	return (retval);
9164}
9165
9166int
9167ctl_cnw(struct ctl_scsiio *ctsio)
9168{
9169	struct ctl_lun *lun;
9170	struct ctl_lba_len_flags *lbalen;
9171	uint64_t lba;
9172	uint32_t num_blocks;
9173	int flags, retval;
9174
9175	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9176
9177	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9178
9179	flags = 0;
9180	retval = CTL_RETVAL_COMPLETE;
9181
9182	switch (ctsio->cdb[0]) {
9183	case COMPARE_AND_WRITE: {
9184		struct scsi_compare_and_write *cdb;
9185
9186		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9187		if (cdb->byte2 & SRW10_FUA)
9188			flags |= CTL_LLF_FUA;
9189		if (cdb->byte2 & SRW10_DPO)
9190			flags |= CTL_LLF_DPO;
9191		lba = scsi_8btou64(cdb->addr);
9192		num_blocks = cdb->length;
9193		break;
9194	}
9195	default:
9196		/*
9197		 * We got a command we don't support.  This shouldn't
9198		 * happen, commands should be filtered out above us.
9199		 */
9200		ctl_set_invalid_opcode(ctsio);
9201		ctl_done((union ctl_io *)ctsio);
9202
9203		return (CTL_RETVAL_COMPLETE);
9204		break; /* NOTREACHED */
9205	}
9206
9207	/*
9208	 * The first check is to make sure we're in bounds, the second
9209	 * check is to catch wrap-around problems.  If the lba + num blocks
9210	 * is less than the lba, then we've wrapped around and the block
9211	 * range is invalid anyway.
9212	 */
9213	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9214	 || ((lba + num_blocks) < lba)) {
9215		ctl_set_lba_out_of_range(ctsio);
9216		ctl_done((union ctl_io *)ctsio);
9217		return (CTL_RETVAL_COMPLETE);
9218	}
9219
9220	/*
9221	 * According to SBC-3, a transfer length of 0 is not an error.
9222	 */
9223	if (num_blocks == 0) {
9224		ctl_set_success(ctsio);
9225		ctl_done((union ctl_io *)ctsio);
9226		return (CTL_RETVAL_COMPLETE);
9227	}
9228
9229	/* Set FUA if write cache is disabled. */
9230	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9231	    SCP_WCE) == 0)
9232		flags |= CTL_LLF_FUA;
9233
9234	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9235	ctsio->kern_rel_offset = 0;
9236
9237	/*
9238	 * Set the IO_CONT flag, so that if this I/O gets passed to
9239	 * ctl_data_submit_done(), it'll get passed back to
9240	 * ctl_ctl_cnw_cont() for further processing.
9241	 */
9242	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9243	ctsio->io_cont = ctl_cnw_cont;
9244
9245	lbalen = (struct ctl_lba_len_flags *)
9246	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9247	lbalen->lba = lba;
9248	lbalen->len = num_blocks;
9249	lbalen->flags = CTL_LLF_COMPARE | flags;
9250
9251	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9252	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9253	return (retval);
9254}
9255
9256int
9257ctl_verify(struct ctl_scsiio *ctsio)
9258{
9259	struct ctl_lun *lun;
9260	struct ctl_lba_len_flags *lbalen;
9261	uint64_t lba;
9262	uint32_t num_blocks;
9263	int bytchk, flags;
9264	int retval;
9265
9266	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9267
9268	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9269
9270	bytchk = 0;
9271	flags = CTL_LLF_FUA;
9272	retval = CTL_RETVAL_COMPLETE;
9273
9274	switch (ctsio->cdb[0]) {
9275	case VERIFY_10: {
9276		struct scsi_verify_10 *cdb;
9277
9278		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9279		if (cdb->byte2 & SVFY_BYTCHK)
9280			bytchk = 1;
9281		if (cdb->byte2 & SVFY_DPO)
9282			flags |= CTL_LLF_DPO;
9283		lba = scsi_4btoul(cdb->addr);
9284		num_blocks = scsi_2btoul(cdb->length);
9285		break;
9286	}
9287	case VERIFY_12: {
9288		struct scsi_verify_12 *cdb;
9289
9290		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9291		if (cdb->byte2 & SVFY_BYTCHK)
9292			bytchk = 1;
9293		if (cdb->byte2 & SVFY_DPO)
9294			flags |= CTL_LLF_DPO;
9295		lba = scsi_4btoul(cdb->addr);
9296		num_blocks = scsi_4btoul(cdb->length);
9297		break;
9298	}
9299	case VERIFY_16: {
9300		struct scsi_rw_16 *cdb;
9301
9302		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9303		if (cdb->byte2 & SVFY_BYTCHK)
9304			bytchk = 1;
9305		if (cdb->byte2 & SVFY_DPO)
9306			flags |= CTL_LLF_DPO;
9307		lba = scsi_8btou64(cdb->addr);
9308		num_blocks = scsi_4btoul(cdb->length);
9309		break;
9310	}
9311	default:
9312		/*
9313		 * We got a command we don't support.  This shouldn't
9314		 * happen, commands should be filtered out above us.
9315		 */
9316		ctl_set_invalid_opcode(ctsio);
9317		ctl_done((union ctl_io *)ctsio);
9318		return (CTL_RETVAL_COMPLETE);
9319	}
9320
9321	/*
9322	 * The first check is to make sure we're in bounds, the second
9323	 * check is to catch wrap-around problems.  If the lba + num blocks
9324	 * is less than the lba, then we've wrapped around and the block
9325	 * range is invalid anyway.
9326	 */
9327	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9328	 || ((lba + num_blocks) < lba)) {
9329		ctl_set_lba_out_of_range(ctsio);
9330		ctl_done((union ctl_io *)ctsio);
9331		return (CTL_RETVAL_COMPLETE);
9332	}
9333
9334	/*
9335	 * According to SBC-3, a transfer length of 0 is not an error.
9336	 */
9337	if (num_blocks == 0) {
9338		ctl_set_success(ctsio);
9339		ctl_done((union ctl_io *)ctsio);
9340		return (CTL_RETVAL_COMPLETE);
9341	}
9342
9343	lbalen = (struct ctl_lba_len_flags *)
9344	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9345	lbalen->lba = lba;
9346	lbalen->len = num_blocks;
9347	if (bytchk) {
9348		lbalen->flags = CTL_LLF_COMPARE | flags;
9349		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9350	} else {
9351		lbalen->flags = CTL_LLF_VERIFY | flags;
9352		ctsio->kern_total_len = 0;
9353	}
9354	ctsio->kern_rel_offset = 0;
9355
9356	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9357	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9358	return (retval);
9359}
9360
9361int
9362ctl_report_luns(struct ctl_scsiio *ctsio)
9363{
9364	struct ctl_softc *softc = control_softc;
9365	struct scsi_report_luns *cdb;
9366	struct scsi_report_luns_data *lun_data;
9367	struct ctl_lun *lun, *request_lun;
9368	struct ctl_port *port;
9369	int num_luns, retval;
9370	uint32_t alloc_len, lun_datalen;
9371	int num_filled, well_known;
9372	uint32_t initidx, targ_lun_id, lun_id;
9373
9374	retval = CTL_RETVAL_COMPLETE;
9375	well_known = 0;
9376
9377	cdb = (struct scsi_report_luns *)ctsio->cdb;
9378	port = ctl_io_port(&ctsio->io_hdr);
9379
9380	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9381
9382	mtx_lock(&softc->ctl_lock);
9383	num_luns = 0;
9384	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9385		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9386			num_luns++;
9387	}
9388	mtx_unlock(&softc->ctl_lock);
9389
9390	switch (cdb->select_report) {
9391	case RPL_REPORT_DEFAULT:
9392	case RPL_REPORT_ALL:
9393		break;
9394	case RPL_REPORT_WELLKNOWN:
9395		well_known = 1;
9396		num_luns = 0;
9397		break;
9398	default:
9399		ctl_set_invalid_field(ctsio,
9400				      /*sks_valid*/ 1,
9401				      /*command*/ 1,
9402				      /*field*/ 2,
9403				      /*bit_valid*/ 0,
9404				      /*bit*/ 0);
9405		ctl_done((union ctl_io *)ctsio);
9406		return (retval);
9407		break; /* NOTREACHED */
9408	}
9409
9410	alloc_len = scsi_4btoul(cdb->length);
9411	/*
9412	 * The initiator has to allocate at least 16 bytes for this request,
9413	 * so he can at least get the header and the first LUN.  Otherwise
9414	 * we reject the request (per SPC-3 rev 14, section 6.21).
9415	 */
9416	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9417	    sizeof(struct scsi_report_luns_lundata))) {
9418		ctl_set_invalid_field(ctsio,
9419				      /*sks_valid*/ 1,
9420				      /*command*/ 1,
9421				      /*field*/ 6,
9422				      /*bit_valid*/ 0,
9423				      /*bit*/ 0);
9424		ctl_done((union ctl_io *)ctsio);
9425		return (retval);
9426	}
9427
9428	request_lun = (struct ctl_lun *)
9429		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9430
9431	lun_datalen = sizeof(*lun_data) +
9432		(num_luns * sizeof(struct scsi_report_luns_lundata));
9433
9434	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9435	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9436	ctsio->kern_sg_entries = 0;
9437
9438	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9439
9440	mtx_lock(&softc->ctl_lock);
9441	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9442		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9443		if (lun_id >= CTL_MAX_LUNS)
9444			continue;
9445		lun = softc->ctl_luns[lun_id];
9446		if (lun == NULL)
9447			continue;
9448
9449		if (targ_lun_id <= 0xff) {
9450			/*
9451			 * Peripheral addressing method, bus number 0.
9452			 */
9453			lun_data->luns[num_filled].lundata[0] =
9454				RPL_LUNDATA_ATYP_PERIPH;
9455			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9456			num_filled++;
9457		} else if (targ_lun_id <= 0x3fff) {
9458			/*
9459			 * Flat addressing method.
9460			 */
9461			lun_data->luns[num_filled].lundata[0] =
9462				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9463			lun_data->luns[num_filled].lundata[1] =
9464				(targ_lun_id & 0xff);
9465			num_filled++;
9466		} else if (targ_lun_id <= 0xffffff) {
9467			/*
9468			 * Extended flat addressing method.
9469			 */
9470			lun_data->luns[num_filled].lundata[0] =
9471			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9472			scsi_ulto3b(targ_lun_id,
9473			    &lun_data->luns[num_filled].lundata[1]);
9474			num_filled++;
9475		} else {
9476			printf("ctl_report_luns: bogus LUN number %jd, "
9477			       "skipping\n", (intmax_t)targ_lun_id);
9478		}
9479		/*
9480		 * According to SPC-3, rev 14 section 6.21:
9481		 *
9482		 * "The execution of a REPORT LUNS command to any valid and
9483		 * installed logical unit shall clear the REPORTED LUNS DATA
9484		 * HAS CHANGED unit attention condition for all logical
9485		 * units of that target with respect to the requesting
9486		 * initiator. A valid and installed logical unit is one
9487		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9488		 * INQUIRY data (see 6.4.2)."
9489		 *
9490		 * If request_lun is NULL, the LUN this report luns command
9491		 * was issued to is either disabled or doesn't exist. In that
9492		 * case, we shouldn't clear any pending lun change unit
9493		 * attention.
9494		 */
9495		if (request_lun != NULL) {
9496			mtx_lock(&lun->lun_lock);
9497			ctl_clr_ua(lun, initidx, CTL_UA_RES_RELEASE);
9498			mtx_unlock(&lun->lun_lock);
9499		}
9500	}
9501	mtx_unlock(&softc->ctl_lock);
9502
9503	/*
9504	 * It's quite possible that we've returned fewer LUNs than we allocated
9505	 * space for.  Trim it.
9506	 */
9507	lun_datalen = sizeof(*lun_data) +
9508		(num_filled * sizeof(struct scsi_report_luns_lundata));
9509
9510	if (lun_datalen < alloc_len) {
9511		ctsio->residual = alloc_len - lun_datalen;
9512		ctsio->kern_data_len = lun_datalen;
9513		ctsio->kern_total_len = lun_datalen;
9514	} else {
9515		ctsio->residual = 0;
9516		ctsio->kern_data_len = alloc_len;
9517		ctsio->kern_total_len = alloc_len;
9518	}
9519	ctsio->kern_data_resid = 0;
9520	ctsio->kern_rel_offset = 0;
9521	ctsio->kern_sg_entries = 0;
9522
9523	/*
9524	 * We set this to the actual data length, regardless of how much
9525	 * space we actually have to return results.  If the user looks at
9526	 * this value, he'll know whether or not he allocated enough space
9527	 * and reissue the command if necessary.  We don't support well
9528	 * known logical units, so if the user asks for that, return none.
9529	 */
9530	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9531
9532	/*
9533	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9534	 * this request.
9535	 */
9536	ctl_set_success(ctsio);
9537	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9538	ctsio->be_move_done = ctl_config_move_done;
9539	ctl_datamove((union ctl_io *)ctsio);
9540	return (retval);
9541}
9542
9543int
9544ctl_request_sense(struct ctl_scsiio *ctsio)
9545{
9546	struct scsi_request_sense *cdb;
9547	struct scsi_sense_data *sense_ptr;
9548	struct ctl_softc *ctl_softc;
9549	struct ctl_lun *lun;
9550	uint32_t initidx;
9551	int have_error;
9552	scsi_sense_data_type sense_format;
9553	ctl_ua_type ua_type;
9554
9555	cdb = (struct scsi_request_sense *)ctsio->cdb;
9556
9557	ctl_softc = control_softc;
9558	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9559
9560	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9561
9562	/*
9563	 * Determine which sense format the user wants.
9564	 */
9565	if (cdb->byte2 & SRS_DESC)
9566		sense_format = SSD_TYPE_DESC;
9567	else
9568		sense_format = SSD_TYPE_FIXED;
9569
9570	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9571	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9572	ctsio->kern_sg_entries = 0;
9573
9574	/*
9575	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9576	 * larger than the largest allowed value for the length field in the
9577	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9578	 */
9579	ctsio->residual = 0;
9580	ctsio->kern_data_len = cdb->length;
9581	ctsio->kern_total_len = cdb->length;
9582
9583	ctsio->kern_data_resid = 0;
9584	ctsio->kern_rel_offset = 0;
9585	ctsio->kern_sg_entries = 0;
9586
9587	/*
9588	 * If we don't have a LUN, we don't have any pending sense.
9589	 */
9590	if (lun == NULL)
9591		goto no_sense;
9592
9593	have_error = 0;
9594	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9595	/*
9596	 * Check for pending sense, and then for pending unit attentions.
9597	 * Pending sense gets returned first, then pending unit attentions.
9598	 */
9599	mtx_lock(&lun->lun_lock);
9600#ifdef CTL_WITH_CA
9601	if (ctl_is_set(lun->have_ca, initidx)) {
9602		scsi_sense_data_type stored_format;
9603
9604		/*
9605		 * Check to see which sense format was used for the stored
9606		 * sense data.
9607		 */
9608		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9609
9610		/*
9611		 * If the user requested a different sense format than the
9612		 * one we stored, then we need to convert it to the other
9613		 * format.  If we're going from descriptor to fixed format
9614		 * sense data, we may lose things in translation, depending
9615		 * on what options were used.
9616		 *
9617		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9618		 * for some reason we'll just copy it out as-is.
9619		 */
9620		if ((stored_format == SSD_TYPE_FIXED)
9621		 && (sense_format == SSD_TYPE_DESC))
9622			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9623			    &lun->pending_sense[initidx],
9624			    (struct scsi_sense_data_desc *)sense_ptr);
9625		else if ((stored_format == SSD_TYPE_DESC)
9626		      && (sense_format == SSD_TYPE_FIXED))
9627			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9628			    &lun->pending_sense[initidx],
9629			    (struct scsi_sense_data_fixed *)sense_ptr);
9630		else
9631			memcpy(sense_ptr, &lun->pending_sense[initidx],
9632			       MIN(sizeof(*sense_ptr),
9633			       sizeof(lun->pending_sense[initidx])));
9634
9635		ctl_clear_mask(lun->have_ca, initidx);
9636		have_error = 1;
9637	} else
9638#endif
9639	{
9640		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9641		if (ua_type != CTL_UA_NONE)
9642			have_error = 1;
9643		if (ua_type == CTL_UA_LUN_CHANGE) {
9644			mtx_unlock(&lun->lun_lock);
9645			mtx_lock(&ctl_softc->ctl_lock);
9646			ctl_clear_ua(ctl_softc, initidx, ua_type);
9647			mtx_unlock(&ctl_softc->ctl_lock);
9648			mtx_lock(&lun->lun_lock);
9649		}
9650
9651	}
9652	mtx_unlock(&lun->lun_lock);
9653
9654	/*
9655	 * We already have a pending error, return it.
9656	 */
9657	if (have_error != 0) {
9658		/*
9659		 * We report the SCSI status as OK, since the status of the
9660		 * request sense command itself is OK.
9661		 * We report 0 for the sense length, because we aren't doing
9662		 * autosense in this case.  We're reporting sense as
9663		 * parameter data.
9664		 */
9665		ctl_set_success(ctsio);
9666		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9667		ctsio->be_move_done = ctl_config_move_done;
9668		ctl_datamove((union ctl_io *)ctsio);
9669		return (CTL_RETVAL_COMPLETE);
9670	}
9671
9672no_sense:
9673
9674	/*
9675	 * No sense information to report, so we report that everything is
9676	 * okay.
9677	 */
9678	ctl_set_sense_data(sense_ptr,
9679			   lun,
9680			   sense_format,
9681			   /*current_error*/ 1,
9682			   /*sense_key*/ SSD_KEY_NO_SENSE,
9683			   /*asc*/ 0x00,
9684			   /*ascq*/ 0x00,
9685			   SSD_ELEM_NONE);
9686
9687	/*
9688	 * We report 0 for the sense length, because we aren't doing
9689	 * autosense in this case.  We're reporting sense as parameter data.
9690	 */
9691	ctl_set_success(ctsio);
9692	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9693	ctsio->be_move_done = ctl_config_move_done;
9694	ctl_datamove((union ctl_io *)ctsio);
9695	return (CTL_RETVAL_COMPLETE);
9696}
9697
9698int
9699ctl_tur(struct ctl_scsiio *ctsio)
9700{
9701
9702	CTL_DEBUG_PRINT(("ctl_tur\n"));
9703
9704	ctl_set_success(ctsio);
9705	ctl_done((union ctl_io *)ctsio);
9706
9707	return (CTL_RETVAL_COMPLETE);
9708}
9709
9710#ifdef notyet
9711static int
9712ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9713{
9714
9715}
9716#endif
9717
9718/*
9719 * SCSI VPD page 0x00, the Supported VPD Pages page.
9720 */
9721static int
9722ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9723{
9724	struct scsi_vpd_supported_pages *pages;
9725	int sup_page_size;
9726	struct ctl_lun *lun;
9727	int p;
9728
9729	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9730
9731	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9732	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9733	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9734	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9735	ctsio->kern_sg_entries = 0;
9736
9737	if (sup_page_size < alloc_len) {
9738		ctsio->residual = alloc_len - sup_page_size;
9739		ctsio->kern_data_len = sup_page_size;
9740		ctsio->kern_total_len = sup_page_size;
9741	} else {
9742		ctsio->residual = 0;
9743		ctsio->kern_data_len = alloc_len;
9744		ctsio->kern_total_len = alloc_len;
9745	}
9746	ctsio->kern_data_resid = 0;
9747	ctsio->kern_rel_offset = 0;
9748	ctsio->kern_sg_entries = 0;
9749
9750	/*
9751	 * The control device is always connected.  The disk device, on the
9752	 * other hand, may not be online all the time.  Need to change this
9753	 * to figure out whether the disk device is actually online or not.
9754	 */
9755	if (lun != NULL)
9756		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9757				lun->be_lun->lun_type;
9758	else
9759		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9760
9761	p = 0;
9762	/* Supported VPD pages */
9763	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9764	/* Serial Number */
9765	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9766	/* Device Identification */
9767	pages->page_list[p++] = SVPD_DEVICE_ID;
9768	/* Extended INQUIRY Data */
9769	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9770	/* Mode Page Policy */
9771	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9772	/* SCSI Ports */
9773	pages->page_list[p++] = SVPD_SCSI_PORTS;
9774	/* Third-party Copy */
9775	pages->page_list[p++] = SVPD_SCSI_TPC;
9776	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9777		/* Block limits */
9778		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9779		/* Block Device Characteristics */
9780		pages->page_list[p++] = SVPD_BDC;
9781		/* Logical Block Provisioning */
9782		pages->page_list[p++] = SVPD_LBP;
9783	}
9784	pages->length = p;
9785
9786	ctl_set_success(ctsio);
9787	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9788	ctsio->be_move_done = ctl_config_move_done;
9789	ctl_datamove((union ctl_io *)ctsio);
9790	return (CTL_RETVAL_COMPLETE);
9791}
9792
9793/*
9794 * SCSI VPD page 0x80, the Unit Serial Number page.
