ctl.c revision 288779 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288779 2015-10-05 10:45:33Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264const static struct scsi_info_exceptions_page ie_page_default = {
265	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
266	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
267	/*info_flags*/SIEP_FLAGS_DEXCPT,
268	/*mrie*/0,
269	/*interval_timer*/{0, 0, 0, 0},
270	/*report_count*/{0, 0, 0, 0}
271};
272
273const static struct scsi_info_exceptions_page ie_page_changeable = {
274	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
275	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
276	/*info_flags*/0,
277	/*mrie*/0,
278	/*interval_timer*/{0, 0, 0, 0},
279	/*report_count*/{0, 0, 0, 0}
280};
281
282#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
283
284const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
286	/*subpage_code*/0x02,
287	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
288	/*flags*/0,
289	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
290	/*descr*/{}},
291	{{/*flags*/0,
292	  /*resource*/0x01,
293	  /*reserved*/{0, 0},
294	  /*count*/{0, 0, 0, 0}},
295	 {/*flags*/0,
296	  /*resource*/0x02,
297	  /*reserved*/{0, 0},
298	  /*count*/{0, 0, 0, 0}},
299	 {/*flags*/0,
300	  /*resource*/0xf1,
301	  /*reserved*/{0, 0},
302	  /*count*/{0, 0, 0, 0}},
303	 {/*flags*/0,
304	  /*resource*/0xf2,
305	  /*reserved*/{0, 0},
306	  /*count*/{0, 0, 0, 0}}
307	}
308};
309
310const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
311	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
312	/*subpage_code*/0x02,
313	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
314	/*flags*/0,
315	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
316	/*descr*/{}},
317	{{/*flags*/0,
318	  /*resource*/0,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}},
325	 {/*flags*/0,
326	  /*resource*/0,
327	  /*reserved*/{0, 0},
328	  /*count*/{0, 0, 0, 0}},
329	 {/*flags*/0,
330	  /*resource*/0,
331	  /*reserved*/{0, 0},
332	  /*count*/{0, 0, 0, 0}}
333	}
334};
335
336SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
337static int worker_threads = -1;
338TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
339SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
340    &worker_threads, 1, "Number of worker threads");
341static int ctl_debug = CTL_DEBUG_NONE;
342TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
343SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
344    &ctl_debug, 0, "Enabled debug flags");
345
346/*
347 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
348 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
349 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
350 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
351 */
352#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
353
354static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
355				  int param);
356static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
357static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
358static int ctl_init(void);
359void ctl_shutdown(void);
360static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
361static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
362static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
363static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
364			      struct ctl_ooa *ooa_hdr,
365			      struct ctl_ooa_entry *kern_entries);
366static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
367		     struct thread *td);
368static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
369			 struct ctl_be_lun *be_lun);
370static int ctl_free_lun(struct ctl_lun *lun);
371static void ctl_create_lun(struct ctl_be_lun *be_lun);
372static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
373
374static int ctl_do_mode_select(union ctl_io *io);
375static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
376			   uint64_t res_key, uint64_t sa_res_key,
377			   uint8_t type, uint32_t residx,
378			   struct ctl_scsiio *ctsio,
379			   struct scsi_per_res_out *cdb,
380			   struct scsi_per_res_out_parms* param);
381static void ctl_pro_preempt_other(struct ctl_lun *lun,
382				  union ctl_ha_msg *msg);
383static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
384static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
385static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
386static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
387static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
388static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
389static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
390					 int alloc_len);
391static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
392					 int alloc_len);
393static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
394static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
395static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
396static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
397static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
398static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
399    bool seq);
400static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
401static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
402    union ctl_io *pending_io, union ctl_io *ooa_io);
403static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
404				union ctl_io *starting_io);
405static int ctl_check_blocked(struct ctl_lun *lun);
406static int ctl_scsiio_lun_check(struct ctl_lun *lun,
407				const struct ctl_cmd_entry *entry,
408				struct ctl_scsiio *ctsio);
409static void ctl_failover_lun(struct ctl_lun *lun);
410static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
411			       struct ctl_scsiio *ctsio);
412static int ctl_scsiio(struct ctl_scsiio *ctsio);
413
414static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
415static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
416			    ctl_ua_type ua_type);
417static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
418			 ctl_ua_type ua_type);
419static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
420static int ctl_abort_task(union ctl_io *io);
421static int ctl_abort_task_set(union ctl_io *io);
422static int ctl_query_task(union ctl_io *io, int task_set);
423static int ctl_i_t_nexus_reset(union ctl_io *io);
424static int ctl_query_async_event(union ctl_io *io);
425static void ctl_run_task(union ctl_io *io);
426#ifdef CTL_IO_DELAY
427static void ctl_datamove_timer_wakeup(void *arg);
428static void ctl_done_timer_wakeup(void *arg);
429#endif /* CTL_IO_DELAY */
430
431static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
432static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
433static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
434static void ctl_datamove_remote_write(union ctl_io *io);
435static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
436static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
437static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
438static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
439				    ctl_ha_dt_cb callback);
440static void ctl_datamove_remote_read(union ctl_io *io);
441static void ctl_datamove_remote(union ctl_io *io);
442static int ctl_process_done(union ctl_io *io);
443static void ctl_lun_thread(void *arg);
444static void ctl_thresh_thread(void *arg);
445static void ctl_work_thread(void *arg);
446static void ctl_enqueue_incoming(union ctl_io *io);
447static void ctl_enqueue_rtr(union ctl_io *io);
448static void ctl_enqueue_done(union ctl_io *io);
449static void ctl_enqueue_isc(union ctl_io *io);
450static const struct ctl_cmd_entry *
451    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
452static const struct ctl_cmd_entry *
453    ctl_validate_command(struct ctl_scsiio *ctsio);
454static int ctl_cmd_applicable(uint8_t lun_type,
455    const struct ctl_cmd_entry *entry);
456
457static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
458static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
459static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
460static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
461
462/*
463 * Load the serialization table.  This isn't very pretty, but is probably
464 * the easiest way to do it.
