ctl.c revision 288730 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id$
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288730 2015-10-05 08:55:00Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/ctype.h>
50#include <sys/kernel.h>
51#include <sys/types.h>
52#include <sys/kthread.h>
53#include <sys/bio.h>
54#include <sys/fcntl.h>
55#include <sys/lock.h>
56#include <sys/module.h>
57#include <sys/mutex.h>
58#include <sys/condvar.h>
59#include <sys/malloc.h>
60#include <sys/conf.h>
61#include <sys/ioccom.h>
62#include <sys/queue.h>
63#include <sys/sbuf.h>
64#include <sys/smp.h>
65#include <sys/endian.h>
66#include <sys/sysctl.h>
67#include <vm/uma.h>
68
69#include <cam/cam.h>
70#include <cam/scsi/scsi_all.h>
71#include <cam/scsi/scsi_da.h>
72#include <cam/ctl/ctl_io.h>
73#include <cam/ctl/ctl.h>
74#include <cam/ctl/ctl_frontend.h>
75#include <cam/ctl/ctl_util.h>
76#include <cam/ctl/ctl_backend.h>
77#include <cam/ctl/ctl_ioctl.h>
78#include <cam/ctl/ctl_ha.h>
79#include <cam/ctl/ctl_private.h>
80#include <cam/ctl/ctl_debug.h>
81#include <cam/ctl/ctl_scsi_all.h>
82#include <cam/ctl/ctl_error.h>
83
84struct ctl_softc *control_softc = NULL;
85
86/*
87 * Size and alignment macros needed for Copan-specific HA hardware.  These
88 * can go away when the HA code is re-written, and uses busdma for any
89 * hardware.
90 */
91#define	CTL_ALIGN_8B(target, source, type)				\
92	if (((uint32_t)source & 0x7) != 0)				\
93		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
94	else								\
95		target = (type)source;
96
97#define	CTL_SIZE_8B(target, size)					\
98	if ((size & 0x7) != 0)						\
99		target = size + (0x8 - (size & 0x7));			\
100	else								\
101		target = size;
102
103#define CTL_ALIGN_8B_MARGIN	16
104
105/*
106 * Template mode pages.
107 */
108
109/*
110 * Note that these are default values only.  The actual values will be
111 * filled in when the user does a mode sense.
112 */
113const static struct copan_debugconf_subpage debugconf_page_default = {
114	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
115	DBGCNF_SUBPAGE_CODE,		/* subpage */
116	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
117	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
118	DBGCNF_VERSION,			/* page_version */
119	{CTL_TIME_IO_DEFAULT_SECS>>8,
120	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
121};
122
123const static struct copan_debugconf_subpage debugconf_page_changeable = {
124	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
125	DBGCNF_SUBPAGE_CODE,		/* subpage */
126	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
127	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
128	0,				/* page_version */
129	{0xff,0xff},			/* ctl_time_io_secs */
130};
131
132const static struct scsi_da_rw_recovery_page rw_er_page_default = {
133	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
134	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
135	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
136	/*read_retry_count*/0,
137	/*correction_span*/0,
138	/*head_offset_count*/0,
139	/*data_strobe_offset_cnt*/0,
140	/*byte8*/SMS_RWER_LBPERE,
141	/*write_retry_count*/0,
142	/*reserved2*/0,
143	/*recovery_time_limit*/{0, 0},
144};
145
146const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
147	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
148	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
149	/*byte3*/0,
150	/*read_retry_count*/0,
151	/*correction_span*/0,
152	/*head_offset_count*/0,
153	/*data_strobe_offset_cnt*/0,
154	/*byte8*/0,
155	/*write_retry_count*/0,
156	/*reserved2*/0,
157	/*recovery_time_limit*/{0, 0},
158};
159
160const static struct scsi_format_page format_page_default = {
161	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
162	/*page_length*/sizeof(struct scsi_format_page) - 2,
163	/*tracks_per_zone*/ {0, 0},
164	/*alt_sectors_per_zone*/ {0, 0},
165	/*alt_tracks_per_zone*/ {0, 0},
166	/*alt_tracks_per_lun*/ {0, 0},
167	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
168			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
169	/*bytes_per_sector*/ {0, 0},
170	/*interleave*/ {0, 0},
171	/*track_skew*/ {0, 0},
172	/*cylinder_skew*/ {0, 0},
173	/*flags*/ SFP_HSEC,
174	/*reserved*/ {0, 0, 0}
175};
176
177const static struct scsi_format_page format_page_changeable = {
178	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
179	/*page_length*/sizeof(struct scsi_format_page) - 2,
180	/*tracks_per_zone*/ {0, 0},
181	/*alt_sectors_per_zone*/ {0, 0},
182	/*alt_tracks_per_zone*/ {0, 0},
183	/*alt_tracks_per_lun*/ {0, 0},
184	/*sectors_per_track*/ {0, 0},
185	/*bytes_per_sector*/ {0, 0},
186	/*interleave*/ {0, 0},
187	/*track_skew*/ {0, 0},
188	/*cylinder_skew*/ {0, 0},
189	/*flags*/ 0,
190	/*reserved*/ {0, 0, 0}
191};
192
193const static struct scsi_rigid_disk_page rigid_disk_page_default = {
194	/*page_code*/SMS_RIGID_DISK_PAGE,
195	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
196	/*cylinders*/ {0, 0, 0},
197	/*heads*/ CTL_DEFAULT_HEADS,
198	/*start_write_precomp*/ {0, 0, 0},
199	/*start_reduced_current*/ {0, 0, 0},
200	/*step_rate*/ {0, 0},
201	/*landing_zone_cylinder*/ {0, 0, 0},
202	/*rpl*/ SRDP_RPL_DISABLED,
203	/*rotational_offset*/ 0,
204	/*reserved1*/ 0,
205	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
206			   CTL_DEFAULT_ROTATION_RATE & 0xff},
207	/*reserved2*/ {0, 0}
208};
209
210const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
211	/*page_code*/SMS_RIGID_DISK_PAGE,
212	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
213	/*cylinders*/ {0, 0, 0},
214	/*heads*/ 0,
215	/*start_write_precomp*/ {0, 0, 0},
216	/*start_reduced_current*/ {0, 0, 0},
217	/*step_rate*/ {0, 0},
218	/*landing_zone_cylinder*/ {0, 0, 0},
219	/*rpl*/ 0,
220	/*rotational_offset*/ 0,
221	/*reserved1*/ 0,
222	/*rotation_rate*/ {0, 0},
223	/*reserved2*/ {0, 0}
224};
225
226const static struct scsi_caching_page caching_page_default = {
227	/*page_code*/SMS_CACHING_PAGE,
228	/*page_length*/sizeof(struct scsi_caching_page) - 2,
229	/*flags1*/ SCP_DISC | SCP_WCE,
230	/*ret_priority*/ 0,
231	/*disable_pf_transfer_len*/ {0xff, 0xff},
232	/*min_prefetch*/ {0, 0},
233	/*max_prefetch*/ {0xff, 0xff},
234	/*max_pf_ceiling*/ {0xff, 0xff},
235	/*flags2*/ 0,
236	/*cache_segments*/ 0,
237	/*cache_seg_size*/ {0, 0},
238	/*reserved*/ 0,
239	/*non_cache_seg_size*/ {0, 0, 0}
240};
241
242const static struct scsi_caching_page caching_page_changeable = {
243	/*page_code*/SMS_CACHING_PAGE,
244	/*page_length*/sizeof(struct scsi_caching_page) - 2,
245	/*flags1*/ SCP_WCE | SCP_RCD,
246	/*ret_priority*/ 0,
247	/*disable_pf_transfer_len*/ {0, 0},
248	/*min_prefetch*/ {0, 0},
249	/*max_prefetch*/ {0, 0},
250	/*max_pf_ceiling*/ {0, 0},
251	/*flags2*/ 0,
252	/*cache_segments*/ 0,
253	/*cache_seg_size*/ {0, 0},
254	/*reserved*/ 0,
255	/*non_cache_seg_size*/ {0, 0, 0}
256};
257
258const static struct scsi_control_page control_page_default = {
259	/*page_code*/SMS_CONTROL_MODE_PAGE,
260	/*page_length*/sizeof(struct scsi_control_page) - 2,
261	/*rlec*/0,
262	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
263	/*eca_and_aen*/0,
264	/*flags4*/SCP_TAS,
265	/*aen_holdoff_period*/{0, 0},
266	/*busy_timeout_period*/{0, 0},
267	/*extended_selftest_completion_time*/{0, 0}
268};
269
270const static struct scsi_control_page control_page_changeable = {
271	/*page_code*/SMS_CONTROL_MODE_PAGE,
272	/*page_length*/sizeof(struct scsi_control_page) - 2,
273	/*rlec*/SCP_DSENSE,
274	/*queue_flags*/SCP_QUEUE_ALG_MASK,
275	/*eca_and_aen*/SCP_SWP,
276	/*flags4*/0,
277	/*aen_holdoff_period*/{0, 0},
278	/*busy_timeout_period*/{0, 0},
279	/*extended_selftest_completion_time*/{0, 0}
280};
281
282const static struct scsi_info_exceptions_page ie_page_default = {
283	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
284	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
285	/*info_flags*/SIEP_FLAGS_DEXCPT,
286	/*mrie*/0,
287	/*interval_timer*/{0, 0, 0, 0},
288	/*report_count*/{0, 0, 0, 0}
289};
290
291const static struct scsi_info_exceptions_page ie_page_changeable = {
292	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
293	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
294	/*info_flags*/0,
295	/*mrie*/0,
296	/*interval_timer*/{0, 0, 0, 0},
297	/*report_count*/{0, 0, 0, 0}
298};
299
300#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
301
302const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
303	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
304	/*subpage_code*/0x02,
305	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
306	/*flags*/0,
307	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
308	/*descr*/{}},
309	{{/*flags*/0,
310	  /*resource*/0x01,
311	  /*reserved*/{0, 0},
312	  /*count*/{0, 0, 0, 0}},
313	 {/*flags*/0,
314	  /*resource*/0x02,
315	  /*reserved*/{0, 0},
316	  /*count*/{0, 0, 0, 0}},
317	 {/*flags*/0,
318	  /*resource*/0xf1,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0xf2,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}}
325	}
326};
327
328const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
329	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
330	/*subpage_code*/0x02,
331	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
332	/*flags*/0,
333	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
334	/*descr*/{}},
335	{{/*flags*/0,
336	  /*resource*/0,
337	  /*reserved*/{0, 0},
338	  /*count*/{0, 0, 0, 0}},
339	 {/*flags*/0,
340	  /*resource*/0,
341	  /*reserved*/{0, 0},
342	  /*count*/{0, 0, 0, 0}},
343	 {/*flags*/0,
344	  /*resource*/0,
345	  /*reserved*/{0, 0},
346	  /*count*/{0, 0, 0, 0}},
347	 {/*flags*/0,
348	  /*resource*/0,
349	  /*reserved*/{0, 0},
350	  /*count*/{0, 0, 0, 0}}
351	}
352};
353
354/*
355 * XXX KDM move these into the softc.
356 */
357static int rcv_sync_msg;
358static uint8_t ctl_pause_rtr;
359
360SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
361static int worker_threads = -1;
362TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
363SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
364    &worker_threads, 1, "Number of worker threads");
365static int ctl_debug = CTL_DEBUG_NONE;
366TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
367SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
368    &ctl_debug, 0, "Enabled debug flags");
369
370/*
371 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
372 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
373 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
374 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
375 */
376#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
377
378#ifdef notyet
379static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
380				  int param);
381static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
382#endif
383static int ctl_init(void);
384void ctl_shutdown(void);
385static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
386static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
387static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
388static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
389			      struct ctl_ooa *ooa_hdr,
390			      struct ctl_ooa_entry *kern_entries);
391static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
392		     struct thread *td);
393static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
394			 struct ctl_be_lun *be_lun);
395static int ctl_free_lun(struct ctl_lun *lun);
396static void ctl_create_lun(struct ctl_be_lun *be_lun);
397static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
398/**
399static void ctl_failover_change_pages(struct ctl_softc *softc,
400				      struct ctl_scsiio *ctsio, int master);
401**/
402
403static int ctl_do_mode_select(union ctl_io *io);
404static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
405			   uint64_t res_key, uint64_t sa_res_key,
406			   uint8_t type, uint32_t residx,
407			   struct ctl_scsiio *ctsio,
408			   struct scsi_per_res_out *cdb,
409			   struct scsi_per_res_out_parms* param);
410static void ctl_pro_preempt_other(struct ctl_lun *lun,
411				  union ctl_ha_msg *msg);
412static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
413static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
414static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
415static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
416static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
417static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
418static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
419					 int alloc_len);
420static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
421					 int alloc_len);
422static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
423static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
424static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
425static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
426static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
427static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
428    bool seq);
429static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
430static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
431    union ctl_io *pending_io, union ctl_io *ooa_io);
432static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
433				union ctl_io *starting_io);
434static int ctl_check_blocked(struct ctl_lun *lun);
435static int ctl_scsiio_lun_check(struct ctl_lun *lun,
436				const struct ctl_cmd_entry *entry,
437				struct ctl_scsiio *ctsio);
438//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
439#ifdef notyet
440static void ctl_failover(void);
441#endif
442static void ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
443			 ctl_ua_type ua_type);
444static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
445			       struct ctl_scsiio *ctsio);
446static int ctl_scsiio(struct ctl_scsiio *ctsio);
447
448static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
449static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
450			    ctl_ua_type ua_type);
451static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
452			 ctl_ua_type ua_type);
453static int ctl_abort_task(union ctl_io *io);
454static int ctl_abort_task_set(union ctl_io *io);
455static int ctl_i_t_nexus_reset(union ctl_io *io);
456static void ctl_run_task(union ctl_io *io);
457#ifdef CTL_IO_DELAY
458static void ctl_datamove_timer_wakeup(void *arg);
459static void ctl_done_timer_wakeup(void *arg);
460#endif /* CTL_IO_DELAY */
461
462static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
463static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
464static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
465static void ctl_datamove_remote_write(union ctl_io *io);
466static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
467static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
468static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
469static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
470				    ctl_ha_dt_cb callback);
471static void ctl_datamove_remote_read(union ctl_io *io);
472static void ctl_datamove_remote(union ctl_io *io);
473static int ctl_process_done(union ctl_io *io);
474static void ctl_lun_thread(void *arg);
475static void ctl_thresh_thread(void *arg);
476static void ctl_work_thread(void *arg);
477static void ctl_enqueue_incoming(union ctl_io *io);
478static void ctl_enqueue_rtr(union ctl_io *io);
479static void ctl_enqueue_done(union ctl_io *io);
480#ifdef notyet
481static void ctl_enqueue_isc(union ctl_io *io);
482#endif
483static const struct ctl_cmd_entry *
484    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
485static const struct ctl_cmd_entry *
486    ctl_validate_command(struct ctl_scsiio *ctsio);
487static int ctl_cmd_applicable(uint8_t lun_type,
488    const struct ctl_cmd_entry *entry);
489
490/*
491 * Load the serialization table.  This isn't very pretty, but is probably
492 * the easiest way to do it.
493 */
494#include "ctl_ser_table.c"
495
496/*
497 * We only need to define open, close and ioctl routines for this driver.
498 */
499static struct cdevsw ctl_cdevsw = {
500	.d_version =	D_VERSION,
501	.d_flags =	0,
502	.d_open =	ctl_open,
503	.d_close =	ctl_close,
504	.d_ioctl =	ctl_ioctl,
505	.d_name =	"ctl",
506};
507
508
509MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
510
511static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
512
513static moduledata_t ctl_moduledata = {
514	"ctl",
515	ctl_module_event_handler,
516	NULL
517};
518
519DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
520MODULE_VERSION(ctl, 1);
521
522#ifdef notyet
523static void
524ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
525			    union ctl_ha_msg *msg_info)
526{
527	struct ctl_scsiio *ctsio;
528
529	if (msg_info->hdr.original_sc == NULL) {
530		printf("%s: original_sc == NULL!\n", __func__);
531		/* XXX KDM now what? */
532		return;
533	}
534
535	ctsio = &msg_info->hdr.original_sc->scsiio;
536	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
537	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
538	ctsio->io_hdr.status = msg_info->hdr.status;
539	ctsio->scsi_status = msg_info->scsi.scsi_status;
540	ctsio->sense_len = msg_info->scsi.sense_len;
541	ctsio->sense_residual = msg_info->scsi.sense_residual;
542	ctsio->residual = msg_info->scsi.residual;
543	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
544	       sizeof(ctsio->sense_data));
545	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
546	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
547	ctl_enqueue_isc((union ctl_io *)ctsio);
548}
549
550static void
551ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
552				union ctl_ha_msg *msg_info)
553{
554	struct ctl_scsiio *ctsio;
555
556	if (msg_info->hdr.serializing_sc == NULL) {
557		printf("%s: serializing_sc == NULL!\n", __func__);
558		/* XXX KDM now what? */
559		return;
560	}
561
562	ctsio = &msg_info->hdr.serializing_sc->scsiio;
563#if 0
564	/*
565	 * Attempt to catch the situation where an I/O has
566	 * been freed, and we're using it again.
567	 */
568	if (ctsio->io_hdr.io_type == 0xff) {
569		union ctl_io *tmp_io;
570		tmp_io = (union ctl_io *)ctsio;
571		printf("%s: %p use after free!\n", __func__,
572		       ctsio);
573		printf("%s: type %d msg %d cdb %x iptl: "
574		       "%d:%d:%d:%d tag 0x%04x "
575		       "flag %#x status %x\n",
576			__func__,
577			tmp_io->io_hdr.io_type,
578			tmp_io->io_hdr.msg_type,
579			tmp_io->scsiio.cdb[0],
580			tmp_io->io_hdr.nexus.initid.id,
581			tmp_io->io_hdr.nexus.targ_port,
582			tmp_io->io_hdr.nexus.targ_target.id,
583			tmp_io->io_hdr.nexus.targ_lun,
584			(tmp_io->io_hdr.io_type ==
585			CTL_IO_TASK) ?
586			tmp_io->taskio.tag_num :
587			tmp_io->scsiio.tag_num,
588		        tmp_io->io_hdr.flags,
589			tmp_io->io_hdr.status);
590	}
591#endif
592	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
593	ctl_enqueue_isc((union ctl_io *)ctsio);
594}
595
596/*
597 * ISC (Inter Shelf Communication) event handler.  Events from the HA
598 * subsystem come in here.
599 */
600static void
601ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
602{
603	struct ctl_softc *softc;
604	union ctl_io *io;
605	struct ctl_prio *presio;
606	ctl_ha_status isc_status;
607
608	softc = control_softc;
609	io = NULL;
610
611
612#if 0
613	printf("CTL: Isc Msg event %d\n", event);
614#endif
615	if (event == CTL_HA_EVT_MSG_RECV) {
616		union ctl_ha_msg msg_info;
617
618		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
619					     sizeof(msg_info), /*wait*/ 0);
620#if 0
621		printf("CTL: msg_type %d\n", msg_info.msg_type);
622#endif
623		if (isc_status != 0) {
624			printf("Error receiving message, status = %d\n",
625			       isc_status);
626			return;
627		}
628
629		switch (msg_info.hdr.msg_type) {
630		case CTL_MSG_SERIALIZE:
631#if 0
632			printf("Serialize\n");
633#endif
634			io = ctl_alloc_io_nowait(softc->othersc_pool);
635			if (io == NULL) {
636				printf("ctl_isc_event_handler: can't allocate "
637				       "ctl_io!\n");
638				/* Bad Juju */
639				/* Need to set busy and send msg back */
640				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
641				msg_info.hdr.status = CTL_SCSI_ERROR;
642				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
643				msg_info.scsi.sense_len = 0;
644			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
645				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
646				}
647				goto bailout;
648			}
649			ctl_zero_io(io);
650			// populate ctsio from msg_info
651			io->io_hdr.io_type = CTL_IO_SCSI;
652			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
653			io->io_hdr.original_sc = msg_info.hdr.original_sc;
654#if 0
655			printf("pOrig %x\n", (int)msg_info.original_sc);
656#endif
657			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
658					    CTL_FLAG_IO_ACTIVE;
659			/*
660			 * If we're in serialization-only mode, we don't
661			 * want to go through full done processing.  Thus
662			 * the COPY flag.
663			 *
664			 * XXX KDM add another flag that is more specific.
665			 */
666			if (softc->ha_mode == CTL_HA_MODE_SER_ONLY)
667				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
668			io->io_hdr.nexus = msg_info.hdr.nexus;
669#if 0
670			printf("targ %d, port %d, iid %d, lun %d\n",
671			       io->io_hdr.nexus.targ_target.id,
672			       io->io_hdr.nexus.targ_port,
673			       io->io_hdr.nexus.initid.id,
674			       io->io_hdr.nexus.targ_lun);
675#endif
676			io->scsiio.tag_num = msg_info.scsi.tag_num;
677			io->scsiio.tag_type = msg_info.scsi.tag_type;
678			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
679			       CTL_MAX_CDBLEN);
680			if (softc->ha_mode == CTL_HA_MODE_XFER) {
681				const struct ctl_cmd_entry *entry;
682
683				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
684				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
685				io->io_hdr.flags |=
686					entry->flags & CTL_FLAG_DATA_MASK;
687			}
688			ctl_enqueue_isc(io);
689			break;
690
691		/* Performed on the Originating SC, XFER mode only */
692		case CTL_MSG_DATAMOVE: {
693			struct ctl_sg_entry *sgl;
694			int i, j;
695
696			io = msg_info.hdr.original_sc;
697			if (io == NULL) {
698				printf("%s: original_sc == NULL!\n", __func__);
699				/* XXX KDM do something here */
700				break;
701			}
702			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
703			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
704			/*
705			 * Keep track of this, we need to send it back over
706			 * when the datamove is complete.
707			 */
708			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
709
710			if (msg_info.dt.sg_sequence == 0) {
711				/*
712				 * XXX KDM we use the preallocated S/G list
713				 * here, but we'll need to change this to
714				 * dynamic allocation if we need larger S/G
715				 * lists.
716				 */
717				if (msg_info.dt.kern_sg_entries >
718				    sizeof(io->io_hdr.remote_sglist) /
719				    sizeof(io->io_hdr.remote_sglist[0])) {
720					printf("%s: number of S/G entries "
721					    "needed %u > allocated num %zd\n",
722					    __func__,
723					    msg_info.dt.kern_sg_entries,
724					    sizeof(io->io_hdr.remote_sglist)/
725					    sizeof(io->io_hdr.remote_sglist[0]));
726
727					/*
728					 * XXX KDM send a message back to
729					 * the other side to shut down the
730					 * DMA.  The error will come back
731					 * through via the normal channel.
732					 */
733					break;
734				}
735				sgl = io->io_hdr.remote_sglist;
736				memset(sgl, 0,
737				       sizeof(io->io_hdr.remote_sglist));
738
739				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
740
741				io->scsiio.kern_sg_entries =
742					msg_info.dt.kern_sg_entries;
743				io->scsiio.rem_sg_entries =
744					msg_info.dt.kern_sg_entries;
745				io->scsiio.kern_data_len =
746					msg_info.dt.kern_data_len;
747				io->scsiio.kern_total_len =
748					msg_info.dt.kern_total_len;
749				io->scsiio.kern_data_resid =
750					msg_info.dt.kern_data_resid;
751				io->scsiio.kern_rel_offset =
752					msg_info.dt.kern_rel_offset;
753				/*
754				 * Clear out per-DMA flags.
755				 */
756				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
757				/*
758				 * Add per-DMA flags that are set for this
759				 * particular DMA request.
760				 */
761				io->io_hdr.flags |= msg_info.dt.flags &
762						    CTL_FLAG_RDMA_MASK;
763			} else
764				sgl = (struct ctl_sg_entry *)
765					io->scsiio.kern_data_ptr;
766
767			for (i = msg_info.dt.sent_sg_entries, j = 0;
768			     i < (msg_info.dt.sent_sg_entries +
769			     msg_info.dt.cur_sg_entries); i++, j++) {
770				sgl[i].addr = msg_info.dt.sg_list[j].addr;
771				sgl[i].len = msg_info.dt.sg_list[j].len;
772
773#if 0
774				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
775				       __func__,
776				       msg_info.dt.sg_list[j].addr,
777				       msg_info.dt.sg_list[j].len,
778				       sgl[i].addr, sgl[i].len, j, i);
779#endif
780			}
781#if 0
782			memcpy(&sgl[msg_info.dt.sent_sg_entries],
783			       msg_info.dt.sg_list,
784			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
785#endif
786
787			/*
788			 * If this is the last piece of the I/O, we've got
789			 * the full S/G list.  Queue processing in the thread.
790			 * Otherwise wait for the next piece.
791			 */
792			if (msg_info.dt.sg_last != 0)
793				ctl_enqueue_isc(io);
794			break;
795		}
796		/* Performed on the Serializing (primary) SC, XFER mode only */
797		case CTL_MSG_DATAMOVE_DONE: {
798			if (msg_info.hdr.serializing_sc == NULL) {
799				printf("%s: serializing_sc == NULL!\n",
800				       __func__);
801				/* XXX KDM now what? */
802				break;
803			}
804			/*
805			 * We grab the sense information here in case
806			 * there was a failure, so we can return status
807			 * back to the initiator.
808			 */
809			io = msg_info.hdr.serializing_sc;
810			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
811			io->io_hdr.status = msg_info.hdr.status;
812			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
813			io->scsiio.sense_len = msg_info.scsi.sense_len;
814			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
815			io->io_hdr.port_status = msg_info.scsi.fetd_status;
816			io->scsiio.residual = msg_info.scsi.residual;
817			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
818			       sizeof(io->scsiio.sense_data));
819			ctl_enqueue_isc(io);
820			break;
821		}
822
823		/* Preformed on Originating SC, SER_ONLY mode */
824		case CTL_MSG_R2R:
825			io = msg_info.hdr.original_sc;
826			if (io == NULL) {
827				printf("%s: Major Bummer\n", __func__);
828				return;
829			} else {
830#if 0
831				printf("pOrig %x\n",(int) ctsio);
832#endif
833			}
834			io->io_hdr.msg_type = CTL_MSG_R2R;
835			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
836			ctl_enqueue_isc(io);
837			break;
838
839		/*
840		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
841		 * mode.
842		 * Performed on the Originating (i.e. secondary) SC in XFER
843		 * mode
844		 */
845		case CTL_MSG_FINISH_IO:
846			if (softc->ha_mode == CTL_HA_MODE_XFER)
847				ctl_isc_handler_finish_xfer(softc,
848							    &msg_info);
849			else
850				ctl_isc_handler_finish_ser_only(softc,
851								&msg_info);
852			break;
853
854		/* Preformed on Originating SC */
855		case CTL_MSG_BAD_JUJU:
856			io = msg_info.hdr.original_sc;
857			if (io == NULL) {
858				printf("%s: Bad JUJU!, original_sc is NULL!\n",
859				       __func__);
860				break;
861			}
862			ctl_copy_sense_data(&msg_info, io);
863			/*
864			 * IO should have already been cleaned up on other
865			 * SC so clear this flag so we won't send a message
866			 * back to finish the IO there.
867			 */
868			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
869			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
870
871			/* io = msg_info.hdr.serializing_sc; */
872			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
873			ctl_enqueue_isc(io);
874			break;
875
876		/* Handle resets sent from the other side */
877		case CTL_MSG_MANAGE_TASKS: {
878			struct ctl_taskio *taskio;
879			taskio = (struct ctl_taskio *)ctl_alloc_io_nowait(
880			    softc->othersc_pool);
881			if (taskio == NULL) {
882				printf("ctl_isc_event_handler: can't allocate "
883				       "ctl_io!\n");
884				/* Bad Juju */
885				/* should I just call the proper reset func
886				   here??? */
887				goto bailout;
888			}
889			ctl_zero_io((union ctl_io *)taskio);
890			taskio->io_hdr.io_type = CTL_IO_TASK;
891			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
892			taskio->io_hdr.nexus = msg_info.hdr.nexus;
893			taskio->task_action = msg_info.task.task_action;
894			taskio->tag_num = msg_info.task.tag_num;
895			taskio->tag_type = msg_info.task.tag_type;
896#ifdef CTL_TIME_IO
897			taskio->io_hdr.start_time = time_uptime;
898			getbintime(&taskio->io_hdr.start_bt);
899#if 0
900			cs_prof_gettime(&taskio->io_hdr.start_ticks);
901#endif
902#endif /* CTL_TIME_IO */
903			ctl_run_task((union ctl_io *)taskio);
904			break;
905		}
906		/* Persistent Reserve action which needs attention */
907		case CTL_MSG_PERS_ACTION:
908			presio = (struct ctl_prio *)ctl_alloc_io_nowait(
909			    softc->othersc_pool);
910			if (presio == NULL) {
911				printf("ctl_isc_event_handler: can't allocate "
912				       "ctl_io!\n");
913				/* Bad Juju */
914				/* Need to set busy and send msg back */
915				goto bailout;
916			}
917			ctl_zero_io((union ctl_io *)presio);
918			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
919			presio->pr_msg = msg_info.pr;
920			ctl_enqueue_isc((union ctl_io *)presio);
921			break;
922		case CTL_MSG_SYNC_FE:
923			rcv_sync_msg = 1;
924			break;
925		default:
926		        printf("How did I get here?\n");
927		}
928	} else if (event == CTL_HA_EVT_MSG_SENT) {
929		if (param != CTL_HA_STATUS_SUCCESS) {
930			printf("Bad status from ctl_ha_msg_send status %d\n",
931			       param);
932		}
933		return;
934	} else if (event == CTL_HA_EVT_DISCONNECT) {
935		printf("CTL: Got a disconnect from Isc\n");
936		return;
937	} else {
938		printf("ctl_isc_event_handler: Unknown event %d\n", event);
939		return;
940	}
941
942bailout:
943	return;
944}
945
946static void
947ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
948{
949	struct scsi_sense_data *sense;
950
951	sense = &dest->scsiio.sense_data;
952	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
953	dest->scsiio.scsi_status = src->scsi.scsi_status;
954	dest->scsiio.sense_len = src->scsi.sense_len;
955	dest->io_hdr.status = src->hdr.status;
956}
957#endif
958
959static void
960ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
961{
962	ctl_ua_type *pu;
963
964	mtx_assert(&lun->lun_lock, MA_OWNED);
965	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
966	if (pu == NULL)
967		return;
968	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
969}
970
971static void
972ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
973{
974	int i, j;
975
976	mtx_assert(&lun->lun_lock, MA_OWNED);
977	for (i = 0; i < CTL_MAX_PORTS; i++) {
978		if (lun->pending_ua[i] == NULL)
979			continue;
980		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
981			if (i * CTL_MAX_INIT_PER_PORT + j == except)
982				continue;
983			lun->pending_ua[i][j] |= ua;
984		}
985	}
986}
987
988static void
989ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
990{
991	ctl_ua_type *pu;
992
993	mtx_assert(&lun->lun_lock, MA_OWNED);
994	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
995	if (pu == NULL)
996		return;
997	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
998}
999
1000static void
1001ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1002{
1003	int i, j;
1004
1005	mtx_assert(&lun->lun_lock, MA_OWNED);
1006	for (i = 0; i < CTL_MAX_PORTS; i++) {
1007		if (lun->pending_ua[i] == NULL)
1008			continue;
1009		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1010			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1011				continue;
1012			lun->pending_ua[i][j] &= ~ua;
1013		}
1014	}
1015}
1016
1017static void
1018ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1019    ctl_ua_type ua_type)
1020{
1021	struct ctl_lun *lun;
1022
1023	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1024	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1025		mtx_lock(&lun->lun_lock);
1026		ctl_clr_ua(lun, initidx, ua_type);
1027		mtx_unlock(&lun->lun_lock);
1028	}
1029}
1030
1031static int
1032ctl_ha_state_sysctl(SYSCTL_HANDLER_ARGS)
1033{
1034	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1035	struct ctl_lun *lun;
1036	int error, value;
1037
1038	if (softc->flags & CTL_FLAG_ACTIVE_SHELF)
1039		value = 0;
1040	else
1041		value = 1;
1042
1043	error = sysctl_handle_int(oidp, &value, 0, req);
1044	if ((error != 0) || (req->newptr == NULL))
1045		return (error);
1046
1047	mtx_lock(&softc->ctl_lock);
1048	if (value == 0)
1049		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1050	else
1051		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1052	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1053		mtx_lock(&lun->lun_lock);
1054		ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1055		mtx_unlock(&lun->lun_lock);
1056	}
1057	mtx_unlock(&softc->ctl_lock);
1058	return (0);
1059}
1060
1061static int
1062ctl_init(void)
1063{
1064	struct ctl_softc *softc;
1065	void *other_pool;
1066	int i, error, retval;
1067	//int isc_retval;
1068
1069	retval = 0;
1070	ctl_pause_rtr = 0;
1071        rcv_sync_msg = 0;
1072
1073	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1074			       M_WAITOK | M_ZERO);
1075	softc = control_softc;
1076
1077	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1078			      "cam/ctl");
1079
1080	softc->dev->si_drv1 = softc;
1081
1082	/*
1083	 * By default, return a "bad LUN" peripheral qualifier for unknown
1084	 * LUNs.  The user can override this default using the tunable or
1085	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
1086	 */
1087	softc->inquiry_pq_no_lun = 1;
1088	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
1089			  &softc->inquiry_pq_no_lun);
1090	sysctl_ctx_init(&softc->sysctl_ctx);
1091	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1092		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1093		CTLFLAG_RD, 0, "CAM Target Layer");
1094
1095	if (softc->sysctl_tree == NULL) {
1096		printf("%s: unable to allocate sysctl tree\n", __func__);
1097		destroy_dev(softc->dev);
1098		free(control_softc, M_DEVBUF);
1099		control_softc = NULL;
1100		return (ENOMEM);
1101	}
1102
1103	SYSCTL_ADD_INT(&softc->sysctl_ctx,
1104		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
1105		       "inquiry_pq_no_lun", CTLFLAG_RW,
1106		       &softc->inquiry_pq_no_lun, 0,
1107		       "Report no lun possible for invalid LUNs");
1108
1109	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1110	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1111	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1112	softc->open_count = 0;
1113
1114	/*
1115	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1116	 * the drive.
1117	 */
1118	softc->flags = CTL_FLAG_REAL_SYNC;
1119
1120	/*
1121	 * In Copan's HA scheme, the "master" and "slave" roles are
1122	 * figured out through the slot the controller is in.  Although it
1123	 * is an active/active system, someone has to be in charge.
1124	 */
1125	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1126	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1127	    "HA head ID (0 - no HA)");
1128	if (softc->ha_id == 0) {
1129		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1130		softc->is_single = 1;
1131		softc->port_offset = 0;
1132	} else
1133		softc->port_offset = (softc->ha_id - 1) * CTL_MAX_PORTS;
1134	softc->persis_offset = softc->port_offset * CTL_MAX_INIT_PER_PORT;
1135
1136	STAILQ_INIT(&softc->lun_list);
1137	STAILQ_INIT(&softc->pending_lun_queue);
1138	STAILQ_INIT(&softc->fe_list);
1139	STAILQ_INIT(&softc->port_list);
1140	STAILQ_INIT(&softc->be_list);
1141	ctl_tpc_init(softc);
1142
1143	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1144	                    &other_pool) != 0)
1145	{
1146		printf("ctl: can't allocate %d entry other SC pool, "
1147		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1148		return (ENOMEM);
1149	}
1150	softc->othersc_pool = other_pool;
1151
1152	if (worker_threads <= 0)
1153		worker_threads = max(1, mp_ncpus / 4);
1154	if (worker_threads > CTL_MAX_THREADS)
1155		worker_threads = CTL_MAX_THREADS;
1156
1157	for (i = 0; i < worker_threads; i++) {
1158		struct ctl_thread *thr = &softc->threads[i];
1159
1160		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1161		thr->ctl_softc = softc;
1162		STAILQ_INIT(&thr->incoming_queue);
1163		STAILQ_INIT(&thr->rtr_queue);
1164		STAILQ_INIT(&thr->done_queue);
1165		STAILQ_INIT(&thr->isc_queue);
1166
1167		error = kproc_kthread_add(ctl_work_thread, thr,
1168		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1169		if (error != 0) {
1170			printf("error creating CTL work thread!\n");
1171			ctl_pool_free(other_pool);
1172			return (error);
1173		}
1174	}
1175	error = kproc_kthread_add(ctl_lun_thread, softc,
1176	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1177	if (error != 0) {
1178		printf("error creating CTL lun thread!\n");
1179		ctl_pool_free(other_pool);
1180		return (error);
1181	}
1182	error = kproc_kthread_add(ctl_thresh_thread, softc,
1183	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1184	if (error != 0) {
1185		printf("error creating CTL threshold thread!\n");
1186		ctl_pool_free(other_pool);
1187		return (error);
1188	}
1189
1190	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1191	    OID_AUTO, "ha_state", CTLTYPE_INT | CTLFLAG_RWTUN,
1192	    softc, 0, ctl_ha_state_sysctl, "I", "HA state for this head");
1193	return (0);
1194}
1195
1196void
1197ctl_shutdown(void)
1198{
1199	struct ctl_softc *softc;
1200	struct ctl_lun *lun, *next_lun;
1201
1202	softc = (struct ctl_softc *)control_softc;
1203
1204	mtx_lock(&softc->ctl_lock);
1205
1206	/*
1207	 * Free up each LUN.
1208	 */
1209	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1210		next_lun = STAILQ_NEXT(lun, links);
1211		ctl_free_lun(lun);
1212	}
1213
1214	mtx_unlock(&softc->ctl_lock);
1215
1216#if 0
1217	ctl_shutdown_thread(softc->work_thread);
1218	mtx_destroy(&softc->queue_lock);
1219#endif
1220
1221	ctl_tpc_shutdown(softc);
1222	uma_zdestroy(softc->io_zone);
1223	mtx_destroy(&softc->ctl_lock);
1224
1225	destroy_dev(softc->dev);
1226
1227	sysctl_ctx_free(&softc->sysctl_ctx);
1228
1229	free(control_softc, M_DEVBUF);
1230	control_softc = NULL;
1231}
1232
1233static int
1234ctl_module_event_handler(module_t mod, int what, void *arg)
1235{
1236
1237	switch (what) {
1238	case MOD_LOAD:
1239		return (ctl_init());
1240	case MOD_UNLOAD:
1241		return (EBUSY);
1242	default:
1243		return (EOPNOTSUPP);
1244	}
1245}
1246
1247/*
1248 * XXX KDM should we do some access checks here?  Bump a reference count to
1249 * prevent a CTL module from being unloaded while someone has it open?
1250 */
1251static int
1252ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1253{
1254	return (0);
1255}
1256
1257static int
1258ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1259{
1260	return (0);
1261}
1262
1263int
1264ctl_port_enable(ctl_port_type port_type)
1265{
1266	struct ctl_softc *softc = control_softc;
1267	struct ctl_port *port;
1268
1269	if (softc->is_single == 0) {
1270		union ctl_ha_msg msg_info;
1271		int isc_retval;
1272
1273#if 0
1274		printf("%s: HA mode, synchronizing frontend enable\n",
1275		        __func__);
1276#endif
1277		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1278	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1279		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1280			printf("Sync msg send error retval %d\n", isc_retval);
1281		}
1282		if (!rcv_sync_msg) {
1283			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1284			        sizeof(msg_info), 1);
1285		}
1286#if 0
1287        	printf("CTL:Frontend Enable\n");
1288	} else {
1289		printf("%s: single mode, skipping frontend synchronization\n",
1290		        __func__);
1291#endif
1292	}
1293
1294	STAILQ_FOREACH(port, &softc->port_list, links) {
1295		if (port_type & port->port_type)
1296		{
1297#if 0
1298			printf("port %d\n", port->targ_port);
1299#endif
1300			ctl_port_online(port);
1301		}
1302	}
1303
1304	return (0);
1305}
1306
1307int
1308ctl_port_disable(ctl_port_type port_type)
1309{
1310	struct ctl_softc *softc;
1311	struct ctl_port *port;
1312
1313	softc = control_softc;
1314
1315	STAILQ_FOREACH(port, &softc->port_list, links) {
1316		if (port_type & port->port_type)
1317			ctl_port_offline(port);
1318	}
1319
1320	return (0);
1321}
1322
1323/*
1324 * Returns 0 for success, 1 for failure.
1325 * Currently the only failure mode is if there aren't enough entries
1326 * allocated.  So, in case of a failure, look at num_entries_dropped,
1327 * reallocate and try again.
1328 */
1329int
1330ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1331	      int *num_entries_filled, int *num_entries_dropped,
1332	      ctl_port_type port_type, int no_virtual)
1333{
1334	struct ctl_softc *softc;
1335	struct ctl_port *port;
1336	int entries_dropped, entries_filled;
1337	int retval;
1338	int i;
1339
1340	softc = control_softc;
1341
1342	retval = 0;
1343	entries_filled = 0;
1344	entries_dropped = 0;
1345
1346	i = 0;
1347	mtx_lock(&softc->ctl_lock);
1348	STAILQ_FOREACH(port, &softc->port_list, links) {
1349		struct ctl_port_entry *entry;
1350
1351		if ((port->port_type & port_type) == 0)
1352			continue;
1353
1354		if ((no_virtual != 0)
1355		 && (port->virtual_port != 0))
1356			continue;
1357
1358		if (entries_filled >= num_entries_alloced) {
1359			entries_dropped++;
1360			continue;
1361		}
1362		entry = &entries[i];
1363
1364		entry->port_type = port->port_type;
1365		strlcpy(entry->port_name, port->port_name,
1366			sizeof(entry->port_name));
1367		entry->physical_port = port->physical_port;
1368		entry->virtual_port = port->virtual_port;
1369		entry->wwnn = port->wwnn;
1370		entry->wwpn = port->wwpn;
1371
1372		i++;
1373		entries_filled++;
1374	}
1375
1376	mtx_unlock(&softc->ctl_lock);
1377
1378	if (entries_dropped > 0)
1379		retval = 1;
1380
1381	*num_entries_dropped = entries_dropped;
1382	*num_entries_filled = entries_filled;
1383
1384	return (retval);
1385}
1386
1387/*
1388 * Remove an initiator by port number and initiator ID.
1389 * Returns 0 for success, -1 for failure.
1390 */
1391int
1392ctl_remove_initiator(struct ctl_port *port, int iid)
1393{
1394	struct ctl_softc *softc = control_softc;
1395
1396	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1397
1398	if (iid > CTL_MAX_INIT_PER_PORT) {
1399		printf("%s: initiator ID %u > maximun %u!\n",
1400		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1401		return (-1);
1402	}
1403
1404	mtx_lock(&softc->ctl_lock);
1405	port->wwpn_iid[iid].in_use--;
1406	port->wwpn_iid[iid].last_use = time_uptime;
1407	mtx_unlock(&softc->ctl_lock);
1408
1409	return (0);
1410}
1411
1412/*
1413 * Add an initiator to the initiator map.
1414 * Returns iid for success, < 0 for failure.
1415 */
1416int
1417ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1418{
1419	struct ctl_softc *softc = control_softc;
1420	time_t best_time;
1421	int i, best;
1422
1423	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1424
1425	if (iid >= CTL_MAX_INIT_PER_PORT) {
1426		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1427		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1428		free(name, M_CTL);
1429		return (-1);
1430	}
1431
1432	mtx_lock(&softc->ctl_lock);
1433
1434	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1435		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1436			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1437				iid = i;
1438				break;
1439			}
1440			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1441			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1442				iid = i;
1443				break;
1444			}
1445		}
1446	}
1447
1448	if (iid < 0) {
1449		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1450			if (port->wwpn_iid[i].in_use == 0 &&
1451			    port->wwpn_iid[i].wwpn == 0 &&
1452			    port->wwpn_iid[i].name == NULL) {
1453				iid = i;
1454				break;
1455			}
1456		}
1457	}
1458
1459	if (iid < 0) {
1460		best = -1;
1461		best_time = INT32_MAX;
1462		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1463			if (port->wwpn_iid[i].in_use == 0) {
1464				if (port->wwpn_iid[i].last_use < best_time) {
1465					best = i;
1466					best_time = port->wwpn_iid[i].last_use;
1467				}
1468			}
1469		}
1470		iid = best;
1471	}
1472
1473	if (iid < 0) {
1474		mtx_unlock(&softc->ctl_lock);
1475		free(name, M_CTL);
1476		return (-2);
1477	}
1478
1479	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1480		/*
1481		 * This is not an error yet.
1482		 */
1483		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1484#if 0
1485			printf("%s: port %d iid %u WWPN %#jx arrived"
1486			    " again\n", __func__, port->targ_port,
1487			    iid, (uintmax_t)wwpn);
1488#endif
1489			goto take;
1490		}
1491		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1492		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1493#if 0
1494			printf("%s: port %d iid %u name '%s' arrived"
1495			    " again\n", __func__, port->targ_port,
1496			    iid, name);
1497#endif
1498			goto take;
1499		}
1500
1501		/*
1502		 * This is an error, but what do we do about it?  The
1503		 * driver is telling us we have a new WWPN for this
1504		 * initiator ID, so we pretty much need to use it.
1505		 */
1506		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1507		    " but WWPN %#jx '%s' is still at that address\n",
1508		    __func__, port->targ_port, iid, wwpn, name,
1509		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1510		    port->wwpn_iid[iid].name);
1511
1512		/*
1513		 * XXX KDM clear have_ca and ua_pending on each LUN for
1514		 * this initiator.
1515		 */
1516	}
1517take:
1518	free(port->wwpn_iid[iid].name, M_CTL);
1519	port->wwpn_iid[iid].name = name;
1520	port->wwpn_iid[iid].wwpn = wwpn;
1521	port->wwpn_iid[iid].in_use++;
1522	mtx_unlock(&softc->ctl_lock);
1523
1524	return (iid);
1525}
1526
1527static int
1528ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1529{
1530	int len;
1531
1532	switch (port->port_type) {
1533	case CTL_PORT_FC:
1534	{
1535		struct scsi_transportid_fcp *id =
1536		    (struct scsi_transportid_fcp *)buf;
1537		if (port->wwpn_iid[iid].wwpn == 0)
1538			return (0);
1539		memset(id, 0, sizeof(*id));
1540		id->format_protocol = SCSI_PROTO_FC;
1541		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1542		return (sizeof(*id));
1543	}
1544	case CTL_PORT_ISCSI:
1545	{
1546		struct scsi_transportid_iscsi_port *id =
1547		    (struct scsi_transportid_iscsi_port *)buf;
1548		if (port->wwpn_iid[iid].name == NULL)
1549			return (0);
1550		memset(id, 0, 256);
1551		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1552		    SCSI_PROTO_ISCSI;
1553		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1554		len = roundup2(min(len, 252), 4);
1555		scsi_ulto2b(len, id->additional_length);
1556		return (sizeof(*id) + len);
1557	}
1558	case CTL_PORT_SAS:
1559	{
1560		struct scsi_transportid_sas *id =
1561		    (struct scsi_transportid_sas *)buf;
1562		if (port->wwpn_iid[iid].wwpn == 0)
1563			return (0);
1564		memset(id, 0, sizeof(*id));
1565		id->format_protocol = SCSI_PROTO_SAS;
1566		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1567		return (sizeof(*id));
1568	}
1569	default:
1570	{
1571		struct scsi_transportid_spi *id =
1572		    (struct scsi_transportid_spi *)buf;
1573		memset(id, 0, sizeof(*id));
1574		id->format_protocol = SCSI_PROTO_SPI;
1575		scsi_ulto2b(iid, id->scsi_addr);
1576		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1577		return (sizeof(*id));
1578	}
1579	}
1580}
1581
1582/*
1583 * Serialize a command that went down the "wrong" side, and so was sent to
1584 * this controller for execution.  The logic is a little different than the
1585 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1586 * sent back to the other side, but in the success case, we execute the
1587 * command on this side (XFER mode) or tell the other side to execute it
1588 * (SER_ONLY mode).
1589 */
1590static int
1591ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1592{
1593	struct ctl_softc *softc;
1594	union ctl_ha_msg msg_info;
1595	struct ctl_lun *lun;
1596	int retval = 0;
1597	uint32_t targ_lun;
1598
1599	softc = control_softc;
1600
1601	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1602	lun = softc->ctl_luns[targ_lun];
1603	if (lun==NULL)
1604	{
1605		/*
1606		 * Why isn't LUN defined? The other side wouldn't
1607		 * send a cmd if the LUN is undefined.
1608		 */
1609		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1610
1611		/* "Logical unit not supported" */
1612		ctl_set_sense_data(&msg_info.scsi.sense_data,
1613				   lun,
1614				   /*sense_format*/SSD_TYPE_NONE,
1615				   /*current_error*/ 1,
1616				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1617				   /*asc*/ 0x25,
1618				   /*ascq*/ 0x00,
1619				   SSD_ELEM_NONE);
1620
1621		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1622		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1623		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1624		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1625		msg_info.hdr.serializing_sc = NULL;
1626		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1627	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1628				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1629		}
1630		return(1);
1631
1632	}
1633
1634	mtx_lock(&lun->lun_lock);
1635    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1636
1637	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1638		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1639		 ooa_links))) {
1640	case CTL_ACTION_BLOCK:
1641		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1642		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1643				  blocked_links);
1644		break;
1645	case CTL_ACTION_PASS:
1646	case CTL_ACTION_SKIP:
1647		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1648			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1649			ctl_enqueue_rtr((union ctl_io *)ctsio);
1650		} else {
1651
1652			/* send msg back to other side */
1653			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1654			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1655			msg_info.hdr.msg_type = CTL_MSG_R2R;
1656#if 0
1657			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1658#endif
1659		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1660			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1661			}
1662		}
1663		break;
1664	case CTL_ACTION_OVERLAP:
1665		/* OVERLAPPED COMMANDS ATTEMPTED */
1666		ctl_set_sense_data(&msg_info.scsi.sense_data,
1667				   lun,
1668				   /*sense_format*/SSD_TYPE_NONE,
1669				   /*current_error*/ 1,
1670				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1671				   /*asc*/ 0x4E,
1672				   /*ascq*/ 0x00,
1673				   SSD_ELEM_NONE);
1674
1675		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1676		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1677		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1678		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1679		msg_info.hdr.serializing_sc = NULL;
1680		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1681#if 0
1682		printf("BAD JUJU:Major Bummer Overlap\n");
1683#endif
1684		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1685		retval = 1;
1686		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1687		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1688		}
1689		break;
1690	case CTL_ACTION_OVERLAP_TAG:
1691		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1692		ctl_set_sense_data(&msg_info.scsi.sense_data,
1693				   lun,
1694				   /*sense_format*/SSD_TYPE_NONE,
1695				   /*current_error*/ 1,
1696				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1697				   /*asc*/ 0x4D,
1698				   /*ascq*/ ctsio->tag_num & 0xff,
1699				   SSD_ELEM_NONE);
1700
1701		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1702		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1703		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1704		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1705		msg_info.hdr.serializing_sc = NULL;
1706		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1707#if 0
1708		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1709#endif
1710		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1711		retval = 1;
1712		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1713		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1714		}
1715		break;
1716	case CTL_ACTION_ERROR:
1717	default:
1718		/* "Internal target failure" */
1719		ctl_set_sense_data(&msg_info.scsi.sense_data,
1720				   lun,
1721				   /*sense_format*/SSD_TYPE_NONE,
1722				   /*current_error*/ 1,
1723				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1724				   /*asc*/ 0x44,
1725				   /*ascq*/ 0x00,
1726				   SSD_ELEM_NONE);
1727
1728		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1729		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1730		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1731		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1732		msg_info.hdr.serializing_sc = NULL;
1733		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1734#if 0
1735		printf("BAD JUJU:Major Bummer HW Error\n");
1736#endif
1737		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1738		retval = 1;
1739		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1740		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1741		}
1742		break;
1743	}
1744	mtx_unlock(&lun->lun_lock);
1745	return (retval);
1746}
1747
1748/*
1749 * Returns 0 for success, errno for failure.
1750 */
1751static int
1752ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1753		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1754{
1755	union ctl_io *io;
1756	int retval;
1757
1758	retval = 0;
1759
1760	mtx_lock(&lun->lun_lock);
1761	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1762	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1763	     ooa_links)) {
1764		struct ctl_ooa_entry *entry;
1765
1766		/*
1767		 * If we've got more than we can fit, just count the
1768		 * remaining entries.
