ctl.c revision 288765 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288765 2015-10-05 09:26:52Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264const static struct scsi_info_exceptions_page ie_page_default = {
265	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
266	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
267	/*info_flags*/SIEP_FLAGS_DEXCPT,
268	/*mrie*/0,
269	/*interval_timer*/{0, 0, 0, 0},
270	/*report_count*/{0, 0, 0, 0}
271};
272
273const static struct scsi_info_exceptions_page ie_page_changeable = {
274	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
275	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
276	/*info_flags*/0,
277	/*mrie*/0,
278	/*interval_timer*/{0, 0, 0, 0},
279	/*report_count*/{0, 0, 0, 0}
280};
281
282#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
283
284const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
286	/*subpage_code*/0x02,
287	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
288	/*flags*/0,
289	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
290	/*descr*/{}},
291	{{/*flags*/0,
292	  /*resource*/0x01,
293	  /*reserved*/{0, 0},
294	  /*count*/{0, 0, 0, 0}},
295	 {/*flags*/0,
296	  /*resource*/0x02,
297	  /*reserved*/{0, 0},
298	  /*count*/{0, 0, 0, 0}},
299	 {/*flags*/0,
300	  /*resource*/0xf1,
301	  /*reserved*/{0, 0},
302	  /*count*/{0, 0, 0, 0}},
303	 {/*flags*/0,
304	  /*resource*/0xf2,
305	  /*reserved*/{0, 0},
306	  /*count*/{0, 0, 0, 0}}
307	}
308};
309
310const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
311	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
312	/*subpage_code*/0x02,
313	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
314	/*flags*/0,
315	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
316	/*descr*/{}},
317	{{/*flags*/0,
318	  /*resource*/0,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}},
325	 {/*flags*/0,
326	  /*resource*/0,
327	  /*reserved*/{0, 0},
328	  /*count*/{0, 0, 0, 0}},
329	 {/*flags*/0,
330	  /*resource*/0,
331	  /*reserved*/{0, 0},
332	  /*count*/{0, 0, 0, 0}}
333	}
334};
335
336SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
337static int worker_threads = -1;
338TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
339SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
340    &worker_threads, 1, "Number of worker threads");
341static int ctl_debug = CTL_DEBUG_NONE;
342TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
343SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
344    &ctl_debug, 0, "Enabled debug flags");
345
346/*
347 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
348 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
349 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
350 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
351 */
352#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
353
354static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
355				  int param);
356static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
357static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
358static int ctl_init(void);
359void ctl_shutdown(void);
360static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
361static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
362static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
363static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
364			      struct ctl_ooa *ooa_hdr,
365			      struct ctl_ooa_entry *kern_entries);
366static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
367		     struct thread *td);
368static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
369			 struct ctl_be_lun *be_lun);
370static int ctl_free_lun(struct ctl_lun *lun);
371static void ctl_create_lun(struct ctl_be_lun *be_lun);
372static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
373
374static int ctl_do_mode_select(union ctl_io *io);
375static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
376			   uint64_t res_key, uint64_t sa_res_key,
377			   uint8_t type, uint32_t residx,
378			   struct ctl_scsiio *ctsio,
379			   struct scsi_per_res_out *cdb,
380			   struct scsi_per_res_out_parms* param);
381static void ctl_pro_preempt_other(struct ctl_lun *lun,
382				  union ctl_ha_msg *msg);
383static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
384static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
385static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
386static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
387static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
388static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
389static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
390					 int alloc_len);
391static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
392					 int alloc_len);
393static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
394static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
395static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
396static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
397static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
398static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
399    bool seq);
400static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
401static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
402    union ctl_io *pending_io, union ctl_io *ooa_io);
403static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
404				union ctl_io *starting_io);
405static int ctl_check_blocked(struct ctl_lun *lun);
406static int ctl_scsiio_lun_check(struct ctl_lun *lun,
407				const struct ctl_cmd_entry *entry,
408				struct ctl_scsiio *ctsio);
409static void ctl_failover_lun(struct ctl_lun *lun);
410static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
411			       struct ctl_scsiio *ctsio);
412static int ctl_scsiio(struct ctl_scsiio *ctsio);
413
414static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
415static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
416			    ctl_ua_type ua_type);
417static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
418			 ctl_ua_type ua_type);
419static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
420static int ctl_abort_task(union ctl_io *io);
421static int ctl_abort_task_set(union ctl_io *io);
422static int ctl_query_task(union ctl_io *io, int task_set);
423static int ctl_i_t_nexus_reset(union ctl_io *io);
424static int ctl_query_async_event(union ctl_io *io);
425static void ctl_run_task(union ctl_io *io);
426#ifdef CTL_IO_DELAY
427static void ctl_datamove_timer_wakeup(void *arg);
428static void ctl_done_timer_wakeup(void *arg);
429#endif /* CTL_IO_DELAY */
430
431static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
432static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
433static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
434static void ctl_datamove_remote_write(union ctl_io *io);
435static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
436static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
437static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
438static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
439				    ctl_ha_dt_cb callback);
440static void ctl_datamove_remote_read(union ctl_io *io);
441static void ctl_datamove_remote(union ctl_io *io);
442static int ctl_process_done(union ctl_io *io);
443static void ctl_lun_thread(void *arg);
444static void ctl_thresh_thread(void *arg);
445static void ctl_work_thread(void *arg);
446static void ctl_enqueue_incoming(union ctl_io *io);
447static void ctl_enqueue_rtr(union ctl_io *io);
448static void ctl_enqueue_done(union ctl_io *io);
449static void ctl_enqueue_isc(union ctl_io *io);
450static const struct ctl_cmd_entry *
451    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
452static const struct ctl_cmd_entry *
453    ctl_validate_command(struct ctl_scsiio *ctsio);
454static int ctl_cmd_applicable(uint8_t lun_type,
455    const struct ctl_cmd_entry *entry);
456
457static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
458static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
459static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
460static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
461
462/*
463 * Load the serialization table.  This isn't very pretty, but is probably
464 * the easiest way to do it.
465 */
466#include "ctl_ser_table.c"
467
468/*
469 * We only need to define open, close and ioctl routines for this driver.
470 */
471static struct cdevsw ctl_cdevsw = {
472	.d_version =	D_VERSION,
473	.d_flags =	0,
474	.d_open =	ctl_open,
475	.d_close =	ctl_close,
476	.d_ioctl =	ctl_ioctl,
477	.d_name =	"ctl",
478};
479
480
481MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
482
483static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
484
485static moduledata_t ctl_moduledata = {
486	"ctl",
487	ctl_module_event_handler,
488	NULL
489};
490
491DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
492MODULE_VERSION(ctl, 1);
493
494static struct ctl_frontend ha_frontend =
495{
496	.name = "ha",
497};
498
499static void
500ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
501			    union ctl_ha_msg *msg_info)
502{
503	struct ctl_scsiio *ctsio;
504
505	if (msg_info->hdr.original_sc == NULL) {
506		printf("%s: original_sc == NULL!\n", __func__);
507		/* XXX KDM now what? */
508		return;
509	}
510
511	ctsio = &msg_info->hdr.original_sc->scsiio;
512	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
513	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
514	ctsio->io_hdr.status = msg_info->hdr.status;
515	ctsio->scsi_status = msg_info->scsi.scsi_status;
516	ctsio->sense_len = msg_info->scsi.sense_len;
517	ctsio->sense_residual = msg_info->scsi.sense_residual;
518	ctsio->residual = msg_info->scsi.residual;
519	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
520	       msg_info->scsi.sense_len);
521	ctl_enqueue_isc((union ctl_io *)ctsio);
522}
523
524static void
525ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
526				union ctl_ha_msg *msg_info)
527{
528	struct ctl_scsiio *ctsio;
529
530	if (msg_info->hdr.serializing_sc == NULL) {
531		printf("%s: serializing_sc == NULL!\n", __func__);
532		/* XXX KDM now what? */
533		return;
534	}
535
536	ctsio = &msg_info->hdr.serializing_sc->scsiio;
537	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
538	ctl_enqueue_isc((union ctl_io *)ctsio);
539}
540
541void
542ctl_isc_announce_lun(struct ctl_lun *lun)
543{
544	struct ctl_softc *softc = lun->ctl_softc;
545	union ctl_ha_msg *msg;
546	struct ctl_ha_msg_lun_pr_key pr_key;
547	int i, k;
548
549	if (softc->ha_link != CTL_HA_LINK_ONLINE)
550		return;
551	mtx_lock(&lun->lun_lock);
552	i = sizeof(msg->lun);
553	if (lun->lun_devid)
554		i += lun->lun_devid->len;
555	i += sizeof(pr_key) * lun->pr_key_count;
556alloc:
557	mtx_unlock(&lun->lun_lock);
558	msg = malloc(i, M_CTL, M_WAITOK);
559	mtx_lock(&lun->lun_lock);
560	k = sizeof(msg->lun);
561	if (lun->lun_devid)
562		k += lun->lun_devid->len;
563	k += sizeof(pr_key) * lun->pr_key_count;
564	if (i < k) {
565		free(msg, M_CTL);
566		i = k;
567		goto alloc;
568	}
569	bzero(&msg->lun, sizeof(msg->lun));
570	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
571	msg->hdr.nexus.targ_lun = lun->lun;
572	msg->hdr.nexus.targ_mapped_lun = lun->lun;
573	msg->lun.flags = lun->flags;
574	msg->lun.pr_generation = lun->PRGeneration;
575	msg->lun.pr_res_idx = lun->pr_res_idx;
576	msg->lun.pr_res_type = lun->res_type;
577	msg->lun.pr_key_count = lun->pr_key_count;
578	i = 0;
579	if (lun->lun_devid) {
580		msg->lun.lun_devid_len = lun->lun_devid->len;
581		memcpy(&msg->lun.data[i], lun->lun_devid->data,
582		    msg->lun.lun_devid_len);
583		i += msg->lun.lun_devid_len;
584	}
585	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
586		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
587			continue;
588		pr_key.pr_iid = k;
589		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
590		i += sizeof(pr_key);
591	}
592	mtx_unlock(&lun->lun_lock);
593	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
594	    M_WAITOK);
595	free(msg, M_CTL);
596}
597
598void
599ctl_isc_announce_port(struct ctl_port *port)
600{
601	struct ctl_softc *softc = control_softc;
602	union ctl_ha_msg *msg;
603	int i;
604
605	if (port->targ_port < softc->port_min ||
606	    port->targ_port >= softc->port_max ||
607	    softc->ha_link != CTL_HA_LINK_ONLINE)
608		return;
609	i = sizeof(msg->port) + strlen(port->port_name) + 1;
610	if (port->lun_map)
611		i += sizeof(uint32_t) * CTL_MAX_LUNS;
612	if (port->port_devid)
613		i += port->port_devid->len;
614	if (port->target_devid)
615		i += port->target_devid->len;
616	msg = malloc(i, M_CTL, M_WAITOK);
617	bzero(&msg->port, sizeof(msg->port));
618	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
619	msg->hdr.nexus.targ_port = port->targ_port;
620	msg->port.port_type = port->port_type;
621	msg->port.physical_port = port->physical_port;
622	msg->port.virtual_port = port->virtual_port;
623	msg->port.status = port->status;
624	i = 0;
625	msg->port.name_len = sprintf(&msg->port.data[i],
626	    "%d:%s", softc->ha_id, port->port_name) + 1;
627	i += msg->port.name_len;
628	if (port->lun_map) {
629		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
630		memcpy(&msg->port.data[i], port->lun_map,
631		    msg->port.lun_map_len);
632		i += msg->port.lun_map_len;
633	}
634	if (port->port_devid) {
635		msg->port.port_devid_len = port->port_devid->len;
636		memcpy(&msg->port.data[i], port->port_devid->data,
637		    msg->port.port_devid_len);
638		i += msg->port.port_devid_len;
639	}
640	if (port->target_devid) {
641		msg->port.target_devid_len = port->target_devid->len;
642		memcpy(&msg->port.data[i], port->target_devid->data,
643		    msg->port.target_devid_len);
644		i += msg->port.target_devid_len;
645	}
646	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
647	    M_WAITOK);
648	free(msg, M_CTL);
649}
650
651static void
652ctl_isc_ha_link_up(struct ctl_softc *softc)
653{
654	struct ctl_port *port;
655	struct ctl_lun *lun;
656
657	STAILQ_FOREACH(port, &softc->port_list, links)
658		ctl_isc_announce_port(port);
659	STAILQ_FOREACH(lun, &softc->lun_list, links)
660		ctl_isc_announce_lun(lun);
661}
662
663static void
664ctl_isc_ha_link_down(struct ctl_softc *softc)
665{
666	struct ctl_port *port;
667	struct ctl_lun *lun;
668	union ctl_io *io;
669
670	mtx_lock(&softc->ctl_lock);
671	STAILQ_FOREACH(lun, &softc->lun_list, links) {
672		mtx_lock(&lun->lun_lock);
673		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
674			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
675			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
676		}
677		mtx_unlock(&lun->lun_lock);
678
679		mtx_unlock(&softc->ctl_lock);
680		io = ctl_alloc_io(softc->othersc_pool);
681		mtx_lock(&softc->ctl_lock);
682		ctl_zero_io(io);
683		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
684		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
685		ctl_enqueue_isc(io);
686	}
687
688	STAILQ_FOREACH(port, &softc->port_list, links) {
689		if (port->targ_port >= softc->port_min &&
690		    port->targ_port < softc->port_max)
691			continue;
692		port->status &= ~CTL_PORT_STATUS_ONLINE;
693	}
694	mtx_unlock(&softc->ctl_lock);
695}
696
697static void
698ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
699{
700	struct ctl_lun *lun;
701	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
702
703	mtx_lock(&softc->ctl_lock);
704	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
705	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
706		mtx_lock(&lun->lun_lock);
707		mtx_unlock(&softc->ctl_lock);
708		if (msg->ua.ua_all) {
709			if (msg->ua.ua_set)
710				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
711			else
712				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
713		} else {
714			if (msg->ua.ua_set)
715				ctl_est_ua(lun, iid, msg->ua.ua_type);
716			else
717				ctl_clr_ua(lun, iid, msg->ua.ua_type);
718		}
719		mtx_unlock(&lun->lun_lock);
720	} else
721		mtx_unlock(&softc->ctl_lock);
722}
723
724static void
725ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
726{
727	struct ctl_lun *lun;
728	struct ctl_ha_msg_lun_pr_key pr_key;
729	int i, k;
730	ctl_lun_flags oflags;
731	uint32_t targ_lun;
732
733	targ_lun = msg->hdr.nexus.targ_mapped_lun;
734	mtx_lock(&softc->ctl_lock);
735	if ((targ_lun >= CTL_MAX_LUNS) ||
736	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
737		mtx_unlock(&softc->ctl_lock);
738		return;
739	}
740	mtx_lock(&lun->lun_lock);
741	mtx_unlock(&softc->ctl_lock);
742	if (lun->flags & CTL_LUN_DISABLED) {
743		mtx_unlock(&lun->lun_lock);
744		return;
745	}
746	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
747	if (msg->lun.lun_devid_len != i || (i > 0 &&
748	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
749		mtx_unlock(&lun->lun_lock);
750		printf("%s: Received conflicting HA LUN %d\n",
751		    __func__, msg->hdr.nexus.targ_lun);
752		return;
753	} else {
754		/* Record whether peer is primary. */
755		oflags = lun->flags;
756		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
757		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
758			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
759		else
760			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
761		if (oflags != lun->flags)
762			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
763
764		/* If peer is primary and we are not -- use data */
765		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
766		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
767			lun->PRGeneration = msg->lun.pr_generation;
768			lun->pr_res_idx = msg->lun.pr_res_idx;
769			lun->res_type = msg->lun.pr_res_type;
770			lun->pr_key_count = msg->lun.pr_key_count;
771			for (k = 0; k < CTL_MAX_INITIATORS; k++)
772				ctl_clr_prkey(lun, k);
773			for (k = 0; k < msg->lun.pr_key_count; k++) {
774				memcpy(&pr_key, &msg->lun.data[i],
775				    sizeof(pr_key));
776				ctl_alloc_prkey(lun, pr_key.pr_iid);
777				ctl_set_prkey(lun, pr_key.pr_iid,
778				    pr_key.pr_key);
779				i += sizeof(pr_key);
780			}
781		}
782
783		mtx_unlock(&lun->lun_lock);
784		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
785		    __func__, msg->hdr.nexus.targ_lun,
786		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
787		    "primary" : "secondary"));
788
789		/* If we are primary but peer doesn't know -- notify */
790		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
791		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
792			ctl_isc_announce_lun(lun);
793	}
794}
795
796static void
797ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
798{
799	struct ctl_port *port;
800	struct ctl_lun *lun;
801	int i, new;
802
803	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
804	if (port == NULL) {
805		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
806		    msg->hdr.nexus.targ_port));
807		new = 1;
808		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
809		port->frontend = &ha_frontend;
810		port->targ_port = msg->hdr.nexus.targ_port;
811	} else if (port->frontend == &ha_frontend) {
812		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
813		    msg->hdr.nexus.targ_port));
814		new = 0;
815	} else {
816		printf("%s: Received conflicting HA port %d\n",
817		    __func__, msg->hdr.nexus.targ_port);
818		return;
819	}
820	port->port_type = msg->port.port_type;
821	port->physical_port = msg->port.physical_port;
822	port->virtual_port = msg->port.virtual_port;
823	port->status = msg->port.status;
824	i = 0;
825	free(port->port_name, M_CTL);
826	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
827	    M_CTL);
828	i += msg->port.name_len;
829	if (msg->port.lun_map_len != 0) {
830		if (port->lun_map == NULL)
831			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
832			    M_CTL, M_WAITOK);
833		memcpy(port->lun_map, &msg->port.data[i],
834		    sizeof(uint32_t) * CTL_MAX_LUNS);
835		i += msg->port.lun_map_len;
836	} else {
837		free(port->lun_map, M_CTL);
838		port->lun_map = NULL;
839	}
840	if (msg->port.port_devid_len != 0) {
841		if (port->port_devid == NULL ||
842		    port->port_devid->len != msg->port.port_devid_len) {
843			free(port->port_devid, M_CTL);
844			port->port_devid = malloc(sizeof(struct ctl_devid) +
845			    msg->port.port_devid_len, M_CTL, M_WAITOK);
846		}
847		memcpy(port->port_devid->data, &msg->port.data[i],
848		    msg->port.port_devid_len);
849		port->port_devid->len = msg->port.port_devid_len;
850		i += msg->port.port_devid_len;
851	} else {
852		free(port->port_devid, M_CTL);
853		port->port_devid = NULL;
854	}
855	if (msg->port.target_devid_len != 0) {
856		if (port->target_devid == NULL ||
857		    port->target_devid->len != msg->port.target_devid_len) {
858			free(port->target_devid, M_CTL);
859			port->target_devid = malloc(sizeof(struct ctl_devid) +
860			    msg->port.target_devid_len, M_CTL, M_WAITOK);
861		}
862		memcpy(port->target_devid->data, &msg->port.data[i],
863		    msg->port.target_devid_len);
864		port->target_devid->len = msg->port.target_devid_len;
865		i += msg->port.target_devid_len;
866	} else {
867		free(port->port_devid, M_CTL);
868		port->port_devid = NULL;
869	}
870	if (new) {
871		if (ctl_port_register(port) != 0) {
872			printf("%s: ctl_port_register() failed with error\n",
873			    __func__);
874		}
875	}
876	mtx_lock(&softc->ctl_lock);
877	STAILQ_FOREACH(lun, &softc->lun_list, links) {
878		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
879			continue;
880		mtx_lock(&lun->lun_lock);
881		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
882		mtx_unlock(&lun->lun_lock);
883	}
884	mtx_unlock(&softc->ctl_lock);
885}
886
887/*
888 * ISC (Inter Shelf Communication) event handler.  Events from the HA
889 * subsystem come in here.
890 */
891static void
892ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
893{
894	struct ctl_softc *softc;
895	union ctl_io *io;
896	struct ctl_prio *presio;
897	ctl_ha_status isc_status;
898
899	softc = control_softc;
900	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
901	if (event == CTL_HA_EVT_MSG_RECV) {
902		union ctl_ha_msg *msg, msgbuf;
903
904		if (param > sizeof(msgbuf))
905			msg = malloc(param, M_CTL, M_WAITOK);
906		else
907			msg = &msgbuf;
908		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
909		    M_WAITOK);
910		if (isc_status != CTL_HA_STATUS_SUCCESS) {
911			printf("%s: Error receiving message: %d\n",
912			    __func__, isc_status);
913			if (msg != &msgbuf)
914				free(msg, M_CTL);
915			return;
916		}
917
918		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
919		switch (msg->hdr.msg_type) {
920		case CTL_MSG_SERIALIZE:
921			io = ctl_alloc_io(softc->othersc_pool);
922			ctl_zero_io(io);
923			// populate ctsio from msg
924			io->io_hdr.io_type = CTL_IO_SCSI;
925			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
926			io->io_hdr.original_sc = msg->hdr.original_sc;
927			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
928					    CTL_FLAG_IO_ACTIVE;
929			/*
930			 * If we're in serialization-only mode, we don't
931			 * want to go through full done processing.  Thus
932			 * the COPY flag.
933			 *
934			 * XXX KDM add another flag that is more specific.
935			 */
936			if (softc->ha_mode != CTL_HA_MODE_XFER)
937				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
938			io->io_hdr.nexus = msg->hdr.nexus;
939#if 0
940			printf("port %u, iid %u, lun %u\n",
941			       io->io_hdr.nexus.targ_port,
942			       io->io_hdr.nexus.initid,
943			       io->io_hdr.nexus.targ_lun);
944#endif
945			io->scsiio.tag_num = msg->scsi.tag_num;
946			io->scsiio.tag_type = msg->scsi.tag_type;
947#ifdef CTL_TIME_IO
948			io->io_hdr.start_time = time_uptime;
949			getbintime(&io->io_hdr.start_bt);
950#endif /* CTL_TIME_IO */
951			io->scsiio.cdb_len = msg->scsi.cdb_len;
952			memcpy(io->scsiio.cdb, msg->scsi.cdb,
953			       CTL_MAX_CDBLEN);
954			if (softc->ha_mode == CTL_HA_MODE_XFER) {
955				const struct ctl_cmd_entry *entry;
956
957				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
958				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
959				io->io_hdr.flags |=
960					entry->flags & CTL_FLAG_DATA_MASK;
961			}
962			ctl_enqueue_isc(io);
963			break;
964
965		/* Performed on the Originating SC, XFER mode only */
966		case CTL_MSG_DATAMOVE: {
967			struct ctl_sg_entry *sgl;
968			int i, j;
969
970			io = msg->hdr.original_sc;
971			if (io == NULL) {
972				printf("%s: original_sc == NULL!\n", __func__);
973				/* XXX KDM do something here */
974				break;
975			}
976			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
977			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
978			/*
979			 * Keep track of this, we need to send it back over
980			 * when the datamove is complete.
981			 */
982			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
983			if (msg->hdr.status == CTL_SUCCESS)
984				io->io_hdr.status = msg->hdr.status;
985
986			if (msg->dt.sg_sequence == 0) {
987				i = msg->dt.kern_sg_entries +
988				    io->scsiio.kern_data_len /
989				    CTL_HA_DATAMOVE_SEGMENT + 1;
990				sgl = malloc(sizeof(*sgl) * i, M_CTL,
991				    M_WAITOK | M_ZERO);
992				io->io_hdr.remote_sglist = sgl;
993				io->io_hdr.local_sglist =
994				    &sgl[msg->dt.kern_sg_entries];
995
996				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
997
998				io->scsiio.kern_sg_entries =
999					msg->dt.kern_sg_entries;
1000				io->scsiio.rem_sg_entries =
1001					msg->dt.kern_sg_entries;
1002				io->scsiio.kern_data_len =
1003					msg->dt.kern_data_len;
1004				io->scsiio.kern_total_len =
1005					msg->dt.kern_total_len;
1006				io->scsiio.kern_data_resid =
1007					msg->dt.kern_data_resid;
1008				io->scsiio.kern_rel_offset =
1009					msg->dt.kern_rel_offset;
1010				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1011				io->io_hdr.flags |= msg->dt.flags &
1012				    CTL_FLAG_BUS_ADDR;
1013			} else
1014				sgl = (struct ctl_sg_entry *)
1015					io->scsiio.kern_data_ptr;
1016
1017			for (i = msg->dt.sent_sg_entries, j = 0;
1018			     i < (msg->dt.sent_sg_entries +
1019			     msg->dt.cur_sg_entries); i++, j++) {
1020				sgl[i].addr = msg->dt.sg_list[j].addr;
1021				sgl[i].len = msg->dt.sg_list[j].len;
1022
1023#if 0
1024				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
1025				       __func__,
1026				       msg->dt.sg_list[j].addr,
1027				       msg->dt.sg_list[j].len,
1028				       sgl[i].addr, sgl[i].len, j, i);
1029#endif
1030			}
1031
1032			/*
1033			 * If this is the last piece of the I/O, we've got
1034			 * the full S/G list.  Queue processing in the thread.
1035			 * Otherwise wait for the next piece.
1036			 */
1037			if (msg->dt.sg_last != 0)
1038				ctl_enqueue_isc(io);
1039			break;
1040		}
1041		/* Performed on the Serializing (primary) SC, XFER mode only */
1042		case CTL_MSG_DATAMOVE_DONE: {
1043			if (msg->hdr.serializing_sc == NULL) {
1044				printf("%s: serializing_sc == NULL!\n",
1045				       __func__);
1046				/* XXX KDM now what? */
1047				break;
1048			}
1049			/*
1050			 * We grab the sense information here in case
1051			 * there was a failure, so we can return status
1052			 * back to the initiator.
1053			 */
1054			io = msg->hdr.serializing_sc;
1055			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1056			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1057			io->io_hdr.port_status = msg->scsi.fetd_status;
1058			io->scsiio.residual = msg->scsi.residual;
1059			if (msg->hdr.status != CTL_STATUS_NONE) {
1060				io->io_hdr.status = msg->hdr.status;
1061				io->scsiio.scsi_status = msg->scsi.scsi_status;
1062				io->scsiio.sense_len = msg->scsi.sense_len;
1063				io->scsiio.sense_residual =msg->scsi.sense_residual;
1064				memcpy(&io->scsiio.sense_data,
1065				    &msg->scsi.sense_data,
1066				    msg->scsi.sense_len);
1067				if (msg->hdr.status == CTL_SUCCESS)
1068					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1069			}
1070			ctl_enqueue_isc(io);
1071			break;
1072		}
1073
1074		/* Preformed on Originating SC, SER_ONLY mode */
1075		case CTL_MSG_R2R:
1076			io = msg->hdr.original_sc;
1077			if (io == NULL) {
1078				printf("%s: original_sc == NULL!\n",
1079				    __func__);
1080				break;
1081			}
1082			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1083			io->io_hdr.msg_type = CTL_MSG_R2R;
1084			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1085			ctl_enqueue_isc(io);
1086			break;
1087
1088		/*
1089		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1090		 * mode.
1091		 * Performed on the Originating (i.e. secondary) SC in XFER
1092		 * mode
1093		 */
1094		case CTL_MSG_FINISH_IO:
1095			if (softc->ha_mode == CTL_HA_MODE_XFER)
1096				ctl_isc_handler_finish_xfer(softc, msg);
1097			else
1098				ctl_isc_handler_finish_ser_only(softc, msg);
1099			break;
1100
1101		/* Preformed on Originating SC */
1102		case CTL_MSG_BAD_JUJU:
1103			io = msg->hdr.original_sc;
1104			if (io == NULL) {
1105				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1106				       __func__);
1107				break;
1108			}
1109			ctl_copy_sense_data(msg, io);
1110			/*
1111			 * IO should have already been cleaned up on other
1112			 * SC so clear this flag so we won't send a message
1113			 * back to finish the IO there.
1114			 */
1115			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1116			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1117
1118			/* io = msg->hdr.serializing_sc; */
1119			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1120			ctl_enqueue_isc(io);
1121			break;
1122
1123		/* Handle resets sent from the other side */
1124		case CTL_MSG_MANAGE_TASKS: {
1125			struct ctl_taskio *taskio;
1126			taskio = (struct ctl_taskio *)ctl_alloc_io(
1127			    softc->othersc_pool);
1128			ctl_zero_io((union ctl_io *)taskio);
1129			taskio->io_hdr.io_type = CTL_IO_TASK;
1130			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1131			taskio->io_hdr.nexus = msg->hdr.nexus;
1132			taskio->task_action = msg->task.task_action;
1133			taskio->tag_num = msg->task.tag_num;
1134			taskio->tag_type = msg->task.tag_type;
1135#ifdef CTL_TIME_IO
1136			taskio->io_hdr.start_time = time_uptime;
1137			getbintime(&taskio->io_hdr.start_bt);
1138#endif /* CTL_TIME_IO */
1139			ctl_run_task((union ctl_io *)taskio);
1140			break;
1141		}
1142		/* Persistent Reserve action which needs attention */
1143		case CTL_MSG_PERS_ACTION:
1144			presio = (struct ctl_prio *)ctl_alloc_io(
1145			    softc->othersc_pool);
1146			ctl_zero_io((union ctl_io *)presio);
1147			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1148			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1149			presio->io_hdr.nexus = msg->hdr.nexus;
1150			presio->pr_msg = msg->pr;
1151			ctl_enqueue_isc((union ctl_io *)presio);
1152			break;
1153		case CTL_MSG_UA:
1154			ctl_isc_ua(softc, msg, param);
1155			break;
1156		case CTL_MSG_PORT_SYNC:
1157			ctl_isc_port_sync(softc, msg, param);
1158			break;
1159		case CTL_MSG_LUN_SYNC:
1160			ctl_isc_lun_sync(softc, msg, param);
1161			break;
1162		default:
1163			printf("Received HA message of unknown type %d\n",
1164			    msg->hdr.msg_type);
1165			break;
1166		}
1167		if (msg != &msgbuf)
1168			free(msg, M_CTL);
1169	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1170		printf("CTL: HA link status changed from %d to %d\n",
1171		    softc->ha_link, param);
1172		if (param == softc->ha_link)
1173			return;
1174		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1175			softc->ha_link = param;
1176			ctl_isc_ha_link_down(softc);
1177		} else {
1178			softc->ha_link = param;
1179			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1180				ctl_isc_ha_link_up(softc);
1181		}
1182		return;
1183	} else {
1184		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1185		return;
1186	}
1187}
1188
1189static void
1190ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1191{
1192
1193	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1194	    src->scsi.sense_len);
1195	dest->scsiio.scsi_status = src->scsi.scsi_status;
1196	dest->scsiio.sense_len = src->scsi.sense_len;
1197	dest->io_hdr.status = src->hdr.status;
1198}
1199
1200static void
1201ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1202{
1203
1204	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1205	    src->scsiio.sense_len);
1206	dest->scsi.scsi_status = src->scsiio.scsi_status;
1207	dest->scsi.sense_len = src->scsiio.sense_len;
1208	dest->hdr.status = src->io_hdr.status;
1209}
1210
1211void
1212ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1213{
1214	struct ctl_softc *softc = lun->ctl_softc;
1215	ctl_ua_type *pu;
1216
1217	if (initidx < softc->init_min || initidx >= softc->init_max)
1218		return;
1219	mtx_assert(&lun->lun_lock, MA_OWNED);
1220	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1221	if (pu == NULL)
1222		return;
1223	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1224}
1225
1226void
1227ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1228{
1229	int i;
1230
1231	mtx_assert(&lun->lun_lock, MA_OWNED);
1232	if (lun->pending_ua[port] == NULL)
1233		return;
1234	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1235		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1236			continue;
1237		lun->pending_ua[port][i] |= ua;
1238	}
1239}
1240
1241void
1242ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1243{
1244	struct ctl_softc *softc = lun->ctl_softc;
1245	int i;
1246
1247	mtx_assert(&lun->lun_lock, MA_OWNED);
1248	for (i = softc->port_min; i < softc->port_max; i++)
1249		ctl_est_ua_port(lun, i, except, ua);
1250}
1251
1252void
1253ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1254{
1255	struct ctl_softc *softc = lun->ctl_softc;
1256	ctl_ua_type *pu;
1257
1258	if (initidx < softc->init_min || initidx >= softc->init_max)
1259		return;
1260	mtx_assert(&lun->lun_lock, MA_OWNED);
1261	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1262	if (pu == NULL)
1263		return;
1264	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1265}
1266
1267void
1268ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1269{
1270	struct ctl_softc *softc = lun->ctl_softc;
1271	int i, j;
1272
1273	mtx_assert(&lun->lun_lock, MA_OWNED);
1274	for (i = softc->port_min; i < softc->port_max; i++) {
1275		if (lun->pending_ua[i] == NULL)
1276			continue;
1277		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1278			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1279				continue;
1280			lun->pending_ua[i][j] &= ~ua;
1281		}
1282	}
1283}
1284
1285void
1286ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1287    ctl_ua_type ua_type)
1288{
1289	struct ctl_lun *lun;
1290
1291	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1292	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1293		mtx_lock(&lun->lun_lock);
1294		ctl_clr_ua(lun, initidx, ua_type);
1295		mtx_unlock(&lun->lun_lock);
1296	}
1297}
1298
1299static int
1300ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1301{
1302	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1303	struct ctl_lun *lun;
1304	struct ctl_lun_req ireq;
1305	int error, value;
1306
1307	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1308	error = sysctl_handle_int(oidp, &value, 0, req);
1309	if ((error != 0) || (req->newptr == NULL))
1310		return (error);
1311
1312	mtx_lock(&softc->ctl_lock);
1313	if (value == 0)
1314		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1315	else
1316		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1317	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1318		mtx_unlock(&softc->ctl_lock);
1319		bzero(&ireq, sizeof(ireq));
1320		ireq.reqtype = CTL_LUNREQ_MODIFY;
1321		ireq.reqdata.modify.lun_id = lun->lun;
1322		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1323		    curthread);
1324		if (ireq.status != CTL_LUN_OK) {
1325			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1326			    __func__, ireq.status, ireq.error_str);
1327		}
1328		mtx_lock(&softc->ctl_lock);
1329	}
1330	mtx_unlock(&softc->ctl_lock);
1331	return (0);
1332}
1333
1334static int
1335ctl_init(void)
1336{
1337	struct ctl_softc *softc;
1338	void *other_pool;
1339	int i, error, retval;
1340
1341	retval = 0;
1342	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1343			       M_WAITOK | M_ZERO);
1344	softc = control_softc;
1345
1346	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1347			      "cam/ctl");
1348
1349	softc->dev->si_drv1 = softc;
1350
1351	sysctl_ctx_init(&softc->sysctl_ctx);
1352	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1353		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1354		CTLFLAG_RD, 0, "CAM Target Layer");
1355
1356	if (softc->sysctl_tree == NULL) {
1357		printf("%s: unable to allocate sysctl tree\n", __func__);
1358		destroy_dev(softc->dev);
1359		free(control_softc, M_DEVBUF);
1360		control_softc = NULL;
1361		return (ENOMEM);
1362	}
1363
1364	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1365	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1366	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1367	softc->open_count = 0;
1368
1369	/*
1370	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1371	 * the drive.
1372	 */
1373	softc->flags = CTL_FLAG_REAL_SYNC;
1374
1375	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1376	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1377	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1378
1379	/*
1380	 * In Copan's HA scheme, the "master" and "slave" roles are
1381	 * figured out through the slot the controller is in.  Although it
1382	 * is an active/active system, someone has to be in charge.
1383	 */
1384	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1385	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1386	    "HA head ID (0 - no HA)");
1387	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1388		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1389		softc->is_single = 1;
1390		softc->port_cnt = CTL_MAX_PORTS;
1391		softc->port_min = 0;
1392	} else {
1393		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1394		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1395	}
1396	softc->port_max = softc->port_min + softc->port_cnt;
1397	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1398	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1399
1400	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1401	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1402	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1403
1404	STAILQ_INIT(&softc->lun_list);
1405	STAILQ_INIT(&softc->pending_lun_queue);
1406	STAILQ_INIT(&softc->fe_list);
1407	STAILQ_INIT(&softc->port_list);
1408	STAILQ_INIT(&softc->be_list);
1409	ctl_tpc_init(softc);
1410
1411	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1412	                    &other_pool) != 0)
1413	{
1414		printf("ctl: can't allocate %d entry other SC pool, "
1415		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1416		return (ENOMEM);
1417	}
1418	softc->othersc_pool = other_pool;
1419
1420	if (worker_threads <= 0)
1421		worker_threads = max(1, mp_ncpus / 4);
1422	if (worker_threads > CTL_MAX_THREADS)
1423		worker_threads = CTL_MAX_THREADS;
1424
1425	for (i = 0; i < worker_threads; i++) {
1426		struct ctl_thread *thr = &softc->threads[i];
1427
1428		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1429		thr->ctl_softc = softc;
1430		STAILQ_INIT(&thr->incoming_queue);
1431		STAILQ_INIT(&thr->rtr_queue);
1432		STAILQ_INIT(&thr->done_queue);
1433		STAILQ_INIT(&thr->isc_queue);
1434
1435		error = kproc_kthread_add(ctl_work_thread, thr,
1436		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1437		if (error != 0) {
1438			printf("error creating CTL work thread!\n");
1439			ctl_pool_free(other_pool);
1440			return (error);
1441		}
1442	}
1443	error = kproc_kthread_add(ctl_lun_thread, softc,
1444	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1445	if (error != 0) {
1446		printf("error creating CTL lun thread!\n");
1447		ctl_pool_free(other_pool);
1448		return (error);
1449	}
1450	error = kproc_kthread_add(ctl_thresh_thread, softc,
1451	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1452	if (error != 0) {
1453		printf("error creating CTL threshold thread!\n");
1454		ctl_pool_free(other_pool);
1455		return (error);
1456	}
1457
1458	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1459	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1460	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1461
1462	if (softc->is_single == 0) {
1463		ctl_frontend_register(&ha_frontend);
1464		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1465			printf("ctl_init: ctl_ha_msg_init failed.\n");
1466			softc->is_single = 1;
1467		} else
1468		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1469		    != CTL_HA_STATUS_SUCCESS) {
1470			printf("ctl_init: ctl_ha_msg_register failed.\n");
1471			softc->is_single = 1;
1472		}
1473	}
1474	return (0);
1475}
1476
1477void
1478ctl_shutdown(void)
1479{
1480	struct ctl_softc *softc;
1481	struct ctl_lun *lun, *next_lun;
1482
1483	softc = (struct ctl_softc *)control_softc;
1484
1485	if (softc->is_single == 0) {
1486		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1487		    != CTL_HA_STATUS_SUCCESS) {
1488			printf("ctl_shutdown: ctl_ha_msg_deregister failed.\n");
1489		}
1490		if (ctl_ha_msg_shutdown(softc) != CTL_HA_STATUS_SUCCESS) {
1491			printf("ctl_shutdown: ctl_ha_msg_shutdown failed.\n");
1492		}
1493		ctl_frontend_deregister(&ha_frontend);
1494	}
1495
1496	mtx_lock(&softc->ctl_lock);
1497
1498	/*
1499	 * Free up each LUN.
1500	 */
1501	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1502		next_lun = STAILQ_NEXT(lun, links);
1503		ctl_free_lun(lun);
1504	}
1505
1506	mtx_unlock(&softc->ctl_lock);
1507
1508#if 0
1509	ctl_shutdown_thread(softc->work_thread);
1510	mtx_destroy(&softc->queue_lock);
1511#endif
1512
1513	ctl_tpc_shutdown(softc);
1514	uma_zdestroy(softc->io_zone);
1515	mtx_destroy(&softc->ctl_lock);
1516
1517	destroy_dev(softc->dev);
1518
1519	sysctl_ctx_free(&softc->sysctl_ctx);
1520
1521	free(control_softc, M_DEVBUF);
1522	control_softc = NULL;
1523}
1524
1525static int
1526ctl_module_event_handler(module_t mod, int what, void *arg)
1527{
1528
1529	switch (what) {
1530	case MOD_LOAD:
1531		return (ctl_init());
1532	case MOD_UNLOAD:
1533		return (EBUSY);
1534	default:
1535		return (EOPNOTSUPP);
1536	}
1537}
1538
1539/*
1540 * XXX KDM should we do some access checks here?  Bump a reference count to
1541 * prevent a CTL module from being unloaded while someone has it open?
1542 */
1543static int
1544ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1545{
1546	return (0);
1547}
1548
1549static int
1550ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1551{
1552	return (0);
1553}
1554
1555/*
1556 * Remove an initiator by port number and initiator ID.
1557 * Returns 0 for success, -1 for failure.
1558 */
1559int
1560ctl_remove_initiator(struct ctl_port *port, int iid)
1561{
1562	struct ctl_softc *softc = control_softc;
1563
1564	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1565
1566	if (iid > CTL_MAX_INIT_PER_PORT) {
1567		printf("%s: initiator ID %u > maximun %u!\n",
1568		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1569		return (-1);
1570	}
1571
1572	mtx_lock(&softc->ctl_lock);
1573	port->wwpn_iid[iid].in_use--;
1574	port->wwpn_iid[iid].last_use = time_uptime;
1575	mtx_unlock(&softc->ctl_lock);
1576
1577	return (0);
1578}
1579
1580/*
1581 * Add an initiator to the initiator map.
1582 * Returns iid for success, < 0 for failure.
1583 */
1584int
1585ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1586{
1587	struct ctl_softc *softc = control_softc;
1588	time_t best_time;
1589	int i, best;
1590
1591	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1592
1593	if (iid >= CTL_MAX_INIT_PER_PORT) {
1594		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1595		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1596		free(name, M_CTL);
1597		return (-1);
1598	}
1599
1600	mtx_lock(&softc->ctl_lock);
1601
1602	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1603		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1604			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1605				iid = i;
1606				break;
1607			}
1608			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1609			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1610				iid = i;
1611				break;
1612			}
1613		}
1614	}
1615
1616	if (iid < 0) {
1617		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1618			if (port->wwpn_iid[i].in_use == 0 &&
1619			    port->wwpn_iid[i].wwpn == 0 &&
1620			    port->wwpn_iid[i].name == NULL) {
1621				iid = i;
1622				break;
1623			}
1624		}
1625	}
1626
1627	if (iid < 0) {
1628		best = -1;
1629		best_time = INT32_MAX;
1630		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1631			if (port->wwpn_iid[i].in_use == 0) {
1632				if (port->wwpn_iid[i].last_use < best_time) {
1633					best = i;
1634					best_time = port->wwpn_iid[i].last_use;
1635				}
1636			}
1637		}
1638		iid = best;
1639	}
1640
1641	if (iid < 0) {
1642		mtx_unlock(&softc->ctl_lock);
1643		free(name, M_CTL);
1644		return (-2);
1645	}
1646
1647	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1648		/*
1649		 * This is not an error yet.
1650		 */
1651		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1652#if 0
1653			printf("%s: port %d iid %u WWPN %#jx arrived"
1654			    " again\n", __func__, port->targ_port,
1655			    iid, (uintmax_t)wwpn);
1656#endif
1657			goto take;
1658		}
1659		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1660		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1661#if 0
1662			printf("%s: port %d iid %u name '%s' arrived"
1663			    " again\n", __func__, port->targ_port,
1664			    iid, name);
1665#endif
1666			goto take;
1667		}
1668
1669		/*
1670		 * This is an error, but what do we do about it?  The
1671		 * driver is telling us we have a new WWPN for this
1672		 * initiator ID, so we pretty much need to use it.
1673		 */
1674		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1675		    " but WWPN %#jx '%s' is still at that address\n",
1676		    __func__, port->targ_port, iid, wwpn, name,
1677		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1678		    port->wwpn_iid[iid].name);
1679
1680		/*
1681		 * XXX KDM clear have_ca and ua_pending on each LUN for
1682		 * this initiator.
1683		 */
1684	}
1685take:
1686	free(port->wwpn_iid[iid].name, M_CTL);
1687	port->wwpn_iid[iid].name = name;
1688	port->wwpn_iid[iid].wwpn = wwpn;
1689	port->wwpn_iid[iid].in_use++;
1690	mtx_unlock(&softc->ctl_lock);
1691
1692	return (iid);
1693}
1694
1695static int
1696ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1697{
1698	int len;
1699
1700	switch (port->port_type) {
1701	case CTL_PORT_FC:
1702	{
1703		struct scsi_transportid_fcp *id =
1704		    (struct scsi_transportid_fcp *)buf;
1705		if (port->wwpn_iid[iid].wwpn == 0)
1706			return (0);
1707		memset(id, 0, sizeof(*id));
1708		id->format_protocol = SCSI_PROTO_FC;
1709		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1710		return (sizeof(*id));
1711	}
1712	case CTL_PORT_ISCSI:
1713	{
1714		struct scsi_transportid_iscsi_port *id =
1715		    (struct scsi_transportid_iscsi_port *)buf;
1716		if (port->wwpn_iid[iid].name == NULL)
1717			return (0);
1718		memset(id, 0, 256);
1719		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1720		    SCSI_PROTO_ISCSI;
1721		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1722		len = roundup2(min(len, 252), 4);
1723		scsi_ulto2b(len, id->additional_length);
1724		return (sizeof(*id) + len);
1725	}
1726	case CTL_PORT_SAS:
1727	{
1728		struct scsi_transportid_sas *id =
1729		    (struct scsi_transportid_sas *)buf;
1730		if (port->wwpn_iid[iid].wwpn == 0)
1731			return (0);
1732		memset(id, 0, sizeof(*id));
1733		id->format_protocol = SCSI_PROTO_SAS;
1734		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1735		return (sizeof(*id));
1736	}
1737	default:
1738	{
1739		struct scsi_transportid_spi *id =
1740		    (struct scsi_transportid_spi *)buf;
1741		memset(id, 0, sizeof(*id));
1742		id->format_protocol = SCSI_PROTO_SPI;
1743		scsi_ulto2b(iid, id->scsi_addr);
1744		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1745		return (sizeof(*id));
1746	}
1747	}
1748}
1749
1750/*
1751 * Serialize a command that went down the "wrong" side, and so was sent to
1752 * this controller for execution.  The logic is a little different than the
1753 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1754 * sent back to the other side, but in the success case, we execute the
1755 * command on this side (XFER mode) or tell the other side to execute it
1756 * (SER_ONLY mode).
1757 */
1758static int
1759ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1760{
1761	struct ctl_softc *softc;
1762	union ctl_ha_msg msg_info;
1763	struct ctl_lun *lun;
1764	const struct ctl_cmd_entry *entry;
1765	int retval = 0;
1766	uint32_t targ_lun;
1767
1768	softc = control_softc;
1769
1770	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1771	mtx_lock(&softc->ctl_lock);
1772	if ((targ_lun < CTL_MAX_LUNS) &&
1773	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
1774		mtx_lock(&lun->lun_lock);
1775		mtx_unlock(&softc->ctl_lock);
1776		/*
1777		 * If the LUN is invalid, pretend that it doesn't exist.
1778		 * It will go away as soon as all pending I/O has been
1779		 * completed.
1780		 */
1781		if (lun->flags & CTL_LUN_DISABLED) {
1782			mtx_unlock(&lun->lun_lock);
1783			lun = NULL;
1784		}
1785	} else {
1786		mtx_unlock(&softc->ctl_lock);
1787		lun = NULL;
1788	}
1789	if (lun == NULL) {
1790		/*
1791		 * The other node would not send this request to us unless
1792		 * received announce that we are primary node for this LUN.
1793		 * If this LUN does not exist now, it is probably result of
1794		 * a race, so respond to initiator in the most opaque way.
1795		 */
1796		ctl_set_busy(ctsio);
1797		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1798		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1799		msg_info.hdr.serializing_sc = NULL;
1800		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1801		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1802		    sizeof(msg_info.scsi), M_WAITOK);
1803		return(1);
1804	}
1805
1806	entry = ctl_get_cmd_entry(ctsio, NULL);
1807	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
1808		mtx_unlock(&lun->lun_lock);
1809		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1810		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1811		msg_info.hdr.serializing_sc = NULL;
1812		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1813		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1814		    sizeof(msg_info.scsi), M_WAITOK);
1815		return(1);
1816	}
1817
1818	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
1819	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
1820
1821	/*
1822	 * Every I/O goes into the OOA queue for a
1823	 * particular LUN, and stays there until completion.
1824	 */
1825#ifdef CTL_TIME_IO
1826	if (TAILQ_EMPTY(&lun->ooa_queue))
1827		lun->idle_time += getsbinuptime() - lun->last_busy;
1828#endif
1829	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1830
1831	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1832		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1833		 ooa_links))) {
1834	case CTL_ACTION_BLOCK:
1835		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1836		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1837				  blocked_links);
1838		mtx_unlock(&lun->lun_lock);
1839		break;
1840	case CTL_ACTION_PASS:
1841	case CTL_ACTION_SKIP:
1842		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1843			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1844			ctl_enqueue_rtr((union ctl_io *)ctsio);
1845			mtx_unlock(&lun->lun_lock);
1846		} else {
1847			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
1848			mtx_unlock(&lun->lun_lock);
1849
1850			/* send msg back to other side */
1851			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1852			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1853			msg_info.hdr.msg_type = CTL_MSG_R2R;
1854			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1855			    sizeof(msg_info.hdr), M_WAITOK);
1856		}
1857		break;
1858	case CTL_ACTION_OVERLAP:
1859		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1860		mtx_unlock(&lun->lun_lock);
1861		retval = 1;
1862
1863		ctl_set_overlapped_cmd(ctsio);
1864		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1865		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1866		msg_info.hdr.serializing_sc = NULL;
1867		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1868		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1869		    sizeof(msg_info.scsi), M_WAITOK);
1870		break;
1871	case CTL_ACTION_OVERLAP_TAG:
1872		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1873		mtx_unlock(&lun->lun_lock);
1874		retval = 1;
1875		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
1876		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1877		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1878		msg_info.hdr.serializing_sc = NULL;
1879		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1880		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1881		    sizeof(msg_info.scsi), M_WAITOK);
1882		break;
1883	case CTL_ACTION_ERROR:
1884	default:
1885		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1886		mtx_unlock(&lun->lun_lock);
1887		retval = 1;
1888
1889		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
1890					 /*retry_count*/ 0);
1891		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1892		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1893		msg_info.hdr.serializing_sc = NULL;
1894		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1895		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1896		    sizeof(msg_info.scsi), M_WAITOK);
1897		break;
1898	}
1899	return (retval);
1900}
1901
1902/*
1903 * Returns 0 for success, errno for failure.