9795 */
9796static int
9797ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9798{
9799	struct scsi_vpd_unit_serial_number *sn_ptr;
9800	struct ctl_lun *lun;
9801	int data_len;
9802
9803	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9804
9805	data_len = 4 + CTL_SN_LEN;
9806	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9807	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9808	if (data_len < alloc_len) {
9809		ctsio->residual = alloc_len - data_len;
9810		ctsio->kern_data_len = data_len;
9811		ctsio->kern_total_len = data_len;
9812	} else {
9813		ctsio->residual = 0;
9814		ctsio->kern_data_len = alloc_len;
9815		ctsio->kern_total_len = alloc_len;
9816	}
9817	ctsio->kern_data_resid = 0;
9818	ctsio->kern_rel_offset = 0;
9819	ctsio->kern_sg_entries = 0;
9820
9821	/*
9822	 * The control device is always connected.  The disk device, on the
9823	 * other hand, may not be online all the time.  Need to change this
9824	 * to figure out whether the disk device is actually online or not.
9825	 */
9826	if (lun != NULL)
9827		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9828				  lun->be_lun->lun_type;
9829	else
9830		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9831
9832	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9833	sn_ptr->length = CTL_SN_LEN;
9834	/*
9835	 * If we don't have a LUN, we just leave the serial number as
9836	 * all spaces.
9837	 */
9838	if (lun != NULL) {
9839		strncpy((char *)sn_ptr->serial_num,
9840			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9841	} else
9842		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9843
9844	ctl_set_success(ctsio);
9845	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9846	ctsio->be_move_done = ctl_config_move_done;
9847	ctl_datamove((union ctl_io *)ctsio);
9848	return (CTL_RETVAL_COMPLETE);
9849}
9850
9851
9852/*
9853 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9854 */
9855static int
9856ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9857{
9858	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9859	struct ctl_lun *lun;
9860	int data_len;
9861
9862	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9863
9864	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9865	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9866	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9867	ctsio->kern_sg_entries = 0;
9868
9869	if (data_len < alloc_len) {
9870		ctsio->residual = alloc_len - data_len;
9871		ctsio->kern_data_len = data_len;
9872		ctsio->kern_total_len = data_len;
9873	} else {
9874		ctsio->residual = 0;
9875		ctsio->kern_data_len = alloc_len;
9876		ctsio->kern_total_len = alloc_len;
9877	}
9878	ctsio->kern_data_resid = 0;
9879	ctsio->kern_rel_offset = 0;
9880	ctsio->kern_sg_entries = 0;
9881
9882	/*
9883	 * The control device is always connected.  The disk device, on the
9884	 * other hand, may not be online all the time.
9885	 */
9886	if (lun != NULL)
9887		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9888				     lun->be_lun->lun_type;
9889	else
9890		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9891	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9892	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9893	/*
9894	 * We support head of queue, ordered and simple tags.
9895	 */
9896	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9897	/*
9898	 * Volatile cache supported.
9899	 */
9900	eid_ptr->flags3 = SVPD_EID_V_SUP;
9901
9902	/*
9903	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9904	 * attention for a particular IT nexus on all LUNs once we report
9905	 * it to that nexus once.  This bit is required as of SPC-4.
9906	 */
9907	eid_ptr->flags4 = SVPD_EID_LUICLT;
9908
9909	/*
9910	 * XXX KDM in order to correctly answer this, we would need
9911	 * information from the SIM to determine how much sense data it
9912	 * can send.  So this would really be a path inquiry field, most
9913	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9914	 * but the hardware may or may not be able to support that much.
9915	 * 0 just means that the maximum sense data length is not reported.
9916	 */
9917	eid_ptr->max_sense_length = 0;
9918
9919	ctl_set_success(ctsio);
9920	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9921	ctsio->be_move_done = ctl_config_move_done;
9922	ctl_datamove((union ctl_io *)ctsio);
9923	return (CTL_RETVAL_COMPLETE);
9924}
9925
9926static int
9927ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9928{
9929	struct scsi_vpd_mode_page_policy *mpp_ptr;
9930	struct ctl_lun *lun;
9931	int data_len;
9932
9933	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9934
9935	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9936	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9937
9938	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9939	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9940	ctsio->kern_sg_entries = 0;
9941
9942	if (data_len < alloc_len) {
9943		ctsio->residual = alloc_len - data_len;
9944		ctsio->kern_data_len = data_len;
9945		ctsio->kern_total_len = data_len;
9946	} else {
9947		ctsio->residual = 0;
9948		ctsio->kern_data_len = alloc_len;
9949		ctsio->kern_total_len = alloc_len;
9950	}
9951	ctsio->kern_data_resid = 0;
9952	ctsio->kern_rel_offset = 0;
9953	ctsio->kern_sg_entries = 0;
9954
9955	/*
9956	 * The control device is always connected.  The disk device, on the
9957	 * other hand, may not be online all the time.
9958	 */
9959	if (lun != NULL)
9960		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9961				     lun->be_lun->lun_type;
9962	else
9963		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9964	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9965	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9966	mpp_ptr->descr[0].page_code = 0x3f;
9967	mpp_ptr->descr[0].subpage_code = 0xff;
9968	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9969
9970	ctl_set_success(ctsio);
9971	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9972	ctsio->be_move_done = ctl_config_move_done;
9973	ctl_datamove((union ctl_io *)ctsio);
9974	return (CTL_RETVAL_COMPLETE);
9975}
9976
9977/*
9978 * SCSI VPD page 0x83, the Device Identification page.
9979 */
9980static int
9981ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9982{
9983	struct scsi_vpd_device_id *devid_ptr;
9984	struct scsi_vpd_id_descriptor *desc;
9985	struct ctl_softc *softc;
9986	struct ctl_lun *lun;
9987	struct ctl_port *port;
9988	int data_len;
9989	uint8_t proto;
9990
9991	softc = control_softc;
9992
9993	port = softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9994	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9995
9996	data_len = sizeof(struct scsi_vpd_device_id) +
9997	    sizeof(struct scsi_vpd_id_descriptor) +
9998		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9999	    sizeof(struct scsi_vpd_id_descriptor) +
10000		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
10001	if (lun && lun->lun_devid)
10002		data_len += lun->lun_devid->len;
10003	if (port->port_devid)
10004		data_len += port->port_devid->len;
10005	if (port->target_devid)
10006		data_len += port->target_devid->len;
10007
10008	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10009	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
10010	ctsio->kern_sg_entries = 0;
10011
10012	if (data_len < alloc_len) {
10013		ctsio->residual = alloc_len - data_len;
10014		ctsio->kern_data_len = data_len;
10015		ctsio->kern_total_len = data_len;
10016	} else {
10017		ctsio->residual = 0;
10018		ctsio->kern_data_len = alloc_len;
10019		ctsio->kern_total_len = alloc_len;
10020	}
10021	ctsio->kern_data_resid = 0;
10022	ctsio->kern_rel_offset = 0;
10023	ctsio->kern_sg_entries = 0;
10024
10025	/*
10026	 * The control device is always connected.  The disk device, on the
10027	 * other hand, may not be online all the time.
10028	 */
10029	if (lun != NULL)
10030		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10031				     lun->be_lun->lun_type;
10032	else
10033		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10034	devid_ptr->page_code = SVPD_DEVICE_ID;
10035	scsi_ulto2b(data_len - 4, devid_ptr->length);
10036
10037	if (port->port_type == CTL_PORT_FC)
10038		proto = SCSI_PROTO_FC << 4;
10039	else if (port->port_type == CTL_PORT_ISCSI)
10040		proto = SCSI_PROTO_ISCSI << 4;
10041	else
10042		proto = SCSI_PROTO_SPI << 4;
10043	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
10044
10045	/*
10046	 * We're using a LUN association here.  i.e., this device ID is a
10047	 * per-LUN identifier.
10048	 */
10049	if (lun && lun->lun_devid) {
10050		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
10051		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
10052		    lun->lun_devid->len);
10053	}
10054
10055	/*
10056	 * This is for the WWPN which is a port association.
10057	 */
10058	if (port->port_devid) {
10059		memcpy(desc, port->port_devid->data, port->port_devid->len);
10060		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
10061		    port->port_devid->len);
10062	}
10063
10064	/*
10065	 * This is for the Relative Target Port(type 4h) identifier
10066	 */
10067	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
10068	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
10069	    SVPD_ID_TYPE_RELTARG;
10070	desc->length = 4;
10071	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
10072	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10073	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
10074
10075	/*
10076	 * This is for the Target Port Group(type 5h) identifier
10077	 */
10078	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
10079	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
10080	    SVPD_ID_TYPE_TPORTGRP;
10081	desc->length = 4;
10082	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
10083	    &desc->identifier[2]);
10084	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10085	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
10086
10087	/*
10088	 * This is for the Target identifier
10089	 */
10090	if (port->target_devid) {
10091		memcpy(desc, port->target_devid->data, port->target_devid->len);
10092	}
10093
10094	ctl_set_success(ctsio);
10095	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10096	ctsio->be_move_done = ctl_config_move_done;
10097	ctl_datamove((union ctl_io *)ctsio);
10098	return (CTL_RETVAL_COMPLETE);
10099}
10100
10101static int
10102ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
10103{
10104	struct ctl_softc *softc = control_softc;
10105	struct scsi_vpd_scsi_ports *sp;
10106	struct scsi_vpd_port_designation *pd;
10107	struct scsi_vpd_port_designation_cont *pdc;
10108	struct ctl_lun *lun;
10109	struct ctl_port *port;
10110	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
10111	int num_target_port_groups;
10112
10113	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10114
10115	if (softc->is_single)
10116		num_target_port_groups = 1;
10117	else
10118		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
10119	num_target_ports = 0;
10120	iid_len = 0;
10121	id_len = 0;
10122	mtx_lock(&softc->ctl_lock);
10123	STAILQ_FOREACH(port, &softc->port_list, links) {
10124		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10125			continue;
10126		if (lun != NULL &&
10127		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
10128			continue;
10129		num_target_ports++;
10130		if (port->init_devid)
10131			iid_len += port->init_devid->len;
10132		if (port->port_devid)
10133			id_len += port->port_devid->len;
10134	}
10135	mtx_unlock(&softc->ctl_lock);
10136
10137	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
10138	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10139	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10140	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10141	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10142	ctsio->kern_sg_entries = 0;
10143
10144	if (data_len < alloc_len) {
10145		ctsio->residual = alloc_len - data_len;
10146		ctsio->kern_data_len = data_len;
10147		ctsio->kern_total_len = data_len;
10148	} else {
10149		ctsio->residual = 0;
10150		ctsio->kern_data_len = alloc_len;
10151		ctsio->kern_total_len = alloc_len;
10152	}
10153	ctsio->kern_data_resid = 0;
10154	ctsio->kern_rel_offset = 0;
10155	ctsio->kern_sg_entries = 0;
10156
10157	/*
10158	 * The control device is always connected.  The disk device, on the
10159	 * other hand, may not be online all the time.  Need to change this
10160	 * to figure out whether the disk device is actually online or not.
10161	 */
10162	if (lun != NULL)
10163		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10164				  lun->be_lun->lun_type;
10165	else
10166		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10167
10168	sp->page_code = SVPD_SCSI_PORTS;
10169	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10170	    sp->page_length);
10171	pd = &sp->design[0];
10172
10173	mtx_lock(&softc->ctl_lock);
10174	pg = softc->port_offset / CTL_MAX_PORTS;
10175	for (g = 0; g < num_target_port_groups; g++) {
10176		STAILQ_FOREACH(port, &softc->port_list, links) {
10177			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10178				continue;
10179			if (lun != NULL &&
10180			    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
10181				continue;
10182			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
10183			scsi_ulto2b(p, pd->relative_port_id);
10184			if (port->init_devid && g == pg) {
10185				iid_len = port->init_devid->len;
10186				memcpy(pd->initiator_transportid,
10187				    port->init_devid->data, port->init_devid->len);
10188			} else
10189				iid_len = 0;
10190			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10191			pdc = (struct scsi_vpd_port_designation_cont *)
10192			    (&pd->initiator_transportid[iid_len]);
10193			if (port->port_devid && g == pg) {
10194				id_len = port->port_devid->len;
10195				memcpy(pdc->target_port_descriptors,
10196				    port->port_devid->data, port->port_devid->len);
10197			} else
10198				id_len = 0;
10199			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10200			pd = (struct scsi_vpd_port_designation *)
10201			    ((uint8_t *)pdc->target_port_descriptors + id_len);
10202		}
10203	}
10204	mtx_unlock(&softc->ctl_lock);
10205
10206	ctl_set_success(ctsio);
10207	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10208	ctsio->be_move_done = ctl_config_move_done;
10209	ctl_datamove((union ctl_io *)ctsio);
10210	return (CTL_RETVAL_COMPLETE);
10211}
10212
10213static int
10214ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10215{
10216	struct scsi_vpd_block_limits *bl_ptr;
10217	struct ctl_lun *lun;
10218	int bs;
10219
10220	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10221
10222	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10223	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10224	ctsio->kern_sg_entries = 0;
10225
10226	if (sizeof(*bl_ptr) < alloc_len) {
10227		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10228		ctsio->kern_data_len = sizeof(*bl_ptr);
10229		ctsio->kern_total_len = sizeof(*bl_ptr);
10230	} else {
10231		ctsio->residual = 0;
10232		ctsio->kern_data_len = alloc_len;
10233		ctsio->kern_total_len = alloc_len;
10234	}
10235	ctsio->kern_data_resid = 0;
10236	ctsio->kern_rel_offset = 0;
10237	ctsio->kern_sg_entries = 0;
10238
10239	/*
10240	 * The control device is always connected.  The disk device, on the
10241	 * other hand, may not be online all the time.  Need to change this
10242	 * to figure out whether the disk device is actually online or not.
10243	 */
10244	if (lun != NULL)
10245		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10246				  lun->be_lun->lun_type;
10247	else
10248		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10249
10250	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10251	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10252	bl_ptr->max_cmp_write_len = 0xff;
10253	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10254	if (lun != NULL) {
10255		bs = lun->be_lun->blocksize;
10256		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
10257		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10258			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10259			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10260			if (lun->be_lun->ublockexp != 0) {
10261				scsi_ulto4b((1 << lun->be_lun->ublockexp),
10262				    bl_ptr->opt_unmap_grain);
10263				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
10264				    bl_ptr->unmap_grain_align);
10265			}
10266		}
10267		scsi_ulto4b(lun->be_lun->atomicblock,
10268		    bl_ptr->max_atomic_transfer_length);
10269		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10270		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10271	}
10272	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10273
10274	ctl_set_success(ctsio);
10275	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10276	ctsio->be_move_done = ctl_config_move_done;
10277	ctl_datamove((union ctl_io *)ctsio);
10278	return (CTL_RETVAL_COMPLETE);
10279}
10280
10281static int
10282ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10283{
10284	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10285	struct ctl_lun *lun;
10286	const char *value;
10287	u_int i;
10288
10289	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10290
10291	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10292	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10293	ctsio->kern_sg_entries = 0;
10294
10295	if (sizeof(*bdc_ptr) < alloc_len) {
10296		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10297		ctsio->kern_data_len = sizeof(*bdc_ptr);
10298		ctsio->kern_total_len = sizeof(*bdc_ptr);
10299	} else {
10300		ctsio->residual = 0;
10301		ctsio->kern_data_len = alloc_len;
10302		ctsio->kern_total_len = alloc_len;
10303	}
10304	ctsio->kern_data_resid = 0;
10305	ctsio->kern_rel_offset = 0;
10306	ctsio->kern_sg_entries = 0;
10307
10308	/*
10309	 * The control device is always connected.  The disk device, on the
10310	 * other hand, may not be online all the time.  Need to change this
10311	 * to figure out whether the disk device is actually online or not.
10312	 */
10313	if (lun != NULL)
10314		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10315				  lun->be_lun->lun_type;
10316	else
10317		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10318	bdc_ptr->page_code = SVPD_BDC;
10319	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10320	if (lun != NULL &&
10321	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10322		i = strtol(value, NULL, 0);
10323	else
10324		i = CTL_DEFAULT_ROTATION_RATE;
10325	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10326	if (lun != NULL &&
10327	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10328		i = strtol(value, NULL, 0);
10329	else
10330		i = 0;
10331	bdc_ptr->wab_wac_ff = (i & 0x0f);
10332	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10333
10334	ctl_set_success(ctsio);
10335	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10336	ctsio->be_move_done = ctl_config_move_done;
10337	ctl_datamove((union ctl_io *)ctsio);
10338	return (CTL_RETVAL_COMPLETE);
10339}
10340
10341static int
10342ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10343{
10344	struct scsi_vpd_logical_block_prov *lbp_ptr;
10345	struct ctl_lun *lun;
10346
10347	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10348
10349	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10350	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10351	ctsio->kern_sg_entries = 0;
10352
10353	if (sizeof(*lbp_ptr) < alloc_len) {
10354		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10355		ctsio->kern_data_len = sizeof(*lbp_ptr);
10356		ctsio->kern_total_len = sizeof(*lbp_ptr);
10357	} else {
10358		ctsio->residual = 0;
10359		ctsio->kern_data_len = alloc_len;
10360		ctsio->kern_total_len = alloc_len;
10361	}
10362	ctsio->kern_data_resid = 0;
10363	ctsio->kern_rel_offset = 0;
10364	ctsio->kern_sg_entries = 0;
10365
10366	/*
10367	 * The control device is always connected.  The disk device, on the
10368	 * other hand, may not be online all the time.  Need to change this
10369	 * to figure out whether the disk device is actually online or not.
10370	 */
10371	if (lun != NULL)
10372		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10373				  lun->be_lun->lun_type;
10374	else
10375		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10376
10377	lbp_ptr->page_code = SVPD_LBP;
10378	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10379	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10380	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10381		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10382		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10383		lbp_ptr->prov_type = SVPD_LBP_THIN;
10384	}
10385
10386	ctl_set_success(ctsio);
10387	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10388	ctsio->be_move_done = ctl_config_move_done;
10389	ctl_datamove((union ctl_io *)ctsio);
10390	return (CTL_RETVAL_COMPLETE);
10391}
10392
10393/*
10394 * INQUIRY with the EVPD bit set.
10395 */
10396static int
10397ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10398{
10399	struct ctl_lun *lun;
10400	struct scsi_inquiry *cdb;
10401	int alloc_len, retval;
10402
10403	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10404	cdb = (struct scsi_inquiry *)ctsio->cdb;
10405	alloc_len = scsi_2btoul(cdb->length);
10406
10407	switch (cdb->page_code) {
10408	case SVPD_SUPPORTED_PAGES:
10409		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10410		break;
10411	case SVPD_UNIT_SERIAL_NUMBER:
10412		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10413		break;
10414	case SVPD_DEVICE_ID:
10415		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10416		break;
10417	case SVPD_EXTENDED_INQUIRY_DATA:
10418		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10419		break;
10420	case SVPD_MODE_PAGE_POLICY:
10421		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10422		break;
10423	case SVPD_SCSI_PORTS:
10424		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10425		break;
10426	case SVPD_SCSI_TPC:
10427		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10428		break;
10429	case SVPD_BLOCK_LIMITS:
10430		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10431			goto err;
10432		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10433		break;
10434	case SVPD_BDC:
10435		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10436			goto err;
10437		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10438		break;
10439	case SVPD_LBP:
10440		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10441			goto err;
10442		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10443		break;
10444	default:
10445err:
10446		ctl_set_invalid_field(ctsio,
10447				      /*sks_valid*/ 1,
10448				      /*command*/ 1,
10449				      /*field*/ 2,
10450				      /*bit_valid*/ 0,
10451				      /*bit*/ 0);
10452		ctl_done((union ctl_io *)ctsio);
10453		retval = CTL_RETVAL_COMPLETE;
10454		break;
10455	}
10456
10457	return (retval);
10458}
10459
10460/*
10461 * Standard INQUIRY data.