1769		 */
1770		if (*cur_fill_num >= ooa_hdr->alloc_num)
1771			continue;
1772
1773		entry = &kern_entries[*cur_fill_num];
1774
1775		entry->tag_num = io->scsiio.tag_num;
1776		entry->lun_num = lun->lun;
1777#ifdef CTL_TIME_IO
1778		entry->start_bt = io->io_hdr.start_bt;
1779#endif
1780		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
1781		entry->cdb_len = io->scsiio.cdb_len;
1782		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1783			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1784
1785		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1786			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
1787
1788		if (io->io_hdr.flags & CTL_FLAG_ABORT)
1789			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
1790
1791		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
1792			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
1793
1794		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
1795			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
1796	}
1797	mtx_unlock(&lun->lun_lock);
1798
1799	return (retval);
1800}
1801
1802static void *
1803ctl_copyin_alloc(void *user_addr, int len, char *error_str,
1804		 size_t error_str_len)
1805{
1806	void *kptr;
1807
1808	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
1809
1810	if (copyin(user_addr, kptr, len) != 0) {
1811		snprintf(error_str, error_str_len, "Error copying %d bytes "
1812			 "from user address %p to kernel address %p", len,
1813			 user_addr, kptr);
1814		free(kptr, M_CTL);
1815		return (NULL);
1816	}
1817
1818	return (kptr);
1819}
1820
1821static void
1822ctl_free_args(int num_args, struct ctl_be_arg *args)
1823{
1824	int i;
1825
1826	if (args == NULL)
1827		return;
1828
1829	for (i = 0; i < num_args; i++) {
1830		free(args[i].kname, M_CTL);
1831		free(args[i].kvalue, M_CTL);
1832	}
1833
1834	free(args, M_CTL);
1835}
1836
1837static struct ctl_be_arg *
1838ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
1839		char *error_str, size_t error_str_len)
1840{
1841	struct ctl_be_arg *args;
1842	int i;
1843
1844	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
1845				error_str, error_str_len);
1846
1847	if (args == NULL)
1848		goto bailout;
1849
1850	for (i = 0; i < num_args; i++) {
1851		args[i].kname = NULL;
1852		args[i].kvalue = NULL;
1853	}
1854
1855	for (i = 0; i < num_args; i++) {
1856		uint8_t *tmpptr;
1857
1858		args[i].kname = ctl_copyin_alloc(args[i].name,
1859			args[i].namelen, error_str, error_str_len);
1860		if (args[i].kname == NULL)
1861			goto bailout;
1862
1863		if (args[i].kname[args[i].namelen - 1] != '\0') {
1864			snprintf(error_str, error_str_len, "Argument %d "
1865				 "name is not NUL-terminated", i);
1866			goto bailout;
1867		}
1868
1869		if (args[i].flags & CTL_BEARG_RD) {
1870			tmpptr = ctl_copyin_alloc(args[i].value,
1871				args[i].vallen, error_str, error_str_len);
1872			if (tmpptr == NULL)
1873				goto bailout;
1874			if ((args[i].flags & CTL_BEARG_ASCII)
1875			 && (tmpptr[args[i].vallen - 1] != '\0')) {
1876				snprintf(error_str, error_str_len, "Argument "
1877				    "%d value is not NUL-terminated", i);
1878				goto bailout;
1879			}
1880			args[i].kvalue = tmpptr;
1881		} else {
1882			args[i].kvalue = malloc(args[i].vallen,
1883			    M_CTL, M_WAITOK | M_ZERO);
1884		}
1885	}
1886
1887	return (args);
1888bailout:
1889
1890	ctl_free_args(num_args, args);
1891
1892	return (NULL);
1893}
1894
1895static void
1896ctl_copyout_args(int num_args, struct ctl_be_arg *args)
1897{
1898	int i;
1899
1900	for (i = 0; i < num_args; i++) {
1901		if (args[i].flags & CTL_BEARG_WR)
1902			copyout(args[i].kvalue, args[i].value, args[i].vallen);
1903	}
1904}
1905
1906/*
1907 * Escape characters that are illegal or not recommended in XML.
1908 */
1909int
1910ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
1911{
1912	char *end = str + size;
1913	int retval;
1914
1915	retval = 0;
1916
1917	for (; *str && str < end; str++) {
1918		switch (*str) {
1919		case '&':
1920			retval = sbuf_printf(sb, "&amp;");
1921			break;
1922		case '>':
1923			retval = sbuf_printf(sb, "&gt;");
1924			break;
1925		case '<':
1926			retval = sbuf_printf(sb, "&lt;");
1927			break;
1928		default:
1929			retval = sbuf_putc(sb, *str);
1930			break;
1931		}
1932
1933		if (retval != 0)
1934			break;
1935
1936	}
1937
1938	return (retval);
1939}
1940
1941static void
1942ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
1943{
1944	struct scsi_vpd_id_descriptor *desc;
1945	int i;
1946
1947	if (id == NULL || id->len < 4)
1948		return;
1949	desc = (struct scsi_vpd_id_descriptor *)id->data;
1950	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
1951	case SVPD_ID_TYPE_T10:
1952		sbuf_printf(sb, "t10.");
1953		break;
1954	case SVPD_ID_TYPE_EUI64:
1955		sbuf_printf(sb, "eui.");
1956		break;
1957	case SVPD_ID_TYPE_NAA:
1958		sbuf_printf(sb, "naa.");
1959		break;
1960	case SVPD_ID_TYPE_SCSI_NAME:
1961		break;
1962	}
1963	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
1964	case SVPD_ID_CODESET_BINARY:
1965		for (i = 0; i < desc->length; i++)
1966			sbuf_printf(sb, "%02x", desc->identifier[i]);
1967		break;
1968	case SVPD_ID_CODESET_ASCII:
1969		sbuf_printf(sb, "%.*s", (int)desc->length,
1970		    (char *)desc->identifier);
1971		break;
1972	case SVPD_ID_CODESET_UTF8:
1973		sbuf_printf(sb, "%s", (char *)desc->identifier);
1974		break;
1975	}
1976}
1977
1978static int
1979ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
1980	  struct thread *td)
1981{
1982	struct ctl_softc *softc;
1983	int retval;
1984
1985	softc = control_softc;
1986
1987	retval = 0;
1988
1989	switch (cmd) {
1990	case CTL_IO:
1991		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
1992		break;
1993	case CTL_ENABLE_PORT:
1994	case CTL_DISABLE_PORT:
1995	case CTL_SET_PORT_WWNS: {
1996		struct ctl_port *port;
1997		struct ctl_port_entry *entry;
1998
1999		entry = (struct ctl_port_entry *)addr;
2000
2001		mtx_lock(&softc->ctl_lock);
2002		STAILQ_FOREACH(port, &softc->port_list, links) {
2003			int action, done;
2004
2005			action = 0;
2006			done = 0;
2007
2008			if ((entry->port_type == CTL_PORT_NONE)
2009			 && (entry->targ_port == port->targ_port)) {
2010				/*
2011				 * If the user only wants to enable or
2012				 * disable or set WWNs on a specific port,
2013				 * do the operation and we're done.
2014				 */
2015				action = 1;
2016				done = 1;
2017			} else if (entry->port_type & port->port_type) {
2018				/*
2019				 * Compare the user's type mask with the
2020				 * particular frontend type to see if we
2021				 * have a match.
2022				 */
2023				action = 1;
2024				done = 0;
2025
2026				/*
2027				 * Make sure the user isn't trying to set
2028				 * WWNs on multiple ports at the same time.
2029				 */
2030				if (cmd == CTL_SET_PORT_WWNS) {
2031					printf("%s: Can't set WWNs on "
2032					       "multiple ports\n", __func__);
2033					retval = EINVAL;
2034					break;
2035				}
2036			}
2037			if (action != 0) {
2038				/*
2039				 * XXX KDM we have to drop the lock here,
2040				 * because the online/offline operations
2041				 * can potentially block.  We need to
2042				 * reference count the frontends so they
2043				 * can't go away,
2044				 */
2045				mtx_unlock(&softc->ctl_lock);
2046
2047				if (cmd == CTL_ENABLE_PORT) {
2048					ctl_port_online(port);
2049				} else if (cmd == CTL_DISABLE_PORT) {
2050					ctl_port_offline(port);
2051				}
2052
2053				mtx_lock(&softc->ctl_lock);
2054
2055				if (cmd == CTL_SET_PORT_WWNS)
2056					ctl_port_set_wwns(port,
2057					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2058					    1 : 0, entry->wwnn,
2059					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2060					    1 : 0, entry->wwpn);
2061			}
2062			if (done != 0)
2063				break;
2064		}
2065		mtx_unlock(&softc->ctl_lock);
2066		break;
2067	}
2068	case CTL_GET_PORT_LIST: {
2069		struct ctl_port *port;
2070		struct ctl_port_list *list;
2071		int i;
2072
2073		list = (struct ctl_port_list *)addr;
2074
2075		if (list->alloc_len != (list->alloc_num *
2076		    sizeof(struct ctl_port_entry))) {
2077			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2078			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2079			       "%zu\n", __func__, list->alloc_len,
2080			       list->alloc_num, sizeof(struct ctl_port_entry));
2081			retval = EINVAL;
2082			break;
2083		}
2084		list->fill_len = 0;
2085		list->fill_num = 0;
2086		list->dropped_num = 0;
2087		i = 0;
2088		mtx_lock(&softc->ctl_lock);
2089		STAILQ_FOREACH(port, &softc->port_list, links) {
2090			struct ctl_port_entry entry, *list_entry;
2091
2092			if (list->fill_num >= list->alloc_num) {
2093				list->dropped_num++;
2094				continue;
2095			}
2096
2097			entry.port_type = port->port_type;
2098			strlcpy(entry.port_name, port->port_name,
2099				sizeof(entry.port_name));
2100			entry.targ_port = port->targ_port;
2101			entry.physical_port = port->physical_port;
2102			entry.virtual_port = port->virtual_port;
2103			entry.wwnn = port->wwnn;
2104			entry.wwpn = port->wwpn;
2105			if (port->status & CTL_PORT_STATUS_ONLINE)
2106				entry.online = 1;
2107			else
2108				entry.online = 0;
2109
2110			list_entry = &list->entries[i];
2111
2112			retval = copyout(&entry, list_entry, sizeof(entry));
2113			if (retval != 0) {
2114				printf("%s: CTL_GET_PORT_LIST: copyout "
2115				       "returned %d\n", __func__, retval);
2116				break;
2117			}
2118			i++;
2119			list->fill_num++;
2120			list->fill_len += sizeof(entry);
2121		}
2122		mtx_unlock(&softc->ctl_lock);
2123
2124		/*
2125		 * If this is non-zero, we had a copyout fault, so there's
2126		 * probably no point in attempting to set the status inside
2127		 * the structure.
2128		 */
2129		if (retval != 0)
2130			break;
2131
2132		if (list->dropped_num > 0)
2133			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2134		else
2135			list->status = CTL_PORT_LIST_OK;
2136		break;
2137	}
2138	case CTL_DUMP_OOA: {
2139		struct ctl_lun *lun;
2140		union ctl_io *io;
2141		char printbuf[128];
2142		struct sbuf sb;
2143
2144		mtx_lock(&softc->ctl_lock);
2145		printf("Dumping OOA queues:\n");
2146		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2147			mtx_lock(&lun->lun_lock);
2148			for (io = (union ctl_io *)TAILQ_FIRST(
2149			     &lun->ooa_queue); io != NULL;
2150			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2151			     ooa_links)) {
2152				sbuf_new(&sb, printbuf, sizeof(printbuf),
2153					 SBUF_FIXEDLEN);
2154				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2155					    (intmax_t)lun->lun,
2156					    io->scsiio.tag_num,
2157					    (io->io_hdr.flags &
2158					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2159					    (io->io_hdr.flags &
2160					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2161					    (io->io_hdr.flags &
2162					    CTL_FLAG_ABORT) ? " ABORT" : "",
2163			                    (io->io_hdr.flags &
2164		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2165				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2166				sbuf_finish(&sb);
2167				printf("%s\n", sbuf_data(&sb));
2168			}
2169			mtx_unlock(&lun->lun_lock);
2170		}
2171		printf("OOA queues dump done\n");
2172		mtx_unlock(&softc->ctl_lock);
2173		break;
2174	}
2175	case CTL_GET_OOA: {
2176		struct ctl_lun *lun;
2177		struct ctl_ooa *ooa_hdr;
2178		struct ctl_ooa_entry *entries;
2179		uint32_t cur_fill_num;
2180
2181		ooa_hdr = (struct ctl_ooa *)addr;
2182
2183		if ((ooa_hdr->alloc_len == 0)
2184		 || (ooa_hdr->alloc_num == 0)) {
2185			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2186			       "must be non-zero\n", __func__,
2187			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2188			retval = EINVAL;
2189			break;
2190		}
2191
2192		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2193		    sizeof(struct ctl_ooa_entry))) {
2194			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2195			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2196			       __func__, ooa_hdr->alloc_len,
2197			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2198			retval = EINVAL;
2199			break;
2200		}
2201
2202		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2203		if (entries == NULL) {
2204			printf("%s: could not allocate %d bytes for OOA "
2205			       "dump\n", __func__, ooa_hdr->alloc_len);
2206			retval = ENOMEM;
2207			break;
2208		}
2209
2210		mtx_lock(&softc->ctl_lock);
2211		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2212		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2213		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2214			mtx_unlock(&softc->ctl_lock);
2215			free(entries, M_CTL);
2216			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2217			       __func__, (uintmax_t)ooa_hdr->lun_num);
2218			retval = EINVAL;
2219			break;
2220		}
2221
2222		cur_fill_num = 0;
2223
2224		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2225			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2226				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2227					ooa_hdr, entries);
2228				if (retval != 0)
2229					break;
2230			}
2231			if (retval != 0) {
2232				mtx_unlock(&softc->ctl_lock);
2233				free(entries, M_CTL);
2234				break;
2235			}
2236		} else {
2237			lun = softc->ctl_luns[ooa_hdr->lun_num];
2238
2239			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2240						    entries);
2241		}
2242		mtx_unlock(&softc->ctl_lock);
2243
2244		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2245		ooa_hdr->fill_len = ooa_hdr->fill_num *
2246			sizeof(struct ctl_ooa_entry);
2247		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2248		if (retval != 0) {
2249			printf("%s: error copying out %d bytes for OOA dump\n",
2250			       __func__, ooa_hdr->fill_len);
2251		}
2252
2253		getbintime(&ooa_hdr->cur_bt);
2254
2255		if (cur_fill_num > ooa_hdr->alloc_num) {
2256			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2257			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2258		} else {
2259			ooa_hdr->dropped_num = 0;
2260			ooa_hdr->status = CTL_OOA_OK;
2261		}
2262
2263		free(entries, M_CTL);
2264		break;
2265	}
2266	case CTL_CHECK_OOA: {
2267		union ctl_io *io;
2268		struct ctl_lun *lun;
2269		struct ctl_ooa_info *ooa_info;
2270
2271
2272		ooa_info = (struct ctl_ooa_info *)addr;
2273
2274		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2275			ooa_info->status = CTL_OOA_INVALID_LUN;
2276			break;
2277		}
2278		mtx_lock(&softc->ctl_lock);
2279		lun = softc->ctl_luns[ooa_info->lun_id];
2280		if (lun == NULL) {
2281			mtx_unlock(&softc->ctl_lock);
2282			ooa_info->status = CTL_OOA_INVALID_LUN;
2283			break;
2284		}
2285		mtx_lock(&lun->lun_lock);
2286		mtx_unlock(&softc->ctl_lock);
2287		ooa_info->num_entries = 0;
2288		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2289		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2290		     &io->io_hdr, ooa_links)) {
2291			ooa_info->num_entries++;
2292		}
2293		mtx_unlock(&lun->lun_lock);
2294
2295		ooa_info->status = CTL_OOA_SUCCESS;
2296
2297		break;
2298	}
2299	case CTL_DELAY_IO: {
2300		struct ctl_io_delay_info *delay_info;
2301#ifdef CTL_IO_DELAY
2302		struct ctl_lun *lun;
2303#endif /* CTL_IO_DELAY */
2304
2305		delay_info = (struct ctl_io_delay_info *)addr;
2306
2307#ifdef CTL_IO_DELAY
2308		mtx_lock(&softc->ctl_lock);
2309
2310		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2311		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2312			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2313		} else {
2314			lun = softc->ctl_luns[delay_info->lun_id];
2315			mtx_lock(&lun->lun_lock);
2316
2317			delay_info->status = CTL_DELAY_STATUS_OK;
2318
2319			switch (delay_info->delay_type) {
2320			case CTL_DELAY_TYPE_CONT:
2321				break;
2322			case CTL_DELAY_TYPE_ONESHOT:
2323				break;
2324			default:
2325				delay_info->status =
2326					CTL_DELAY_STATUS_INVALID_TYPE;
2327				break;
2328			}
2329
2330			switch (delay_info->delay_loc) {
2331			case CTL_DELAY_LOC_DATAMOVE:
2332				lun->delay_info.datamove_type =
2333					delay_info->delay_type;
2334				lun->delay_info.datamove_delay =
2335					delay_info->delay_secs;
2336				break;
2337			case CTL_DELAY_LOC_DONE:
2338				lun->delay_info.done_type =
2339					delay_info->delay_type;
2340				lun->delay_info.done_delay =
2341					delay_info->delay_secs;
2342				break;
2343			default:
2344				delay_info->status =
2345					CTL_DELAY_STATUS_INVALID_LOC;
2346				break;
2347			}
2348			mtx_unlock(&lun->lun_lock);
2349		}
2350
2351		mtx_unlock(&softc->ctl_lock);
2352#else
2353		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2354#endif /* CTL_IO_DELAY */
2355		break;
2356	}
2357	case CTL_REALSYNC_SET: {
2358		int *syncstate;
2359
2360		syncstate = (int *)addr;
2361
2362		mtx_lock(&softc->ctl_lock);
2363		switch (*syncstate) {
2364		case 0:
2365			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2366			break;
2367		case 1:
2368			softc->flags |= CTL_FLAG_REAL_SYNC;
2369			break;
2370		default:
2371			retval = EINVAL;
2372			break;
2373		}
2374		mtx_unlock(&softc->ctl_lock);
2375		break;
2376	}
2377	case CTL_REALSYNC_GET: {
2378		int *syncstate;
2379
2380		syncstate = (int*)addr;
2381
2382		mtx_lock(&softc->ctl_lock);
2383		if (softc->flags & CTL_FLAG_REAL_SYNC)
2384			*syncstate = 1;
2385		else
2386			*syncstate = 0;
2387		mtx_unlock(&softc->ctl_lock);
2388
2389		break;
2390	}
2391	case CTL_SETSYNC:
2392	case CTL_GETSYNC: {
2393		struct ctl_sync_info *sync_info;
2394		struct ctl_lun *lun;
2395
2396		sync_info = (struct ctl_sync_info *)addr;
2397
2398		mtx_lock(&softc->ctl_lock);
2399		lun = softc->ctl_luns[sync_info->lun_id];
2400		if (lun == NULL) {
2401			mtx_unlock(&softc->ctl_lock);
2402			sync_info->status = CTL_GS_SYNC_NO_LUN;
2403		}
2404		/*
2405		 * Get or set the sync interval.  We're not bounds checking
2406		 * in the set case, hopefully the user won't do something
2407		 * silly.
2408		 */
2409		mtx_lock(&lun->lun_lock);
2410		mtx_unlock(&softc->ctl_lock);
2411		if (cmd == CTL_GETSYNC)
2412			sync_info->sync_interval = lun->sync_interval;
2413		else
2414			lun->sync_interval = sync_info->sync_interval;
2415		mtx_unlock(&lun->lun_lock);
2416
2417		sync_info->status = CTL_GS_SYNC_OK;
2418
2419		break;
2420	}
2421	case CTL_GETSTATS: {
2422		struct ctl_stats *stats;
2423		struct ctl_lun *lun;
2424		int i;
2425
2426		stats = (struct ctl_stats *)addr;
2427
2428		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2429		     stats->alloc_len) {
2430			stats->status = CTL_SS_NEED_MORE_SPACE;
2431			stats->num_luns = softc->num_luns;
2432			break;
2433		}
2434		/*
2435		 * XXX KDM no locking here.  If the LUN list changes,
2436		 * things can blow up.
2437		 */
2438		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2439		     i++, lun = STAILQ_NEXT(lun, links)) {
2440			retval = copyout(&lun->stats, &stats->lun_stats[i],
2441					 sizeof(lun->stats));
2442			if (retval != 0)
2443				break;
2444		}
2445		stats->num_luns = softc->num_luns;
2446		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2447				 softc->num_luns;
2448		stats->status = CTL_SS_OK;
2449#ifdef CTL_TIME_IO
2450		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2451#else
2452		stats->flags = CTL_STATS_FLAG_NONE;
2453#endif
2454		getnanouptime(&stats->timestamp);
2455		break;
2456	}
2457	case CTL_ERROR_INJECT: {
2458		struct ctl_error_desc *err_desc, *new_err_desc;
2459		struct ctl_lun *lun;
2460
2461		err_desc = (struct ctl_error_desc *)addr;
2462
2463		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2464				      M_WAITOK | M_ZERO);
2465		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2466
2467		mtx_lock(&softc->ctl_lock);
2468		lun = softc->ctl_luns[err_desc->lun_id];
2469		if (lun == NULL) {
2470			mtx_unlock(&softc->ctl_lock);
2471			free(new_err_desc, M_CTL);
2472			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2473			       __func__, (uintmax_t)err_desc->lun_id);
2474			retval = EINVAL;
2475			break;
2476		}
2477		mtx_lock(&lun->lun_lock);
2478		mtx_unlock(&softc->ctl_lock);
2479
2480		/*
2481		 * We could do some checking here to verify the validity
2482		 * of the request, but given the complexity of error
2483		 * injection requests, the checking logic would be fairly
2484		 * complex.
2485		 *
2486		 * For now, if the request is invalid, it just won't get
2487		 * executed and might get deleted.
2488		 */
2489		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2490
2491		/*
2492		 * XXX KDM check to make sure the serial number is unique,
2493		 * in case we somehow manage to wrap.  That shouldn't
2494		 * happen for a very long time, but it's the right thing to
2495		 * do.
2496		 */
2497		new_err_desc->serial = lun->error_serial;
2498		err_desc->serial = lun->error_serial;
2499		lun->error_serial++;
2500
2501		mtx_unlock(&lun->lun_lock);
2502		break;
2503	}
2504	case CTL_ERROR_INJECT_DELETE: {
2505		struct ctl_error_desc *delete_desc, *desc, *desc2;
2506		struct ctl_lun *lun;
2507		int delete_done;
2508
2509		delete_desc = (struct ctl_error_desc *)addr;
2510		delete_done = 0;
2511
2512		mtx_lock(&softc->ctl_lock);
2513		lun = softc->ctl_luns[delete_desc->lun_id];
2514		if (lun == NULL) {
2515			mtx_unlock(&softc->ctl_lock);
2516			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2517			       __func__, (uintmax_t)delete_desc->lun_id);
2518			retval = EINVAL;
2519			break;
2520		}
2521		mtx_lock(&lun->lun_lock);
2522		mtx_unlock(&softc->ctl_lock);
2523		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2524			if (desc->serial != delete_desc->serial)
2525				continue;
2526
2527			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2528				      links);
2529			free(desc, M_CTL);
2530			delete_done = 1;
2531		}
2532		mtx_unlock(&lun->lun_lock);
2533		if (delete_done == 0) {
2534			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2535			       "error serial %ju on LUN %u\n", __func__,
2536			       delete_desc->serial, delete_desc->lun_id);
2537			retval = EINVAL;
2538			break;
2539		}
2540		break;
2541	}
2542	case CTL_DUMP_STRUCTS: {
2543		int i, j, k;
2544		struct ctl_port *port;
2545		struct ctl_frontend *fe;
2546
2547		mtx_lock(&softc->ctl_lock);
2548		printf("CTL Persistent Reservation information start:\n");
2549		for (i = 0; i < CTL_MAX_LUNS; i++) {
2550			struct ctl_lun *lun;
2551
2552			lun = softc->ctl_luns[i];
2553
2554			if ((lun == NULL)
2555			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2556				continue;
2557
2558			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
2559				if (lun->pr_keys[j] == NULL)
2560					continue;
2561				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2562					if (lun->pr_keys[j][k] == 0)
2563						continue;
2564					printf("  LUN %d port %d iid %d key "
2565					       "%#jx\n", i, j, k,
2566					       (uintmax_t)lun->pr_keys[j][k]);
2567				}
2568			}
2569		}
2570		printf("CTL Persistent Reservation information end\n");
2571		printf("CTL Ports:\n");
2572		STAILQ_FOREACH(port, &softc->port_list, links) {
2573			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2574			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2575			       port->frontend->name, port->port_type,
2576			       port->physical_port, port->virtual_port,
2577			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2578			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2579				if (port->wwpn_iid[j].in_use == 0 &&
2580				    port->wwpn_iid[j].wwpn == 0 &&
2581				    port->wwpn_iid[j].name == NULL)
2582					continue;
2583
2584				printf("    iid %u use %d WWPN %#jx '%s'\n",
2585				    j, port->wwpn_iid[j].in_use,
2586				    (uintmax_t)port->wwpn_iid[j].wwpn,
2587				    port->wwpn_iid[j].name);
2588			}
2589		}
2590		printf("CTL Port information end\n");
2591		mtx_unlock(&softc->ctl_lock);
2592		/*
2593		 * XXX KDM calling this without a lock.  We'd likely want
2594		 * to drop the lock before calling the frontend's dump
2595		 * routine anyway.
2596		 */
2597		printf("CTL Frontends:\n");
2598		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2599			printf("  Frontend '%s'\n", fe->name);
2600			if (fe->fe_dump != NULL)
2601				fe->fe_dump();
2602		}
2603		printf("CTL Frontend information end\n");
2604		break;
2605	}
2606	case CTL_LUN_REQ: {
2607		struct ctl_lun_req *lun_req;
2608		struct ctl_backend_driver *backend;
2609
2610		lun_req = (struct ctl_lun_req *)addr;
2611
2612		backend = ctl_backend_find(lun_req->backend);
2613		if (backend == NULL) {
2614			lun_req->status = CTL_LUN_ERROR;
2615			snprintf(lun_req->error_str,
2616				 sizeof(lun_req->error_str),
2617				 "Backend \"%s\" not found.",
2618				 lun_req->backend);
2619			break;
2620		}
2621		if (lun_req->num_be_args > 0) {
2622			lun_req->kern_be_args = ctl_copyin_args(
2623				lun_req->num_be_args,
2624				lun_req->be_args,
2625				lun_req->error_str,
2626				sizeof(lun_req->error_str));
2627			if (lun_req->kern_be_args == NULL) {
2628				lun_req->status = CTL_LUN_ERROR;
2629				break;
2630			}
2631		}
2632
2633		retval = backend->ioctl(dev, cmd, addr, flag, td);
2634
2635		if (lun_req->num_be_args > 0) {
2636			ctl_copyout_args(lun_req->num_be_args,
2637				      lun_req->kern_be_args);
2638			ctl_free_args(lun_req->num_be_args,
2639				      lun_req->kern_be_args);
2640		}
2641		break;
2642	}
2643	case CTL_LUN_LIST: {
2644		struct sbuf *sb;
2645		struct ctl_lun *lun;
2646		struct ctl_lun_list *list;
2647		struct ctl_option *opt;
2648
2649		list = (struct ctl_lun_list *)addr;
2650
2651		/*
2652		 * Allocate a fixed length sbuf here, based on the length
2653		 * of the user's buffer.  We could allocate an auto-extending
2654		 * buffer, and then tell the user how much larger our
2655		 * amount of data is than his buffer, but that presents
2656		 * some problems:
2657		 *
2658		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2659		 *     we can't hold a lock while calling them with an
2660		 *     auto-extending buffer.
2661 		 *
2662		 * 2.  There is not currently a LUN reference counting
2663		 *     mechanism, outside of outstanding transactions on
2664		 *     the LUN's OOA queue.  So a LUN could go away on us
2665		 *     while we're getting the LUN number, backend-specific
2666		 *     information, etc.  Thus, given the way things
2667		 *     currently work, we need to hold the CTL lock while
2668		 *     grabbing LUN information.
2669		 *
2670		 * So, from the user's standpoint, the best thing to do is
2671		 * allocate what he thinks is a reasonable buffer length,
2672		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2673		 * double the buffer length and try again.  (And repeat
2674		 * that until he succeeds.)
2675		 */
2676		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2677		if (sb == NULL) {
2678			list->status = CTL_LUN_LIST_ERROR;
2679			snprintf(list->error_str, sizeof(list->error_str),
2680				 "Unable to allocate %d bytes for LUN list",
2681				 list->alloc_len);
2682			break;
2683		}
2684
2685		sbuf_printf(sb, "<ctllunlist>\n");
2686
2687		mtx_lock(&softc->ctl_lock);
2688		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2689			mtx_lock(&lun->lun_lock);
2690			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2691					     (uintmax_t)lun->lun);
2692
2693			/*
2694			 * Bail out as soon as we see that we've overfilled
2695			 * the buffer.
2696			 */
2697			if (retval != 0)
2698				break;
2699
2700			retval = sbuf_printf(sb, "\t<backend_type>%s"
2701					     "</backend_type>\n",
2702					     (lun->backend == NULL) ?  "none" :
2703					     lun->backend->name);
2704
2705			if (retval != 0)
2706				break;
2707
2708			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
2709					     lun->be_lun->lun_type);
2710
2711			if (retval != 0)
2712				break;
2713
2714			if (lun->backend == NULL) {
2715				retval = sbuf_printf(sb, "</lun>\n");
2716				if (retval != 0)
2717					break;
2718				continue;
2719			}
2720
2721			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
2722					     (lun->be_lun->maxlba > 0) ?
2723					     lun->be_lun->maxlba + 1 : 0);
2724
2725			if (retval != 0)
2726				break;
2727
2728			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
2729					     lun->be_lun->blocksize);
2730
2731			if (retval != 0)
2732				break;
2733
2734			retval = sbuf_printf(sb, "\t<serial_number>");
2735
2736			if (retval != 0)
2737				break;
2738
2739			retval = ctl_sbuf_printf_esc(sb,
2740			    lun->be_lun->serial_num,
2741			    sizeof(lun->be_lun->serial_num));
2742
2743			if (retval != 0)
2744				break;
2745
2746			retval = sbuf_printf(sb, "</serial_number>\n");
2747
2748			if (retval != 0)
2749				break;
2750
2751			retval = sbuf_printf(sb, "\t<device_id>");
2752
2753			if (retval != 0)
2754				break;
2755
2756			retval = ctl_sbuf_printf_esc(sb,
2757			    lun->be_lun->device_id,
2758			    sizeof(lun->be_lun->device_id));
2759
2760			if (retval != 0)
2761				break;
2762
2763			retval = sbuf_printf(sb, "</device_id>\n");
2764
2765			if (retval != 0)
2766				break;
2767
2768			if (lun->backend->lun_info != NULL) {
2769				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
2770				if (retval != 0)
2771					break;
2772			}
2773			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
2774				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
2775				    opt->name, opt->value, opt->name);
2776				if (retval != 0)
2777					break;
2778			}
2779
2780			retval = sbuf_printf(sb, "</lun>\n");
2781
2782			if (retval != 0)
2783				break;
2784			mtx_unlock(&lun->lun_lock);
2785		}
2786		if (lun != NULL)
2787			mtx_unlock(&lun->lun_lock);
2788		mtx_unlock(&softc->ctl_lock);
2789
2790		if ((retval != 0)
2791		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
2792			retval = 0;
2793			sbuf_delete(sb);
2794			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
2795			snprintf(list->error_str, sizeof(list->error_str),
2796				 "Out of space, %d bytes is too small",
2797				 list->alloc_len);
2798			break;
2799		}
2800
2801		sbuf_finish(sb);
2802
2803		retval = copyout(sbuf_data(sb), list->lun_xml,
2804				 sbuf_len(sb) + 1);
2805
2806		list->fill_len = sbuf_len(sb) + 1;
2807		list->status = CTL_LUN_LIST_OK;
2808		sbuf_delete(sb);
2809		break;
2810	}
2811	case CTL_ISCSI: {
2812		struct ctl_iscsi *ci;
2813		struct ctl_frontend *fe;
2814
2815		ci = (struct ctl_iscsi *)addr;
2816
2817		fe = ctl_frontend_find("iscsi");
2818		if (fe == NULL) {
2819			ci->status = CTL_ISCSI_ERROR;
2820			snprintf(ci->error_str, sizeof(ci->error_str),
2821			    "Frontend \"iscsi\" not found.");
2822			break;
2823		}
2824
2825		retval = fe->ioctl(dev, cmd, addr, flag, td);
2826		break;
2827	}
2828	case CTL_PORT_REQ: {
2829		struct ctl_req *req;
2830		struct ctl_frontend *fe;
2831
2832		req = (struct ctl_req *)addr;
2833
2834		fe = ctl_frontend_find(req->driver);
2835		if (fe == NULL) {
2836			req->status = CTL_LUN_ERROR;
2837			snprintf(req->error_str, sizeof(req->error_str),
2838			    "Frontend \"%s\" not found.", req->driver);
2839			break;
2840		}
2841		if (req->num_args > 0) {
2842			req->kern_args = ctl_copyin_args(req->num_args,
2843			    req->args, req->error_str, sizeof(req->error_str));
2844			if (req->kern_args == NULL) {
2845				req->status = CTL_LUN_ERROR;
2846				break;
2847			}
2848		}
2849
2850		retval = fe->ioctl(dev, cmd, addr, flag, td);
2851
2852		if (req->num_args > 0) {
2853			ctl_copyout_args(req->num_args, req->kern_args);
2854			ctl_free_args(req->num_args, req->kern_args);
2855		}
2856		break;
2857	}
2858	case CTL_PORT_LIST: {
2859		struct sbuf *sb;
2860		struct ctl_port *port;
2861		struct ctl_lun_list *list;
2862		struct ctl_option *opt;
2863		int j;
2864		uint32_t plun;
2865
2866		list = (struct ctl_lun_list *)addr;
2867
2868		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2869		if (sb == NULL) {
2870			list->status = CTL_LUN_LIST_ERROR;
2871			snprintf(list->error_str, sizeof(list->error_str),
2872				 "Unable to allocate %d bytes for LUN list",
2873				 list->alloc_len);
2874			break;
2875		}
2876
2877		sbuf_printf(sb, "<ctlportlist>\n");
2878
2879		mtx_lock(&softc->ctl_lock);
2880		STAILQ_FOREACH(port, &softc->port_list, links) {
2881			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
2882					     (uintmax_t)port->targ_port);
2883
2884			/*
2885			 * Bail out as soon as we see that we've overfilled
2886			 * the buffer.
2887			 */
2888			if (retval != 0)
2889				break;
2890
2891			retval = sbuf_printf(sb, "\t<frontend_type>%s"
2892			    "</frontend_type>\n", port->frontend->name);
2893			if (retval != 0)
2894				break;
2895
2896			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
2897					     port->port_type);
2898			if (retval != 0)
2899				break;
2900
2901			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
2902			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
2903			if (retval != 0)
2904				break;
2905
2906			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
2907			    port->port_name);
2908			if (retval != 0)
2909				break;
2910
2911			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
2912			    port->physical_port);
2913			if (retval != 0)
2914				break;
2915
2916			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
2917			    port->virtual_port);
2918			if (retval != 0)
2919				break;
2920
2921			if (port->target_devid != NULL) {
2922				sbuf_printf(sb, "\t<target>");
2923				ctl_id_sbuf(port->target_devid, sb);
2924				sbuf_printf(sb, "</target>\n");
2925			}
2926
2927			if (port->port_devid != NULL) {
2928				sbuf_printf(sb, "\t<port>");
2929				ctl_id_sbuf(port->port_devid, sb);
2930				sbuf_printf(sb, "</port>\n");
2931			}
2932
2933			if (port->port_info != NULL) {
2934				retval = port->port_info(port->onoff_arg, sb);
2935				if (retval != 0)
2936					break;
2937			}
2938			STAILQ_FOREACH(opt, &port->options, links) {
2939				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
2940				    opt->name, opt->value, opt->name);
2941				if (retval != 0)
2942					break;
2943			}
2944
2945			if (port->lun_map != NULL) {
2946				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
2947				for (j = 0; j < CTL_MAX_LUNS; j++) {
2948					plun = ctl_lun_map_from_port(port, j);
2949					if (plun >= CTL_MAX_LUNS)
2950						continue;
2951					sbuf_printf(sb,
2952					    "\t<lun id=\"%u\">%u</lun>\n",
2953					    j, plun);
2954				}
2955			}
2956
2957			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2958				if (port->wwpn_iid[j].in_use == 0 ||
2959				    (port->wwpn_iid[j].wwpn == 0 &&
2960				     port->wwpn_iid[j].name == NULL))
2961					continue;
2962
2963				if (port->wwpn_iid[j].name != NULL)
2964					retval = sbuf_printf(sb,
2965					    "\t<initiator id=\"%u\">%s</initiator>\n",
2966					    j, port->wwpn_iid[j].name);
2967				else
2968					retval = sbuf_printf(sb,
2969					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
2970					    j, port->wwpn_iid[j].wwpn);
2971				if (retval != 0)
2972					break;
2973			}
2974			if (retval != 0)
2975				break;
2976
2977			retval = sbuf_printf(sb, "</targ_port>\n");
2978			if (retval != 0)
2979				break;
2980		}
2981		mtx_unlock(&softc->ctl_lock);
2982
2983		if ((retval != 0)
2984		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
2985			retval = 0;
2986			sbuf_delete(sb);
2987			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
2988			snprintf(list->error_str, sizeof(list->error_str),
2989				 "Out of space, %d bytes is too small",
2990				 list->alloc_len);
2991			break;
2992		}
2993
2994		sbuf_finish(sb);
2995
2996		retval = copyout(sbuf_data(sb), list->lun_xml,
2997				 sbuf_len(sb) + 1);
2998
2999		list->fill_len = sbuf_len(sb) + 1;
3000		list->status = CTL_LUN_LIST_OK;
3001		sbuf_delete(sb);
3002		break;
3003	}
3004	case CTL_LUN_MAP: {
3005		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3006		struct ctl_port *port;
3007
3008		mtx_lock(&softc->ctl_lock);
3009		if (lm->port >= CTL_MAX_PORTS ||
3010		    (port = softc->ctl_ports[lm->port]) == NULL) {
3011			mtx_unlock(&softc->ctl_lock);
3012			return (ENXIO);
3013		}
3014		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3015		if (lm->plun < CTL_MAX_LUNS) {
3016			if (lm->lun == UINT32_MAX)
3017				retval = ctl_lun_map_unset(port, lm->plun);
3018			else if (lm->lun < CTL_MAX_LUNS &&
3019			    softc->ctl_luns[lm->lun] != NULL)
3020				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3021			else
3022				return (ENXIO);
3023		} else if (lm->plun == UINT32_MAX) {
3024			if (lm->lun == UINT32_MAX)
3025				retval = ctl_lun_map_deinit(port);
3026			else
3027				retval = ctl_lun_map_init(port);
3028		} else
3029			return (ENXIO);
3030		break;
3031	}
3032	default: {
3033		/* XXX KDM should we fix this? */
3034#if 0
3035		struct ctl_backend_driver *backend;
3036		unsigned int type;
3037		int found;
3038
3039		found = 0;
3040
3041		/*
3042		 * We encode the backend type as the ioctl type for backend
3043		 * ioctls.  So parse it out here, and then search for a
3044		 * backend of this type.
3045		 */
3046		type = _IOC_TYPE(cmd);
3047
3048		STAILQ_FOREACH(backend, &softc->be_list, links) {
3049			if (backend->type == type) {
3050				found = 1;
3051				break;
3052			}
3053		}
3054		if (found == 0) {
3055			printf("ctl: unknown ioctl command %#lx or backend "
3056			       "%d\n", cmd, type);
3057			retval = EINVAL;
3058			break;
3059		}
3060		retval = backend->ioctl(dev, cmd, addr, flag, td);
3061#endif
3062		retval = ENOTTY;
3063		break;
3064	}
3065	}
3066	return (retval);
3067}
3068
3069uint32_t
3070ctl_get_initindex(struct ctl_nexus *nexus)
3071{
3072	if (nexus->targ_port < CTL_MAX_PORTS)
3073		return (nexus->initid.id +
3074			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3075	else
3076		return (nexus->initid.id +
3077		       ((nexus->targ_port - CTL_MAX_PORTS) *
3078			CTL_MAX_INIT_PER_PORT));
3079}
3080
3081uint32_t
3082ctl_get_resindex(struct ctl_nexus *nexus)
3083{
3084	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3085}
3086
3087uint32_t
3088ctl_port_idx(int port_num)
3089{
3090	if (port_num < CTL_MAX_PORTS)
3091		return(port_num);
3092	else
3093		return(port_num - CTL_MAX_PORTS);
3094}
3095
3096int
3097ctl_lun_map_init(struct ctl_port *port)
3098{
3099	struct ctl_softc *softc = control_softc;
3100	struct ctl_lun *lun;
3101	uint32_t i;
3102
3103	if (port->lun_map == NULL)
3104		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3105		    M_CTL, M_NOWAIT);
3106	if (port->lun_map == NULL)
3107		return (ENOMEM);
3108	for (i = 0; i < CTL_MAX_LUNS; i++)
3109		port->lun_map[i] = UINT32_MAX;
3110	if (port->status & CTL_PORT_STATUS_ONLINE &&
3111	    port->lun_disable != NULL) {
3112		STAILQ_FOREACH(lun, &softc->lun_list, links)
3113			port->lun_disable(port->targ_lun_arg, lun->lun);
3114	}
3115	return (0);
3116}
3117
3118int
3119ctl_lun_map_deinit(struct ctl_port *port)
3120{
3121	struct ctl_softc *softc = control_softc;
3122	struct ctl_lun *lun;
3123
3124	if (port->lun_map == NULL)
3125		return (0);
3126	free(port->lun_map, M_CTL);
3127	port->lun_map = NULL;
3128	if (port->status & CTL_PORT_STATUS_ONLINE &&
3129	    port->lun_enable != NULL) {
3130		STAILQ_FOREACH(lun, &softc->lun_list, links)
3131			port->lun_enable(port->targ_lun_arg, lun->lun);
3132	}
3133	return (0);
3134}
3135
3136int
3137ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3138{
3139	int status;
3140	uint32_t old;
3141
3142	if (port->lun_map == NULL) {
3143		status = ctl_lun_map_init(port);
3144		if (status != 0)
3145			return (status);
3146	}
3147	old = port->lun_map[plun];
3148	port->lun_map[plun] = glun;
3149	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS &&
3150	    port->lun_enable != NULL)
3151		port->lun_enable(port->targ_lun_arg, plun);
3152	return (0);
3153}
3154
3155int
3156ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3157{
3158	uint32_t old;
3159
3160	if (port->lun_map == NULL)
3161		return (0);
3162	old = port->lun_map[plun];
3163	port->lun_map[plun] = UINT32_MAX;
3164	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS &&
3165	    port->lun_disable != NULL)
3166		port->lun_disable(port->targ_lun_arg, plun);
3167	return (0);
3168}
3169
3170uint32_t
3171ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3172{
3173
3174	if (port == NULL)
3175		return (UINT32_MAX);
3176	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3177		return (lun_id);
3178	return (port->lun_map[lun_id]);
3179}
3180
3181uint32_t
3182ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3183{
3184	uint32_t i;
3185
3186	if (port == NULL)
3187		return (UINT32_MAX);
3188	if (port->lun_map == NULL)
3189		return (lun_id);
3190	for (i = 0; i < CTL_MAX_LUNS; i++) {
3191		if (port->lun_map[i] == lun_id)
3192			return (i);
3193	}
3194	return (UINT32_MAX);
3195}
3196
3197static struct ctl_port *
3198ctl_io_port(struct ctl_io_hdr *io_hdr)
3199{
3200	int port_num;
3201
3202	port_num = io_hdr->nexus.targ_port;
3203	return (control_softc->ctl_ports[ctl_port_idx(port_num)]);
3204}
3205
3206/*
3207 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3208 * that are a power of 2.
3209 */
3210int
3211ctl_ffz(uint32_t *mask, uint32_t size)
3212{
3213	uint32_t num_chunks, num_pieces;
3214	int i, j;
3215
3216	num_chunks = (size >> 5);
3217	if (num_chunks == 0)
3218		num_chunks++;
3219	num_pieces = MIN((sizeof(uint32_t) * 8), size);
3220
3221	for (i = 0; i < num_chunks; i++) {
3222		for (j = 0; j < num_pieces; j++) {
3223			if ((mask[i] & (1 << j)) == 0)
3224				return ((i << 5) + j);
3225		}
3226	}
3227
3228	return (-1);
3229}
3230
3231int
3232ctl_set_mask(uint32_t *mask, uint32_t bit)
3233{
3234	uint32_t chunk, piece;
3235
3236	chunk = bit >> 5;
3237	piece = bit % (sizeof(uint32_t) * 8);
3238
3239	if ((mask[chunk] & (1 << piece)) != 0)
3240		return (-1);
3241	else
3242		mask[chunk] |= (1 << piece);
3243
3244	return (0);
3245}
3246
3247int
3248ctl_clear_mask(uint32_t *mask, uint32_t bit)
3249{
3250	uint32_t chunk, piece;
3251
3252	chunk = bit >> 5;
3253	piece = bit % (sizeof(uint32_t) * 8);
3254
3255	if ((mask[chunk] & (1 << piece)) == 0)
3256		return (-1);
3257	else
3258		mask[chunk] &= ~(1 << piece);
3259
3260	return (0);
3261}
3262
3263int
3264ctl_is_set(uint32_t *mask, uint32_t bit)
3265{
3266	uint32_t chunk, piece;
3267
3268	chunk = bit >> 5;
3269	piece = bit % (sizeof(uint32_t) * 8);
3270
3271	if ((mask[chunk] & (1 << piece)) == 0)
3272		return (0);
3273	else
3274		return (1);
3275}
3276
3277static uint64_t
3278ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3279{
3280	uint64_t *t;
3281
3282	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3283	if (t == NULL)
3284		return (0);
3285	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3286}
3287
3288static void
3289ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3290{
3291	uint64_t *t;
3292
3293	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3294	if (t == NULL)
3295		return;
3296	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3297}
3298
3299static void
3300ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3301{
3302	uint64_t *p;
3303	u_int i;
3304
3305	i = residx/CTL_MAX_INIT_PER_PORT;
3306	if (lun->pr_keys[i] != NULL)
3307		return;
3308	mtx_unlock(&lun->lun_lock);
3309	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3310	    M_WAITOK | M_ZERO);
3311	mtx_lock(&lun->lun_lock);
3312	if (lun->pr_keys[i] == NULL)
3313		lun->pr_keys[i] = p;
3314	else
3315		free(p, M_CTL);
3316}
3317
3318static void
3319ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3320{
3321	uint64_t *t;
3322
3323	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3324	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3325	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3326}
3327
3328/*
3329 * ctl_softc, pool_name, total_ctl_io are passed in.
3330 * npool is passed out.
3331 */
3332int
3333ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3334		uint32_t total_ctl_io, void **npool)
3335{
3336#ifdef IO_POOLS
3337	struct ctl_io_pool *pool;
3338
3339	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3340					    M_NOWAIT | M_ZERO);
3341	if (pool == NULL)
3342		return (ENOMEM);
3343
3344	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3345	pool->ctl_softc = ctl_softc;
3346	pool->zone = uma_zsecond_create(pool->name, NULL,
3347	    NULL, NULL, NULL, ctl_softc->io_zone);
3348	/* uma_prealloc(pool->zone, total_ctl_io); */
3349
3350	*npool = pool;
3351#else
3352	*npool = ctl_softc->io_zone;
3353#endif
3354	return (0);
3355}
3356
3357void
3358ctl_pool_free(struct ctl_io_pool *pool)
3359{
3360
3361	if (pool == NULL)
3362		return;
3363
3364#ifdef IO_POOLS
3365	uma_zdestroy(pool->zone);
3366	free(pool, M_CTL);
3367#endif
3368}
3369
3370union ctl_io *
3371ctl_alloc_io(void *pool_ref)
3372{
3373	union ctl_io *io;
3374#ifdef IO_POOLS
3375	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3376
3377	io = uma_zalloc(pool->zone, M_WAITOK);
3378#else
3379	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3380#endif
3381	if (io != NULL)
3382		io->io_hdr.pool = pool_ref;
3383	return (io);
3384}
3385
3386union ctl_io *
3387ctl_alloc_io_nowait(void *pool_ref)
3388{
3389	union ctl_io *io;
3390#ifdef IO_POOLS
3391	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3392
3393	io = uma_zalloc(pool->zone, M_NOWAIT);
3394#else
3395	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3396#endif
3397	if (io != NULL)
3398		io->io_hdr.pool = pool_ref;
3399	return (io);
3400}
3401
3402void
3403ctl_free_io(union ctl_io *io)
3404{
3405#ifdef IO_POOLS
3406	struct ctl_io_pool *pool;
3407#endif
3408
3409	if (io == NULL)
3410		return;
3411
3412#ifdef IO_POOLS
3413	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3414	uma_zfree(pool->zone, io);
3415#else
3416	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3417#endif
3418}
3419
3420void
3421ctl_zero_io(union ctl_io *io)
3422{
3423	void *pool_ref;
3424
3425	if (io == NULL)
3426		return;
3427
3428	/*
3429	 * May need to preserve linked list pointers at some point too.
3430	 */
3431	pool_ref = io->io_hdr.pool;
3432	memset(io, 0, sizeof(*io));
3433	io->io_hdr.pool = pool_ref;
3434}
3435
3436/*
3437 * This routine is currently used for internal copies of ctl_ios that need
3438 * to persist for some reason after we've already returned status to the
3439 * FETD.  (Thus the flag set.)
3440 *
3441 * XXX XXX
3442 * Note that this makes a blind copy of all fields in the ctl_io, except
3443 * for the pool reference.  This includes any memory that has been
3444 * allocated!  That memory will no longer be valid after done has been
3445 * called, so this would be VERY DANGEROUS for command that actually does
3446 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3447 * start and stop commands, which don't transfer any data, so this is not a
3448 * problem.  If it is used for anything else, the caller would also need to
3449 * allocate data buffer space and this routine would need to be modified to
3450 * copy the data buffer(s) as well.
3451 */
3452void
3453ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3454{
3455	void *pool_ref;
3456
3457	if ((src == NULL)
3458	 || (dest == NULL))
3459		return;
3460
3461	/*
3462	 * May need to preserve linked list pointers at some point too.
3463	 */
3464	pool_ref = dest->io_hdr.pool;
3465
3466	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3467
3468	dest->io_hdr.pool = pool_ref;
3469	/*
3470	 * We need to know that this is an internal copy, and doesn't need
3471	 * to get passed back to the FETD that allocated it.
3472	 */
3473	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3474}
3475
3476int
3477ctl_expand_number(const char *buf, uint64_t *num)
3478{
3479	char *endptr;
3480	uint64_t number;
3481	unsigned shift;
3482
3483	number = strtoq(buf, &endptr, 0);
3484
3485	switch (tolower((unsigned char)*endptr)) {
3486	case 'e':
3487		shift = 60;
3488		break;
3489	case 'p':
3490		shift = 50;
3491		break;
3492	case 't':
3493		shift = 40;
3494		break;
3495	case 'g':
3496		shift = 30;
3497		break;
3498	case 'm':
3499		shift = 20;
3500		break;
3501	case 'k':
3502		shift = 10;
3503		break;
3504	case 'b':
3505	case '\0': /* No unit. */
3506		*num = number;
3507		return (0);
3508	default:
3509		/* Unrecognized unit. */
3510		return (-1);
3511	}
3512
3513	if ((number << shift) >> shift != number) {
3514		/* Overflow */
3515		return (-1);
3516	}
3517	*num = number << shift;
3518	return (0);
3519}
3520
3521
3522/*
3523 * This routine could be used in the future to load default and/or saved
3524 * mode page parameters for a particuar lun.
3525 */
3526static int
3527ctl_init_page_index(struct ctl_lun *lun)
3528{
3529	int i;
3530	struct ctl_page_index *page_index;
3531	const char *value;
3532	uint64_t ival;
3533
3534	memcpy(&lun->mode_pages.index, page_index_template,
3535	       sizeof(page_index_template));
3536
3537	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3538
3539		page_index = &lun->mode_pages.index[i];
3540		/*
3541		 * If this is a disk-only mode page, there's no point in
3542		 * setting it up.  For some pages, we have to have some
3543		 * basic information about the disk in order to calculate the
3544		 * mode page data.
3545		 */
3546		if ((lun->be_lun->lun_type != T_DIRECT)
3547		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3548			continue;
3549
3550		switch (page_index->page_code & SMPH_PC_MASK) {
3551		case SMS_RW_ERROR_RECOVERY_PAGE: {
3552			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3553				panic("subpage is incorrect!");
3554			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3555			       &rw_er_page_default,
3556			       sizeof(rw_er_page_default));
3557			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3558			       &rw_er_page_changeable,
3559			       sizeof(rw_er_page_changeable));
3560			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3561			       &rw_er_page_default,
3562			       sizeof(rw_er_page_default));
3563			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3564			       &rw_er_page_default,
3565			       sizeof(rw_er_page_default));
3566			page_index->page_data =
3567				(uint8_t *)lun->mode_pages.rw_er_page;
3568			break;
3569		}
3570		case SMS_FORMAT_DEVICE_PAGE: {
3571			struct scsi_format_page *format_page;
3572
3573			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3574				panic("subpage is incorrect!");
3575
3576			/*
3577			 * Sectors per track are set above.  Bytes per
3578			 * sector need to be set here on a per-LUN basis.