1904 */
1905static int
1906ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1907		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1908{
1909	union ctl_io *io;
1910	int retval;
1911
1912	retval = 0;
1913
1914	mtx_lock(&lun->lun_lock);
1915	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1916	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1917	     ooa_links)) {
1918		struct ctl_ooa_entry *entry;
1919
1920		/*
1921		 * If we've got more than we can fit, just count the
1922		 * remaining entries.
1923		 */
1924		if (*cur_fill_num >= ooa_hdr->alloc_num)
1925			continue;
1926
1927		entry = &kern_entries[*cur_fill_num];
1928
1929		entry->tag_num = io->scsiio.tag_num;
1930		entry->lun_num = lun->lun;
1931#ifdef CTL_TIME_IO
1932		entry->start_bt = io->io_hdr.start_bt;
1933#endif
1934		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
1935		entry->cdb_len = io->scsiio.cdb_len;
1936		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1937			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1938
1939		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1940			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
1941
1942		if (io->io_hdr.flags & CTL_FLAG_ABORT)
1943			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
1944
1945		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
1946			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
1947
1948		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
1949			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
1950	}
1951	mtx_unlock(&lun->lun_lock);
1952
1953	return (retval);
1954}
1955
1956static void *
1957ctl_copyin_alloc(void *user_addr, int len, char *error_str,
1958		 size_t error_str_len)
1959{
1960	void *kptr;
1961
1962	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
1963
1964	if (copyin(user_addr, kptr, len) != 0) {
1965		snprintf(error_str, error_str_len, "Error copying %d bytes "
1966			 "from user address %p to kernel address %p", len,
1967			 user_addr, kptr);
1968		free(kptr, M_CTL);
1969		return (NULL);
1970	}
1971
1972	return (kptr);
1973}
1974
1975static void
1976ctl_free_args(int num_args, struct ctl_be_arg *args)
1977{
1978	int i;
1979
1980	if (args == NULL)
1981		return;
1982
1983	for (i = 0; i < num_args; i++) {
1984		free(args[i].kname, M_CTL);
1985		free(args[i].kvalue, M_CTL);
1986	}
1987
1988	free(args, M_CTL);
1989}
1990
1991static struct ctl_be_arg *
1992ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
1993		char *error_str, size_t error_str_len)
1994{
1995	struct ctl_be_arg *args;
1996	int i;
1997
1998	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
1999				error_str, error_str_len);
2000
2001	if (args == NULL)
2002		goto bailout;
2003
2004	for (i = 0; i < num_args; i++) {
2005		args[i].kname = NULL;
2006		args[i].kvalue = NULL;
2007	}
2008
2009	for (i = 0; i < num_args; i++) {
2010		uint8_t *tmpptr;
2011
2012		args[i].kname = ctl_copyin_alloc(args[i].name,
2013			args[i].namelen, error_str, error_str_len);
2014		if (args[i].kname == NULL)
2015			goto bailout;
2016
2017		if (args[i].kname[args[i].namelen - 1] != '\0') {
2018			snprintf(error_str, error_str_len, "Argument %d "
2019				 "name is not NUL-terminated", i);
2020			goto bailout;
2021		}
2022
2023		if (args[i].flags & CTL_BEARG_RD) {
2024			tmpptr = ctl_copyin_alloc(args[i].value,
2025				args[i].vallen, error_str, error_str_len);
2026			if (tmpptr == NULL)
2027				goto bailout;
2028			if ((args[i].flags & CTL_BEARG_ASCII)
2029			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2030				snprintf(error_str, error_str_len, "Argument "
2031				    "%d value is not NUL-terminated", i);
2032				goto bailout;
2033			}
2034			args[i].kvalue = tmpptr;
2035		} else {
2036			args[i].kvalue = malloc(args[i].vallen,
2037			    M_CTL, M_WAITOK | M_ZERO);
2038		}
2039	}
2040
2041	return (args);
2042bailout:
2043
2044	ctl_free_args(num_args, args);
2045
2046	return (NULL);
2047}
2048
2049static void
2050ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2051{
2052	int i;
2053
2054	for (i = 0; i < num_args; i++) {
2055		if (args[i].flags & CTL_BEARG_WR)
2056			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2057	}
2058}
2059
2060/*
2061 * Escape characters that are illegal or not recommended in XML.
2062 */
2063int
2064ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2065{
2066	char *end = str + size;
2067	int retval;
2068
2069	retval = 0;
2070
2071	for (; *str && str < end; str++) {
2072		switch (*str) {
2073		case '&':
2074			retval = sbuf_printf(sb, "&amp;");
2075			break;
2076		case '>':
2077			retval = sbuf_printf(sb, "&gt;");
2078			break;
2079		case '<':
2080			retval = sbuf_printf(sb, "&lt;");
2081			break;
2082		default:
2083			retval = sbuf_putc(sb, *str);
2084			break;
2085		}
2086
2087		if (retval != 0)
2088			break;
2089
2090	}
2091
2092	return (retval);
2093}
2094
2095static void
2096ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2097{
2098	struct scsi_vpd_id_descriptor *desc;
2099	int i;
2100
2101	if (id == NULL || id->len < 4)
2102		return;
2103	desc = (struct scsi_vpd_id_descriptor *)id->data;
2104	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2105	case SVPD_ID_TYPE_T10:
2106		sbuf_printf(sb, "t10.");
2107		break;
2108	case SVPD_ID_TYPE_EUI64:
2109		sbuf_printf(sb, "eui.");
2110		break;
2111	case SVPD_ID_TYPE_NAA:
2112		sbuf_printf(sb, "naa.");
2113		break;
2114	case SVPD_ID_TYPE_SCSI_NAME:
2115		break;
2116	}
2117	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2118	case SVPD_ID_CODESET_BINARY:
2119		for (i = 0; i < desc->length; i++)
2120			sbuf_printf(sb, "%02x", desc->identifier[i]);
2121		break;
2122	case SVPD_ID_CODESET_ASCII:
2123		sbuf_printf(sb, "%.*s", (int)desc->length,
2124		    (char *)desc->identifier);
2125		break;
2126	case SVPD_ID_CODESET_UTF8:
2127		sbuf_printf(sb, "%s", (char *)desc->identifier);
2128		break;
2129	}
2130}
2131
2132static int
2133ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2134	  struct thread *td)
2135{
2136	struct ctl_softc *softc;
2137	struct ctl_lun *lun;
2138	int retval;
2139
2140	softc = control_softc;
2141
2142	retval = 0;
2143
2144	switch (cmd) {
2145	case CTL_IO:
2146		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2147		break;
2148	case CTL_ENABLE_PORT:
2149	case CTL_DISABLE_PORT:
2150	case CTL_SET_PORT_WWNS: {
2151		struct ctl_port *port;
2152		struct ctl_port_entry *entry;
2153
2154		entry = (struct ctl_port_entry *)addr;
2155
2156		mtx_lock(&softc->ctl_lock);
2157		STAILQ_FOREACH(port, &softc->port_list, links) {
2158			int action, done;
2159
2160			if (port->targ_port < softc->port_min ||
2161			    port->targ_port >= softc->port_max)
2162				continue;
2163
2164			action = 0;
2165			done = 0;
2166			if ((entry->port_type == CTL_PORT_NONE)
2167			 && (entry->targ_port == port->targ_port)) {
2168				/*
2169				 * If the user only wants to enable or
2170				 * disable or set WWNs on a specific port,
2171				 * do the operation and we're done.
2172				 */
2173				action = 1;
2174				done = 1;
2175			} else if (entry->port_type & port->port_type) {
2176				/*
2177				 * Compare the user's type mask with the
2178				 * particular frontend type to see if we
2179				 * have a match.
2180				 */
2181				action = 1;
2182				done = 0;
2183
2184				/*
2185				 * Make sure the user isn't trying to set
2186				 * WWNs on multiple ports at the same time.
2187				 */
2188				if (cmd == CTL_SET_PORT_WWNS) {
2189					printf("%s: Can't set WWNs on "
2190					       "multiple ports\n", __func__);
2191					retval = EINVAL;
2192					break;
2193				}
2194			}
2195			if (action == 0)
2196				continue;
2197
2198			/*
2199			 * XXX KDM we have to drop the lock here, because
2200			 * the online/offline operations can potentially
2201			 * block.  We need to reference count the frontends
2202			 * so they can't go away,
2203			 */
2204			if (cmd == CTL_ENABLE_PORT) {
2205				mtx_unlock(&softc->ctl_lock);
2206				ctl_port_online(port);
2207				mtx_lock(&softc->ctl_lock);
2208			} else if (cmd == CTL_DISABLE_PORT) {
2209				mtx_unlock(&softc->ctl_lock);
2210				ctl_port_offline(port);
2211				mtx_lock(&softc->ctl_lock);
2212			} else if (cmd == CTL_SET_PORT_WWNS) {
2213				ctl_port_set_wwns(port,
2214				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2215				    1 : 0, entry->wwnn,
2216				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2217				    1 : 0, entry->wwpn);
2218			}
2219			if (done != 0)
2220				break;
2221		}
2222		mtx_unlock(&softc->ctl_lock);
2223		break;
2224	}
2225	case CTL_GET_PORT_LIST: {
2226		struct ctl_port *port;
2227		struct ctl_port_list *list;
2228		int i;
2229
2230		list = (struct ctl_port_list *)addr;
2231
2232		if (list->alloc_len != (list->alloc_num *
2233		    sizeof(struct ctl_port_entry))) {
2234			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2235			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2236			       "%zu\n", __func__, list->alloc_len,
2237			       list->alloc_num, sizeof(struct ctl_port_entry));
2238			retval = EINVAL;
2239			break;
2240		}
2241		list->fill_len = 0;
2242		list->fill_num = 0;
2243		list->dropped_num = 0;
2244		i = 0;
2245		mtx_lock(&softc->ctl_lock);
2246		STAILQ_FOREACH(port, &softc->port_list, links) {
2247			struct ctl_port_entry entry, *list_entry;
2248
2249			if (list->fill_num >= list->alloc_num) {
2250				list->dropped_num++;
2251				continue;
2252			}
2253
2254			entry.port_type = port->port_type;
2255			strlcpy(entry.port_name, port->port_name,
2256				sizeof(entry.port_name));
2257			entry.targ_port = port->targ_port;
2258			entry.physical_port = port->physical_port;
2259			entry.virtual_port = port->virtual_port;
2260			entry.wwnn = port->wwnn;
2261			entry.wwpn = port->wwpn;
2262			if (port->status & CTL_PORT_STATUS_ONLINE)
2263				entry.online = 1;
2264			else
2265				entry.online = 0;
2266
2267			list_entry = &list->entries[i];
2268
2269			retval = copyout(&entry, list_entry, sizeof(entry));
2270			if (retval != 0) {
2271				printf("%s: CTL_GET_PORT_LIST: copyout "
2272				       "returned %d\n", __func__, retval);
2273				break;
2274			}
2275			i++;
2276			list->fill_num++;
2277			list->fill_len += sizeof(entry);
2278		}
2279		mtx_unlock(&softc->ctl_lock);
2280
2281		/*
2282		 * If this is non-zero, we had a copyout fault, so there's
2283		 * probably no point in attempting to set the status inside
2284		 * the structure.
2285		 */
2286		if (retval != 0)
2287			break;
2288
2289		if (list->dropped_num > 0)
2290			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2291		else
2292			list->status = CTL_PORT_LIST_OK;
2293		break;
2294	}
2295	case CTL_DUMP_OOA: {
2296		union ctl_io *io;
2297		char printbuf[128];
2298		struct sbuf sb;
2299
2300		mtx_lock(&softc->ctl_lock);
2301		printf("Dumping OOA queues:\n");
2302		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2303			mtx_lock(&lun->lun_lock);
2304			for (io = (union ctl_io *)TAILQ_FIRST(
2305			     &lun->ooa_queue); io != NULL;
2306			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2307			     ooa_links)) {
2308				sbuf_new(&sb, printbuf, sizeof(printbuf),
2309					 SBUF_FIXEDLEN);
2310				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2311					    (intmax_t)lun->lun,
2312					    io->scsiio.tag_num,
2313					    (io->io_hdr.flags &
2314					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2315					    (io->io_hdr.flags &
2316					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2317					    (io->io_hdr.flags &
2318					    CTL_FLAG_ABORT) ? " ABORT" : "",
2319			                    (io->io_hdr.flags &
2320		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2321				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2322				sbuf_finish(&sb);
2323				printf("%s\n", sbuf_data(&sb));
2324			}
2325			mtx_unlock(&lun->lun_lock);
2326		}
2327		printf("OOA queues dump done\n");
2328		mtx_unlock(&softc->ctl_lock);
2329		break;
2330	}
2331	case CTL_GET_OOA: {
2332		struct ctl_ooa *ooa_hdr;
2333		struct ctl_ooa_entry *entries;
2334		uint32_t cur_fill_num;
2335
2336		ooa_hdr = (struct ctl_ooa *)addr;
2337
2338		if ((ooa_hdr->alloc_len == 0)
2339		 || (ooa_hdr->alloc_num == 0)) {
2340			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2341			       "must be non-zero\n", __func__,
2342			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2343			retval = EINVAL;
2344			break;
2345		}
2346
2347		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2348		    sizeof(struct ctl_ooa_entry))) {
2349			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2350			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2351			       __func__, ooa_hdr->alloc_len,
2352			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2353			retval = EINVAL;
2354			break;
2355		}
2356
2357		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2358		if (entries == NULL) {
2359			printf("%s: could not allocate %d bytes for OOA "
2360			       "dump\n", __func__, ooa_hdr->alloc_len);
2361			retval = ENOMEM;
2362			break;
2363		}
2364
2365		mtx_lock(&softc->ctl_lock);
2366		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2367		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2368		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2369			mtx_unlock(&softc->ctl_lock);
2370			free(entries, M_CTL);
2371			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2372			       __func__, (uintmax_t)ooa_hdr->lun_num);
2373			retval = EINVAL;
2374			break;
2375		}
2376
2377		cur_fill_num = 0;
2378
2379		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2380			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2381				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2382					ooa_hdr, entries);
2383				if (retval != 0)
2384					break;
2385			}
2386			if (retval != 0) {
2387				mtx_unlock(&softc->ctl_lock);
2388				free(entries, M_CTL);
2389				break;
2390			}
2391		} else {
2392			lun = softc->ctl_luns[ooa_hdr->lun_num];
2393
2394			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2395						    entries);
2396		}
2397		mtx_unlock(&softc->ctl_lock);
2398
2399		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2400		ooa_hdr->fill_len = ooa_hdr->fill_num *
2401			sizeof(struct ctl_ooa_entry);
2402		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2403		if (retval != 0) {
2404			printf("%s: error copying out %d bytes for OOA dump\n",
2405			       __func__, ooa_hdr->fill_len);
2406		}
2407
2408		getbintime(&ooa_hdr->cur_bt);
2409
2410		if (cur_fill_num > ooa_hdr->alloc_num) {
2411			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2412			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2413		} else {
2414			ooa_hdr->dropped_num = 0;
2415			ooa_hdr->status = CTL_OOA_OK;
2416		}
2417
2418		free(entries, M_CTL);
2419		break;
2420	}
2421	case CTL_CHECK_OOA: {
2422		union ctl_io *io;
2423		struct ctl_ooa_info *ooa_info;
2424
2425
2426		ooa_info = (struct ctl_ooa_info *)addr;
2427
2428		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2429			ooa_info->status = CTL_OOA_INVALID_LUN;
2430			break;
2431		}
2432		mtx_lock(&softc->ctl_lock);
2433		lun = softc->ctl_luns[ooa_info->lun_id];
2434		if (lun == NULL) {
2435			mtx_unlock(&softc->ctl_lock);
2436			ooa_info->status = CTL_OOA_INVALID_LUN;
2437			break;
2438		}
2439		mtx_lock(&lun->lun_lock);
2440		mtx_unlock(&softc->ctl_lock);
2441		ooa_info->num_entries = 0;
2442		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2443		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2444		     &io->io_hdr, ooa_links)) {
2445			ooa_info->num_entries++;
2446		}
2447		mtx_unlock(&lun->lun_lock);
2448
2449		ooa_info->status = CTL_OOA_SUCCESS;
2450
2451		break;
2452	}
2453	case CTL_DELAY_IO: {
2454		struct ctl_io_delay_info *delay_info;
2455
2456		delay_info = (struct ctl_io_delay_info *)addr;
2457
2458#ifdef CTL_IO_DELAY
2459		mtx_lock(&softc->ctl_lock);
2460
2461		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2462		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2463			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2464		} else {
2465			lun = softc->ctl_luns[delay_info->lun_id];
2466			mtx_lock(&lun->lun_lock);
2467
2468			delay_info->status = CTL_DELAY_STATUS_OK;
2469
2470			switch (delay_info->delay_type) {
2471			case CTL_DELAY_TYPE_CONT:
2472				break;
2473			case CTL_DELAY_TYPE_ONESHOT:
2474				break;
2475			default:
2476				delay_info->status =
2477					CTL_DELAY_STATUS_INVALID_TYPE;
2478				break;
2479			}
2480
2481			switch (delay_info->delay_loc) {
2482			case CTL_DELAY_LOC_DATAMOVE:
2483				lun->delay_info.datamove_type =
2484					delay_info->delay_type;
2485				lun->delay_info.datamove_delay =
2486					delay_info->delay_secs;
2487				break;
2488			case CTL_DELAY_LOC_DONE:
2489				lun->delay_info.done_type =
2490					delay_info->delay_type;
2491				lun->delay_info.done_delay =
2492					delay_info->delay_secs;
2493				break;
2494			default:
2495				delay_info->status =
2496					CTL_DELAY_STATUS_INVALID_LOC;
2497				break;
2498			}
2499			mtx_unlock(&lun->lun_lock);
2500		}
2501
2502		mtx_unlock(&softc->ctl_lock);
2503#else
2504		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2505#endif /* CTL_IO_DELAY */
2506		break;
2507	}
2508	case CTL_REALSYNC_SET: {
2509		int *syncstate;
2510
2511		syncstate = (int *)addr;
2512
2513		mtx_lock(&softc->ctl_lock);
2514		switch (*syncstate) {
2515		case 0:
2516			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2517			break;
2518		case 1:
2519			softc->flags |= CTL_FLAG_REAL_SYNC;
2520			break;
2521		default:
2522			retval = EINVAL;
2523			break;
2524		}
2525		mtx_unlock(&softc->ctl_lock);
2526		break;
2527	}
2528	case CTL_REALSYNC_GET: {
2529		int *syncstate;
2530
2531		syncstate = (int*)addr;
2532
2533		mtx_lock(&softc->ctl_lock);
2534		if (softc->flags & CTL_FLAG_REAL_SYNC)
2535			*syncstate = 1;
2536		else
2537			*syncstate = 0;
2538		mtx_unlock(&softc->ctl_lock);
2539
2540		break;
2541	}
2542	case CTL_SETSYNC:
2543	case CTL_GETSYNC: {
2544		struct ctl_sync_info *sync_info;
2545
2546		sync_info = (struct ctl_sync_info *)addr;
2547
2548		mtx_lock(&softc->ctl_lock);
2549		lun = softc->ctl_luns[sync_info->lun_id];
2550		if (lun == NULL) {
2551			mtx_unlock(&softc->ctl_lock);
2552			sync_info->status = CTL_GS_SYNC_NO_LUN;
2553			break;
2554		}
2555		/*
2556		 * Get or set the sync interval.  We're not bounds checking
2557		 * in the set case, hopefully the user won't do something
2558		 * silly.
2559		 */
2560		mtx_lock(&lun->lun_lock);
2561		mtx_unlock(&softc->ctl_lock);
2562		if (cmd == CTL_GETSYNC)
2563			sync_info->sync_interval = lun->sync_interval;
2564		else
2565			lun->sync_interval = sync_info->sync_interval;
2566		mtx_unlock(&lun->lun_lock);
2567
2568		sync_info->status = CTL_GS_SYNC_OK;
2569
2570		break;
2571	}
2572	case CTL_GETSTATS: {
2573		struct ctl_stats *stats;
2574		int i;
2575
2576		stats = (struct ctl_stats *)addr;
2577
2578		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2579		     stats->alloc_len) {
2580			stats->status = CTL_SS_NEED_MORE_SPACE;
2581			stats->num_luns = softc->num_luns;
2582			break;
2583		}
2584		/*
2585		 * XXX KDM no locking here.  If the LUN list changes,
2586		 * things can blow up.
2587		 */
2588		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2589		     i++, lun = STAILQ_NEXT(lun, links)) {
2590			retval = copyout(&lun->stats, &stats->lun_stats[i],
2591					 sizeof(lun->stats));
2592			if (retval != 0)
2593				break;
2594		}
2595		stats->num_luns = softc->num_luns;
2596		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2597				 softc->num_luns;
2598		stats->status = CTL_SS_OK;
2599#ifdef CTL_TIME_IO
2600		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2601#else
2602		stats->flags = CTL_STATS_FLAG_NONE;
2603#endif
2604		getnanouptime(&stats->timestamp);
2605		break;
2606	}
2607	case CTL_ERROR_INJECT: {
2608		struct ctl_error_desc *err_desc, *new_err_desc;
2609
2610		err_desc = (struct ctl_error_desc *)addr;
2611
2612		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2613				      M_WAITOK | M_ZERO);
2614		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2615
2616		mtx_lock(&softc->ctl_lock);
2617		lun = softc->ctl_luns[err_desc->lun_id];
2618		if (lun == NULL) {
2619			mtx_unlock(&softc->ctl_lock);
2620			free(new_err_desc, M_CTL);
2621			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2622			       __func__, (uintmax_t)err_desc->lun_id);
2623			retval = EINVAL;
2624			break;
2625		}
2626		mtx_lock(&lun->lun_lock);
2627		mtx_unlock(&softc->ctl_lock);
2628
2629		/*
2630		 * We could do some checking here to verify the validity
2631		 * of the request, but given the complexity of error
2632		 * injection requests, the checking logic would be fairly
2633		 * complex.
2634		 *
2635		 * For now, if the request is invalid, it just won't get
2636		 * executed and might get deleted.
2637		 */
2638		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2639
2640		/*
2641		 * XXX KDM check to make sure the serial number is unique,
2642		 * in case we somehow manage to wrap.  That shouldn't
2643		 * happen for a very long time, but it's the right thing to
2644		 * do.
2645		 */
2646		new_err_desc->serial = lun->error_serial;
2647		err_desc->serial = lun->error_serial;
2648		lun->error_serial++;
2649
2650		mtx_unlock(&lun->lun_lock);
2651		break;
2652	}
2653	case CTL_ERROR_INJECT_DELETE: {
2654		struct ctl_error_desc *delete_desc, *desc, *desc2;
2655		int delete_done;
2656
2657		delete_desc = (struct ctl_error_desc *)addr;
2658		delete_done = 0;
2659
2660		mtx_lock(&softc->ctl_lock);
2661		lun = softc->ctl_luns[delete_desc->lun_id];
2662		if (lun == NULL) {
2663			mtx_unlock(&softc->ctl_lock);
2664			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2665			       __func__, (uintmax_t)delete_desc->lun_id);
2666			retval = EINVAL;
2667			break;
2668		}
2669		mtx_lock(&lun->lun_lock);
2670		mtx_unlock(&softc->ctl_lock);
2671		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2672			if (desc->serial != delete_desc->serial)
2673				continue;
2674
2675			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2676				      links);
2677			free(desc, M_CTL);
2678			delete_done = 1;
2679		}
2680		mtx_unlock(&lun->lun_lock);
2681		if (delete_done == 0) {
2682			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2683			       "error serial %ju on LUN %u\n", __func__,
2684			       delete_desc->serial, delete_desc->lun_id);
2685			retval = EINVAL;
2686			break;
2687		}
2688		break;
2689	}
2690	case CTL_DUMP_STRUCTS: {
2691		int i, j, k;
2692		struct ctl_port *port;
2693		struct ctl_frontend *fe;
2694
2695		mtx_lock(&softc->ctl_lock);
2696		printf("CTL Persistent Reservation information start:\n");
2697		for (i = 0; i < CTL_MAX_LUNS; i++) {
2698			lun = softc->ctl_luns[i];
2699
2700			if ((lun == NULL)
2701			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2702				continue;
2703
2704			for (j = 0; j < CTL_MAX_PORTS; j++) {
2705				if (lun->pr_keys[j] == NULL)
2706					continue;
2707				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2708					if (lun->pr_keys[j][k] == 0)
2709						continue;
2710					printf("  LUN %d port %d iid %d key "
2711					       "%#jx\n", i, j, k,
2712					       (uintmax_t)lun->pr_keys[j][k]);
2713				}
2714			}
2715		}
2716		printf("CTL Persistent Reservation information end\n");
2717		printf("CTL Ports:\n");
2718		STAILQ_FOREACH(port, &softc->port_list, links) {
2719			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2720			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2721			       port->frontend->name, port->port_type,
2722			       port->physical_port, port->virtual_port,
2723			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2724			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2725				if (port->wwpn_iid[j].in_use == 0 &&
2726				    port->wwpn_iid[j].wwpn == 0 &&
2727				    port->wwpn_iid[j].name == NULL)
2728					continue;
2729
2730				printf("    iid %u use %d WWPN %#jx '%s'\n",
2731				    j, port->wwpn_iid[j].in_use,
2732				    (uintmax_t)port->wwpn_iid[j].wwpn,
2733				    port->wwpn_iid[j].name);
2734			}
2735		}
2736		printf("CTL Port information end\n");
2737		mtx_unlock(&softc->ctl_lock);
2738		/*
2739		 * XXX KDM calling this without a lock.  We'd likely want
2740		 * to drop the lock before calling the frontend's dump
2741		 * routine anyway.
2742		 */
2743		printf("CTL Frontends:\n");
2744		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2745			printf("  Frontend '%s'\n", fe->name);
2746			if (fe->fe_dump != NULL)
2747				fe->fe_dump();
2748		}
2749		printf("CTL Frontend information end\n");
2750		break;
2751	}
2752	case CTL_LUN_REQ: {
2753		struct ctl_lun_req *lun_req;
2754		struct ctl_backend_driver *backend;
2755
2756		lun_req = (struct ctl_lun_req *)addr;
2757
2758		backend = ctl_backend_find(lun_req->backend);
2759		if (backend == NULL) {
2760			lun_req->status = CTL_LUN_ERROR;
2761			snprintf(lun_req->error_str,
2762				 sizeof(lun_req->error_str),
2763				 "Backend \"%s\" not found.",
2764				 lun_req->backend);
2765			break;
2766		}
2767		if (lun_req->num_be_args > 0) {
2768			lun_req->kern_be_args = ctl_copyin_args(
2769				lun_req->num_be_args,
2770				lun_req->be_args,
2771				lun_req->error_str,
2772				sizeof(lun_req->error_str));
2773			if (lun_req->kern_be_args == NULL) {
2774				lun_req->status = CTL_LUN_ERROR;
2775				break;
2776			}
2777		}
2778
2779		retval = backend->ioctl(dev, cmd, addr, flag, td);
2780
2781		if (lun_req->num_be_args > 0) {
2782			ctl_copyout_args(lun_req->num_be_args,
2783				      lun_req->kern_be_args);
2784			ctl_free_args(lun_req->num_be_args,
2785				      lun_req->kern_be_args);
2786		}
2787		break;
2788	}
2789	case CTL_LUN_LIST: {
2790		struct sbuf *sb;
2791		struct ctl_lun_list *list;
2792		struct ctl_option *opt;
2793
2794		list = (struct ctl_lun_list *)addr;
2795
2796		/*
2797		 * Allocate a fixed length sbuf here, based on the length
2798		 * of the user's buffer.  We could allocate an auto-extending
2799		 * buffer, and then tell the user how much larger our
2800		 * amount of data is than his buffer, but that presents
2801		 * some problems:
2802		 *
2803		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2804		 *     we can't hold a lock while calling them with an
2805		 *     auto-extending buffer.
2806 		 *
2807		 * 2.  There is not currently a LUN reference counting
2808		 *     mechanism, outside of outstanding transactions on
2809		 *     the LUN's OOA queue.  So a LUN could go away on us
2810		 *     while we're getting the LUN number, backend-specific
2811		 *     information, etc.  Thus, given the way things
2812		 *     currently work, we need to hold the CTL lock while
2813		 *     grabbing LUN information.
2814		 *
2815		 * So, from the user's standpoint, the best thing to do is
2816		 * allocate what he thinks is a reasonable buffer length,
2817		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2818		 * double the buffer length and try again.  (And repeat
2819		 * that until he succeeds.)
2820		 */
2821		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2822		if (sb == NULL) {
2823			list->status = CTL_LUN_LIST_ERROR;
2824			snprintf(list->error_str, sizeof(list->error_str),
2825				 "Unable to allocate %d bytes for LUN list",
2826				 list->alloc_len);
2827			break;
2828		}
2829
2830		sbuf_printf(sb, "<ctllunlist>\n");
2831
2832		mtx_lock(&softc->ctl_lock);
2833		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2834			mtx_lock(&lun->lun_lock);
2835			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2836					     (uintmax_t)lun->lun);
2837
2838			/*
2839			 * Bail out as soon as we see that we've overfilled
2840			 * the buffer.
2841			 */
2842			if (retval != 0)
2843				break;
2844
2845			retval = sbuf_printf(sb, "\t<backend_type>%s"
2846					     "</backend_type>\n",
2847					     (lun->backend == NULL) ?  "none" :
2848					     lun->backend->name);
2849
2850			if (retval != 0)
2851				break;
2852
2853			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
2854					     lun->be_lun->lun_type);
2855
2856			if (retval != 0)
2857				break;
2858
2859			if (lun->backend == NULL) {
2860				retval = sbuf_printf(sb, "</lun>\n");
2861				if (retval != 0)
2862					break;
2863				continue;
2864			}
2865
2866			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
2867					     (lun->be_lun->maxlba > 0) ?
2868					     lun->be_lun->maxlba + 1 : 0);
2869
2870			if (retval != 0)
2871				break;
2872
2873			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
2874					     lun->be_lun->blocksize);
2875
2876			if (retval != 0)
2877				break;
2878
2879			retval = sbuf_printf(sb, "\t<serial_number>");
2880
2881			if (retval != 0)
2882				break;
2883
2884			retval = ctl_sbuf_printf_esc(sb,
2885			    lun->be_lun->serial_num,
2886			    sizeof(lun->be_lun->serial_num));
2887
2888			if (retval != 0)
2889				break;
2890
2891			retval = sbuf_printf(sb, "</serial_number>\n");
2892
2893			if (retval != 0)
2894				break;
2895
2896			retval = sbuf_printf(sb, "\t<device_id>");
2897
2898			if (retval != 0)
2899				break;
2900
2901			retval = ctl_sbuf_printf_esc(sb,
2902			    lun->be_lun->device_id,
2903			    sizeof(lun->be_lun->device_id));
2904
2905			if (retval != 0)
2906				break;
2907
2908			retval = sbuf_printf(sb, "</device_id>\n");
2909
2910			if (retval != 0)
2911				break;
2912
2913			if (lun->backend->lun_info != NULL) {
2914				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
2915				if (retval != 0)
2916					break;
2917			}
2918			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
2919				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
2920				    opt->name, opt->value, opt->name);
2921				if (retval != 0)
2922					break;
2923			}
2924
2925			retval = sbuf_printf(sb, "</lun>\n");
2926
2927			if (retval != 0)
2928				break;
2929			mtx_unlock(&lun->lun_lock);
2930		}
2931		if (lun != NULL)
2932			mtx_unlock(&lun->lun_lock);
2933		mtx_unlock(&softc->ctl_lock);
2934
2935		if ((retval != 0)
2936		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
2937			retval = 0;
2938			sbuf_delete(sb);
2939			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
2940			snprintf(list->error_str, sizeof(list->error_str),
2941				 "Out of space, %d bytes is too small",
2942				 list->alloc_len);
2943			break;
2944		}
2945
2946		sbuf_finish(sb);
2947
2948		retval = copyout(sbuf_data(sb), list->lun_xml,
2949				 sbuf_len(sb) + 1);
2950
2951		list->fill_len = sbuf_len(sb) + 1;
2952		list->status = CTL_LUN_LIST_OK;
2953		sbuf_delete(sb);
2954		break;
2955	}
2956	case CTL_ISCSI: {
2957		struct ctl_iscsi *ci;
2958		struct ctl_frontend *fe;
2959
2960		ci = (struct ctl_iscsi *)addr;
2961
2962		fe = ctl_frontend_find("iscsi");
2963		if (fe == NULL) {
2964			ci->status = CTL_ISCSI_ERROR;
2965			snprintf(ci->error_str, sizeof(ci->error_str),
2966			    "Frontend \"iscsi\" not found.");
2967			break;
2968		}
2969
2970		retval = fe->ioctl(dev, cmd, addr, flag, td);
2971		break;
2972	}
2973	case CTL_PORT_REQ: {
2974		struct ctl_req *req;
2975		struct ctl_frontend *fe;
2976
2977		req = (struct ctl_req *)addr;
2978
2979		fe = ctl_frontend_find(req->driver);
2980		if (fe == NULL) {
2981			req->status = CTL_LUN_ERROR;
2982			snprintf(req->error_str, sizeof(req->error_str),
2983			    "Frontend \"%s\" not found.", req->driver);
2984			break;
2985		}
2986		if (req->num_args > 0) {
2987			req->kern_args = ctl_copyin_args(req->num_args,
2988			    req->args, req->error_str, sizeof(req->error_str));
2989			if (req->kern_args == NULL) {
2990				req->status = CTL_LUN_ERROR;
2991				break;
2992			}
2993		}
2994
2995		if (fe->ioctl)
2996			retval = fe->ioctl(dev, cmd, addr, flag, td);
2997		else
2998			retval = ENODEV;
2999
3000		if (req->num_args > 0) {
3001			ctl_copyout_args(req->num_args, req->kern_args);
3002			ctl_free_args(req->num_args, req->kern_args);
3003		}
3004		break;
3005	}
3006	case CTL_PORT_LIST: {
3007		struct sbuf *sb;
3008		struct ctl_port *port;
3009		struct ctl_lun_list *list;
3010		struct ctl_option *opt;
3011		int j;
3012		uint32_t plun;
3013
3014		list = (struct ctl_lun_list *)addr;
3015
3016		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3017		if (sb == NULL) {
3018			list->status = CTL_LUN_LIST_ERROR;
3019			snprintf(list->error_str, sizeof(list->error_str),
3020				 "Unable to allocate %d bytes for LUN list",
3021				 list->alloc_len);
3022			break;
3023		}
3024
3025		sbuf_printf(sb, "<ctlportlist>\n");
3026
3027		mtx_lock(&softc->ctl_lock);
3028		STAILQ_FOREACH(port, &softc->port_list, links) {
3029			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3030					     (uintmax_t)port->targ_port);
3031
3032			/*
3033			 * Bail out as soon as we see that we've overfilled
3034			 * the buffer.
3035			 */
3036			if (retval != 0)
3037				break;
3038
3039			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3040			    "</frontend_type>\n", port->frontend->name);
3041			if (retval != 0)
3042				break;
3043
3044			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3045					     port->port_type);
3046			if (retval != 0)
3047				break;
3048
3049			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3050			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3051			if (retval != 0)
3052				break;
3053
3054			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3055			    port->port_name);
3056			if (retval != 0)
3057				break;
3058
3059			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3060			    port->physical_port);
3061			if (retval != 0)
3062				break;
3063
3064			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3065			    port->virtual_port);
3066			if (retval != 0)
3067				break;
3068
3069			if (port->target_devid != NULL) {
3070				sbuf_printf(sb, "\t<target>");
3071				ctl_id_sbuf(port->target_devid, sb);
3072				sbuf_printf(sb, "</target>\n");
3073			}
3074
3075			if (port->port_devid != NULL) {
3076				sbuf_printf(sb, "\t<port>");
3077				ctl_id_sbuf(port->port_devid, sb);
3078				sbuf_printf(sb, "</port>\n");
3079			}
3080
3081			if (port->port_info != NULL) {
3082				retval = port->port_info(port->onoff_arg, sb);
3083				if (retval != 0)
3084					break;
3085			}
3086			STAILQ_FOREACH(opt, &port->options, links) {
3087				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3088				    opt->name, opt->value, opt->name);
3089				if (retval != 0)
3090					break;
3091			}
3092
3093			if (port->lun_map != NULL) {
3094				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3095				for (j = 0; j < CTL_MAX_LUNS; j++) {
3096					plun = ctl_lun_map_from_port(port, j);
3097					if (plun >= CTL_MAX_LUNS)
3098						continue;
3099					sbuf_printf(sb,
3100					    "\t<lun id=\"%u\">%u</lun>\n",
3101					    j, plun);
3102				}
3103			}
3104
3105			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3106				if (port->wwpn_iid[j].in_use == 0 ||
3107				    (port->wwpn_iid[j].wwpn == 0 &&
3108				     port->wwpn_iid[j].name == NULL))
3109					continue;
3110
3111				if (port->wwpn_iid[j].name != NULL)
3112					retval = sbuf_printf(sb,
3113					    "\t<initiator id=\"%u\">%s</initiator>\n",
3114					    j, port->wwpn_iid[j].name);
3115				else
3116					retval = sbuf_printf(sb,
3117					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3118					    j, port->wwpn_iid[j].wwpn);
3119				if (retval != 0)
3120					break;
3121			}
3122			if (retval != 0)
3123				break;
3124
3125			retval = sbuf_printf(sb, "</targ_port>\n");
3126			if (retval != 0)
3127				break;
3128		}
3129		mtx_unlock(&softc->ctl_lock);
3130
3131		if ((retval != 0)
3132		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3133			retval = 0;
3134			sbuf_delete(sb);
3135			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3136			snprintf(list->error_str, sizeof(list->error_str),
3137				 "Out of space, %d bytes is too small",
3138				 list->alloc_len);
3139			break;
3140		}
3141
3142		sbuf_finish(sb);
3143
3144		retval = copyout(sbuf_data(sb), list->lun_xml,
3145				 sbuf_len(sb) + 1);
3146
3147		list->fill_len = sbuf_len(sb) + 1;
3148		list->status = CTL_LUN_LIST_OK;
3149		sbuf_delete(sb);
3150		break;
3151	}
3152	case CTL_LUN_MAP: {
3153		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3154		struct ctl_port *port;
3155
3156		mtx_lock(&softc->ctl_lock);
3157		if (lm->port < softc->port_min ||
3158		    lm->port >= softc->port_max ||
3159		    (port = softc->ctl_ports[lm->port]) == NULL) {
3160			mtx_unlock(&softc->ctl_lock);
3161			return (ENXIO);
3162		}
3163		if (port->status & CTL_PORT_STATUS_ONLINE) {
3164			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3165				if (ctl_lun_map_to_port(port, lun->lun) >=
3166				    CTL_MAX_LUNS)
3167					continue;
3168				mtx_lock(&lun->lun_lock);
3169				ctl_est_ua_port(lun, lm->port, -1,
3170				    CTL_UA_LUN_CHANGE);
3171				mtx_unlock(&lun->lun_lock);
3172			}
3173		}
3174		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3175		if (lm->plun < CTL_MAX_LUNS) {
3176			if (lm->lun == UINT32_MAX)
3177				retval = ctl_lun_map_unset(port, lm->plun);
3178			else if (lm->lun < CTL_MAX_LUNS &&
3179			    softc->ctl_luns[lm->lun] != NULL)
3180				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3181			else
3182				return (ENXIO);
3183		} else if (lm->plun == UINT32_MAX) {
3184			if (lm->lun == UINT32_MAX)
3185				retval = ctl_lun_map_deinit(port);
3186			else
3187				retval = ctl_lun_map_init(port);
3188		} else
3189			return (ENXIO);
3190		if (port->status & CTL_PORT_STATUS_ONLINE)
3191			ctl_isc_announce_port(port);
3192		break;
3193	}
3194	default: {
3195		/* XXX KDM should we fix this? */
3196#if 0
3197		struct ctl_backend_driver *backend;
3198		unsigned int type;
3199		int found;
3200
3201		found = 0;
3202
3203		/*
3204		 * We encode the backend type as the ioctl type for backend
3205		 * ioctls.  So parse it out here, and then search for a
3206		 * backend of this type.
3207		 */
3208		type = _IOC_TYPE(cmd);
3209
3210		STAILQ_FOREACH(backend, &softc->be_list, links) {
3211			if (backend->type == type) {
3212				found = 1;
3213				break;
3214			}
3215		}
3216		if (found == 0) {
3217			printf("ctl: unknown ioctl command %#lx or backend "
3218			       "%d\n", cmd, type);
3219			retval = EINVAL;
3220			break;
3221		}
3222		retval = backend->ioctl(dev, cmd, addr, flag, td);
3223#endif
3224		retval = ENOTTY;
3225		break;
3226	}
3227	}
3228	return (retval);
3229}
3230
3231uint32_t
3232ctl_get_initindex(struct ctl_nexus *nexus)
3233{
3234	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3235}
3236
3237int
3238ctl_lun_map_init(struct ctl_port *port)
3239{
3240	struct ctl_softc *softc = control_softc;
3241	struct ctl_lun *lun;
3242	uint32_t i;
3243
3244	if (port->lun_map == NULL)
3245		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3246		    M_CTL, M_NOWAIT);
3247	if (port->lun_map == NULL)
3248		return (ENOMEM);
3249	for (i = 0; i < CTL_MAX_LUNS; i++)
3250		port->lun_map[i] = UINT32_MAX;
3251	if (port->status & CTL_PORT_STATUS_ONLINE) {
3252		if (port->lun_disable != NULL) {
3253			STAILQ_FOREACH(lun, &softc->lun_list, links)
3254				port->lun_disable(port->targ_lun_arg, lun->lun);
3255		}
3256		ctl_isc_announce_port(port);
3257	}
3258	return (0);
3259}
3260
3261int
3262ctl_lun_map_deinit(struct ctl_port *port)
3263{
3264	struct ctl_softc *softc = control_softc;
3265	struct ctl_lun *lun;
3266
3267	if (port->lun_map == NULL)
3268		return (0);
3269	free(port->lun_map, M_CTL);
3270	port->lun_map = NULL;
3271	if (port->status & CTL_PORT_STATUS_ONLINE) {
3272		if (port->lun_enable != NULL) {
3273			STAILQ_FOREACH(lun, &softc->lun_list, links)
3274				port->lun_enable(port->targ_lun_arg, lun->lun);
3275		}
3276		ctl_isc_announce_port(port);
3277	}
3278	return (0);
3279}
3280
3281int
3282ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3283{
3284	int status;
3285	uint32_t old;
3286
3287	if (port->lun_map == NULL) {
3288		status = ctl_lun_map_init(port);
3289		if (status != 0)
3290			return (status);
3291	}
3292	old = port->lun_map[plun];
3293	port->lun_map[plun] = glun;
3294	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3295		if (port->lun_enable != NULL)
3296			port->lun_enable(port->targ_lun_arg, plun);
3297		ctl_isc_announce_port(port);
3298	}
3299	return (0);
3300}
3301
3302int
3303ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3304{
3305	uint32_t old;
3306
3307	if (port->lun_map == NULL)
3308		return (0);
3309	old = port->lun_map[plun];
3310	port->lun_map[plun] = UINT32_MAX;
3311	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3312		if (port->lun_disable != NULL)
3313			port->lun_disable(port->targ_lun_arg, plun);
3314		ctl_isc_announce_port(port);
3315	}
3316	return (0);
3317}
3318
3319uint32_t
3320ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3321{
3322
3323	if (port == NULL)
3324		return (UINT32_MAX);
3325	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3326		return (lun_id);
3327	return (port->lun_map[lun_id]);
3328}
3329
3330uint32_t
3331ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3332{
3333	uint32_t i;
3334
3335	if (port == NULL)
3336		return (UINT32_MAX);
3337	if (port->lun_map == NULL)
3338		return (lun_id);
3339	for (i = 0; i < CTL_MAX_LUNS; i++) {
3340		if (port->lun_map[i] == lun_id)
3341			return (i);
3342	}
3343	return (UINT32_MAX);
3344}
3345
3346static struct ctl_port *
3347ctl_io_port(struct ctl_io_hdr *io_hdr)
3348{
3349
3350	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3351}
3352
3353int
3354ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3355{
3356	int i;
3357
3358	for (i = first; i < last; i++) {
3359		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3360			return (i);
3361	}
3362	return (-1);
3363}
3364
3365int
3366ctl_set_mask(uint32_t *mask, uint32_t bit)
3367{
3368	uint32_t chunk, piece;
3369
3370	chunk = bit >> 5;
3371	piece = bit % (sizeof(uint32_t) * 8);
3372
3373	if ((mask[chunk] & (1 << piece)) != 0)
3374		return (-1);
3375	else
3376		mask[chunk] |= (1 << piece);
3377
3378	return (0);
3379}
3380
3381int
3382ctl_clear_mask(uint32_t *mask, uint32_t bit)
3383{
3384	uint32_t chunk, piece;
3385
3386	chunk = bit >> 5;
3387	piece = bit % (sizeof(uint32_t) * 8);
3388
3389	if ((mask[chunk] & (1 << piece)) == 0)
3390		return (-1);
3391	else
3392		mask[chunk] &= ~(1 << piece);
3393
3394	return (0);
3395}
3396
3397int
3398ctl_is_set(uint32_t *mask, uint32_t bit)
3399{
3400	uint32_t chunk, piece;
3401
3402	chunk = bit >> 5;
3403	piece = bit % (sizeof(uint32_t) * 8);
3404
3405	if ((mask[chunk] & (1 << piece)) == 0)
3406		return (0);
3407	else
3408		return (1);
3409}
3410
3411static uint64_t
3412ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3413{
3414	uint64_t *t;
3415
3416	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3417	if (t == NULL)
3418		return (0);
3419	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3420}
3421
3422static void
3423ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3424{
3425	uint64_t *t;
3426
3427	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3428	if (t == NULL)
3429		return;
3430	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3431}
3432
3433static void
3434ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3435{
3436	uint64_t *p;
3437	u_int i;
3438
3439	i = residx/CTL_MAX_INIT_PER_PORT;
3440	if (lun->pr_keys[i] != NULL)
3441		return;
3442	mtx_unlock(&lun->lun_lock);
3443	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3444	    M_WAITOK | M_ZERO);
3445	mtx_lock(&lun->lun_lock);
3446	if (lun->pr_keys[i] == NULL)
3447		lun->pr_keys[i] = p;
3448	else
3449		free(p, M_CTL);
3450}
3451
3452static void
3453ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3454{
3455	uint64_t *t;
3456
3457	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3458	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3459	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3460}
3461
3462/*
3463 * ctl_softc, pool_name, total_ctl_io are passed in.
3464 * npool is passed out.
3465 */
3466int
3467ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3468		uint32_t total_ctl_io, void **npool)
3469{
3470#ifdef IO_POOLS
3471	struct ctl_io_pool *pool;
3472
3473	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3474					    M_NOWAIT | M_ZERO);
3475	if (pool == NULL)
3476		return (ENOMEM);
3477
3478	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3479	pool->ctl_softc = ctl_softc;
3480	pool->zone = uma_zsecond_create(pool->name, NULL,
3481	    NULL, NULL, NULL, ctl_softc->io_zone);
3482	/* uma_prealloc(pool->zone, total_ctl_io); */
3483
3484	*npool = pool;
3485#else
3486	*npool = ctl_softc->io_zone;
3487#endif
3488	return (0);
3489}
3490
3491void
3492ctl_pool_free(struct ctl_io_pool *pool)
3493{
3494
3495	if (pool == NULL)
3496		return;
3497
3498#ifdef IO_POOLS
3499	uma_zdestroy(pool->zone);
3500	free(pool, M_CTL);
3501#endif
3502}
3503
3504union ctl_io *
3505ctl_alloc_io(void *pool_ref)
3506{
3507	union ctl_io *io;
3508#ifdef IO_POOLS
3509	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3510
3511	io = uma_zalloc(pool->zone, M_WAITOK);
3512#else
3513	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3514#endif
3515	if (io != NULL)
3516		io->io_hdr.pool = pool_ref;
3517	return (io);
3518}
3519
3520union ctl_io *
3521ctl_alloc_io_nowait(void *pool_ref)
3522{
3523	union ctl_io *io;
3524#ifdef IO_POOLS
3525	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3526
3527	io = uma_zalloc(pool->zone, M_NOWAIT);
3528#else
3529	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3530#endif
3531	if (io != NULL)
3532		io->io_hdr.pool = pool_ref;
3533	return (io);
3534}
3535
3536void
3537ctl_free_io(union ctl_io *io)
3538{
3539#ifdef IO_POOLS
3540	struct ctl_io_pool *pool;
3541#endif
3542
3543	if (io == NULL)
3544		return;
3545
3546#ifdef IO_POOLS
3547	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3548	uma_zfree(pool->zone, io);
3549#else
3550	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3551#endif
3552}
3553
3554void
3555ctl_zero_io(union ctl_io *io)
3556{
3557	void *pool_ref;
3558
3559	if (io == NULL)
3560		return;
3561
3562	/*
3563	 * May need to preserve linked list pointers at some point too.
3564	 */
3565	pool_ref = io->io_hdr.pool;
3566	memset(io, 0, sizeof(*io));
3567	io->io_hdr.pool = pool_ref;
3568}
3569
3570/*
3571 * This routine is currently used for internal copies of ctl_ios that need
3572 * to persist for some reason after we've already returned status to the
3573 * FETD.  (Thus the flag set.)
3574 *
3575 * XXX XXX
3576 * Note that this makes a blind copy of all fields in the ctl_io, except
3577 * for the pool reference.  This includes any memory that has been
3578 * allocated!  That memory will no longer be valid after done has been
3579 * called, so this would be VERY DANGEROUS for command that actually does
3580 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3581 * start and stop commands, which don't transfer any data, so this is not a
3582 * problem.  If it is used for anything else, the caller would also need to
3583 * allocate data buffer space and this routine would need to be modified to
3584 * copy the data buffer(s) as well.
3585 */
3586void
3587ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3588{
3589	void *pool_ref;
3590
3591	if ((src == NULL)
3592	 || (dest == NULL))
3593		return;
3594
3595	/*
3596	 * May need to preserve linked list pointers at some point too.
3597	 */
3598	pool_ref = dest->io_hdr.pool;
3599
3600	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3601
3602	dest->io_hdr.pool = pool_ref;
3603	/*
3604	 * We need to know that this is an internal copy, and doesn't need
3605	 * to get passed back to the FETD that allocated it.