10462 */
10463static int
10464ctl_inquiry_std(struct ctl_scsiio *ctsio)
10465{
10466	struct scsi_inquiry_data *inq_ptr;
10467	struct scsi_inquiry *cdb;
10468	struct ctl_softc *softc;
10469	struct ctl_lun *lun;
10470	char *val;
10471	uint32_t alloc_len, data_len;
10472	ctl_port_type port_type;
10473
10474	softc = control_softc;
10475
10476	/*
10477	 * Figure out whether we're talking to a Fibre Channel port or not.
10478	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10479	 * SCSI front ends.
10480	 */
10481	port_type = softc->ctl_ports[
10482	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
10483	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10484		port_type = CTL_PORT_SCSI;
10485
10486	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10487	cdb = (struct scsi_inquiry *)ctsio->cdb;
10488	alloc_len = scsi_2btoul(cdb->length);
10489
10490	/*
10491	 * We malloc the full inquiry data size here and fill it
10492	 * in.  If the user only asks for less, we'll give him
10493	 * that much.
10494	 */
10495	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10496	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10497	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10498	ctsio->kern_sg_entries = 0;
10499	ctsio->kern_data_resid = 0;
10500	ctsio->kern_rel_offset = 0;
10501
10502	if (data_len < alloc_len) {
10503		ctsio->residual = alloc_len - data_len;
10504		ctsio->kern_data_len = data_len;
10505		ctsio->kern_total_len = data_len;
10506	} else {
10507		ctsio->residual = 0;
10508		ctsio->kern_data_len = alloc_len;
10509		ctsio->kern_total_len = alloc_len;
10510	}
10511
10512	/*
10513	 * If we have a LUN configured, report it as connected.  Otherwise,
10514	 * report that it is offline or no device is supported, depending
10515	 * on the value of inquiry_pq_no_lun.
10516	 *
10517	 * According to the spec (SPC-4 r34), the peripheral qualifier
10518	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10519	 *
10520	 * "A peripheral device having the specified peripheral device type
10521	 * is not connected to this logical unit. However, the device
10522	 * server is capable of supporting the specified peripheral device
10523	 * type on this logical unit."
10524	 *
10525	 * According to the same spec, the peripheral qualifier
10526	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10527	 *
10528	 * "The device server is not capable of supporting a peripheral
10529	 * device on this logical unit. For this peripheral qualifier the
10530	 * peripheral device type shall be set to 1Fh. All other peripheral
10531	 * device type values are reserved for this peripheral qualifier."
10532	 *
10533	 * Given the text, it would seem that we probably want to report that
10534	 * the LUN is offline here.  There is no LUN connected, but we can
10535	 * support a LUN at the given LUN number.
10536	 *
10537	 * In the real world, though, it sounds like things are a little
10538	 * different:
10539	 *
10540	 * - Linux, when presented with a LUN with the offline peripheral
10541	 *   qualifier, will create an sg driver instance for it.  So when
10542	 *   you attach it to CTL, you wind up with a ton of sg driver
10543	 *   instances.  (One for every LUN that Linux bothered to probe.)
10544	 *   Linux does this despite the fact that it issues a REPORT LUNs
10545	 *   to LUN 0 to get the inventory of supported LUNs.
10546	 *
10547	 * - There is other anecdotal evidence (from Emulex folks) about
10548	 *   arrays that use the offline peripheral qualifier for LUNs that
10549	 *   are on the "passive" path in an active/passive array.
10550	 *
10551	 * So the solution is provide a hopefully reasonable default
10552	 * (return bad/no LUN) and allow the user to change the behavior
10553	 * with a tunable/sysctl variable.
10554	 */
10555	if (lun != NULL)
10556		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10557				  lun->be_lun->lun_type;
10558	else if (softc->inquiry_pq_no_lun == 0)
10559		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10560	else
10561		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10562
10563	/* RMB in byte 2 is 0 */
10564	inq_ptr->version = SCSI_REV_SPC4;
10565
10566	/*
10567	 * According to SAM-3, even if a device only supports a single
10568	 * level of LUN addressing, it should still set the HISUP bit:
10569	 *
10570	 * 4.9.1 Logical unit numbers overview
10571	 *
10572	 * All logical unit number formats described in this standard are
10573	 * hierarchical in structure even when only a single level in that
10574	 * hierarchy is used. The HISUP bit shall be set to one in the
10575	 * standard INQUIRY data (see SPC-2) when any logical unit number
10576	 * format described in this standard is used.  Non-hierarchical
10577	 * formats are outside the scope of this standard.
10578	 *
10579	 * Therefore we set the HiSup bit here.
10580	 *
10581	 * The reponse format is 2, per SPC-3.
10582	 */
10583	inq_ptr->response_format = SID_HiSup | 2;
10584
10585	inq_ptr->additional_length = data_len -
10586	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10587	CTL_DEBUG_PRINT(("additional_length = %d\n",
10588			 inq_ptr->additional_length));
10589
10590	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10591	/* 16 bit addressing */
10592	if (port_type == CTL_PORT_SCSI)
10593		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10594	/* XXX set the SID_MultiP bit here if we're actually going to
10595	   respond on multiple ports */
10596	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10597
10598	/* 16 bit data bus, synchronous transfers */
10599	if (port_type == CTL_PORT_SCSI)
10600		inq_ptr->flags = SID_WBus16 | SID_Sync;
10601	/*
10602	 * XXX KDM do we want to support tagged queueing on the control
10603	 * device at all?
10604	 */
10605	if ((lun == NULL)
10606	 || (lun->be_lun->lun_type != T_PROCESSOR))
10607		inq_ptr->flags |= SID_CmdQue;
10608	/*
10609	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10610	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10611	 * name and 4 bytes for the revision.
10612	 */
10613	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10614	    "vendor")) == NULL) {
10615		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10616	} else {
10617		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10618		strncpy(inq_ptr->vendor, val,
10619		    min(sizeof(inq_ptr->vendor), strlen(val)));
10620	}
10621	if (lun == NULL) {
10622		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10623		    sizeof(inq_ptr->product));
10624	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10625		switch (lun->be_lun->lun_type) {
10626		case T_DIRECT:
10627			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10628			    sizeof(inq_ptr->product));
10629			break;
10630		case T_PROCESSOR:
10631			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10632			    sizeof(inq_ptr->product));
10633			break;
10634		default:
10635			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10636			    sizeof(inq_ptr->product));
10637			break;
10638		}
10639	} else {
10640		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10641		strncpy(inq_ptr->product, val,
10642		    min(sizeof(inq_ptr->product), strlen(val)));
10643	}
10644
10645	/*
10646	 * XXX make this a macro somewhere so it automatically gets
10647	 * incremented when we make changes.
10648	 */
10649	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10650	    "revision")) == NULL) {
10651		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10652	} else {
10653		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10654		strncpy(inq_ptr->revision, val,
10655		    min(sizeof(inq_ptr->revision), strlen(val)));
10656	}
10657
10658	/*
10659	 * For parallel SCSI, we support double transition and single
10660	 * transition clocking.  We also support QAS (Quick Arbitration
10661	 * and Selection) and Information Unit transfers on both the
10662	 * control and array devices.
10663	 */
10664	if (port_type == CTL_PORT_SCSI)
10665		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10666				    SID_SPI_IUS;
10667
10668	/* SAM-5 (no version claimed) */
10669	scsi_ulto2b(0x00A0, inq_ptr->version1);
10670	/* SPC-4 (no version claimed) */
10671	scsi_ulto2b(0x0460, inq_ptr->version2);
10672	if (port_type == CTL_PORT_FC) {
10673		/* FCP-2 ANSI INCITS.350:2003 */
10674		scsi_ulto2b(0x0917, inq_ptr->version3);
10675	} else if (port_type == CTL_PORT_SCSI) {
10676		/* SPI-4 ANSI INCITS.362:200x */
10677		scsi_ulto2b(0x0B56, inq_ptr->version3);
10678	} else if (port_type == CTL_PORT_ISCSI) {
10679		/* iSCSI (no version claimed) */
10680		scsi_ulto2b(0x0960, inq_ptr->version3);
10681	} else if (port_type == CTL_PORT_SAS) {
10682		/* SAS (no version claimed) */
10683		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10684	}
10685
10686	if (lun == NULL) {
10687		/* SBC-4 (no version claimed) */
10688		scsi_ulto2b(0x0600, inq_ptr->version4);
10689	} else {
10690		switch (lun->be_lun->lun_type) {
10691		case T_DIRECT:
10692			/* SBC-4 (no version claimed) */
10693			scsi_ulto2b(0x0600, inq_ptr->version4);
10694			break;
10695		case T_PROCESSOR:
10696		default:
10697			break;
10698		}
10699	}
10700
10701	ctl_set_success(ctsio);
10702	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10703	ctsio->be_move_done = ctl_config_move_done;
10704	ctl_datamove((union ctl_io *)ctsio);
10705	return (CTL_RETVAL_COMPLETE);
10706}
10707
10708int
10709ctl_inquiry(struct ctl_scsiio *ctsio)
10710{
10711	struct scsi_inquiry *cdb;
10712	int retval;
10713
10714	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10715
10716	cdb = (struct scsi_inquiry *)ctsio->cdb;
10717	if (cdb->byte2 & SI_EVPD)
10718		retval = ctl_inquiry_evpd(ctsio);
10719	else if (cdb->page_code == 0)
10720		retval = ctl_inquiry_std(ctsio);
10721	else {
10722		ctl_set_invalid_field(ctsio,
10723				      /*sks_valid*/ 1,
10724				      /*command*/ 1,
10725				      /*field*/ 2,
10726				      /*bit_valid*/ 0,
10727				      /*bit*/ 0);
10728		ctl_done((union ctl_io *)ctsio);
10729		return (CTL_RETVAL_COMPLETE);
10730	}
10731
10732	return (retval);
10733}
10734
10735/*
10736 * For known CDB types, parse the LBA and length.
10737 */
10738static int
10739ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10740{
10741	if (io->io_hdr.io_type != CTL_IO_SCSI)
10742		return (1);
10743
10744	switch (io->scsiio.cdb[0]) {
10745	case COMPARE_AND_WRITE: {
10746		struct scsi_compare_and_write *cdb;
10747
10748		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10749
10750		*lba = scsi_8btou64(cdb->addr);
10751		*len = cdb->length;
10752		break;
10753	}
10754	case READ_6:
10755	case WRITE_6: {
10756		struct scsi_rw_6 *cdb;
10757
10758		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10759
10760		*lba = scsi_3btoul(cdb->addr);
10761		/* only 5 bits are valid in the most significant address byte */
10762		*lba &= 0x1fffff;
10763		*len = cdb->length;
10764		break;
10765	}
10766	case READ_10:
10767	case WRITE_10: {
10768		struct scsi_rw_10 *cdb;
10769
10770		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10771
10772		*lba = scsi_4btoul(cdb->addr);
10773		*len = scsi_2btoul(cdb->length);
10774		break;
10775	}
10776	case WRITE_VERIFY_10: {
10777		struct scsi_write_verify_10 *cdb;
10778
10779		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10780
10781		*lba = scsi_4btoul(cdb->addr);
10782		*len = scsi_2btoul(cdb->length);
10783		break;
10784	}
10785	case READ_12:
10786	case WRITE_12: {
10787		struct scsi_rw_12 *cdb;
10788
10789		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10790
10791		*lba = scsi_4btoul(cdb->addr);
10792		*len = scsi_4btoul(cdb->length);
10793		break;
10794	}
10795	case WRITE_VERIFY_12: {
10796		struct scsi_write_verify_12 *cdb;
10797
10798		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10799
10800		*lba = scsi_4btoul(cdb->addr);
10801		*len = scsi_4btoul(cdb->length);
10802		break;
10803	}
10804	case READ_16:
10805	case WRITE_16:
10806	case WRITE_ATOMIC_16: {
10807		struct scsi_rw_16 *cdb;
10808
10809		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10810
10811		*lba = scsi_8btou64(cdb->addr);
10812		*len = scsi_4btoul(cdb->length);
10813		break;
10814	}
10815	case WRITE_VERIFY_16: {
10816		struct scsi_write_verify_16 *cdb;
10817
10818		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10819
10820		*lba = scsi_8btou64(cdb->addr);
10821		*len = scsi_4btoul(cdb->length);
10822		break;
10823	}
10824	case WRITE_SAME_10: {
10825		struct scsi_write_same_10 *cdb;
10826
10827		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10828
10829		*lba = scsi_4btoul(cdb->addr);
10830		*len = scsi_2btoul(cdb->length);
10831		break;
10832	}
10833	case WRITE_SAME_16: {
10834		struct scsi_write_same_16 *cdb;
10835
10836		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10837
10838		*lba = scsi_8btou64(cdb->addr);
10839		*len = scsi_4btoul(cdb->length);
10840		break;
10841	}
10842	case VERIFY_10: {
10843		struct scsi_verify_10 *cdb;
10844
10845		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10846
10847		*lba = scsi_4btoul(cdb->addr);
10848		*len = scsi_2btoul(cdb->length);
10849		break;
10850	}
10851	case VERIFY_12: {
10852		struct scsi_verify_12 *cdb;
10853
10854		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10855
10856		*lba = scsi_4btoul(cdb->addr);
10857		*len = scsi_4btoul(cdb->length);
10858		break;
10859	}
10860	case VERIFY_16: {
10861		struct scsi_verify_16 *cdb;
10862
10863		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10864
10865		*lba = scsi_8btou64(cdb->addr);
10866		*len = scsi_4btoul(cdb->length);
10867		break;
10868	}
10869	case UNMAP: {
10870		*lba = 0;
10871		*len = UINT64_MAX;
10872		break;
10873	}
10874	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10875		struct scsi_get_lba_status *cdb;
10876
10877		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10878		*lba = scsi_8btou64(cdb->addr);
10879		*len = UINT32_MAX;
10880		break;
10881	}
10882	default:
10883		return (1);
10884		break; /* NOTREACHED */
10885	}
10886
10887	return (0);
10888}
10889
10890static ctl_action
10891ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10892    bool seq)
10893{
10894	uint64_t endlba1, endlba2;
10895
10896	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10897	endlba2 = lba2 + len2 - 1;
10898
10899	if ((endlba1 < lba2) || (endlba2 < lba1))
10900		return (CTL_ACTION_PASS);
10901	else
10902		return (CTL_ACTION_BLOCK);
10903}
10904
10905static int
10906ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10907{
10908	struct ctl_ptr_len_flags *ptrlen;
10909	struct scsi_unmap_desc *buf, *end, *range;
10910	uint64_t lba;
10911	uint32_t len;
10912
10913	/* If not UNMAP -- go other way. */
10914	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10915	    io->scsiio.cdb[0] != UNMAP)
10916		return (CTL_ACTION_ERROR);
10917
10918	/* If UNMAP without data -- block and wait for data. */
10919	ptrlen = (struct ctl_ptr_len_flags *)
10920	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10921	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10922	    ptrlen->ptr == NULL)
10923		return (CTL_ACTION_BLOCK);
10924
10925	/* UNMAP with data -- check for collision. */
10926	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10927	end = buf + ptrlen->len / sizeof(*buf);
10928	for (range = buf; range < end; range++) {
10929		lba = scsi_8btou64(range->lba);
10930		len = scsi_4btoul(range->length);
10931		if ((lba < lba2 + len2) && (lba + len > lba2))
10932			return (CTL_ACTION_BLOCK);
10933	}
10934	return (CTL_ACTION_PASS);
10935}
10936
10937static ctl_action
10938ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10939{
10940	uint64_t lba1, lba2;
10941	uint64_t len1, len2;
10942	int retval;
10943
10944	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10945		return (CTL_ACTION_ERROR);
10946
10947	retval = ctl_extent_check_unmap(io1, lba2, len2);
10948	if (retval != CTL_ACTION_ERROR)
10949		return (retval);
10950
10951	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10952		return (CTL_ACTION_ERROR);
10953
10954	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10955}
10956
10957static ctl_action
10958ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10959{
10960	uint64_t lba1, lba2;
10961	uint64_t len1, len2;
10962
10963	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10964		return (CTL_ACTION_ERROR);
10965	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10966		return (CTL_ACTION_ERROR);
10967
10968	if (lba1 + len1 == lba2)
10969		return (CTL_ACTION_BLOCK);
10970	return (CTL_ACTION_PASS);
10971}
10972
10973static ctl_action
10974ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10975    union ctl_io *ooa_io)
10976{
10977	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10978	ctl_serialize_action *serialize_row;
10979
10980	/*
10981	 * The initiator attempted multiple untagged commands at the same
10982	 * time.  Can't do that.
10983	 */
10984	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10985	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10986	 && ((pending_io->io_hdr.nexus.targ_port ==
10987	      ooa_io->io_hdr.nexus.targ_port)
10988	  && (pending_io->io_hdr.nexus.initid.id ==
10989	      ooa_io->io_hdr.nexus.initid.id))
10990	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10991	      CTL_FLAG_STATUS_SENT)) == 0))
10992		return (CTL_ACTION_OVERLAP);
10993
10994	/*
10995	 * The initiator attempted to send multiple tagged commands with
10996	 * the same ID.  (It's fine if different initiators have the same
10997	 * tag ID.)
10998	 *
10999	 * Even if all of those conditions are true, we don't kill the I/O
11000	 * if the command ahead of us has been aborted.  We won't end up
11001	 * sending it to the FETD, and it's perfectly legal to resend a
11002	 * command with the same tag number as long as the previous
11003	 * instance of this tag number has been aborted somehow.
11004	 */
11005	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
11006	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
11007	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
11008	 && ((pending_io->io_hdr.nexus.targ_port ==
11009	      ooa_io->io_hdr.nexus.targ_port)
11010	  && (pending_io->io_hdr.nexus.initid.id ==
11011	      ooa_io->io_hdr.nexus.initid.id))
11012	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
11013	      CTL_FLAG_STATUS_SENT)) == 0))
11014		return (CTL_ACTION_OVERLAP_TAG);
11015
11016	/*
11017	 * If we get a head of queue tag, SAM-3 says that we should
11018	 * immediately execute it.
11019	 *
11020	 * What happens if this command would normally block for some other
11021	 * reason?  e.g. a request sense with a head of queue tag
11022	 * immediately after a write.  Normally that would block, but this
11023	 * will result in its getting executed immediately...
11024	 *
11025	 * We currently return "pass" instead of "skip", so we'll end up
11026	 * going through the rest of the queue to check for overlapped tags.
11027	 *
11028	 * XXX KDM check for other types of blockage first??
11029	 */
11030	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11031		return (CTL_ACTION_PASS);
11032
11033	/*
11034	 * Ordered tags have to block until all items ahead of them
11035	 * have completed.  If we get called with an ordered tag, we always
11036	 * block, if something else is ahead of us in the queue.
11037	 */
11038	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
11039		return (CTL_ACTION_BLOCK);
11040
11041	/*
11042	 * Simple tags get blocked until all head of queue and ordered tags
11043	 * ahead of them have completed.  I'm lumping untagged commands in
11044	 * with simple tags here.  XXX KDM is that the right thing to do?
11045	 */
11046	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11047	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
11048	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11049	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
11050		return (CTL_ACTION_BLOCK);
11051
11052	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
11053	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
11054
11055	serialize_row = ctl_serialize_table[ooa_entry->seridx];
11056
11057	switch (serialize_row[pending_entry->seridx]) {
11058	case CTL_SER_BLOCK:
11059		return (CTL_ACTION_BLOCK);
11060	case CTL_SER_EXTENT:
11061		return (ctl_extent_check(ooa_io, pending_io,
11062		    (lun->serseq == CTL_LUN_SERSEQ_ON)));
11063	case CTL_SER_EXTENTOPT:
11064		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11065		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11066			return (ctl_extent_check(ooa_io, pending_io,
11067			    (lun->serseq == CTL_LUN_SERSEQ_ON)));
11068		return (CTL_ACTION_PASS);
11069	case CTL_SER_EXTENTSEQ:
11070		if (lun->serseq != CTL_LUN_SERSEQ_OFF)
11071			return (ctl_extent_check_seq(ooa_io, pending_io));
11072		return (CTL_ACTION_PASS);
11073	case CTL_SER_PASS:
11074		return (CTL_ACTION_PASS);
11075	case CTL_SER_BLOCKOPT:
11076		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11077		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11078			return (CTL_ACTION_BLOCK);
11079		return (CTL_ACTION_PASS);
11080	case CTL_SER_SKIP:
11081		return (CTL_ACTION_SKIP);
11082	default:
11083		panic("invalid serialization value %d",
11084		      serialize_row[pending_entry->seridx]);
11085	}
11086
11087	return (CTL_ACTION_ERROR);
11088}
11089
11090/*
11091 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
11092 * Assumptions:
11093 * - pending_io is generally either incoming, or on the blocked queue
11094 * - starting I/O is the I/O we want to start the check with.