3579			 */
3580			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3581			       &format_page_default,
3582			       sizeof(format_page_default));
3583			memcpy(&lun->mode_pages.format_page[
3584			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3585			       sizeof(format_page_changeable));
3586			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3587			       &format_page_default,
3588			       sizeof(format_page_default));
3589			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3590			       &format_page_default,
3591			       sizeof(format_page_default));
3592
3593			format_page = &lun->mode_pages.format_page[
3594				CTL_PAGE_CURRENT];
3595			scsi_ulto2b(lun->be_lun->blocksize,
3596				    format_page->bytes_per_sector);
3597
3598			format_page = &lun->mode_pages.format_page[
3599				CTL_PAGE_DEFAULT];
3600			scsi_ulto2b(lun->be_lun->blocksize,
3601				    format_page->bytes_per_sector);
3602
3603			format_page = &lun->mode_pages.format_page[
3604				CTL_PAGE_SAVED];
3605			scsi_ulto2b(lun->be_lun->blocksize,
3606				    format_page->bytes_per_sector);
3607
3608			page_index->page_data =
3609				(uint8_t *)lun->mode_pages.format_page;
3610			break;
3611		}
3612		case SMS_RIGID_DISK_PAGE: {
3613			struct scsi_rigid_disk_page *rigid_disk_page;
3614			uint32_t sectors_per_cylinder;
3615			uint64_t cylinders;
3616#ifndef	__XSCALE__
3617			int shift;
3618#endif /* !__XSCALE__ */
3619
3620			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3621				panic("invalid subpage value %d",
3622				      page_index->subpage);
3623
3624			/*
3625			 * Rotation rate and sectors per track are set
3626			 * above.  We calculate the cylinders here based on
3627			 * capacity.  Due to the number of heads and
3628			 * sectors per track we're using, smaller arrays
3629			 * may turn out to have 0 cylinders.  Linux and
3630			 * FreeBSD don't pay attention to these mode pages
3631			 * to figure out capacity, but Solaris does.  It
3632			 * seems to deal with 0 cylinders just fine, and
3633			 * works out a fake geometry based on the capacity.
3634			 */
3635			memcpy(&lun->mode_pages.rigid_disk_page[
3636			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3637			       sizeof(rigid_disk_page_default));
3638			memcpy(&lun->mode_pages.rigid_disk_page[
3639			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3640			       sizeof(rigid_disk_page_changeable));
3641
3642			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3643				CTL_DEFAULT_HEADS;
3644
3645			/*
3646			 * The divide method here will be more accurate,
3647			 * probably, but results in floating point being
3648			 * used in the kernel on i386 (__udivdi3()).  On the
3649			 * XScale, though, __udivdi3() is implemented in
3650			 * software.
3651			 *
3652			 * The shift method for cylinder calculation is
3653			 * accurate if sectors_per_cylinder is a power of
3654			 * 2.  Otherwise it might be slightly off -- you
3655			 * might have a bit of a truncation problem.
3656			 */
3657#ifdef	__XSCALE__
3658			cylinders = (lun->be_lun->maxlba + 1) /
3659				sectors_per_cylinder;
3660#else
3661			for (shift = 31; shift > 0; shift--) {
3662				if (sectors_per_cylinder & (1 << shift))
3663					break;
3664			}
3665			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3666#endif
3667
3668			/*
3669			 * We've basically got 3 bytes, or 24 bits for the
3670			 * cylinder size in the mode page.  If we're over,
3671			 * just round down to 2^24.
3672			 */
3673			if (cylinders > 0xffffff)
3674				cylinders = 0xffffff;
3675
3676			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3677				CTL_PAGE_DEFAULT];
3678			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3679
3680			if ((value = ctl_get_opt(&lun->be_lun->options,
3681			    "rpm")) != NULL) {
3682				scsi_ulto2b(strtol(value, NULL, 0),
3683				     rigid_disk_page->rotation_rate);
3684			}
3685
3686			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3687			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3688			       sizeof(rigid_disk_page_default));
3689			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3690			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3691			       sizeof(rigid_disk_page_default));
3692
3693			page_index->page_data =
3694				(uint8_t *)lun->mode_pages.rigid_disk_page;
3695			break;
3696		}
3697		case SMS_CACHING_PAGE: {
3698			struct scsi_caching_page *caching_page;
3699
3700			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3701				panic("invalid subpage value %d",
3702				      page_index->subpage);
3703			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3704			       &caching_page_default,
3705			       sizeof(caching_page_default));
3706			memcpy(&lun->mode_pages.caching_page[
3707			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3708			       sizeof(caching_page_changeable));
3709			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3710			       &caching_page_default,
3711			       sizeof(caching_page_default));
3712			caching_page = &lun->mode_pages.caching_page[
3713			    CTL_PAGE_SAVED];
3714			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3715			if (value != NULL && strcmp(value, "off") == 0)
3716				caching_page->flags1 &= ~SCP_WCE;
3717			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3718			if (value != NULL && strcmp(value, "off") == 0)
3719				caching_page->flags1 |= SCP_RCD;
3720			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3721			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3722			       sizeof(caching_page_default));
3723			page_index->page_data =
3724				(uint8_t *)lun->mode_pages.caching_page;
3725			break;
3726		}
3727		case SMS_CONTROL_MODE_PAGE: {
3728			struct scsi_control_page *control_page;
3729
3730			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3731				panic("invalid subpage value %d",
3732				      page_index->subpage);
3733
3734			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
3735			       &control_page_default,
3736			       sizeof(control_page_default));
3737			memcpy(&lun->mode_pages.control_page[
3738			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
3739			       sizeof(control_page_changeable));
3740			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
3741			       &control_page_default,
3742			       sizeof(control_page_default));
3743			control_page = &lun->mode_pages.control_page[
3744			    CTL_PAGE_SAVED];
3745			value = ctl_get_opt(&lun->be_lun->options, "reordering");
3746			if (value != NULL && strcmp(value, "unrestricted") == 0) {
3747				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
3748				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
3749			}
3750			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3751			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
3752			       sizeof(control_page_default));
3753			page_index->page_data =
3754				(uint8_t *)lun->mode_pages.control_page;
3755			break;
3756
3757		}
3758		case SMS_INFO_EXCEPTIONS_PAGE: {
3759			switch (page_index->subpage) {
3760			case SMS_SUBPAGE_PAGE_0:
3761				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
3762				       &ie_page_default,
3763				       sizeof(ie_page_default));
3764				memcpy(&lun->mode_pages.ie_page[
3765				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
3766				       sizeof(ie_page_changeable));
3767				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
3768				       &ie_page_default,
3769				       sizeof(ie_page_default));
3770				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
3771				       &ie_page_default,
3772				       sizeof(ie_page_default));
3773				page_index->page_data =
3774					(uint8_t *)lun->mode_pages.ie_page;
3775				break;
3776			case 0x02: {
3777				struct ctl_logical_block_provisioning_page *page;
3778
3779				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
3780				       &lbp_page_default,
3781				       sizeof(lbp_page_default));
3782				memcpy(&lun->mode_pages.lbp_page[
3783				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
3784				       sizeof(lbp_page_changeable));
3785				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3786				       &lbp_page_default,
3787				       sizeof(lbp_page_default));
3788				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
3789				value = ctl_get_opt(&lun->be_lun->options,
3790				    "avail-threshold");
3791				if (value != NULL &&
3792				    ctl_expand_number(value, &ival) == 0) {
3793					page->descr[0].flags |= SLBPPD_ENABLED |
3794					    SLBPPD_ARMING_DEC;
3795					if (lun->be_lun->blocksize)
3796						ival /= lun->be_lun->blocksize;
3797					else
3798						ival /= 512;
3799					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3800					    page->descr[0].count);
3801				}
3802				value = ctl_get_opt(&lun->be_lun->options,
3803				    "used-threshold");
3804				if (value != NULL &&
3805				    ctl_expand_number(value, &ival) == 0) {
3806					page->descr[1].flags |= SLBPPD_ENABLED |
3807					    SLBPPD_ARMING_INC;
3808					if (lun->be_lun->blocksize)
3809						ival /= lun->be_lun->blocksize;
3810					else
3811						ival /= 512;
3812					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3813					    page->descr[1].count);
3814				}
3815				value = ctl_get_opt(&lun->be_lun->options,
3816				    "pool-avail-threshold");
3817				if (value != NULL &&
3818				    ctl_expand_number(value, &ival) == 0) {
3819					page->descr[2].flags |= SLBPPD_ENABLED |
3820					    SLBPPD_ARMING_DEC;
3821					if (lun->be_lun->blocksize)
3822						ival /= lun->be_lun->blocksize;
3823					else
3824						ival /= 512;
3825					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3826					    page->descr[2].count);
3827				}
3828				value = ctl_get_opt(&lun->be_lun->options,
3829				    "pool-used-threshold");
3830				if (value != NULL &&
3831				    ctl_expand_number(value, &ival) == 0) {
3832					page->descr[3].flags |= SLBPPD_ENABLED |
3833					    SLBPPD_ARMING_INC;
3834					if (lun->be_lun->blocksize)
3835						ival /= lun->be_lun->blocksize;
3836					else
3837						ival /= 512;
3838					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3839					    page->descr[3].count);
3840				}
3841				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
3842				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3843				       sizeof(lbp_page_default));
3844				page_index->page_data =
3845					(uint8_t *)lun->mode_pages.lbp_page;
3846			}}
3847			break;
3848		}
3849		case SMS_VENDOR_SPECIFIC_PAGE:{
3850			switch (page_index->subpage) {
3851			case DBGCNF_SUBPAGE_CODE: {
3852				struct copan_debugconf_subpage *current_page,
3853							       *saved_page;
3854
3855				memcpy(&lun->mode_pages.debugconf_subpage[
3856				       CTL_PAGE_CURRENT],
3857				       &debugconf_page_default,
3858				       sizeof(debugconf_page_default));
3859				memcpy(&lun->mode_pages.debugconf_subpage[
3860				       CTL_PAGE_CHANGEABLE],
3861				       &debugconf_page_changeable,
3862				       sizeof(debugconf_page_changeable));
3863				memcpy(&lun->mode_pages.debugconf_subpage[
3864				       CTL_PAGE_DEFAULT],
3865				       &debugconf_page_default,
3866				       sizeof(debugconf_page_default));
3867				memcpy(&lun->mode_pages.debugconf_subpage[
3868				       CTL_PAGE_SAVED],
3869				       &debugconf_page_default,
3870				       sizeof(debugconf_page_default));
3871				page_index->page_data =
3872					(uint8_t *)lun->mode_pages.debugconf_subpage;
3873
3874				current_page = (struct copan_debugconf_subpage *)
3875					(page_index->page_data +
3876					 (page_index->page_len *
3877					  CTL_PAGE_CURRENT));
3878				saved_page = (struct copan_debugconf_subpage *)
3879					(page_index->page_data +
3880					 (page_index->page_len *
3881					  CTL_PAGE_SAVED));
3882				break;
3883			}
3884			default:
3885				panic("invalid subpage value %d",
3886				      page_index->subpage);
3887				break;
3888			}
3889   			break;
3890		}
3891		default:
3892			panic("invalid page value %d",
3893			      page_index->page_code & SMPH_PC_MASK);
3894			break;
3895    	}
3896	}
3897
3898	return (CTL_RETVAL_COMPLETE);
3899}
3900
3901static int
3902ctl_init_log_page_index(struct ctl_lun *lun)
3903{
3904	struct ctl_page_index *page_index;
3905	int i, j, k, prev;
3906
3907	memcpy(&lun->log_pages.index, log_page_index_template,
3908	       sizeof(log_page_index_template));
3909
3910	prev = -1;
3911	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
3912
3913		page_index = &lun->log_pages.index[i];
3914		/*
3915		 * If this is a disk-only mode page, there's no point in
3916		 * setting it up.  For some pages, we have to have some
3917		 * basic information about the disk in order to calculate the
3918		 * mode page data.
3919		 */
3920		if ((lun->be_lun->lun_type != T_DIRECT)
3921		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3922			continue;
3923
3924		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
3925		     lun->backend->lun_attr == NULL)
3926			continue;
3927
3928		if (page_index->page_code != prev) {
3929			lun->log_pages.pages_page[j] = page_index->page_code;
3930			prev = page_index->page_code;
3931			j++;
3932		}
3933		lun->log_pages.subpages_page[k*2] = page_index->page_code;
3934		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
3935		k++;
3936	}
3937	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
3938	lun->log_pages.index[0].page_len = j;
3939	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
3940	lun->log_pages.index[1].page_len = k * 2;
3941	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
3942	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
3943	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
3944	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
3945
3946	return (CTL_RETVAL_COMPLETE);
3947}
3948
3949static int
3950hex2bin(const char *str, uint8_t *buf, int buf_size)
3951{
3952	int i;
3953	u_char c;
3954
3955	memset(buf, 0, buf_size);
3956	while (isspace(str[0]))
3957		str++;
3958	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
3959		str += 2;
3960	buf_size *= 2;
3961	for (i = 0; str[i] != 0 && i < buf_size; i++) {
3962		c = str[i];
3963		if (isdigit(c))
3964			c -= '0';
3965		else if (isalpha(c))
3966			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
3967		else
3968			break;
3969		if (c >= 16)
3970			break;
3971		if ((i & 1) == 0)
3972			buf[i / 2] |= (c << 4);
3973		else
3974			buf[i / 2] |= c;
3975	}
3976	return ((i + 1) / 2);
3977}
3978
3979/*
3980 * LUN allocation.
3981 *
3982 * Requirements:
3983 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
3984 *   wants us to allocate the LUN and he can block.
3985 * - ctl_softc is always set
3986 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
3987 *
3988 * Returns 0 for success, non-zero (errno) for failure.
3989 */
3990static int
3991ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
3992	      struct ctl_be_lun *const be_lun)
3993{
3994	struct ctl_lun *nlun, *lun;
3995	struct scsi_vpd_id_descriptor *desc;
3996	struct scsi_vpd_id_t10 *t10id;
3997	const char *eui, *naa, *scsiname, *vendor;
3998	int lun_number, i, lun_malloced;
3999	int devidlen, idlen1, idlen2 = 0, len;
4000
4001	if (be_lun == NULL)
4002		return (EINVAL);
4003
4004	/*
4005	 * We currently only support Direct Access or Processor LUN types.
4006	 */
4007	switch (be_lun->lun_type) {
4008	case T_DIRECT:
4009		break;
4010	case T_PROCESSOR:
4011		break;
4012	case T_SEQUENTIAL:
4013	case T_CHANGER:
4014	default:
4015		be_lun->lun_config_status(be_lun->be_lun,
4016					  CTL_LUN_CONFIG_FAILURE);
4017		break;
4018	}
4019	if (ctl_lun == NULL) {
4020		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4021		lun_malloced = 1;
4022	} else {
4023		lun_malloced = 0;
4024		lun = ctl_lun;
4025	}
4026
4027	memset(lun, 0, sizeof(*lun));
4028	if (lun_malloced)
4029		lun->flags = CTL_LUN_MALLOCED;
4030
4031	/* Generate LUN ID. */
4032	devidlen = max(CTL_DEVID_MIN_LEN,
4033	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4034	idlen1 = sizeof(*t10id) + devidlen;
4035	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4036	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4037	if (scsiname != NULL) {
4038		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4039		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4040	}
4041	eui = ctl_get_opt(&be_lun->options, "eui");
4042	if (eui != NULL) {
4043		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4044	}
4045	naa = ctl_get_opt(&be_lun->options, "naa");
4046	if (naa != NULL) {
4047		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4048	}
4049	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4050	    M_CTL, M_WAITOK | M_ZERO);
4051	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4052	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4053	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4054	desc->length = idlen1;
4055	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4056	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4057	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4058		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4059	} else {
4060		strncpy(t10id->vendor, vendor,
4061		    min(sizeof(t10id->vendor), strlen(vendor)));
4062	}
4063	strncpy((char *)t10id->vendor_spec_id,
4064	    (char *)be_lun->device_id, devidlen);
4065	if (scsiname != NULL) {
4066		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4067		    desc->length);
4068		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4069		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4070		    SVPD_ID_TYPE_SCSI_NAME;
4071		desc->length = idlen2;
4072		strlcpy(desc->identifier, scsiname, idlen2);
4073	}
4074	if (eui != NULL) {
4075		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4076		    desc->length);
4077		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4078		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4079		    SVPD_ID_TYPE_EUI64;
4080		desc->length = hex2bin(eui, desc->identifier, 16);
4081		desc->length = desc->length > 12 ? 16 :
4082		    (desc->length > 8 ? 12 : 8);
4083		len -= 16 - desc->length;
4084	}
4085	if (naa != NULL) {
4086		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4087		    desc->length);
4088		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4089		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4090		    SVPD_ID_TYPE_NAA;
4091		desc->length = hex2bin(naa, desc->identifier, 16);
4092		desc->length = desc->length > 8 ? 16 : 8;
4093		len -= 16 - desc->length;
4094	}
4095	lun->lun_devid->len = len;
4096
4097	mtx_lock(&ctl_softc->ctl_lock);
4098	/*
4099	 * See if the caller requested a particular LUN number.  If so, see
4100	 * if it is available.  Otherwise, allocate the first available LUN.
4101	 */
4102	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4103		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4104		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4105			mtx_unlock(&ctl_softc->ctl_lock);
4106			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4107				printf("ctl: requested LUN ID %d is higher "
4108				       "than CTL_MAX_LUNS - 1 (%d)\n",
4109				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4110			} else {
4111				/*
4112				 * XXX KDM return an error, or just assign
4113				 * another LUN ID in this case??
4114				 */
4115				printf("ctl: requested LUN ID %d is already "
4116				       "in use\n", be_lun->req_lun_id);
4117			}
4118			if (lun->flags & CTL_LUN_MALLOCED)
4119				free(lun, M_CTL);
4120			be_lun->lun_config_status(be_lun->be_lun,
4121						  CTL_LUN_CONFIG_FAILURE);
4122			return (ENOSPC);
4123		}
4124		lun_number = be_lun->req_lun_id;
4125	} else {
4126		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4127		if (lun_number == -1) {
4128			mtx_unlock(&ctl_softc->ctl_lock);
4129			printf("ctl: can't allocate LUN, out of LUNs\n");
4130			if (lun->flags & CTL_LUN_MALLOCED)
4131				free(lun, M_CTL);
4132			be_lun->lun_config_status(be_lun->be_lun,
4133						  CTL_LUN_CONFIG_FAILURE);
4134			return (ENOSPC);
4135		}
4136	}
4137	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4138
4139	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4140	lun->lun = lun_number;
4141	lun->be_lun = be_lun;
4142	/*
4143	 * The processor LUN is always enabled.  Disk LUNs come on line
4144	 * disabled, and must be enabled by the backend.
4145	 */
4146	lun->flags |= CTL_LUN_DISABLED;
4147	lun->backend = be_lun->be;
4148	be_lun->ctl_lun = lun;
4149	be_lun->lun_id = lun_number;
4150	atomic_add_int(&be_lun->be->num_luns, 1);
4151	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4152		lun->flags |= CTL_LUN_OFFLINE;
4153
4154	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4155		lun->flags |= CTL_LUN_STOPPED;
4156
4157	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4158		lun->flags |= CTL_LUN_INOPERABLE;
4159
4160	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4161		lun->flags |= CTL_LUN_PRIMARY_SC;
4162
4163	lun->ctl_softc = ctl_softc;
4164#ifdef CTL_TIME_IO
4165	lun->last_busy = getsbinuptime();
4166#endif
4167	TAILQ_INIT(&lun->ooa_queue);
4168	TAILQ_INIT(&lun->blocked_queue);
4169	STAILQ_INIT(&lun->error_list);
4170	ctl_tpc_lun_init(lun);
4171
4172	/*
4173	 * Initialize the mode and log page index.
4174	 */
4175	ctl_init_page_index(lun);
4176	ctl_init_log_page_index(lun);
4177
4178	/*
4179	 * Now, before we insert this lun on the lun list, set the lun
4180	 * inventory changed UA for all other luns.
4181	 */
4182	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4183		mtx_lock(&nlun->lun_lock);
4184		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4185		mtx_unlock(&nlun->lun_lock);
4186	}
4187
4188	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4189
4190	ctl_softc->ctl_luns[lun_number] = lun;
4191
4192	ctl_softc->num_luns++;
4193
4194	/* Setup statistics gathering */
4195	lun->stats.device_type = be_lun->lun_type;
4196	lun->stats.lun_number = lun_number;
4197	if (lun->stats.device_type == T_DIRECT)
4198		lun->stats.blocksize = be_lun->blocksize;
4199	else
4200		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4201	for (i = 0;i < CTL_MAX_PORTS;i++)
4202		lun->stats.ports[i].targ_port = i;
4203
4204	mtx_unlock(&ctl_softc->ctl_lock);
4205
4206	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4207	return (0);
4208}
4209
4210/*
4211 * Delete a LUN.
4212 * Assumptions:
4213 * - LUN has already been marked invalid and any pending I/O has been taken
4214 *   care of.
4215 */
4216static int
4217ctl_free_lun(struct ctl_lun *lun)
4218{
4219	struct ctl_softc *softc;
4220	struct ctl_lun *nlun;
4221	int i;
4222
4223	softc = lun->ctl_softc;
4224
4225	mtx_assert(&softc->ctl_lock, MA_OWNED);
4226
4227	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4228
4229	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4230
4231	softc->ctl_luns[lun->lun] = NULL;
4232
4233	if (!TAILQ_EMPTY(&lun->ooa_queue))
4234		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4235
4236	softc->num_luns--;
4237
4238	/*
4239	 * Tell the backend to free resources, if this LUN has a backend.
4240	 */
4241	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4242	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4243
4244	ctl_tpc_lun_shutdown(lun);
4245	mtx_destroy(&lun->lun_lock);
4246	free(lun->lun_devid, M_CTL);
4247	for (i = 0; i < CTL_MAX_PORTS; i++)
4248		free(lun->pending_ua[i], M_CTL);
4249	for (i = 0; i < 2 * CTL_MAX_PORTS; i++)
4250		free(lun->pr_keys[i], M_CTL);
4251	free(lun->write_buffer, M_CTL);
4252	if (lun->flags & CTL_LUN_MALLOCED)
4253		free(lun, M_CTL);
4254
4255	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4256		mtx_lock(&nlun->lun_lock);
4257		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4258		mtx_unlock(&nlun->lun_lock);
4259	}
4260
4261	return (0);
4262}
4263
4264static void
4265ctl_create_lun(struct ctl_be_lun *be_lun)
4266{
4267	struct ctl_softc *softc;
4268
4269	softc = control_softc;
4270
4271	/*
4272	 * ctl_alloc_lun() should handle all potential failure cases.
4273	 */
4274	ctl_alloc_lun(softc, NULL, be_lun);
4275}
4276
4277int
4278ctl_add_lun(struct ctl_be_lun *be_lun)
4279{
4280	struct ctl_softc *softc = control_softc;
4281
4282	mtx_lock(&softc->ctl_lock);
4283	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4284	mtx_unlock(&softc->ctl_lock);
4285	wakeup(&softc->pending_lun_queue);
4286
4287	return (0);
4288}
4289
4290int
4291ctl_enable_lun(struct ctl_be_lun *be_lun)
4292{
4293	struct ctl_softc *softc;
4294	struct ctl_port *port, *nport;
4295	struct ctl_lun *lun;
4296	int retval;
4297
4298	lun = (struct ctl_lun *)be_lun->ctl_lun;
4299	softc = lun->ctl_softc;
4300
4301	mtx_lock(&softc->ctl_lock);
4302	mtx_lock(&lun->lun_lock);
4303	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4304		/*
4305		 * eh?  Why did we get called if the LUN is already
4306		 * enabled?
4307		 */
4308		mtx_unlock(&lun->lun_lock);
4309		mtx_unlock(&softc->ctl_lock);
4310		return (0);
4311	}
4312	lun->flags &= ~CTL_LUN_DISABLED;
4313	mtx_unlock(&lun->lun_lock);
4314
4315	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4316		nport = STAILQ_NEXT(port, links);
4317		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4318		    port->lun_map != NULL || port->lun_enable == NULL)
4319			continue;
4320
4321		/*
4322		 * Drop the lock while we call the FETD's enable routine.
4323		 * This can lead to a callback into CTL (at least in the
4324		 * case of the internal initiator frontend.
4325		 */
4326		mtx_unlock(&softc->ctl_lock);
4327		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4328		mtx_lock(&softc->ctl_lock);
4329		if (retval != 0) {
4330			printf("%s: FETD %s port %d returned error "
4331			       "%d for lun_enable on lun %jd\n",
4332			       __func__, port->port_name, port->targ_port,
4333			       retval, (intmax_t)lun->lun);
4334		}
4335	}
4336
4337	mtx_unlock(&softc->ctl_lock);
4338
4339	return (0);
4340}
4341
4342int
4343ctl_disable_lun(struct ctl_be_lun *be_lun)
4344{
4345	struct ctl_softc *softc;
4346	struct ctl_port *port;
4347	struct ctl_lun *lun;
4348	int retval;
4349
4350	lun = (struct ctl_lun *)be_lun->ctl_lun;
4351	softc = lun->ctl_softc;
4352
4353	mtx_lock(&softc->ctl_lock);
4354	mtx_lock(&lun->lun_lock);
4355	if (lun->flags & CTL_LUN_DISABLED) {
4356		mtx_unlock(&lun->lun_lock);
4357		mtx_unlock(&softc->ctl_lock);
4358		return (0);
4359	}
4360	lun->flags |= CTL_LUN_DISABLED;
4361	mtx_unlock(&lun->lun_lock);
4362
4363	STAILQ_FOREACH(port, &softc->port_list, links) {
4364		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4365		    port->lun_map != NULL || port->lun_disable == NULL)
4366			continue;
4367
4368		/*
4369		 * Drop the lock before we call the frontend's disable
4370		 * routine, to avoid lock order reversals.
4371		 *
4372		 * XXX KDM what happens if the frontend list changes while
4373		 * we're traversing it?  It's unlikely, but should be handled.
4374		 */
4375		mtx_unlock(&softc->ctl_lock);
4376		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4377		mtx_lock(&softc->ctl_lock);
4378		if (retval != 0) {
4379			printf("%s: FETD %s port %d returned error "
4380			       "%d for lun_disable on lun %jd\n",
4381			       __func__, port->port_name, port->targ_port,
4382			       retval, (intmax_t)lun->lun);
4383		}
4384	}
4385
4386	mtx_unlock(&softc->ctl_lock);
4387
4388	return (0);
4389}
4390
4391int
4392ctl_start_lun(struct ctl_be_lun *be_lun)
4393{
4394	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4395
4396	mtx_lock(&lun->lun_lock);
4397	lun->flags &= ~CTL_LUN_STOPPED;
4398	mtx_unlock(&lun->lun_lock);
4399	return (0);
4400}
4401
4402int
4403ctl_stop_lun(struct ctl_be_lun *be_lun)
4404{
4405	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4406
4407	mtx_lock(&lun->lun_lock);
4408	lun->flags |= CTL_LUN_STOPPED;
4409	mtx_unlock(&lun->lun_lock);
4410	return (0);
4411}
4412
4413int
4414ctl_lun_offline(struct ctl_be_lun *be_lun)
4415{
4416	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4417
4418	mtx_lock(&lun->lun_lock);
4419	lun->flags |= CTL_LUN_OFFLINE;
4420	mtx_unlock(&lun->lun_lock);
4421	return (0);
4422}
4423
4424int
4425ctl_lun_online(struct ctl_be_lun *be_lun)
4426{
4427	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4428
4429	mtx_lock(&lun->lun_lock);
4430	lun->flags &= ~CTL_LUN_OFFLINE;
4431	mtx_unlock(&lun->lun_lock);
4432	return (0);
4433}
4434
4435int
4436ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4437{
4438	struct ctl_softc *softc;
4439	struct ctl_lun *lun;
4440
4441	lun = (struct ctl_lun *)be_lun->ctl_lun;
4442	softc = lun->ctl_softc;
4443
4444	mtx_lock(&lun->lun_lock);
4445
4446	/*
4447	 * The LUN needs to be disabled before it can be marked invalid.
4448	 */
4449	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4450		mtx_unlock(&lun->lun_lock);
4451		return (-1);
4452	}
4453	/*
4454	 * Mark the LUN invalid.
4455	 */
4456	lun->flags |= CTL_LUN_INVALID;
4457
4458	/*
4459	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4460	 * If we have something in the OOA queue, we'll free it when the
4461	 * last I/O completes.
4462	 */
4463	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4464		mtx_unlock(&lun->lun_lock);
4465		mtx_lock(&softc->ctl_lock);
4466		ctl_free_lun(lun);
4467		mtx_unlock(&softc->ctl_lock);
4468	} else
4469		mtx_unlock(&lun->lun_lock);
4470
4471	return (0);
4472}
4473
4474int
4475ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4476{
4477	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4478
4479	mtx_lock(&lun->lun_lock);
4480	lun->flags |= CTL_LUN_INOPERABLE;
4481	mtx_unlock(&lun->lun_lock);
4482	return (0);
4483}
4484
4485int
4486ctl_lun_operable(struct ctl_be_lun *be_lun)
4487{
4488	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4489
4490	mtx_lock(&lun->lun_lock);
4491	lun->flags &= ~CTL_LUN_INOPERABLE;
4492	mtx_unlock(&lun->lun_lock);
4493	return (0);
4494}
4495
4496void
4497ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4498{
4499	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4500
4501	mtx_lock(&lun->lun_lock);
4502	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4503	mtx_unlock(&lun->lun_lock);
4504}
4505
4506/*
4507 * Backend "memory move is complete" callback for requests that never
4508 * make it down to say RAIDCore's configuration code.
4509 */
4510int
4511ctl_config_move_done(union ctl_io *io)
4512{
4513	int retval;
4514
4515	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4516	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4517	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4518
4519	if ((io->io_hdr.port_status != 0) &&
4520	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4521	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4522		/*
4523		 * For hardware error sense keys, the sense key
4524		 * specific value is defined to be a retry count,
4525		 * but we use it to pass back an internal FETD
4526		 * error code.  XXX KDM  Hopefully the FETD is only
4527		 * using 16 bits for an error code, since that's
4528		 * all the space we have in the sks field.
4529		 */
4530		ctl_set_internal_failure(&io->scsiio,
4531					 /*sks_valid*/ 1,
4532					 /*retry_count*/
4533					 io->io_hdr.port_status);
4534	}
4535
4536	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4537	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4538	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4539	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4540		/*
4541		 * XXX KDM just assuming a single pointer here, and not a
4542		 * S/G list.  If we start using S/G lists for config data,
4543		 * we'll need to know how to clean them up here as well.
4544		 */
4545		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4546			free(io->scsiio.kern_data_ptr, M_CTL);
4547		ctl_done(io);
4548		retval = CTL_RETVAL_COMPLETE;
4549	} else {
4550		/*
4551		 * XXX KDM now we need to continue data movement.  Some
4552		 * options:
4553		 * - call ctl_scsiio() again?  We don't do this for data
4554		 *   writes, because for those at least we know ahead of
4555		 *   time where the write will go and how long it is.  For
4556		 *   config writes, though, that information is largely
4557		 *   contained within the write itself, thus we need to
4558		 *   parse out the data again.
4559		 *
4560		 * - Call some other function once the data is in?
4561		 */
4562		if (ctl_debug & CTL_DEBUG_CDB_DATA)
4563			ctl_data_print(io);
4564
4565		/*
4566		 * XXX KDM call ctl_scsiio() again for now, and check flag
4567		 * bits to see whether we're allocated or not.
4568		 */
4569		retval = ctl_scsiio(&io->scsiio);
4570	}
4571	return (retval);
4572}
4573
4574/*
4575 * This gets called by a backend driver when it is done with a
4576 * data_submit method.
4577 */
4578void
4579ctl_data_submit_done(union ctl_io *io)
4580{
4581	/*
4582	 * If the IO_CONT flag is set, we need to call the supplied
4583	 * function to continue processing the I/O, instead of completing
4584	 * the I/O just yet.
4585	 *
4586	 * If there is an error, though, we don't want to keep processing.
4587	 * Instead, just send status back to the initiator.
4588	 */
4589	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4590	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4591	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4592	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4593		io->scsiio.io_cont(io);
4594		return;
4595	}
4596	ctl_done(io);
4597}
4598
4599/*
4600 * This gets called by a backend driver when it is done with a
4601 * configuration write.
4602 */
4603void
4604ctl_config_write_done(union ctl_io *io)
4605{
4606	uint8_t *buf;
4607
4608	/*
4609	 * If the IO_CONT flag is set, we need to call the supplied
4610	 * function to continue processing the I/O, instead of completing
4611	 * the I/O just yet.
4612	 *
4613	 * If there is an error, though, we don't want to keep processing.
4614	 * Instead, just send status back to the initiator.
4615	 */
4616	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4617	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4618	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4619	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4620		io->scsiio.io_cont(io);
4621		return;
4622	}
4623	/*
4624	 * Since a configuration write can be done for commands that actually
4625	 * have data allocated, like write buffer, and commands that have
4626	 * no data, like start/stop unit, we need to check here.
4627	 */
4628	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4629		buf = io->scsiio.kern_data_ptr;
4630	else
4631		buf = NULL;
4632	ctl_done(io);
4633	if (buf)
4634		free(buf, M_CTL);
4635}
4636
4637void
4638ctl_config_read_done(union ctl_io *io)
4639{
4640	uint8_t *buf;
4641
4642	/*
4643	 * If there is some error -- we are done, skip data transfer.
4644	 */
4645	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4646	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4647	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4648		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4649			buf = io->scsiio.kern_data_ptr;
4650		else
4651			buf = NULL;
4652		ctl_done(io);
4653		if (buf)
4654			free(buf, M_CTL);
4655		return;
4656	}
4657
4658	/*
4659	 * If the IO_CONT flag is set, we need to call the supplied
4660	 * function to continue processing the I/O, instead of completing
4661	 * the I/O just yet.
4662	 */
4663	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4664		io->scsiio.io_cont(io);
4665		return;
4666	}
4667
4668	ctl_datamove(io);
4669}
4670
4671/*
4672 * SCSI release command.
4673 */
4674int
4675ctl_scsi_release(struct ctl_scsiio *ctsio)
4676{
4677	int length, longid, thirdparty_id, resv_id;
4678	struct ctl_lun *lun;
4679	uint32_t residx;
4680
4681	length = 0;
4682	resv_id = 0;
4683
4684	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4685
4686	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
4687	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4688
4689	switch (ctsio->cdb[0]) {
4690	case RELEASE_10: {
4691		struct scsi_release_10 *cdb;
4692
4693		cdb = (struct scsi_release_10 *)ctsio->cdb;
4694
4695		if (cdb->byte2 & SR10_LONGID)
4696			longid = 1;
4697		else
4698			thirdparty_id = cdb->thirdparty_id;
4699
4700		resv_id = cdb->resv_id;
4701		length = scsi_2btoul(cdb->length);
4702		break;
4703	}
4704	}
4705
4706
4707	/*
4708	 * XXX KDM right now, we only support LUN reservation.  We don't
4709	 * support 3rd party reservations, or extent reservations, which
4710	 * might actually need the parameter list.  If we've gotten this
4711	 * far, we've got a LUN reservation.  Anything else got kicked out
4712	 * above.  So, according to SPC, ignore the length.
4713	 */
4714	length = 0;
4715
4716	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4717	 && (length > 0)) {
4718		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4719		ctsio->kern_data_len = length;
4720		ctsio->kern_total_len = length;
4721		ctsio->kern_data_resid = 0;
4722		ctsio->kern_rel_offset = 0;
4723		ctsio->kern_sg_entries = 0;
4724		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4725		ctsio->be_move_done = ctl_config_move_done;
4726		ctl_datamove((union ctl_io *)ctsio);
4727
4728		return (CTL_RETVAL_COMPLETE);
4729	}
4730
4731	if (length > 0)
4732		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4733
4734	mtx_lock(&lun->lun_lock);
4735
4736	/*
4737	 * According to SPC, it is not an error for an intiator to attempt
4738	 * to release a reservation on a LUN that isn't reserved, or that
4739	 * is reserved by another initiator.  The reservation can only be
4740	 * released, though, by the initiator who made it or by one of
4741	 * several reset type events.
4742	 */
4743	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
4744			lun->flags &= ~CTL_LUN_RESERVED;
4745
4746	mtx_unlock(&lun->lun_lock);
4747
4748	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4749		free(ctsio->kern_data_ptr, M_CTL);
4750		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4751	}
4752
4753	ctl_set_success(ctsio);
4754	ctl_done((union ctl_io *)ctsio);
4755	return (CTL_RETVAL_COMPLETE);
4756}
4757
4758int
4759ctl_scsi_reserve(struct ctl_scsiio *ctsio)
4760{
4761	int extent, thirdparty, longid;
4762	int resv_id, length;
4763	uint64_t thirdparty_id;
4764	struct ctl_lun *lun;
4765	uint32_t residx;
4766
4767	extent = 0;
4768	thirdparty = 0;
4769	longid = 0;
4770	resv_id = 0;
4771	length = 0;
4772	thirdparty_id = 0;
4773
4774	CTL_DEBUG_PRINT(("ctl_reserve\n"));
4775
4776	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
4777	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4778
4779	switch (ctsio->cdb[0]) {
4780	case RESERVE_10: {
4781		struct scsi_reserve_10 *cdb;
4782
4783		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
4784
4785		if (cdb->byte2 & SR10_LONGID)
4786			longid = 1;
4787		else
4788			thirdparty_id = cdb->thirdparty_id;
4789
4790		resv_id = cdb->resv_id;
4791		length = scsi_2btoul(cdb->length);
4792		break;
4793	}
4794	}
4795
4796	/*
4797	 * XXX KDM right now, we only support LUN reservation.  We don't
4798	 * support 3rd party reservations, or extent reservations, which
4799	 * might actually need the parameter list.  If we've gotten this
4800	 * far, we've got a LUN reservation.  Anything else got kicked out
4801	 * above.  So, according to SPC, ignore the length.
4802	 */
4803	length = 0;
4804
4805	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4806	 && (length > 0)) {
4807		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4808		ctsio->kern_data_len = length;
4809		ctsio->kern_total_len = length;
4810		ctsio->kern_data_resid = 0;
4811		ctsio->kern_rel_offset = 0;
4812		ctsio->kern_sg_entries = 0;
4813		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4814		ctsio->be_move_done = ctl_config_move_done;
4815		ctl_datamove((union ctl_io *)ctsio);
4816
4817		return (CTL_RETVAL_COMPLETE);
4818	}
4819
4820	if (length > 0)
4821		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4822
4823	mtx_lock(&lun->lun_lock);
4824	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
4825		ctl_set_reservation_conflict(ctsio);
4826		goto bailout;
4827	}
4828
4829	lun->flags |= CTL_LUN_RESERVED;
4830	lun->res_idx = residx;
4831
4832	ctl_set_success(ctsio);
4833
4834bailout:
4835	mtx_unlock(&lun->lun_lock);
4836
4837	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4838		free(ctsio->kern_data_ptr, M_CTL);
4839		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4840	}
4841
4842	ctl_done((union ctl_io *)ctsio);
4843	return (CTL_RETVAL_COMPLETE);
4844}
4845
4846int
4847ctl_start_stop(struct ctl_scsiio *ctsio)
4848{
4849	struct scsi_start_stop_unit *cdb;
4850	struct ctl_lun *lun;
4851	int retval;
4852
4853	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
4854
4855	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4856	retval = 0;
4857
4858	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
4859
4860	/*
4861	 * XXX KDM
4862	 * We don't support the immediate bit on a stop unit.  In order to
4863	 * do that, we would need to code up a way to know that a stop is
4864	 * pending, and hold off any new commands until it completes, one
4865	 * way or another.  Then we could accept or reject those commands
4866	 * depending on its status.  We would almost need to do the reverse
4867	 * of what we do below for an immediate start -- return the copy of
4868	 * the ctl_io to the FETD with status to send to the host (and to
4869	 * free the copy!) and then free the original I/O once the stop
4870	 * actually completes.  That way, the OOA queue mechanism can work
4871	 * to block commands that shouldn't proceed.  Another alternative
4872	 * would be to put the copy in the queue in place of the original,
4873	 * and return the original back to the caller.  That could be
4874	 * slightly safer..
4875	 */
4876	if ((cdb->byte2 & SSS_IMMED)
4877	 && ((cdb->how & SSS_START) == 0)) {
4878		ctl_set_invalid_field(ctsio,
4879				      /*sks_valid*/ 1,
4880				      /*command*/ 1,
4881				      /*field*/ 1,
4882				      /*bit_valid*/ 1,
4883				      /*bit*/ 0);
4884		ctl_done((union ctl_io *)ctsio);
4885		return (CTL_RETVAL_COMPLETE);
4886	}
4887
4888	if ((lun->flags & CTL_LUN_PR_RESERVED)
4889	 && ((cdb->how & SSS_START)==0)) {
4890		uint32_t residx;
4891
4892		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
4893		if (ctl_get_prkey(lun, residx) == 0
4894		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
4895
4896			ctl_set_reservation_conflict(ctsio);
4897			ctl_done((union ctl_io *)ctsio);
4898			return (CTL_RETVAL_COMPLETE);
4899		}
4900	}
4901
4902	/*
4903	 * If there is no backend on this device, we can't start or stop
4904	 * it.  In theory we shouldn't get any start/stop commands in the
4905	 * first place at this level if the LUN doesn't have a backend.
4906	 * That should get stopped by the command decode code.
4907	 */
4908	if (lun->backend == NULL) {
4909		ctl_set_invalid_opcode(ctsio);
4910		ctl_done((union ctl_io *)ctsio);
4911		return (CTL_RETVAL_COMPLETE);
4912	}
4913
4914	/*
4915	 * XXX KDM Copan-specific offline behavior.
4916	 * Figure out a reasonable way to port this?
4917	 */
4918#ifdef NEEDTOPORT
4919	mtx_lock(&lun->lun_lock);
4920
4921	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
4922	 && (lun->flags & CTL_LUN_OFFLINE)) {
4923		/*
4924		 * If the LUN is offline, and the on/offline bit isn't set,
4925		 * reject the start or stop.  Otherwise, let it through.
4926		 */
4927		mtx_unlock(&lun->lun_lock);
4928		ctl_set_lun_not_ready(ctsio);
4929		ctl_done((union ctl_io *)ctsio);
4930	} else {
4931		mtx_unlock(&lun->lun_lock);
4932#endif /* NEEDTOPORT */
4933		/*
4934		 * This could be a start or a stop when we're online,
4935		 * or a stop/offline or start/online.  A start or stop when
4936		 * we're offline is covered in the case above.
4937		 */
4938		/*
4939		 * In the non-immediate case, we send the request to
4940		 * the backend and return status to the user when
4941		 * it is done.
4942		 *
4943		 * In the immediate case, we allocate a new ctl_io
4944		 * to hold a copy of the request, and send that to
4945		 * the backend.  We then set good status on the
4946		 * user's request and return it immediately.
4947		 */
4948		if (cdb->byte2 & SSS_IMMED) {
4949			union ctl_io *new_io;
4950
4951			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
4952			ctl_copy_io((union ctl_io *)ctsio, new_io);
4953			retval = lun->backend->config_write(new_io);
4954			ctl_set_success(ctsio);
4955			ctl_done((union ctl_io *)ctsio);
4956		} else {
4957			retval = lun->backend->config_write(
4958				(union ctl_io *)ctsio);
4959		}
4960#ifdef NEEDTOPORT
4961	}
4962#endif
4963	return (retval);
4964}
4965
4966/*
4967 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
4968 * we don't really do anything with the LBA and length fields if the user
4969 * passes them in.  Instead we'll just flush out the cache for the entire
4970 * LUN.
4971 */
4972int
4973ctl_sync_cache(struct ctl_scsiio *ctsio)
4974{
4975	struct ctl_lun *lun;
4976	struct ctl_softc *softc;
4977	struct ctl_lba_len_flags *lbalen;
4978	uint64_t starting_lba;
4979	uint32_t block_count;
4980	int retval;
4981	uint8_t byte2;
4982
4983	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
4984
4985	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4986	softc = lun->ctl_softc;
4987	retval = 0;
4988
4989	switch (ctsio->cdb[0]) {
4990	case SYNCHRONIZE_CACHE: {
4991		struct scsi_sync_cache *cdb;
4992		cdb = (struct scsi_sync_cache *)ctsio->cdb;
4993
4994		starting_lba = scsi_4btoul(cdb->begin_lba);
4995		block_count = scsi_2btoul(cdb->lb_count);
4996		byte2 = cdb->byte2;
4997		break;
4998	}
4999	case SYNCHRONIZE_CACHE_16: {
5000		struct scsi_sync_cache_16 *cdb;
5001		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5002
5003		starting_lba = scsi_8btou64(cdb->begin_lba);
5004		block_count = scsi_4btoul(cdb->lb_count);
5005		byte2 = cdb->byte2;
5006		break;
5007	}
5008	default:
5009		ctl_set_invalid_opcode(ctsio);
5010		ctl_done((union ctl_io *)ctsio);
5011		goto bailout;
5012		break; /* NOTREACHED */
5013	}
5014
5015	/*
5016	 * We check the LBA and length, but don't do anything with them.
5017	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5018	 * get flushed.  This check will just help satisfy anyone who wants
5019	 * to see an error for an out of range LBA.
5020	 */
5021	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5022		ctl_set_lba_out_of_range(ctsio);
5023		ctl_done((union ctl_io *)ctsio);
5024		goto bailout;
5025	}
5026
5027	/*
5028	 * If this LUN has no backend, we can't flush the cache anyway.
5029	 */
5030	if (lun->backend == NULL) {
5031		ctl_set_invalid_opcode(ctsio);
5032		ctl_done((union ctl_io *)ctsio);
5033		goto bailout;
5034	}
5035
5036	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5037	lbalen->lba = starting_lba;
5038	lbalen->len = block_count;
5039	lbalen->flags = byte2;
5040
5041	/*
5042	 * Check to see whether we're configured to send the SYNCHRONIZE
5043	 * CACHE command directly to the back end.
5044	 */
5045	mtx_lock(&lun->lun_lock);
5046	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5047	 && (++(lun->sync_count) >= lun->sync_interval)) {
5048		lun->sync_count = 0;
5049		mtx_unlock(&lun->lun_lock);
5050		retval = lun->backend->config_write((union ctl_io *)ctsio);
5051	} else {
5052		mtx_unlock(&lun->lun_lock);
5053		ctl_set_success(ctsio);
5054		ctl_done((union ctl_io *)ctsio);
5055	}
5056
5057bailout:
5058
5059	return (retval);
5060}
5061
5062int
5063ctl_format(struct ctl_scsiio *ctsio)
5064{
5065	struct scsi_format *cdb;
5066	struct ctl_lun *lun;
5067	int length, defect_list_len;
5068
5069	CTL_DEBUG_PRINT(("ctl_format\n"));
5070
5071	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5072
5073	cdb = (struct scsi_format *)ctsio->cdb;
5074
5075	length = 0;
5076	if (cdb->byte2 & SF_FMTDATA) {
5077		if (cdb->byte2 & SF_LONGLIST)
5078			length = sizeof(struct scsi_format_header_long);
5079		else
5080			length = sizeof(struct scsi_format_header_short);
5081	}
5082
5083	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5084	 && (length > 0)) {
5085		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5086		ctsio->kern_data_len = length;
5087		ctsio->kern_total_len = length;
5088		ctsio->kern_data_resid = 0;
5089		ctsio->kern_rel_offset = 0;
5090		ctsio->kern_sg_entries = 0;
5091		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5092		ctsio->be_move_done = ctl_config_move_done;
5093		ctl_datamove((union ctl_io *)ctsio);
5094
5095		return (CTL_RETVAL_COMPLETE);
5096	}
5097
5098	defect_list_len = 0;
5099
5100	if (cdb->byte2 & SF_FMTDATA) {
5101		if (cdb->byte2 & SF_LONGLIST) {
5102			struct scsi_format_header_long *header;
5103
5104			header = (struct scsi_format_header_long *)
5105				ctsio->kern_data_ptr;
5106
5107			defect_list_len = scsi_4btoul(header->defect_list_len);
5108			if (defect_list_len != 0) {
5109				ctl_set_invalid_field(ctsio,
5110						      /*sks_valid*/ 1,
5111						      /*command*/ 0,
5112						      /*field*/ 2,
5113						      /*bit_valid*/ 0,
5114						      /*bit*/ 0);
5115				goto bailout;
5116			}
5117		} else {
5118			struct scsi_format_header_short *header;
5119
5120			header = (struct scsi_format_header_short *)
5121				ctsio->kern_data_ptr;
5122
5123			defect_list_len = scsi_2btoul(header->defect_list_len);
5124			if (defect_list_len != 0) {
5125				ctl_set_invalid_field(ctsio,
5126						      /*sks_valid*/ 1,
5127						      /*command*/ 0,
5128						      /*field*/ 2,
5129						      /*bit_valid*/ 0,
5130						      /*bit*/ 0);
5131				goto bailout;
5132			}
5133		}
5134	}
5135
5136	/*
5137	 * The format command will clear out the "Medium format corrupted"
5138	 * status if set by the configuration code.  That status is really
5139	 * just a way to notify the host that we have lost the media, and
5140	 * get them to issue a command that will basically make them think
5141	 * they're blowing away the media.
5142	 */
5143	mtx_lock(&lun->lun_lock);
5144	lun->flags &= ~CTL_LUN_INOPERABLE;
5145	mtx_unlock(&lun->lun_lock);
5146
5147	ctl_set_success(ctsio);
5148bailout:
5149
5150	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5151		free(ctsio->kern_data_ptr, M_CTL);
5152		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5153	}
5154
5155	ctl_done((union ctl_io *)ctsio);
5156	return (CTL_RETVAL_COMPLETE);
5157}
5158
5159int
5160ctl_read_buffer(struct ctl_scsiio *ctsio)
5161{
5162	struct scsi_read_buffer *cdb;
5163	struct ctl_lun *lun;
5164	int buffer_offset, len;
5165	static uint8_t descr[4];
5166	static uint8_t echo_descr[4] = { 0 };
5167
5168	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5169
5170	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5171	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5172
5173	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5174	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5175	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5176		ctl_set_invalid_field(ctsio,
5177				      /*sks_valid*/ 1,
5178				      /*command*/ 1,
5179				      /*field*/ 1,
5180				      /*bit_valid*/ 1,
5181				      /*bit*/ 4);
5182		ctl_done((union ctl_io *)ctsio);
5183		return (CTL_RETVAL_COMPLETE);
5184	}
5185
5186	len = scsi_3btoul(cdb->length);
5187	buffer_offset = scsi_3btoul(cdb->offset);
5188
5189	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5190		ctl_set_invalid_field(ctsio,
5191				      /*sks_valid*/ 1,
5192				      /*command*/ 1,
5193				      /*field*/ 6,
5194				      /*bit_valid*/ 0,
5195				      /*bit*/ 0);
5196		ctl_done((union ctl_io *)ctsio);
5197		return (CTL_RETVAL_COMPLETE);
5198	}
5199
5200	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5201		descr[0] = 0;
5202		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5203		ctsio->kern_data_ptr = descr;
5204		len = min(len, sizeof(descr));
5205	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5206		ctsio->kern_data_ptr = echo_descr;
5207		len = min(len, sizeof(echo_descr));
5208	} else {
5209		if (lun->write_buffer == NULL) {
5210			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5211			    M_CTL, M_WAITOK);
5212		}
5213		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5214	}
5215	ctsio->kern_data_len = len;
5216	ctsio->kern_total_len = len;
5217	ctsio->kern_data_resid = 0;
5218	ctsio->kern_rel_offset = 0;
5219	ctsio->kern_sg_entries = 0;
5220	ctl_set_success(ctsio);
5221	ctsio->be_move_done = ctl_config_move_done;
5222	ctl_datamove((union ctl_io *)ctsio);
5223	return (CTL_RETVAL_COMPLETE);
5224}
5225
5226int
5227ctl_write_buffer(struct ctl_scsiio *ctsio)
5228{
5229	struct scsi_write_buffer *cdb;
5230	struct ctl_lun *lun;
5231	int buffer_offset, len;
5232
5233	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5234
5235	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5236	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5237
5238	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5239		ctl_set_invalid_field(ctsio,
5240				      /*sks_valid*/ 1,
5241				      /*command*/ 1,
5242				      /*field*/ 1,
5243				      /*bit_valid*/ 1,
5244				      /*bit*/ 4);
5245		ctl_done((union ctl_io *)ctsio);
5246		return (CTL_RETVAL_COMPLETE);
5247	}
5248
5249	len = scsi_3btoul(cdb->length);
5250	buffer_offset = scsi_3btoul(cdb->offset);
5251
5252	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5253		ctl_set_invalid_field(ctsio,
5254				      /*sks_valid*/ 1,
5255				      /*command*/ 1,
5256				      /*field*/ 6,
5257				      /*bit_valid*/ 0,
5258				      /*bit*/ 0);
5259		ctl_done((union ctl_io *)ctsio);
5260		return (CTL_RETVAL_COMPLETE);
5261	}
5262
5263	/*
5264	 * If we've got a kernel request that hasn't been malloced yet,
5265	 * malloc it and tell the caller the data buffer is here.