3606	 */
3607	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3608}
3609
3610int
3611ctl_expand_number(const char *buf, uint64_t *num)
3612{
3613	char *endptr;
3614	uint64_t number;
3615	unsigned shift;
3616
3617	number = strtoq(buf, &endptr, 0);
3618
3619	switch (tolower((unsigned char)*endptr)) {
3620	case 'e':
3621		shift = 60;
3622		break;
3623	case 'p':
3624		shift = 50;
3625		break;
3626	case 't':
3627		shift = 40;
3628		break;
3629	case 'g':
3630		shift = 30;
3631		break;
3632	case 'm':
3633		shift = 20;
3634		break;
3635	case 'k':
3636		shift = 10;
3637		break;
3638	case 'b':
3639	case '\0': /* No unit. */
3640		*num = number;
3641		return (0);
3642	default:
3643		/* Unrecognized unit. */
3644		return (-1);
3645	}
3646
3647	if ((number << shift) >> shift != number) {
3648		/* Overflow */
3649		return (-1);
3650	}
3651	*num = number << shift;
3652	return (0);
3653}
3654
3655
3656/*
3657 * This routine could be used in the future to load default and/or saved
3658 * mode page parameters for a particuar lun.
3659 */
3660static int
3661ctl_init_page_index(struct ctl_lun *lun)
3662{
3663	int i;
3664	struct ctl_page_index *page_index;
3665	const char *value;
3666	uint64_t ival;
3667
3668	memcpy(&lun->mode_pages.index, page_index_template,
3669	       sizeof(page_index_template));
3670
3671	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3672
3673		page_index = &lun->mode_pages.index[i];
3674		/*
3675		 * If this is a disk-only mode page, there's no point in
3676		 * setting it up.  For some pages, we have to have some
3677		 * basic information about the disk in order to calculate the
3678		 * mode page data.
3679		 */
3680		if ((lun->be_lun->lun_type != T_DIRECT)
3681		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3682			continue;
3683
3684		switch (page_index->page_code & SMPH_PC_MASK) {
3685		case SMS_RW_ERROR_RECOVERY_PAGE: {
3686			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3687				panic("subpage is incorrect!");
3688			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3689			       &rw_er_page_default,
3690			       sizeof(rw_er_page_default));
3691			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3692			       &rw_er_page_changeable,
3693			       sizeof(rw_er_page_changeable));
3694			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3695			       &rw_er_page_default,
3696			       sizeof(rw_er_page_default));
3697			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3698			       &rw_er_page_default,
3699			       sizeof(rw_er_page_default));
3700			page_index->page_data =
3701				(uint8_t *)lun->mode_pages.rw_er_page;
3702			break;
3703		}
3704		case SMS_FORMAT_DEVICE_PAGE: {
3705			struct scsi_format_page *format_page;
3706
3707			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3708				panic("subpage is incorrect!");
3709
3710			/*
3711			 * Sectors per track are set above.  Bytes per
3712			 * sector need to be set here on a per-LUN basis.
3713			 */
3714			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3715			       &format_page_default,
3716			       sizeof(format_page_default));
3717			memcpy(&lun->mode_pages.format_page[
3718			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3719			       sizeof(format_page_changeable));
3720			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3721			       &format_page_default,
3722			       sizeof(format_page_default));
3723			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3724			       &format_page_default,
3725			       sizeof(format_page_default));
3726
3727			format_page = &lun->mode_pages.format_page[
3728				CTL_PAGE_CURRENT];
3729			scsi_ulto2b(lun->be_lun->blocksize,
3730				    format_page->bytes_per_sector);
3731
3732			format_page = &lun->mode_pages.format_page[
3733				CTL_PAGE_DEFAULT];
3734			scsi_ulto2b(lun->be_lun->blocksize,
3735				    format_page->bytes_per_sector);
3736
3737			format_page = &lun->mode_pages.format_page[
3738				CTL_PAGE_SAVED];
3739			scsi_ulto2b(lun->be_lun->blocksize,
3740				    format_page->bytes_per_sector);
3741
3742			page_index->page_data =
3743				(uint8_t *)lun->mode_pages.format_page;
3744			break;
3745		}
3746		case SMS_RIGID_DISK_PAGE: {
3747			struct scsi_rigid_disk_page *rigid_disk_page;
3748			uint32_t sectors_per_cylinder;
3749			uint64_t cylinders;
3750#ifndef	__XSCALE__
3751			int shift;
3752#endif /* !__XSCALE__ */
3753
3754			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3755				panic("invalid subpage value %d",
3756				      page_index->subpage);
3757
3758			/*
3759			 * Rotation rate and sectors per track are set
3760			 * above.  We calculate the cylinders here based on
3761			 * capacity.  Due to the number of heads and
3762			 * sectors per track we're using, smaller arrays
3763			 * may turn out to have 0 cylinders.  Linux and
3764			 * FreeBSD don't pay attention to these mode pages
3765			 * to figure out capacity, but Solaris does.  It
3766			 * seems to deal with 0 cylinders just fine, and
3767			 * works out a fake geometry based on the capacity.
3768			 */
3769			memcpy(&lun->mode_pages.rigid_disk_page[
3770			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3771			       sizeof(rigid_disk_page_default));
3772			memcpy(&lun->mode_pages.rigid_disk_page[
3773			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3774			       sizeof(rigid_disk_page_changeable));
3775
3776			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3777				CTL_DEFAULT_HEADS;
3778
3779			/*
3780			 * The divide method here will be more accurate,
3781			 * probably, but results in floating point being
3782			 * used in the kernel on i386 (__udivdi3()).  On the
3783			 * XScale, though, __udivdi3() is implemented in
3784			 * software.
3785			 *
3786			 * The shift method for cylinder calculation is
3787			 * accurate if sectors_per_cylinder is a power of
3788			 * 2.  Otherwise it might be slightly off -- you
3789			 * might have a bit of a truncation problem.
3790			 */
3791#ifdef	__XSCALE__
3792			cylinders = (lun->be_lun->maxlba + 1) /
3793				sectors_per_cylinder;
3794#else
3795			for (shift = 31; shift > 0; shift--) {
3796				if (sectors_per_cylinder & (1 << shift))
3797					break;
3798			}
3799			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3800#endif
3801
3802			/*
3803			 * We've basically got 3 bytes, or 24 bits for the
3804			 * cylinder size in the mode page.  If we're over,
3805			 * just round down to 2^24.
3806			 */
3807			if (cylinders > 0xffffff)
3808				cylinders = 0xffffff;
3809
3810			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3811				CTL_PAGE_DEFAULT];
3812			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3813
3814			if ((value = ctl_get_opt(&lun->be_lun->options,
3815			    "rpm")) != NULL) {
3816				scsi_ulto2b(strtol(value, NULL, 0),
3817				     rigid_disk_page->rotation_rate);
3818			}
3819
3820			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3821			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3822			       sizeof(rigid_disk_page_default));
3823			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3824			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3825			       sizeof(rigid_disk_page_default));
3826
3827			page_index->page_data =
3828				(uint8_t *)lun->mode_pages.rigid_disk_page;
3829			break;
3830		}
3831		case SMS_CACHING_PAGE: {
3832			struct scsi_caching_page *caching_page;
3833
3834			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3835				panic("invalid subpage value %d",
3836				      page_index->subpage);
3837			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3838			       &caching_page_default,
3839			       sizeof(caching_page_default));
3840			memcpy(&lun->mode_pages.caching_page[
3841			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3842			       sizeof(caching_page_changeable));
3843			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3844			       &caching_page_default,
3845			       sizeof(caching_page_default));
3846			caching_page = &lun->mode_pages.caching_page[
3847			    CTL_PAGE_SAVED];
3848			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3849			if (value != NULL && strcmp(value, "off") == 0)
3850				caching_page->flags1 &= ~SCP_WCE;
3851			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3852			if (value != NULL && strcmp(value, "off") == 0)
3853				caching_page->flags1 |= SCP_RCD;
3854			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3855			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3856			       sizeof(caching_page_default));
3857			page_index->page_data =
3858				(uint8_t *)lun->mode_pages.caching_page;
3859			break;
3860		}
3861		case SMS_CONTROL_MODE_PAGE: {
3862			struct scsi_control_page *control_page;
3863
3864			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3865				panic("invalid subpage value %d",
3866				      page_index->subpage);
3867
3868			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
3869			       &control_page_default,
3870			       sizeof(control_page_default));
3871			memcpy(&lun->mode_pages.control_page[
3872			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
3873			       sizeof(control_page_changeable));
3874			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
3875			       &control_page_default,
3876			       sizeof(control_page_default));
3877			control_page = &lun->mode_pages.control_page[
3878			    CTL_PAGE_SAVED];
3879			value = ctl_get_opt(&lun->be_lun->options, "reordering");
3880			if (value != NULL && strcmp(value, "unrestricted") == 0) {
3881				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
3882				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
3883			}
3884			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3885			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
3886			       sizeof(control_page_default));
3887			page_index->page_data =
3888				(uint8_t *)lun->mode_pages.control_page;
3889			break;
3890
3891		}
3892		case SMS_INFO_EXCEPTIONS_PAGE: {
3893			switch (page_index->subpage) {
3894			case SMS_SUBPAGE_PAGE_0:
3895				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
3896				       &ie_page_default,
3897				       sizeof(ie_page_default));
3898				memcpy(&lun->mode_pages.ie_page[
3899				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
3900				       sizeof(ie_page_changeable));
3901				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
3902				       &ie_page_default,
3903				       sizeof(ie_page_default));
3904				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
3905				       &ie_page_default,
3906				       sizeof(ie_page_default));
3907				page_index->page_data =
3908					(uint8_t *)lun->mode_pages.ie_page;
3909				break;
3910			case 0x02: {
3911				struct ctl_logical_block_provisioning_page *page;
3912
3913				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
3914				       &lbp_page_default,
3915				       sizeof(lbp_page_default));
3916				memcpy(&lun->mode_pages.lbp_page[
3917				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
3918				       sizeof(lbp_page_changeable));
3919				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3920				       &lbp_page_default,
3921				       sizeof(lbp_page_default));
3922				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
3923				value = ctl_get_opt(&lun->be_lun->options,
3924				    "avail-threshold");
3925				if (value != NULL &&
3926				    ctl_expand_number(value, &ival) == 0) {
3927					page->descr[0].flags |= SLBPPD_ENABLED |
3928					    SLBPPD_ARMING_DEC;
3929					if (lun->be_lun->blocksize)
3930						ival /= lun->be_lun->blocksize;
3931					else
3932						ival /= 512;
3933					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3934					    page->descr[0].count);
3935				}
3936				value = ctl_get_opt(&lun->be_lun->options,
3937				    "used-threshold");
3938				if (value != NULL &&
3939				    ctl_expand_number(value, &ival) == 0) {
3940					page->descr[1].flags |= SLBPPD_ENABLED |
3941					    SLBPPD_ARMING_INC;
3942					if (lun->be_lun->blocksize)
3943						ival /= lun->be_lun->blocksize;
3944					else
3945						ival /= 512;
3946					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3947					    page->descr[1].count);
3948				}
3949				value = ctl_get_opt(&lun->be_lun->options,
3950				    "pool-avail-threshold");
3951				if (value != NULL &&
3952				    ctl_expand_number(value, &ival) == 0) {
3953					page->descr[2].flags |= SLBPPD_ENABLED |
3954					    SLBPPD_ARMING_DEC;
3955					if (lun->be_lun->blocksize)
3956						ival /= lun->be_lun->blocksize;
3957					else
3958						ival /= 512;
3959					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3960					    page->descr[2].count);
3961				}
3962				value = ctl_get_opt(&lun->be_lun->options,
3963				    "pool-used-threshold");
3964				if (value != NULL &&
3965				    ctl_expand_number(value, &ival) == 0) {
3966					page->descr[3].flags |= SLBPPD_ENABLED |
3967					    SLBPPD_ARMING_INC;
3968					if (lun->be_lun->blocksize)
3969						ival /= lun->be_lun->blocksize;
3970					else
3971						ival /= 512;
3972					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3973					    page->descr[3].count);
3974				}
3975				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
3976				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3977				       sizeof(lbp_page_default));
3978				page_index->page_data =
3979					(uint8_t *)lun->mode_pages.lbp_page;
3980			}}
3981			break;
3982		}
3983		case SMS_VENDOR_SPECIFIC_PAGE:{
3984			switch (page_index->subpage) {
3985			case DBGCNF_SUBPAGE_CODE: {
3986				struct copan_debugconf_subpage *current_page,
3987							       *saved_page;
3988
3989				memcpy(&lun->mode_pages.debugconf_subpage[
3990				       CTL_PAGE_CURRENT],
3991				       &debugconf_page_default,
3992				       sizeof(debugconf_page_default));
3993				memcpy(&lun->mode_pages.debugconf_subpage[
3994				       CTL_PAGE_CHANGEABLE],
3995				       &debugconf_page_changeable,
3996				       sizeof(debugconf_page_changeable));
3997				memcpy(&lun->mode_pages.debugconf_subpage[
3998				       CTL_PAGE_DEFAULT],
3999				       &debugconf_page_default,
4000				       sizeof(debugconf_page_default));
4001				memcpy(&lun->mode_pages.debugconf_subpage[
4002				       CTL_PAGE_SAVED],
4003				       &debugconf_page_default,
4004				       sizeof(debugconf_page_default));
4005				page_index->page_data =
4006					(uint8_t *)lun->mode_pages.debugconf_subpage;
4007
4008				current_page = (struct copan_debugconf_subpage *)
4009					(page_index->page_data +
4010					 (page_index->page_len *
4011					  CTL_PAGE_CURRENT));
4012				saved_page = (struct copan_debugconf_subpage *)
4013					(page_index->page_data +
4014					 (page_index->page_len *
4015					  CTL_PAGE_SAVED));
4016				break;
4017			}
4018			default:
4019				panic("invalid subpage value %d",
4020				      page_index->subpage);
4021				break;
4022			}
4023   			break;
4024		}
4025		default:
4026			panic("invalid page value %d",
4027			      page_index->page_code & SMPH_PC_MASK);
4028			break;
4029    	}
4030	}
4031
4032	return (CTL_RETVAL_COMPLETE);
4033}
4034
4035static int
4036ctl_init_log_page_index(struct ctl_lun *lun)
4037{
4038	struct ctl_page_index *page_index;
4039	int i, j, k, prev;
4040
4041	memcpy(&lun->log_pages.index, log_page_index_template,
4042	       sizeof(log_page_index_template));
4043
4044	prev = -1;
4045	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4046
4047		page_index = &lun->log_pages.index[i];
4048		/*
4049		 * If this is a disk-only mode page, there's no point in
4050		 * setting it up.  For some pages, we have to have some
4051		 * basic information about the disk in order to calculate the
4052		 * mode page data.
4053		 */
4054		if ((lun->be_lun->lun_type != T_DIRECT)
4055		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4056			continue;
4057
4058		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4059		     lun->backend->lun_attr == NULL)
4060			continue;
4061
4062		if (page_index->page_code != prev) {
4063			lun->log_pages.pages_page[j] = page_index->page_code;
4064			prev = page_index->page_code;
4065			j++;
4066		}
4067		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4068		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4069		k++;
4070	}
4071	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4072	lun->log_pages.index[0].page_len = j;
4073	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4074	lun->log_pages.index[1].page_len = k * 2;
4075	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4076	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4077	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4078	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4079
4080	return (CTL_RETVAL_COMPLETE);
4081}
4082
4083static int
4084hex2bin(const char *str, uint8_t *buf, int buf_size)
4085{
4086	int i;
4087	u_char c;
4088
4089	memset(buf, 0, buf_size);
4090	while (isspace(str[0]))
4091		str++;
4092	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4093		str += 2;
4094	buf_size *= 2;
4095	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4096		c = str[i];
4097		if (isdigit(c))
4098			c -= '0';
4099		else if (isalpha(c))
4100			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4101		else
4102			break;
4103		if (c >= 16)
4104			break;
4105		if ((i & 1) == 0)
4106			buf[i / 2] |= (c << 4);
4107		else
4108			buf[i / 2] |= c;
4109	}
4110	return ((i + 1) / 2);
4111}
4112
4113/*
4114 * LUN allocation.
4115 *
4116 * Requirements:
4117 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4118 *   wants us to allocate the LUN and he can block.
4119 * - ctl_softc is always set
4120 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4121 *
4122 * Returns 0 for success, non-zero (errno) for failure.
4123 */
4124static int
4125ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4126	      struct ctl_be_lun *const be_lun)
4127{
4128	struct ctl_lun *nlun, *lun;
4129	struct scsi_vpd_id_descriptor *desc;
4130	struct scsi_vpd_id_t10 *t10id;
4131	const char *eui, *naa, *scsiname, *vendor;
4132	int lun_number, i, lun_malloced;
4133	int devidlen, idlen1, idlen2 = 0, len;
4134
4135	if (be_lun == NULL)
4136		return (EINVAL);
4137
4138	/*
4139	 * We currently only support Direct Access or Processor LUN types.
4140	 */
4141	switch (be_lun->lun_type) {
4142	case T_DIRECT:
4143		break;
4144	case T_PROCESSOR:
4145		break;
4146	case T_SEQUENTIAL:
4147	case T_CHANGER:
4148	default:
4149		be_lun->lun_config_status(be_lun->be_lun,
4150					  CTL_LUN_CONFIG_FAILURE);
4151		break;
4152	}
4153	if (ctl_lun == NULL) {
4154		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4155		lun_malloced = 1;
4156	} else {
4157		lun_malloced = 0;
4158		lun = ctl_lun;
4159	}
4160
4161	memset(lun, 0, sizeof(*lun));
4162	if (lun_malloced)
4163		lun->flags = CTL_LUN_MALLOCED;
4164
4165	/* Generate LUN ID. */
4166	devidlen = max(CTL_DEVID_MIN_LEN,
4167	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4168	idlen1 = sizeof(*t10id) + devidlen;
4169	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4170	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4171	if (scsiname != NULL) {
4172		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4173		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4174	}
4175	eui = ctl_get_opt(&be_lun->options, "eui");
4176	if (eui != NULL) {
4177		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4178	}
4179	naa = ctl_get_opt(&be_lun->options, "naa");
4180	if (naa != NULL) {
4181		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4182	}
4183	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4184	    M_CTL, M_WAITOK | M_ZERO);
4185	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4186	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4187	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4188	desc->length = idlen1;
4189	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4190	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4191	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4192		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4193	} else {
4194		strncpy(t10id->vendor, vendor,
4195		    min(sizeof(t10id->vendor), strlen(vendor)));
4196	}
4197	strncpy((char *)t10id->vendor_spec_id,
4198	    (char *)be_lun->device_id, devidlen);
4199	if (scsiname != NULL) {
4200		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4201		    desc->length);
4202		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4203		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4204		    SVPD_ID_TYPE_SCSI_NAME;
4205		desc->length = idlen2;
4206		strlcpy(desc->identifier, scsiname, idlen2);
4207	}
4208	if (eui != NULL) {
4209		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4210		    desc->length);
4211		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4212		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4213		    SVPD_ID_TYPE_EUI64;
4214		desc->length = hex2bin(eui, desc->identifier, 16);
4215		desc->length = desc->length > 12 ? 16 :
4216		    (desc->length > 8 ? 12 : 8);
4217		len -= 16 - desc->length;
4218	}
4219	if (naa != NULL) {
4220		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4221		    desc->length);
4222		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4223		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4224		    SVPD_ID_TYPE_NAA;
4225		desc->length = hex2bin(naa, desc->identifier, 16);
4226		desc->length = desc->length > 8 ? 16 : 8;
4227		len -= 16 - desc->length;
4228	}
4229	lun->lun_devid->len = len;
4230
4231	mtx_lock(&ctl_softc->ctl_lock);
4232	/*
4233	 * See if the caller requested a particular LUN number.  If so, see
4234	 * if it is available.  Otherwise, allocate the first available LUN.
4235	 */
4236	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4237		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4238		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4239			mtx_unlock(&ctl_softc->ctl_lock);
4240			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4241				printf("ctl: requested LUN ID %d is higher "
4242				       "than CTL_MAX_LUNS - 1 (%d)\n",
4243				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4244			} else {
4245				/*
4246				 * XXX KDM return an error, or just assign
4247				 * another LUN ID in this case??
4248				 */
4249				printf("ctl: requested LUN ID %d is already "
4250				       "in use\n", be_lun->req_lun_id);
4251			}
4252			if (lun->flags & CTL_LUN_MALLOCED)
4253				free(lun, M_CTL);
4254			be_lun->lun_config_status(be_lun->be_lun,
4255						  CTL_LUN_CONFIG_FAILURE);
4256			return (ENOSPC);
4257		}
4258		lun_number = be_lun->req_lun_id;
4259	} else {
4260		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4261		if (lun_number == -1) {
4262			mtx_unlock(&ctl_softc->ctl_lock);
4263			printf("ctl: can't allocate LUN, out of LUNs\n");
4264			if (lun->flags & CTL_LUN_MALLOCED)
4265				free(lun, M_CTL);
4266			be_lun->lun_config_status(be_lun->be_lun,
4267						  CTL_LUN_CONFIG_FAILURE);
4268			return (ENOSPC);
4269		}
4270	}
4271	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4272
4273	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4274	lun->lun = lun_number;
4275	lun->be_lun = be_lun;
4276	/*
4277	 * The processor LUN is always enabled.  Disk LUNs come on line
4278	 * disabled, and must be enabled by the backend.
4279	 */
4280	lun->flags |= CTL_LUN_DISABLED;
4281	lun->backend = be_lun->be;
4282	be_lun->ctl_lun = lun;
4283	be_lun->lun_id = lun_number;
4284	atomic_add_int(&be_lun->be->num_luns, 1);
4285	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4286		lun->flags |= CTL_LUN_OFFLINE;
4287
4288	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4289		lun->flags |= CTL_LUN_STOPPED;
4290
4291	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4292		lun->flags |= CTL_LUN_INOPERABLE;
4293
4294	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4295		lun->flags |= CTL_LUN_PRIMARY_SC;
4296
4297	lun->ctl_softc = ctl_softc;
4298#ifdef CTL_TIME_IO
4299	lun->last_busy = getsbinuptime();
4300#endif
4301	TAILQ_INIT(&lun->ooa_queue);
4302	TAILQ_INIT(&lun->blocked_queue);
4303	STAILQ_INIT(&lun->error_list);
4304	ctl_tpc_lun_init(lun);
4305
4306	/*
4307	 * Initialize the mode and log page index.
4308	 */
4309	ctl_init_page_index(lun);
4310	ctl_init_log_page_index(lun);
4311
4312	/*
4313	 * Now, before we insert this lun on the lun list, set the lun
4314	 * inventory changed UA for all other luns.
4315	 */
4316	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4317		mtx_lock(&nlun->lun_lock);
4318		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4319		mtx_unlock(&nlun->lun_lock);
4320	}
4321
4322	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4323
4324	ctl_softc->ctl_luns[lun_number] = lun;
4325
4326	ctl_softc->num_luns++;
4327
4328	/* Setup statistics gathering */
4329	lun->stats.device_type = be_lun->lun_type;
4330	lun->stats.lun_number = lun_number;
4331	if (lun->stats.device_type == T_DIRECT)
4332		lun->stats.blocksize = be_lun->blocksize;
4333	else
4334		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4335	for (i = 0;i < CTL_MAX_PORTS;i++)
4336		lun->stats.ports[i].targ_port = i;
4337
4338	mtx_unlock(&ctl_softc->ctl_lock);
4339
4340	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4341	return (0);
4342}
4343
4344/*
4345 * Delete a LUN.
4346 * Assumptions:
4347 * - LUN has already been marked invalid and any pending I/O has been taken
4348 *   care of.
4349 */
4350static int
4351ctl_free_lun(struct ctl_lun *lun)
4352{
4353	struct ctl_softc *softc;
4354	struct ctl_lun *nlun;
4355	int i;
4356
4357	softc = lun->ctl_softc;
4358
4359	mtx_assert(&softc->ctl_lock, MA_OWNED);
4360
4361	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4362
4363	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4364
4365	softc->ctl_luns[lun->lun] = NULL;
4366
4367	if (!TAILQ_EMPTY(&lun->ooa_queue))
4368		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4369
4370	softc->num_luns--;
4371
4372	/*
4373	 * Tell the backend to free resources, if this LUN has a backend.
4374	 */
4375	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4376	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4377
4378	ctl_tpc_lun_shutdown(lun);
4379	mtx_destroy(&lun->lun_lock);
4380	free(lun->lun_devid, M_CTL);
4381	for (i = 0; i < CTL_MAX_PORTS; i++)
4382		free(lun->pending_ua[i], M_CTL);
4383	for (i = 0; i < CTL_MAX_PORTS; i++)
4384		free(lun->pr_keys[i], M_CTL);
4385	free(lun->write_buffer, M_CTL);
4386	if (lun->flags & CTL_LUN_MALLOCED)
4387		free(lun, M_CTL);
4388
4389	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4390		mtx_lock(&nlun->lun_lock);
4391		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4392		mtx_unlock(&nlun->lun_lock);
4393	}
4394
4395	return (0);
4396}
4397
4398static void
4399ctl_create_lun(struct ctl_be_lun *be_lun)
4400{
4401	struct ctl_softc *softc;
4402
4403	softc = control_softc;
4404
4405	/*
4406	 * ctl_alloc_lun() should handle all potential failure cases.
4407	 */
4408	ctl_alloc_lun(softc, NULL, be_lun);
4409}
4410
4411int
4412ctl_add_lun(struct ctl_be_lun *be_lun)
4413{
4414	struct ctl_softc *softc = control_softc;
4415
4416	mtx_lock(&softc->ctl_lock);
4417	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4418	mtx_unlock(&softc->ctl_lock);
4419	wakeup(&softc->pending_lun_queue);
4420
4421	return (0);
4422}
4423
4424int
4425ctl_enable_lun(struct ctl_be_lun *be_lun)
4426{
4427	struct ctl_softc *softc;
4428	struct ctl_port *port, *nport;
4429	struct ctl_lun *lun;
4430	int retval;
4431
4432	lun = (struct ctl_lun *)be_lun->ctl_lun;
4433	softc = lun->ctl_softc;
4434
4435	mtx_lock(&softc->ctl_lock);
4436	mtx_lock(&lun->lun_lock);
4437	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4438		/*
4439		 * eh?  Why did we get called if the LUN is already
4440		 * enabled?
4441		 */
4442		mtx_unlock(&lun->lun_lock);
4443		mtx_unlock(&softc->ctl_lock);
4444		return (0);
4445	}
4446	lun->flags &= ~CTL_LUN_DISABLED;
4447	mtx_unlock(&lun->lun_lock);
4448
4449	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4450		nport = STAILQ_NEXT(port, links);
4451		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4452		    port->lun_map != NULL || port->lun_enable == NULL)
4453			continue;
4454
4455		/*
4456		 * Drop the lock while we call the FETD's enable routine.
4457		 * This can lead to a callback into CTL (at least in the
4458		 * case of the internal initiator frontend.
4459		 */
4460		mtx_unlock(&softc->ctl_lock);
4461		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4462		mtx_lock(&softc->ctl_lock);
4463		if (retval != 0) {
4464			printf("%s: FETD %s port %d returned error "
4465			       "%d for lun_enable on lun %jd\n",
4466			       __func__, port->port_name, port->targ_port,
4467			       retval, (intmax_t)lun->lun);
4468		}
4469	}
4470
4471	mtx_unlock(&softc->ctl_lock);
4472	ctl_isc_announce_lun(lun);
4473
4474	return (0);
4475}
4476
4477int
4478ctl_disable_lun(struct ctl_be_lun *be_lun)
4479{
4480	struct ctl_softc *softc;
4481	struct ctl_port *port;
4482	struct ctl_lun *lun;
4483	int retval;
4484
4485	lun = (struct ctl_lun *)be_lun->ctl_lun;
4486	softc = lun->ctl_softc;
4487
4488	mtx_lock(&softc->ctl_lock);
4489	mtx_lock(&lun->lun_lock);
4490	if (lun->flags & CTL_LUN_DISABLED) {
4491		mtx_unlock(&lun->lun_lock);
4492		mtx_unlock(&softc->ctl_lock);
4493		return (0);
4494	}
4495	lun->flags |= CTL_LUN_DISABLED;
4496	mtx_unlock(&lun->lun_lock);
4497
4498	STAILQ_FOREACH(port, &softc->port_list, links) {
4499		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4500		    port->lun_map != NULL || port->lun_disable == NULL)
4501			continue;
4502
4503		/*
4504		 * Drop the lock before we call the frontend's disable
4505		 * routine, to avoid lock order reversals.
4506		 *
4507		 * XXX KDM what happens if the frontend list changes while
4508		 * we're traversing it?  It's unlikely, but should be handled.
4509		 */
4510		mtx_unlock(&softc->ctl_lock);
4511		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4512		mtx_lock(&softc->ctl_lock);
4513		if (retval != 0) {
4514			printf("%s: FETD %s port %d returned error "
4515			       "%d for lun_disable on lun %jd\n",
4516			       __func__, port->port_name, port->targ_port,
4517			       retval, (intmax_t)lun->lun);
4518		}
4519	}
4520
4521	mtx_unlock(&softc->ctl_lock);
4522	ctl_isc_announce_lun(lun);
4523
4524	return (0);
4525}
4526
4527int
4528ctl_start_lun(struct ctl_be_lun *be_lun)
4529{
4530	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4531
4532	mtx_lock(&lun->lun_lock);
4533	lun->flags &= ~CTL_LUN_STOPPED;
4534	mtx_unlock(&lun->lun_lock);
4535	return (0);
4536}
4537
4538int
4539ctl_stop_lun(struct ctl_be_lun *be_lun)
4540{
4541	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4542
4543	mtx_lock(&lun->lun_lock);
4544	lun->flags |= CTL_LUN_STOPPED;
4545	mtx_unlock(&lun->lun_lock);
4546	return (0);
4547}
4548
4549int
4550ctl_lun_offline(struct ctl_be_lun *be_lun)
4551{
4552	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4553
4554	mtx_lock(&lun->lun_lock);
4555	lun->flags |= CTL_LUN_OFFLINE;
4556	mtx_unlock(&lun->lun_lock);
4557	return (0);
4558}
4559
4560int
4561ctl_lun_online(struct ctl_be_lun *be_lun)
4562{
4563	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4564
4565	mtx_lock(&lun->lun_lock);
4566	lun->flags &= ~CTL_LUN_OFFLINE;
4567	mtx_unlock(&lun->lun_lock);
4568	return (0);
4569}
4570
4571int
4572ctl_lun_primary(struct ctl_be_lun *be_lun)
4573{
4574	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4575
4576	mtx_lock(&lun->lun_lock);
4577	lun->flags |= CTL_LUN_PRIMARY_SC;
4578	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4579	mtx_unlock(&lun->lun_lock);
4580	ctl_isc_announce_lun(lun);
4581	return (0);
4582}
4583
4584int
4585ctl_lun_secondary(struct ctl_be_lun *be_lun)
4586{
4587	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4588
4589	mtx_lock(&lun->lun_lock);
4590	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4591	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4592	mtx_unlock(&lun->lun_lock);
4593	ctl_isc_announce_lun(lun);
4594	return (0);
4595}
4596
4597int
4598ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4599{
4600	struct ctl_softc *softc;
4601	struct ctl_lun *lun;
4602
4603	lun = (struct ctl_lun *)be_lun->ctl_lun;
4604	softc = lun->ctl_softc;
4605
4606	mtx_lock(&lun->lun_lock);
4607
4608	/*
4609	 * The LUN needs to be disabled before it can be marked invalid.
4610	 */
4611	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4612		mtx_unlock(&lun->lun_lock);
4613		return (-1);
4614	}
4615	/*
4616	 * Mark the LUN invalid.
4617	 */
4618	lun->flags |= CTL_LUN_INVALID;
4619
4620	/*
4621	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4622	 * If we have something in the OOA queue, we'll free it when the
4623	 * last I/O completes.
4624	 */
4625	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4626		mtx_unlock(&lun->lun_lock);
4627		mtx_lock(&softc->ctl_lock);
4628		ctl_free_lun(lun);
4629		mtx_unlock(&softc->ctl_lock);
4630	} else
4631		mtx_unlock(&lun->lun_lock);
4632
4633	return (0);
4634}
4635
4636int
4637ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4638{
4639	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4640
4641	mtx_lock(&lun->lun_lock);
4642	lun->flags |= CTL_LUN_INOPERABLE;
4643	mtx_unlock(&lun->lun_lock);
4644	return (0);
4645}
4646
4647int
4648ctl_lun_operable(struct ctl_be_lun *be_lun)
4649{
4650	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4651
4652	mtx_lock(&lun->lun_lock);
4653	lun->flags &= ~CTL_LUN_INOPERABLE;
4654	mtx_unlock(&lun->lun_lock);
4655	return (0);
4656}
4657
4658void
4659ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4660{
4661	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4662	union ctl_ha_msg msg;
4663
4664	mtx_lock(&lun->lun_lock);
4665	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4666	mtx_unlock(&lun->lun_lock);
4667	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4668		/* Send msg to other side. */
4669		bzero(&msg.ua, sizeof(msg.ua));
4670		msg.hdr.msg_type = CTL_MSG_UA;
4671		msg.hdr.nexus.initid = -1;
4672		msg.hdr.nexus.targ_port = -1;
4673		msg.hdr.nexus.targ_lun = lun->lun;
4674		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4675		msg.ua.ua_all = 1;
4676		msg.ua.ua_set = 1;
4677		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4678		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4679		    M_WAITOK);
4680	}
4681}
4682
4683/*
4684 * Backend "memory move is complete" callback for requests that never
4685 * make it down to say RAIDCore's configuration code.
4686 */
4687int
4688ctl_config_move_done(union ctl_io *io)
4689{
4690	int retval;
4691
4692	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4693	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4694	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4695
4696	if ((io->io_hdr.port_status != 0) &&
4697	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4698	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4699		/*
4700		 * For hardware error sense keys, the sense key
4701		 * specific value is defined to be a retry count,
4702		 * but we use it to pass back an internal FETD
4703		 * error code.  XXX KDM  Hopefully the FETD is only
4704		 * using 16 bits for an error code, since that's
4705		 * all the space we have in the sks field.
4706		 */
4707		ctl_set_internal_failure(&io->scsiio,
4708					 /*sks_valid*/ 1,
4709					 /*retry_count*/
4710					 io->io_hdr.port_status);
4711	}
4712
4713	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4714		ctl_data_print(io);
4715	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4716	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4717	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4718	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4719		/*
4720		 * XXX KDM just assuming a single pointer here, and not a
4721		 * S/G list.  If we start using S/G lists for config data,
4722		 * we'll need to know how to clean them up here as well.
4723		 */
4724		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4725			free(io->scsiio.kern_data_ptr, M_CTL);
4726		ctl_done(io);
4727		retval = CTL_RETVAL_COMPLETE;
4728	} else {
4729		/*
4730		 * XXX KDM now we need to continue data movement.  Some
4731		 * options:
4732		 * - call ctl_scsiio() again?  We don't do this for data
4733		 *   writes, because for those at least we know ahead of
4734		 *   time where the write will go and how long it is.  For
4735		 *   config writes, though, that information is largely
4736		 *   contained within the write itself, thus we need to
4737		 *   parse out the data again.
4738		 *
4739		 * - Call some other function once the data is in?
4740		 */
4741
4742		/*
4743		 * XXX KDM call ctl_scsiio() again for now, and check flag
4744		 * bits to see whether we're allocated or not.
4745		 */
4746		retval = ctl_scsiio(&io->scsiio);
4747	}
4748	return (retval);
4749}
4750
4751/*
4752 * This gets called by a backend driver when it is done with a
4753 * data_submit method.
4754 */
4755void
4756ctl_data_submit_done(union ctl_io *io)
4757{
4758	/*
4759	 * If the IO_CONT flag is set, we need to call the supplied
4760	 * function to continue processing the I/O, instead of completing
4761	 * the I/O just yet.
4762	 *
4763	 * If there is an error, though, we don't want to keep processing.
4764	 * Instead, just send status back to the initiator.
4765	 */
4766	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4767	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4768	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4769	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4770		io->scsiio.io_cont(io);
4771		return;
4772	}
4773	ctl_done(io);
4774}
4775
4776/*
4777 * This gets called by a backend driver when it is done with a
4778 * configuration write.
4779 */
4780void
4781ctl_config_write_done(union ctl_io *io)
4782{
4783	uint8_t *buf;
4784
4785	/*
4786	 * If the IO_CONT flag is set, we need to call the supplied
4787	 * function to continue processing the I/O, instead of completing
4788	 * the I/O just yet.
4789	 *
4790	 * If there is an error, though, we don't want to keep processing.
4791	 * Instead, just send status back to the initiator.
4792	 */
4793	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4794	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4795	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4796	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4797		io->scsiio.io_cont(io);
4798		return;
4799	}
4800	/*
4801	 * Since a configuration write can be done for commands that actually
4802	 * have data allocated, like write buffer, and commands that have
4803	 * no data, like start/stop unit, we need to check here.
4804	 */
4805	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4806		buf = io->scsiio.kern_data_ptr;
4807	else
4808		buf = NULL;
4809	ctl_done(io);
4810	if (buf)
4811		free(buf, M_CTL);
4812}
4813
4814void
4815ctl_config_read_done(union ctl_io *io)
4816{
4817	uint8_t *buf;
4818
4819	/*
4820	 * If there is some error -- we are done, skip data transfer.
4821	 */
4822	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4823	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4824	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4825		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4826			buf = io->scsiio.kern_data_ptr;
4827		else
4828			buf = NULL;
4829		ctl_done(io);
4830		if (buf)
4831			free(buf, M_CTL);
4832		return;
4833	}
4834
4835	/*
4836	 * If the IO_CONT flag is set, we need to call the supplied
4837	 * function to continue processing the I/O, instead of completing
4838	 * the I/O just yet.
4839	 */
4840	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4841		io->scsiio.io_cont(io);
4842		return;
4843	}
4844
4845	ctl_datamove(io);
4846}
4847
4848/*
4849 * SCSI release command.
4850 */
4851int
4852ctl_scsi_release(struct ctl_scsiio *ctsio)
4853{
4854	int length, longid, thirdparty_id, resv_id;
4855	struct ctl_lun *lun;
4856	uint32_t residx;
4857
4858	length = 0;
4859	resv_id = 0;
4860
4861	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4862
4863	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4864	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4865
4866	switch (ctsio->cdb[0]) {
4867	case RELEASE_10: {
4868		struct scsi_release_10 *cdb;
4869
4870		cdb = (struct scsi_release_10 *)ctsio->cdb;
4871
4872		if (cdb->byte2 & SR10_LONGID)
4873			longid = 1;
4874		else
4875			thirdparty_id = cdb->thirdparty_id;
4876
4877		resv_id = cdb->resv_id;
4878		length = scsi_2btoul(cdb->length);
4879		break;
4880	}
4881	}
4882
4883
4884	/*
4885	 * XXX KDM right now, we only support LUN reservation.  We don't
4886	 * support 3rd party reservations, or extent reservations, which
4887	 * might actually need the parameter list.  If we've gotten this
4888	 * far, we've got a LUN reservation.  Anything else got kicked out
4889	 * above.  So, according to SPC, ignore the length.
4890	 */
4891	length = 0;
4892
4893	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4894	 && (length > 0)) {
4895		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4896		ctsio->kern_data_len = length;
4897		ctsio->kern_total_len = length;
4898		ctsio->kern_data_resid = 0;
4899		ctsio->kern_rel_offset = 0;
4900		ctsio->kern_sg_entries = 0;
4901		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4902		ctsio->be_move_done = ctl_config_move_done;
4903		ctl_datamove((union ctl_io *)ctsio);
4904
4905		return (CTL_RETVAL_COMPLETE);
4906	}
4907
4908	if (length > 0)
4909		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4910
4911	mtx_lock(&lun->lun_lock);
4912
4913	/*
4914	 * According to SPC, it is not an error for an intiator to attempt
4915	 * to release a reservation on a LUN that isn't reserved, or that
4916	 * is reserved by another initiator.  The reservation can only be
4917	 * released, though, by the initiator who made it or by one of
4918	 * several reset type events.
4919	 */
4920	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
4921			lun->flags &= ~CTL_LUN_RESERVED;
4922
4923	mtx_unlock(&lun->lun_lock);
4924
4925	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4926		free(ctsio->kern_data_ptr, M_CTL);
4927		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4928	}
4929
4930	ctl_set_success(ctsio);
4931	ctl_done((union ctl_io *)ctsio);
4932	return (CTL_RETVAL_COMPLETE);
4933}
4934
4935int
4936ctl_scsi_reserve(struct ctl_scsiio *ctsio)
4937{
4938	int extent, thirdparty, longid;
4939	int resv_id, length;
4940	uint64_t thirdparty_id;
4941	struct ctl_lun *lun;
4942	uint32_t residx;
4943
4944	extent = 0;
4945	thirdparty = 0;
4946	longid = 0;
4947	resv_id = 0;
4948	length = 0;
4949	thirdparty_id = 0;
4950
4951	CTL_DEBUG_PRINT(("ctl_reserve\n"));
4952
4953	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4954	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4955
4956	switch (ctsio->cdb[0]) {
4957	case RESERVE_10: {
4958		struct scsi_reserve_10 *cdb;
4959
4960		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
4961
4962		if (cdb->byte2 & SR10_LONGID)
4963			longid = 1;
4964		else
4965			thirdparty_id = cdb->thirdparty_id;
4966
4967		resv_id = cdb->resv_id;
4968		length = scsi_2btoul(cdb->length);
4969		break;
4970	}
4971	}
4972
4973	/*
4974	 * XXX KDM right now, we only support LUN reservation.  We don't
4975	 * support 3rd party reservations, or extent reservations, which
4976	 * might actually need the parameter list.  If we've gotten this
4977	 * far, we've got a LUN reservation.  Anything else got kicked out
4978	 * above.  So, according to SPC, ignore the length.
4979	 */
4980	length = 0;
4981
4982	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4983	 && (length > 0)) {
4984		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4985		ctsio->kern_data_len = length;
4986		ctsio->kern_total_len = length;
4987		ctsio->kern_data_resid = 0;
4988		ctsio->kern_rel_offset = 0;
4989		ctsio->kern_sg_entries = 0;
4990		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4991		ctsio->be_move_done = ctl_config_move_done;
4992		ctl_datamove((union ctl_io *)ctsio);
4993
4994		return (CTL_RETVAL_COMPLETE);
4995	}
4996
4997	if (length > 0)
4998		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4999
5000	mtx_lock(&lun->lun_lock);
5001	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5002		ctl_set_reservation_conflict(ctsio);
5003		goto bailout;
5004	}
5005
5006	lun->flags |= CTL_LUN_RESERVED;
5007	lun->res_idx = residx;
5008
5009	ctl_set_success(ctsio);
5010
5011bailout:
5012	mtx_unlock(&lun->lun_lock);
5013
5014	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5015		free(ctsio->kern_data_ptr, M_CTL);
5016		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5017	}
5018
5019	ctl_done((union ctl_io *)ctsio);
5020	return (CTL_RETVAL_COMPLETE);
5021}
5022
5023int
5024ctl_start_stop(struct ctl_scsiio *ctsio)
5025{
5026	struct scsi_start_stop_unit *cdb;
5027	struct ctl_lun *lun;
5028	int retval;
5029
5030	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5031
5032	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5033	retval = 0;
5034
5035	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5036
5037	/*
5038	 * XXX KDM
5039	 * We don't support the immediate bit on a stop unit.  In order to
5040	 * do that, we would need to code up a way to know that a stop is
5041	 * pending, and hold off any new commands until it completes, one
5042	 * way or another.  Then we could accept or reject those commands
5043	 * depending on its status.  We would almost need to do the reverse
5044	 * of what we do below for an immediate start -- return the copy of
5045	 * the ctl_io to the FETD with status to send to the host (and to
5046	 * free the copy!) and then free the original I/O once the stop
5047	 * actually completes.  That way, the OOA queue mechanism can work
5048	 * to block commands that shouldn't proceed.  Another alternative
5049	 * would be to put the copy in the queue in place of the original,
5050	 * and return the original back to the caller.  That could be
5051	 * slightly safer..
5052	 */
5053	if ((cdb->byte2 & SSS_IMMED)
5054	 && ((cdb->how & SSS_START) == 0)) {
5055		ctl_set_invalid_field(ctsio,
5056				      /*sks_valid*/ 1,
5057				      /*command*/ 1,
5058				      /*field*/ 1,
5059				      /*bit_valid*/ 1,
5060				      /*bit*/ 0);
5061		ctl_done((union ctl_io *)ctsio);
5062		return (CTL_RETVAL_COMPLETE);
5063	}
5064
5065	if ((lun->flags & CTL_LUN_PR_RESERVED)
5066	 && ((cdb->how & SSS_START)==0)) {
5067		uint32_t residx;
5068
5069		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5070		if (ctl_get_prkey(lun, residx) == 0
5071		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5072
5073			ctl_set_reservation_conflict(ctsio);
5074			ctl_done((union ctl_io *)ctsio);
5075			return (CTL_RETVAL_COMPLETE);
5076		}
5077	}
5078
5079	/*
5080	 * If there is no backend on this device, we can't start or stop
5081	 * it.  In theory we shouldn't get any start/stop commands in the
5082	 * first place at this level if the LUN doesn't have a backend.
5083	 * That should get stopped by the command decode code.
5084	 */
5085	if (lun->backend == NULL) {
5086		ctl_set_invalid_opcode(ctsio);
5087		ctl_done((union ctl_io *)ctsio);
5088		return (CTL_RETVAL_COMPLETE);
5089	}
5090
5091	/*
5092	 * XXX KDM Copan-specific offline behavior.
5093	 * Figure out a reasonable way to port this?
5094	 */
5095#ifdef NEEDTOPORT
5096	mtx_lock(&lun->lun_lock);
5097
5098	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5099	 && (lun->flags & CTL_LUN_OFFLINE)) {
5100		/*
5101		 * If the LUN is offline, and the on/offline bit isn't set,
5102		 * reject the start or stop.  Otherwise, let it through.
5103		 */
5104		mtx_unlock(&lun->lun_lock);
5105		ctl_set_lun_not_ready(ctsio);
5106		ctl_done((union ctl_io *)ctsio);
5107	} else {
5108		mtx_unlock(&lun->lun_lock);
5109#endif /* NEEDTOPORT */
5110		/*
5111		 * This could be a start or a stop when we're online,
5112		 * or a stop/offline or start/online.  A start or stop when
5113		 * we're offline is covered in the case above.
5114		 */
5115		/*
5116		 * In the non-immediate case, we send the request to
5117		 * the backend and return status to the user when
5118		 * it is done.
5119		 *
5120		 * In the immediate case, we allocate a new ctl_io
5121		 * to hold a copy of the request, and send that to
5122		 * the backend.  We then set good status on the
5123		 * user's request and return it immediately.
5124		 */
5125		if (cdb->byte2 & SSS_IMMED) {
5126			union ctl_io *new_io;
5127
5128			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5129			ctl_copy_io((union ctl_io *)ctsio, new_io);
5130			retval = lun->backend->config_write(new_io);
5131			ctl_set_success(ctsio);
5132			ctl_done((union ctl_io *)ctsio);
5133		} else {
5134			retval = lun->backend->config_write(
5135				(union ctl_io *)ctsio);
5136		}
5137#ifdef NEEDTOPORT
5138	}
5139#endif
5140	return (retval);
5141}
5142
5143/*
5144 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5145 * we don't really do anything with the LBA and length fields if the user
5146 * passes them in.  Instead we'll just flush out the cache for the entire
5147 * LUN.
5148 */
5149int
5150ctl_sync_cache(struct ctl_scsiio *ctsio)
5151{
5152	struct ctl_lun *lun;
5153	struct ctl_softc *softc;
5154	struct ctl_lba_len_flags *lbalen;
5155	uint64_t starting_lba;
5156	uint32_t block_count;
5157	int retval;
5158	uint8_t byte2;
5159
5160	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5161
5162	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5163	softc = lun->ctl_softc;
5164	retval = 0;
5165
5166	switch (ctsio->cdb[0]) {
5167	case SYNCHRONIZE_CACHE: {
5168		struct scsi_sync_cache *cdb;
5169		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5170
5171		starting_lba = scsi_4btoul(cdb->begin_lba);
5172		block_count = scsi_2btoul(cdb->lb_count);
5173		byte2 = cdb->byte2;
5174		break;
5175	}
5176	case SYNCHRONIZE_CACHE_16: {
5177		struct scsi_sync_cache_16 *cdb;
5178		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5179
5180		starting_lba = scsi_8btou64(cdb->begin_lba);
5181		block_count = scsi_4btoul(cdb->lb_count);
5182		byte2 = cdb->byte2;
5183		break;
5184	}
5185	default:
5186		ctl_set_invalid_opcode(ctsio);
5187		ctl_done((union ctl_io *)ctsio);
5188		goto bailout;
5189		break; /* NOTREACHED */
5190	}
5191
5192	/*
5193	 * We check the LBA and length, but don't do anything with them.
5194	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5195	 * get flushed.  This check will just help satisfy anyone who wants
5196	 * to see an error for an out of range LBA.
5197	 */
5198	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5199		ctl_set_lba_out_of_range(ctsio);
5200		ctl_done((union ctl_io *)ctsio);
5201		goto bailout;
5202	}
5203
5204	/*
5205	 * If this LUN has no backend, we can't flush the cache anyway.
5206	 */
5207	if (lun->backend == NULL) {
5208		ctl_set_invalid_opcode(ctsio);
5209		ctl_done((union ctl_io *)ctsio);
5210		goto bailout;
5211	}
5212
5213	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5214	lbalen->lba = starting_lba;
5215	lbalen->len = block_count;
5216	lbalen->flags = byte2;
5217
5218	/*
5219	 * Check to see whether we're configured to send the SYNCHRONIZE
5220	 * CACHE command directly to the back end.