11095 */
11096static ctl_action
11097ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
11098	      union ctl_io *starting_io)
11099{
11100	union ctl_io *ooa_io;
11101	ctl_action action;
11102
11103	mtx_assert(&lun->lun_lock, MA_OWNED);
11104
11105	/*
11106	 * Run back along the OOA queue, starting with the current
11107	 * blocked I/O and going through every I/O before it on the
11108	 * queue.  If starting_io is NULL, we'll just end up returning
11109	 * CTL_ACTION_PASS.
11110	 */
11111	for (ooa_io = starting_io; ooa_io != NULL;
11112	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11113	     ooa_links)){
11114
11115		/*
11116		 * This routine just checks to see whether
11117		 * cur_blocked is blocked by ooa_io, which is ahead
11118		 * of it in the queue.  It doesn't queue/dequeue
11119		 * cur_blocked.
11120		 */
11121		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11122		switch (action) {
11123		case CTL_ACTION_BLOCK:
11124		case CTL_ACTION_OVERLAP:
11125		case CTL_ACTION_OVERLAP_TAG:
11126		case CTL_ACTION_SKIP:
11127		case CTL_ACTION_ERROR:
11128			return (action);
11129			break; /* NOTREACHED */
11130		case CTL_ACTION_PASS:
11131			break;
11132		default:
11133			panic("invalid action %d", action);
11134			break;  /* NOTREACHED */
11135		}
11136	}
11137
11138	return (CTL_ACTION_PASS);
11139}
11140
11141/*
11142 * Assumptions:
11143 * - An I/O has just completed, and has been removed from the per-LUN OOA
11144 *   queue, so some items on the blocked queue may now be unblocked.
11145 */
11146static int
11147ctl_check_blocked(struct ctl_lun *lun)
11148{
11149	union ctl_io *cur_blocked, *next_blocked;
11150
11151	mtx_assert(&lun->lun_lock, MA_OWNED);
11152
11153	/*
11154	 * Run forward from the head of the blocked queue, checking each
11155	 * entry against the I/Os prior to it on the OOA queue to see if
11156	 * there is still any blockage.
11157	 *
11158	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11159	 * with our removing a variable on it while it is traversing the
11160	 * list.
11161	 */
11162	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11163	     cur_blocked != NULL; cur_blocked = next_blocked) {
11164		union ctl_io *prev_ooa;
11165		ctl_action action;
11166
11167		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11168							  blocked_links);
11169
11170		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11171						      ctl_ooaq, ooa_links);
11172
11173		/*
11174		 * If cur_blocked happens to be the first item in the OOA
11175		 * queue now, prev_ooa will be NULL, and the action
11176		 * returned will just be CTL_ACTION_PASS.
11177		 */
11178		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11179
11180		switch (action) {
11181		case CTL_ACTION_BLOCK:
11182			/* Nothing to do here, still blocked */
11183			break;
11184		case CTL_ACTION_OVERLAP:
11185		case CTL_ACTION_OVERLAP_TAG:
11186			/*
11187			 * This shouldn't happen!  In theory we've already
11188			 * checked this command for overlap...
11189			 */
11190			break;
11191		case CTL_ACTION_PASS:
11192		case CTL_ACTION_SKIP: {
11193			const struct ctl_cmd_entry *entry;
11194			int isc_retval;
11195
11196			/*
11197			 * The skip case shouldn't happen, this transaction
11198			 * should have never made it onto the blocked queue.
11199			 */
11200			/*
11201			 * This I/O is no longer blocked, we can remove it
11202			 * from the blocked queue.  Since this is a TAILQ
11203			 * (doubly linked list), we can do O(1) removals
11204			 * from any place on the list.
11205			 */
11206			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11207				     blocked_links);
11208			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11209
11210			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
11211				/*
11212				 * Need to send IO back to original side to
11213				 * run
11214				 */
11215				union ctl_ha_msg msg_info;
11216
11217				msg_info.hdr.original_sc =
11218					cur_blocked->io_hdr.original_sc;
11219				msg_info.hdr.serializing_sc = cur_blocked;
11220				msg_info.hdr.msg_type = CTL_MSG_R2R;
11221				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11222				     &msg_info, sizeof(msg_info), 0)) >
11223				     CTL_HA_STATUS_SUCCESS) {
11224					printf("CTL:Check Blocked error from "
11225					       "ctl_ha_msg_send %d\n",
11226					       isc_retval);
11227				}
11228				break;
11229			}
11230			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11231
11232			/*
11233			 * Check this I/O for LUN state changes that may
11234			 * have happened while this command was blocked.
11235			 * The LUN state may have been changed by a command
11236			 * ahead of us in the queue, so we need to re-check
11237			 * for any states that can be caused by SCSI
11238			 * commands.
11239			 */
11240			if (ctl_scsiio_lun_check(lun, entry,
11241						 &cur_blocked->scsiio) == 0) {
11242				cur_blocked->io_hdr.flags |=
11243				                      CTL_FLAG_IS_WAS_ON_RTR;
11244				ctl_enqueue_rtr(cur_blocked);
11245			} else
11246				ctl_done(cur_blocked);
11247			break;
11248		}
11249		default:
11250			/*
11251			 * This probably shouldn't happen -- we shouldn't
11252			 * get CTL_ACTION_ERROR, or anything else.
11253			 */
11254			break;
11255		}
11256	}
11257
11258	return (CTL_RETVAL_COMPLETE);
11259}
11260
11261/*
11262 * This routine (with one exception) checks LUN flags that can be set by
11263 * commands ahead of us in the OOA queue.  These flags have to be checked
11264 * when a command initially comes in, and when we pull a command off the
11265 * blocked queue and are preparing to execute it.  The reason we have to
11266 * check these flags for commands on the blocked queue is that the LUN
11267 * state may have been changed by a command ahead of us while we're on the
11268 * blocked queue.
11269 *
11270 * Ordering is somewhat important with these checks, so please pay
11271 * careful attention to the placement of any new checks.
11272 */
11273static int
11274ctl_scsiio_lun_check(struct ctl_lun *lun,
11275    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11276{
11277	struct ctl_softc *softc = lun->ctl_softc;
11278	int retval;
11279	uint32_t residx;
11280
11281	retval = 0;
11282
11283	mtx_assert(&lun->lun_lock, MA_OWNED);
11284
11285	/*
11286	 * If this shelf is a secondary shelf controller, we have to reject
11287	 * any media access commands.
11288	 */
11289	if ((softc->flags & CTL_FLAG_ACTIVE_SHELF) == 0 &&
11290	    (entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0) {
11291		ctl_set_lun_standby(ctsio);
11292		retval = 1;
11293		goto bailout;
11294	}
11295
11296	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11297		if (lun->flags & CTL_LUN_READONLY) {
11298			ctl_set_sense(ctsio, /*current_error*/ 1,
11299			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11300			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
11301			retval = 1;
11302			goto bailout;
11303		}
11304		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11305		    .eca_and_aen & SCP_SWP) != 0) {
11306			ctl_set_sense(ctsio, /*current_error*/ 1,
11307			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11308			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11309			retval = 1;
11310			goto bailout;
11311		}
11312	}
11313
11314	/*
11315	 * Check for a reservation conflict.  If this command isn't allowed
11316	 * even on reserved LUNs, and if this initiator isn't the one who
11317	 * reserved us, reject the command with a reservation conflict.
11318	 */
11319	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
11320	if ((lun->flags & CTL_LUN_RESERVED)
11321	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11322		if (lun->res_idx != residx) {
11323			ctl_set_reservation_conflict(ctsio);
11324			retval = 1;
11325			goto bailout;
11326		}
11327	}
11328
11329	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11330	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11331		/* No reservation or command is allowed. */;
11332	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11333	    (lun->res_type == SPR_TYPE_WR_EX ||
11334	     lun->res_type == SPR_TYPE_WR_EX_RO ||
11335	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
11336		/* The command is allowed for Write Exclusive resv. */;
11337	} else {
11338		/*
11339		 * if we aren't registered or it's a res holder type
11340		 * reservation and this isn't the res holder then set a
11341		 * conflict.
11342		 */
11343		if (ctl_get_prkey(lun, residx) == 0
11344		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11345			ctl_set_reservation_conflict(ctsio);
11346			retval = 1;
11347			goto bailout;
11348		}
11349
11350	}
11351
11352	if ((lun->flags & CTL_LUN_OFFLINE)
11353	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
11354		ctl_set_lun_not_ready(ctsio);
11355		retval = 1;
11356		goto bailout;
11357	}
11358
11359	/*
11360	 * If the LUN is stopped, see if this particular command is allowed
11361	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
11362	 */
11363	if ((lun->flags & CTL_LUN_STOPPED)
11364	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11365		/* "Logical unit not ready, initializing cmd. required" */
11366		ctl_set_lun_stopped(ctsio);
11367		retval = 1;
11368		goto bailout;
11369	}
11370
11371	if ((lun->flags & CTL_LUN_INOPERABLE)
11372	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11373		/* "Medium format corrupted" */
11374		ctl_set_medium_format_corrupted(ctsio);
11375		retval = 1;
11376		goto bailout;
11377	}
11378
11379bailout:
11380	return (retval);
11381
11382}
11383
11384static void
11385ctl_failover_io(union ctl_io *io, int have_lock)
11386{
11387	ctl_set_busy(&io->scsiio);
11388	ctl_done(io);
11389}
11390
11391static void
11392ctl_failover(void)
11393{
11394	struct ctl_lun *lun;
11395	struct ctl_softc *softc;
11396	union ctl_io *next_io, *pending_io;
11397	union ctl_io *io;
11398	int lun_idx;
11399
11400	softc = control_softc;
11401
11402	mtx_lock(&softc->ctl_lock);
11403	/*
11404	 * Remove any cmds from the other SC from the rtr queue.  These
11405	 * will obviously only be for LUNs for which we're the primary.
11406	 * We can't send status or get/send data for these commands.
11407	 * Since they haven't been executed yet, we can just remove them.
11408	 * We'll either abort them or delete them below, depending on
11409	 * which HA mode we're in.
11410	 */
11411#ifdef notyet
11412	mtx_lock(&softc->queue_lock);
11413	for (io = (union ctl_io *)STAILQ_FIRST(&softc->rtr_queue);
11414	     io != NULL; io = next_io) {
11415		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
11416		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11417			STAILQ_REMOVE(&softc->rtr_queue, &io->io_hdr,
11418				      ctl_io_hdr, links);
11419	}
11420	mtx_unlock(&softc->queue_lock);
11421#endif
11422
11423	for (lun_idx=0; lun_idx < softc->num_luns; lun_idx++) {
11424		lun = softc->ctl_luns[lun_idx];
11425		if (lun==NULL)
11426			continue;
11427
11428		/*
11429		 * Processor LUNs are primary on both sides.
11430		 * XXX will this always be true?
11431		 */
11432		if (lun->be_lun->lun_type == T_PROCESSOR)
11433			continue;
11434
11435		if ((lun->flags & CTL_LUN_PRIMARY_SC)
11436		 && (softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11437			printf("FAILOVER: primary lun %d\n", lun_idx);
11438		        /*
11439			 * Remove all commands from the other SC. First from the
11440			 * blocked queue then from the ooa queue. Once we have
11441			 * removed them. Call ctl_check_blocked to see if there
11442			 * is anything that can run.
11443			 */
11444			for (io = (union ctl_io *)TAILQ_FIRST(
11445			     &lun->blocked_queue); io != NULL; io = next_io) {
11446
11447		        	next_io = (union ctl_io *)TAILQ_NEXT(
11448				    &io->io_hdr, blocked_links);
11449
11450				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11451					TAILQ_REMOVE(&lun->blocked_queue,
11452						     &io->io_hdr,blocked_links);
11453					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11454					TAILQ_REMOVE(&lun->ooa_queue,
11455						     &io->io_hdr, ooa_links);
11456
11457					ctl_free_io(io);
11458				}
11459			}
11460
11461			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11462	     		     io != NULL; io = next_io) {
11463
11464		        	next_io = (union ctl_io *)TAILQ_NEXT(
11465				    &io->io_hdr, ooa_links);
11466
11467				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11468
11469					TAILQ_REMOVE(&lun->ooa_queue,
11470						&io->io_hdr,
11471					     	ooa_links);
11472
11473					ctl_free_io(io);
11474				}
11475			}
11476			ctl_check_blocked(lun);
11477		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
11478			&& (softc->ha_mode == CTL_HA_MODE_XFER)) {
11479
11480			printf("FAILOVER: primary lun %d\n", lun_idx);
11481			/*
11482			 * Abort all commands from the other SC.  We can't
11483			 * send status back for them now.  These should get
11484			 * cleaned up when they are completed or come out
11485			 * for a datamove operation.
11486			 */
11487			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11488	     		     io != NULL; io = next_io) {
11489		        	next_io = (union ctl_io *)TAILQ_NEXT(
11490					&io->io_hdr, ooa_links);
11491
11492				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11493					io->io_hdr.flags |= CTL_FLAG_ABORT;
11494			}
11495		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11496			&& (softc->ha_mode == CTL_HA_MODE_XFER)) {
11497
11498			printf("FAILOVER: secondary lun %d\n", lun_idx);
11499
11500			lun->flags |= CTL_LUN_PRIMARY_SC;
11501
11502			/*
11503			 * We send all I/O that was sent to this controller
11504			 * and redirected to the other side back with
11505			 * busy status, and have the initiator retry it.
11506			 * Figuring out how much data has been transferred,
11507			 * etc. and picking up where we left off would be
11508			 * very tricky.
11509			 *
11510			 * XXX KDM need to remove I/O from the blocked
11511			 * queue as well!
11512			 */
11513			for (pending_io = (union ctl_io *)TAILQ_FIRST(
11514			     &lun->ooa_queue); pending_io != NULL;
11515			     pending_io = next_io) {
11516
11517				next_io =  (union ctl_io *)TAILQ_NEXT(
11518					&pending_io->io_hdr, ooa_links);
11519
11520				pending_io->io_hdr.flags &=
11521					~CTL_FLAG_SENT_2OTHER_SC;
11522
11523				if (pending_io->io_hdr.flags &
11524				    CTL_FLAG_IO_ACTIVE) {
11525					pending_io->io_hdr.flags |=
11526						CTL_FLAG_FAILOVER;
11527				} else {
11528					ctl_set_busy(&pending_io->scsiio);
11529					ctl_done(pending_io);
11530				}
11531			}
11532
11533			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
11534		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11535			&& (softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11536			printf("FAILOVER: secondary lun %d\n", lun_idx);
11537			/*
11538			 * if the first io on the OOA is not on the RtR queue
11539			 * add it.
11540			 */
11541			lun->flags |= CTL_LUN_PRIMARY_SC;
11542
11543			pending_io = (union ctl_io *)TAILQ_FIRST(
11544			    &lun->ooa_queue);
11545			if (pending_io==NULL) {
11546				printf("Nothing on OOA queue\n");
11547				continue;
11548			}
11549
11550			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11551			if ((pending_io->io_hdr.flags &
11552			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11553				pending_io->io_hdr.flags |=
11554				    CTL_FLAG_IS_WAS_ON_RTR;
11555				ctl_enqueue_rtr(pending_io);
11556			}
11557#if 0
11558			else
11559			{
11560				printf("Tag 0x%04x is running\n",
11561				      pending_io->scsiio.tag_num);
11562			}
11563#endif
11564
11565			next_io = (union ctl_io *)TAILQ_NEXT(
11566			    &pending_io->io_hdr, ooa_links);
11567			for (pending_io=next_io; pending_io != NULL;
11568			     pending_io = next_io) {
11569				pending_io->io_hdr.flags &=
11570				    ~CTL_FLAG_SENT_2OTHER_SC;
11571				next_io = (union ctl_io *)TAILQ_NEXT(
11572					&pending_io->io_hdr, ooa_links);
11573				if (pending_io->io_hdr.flags &
11574				    CTL_FLAG_IS_WAS_ON_RTR) {
11575#if 0
11576				        printf("Tag 0x%04x is running\n",
11577				      		pending_io->scsiio.tag_num);
11578#endif
11579					continue;
11580				}
11581
11582				switch (ctl_check_ooa(lun, pending_io,
11583			            (union ctl_io *)TAILQ_PREV(
11584				    &pending_io->io_hdr, ctl_ooaq,
11585				    ooa_links))) {
11586
11587				case CTL_ACTION_BLOCK:
11588					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11589							  &pending_io->io_hdr,
11590							  blocked_links);
11591					pending_io->io_hdr.flags |=
11592					    CTL_FLAG_BLOCKED;
11593					break;
11594				case CTL_ACTION_PASS:
11595				case CTL_ACTION_SKIP:
11596					pending_io->io_hdr.flags |=
11597					    CTL_FLAG_IS_WAS_ON_RTR;
11598					ctl_enqueue_rtr(pending_io);
11599					break;
11600				case CTL_ACTION_OVERLAP:
11601					ctl_set_overlapped_cmd(
11602					    (struct ctl_scsiio *)pending_io);
11603					ctl_done(pending_io);
11604					break;
11605				case CTL_ACTION_OVERLAP_TAG:
11606					ctl_set_overlapped_tag(
11607					    (struct ctl_scsiio *)pending_io,
11608					    pending_io->scsiio.tag_num & 0xff);
11609					ctl_done(pending_io);
11610					break;
11611				case CTL_ACTION_ERROR:
11612				default:
11613					ctl_set_internal_failure(
11614						(struct ctl_scsiio *)pending_io,
11615						0,  // sks_valid
11616						0); //retry count
11617					ctl_done(pending_io);
11618					break;
11619				}
11620			}
11621
11622			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
11623		} else {
11624			panic("Unhandled HA mode failover, LUN flags = %#x, "
11625			      "ha_mode = #%x", lun->flags, softc->ha_mode);
11626		}
11627	}
11628	ctl_pause_rtr = 0;
11629	mtx_unlock(&softc->ctl_lock);
11630}
11631
11632static void
11633ctl_clear_ua(struct ctl_softc *ctl_softc, uint32_t initidx,
11634	     ctl_ua_type ua_type)
11635{
11636	struct ctl_lun *lun;
11637	ctl_ua_type *pu;
11638
11639	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
11640
11641	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
11642		mtx_lock(&lun->lun_lock);
11643		pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
11644		if (pu != NULL)
11645			pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua_type;
11646		mtx_unlock(&lun->lun_lock);
11647	}
11648}
11649
11650static int
11651ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11652{
11653	struct ctl_lun *lun;
11654	const struct ctl_cmd_entry *entry;
11655	uint32_t initidx, targ_lun;
11656	int retval;
11657
11658	retval = 0;
11659
11660	lun = NULL;
11661
11662	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11663	if ((targ_lun < CTL_MAX_LUNS)
11664	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11665		/*
11666		 * If the LUN is invalid, pretend that it doesn't exist.
11667		 * It will go away as soon as all pending I/O has been
11668		 * completed.
11669		 */
11670		mtx_lock(&lun->lun_lock);
11671		if (lun->flags & CTL_LUN_DISABLED) {
11672			mtx_unlock(&lun->lun_lock);
11673			lun = NULL;
11674			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11675			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11676		} else {
11677			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11678			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11679				lun->be_lun;
11680			if (lun->be_lun->lun_type == T_PROCESSOR) {
11681				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11682			}
11683
11684			/*
11685			 * Every I/O goes into the OOA queue for a
11686			 * particular LUN, and stays there until completion.
11687			 */
11688#ifdef CTL_TIME_IO
11689			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11690				lun->idle_time += getsbinuptime() -
11691				    lun->last_busy;
11692			}
11693#endif
11694			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11695			    ooa_links);
11696		}
11697	} else {
11698		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11699		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11700	}
11701
11702	/* Get command entry and return error if it is unsuppotyed. */
11703	entry = ctl_validate_command(ctsio);
11704	if (entry == NULL) {
11705		if (lun)
11706			mtx_unlock(&lun->lun_lock);
11707		return (retval);
11708	}
11709
11710	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11711	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11712
11713	/*
11714	 * Check to see whether we can send this command to LUNs that don't
11715	 * exist.  This should pretty much only be the case for inquiry
11716	 * and request sense.  Further checks, below, really require having
11717	 * a LUN, so we can't really check the command anymore.  Just put
11718	 * it on the rtr queue.