5266	 */
5267	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5268		if (lun->write_buffer == NULL) {
5269			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5270			    M_CTL, M_WAITOK);
5271		}
5272		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5273		ctsio->kern_data_len = len;
5274		ctsio->kern_total_len = len;
5275		ctsio->kern_data_resid = 0;
5276		ctsio->kern_rel_offset = 0;
5277		ctsio->kern_sg_entries = 0;
5278		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5279		ctsio->be_move_done = ctl_config_move_done;
5280		ctl_datamove((union ctl_io *)ctsio);
5281
5282		return (CTL_RETVAL_COMPLETE);
5283	}
5284
5285	ctl_set_success(ctsio);
5286	ctl_done((union ctl_io *)ctsio);
5287	return (CTL_RETVAL_COMPLETE);
5288}
5289
5290int
5291ctl_write_same(struct ctl_scsiio *ctsio)
5292{
5293	struct ctl_lun *lun;
5294	struct ctl_lba_len_flags *lbalen;
5295	uint64_t lba;
5296	uint32_t num_blocks;
5297	int len, retval;
5298	uint8_t byte2;
5299
5300	retval = CTL_RETVAL_COMPLETE;
5301
5302	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5303
5304	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5305
5306	switch (ctsio->cdb[0]) {
5307	case WRITE_SAME_10: {
5308		struct scsi_write_same_10 *cdb;
5309
5310		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5311
5312		lba = scsi_4btoul(cdb->addr);
5313		num_blocks = scsi_2btoul(cdb->length);
5314		byte2 = cdb->byte2;
5315		break;
5316	}
5317	case WRITE_SAME_16: {
5318		struct scsi_write_same_16 *cdb;
5319
5320		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5321
5322		lba = scsi_8btou64(cdb->addr);
5323		num_blocks = scsi_4btoul(cdb->length);
5324		byte2 = cdb->byte2;
5325		break;
5326	}
5327	default:
5328		/*
5329		 * We got a command we don't support.  This shouldn't
5330		 * happen, commands should be filtered out above us.
5331		 */
5332		ctl_set_invalid_opcode(ctsio);
5333		ctl_done((union ctl_io *)ctsio);
5334
5335		return (CTL_RETVAL_COMPLETE);
5336		break; /* NOTREACHED */
5337	}
5338
5339	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5340	if ((byte2 & SWS_UNMAP) == 0 &&
5341	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5342		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5343		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5344		ctl_done((union ctl_io *)ctsio);
5345		return (CTL_RETVAL_COMPLETE);
5346	}
5347
5348	/*
5349	 * The first check is to make sure we're in bounds, the second
5350	 * check is to catch wrap-around problems.  If the lba + num blocks
5351	 * is less than the lba, then we've wrapped around and the block
5352	 * range is invalid anyway.
5353	 */
5354	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5355	 || ((lba + num_blocks) < lba)) {
5356		ctl_set_lba_out_of_range(ctsio);
5357		ctl_done((union ctl_io *)ctsio);
5358		return (CTL_RETVAL_COMPLETE);
5359	}
5360
5361	/* Zero number of blocks means "to the last logical block" */
5362	if (num_blocks == 0) {
5363		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5364			ctl_set_invalid_field(ctsio,
5365					      /*sks_valid*/ 0,
5366					      /*command*/ 1,
5367					      /*field*/ 0,
5368					      /*bit_valid*/ 0,
5369					      /*bit*/ 0);
5370			ctl_done((union ctl_io *)ctsio);
5371			return (CTL_RETVAL_COMPLETE);
5372		}
5373		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5374	}
5375
5376	len = lun->be_lun->blocksize;
5377
5378	/*
5379	 * If we've got a kernel request that hasn't been malloced yet,
5380	 * malloc it and tell the caller the data buffer is here.
5381	 */
5382	if ((byte2 & SWS_NDOB) == 0 &&
5383	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5384		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5385		ctsio->kern_data_len = len;
5386		ctsio->kern_total_len = len;
5387		ctsio->kern_data_resid = 0;
5388		ctsio->kern_rel_offset = 0;
5389		ctsio->kern_sg_entries = 0;
5390		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5391		ctsio->be_move_done = ctl_config_move_done;
5392		ctl_datamove((union ctl_io *)ctsio);
5393
5394		return (CTL_RETVAL_COMPLETE);
5395	}
5396
5397	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5398	lbalen->lba = lba;
5399	lbalen->len = num_blocks;
5400	lbalen->flags = byte2;
5401	retval = lun->backend->config_write((union ctl_io *)ctsio);
5402
5403	return (retval);
5404}
5405
5406int
5407ctl_unmap(struct ctl_scsiio *ctsio)
5408{
5409	struct ctl_lun *lun;
5410	struct scsi_unmap *cdb;
5411	struct ctl_ptr_len_flags *ptrlen;
5412	struct scsi_unmap_header *hdr;
5413	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5414	uint64_t lba;
5415	uint32_t num_blocks;
5416	int len, retval;
5417	uint8_t byte2;
5418
5419	retval = CTL_RETVAL_COMPLETE;
5420
5421	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5422
5423	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5424	cdb = (struct scsi_unmap *)ctsio->cdb;
5425
5426	len = scsi_2btoul(cdb->length);
5427	byte2 = cdb->byte2;
5428
5429	/*
5430	 * If we've got a kernel request that hasn't been malloced yet,
5431	 * malloc it and tell the caller the data buffer is here.
5432	 */
5433	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5434		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5435		ctsio->kern_data_len = len;
5436		ctsio->kern_total_len = len;
5437		ctsio->kern_data_resid = 0;
5438		ctsio->kern_rel_offset = 0;
5439		ctsio->kern_sg_entries = 0;
5440		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5441		ctsio->be_move_done = ctl_config_move_done;
5442		ctl_datamove((union ctl_io *)ctsio);
5443
5444		return (CTL_RETVAL_COMPLETE);
5445	}
5446
5447	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5448	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5449	if (len < sizeof (*hdr) ||
5450	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5451	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5452	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5453		ctl_set_invalid_field(ctsio,
5454				      /*sks_valid*/ 0,
5455				      /*command*/ 0,
5456				      /*field*/ 0,
5457				      /*bit_valid*/ 0,
5458				      /*bit*/ 0);
5459		goto done;
5460	}
5461	len = scsi_2btoul(hdr->desc_length);
5462	buf = (struct scsi_unmap_desc *)(hdr + 1);
5463	end = buf + len / sizeof(*buf);
5464
5465	endnz = buf;
5466	for (range = buf; range < end; range++) {
5467		lba = scsi_8btou64(range->lba);
5468		num_blocks = scsi_4btoul(range->length);
5469		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5470		 || ((lba + num_blocks) < lba)) {
5471			ctl_set_lba_out_of_range(ctsio);
5472			ctl_done((union ctl_io *)ctsio);
5473			return (CTL_RETVAL_COMPLETE);
5474		}
5475		if (num_blocks != 0)
5476			endnz = range + 1;
5477	}
5478
5479	/*
5480	 * Block backend can not handle zero last range.
5481	 * Filter it out and return if there is nothing left.
5482	 */
5483	len = (uint8_t *)endnz - (uint8_t *)buf;
5484	if (len == 0) {
5485		ctl_set_success(ctsio);
5486		goto done;
5487	}
5488
5489	mtx_lock(&lun->lun_lock);
5490	ptrlen = (struct ctl_ptr_len_flags *)
5491	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5492	ptrlen->ptr = (void *)buf;
5493	ptrlen->len = len;
5494	ptrlen->flags = byte2;
5495	ctl_check_blocked(lun);
5496	mtx_unlock(&lun->lun_lock);
5497
5498	retval = lun->backend->config_write((union ctl_io *)ctsio);
5499	return (retval);
5500
5501done:
5502	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5503		free(ctsio->kern_data_ptr, M_CTL);
5504		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5505	}
5506	ctl_done((union ctl_io *)ctsio);
5507	return (CTL_RETVAL_COMPLETE);
5508}
5509
5510/*
5511 * Note that this function currently doesn't actually do anything inside
5512 * CTL to enforce things if the DQue bit is turned on.
5513 *
5514 * Also note that this function can't be used in the default case, because
5515 * the DQue bit isn't set in the changeable mask for the control mode page
5516 * anyway.  This is just here as an example for how to implement a page
5517 * handler, and a placeholder in case we want to allow the user to turn
5518 * tagged queueing on and off.
5519 *
5520 * The D_SENSE bit handling is functional, however, and will turn
5521 * descriptor sense on and off for a given LUN.
5522 */
5523int
5524ctl_control_page_handler(struct ctl_scsiio *ctsio,
5525			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5526{
5527	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5528	struct ctl_lun *lun;
5529	int set_ua;
5530	uint32_t initidx;
5531
5532	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5533	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5534	set_ua = 0;
5535
5536	user_cp = (struct scsi_control_page *)page_ptr;
5537	current_cp = (struct scsi_control_page *)
5538		(page_index->page_data + (page_index->page_len *
5539		CTL_PAGE_CURRENT));
5540	saved_cp = (struct scsi_control_page *)
5541		(page_index->page_data + (page_index->page_len *
5542		CTL_PAGE_SAVED));
5543
5544	mtx_lock(&lun->lun_lock);
5545	if (((current_cp->rlec & SCP_DSENSE) == 0)
5546	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5547		/*
5548		 * Descriptor sense is currently turned off and the user
5549		 * wants to turn it on.
5550		 */
5551		current_cp->rlec |= SCP_DSENSE;
5552		saved_cp->rlec |= SCP_DSENSE;
5553		lun->flags |= CTL_LUN_SENSE_DESC;
5554		set_ua = 1;
5555	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5556		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5557		/*
5558		 * Descriptor sense is currently turned on, and the user
5559		 * wants to turn it off.
5560		 */
5561		current_cp->rlec &= ~SCP_DSENSE;
5562		saved_cp->rlec &= ~SCP_DSENSE;
5563		lun->flags &= ~CTL_LUN_SENSE_DESC;
5564		set_ua = 1;
5565	}
5566	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5567	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5568		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5569		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5570		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5571		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5572		set_ua = 1;
5573	}
5574	if ((current_cp->eca_and_aen & SCP_SWP) !=
5575	    (user_cp->eca_and_aen & SCP_SWP)) {
5576		current_cp->eca_and_aen &= ~SCP_SWP;
5577		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5578		saved_cp->eca_and_aen &= ~SCP_SWP;
5579		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5580		set_ua = 1;
5581	}
5582	if (set_ua != 0)
5583		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5584	mtx_unlock(&lun->lun_lock);
5585
5586	return (0);
5587}
5588
5589int
5590ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5591		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5592{
5593	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5594	struct ctl_lun *lun;
5595	int set_ua;
5596	uint32_t initidx;
5597
5598	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5599	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5600	set_ua = 0;
5601
5602	user_cp = (struct scsi_caching_page *)page_ptr;
5603	current_cp = (struct scsi_caching_page *)
5604		(page_index->page_data + (page_index->page_len *
5605		CTL_PAGE_CURRENT));
5606	saved_cp = (struct scsi_caching_page *)
5607		(page_index->page_data + (page_index->page_len *
5608		CTL_PAGE_SAVED));
5609
5610	mtx_lock(&lun->lun_lock);
5611	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5612	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5613		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5614		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5615		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5616		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5617		set_ua = 1;
5618	}
5619	if (set_ua != 0)
5620		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5621	mtx_unlock(&lun->lun_lock);
5622
5623	return (0);
5624}
5625
5626int
5627ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5628				struct ctl_page_index *page_index,
5629				uint8_t *page_ptr)
5630{
5631	uint8_t *c;
5632	int i;
5633
5634	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5635	ctl_time_io_secs =
5636		(c[0] << 8) |
5637		(c[1] << 0) |
5638		0;
5639	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5640	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5641	printf("page data:");
5642	for (i=0; i<8; i++)
5643		printf(" %.2x",page_ptr[i]);
5644	printf("\n");
5645	return (0);
5646}
5647
5648int
5649ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5650			       struct ctl_page_index *page_index,
5651			       int pc)
5652{
5653	struct copan_debugconf_subpage *page;
5654
5655	page = (struct copan_debugconf_subpage *)page_index->page_data +
5656		(page_index->page_len * pc);
5657
5658	switch (pc) {
5659	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5660	case SMS_PAGE_CTRL_DEFAULT >> 6:
5661	case SMS_PAGE_CTRL_SAVED >> 6:
5662		/*
5663		 * We don't update the changable or default bits for this page.
5664		 */
5665		break;
5666	case SMS_PAGE_CTRL_CURRENT >> 6:
5667		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5668		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5669		break;
5670	default:
5671#ifdef NEEDTOPORT
5672		EPRINT(0, "Invalid PC %d!!", pc);
5673#endif /* NEEDTOPORT */
5674		break;
5675	}
5676	return (0);
5677}
5678
5679
5680static int
5681ctl_do_mode_select(union ctl_io *io)
5682{
5683	struct scsi_mode_page_header *page_header;
5684	struct ctl_page_index *page_index;
5685	struct ctl_scsiio *ctsio;
5686	int control_dev, page_len;
5687	int page_len_offset, page_len_size;
5688	union ctl_modepage_info *modepage_info;
5689	struct ctl_lun *lun;
5690	int *len_left, *len_used;
5691	int retval, i;
5692
5693	ctsio = &io->scsiio;
5694	page_index = NULL;
5695	page_len = 0;
5696	retval = CTL_RETVAL_COMPLETE;
5697
5698	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5699
5700	if (lun->be_lun->lun_type != T_DIRECT)
5701		control_dev = 1;
5702	else
5703		control_dev = 0;
5704
5705	modepage_info = (union ctl_modepage_info *)
5706		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5707	len_left = &modepage_info->header.len_left;
5708	len_used = &modepage_info->header.len_used;
5709
5710do_next_page:
5711
5712	page_header = (struct scsi_mode_page_header *)
5713		(ctsio->kern_data_ptr + *len_used);
5714
5715	if (*len_left == 0) {
5716		free(ctsio->kern_data_ptr, M_CTL);
5717		ctl_set_success(ctsio);
5718		ctl_done((union ctl_io *)ctsio);
5719		return (CTL_RETVAL_COMPLETE);
5720	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5721
5722		free(ctsio->kern_data_ptr, M_CTL);
5723		ctl_set_param_len_error(ctsio);
5724		ctl_done((union ctl_io *)ctsio);
5725		return (CTL_RETVAL_COMPLETE);
5726
5727	} else if ((page_header->page_code & SMPH_SPF)
5728		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5729
5730		free(ctsio->kern_data_ptr, M_CTL);
5731		ctl_set_param_len_error(ctsio);
5732		ctl_done((union ctl_io *)ctsio);
5733		return (CTL_RETVAL_COMPLETE);
5734	}
5735
5736
5737	/*
5738	 * XXX KDM should we do something with the block descriptor?
5739	 */
5740	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5741
5742		if ((control_dev != 0)
5743		 && (lun->mode_pages.index[i].page_flags &
5744		     CTL_PAGE_FLAG_DISK_ONLY))
5745			continue;
5746
5747		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5748		    (page_header->page_code & SMPH_PC_MASK))
5749			continue;
5750
5751		/*
5752		 * If neither page has a subpage code, then we've got a
5753		 * match.
5754		 */
5755		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5756		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5757			page_index = &lun->mode_pages.index[i];
5758			page_len = page_header->page_length;
5759			break;
5760		}
5761
5762		/*
5763		 * If both pages have subpages, then the subpage numbers
5764		 * have to match.
5765		 */
5766		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5767		  && (page_header->page_code & SMPH_SPF)) {
5768			struct scsi_mode_page_header_sp *sph;
5769
5770			sph = (struct scsi_mode_page_header_sp *)page_header;
5771
5772			if (lun->mode_pages.index[i].subpage ==
5773			    sph->subpage) {
5774				page_index = &lun->mode_pages.index[i];
5775				page_len = scsi_2btoul(sph->page_length);
5776				break;
5777			}
5778		}
5779	}
5780
5781	/*
5782	 * If we couldn't find the page, or if we don't have a mode select
5783	 * handler for it, send back an error to the user.
5784	 */
5785	if ((page_index == NULL)
5786	 || (page_index->select_handler == NULL)) {
5787		ctl_set_invalid_field(ctsio,
5788				      /*sks_valid*/ 1,
5789				      /*command*/ 0,
5790				      /*field*/ *len_used,
5791				      /*bit_valid*/ 0,
5792				      /*bit*/ 0);
5793		free(ctsio->kern_data_ptr, M_CTL);
5794		ctl_done((union ctl_io *)ctsio);
5795		return (CTL_RETVAL_COMPLETE);
5796	}
5797
5798	if (page_index->page_code & SMPH_SPF) {
5799		page_len_offset = 2;
5800		page_len_size = 2;
5801	} else {
5802		page_len_size = 1;
5803		page_len_offset = 1;
5804	}
5805
5806	/*
5807	 * If the length the initiator gives us isn't the one we specify in
5808	 * the mode page header, or if they didn't specify enough data in
5809	 * the CDB to avoid truncating this page, kick out the request.
5810	 */
5811	if ((page_len != (page_index->page_len - page_len_offset -
5812			  page_len_size))
5813	 || (*len_left < page_index->page_len)) {
5814
5815
5816		ctl_set_invalid_field(ctsio,
5817				      /*sks_valid*/ 1,
5818				      /*command*/ 0,
5819				      /*field*/ *len_used + page_len_offset,
5820				      /*bit_valid*/ 0,
5821				      /*bit*/ 0);
5822		free(ctsio->kern_data_ptr, M_CTL);
5823		ctl_done((union ctl_io *)ctsio);
5824		return (CTL_RETVAL_COMPLETE);
5825	}
5826
5827	/*
5828	 * Run through the mode page, checking to make sure that the bits
5829	 * the user changed are actually legal for him to change.
5830	 */
5831	for (i = 0; i < page_index->page_len; i++) {
5832		uint8_t *user_byte, *change_mask, *current_byte;
5833		int bad_bit;
5834		int j;
5835
5836		user_byte = (uint8_t *)page_header + i;
5837		change_mask = page_index->page_data +
5838			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
5839		current_byte = page_index->page_data +
5840			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
5841
5842		/*
5843		 * Check to see whether the user set any bits in this byte
5844		 * that he is not allowed to set.
5845		 */
5846		if ((*user_byte & ~(*change_mask)) ==
5847		    (*current_byte & ~(*change_mask)))
5848			continue;
5849
5850		/*
5851		 * Go through bit by bit to determine which one is illegal.
5852		 */
5853		bad_bit = 0;
5854		for (j = 7; j >= 0; j--) {
5855			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
5856			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
5857				bad_bit = i;
5858				break;
5859			}
5860		}
5861		ctl_set_invalid_field(ctsio,
5862				      /*sks_valid*/ 1,
5863				      /*command*/ 0,
5864				      /*field*/ *len_used + i,
5865				      /*bit_valid*/ 1,
5866				      /*bit*/ bad_bit);
5867		free(ctsio->kern_data_ptr, M_CTL);
5868		ctl_done((union ctl_io *)ctsio);
5869		return (CTL_RETVAL_COMPLETE);
5870	}
5871
5872	/*
5873	 * Decrement these before we call the page handler, since we may
5874	 * end up getting called back one way or another before the handler
5875	 * returns to this context.
5876	 */
5877	*len_left -= page_index->page_len;
5878	*len_used += page_index->page_len;
5879
5880	retval = page_index->select_handler(ctsio, page_index,
5881					    (uint8_t *)page_header);
5882
5883	/*
5884	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
5885	 * wait until this queued command completes to finish processing
5886	 * the mode page.  If it returns anything other than
5887	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
5888	 * already set the sense information, freed the data pointer, and
5889	 * completed the io for us.
5890	 */
5891	if (retval != CTL_RETVAL_COMPLETE)
5892		goto bailout_no_done;
5893
5894	/*
5895	 * If the initiator sent us more than one page, parse the next one.
5896	 */
5897	if (*len_left > 0)
5898		goto do_next_page;
5899
5900	ctl_set_success(ctsio);
5901	free(ctsio->kern_data_ptr, M_CTL);
5902	ctl_done((union ctl_io *)ctsio);
5903
5904bailout_no_done:
5905
5906	return (CTL_RETVAL_COMPLETE);
5907
5908}
5909
5910int
5911ctl_mode_select(struct ctl_scsiio *ctsio)
5912{
5913	int param_len, pf, sp;
5914	int header_size, bd_len;
5915	int len_left, len_used;
5916	struct ctl_page_index *page_index;
5917	struct ctl_lun *lun;
5918	int control_dev, page_len;
5919	union ctl_modepage_info *modepage_info;
5920	int retval;
5921
5922	pf = 0;
5923	sp = 0;
5924	page_len = 0;
5925	len_used = 0;
5926	len_left = 0;
5927	retval = 0;
5928	bd_len = 0;
5929	page_index = NULL;
5930
5931	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5932
5933	if (lun->be_lun->lun_type != T_DIRECT)
5934		control_dev = 1;
5935	else
5936		control_dev = 0;
5937
5938	switch (ctsio->cdb[0]) {
5939	case MODE_SELECT_6: {
5940		struct scsi_mode_select_6 *cdb;
5941
5942		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
5943
5944		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
5945		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
5946
5947		param_len = cdb->length;
5948		header_size = sizeof(struct scsi_mode_header_6);
5949		break;
5950	}
5951	case MODE_SELECT_10: {
5952		struct scsi_mode_select_10 *cdb;
5953
5954		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
5955
5956		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
5957		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
5958
5959		param_len = scsi_2btoul(cdb->length);
5960		header_size = sizeof(struct scsi_mode_header_10);
5961		break;
5962	}
5963	default:
5964		ctl_set_invalid_opcode(ctsio);
5965		ctl_done((union ctl_io *)ctsio);
5966		return (CTL_RETVAL_COMPLETE);
5967		break; /* NOTREACHED */
5968	}
5969
5970	/*
5971	 * From SPC-3:
5972	 * "A parameter list length of zero indicates that the Data-Out Buffer
5973	 * shall be empty. This condition shall not be considered as an error."
5974	 */
5975	if (param_len == 0) {
5976		ctl_set_success(ctsio);
5977		ctl_done((union ctl_io *)ctsio);
5978		return (CTL_RETVAL_COMPLETE);
5979	}
5980
5981	/*
5982	 * Since we'll hit this the first time through, prior to
5983	 * allocation, we don't need to free a data buffer here.
5984	 */
5985	if (param_len < header_size) {
5986		ctl_set_param_len_error(ctsio);
5987		ctl_done((union ctl_io *)ctsio);
5988		return (CTL_RETVAL_COMPLETE);
5989	}
5990
5991	/*
5992	 * Allocate the data buffer and grab the user's data.  In theory,
5993	 * we shouldn't have to sanity check the parameter list length here
5994	 * because the maximum size is 64K.  We should be able to malloc
5995	 * that much without too many problems.
5996	 */
5997	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5998		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
5999		ctsio->kern_data_len = param_len;
6000		ctsio->kern_total_len = param_len;
6001		ctsio->kern_data_resid = 0;
6002		ctsio->kern_rel_offset = 0;
6003		ctsio->kern_sg_entries = 0;
6004		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6005		ctsio->be_move_done = ctl_config_move_done;
6006		ctl_datamove((union ctl_io *)ctsio);
6007
6008		return (CTL_RETVAL_COMPLETE);
6009	}
6010
6011	switch (ctsio->cdb[0]) {
6012	case MODE_SELECT_6: {
6013		struct scsi_mode_header_6 *mh6;
6014
6015		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6016		bd_len = mh6->blk_desc_len;
6017		break;
6018	}
6019	case MODE_SELECT_10: {
6020		struct scsi_mode_header_10 *mh10;
6021
6022		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6023		bd_len = scsi_2btoul(mh10->blk_desc_len);
6024		break;
6025	}
6026	default:
6027		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6028		break;
6029	}
6030
6031	if (param_len < (header_size + bd_len)) {
6032		free(ctsio->kern_data_ptr, M_CTL);
6033		ctl_set_param_len_error(ctsio);
6034		ctl_done((union ctl_io *)ctsio);
6035		return (CTL_RETVAL_COMPLETE);
6036	}
6037
6038	/*
6039	 * Set the IO_CONT flag, so that if this I/O gets passed to
6040	 * ctl_config_write_done(), it'll get passed back to
6041	 * ctl_do_mode_select() for further processing, or completion if
6042	 * we're all done.
6043	 */
6044	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6045	ctsio->io_cont = ctl_do_mode_select;
6046
6047	modepage_info = (union ctl_modepage_info *)
6048		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6049
6050	memset(modepage_info, 0, sizeof(*modepage_info));
6051
6052	len_left = param_len - header_size - bd_len;
6053	len_used = header_size + bd_len;
6054
6055	modepage_info->header.len_left = len_left;
6056	modepage_info->header.len_used = len_used;
6057
6058	return (ctl_do_mode_select((union ctl_io *)ctsio));
6059}
6060
6061int
6062ctl_mode_sense(struct ctl_scsiio *ctsio)
6063{
6064	struct ctl_lun *lun;
6065	int pc, page_code, dbd, llba, subpage;
6066	int alloc_len, page_len, header_len, total_len;
6067	struct scsi_mode_block_descr *block_desc;
6068	struct ctl_page_index *page_index;
6069	int control_dev;
6070
6071	dbd = 0;
6072	llba = 0;
6073	block_desc = NULL;
6074	page_index = NULL;
6075
6076	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6077
6078	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6079
6080	if (lun->be_lun->lun_type != T_DIRECT)
6081		control_dev = 1;
6082	else
6083		control_dev = 0;
6084
6085	switch (ctsio->cdb[0]) {
6086	case MODE_SENSE_6: {
6087		struct scsi_mode_sense_6 *cdb;
6088
6089		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6090
6091		header_len = sizeof(struct scsi_mode_hdr_6);
6092		if (cdb->byte2 & SMS_DBD)
6093			dbd = 1;
6094		else
6095			header_len += sizeof(struct scsi_mode_block_descr);
6096
6097		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6098		page_code = cdb->page & SMS_PAGE_CODE;
6099		subpage = cdb->subpage;
6100		alloc_len = cdb->length;
6101		break;
6102	}
6103	case MODE_SENSE_10: {
6104		struct scsi_mode_sense_10 *cdb;
6105
6106		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6107
6108		header_len = sizeof(struct scsi_mode_hdr_10);
6109
6110		if (cdb->byte2 & SMS_DBD)
6111			dbd = 1;
6112		else
6113			header_len += sizeof(struct scsi_mode_block_descr);
6114		if (cdb->byte2 & SMS10_LLBAA)
6115			llba = 1;
6116		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6117		page_code = cdb->page & SMS_PAGE_CODE;
6118		subpage = cdb->subpage;
6119		alloc_len = scsi_2btoul(cdb->length);
6120		break;
6121	}
6122	default:
6123		ctl_set_invalid_opcode(ctsio);
6124		ctl_done((union ctl_io *)ctsio);
6125		return (CTL_RETVAL_COMPLETE);
6126		break; /* NOTREACHED */
6127	}
6128
6129	/*
6130	 * We have to make a first pass through to calculate the size of
6131	 * the pages that match the user's query.  Then we allocate enough
6132	 * memory to hold it, and actually copy the data into the buffer.
6133	 */
6134	switch (page_code) {
6135	case SMS_ALL_PAGES_PAGE: {
6136		int i;
6137
6138		page_len = 0;
6139
6140		/*
6141		 * At the moment, values other than 0 and 0xff here are
6142		 * reserved according to SPC-3.
6143		 */
6144		if ((subpage != SMS_SUBPAGE_PAGE_0)
6145		 && (subpage != SMS_SUBPAGE_ALL)) {
6146			ctl_set_invalid_field(ctsio,
6147					      /*sks_valid*/ 1,
6148					      /*command*/ 1,
6149					      /*field*/ 3,
6150					      /*bit_valid*/ 0,
6151					      /*bit*/ 0);
6152			ctl_done((union ctl_io *)ctsio);
6153			return (CTL_RETVAL_COMPLETE);
6154		}
6155
6156		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6157			if ((control_dev != 0)
6158			 && (lun->mode_pages.index[i].page_flags &
6159			     CTL_PAGE_FLAG_DISK_ONLY))
6160				continue;
6161
6162			/*
6163			 * We don't use this subpage if the user didn't
6164			 * request all subpages.
6165			 */
6166			if ((lun->mode_pages.index[i].subpage != 0)
6167			 && (subpage == SMS_SUBPAGE_PAGE_0))
6168				continue;
6169
6170#if 0
6171			printf("found page %#x len %d\n",
6172			       lun->mode_pages.index[i].page_code &
6173			       SMPH_PC_MASK,
6174			       lun->mode_pages.index[i].page_len);
6175#endif
6176			page_len += lun->mode_pages.index[i].page_len;
6177		}
6178		break;
6179	}
6180	default: {
6181		int i;
6182
6183		page_len = 0;
6184
6185		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6186			/* Look for the right page code */
6187			if ((lun->mode_pages.index[i].page_code &
6188			     SMPH_PC_MASK) != page_code)
6189				continue;
6190
6191			/* Look for the right subpage or the subpage wildcard*/
6192			if ((lun->mode_pages.index[i].subpage != subpage)
6193			 && (subpage != SMS_SUBPAGE_ALL))
6194				continue;
6195
6196			/* Make sure the page is supported for this dev type */
6197			if ((control_dev != 0)
6198			 && (lun->mode_pages.index[i].page_flags &
6199			     CTL_PAGE_FLAG_DISK_ONLY))
6200				continue;
6201
6202#if 0
6203			printf("found page %#x len %d\n",
6204			       lun->mode_pages.index[i].page_code &
6205			       SMPH_PC_MASK,
6206			       lun->mode_pages.index[i].page_len);
6207#endif
6208
6209			page_len += lun->mode_pages.index[i].page_len;
6210		}
6211
6212		if (page_len == 0) {
6213			ctl_set_invalid_field(ctsio,
6214					      /*sks_valid*/ 1,
6215					      /*command*/ 1,
6216					      /*field*/ 2,
6217					      /*bit_valid*/ 1,
6218					      /*bit*/ 5);
6219			ctl_done((union ctl_io *)ctsio);
6220			return (CTL_RETVAL_COMPLETE);
6221		}
6222		break;
6223	}
6224	}
6225
6226	total_len = header_len + page_len;
6227#if 0
6228	printf("header_len = %d, page_len = %d, total_len = %d\n",
6229	       header_len, page_len, total_len);
6230#endif
6231
6232	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6233	ctsio->kern_sg_entries = 0;
6234	ctsio->kern_data_resid = 0;
6235	ctsio->kern_rel_offset = 0;
6236	if (total_len < alloc_len) {
6237		ctsio->residual = alloc_len - total_len;
6238		ctsio->kern_data_len = total_len;
6239		ctsio->kern_total_len = total_len;
6240	} else {
6241		ctsio->residual = 0;
6242		ctsio->kern_data_len = alloc_len;
6243		ctsio->kern_total_len = alloc_len;
6244	}
6245
6246	switch (ctsio->cdb[0]) {
6247	case MODE_SENSE_6: {
6248		struct scsi_mode_hdr_6 *header;
6249
6250		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6251
6252		header->datalen = MIN(total_len - 1, 254);
6253		if (control_dev == 0) {
6254			header->dev_specific = 0x10; /* DPOFUA */
6255			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6256			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6257			    .eca_and_aen & SCP_SWP) != 0)
6258				    header->dev_specific |= 0x80; /* WP */
6259		}
6260		if (dbd)
6261			header->block_descr_len = 0;
6262		else
6263			header->block_descr_len =
6264				sizeof(struct scsi_mode_block_descr);
6265		block_desc = (struct scsi_mode_block_descr *)&header[1];
6266		break;
6267	}
6268	case MODE_SENSE_10: {
6269		struct scsi_mode_hdr_10 *header;
6270		int datalen;
6271
6272		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6273
6274		datalen = MIN(total_len - 2, 65533);
6275		scsi_ulto2b(datalen, header->datalen);
6276		if (control_dev == 0) {
6277			header->dev_specific = 0x10; /* DPOFUA */
6278			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6279			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6280			    .eca_and_aen & SCP_SWP) != 0)
6281				    header->dev_specific |= 0x80; /* WP */
6282		}
6283		if (dbd)
6284			scsi_ulto2b(0, header->block_descr_len);
6285		else
6286			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6287				    header->block_descr_len);
6288		block_desc = (struct scsi_mode_block_descr *)&header[1];
6289		break;
6290	}
6291	default:
6292		panic("invalid CDB type %#x", ctsio->cdb[0]);
6293		break; /* NOTREACHED */
6294	}
6295
6296	/*
6297	 * If we've got a disk, use its blocksize in the block
6298	 * descriptor.  Otherwise, just set it to 0.
6299	 */
6300	if (dbd == 0) {
6301		if (control_dev == 0)
6302			scsi_ulto3b(lun->be_lun->blocksize,
6303				    block_desc->block_len);
6304		else
6305			scsi_ulto3b(0, block_desc->block_len);
6306	}
6307
6308	switch (page_code) {
6309	case SMS_ALL_PAGES_PAGE: {
6310		int i, data_used;
6311
6312		data_used = header_len;
6313		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6314			struct ctl_page_index *page_index;
6315
6316			page_index = &lun->mode_pages.index[i];
6317
6318			if ((control_dev != 0)
6319			 && (page_index->page_flags &
6320			    CTL_PAGE_FLAG_DISK_ONLY))
6321				continue;
6322
6323			/*
6324			 * We don't use this subpage if the user didn't
6325			 * request all subpages.  We already checked (above)
6326			 * to make sure the user only specified a subpage
6327			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6328			 */
6329			if ((page_index->subpage != 0)
6330			 && (subpage == SMS_SUBPAGE_PAGE_0))
6331				continue;
6332
6333			/*
6334			 * Call the handler, if it exists, to update the
6335			 * page to the latest values.
6336			 */
6337			if (page_index->sense_handler != NULL)
6338				page_index->sense_handler(ctsio, page_index,pc);
6339
6340			memcpy(ctsio->kern_data_ptr + data_used,
6341			       page_index->page_data +
6342			       (page_index->page_len * pc),
6343			       page_index->page_len);
6344			data_used += page_index->page_len;
6345		}
6346		break;
6347	}
6348	default: {
6349		int i, data_used;
6350
6351		data_used = header_len;
6352
6353		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6354			struct ctl_page_index *page_index;
6355
6356			page_index = &lun->mode_pages.index[i];
6357
6358			/* Look for the right page code */
6359			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6360				continue;
6361
6362			/* Look for the right subpage or the subpage wildcard*/
6363			if ((page_index->subpage != subpage)
6364			 && (subpage != SMS_SUBPAGE_ALL))
6365				continue;
6366
6367			/* Make sure the page is supported for this dev type */
6368			if ((control_dev != 0)
6369			 && (page_index->page_flags &
6370			     CTL_PAGE_FLAG_DISK_ONLY))
6371				continue;
6372
6373			/*
6374			 * Call the handler, if it exists, to update the
6375			 * page to the latest values.
6376			 */
6377			if (page_index->sense_handler != NULL)
6378				page_index->sense_handler(ctsio, page_index,pc);
6379
6380			memcpy(ctsio->kern_data_ptr + data_used,
6381			       page_index->page_data +
6382			       (page_index->page_len * pc),
6383			       page_index->page_len);
6384			data_used += page_index->page_len;
6385		}
6386		break;
6387	}
6388	}
6389
6390	ctl_set_success(ctsio);
6391	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6392	ctsio->be_move_done = ctl_config_move_done;
6393	ctl_datamove((union ctl_io *)ctsio);
6394	return (CTL_RETVAL_COMPLETE);
6395}
6396
6397int
6398ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6399			       struct ctl_page_index *page_index,
6400			       int pc)
6401{
6402	struct ctl_lun *lun;
6403	struct scsi_log_param_header *phdr;
6404	uint8_t *data;
6405	uint64_t val;
6406
6407	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6408	data = page_index->page_data;
6409
6410	if (lun->backend->lun_attr != NULL &&
6411	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6412	     != UINT64_MAX) {
6413		phdr = (struct scsi_log_param_header *)data;
6414		scsi_ulto2b(0x0001, phdr->param_code);
6415		phdr->param_control = SLP_LBIN | SLP_LP;
6416		phdr->param_len = 8;
6417		data = (uint8_t *)(phdr + 1);
6418		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6419		data[4] = 0x02; /* per-pool */
6420		data += phdr->param_len;
6421	}
6422
6423	if (lun->backend->lun_attr != NULL &&
6424	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6425	     != UINT64_MAX) {
6426		phdr = (struct scsi_log_param_header *)data;
6427		scsi_ulto2b(0x0002, phdr->param_code);
6428		phdr->param_control = SLP_LBIN | SLP_LP;
6429		phdr->param_len = 8;
6430		data = (uint8_t *)(phdr + 1);
6431		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6432		data[4] = 0x01; /* per-LUN */
6433		data += phdr->param_len;
6434	}
6435
6436	if (lun->backend->lun_attr != NULL &&
6437	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6438	     != UINT64_MAX) {
6439		phdr = (struct scsi_log_param_header *)data;
6440		scsi_ulto2b(0x00f1, phdr->param_code);
6441		phdr->param_control = SLP_LBIN | SLP_LP;
6442		phdr->param_len = 8;
6443		data = (uint8_t *)(phdr + 1);
6444		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6445		data[4] = 0x02; /* per-pool */
6446		data += phdr->param_len;
6447	}
6448
6449	if (lun->backend->lun_attr != NULL &&
6450	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6451	     != UINT64_MAX) {
6452		phdr = (struct scsi_log_param_header *)data;
6453		scsi_ulto2b(0x00f2, phdr->param_code);
6454		phdr->param_control = SLP_LBIN | SLP_LP;
6455		phdr->param_len = 8;
6456		data = (uint8_t *)(phdr + 1);
6457		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6458		data[4] = 0x02; /* per-pool */
6459		data += phdr->param_len;
6460	}
6461
6462	page_index->page_len = data - page_index->page_data;
6463	return (0);
6464}
6465
6466int
6467ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6468			       struct ctl_page_index *page_index,
6469			       int pc)
6470{
6471	struct ctl_lun *lun;
6472	struct stat_page *data;
6473	uint64_t rn, wn, rb, wb;
6474	struct bintime rt, wt;
6475	int i;
6476
6477	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6478	data = (struct stat_page *)page_index->page_data;
6479
6480	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6481	data->sap.hdr.param_control = SLP_LBIN;
6482	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6483	    sizeof(struct scsi_log_param_header);
6484	rn = wn = rb = wb = 0;
6485	bintime_clear(&rt);
6486	bintime_clear(&wt);
6487	for (i = 0; i < CTL_MAX_PORTS; i++) {
6488		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6489		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6490		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6491		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6492		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6493		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6494	}
6495	scsi_u64to8b(rn, data->sap.read_num);
6496	scsi_u64to8b(wn, data->sap.write_num);
6497	if (lun->stats.blocksize > 0) {
6498		scsi_u64to8b(wb / lun->stats.blocksize,
6499		    data->sap.recvieved_lba);
6500		scsi_u64to8b(rb / lun->stats.blocksize,
6501		    data->sap.transmitted_lba);
6502	}
6503	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6504	    data->sap.read_int);
6505	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6506	    data->sap.write_int);
6507	scsi_u64to8b(0, data->sap.weighted_num);
6508	scsi_u64to8b(0, data->sap.weighted_int);
6509	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6510	data->it.hdr.param_control = SLP_LBIN;
6511	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6512	    sizeof(struct scsi_log_param_header);
6513#ifdef CTL_TIME_IO
6514	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6515#endif
6516	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6517	data->it.hdr.param_control = SLP_LBIN;
6518	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6519	    sizeof(struct scsi_log_param_header);
6520	scsi_ulto4b(3, data->ti.exponent);
6521	scsi_ulto4b(1, data->ti.integer);
6522
6523	page_index->page_len = sizeof(*data);
6524	return (0);
6525}
6526
6527int
6528ctl_log_sense(struct ctl_scsiio *ctsio)
6529{
6530	struct ctl_lun *lun;
6531	int i, pc, page_code, subpage;
6532	int alloc_len, total_len;
6533	struct ctl_page_index *page_index;
6534	struct scsi_log_sense *cdb;
6535	struct scsi_log_header *header;
6536
6537	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6538
6539	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6540	cdb = (struct scsi_log_sense *)ctsio->cdb;
6541	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6542	page_code = cdb->page & SLS_PAGE_CODE;
6543	subpage = cdb->subpage;
6544	alloc_len = scsi_2btoul(cdb->length);
6545
6546	page_index = NULL;
6547	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6548		page_index = &lun->log_pages.index[i];
6549
6550		/* Look for the right page code */
6551		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6552			continue;
6553
6554		/* Look for the right subpage or the subpage wildcard*/
6555		if (page_index->subpage != subpage)
6556			continue;
6557
6558		break;
6559	}
6560	if (i >= CTL_NUM_LOG_PAGES) {
6561		ctl_set_invalid_field(ctsio,
6562				      /*sks_valid*/ 1,
6563				      /*command*/ 1,
6564				      /*field*/ 2,
6565				      /*bit_valid*/ 0,
6566				      /*bit*/ 0);
6567		ctl_done((union ctl_io *)ctsio);
6568		return (CTL_RETVAL_COMPLETE);
6569	}
6570
6571	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6572
6573	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6574	ctsio->kern_sg_entries = 0;
6575	ctsio->kern_data_resid = 0;
6576	ctsio->kern_rel_offset = 0;
6577	if (total_len < alloc_len) {
6578		ctsio->residual = alloc_len - total_len;
6579		ctsio->kern_data_len = total_len;
6580		ctsio->kern_total_len = total_len;
6581	} else {
6582		ctsio->residual = 0;
6583		ctsio->kern_data_len = alloc_len;
6584		ctsio->kern_total_len = alloc_len;
6585	}
6586
6587	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6588	header->page = page_index->page_code;
6589	if (page_index->subpage) {
6590		header->page |= SL_SPF;
6591		header->subpage = page_index->subpage;
6592	}
6593	scsi_ulto2b(page_index->page_len, header->datalen);
6594
6595	/*
6596	 * Call the handler, if it exists, to update the
6597	 * page to the latest values.
6598	 */
6599	if (page_index->sense_handler != NULL)
6600		page_index->sense_handler(ctsio, page_index, pc);
6601
6602	memcpy(header + 1, page_index->page_data, page_index->page_len);
6603
6604	ctl_set_success(ctsio);
6605	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6606	ctsio->be_move_done = ctl_config_move_done;
6607	ctl_datamove((union ctl_io *)ctsio);
6608	return (CTL_RETVAL_COMPLETE);
6609}
6610
6611int
6612ctl_read_capacity(struct ctl_scsiio *ctsio)
6613{
6614	struct scsi_read_capacity *cdb;
6615	struct scsi_read_capacity_data *data;
6616	struct ctl_lun *lun;
6617	uint32_t lba;
6618
6619	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6620
6621	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6622
6623	lba = scsi_4btoul(cdb->addr);
6624	if (((cdb->pmi & SRC_PMI) == 0)
6625	 && (lba != 0)) {
6626		ctl_set_invalid_field(/*ctsio*/ ctsio,
6627				      /*sks_valid*/ 1,
6628				      /*command*/ 1,
6629				      /*field*/ 2,
6630				      /*bit_valid*/ 0,
6631				      /*bit*/ 0);
6632		ctl_done((union ctl_io *)ctsio);
6633		return (CTL_RETVAL_COMPLETE);
6634	}
6635
6636	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6637
6638	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6639	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6640	ctsio->residual = 0;
6641	ctsio->kern_data_len = sizeof(*data);
6642	ctsio->kern_total_len = sizeof(*data);
6643	ctsio->kern_data_resid = 0;
6644	ctsio->kern_rel_offset = 0;
6645	ctsio->kern_sg_entries = 0;
6646
6647	/*
6648	 * If the maximum LBA is greater than 0xfffffffe, the user must
6649	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6650	 * serivce action set.
6651	 */
6652	if (lun->be_lun->maxlba > 0xfffffffe)
6653		scsi_ulto4b(0xffffffff, data->addr);
6654	else
6655		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6656
6657	/*
6658	 * XXX KDM this may not be 512 bytes...
6659	 */
6660	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6661
6662	ctl_set_success(ctsio);
6663	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6664	ctsio->be_move_done = ctl_config_move_done;
6665	ctl_datamove((union ctl_io *)ctsio);
6666	return (CTL_RETVAL_COMPLETE);
6667}
6668
6669int
6670ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6671{
6672	struct scsi_read_capacity_16 *cdb;
6673	struct scsi_read_capacity_data_long *data;
6674	struct ctl_lun *lun;
6675	uint64_t lba;
6676	uint32_t alloc_len;
6677
6678	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6679
6680	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6681
6682	alloc_len = scsi_4btoul(cdb->alloc_len);
6683	lba = scsi_8btou64(cdb->addr);
6684
6685	if ((cdb->reladr & SRC16_PMI)
6686	 && (lba != 0)) {
6687		ctl_set_invalid_field(/*ctsio*/ ctsio,
6688				      /*sks_valid*/ 1,
6689				      /*command*/ 1,
6690				      /*field*/ 2,
6691				      /*bit_valid*/ 0,
6692				      /*bit*/ 0);
6693		ctl_done((union ctl_io *)ctsio);
6694		return (CTL_RETVAL_COMPLETE);
6695	}
6696
6697	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6698
6699	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6700	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6701
6702	if (sizeof(*data) < alloc_len) {
6703		ctsio->residual = alloc_len - sizeof(*data);
6704		ctsio->kern_data_len = sizeof(*data);
6705		ctsio->kern_total_len = sizeof(*data);
6706	} else {
6707		ctsio->residual = 0;
6708		ctsio->kern_data_len = alloc_len;
6709		ctsio->kern_total_len = alloc_len;
6710	}
6711	ctsio->kern_data_resid = 0;
6712	ctsio->kern_rel_offset = 0;
6713	ctsio->kern_sg_entries = 0;
6714
6715	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6716	/* XXX KDM this may not be 512 bytes... */
6717	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6718	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6719	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6720	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6721		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6722
6723	ctl_set_success(ctsio);
6724	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6725	ctsio->be_move_done = ctl_config_move_done;
6726	ctl_datamove((union ctl_io *)ctsio);
6727	return (CTL_RETVAL_COMPLETE);
6728}
6729
6730int
6731ctl_get_lba_status(struct ctl_scsiio *ctsio)
6732{
6733	struct scsi_get_lba_status *cdb;
6734	struct scsi_get_lba_status_data *data;
6735	struct ctl_lun *lun;
6736	struct ctl_lba_len_flags *lbalen;
6737	uint64_t lba;
6738	uint32_t alloc_len, total_len;
6739	int retval;
6740
6741	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6742
6743	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6744	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6745	lba = scsi_8btou64(cdb->addr);
6746	alloc_len = scsi_4btoul(cdb->alloc_len);
6747
6748	if (lba > lun->be_lun->maxlba) {
6749		ctl_set_lba_out_of_range(ctsio);
6750		ctl_done((union ctl_io *)ctsio);
6751		return (CTL_RETVAL_COMPLETE);
6752	}
6753
6754	total_len = sizeof(*data) + sizeof(data->descr[0]);
6755	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6756	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6757
6758	if (total_len < alloc_len) {
6759		ctsio->residual = alloc_len - total_len;
6760		ctsio->kern_data_len = total_len;
6761		ctsio->kern_total_len = total_len;
6762	} else {
6763		ctsio->residual = 0;
6764		ctsio->kern_data_len = alloc_len;
6765		ctsio->kern_total_len = alloc_len;
6766	}
6767	ctsio->kern_data_resid = 0;
6768	ctsio->kern_rel_offset = 0;
6769	ctsio->kern_sg_entries = 0;
6770
6771	/* Fill dummy data in case backend can't tell anything. */
6772	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6773	scsi_u64to8b(lba, data->descr[0].addr);
6774	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6775	    data->descr[0].length);
6776	data->descr[0].status = 0; /* Mapped or unknown. */
6777
6778	ctl_set_success(ctsio);
6779	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6780	ctsio->be_move_done = ctl_config_move_done;
6781
6782	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6783	lbalen->lba = lba;
6784	lbalen->len = total_len;
6785	lbalen->flags = 0;
6786	retval = lun->backend->config_read((union ctl_io *)ctsio);
6787	return (CTL_RETVAL_COMPLETE);
6788}
6789
6790int
6791ctl_read_defect(struct ctl_scsiio *ctsio)
6792{
6793	struct scsi_read_defect_data_10 *ccb10;
6794	struct scsi_read_defect_data_12 *ccb12;
6795	struct scsi_read_defect_data_hdr_10 *data10;
6796	struct scsi_read_defect_data_hdr_12 *data12;
6797	uint32_t alloc_len, data_len;
6798	uint8_t format;
6799
6800	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6801
6802	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6803		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6804		format = ccb10->format;
6805		alloc_len = scsi_2btoul(ccb10->alloc_length);
6806		data_len = sizeof(*data10);
6807	} else {
6808		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6809		format = ccb12->format;
6810		alloc_len = scsi_4btoul(ccb12->alloc_length);
6811		data_len = sizeof(*data12);
6812	}
6813	if (alloc_len == 0) {
6814		ctl_set_success(ctsio);
6815		ctl_done((union ctl_io *)ctsio);
6816		return (CTL_RETVAL_COMPLETE);
6817	}
6818
6819	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6820	if (data_len < alloc_len) {
6821		ctsio->residual = alloc_len - data_len;
6822		ctsio->kern_data_len = data_len;
6823		ctsio->kern_total_len = data_len;
6824	} else {
6825		ctsio->residual = 0;
6826		ctsio->kern_data_len = alloc_len;
6827		ctsio->kern_total_len = alloc_len;
6828	}
6829	ctsio->kern_data_resid = 0;
6830	ctsio->kern_rel_offset = 0;
6831	ctsio->kern_sg_entries = 0;
6832
6833	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6834		data10 = (struct scsi_read_defect_data_hdr_10 *)
6835		    ctsio->kern_data_ptr;
6836		data10->format = format;
6837		scsi_ulto2b(0, data10->length);
6838	} else {
6839		data12 = (struct scsi_read_defect_data_hdr_12 *)
6840		    ctsio->kern_data_ptr;
6841		data12->format = format;
6842		scsi_ulto2b(0, data12->generation);
6843		scsi_ulto4b(0, data12->length);
6844	}
6845
6846	ctl_set_success(ctsio);
6847	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6848	ctsio->be_move_done = ctl_config_move_done;
6849	ctl_datamove((union ctl_io *)ctsio);
6850	return (CTL_RETVAL_COMPLETE);
6851}
6852
6853int
6854ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
6855{
6856	struct scsi_maintenance_in *cdb;
6857	int retval;
6858	int alloc_len, ext, total_len = 0, g, p, pc, pg, gs, os;
6859	int num_target_port_groups, num_target_ports;
6860	struct ctl_lun *lun;
6861	struct ctl_softc *softc;
6862	struct ctl_port *port;
6863	struct scsi_target_group_data *rtg_ptr;
6864	struct scsi_target_group_data_extended *rtg_ext_ptr;
6865	struct scsi_target_port_group_descriptor *tpg_desc;
6866
6867	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
6868
6869	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
6870	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6871	softc = lun->ctl_softc;
6872
6873	retval = CTL_RETVAL_COMPLETE;
6874
6875	switch (cdb->byte2 & STG_PDF_MASK) {
6876	case STG_PDF_LENGTH:
6877		ext = 0;
6878		break;
6879	case STG_PDF_EXTENDED:
6880		ext = 1;
6881		break;
6882	default:
6883		ctl_set_invalid_field(/*ctsio*/ ctsio,
6884				      /*sks_valid*/ 1,
6885				      /*command*/ 1,
6886				      /*field*/ 2,
6887				      /*bit_valid*/ 1,
6888				      /*bit*/ 5);
6889		ctl_done((union ctl_io *)ctsio);
6890		return(retval);
6891	}
6892
6893	if (softc->is_single)
6894		num_target_port_groups = 1;
6895	else
6896		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
6897	num_target_ports = 0;
6898	mtx_lock(&softc->ctl_lock);
6899	STAILQ_FOREACH(port, &softc->port_list, links) {
6900		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
6901			continue;
6902		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
6903			continue;
6904		num_target_ports++;
6905	}
6906	mtx_unlock(&softc->ctl_lock);
6907
6908	if (ext)
6909		total_len = sizeof(struct scsi_target_group_data_extended);
6910	else
6911		total_len = sizeof(struct scsi_target_group_data);
6912	total_len += sizeof(struct scsi_target_port_group_descriptor) *
6913		num_target_port_groups +
6914	    sizeof(struct scsi_target_port_descriptor) *
6915		num_target_ports * num_target_port_groups;
6916
6917	alloc_len = scsi_4btoul(cdb->length);
6918
6919	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6920
6921	ctsio->kern_sg_entries = 0;
6922
6923	if (total_len < alloc_len) {
6924		ctsio->residual = alloc_len - total_len;
6925		ctsio->kern_data_len = total_len;
6926		ctsio->kern_total_len = total_len;
6927	} else {
6928		ctsio->residual = 0;
6929		ctsio->kern_data_len = alloc_len;
6930		ctsio->kern_total_len = alloc_len;
6931	}
6932	ctsio->kern_data_resid = 0;
6933	ctsio->kern_rel_offset = 0;
6934
6935	if (ext) {
6936		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
6937		    ctsio->kern_data_ptr;
6938		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
6939		rtg_ext_ptr->format_type = 0x10;
6940		rtg_ext_ptr->implicit_transition_time = 0;
6941		tpg_desc = &rtg_ext_ptr->groups[0];
6942	} else {
6943		rtg_ptr = (struct scsi_target_group_data *)
6944		    ctsio->kern_data_ptr;
6945		scsi_ulto4b(total_len - 4, rtg_ptr->length);
6946		tpg_desc = &rtg_ptr->groups[0];
6947	}
6948
6949	mtx_lock(&softc->ctl_lock);
6950	pg = softc->port_offset / CTL_MAX_PORTS;
6951	if (softc->flags & CTL_FLAG_ACTIVE_SHELF) {
6952		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY) {
6953			gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
6954			os = TPG_ASYMMETRIC_ACCESS_STANDBY;
6955		} else if (lun->flags & CTL_LUN_PRIMARY_SC) {
6956			gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
6957			os = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6958		} else {
6959			gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6960			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
6961		}
6962	} else {
6963		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
6964		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
6965	}
6966	for (g = 0; g < num_target_port_groups; g++) {
6967		tpg_desc->pref_state = (g == pg) ? gs : os;
6968		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP;
6969		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
6970		tpg_desc->status = TPG_IMPLICIT;
6971		pc = 0;
6972		STAILQ_FOREACH(port, &softc->port_list, links) {
6973			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
6974				continue;
6975			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
6976				continue;
6977			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
6978			scsi_ulto2b(p, tpg_desc->descriptors[pc].