5221	 */
5222	mtx_lock(&lun->lun_lock);
5223	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5224	 && (++(lun->sync_count) >= lun->sync_interval)) {
5225		lun->sync_count = 0;
5226		mtx_unlock(&lun->lun_lock);
5227		retval = lun->backend->config_write((union ctl_io *)ctsio);
5228	} else {
5229		mtx_unlock(&lun->lun_lock);
5230		ctl_set_success(ctsio);
5231		ctl_done((union ctl_io *)ctsio);
5232	}
5233
5234bailout:
5235
5236	return (retval);
5237}
5238
5239int
5240ctl_format(struct ctl_scsiio *ctsio)
5241{
5242	struct scsi_format *cdb;
5243	struct ctl_lun *lun;
5244	int length, defect_list_len;
5245
5246	CTL_DEBUG_PRINT(("ctl_format\n"));
5247
5248	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5249
5250	cdb = (struct scsi_format *)ctsio->cdb;
5251
5252	length = 0;
5253	if (cdb->byte2 & SF_FMTDATA) {
5254		if (cdb->byte2 & SF_LONGLIST)
5255			length = sizeof(struct scsi_format_header_long);
5256		else
5257			length = sizeof(struct scsi_format_header_short);
5258	}
5259
5260	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5261	 && (length > 0)) {
5262		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5263		ctsio->kern_data_len = length;
5264		ctsio->kern_total_len = length;
5265		ctsio->kern_data_resid = 0;
5266		ctsio->kern_rel_offset = 0;
5267		ctsio->kern_sg_entries = 0;
5268		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5269		ctsio->be_move_done = ctl_config_move_done;
5270		ctl_datamove((union ctl_io *)ctsio);
5271
5272		return (CTL_RETVAL_COMPLETE);
5273	}
5274
5275	defect_list_len = 0;
5276
5277	if (cdb->byte2 & SF_FMTDATA) {
5278		if (cdb->byte2 & SF_LONGLIST) {
5279			struct scsi_format_header_long *header;
5280
5281			header = (struct scsi_format_header_long *)
5282				ctsio->kern_data_ptr;
5283
5284			defect_list_len = scsi_4btoul(header->defect_list_len);
5285			if (defect_list_len != 0) {
5286				ctl_set_invalid_field(ctsio,
5287						      /*sks_valid*/ 1,
5288						      /*command*/ 0,
5289						      /*field*/ 2,
5290						      /*bit_valid*/ 0,
5291						      /*bit*/ 0);
5292				goto bailout;
5293			}
5294		} else {
5295			struct scsi_format_header_short *header;
5296
5297			header = (struct scsi_format_header_short *)
5298				ctsio->kern_data_ptr;
5299
5300			defect_list_len = scsi_2btoul(header->defect_list_len);
5301			if (defect_list_len != 0) {
5302				ctl_set_invalid_field(ctsio,
5303						      /*sks_valid*/ 1,
5304						      /*command*/ 0,
5305						      /*field*/ 2,
5306						      /*bit_valid*/ 0,
5307						      /*bit*/ 0);
5308				goto bailout;
5309			}
5310		}
5311	}
5312
5313	/*
5314	 * The format command will clear out the "Medium format corrupted"
5315	 * status if set by the configuration code.  That status is really
5316	 * just a way to notify the host that we have lost the media, and
5317	 * get them to issue a command that will basically make them think
5318	 * they're blowing away the media.
5319	 */
5320	mtx_lock(&lun->lun_lock);
5321	lun->flags &= ~CTL_LUN_INOPERABLE;
5322	mtx_unlock(&lun->lun_lock);
5323
5324	ctl_set_success(ctsio);
5325bailout:
5326
5327	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5328		free(ctsio->kern_data_ptr, M_CTL);
5329		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5330	}
5331
5332	ctl_done((union ctl_io *)ctsio);
5333	return (CTL_RETVAL_COMPLETE);
5334}
5335
5336int
5337ctl_read_buffer(struct ctl_scsiio *ctsio)
5338{
5339	struct scsi_read_buffer *cdb;
5340	struct ctl_lun *lun;
5341	int buffer_offset, len;
5342	static uint8_t descr[4];
5343	static uint8_t echo_descr[4] = { 0 };
5344
5345	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5346
5347	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5348	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5349
5350	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5351	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5352	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5353		ctl_set_invalid_field(ctsio,
5354				      /*sks_valid*/ 1,
5355				      /*command*/ 1,
5356				      /*field*/ 1,
5357				      /*bit_valid*/ 1,
5358				      /*bit*/ 4);
5359		ctl_done((union ctl_io *)ctsio);
5360		return (CTL_RETVAL_COMPLETE);
5361	}
5362
5363	len = scsi_3btoul(cdb->length);
5364	buffer_offset = scsi_3btoul(cdb->offset);
5365
5366	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5367		ctl_set_invalid_field(ctsio,
5368				      /*sks_valid*/ 1,
5369				      /*command*/ 1,
5370				      /*field*/ 6,
5371				      /*bit_valid*/ 0,
5372				      /*bit*/ 0);
5373		ctl_done((union ctl_io *)ctsio);
5374		return (CTL_RETVAL_COMPLETE);
5375	}
5376
5377	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5378		descr[0] = 0;
5379		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5380		ctsio->kern_data_ptr = descr;
5381		len = min(len, sizeof(descr));
5382	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5383		ctsio->kern_data_ptr = echo_descr;
5384		len = min(len, sizeof(echo_descr));
5385	} else {
5386		if (lun->write_buffer == NULL) {
5387			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5388			    M_CTL, M_WAITOK);
5389		}
5390		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5391	}
5392	ctsio->kern_data_len = len;
5393	ctsio->kern_total_len = len;
5394	ctsio->kern_data_resid = 0;
5395	ctsio->kern_rel_offset = 0;
5396	ctsio->kern_sg_entries = 0;
5397	ctl_set_success(ctsio);
5398	ctsio->be_move_done = ctl_config_move_done;
5399	ctl_datamove((union ctl_io *)ctsio);
5400	return (CTL_RETVAL_COMPLETE);
5401}
5402
5403int
5404ctl_write_buffer(struct ctl_scsiio *ctsio)
5405{
5406	struct scsi_write_buffer *cdb;
5407	struct ctl_lun *lun;
5408	int buffer_offset, len;
5409
5410	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5411
5412	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5413	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5414
5415	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5416		ctl_set_invalid_field(ctsio,
5417				      /*sks_valid*/ 1,
5418				      /*command*/ 1,
5419				      /*field*/ 1,
5420				      /*bit_valid*/ 1,
5421				      /*bit*/ 4);
5422		ctl_done((union ctl_io *)ctsio);
5423		return (CTL_RETVAL_COMPLETE);
5424	}
5425
5426	len = scsi_3btoul(cdb->length);
5427	buffer_offset = scsi_3btoul(cdb->offset);
5428
5429	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5430		ctl_set_invalid_field(ctsio,
5431				      /*sks_valid*/ 1,
5432				      /*command*/ 1,
5433				      /*field*/ 6,
5434				      /*bit_valid*/ 0,
5435				      /*bit*/ 0);
5436		ctl_done((union ctl_io *)ctsio);
5437		return (CTL_RETVAL_COMPLETE);
5438	}
5439
5440	/*
5441	 * If we've got a kernel request that hasn't been malloced yet,
5442	 * malloc it and tell the caller the data buffer is here.
5443	 */
5444	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5445		if (lun->write_buffer == NULL) {
5446			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5447			    M_CTL, M_WAITOK);
5448		}
5449		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5450		ctsio->kern_data_len = len;
5451		ctsio->kern_total_len = len;
5452		ctsio->kern_data_resid = 0;
5453		ctsio->kern_rel_offset = 0;
5454		ctsio->kern_sg_entries = 0;
5455		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5456		ctsio->be_move_done = ctl_config_move_done;
5457		ctl_datamove((union ctl_io *)ctsio);
5458
5459		return (CTL_RETVAL_COMPLETE);
5460	}
5461
5462	ctl_set_success(ctsio);
5463	ctl_done((union ctl_io *)ctsio);
5464	return (CTL_RETVAL_COMPLETE);
5465}
5466
5467int
5468ctl_write_same(struct ctl_scsiio *ctsio)
5469{
5470	struct ctl_lun *lun;
5471	struct ctl_lba_len_flags *lbalen;
5472	uint64_t lba;
5473	uint32_t num_blocks;
5474	int len, retval;
5475	uint8_t byte2;
5476
5477	retval = CTL_RETVAL_COMPLETE;
5478
5479	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5480
5481	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5482
5483	switch (ctsio->cdb[0]) {
5484	case WRITE_SAME_10: {
5485		struct scsi_write_same_10 *cdb;
5486
5487		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5488
5489		lba = scsi_4btoul(cdb->addr);
5490		num_blocks = scsi_2btoul(cdb->length);
5491		byte2 = cdb->byte2;
5492		break;
5493	}
5494	case WRITE_SAME_16: {
5495		struct scsi_write_same_16 *cdb;
5496
5497		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5498
5499		lba = scsi_8btou64(cdb->addr);
5500		num_blocks = scsi_4btoul(cdb->length);
5501		byte2 = cdb->byte2;
5502		break;
5503	}
5504	default:
5505		/*
5506		 * We got a command we don't support.  This shouldn't
5507		 * happen, commands should be filtered out above us.
5508		 */
5509		ctl_set_invalid_opcode(ctsio);
5510		ctl_done((union ctl_io *)ctsio);
5511
5512		return (CTL_RETVAL_COMPLETE);
5513		break; /* NOTREACHED */
5514	}
5515
5516	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5517	if ((byte2 & SWS_UNMAP) == 0 &&
5518	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5519		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5520		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5521		ctl_done((union ctl_io *)ctsio);
5522		return (CTL_RETVAL_COMPLETE);
5523	}
5524
5525	/*
5526	 * The first check is to make sure we're in bounds, the second
5527	 * check is to catch wrap-around problems.  If the lba + num blocks
5528	 * is less than the lba, then we've wrapped around and the block
5529	 * range is invalid anyway.
5530	 */
5531	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5532	 || ((lba + num_blocks) < lba)) {
5533		ctl_set_lba_out_of_range(ctsio);
5534		ctl_done((union ctl_io *)ctsio);
5535		return (CTL_RETVAL_COMPLETE);
5536	}
5537
5538	/* Zero number of blocks means "to the last logical block" */
5539	if (num_blocks == 0) {
5540		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5541			ctl_set_invalid_field(ctsio,
5542					      /*sks_valid*/ 0,
5543					      /*command*/ 1,
5544					      /*field*/ 0,
5545					      /*bit_valid*/ 0,
5546					      /*bit*/ 0);
5547			ctl_done((union ctl_io *)ctsio);
5548			return (CTL_RETVAL_COMPLETE);
5549		}
5550		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5551	}
5552
5553	len = lun->be_lun->blocksize;
5554
5555	/*
5556	 * If we've got a kernel request that hasn't been malloced yet,
5557	 * malloc it and tell the caller the data buffer is here.
5558	 */
5559	if ((byte2 & SWS_NDOB) == 0 &&
5560	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5561		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5562		ctsio->kern_data_len = len;
5563		ctsio->kern_total_len = len;
5564		ctsio->kern_data_resid = 0;
5565		ctsio->kern_rel_offset = 0;
5566		ctsio->kern_sg_entries = 0;
5567		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5568		ctsio->be_move_done = ctl_config_move_done;
5569		ctl_datamove((union ctl_io *)ctsio);
5570
5571		return (CTL_RETVAL_COMPLETE);
5572	}
5573
5574	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5575	lbalen->lba = lba;
5576	lbalen->len = num_blocks;
5577	lbalen->flags = byte2;
5578	retval = lun->backend->config_write((union ctl_io *)ctsio);
5579
5580	return (retval);
5581}
5582
5583int
5584ctl_unmap(struct ctl_scsiio *ctsio)
5585{
5586	struct ctl_lun *lun;
5587	struct scsi_unmap *cdb;
5588	struct ctl_ptr_len_flags *ptrlen;
5589	struct scsi_unmap_header *hdr;
5590	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5591	uint64_t lba;
5592	uint32_t num_blocks;
5593	int len, retval;
5594	uint8_t byte2;
5595
5596	retval = CTL_RETVAL_COMPLETE;
5597
5598	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5599
5600	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5601	cdb = (struct scsi_unmap *)ctsio->cdb;
5602
5603	len = scsi_2btoul(cdb->length);
5604	byte2 = cdb->byte2;
5605
5606	/*
5607	 * If we've got a kernel request that hasn't been malloced yet,
5608	 * malloc it and tell the caller the data buffer is here.
5609	 */
5610	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5611		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5612		ctsio->kern_data_len = len;
5613		ctsio->kern_total_len = len;
5614		ctsio->kern_data_resid = 0;
5615		ctsio->kern_rel_offset = 0;
5616		ctsio->kern_sg_entries = 0;
5617		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5618		ctsio->be_move_done = ctl_config_move_done;
5619		ctl_datamove((union ctl_io *)ctsio);
5620
5621		return (CTL_RETVAL_COMPLETE);
5622	}
5623
5624	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5625	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5626	if (len < sizeof (*hdr) ||
5627	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5628	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5629	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5630		ctl_set_invalid_field(ctsio,
5631				      /*sks_valid*/ 0,
5632				      /*command*/ 0,
5633				      /*field*/ 0,
5634				      /*bit_valid*/ 0,
5635				      /*bit*/ 0);
5636		goto done;
5637	}
5638	len = scsi_2btoul(hdr->desc_length);
5639	buf = (struct scsi_unmap_desc *)(hdr + 1);
5640	end = buf + len / sizeof(*buf);
5641
5642	endnz = buf;
5643	for (range = buf; range < end; range++) {
5644		lba = scsi_8btou64(range->lba);
5645		num_blocks = scsi_4btoul(range->length);
5646		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5647		 || ((lba + num_blocks) < lba)) {
5648			ctl_set_lba_out_of_range(ctsio);
5649			ctl_done((union ctl_io *)ctsio);
5650			return (CTL_RETVAL_COMPLETE);
5651		}
5652		if (num_blocks != 0)
5653			endnz = range + 1;
5654	}
5655
5656	/*
5657	 * Block backend can not handle zero last range.
5658	 * Filter it out and return if there is nothing left.
5659	 */
5660	len = (uint8_t *)endnz - (uint8_t *)buf;
5661	if (len == 0) {
5662		ctl_set_success(ctsio);
5663		goto done;
5664	}
5665
5666	mtx_lock(&lun->lun_lock);
5667	ptrlen = (struct ctl_ptr_len_flags *)
5668	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5669	ptrlen->ptr = (void *)buf;
5670	ptrlen->len = len;
5671	ptrlen->flags = byte2;
5672	ctl_check_blocked(lun);
5673	mtx_unlock(&lun->lun_lock);
5674
5675	retval = lun->backend->config_write((union ctl_io *)ctsio);
5676	return (retval);
5677
5678done:
5679	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5680		free(ctsio->kern_data_ptr, M_CTL);
5681		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5682	}
5683	ctl_done((union ctl_io *)ctsio);
5684	return (CTL_RETVAL_COMPLETE);
5685}
5686
5687/*
5688 * Note that this function currently doesn't actually do anything inside
5689 * CTL to enforce things if the DQue bit is turned on.
5690 *
5691 * Also note that this function can't be used in the default case, because
5692 * the DQue bit isn't set in the changeable mask for the control mode page
5693 * anyway.  This is just here as an example for how to implement a page
5694 * handler, and a placeholder in case we want to allow the user to turn
5695 * tagged queueing on and off.
5696 *
5697 * The D_SENSE bit handling is functional, however, and will turn
5698 * descriptor sense on and off for a given LUN.
5699 */
5700int
5701ctl_control_page_handler(struct ctl_scsiio *ctsio,
5702			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5703{
5704	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5705	struct ctl_lun *lun;
5706	int set_ua;
5707	uint32_t initidx;
5708
5709	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5710	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5711	set_ua = 0;
5712
5713	user_cp = (struct scsi_control_page *)page_ptr;
5714	current_cp = (struct scsi_control_page *)
5715		(page_index->page_data + (page_index->page_len *
5716		CTL_PAGE_CURRENT));
5717	saved_cp = (struct scsi_control_page *)
5718		(page_index->page_data + (page_index->page_len *
5719		CTL_PAGE_SAVED));
5720
5721	mtx_lock(&lun->lun_lock);
5722	if (((current_cp->rlec & SCP_DSENSE) == 0)
5723	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5724		/*
5725		 * Descriptor sense is currently turned off and the user
5726		 * wants to turn it on.
5727		 */
5728		current_cp->rlec |= SCP_DSENSE;
5729		saved_cp->rlec |= SCP_DSENSE;
5730		lun->flags |= CTL_LUN_SENSE_DESC;
5731		set_ua = 1;
5732	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5733		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5734		/*
5735		 * Descriptor sense is currently turned on, and the user
5736		 * wants to turn it off.
5737		 */
5738		current_cp->rlec &= ~SCP_DSENSE;
5739		saved_cp->rlec &= ~SCP_DSENSE;
5740		lun->flags &= ~CTL_LUN_SENSE_DESC;
5741		set_ua = 1;
5742	}
5743	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5744	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5745		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5746		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5747		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5748		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5749		set_ua = 1;
5750	}
5751	if ((current_cp->eca_and_aen & SCP_SWP) !=
5752	    (user_cp->eca_and_aen & SCP_SWP)) {
5753		current_cp->eca_and_aen &= ~SCP_SWP;
5754		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5755		saved_cp->eca_and_aen &= ~SCP_SWP;
5756		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5757		set_ua = 1;
5758	}
5759	if (set_ua != 0)
5760		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5761	mtx_unlock(&lun->lun_lock);
5762
5763	return (0);
5764}
5765
5766int
5767ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5768		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5769{
5770	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5771	struct ctl_lun *lun;
5772	int set_ua;
5773	uint32_t initidx;
5774
5775	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5776	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5777	set_ua = 0;
5778
5779	user_cp = (struct scsi_caching_page *)page_ptr;
5780	current_cp = (struct scsi_caching_page *)
5781		(page_index->page_data + (page_index->page_len *
5782		CTL_PAGE_CURRENT));
5783	saved_cp = (struct scsi_caching_page *)
5784		(page_index->page_data + (page_index->page_len *
5785		CTL_PAGE_SAVED));
5786
5787	mtx_lock(&lun->lun_lock);
5788	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5789	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5790		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5791		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5792		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5793		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5794		set_ua = 1;
5795	}
5796	if (set_ua != 0)
5797		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5798	mtx_unlock(&lun->lun_lock);
5799
5800	return (0);
5801}
5802
5803int
5804ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5805				struct ctl_page_index *page_index,
5806				uint8_t *page_ptr)
5807{
5808	uint8_t *c;
5809	int i;
5810
5811	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5812	ctl_time_io_secs =
5813		(c[0] << 8) |
5814		(c[1] << 0) |
5815		0;
5816	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5817	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5818	printf("page data:");
5819	for (i=0; i<8; i++)
5820		printf(" %.2x",page_ptr[i]);
5821	printf("\n");
5822	return (0);
5823}
5824
5825int
5826ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5827			       struct ctl_page_index *page_index,
5828			       int pc)
5829{
5830	struct copan_debugconf_subpage *page;
5831
5832	page = (struct copan_debugconf_subpage *)page_index->page_data +
5833		(page_index->page_len * pc);
5834
5835	switch (pc) {
5836	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5837	case SMS_PAGE_CTRL_DEFAULT >> 6:
5838	case SMS_PAGE_CTRL_SAVED >> 6:
5839		/*
5840		 * We don't update the changable or default bits for this page.
5841		 */
5842		break;
5843	case SMS_PAGE_CTRL_CURRENT >> 6:
5844		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5845		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5846		break;
5847	default:
5848#ifdef NEEDTOPORT
5849		EPRINT(0, "Invalid PC %d!!", pc);
5850#endif /* NEEDTOPORT */
5851		break;
5852	}
5853	return (0);
5854}
5855
5856
5857static int
5858ctl_do_mode_select(union ctl_io *io)
5859{
5860	struct scsi_mode_page_header *page_header;
5861	struct ctl_page_index *page_index;
5862	struct ctl_scsiio *ctsio;
5863	int control_dev, page_len;
5864	int page_len_offset, page_len_size;
5865	union ctl_modepage_info *modepage_info;
5866	struct ctl_lun *lun;
5867	int *len_left, *len_used;
5868	int retval, i;
5869
5870	ctsio = &io->scsiio;
5871	page_index = NULL;
5872	page_len = 0;
5873	retval = CTL_RETVAL_COMPLETE;
5874
5875	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5876
5877	if (lun->be_lun->lun_type != T_DIRECT)
5878		control_dev = 1;
5879	else
5880		control_dev = 0;
5881
5882	modepage_info = (union ctl_modepage_info *)
5883		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5884	len_left = &modepage_info->header.len_left;
5885	len_used = &modepage_info->header.len_used;
5886
5887do_next_page:
5888
5889	page_header = (struct scsi_mode_page_header *)
5890		(ctsio->kern_data_ptr + *len_used);
5891
5892	if (*len_left == 0) {
5893		free(ctsio->kern_data_ptr, M_CTL);
5894		ctl_set_success(ctsio);
5895		ctl_done((union ctl_io *)ctsio);
5896		return (CTL_RETVAL_COMPLETE);
5897	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5898
5899		free(ctsio->kern_data_ptr, M_CTL);
5900		ctl_set_param_len_error(ctsio);
5901		ctl_done((union ctl_io *)ctsio);
5902		return (CTL_RETVAL_COMPLETE);
5903
5904	} else if ((page_header->page_code & SMPH_SPF)
5905		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5906
5907		free(ctsio->kern_data_ptr, M_CTL);
5908		ctl_set_param_len_error(ctsio);
5909		ctl_done((union ctl_io *)ctsio);
5910		return (CTL_RETVAL_COMPLETE);
5911	}
5912
5913
5914	/*
5915	 * XXX KDM should we do something with the block descriptor?
5916	 */
5917	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5918
5919		if ((control_dev != 0)
5920		 && (lun->mode_pages.index[i].page_flags &
5921		     CTL_PAGE_FLAG_DISK_ONLY))
5922			continue;
5923
5924		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5925		    (page_header->page_code & SMPH_PC_MASK))
5926			continue;
5927
5928		/*
5929		 * If neither page has a subpage code, then we've got a
5930		 * match.
5931		 */
5932		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5933		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5934			page_index = &lun->mode_pages.index[i];
5935			page_len = page_header->page_length;
5936			break;
5937		}
5938
5939		/*
5940		 * If both pages have subpages, then the subpage numbers
5941		 * have to match.
5942		 */
5943		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5944		  && (page_header->page_code & SMPH_SPF)) {
5945			struct scsi_mode_page_header_sp *sph;
5946
5947			sph = (struct scsi_mode_page_header_sp *)page_header;
5948
5949			if (lun->mode_pages.index[i].subpage ==
5950			    sph->subpage) {
5951				page_index = &lun->mode_pages.index[i];
5952				page_len = scsi_2btoul(sph->page_length);
5953				break;
5954			}
5955		}
5956	}
5957
5958	/*
5959	 * If we couldn't find the page, or if we don't have a mode select
5960	 * handler for it, send back an error to the user.
5961	 */
5962	if ((page_index == NULL)
5963	 || (page_index->select_handler == NULL)) {
5964		ctl_set_invalid_field(ctsio,
5965				      /*sks_valid*/ 1,
5966				      /*command*/ 0,
5967				      /*field*/ *len_used,
5968				      /*bit_valid*/ 0,
5969				      /*bit*/ 0);
5970		free(ctsio->kern_data_ptr, M_CTL);
5971		ctl_done((union ctl_io *)ctsio);
5972		return (CTL_RETVAL_COMPLETE);
5973	}
5974
5975	if (page_index->page_code & SMPH_SPF) {
5976		page_len_offset = 2;
5977		page_len_size = 2;
5978	} else {
5979		page_len_size = 1;
5980		page_len_offset = 1;
5981	}
5982
5983	/*
5984	 * If the length the initiator gives us isn't the one we specify in
5985	 * the mode page header, or if they didn't specify enough data in
5986	 * the CDB to avoid truncating this page, kick out the request.
5987	 */
5988	if ((page_len != (page_index->page_len - page_len_offset -
5989			  page_len_size))
5990	 || (*len_left < page_index->page_len)) {
5991
5992
5993		ctl_set_invalid_field(ctsio,
5994				      /*sks_valid*/ 1,
5995				      /*command*/ 0,
5996				      /*field*/ *len_used + page_len_offset,
5997				      /*bit_valid*/ 0,
5998				      /*bit*/ 0);
5999		free(ctsio->kern_data_ptr, M_CTL);
6000		ctl_done((union ctl_io *)ctsio);
6001		return (CTL_RETVAL_COMPLETE);
6002	}
6003
6004	/*
6005	 * Run through the mode page, checking to make sure that the bits
6006	 * the user changed are actually legal for him to change.
6007	 */
6008	for (i = 0; i < page_index->page_len; i++) {
6009		uint8_t *user_byte, *change_mask, *current_byte;
6010		int bad_bit;
6011		int j;
6012
6013		user_byte = (uint8_t *)page_header + i;
6014		change_mask = page_index->page_data +
6015			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6016		current_byte = page_index->page_data +
6017			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6018
6019		/*
6020		 * Check to see whether the user set any bits in this byte
6021		 * that he is not allowed to set.
6022		 */
6023		if ((*user_byte & ~(*change_mask)) ==
6024		    (*current_byte & ~(*change_mask)))
6025			continue;
6026
6027		/*
6028		 * Go through bit by bit to determine which one is illegal.
6029		 */
6030		bad_bit = 0;
6031		for (j = 7; j >= 0; j--) {
6032			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6033			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6034				bad_bit = i;
6035				break;
6036			}
6037		}
6038		ctl_set_invalid_field(ctsio,
6039				      /*sks_valid*/ 1,
6040				      /*command*/ 0,
6041				      /*field*/ *len_used + i,
6042				      /*bit_valid*/ 1,
6043				      /*bit*/ bad_bit);
6044		free(ctsio->kern_data_ptr, M_CTL);
6045		ctl_done((union ctl_io *)ctsio);
6046		return (CTL_RETVAL_COMPLETE);
6047	}
6048
6049	/*
6050	 * Decrement these before we call the page handler, since we may
6051	 * end up getting called back one way or another before the handler
6052	 * returns to this context.
6053	 */
6054	*len_left -= page_index->page_len;
6055	*len_used += page_index->page_len;
6056
6057	retval = page_index->select_handler(ctsio, page_index,
6058					    (uint8_t *)page_header);
6059
6060	/*
6061	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6062	 * wait until this queued command completes to finish processing
6063	 * the mode page.  If it returns anything other than
6064	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6065	 * already set the sense information, freed the data pointer, and
6066	 * completed the io for us.
6067	 */
6068	if (retval != CTL_RETVAL_COMPLETE)
6069		goto bailout_no_done;
6070
6071	/*
6072	 * If the initiator sent us more than one page, parse the next one.
6073	 */
6074	if (*len_left > 0)
6075		goto do_next_page;
6076
6077	ctl_set_success(ctsio);
6078	free(ctsio->kern_data_ptr, M_CTL);
6079	ctl_done((union ctl_io *)ctsio);
6080
6081bailout_no_done:
6082
6083	return (CTL_RETVAL_COMPLETE);
6084
6085}
6086
6087int
6088ctl_mode_select(struct ctl_scsiio *ctsio)
6089{
6090	int param_len, pf, sp;
6091	int header_size, bd_len;
6092	int len_left, len_used;
6093	struct ctl_page_index *page_index;
6094	struct ctl_lun *lun;
6095	int control_dev, page_len;
6096	union ctl_modepage_info *modepage_info;
6097	int retval;
6098
6099	pf = 0;
6100	sp = 0;
6101	page_len = 0;
6102	len_used = 0;
6103	len_left = 0;
6104	retval = 0;
6105	bd_len = 0;
6106	page_index = NULL;
6107
6108	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6109
6110	if (lun->be_lun->lun_type != T_DIRECT)
6111		control_dev = 1;
6112	else
6113		control_dev = 0;
6114
6115	switch (ctsio->cdb[0]) {
6116	case MODE_SELECT_6: {
6117		struct scsi_mode_select_6 *cdb;
6118
6119		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6120
6121		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6122		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6123
6124		param_len = cdb->length;
6125		header_size = sizeof(struct scsi_mode_header_6);
6126		break;
6127	}
6128	case MODE_SELECT_10: {
6129		struct scsi_mode_select_10 *cdb;
6130
6131		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6132
6133		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6134		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6135
6136		param_len = scsi_2btoul(cdb->length);
6137		header_size = sizeof(struct scsi_mode_header_10);
6138		break;
6139	}
6140	default:
6141		ctl_set_invalid_opcode(ctsio);
6142		ctl_done((union ctl_io *)ctsio);
6143		return (CTL_RETVAL_COMPLETE);
6144		break; /* NOTREACHED */
6145	}
6146
6147	/*
6148	 * From SPC-3:
6149	 * "A parameter list length of zero indicates that the Data-Out Buffer
6150	 * shall be empty. This condition shall not be considered as an error."
6151	 */
6152	if (param_len == 0) {
6153		ctl_set_success(ctsio);
6154		ctl_done((union ctl_io *)ctsio);
6155		return (CTL_RETVAL_COMPLETE);
6156	}
6157
6158	/*
6159	 * Since we'll hit this the first time through, prior to
6160	 * allocation, we don't need to free a data buffer here.
6161	 */
6162	if (param_len < header_size) {
6163		ctl_set_param_len_error(ctsio);
6164		ctl_done((union ctl_io *)ctsio);
6165		return (CTL_RETVAL_COMPLETE);
6166	}
6167
6168	/*
6169	 * Allocate the data buffer and grab the user's data.  In theory,
6170	 * we shouldn't have to sanity check the parameter list length here
6171	 * because the maximum size is 64K.  We should be able to malloc
6172	 * that much without too many problems.
6173	 */
6174	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6175		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6176		ctsio->kern_data_len = param_len;
6177		ctsio->kern_total_len = param_len;
6178		ctsio->kern_data_resid = 0;
6179		ctsio->kern_rel_offset = 0;
6180		ctsio->kern_sg_entries = 0;
6181		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6182		ctsio->be_move_done = ctl_config_move_done;
6183		ctl_datamove((union ctl_io *)ctsio);
6184
6185		return (CTL_RETVAL_COMPLETE);
6186	}
6187
6188	switch (ctsio->cdb[0]) {
6189	case MODE_SELECT_6: {
6190		struct scsi_mode_header_6 *mh6;
6191
6192		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6193		bd_len = mh6->blk_desc_len;
6194		break;
6195	}
6196	case MODE_SELECT_10: {
6197		struct scsi_mode_header_10 *mh10;
6198
6199		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6200		bd_len = scsi_2btoul(mh10->blk_desc_len);
6201		break;
6202	}
6203	default:
6204		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6205		break;
6206	}
6207
6208	if (param_len < (header_size + bd_len)) {
6209		free(ctsio->kern_data_ptr, M_CTL);
6210		ctl_set_param_len_error(ctsio);
6211		ctl_done((union ctl_io *)ctsio);
6212		return (CTL_RETVAL_COMPLETE);
6213	}
6214
6215	/*
6216	 * Set the IO_CONT flag, so that if this I/O gets passed to
6217	 * ctl_config_write_done(), it'll get passed back to
6218	 * ctl_do_mode_select() for further processing, or completion if
6219	 * we're all done.
6220	 */
6221	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6222	ctsio->io_cont = ctl_do_mode_select;
6223
6224	modepage_info = (union ctl_modepage_info *)
6225		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6226
6227	memset(modepage_info, 0, sizeof(*modepage_info));
6228
6229	len_left = param_len - header_size - bd_len;
6230	len_used = header_size + bd_len;
6231
6232	modepage_info->header.len_left = len_left;
6233	modepage_info->header.len_used = len_used;
6234
6235	return (ctl_do_mode_select((union ctl_io *)ctsio));
6236}
6237
6238int
6239ctl_mode_sense(struct ctl_scsiio *ctsio)
6240{
6241	struct ctl_lun *lun;
6242	int pc, page_code, dbd, llba, subpage;
6243	int alloc_len, page_len, header_len, total_len;
6244	struct scsi_mode_block_descr *block_desc;
6245	struct ctl_page_index *page_index;
6246	int control_dev;
6247
6248	dbd = 0;
6249	llba = 0;
6250	block_desc = NULL;
6251	page_index = NULL;
6252
6253	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6254
6255	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6256
6257	if (lun->be_lun->lun_type != T_DIRECT)
6258		control_dev = 1;
6259	else
6260		control_dev = 0;
6261
6262	switch (ctsio->cdb[0]) {
6263	case MODE_SENSE_6: {
6264		struct scsi_mode_sense_6 *cdb;
6265
6266		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6267
6268		header_len = sizeof(struct scsi_mode_hdr_6);
6269		if (cdb->byte2 & SMS_DBD)
6270			dbd = 1;
6271		else
6272			header_len += sizeof(struct scsi_mode_block_descr);
6273
6274		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6275		page_code = cdb->page & SMS_PAGE_CODE;
6276		subpage = cdb->subpage;
6277		alloc_len = cdb->length;
6278		break;
6279	}
6280	case MODE_SENSE_10: {
6281		struct scsi_mode_sense_10 *cdb;
6282
6283		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6284
6285		header_len = sizeof(struct scsi_mode_hdr_10);
6286
6287		if (cdb->byte2 & SMS_DBD)
6288			dbd = 1;
6289		else
6290			header_len += sizeof(struct scsi_mode_block_descr);
6291		if (cdb->byte2 & SMS10_LLBAA)
6292			llba = 1;
6293		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6294		page_code = cdb->page & SMS_PAGE_CODE;
6295		subpage = cdb->subpage;
6296		alloc_len = scsi_2btoul(cdb->length);
6297		break;
6298	}
6299	default:
6300		ctl_set_invalid_opcode(ctsio);
6301		ctl_done((union ctl_io *)ctsio);
6302		return (CTL_RETVAL_COMPLETE);
6303		break; /* NOTREACHED */
6304	}
6305
6306	/*
6307	 * We have to make a first pass through to calculate the size of
6308	 * the pages that match the user's query.  Then we allocate enough
6309	 * memory to hold it, and actually copy the data into the buffer.
6310	 */
6311	switch (page_code) {
6312	case SMS_ALL_PAGES_PAGE: {
6313		int i;
6314
6315		page_len = 0;
6316
6317		/*
6318		 * At the moment, values other than 0 and 0xff here are
6319		 * reserved according to SPC-3.
6320		 */
6321		if ((subpage != SMS_SUBPAGE_PAGE_0)
6322		 && (subpage != SMS_SUBPAGE_ALL)) {
6323			ctl_set_invalid_field(ctsio,
6324					      /*sks_valid*/ 1,
6325					      /*command*/ 1,
6326					      /*field*/ 3,
6327					      /*bit_valid*/ 0,
6328					      /*bit*/ 0);
6329			ctl_done((union ctl_io *)ctsio);
6330			return (CTL_RETVAL_COMPLETE);
6331		}
6332
6333		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6334			if ((control_dev != 0)
6335			 && (lun->mode_pages.index[i].page_flags &
6336			     CTL_PAGE_FLAG_DISK_ONLY))
6337				continue;
6338
6339			/*
6340			 * We don't use this subpage if the user didn't
6341			 * request all subpages.
6342			 */
6343			if ((lun->mode_pages.index[i].subpage != 0)
6344			 && (subpage == SMS_SUBPAGE_PAGE_0))
6345				continue;
6346
6347#if 0
6348			printf("found page %#x len %d\n",
6349			       lun->mode_pages.index[i].page_code &
6350			       SMPH_PC_MASK,
6351			       lun->mode_pages.index[i].page_len);
6352#endif
6353			page_len += lun->mode_pages.index[i].page_len;
6354		}
6355		break;
6356	}
6357	default: {
6358		int i;
6359
6360		page_len = 0;
6361
6362		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6363			/* Look for the right page code */
6364			if ((lun->mode_pages.index[i].page_code &
6365			     SMPH_PC_MASK) != page_code)
6366				continue;
6367
6368			/* Look for the right subpage or the subpage wildcard*/
6369			if ((lun->mode_pages.index[i].subpage != subpage)
6370			 && (subpage != SMS_SUBPAGE_ALL))
6371				continue;
6372
6373			/* Make sure the page is supported for this dev type */
6374			if ((control_dev != 0)
6375			 && (lun->mode_pages.index[i].page_flags &
6376			     CTL_PAGE_FLAG_DISK_ONLY))
6377				continue;
6378
6379#if 0
6380			printf("found page %#x len %d\n",
6381			       lun->mode_pages.index[i].page_code &
6382			       SMPH_PC_MASK,
6383			       lun->mode_pages.index[i].page_len);
6384#endif
6385
6386			page_len += lun->mode_pages.index[i].page_len;
6387		}
6388
6389		if (page_len == 0) {
6390			ctl_set_invalid_field(ctsio,
6391					      /*sks_valid*/ 1,
6392					      /*command*/ 1,
6393					      /*field*/ 2,
6394					      /*bit_valid*/ 1,
6395					      /*bit*/ 5);
6396			ctl_done((union ctl_io *)ctsio);
6397			return (CTL_RETVAL_COMPLETE);
6398		}
6399		break;
6400	}
6401	}
6402
6403	total_len = header_len + page_len;
6404#if 0
6405	printf("header_len = %d, page_len = %d, total_len = %d\n",
6406	       header_len, page_len, total_len);
6407#endif
6408
6409	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6410	ctsio->kern_sg_entries = 0;
6411	ctsio->kern_data_resid = 0;
6412	ctsio->kern_rel_offset = 0;
6413	if (total_len < alloc_len) {
6414		ctsio->residual = alloc_len - total_len;
6415		ctsio->kern_data_len = total_len;
6416		ctsio->kern_total_len = total_len;
6417	} else {
6418		ctsio->residual = 0;
6419		ctsio->kern_data_len = alloc_len;
6420		ctsio->kern_total_len = alloc_len;
6421	}
6422
6423	switch (ctsio->cdb[0]) {
6424	case MODE_SENSE_6: {
6425		struct scsi_mode_hdr_6 *header;
6426
6427		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6428
6429		header->datalen = MIN(total_len - 1, 254);
6430		if (control_dev == 0) {
6431			header->dev_specific = 0x10; /* DPOFUA */
6432			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6433			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6434			    .eca_and_aen & SCP_SWP) != 0)
6435				    header->dev_specific |= 0x80; /* WP */
6436		}
6437		if (dbd)
6438			header->block_descr_len = 0;
6439		else
6440			header->block_descr_len =
6441				sizeof(struct scsi_mode_block_descr);
6442		block_desc = (struct scsi_mode_block_descr *)&header[1];
6443		break;
6444	}
6445	case MODE_SENSE_10: {
6446		struct scsi_mode_hdr_10 *header;
6447		int datalen;
6448
6449		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6450
6451		datalen = MIN(total_len - 2, 65533);
6452		scsi_ulto2b(datalen, header->datalen);
6453		if (control_dev == 0) {
6454			header->dev_specific = 0x10; /* DPOFUA */
6455			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6456			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6457			    .eca_and_aen & SCP_SWP) != 0)
6458				    header->dev_specific |= 0x80; /* WP */
6459		}
6460		if (dbd)
6461			scsi_ulto2b(0, header->block_descr_len);
6462		else
6463			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6464				    header->block_descr_len);
6465		block_desc = (struct scsi_mode_block_descr *)&header[1];
6466		break;
6467	}
6468	default:
6469		panic("invalid CDB type %#x", ctsio->cdb[0]);
6470		break; /* NOTREACHED */
6471	}
6472
6473	/*
6474	 * If we've got a disk, use its blocksize in the block
6475	 * descriptor.  Otherwise, just set it to 0.
6476	 */
6477	if (dbd == 0) {
6478		if (control_dev == 0)
6479			scsi_ulto3b(lun->be_lun->blocksize,
6480				    block_desc->block_len);
6481		else
6482			scsi_ulto3b(0, block_desc->block_len);
6483	}
6484
6485	switch (page_code) {
6486	case SMS_ALL_PAGES_PAGE: {
6487		int i, data_used;
6488
6489		data_used = header_len;
6490		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6491			struct ctl_page_index *page_index;
6492
6493			page_index = &lun->mode_pages.index[i];
6494
6495			if ((control_dev != 0)
6496			 && (page_index->page_flags &
6497			    CTL_PAGE_FLAG_DISK_ONLY))
6498				continue;
6499
6500			/*
6501			 * We don't use this subpage if the user didn't
6502			 * request all subpages.  We already checked (above)
6503			 * to make sure the user only specified a subpage
6504			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6505			 */
6506			if ((page_index->subpage != 0)
6507			 && (subpage == SMS_SUBPAGE_PAGE_0))
6508				continue;
6509
6510			/*
6511			 * Call the handler, if it exists, to update the
6512			 * page to the latest values.
6513			 */
6514			if (page_index->sense_handler != NULL)
6515				page_index->sense_handler(ctsio, page_index,pc);
6516
6517			memcpy(ctsio->kern_data_ptr + data_used,
6518			       page_index->page_data +
6519			       (page_index->page_len * pc),
6520			       page_index->page_len);
6521			data_used += page_index->page_len;
6522		}
6523		break;
6524	}
6525	default: {
6526		int i, data_used;
6527
6528		data_used = header_len;
6529
6530		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6531			struct ctl_page_index *page_index;
6532
6533			page_index = &lun->mode_pages.index[i];
6534
6535			/* Look for the right page code */
6536			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6537				continue;
6538
6539			/* Look for the right subpage or the subpage wildcard*/
6540			if ((page_index->subpage != subpage)
6541			 && (subpage != SMS_SUBPAGE_ALL))
6542				continue;
6543
6544			/* Make sure the page is supported for this dev type */
6545			if ((control_dev != 0)
6546			 && (page_index->page_flags &
6547			     CTL_PAGE_FLAG_DISK_ONLY))
6548				continue;
6549
6550			/*
6551			 * Call the handler, if it exists, to update the
6552			 * page to the latest values.
6553			 */
6554			if (page_index->sense_handler != NULL)
6555				page_index->sense_handler(ctsio, page_index,pc);
6556
6557			memcpy(ctsio->kern_data_ptr + data_used,
6558			       page_index->page_data +
6559			       (page_index->page_len * pc),
6560			       page_index->page_len);
6561			data_used += page_index->page_len;
6562		}
6563		break;
6564	}
6565	}
6566
6567	ctl_set_success(ctsio);
6568	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6569	ctsio->be_move_done = ctl_config_move_done;
6570	ctl_datamove((union ctl_io *)ctsio);
6571	return (CTL_RETVAL_COMPLETE);
6572}
6573
6574int
6575ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6576			       struct ctl_page_index *page_index,
6577			       int pc)
6578{
6579	struct ctl_lun *lun;
6580	struct scsi_log_param_header *phdr;
6581	uint8_t *data;
6582	uint64_t val;
6583
6584	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6585	data = page_index->page_data;
6586
6587	if (lun->backend->lun_attr != NULL &&
6588	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6589	     != UINT64_MAX) {
6590		phdr = (struct scsi_log_param_header *)data;
6591		scsi_ulto2b(0x0001, phdr->param_code);
6592		phdr->param_control = SLP_LBIN | SLP_LP;
6593		phdr->param_len = 8;
6594		data = (uint8_t *)(phdr + 1);
6595		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6596		data[4] = 0x02; /* per-pool */
6597		data += phdr->param_len;
6598	}
6599
6600	if (lun->backend->lun_attr != NULL &&
6601	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6602	     != UINT64_MAX) {
6603		phdr = (struct scsi_log_param_header *)data;
6604		scsi_ulto2b(0x0002, phdr->param_code);
6605		phdr->param_control = SLP_LBIN | SLP_LP;
6606		phdr->param_len = 8;
6607		data = (uint8_t *)(phdr + 1);
6608		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6609		data[4] = 0x01; /* per-LUN */
6610		data += phdr->param_len;
6611	}
6612
6613	if (lun->backend->lun_attr != NULL &&
6614	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6615	     != UINT64_MAX) {
6616		phdr = (struct scsi_log_param_header *)data;
6617		scsi_ulto2b(0x00f1, phdr->param_code);
6618		phdr->param_control = SLP_LBIN | SLP_LP;
6619		phdr->param_len = 8;
6620		data = (uint8_t *)(phdr + 1);
6621		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6622		data[4] = 0x02; /* per-pool */
6623		data += phdr->param_len;
6624	}
6625
6626	if (lun->backend->lun_attr != NULL &&
6627	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6628	     != UINT64_MAX) {
6629		phdr = (struct scsi_log_param_header *)data;
6630		scsi_ulto2b(0x00f2, phdr->param_code);
6631		phdr->param_control = SLP_LBIN | SLP_LP;
6632		phdr->param_len = 8;
6633		data = (uint8_t *)(phdr + 1);
6634		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6635		data[4] = 0x02; /* per-pool */
6636		data += phdr->param_len;
6637	}
6638
6639	page_index->page_len = data - page_index->page_data;
6640	return (0);
6641}
6642
6643int
6644ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6645			       struct ctl_page_index *page_index,
6646			       int pc)
6647{
6648	struct ctl_lun *lun;
6649	struct stat_page *data;
6650	uint64_t rn, wn, rb, wb;
6651	struct bintime rt, wt;
6652	int i;
6653
6654	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6655	data = (struct stat_page *)page_index->page_data;
6656
6657	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6658	data->sap.hdr.param_control = SLP_LBIN;
6659	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6660	    sizeof(struct scsi_log_param_header);
6661	rn = wn = rb = wb = 0;
6662	bintime_clear(&rt);
6663	bintime_clear(&wt);
6664	for (i = 0; i < CTL_MAX_PORTS; i++) {
6665		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6666		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6667		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6668		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6669		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6670		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6671	}
6672	scsi_u64to8b(rn, data->sap.read_num);
6673	scsi_u64to8b(wn, data->sap.write_num);
6674	if (lun->stats.blocksize > 0) {
6675		scsi_u64to8b(wb / lun->stats.blocksize,
6676		    data->sap.recvieved_lba);
6677		scsi_u64to8b(rb / lun->stats.blocksize,
6678		    data->sap.transmitted_lba);
6679	}
6680	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6681	    data->sap.read_int);
6682	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6683	    data->sap.write_int);
6684	scsi_u64to8b(0, data->sap.weighted_num);
6685	scsi_u64to8b(0, data->sap.weighted_int);
6686	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6687	data->it.hdr.param_control = SLP_LBIN;
6688	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6689	    sizeof(struct scsi_log_param_header);
6690#ifdef CTL_TIME_IO
6691	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6692#endif
6693	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6694	data->it.hdr.param_control = SLP_LBIN;
6695	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6696	    sizeof(struct scsi_log_param_header);
6697	scsi_ulto4b(3, data->ti.exponent);
6698	scsi_ulto4b(1, data->ti.integer);
6699
6700	page_index->page_len = sizeof(*data);
6701	return (0);
6702}
6703
6704int
6705ctl_log_sense(struct ctl_scsiio *ctsio)
6706{
6707	struct ctl_lun *lun;
6708	int i, pc, page_code, subpage;
6709	int alloc_len, total_len;
6710	struct ctl_page_index *page_index;
6711	struct scsi_log_sense *cdb;
6712	struct scsi_log_header *header;
6713
6714	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6715
6716	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6717	cdb = (struct scsi_log_sense *)ctsio->cdb;
6718	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6719	page_code = cdb->page & SLS_PAGE_CODE;
6720	subpage = cdb->subpage;
6721	alloc_len = scsi_2btoul(cdb->length);
6722
6723	page_index = NULL;
6724	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6725		page_index = &lun->log_pages.index[i];
6726
6727		/* Look for the right page code */
6728		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6729			continue;
6730
6731		/* Look for the right subpage or the subpage wildcard*/
6732		if (page_index->subpage != subpage)
6733			continue;
6734
6735		break;
6736	}
6737	if (i >= CTL_NUM_LOG_PAGES) {
6738		ctl_set_invalid_field(ctsio,
6739				      /*sks_valid*/ 1,
6740				      /*command*/ 1,
6741				      /*field*/ 2,
6742				      /*bit_valid*/ 0,
6743				      /*bit*/ 0);
6744		ctl_done((union ctl_io *)ctsio);
6745		return (CTL_RETVAL_COMPLETE);
6746	}
6747
6748	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6749
6750	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6751	ctsio->kern_sg_entries = 0;
6752	ctsio->kern_data_resid = 0;
6753	ctsio->kern_rel_offset = 0;
6754	if (total_len < alloc_len) {
6755		ctsio->residual = alloc_len - total_len;
6756		ctsio->kern_data_len = total_len;
6757		ctsio->kern_total_len = total_len;
6758	} else {
6759		ctsio->residual = 0;
6760		ctsio->kern_data_len = alloc_len;
6761		ctsio->kern_total_len = alloc_len;
6762	}
6763
6764	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6765	header->page = page_index->page_code;
6766	if (page_index->subpage) {
6767		header->page |= SL_SPF;
6768		header->subpage = page_index->subpage;
6769	}
6770	scsi_ulto2b(page_index->page_len, header->datalen);
6771
6772	/*
6773	 * Call the handler, if it exists, to update the
6774	 * page to the latest values.
6775	 */
6776	if (page_index->sense_handler != NULL)
6777		page_index->sense_handler(ctsio, page_index, pc);
6778
6779	memcpy(header + 1, page_index->page_data, page_index->page_len);
6780
6781	ctl_set_success(ctsio);
6782	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6783	ctsio->be_move_done = ctl_config_move_done;
6784	ctl_datamove((union ctl_io *)ctsio);
6785	return (CTL_RETVAL_COMPLETE);
6786}
6787
6788int
6789ctl_read_capacity(struct ctl_scsiio *ctsio)
6790{
6791	struct scsi_read_capacity *cdb;
6792	struct scsi_read_capacity_data *data;
6793	struct ctl_lun *lun;
6794	uint32_t lba;
6795
6796	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6797
6798	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6799
6800	lba = scsi_4btoul(cdb->addr);
6801	if (((cdb->pmi & SRC_PMI) == 0)
6802	 && (lba != 0)) {
6803		ctl_set_invalid_field(/*ctsio*/ ctsio,
6804				      /*sks_valid*/ 1,
6805				      /*command*/ 1,
6806				      /*field*/ 2,
6807				      /*bit_valid*/ 0,
6808				      /*bit*/ 0);
6809		ctl_done((union ctl_io *)ctsio);
6810		return (CTL_RETVAL_COMPLETE);
6811	}
6812
6813	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6814
6815	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6816	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6817	ctsio->residual = 0;
6818	ctsio->kern_data_len = sizeof(*data);
6819	ctsio->kern_total_len = sizeof(*data);
6820	ctsio->kern_data_resid = 0;
6821	ctsio->kern_rel_offset = 0;
6822	ctsio->kern_sg_entries = 0;
6823
6824	/*
6825	 * If the maximum LBA is greater than 0xfffffffe, the user must
6826	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6827	 * serivce action set.
6828	 */
6829	if (lun->be_lun->maxlba > 0xfffffffe)
6830		scsi_ulto4b(0xffffffff, data->addr);
6831	else
6832		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6833
6834	/*
6835	 * XXX KDM this may not be 512 bytes...
