ctl.c revision 288746 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288746 2015-10-05 09:09:48Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264const static struct scsi_info_exceptions_page ie_page_default = {
265	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
266	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
267	/*info_flags*/SIEP_FLAGS_DEXCPT,
268	/*mrie*/0,
269	/*interval_timer*/{0, 0, 0, 0},
270	/*report_count*/{0, 0, 0, 0}
271};
272
273const static struct scsi_info_exceptions_page ie_page_changeable = {
274	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
275	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
276	/*info_flags*/0,
277	/*mrie*/0,
278	/*interval_timer*/{0, 0, 0, 0},
279	/*report_count*/{0, 0, 0, 0}
280};
281
282#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
283
284const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
286	/*subpage_code*/0x02,
287	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
288	/*flags*/0,
289	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
290	/*descr*/{}},
291	{{/*flags*/0,
292	  /*resource*/0x01,
293	  /*reserved*/{0, 0},
294	  /*count*/{0, 0, 0, 0}},
295	 {/*flags*/0,
296	  /*resource*/0x02,
297	  /*reserved*/{0, 0},
298	  /*count*/{0, 0, 0, 0}},
299	 {/*flags*/0,
300	  /*resource*/0xf1,
301	  /*reserved*/{0, 0},
302	  /*count*/{0, 0, 0, 0}},
303	 {/*flags*/0,
304	  /*resource*/0xf2,
305	  /*reserved*/{0, 0},
306	  /*count*/{0, 0, 0, 0}}
307	}
308};
309
310const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
311	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
312	/*subpage_code*/0x02,
313	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
314	/*flags*/0,
315	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
316	/*descr*/{}},
317	{{/*flags*/0,
318	  /*resource*/0,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}},
325	 {/*flags*/0,
326	  /*resource*/0,
327	  /*reserved*/{0, 0},
328	  /*count*/{0, 0, 0, 0}},
329	 {/*flags*/0,
330	  /*resource*/0,
331	  /*reserved*/{0, 0},
332	  /*count*/{0, 0, 0, 0}}
333	}
334};
335
336SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
337static int worker_threads = -1;
338TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
339SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
340    &worker_threads, 1, "Number of worker threads");
341static int ctl_debug = CTL_DEBUG_NONE;
342TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
343SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
344    &ctl_debug, 0, "Enabled debug flags");
345
346/*
347 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
348 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
349 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
350 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
351 */
352#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
353
354static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
355				  int param);
356static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
357static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
358static int ctl_init(void);
359void ctl_shutdown(void);
360static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
361static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
362static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
363static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
364			      struct ctl_ooa *ooa_hdr,
365			      struct ctl_ooa_entry *kern_entries);
366static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
367		     struct thread *td);
368static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
369			 struct ctl_be_lun *be_lun);
370static int ctl_free_lun(struct ctl_lun *lun);
371static void ctl_create_lun(struct ctl_be_lun *be_lun);
372static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
373
374static int ctl_do_mode_select(union ctl_io *io);
375static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
376			   uint64_t res_key, uint64_t sa_res_key,
377			   uint8_t type, uint32_t residx,
378			   struct ctl_scsiio *ctsio,
379			   struct scsi_per_res_out *cdb,
380			   struct scsi_per_res_out_parms* param);
381static void ctl_pro_preempt_other(struct ctl_lun *lun,
382				  union ctl_ha_msg *msg);
383static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
384static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
385static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
386static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
387static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
388static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
389static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
390					 int alloc_len);
391static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
392					 int alloc_len);
393static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
394static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
395static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
396static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
397static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
398static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
399    bool seq);
400static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
401static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
402    union ctl_io *pending_io, union ctl_io *ooa_io);
403static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
404				union ctl_io *starting_io);
405static int ctl_check_blocked(struct ctl_lun *lun);
406static int ctl_scsiio_lun_check(struct ctl_lun *lun,
407				const struct ctl_cmd_entry *entry,
408				struct ctl_scsiio *ctsio);
409static void ctl_failover_lun(struct ctl_lun *lun);
410static void ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua);
411static void ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except,
412    ctl_ua_type ua);
413static void ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua);
414static void ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua);
415static void ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua);
416static void ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
417			 ctl_ua_type ua_type);
418static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
419			       struct ctl_scsiio *ctsio);
420static int ctl_scsiio(struct ctl_scsiio *ctsio);
421
422static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
423static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
424			    ctl_ua_type ua_type);
425static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
426			 ctl_ua_type ua_type);
427static int ctl_abort_task(union ctl_io *io);
428static int ctl_abort_task_set(union ctl_io *io);
429static int ctl_i_t_nexus_reset(union ctl_io *io);
430static void ctl_run_task(union ctl_io *io);
431#ifdef CTL_IO_DELAY
432static void ctl_datamove_timer_wakeup(void *arg);
433static void ctl_done_timer_wakeup(void *arg);
434#endif /* CTL_IO_DELAY */
435
436static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
437static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
438static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
439static void ctl_datamove_remote_write(union ctl_io *io);
440static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
441static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
442static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
443static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
444				    ctl_ha_dt_cb callback);
445static void ctl_datamove_remote_read(union ctl_io *io);
446static void ctl_datamove_remote(union ctl_io *io);
447static int ctl_process_done(union ctl_io *io);
448static void ctl_lun_thread(void *arg);
449static void ctl_thresh_thread(void *arg);
450static void ctl_work_thread(void *arg);
451static void ctl_enqueue_incoming(union ctl_io *io);
452static void ctl_enqueue_rtr(union ctl_io *io);
453static void ctl_enqueue_done(union ctl_io *io);
454static void ctl_enqueue_isc(union ctl_io *io);
455static const struct ctl_cmd_entry *
456    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
457static const struct ctl_cmd_entry *
458    ctl_validate_command(struct ctl_scsiio *ctsio);
459static int ctl_cmd_applicable(uint8_t lun_type,
460    const struct ctl_cmd_entry *entry);
461
462static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
463static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
464static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
465static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
466
467/*
468 * Load the serialization table.  This isn't very pretty, but is probably
469 * the easiest way to do it.
470 */
471#include "ctl_ser_table.c"
472
473/*
474 * We only need to define open, close and ioctl routines for this driver.
475 */
476static struct cdevsw ctl_cdevsw = {
477	.d_version =	D_VERSION,
478	.d_flags =	0,
479	.d_open =	ctl_open,
480	.d_close =	ctl_close,
481	.d_ioctl =	ctl_ioctl,
482	.d_name =	"ctl",
483};
484
485
486MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
487
488static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
489
490static moduledata_t ctl_moduledata = {
491	"ctl",
492	ctl_module_event_handler,
493	NULL
494};
495
496DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
497MODULE_VERSION(ctl, 1);
498
499static struct ctl_frontend ha_frontend =
500{
501	.name = "ha",
502};
503
504static void
505ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
506			    union ctl_ha_msg *msg_info)
507{
508	struct ctl_scsiio *ctsio;
509
510	if (msg_info->hdr.original_sc == NULL) {
511		printf("%s: original_sc == NULL!\n", __func__);
512		/* XXX KDM now what? */
513		return;
514	}
515
516	ctsio = &msg_info->hdr.original_sc->scsiio;
517	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
518	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
519	ctsio->io_hdr.status = msg_info->hdr.status;
520	ctsio->scsi_status = msg_info->scsi.scsi_status;
521	ctsio->sense_len = msg_info->scsi.sense_len;
522	ctsio->sense_residual = msg_info->scsi.sense_residual;
523	ctsio->residual = msg_info->scsi.residual;
524	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
525	       msg_info->scsi.sense_len);
526	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
527	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
528	ctl_enqueue_isc((union ctl_io *)ctsio);
529}
530
531static void
532ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
533				union ctl_ha_msg *msg_info)
534{
535	struct ctl_scsiio *ctsio;
536
537	if (msg_info->hdr.serializing_sc == NULL) {
538		printf("%s: serializing_sc == NULL!\n", __func__);
539		/* XXX KDM now what? */
540		return;
541	}
542
543	ctsio = &msg_info->hdr.serializing_sc->scsiio;
544	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
545	ctl_enqueue_isc((union ctl_io *)ctsio);
546}
547
548void
549ctl_isc_announce_lun(struct ctl_lun *lun)
550{
551	struct ctl_softc *softc = lun->ctl_softc;
552	union ctl_ha_msg *msg;
553	struct ctl_ha_msg_lun_pr_key pr_key;
554	int i, k;
555
556	if (softc->ha_link != CTL_HA_LINK_ONLINE)
557		return;
558	mtx_lock(&lun->lun_lock);
559	i = sizeof(msg->lun);
560	if (lun->lun_devid)
561		i += lun->lun_devid->len;
562	i += sizeof(pr_key) * lun->pr_key_count;
563alloc:
564	mtx_unlock(&lun->lun_lock);
565	msg = malloc(i, M_CTL, M_WAITOK);
566	mtx_lock(&lun->lun_lock);
567	k = sizeof(msg->lun);
568	if (lun->lun_devid)
569		k += lun->lun_devid->len;
570	k += sizeof(pr_key) * lun->pr_key_count;
571	if (i < k) {
572		free(msg, M_CTL);
573		i = k;
574		goto alloc;
575	}
576	bzero(&msg->lun, sizeof(msg->lun));
577	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
578	msg->hdr.nexus.targ_lun = lun->lun;
579	msg->hdr.nexus.targ_mapped_lun = lun->lun;
580	msg->lun.flags = lun->flags;
581	msg->lun.pr_generation = lun->PRGeneration;
582	msg->lun.pr_res_idx = lun->pr_res_idx;
583	msg->lun.pr_res_type = lun->res_type;
584	msg->lun.pr_key_count = lun->pr_key_count;
585	i = 0;
586	if (lun->lun_devid) {
587		msg->lun.lun_devid_len = lun->lun_devid->len;
588		memcpy(&msg->lun.data[i], lun->lun_devid->data,
589		    msg->lun.lun_devid_len);
590		i += msg->lun.lun_devid_len;
591	}
592	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
593		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
594			continue;
595		pr_key.pr_iid = k;
596		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
597		i += sizeof(pr_key);
598	}
599	mtx_unlock(&lun->lun_lock);
600	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
601	    M_WAITOK);
602	free(msg, M_CTL);
603}
604
605void
606ctl_isc_announce_port(struct ctl_port *port)
607{
608	struct ctl_softc *softc = control_softc;
609	union ctl_ha_msg *msg;
610	int i;
611
612	if (port->targ_port < softc->port_min ||
613	    port->targ_port >= softc->port_max ||
614	    softc->ha_link != CTL_HA_LINK_ONLINE)
615		return;
616	i = sizeof(msg->port) + strlen(port->port_name) + 1;
617	if (port->lun_map)
618		i += sizeof(uint32_t) * CTL_MAX_LUNS;
619	if (port->port_devid)
620		i += port->port_devid->len;
621	if (port->target_devid)
622		i += port->target_devid->len;
623	msg = malloc(i, M_CTL, M_WAITOK);
624	bzero(&msg->port, sizeof(msg->port));
625	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
626	msg->hdr.nexus.targ_port = port->targ_port;
627	msg->port.port_type = port->port_type;
628	msg->port.physical_port = port->physical_port;
629	msg->port.virtual_port = port->virtual_port;
630	msg->port.status = port->status;
631	i = 0;
632	msg->port.name_len = sprintf(&msg->port.data[i],
633	    "%d:%s", softc->ha_id, port->port_name) + 1;
634	i += msg->port.name_len;
635	if (port->lun_map) {
636		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
637		memcpy(&msg->port.data[i], port->lun_map,
638		    msg->port.lun_map_len);
639		i += msg->port.lun_map_len;
640	}
641	if (port->port_devid) {
642		msg->port.port_devid_len = port->port_devid->len;
643		memcpy(&msg->port.data[i], port->port_devid->data,
644		    msg->port.port_devid_len);
645		i += msg->port.port_devid_len;
646	}
647	if (port->target_devid) {
648		msg->port.target_devid_len = port->target_devid->len;
649		memcpy(&msg->port.data[i], port->target_devid->data,
650		    msg->port.target_devid_len);
651		i += msg->port.target_devid_len;
652	}
653	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
654	    M_WAITOK);
655	free(msg, M_CTL);
656}
657
658static void
659ctl_isc_ha_link_up(struct ctl_softc *softc)
660{
661	struct ctl_port *port;
662	struct ctl_lun *lun;
663
664	STAILQ_FOREACH(port, &softc->port_list, links)
665		ctl_isc_announce_port(port);
666	STAILQ_FOREACH(lun, &softc->lun_list, links)
667		ctl_isc_announce_lun(lun);
668}
669
670static void
671ctl_isc_ha_link_down(struct ctl_softc *softc)
672{
673	struct ctl_port *port;
674	struct ctl_lun *lun;
675	union ctl_io *io;
676
677	mtx_lock(&softc->ctl_lock);
678	STAILQ_FOREACH(lun, &softc->lun_list, links) {
679		mtx_lock(&lun->lun_lock);
680		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
681			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
682			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
683		}
684		mtx_unlock(&lun->lun_lock);
685
686		mtx_unlock(&softc->ctl_lock);
687		io = ctl_alloc_io(softc->othersc_pool);
688		mtx_lock(&softc->ctl_lock);
689		ctl_zero_io(io);
690		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
691		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
692		ctl_enqueue_isc(io);
693	}
694
695	STAILQ_FOREACH(port, &softc->port_list, links) {
696		if (port->targ_port >= softc->port_min &&
697		    port->targ_port < softc->port_max)
698			continue;
699		port->status &= ~CTL_PORT_STATUS_ONLINE;
700	}
701	mtx_unlock(&softc->ctl_lock);
702}
703
704static void
705ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
706{
707	struct ctl_lun *lun;
708	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
709
710	mtx_lock(&softc->ctl_lock);
711	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
712	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
713		mtx_lock(&lun->lun_lock);
714		mtx_unlock(&softc->ctl_lock);
715		if (msg->ua.ua_all) {
716			if (msg->ua.ua_set)
717				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
718			else
719				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
720		} else {
721			if (msg->ua.ua_set)
722				ctl_est_ua(lun, iid, msg->ua.ua_type);
723			else
724				ctl_clr_ua(lun, iid, msg->ua.ua_type);
725		}
726		mtx_unlock(&lun->lun_lock);
727	} else
728		mtx_unlock(&softc->ctl_lock);
729}
730
731static void
732ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
733{
734	struct ctl_lun *lun;
735	struct ctl_ha_msg_lun_pr_key pr_key;
736	int i, k;
737	ctl_lun_flags oflags;
738	uint32_t targ_lun;
739
740	targ_lun = msg->hdr.nexus.targ_mapped_lun;
741	mtx_lock(&softc->ctl_lock);
742	if ((targ_lun >= CTL_MAX_LUNS) ||
743	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
744		mtx_unlock(&softc->ctl_lock);
745		return;
746	}
747	mtx_lock(&lun->lun_lock);
748	mtx_unlock(&softc->ctl_lock);
749	if (lun->flags & CTL_LUN_DISABLED) {
750		mtx_unlock(&lun->lun_lock);
751		return;
752	}
753	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
754	if (msg->lun.lun_devid_len != i || (i > 0 &&
755	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
756		mtx_unlock(&lun->lun_lock);
757		printf("%s: Received conflicting HA LUN %d\n",
758		    __func__, msg->hdr.nexus.targ_lun);
759		return;
760	} else {
761		/* Record whether peer is primary. */
762		oflags = lun->flags;
763		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
764		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
765			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
766		else
767			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
768		if (oflags != lun->flags)
769			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
770
771		/* If peer is primary and we are not -- use data */
772		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
773		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
774			lun->PRGeneration = msg->lun.pr_generation;
775			lun->pr_res_idx = msg->lun.pr_res_idx;
776			lun->res_type = msg->lun.pr_res_type;
777			lun->pr_key_count = msg->lun.pr_key_count;
778			for (k = 0; k < CTL_MAX_INITIATORS; k++)
779				ctl_clr_prkey(lun, k);
780			for (k = 0; k < msg->lun.pr_key_count; k++) {
781				memcpy(&pr_key, &msg->lun.data[i],
782				    sizeof(pr_key));
783				ctl_alloc_prkey(lun, pr_key.pr_iid);
784				ctl_set_prkey(lun, pr_key.pr_iid,
785				    pr_key.pr_key);
786				i += sizeof(pr_key);
787			}
788		}
789
790		mtx_unlock(&lun->lun_lock);
791		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
792		    __func__, msg->hdr.nexus.targ_lun,
793		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
794		    "primary" : "secondary"));
795
796		/* If we are primary but peer doesn't know -- notify */
797		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
798		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
799			ctl_isc_announce_lun(lun);
800	}
801}
802
803static void
804ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
805{
806	struct ctl_port *port;
807	int i, new;
808
809	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
810	if (port == NULL) {
811		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
812		    msg->hdr.nexus.targ_port));
813		new = 1;
814		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
815		port->frontend = &ha_frontend;
816		port->targ_port = msg->hdr.nexus.targ_port;
817	} else if (port->frontend == &ha_frontend) {
818		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
819		    msg->hdr.nexus.targ_port));
820		new = 0;
821	} else {
822		printf("%s: Received conflicting HA port %d\n",
823		    __func__, msg->hdr.nexus.targ_port);
824		return;
825	}
826	port->port_type = msg->port.port_type;
827	port->physical_port = msg->port.physical_port;
828	port->virtual_port = msg->port.virtual_port;
829	port->status = msg->port.status;
830	i = 0;
831	free(port->port_name, M_CTL);
832	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
833	    M_CTL);
834	i += msg->port.name_len;
835	if (msg->port.lun_map_len != 0) {
836		if (port->lun_map == NULL)
837			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
838			    M_CTL, M_WAITOK);
839		memcpy(port->lun_map, &msg->port.data[i],
840		    sizeof(uint32_t) * CTL_MAX_LUNS);
841		i += msg->port.lun_map_len;
842	} else {
843		free(port->lun_map, M_CTL);
844		port->lun_map = NULL;
845	}
846	if (msg->port.port_devid_len != 0) {
847		if (port->port_devid == NULL ||
848		    port->port_devid->len != msg->port.port_devid_len) {
849			free(port->port_devid, M_CTL);
850			port->port_devid = malloc(sizeof(struct ctl_devid) +
851			    msg->port.port_devid_len, M_CTL, M_WAITOK);
852		}
853		memcpy(port->port_devid->data, &msg->port.data[i],
854		    msg->port.port_devid_len);
855		port->port_devid->len = msg->port.port_devid_len;
856		i += msg->port.port_devid_len;
857	} else {
858		free(port->port_devid, M_CTL);
859		port->port_devid = NULL;
860	}
861	if (msg->port.target_devid_len != 0) {
862		if (port->target_devid == NULL ||
863		    port->target_devid->len != msg->port.target_devid_len) {
864			free(port->target_devid, M_CTL);
865			port->target_devid = malloc(sizeof(struct ctl_devid) +
866			    msg->port.target_devid_len, M_CTL, M_WAITOK);
867		}
868		memcpy(port->target_devid->data, &msg->port.data[i],
869		    msg->port.target_devid_len);
870		port->target_devid->len = msg->port.target_devid_len;
871		i += msg->port.target_devid_len;
872	} else {
873		free(port->port_devid, M_CTL);
874		port->port_devid = NULL;
875	}
876	if (new) {
877		if (ctl_port_register(port) != 0) {
878			printf("%s: ctl_port_register() failed with error\n",
879			    __func__);
880		}
881	}
882}
883
884/*
885 * ISC (Inter Shelf Communication) event handler.  Events from the HA
886 * subsystem come in here.
887 */
888static void
889ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
890{
891	struct ctl_softc *softc;
892	union ctl_io *io;
893	struct ctl_prio *presio;
894	ctl_ha_status isc_status;
895
896	softc = control_softc;
897	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
898	if (event == CTL_HA_EVT_MSG_RECV) {
899		union ctl_ha_msg *msg, msgbuf;
900
901		if (param > sizeof(msgbuf))
902			msg = malloc(param, M_CTL, M_WAITOK);
903		else
904			msg = &msgbuf;
905		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
906		    M_WAITOK);
907		if (isc_status != CTL_HA_STATUS_SUCCESS) {
908			printf("%s: Error receiving message: %d\n",
909			    __func__, isc_status);
910			if (msg != &msgbuf)
911				free(msg, M_CTL);
912			return;
913		}
914
915		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
916		switch (msg->hdr.msg_type) {
917		case CTL_MSG_SERIALIZE:
918			io = ctl_alloc_io(softc->othersc_pool);
919			ctl_zero_io(io);
920			// populate ctsio from msg
921			io->io_hdr.io_type = CTL_IO_SCSI;
922			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
923			io->io_hdr.original_sc = msg->hdr.original_sc;
924			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
925					    CTL_FLAG_IO_ACTIVE;
926			/*
927			 * If we're in serialization-only mode, we don't
928			 * want to go through full done processing.  Thus
929			 * the COPY flag.
930			 *
931			 * XXX KDM add another flag that is more specific.
932			 */
933			if (softc->ha_mode != CTL_HA_MODE_XFER)
934				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
935			io->io_hdr.nexus = msg->hdr.nexus;
936#if 0
937			printf("port %u, iid %u, lun %u\n",
938			       io->io_hdr.nexus.targ_port,
939			       io->io_hdr.nexus.initid,
940			       io->io_hdr.nexus.targ_lun);
941#endif
942			io->scsiio.tag_num = msg->scsi.tag_num;
943			io->scsiio.tag_type = msg->scsi.tag_type;
944#ifdef CTL_TIME_IO
945			io->io_hdr.start_time = time_uptime;
946			getbintime(&io->io_hdr.start_bt);
947#endif /* CTL_TIME_IO */
948			io->scsiio.cdb_len = msg->scsi.cdb_len;
949			memcpy(io->scsiio.cdb, msg->scsi.cdb,
950			       CTL_MAX_CDBLEN);
951			if (softc->ha_mode == CTL_HA_MODE_XFER) {
952				const struct ctl_cmd_entry *entry;
953
954				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
955				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
956				io->io_hdr.flags |=
957					entry->flags & CTL_FLAG_DATA_MASK;
958			}
959			ctl_enqueue_isc(io);
960			break;
961
962		/* Performed on the Originating SC, XFER mode only */
963		case CTL_MSG_DATAMOVE: {
964			struct ctl_sg_entry *sgl;
965			int i, j;
966
967			io = msg->hdr.original_sc;
968			if (io == NULL) {
969				printf("%s: original_sc == NULL!\n", __func__);
970				/* XXX KDM do something here */
971				break;
972			}
973			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
974			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
975			/*
976			 * Keep track of this, we need to send it back over
977			 * when the datamove is complete.
978			 */
979			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
980
981			if (msg->dt.sg_sequence == 0) {
982				i = msg->dt.kern_sg_entries +
983				    io->scsiio.kern_data_len /
984				    CTL_HA_DATAMOVE_SEGMENT + 1;
985				sgl = malloc(sizeof(*sgl) * i, M_CTL,
986				    M_WAITOK | M_ZERO);
987				io->io_hdr.remote_sglist = sgl;
988				io->io_hdr.local_sglist =
989				    &sgl[msg->dt.kern_sg_entries];
990
991				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
992
993				io->scsiio.kern_sg_entries =
994					msg->dt.kern_sg_entries;
995				io->scsiio.rem_sg_entries =
996					msg->dt.kern_sg_entries;
997				io->scsiio.kern_data_len =
998					msg->dt.kern_data_len;
999				io->scsiio.kern_total_len =
1000					msg->dt.kern_total_len;
1001				io->scsiio.kern_data_resid =
1002					msg->dt.kern_data_resid;
1003				io->scsiio.kern_rel_offset =
1004					msg->dt.kern_rel_offset;
1005				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1006				io->io_hdr.flags |= msg->dt.flags &
1007				    CTL_FLAG_BUS_ADDR;
1008			} else
1009				sgl = (struct ctl_sg_entry *)
1010					io->scsiio.kern_data_ptr;
1011
1012			for (i = msg->dt.sent_sg_entries, j = 0;
1013			     i < (msg->dt.sent_sg_entries +
1014			     msg->dt.cur_sg_entries); i++, j++) {
1015				sgl[i].addr = msg->dt.sg_list[j].addr;
1016				sgl[i].len = msg->dt.sg_list[j].len;
1017
1018#if 0
1019				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
1020				       __func__,
1021				       msg->dt.sg_list[j].addr,
1022				       msg->dt.sg_list[j].len,
1023				       sgl[i].addr, sgl[i].len, j, i);
1024#endif
1025			}
1026
1027			/*
1028			 * If this is the last piece of the I/O, we've got
1029			 * the full S/G list.  Queue processing in the thread.
1030			 * Otherwise wait for the next piece.
1031			 */
1032			if (msg->dt.sg_last != 0)
1033				ctl_enqueue_isc(io);
1034			break;
1035		}
1036		/* Performed on the Serializing (primary) SC, XFER mode only */
1037		case CTL_MSG_DATAMOVE_DONE: {
1038			if (msg->hdr.serializing_sc == NULL) {
1039				printf("%s: serializing_sc == NULL!\n",
1040				       __func__);
1041				/* XXX KDM now what? */
1042				break;
1043			}
1044			/*
1045			 * We grab the sense information here in case
1046			 * there was a failure, so we can return status
1047			 * back to the initiator.
1048			 */
1049			io = msg->hdr.serializing_sc;
1050			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1051			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1052			io->io_hdr.port_status = msg->scsi.fetd_status;
1053			io->scsiio.residual = msg->scsi.residual;
1054			if (msg->hdr.status != CTL_STATUS_NONE) {
1055				io->io_hdr.status = msg->hdr.status;
1056				io->scsiio.scsi_status = msg->scsi.scsi_status;
1057				io->scsiio.sense_len = msg->scsi.sense_len;
1058				io->scsiio.sense_residual =msg->scsi.sense_residual;
1059				memcpy(&io->scsiio.sense_data,
1060				    &msg->scsi.sense_data,
1061				    msg->scsi.sense_len);
1062			}
1063			ctl_enqueue_isc(io);
1064			break;
1065		}
1066
1067		/* Preformed on Originating SC, SER_ONLY mode */
1068		case CTL_MSG_R2R:
1069			io = msg->hdr.original_sc;
1070			if (io == NULL) {
1071				printf("%s: original_sc == NULL!\n",
1072				    __func__);
1073				break;
1074			}
1075			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1076			io->io_hdr.msg_type = CTL_MSG_R2R;
1077			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1078			ctl_enqueue_isc(io);
1079			break;
1080
1081		/*
1082		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1083		 * mode.
1084		 * Performed on the Originating (i.e. secondary) SC in XFER
1085		 * mode
1086		 */
1087		case CTL_MSG_FINISH_IO:
1088			if (softc->ha_mode == CTL_HA_MODE_XFER)
1089				ctl_isc_handler_finish_xfer(softc, msg);
1090			else
1091				ctl_isc_handler_finish_ser_only(softc, msg);
1092			break;
1093
1094		/* Preformed on Originating SC */
1095		case CTL_MSG_BAD_JUJU:
1096			io = msg->hdr.original_sc;
1097			if (io == NULL) {
1098				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1099				       __func__);
1100				break;
1101			}
1102			ctl_copy_sense_data(msg, io);
1103			/*
1104			 * IO should have already been cleaned up on other
1105			 * SC so clear this flag so we won't send a message
1106			 * back to finish the IO there.
1107			 */
1108			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1109			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1110
1111			/* io = msg->hdr.serializing_sc; */
1112			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1113			ctl_enqueue_isc(io);
1114			break;
1115
1116		/* Handle resets sent from the other side */
1117		case CTL_MSG_MANAGE_TASKS: {
1118			struct ctl_taskio *taskio;
1119			taskio = (struct ctl_taskio *)ctl_alloc_io(
1120			    softc->othersc_pool);
1121			ctl_zero_io((union ctl_io *)taskio);
1122			taskio->io_hdr.io_type = CTL_IO_TASK;
1123			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1124			taskio->io_hdr.nexus = msg->hdr.nexus;
1125			taskio->task_action = msg->task.task_action;
1126			taskio->tag_num = msg->task.tag_num;
1127			taskio->tag_type = msg->task.tag_type;
1128#ifdef CTL_TIME_IO
1129			taskio->io_hdr.start_time = time_uptime;
1130			getbintime(&taskio->io_hdr.start_bt);
1131#endif /* CTL_TIME_IO */
1132			ctl_run_task((union ctl_io *)taskio);
1133			break;
1134		}
1135		/* Persistent Reserve action which needs attention */
1136		case CTL_MSG_PERS_ACTION:
1137			presio = (struct ctl_prio *)ctl_alloc_io(
1138			    softc->othersc_pool);
1139			ctl_zero_io((union ctl_io *)presio);
1140			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1141			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1142			presio->io_hdr.nexus = msg->hdr.nexus;
1143			presio->pr_msg = msg->pr;
1144			ctl_enqueue_isc((union ctl_io *)presio);
1145			break;
1146		case CTL_MSG_UA:
1147			ctl_isc_ua(softc, msg, param);
1148			break;
1149		case CTL_MSG_PORT_SYNC:
1150			ctl_isc_port_sync(softc, msg, param);
1151			break;
1152		case CTL_MSG_LUN_SYNC:
1153			ctl_isc_lun_sync(softc, msg, param);
1154			break;
1155		default:
1156			printf("Received HA message of unknown type %d\n",
1157			    msg->hdr.msg_type);
1158			break;
1159		}
1160		if (msg != &msgbuf)
1161			free(msg, M_CTL);
1162	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1163		printf("CTL: HA link status changed from %d to %d\n",
1164		    softc->ha_link, param);
1165		if (param == softc->ha_link)
1166			return;
1167		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1168			softc->ha_link = param;
1169			ctl_isc_ha_link_down(softc);
1170		} else {
1171			softc->ha_link = param;
1172			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1173				ctl_isc_ha_link_up(softc);
1174		}
1175		return;
1176	} else {
1177		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1178		return;
1179	}
1180}
1181
1182static void
1183ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1184{
1185
1186	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1187	    src->scsi.sense_len);
1188	dest->scsiio.scsi_status = src->scsi.scsi_status;
1189	dest->scsiio.sense_len = src->scsi.sense_len;
1190	dest->io_hdr.status = src->hdr.status;
1191}
1192
1193static void
1194ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1195{
1196
1197	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1198	    src->scsiio.sense_len);
1199	dest->scsi.scsi_status = src->scsiio.scsi_status;
1200	dest->scsi.sense_len = src->scsiio.sense_len;
1201	dest->hdr.status = src->io_hdr.status;
1202}
1203
1204static void
1205ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1206{
1207	struct ctl_softc *softc = lun->ctl_softc;
1208	ctl_ua_type *pu;
1209
1210	if (initidx < softc->init_min || initidx >= softc->init_max)
1211		return;
1212	mtx_assert(&lun->lun_lock, MA_OWNED);
1213	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1214	if (pu == NULL)
1215		return;
1216	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1217}
1218
1219static void
1220ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1221{
1222	int i;
1223
1224	mtx_assert(&lun->lun_lock, MA_OWNED);
1225	if (lun->pending_ua[port] == NULL)
1226		return;
1227	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1228		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1229			continue;
1230		lun->pending_ua[port][i] |= ua;
1231	}
1232}
1233
1234static void
1235ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1236{
1237	struct ctl_softc *softc = lun->ctl_softc;
1238	int i;
1239
1240	mtx_assert(&lun->lun_lock, MA_OWNED);
1241	for (i = softc->port_min; i < softc->port_max; i++)
1242		ctl_est_ua_port(lun, i, except, ua);
1243}
1244
1245static void
1246ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1247{
1248	struct ctl_softc *softc = lun->ctl_softc;
1249	ctl_ua_type *pu;
1250
1251	if (initidx < softc->init_min || initidx >= softc->init_max)
1252		return;
1253	mtx_assert(&lun->lun_lock, MA_OWNED);
1254	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1255	if (pu == NULL)
1256		return;
1257	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1258}
1259
1260static void
1261ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1262{
1263	struct ctl_softc *softc = lun->ctl_softc;
1264	int i, j;
1265
1266	mtx_assert(&lun->lun_lock, MA_OWNED);
1267	for (i = softc->port_min; i < softc->port_max; i++) {
1268		if (lun->pending_ua[i] == NULL)
1269			continue;
1270		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1271			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1272				continue;
1273			lun->pending_ua[i][j] &= ~ua;
1274		}
1275	}
1276}
1277
1278static void
1279ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1280    ctl_ua_type ua_type)
1281{
1282	struct ctl_lun *lun;
1283
1284	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1285	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1286		mtx_lock(&lun->lun_lock);
1287		ctl_clr_ua(lun, initidx, ua_type);
1288		mtx_unlock(&lun->lun_lock);
1289	}
1290}
1291
1292static int
1293ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1294{
1295	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1296	struct ctl_lun *lun;
1297	struct ctl_lun_req ireq;
1298	int error, value;
1299
1300	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1301	error = sysctl_handle_int(oidp, &value, 0, req);
1302	if ((error != 0) || (req->newptr == NULL))
1303		return (error);
1304
1305	mtx_lock(&softc->ctl_lock);
1306	if (value == 0)
1307		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1308	else
1309		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1310	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1311		mtx_unlock(&softc->ctl_lock);
1312		bzero(&ireq, sizeof(ireq));
1313		ireq.reqtype = CTL_LUNREQ_MODIFY;
1314		ireq.reqdata.modify.lun_id = lun->lun;
1315		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1316		    curthread);
1317		if (ireq.status != CTL_LUN_OK) {
1318			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1319			    __func__, ireq.status, ireq.error_str);
1320		}
1321		mtx_lock(&softc->ctl_lock);
1322	}
1323	mtx_unlock(&softc->ctl_lock);
1324	return (0);
1325}
1326
1327static int
1328ctl_init(void)
1329{
1330	struct ctl_softc *softc;
1331	void *other_pool;
1332	int i, error, retval;
1333
1334	retval = 0;
1335	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1336			       M_WAITOK | M_ZERO);
1337	softc = control_softc;
1338
1339	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1340			      "cam/ctl");
1341
1342	softc->dev->si_drv1 = softc;
1343
1344	sysctl_ctx_init(&softc->sysctl_ctx);
1345	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1346		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1347		CTLFLAG_RD, 0, "CAM Target Layer");
1348
1349	if (softc->sysctl_tree == NULL) {
1350		printf("%s: unable to allocate sysctl tree\n", __func__);
1351		destroy_dev(softc->dev);
1352		free(control_softc, M_DEVBUF);
1353		control_softc = NULL;
1354		return (ENOMEM);
1355	}
1356
1357	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1358	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1359	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1360	softc->open_count = 0;
1361
1362	/*
1363	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1364	 * the drive.
1365	 */
1366	softc->flags = CTL_FLAG_REAL_SYNC;
1367
1368	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1369	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1370	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1371
1372	/*
1373	 * In Copan's HA scheme, the "master" and "slave" roles are
1374	 * figured out through the slot the controller is in.  Although it
1375	 * is an active/active system, someone has to be in charge.
1376	 */
1377	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1378	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1379	    "HA head ID (0 - no HA)");
1380	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1381		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1382		softc->is_single = 1;
1383		softc->port_cnt = CTL_MAX_PORTS;
1384		softc->port_min = 0;
1385	} else {
1386		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1387		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1388	}
1389	softc->port_max = softc->port_min + softc->port_cnt;
1390	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1391	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1392
1393	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1394	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1395	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1396
1397	STAILQ_INIT(&softc->lun_list);
1398	STAILQ_INIT(&softc->pending_lun_queue);
1399	STAILQ_INIT(&softc->fe_list);
1400	STAILQ_INIT(&softc->port_list);
1401	STAILQ_INIT(&softc->be_list);
1402	ctl_tpc_init(softc);
1403
1404	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1405	                    &other_pool) != 0)
1406	{
1407		printf("ctl: can't allocate %d entry other SC pool, "
1408		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1409		return (ENOMEM);
1410	}
1411	softc->othersc_pool = other_pool;
1412
1413	if (worker_threads <= 0)
1414		worker_threads = max(1, mp_ncpus / 4);
1415	if (worker_threads > CTL_MAX_THREADS)
1416		worker_threads = CTL_MAX_THREADS;
1417
1418	for (i = 0; i < worker_threads; i++) {
1419		struct ctl_thread *thr = &softc->threads[i];
1420
1421		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1422		thr->ctl_softc = softc;
1423		STAILQ_INIT(&thr->incoming_queue);
1424		STAILQ_INIT(&thr->rtr_queue);
1425		STAILQ_INIT(&thr->done_queue);
1426		STAILQ_INIT(&thr->isc_queue);
1427
1428		error = kproc_kthread_add(ctl_work_thread, thr,
1429		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1430		if (error != 0) {
1431			printf("error creating CTL work thread!\n");
1432			ctl_pool_free(other_pool);
1433			return (error);
1434		}
1435	}
1436	error = kproc_kthread_add(ctl_lun_thread, softc,
1437	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1438	if (error != 0) {
1439		printf("error creating CTL lun thread!\n");
1440		ctl_pool_free(other_pool);
1441		return (error);
1442	}
1443	error = kproc_kthread_add(ctl_thresh_thread, softc,
1444	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1445	if (error != 0) {
1446		printf("error creating CTL threshold thread!\n");
1447		ctl_pool_free(other_pool);
1448		return (error);
1449	}
1450
1451	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1452	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1453	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1454
1455	if (softc->is_single == 0) {
1456		ctl_frontend_register(&ha_frontend);
1457		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1458			printf("ctl_init: ctl_ha_msg_init failed.\n");
1459			softc->is_single = 1;
1460		} else
1461		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1462		    != CTL_HA_STATUS_SUCCESS) {
1463			printf("ctl_init: ctl_ha_msg_register failed.\n");
1464			softc->is_single = 1;
1465		}
1466	}
1467	return (0);
1468}
1469
1470void
1471ctl_shutdown(void)
1472{
1473	struct ctl_softc *softc;
1474	struct ctl_lun *lun, *next_lun;
1475
1476	softc = (struct ctl_softc *)control_softc;
1477
1478	if (softc->is_single == 0) {
1479		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1480		    != CTL_HA_STATUS_SUCCESS) {
1481			printf("ctl_shutdown: ctl_ha_msg_deregister failed.\n");
1482		}
1483		if (ctl_ha_msg_shutdown(softc) != CTL_HA_STATUS_SUCCESS) {
1484			printf("ctl_shutdown: ctl_ha_msg_shutdown failed.\n");
1485		}
1486		ctl_frontend_deregister(&ha_frontend);
1487	}
1488
1489	mtx_lock(&softc->ctl_lock);
1490
1491	/*
1492	 * Free up each LUN.
1493	 */
1494	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1495		next_lun = STAILQ_NEXT(lun, links);
1496		ctl_free_lun(lun);
1497	}
1498
1499	mtx_unlock(&softc->ctl_lock);
1500
1501#if 0
1502	ctl_shutdown_thread(softc->work_thread);
1503	mtx_destroy(&softc->queue_lock);
1504#endif
1505
1506	ctl_tpc_shutdown(softc);
1507	uma_zdestroy(softc->io_zone);
1508	mtx_destroy(&softc->ctl_lock);
1509
1510	destroy_dev(softc->dev);
1511
1512	sysctl_ctx_free(&softc->sysctl_ctx);
1513
1514	free(control_softc, M_DEVBUF);
1515	control_softc = NULL;
1516}
1517
1518static int
1519ctl_module_event_handler(module_t mod, int what, void *arg)
1520{
1521
1522	switch (what) {
1523	case MOD_LOAD:
1524		return (ctl_init());
1525	case MOD_UNLOAD:
1526		return (EBUSY);
1527	default:
1528		return (EOPNOTSUPP);
1529	}
1530}
1531
1532/*
1533 * XXX KDM should we do some access checks here?  Bump a reference count to
1534 * prevent a CTL module from being unloaded while someone has it open?
1535 */
1536static int
1537ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1538{
1539	return (0);
1540}
1541
1542static int
1543ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1544{
1545	return (0);
1546}
1547
1548/*
1549 * Remove an initiator by port number and initiator ID.
1550 * Returns 0 for success, -1 for failure.
1551 */
1552int
1553ctl_remove_initiator(struct ctl_port *port, int iid)
1554{
1555	struct ctl_softc *softc = control_softc;
1556
1557	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1558
1559	if (iid > CTL_MAX_INIT_PER_PORT) {
1560		printf("%s: initiator ID %u > maximun %u!\n",
1561		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1562		return (-1);
1563	}
1564
1565	mtx_lock(&softc->ctl_lock);
1566	port->wwpn_iid[iid].in_use--;
1567	port->wwpn_iid[iid].last_use = time_uptime;
1568	mtx_unlock(&softc->ctl_lock);
1569
1570	return (0);
1571}
1572
1573/*
1574 * Add an initiator to the initiator map.
1575 * Returns iid for success, < 0 for failure.
1576 */
1577int
1578ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1579{
1580	struct ctl_softc *softc = control_softc;
1581	time_t best_time;
1582	int i, best;
1583
1584	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1585
1586	if (iid >= CTL_MAX_INIT_PER_PORT) {
1587		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1588		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1589		free(name, M_CTL);
1590		return (-1);
1591	}
1592
1593	mtx_lock(&softc->ctl_lock);
1594
1595	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1596		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1597			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1598				iid = i;
1599				break;
1600			}
1601			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1602			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1603				iid = i;
1604				break;
1605			}
1606		}
1607	}
1608
1609	if (iid < 0) {
1610		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1611			if (port->wwpn_iid[i].in_use == 0 &&
1612			    port->wwpn_iid[i].wwpn == 0 &&
1613			    port->wwpn_iid[i].name == NULL) {
1614				iid = i;
1615				break;
1616			}
1617		}
1618	}
1619
1620	if (iid < 0) {
1621		best = -1;
1622		best_time = INT32_MAX;
1623		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1624			if (port->wwpn_iid[i].in_use == 0) {
1625				if (port->wwpn_iid[i].last_use < best_time) {
1626					best = i;
1627					best_time = port->wwpn_iid[i].last_use;
1628				}
1629			}
1630		}
1631		iid = best;
1632	}
1633
1634	if (iid < 0) {
1635		mtx_unlock(&softc->ctl_lock);
1636		free(name, M_CTL);
1637		return (-2);
1638	}
1639
1640	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1641		/*
1642		 * This is not an error yet.
1643		 */
1644		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1645#if 0
1646			printf("%s: port %d iid %u WWPN %#jx arrived"
1647			    " again\n", __func__, port->targ_port,
1648			    iid, (uintmax_t)wwpn);
1649#endif
1650			goto take;
1651		}
1652		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1653		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1654#if 0
1655			printf("%s: port %d iid %u name '%s' arrived"
1656			    " again\n", __func__, port->targ_port,
1657			    iid, name);
1658#endif
1659			goto take;
1660		}
1661
1662		/*
1663		 * This is an error, but what do we do about it?  The
1664		 * driver is telling us we have a new WWPN for this
1665		 * initiator ID, so we pretty much need to use it.
1666		 */
1667		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1668		    " but WWPN %#jx '%s' is still at that address\n",
1669		    __func__, port->targ_port, iid, wwpn, name,
1670		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1671		    port->wwpn_iid[iid].name);
1672
1673		/*
1674		 * XXX KDM clear have_ca and ua_pending on each LUN for
1675		 * this initiator.
1676		 */
1677	}
1678take:
1679	free(port->wwpn_iid[iid].name, M_CTL);
1680	port->wwpn_iid[iid].name = name;
1681	port->wwpn_iid[iid].wwpn = wwpn;
1682	port->wwpn_iid[iid].in_use++;
1683	mtx_unlock(&softc->ctl_lock);
1684
1685	return (iid);
1686}
1687
1688static int
1689ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1690{
1691	int len;
1692
1693	switch (port->port_type) {
1694	case CTL_PORT_FC:
1695	{
1696		struct scsi_transportid_fcp *id =
1697		    (struct scsi_transportid_fcp *)buf;
1698		if (port->wwpn_iid[iid].wwpn == 0)
1699			return (0);
1700		memset(id, 0, sizeof(*id));
1701		id->format_protocol = SCSI_PROTO_FC;
1702		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1703		return (sizeof(*id));
1704	}
1705	case CTL_PORT_ISCSI:
1706	{
1707		struct scsi_transportid_iscsi_port *id =
1708		    (struct scsi_transportid_iscsi_port *)buf;
1709		if (port->wwpn_iid[iid].name == NULL)
1710			return (0);
1711		memset(id, 0, 256);
1712		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1713		    SCSI_PROTO_ISCSI;
1714		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1715		len = roundup2(min(len, 252), 4);
1716		scsi_ulto2b(len, id->additional_length);
1717		return (sizeof(*id) + len);
1718	}
1719	case CTL_PORT_SAS:
1720	{
1721		struct scsi_transportid_sas *id =
1722		    (struct scsi_transportid_sas *)buf;
1723		if (port->wwpn_iid[iid].wwpn == 0)
1724			return (0);
1725		memset(id, 0, sizeof(*id));
1726		id->format_protocol = SCSI_PROTO_SAS;
1727		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1728		return (sizeof(*id));
1729	}
1730	default:
1731	{
1732		struct scsi_transportid_spi *id =
1733		    (struct scsi_transportid_spi *)buf;
1734		memset(id, 0, sizeof(*id));
1735		id->format_protocol = SCSI_PROTO_SPI;
1736		scsi_ulto2b(iid, id->scsi_addr);
1737		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1738		return (sizeof(*id));
1739	}
1740	}
1741}
1742
1743/*
1744 * Serialize a command that went down the "wrong" side, and so was sent to
1745 * this controller for execution.  The logic is a little different than the
1746 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1747 * sent back to the other side, but in the success case, we execute the
1748 * command on this side (XFER mode) or tell the other side to execute it
1749 * (SER_ONLY mode).
1750 */
1751static int
1752ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1753{
1754	struct ctl_softc *softc;
1755	union ctl_ha_msg msg_info;
1756	struct ctl_lun *lun;
1757	const struct ctl_cmd_entry *entry;
1758	int retval = 0;
1759	uint32_t targ_lun;
1760
1761	softc = control_softc;
1762
1763	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1764	mtx_lock(&softc->ctl_lock);
1765	if ((targ_lun < CTL_MAX_LUNS) &&
1766	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
1767		mtx_lock(&lun->lun_lock);
1768		mtx_unlock(&softc->ctl_lock);
1769		/*
1770		 * If the LUN is invalid, pretend that it doesn't exist.
1771		 * It will go away as soon as all pending I/O has been
1772		 * completed.
1773		 */
1774		if (lun->flags & CTL_LUN_DISABLED) {
1775			mtx_unlock(&lun->lun_lock);
1776			lun = NULL;
1777		}
1778	} else {
1779		mtx_unlock(&softc->ctl_lock);
1780		lun = NULL;
1781	}
1782	if (lun == NULL) {
1783		/*
1784		 * The other node would not send this request to us unless
1785		 * received announce that we are primary node for this LUN.
1786		 * If this LUN does not exist now, it is probably result of
1787		 * a race, so respond to initiator in the most opaque way.
1788		 */
1789		ctl_set_busy(ctsio);
1790		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1791		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1792		msg_info.hdr.serializing_sc = NULL;
1793		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1794		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1795		    sizeof(msg_info.scsi), M_WAITOK);
1796		return(1);
1797	}
1798
1799	entry = ctl_get_cmd_entry(ctsio, NULL);
1800	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
1801		mtx_unlock(&lun->lun_lock);
1802		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1803		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1804		msg_info.hdr.serializing_sc = NULL;
1805		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1806		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1807		    sizeof(msg_info.scsi), M_WAITOK);
1808		return(1);
1809	}
1810
1811	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
1812	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
1813
1814	/*
1815	 * Every I/O goes into the OOA queue for a
1816	 * particular LUN, and stays there until completion.
1817	 */
1818#ifdef CTL_TIME_IO
1819	if (TAILQ_EMPTY(&lun->ooa_queue))
1820		lun->idle_time += getsbinuptime() - lun->last_busy;
1821#endif
1822	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1823
1824	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1825		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1826		 ooa_links))) {
1827	case CTL_ACTION_BLOCK:
1828		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1829		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1830				  blocked_links);
1831		mtx_unlock(&lun->lun_lock);
1832		break;
1833	case CTL_ACTION_PASS:
1834	case CTL_ACTION_SKIP:
1835		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1836			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1837			ctl_enqueue_rtr((union ctl_io *)ctsio);
1838			mtx_unlock(&lun->lun_lock);
1839		} else {
1840			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
1841			mtx_unlock(&lun->lun_lock);
1842
1843			/* send msg back to other side */
1844			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1845			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1846			msg_info.hdr.msg_type = CTL_MSG_R2R;
1847			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1848			    sizeof(msg_info.hdr), M_WAITOK);
1849		}
1850		break;
1851	case CTL_ACTION_OVERLAP:
1852		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1853		mtx_unlock(&lun->lun_lock);
1854		retval = 1;
1855
1856		ctl_set_overlapped_cmd(ctsio);
1857		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1858		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1859		msg_info.hdr.serializing_sc = NULL;
1860		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1861		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1862		    sizeof(msg_info.scsi), M_WAITOK);
1863		break;
1864	case CTL_ACTION_OVERLAP_TAG:
1865		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1866		mtx_unlock(&lun->lun_lock);
1867		retval = 1;
1868		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
1869		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1870		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1871		msg_info.hdr.serializing_sc = NULL;
1872		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1873		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1874		    sizeof(msg_info.scsi), M_WAITOK);
1875		break;
1876	case CTL_ACTION_ERROR:
1877	default:
1878		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1879		mtx_unlock(&lun->lun_lock);
1880		retval = 1;
1881
1882		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
1883					 /*retry_count*/ 0);
1884		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1885		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1886		msg_info.hdr.serializing_sc = NULL;
1887		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1888		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1889		    sizeof(msg_info.scsi), M_WAITOK);
1890		break;
1891	}
1892	return (retval);
1893}
1894
1895/*
1896 * Returns 0 for success, errno for failure.
1897 */
1898static int
1899ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1900		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1901{
1902	union ctl_io *io;
1903	int retval;
1904
1905	retval = 0;
1906
1907	mtx_lock(&lun->lun_lock);
1908	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1909	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1910	     ooa_links)) {
1911		struct ctl_ooa_entry *entry;
1912
1913		/*
1914		 * If we've got more than we can fit, just count the
1915		 * remaining entries.