6979			    relative_target_port_identifier);
6980			pc++;
6981		}
6982		tpg_desc->target_port_count = pc;
6983		tpg_desc = (struct scsi_target_port_group_descriptor *)
6984		    &tpg_desc->descriptors[pc];
6985	}
6986	mtx_unlock(&softc->ctl_lock);
6987
6988	ctl_set_success(ctsio);
6989	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6990	ctsio->be_move_done = ctl_config_move_done;
6991	ctl_datamove((union ctl_io *)ctsio);
6992	return(retval);
6993}
6994
6995int
6996ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
6997{
6998	struct ctl_lun *lun;
6999	struct scsi_report_supported_opcodes *cdb;
7000	const struct ctl_cmd_entry *entry, *sentry;
7001	struct scsi_report_supported_opcodes_all *all;
7002	struct scsi_report_supported_opcodes_descr *descr;
7003	struct scsi_report_supported_opcodes_one *one;
7004	int retval;
7005	int alloc_len, total_len;
7006	int opcode, service_action, i, j, num;
7007
7008	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7009
7010	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7011	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7012
7013	retval = CTL_RETVAL_COMPLETE;
7014
7015	opcode = cdb->requested_opcode;
7016	service_action = scsi_2btoul(cdb->requested_service_action);
7017	switch (cdb->options & RSO_OPTIONS_MASK) {
7018	case RSO_OPTIONS_ALL:
7019		num = 0;
7020		for (i = 0; i < 256; i++) {
7021			entry = &ctl_cmd_table[i];
7022			if (entry->flags & CTL_CMD_FLAG_SA5) {
7023				for (j = 0; j < 32; j++) {
7024					sentry = &((const struct ctl_cmd_entry *)
7025					    entry->execute)[j];
7026					if (ctl_cmd_applicable(
7027					    lun->be_lun->lun_type, sentry))
7028						num++;
7029				}
7030			} else {
7031				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7032				    entry))
7033					num++;
7034			}
7035		}
7036		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7037		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7038		break;
7039	case RSO_OPTIONS_OC:
7040		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7041			ctl_set_invalid_field(/*ctsio*/ ctsio,
7042					      /*sks_valid*/ 1,
7043					      /*command*/ 1,
7044					      /*field*/ 2,
7045					      /*bit_valid*/ 1,
7046					      /*bit*/ 2);
7047			ctl_done((union ctl_io *)ctsio);
7048			return (CTL_RETVAL_COMPLETE);
7049		}
7050		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7051		break;
7052	case RSO_OPTIONS_OC_SA:
7053		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7054		    service_action >= 32) {
7055			ctl_set_invalid_field(/*ctsio*/ ctsio,
7056					      /*sks_valid*/ 1,
7057					      /*command*/ 1,
7058					      /*field*/ 2,
7059					      /*bit_valid*/ 1,
7060					      /*bit*/ 2);
7061			ctl_done((union ctl_io *)ctsio);
7062			return (CTL_RETVAL_COMPLETE);
7063		}
7064		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7065		break;
7066	default:
7067		ctl_set_invalid_field(/*ctsio*/ ctsio,
7068				      /*sks_valid*/ 1,
7069				      /*command*/ 1,
7070				      /*field*/ 2,
7071				      /*bit_valid*/ 1,
7072				      /*bit*/ 2);
7073		ctl_done((union ctl_io *)ctsio);
7074		return (CTL_RETVAL_COMPLETE);
7075	}
7076
7077	alloc_len = scsi_4btoul(cdb->length);
7078
7079	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7080
7081	ctsio->kern_sg_entries = 0;
7082
7083	if (total_len < alloc_len) {
7084		ctsio->residual = alloc_len - total_len;
7085		ctsio->kern_data_len = total_len;
7086		ctsio->kern_total_len = total_len;
7087	} else {
7088		ctsio->residual = 0;
7089		ctsio->kern_data_len = alloc_len;
7090		ctsio->kern_total_len = alloc_len;
7091	}
7092	ctsio->kern_data_resid = 0;
7093	ctsio->kern_rel_offset = 0;
7094
7095	switch (cdb->options & RSO_OPTIONS_MASK) {
7096	case RSO_OPTIONS_ALL:
7097		all = (struct scsi_report_supported_opcodes_all *)
7098		    ctsio->kern_data_ptr;
7099		num = 0;
7100		for (i = 0; i < 256; i++) {
7101			entry = &ctl_cmd_table[i];
7102			if (entry->flags & CTL_CMD_FLAG_SA5) {
7103				for (j = 0; j < 32; j++) {
7104					sentry = &((const struct ctl_cmd_entry *)
7105					    entry->execute)[j];
7106					if (!ctl_cmd_applicable(
7107					    lun->be_lun->lun_type, sentry))
7108						continue;
7109					descr = &all->descr[num++];
7110					descr->opcode = i;
7111					scsi_ulto2b(j, descr->service_action);
7112					descr->flags = RSO_SERVACTV;
7113					scsi_ulto2b(sentry->length,
7114					    descr->cdb_length);
7115				}
7116			} else {
7117				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7118				    entry))
7119					continue;
7120				descr = &all->descr[num++];
7121				descr->opcode = i;
7122				scsi_ulto2b(0, descr->service_action);
7123				descr->flags = 0;
7124				scsi_ulto2b(entry->length, descr->cdb_length);
7125			}
7126		}
7127		scsi_ulto4b(
7128		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7129		    all->length);
7130		break;
7131	case RSO_OPTIONS_OC:
7132		one = (struct scsi_report_supported_opcodes_one *)
7133		    ctsio->kern_data_ptr;
7134		entry = &ctl_cmd_table[opcode];
7135		goto fill_one;
7136	case RSO_OPTIONS_OC_SA:
7137		one = (struct scsi_report_supported_opcodes_one *)
7138		    ctsio->kern_data_ptr;
7139		entry = &ctl_cmd_table[opcode];
7140		entry = &((const struct ctl_cmd_entry *)
7141		    entry->execute)[service_action];
7142fill_one:
7143		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7144			one->support = 3;
7145			scsi_ulto2b(entry->length, one->cdb_length);
7146			one->cdb_usage[0] = opcode;
7147			memcpy(&one->cdb_usage[1], entry->usage,
7148			    entry->length - 1);
7149		} else
7150			one->support = 1;
7151		break;
7152	}
7153
7154	ctl_set_success(ctsio);
7155	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7156	ctsio->be_move_done = ctl_config_move_done;
7157	ctl_datamove((union ctl_io *)ctsio);
7158	return(retval);
7159}
7160
7161int
7162ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7163{
7164	struct scsi_report_supported_tmf *cdb;
7165	struct scsi_report_supported_tmf_data *data;
7166	int retval;
7167	int alloc_len, total_len;
7168
7169	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7170
7171	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7172
7173	retval = CTL_RETVAL_COMPLETE;
7174
7175	total_len = sizeof(struct scsi_report_supported_tmf_data);
7176	alloc_len = scsi_4btoul(cdb->length);
7177
7178	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7179
7180	ctsio->kern_sg_entries = 0;
7181
7182	if (total_len < alloc_len) {
7183		ctsio->residual = alloc_len - total_len;
7184		ctsio->kern_data_len = total_len;
7185		ctsio->kern_total_len = total_len;
7186	} else {
7187		ctsio->residual = 0;
7188		ctsio->kern_data_len = alloc_len;
7189		ctsio->kern_total_len = alloc_len;
7190	}
7191	ctsio->kern_data_resid = 0;
7192	ctsio->kern_rel_offset = 0;
7193
7194	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7195	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7196	data->byte2 |= RST_ITNRS;
7197
7198	ctl_set_success(ctsio);
7199	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7200	ctsio->be_move_done = ctl_config_move_done;
7201	ctl_datamove((union ctl_io *)ctsio);
7202	return (retval);
7203}
7204
7205int
7206ctl_report_timestamp(struct ctl_scsiio *ctsio)
7207{
7208	struct scsi_report_timestamp *cdb;
7209	struct scsi_report_timestamp_data *data;
7210	struct timeval tv;
7211	int64_t timestamp;
7212	int retval;
7213	int alloc_len, total_len;
7214
7215	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7216
7217	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7218
7219	retval = CTL_RETVAL_COMPLETE;
7220
7221	total_len = sizeof(struct scsi_report_timestamp_data);
7222	alloc_len = scsi_4btoul(cdb->length);
7223
7224	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7225
7226	ctsio->kern_sg_entries = 0;
7227
7228	if (total_len < alloc_len) {
7229		ctsio->residual = alloc_len - total_len;
7230		ctsio->kern_data_len = total_len;
7231		ctsio->kern_total_len = total_len;
7232	} else {
7233		ctsio->residual = 0;
7234		ctsio->kern_data_len = alloc_len;
7235		ctsio->kern_total_len = alloc_len;
7236	}
7237	ctsio->kern_data_resid = 0;
7238	ctsio->kern_rel_offset = 0;
7239
7240	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7241	scsi_ulto2b(sizeof(*data) - 2, data->length);
7242	data->origin = RTS_ORIG_OUTSIDE;
7243	getmicrotime(&tv);
7244	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7245	scsi_ulto4b(timestamp >> 16, data->timestamp);
7246	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7247
7248	ctl_set_success(ctsio);
7249	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7250	ctsio->be_move_done = ctl_config_move_done;
7251	ctl_datamove((union ctl_io *)ctsio);
7252	return (retval);
7253}
7254
7255int
7256ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7257{
7258	struct scsi_per_res_in *cdb;
7259	int alloc_len, total_len = 0;
7260	/* struct scsi_per_res_in_rsrv in_data; */
7261	struct ctl_lun *lun;
7262	struct ctl_softc *softc;
7263	uint64_t key;
7264
7265	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7266
7267	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7268
7269	alloc_len = scsi_2btoul(cdb->length);
7270
7271	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7272	softc = lun->ctl_softc;
7273
7274retry:
7275	mtx_lock(&lun->lun_lock);
7276	switch (cdb->action) {
7277	case SPRI_RK: /* read keys */
7278		total_len = sizeof(struct scsi_per_res_in_keys) +
7279			lun->pr_key_count *
7280			sizeof(struct scsi_per_res_key);
7281		break;
7282	case SPRI_RR: /* read reservation */
7283		if (lun->flags & CTL_LUN_PR_RESERVED)
7284			total_len = sizeof(struct scsi_per_res_in_rsrv);
7285		else
7286			total_len = sizeof(struct scsi_per_res_in_header);
7287		break;
7288	case SPRI_RC: /* report capabilities */
7289		total_len = sizeof(struct scsi_per_res_cap);
7290		break;
7291	case SPRI_RS: /* read full status */
7292		total_len = sizeof(struct scsi_per_res_in_header) +
7293		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7294		    lun->pr_key_count;
7295		break;
7296	default:
7297		panic("Invalid PR type %x", cdb->action);
7298	}
7299	mtx_unlock(&lun->lun_lock);
7300
7301	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7302
7303	if (total_len < alloc_len) {
7304		ctsio->residual = alloc_len - total_len;
7305		ctsio->kern_data_len = total_len;
7306		ctsio->kern_total_len = total_len;
7307	} else {
7308		ctsio->residual = 0;
7309		ctsio->kern_data_len = alloc_len;
7310		ctsio->kern_total_len = alloc_len;
7311	}
7312
7313	ctsio->kern_data_resid = 0;
7314	ctsio->kern_rel_offset = 0;
7315	ctsio->kern_sg_entries = 0;
7316
7317	mtx_lock(&lun->lun_lock);
7318	switch (cdb->action) {
7319	case SPRI_RK: { // read keys
7320        struct scsi_per_res_in_keys *res_keys;
7321		int i, key_count;
7322
7323		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7324
7325		/*
7326		 * We had to drop the lock to allocate our buffer, which
7327		 * leaves time for someone to come in with another
7328		 * persistent reservation.  (That is unlikely, though,
7329		 * since this should be the only persistent reservation
7330		 * command active right now.)
7331		 */
7332		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7333		    (lun->pr_key_count *
7334		     sizeof(struct scsi_per_res_key)))){
7335			mtx_unlock(&lun->lun_lock);
7336			free(ctsio->kern_data_ptr, M_CTL);
7337			printf("%s: reservation length changed, retrying\n",
7338			       __func__);
7339			goto retry;
7340		}
7341
7342		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7343
7344		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7345			     lun->pr_key_count, res_keys->header.length);
7346
7347		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7348			if ((key = ctl_get_prkey(lun, i)) == 0)
7349				continue;
7350
7351			/*
7352			 * We used lun->pr_key_count to calculate the
7353			 * size to allocate.  If it turns out the number of
7354			 * initiators with the registered flag set is
7355			 * larger than that (i.e. they haven't been kept in
7356			 * sync), we've got a problem.
7357			 */
7358			if (key_count >= lun->pr_key_count) {
7359#ifdef NEEDTOPORT
7360				csevent_log(CSC_CTL | CSC_SHELF_SW |
7361					    CTL_PR_ERROR,
7362					    csevent_LogType_Fault,
7363					    csevent_AlertLevel_Yellow,
7364					    csevent_FRU_ShelfController,
7365					    csevent_FRU_Firmware,
7366				        csevent_FRU_Unknown,
7367					    "registered keys %d >= key "
7368					    "count %d", key_count,
7369					    lun->pr_key_count);
7370#endif
7371				key_count++;
7372				continue;
7373			}
7374			scsi_u64to8b(key, res_keys->keys[key_count].key);
7375			key_count++;
7376		}
7377		break;
7378	}
7379	case SPRI_RR: { // read reservation
7380		struct scsi_per_res_in_rsrv *res;
7381		int tmp_len, header_only;
7382
7383		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7384
7385		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7386
7387		if (lun->flags & CTL_LUN_PR_RESERVED)
7388		{
7389			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7390			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7391				    res->header.length);
7392			header_only = 0;
7393		} else {
7394			tmp_len = sizeof(struct scsi_per_res_in_header);
7395			scsi_ulto4b(0, res->header.length);
7396			header_only = 1;
7397		}
7398
7399		/*
7400		 * We had to drop the lock to allocate our buffer, which
7401		 * leaves time for someone to come in with another
7402		 * persistent reservation.  (That is unlikely, though,
7403		 * since this should be the only persistent reservation
7404		 * command active right now.)
7405		 */
7406		if (tmp_len != total_len) {
7407			mtx_unlock(&lun->lun_lock);
7408			free(ctsio->kern_data_ptr, M_CTL);
7409			printf("%s: reservation status changed, retrying\n",
7410			       __func__);
7411			goto retry;
7412		}
7413
7414		/*
7415		 * No reservation held, so we're done.
7416		 */
7417		if (header_only != 0)
7418			break;
7419
7420		/*
7421		 * If the registration is an All Registrants type, the key
7422		 * is 0, since it doesn't really matter.
7423		 */
7424		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7425			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7426			    res->data.reservation);
7427		}
7428		res->data.scopetype = lun->res_type;
7429		break;
7430	}
7431	case SPRI_RC:     //report capabilities
7432	{
7433		struct scsi_per_res_cap *res_cap;
7434		uint16_t type_mask;
7435
7436		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7437		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7438		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7439		type_mask = SPRI_TM_WR_EX_AR |
7440			    SPRI_TM_EX_AC_RO |
7441			    SPRI_TM_WR_EX_RO |
7442			    SPRI_TM_EX_AC |
7443			    SPRI_TM_WR_EX |
7444			    SPRI_TM_EX_AC_AR;
7445		scsi_ulto2b(type_mask, res_cap->type_mask);
7446		break;
7447	}
7448	case SPRI_RS: { // read full status
7449		struct scsi_per_res_in_full *res_status;
7450		struct scsi_per_res_in_full_desc *res_desc;
7451		struct ctl_port *port;
7452		int i, len;
7453
7454		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7455
7456		/*
7457		 * We had to drop the lock to allocate our buffer, which
7458		 * leaves time for someone to come in with another
7459		 * persistent reservation.  (That is unlikely, though,
7460		 * since this should be the only persistent reservation
7461		 * command active right now.)
7462		 */
7463		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7464		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7465		     lun->pr_key_count)){
7466			mtx_unlock(&lun->lun_lock);
7467			free(ctsio->kern_data_ptr, M_CTL);
7468			printf("%s: reservation length changed, retrying\n",
7469			       __func__);
7470			goto retry;
7471		}
7472
7473		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7474
7475		res_desc = &res_status->desc[0];
7476		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7477			if ((key = ctl_get_prkey(lun, i)) == 0)
7478				continue;
7479
7480			scsi_u64to8b(key, res_desc->res_key.key);
7481			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7482			    (lun->pr_res_idx == i ||
7483			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7484				res_desc->flags = SPRI_FULL_R_HOLDER;
7485				res_desc->scopetype = lun->res_type;
7486			}
7487			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7488			    res_desc->rel_trgt_port_id);
7489			len = 0;
7490			port = softc->ctl_ports[
7491			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
7492			if (port != NULL)
7493				len = ctl_create_iid(port,
7494				    i % CTL_MAX_INIT_PER_PORT,
7495				    res_desc->transport_id);
7496			scsi_ulto4b(len, res_desc->additional_length);
7497			res_desc = (struct scsi_per_res_in_full_desc *)
7498			    &res_desc->transport_id[len];
7499		}
7500		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7501		    res_status->header.length);
7502		break;
7503	}
7504	default:
7505		/*
7506		 * This is a bug, because we just checked for this above,
7507		 * and should have returned an error.
7508		 */
7509		panic("Invalid PR type %x", cdb->action);
7510		break; /* NOTREACHED */
7511	}
7512	mtx_unlock(&lun->lun_lock);
7513
7514	ctl_set_success(ctsio);
7515	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7516	ctsio->be_move_done = ctl_config_move_done;
7517	ctl_datamove((union ctl_io *)ctsio);
7518	return (CTL_RETVAL_COMPLETE);
7519}
7520
7521static void
7522ctl_est_res_ua(struct ctl_lun *lun, uint32_t residx, ctl_ua_type ua)
7523{
7524	int off = lun->ctl_softc->persis_offset;
7525
7526	if (residx >= off && residx < off + CTL_MAX_INITIATORS)
7527		ctl_est_ua(lun, residx - off, ua);
7528}
7529
7530/*
7531 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7532 * it should return.
7533 */
7534static int
7535ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7536		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7537		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7538		struct scsi_per_res_out_parms* param)
7539{
7540	union ctl_ha_msg persis_io;
7541	int retval, i;
7542	int isc_retval;
7543
7544	retval = 0;
7545
7546	mtx_lock(&lun->lun_lock);
7547	if (sa_res_key == 0) {
7548		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7549			/* validate scope and type */
7550			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7551			     SPR_LU_SCOPE) {
7552				mtx_unlock(&lun->lun_lock);
7553				ctl_set_invalid_field(/*ctsio*/ ctsio,
7554						      /*sks_valid*/ 1,
7555						      /*command*/ 1,
7556						      /*field*/ 2,
7557						      /*bit_valid*/ 1,
7558						      /*bit*/ 4);
7559				ctl_done((union ctl_io *)ctsio);
7560				return (1);
7561			}
7562
7563		        if (type>8 || type==2 || type==4 || type==0) {
7564				mtx_unlock(&lun->lun_lock);
7565				ctl_set_invalid_field(/*ctsio*/ ctsio,
7566       	           				      /*sks_valid*/ 1,
7567						      /*command*/ 1,
7568						      /*field*/ 2,
7569						      /*bit_valid*/ 1,
7570						      /*bit*/ 0);
7571				ctl_done((union ctl_io *)ctsio);
7572				return (1);
7573		        }
7574
7575			/*
7576			 * Unregister everybody else and build UA for
7577			 * them
7578			 */
7579			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7580				if (i == residx || ctl_get_prkey(lun, i) == 0)
7581					continue;
7582
7583				ctl_clr_prkey(lun, i);
7584				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7585			}
7586			lun->pr_key_count = 1;
7587			lun->res_type = type;
7588			if (lun->res_type != SPR_TYPE_WR_EX_AR
7589			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7590				lun->pr_res_idx = residx;
7591
7592			/* send msg to other side */
7593			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7594			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7595			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7596			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7597			persis_io.pr.pr_info.res_type = type;
7598			memcpy(persis_io.pr.pr_info.sa_res_key,
7599			       param->serv_act_res_key,
7600			       sizeof(param->serv_act_res_key));
7601			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7602			     &persis_io, sizeof(persis_io), 0)) >
7603			     CTL_HA_STATUS_SUCCESS) {
7604				printf("CTL:Persis Out error returned "
7605				       "from ctl_ha_msg_send %d\n",
7606				       isc_retval);
7607			}
7608		} else {
7609			/* not all registrants */
7610			mtx_unlock(&lun->lun_lock);
7611			free(ctsio->kern_data_ptr, M_CTL);
7612			ctl_set_invalid_field(ctsio,
7613					      /*sks_valid*/ 1,
7614					      /*command*/ 0,
7615					      /*field*/ 8,
7616					      /*bit_valid*/ 0,
7617					      /*bit*/ 0);
7618			ctl_done((union ctl_io *)ctsio);
7619			return (1);
7620		}
7621	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7622		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7623		int found = 0;
7624
7625		if (res_key == sa_res_key) {
7626			/* special case */
7627			/*
7628			 * The spec implies this is not good but doesn't
7629			 * say what to do. There are two choices either
7630			 * generate a res conflict or check condition
7631			 * with illegal field in parameter data. Since
7632			 * that is what is done when the sa_res_key is
7633			 * zero I'll take that approach since this has
7634			 * to do with the sa_res_key.
7635			 */
7636			mtx_unlock(&lun->lun_lock);
7637			free(ctsio->kern_data_ptr, M_CTL);
7638			ctl_set_invalid_field(ctsio,
7639					      /*sks_valid*/ 1,
7640					      /*command*/ 0,
7641					      /*field*/ 8,
7642					      /*bit_valid*/ 0,
7643					      /*bit*/ 0);
7644			ctl_done((union ctl_io *)ctsio);
7645			return (1);
7646		}
7647
7648		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7649			if (ctl_get_prkey(lun, i) != sa_res_key)
7650				continue;
7651
7652			found = 1;
7653			ctl_clr_prkey(lun, i);
7654			lun->pr_key_count--;
7655			ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7656		}
7657		if (!found) {
7658			mtx_unlock(&lun->lun_lock);
7659			free(ctsio->kern_data_ptr, M_CTL);
7660			ctl_set_reservation_conflict(ctsio);
7661			ctl_done((union ctl_io *)ctsio);
7662			return (CTL_RETVAL_COMPLETE);
7663		}
7664		/* send msg to other side */
7665		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7666		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7667		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7668		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7669		persis_io.pr.pr_info.res_type = type;
7670		memcpy(persis_io.pr.pr_info.sa_res_key,
7671		       param->serv_act_res_key,
7672		       sizeof(param->serv_act_res_key));
7673		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7674		     &persis_io, sizeof(persis_io), 0)) >
7675		     CTL_HA_STATUS_SUCCESS) {
7676			printf("CTL:Persis Out error returned from "
7677			       "ctl_ha_msg_send %d\n", isc_retval);
7678		}
7679	} else {
7680		/* Reserved but not all registrants */
7681		/* sa_res_key is res holder */
7682		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7683			/* validate scope and type */
7684			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7685			     SPR_LU_SCOPE) {
7686				mtx_unlock(&lun->lun_lock);
7687				ctl_set_invalid_field(/*ctsio*/ ctsio,
7688						      /*sks_valid*/ 1,
7689						      /*command*/ 1,
7690						      /*field*/ 2,
7691						      /*bit_valid*/ 1,
7692						      /*bit*/ 4);
7693				ctl_done((union ctl_io *)ctsio);
7694				return (1);
7695			}
7696
7697			if (type>8 || type==2 || type==4 || type==0) {
7698				mtx_unlock(&lun->lun_lock);
7699				ctl_set_invalid_field(/*ctsio*/ ctsio,
7700						      /*sks_valid*/ 1,
7701						      /*command*/ 1,
7702						      /*field*/ 2,
7703						      /*bit_valid*/ 1,
7704						      /*bit*/ 0);
7705				ctl_done((union ctl_io *)ctsio);
7706				return (1);
7707			}
7708
7709			/*
7710			 * Do the following:
7711			 * if sa_res_key != res_key remove all
7712			 * registrants w/sa_res_key and generate UA
7713			 * for these registrants(Registrations
7714			 * Preempted) if it wasn't an exclusive
7715			 * reservation generate UA(Reservations
7716			 * Preempted) for all other registered nexuses
7717			 * if the type has changed. Establish the new
7718			 * reservation and holder. If res_key and
7719			 * sa_res_key are the same do the above
7720			 * except don't unregister the res holder.
7721			 */
7722
7723			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7724				if (i == residx || ctl_get_prkey(lun, i) == 0)
7725					continue;
7726
7727				if (sa_res_key == ctl_get_prkey(lun, i)) {
7728					ctl_clr_prkey(lun, i);
7729					lun->pr_key_count--;
7730					ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7731				} else if (type != lun->res_type
7732					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7733					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7734					ctl_est_res_ua(lun, i, CTL_UA_RES_RELEASE);
7735				}
7736			}
7737			lun->res_type = type;
7738			if (lun->res_type != SPR_TYPE_WR_EX_AR
7739			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7740				lun->pr_res_idx = residx;
7741			else
7742				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7743
7744			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7745			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7746			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7747			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7748			persis_io.pr.pr_info.res_type = type;
7749			memcpy(persis_io.pr.pr_info.sa_res_key,
7750			       param->serv_act_res_key,
7751			       sizeof(param->serv_act_res_key));
7752			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7753			     &persis_io, sizeof(persis_io), 0)) >
7754			     CTL_HA_STATUS_SUCCESS) {
7755				printf("CTL:Persis Out error returned "
7756				       "from ctl_ha_msg_send %d\n",
7757				       isc_retval);
7758			}
7759		} else {
7760			/*
7761			 * sa_res_key is not the res holder just
7762			 * remove registrants
7763			 */
7764			int found=0;
7765
7766			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7767				if (sa_res_key != ctl_get_prkey(lun, i))
7768					continue;
7769
7770				found = 1;
7771				ctl_clr_prkey(lun, i);
7772				lun->pr_key_count--;
7773				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7774			}
7775
7776			if (!found) {
7777				mtx_unlock(&lun->lun_lock);
7778				free(ctsio->kern_data_ptr, M_CTL);
7779				ctl_set_reservation_conflict(ctsio);
7780				ctl_done((union ctl_io *)ctsio);
7781		        	return (1);
7782			}
7783			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7784			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7785			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7786			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7787			persis_io.pr.pr_info.res_type = type;
7788			memcpy(persis_io.pr.pr_info.sa_res_key,
7789			       param->serv_act_res_key,
7790			       sizeof(param->serv_act_res_key));
7791			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7792			     &persis_io, sizeof(persis_io), 0)) >
7793			     CTL_HA_STATUS_SUCCESS) {
7794				printf("CTL:Persis Out error returned "
7795				       "from ctl_ha_msg_send %d\n",
7796				isc_retval);
7797			}
7798		}
7799	}
7800
7801	lun->PRGeneration++;
7802	mtx_unlock(&lun->lun_lock);
7803
7804	return (retval);
7805}
7806
7807static void
7808ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7809{
7810	uint64_t sa_res_key;
7811	int i;
7812
7813	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7814
7815	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7816	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7817	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7818		if (sa_res_key == 0) {
7819			/*
7820			 * Unregister everybody else and build UA for
7821			 * them
7822			 */
7823			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7824				if (i == msg->pr.pr_info.residx ||
7825				    ctl_get_prkey(lun, i) == 0)
7826					continue;
7827
7828				ctl_clr_prkey(lun, i);
7829				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7830			}
7831
7832			lun->pr_key_count = 1;
7833			lun->res_type = msg->pr.pr_info.res_type;
7834			if (lun->res_type != SPR_TYPE_WR_EX_AR
7835			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7836				lun->pr_res_idx = msg->pr.pr_info.residx;
7837		} else {
7838		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7839				if (sa_res_key == ctl_get_prkey(lun, i))
7840					continue;
7841
7842				ctl_clr_prkey(lun, i);
7843				lun->pr_key_count--;
7844				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7845			}
7846		}
7847	} else {
7848		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7849			if (i == msg->pr.pr_info.residx ||
7850			    ctl_get_prkey(lun, i) == 0)
7851				continue;
7852
7853			if (sa_res_key == ctl_get_prkey(lun, i)) {
7854				ctl_clr_prkey(lun, i);
7855				lun->pr_key_count--;
7856				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7857			} else if (msg->pr.pr_info.res_type != lun->res_type
7858				&& (lun->res_type == SPR_TYPE_WR_EX_RO
7859				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
7860				ctl_est_res_ua(lun, i, CTL_UA_RES_RELEASE);
7861			}
7862		}
7863		lun->res_type = msg->pr.pr_info.res_type;
7864		if (lun->res_type != SPR_TYPE_WR_EX_AR
7865		 && lun->res_type != SPR_TYPE_EX_AC_AR)
7866			lun->pr_res_idx = msg->pr.pr_info.residx;
7867		else
7868			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7869	}
7870	lun->PRGeneration++;
7871
7872}
7873
7874
7875int
7876ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
7877{
7878	int retval;
7879	int isc_retval;
7880	u_int32_t param_len;
7881	struct scsi_per_res_out *cdb;
7882	struct ctl_lun *lun;
7883	struct scsi_per_res_out_parms* param;
7884	struct ctl_softc *softc;
7885	uint32_t residx;
7886	uint64_t res_key, sa_res_key, key;
7887	uint8_t type;
7888	union ctl_ha_msg persis_io;
7889	int    i;
7890
7891	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
7892
7893	retval = CTL_RETVAL_COMPLETE;
7894
7895	cdb = (struct scsi_per_res_out *)ctsio->cdb;
7896	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7897	softc = lun->ctl_softc;
7898
7899	/*
7900	 * We only support whole-LUN scope.  The scope & type are ignored for
7901	 * register, register and ignore existing key and clear.
7902	 * We sometimes ignore scope and type on preempts too!!
7903	 * Verify reservation type here as well.
7904	 */
7905	type = cdb->scope_type & SPR_TYPE_MASK;
7906	if ((cdb->action == SPRO_RESERVE)
7907	 || (cdb->action == SPRO_RELEASE)) {
7908		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
7909			ctl_set_invalid_field(/*ctsio*/ ctsio,
7910					      /*sks_valid*/ 1,
7911					      /*command*/ 1,
7912					      /*field*/ 2,
7913					      /*bit_valid*/ 1,
7914					      /*bit*/ 4);
7915			ctl_done((union ctl_io *)ctsio);
7916			return (CTL_RETVAL_COMPLETE);
7917		}
7918
7919		if (type>8 || type==2 || type==4 || type==0) {
7920			ctl_set_invalid_field(/*ctsio*/ ctsio,
7921					      /*sks_valid*/ 1,
7922					      /*command*/ 1,
7923					      /*field*/ 2,
7924					      /*bit_valid*/ 1,
7925					      /*bit*/ 0);
7926			ctl_done((union ctl_io *)ctsio);
7927			return (CTL_RETVAL_COMPLETE);
7928		}
7929	}
7930
7931	param_len = scsi_4btoul(cdb->length);
7932
7933	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
7934		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
7935		ctsio->kern_data_len = param_len;
7936		ctsio->kern_total_len = param_len;
7937		ctsio->kern_data_resid = 0;
7938		ctsio->kern_rel_offset = 0;
7939		ctsio->kern_sg_entries = 0;
7940		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7941		ctsio->be_move_done = ctl_config_move_done;
7942		ctl_datamove((union ctl_io *)ctsio);
7943
7944		return (CTL_RETVAL_COMPLETE);
7945	}
7946
7947	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
7948
7949	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
7950	res_key = scsi_8btou64(param->res_key.key);
7951	sa_res_key = scsi_8btou64(param->serv_act_res_key);
7952
7953	/*
7954	 * Validate the reservation key here except for SPRO_REG_IGNO
7955	 * This must be done for all other service actions
7956	 */
7957	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
7958		mtx_lock(&lun->lun_lock);
7959		if ((key = ctl_get_prkey(lun, residx)) != 0) {
7960			if (res_key != key) {
7961				/*
7962				 * The current key passed in doesn't match
7963				 * the one the initiator previously
7964				 * registered.
7965				 */
7966				mtx_unlock(&lun->lun_lock);
7967				free(ctsio->kern_data_ptr, M_CTL);
7968				ctl_set_reservation_conflict(ctsio);
7969				ctl_done((union ctl_io *)ctsio);
7970				return (CTL_RETVAL_COMPLETE);
7971			}
7972		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
7973			/*
7974			 * We are not registered
7975			 */
7976			mtx_unlock(&lun->lun_lock);
7977			free(ctsio->kern_data_ptr, M_CTL);
7978			ctl_set_reservation_conflict(ctsio);
7979			ctl_done((union ctl_io *)ctsio);
7980			return (CTL_RETVAL_COMPLETE);
7981		} else if (res_key != 0) {
7982			/*
7983			 * We are not registered and trying to register but
7984			 * the register key isn't zero.
7985			 */
7986			mtx_unlock(&lun->lun_lock);
7987			free(ctsio->kern_data_ptr, M_CTL);
7988			ctl_set_reservation_conflict(ctsio);
7989			ctl_done((union ctl_io *)ctsio);
7990			return (CTL_RETVAL_COMPLETE);
7991		}
7992		mtx_unlock(&lun->lun_lock);
7993	}
7994
7995	switch (cdb->action & SPRO_ACTION_MASK) {
7996	case SPRO_REGISTER:
7997	case SPRO_REG_IGNO: {
7998
7999#if 0
8000		printf("Registration received\n");
8001#endif
8002
8003		/*
8004		 * We don't support any of these options, as we report in
8005		 * the read capabilities request (see
8006		 * ctl_persistent_reserve_in(), above).
8007		 */
8008		if ((param->flags & SPR_SPEC_I_PT)
8009		 || (param->flags & SPR_ALL_TG_PT)
8010		 || (param->flags & SPR_APTPL)) {
8011			int bit_ptr;
8012
8013			if (param->flags & SPR_APTPL)
8014				bit_ptr = 0;
8015			else if (param->flags & SPR_ALL_TG_PT)
8016				bit_ptr = 2;
8017			else /* SPR_SPEC_I_PT */
8018				bit_ptr = 3;
8019
8020			free(ctsio->kern_data_ptr, M_CTL);
8021			ctl_set_invalid_field(ctsio,
8022					      /*sks_valid*/ 1,
8023					      /*command*/ 0,
8024					      /*field*/ 20,
8025					      /*bit_valid*/ 1,
8026					      /*bit*/ bit_ptr);
8027			ctl_done((union ctl_io *)ctsio);
8028			return (CTL_RETVAL_COMPLETE);
8029		}
8030
8031		mtx_lock(&lun->lun_lock);
8032
8033		/*
8034		 * The initiator wants to clear the
8035		 * key/unregister.
8036		 */
8037		if (sa_res_key == 0) {
8038			if ((res_key == 0
8039			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8040			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8041			  && ctl_get_prkey(lun, residx) == 0)) {
8042				mtx_unlock(&lun->lun_lock);
8043				goto done;
8044			}
8045
8046			ctl_clr_prkey(lun, residx);
8047			lun->pr_key_count--;
8048
8049			if (residx == lun->pr_res_idx) {
8050				lun->flags &= ~CTL_LUN_PR_RESERVED;
8051				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8052
8053				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8054				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8055				 && lun->pr_key_count) {
8056					/*
8057					 * If the reservation is a registrants
8058					 * only type we need to generate a UA
8059					 * for other registered inits.  The
8060					 * sense code should be RESERVATIONS
8061					 * RELEASED
8062					 */
8063
8064					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8065						if (ctl_get_prkey(lun, i +
8066						    softc->persis_offset) == 0)
8067							continue;
8068						ctl_est_ua(lun, i,
8069						    CTL_UA_RES_RELEASE);
8070					}
8071				}
8072				lun->res_type = 0;
8073			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8074				if (lun->pr_key_count==0) {
8075					lun->flags &= ~CTL_LUN_PR_RESERVED;
8076					lun->res_type = 0;
8077					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8078				}
8079			}
8080			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8081			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8082			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8083			persis_io.pr.pr_info.residx = residx;
8084			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8085			     &persis_io, sizeof(persis_io), 0 )) >
8086			     CTL_HA_STATUS_SUCCESS) {
8087				printf("CTL:Persis Out error returned from "
8088				       "ctl_ha_msg_send %d\n", isc_retval);
8089			}
8090		} else /* sa_res_key != 0 */ {
8091
8092			/*
8093			 * If we aren't registered currently then increment
8094			 * the key count and set the registered flag.
8095			 */
8096			ctl_alloc_prkey(lun, residx);
8097			if (ctl_get_prkey(lun, residx) == 0)
8098				lun->pr_key_count++;
8099			ctl_set_prkey(lun, residx, sa_res_key);
8100
8101			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8102			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8103			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8104			persis_io.pr.pr_info.residx = residx;
8105			memcpy(persis_io.pr.pr_info.sa_res_key,
8106			       param->serv_act_res_key,
8107			       sizeof(param->serv_act_res_key));
8108			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8109			     &persis_io, sizeof(persis_io), 0)) >
8110			     CTL_HA_STATUS_SUCCESS) {
8111				printf("CTL:Persis Out error returned from "
8112				       "ctl_ha_msg_send %d\n", isc_retval);
8113			}
8114		}
8115		lun->PRGeneration++;
8116		mtx_unlock(&lun->lun_lock);
8117
8118		break;
8119	}
8120	case SPRO_RESERVE:
8121#if 0
8122                printf("Reserve executed type %d\n", type);
8123#endif
8124		mtx_lock(&lun->lun_lock);
8125		if (lun->flags & CTL_LUN_PR_RESERVED) {
8126			/*
8127			 * if this isn't the reservation holder and it's
8128			 * not a "all registrants" type or if the type is
8129			 * different then we have a conflict
8130			 */
8131			if ((lun->pr_res_idx != residx
8132			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8133			 || lun->res_type != type) {
8134				mtx_unlock(&lun->lun_lock);
8135				free(ctsio->kern_data_ptr, M_CTL);
8136				ctl_set_reservation_conflict(ctsio);
8137				ctl_done((union ctl_io *)ctsio);
8138				return (CTL_RETVAL_COMPLETE);
8139			}
8140			mtx_unlock(&lun->lun_lock);
8141		} else /* create a reservation */ {
8142			/*
8143			 * If it's not an "all registrants" type record
8144			 * reservation holder
8145			 */
8146			if (type != SPR_TYPE_WR_EX_AR
8147			 && type != SPR_TYPE_EX_AC_AR)
8148				lun->pr_res_idx = residx; /* Res holder */
8149			else
8150				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8151
8152			lun->flags |= CTL_LUN_PR_RESERVED;
8153			lun->res_type = type;
8154
8155			mtx_unlock(&lun->lun_lock);
8156
8157			/* send msg to other side */
8158			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8159			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8160			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8161			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8162			persis_io.pr.pr_info.res_type = type;
8163			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8164			     &persis_io, sizeof(persis_io), 0)) >
8165			     CTL_HA_STATUS_SUCCESS) {
8166				printf("CTL:Persis Out error returned from "
8167				       "ctl_ha_msg_send %d\n", isc_retval);
8168			}
8169		}
8170		break;
8171
8172	case SPRO_RELEASE:
8173		mtx_lock(&lun->lun_lock);
8174		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8175			/* No reservation exists return good status */
8176			mtx_unlock(&lun->lun_lock);
8177			goto done;
8178		}
8179		/*
8180		 * Is this nexus a reservation holder?
8181		 */
8182		if (lun->pr_res_idx != residx
8183		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8184			/*
8185			 * not a res holder return good status but
8186			 * do nothing
8187			 */
8188			mtx_unlock(&lun->lun_lock);
8189			goto done;
8190		}
8191
8192		if (lun->res_type != type) {
8193			mtx_unlock(&lun->lun_lock);
8194			free(ctsio->kern_data_ptr, M_CTL);
8195			ctl_set_illegal_pr_release(ctsio);
8196			ctl_done((union ctl_io *)ctsio);
8197			return (CTL_RETVAL_COMPLETE);
8198		}
8199
8200		/* okay to release */
8201		lun->flags &= ~CTL_LUN_PR_RESERVED;
8202		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8203		lun->res_type = 0;
8204
8205		/*
8206		 * if this isn't an exclusive access
8207		 * res generate UA for all other
8208		 * registrants.
8209		 */
8210		if (type != SPR_TYPE_EX_AC
8211		 && type != SPR_TYPE_WR_EX) {
8212			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8213				if (i == residx ||
8214				    ctl_get_prkey(lun,
8215				     i + softc->persis_offset) == 0)
8216					continue;
8217				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8218			}
8219		}
8220		mtx_unlock(&lun->lun_lock);
8221		/* Send msg to other side */
8222		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8223		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8224		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8225		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8226		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8227			printf("CTL:Persis Out error returned from "
8228			       "ctl_ha_msg_send %d\n", isc_retval);
8229		}
8230		break;
8231
8232	case SPRO_CLEAR:
8233		/* send msg to other side */
8234
8235		mtx_lock(&lun->lun_lock);
8236		lun->flags &= ~CTL_LUN_PR_RESERVED;
8237		lun->res_type = 0;
8238		lun->pr_key_count = 0;
8239		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8240
8241		ctl_clr_prkey(lun, residx);
8242		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8243			if (ctl_get_prkey(lun, i) != 0) {
8244				ctl_clr_prkey(lun, i);
8245				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8246			}
8247		lun->PRGeneration++;
8248		mtx_unlock(&lun->lun_lock);
8249		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8250		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8251		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8252		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8253		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8254			printf("CTL:Persis Out error returned from "
8255			       "ctl_ha_msg_send %d\n", isc_retval);
8256		}
8257		break;
8258
8259	case SPRO_PREEMPT:
8260	case SPRO_PRE_ABO: {
8261		int nretval;
8262
8263		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8264					  residx, ctsio, cdb, param);
8265		if (nretval != 0)
8266			return (CTL_RETVAL_COMPLETE);
8267		break;
8268	}
8269	default:
8270		panic("Invalid PR type %x", cdb->action);
8271	}
8272
8273done:
8274	free(ctsio->kern_data_ptr, M_CTL);
8275	ctl_set_success(ctsio);
8276	ctl_done((union ctl_io *)ctsio);
8277
8278	return (retval);
8279}
8280
8281/*
8282 * This routine is for handling a message from the other SC pertaining to
8283 * persistent reserve out. All the error checking will have been done
8284 * so only perorming the action need be done here to keep the two
8285 * in sync.
8286 */
8287static void
8288ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8289{
8290	struct ctl_lun *lun;
8291	struct ctl_softc *softc;
8292	int i;
8293	uint32_t targ_lun;
8294
8295	softc = control_softc;
8296
8297	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8298	lun = softc->ctl_luns[targ_lun];
8299	mtx_lock(&lun->lun_lock);
8300	switch(msg->pr.pr_info.action) {
8301	case CTL_PR_REG_KEY:
8302		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8303		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8304			lun->pr_key_count++;
8305		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8306		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8307		lun->PRGeneration++;
8308		break;
8309
8310	case CTL_PR_UNREG_KEY:
8311		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8312		lun->pr_key_count--;
8313
8314		/* XXX Need to see if the reservation has been released */
8315		/* if so do we need to generate UA? */
8316		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8317			lun->flags &= ~CTL_LUN_PR_RESERVED;
8318			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8319
8320			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8321			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8322			 && lun->pr_key_count) {
8323				/*
8324				 * If the reservation is a registrants
8325				 * only type we need to generate a UA
8326				 * for other registered inits.  The
8327				 * sense code should be RESERVATIONS
8328				 * RELEASED
8329				 */
8330
8331				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8332					if (ctl_get_prkey(lun, i +
8333					    softc->persis_offset) == 0)
8334						continue;
8335
8336					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8337				}
8338			}
8339			lun->res_type = 0;
8340		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8341			if (lun->pr_key_count==0) {
8342				lun->flags &= ~CTL_LUN_PR_RESERVED;
8343				lun->res_type = 0;
8344				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8345			}
8346		}
8347		lun->PRGeneration++;
8348		break;
8349
8350	case CTL_PR_RESERVE:
8351		lun->flags |= CTL_LUN_PR_RESERVED;
8352		lun->res_type = msg->pr.pr_info.res_type;
8353		lun->pr_res_idx = msg->pr.pr_info.residx;
8354
8355		break;
8356
8357	case CTL_PR_RELEASE:
8358		/*
8359		 * if this isn't an exclusive access res generate UA for all
8360		 * other registrants.
8361		 */
8362		if (lun->res_type != SPR_TYPE_EX_AC
8363		 && lun->res_type != SPR_TYPE_WR_EX) {
8364			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8365				if (ctl_get_prkey(lun, i + softc->persis_offset) != 0)
8366					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8367		}
8368
8369		lun->flags &= ~CTL_LUN_PR_RESERVED;
8370		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8371		lun->res_type = 0;
8372		break;
8373
8374	case CTL_PR_PREEMPT:
8375		ctl_pro_preempt_other(lun, msg);
8376		break;
8377	case CTL_PR_CLEAR:
8378		lun->flags &= ~CTL_LUN_PR_RESERVED;
8379		lun->res_type = 0;
8380		lun->pr_key_count = 0;
8381		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8382
8383		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8384			if (ctl_get_prkey(lun, i) == 0)
8385				continue;
8386			ctl_clr_prkey(lun, i);
8387			ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8388		}
8389		lun->PRGeneration++;
8390		break;
8391	}
8392
8393	mtx_unlock(&lun->lun_lock);
8394}
8395
8396int
8397ctl_read_write(struct ctl_scsiio *ctsio)
8398{
8399	struct ctl_lun *lun;
8400	struct ctl_lba_len_flags *lbalen;
8401	uint64_t lba;
8402	uint32_t num_blocks;
8403	int flags, retval;
8404	int isread;
8405
8406	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8407
8408	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8409
8410	flags = 0;
8411	retval = CTL_RETVAL_COMPLETE;
8412
8413	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8414	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8415	switch (ctsio->cdb[0]) {
8416	case READ_6:
8417	case WRITE_6: {
8418		struct scsi_rw_6 *cdb;
8419
8420		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8421
8422		lba = scsi_3btoul(cdb->addr);
8423		/* only 5 bits are valid in the most significant address byte */
8424		lba &= 0x1fffff;
8425		num_blocks = cdb->length;
8426		/*
8427		 * This is correct according to SBC-2.
8428		 */
8429		if (num_blocks == 0)
8430			num_blocks = 256;
8431		break;
8432	}
8433	case READ_10:
8434	case WRITE_10: {
8435		struct scsi_rw_10 *cdb;
8436
8437		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8438		if (cdb->byte2 & SRW10_FUA)
8439			flags |= CTL_LLF_FUA;
8440		if (cdb->byte2 & SRW10_DPO)
8441			flags |= CTL_LLF_DPO;
8442		lba = scsi_4btoul(cdb->addr);
8443		num_blocks = scsi_2btoul(cdb->length);
8444		break;
8445	}
8446	case WRITE_VERIFY_10: {
8447		struct scsi_write_verify_10 *cdb;
8448
8449		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8450		flags |= CTL_LLF_FUA;
8451		if (cdb->byte2 & SWV_DPO)
8452			flags |= CTL_LLF_DPO;
8453		lba = scsi_4btoul(cdb->addr);
8454		num_blocks = scsi_2btoul(cdb->length);
8455		break;
8456	}
8457	case READ_12:
8458	case WRITE_12: {
8459		struct scsi_rw_12 *cdb;
8460
8461		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8462		if (cdb->byte2 & SRW12_FUA)
8463			flags |= CTL_LLF_FUA;
8464		if (cdb->byte2 & SRW12_DPO)
8465			flags |= CTL_LLF_DPO;
8466		lba = scsi_4btoul(cdb->addr);
8467		num_blocks = scsi_4btoul(cdb->length);
8468		break;
8469	}
8470	case WRITE_VERIFY_12: {
8471		struct scsi_write_verify_12 *cdb;
8472
8473		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8474		flags |= CTL_LLF_FUA;
8475		if (cdb->byte2 & SWV_DPO)
8476			flags |= CTL_LLF_DPO;
8477		lba = scsi_4btoul(cdb->addr);
8478		num_blocks = scsi_4btoul(cdb->length);
8479		break;
8480	}
8481	case READ_16:
8482	case WRITE_16: {
8483		struct scsi_rw_16 *cdb;
8484
8485		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8486		if (cdb->byte2 & SRW12_FUA)
8487			flags |= CTL_LLF_FUA;
8488		if (cdb->byte2 & SRW12_DPO)
8489			flags |= CTL_LLF_DPO;
8490		lba = scsi_8btou64(cdb->addr);
8491		num_blocks = scsi_4btoul(cdb->length);
8492		break;
8493	}
8494	case WRITE_ATOMIC_16: {
8495		struct scsi_rw_16 *cdb;
8496
8497		if (lun->be_lun->atomicblock == 0) {
8498			ctl_set_invalid_opcode(ctsio);
8499			ctl_done((union ctl_io *)ctsio);
8500			return (CTL_RETVAL_COMPLETE);
8501		}
8502
8503		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8504		if (cdb->byte2 & SRW12_FUA)
8505			flags |= CTL_LLF_FUA;
8506		if (cdb->byte2 & SRW12_DPO)
8507			flags |= CTL_LLF_DPO;
8508		lba = scsi_8btou64(cdb->addr);
8509		num_blocks = scsi_4btoul(cdb->length);
8510		if (num_blocks > lun->be_lun->atomicblock) {
8511			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8512			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8513			    /*bit*/ 0);
8514			ctl_done((union ctl_io *)ctsio);
8515			return (CTL_RETVAL_COMPLETE);
8516		}
8517		break;
8518	}
8519	case WRITE_VERIFY_16: {
8520		struct scsi_write_verify_16 *cdb;
8521
8522		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8523		flags |= CTL_LLF_FUA;
8524		if (cdb->byte2 & SWV_DPO)
8525			flags |= CTL_LLF_DPO;
8526		lba = scsi_8btou64(cdb->addr);
8527		num_blocks = scsi_4btoul(cdb->length);
8528		break;
8529	}
8530	default:
8531		/*
8532		 * We got a command we don't support.  This shouldn't
8533		 * happen, commands should be filtered out above us.
8534		 */
8535		ctl_set_invalid_opcode(ctsio);
8536		ctl_done((union ctl_io *)ctsio);
8537
8538		return (CTL_RETVAL_COMPLETE);
8539		break; /* NOTREACHED */
8540	}
8541
8542	/*
8543	 * The first check is to make sure we're in bounds, the second
8544	 * check is to catch wrap-around problems.  If the lba + num blocks
8545	 * is less than the lba, then we've wrapped around and the block
8546	 * range is invalid anyway.
8547	 */
8548	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8549	 || ((lba + num_blocks) < lba)) {
8550		ctl_set_lba_out_of_range(ctsio);
8551		ctl_done((union ctl_io *)ctsio);
8552		return (CTL_RETVAL_COMPLETE);
8553	}
8554
8555	/*
8556	 * According to SBC-3, a transfer length of 0 is not an error.
8557	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8558	 * translates to 256 blocks for those commands.