11719	 */
11720	if (lun == NULL) {
11721		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11722			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11723			ctl_enqueue_rtr((union ctl_io *)ctsio);
11724			return (retval);
11725		}
11726
11727		ctl_set_unsupported_lun(ctsio);
11728		ctl_done((union ctl_io *)ctsio);
11729		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11730		return (retval);
11731	} else {
11732		/*
11733		 * Make sure we support this particular command on this LUN.
11734		 * e.g., we don't support writes to the control LUN.
11735		 */
11736		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11737			mtx_unlock(&lun->lun_lock);
11738			ctl_set_invalid_opcode(ctsio);
11739			ctl_done((union ctl_io *)ctsio);
11740			return (retval);
11741		}
11742	}
11743
11744	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11745
11746#ifdef CTL_WITH_CA
11747	/*
11748	 * If we've got a request sense, it'll clear the contingent
11749	 * allegiance condition.  Otherwise, if we have a CA condition for
11750	 * this initiator, clear it, because it sent down a command other
11751	 * than request sense.
11752	 */
11753	if ((ctsio->cdb[0] != REQUEST_SENSE)
11754	 && (ctl_is_set(lun->have_ca, initidx)))
11755		ctl_clear_mask(lun->have_ca, initidx);
11756#endif
11757
11758	/*
11759	 * If the command has this flag set, it handles its own unit
11760	 * attention reporting, we shouldn't do anything.  Otherwise we
11761	 * check for any pending unit attentions, and send them back to the
11762	 * initiator.  We only do this when a command initially comes in,
11763	 * not when we pull it off the blocked queue.
11764	 *
11765	 * According to SAM-3, section 5.3.2, the order that things get
11766	 * presented back to the host is basically unit attentions caused
11767	 * by some sort of reset event, busy status, reservation conflicts
11768	 * or task set full, and finally any other status.
11769	 *
11770	 * One issue here is that some of the unit attentions we report
11771	 * don't fall into the "reset" category (e.g. "reported luns data
11772	 * has changed").  So reporting it here, before the reservation
11773	 * check, may be technically wrong.  I guess the only thing to do
11774	 * would be to check for and report the reset events here, and then
11775	 * check for the other unit attention types after we check for a
11776	 * reservation conflict.
11777	 *
11778	 * XXX KDM need to fix this
11779	 */
11780	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11781		ctl_ua_type ua_type;
11782		scsi_sense_data_type sense_format;
11783
11784		if (lun->flags & CTL_LUN_SENSE_DESC)
11785			sense_format = SSD_TYPE_DESC;
11786		else
11787			sense_format = SSD_TYPE_FIXED;
11788
11789		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11790		    sense_format);
11791		if (ua_type != CTL_UA_NONE) {
11792			mtx_unlock(&lun->lun_lock);
11793			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11794			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11795			ctsio->sense_len = SSD_FULL_SIZE;
11796			ctl_done((union ctl_io *)ctsio);
11797			return (retval);
11798		}
11799	}
11800
11801
11802	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11803		mtx_unlock(&lun->lun_lock);
11804		ctl_done((union ctl_io *)ctsio);
11805		return (retval);
11806	}
11807
11808	/*
11809	 * XXX CHD this is where we want to send IO to other side if
11810	 * this LUN is secondary on this SC. We will need to make a copy
11811	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11812	 * the copy we send as FROM_OTHER.
11813	 * We also need to stuff the address of the original IO so we can
11814	 * find it easily. Something similar will need be done on the other
11815	 * side so when we are done we can find the copy.
11816	 */
11817	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11818		union ctl_ha_msg msg_info;
11819		int isc_retval;
11820
11821		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11822
11823		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11824		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11825#if 0
11826		printf("1. ctsio %p\n", ctsio);
11827#endif
11828		msg_info.hdr.serializing_sc = NULL;
11829		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11830		msg_info.scsi.tag_num = ctsio->tag_num;
11831		msg_info.scsi.tag_type = ctsio->tag_type;
11832		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11833
11834		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11835
11836		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11837		    (void *)&msg_info, sizeof(msg_info), 0)) >
11838		    CTL_HA_STATUS_SUCCESS) {
11839			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11840			       isc_retval);
11841			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11842		} else {
11843#if 0
11844			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11845#endif
11846		}
11847
11848		/*
11849		 * XXX KDM this I/O is off the incoming queue, but hasn't
11850		 * been inserted on any other queue.  We may need to come
11851		 * up with a holding queue while we wait for serialization
11852		 * so that we have an idea of what we're waiting for from
11853		 * the other side.
11854		 */
11855		mtx_unlock(&lun->lun_lock);
11856		return (retval);
11857	}
11858
11859	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11860			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11861			      ctl_ooaq, ooa_links))) {
11862	case CTL_ACTION_BLOCK:
11863		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11864		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11865				  blocked_links);
11866		mtx_unlock(&lun->lun_lock);
11867		return (retval);
11868	case CTL_ACTION_PASS:
11869	case CTL_ACTION_SKIP:
11870		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11871		mtx_unlock(&lun->lun_lock);
11872		ctl_enqueue_rtr((union ctl_io *)ctsio);
11873		break;
11874	case CTL_ACTION_OVERLAP:
11875		mtx_unlock(&lun->lun_lock);
11876		ctl_set_overlapped_cmd(ctsio);
11877		ctl_done((union ctl_io *)ctsio);
11878		break;
11879	case CTL_ACTION_OVERLAP_TAG:
11880		mtx_unlock(&lun->lun_lock);
11881		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11882		ctl_done((union ctl_io *)ctsio);
11883		break;
11884	case CTL_ACTION_ERROR:
11885	default:
11886		mtx_unlock(&lun->lun_lock);
11887		ctl_set_internal_failure(ctsio,
11888					 /*sks_valid*/ 0,
11889					 /*retry_count*/ 0);
11890		ctl_done((union ctl_io *)ctsio);
11891		break;
11892	}
11893	return (retval);
11894}
11895
11896const struct ctl_cmd_entry *
11897ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11898{
11899	const struct ctl_cmd_entry *entry;
11900	int service_action;
11901
11902	entry = &ctl_cmd_table[ctsio->cdb[0]];
11903	if (sa)
11904		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11905	if (entry->flags & CTL_CMD_FLAG_SA5) {
11906		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11907		entry = &((const struct ctl_cmd_entry *)
11908		    entry->execute)[service_action];
11909	}
11910	return (entry);
11911}
11912
11913const struct ctl_cmd_entry *
11914ctl_validate_command(struct ctl_scsiio *ctsio)
11915{
11916	const struct ctl_cmd_entry *entry;
11917	int i, sa;
11918	uint8_t diff;
11919
11920	entry = ctl_get_cmd_entry(ctsio, &sa);
11921	if (entry->execute == NULL) {
11922		if (sa)
11923			ctl_set_invalid_field(ctsio,
11924					      /*sks_valid*/ 1,
11925					      /*command*/ 1,
11926					      /*field*/ 1,
11927					      /*bit_valid*/ 1,
11928					      /*bit*/ 4);
11929		else
11930			ctl_set_invalid_opcode(ctsio);
11931		ctl_done((union ctl_io *)ctsio);
11932		return (NULL);
11933	}
11934	KASSERT(entry->length > 0,
11935	    ("Not defined length for command 0x%02x/0x%02x",
11936	     ctsio->cdb[0], ctsio->cdb[1]));
11937	for (i = 1; i < entry->length; i++) {
11938		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11939		if (diff == 0)
11940			continue;
11941		ctl_set_invalid_field(ctsio,
11942				      /*sks_valid*/ 1,
11943				      /*command*/ 1,
11944				      /*field*/ i,
11945				      /*bit_valid*/ 1,
11946				      /*bit*/ fls(diff) - 1);
11947		ctl_done((union ctl_io *)ctsio);
11948		return (NULL);
11949	}
11950	return (entry);
11951}
11952
11953static int
11954ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11955{
11956
11957	switch (lun_type) {
11958	case T_PROCESSOR:
11959		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11960		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11961			return (0);
11962		break;
11963	case T_DIRECT:
11964		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11965		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11966			return (0);
11967		break;
11968	default:
11969		return (0);
11970	}
11971	return (1);
11972}
11973
11974static int
11975ctl_scsiio(struct ctl_scsiio *ctsio)
11976{
11977	int retval;
11978	const struct ctl_cmd_entry *entry;
11979
11980	retval = CTL_RETVAL_COMPLETE;
11981
11982	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11983
11984	entry = ctl_get_cmd_entry(ctsio, NULL);
11985
11986	/*
11987	 * If this I/O has been aborted, just send it straight to
11988	 * ctl_done() without executing it.
11989	 */
11990	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11991		ctl_done((union ctl_io *)ctsio);
11992		goto bailout;
11993	}
11994
11995	/*
11996	 * All the checks should have been handled by ctl_scsiio_precheck().
11997	 * We should be clear now to just execute the I/O.
11998	 */
11999	retval = entry->execute(ctsio);
12000
12001bailout:
12002	return (retval);
12003}
12004
12005/*
12006 * Since we only implement one target right now, a bus reset simply resets
12007 * our single target.
12008 */
12009static int
12010ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
12011{
12012	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
12013}
12014
12015static int
12016ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
12017		 ctl_ua_type ua_type)
12018{
12019	struct ctl_lun *lun;
12020	int retval;
12021
12022	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12023		union ctl_ha_msg msg_info;
12024
12025		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
12026		msg_info.hdr.nexus = io->io_hdr.nexus;
12027		if (ua_type==CTL_UA_TARG_RESET)
12028			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
12029		else
12030			msg_info.task.task_action = CTL_TASK_BUS_RESET;
12031		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12032		msg_info.hdr.original_sc = NULL;
12033		msg_info.hdr.serializing_sc = NULL;
12034		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12035		    (void *)&msg_info, sizeof(msg_info), 0)) {
12036		}
12037	}
12038	retval = 0;
12039
12040	mtx_lock(&softc->ctl_lock);
12041	STAILQ_FOREACH(lun, &softc->lun_list, links)
12042		retval += ctl_lun_reset(lun, io, ua_type);
12043	mtx_unlock(&softc->ctl_lock);
12044
12045	return (retval);
12046}
12047
12048/*
12049 * The LUN should always be set.  The I/O is optional, and is used to
12050 * distinguish between I/Os sent by this initiator, and by other
12051 * initiators.  We set unit attention for initiators other than this one.
12052 * SAM-3 is vague on this point.  It does say that a unit attention should
12053 * be established for other initiators when a LUN is reset (see section
12054 * 5.7.3), but it doesn't specifically say that the unit attention should
12055 * be established for this particular initiator when a LUN is reset.  Here
12056 * is the relevant text, from SAM-3 rev 8:
12057 *
12058 * 5.7.2 When a SCSI initiator port aborts its own tasks
12059 *
12060 * When a SCSI initiator port causes its own task(s) to be aborted, no
12061 * notification that the task(s) have been aborted shall be returned to
12062 * the SCSI initiator port other than the completion response for the
12063 * command or task management function action that caused the task(s) to
12064 * be aborted and notification(s) associated with related effects of the
12065 * action (e.g., a reset unit attention condition).
12066 *
12067 * XXX KDM for now, we're setting unit attention for all initiators.
12068 */
12069static int
12070ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
12071{
12072	union ctl_io *xio;
12073#if 0
12074	uint32_t initidx;
12075#endif
12076#ifdef CTL_WITH_CA
12077	int i;
12078#endif
12079
12080	mtx_lock(&lun->lun_lock);
12081	/*
12082	 * Run through the OOA queue and abort each I/O.
12083	 */
12084	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12085	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12086		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
12087	}
12088
12089	/*
12090	 * This version sets unit attention for every
12091	 */
12092#if 0
12093	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12094	ctl_est_ua_all(lun, initidx, ua_type);
12095#else
12096	ctl_est_ua_all(lun, -1, ua_type);
12097#endif
12098
12099	/*
12100	 * A reset (any kind, really) clears reservations established with
12101	 * RESERVE/RELEASE.  It does not clear reservations established
12102	 * with PERSISTENT RESERVE OUT, but we don't support that at the
12103	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
12104	 * reservations made with the RESERVE/RELEASE commands, because
12105	 * those commands are obsolete in SPC-3.
12106	 */
12107	lun->flags &= ~CTL_LUN_RESERVED;
12108
12109#ifdef CTL_WITH_CA
12110	for (i = 0; i < CTL_MAX_INITIATORS; i++)
12111		ctl_clear_mask(lun->have_ca, i);
12112#endif
12113	mtx_unlock(&lun->lun_lock);
12114
12115	return (0);
12116}
12117
12118static void
12119ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
12120    int other_sc)
12121{
12122	union ctl_io *xio;
12123
12124	mtx_assert(&lun->lun_lock, MA_OWNED);
12125
12126	/*
12127	 * Run through the OOA queue and attempt to find the given I/O.
12128	 * The target port, initiator ID, tag type and tag number have to
12129	 * match the values that we got from the initiator.  If we have an
12130	 * untagged command to abort, simply abort the first untagged command
12131	 * we come to.  We only allow one untagged command at a time of course.
12132	 */
12133	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12134	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12135
12136		if ((targ_port == UINT32_MAX ||
12137		     targ_port == xio->io_hdr.nexus.targ_port) &&
12138		    (init_id == UINT32_MAX ||
12139		     init_id == xio->io_hdr.nexus.initid.id)) {
12140			if (targ_port != xio->io_hdr.nexus.targ_port ||
12141			    init_id != xio->io_hdr.nexus.initid.id)
12142				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
12143			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12144			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12145				union ctl_ha_msg msg_info;
12146
12147				msg_info.hdr.nexus = xio->io_hdr.nexus;
12148				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12149				msg_info.task.tag_num = xio->scsiio.tag_num;
12150				msg_info.task.tag_type = xio->scsiio.tag_type;
12151				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12152				msg_info.hdr.original_sc = NULL;
12153				msg_info.hdr.serializing_sc = NULL;
12154				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12155				    (void *)&msg_info, sizeof(msg_info), 0);
12156			}
12157		}
12158	}
12159}
12160
12161static int
12162ctl_abort_task_set(union ctl_io *io)
12163{
12164	struct ctl_softc *softc = control_softc;
12165	struct ctl_lun *lun;
12166	uint32_t targ_lun;
12167
12168	/*
12169	 * Look up the LUN.
12170	 */
12171	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12172	mtx_lock(&softc->ctl_lock);
12173	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
12174		lun = softc->ctl_luns[targ_lun];
12175	else {
12176		mtx_unlock(&softc->ctl_lock);
12177		return (1);
12178	}
12179
12180	mtx_lock(&lun->lun_lock);
12181	mtx_unlock(&softc->ctl_lock);
12182	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12183		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12184		    io->io_hdr.nexus.initid.id,
12185		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12186	} else { /* CTL_TASK_CLEAR_TASK_SET */
12187		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12188		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12189	}
12190	mtx_unlock(&lun->lun_lock);
12191	return (0);
12192}
12193
12194static int
12195ctl_i_t_nexus_reset(union ctl_io *io)
12196{
12197	struct ctl_softc *softc = control_softc;
12198	struct ctl_lun *lun;
12199	uint32_t initidx, residx;
12200
12201	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12202	residx = ctl_get_resindex(&io->io_hdr.nexus);
12203	mtx_lock(&softc->ctl_lock);
12204	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12205		mtx_lock(&lun->lun_lock);
12206		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12207		    io->io_hdr.nexus.initid.id,
12208		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12209#ifdef CTL_WITH_CA
12210		ctl_clear_mask(lun->have_ca, initidx);
12211#endif
12212		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
12213			lun->flags &= ~CTL_LUN_RESERVED;
12214		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
12215		mtx_unlock(&lun->lun_lock);
12216	}
12217	mtx_unlock(&softc->ctl_lock);
12218	return (0);
12219}
12220
12221static int
12222ctl_abort_task(union ctl_io *io)
12223{
12224	union ctl_io *xio;
12225	struct ctl_lun *lun;
12226	struct ctl_softc *softc;
12227#if 0
12228	struct sbuf sb;
12229	char printbuf[128];
12230#endif
12231	int found;
12232	uint32_t targ_lun;
12233
12234	softc = control_softc;
12235	found = 0;
12236
12237	/*
12238	 * Look up the LUN.
12239	 */
12240	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12241	mtx_lock(&softc->ctl_lock);
12242	if ((targ_lun < CTL_MAX_LUNS)
12243	 && (softc->ctl_luns[targ_lun] != NULL))
12244		lun = softc->ctl_luns[targ_lun];
12245	else {
12246		mtx_unlock(&softc->ctl_lock);
12247		return (1);
12248	}
12249
12250#if 0
12251	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12252	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12253#endif
12254
12255	mtx_lock(&lun->lun_lock);
12256	mtx_unlock(&softc->ctl_lock);
12257	/*
12258	 * Run through the OOA queue and attempt to find the given I/O.
12259	 * The target port, initiator ID, tag type and tag number have to
12260	 * match the values that we got from the initiator.  If we have an
12261	 * untagged command to abort, simply abort the first untagged command
12262	 * we come to.  We only allow one untagged command at a time of course.
12263	 */
12264	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12265	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12266#if 0
12267		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12268
12269		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12270			    lun->lun, xio->scsiio.tag_num,
12271			    xio->scsiio.tag_type,
12272			    (xio->io_hdr.blocked_links.tqe_prev
12273			    == NULL) ? "" : " BLOCKED",
12274			    (xio->io_hdr.flags &
12275			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12276			    (xio->io_hdr.flags &
12277			    CTL_FLAG_ABORT) ? " ABORT" : "",
12278			    (xio->io_hdr.flags &
12279			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12280		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12281		sbuf_finish(&sb);
12282		printf("%s\n", sbuf_data(&sb));
12283#endif
12284
12285		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12286		 || (xio->io_hdr.nexus.initid.id != io->io_hdr.nexus.initid.id)
12287		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12288			continue;
12289
12290		/*
12291		 * If the abort says that the task is untagged, the
12292		 * task in the queue must be untagged.  Otherwise,
12293		 * we just check to see whether the tag numbers
12294		 * match.  This is because the QLogic firmware
12295		 * doesn't pass back the tag type in an abort
12296		 * request.
12297		 */
12298#if 0
12299		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12300		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12301		 || (xio->scsiio.tag_num == io->taskio.tag_num))
12302#endif
12303		/*
12304		 * XXX KDM we've got problems with FC, because it
12305		 * doesn't send down a tag type with aborts.  So we
12306		 * can only really go by the tag number...
12307		 * This may cause problems with parallel SCSI.
12308		 * Need to figure that out!!
12309		 */
12310		if (xio->scsiio.tag_num == io->taskio.tag_num) {
12311			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12312			found = 1;
12313			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
12314			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12315				union ctl_ha_msg msg_info;
12316
12317				io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
12318				msg_info.hdr.nexus = io->io_hdr.nexus;
12319				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12320				msg_info.task.tag_num = io->taskio.tag_num;
12321				msg_info.task.tag_type = io->taskio.tag_type;
12322				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12323				msg_info.hdr.original_sc = NULL;
12324				msg_info.hdr.serializing_sc = NULL;
12325#if 0
12326				printf("Sent Abort to other side\n");
12327#endif
12328				if (ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12329				    (void *)&msg_info, sizeof(msg_info), 0) !=
12330				    CTL_HA_STATUS_SUCCESS) {
12331				}
12332			}
12333#if 0
12334			printf("ctl_abort_task: found I/O to abort\n");
12335#endif
12336		}
12337	}
12338	mtx_unlock(&lun->lun_lock);
12339
12340	if (found == 0) {
12341		/*
12342		 * This isn't really an error.  It's entirely possible for
12343		 * the abort and command completion to cross on the wire.
12344		 * This is more of an informative/diagnostic error.