1916		 */
1917		if (*cur_fill_num >= ooa_hdr->alloc_num)
1918			continue;
1919
1920		entry = &kern_entries[*cur_fill_num];
1921
1922		entry->tag_num = io->scsiio.tag_num;
1923		entry->lun_num = lun->lun;
1924#ifdef CTL_TIME_IO
1925		entry->start_bt = io->io_hdr.start_bt;
1926#endif
1927		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
1928		entry->cdb_len = io->scsiio.cdb_len;
1929		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1930			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1931
1932		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1933			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
1934
1935		if (io->io_hdr.flags & CTL_FLAG_ABORT)
1936			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
1937
1938		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
1939			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
1940
1941		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
1942			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
1943	}
1944	mtx_unlock(&lun->lun_lock);
1945
1946	return (retval);
1947}
1948
1949static void *
1950ctl_copyin_alloc(void *user_addr, int len, char *error_str,
1951		 size_t error_str_len)
1952{
1953	void *kptr;
1954
1955	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
1956
1957	if (copyin(user_addr, kptr, len) != 0) {
1958		snprintf(error_str, error_str_len, "Error copying %d bytes "
1959			 "from user address %p to kernel address %p", len,
1960			 user_addr, kptr);
1961		free(kptr, M_CTL);
1962		return (NULL);
1963	}
1964
1965	return (kptr);
1966}
1967
1968static void
1969ctl_free_args(int num_args, struct ctl_be_arg *args)
1970{
1971	int i;
1972
1973	if (args == NULL)
1974		return;
1975
1976	for (i = 0; i < num_args; i++) {
1977		free(args[i].kname, M_CTL);
1978		free(args[i].kvalue, M_CTL);
1979	}
1980
1981	free(args, M_CTL);
1982}
1983
1984static struct ctl_be_arg *
1985ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
1986		char *error_str, size_t error_str_len)
1987{
1988	struct ctl_be_arg *args;
1989	int i;
1990
1991	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
1992				error_str, error_str_len);
1993
1994	if (args == NULL)
1995		goto bailout;
1996
1997	for (i = 0; i < num_args; i++) {
1998		args[i].kname = NULL;
1999		args[i].kvalue = NULL;
2000	}
2001
2002	for (i = 0; i < num_args; i++) {
2003		uint8_t *tmpptr;
2004
2005		args[i].kname = ctl_copyin_alloc(args[i].name,
2006			args[i].namelen, error_str, error_str_len);
2007		if (args[i].kname == NULL)
2008			goto bailout;
2009
2010		if (args[i].kname[args[i].namelen - 1] != '\0') {
2011			snprintf(error_str, error_str_len, "Argument %d "
2012				 "name is not NUL-terminated", i);
2013			goto bailout;
2014		}
2015
2016		if (args[i].flags & CTL_BEARG_RD) {
2017			tmpptr = ctl_copyin_alloc(args[i].value,
2018				args[i].vallen, error_str, error_str_len);
2019			if (tmpptr == NULL)
2020				goto bailout;
2021			if ((args[i].flags & CTL_BEARG_ASCII)
2022			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2023				snprintf(error_str, error_str_len, "Argument "
2024				    "%d value is not NUL-terminated", i);
2025				goto bailout;
2026			}
2027			args[i].kvalue = tmpptr;
2028		} else {
2029			args[i].kvalue = malloc(args[i].vallen,
2030			    M_CTL, M_WAITOK | M_ZERO);
2031		}
2032	}
2033
2034	return (args);
2035bailout:
2036
2037	ctl_free_args(num_args, args);
2038
2039	return (NULL);
2040}
2041
2042static void
2043ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2044{
2045	int i;
2046
2047	for (i = 0; i < num_args; i++) {
2048		if (args[i].flags & CTL_BEARG_WR)
2049			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2050	}
2051}
2052
2053/*
2054 * Escape characters that are illegal or not recommended in XML.
2055 */
2056int
2057ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2058{
2059	char *end = str + size;
2060	int retval;
2061
2062	retval = 0;
2063
2064	for (; *str && str < end; str++) {
2065		switch (*str) {
2066		case '&':
2067			retval = sbuf_printf(sb, "&amp;");
2068			break;
2069		case '>':
2070			retval = sbuf_printf(sb, "&gt;");
2071			break;
2072		case '<':
2073			retval = sbuf_printf(sb, "&lt;");
2074			break;
2075		default:
2076			retval = sbuf_putc(sb, *str);
2077			break;
2078		}
2079
2080		if (retval != 0)
2081			break;
2082
2083	}
2084
2085	return (retval);
2086}
2087
2088static void
2089ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2090{
2091	struct scsi_vpd_id_descriptor *desc;
2092	int i;
2093
2094	if (id == NULL || id->len < 4)
2095		return;
2096	desc = (struct scsi_vpd_id_descriptor *)id->data;
2097	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2098	case SVPD_ID_TYPE_T10:
2099		sbuf_printf(sb, "t10.");
2100		break;
2101	case SVPD_ID_TYPE_EUI64:
2102		sbuf_printf(sb, "eui.");
2103		break;
2104	case SVPD_ID_TYPE_NAA:
2105		sbuf_printf(sb, "naa.");
2106		break;
2107	case SVPD_ID_TYPE_SCSI_NAME:
2108		break;
2109	}
2110	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2111	case SVPD_ID_CODESET_BINARY:
2112		for (i = 0; i < desc->length; i++)
2113			sbuf_printf(sb, "%02x", desc->identifier[i]);
2114		break;
2115	case SVPD_ID_CODESET_ASCII:
2116		sbuf_printf(sb, "%.*s", (int)desc->length,
2117		    (char *)desc->identifier);
2118		break;
2119	case SVPD_ID_CODESET_UTF8:
2120		sbuf_printf(sb, "%s", (char *)desc->identifier);
2121		break;
2122	}
2123}
2124
2125static int
2126ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2127	  struct thread *td)
2128{
2129	struct ctl_softc *softc;
2130	struct ctl_lun *lun;
2131	int retval;
2132
2133	softc = control_softc;
2134
2135	retval = 0;
2136
2137	switch (cmd) {
2138	case CTL_IO:
2139		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2140		break;
2141	case CTL_ENABLE_PORT:
2142	case CTL_DISABLE_PORT:
2143	case CTL_SET_PORT_WWNS: {
2144		struct ctl_port *port;
2145		struct ctl_port_entry *entry;
2146
2147		entry = (struct ctl_port_entry *)addr;
2148
2149		mtx_lock(&softc->ctl_lock);
2150		STAILQ_FOREACH(port, &softc->port_list, links) {
2151			int action, done;
2152
2153			if (port->targ_port < softc->port_min ||
2154			    port->targ_port >= softc->port_max)
2155				continue;
2156
2157			action = 0;
2158			done = 0;
2159			if ((entry->port_type == CTL_PORT_NONE)
2160			 && (entry->targ_port == port->targ_port)) {
2161				/*
2162				 * If the user only wants to enable or
2163				 * disable or set WWNs on a specific port,
2164				 * do the operation and we're done.
2165				 */
2166				action = 1;
2167				done = 1;
2168			} else if (entry->port_type & port->port_type) {
2169				/*
2170				 * Compare the user's type mask with the
2171				 * particular frontend type to see if we
2172				 * have a match.
2173				 */
2174				action = 1;
2175				done = 0;
2176
2177				/*
2178				 * Make sure the user isn't trying to set
2179				 * WWNs on multiple ports at the same time.
2180				 */
2181				if (cmd == CTL_SET_PORT_WWNS) {
2182					printf("%s: Can't set WWNs on "
2183					       "multiple ports\n", __func__);
2184					retval = EINVAL;
2185					break;
2186				}
2187			}
2188			if (action == 0)
2189				continue;
2190
2191			/*
2192			 * XXX KDM we have to drop the lock here, because
2193			 * the online/offline operations can potentially
2194			 * block.  We need to reference count the frontends
2195			 * so they can't go away,
2196			 */
2197			if (cmd == CTL_ENABLE_PORT) {
2198				mtx_unlock(&softc->ctl_lock);
2199				ctl_port_online(port);
2200				mtx_lock(&softc->ctl_lock);
2201			} else if (cmd == CTL_DISABLE_PORT) {
2202				mtx_unlock(&softc->ctl_lock);
2203				ctl_port_offline(port);
2204				mtx_lock(&softc->ctl_lock);
2205			} else if (cmd == CTL_SET_PORT_WWNS) {
2206				ctl_port_set_wwns(port,
2207				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2208				    1 : 0, entry->wwnn,
2209				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2210				    1 : 0, entry->wwpn);
2211			}
2212			if (done != 0)
2213				break;
2214		}
2215		mtx_unlock(&softc->ctl_lock);
2216		break;
2217	}
2218	case CTL_GET_PORT_LIST: {
2219		struct ctl_port *port;
2220		struct ctl_port_list *list;
2221		int i;
2222
2223		list = (struct ctl_port_list *)addr;
2224
2225		if (list->alloc_len != (list->alloc_num *
2226		    sizeof(struct ctl_port_entry))) {
2227			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2228			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2229			       "%zu\n", __func__, list->alloc_len,
2230			       list->alloc_num, sizeof(struct ctl_port_entry));
2231			retval = EINVAL;
2232			break;
2233		}
2234		list->fill_len = 0;
2235		list->fill_num = 0;
2236		list->dropped_num = 0;
2237		i = 0;
2238		mtx_lock(&softc->ctl_lock);
2239		STAILQ_FOREACH(port, &softc->port_list, links) {
2240			struct ctl_port_entry entry, *list_entry;
2241
2242			if (list->fill_num >= list->alloc_num) {
2243				list->dropped_num++;
2244				continue;
2245			}
2246
2247			entry.port_type = port->port_type;
2248			strlcpy(entry.port_name, port->port_name,
2249				sizeof(entry.port_name));
2250			entry.targ_port = port->targ_port;
2251			entry.physical_port = port->physical_port;
2252			entry.virtual_port = port->virtual_port;
2253			entry.wwnn = port->wwnn;
2254			entry.wwpn = port->wwpn;
2255			if (port->status & CTL_PORT_STATUS_ONLINE)
2256				entry.online = 1;
2257			else
2258				entry.online = 0;
2259
2260			list_entry = &list->entries[i];
2261
2262			retval = copyout(&entry, list_entry, sizeof(entry));
2263			if (retval != 0) {
2264				printf("%s: CTL_GET_PORT_LIST: copyout "
2265				       "returned %d\n", __func__, retval);
2266				break;
2267			}
2268			i++;
2269			list->fill_num++;
2270			list->fill_len += sizeof(entry);
2271		}
2272		mtx_unlock(&softc->ctl_lock);
2273
2274		/*
2275		 * If this is non-zero, we had a copyout fault, so there's
2276		 * probably no point in attempting to set the status inside
2277		 * the structure.
2278		 */
2279		if (retval != 0)
2280			break;
2281
2282		if (list->dropped_num > 0)
2283			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2284		else
2285			list->status = CTL_PORT_LIST_OK;
2286		break;
2287	}
2288	case CTL_DUMP_OOA: {
2289		union ctl_io *io;
2290		char printbuf[128];
2291		struct sbuf sb;
2292
2293		mtx_lock(&softc->ctl_lock);
2294		printf("Dumping OOA queues:\n");
2295		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2296			mtx_lock(&lun->lun_lock);
2297			for (io = (union ctl_io *)TAILQ_FIRST(
2298			     &lun->ooa_queue); io != NULL;
2299			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2300			     ooa_links)) {
2301				sbuf_new(&sb, printbuf, sizeof(printbuf),
2302					 SBUF_FIXEDLEN);
2303				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2304					    (intmax_t)lun->lun,
2305					    io->scsiio.tag_num,
2306					    (io->io_hdr.flags &
2307					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2308					    (io->io_hdr.flags &
2309					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2310					    (io->io_hdr.flags &
2311					    CTL_FLAG_ABORT) ? " ABORT" : "",
2312			                    (io->io_hdr.flags &
2313		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2314				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2315				sbuf_finish(&sb);
2316				printf("%s\n", sbuf_data(&sb));
2317			}
2318			mtx_unlock(&lun->lun_lock);
2319		}
2320		printf("OOA queues dump done\n");
2321		mtx_unlock(&softc->ctl_lock);
2322		break;
2323	}
2324	case CTL_GET_OOA: {
2325		struct ctl_ooa *ooa_hdr;
2326		struct ctl_ooa_entry *entries;
2327		uint32_t cur_fill_num;
2328
2329		ooa_hdr = (struct ctl_ooa *)addr;
2330
2331		if ((ooa_hdr->alloc_len == 0)
2332		 || (ooa_hdr->alloc_num == 0)) {
2333			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2334			       "must be non-zero\n", __func__,
2335			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2336			retval = EINVAL;
2337			break;
2338		}
2339
2340		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2341		    sizeof(struct ctl_ooa_entry))) {
2342			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2343			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2344			       __func__, ooa_hdr->alloc_len,
2345			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2346			retval = EINVAL;
2347			break;
2348		}
2349
2350		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2351		if (entries == NULL) {
2352			printf("%s: could not allocate %d bytes for OOA "
2353			       "dump\n", __func__, ooa_hdr->alloc_len);
2354			retval = ENOMEM;
2355			break;
2356		}
2357
2358		mtx_lock(&softc->ctl_lock);
2359		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2360		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2361		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2362			mtx_unlock(&softc->ctl_lock);
2363			free(entries, M_CTL);
2364			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2365			       __func__, (uintmax_t)ooa_hdr->lun_num);
2366			retval = EINVAL;
2367			break;
2368		}
2369
2370		cur_fill_num = 0;
2371
2372		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2373			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2374				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2375					ooa_hdr, entries);
2376				if (retval != 0)
2377					break;
2378			}
2379			if (retval != 0) {
2380				mtx_unlock(&softc->ctl_lock);
2381				free(entries, M_CTL);
2382				break;
2383			}
2384		} else {
2385			lun = softc->ctl_luns[ooa_hdr->lun_num];
2386
2387			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2388						    entries);
2389		}
2390		mtx_unlock(&softc->ctl_lock);
2391
2392		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2393		ooa_hdr->fill_len = ooa_hdr->fill_num *
2394			sizeof(struct ctl_ooa_entry);
2395		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2396		if (retval != 0) {
2397			printf("%s: error copying out %d bytes for OOA dump\n",
2398			       __func__, ooa_hdr->fill_len);
2399		}
2400
2401		getbintime(&ooa_hdr->cur_bt);
2402
2403		if (cur_fill_num > ooa_hdr->alloc_num) {
2404			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2405			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2406		} else {
2407			ooa_hdr->dropped_num = 0;
2408			ooa_hdr->status = CTL_OOA_OK;
2409		}
2410
2411		free(entries, M_CTL);
2412		break;
2413	}
2414	case CTL_CHECK_OOA: {
2415		union ctl_io *io;
2416		struct ctl_ooa_info *ooa_info;
2417
2418
2419		ooa_info = (struct ctl_ooa_info *)addr;
2420
2421		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2422			ooa_info->status = CTL_OOA_INVALID_LUN;
2423			break;
2424		}
2425		mtx_lock(&softc->ctl_lock);
2426		lun = softc->ctl_luns[ooa_info->lun_id];
2427		if (lun == NULL) {
2428			mtx_unlock(&softc->ctl_lock);
2429			ooa_info->status = CTL_OOA_INVALID_LUN;
2430			break;
2431		}
2432		mtx_lock(&lun->lun_lock);
2433		mtx_unlock(&softc->ctl_lock);
2434		ooa_info->num_entries = 0;
2435		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2436		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2437		     &io->io_hdr, ooa_links)) {
2438			ooa_info->num_entries++;
2439		}
2440		mtx_unlock(&lun->lun_lock);
2441
2442		ooa_info->status = CTL_OOA_SUCCESS;
2443
2444		break;
2445	}
2446	case CTL_DELAY_IO: {
2447		struct ctl_io_delay_info *delay_info;
2448
2449		delay_info = (struct ctl_io_delay_info *)addr;
2450
2451#ifdef CTL_IO_DELAY
2452		mtx_lock(&softc->ctl_lock);
2453
2454		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2455		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2456			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2457		} else {
2458			lun = softc->ctl_luns[delay_info->lun_id];
2459			mtx_lock(&lun->lun_lock);
2460
2461			delay_info->status = CTL_DELAY_STATUS_OK;
2462
2463			switch (delay_info->delay_type) {
2464			case CTL_DELAY_TYPE_CONT:
2465				break;
2466			case CTL_DELAY_TYPE_ONESHOT:
2467				break;
2468			default:
2469				delay_info->status =
2470					CTL_DELAY_STATUS_INVALID_TYPE;
2471				break;
2472			}
2473
2474			switch (delay_info->delay_loc) {
2475			case CTL_DELAY_LOC_DATAMOVE:
2476				lun->delay_info.datamove_type =
2477					delay_info->delay_type;
2478				lun->delay_info.datamove_delay =
2479					delay_info->delay_secs;
2480				break;
2481			case CTL_DELAY_LOC_DONE:
2482				lun->delay_info.done_type =
2483					delay_info->delay_type;
2484				lun->delay_info.done_delay =
2485					delay_info->delay_secs;
2486				break;
2487			default:
2488				delay_info->status =
2489					CTL_DELAY_STATUS_INVALID_LOC;
2490				break;
2491			}
2492			mtx_unlock(&lun->lun_lock);
2493		}
2494
2495		mtx_unlock(&softc->ctl_lock);
2496#else
2497		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2498#endif /* CTL_IO_DELAY */
2499		break;
2500	}
2501	case CTL_REALSYNC_SET: {
2502		int *syncstate;
2503
2504		syncstate = (int *)addr;
2505
2506		mtx_lock(&softc->ctl_lock);
2507		switch (*syncstate) {
2508		case 0:
2509			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2510			break;
2511		case 1:
2512			softc->flags |= CTL_FLAG_REAL_SYNC;
2513			break;
2514		default:
2515			retval = EINVAL;
2516			break;
2517		}
2518		mtx_unlock(&softc->ctl_lock);
2519		break;
2520	}
2521	case CTL_REALSYNC_GET: {
2522		int *syncstate;
2523
2524		syncstate = (int*)addr;
2525
2526		mtx_lock(&softc->ctl_lock);
2527		if (softc->flags & CTL_FLAG_REAL_SYNC)
2528			*syncstate = 1;
2529		else
2530			*syncstate = 0;
2531		mtx_unlock(&softc->ctl_lock);
2532
2533		break;
2534	}
2535	case CTL_SETSYNC:
2536	case CTL_GETSYNC: {
2537		struct ctl_sync_info *sync_info;
2538
2539		sync_info = (struct ctl_sync_info *)addr;
2540
2541		mtx_lock(&softc->ctl_lock);
2542		lun = softc->ctl_luns[sync_info->lun_id];
2543		if (lun == NULL) {
2544			mtx_unlock(&softc->ctl_lock);
2545			sync_info->status = CTL_GS_SYNC_NO_LUN;
2546			break;
2547		}
2548		/*
2549		 * Get or set the sync interval.  We're not bounds checking
2550		 * in the set case, hopefully the user won't do something
2551		 * silly.
2552		 */
2553		mtx_lock(&lun->lun_lock);
2554		mtx_unlock(&softc->ctl_lock);
2555		if (cmd == CTL_GETSYNC)
2556			sync_info->sync_interval = lun->sync_interval;
2557		else
2558			lun->sync_interval = sync_info->sync_interval;
2559		mtx_unlock(&lun->lun_lock);
2560
2561		sync_info->status = CTL_GS_SYNC_OK;
2562
2563		break;
2564	}
2565	case CTL_GETSTATS: {
2566		struct ctl_stats *stats;
2567		int i;
2568
2569		stats = (struct ctl_stats *)addr;
2570
2571		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2572		     stats->alloc_len) {
2573			stats->status = CTL_SS_NEED_MORE_SPACE;
2574			stats->num_luns = softc->num_luns;
2575			break;
2576		}
2577		/*
2578		 * XXX KDM no locking here.  If the LUN list changes,
2579		 * things can blow up.
2580		 */
2581		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2582		     i++, lun = STAILQ_NEXT(lun, links)) {
2583			retval = copyout(&lun->stats, &stats->lun_stats[i],
2584					 sizeof(lun->stats));
2585			if (retval != 0)
2586				break;
2587		}
2588		stats->num_luns = softc->num_luns;
2589		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2590				 softc->num_luns;
2591		stats->status = CTL_SS_OK;
2592#ifdef CTL_TIME_IO
2593		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2594#else
2595		stats->flags = CTL_STATS_FLAG_NONE;
2596#endif
2597		getnanouptime(&stats->timestamp);
2598		break;
2599	}
2600	case CTL_ERROR_INJECT: {
2601		struct ctl_error_desc *err_desc, *new_err_desc;
2602
2603		err_desc = (struct ctl_error_desc *)addr;
2604
2605		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2606				      M_WAITOK | M_ZERO);
2607		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2608
2609		mtx_lock(&softc->ctl_lock);
2610		lun = softc->ctl_luns[err_desc->lun_id];
2611		if (lun == NULL) {
2612			mtx_unlock(&softc->ctl_lock);
2613			free(new_err_desc, M_CTL);
2614			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2615			       __func__, (uintmax_t)err_desc->lun_id);
2616			retval = EINVAL;
2617			break;
2618		}
2619		mtx_lock(&lun->lun_lock);
2620		mtx_unlock(&softc->ctl_lock);
2621
2622		/*
2623		 * We could do some checking here to verify the validity
2624		 * of the request, but given the complexity of error
2625		 * injection requests, the checking logic would be fairly
2626		 * complex.
2627		 *
2628		 * For now, if the request is invalid, it just won't get
2629		 * executed and might get deleted.
2630		 */
2631		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2632
2633		/*
2634		 * XXX KDM check to make sure the serial number is unique,
2635		 * in case we somehow manage to wrap.  That shouldn't
2636		 * happen for a very long time, but it's the right thing to
2637		 * do.
2638		 */
2639		new_err_desc->serial = lun->error_serial;
2640		err_desc->serial = lun->error_serial;
2641		lun->error_serial++;
2642
2643		mtx_unlock(&lun->lun_lock);
2644		break;
2645	}
2646	case CTL_ERROR_INJECT_DELETE: {
2647		struct ctl_error_desc *delete_desc, *desc, *desc2;
2648		int delete_done;
2649
2650		delete_desc = (struct ctl_error_desc *)addr;
2651		delete_done = 0;
2652
2653		mtx_lock(&softc->ctl_lock);
2654		lun = softc->ctl_luns[delete_desc->lun_id];
2655		if (lun == NULL) {
2656			mtx_unlock(&softc->ctl_lock);
2657			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2658			       __func__, (uintmax_t)delete_desc->lun_id);
2659			retval = EINVAL;
2660			break;
2661		}
2662		mtx_lock(&lun->lun_lock);
2663		mtx_unlock(&softc->ctl_lock);
2664		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2665			if (desc->serial != delete_desc->serial)
2666				continue;
2667
2668			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2669				      links);
2670			free(desc, M_CTL);
2671			delete_done = 1;
2672		}
2673		mtx_unlock(&lun->lun_lock);
2674		if (delete_done == 0) {
2675			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2676			       "error serial %ju on LUN %u\n", __func__,
2677			       delete_desc->serial, delete_desc->lun_id);
2678			retval = EINVAL;
2679			break;
2680		}
2681		break;
2682	}
2683	case CTL_DUMP_STRUCTS: {
2684		int i, j, k;
2685		struct ctl_port *port;
2686		struct ctl_frontend *fe;
2687
2688		mtx_lock(&softc->ctl_lock);
2689		printf("CTL Persistent Reservation information start:\n");
2690		for (i = 0; i < CTL_MAX_LUNS; i++) {
2691			lun = softc->ctl_luns[i];
2692
2693			if ((lun == NULL)
2694			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2695				continue;
2696
2697			for (j = 0; j < CTL_MAX_PORTS; j++) {
2698				if (lun->pr_keys[j] == NULL)
2699					continue;
2700				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2701					if (lun->pr_keys[j][k] == 0)
2702						continue;
2703					printf("  LUN %d port %d iid %d key "
2704					       "%#jx\n", i, j, k,
2705					       (uintmax_t)lun->pr_keys[j][k]);
2706				}
2707			}
2708		}
2709		printf("CTL Persistent Reservation information end\n");
2710		printf("CTL Ports:\n");
2711		STAILQ_FOREACH(port, &softc->port_list, links) {
2712			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2713			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2714			       port->frontend->name, port->port_type,
2715			       port->physical_port, port->virtual_port,
2716			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2717			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2718				if (port->wwpn_iid[j].in_use == 0 &&
2719				    port->wwpn_iid[j].wwpn == 0 &&
2720				    port->wwpn_iid[j].name == NULL)
2721					continue;
2722
2723				printf("    iid %u use %d WWPN %#jx '%s'\n",
2724				    j, port->wwpn_iid[j].in_use,
2725				    (uintmax_t)port->wwpn_iid[j].wwpn,
2726				    port->wwpn_iid[j].name);
2727			}
2728		}
2729		printf("CTL Port information end\n");
2730		mtx_unlock(&softc->ctl_lock);
2731		/*
2732		 * XXX KDM calling this without a lock.  We'd likely want
2733		 * to drop the lock before calling the frontend's dump
2734		 * routine anyway.
2735		 */
2736		printf("CTL Frontends:\n");
2737		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2738			printf("  Frontend '%s'\n", fe->name);
2739			if (fe->fe_dump != NULL)
2740				fe->fe_dump();
2741		}
2742		printf("CTL Frontend information end\n");
2743		break;
2744	}
2745	case CTL_LUN_REQ: {
2746		struct ctl_lun_req *lun_req;
2747		struct ctl_backend_driver *backend;
2748
2749		lun_req = (struct ctl_lun_req *)addr;
2750
2751		backend = ctl_backend_find(lun_req->backend);
2752		if (backend == NULL) {
2753			lun_req->status = CTL_LUN_ERROR;
2754			snprintf(lun_req->error_str,
2755				 sizeof(lun_req->error_str),
2756				 "Backend \"%s\" not found.",
2757				 lun_req->backend);
2758			break;
2759		}
2760		if (lun_req->num_be_args > 0) {
2761			lun_req->kern_be_args = ctl_copyin_args(
2762				lun_req->num_be_args,
2763				lun_req->be_args,
2764				lun_req->error_str,
2765				sizeof(lun_req->error_str));
2766			if (lun_req->kern_be_args == NULL) {
2767				lun_req->status = CTL_LUN_ERROR;
2768				break;
2769			}
2770		}
2771
2772		retval = backend->ioctl(dev, cmd, addr, flag, td);
2773
2774		if (lun_req->num_be_args > 0) {
2775			ctl_copyout_args(lun_req->num_be_args,
2776				      lun_req->kern_be_args);
2777			ctl_free_args(lun_req->num_be_args,
2778				      lun_req->kern_be_args);
2779		}
2780		break;
2781	}
2782	case CTL_LUN_LIST: {
2783		struct sbuf *sb;
2784		struct ctl_lun_list *list;
2785		struct ctl_option *opt;
2786
2787		list = (struct ctl_lun_list *)addr;
2788
2789		/*
2790		 * Allocate a fixed length sbuf here, based on the length
2791		 * of the user's buffer.  We could allocate an auto-extending
2792		 * buffer, and then tell the user how much larger our
2793		 * amount of data is than his buffer, but that presents
2794		 * some problems:
2795		 *
2796		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2797		 *     we can't hold a lock while calling them with an
2798		 *     auto-extending buffer.
2799 		 *
2800		 * 2.  There is not currently a LUN reference counting
2801		 *     mechanism, outside of outstanding transactions on
2802		 *     the LUN's OOA queue.  So a LUN could go away on us
2803		 *     while we're getting the LUN number, backend-specific
2804		 *     information, etc.  Thus, given the way things
2805		 *     currently work, we need to hold the CTL lock while
2806		 *     grabbing LUN information.
2807		 *
2808		 * So, from the user's standpoint, the best thing to do is
2809		 * allocate what he thinks is a reasonable buffer length,
2810		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2811		 * double the buffer length and try again.  (And repeat
2812		 * that until he succeeds.)
2813		 */
2814		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2815		if (sb == NULL) {
2816			list->status = CTL_LUN_LIST_ERROR;
2817			snprintf(list->error_str, sizeof(list->error_str),
2818				 "Unable to allocate %d bytes for LUN list",
2819				 list->alloc_len);
2820			break;
2821		}
2822
2823		sbuf_printf(sb, "<ctllunlist>\n");
2824
2825		mtx_lock(&softc->ctl_lock);
2826		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2827			mtx_lock(&lun->lun_lock);
2828			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2829					     (uintmax_t)lun->lun);
2830
2831			/*
2832			 * Bail out as soon as we see that we've overfilled
2833			 * the buffer.
2834			 */
2835			if (retval != 0)
2836				break;
2837
2838			retval = sbuf_printf(sb, "\t<backend_type>%s"
2839					     "</backend_type>\n",
2840					     (lun->backend == NULL) ?  "none" :
2841					     lun->backend->name);
2842
2843			if (retval != 0)
2844				break;
2845
2846			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
2847					     lun->be_lun->lun_type);
2848
2849			if (retval != 0)
2850				break;
2851
2852			if (lun->backend == NULL) {
2853				retval = sbuf_printf(sb, "</lun>\n");
2854				if (retval != 0)
2855					break;
2856				continue;
2857			}
2858
2859			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
2860					     (lun->be_lun->maxlba > 0) ?
2861					     lun->be_lun->maxlba + 1 : 0);
2862
2863			if (retval != 0)
2864				break;
2865
2866			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
2867					     lun->be_lun->blocksize);
2868
2869			if (retval != 0)
2870				break;
2871
2872			retval = sbuf_printf(sb, "\t<serial_number>");
2873
2874			if (retval != 0)
2875				break;
2876
2877			retval = ctl_sbuf_printf_esc(sb,
2878			    lun->be_lun->serial_num,
2879			    sizeof(lun->be_lun->serial_num));
2880
2881			if (retval != 0)
2882				break;
2883
2884			retval = sbuf_printf(sb, "</serial_number>\n");
2885
2886			if (retval != 0)
2887				break;
2888
2889			retval = sbuf_printf(sb, "\t<device_id>");
2890
2891			if (retval != 0)
2892				break;
2893
2894			retval = ctl_sbuf_printf_esc(sb,
2895			    lun->be_lun->device_id,
2896			    sizeof(lun->be_lun->device_id));
2897
2898			if (retval != 0)
2899				break;
2900
2901			retval = sbuf_printf(sb, "</device_id>\n");
2902
2903			if (retval != 0)
2904				break;
2905
2906			if (lun->backend->lun_info != NULL) {
2907				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
2908				if (retval != 0)
2909					break;
2910			}
2911			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
2912				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
2913				    opt->name, opt->value, opt->name);
2914				if (retval != 0)
2915					break;
2916			}
2917
2918			retval = sbuf_printf(sb, "</lun>\n");
2919
2920			if (retval != 0)
2921				break;
2922			mtx_unlock(&lun->lun_lock);
2923		}
2924		if (lun != NULL)
2925			mtx_unlock(&lun->lun_lock);
2926		mtx_unlock(&softc->ctl_lock);
2927
2928		if ((retval != 0)
2929		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
2930			retval = 0;
2931			sbuf_delete(sb);
2932			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
2933			snprintf(list->error_str, sizeof(list->error_str),
2934				 "Out of space, %d bytes is too small",
2935				 list->alloc_len);
2936			break;
2937		}
2938
2939		sbuf_finish(sb);
2940
2941		retval = copyout(sbuf_data(sb), list->lun_xml,
2942				 sbuf_len(sb) + 1);
2943
2944		list->fill_len = sbuf_len(sb) + 1;
2945		list->status = CTL_LUN_LIST_OK;
2946		sbuf_delete(sb);
2947		break;
2948	}
2949	case CTL_ISCSI: {
2950		struct ctl_iscsi *ci;
2951		struct ctl_frontend *fe;
2952
2953		ci = (struct ctl_iscsi *)addr;
2954
2955		fe = ctl_frontend_find("iscsi");
2956		if (fe == NULL) {
2957			ci->status = CTL_ISCSI_ERROR;
2958			snprintf(ci->error_str, sizeof(ci->error_str),
2959			    "Frontend \"iscsi\" not found.");
2960			break;
2961		}
2962
2963		retval = fe->ioctl(dev, cmd, addr, flag, td);
2964		break;
2965	}
2966	case CTL_PORT_REQ: {
2967		struct ctl_req *req;
2968		struct ctl_frontend *fe;
2969
2970		req = (struct ctl_req *)addr;
2971
2972		fe = ctl_frontend_find(req->driver);
2973		if (fe == NULL) {
2974			req->status = CTL_LUN_ERROR;
2975			snprintf(req->error_str, sizeof(req->error_str),
2976			    "Frontend \"%s\" not found.", req->driver);
2977			break;
2978		}
2979		if (req->num_args > 0) {
2980			req->kern_args = ctl_copyin_args(req->num_args,
2981			    req->args, req->error_str, sizeof(req->error_str));
2982			if (req->kern_args == NULL) {
2983				req->status = CTL_LUN_ERROR;
2984				break;
2985			}
2986		}
2987
2988		if (fe->ioctl)
2989			retval = fe->ioctl(dev, cmd, addr, flag, td);
2990		else
2991			retval = ENODEV;
2992
2993		if (req->num_args > 0) {
2994			ctl_copyout_args(req->num_args, req->kern_args);
2995			ctl_free_args(req->num_args, req->kern_args);
2996		}
2997		break;
2998	}
2999	case CTL_PORT_LIST: {
3000		struct sbuf *sb;
3001		struct ctl_port *port;
3002		struct ctl_lun_list *list;
3003		struct ctl_option *opt;
3004		int j;
3005		uint32_t plun;
3006
3007		list = (struct ctl_lun_list *)addr;
3008
3009		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3010		if (sb == NULL) {
3011			list->status = CTL_LUN_LIST_ERROR;
3012			snprintf(list->error_str, sizeof(list->error_str),
3013				 "Unable to allocate %d bytes for LUN list",
3014				 list->alloc_len);
3015			break;
3016		}
3017
3018		sbuf_printf(sb, "<ctlportlist>\n");
3019
3020		mtx_lock(&softc->ctl_lock);
3021		STAILQ_FOREACH(port, &softc->port_list, links) {
3022			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3023					     (uintmax_t)port->targ_port);
3024
3025			/*
3026			 * Bail out as soon as we see that we've overfilled
3027			 * the buffer.
3028			 */
3029			if (retval != 0)
3030				break;
3031
3032			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3033			    "</frontend_type>\n", port->frontend->name);
3034			if (retval != 0)
3035				break;
3036
3037			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3038					     port->port_type);
3039			if (retval != 0)
3040				break;
3041
3042			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3043			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3044			if (retval != 0)
3045				break;
3046
3047			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3048			    port->port_name);
3049			if (retval != 0)
3050				break;
3051
3052			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3053			    port->physical_port);
3054			if (retval != 0)
3055				break;
3056
3057			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3058			    port->virtual_port);
3059			if (retval != 0)
3060				break;
3061
3062			if (port->target_devid != NULL) {
3063				sbuf_printf(sb, "\t<target>");
3064				ctl_id_sbuf(port->target_devid, sb);
3065				sbuf_printf(sb, "</target>\n");
3066			}
3067
3068			if (port->port_devid != NULL) {
3069				sbuf_printf(sb, "\t<port>");
3070				ctl_id_sbuf(port->port_devid, sb);
3071				sbuf_printf(sb, "</port>\n");
3072			}
3073
3074			if (port->port_info != NULL) {
3075				retval = port->port_info(port->onoff_arg, sb);
3076				if (retval != 0)
3077					break;
3078			}
3079			STAILQ_FOREACH(opt, &port->options, links) {
3080				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3081				    opt->name, opt->value, opt->name);
3082				if (retval != 0)
3083					break;
3084			}
3085
3086			if (port->lun_map != NULL) {
3087				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3088				for (j = 0; j < CTL_MAX_LUNS; j++) {
3089					plun = ctl_lun_map_from_port(port, j);
3090					if (plun >= CTL_MAX_LUNS)
3091						continue;
3092					sbuf_printf(sb,
3093					    "\t<lun id=\"%u\">%u</lun>\n",
3094					    j, plun);
3095				}
3096			}
3097
3098			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3099				if (port->wwpn_iid[j].in_use == 0 ||
3100				    (port->wwpn_iid[j].wwpn == 0 &&
3101				     port->wwpn_iid[j].name == NULL))
3102					continue;
3103
3104				if (port->wwpn_iid[j].name != NULL)
3105					retval = sbuf_printf(sb,
3106					    "\t<initiator id=\"%u\">%s</initiator>\n",
3107					    j, port->wwpn_iid[j].name);
3108				else
3109					retval = sbuf_printf(sb,
3110					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3111					    j, port->wwpn_iid[j].wwpn);
3112				if (retval != 0)
3113					break;
3114			}
3115			if (retval != 0)
3116				break;
3117
3118			retval = sbuf_printf(sb, "</targ_port>\n");
3119			if (retval != 0)
3120				break;
3121		}
3122		mtx_unlock(&softc->ctl_lock);
3123
3124		if ((retval != 0)
3125		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3126			retval = 0;
3127			sbuf_delete(sb);
3128			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3129			snprintf(list->error_str, sizeof(list->error_str),
3130				 "Out of space, %d bytes is too small",
3131				 list->alloc_len);
3132			break;
3133		}
3134
3135		sbuf_finish(sb);
3136
3137		retval = copyout(sbuf_data(sb), list->lun_xml,
3138				 sbuf_len(sb) + 1);
3139
3140		list->fill_len = sbuf_len(sb) + 1;
3141		list->status = CTL_LUN_LIST_OK;
3142		sbuf_delete(sb);
3143		break;
3144	}
3145	case CTL_LUN_MAP: {
3146		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3147		struct ctl_port *port;
3148
3149		mtx_lock(&softc->ctl_lock);
3150		if (lm->port < softc->port_min ||
3151		    lm->port >= softc->port_max ||
3152		    (port = softc->ctl_ports[lm->port]) == NULL) {
3153			mtx_unlock(&softc->ctl_lock);
3154			return (ENXIO);
3155		}
3156		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3157			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
3158				continue;
3159			mtx_lock(&lun->lun_lock);
3160			ctl_est_ua_port(lun, lm->port, -1, CTL_UA_LUN_CHANGE);
3161			mtx_unlock(&lun->lun_lock);
3162		}
3163		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3164		if (lm->plun < CTL_MAX_LUNS) {
3165			if (lm->lun == UINT32_MAX)
3166				retval = ctl_lun_map_unset(port, lm->plun);
3167			else if (lm->lun < CTL_MAX_LUNS &&
3168			    softc->ctl_luns[lm->lun] != NULL)
3169				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3170			else
3171				return (ENXIO);
3172		} else if (lm->plun == UINT32_MAX) {
3173			if (lm->lun == UINT32_MAX)
3174				retval = ctl_lun_map_deinit(port);
3175			else
3176				retval = ctl_lun_map_init(port);
3177		} else
3178			return (ENXIO);
3179		break;
3180	}
3181	default: {
3182		/* XXX KDM should we fix this? */
3183#if 0
3184		struct ctl_backend_driver *backend;
3185		unsigned int type;
3186		int found;
3187
3188		found = 0;
3189
3190		/*
3191		 * We encode the backend type as the ioctl type for backend
3192		 * ioctls.  So parse it out here, and then search for a
3193		 * backend of this type.
3194		 */
3195		type = _IOC_TYPE(cmd);
3196
3197		STAILQ_FOREACH(backend, &softc->be_list, links) {
3198			if (backend->type == type) {
3199				found = 1;
3200				break;
3201			}
3202		}
3203		if (found == 0) {
3204			printf("ctl: unknown ioctl command %#lx or backend "
3205			       "%d\n", cmd, type);
3206			retval = EINVAL;
3207			break;
3208		}
3209		retval = backend->ioctl(dev, cmd, addr, flag, td);
3210#endif
3211		retval = ENOTTY;
3212		break;
3213	}
3214	}
3215	return (retval);
3216}
3217
3218uint32_t
3219ctl_get_initindex(struct ctl_nexus *nexus)
3220{
3221	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3222}
3223
3224int
3225ctl_lun_map_init(struct ctl_port *port)
3226{
3227	struct ctl_softc *softc = control_softc;
3228	struct ctl_lun *lun;
3229	uint32_t i;
3230
3231	if (port->lun_map == NULL)
3232		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3233		    M_CTL, M_NOWAIT);
3234	if (port->lun_map == NULL)
3235		return (ENOMEM);
3236	for (i = 0; i < CTL_MAX_LUNS; i++)
3237		port->lun_map[i] = UINT32_MAX;
3238	if (port->status & CTL_PORT_STATUS_ONLINE) {
3239		if (port->lun_disable != NULL) {
3240			STAILQ_FOREACH(lun, &softc->lun_list, links)
3241				port->lun_disable(port->targ_lun_arg, lun->lun);
3242		}
3243		ctl_isc_announce_port(port);
3244	}
3245	return (0);
3246}
3247
3248int
3249ctl_lun_map_deinit(struct ctl_port *port)
3250{
3251	struct ctl_softc *softc = control_softc;
3252	struct ctl_lun *lun;
3253
3254	if (port->lun_map == NULL)
3255		return (0);
3256	free(port->lun_map, M_CTL);
3257	port->lun_map = NULL;
3258	if (port->status & CTL_PORT_STATUS_ONLINE) {
3259		if (port->lun_enable != NULL) {
3260			STAILQ_FOREACH(lun, &softc->lun_list, links)
3261				port->lun_enable(port->targ_lun_arg, lun->lun);
3262		}
3263		ctl_isc_announce_port(port);
3264	}
3265	return (0);
3266}
3267
3268int
3269ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3270{
3271	int status;
3272	uint32_t old;
3273
3274	if (port->lun_map == NULL) {
3275		status = ctl_lun_map_init(port);
3276		if (status != 0)
3277			return (status);
3278	}
3279	old = port->lun_map[plun];
3280	port->lun_map[plun] = glun;
3281	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3282		if (port->lun_enable != NULL)
3283			port->lun_enable(port->targ_lun_arg, plun);
3284		ctl_isc_announce_port(port);
3285	}
3286	return (0);
3287}
3288
3289int
3290ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3291{
3292	uint32_t old;
3293
3294	if (port->lun_map == NULL)
3295		return (0);
3296	old = port->lun_map[plun];
3297	port->lun_map[plun] = UINT32_MAX;
3298	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3299		if (port->lun_disable != NULL)
3300			port->lun_disable(port->targ_lun_arg, plun);
3301		ctl_isc_announce_port(port);
3302	}
3303	return (0);
3304}
3305
3306uint32_t
3307ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3308{
3309
3310	if (port == NULL)
3311		return (UINT32_MAX);
3312	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3313		return (lun_id);
3314	return (port->lun_map[lun_id]);
3315}
3316
3317uint32_t
3318ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3319{
3320	uint32_t i;
3321
3322	if (port == NULL)
3323		return (UINT32_MAX);
3324	if (port->lun_map == NULL)
3325		return (lun_id);
3326	for (i = 0; i < CTL_MAX_LUNS; i++) {
3327		if (port->lun_map[i] == lun_id)
3328			return (i);
3329	}
3330	return (UINT32_MAX);
3331}
3332
3333static struct ctl_port *
3334ctl_io_port(struct ctl_io_hdr *io_hdr)
3335{
3336
3337	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3338}
3339
3340int
3341ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3342{
3343	int i;
3344
3345	for (i = first; i < last; i++) {
3346		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3347			return (i);
3348	}
3349	return (-1);
3350}
3351
3352int
3353ctl_set_mask(uint32_t *mask, uint32_t bit)
3354{
3355	uint32_t chunk, piece;
3356
3357	chunk = bit >> 5;
3358	piece = bit % (sizeof(uint32_t) * 8);
3359
3360	if ((mask[chunk] & (1 << piece)) != 0)
3361		return (-1);
3362	else
3363		mask[chunk] |= (1 << piece);
3364
3365	return (0);
3366}
3367
3368int
3369ctl_clear_mask(uint32_t *mask, uint32_t bit)
3370{
3371	uint32_t chunk, piece;
3372
3373	chunk = bit >> 5;
3374	piece = bit % (sizeof(uint32_t) * 8);
3375
3376	if ((mask[chunk] & (1 << piece)) == 0)
3377		return (-1);
3378	else
3379		mask[chunk] &= ~(1 << piece);
3380
3381	return (0);
3382}
3383
3384int
3385ctl_is_set(uint32_t *mask, uint32_t bit)
3386{
3387	uint32_t chunk, piece;
3388
3389	chunk = bit >> 5;
3390	piece = bit % (sizeof(uint32_t) * 8);
3391
3392	if ((mask[chunk] & (1 << piece)) == 0)
3393		return (0);
3394	else
3395		return (1);
3396}
3397
3398static uint64_t
3399ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3400{
3401	uint64_t *t;
3402
3403	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3404	if (t == NULL)
3405		return (0);
3406	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3407}
3408
3409static void
3410ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3411{
3412	uint64_t *t;
3413
3414	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3415	if (t == NULL)
3416		return;
3417	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3418}
3419
3420static void
3421ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3422{
3423	uint64_t *p;
3424	u_int i;
3425
3426	i = residx/CTL_MAX_INIT_PER_PORT;
3427	if (lun->pr_keys[i] != NULL)
3428		return;
3429	mtx_unlock(&lun->lun_lock);
3430	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3431	    M_WAITOK | M_ZERO);
3432	mtx_lock(&lun->lun_lock);
3433	if (lun->pr_keys[i] == NULL)
3434		lun->pr_keys[i] = p;
3435	else
3436		free(p, M_CTL);
3437}
3438
3439static void
3440ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3441{
3442	uint64_t *t;
3443
3444	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3445	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3446	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3447}
3448
3449/*
3450 * ctl_softc, pool_name, total_ctl_io are passed in.
3451 * npool is passed out.
3452 */
3453int
3454ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3455		uint32_t total_ctl_io, void **npool)
3456{
3457#ifdef IO_POOLS
3458	struct ctl_io_pool *pool;
3459
3460	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3461					    M_NOWAIT | M_ZERO);
3462	if (pool == NULL)
3463		return (ENOMEM);
3464
3465	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3466	pool->ctl_softc = ctl_softc;
3467	pool->zone = uma_zsecond_create(pool->name, NULL,
3468	    NULL, NULL, NULL, ctl_softc->io_zone);
3469	/* uma_prealloc(pool->zone, total_ctl_io); */
3470
3471	*npool = pool;
3472#else
3473	*npool = ctl_softc->io_zone;
3474#endif
3475	return (0);
3476}
3477
3478void
3479ctl_pool_free(struct ctl_io_pool *pool)
3480{
3481
3482	if (pool == NULL)
3483		return;
3484
3485#ifdef IO_POOLS
3486	uma_zdestroy(pool->zone);
3487	free(pool, M_CTL);
3488#endif
3489}
3490
3491union ctl_io *
3492ctl_alloc_io(void *pool_ref)
3493{
3494	union ctl_io *io;
3495#ifdef IO_POOLS
3496	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3497
3498	io = uma_zalloc(pool->zone, M_WAITOK);
3499#else
3500	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3501#endif
3502	if (io != NULL)
3503		io->io_hdr.pool = pool_ref;
3504	return (io);
3505}
3506
3507union ctl_io *
3508ctl_alloc_io_nowait(void *pool_ref)
3509{
3510	union ctl_io *io;
3511#ifdef IO_POOLS
3512	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3513
3514	io = uma_zalloc(pool->zone, M_NOWAIT);
3515#else
3516	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3517#endif
3518	if (io != NULL)
3519		io->io_hdr.pool = pool_ref;
3520	return (io);
3521}
3522
3523void
3524ctl_free_io(union ctl_io *io)
3525{
3526#ifdef IO_POOLS
3527	struct ctl_io_pool *pool;
3528#endif
3529
3530	if (io == NULL)
3531		return;
3532
3533#ifdef IO_POOLS
3534	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3535	uma_zfree(pool->zone, io);
3536#else
3537	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3538#endif
3539}
3540
3541void
3542ctl_zero_io(union ctl_io *io)
3543{
3544	void *pool_ref;
3545
3546	if (io == NULL)
3547		return;
3548
3549	/*
3550	 * May need to preserve linked list pointers at some point too.
3551	 */
3552	pool_ref = io->io_hdr.pool;
3553	memset(io, 0, sizeof(*io));
3554	io->io_hdr.pool = pool_ref;
3555}
3556
3557/*
3558 * This routine is currently used for internal copies of ctl_ios that need
3559 * to persist for some reason after we've already returned status to the
3560 * FETD.  (Thus the flag set.)
3561 *
3562 * XXX XXX
3563 * Note that this makes a blind copy of all fields in the ctl_io, except
3564 * for the pool reference.  This includes any memory that has been
3565 * allocated!  That memory will no longer be valid after done has been
3566 * called, so this would be VERY DANGEROUS for command that actually does
3567 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3568 * start and stop commands, which don't transfer any data, so this is not a
3569 * problem.  If it is used for anything else, the caller would also need to
3570 * allocate data buffer space and this routine would need to be modified to
3571 * copy the data buffer(s) as well.
3572 */
3573void
3574ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3575{
3576	void *pool_ref;
3577
3578	if ((src == NULL)
3579	 || (dest == NULL))
3580		return;
3581
3582	/*
3583	 * May need to preserve linked list pointers at some point too.
3584	 */
3585	pool_ref = dest->io_hdr.pool;
3586
3587	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3588
3589	dest->io_hdr.pool = pool_ref;
3590	/*
3591	 * We need to know that this is an internal copy, and doesn't need
3592	 * to get passed back to the FETD that allocated it.
3593	 */
3594	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3595}
3596
3597int
3598ctl_expand_number(const char *buf, uint64_t *num)
3599{
3600	char *endptr;
3601	uint64_t number;
3602	unsigned shift;
3603
3604	number = strtoq(buf, &endptr, 0);
3605
3606	switch (tolower((unsigned char)*endptr)) {
3607	case 'e':
3608		shift = 60;
3609		break;
3610	case 'p':
3611		shift = 50;
3612		break;
3613	case 't':
3614		shift = 40;
3615		break;
3616	case 'g':
3617		shift = 30;
3618		break;
3619	case 'm':
3620		shift = 20;
3621		break;
3622	case 'k':
3623		shift = 10;
3624		break;
3625	case 'b':
3626	case '\0': /* No unit. */
3627		*num = number;
3628		return (0);
3629	default:
3630		/* Unrecognized unit. */
3631		return (-1);
3632	}
3633
3634	if ((number << shift) >> shift != number) {
3635		/* Overflow */
3636		return (-1);
3637	}
3638	*num = number << shift;
3639	return (0);
3640}
3641
3642
3643/*
3644 * This routine could be used in the future to load default and/or saved
3645 * mode page parameters for a particuar lun.