8559	 */
8560	if (num_blocks == 0) {
8561		ctl_set_success(ctsio);
8562		ctl_done((union ctl_io *)ctsio);
8563		return (CTL_RETVAL_COMPLETE);
8564	}
8565
8566	/* Set FUA and/or DPO if caches are disabled. */
8567	if (isread) {
8568		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8569		    SCP_RCD) != 0)
8570			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8571	} else {
8572		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8573		    SCP_WCE) == 0)
8574			flags |= CTL_LLF_FUA;
8575	}
8576
8577	lbalen = (struct ctl_lba_len_flags *)
8578	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8579	lbalen->lba = lba;
8580	lbalen->len = num_blocks;
8581	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8582
8583	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8584	ctsio->kern_rel_offset = 0;
8585
8586	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8587
8588	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8589
8590	return (retval);
8591}
8592
8593static int
8594ctl_cnw_cont(union ctl_io *io)
8595{
8596	struct ctl_scsiio *ctsio;
8597	struct ctl_lun *lun;
8598	struct ctl_lba_len_flags *lbalen;
8599	int retval;
8600
8601	ctsio = &io->scsiio;
8602	ctsio->io_hdr.status = CTL_STATUS_NONE;
8603	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8604	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8605	lbalen = (struct ctl_lba_len_flags *)
8606	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8607	lbalen->flags &= ~CTL_LLF_COMPARE;
8608	lbalen->flags |= CTL_LLF_WRITE;
8609
8610	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8611	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8612	return (retval);
8613}
8614
8615int
8616ctl_cnw(struct ctl_scsiio *ctsio)
8617{
8618	struct ctl_lun *lun;
8619	struct ctl_lba_len_flags *lbalen;
8620	uint64_t lba;
8621	uint32_t num_blocks;
8622	int flags, retval;
8623
8624	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8625
8626	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8627
8628	flags = 0;
8629	retval = CTL_RETVAL_COMPLETE;
8630
8631	switch (ctsio->cdb[0]) {
8632	case COMPARE_AND_WRITE: {
8633		struct scsi_compare_and_write *cdb;
8634
8635		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8636		if (cdb->byte2 & SRW10_FUA)
8637			flags |= CTL_LLF_FUA;
8638		if (cdb->byte2 & SRW10_DPO)
8639			flags |= CTL_LLF_DPO;
8640		lba = scsi_8btou64(cdb->addr);
8641		num_blocks = cdb->length;
8642		break;
8643	}
8644	default:
8645		/*
8646		 * We got a command we don't support.  This shouldn't
8647		 * happen, commands should be filtered out above us.
8648		 */
8649		ctl_set_invalid_opcode(ctsio);
8650		ctl_done((union ctl_io *)ctsio);
8651
8652		return (CTL_RETVAL_COMPLETE);
8653		break; /* NOTREACHED */
8654	}
8655
8656	/*
8657	 * The first check is to make sure we're in bounds, the second
8658	 * check is to catch wrap-around problems.  If the lba + num blocks
8659	 * is less than the lba, then we've wrapped around and the block
8660	 * range is invalid anyway.
8661	 */
8662	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8663	 || ((lba + num_blocks) < lba)) {
8664		ctl_set_lba_out_of_range(ctsio);
8665		ctl_done((union ctl_io *)ctsio);
8666		return (CTL_RETVAL_COMPLETE);
8667	}
8668
8669	/*
8670	 * According to SBC-3, a transfer length of 0 is not an error.
8671	 */
8672	if (num_blocks == 0) {
8673		ctl_set_success(ctsio);
8674		ctl_done((union ctl_io *)ctsio);
8675		return (CTL_RETVAL_COMPLETE);
8676	}
8677
8678	/* Set FUA if write cache is disabled. */
8679	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8680	    SCP_WCE) == 0)
8681		flags |= CTL_LLF_FUA;
8682
8683	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8684	ctsio->kern_rel_offset = 0;
8685
8686	/*
8687	 * Set the IO_CONT flag, so that if this I/O gets passed to
8688	 * ctl_data_submit_done(), it'll get passed back to
8689	 * ctl_ctl_cnw_cont() for further processing.
8690	 */
8691	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8692	ctsio->io_cont = ctl_cnw_cont;
8693
8694	lbalen = (struct ctl_lba_len_flags *)
8695	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8696	lbalen->lba = lba;
8697	lbalen->len = num_blocks;
8698	lbalen->flags = CTL_LLF_COMPARE | flags;
8699
8700	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8701	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8702	return (retval);
8703}
8704
8705int
8706ctl_verify(struct ctl_scsiio *ctsio)
8707{
8708	struct ctl_lun *lun;
8709	struct ctl_lba_len_flags *lbalen;
8710	uint64_t lba;
8711	uint32_t num_blocks;
8712	int bytchk, flags;
8713	int retval;
8714
8715	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8716
8717	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8718
8719	bytchk = 0;
8720	flags = CTL_LLF_FUA;
8721	retval = CTL_RETVAL_COMPLETE;
8722
8723	switch (ctsio->cdb[0]) {
8724	case VERIFY_10: {
8725		struct scsi_verify_10 *cdb;
8726
8727		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8728		if (cdb->byte2 & SVFY_BYTCHK)
8729			bytchk = 1;
8730		if (cdb->byte2 & SVFY_DPO)
8731			flags |= CTL_LLF_DPO;
8732		lba = scsi_4btoul(cdb->addr);
8733		num_blocks = scsi_2btoul(cdb->length);
8734		break;
8735	}
8736	case VERIFY_12: {
8737		struct scsi_verify_12 *cdb;
8738
8739		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8740		if (cdb->byte2 & SVFY_BYTCHK)
8741			bytchk = 1;
8742		if (cdb->byte2 & SVFY_DPO)
8743			flags |= CTL_LLF_DPO;
8744		lba = scsi_4btoul(cdb->addr);
8745		num_blocks = scsi_4btoul(cdb->length);
8746		break;
8747	}
8748	case VERIFY_16: {
8749		struct scsi_rw_16 *cdb;
8750
8751		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8752		if (cdb->byte2 & SVFY_BYTCHK)
8753			bytchk = 1;
8754		if (cdb->byte2 & SVFY_DPO)
8755			flags |= CTL_LLF_DPO;
8756		lba = scsi_8btou64(cdb->addr);
8757		num_blocks = scsi_4btoul(cdb->length);
8758		break;
8759	}
8760	default:
8761		/*
8762		 * We got a command we don't support.  This shouldn't
8763		 * happen, commands should be filtered out above us.
8764		 */
8765		ctl_set_invalid_opcode(ctsio);
8766		ctl_done((union ctl_io *)ctsio);
8767		return (CTL_RETVAL_COMPLETE);
8768	}
8769
8770	/*
8771	 * The first check is to make sure we're in bounds, the second
8772	 * check is to catch wrap-around problems.  If the lba + num blocks
8773	 * is less than the lba, then we've wrapped around and the block
8774	 * range is invalid anyway.
8775	 */
8776	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8777	 || ((lba + num_blocks) < lba)) {
8778		ctl_set_lba_out_of_range(ctsio);
8779		ctl_done((union ctl_io *)ctsio);
8780		return (CTL_RETVAL_COMPLETE);
8781	}
8782
8783	/*
8784	 * According to SBC-3, a transfer length of 0 is not an error.
8785	 */
8786	if (num_blocks == 0) {
8787		ctl_set_success(ctsio);
8788		ctl_done((union ctl_io *)ctsio);
8789		return (CTL_RETVAL_COMPLETE);
8790	}
8791
8792	lbalen = (struct ctl_lba_len_flags *)
8793	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8794	lbalen->lba = lba;
8795	lbalen->len = num_blocks;
8796	if (bytchk) {
8797		lbalen->flags = CTL_LLF_COMPARE | flags;
8798		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8799	} else {
8800		lbalen->flags = CTL_LLF_VERIFY | flags;
8801		ctsio->kern_total_len = 0;
8802	}
8803	ctsio->kern_rel_offset = 0;
8804
8805	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8806	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8807	return (retval);
8808}
8809
8810int
8811ctl_report_luns(struct ctl_scsiio *ctsio)
8812{
8813	struct ctl_softc *softc = control_softc;
8814	struct scsi_report_luns *cdb;
8815	struct scsi_report_luns_data *lun_data;
8816	struct ctl_lun *lun, *request_lun;
8817	struct ctl_port *port;
8818	int num_luns, retval;
8819	uint32_t alloc_len, lun_datalen;
8820	int num_filled, well_known;
8821	uint32_t initidx, targ_lun_id, lun_id;
8822
8823	retval = CTL_RETVAL_COMPLETE;
8824	well_known = 0;
8825
8826	cdb = (struct scsi_report_luns *)ctsio->cdb;
8827	port = ctl_io_port(&ctsio->io_hdr);
8828
8829	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8830
8831	mtx_lock(&softc->ctl_lock);
8832	num_luns = 0;
8833	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8834		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8835			num_luns++;
8836	}
8837	mtx_unlock(&softc->ctl_lock);
8838
8839	switch (cdb->select_report) {
8840	case RPL_REPORT_DEFAULT:
8841	case RPL_REPORT_ALL:
8842		break;
8843	case RPL_REPORT_WELLKNOWN:
8844		well_known = 1;
8845		num_luns = 0;
8846		break;
8847	default:
8848		ctl_set_invalid_field(ctsio,
8849				      /*sks_valid*/ 1,
8850				      /*command*/ 1,
8851				      /*field*/ 2,
8852				      /*bit_valid*/ 0,
8853				      /*bit*/ 0);
8854		ctl_done((union ctl_io *)ctsio);
8855		return (retval);
8856		break; /* NOTREACHED */
8857	}
8858
8859	alloc_len = scsi_4btoul(cdb->length);
8860	/*
8861	 * The initiator has to allocate at least 16 bytes for this request,
8862	 * so he can at least get the header and the first LUN.  Otherwise
8863	 * we reject the request (per SPC-3 rev 14, section 6.21).
8864	 */
8865	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
8866	    sizeof(struct scsi_report_luns_lundata))) {
8867		ctl_set_invalid_field(ctsio,
8868				      /*sks_valid*/ 1,
8869				      /*command*/ 1,
8870				      /*field*/ 6,
8871				      /*bit_valid*/ 0,
8872				      /*bit*/ 0);
8873		ctl_done((union ctl_io *)ctsio);
8874		return (retval);
8875	}
8876
8877	request_lun = (struct ctl_lun *)
8878		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8879
8880	lun_datalen = sizeof(*lun_data) +
8881		(num_luns * sizeof(struct scsi_report_luns_lundata));
8882
8883	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
8884	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
8885	ctsio->kern_sg_entries = 0;
8886
8887	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8888
8889	mtx_lock(&softc->ctl_lock);
8890	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
8891		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
8892		if (lun_id >= CTL_MAX_LUNS)
8893			continue;
8894		lun = softc->ctl_luns[lun_id];
8895		if (lun == NULL)
8896			continue;
8897
8898		if (targ_lun_id <= 0xff) {
8899			/*
8900			 * Peripheral addressing method, bus number 0.
8901			 */
8902			lun_data->luns[num_filled].lundata[0] =
8903				RPL_LUNDATA_ATYP_PERIPH;
8904			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
8905			num_filled++;
8906		} else if (targ_lun_id <= 0x3fff) {
8907			/*
8908			 * Flat addressing method.
8909			 */
8910			lun_data->luns[num_filled].lundata[0] =
8911				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
8912			lun_data->luns[num_filled].lundata[1] =
8913				(targ_lun_id & 0xff);
8914			num_filled++;
8915		} else if (targ_lun_id <= 0xffffff) {
8916			/*
8917			 * Extended flat addressing method.
8918			 */
8919			lun_data->luns[num_filled].lundata[0] =
8920			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
8921			scsi_ulto3b(targ_lun_id,
8922			    &lun_data->luns[num_filled].lundata[1]);
8923			num_filled++;
8924		} else {
8925			printf("ctl_report_luns: bogus LUN number %jd, "
8926			       "skipping\n", (intmax_t)targ_lun_id);
8927		}
8928		/*
8929		 * According to SPC-3, rev 14 section 6.21:
8930		 *
8931		 * "The execution of a REPORT LUNS command to any valid and
8932		 * installed logical unit shall clear the REPORTED LUNS DATA
8933		 * HAS CHANGED unit attention condition for all logical
8934		 * units of that target with respect to the requesting
8935		 * initiator. A valid and installed logical unit is one
8936		 * having a PERIPHERAL QUALIFIER of 000b in the standard
8937		 * INQUIRY data (see 6.4.2)."
8938		 *
8939		 * If request_lun is NULL, the LUN this report luns command
8940		 * was issued to is either disabled or doesn't exist. In that
8941		 * case, we shouldn't clear any pending lun change unit
8942		 * attention.
8943		 */
8944		if (request_lun != NULL) {
8945			mtx_lock(&lun->lun_lock);
8946			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
8947			mtx_unlock(&lun->lun_lock);
8948		}
8949	}
8950	mtx_unlock(&softc->ctl_lock);
8951
8952	/*
8953	 * It's quite possible that we've returned fewer LUNs than we allocated
8954	 * space for.  Trim it.
8955	 */
8956	lun_datalen = sizeof(*lun_data) +
8957		(num_filled * sizeof(struct scsi_report_luns_lundata));
8958
8959	if (lun_datalen < alloc_len) {
8960		ctsio->residual = alloc_len - lun_datalen;
8961		ctsio->kern_data_len = lun_datalen;
8962		ctsio->kern_total_len = lun_datalen;
8963	} else {
8964		ctsio->residual = 0;
8965		ctsio->kern_data_len = alloc_len;
8966		ctsio->kern_total_len = alloc_len;
8967	}
8968	ctsio->kern_data_resid = 0;
8969	ctsio->kern_rel_offset = 0;
8970	ctsio->kern_sg_entries = 0;
8971
8972	/*
8973	 * We set this to the actual data length, regardless of how much
8974	 * space we actually have to return results.  If the user looks at
8975	 * this value, he'll know whether or not he allocated enough space
8976	 * and reissue the command if necessary.  We don't support well
8977	 * known logical units, so if the user asks for that, return none.
8978	 */
8979	scsi_ulto4b(lun_datalen - 8, lun_data->length);
8980
8981	/*
8982	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
8983	 * this request.
8984	 */
8985	ctl_set_success(ctsio);
8986	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8987	ctsio->be_move_done = ctl_config_move_done;
8988	ctl_datamove((union ctl_io *)ctsio);
8989	return (retval);
8990}
8991
8992int
8993ctl_request_sense(struct ctl_scsiio *ctsio)
8994{
8995	struct scsi_request_sense *cdb;
8996	struct scsi_sense_data *sense_ptr;
8997	struct ctl_softc *ctl_softc;
8998	struct ctl_lun *lun;
8999	uint32_t initidx;
9000	int have_error;
9001	scsi_sense_data_type sense_format;
9002	ctl_ua_type ua_type;
9003
9004	cdb = (struct scsi_request_sense *)ctsio->cdb;
9005
9006	ctl_softc = control_softc;
9007	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9008
9009	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9010
9011	/*
9012	 * Determine which sense format the user wants.
9013	 */
9014	if (cdb->byte2 & SRS_DESC)
9015		sense_format = SSD_TYPE_DESC;
9016	else
9017		sense_format = SSD_TYPE_FIXED;
9018
9019	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9020	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9021	ctsio->kern_sg_entries = 0;
9022
9023	/*
9024	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9025	 * larger than the largest allowed value for the length field in the
9026	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9027	 */
9028	ctsio->residual = 0;
9029	ctsio->kern_data_len = cdb->length;
9030	ctsio->kern_total_len = cdb->length;
9031
9032	ctsio->kern_data_resid = 0;
9033	ctsio->kern_rel_offset = 0;
9034	ctsio->kern_sg_entries = 0;
9035
9036	/*
9037	 * If we don't have a LUN, we don't have any pending sense.
9038	 */
9039	if (lun == NULL)
9040		goto no_sense;
9041
9042	have_error = 0;
9043	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9044	/*
9045	 * Check for pending sense, and then for pending unit attentions.
9046	 * Pending sense gets returned first, then pending unit attentions.
9047	 */
9048	mtx_lock(&lun->lun_lock);
9049#ifdef CTL_WITH_CA
9050	if (ctl_is_set(lun->have_ca, initidx)) {
9051		scsi_sense_data_type stored_format;
9052
9053		/*
9054		 * Check to see which sense format was used for the stored
9055		 * sense data.
9056		 */
9057		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9058
9059		/*
9060		 * If the user requested a different sense format than the
9061		 * one we stored, then we need to convert it to the other
9062		 * format.  If we're going from descriptor to fixed format
9063		 * sense data, we may lose things in translation, depending
9064		 * on what options were used.
9065		 *
9066		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9067		 * for some reason we'll just copy it out as-is.
9068		 */
9069		if ((stored_format == SSD_TYPE_FIXED)
9070		 && (sense_format == SSD_TYPE_DESC))
9071			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9072			    &lun->pending_sense[initidx],
9073			    (struct scsi_sense_data_desc *)sense_ptr);
9074		else if ((stored_format == SSD_TYPE_DESC)
9075		      && (sense_format == SSD_TYPE_FIXED))
9076			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9077			    &lun->pending_sense[initidx],
9078			    (struct scsi_sense_data_fixed *)sense_ptr);
9079		else
9080			memcpy(sense_ptr, &lun->pending_sense[initidx],
9081			       MIN(sizeof(*sense_ptr),
9082			       sizeof(lun->pending_sense[initidx])));
9083
9084		ctl_clear_mask(lun->have_ca, initidx);
9085		have_error = 1;
9086	} else
9087#endif
9088	{
9089		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9090		if (ua_type != CTL_UA_NONE)
9091			have_error = 1;
9092		if (ua_type == CTL_UA_LUN_CHANGE) {
9093			mtx_unlock(&lun->lun_lock);
9094			mtx_lock(&ctl_softc->ctl_lock);
9095			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9096			mtx_unlock(&ctl_softc->ctl_lock);
9097			mtx_lock(&lun->lun_lock);
9098		}
9099
9100	}
9101	mtx_unlock(&lun->lun_lock);
9102
9103	/*
9104	 * We already have a pending error, return it.
9105	 */
9106	if (have_error != 0) {
9107		/*
9108		 * We report the SCSI status as OK, since the status of the
9109		 * request sense command itself is OK.
9110		 * We report 0 for the sense length, because we aren't doing
9111		 * autosense in this case.  We're reporting sense as
9112		 * parameter data.
9113		 */
9114		ctl_set_success(ctsio);
9115		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9116		ctsio->be_move_done = ctl_config_move_done;
9117		ctl_datamove((union ctl_io *)ctsio);
9118		return (CTL_RETVAL_COMPLETE);
9119	}
9120
9121no_sense:
9122
9123	/*
9124	 * No sense information to report, so we report that everything is
9125	 * okay.
9126	 */
9127	ctl_set_sense_data(sense_ptr,
9128			   lun,
9129			   sense_format,
9130			   /*current_error*/ 1,
9131			   /*sense_key*/ SSD_KEY_NO_SENSE,
9132			   /*asc*/ 0x00,
9133			   /*ascq*/ 0x00,
9134			   SSD_ELEM_NONE);
9135
9136	/*
9137	 * We report 0 for the sense length, because we aren't doing
9138	 * autosense in this case.  We're reporting sense as parameter data.
9139	 */
9140	ctl_set_success(ctsio);
9141	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9142	ctsio->be_move_done = ctl_config_move_done;
9143	ctl_datamove((union ctl_io *)ctsio);
9144	return (CTL_RETVAL_COMPLETE);
9145}
9146
9147int
9148ctl_tur(struct ctl_scsiio *ctsio)
9149{
9150
9151	CTL_DEBUG_PRINT(("ctl_tur\n"));
9152
9153	ctl_set_success(ctsio);
9154	ctl_done((union ctl_io *)ctsio);
9155
9156	return (CTL_RETVAL_COMPLETE);
9157}
9158
9159#ifdef notyet
9160static int
9161ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9162{
9163
9164}
9165#endif
9166
9167/*
9168 * SCSI VPD page 0x00, the Supported VPD Pages page.
9169 */
9170static int
9171ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9172{
9173	struct scsi_vpd_supported_pages *pages;
9174	int sup_page_size;
9175	struct ctl_lun *lun;
9176	int p;
9177
9178	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9179
9180	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9181	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9182	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9183	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9184	ctsio->kern_sg_entries = 0;
9185
9186	if (sup_page_size < alloc_len) {
9187		ctsio->residual = alloc_len - sup_page_size;
9188		ctsio->kern_data_len = sup_page_size;
9189		ctsio->kern_total_len = sup_page_size;
9190	} else {
9191		ctsio->residual = 0;
9192		ctsio->kern_data_len = alloc_len;
9193		ctsio->kern_total_len = alloc_len;
9194	}
9195	ctsio->kern_data_resid = 0;
9196	ctsio->kern_rel_offset = 0;
9197	ctsio->kern_sg_entries = 0;
9198
9199	/*
9200	 * The control device is always connected.  The disk device, on the
9201	 * other hand, may not be online all the time.  Need to change this
9202	 * to figure out whether the disk device is actually online or not.
9203	 */
9204	if (lun != NULL)
9205		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9206				lun->be_lun->lun_type;
9207	else
9208		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9209
9210	p = 0;
9211	/* Supported VPD pages */
9212	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9213	/* Serial Number */
9214	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9215	/* Device Identification */
9216	pages->page_list[p++] = SVPD_DEVICE_ID;
9217	/* Extended INQUIRY Data */
9218	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9219	/* Mode Page Policy */
9220	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9221	/* SCSI Ports */
9222	pages->page_list[p++] = SVPD_SCSI_PORTS;
9223	/* Third-party Copy */
9224	pages->page_list[p++] = SVPD_SCSI_TPC;
9225	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9226		/* Block limits */
9227		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9228		/* Block Device Characteristics */
9229		pages->page_list[p++] = SVPD_BDC;
9230		/* Logical Block Provisioning */
9231		pages->page_list[p++] = SVPD_LBP;
9232	}
9233	pages->length = p;
9234
9235	ctl_set_success(ctsio);
9236	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9237	ctsio->be_move_done = ctl_config_move_done;
9238	ctl_datamove((union ctl_io *)ctsio);
9239	return (CTL_RETVAL_COMPLETE);
9240}
9241
9242/*
9243 * SCSI VPD page 0x80, the Unit Serial Number page.
9244 */
9245static int
9246ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9247{
9248	struct scsi_vpd_unit_serial_number *sn_ptr;
9249	struct ctl_lun *lun;
9250	int data_len;
9251
9252	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9253
9254	data_len = 4 + CTL_SN_LEN;
9255	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9256	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9257	if (data_len < alloc_len) {
9258		ctsio->residual = alloc_len - data_len;
9259		ctsio->kern_data_len = data_len;
9260		ctsio->kern_total_len = data_len;
9261	} else {
9262		ctsio->residual = 0;
9263		ctsio->kern_data_len = alloc_len;
9264		ctsio->kern_total_len = alloc_len;
9265	}
9266	ctsio->kern_data_resid = 0;
9267	ctsio->kern_rel_offset = 0;
9268	ctsio->kern_sg_entries = 0;
9269
9270	/*
9271	 * The control device is always connected.  The disk device, on the
9272	 * other hand, may not be online all the time.  Need to change this
9273	 * to figure out whether the disk device is actually online or not.
9274	 */
9275	if (lun != NULL)
9276		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9277				  lun->be_lun->lun_type;
9278	else
9279		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9280
9281	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9282	sn_ptr->length = CTL_SN_LEN;
9283	/*
9284	 * If we don't have a LUN, we just leave the serial number as
9285	 * all spaces.
9286	 */
9287	if (lun != NULL) {
9288		strncpy((char *)sn_ptr->serial_num,
9289			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9290	} else
9291		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9292
9293	ctl_set_success(ctsio);
9294	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9295	ctsio->be_move_done = ctl_config_move_done;
9296	ctl_datamove((union ctl_io *)ctsio);
9297	return (CTL_RETVAL_COMPLETE);
9298}
9299
9300
9301/*
9302 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9303 */
9304static int
9305ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9306{
9307	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9308	struct ctl_lun *lun;
9309	int data_len;
9310
9311	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9312
9313	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9314	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9315	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9316	ctsio->kern_sg_entries = 0;
9317
9318	if (data_len < alloc_len) {
9319		ctsio->residual = alloc_len - data_len;
9320		ctsio->kern_data_len = data_len;
9321		ctsio->kern_total_len = data_len;
9322	} else {
9323		ctsio->residual = 0;
9324		ctsio->kern_data_len = alloc_len;
9325		ctsio->kern_total_len = alloc_len;
9326	}
9327	ctsio->kern_data_resid = 0;
9328	ctsio->kern_rel_offset = 0;
9329	ctsio->kern_sg_entries = 0;
9330
9331	/*
9332	 * The control device is always connected.  The disk device, on the
9333	 * other hand, may not be online all the time.
9334	 */
9335	if (lun != NULL)
9336		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9337				     lun->be_lun->lun_type;
9338	else
9339		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9340	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9341	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9342	/*
9343	 * We support head of queue, ordered and simple tags.
9344	 */
9345	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9346	/*
9347	 * Volatile cache supported.
9348	 */
9349	eid_ptr->flags3 = SVPD_EID_V_SUP;
9350
9351	/*
9352	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9353	 * attention for a particular IT nexus on all LUNs once we report
9354	 * it to that nexus once.  This bit is required as of SPC-4.
9355	 */
9356	eid_ptr->flags4 = SVPD_EID_LUICLT;
9357
9358	/*
9359	 * XXX KDM in order to correctly answer this, we would need
9360	 * information from the SIM to determine how much sense data it
9361	 * can send.  So this would really be a path inquiry field, most
9362	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9363	 * but the hardware may or may not be able to support that much.
9364	 * 0 just means that the maximum sense data length is not reported.
9365	 */
9366	eid_ptr->max_sense_length = 0;
9367
9368	ctl_set_success(ctsio);
9369	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9370	ctsio->be_move_done = ctl_config_move_done;
9371	ctl_datamove((union ctl_io *)ctsio);
9372	return (CTL_RETVAL_COMPLETE);
9373}
9374
9375static int
9376ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9377{
9378	struct scsi_vpd_mode_page_policy *mpp_ptr;
9379	struct ctl_lun *lun;
9380	int data_len;
9381
9382	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9383
9384	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9385	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9386
9387	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9388	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9389	ctsio->kern_sg_entries = 0;
9390
9391	if (data_len < alloc_len) {
9392		ctsio->residual = alloc_len - data_len;
9393		ctsio->kern_data_len = data_len;
9394		ctsio->kern_total_len = data_len;
9395	} else {
9396		ctsio->residual = 0;
9397		ctsio->kern_data_len = alloc_len;
9398		ctsio->kern_total_len = alloc_len;
9399	}
9400	ctsio->kern_data_resid = 0;
9401	ctsio->kern_rel_offset = 0;
9402	ctsio->kern_sg_entries = 0;
9403
9404	/*
9405	 * The control device is always connected.  The disk device, on the
9406	 * other hand, may not be online all the time.
9407	 */
9408	if (lun != NULL)
9409		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9410				     lun->be_lun->lun_type;
9411	else
9412		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9413	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9414	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9415	mpp_ptr->descr[0].page_code = 0x3f;
9416	mpp_ptr->descr[0].subpage_code = 0xff;
9417	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9418
9419	ctl_set_success(ctsio);
9420	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9421	ctsio->be_move_done = ctl_config_move_done;
9422	ctl_datamove((union ctl_io *)ctsio);
9423	return (CTL_RETVAL_COMPLETE);
9424}
9425
9426/*
9427 * SCSI VPD page 0x83, the Device Identification page.
9428 */
9429static int
9430ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9431{
9432	struct scsi_vpd_device_id *devid_ptr;
9433	struct scsi_vpd_id_descriptor *desc;
9434	struct ctl_softc *softc;
9435	struct ctl_lun *lun;
9436	struct ctl_port *port;
9437	int data_len;
9438	uint8_t proto;
9439
9440	softc = control_softc;
9441
9442	port = softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9443	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9444
9445	data_len = sizeof(struct scsi_vpd_device_id) +
9446	    sizeof(struct scsi_vpd_id_descriptor) +
9447		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9448	    sizeof(struct scsi_vpd_id_descriptor) +
9449		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9450	if (lun && lun->lun_devid)
9451		data_len += lun->lun_devid->len;
9452	if (port->port_devid)
9453		data_len += port->port_devid->len;
9454	if (port->target_devid)
9455		data_len += port->target_devid->len;
9456
9457	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9458	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9459	ctsio->kern_sg_entries = 0;
9460
9461	if (data_len < alloc_len) {
9462		ctsio->residual = alloc_len - data_len;
9463		ctsio->kern_data_len = data_len;
9464		ctsio->kern_total_len = data_len;
9465	} else {
9466		ctsio->residual = 0;
9467		ctsio->kern_data_len = alloc_len;
9468		ctsio->kern_total_len = alloc_len;
9469	}
9470	ctsio->kern_data_resid = 0;
9471	ctsio->kern_rel_offset = 0;
9472	ctsio->kern_sg_entries = 0;
9473
9474	/*
9475	 * The control device is always connected.  The disk device, on the
9476	 * other hand, may not be online all the time.
9477	 */
9478	if (lun != NULL)
9479		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9480				     lun->be_lun->lun_type;
9481	else
9482		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9483	devid_ptr->page_code = SVPD_DEVICE_ID;
9484	scsi_ulto2b(data_len - 4, devid_ptr->length);
9485
9486	if (port->port_type == CTL_PORT_FC)
9487		proto = SCSI_PROTO_FC << 4;
9488	else if (port->port_type == CTL_PORT_ISCSI)
9489		proto = SCSI_PROTO_ISCSI << 4;
9490	else
9491		proto = SCSI_PROTO_SPI << 4;
9492	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9493
9494	/*
9495	 * We're using a LUN association here.  i.e., this device ID is a
9496	 * per-LUN identifier.
9497	 */
9498	if (lun && lun->lun_devid) {
9499		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9500		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9501		    lun->lun_devid->len);
9502	}
9503
9504	/*
9505	 * This is for the WWPN which is a port association.
9506	 */
9507	if (port->port_devid) {
9508		memcpy(desc, port->port_devid->data, port->port_devid->len);
9509		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9510		    port->port_devid->len);
9511	}
9512
9513	/*
9514	 * This is for the Relative Target Port(type 4h) identifier
9515	 */
9516	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9517	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9518	    SVPD_ID_TYPE_RELTARG;
9519	desc->length = 4;
9520	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9521	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9522	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9523
9524	/*
9525	 * This is for the Target Port Group(type 5h) identifier
9526	 */
9527	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9528	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9529	    SVPD_ID_TYPE_TPORTGRP;
9530	desc->length = 4;
9531	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
9532	    &desc->identifier[2]);
9533	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9534	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9535
9536	/*
9537	 * This is for the Target identifier
9538	 */
9539	if (port->target_devid) {
9540		memcpy(desc, port->target_devid->data, port->target_devid->len);
9541	}
9542
9543	ctl_set_success(ctsio);
9544	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9545	ctsio->be_move_done = ctl_config_move_done;
9546	ctl_datamove((union ctl_io *)ctsio);
9547	return (CTL_RETVAL_COMPLETE);
9548}
9549
9550static int
9551ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9552{
9553	struct ctl_softc *softc = control_softc;
9554	struct scsi_vpd_scsi_ports *sp;
9555	struct scsi_vpd_port_designation *pd;
9556	struct scsi_vpd_port_designation_cont *pdc;
9557	struct ctl_lun *lun;
9558	struct ctl_port *port;
9559	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
9560	int num_target_port_groups;
9561
9562	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9563
9564	if (softc->is_single)
9565		num_target_port_groups = 1;
9566	else
9567		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
9568	num_target_ports = 0;
9569	iid_len = 0;
9570	id_len = 0;
9571	mtx_lock(&softc->ctl_lock);
9572	STAILQ_FOREACH(port, &softc->port_list, links) {
9573		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9574			continue;
9575		if (lun != NULL &&
9576		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9577			continue;
9578		num_target_ports++;
9579		if (port->init_devid)
9580			iid_len += port->init_devid->len;
9581		if (port->port_devid)
9582			id_len += port->port_devid->len;
9583	}
9584	mtx_unlock(&softc->ctl_lock);
9585
9586	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
9587	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9588	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9589	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9590	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9591	ctsio->kern_sg_entries = 0;
9592
9593	if (data_len < alloc_len) {
9594		ctsio->residual = alloc_len - data_len;
9595		ctsio->kern_data_len = data_len;
9596		ctsio->kern_total_len = data_len;
9597	} else {
9598		ctsio->residual = 0;
9599		ctsio->kern_data_len = alloc_len;
9600		ctsio->kern_total_len = alloc_len;
9601	}
9602	ctsio->kern_data_resid = 0;
9603	ctsio->kern_rel_offset = 0;
9604	ctsio->kern_sg_entries = 0;
9605
9606	/*
9607	 * The control device is always connected.  The disk device, on the
9608	 * other hand, may not be online all the time.  Need to change this
9609	 * to figure out whether the disk device is actually online or not.
9610	 */
9611	if (lun != NULL)
9612		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9613				  lun->be_lun->lun_type;
9614	else
9615		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9616
9617	sp->page_code = SVPD_SCSI_PORTS;
9618	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9619	    sp->page_length);
9620	pd = &sp->design[0];
9621
9622	mtx_lock(&softc->ctl_lock);
9623	pg = softc->port_offset / CTL_MAX_PORTS;
9624	for (g = 0; g < num_target_port_groups; g++) {
9625		STAILQ_FOREACH(port, &softc->port_list, links) {
9626			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9627				continue;
9628			if (lun != NULL &&
9629			    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9630				continue;
9631			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
9632			scsi_ulto2b(p, pd->relative_port_id);
9633			if (port->init_devid && g == pg) {
9634				iid_len = port->init_devid->len;
9635				memcpy(pd->initiator_transportid,
9636				    port->init_devid->data, port->init_devid->len);
9637			} else
9638				iid_len = 0;
9639			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9640			pdc = (struct scsi_vpd_port_designation_cont *)
9641			    (&pd->initiator_transportid[iid_len]);
9642			if (port->port_devid && g == pg) {
9643				id_len = port->port_devid->len;
9644				memcpy(pdc->target_port_descriptors,
9645				    port->port_devid->data, port->port_devid->len);
9646			} else
9647				id_len = 0;
9648			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9649			pd = (struct scsi_vpd_port_designation *)
9650			    ((uint8_t *)pdc->target_port_descriptors + id_len);
9651		}
9652	}
9653	mtx_unlock(&softc->ctl_lock);
9654
9655	ctl_set_success(ctsio);
9656	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9657	ctsio->be_move_done = ctl_config_move_done;
9658	ctl_datamove((union ctl_io *)ctsio);
9659	return (CTL_RETVAL_COMPLETE);
9660}
9661
9662static int
9663ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9664{
9665	struct scsi_vpd_block_limits *bl_ptr;
9666	struct ctl_lun *lun;
9667	int bs;
9668
9669	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9670
9671	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9672	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9673	ctsio->kern_sg_entries = 0;
9674
9675	if (sizeof(*bl_ptr) < alloc_len) {
9676		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9677		ctsio->kern_data_len = sizeof(*bl_ptr);
9678		ctsio->kern_total_len = sizeof(*bl_ptr);
9679	} else {
9680		ctsio->residual = 0;
9681		ctsio->kern_data_len = alloc_len;
9682		ctsio->kern_total_len = alloc_len;
9683	}
9684	ctsio->kern_data_resid = 0;
9685	ctsio->kern_rel_offset = 0;
9686	ctsio->kern_sg_entries = 0;
9687
9688	/*
9689	 * The control device is always connected.  The disk device, on the
9690	 * other hand, may not be online all the time.  Need to change this
9691	 * to figure out whether the disk device is actually online or not.
9692	 */
9693	if (lun != NULL)
9694		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9695				  lun->be_lun->lun_type;
9696	else
9697		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9698
9699	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9700	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9701	bl_ptr->max_cmp_write_len = 0xff;
9702	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9703	if (lun != NULL) {
9704		bs = lun->be_lun->blocksize;
9705		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9706		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9707			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9708			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9709			if (lun->be_lun->ublockexp != 0) {
9710				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9711				    bl_ptr->opt_unmap_grain);
9712				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9713				    bl_ptr->unmap_grain_align);
9714			}
9715		}
9716		scsi_ulto4b(lun->be_lun->atomicblock,
9717		    bl_ptr->max_atomic_transfer_length);
9718		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9719		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9720	}
9721	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9722
9723	ctl_set_success(ctsio);
9724	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9725	ctsio->be_move_done = ctl_config_move_done;
9726	ctl_datamove((union ctl_io *)ctsio);
9727	return (CTL_RETVAL_COMPLETE);
9728}
9729
9730static int
9731ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9732{
9733	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9734	struct ctl_lun *lun;
9735	const char *value;
9736	u_int i;
9737
9738	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9739
9740	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9741	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9742	ctsio->kern_sg_entries = 0;
9743
9744	if (sizeof(*bdc_ptr) < alloc_len) {
9745		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9746		ctsio->kern_data_len = sizeof(*bdc_ptr);
9747		ctsio->kern_total_len = sizeof(*bdc_ptr);
9748	} else {
9749		ctsio->residual = 0;
9750		ctsio->kern_data_len = alloc_len;
9751		ctsio->kern_total_len = alloc_len;
9752	}
9753	ctsio->kern_data_resid = 0;
9754	ctsio->kern_rel_offset = 0;
9755	ctsio->kern_sg_entries = 0;
9756
9757	/*
9758	 * The control device is always connected.  The disk device, on the
9759	 * other hand, may not be online all the time.  Need to change this
9760	 * to figure out whether the disk device is actually online or not.
9761	 */
9762	if (lun != NULL)
9763		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9764				  lun->be_lun->lun_type;
9765	else
9766		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9767	bdc_ptr->page_code = SVPD_BDC;
9768	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9769	if (lun != NULL &&
9770	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9771		i = strtol(value, NULL, 0);
9772	else
9773		i = CTL_DEFAULT_ROTATION_RATE;
9774	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9775	if (lun != NULL &&
9776	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9777		i = strtol(value, NULL, 0);
9778	else
9779		i = 0;
9780	bdc_ptr->wab_wac_ff = (i & 0x0f);
9781	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9782
9783	ctl_set_success(ctsio);
9784	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9785	ctsio->be_move_done = ctl_config_move_done;
9786	ctl_datamove((union ctl_io *)ctsio);
9787	return (CTL_RETVAL_COMPLETE);
9788}
9789
9790static int
9791ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9792{
9793	struct scsi_vpd_logical_block_prov *lbp_ptr;
9794	struct ctl_lun *lun;
9795
9796	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9797
9798	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9799	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9800	ctsio->kern_sg_entries = 0;
9801
9802	if (sizeof(*lbp_ptr) < alloc_len) {
9803		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9804		ctsio->kern_data_len = sizeof(*lbp_ptr);
9805		ctsio->kern_total_len = sizeof(*lbp_ptr);
9806	} else {
9807		ctsio->residual = 0;
9808		ctsio->kern_data_len = alloc_len;
9809		ctsio->kern_total_len = alloc_len;
9810	}
9811	ctsio->kern_data_resid = 0;
9812	ctsio->kern_rel_offset = 0;
9813	ctsio->kern_sg_entries = 0;
9814
9815	/*
9816	 * The control device is always connected.  The disk device, on the
9817	 * other hand, may not be online all the time.  Need to change this
9818	 * to figure out whether the disk device is actually online or not.
9819	 */
9820	if (lun != NULL)
9821		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9822				  lun->be_lun->lun_type;
9823	else
9824		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9825
9826	lbp_ptr->page_code = SVPD_LBP;
9827	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9828	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9829	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9830		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9831		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9832		lbp_ptr->prov_type = SVPD_LBP_THIN;
9833	}
9834
9835	ctl_set_success(ctsio);
9836	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9837	ctsio->be_move_done = ctl_config_move_done;
9838	ctl_datamove((union ctl_io *)ctsio);
9839	return (CTL_RETVAL_COMPLETE);
9840}
9841
9842/*
9843 * INQUIRY with the EVPD bit set.
9844 */
9845static int
9846ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9847{
9848	struct ctl_lun *lun;
9849	struct scsi_inquiry *cdb;
9850	int alloc_len, retval;
9851
9852	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9853	cdb = (struct scsi_inquiry *)ctsio->cdb;
9854	alloc_len = scsi_2btoul(cdb->length);
9855
9856	switch (cdb->page_code) {
9857	case SVPD_SUPPORTED_PAGES:
9858		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9859		break;
9860	case SVPD_UNIT_SERIAL_NUMBER:
9861		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9862		break;
9863	case SVPD_DEVICE_ID:
9864		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9865		break;
9866	case SVPD_EXTENDED_INQUIRY_DATA:
9867		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9868		break;
9869	case SVPD_MODE_PAGE_POLICY:
9870		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9871		break;
9872	case SVPD_SCSI_PORTS:
9873		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9874		break;
9875	case SVPD_SCSI_TPC:
9876		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9877		break;
9878	case SVPD_BLOCK_LIMITS:
9879		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9880			goto err;
9881		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9882		break;
9883	case SVPD_BDC:
9884		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9885			goto err;
9886		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9887		break;
9888	case SVPD_LBP:
9889		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9890			goto err;
9891		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9892		break;
9893	default:
9894err:
9895		ctl_set_invalid_field(ctsio,
9896				      /*sks_valid*/ 1,
9897				      /*command*/ 1,
9898				      /*field*/ 2,
9899				      /*bit_valid*/ 0,
9900				      /*bit*/ 0);
9901		ctl_done((union ctl_io *)ctsio);
9902		retval = CTL_RETVAL_COMPLETE;
9903		break;
9904	}
9905
9906	return (retval);
9907}
9908
9909/*
9910 * Standard INQUIRY data.
9911 */
9912static int
9913ctl_inquiry_std(struct ctl_scsiio *ctsio)
9914{
9915	struct scsi_inquiry_data *inq_ptr;
9916	struct scsi_inquiry *cdb;
9917	struct ctl_softc *softc;
9918	struct ctl_lun *lun;
9919	char *val;
9920	uint32_t alloc_len, data_len;
9921	ctl_port_type port_type;
9922
9923	softc = control_softc;
9924
9925	/*
9926	 * Figure out whether we're talking to a Fibre Channel port or not.
9927	 * We treat the ioctl front end, and any SCSI adapters, as packetized
9928	 * SCSI front ends.
9929	 */
9930	port_type = softc->ctl_ports[
9931	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
9932	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
9933		port_type = CTL_PORT_SCSI;
9934
9935	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9936	cdb = (struct scsi_inquiry *)ctsio->cdb;
9937	alloc_len = scsi_2btoul(cdb->length);
9938
9939	/*
9940	 * We malloc the full inquiry data size here and fill it
9941	 * in.  If the user only asks for less, we'll give him
9942	 * that much.
9943	 */
9944	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
9945	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9946	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
9947	ctsio->kern_sg_entries = 0;
9948	ctsio->kern_data_resid = 0;
9949	ctsio->kern_rel_offset = 0;
9950
9951	if (data_len < alloc_len) {
9952		ctsio->residual = alloc_len - data_len;
9953		ctsio->kern_data_len = data_len;
9954		ctsio->kern_total_len = data_len;
9955	} else {
9956		ctsio->residual = 0;
9957		ctsio->kern_data_len = alloc_len;
9958		ctsio->kern_total_len = alloc_len;
9959	}
9960
9961	/*
9962	 * If we have a LUN configured, report it as connected.  Otherwise,
9963	 * report that it is offline or no device is supported, depending
9964	 * on the value of inquiry_pq_no_lun.
9965	 *
9966	 * According to the spec (SPC-4 r34), the peripheral qualifier
9967	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
9968	 *
9969	 * "A peripheral device having the specified peripheral device type
9970	 * is not connected to this logical unit. However, the device
9971	 * server is capable of supporting the specified peripheral device
9972	 * type on this logical unit."
9973	 *
9974	 * According to the same spec, the peripheral qualifier
9975	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
9976	 *
9977	 * "The device server is not capable of supporting a peripheral
9978	 * device on this logical unit. For this peripheral qualifier the
9979	 * peripheral device type shall be set to 1Fh. All other peripheral
9980	 * device type values are reserved for this peripheral qualifier."
9981	 *
9982	 * Given the text, it would seem that we probably want to report that
9983	 * the LUN is offline here.  There is no LUN connected, but we can
9984	 * support a LUN at the given LUN number.
9985	 *
9986	 * In the real world, though, it sounds like things are a little
9987	 * different:
9988	 *
9989	 * - Linux, when presented with a LUN with the offline peripheral
9990	 *   qualifier, will create an sg driver instance for it.  So when
9991	 *   you attach it to CTL, you wind up with a ton of sg driver
9992	 *   instances.  (One for every LUN that Linux bothered to probe.)
9993	 *   Linux does this despite the fact that it issues a REPORT LUNs
9994	 *   to LUN 0 to get the inventory of supported LUNs.
9995	 *
9996	 * - There is other anecdotal evidence (from Emulex folks) about
9997	 *   arrays that use the offline peripheral qualifier for LUNs that
9998	 *   are on the "passive" path in an active/passive array.
9999	 *
10000	 * So the solution is provide a hopefully reasonable default
10001	 * (return bad/no LUN) and allow the user to change the behavior
10002	 * with a tunable/sysctl variable.
10003	 */
10004	if (lun != NULL)
10005		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10006				  lun->be_lun->lun_type;
10007	else if (softc->inquiry_pq_no_lun == 0)
10008		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10009	else
10010		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10011
10012	/* RMB in byte 2 is 0 */
10013	inq_ptr->version = SCSI_REV_SPC4;
10014
10015	/*
10016	 * According to SAM-3, even if a device only supports a single
10017	 * level of LUN addressing, it should still set the HISUP bit:
10018	 *
10019	 * 4.9.1 Logical unit numbers overview
10020	 *
10021	 * All logical unit number formats described in this standard are
10022	 * hierarchical in structure even when only a single level in that
10023	 * hierarchy is used. The HISUP bit shall be set to one in the
10024	 * standard INQUIRY data (see SPC-2) when any logical unit number
10025	 * format described in this standard is used.  Non-hierarchical
10026	 * formats are outside the scope of this standard.
10027	 *
10028	 * Therefore we set the HiSup bit here.
10029	 *
10030	 * The reponse format is 2, per SPC-3.
10031	 */
10032	inq_ptr->response_format = SID_HiSup | 2;
10033
10034	inq_ptr->additional_length = data_len -
10035	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10036	CTL_DEBUG_PRINT(("additional_length = %d\n",
10037			 inq_ptr->additional_length));
10038
10039	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10040	/* 16 bit addressing */
10041	if (port_type == CTL_PORT_SCSI)
10042		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10043	/* XXX set the SID_MultiP bit here if we're actually going to
10044	   respond on multiple ports */
10045	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10046
10047	/* 16 bit data bus, synchronous transfers */
10048	if (port_type == CTL_PORT_SCSI)
10049		inq_ptr->flags = SID_WBus16 | SID_Sync;
10050	/*
10051	 * XXX KDM do we want to support tagged queueing on the control
10052	 * device at all?
10053	 */
10054	if ((lun == NULL)
10055	 || (lun->be_lun->lun_type != T_PROCESSOR))
10056		inq_ptr->flags |= SID_CmdQue;
10057	/*
10058	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10059	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10060	 * name and 4 bytes for the revision.
10061	 */
10062	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10063	    "vendor")) == NULL) {
10064		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10065	} else {
10066		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10067		strncpy(inq_ptr->vendor, val,
10068		    min(sizeof(inq_ptr->vendor), strlen(val)));
10069	}
10070	if (lun == NULL) {
10071		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10072		    sizeof(inq_ptr->product));
10073	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10074		switch (lun->be_lun->lun_type) {
10075		case T_DIRECT:
10076			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10077			    sizeof(inq_ptr->product));
10078			break;
10079		case T_PROCESSOR:
10080			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10081			    sizeof(inq_ptr->product));
10082			break;
10083		default:
10084			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10085			    sizeof(inq_ptr->product));
10086			break;
10087		}
10088	} else {
10089		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10090		strncpy(inq_ptr->product, val,
10091		    min(sizeof(inq_ptr->product), strlen(val)));
10092	}
10093
10094	/*
10095	 * XXX make this a macro somewhere so it automatically gets
10096	 * incremented when we make changes.
10097	 */
10098	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10099	    "revision")) == NULL) {
10100		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10101	} else {
10102		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10103		strncpy(inq_ptr->revision, val,
10104		    min(sizeof(inq_ptr->revision), strlen(val)));
10105	}
10106
10107	/*
10108	 * For parallel SCSI, we support double transition and single
10109	 * transition clocking.  We also support QAS (Quick Arbitration
10110	 * and Selection) and Information Unit transfers on both the
10111	 * control and array devices.
10112	 */
10113	if (port_type == CTL_PORT_SCSI)
10114		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10115				    SID_SPI_IUS;
10116
10117	/* SAM-5 (no version claimed) */
10118	scsi_ulto2b(0x00A0, inq_ptr->version1);
10119	/* SPC-4 (no version claimed) */
10120	scsi_ulto2b(0x0460, inq_ptr->version2);
10121	if (port_type == CTL_PORT_FC) {
10122		/* FCP-2 ANSI INCITS.350:2003 */
10123		scsi_ulto2b(0x0917, inq_ptr->version3);
10124	} else if (port_type == CTL_PORT_SCSI) {
10125		/* SPI-4 ANSI INCITS.362:200x */
10126		scsi_ulto2b(0x0B56, inq_ptr->version3);
10127	} else if (port_type == CTL_PORT_ISCSI) {
10128		/* iSCSI (no version claimed) */
10129		scsi_ulto2b(0x0960, inq_ptr->version3);
10130	} else if (port_type == CTL_PORT_SAS) {
10131		/* SAS (no version claimed) */
10132		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10133	}
10134
10135	if (lun == NULL) {
10136		/* SBC-4 (no version claimed) */
10137		scsi_ulto2b(0x0600, inq_ptr->version4);
10138	} else {
10139		switch (lun->be_lun->lun_type) {
10140		case T_DIRECT:
10141			/* SBC-4 (no version claimed) */
10142			scsi_ulto2b(0x0600, inq_ptr->version4);
10143			break;
10144		case T_PROCESSOR:
10145		default:
10146			break;
10147		}
10148	}
10149
10150	ctl_set_success(ctsio);
10151	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10152	ctsio->be_move_done = ctl_config_move_done;
10153	ctl_datamove((union ctl_io *)ctsio);
10154	return (CTL_RETVAL_COMPLETE);
10155}
10156
10157int
10158ctl_inquiry(struct ctl_scsiio *ctsio)
10159{
10160	struct scsi_inquiry *cdb;
10161	int retval;
10162
10163	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10164
10165	cdb = (struct scsi_inquiry *)ctsio->cdb;
10166	if (cdb->byte2 & SI_EVPD)
10167		retval = ctl_inquiry_evpd(ctsio);
10168	else if (cdb->page_code == 0)
10169		retval = ctl_inquiry_std(ctsio);
10170	else {
10171		ctl_set_invalid_field(ctsio,
10172				      /*sks_valid*/ 1,
10173				      /*command*/ 1,
10174				      /*field*/ 2,
10175				      /*bit_valid*/ 0,
10176				      /*bit*/ 0);
10177		ctl_done((union ctl_io *)ctsio);
10178		return (CTL_RETVAL_COMPLETE);
10179	}
10180
10181	return (retval);
10182}
10183
10184/*
10185 * For known CDB types, parse the LBA and length.