12345		 */
12346#if 0
12347		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12348		       "%d:%d:%d:%d tag %d type %d\n",
12349		       io->io_hdr.nexus.initid.id,
12350		       io->io_hdr.nexus.targ_port,
12351		       io->io_hdr.nexus.targ_target.id,
12352		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12353		       io->taskio.tag_type);
12354#endif
12355	}
12356	return (0);
12357}
12358
12359static void
12360ctl_run_task(union ctl_io *io)
12361{
12362	struct ctl_softc *softc = control_softc;
12363	int retval = 1;
12364	const char *task_desc;
12365
12366	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12367
12368	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12369	    ("ctl_run_task: Unextected io_type %d\n",
12370	     io->io_hdr.io_type));
12371
12372	task_desc = ctl_scsi_task_string(&io->taskio);
12373	if (task_desc != NULL) {
12374#ifdef NEEDTOPORT
12375		csevent_log(CSC_CTL | CSC_SHELF_SW |
12376			    CTL_TASK_REPORT,
12377			    csevent_LogType_Trace,
12378			    csevent_Severity_Information,
12379			    csevent_AlertLevel_Green,
12380			    csevent_FRU_Firmware,
12381			    csevent_FRU_Unknown,
12382			    "CTL: received task: %s",task_desc);
12383#endif
12384	} else {
12385#ifdef NEEDTOPORT
12386		csevent_log(CSC_CTL | CSC_SHELF_SW |
12387			    CTL_TASK_REPORT,
12388			    csevent_LogType_Trace,
12389			    csevent_Severity_Information,
12390			    csevent_AlertLevel_Green,
12391			    csevent_FRU_Firmware,
12392			    csevent_FRU_Unknown,
12393			    "CTL: received unknown task "
12394			    "type: %d (%#x)",
12395			    io->taskio.task_action,
12396			    io->taskio.task_action);
12397#endif
12398	}
12399	switch (io->taskio.task_action) {
12400	case CTL_TASK_ABORT_TASK:
12401		retval = ctl_abort_task(io);
12402		break;
12403	case CTL_TASK_ABORT_TASK_SET:
12404	case CTL_TASK_CLEAR_TASK_SET:
12405		retval = ctl_abort_task_set(io);
12406		break;
12407	case CTL_TASK_CLEAR_ACA:
12408		break;
12409	case CTL_TASK_I_T_NEXUS_RESET:
12410		retval = ctl_i_t_nexus_reset(io);
12411		break;
12412	case CTL_TASK_LUN_RESET: {
12413		struct ctl_lun *lun;
12414		uint32_t targ_lun;
12415
12416		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12417		mtx_lock(&softc->ctl_lock);
12418		if ((targ_lun < CTL_MAX_LUNS)
12419		 && (softc->ctl_luns[targ_lun] != NULL))
12420			lun = softc->ctl_luns[targ_lun];
12421		else {
12422			mtx_unlock(&softc->ctl_lock);
12423			retval = 1;
12424			break;
12425		}
12426
12427		if (!(io->io_hdr.flags &
12428		    CTL_FLAG_FROM_OTHER_SC)) {
12429			union ctl_ha_msg msg_info;
12430
12431			io->io_hdr.flags |=
12432				CTL_FLAG_SENT_2OTHER_SC;
12433			msg_info.hdr.msg_type =
12434				CTL_MSG_MANAGE_TASKS;
12435			msg_info.hdr.nexus = io->io_hdr.nexus;
12436			msg_info.task.task_action =
12437				CTL_TASK_LUN_RESET;
12438			msg_info.hdr.original_sc = NULL;
12439			msg_info.hdr.serializing_sc = NULL;
12440			if (CTL_HA_STATUS_SUCCESS !=
12441			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12442			    (void *)&msg_info,
12443			    sizeof(msg_info), 0)) {
12444			}
12445		}
12446
12447		retval = ctl_lun_reset(lun, io,
12448				       CTL_UA_LUN_RESET);
12449		mtx_unlock(&softc->ctl_lock);
12450		break;
12451	}
12452	case CTL_TASK_TARGET_RESET:
12453		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12454		break;
12455	case CTL_TASK_BUS_RESET:
12456		retval = ctl_bus_reset(softc, io);
12457		break;
12458	case CTL_TASK_PORT_LOGIN:
12459		break;
12460	case CTL_TASK_PORT_LOGOUT:
12461		break;
12462	default:
12463		printf("ctl_run_task: got unknown task management event %d\n",
12464		       io->taskio.task_action);
12465		break;
12466	}
12467	if (retval == 0)
12468		io->io_hdr.status = CTL_SUCCESS;
12469	else
12470		io->io_hdr.status = CTL_ERROR;
12471	ctl_done(io);
12472}
12473
12474/*
12475 * For HA operation.  Handle commands that come in from the other
12476 * controller.
12477 */
12478static void
12479ctl_handle_isc(union ctl_io *io)
12480{
12481	int free_io;
12482	struct ctl_lun *lun;
12483	struct ctl_softc *softc;
12484	uint32_t targ_lun;
12485
12486	softc = control_softc;
12487
12488	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12489	lun = softc->ctl_luns[targ_lun];
12490
12491	switch (io->io_hdr.msg_type) {
12492	case CTL_MSG_SERIALIZE:
12493		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12494		break;
12495	case CTL_MSG_R2R: {
12496		const struct ctl_cmd_entry *entry;
12497
12498		/*
12499		 * This is only used in SER_ONLY mode.
12500		 */
12501		free_io = 0;
12502		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12503		mtx_lock(&lun->lun_lock);
12504		if (ctl_scsiio_lun_check(lun,
12505		    entry, (struct ctl_scsiio *)io) != 0) {
12506			mtx_unlock(&lun->lun_lock);
12507			ctl_done(io);
12508			break;
12509		}
12510		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12511		mtx_unlock(&lun->lun_lock);
12512		ctl_enqueue_rtr(io);
12513		break;
12514	}
12515	case CTL_MSG_FINISH_IO:
12516		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12517			free_io = 0;
12518			ctl_done(io);
12519		} else {
12520			free_io = 1;
12521			mtx_lock(&lun->lun_lock);
12522			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12523				     ooa_links);
12524			ctl_check_blocked(lun);
12525			mtx_unlock(&lun->lun_lock);
12526		}
12527		break;
12528	case CTL_MSG_PERS_ACTION:
12529		ctl_hndl_per_res_out_on_other_sc(
12530			(union ctl_ha_msg *)&io->presio.pr_msg);
12531		free_io = 1;
12532		break;
12533	case CTL_MSG_BAD_JUJU:
12534		free_io = 0;
12535		ctl_done(io);
12536		break;
12537	case CTL_MSG_DATAMOVE:
12538		/* Only used in XFER mode */
12539		free_io = 0;
12540		ctl_datamove_remote(io);
12541		break;
12542	case CTL_MSG_DATAMOVE_DONE:
12543		/* Only used in XFER mode */
12544		free_io = 0;
12545		io->scsiio.be_move_done(io);
12546		break;
12547	default:
12548		free_io = 1;
12549		printf("%s: Invalid message type %d\n",
12550		       __func__, io->io_hdr.msg_type);
12551		break;
12552	}
12553	if (free_io)
12554		ctl_free_io(io);
12555
12556}
12557
12558
12559/*
12560 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12561 * there is no match.
12562 */
12563static ctl_lun_error_pattern
12564ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12565{
12566	const struct ctl_cmd_entry *entry;
12567	ctl_lun_error_pattern filtered_pattern, pattern;
12568
12569	pattern = desc->error_pattern;
12570
12571	/*
12572	 * XXX KDM we need more data passed into this function to match a
12573	 * custom pattern, and we actually need to implement custom pattern
12574	 * matching.
12575	 */
12576	if (pattern & CTL_LUN_PAT_CMD)
12577		return (CTL_LUN_PAT_CMD);
12578
12579	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12580		return (CTL_LUN_PAT_ANY);
12581
12582	entry = ctl_get_cmd_entry(ctsio, NULL);
12583
12584	filtered_pattern = entry->pattern & pattern;
12585
12586	/*
12587	 * If the user requested specific flags in the pattern (e.g.
12588	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12589	 * flags.
12590	 *
12591	 * If the user did not specify any flags, it doesn't matter whether
12592	 * or not the command supports the flags.
12593	 */
12594	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12595	     (pattern & ~CTL_LUN_PAT_MASK))
12596		return (CTL_LUN_PAT_NONE);
12597
12598	/*
12599	 * If the user asked for a range check, see if the requested LBA
12600	 * range overlaps with this command's LBA range.
12601	 */
12602	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12603		uint64_t lba1;
12604		uint64_t len1;
12605		ctl_action action;
12606		int retval;
12607
12608		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12609		if (retval != 0)
12610			return (CTL_LUN_PAT_NONE);
12611
12612		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12613					      desc->lba_range.len, FALSE);
12614		/*
12615		 * A "pass" means that the LBA ranges don't overlap, so
12616		 * this doesn't match the user's range criteria.
12617		 */
12618		if (action == CTL_ACTION_PASS)
12619			return (CTL_LUN_PAT_NONE);
12620	}
12621
12622	return (filtered_pattern);
12623}
12624
12625static void
12626ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12627{
12628	struct ctl_error_desc *desc, *desc2;
12629
12630	mtx_assert(&lun->lun_lock, MA_OWNED);
12631
12632	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12633		ctl_lun_error_pattern pattern;
12634		/*
12635		 * Check to see whether this particular command matches
12636		 * the pattern in the descriptor.
12637		 */
12638		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12639		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12640			continue;
12641
12642		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12643		case CTL_LUN_INJ_ABORTED:
12644			ctl_set_aborted(&io->scsiio);
12645			break;
12646		case CTL_LUN_INJ_MEDIUM_ERR:
12647			ctl_set_medium_error(&io->scsiio);
12648			break;
12649		case CTL_LUN_INJ_UA:
12650			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12651			 * OCCURRED */
12652			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12653			break;
12654		case CTL_LUN_INJ_CUSTOM:
12655			/*
12656			 * We're assuming the user knows what he is doing.
12657			 * Just copy the sense information without doing
12658			 * checks.
12659			 */
12660			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12661			      MIN(sizeof(desc->custom_sense),
12662				  sizeof(io->scsiio.sense_data)));
12663			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12664			io->scsiio.sense_len = SSD_FULL_SIZE;
12665			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12666			break;
12667		case CTL_LUN_INJ_NONE:
12668		default:
12669			/*
12670			 * If this is an error injection type we don't know
12671			 * about, clear the continuous flag (if it is set)
12672			 * so it will get deleted below.
12673			 */
12674			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12675			break;
12676		}
12677		/*
12678		 * By default, each error injection action is a one-shot
12679		 */
12680		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12681			continue;
12682
12683		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12684
12685		free(desc, M_CTL);
12686	}
12687}
12688
12689#ifdef CTL_IO_DELAY
12690static void
12691ctl_datamove_timer_wakeup(void *arg)
12692{
12693	union ctl_io *io;
12694
12695	io = (union ctl_io *)arg;
12696
12697	ctl_datamove(io);
12698}
12699#endif /* CTL_IO_DELAY */
12700
12701void
12702ctl_datamove(union ctl_io *io)
12703{
12704	void (*fe_datamove)(union ctl_io *io);
12705
12706	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12707
12708	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12709
12710#ifdef CTL_TIME_IO
12711	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12712		char str[256];
12713		char path_str[64];
12714		struct sbuf sb;
12715
12716		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12717		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12718
12719		sbuf_cat(&sb, path_str);
12720		switch (io->io_hdr.io_type) {
12721		case CTL_IO_SCSI:
12722			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12723			sbuf_printf(&sb, "\n");
12724			sbuf_cat(&sb, path_str);
12725			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12726				    io->scsiio.tag_num, io->scsiio.tag_type);
12727			break;
12728		case CTL_IO_TASK:
12729			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12730				    "Tag Type: %d\n", io->taskio.task_action,
12731				    io->taskio.tag_num, io->taskio.tag_type);
12732			break;
12733		default:
12734			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12735			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12736			break;
12737		}
12738		sbuf_cat(&sb, path_str);
12739		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12740			    (intmax_t)time_uptime - io->io_hdr.start_time);
12741		sbuf_finish(&sb);
12742		printf("%s", sbuf_data(&sb));
12743	}
12744#endif /* CTL_TIME_IO */
12745
12746#ifdef CTL_IO_DELAY
12747	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12748		struct ctl_lun *lun;
12749
12750		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12751
12752		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12753	} else {
12754		struct ctl_lun *lun;
12755
12756		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12757		if ((lun != NULL)
12758		 && (lun->delay_info.datamove_delay > 0)) {
12759			struct callout *callout;
12760
12761			callout = (struct callout *)&io->io_hdr.timer_bytes;
12762			callout_init(callout, /*mpsafe*/ 1);
12763			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12764			callout_reset(callout,
12765				      lun->delay_info.datamove_delay * hz,
12766				      ctl_datamove_timer_wakeup, io);
12767			if (lun->delay_info.datamove_type ==
12768			    CTL_DELAY_TYPE_ONESHOT)
12769				lun->delay_info.datamove_delay = 0;
12770			return;
12771		}
12772	}
12773#endif
12774
12775	/*
12776	 * This command has been aborted.  Set the port status, so we fail
12777	 * the data move.
12778	 */
12779	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12780		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12781		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12782		       io->io_hdr.nexus.targ_port,
12783		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12784		       io->io_hdr.nexus.targ_lun);
12785		io->io_hdr.port_status = 31337;
12786		/*
12787		 * Note that the backend, in this case, will get the
12788		 * callback in its context.  In other cases it may get
12789		 * called in the frontend's interrupt thread context.
12790		 */
12791		io->scsiio.be_move_done(io);
12792		return;
12793	}
12794
12795	/* Don't confuse frontend with zero length data move. */
12796	if (io->scsiio.kern_data_len == 0) {
12797		io->scsiio.be_move_done(io);
12798		return;
12799	}
12800
12801	/*
12802	 * If we're in XFER mode and this I/O is from the other shelf
12803	 * controller, we need to send the DMA to the other side to
12804	 * actually transfer the data to/from the host.  In serialize only
12805	 * mode the transfer happens below CTL and ctl_datamove() is only
12806	 * called on the machine that originally received the I/O.
12807	 */
12808	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12809	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12810		union ctl_ha_msg msg;
12811		uint32_t sg_entries_sent;
12812		int do_sg_copy;
12813		int i;
12814
12815		memset(&msg, 0, sizeof(msg));
12816		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12817		msg.hdr.original_sc = io->io_hdr.original_sc;
12818		msg.hdr.serializing_sc = io;
12819		msg.hdr.nexus = io->io_hdr.nexus;
12820		msg.dt.flags = io->io_hdr.flags;
12821		/*
12822		 * We convert everything into a S/G list here.  We can't
12823		 * pass by reference, only by value between controllers.
12824		 * So we can't pass a pointer to the S/G list, only as many
12825		 * S/G entries as we can fit in here.  If it's possible for
12826		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12827		 * then we need to break this up into multiple transfers.
12828		 */
12829		if (io->scsiio.kern_sg_entries == 0) {
12830			msg.dt.kern_sg_entries = 1;
12831			/*
12832			 * If this is in cached memory, flush the cache
12833			 * before we send the DMA request to the other
12834			 * controller.  We want to do this in either the
12835			 * read or the write case.  The read case is
12836			 * straightforward.  In the write case, we want to
12837			 * make sure nothing is in the local cache that
12838			 * could overwrite the DMAed data.
12839			 */
12840			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12841				/*
12842				 * XXX KDM use bus_dmamap_sync() here.
12843				 */
12844			}
12845
12846			/*
12847			 * Convert to a physical address if this is a
12848			 * virtual address.
12849			 */
12850			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12851				msg.dt.sg_list[0].addr =
12852					io->scsiio.kern_data_ptr;
12853			} else {
12854				/*
12855				 * XXX KDM use busdma here!
12856				 */
12857#if 0
12858				msg.dt.sg_list[0].addr = (void *)
12859					vtophys(io->scsiio.kern_data_ptr);
12860#endif
12861			}
12862
12863			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12864			do_sg_copy = 0;
12865		} else {
12866			struct ctl_sg_entry *sgl;
12867
12868			do_sg_copy = 1;
12869			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12870			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12871			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12872				/*
12873				 * XXX KDM use bus_dmamap_sync() here.
12874				 */
12875			}
12876		}
12877
12878		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12879		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12880		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12881		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12882		msg.dt.sg_sequence = 0;
12883
12884		/*
12885		 * Loop until we've sent all of the S/G entries.  On the
12886		 * other end, we'll recompose these S/G entries into one
12887		 * contiguous list before passing it to the
12888		 */
12889		for (sg_entries_sent = 0; sg_entries_sent <
12890		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12891			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12892				sizeof(msg.dt.sg_list[0])),
12893				msg.dt.kern_sg_entries - sg_entries_sent);
12894
12895			if (do_sg_copy != 0) {
12896				struct ctl_sg_entry *sgl;
12897				int j;
12898
12899				sgl = (struct ctl_sg_entry *)
12900					io->scsiio.kern_data_ptr;
12901				/*
12902				 * If this is in cached memory, flush the cache
12903				 * before we send the DMA request to the other
12904				 * controller.  We want to do this in either
12905				 * the * read or the write case.  The read
12906				 * case is straightforward.  In the write
12907				 * case, we want to make sure nothing is
12908				 * in the local cache that could overwrite
12909				 * the DMAed data.
12910				 */
12911
12912				for (i = sg_entries_sent, j = 0;
12913				     i < msg.dt.cur_sg_entries; i++, j++) {
12914					if ((io->io_hdr.flags &
12915					     CTL_FLAG_NO_DATASYNC) == 0) {
12916						/*
12917						 * XXX KDM use bus_dmamap_sync()
12918						 */
12919					}
12920					if ((io->io_hdr.flags &
12921					     CTL_FLAG_BUS_ADDR) == 0) {
12922						/*
12923						 * XXX KDM use busdma.
12924						 */
12925#if 0
12926						msg.dt.sg_list[j].addr =(void *)
12927						       vtophys(sgl[i].addr);
12928#endif
12929					} else {
12930						msg.dt.sg_list[j].addr =
12931							sgl[i].addr;
12932					}
12933					msg.dt.sg_list[j].len = sgl[i].len;
12934				}
12935			}
12936
12937			sg_entries_sent += msg.dt.cur_sg_entries;
12938			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12939				msg.dt.sg_last = 1;
12940			else
12941				msg.dt.sg_last = 0;
12942
12943			/*
12944			 * XXX KDM drop and reacquire the lock here?
12945			 */
12946			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12947			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12948				/*
12949				 * XXX do something here.
12950				 */
12951			}
12952
12953			msg.dt.sent_sg_entries = sg_entries_sent;
12954		}
12955		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12956		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12957			ctl_failover_io(io, /*have_lock*/ 0);
12958
12959	} else {
12960
12961		/*
12962		 * Lookup the fe_datamove() function for this particular
12963		 * front end.
12964		 */
12965		fe_datamove =
12966		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12967
12968		fe_datamove(io);
12969	}
12970}
12971
12972static void
12973ctl_send_datamove_done(union ctl_io *io, int have_lock)
12974{
12975	union ctl_ha_msg msg;
12976	int isc_status;
12977
12978	memset(&msg, 0, sizeof(msg));
12979
12980	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12981	msg.hdr.original_sc = io;
12982	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12983	msg.hdr.nexus = io->io_hdr.nexus;
12984	msg.hdr.status = io->io_hdr.status;
12985	msg.scsi.tag_num = io->scsiio.tag_num;
12986	msg.scsi.tag_type = io->scsiio.tag_type;
12987	msg.scsi.scsi_status = io->scsiio.scsi_status;
12988	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12989	       sizeof(io->scsiio.sense_data));
12990	msg.scsi.sense_len = io->scsiio.sense_len;
12991	msg.scsi.sense_residual = io->scsiio.sense_residual;
12992	msg.scsi.fetd_status = io->io_hdr.port_status;
12993	msg.scsi.residual = io->scsiio.residual;
12994	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12995
12996	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12997		ctl_failover_io(io, /*have_lock*/ have_lock);
12998		return;
12999	}
13000
13001	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
13002	if (isc_status > CTL_HA_STATUS_SUCCESS) {
13003		/* XXX do something if this fails */
13004	}
13005
13006}
13007
13008/*
13009 * The DMA to the remote side is done, now we need to tell the other side
13010 * we're done so it can continue with its data movement.
13011 */
13012static void
13013ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
13014{
13015	union ctl_io *io;
13016
13017	io = rq->context;
13018
13019	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
13020		printf("%s: ISC DMA write failed with error %d", __func__,
13021		       rq->ret);
13022		ctl_set_internal_failure(&io->scsiio,
13023					 /*sks_valid*/ 1,
13024					 /*retry_count*/ rq->ret);
13025	}
13026
13027	ctl_dt_req_free(rq);
13028
13029	/*
13030	 * In this case, we had to malloc the memory locally.  Free it.