3646 */
3647static int
3648ctl_init_page_index(struct ctl_lun *lun)
3649{
3650	int i;
3651	struct ctl_page_index *page_index;
3652	const char *value;
3653	uint64_t ival;
3654
3655	memcpy(&lun->mode_pages.index, page_index_template,
3656	       sizeof(page_index_template));
3657
3658	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3659
3660		page_index = &lun->mode_pages.index[i];
3661		/*
3662		 * If this is a disk-only mode page, there's no point in
3663		 * setting it up.  For some pages, we have to have some
3664		 * basic information about the disk in order to calculate the
3665		 * mode page data.
3666		 */
3667		if ((lun->be_lun->lun_type != T_DIRECT)
3668		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3669			continue;
3670
3671		switch (page_index->page_code & SMPH_PC_MASK) {
3672		case SMS_RW_ERROR_RECOVERY_PAGE: {
3673			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3674				panic("subpage is incorrect!");
3675			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3676			       &rw_er_page_default,
3677			       sizeof(rw_er_page_default));
3678			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3679			       &rw_er_page_changeable,
3680			       sizeof(rw_er_page_changeable));
3681			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3682			       &rw_er_page_default,
3683			       sizeof(rw_er_page_default));
3684			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3685			       &rw_er_page_default,
3686			       sizeof(rw_er_page_default));
3687			page_index->page_data =
3688				(uint8_t *)lun->mode_pages.rw_er_page;
3689			break;
3690		}
3691		case SMS_FORMAT_DEVICE_PAGE: {
3692			struct scsi_format_page *format_page;
3693
3694			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3695				panic("subpage is incorrect!");
3696
3697			/*
3698			 * Sectors per track are set above.  Bytes per
3699			 * sector need to be set here on a per-LUN basis.
3700			 */
3701			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3702			       &format_page_default,
3703			       sizeof(format_page_default));
3704			memcpy(&lun->mode_pages.format_page[
3705			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3706			       sizeof(format_page_changeable));
3707			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3708			       &format_page_default,
3709			       sizeof(format_page_default));
3710			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3711			       &format_page_default,
3712			       sizeof(format_page_default));
3713
3714			format_page = &lun->mode_pages.format_page[
3715				CTL_PAGE_CURRENT];
3716			scsi_ulto2b(lun->be_lun->blocksize,
3717				    format_page->bytes_per_sector);
3718
3719			format_page = &lun->mode_pages.format_page[
3720				CTL_PAGE_DEFAULT];
3721			scsi_ulto2b(lun->be_lun->blocksize,
3722				    format_page->bytes_per_sector);
3723
3724			format_page = &lun->mode_pages.format_page[
3725				CTL_PAGE_SAVED];
3726			scsi_ulto2b(lun->be_lun->blocksize,
3727				    format_page->bytes_per_sector);
3728
3729			page_index->page_data =
3730				(uint8_t *)lun->mode_pages.format_page;
3731			break;
3732		}
3733		case SMS_RIGID_DISK_PAGE: {
3734			struct scsi_rigid_disk_page *rigid_disk_page;
3735			uint32_t sectors_per_cylinder;
3736			uint64_t cylinders;
3737#ifndef	__XSCALE__
3738			int shift;
3739#endif /* !__XSCALE__ */
3740
3741			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3742				panic("invalid subpage value %d",
3743				      page_index->subpage);
3744
3745			/*
3746			 * Rotation rate and sectors per track are set
3747			 * above.  We calculate the cylinders here based on
3748			 * capacity.  Due to the number of heads and
3749			 * sectors per track we're using, smaller arrays
3750			 * may turn out to have 0 cylinders.  Linux and
3751			 * FreeBSD don't pay attention to these mode pages
3752			 * to figure out capacity, but Solaris does.  It
3753			 * seems to deal with 0 cylinders just fine, and
3754			 * works out a fake geometry based on the capacity.
3755			 */
3756			memcpy(&lun->mode_pages.rigid_disk_page[
3757			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3758			       sizeof(rigid_disk_page_default));
3759			memcpy(&lun->mode_pages.rigid_disk_page[
3760			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3761			       sizeof(rigid_disk_page_changeable));
3762
3763			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3764				CTL_DEFAULT_HEADS;
3765
3766			/*
3767			 * The divide method here will be more accurate,
3768			 * probably, but results in floating point being
3769			 * used in the kernel on i386 (__udivdi3()).  On the
3770			 * XScale, though, __udivdi3() is implemented in
3771			 * software.
3772			 *
3773			 * The shift method for cylinder calculation is
3774			 * accurate if sectors_per_cylinder is a power of
3775			 * 2.  Otherwise it might be slightly off -- you
3776			 * might have a bit of a truncation problem.
3777			 */
3778#ifdef	__XSCALE__
3779			cylinders = (lun->be_lun->maxlba + 1) /
3780				sectors_per_cylinder;
3781#else
3782			for (shift = 31; shift > 0; shift--) {
3783				if (sectors_per_cylinder & (1 << shift))
3784					break;
3785			}
3786			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3787#endif
3788
3789			/*
3790			 * We've basically got 3 bytes, or 24 bits for the
3791			 * cylinder size in the mode page.  If we're over,
3792			 * just round down to 2^24.
3793			 */
3794			if (cylinders > 0xffffff)
3795				cylinders = 0xffffff;
3796
3797			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3798				CTL_PAGE_DEFAULT];
3799			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3800
3801			if ((value = ctl_get_opt(&lun->be_lun->options,
3802			    "rpm")) != NULL) {
3803				scsi_ulto2b(strtol(value, NULL, 0),
3804				     rigid_disk_page->rotation_rate);
3805			}
3806
3807			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3808			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3809			       sizeof(rigid_disk_page_default));
3810			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3811			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3812			       sizeof(rigid_disk_page_default));
3813
3814			page_index->page_data =
3815				(uint8_t *)lun->mode_pages.rigid_disk_page;
3816			break;
3817		}
3818		case SMS_CACHING_PAGE: {
3819			struct scsi_caching_page *caching_page;
3820
3821			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3822				panic("invalid subpage value %d",
3823				      page_index->subpage);
3824			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3825			       &caching_page_default,
3826			       sizeof(caching_page_default));
3827			memcpy(&lun->mode_pages.caching_page[
3828			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3829			       sizeof(caching_page_changeable));
3830			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3831			       &caching_page_default,
3832			       sizeof(caching_page_default));
3833			caching_page = &lun->mode_pages.caching_page[
3834			    CTL_PAGE_SAVED];
3835			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3836			if (value != NULL && strcmp(value, "off") == 0)
3837				caching_page->flags1 &= ~SCP_WCE;
3838			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3839			if (value != NULL && strcmp(value, "off") == 0)
3840				caching_page->flags1 |= SCP_RCD;
3841			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3842			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3843			       sizeof(caching_page_default));
3844			page_index->page_data =
3845				(uint8_t *)lun->mode_pages.caching_page;
3846			break;
3847		}
3848		case SMS_CONTROL_MODE_PAGE: {
3849			struct scsi_control_page *control_page;
3850
3851			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3852				panic("invalid subpage value %d",
3853				      page_index->subpage);
3854
3855			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
3856			       &control_page_default,
3857			       sizeof(control_page_default));
3858			memcpy(&lun->mode_pages.control_page[
3859			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
3860			       sizeof(control_page_changeable));
3861			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
3862			       &control_page_default,
3863			       sizeof(control_page_default));
3864			control_page = &lun->mode_pages.control_page[
3865			    CTL_PAGE_SAVED];
3866			value = ctl_get_opt(&lun->be_lun->options, "reordering");
3867			if (value != NULL && strcmp(value, "unrestricted") == 0) {
3868				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
3869				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
3870			}
3871			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3872			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
3873			       sizeof(control_page_default));
3874			page_index->page_data =
3875				(uint8_t *)lun->mode_pages.control_page;
3876			break;
3877
3878		}
3879		case SMS_INFO_EXCEPTIONS_PAGE: {
3880			switch (page_index->subpage) {
3881			case SMS_SUBPAGE_PAGE_0:
3882				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
3883				       &ie_page_default,
3884				       sizeof(ie_page_default));
3885				memcpy(&lun->mode_pages.ie_page[
3886				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
3887				       sizeof(ie_page_changeable));
3888				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
3889				       &ie_page_default,
3890				       sizeof(ie_page_default));
3891				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
3892				       &ie_page_default,
3893				       sizeof(ie_page_default));
3894				page_index->page_data =
3895					(uint8_t *)lun->mode_pages.ie_page;
3896				break;
3897			case 0x02: {
3898				struct ctl_logical_block_provisioning_page *page;
3899
3900				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
3901				       &lbp_page_default,
3902				       sizeof(lbp_page_default));
3903				memcpy(&lun->mode_pages.lbp_page[
3904				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
3905				       sizeof(lbp_page_changeable));
3906				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3907				       &lbp_page_default,
3908				       sizeof(lbp_page_default));
3909				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
3910				value = ctl_get_opt(&lun->be_lun->options,
3911				    "avail-threshold");
3912				if (value != NULL &&
3913				    ctl_expand_number(value, &ival) == 0) {
3914					page->descr[0].flags |= SLBPPD_ENABLED |
3915					    SLBPPD_ARMING_DEC;
3916					if (lun->be_lun->blocksize)
3917						ival /= lun->be_lun->blocksize;
3918					else
3919						ival /= 512;
3920					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3921					    page->descr[0].count);
3922				}
3923				value = ctl_get_opt(&lun->be_lun->options,
3924				    "used-threshold");
3925				if (value != NULL &&
3926				    ctl_expand_number(value, &ival) == 0) {
3927					page->descr[1].flags |= SLBPPD_ENABLED |
3928					    SLBPPD_ARMING_INC;
3929					if (lun->be_lun->blocksize)
3930						ival /= lun->be_lun->blocksize;
3931					else
3932						ival /= 512;
3933					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3934					    page->descr[1].count);
3935				}
3936				value = ctl_get_opt(&lun->be_lun->options,
3937				    "pool-avail-threshold");
3938				if (value != NULL &&
3939				    ctl_expand_number(value, &ival) == 0) {
3940					page->descr[2].flags |= SLBPPD_ENABLED |
3941					    SLBPPD_ARMING_DEC;
3942					if (lun->be_lun->blocksize)
3943						ival /= lun->be_lun->blocksize;
3944					else
3945						ival /= 512;
3946					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3947					    page->descr[2].count);
3948				}
3949				value = ctl_get_opt(&lun->be_lun->options,
3950				    "pool-used-threshold");
3951				if (value != NULL &&
3952				    ctl_expand_number(value, &ival) == 0) {
3953					page->descr[3].flags |= SLBPPD_ENABLED |
3954					    SLBPPD_ARMING_INC;
3955					if (lun->be_lun->blocksize)
3956						ival /= lun->be_lun->blocksize;
3957					else
3958						ival /= 512;
3959					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3960					    page->descr[3].count);
3961				}
3962				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
3963				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3964				       sizeof(lbp_page_default));
3965				page_index->page_data =
3966					(uint8_t *)lun->mode_pages.lbp_page;
3967			}}
3968			break;
3969		}
3970		case SMS_VENDOR_SPECIFIC_PAGE:{
3971			switch (page_index->subpage) {
3972			case DBGCNF_SUBPAGE_CODE: {
3973				struct copan_debugconf_subpage *current_page,
3974							       *saved_page;
3975
3976				memcpy(&lun->mode_pages.debugconf_subpage[
3977				       CTL_PAGE_CURRENT],
3978				       &debugconf_page_default,
3979				       sizeof(debugconf_page_default));
3980				memcpy(&lun->mode_pages.debugconf_subpage[
3981				       CTL_PAGE_CHANGEABLE],
3982				       &debugconf_page_changeable,
3983				       sizeof(debugconf_page_changeable));
3984				memcpy(&lun->mode_pages.debugconf_subpage[
3985				       CTL_PAGE_DEFAULT],
3986				       &debugconf_page_default,
3987				       sizeof(debugconf_page_default));
3988				memcpy(&lun->mode_pages.debugconf_subpage[
3989				       CTL_PAGE_SAVED],
3990				       &debugconf_page_default,
3991				       sizeof(debugconf_page_default));
3992				page_index->page_data =
3993					(uint8_t *)lun->mode_pages.debugconf_subpage;
3994
3995				current_page = (struct copan_debugconf_subpage *)
3996					(page_index->page_data +
3997					 (page_index->page_len *
3998					  CTL_PAGE_CURRENT));
3999				saved_page = (struct copan_debugconf_subpage *)
4000					(page_index->page_data +
4001					 (page_index->page_len *
4002					  CTL_PAGE_SAVED));
4003				break;
4004			}
4005			default:
4006				panic("invalid subpage value %d",
4007				      page_index->subpage);
4008				break;
4009			}
4010   			break;
4011		}
4012		default:
4013			panic("invalid page value %d",
4014			      page_index->page_code & SMPH_PC_MASK);
4015			break;
4016    	}
4017	}
4018
4019	return (CTL_RETVAL_COMPLETE);
4020}
4021
4022static int
4023ctl_init_log_page_index(struct ctl_lun *lun)
4024{
4025	struct ctl_page_index *page_index;
4026	int i, j, k, prev;
4027
4028	memcpy(&lun->log_pages.index, log_page_index_template,
4029	       sizeof(log_page_index_template));
4030
4031	prev = -1;
4032	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4033
4034		page_index = &lun->log_pages.index[i];
4035		/*
4036		 * If this is a disk-only mode page, there's no point in
4037		 * setting it up.  For some pages, we have to have some
4038		 * basic information about the disk in order to calculate the
4039		 * mode page data.
4040		 */
4041		if ((lun->be_lun->lun_type != T_DIRECT)
4042		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4043			continue;
4044
4045		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4046		     lun->backend->lun_attr == NULL)
4047			continue;
4048
4049		if (page_index->page_code != prev) {
4050			lun->log_pages.pages_page[j] = page_index->page_code;
4051			prev = page_index->page_code;
4052			j++;
4053		}
4054		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4055		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4056		k++;
4057	}
4058	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4059	lun->log_pages.index[0].page_len = j;
4060	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4061	lun->log_pages.index[1].page_len = k * 2;
4062	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4063	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4064	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4065	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4066
4067	return (CTL_RETVAL_COMPLETE);
4068}
4069
4070static int
4071hex2bin(const char *str, uint8_t *buf, int buf_size)
4072{
4073	int i;
4074	u_char c;
4075
4076	memset(buf, 0, buf_size);
4077	while (isspace(str[0]))
4078		str++;
4079	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4080		str += 2;
4081	buf_size *= 2;
4082	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4083		c = str[i];
4084		if (isdigit(c))
4085			c -= '0';
4086		else if (isalpha(c))
4087			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4088		else
4089			break;
4090		if (c >= 16)
4091			break;
4092		if ((i & 1) == 0)
4093			buf[i / 2] |= (c << 4);
4094		else
4095			buf[i / 2] |= c;
4096	}
4097	return ((i + 1) / 2);
4098}
4099
4100/*
4101 * LUN allocation.
4102 *
4103 * Requirements:
4104 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4105 *   wants us to allocate the LUN and he can block.
4106 * - ctl_softc is always set
4107 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4108 *
4109 * Returns 0 for success, non-zero (errno) for failure.
4110 */
4111static int
4112ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4113	      struct ctl_be_lun *const be_lun)
4114{
4115	struct ctl_lun *nlun, *lun;
4116	struct scsi_vpd_id_descriptor *desc;
4117	struct scsi_vpd_id_t10 *t10id;
4118	const char *eui, *naa, *scsiname, *vendor;
4119	int lun_number, i, lun_malloced;
4120	int devidlen, idlen1, idlen2 = 0, len;
4121
4122	if (be_lun == NULL)
4123		return (EINVAL);
4124
4125	/*
4126	 * We currently only support Direct Access or Processor LUN types.
4127	 */
4128	switch (be_lun->lun_type) {
4129	case T_DIRECT:
4130		break;
4131	case T_PROCESSOR:
4132		break;
4133	case T_SEQUENTIAL:
4134	case T_CHANGER:
4135	default:
4136		be_lun->lun_config_status(be_lun->be_lun,
4137					  CTL_LUN_CONFIG_FAILURE);
4138		break;
4139	}
4140	if (ctl_lun == NULL) {
4141		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4142		lun_malloced = 1;
4143	} else {
4144		lun_malloced = 0;
4145		lun = ctl_lun;
4146	}
4147
4148	memset(lun, 0, sizeof(*lun));
4149	if (lun_malloced)
4150		lun->flags = CTL_LUN_MALLOCED;
4151
4152	/* Generate LUN ID. */
4153	devidlen = max(CTL_DEVID_MIN_LEN,
4154	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4155	idlen1 = sizeof(*t10id) + devidlen;
4156	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4157	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4158	if (scsiname != NULL) {
4159		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4160		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4161	}
4162	eui = ctl_get_opt(&be_lun->options, "eui");
4163	if (eui != NULL) {
4164		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4165	}
4166	naa = ctl_get_opt(&be_lun->options, "naa");
4167	if (naa != NULL) {
4168		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4169	}
4170	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4171	    M_CTL, M_WAITOK | M_ZERO);
4172	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4173	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4174	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4175	desc->length = idlen1;
4176	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4177	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4178	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4179		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4180	} else {
4181		strncpy(t10id->vendor, vendor,
4182		    min(sizeof(t10id->vendor), strlen(vendor)));
4183	}
4184	strncpy((char *)t10id->vendor_spec_id,
4185	    (char *)be_lun->device_id, devidlen);
4186	if (scsiname != NULL) {
4187		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4188		    desc->length);
4189		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4190		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4191		    SVPD_ID_TYPE_SCSI_NAME;
4192		desc->length = idlen2;
4193		strlcpy(desc->identifier, scsiname, idlen2);
4194	}
4195	if (eui != NULL) {
4196		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4197		    desc->length);
4198		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4199		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4200		    SVPD_ID_TYPE_EUI64;
4201		desc->length = hex2bin(eui, desc->identifier, 16);
4202		desc->length = desc->length > 12 ? 16 :
4203		    (desc->length > 8 ? 12 : 8);
4204		len -= 16 - desc->length;
4205	}
4206	if (naa != NULL) {
4207		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4208		    desc->length);
4209		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4210		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4211		    SVPD_ID_TYPE_NAA;
4212		desc->length = hex2bin(naa, desc->identifier, 16);
4213		desc->length = desc->length > 8 ? 16 : 8;
4214		len -= 16 - desc->length;
4215	}
4216	lun->lun_devid->len = len;
4217
4218	mtx_lock(&ctl_softc->ctl_lock);
4219	/*
4220	 * See if the caller requested a particular LUN number.  If so, see
4221	 * if it is available.  Otherwise, allocate the first available LUN.
4222	 */
4223	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4224		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4225		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4226			mtx_unlock(&ctl_softc->ctl_lock);
4227			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4228				printf("ctl: requested LUN ID %d is higher "
4229				       "than CTL_MAX_LUNS - 1 (%d)\n",
4230				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4231			} else {
4232				/*
4233				 * XXX KDM return an error, or just assign
4234				 * another LUN ID in this case??
4235				 */
4236				printf("ctl: requested LUN ID %d is already "
4237				       "in use\n", be_lun->req_lun_id);
4238			}
4239			if (lun->flags & CTL_LUN_MALLOCED)
4240				free(lun, M_CTL);
4241			be_lun->lun_config_status(be_lun->be_lun,
4242						  CTL_LUN_CONFIG_FAILURE);
4243			return (ENOSPC);
4244		}
4245		lun_number = be_lun->req_lun_id;
4246	} else {
4247		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4248		if (lun_number == -1) {
4249			mtx_unlock(&ctl_softc->ctl_lock);
4250			printf("ctl: can't allocate LUN, out of LUNs\n");
4251			if (lun->flags & CTL_LUN_MALLOCED)
4252				free(lun, M_CTL);
4253			be_lun->lun_config_status(be_lun->be_lun,
4254						  CTL_LUN_CONFIG_FAILURE);
4255			return (ENOSPC);
4256		}
4257	}
4258	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4259
4260	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4261	lun->lun = lun_number;
4262	lun->be_lun = be_lun;
4263	/*
4264	 * The processor LUN is always enabled.  Disk LUNs come on line
4265	 * disabled, and must be enabled by the backend.
4266	 */
4267	lun->flags |= CTL_LUN_DISABLED;
4268	lun->backend = be_lun->be;
4269	be_lun->ctl_lun = lun;
4270	be_lun->lun_id = lun_number;
4271	atomic_add_int(&be_lun->be->num_luns, 1);
4272	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4273		lun->flags |= CTL_LUN_OFFLINE;
4274
4275	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4276		lun->flags |= CTL_LUN_STOPPED;
4277
4278	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4279		lun->flags |= CTL_LUN_INOPERABLE;
4280
4281	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4282		lun->flags |= CTL_LUN_PRIMARY_SC;
4283
4284	lun->ctl_softc = ctl_softc;
4285#ifdef CTL_TIME_IO
4286	lun->last_busy = getsbinuptime();
4287#endif
4288	TAILQ_INIT(&lun->ooa_queue);
4289	TAILQ_INIT(&lun->blocked_queue);
4290	STAILQ_INIT(&lun->error_list);
4291	ctl_tpc_lun_init(lun);
4292
4293	/*
4294	 * Initialize the mode and log page index.
4295	 */
4296	ctl_init_page_index(lun);
4297	ctl_init_log_page_index(lun);
4298
4299	/*
4300	 * Now, before we insert this lun on the lun list, set the lun
4301	 * inventory changed UA for all other luns.
4302	 */
4303	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4304		mtx_lock(&nlun->lun_lock);
4305		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4306		mtx_unlock(&nlun->lun_lock);
4307	}
4308
4309	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4310
4311	ctl_softc->ctl_luns[lun_number] = lun;
4312
4313	ctl_softc->num_luns++;
4314
4315	/* Setup statistics gathering */
4316	lun->stats.device_type = be_lun->lun_type;
4317	lun->stats.lun_number = lun_number;
4318	if (lun->stats.device_type == T_DIRECT)
4319		lun->stats.blocksize = be_lun->blocksize;
4320	else
4321		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4322	for (i = 0;i < CTL_MAX_PORTS;i++)
4323		lun->stats.ports[i].targ_port = i;
4324
4325	mtx_unlock(&ctl_softc->ctl_lock);
4326
4327	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4328	return (0);
4329}
4330
4331/*
4332 * Delete a LUN.
4333 * Assumptions:
4334 * - LUN has already been marked invalid and any pending I/O has been taken
4335 *   care of.
4336 */
4337static int
4338ctl_free_lun(struct ctl_lun *lun)
4339{
4340	struct ctl_softc *softc;
4341	struct ctl_lun *nlun;
4342	int i;
4343
4344	softc = lun->ctl_softc;
4345
4346	mtx_assert(&softc->ctl_lock, MA_OWNED);
4347
4348	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4349
4350	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4351
4352	softc->ctl_luns[lun->lun] = NULL;
4353
4354	if (!TAILQ_EMPTY(&lun->ooa_queue))
4355		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4356
4357	softc->num_luns--;
4358
4359	/*
4360	 * Tell the backend to free resources, if this LUN has a backend.
4361	 */
4362	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4363	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4364
4365	ctl_tpc_lun_shutdown(lun);
4366	mtx_destroy(&lun->lun_lock);
4367	free(lun->lun_devid, M_CTL);
4368	for (i = 0; i < CTL_MAX_PORTS; i++)
4369		free(lun->pending_ua[i], M_CTL);
4370	for (i = 0; i < CTL_MAX_PORTS; i++)
4371		free(lun->pr_keys[i], M_CTL);
4372	free(lun->write_buffer, M_CTL);
4373	if (lun->flags & CTL_LUN_MALLOCED)
4374		free(lun, M_CTL);
4375
4376	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4377		mtx_lock(&nlun->lun_lock);
4378		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4379		mtx_unlock(&nlun->lun_lock);
4380	}
4381
4382	return (0);
4383}
4384
4385static void
4386ctl_create_lun(struct ctl_be_lun *be_lun)
4387{
4388	struct ctl_softc *softc;
4389
4390	softc = control_softc;
4391
4392	/*
4393	 * ctl_alloc_lun() should handle all potential failure cases.
4394	 */
4395	ctl_alloc_lun(softc, NULL, be_lun);
4396}
4397
4398int
4399ctl_add_lun(struct ctl_be_lun *be_lun)
4400{
4401	struct ctl_softc *softc = control_softc;
4402
4403	mtx_lock(&softc->ctl_lock);
4404	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4405	mtx_unlock(&softc->ctl_lock);
4406	wakeup(&softc->pending_lun_queue);
4407
4408	return (0);
4409}
4410
4411int
4412ctl_enable_lun(struct ctl_be_lun *be_lun)
4413{
4414	struct ctl_softc *softc;
4415	struct ctl_port *port, *nport;
4416	struct ctl_lun *lun;
4417	int retval;
4418
4419	lun = (struct ctl_lun *)be_lun->ctl_lun;
4420	softc = lun->ctl_softc;
4421
4422	mtx_lock(&softc->ctl_lock);
4423	mtx_lock(&lun->lun_lock);
4424	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4425		/*
4426		 * eh?  Why did we get called if the LUN is already
4427		 * enabled?
4428		 */
4429		mtx_unlock(&lun->lun_lock);
4430		mtx_unlock(&softc->ctl_lock);
4431		return (0);
4432	}
4433	lun->flags &= ~CTL_LUN_DISABLED;
4434	mtx_unlock(&lun->lun_lock);
4435
4436	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4437		nport = STAILQ_NEXT(port, links);
4438		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4439		    port->lun_map != NULL || port->lun_enable == NULL)
4440			continue;
4441
4442		/*
4443		 * Drop the lock while we call the FETD's enable routine.
4444		 * This can lead to a callback into CTL (at least in the
4445		 * case of the internal initiator frontend.
4446		 */
4447		mtx_unlock(&softc->ctl_lock);
4448		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4449		mtx_lock(&softc->ctl_lock);
4450		if (retval != 0) {
4451			printf("%s: FETD %s port %d returned error "
4452			       "%d for lun_enable on lun %jd\n",
4453			       __func__, port->port_name, port->targ_port,
4454			       retval, (intmax_t)lun->lun);
4455		}
4456	}
4457
4458	mtx_unlock(&softc->ctl_lock);
4459	ctl_isc_announce_lun(lun);
4460
4461	return (0);
4462}
4463
4464int
4465ctl_disable_lun(struct ctl_be_lun *be_lun)
4466{
4467	struct ctl_softc *softc;
4468	struct ctl_port *port;
4469	struct ctl_lun *lun;
4470	int retval;
4471
4472	lun = (struct ctl_lun *)be_lun->ctl_lun;
4473	softc = lun->ctl_softc;
4474
4475	mtx_lock(&softc->ctl_lock);
4476	mtx_lock(&lun->lun_lock);
4477	if (lun->flags & CTL_LUN_DISABLED) {
4478		mtx_unlock(&lun->lun_lock);
4479		mtx_unlock(&softc->ctl_lock);
4480		return (0);
4481	}
4482	lun->flags |= CTL_LUN_DISABLED;
4483	mtx_unlock(&lun->lun_lock);
4484
4485	STAILQ_FOREACH(port, &softc->port_list, links) {
4486		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4487		    port->lun_map != NULL || port->lun_disable == NULL)
4488			continue;
4489
4490		/*
4491		 * Drop the lock before we call the frontend's disable
4492		 * routine, to avoid lock order reversals.
4493		 *
4494		 * XXX KDM what happens if the frontend list changes while
4495		 * we're traversing it?  It's unlikely, but should be handled.
4496		 */
4497		mtx_unlock(&softc->ctl_lock);
4498		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4499		mtx_lock(&softc->ctl_lock);
4500		if (retval != 0) {
4501			printf("%s: FETD %s port %d returned error "
4502			       "%d for lun_disable on lun %jd\n",
4503			       __func__, port->port_name, port->targ_port,
4504			       retval, (intmax_t)lun->lun);
4505		}
4506	}
4507
4508	mtx_unlock(&softc->ctl_lock);
4509	ctl_isc_announce_lun(lun);
4510
4511	return (0);
4512}
4513
4514int
4515ctl_start_lun(struct ctl_be_lun *be_lun)
4516{
4517	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4518
4519	mtx_lock(&lun->lun_lock);
4520	lun->flags &= ~CTL_LUN_STOPPED;
4521	mtx_unlock(&lun->lun_lock);
4522	return (0);
4523}
4524
4525int
4526ctl_stop_lun(struct ctl_be_lun *be_lun)
4527{
4528	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4529
4530	mtx_lock(&lun->lun_lock);
4531	lun->flags |= CTL_LUN_STOPPED;
4532	mtx_unlock(&lun->lun_lock);
4533	return (0);
4534}
4535
4536int
4537ctl_lun_offline(struct ctl_be_lun *be_lun)
4538{
4539	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4540
4541	mtx_lock(&lun->lun_lock);
4542	lun->flags |= CTL_LUN_OFFLINE;
4543	mtx_unlock(&lun->lun_lock);
4544	return (0);
4545}
4546
4547int
4548ctl_lun_online(struct ctl_be_lun *be_lun)
4549{
4550	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4551
4552	mtx_lock(&lun->lun_lock);
4553	lun->flags &= ~CTL_LUN_OFFLINE;
4554	mtx_unlock(&lun->lun_lock);
4555	return (0);
4556}
4557
4558int
4559ctl_lun_primary(struct ctl_be_lun *be_lun)
4560{
4561	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4562
4563	mtx_lock(&lun->lun_lock);
4564	lun->flags |= CTL_LUN_PRIMARY_SC;
4565	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4566	mtx_unlock(&lun->lun_lock);
4567	ctl_isc_announce_lun(lun);
4568	return (0);
4569}
4570
4571int
4572ctl_lun_secondary(struct ctl_be_lun *be_lun)
4573{
4574	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4575
4576	mtx_lock(&lun->lun_lock);
4577	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4578	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4579	mtx_unlock(&lun->lun_lock);
4580	ctl_isc_announce_lun(lun);
4581	return (0);
4582}
4583
4584int
4585ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4586{
4587	struct ctl_softc *softc;
4588	struct ctl_lun *lun;
4589
4590	lun = (struct ctl_lun *)be_lun->ctl_lun;
4591	softc = lun->ctl_softc;
4592
4593	mtx_lock(&lun->lun_lock);
4594
4595	/*
4596	 * The LUN needs to be disabled before it can be marked invalid.
4597	 */
4598	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4599		mtx_unlock(&lun->lun_lock);
4600		return (-1);
4601	}
4602	/*
4603	 * Mark the LUN invalid.
4604	 */
4605	lun->flags |= CTL_LUN_INVALID;
4606
4607	/*
4608	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4609	 * If we have something in the OOA queue, we'll free it when the
4610	 * last I/O completes.
4611	 */
4612	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4613		mtx_unlock(&lun->lun_lock);
4614		mtx_lock(&softc->ctl_lock);
4615		ctl_free_lun(lun);
4616		mtx_unlock(&softc->ctl_lock);
4617	} else
4618		mtx_unlock(&lun->lun_lock);
4619
4620	return (0);
4621}
4622
4623int
4624ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4625{
4626	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4627
4628	mtx_lock(&lun->lun_lock);
4629	lun->flags |= CTL_LUN_INOPERABLE;
4630	mtx_unlock(&lun->lun_lock);
4631	return (0);
4632}
4633
4634int
4635ctl_lun_operable(struct ctl_be_lun *be_lun)
4636{
4637	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4638
4639	mtx_lock(&lun->lun_lock);
4640	lun->flags &= ~CTL_LUN_INOPERABLE;
4641	mtx_unlock(&lun->lun_lock);
4642	return (0);
4643}
4644
4645void
4646ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4647{
4648	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4649	union ctl_ha_msg msg;
4650
4651	mtx_lock(&lun->lun_lock);
4652	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4653	mtx_unlock(&lun->lun_lock);
4654	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4655		/* Send msg to other side. */
4656		bzero(&msg.ua, sizeof(msg.ua));
4657		msg.hdr.msg_type = CTL_MSG_UA;
4658		msg.hdr.nexus.initid = -1;
4659		msg.hdr.nexus.targ_port = -1;
4660		msg.hdr.nexus.targ_lun = lun->lun;
4661		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4662		msg.ua.ua_all = 1;
4663		msg.ua.ua_set = 1;
4664		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4665		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4666		    M_WAITOK);
4667	}
4668}
4669
4670/*
4671 * Backend "memory move is complete" callback for requests that never
4672 * make it down to say RAIDCore's configuration code.
4673 */
4674int
4675ctl_config_move_done(union ctl_io *io)
4676{
4677	int retval;
4678
4679	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4680	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4681	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4682
4683	if ((io->io_hdr.port_status != 0) &&
4684	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4685	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4686		/*
4687		 * For hardware error sense keys, the sense key
4688		 * specific value is defined to be a retry count,
4689		 * but we use it to pass back an internal FETD
4690		 * error code.  XXX KDM  Hopefully the FETD is only
4691		 * using 16 bits for an error code, since that's
4692		 * all the space we have in the sks field.
4693		 */
4694		ctl_set_internal_failure(&io->scsiio,
4695					 /*sks_valid*/ 1,
4696					 /*retry_count*/
4697					 io->io_hdr.port_status);
4698	}
4699
4700	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4701		ctl_data_print(io);
4702	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4703	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4704	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4705	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4706		/*
4707		 * XXX KDM just assuming a single pointer here, and not a
4708		 * S/G list.  If we start using S/G lists for config data,
4709		 * we'll need to know how to clean them up here as well.
4710		 */
4711		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4712			free(io->scsiio.kern_data_ptr, M_CTL);
4713		ctl_done(io);
4714		retval = CTL_RETVAL_COMPLETE;
4715	} else {
4716		/*
4717		 * XXX KDM now we need to continue data movement.  Some
4718		 * options:
4719		 * - call ctl_scsiio() again?  We don't do this for data
4720		 *   writes, because for those at least we know ahead of
4721		 *   time where the write will go and how long it is.  For
4722		 *   config writes, though, that information is largely
4723		 *   contained within the write itself, thus we need to
4724		 *   parse out the data again.
4725		 *
4726		 * - Call some other function once the data is in?
4727		 */
4728
4729		/*
4730		 * XXX KDM call ctl_scsiio() again for now, and check flag
4731		 * bits to see whether we're allocated or not.
4732		 */
4733		retval = ctl_scsiio(&io->scsiio);
4734	}
4735	return (retval);
4736}
4737
4738/*
4739 * This gets called by a backend driver when it is done with a
4740 * data_submit method.
4741 */
4742void
4743ctl_data_submit_done(union ctl_io *io)
4744{
4745	/*
4746	 * If the IO_CONT flag is set, we need to call the supplied
4747	 * function to continue processing the I/O, instead of completing
4748	 * the I/O just yet.
4749	 *
4750	 * If there is an error, though, we don't want to keep processing.
4751	 * Instead, just send status back to the initiator.
4752	 */
4753	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4754	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4755	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4756	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4757		io->scsiio.io_cont(io);
4758		return;
4759	}
4760	ctl_done(io);
4761}
4762
4763/*
4764 * This gets called by a backend driver when it is done with a
4765 * configuration write.
4766 */
4767void
4768ctl_config_write_done(union ctl_io *io)
4769{
4770	uint8_t *buf;
4771
4772	/*
4773	 * If the IO_CONT flag is set, we need to call the supplied
4774	 * function to continue processing the I/O, instead of completing
4775	 * the I/O just yet.
4776	 *
4777	 * If there is an error, though, we don't want to keep processing.
4778	 * Instead, just send status back to the initiator.
4779	 */
4780	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4781	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4782	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4783	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4784		io->scsiio.io_cont(io);
4785		return;
4786	}
4787	/*
4788	 * Since a configuration write can be done for commands that actually
4789	 * have data allocated, like write buffer, and commands that have
4790	 * no data, like start/stop unit, we need to check here.
4791	 */
4792	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4793		buf = io->scsiio.kern_data_ptr;
4794	else
4795		buf = NULL;
4796	ctl_done(io);
4797	if (buf)
4798		free(buf, M_CTL);
4799}
4800
4801void
4802ctl_config_read_done(union ctl_io *io)
4803{
4804	uint8_t *buf;
4805
4806	/*
4807	 * If there is some error -- we are done, skip data transfer.
4808	 */
4809	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4810	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4811	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4812		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4813			buf = io->scsiio.kern_data_ptr;
4814		else
4815			buf = NULL;
4816		ctl_done(io);
4817		if (buf)
4818			free(buf, M_CTL);
4819		return;
4820	}
4821
4822	/*
4823	 * If the IO_CONT flag is set, we need to call the supplied
4824	 * function to continue processing the I/O, instead of completing
4825	 * the I/O just yet.
4826	 */
4827	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4828		io->scsiio.io_cont(io);
4829		return;
4830	}
4831
4832	ctl_datamove(io);
4833}
4834
4835/*
4836 * SCSI release command.
4837 */
4838int
4839ctl_scsi_release(struct ctl_scsiio *ctsio)
4840{
4841	int length, longid, thirdparty_id, resv_id;
4842	struct ctl_lun *lun;
4843	uint32_t residx;
4844
4845	length = 0;
4846	resv_id = 0;
4847
4848	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4849
4850	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4851	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4852
4853	switch (ctsio->cdb[0]) {
4854	case RELEASE_10: {
4855		struct scsi_release_10 *cdb;
4856
4857		cdb = (struct scsi_release_10 *)ctsio->cdb;
4858
4859		if (cdb->byte2 & SR10_LONGID)
4860			longid = 1;
4861		else
4862			thirdparty_id = cdb->thirdparty_id;
4863
4864		resv_id = cdb->resv_id;
4865		length = scsi_2btoul(cdb->length);
4866		break;
4867	}
4868	}
4869
4870
4871	/*
4872	 * XXX KDM right now, we only support LUN reservation.  We don't
4873	 * support 3rd party reservations, or extent reservations, which
4874	 * might actually need the parameter list.  If we've gotten this
4875	 * far, we've got a LUN reservation.  Anything else got kicked out
4876	 * above.  So, according to SPC, ignore the length.
4877	 */
4878	length = 0;
4879
4880	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4881	 && (length > 0)) {
4882		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4883		ctsio->kern_data_len = length;
4884		ctsio->kern_total_len = length;
4885		ctsio->kern_data_resid = 0;
4886		ctsio->kern_rel_offset = 0;
4887		ctsio->kern_sg_entries = 0;
4888		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4889		ctsio->be_move_done = ctl_config_move_done;
4890		ctl_datamove((union ctl_io *)ctsio);
4891
4892		return (CTL_RETVAL_COMPLETE);
4893	}
4894
4895	if (length > 0)
4896		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4897
4898	mtx_lock(&lun->lun_lock);
4899
4900	/*
4901	 * According to SPC, it is not an error for an intiator to attempt
4902	 * to release a reservation on a LUN that isn't reserved, or that
4903	 * is reserved by another initiator.  The reservation can only be
4904	 * released, though, by the initiator who made it or by one of
4905	 * several reset type events.
4906	 */
4907	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
4908			lun->flags &= ~CTL_LUN_RESERVED;
4909
4910	mtx_unlock(&lun->lun_lock);
4911
4912	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4913		free(ctsio->kern_data_ptr, M_CTL);
4914		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4915	}
4916
4917	ctl_set_success(ctsio);
4918	ctl_done((union ctl_io *)ctsio);
4919	return (CTL_RETVAL_COMPLETE);
4920}
4921
4922int
4923ctl_scsi_reserve(struct ctl_scsiio *ctsio)
4924{
4925	int extent, thirdparty, longid;
4926	int resv_id, length;
4927	uint64_t thirdparty_id;
4928	struct ctl_lun *lun;
4929	uint32_t residx;
4930
4931	extent = 0;
4932	thirdparty = 0;
4933	longid = 0;
4934	resv_id = 0;
4935	length = 0;
4936	thirdparty_id = 0;
4937
4938	CTL_DEBUG_PRINT(("ctl_reserve\n"));
4939
4940	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4941	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4942
4943	switch (ctsio->cdb[0]) {
4944	case RESERVE_10: {
4945		struct scsi_reserve_10 *cdb;
4946
4947		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
4948
4949		if (cdb->byte2 & SR10_LONGID)
4950			longid = 1;
4951		else
4952			thirdparty_id = cdb->thirdparty_id;
4953
4954		resv_id = cdb->resv_id;
4955		length = scsi_2btoul(cdb->length);
4956		break;
4957	}
4958	}
4959
4960	/*
4961	 * XXX KDM right now, we only support LUN reservation.  We don't
4962	 * support 3rd party reservations, or extent reservations, which
4963	 * might actually need the parameter list.  If we've gotten this
4964	 * far, we've got a LUN reservation.  Anything else got kicked out
4965	 * above.  So, according to SPC, ignore the length.
4966	 */
4967	length = 0;
4968
4969	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4970	 && (length > 0)) {
4971		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4972		ctsio->kern_data_len = length;
4973		ctsio->kern_total_len = length;
4974		ctsio->kern_data_resid = 0;
4975		ctsio->kern_rel_offset = 0;
4976		ctsio->kern_sg_entries = 0;
4977		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4978		ctsio->be_move_done = ctl_config_move_done;
4979		ctl_datamove((union ctl_io *)ctsio);
4980
4981		return (CTL_RETVAL_COMPLETE);
4982	}
4983
4984	if (length > 0)
4985		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4986
4987	mtx_lock(&lun->lun_lock);
4988	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
4989		ctl_set_reservation_conflict(ctsio);
4990		goto bailout;
4991	}
4992
4993	lun->flags |= CTL_LUN_RESERVED;
4994	lun->res_idx = residx;
4995
4996	ctl_set_success(ctsio);
4997
4998bailout:
4999	mtx_unlock(&lun->lun_lock);
5000
5001	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5002		free(ctsio->kern_data_ptr, M_CTL);
5003		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5004	}
5005
5006	ctl_done((union ctl_io *)ctsio);
5007	return (CTL_RETVAL_COMPLETE);
5008}
5009
5010int
5011ctl_start_stop(struct ctl_scsiio *ctsio)
5012{
5013	struct scsi_start_stop_unit *cdb;
5014	struct ctl_lun *lun;
5015	int retval;
5016
5017	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5018
5019	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5020	retval = 0;
5021
5022	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5023
5024	/*
5025	 * XXX KDM
5026	 * We don't support the immediate bit on a stop unit.  In order to
5027	 * do that, we would need to code up a way to know that a stop is
5028	 * pending, and hold off any new commands until it completes, one
5029	 * way or another.  Then we could accept or reject those commands
5030	 * depending on its status.  We would almost need to do the reverse
5031	 * of what we do below for an immediate start -- return the copy of
5032	 * the ctl_io to the FETD with status to send to the host (and to
5033	 * free the copy!) and then free the original I/O once the stop
5034	 * actually completes.  That way, the OOA queue mechanism can work
5035	 * to block commands that shouldn't proceed.  Another alternative
5036	 * would be to put the copy in the queue in place of the original,
5037	 * and return the original back to the caller.  That could be
5038	 * slightly safer..
5039	 */
5040	if ((cdb->byte2 & SSS_IMMED)
5041	 && ((cdb->how & SSS_START) == 0)) {
5042		ctl_set_invalid_field(ctsio,
5043				      /*sks_valid*/ 1,
5044				      /*command*/ 1,
5045				      /*field*/ 1,
5046				      /*bit_valid*/ 1,
5047				      /*bit*/ 0);
5048		ctl_done((union ctl_io *)ctsio);
5049		return (CTL_RETVAL_COMPLETE);
5050	}
5051
5052	if ((lun->flags & CTL_LUN_PR_RESERVED)
5053	 && ((cdb->how & SSS_START)==0)) {
5054		uint32_t residx;
5055
5056		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5057		if (ctl_get_prkey(lun, residx) == 0
5058		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5059
5060			ctl_set_reservation_conflict(ctsio);
5061			ctl_done((union ctl_io *)ctsio);
5062			return (CTL_RETVAL_COMPLETE);
5063		}
5064	}
5065
5066	/*
5067	 * If there is no backend on this device, we can't start or stop
5068	 * it.  In theory we shouldn't get any start/stop commands in the
5069	 * first place at this level if the LUN doesn't have a backend.
5070	 * That should get stopped by the command decode code.
5071	 */
5072	if (lun->backend == NULL) {
5073		ctl_set_invalid_opcode(ctsio);
5074		ctl_done((union ctl_io *)ctsio);
5075		return (CTL_RETVAL_COMPLETE);
5076	}
5077
5078	/*
5079	 * XXX KDM Copan-specific offline behavior.
5080	 * Figure out a reasonable way to port this?
5081	 */
5082#ifdef NEEDTOPORT
5083	mtx_lock(&lun->lun_lock);
5084
5085	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5086	 && (lun->flags & CTL_LUN_OFFLINE)) {
5087		/*
5088		 * If the LUN is offline, and the on/offline bit isn't set,
5089		 * reject the start or stop.  Otherwise, let it through.
5090		 */
5091		mtx_unlock(&lun->lun_lock);
5092		ctl_set_lun_not_ready(ctsio);
5093		ctl_done((union ctl_io *)ctsio);
5094	} else {
5095		mtx_unlock(&lun->lun_lock);
5096#endif /* NEEDTOPORT */
5097		/*
5098		 * This could be a start or a stop when we're online,
5099		 * or a stop/offline or start/online.  A start or stop when
5100		 * we're offline is covered in the case above.
5101		 */
5102		/*
5103		 * In the non-immediate case, we send the request to
5104		 * the backend and return status to the user when
5105		 * it is done.
5106		 *
5107		 * In the immediate case, we allocate a new ctl_io
5108		 * to hold a copy of the request, and send that to
5109		 * the backend.  We then set good status on the
5110		 * user's request and return it immediately.
5111		 */
5112		if (cdb->byte2 & SSS_IMMED) {
5113			union ctl_io *new_io;
5114
5115			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5116			ctl_copy_io((union ctl_io *)ctsio, new_io);
5117			retval = lun->backend->config_write(new_io);
5118			ctl_set_success(ctsio);
5119			ctl_done((union ctl_io *)ctsio);
5120		} else {
5121			retval = lun->backend->config_write(
5122				(union ctl_io *)ctsio);
5123		}
5124#ifdef NEEDTOPORT
5125	}
5126#endif
5127	return (retval);
5128}
5129
5130/*
5131 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5132 * we don't really do anything with the LBA and length fields if the user
5133 * passes them in.  Instead we'll just flush out the cache for the entire
5134 * LUN.
5135 */
5136int
5137ctl_sync_cache(struct ctl_scsiio *ctsio)
5138{
5139	struct ctl_lun *lun;
5140	struct ctl_softc *softc;
5141	struct ctl_lba_len_flags *lbalen;
5142	uint64_t starting_lba;
5143	uint32_t block_count;
5144	int retval;
5145	uint8_t byte2;
5146
5147	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5148
5149	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5150	softc = lun->ctl_softc;
5151	retval = 0;
5152
5153	switch (ctsio->cdb[0]) {
5154	case SYNCHRONIZE_CACHE: {
5155		struct scsi_sync_cache *cdb;
5156		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5157
5158		starting_lba = scsi_4btoul(cdb->begin_lba);
5159		block_count = scsi_2btoul(cdb->lb_count);
5160		byte2 = cdb->byte2;
5161		break;
5162	}
5163	case SYNCHRONIZE_CACHE_16: {
5164		struct scsi_sync_cache_16 *cdb;
5165		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5166
5167		starting_lba = scsi_8btou64(cdb->begin_lba);
5168		block_count = scsi_4btoul(cdb->lb_count);
5169		byte2 = cdb->byte2;
5170		break;
5171	}
5172	default:
5173		ctl_set_invalid_opcode(ctsio);
5174		ctl_done((union ctl_io *)ctsio);
5175		goto bailout;
5176		break; /* NOTREACHED */
5177	}
5178
5179	/*
5180	 * We check the LBA and length, but don't do anything with them.
5181	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5182	 * get flushed.  This check will just help satisfy anyone who wants
5183	 * to see an error for an out of range LBA.
5184	 */
5185	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5186		ctl_set_lba_out_of_range(ctsio);
5187		ctl_done((union ctl_io *)ctsio);
5188		goto bailout;
5189	}
5190
5191	/*
5192	 * If this LUN has no backend, we can't flush the cache anyway.
5193	 */
5194	if (lun->backend == NULL) {
5195		ctl_set_invalid_opcode(ctsio);
5196		ctl_done((union ctl_io *)ctsio);
5197		goto bailout;
5198	}
5199
5200	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5201	lbalen->lba = starting_lba;
5202	lbalen->len = block_count;
5203	lbalen->flags = byte2;
5204
5205	/*
5206	 * Check to see whether we're configured to send the SYNCHRONIZE
5207	 * CACHE command directly to the back end.