10186 */
10187static int
10188ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10189{
10190	if (io->io_hdr.io_type != CTL_IO_SCSI)
10191		return (1);
10192
10193	switch (io->scsiio.cdb[0]) {
10194	case COMPARE_AND_WRITE: {
10195		struct scsi_compare_and_write *cdb;
10196
10197		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10198
10199		*lba = scsi_8btou64(cdb->addr);
10200		*len = cdb->length;
10201		break;
10202	}
10203	case READ_6:
10204	case WRITE_6: {
10205		struct scsi_rw_6 *cdb;
10206
10207		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10208
10209		*lba = scsi_3btoul(cdb->addr);
10210		/* only 5 bits are valid in the most significant address byte */
10211		*lba &= 0x1fffff;
10212		*len = cdb->length;
10213		break;
10214	}
10215	case READ_10:
10216	case WRITE_10: {
10217		struct scsi_rw_10 *cdb;
10218
10219		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10220
10221		*lba = scsi_4btoul(cdb->addr);
10222		*len = scsi_2btoul(cdb->length);
10223		break;
10224	}
10225	case WRITE_VERIFY_10: {
10226		struct scsi_write_verify_10 *cdb;
10227
10228		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10229
10230		*lba = scsi_4btoul(cdb->addr);
10231		*len = scsi_2btoul(cdb->length);
10232		break;
10233	}
10234	case READ_12:
10235	case WRITE_12: {
10236		struct scsi_rw_12 *cdb;
10237
10238		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10239
10240		*lba = scsi_4btoul(cdb->addr);
10241		*len = scsi_4btoul(cdb->length);
10242		break;
10243	}
10244	case WRITE_VERIFY_12: {
10245		struct scsi_write_verify_12 *cdb;
10246
10247		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10248
10249		*lba = scsi_4btoul(cdb->addr);
10250		*len = scsi_4btoul(cdb->length);
10251		break;
10252	}
10253	case READ_16:
10254	case WRITE_16:
10255	case WRITE_ATOMIC_16: {
10256		struct scsi_rw_16 *cdb;
10257
10258		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10259
10260		*lba = scsi_8btou64(cdb->addr);
10261		*len = scsi_4btoul(cdb->length);
10262		break;
10263	}
10264	case WRITE_VERIFY_16: {
10265		struct scsi_write_verify_16 *cdb;
10266
10267		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10268
10269		*lba = scsi_8btou64(cdb->addr);
10270		*len = scsi_4btoul(cdb->length);
10271		break;
10272	}
10273	case WRITE_SAME_10: {
10274		struct scsi_write_same_10 *cdb;
10275
10276		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10277
10278		*lba = scsi_4btoul(cdb->addr);
10279		*len = scsi_2btoul(cdb->length);
10280		break;
10281	}
10282	case WRITE_SAME_16: {
10283		struct scsi_write_same_16 *cdb;
10284
10285		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10286
10287		*lba = scsi_8btou64(cdb->addr);
10288		*len = scsi_4btoul(cdb->length);
10289		break;
10290	}
10291	case VERIFY_10: {
10292		struct scsi_verify_10 *cdb;
10293
10294		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10295
10296		*lba = scsi_4btoul(cdb->addr);
10297		*len = scsi_2btoul(cdb->length);
10298		break;
10299	}
10300	case VERIFY_12: {
10301		struct scsi_verify_12 *cdb;
10302
10303		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10304
10305		*lba = scsi_4btoul(cdb->addr);
10306		*len = scsi_4btoul(cdb->length);
10307		break;
10308	}
10309	case VERIFY_16: {
10310		struct scsi_verify_16 *cdb;
10311
10312		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10313
10314		*lba = scsi_8btou64(cdb->addr);
10315		*len = scsi_4btoul(cdb->length);
10316		break;
10317	}
10318	case UNMAP: {
10319		*lba = 0;
10320		*len = UINT64_MAX;
10321		break;
10322	}
10323	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10324		struct scsi_get_lba_status *cdb;
10325
10326		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10327		*lba = scsi_8btou64(cdb->addr);
10328		*len = UINT32_MAX;
10329		break;
10330	}
10331	default:
10332		return (1);
10333		break; /* NOTREACHED */
10334	}
10335
10336	return (0);
10337}
10338
10339static ctl_action
10340ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10341    bool seq)
10342{
10343	uint64_t endlba1, endlba2;
10344
10345	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10346	endlba2 = lba2 + len2 - 1;
10347
10348	if ((endlba1 < lba2) || (endlba2 < lba1))
10349		return (CTL_ACTION_PASS);
10350	else
10351		return (CTL_ACTION_BLOCK);
10352}
10353
10354static int
10355ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10356{
10357	struct ctl_ptr_len_flags *ptrlen;
10358	struct scsi_unmap_desc *buf, *end, *range;
10359	uint64_t lba;
10360	uint32_t len;
10361
10362	/* If not UNMAP -- go other way. */
10363	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10364	    io->scsiio.cdb[0] != UNMAP)
10365		return (CTL_ACTION_ERROR);
10366
10367	/* If UNMAP without data -- block and wait for data. */
10368	ptrlen = (struct ctl_ptr_len_flags *)
10369	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10370	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10371	    ptrlen->ptr == NULL)
10372		return (CTL_ACTION_BLOCK);
10373
10374	/* UNMAP with data -- check for collision. */
10375	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10376	end = buf + ptrlen->len / sizeof(*buf);
10377	for (range = buf; range < end; range++) {
10378		lba = scsi_8btou64(range->lba);
10379		len = scsi_4btoul(range->length);
10380		if ((lba < lba2 + len2) && (lba + len > lba2))
10381			return (CTL_ACTION_BLOCK);
10382	}
10383	return (CTL_ACTION_PASS);
10384}
10385
10386static ctl_action
10387ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10388{
10389	uint64_t lba1, lba2;
10390	uint64_t len1, len2;
10391	int retval;
10392
10393	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10394		return (CTL_ACTION_ERROR);
10395
10396	retval = ctl_extent_check_unmap(io1, lba2, len2);
10397	if (retval != CTL_ACTION_ERROR)
10398		return (retval);
10399
10400	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10401		return (CTL_ACTION_ERROR);
10402
10403	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10404}
10405
10406static ctl_action
10407ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10408{
10409	uint64_t lba1, lba2;
10410	uint64_t len1, len2;
10411
10412	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10413		return (CTL_ACTION_ERROR);
10414	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10415		return (CTL_ACTION_ERROR);
10416
10417	if (lba1 + len1 == lba2)
10418		return (CTL_ACTION_BLOCK);
10419	return (CTL_ACTION_PASS);
10420}
10421
10422static ctl_action
10423ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10424    union ctl_io *ooa_io)
10425{
10426	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10427	ctl_serialize_action *serialize_row;
10428
10429	/*
10430	 * The initiator attempted multiple untagged commands at the same
10431	 * time.  Can't do that.
10432	 */
10433	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10434	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10435	 && ((pending_io->io_hdr.nexus.targ_port ==
10436	      ooa_io->io_hdr.nexus.targ_port)
10437	  && (pending_io->io_hdr.nexus.initid.id ==
10438	      ooa_io->io_hdr.nexus.initid.id))
10439	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10440	      CTL_FLAG_STATUS_SENT)) == 0))
10441		return (CTL_ACTION_OVERLAP);
10442
10443	/*
10444	 * The initiator attempted to send multiple tagged commands with
10445	 * the same ID.  (It's fine if different initiators have the same
10446	 * tag ID.)
10447	 *
10448	 * Even if all of those conditions are true, we don't kill the I/O
10449	 * if the command ahead of us has been aborted.  We won't end up
10450	 * sending it to the FETD, and it's perfectly legal to resend a
10451	 * command with the same tag number as long as the previous
10452	 * instance of this tag number has been aborted somehow.
10453	 */
10454	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10455	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10456	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10457	 && ((pending_io->io_hdr.nexus.targ_port ==
10458	      ooa_io->io_hdr.nexus.targ_port)
10459	  && (pending_io->io_hdr.nexus.initid.id ==
10460	      ooa_io->io_hdr.nexus.initid.id))
10461	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10462	      CTL_FLAG_STATUS_SENT)) == 0))
10463		return (CTL_ACTION_OVERLAP_TAG);
10464
10465	/*
10466	 * If we get a head of queue tag, SAM-3 says that we should
10467	 * immediately execute it.
10468	 *
10469	 * What happens if this command would normally block for some other
10470	 * reason?  e.g. a request sense with a head of queue tag
10471	 * immediately after a write.  Normally that would block, but this
10472	 * will result in its getting executed immediately...
10473	 *
10474	 * We currently return "pass" instead of "skip", so we'll end up
10475	 * going through the rest of the queue to check for overlapped tags.
10476	 *
10477	 * XXX KDM check for other types of blockage first??
10478	 */
10479	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10480		return (CTL_ACTION_PASS);
10481
10482	/*
10483	 * Ordered tags have to block until all items ahead of them
10484	 * have completed.  If we get called with an ordered tag, we always
10485	 * block, if something else is ahead of us in the queue.
10486	 */
10487	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10488		return (CTL_ACTION_BLOCK);
10489
10490	/*
10491	 * Simple tags get blocked until all head of queue and ordered tags
10492	 * ahead of them have completed.  I'm lumping untagged commands in
10493	 * with simple tags here.  XXX KDM is that the right thing to do?
10494	 */
10495	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10496	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10497	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10498	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10499		return (CTL_ACTION_BLOCK);
10500
10501	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10502	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10503
10504	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10505
10506	switch (serialize_row[pending_entry->seridx]) {
10507	case CTL_SER_BLOCK:
10508		return (CTL_ACTION_BLOCK);
10509	case CTL_SER_EXTENT:
10510		return (ctl_extent_check(ooa_io, pending_io,
10511		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10512	case CTL_SER_EXTENTOPT:
10513		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10514		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10515			return (ctl_extent_check(ooa_io, pending_io,
10516			    (lun->be_lun &&
10517			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10518		return (CTL_ACTION_PASS);
10519	case CTL_SER_EXTENTSEQ:
10520		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10521			return (ctl_extent_check_seq(ooa_io, pending_io));
10522		return (CTL_ACTION_PASS);
10523	case CTL_SER_PASS:
10524		return (CTL_ACTION_PASS);
10525	case CTL_SER_BLOCKOPT:
10526		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10527		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10528			return (CTL_ACTION_BLOCK);
10529		return (CTL_ACTION_PASS);
10530	case CTL_SER_SKIP:
10531		return (CTL_ACTION_SKIP);
10532	default:
10533		panic("invalid serialization value %d",
10534		      serialize_row[pending_entry->seridx]);
10535	}
10536
10537	return (CTL_ACTION_ERROR);
10538}
10539
10540/*
10541 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10542 * Assumptions:
10543 * - pending_io is generally either incoming, or on the blocked queue
10544 * - starting I/O is the I/O we want to start the check with.
10545 */
10546static ctl_action
10547ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10548	      union ctl_io *starting_io)
10549{
10550	union ctl_io *ooa_io;
10551	ctl_action action;
10552
10553	mtx_assert(&lun->lun_lock, MA_OWNED);
10554
10555	/*
10556	 * Run back along the OOA queue, starting with the current
10557	 * blocked I/O and going through every I/O before it on the
10558	 * queue.  If starting_io is NULL, we'll just end up returning
10559	 * CTL_ACTION_PASS.
10560	 */
10561	for (ooa_io = starting_io; ooa_io != NULL;
10562	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10563	     ooa_links)){
10564
10565		/*
10566		 * This routine just checks to see whether
10567		 * cur_blocked is blocked by ooa_io, which is ahead
10568		 * of it in the queue.  It doesn't queue/dequeue
10569		 * cur_blocked.
10570		 */
10571		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10572		switch (action) {
10573		case CTL_ACTION_BLOCK:
10574		case CTL_ACTION_OVERLAP:
10575		case CTL_ACTION_OVERLAP_TAG:
10576		case CTL_ACTION_SKIP:
10577		case CTL_ACTION_ERROR:
10578			return (action);
10579			break; /* NOTREACHED */
10580		case CTL_ACTION_PASS:
10581			break;
10582		default:
10583			panic("invalid action %d", action);
10584			break;  /* NOTREACHED */
10585		}
10586	}
10587
10588	return (CTL_ACTION_PASS);
10589}
10590
10591/*
10592 * Assumptions:
10593 * - An I/O has just completed, and has been removed from the per-LUN OOA
10594 *   queue, so some items on the blocked queue may now be unblocked.
10595 */
10596static int
10597ctl_check_blocked(struct ctl_lun *lun)
10598{
10599	union ctl_io *cur_blocked, *next_blocked;
10600
10601	mtx_assert(&lun->lun_lock, MA_OWNED);
10602
10603	/*
10604	 * Run forward from the head of the blocked queue, checking each
10605	 * entry against the I/Os prior to it on the OOA queue to see if
10606	 * there is still any blockage.
10607	 *
10608	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10609	 * with our removing a variable on it while it is traversing the
10610	 * list.
10611	 */
10612	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10613	     cur_blocked != NULL; cur_blocked = next_blocked) {
10614		union ctl_io *prev_ooa;
10615		ctl_action action;
10616
10617		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10618							  blocked_links);
10619
10620		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10621						      ctl_ooaq, ooa_links);
10622
10623		/*
10624		 * If cur_blocked happens to be the first item in the OOA
10625		 * queue now, prev_ooa will be NULL, and the action
10626		 * returned will just be CTL_ACTION_PASS.
10627		 */
10628		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10629
10630		switch (action) {
10631		case CTL_ACTION_BLOCK:
10632			/* Nothing to do here, still blocked */
10633			break;
10634		case CTL_ACTION_OVERLAP:
10635		case CTL_ACTION_OVERLAP_TAG:
10636			/*
10637			 * This shouldn't happen!  In theory we've already
10638			 * checked this command for overlap...
10639			 */
10640			break;
10641		case CTL_ACTION_PASS:
10642		case CTL_ACTION_SKIP: {
10643			const struct ctl_cmd_entry *entry;
10644			int isc_retval;
10645
10646			/*
10647			 * The skip case shouldn't happen, this transaction
10648			 * should have never made it onto the blocked queue.
10649			 */
10650			/*
10651			 * This I/O is no longer blocked, we can remove it
10652			 * from the blocked queue.  Since this is a TAILQ
10653			 * (doubly linked list), we can do O(1) removals
10654			 * from any place on the list.
10655			 */
10656			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10657				     blocked_links);
10658			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10659
10660			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
10661				/*
10662				 * Need to send IO back to original side to
10663				 * run
10664				 */
10665				union ctl_ha_msg msg_info;
10666
10667				msg_info.hdr.original_sc =
10668					cur_blocked->io_hdr.original_sc;
10669				msg_info.hdr.serializing_sc = cur_blocked;
10670				msg_info.hdr.msg_type = CTL_MSG_R2R;
10671				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
10672				     &msg_info, sizeof(msg_info), 0)) >
10673				     CTL_HA_STATUS_SUCCESS) {
10674					printf("CTL:Check Blocked error from "
10675					       "ctl_ha_msg_send %d\n",
10676					       isc_retval);
10677				}
10678				break;
10679			}
10680			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10681
10682			/*
10683			 * Check this I/O for LUN state changes that may
10684			 * have happened while this command was blocked.
10685			 * The LUN state may have been changed by a command
10686			 * ahead of us in the queue, so we need to re-check
10687			 * for any states that can be caused by SCSI
10688			 * commands.
10689			 */
10690			if (ctl_scsiio_lun_check(lun, entry,
10691						 &cur_blocked->scsiio) == 0) {
10692				cur_blocked->io_hdr.flags |=
10693				                      CTL_FLAG_IS_WAS_ON_RTR;
10694				ctl_enqueue_rtr(cur_blocked);
10695			} else
10696				ctl_done(cur_blocked);
10697			break;
10698		}
10699		default:
10700			/*
10701			 * This probably shouldn't happen -- we shouldn't
10702			 * get CTL_ACTION_ERROR, or anything else.
10703			 */
10704			break;
10705		}
10706	}
10707
10708	return (CTL_RETVAL_COMPLETE);
10709}
10710
10711/*
10712 * This routine (with one exception) checks LUN flags that can be set by
10713 * commands ahead of us in the OOA queue.  These flags have to be checked
10714 * when a command initially comes in, and when we pull a command off the
10715 * blocked queue and are preparing to execute it.  The reason we have to
10716 * check these flags for commands on the blocked queue is that the LUN
10717 * state may have been changed by a command ahead of us while we're on the
10718 * blocked queue.
10719 *
10720 * Ordering is somewhat important with these checks, so please pay
10721 * careful attention to the placement of any new checks.
10722 */
10723static int
10724ctl_scsiio_lun_check(struct ctl_lun *lun,
10725    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10726{
10727	struct ctl_softc *softc = lun->ctl_softc;
10728	int retval;
10729	uint32_t residx;
10730
10731	retval = 0;
10732
10733	mtx_assert(&lun->lun_lock, MA_OWNED);
10734
10735	/*
10736	 * If this shelf is a secondary shelf controller, we have to reject
10737	 * any media access commands.
10738	 */
10739	if ((softc->flags & CTL_FLAG_ACTIVE_SHELF) == 0 &&
10740	    (entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0) {
10741		ctl_set_lun_standby(ctsio);
10742		retval = 1;
10743		goto bailout;
10744	}
10745
10746	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10747		if (lun->be_lun &&
10748		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10749			ctl_set_sense(ctsio, /*current_error*/ 1,
10750			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10751			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
10752			retval = 1;
10753			goto bailout;
10754		}
10755		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10756		    .eca_and_aen & SCP_SWP) != 0) {
10757			ctl_set_sense(ctsio, /*current_error*/ 1,
10758			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10759			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10760			retval = 1;
10761			goto bailout;
10762		}
10763	}
10764
10765	/*
10766	 * Check for a reservation conflict.  If this command isn't allowed
10767	 * even on reserved LUNs, and if this initiator isn't the one who
10768	 * reserved us, reject the command with a reservation conflict.
10769	 */
10770	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
10771	if ((lun->flags & CTL_LUN_RESERVED)
10772	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10773		if (lun->res_idx != residx) {
10774			ctl_set_reservation_conflict(ctsio);
10775			retval = 1;
10776			goto bailout;
10777		}
10778	}
10779
10780	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10781	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10782		/* No reservation or command is allowed. */;
10783	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10784	    (lun->res_type == SPR_TYPE_WR_EX ||
10785	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10786	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10787		/* The command is allowed for Write Exclusive resv. */;
10788	} else {
10789		/*
10790		 * if we aren't registered or it's a res holder type
10791		 * reservation and this isn't the res holder then set a
10792		 * conflict.
10793		 */
10794		if (ctl_get_prkey(lun, residx) == 0
10795		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10796			ctl_set_reservation_conflict(ctsio);
10797			retval = 1;
10798			goto bailout;
10799		}
10800
10801	}
10802
10803	if ((lun->flags & CTL_LUN_OFFLINE)
10804	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
10805		ctl_set_lun_not_ready(ctsio);
10806		retval = 1;
10807		goto bailout;
10808	}
10809
10810	/*
10811	 * If the LUN is stopped, see if this particular command is allowed
10812	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
10813	 */
10814	if ((lun->flags & CTL_LUN_STOPPED)
10815	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10816		/* "Logical unit not ready, initializing cmd. required" */
10817		ctl_set_lun_stopped(ctsio);
10818		retval = 1;
10819		goto bailout;
10820	}
10821
10822	if ((lun->flags & CTL_LUN_INOPERABLE)
10823	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10824		/* "Medium format corrupted" */
10825		ctl_set_medium_format_corrupted(ctsio);
10826		retval = 1;
10827		goto bailout;
10828	}
10829
10830bailout:
10831	return (retval);
10832
10833}
10834
10835static void
10836ctl_failover_io(union ctl_io *io, int have_lock)
10837{
10838	ctl_set_busy(&io->scsiio);
10839	ctl_done(io);
10840}
10841
10842#ifdef notyet
10843static void
10844ctl_failover(void)
10845{
10846	struct ctl_lun *lun;
10847	struct ctl_softc *softc;
10848	union ctl_io *next_io, *pending_io;
10849	union ctl_io *io;
10850	int lun_idx;
10851
10852	softc = control_softc;
10853
10854	mtx_lock(&softc->ctl_lock);
10855	/*
10856	 * Remove any cmds from the other SC from the rtr queue.  These
10857	 * will obviously only be for LUNs for which we're the primary.
10858	 * We can't send status or get/send data for these commands.
10859	 * Since they haven't been executed yet, we can just remove them.
10860	 * We'll either abort them or delete them below, depending on
10861	 * which HA mode we're in.
10862	 */
10863#ifdef notyet
10864	mtx_lock(&softc->queue_lock);
10865	for (io = (union ctl_io *)STAILQ_FIRST(&softc->rtr_queue);
10866	     io != NULL; io = next_io) {
10867		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
10868		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10869			STAILQ_REMOVE(&softc->rtr_queue, &io->io_hdr,
10870				      ctl_io_hdr, links);
10871	}
10872	mtx_unlock(&softc->queue_lock);
10873#endif
10874
10875	for (lun_idx=0; lun_idx < softc->num_luns; lun_idx++) {
10876		lun = softc->ctl_luns[lun_idx];
10877		if (lun==NULL)
10878			continue;
10879
10880		/*
10881		 * Processor LUNs are primary on both sides.
10882		 * XXX will this always be true?
10883		 */
10884		if (lun->be_lun->lun_type == T_PROCESSOR)
10885			continue;
10886
10887		if ((lun->flags & CTL_LUN_PRIMARY_SC)
10888		 && (softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10889			printf("FAILOVER: primary lun %d\n", lun_idx);
10890		        /*
10891			 * Remove all commands from the other SC. First from the
10892			 * blocked queue then from the ooa queue. Once we have
10893			 * removed them. Call ctl_check_blocked to see if there
10894			 * is anything that can run.
10895			 */
10896			for (io = (union ctl_io *)TAILQ_FIRST(
10897			     &lun->blocked_queue); io != NULL; io = next_io) {
10898
10899		        	next_io = (union ctl_io *)TAILQ_NEXT(
10900				    &io->io_hdr, blocked_links);
10901
10902				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10903					TAILQ_REMOVE(&lun->blocked_queue,
10904						     &io->io_hdr,blocked_links);
10905					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10906					TAILQ_REMOVE(&lun->ooa_queue,
10907						     &io->io_hdr, ooa_links);
10908
10909					ctl_free_io(io);
10910				}
10911			}
10912
10913			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10914	     		     io != NULL; io = next_io) {
10915
10916		        	next_io = (union ctl_io *)TAILQ_NEXT(
10917				    &io->io_hdr, ooa_links);
10918
10919				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10920
10921					TAILQ_REMOVE(&lun->ooa_queue,
10922						&io->io_hdr,
10923					     	ooa_links);
10924
10925					ctl_free_io(io);
10926				}
10927			}
10928			ctl_check_blocked(lun);
10929		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
10930			&& (softc->ha_mode == CTL_HA_MODE_XFER)) {
10931
10932			printf("FAILOVER: primary lun %d\n", lun_idx);
10933			/*
10934			 * Abort all commands from the other SC.  We can't
10935			 * send status back for them now.  These should get
10936			 * cleaned up when they are completed or come out
10937			 * for a datamove operation.
10938			 */
10939			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10940	     		     io != NULL; io = next_io) {
10941		        	next_io = (union ctl_io *)TAILQ_NEXT(
10942					&io->io_hdr, ooa_links);
10943
10944				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10945					io->io_hdr.flags |= CTL_FLAG_ABORT;
10946			}
10947		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10948			&& (softc->ha_mode == CTL_HA_MODE_XFER)) {
10949
10950			printf("FAILOVER: secondary lun %d\n", lun_idx);
10951
10952			lun->flags |= CTL_LUN_PRIMARY_SC;
10953
10954			/*
10955			 * We send all I/O that was sent to this controller
10956			 * and redirected to the other side back with
10957			 * busy status, and have the initiator retry it.
10958			 * Figuring out how much data has been transferred,
10959			 * etc. and picking up where we left off would be
10960			 * very tricky.
10961			 *
10962			 * XXX KDM need to remove I/O from the blocked
10963			 * queue as well!
10964			 */
10965			for (pending_io = (union ctl_io *)TAILQ_FIRST(
10966			     &lun->ooa_queue); pending_io != NULL;
10967			     pending_io = next_io) {
10968
10969				next_io =  (union ctl_io *)TAILQ_NEXT(
10970					&pending_io->io_hdr, ooa_links);
10971
10972				pending_io->io_hdr.flags &=
10973					~CTL_FLAG_SENT_2OTHER_SC;
10974
10975				if (pending_io->io_hdr.flags &
10976				    CTL_FLAG_IO_ACTIVE) {
10977					pending_io->io_hdr.flags |=
10978						CTL_FLAG_FAILOVER;
10979				} else {
10980					ctl_set_busy(&pending_io->scsiio);
10981					ctl_done(pending_io);
10982				}
10983			}
10984
10985			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
10986		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10987			&& (softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10988			printf("FAILOVER: secondary lun %d\n", lun_idx);
10989			/*
10990			 * if the first io on the OOA is not on the RtR queue
10991			 * add it.
10992			 */
10993			lun->flags |= CTL_LUN_PRIMARY_SC;
10994
10995			pending_io = (union ctl_io *)TAILQ_FIRST(
10996			    &lun->ooa_queue);
10997			if (pending_io==NULL) {
10998				printf("Nothing on OOA queue\n");
10999				continue;
11000			}
11001
11002			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11003			if ((pending_io->io_hdr.flags &
11004			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11005				pending_io->io_hdr.flags |=
11006				    CTL_FLAG_IS_WAS_ON_RTR;
11007				ctl_enqueue_rtr(pending_io);
11008			}
11009#if 0
11010			else
11011			{
11012				printf("Tag 0x%04x is running\n",
11013				      pending_io->scsiio.tag_num);
11014			}
11015#endif
11016
11017			next_io = (union ctl_io *)TAILQ_NEXT(
11018			    &pending_io->io_hdr, ooa_links);
11019			for (pending_io=next_io; pending_io != NULL;
11020			     pending_io = next_io) {
11021				pending_io->io_hdr.flags &=
11022				    ~CTL_FLAG_SENT_2OTHER_SC;
11023				next_io = (union ctl_io *)TAILQ_NEXT(
11024					&pending_io->io_hdr, ooa_links);
11025				if (pending_io->io_hdr.flags &
11026				    CTL_FLAG_IS_WAS_ON_RTR) {
11027#if 0
11028				        printf("Tag 0x%04x is running\n",
11029				      		pending_io->scsiio.tag_num);
11030#endif
11031					continue;
11032				}
11033
11034				switch (ctl_check_ooa(lun, pending_io,
11035			            (union ctl_io *)TAILQ_PREV(
11036				    &pending_io->io_hdr, ctl_ooaq,
11037				    ooa_links))) {
11038
11039				case CTL_ACTION_BLOCK:
11040					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11041							  &pending_io->io_hdr,
11042							  blocked_links);
11043					pending_io->io_hdr.flags |=
11044					    CTL_FLAG_BLOCKED;
11045					break;
11046				case CTL_ACTION_PASS:
11047				case CTL_ACTION_SKIP:
11048					pending_io->io_hdr.flags |=
11049					    CTL_FLAG_IS_WAS_ON_RTR;
11050					ctl_enqueue_rtr(pending_io);
11051					break;
11052				case CTL_ACTION_OVERLAP:
11053					ctl_set_overlapped_cmd(
11054					    (struct ctl_scsiio *)pending_io);
11055					ctl_done(pending_io);
11056					break;
11057				case CTL_ACTION_OVERLAP_TAG:
11058					ctl_set_overlapped_tag(
11059					    (struct ctl_scsiio *)pending_io,
11060					    pending_io->scsiio.tag_num & 0xff);
11061					ctl_done(pending_io);
11062					break;
11063				case CTL_ACTION_ERROR:
11064				default:
11065					ctl_set_internal_failure(
11066						(struct ctl_scsiio *)pending_io,
11067						0,  // sks_valid
11068						0); //retry count
11069					ctl_done(pending_io);
11070					break;
11071				}
11072			}
11073
11074			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
11075		} else {
11076			panic("Unhandled HA mode failover, LUN flags = %#x, "
11077			      "ha_mode = #%x", lun->flags, softc->ha_mode);
11078		}
11079	}
11080	ctl_pause_rtr = 0;
11081	mtx_unlock(&softc->ctl_lock);
11082}
11083#endif
11084
11085static int
11086ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11087{
11088	struct ctl_lun *lun;
11089	const struct ctl_cmd_entry *entry;
11090	uint32_t initidx, targ_lun;
11091	int retval;
11092
11093	retval = 0;
11094
11095	lun = NULL;
11096
11097	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11098	if ((targ_lun < CTL_MAX_LUNS)
11099	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11100		/*
11101		 * If the LUN is invalid, pretend that it doesn't exist.
11102		 * It will go away as soon as all pending I/O has been
11103		 * completed.
11104		 */
11105		mtx_lock(&lun->lun_lock);
11106		if (lun->flags & CTL_LUN_DISABLED) {
11107			mtx_unlock(&lun->lun_lock);
11108			lun = NULL;
11109			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11110			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11111		} else {
11112			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11113			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11114				lun->be_lun;
11115			if (lun->be_lun->lun_type == T_PROCESSOR) {
11116				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11117			}
11118
11119			/*
11120			 * Every I/O goes into the OOA queue for a
11121			 * particular LUN, and stays there until completion.
11122			 */
11123#ifdef CTL_TIME_IO
11124			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11125				lun->idle_time += getsbinuptime() -
11126				    lun->last_busy;
11127			}
11128#endif
11129			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11130			    ooa_links);
11131		}
11132	} else {
11133		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11134		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11135	}
11136
11137	/* Get command entry and return error if it is unsuppotyed. */
11138	entry = ctl_validate_command(ctsio);
11139	if (entry == NULL) {
11140		if (lun)
11141			mtx_unlock(&lun->lun_lock);
11142		return (retval);
11143	}
11144
11145	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11146	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11147
11148	/*
11149	 * Check to see whether we can send this command to LUNs that don't
11150	 * exist.  This should pretty much only be the case for inquiry
11151	 * and request sense.  Further checks, below, really require having
11152	 * a LUN, so we can't really check the command anymore.  Just put
11153	 * it on the rtr queue.
11154	 */
11155	if (lun == NULL) {
11156		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11157			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11158			ctl_enqueue_rtr((union ctl_io *)ctsio);
11159			return (retval);
11160		}
11161
11162		ctl_set_unsupported_lun(ctsio);
11163		ctl_done((union ctl_io *)ctsio);
11164		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11165		return (retval);
11166	} else {
11167		/*
11168		 * Make sure we support this particular command on this LUN.
11169		 * e.g., we don't support writes to the control LUN.
11170		 */
11171		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11172			mtx_unlock(&lun->lun_lock);
11173			ctl_set_invalid_opcode(ctsio);
11174			ctl_done((union ctl_io *)ctsio);
11175			return (retval);
11176		}
11177	}
11178
11179	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11180
11181#ifdef CTL_WITH_CA
11182	/*
11183	 * If we've got a request sense, it'll clear the contingent
11184	 * allegiance condition.  Otherwise, if we have a CA condition for
11185	 * this initiator, clear it, because it sent down a command other
11186	 * than request sense.
11187	 */
11188	if ((ctsio->cdb[0] != REQUEST_SENSE)
11189	 && (ctl_is_set(lun->have_ca, initidx)))
11190		ctl_clear_mask(lun->have_ca, initidx);
11191#endif
11192
11193	/*
11194	 * If the command has this flag set, it handles its own unit
11195	 * attention reporting, we shouldn't do anything.  Otherwise we
11196	 * check for any pending unit attentions, and send them back to the
11197	 * initiator.  We only do this when a command initially comes in,
11198	 * not when we pull it off the blocked queue.
11199	 *
11200	 * According to SAM-3, section 5.3.2, the order that things get
11201	 * presented back to the host is basically unit attentions caused
11202	 * by some sort of reset event, busy status, reservation conflicts
11203	 * or task set full, and finally any other status.
11204	 *
11205	 * One issue here is that some of the unit attentions we report
11206	 * don't fall into the "reset" category (e.g. "reported luns data
11207	 * has changed").  So reporting it here, before the reservation
11208	 * check, may be technically wrong.  I guess the only thing to do
11209	 * would be to check for and report the reset events here, and then
11210	 * check for the other unit attention types after we check for a
11211	 * reservation conflict.
11212	 *
11213	 * XXX KDM need to fix this
11214	 */
11215	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11216		ctl_ua_type ua_type;
11217		scsi_sense_data_type sense_format;
11218
11219		if (lun->flags & CTL_LUN_SENSE_DESC)
11220			sense_format = SSD_TYPE_DESC;
11221		else
11222			sense_format = SSD_TYPE_FIXED;
11223
11224		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11225		    sense_format);
11226		if (ua_type != CTL_UA_NONE) {
11227			mtx_unlock(&lun->lun_lock);
11228			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11229			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11230			ctsio->sense_len = SSD_FULL_SIZE;
11231			ctl_done((union ctl_io *)ctsio);
11232			return (retval);
11233		}
11234	}
11235
11236
11237	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11238		mtx_unlock(&lun->lun_lock);
11239		ctl_done((union ctl_io *)ctsio);
11240		return (retval);
11241	}
11242
11243	/*
11244	 * XXX CHD this is where we want to send IO to other side if
11245	 * this LUN is secondary on this SC. We will need to make a copy
11246	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11247	 * the copy we send as FROM_OTHER.
11248	 * We also need to stuff the address of the original IO so we can
11249	 * find it easily. Something similar will need be done on the other
11250	 * side so when we are done we can find the copy.
11251	 */
11252	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11253		union ctl_ha_msg msg_info;
11254		int isc_retval;
11255
11256		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11257
11258		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11259		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11260#if 0
11261		printf("1. ctsio %p\n", ctsio);
11262#endif
11263		msg_info.hdr.serializing_sc = NULL;
11264		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11265		msg_info.scsi.tag_num = ctsio->tag_num;
11266		msg_info.scsi.tag_type = ctsio->tag_type;
11267		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11268
11269		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11270
11271		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11272		    (void *)&msg_info, sizeof(msg_info), 0)) >
11273		    CTL_HA_STATUS_SUCCESS) {
11274			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11275			       isc_retval);
11276			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11277		} else {
11278#if 0
11279			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11280#endif
11281		}
11282
11283		/*
11284		 * XXX KDM this I/O is off the incoming queue, but hasn't
11285		 * been inserted on any other queue.  We may need to come
11286		 * up with a holding queue while we wait for serialization
11287		 * so that we have an idea of what we're waiting for from
11288		 * the other side.
11289		 */
11290		mtx_unlock(&lun->lun_lock);
11291		return (retval);
11292	}
11293
11294	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11295			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11296			      ctl_ooaq, ooa_links))) {
11297	case CTL_ACTION_BLOCK:
11298		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11299		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11300				  blocked_links);
11301		mtx_unlock(&lun->lun_lock);
11302		return (retval);
11303	case CTL_ACTION_PASS:
11304	case CTL_ACTION_SKIP:
11305		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11306		mtx_unlock(&lun->lun_lock);
11307		ctl_enqueue_rtr((union ctl_io *)ctsio);
11308		break;
11309	case CTL_ACTION_OVERLAP:
11310		mtx_unlock(&lun->lun_lock);
11311		ctl_set_overlapped_cmd(ctsio);
11312		ctl_done((union ctl_io *)ctsio);
11313		break;
11314	case CTL_ACTION_OVERLAP_TAG:
11315		mtx_unlock(&lun->lun_lock);
11316		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11317		ctl_done((union ctl_io *)ctsio);
11318		break;
11319	case CTL_ACTION_ERROR:
11320	default:
11321		mtx_unlock(&lun->lun_lock);
11322		ctl_set_internal_failure(ctsio,
11323					 /*sks_valid*/ 0,
11324					 /*retry_count*/ 0);
11325		ctl_done((union ctl_io *)ctsio);
11326		break;
11327	}
11328	return (retval);
11329}
11330
11331const struct ctl_cmd_entry *
11332ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11333{
11334	const struct ctl_cmd_entry *entry;
11335	int service_action;
11336
11337	entry = &ctl_cmd_table[ctsio->cdb[0]];
11338	if (sa)
11339		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11340	if (entry->flags & CTL_CMD_FLAG_SA5) {
11341		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11342		entry = &((const struct ctl_cmd_entry *)
11343		    entry->execute)[service_action];
11344	}
11345	return (entry);
11346}
11347
11348const struct ctl_cmd_entry *
11349ctl_validate_command(struct ctl_scsiio *ctsio)
11350{
11351	const struct ctl_cmd_entry *entry;
11352	int i, sa;
11353	uint8_t diff;
11354
11355	entry = ctl_get_cmd_entry(ctsio, &sa);
11356	if (entry->execute == NULL) {
11357		if (sa)
11358			ctl_set_invalid_field(ctsio,
11359					      /*sks_valid*/ 1,
11360					      /*command*/ 1,
11361					      /*field*/ 1,
11362					      /*bit_valid*/ 1,
11363					      /*bit*/ 4);
11364		else
11365			ctl_set_invalid_opcode(ctsio);
11366		ctl_done((union ctl_io *)ctsio);
11367		return (NULL);
11368	}
11369	KASSERT(entry->length > 0,
11370	    ("Not defined length for command 0x%02x/0x%02x",
11371	     ctsio->cdb[0], ctsio->cdb[1]));
11372	for (i = 1; i < entry->length; i++) {
11373		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11374		if (diff == 0)
11375			continue;
11376		ctl_set_invalid_field(ctsio,
11377				      /*sks_valid*/ 1,
11378				      /*command*/ 1,
11379				      /*field*/ i,
11380				      /*bit_valid*/ 1,
11381				      /*bit*/ fls(diff) - 1);
11382		ctl_done((union ctl_io *)ctsio);
11383		return (NULL);
11384	}
11385	return (entry);
11386}
11387
11388static int
11389ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11390{
11391
11392	switch (lun_type) {
11393	case T_PROCESSOR:
11394		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11395		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11396			return (0);
11397		break;
11398	case T_DIRECT:
11399		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11400		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11401			return (0);
11402		break;
11403	default:
11404		return (0);
11405	}
11406	return (1);
11407}
11408
11409static int
11410ctl_scsiio(struct ctl_scsiio *ctsio)
11411{
11412	int retval;
11413	const struct ctl_cmd_entry *entry;
11414
11415	retval = CTL_RETVAL_COMPLETE;
11416
11417	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11418
11419	entry = ctl_get_cmd_entry(ctsio, NULL);
11420
11421	/*
11422	 * If this I/O has been aborted, just send it straight to
11423	 * ctl_done() without executing it.
11424	 */
11425	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11426		ctl_done((union ctl_io *)ctsio);
11427		goto bailout;
11428	}
11429
11430	/*
11431	 * All the checks should have been handled by ctl_scsiio_precheck().
11432	 * We should be clear now to just execute the I/O.
11433	 */
11434	retval = entry->execute(ctsio);
11435
11436bailout:
11437	return (retval);
11438}
11439
11440/*
11441 * Since we only implement one target right now, a bus reset simply resets
11442 * our single target.
11443 */
11444static int
11445ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11446{
11447	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11448}
11449
11450static int
11451ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11452		 ctl_ua_type ua_type)
11453{
11454	struct ctl_lun *lun;
11455	int retval;
11456
11457	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11458		union ctl_ha_msg msg_info;
11459
11460		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11461		msg_info.hdr.nexus = io->io_hdr.nexus;
11462		if (ua_type==CTL_UA_TARG_RESET)
11463			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11464		else
11465			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11466		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11467		msg_info.hdr.original_sc = NULL;
11468		msg_info.hdr.serializing_sc = NULL;
11469		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11470		    (void *)&msg_info, sizeof(msg_info), 0)) {
11471		}
11472	}
11473	retval = 0;
11474
11475	mtx_lock(&softc->ctl_lock);
11476	STAILQ_FOREACH(lun, &softc->lun_list, links)
11477		retval += ctl_lun_reset(lun, io, ua_type);
11478	mtx_unlock(&softc->ctl_lock);
11479
11480	return (retval);
11481}
11482
11483/*
11484 * The LUN should always be set.  The I/O is optional, and is used to
11485 * distinguish between I/Os sent by this initiator, and by other
11486 * initiators.  We set unit attention for initiators other than this one.
11487 * SAM-3 is vague on this point.  It does say that a unit attention should
11488 * be established for other initiators when a LUN is reset (see section
11489 * 5.7.3), but it doesn't specifically say that the unit attention should
11490 * be established for this particular initiator when a LUN is reset.  Here
11491 * is the relevant text, from SAM-3 rev 8:
11492 *
11493 * 5.7.2 When a SCSI initiator port aborts its own tasks
11494 *
11495 * When a SCSI initiator port causes its own task(s) to be aborted, no
11496 * notification that the task(s) have been aborted shall be returned to
11497 * the SCSI initiator port other than the completion response for the
11498 * command or task management function action that caused the task(s) to
11499 * be aborted and notification(s) associated with related effects of the
11500 * action (e.g., a reset unit attention condition).
11501 *
11502 * XXX KDM for now, we're setting unit attention for all initiators.
11503 */
11504static int
11505ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11506{
11507	union ctl_io *xio;
11508#if 0
11509	uint32_t initidx;
11510#endif
11511#ifdef CTL_WITH_CA
11512	int i;
11513#endif
11514
11515	mtx_lock(&lun->lun_lock);
11516	/*
11517	 * Run through the OOA queue and abort each I/O.
11518	 */
11519	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11520	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11521		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11522	}
11523
11524	/*
11525	 * This version sets unit attention for every
11526	 */
11527#if 0
11528	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11529	ctl_est_ua_all(lun, initidx, ua_type);
11530#else
11531	ctl_est_ua_all(lun, -1, ua_type);
11532#endif
11533
11534	/*
11535	 * A reset (any kind, really) clears reservations established with
11536	 * RESERVE/RELEASE.  It does not clear reservations established
11537	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11538	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11539	 * reservations made with the RESERVE/RELEASE commands, because
11540	 * those commands are obsolete in SPC-3.
11541	 */
11542	lun->flags &= ~CTL_LUN_RESERVED;
11543
11544#ifdef CTL_WITH_CA
11545	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11546		ctl_clear_mask(lun->have_ca, i);
11547#endif
11548	mtx_unlock(&lun->lun_lock);
11549
11550	return (0);
11551}
11552
11553static void
11554ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11555    int other_sc)
11556{
11557	union ctl_io *xio;
11558
11559	mtx_assert(&lun->lun_lock, MA_OWNED);
11560
11561	/*
11562	 * Run through the OOA queue and attempt to find the given I/O.
11563	 * The target port, initiator ID, tag type and tag number have to
11564	 * match the values that we got from the initiator.  If we have an
11565	 * untagged command to abort, simply abort the first untagged command
11566	 * we come to.  We only allow one untagged command at a time of course.
11567	 */
11568	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11569	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11570
11571		if ((targ_port == UINT32_MAX ||
11572		     targ_port == xio->io_hdr.nexus.targ_port) &&
11573		    (init_id == UINT32_MAX ||
11574		     init_id == xio->io_hdr.nexus.initid.id)) {
11575			if (targ_port != xio->io_hdr.nexus.targ_port ||
11576			    init_id != xio->io_hdr.nexus.initid.id)
11577				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11578			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11579			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11580				union ctl_ha_msg msg_info;
11581
11582				msg_info.hdr.nexus = xio->io_hdr.nexus;
11583				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11584				msg_info.task.tag_num = xio->scsiio.tag_num;
11585				msg_info.task.tag_type = xio->scsiio.tag_type;
11586				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11587				msg_info.hdr.original_sc = NULL;
11588				msg_info.hdr.serializing_sc = NULL;
11589				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11590				    (void *)&msg_info, sizeof(msg_info), 0);
11591			}
11592		}
11593	}
11594}
11595
11596static int
11597ctl_abort_task_set(union ctl_io *io)
11598{
11599	struct ctl_softc *softc = control_softc;
11600	struct ctl_lun *lun;
11601	uint32_t targ_lun;
11602
11603	/*
11604	 * Look up the LUN.
11605	 */
11606	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11607	mtx_lock(&softc->ctl_lock);
11608	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
11609		lun = softc->ctl_luns[targ_lun];
11610	else {
11611		mtx_unlock(&softc->ctl_lock);
11612		return (1);
11613	}
11614
11615	mtx_lock(&lun->lun_lock);
11616	mtx_unlock(&softc->ctl_lock);
11617	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11618		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11619		    io->io_hdr.nexus.initid.id,
11620		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11621	} else { /* CTL_TASK_CLEAR_TASK_SET */
11622		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11623		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11624	}
11625	mtx_unlock(&lun->lun_lock);
11626	return (0);
11627}
11628
11629static int
11630ctl_i_t_nexus_reset(union ctl_io *io)
11631{
11632	struct ctl_softc *softc = control_softc;
11633	struct ctl_lun *lun;
11634	uint32_t initidx, residx;
11635
11636	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11637	residx = ctl_get_resindex(&io->io_hdr.nexus);
11638	mtx_lock(&softc->ctl_lock);
11639	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11640		mtx_lock(&lun->lun_lock);
11641		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11642		    io->io_hdr.nexus.initid.id,
11643		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11644#ifdef CTL_WITH_CA
11645		ctl_clear_mask(lun->have_ca, initidx);
11646#endif
11647		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
11648			lun->flags &= ~CTL_LUN_RESERVED;
11649		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11650		mtx_unlock(&lun->lun_lock);
11651	}
11652	mtx_unlock(&softc->ctl_lock);
11653	return (0);
11654}
11655
11656static int
11657ctl_abort_task(union ctl_io *io)
11658{
11659	union ctl_io *xio;
11660	struct ctl_lun *lun;
11661	struct ctl_softc *softc;
11662#if 0
11663	struct sbuf sb;
11664	char printbuf[128];
11665#endif
11666	int found;
11667	uint32_t targ_lun;
11668
11669	softc = control_softc;
11670	found = 0;
11671
11672	/*
11673	 * Look up the LUN.
11674	 */
11675	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11676	mtx_lock(&softc->ctl_lock);
11677	if ((targ_lun < CTL_MAX_LUNS)
11678	 && (softc->ctl_luns[targ_lun] != NULL))
11679		lun = softc->ctl_luns[targ_lun];
11680	else {
11681		mtx_unlock(&softc->ctl_lock);
11682		return (1);
11683	}
11684
11685#if 0
11686	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11687	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11688#endif
11689
11690	mtx_lock(&lun->lun_lock);
11691	mtx_unlock(&softc->ctl_lock);
11692	/*
11693	 * Run through the OOA queue and attempt to find the given I/O.
11694	 * The target port, initiator ID, tag type and tag number have to
11695	 * match the values that we got from the initiator.  If we have an
11696	 * untagged command to abort, simply abort the first untagged command
11697	 * we come to.  We only allow one untagged command at a time of course.
11698	 */
11699	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11700	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11701#if 0
11702		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11703
11704		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11705			    lun->lun, xio->scsiio.tag_num,
11706			    xio->scsiio.tag_type,
11707			    (xio->io_hdr.blocked_links.tqe_prev
11708			    == NULL) ? "" : " BLOCKED",
11709			    (xio->io_hdr.flags &
11710			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11711			    (xio->io_hdr.flags &
11712			    CTL_FLAG_ABORT) ? " ABORT" : "",
11713			    (xio->io_hdr.flags &
11714			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11715		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11716		sbuf_finish(&sb);
11717		printf("%s\n", sbuf_data(&sb));
11718#endif
11719
11720		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11721		 || (xio->io_hdr.nexus.initid.id != io->io_hdr.nexus.initid.id)
11722		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11723			continue;
11724
11725		/*
11726		 * If the abort says that the task is untagged, the
11727		 * task in the queue must be untagged.  Otherwise,
11728		 * we just check to see whether the tag numbers
11729		 * match.  This is because the QLogic firmware
11730		 * doesn't pass back the tag type in an abort
11731		 * request.
11732		 */
11733#if 0
11734		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11735		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11736		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11737#endif
11738		/*
11739		 * XXX KDM we've got problems with FC, because it
11740		 * doesn't send down a tag type with aborts.  So we
11741		 * can only really go by the tag number...
11742		 * This may cause problems with parallel SCSI.
11743		 * Need to figure that out!!
11744		 */
11745		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11746			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11747			found = 1;
11748			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11749			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11750				union ctl_ha_msg msg_info;
11751
11752				io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11753				msg_info.hdr.nexus = io->io_hdr.nexus;
11754				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11755				msg_info.task.tag_num = io->taskio.tag_num;
11756				msg_info.task.tag_type = io->taskio.tag_type;
11757				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11758				msg_info.hdr.original_sc = NULL;
11759				msg_info.hdr.serializing_sc = NULL;
11760#if 0
11761				printf("Sent Abort to other side\n");
11762#endif
11763				if (ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11764				    (void *)&msg_info, sizeof(msg_info), 0) !=
11765				    CTL_HA_STATUS_SUCCESS) {
11766				}
11767			}
11768#if 0
11769			printf("ctl_abort_task: found I/O to abort\n");
11770#endif
11771		}
11772	}
11773	mtx_unlock(&lun->lun_lock);
11774
11775	if (found == 0) {
11776		/*
11777		 * This isn't really an error.  It's entirely possible for
11778		 * the abort and command completion to cross on the wire.
11779		 * This is more of an informative/diagnostic error.
11780		 */
11781#if 0
11782		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11783		       "%d:%d:%d:%d tag %d type %d\n",
11784		       io->io_hdr.nexus.initid.id,
11785		       io->io_hdr.nexus.targ_port,
11786		       io->io_hdr.nexus.targ_target.id,
11787		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11788		       io->taskio.tag_type);
11789#endif
11790	}
11791	return (0);
11792}
11793
11794static void
11795ctl_run_task(union ctl_io *io)
11796{
11797	struct ctl_softc *softc = control_softc;
11798	int retval = 1;
11799	const char *task_desc;
11800
11801	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11802
11803	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11804	    ("ctl_run_task: Unextected io_type %d\n",
11805	     io->io_hdr.io_type));
11806
11807	task_desc = ctl_scsi_task_string(&io->taskio);
11808	if (task_desc != NULL) {
11809#ifdef NEEDTOPORT
11810		csevent_log(CSC_CTL | CSC_SHELF_SW |
11811			    CTL_TASK_REPORT,
11812			    csevent_LogType_Trace,
11813			    csevent_Severity_Information,
11814			    csevent_AlertLevel_Green,
11815			    csevent_FRU_Firmware,
11816			    csevent_FRU_Unknown,
11817			    "CTL: received task: %s",task_desc);
11818#endif
11819	} else {
11820#ifdef NEEDTOPORT
11821		csevent_log(CSC_CTL | CSC_SHELF_SW |
11822			    CTL_TASK_REPORT,
11823			    csevent_LogType_Trace,
11824			    csevent_Severity_Information,
11825			    csevent_AlertLevel_Green,
11826			    csevent_FRU_Firmware,
11827			    csevent_FRU_Unknown,
11828			    "CTL: received unknown task "
11829			    "type: %d (%#x)",
11830			    io->taskio.task_action,
11831			    io->taskio.task_action);
11832#endif
11833	}
11834	switch (io->taskio.task_action) {
11835	case CTL_TASK_ABORT_TASK:
11836		retval = ctl_abort_task(io);
11837		break;
11838	case CTL_TASK_ABORT_TASK_SET:
11839	case CTL_TASK_CLEAR_TASK_SET:
11840		retval = ctl_abort_task_set(io);
11841		break;
11842	case CTL_TASK_CLEAR_ACA:
11843		break;
11844	case CTL_TASK_I_T_NEXUS_RESET:
11845		retval = ctl_i_t_nexus_reset(io);
11846		break;
11847	case CTL_TASK_LUN_RESET: {
11848		struct ctl_lun *lun;
11849		uint32_t targ_lun;
11850
11851		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11852		mtx_lock(&softc->ctl_lock);
11853		if ((targ_lun < CTL_MAX_LUNS)
11854		 && (softc->ctl_luns[targ_lun] != NULL))
11855			lun = softc->ctl_luns[targ_lun];
11856		else {
11857			mtx_unlock(&softc->ctl_lock);
11858			retval = 1;
11859			break;
11860		}
11861
11862		if (!(io->io_hdr.flags &
11863		    CTL_FLAG_FROM_OTHER_SC)) {
11864			union ctl_ha_msg msg_info;
11865
11866			io->io_hdr.flags |=
11867				CTL_FLAG_SENT_2OTHER_SC;
11868			msg_info.hdr.msg_type =
11869				CTL_MSG_MANAGE_TASKS;
11870			msg_info.hdr.nexus = io->io_hdr.nexus;
11871			msg_info.task.task_action =
11872				CTL_TASK_LUN_RESET;
11873			msg_info.hdr.original_sc = NULL;
11874			msg_info.hdr.serializing_sc = NULL;
11875			if (CTL_HA_STATUS_SUCCESS !=
11876			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11877			    (void *)&msg_info,
11878			    sizeof(msg_info), 0)) {
11879			}
11880		}
11881
11882		retval = ctl_lun_reset(lun, io,
11883				       CTL_UA_LUN_RESET);
11884		mtx_unlock(&softc->ctl_lock);
11885		break;
11886	}
11887	case CTL_TASK_TARGET_RESET:
11888		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11889		break;
11890	case CTL_TASK_BUS_RESET:
11891		retval = ctl_bus_reset(softc, io);
11892		break;
11893	case CTL_TASK_PORT_LOGIN:
11894		break;
11895	case CTL_TASK_PORT_LOGOUT:
11896		break;
11897	default:
11898		printf("ctl_run_task: got unknown task management event %d\n",
11899		       io->taskio.task_action);
11900		break;
11901	}
11902	if (retval == 0)
11903		io->io_hdr.status = CTL_SUCCESS;
11904	else
11905		io->io_hdr.status = CTL_ERROR;
11906	ctl_done(io);
11907}
11908
11909/*
11910 * For HA operation.  Handle commands that come in from the other
11911 * controller.
11912 */
11913static void
11914ctl_handle_isc(union ctl_io *io)
11915{
11916	int free_io;
11917	struct ctl_lun *lun;
11918	struct ctl_softc *softc;
11919	uint32_t targ_lun;
11920
11921	softc = control_softc;
11922
11923	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11924	lun = softc->ctl_luns[targ_lun];
11925
11926	switch (io->io_hdr.msg_type) {
11927	case CTL_MSG_SERIALIZE:
11928		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11929		break;
11930	case CTL_MSG_R2R: {
11931		const struct ctl_cmd_entry *entry;
11932
11933		/*
11934		 * This is only used in SER_ONLY mode.
11935		 */
11936		free_io = 0;
11937		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11938		mtx_lock(&lun->lun_lock);
11939		if (ctl_scsiio_lun_check(lun,
11940		    entry, (struct ctl_scsiio *)io) != 0) {
11941			mtx_unlock(&lun->lun_lock);
11942			ctl_done(io);
11943			break;
11944		}
11945		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11946		mtx_unlock(&lun->lun_lock);
11947		ctl_enqueue_rtr(io);
11948		break;
11949	}
11950	case CTL_MSG_FINISH_IO:
11951		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11952			free_io = 0;
11953			ctl_done(io);
11954		} else {
11955			free_io = 1;
11956			mtx_lock(&lun->lun_lock);
11957			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11958				     ooa_links);
11959			ctl_check_blocked(lun);
11960			mtx_unlock(&lun->lun_lock);
11961		}
11962		break;
11963	case CTL_MSG_PERS_ACTION:
11964		ctl_hndl_per_res_out_on_other_sc(
11965			(union ctl_ha_msg *)&io->presio.pr_msg);
11966		free_io = 1;
11967		break;
11968	case CTL_MSG_BAD_JUJU:
11969		free_io = 0;
11970		ctl_done(io);
11971		break;
11972	case CTL_MSG_DATAMOVE:
11973		/* Only used in XFER mode */
11974		free_io = 0;
11975		ctl_datamove_remote(io);
11976		break;
11977	case CTL_MSG_DATAMOVE_DONE:
11978		/* Only used in XFER mode */
11979		free_io = 0;
11980		io->scsiio.be_move_done(io);
11981		break;
11982	default:
11983		free_io = 1;
11984		printf("%s: Invalid message type %d\n",
11985		       __func__, io->io_hdr.msg_type);
11986		break;
11987	}
11988	if (free_io)
11989		ctl_free_io(io);
11990
11991}
11992
11993
11994/*
11995 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11996 * there is no match.