13031	 */
13032	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
13033		int i;
13034		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13035			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13036	}
13037	/*
13038	 * The data is in local and remote memory, so now we need to send
13039	 * status (good or back) back to the other side.
13040	 */
13041	ctl_send_datamove_done(io, /*have_lock*/ 0);
13042}
13043
13044/*
13045 * We've moved the data from the host/controller into local memory.  Now we
13046 * need to push it over to the remote controller's memory.
13047 */
13048static int
13049ctl_datamove_remote_dm_write_cb(union ctl_io *io)
13050{
13051	int retval;
13052
13053	retval = 0;
13054
13055	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
13056					  ctl_datamove_remote_write_cb);
13057
13058	return (retval);
13059}
13060
13061static void
13062ctl_datamove_remote_write(union ctl_io *io)
13063{
13064	int retval;
13065	void (*fe_datamove)(union ctl_io *io);
13066
13067	/*
13068	 * - Get the data from the host/HBA into local memory.
13069	 * - DMA memory from the local controller to the remote controller.
13070	 * - Send status back to the remote controller.
13071	 */
13072
13073	retval = ctl_datamove_remote_sgl_setup(io);
13074	if (retval != 0)
13075		return;
13076
13077	/* Switch the pointer over so the FETD knows what to do */
13078	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13079
13080	/*
13081	 * Use a custom move done callback, since we need to send completion
13082	 * back to the other controller, not to the backend on this side.
13083	 */
13084	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
13085
13086	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13087
13088	fe_datamove(io);
13089
13090	return;
13091
13092}
13093
13094static int
13095ctl_datamove_remote_dm_read_cb(union ctl_io *io)
13096{
13097#if 0
13098	char str[256];
13099	char path_str[64];
13100	struct sbuf sb;
13101#endif
13102
13103	/*
13104	 * In this case, we had to malloc the memory locally.  Free it.
13105	 */
13106	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
13107		int i;
13108		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13109			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13110	}
13111
13112#if 0
13113	scsi_path_string(io, path_str, sizeof(path_str));
13114	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13115	sbuf_cat(&sb, path_str);
13116	scsi_command_string(&io->scsiio, NULL, &sb);
13117	sbuf_printf(&sb, "\n");
13118	sbuf_cat(&sb, path_str);
13119	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13120		    io->scsiio.tag_num, io->scsiio.tag_type);
13121	sbuf_cat(&sb, path_str);
13122	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
13123		    io->io_hdr.flags, io->io_hdr.status);
13124	sbuf_finish(&sb);
13125	printk("%s", sbuf_data(&sb));
13126#endif
13127
13128
13129	/*
13130	 * The read is done, now we need to send status (good or bad) back
13131	 * to the other side.
13132	 */
13133	ctl_send_datamove_done(io, /*have_lock*/ 0);
13134
13135	return (0);
13136}
13137
13138static void
13139ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
13140{
13141	union ctl_io *io;
13142	void (*fe_datamove)(union ctl_io *io);
13143
13144	io = rq->context;
13145
13146	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
13147		printf("%s: ISC DMA read failed with error %d", __func__,
13148		       rq->ret);
13149		ctl_set_internal_failure(&io->scsiio,
13150					 /*sks_valid*/ 1,
13151					 /*retry_count*/ rq->ret);
13152	}
13153
13154	ctl_dt_req_free(rq);
13155
13156	/* Switch the pointer over so the FETD knows what to do */
13157	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13158
13159	/*
13160	 * Use a custom move done callback, since we need to send completion
13161	 * back to the other controller, not to the backend on this side.
13162	 */
13163	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
13164
13165	/* XXX KDM add checks like the ones in ctl_datamove? */
13166
13167	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13168
13169	fe_datamove(io);
13170}
13171
13172static int
13173ctl_datamove_remote_sgl_setup(union ctl_io *io)
13174{
13175	struct ctl_sg_entry *local_sglist, *remote_sglist;
13176	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
13177	struct ctl_softc *softc;
13178	int retval;
13179	int i;
13180
13181	retval = 0;
13182	softc = control_softc;
13183
13184	local_sglist = io->io_hdr.local_sglist;
13185	local_dma_sglist = io->io_hdr.local_dma_sglist;
13186	remote_sglist = io->io_hdr.remote_sglist;
13187	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13188
13189	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
13190		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
13191			local_sglist[i].len = remote_sglist[i].len;
13192
13193			/*
13194			 * XXX Detect the situation where the RS-level I/O
13195			 * redirector on the other side has already read the
13196			 * data off of the AOR RS on this side, and
13197			 * transferred it to remote (mirror) memory on the
13198			 * other side.  Since we already have the data in
13199			 * memory here, we just need to use it.
13200			 *
13201			 * XXX KDM this can probably be removed once we
13202			 * get the cache device code in and take the
13203			 * current AOR implementation out.
13204			 */
13205#ifdef NEEDTOPORT
13206			if ((remote_sglist[i].addr >=
13207			     (void *)vtophys(softc->mirr->addr))
13208			 && (remote_sglist[i].addr <
13209			     ((void *)vtophys(softc->mirr->addr) +
13210			     CacheMirrorOffset))) {
13211				local_sglist[i].addr = remote_sglist[i].addr -
13212					CacheMirrorOffset;
13213				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13214				     CTL_FLAG_DATA_IN)
13215					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
13216			} else {
13217				local_sglist[i].addr = remote_sglist[i].addr +
13218					CacheMirrorOffset;
13219			}
13220#endif
13221#if 0
13222			printf("%s: local %p, remote %p, len %d\n",
13223			       __func__, local_sglist[i].addr,
13224			       remote_sglist[i].addr, local_sglist[i].len);
13225#endif
13226		}
13227	} else {
13228		uint32_t len_to_go;
13229
13230		/*
13231		 * In this case, we don't have automatically allocated
13232		 * memory for this I/O on this controller.  This typically
13233		 * happens with internal CTL I/O -- e.g. inquiry, mode
13234		 * sense, etc.  Anything coming from RAIDCore will have
13235		 * a mirror area available.
13236		 */
13237		len_to_go = io->scsiio.kern_data_len;
13238
13239		/*
13240		 * Clear the no datasync flag, we have to use malloced
13241		 * buffers.
13242		 */
13243		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
13244
13245		/*
13246		 * The difficult thing here is that the size of the various
13247		 * S/G segments may be different than the size from the
13248		 * remote controller.  That'll make it harder when DMAing
13249		 * the data back to the other side.
13250		 */
13251		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
13252		     sizeof(io->io_hdr.remote_sglist[0])) &&
13253		     (len_to_go > 0); i++) {
13254			local_sglist[i].len = MIN(len_to_go, 131072);
13255			CTL_SIZE_8B(local_dma_sglist[i].len,
13256				    local_sglist[i].len);
13257			local_sglist[i].addr =
13258				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
13259
13260			local_dma_sglist[i].addr = local_sglist[i].addr;
13261
13262			if (local_sglist[i].addr == NULL) {
13263				int j;
13264
13265				printf("malloc failed for %zd bytes!",
13266				       local_dma_sglist[i].len);
13267				for (j = 0; j < i; j++) {
13268					free(local_sglist[j].addr, M_CTL);
13269				}
13270				ctl_set_internal_failure(&io->scsiio,
13271							 /*sks_valid*/ 1,
13272							 /*retry_count*/ 4857);
13273				retval = 1;
13274				goto bailout_error;
13275
13276			}
13277			/* XXX KDM do we need a sync here? */
13278
13279			len_to_go -= local_sglist[i].len;
13280		}
13281		/*
13282		 * Reset the number of S/G entries accordingly.  The
13283		 * original number of S/G entries is available in
13284		 * rem_sg_entries.
13285		 */
13286		io->scsiio.kern_sg_entries = i;
13287
13288#if 0
13289		printf("%s: kern_sg_entries = %d\n", __func__,
13290		       io->scsiio.kern_sg_entries);
13291		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13292			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
13293			       local_sglist[i].addr, local_sglist[i].len,
13294			       local_dma_sglist[i].len);
13295#endif
13296	}
13297
13298
13299	return (retval);
13300
13301bailout_error:
13302
13303	ctl_send_datamove_done(io, /*have_lock*/ 0);
13304
13305	return (retval);
13306}
13307
13308static int
13309ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
13310			 ctl_ha_dt_cb callback)
13311{
13312	struct ctl_ha_dt_req *rq;
13313	struct ctl_sg_entry *remote_sglist, *local_sglist;
13314	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
13315	uint32_t local_used, remote_used, total_used;
13316	int retval;
13317	int i, j;
13318
13319	retval = 0;
13320
13321	rq = ctl_dt_req_alloc();
13322
13323	/*
13324	 * If we failed to allocate the request, and if the DMA didn't fail
13325	 * anyway, set busy status.  This is just a resource allocation
13326	 * failure.
13327	 */
13328	if ((rq == NULL)
13329	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
13330		ctl_set_busy(&io->scsiio);
13331
13332	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
13333
13334		if (rq != NULL)
13335			ctl_dt_req_free(rq);
13336
13337		/*
13338		 * The data move failed.  We need to return status back
13339		 * to the other controller.  No point in trying to DMA
13340		 * data to the remote controller.
13341		 */
13342
13343		ctl_send_datamove_done(io, /*have_lock*/ 0);
13344
13345		retval = 1;
13346
13347		goto bailout;
13348	}
13349
13350	local_sglist = io->io_hdr.local_sglist;
13351	local_dma_sglist = io->io_hdr.local_dma_sglist;
13352	remote_sglist = io->io_hdr.remote_sglist;
13353	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13354	local_used = 0;
13355	remote_used = 0;
13356	total_used = 0;
13357
13358	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
13359		rq->ret = CTL_HA_STATUS_SUCCESS;
13360		rq->context = io;
13361		callback(rq);
13362		goto bailout;
13363	}
13364
13365	/*
13366	 * Pull/push the data over the wire from/to the other controller.
13367	 * This takes into account the possibility that the local and
13368	 * remote sglists may not be identical in terms of the size of
13369	 * the elements and the number of elements.
13370	 *
13371	 * One fundamental assumption here is that the length allocated for
13372	 * both the local and remote sglists is identical.  Otherwise, we've
13373	 * essentially got a coding error of some sort.
13374	 */
13375	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
13376		int isc_ret;
13377		uint32_t cur_len, dma_length;
13378		uint8_t *tmp_ptr;
13379
13380		rq->id = CTL_HA_DATA_CTL;
13381		rq->command = command;
13382		rq->context = io;
13383
13384		/*
13385		 * Both pointers should be aligned.  But it is possible
13386		 * that the allocation length is not.  They should both
13387		 * also have enough slack left over at the end, though,
13388		 * to round up to the next 8 byte boundary.
13389		 */
13390		cur_len = MIN(local_sglist[i].len - local_used,
13391			      remote_sglist[j].len - remote_used);
13392
13393		/*
13394		 * In this case, we have a size issue and need to decrease
13395		 * the size, except in the case where we actually have less
13396		 * than 8 bytes left.  In that case, we need to increase
13397		 * the DMA length to get the last bit.
13398		 */
13399		if ((cur_len & 0x7) != 0) {
13400			if (cur_len > 0x7) {
13401				cur_len = cur_len - (cur_len & 0x7);
13402				dma_length = cur_len;
13403			} else {
13404				CTL_SIZE_8B(dma_length, cur_len);
13405			}
13406
13407		} else
13408			dma_length = cur_len;
13409
13410		/*
13411		 * If we had to allocate memory for this I/O, instead of using
13412		 * the non-cached mirror memory, we'll need to flush the cache
13413		 * before trying to DMA to the other controller.
13414		 *
13415		 * We could end up doing this multiple times for the same
13416		 * segment if we have a larger local segment than remote
13417		 * segment.  That shouldn't be an issue.
13418		 */
13419		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13420			/*
13421			 * XXX KDM use bus_dmamap_sync() here.
13422			 */
13423		}
13424
13425		rq->size = dma_length;
13426
13427		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13428		tmp_ptr += local_used;
13429
13430		/* Use physical addresses when talking to ISC hardware */
13431		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13432			/* XXX KDM use busdma */
13433#if 0
13434			rq->local = vtophys(tmp_ptr);
13435#endif
13436		} else
13437			rq->local = tmp_ptr;
13438
13439		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13440		tmp_ptr += remote_used;
13441		rq->remote = tmp_ptr;
13442
13443		rq->callback = NULL;
13444
13445		local_used += cur_len;
13446		if (local_used >= local_sglist[i].len) {
13447			i++;
13448			local_used = 0;
13449		}
13450
13451		remote_used += cur_len;
13452		if (remote_used >= remote_sglist[j].len) {
13453			j++;
13454			remote_used = 0;
13455		}
13456		total_used += cur_len;
13457
13458		if (total_used >= io->scsiio.kern_data_len)
13459			rq->callback = callback;
13460
13461		if ((rq->size & 0x7) != 0) {
13462			printf("%s: warning: size %d is not on 8b boundary\n",
13463			       __func__, rq->size);
13464		}
13465		if (((uintptr_t)rq->local & 0x7) != 0) {
13466			printf("%s: warning: local %p not on 8b boundary\n",
13467			       __func__, rq->local);
13468		}
13469		if (((uintptr_t)rq->remote & 0x7) != 0) {
13470			printf("%s: warning: remote %p not on 8b boundary\n",
13471			       __func__, rq->local);
13472		}
13473#if 0
13474		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
13475		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13476		       rq->local, rq->remote, rq->size);
13477#endif
13478
13479		isc_ret = ctl_dt_single(rq);
13480		if (isc_ret == CTL_HA_STATUS_WAIT)
13481			continue;
13482
13483		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
13484			rq->ret = CTL_HA_STATUS_SUCCESS;
13485		} else {
13486			rq->ret = isc_ret;
13487		}
13488		callback(rq);
13489		goto bailout;
13490	}
13491
13492bailout:
13493	return (retval);
13494
13495}
13496
13497static void
13498ctl_datamove_remote_read(union ctl_io *io)
13499{
13500	int retval;
13501	int i;
13502
13503	/*
13504	 * This will send an error to the other controller in the case of a
13505	 * failure.
13506	 */
13507	retval = ctl_datamove_remote_sgl_setup(io);
13508	if (retval != 0)
13509		return;
13510
13511	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13512					  ctl_datamove_remote_read_cb);
13513	if ((retval != 0)
13514	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
13515		/*
13516		 * Make sure we free memory if there was an error..  The
13517		 * ctl_datamove_remote_xfer() function will send the
13518		 * datamove done message, or call the callback with an
13519		 * error if there is a problem.
13520		 */
13521		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13522			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13523	}
13524
13525	return;
13526}
13527
13528/*
13529 * Process a datamove request from the other controller.  This is used for
13530 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13531 * first.  Once that is complete, the data gets DMAed into the remote
13532 * controller's memory.  For reads, we DMA from the remote controller's
13533 * memory into our memory first, and then move it out to the FETD.
13534 */
13535static void
13536ctl_datamove_remote(union ctl_io *io)
13537{
13538	struct ctl_softc *softc;
13539
13540	softc = control_softc;
13541
13542	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13543
13544	/*
13545	 * Note that we look for an aborted I/O here, but don't do some of
13546	 * the other checks that ctl_datamove() normally does.
13547	 * We don't need to run the datamove delay code, since that should
13548	 * have been done if need be on the other controller.
13549	 */
13550	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13551		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13552		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13553		       io->io_hdr.nexus.targ_port,
13554		       io->io_hdr.nexus.targ_target.id,
13555		       io->io_hdr.nexus.targ_lun);
13556		io->io_hdr.port_status = 31338;
13557		ctl_send_datamove_done(io, /*have_lock*/ 0);
13558		return;
13559	}
13560
13561	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13562		ctl_datamove_remote_write(io);
13563	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13564		ctl_datamove_remote_read(io);
13565	} else {
13566		union ctl_ha_msg msg;
13567		struct scsi_sense_data *sense;
13568		uint8_t sks[3];
13569		int retry_count;
13570
13571		memset(&msg, 0, sizeof(msg));
13572
13573		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13574		msg.hdr.status = CTL_SCSI_ERROR;
13575		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13576
13577		retry_count = 4243;
13578
13579		sense = &msg.scsi.sense_data;
13580		sks[0] = SSD_SCS_VALID;
13581		sks[1] = (retry_count >> 8) & 0xff;
13582		sks[2] = retry_count & 0xff;
13583
13584		/* "Internal target failure" */
13585		scsi_set_sense_data(sense,
13586				    /*sense_format*/ SSD_TYPE_NONE,
13587				    /*current_error*/ 1,
13588				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13589				    /*asc*/ 0x44,
13590				    /*ascq*/ 0x00,
13591				    /*type*/ SSD_ELEM_SKS,
13592				    /*size*/ sizeof(sks),
13593				    /*data*/ sks,
13594				    SSD_ELEM_NONE);
13595
13596		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13597		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13598			ctl_failover_io(io, /*have_lock*/ 1);
13599			return;
13600		}
13601
13602		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13603		    CTL_HA_STATUS_SUCCESS) {
13604			/* XXX KDM what to do if this fails? */
13605		}
13606		return;
13607	}
13608
13609}
13610
13611static int
13612ctl_process_done(union ctl_io *io)
13613{
13614	struct ctl_lun *lun;
13615	struct ctl_softc *softc = control_softc;
13616	void (*fe_done)(union ctl_io *io);
13617	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13618
13619	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13620
13621	fe_done = softc->ctl_ports[targ_port]->fe_done;
13622
13623#ifdef CTL_TIME_IO
13624	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13625		char str[256];
13626		char path_str[64];
13627		struct sbuf sb;
13628
13629		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13630		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13631
13632		sbuf_cat(&sb, path_str);
13633		switch (io->io_hdr.io_type) {
13634		case CTL_IO_SCSI:
13635			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13636			sbuf_printf(&sb, "\n");
13637			sbuf_cat(&sb, path_str);
13638			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13639				    io->scsiio.tag_num, io->scsiio.tag_type);
13640			break;
13641		case CTL_IO_TASK:
13642			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13643				    "Tag Type: %d\n", io->taskio.task_action,
13644				    io->taskio.tag_num, io->taskio.tag_type);
13645			break;
13646		default:
13647			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13648			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13649			break;
13650		}
13651		sbuf_cat(&sb, path_str);
13652		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13653			    (intmax_t)time_uptime - io->io_hdr.start_time);
13654		sbuf_finish(&sb);
13655		printf("%s", sbuf_data(&sb));
13656	}
13657#endif /* CTL_TIME_IO */
13658
13659	switch (io->io_hdr.io_type) {
13660	case CTL_IO_SCSI:
13661		break;
13662	case CTL_IO_TASK:
13663		if (bootverbose || (ctl_debug & CTL_DEBUG_INFO))
13664			ctl_io_error_print(io, NULL);
13665		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13666			ctl_free_io(io);
13667		else
13668			fe_done(io);
13669		return (CTL_RETVAL_COMPLETE);
13670	default:
13671		panic("ctl_process_done: invalid io type %d\n",
13672		      io->io_hdr.io_type);
13673		break; /* NOTREACHED */
13674	}
13675
13676	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13677	if (lun == NULL) {
13678		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13679				 io->io_hdr.nexus.targ_mapped_lun));
13680		goto bailout;
13681	}
13682
13683	mtx_lock(&lun->lun_lock);
13684
13685	/*
13686	 * Check to see if we have any errors to inject here.  We only
13687	 * inject errors for commands that don't already have errors set.
13688	 */
13689	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
13690	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13691	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13692		ctl_inject_error(lun, io);
13693
13694	/*
13695	 * XXX KDM how do we treat commands that aren't completed
13696	 * successfully?
13697	 *
13698	 * XXX KDM should we also track I/O latency?
13699	 */
13700	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13701	    io->io_hdr.io_type == CTL_IO_SCSI) {
13702#ifdef CTL_TIME_IO
13703		struct bintime cur_bt;
13704#endif
13705		int type;
13706
13707		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13708		    CTL_FLAG_DATA_IN)
13709			type = CTL_STATS_READ;
13710		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13711		    CTL_FLAG_DATA_OUT)
13712			type = CTL_STATS_WRITE;
13713		else
13714			type = CTL_STATS_NO_IO;
13715
13716		lun->stats.ports[targ_port].bytes[type] +=
13717		    io->scsiio.kern_total_len;
13718		lun->stats.ports[targ_port].operations[type]++;
13719#ifdef CTL_TIME_IO
13720		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13721		   &io->io_hdr.dma_bt);
13722		lun->stats.ports[targ_port].num_dmas[type] +=
13723		    io->io_hdr.num_dmas;
13724		getbintime(&cur_bt);
13725		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13726		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13727#endif
13728	}
13729
13730	/*
13731	 * Remove this from the OOA queue.