5208	 */
5209	mtx_lock(&lun->lun_lock);
5210	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5211	 && (++(lun->sync_count) >= lun->sync_interval)) {
5212		lun->sync_count = 0;
5213		mtx_unlock(&lun->lun_lock);
5214		retval = lun->backend->config_write((union ctl_io *)ctsio);
5215	} else {
5216		mtx_unlock(&lun->lun_lock);
5217		ctl_set_success(ctsio);
5218		ctl_done((union ctl_io *)ctsio);
5219	}
5220
5221bailout:
5222
5223	return (retval);
5224}
5225
5226int
5227ctl_format(struct ctl_scsiio *ctsio)
5228{
5229	struct scsi_format *cdb;
5230	struct ctl_lun *lun;
5231	int length, defect_list_len;
5232
5233	CTL_DEBUG_PRINT(("ctl_format\n"));
5234
5235	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5236
5237	cdb = (struct scsi_format *)ctsio->cdb;
5238
5239	length = 0;
5240	if (cdb->byte2 & SF_FMTDATA) {
5241		if (cdb->byte2 & SF_LONGLIST)
5242			length = sizeof(struct scsi_format_header_long);
5243		else
5244			length = sizeof(struct scsi_format_header_short);
5245	}
5246
5247	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5248	 && (length > 0)) {
5249		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5250		ctsio->kern_data_len = length;
5251		ctsio->kern_total_len = length;
5252		ctsio->kern_data_resid = 0;
5253		ctsio->kern_rel_offset = 0;
5254		ctsio->kern_sg_entries = 0;
5255		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5256		ctsio->be_move_done = ctl_config_move_done;
5257		ctl_datamove((union ctl_io *)ctsio);
5258
5259		return (CTL_RETVAL_COMPLETE);
5260	}
5261
5262	defect_list_len = 0;
5263
5264	if (cdb->byte2 & SF_FMTDATA) {
5265		if (cdb->byte2 & SF_LONGLIST) {
5266			struct scsi_format_header_long *header;
5267
5268			header = (struct scsi_format_header_long *)
5269				ctsio->kern_data_ptr;
5270
5271			defect_list_len = scsi_4btoul(header->defect_list_len);
5272			if (defect_list_len != 0) {
5273				ctl_set_invalid_field(ctsio,
5274						      /*sks_valid*/ 1,
5275						      /*command*/ 0,
5276						      /*field*/ 2,
5277						      /*bit_valid*/ 0,
5278						      /*bit*/ 0);
5279				goto bailout;
5280			}
5281		} else {
5282			struct scsi_format_header_short *header;
5283
5284			header = (struct scsi_format_header_short *)
5285				ctsio->kern_data_ptr;
5286
5287			defect_list_len = scsi_2btoul(header->defect_list_len);
5288			if (defect_list_len != 0) {
5289				ctl_set_invalid_field(ctsio,
5290						      /*sks_valid*/ 1,
5291						      /*command*/ 0,
5292						      /*field*/ 2,
5293						      /*bit_valid*/ 0,
5294						      /*bit*/ 0);
5295				goto bailout;
5296			}
5297		}
5298	}
5299
5300	/*
5301	 * The format command will clear out the "Medium format corrupted"
5302	 * status if set by the configuration code.  That status is really
5303	 * just a way to notify the host that we have lost the media, and
5304	 * get them to issue a command that will basically make them think
5305	 * they're blowing away the media.
5306	 */
5307	mtx_lock(&lun->lun_lock);
5308	lun->flags &= ~CTL_LUN_INOPERABLE;
5309	mtx_unlock(&lun->lun_lock);
5310
5311	ctl_set_success(ctsio);
5312bailout:
5313
5314	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5315		free(ctsio->kern_data_ptr, M_CTL);
5316		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5317	}
5318
5319	ctl_done((union ctl_io *)ctsio);
5320	return (CTL_RETVAL_COMPLETE);
5321}
5322
5323int
5324ctl_read_buffer(struct ctl_scsiio *ctsio)
5325{
5326	struct scsi_read_buffer *cdb;
5327	struct ctl_lun *lun;
5328	int buffer_offset, len;
5329	static uint8_t descr[4];
5330	static uint8_t echo_descr[4] = { 0 };
5331
5332	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5333
5334	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5335	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5336
5337	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5338	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5339	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5340		ctl_set_invalid_field(ctsio,
5341				      /*sks_valid*/ 1,
5342				      /*command*/ 1,
5343				      /*field*/ 1,
5344				      /*bit_valid*/ 1,
5345				      /*bit*/ 4);
5346		ctl_done((union ctl_io *)ctsio);
5347		return (CTL_RETVAL_COMPLETE);
5348	}
5349
5350	len = scsi_3btoul(cdb->length);
5351	buffer_offset = scsi_3btoul(cdb->offset);
5352
5353	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5354		ctl_set_invalid_field(ctsio,
5355				      /*sks_valid*/ 1,
5356				      /*command*/ 1,
5357				      /*field*/ 6,
5358				      /*bit_valid*/ 0,
5359				      /*bit*/ 0);
5360		ctl_done((union ctl_io *)ctsio);
5361		return (CTL_RETVAL_COMPLETE);
5362	}
5363
5364	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5365		descr[0] = 0;
5366		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5367		ctsio->kern_data_ptr = descr;
5368		len = min(len, sizeof(descr));
5369	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5370		ctsio->kern_data_ptr = echo_descr;
5371		len = min(len, sizeof(echo_descr));
5372	} else {
5373		if (lun->write_buffer == NULL) {
5374			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5375			    M_CTL, M_WAITOK);
5376		}
5377		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5378	}
5379	ctsio->kern_data_len = len;
5380	ctsio->kern_total_len = len;
5381	ctsio->kern_data_resid = 0;
5382	ctsio->kern_rel_offset = 0;
5383	ctsio->kern_sg_entries = 0;
5384	ctl_set_success(ctsio);
5385	ctsio->be_move_done = ctl_config_move_done;
5386	ctl_datamove((union ctl_io *)ctsio);
5387	return (CTL_RETVAL_COMPLETE);
5388}
5389
5390int
5391ctl_write_buffer(struct ctl_scsiio *ctsio)
5392{
5393	struct scsi_write_buffer *cdb;
5394	struct ctl_lun *lun;
5395	int buffer_offset, len;
5396
5397	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5398
5399	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5400	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5401
5402	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5403		ctl_set_invalid_field(ctsio,
5404				      /*sks_valid*/ 1,
5405				      /*command*/ 1,
5406				      /*field*/ 1,
5407				      /*bit_valid*/ 1,
5408				      /*bit*/ 4);
5409		ctl_done((union ctl_io *)ctsio);
5410		return (CTL_RETVAL_COMPLETE);
5411	}
5412
5413	len = scsi_3btoul(cdb->length);
5414	buffer_offset = scsi_3btoul(cdb->offset);
5415
5416	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5417		ctl_set_invalid_field(ctsio,
5418				      /*sks_valid*/ 1,
5419				      /*command*/ 1,
5420				      /*field*/ 6,
5421				      /*bit_valid*/ 0,
5422				      /*bit*/ 0);
5423		ctl_done((union ctl_io *)ctsio);
5424		return (CTL_RETVAL_COMPLETE);
5425	}
5426
5427	/*
5428	 * If we've got a kernel request that hasn't been malloced yet,
5429	 * malloc it and tell the caller the data buffer is here.
5430	 */
5431	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5432		if (lun->write_buffer == NULL) {
5433			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5434			    M_CTL, M_WAITOK);
5435		}
5436		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5437		ctsio->kern_data_len = len;
5438		ctsio->kern_total_len = len;
5439		ctsio->kern_data_resid = 0;
5440		ctsio->kern_rel_offset = 0;
5441		ctsio->kern_sg_entries = 0;
5442		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5443		ctsio->be_move_done = ctl_config_move_done;
5444		ctl_datamove((union ctl_io *)ctsio);
5445
5446		return (CTL_RETVAL_COMPLETE);
5447	}
5448
5449	ctl_set_success(ctsio);
5450	ctl_done((union ctl_io *)ctsio);
5451	return (CTL_RETVAL_COMPLETE);
5452}
5453
5454int
5455ctl_write_same(struct ctl_scsiio *ctsio)
5456{
5457	struct ctl_lun *lun;
5458	struct ctl_lba_len_flags *lbalen;
5459	uint64_t lba;
5460	uint32_t num_blocks;
5461	int len, retval;
5462	uint8_t byte2;
5463
5464	retval = CTL_RETVAL_COMPLETE;
5465
5466	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5467
5468	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5469
5470	switch (ctsio->cdb[0]) {
5471	case WRITE_SAME_10: {
5472		struct scsi_write_same_10 *cdb;
5473
5474		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5475
5476		lba = scsi_4btoul(cdb->addr);
5477		num_blocks = scsi_2btoul(cdb->length);
5478		byte2 = cdb->byte2;
5479		break;
5480	}
5481	case WRITE_SAME_16: {
5482		struct scsi_write_same_16 *cdb;
5483
5484		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5485
5486		lba = scsi_8btou64(cdb->addr);
5487		num_blocks = scsi_4btoul(cdb->length);
5488		byte2 = cdb->byte2;
5489		break;
5490	}
5491	default:
5492		/*
5493		 * We got a command we don't support.  This shouldn't
5494		 * happen, commands should be filtered out above us.
5495		 */
5496		ctl_set_invalid_opcode(ctsio);
5497		ctl_done((union ctl_io *)ctsio);
5498
5499		return (CTL_RETVAL_COMPLETE);
5500		break; /* NOTREACHED */
5501	}
5502
5503	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5504	if ((byte2 & SWS_UNMAP) == 0 &&
5505	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5506		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5507		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5508		ctl_done((union ctl_io *)ctsio);
5509		return (CTL_RETVAL_COMPLETE);
5510	}
5511
5512	/*
5513	 * The first check is to make sure we're in bounds, the second
5514	 * check is to catch wrap-around problems.  If the lba + num blocks
5515	 * is less than the lba, then we've wrapped around and the block
5516	 * range is invalid anyway.
5517	 */
5518	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5519	 || ((lba + num_blocks) < lba)) {
5520		ctl_set_lba_out_of_range(ctsio);
5521		ctl_done((union ctl_io *)ctsio);
5522		return (CTL_RETVAL_COMPLETE);
5523	}
5524
5525	/* Zero number of blocks means "to the last logical block" */
5526	if (num_blocks == 0) {
5527		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5528			ctl_set_invalid_field(ctsio,
5529					      /*sks_valid*/ 0,
5530					      /*command*/ 1,
5531					      /*field*/ 0,
5532					      /*bit_valid*/ 0,
5533					      /*bit*/ 0);
5534			ctl_done((union ctl_io *)ctsio);
5535			return (CTL_RETVAL_COMPLETE);
5536		}
5537		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5538	}
5539
5540	len = lun->be_lun->blocksize;
5541
5542	/*
5543	 * If we've got a kernel request that hasn't been malloced yet,
5544	 * malloc it and tell the caller the data buffer is here.
5545	 */
5546	if ((byte2 & SWS_NDOB) == 0 &&
5547	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5548		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5549		ctsio->kern_data_len = len;
5550		ctsio->kern_total_len = len;
5551		ctsio->kern_data_resid = 0;
5552		ctsio->kern_rel_offset = 0;
5553		ctsio->kern_sg_entries = 0;
5554		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5555		ctsio->be_move_done = ctl_config_move_done;
5556		ctl_datamove((union ctl_io *)ctsio);
5557
5558		return (CTL_RETVAL_COMPLETE);
5559	}
5560
5561	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5562	lbalen->lba = lba;
5563	lbalen->len = num_blocks;
5564	lbalen->flags = byte2;
5565	retval = lun->backend->config_write((union ctl_io *)ctsio);
5566
5567	return (retval);
5568}
5569
5570int
5571ctl_unmap(struct ctl_scsiio *ctsio)
5572{
5573	struct ctl_lun *lun;
5574	struct scsi_unmap *cdb;
5575	struct ctl_ptr_len_flags *ptrlen;
5576	struct scsi_unmap_header *hdr;
5577	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5578	uint64_t lba;
5579	uint32_t num_blocks;
5580	int len, retval;
5581	uint8_t byte2;
5582
5583	retval = CTL_RETVAL_COMPLETE;
5584
5585	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5586
5587	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5588	cdb = (struct scsi_unmap *)ctsio->cdb;
5589
5590	len = scsi_2btoul(cdb->length);
5591	byte2 = cdb->byte2;
5592
5593	/*
5594	 * If we've got a kernel request that hasn't been malloced yet,
5595	 * malloc it and tell the caller the data buffer is here.
5596	 */
5597	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5598		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5599		ctsio->kern_data_len = len;
5600		ctsio->kern_total_len = len;
5601		ctsio->kern_data_resid = 0;
5602		ctsio->kern_rel_offset = 0;
5603		ctsio->kern_sg_entries = 0;
5604		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5605		ctsio->be_move_done = ctl_config_move_done;
5606		ctl_datamove((union ctl_io *)ctsio);
5607
5608		return (CTL_RETVAL_COMPLETE);
5609	}
5610
5611	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5612	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5613	if (len < sizeof (*hdr) ||
5614	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5615	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5616	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5617		ctl_set_invalid_field(ctsio,
5618				      /*sks_valid*/ 0,
5619				      /*command*/ 0,
5620				      /*field*/ 0,
5621				      /*bit_valid*/ 0,
5622				      /*bit*/ 0);
5623		goto done;
5624	}
5625	len = scsi_2btoul(hdr->desc_length);
5626	buf = (struct scsi_unmap_desc *)(hdr + 1);
5627	end = buf + len / sizeof(*buf);
5628
5629	endnz = buf;
5630	for (range = buf; range < end; range++) {
5631		lba = scsi_8btou64(range->lba);
5632		num_blocks = scsi_4btoul(range->length);
5633		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5634		 || ((lba + num_blocks) < lba)) {
5635			ctl_set_lba_out_of_range(ctsio);
5636			ctl_done((union ctl_io *)ctsio);
5637			return (CTL_RETVAL_COMPLETE);
5638		}
5639		if (num_blocks != 0)
5640			endnz = range + 1;
5641	}
5642
5643	/*
5644	 * Block backend can not handle zero last range.
5645	 * Filter it out and return if there is nothing left.
5646	 */
5647	len = (uint8_t *)endnz - (uint8_t *)buf;
5648	if (len == 0) {
5649		ctl_set_success(ctsio);
5650		goto done;
5651	}
5652
5653	mtx_lock(&lun->lun_lock);
5654	ptrlen = (struct ctl_ptr_len_flags *)
5655	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5656	ptrlen->ptr = (void *)buf;
5657	ptrlen->len = len;
5658	ptrlen->flags = byte2;
5659	ctl_check_blocked(lun);
5660	mtx_unlock(&lun->lun_lock);
5661
5662	retval = lun->backend->config_write((union ctl_io *)ctsio);
5663	return (retval);
5664
5665done:
5666	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5667		free(ctsio->kern_data_ptr, M_CTL);
5668		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5669	}
5670	ctl_done((union ctl_io *)ctsio);
5671	return (CTL_RETVAL_COMPLETE);
5672}
5673
5674/*
5675 * Note that this function currently doesn't actually do anything inside
5676 * CTL to enforce things if the DQue bit is turned on.
5677 *
5678 * Also note that this function can't be used in the default case, because
5679 * the DQue bit isn't set in the changeable mask for the control mode page
5680 * anyway.  This is just here as an example for how to implement a page
5681 * handler, and a placeholder in case we want to allow the user to turn
5682 * tagged queueing on and off.
5683 *
5684 * The D_SENSE bit handling is functional, however, and will turn
5685 * descriptor sense on and off for a given LUN.
5686 */
5687int
5688ctl_control_page_handler(struct ctl_scsiio *ctsio,
5689			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5690{
5691	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5692	struct ctl_lun *lun;
5693	int set_ua;
5694	uint32_t initidx;
5695
5696	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5697	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5698	set_ua = 0;
5699
5700	user_cp = (struct scsi_control_page *)page_ptr;
5701	current_cp = (struct scsi_control_page *)
5702		(page_index->page_data + (page_index->page_len *
5703		CTL_PAGE_CURRENT));
5704	saved_cp = (struct scsi_control_page *)
5705		(page_index->page_data + (page_index->page_len *
5706		CTL_PAGE_SAVED));
5707
5708	mtx_lock(&lun->lun_lock);
5709	if (((current_cp->rlec & SCP_DSENSE) == 0)
5710	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5711		/*
5712		 * Descriptor sense is currently turned off and the user
5713		 * wants to turn it on.
5714		 */
5715		current_cp->rlec |= SCP_DSENSE;
5716		saved_cp->rlec |= SCP_DSENSE;
5717		lun->flags |= CTL_LUN_SENSE_DESC;
5718		set_ua = 1;
5719	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5720		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5721		/*
5722		 * Descriptor sense is currently turned on, and the user
5723		 * wants to turn it off.
5724		 */
5725		current_cp->rlec &= ~SCP_DSENSE;
5726		saved_cp->rlec &= ~SCP_DSENSE;
5727		lun->flags &= ~CTL_LUN_SENSE_DESC;
5728		set_ua = 1;
5729	}
5730	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5731	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5732		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5733		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5734		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5735		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5736		set_ua = 1;
5737	}
5738	if ((current_cp->eca_and_aen & SCP_SWP) !=
5739	    (user_cp->eca_and_aen & SCP_SWP)) {
5740		current_cp->eca_and_aen &= ~SCP_SWP;
5741		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5742		saved_cp->eca_and_aen &= ~SCP_SWP;
5743		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5744		set_ua = 1;
5745	}
5746	if (set_ua != 0)
5747		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5748	mtx_unlock(&lun->lun_lock);
5749
5750	return (0);
5751}
5752
5753int
5754ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5755		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5756{
5757	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5758	struct ctl_lun *lun;
5759	int set_ua;
5760	uint32_t initidx;
5761
5762	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5763	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5764	set_ua = 0;
5765
5766	user_cp = (struct scsi_caching_page *)page_ptr;
5767	current_cp = (struct scsi_caching_page *)
5768		(page_index->page_data + (page_index->page_len *
5769		CTL_PAGE_CURRENT));
5770	saved_cp = (struct scsi_caching_page *)
5771		(page_index->page_data + (page_index->page_len *
5772		CTL_PAGE_SAVED));
5773
5774	mtx_lock(&lun->lun_lock);
5775	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5776	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5777		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5778		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5779		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5780		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5781		set_ua = 1;
5782	}
5783	if (set_ua != 0)
5784		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5785	mtx_unlock(&lun->lun_lock);
5786
5787	return (0);
5788}
5789
5790int
5791ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5792				struct ctl_page_index *page_index,
5793				uint8_t *page_ptr)
5794{
5795	uint8_t *c;
5796	int i;
5797
5798	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5799	ctl_time_io_secs =
5800		(c[0] << 8) |
5801		(c[1] << 0) |
5802		0;
5803	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5804	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5805	printf("page data:");
5806	for (i=0; i<8; i++)
5807		printf(" %.2x",page_ptr[i]);
5808	printf("\n");
5809	return (0);
5810}
5811
5812int
5813ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5814			       struct ctl_page_index *page_index,
5815			       int pc)
5816{
5817	struct copan_debugconf_subpage *page;
5818
5819	page = (struct copan_debugconf_subpage *)page_index->page_data +
5820		(page_index->page_len * pc);
5821
5822	switch (pc) {
5823	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5824	case SMS_PAGE_CTRL_DEFAULT >> 6:
5825	case SMS_PAGE_CTRL_SAVED >> 6:
5826		/*
5827		 * We don't update the changable or default bits for this page.
5828		 */
5829		break;
5830	case SMS_PAGE_CTRL_CURRENT >> 6:
5831		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5832		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5833		break;
5834	default:
5835#ifdef NEEDTOPORT
5836		EPRINT(0, "Invalid PC %d!!", pc);
5837#endif /* NEEDTOPORT */
5838		break;
5839	}
5840	return (0);
5841}
5842
5843
5844static int
5845ctl_do_mode_select(union ctl_io *io)
5846{
5847	struct scsi_mode_page_header *page_header;
5848	struct ctl_page_index *page_index;
5849	struct ctl_scsiio *ctsio;
5850	int control_dev, page_len;
5851	int page_len_offset, page_len_size;
5852	union ctl_modepage_info *modepage_info;
5853	struct ctl_lun *lun;
5854	int *len_left, *len_used;
5855	int retval, i;
5856
5857	ctsio = &io->scsiio;
5858	page_index = NULL;
5859	page_len = 0;
5860	retval = CTL_RETVAL_COMPLETE;
5861
5862	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5863
5864	if (lun->be_lun->lun_type != T_DIRECT)
5865		control_dev = 1;
5866	else
5867		control_dev = 0;
5868
5869	modepage_info = (union ctl_modepage_info *)
5870		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5871	len_left = &modepage_info->header.len_left;
5872	len_used = &modepage_info->header.len_used;
5873
5874do_next_page:
5875
5876	page_header = (struct scsi_mode_page_header *)
5877		(ctsio->kern_data_ptr + *len_used);
5878
5879	if (*len_left == 0) {
5880		free(ctsio->kern_data_ptr, M_CTL);
5881		ctl_set_success(ctsio);
5882		ctl_done((union ctl_io *)ctsio);
5883		return (CTL_RETVAL_COMPLETE);
5884	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5885
5886		free(ctsio->kern_data_ptr, M_CTL);
5887		ctl_set_param_len_error(ctsio);
5888		ctl_done((union ctl_io *)ctsio);
5889		return (CTL_RETVAL_COMPLETE);
5890
5891	} else if ((page_header->page_code & SMPH_SPF)
5892		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5893
5894		free(ctsio->kern_data_ptr, M_CTL);
5895		ctl_set_param_len_error(ctsio);
5896		ctl_done((union ctl_io *)ctsio);
5897		return (CTL_RETVAL_COMPLETE);
5898	}
5899
5900
5901	/*
5902	 * XXX KDM should we do something with the block descriptor?
5903	 */
5904	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5905
5906		if ((control_dev != 0)
5907		 && (lun->mode_pages.index[i].page_flags &
5908		     CTL_PAGE_FLAG_DISK_ONLY))
5909			continue;
5910
5911		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5912		    (page_header->page_code & SMPH_PC_MASK))
5913			continue;
5914
5915		/*
5916		 * If neither page has a subpage code, then we've got a
5917		 * match.
5918		 */
5919		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5920		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5921			page_index = &lun->mode_pages.index[i];
5922			page_len = page_header->page_length;
5923			break;
5924		}
5925
5926		/*
5927		 * If both pages have subpages, then the subpage numbers
5928		 * have to match.
5929		 */
5930		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5931		  && (page_header->page_code & SMPH_SPF)) {
5932			struct scsi_mode_page_header_sp *sph;
5933
5934			sph = (struct scsi_mode_page_header_sp *)page_header;
5935
5936			if (lun->mode_pages.index[i].subpage ==
5937			    sph->subpage) {
5938				page_index = &lun->mode_pages.index[i];
5939				page_len = scsi_2btoul(sph->page_length);
5940				break;
5941			}
5942		}
5943	}
5944
5945	/*
5946	 * If we couldn't find the page, or if we don't have a mode select
5947	 * handler for it, send back an error to the user.
5948	 */
5949	if ((page_index == NULL)
5950	 || (page_index->select_handler == NULL)) {
5951		ctl_set_invalid_field(ctsio,
5952				      /*sks_valid*/ 1,
5953				      /*command*/ 0,
5954				      /*field*/ *len_used,
5955				      /*bit_valid*/ 0,
5956				      /*bit*/ 0);
5957		free(ctsio->kern_data_ptr, M_CTL);
5958		ctl_done((union ctl_io *)ctsio);
5959		return (CTL_RETVAL_COMPLETE);
5960	}
5961
5962	if (page_index->page_code & SMPH_SPF) {
5963		page_len_offset = 2;
5964		page_len_size = 2;
5965	} else {
5966		page_len_size = 1;
5967		page_len_offset = 1;
5968	}
5969
5970	/*
5971	 * If the length the initiator gives us isn't the one we specify in
5972	 * the mode page header, or if they didn't specify enough data in
5973	 * the CDB to avoid truncating this page, kick out the request.
5974	 */
5975	if ((page_len != (page_index->page_len - page_len_offset -
5976			  page_len_size))
5977	 || (*len_left < page_index->page_len)) {
5978
5979
5980		ctl_set_invalid_field(ctsio,
5981				      /*sks_valid*/ 1,
5982				      /*command*/ 0,
5983				      /*field*/ *len_used + page_len_offset,
5984				      /*bit_valid*/ 0,
5985				      /*bit*/ 0);
5986		free(ctsio->kern_data_ptr, M_CTL);
5987		ctl_done((union ctl_io *)ctsio);
5988		return (CTL_RETVAL_COMPLETE);
5989	}
5990
5991	/*
5992	 * Run through the mode page, checking to make sure that the bits
5993	 * the user changed are actually legal for him to change.
5994	 */
5995	for (i = 0; i < page_index->page_len; i++) {
5996		uint8_t *user_byte, *change_mask, *current_byte;
5997		int bad_bit;
5998		int j;
5999
6000		user_byte = (uint8_t *)page_header + i;
6001		change_mask = page_index->page_data +
6002			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6003		current_byte = page_index->page_data +
6004			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6005
6006		/*
6007		 * Check to see whether the user set any bits in this byte
6008		 * that he is not allowed to set.
6009		 */
6010		if ((*user_byte & ~(*change_mask)) ==
6011		    (*current_byte & ~(*change_mask)))
6012			continue;
6013
6014		/*
6015		 * Go through bit by bit to determine which one is illegal.
6016		 */
6017		bad_bit = 0;
6018		for (j = 7; j >= 0; j--) {
6019			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6020			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6021				bad_bit = i;
6022				break;
6023			}
6024		}
6025		ctl_set_invalid_field(ctsio,
6026				      /*sks_valid*/ 1,
6027				      /*command*/ 0,
6028				      /*field*/ *len_used + i,
6029				      /*bit_valid*/ 1,
6030				      /*bit*/ bad_bit);
6031		free(ctsio->kern_data_ptr, M_CTL);
6032		ctl_done((union ctl_io *)ctsio);
6033		return (CTL_RETVAL_COMPLETE);
6034	}
6035
6036	/*
6037	 * Decrement these before we call the page handler, since we may
6038	 * end up getting called back one way or another before the handler
6039	 * returns to this context.
6040	 */
6041	*len_left -= page_index->page_len;
6042	*len_used += page_index->page_len;
6043
6044	retval = page_index->select_handler(ctsio, page_index,
6045					    (uint8_t *)page_header);
6046
6047	/*
6048	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6049	 * wait until this queued command completes to finish processing
6050	 * the mode page.  If it returns anything other than
6051	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6052	 * already set the sense information, freed the data pointer, and
6053	 * completed the io for us.
6054	 */
6055	if (retval != CTL_RETVAL_COMPLETE)
6056		goto bailout_no_done;
6057
6058	/*
6059	 * If the initiator sent us more than one page, parse the next one.
6060	 */
6061	if (*len_left > 0)
6062		goto do_next_page;
6063
6064	ctl_set_success(ctsio);
6065	free(ctsio->kern_data_ptr, M_CTL);
6066	ctl_done((union ctl_io *)ctsio);
6067
6068bailout_no_done:
6069
6070	return (CTL_RETVAL_COMPLETE);
6071
6072}
6073
6074int
6075ctl_mode_select(struct ctl_scsiio *ctsio)
6076{
6077	int param_len, pf, sp;
6078	int header_size, bd_len;
6079	int len_left, len_used;
6080	struct ctl_page_index *page_index;
6081	struct ctl_lun *lun;
6082	int control_dev, page_len;
6083	union ctl_modepage_info *modepage_info;
6084	int retval;
6085
6086	pf = 0;
6087	sp = 0;
6088	page_len = 0;
6089	len_used = 0;
6090	len_left = 0;
6091	retval = 0;
6092	bd_len = 0;
6093	page_index = NULL;
6094
6095	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6096
6097	if (lun->be_lun->lun_type != T_DIRECT)
6098		control_dev = 1;
6099	else
6100		control_dev = 0;
6101
6102	switch (ctsio->cdb[0]) {
6103	case MODE_SELECT_6: {
6104		struct scsi_mode_select_6 *cdb;
6105
6106		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6107
6108		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6109		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6110
6111		param_len = cdb->length;
6112		header_size = sizeof(struct scsi_mode_header_6);
6113		break;
6114	}
6115	case MODE_SELECT_10: {
6116		struct scsi_mode_select_10 *cdb;
6117
6118		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6119
6120		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6121		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6122
6123		param_len = scsi_2btoul(cdb->length);
6124		header_size = sizeof(struct scsi_mode_header_10);
6125		break;
6126	}
6127	default:
6128		ctl_set_invalid_opcode(ctsio);
6129		ctl_done((union ctl_io *)ctsio);
6130		return (CTL_RETVAL_COMPLETE);
6131		break; /* NOTREACHED */
6132	}
6133
6134	/*
6135	 * From SPC-3:
6136	 * "A parameter list length of zero indicates that the Data-Out Buffer
6137	 * shall be empty. This condition shall not be considered as an error."
6138	 */
6139	if (param_len == 0) {
6140		ctl_set_success(ctsio);
6141		ctl_done((union ctl_io *)ctsio);
6142		return (CTL_RETVAL_COMPLETE);
6143	}
6144
6145	/*
6146	 * Since we'll hit this the first time through, prior to
6147	 * allocation, we don't need to free a data buffer here.
6148	 */
6149	if (param_len < header_size) {
6150		ctl_set_param_len_error(ctsio);
6151		ctl_done((union ctl_io *)ctsio);
6152		return (CTL_RETVAL_COMPLETE);
6153	}
6154
6155	/*
6156	 * Allocate the data buffer and grab the user's data.  In theory,
6157	 * we shouldn't have to sanity check the parameter list length here
6158	 * because the maximum size is 64K.  We should be able to malloc
6159	 * that much without too many problems.
6160	 */
6161	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6162		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6163		ctsio->kern_data_len = param_len;
6164		ctsio->kern_total_len = param_len;
6165		ctsio->kern_data_resid = 0;
6166		ctsio->kern_rel_offset = 0;
6167		ctsio->kern_sg_entries = 0;
6168		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6169		ctsio->be_move_done = ctl_config_move_done;
6170		ctl_datamove((union ctl_io *)ctsio);
6171
6172		return (CTL_RETVAL_COMPLETE);
6173	}
6174
6175	switch (ctsio->cdb[0]) {
6176	case MODE_SELECT_6: {
6177		struct scsi_mode_header_6 *mh6;
6178
6179		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6180		bd_len = mh6->blk_desc_len;
6181		break;
6182	}
6183	case MODE_SELECT_10: {
6184		struct scsi_mode_header_10 *mh10;
6185
6186		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6187		bd_len = scsi_2btoul(mh10->blk_desc_len);
6188		break;
6189	}
6190	default:
6191		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6192		break;
6193	}
6194
6195	if (param_len < (header_size + bd_len)) {
6196		free(ctsio->kern_data_ptr, M_CTL);
6197		ctl_set_param_len_error(ctsio);
6198		ctl_done((union ctl_io *)ctsio);
6199		return (CTL_RETVAL_COMPLETE);
6200	}
6201
6202	/*
6203	 * Set the IO_CONT flag, so that if this I/O gets passed to
6204	 * ctl_config_write_done(), it'll get passed back to
6205	 * ctl_do_mode_select() for further processing, or completion if
6206	 * we're all done.
6207	 */
6208	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6209	ctsio->io_cont = ctl_do_mode_select;
6210
6211	modepage_info = (union ctl_modepage_info *)
6212		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6213
6214	memset(modepage_info, 0, sizeof(*modepage_info));
6215
6216	len_left = param_len - header_size - bd_len;
6217	len_used = header_size + bd_len;
6218
6219	modepage_info->header.len_left = len_left;
6220	modepage_info->header.len_used = len_used;
6221
6222	return (ctl_do_mode_select((union ctl_io *)ctsio));
6223}
6224
6225int
6226ctl_mode_sense(struct ctl_scsiio *ctsio)
6227{
6228	struct ctl_lun *lun;
6229	int pc, page_code, dbd, llba, subpage;
6230	int alloc_len, page_len, header_len, total_len;
6231	struct scsi_mode_block_descr *block_desc;
6232	struct ctl_page_index *page_index;
6233	int control_dev;
6234
6235	dbd = 0;
6236	llba = 0;
6237	block_desc = NULL;
6238	page_index = NULL;
6239
6240	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6241
6242	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6243
6244	if (lun->be_lun->lun_type != T_DIRECT)
6245		control_dev = 1;
6246	else
6247		control_dev = 0;
6248
6249	switch (ctsio->cdb[0]) {
6250	case MODE_SENSE_6: {
6251		struct scsi_mode_sense_6 *cdb;
6252
6253		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6254
6255		header_len = sizeof(struct scsi_mode_hdr_6);
6256		if (cdb->byte2 & SMS_DBD)
6257			dbd = 1;
6258		else
6259			header_len += sizeof(struct scsi_mode_block_descr);
6260
6261		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6262		page_code = cdb->page & SMS_PAGE_CODE;
6263		subpage = cdb->subpage;
6264		alloc_len = cdb->length;
6265		break;
6266	}
6267	case MODE_SENSE_10: {
6268		struct scsi_mode_sense_10 *cdb;
6269
6270		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6271
6272		header_len = sizeof(struct scsi_mode_hdr_10);
6273
6274		if (cdb->byte2 & SMS_DBD)
6275			dbd = 1;
6276		else
6277			header_len += sizeof(struct scsi_mode_block_descr);
6278		if (cdb->byte2 & SMS10_LLBAA)
6279			llba = 1;
6280		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6281		page_code = cdb->page & SMS_PAGE_CODE;
6282		subpage = cdb->subpage;
6283		alloc_len = scsi_2btoul(cdb->length);
6284		break;
6285	}
6286	default:
6287		ctl_set_invalid_opcode(ctsio);
6288		ctl_done((union ctl_io *)ctsio);
6289		return (CTL_RETVAL_COMPLETE);
6290		break; /* NOTREACHED */
6291	}
6292
6293	/*
6294	 * We have to make a first pass through to calculate the size of
6295	 * the pages that match the user's query.  Then we allocate enough
6296	 * memory to hold it, and actually copy the data into the buffer.
6297	 */
6298	switch (page_code) {
6299	case SMS_ALL_PAGES_PAGE: {
6300		int i;
6301
6302		page_len = 0;
6303
6304		/*
6305		 * At the moment, values other than 0 and 0xff here are
6306		 * reserved according to SPC-3.
6307		 */
6308		if ((subpage != SMS_SUBPAGE_PAGE_0)
6309		 && (subpage != SMS_SUBPAGE_ALL)) {
6310			ctl_set_invalid_field(ctsio,
6311					      /*sks_valid*/ 1,
6312					      /*command*/ 1,
6313					      /*field*/ 3,
6314					      /*bit_valid*/ 0,
6315					      /*bit*/ 0);
6316			ctl_done((union ctl_io *)ctsio);
6317			return (CTL_RETVAL_COMPLETE);
6318		}
6319
6320		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6321			if ((control_dev != 0)
6322			 && (lun->mode_pages.index[i].page_flags &
6323			     CTL_PAGE_FLAG_DISK_ONLY))
6324				continue;
6325
6326			/*
6327			 * We don't use this subpage if the user didn't
6328			 * request all subpages.
6329			 */
6330			if ((lun->mode_pages.index[i].subpage != 0)
6331			 && (subpage == SMS_SUBPAGE_PAGE_0))
6332				continue;
6333
6334#if 0
6335			printf("found page %#x len %d\n",
6336			       lun->mode_pages.index[i].page_code &
6337			       SMPH_PC_MASK,
6338			       lun->mode_pages.index[i].page_len);
6339#endif
6340			page_len += lun->mode_pages.index[i].page_len;
6341		}
6342		break;
6343	}
6344	default: {
6345		int i;
6346
6347		page_len = 0;
6348
6349		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6350			/* Look for the right page code */
6351			if ((lun->mode_pages.index[i].page_code &
6352			     SMPH_PC_MASK) != page_code)
6353				continue;
6354
6355			/* Look for the right subpage or the subpage wildcard*/
6356			if ((lun->mode_pages.index[i].subpage != subpage)
6357			 && (subpage != SMS_SUBPAGE_ALL))
6358				continue;
6359
6360			/* Make sure the page is supported for this dev type */
6361			if ((control_dev != 0)
6362			 && (lun->mode_pages.index[i].page_flags &
6363			     CTL_PAGE_FLAG_DISK_ONLY))
6364				continue;
6365
6366#if 0
6367			printf("found page %#x len %d\n",
6368			       lun->mode_pages.index[i].page_code &
6369			       SMPH_PC_MASK,
6370			       lun->mode_pages.index[i].page_len);
6371#endif
6372
6373			page_len += lun->mode_pages.index[i].page_len;
6374		}
6375
6376		if (page_len == 0) {
6377			ctl_set_invalid_field(ctsio,
6378					      /*sks_valid*/ 1,
6379					      /*command*/ 1,
6380					      /*field*/ 2,
6381					      /*bit_valid*/ 1,
6382					      /*bit*/ 5);
6383			ctl_done((union ctl_io *)ctsio);
6384			return (CTL_RETVAL_COMPLETE);
6385		}
6386		break;
6387	}
6388	}
6389
6390	total_len = header_len + page_len;
6391#if 0
6392	printf("header_len = %d, page_len = %d, total_len = %d\n",
6393	       header_len, page_len, total_len);
6394#endif
6395
6396	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6397	ctsio->kern_sg_entries = 0;
6398	ctsio->kern_data_resid = 0;
6399	ctsio->kern_rel_offset = 0;
6400	if (total_len < alloc_len) {
6401		ctsio->residual = alloc_len - total_len;
6402		ctsio->kern_data_len = total_len;
6403		ctsio->kern_total_len = total_len;
6404	} else {
6405		ctsio->residual = 0;
6406		ctsio->kern_data_len = alloc_len;
6407		ctsio->kern_total_len = alloc_len;
6408	}
6409
6410	switch (ctsio->cdb[0]) {
6411	case MODE_SENSE_6: {
6412		struct scsi_mode_hdr_6 *header;
6413
6414		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6415
6416		header->datalen = MIN(total_len - 1, 254);
6417		if (control_dev == 0) {
6418			header->dev_specific = 0x10; /* DPOFUA */
6419			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6420			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6421			    .eca_and_aen & SCP_SWP) != 0)
6422				    header->dev_specific |= 0x80; /* WP */
6423		}
6424		if (dbd)
6425			header->block_descr_len = 0;
6426		else
6427			header->block_descr_len =
6428				sizeof(struct scsi_mode_block_descr);
6429		block_desc = (struct scsi_mode_block_descr *)&header[1];
6430		break;
6431	}
6432	case MODE_SENSE_10: {
6433		struct scsi_mode_hdr_10 *header;
6434		int datalen;
6435
6436		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6437
6438		datalen = MIN(total_len - 2, 65533);
6439		scsi_ulto2b(datalen, header->datalen);
6440		if (control_dev == 0) {
6441			header->dev_specific = 0x10; /* DPOFUA */
6442			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6443			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6444			    .eca_and_aen & SCP_SWP) != 0)
6445				    header->dev_specific |= 0x80; /* WP */
6446		}
6447		if (dbd)
6448			scsi_ulto2b(0, header->block_descr_len);
6449		else
6450			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6451				    header->block_descr_len);
6452		block_desc = (struct scsi_mode_block_descr *)&header[1];
6453		break;
6454	}
6455	default:
6456		panic("invalid CDB type %#x", ctsio->cdb[0]);
6457		break; /* NOTREACHED */
6458	}
6459
6460	/*
6461	 * If we've got a disk, use its blocksize in the block
6462	 * descriptor.  Otherwise, just set it to 0.
6463	 */
6464	if (dbd == 0) {
6465		if (control_dev == 0)
6466			scsi_ulto3b(lun->be_lun->blocksize,
6467				    block_desc->block_len);
6468		else
6469			scsi_ulto3b(0, block_desc->block_len);
6470	}
6471
6472	switch (page_code) {
6473	case SMS_ALL_PAGES_PAGE: {
6474		int i, data_used;
6475
6476		data_used = header_len;
6477		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6478			struct ctl_page_index *page_index;
6479
6480			page_index = &lun->mode_pages.index[i];
6481
6482			if ((control_dev != 0)
6483			 && (page_index->page_flags &
6484			    CTL_PAGE_FLAG_DISK_ONLY))
6485				continue;
6486
6487			/*
6488			 * We don't use this subpage if the user didn't
6489			 * request all subpages.  We already checked (above)
6490			 * to make sure the user only specified a subpage
6491			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6492			 */
6493			if ((page_index->subpage != 0)
6494			 && (subpage == SMS_SUBPAGE_PAGE_0))
6495				continue;
6496
6497			/*
6498			 * Call the handler, if it exists, to update the
6499			 * page to the latest values.
6500			 */
6501			if (page_index->sense_handler != NULL)
6502				page_index->sense_handler(ctsio, page_index,pc);
6503
6504			memcpy(ctsio->kern_data_ptr + data_used,
6505			       page_index->page_data +
6506			       (page_index->page_len * pc),
6507			       page_index->page_len);
6508			data_used += page_index->page_len;
6509		}
6510		break;
6511	}
6512	default: {
6513		int i, data_used;
6514
6515		data_used = header_len;
6516
6517		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6518			struct ctl_page_index *page_index;
6519
6520			page_index = &lun->mode_pages.index[i];
6521
6522			/* Look for the right page code */
6523			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6524				continue;
6525
6526			/* Look for the right subpage or the subpage wildcard*/
6527			if ((page_index->subpage != subpage)
6528			 && (subpage != SMS_SUBPAGE_ALL))
6529				continue;
6530
6531			/* Make sure the page is supported for this dev type */
6532			if ((control_dev != 0)
6533			 && (page_index->page_flags &
6534			     CTL_PAGE_FLAG_DISK_ONLY))
6535				continue;
6536
6537			/*
6538			 * Call the handler, if it exists, to update the
6539			 * page to the latest values.
6540			 */
6541			if (page_index->sense_handler != NULL)
6542				page_index->sense_handler(ctsio, page_index,pc);
6543
6544			memcpy(ctsio->kern_data_ptr + data_used,
6545			       page_index->page_data +
6546			       (page_index->page_len * pc),
6547			       page_index->page_len);
6548			data_used += page_index->page_len;
6549		}
6550		break;
6551	}
6552	}
6553
6554	ctl_set_success(ctsio);
6555	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6556	ctsio->be_move_done = ctl_config_move_done;
6557	ctl_datamove((union ctl_io *)ctsio);
6558	return (CTL_RETVAL_COMPLETE);
6559}
6560
6561int
6562ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6563			       struct ctl_page_index *page_index,
6564			       int pc)
6565{
6566	struct ctl_lun *lun;
6567	struct scsi_log_param_header *phdr;
6568	uint8_t *data;
6569	uint64_t val;
6570
6571	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6572	data = page_index->page_data;
6573
6574	if (lun->backend->lun_attr != NULL &&
6575	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6576	     != UINT64_MAX) {
6577		phdr = (struct scsi_log_param_header *)data;
6578		scsi_ulto2b(0x0001, phdr->param_code);
6579		phdr->param_control = SLP_LBIN | SLP_LP;
6580		phdr->param_len = 8;
6581		data = (uint8_t *)(phdr + 1);
6582		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6583		data[4] = 0x02; /* per-pool */
6584		data += phdr->param_len;
6585	}
6586
6587	if (lun->backend->lun_attr != NULL &&
6588	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6589	     != UINT64_MAX) {
6590		phdr = (struct scsi_log_param_header *)data;
6591		scsi_ulto2b(0x0002, phdr->param_code);
6592		phdr->param_control = SLP_LBIN | SLP_LP;
6593		phdr->param_len = 8;
6594		data = (uint8_t *)(phdr + 1);
6595		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6596		data[4] = 0x01; /* per-LUN */
6597		data += phdr->param_len;
6598	}
6599
6600	if (lun->backend->lun_attr != NULL &&
6601	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6602	     != UINT64_MAX) {
6603		phdr = (struct scsi_log_param_header *)data;
6604		scsi_ulto2b(0x00f1, phdr->param_code);
6605		phdr->param_control = SLP_LBIN | SLP_LP;
6606		phdr->param_len = 8;
6607		data = (uint8_t *)(phdr + 1);
6608		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6609		data[4] = 0x02; /* per-pool */
6610		data += phdr->param_len;
6611	}
6612
6613	if (lun->backend->lun_attr != NULL &&
6614	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6615	     != UINT64_MAX) {
6616		phdr = (struct scsi_log_param_header *)data;
6617		scsi_ulto2b(0x00f2, phdr->param_code);
6618		phdr->param_control = SLP_LBIN | SLP_LP;
6619		phdr->param_len = 8;
6620		data = (uint8_t *)(phdr + 1);
6621		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6622		data[4] = 0x02; /* per-pool */
6623		data += phdr->param_len;
6624	}
6625
6626	page_index->page_len = data - page_index->page_data;
6627	return (0);
6628}
6629
6630int
6631ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6632			       struct ctl_page_index *page_index,
6633			       int pc)
6634{
6635	struct ctl_lun *lun;
6636	struct stat_page *data;
6637	uint64_t rn, wn, rb, wb;
6638	struct bintime rt, wt;
6639	int i;
6640
6641	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6642	data = (struct stat_page *)page_index->page_data;
6643
6644	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6645	data->sap.hdr.param_control = SLP_LBIN;
6646	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6647	    sizeof(struct scsi_log_param_header);
6648	rn = wn = rb = wb = 0;
6649	bintime_clear(&rt);
6650	bintime_clear(&wt);
6651	for (i = 0; i < CTL_MAX_PORTS; i++) {
6652		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6653		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6654		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6655		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6656		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6657		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6658	}
6659	scsi_u64to8b(rn, data->sap.read_num);
6660	scsi_u64to8b(wn, data->sap.write_num);
6661	if (lun->stats.blocksize > 0) {
6662		scsi_u64to8b(wb / lun->stats.blocksize,
6663		    data->sap.recvieved_lba);
6664		scsi_u64to8b(rb / lun->stats.blocksize,
6665		    data->sap.transmitted_lba);
6666	}
6667	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6668	    data->sap.read_int);
6669	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6670	    data->sap.write_int);
6671	scsi_u64to8b(0, data->sap.weighted_num);
6672	scsi_u64to8b(0, data->sap.weighted_int);
6673	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6674	data->it.hdr.param_control = SLP_LBIN;
6675	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6676	    sizeof(struct scsi_log_param_header);
6677#ifdef CTL_TIME_IO
6678	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6679#endif
6680	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6681	data->it.hdr.param_control = SLP_LBIN;
6682	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6683	    sizeof(struct scsi_log_param_header);
6684	scsi_ulto4b(3, data->ti.exponent);
6685	scsi_ulto4b(1, data->ti.integer);
6686
6687	page_index->page_len = sizeof(*data);
6688	return (0);
6689}
6690
6691int
6692ctl_log_sense(struct ctl_scsiio *ctsio)
6693{
6694	struct ctl_lun *lun;
6695	int i, pc, page_code, subpage;
6696	int alloc_len, total_len;
6697	struct ctl_page_index *page_index;
6698	struct scsi_log_sense *cdb;
6699	struct scsi_log_header *header;
6700
6701	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6702
6703	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6704	cdb = (struct scsi_log_sense *)ctsio->cdb;
6705	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6706	page_code = cdb->page & SLS_PAGE_CODE;
6707	subpage = cdb->subpage;
6708	alloc_len = scsi_2btoul(cdb->length);
6709
6710	page_index = NULL;
6711	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6712		page_index = &lun->log_pages.index[i];
6713
6714		/* Look for the right page code */
6715		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6716			continue;
6717
6718		/* Look for the right subpage or the subpage wildcard*/
6719		if (page_index->subpage != subpage)
6720			continue;
6721
6722		break;
6723	}
6724	if (i >= CTL_NUM_LOG_PAGES) {
6725		ctl_set_invalid_field(ctsio,
6726				      /*sks_valid*/ 1,
6727				      /*command*/ 1,
6728				      /*field*/ 2,
6729				      /*bit_valid*/ 0,
6730				      /*bit*/ 0);
6731		ctl_done((union ctl_io *)ctsio);
6732		return (CTL_RETVAL_COMPLETE);
6733	}
6734
6735	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6736
6737	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6738	ctsio->kern_sg_entries = 0;
6739	ctsio->kern_data_resid = 0;
6740	ctsio->kern_rel_offset = 0;
6741	if (total_len < alloc_len) {
6742		ctsio->residual = alloc_len - total_len;
6743		ctsio->kern_data_len = total_len;
6744		ctsio->kern_total_len = total_len;
6745	} else {
6746		ctsio->residual = 0;
6747		ctsio->kern_data_len = alloc_len;
6748		ctsio->kern_total_len = alloc_len;
6749	}
6750
6751	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6752	header->page = page_index->page_code;
6753	if (page_index->subpage) {
6754		header->page |= SL_SPF;
6755		header->subpage = page_index->subpage;
6756	}
6757	scsi_ulto2b(page_index->page_len, header->datalen);
6758
6759	/*
6760	 * Call the handler, if it exists, to update the
6761	 * page to the latest values.
6762	 */
6763	if (page_index->sense_handler != NULL)
6764		page_index->sense_handler(ctsio, page_index, pc);
6765
6766	memcpy(header + 1, page_index->page_data, page_index->page_len);
6767
6768	ctl_set_success(ctsio);
6769	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6770	ctsio->be_move_done = ctl_config_move_done;
6771	ctl_datamove((union ctl_io *)ctsio);
6772	return (CTL_RETVAL_COMPLETE);
6773}
6774
6775int
6776ctl_read_capacity(struct ctl_scsiio *ctsio)
6777{
6778	struct scsi_read_capacity *cdb;
6779	struct scsi_read_capacity_data *data;
6780	struct ctl_lun *lun;
6781	uint32_t lba;
6782
6783	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6784
6785	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6786
6787	lba = scsi_4btoul(cdb->addr);
6788	if (((cdb->pmi & SRC_PMI) == 0)
6789	 && (lba != 0)) {
6790		ctl_set_invalid_field(/*ctsio*/ ctsio,
6791				      /*sks_valid*/ 1,
6792				      /*command*/ 1,
6793				      /*field*/ 2,
6794				      /*bit_valid*/ 0,
6795				      /*bit*/ 0);
6796		ctl_done((union ctl_io *)ctsio);
6797		return (CTL_RETVAL_COMPLETE);
6798	}
6799
6800	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6801
6802	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6803	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6804	ctsio->residual = 0;
6805	ctsio->kern_data_len = sizeof(*data);
6806	ctsio->kern_total_len = sizeof(*data);
6807	ctsio->kern_data_resid = 0;
6808	ctsio->kern_rel_offset = 0;
6809	ctsio->kern_sg_entries = 0;
6810
6811	/*
6812	 * If the maximum LBA is greater than 0xfffffffe, the user must
6813	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6814	 * serivce action set.
6815	 */
6816	if (lun->be_lun->maxlba > 0xfffffffe)
6817		scsi_ulto4b(0xffffffff, data->addr);
6818	else
6819		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6820
6821	/*
6822	 * XXX KDM this may not be 512 bytes...