11997 */
11998static ctl_lun_error_pattern
11999ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12000{
12001	const struct ctl_cmd_entry *entry;
12002	ctl_lun_error_pattern filtered_pattern, pattern;
12003
12004	pattern = desc->error_pattern;
12005
12006	/*
12007	 * XXX KDM we need more data passed into this function to match a
12008	 * custom pattern, and we actually need to implement custom pattern
12009	 * matching.
12010	 */
12011	if (pattern & CTL_LUN_PAT_CMD)
12012		return (CTL_LUN_PAT_CMD);
12013
12014	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12015		return (CTL_LUN_PAT_ANY);
12016
12017	entry = ctl_get_cmd_entry(ctsio, NULL);
12018
12019	filtered_pattern = entry->pattern & pattern;
12020
12021	/*
12022	 * If the user requested specific flags in the pattern (e.g.
12023	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12024	 * flags.
12025	 *
12026	 * If the user did not specify any flags, it doesn't matter whether
12027	 * or not the command supports the flags.
12028	 */
12029	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12030	     (pattern & ~CTL_LUN_PAT_MASK))
12031		return (CTL_LUN_PAT_NONE);
12032
12033	/*
12034	 * If the user asked for a range check, see if the requested LBA
12035	 * range overlaps with this command's LBA range.
12036	 */
12037	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12038		uint64_t lba1;
12039		uint64_t len1;
12040		ctl_action action;
12041		int retval;
12042
12043		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12044		if (retval != 0)
12045			return (CTL_LUN_PAT_NONE);
12046
12047		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12048					      desc->lba_range.len, FALSE);
12049		/*
12050		 * A "pass" means that the LBA ranges don't overlap, so
12051		 * this doesn't match the user's range criteria.
12052		 */
12053		if (action == CTL_ACTION_PASS)
12054			return (CTL_LUN_PAT_NONE);
12055	}
12056
12057	return (filtered_pattern);
12058}
12059
12060static void
12061ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12062{
12063	struct ctl_error_desc *desc, *desc2;
12064
12065	mtx_assert(&lun->lun_lock, MA_OWNED);
12066
12067	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12068		ctl_lun_error_pattern pattern;
12069		/*
12070		 * Check to see whether this particular command matches
12071		 * the pattern in the descriptor.
12072		 */
12073		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12074		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12075			continue;
12076
12077		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12078		case CTL_LUN_INJ_ABORTED:
12079			ctl_set_aborted(&io->scsiio);
12080			break;
12081		case CTL_LUN_INJ_MEDIUM_ERR:
12082			ctl_set_medium_error(&io->scsiio);
12083			break;
12084		case CTL_LUN_INJ_UA:
12085			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12086			 * OCCURRED */
12087			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12088			break;
12089		case CTL_LUN_INJ_CUSTOM:
12090			/*
12091			 * We're assuming the user knows what he is doing.
12092			 * Just copy the sense information without doing
12093			 * checks.
12094			 */
12095			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12096			      MIN(sizeof(desc->custom_sense),
12097				  sizeof(io->scsiio.sense_data)));
12098			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12099			io->scsiio.sense_len = SSD_FULL_SIZE;
12100			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12101			break;
12102		case CTL_LUN_INJ_NONE:
12103		default:
12104			/*
12105			 * If this is an error injection type we don't know
12106			 * about, clear the continuous flag (if it is set)
12107			 * so it will get deleted below.
12108			 */
12109			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12110			break;
12111		}
12112		/*
12113		 * By default, each error injection action is a one-shot
12114		 */
12115		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12116			continue;
12117
12118		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12119
12120		free(desc, M_CTL);
12121	}
12122}
12123
12124#ifdef CTL_IO_DELAY
12125static void
12126ctl_datamove_timer_wakeup(void *arg)
12127{
12128	union ctl_io *io;
12129
12130	io = (union ctl_io *)arg;
12131
12132	ctl_datamove(io);
12133}
12134#endif /* CTL_IO_DELAY */
12135
12136void
12137ctl_datamove(union ctl_io *io)
12138{
12139	void (*fe_datamove)(union ctl_io *io);
12140
12141	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12142
12143	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12144
12145#ifdef CTL_TIME_IO
12146	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12147		char str[256];
12148		char path_str[64];
12149		struct sbuf sb;
12150
12151		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12152		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12153
12154		sbuf_cat(&sb, path_str);
12155		switch (io->io_hdr.io_type) {
12156		case CTL_IO_SCSI:
12157			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12158			sbuf_printf(&sb, "\n");
12159			sbuf_cat(&sb, path_str);
12160			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12161				    io->scsiio.tag_num, io->scsiio.tag_type);
12162			break;
12163		case CTL_IO_TASK:
12164			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12165				    "Tag Type: %d\n", io->taskio.task_action,
12166				    io->taskio.tag_num, io->taskio.tag_type);
12167			break;
12168		default:
12169			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12170			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12171			break;
12172		}
12173		sbuf_cat(&sb, path_str);
12174		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12175			    (intmax_t)time_uptime - io->io_hdr.start_time);
12176		sbuf_finish(&sb);
12177		printf("%s", sbuf_data(&sb));
12178	}
12179#endif /* CTL_TIME_IO */
12180
12181#ifdef CTL_IO_DELAY
12182	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12183		struct ctl_lun *lun;
12184
12185		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12186
12187		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12188	} else {
12189		struct ctl_lun *lun;
12190
12191		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12192		if ((lun != NULL)
12193		 && (lun->delay_info.datamove_delay > 0)) {
12194
12195			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12196			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12197			callout_reset(&io->io_hdr.delay_callout,
12198				      lun->delay_info.datamove_delay * hz,
12199				      ctl_datamove_timer_wakeup, io);
12200			if (lun->delay_info.datamove_type ==
12201			    CTL_DELAY_TYPE_ONESHOT)
12202				lun->delay_info.datamove_delay = 0;
12203			return;
12204		}
12205	}
12206#endif
12207
12208	/*
12209	 * This command has been aborted.  Set the port status, so we fail
12210	 * the data move.
12211	 */
12212	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12213		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12214		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12215		       io->io_hdr.nexus.targ_port,
12216		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12217		       io->io_hdr.nexus.targ_lun);
12218		io->io_hdr.port_status = 31337;
12219		/*
12220		 * Note that the backend, in this case, will get the
12221		 * callback in its context.  In other cases it may get
12222		 * called in the frontend's interrupt thread context.
12223		 */
12224		io->scsiio.be_move_done(io);
12225		return;
12226	}
12227
12228	/* Don't confuse frontend with zero length data move. */
12229	if (io->scsiio.kern_data_len == 0) {
12230		io->scsiio.be_move_done(io);
12231		return;
12232	}
12233
12234	/*
12235	 * If we're in XFER mode and this I/O is from the other shelf
12236	 * controller, we need to send the DMA to the other side to
12237	 * actually transfer the data to/from the host.  In serialize only
12238	 * mode the transfer happens below CTL and ctl_datamove() is only
12239	 * called on the machine that originally received the I/O.
12240	 */
12241	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12242	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12243		union ctl_ha_msg msg;
12244		uint32_t sg_entries_sent;
12245		int do_sg_copy;
12246		int i;
12247
12248		memset(&msg, 0, sizeof(msg));
12249		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12250		msg.hdr.original_sc = io->io_hdr.original_sc;
12251		msg.hdr.serializing_sc = io;
12252		msg.hdr.nexus = io->io_hdr.nexus;
12253		msg.dt.flags = io->io_hdr.flags;
12254		/*
12255		 * We convert everything into a S/G list here.  We can't
12256		 * pass by reference, only by value between controllers.
12257		 * So we can't pass a pointer to the S/G list, only as many
12258		 * S/G entries as we can fit in here.  If it's possible for
12259		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12260		 * then we need to break this up into multiple transfers.
12261		 */
12262		if (io->scsiio.kern_sg_entries == 0) {
12263			msg.dt.kern_sg_entries = 1;
12264			/*
12265			 * If this is in cached memory, flush the cache
12266			 * before we send the DMA request to the other
12267			 * controller.  We want to do this in either the
12268			 * read or the write case.  The read case is
12269			 * straightforward.  In the write case, we want to
12270			 * make sure nothing is in the local cache that
12271			 * could overwrite the DMAed data.
12272			 */
12273			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12274				/*
12275				 * XXX KDM use bus_dmamap_sync() here.
12276				 */
12277			}
12278
12279			/*
12280			 * Convert to a physical address if this is a
12281			 * virtual address.
12282			 */
12283			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12284				msg.dt.sg_list[0].addr =
12285					io->scsiio.kern_data_ptr;
12286			} else {
12287				/*
12288				 * XXX KDM use busdma here!
12289				 */
12290#if 0
12291				msg.dt.sg_list[0].addr = (void *)
12292					vtophys(io->scsiio.kern_data_ptr);
12293#endif
12294			}
12295
12296			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12297			do_sg_copy = 0;
12298		} else {
12299			struct ctl_sg_entry *sgl;
12300
12301			do_sg_copy = 1;
12302			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12303			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12304			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12305				/*
12306				 * XXX KDM use bus_dmamap_sync() here.
12307				 */
12308			}
12309		}
12310
12311		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12312		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12313		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12314		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12315		msg.dt.sg_sequence = 0;
12316
12317		/*
12318		 * Loop until we've sent all of the S/G entries.  On the
12319		 * other end, we'll recompose these S/G entries into one
12320		 * contiguous list before passing it to the
12321		 */
12322		for (sg_entries_sent = 0; sg_entries_sent <
12323		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12324			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12325				sizeof(msg.dt.sg_list[0])),
12326				msg.dt.kern_sg_entries - sg_entries_sent);
12327
12328			if (do_sg_copy != 0) {
12329				struct ctl_sg_entry *sgl;
12330				int j;
12331
12332				sgl = (struct ctl_sg_entry *)
12333					io->scsiio.kern_data_ptr;
12334				/*
12335				 * If this is in cached memory, flush the cache
12336				 * before we send the DMA request to the other
12337				 * controller.  We want to do this in either
12338				 * the * read or the write case.  The read
12339				 * case is straightforward.  In the write
12340				 * case, we want to make sure nothing is
12341				 * in the local cache that could overwrite
12342				 * the DMAed data.
12343				 */
12344
12345				for (i = sg_entries_sent, j = 0;
12346				     i < msg.dt.cur_sg_entries; i++, j++) {
12347					if ((io->io_hdr.flags &
12348					     CTL_FLAG_NO_DATASYNC) == 0) {
12349						/*
12350						 * XXX KDM use bus_dmamap_sync()
12351						 */
12352					}
12353					if ((io->io_hdr.flags &
12354					     CTL_FLAG_BUS_ADDR) == 0) {
12355						/*
12356						 * XXX KDM use busdma.
12357						 */
12358#if 0
12359						msg.dt.sg_list[j].addr =(void *)
12360						       vtophys(sgl[i].addr);
12361#endif
12362					} else {
12363						msg.dt.sg_list[j].addr =
12364							sgl[i].addr;
12365					}
12366					msg.dt.sg_list[j].len = sgl[i].len;
12367				}
12368			}
12369
12370			sg_entries_sent += msg.dt.cur_sg_entries;
12371			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12372				msg.dt.sg_last = 1;
12373			else
12374				msg.dt.sg_last = 0;
12375
12376			/*
12377			 * XXX KDM drop and reacquire the lock here?
12378			 */
12379			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12380			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12381				/*
12382				 * XXX do something here.
12383				 */
12384			}
12385
12386			msg.dt.sent_sg_entries = sg_entries_sent;
12387		}
12388		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12389		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12390			ctl_failover_io(io, /*have_lock*/ 0);
12391
12392	} else {
12393
12394		/*
12395		 * Lookup the fe_datamove() function for this particular
12396		 * front end.
12397		 */
12398		fe_datamove =
12399		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12400
12401		fe_datamove(io);
12402	}
12403}
12404
12405static void
12406ctl_send_datamove_done(union ctl_io *io, int have_lock)
12407{
12408	union ctl_ha_msg msg;
12409	int isc_status;
12410
12411	memset(&msg, 0, sizeof(msg));
12412
12413	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12414	msg.hdr.original_sc = io;
12415	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12416	msg.hdr.nexus = io->io_hdr.nexus;
12417	msg.hdr.status = io->io_hdr.status;
12418	msg.scsi.tag_num = io->scsiio.tag_num;
12419	msg.scsi.tag_type = io->scsiio.tag_type;
12420	msg.scsi.scsi_status = io->scsiio.scsi_status;
12421	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12422	       sizeof(io->scsiio.sense_data));
12423	msg.scsi.sense_len = io->scsiio.sense_len;
12424	msg.scsi.sense_residual = io->scsiio.sense_residual;
12425	msg.scsi.fetd_status = io->io_hdr.port_status;
12426	msg.scsi.residual = io->scsiio.residual;
12427	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12428
12429	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12430		ctl_failover_io(io, /*have_lock*/ have_lock);
12431		return;
12432	}
12433
12434	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12435	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12436		/* XXX do something if this fails */
12437	}
12438
12439}
12440
12441/*
12442 * The DMA to the remote side is done, now we need to tell the other side
12443 * we're done so it can continue with its data movement.
12444 */
12445static void
12446ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12447{
12448	union ctl_io *io;
12449
12450	io = rq->context;
12451
12452	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12453		printf("%s: ISC DMA write failed with error %d", __func__,
12454		       rq->ret);
12455		ctl_set_internal_failure(&io->scsiio,
12456					 /*sks_valid*/ 1,
12457					 /*retry_count*/ rq->ret);
12458	}
12459
12460	ctl_dt_req_free(rq);
12461
12462	/*
12463	 * In this case, we had to malloc the memory locally.  Free it.
12464	 */
12465	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12466		int i;
12467		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12468			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12469	}
12470	/*
12471	 * The data is in local and remote memory, so now we need to send
12472	 * status (good or back) back to the other side.
12473	 */
12474	ctl_send_datamove_done(io, /*have_lock*/ 0);
12475}
12476
12477/*
12478 * We've moved the data from the host/controller into local memory.  Now we
12479 * need to push it over to the remote controller's memory.
12480 */
12481static int
12482ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12483{
12484	int retval;
12485
12486	retval = 0;
12487
12488	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12489					  ctl_datamove_remote_write_cb);
12490
12491	return (retval);
12492}
12493
12494static void
12495ctl_datamove_remote_write(union ctl_io *io)
12496{
12497	int retval;
12498	void (*fe_datamove)(union ctl_io *io);
12499
12500	/*
12501	 * - Get the data from the host/HBA into local memory.
12502	 * - DMA memory from the local controller to the remote controller.
12503	 * - Send status back to the remote controller.
12504	 */
12505
12506	retval = ctl_datamove_remote_sgl_setup(io);
12507	if (retval != 0)
12508		return;
12509
12510	/* Switch the pointer over so the FETD knows what to do */
12511	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12512
12513	/*
12514	 * Use a custom move done callback, since we need to send completion
12515	 * back to the other controller, not to the backend on this side.
12516	 */
12517	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12518
12519	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12520
12521	fe_datamove(io);
12522
12523	return;
12524
12525}
12526
12527static int
12528ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12529{
12530#if 0
12531	char str[256];
12532	char path_str[64];
12533	struct sbuf sb;
12534#endif
12535
12536	/*
12537	 * In this case, we had to malloc the memory locally.  Free it.
12538	 */
12539	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12540		int i;
12541		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12542			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12543	}
12544
12545#if 0
12546	scsi_path_string(io, path_str, sizeof(path_str));
12547	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12548	sbuf_cat(&sb, path_str);
12549	scsi_command_string(&io->scsiio, NULL, &sb);
12550	sbuf_printf(&sb, "\n");
12551	sbuf_cat(&sb, path_str);
12552	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12553		    io->scsiio.tag_num, io->scsiio.tag_type);
12554	sbuf_cat(&sb, path_str);
12555	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12556		    io->io_hdr.flags, io->io_hdr.status);
12557	sbuf_finish(&sb);
12558	printk("%s", sbuf_data(&sb));
12559#endif
12560
12561
12562	/*
12563	 * The read is done, now we need to send status (good or bad) back
12564	 * to the other side.
12565	 */
12566	ctl_send_datamove_done(io, /*have_lock*/ 0);
12567
12568	return (0);
12569}
12570
12571static void
12572ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12573{
12574	union ctl_io *io;
12575	void (*fe_datamove)(union ctl_io *io);
12576
12577	io = rq->context;
12578
12579	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12580		printf("%s: ISC DMA read failed with error %d", __func__,
12581		       rq->ret);
12582		ctl_set_internal_failure(&io->scsiio,
12583					 /*sks_valid*/ 1,
12584					 /*retry_count*/ rq->ret);
12585	}
12586
12587	ctl_dt_req_free(rq);
12588
12589	/* Switch the pointer over so the FETD knows what to do */
12590	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12591
12592	/*
12593	 * Use a custom move done callback, since we need to send completion
12594	 * back to the other controller, not to the backend on this side.
12595	 */
12596	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12597
12598	/* XXX KDM add checks like the ones in ctl_datamove? */
12599
12600	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12601
12602	fe_datamove(io);
12603}
12604
12605static int
12606ctl_datamove_remote_sgl_setup(union ctl_io *io)
12607{
12608	struct ctl_sg_entry *local_sglist, *remote_sglist;
12609	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
12610	struct ctl_softc *softc;
12611	int retval;
12612	int i;
12613
12614	retval = 0;
12615	softc = control_softc;
12616
12617	local_sglist = io->io_hdr.local_sglist;
12618	local_dma_sglist = io->io_hdr.local_dma_sglist;
12619	remote_sglist = io->io_hdr.remote_sglist;
12620	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12621
12622	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
12623		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
12624			local_sglist[i].len = remote_sglist[i].len;
12625
12626			/*
12627			 * XXX Detect the situation where the RS-level I/O
12628			 * redirector on the other side has already read the
12629			 * data off of the AOR RS on this side, and
12630			 * transferred it to remote (mirror) memory on the
12631			 * other side.  Since we already have the data in
12632			 * memory here, we just need to use it.
12633			 *
12634			 * XXX KDM this can probably be removed once we
12635			 * get the cache device code in and take the
12636			 * current AOR implementation out.
12637			 */
12638#ifdef NEEDTOPORT
12639			if ((remote_sglist[i].addr >=
12640			     (void *)vtophys(softc->mirr->addr))
12641			 && (remote_sglist[i].addr <
12642			     ((void *)vtophys(softc->mirr->addr) +
12643			     CacheMirrorOffset))) {
12644				local_sglist[i].addr = remote_sglist[i].addr -
12645					CacheMirrorOffset;
12646				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12647				     CTL_FLAG_DATA_IN)
12648					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
12649			} else {
12650				local_sglist[i].addr = remote_sglist[i].addr +
12651					CacheMirrorOffset;
12652			}
12653#endif
12654#if 0
12655			printf("%s: local %p, remote %p, len %d\n",
12656			       __func__, local_sglist[i].addr,
12657			       remote_sglist[i].addr, local_sglist[i].len);
12658#endif
12659		}
12660	} else {
12661		uint32_t len_to_go;
12662
12663		/*
12664		 * In this case, we don't have automatically allocated
12665		 * memory for this I/O on this controller.  This typically
12666		 * happens with internal CTL I/O -- e.g. inquiry, mode
12667		 * sense, etc.  Anything coming from RAIDCore will have
12668		 * a mirror area available.
12669		 */
12670		len_to_go = io->scsiio.kern_data_len;
12671
12672		/*
12673		 * Clear the no datasync flag, we have to use malloced
12674		 * buffers.
12675		 */
12676		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
12677
12678		/*
12679		 * The difficult thing here is that the size of the various
12680		 * S/G segments may be different than the size from the
12681		 * remote controller.  That'll make it harder when DMAing
12682		 * the data back to the other side.
12683		 */
12684		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
12685		     sizeof(io->io_hdr.remote_sglist[0])) &&
12686		     (len_to_go > 0); i++) {
12687			local_sglist[i].len = MIN(len_to_go, 131072);
12688			CTL_SIZE_8B(local_dma_sglist[i].len,
12689				    local_sglist[i].len);
12690			local_sglist[i].addr =
12691				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
12692
12693			local_dma_sglist[i].addr = local_sglist[i].addr;
12694
12695			if (local_sglist[i].addr == NULL) {
12696				int j;
12697
12698				printf("malloc failed for %zd bytes!",
12699				       local_dma_sglist[i].len);
12700				for (j = 0; j < i; j++) {
12701					free(local_sglist[j].addr, M_CTL);
12702				}
12703				ctl_set_internal_failure(&io->scsiio,
12704							 /*sks_valid*/ 1,
12705							 /*retry_count*/ 4857);
12706				retval = 1;
12707				goto bailout_error;
12708
12709			}
12710			/* XXX KDM do we need a sync here? */
12711
12712			len_to_go -= local_sglist[i].len;
12713		}
12714		/*
12715		 * Reset the number of S/G entries accordingly.  The
12716		 * original number of S/G entries is available in
12717		 * rem_sg_entries.
12718		 */
12719		io->scsiio.kern_sg_entries = i;
12720
12721#if 0
12722		printf("%s: kern_sg_entries = %d\n", __func__,
12723		       io->scsiio.kern_sg_entries);
12724		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12725			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
12726			       local_sglist[i].addr, local_sglist[i].len,
12727			       local_dma_sglist[i].len);
12728#endif
12729	}
12730
12731
12732	return (retval);
12733
12734bailout_error:
12735
12736	ctl_send_datamove_done(io, /*have_lock*/ 0);
12737
12738	return (retval);
12739}
12740
12741static int
12742ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12743			 ctl_ha_dt_cb callback)
12744{
12745	struct ctl_ha_dt_req *rq;
12746	struct ctl_sg_entry *remote_sglist, *local_sglist;
12747	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
12748	uint32_t local_used, remote_used, total_used;
12749	int retval;
12750	int i, j;
12751
12752	retval = 0;
12753
12754	rq = ctl_dt_req_alloc();
12755
12756	/*
12757	 * If we failed to allocate the request, and if the DMA didn't fail
12758	 * anyway, set busy status.  This is just a resource allocation
12759	 * failure.
12760	 */
12761	if ((rq == NULL)
12762	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
12763		ctl_set_busy(&io->scsiio);
12764
12765	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
12766
12767		if (rq != NULL)
12768			ctl_dt_req_free(rq);
12769
12770		/*
12771		 * The data move failed.  We need to return status back
12772		 * to the other controller.  No point in trying to DMA
12773		 * data to the remote controller.
12774		 */
12775
12776		ctl_send_datamove_done(io, /*have_lock*/ 0);
12777
12778		retval = 1;
12779
12780		goto bailout;
12781	}
12782
12783	local_sglist = io->io_hdr.local_sglist;
12784	local_dma_sglist = io->io_hdr.local_dma_sglist;
12785	remote_sglist = io->io_hdr.remote_sglist;
12786	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12787	local_used = 0;
12788	remote_used = 0;
12789	total_used = 0;
12790
12791	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
12792		rq->ret = CTL_HA_STATUS_SUCCESS;
12793		rq->context = io;
12794		callback(rq);
12795		goto bailout;
12796	}
12797
12798	/*
12799	 * Pull/push the data over the wire from/to the other controller.
12800	 * This takes into account the possibility that the local and
12801	 * remote sglists may not be identical in terms of the size of
12802	 * the elements and the number of elements.
12803	 *
12804	 * One fundamental assumption here is that the length allocated for
12805	 * both the local and remote sglists is identical.  Otherwise, we've
12806	 * essentially got a coding error of some sort.
12807	 */
12808	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12809		int isc_ret;
12810		uint32_t cur_len, dma_length;
12811		uint8_t *tmp_ptr;
12812
12813		rq->id = CTL_HA_DATA_CTL;
12814		rq->command = command;
12815		rq->context = io;
12816
12817		/*
12818		 * Both pointers should be aligned.  But it is possible
12819		 * that the allocation length is not.  They should both
12820		 * also have enough slack left over at the end, though,
12821		 * to round up to the next 8 byte boundary.
12822		 */
12823		cur_len = MIN(local_sglist[i].len - local_used,
12824			      remote_sglist[j].len - remote_used);
12825
12826		/*
12827		 * In this case, we have a size issue and need to decrease
12828		 * the size, except in the case where we actually have less
12829		 * than 8 bytes left.  In that case, we need to increase
12830		 * the DMA length to get the last bit.
12831		 */
12832		if ((cur_len & 0x7) != 0) {
12833			if (cur_len > 0x7) {
12834				cur_len = cur_len - (cur_len & 0x7);
12835				dma_length = cur_len;
12836			} else {
12837				CTL_SIZE_8B(dma_length, cur_len);
12838			}
12839
12840		} else
12841			dma_length = cur_len;
12842
12843		/*
12844		 * If we had to allocate memory for this I/O, instead of using
12845		 * the non-cached mirror memory, we'll need to flush the cache
12846		 * before trying to DMA to the other controller.
12847		 *
12848		 * We could end up doing this multiple times for the same
12849		 * segment if we have a larger local segment than remote
12850		 * segment.  That shouldn't be an issue.
12851		 */
12852		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12853			/*
12854			 * XXX KDM use bus_dmamap_sync() here.
12855			 */
12856		}
12857
12858		rq->size = dma_length;
12859
12860		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12861		tmp_ptr += local_used;
12862
12863		/* Use physical addresses when talking to ISC hardware */
12864		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12865			/* XXX KDM use busdma */
12866#if 0
12867			rq->local = vtophys(tmp_ptr);
12868#endif
12869		} else
12870			rq->local = tmp_ptr;
12871
12872		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12873		tmp_ptr += remote_used;
12874		rq->remote = tmp_ptr;
12875
12876		rq->callback = NULL;
12877
12878		local_used += cur_len;
12879		if (local_used >= local_sglist[i].len) {
12880			i++;
12881			local_used = 0;
12882		}
12883
12884		remote_used += cur_len;
12885		if (remote_used >= remote_sglist[j].len) {
12886			j++;
12887			remote_used = 0;
12888		}
12889		total_used += cur_len;
12890
12891		if (total_used >= io->scsiio.kern_data_len)
12892			rq->callback = callback;
12893
12894		if ((rq->size & 0x7) != 0) {
12895			printf("%s: warning: size %d is not on 8b boundary\n",
12896			       __func__, rq->size);
12897		}
12898		if (((uintptr_t)rq->local & 0x7) != 0) {
12899			printf("%s: warning: local %p not on 8b boundary\n",
12900			       __func__, rq->local);
12901		}
12902		if (((uintptr_t)rq->remote & 0x7) != 0) {
12903			printf("%s: warning: remote %p not on 8b boundary\n",
12904			       __func__, rq->local);
12905		}
12906#if 0
12907		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12908		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12909		       rq->local, rq->remote, rq->size);
12910#endif
12911
12912		isc_ret = ctl_dt_single(rq);
12913		if (isc_ret == CTL_HA_STATUS_WAIT)
12914			continue;
12915
12916		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
12917			rq->ret = CTL_HA_STATUS_SUCCESS;
12918		} else {
12919			rq->ret = isc_ret;
12920		}
12921		callback(rq);
12922		goto bailout;
12923	}
12924
12925bailout:
12926	return (retval);
12927
12928}
12929
12930static void
12931ctl_datamove_remote_read(union ctl_io *io)
12932{
12933	int retval;
12934	int i;
12935
12936	/*
12937	 * This will send an error to the other controller in the case of a
12938	 * failure.
12939	 */
12940	retval = ctl_datamove_remote_sgl_setup(io);
12941	if (retval != 0)
12942		return;
12943
12944	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12945					  ctl_datamove_remote_read_cb);
12946	if ((retval != 0)
12947	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
12948		/*
12949		 * Make sure we free memory if there was an error..  The
12950		 * ctl_datamove_remote_xfer() function will send the
12951		 * datamove done message, or call the callback with an
12952		 * error if there is a problem.
12953		 */
12954		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12955			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12956	}
12957
12958	return;
12959}
12960
12961/*
12962 * Process a datamove request from the other controller.  This is used for
12963 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12964 * first.  Once that is complete, the data gets DMAed into the remote
12965 * controller's memory.  For reads, we DMA from the remote controller's
12966 * memory into our memory first, and then move it out to the FETD.
12967 */
12968static void
12969ctl_datamove_remote(union ctl_io *io)
12970{
12971	struct ctl_softc *softc;
12972
12973	softc = control_softc;
12974
12975	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
12976
12977	/*
12978	 * Note that we look for an aborted I/O here, but don't do some of
12979	 * the other checks that ctl_datamove() normally does.
12980	 * We don't need to run the datamove delay code, since that should
12981	 * have been done if need be on the other controller.
12982	 */
12983	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12984		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
12985		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
12986		       io->io_hdr.nexus.targ_port,
12987		       io->io_hdr.nexus.targ_target.id,
12988		       io->io_hdr.nexus.targ_lun);
12989		io->io_hdr.port_status = 31338;
12990		ctl_send_datamove_done(io, /*have_lock*/ 0);
12991		return;
12992	}
12993
12994	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
12995		ctl_datamove_remote_write(io);
12996	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
12997		ctl_datamove_remote_read(io);
12998	} else {
12999		union ctl_ha_msg msg;
13000		struct scsi_sense_data *sense;
13001		uint8_t sks[3];
13002		int retry_count;
13003
13004		memset(&msg, 0, sizeof(msg));
13005
13006		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13007		msg.hdr.status = CTL_SCSI_ERROR;
13008		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13009
13010		retry_count = 4243;
13011
13012		sense = &msg.scsi.sense_data;
13013		sks[0] = SSD_SCS_VALID;
13014		sks[1] = (retry_count >> 8) & 0xff;
13015		sks[2] = retry_count & 0xff;
13016
13017		/* "Internal target failure" */
13018		scsi_set_sense_data(sense,
13019				    /*sense_format*/ SSD_TYPE_NONE,
13020				    /*current_error*/ 1,
13021				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13022				    /*asc*/ 0x44,
13023				    /*ascq*/ 0x00,
13024				    /*type*/ SSD_ELEM_SKS,
13025				    /*size*/ sizeof(sks),
13026				    /*data*/ sks,
13027				    SSD_ELEM_NONE);
13028
13029		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13030		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13031			ctl_failover_io(io, /*have_lock*/ 1);
13032			return;
13033		}
13034
13035		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13036		    CTL_HA_STATUS_SUCCESS) {
13037			/* XXX KDM what to do if this fails? */
13038		}
13039		return;
13040	}
13041
13042}
13043
13044static int
13045ctl_process_done(union ctl_io *io)
13046{
13047	struct ctl_lun *lun;
13048	struct ctl_softc *softc = control_softc;
13049	void (*fe_done)(union ctl_io *io);
13050	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13051
13052	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13053
13054	fe_done = softc->ctl_ports[targ_port]->fe_done;
13055
13056#ifdef CTL_TIME_IO
13057	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13058		char str[256];
13059		char path_str[64];
13060		struct sbuf sb;
13061
13062		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13063		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13064
13065		sbuf_cat(&sb, path_str);
13066		switch (io->io_hdr.io_type) {
13067		case CTL_IO_SCSI:
13068			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13069			sbuf_printf(&sb, "\n");
13070			sbuf_cat(&sb, path_str);
13071			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13072				    io->scsiio.tag_num, io->scsiio.tag_type);
13073			break;
13074		case CTL_IO_TASK:
13075			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13076				    "Tag Type: %d\n", io->taskio.task_action,
13077				    io->taskio.tag_num, io->taskio.tag_type);
13078			break;
13079		default:
13080			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13081			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13082			break;
13083		}
13084		sbuf_cat(&sb, path_str);
13085		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13086			    (intmax_t)time_uptime - io->io_hdr.start_time);
13087		sbuf_finish(&sb);
13088		printf("%s", sbuf_data(&sb));
13089	}
13090#endif /* CTL_TIME_IO */
13091
13092	switch (io->io_hdr.io_type) {
13093	case CTL_IO_SCSI:
13094		break;
13095	case CTL_IO_TASK:
13096		if (ctl_debug & CTL_DEBUG_INFO)
13097			ctl_io_error_print(io, NULL);
13098		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13099			ctl_free_io(io);
13100		else
13101			fe_done(io);
13102		return (CTL_RETVAL_COMPLETE);
13103	default:
13104		panic("ctl_process_done: invalid io type %d\n",
13105		      io->io_hdr.io_type);
13106		break; /* NOTREACHED */
13107	}
13108
13109	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13110	if (lun == NULL) {
13111		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13112				 io->io_hdr.nexus.targ_mapped_lun));
13113		goto bailout;
13114	}
13115
13116	mtx_lock(&lun->lun_lock);
13117
13118	/*
13119	 * Check to see if we have any errors to inject here.  We only
13120	 * inject errors for commands that don't already have errors set.
13121	 */
13122	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
13123	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13124	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13125		ctl_inject_error(lun, io);
13126
13127	/*
13128	 * XXX KDM how do we treat commands that aren't completed
13129	 * successfully?
13130	 *
13131	 * XXX KDM should we also track I/O latency?
13132	 */
13133	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13134	    io->io_hdr.io_type == CTL_IO_SCSI) {
13135#ifdef CTL_TIME_IO
13136		struct bintime cur_bt;
13137#endif
13138		int type;
13139
13140		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13141		    CTL_FLAG_DATA_IN)
13142			type = CTL_STATS_READ;
13143		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13144		    CTL_FLAG_DATA_OUT)
13145			type = CTL_STATS_WRITE;
13146		else
13147			type = CTL_STATS_NO_IO;
13148
13149		lun->stats.ports[targ_port].bytes[type] +=
13150		    io->scsiio.kern_total_len;
13151		lun->stats.ports[targ_port].operations[type]++;
13152#ifdef CTL_TIME_IO
13153		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13154		   &io->io_hdr.dma_bt);
13155		lun->stats.ports[targ_port].num_dmas[type] +=
13156		    io->io_hdr.num_dmas;
13157		getbintime(&cur_bt);
13158		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13159		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13160#endif
13161	}
13162
13163	/*
13164	 * Remove this from the OOA queue.
13165	 */
13166	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13167#ifdef CTL_TIME_IO
13168	if (TAILQ_EMPTY(&lun->ooa_queue))
13169		lun->last_busy = getsbinuptime();
13170#endif
13171
13172	/*
13173	 * Run through the blocked queue on this LUN and see if anything
13174	 * has become unblocked, now that this transaction is done.
13175	 */
13176	ctl_check_blocked(lun);
13177
13178	/*
13179	 * If the LUN has been invalidated, free it if there is nothing
13180	 * left on its OOA queue.
13181	 */
13182	if ((lun->flags & CTL_LUN_INVALID)
13183	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13184		mtx_unlock(&lun->lun_lock);
13185		mtx_lock(&softc->ctl_lock);
13186		ctl_free_lun(lun);
13187		mtx_unlock(&softc->ctl_lock);
13188	} else
13189		mtx_unlock(&lun->lun_lock);
13190
13191bailout:
13192
13193	/*
13194	 * If this command has been aborted, make sure we set the status
13195	 * properly.  The FETD is responsible for freeing the I/O and doing
13196	 * whatever it needs to do to clean up its state.
13197	 */
13198	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13199		ctl_set_task_aborted(&io->scsiio);
13200
13201	/*
13202	 * If enabled, print command error status.
13203	 */
13204	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13205	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13206		ctl_io_error_print(io, NULL);
13207
13208	/*
13209	 * Tell the FETD or the other shelf controller we're done with this
13210	 * command.  Note that only SCSI commands get to this point.  Task
13211	 * management commands are completed above.
13212	 *
13213	 * We only send status to the other controller if we're in XFER
13214	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13215	 * received the I/O (from CTL's perspective), and so the status is
13216	 * generated there.
13217	 *
13218	 * XXX KDM if we hold the lock here, we could cause a deadlock
13219	 * if the frontend comes back in in this context to queue
13220	 * something.
13221	 */
13222	if ((softc->ha_mode == CTL_HA_MODE_XFER)
13223	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13224		union ctl_ha_msg msg;
13225
13226		memset(&msg, 0, sizeof(msg));
13227		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13228		msg.hdr.original_sc = io->io_hdr.original_sc;
13229		msg.hdr.nexus = io->io_hdr.nexus;
13230		msg.hdr.status = io->io_hdr.status;
13231		msg.scsi.scsi_status = io->scsiio.scsi_status;
13232		msg.scsi.tag_num = io->scsiio.tag_num;
13233		msg.scsi.tag_type = io->scsiio.tag_type;
13234		msg.scsi.sense_len = io->scsiio.sense_len;
13235		msg.scsi.sense_residual = io->scsiio.sense_residual;
13236		msg.scsi.residual = io->scsiio.residual;
13237		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13238		       sizeof(io->scsiio.sense_data));
13239		/*
13240		 * We copy this whether or not this is an I/O-related
13241		 * command.  Otherwise, we'd have to go and check to see
13242		 * whether it's a read/write command, and it really isn't
13243		 * worth it.
13244		 */
13245		memcpy(&msg.scsi.lbalen,
13246		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13247		       sizeof(msg.scsi.lbalen));
13248
13249		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13250				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13251			/* XXX do something here */
13252		}
13253
13254		ctl_free_io(io);
13255	} else
13256		fe_done(io);
13257
13258	return (CTL_RETVAL_COMPLETE);
13259}
13260
13261#ifdef CTL_WITH_CA
13262/*
13263 * Front end should call this if it doesn't do autosense.  When the request
13264 * sense comes back in from the initiator, we'll dequeue this and send it.
13265 */
13266int
13267ctl_queue_sense(union ctl_io *io)
13268{
13269	struct ctl_lun *lun;
13270	struct ctl_port *port;
13271	struct ctl_softc *softc;
13272	uint32_t initidx, targ_lun;
13273
13274	softc = control_softc;
13275
13276	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13277
13278	/*
13279	 * LUN lookup will likely move to the ctl_work_thread() once we
13280	 * have our new queueing infrastructure (that doesn't put things on
13281	 * a per-LUN queue initially).  That is so that we can handle
13282	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13283	 * can't deal with that right now.
13284	 */
13285	mtx_lock(&softc->ctl_lock);
13286
13287	/*
13288	 * If we don't have a LUN for this, just toss the sense
13289	 * information.
13290	 */
13291	port = ctl_io_port(&ctsio->io_hdr);
13292	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13293	if ((targ_lun < CTL_MAX_LUNS)
13294	 && (softc->ctl_luns[targ_lun] != NULL))
13295		lun = softc->ctl_luns[targ_lun];
13296	else
13297		goto bailout;
13298
13299	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13300
13301	mtx_lock(&lun->lun_lock);
13302	/*
13303	 * Already have CA set for this LUN...toss the sense information.
13304	 */
13305	if (ctl_is_set(lun->have_ca, initidx)) {
13306		mtx_unlock(&lun->lun_lock);
13307		goto bailout;
13308	}
13309
13310	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13311	       MIN(sizeof(lun->pending_sense[initidx]),
13312	       sizeof(io->scsiio.sense_data)));
13313	ctl_set_mask(lun->have_ca, initidx);
13314	mtx_unlock(&lun->lun_lock);
13315
13316bailout:
13317	mtx_unlock(&softc->ctl_lock);
13318
13319	ctl_free_io(io);
13320
13321	return (CTL_RETVAL_COMPLETE);
13322}
13323#endif
13324
13325/*
13326 * Primary command inlet from frontend ports.  All SCSI and task I/O
13327 * requests must go through this function.
13328 */
13329int
13330ctl_queue(union ctl_io *io)
13331{
13332	struct ctl_port *port;
13333
13334	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13335
13336#ifdef CTL_TIME_IO
13337	io->io_hdr.start_time = time_uptime;
13338	getbintime(&io->io_hdr.start_bt);
13339#endif /* CTL_TIME_IO */
13340
13341	/* Map FE-specific LUN ID into global one. */
13342	port = ctl_io_port(&io->io_hdr);
13343	io->io_hdr.nexus.targ_mapped_lun =
13344	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13345
13346	switch (io->io_hdr.io_type) {
13347	case CTL_IO_SCSI:
13348	case CTL_IO_TASK:
13349		if (ctl_debug & CTL_DEBUG_CDB)
13350			ctl_io_print(io);
13351		ctl_enqueue_incoming(io);
13352		break;
13353	default:
13354		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13355		return (EINVAL);
13356	}
13357
13358	return (CTL_RETVAL_COMPLETE);
13359}
13360
13361#ifdef CTL_IO_DELAY
13362static void
13363ctl_done_timer_wakeup(void *arg)
13364{
13365	union ctl_io *io;
13366
13367	io = (union ctl_io *)arg;
13368	ctl_done(io);
13369}
13370#endif /* CTL_IO_DELAY */
13371
13372void
13373ctl_done(union ctl_io *io)
13374{
13375
13376	/*
13377	 * Enable this to catch duplicate completion issues.
13378	 */
13379#if 0
13380	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13381		printf("%s: type %d msg %d cdb %x iptl: "
13382		       "%d:%d:%d:%d tag 0x%04x "
13383		       "flag %#x status %x\n",
13384			__func__,
13385			io->io_hdr.io_type,
13386			io->io_hdr.msg_type,
13387			io->scsiio.cdb[0],
13388			io->io_hdr.nexus.initid.id,
13389			io->io_hdr.nexus.targ_port,
13390			io->io_hdr.nexus.targ_target.id,
13391			io->io_hdr.nexus.targ_lun,
13392			(io->io_hdr.io_type ==
13393			CTL_IO_TASK) ?
13394			io->taskio.tag_num :
13395			io->scsiio.tag_num,
13396		        io->io_hdr.flags,
13397			io->io_hdr.status);
13398	} else
13399		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13400#endif
13401
13402	/*
13403	 * This is an internal copy of an I/O, and should not go through
13404	 * the normal done processing logic.
13405	 */
13406	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13407		return;
13408
13409	/*
13410	 * We need to send a msg to the serializing shelf to finish the IO
13411	 * as well.  We don't send a finish message to the other shelf if
13412	 * this is a task management command.  Task management commands
13413	 * aren't serialized in the OOA queue, but rather just executed on
13414	 * both shelf controllers for commands that originated on that
13415	 * controller.
13416	 */
13417	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13418	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13419		union ctl_ha_msg msg_io;
13420
13421		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13422		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13423		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13424		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13425		}
13426		/* continue on to finish IO */
13427	}
13428#ifdef CTL_IO_DELAY
13429	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13430		struct ctl_lun *lun;
13431
13432		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13433
13434		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13435	} else {
13436		struct ctl_lun *lun;
13437
13438		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13439
13440		if ((lun != NULL)
13441		 && (lun->delay_info.done_delay > 0)) {
13442
13443			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13444			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13445			callout_reset(&io->io_hdr.delay_callout,
13446				      lun->delay_info.done_delay * hz,
13447				      ctl_done_timer_wakeup, io);
13448			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13449				lun->delay_info.done_delay = 0;
13450			return;
13451		}
13452	}
13453#endif /* CTL_IO_DELAY */
13454
13455	ctl_enqueue_done(io);
13456}
13457
13458int
13459ctl_isc(struct ctl_scsiio *ctsio)
13460{
13461	struct ctl_lun *lun;
13462	int retval;
13463
13464	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13465
13466	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13467
13468	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13469
13470	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13471
13472	return (retval);
13473}
13474
13475
13476static void
13477ctl_work_thread(void *arg)
13478{
13479	struct ctl_thread *thr = (struct ctl_thread *)arg;
13480	struct ctl_softc *softc = thr->ctl_softc;
13481	union ctl_io *io;
13482	int retval;
13483
13484	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13485
13486	for (;;) {
13487		retval = 0;
13488
13489		/*
13490		 * We handle the queues in this order:
13491		 * - ISC
13492		 * - done queue (to free up resources, unblock other commands)
13493		 * - RtR queue
13494		 * - incoming queue
13495		 *
13496		 * If those queues are empty, we break out of the loop and
13497		 * go to sleep.
13498		 */
13499		mtx_lock(&thr->queue_lock);
13500		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13501		if (io != NULL) {
13502			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13503			mtx_unlock(&thr->queue_lock);
13504			ctl_handle_isc(io);
13505			continue;
13506		}
13507		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13508		if (io != NULL) {
13509			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13510			/* clear any blocked commands, call fe_done */
13511			mtx_unlock(&thr->queue_lock);
13512			retval = ctl_process_done(io);
13513			continue;
13514		}
13515		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13516		if (io != NULL) {
13517			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13518			mtx_unlock(&thr->queue_lock);
13519			if (io->io_hdr.io_type == CTL_IO_TASK)
13520				ctl_run_task(io);
13521			else
13522				ctl_scsiio_precheck(softc, &io->scsiio);
13523			continue;
13524		}
13525		if (!ctl_pause_rtr) {
13526			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13527			if (io != NULL) {
13528				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13529				mtx_unlock(&thr->queue_lock);
13530				retval = ctl_scsiio(&io->scsiio);
13531				if (retval != CTL_RETVAL_COMPLETE)
13532					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13533				continue;
13534			}
13535		}
13536
13537		/* Sleep until we have something to do. */
13538		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13539	}
13540}
13541
13542static void
13543ctl_lun_thread(void *arg)
13544{
13545	struct ctl_softc *softc = (struct ctl_softc *)arg;
13546	struct ctl_be_lun *be_lun;
13547	int retval;
13548
13549	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13550
13551	for (;;) {
13552		retval = 0;
13553		mtx_lock(&softc->ctl_lock);
13554		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13555		if (be_lun != NULL) {
13556			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13557			mtx_unlock(&softc->ctl_lock);
13558			ctl_create_lun(be_lun);
13559			continue;
13560		}
13561
13562		/* Sleep until we have something to do. */
13563		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13564		    PDROP | PRIBIO, "-", 0);
13565	}
13566}
13567
13568static void
13569ctl_thresh_thread(void *arg)
13570{
13571	struct ctl_softc *softc = (struct ctl_softc *)arg;
13572	struct ctl_lun *lun;
13573	struct ctl_be_lun *be_lun;
13574	struct scsi_da_rw_recovery_page *rwpage;
13575	struct ctl_logical_block_provisioning_page *page;
13576	const char *attr;
13577	uint64_t thres, val;
13578	int i, e;
13579
13580	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13581
13582	for (;;) {
13583		mtx_lock(&softc->ctl_lock);
13584		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13585			be_lun = lun->be_lun;
13586			if ((lun->flags & CTL_LUN_DISABLED) ||
13587			    (lun->flags & CTL_LUN_OFFLINE) ||
13588			    lun->backend->lun_attr == NULL)
13589				continue;
13590			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13591			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13592				continue;
13593			e = 0;
13594			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13595			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13596				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13597					continue;
13598				thres = scsi_4btoul(page->descr[i].count);
13599				thres <<= CTL_LBP_EXPONENT;
13600				switch (page->descr[i].resource) {
13601				case 0x01:
13602					attr = "blocksavail";
13603					break;
13604				case 0x02:
13605					attr = "blocksused";
13606					break;
13607				case 0xf1:
13608					attr = "poolblocksavail";
13609					break;
13610				case 0xf2:
13611					attr = "poolblocksused";
13612					break;
13613				default:
13614					continue;
13615				}
13616				mtx_unlock(&softc->ctl_lock); // XXX
13617				val = lun->backend->lun_attr(
13618				    lun->be_lun->be_lun, attr);
13619				mtx_lock(&softc->ctl_lock);
13620				if (val == UINT64_MAX)
13621					continue;
13622				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13623				    == SLBPPD_ARMING_INC)
13624					e |= (val >= thres);
13625				else
13626					e |= (val <= thres);
13627			}
13628			mtx_lock(&lun->lun_lock);
13629			if (e) {
13630				if (lun->lasttpt == 0 ||
13631				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13632					lun->lasttpt = time_uptime;
13633					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13634				}
13635			} else {
13636				lun->lasttpt = 0;
13637				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13638			}
13639			mtx_unlock(&lun->lun_lock);
13640		}
13641		mtx_unlock(&softc->ctl_lock);
13642		pause("-", CTL_LBP_PERIOD * hz);
13643	}
13644}
13645
13646static void
13647ctl_enqueue_incoming(union ctl_io *io)
13648{
13649	struct ctl_softc *softc = control_softc;
13650	struct ctl_thread *thr;
13651	u_int idx;
13652
13653	idx = (io->io_hdr.nexus.targ_port * 127 +
13654	       io->io_hdr.nexus.initid.id) % worker_threads;
13655	thr = &softc->threads[idx];
13656	mtx_lock(&thr->queue_lock);
13657	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13658	mtx_unlock(&thr->queue_lock);
13659	wakeup(thr);
13660}
13661
13662static void
13663ctl_enqueue_rtr(union ctl_io *io)
13664{
13665	struct ctl_softc *softc = control_softc;
13666	struct ctl_thread *thr;
13667
13668	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13669	mtx_lock(&thr->queue_lock);
13670	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13671	mtx_unlock(&thr->queue_lock);
13672	wakeup(thr);
13673}
13674
13675static void
13676ctl_enqueue_done(union ctl_io *io)
13677{
13678	struct ctl_softc *softc = control_softc;
13679	struct ctl_thread *thr;
13680
13681	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13682	mtx_lock(&thr->queue_lock);
13683	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13684	mtx_unlock(&thr->queue_lock);
13685	wakeup(thr);
13686}
13687
13688#ifdef notyet
13689static void
13690ctl_enqueue_isc(union ctl_io *io)
13691{
13692	struct ctl_softc *softc = control_softc;
13693	struct ctl_thread *thr;
13694
13695	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13696	mtx_lock(&thr->queue_lock);
13697	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13698	mtx_unlock(&thr->queue_lock);
13699	wakeup(thr);
13700}
13701
13702/* Initialization and failover */
13703
13704void
13705ctl_init_isc_msg(void)
13706{
13707	printf("CTL: Still calling this thing\n");
13708}
13709
13710/*
13711 * Init component
13712 * 	Initializes component into configuration defined by bootMode
13713 *	(see hasc-sv.c)
13714 *  	returns hasc_Status:
13715 * 		OK
13716 *		ERROR - fatal error
13717 */
13718static ctl_ha_comp_status
13719ctl_isc_init(struct ctl_ha_component *c)
13720{
13721	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13722
13723	c->status = ret;
13724	return ret;
13725}
13726
13727/* Start component
13728 * 	Starts component in state requested. If component starts successfully,
13729 *	it must set its own state to the requestrd state
13730 *	When requested state is HASC_STATE_HA, the component may refine it
13731 * 	by adding _SLAVE or _MASTER flags.
13732 *	Currently allowed state transitions are:
13733 *	UNKNOWN->HA		- initial startup
13734 *	UNKNOWN->SINGLE - initial startup when no parter detected
13735 *	HA->SINGLE		- failover
13736 * returns ctl_ha_comp_status:
13737 * 		OK	- component successfully started in requested state
13738 *		FAILED  - could not start the requested state, failover may
13739 * 			  be possible
13740 *		ERROR	- fatal error detected, no future startup possible
13741 */
13742static ctl_ha_comp_status
13743ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
13744{
13745	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13746
13747	printf("%s: go\n", __func__);
13748
13749	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
13750	if (c->state == CTL_HA_STATE_UNKNOWN ) {
13751		control_softc->is_single = 0;
13752		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
13753		    != CTL_HA_STATUS_SUCCESS) {
13754			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
13755			ret = CTL_HA_COMP_STATUS_ERROR;
13756		}
13757	} else if (CTL_HA_STATE_IS_HA(c->state)
13758		&& CTL_HA_STATE_IS_SINGLE(state)){
13759		// HA->SINGLE transition
13760	        ctl_failover();
13761		control_softc->is_single = 1;
13762	} else {
13763		printf("ctl_isc_start:Invalid state transition %X->%X\n",
13764		       c->state, state);
13765		ret = CTL_HA_COMP_STATUS_ERROR;
13766	}
13767	if (CTL_HA_STATE_IS_SINGLE(state))
13768		control_softc->is_single = 1;
13769
13770	c->state = state;
13771	c->status = ret;
13772	return ret;
13773}
13774
13775/*
13776 * Quiesce component
13777 * The component must clear any error conditions (set status to OK) and
13778 * prepare itself to another Start call
13779 * returns ctl_ha_comp_status:
13780 * 	OK
13781 *	ERROR
13782 */
13783static ctl_ha_comp_status
13784ctl_isc_quiesce(struct ctl_ha_component *c)
13785{
13786	int ret = CTL_HA_COMP_STATUS_OK;
13787
13788	ctl_pause_rtr = 1;
13789	c->status = ret;
13790	return ret;
13791}
13792
13793struct ctl_ha_component ctl_ha_component_ctlisc =
13794{
13795	.name = "CTL ISC",
13796	.state = CTL_HA_STATE_UNKNOWN,
13797	.init = ctl_isc_init,
13798	.start = ctl_isc_start,
13799	.quiesce = ctl_isc_quiesce
13800};
13801#endif
13802
13803/*
13804 *  vim: ts=8
13805 */
13806