13732	 */
13733	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13734#ifdef CTL_TIME_IO
13735	if (TAILQ_EMPTY(&lun->ooa_queue))
13736		lun->last_busy = getsbinuptime();
13737#endif
13738
13739	/*
13740	 * Run through the blocked queue on this LUN and see if anything
13741	 * has become unblocked, now that this transaction is done.
13742	 */
13743	ctl_check_blocked(lun);
13744
13745	/*
13746	 * If the LUN has been invalidated, free it if there is nothing
13747	 * left on its OOA queue.
13748	 */
13749	if ((lun->flags & CTL_LUN_INVALID)
13750	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13751		mtx_unlock(&lun->lun_lock);
13752		mtx_lock(&softc->ctl_lock);
13753		ctl_free_lun(lun);
13754		mtx_unlock(&softc->ctl_lock);
13755	} else
13756		mtx_unlock(&lun->lun_lock);
13757
13758bailout:
13759
13760	/*
13761	 * If this command has been aborted, make sure we set the status
13762	 * properly.  The FETD is responsible for freeing the I/O and doing
13763	 * whatever it needs to do to clean up its state.
13764	 */
13765	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13766		ctl_set_task_aborted(&io->scsiio);
13767
13768	/*
13769	 * If enabled, print command error status.
13770	 * We don't print UAs unless debugging was enabled explicitly.
13771	 */
13772	do {
13773		if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)
13774			break;
13775		if (!bootverbose && (ctl_debug & CTL_DEBUG_INFO) == 0)
13776			break;
13777		if ((ctl_debug & CTL_DEBUG_INFO) == 0 &&
13778		    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR) &&
13779		     (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
13780			int error_code, sense_key, asc, ascq;
13781
13782			scsi_extract_sense_len(&io->scsiio.sense_data,
13783			    io->scsiio.sense_len, &error_code, &sense_key,
13784			    &asc, &ascq, /*show_errors*/ 0);
13785			if (sense_key == SSD_KEY_UNIT_ATTENTION)
13786				break;
13787		}
13788
13789		ctl_io_error_print(io, NULL);
13790	} while (0);
13791
13792	/*
13793	 * Tell the FETD or the other shelf controller we're done with this
13794	 * command.  Note that only SCSI commands get to this point.  Task
13795	 * management commands are completed above.
13796	 *
13797	 * We only send status to the other controller if we're in XFER
13798	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13799	 * received the I/O (from CTL's perspective), and so the status is
13800	 * generated there.
13801	 *
13802	 * XXX KDM if we hold the lock here, we could cause a deadlock
13803	 * if the frontend comes back in in this context to queue
13804	 * something.
13805	 */
13806	if ((softc->ha_mode == CTL_HA_MODE_XFER)
13807	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13808		union ctl_ha_msg msg;
13809
13810		memset(&msg, 0, sizeof(msg));
13811		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13812		msg.hdr.original_sc = io->io_hdr.original_sc;
13813		msg.hdr.nexus = io->io_hdr.nexus;
13814		msg.hdr.status = io->io_hdr.status;
13815		msg.scsi.scsi_status = io->scsiio.scsi_status;
13816		msg.scsi.tag_num = io->scsiio.tag_num;
13817		msg.scsi.tag_type = io->scsiio.tag_type;
13818		msg.scsi.sense_len = io->scsiio.sense_len;
13819		msg.scsi.sense_residual = io->scsiio.sense_residual;
13820		msg.scsi.residual = io->scsiio.residual;
13821		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13822		       sizeof(io->scsiio.sense_data));
13823		/*
13824		 * We copy this whether or not this is an I/O-related
13825		 * command.  Otherwise, we'd have to go and check to see
13826		 * whether it's a read/write command, and it really isn't
13827		 * worth it.
13828		 */
13829		memcpy(&msg.scsi.lbalen,
13830		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13831		       sizeof(msg.scsi.lbalen));
13832
13833		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13834				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13835			/* XXX do something here */
13836		}
13837
13838		ctl_free_io(io);
13839	} else
13840		fe_done(io);
13841
13842	return (CTL_RETVAL_COMPLETE);
13843}
13844
13845#ifdef CTL_WITH_CA
13846/*
13847 * Front end should call this if it doesn't do autosense.  When the request
13848 * sense comes back in from the initiator, we'll dequeue this and send it.
13849 */
13850int
13851ctl_queue_sense(union ctl_io *io)
13852{
13853	struct ctl_lun *lun;
13854	struct ctl_port *port;
13855	struct ctl_softc *softc;
13856	uint32_t initidx, targ_lun;
13857
13858	softc = control_softc;
13859
13860	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13861
13862	/*
13863	 * LUN lookup will likely move to the ctl_work_thread() once we
13864	 * have our new queueing infrastructure (that doesn't put things on
13865	 * a per-LUN queue initially).  That is so that we can handle
13866	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13867	 * can't deal with that right now.
13868	 */
13869	mtx_lock(&softc->ctl_lock);
13870
13871	/*
13872	 * If we don't have a LUN for this, just toss the sense
13873	 * information.
13874	 */
13875	port = ctl_io_port(&ctsio->io_hdr);
13876	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13877	if ((targ_lun < CTL_MAX_LUNS)
13878	 && (softc->ctl_luns[targ_lun] != NULL))
13879		lun = softc->ctl_luns[targ_lun];
13880	else
13881		goto bailout;
13882
13883	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13884
13885	mtx_lock(&lun->lun_lock);
13886	/*
13887	 * Already have CA set for this LUN...toss the sense information.
13888	 */
13889	if (ctl_is_set(lun->have_ca, initidx)) {
13890		mtx_unlock(&lun->lun_lock);
13891		goto bailout;
13892	}
13893
13894	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13895	       MIN(sizeof(lun->pending_sense[initidx]),
13896	       sizeof(io->scsiio.sense_data)));
13897	ctl_set_mask(lun->have_ca, initidx);
13898	mtx_unlock(&lun->lun_lock);
13899
13900bailout:
13901	mtx_unlock(&softc->ctl_lock);
13902
13903	ctl_free_io(io);
13904
13905	return (CTL_RETVAL_COMPLETE);
13906}
13907#endif
13908
13909/*
13910 * Primary command inlet from frontend ports.  All SCSI and task I/O
13911 * requests must go through this function.
13912 */
13913int
13914ctl_queue(union ctl_io *io)
13915{
13916	struct ctl_port *port;
13917
13918	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13919
13920#ifdef CTL_TIME_IO
13921	io->io_hdr.start_time = time_uptime;
13922	getbintime(&io->io_hdr.start_bt);
13923#endif /* CTL_TIME_IO */
13924
13925	/* Map FE-specific LUN ID into global one. */
13926	port = ctl_io_port(&io->io_hdr);
13927	io->io_hdr.nexus.targ_mapped_lun =
13928	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13929
13930	switch (io->io_hdr.io_type) {
13931	case CTL_IO_SCSI:
13932	case CTL_IO_TASK:
13933		if (ctl_debug & CTL_DEBUG_CDB)
13934			ctl_io_print(io);
13935		ctl_enqueue_incoming(io);
13936		break;
13937	default:
13938		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13939		return (EINVAL);
13940	}
13941
13942	return (CTL_RETVAL_COMPLETE);
13943}
13944
13945#ifdef CTL_IO_DELAY
13946static void
13947ctl_done_timer_wakeup(void *arg)
13948{
13949	union ctl_io *io;
13950
13951	io = (union ctl_io *)arg;
13952	ctl_done(io);
13953}
13954#endif /* CTL_IO_DELAY */
13955
13956void
13957ctl_done(union ctl_io *io)
13958{
13959
13960	/*
13961	 * Enable this to catch duplicate completion issues.
13962	 */
13963#if 0
13964	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13965		printf("%s: type %d msg %d cdb %x iptl: "
13966		       "%d:%d:%d:%d tag 0x%04x "
13967		       "flag %#x status %x\n",
13968			__func__,
13969			io->io_hdr.io_type,
13970			io->io_hdr.msg_type,
13971			io->scsiio.cdb[0],
13972			io->io_hdr.nexus.initid.id,
13973			io->io_hdr.nexus.targ_port,
13974			io->io_hdr.nexus.targ_target.id,
13975			io->io_hdr.nexus.targ_lun,
13976			(io->io_hdr.io_type ==
13977			CTL_IO_TASK) ?
13978			io->taskio.tag_num :
13979			io->scsiio.tag_num,
13980		        io->io_hdr.flags,
13981			io->io_hdr.status);
13982	} else
13983		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13984#endif
13985
13986	/*
13987	 * This is an internal copy of an I/O, and should not go through
13988	 * the normal done processing logic.
13989	 */
13990	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13991		return;
13992
13993	/*
13994	 * We need to send a msg to the serializing shelf to finish the IO
13995	 * as well.  We don't send a finish message to the other shelf if
13996	 * this is a task management command.  Task management commands
13997	 * aren't serialized in the OOA queue, but rather just executed on
13998	 * both shelf controllers for commands that originated on that
13999	 * controller.
14000	 */
14001	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
14002	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
14003		union ctl_ha_msg msg_io;
14004
14005		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
14006		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
14007		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
14008		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
14009		}
14010		/* continue on to finish IO */
14011	}
14012#ifdef CTL_IO_DELAY
14013	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
14014		struct ctl_lun *lun;
14015
14016		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14017
14018		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
14019	} else {
14020		struct ctl_lun *lun;
14021
14022		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14023
14024		if ((lun != NULL)
14025		 && (lun->delay_info.done_delay > 0)) {
14026			struct callout *callout;
14027
14028			callout = (struct callout *)&io->io_hdr.timer_bytes;
14029			callout_init(callout, /*mpsafe*/ 1);
14030			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
14031			callout_reset(callout,
14032				      lun->delay_info.done_delay * hz,
14033				      ctl_done_timer_wakeup, io);
14034			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
14035				lun->delay_info.done_delay = 0;
14036			return;
14037		}
14038	}
14039#endif /* CTL_IO_DELAY */
14040
14041	ctl_enqueue_done(io);
14042}
14043
14044int
14045ctl_isc(struct ctl_scsiio *ctsio)
14046{
14047	struct ctl_lun *lun;
14048	int retval;
14049
14050	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14051
14052	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
14053
14054	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
14055
14056	retval = lun->backend->data_submit((union ctl_io *)ctsio);
14057
14058	return (retval);
14059}
14060
14061
14062static void
14063ctl_work_thread(void *arg)
14064{
14065	struct ctl_thread *thr = (struct ctl_thread *)arg;
14066	struct ctl_softc *softc = thr->ctl_softc;
14067	union ctl_io *io;
14068	int retval;
14069
14070	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
14071
14072	for (;;) {
14073		retval = 0;
14074
14075		/*
14076		 * We handle the queues in this order:
14077		 * - ISC
14078		 * - done queue (to free up resources, unblock other commands)
14079		 * - RtR queue
14080		 * - incoming queue
14081		 *
14082		 * If those queues are empty, we break out of the loop and
14083		 * go to sleep.
14084		 */
14085		mtx_lock(&thr->queue_lock);
14086		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
14087		if (io != NULL) {
14088			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
14089			mtx_unlock(&thr->queue_lock);
14090			ctl_handle_isc(io);
14091			continue;
14092		}
14093		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
14094		if (io != NULL) {
14095			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
14096			/* clear any blocked commands, call fe_done */
14097			mtx_unlock(&thr->queue_lock);
14098			retval = ctl_process_done(io);
14099			continue;
14100		}
14101		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
14102		if (io != NULL) {
14103			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
14104			mtx_unlock(&thr->queue_lock);
14105			if (io->io_hdr.io_type == CTL_IO_TASK)
14106				ctl_run_task(io);
14107			else
14108				ctl_scsiio_precheck(softc, &io->scsiio);
14109			continue;
14110		}
14111		if (!ctl_pause_rtr) {
14112			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
14113			if (io != NULL) {
14114				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
14115				mtx_unlock(&thr->queue_lock);
14116				retval = ctl_scsiio(&io->scsiio);
14117				if (retval != CTL_RETVAL_COMPLETE)
14118					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
14119				continue;
14120			}
14121		}
14122
14123		/* Sleep until we have something to do. */
14124		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
14125	}
14126}
14127
14128static void
14129ctl_lun_thread(void *arg)
14130{
14131	struct ctl_softc *softc = (struct ctl_softc *)arg;
14132	struct ctl_be_lun *be_lun;
14133	int retval;
14134
14135	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
14136
14137	for (;;) {
14138		retval = 0;
14139		mtx_lock(&softc->ctl_lock);
14140		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
14141		if (be_lun != NULL) {
14142			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
14143			mtx_unlock(&softc->ctl_lock);
14144			ctl_create_lun(be_lun);
14145			continue;
14146		}
14147
14148		/* Sleep until we have something to do. */
14149		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
14150		    PDROP | PRIBIO, "-", 0);
14151	}
14152}
14153
14154static void
14155ctl_thresh_thread(void *arg)
14156{
14157	struct ctl_softc *softc = (struct ctl_softc *)arg;
14158	struct ctl_lun *lun;
14159	struct ctl_be_lun *be_lun;
14160	struct scsi_da_rw_recovery_page *rwpage;
14161	struct ctl_logical_block_provisioning_page *page;
14162	const char *attr;
14163	uint64_t thres, val;
14164	int i, e;
14165
14166	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
14167
14168	for (;;) {
14169		mtx_lock(&softc->ctl_lock);
14170		STAILQ_FOREACH(lun, &softc->lun_list, links) {
14171			be_lun = lun->be_lun;
14172			if ((lun->flags & CTL_LUN_DISABLED) ||
14173			    (lun->flags & CTL_LUN_OFFLINE) ||
14174			    lun->backend->lun_attr == NULL)
14175				continue;
14176			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
14177			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
14178				continue;
14179			e = 0;
14180			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
14181			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
14182				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
14183					continue;
14184				thres = scsi_4btoul(page->descr[i].count);
14185				thres <<= CTL_LBP_EXPONENT;
14186				switch (page->descr[i].resource) {
14187				case 0x01:
14188					attr = "blocksavail";
14189					break;
14190				case 0x02:
14191					attr = "blocksused";
14192					break;
14193				case 0xf1:
14194					attr = "poolblocksavail";
14195					break;
14196				case 0xf2:
14197					attr = "poolblocksused";
14198					break;
14199				default:
14200					continue;
14201				}
14202				mtx_unlock(&softc->ctl_lock); // XXX
14203				val = lun->backend->lun_attr(
14204				    lun->be_lun->be_lun, attr);
14205				mtx_lock(&softc->ctl_lock);
14206				if (val == UINT64_MAX)
14207					continue;
14208				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
14209				    == SLBPPD_ARMING_INC)
14210					e |= (val >= thres);
14211				else
14212					e |= (val <= thres);
14213			}
14214			mtx_lock(&lun->lun_lock);
14215			if (e) {
14216				if (lun->lasttpt == 0 ||
14217				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
14218					lun->lasttpt = time_uptime;
14219					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
14220				}
14221			} else {
14222				lun->lasttpt = 0;
14223				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
14224			}
14225			mtx_unlock(&lun->lun_lock);
14226		}
14227		mtx_unlock(&softc->ctl_lock);
14228		pause("-", CTL_LBP_PERIOD * hz);
14229	}
14230}
14231
14232static void
14233ctl_enqueue_incoming(union ctl_io *io)
14234{
14235	struct ctl_softc *softc = control_softc;
14236	struct ctl_thread *thr;
14237	u_int idx;
14238
14239	idx = (io->io_hdr.nexus.targ_port * 127 +
14240	       io->io_hdr.nexus.initid.id) % worker_threads;
14241	thr = &softc->threads[idx];
14242	mtx_lock(&thr->queue_lock);
14243	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
14244	mtx_unlock(&thr->queue_lock);
14245	wakeup(thr);
14246}
14247
14248static void
14249ctl_enqueue_rtr(union ctl_io *io)
14250{
14251	struct ctl_softc *softc = control_softc;
14252	struct ctl_thread *thr;
14253
14254	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14255	mtx_lock(&thr->queue_lock);
14256	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
14257	mtx_unlock(&thr->queue_lock);
14258	wakeup(thr);
14259}
14260
14261static void
14262ctl_enqueue_done(union ctl_io *io)
14263{
14264	struct ctl_softc *softc = control_softc;
14265	struct ctl_thread *thr;
14266
14267	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14268	mtx_lock(&thr->queue_lock);
14269	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
14270	mtx_unlock(&thr->queue_lock);
14271	wakeup(thr);
14272}
14273
14274static void
14275ctl_enqueue_isc(union ctl_io *io)
14276{
14277	struct ctl_softc *softc = control_softc;
14278	struct ctl_thread *thr;
14279
14280	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14281	mtx_lock(&thr->queue_lock);
14282	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
14283	mtx_unlock(&thr->queue_lock);
14284	wakeup(thr);
14285}
14286
14287/* Initialization and failover */
14288
14289void
14290ctl_init_isc_msg(void)
14291{
14292	printf("CTL: Still calling this thing\n");
14293}
14294
14295/*
14296 * Init component
14297 * 	Initializes component into configuration defined by bootMode
14298 *	(see hasc-sv.c)
14299 *  	returns hasc_Status:
14300 * 		OK
14301 *		ERROR - fatal error
14302 */
14303static ctl_ha_comp_status
14304ctl_isc_init(struct ctl_ha_component *c)
14305{
14306	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14307
14308	c->status = ret;
14309	return ret;
14310}
14311
14312/* Start component
14313 * 	Starts component in state requested. If component starts successfully,
14314 *	it must set its own state to the requestrd state
14315 *	When requested state is HASC_STATE_HA, the component may refine it
14316 * 	by adding _SLAVE or _MASTER flags.
14317 *	Currently allowed state transitions are:
14318 *	UNKNOWN->HA		- initial startup
14319 *	UNKNOWN->SINGLE - initial startup when no parter detected
14320 *	HA->SINGLE		- failover
14321 * returns ctl_ha_comp_status:
14322 * 		OK	- component successfully started in requested state
14323 *		FAILED  - could not start the requested state, failover may
14324 * 			  be possible
14325 *		ERROR	- fatal error detected, no future startup possible
14326 */
14327static ctl_ha_comp_status
14328ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
14329{
14330	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14331
14332	printf("%s: go\n", __func__);
14333
14334	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
14335	if (c->state == CTL_HA_STATE_UNKNOWN ) {
14336		control_softc->is_single = 0;
14337		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
14338		    != CTL_HA_STATUS_SUCCESS) {
14339			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
14340			ret = CTL_HA_COMP_STATUS_ERROR;
14341		}
14342	} else if (CTL_HA_STATE_IS_HA(c->state)
14343		&& CTL_HA_STATE_IS_SINGLE(state)){
14344		// HA->SINGLE transition
14345	        ctl_failover();
14346		control_softc->is_single = 1;
14347	} else {
14348		printf("ctl_isc_start:Invalid state transition %X->%X\n",
14349		       c->state, state);
14350		ret = CTL_HA_COMP_STATUS_ERROR;
14351	}
14352	if (CTL_HA_STATE_IS_SINGLE(state))
14353		control_softc->is_single = 1;
14354
14355	c->state = state;
14356	c->status = ret;
14357	return ret;
14358}
14359
14360/*
14361 * Quiesce component
14362 * The component must clear any error conditions (set status to OK) and
14363 * prepare itself to another Start call
14364 * returns ctl_ha_comp_status:
14365 * 	OK
14366 *	ERROR
14367 */
14368static ctl_ha_comp_status
14369ctl_isc_quiesce(struct ctl_ha_component *c)
14370{
14371	int ret = CTL_HA_COMP_STATUS_OK;
14372
14373	ctl_pause_rtr = 1;
14374	c->status = ret;
14375	return ret;
14376}
14377
14378struct ctl_ha_component ctl_ha_component_ctlisc =
14379{
14380	.name = "CTL ISC",
14381	.state = CTL_HA_STATE_UNKNOWN,
14382	.init = ctl_isc_init,
14383	.start = ctl_isc_start,
14384	.quiesce = ctl_isc_quiesce
14385};
14386
14387/*
14388 *  vim: ts=8
14389 */
14390