6823	 */
6824	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6825
6826	ctl_set_success(ctsio);
6827	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6828	ctsio->be_move_done = ctl_config_move_done;
6829	ctl_datamove((union ctl_io *)ctsio);
6830	return (CTL_RETVAL_COMPLETE);
6831}
6832
6833int
6834ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6835{
6836	struct scsi_read_capacity_16 *cdb;
6837	struct scsi_read_capacity_data_long *data;
6838	struct ctl_lun *lun;
6839	uint64_t lba;
6840	uint32_t alloc_len;
6841
6842	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6843
6844	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6845
6846	alloc_len = scsi_4btoul(cdb->alloc_len);
6847	lba = scsi_8btou64(cdb->addr);
6848
6849	if ((cdb->reladr & SRC16_PMI)
6850	 && (lba != 0)) {
6851		ctl_set_invalid_field(/*ctsio*/ ctsio,
6852				      /*sks_valid*/ 1,
6853				      /*command*/ 1,
6854				      /*field*/ 2,
6855				      /*bit_valid*/ 0,
6856				      /*bit*/ 0);
6857		ctl_done((union ctl_io *)ctsio);
6858		return (CTL_RETVAL_COMPLETE);
6859	}
6860
6861	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6862
6863	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6864	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6865
6866	if (sizeof(*data) < alloc_len) {
6867		ctsio->residual = alloc_len - sizeof(*data);
6868		ctsio->kern_data_len = sizeof(*data);
6869		ctsio->kern_total_len = sizeof(*data);
6870	} else {
6871		ctsio->residual = 0;
6872		ctsio->kern_data_len = alloc_len;
6873		ctsio->kern_total_len = alloc_len;
6874	}
6875	ctsio->kern_data_resid = 0;
6876	ctsio->kern_rel_offset = 0;
6877	ctsio->kern_sg_entries = 0;
6878
6879	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6880	/* XXX KDM this may not be 512 bytes... */
6881	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6882	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6883	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6884	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6885		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6886
6887	ctl_set_success(ctsio);
6888	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6889	ctsio->be_move_done = ctl_config_move_done;
6890	ctl_datamove((union ctl_io *)ctsio);
6891	return (CTL_RETVAL_COMPLETE);
6892}
6893
6894int
6895ctl_get_lba_status(struct ctl_scsiio *ctsio)
6896{
6897	struct scsi_get_lba_status *cdb;
6898	struct scsi_get_lba_status_data *data;
6899	struct ctl_lun *lun;
6900	struct ctl_lba_len_flags *lbalen;
6901	uint64_t lba;
6902	uint32_t alloc_len, total_len;
6903	int retval;
6904
6905	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6906
6907	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6908	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6909	lba = scsi_8btou64(cdb->addr);
6910	alloc_len = scsi_4btoul(cdb->alloc_len);
6911
6912	if (lba > lun->be_lun->maxlba) {
6913		ctl_set_lba_out_of_range(ctsio);
6914		ctl_done((union ctl_io *)ctsio);
6915		return (CTL_RETVAL_COMPLETE);
6916	}
6917
6918	total_len = sizeof(*data) + sizeof(data->descr[0]);
6919	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6920	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6921
6922	if (total_len < alloc_len) {
6923		ctsio->residual = alloc_len - total_len;
6924		ctsio->kern_data_len = total_len;
6925		ctsio->kern_total_len = total_len;
6926	} else {
6927		ctsio->residual = 0;
6928		ctsio->kern_data_len = alloc_len;
6929		ctsio->kern_total_len = alloc_len;
6930	}
6931	ctsio->kern_data_resid = 0;
6932	ctsio->kern_rel_offset = 0;
6933	ctsio->kern_sg_entries = 0;
6934
6935	/* Fill dummy data in case backend can't tell anything. */
6936	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6937	scsi_u64to8b(lba, data->descr[0].addr);
6938	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6939	    data->descr[0].length);
6940	data->descr[0].status = 0; /* Mapped or unknown. */
6941
6942	ctl_set_success(ctsio);
6943	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6944	ctsio->be_move_done = ctl_config_move_done;
6945
6946	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6947	lbalen->lba = lba;
6948	lbalen->len = total_len;
6949	lbalen->flags = 0;
6950	retval = lun->backend->config_read((union ctl_io *)ctsio);
6951	return (CTL_RETVAL_COMPLETE);
6952}
6953
6954int
6955ctl_read_defect(struct ctl_scsiio *ctsio)
6956{
6957	struct scsi_read_defect_data_10 *ccb10;
6958	struct scsi_read_defect_data_12 *ccb12;
6959	struct scsi_read_defect_data_hdr_10 *data10;
6960	struct scsi_read_defect_data_hdr_12 *data12;
6961	uint32_t alloc_len, data_len;
6962	uint8_t format;
6963
6964	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6965
6966	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6967		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6968		format = ccb10->format;
6969		alloc_len = scsi_2btoul(ccb10->alloc_length);
6970		data_len = sizeof(*data10);
6971	} else {
6972		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6973		format = ccb12->format;
6974		alloc_len = scsi_4btoul(ccb12->alloc_length);
6975		data_len = sizeof(*data12);
6976	}
6977	if (alloc_len == 0) {
6978		ctl_set_success(ctsio);
6979		ctl_done((union ctl_io *)ctsio);
6980		return (CTL_RETVAL_COMPLETE);
6981	}
6982
6983	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6984	if (data_len < alloc_len) {
6985		ctsio->residual = alloc_len - data_len;
6986		ctsio->kern_data_len = data_len;
6987		ctsio->kern_total_len = data_len;
6988	} else {
6989		ctsio->residual = 0;
6990		ctsio->kern_data_len = alloc_len;
6991		ctsio->kern_total_len = alloc_len;
6992	}
6993	ctsio->kern_data_resid = 0;
6994	ctsio->kern_rel_offset = 0;
6995	ctsio->kern_sg_entries = 0;
6996
6997	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6998		data10 = (struct scsi_read_defect_data_hdr_10 *)
6999		    ctsio->kern_data_ptr;
7000		data10->format = format;
7001		scsi_ulto2b(0, data10->length);
7002	} else {
7003		data12 = (struct scsi_read_defect_data_hdr_12 *)
7004		    ctsio->kern_data_ptr;
7005		data12->format = format;
7006		scsi_ulto2b(0, data12->generation);
7007		scsi_ulto4b(0, data12->length);
7008	}
7009
7010	ctl_set_success(ctsio);
7011	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7012	ctsio->be_move_done = ctl_config_move_done;
7013	ctl_datamove((union ctl_io *)ctsio);
7014	return (CTL_RETVAL_COMPLETE);
7015}
7016
7017int
7018ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7019{
7020	struct scsi_maintenance_in *cdb;
7021	int retval;
7022	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7023	int num_target_port_groups, num_target_ports;
7024	struct ctl_lun *lun;
7025	struct ctl_softc *softc;
7026	struct ctl_port *port;
7027	struct scsi_target_group_data *rtg_ptr;
7028	struct scsi_target_group_data_extended *rtg_ext_ptr;
7029	struct scsi_target_port_group_descriptor *tpg_desc;
7030
7031	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7032
7033	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7034	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7035	softc = lun->ctl_softc;
7036
7037	retval = CTL_RETVAL_COMPLETE;
7038
7039	switch (cdb->byte2 & STG_PDF_MASK) {
7040	case STG_PDF_LENGTH:
7041		ext = 0;
7042		break;
7043	case STG_PDF_EXTENDED:
7044		ext = 1;
7045		break;
7046	default:
7047		ctl_set_invalid_field(/*ctsio*/ ctsio,
7048				      /*sks_valid*/ 1,
7049				      /*command*/ 1,
7050				      /*field*/ 2,
7051				      /*bit_valid*/ 1,
7052				      /*bit*/ 5);
7053		ctl_done((union ctl_io *)ctsio);
7054		return(retval);
7055	}
7056
7057	if (softc->is_single)
7058		num_target_port_groups = 1;
7059	else
7060		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7061	num_target_ports = 0;
7062	mtx_lock(&softc->ctl_lock);
7063	STAILQ_FOREACH(port, &softc->port_list, links) {
7064		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7065			continue;
7066		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7067			continue;
7068		num_target_ports++;
7069	}
7070	mtx_unlock(&softc->ctl_lock);
7071
7072	if (ext)
7073		total_len = sizeof(struct scsi_target_group_data_extended);
7074	else
7075		total_len = sizeof(struct scsi_target_group_data);
7076	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7077		num_target_port_groups +
7078	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7079
7080	alloc_len = scsi_4btoul(cdb->length);
7081
7082	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7083
7084	ctsio->kern_sg_entries = 0;
7085
7086	if (total_len < alloc_len) {
7087		ctsio->residual = alloc_len - total_len;
7088		ctsio->kern_data_len = total_len;
7089		ctsio->kern_total_len = total_len;
7090	} else {
7091		ctsio->residual = 0;
7092		ctsio->kern_data_len = alloc_len;
7093		ctsio->kern_total_len = alloc_len;
7094	}
7095	ctsio->kern_data_resid = 0;
7096	ctsio->kern_rel_offset = 0;
7097
7098	if (ext) {
7099		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7100		    ctsio->kern_data_ptr;
7101		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7102		rtg_ext_ptr->format_type = 0x10;
7103		rtg_ext_ptr->implicit_transition_time = 0;
7104		tpg_desc = &rtg_ext_ptr->groups[0];
7105	} else {
7106		rtg_ptr = (struct scsi_target_group_data *)
7107		    ctsio->kern_data_ptr;
7108		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7109		tpg_desc = &rtg_ptr->groups[0];
7110	}
7111
7112	mtx_lock(&softc->ctl_lock);
7113	pg = softc->port_min / softc->port_cnt;
7114	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7115		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7116	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7117		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7118	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7119		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7120	else
7121		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7122	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7123		os = gs;
7124		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7125	} else
7126		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7127	for (g = 0; g < num_target_port_groups; g++) {
7128		tpg_desc->pref_state = (g == pg) ? gs : os;
7129		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7130		    TPG_U_SUP | TPG_T_SUP;
7131		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7132		tpg_desc->status = TPG_IMPLICIT;
7133		pc = 0;
7134		STAILQ_FOREACH(port, &softc->port_list, links) {
7135			if (port->targ_port < g * softc->port_cnt ||
7136			    port->targ_port >= (g + 1) * softc->port_cnt)
7137				continue;
7138			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7139				continue;
7140			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7141				continue;
7142			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7143			    relative_target_port_identifier);
7144			pc++;
7145		}
7146		tpg_desc->target_port_count = pc;
7147		tpg_desc = (struct scsi_target_port_group_descriptor *)
7148		    &tpg_desc->descriptors[pc];
7149	}
7150	mtx_unlock(&softc->ctl_lock);
7151
7152	ctl_set_success(ctsio);
7153	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7154	ctsio->be_move_done = ctl_config_move_done;
7155	ctl_datamove((union ctl_io *)ctsio);
7156	return(retval);
7157}
7158
7159int
7160ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7161{
7162	struct ctl_lun *lun;
7163	struct scsi_report_supported_opcodes *cdb;
7164	const struct ctl_cmd_entry *entry, *sentry;
7165	struct scsi_report_supported_opcodes_all *all;
7166	struct scsi_report_supported_opcodes_descr *descr;
7167	struct scsi_report_supported_opcodes_one *one;
7168	int retval;
7169	int alloc_len, total_len;
7170	int opcode, service_action, i, j, num;
7171
7172	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7173
7174	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7175	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7176
7177	retval = CTL_RETVAL_COMPLETE;
7178
7179	opcode = cdb->requested_opcode;
7180	service_action = scsi_2btoul(cdb->requested_service_action);
7181	switch (cdb->options & RSO_OPTIONS_MASK) {
7182	case RSO_OPTIONS_ALL:
7183		num = 0;
7184		for (i = 0; i < 256; i++) {
7185			entry = &ctl_cmd_table[i];
7186			if (entry->flags & CTL_CMD_FLAG_SA5) {
7187				for (j = 0; j < 32; j++) {
7188					sentry = &((const struct ctl_cmd_entry *)
7189					    entry->execute)[j];
7190					if (ctl_cmd_applicable(
7191					    lun->be_lun->lun_type, sentry))
7192						num++;
7193				}
7194			} else {
7195				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7196				    entry))
7197					num++;
7198			}
7199		}
7200		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7201		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7202		break;
7203	case RSO_OPTIONS_OC:
7204		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7205			ctl_set_invalid_field(/*ctsio*/ ctsio,
7206					      /*sks_valid*/ 1,
7207					      /*command*/ 1,
7208					      /*field*/ 2,
7209					      /*bit_valid*/ 1,
7210					      /*bit*/ 2);
7211			ctl_done((union ctl_io *)ctsio);
7212			return (CTL_RETVAL_COMPLETE);
7213		}
7214		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7215		break;
7216	case RSO_OPTIONS_OC_SA:
7217		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7218		    service_action >= 32) {
7219			ctl_set_invalid_field(/*ctsio*/ ctsio,
7220					      /*sks_valid*/ 1,
7221					      /*command*/ 1,
7222					      /*field*/ 2,
7223					      /*bit_valid*/ 1,
7224					      /*bit*/ 2);
7225			ctl_done((union ctl_io *)ctsio);
7226			return (CTL_RETVAL_COMPLETE);
7227		}
7228		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7229		break;
7230	default:
7231		ctl_set_invalid_field(/*ctsio*/ ctsio,
7232				      /*sks_valid*/ 1,
7233				      /*command*/ 1,
7234				      /*field*/ 2,
7235				      /*bit_valid*/ 1,
7236				      /*bit*/ 2);
7237		ctl_done((union ctl_io *)ctsio);
7238		return (CTL_RETVAL_COMPLETE);
7239	}
7240
7241	alloc_len = scsi_4btoul(cdb->length);
7242
7243	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7244
7245	ctsio->kern_sg_entries = 0;
7246
7247	if (total_len < alloc_len) {
7248		ctsio->residual = alloc_len - total_len;
7249		ctsio->kern_data_len = total_len;
7250		ctsio->kern_total_len = total_len;
7251	} else {
7252		ctsio->residual = 0;
7253		ctsio->kern_data_len = alloc_len;
7254		ctsio->kern_total_len = alloc_len;
7255	}
7256	ctsio->kern_data_resid = 0;
7257	ctsio->kern_rel_offset = 0;
7258
7259	switch (cdb->options & RSO_OPTIONS_MASK) {
7260	case RSO_OPTIONS_ALL:
7261		all = (struct scsi_report_supported_opcodes_all *)
7262		    ctsio->kern_data_ptr;
7263		num = 0;
7264		for (i = 0; i < 256; i++) {
7265			entry = &ctl_cmd_table[i];
7266			if (entry->flags & CTL_CMD_FLAG_SA5) {
7267				for (j = 0; j < 32; j++) {
7268					sentry = &((const struct ctl_cmd_entry *)
7269					    entry->execute)[j];
7270					if (!ctl_cmd_applicable(
7271					    lun->be_lun->lun_type, sentry))
7272						continue;
7273					descr = &all->descr[num++];
7274					descr->opcode = i;
7275					scsi_ulto2b(j, descr->service_action);
7276					descr->flags = RSO_SERVACTV;
7277					scsi_ulto2b(sentry->length,
7278					    descr->cdb_length);
7279				}
7280			} else {
7281				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7282				    entry))
7283					continue;
7284				descr = &all->descr[num++];
7285				descr->opcode = i;
7286				scsi_ulto2b(0, descr->service_action);
7287				descr->flags = 0;
7288				scsi_ulto2b(entry->length, descr->cdb_length);
7289			}
7290		}
7291		scsi_ulto4b(
7292		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7293		    all->length);
7294		break;
7295	case RSO_OPTIONS_OC:
7296		one = (struct scsi_report_supported_opcodes_one *)
7297		    ctsio->kern_data_ptr;
7298		entry = &ctl_cmd_table[opcode];
7299		goto fill_one;
7300	case RSO_OPTIONS_OC_SA:
7301		one = (struct scsi_report_supported_opcodes_one *)
7302		    ctsio->kern_data_ptr;
7303		entry = &ctl_cmd_table[opcode];
7304		entry = &((const struct ctl_cmd_entry *)
7305		    entry->execute)[service_action];
7306fill_one:
7307		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7308			one->support = 3;
7309			scsi_ulto2b(entry->length, one->cdb_length);
7310			one->cdb_usage[0] = opcode;
7311			memcpy(&one->cdb_usage[1], entry->usage,
7312			    entry->length - 1);
7313		} else
7314			one->support = 1;
7315		break;
7316	}
7317
7318	ctl_set_success(ctsio);
7319	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7320	ctsio->be_move_done = ctl_config_move_done;
7321	ctl_datamove((union ctl_io *)ctsio);
7322	return(retval);
7323}
7324
7325int
7326ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7327{
7328	struct scsi_report_supported_tmf *cdb;
7329	struct scsi_report_supported_tmf_data *data;
7330	int retval;
7331	int alloc_len, total_len;
7332
7333	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7334
7335	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7336
7337	retval = CTL_RETVAL_COMPLETE;
7338
7339	total_len = sizeof(struct scsi_report_supported_tmf_data);
7340	alloc_len = scsi_4btoul(cdb->length);
7341
7342	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7343
7344	ctsio->kern_sg_entries = 0;
7345
7346	if (total_len < alloc_len) {
7347		ctsio->residual = alloc_len - total_len;
7348		ctsio->kern_data_len = total_len;
7349		ctsio->kern_total_len = total_len;
7350	} else {
7351		ctsio->residual = 0;
7352		ctsio->kern_data_len = alloc_len;
7353		ctsio->kern_total_len = alloc_len;
7354	}
7355	ctsio->kern_data_resid = 0;
7356	ctsio->kern_rel_offset = 0;
7357
7358	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7359	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7360	data->byte2 |= RST_ITNRS;
7361
7362	ctl_set_success(ctsio);
7363	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7364	ctsio->be_move_done = ctl_config_move_done;
7365	ctl_datamove((union ctl_io *)ctsio);
7366	return (retval);
7367}
7368
7369int
7370ctl_report_timestamp(struct ctl_scsiio *ctsio)
7371{
7372	struct scsi_report_timestamp *cdb;
7373	struct scsi_report_timestamp_data *data;
7374	struct timeval tv;
7375	int64_t timestamp;
7376	int retval;
7377	int alloc_len, total_len;
7378
7379	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7380
7381	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7382
7383	retval = CTL_RETVAL_COMPLETE;
7384
7385	total_len = sizeof(struct scsi_report_timestamp_data);
7386	alloc_len = scsi_4btoul(cdb->length);
7387
7388	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7389
7390	ctsio->kern_sg_entries = 0;
7391
7392	if (total_len < alloc_len) {
7393		ctsio->residual = alloc_len - total_len;
7394		ctsio->kern_data_len = total_len;
7395		ctsio->kern_total_len = total_len;
7396	} else {
7397		ctsio->residual = 0;
7398		ctsio->kern_data_len = alloc_len;
7399		ctsio->kern_total_len = alloc_len;
7400	}
7401	ctsio->kern_data_resid = 0;
7402	ctsio->kern_rel_offset = 0;
7403
7404	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7405	scsi_ulto2b(sizeof(*data) - 2, data->length);
7406	data->origin = RTS_ORIG_OUTSIDE;
7407	getmicrotime(&tv);
7408	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7409	scsi_ulto4b(timestamp >> 16, data->timestamp);
7410	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7411
7412	ctl_set_success(ctsio);
7413	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7414	ctsio->be_move_done = ctl_config_move_done;
7415	ctl_datamove((union ctl_io *)ctsio);
7416	return (retval);
7417}
7418
7419int
7420ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7421{
7422	struct scsi_per_res_in *cdb;
7423	int alloc_len, total_len = 0;
7424	/* struct scsi_per_res_in_rsrv in_data; */
7425	struct ctl_lun *lun;
7426	struct ctl_softc *softc;
7427	uint64_t key;
7428
7429	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7430
7431	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7432
7433	alloc_len = scsi_2btoul(cdb->length);
7434
7435	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7436	softc = lun->ctl_softc;
7437
7438retry:
7439	mtx_lock(&lun->lun_lock);
7440	switch (cdb->action) {
7441	case SPRI_RK: /* read keys */
7442		total_len = sizeof(struct scsi_per_res_in_keys) +
7443			lun->pr_key_count *
7444			sizeof(struct scsi_per_res_key);
7445		break;
7446	case SPRI_RR: /* read reservation */
7447		if (lun->flags & CTL_LUN_PR_RESERVED)
7448			total_len = sizeof(struct scsi_per_res_in_rsrv);
7449		else
7450			total_len = sizeof(struct scsi_per_res_in_header);
7451		break;
7452	case SPRI_RC: /* report capabilities */
7453		total_len = sizeof(struct scsi_per_res_cap);
7454		break;
7455	case SPRI_RS: /* read full status */
7456		total_len = sizeof(struct scsi_per_res_in_header) +
7457		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7458		    lun->pr_key_count;
7459		break;
7460	default:
7461		panic("Invalid PR type %x", cdb->action);
7462	}
7463	mtx_unlock(&lun->lun_lock);
7464
7465	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7466
7467	if (total_len < alloc_len) {
7468		ctsio->residual = alloc_len - total_len;
7469		ctsio->kern_data_len = total_len;
7470		ctsio->kern_total_len = total_len;
7471	} else {
7472		ctsio->residual = 0;
7473		ctsio->kern_data_len = alloc_len;
7474		ctsio->kern_total_len = alloc_len;
7475	}
7476
7477	ctsio->kern_data_resid = 0;
7478	ctsio->kern_rel_offset = 0;
7479	ctsio->kern_sg_entries = 0;
7480
7481	mtx_lock(&lun->lun_lock);
7482	switch (cdb->action) {
7483	case SPRI_RK: { // read keys
7484        struct scsi_per_res_in_keys *res_keys;
7485		int i, key_count;
7486
7487		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7488
7489		/*
7490		 * We had to drop the lock to allocate our buffer, which
7491		 * leaves time for someone to come in with another
7492		 * persistent reservation.  (That is unlikely, though,
7493		 * since this should be the only persistent reservation
7494		 * command active right now.)
7495		 */
7496		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7497		    (lun->pr_key_count *
7498		     sizeof(struct scsi_per_res_key)))){
7499			mtx_unlock(&lun->lun_lock);
7500			free(ctsio->kern_data_ptr, M_CTL);
7501			printf("%s: reservation length changed, retrying\n",
7502			       __func__);
7503			goto retry;
7504		}
7505
7506		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7507
7508		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7509			     lun->pr_key_count, res_keys->header.length);
7510
7511		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7512			if ((key = ctl_get_prkey(lun, i)) == 0)
7513				continue;
7514
7515			/*
7516			 * We used lun->pr_key_count to calculate the
7517			 * size to allocate.  If it turns out the number of
7518			 * initiators with the registered flag set is
7519			 * larger than that (i.e. they haven't been kept in
7520			 * sync), we've got a problem.
7521			 */
7522			if (key_count >= lun->pr_key_count) {
7523#ifdef NEEDTOPORT
7524				csevent_log(CSC_CTL | CSC_SHELF_SW |
7525					    CTL_PR_ERROR,
7526					    csevent_LogType_Fault,
7527					    csevent_AlertLevel_Yellow,
7528					    csevent_FRU_ShelfController,
7529					    csevent_FRU_Firmware,
7530				        csevent_FRU_Unknown,
7531					    "registered keys %d >= key "
7532					    "count %d", key_count,
7533					    lun->pr_key_count);
7534#endif
7535				key_count++;
7536				continue;
7537			}
7538			scsi_u64to8b(key, res_keys->keys[key_count].key);
7539			key_count++;
7540		}
7541		break;
7542	}
7543	case SPRI_RR: { // read reservation
7544		struct scsi_per_res_in_rsrv *res;
7545		int tmp_len, header_only;
7546
7547		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7548
7549		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7550
7551		if (lun->flags & CTL_LUN_PR_RESERVED)
7552		{
7553			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7554			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7555				    res->header.length);
7556			header_only = 0;
7557		} else {
7558			tmp_len = sizeof(struct scsi_per_res_in_header);
7559			scsi_ulto4b(0, res->header.length);
7560			header_only = 1;
7561		}
7562
7563		/*
7564		 * We had to drop the lock to allocate our buffer, which
7565		 * leaves time for someone to come in with another
7566		 * persistent reservation.  (That is unlikely, though,
7567		 * since this should be the only persistent reservation
7568		 * command active right now.)
7569		 */
7570		if (tmp_len != total_len) {
7571			mtx_unlock(&lun->lun_lock);
7572			free(ctsio->kern_data_ptr, M_CTL);
7573			printf("%s: reservation status changed, retrying\n",
7574			       __func__);
7575			goto retry;
7576		}
7577
7578		/*
7579		 * No reservation held, so we're done.
7580		 */
7581		if (header_only != 0)
7582			break;
7583
7584		/*
7585		 * If the registration is an All Registrants type, the key
7586		 * is 0, since it doesn't really matter.
7587		 */
7588		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7589			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7590			    res->data.reservation);
7591		}
7592		res->data.scopetype = lun->res_type;
7593		break;
7594	}
7595	case SPRI_RC:     //report capabilities
7596	{
7597		struct scsi_per_res_cap *res_cap;
7598		uint16_t type_mask;
7599
7600		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7601		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7602		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7603		type_mask = SPRI_TM_WR_EX_AR |
7604			    SPRI_TM_EX_AC_RO |
7605			    SPRI_TM_WR_EX_RO |
7606			    SPRI_TM_EX_AC |
7607			    SPRI_TM_WR_EX |
7608			    SPRI_TM_EX_AC_AR;
7609		scsi_ulto2b(type_mask, res_cap->type_mask);
7610		break;
7611	}
7612	case SPRI_RS: { // read full status
7613		struct scsi_per_res_in_full *res_status;
7614		struct scsi_per_res_in_full_desc *res_desc;
7615		struct ctl_port *port;
7616		int i, len;
7617
7618		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7619
7620		/*
7621		 * We had to drop the lock to allocate our buffer, which
7622		 * leaves time for someone to come in with another
7623		 * persistent reservation.  (That is unlikely, though,
7624		 * since this should be the only persistent reservation
7625		 * command active right now.)
7626		 */
7627		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7628		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7629		     lun->pr_key_count)){
7630			mtx_unlock(&lun->lun_lock);
7631			free(ctsio->kern_data_ptr, M_CTL);
7632			printf("%s: reservation length changed, retrying\n",
7633			       __func__);
7634			goto retry;
7635		}
7636
7637		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7638
7639		res_desc = &res_status->desc[0];
7640		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7641			if ((key = ctl_get_prkey(lun, i)) == 0)
7642				continue;
7643
7644			scsi_u64to8b(key, res_desc->res_key.key);
7645			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7646			    (lun->pr_res_idx == i ||
7647			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7648				res_desc->flags = SPRI_FULL_R_HOLDER;
7649				res_desc->scopetype = lun->res_type;
7650			}
7651			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7652			    res_desc->rel_trgt_port_id);
7653			len = 0;
7654			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7655			if (port != NULL)
7656				len = ctl_create_iid(port,
7657				    i % CTL_MAX_INIT_PER_PORT,
7658				    res_desc->transport_id);
7659			scsi_ulto4b(len, res_desc->additional_length);
7660			res_desc = (struct scsi_per_res_in_full_desc *)
7661			    &res_desc->transport_id[len];
7662		}
7663		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7664		    res_status->header.length);
7665		break;
7666	}
7667	default:
7668		/*
7669		 * This is a bug, because we just checked for this above,
7670		 * and should have returned an error.
7671		 */
7672		panic("Invalid PR type %x", cdb->action);
7673		break; /* NOTREACHED */
7674	}
7675	mtx_unlock(&lun->lun_lock);
7676
7677	ctl_set_success(ctsio);
7678	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7679	ctsio->be_move_done = ctl_config_move_done;
7680	ctl_datamove((union ctl_io *)ctsio);
7681	return (CTL_RETVAL_COMPLETE);
7682}
7683
7684/*
7685 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7686 * it should return.
7687 */
7688static int
7689ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7690		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7691		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7692		struct scsi_per_res_out_parms* param)
7693{
7694	union ctl_ha_msg persis_io;
7695	int i;
7696
7697	mtx_lock(&lun->lun_lock);
7698	if (sa_res_key == 0) {
7699		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7700			/* validate scope and type */
7701			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7702			     SPR_LU_SCOPE) {
7703				mtx_unlock(&lun->lun_lock);
7704				ctl_set_invalid_field(/*ctsio*/ ctsio,
7705						      /*sks_valid*/ 1,
7706						      /*command*/ 1,
7707						      /*field*/ 2,
7708						      /*bit_valid*/ 1,
7709						      /*bit*/ 4);
7710				ctl_done((union ctl_io *)ctsio);
7711				return (1);
7712			}
7713
7714		        if (type>8 || type==2 || type==4 || type==0) {
7715				mtx_unlock(&lun->lun_lock);
7716				ctl_set_invalid_field(/*ctsio*/ ctsio,
7717       	           				      /*sks_valid*/ 1,
7718						      /*command*/ 1,
7719						      /*field*/ 2,
7720						      /*bit_valid*/ 1,
7721						      /*bit*/ 0);
7722				ctl_done((union ctl_io *)ctsio);
7723				return (1);
7724		        }
7725
7726			/*
7727			 * Unregister everybody else and build UA for
7728			 * them
7729			 */
7730			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7731				if (i == residx || ctl_get_prkey(lun, i) == 0)
7732					continue;
7733
7734				ctl_clr_prkey(lun, i);
7735				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7736			}
7737			lun->pr_key_count = 1;
7738			lun->res_type = type;
7739			if (lun->res_type != SPR_TYPE_WR_EX_AR
7740			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7741				lun->pr_res_idx = residx;
7742			lun->PRGeneration++;
7743			mtx_unlock(&lun->lun_lock);
7744
7745			/* send msg to other side */
7746			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7747			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7748			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7749			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7750			persis_io.pr.pr_info.res_type = type;
7751			memcpy(persis_io.pr.pr_info.sa_res_key,
7752			       param->serv_act_res_key,
7753			       sizeof(param->serv_act_res_key));
7754			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7755			    sizeof(persis_io.pr), M_WAITOK);
7756		} else {
7757			/* not all registrants */
7758			mtx_unlock(&lun->lun_lock);
7759			free(ctsio->kern_data_ptr, M_CTL);
7760			ctl_set_invalid_field(ctsio,
7761					      /*sks_valid*/ 1,
7762					      /*command*/ 0,
7763					      /*field*/ 8,
7764					      /*bit_valid*/ 0,
7765					      /*bit*/ 0);
7766			ctl_done((union ctl_io *)ctsio);
7767			return (1);
7768		}
7769	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7770		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7771		int found = 0;
7772
7773		if (res_key == sa_res_key) {
7774			/* special case */
7775			/*
7776			 * The spec implies this is not good but doesn't
7777			 * say what to do. There are two choices either
7778			 * generate a res conflict or check condition
7779			 * with illegal field in parameter data. Since
7780			 * that is what is done when the sa_res_key is
7781			 * zero I'll take that approach since this has
7782			 * to do with the sa_res_key.
7783			 */
7784			mtx_unlock(&lun->lun_lock);
7785			free(ctsio->kern_data_ptr, M_CTL);
7786			ctl_set_invalid_field(ctsio,
7787					      /*sks_valid*/ 1,
7788					      /*command*/ 0,
7789					      /*field*/ 8,
7790					      /*bit_valid*/ 0,
7791					      /*bit*/ 0);
7792			ctl_done((union ctl_io *)ctsio);
7793			return (1);
7794		}
7795
7796		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7797			if (ctl_get_prkey(lun, i) != sa_res_key)
7798				continue;
7799
7800			found = 1;
7801			ctl_clr_prkey(lun, i);
7802			lun->pr_key_count--;
7803			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7804		}
7805		if (!found) {
7806			mtx_unlock(&lun->lun_lock);
7807			free(ctsio->kern_data_ptr, M_CTL);
7808			ctl_set_reservation_conflict(ctsio);
7809			ctl_done((union ctl_io *)ctsio);
7810			return (CTL_RETVAL_COMPLETE);
7811		}
7812		lun->PRGeneration++;
7813		mtx_unlock(&lun->lun_lock);
7814
7815		/* send msg to other side */
7816		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7817		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7818		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7819		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7820		persis_io.pr.pr_info.res_type = type;
7821		memcpy(persis_io.pr.pr_info.sa_res_key,
7822		       param->serv_act_res_key,
7823		       sizeof(param->serv_act_res_key));
7824		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7825		    sizeof(persis_io.pr), M_WAITOK);
7826	} else {
7827		/* Reserved but not all registrants */
7828		/* sa_res_key is res holder */
7829		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7830			/* validate scope and type */
7831			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7832			     SPR_LU_SCOPE) {
7833				mtx_unlock(&lun->lun_lock);
7834				ctl_set_invalid_field(/*ctsio*/ ctsio,
7835						      /*sks_valid*/ 1,
7836						      /*command*/ 1,
7837						      /*field*/ 2,
7838						      /*bit_valid*/ 1,
7839						      /*bit*/ 4);
7840				ctl_done((union ctl_io *)ctsio);
7841				return (1);
7842			}
7843
7844			if (type>8 || type==2 || type==4 || type==0) {
7845				mtx_unlock(&lun->lun_lock);
7846				ctl_set_invalid_field(/*ctsio*/ ctsio,
7847						      /*sks_valid*/ 1,
7848						      /*command*/ 1,
7849						      /*field*/ 2,
7850						      /*bit_valid*/ 1,
7851						      /*bit*/ 0);
7852				ctl_done((union ctl_io *)ctsio);
7853				return (1);
7854			}
7855
7856			/*
7857			 * Do the following:
7858			 * if sa_res_key != res_key remove all
7859			 * registrants w/sa_res_key and generate UA
7860			 * for these registrants(Registrations
7861			 * Preempted) if it wasn't an exclusive
7862			 * reservation generate UA(Reservations
7863			 * Preempted) for all other registered nexuses
7864			 * if the type has changed. Establish the new
7865			 * reservation and holder. If res_key and
7866			 * sa_res_key are the same do the above
7867			 * except don't unregister the res holder.
7868			 */
7869
7870			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7871				if (i == residx || ctl_get_prkey(lun, i) == 0)
7872					continue;
7873
7874				if (sa_res_key == ctl_get_prkey(lun, i)) {
7875					ctl_clr_prkey(lun, i);
7876					lun->pr_key_count--;
7877					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7878				} else if (type != lun->res_type
7879					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7880					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7881					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7882				}
7883			}
7884			lun->res_type = type;
7885			if (lun->res_type != SPR_TYPE_WR_EX_AR
7886			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7887				lun->pr_res_idx = residx;
7888			else
7889				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7890			lun->PRGeneration++;
7891			mtx_unlock(&lun->lun_lock);
7892
7893			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7894			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7895			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7896			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7897			persis_io.pr.pr_info.res_type = type;
7898			memcpy(persis_io.pr.pr_info.sa_res_key,
7899			       param->serv_act_res_key,
7900			       sizeof(param->serv_act_res_key));
7901			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7902			    sizeof(persis_io.pr), M_WAITOK);
7903		} else {
7904			/*
7905			 * sa_res_key is not the res holder just
7906			 * remove registrants
7907			 */
7908			int found=0;
7909
7910			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7911				if (sa_res_key != ctl_get_prkey(lun, i))
7912					continue;
7913
7914				found = 1;
7915				ctl_clr_prkey(lun, i);
7916				lun->pr_key_count--;
7917				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7918			}
7919
7920			if (!found) {
7921				mtx_unlock(&lun->lun_lock);
7922				free(ctsio->kern_data_ptr, M_CTL);
7923				ctl_set_reservation_conflict(ctsio);
7924				ctl_done((union ctl_io *)ctsio);
7925		        	return (1);
7926			}
7927			lun->PRGeneration++;
7928			mtx_unlock(&lun->lun_lock);
7929
7930			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7931			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7932			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7933			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7934			persis_io.pr.pr_info.res_type = type;
7935			memcpy(persis_io.pr.pr_info.sa_res_key,
7936			       param->serv_act_res_key,
7937			       sizeof(param->serv_act_res_key));
7938			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7939			    sizeof(persis_io.pr), M_WAITOK);
7940		}
7941	}
7942	return (0);
7943}
7944
7945static void
7946ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7947{
7948	uint64_t sa_res_key;
7949	int i;
7950
7951	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7952
7953	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7954	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7955	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7956		if (sa_res_key == 0) {
7957			/*
7958			 * Unregister everybody else and build UA for
7959			 * them
7960			 */
7961			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7962				if (i == msg->pr.pr_info.residx ||
7963				    ctl_get_prkey(lun, i) == 0)
7964					continue;
7965
7966				ctl_clr_prkey(lun, i);
7967				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7968			}
7969
7970			lun->pr_key_count = 1;
7971			lun->res_type = msg->pr.pr_info.res_type;
7972			if (lun->res_type != SPR_TYPE_WR_EX_AR
7973			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7974				lun->pr_res_idx = msg->pr.pr_info.residx;
7975		} else {
7976		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7977				if (sa_res_key == ctl_get_prkey(lun, i))
7978					continue;
7979
7980				ctl_clr_prkey(lun, i);
7981				lun->pr_key_count--;
7982				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7983			}
7984		}
7985	} else {
7986		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7987			if (i == msg->pr.pr_info.residx ||
7988			    ctl_get_prkey(lun, i) == 0)
7989				continue;
7990
7991			if (sa_res_key == ctl_get_prkey(lun, i)) {
7992				ctl_clr_prkey(lun, i);
7993				lun->pr_key_count--;
7994				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7995			} else if (msg->pr.pr_info.res_type != lun->res_type
7996				&& (lun->res_type == SPR_TYPE_WR_EX_RO
7997				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
7998				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7999			}
8000		}
8001		lun->res_type = msg->pr.pr_info.res_type;
8002		if (lun->res_type != SPR_TYPE_WR_EX_AR
8003		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8004			lun->pr_res_idx = msg->pr.pr_info.residx;
8005		else
8006			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8007	}
8008	lun->PRGeneration++;
8009
8010}
8011
8012
8013int
8014ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8015{
8016	int retval;
8017	u_int32_t param_len;
8018	struct scsi_per_res_out *cdb;
8019	struct ctl_lun *lun;
8020	struct scsi_per_res_out_parms* param;
8021	struct ctl_softc *softc;
8022	uint32_t residx;
8023	uint64_t res_key, sa_res_key, key;
8024	uint8_t type;
8025	union ctl_ha_msg persis_io;
8026	int    i;
8027
8028	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8029
8030	retval = CTL_RETVAL_COMPLETE;
8031
8032	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8033	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8034	softc = lun->ctl_softc;
8035
8036	/*
8037	 * We only support whole-LUN scope.  The scope & type are ignored for
8038	 * register, register and ignore existing key and clear.
8039	 * We sometimes ignore scope and type on preempts too!!
8040	 * Verify reservation type here as well.
8041	 */
8042	type = cdb->scope_type & SPR_TYPE_MASK;
8043	if ((cdb->action == SPRO_RESERVE)
8044	 || (cdb->action == SPRO_RELEASE)) {
8045		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8046			ctl_set_invalid_field(/*ctsio*/ ctsio,
8047					      /*sks_valid*/ 1,
8048					      /*command*/ 1,
8049					      /*field*/ 2,
8050					      /*bit_valid*/ 1,
8051					      /*bit*/ 4);
8052			ctl_done((union ctl_io *)ctsio);
8053			return (CTL_RETVAL_COMPLETE);
8054		}
8055
8056		if (type>8 || type==2 || type==4 || type==0) {
8057			ctl_set_invalid_field(/*ctsio*/ ctsio,
8058					      /*sks_valid*/ 1,
8059					      /*command*/ 1,
8060					      /*field*/ 2,
8061					      /*bit_valid*/ 1,
8062					      /*bit*/ 0);
8063			ctl_done((union ctl_io *)ctsio);
8064			return (CTL_RETVAL_COMPLETE);
8065		}
8066	}
8067
8068	param_len = scsi_4btoul(cdb->length);
8069
8070	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8071		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8072		ctsio->kern_data_len = param_len;
8073		ctsio->kern_total_len = param_len;
8074		ctsio->kern_data_resid = 0;
8075		ctsio->kern_rel_offset = 0;
8076		ctsio->kern_sg_entries = 0;
8077		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8078		ctsio->be_move_done = ctl_config_move_done;
8079		ctl_datamove((union ctl_io *)ctsio);
8080
8081		return (CTL_RETVAL_COMPLETE);
8082	}
8083
8084	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8085
8086	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8087	res_key = scsi_8btou64(param->res_key.key);
8088	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8089
8090	/*
8091	 * Validate the reservation key here except for SPRO_REG_IGNO
8092	 * This must be done for all other service actions
8093	 */
8094	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8095		mtx_lock(&lun->lun_lock);
8096		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8097			if (res_key != key) {
8098				/*
8099				 * The current key passed in doesn't match
8100				 * the one the initiator previously
8101				 * registered.
8102				 */
8103				mtx_unlock(&lun->lun_lock);
8104				free(ctsio->kern_data_ptr, M_CTL);
8105				ctl_set_reservation_conflict(ctsio);
8106				ctl_done((union ctl_io *)ctsio);
8107				return (CTL_RETVAL_COMPLETE);
8108			}
8109		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8110			/*
8111			 * We are not registered
8112			 */
8113			mtx_unlock(&lun->lun_lock);
8114			free(ctsio->kern_data_ptr, M_CTL);
8115			ctl_set_reservation_conflict(ctsio);
8116			ctl_done((union ctl_io *)ctsio);
8117			return (CTL_RETVAL_COMPLETE);
8118		} else if (res_key != 0) {
8119			/*
8120			 * We are not registered and trying to register but
8121			 * the register key isn't zero.
8122			 */
8123			mtx_unlock(&lun->lun_lock);
8124			free(ctsio->kern_data_ptr, M_CTL);
8125			ctl_set_reservation_conflict(ctsio);
8126			ctl_done((union ctl_io *)ctsio);
8127			return (CTL_RETVAL_COMPLETE);
8128		}
8129		mtx_unlock(&lun->lun_lock);
8130	}
8131
8132	switch (cdb->action & SPRO_ACTION_MASK) {
8133	case SPRO_REGISTER:
8134	case SPRO_REG_IGNO: {
8135
8136#if 0
8137		printf("Registration received\n");
8138#endif
8139
8140		/*
8141		 * We don't support any of these options, as we report in
8142		 * the read capabilities request (see
8143		 * ctl_persistent_reserve_in(), above).
8144		 */
8145		if ((param->flags & SPR_SPEC_I_PT)
8146		 || (param->flags & SPR_ALL_TG_PT)
8147		 || (param->flags & SPR_APTPL)) {
8148			int bit_ptr;
8149
8150			if (param->flags & SPR_APTPL)
8151				bit_ptr = 0;
8152			else if (param->flags & SPR_ALL_TG_PT)
8153				bit_ptr = 2;
8154			else /* SPR_SPEC_I_PT */
8155				bit_ptr = 3;
8156
8157			free(ctsio->kern_data_ptr, M_CTL);
8158			ctl_set_invalid_field(ctsio,
8159					      /*sks_valid*/ 1,
8160					      /*command*/ 0,
8161					      /*field*/ 20,
8162					      /*bit_valid*/ 1,
8163					      /*bit*/ bit_ptr);
8164			ctl_done((union ctl_io *)ctsio);
8165			return (CTL_RETVAL_COMPLETE);
8166		}
8167
8168		mtx_lock(&lun->lun_lock);
8169
8170		/*
8171		 * The initiator wants to clear the
8172		 * key/unregister.
8173		 */
8174		if (sa_res_key == 0) {
8175			if ((res_key == 0
8176			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8177			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8178			  && ctl_get_prkey(lun, residx) == 0)) {
8179				mtx_unlock(&lun->lun_lock);
8180				goto done;
8181			}
8182
8183			ctl_clr_prkey(lun, residx);
8184			lun->pr_key_count--;
8185
8186			if (residx == lun->pr_res_idx) {
8187				lun->flags &= ~CTL_LUN_PR_RESERVED;
8188				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8189
8190				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8191				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8192				 && lun->pr_key_count) {
8193					/*
8194					 * If the reservation is a registrants
8195					 * only type we need to generate a UA
8196					 * for other registered inits.  The
8197					 * sense code should be RESERVATIONS
8198					 * RELEASED
8199					 */
8200
8201					for (i = softc->init_min; i < softc->init_max; i++){
8202						if (ctl_get_prkey(lun, i) == 0)
8203							continue;
8204						ctl_est_ua(lun, i,
8205						    CTL_UA_RES_RELEASE);
8206					}
8207				}
8208				lun->res_type = 0;
8209			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8210				if (lun->pr_key_count==0) {
8211					lun->flags &= ~CTL_LUN_PR_RESERVED;
8212					lun->res_type = 0;
8213					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8214				}
8215			}
8216			lun->PRGeneration++;
8217			mtx_unlock(&lun->lun_lock);
8218
8219			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8220			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8221			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8222			persis_io.pr.pr_info.residx = residx;
8223			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8224			    sizeof(persis_io.pr), M_WAITOK);
8225		} else /* sa_res_key != 0 */ {
8226
8227			/*
8228			 * If we aren't registered currently then increment
8229			 * the key count and set the registered flag.
8230			 */
8231			ctl_alloc_prkey(lun, residx);
8232			if (ctl_get_prkey(lun, residx) == 0)
8233				lun->pr_key_count++;
8234			ctl_set_prkey(lun, residx, sa_res_key);
8235			lun->PRGeneration++;
8236			mtx_unlock(&lun->lun_lock);
8237
8238			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8239			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8240			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8241			persis_io.pr.pr_info.residx = residx;
8242			memcpy(persis_io.pr.pr_info.sa_res_key,
8243			       param->serv_act_res_key,
8244			       sizeof(param->serv_act_res_key));
8245			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8246			    sizeof(persis_io.pr), M_WAITOK);
8247		}
8248
8249		break;
8250	}
8251	case SPRO_RESERVE:
8252#if 0
8253                printf("Reserve executed type %d\n", type);
8254#endif
8255		mtx_lock(&lun->lun_lock);
8256		if (lun->flags & CTL_LUN_PR_RESERVED) {
8257			/*
8258			 * if this isn't the reservation holder and it's
8259			 * not a "all registrants" type or if the type is
8260			 * different then we have a conflict
8261			 */
8262			if ((lun->pr_res_idx != residx
8263			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8264			 || lun->res_type != type) {
8265				mtx_unlock(&lun->lun_lock);
8266				free(ctsio->kern_data_ptr, M_CTL);
8267				ctl_set_reservation_conflict(ctsio);
8268				ctl_done((union ctl_io *)ctsio);
8269				return (CTL_RETVAL_COMPLETE);
8270			}
8271			mtx_unlock(&lun->lun_lock);
8272		} else /* create a reservation */ {
8273			/*
8274			 * If it's not an "all registrants" type record
8275			 * reservation holder
8276			 */
8277			if (type != SPR_TYPE_WR_EX_AR
8278			 && type != SPR_TYPE_EX_AC_AR)
8279				lun->pr_res_idx = residx; /* Res holder */
8280			else
8281				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8282
8283			lun->flags |= CTL_LUN_PR_RESERVED;
8284			lun->res_type = type;
8285
8286			mtx_unlock(&lun->lun_lock);
8287
8288			/* send msg to other side */
8289			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8290			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8291			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8292			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8293			persis_io.pr.pr_info.res_type = type;
8294			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8295			    sizeof(persis_io.pr), M_WAITOK);
8296		}
8297		break;
8298
8299	case SPRO_RELEASE:
8300		mtx_lock(&lun->lun_lock);
8301		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8302			/* No reservation exists return good status */
8303			mtx_unlock(&lun->lun_lock);
8304			goto done;
8305		}
8306		/*
8307		 * Is this nexus a reservation holder?
8308		 */
8309		if (lun->pr_res_idx != residx
8310		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8311			/*
8312			 * not a res holder return good status but
8313			 * do nothing
8314			 */
8315			mtx_unlock(&lun->lun_lock);
8316			goto done;
8317		}
8318
8319		if (lun->res_type != type) {
8320			mtx_unlock(&lun->lun_lock);
8321			free(ctsio->kern_data_ptr, M_CTL);
8322			ctl_set_illegal_pr_release(ctsio);
8323			ctl_done((union ctl_io *)ctsio);
8324			return (CTL_RETVAL_COMPLETE);
8325		}
8326
8327		/* okay to release */
8328		lun->flags &= ~CTL_LUN_PR_RESERVED;
8329		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8330		lun->res_type = 0;
8331
8332		/*
8333		 * if this isn't an exclusive access
8334		 * res generate UA for all other
8335		 * registrants.
8336		 */
8337		if (type != SPR_TYPE_EX_AC
8338		 && type != SPR_TYPE_WR_EX) {
8339			for (i = softc->init_min; i < softc->init_max; i++) {
8340				if (i == residx || ctl_get_prkey(lun, i) == 0)
8341					continue;
8342				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8343			}
8344		}
8345		mtx_unlock(&lun->lun_lock);
8346
8347		/* Send msg to other side */
8348		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8349		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8350		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8351		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8352		     sizeof(persis_io.pr), M_WAITOK);
8353		break;
8354
8355	case SPRO_CLEAR:
8356		/* send msg to other side */
8357
8358		mtx_lock(&lun->lun_lock);
8359		lun->flags &= ~CTL_LUN_PR_RESERVED;
8360		lun->res_type = 0;
8361		lun->pr_key_count = 0;
8362		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8363
8364		ctl_clr_prkey(lun, residx);
8365		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8366			if (ctl_get_prkey(lun, i) != 0) {
8367				ctl_clr_prkey(lun, i);
8368				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8369			}
8370		lun->PRGeneration++;
8371		mtx_unlock(&lun->lun_lock);
8372
8373		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8374		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8375		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8376		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8377		     sizeof(persis_io.pr), M_WAITOK);
8378		break;
8379
8380	case SPRO_PREEMPT:
8381	case SPRO_PRE_ABO: {
8382		int nretval;
8383
8384		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8385					  residx, ctsio, cdb, param);
8386		if (nretval != 0)
8387			return (CTL_RETVAL_COMPLETE);
8388		break;
8389	}
8390	default:
8391		panic("Invalid PR type %x", cdb->action);
8392	}
8393
8394done:
8395	free(ctsio->kern_data_ptr, M_CTL);
8396	ctl_set_success(ctsio);
8397	ctl_done((union ctl_io *)ctsio);
8398
8399	return (retval);
8400}
8401
8402/*
8403 * This routine is for handling a message from the other SC pertaining to
8404 * persistent reserve out. All the error checking will have been done
8405 * so only perorming the action need be done here to keep the two
8406 * in sync.