6836	 */
6837	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6838
6839	ctl_set_success(ctsio);
6840	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6841	ctsio->be_move_done = ctl_config_move_done;
6842	ctl_datamove((union ctl_io *)ctsio);
6843	return (CTL_RETVAL_COMPLETE);
6844}
6845
6846int
6847ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6848{
6849	struct scsi_read_capacity_16 *cdb;
6850	struct scsi_read_capacity_data_long *data;
6851	struct ctl_lun *lun;
6852	uint64_t lba;
6853	uint32_t alloc_len;
6854
6855	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6856
6857	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6858
6859	alloc_len = scsi_4btoul(cdb->alloc_len);
6860	lba = scsi_8btou64(cdb->addr);
6861
6862	if ((cdb->reladr & SRC16_PMI)
6863	 && (lba != 0)) {
6864		ctl_set_invalid_field(/*ctsio*/ ctsio,
6865				      /*sks_valid*/ 1,
6866				      /*command*/ 1,
6867				      /*field*/ 2,
6868				      /*bit_valid*/ 0,
6869				      /*bit*/ 0);
6870		ctl_done((union ctl_io *)ctsio);
6871		return (CTL_RETVAL_COMPLETE);
6872	}
6873
6874	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6875
6876	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6877	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6878
6879	if (sizeof(*data) < alloc_len) {
6880		ctsio->residual = alloc_len - sizeof(*data);
6881		ctsio->kern_data_len = sizeof(*data);
6882		ctsio->kern_total_len = sizeof(*data);
6883	} else {
6884		ctsio->residual = 0;
6885		ctsio->kern_data_len = alloc_len;
6886		ctsio->kern_total_len = alloc_len;
6887	}
6888	ctsio->kern_data_resid = 0;
6889	ctsio->kern_rel_offset = 0;
6890	ctsio->kern_sg_entries = 0;
6891
6892	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6893	/* XXX KDM this may not be 512 bytes... */
6894	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6895	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6896	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6897	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6898		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6899
6900	ctl_set_success(ctsio);
6901	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6902	ctsio->be_move_done = ctl_config_move_done;
6903	ctl_datamove((union ctl_io *)ctsio);
6904	return (CTL_RETVAL_COMPLETE);
6905}
6906
6907int
6908ctl_get_lba_status(struct ctl_scsiio *ctsio)
6909{
6910	struct scsi_get_lba_status *cdb;
6911	struct scsi_get_lba_status_data *data;
6912	struct ctl_lun *lun;
6913	struct ctl_lba_len_flags *lbalen;
6914	uint64_t lba;
6915	uint32_t alloc_len, total_len;
6916	int retval;
6917
6918	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6919
6920	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6921	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6922	lba = scsi_8btou64(cdb->addr);
6923	alloc_len = scsi_4btoul(cdb->alloc_len);
6924
6925	if (lba > lun->be_lun->maxlba) {
6926		ctl_set_lba_out_of_range(ctsio);
6927		ctl_done((union ctl_io *)ctsio);
6928		return (CTL_RETVAL_COMPLETE);
6929	}
6930
6931	total_len = sizeof(*data) + sizeof(data->descr[0]);
6932	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6933	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6934
6935	if (total_len < alloc_len) {
6936		ctsio->residual = alloc_len - total_len;
6937		ctsio->kern_data_len = total_len;
6938		ctsio->kern_total_len = total_len;
6939	} else {
6940		ctsio->residual = 0;
6941		ctsio->kern_data_len = alloc_len;
6942		ctsio->kern_total_len = alloc_len;
6943	}
6944	ctsio->kern_data_resid = 0;
6945	ctsio->kern_rel_offset = 0;
6946	ctsio->kern_sg_entries = 0;
6947
6948	/* Fill dummy data in case backend can't tell anything. */
6949	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6950	scsi_u64to8b(lba, data->descr[0].addr);
6951	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6952	    data->descr[0].length);
6953	data->descr[0].status = 0; /* Mapped or unknown. */
6954
6955	ctl_set_success(ctsio);
6956	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6957	ctsio->be_move_done = ctl_config_move_done;
6958
6959	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6960	lbalen->lba = lba;
6961	lbalen->len = total_len;
6962	lbalen->flags = 0;
6963	retval = lun->backend->config_read((union ctl_io *)ctsio);
6964	return (CTL_RETVAL_COMPLETE);
6965}
6966
6967int
6968ctl_read_defect(struct ctl_scsiio *ctsio)
6969{
6970	struct scsi_read_defect_data_10 *ccb10;
6971	struct scsi_read_defect_data_12 *ccb12;
6972	struct scsi_read_defect_data_hdr_10 *data10;
6973	struct scsi_read_defect_data_hdr_12 *data12;
6974	uint32_t alloc_len, data_len;
6975	uint8_t format;
6976
6977	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6978
6979	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6980		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6981		format = ccb10->format;
6982		alloc_len = scsi_2btoul(ccb10->alloc_length);
6983		data_len = sizeof(*data10);
6984	} else {
6985		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6986		format = ccb12->format;
6987		alloc_len = scsi_4btoul(ccb12->alloc_length);
6988		data_len = sizeof(*data12);
6989	}
6990	if (alloc_len == 0) {
6991		ctl_set_success(ctsio);
6992		ctl_done((union ctl_io *)ctsio);
6993		return (CTL_RETVAL_COMPLETE);
6994	}
6995
6996	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6997	if (data_len < alloc_len) {
6998		ctsio->residual = alloc_len - data_len;
6999		ctsio->kern_data_len = data_len;
7000		ctsio->kern_total_len = data_len;
7001	} else {
7002		ctsio->residual = 0;
7003		ctsio->kern_data_len = alloc_len;
7004		ctsio->kern_total_len = alloc_len;
7005	}
7006	ctsio->kern_data_resid = 0;
7007	ctsio->kern_rel_offset = 0;
7008	ctsio->kern_sg_entries = 0;
7009
7010	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7011		data10 = (struct scsi_read_defect_data_hdr_10 *)
7012		    ctsio->kern_data_ptr;
7013		data10->format = format;
7014		scsi_ulto2b(0, data10->length);
7015	} else {
7016		data12 = (struct scsi_read_defect_data_hdr_12 *)
7017		    ctsio->kern_data_ptr;
7018		data12->format = format;
7019		scsi_ulto2b(0, data12->generation);
7020		scsi_ulto4b(0, data12->length);
7021	}
7022
7023	ctl_set_success(ctsio);
7024	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7025	ctsio->be_move_done = ctl_config_move_done;
7026	ctl_datamove((union ctl_io *)ctsio);
7027	return (CTL_RETVAL_COMPLETE);
7028}
7029
7030int
7031ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7032{
7033	struct scsi_maintenance_in *cdb;
7034	int retval;
7035	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7036	int num_target_port_groups, num_target_ports;
7037	struct ctl_lun *lun;
7038	struct ctl_softc *softc;
7039	struct ctl_port *port;
7040	struct scsi_target_group_data *rtg_ptr;
7041	struct scsi_target_group_data_extended *rtg_ext_ptr;
7042	struct scsi_target_port_group_descriptor *tpg_desc;
7043
7044	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7045
7046	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7047	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7048	softc = lun->ctl_softc;
7049
7050	retval = CTL_RETVAL_COMPLETE;
7051
7052	switch (cdb->byte2 & STG_PDF_MASK) {
7053	case STG_PDF_LENGTH:
7054		ext = 0;
7055		break;
7056	case STG_PDF_EXTENDED:
7057		ext = 1;
7058		break;
7059	default:
7060		ctl_set_invalid_field(/*ctsio*/ ctsio,
7061				      /*sks_valid*/ 1,
7062				      /*command*/ 1,
7063				      /*field*/ 2,
7064				      /*bit_valid*/ 1,
7065				      /*bit*/ 5);
7066		ctl_done((union ctl_io *)ctsio);
7067		return(retval);
7068	}
7069
7070	if (softc->is_single)
7071		num_target_port_groups = 1;
7072	else
7073		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7074	num_target_ports = 0;
7075	mtx_lock(&softc->ctl_lock);
7076	STAILQ_FOREACH(port, &softc->port_list, links) {
7077		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7078			continue;
7079		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7080			continue;
7081		num_target_ports++;
7082	}
7083	mtx_unlock(&softc->ctl_lock);
7084
7085	if (ext)
7086		total_len = sizeof(struct scsi_target_group_data_extended);
7087	else
7088		total_len = sizeof(struct scsi_target_group_data);
7089	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7090		num_target_port_groups +
7091	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7092
7093	alloc_len = scsi_4btoul(cdb->length);
7094
7095	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7096
7097	ctsio->kern_sg_entries = 0;
7098
7099	if (total_len < alloc_len) {
7100		ctsio->residual = alloc_len - total_len;
7101		ctsio->kern_data_len = total_len;
7102		ctsio->kern_total_len = total_len;
7103	} else {
7104		ctsio->residual = 0;
7105		ctsio->kern_data_len = alloc_len;
7106		ctsio->kern_total_len = alloc_len;
7107	}
7108	ctsio->kern_data_resid = 0;
7109	ctsio->kern_rel_offset = 0;
7110
7111	if (ext) {
7112		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7113		    ctsio->kern_data_ptr;
7114		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7115		rtg_ext_ptr->format_type = 0x10;
7116		rtg_ext_ptr->implicit_transition_time = 0;
7117		tpg_desc = &rtg_ext_ptr->groups[0];
7118	} else {
7119		rtg_ptr = (struct scsi_target_group_data *)
7120		    ctsio->kern_data_ptr;
7121		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7122		tpg_desc = &rtg_ptr->groups[0];
7123	}
7124
7125	mtx_lock(&softc->ctl_lock);
7126	pg = softc->port_min / softc->port_cnt;
7127	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7128		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7129	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7130		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7131	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7132		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7133	else
7134		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7135	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7136		os = gs;
7137		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7138	} else
7139		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7140	for (g = 0; g < num_target_port_groups; g++) {
7141		tpg_desc->pref_state = (g == pg) ? gs : os;
7142		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7143		    TPG_U_SUP | TPG_T_SUP;
7144		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7145		tpg_desc->status = TPG_IMPLICIT;
7146		pc = 0;
7147		STAILQ_FOREACH(port, &softc->port_list, links) {
7148			if (port->targ_port < g * softc->port_cnt ||
7149			    port->targ_port >= (g + 1) * softc->port_cnt)
7150				continue;
7151			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7152				continue;
7153			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7154				continue;
7155			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7156			    relative_target_port_identifier);
7157			pc++;
7158		}
7159		tpg_desc->target_port_count = pc;
7160		tpg_desc = (struct scsi_target_port_group_descriptor *)
7161		    &tpg_desc->descriptors[pc];
7162	}
7163	mtx_unlock(&softc->ctl_lock);
7164
7165	ctl_set_success(ctsio);
7166	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7167	ctsio->be_move_done = ctl_config_move_done;
7168	ctl_datamove((union ctl_io *)ctsio);
7169	return(retval);
7170}
7171
7172int
7173ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7174{
7175	struct ctl_lun *lun;
7176	struct scsi_report_supported_opcodes *cdb;
7177	const struct ctl_cmd_entry *entry, *sentry;
7178	struct scsi_report_supported_opcodes_all *all;
7179	struct scsi_report_supported_opcodes_descr *descr;
7180	struct scsi_report_supported_opcodes_one *one;
7181	int retval;
7182	int alloc_len, total_len;
7183	int opcode, service_action, i, j, num;
7184
7185	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7186
7187	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7188	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7189
7190	retval = CTL_RETVAL_COMPLETE;
7191
7192	opcode = cdb->requested_opcode;
7193	service_action = scsi_2btoul(cdb->requested_service_action);
7194	switch (cdb->options & RSO_OPTIONS_MASK) {
7195	case RSO_OPTIONS_ALL:
7196		num = 0;
7197		for (i = 0; i < 256; i++) {
7198			entry = &ctl_cmd_table[i];
7199			if (entry->flags & CTL_CMD_FLAG_SA5) {
7200				for (j = 0; j < 32; j++) {
7201					sentry = &((const struct ctl_cmd_entry *)
7202					    entry->execute)[j];
7203					if (ctl_cmd_applicable(
7204					    lun->be_lun->lun_type, sentry))
7205						num++;
7206				}
7207			} else {
7208				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7209				    entry))
7210					num++;
7211			}
7212		}
7213		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7214		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7215		break;
7216	case RSO_OPTIONS_OC:
7217		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7218			ctl_set_invalid_field(/*ctsio*/ ctsio,
7219					      /*sks_valid*/ 1,
7220					      /*command*/ 1,
7221					      /*field*/ 2,
7222					      /*bit_valid*/ 1,
7223					      /*bit*/ 2);
7224			ctl_done((union ctl_io *)ctsio);
7225			return (CTL_RETVAL_COMPLETE);
7226		}
7227		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7228		break;
7229	case RSO_OPTIONS_OC_SA:
7230		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7231		    service_action >= 32) {
7232			ctl_set_invalid_field(/*ctsio*/ ctsio,
7233					      /*sks_valid*/ 1,
7234					      /*command*/ 1,
7235					      /*field*/ 2,
7236					      /*bit_valid*/ 1,
7237					      /*bit*/ 2);
7238			ctl_done((union ctl_io *)ctsio);
7239			return (CTL_RETVAL_COMPLETE);
7240		}
7241		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7242		break;
7243	default:
7244		ctl_set_invalid_field(/*ctsio*/ ctsio,
7245				      /*sks_valid*/ 1,
7246				      /*command*/ 1,
7247				      /*field*/ 2,
7248				      /*bit_valid*/ 1,
7249				      /*bit*/ 2);
7250		ctl_done((union ctl_io *)ctsio);
7251		return (CTL_RETVAL_COMPLETE);
7252	}
7253
7254	alloc_len = scsi_4btoul(cdb->length);
7255
7256	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7257
7258	ctsio->kern_sg_entries = 0;
7259
7260	if (total_len < alloc_len) {
7261		ctsio->residual = alloc_len - total_len;
7262		ctsio->kern_data_len = total_len;
7263		ctsio->kern_total_len = total_len;
7264	} else {
7265		ctsio->residual = 0;
7266		ctsio->kern_data_len = alloc_len;
7267		ctsio->kern_total_len = alloc_len;
7268	}
7269	ctsio->kern_data_resid = 0;
7270	ctsio->kern_rel_offset = 0;
7271
7272	switch (cdb->options & RSO_OPTIONS_MASK) {
7273	case RSO_OPTIONS_ALL:
7274		all = (struct scsi_report_supported_opcodes_all *)
7275		    ctsio->kern_data_ptr;
7276		num = 0;
7277		for (i = 0; i < 256; i++) {
7278			entry = &ctl_cmd_table[i];
7279			if (entry->flags & CTL_CMD_FLAG_SA5) {
7280				for (j = 0; j < 32; j++) {
7281					sentry = &((const struct ctl_cmd_entry *)
7282					    entry->execute)[j];
7283					if (!ctl_cmd_applicable(
7284					    lun->be_lun->lun_type, sentry))
7285						continue;
7286					descr = &all->descr[num++];
7287					descr->opcode = i;
7288					scsi_ulto2b(j, descr->service_action);
7289					descr->flags = RSO_SERVACTV;
7290					scsi_ulto2b(sentry->length,
7291					    descr->cdb_length);
7292				}
7293			} else {
7294				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7295				    entry))
7296					continue;
7297				descr = &all->descr[num++];
7298				descr->opcode = i;
7299				scsi_ulto2b(0, descr->service_action);
7300				descr->flags = 0;
7301				scsi_ulto2b(entry->length, descr->cdb_length);
7302			}
7303		}
7304		scsi_ulto4b(
7305		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7306		    all->length);
7307		break;
7308	case RSO_OPTIONS_OC:
7309		one = (struct scsi_report_supported_opcodes_one *)
7310		    ctsio->kern_data_ptr;
7311		entry = &ctl_cmd_table[opcode];
7312		goto fill_one;
7313	case RSO_OPTIONS_OC_SA:
7314		one = (struct scsi_report_supported_opcodes_one *)
7315		    ctsio->kern_data_ptr;
7316		entry = &ctl_cmd_table[opcode];
7317		entry = &((const struct ctl_cmd_entry *)
7318		    entry->execute)[service_action];
7319fill_one:
7320		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7321			one->support = 3;
7322			scsi_ulto2b(entry->length, one->cdb_length);
7323			one->cdb_usage[0] = opcode;
7324			memcpy(&one->cdb_usage[1], entry->usage,
7325			    entry->length - 1);
7326		} else
7327			one->support = 1;
7328		break;
7329	}
7330
7331	ctl_set_success(ctsio);
7332	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7333	ctsio->be_move_done = ctl_config_move_done;
7334	ctl_datamove((union ctl_io *)ctsio);
7335	return(retval);
7336}
7337
7338int
7339ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7340{
7341	struct scsi_report_supported_tmf *cdb;
7342	struct scsi_report_supported_tmf_data *data;
7343	int retval;
7344	int alloc_len, total_len;
7345
7346	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7347
7348	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7349
7350	retval = CTL_RETVAL_COMPLETE;
7351
7352	total_len = sizeof(struct scsi_report_supported_tmf_data);
7353	alloc_len = scsi_4btoul(cdb->length);
7354
7355	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7356
7357	ctsio->kern_sg_entries = 0;
7358
7359	if (total_len < alloc_len) {
7360		ctsio->residual = alloc_len - total_len;
7361		ctsio->kern_data_len = total_len;
7362		ctsio->kern_total_len = total_len;
7363	} else {
7364		ctsio->residual = 0;
7365		ctsio->kern_data_len = alloc_len;
7366		ctsio->kern_total_len = alloc_len;
7367	}
7368	ctsio->kern_data_resid = 0;
7369	ctsio->kern_rel_offset = 0;
7370
7371	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7372	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7373	    RST_TRS;
7374	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7375
7376	ctl_set_success(ctsio);
7377	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7378	ctsio->be_move_done = ctl_config_move_done;
7379	ctl_datamove((union ctl_io *)ctsio);
7380	return (retval);
7381}
7382
7383int
7384ctl_report_timestamp(struct ctl_scsiio *ctsio)
7385{
7386	struct scsi_report_timestamp *cdb;
7387	struct scsi_report_timestamp_data *data;
7388	struct timeval tv;
7389	int64_t timestamp;
7390	int retval;
7391	int alloc_len, total_len;
7392
7393	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7394
7395	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7396
7397	retval = CTL_RETVAL_COMPLETE;
7398
7399	total_len = sizeof(struct scsi_report_timestamp_data);
7400	alloc_len = scsi_4btoul(cdb->length);
7401
7402	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7403
7404	ctsio->kern_sg_entries = 0;
7405
7406	if (total_len < alloc_len) {
7407		ctsio->residual = alloc_len - total_len;
7408		ctsio->kern_data_len = total_len;
7409		ctsio->kern_total_len = total_len;
7410	} else {
7411		ctsio->residual = 0;
7412		ctsio->kern_data_len = alloc_len;
7413		ctsio->kern_total_len = alloc_len;
7414	}
7415	ctsio->kern_data_resid = 0;
7416	ctsio->kern_rel_offset = 0;
7417
7418	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7419	scsi_ulto2b(sizeof(*data) - 2, data->length);
7420	data->origin = RTS_ORIG_OUTSIDE;
7421	getmicrotime(&tv);
7422	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7423	scsi_ulto4b(timestamp >> 16, data->timestamp);
7424	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7425
7426	ctl_set_success(ctsio);
7427	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7428	ctsio->be_move_done = ctl_config_move_done;
7429	ctl_datamove((union ctl_io *)ctsio);
7430	return (retval);
7431}
7432
7433int
7434ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7435{
7436	struct scsi_per_res_in *cdb;
7437	int alloc_len, total_len = 0;
7438	/* struct scsi_per_res_in_rsrv in_data; */
7439	struct ctl_lun *lun;
7440	struct ctl_softc *softc;
7441	uint64_t key;
7442
7443	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7444
7445	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7446
7447	alloc_len = scsi_2btoul(cdb->length);
7448
7449	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7450	softc = lun->ctl_softc;
7451
7452retry:
7453	mtx_lock(&lun->lun_lock);
7454	switch (cdb->action) {
7455	case SPRI_RK: /* read keys */
7456		total_len = sizeof(struct scsi_per_res_in_keys) +
7457			lun->pr_key_count *
7458			sizeof(struct scsi_per_res_key);
7459		break;
7460	case SPRI_RR: /* read reservation */
7461		if (lun->flags & CTL_LUN_PR_RESERVED)
7462			total_len = sizeof(struct scsi_per_res_in_rsrv);
7463		else
7464			total_len = sizeof(struct scsi_per_res_in_header);
7465		break;
7466	case SPRI_RC: /* report capabilities */
7467		total_len = sizeof(struct scsi_per_res_cap);
7468		break;
7469	case SPRI_RS: /* read full status */
7470		total_len = sizeof(struct scsi_per_res_in_header) +
7471		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7472		    lun->pr_key_count;
7473		break;
7474	default:
7475		panic("Invalid PR type %x", cdb->action);
7476	}
7477	mtx_unlock(&lun->lun_lock);
7478
7479	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7480
7481	if (total_len < alloc_len) {
7482		ctsio->residual = alloc_len - total_len;
7483		ctsio->kern_data_len = total_len;
7484		ctsio->kern_total_len = total_len;
7485	} else {
7486		ctsio->residual = 0;
7487		ctsio->kern_data_len = alloc_len;
7488		ctsio->kern_total_len = alloc_len;
7489	}
7490
7491	ctsio->kern_data_resid = 0;
7492	ctsio->kern_rel_offset = 0;
7493	ctsio->kern_sg_entries = 0;
7494
7495	mtx_lock(&lun->lun_lock);
7496	switch (cdb->action) {
7497	case SPRI_RK: { // read keys
7498        struct scsi_per_res_in_keys *res_keys;
7499		int i, key_count;
7500
7501		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7502
7503		/*
7504		 * We had to drop the lock to allocate our buffer, which
7505		 * leaves time for someone to come in with another
7506		 * persistent reservation.  (That is unlikely, though,
7507		 * since this should be the only persistent reservation
7508		 * command active right now.)
7509		 */
7510		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7511		    (lun->pr_key_count *
7512		     sizeof(struct scsi_per_res_key)))){
7513			mtx_unlock(&lun->lun_lock);
7514			free(ctsio->kern_data_ptr, M_CTL);
7515			printf("%s: reservation length changed, retrying\n",
7516			       __func__);
7517			goto retry;
7518		}
7519
7520		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7521
7522		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7523			     lun->pr_key_count, res_keys->header.length);
7524
7525		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7526			if ((key = ctl_get_prkey(lun, i)) == 0)
7527				continue;
7528
7529			/*
7530			 * We used lun->pr_key_count to calculate the
7531			 * size to allocate.  If it turns out the number of
7532			 * initiators with the registered flag set is
7533			 * larger than that (i.e. they haven't been kept in
7534			 * sync), we've got a problem.
7535			 */
7536			if (key_count >= lun->pr_key_count) {
7537#ifdef NEEDTOPORT
7538				csevent_log(CSC_CTL | CSC_SHELF_SW |
7539					    CTL_PR_ERROR,
7540					    csevent_LogType_Fault,
7541					    csevent_AlertLevel_Yellow,
7542					    csevent_FRU_ShelfController,
7543					    csevent_FRU_Firmware,
7544				        csevent_FRU_Unknown,
7545					    "registered keys %d >= key "
7546					    "count %d", key_count,
7547					    lun->pr_key_count);
7548#endif
7549				key_count++;
7550				continue;
7551			}
7552			scsi_u64to8b(key, res_keys->keys[key_count].key);
7553			key_count++;
7554		}
7555		break;
7556	}
7557	case SPRI_RR: { // read reservation
7558		struct scsi_per_res_in_rsrv *res;
7559		int tmp_len, header_only;
7560
7561		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7562
7563		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7564
7565		if (lun->flags & CTL_LUN_PR_RESERVED)
7566		{
7567			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7568			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7569				    res->header.length);
7570			header_only = 0;
7571		} else {
7572			tmp_len = sizeof(struct scsi_per_res_in_header);
7573			scsi_ulto4b(0, res->header.length);
7574			header_only = 1;
7575		}
7576
7577		/*
7578		 * We had to drop the lock to allocate our buffer, which
7579		 * leaves time for someone to come in with another
7580		 * persistent reservation.  (That is unlikely, though,
7581		 * since this should be the only persistent reservation
7582		 * command active right now.)
7583		 */
7584		if (tmp_len != total_len) {
7585			mtx_unlock(&lun->lun_lock);
7586			free(ctsio->kern_data_ptr, M_CTL);
7587			printf("%s: reservation status changed, retrying\n",
7588			       __func__);
7589			goto retry;
7590		}
7591
7592		/*
7593		 * No reservation held, so we're done.
7594		 */
7595		if (header_only != 0)
7596			break;
7597
7598		/*
7599		 * If the registration is an All Registrants type, the key
7600		 * is 0, since it doesn't really matter.
7601		 */
7602		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7603			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7604			    res->data.reservation);
7605		}
7606		res->data.scopetype = lun->res_type;
7607		break;
7608	}
7609	case SPRI_RC:     //report capabilities
7610	{
7611		struct scsi_per_res_cap *res_cap;
7612		uint16_t type_mask;
7613
7614		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7615		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7616		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7617		type_mask = SPRI_TM_WR_EX_AR |
7618			    SPRI_TM_EX_AC_RO |
7619			    SPRI_TM_WR_EX_RO |
7620			    SPRI_TM_EX_AC |
7621			    SPRI_TM_WR_EX |
7622			    SPRI_TM_EX_AC_AR;
7623		scsi_ulto2b(type_mask, res_cap->type_mask);
7624		break;
7625	}
7626	case SPRI_RS: { // read full status
7627		struct scsi_per_res_in_full *res_status;
7628		struct scsi_per_res_in_full_desc *res_desc;
7629		struct ctl_port *port;
7630		int i, len;
7631
7632		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7633
7634		/*
7635		 * We had to drop the lock to allocate our buffer, which
7636		 * leaves time for someone to come in with another
7637		 * persistent reservation.  (That is unlikely, though,
7638		 * since this should be the only persistent reservation
7639		 * command active right now.)
7640		 */
7641		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7642		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7643		     lun->pr_key_count)){
7644			mtx_unlock(&lun->lun_lock);
7645			free(ctsio->kern_data_ptr, M_CTL);
7646			printf("%s: reservation length changed, retrying\n",
7647			       __func__);
7648			goto retry;
7649		}
7650
7651		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7652
7653		res_desc = &res_status->desc[0];
7654		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7655			if ((key = ctl_get_prkey(lun, i)) == 0)
7656				continue;
7657
7658			scsi_u64to8b(key, res_desc->res_key.key);
7659			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7660			    (lun->pr_res_idx == i ||
7661			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7662				res_desc->flags = SPRI_FULL_R_HOLDER;
7663				res_desc->scopetype = lun->res_type;
7664			}
7665			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7666			    res_desc->rel_trgt_port_id);
7667			len = 0;
7668			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7669			if (port != NULL)
7670				len = ctl_create_iid(port,
7671				    i % CTL_MAX_INIT_PER_PORT,
7672				    res_desc->transport_id);
7673			scsi_ulto4b(len, res_desc->additional_length);
7674			res_desc = (struct scsi_per_res_in_full_desc *)
7675			    &res_desc->transport_id[len];
7676		}
7677		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7678		    res_status->header.length);
7679		break;
7680	}
7681	default:
7682		/*
7683		 * This is a bug, because we just checked for this above,
7684		 * and should have returned an error.
7685		 */
7686		panic("Invalid PR type %x", cdb->action);
7687		break; /* NOTREACHED */
7688	}
7689	mtx_unlock(&lun->lun_lock);
7690
7691	ctl_set_success(ctsio);
7692	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7693	ctsio->be_move_done = ctl_config_move_done;
7694	ctl_datamove((union ctl_io *)ctsio);
7695	return (CTL_RETVAL_COMPLETE);
7696}
7697
7698/*
7699 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7700 * it should return.
7701 */
7702static int
7703ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7704		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7705		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7706		struct scsi_per_res_out_parms* param)
7707{
7708	union ctl_ha_msg persis_io;
7709	int i;
7710
7711	mtx_lock(&lun->lun_lock);
7712	if (sa_res_key == 0) {
7713		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7714			/* validate scope and type */
7715			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7716			     SPR_LU_SCOPE) {
7717				mtx_unlock(&lun->lun_lock);
7718				ctl_set_invalid_field(/*ctsio*/ ctsio,
7719						      /*sks_valid*/ 1,
7720						      /*command*/ 1,
7721						      /*field*/ 2,
7722						      /*bit_valid*/ 1,
7723						      /*bit*/ 4);
7724				ctl_done((union ctl_io *)ctsio);
7725				return (1);
7726			}
7727
7728		        if (type>8 || type==2 || type==4 || type==0) {
7729				mtx_unlock(&lun->lun_lock);
7730				ctl_set_invalid_field(/*ctsio*/ ctsio,
7731       	           				      /*sks_valid*/ 1,
7732						      /*command*/ 1,
7733						      /*field*/ 2,
7734						      /*bit_valid*/ 1,
7735						      /*bit*/ 0);
7736				ctl_done((union ctl_io *)ctsio);
7737				return (1);
7738		        }
7739
7740			/*
7741			 * Unregister everybody else and build UA for
7742			 * them
7743			 */
7744			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7745				if (i == residx || ctl_get_prkey(lun, i) == 0)
7746					continue;
7747
7748				ctl_clr_prkey(lun, i);
7749				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7750			}
7751			lun->pr_key_count = 1;
7752			lun->res_type = type;
7753			if (lun->res_type != SPR_TYPE_WR_EX_AR
7754			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7755				lun->pr_res_idx = residx;
7756			lun->PRGeneration++;
7757			mtx_unlock(&lun->lun_lock);
7758
7759			/* send msg to other side */
7760			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7761			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7762			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7763			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7764			persis_io.pr.pr_info.res_type = type;
7765			memcpy(persis_io.pr.pr_info.sa_res_key,
7766			       param->serv_act_res_key,
7767			       sizeof(param->serv_act_res_key));
7768			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7769			    sizeof(persis_io.pr), M_WAITOK);
7770		} else {
7771			/* not all registrants */
7772			mtx_unlock(&lun->lun_lock);
7773			free(ctsio->kern_data_ptr, M_CTL);
7774			ctl_set_invalid_field(ctsio,
7775					      /*sks_valid*/ 1,
7776					      /*command*/ 0,
7777					      /*field*/ 8,
7778					      /*bit_valid*/ 0,
7779					      /*bit*/ 0);
7780			ctl_done((union ctl_io *)ctsio);
7781			return (1);
7782		}
7783	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7784		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7785		int found = 0;
7786
7787		if (res_key == sa_res_key) {
7788			/* special case */
7789			/*
7790			 * The spec implies this is not good but doesn't
7791			 * say what to do. There are two choices either
7792			 * generate a res conflict or check condition
7793			 * with illegal field in parameter data. Since
7794			 * that is what is done when the sa_res_key is
7795			 * zero I'll take that approach since this has
7796			 * to do with the sa_res_key.
7797			 */
7798			mtx_unlock(&lun->lun_lock);
7799			free(ctsio->kern_data_ptr, M_CTL);
7800			ctl_set_invalid_field(ctsio,
7801					      /*sks_valid*/ 1,
7802					      /*command*/ 0,
7803					      /*field*/ 8,
7804					      /*bit_valid*/ 0,
7805					      /*bit*/ 0);
7806			ctl_done((union ctl_io *)ctsio);
7807			return (1);
7808		}
7809
7810		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7811			if (ctl_get_prkey(lun, i) != sa_res_key)
7812				continue;
7813
7814			found = 1;
7815			ctl_clr_prkey(lun, i);
7816			lun->pr_key_count--;
7817			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7818		}
7819		if (!found) {
7820			mtx_unlock(&lun->lun_lock);
7821			free(ctsio->kern_data_ptr, M_CTL);
7822			ctl_set_reservation_conflict(ctsio);
7823			ctl_done((union ctl_io *)ctsio);
7824			return (CTL_RETVAL_COMPLETE);
7825		}
7826		lun->PRGeneration++;
7827		mtx_unlock(&lun->lun_lock);
7828
7829		/* send msg to other side */
7830		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7831		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7832		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7833		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7834		persis_io.pr.pr_info.res_type = type;
7835		memcpy(persis_io.pr.pr_info.sa_res_key,
7836		       param->serv_act_res_key,
7837		       sizeof(param->serv_act_res_key));
7838		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7839		    sizeof(persis_io.pr), M_WAITOK);
7840	} else {
7841		/* Reserved but not all registrants */
7842		/* sa_res_key is res holder */
7843		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7844			/* validate scope and type */
7845			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7846			     SPR_LU_SCOPE) {
7847				mtx_unlock(&lun->lun_lock);
7848				ctl_set_invalid_field(/*ctsio*/ ctsio,
7849						      /*sks_valid*/ 1,
7850						      /*command*/ 1,
7851						      /*field*/ 2,
7852						      /*bit_valid*/ 1,
7853						      /*bit*/ 4);
7854				ctl_done((union ctl_io *)ctsio);
7855				return (1);
7856			}
7857
7858			if (type>8 || type==2 || type==4 || type==0) {
7859				mtx_unlock(&lun->lun_lock);
7860				ctl_set_invalid_field(/*ctsio*/ ctsio,
7861						      /*sks_valid*/ 1,
7862						      /*command*/ 1,
7863						      /*field*/ 2,
7864						      /*bit_valid*/ 1,
7865						      /*bit*/ 0);
7866				ctl_done((union ctl_io *)ctsio);
7867				return (1);
7868			}
7869
7870			/*
7871			 * Do the following:
7872			 * if sa_res_key != res_key remove all
7873			 * registrants w/sa_res_key and generate UA
7874			 * for these registrants(Registrations
7875			 * Preempted) if it wasn't an exclusive
7876			 * reservation generate UA(Reservations
7877			 * Preempted) for all other registered nexuses
7878			 * if the type has changed. Establish the new
7879			 * reservation and holder. If res_key and
7880			 * sa_res_key are the same do the above
7881			 * except don't unregister the res holder.
7882			 */
7883
7884			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7885				if (i == residx || ctl_get_prkey(lun, i) == 0)
7886					continue;
7887
7888				if (sa_res_key == ctl_get_prkey(lun, i)) {
7889					ctl_clr_prkey(lun, i);
7890					lun->pr_key_count--;
7891					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7892				} else if (type != lun->res_type
7893					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7894					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7895					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7896				}
7897			}
7898			lun->res_type = type;
7899			if (lun->res_type != SPR_TYPE_WR_EX_AR
7900			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7901				lun->pr_res_idx = residx;
7902			else
7903				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7904			lun->PRGeneration++;
7905			mtx_unlock(&lun->lun_lock);
7906
7907			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7908			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7909			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7910			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7911			persis_io.pr.pr_info.res_type = type;
7912			memcpy(persis_io.pr.pr_info.sa_res_key,
7913			       param->serv_act_res_key,
7914			       sizeof(param->serv_act_res_key));
7915			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7916			    sizeof(persis_io.pr), M_WAITOK);
7917		} else {
7918			/*
7919			 * sa_res_key is not the res holder just
7920			 * remove registrants
7921			 */
7922			int found=0;
7923
7924			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7925				if (sa_res_key != ctl_get_prkey(lun, i))
7926					continue;
7927
7928				found = 1;
7929				ctl_clr_prkey(lun, i);
7930				lun->pr_key_count--;
7931				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7932			}
7933
7934			if (!found) {
7935				mtx_unlock(&lun->lun_lock);
7936				free(ctsio->kern_data_ptr, M_CTL);
7937				ctl_set_reservation_conflict(ctsio);
7938				ctl_done((union ctl_io *)ctsio);
7939		        	return (1);
7940			}
7941			lun->PRGeneration++;
7942			mtx_unlock(&lun->lun_lock);
7943
7944			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7945			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7946			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7947			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7948			persis_io.pr.pr_info.res_type = type;
7949			memcpy(persis_io.pr.pr_info.sa_res_key,
7950			       param->serv_act_res_key,
7951			       sizeof(param->serv_act_res_key));
7952			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7953			    sizeof(persis_io.pr), M_WAITOK);
7954		}
7955	}
7956	return (0);
7957}
7958
7959static void
7960ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7961{
7962	uint64_t sa_res_key;
7963	int i;
7964
7965	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7966
7967	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7968	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7969	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7970		if (sa_res_key == 0) {
7971			/*
7972			 * Unregister everybody else and build UA for
7973			 * them
7974			 */
7975			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7976				if (i == msg->pr.pr_info.residx ||
7977				    ctl_get_prkey(lun, i) == 0)
7978					continue;
7979
7980				ctl_clr_prkey(lun, i);
7981				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7982			}
7983
7984			lun->pr_key_count = 1;
7985			lun->res_type = msg->pr.pr_info.res_type;
7986			if (lun->res_type != SPR_TYPE_WR_EX_AR
7987			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7988				lun->pr_res_idx = msg->pr.pr_info.residx;
7989		} else {
7990		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7991				if (sa_res_key == ctl_get_prkey(lun, i))
7992					continue;
7993
7994				ctl_clr_prkey(lun, i);
7995				lun->pr_key_count--;
7996				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7997			}
7998		}
7999	} else {
8000		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8001			if (i == msg->pr.pr_info.residx ||
8002			    ctl_get_prkey(lun, i) == 0)
8003				continue;
8004
8005			if (sa_res_key == ctl_get_prkey(lun, i)) {
8006				ctl_clr_prkey(lun, i);
8007				lun->pr_key_count--;
8008				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8009			} else if (msg->pr.pr_info.res_type != lun->res_type
8010				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8011				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8012				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8013			}
8014		}
8015		lun->res_type = msg->pr.pr_info.res_type;
8016		if (lun->res_type != SPR_TYPE_WR_EX_AR
8017		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8018			lun->pr_res_idx = msg->pr.pr_info.residx;
8019		else
8020			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8021	}
8022	lun->PRGeneration++;
8023
8024}
8025
8026
8027int
8028ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8029{
8030	int retval;
8031	u_int32_t param_len;
8032	struct scsi_per_res_out *cdb;
8033	struct ctl_lun *lun;
8034	struct scsi_per_res_out_parms* param;
8035	struct ctl_softc *softc;
8036	uint32_t residx;
8037	uint64_t res_key, sa_res_key, key;
8038	uint8_t type;
8039	union ctl_ha_msg persis_io;
8040	int    i;
8041
8042	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8043
8044	retval = CTL_RETVAL_COMPLETE;
8045
8046	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8047	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8048	softc = lun->ctl_softc;
8049
8050	/*
8051	 * We only support whole-LUN scope.  The scope & type are ignored for
8052	 * register, register and ignore existing key and clear.
8053	 * We sometimes ignore scope and type on preempts too!!
8054	 * Verify reservation type here as well.
8055	 */
8056	type = cdb->scope_type & SPR_TYPE_MASK;
8057	if ((cdb->action == SPRO_RESERVE)
8058	 || (cdb->action == SPRO_RELEASE)) {
8059		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8060			ctl_set_invalid_field(/*ctsio*/ ctsio,
8061					      /*sks_valid*/ 1,
8062					      /*command*/ 1,
8063					      /*field*/ 2,
8064					      /*bit_valid*/ 1,
8065					      /*bit*/ 4);
8066			ctl_done((union ctl_io *)ctsio);
8067			return (CTL_RETVAL_COMPLETE);
8068		}
8069
8070		if (type>8 || type==2 || type==4 || type==0) {
8071			ctl_set_invalid_field(/*ctsio*/ ctsio,
8072					      /*sks_valid*/ 1,
8073					      /*command*/ 1,
8074					      /*field*/ 2,
8075					      /*bit_valid*/ 1,
8076					      /*bit*/ 0);
8077			ctl_done((union ctl_io *)ctsio);
8078			return (CTL_RETVAL_COMPLETE);
8079		}
8080	}
8081
8082	param_len = scsi_4btoul(cdb->length);
8083
8084	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8085		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8086		ctsio->kern_data_len = param_len;
8087		ctsio->kern_total_len = param_len;
8088		ctsio->kern_data_resid = 0;
8089		ctsio->kern_rel_offset = 0;
8090		ctsio->kern_sg_entries = 0;
8091		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8092		ctsio->be_move_done = ctl_config_move_done;
8093		ctl_datamove((union ctl_io *)ctsio);
8094
8095		return (CTL_RETVAL_COMPLETE);
8096	}
8097
8098	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8099
8100	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8101	res_key = scsi_8btou64(param->res_key.key);
8102	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8103
8104	/*
8105	 * Validate the reservation key here except for SPRO_REG_IGNO
8106	 * This must be done for all other service actions
8107	 */
8108	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8109		mtx_lock(&lun->lun_lock);
8110		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8111			if (res_key != key) {
8112				/*
8113				 * The current key passed in doesn't match
8114				 * the one the initiator previously
8115				 * registered.
8116				 */
8117				mtx_unlock(&lun->lun_lock);
8118				free(ctsio->kern_data_ptr, M_CTL);
8119				ctl_set_reservation_conflict(ctsio);
8120				ctl_done((union ctl_io *)ctsio);
8121				return (CTL_RETVAL_COMPLETE);
8122			}
8123		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8124			/*
8125			 * We are not registered
8126			 */
8127			mtx_unlock(&lun->lun_lock);
8128			free(ctsio->kern_data_ptr, M_CTL);
8129			ctl_set_reservation_conflict(ctsio);
8130			ctl_done((union ctl_io *)ctsio);
8131			return (CTL_RETVAL_COMPLETE);
8132		} else if (res_key != 0) {
8133			/*
8134			 * We are not registered and trying to register but
8135			 * the register key isn't zero.
8136			 */
8137			mtx_unlock(&lun->lun_lock);
8138			free(ctsio->kern_data_ptr, M_CTL);
8139			ctl_set_reservation_conflict(ctsio);
8140			ctl_done((union ctl_io *)ctsio);
8141			return (CTL_RETVAL_COMPLETE);
8142		}
8143		mtx_unlock(&lun->lun_lock);
8144	}
8145
8146	switch (cdb->action & SPRO_ACTION_MASK) {
8147	case SPRO_REGISTER:
8148	case SPRO_REG_IGNO: {
8149
8150#if 0
8151		printf("Registration received\n");
8152#endif
8153
8154		/*
8155		 * We don't support any of these options, as we report in
8156		 * the read capabilities request (see
8157		 * ctl_persistent_reserve_in(), above).
8158		 */
8159		if ((param->flags & SPR_SPEC_I_PT)
8160		 || (param->flags & SPR_ALL_TG_PT)
8161		 || (param->flags & SPR_APTPL)) {
8162			int bit_ptr;
8163
8164			if (param->flags & SPR_APTPL)
8165				bit_ptr = 0;
8166			else if (param->flags & SPR_ALL_TG_PT)
8167				bit_ptr = 2;
8168			else /* SPR_SPEC_I_PT */
8169				bit_ptr = 3;
8170
8171			free(ctsio->kern_data_ptr, M_CTL);
8172			ctl_set_invalid_field(ctsio,
8173					      /*sks_valid*/ 1,
8174					      /*command*/ 0,
8175					      /*field*/ 20,
8176					      /*bit_valid*/ 1,
8177					      /*bit*/ bit_ptr);
8178			ctl_done((union ctl_io *)ctsio);
8179			return (CTL_RETVAL_COMPLETE);
8180		}
8181
8182		mtx_lock(&lun->lun_lock);
8183
8184		/*
8185		 * The initiator wants to clear the
8186		 * key/unregister.
8187		 */
8188		if (sa_res_key == 0) {
8189			if ((res_key == 0
8190			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8191			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8192			  && ctl_get_prkey(lun, residx) == 0)) {
8193				mtx_unlock(&lun->lun_lock);
8194				goto done;
8195			}
8196
8197			ctl_clr_prkey(lun, residx);
8198			lun->pr_key_count--;
8199
8200			if (residx == lun->pr_res_idx) {
8201				lun->flags &= ~CTL_LUN_PR_RESERVED;
8202				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8203
8204				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8205				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8206				 && lun->pr_key_count) {
8207					/*
8208					 * If the reservation is a registrants
8209					 * only type we need to generate a UA
8210					 * for other registered inits.  The
8211					 * sense code should be RESERVATIONS
8212					 * RELEASED
8213					 */
8214
8215					for (i = softc->init_min; i < softc->init_max; i++){
8216						if (ctl_get_prkey(lun, i) == 0)
8217							continue;
8218						ctl_est_ua(lun, i,
8219						    CTL_UA_RES_RELEASE);
8220					}
8221				}
8222				lun->res_type = 0;
8223			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8224				if (lun->pr_key_count==0) {
8225					lun->flags &= ~CTL_LUN_PR_RESERVED;
8226					lun->res_type = 0;
8227					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8228				}
8229			}
8230			lun->PRGeneration++;
8231			mtx_unlock(&lun->lun_lock);
8232
8233			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8234			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8235			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8236			persis_io.pr.pr_info.residx = residx;
8237			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8238			    sizeof(persis_io.pr), M_WAITOK);
8239		} else /* sa_res_key != 0 */ {
8240
8241			/*
8242			 * If we aren't registered currently then increment
8243			 * the key count and set the registered flag.
8244			 */
8245			ctl_alloc_prkey(lun, residx);
8246			if (ctl_get_prkey(lun, residx) == 0)
8247				lun->pr_key_count++;
8248			ctl_set_prkey(lun, residx, sa_res_key);
8249			lun->PRGeneration++;
8250			mtx_unlock(&lun->lun_lock);
8251
8252			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8253			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8254			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8255			persis_io.pr.pr_info.residx = residx;
8256			memcpy(persis_io.pr.pr_info.sa_res_key,
8257			       param->serv_act_res_key,
8258			       sizeof(param->serv_act_res_key));
8259			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8260			    sizeof(persis_io.pr), M_WAITOK);
8261		}
8262
8263		break;
8264	}
8265	case SPRO_RESERVE:
8266#if 0
8267                printf("Reserve executed type %d\n", type);
8268#endif
8269		mtx_lock(&lun->lun_lock);
8270		if (lun->flags & CTL_LUN_PR_RESERVED) {
8271			/*
8272			 * if this isn't the reservation holder and it's
8273			 * not a "all registrants" type or if the type is
8274			 * different then we have a conflict
8275			 */
8276			if ((lun->pr_res_idx != residx
8277			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8278			 || lun->res_type != type) {
8279				mtx_unlock(&lun->lun_lock);
8280				free(ctsio->kern_data_ptr, M_CTL);
8281				ctl_set_reservation_conflict(ctsio);
8282				ctl_done((union ctl_io *)ctsio);
8283				return (CTL_RETVAL_COMPLETE);
8284			}
8285			mtx_unlock(&lun->lun_lock);
8286		} else /* create a reservation */ {
8287			/*
8288			 * If it's not an "all registrants" type record
8289			 * reservation holder
8290			 */
8291			if (type != SPR_TYPE_WR_EX_AR
8292			 && type != SPR_TYPE_EX_AC_AR)
8293				lun->pr_res_idx = residx; /* Res holder */
8294			else
8295				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8296
8297			lun->flags |= CTL_LUN_PR_RESERVED;
8298			lun->res_type = type;
8299
8300			mtx_unlock(&lun->lun_lock);
8301
8302			/* send msg to other side */
8303			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8304			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8305			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8306			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8307			persis_io.pr.pr_info.res_type = type;
8308			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8309			    sizeof(persis_io.pr), M_WAITOK);
8310		}
8311		break;
8312
8313	case SPRO_RELEASE:
8314		mtx_lock(&lun->lun_lock);
8315		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8316			/* No reservation exists return good status */
8317			mtx_unlock(&lun->lun_lock);
8318			goto done;
8319		}
8320		/*
8321		 * Is this nexus a reservation holder?
8322		 */
8323		if (lun->pr_res_idx != residx
8324		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8325			/*
8326			 * not a res holder return good status but
8327			 * do nothing
8328			 */
8329			mtx_unlock(&lun->lun_lock);
8330			goto done;
8331		}
8332
8333		if (lun->res_type != type) {
8334			mtx_unlock(&lun->lun_lock);
8335			free(ctsio->kern_data_ptr, M_CTL);
8336			ctl_set_illegal_pr_release(ctsio);
8337			ctl_done((union ctl_io *)ctsio);
8338			return (CTL_RETVAL_COMPLETE);
8339		}
8340
8341		/* okay to release */
8342		lun->flags &= ~CTL_LUN_PR_RESERVED;
8343		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8344		lun->res_type = 0;
8345
8346		/*
8347		 * if this isn't an exclusive access
8348		 * res generate UA for all other
8349		 * registrants.
8350		 */
8351		if (type != SPR_TYPE_EX_AC
8352		 && type != SPR_TYPE_WR_EX) {
8353			for (i = softc->init_min; i < softc->init_max; i++) {
8354				if (i == residx || ctl_get_prkey(lun, i) == 0)
8355					continue;
8356				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8357			}
8358		}
8359		mtx_unlock(&lun->lun_lock);
8360
8361		/* Send msg to other side */
8362		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8363		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8364		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8365		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8366		     sizeof(persis_io.pr), M_WAITOK);
8367		break;
8368
8369	case SPRO_CLEAR:
8370		/* send msg to other side */
8371
8372		mtx_lock(&lun->lun_lock);
8373		lun->flags &= ~CTL_LUN_PR_RESERVED;
8374		lun->res_type = 0;
8375		lun->pr_key_count = 0;
8376		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8377
8378		ctl_clr_prkey(lun, residx);
8379		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8380			if (ctl_get_prkey(lun, i) != 0) {
8381				ctl_clr_prkey(lun, i);
8382				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8383			}
8384		lun->PRGeneration++;
8385		mtx_unlock(&lun->lun_lock);
8386
8387		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8388		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8389		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8390		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8391		     sizeof(persis_io.pr), M_WAITOK);
8392		break;
8393
8394	case SPRO_PREEMPT:
8395	case SPRO_PRE_ABO: {
8396		int nretval;
8397
8398		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8399					  residx, ctsio, cdb, param);
8400		if (nretval != 0)
8401			return (CTL_RETVAL_COMPLETE);
8402		break;
8403	}
8404	default:
8405		panic("Invalid PR type %x", cdb->action);
8406	}
8407
8408done:
8409	free(ctsio->kern_data_ptr, M_CTL);
8410	ctl_set_success(ctsio);
8411	ctl_done((union ctl_io *)ctsio);
8412
8413	return (retval);
8414}
8415
8416/*
8417 * This routine is for handling a message from the other SC pertaining to
8418 * persistent reserve out. All the error checking will have been done
8419 * so only perorming the action need be done here to keep the two
8420 * in sync.