8407 */
8408static void
8409ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8410{
8411	struct ctl_lun *lun;
8412	struct ctl_softc *softc;
8413	int i;
8414	uint32_t residx, targ_lun;
8415
8416	softc = control_softc;
8417	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8418	mtx_lock(&softc->ctl_lock);
8419	if ((targ_lun >= CTL_MAX_LUNS) ||
8420	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8421		mtx_unlock(&softc->ctl_lock);
8422		return;
8423	}
8424	mtx_lock(&lun->lun_lock);
8425	mtx_unlock(&softc->ctl_lock);
8426	if (lun->flags & CTL_LUN_DISABLED) {
8427		mtx_unlock(&lun->lun_lock);
8428		return;
8429	}
8430	residx = ctl_get_initindex(&msg->hdr.nexus);
8431	switch(msg->pr.pr_info.action) {
8432	case CTL_PR_REG_KEY:
8433		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8434		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8435			lun->pr_key_count++;
8436		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8437		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8438		lun->PRGeneration++;
8439		break;
8440
8441	case CTL_PR_UNREG_KEY:
8442		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8443		lun->pr_key_count--;
8444
8445		/* XXX Need to see if the reservation has been released */
8446		/* if so do we need to generate UA? */
8447		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8448			lun->flags &= ~CTL_LUN_PR_RESERVED;
8449			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8450
8451			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8452			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8453			 && lun->pr_key_count) {
8454				/*
8455				 * If the reservation is a registrants
8456				 * only type we need to generate a UA
8457				 * for other registered inits.  The
8458				 * sense code should be RESERVATIONS
8459				 * RELEASED
8460				 */
8461
8462				for (i = softc->init_min; i < softc->init_max; i++) {
8463					if (ctl_get_prkey(lun, i) == 0)
8464						continue;
8465
8466					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8467				}
8468			}
8469			lun->res_type = 0;
8470		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8471			if (lun->pr_key_count==0) {
8472				lun->flags &= ~CTL_LUN_PR_RESERVED;
8473				lun->res_type = 0;
8474				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8475			}
8476		}
8477		lun->PRGeneration++;
8478		break;
8479
8480	case CTL_PR_RESERVE:
8481		lun->flags |= CTL_LUN_PR_RESERVED;
8482		lun->res_type = msg->pr.pr_info.res_type;
8483		lun->pr_res_idx = msg->pr.pr_info.residx;
8484
8485		break;
8486
8487	case CTL_PR_RELEASE:
8488		/*
8489		 * if this isn't an exclusive access res generate UA for all
8490		 * other registrants.
8491		 */
8492		if (lun->res_type != SPR_TYPE_EX_AC
8493		 && lun->res_type != SPR_TYPE_WR_EX) {
8494			for (i = softc->init_min; i < softc->init_max; i++)
8495				if (i == residx || ctl_get_prkey(lun, i) == 0)
8496					continue;
8497				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8498		}
8499
8500		lun->flags &= ~CTL_LUN_PR_RESERVED;
8501		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8502		lun->res_type = 0;
8503		break;
8504
8505	case CTL_PR_PREEMPT:
8506		ctl_pro_preempt_other(lun, msg);
8507		break;
8508	case CTL_PR_CLEAR:
8509		lun->flags &= ~CTL_LUN_PR_RESERVED;
8510		lun->res_type = 0;
8511		lun->pr_key_count = 0;
8512		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8513
8514		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8515			if (ctl_get_prkey(lun, i) == 0)
8516				continue;
8517			ctl_clr_prkey(lun, i);
8518			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8519		}
8520		lun->PRGeneration++;
8521		break;
8522	}
8523
8524	mtx_unlock(&lun->lun_lock);
8525}
8526
8527int
8528ctl_read_write(struct ctl_scsiio *ctsio)
8529{
8530	struct ctl_lun *lun;
8531	struct ctl_lba_len_flags *lbalen;
8532	uint64_t lba;
8533	uint32_t num_blocks;
8534	int flags, retval;
8535	int isread;
8536
8537	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8538
8539	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8540
8541	flags = 0;
8542	retval = CTL_RETVAL_COMPLETE;
8543
8544	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8545	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8546	switch (ctsio->cdb[0]) {
8547	case READ_6:
8548	case WRITE_6: {
8549		struct scsi_rw_6 *cdb;
8550
8551		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8552
8553		lba = scsi_3btoul(cdb->addr);
8554		/* only 5 bits are valid in the most significant address byte */
8555		lba &= 0x1fffff;
8556		num_blocks = cdb->length;
8557		/*
8558		 * This is correct according to SBC-2.
8559		 */
8560		if (num_blocks == 0)
8561			num_blocks = 256;
8562		break;
8563	}
8564	case READ_10:
8565	case WRITE_10: {
8566		struct scsi_rw_10 *cdb;
8567
8568		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8569		if (cdb->byte2 & SRW10_FUA)
8570			flags |= CTL_LLF_FUA;
8571		if (cdb->byte2 & SRW10_DPO)
8572			flags |= CTL_LLF_DPO;
8573		lba = scsi_4btoul(cdb->addr);
8574		num_blocks = scsi_2btoul(cdb->length);
8575		break;
8576	}
8577	case WRITE_VERIFY_10: {
8578		struct scsi_write_verify_10 *cdb;
8579
8580		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8581		flags |= CTL_LLF_FUA;
8582		if (cdb->byte2 & SWV_DPO)
8583			flags |= CTL_LLF_DPO;
8584		lba = scsi_4btoul(cdb->addr);
8585		num_blocks = scsi_2btoul(cdb->length);
8586		break;
8587	}
8588	case READ_12:
8589	case WRITE_12: {
8590		struct scsi_rw_12 *cdb;
8591
8592		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8593		if (cdb->byte2 & SRW12_FUA)
8594			flags |= CTL_LLF_FUA;
8595		if (cdb->byte2 & SRW12_DPO)
8596			flags |= CTL_LLF_DPO;
8597		lba = scsi_4btoul(cdb->addr);
8598		num_blocks = scsi_4btoul(cdb->length);
8599		break;
8600	}
8601	case WRITE_VERIFY_12: {
8602		struct scsi_write_verify_12 *cdb;
8603
8604		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8605		flags |= CTL_LLF_FUA;
8606		if (cdb->byte2 & SWV_DPO)
8607			flags |= CTL_LLF_DPO;
8608		lba = scsi_4btoul(cdb->addr);
8609		num_blocks = scsi_4btoul(cdb->length);
8610		break;
8611	}
8612	case READ_16:
8613	case WRITE_16: {
8614		struct scsi_rw_16 *cdb;
8615
8616		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8617		if (cdb->byte2 & SRW12_FUA)
8618			flags |= CTL_LLF_FUA;
8619		if (cdb->byte2 & SRW12_DPO)
8620			flags |= CTL_LLF_DPO;
8621		lba = scsi_8btou64(cdb->addr);
8622		num_blocks = scsi_4btoul(cdb->length);
8623		break;
8624	}
8625	case WRITE_ATOMIC_16: {
8626		struct scsi_rw_16 *cdb;
8627
8628		if (lun->be_lun->atomicblock == 0) {
8629			ctl_set_invalid_opcode(ctsio);
8630			ctl_done((union ctl_io *)ctsio);
8631			return (CTL_RETVAL_COMPLETE);
8632		}
8633
8634		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8635		if (cdb->byte2 & SRW12_FUA)
8636			flags |= CTL_LLF_FUA;
8637		if (cdb->byte2 & SRW12_DPO)
8638			flags |= CTL_LLF_DPO;
8639		lba = scsi_8btou64(cdb->addr);
8640		num_blocks = scsi_4btoul(cdb->length);
8641		if (num_blocks > lun->be_lun->atomicblock) {
8642			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8643			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8644			    /*bit*/ 0);
8645			ctl_done((union ctl_io *)ctsio);
8646			return (CTL_RETVAL_COMPLETE);
8647		}
8648		break;
8649	}
8650	case WRITE_VERIFY_16: {
8651		struct scsi_write_verify_16 *cdb;
8652
8653		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8654		flags |= CTL_LLF_FUA;
8655		if (cdb->byte2 & SWV_DPO)
8656			flags |= CTL_LLF_DPO;
8657		lba = scsi_8btou64(cdb->addr);
8658		num_blocks = scsi_4btoul(cdb->length);
8659		break;
8660	}
8661	default:
8662		/*
8663		 * We got a command we don't support.  This shouldn't
8664		 * happen, commands should be filtered out above us.
8665		 */
8666		ctl_set_invalid_opcode(ctsio);
8667		ctl_done((union ctl_io *)ctsio);
8668
8669		return (CTL_RETVAL_COMPLETE);
8670		break; /* NOTREACHED */
8671	}
8672
8673	/*
8674	 * The first check is to make sure we're in bounds, the second
8675	 * check is to catch wrap-around problems.  If the lba + num blocks
8676	 * is less than the lba, then we've wrapped around and the block
8677	 * range is invalid anyway.
8678	 */
8679	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8680	 || ((lba + num_blocks) < lba)) {
8681		ctl_set_lba_out_of_range(ctsio);
8682		ctl_done((union ctl_io *)ctsio);
8683		return (CTL_RETVAL_COMPLETE);
8684	}
8685
8686	/*
8687	 * According to SBC-3, a transfer length of 0 is not an error.
8688	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8689	 * translates to 256 blocks for those commands.
8690	 */
8691	if (num_blocks == 0) {
8692		ctl_set_success(ctsio);
8693		ctl_done((union ctl_io *)ctsio);
8694		return (CTL_RETVAL_COMPLETE);
8695	}
8696
8697	/* Set FUA and/or DPO if caches are disabled. */
8698	if (isread) {
8699		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8700		    SCP_RCD) != 0)
8701			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8702	} else {
8703		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8704		    SCP_WCE) == 0)
8705			flags |= CTL_LLF_FUA;
8706	}
8707
8708	lbalen = (struct ctl_lba_len_flags *)
8709	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8710	lbalen->lba = lba;
8711	lbalen->len = num_blocks;
8712	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8713
8714	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8715	ctsio->kern_rel_offset = 0;
8716
8717	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8718
8719	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8720
8721	return (retval);
8722}
8723
8724static int
8725ctl_cnw_cont(union ctl_io *io)
8726{
8727	struct ctl_scsiio *ctsio;
8728	struct ctl_lun *lun;
8729	struct ctl_lba_len_flags *lbalen;
8730	int retval;
8731
8732	ctsio = &io->scsiio;
8733	ctsio->io_hdr.status = CTL_STATUS_NONE;
8734	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8735	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8736	lbalen = (struct ctl_lba_len_flags *)
8737	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8738	lbalen->flags &= ~CTL_LLF_COMPARE;
8739	lbalen->flags |= CTL_LLF_WRITE;
8740
8741	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8742	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8743	return (retval);
8744}
8745
8746int
8747ctl_cnw(struct ctl_scsiio *ctsio)
8748{
8749	struct ctl_lun *lun;
8750	struct ctl_lba_len_flags *lbalen;
8751	uint64_t lba;
8752	uint32_t num_blocks;
8753	int flags, retval;
8754
8755	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8756
8757	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8758
8759	flags = 0;
8760	retval = CTL_RETVAL_COMPLETE;
8761
8762	switch (ctsio->cdb[0]) {
8763	case COMPARE_AND_WRITE: {
8764		struct scsi_compare_and_write *cdb;
8765
8766		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8767		if (cdb->byte2 & SRW10_FUA)
8768			flags |= CTL_LLF_FUA;
8769		if (cdb->byte2 & SRW10_DPO)
8770			flags |= CTL_LLF_DPO;
8771		lba = scsi_8btou64(cdb->addr);
8772		num_blocks = cdb->length;
8773		break;
8774	}
8775	default:
8776		/*
8777		 * We got a command we don't support.  This shouldn't
8778		 * happen, commands should be filtered out above us.
8779		 */
8780		ctl_set_invalid_opcode(ctsio);
8781		ctl_done((union ctl_io *)ctsio);
8782
8783		return (CTL_RETVAL_COMPLETE);
8784		break; /* NOTREACHED */
8785	}
8786
8787	/*
8788	 * The first check is to make sure we're in bounds, the second
8789	 * check is to catch wrap-around problems.  If the lba + num blocks
8790	 * is less than the lba, then we've wrapped around and the block
8791	 * range is invalid anyway.
8792	 */
8793	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8794	 || ((lba + num_blocks) < lba)) {
8795		ctl_set_lba_out_of_range(ctsio);
8796		ctl_done((union ctl_io *)ctsio);
8797		return (CTL_RETVAL_COMPLETE);
8798	}
8799
8800	/*
8801	 * According to SBC-3, a transfer length of 0 is not an error.
8802	 */
8803	if (num_blocks == 0) {
8804		ctl_set_success(ctsio);
8805		ctl_done((union ctl_io *)ctsio);
8806		return (CTL_RETVAL_COMPLETE);
8807	}
8808
8809	/* Set FUA if write cache is disabled. */
8810	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8811	    SCP_WCE) == 0)
8812		flags |= CTL_LLF_FUA;
8813
8814	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8815	ctsio->kern_rel_offset = 0;
8816
8817	/*
8818	 * Set the IO_CONT flag, so that if this I/O gets passed to
8819	 * ctl_data_submit_done(), it'll get passed back to
8820	 * ctl_ctl_cnw_cont() for further processing.
8821	 */
8822	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8823	ctsio->io_cont = ctl_cnw_cont;
8824
8825	lbalen = (struct ctl_lba_len_flags *)
8826	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8827	lbalen->lba = lba;
8828	lbalen->len = num_blocks;
8829	lbalen->flags = CTL_LLF_COMPARE | flags;
8830
8831	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8832	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8833	return (retval);
8834}
8835
8836int
8837ctl_verify(struct ctl_scsiio *ctsio)
8838{
8839	struct ctl_lun *lun;
8840	struct ctl_lba_len_flags *lbalen;
8841	uint64_t lba;
8842	uint32_t num_blocks;
8843	int bytchk, flags;
8844	int retval;
8845
8846	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8847
8848	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8849
8850	bytchk = 0;
8851	flags = CTL_LLF_FUA;
8852	retval = CTL_RETVAL_COMPLETE;
8853
8854	switch (ctsio->cdb[0]) {
8855	case VERIFY_10: {
8856		struct scsi_verify_10 *cdb;
8857
8858		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8859		if (cdb->byte2 & SVFY_BYTCHK)
8860			bytchk = 1;
8861		if (cdb->byte2 & SVFY_DPO)
8862			flags |= CTL_LLF_DPO;
8863		lba = scsi_4btoul(cdb->addr);
8864		num_blocks = scsi_2btoul(cdb->length);
8865		break;
8866	}
8867	case VERIFY_12: {
8868		struct scsi_verify_12 *cdb;
8869
8870		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8871		if (cdb->byte2 & SVFY_BYTCHK)
8872			bytchk = 1;
8873		if (cdb->byte2 & SVFY_DPO)
8874			flags |= CTL_LLF_DPO;
8875		lba = scsi_4btoul(cdb->addr);
8876		num_blocks = scsi_4btoul(cdb->length);
8877		break;
8878	}
8879	case VERIFY_16: {
8880		struct scsi_rw_16 *cdb;
8881
8882		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8883		if (cdb->byte2 & SVFY_BYTCHK)
8884			bytchk = 1;
8885		if (cdb->byte2 & SVFY_DPO)
8886			flags |= CTL_LLF_DPO;
8887		lba = scsi_8btou64(cdb->addr);
8888		num_blocks = scsi_4btoul(cdb->length);
8889		break;
8890	}
8891	default:
8892		/*
8893		 * We got a command we don't support.  This shouldn't
8894		 * happen, commands should be filtered out above us.
8895		 */
8896		ctl_set_invalid_opcode(ctsio);
8897		ctl_done((union ctl_io *)ctsio);
8898		return (CTL_RETVAL_COMPLETE);
8899	}
8900
8901	/*
8902	 * The first check is to make sure we're in bounds, the second
8903	 * check is to catch wrap-around problems.  If the lba + num blocks
8904	 * is less than the lba, then we've wrapped around and the block
8905	 * range is invalid anyway.
8906	 */
8907	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8908	 || ((lba + num_blocks) < lba)) {
8909		ctl_set_lba_out_of_range(ctsio);
8910		ctl_done((union ctl_io *)ctsio);
8911		return (CTL_RETVAL_COMPLETE);
8912	}
8913
8914	/*
8915	 * According to SBC-3, a transfer length of 0 is not an error.
8916	 */
8917	if (num_blocks == 0) {
8918		ctl_set_success(ctsio);
8919		ctl_done((union ctl_io *)ctsio);
8920		return (CTL_RETVAL_COMPLETE);
8921	}
8922
8923	lbalen = (struct ctl_lba_len_flags *)
8924	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8925	lbalen->lba = lba;
8926	lbalen->len = num_blocks;
8927	if (bytchk) {
8928		lbalen->flags = CTL_LLF_COMPARE | flags;
8929		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8930	} else {
8931		lbalen->flags = CTL_LLF_VERIFY | flags;
8932		ctsio->kern_total_len = 0;
8933	}
8934	ctsio->kern_rel_offset = 0;
8935
8936	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8937	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8938	return (retval);
8939}
8940
8941int
8942ctl_report_luns(struct ctl_scsiio *ctsio)
8943{
8944	struct ctl_softc *softc = control_softc;
8945	struct scsi_report_luns *cdb;
8946	struct scsi_report_luns_data *lun_data;
8947	struct ctl_lun *lun, *request_lun;
8948	struct ctl_port *port;
8949	int num_luns, retval;
8950	uint32_t alloc_len, lun_datalen;
8951	int num_filled, well_known;
8952	uint32_t initidx, targ_lun_id, lun_id;
8953
8954	retval = CTL_RETVAL_COMPLETE;
8955	well_known = 0;
8956
8957	cdb = (struct scsi_report_luns *)ctsio->cdb;
8958	port = ctl_io_port(&ctsio->io_hdr);
8959
8960	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8961
8962	mtx_lock(&softc->ctl_lock);
8963	num_luns = 0;
8964	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8965		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8966			num_luns++;
8967	}
8968	mtx_unlock(&softc->ctl_lock);
8969
8970	switch (cdb->select_report) {
8971	case RPL_REPORT_DEFAULT:
8972	case RPL_REPORT_ALL:
8973		break;
8974	case RPL_REPORT_WELLKNOWN:
8975		well_known = 1;
8976		num_luns = 0;
8977		break;
8978	default:
8979		ctl_set_invalid_field(ctsio,
8980				      /*sks_valid*/ 1,
8981				      /*command*/ 1,
8982				      /*field*/ 2,
8983				      /*bit_valid*/ 0,
8984				      /*bit*/ 0);
8985		ctl_done((union ctl_io *)ctsio);
8986		return (retval);
8987		break; /* NOTREACHED */
8988	}
8989
8990	alloc_len = scsi_4btoul(cdb->length);
8991	/*
8992	 * The initiator has to allocate at least 16 bytes for this request,
8993	 * so he can at least get the header and the first LUN.  Otherwise
8994	 * we reject the request (per SPC-3 rev 14, section 6.21).
8995	 */
8996	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
8997	    sizeof(struct scsi_report_luns_lundata))) {
8998		ctl_set_invalid_field(ctsio,
8999				      /*sks_valid*/ 1,
9000				      /*command*/ 1,
9001				      /*field*/ 6,
9002				      /*bit_valid*/ 0,
9003				      /*bit*/ 0);
9004		ctl_done((union ctl_io *)ctsio);
9005		return (retval);
9006	}
9007
9008	request_lun = (struct ctl_lun *)
9009		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9010
9011	lun_datalen = sizeof(*lun_data) +
9012		(num_luns * sizeof(struct scsi_report_luns_lundata));
9013
9014	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9015	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9016	ctsio->kern_sg_entries = 0;
9017
9018	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9019
9020	mtx_lock(&softc->ctl_lock);
9021	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9022		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9023		if (lun_id >= CTL_MAX_LUNS)
9024			continue;
9025		lun = softc->ctl_luns[lun_id];
9026		if (lun == NULL)
9027			continue;
9028
9029		if (targ_lun_id <= 0xff) {
9030			/*
9031			 * Peripheral addressing method, bus number 0.
9032			 */
9033			lun_data->luns[num_filled].lundata[0] =
9034				RPL_LUNDATA_ATYP_PERIPH;
9035			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9036			num_filled++;
9037		} else if (targ_lun_id <= 0x3fff) {
9038			/*
9039			 * Flat addressing method.
9040			 */
9041			lun_data->luns[num_filled].lundata[0] =
9042				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9043			lun_data->luns[num_filled].lundata[1] =
9044				(targ_lun_id & 0xff);
9045			num_filled++;
9046		} else if (targ_lun_id <= 0xffffff) {
9047			/*
9048			 * Extended flat addressing method.
9049			 */
9050			lun_data->luns[num_filled].lundata[0] =
9051			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9052			scsi_ulto3b(targ_lun_id,
9053			    &lun_data->luns[num_filled].lundata[1]);
9054			num_filled++;
9055		} else {
9056			printf("ctl_report_luns: bogus LUN number %jd, "
9057			       "skipping\n", (intmax_t)targ_lun_id);
9058		}
9059		/*
9060		 * According to SPC-3, rev 14 section 6.21:
9061		 *
9062		 * "The execution of a REPORT LUNS command to any valid and
9063		 * installed logical unit shall clear the REPORTED LUNS DATA
9064		 * HAS CHANGED unit attention condition for all logical
9065		 * units of that target with respect to the requesting
9066		 * initiator. A valid and installed logical unit is one
9067		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9068		 * INQUIRY data (see 6.4.2)."
9069		 *
9070		 * If request_lun is NULL, the LUN this report luns command
9071		 * was issued to is either disabled or doesn't exist. In that
9072		 * case, we shouldn't clear any pending lun change unit
9073		 * attention.
9074		 */
9075		if (request_lun != NULL) {
9076			mtx_lock(&lun->lun_lock);
9077			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9078			mtx_unlock(&lun->lun_lock);
9079		}
9080	}
9081	mtx_unlock(&softc->ctl_lock);
9082
9083	/*
9084	 * It's quite possible that we've returned fewer LUNs than we allocated
9085	 * space for.  Trim it.
9086	 */
9087	lun_datalen = sizeof(*lun_data) +
9088		(num_filled * sizeof(struct scsi_report_luns_lundata));
9089
9090	if (lun_datalen < alloc_len) {
9091		ctsio->residual = alloc_len - lun_datalen;
9092		ctsio->kern_data_len = lun_datalen;
9093		ctsio->kern_total_len = lun_datalen;
9094	} else {
9095		ctsio->residual = 0;
9096		ctsio->kern_data_len = alloc_len;
9097		ctsio->kern_total_len = alloc_len;
9098	}
9099	ctsio->kern_data_resid = 0;
9100	ctsio->kern_rel_offset = 0;
9101	ctsio->kern_sg_entries = 0;
9102
9103	/*
9104	 * We set this to the actual data length, regardless of how much
9105	 * space we actually have to return results.  If the user looks at
9106	 * this value, he'll know whether or not he allocated enough space
9107	 * and reissue the command if necessary.  We don't support well
9108	 * known logical units, so if the user asks for that, return none.
9109	 */
9110	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9111
9112	/*
9113	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9114	 * this request.
9115	 */
9116	ctl_set_success(ctsio);
9117	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9118	ctsio->be_move_done = ctl_config_move_done;
9119	ctl_datamove((union ctl_io *)ctsio);
9120	return (retval);
9121}
9122
9123int
9124ctl_request_sense(struct ctl_scsiio *ctsio)
9125{
9126	struct scsi_request_sense *cdb;
9127	struct scsi_sense_data *sense_ptr;
9128	struct ctl_softc *ctl_softc;
9129	struct ctl_lun *lun;
9130	uint32_t initidx;
9131	int have_error;
9132	scsi_sense_data_type sense_format;
9133	ctl_ua_type ua_type;
9134
9135	cdb = (struct scsi_request_sense *)ctsio->cdb;
9136
9137	ctl_softc = control_softc;
9138	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9139
9140	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9141
9142	/*
9143	 * Determine which sense format the user wants.
9144	 */
9145	if (cdb->byte2 & SRS_DESC)
9146		sense_format = SSD_TYPE_DESC;
9147	else
9148		sense_format = SSD_TYPE_FIXED;
9149
9150	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9151	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9152	ctsio->kern_sg_entries = 0;
9153
9154	/*
9155	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9156	 * larger than the largest allowed value for the length field in the
9157	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9158	 */
9159	ctsio->residual = 0;
9160	ctsio->kern_data_len = cdb->length;
9161	ctsio->kern_total_len = cdb->length;
9162
9163	ctsio->kern_data_resid = 0;
9164	ctsio->kern_rel_offset = 0;
9165	ctsio->kern_sg_entries = 0;
9166
9167	/*
9168	 * If we don't have a LUN, we don't have any pending sense.
9169	 */
9170	if (lun == NULL)
9171		goto no_sense;
9172
9173	have_error = 0;
9174	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9175	/*
9176	 * Check for pending sense, and then for pending unit attentions.
9177	 * Pending sense gets returned first, then pending unit attentions.
9178	 */
9179	mtx_lock(&lun->lun_lock);
9180#ifdef CTL_WITH_CA
9181	if (ctl_is_set(lun->have_ca, initidx)) {
9182		scsi_sense_data_type stored_format;
9183
9184		/*
9185		 * Check to see which sense format was used for the stored
9186		 * sense data.
9187		 */
9188		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9189
9190		/*
9191		 * If the user requested a different sense format than the
9192		 * one we stored, then we need to convert it to the other
9193		 * format.  If we're going from descriptor to fixed format
9194		 * sense data, we may lose things in translation, depending
9195		 * on what options were used.
9196		 *
9197		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9198		 * for some reason we'll just copy it out as-is.
9199		 */
9200		if ((stored_format == SSD_TYPE_FIXED)
9201		 && (sense_format == SSD_TYPE_DESC))
9202			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9203			    &lun->pending_sense[initidx],
9204			    (struct scsi_sense_data_desc *)sense_ptr);
9205		else if ((stored_format == SSD_TYPE_DESC)
9206		      && (sense_format == SSD_TYPE_FIXED))
9207			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9208			    &lun->pending_sense[initidx],
9209			    (struct scsi_sense_data_fixed *)sense_ptr);
9210		else
9211			memcpy(sense_ptr, &lun->pending_sense[initidx],
9212			       MIN(sizeof(*sense_ptr),
9213			       sizeof(lun->pending_sense[initidx])));
9214
9215		ctl_clear_mask(lun->have_ca, initidx);
9216		have_error = 1;
9217	} else
9218#endif
9219	{
9220		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9221		if (ua_type != CTL_UA_NONE)
9222			have_error = 1;
9223		if (ua_type == CTL_UA_LUN_CHANGE) {
9224			mtx_unlock(&lun->lun_lock);
9225			mtx_lock(&ctl_softc->ctl_lock);
9226			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9227			mtx_unlock(&ctl_softc->ctl_lock);
9228			mtx_lock(&lun->lun_lock);
9229		}
9230
9231	}
9232	mtx_unlock(&lun->lun_lock);
9233
9234	/*
9235	 * We already have a pending error, return it.
9236	 */
9237	if (have_error != 0) {
9238		/*
9239		 * We report the SCSI status as OK, since the status of the
9240		 * request sense command itself is OK.
9241		 * We report 0 for the sense length, because we aren't doing
9242		 * autosense in this case.  We're reporting sense as
9243		 * parameter data.
9244		 */
9245		ctl_set_success(ctsio);
9246		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9247		ctsio->be_move_done = ctl_config_move_done;
9248		ctl_datamove((union ctl_io *)ctsio);
9249		return (CTL_RETVAL_COMPLETE);
9250	}
9251
9252no_sense:
9253
9254	/*
9255	 * No sense information to report, so we report that everything is
9256	 * okay.
9257	 */
9258	ctl_set_sense_data(sense_ptr,
9259			   lun,
9260			   sense_format,
9261			   /*current_error*/ 1,
9262			   /*sense_key*/ SSD_KEY_NO_SENSE,
9263			   /*asc*/ 0x00,
9264			   /*ascq*/ 0x00,
9265			   SSD_ELEM_NONE);
9266
9267	/*
9268	 * We report 0 for the sense length, because we aren't doing
9269	 * autosense in this case.  We're reporting sense as parameter data.
9270	 */
9271	ctl_set_success(ctsio);
9272	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9273	ctsio->be_move_done = ctl_config_move_done;
9274	ctl_datamove((union ctl_io *)ctsio);
9275	return (CTL_RETVAL_COMPLETE);
9276}
9277
9278int
9279ctl_tur(struct ctl_scsiio *ctsio)
9280{
9281
9282	CTL_DEBUG_PRINT(("ctl_tur\n"));
9283
9284	ctl_set_success(ctsio);
9285	ctl_done((union ctl_io *)ctsio);
9286
9287	return (CTL_RETVAL_COMPLETE);
9288}
9289
9290/*
9291 * SCSI VPD page 0x00, the Supported VPD Pages page.
9292 */
9293static int
9294ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9295{
9296	struct scsi_vpd_supported_pages *pages;
9297	int sup_page_size;
9298	struct ctl_lun *lun;
9299	int p;
9300
9301	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9302
9303	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9304	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9305	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9306	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9307	ctsio->kern_sg_entries = 0;
9308
9309	if (sup_page_size < alloc_len) {
9310		ctsio->residual = alloc_len - sup_page_size;
9311		ctsio->kern_data_len = sup_page_size;
9312		ctsio->kern_total_len = sup_page_size;
9313	} else {
9314		ctsio->residual = 0;
9315		ctsio->kern_data_len = alloc_len;
9316		ctsio->kern_total_len = alloc_len;
9317	}
9318	ctsio->kern_data_resid = 0;
9319	ctsio->kern_rel_offset = 0;
9320	ctsio->kern_sg_entries = 0;
9321
9322	/*
9323	 * The control device is always connected.  The disk device, on the
9324	 * other hand, may not be online all the time.  Need to change this
9325	 * to figure out whether the disk device is actually online or not.
9326	 */
9327	if (lun != NULL)
9328		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9329				lun->be_lun->lun_type;
9330	else
9331		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9332
9333	p = 0;
9334	/* Supported VPD pages */
9335	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9336	/* Serial Number */
9337	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9338	/* Device Identification */
9339	pages->page_list[p++] = SVPD_DEVICE_ID;
9340	/* Extended INQUIRY Data */
9341	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9342	/* Mode Page Policy */
9343	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9344	/* SCSI Ports */
9345	pages->page_list[p++] = SVPD_SCSI_PORTS;
9346	/* Third-party Copy */
9347	pages->page_list[p++] = SVPD_SCSI_TPC;
9348	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9349		/* Block limits */
9350		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9351		/* Block Device Characteristics */
9352		pages->page_list[p++] = SVPD_BDC;
9353		/* Logical Block Provisioning */
9354		pages->page_list[p++] = SVPD_LBP;
9355	}
9356	pages->length = p;
9357
9358	ctl_set_success(ctsio);
9359	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9360	ctsio->be_move_done = ctl_config_move_done;
9361	ctl_datamove((union ctl_io *)ctsio);
9362	return (CTL_RETVAL_COMPLETE);
9363}
9364
9365/*
9366 * SCSI VPD page 0x80, the Unit Serial Number page.
9367 */
9368static int
9369ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9370{
9371	struct scsi_vpd_unit_serial_number *sn_ptr;
9372	struct ctl_lun *lun;
9373	int data_len;
9374
9375	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9376
9377	data_len = 4 + CTL_SN_LEN;
9378	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9379	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9380	if (data_len < alloc_len) {
9381		ctsio->residual = alloc_len - data_len;
9382		ctsio->kern_data_len = data_len;
9383		ctsio->kern_total_len = data_len;
9384	} else {
9385		ctsio->residual = 0;
9386		ctsio->kern_data_len = alloc_len;
9387		ctsio->kern_total_len = alloc_len;
9388	}
9389	ctsio->kern_data_resid = 0;
9390	ctsio->kern_rel_offset = 0;
9391	ctsio->kern_sg_entries = 0;
9392
9393	/*
9394	 * The control device is always connected.  The disk device, on the
9395	 * other hand, may not be online all the time.  Need to change this
9396	 * to figure out whether the disk device is actually online or not.
9397	 */
9398	if (lun != NULL)
9399		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9400				  lun->be_lun->lun_type;
9401	else
9402		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9403
9404	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9405	sn_ptr->length = CTL_SN_LEN;
9406	/*
9407	 * If we don't have a LUN, we just leave the serial number as
9408	 * all spaces.
9409	 */
9410	if (lun != NULL) {
9411		strncpy((char *)sn_ptr->serial_num,
9412			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9413	} else
9414		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9415
9416	ctl_set_success(ctsio);
9417	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9418	ctsio->be_move_done = ctl_config_move_done;
9419	ctl_datamove((union ctl_io *)ctsio);
9420	return (CTL_RETVAL_COMPLETE);
9421}
9422
9423
9424/*
9425 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9426 */
9427static int
9428ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9429{
9430	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9431	struct ctl_lun *lun;
9432	int data_len;
9433
9434	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9435
9436	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9437	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9438	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9439	ctsio->kern_sg_entries = 0;
9440
9441	if (data_len < alloc_len) {
9442		ctsio->residual = alloc_len - data_len;
9443		ctsio->kern_data_len = data_len;
9444		ctsio->kern_total_len = data_len;
9445	} else {
9446		ctsio->residual = 0;
9447		ctsio->kern_data_len = alloc_len;
9448		ctsio->kern_total_len = alloc_len;
9449	}
9450	ctsio->kern_data_resid = 0;
9451	ctsio->kern_rel_offset = 0;
9452	ctsio->kern_sg_entries = 0;
9453
9454	/*
9455	 * The control device is always connected.  The disk device, on the
9456	 * other hand, may not be online all the time.
9457	 */
9458	if (lun != NULL)
9459		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9460				     lun->be_lun->lun_type;
9461	else
9462		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9463	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9464	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9465	/*
9466	 * We support head of queue, ordered and simple tags.
9467	 */
9468	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9469	/*
9470	 * Volatile cache supported.
9471	 */
9472	eid_ptr->flags3 = SVPD_EID_V_SUP;
9473
9474	/*
9475	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9476	 * attention for a particular IT nexus on all LUNs once we report
9477	 * it to that nexus once.  This bit is required as of SPC-4.
9478	 */
9479	eid_ptr->flags4 = SVPD_EID_LUICLT;
9480
9481	/*
9482	 * XXX KDM in order to correctly answer this, we would need
9483	 * information from the SIM to determine how much sense data it
9484	 * can send.  So this would really be a path inquiry field, most
9485	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9486	 * but the hardware may or may not be able to support that much.
9487	 * 0 just means that the maximum sense data length is not reported.
9488	 */
9489	eid_ptr->max_sense_length = 0;
9490
9491	ctl_set_success(ctsio);
9492	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9493	ctsio->be_move_done = ctl_config_move_done;
9494	ctl_datamove((union ctl_io *)ctsio);
9495	return (CTL_RETVAL_COMPLETE);
9496}
9497
9498static int
9499ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9500{
9501	struct scsi_vpd_mode_page_policy *mpp_ptr;
9502	struct ctl_lun *lun;
9503	int data_len;
9504
9505	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9506
9507	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9508	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9509
9510	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9511	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9512	ctsio->kern_sg_entries = 0;
9513
9514	if (data_len < alloc_len) {
9515		ctsio->residual = alloc_len - data_len;
9516		ctsio->kern_data_len = data_len;
9517		ctsio->kern_total_len = data_len;
9518	} else {
9519		ctsio->residual = 0;
9520		ctsio->kern_data_len = alloc_len;
9521		ctsio->kern_total_len = alloc_len;
9522	}
9523	ctsio->kern_data_resid = 0;
9524	ctsio->kern_rel_offset = 0;
9525	ctsio->kern_sg_entries = 0;
9526
9527	/*
9528	 * The control device is always connected.  The disk device, on the
9529	 * other hand, may not be online all the time.
9530	 */
9531	if (lun != NULL)
9532		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9533				     lun->be_lun->lun_type;
9534	else
9535		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9536	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9537	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9538	mpp_ptr->descr[0].page_code = 0x3f;
9539	mpp_ptr->descr[0].subpage_code = 0xff;
9540	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9541
9542	ctl_set_success(ctsio);
9543	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9544	ctsio->be_move_done = ctl_config_move_done;
9545	ctl_datamove((union ctl_io *)ctsio);
9546	return (CTL_RETVAL_COMPLETE);
9547}
9548
9549/*
9550 * SCSI VPD page 0x83, the Device Identification page.
9551 */
9552static int
9553ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9554{
9555	struct scsi_vpd_device_id *devid_ptr;
9556	struct scsi_vpd_id_descriptor *desc;
9557	struct ctl_softc *softc;
9558	struct ctl_lun *lun;
9559	struct ctl_port *port;
9560	int data_len;
9561	uint8_t proto;
9562
9563	softc = control_softc;
9564
9565	port = ctl_io_port(&ctsio->io_hdr);
9566	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9567
9568	data_len = sizeof(struct scsi_vpd_device_id) +
9569	    sizeof(struct scsi_vpd_id_descriptor) +
9570		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9571	    sizeof(struct scsi_vpd_id_descriptor) +
9572		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9573	if (lun && lun->lun_devid)
9574		data_len += lun->lun_devid->len;
9575	if (port && port->port_devid)
9576		data_len += port->port_devid->len;
9577	if (port && port->target_devid)
9578		data_len += port->target_devid->len;
9579
9580	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9581	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9582	ctsio->kern_sg_entries = 0;
9583
9584	if (data_len < alloc_len) {
9585		ctsio->residual = alloc_len - data_len;
9586		ctsio->kern_data_len = data_len;
9587		ctsio->kern_total_len = data_len;
9588	} else {
9589		ctsio->residual = 0;
9590		ctsio->kern_data_len = alloc_len;
9591		ctsio->kern_total_len = alloc_len;
9592	}
9593	ctsio->kern_data_resid = 0;
9594	ctsio->kern_rel_offset = 0;
9595	ctsio->kern_sg_entries = 0;
9596
9597	/*
9598	 * The control device is always connected.  The disk device, on the
9599	 * other hand, may not be online all the time.
9600	 */
9601	if (lun != NULL)
9602		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9603				     lun->be_lun->lun_type;
9604	else
9605		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9606	devid_ptr->page_code = SVPD_DEVICE_ID;
9607	scsi_ulto2b(data_len - 4, devid_ptr->length);
9608
9609	if (port && port->port_type == CTL_PORT_FC)
9610		proto = SCSI_PROTO_FC << 4;
9611	else if (port && port->port_type == CTL_PORT_ISCSI)
9612		proto = SCSI_PROTO_ISCSI << 4;
9613	else
9614		proto = SCSI_PROTO_SPI << 4;
9615	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9616
9617	/*
9618	 * We're using a LUN association here.  i.e., this device ID is a
9619	 * per-LUN identifier.
9620	 */
9621	if (lun && lun->lun_devid) {
9622		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9623		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9624		    lun->lun_devid->len);
9625	}
9626
9627	/*
9628	 * This is for the WWPN which is a port association.
9629	 */
9630	if (port && port->port_devid) {
9631		memcpy(desc, port->port_devid->data, port->port_devid->len);
9632		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9633		    port->port_devid->len);
9634	}
9635
9636	/*
9637	 * This is for the Relative Target Port(type 4h) identifier
9638	 */
9639	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9640	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9641	    SVPD_ID_TYPE_RELTARG;
9642	desc->length = 4;
9643	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9644	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9645	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9646
9647	/*
9648	 * This is for the Target Port Group(type 5h) identifier
9649	 */
9650	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9651	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9652	    SVPD_ID_TYPE_TPORTGRP;
9653	desc->length = 4;
9654	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9655	    &desc->identifier[2]);
9656	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9657	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9658
9659	/*
9660	 * This is for the Target identifier
9661	 */
9662	if (port && port->target_devid) {
9663		memcpy(desc, port->target_devid->data, port->target_devid->len);
9664	}
9665
9666	ctl_set_success(ctsio);
9667	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9668	ctsio->be_move_done = ctl_config_move_done;
9669	ctl_datamove((union ctl_io *)ctsio);
9670	return (CTL_RETVAL_COMPLETE);
9671}
9672
9673static int
9674ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9675{
9676	struct ctl_softc *softc = control_softc;
9677	struct scsi_vpd_scsi_ports *sp;
9678	struct scsi_vpd_port_designation *pd;
9679	struct scsi_vpd_port_designation_cont *pdc;
9680	struct ctl_lun *lun;
9681	struct ctl_port *port;
9682	int data_len, num_target_ports, iid_len, id_len;
9683
9684	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9685
9686	num_target_ports = 0;
9687	iid_len = 0;
9688	id_len = 0;
9689	mtx_lock(&softc->ctl_lock);
9690	STAILQ_FOREACH(port, &softc->port_list, links) {
9691		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9692			continue;
9693		if (lun != NULL &&
9694		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9695			continue;
9696		num_target_ports++;
9697		if (port->init_devid)
9698			iid_len += port->init_devid->len;
9699		if (port->port_devid)
9700			id_len += port->port_devid->len;
9701	}
9702	mtx_unlock(&softc->ctl_lock);
9703
9704	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9705	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9706	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9707	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9708	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9709	ctsio->kern_sg_entries = 0;
9710
9711	if (data_len < alloc_len) {
9712		ctsio->residual = alloc_len - data_len;
9713		ctsio->kern_data_len = data_len;
9714		ctsio->kern_total_len = data_len;
9715	} else {
9716		ctsio->residual = 0;
9717		ctsio->kern_data_len = alloc_len;
9718		ctsio->kern_total_len = alloc_len;
9719	}
9720	ctsio->kern_data_resid = 0;
9721	ctsio->kern_rel_offset = 0;
9722	ctsio->kern_sg_entries = 0;
9723
9724	/*
9725	 * The control device is always connected.  The disk device, on the
9726	 * other hand, may not be online all the time.  Need to change this
9727	 * to figure out whether the disk device is actually online or not.
9728	 */
9729	if (lun != NULL)
9730		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9731				  lun->be_lun->lun_type;
9732	else
9733		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9734
9735	sp->page_code = SVPD_SCSI_PORTS;
9736	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9737	    sp->page_length);
9738	pd = &sp->design[0];
9739
9740	mtx_lock(&softc->ctl_lock);
9741	STAILQ_FOREACH(port, &softc->port_list, links) {
9742		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9743			continue;
9744		if (lun != NULL &&
9745		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9746			continue;
9747		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9748		if (port->init_devid) {
9749			iid_len = port->init_devid->len;
9750			memcpy(pd->initiator_transportid,
9751			    port->init_devid->data, port->init_devid->len);
9752		} else
9753			iid_len = 0;
9754		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9755		pdc = (struct scsi_vpd_port_designation_cont *)
9756		    (&pd->initiator_transportid[iid_len]);
9757		if (port->port_devid) {
9758			id_len = port->port_devid->len;
9759			memcpy(pdc->target_port_descriptors,
9760			    port->port_devid->data, port->port_devid->len);
9761		} else
9762			id_len = 0;
9763		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9764		pd = (struct scsi_vpd_port_designation *)
9765		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9766	}
9767	mtx_unlock(&softc->ctl_lock);
9768
9769	ctl_set_success(ctsio);
9770	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9771	ctsio->be_move_done = ctl_config_move_done;
9772	ctl_datamove((union ctl_io *)ctsio);
9773	return (CTL_RETVAL_COMPLETE);
9774}
9775
9776static int
9777ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9778{
9779	struct scsi_vpd_block_limits *bl_ptr;
9780	struct ctl_lun *lun;
9781	int bs;
9782
9783	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9784
9785	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9786	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9787	ctsio->kern_sg_entries = 0;
9788
9789	if (sizeof(*bl_ptr) < alloc_len) {
9790		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9791		ctsio->kern_data_len = sizeof(*bl_ptr);
9792		ctsio->kern_total_len = sizeof(*bl_ptr);
9793	} else {
9794		ctsio->residual = 0;
9795		ctsio->kern_data_len = alloc_len;
9796		ctsio->kern_total_len = alloc_len;
9797	}
9798	ctsio->kern_data_resid = 0;
9799	ctsio->kern_rel_offset = 0;
9800	ctsio->kern_sg_entries = 0;
9801
9802	/*
9803	 * The control device is always connected.  The disk device, on the
9804	 * other hand, may not be online all the time.  Need to change this
9805	 * to figure out whether the disk device is actually online or not.
9806	 */
9807	if (lun != NULL)
9808		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9809				  lun->be_lun->lun_type;
9810	else
9811		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9812
9813	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9814	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9815	bl_ptr->max_cmp_write_len = 0xff;
9816	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9817	if (lun != NULL) {
9818		bs = lun->be_lun->blocksize;
9819		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9820		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9821			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9822			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9823			if (lun->be_lun->ublockexp != 0) {
9824				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9825				    bl_ptr->opt_unmap_grain);
9826				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9827				    bl_ptr->unmap_grain_align);
9828			}
9829		}
9830		scsi_ulto4b(lun->be_lun->atomicblock,
9831		    bl_ptr->max_atomic_transfer_length);
9832		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9833		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9834	}
9835	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9836
9837	ctl_set_success(ctsio);
9838	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9839	ctsio->be_move_done = ctl_config_move_done;
9840	ctl_datamove((union ctl_io *)ctsio);
9841	return (CTL_RETVAL_COMPLETE);
9842}
9843
9844static int
9845ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9846{
9847	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9848	struct ctl_lun *lun;
9849	const char *value;
9850	u_int i;
9851
9852	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9853
9854	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9855	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9856	ctsio->kern_sg_entries = 0;
9857
9858	if (sizeof(*bdc_ptr) < alloc_len) {
9859		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9860		ctsio->kern_data_len = sizeof(*bdc_ptr);
9861		ctsio->kern_total_len = sizeof(*bdc_ptr);
9862	} else {
9863		ctsio->residual = 0;
9864		ctsio->kern_data_len = alloc_len;
9865		ctsio->kern_total_len = alloc_len;
9866	}
9867	ctsio->kern_data_resid = 0;
9868	ctsio->kern_rel_offset = 0;
9869	ctsio->kern_sg_entries = 0;
9870
9871	/*
9872	 * The control device is always connected.  The disk device, on the
9873	 * other hand, may not be online all the time.  Need to change this
9874	 * to figure out whether the disk device is actually online or not.
9875	 */
9876	if (lun != NULL)
9877		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9878				  lun->be_lun->lun_type;
9879	else
9880		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9881	bdc_ptr->page_code = SVPD_BDC;
9882	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9883	if (lun != NULL &&
9884	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9885		i = strtol(value, NULL, 0);
9886	else
9887		i = CTL_DEFAULT_ROTATION_RATE;
9888	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9889	if (lun != NULL &&
9890	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9891		i = strtol(value, NULL, 0);
9892	else
9893		i = 0;
9894	bdc_ptr->wab_wac_ff = (i & 0x0f);
9895	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9896
9897	ctl_set_success(ctsio);
9898	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9899	ctsio->be_move_done = ctl_config_move_done;
9900	ctl_datamove((union ctl_io *)ctsio);
9901	return (CTL_RETVAL_COMPLETE);
9902}
9903
9904static int
9905ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9906{
9907	struct scsi_vpd_logical_block_prov *lbp_ptr;
9908	struct ctl_lun *lun;
9909
9910	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9911
9912	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9913	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9914	ctsio->kern_sg_entries = 0;
9915
9916	if (sizeof(*lbp_ptr) < alloc_len) {
9917		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9918		ctsio->kern_data_len = sizeof(*lbp_ptr);
9919		ctsio->kern_total_len = sizeof(*lbp_ptr);
9920	} else {
9921		ctsio->residual = 0;
9922		ctsio->kern_data_len = alloc_len;
9923		ctsio->kern_total_len = alloc_len;
9924	}
9925	ctsio->kern_data_resid = 0;
9926	ctsio->kern_rel_offset = 0;
9927	ctsio->kern_sg_entries = 0;
9928
9929	/*
9930	 * The control device is always connected.  The disk device, on the
9931	 * other hand, may not be online all the time.  Need to change this
9932	 * to figure out whether the disk device is actually online or not.
9933	 */
9934	if (lun != NULL)
9935		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9936				  lun->be_lun->lun_type;
9937	else
9938		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9939
9940	lbp_ptr->page_code = SVPD_LBP;
9941	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9942	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9943	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9944		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9945		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9946		lbp_ptr->prov_type = SVPD_LBP_THIN;
9947	}
9948
9949	ctl_set_success(ctsio);
9950	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9951	ctsio->be_move_done = ctl_config_move_done;
9952	ctl_datamove((union ctl_io *)ctsio);
9953	return (CTL_RETVAL_COMPLETE);
9954}
9955
9956/*
9957 * INQUIRY with the EVPD bit set.
9958 */
9959static int
9960ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9961{
9962	struct ctl_lun *lun;
9963	struct scsi_inquiry *cdb;
9964	int alloc_len, retval;
9965
9966	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9967	cdb = (struct scsi_inquiry *)ctsio->cdb;
9968	alloc_len = scsi_2btoul(cdb->length);
9969
9970	switch (cdb->page_code) {
9971	case SVPD_SUPPORTED_PAGES:
9972		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9973		break;
9974	case SVPD_UNIT_SERIAL_NUMBER:
9975		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9976		break;
9977	case SVPD_DEVICE_ID:
9978		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9979		break;
9980	case SVPD_EXTENDED_INQUIRY_DATA:
9981		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9982		break;
9983	case SVPD_MODE_PAGE_POLICY:
9984		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9985		break;
9986	case SVPD_SCSI_PORTS:
9987		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9988		break;
9989	case SVPD_SCSI_TPC:
9990		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9991		break;
9992	case SVPD_BLOCK_LIMITS:
9993		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9994			goto err;
9995		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9996		break;
9997	case SVPD_BDC:
9998		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9999			goto err;
10000		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10001		break;
10002	case SVPD_LBP:
10003		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10004			goto err;
10005		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10006		break;
10007	default:
10008err:
10009		ctl_set_invalid_field(ctsio,
10010				      /*sks_valid*/ 1,
10011				      /*command*/ 1,
10012				      /*field*/ 2,
10013				      /*bit_valid*/ 0,
10014				      /*bit*/ 0);
10015		ctl_done((union ctl_io *)ctsio);
10016		retval = CTL_RETVAL_COMPLETE;
10017		break;
10018	}
10019
10020	return (retval);
10021}
10022
10023/*
10024 * Standard INQUIRY data.
10025 */
10026static int
10027ctl_inquiry_std(struct ctl_scsiio *ctsio)
10028{
10029	struct scsi_inquiry_data *inq_ptr;
10030	struct scsi_inquiry *cdb;
10031	struct ctl_softc *softc;
10032	struct ctl_port *port;
10033	struct ctl_lun *lun;
10034	char *val;
10035	uint32_t alloc_len, data_len;
10036	ctl_port_type port_type;
10037
10038	softc = control_softc;
10039
10040	/*
10041	 * Figure out whether we're talking to a Fibre Channel port or not.
10042	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10043	 * SCSI front ends.
10044	 */
10045	port = ctl_io_port(&ctsio->io_hdr);
10046	if (port != NULL)
10047		port_type = port->port_type;
10048	else
10049		port_type = CTL_PORT_SCSI;
10050	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10051		port_type = CTL_PORT_SCSI;
10052
10053	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10054	cdb = (struct scsi_inquiry *)ctsio->cdb;
10055	alloc_len = scsi_2btoul(cdb->length);
10056
10057	/*
10058	 * We malloc the full inquiry data size here and fill it
10059	 * in.  If the user only asks for less, we'll give him
10060	 * that much.
10061	 */
10062	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10063	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10064	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10065	ctsio->kern_sg_entries = 0;
10066	ctsio->kern_data_resid = 0;
10067	ctsio->kern_rel_offset = 0;
10068
10069	if (data_len < alloc_len) {
10070		ctsio->residual = alloc_len - data_len;
10071		ctsio->kern_data_len = data_len;
10072		ctsio->kern_total_len = data_len;
10073	} else {
10074		ctsio->residual = 0;
10075		ctsio->kern_data_len = alloc_len;
10076		ctsio->kern_total_len = alloc_len;
10077	}
10078
10079	if (lun != NULL) {
10080		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10081		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10082			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10083			    lun->be_lun->lun_type;
10084		} else {
10085			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10086			    lun->be_lun->lun_type;
10087		}
10088	} else
10089		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10090
10091	/* RMB in byte 2 is 0 */
10092	inq_ptr->version = SCSI_REV_SPC4;
10093
10094	/*
10095	 * According to SAM-3, even if a device only supports a single
10096	 * level of LUN addressing, it should still set the HISUP bit:
10097	 *
10098	 * 4.9.1 Logical unit numbers overview
10099	 *
10100	 * All logical unit number formats described in this standard are
10101	 * hierarchical in structure even when only a single level in that
10102	 * hierarchy is used. The HISUP bit shall be set to one in the
10103	 * standard INQUIRY data (see SPC-2) when any logical unit number
10104	 * format described in this standard is used.  Non-hierarchical
10105	 * formats are outside the scope of this standard.
10106	 *
10107	 * Therefore we set the HiSup bit here.
10108	 *
10109	 * The reponse format is 2, per SPC-3.
10110	 */
10111	inq_ptr->response_format = SID_HiSup | 2;
10112
10113	inq_ptr->additional_length = data_len -
10114	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10115	CTL_DEBUG_PRINT(("additional_length = %d\n",
10116			 inq_ptr->additional_length));
10117
10118	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10119	/* 16 bit addressing */
10120	if (port_type == CTL_PORT_SCSI)
10121		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10122	/* XXX set the SID_MultiP bit here if we're actually going to
10123	   respond on multiple ports */
10124	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10125
10126	/* 16 bit data bus, synchronous transfers */
10127	if (port_type == CTL_PORT_SCSI)
10128		inq_ptr->flags = SID_WBus16 | SID_Sync;
10129	/*
10130	 * XXX KDM do we want to support tagged queueing on the control
10131	 * device at all?
10132	 */
10133	if ((lun == NULL)
10134	 || (lun->be_lun->lun_type != T_PROCESSOR))
10135		inq_ptr->flags |= SID_CmdQue;
10136	/*
10137	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10138	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10139	 * name and 4 bytes for the revision.
10140	 */
10141	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10142	    "vendor")) == NULL) {
10143		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10144	} else {
10145		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10146		strncpy(inq_ptr->vendor, val,
10147		    min(sizeof(inq_ptr->vendor), strlen(val)));
10148	}
10149	if (lun == NULL) {
10150		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10151		    sizeof(inq_ptr->product));
10152	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10153		switch (lun->be_lun->lun_type) {
10154		case T_DIRECT:
10155			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10156			    sizeof(inq_ptr->product));
10157			break;
10158		case T_PROCESSOR:
10159			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10160			    sizeof(inq_ptr->product));
10161			break;
10162		default:
10163			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10164			    sizeof(inq_ptr->product));
10165			break;
10166		}
10167	} else {
10168		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10169		strncpy(inq_ptr->product, val,
10170		    min(sizeof(inq_ptr->product), strlen(val)));
10171	}
10172
10173	/*
10174	 * XXX make this a macro somewhere so it automatically gets
10175	 * incremented when we make changes.
10176	 */
10177	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10178	    "revision")) == NULL) {
10179		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10180	} else {
10181		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10182		strncpy(inq_ptr->revision, val,
10183		    min(sizeof(inq_ptr->revision), strlen(val)));
10184	}
10185
10186	/*
10187	 * For parallel SCSI, we support double transition and single
10188	 * transition clocking.  We also support QAS (Quick Arbitration
10189	 * and Selection) and Information Unit transfers on both the
10190	 * control and array devices.
10191	 */
10192	if (port_type == CTL_PORT_SCSI)
10193		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10194				    SID_SPI_IUS;
10195
10196	/* SAM-5 (no version claimed) */
10197	scsi_ulto2b(0x00A0, inq_ptr->version1);
10198	/* SPC-4 (no version claimed) */
10199	scsi_ulto2b(0x0460, inq_ptr->version2);
10200	if (port_type == CTL_PORT_FC) {
10201		/* FCP-2 ANSI INCITS.350:2003 */
10202		scsi_ulto2b(0x0917, inq_ptr->version3);
10203	} else if (port_type == CTL_PORT_SCSI) {
10204		/* SPI-4 ANSI INCITS.362:200x */
10205		scsi_ulto2b(0x0B56, inq_ptr->version3);
10206	} else if (port_type == CTL_PORT_ISCSI) {
10207		/* iSCSI (no version claimed) */
10208		scsi_ulto2b(0x0960, inq_ptr->version3);
10209	} else if (port_type == CTL_PORT_SAS) {
10210		/* SAS (no version claimed) */
10211		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10212	}
10213
10214	if (lun == NULL) {
10215		/* SBC-4 (no version claimed) */
10216		scsi_ulto2b(0x0600, inq_ptr->version4);
10217	} else {
10218		switch (lun->be_lun->lun_type) {
10219		case T_DIRECT:
10220			/* SBC-4 (no version claimed) */
10221			scsi_ulto2b(0x0600, inq_ptr->version4);
10222			break;
10223		case T_PROCESSOR:
10224		default:
10225			break;
10226		}
10227	}
10228
10229	ctl_set_success(ctsio);
10230	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10231	ctsio->be_move_done = ctl_config_move_done;
10232	ctl_datamove((union ctl_io *)ctsio);
10233	return (CTL_RETVAL_COMPLETE);
10234}
10235
10236int
10237ctl_inquiry(struct ctl_scsiio *ctsio)
10238{
10239	struct scsi_inquiry *cdb;
10240	int retval;
10241
10242	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10243
10244	cdb = (struct scsi_inquiry *)ctsio->cdb;
10245	if (cdb->byte2 & SI_EVPD)
10246		retval = ctl_inquiry_evpd(ctsio);
10247	else if (cdb->page_code == 0)
10248		retval = ctl_inquiry_std(ctsio);
10249	else {
10250		ctl_set_invalid_field(ctsio,
10251				      /*sks_valid*/ 1,
10252				      /*command*/ 1,
10253				      /*field*/ 2,
10254				      /*bit_valid*/ 0,
10255				      /*bit*/ 0);
10256		ctl_done((union ctl_io *)ctsio);
10257		return (CTL_RETVAL_COMPLETE);
10258	}
10259
10260	return (retval);
10261}
10262
10263/*
10264 * For known CDB types, parse the LBA and length.
10265 */
10266static int
10267ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10268{
10269	if (io->io_hdr.io_type != CTL_IO_SCSI)
10270		return (1);
10271
10272	switch (io->scsiio.cdb[0]) {
10273	case COMPARE_AND_WRITE: {
10274		struct scsi_compare_and_write *cdb;
10275
10276		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10277
10278		*lba = scsi_8btou64(cdb->addr);
10279		*len = cdb->length;
10280		break;
10281	}
10282	case READ_6:
10283	case WRITE_6: {
10284		struct scsi_rw_6 *cdb;
10285
10286		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10287
10288		*lba = scsi_3btoul(cdb->addr);
10289		/* only 5 bits are valid in the most significant address byte */
10290		*lba &= 0x1fffff;
10291		*len = cdb->length;
10292		break;
10293	}
10294	case READ_10:
10295	case WRITE_10: {
10296		struct scsi_rw_10 *cdb;
10297
10298		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10299
10300		*lba = scsi_4btoul(cdb->addr);
10301		*len = scsi_2btoul(cdb->length);
10302		break;
10303	}
10304	case WRITE_VERIFY_10: {
10305		struct scsi_write_verify_10 *cdb;
10306
10307		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10308
10309		*lba = scsi_4btoul(cdb->addr);
10310		*len = scsi_2btoul(cdb->length);
10311		break;
10312	}
10313	case READ_12:
10314	case WRITE_12: {
10315		struct scsi_rw_12 *cdb;
10316
10317		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10318
10319		*lba = scsi_4btoul(cdb->addr);
10320		*len = scsi_4btoul(cdb->length);
10321		break;
10322	}
10323	case WRITE_VERIFY_12: {
10324		struct scsi_write_verify_12 *cdb;
10325
10326		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10327
10328		*lba = scsi_4btoul(cdb->addr);
10329		*len = scsi_4btoul(cdb->length);
10330		break;
10331	}
10332	case READ_16:
10333	case WRITE_16:
10334	case WRITE_ATOMIC_16: {
10335		struct scsi_rw_16 *cdb;
10336
10337		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10338
10339		*lba = scsi_8btou64(cdb->addr);
10340		*len = scsi_4btoul(cdb->length);
10341		break;
10342	}
10343	case WRITE_VERIFY_16: {
10344		struct scsi_write_verify_16 *cdb;
10345
10346		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10347
10348		*lba = scsi_8btou64(cdb->addr);
10349		*len = scsi_4btoul(cdb->length);
10350		break;
10351	}
10352	case WRITE_SAME_10: {
10353		struct scsi_write_same_10 *cdb;
10354
10355		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10356
10357		*lba = scsi_4btoul(cdb->addr);
10358		*len = scsi_2btoul(cdb->length);
10359		break;
10360	}
10361	case WRITE_SAME_16: {
10362		struct scsi_write_same_16 *cdb;
10363
10364		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10365
10366		*lba = scsi_8btou64(cdb->addr);
10367		*len = scsi_4btoul(cdb->length);
10368		break;
10369	}
10370	case VERIFY_10: {
10371		struct scsi_verify_10 *cdb;
10372
10373		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10374
10375		*lba = scsi_4btoul(cdb->addr);
10376		*len = scsi_2btoul(cdb->length);
10377		break;
10378	}
10379	case VERIFY_12: {
10380		struct scsi_verify_12 *cdb;
10381
10382		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10383
10384		*lba = scsi_4btoul(cdb->addr);
10385		*len = scsi_4btoul(cdb->length);
10386		break;
10387	}
10388	case VERIFY_16: {
10389		struct scsi_verify_16 *cdb;
10390
10391		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10392
10393		*lba = scsi_8btou64(cdb->addr);
10394		*len = scsi_4btoul(cdb->length);
10395		break;
10396	}
10397	case UNMAP: {
10398		*lba = 0;
10399		*len = UINT64_MAX;
10400		break;
10401	}
10402	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10403		struct scsi_get_lba_status *cdb;
10404
10405		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10406		*lba = scsi_8btou64(cdb->addr);
10407		*len = UINT32_MAX;
10408		break;
10409	}
10410	default:
10411		return (1);
10412		break; /* NOTREACHED */
10413	}
10414
10415	return (0);
10416}
10417
10418static ctl_action
10419ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10420    bool seq)
10421{
10422	uint64_t endlba1, endlba2;
10423
10424	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10425	endlba2 = lba2 + len2 - 1;
10426
10427	if ((endlba1 < lba2) || (endlba2 < lba1))
10428		return (CTL_ACTION_PASS);
10429	else
10430		return (CTL_ACTION_BLOCK);
10431}
10432
10433static int
10434ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10435{
10436	struct ctl_ptr_len_flags *ptrlen;
10437	struct scsi_unmap_desc *buf, *end, *range;
10438	uint64_t lba;
10439	uint32_t len;
10440
10441	/* If not UNMAP -- go other way. */
10442	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10443	    io->scsiio.cdb[0] != UNMAP)
10444		return (CTL_ACTION_ERROR);
10445
10446	/* If UNMAP without data -- block and wait for data. */
10447	ptrlen = (struct ctl_ptr_len_flags *)
10448	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10449	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10450	    ptrlen->ptr == NULL)
10451		return (CTL_ACTION_BLOCK);
10452
10453	/* UNMAP with data -- check for collision. */
10454	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10455	end = buf + ptrlen->len / sizeof(*buf);
10456	for (range = buf; range < end; range++) {
10457		lba = scsi_8btou64(range->lba);
10458		len = scsi_4btoul(range->length);
10459		if ((lba < lba2 + len2) && (lba + len > lba2))
10460			return (CTL_ACTION_BLOCK);
10461	}
10462	return (CTL_ACTION_PASS);
10463}
10464
10465static ctl_action
10466ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10467{
10468	uint64_t lba1, lba2;
10469	uint64_t len1, len2;
10470	int retval;
10471
10472	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10473		return (CTL_ACTION_ERROR);
10474
10475	retval = ctl_extent_check_unmap(io1, lba2, len2);
10476	if (retval != CTL_ACTION_ERROR)
10477		return (retval);
10478
10479	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10480		return (CTL_ACTION_ERROR);
10481
10482	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10483}
10484
10485static ctl_action
10486ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10487{
10488	uint64_t lba1, lba2;
10489	uint64_t len1, len2;
10490
10491	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10492		return (CTL_ACTION_ERROR);
10493	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10494		return (CTL_ACTION_ERROR);
10495
10496	if (lba1 + len1 == lba2)
10497		return (CTL_ACTION_BLOCK);
10498	return (CTL_ACTION_PASS);
10499}
10500
10501static ctl_action
10502ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10503    union ctl_io *ooa_io)
10504{
10505	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10506	ctl_serialize_action *serialize_row;
10507
10508	/*
10509	 * The initiator attempted multiple untagged commands at the same
10510	 * time.  Can't do that.
10511	 */
10512	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10513	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10514	 && ((pending_io->io_hdr.nexus.targ_port ==
10515	      ooa_io->io_hdr.nexus.targ_port)
10516	  && (pending_io->io_hdr.nexus.initid ==
10517	      ooa_io->io_hdr.nexus.initid))
10518	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10519	      CTL_FLAG_STATUS_SENT)) == 0))
10520		return (CTL_ACTION_OVERLAP);
10521
10522	/*
10523	 * The initiator attempted to send multiple tagged commands with
10524	 * the same ID.  (It's fine if different initiators have the same
10525	 * tag ID.)
10526	 *
10527	 * Even if all of those conditions are true, we don't kill the I/O
10528	 * if the command ahead of us has been aborted.  We won't end up
10529	 * sending it to the FETD, and it's perfectly legal to resend a
10530	 * command with the same tag number as long as the previous
10531	 * instance of this tag number has been aborted somehow.
10532	 */
10533	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10534	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10535	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10536	 && ((pending_io->io_hdr.nexus.targ_port ==
10537	      ooa_io->io_hdr.nexus.targ_port)
10538	  && (pending_io->io_hdr.nexus.initid ==
10539	      ooa_io->io_hdr.nexus.initid))
10540	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10541	      CTL_FLAG_STATUS_SENT)) == 0))
10542		return (CTL_ACTION_OVERLAP_TAG);
10543
10544	/*
10545	 * If we get a head of queue tag, SAM-3 says that we should
10546	 * immediately execute it.
10547	 *
10548	 * What happens if this command would normally block for some other
10549	 * reason?  e.g. a request sense with a head of queue tag
10550	 * immediately after a write.  Normally that would block, but this
10551	 * will result in its getting executed immediately...
10552	 *
10553	 * We currently return "pass" instead of "skip", so we'll end up
10554	 * going through the rest of the queue to check for overlapped tags.
10555	 *
10556	 * XXX KDM check for other types of blockage first??
10557	 */
10558	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10559		return (CTL_ACTION_PASS);
10560
10561	/*
10562	 * Ordered tags have to block until all items ahead of them
10563	 * have completed.  If we get called with an ordered tag, we always
10564	 * block, if something else is ahead of us in the queue.
10565	 */
10566	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10567		return (CTL_ACTION_BLOCK);
10568
10569	/*
10570	 * Simple tags get blocked until all head of queue and ordered tags
10571	 * ahead of them have completed.  I'm lumping untagged commands in
10572	 * with simple tags here.  XXX KDM is that the right thing to do?
10573	 */
10574	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10575	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10576	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10577	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10578		return (CTL_ACTION_BLOCK);
10579
10580	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10581	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10582
10583	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10584
10585	switch (serialize_row[pending_entry->seridx]) {
10586	case CTL_SER_BLOCK:
10587		return (CTL_ACTION_BLOCK);
10588	case CTL_SER_EXTENT:
10589		return (ctl_extent_check(ooa_io, pending_io,
10590		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10591	case CTL_SER_EXTENTOPT:
10592		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10593		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10594			return (ctl_extent_check(ooa_io, pending_io,
10595			    (lun->be_lun &&
10596			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10597		return (CTL_ACTION_PASS);
10598	case CTL_SER_EXTENTSEQ:
10599		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10600			return (ctl_extent_check_seq(ooa_io, pending_io));
10601		return (CTL_ACTION_PASS);
10602	case CTL_SER_PASS:
10603		return (CTL_ACTION_PASS);
10604	case CTL_SER_BLOCKOPT:
10605		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10606		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10607			return (CTL_ACTION_BLOCK);
10608		return (CTL_ACTION_PASS);
10609	case CTL_SER_SKIP:
10610		return (CTL_ACTION_SKIP);
10611	default:
10612		panic("invalid serialization value %d",
10613		      serialize_row[pending_entry->seridx]);
10614	}
10615
10616	return (CTL_ACTION_ERROR);
10617}
10618
10619/*
10620 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10621 * Assumptions:
10622 * - pending_io is generally either incoming, or on the blocked queue
10623 * - starting I/O is the I/O we want to start the check with.
10624 */
10625static ctl_action
10626ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10627	      union ctl_io *starting_io)
10628{
10629	union ctl_io *ooa_io;
10630	ctl_action action;
10631
10632	mtx_assert(&lun->lun_lock, MA_OWNED);
10633
10634	/*
10635	 * Run back along the OOA queue, starting with the current
10636	 * blocked I/O and going through every I/O before it on the
10637	 * queue.  If starting_io is NULL, we'll just end up returning
10638	 * CTL_ACTION_PASS.
10639	 */
10640	for (ooa_io = starting_io; ooa_io != NULL;
10641	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10642	     ooa_links)){
10643
10644		/*
10645		 * This routine just checks to see whether
10646		 * cur_blocked is blocked by ooa_io, which is ahead
10647		 * of it in the queue.  It doesn't queue/dequeue
10648		 * cur_blocked.
10649		 */
10650		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10651		switch (action) {
10652		case CTL_ACTION_BLOCK:
10653		case CTL_ACTION_OVERLAP:
10654		case CTL_ACTION_OVERLAP_TAG:
10655		case CTL_ACTION_SKIP:
10656		case CTL_ACTION_ERROR:
10657			return (action);
10658			break; /* NOTREACHED */
10659		case CTL_ACTION_PASS:
10660			break;
10661		default:
10662			panic("invalid action %d", action);
10663			break;  /* NOTREACHED */
10664		}
10665	}
10666
10667	return (CTL_ACTION_PASS);
10668}
10669
10670/*
10671 * Assumptions:
10672 * - An I/O has just completed, and has been removed from the per-LUN OOA
10673 *   queue, so some items on the blocked queue may now be unblocked.
10674 */
10675static int
10676ctl_check_blocked(struct ctl_lun *lun)
10677{
10678	struct ctl_softc *softc = lun->ctl_softc;
10679	union ctl_io *cur_blocked, *next_blocked;
10680
10681	mtx_assert(&lun->lun_lock, MA_OWNED);
10682
10683	/*
10684	 * Run forward from the head of the blocked queue, checking each
10685	 * entry against the I/Os prior to it on the OOA queue to see if
10686	 * there is still any blockage.
10687	 *
10688	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10689	 * with our removing a variable on it while it is traversing the
10690	 * list.
10691	 */
10692	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10693	     cur_blocked != NULL; cur_blocked = next_blocked) {
10694		union ctl_io *prev_ooa;
10695		ctl_action action;
10696
10697		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10698							  blocked_links);
10699
10700		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10701						      ctl_ooaq, ooa_links);
10702
10703		/*
10704		 * If cur_blocked happens to be the first item in the OOA
10705		 * queue now, prev_ooa will be NULL, and the action
10706		 * returned will just be CTL_ACTION_PASS.
10707		 */
10708		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10709
10710		switch (action) {
10711		case CTL_ACTION_BLOCK:
10712			/* Nothing to do here, still blocked */
10713			break;
10714		case CTL_ACTION_OVERLAP:
10715		case CTL_ACTION_OVERLAP_TAG:
10716			/*
10717			 * This shouldn't happen!  In theory we've already
10718			 * checked this command for overlap...
10719			 */
10720			break;
10721		case CTL_ACTION_PASS:
10722		case CTL_ACTION_SKIP: {
10723			const struct ctl_cmd_entry *entry;
10724
10725			/*
10726			 * The skip case shouldn't happen, this transaction
10727			 * should have never made it onto the blocked queue.
10728			 */
10729			/*
10730			 * This I/O is no longer blocked, we can remove it
10731			 * from the blocked queue.  Since this is a TAILQ
10732			 * (doubly linked list), we can do O(1) removals
10733			 * from any place on the list.
10734			 */
10735			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10736				     blocked_links);
10737			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10738
10739			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10740			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10741				/*
10742				 * Need to send IO back to original side to
10743				 * run
10744				 */
10745				union ctl_ha_msg msg_info;
10746
10747				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10748				msg_info.hdr.original_sc =
10749					cur_blocked->io_hdr.original_sc;
10750				msg_info.hdr.serializing_sc = cur_blocked;
10751				msg_info.hdr.msg_type = CTL_MSG_R2R;
10752				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10753				    sizeof(msg_info.hdr), M_NOWAIT);
10754				break;
10755			}
10756			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10757
10758			/*
10759			 * Check this I/O for LUN state changes that may
10760			 * have happened while this command was blocked.
10761			 * The LUN state may have been changed by a command
10762			 * ahead of us in the queue, so we need to re-check
10763			 * for any states that can be caused by SCSI
10764			 * commands.
10765			 */
10766			if (ctl_scsiio_lun_check(lun, entry,
10767						 &cur_blocked->scsiio) == 0) {
10768				cur_blocked->io_hdr.flags |=
10769				                      CTL_FLAG_IS_WAS_ON_RTR;
10770				ctl_enqueue_rtr(cur_blocked);
10771			} else
10772				ctl_done(cur_blocked);
10773			break;
10774		}
10775		default:
10776			/*
10777			 * This probably shouldn't happen -- we shouldn't
10778			 * get CTL_ACTION_ERROR, or anything else.
10779			 */
10780			break;
10781		}
10782	}
10783
10784	return (CTL_RETVAL_COMPLETE);
10785}
10786
10787/*
10788 * This routine (with one exception) checks LUN flags that can be set by
10789 * commands ahead of us in the OOA queue.  These flags have to be checked
10790 * when a command initially comes in, and when we pull a command off the
10791 * blocked queue and are preparing to execute it.  The reason we have to
10792 * check these flags for commands on the blocked queue is that the LUN
10793 * state may have been changed by a command ahead of us while we're on the
10794 * blocked queue.
10795 *
10796 * Ordering is somewhat important with these checks, so please pay
10797 * careful attention to the placement of any new checks.
10798 */
10799static int
10800ctl_scsiio_lun_check(struct ctl_lun *lun,
10801    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10802{
10803	struct ctl_softc *softc = lun->ctl_softc;
10804	int retval;
10805	uint32_t residx;
10806
10807	retval = 0;
10808
10809	mtx_assert(&lun->lun_lock, MA_OWNED);
10810
10811	/*
10812	 * If this shelf is a secondary shelf controller, we may have to
10813	 * reject some commands disallowed by HA mode and link state.
10814	 */
10815	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10816		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10817		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10818			ctl_set_lun_unavail(ctsio);
10819			retval = 1;
10820			goto bailout;
10821		}
10822		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10823		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10824			ctl_set_lun_transit(ctsio);
10825			retval = 1;
10826			goto bailout;
10827		}
10828		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10829		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10830			ctl_set_lun_standby(ctsio);
10831			retval = 1;
10832			goto bailout;
10833		}
10834
10835		/* The rest of checks are only done on executing side */
10836		if (softc->ha_mode == CTL_HA_MODE_XFER)
10837			goto bailout;
10838	}
10839
10840	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10841		if (lun->be_lun &&
10842		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10843			ctl_set_sense(ctsio, /*current_error*/ 1,
10844			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10845			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
10846			retval = 1;
10847			goto bailout;
10848		}
10849		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10850		    .eca_and_aen & SCP_SWP) != 0) {
10851			ctl_set_sense(ctsio, /*current_error*/ 1,
10852			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10853			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10854			retval = 1;
10855			goto bailout;
10856		}
10857	}
10858
10859	/*
10860	 * Check for a reservation conflict.  If this command isn't allowed
10861	 * even on reserved LUNs, and if this initiator isn't the one who
10862	 * reserved us, reject the command with a reservation conflict.
10863	 */
10864	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10865	if ((lun->flags & CTL_LUN_RESERVED)
10866	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10867		if (lun->res_idx != residx) {
10868			ctl_set_reservation_conflict(ctsio);
10869			retval = 1;
10870			goto bailout;
10871		}
10872	}
10873
10874	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10875	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10876		/* No reservation or command is allowed. */;
10877	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10878	    (lun->res_type == SPR_TYPE_WR_EX ||
10879	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10880	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10881		/* The command is allowed for Write Exclusive resv. */;
10882	} else {
10883		/*
10884		 * if we aren't registered or it's a res holder type
10885		 * reservation and this isn't the res holder then set a
10886		 * conflict.
10887		 */
10888		if (ctl_get_prkey(lun, residx) == 0
10889		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10890			ctl_set_reservation_conflict(ctsio);
10891			retval = 1;
10892			goto bailout;
10893		}
10894	}
10895
10896	if ((lun->flags & CTL_LUN_OFFLINE)
10897	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10898		ctl_set_lun_not_ready(ctsio);
10899		retval = 1;
10900		goto bailout;
10901	}
10902
10903	if ((lun->flags & CTL_LUN_STOPPED)
10904	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10905		/* "Logical unit not ready, initializing cmd. required" */
10906		ctl_set_lun_stopped(ctsio);
10907		retval = 1;
10908		goto bailout;
10909	}
10910
10911	if ((lun->flags & CTL_LUN_INOPERABLE)
10912	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10913		/* "Medium format corrupted" */
10914		ctl_set_medium_format_corrupted(ctsio);
10915		retval = 1;
10916		goto bailout;
10917	}
10918
10919bailout:
10920	return (retval);
10921}
10922
10923static void
10924ctl_failover_io(union ctl_io *io, int have_lock)
10925{
10926	ctl_set_busy(&io->scsiio);
10927	ctl_done(io);
10928}
10929
10930static void
10931ctl_failover_lun(struct ctl_lun *lun)
10932{
10933	struct ctl_softc *softc = lun->ctl_softc;
10934	struct ctl_io_hdr *io, *next_io;
10935
10936	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
10937	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10938		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10939			/* We are master */
10940			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10941				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10942					io->flags |= CTL_FLAG_ABORT;
10943				} else { /* This can be only due to DATAMOVE */
10944					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10945					io->flags |= CTL_FLAG_IO_ACTIVE;
10946					io->port_status = 31340;
10947					ctl_enqueue_isc((union ctl_io *)io);
10948				}
10949			}
10950			/* We are slave */
10951			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10952				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10953				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10954					io->flags |= CTL_FLAG_FAILOVER;
10955				} else {
10956					ctl_set_busy(&((union ctl_io *)io)->
10957					    scsiio);
10958					ctl_done((union ctl_io *)io);
10959				}
10960			}
10961		}
10962	} else { /* SERIALIZE modes */
10963		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10964		    next_io) {
10965			/* We are master */
10966			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10967				TAILQ_REMOVE(&lun->blocked_queue, io,
10968				    blocked_links);
10969				io->flags &= ~CTL_FLAG_BLOCKED;
10970				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10971				ctl_free_io((union ctl_io *)io);
10972			}
10973		}
10974		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10975			/* We are master */
10976			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10977				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10978				ctl_free_io((union ctl_io *)io);
10979			}
10980			/* We are slave */
10981			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10982				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10983				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
10984					ctl_set_busy(&((union ctl_io *)io)->
10985					    scsiio);
10986					ctl_done((union ctl_io *)io);
10987				}
10988			}
10989		}
10990		ctl_check_blocked(lun);
10991	}
10992}
10993
10994static int
10995ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
10996{
10997	struct ctl_lun *lun;
10998	const struct ctl_cmd_entry *entry;
10999	uint32_t initidx, targ_lun;
11000	int retval;
11001
11002	retval = 0;
11003
11004	lun = NULL;
11005
11006	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11007	if ((targ_lun < CTL_MAX_LUNS)
11008	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11009		/*
11010		 * If the LUN is invalid, pretend that it doesn't exist.
11011		 * It will go away as soon as all pending I/O has been
11012		 * completed.
11013		 */
11014		mtx_lock(&lun->lun_lock);
11015		if (lun->flags & CTL_LUN_DISABLED) {
11016			mtx_unlock(&lun->lun_lock);
11017			lun = NULL;
11018			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11019			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11020		} else {
11021			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11022			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11023				lun->be_lun;
11024
11025			/*
11026			 * Every I/O goes into the OOA queue for a
11027			 * particular LUN, and stays there until completion.
11028			 */
11029#ifdef CTL_TIME_IO
11030			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11031				lun->idle_time += getsbinuptime() -
11032				    lun->last_busy;
11033			}
11034#endif
11035			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11036			    ooa_links);
11037		}
11038	} else {
11039		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11040		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11041	}
11042
11043	/* Get command entry and return error if it is unsuppotyed. */
11044	entry = ctl_validate_command(ctsio);
11045	if (entry == NULL) {
11046		if (lun)
11047			mtx_unlock(&lun->lun_lock);
11048		return (retval);
11049	}
11050
11051	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11052	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11053
11054	/*
11055	 * Check to see whether we can send this command to LUNs that don't
11056	 * exist.  This should pretty much only be the case for inquiry
11057	 * and request sense.  Further checks, below, really require having
11058	 * a LUN, so we can't really check the command anymore.  Just put
11059	 * it on the rtr queue.
11060	 */
11061	if (lun == NULL) {
11062		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11063			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11064			ctl_enqueue_rtr((union ctl_io *)ctsio);
11065			return (retval);
11066		}
11067
11068		ctl_set_unsupported_lun(ctsio);
11069		ctl_done((union ctl_io *)ctsio);
11070		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11071		return (retval);
11072	} else {
11073		/*
11074		 * Make sure we support this particular command on this LUN.
11075		 * e.g., we don't support writes to the control LUN.
11076		 */
11077		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11078			mtx_unlock(&lun->lun_lock);
11079			ctl_set_invalid_opcode(ctsio);
11080			ctl_done((union ctl_io *)ctsio);
11081			return (retval);
11082		}
11083	}
11084
11085	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11086
11087#ifdef CTL_WITH_CA
11088	/*
11089	 * If we've got a request sense, it'll clear the contingent
11090	 * allegiance condition.  Otherwise, if we have a CA condition for
11091	 * this initiator, clear it, because it sent down a command other
11092	 * than request sense.
11093	 */
11094	if ((ctsio->cdb[0] != REQUEST_SENSE)
11095	 && (ctl_is_set(lun->have_ca, initidx)))
11096		ctl_clear_mask(lun->have_ca, initidx);
11097#endif
11098
11099	/*
11100	 * If the command has this flag set, it handles its own unit
11101	 * attention reporting, we shouldn't do anything.  Otherwise we
11102	 * check for any pending unit attentions, and send them back to the
11103	 * initiator.  We only do this when a command initially comes in,
11104	 * not when we pull it off the blocked queue.
11105	 *
11106	 * According to SAM-3, section 5.3.2, the order that things get
11107	 * presented back to the host is basically unit attentions caused
11108	 * by some sort of reset event, busy status, reservation conflicts
11109	 * or task set full, and finally any other status.
11110	 *
11111	 * One issue here is that some of the unit attentions we report
11112	 * don't fall into the "reset" category (e.g. "reported luns data
11113	 * has changed").  So reporting it here, before the reservation
11114	 * check, may be technically wrong.  I guess the only thing to do
11115	 * would be to check for and report the reset events here, and then
11116	 * check for the other unit attention types after we check for a
11117	 * reservation conflict.
11118	 *
11119	 * XXX KDM need to fix this
11120	 */
11121	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11122		ctl_ua_type ua_type;
11123		scsi_sense_data_type sense_format;
11124
11125		if (lun->flags & CTL_LUN_SENSE_DESC)
11126			sense_format = SSD_TYPE_DESC;
11127		else
11128			sense_format = SSD_TYPE_FIXED;
11129
11130		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11131		    sense_format);
11132		if (ua_type != CTL_UA_NONE) {
11133			mtx_unlock(&lun->lun_lock);
11134			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11135			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11136			ctsio->sense_len = SSD_FULL_SIZE;
11137			ctl_done((union ctl_io *)ctsio);
11138			return (retval);
11139		}
11140	}
11141
11142
11143	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11144		mtx_unlock(&lun->lun_lock);
11145		ctl_done((union ctl_io *)ctsio);
11146		return (retval);
11147	}
11148
11149	/*
11150	 * XXX CHD this is where we want to send IO to other side if
11151	 * this LUN is secondary on this SC. We will need to make a copy
11152	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11153	 * the copy we send as FROM_OTHER.
11154	 * We also need to stuff the address of the original IO so we can
11155	 * find it easily. Something similar will need be done on the other
11156	 * side so when we are done we can find the copy.
11157	 */
11158	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11159	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0) {
11160		union ctl_ha_msg msg_info;
11161		int isc_retval;
11162
11163		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11164		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11165		mtx_unlock(&lun->lun_lock);
11166
11167		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11168		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11169		msg_info.hdr.serializing_sc = NULL;
11170		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11171		msg_info.scsi.tag_num = ctsio->tag_num;
11172		msg_info.scsi.tag_type = ctsio->tag_type;
11173		msg_info.scsi.cdb_len = ctsio->cdb_len;
11174		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11175
11176		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11177		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11178		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11179			ctl_set_busy(ctsio);
11180			ctl_done((union ctl_io *)ctsio);
11181			return (retval);
11182		}
11183		return (retval);
11184	}
11185
11186	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11187			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11188			      ctl_ooaq, ooa_links))) {
11189	case CTL_ACTION_BLOCK:
11190		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11191		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11192				  blocked_links);
11193		mtx_unlock(&lun->lun_lock);
11194		return (retval);
11195	case CTL_ACTION_PASS:
11196	case CTL_ACTION_SKIP:
11197		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11198		mtx_unlock(&lun->lun_lock);
11199		ctl_enqueue_rtr((union ctl_io *)ctsio);
11200		break;
11201	case CTL_ACTION_OVERLAP:
11202		mtx_unlock(&lun->lun_lock);
11203		ctl_set_overlapped_cmd(ctsio);
11204		ctl_done((union ctl_io *)ctsio);
11205		break;
11206	case CTL_ACTION_OVERLAP_TAG:
11207		mtx_unlock(&lun->lun_lock);
11208		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11209		ctl_done((union ctl_io *)ctsio);
11210		break;
11211	case CTL_ACTION_ERROR:
11212	default:
11213		mtx_unlock(&lun->lun_lock);
11214		ctl_set_internal_failure(ctsio,
11215					 /*sks_valid*/ 0,
11216					 /*retry_count*/ 0);
11217		ctl_done((union ctl_io *)ctsio);
11218		break;
11219	}
11220	return (retval);
11221}
11222
11223const struct ctl_cmd_entry *
11224ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11225{
11226	const struct ctl_cmd_entry *entry;
11227	int service_action;
11228
11229	entry = &ctl_cmd_table[ctsio->cdb[0]];
11230	if (sa)
11231		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11232	if (entry->flags & CTL_CMD_FLAG_SA5) {
11233		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11234		entry = &((const struct ctl_cmd_entry *)
11235		    entry->execute)[service_action];
11236	}
11237	return (entry);
11238}
11239
11240const struct ctl_cmd_entry *
11241ctl_validate_command(struct ctl_scsiio *ctsio)
11242{
11243	const struct ctl_cmd_entry *entry;
11244	int i, sa;
11245	uint8_t diff;
11246
11247	entry = ctl_get_cmd_entry(ctsio, &sa);
11248	if (entry->execute == NULL) {
11249		if (sa)
11250			ctl_set_invalid_field(ctsio,
11251					      /*sks_valid*/ 1,
11252					      /*command*/ 1,
11253					      /*field*/ 1,
11254					      /*bit_valid*/ 1,
11255					      /*bit*/ 4);
11256		else
11257			ctl_set_invalid_opcode(ctsio);
11258		ctl_done((union ctl_io *)ctsio);
11259		return (NULL);
11260	}
11261	KASSERT(entry->length > 0,
11262	    ("Not defined length for command 0x%02x/0x%02x",
11263	     ctsio->cdb[0], ctsio->cdb[1]));
11264	for (i = 1; i < entry->length; i++) {
11265		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11266		if (diff == 0)
11267			continue;
11268		ctl_set_invalid_field(ctsio,
11269				      /*sks_valid*/ 1,
11270				      /*command*/ 1,
11271				      /*field*/ i,
11272				      /*bit_valid*/ 1,
11273				      /*bit*/ fls(diff) - 1);
11274		ctl_done((union ctl_io *)ctsio);
11275		return (NULL);
11276	}
11277	return (entry);
11278}
11279
11280static int
11281ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11282{
11283
11284	switch (lun_type) {
11285	case T_PROCESSOR:
11286		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11287		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11288			return (0);
11289		break;
11290	case T_DIRECT:
11291		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11292		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11293			return (0);
11294		break;
11295	default:
11296		return (0);
11297	}
11298	return (1);
11299}
11300
11301static int
11302ctl_scsiio(struct ctl_scsiio *ctsio)
11303{
11304	int retval;
11305	const struct ctl_cmd_entry *entry;
11306
11307	retval = CTL_RETVAL_COMPLETE;
11308
11309	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11310
11311	entry = ctl_get_cmd_entry(ctsio, NULL);
11312
11313	/*
11314	 * If this I/O has been aborted, just send it straight to
11315	 * ctl_done() without executing it.
11316	 */
11317	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11318		ctl_done((union ctl_io *)ctsio);
11319		goto bailout;
11320	}
11321
11322	/*
11323	 * All the checks should have been handled by ctl_scsiio_precheck().
11324	 * We should be clear now to just execute the I/O.
11325	 */
11326	retval = entry->execute(ctsio);
11327
11328bailout:
11329	return (retval);
11330}
11331
11332/*
11333 * Since we only implement one target right now, a bus reset simply resets
11334 * our single target.
11335 */
11336static int
11337ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11338{
11339	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11340}
11341
11342static int
11343ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11344		 ctl_ua_type ua_type)
11345{
11346	struct ctl_port *port;
11347	struct ctl_lun *lun;
11348	int retval;
11349
11350	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11351		union ctl_ha_msg msg_info;
11352
11353		msg_info.hdr.nexus = io->io_hdr.nexus;
11354		if (ua_type==CTL_UA_TARG_RESET)
11355			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11356		else
11357			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11358		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11359		msg_info.hdr.original_sc = NULL;
11360		msg_info.hdr.serializing_sc = NULL;
11361		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11362		    sizeof(msg_info.task), M_WAITOK);
11363	}
11364	retval = 0;
11365
11366	mtx_lock(&softc->ctl_lock);
11367	port = softc->ctl_ports[io->io_hdr.nexus.targ_port];
11368	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11369		if (port != NULL &&
11370		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11371			continue;
11372		retval += ctl_lun_reset(lun, io, ua_type);
11373	}
11374	mtx_unlock(&softc->ctl_lock);
11375
11376	return (retval);
11377}
11378
11379/*
11380 * The LUN should always be set.  The I/O is optional, and is used to
11381 * distinguish between I/Os sent by this initiator, and by other
11382 * initiators.  We set unit attention for initiators other than this one.
11383 * SAM-3 is vague on this point.  It does say that a unit attention should
11384 * be established for other initiators when a LUN is reset (see section
11385 * 5.7.3), but it doesn't specifically say that the unit attention should
11386 * be established for this particular initiator when a LUN is reset.  Here
11387 * is the relevant text, from SAM-3 rev 8:
11388 *
11389 * 5.7.2 When a SCSI initiator port aborts its own tasks
11390 *
11391 * When a SCSI initiator port causes its own task(s) to be aborted, no
11392 * notification that the task(s) have been aborted shall be returned to
11393 * the SCSI initiator port other than the completion response for the
11394 * command or task management function action that caused the task(s) to
11395 * be aborted and notification(s) associated with related effects of the
11396 * action (e.g., a reset unit attention condition).
11397 *
11398 * XXX KDM for now, we're setting unit attention for all initiators.
11399 */
11400static int
11401ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11402{
11403	union ctl_io *xio;
11404#if 0
11405	uint32_t initidx;
11406#endif
11407#ifdef CTL_WITH_CA
11408	int i;
11409#endif
11410
11411	mtx_lock(&lun->lun_lock);
11412	/*
11413	 * Run through the OOA queue and abort each I/O.
11414	 */
11415	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11416	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11417		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11418	}
11419
11420	/*
11421	 * This version sets unit attention for every
11422	 */
11423#if 0
11424	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11425	ctl_est_ua_all(lun, initidx, ua_type);
11426#else
11427	ctl_est_ua_all(lun, -1, ua_type);
11428#endif
11429
11430	/*
11431	 * A reset (any kind, really) clears reservations established with
11432	 * RESERVE/RELEASE.  It does not clear reservations established
11433	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11434	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11435	 * reservations made with the RESERVE/RELEASE commands, because
11436	 * those commands are obsolete in SPC-3.
11437	 */
11438	lun->flags &= ~CTL_LUN_RESERVED;
11439
11440#ifdef CTL_WITH_CA
11441	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11442		ctl_clear_mask(lun->have_ca, i);
11443#endif
11444	mtx_unlock(&lun->lun_lock);
11445
11446	return (0);
11447}
11448
11449static void
11450ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11451    int other_sc)
11452{
11453	union ctl_io *xio;
11454
11455	mtx_assert(&lun->lun_lock, MA_OWNED);
11456
11457	/*
11458	 * Run through the OOA queue and attempt to find the given I/O.
11459	 * The target port, initiator ID, tag type and tag number have to
11460	 * match the values that we got from the initiator.  If we have an
11461	 * untagged command to abort, simply abort the first untagged command
11462	 * we come to.  We only allow one untagged command at a time of course.
11463	 */
11464	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11465	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11466
11467		if ((targ_port == UINT32_MAX ||
11468		     targ_port == xio->io_hdr.nexus.targ_port) &&
11469		    (init_id == UINT32_MAX ||
11470		     init_id == xio->io_hdr.nexus.initid)) {
11471			if (targ_port != xio->io_hdr.nexus.targ_port ||
11472			    init_id != xio->io_hdr.nexus.initid)
11473				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11474			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11475			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11476				union ctl_ha_msg msg_info;
11477
11478				msg_info.hdr.nexus = xio->io_hdr.nexus;
11479				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11480				msg_info.task.tag_num = xio->scsiio.tag_num;
11481				msg_info.task.tag_type = xio->scsiio.tag_type;
11482				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11483				msg_info.hdr.original_sc = NULL;
11484				msg_info.hdr.serializing_sc = NULL;
11485				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11486				    sizeof(msg_info.task), M_NOWAIT);
11487			}
11488		}
11489	}
11490}
11491
11492static int
11493ctl_abort_task_set(union ctl_io *io)
11494{
11495	struct ctl_softc *softc = control_softc;
11496	struct ctl_lun *lun;
11497	uint32_t targ_lun;
11498
11499	/*
11500	 * Look up the LUN.
11501	 */
11502	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11503	mtx_lock(&softc->ctl_lock);
11504	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
11505		lun = softc->ctl_luns[targ_lun];
11506	else {
11507		mtx_unlock(&softc->ctl_lock);
11508		return (1);
11509	}
11510
11511	mtx_lock(&lun->lun_lock);
11512	mtx_unlock(&softc->ctl_lock);
11513	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11514		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11515		    io->io_hdr.nexus.initid,
11516		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11517	} else { /* CTL_TASK_CLEAR_TASK_SET */
11518		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11519		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11520	}
11521	mtx_unlock(&lun->lun_lock);
11522	return (0);
11523}
11524
11525static int
11526ctl_i_t_nexus_reset(union ctl_io *io)
11527{
11528	struct ctl_softc *softc = control_softc;
11529	struct ctl_lun *lun;
11530	uint32_t initidx;
11531
11532	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11533		union ctl_ha_msg msg_info;
11534
11535		msg_info.hdr.nexus = io->io_hdr.nexus;
11536		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11537		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11538		msg_info.hdr.original_sc = NULL;
11539		msg_info.hdr.serializing_sc = NULL;
11540		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11541		    sizeof(msg_info.task), M_WAITOK);
11542	}
11543
11544	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11545	mtx_lock(&softc->ctl_lock);
11546	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11547		mtx_lock(&lun->lun_lock);
11548		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11549		    io->io_hdr.nexus.initid, 1);
11550#ifdef CTL_WITH_CA
11551		ctl_clear_mask(lun->have_ca, initidx);
11552#endif
11553		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11554			lun->flags &= ~CTL_LUN_RESERVED;
11555		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11556		mtx_unlock(&lun->lun_lock);
11557	}
11558	mtx_unlock(&softc->ctl_lock);
11559	return (0);
11560}
11561
11562static int
11563ctl_abort_task(union ctl_io *io)
11564{
11565	union ctl_io *xio;
11566	struct ctl_lun *lun;
11567	struct ctl_softc *softc;
11568#if 0
11569	struct sbuf sb;
11570	char printbuf[128];
11571#endif
11572	int found;
11573	uint32_t targ_lun;
11574
11575	softc = control_softc;
11576	found = 0;
11577
11578	/*
11579	 * Look up the LUN.
11580	 */
11581	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11582	mtx_lock(&softc->ctl_lock);
11583	if ((targ_lun < CTL_MAX_LUNS)
11584	 && (softc->ctl_luns[targ_lun] != NULL))
11585		lun = softc->ctl_luns[targ_lun];
11586	else {
11587		mtx_unlock(&softc->ctl_lock);
11588		return (1);
11589	}
11590
11591#if 0
11592	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11593	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11594#endif
11595
11596	mtx_lock(&lun->lun_lock);
11597	mtx_unlock(&softc->ctl_lock);
11598	/*
11599	 * Run through the OOA queue and attempt to find the given I/O.
11600	 * The target port, initiator ID, tag type and tag number have to
11601	 * match the values that we got from the initiator.  If we have an
11602	 * untagged command to abort, simply abort the first untagged command
11603	 * we come to.  We only allow one untagged command at a time of course.
11604	 */
11605	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11606	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11607#if 0
11608		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11609
11610		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11611			    lun->lun, xio->scsiio.tag_num,
11612			    xio->scsiio.tag_type,
11613			    (xio->io_hdr.blocked_links.tqe_prev
11614			    == NULL) ? "" : " BLOCKED",
11615			    (xio->io_hdr.flags &
11616			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11617			    (xio->io_hdr.flags &
11618			    CTL_FLAG_ABORT) ? " ABORT" : "",
11619			    (xio->io_hdr.flags &
11620			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11621		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11622		sbuf_finish(&sb);
11623		printf("%s\n", sbuf_data(&sb));
11624#endif
11625
11626		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11627		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11628		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11629			continue;
11630
11631		/*
11632		 * If the abort says that the task is untagged, the
11633		 * task in the queue must be untagged.  Otherwise,
11634		 * we just check to see whether the tag numbers
11635		 * match.  This is because the QLogic firmware
11636		 * doesn't pass back the tag type in an abort
11637		 * request.
11638		 */
11639#if 0
11640		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11641		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11642		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11643#endif
11644		/*
11645		 * XXX KDM we've got problems with FC, because it
11646		 * doesn't send down a tag type with aborts.  So we
11647		 * can only really go by the tag number...
11648		 * This may cause problems with parallel SCSI.
11649		 * Need to figure that out!!
11650		 */
11651		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11652			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11653			found = 1;
11654			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11655			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11656				union ctl_ha_msg msg_info;
11657
11658				msg_info.hdr.nexus = io->io_hdr.nexus;
11659				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11660				msg_info.task.tag_num = io->taskio.tag_num;
11661				msg_info.task.tag_type = io->taskio.tag_type;
11662				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11663				msg_info.hdr.original_sc = NULL;
11664				msg_info.hdr.serializing_sc = NULL;
11665#if 0
11666				printf("Sent Abort to other side\n");
11667#endif
11668				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11669				    sizeof(msg_info.task), M_NOWAIT);
11670			}
11671#if 0
11672			printf("ctl_abort_task: found I/O to abort\n");
11673#endif
11674		}
11675	}
11676	mtx_unlock(&lun->lun_lock);
11677
11678	if (found == 0) {
11679		/*
11680		 * This isn't really an error.  It's entirely possible for
11681		 * the abort and command completion to cross on the wire.