8421 */
8422static void
8423ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8424{
8425	struct ctl_lun *lun;
8426	struct ctl_softc *softc;
8427	int i;
8428	uint32_t residx, targ_lun;
8429
8430	softc = control_softc;
8431	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8432	mtx_lock(&softc->ctl_lock);
8433	if ((targ_lun >= CTL_MAX_LUNS) ||
8434	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8435		mtx_unlock(&softc->ctl_lock);
8436		return;
8437	}
8438	mtx_lock(&lun->lun_lock);
8439	mtx_unlock(&softc->ctl_lock);
8440	if (lun->flags & CTL_LUN_DISABLED) {
8441		mtx_unlock(&lun->lun_lock);
8442		return;
8443	}
8444	residx = ctl_get_initindex(&msg->hdr.nexus);
8445	switch(msg->pr.pr_info.action) {
8446	case CTL_PR_REG_KEY:
8447		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8448		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8449			lun->pr_key_count++;
8450		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8451		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8452		lun->PRGeneration++;
8453		break;
8454
8455	case CTL_PR_UNREG_KEY:
8456		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8457		lun->pr_key_count--;
8458
8459		/* XXX Need to see if the reservation has been released */
8460		/* if so do we need to generate UA? */
8461		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8462			lun->flags &= ~CTL_LUN_PR_RESERVED;
8463			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8464
8465			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8466			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8467			 && lun->pr_key_count) {
8468				/*
8469				 * If the reservation is a registrants
8470				 * only type we need to generate a UA
8471				 * for other registered inits.  The
8472				 * sense code should be RESERVATIONS
8473				 * RELEASED
8474				 */
8475
8476				for (i = softc->init_min; i < softc->init_max; i++) {
8477					if (ctl_get_prkey(lun, i) == 0)
8478						continue;
8479
8480					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8481				}
8482			}
8483			lun->res_type = 0;
8484		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8485			if (lun->pr_key_count==0) {
8486				lun->flags &= ~CTL_LUN_PR_RESERVED;
8487				lun->res_type = 0;
8488				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8489			}
8490		}
8491		lun->PRGeneration++;
8492		break;
8493
8494	case CTL_PR_RESERVE:
8495		lun->flags |= CTL_LUN_PR_RESERVED;
8496		lun->res_type = msg->pr.pr_info.res_type;
8497		lun->pr_res_idx = msg->pr.pr_info.residx;
8498
8499		break;
8500
8501	case CTL_PR_RELEASE:
8502		/*
8503		 * if this isn't an exclusive access res generate UA for all
8504		 * other registrants.
8505		 */
8506		if (lun->res_type != SPR_TYPE_EX_AC
8507		 && lun->res_type != SPR_TYPE_WR_EX) {
8508			for (i = softc->init_min; i < softc->init_max; i++)
8509				if (i == residx || ctl_get_prkey(lun, i) == 0)
8510					continue;
8511				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8512		}
8513
8514		lun->flags &= ~CTL_LUN_PR_RESERVED;
8515		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8516		lun->res_type = 0;
8517		break;
8518
8519	case CTL_PR_PREEMPT:
8520		ctl_pro_preempt_other(lun, msg);
8521		break;
8522	case CTL_PR_CLEAR:
8523		lun->flags &= ~CTL_LUN_PR_RESERVED;
8524		lun->res_type = 0;
8525		lun->pr_key_count = 0;
8526		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8527
8528		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8529			if (ctl_get_prkey(lun, i) == 0)
8530				continue;
8531			ctl_clr_prkey(lun, i);
8532			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8533		}
8534		lun->PRGeneration++;
8535		break;
8536	}
8537
8538	mtx_unlock(&lun->lun_lock);
8539}
8540
8541int
8542ctl_read_write(struct ctl_scsiio *ctsio)
8543{
8544	struct ctl_lun *lun;
8545	struct ctl_lba_len_flags *lbalen;
8546	uint64_t lba;
8547	uint32_t num_blocks;
8548	int flags, retval;
8549	int isread;
8550
8551	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8552
8553	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8554
8555	flags = 0;
8556	retval = CTL_RETVAL_COMPLETE;
8557
8558	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8559	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8560	switch (ctsio->cdb[0]) {
8561	case READ_6:
8562	case WRITE_6: {
8563		struct scsi_rw_6 *cdb;
8564
8565		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8566
8567		lba = scsi_3btoul(cdb->addr);
8568		/* only 5 bits are valid in the most significant address byte */
8569		lba &= 0x1fffff;
8570		num_blocks = cdb->length;
8571		/*
8572		 * This is correct according to SBC-2.
8573		 */
8574		if (num_blocks == 0)
8575			num_blocks = 256;
8576		break;
8577	}
8578	case READ_10:
8579	case WRITE_10: {
8580		struct scsi_rw_10 *cdb;
8581
8582		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8583		if (cdb->byte2 & SRW10_FUA)
8584			flags |= CTL_LLF_FUA;
8585		if (cdb->byte2 & SRW10_DPO)
8586			flags |= CTL_LLF_DPO;
8587		lba = scsi_4btoul(cdb->addr);
8588		num_blocks = scsi_2btoul(cdb->length);
8589		break;
8590	}
8591	case WRITE_VERIFY_10: {
8592		struct scsi_write_verify_10 *cdb;
8593
8594		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8595		flags |= CTL_LLF_FUA;
8596		if (cdb->byte2 & SWV_DPO)
8597			flags |= CTL_LLF_DPO;
8598		lba = scsi_4btoul(cdb->addr);
8599		num_blocks = scsi_2btoul(cdb->length);
8600		break;
8601	}
8602	case READ_12:
8603	case WRITE_12: {
8604		struct scsi_rw_12 *cdb;
8605
8606		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8607		if (cdb->byte2 & SRW12_FUA)
8608			flags |= CTL_LLF_FUA;
8609		if (cdb->byte2 & SRW12_DPO)
8610			flags |= CTL_LLF_DPO;
8611		lba = scsi_4btoul(cdb->addr);
8612		num_blocks = scsi_4btoul(cdb->length);
8613		break;
8614	}
8615	case WRITE_VERIFY_12: {
8616		struct scsi_write_verify_12 *cdb;
8617
8618		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8619		flags |= CTL_LLF_FUA;
8620		if (cdb->byte2 & SWV_DPO)
8621			flags |= CTL_LLF_DPO;
8622		lba = scsi_4btoul(cdb->addr);
8623		num_blocks = scsi_4btoul(cdb->length);
8624		break;
8625	}
8626	case READ_16:
8627	case WRITE_16: {
8628		struct scsi_rw_16 *cdb;
8629
8630		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8631		if (cdb->byte2 & SRW12_FUA)
8632			flags |= CTL_LLF_FUA;
8633		if (cdb->byte2 & SRW12_DPO)
8634			flags |= CTL_LLF_DPO;
8635		lba = scsi_8btou64(cdb->addr);
8636		num_blocks = scsi_4btoul(cdb->length);
8637		break;
8638	}
8639	case WRITE_ATOMIC_16: {
8640		struct scsi_rw_16 *cdb;
8641
8642		if (lun->be_lun->atomicblock == 0) {
8643			ctl_set_invalid_opcode(ctsio);
8644			ctl_done((union ctl_io *)ctsio);
8645			return (CTL_RETVAL_COMPLETE);
8646		}
8647
8648		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8649		if (cdb->byte2 & SRW12_FUA)
8650			flags |= CTL_LLF_FUA;
8651		if (cdb->byte2 & SRW12_DPO)
8652			flags |= CTL_LLF_DPO;
8653		lba = scsi_8btou64(cdb->addr);
8654		num_blocks = scsi_4btoul(cdb->length);
8655		if (num_blocks > lun->be_lun->atomicblock) {
8656			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8657			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8658			    /*bit*/ 0);
8659			ctl_done((union ctl_io *)ctsio);
8660			return (CTL_RETVAL_COMPLETE);
8661		}
8662		break;
8663	}
8664	case WRITE_VERIFY_16: {
8665		struct scsi_write_verify_16 *cdb;
8666
8667		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8668		flags |= CTL_LLF_FUA;
8669		if (cdb->byte2 & SWV_DPO)
8670			flags |= CTL_LLF_DPO;
8671		lba = scsi_8btou64(cdb->addr);
8672		num_blocks = scsi_4btoul(cdb->length);
8673		break;
8674	}
8675	default:
8676		/*
8677		 * We got a command we don't support.  This shouldn't
8678		 * happen, commands should be filtered out above us.
8679		 */
8680		ctl_set_invalid_opcode(ctsio);
8681		ctl_done((union ctl_io *)ctsio);
8682
8683		return (CTL_RETVAL_COMPLETE);
8684		break; /* NOTREACHED */
8685	}
8686
8687	/*
8688	 * The first check is to make sure we're in bounds, the second
8689	 * check is to catch wrap-around problems.  If the lba + num blocks
8690	 * is less than the lba, then we've wrapped around and the block
8691	 * range is invalid anyway.
8692	 */
8693	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8694	 || ((lba + num_blocks) < lba)) {
8695		ctl_set_lba_out_of_range(ctsio);
8696		ctl_done((union ctl_io *)ctsio);
8697		return (CTL_RETVAL_COMPLETE);
8698	}
8699
8700	/*
8701	 * According to SBC-3, a transfer length of 0 is not an error.
8702	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8703	 * translates to 256 blocks for those commands.
8704	 */
8705	if (num_blocks == 0) {
8706		ctl_set_success(ctsio);
8707		ctl_done((union ctl_io *)ctsio);
8708		return (CTL_RETVAL_COMPLETE);
8709	}
8710
8711	/* Set FUA and/or DPO if caches are disabled. */
8712	if (isread) {
8713		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8714		    SCP_RCD) != 0)
8715			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8716	} else {
8717		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8718		    SCP_WCE) == 0)
8719			flags |= CTL_LLF_FUA;
8720	}
8721
8722	lbalen = (struct ctl_lba_len_flags *)
8723	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8724	lbalen->lba = lba;
8725	lbalen->len = num_blocks;
8726	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8727
8728	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8729	ctsio->kern_rel_offset = 0;
8730
8731	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8732
8733	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8734
8735	return (retval);
8736}
8737
8738static int
8739ctl_cnw_cont(union ctl_io *io)
8740{
8741	struct ctl_scsiio *ctsio;
8742	struct ctl_lun *lun;
8743	struct ctl_lba_len_flags *lbalen;
8744	int retval;
8745
8746	ctsio = &io->scsiio;
8747	ctsio->io_hdr.status = CTL_STATUS_NONE;
8748	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8749	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8750	lbalen = (struct ctl_lba_len_flags *)
8751	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8752	lbalen->flags &= ~CTL_LLF_COMPARE;
8753	lbalen->flags |= CTL_LLF_WRITE;
8754
8755	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8756	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8757	return (retval);
8758}
8759
8760int
8761ctl_cnw(struct ctl_scsiio *ctsio)
8762{
8763	struct ctl_lun *lun;
8764	struct ctl_lba_len_flags *lbalen;
8765	uint64_t lba;
8766	uint32_t num_blocks;
8767	int flags, retval;
8768
8769	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8770
8771	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8772
8773	flags = 0;
8774	retval = CTL_RETVAL_COMPLETE;
8775
8776	switch (ctsio->cdb[0]) {
8777	case COMPARE_AND_WRITE: {
8778		struct scsi_compare_and_write *cdb;
8779
8780		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8781		if (cdb->byte2 & SRW10_FUA)
8782			flags |= CTL_LLF_FUA;
8783		if (cdb->byte2 & SRW10_DPO)
8784			flags |= CTL_LLF_DPO;
8785		lba = scsi_8btou64(cdb->addr);
8786		num_blocks = cdb->length;
8787		break;
8788	}
8789	default:
8790		/*
8791		 * We got a command we don't support.  This shouldn't
8792		 * happen, commands should be filtered out above us.
8793		 */
8794		ctl_set_invalid_opcode(ctsio);
8795		ctl_done((union ctl_io *)ctsio);
8796
8797		return (CTL_RETVAL_COMPLETE);
8798		break; /* NOTREACHED */
8799	}
8800
8801	/*
8802	 * The first check is to make sure we're in bounds, the second
8803	 * check is to catch wrap-around problems.  If the lba + num blocks
8804	 * is less than the lba, then we've wrapped around and the block
8805	 * range is invalid anyway.
8806	 */
8807	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8808	 || ((lba + num_blocks) < lba)) {
8809		ctl_set_lba_out_of_range(ctsio);
8810		ctl_done((union ctl_io *)ctsio);
8811		return (CTL_RETVAL_COMPLETE);
8812	}
8813
8814	/*
8815	 * According to SBC-3, a transfer length of 0 is not an error.
8816	 */
8817	if (num_blocks == 0) {
8818		ctl_set_success(ctsio);
8819		ctl_done((union ctl_io *)ctsio);
8820		return (CTL_RETVAL_COMPLETE);
8821	}
8822
8823	/* Set FUA if write cache is disabled. */
8824	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8825	    SCP_WCE) == 0)
8826		flags |= CTL_LLF_FUA;
8827
8828	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8829	ctsio->kern_rel_offset = 0;
8830
8831	/*
8832	 * Set the IO_CONT flag, so that if this I/O gets passed to
8833	 * ctl_data_submit_done(), it'll get passed back to
8834	 * ctl_ctl_cnw_cont() for further processing.
8835	 */
8836	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8837	ctsio->io_cont = ctl_cnw_cont;
8838
8839	lbalen = (struct ctl_lba_len_flags *)
8840	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8841	lbalen->lba = lba;
8842	lbalen->len = num_blocks;
8843	lbalen->flags = CTL_LLF_COMPARE | flags;
8844
8845	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8846	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8847	return (retval);
8848}
8849
8850int
8851ctl_verify(struct ctl_scsiio *ctsio)
8852{
8853	struct ctl_lun *lun;
8854	struct ctl_lba_len_flags *lbalen;
8855	uint64_t lba;
8856	uint32_t num_blocks;
8857	int bytchk, flags;
8858	int retval;
8859
8860	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8861
8862	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8863
8864	bytchk = 0;
8865	flags = CTL_LLF_FUA;
8866	retval = CTL_RETVAL_COMPLETE;
8867
8868	switch (ctsio->cdb[0]) {
8869	case VERIFY_10: {
8870		struct scsi_verify_10 *cdb;
8871
8872		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8873		if (cdb->byte2 & SVFY_BYTCHK)
8874			bytchk = 1;
8875		if (cdb->byte2 & SVFY_DPO)
8876			flags |= CTL_LLF_DPO;
8877		lba = scsi_4btoul(cdb->addr);
8878		num_blocks = scsi_2btoul(cdb->length);
8879		break;
8880	}
8881	case VERIFY_12: {
8882		struct scsi_verify_12 *cdb;
8883
8884		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8885		if (cdb->byte2 & SVFY_BYTCHK)
8886			bytchk = 1;
8887		if (cdb->byte2 & SVFY_DPO)
8888			flags |= CTL_LLF_DPO;
8889		lba = scsi_4btoul(cdb->addr);
8890		num_blocks = scsi_4btoul(cdb->length);
8891		break;
8892	}
8893	case VERIFY_16: {
8894		struct scsi_rw_16 *cdb;
8895
8896		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8897		if (cdb->byte2 & SVFY_BYTCHK)
8898			bytchk = 1;
8899		if (cdb->byte2 & SVFY_DPO)
8900			flags |= CTL_LLF_DPO;
8901		lba = scsi_8btou64(cdb->addr);
8902		num_blocks = scsi_4btoul(cdb->length);
8903		break;
8904	}
8905	default:
8906		/*
8907		 * We got a command we don't support.  This shouldn't
8908		 * happen, commands should be filtered out above us.
8909		 */
8910		ctl_set_invalid_opcode(ctsio);
8911		ctl_done((union ctl_io *)ctsio);
8912		return (CTL_RETVAL_COMPLETE);
8913	}
8914
8915	/*
8916	 * The first check is to make sure we're in bounds, the second
8917	 * check is to catch wrap-around problems.  If the lba + num blocks
8918	 * is less than the lba, then we've wrapped around and the block
8919	 * range is invalid anyway.
8920	 */
8921	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8922	 || ((lba + num_blocks) < lba)) {
8923		ctl_set_lba_out_of_range(ctsio);
8924		ctl_done((union ctl_io *)ctsio);
8925		return (CTL_RETVAL_COMPLETE);
8926	}
8927
8928	/*
8929	 * According to SBC-3, a transfer length of 0 is not an error.
8930	 */
8931	if (num_blocks == 0) {
8932		ctl_set_success(ctsio);
8933		ctl_done((union ctl_io *)ctsio);
8934		return (CTL_RETVAL_COMPLETE);
8935	}
8936
8937	lbalen = (struct ctl_lba_len_flags *)
8938	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8939	lbalen->lba = lba;
8940	lbalen->len = num_blocks;
8941	if (bytchk) {
8942		lbalen->flags = CTL_LLF_COMPARE | flags;
8943		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8944	} else {
8945		lbalen->flags = CTL_LLF_VERIFY | flags;
8946		ctsio->kern_total_len = 0;
8947	}
8948	ctsio->kern_rel_offset = 0;
8949
8950	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8951	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8952	return (retval);
8953}
8954
8955int
8956ctl_report_luns(struct ctl_scsiio *ctsio)
8957{
8958	struct ctl_softc *softc = control_softc;
8959	struct scsi_report_luns *cdb;
8960	struct scsi_report_luns_data *lun_data;
8961	struct ctl_lun *lun, *request_lun;
8962	struct ctl_port *port;
8963	int num_luns, retval;
8964	uint32_t alloc_len, lun_datalen;
8965	int num_filled, well_known;
8966	uint32_t initidx, targ_lun_id, lun_id;
8967
8968	retval = CTL_RETVAL_COMPLETE;
8969	well_known = 0;
8970
8971	cdb = (struct scsi_report_luns *)ctsio->cdb;
8972	port = ctl_io_port(&ctsio->io_hdr);
8973
8974	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8975
8976	mtx_lock(&softc->ctl_lock);
8977	num_luns = 0;
8978	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8979		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8980			num_luns++;
8981	}
8982	mtx_unlock(&softc->ctl_lock);
8983
8984	switch (cdb->select_report) {
8985	case RPL_REPORT_DEFAULT:
8986	case RPL_REPORT_ALL:
8987		break;
8988	case RPL_REPORT_WELLKNOWN:
8989		well_known = 1;
8990		num_luns = 0;
8991		break;
8992	default:
8993		ctl_set_invalid_field(ctsio,
8994				      /*sks_valid*/ 1,
8995				      /*command*/ 1,
8996				      /*field*/ 2,
8997				      /*bit_valid*/ 0,
8998				      /*bit*/ 0);
8999		ctl_done((union ctl_io *)ctsio);
9000		return (retval);
9001		break; /* NOTREACHED */
9002	}
9003
9004	alloc_len = scsi_4btoul(cdb->length);
9005	/*
9006	 * The initiator has to allocate at least 16 bytes for this request,
9007	 * so he can at least get the header and the first LUN.  Otherwise
9008	 * we reject the request (per SPC-3 rev 14, section 6.21).
9009	 */
9010	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9011	    sizeof(struct scsi_report_luns_lundata))) {
9012		ctl_set_invalid_field(ctsio,
9013				      /*sks_valid*/ 1,
9014				      /*command*/ 1,
9015				      /*field*/ 6,
9016				      /*bit_valid*/ 0,
9017				      /*bit*/ 0);
9018		ctl_done((union ctl_io *)ctsio);
9019		return (retval);
9020	}
9021
9022	request_lun = (struct ctl_lun *)
9023		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9024
9025	lun_datalen = sizeof(*lun_data) +
9026		(num_luns * sizeof(struct scsi_report_luns_lundata));
9027
9028	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9029	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9030	ctsio->kern_sg_entries = 0;
9031
9032	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9033
9034	mtx_lock(&softc->ctl_lock);
9035	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9036		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9037		if (lun_id >= CTL_MAX_LUNS)
9038			continue;
9039		lun = softc->ctl_luns[lun_id];
9040		if (lun == NULL)
9041			continue;
9042
9043		if (targ_lun_id <= 0xff) {
9044			/*
9045			 * Peripheral addressing method, bus number 0.
9046			 */
9047			lun_data->luns[num_filled].lundata[0] =
9048				RPL_LUNDATA_ATYP_PERIPH;
9049			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9050			num_filled++;
9051		} else if (targ_lun_id <= 0x3fff) {
9052			/*
9053			 * Flat addressing method.
9054			 */
9055			lun_data->luns[num_filled].lundata[0] =
9056				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9057			lun_data->luns[num_filled].lundata[1] =
9058				(targ_lun_id & 0xff);
9059			num_filled++;
9060		} else if (targ_lun_id <= 0xffffff) {
9061			/*
9062			 * Extended flat addressing method.
9063			 */
9064			lun_data->luns[num_filled].lundata[0] =
9065			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9066			scsi_ulto3b(targ_lun_id,
9067			    &lun_data->luns[num_filled].lundata[1]);
9068			num_filled++;
9069		} else {
9070			printf("ctl_report_luns: bogus LUN number %jd, "
9071			       "skipping\n", (intmax_t)targ_lun_id);
9072		}
9073		/*
9074		 * According to SPC-3, rev 14 section 6.21:
9075		 *
9076		 * "The execution of a REPORT LUNS command to any valid and
9077		 * installed logical unit shall clear the REPORTED LUNS DATA
9078		 * HAS CHANGED unit attention condition for all logical
9079		 * units of that target with respect to the requesting
9080		 * initiator. A valid and installed logical unit is one
9081		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9082		 * INQUIRY data (see 6.4.2)."
9083		 *
9084		 * If request_lun is NULL, the LUN this report luns command
9085		 * was issued to is either disabled or doesn't exist. In that
9086		 * case, we shouldn't clear any pending lun change unit
9087		 * attention.
9088		 */
9089		if (request_lun != NULL) {
9090			mtx_lock(&lun->lun_lock);
9091			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9092			mtx_unlock(&lun->lun_lock);
9093		}
9094	}
9095	mtx_unlock(&softc->ctl_lock);
9096
9097	/*
9098	 * It's quite possible that we've returned fewer LUNs than we allocated
9099	 * space for.  Trim it.
9100	 */
9101	lun_datalen = sizeof(*lun_data) +
9102		(num_filled * sizeof(struct scsi_report_luns_lundata));
9103
9104	if (lun_datalen < alloc_len) {
9105		ctsio->residual = alloc_len - lun_datalen;
9106		ctsio->kern_data_len = lun_datalen;
9107		ctsio->kern_total_len = lun_datalen;
9108	} else {
9109		ctsio->residual = 0;
9110		ctsio->kern_data_len = alloc_len;
9111		ctsio->kern_total_len = alloc_len;
9112	}
9113	ctsio->kern_data_resid = 0;
9114	ctsio->kern_rel_offset = 0;
9115	ctsio->kern_sg_entries = 0;
9116
9117	/*
9118	 * We set this to the actual data length, regardless of how much
9119	 * space we actually have to return results.  If the user looks at
9120	 * this value, he'll know whether or not he allocated enough space
9121	 * and reissue the command if necessary.  We don't support well
9122	 * known logical units, so if the user asks for that, return none.
9123	 */
9124	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9125
9126	/*
9127	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9128	 * this request.
9129	 */
9130	ctl_set_success(ctsio);
9131	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9132	ctsio->be_move_done = ctl_config_move_done;
9133	ctl_datamove((union ctl_io *)ctsio);
9134	return (retval);
9135}
9136
9137int
9138ctl_request_sense(struct ctl_scsiio *ctsio)
9139{
9140	struct scsi_request_sense *cdb;
9141	struct scsi_sense_data *sense_ptr;
9142	struct ctl_softc *ctl_softc;
9143	struct ctl_lun *lun;
9144	uint32_t initidx;
9145	int have_error;
9146	scsi_sense_data_type sense_format;
9147	ctl_ua_type ua_type;
9148
9149	cdb = (struct scsi_request_sense *)ctsio->cdb;
9150
9151	ctl_softc = control_softc;
9152	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9153
9154	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9155
9156	/*
9157	 * Determine which sense format the user wants.
9158	 */
9159	if (cdb->byte2 & SRS_DESC)
9160		sense_format = SSD_TYPE_DESC;
9161	else
9162		sense_format = SSD_TYPE_FIXED;
9163
9164	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9165	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9166	ctsio->kern_sg_entries = 0;
9167
9168	/*
9169	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9170	 * larger than the largest allowed value for the length field in the
9171	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9172	 */
9173	ctsio->residual = 0;
9174	ctsio->kern_data_len = cdb->length;
9175	ctsio->kern_total_len = cdb->length;
9176
9177	ctsio->kern_data_resid = 0;
9178	ctsio->kern_rel_offset = 0;
9179	ctsio->kern_sg_entries = 0;
9180
9181	/*
9182	 * If we don't have a LUN, we don't have any pending sense.
9183	 */
9184	if (lun == NULL)
9185		goto no_sense;
9186
9187	have_error = 0;
9188	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9189	/*
9190	 * Check for pending sense, and then for pending unit attentions.
9191	 * Pending sense gets returned first, then pending unit attentions.
9192	 */
9193	mtx_lock(&lun->lun_lock);
9194#ifdef CTL_WITH_CA
9195	if (ctl_is_set(lun->have_ca, initidx)) {
9196		scsi_sense_data_type stored_format;
9197
9198		/*
9199		 * Check to see which sense format was used for the stored
9200		 * sense data.
9201		 */
9202		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9203
9204		/*
9205		 * If the user requested a different sense format than the
9206		 * one we stored, then we need to convert it to the other
9207		 * format.  If we're going from descriptor to fixed format
9208		 * sense data, we may lose things in translation, depending
9209		 * on what options were used.
9210		 *
9211		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9212		 * for some reason we'll just copy it out as-is.
9213		 */
9214		if ((stored_format == SSD_TYPE_FIXED)
9215		 && (sense_format == SSD_TYPE_DESC))
9216			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9217			    &lun->pending_sense[initidx],
9218			    (struct scsi_sense_data_desc *)sense_ptr);
9219		else if ((stored_format == SSD_TYPE_DESC)
9220		      && (sense_format == SSD_TYPE_FIXED))
9221			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9222			    &lun->pending_sense[initidx],
9223			    (struct scsi_sense_data_fixed *)sense_ptr);
9224		else
9225			memcpy(sense_ptr, &lun->pending_sense[initidx],
9226			       MIN(sizeof(*sense_ptr),
9227			       sizeof(lun->pending_sense[initidx])));
9228
9229		ctl_clear_mask(lun->have_ca, initidx);
9230		have_error = 1;
9231	} else
9232#endif
9233	{
9234		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9235		if (ua_type != CTL_UA_NONE)
9236			have_error = 1;
9237		if (ua_type == CTL_UA_LUN_CHANGE) {
9238			mtx_unlock(&lun->lun_lock);
9239			mtx_lock(&ctl_softc->ctl_lock);
9240			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9241			mtx_unlock(&ctl_softc->ctl_lock);
9242			mtx_lock(&lun->lun_lock);
9243		}
9244
9245	}
9246	mtx_unlock(&lun->lun_lock);
9247
9248	/*
9249	 * We already have a pending error, return it.
9250	 */
9251	if (have_error != 0) {
9252		/*
9253		 * We report the SCSI status as OK, since the status of the
9254		 * request sense command itself is OK.
9255		 * We report 0 for the sense length, because we aren't doing
9256		 * autosense in this case.  We're reporting sense as
9257		 * parameter data.
9258		 */
9259		ctl_set_success(ctsio);
9260		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9261		ctsio->be_move_done = ctl_config_move_done;
9262		ctl_datamove((union ctl_io *)ctsio);
9263		return (CTL_RETVAL_COMPLETE);
9264	}
9265
9266no_sense:
9267
9268	/*
9269	 * No sense information to report, so we report that everything is
9270	 * okay.
9271	 */
9272	ctl_set_sense_data(sense_ptr,
9273			   lun,
9274			   sense_format,
9275			   /*current_error*/ 1,
9276			   /*sense_key*/ SSD_KEY_NO_SENSE,
9277			   /*asc*/ 0x00,
9278			   /*ascq*/ 0x00,
9279			   SSD_ELEM_NONE);
9280
9281	/*
9282	 * We report 0 for the sense length, because we aren't doing
9283	 * autosense in this case.  We're reporting sense as parameter data.
9284	 */
9285	ctl_set_success(ctsio);
9286	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9287	ctsio->be_move_done = ctl_config_move_done;
9288	ctl_datamove((union ctl_io *)ctsio);
9289	return (CTL_RETVAL_COMPLETE);
9290}
9291
9292int
9293ctl_tur(struct ctl_scsiio *ctsio)
9294{
9295
9296	CTL_DEBUG_PRINT(("ctl_tur\n"));
9297
9298	ctl_set_success(ctsio);
9299	ctl_done((union ctl_io *)ctsio);
9300
9301	return (CTL_RETVAL_COMPLETE);
9302}
9303
9304/*
9305 * SCSI VPD page 0x00, the Supported VPD Pages page.
9306 */
9307static int
9308ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9309{
9310	struct scsi_vpd_supported_pages *pages;
9311	int sup_page_size;
9312	struct ctl_lun *lun;
9313	int p;
9314
9315	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9316
9317	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9318	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9319	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9320	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9321	ctsio->kern_sg_entries = 0;
9322
9323	if (sup_page_size < alloc_len) {
9324		ctsio->residual = alloc_len - sup_page_size;
9325		ctsio->kern_data_len = sup_page_size;
9326		ctsio->kern_total_len = sup_page_size;
9327	} else {
9328		ctsio->residual = 0;
9329		ctsio->kern_data_len = alloc_len;
9330		ctsio->kern_total_len = alloc_len;
9331	}
9332	ctsio->kern_data_resid = 0;
9333	ctsio->kern_rel_offset = 0;
9334	ctsio->kern_sg_entries = 0;
9335
9336	/*
9337	 * The control device is always connected.  The disk device, on the
9338	 * other hand, may not be online all the time.  Need to change this
9339	 * to figure out whether the disk device is actually online or not.
9340	 */
9341	if (lun != NULL)
9342		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9343				lun->be_lun->lun_type;
9344	else
9345		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9346
9347	p = 0;
9348	/* Supported VPD pages */
9349	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9350	/* Serial Number */
9351	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9352	/* Device Identification */
9353	pages->page_list[p++] = SVPD_DEVICE_ID;
9354	/* Extended INQUIRY Data */
9355	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9356	/* Mode Page Policy */
9357	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9358	/* SCSI Ports */
9359	pages->page_list[p++] = SVPD_SCSI_PORTS;
9360	/* Third-party Copy */
9361	pages->page_list[p++] = SVPD_SCSI_TPC;
9362	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9363		/* Block limits */
9364		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9365		/* Block Device Characteristics */
9366		pages->page_list[p++] = SVPD_BDC;
9367		/* Logical Block Provisioning */
9368		pages->page_list[p++] = SVPD_LBP;
9369	}
9370	pages->length = p;
9371
9372	ctl_set_success(ctsio);
9373	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9374	ctsio->be_move_done = ctl_config_move_done;
9375	ctl_datamove((union ctl_io *)ctsio);
9376	return (CTL_RETVAL_COMPLETE);
9377}
9378
9379/*
9380 * SCSI VPD page 0x80, the Unit Serial Number page.
9381 */
9382static int
9383ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9384{
9385	struct scsi_vpd_unit_serial_number *sn_ptr;
9386	struct ctl_lun *lun;
9387	int data_len;
9388
9389	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9390
9391	data_len = 4 + CTL_SN_LEN;
9392	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9393	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9394	if (data_len < alloc_len) {
9395		ctsio->residual = alloc_len - data_len;
9396		ctsio->kern_data_len = data_len;
9397		ctsio->kern_total_len = data_len;
9398	} else {
9399		ctsio->residual = 0;
9400		ctsio->kern_data_len = alloc_len;
9401		ctsio->kern_total_len = alloc_len;
9402	}
9403	ctsio->kern_data_resid = 0;
9404	ctsio->kern_rel_offset = 0;
9405	ctsio->kern_sg_entries = 0;
9406
9407	/*
9408	 * The control device is always connected.  The disk device, on the
9409	 * other hand, may not be online all the time.  Need to change this
9410	 * to figure out whether the disk device is actually online or not.
9411	 */
9412	if (lun != NULL)
9413		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9414				  lun->be_lun->lun_type;
9415	else
9416		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9417
9418	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9419	sn_ptr->length = CTL_SN_LEN;
9420	/*
9421	 * If we don't have a LUN, we just leave the serial number as
9422	 * all spaces.
9423	 */
9424	if (lun != NULL) {
9425		strncpy((char *)sn_ptr->serial_num,
9426			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9427	} else
9428		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9429
9430	ctl_set_success(ctsio);
9431	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9432	ctsio->be_move_done = ctl_config_move_done;
9433	ctl_datamove((union ctl_io *)ctsio);
9434	return (CTL_RETVAL_COMPLETE);
9435}
9436
9437
9438/*
9439 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9440 */
9441static int
9442ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9443{
9444	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9445	struct ctl_lun *lun;
9446	int data_len;
9447
9448	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9449
9450	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9451	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9452	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9453	ctsio->kern_sg_entries = 0;
9454
9455	if (data_len < alloc_len) {
9456		ctsio->residual = alloc_len - data_len;
9457		ctsio->kern_data_len = data_len;
9458		ctsio->kern_total_len = data_len;
9459	} else {
9460		ctsio->residual = 0;
9461		ctsio->kern_data_len = alloc_len;
9462		ctsio->kern_total_len = alloc_len;
9463	}
9464	ctsio->kern_data_resid = 0;
9465	ctsio->kern_rel_offset = 0;
9466	ctsio->kern_sg_entries = 0;
9467
9468	/*
9469	 * The control device is always connected.  The disk device, on the
9470	 * other hand, may not be online all the time.
9471	 */
9472	if (lun != NULL)
9473		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9474				     lun->be_lun->lun_type;
9475	else
9476		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9477	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9478	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9479	/*
9480	 * We support head of queue, ordered and simple tags.
9481	 */
9482	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9483	/*
9484	 * Volatile cache supported.
9485	 */
9486	eid_ptr->flags3 = SVPD_EID_V_SUP;
9487
9488	/*
9489	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9490	 * attention for a particular IT nexus on all LUNs once we report
9491	 * it to that nexus once.  This bit is required as of SPC-4.
9492	 */
9493	eid_ptr->flags4 = SVPD_EID_LUICLT;
9494
9495	/*
9496	 * XXX KDM in order to correctly answer this, we would need
9497	 * information from the SIM to determine how much sense data it
9498	 * can send.  So this would really be a path inquiry field, most
9499	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9500	 * but the hardware may or may not be able to support that much.
9501	 * 0 just means that the maximum sense data length is not reported.
9502	 */
9503	eid_ptr->max_sense_length = 0;
9504
9505	ctl_set_success(ctsio);
9506	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9507	ctsio->be_move_done = ctl_config_move_done;
9508	ctl_datamove((union ctl_io *)ctsio);
9509	return (CTL_RETVAL_COMPLETE);
9510}
9511
9512static int
9513ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9514{
9515	struct scsi_vpd_mode_page_policy *mpp_ptr;
9516	struct ctl_lun *lun;
9517	int data_len;
9518
9519	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9520
9521	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9522	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9523
9524	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9525	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9526	ctsio->kern_sg_entries = 0;
9527
9528	if (data_len < alloc_len) {
9529		ctsio->residual = alloc_len - data_len;
9530		ctsio->kern_data_len = data_len;
9531		ctsio->kern_total_len = data_len;
9532	} else {
9533		ctsio->residual = 0;
9534		ctsio->kern_data_len = alloc_len;
9535		ctsio->kern_total_len = alloc_len;
9536	}
9537	ctsio->kern_data_resid = 0;
9538	ctsio->kern_rel_offset = 0;
9539	ctsio->kern_sg_entries = 0;
9540
9541	/*
9542	 * The control device is always connected.  The disk device, on the
9543	 * other hand, may not be online all the time.
9544	 */
9545	if (lun != NULL)
9546		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9547				     lun->be_lun->lun_type;
9548	else
9549		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9550	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9551	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9552	mpp_ptr->descr[0].page_code = 0x3f;
9553	mpp_ptr->descr[0].subpage_code = 0xff;
9554	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9555
9556	ctl_set_success(ctsio);
9557	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9558	ctsio->be_move_done = ctl_config_move_done;
9559	ctl_datamove((union ctl_io *)ctsio);
9560	return (CTL_RETVAL_COMPLETE);
9561}
9562
9563/*
9564 * SCSI VPD page 0x83, the Device Identification page.
9565 */
9566static int
9567ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9568{
9569	struct scsi_vpd_device_id *devid_ptr;
9570	struct scsi_vpd_id_descriptor *desc;
9571	struct ctl_softc *softc;
9572	struct ctl_lun *lun;
9573	struct ctl_port *port;
9574	int data_len;
9575	uint8_t proto;
9576
9577	softc = control_softc;
9578
9579	port = ctl_io_port(&ctsio->io_hdr);
9580	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9581
9582	data_len = sizeof(struct scsi_vpd_device_id) +
9583	    sizeof(struct scsi_vpd_id_descriptor) +
9584		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9585	    sizeof(struct scsi_vpd_id_descriptor) +
9586		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9587	if (lun && lun->lun_devid)
9588		data_len += lun->lun_devid->len;
9589	if (port && port->port_devid)
9590		data_len += port->port_devid->len;
9591	if (port && port->target_devid)
9592		data_len += port->target_devid->len;
9593
9594	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9595	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9596	ctsio->kern_sg_entries = 0;
9597
9598	if (data_len < alloc_len) {
9599		ctsio->residual = alloc_len - data_len;
9600		ctsio->kern_data_len = data_len;
9601		ctsio->kern_total_len = data_len;
9602	} else {
9603		ctsio->residual = 0;
9604		ctsio->kern_data_len = alloc_len;
9605		ctsio->kern_total_len = alloc_len;
9606	}
9607	ctsio->kern_data_resid = 0;
9608	ctsio->kern_rel_offset = 0;
9609	ctsio->kern_sg_entries = 0;
9610
9611	/*
9612	 * The control device is always connected.  The disk device, on the
9613	 * other hand, may not be online all the time.
9614	 */
9615	if (lun != NULL)
9616		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9617				     lun->be_lun->lun_type;
9618	else
9619		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9620	devid_ptr->page_code = SVPD_DEVICE_ID;
9621	scsi_ulto2b(data_len - 4, devid_ptr->length);
9622
9623	if (port && port->port_type == CTL_PORT_FC)
9624		proto = SCSI_PROTO_FC << 4;
9625	else if (port && port->port_type == CTL_PORT_ISCSI)
9626		proto = SCSI_PROTO_ISCSI << 4;
9627	else
9628		proto = SCSI_PROTO_SPI << 4;
9629	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9630
9631	/*
9632	 * We're using a LUN association here.  i.e., this device ID is a
9633	 * per-LUN identifier.
9634	 */
9635	if (lun && lun->lun_devid) {
9636		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9637		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9638		    lun->lun_devid->len);
9639	}
9640
9641	/*
9642	 * This is for the WWPN which is a port association.
9643	 */
9644	if (port && port->port_devid) {
9645		memcpy(desc, port->port_devid->data, port->port_devid->len);
9646		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9647		    port->port_devid->len);
9648	}
9649
9650	/*
9651	 * This is for the Relative Target Port(type 4h) identifier
9652	 */
9653	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9654	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9655	    SVPD_ID_TYPE_RELTARG;
9656	desc->length = 4;
9657	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9658	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9659	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9660
9661	/*
9662	 * This is for the Target Port Group(type 5h) identifier
9663	 */
9664	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9665	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9666	    SVPD_ID_TYPE_TPORTGRP;
9667	desc->length = 4;
9668	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9669	    &desc->identifier[2]);
9670	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9671	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9672
9673	/*
9674	 * This is for the Target identifier
9675	 */
9676	if (port && port->target_devid) {
9677		memcpy(desc, port->target_devid->data, port->target_devid->len);
9678	}
9679
9680	ctl_set_success(ctsio);
9681	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9682	ctsio->be_move_done = ctl_config_move_done;
9683	ctl_datamove((union ctl_io *)ctsio);
9684	return (CTL_RETVAL_COMPLETE);
9685}
9686
9687static int
9688ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9689{
9690	struct ctl_softc *softc = control_softc;
9691	struct scsi_vpd_scsi_ports *sp;
9692	struct scsi_vpd_port_designation *pd;
9693	struct scsi_vpd_port_designation_cont *pdc;
9694	struct ctl_lun *lun;
9695	struct ctl_port *port;
9696	int data_len, num_target_ports, iid_len, id_len;
9697
9698	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9699
9700	num_target_ports = 0;
9701	iid_len = 0;
9702	id_len = 0;
9703	mtx_lock(&softc->ctl_lock);
9704	STAILQ_FOREACH(port, &softc->port_list, links) {
9705		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9706			continue;
9707		if (lun != NULL &&
9708		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9709			continue;
9710		num_target_ports++;
9711		if (port->init_devid)
9712			iid_len += port->init_devid->len;
9713		if (port->port_devid)
9714			id_len += port->port_devid->len;
9715	}
9716	mtx_unlock(&softc->ctl_lock);
9717
9718	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9719	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9720	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9721	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9722	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9723	ctsio->kern_sg_entries = 0;
9724
9725	if (data_len < alloc_len) {
9726		ctsio->residual = alloc_len - data_len;
9727		ctsio->kern_data_len = data_len;
9728		ctsio->kern_total_len = data_len;
9729	} else {
9730		ctsio->residual = 0;
9731		ctsio->kern_data_len = alloc_len;
9732		ctsio->kern_total_len = alloc_len;
9733	}
9734	ctsio->kern_data_resid = 0;
9735	ctsio->kern_rel_offset = 0;
9736	ctsio->kern_sg_entries = 0;
9737
9738	/*
9739	 * The control device is always connected.  The disk device, on the
9740	 * other hand, may not be online all the time.  Need to change this
9741	 * to figure out whether the disk device is actually online or not.
9742	 */
9743	if (lun != NULL)
9744		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9745				  lun->be_lun->lun_type;
9746	else
9747		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9748
9749	sp->page_code = SVPD_SCSI_PORTS;
9750	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9751	    sp->page_length);
9752	pd = &sp->design[0];
9753
9754	mtx_lock(&softc->ctl_lock);
9755	STAILQ_FOREACH(port, &softc->port_list, links) {
9756		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9757			continue;
9758		if (lun != NULL &&
9759		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9760			continue;
9761		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9762		if (port->init_devid) {
9763			iid_len = port->init_devid->len;
9764			memcpy(pd->initiator_transportid,
9765			    port->init_devid->data, port->init_devid->len);
9766		} else
9767			iid_len = 0;
9768		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9769		pdc = (struct scsi_vpd_port_designation_cont *)
9770		    (&pd->initiator_transportid[iid_len]);
9771		if (port->port_devid) {
9772			id_len = port->port_devid->len;
9773			memcpy(pdc->target_port_descriptors,
9774			    port->port_devid->data, port->port_devid->len);
9775		} else
9776			id_len = 0;
9777		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9778		pd = (struct scsi_vpd_port_designation *)
9779		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9780	}
9781	mtx_unlock(&softc->ctl_lock);
9782
9783	ctl_set_success(ctsio);
9784	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9785	ctsio->be_move_done = ctl_config_move_done;
9786	ctl_datamove((union ctl_io *)ctsio);
9787	return (CTL_RETVAL_COMPLETE);
9788}
9789
9790static int
9791ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9792{
9793	struct scsi_vpd_block_limits *bl_ptr;
9794	struct ctl_lun *lun;
9795	int bs;
9796
9797	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9798
9799	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9800	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9801	ctsio->kern_sg_entries = 0;
9802
9803	if (sizeof(*bl_ptr) < alloc_len) {
9804		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9805		ctsio->kern_data_len = sizeof(*bl_ptr);
9806		ctsio->kern_total_len = sizeof(*bl_ptr);
9807	} else {
9808		ctsio->residual = 0;
9809		ctsio->kern_data_len = alloc_len;
9810		ctsio->kern_total_len = alloc_len;
9811	}
9812	ctsio->kern_data_resid = 0;
9813	ctsio->kern_rel_offset = 0;
9814	ctsio->kern_sg_entries = 0;
9815
9816	/*
9817	 * The control device is always connected.  The disk device, on the
9818	 * other hand, may not be online all the time.  Need to change this
9819	 * to figure out whether the disk device is actually online or not.
9820	 */
9821	if (lun != NULL)
9822		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9823				  lun->be_lun->lun_type;
9824	else
9825		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9826
9827	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9828	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9829	bl_ptr->max_cmp_write_len = 0xff;
9830	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9831	if (lun != NULL) {
9832		bs = lun->be_lun->blocksize;
9833		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9834		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9835			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9836			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9837			if (lun->be_lun->ublockexp != 0) {
9838				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9839				    bl_ptr->opt_unmap_grain);
9840				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9841				    bl_ptr->unmap_grain_align);
9842			}
9843		}
9844		scsi_ulto4b(lun->be_lun->atomicblock,
9845		    bl_ptr->max_atomic_transfer_length);
9846		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9847		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9848	}
9849	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9850
9851	ctl_set_success(ctsio);
9852	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9853	ctsio->be_move_done = ctl_config_move_done;
9854	ctl_datamove((union ctl_io *)ctsio);
9855	return (CTL_RETVAL_COMPLETE);
9856}
9857
9858static int
9859ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9860{
9861	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9862	struct ctl_lun *lun;
9863	const char *value;
9864	u_int i;
9865
9866	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9867
9868	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9869	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9870	ctsio->kern_sg_entries = 0;
9871
9872	if (sizeof(*bdc_ptr) < alloc_len) {
9873		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9874		ctsio->kern_data_len = sizeof(*bdc_ptr);
9875		ctsio->kern_total_len = sizeof(*bdc_ptr);
9876	} else {
9877		ctsio->residual = 0;
9878		ctsio->kern_data_len = alloc_len;
9879		ctsio->kern_total_len = alloc_len;
9880	}
9881	ctsio->kern_data_resid = 0;
9882	ctsio->kern_rel_offset = 0;
9883	ctsio->kern_sg_entries = 0;
9884
9885	/*
9886	 * The control device is always connected.  The disk device, on the
9887	 * other hand, may not be online all the time.  Need to change this
9888	 * to figure out whether the disk device is actually online or not.
9889	 */
9890	if (lun != NULL)
9891		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9892				  lun->be_lun->lun_type;
9893	else
9894		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9895	bdc_ptr->page_code = SVPD_BDC;
9896	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9897	if (lun != NULL &&
9898	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9899		i = strtol(value, NULL, 0);
9900	else
9901		i = CTL_DEFAULT_ROTATION_RATE;
9902	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9903	if (lun != NULL &&
9904	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9905		i = strtol(value, NULL, 0);
9906	else
9907		i = 0;
9908	bdc_ptr->wab_wac_ff = (i & 0x0f);
9909	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9910
9911	ctl_set_success(ctsio);
9912	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9913	ctsio->be_move_done = ctl_config_move_done;
9914	ctl_datamove((union ctl_io *)ctsio);
9915	return (CTL_RETVAL_COMPLETE);
9916}
9917
9918static int
9919ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9920{
9921	struct scsi_vpd_logical_block_prov *lbp_ptr;
9922	struct ctl_lun *lun;
9923
9924	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9925
9926	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9927	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9928	ctsio->kern_sg_entries = 0;
9929
9930	if (sizeof(*lbp_ptr) < alloc_len) {
9931		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9932		ctsio->kern_data_len = sizeof(*lbp_ptr);
9933		ctsio->kern_total_len = sizeof(*lbp_ptr);
9934	} else {
9935		ctsio->residual = 0;
9936		ctsio->kern_data_len = alloc_len;
9937		ctsio->kern_total_len = alloc_len;
9938	}
9939	ctsio->kern_data_resid = 0;
9940	ctsio->kern_rel_offset = 0;
9941	ctsio->kern_sg_entries = 0;
9942
9943	/*
9944	 * The control device is always connected.  The disk device, on the
9945	 * other hand, may not be online all the time.  Need to change this
9946	 * to figure out whether the disk device is actually online or not.
9947	 */
9948	if (lun != NULL)
9949		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9950				  lun->be_lun->lun_type;
9951	else
9952		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9953
9954	lbp_ptr->page_code = SVPD_LBP;
9955	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9956	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9957	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9958		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9959		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9960		lbp_ptr->prov_type = SVPD_LBP_THIN;
9961	}
9962
9963	ctl_set_success(ctsio);
9964	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9965	ctsio->be_move_done = ctl_config_move_done;
9966	ctl_datamove((union ctl_io *)ctsio);
9967	return (CTL_RETVAL_COMPLETE);
9968}
9969
9970/*
9971 * INQUIRY with the EVPD bit set.
9972 */
9973static int
9974ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9975{
9976	struct ctl_lun *lun;
9977	struct scsi_inquiry *cdb;
9978	int alloc_len, retval;
9979
9980	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9981	cdb = (struct scsi_inquiry *)ctsio->cdb;
9982	alloc_len = scsi_2btoul(cdb->length);
9983
9984	switch (cdb->page_code) {
9985	case SVPD_SUPPORTED_PAGES:
9986		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9987		break;
9988	case SVPD_UNIT_SERIAL_NUMBER:
9989		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9990		break;
9991	case SVPD_DEVICE_ID:
9992		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9993		break;
9994	case SVPD_EXTENDED_INQUIRY_DATA:
9995		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9996		break;
9997	case SVPD_MODE_PAGE_POLICY:
9998		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9999		break;
10000	case SVPD_SCSI_PORTS:
10001		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10002		break;
10003	case SVPD_SCSI_TPC:
10004		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10005		break;
10006	case SVPD_BLOCK_LIMITS:
10007		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10008			goto err;
10009		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10010		break;
10011	case SVPD_BDC:
10012		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10013			goto err;
10014		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10015		break;
10016	case SVPD_LBP:
10017		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10018			goto err;
10019		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10020		break;
10021	default:
10022err:
10023		ctl_set_invalid_field(ctsio,
10024				      /*sks_valid*/ 1,
10025				      /*command*/ 1,
10026				      /*field*/ 2,
10027				      /*bit_valid*/ 0,
10028				      /*bit*/ 0);
10029		ctl_done((union ctl_io *)ctsio);
10030		retval = CTL_RETVAL_COMPLETE;
10031		break;
10032	}
10033
10034	return (retval);
10035}
10036
10037/*
10038 * Standard INQUIRY data.
10039 */
10040static int
10041ctl_inquiry_std(struct ctl_scsiio *ctsio)
10042{
10043	struct scsi_inquiry_data *inq_ptr;
10044	struct scsi_inquiry *cdb;
10045	struct ctl_softc *softc;
10046	struct ctl_port *port;
10047	struct ctl_lun *lun;
10048	char *val;
10049	uint32_t alloc_len, data_len;
10050	ctl_port_type port_type;
10051
10052	softc = control_softc;
10053
10054	/*
10055	 * Figure out whether we're talking to a Fibre Channel port or not.
10056	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10057	 * SCSI front ends.
10058	 */
10059	port = ctl_io_port(&ctsio->io_hdr);
10060	if (port != NULL)
10061		port_type = port->port_type;
10062	else
10063		port_type = CTL_PORT_SCSI;
10064	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10065		port_type = CTL_PORT_SCSI;
10066
10067	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10068	cdb = (struct scsi_inquiry *)ctsio->cdb;
10069	alloc_len = scsi_2btoul(cdb->length);
10070
10071	/*
10072	 * We malloc the full inquiry data size here and fill it
10073	 * in.  If the user only asks for less, we'll give him
10074	 * that much.
10075	 */
10076	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10077	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10078	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10079	ctsio->kern_sg_entries = 0;
10080	ctsio->kern_data_resid = 0;
10081	ctsio->kern_rel_offset = 0;
10082
10083	if (data_len < alloc_len) {
10084		ctsio->residual = alloc_len - data_len;
10085		ctsio->kern_data_len = data_len;
10086		ctsio->kern_total_len = data_len;
10087	} else {
10088		ctsio->residual = 0;
10089		ctsio->kern_data_len = alloc_len;
10090		ctsio->kern_total_len = alloc_len;
10091	}
10092
10093	if (lun != NULL) {
10094		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10095		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10096			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10097			    lun->be_lun->lun_type;
10098		} else {
10099			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10100			    lun->be_lun->lun_type;
10101		}
10102	} else
10103		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10104
10105	/* RMB in byte 2 is 0 */
10106	inq_ptr->version = SCSI_REV_SPC4;
10107
10108	/*
10109	 * According to SAM-3, even if a device only supports a single
10110	 * level of LUN addressing, it should still set the HISUP bit:
10111	 *
10112	 * 4.9.1 Logical unit numbers overview
10113	 *
10114	 * All logical unit number formats described in this standard are
10115	 * hierarchical in structure even when only a single level in that
10116	 * hierarchy is used. The HISUP bit shall be set to one in the
10117	 * standard INQUIRY data (see SPC-2) when any logical unit number
10118	 * format described in this standard is used.  Non-hierarchical
10119	 * formats are outside the scope of this standard.
10120	 *
10121	 * Therefore we set the HiSup bit here.
10122	 *
10123	 * The reponse format is 2, per SPC-3.
10124	 */
10125	inq_ptr->response_format = SID_HiSup | 2;
10126
10127	inq_ptr->additional_length = data_len -
10128	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10129	CTL_DEBUG_PRINT(("additional_length = %d\n",
10130			 inq_ptr->additional_length));
10131
10132	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10133	/* 16 bit addressing */
10134	if (port_type == CTL_PORT_SCSI)
10135		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10136	/* XXX set the SID_MultiP bit here if we're actually going to
10137	   respond on multiple ports */
10138	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10139
10140	/* 16 bit data bus, synchronous transfers */
10141	if (port_type == CTL_PORT_SCSI)
10142		inq_ptr->flags = SID_WBus16 | SID_Sync;
10143	/*
10144	 * XXX KDM do we want to support tagged queueing on the control
10145	 * device at all?
10146	 */
10147	if ((lun == NULL)
10148	 || (lun->be_lun->lun_type != T_PROCESSOR))
10149		inq_ptr->flags |= SID_CmdQue;
10150	/*
10151	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10152	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10153	 * name and 4 bytes for the revision.
10154	 */
10155	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10156	    "vendor")) == NULL) {
10157		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10158	} else {
10159		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10160		strncpy(inq_ptr->vendor, val,
10161		    min(sizeof(inq_ptr->vendor), strlen(val)));
10162	}
10163	if (lun == NULL) {
10164		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10165		    sizeof(inq_ptr->product));
10166	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10167		switch (lun->be_lun->lun_type) {
10168		case T_DIRECT:
10169			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10170			    sizeof(inq_ptr->product));
10171			break;
10172		case T_PROCESSOR:
10173			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10174			    sizeof(inq_ptr->product));
10175			break;
10176		default:
10177			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10178			    sizeof(inq_ptr->product));
10179			break;
10180		}
10181	} else {
10182		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10183		strncpy(inq_ptr->product, val,
10184		    min(sizeof(inq_ptr->product), strlen(val)));
10185	}
10186
10187	/*
10188	 * XXX make this a macro somewhere so it automatically gets
10189	 * incremented when we make changes.
10190	 */
10191	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10192	    "revision")) == NULL) {
10193		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10194	} else {
10195		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10196		strncpy(inq_ptr->revision, val,
10197		    min(sizeof(inq_ptr->revision), strlen(val)));
10198	}
10199
10200	/*
10201	 * For parallel SCSI, we support double transition and single
10202	 * transition clocking.  We also support QAS (Quick Arbitration
10203	 * and Selection) and Information Unit transfers on both the
10204	 * control and array devices.
10205	 */
10206	if (port_type == CTL_PORT_SCSI)
10207		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10208				    SID_SPI_IUS;
10209
10210	/* SAM-5 (no version claimed) */
10211	scsi_ulto2b(0x00A0, inq_ptr->version1);
10212	/* SPC-4 (no version claimed) */
10213	scsi_ulto2b(0x0460, inq_ptr->version2);
10214	if (port_type == CTL_PORT_FC) {
10215		/* FCP-2 ANSI INCITS.350:2003 */
10216		scsi_ulto2b(0x0917, inq_ptr->version3);
10217	} else if (port_type == CTL_PORT_SCSI) {
10218		/* SPI-4 ANSI INCITS.362:200x */
10219		scsi_ulto2b(0x0B56, inq_ptr->version3);
10220	} else if (port_type == CTL_PORT_ISCSI) {
10221		/* iSCSI (no version claimed) */
10222		scsi_ulto2b(0x0960, inq_ptr->version3);
10223	} else if (port_type == CTL_PORT_SAS) {
10224		/* SAS (no version claimed) */
10225		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10226	}
10227
10228	if (lun == NULL) {
10229		/* SBC-4 (no version claimed) */
10230		scsi_ulto2b(0x0600, inq_ptr->version4);
10231	} else {
10232		switch (lun->be_lun->lun_type) {
10233		case T_DIRECT:
10234			/* SBC-4 (no version claimed) */
10235			scsi_ulto2b(0x0600, inq_ptr->version4);
10236			break;
10237		case T_PROCESSOR:
10238		default:
10239			break;
10240		}
10241	}
10242
10243	ctl_set_success(ctsio);
10244	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10245	ctsio->be_move_done = ctl_config_move_done;
10246	ctl_datamove((union ctl_io *)ctsio);
10247	return (CTL_RETVAL_COMPLETE);
10248}
10249
10250int
10251ctl_inquiry(struct ctl_scsiio *ctsio)
10252{
10253	struct scsi_inquiry *cdb;
10254	int retval;
10255
10256	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10257
10258	cdb = (struct scsi_inquiry *)ctsio->cdb;
10259	if (cdb->byte2 & SI_EVPD)
10260		retval = ctl_inquiry_evpd(ctsio);
10261	else if (cdb->page_code == 0)
10262		retval = ctl_inquiry_std(ctsio);
10263	else {
10264		ctl_set_invalid_field(ctsio,
10265				      /*sks_valid*/ 1,
10266				      /*command*/ 1,
10267				      /*field*/ 2,
10268				      /*bit_valid*/ 0,
10269				      /*bit*/ 0);
10270		ctl_done((union ctl_io *)ctsio);
10271		return (CTL_RETVAL_COMPLETE);
10272	}
10273
10274	return (retval);
10275}
10276
10277/*
10278 * For known CDB types, parse the LBA and length.
10279 */
10280static int
10281ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10282{
10283	if (io->io_hdr.io_type != CTL_IO_SCSI)
10284		return (1);
10285
10286	switch (io->scsiio.cdb[0]) {
10287	case COMPARE_AND_WRITE: {
10288		struct scsi_compare_and_write *cdb;
10289
10290		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10291
10292		*lba = scsi_8btou64(cdb->addr);
10293		*len = cdb->length;
10294		break;
10295	}
10296	case READ_6:
10297	case WRITE_6: {
10298		struct scsi_rw_6 *cdb;
10299
10300		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10301
10302		*lba = scsi_3btoul(cdb->addr);
10303		/* only 5 bits are valid in the most significant address byte */
10304		*lba &= 0x1fffff;
10305		*len = cdb->length;
10306		break;
10307	}
10308	case READ_10:
10309	case WRITE_10: {
10310		struct scsi_rw_10 *cdb;
10311
10312		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10313
10314		*lba = scsi_4btoul(cdb->addr);
10315		*len = scsi_2btoul(cdb->length);
10316		break;
10317	}
10318	case WRITE_VERIFY_10: {
10319		struct scsi_write_verify_10 *cdb;
10320
10321		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10322
10323		*lba = scsi_4btoul(cdb->addr);
10324		*len = scsi_2btoul(cdb->length);
10325		break;
10326	}
10327	case READ_12:
10328	case WRITE_12: {
10329		struct scsi_rw_12 *cdb;
10330
10331		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10332
10333		*lba = scsi_4btoul(cdb->addr);
10334		*len = scsi_4btoul(cdb->length);
10335		break;
10336	}
10337	case WRITE_VERIFY_12: {
10338		struct scsi_write_verify_12 *cdb;
10339
10340		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10341
10342		*lba = scsi_4btoul(cdb->addr);
10343		*len = scsi_4btoul(cdb->length);
10344		break;
10345	}
10346	case READ_16:
10347	case WRITE_16:
10348	case WRITE_ATOMIC_16: {
10349		struct scsi_rw_16 *cdb;
10350
10351		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10352
10353		*lba = scsi_8btou64(cdb->addr);
10354		*len = scsi_4btoul(cdb->length);
10355		break;
10356	}
10357	case WRITE_VERIFY_16: {
10358		struct scsi_write_verify_16 *cdb;
10359
10360		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10361
10362		*lba = scsi_8btou64(cdb->addr);
10363		*len = scsi_4btoul(cdb->length);
10364		break;
10365	}
10366	case WRITE_SAME_10: {
10367		struct scsi_write_same_10 *cdb;
10368
10369		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10370
10371		*lba = scsi_4btoul(cdb->addr);
10372		*len = scsi_2btoul(cdb->length);
10373		break;
10374	}
10375	case WRITE_SAME_16: {
10376		struct scsi_write_same_16 *cdb;
10377
10378		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10379
10380		*lba = scsi_8btou64(cdb->addr);
10381		*len = scsi_4btoul(cdb->length);
10382		break;
10383	}
10384	case VERIFY_10: {
10385		struct scsi_verify_10 *cdb;
10386
10387		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10388
10389		*lba = scsi_4btoul(cdb->addr);
10390		*len = scsi_2btoul(cdb->length);
10391		break;
10392	}
10393	case VERIFY_12: {
10394		struct scsi_verify_12 *cdb;
10395
10396		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10397
10398		*lba = scsi_4btoul(cdb->addr);
10399		*len = scsi_4btoul(cdb->length);
10400		break;
10401	}
10402	case VERIFY_16: {
10403		struct scsi_verify_16 *cdb;
10404
10405		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10406
10407		*lba = scsi_8btou64(cdb->addr);
10408		*len = scsi_4btoul(cdb->length);
10409		break;
10410	}
10411	case UNMAP: {
10412		*lba = 0;
10413		*len = UINT64_MAX;
10414		break;
10415	}
10416	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10417		struct scsi_get_lba_status *cdb;
10418
10419		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10420		*lba = scsi_8btou64(cdb->addr);
10421		*len = UINT32_MAX;
10422		break;
10423	}
10424	default:
10425		return (1);
10426		break; /* NOTREACHED */
10427	}
10428
10429	return (0);
10430}
10431
10432static ctl_action
10433ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10434    bool seq)
10435{
10436	uint64_t endlba1, endlba2;
10437
10438	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10439	endlba2 = lba2 + len2 - 1;
10440
10441	if ((endlba1 < lba2) || (endlba2 < lba1))
10442		return (CTL_ACTION_PASS);
10443	else
10444		return (CTL_ACTION_BLOCK);
10445}
10446
10447static int
10448ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10449{
10450	struct ctl_ptr_len_flags *ptrlen;
10451	struct scsi_unmap_desc *buf, *end, *range;
10452	uint64_t lba;
10453	uint32_t len;
10454
10455	/* If not UNMAP -- go other way. */
10456	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10457	    io->scsiio.cdb[0] != UNMAP)
10458		return (CTL_ACTION_ERROR);
10459
10460	/* If UNMAP without data -- block and wait for data. */
10461	ptrlen = (struct ctl_ptr_len_flags *)
10462	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10463	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10464	    ptrlen->ptr == NULL)
10465		return (CTL_ACTION_BLOCK);
10466
10467	/* UNMAP with data -- check for collision. */
10468	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10469	end = buf + ptrlen->len / sizeof(*buf);
10470	for (range = buf; range < end; range++) {
10471		lba = scsi_8btou64(range->lba);
10472		len = scsi_4btoul(range->length);
10473		if ((lba < lba2 + len2) && (lba + len > lba2))
10474			return (CTL_ACTION_BLOCK);
10475	}
10476	return (CTL_ACTION_PASS);
10477}
10478
10479static ctl_action
10480ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10481{
10482	uint64_t lba1, lba2;
10483	uint64_t len1, len2;
10484	int retval;
10485
10486	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10487		return (CTL_ACTION_ERROR);
10488
10489	retval = ctl_extent_check_unmap(io1, lba2, len2);
10490	if (retval != CTL_ACTION_ERROR)
10491		return (retval);
10492
10493	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10494		return (CTL_ACTION_ERROR);
10495
10496	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10497}
10498
10499static ctl_action
10500ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10501{
10502	uint64_t lba1, lba2;
10503	uint64_t len1, len2;
10504
10505	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10506		return (CTL_ACTION_ERROR);
10507	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10508		return (CTL_ACTION_ERROR);
10509
10510	if (lba1 + len1 == lba2)
10511		return (CTL_ACTION_BLOCK);
10512	return (CTL_ACTION_PASS);
10513}
10514
10515static ctl_action
10516ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10517    union ctl_io *ooa_io)
10518{
10519	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10520	ctl_serialize_action *serialize_row;
10521
10522	/*
10523	 * The initiator attempted multiple untagged commands at the same
10524	 * time.  Can't do that.
10525	 */
10526	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10527	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10528	 && ((pending_io->io_hdr.nexus.targ_port ==
10529	      ooa_io->io_hdr.nexus.targ_port)
10530	  && (pending_io->io_hdr.nexus.initid ==
10531	      ooa_io->io_hdr.nexus.initid))
10532	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10533	      CTL_FLAG_STATUS_SENT)) == 0))
10534		return (CTL_ACTION_OVERLAP);
10535
10536	/*
10537	 * The initiator attempted to send multiple tagged commands with
10538	 * the same ID.  (It's fine if different initiators have the same
10539	 * tag ID.)
10540	 *
10541	 * Even if all of those conditions are true, we don't kill the I/O
10542	 * if the command ahead of us has been aborted.  We won't end up
10543	 * sending it to the FETD, and it's perfectly legal to resend a
10544	 * command with the same tag number as long as the previous
10545	 * instance of this tag number has been aborted somehow.
10546	 */
10547	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10548	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10549	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10550	 && ((pending_io->io_hdr.nexus.targ_port ==
10551	      ooa_io->io_hdr.nexus.targ_port)
10552	  && (pending_io->io_hdr.nexus.initid ==
10553	      ooa_io->io_hdr.nexus.initid))
10554	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10555	      CTL_FLAG_STATUS_SENT)) == 0))
10556		return (CTL_ACTION_OVERLAP_TAG);
10557
10558	/*
10559	 * If we get a head of queue tag, SAM-3 says that we should
10560	 * immediately execute it.
10561	 *
10562	 * What happens if this command would normally block for some other
10563	 * reason?  e.g. a request sense with a head of queue tag
10564	 * immediately after a write.  Normally that would block, but this
10565	 * will result in its getting executed immediately...
10566	 *
10567	 * We currently return "pass" instead of "skip", so we'll end up
10568	 * going through the rest of the queue to check for overlapped tags.
10569	 *
10570	 * XXX KDM check for other types of blockage first??
10571	 */
10572	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10573		return (CTL_ACTION_PASS);
10574
10575	/*
10576	 * Ordered tags have to block until all items ahead of them
10577	 * have completed.  If we get called with an ordered tag, we always
10578	 * block, if something else is ahead of us in the queue.
10579	 */
10580	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10581		return (CTL_ACTION_BLOCK);
10582
10583	/*
10584	 * Simple tags get blocked until all head of queue and ordered tags
10585	 * ahead of them have completed.  I'm lumping untagged commands in
10586	 * with simple tags here.  XXX KDM is that the right thing to do?
10587	 */
10588	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10589	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10590	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10591	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10592		return (CTL_ACTION_BLOCK);
10593
10594	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10595	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10596
10597	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10598
10599	switch (serialize_row[pending_entry->seridx]) {
10600	case CTL_SER_BLOCK:
10601		return (CTL_ACTION_BLOCK);
10602	case CTL_SER_EXTENT:
10603		return (ctl_extent_check(ooa_io, pending_io,
10604		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10605	case CTL_SER_EXTENTOPT:
10606		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10607		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10608			return (ctl_extent_check(ooa_io, pending_io,
10609			    (lun->be_lun &&
10610			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10611		return (CTL_ACTION_PASS);
10612	case CTL_SER_EXTENTSEQ:
10613		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10614			return (ctl_extent_check_seq(ooa_io, pending_io));
10615		return (CTL_ACTION_PASS);
10616	case CTL_SER_PASS:
10617		return (CTL_ACTION_PASS);
10618	case CTL_SER_BLOCKOPT:
10619		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10620		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10621			return (CTL_ACTION_BLOCK);
10622		return (CTL_ACTION_PASS);
10623	case CTL_SER_SKIP:
10624		return (CTL_ACTION_SKIP);
10625	default:
10626		panic("invalid serialization value %d",
10627		      serialize_row[pending_entry->seridx]);
10628	}
10629
10630	return (CTL_ACTION_ERROR);
10631}
10632
10633/*
10634 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10635 * Assumptions:
10636 * - pending_io is generally either incoming, or on the blocked queue
10637 * - starting I/O is the I/O we want to start the check with.
10638 */
10639static ctl_action
10640ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10641	      union ctl_io *starting_io)
10642{
10643	union ctl_io *ooa_io;
10644	ctl_action action;
10645
10646	mtx_assert(&lun->lun_lock, MA_OWNED);
10647
10648	/*
10649	 * Run back along the OOA queue, starting with the current
10650	 * blocked I/O and going through every I/O before it on the
10651	 * queue.  If starting_io is NULL, we'll just end up returning
10652	 * CTL_ACTION_PASS.
10653	 */
10654	for (ooa_io = starting_io; ooa_io != NULL;
10655	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10656	     ooa_links)){
10657
10658		/*
10659		 * This routine just checks to see whether
10660		 * cur_blocked is blocked by ooa_io, which is ahead
10661		 * of it in the queue.  It doesn't queue/dequeue
10662		 * cur_blocked.
10663		 */
10664		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10665		switch (action) {
10666		case CTL_ACTION_BLOCK:
10667		case CTL_ACTION_OVERLAP:
10668		case CTL_ACTION_OVERLAP_TAG:
10669		case CTL_ACTION_SKIP:
10670		case CTL_ACTION_ERROR:
10671			return (action);
10672			break; /* NOTREACHED */
10673		case CTL_ACTION_PASS:
10674			break;
10675		default:
10676			panic("invalid action %d", action);
10677			break;  /* NOTREACHED */
10678		}
10679	}
10680
10681	return (CTL_ACTION_PASS);
10682}
10683
10684/*
10685 * Assumptions:
10686 * - An I/O has just completed, and has been removed from the per-LUN OOA
10687 *   queue, so some items on the blocked queue may now be unblocked.
10688 */
10689static int
10690ctl_check_blocked(struct ctl_lun *lun)
10691{
10692	struct ctl_softc *softc = lun->ctl_softc;
10693	union ctl_io *cur_blocked, *next_blocked;
10694
10695	mtx_assert(&lun->lun_lock, MA_OWNED);
10696
10697	/*
10698	 * Run forward from the head of the blocked queue, checking each
10699	 * entry against the I/Os prior to it on the OOA queue to see if
10700	 * there is still any blockage.
10701	 *
10702	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10703	 * with our removing a variable on it while it is traversing the
10704	 * list.
10705	 */
10706	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10707	     cur_blocked != NULL; cur_blocked = next_blocked) {
10708		union ctl_io *prev_ooa;
10709		ctl_action action;
10710
10711		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10712							  blocked_links);
10713
10714		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10715						      ctl_ooaq, ooa_links);
10716
10717		/*
10718		 * If cur_blocked happens to be the first item in the OOA
10719		 * queue now, prev_ooa will be NULL, and the action
10720		 * returned will just be CTL_ACTION_PASS.
10721		 */
10722		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10723
10724		switch (action) {
10725		case CTL_ACTION_BLOCK:
10726			/* Nothing to do here, still blocked */
10727			break;
10728		case CTL_ACTION_OVERLAP:
10729		case CTL_ACTION_OVERLAP_TAG:
10730			/*
10731			 * This shouldn't happen!  In theory we've already
10732			 * checked this command for overlap...
10733			 */
10734			break;
10735		case CTL_ACTION_PASS:
10736		case CTL_ACTION_SKIP: {
10737			const struct ctl_cmd_entry *entry;
10738
10739			/*
10740			 * The skip case shouldn't happen, this transaction
10741			 * should have never made it onto the blocked queue.
10742			 */
10743			/*
10744			 * This I/O is no longer blocked, we can remove it
10745			 * from the blocked queue.  Since this is a TAILQ
10746			 * (doubly linked list), we can do O(1) removals
10747			 * from any place on the list.
10748			 */
10749			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10750				     blocked_links);
10751			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10752
10753			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10754			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10755				/*
10756				 * Need to send IO back to original side to
10757				 * run
10758				 */
10759				union ctl_ha_msg msg_info;
10760
10761				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10762				msg_info.hdr.original_sc =
10763					cur_blocked->io_hdr.original_sc;
10764				msg_info.hdr.serializing_sc = cur_blocked;
10765				msg_info.hdr.msg_type = CTL_MSG_R2R;
10766				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10767				    sizeof(msg_info.hdr), M_NOWAIT);
10768				break;
10769			}
10770			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10771
10772			/*
10773			 * Check this I/O for LUN state changes that may
10774			 * have happened while this command was blocked.
10775			 * The LUN state may have been changed by a command
10776			 * ahead of us in the queue, so we need to re-check
10777			 * for any states that can be caused by SCSI
10778			 * commands.
10779			 */
10780			if (ctl_scsiio_lun_check(lun, entry,
10781						 &cur_blocked->scsiio) == 0) {
10782				cur_blocked->io_hdr.flags |=
10783				                      CTL_FLAG_IS_WAS_ON_RTR;
10784				ctl_enqueue_rtr(cur_blocked);
10785			} else
10786				ctl_done(cur_blocked);
10787			break;
10788		}
10789		default:
10790			/*
10791			 * This probably shouldn't happen -- we shouldn't
10792			 * get CTL_ACTION_ERROR, or anything else.
10793			 */
10794			break;
10795		}
10796	}
10797
10798	return (CTL_RETVAL_COMPLETE);
10799}
10800
10801/*
10802 * This routine (with one exception) checks LUN flags that can be set by
10803 * commands ahead of us in the OOA queue.  These flags have to be checked
10804 * when a command initially comes in, and when we pull a command off the
10805 * blocked queue and are preparing to execute it.  The reason we have to
10806 * check these flags for commands on the blocked queue is that the LUN
10807 * state may have been changed by a command ahead of us while we're on the
10808 * blocked queue.
10809 *
10810 * Ordering is somewhat important with these checks, so please pay
10811 * careful attention to the placement of any new checks.
10812 */
10813static int
10814ctl_scsiio_lun_check(struct ctl_lun *lun,
10815    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10816{
10817	struct ctl_softc *softc = lun->ctl_softc;
10818	int retval;
10819	uint32_t residx;
10820
10821	retval = 0;
10822
10823	mtx_assert(&lun->lun_lock, MA_OWNED);
10824
10825	/*
10826	 * If this shelf is a secondary shelf controller, we may have to
10827	 * reject some commands disallowed by HA mode and link state.
10828	 */
10829	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10830		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10831		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10832			ctl_set_lun_unavail(ctsio);
10833			retval = 1;
10834			goto bailout;
10835		}
10836		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10837		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10838			ctl_set_lun_transit(ctsio);
10839			retval = 1;
10840			goto bailout;
10841		}
10842		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10843		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10844			ctl_set_lun_standby(ctsio);
10845			retval = 1;
10846			goto bailout;
10847		}
10848
10849		/* The rest of checks are only done on executing side */
10850		if (softc->ha_mode == CTL_HA_MODE_XFER)
10851			goto bailout;
10852	}
10853
10854	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10855		if (lun->be_lun &&
10856		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10857			ctl_set_hw_write_protected(ctsio);
10858			retval = 1;
10859			goto bailout;
10860		}
10861		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10862		    .eca_and_aen & SCP_SWP) != 0) {
10863			ctl_set_sense(ctsio, /*current_error*/ 1,
10864			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10865			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10866			retval = 1;
10867			goto bailout;
10868		}
10869	}
10870
10871	/*
10872	 * Check for a reservation conflict.  If this command isn't allowed
10873	 * even on reserved LUNs, and if this initiator isn't the one who
10874	 * reserved us, reject the command with a reservation conflict.
10875	 */
10876	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10877	if ((lun->flags & CTL_LUN_RESERVED)
10878	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10879		if (lun->res_idx != residx) {
10880			ctl_set_reservation_conflict(ctsio);
10881			retval = 1;
10882			goto bailout;
10883		}
10884	}
10885
10886	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10887	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10888		/* No reservation or command is allowed. */;
10889	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10890	    (lun->res_type == SPR_TYPE_WR_EX ||
10891	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10892	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10893		/* The command is allowed for Write Exclusive resv. */;
10894	} else {
10895		/*
10896		 * if we aren't registered or it's a res holder type
10897		 * reservation and this isn't the res holder then set a
10898		 * conflict.
10899		 */
10900		if (ctl_get_prkey(lun, residx) == 0
10901		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10902			ctl_set_reservation_conflict(ctsio);
10903			retval = 1;
10904			goto bailout;
10905		}
10906	}
10907
10908	if ((lun->flags & CTL_LUN_OFFLINE)
10909	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10910		ctl_set_lun_not_ready(ctsio);
10911		retval = 1;
10912		goto bailout;
10913	}
10914
10915	if ((lun->flags & CTL_LUN_STOPPED)
10916	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10917		/* "Logical unit not ready, initializing cmd. required" */
10918		ctl_set_lun_stopped(ctsio);
10919		retval = 1;
10920		goto bailout;
10921	}
10922
10923	if ((lun->flags & CTL_LUN_INOPERABLE)
10924	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10925		/* "Medium format corrupted" */
10926		ctl_set_medium_format_corrupted(ctsio);
10927		retval = 1;
10928		goto bailout;
10929	}
10930
10931bailout:
10932	return (retval);
10933}
10934
10935static void
10936ctl_failover_io(union ctl_io *io, int have_lock)
10937{
10938	ctl_set_busy(&io->scsiio);
10939	ctl_done(io);
10940}
10941
10942static void
10943ctl_failover_lun(struct ctl_lun *lun)
10944{
10945	struct ctl_softc *softc = lun->ctl_softc;
10946	struct ctl_io_hdr *io, *next_io;
10947
10948	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
10949	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10950		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10951			/* We are master */
10952			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10953				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10954					io->flags |= CTL_FLAG_ABORT;
10955					io->flags |= CTL_FLAG_FAILOVER;
10956				} else { /* This can be only due to DATAMOVE */
10957					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10958					io->flags |= CTL_FLAG_IO_ACTIVE;
10959					io->port_status = 31340;
10960					ctl_enqueue_isc((union ctl_io *)io);
10961				}
10962			}
10963			/* We are slave */
10964			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10965				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10966				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10967					io->flags |= CTL_FLAG_FAILOVER;
10968				} else {
10969					ctl_set_busy(&((union ctl_io *)io)->
10970					    scsiio);
10971					ctl_done((union ctl_io *)io);
10972				}
10973			}
10974		}
10975	} else { /* SERIALIZE modes */
10976		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10977		    next_io) {
10978			/* We are master */
10979			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10980				TAILQ_REMOVE(&lun->blocked_queue, io,
10981				    blocked_links);
10982				io->flags &= ~CTL_FLAG_BLOCKED;
10983				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10984				ctl_free_io((union ctl_io *)io);
10985			}
10986		}
10987		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10988			/* We are master */
10989			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10990				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10991				ctl_free_io((union ctl_io *)io);
10992			}
10993			/* We are slave */
10994			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10995				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10996				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
10997					ctl_set_busy(&((union ctl_io *)io)->
10998					    scsiio);
10999					ctl_done((union ctl_io *)io);
11000				}
11001			}
11002		}
11003		ctl_check_blocked(lun);
11004	}
11005}
11006
11007static int
11008ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11009{
11010	struct ctl_lun *lun;
11011	const struct ctl_cmd_entry *entry;
11012	uint32_t initidx, targ_lun;
11013	int retval;
11014
11015	retval = 0;
11016
11017	lun = NULL;
11018
11019	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11020	if ((targ_lun < CTL_MAX_LUNS)
11021	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11022		/*
11023		 * If the LUN is invalid, pretend that it doesn't exist.
11024		 * It will go away as soon as all pending I/O has been
11025		 * completed.
11026		 */
11027		mtx_lock(&lun->lun_lock);
11028		if (lun->flags & CTL_LUN_DISABLED) {
11029			mtx_unlock(&lun->lun_lock);
11030			lun = NULL;
11031			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11032			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11033		} else {
11034			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11035			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11036				lun->be_lun;
11037
11038			/*
11039			 * Every I/O goes into the OOA queue for a
11040			 * particular LUN, and stays there until completion.
11041			 */
11042#ifdef CTL_TIME_IO
11043			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11044				lun->idle_time += getsbinuptime() -
11045				    lun->last_busy;
11046			}
11047#endif
11048			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11049			    ooa_links);
11050		}
11051	} else {
11052		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11053		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11054	}
11055
11056	/* Get command entry and return error if it is unsuppotyed. */
11057	entry = ctl_validate_command(ctsio);
11058	if (entry == NULL) {
11059		if (lun)
11060			mtx_unlock(&lun->lun_lock);
11061		return (retval);
11062	}
11063
11064	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11065	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11066
11067	/*
11068	 * Check to see whether we can send this command to LUNs that don't
11069	 * exist.  This should pretty much only be the case for inquiry
11070	 * and request sense.  Further checks, below, really require having
11071	 * a LUN, so we can't really check the command anymore.  Just put
11072	 * it on the rtr queue.
11073	 */
11074	if (lun == NULL) {
11075		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11076			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11077			ctl_enqueue_rtr((union ctl_io *)ctsio);
11078			return (retval);
11079		}
11080
11081		ctl_set_unsupported_lun(ctsio);
11082		ctl_done((union ctl_io *)ctsio);
11083		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11084		return (retval);
11085	} else {
11086		/*
11087		 * Make sure we support this particular command on this LUN.
11088		 * e.g., we don't support writes to the control LUN.
11089		 */
11090		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11091			mtx_unlock(&lun->lun_lock);
11092			ctl_set_invalid_opcode(ctsio);
11093			ctl_done((union ctl_io *)ctsio);
11094			return (retval);
11095		}
11096	}
11097
11098	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11099
11100#ifdef CTL_WITH_CA
11101	/*
11102	 * If we've got a request sense, it'll clear the contingent
11103	 * allegiance condition.  Otherwise, if we have a CA condition for
11104	 * this initiator, clear it, because it sent down a command other
11105	 * than request sense.
11106	 */
11107	if ((ctsio->cdb[0] != REQUEST_SENSE)
11108	 && (ctl_is_set(lun->have_ca, initidx)))
11109		ctl_clear_mask(lun->have_ca, initidx);
11110#endif
11111
11112	/*
11113	 * If the command has this flag set, it handles its own unit
11114	 * attention reporting, we shouldn't do anything.  Otherwise we
11115	 * check for any pending unit attentions, and send them back to the
11116	 * initiator.  We only do this when a command initially comes in,
11117	 * not when we pull it off the blocked queue.
11118	 *
11119	 * According to SAM-3, section 5.3.2, the order that things get
11120	 * presented back to the host is basically unit attentions caused
11121	 * by some sort of reset event, busy status, reservation conflicts
11122	 * or task set full, and finally any other status.
11123	 *
11124	 * One issue here is that some of the unit attentions we report
11125	 * don't fall into the "reset" category (e.g. "reported luns data
11126	 * has changed").  So reporting it here, before the reservation
11127	 * check, may be technically wrong.  I guess the only thing to do
11128	 * would be to check for and report the reset events here, and then
11129	 * check for the other unit attention types after we check for a
11130	 * reservation conflict.
11131	 *
11132	 * XXX KDM need to fix this
11133	 */
11134	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11135		ctl_ua_type ua_type;
11136		scsi_sense_data_type sense_format;
11137
11138		if (lun->flags & CTL_LUN_SENSE_DESC)
11139			sense_format = SSD_TYPE_DESC;
11140		else
11141			sense_format = SSD_TYPE_FIXED;
11142
11143		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11144		    sense_format);
11145		if (ua_type != CTL_UA_NONE) {
11146			mtx_unlock(&lun->lun_lock);
11147			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11148			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11149			ctsio->sense_len = SSD_FULL_SIZE;
11150			ctl_done((union ctl_io *)ctsio);
11151			return (retval);
11152		}
11153	}
11154
11155
11156	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11157		mtx_unlock(&lun->lun_lock);
11158		ctl_done((union ctl_io *)ctsio);
11159		return (retval);
11160	}
11161
11162	/*
11163	 * XXX CHD this is where we want to send IO to other side if
11164	 * this LUN is secondary on this SC. We will need to make a copy
11165	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11166	 * the copy we send as FROM_OTHER.
11167	 * We also need to stuff the address of the original IO so we can
11168	 * find it easily. Something similar will need be done on the other
11169	 * side so when we are done we can find the copy.
11170	 */
11171	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11172	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0) {
11173		union ctl_ha_msg msg_info;
11174		int isc_retval;
11175
11176		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11177		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11178		mtx_unlock(&lun->lun_lock);
11179
11180		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11181		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11182		msg_info.hdr.serializing_sc = NULL;
11183		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11184		msg_info.scsi.tag_num = ctsio->tag_num;
11185		msg_info.scsi.tag_type = ctsio->tag_type;
11186		msg_info.scsi.cdb_len = ctsio->cdb_len;
11187		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11188
11189		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11190		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11191		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11192			ctl_set_busy(ctsio);
11193			ctl_done((union ctl_io *)ctsio);
11194			return (retval);
11195		}
11196		return (retval);
11197	}
11198
11199	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11200			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11201			      ctl_ooaq, ooa_links))) {
11202	case CTL_ACTION_BLOCK:
11203		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11204		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11205				  blocked_links);
11206		mtx_unlock(&lun->lun_lock);
11207		return (retval);
11208	case CTL_ACTION_PASS:
11209	case CTL_ACTION_SKIP:
11210		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11211		mtx_unlock(&lun->lun_lock);
11212		ctl_enqueue_rtr((union ctl_io *)ctsio);
11213		break;
11214	case CTL_ACTION_OVERLAP:
11215		mtx_unlock(&lun->lun_lock);
11216		ctl_set_overlapped_cmd(ctsio);
11217		ctl_done((union ctl_io *)ctsio);
11218		break;
11219	case CTL_ACTION_OVERLAP_TAG:
11220		mtx_unlock(&lun->lun_lock);
11221		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11222		ctl_done((union ctl_io *)ctsio);
11223		break;
11224	case CTL_ACTION_ERROR:
11225	default:
11226		mtx_unlock(&lun->lun_lock);
11227		ctl_set_internal_failure(ctsio,
11228					 /*sks_valid*/ 0,
11229					 /*retry_count*/ 0);
11230		ctl_done((union ctl_io *)ctsio);
11231		break;
11232	}
11233	return (retval);
11234}
11235
11236const struct ctl_cmd_entry *
11237ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11238{
11239	const struct ctl_cmd_entry *entry;
11240	int service_action;
11241
11242	entry = &ctl_cmd_table[ctsio->cdb[0]];
11243	if (sa)
11244		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11245	if (entry->flags & CTL_CMD_FLAG_SA5) {
11246		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11247		entry = &((const struct ctl_cmd_entry *)
11248		    entry->execute)[service_action];
11249	}
11250	return (entry);
11251}
11252
11253const struct ctl_cmd_entry *
11254ctl_validate_command(struct ctl_scsiio *ctsio)
11255{
11256	const struct ctl_cmd_entry *entry;
11257	int i, sa;
11258	uint8_t diff;
11259
11260	entry = ctl_get_cmd_entry(ctsio, &sa);
11261	if (entry->execute == NULL) {
11262		if (sa)
11263			ctl_set_invalid_field(ctsio,
11264					      /*sks_valid*/ 1,
11265					      /*command*/ 1,
11266					      /*field*/ 1,
11267					      /*bit_valid*/ 1,
11268					      /*bit*/ 4);
11269		else
11270			ctl_set_invalid_opcode(ctsio);
11271		ctl_done((union ctl_io *)ctsio);
11272		return (NULL);
11273	}
11274	KASSERT(entry->length > 0,
11275	    ("Not defined length for command 0x%02x/0x%02x",
11276	     ctsio->cdb[0], ctsio->cdb[1]));
11277	for (i = 1; i < entry->length; i++) {
11278		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11279		if (diff == 0)
11280			continue;
11281		ctl_set_invalid_field(ctsio,
11282				      /*sks_valid*/ 1,
11283				      /*command*/ 1,
11284				      /*field*/ i,
11285				      /*bit_valid*/ 1,
11286				      /*bit*/ fls(diff) - 1);
11287		ctl_done((union ctl_io *)ctsio);
11288		return (NULL);
11289	}
11290	return (entry);
11291}
11292
11293static int
11294ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11295{
11296
11297	switch (lun_type) {
11298	case T_PROCESSOR:
11299		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11300		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11301			return (0);
11302		break;
11303	case T_DIRECT:
11304		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11305		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11306			return (0);
11307		break;
11308	default:
11309		return (0);
11310	}
11311	return (1);
11312}
11313
11314static int
11315ctl_scsiio(struct ctl_scsiio *ctsio)
11316{
11317	int retval;
11318	const struct ctl_cmd_entry *entry;
11319
11320	retval = CTL_RETVAL_COMPLETE;
11321
11322	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11323
11324	entry = ctl_get_cmd_entry(ctsio, NULL);
11325
11326	/*
11327	 * If this I/O has been aborted, just send it straight to
11328	 * ctl_done() without executing it.
11329	 */
11330	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11331		ctl_done((union ctl_io *)ctsio);
11332		goto bailout;
11333	}
11334
11335	/*
11336	 * All the checks should have been handled by ctl_scsiio_precheck().
11337	 * We should be clear now to just execute the I/O.
11338	 */
11339	retval = entry->execute(ctsio);
11340
11341bailout:
11342	return (retval);
11343}
11344
11345/*
11346 * Since we only implement one target right now, a bus reset simply resets
11347 * our single target.
11348 */
11349static int
11350ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11351{
11352	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11353}
11354
11355static int
11356ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11357		 ctl_ua_type ua_type)
11358{
11359	struct ctl_port *port;
11360	struct ctl_lun *lun;
11361	int retval;
11362
11363	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11364		union ctl_ha_msg msg_info;
11365
11366		msg_info.hdr.nexus = io->io_hdr.nexus;
11367		if (ua_type==CTL_UA_TARG_RESET)
11368			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11369		else
11370			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11371		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11372		msg_info.hdr.original_sc = NULL;
11373		msg_info.hdr.serializing_sc = NULL;
11374		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11375		    sizeof(msg_info.task), M_WAITOK);
11376	}
11377	retval = 0;
11378
11379	mtx_lock(&softc->ctl_lock);
11380	port = softc->ctl_ports[io->io_hdr.nexus.targ_port];
11381	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11382		if (port != NULL &&
11383		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11384			continue;
11385		retval += ctl_do_lun_reset(lun, io, ua_type);
11386	}
11387	mtx_unlock(&softc->ctl_lock);
11388	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11389	return (retval);
11390}
11391
11392/*
11393 * The LUN should always be set.  The I/O is optional, and is used to
11394 * distinguish between I/Os sent by this initiator, and by other
11395 * initiators.  We set unit attention for initiators other than this one.
11396 * SAM-3 is vague on this point.  It does say that a unit attention should
11397 * be established for other initiators when a LUN is reset (see section
11398 * 5.7.3), but it doesn't specifically say that the unit attention should
11399 * be established for this particular initiator when a LUN is reset.  Here
11400 * is the relevant text, from SAM-3 rev 8:
11401 *
11402 * 5.7.2 When a SCSI initiator port aborts its own tasks
11403 *
11404 * When a SCSI initiator port causes its own task(s) to be aborted, no
11405 * notification that the task(s) have been aborted shall be returned to
11406 * the SCSI initiator port other than the completion response for the
11407 * command or task management function action that caused the task(s) to
11408 * be aborted and notification(s) associated with related effects of the
11409 * action (e.g., a reset unit attention condition).
11410 *
11411 * XXX KDM for now, we're setting unit attention for all initiators.
11412 */
11413static int
11414ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11415{
11416	union ctl_io *xio;
11417#if 0
11418	uint32_t initidx;
11419#endif
11420#ifdef CTL_WITH_CA
11421	int i;
11422#endif
11423
11424	mtx_lock(&lun->lun_lock);
11425	/*
11426	 * Run through the OOA queue and abort each I/O.
11427	 */
11428	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11429	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11430		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11431	}
11432
11433	/*
11434	 * This version sets unit attention for every
11435	 */
11436#if 0
11437	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11438	ctl_est_ua_all(lun, initidx, ua_type);
11439#else
11440	ctl_est_ua_all(lun, -1, ua_type);
11441#endif
11442
11443	/*
11444	 * A reset (any kind, really) clears reservations established with
11445	 * RESERVE/RELEASE.  It does not clear reservations established
11446	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11447	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11448	 * reservations made with the RESERVE/RELEASE commands, because
11449	 * those commands are obsolete in SPC-3.
11450	 */
11451	lun->flags &= ~CTL_LUN_RESERVED;
11452
11453#ifdef CTL_WITH_CA
11454	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11455		ctl_clear_mask(lun->have_ca, i);
11456#endif
11457	mtx_unlock(&lun->lun_lock);
11458
11459	return (0);
11460}
11461
11462static int
11463ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11464{
11465	struct ctl_lun *lun;
11466	uint32_t targ_lun;
11467	int retval;
11468
11469	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11470	mtx_lock(&softc->ctl_lock);
11471	if ((targ_lun >= CTL_MAX_LUNS) ||
11472	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11473		mtx_unlock(&softc->ctl_lock);
11474		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11475		return (1);
11476	}
11477	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11478	mtx_unlock(&softc->ctl_lock);
11479	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11480
11481	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11482		union ctl_ha_msg msg_info;
11483
11484		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11485		msg_info.hdr.nexus = io->io_hdr.nexus;
11486		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11487		msg_info.hdr.original_sc = NULL;
11488		msg_info.hdr.serializing_sc = NULL;
11489		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11490		    sizeof(msg_info.task), M_WAITOK);
11491	}
11492	return (retval);
11493}
11494
11495static void
11496ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11497    int other_sc)
11498{
11499	union ctl_io *xio;
11500
11501	mtx_assert(&lun->lun_lock, MA_OWNED);
11502
11503	/*
11504	 * Run through the OOA queue and attempt to find the given I/O.
11505	 * The target port, initiator ID, tag type and tag number have to
11506	 * match the values that we got from the initiator.  If we have an
11507	 * untagged command to abort, simply abort the first untagged command
11508	 * we come to.  We only allow one untagged command at a time of course.
11509	 */
11510	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11511	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11512
11513		if ((targ_port == UINT32_MAX ||
11514		     targ_port == xio->io_hdr.nexus.targ_port) &&
11515		    (init_id == UINT32_MAX ||
11516		     init_id == xio->io_hdr.nexus.initid)) {
11517			if (targ_port != xio->io_hdr.nexus.targ_port ||
11518			    init_id != xio->io_hdr.nexus.initid)
11519				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11520			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11521			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11522				union ctl_ha_msg msg_info;
11523
11524				msg_info.hdr.nexus = xio->io_hdr.nexus;
11525				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11526				msg_info.task.tag_num = xio->scsiio.tag_num;
11527				msg_info.task.tag_type = xio->scsiio.tag_type;
11528				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11529				msg_info.hdr.original_sc = NULL;
11530				msg_info.hdr.serializing_sc = NULL;
11531				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11532				    sizeof(msg_info.task), M_NOWAIT);
11533			}
11534		}
11535	}
11536}
11537
11538static int
11539ctl_abort_task_set(union ctl_io *io)
11540{
11541	struct ctl_softc *softc = control_softc;
11542	struct ctl_lun *lun;
11543	uint32_t targ_lun;
11544
11545	/*
11546	 * Look up the LUN.
11547	 */
11548	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11549	mtx_lock(&softc->ctl_lock);
11550	if ((targ_lun >= CTL_MAX_LUNS) ||
11551	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11552		mtx_unlock(&softc->ctl_lock);
11553		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11554		return (1);
11555	}
11556
11557	mtx_lock(&lun->lun_lock);
11558	mtx_unlock(&softc->ctl_lock);
11559	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11560		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11561		    io->io_hdr.nexus.initid,
11562		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11563	} else { /* CTL_TASK_CLEAR_TASK_SET */
11564		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11565		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11566	}
11567	mtx_unlock(&lun->lun_lock);
11568	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11569	return (0);
11570}
11571
11572static int
11573ctl_i_t_nexus_reset(union ctl_io *io)
11574{
11575	struct ctl_softc *softc = control_softc;
11576	struct ctl_lun *lun;
11577	uint32_t initidx;
11578
11579	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11580		union ctl_ha_msg msg_info;
11581
11582		msg_info.hdr.nexus = io->io_hdr.nexus;
11583		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11584		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11585		msg_info.hdr.original_sc = NULL;
11586		msg_info.hdr.serializing_sc = NULL;
11587		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11588		    sizeof(msg_info.task), M_WAITOK);
11589	}
11590
11591	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11592	mtx_lock(&softc->ctl_lock);
11593	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11594		mtx_lock(&lun->lun_lock);
11595		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11596		    io->io_hdr.nexus.initid, 1);
11597#ifdef CTL_WITH_CA
11598		ctl_clear_mask(lun->have_ca, initidx);
11599#endif
11600		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11601			lun->flags &= ~CTL_LUN_RESERVED;
11602		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11603		mtx_unlock(&lun->lun_lock);
11604	}
11605	mtx_unlock(&softc->ctl_lock);
11606	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11607	return (0);
11608}
11609
11610static int
11611ctl_abort_task(union ctl_io *io)
11612{
11613	union ctl_io *xio;
11614	struct ctl_lun *lun;
11615	struct ctl_softc *softc;
11616#if 0
11617	struct sbuf sb;
11618	char printbuf[128];
11619#endif
11620	int found;
11621	uint32_t targ_lun;
11622
11623	softc = control_softc;
11624	found = 0;
11625
11626	/*
11627	 * Look up the LUN.
11628	 */
11629	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11630	mtx_lock(&softc->ctl_lock);
11631	if ((targ_lun >= CTL_MAX_LUNS) ||
11632	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11633		mtx_unlock(&softc->ctl_lock);
11634		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11635		return (1);
11636	}
11637
11638#if 0
11639	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11640	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11641#endif
11642
11643	mtx_lock(&lun->lun_lock);
11644	mtx_unlock(&softc->ctl_lock);
11645	/*
11646	 * Run through the OOA queue and attempt to find the given I/O.
11647	 * The target port, initiator ID, tag type and tag number have to
11648	 * match the values that we got from the initiator.  If we have an
11649	 * untagged command to abort, simply abort the first untagged command
11650	 * we come to.  We only allow one untagged command at a time of course.
11651	 */
11652	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11653	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11654#if 0
11655		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11656
11657		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11658			    lun->lun, xio->scsiio.tag_num,
11659			    xio->scsiio.tag_type,
11660			    (xio->io_hdr.blocked_links.tqe_prev
11661			    == NULL) ? "" : " BLOCKED",
11662			    (xio->io_hdr.flags &
11663			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11664			    (xio->io_hdr.flags &
11665			    CTL_FLAG_ABORT) ? " ABORT" : "",
11666			    (xio->io_hdr.flags &
11667			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11668		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11669		sbuf_finish(&sb);
11670		printf("%s\n", sbuf_data(&sb));
11671#endif
11672
11673		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11674		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11675		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11676			continue;
11677
11678		/*
11679		 * If the abort says that the task is untagged, the
11680		 * task in the queue must be untagged.  Otherwise,
11681		 * we just check to see whether the tag numbers
11682		 * match.  This is because the QLogic firmware
11683		 * doesn't pass back the tag type in an abort
11684		 * request.
11685		 */
11686#if 0
11687		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11688		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11689		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11690#endif
11691		/*
11692		 * XXX KDM we've got problems with FC, because it
11693		 * doesn't send down a tag type with aborts.  So we
11694		 * can only really go by the tag number...
11695		 * This may cause problems with parallel SCSI.
11696		 * Need to figure that out!!
11697		 */
11698		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11699			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11700			found = 1;
11701			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11702			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11703				union ctl_ha_msg msg_info;
11704
11705				msg_info.hdr.nexus = io->io_hdr.nexus;
11706				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11707				msg_info.task.tag_num = io->taskio.tag_num;
11708				msg_info.task.tag_type = io->taskio.tag_type;
11709				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11710				msg_info.hdr.original_sc = NULL;
11711				msg_info.hdr.serializing_sc = NULL;
11712#if 0
11713				printf("Sent Abort to other side\n");
11714#endif
11715				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11716				    sizeof(msg_info.task), M_NOWAIT);
11717			}
11718#if 0
11719			printf("ctl_abort_task: found I/O to abort\n");
11720#endif
11721		}
11722	}
11723	mtx_unlock(&lun->lun_lock);
11724
11725	if (found == 0) {
11726		/*
11727		 * This isn't really an error.  It's entirely possible for
11728		 * the abort and command completion to cross on the wire.