11682		 * This is more of an informative/diagnostic error.
11683		 */
11684#if 0
11685		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11686		       "%u:%u:%u tag %d type %d\n",
11687		       io->io_hdr.nexus.initid,
11688		       io->io_hdr.nexus.targ_port,
11689		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11690		       io->taskio.tag_type);
11691#endif
11692	}
11693	return (0);
11694}
11695
11696static void
11697ctl_run_task(union ctl_io *io)
11698{
11699	struct ctl_softc *softc = control_softc;
11700	int retval = 1;
11701	const char *task_desc;
11702
11703	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11704
11705	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11706	    ("ctl_run_task: Unextected io_type %d\n",
11707	     io->io_hdr.io_type));
11708
11709	task_desc = ctl_scsi_task_string(&io->taskio);
11710	if (task_desc != NULL) {
11711#ifdef NEEDTOPORT
11712		csevent_log(CSC_CTL | CSC_SHELF_SW |
11713			    CTL_TASK_REPORT,
11714			    csevent_LogType_Trace,
11715			    csevent_Severity_Information,
11716			    csevent_AlertLevel_Green,
11717			    csevent_FRU_Firmware,
11718			    csevent_FRU_Unknown,
11719			    "CTL: received task: %s",task_desc);
11720#endif
11721	} else {
11722#ifdef NEEDTOPORT
11723		csevent_log(CSC_CTL | CSC_SHELF_SW |
11724			    CTL_TASK_REPORT,
11725			    csevent_LogType_Trace,
11726			    csevent_Severity_Information,
11727			    csevent_AlertLevel_Green,
11728			    csevent_FRU_Firmware,
11729			    csevent_FRU_Unknown,
11730			    "CTL: received unknown task "
11731			    "type: %d (%#x)",
11732			    io->taskio.task_action,
11733			    io->taskio.task_action);
11734#endif
11735	}
11736	switch (io->taskio.task_action) {
11737	case CTL_TASK_ABORT_TASK:
11738		retval = ctl_abort_task(io);
11739		break;
11740	case CTL_TASK_ABORT_TASK_SET:
11741	case CTL_TASK_CLEAR_TASK_SET:
11742		retval = ctl_abort_task_set(io);
11743		break;
11744	case CTL_TASK_CLEAR_ACA:
11745		break;
11746	case CTL_TASK_I_T_NEXUS_RESET:
11747		retval = ctl_i_t_nexus_reset(io);
11748		break;
11749	case CTL_TASK_LUN_RESET: {
11750		struct ctl_lun *lun;
11751		uint32_t targ_lun;
11752
11753		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11754		mtx_lock(&softc->ctl_lock);
11755		if ((targ_lun < CTL_MAX_LUNS)
11756		 && (softc->ctl_luns[targ_lun] != NULL))
11757			lun = softc->ctl_luns[targ_lun];
11758		else {
11759			mtx_unlock(&softc->ctl_lock);
11760			retval = 1;
11761			break;
11762		}
11763		retval = ctl_lun_reset(lun, io, CTL_UA_LUN_RESET);
11764		mtx_unlock(&softc->ctl_lock);
11765
11766		if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11767			union ctl_ha_msg msg_info;
11768
11769			msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11770			msg_info.hdr.nexus = io->io_hdr.nexus;
11771			msg_info.task.task_action = CTL_TASK_LUN_RESET;
11772			msg_info.hdr.original_sc = NULL;
11773			msg_info.hdr.serializing_sc = NULL;
11774			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11775			    sizeof(msg_info.task), M_WAITOK);
11776		}
11777		break;
11778	}
11779	case CTL_TASK_TARGET_RESET:
11780		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11781		break;
11782	case CTL_TASK_BUS_RESET:
11783		retval = ctl_bus_reset(softc, io);
11784		break;
11785	case CTL_TASK_PORT_LOGIN:
11786		break;
11787	case CTL_TASK_PORT_LOGOUT:
11788		break;
11789	default:
11790		printf("ctl_run_task: got unknown task management event %d\n",
11791		       io->taskio.task_action);
11792		break;
11793	}
11794	if (retval == 0)
11795		io->io_hdr.status = CTL_SUCCESS;
11796	else
11797		io->io_hdr.status = CTL_ERROR;
11798	ctl_done(io);
11799}
11800
11801/*
11802 * For HA operation.  Handle commands that come in from the other
11803 * controller.
11804 */
11805static void
11806ctl_handle_isc(union ctl_io *io)
11807{
11808	int free_io;
11809	struct ctl_lun *lun;
11810	struct ctl_softc *softc;
11811	uint32_t targ_lun;
11812
11813	softc = control_softc;
11814
11815	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11816	lun = softc->ctl_luns[targ_lun];
11817
11818	switch (io->io_hdr.msg_type) {
11819	case CTL_MSG_SERIALIZE:
11820		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11821		break;
11822	case CTL_MSG_R2R: {
11823		const struct ctl_cmd_entry *entry;
11824
11825		/*
11826		 * This is only used in SER_ONLY mode.
11827		 */
11828		free_io = 0;
11829		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11830		mtx_lock(&lun->lun_lock);
11831		if (ctl_scsiio_lun_check(lun,
11832		    entry, (struct ctl_scsiio *)io) != 0) {
11833			mtx_unlock(&lun->lun_lock);
11834			ctl_done(io);
11835			break;
11836		}
11837		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11838		mtx_unlock(&lun->lun_lock);
11839		ctl_enqueue_rtr(io);
11840		break;
11841	}
11842	case CTL_MSG_FINISH_IO:
11843		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11844			free_io = 0;
11845			ctl_done(io);
11846		} else {
11847			free_io = 1;
11848			mtx_lock(&lun->lun_lock);
11849			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11850				     ooa_links);
11851			ctl_check_blocked(lun);
11852			mtx_unlock(&lun->lun_lock);
11853		}
11854		break;
11855	case CTL_MSG_PERS_ACTION:
11856		ctl_hndl_per_res_out_on_other_sc(
11857			(union ctl_ha_msg *)&io->presio.pr_msg);
11858		free_io = 1;
11859		break;
11860	case CTL_MSG_BAD_JUJU:
11861		free_io = 0;
11862		ctl_done(io);
11863		break;
11864	case CTL_MSG_DATAMOVE:
11865		/* Only used in XFER mode */
11866		free_io = 0;
11867		ctl_datamove_remote(io);
11868		break;
11869	case CTL_MSG_DATAMOVE_DONE:
11870		/* Only used in XFER mode */
11871		free_io = 0;
11872		io->scsiio.be_move_done(io);
11873		break;
11874	case CTL_MSG_FAILOVER:
11875		mtx_lock(&lun->lun_lock);
11876		ctl_failover_lun(lun);
11877		mtx_unlock(&lun->lun_lock);
11878		free_io = 1;
11879		break;
11880	default:
11881		free_io = 1;
11882		printf("%s: Invalid message type %d\n",
11883		       __func__, io->io_hdr.msg_type);
11884		break;
11885	}
11886	if (free_io)
11887		ctl_free_io(io);
11888
11889}
11890
11891
11892/*
11893 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11894 * there is no match.
11895 */
11896static ctl_lun_error_pattern
11897ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11898{
11899	const struct ctl_cmd_entry *entry;
11900	ctl_lun_error_pattern filtered_pattern, pattern;
11901
11902	pattern = desc->error_pattern;
11903
11904	/*
11905	 * XXX KDM we need more data passed into this function to match a
11906	 * custom pattern, and we actually need to implement custom pattern
11907	 * matching.
11908	 */
11909	if (pattern & CTL_LUN_PAT_CMD)
11910		return (CTL_LUN_PAT_CMD);
11911
11912	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11913		return (CTL_LUN_PAT_ANY);
11914
11915	entry = ctl_get_cmd_entry(ctsio, NULL);
11916
11917	filtered_pattern = entry->pattern & pattern;
11918
11919	/*
11920	 * If the user requested specific flags in the pattern (e.g.
11921	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11922	 * flags.
11923	 *
11924	 * If the user did not specify any flags, it doesn't matter whether
11925	 * or not the command supports the flags.
11926	 */
11927	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11928	     (pattern & ~CTL_LUN_PAT_MASK))
11929		return (CTL_LUN_PAT_NONE);
11930
11931	/*
11932	 * If the user asked for a range check, see if the requested LBA
11933	 * range overlaps with this command's LBA range.
11934	 */
11935	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
11936		uint64_t lba1;
11937		uint64_t len1;
11938		ctl_action action;
11939		int retval;
11940
11941		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
11942		if (retval != 0)
11943			return (CTL_LUN_PAT_NONE);
11944
11945		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
11946					      desc->lba_range.len, FALSE);
11947		/*
11948		 * A "pass" means that the LBA ranges don't overlap, so
11949		 * this doesn't match the user's range criteria.
11950		 */
11951		if (action == CTL_ACTION_PASS)
11952			return (CTL_LUN_PAT_NONE);
11953	}
11954
11955	return (filtered_pattern);
11956}
11957
11958static void
11959ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
11960{
11961	struct ctl_error_desc *desc, *desc2;
11962
11963	mtx_assert(&lun->lun_lock, MA_OWNED);
11964
11965	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
11966		ctl_lun_error_pattern pattern;
11967		/*
11968		 * Check to see whether this particular command matches
11969		 * the pattern in the descriptor.
11970		 */
11971		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
11972		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
11973			continue;
11974
11975		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
11976		case CTL_LUN_INJ_ABORTED:
11977			ctl_set_aborted(&io->scsiio);
11978			break;
11979		case CTL_LUN_INJ_MEDIUM_ERR:
11980			ctl_set_medium_error(&io->scsiio);
11981			break;
11982		case CTL_LUN_INJ_UA:
11983			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
11984			 * OCCURRED */
11985			ctl_set_ua(&io->scsiio, 0x29, 0x00);
11986			break;
11987		case CTL_LUN_INJ_CUSTOM:
11988			/*
11989			 * We're assuming the user knows what he is doing.
11990			 * Just copy the sense information without doing
11991			 * checks.
11992			 */
11993			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
11994			      MIN(sizeof(desc->custom_sense),
11995				  sizeof(io->scsiio.sense_data)));
11996			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
11997			io->scsiio.sense_len = SSD_FULL_SIZE;
11998			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11999			break;
12000		case CTL_LUN_INJ_NONE:
12001		default:
12002			/*
12003			 * If this is an error injection type we don't know
12004			 * about, clear the continuous flag (if it is set)
12005			 * so it will get deleted below.
12006			 */
12007			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12008			break;
12009		}
12010		/*
12011		 * By default, each error injection action is a one-shot
12012		 */
12013		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12014			continue;
12015
12016		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12017
12018		free(desc, M_CTL);
12019	}
12020}
12021
12022#ifdef CTL_IO_DELAY
12023static void
12024ctl_datamove_timer_wakeup(void *arg)
12025{
12026	union ctl_io *io;
12027
12028	io = (union ctl_io *)arg;
12029
12030	ctl_datamove(io);
12031}
12032#endif /* CTL_IO_DELAY */
12033
12034void
12035ctl_datamove(union ctl_io *io)
12036{
12037	void (*fe_datamove)(union ctl_io *io);
12038
12039	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12040
12041	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12042
12043#ifdef CTL_TIME_IO
12044	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12045		char str[256];
12046		char path_str[64];
12047		struct sbuf sb;
12048
12049		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12050		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12051
12052		sbuf_cat(&sb, path_str);
12053		switch (io->io_hdr.io_type) {
12054		case CTL_IO_SCSI:
12055			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12056			sbuf_printf(&sb, "\n");
12057			sbuf_cat(&sb, path_str);
12058			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12059				    io->scsiio.tag_num, io->scsiio.tag_type);
12060			break;
12061		case CTL_IO_TASK:
12062			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12063				    "Tag Type: %d\n", io->taskio.task_action,
12064				    io->taskio.tag_num, io->taskio.tag_type);
12065			break;
12066		default:
12067			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12068			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12069			break;
12070		}
12071		sbuf_cat(&sb, path_str);
12072		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12073			    (intmax_t)time_uptime - io->io_hdr.start_time);
12074		sbuf_finish(&sb);
12075		printf("%s", sbuf_data(&sb));
12076	}
12077#endif /* CTL_TIME_IO */
12078
12079#ifdef CTL_IO_DELAY
12080	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12081		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12082	} else {
12083		struct ctl_lun *lun;
12084
12085		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12086		if ((lun != NULL)
12087		 && (lun->delay_info.datamove_delay > 0)) {
12088
12089			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12090			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12091			callout_reset(&io->io_hdr.delay_callout,
12092				      lun->delay_info.datamove_delay * hz,
12093				      ctl_datamove_timer_wakeup, io);
12094			if (lun->delay_info.datamove_type ==
12095			    CTL_DELAY_TYPE_ONESHOT)
12096				lun->delay_info.datamove_delay = 0;
12097			return;
12098		}
12099	}
12100#endif
12101
12102	/*
12103	 * This command has been aborted.  Set the port status, so we fail
12104	 * the data move.
12105	 */
12106	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12107		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12108		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12109		       io->io_hdr.nexus.targ_port,
12110		       io->io_hdr.nexus.targ_lun);
12111		io->io_hdr.port_status = 31337;
12112		/*
12113		 * Note that the backend, in this case, will get the
12114		 * callback in its context.  In other cases it may get
12115		 * called in the frontend's interrupt thread context.
12116		 */
12117		io->scsiio.be_move_done(io);
12118		return;
12119	}
12120
12121	/* Don't confuse frontend with zero length data move. */
12122	if (io->scsiio.kern_data_len == 0) {
12123		io->scsiio.be_move_done(io);
12124		return;
12125	}
12126
12127	/*
12128	 * If we're in XFER mode and this I/O is from the other shelf
12129	 * controller, we need to send the DMA to the other side to
12130	 * actually transfer the data to/from the host.  In serialize only
12131	 * mode the transfer happens below CTL and ctl_datamove() is only
12132	 * called on the machine that originally received the I/O.
12133	 */
12134	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12135	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12136		union ctl_ha_msg msg;
12137		uint32_t sg_entries_sent;
12138		int do_sg_copy;
12139		int i;
12140
12141		memset(&msg, 0, sizeof(msg));
12142		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12143		msg.hdr.original_sc = io->io_hdr.original_sc;
12144		msg.hdr.serializing_sc = io;
12145		msg.hdr.nexus = io->io_hdr.nexus;
12146		msg.dt.flags = io->io_hdr.flags;
12147		/*
12148		 * We convert everything into a S/G list here.  We can't
12149		 * pass by reference, only by value between controllers.
12150		 * So we can't pass a pointer to the S/G list, only as many
12151		 * S/G entries as we can fit in here.  If it's possible for
12152		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12153		 * then we need to break this up into multiple transfers.
12154		 */
12155		if (io->scsiio.kern_sg_entries == 0) {
12156			msg.dt.kern_sg_entries = 1;
12157#if 0
12158			/*
12159			 * Convert to a physical address if this is a
12160			 * virtual address.
12161			 */
12162			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12163				msg.dt.sg_list[0].addr =
12164					io->scsiio.kern_data_ptr;
12165			} else {
12166				/*
12167				 * XXX KDM use busdma here!
12168				 */
12169				msg.dt.sg_list[0].addr = (void *)
12170					vtophys(io->scsiio.kern_data_ptr);
12171			}
12172#else
12173			KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12174			    ("HA does not support BUS_ADDR"));
12175			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
12176#endif
12177
12178			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12179			do_sg_copy = 0;
12180		} else {
12181			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12182			do_sg_copy = 1;
12183		}
12184
12185		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12186		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12187		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12188		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12189		msg.dt.sg_sequence = 0;
12190
12191		/*
12192		 * Loop until we've sent all of the S/G entries.  On the
12193		 * other end, we'll recompose these S/G entries into one
12194		 * contiguous list before passing it to the
12195		 */
12196		for (sg_entries_sent = 0; sg_entries_sent <
12197		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12198			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12199				sizeof(msg.dt.sg_list[0])),
12200				msg.dt.kern_sg_entries - sg_entries_sent);
12201
12202			if (do_sg_copy != 0) {
12203				struct ctl_sg_entry *sgl;
12204				int j;
12205
12206				sgl = (struct ctl_sg_entry *)
12207					io->scsiio.kern_data_ptr;
12208				/*
12209				 * If this is in cached memory, flush the cache
12210				 * before we send the DMA request to the other
12211				 * controller.  We want to do this in either
12212				 * the * read or the write case.  The read
12213				 * case is straightforward.  In the write
12214				 * case, we want to make sure nothing is
12215				 * in the local cache that could overwrite
12216				 * the DMAed data.
12217				 */
12218
12219				for (i = sg_entries_sent, j = 0;
12220				     i < msg.dt.cur_sg_entries; i++, j++) {
12221#if 0
12222					if ((io->io_hdr.flags &
12223					     CTL_FLAG_BUS_ADDR) == 0) {
12224						/*
12225						 * XXX KDM use busdma.
12226						 */
12227						msg.dt.sg_list[j].addr =(void *)
12228						       vtophys(sgl[i].addr);
12229					} else {
12230						msg.dt.sg_list[j].addr =
12231							sgl[i].addr;
12232					}
12233#else
12234					KASSERT((io->io_hdr.flags &
12235					    CTL_FLAG_BUS_ADDR) == 0,
12236					    ("HA does not support BUS_ADDR"));
12237					msg.dt.sg_list[j].addr = sgl[i].addr;
12238#endif
12239					msg.dt.sg_list[j].len = sgl[i].len;
12240				}
12241			}
12242
12243			sg_entries_sent += msg.dt.cur_sg_entries;
12244			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12245				msg.dt.sg_last = 1;
12246			else
12247				msg.dt.sg_last = 0;
12248
12249			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12250			    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
12251			    sizeof(struct ctl_sg_entry)*msg.dt.cur_sg_entries,
12252			    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
12253				io->io_hdr.port_status = 31341;
12254				io->scsiio.be_move_done(io);
12255				return;
12256			}
12257
12258			msg.dt.sent_sg_entries = sg_entries_sent;
12259		}
12260		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12261	} else {
12262
12263		/*
12264		 * Lookup the fe_datamove() function for this particular
12265		 * front end.
12266		 */
12267		fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12268
12269		fe_datamove(io);
12270	}
12271}
12272
12273static void
12274ctl_send_datamove_done(union ctl_io *io, int have_lock)
12275{
12276	union ctl_ha_msg msg;
12277
12278	memset(&msg, 0, sizeof(msg));
12279
12280	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12281	msg.hdr.original_sc = io;
12282	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12283	msg.hdr.nexus = io->io_hdr.nexus;
12284	msg.hdr.status = io->io_hdr.status;
12285	msg.scsi.tag_num = io->scsiio.tag_num;
12286	msg.scsi.tag_type = io->scsiio.tag_type;
12287	msg.scsi.scsi_status = io->scsiio.scsi_status;
12288	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12289	       io->scsiio.sense_len);
12290	msg.scsi.sense_len = io->scsiio.sense_len;
12291	msg.scsi.sense_residual = io->scsiio.sense_residual;
12292	msg.scsi.fetd_status = io->io_hdr.port_status;
12293	msg.scsi.residual = io->scsiio.residual;
12294	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12295
12296	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12297		ctl_failover_io(io, /*have_lock*/ have_lock);
12298		return;
12299	}
12300
12301	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12302	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12303	    msg.scsi.sense_len, M_WAITOK);
12304}
12305
12306/*
12307 * The DMA to the remote side is done, now we need to tell the other side
12308 * we're done so it can continue with its data movement.
12309 */
12310static void
12311ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12312{
12313	union ctl_io *io;
12314	int i;
12315
12316	io = rq->context;
12317
12318	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12319		printf("%s: ISC DMA write failed with error %d", __func__,
12320		       rq->ret);
12321		ctl_set_internal_failure(&io->scsiio,
12322					 /*sks_valid*/ 1,
12323					 /*retry_count*/ rq->ret);
12324	}
12325
12326	ctl_dt_req_free(rq);
12327
12328	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12329		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12330	free(io->io_hdr.remote_sglist, M_CTL);
12331	io->io_hdr.remote_sglist = NULL;
12332	io->io_hdr.local_sglist = NULL;
12333
12334	/*
12335	 * The data is in local and remote memory, so now we need to send
12336	 * status (good or back) back to the other side.
12337	 */
12338	ctl_send_datamove_done(io, /*have_lock*/ 0);
12339}
12340
12341/*
12342 * We've moved the data from the host/controller into local memory.  Now we
12343 * need to push it over to the remote controller's memory.
12344 */
12345static int
12346ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12347{
12348	int retval;
12349
12350	retval = 0;
12351
12352	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12353					  ctl_datamove_remote_write_cb);
12354
12355	return (retval);
12356}
12357
12358static void
12359ctl_datamove_remote_write(union ctl_io *io)
12360{
12361	int retval;
12362	void (*fe_datamove)(union ctl_io *io);
12363
12364	/*
12365	 * - Get the data from the host/HBA into local memory.
12366	 * - DMA memory from the local controller to the remote controller.
12367	 * - Send status back to the remote controller.
12368	 */
12369
12370	retval = ctl_datamove_remote_sgl_setup(io);
12371	if (retval != 0)
12372		return;
12373
12374	/* Switch the pointer over so the FETD knows what to do */
12375	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12376
12377	/*
12378	 * Use a custom move done callback, since we need to send completion
12379	 * back to the other controller, not to the backend on this side.
12380	 */
12381	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12382
12383	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12384
12385	fe_datamove(io);
12386
12387	return;
12388
12389}
12390
12391static int
12392ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12393{
12394#if 0
12395	char str[256];
12396	char path_str[64];
12397	struct sbuf sb;
12398#endif
12399	int i;
12400
12401	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12402		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12403	free(io->io_hdr.remote_sglist, M_CTL);
12404	io->io_hdr.remote_sglist = NULL;
12405	io->io_hdr.local_sglist = NULL;
12406
12407#if 0
12408	scsi_path_string(io, path_str, sizeof(path_str));
12409	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12410	sbuf_cat(&sb, path_str);
12411	scsi_command_string(&io->scsiio, NULL, &sb);
12412	sbuf_printf(&sb, "\n");
12413	sbuf_cat(&sb, path_str);
12414	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12415		    io->scsiio.tag_num, io->scsiio.tag_type);
12416	sbuf_cat(&sb, path_str);
12417	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12418		    io->io_hdr.flags, io->io_hdr.status);
12419	sbuf_finish(&sb);
12420	printk("%s", sbuf_data(&sb));
12421#endif
12422
12423
12424	/*
12425	 * The read is done, now we need to send status (good or bad) back
12426	 * to the other side.
12427	 */
12428	ctl_send_datamove_done(io, /*have_lock*/ 0);
12429
12430	return (0);
12431}
12432
12433static void
12434ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12435{
12436	union ctl_io *io;
12437	void (*fe_datamove)(union ctl_io *io);
12438
12439	io = rq->context;
12440
12441	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12442		printf("%s: ISC DMA read failed with error %d\n", __func__,
12443		       rq->ret);
12444		ctl_set_internal_failure(&io->scsiio,
12445					 /*sks_valid*/ 1,
12446					 /*retry_count*/ rq->ret);
12447	}
12448
12449	ctl_dt_req_free(rq);
12450
12451	/* Switch the pointer over so the FETD knows what to do */
12452	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12453
12454	/*
12455	 * Use a custom move done callback, since we need to send completion
12456	 * back to the other controller, not to the backend on this side.
12457	 */
12458	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12459
12460	/* XXX KDM add checks like the ones in ctl_datamove? */
12461
12462	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12463
12464	fe_datamove(io);
12465}
12466
12467static int
12468ctl_datamove_remote_sgl_setup(union ctl_io *io)
12469{
12470	struct ctl_sg_entry *local_sglist, *remote_sglist;
12471	struct ctl_softc *softc;
12472	uint32_t len_to_go;
12473	int retval;
12474	int i;
12475
12476	retval = 0;
12477	softc = control_softc;
12478	local_sglist = io->io_hdr.local_sglist;
12479	remote_sglist = io->io_hdr.remote_sglist;
12480	len_to_go = io->scsiio.kern_data_len;
12481
12482	/*
12483	 * The difficult thing here is that the size of the various
12484	 * S/G segments may be different than the size from the
12485	 * remote controller.  That'll make it harder when DMAing
12486	 * the data back to the other side.
12487	 */
12488	for (i = 0; len_to_go > 0; i++) {
12489		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12490		local_sglist[i].addr =
12491		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12492
12493		len_to_go -= local_sglist[i].len;
12494	}
12495	/*
12496	 * Reset the number of S/G entries accordingly.  The original
12497	 * number of S/G entries is available in rem_sg_entries.
12498	 */
12499	io->scsiio.kern_sg_entries = i;
12500
12501#if 0
12502	printf("%s: kern_sg_entries = %d\n", __func__,
12503	       io->scsiio.kern_sg_entries);
12504	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12505		printf("%s: sg[%d] = %p, %d\n", __func__, i,
12506		       local_sglist[i].addr, local_sglist[i].len);
12507#endif
12508
12509	return (retval);
12510}
12511
12512static int
12513ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12514			 ctl_ha_dt_cb callback)
12515{
12516	struct ctl_ha_dt_req *rq;
12517	struct ctl_sg_entry *remote_sglist, *local_sglist;
12518	uint32_t local_used, remote_used, total_used;
12519	int i, j, isc_ret;
12520
12521	rq = ctl_dt_req_alloc();
12522
12523	/*
12524	 * If we failed to allocate the request, and if the DMA didn't fail
12525	 * anyway, set busy status.  This is just a resource allocation
12526	 * failure.
12527	 */
12528	if ((rq == NULL)
12529	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
12530		ctl_set_busy(&io->scsiio);
12531
12532	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
12533
12534		if (rq != NULL)
12535			ctl_dt_req_free(rq);
12536
12537		/*
12538		 * The data move failed.  We need to return status back
12539		 * to the other controller.  No point in trying to DMA
12540		 * data to the remote controller.
12541		 */
12542
12543		ctl_send_datamove_done(io, /*have_lock*/ 0);
12544
12545		return (1);
12546	}
12547
12548	local_sglist = io->io_hdr.local_sglist;
12549	remote_sglist = io->io_hdr.remote_sglist;
12550	local_used = 0;
12551	remote_used = 0;
12552	total_used = 0;
12553
12554	/*
12555	 * Pull/push the data over the wire from/to the other controller.
12556	 * This takes into account the possibility that the local and
12557	 * remote sglists may not be identical in terms of the size of
12558	 * the elements and the number of elements.
12559	 *
12560	 * One fundamental assumption here is that the length allocated for
12561	 * both the local and remote sglists is identical.  Otherwise, we've
12562	 * essentially got a coding error of some sort.
12563	 */
12564	isc_ret = CTL_HA_STATUS_SUCCESS;
12565	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12566		uint32_t cur_len;
12567		uint8_t *tmp_ptr;
12568
12569		rq->command = command;
12570		rq->context = io;
12571
12572		/*
12573		 * Both pointers should be aligned.  But it is possible
12574		 * that the allocation length is not.  They should both
12575		 * also have enough slack left over at the end, though,
12576		 * to round up to the next 8 byte boundary.
12577		 */
12578		cur_len = MIN(local_sglist[i].len - local_used,
12579			      remote_sglist[j].len - remote_used);
12580		rq->size = cur_len;
12581
12582		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12583		tmp_ptr += local_used;
12584
12585#if 0
12586		/* Use physical addresses when talking to ISC hardware */
12587		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12588			/* XXX KDM use busdma */
12589			rq->local = vtophys(tmp_ptr);
12590		} else
12591			rq->local = tmp_ptr;
12592#else
12593		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12594		    ("HA does not support BUS_ADDR"));
12595		rq->local = tmp_ptr;
12596#endif
12597
12598		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12599		tmp_ptr += remote_used;
12600		rq->remote = tmp_ptr;
12601
12602		rq->callback = NULL;
12603
12604		local_used += cur_len;
12605		if (local_used >= local_sglist[i].len) {
12606			i++;
12607			local_used = 0;
12608		}
12609
12610		remote_used += cur_len;
12611		if (remote_used >= remote_sglist[j].len) {
12612			j++;
12613			remote_used = 0;
12614		}
12615		total_used += cur_len;
12616
12617		if (total_used >= io->scsiio.kern_data_len)
12618			rq->callback = callback;
12619
12620#if 0
12621		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12622		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12623		       rq->local, rq->remote, rq->size);
12624#endif
12625
12626		isc_ret = ctl_dt_single(rq);
12627		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12628			break;
12629	}
12630	if (isc_ret != CTL_HA_STATUS_WAIT) {
12631		rq->ret = isc_ret;
12632		callback(rq);
12633	}
12634
12635	return (0);
12636}
12637
12638static void
12639ctl_datamove_remote_read(union ctl_io *io)
12640{
12641	int retval;
12642	int i;
12643
12644	/*
12645	 * This will send an error to the other controller in the case of a
12646	 * failure.
12647	 */
12648	retval = ctl_datamove_remote_sgl_setup(io);
12649	if (retval != 0)
12650		return;
12651
12652	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12653					  ctl_datamove_remote_read_cb);
12654	if (retval != 0) {
12655		/*
12656		 * Make sure we free memory if there was an error..  The
12657		 * ctl_datamove_remote_xfer() function will send the
12658		 * datamove done message, or call the callback with an
12659		 * error if there is a problem.
12660		 */
12661		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12662			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12663		free(io->io_hdr.remote_sglist, M_CTL);
12664		io->io_hdr.remote_sglist = NULL;
12665		io->io_hdr.local_sglist = NULL;
12666	}
12667
12668	return;
12669}
12670
12671/*
12672 * Process a datamove request from the other controller.  This is used for
12673 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12674 * first.  Once that is complete, the data gets DMAed into the remote
12675 * controller's memory.  For reads, we DMA from the remote controller's
12676 * memory into our memory first, and then move it out to the FETD.
12677 */
12678static void
12679ctl_datamove_remote(union ctl_io *io)
12680{
12681
12682	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12683
12684	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12685		ctl_failover_io(io, /*have_lock*/ 0);
12686		return;
12687	}
12688
12689	/*
12690	 * Note that we look for an aborted I/O here, but don't do some of
12691	 * the other checks that ctl_datamove() normally does.
12692	 * We don't need to run the datamove delay code, since that should
12693	 * have been done if need be on the other controller.
12694	 */
12695	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12696		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12697		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12698		       io->io_hdr.nexus.targ_port,
12699		       io->io_hdr.nexus.targ_lun);
12700		io->io_hdr.port_status = 31338;
12701		ctl_send_datamove_done(io, /*have_lock*/ 0);
12702		return;
12703	}
12704
12705	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12706		ctl_datamove_remote_write(io);
12707	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12708		ctl_datamove_remote_read(io);
12709	else {
12710		io->io_hdr.port_status = 31339;
12711		ctl_send_datamove_done(io, /*have_lock*/ 0);
12712	}
12713}
12714
12715static int
12716ctl_process_done(union ctl_io *io)
12717{
12718	struct ctl_lun *lun;
12719	struct ctl_softc *softc = control_softc;
12720	void (*fe_done)(union ctl_io *io);
12721	union ctl_ha_msg msg;
12722	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12723
12724	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12725
12726	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0)
12727		fe_done = softc->ctl_ports[targ_port]->fe_done;
12728	else
12729		fe_done = NULL;
12730
12731#ifdef CTL_TIME_IO
12732	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12733		char str[256];
12734		char path_str[64];
12735		struct sbuf sb;
12736
12737		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12738		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12739
12740		sbuf_cat(&sb, path_str);
12741		switch (io->io_hdr.io_type) {
12742		case CTL_IO_SCSI:
12743			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12744			sbuf_printf(&sb, "\n");
12745			sbuf_cat(&sb, path_str);
12746			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12747				    io->scsiio.tag_num, io->scsiio.tag_type);
12748			break;
12749		case CTL_IO_TASK:
12750			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12751				    "Tag Type: %d\n", io->taskio.task_action,
12752				    io->taskio.tag_num, io->taskio.tag_type);
12753			break;
12754		default:
12755			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12756			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12757			break;
12758		}
12759		sbuf_cat(&sb, path_str);
12760		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12761			    (intmax_t)time_uptime - io->io_hdr.start_time);
12762		sbuf_finish(&sb);
12763		printf("%s", sbuf_data(&sb));
12764	}
12765#endif /* CTL_TIME_IO */
12766
12767	switch (io->io_hdr.io_type) {
12768	case CTL_IO_SCSI:
12769		break;
12770	case CTL_IO_TASK:
12771		if (ctl_debug & CTL_DEBUG_INFO)
12772			ctl_io_error_print(io, NULL);
12773		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12774			ctl_free_io(io);
12775		else
12776			fe_done(io);
12777		return (CTL_RETVAL_COMPLETE);
12778	default:
12779		panic("ctl_process_done: invalid io type %d\n",
12780		      io->io_hdr.io_type);
12781		break; /* NOTREACHED */
12782	}
12783
12784	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12785	if (lun == NULL) {
12786		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12787				 io->io_hdr.nexus.targ_mapped_lun));
12788		goto bailout;
12789	}
12790
12791	mtx_lock(&lun->lun_lock);
12792
12793	/*
12794	 * Check to see if we have any errors to inject here.  We only
12795	 * inject errors for commands that don't already have errors set.
12796	 */
12797	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12798	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12799	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12800		ctl_inject_error(lun, io);
12801
12802	/*
12803	 * XXX KDM how do we treat commands that aren't completed
12804	 * successfully?
12805	 *
12806	 * XXX KDM should we also track I/O latency?
12807	 */
12808	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12809	    io->io_hdr.io_type == CTL_IO_SCSI) {
12810#ifdef CTL_TIME_IO
12811		struct bintime cur_bt;
12812#endif
12813		int type;
12814
12815		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12816		    CTL_FLAG_DATA_IN)
12817			type = CTL_STATS_READ;
12818		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12819		    CTL_FLAG_DATA_OUT)
12820			type = CTL_STATS_WRITE;
12821		else
12822			type = CTL_STATS_NO_IO;
12823
12824		lun->stats.ports[targ_port].bytes[type] +=
12825		    io->scsiio.kern_total_len;
12826		lun->stats.ports[targ_port].operations[type]++;
12827#ifdef CTL_TIME_IO
12828		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12829		   &io->io_hdr.dma_bt);
12830		lun->stats.ports[targ_port].num_dmas[type] +=
12831		    io->io_hdr.num_dmas;
12832		getbintime(&cur_bt);
12833		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12834		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12835#endif
12836	}
12837
12838	/*
12839	 * Remove this from the OOA queue.
12840	 */
12841	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12842#ifdef CTL_TIME_IO
12843	if (TAILQ_EMPTY(&lun->ooa_queue))
12844		lun->last_busy = getsbinuptime();
12845#endif
12846
12847	/*
12848	 * Run through the blocked queue on this LUN and see if anything
12849	 * has become unblocked, now that this transaction is done.
12850	 */
12851	ctl_check_blocked(lun);
12852
12853	/*
12854	 * If the LUN has been invalidated, free it if there is nothing
12855	 * left on its OOA queue.
12856	 */
12857	if ((lun->flags & CTL_LUN_INVALID)
12858	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12859		mtx_unlock(&lun->lun_lock);
12860		mtx_lock(&softc->ctl_lock);
12861		ctl_free_lun(lun);
12862		mtx_unlock(&softc->ctl_lock);
12863	} else
12864		mtx_unlock(&lun->lun_lock);
12865
12866bailout:
12867
12868	/*
12869	 * If this command has been aborted, make sure we set the status
12870	 * properly.  The FETD is responsible for freeing the I/O and doing
12871	 * whatever it needs to do to clean up its state.
12872	 */
12873	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12874		ctl_set_task_aborted(&io->scsiio);
12875
12876	/*
12877	 * If enabled, print command error status.
12878	 */
12879	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12880	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12881		ctl_io_error_print(io, NULL);
12882
12883	/*
12884	 * Tell the FETD or the other shelf controller we're done with this
12885	 * command.  Note that only SCSI commands get to this point.  Task
12886	 * management commands are completed above.
12887	 */
12888	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12889	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12890		memset(&msg, 0, sizeof(msg));
12891		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12892		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12893		msg.hdr.nexus = io->io_hdr.nexus;
12894		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12895		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12896		    M_WAITOK);
12897	}
12898	if ((softc->ha_mode == CTL_HA_MODE_XFER)
12899	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12900		memset(&msg, 0, sizeof(msg));
12901		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12902		msg.hdr.original_sc = io->io_hdr.original_sc;
12903		msg.hdr.nexus = io->io_hdr.nexus;
12904		msg.hdr.status = io->io_hdr.status;
12905		msg.scsi.scsi_status = io->scsiio.scsi_status;
12906		msg.scsi.tag_num = io->scsiio.tag_num;
12907		msg.scsi.tag_type = io->scsiio.tag_type;
12908		msg.scsi.sense_len = io->scsiio.sense_len;
12909		msg.scsi.sense_residual = io->scsiio.sense_residual;
12910		msg.scsi.residual = io->scsiio.residual;
12911		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12912		       io->scsiio.sense_len);
12913		/*
12914		 * We copy this whether or not this is an I/O-related
12915		 * command.  Otherwise, we'd have to go and check to see
12916		 * whether it's a read/write command, and it really isn't
12917		 * worth it.
12918		 */
12919		memcpy(&msg.scsi.lbalen,
12920		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
12921		       sizeof(msg.scsi.lbalen));
12922
12923		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12924		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12925		    msg.scsi.sense_len, M_WAITOK);
12926		ctl_free_io(io);
12927	} else
12928		fe_done(io);
12929
12930	return (CTL_RETVAL_COMPLETE);
12931}
12932
12933#ifdef CTL_WITH_CA
12934/*
12935 * Front end should call this if it doesn't do autosense.  When the request
12936 * sense comes back in from the initiator, we'll dequeue this and send it.
12937 */
12938int
12939ctl_queue_sense(union ctl_io *io)
12940{
12941	struct ctl_lun *lun;
12942	struct ctl_port *port;
12943	struct ctl_softc *softc;
12944	uint32_t initidx, targ_lun;
12945
12946	softc = control_softc;
12947
12948	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
12949
12950	/*
12951	 * LUN lookup will likely move to the ctl_work_thread() once we
12952	 * have our new queueing infrastructure (that doesn't put things on
12953	 * a per-LUN queue initially).  That is so that we can handle
12954	 * things like an INQUIRY to a LUN that we don't have enabled.  We
12955	 * can't deal with that right now.
12956	 */
12957	mtx_lock(&softc->ctl_lock);
12958
12959	/*
12960	 * If we don't have a LUN for this, just toss the sense
12961	 * information.
12962	 */
12963	port = ctl_io_port(&ctsio->io_hdr);
12964	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12965	if ((targ_lun < CTL_MAX_LUNS)
12966	 && (softc->ctl_luns[targ_lun] != NULL))
12967		lun = softc->ctl_luns[targ_lun];
12968	else
12969		goto bailout;
12970
12971	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12972
12973	mtx_lock(&lun->lun_lock);
12974	/*
12975	 * Already have CA set for this LUN...toss the sense information.
12976	 */
12977	if (ctl_is_set(lun->have_ca, initidx)) {
12978		mtx_unlock(&lun->lun_lock);
12979		goto bailout;
12980	}
12981
12982	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
12983	       MIN(sizeof(lun->pending_sense[initidx]),
12984	       sizeof(io->scsiio.sense_data)));
12985	ctl_set_mask(lun->have_ca, initidx);
12986	mtx_unlock(&lun->lun_lock);
12987
12988bailout:
12989	mtx_unlock(&softc->ctl_lock);
12990
12991	ctl_free_io(io);
12992
12993	return (CTL_RETVAL_COMPLETE);
12994}
12995#endif
12996
12997/*
12998 * Primary command inlet from frontend ports.  All SCSI and task I/O
12999 * requests must go through this function.
13000 */
13001int
13002ctl_queue(union ctl_io *io)
13003{
13004	struct ctl_port *port;
13005
13006	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13007
13008#ifdef CTL_TIME_IO
13009	io->io_hdr.start_time = time_uptime;
13010	getbintime(&io->io_hdr.start_bt);
13011#endif /* CTL_TIME_IO */
13012
13013	/* Map FE-specific LUN ID into global one. */
13014	port = ctl_io_port(&io->io_hdr);
13015	io->io_hdr.nexus.targ_mapped_lun =
13016	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13017
13018	switch (io->io_hdr.io_type) {
13019	case CTL_IO_SCSI:
13020	case CTL_IO_TASK:
13021		if (ctl_debug & CTL_DEBUG_CDB)
13022			ctl_io_print(io);
13023		ctl_enqueue_incoming(io);
13024		break;
13025	default:
13026		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13027		return (EINVAL);
13028	}
13029
13030	return (CTL_RETVAL_COMPLETE);
13031}
13032
13033#ifdef CTL_IO_DELAY
13034static void
13035ctl_done_timer_wakeup(void *arg)
13036{
13037	union ctl_io *io;
13038
13039	io = (union ctl_io *)arg;
13040	ctl_done(io);
13041}
13042#endif /* CTL_IO_DELAY */
13043
13044void
13045ctl_done(union ctl_io *io)
13046{
13047
13048	/*
13049	 * Enable this to catch duplicate completion issues.
13050	 */
13051#if 0
13052	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13053		printf("%s: type %d msg %d cdb %x iptl: "
13054		       "%u:%u:%u tag 0x%04x "
13055		       "flag %#x status %x\n",
13056			__func__,
13057			io->io_hdr.io_type,
13058			io->io_hdr.msg_type,
13059			io->scsiio.cdb[0],
13060			io->io_hdr.nexus.initid,
13061			io->io_hdr.nexus.targ_port,
13062			io->io_hdr.nexus.targ_lun,
13063			(io->io_hdr.io_type ==
13064			CTL_IO_TASK) ?
13065			io->taskio.tag_num :
13066			io->scsiio.tag_num,
13067		        io->io_hdr.flags,
13068			io->io_hdr.status);
13069	} else
13070		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13071#endif
13072
13073	/*
13074	 * This is an internal copy of an I/O, and should not go through
13075	 * the normal done processing logic.
13076	 */
13077	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13078		return;
13079
13080#ifdef CTL_IO_DELAY
13081	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13082		struct ctl_lun *lun;
13083
13084		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13085
13086		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13087	} else {
13088		struct ctl_lun *lun;
13089
13090		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13091
13092		if ((lun != NULL)
13093		 && (lun->delay_info.done_delay > 0)) {
13094
13095			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13096			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13097			callout_reset(&io->io_hdr.delay_callout,
13098				      lun->delay_info.done_delay * hz,
13099				      ctl_done_timer_wakeup, io);
13100			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13101				lun->delay_info.done_delay = 0;
13102			return;
13103		}
13104	}
13105#endif /* CTL_IO_DELAY */
13106
13107	ctl_enqueue_done(io);
13108}
13109
13110static void
13111ctl_work_thread(void *arg)
13112{
13113	struct ctl_thread *thr = (struct ctl_thread *)arg;
13114	struct ctl_softc *softc = thr->ctl_softc;
13115	union ctl_io *io;
13116	int retval;
13117
13118	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13119
13120	for (;;) {
13121		retval = 0;
13122
13123		/*
13124		 * We handle the queues in this order:
13125		 * - ISC
13126		 * - done queue (to free up resources, unblock other commands)
13127		 * - RtR queue
13128		 * - incoming queue
13129		 *
13130		 * If those queues are empty, we break out of the loop and
13131		 * go to sleep.
13132		 */
13133		mtx_lock(&thr->queue_lock);
13134		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13135		if (io != NULL) {
13136			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13137			mtx_unlock(&thr->queue_lock);
13138			ctl_handle_isc(io);
13139			continue;
13140		}
13141		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13142		if (io != NULL) {
13143			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13144			/* clear any blocked commands, call fe_done */
13145			mtx_unlock(&thr->queue_lock);
13146			retval = ctl_process_done(io);
13147			continue;
13148		}
13149		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13150		if (io != NULL) {
13151			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13152			mtx_unlock(&thr->queue_lock);
13153			if (io->io_hdr.io_type == CTL_IO_TASK)
13154				ctl_run_task(io);
13155			else
13156				ctl_scsiio_precheck(softc, &io->scsiio);
13157			continue;
13158		}
13159		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13160		if (io != NULL) {
13161			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13162			mtx_unlock(&thr->queue_lock);
13163			retval = ctl_scsiio(&io->scsiio);
13164			if (retval != CTL_RETVAL_COMPLETE)
13165				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13166			continue;
13167		}
13168
13169		/* Sleep until we have something to do. */
13170		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13171	}
13172}
13173
13174static void
13175ctl_lun_thread(void *arg)
13176{
13177	struct ctl_softc *softc = (struct ctl_softc *)arg;
13178	struct ctl_be_lun *be_lun;
13179	int retval;
13180
13181	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13182
13183	for (;;) {
13184		retval = 0;
13185		mtx_lock(&softc->ctl_lock);
13186		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13187		if (be_lun != NULL) {
13188			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13189			mtx_unlock(&softc->ctl_lock);
13190			ctl_create_lun(be_lun);
13191			continue;
13192		}
13193
13194		/* Sleep until we have something to do. */
13195		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13196		    PDROP | PRIBIO, "-", 0);
13197	}
13198}
13199
13200static void
13201ctl_thresh_thread(void *arg)
13202{
13203	struct ctl_softc *softc = (struct ctl_softc *)arg;
13204	struct ctl_lun *lun;
13205	struct ctl_be_lun *be_lun;
13206	struct scsi_da_rw_recovery_page *rwpage;
13207	struct ctl_logical_block_provisioning_page *page;
13208	const char *attr;
13209	union ctl_ha_msg msg;
13210	uint64_t thres, val;
13211	int i, e, set;
13212
13213	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13214
13215	for (;;) {
13216		mtx_lock(&softc->ctl_lock);
13217		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13218			be_lun = lun->be_lun;
13219			if ((lun->flags & CTL_LUN_DISABLED) ||
13220			    (lun->flags & CTL_LUN_OFFLINE) ||
13221			    lun->backend->lun_attr == NULL)
13222				continue;
13223			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13224			    softc->ha_mode == CTL_HA_MODE_XFER)
13225				continue;
13226			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13227			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13228				continue;
13229			e = 0;
13230			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13231			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13232				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13233					continue;
13234				thres = scsi_4btoul(page->descr[i].count);
13235				thres <<= CTL_LBP_EXPONENT;
13236				switch (page->descr[i].resource) {
13237				case 0x01:
13238					attr = "blocksavail";
13239					break;
13240				case 0x02:
13241					attr = "blocksused";
13242					break;
13243				case 0xf1:
13244					attr = "poolblocksavail";
13245					break;
13246				case 0xf2:
13247					attr = "poolblocksused";
13248					break;
13249				default:
13250					continue;
13251				}
13252				mtx_unlock(&softc->ctl_lock); // XXX
13253				val = lun->backend->lun_attr(
13254				    lun->be_lun->be_lun, attr);
13255				mtx_lock(&softc->ctl_lock);
13256				if (val == UINT64_MAX)
13257					continue;
13258				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13259				    == SLBPPD_ARMING_INC)
13260					e |= (val >= thres);
13261				else
13262					e |= (val <= thres);
13263			}
13264			mtx_lock(&lun->lun_lock);
13265			if (e) {
13266				if (lun->lasttpt == 0 ||
13267				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13268					lun->lasttpt = time_uptime;
13269					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13270					set = 1;
13271				} else
13272					set = 0;
13273			} else {
13274				lun->lasttpt = 0;
13275				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13276				set = -1;
13277			}
13278			mtx_unlock(&lun->lun_lock);
13279			if (set != 0 &&
13280			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13281				/* Send msg to other side. */
13282				bzero(&msg.ua, sizeof(msg.ua));
13283				msg.hdr.msg_type = CTL_MSG_UA;
13284				msg.hdr.nexus.initid = -1;
13285				msg.hdr.nexus.targ_port = -1;
13286				msg.hdr.nexus.targ_lun = lun->lun;
13287				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13288				msg.ua.ua_all = 1;
13289				msg.ua.ua_set = (set > 0);
13290				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13291				mtx_unlock(&softc->ctl_lock); // XXX
13292				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13293				    sizeof(msg.ua), M_WAITOK);
13294				mtx_lock(&softc->ctl_lock);
13295			}
13296		}
13297		mtx_unlock(&softc->ctl_lock);
13298		pause("-", CTL_LBP_PERIOD * hz);
13299	}
13300}
13301
13302static void
13303ctl_enqueue_incoming(union ctl_io *io)
13304{
13305	struct ctl_softc *softc = control_softc;
13306	struct ctl_thread *thr;
13307	u_int idx;
13308
13309	idx = (io->io_hdr.nexus.targ_port * 127 +
13310	       io->io_hdr.nexus.initid) % worker_threads;
13311	thr = &softc->threads[idx];
13312	mtx_lock(&thr->queue_lock);
13313	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13314	mtx_unlock(&thr->queue_lock);
13315	wakeup(thr);
13316}
13317
13318static void
13319ctl_enqueue_rtr(union ctl_io *io)
13320{
13321	struct ctl_softc *softc = control_softc;
13322	struct ctl_thread *thr;
13323
13324	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13325	mtx_lock(&thr->queue_lock);
13326	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13327	mtx_unlock(&thr->queue_lock);
13328	wakeup(thr);
13329}
13330
13331static void
13332ctl_enqueue_done(union ctl_io *io)
13333{
13334	struct ctl_softc *softc = control_softc;
13335	struct ctl_thread *thr;
13336
13337	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13338	mtx_lock(&thr->queue_lock);
13339	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13340	mtx_unlock(&thr->queue_lock);
13341	wakeup(thr);
13342}
13343
13344static void
13345ctl_enqueue_isc(union ctl_io *io)
13346{
13347	struct ctl_softc *softc = control_softc;
13348	struct ctl_thread *thr;
13349
13350	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13351	mtx_lock(&thr->queue_lock);
13352	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13353	mtx_unlock(&thr->queue_lock);
13354	wakeup(thr);
13355}
13356
13357/*
13358 *  vim: ts=8
13359 */
13360