11729		 * This is more of an informative/diagnostic error.
11730		 */
11731#if 0
11732		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11733		       "%u:%u:%u tag %d type %d\n",
11734		       io->io_hdr.nexus.initid,
11735		       io->io_hdr.nexus.targ_port,
11736		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11737		       io->taskio.tag_type);
11738#endif
11739	}
11740	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11741	return (0);
11742}
11743
11744static int
11745ctl_query_task(union ctl_io *io, int task_set)
11746{
11747	union ctl_io *xio;
11748	struct ctl_lun *lun;
11749	struct ctl_softc *softc;
11750	int found = 0;
11751	uint32_t targ_lun;
11752
11753	softc = control_softc;
11754	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11755	mtx_lock(&softc->ctl_lock);
11756	if ((targ_lun >= CTL_MAX_LUNS) ||
11757	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11758		mtx_unlock(&softc->ctl_lock);
11759		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11760		return (1);
11761	}
11762	mtx_lock(&lun->lun_lock);
11763	mtx_unlock(&softc->ctl_lock);
11764	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11765	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11766
11767		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11768		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11769		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11770			continue;
11771
11772		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11773			found = 1;
11774			break;
11775		}
11776	}
11777	mtx_unlock(&lun->lun_lock);
11778	if (found)
11779		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11780	else
11781		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11782	return (0);
11783}
11784
11785static int
11786ctl_query_async_event(union ctl_io *io)
11787{
11788	struct ctl_lun *lun;
11789	struct ctl_softc *softc;
11790	ctl_ua_type ua;
11791	uint32_t targ_lun, initidx;
11792
11793	softc = control_softc;
11794	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11795	mtx_lock(&softc->ctl_lock);
11796	if ((targ_lun >= CTL_MAX_LUNS) ||
11797	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11798		mtx_unlock(&softc->ctl_lock);
11799		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11800		return (1);
11801	}
11802	mtx_lock(&lun->lun_lock);
11803	mtx_unlock(&softc->ctl_lock);
11804	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11805	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11806	mtx_unlock(&lun->lun_lock);
11807	if (ua != CTL_UA_NONE)
11808		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11809	else
11810		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11811	return (0);
11812}
11813
11814static void
11815ctl_run_task(union ctl_io *io)
11816{
11817	struct ctl_softc *softc = control_softc;
11818	int retval = 1;
11819
11820	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11821	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11822	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11823	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11824	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11825	switch (io->taskio.task_action) {
11826	case CTL_TASK_ABORT_TASK:
11827		retval = ctl_abort_task(io);
11828		break;
11829	case CTL_TASK_ABORT_TASK_SET:
11830	case CTL_TASK_CLEAR_TASK_SET:
11831		retval = ctl_abort_task_set(io);
11832		break;
11833	case CTL_TASK_CLEAR_ACA:
11834		break;
11835	case CTL_TASK_I_T_NEXUS_RESET:
11836		retval = ctl_i_t_nexus_reset(io);
11837		break;
11838	case CTL_TASK_LUN_RESET:
11839		retval = ctl_lun_reset(softc, io);
11840		break;
11841	case CTL_TASK_TARGET_RESET:
11842		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11843		break;
11844	case CTL_TASK_BUS_RESET:
11845		retval = ctl_bus_reset(softc, io);
11846		break;
11847	case CTL_TASK_PORT_LOGIN:
11848		break;
11849	case CTL_TASK_PORT_LOGOUT:
11850		break;
11851	case CTL_TASK_QUERY_TASK:
11852		retval = ctl_query_task(io, 0);
11853		break;
11854	case CTL_TASK_QUERY_TASK_SET:
11855		retval = ctl_query_task(io, 1);
11856		break;
11857	case CTL_TASK_QUERY_ASYNC_EVENT:
11858		retval = ctl_query_async_event(io);
11859		break;
11860	default:
11861		printf("%s: got unknown task management event %d\n",
11862		       __func__, io->taskio.task_action);
11863		break;
11864	}
11865	if (retval == 0)
11866		io->io_hdr.status = CTL_SUCCESS;
11867	else
11868		io->io_hdr.status = CTL_ERROR;
11869	ctl_done(io);
11870}
11871
11872/*
11873 * For HA operation.  Handle commands that come in from the other
11874 * controller.
11875 */
11876static void
11877ctl_handle_isc(union ctl_io *io)
11878{
11879	int free_io;
11880	struct ctl_lun *lun;
11881	struct ctl_softc *softc;
11882	uint32_t targ_lun;
11883
11884	softc = control_softc;
11885
11886	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11887	lun = softc->ctl_luns[targ_lun];
11888
11889	switch (io->io_hdr.msg_type) {
11890	case CTL_MSG_SERIALIZE:
11891		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11892		break;
11893	case CTL_MSG_R2R: {
11894		const struct ctl_cmd_entry *entry;
11895
11896		/*
11897		 * This is only used in SER_ONLY mode.
11898		 */
11899		free_io = 0;
11900		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11901		mtx_lock(&lun->lun_lock);
11902		if (ctl_scsiio_lun_check(lun,
11903		    entry, (struct ctl_scsiio *)io) != 0) {
11904			mtx_unlock(&lun->lun_lock);
11905			ctl_done(io);
11906			break;
11907		}
11908		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11909		mtx_unlock(&lun->lun_lock);
11910		ctl_enqueue_rtr(io);
11911		break;
11912	}
11913	case CTL_MSG_FINISH_IO:
11914		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11915			free_io = 0;
11916			ctl_done(io);
11917		} else {
11918			free_io = 1;
11919			mtx_lock(&lun->lun_lock);
11920			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11921				     ooa_links);
11922			ctl_check_blocked(lun);
11923			mtx_unlock(&lun->lun_lock);
11924		}
11925		break;
11926	case CTL_MSG_PERS_ACTION:
11927		ctl_hndl_per_res_out_on_other_sc(
11928			(union ctl_ha_msg *)&io->presio.pr_msg);
11929		free_io = 1;
11930		break;
11931	case CTL_MSG_BAD_JUJU:
11932		free_io = 0;
11933		ctl_done(io);
11934		break;
11935	case CTL_MSG_DATAMOVE:
11936		/* Only used in XFER mode */
11937		free_io = 0;
11938		ctl_datamove_remote(io);
11939		break;
11940	case CTL_MSG_DATAMOVE_DONE:
11941		/* Only used in XFER mode */
11942		free_io = 0;
11943		io->scsiio.be_move_done(io);
11944		break;
11945	case CTL_MSG_FAILOVER:
11946		mtx_lock(&lun->lun_lock);
11947		ctl_failover_lun(lun);
11948		mtx_unlock(&lun->lun_lock);
11949		free_io = 1;
11950		break;
11951	default:
11952		free_io = 1;
11953		printf("%s: Invalid message type %d\n",
11954		       __func__, io->io_hdr.msg_type);
11955		break;
11956	}
11957	if (free_io)
11958		ctl_free_io(io);
11959
11960}
11961
11962
11963/*
11964 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11965 * there is no match.
11966 */
11967static ctl_lun_error_pattern
11968ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11969{
11970	const struct ctl_cmd_entry *entry;
11971	ctl_lun_error_pattern filtered_pattern, pattern;
11972
11973	pattern = desc->error_pattern;
11974
11975	/*
11976	 * XXX KDM we need more data passed into this function to match a
11977	 * custom pattern, and we actually need to implement custom pattern
11978	 * matching.
11979	 */
11980	if (pattern & CTL_LUN_PAT_CMD)
11981		return (CTL_LUN_PAT_CMD);
11982
11983	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11984		return (CTL_LUN_PAT_ANY);
11985
11986	entry = ctl_get_cmd_entry(ctsio, NULL);
11987
11988	filtered_pattern = entry->pattern & pattern;
11989
11990	/*
11991	 * If the user requested specific flags in the pattern (e.g.
11992	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11993	 * flags.
11994	 *
11995	 * If the user did not specify any flags, it doesn't matter whether
11996	 * or not the command supports the flags.
11997	 */
11998	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11999	     (pattern & ~CTL_LUN_PAT_MASK))
12000		return (CTL_LUN_PAT_NONE);
12001
12002	/*
12003	 * If the user asked for a range check, see if the requested LBA
12004	 * range overlaps with this command's LBA range.
12005	 */
12006	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12007		uint64_t lba1;
12008		uint64_t len1;
12009		ctl_action action;
12010		int retval;
12011
12012		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12013		if (retval != 0)
12014			return (CTL_LUN_PAT_NONE);
12015
12016		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12017					      desc->lba_range.len, FALSE);
12018		/*
12019		 * A "pass" means that the LBA ranges don't overlap, so
12020		 * this doesn't match the user's range criteria.
12021		 */
12022		if (action == CTL_ACTION_PASS)
12023			return (CTL_LUN_PAT_NONE);
12024	}
12025
12026	return (filtered_pattern);
12027}
12028
12029static void
12030ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12031{
12032	struct ctl_error_desc *desc, *desc2;
12033
12034	mtx_assert(&lun->lun_lock, MA_OWNED);
12035
12036	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12037		ctl_lun_error_pattern pattern;
12038		/*
12039		 * Check to see whether this particular command matches
12040		 * the pattern in the descriptor.
12041		 */
12042		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12043		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12044			continue;
12045
12046		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12047		case CTL_LUN_INJ_ABORTED:
12048			ctl_set_aborted(&io->scsiio);
12049			break;
12050		case CTL_LUN_INJ_MEDIUM_ERR:
12051			ctl_set_medium_error(&io->scsiio,
12052			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12053			     CTL_FLAG_DATA_OUT);
12054			break;
12055		case CTL_LUN_INJ_UA:
12056			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12057			 * OCCURRED */
12058			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12059			break;
12060		case CTL_LUN_INJ_CUSTOM:
12061			/*
12062			 * We're assuming the user knows what he is doing.
12063			 * Just copy the sense information without doing
12064			 * checks.
12065			 */
12066			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12067			      MIN(sizeof(desc->custom_sense),
12068				  sizeof(io->scsiio.sense_data)));
12069			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12070			io->scsiio.sense_len = SSD_FULL_SIZE;
12071			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12072			break;
12073		case CTL_LUN_INJ_NONE:
12074		default:
12075			/*
12076			 * If this is an error injection type we don't know
12077			 * about, clear the continuous flag (if it is set)
12078			 * so it will get deleted below.
12079			 */
12080			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12081			break;
12082		}
12083		/*
12084		 * By default, each error injection action is a one-shot
12085		 */
12086		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12087			continue;
12088
12089		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12090
12091		free(desc, M_CTL);
12092	}
12093}
12094
12095#ifdef CTL_IO_DELAY
12096static void
12097ctl_datamove_timer_wakeup(void *arg)
12098{
12099	union ctl_io *io;
12100
12101	io = (union ctl_io *)arg;
12102
12103	ctl_datamove(io);
12104}
12105#endif /* CTL_IO_DELAY */
12106
12107void
12108ctl_datamove(union ctl_io *io)
12109{
12110	struct ctl_lun *lun;
12111	void (*fe_datamove)(union ctl_io *io);
12112
12113	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12114
12115	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12116
12117	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12118#ifdef CTL_TIME_IO
12119	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12120		char str[256];
12121		char path_str[64];
12122		struct sbuf sb;
12123
12124		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12125		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12126
12127		sbuf_cat(&sb, path_str);
12128		switch (io->io_hdr.io_type) {
12129		case CTL_IO_SCSI:
12130			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12131			sbuf_printf(&sb, "\n");
12132			sbuf_cat(&sb, path_str);
12133			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12134				    io->scsiio.tag_num, io->scsiio.tag_type);
12135			break;
12136		case CTL_IO_TASK:
12137			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12138				    "Tag Type: %d\n", io->taskio.task_action,
12139				    io->taskio.tag_num, io->taskio.tag_type);
12140			break;
12141		default:
12142			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12143			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12144			break;
12145		}
12146		sbuf_cat(&sb, path_str);
12147		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12148			    (intmax_t)time_uptime - io->io_hdr.start_time);
12149		sbuf_finish(&sb);
12150		printf("%s", sbuf_data(&sb));
12151	}
12152#endif /* CTL_TIME_IO */
12153
12154#ifdef CTL_IO_DELAY
12155	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12156		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12157	} else {
12158		if ((lun != NULL)
12159		 && (lun->delay_info.datamove_delay > 0)) {
12160
12161			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12162			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12163			callout_reset(&io->io_hdr.delay_callout,
12164				      lun->delay_info.datamove_delay * hz,
12165				      ctl_datamove_timer_wakeup, io);
12166			if (lun->delay_info.datamove_type ==
12167			    CTL_DELAY_TYPE_ONESHOT)
12168				lun->delay_info.datamove_delay = 0;
12169			return;
12170		}
12171	}
12172#endif
12173
12174	/*
12175	 * This command has been aborted.  Set the port status, so we fail
12176	 * the data move.
12177	 */
12178	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12179		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12180		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12181		       io->io_hdr.nexus.targ_port,
12182		       io->io_hdr.nexus.targ_lun);
12183		io->io_hdr.port_status = 31337;
12184		/*
12185		 * Note that the backend, in this case, will get the
12186		 * callback in its context.  In other cases it may get
12187		 * called in the frontend's interrupt thread context.
12188		 */
12189		io->scsiio.be_move_done(io);
12190		return;
12191	}
12192
12193	/* Don't confuse frontend with zero length data move. */
12194	if (io->scsiio.kern_data_len == 0) {
12195		io->scsiio.be_move_done(io);
12196		return;
12197	}
12198
12199	/*
12200	 * If we're in XFER mode and this I/O is from the other shelf
12201	 * controller, we need to send the DMA to the other side to
12202	 * actually transfer the data to/from the host.  In serialize only
12203	 * mode the transfer happens below CTL and ctl_datamove() is only
12204	 * called on the machine that originally received the I/O.
12205	 */
12206	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12207	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12208		union ctl_ha_msg msg;
12209		uint32_t sg_entries_sent;
12210		int do_sg_copy;
12211		int i;
12212
12213		memset(&msg, 0, sizeof(msg));
12214		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12215		msg.hdr.original_sc = io->io_hdr.original_sc;
12216		msg.hdr.serializing_sc = io;
12217		msg.hdr.nexus = io->io_hdr.nexus;
12218		msg.hdr.status = io->io_hdr.status;
12219		msg.dt.flags = io->io_hdr.flags;
12220		/*
12221		 * We convert everything into a S/G list here.  We can't
12222		 * pass by reference, only by value between controllers.
12223		 * So we can't pass a pointer to the S/G list, only as many
12224		 * S/G entries as we can fit in here.  If it's possible for
12225		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12226		 * then we need to break this up into multiple transfers.
12227		 */
12228		if (io->scsiio.kern_sg_entries == 0) {
12229			msg.dt.kern_sg_entries = 1;
12230#if 0
12231			/*
12232			 * Convert to a physical address if this is a
12233			 * virtual address.
12234			 */
12235			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12236				msg.dt.sg_list[0].addr =
12237					io->scsiio.kern_data_ptr;
12238			} else {
12239				/*
12240				 * XXX KDM use busdma here!
12241				 */
12242				msg.dt.sg_list[0].addr = (void *)
12243					vtophys(io->scsiio.kern_data_ptr);
12244			}
12245#else
12246			KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12247			    ("HA does not support BUS_ADDR"));
12248			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
12249#endif
12250
12251			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12252			do_sg_copy = 0;
12253		} else {
12254			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12255			do_sg_copy = 1;
12256		}
12257
12258		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12259		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12260		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12261		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12262		msg.dt.sg_sequence = 0;
12263
12264		/*
12265		 * Loop until we've sent all of the S/G entries.  On the
12266		 * other end, we'll recompose these S/G entries into one
12267		 * contiguous list before passing it to the
12268		 */
12269		for (sg_entries_sent = 0; sg_entries_sent <
12270		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12271			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12272				sizeof(msg.dt.sg_list[0])),
12273				msg.dt.kern_sg_entries - sg_entries_sent);
12274
12275			if (do_sg_copy != 0) {
12276				struct ctl_sg_entry *sgl;
12277				int j;
12278
12279				sgl = (struct ctl_sg_entry *)
12280					io->scsiio.kern_data_ptr;
12281				/*
12282				 * If this is in cached memory, flush the cache
12283				 * before we send the DMA request to the other
12284				 * controller.  We want to do this in either
12285				 * the * read or the write case.  The read
12286				 * case is straightforward.  In the write
12287				 * case, we want to make sure nothing is
12288				 * in the local cache that could overwrite
12289				 * the DMAed data.
12290				 */
12291
12292				for (i = sg_entries_sent, j = 0;
12293				     i < msg.dt.cur_sg_entries; i++, j++) {
12294#if 0
12295					if ((io->io_hdr.flags &
12296					     CTL_FLAG_BUS_ADDR) == 0) {
12297						/*
12298						 * XXX KDM use busdma.
12299						 */
12300						msg.dt.sg_list[j].addr =(void *)
12301						       vtophys(sgl[i].addr);
12302					} else {
12303						msg.dt.sg_list[j].addr =
12304							sgl[i].addr;
12305					}
12306#else
12307					KASSERT((io->io_hdr.flags &
12308					    CTL_FLAG_BUS_ADDR) == 0,
12309					    ("HA does not support BUS_ADDR"));
12310					msg.dt.sg_list[j].addr = sgl[i].addr;
12311#endif
12312					msg.dt.sg_list[j].len = sgl[i].len;
12313				}
12314			}
12315
12316			sg_entries_sent += msg.dt.cur_sg_entries;
12317			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12318				msg.dt.sg_last = 1;
12319			else
12320				msg.dt.sg_last = 0;
12321
12322			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12323			    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
12324			    sizeof(struct ctl_sg_entry)*msg.dt.cur_sg_entries,
12325			    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
12326				io->io_hdr.port_status = 31341;
12327				io->scsiio.be_move_done(io);
12328				return;
12329			}
12330
12331			msg.dt.sent_sg_entries = sg_entries_sent;
12332		}
12333
12334		/*
12335		 * Officially handover the request from us to peer.
12336		 * If failover has just happened, then we must return error.
12337		 * If failover happen just after, then it is not our problem.
12338		 */
12339		if (lun)
12340			mtx_lock(&lun->lun_lock);
12341		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12342			if (lun)
12343				mtx_unlock(&lun->lun_lock);
12344			io->io_hdr.port_status = 31342;
12345			io->scsiio.be_move_done(io);
12346			return;
12347		}
12348		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12349		if (lun)
12350			mtx_unlock(&lun->lun_lock);
12351	} else {
12352
12353		/*
12354		 * Lookup the fe_datamove() function for this particular
12355		 * front end.
12356		 */
12357		fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12358
12359		fe_datamove(io);
12360	}
12361}
12362
12363static void
12364ctl_send_datamove_done(union ctl_io *io, int have_lock)
12365{
12366	union ctl_ha_msg msg;
12367
12368	memset(&msg, 0, sizeof(msg));
12369
12370	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12371	msg.hdr.original_sc = io;
12372	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12373	msg.hdr.nexus = io->io_hdr.nexus;
12374	msg.hdr.status = io->io_hdr.status;
12375	msg.scsi.tag_num = io->scsiio.tag_num;
12376	msg.scsi.tag_type = io->scsiio.tag_type;
12377	msg.scsi.scsi_status = io->scsiio.scsi_status;
12378	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12379	       io->scsiio.sense_len);
12380	msg.scsi.sense_len = io->scsiio.sense_len;
12381	msg.scsi.sense_residual = io->scsiio.sense_residual;
12382	msg.scsi.fetd_status = io->io_hdr.port_status;
12383	msg.scsi.residual = io->scsiio.residual;
12384	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12385
12386	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12387		ctl_failover_io(io, /*have_lock*/ have_lock);
12388		return;
12389	}
12390
12391	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12392	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12393	    msg.scsi.sense_len, M_WAITOK);
12394}
12395
12396/*
12397 * The DMA to the remote side is done, now we need to tell the other side
12398 * we're done so it can continue with its data movement.
12399 */
12400static void
12401ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12402{
12403	union ctl_io *io;
12404	int i;
12405
12406	io = rq->context;
12407
12408	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12409		printf("%s: ISC DMA write failed with error %d", __func__,
12410		       rq->ret);
12411		ctl_set_internal_failure(&io->scsiio,
12412					 /*sks_valid*/ 1,
12413					 /*retry_count*/ rq->ret);
12414	}
12415
12416	ctl_dt_req_free(rq);
12417
12418	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12419		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12420	free(io->io_hdr.remote_sglist, M_CTL);
12421	io->io_hdr.remote_sglist = NULL;
12422	io->io_hdr.local_sglist = NULL;
12423
12424	/*
12425	 * The data is in local and remote memory, so now we need to send
12426	 * status (good or back) back to the other side.
12427	 */
12428	ctl_send_datamove_done(io, /*have_lock*/ 0);
12429}
12430
12431/*
12432 * We've moved the data from the host/controller into local memory.  Now we
12433 * need to push it over to the remote controller's memory.
12434 */
12435static int
12436ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12437{
12438	int retval;
12439
12440	retval = 0;
12441
12442	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12443					  ctl_datamove_remote_write_cb);
12444
12445	return (retval);
12446}
12447
12448static void
12449ctl_datamove_remote_write(union ctl_io *io)
12450{
12451	int retval;
12452	void (*fe_datamove)(union ctl_io *io);
12453
12454	/*
12455	 * - Get the data from the host/HBA into local memory.
12456	 * - DMA memory from the local controller to the remote controller.
12457	 * - Send status back to the remote controller.
12458	 */
12459
12460	retval = ctl_datamove_remote_sgl_setup(io);
12461	if (retval != 0)
12462		return;
12463
12464	/* Switch the pointer over so the FETD knows what to do */
12465	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12466
12467	/*
12468	 * Use a custom move done callback, since we need to send completion
12469	 * back to the other controller, not to the backend on this side.
12470	 */
12471	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12472
12473	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12474
12475	fe_datamove(io);
12476
12477	return;
12478
12479}
12480
12481static int
12482ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12483{
12484#if 0
12485	char str[256];
12486	char path_str[64];
12487	struct sbuf sb;
12488#endif
12489	int i;
12490
12491	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12492		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12493	free(io->io_hdr.remote_sglist, M_CTL);
12494	io->io_hdr.remote_sglist = NULL;
12495	io->io_hdr.local_sglist = NULL;
12496
12497#if 0
12498	scsi_path_string(io, path_str, sizeof(path_str));
12499	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12500	sbuf_cat(&sb, path_str);
12501	scsi_command_string(&io->scsiio, NULL, &sb);
12502	sbuf_printf(&sb, "\n");
12503	sbuf_cat(&sb, path_str);
12504	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12505		    io->scsiio.tag_num, io->scsiio.tag_type);
12506	sbuf_cat(&sb, path_str);
12507	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12508		    io->io_hdr.flags, io->io_hdr.status);
12509	sbuf_finish(&sb);
12510	printk("%s", sbuf_data(&sb));
12511#endif
12512
12513
12514	/*
12515	 * The read is done, now we need to send status (good or bad) back
12516	 * to the other side.
12517	 */
12518	ctl_send_datamove_done(io, /*have_lock*/ 0);
12519
12520	return (0);
12521}
12522
12523static void
12524ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12525{
12526	union ctl_io *io;
12527	void (*fe_datamove)(union ctl_io *io);
12528
12529	io = rq->context;
12530
12531	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12532		printf("%s: ISC DMA read failed with error %d\n", __func__,
12533		       rq->ret);
12534		ctl_set_internal_failure(&io->scsiio,
12535					 /*sks_valid*/ 1,
12536					 /*retry_count*/ rq->ret);
12537	}
12538
12539	ctl_dt_req_free(rq);
12540
12541	/* Switch the pointer over so the FETD knows what to do */
12542	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12543
12544	/*
12545	 * Use a custom move done callback, since we need to send completion
12546	 * back to the other controller, not to the backend on this side.
12547	 */
12548	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12549
12550	/* XXX KDM add checks like the ones in ctl_datamove? */
12551
12552	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12553
12554	fe_datamove(io);
12555}
12556
12557static int
12558ctl_datamove_remote_sgl_setup(union ctl_io *io)
12559{
12560	struct ctl_sg_entry *local_sglist, *remote_sglist;
12561	struct ctl_softc *softc;
12562	uint32_t len_to_go;
12563	int retval;
12564	int i;
12565
12566	retval = 0;
12567	softc = control_softc;
12568	local_sglist = io->io_hdr.local_sglist;
12569	remote_sglist = io->io_hdr.remote_sglist;
12570	len_to_go = io->scsiio.kern_data_len;
12571
12572	/*
12573	 * The difficult thing here is that the size of the various
12574	 * S/G segments may be different than the size from the
12575	 * remote controller.  That'll make it harder when DMAing
12576	 * the data back to the other side.
12577	 */
12578	for (i = 0; len_to_go > 0; i++) {
12579		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12580		local_sglist[i].addr =
12581		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12582
12583		len_to_go -= local_sglist[i].len;
12584	}
12585	/*
12586	 * Reset the number of S/G entries accordingly.  The original
12587	 * number of S/G entries is available in rem_sg_entries.
12588	 */
12589	io->scsiio.kern_sg_entries = i;
12590
12591#if 0
12592	printf("%s: kern_sg_entries = %d\n", __func__,
12593	       io->scsiio.kern_sg_entries);
12594	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12595		printf("%s: sg[%d] = %p, %d\n", __func__, i,
12596		       local_sglist[i].addr, local_sglist[i].len);
12597#endif
12598
12599	return (retval);
12600}
12601
12602static int
12603ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12604			 ctl_ha_dt_cb callback)
12605{
12606	struct ctl_ha_dt_req *rq;
12607	struct ctl_sg_entry *remote_sglist, *local_sglist;
12608	uint32_t local_used, remote_used, total_used;
12609	int i, j, isc_ret;
12610
12611	rq = ctl_dt_req_alloc();
12612
12613	/*
12614	 * If we failed to allocate the request, and if the DMA didn't fail
12615	 * anyway, set busy status.  This is just a resource allocation
12616	 * failure.
12617	 */
12618	if ((rq == NULL)
12619	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12620	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12621		ctl_set_busy(&io->scsiio);
12622
12623	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12624	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12625
12626		if (rq != NULL)
12627			ctl_dt_req_free(rq);
12628
12629		/*
12630		 * The data move failed.  We need to return status back
12631		 * to the other controller.  No point in trying to DMA
12632		 * data to the remote controller.
12633		 */
12634
12635		ctl_send_datamove_done(io, /*have_lock*/ 0);
12636
12637		return (1);
12638	}
12639
12640	local_sglist = io->io_hdr.local_sglist;
12641	remote_sglist = io->io_hdr.remote_sglist;
12642	local_used = 0;
12643	remote_used = 0;
12644	total_used = 0;
12645
12646	/*
12647	 * Pull/push the data over the wire from/to the other controller.
12648	 * This takes into account the possibility that the local and
12649	 * remote sglists may not be identical in terms of the size of
12650	 * the elements and the number of elements.
12651	 *
12652	 * One fundamental assumption here is that the length allocated for
12653	 * both the local and remote sglists is identical.  Otherwise, we've
12654	 * essentially got a coding error of some sort.
12655	 */
12656	isc_ret = CTL_HA_STATUS_SUCCESS;
12657	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12658		uint32_t cur_len;
12659		uint8_t *tmp_ptr;
12660
12661		rq->command = command;
12662		rq->context = io;
12663
12664		/*
12665		 * Both pointers should be aligned.  But it is possible
12666		 * that the allocation length is not.  They should both
12667		 * also have enough slack left over at the end, though,
12668		 * to round up to the next 8 byte boundary.
12669		 */
12670		cur_len = MIN(local_sglist[i].len - local_used,
12671			      remote_sglist[j].len - remote_used);
12672		rq->size = cur_len;
12673
12674		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12675		tmp_ptr += local_used;
12676
12677#if 0
12678		/* Use physical addresses when talking to ISC hardware */
12679		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12680			/* XXX KDM use busdma */
12681			rq->local = vtophys(tmp_ptr);
12682		} else
12683			rq->local = tmp_ptr;
12684#else
12685		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12686		    ("HA does not support BUS_ADDR"));
12687		rq->local = tmp_ptr;
12688#endif
12689
12690		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12691		tmp_ptr += remote_used;
12692		rq->remote = tmp_ptr;
12693
12694		rq->callback = NULL;
12695
12696		local_used += cur_len;
12697		if (local_used >= local_sglist[i].len) {
12698			i++;
12699			local_used = 0;
12700		}
12701
12702		remote_used += cur_len;
12703		if (remote_used >= remote_sglist[j].len) {
12704			j++;
12705			remote_used = 0;
12706		}
12707		total_used += cur_len;
12708
12709		if (total_used >= io->scsiio.kern_data_len)
12710			rq->callback = callback;
12711
12712#if 0
12713		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12714		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12715		       rq->local, rq->remote, rq->size);
12716#endif
12717
12718		isc_ret = ctl_dt_single(rq);
12719		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12720			break;
12721	}
12722	if (isc_ret != CTL_HA_STATUS_WAIT) {
12723		rq->ret = isc_ret;
12724		callback(rq);
12725	}
12726
12727	return (0);
12728}
12729
12730static void
12731ctl_datamove_remote_read(union ctl_io *io)
12732{
12733	int retval;
12734	int i;
12735
12736	/*
12737	 * This will send an error to the other controller in the case of a
12738	 * failure.
12739	 */
12740	retval = ctl_datamove_remote_sgl_setup(io);
12741	if (retval != 0)
12742		return;
12743
12744	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12745					  ctl_datamove_remote_read_cb);
12746	if (retval != 0) {
12747		/*
12748		 * Make sure we free memory if there was an error..  The
12749		 * ctl_datamove_remote_xfer() function will send the
12750		 * datamove done message, or call the callback with an
12751		 * error if there is a problem.
12752		 */
12753		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12754			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12755		free(io->io_hdr.remote_sglist, M_CTL);
12756		io->io_hdr.remote_sglist = NULL;
12757		io->io_hdr.local_sglist = NULL;
12758	}
12759
12760	return;
12761}
12762
12763/*
12764 * Process a datamove request from the other controller.  This is used for
12765 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12766 * first.  Once that is complete, the data gets DMAed into the remote
12767 * controller's memory.  For reads, we DMA from the remote controller's
12768 * memory into our memory first, and then move it out to the FETD.
12769 */
12770static void
12771ctl_datamove_remote(union ctl_io *io)
12772{
12773
12774	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12775
12776	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12777		ctl_failover_io(io, /*have_lock*/ 0);
12778		return;
12779	}
12780
12781	/*
12782	 * Note that we look for an aborted I/O here, but don't do some of
12783	 * the other checks that ctl_datamove() normally does.
12784	 * We don't need to run the datamove delay code, since that should
12785	 * have been done if need be on the other controller.
12786	 */
12787	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12788		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12789		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12790		       io->io_hdr.nexus.targ_port,
12791		       io->io_hdr.nexus.targ_lun);
12792		io->io_hdr.port_status = 31338;
12793		ctl_send_datamove_done(io, /*have_lock*/ 0);
12794		return;
12795	}
12796
12797	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12798		ctl_datamove_remote_write(io);
12799	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12800		ctl_datamove_remote_read(io);
12801	else {
12802		io->io_hdr.port_status = 31339;
12803		ctl_send_datamove_done(io, /*have_lock*/ 0);
12804	}
12805}
12806
12807static int
12808ctl_process_done(union ctl_io *io)
12809{
12810	struct ctl_lun *lun;
12811	struct ctl_softc *softc = control_softc;
12812	void (*fe_done)(union ctl_io *io);
12813	union ctl_ha_msg msg;
12814	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12815
12816	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12817
12818	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0)
12819		fe_done = softc->ctl_ports[targ_port]->fe_done;
12820	else
12821		fe_done = NULL;
12822
12823#ifdef CTL_TIME_IO
12824	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12825		char str[256];
12826		char path_str[64];
12827		struct sbuf sb;
12828
12829		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12830		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12831
12832		sbuf_cat(&sb, path_str);
12833		switch (io->io_hdr.io_type) {
12834		case CTL_IO_SCSI:
12835			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12836			sbuf_printf(&sb, "\n");
12837			sbuf_cat(&sb, path_str);
12838			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12839				    io->scsiio.tag_num, io->scsiio.tag_type);
12840			break;
12841		case CTL_IO_TASK:
12842			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12843				    "Tag Type: %d\n", io->taskio.task_action,
12844				    io->taskio.tag_num, io->taskio.tag_type);
12845			break;
12846		default:
12847			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12848			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12849			break;
12850		}
12851		sbuf_cat(&sb, path_str);
12852		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12853			    (intmax_t)time_uptime - io->io_hdr.start_time);
12854		sbuf_finish(&sb);
12855		printf("%s", sbuf_data(&sb));
12856	}
12857#endif /* CTL_TIME_IO */
12858
12859	switch (io->io_hdr.io_type) {
12860	case CTL_IO_SCSI:
12861		break;
12862	case CTL_IO_TASK:
12863		if (ctl_debug & CTL_DEBUG_INFO)
12864			ctl_io_error_print(io, NULL);
12865		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12866			ctl_free_io(io);
12867		else
12868			fe_done(io);
12869		return (CTL_RETVAL_COMPLETE);
12870	default:
12871		panic("ctl_process_done: invalid io type %d\n",
12872		      io->io_hdr.io_type);
12873		break; /* NOTREACHED */
12874	}
12875
12876	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12877	if (lun == NULL) {
12878		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12879				 io->io_hdr.nexus.targ_mapped_lun));
12880		goto bailout;
12881	}
12882
12883	mtx_lock(&lun->lun_lock);
12884
12885	/*
12886	 * Check to see if we have any errors to inject here.  We only
12887	 * inject errors for commands that don't already have errors set.
12888	 */
12889	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12890	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12891	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12892		ctl_inject_error(lun, io);
12893
12894	/*
12895	 * XXX KDM how do we treat commands that aren't completed
12896	 * successfully?
12897	 *
12898	 * XXX KDM should we also track I/O latency?
12899	 */
12900	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12901	    io->io_hdr.io_type == CTL_IO_SCSI) {
12902#ifdef CTL_TIME_IO
12903		struct bintime cur_bt;
12904#endif
12905		int type;
12906
12907		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12908		    CTL_FLAG_DATA_IN)
12909			type = CTL_STATS_READ;
12910		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12911		    CTL_FLAG_DATA_OUT)
12912			type = CTL_STATS_WRITE;
12913		else
12914			type = CTL_STATS_NO_IO;
12915
12916		lun->stats.ports[targ_port].bytes[type] +=
12917		    io->scsiio.kern_total_len;
12918		lun->stats.ports[targ_port].operations[type]++;
12919#ifdef CTL_TIME_IO
12920		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12921		   &io->io_hdr.dma_bt);
12922		lun->stats.ports[targ_port].num_dmas[type] +=
12923		    io->io_hdr.num_dmas;
12924		getbintime(&cur_bt);
12925		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12926		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12927#endif
12928	}
12929
12930	/*
12931	 * Remove this from the OOA queue.
12932	 */
12933	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12934#ifdef CTL_TIME_IO
12935	if (TAILQ_EMPTY(&lun->ooa_queue))
12936		lun->last_busy = getsbinuptime();
12937#endif
12938
12939	/*
12940	 * Run through the blocked queue on this LUN and see if anything
12941	 * has become unblocked, now that this transaction is done.
12942	 */
12943	ctl_check_blocked(lun);
12944
12945	/*
12946	 * If the LUN has been invalidated, free it if there is nothing
12947	 * left on its OOA queue.
12948	 */
12949	if ((lun->flags & CTL_LUN_INVALID)
12950	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12951		mtx_unlock(&lun->lun_lock);
12952		mtx_lock(&softc->ctl_lock);
12953		ctl_free_lun(lun);
12954		mtx_unlock(&softc->ctl_lock);
12955	} else
12956		mtx_unlock(&lun->lun_lock);
12957
12958bailout:
12959
12960	/*
12961	 * If this command has been aborted, make sure we set the status
12962	 * properly.  The FETD is responsible for freeing the I/O and doing
12963	 * whatever it needs to do to clean up its state.
12964	 */
12965	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12966		ctl_set_task_aborted(&io->scsiio);
12967
12968	/*
12969	 * If enabled, print command error status.
12970	 */
12971	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12972	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12973		ctl_io_error_print(io, NULL);
12974
12975	/*
12976	 * Tell the FETD or the other shelf controller we're done with this
12977	 * command.  Note that only SCSI commands get to this point.  Task
12978	 * management commands are completed above.
12979	 */
12980	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12981	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12982		memset(&msg, 0, sizeof(msg));
12983		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12984		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12985		msg.hdr.nexus = io->io_hdr.nexus;
12986		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12987		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12988		    M_WAITOK);
12989	}
12990	if ((softc->ha_mode == CTL_HA_MODE_XFER)
12991	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12992		memset(&msg, 0, sizeof(msg));
12993		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12994		msg.hdr.original_sc = io->io_hdr.original_sc;
12995		msg.hdr.nexus = io->io_hdr.nexus;
12996		msg.hdr.status = io->io_hdr.status;
12997		msg.scsi.scsi_status = io->scsiio.scsi_status;
12998		msg.scsi.tag_num = io->scsiio.tag_num;
12999		msg.scsi.tag_type = io->scsiio.tag_type;
13000		msg.scsi.sense_len = io->scsiio.sense_len;
13001		msg.scsi.sense_residual = io->scsiio.sense_residual;
13002		msg.scsi.residual = io->scsiio.residual;
13003		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13004		       io->scsiio.sense_len);
13005
13006		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13007		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
13008		    msg.scsi.sense_len, M_WAITOK);
13009		ctl_free_io(io);
13010	} else
13011		fe_done(io);
13012
13013	return (CTL_RETVAL_COMPLETE);
13014}
13015
13016#ifdef CTL_WITH_CA
13017/*
13018 * Front end should call this if it doesn't do autosense.  When the request
13019 * sense comes back in from the initiator, we'll dequeue this and send it.
13020 */
13021int
13022ctl_queue_sense(union ctl_io *io)
13023{
13024	struct ctl_lun *lun;
13025	struct ctl_port *port;
13026	struct ctl_softc *softc;
13027	uint32_t initidx, targ_lun;
13028
13029	softc = control_softc;
13030
13031	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13032
13033	/*
13034	 * LUN lookup will likely move to the ctl_work_thread() once we
13035	 * have our new queueing infrastructure (that doesn't put things on
13036	 * a per-LUN queue initially).  That is so that we can handle
13037	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13038	 * can't deal with that right now.
13039	 */
13040	mtx_lock(&softc->ctl_lock);
13041
13042	/*
13043	 * If we don't have a LUN for this, just toss the sense
13044	 * information.
13045	 */
13046	port = ctl_io_port(&ctsio->io_hdr);
13047	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13048	if ((targ_lun < CTL_MAX_LUNS)
13049	 && (softc->ctl_luns[targ_lun] != NULL))
13050		lun = softc->ctl_luns[targ_lun];
13051	else
13052		goto bailout;
13053
13054	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13055
13056	mtx_lock(&lun->lun_lock);
13057	/*
13058	 * Already have CA set for this LUN...toss the sense information.
13059	 */
13060	if (ctl_is_set(lun->have_ca, initidx)) {
13061		mtx_unlock(&lun->lun_lock);
13062		goto bailout;
13063	}
13064
13065	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13066	       MIN(sizeof(lun->pending_sense[initidx]),
13067	       sizeof(io->scsiio.sense_data)));
13068	ctl_set_mask(lun->have_ca, initidx);
13069	mtx_unlock(&lun->lun_lock);
13070
13071bailout:
13072	mtx_unlock(&softc->ctl_lock);
13073
13074	ctl_free_io(io);
13075
13076	return (CTL_RETVAL_COMPLETE);
13077}
13078#endif
13079
13080/*
13081 * Primary command inlet from frontend ports.  All SCSI and task I/O
13082 * requests must go through this function.
13083 */
13084int
13085ctl_queue(union ctl_io *io)
13086{
13087	struct ctl_port *port;
13088
13089	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13090
13091#ifdef CTL_TIME_IO
13092	io->io_hdr.start_time = time_uptime;
13093	getbintime(&io->io_hdr.start_bt);
13094#endif /* CTL_TIME_IO */
13095
13096	/* Map FE-specific LUN ID into global one. */
13097	port = ctl_io_port(&io->io_hdr);
13098	io->io_hdr.nexus.targ_mapped_lun =
13099	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13100
13101	switch (io->io_hdr.io_type) {
13102	case CTL_IO_SCSI:
13103	case CTL_IO_TASK:
13104		if (ctl_debug & CTL_DEBUG_CDB)
13105			ctl_io_print(io);
13106		ctl_enqueue_incoming(io);
13107		break;
13108	default:
13109		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13110		return (EINVAL);
13111	}
13112
13113	return (CTL_RETVAL_COMPLETE);
13114}
13115
13116#ifdef CTL_IO_DELAY
13117static void
13118ctl_done_timer_wakeup(void *arg)
13119{
13120	union ctl_io *io;
13121
13122	io = (union ctl_io *)arg;
13123	ctl_done(io);
13124}
13125#endif /* CTL_IO_DELAY */
13126
13127void
13128ctl_done(union ctl_io *io)
13129{
13130
13131	/*
13132	 * Enable this to catch duplicate completion issues.
13133	 */
13134#if 0
13135	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13136		printf("%s: type %d msg %d cdb %x iptl: "
13137		       "%u:%u:%u tag 0x%04x "
13138		       "flag %#x status %x\n",
13139			__func__,
13140			io->io_hdr.io_type,
13141			io->io_hdr.msg_type,
13142			io->scsiio.cdb[0],
13143			io->io_hdr.nexus.initid,
13144			io->io_hdr.nexus.targ_port,
13145			io->io_hdr.nexus.targ_lun,
13146			(io->io_hdr.io_type ==
13147			CTL_IO_TASK) ?
13148			io->taskio.tag_num :
13149			io->scsiio.tag_num,
13150		        io->io_hdr.flags,
13151			io->io_hdr.status);
13152	} else
13153		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13154#endif
13155
13156	/*
13157	 * This is an internal copy of an I/O, and should not go through
13158	 * the normal done processing logic.
13159	 */
13160	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13161		return;
13162
13163#ifdef CTL_IO_DELAY
13164	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13165		struct ctl_lun *lun;
13166
13167		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13168
13169		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13170	} else {
13171		struct ctl_lun *lun;
13172
13173		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13174
13175		if ((lun != NULL)
13176		 && (lun->delay_info.done_delay > 0)) {
13177
13178			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13179			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13180			callout_reset(&io->io_hdr.delay_callout,
13181				      lun->delay_info.done_delay * hz,
13182				      ctl_done_timer_wakeup, io);
13183			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13184				lun->delay_info.done_delay = 0;
13185			return;
13186		}
13187	}
13188#endif /* CTL_IO_DELAY */
13189
13190	ctl_enqueue_done(io);
13191}
13192
13193static void
13194ctl_work_thread(void *arg)
13195{
13196	struct ctl_thread *thr = (struct ctl_thread *)arg;
13197	struct ctl_softc *softc = thr->ctl_softc;
13198	union ctl_io *io;
13199	int retval;
13200
13201	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13202
13203	for (;;) {
13204		retval = 0;
13205
13206		/*
13207		 * We handle the queues in this order:
13208		 * - ISC
13209		 * - done queue (to free up resources, unblock other commands)
13210		 * - RtR queue
13211		 * - incoming queue
13212		 *
13213		 * If those queues are empty, we break out of the loop and
13214		 * go to sleep.
13215		 */
13216		mtx_lock(&thr->queue_lock);
13217		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13218		if (io != NULL) {
13219			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13220			mtx_unlock(&thr->queue_lock);
13221			ctl_handle_isc(io);
13222			continue;
13223		}
13224		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13225		if (io != NULL) {
13226			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13227			/* clear any blocked commands, call fe_done */
13228			mtx_unlock(&thr->queue_lock);
13229			retval = ctl_process_done(io);
13230			continue;
13231		}
13232		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13233		if (io != NULL) {
13234			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13235			mtx_unlock(&thr->queue_lock);
13236			if (io->io_hdr.io_type == CTL_IO_TASK)
13237				ctl_run_task(io);
13238			else
13239				ctl_scsiio_precheck(softc, &io->scsiio);
13240			continue;
13241		}
13242		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13243		if (io != NULL) {
13244			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13245			mtx_unlock(&thr->queue_lock);
13246			retval = ctl_scsiio(&io->scsiio);
13247			if (retval != CTL_RETVAL_COMPLETE)
13248				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13249			continue;
13250		}
13251
13252		/* Sleep until we have something to do. */
13253		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13254	}
13255}
13256
13257static void
13258ctl_lun_thread(void *arg)
13259{
13260	struct ctl_softc *softc = (struct ctl_softc *)arg;
13261	struct ctl_be_lun *be_lun;
13262	int retval;
13263
13264	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13265
13266	for (;;) {
13267		retval = 0;
13268		mtx_lock(&softc->ctl_lock);
13269		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13270		if (be_lun != NULL) {
13271			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13272			mtx_unlock(&softc->ctl_lock);
13273			ctl_create_lun(be_lun);
13274			continue;
13275		}
13276
13277		/* Sleep until we have something to do. */
13278		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13279		    PDROP | PRIBIO, "-", 0);
13280	}
13281}
13282
13283static void
13284ctl_thresh_thread(void *arg)
13285{
13286	struct ctl_softc *softc = (struct ctl_softc *)arg;
13287	struct ctl_lun *lun;
13288	struct ctl_be_lun *be_lun;
13289	struct scsi_da_rw_recovery_page *rwpage;
13290	struct ctl_logical_block_provisioning_page *page;
13291	const char *attr;
13292	union ctl_ha_msg msg;
13293	uint64_t thres, val;
13294	int i, e, set;
13295
13296	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13297
13298	for (;;) {
13299		mtx_lock(&softc->ctl_lock);
13300		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13301			be_lun = lun->be_lun;
13302			if ((lun->flags & CTL_LUN_DISABLED) ||
13303			    (lun->flags & CTL_LUN_OFFLINE) ||
13304			    lun->backend->lun_attr == NULL)
13305				continue;
13306			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13307			    softc->ha_mode == CTL_HA_MODE_XFER)
13308				continue;
13309			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13310			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13311				continue;
13312			e = 0;
13313			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13314			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13315				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13316					continue;
13317				thres = scsi_4btoul(page->descr[i].count);
13318				thres <<= CTL_LBP_EXPONENT;
13319				switch (page->descr[i].resource) {
13320				case 0x01:
13321					attr = "blocksavail";
13322					break;
13323				case 0x02:
13324					attr = "blocksused";
13325					break;
13326				case 0xf1:
13327					attr = "poolblocksavail";
13328					break;
13329				case 0xf2:
13330					attr = "poolblocksused";
13331					break;
13332				default:
13333					continue;
13334				}
13335				mtx_unlock(&softc->ctl_lock); // XXX
13336				val = lun->backend->lun_attr(
13337				    lun->be_lun->be_lun, attr);
13338				mtx_lock(&softc->ctl_lock);
13339				if (val == UINT64_MAX)
13340					continue;
13341				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13342				    == SLBPPD_ARMING_INC)
13343					e |= (val >= thres);
13344				else
13345					e |= (val <= thres);
13346			}
13347			mtx_lock(&lun->lun_lock);
13348			if (e) {
13349				if (lun->lasttpt == 0 ||
13350				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13351					lun->lasttpt = time_uptime;
13352					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13353					set = 1;
13354				} else
13355					set = 0;
13356			} else {
13357				lun->lasttpt = 0;
13358				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13359				set = -1;
13360			}
13361			mtx_unlock(&lun->lun_lock);
13362			if (set != 0 &&
13363			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13364				/* Send msg to other side. */
13365				bzero(&msg.ua, sizeof(msg.ua));
13366				msg.hdr.msg_type = CTL_MSG_UA;
13367				msg.hdr.nexus.initid = -1;
13368				msg.hdr.nexus.targ_port = -1;
13369				msg.hdr.nexus.targ_lun = lun->lun;
13370				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13371				msg.ua.ua_all = 1;
13372				msg.ua.ua_set = (set > 0);
13373				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13374				mtx_unlock(&softc->ctl_lock); // XXX
13375				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13376				    sizeof(msg.ua), M_WAITOK);
13377				mtx_lock(&softc->ctl_lock);
13378			}
13379		}
13380		mtx_unlock(&softc->ctl_lock);
13381		pause("-", CTL_LBP_PERIOD * hz);
13382	}
13383}
13384
13385static void
13386ctl_enqueue_incoming(union ctl_io *io)
13387{
13388	struct ctl_softc *softc = control_softc;
13389	struct ctl_thread *thr;
13390	u_int idx;
13391
13392	idx = (io->io_hdr.nexus.targ_port * 127 +
13393	       io->io_hdr.nexus.initid) % worker_threads;
13394	thr = &softc->threads[idx];
13395	mtx_lock(&thr->queue_lock);
13396	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13397	mtx_unlock(&thr->queue_lock);
13398	wakeup(thr);
13399}
13400
13401static void
13402ctl_enqueue_rtr(union ctl_io *io)
13403{
13404	struct ctl_softc *softc = control_softc;
13405	struct ctl_thread *thr;
13406
13407	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13408	mtx_lock(&thr->queue_lock);
13409	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13410	mtx_unlock(&thr->queue_lock);
13411	wakeup(thr);
13412}
13413
13414static void
13415ctl_enqueue_done(union ctl_io *io)
13416{
13417	struct ctl_softc *softc = control_softc;
13418	struct ctl_thread *thr;
13419
13420	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13421	mtx_lock(&thr->queue_lock);
13422	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13423	mtx_unlock(&thr->queue_lock);
13424	wakeup(thr);
13425}
13426
13427static void
13428ctl_enqueue_isc(union ctl_io *io)
13429{
13430	struct ctl_softc *softc = control_softc;
13431	struct ctl_thread *thr;
13432
13433	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13434	mtx_lock(&thr->queue_lock);
13435	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13436	mtx_unlock(&thr->queue_lock);
13437	wakeup(thr);
13438}
13439
13440/*
13441 *  vim: ts=8
13442 */
13443