465 */
466#include "ctl_ser_table.c"
467
468/*
469 * We only need to define open, close and ioctl routines for this driver.
470 */
471static struct cdevsw ctl_cdevsw = {
472	.d_version =	D_VERSION,
473	.d_flags =	0,
474	.d_open =	ctl_open,
475	.d_close =	ctl_close,
476	.d_ioctl =	ctl_ioctl,
477	.d_name =	"ctl",
478};
479
480
481MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
482
483static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
484
485static moduledata_t ctl_moduledata = {
486	"ctl",
487	ctl_module_event_handler,
488	NULL
489};
490
491DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
492MODULE_VERSION(ctl, 1);
493
494static struct ctl_frontend ha_frontend =
495{
496	.name = "ha",
497};
498
499static void
500ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
501			    union ctl_ha_msg *msg_info)
502{
503	struct ctl_scsiio *ctsio;
504
505	if (msg_info->hdr.original_sc == NULL) {
506		printf("%s: original_sc == NULL!\n", __func__);
507		/* XXX KDM now what? */
508		return;
509	}
510
511	ctsio = &msg_info->hdr.original_sc->scsiio;
512	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
513	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
514	ctsio->io_hdr.status = msg_info->hdr.status;
515	ctsio->scsi_status = msg_info->scsi.scsi_status;
516	ctsio->sense_len = msg_info->scsi.sense_len;
517	ctsio->sense_residual = msg_info->scsi.sense_residual;
518	ctsio->residual = msg_info->scsi.residual;
519	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
520	       msg_info->scsi.sense_len);
521	ctl_enqueue_isc((union ctl_io *)ctsio);
522}
523
524static void
525ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
526				union ctl_ha_msg *msg_info)
527{
528	struct ctl_scsiio *ctsio;
529
530	if (msg_info->hdr.serializing_sc == NULL) {
531		printf("%s: serializing_sc == NULL!\n", __func__);
532		/* XXX KDM now what? */
533		return;
534	}
535
536	ctsio = &msg_info->hdr.serializing_sc->scsiio;
537	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
538	ctl_enqueue_isc((union ctl_io *)ctsio);
539}
540
541void
542ctl_isc_announce_lun(struct ctl_lun *lun)
543{
544	struct ctl_softc *softc = lun->ctl_softc;
545	union ctl_ha_msg *msg;
546	struct ctl_ha_msg_lun_pr_key pr_key;
547	int i, k;
548
549	if (softc->ha_link != CTL_HA_LINK_ONLINE)
550		return;
551	mtx_lock(&lun->lun_lock);
552	i = sizeof(msg->lun);
553	if (lun->lun_devid)
554		i += lun->lun_devid->len;
555	i += sizeof(pr_key) * lun->pr_key_count;
556alloc:
557	mtx_unlock(&lun->lun_lock);
558	msg = malloc(i, M_CTL, M_WAITOK);
559	mtx_lock(&lun->lun_lock);
560	k = sizeof(msg->lun);
561	if (lun->lun_devid)
562		k += lun->lun_devid->len;
563	k += sizeof(pr_key) * lun->pr_key_count;
564	if (i < k) {
565		free(msg, M_CTL);
566		i = k;
567		goto alloc;
568	}
569	bzero(&msg->lun, sizeof(msg->lun));
570	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
571	msg->hdr.nexus.targ_lun = lun->lun;
572	msg->hdr.nexus.targ_mapped_lun = lun->lun;
573	msg->lun.flags = lun->flags;
574	msg->lun.pr_generation = lun->PRGeneration;
575	msg->lun.pr_res_idx = lun->pr_res_idx;
576	msg->lun.pr_res_type = lun->res_type;
577	msg->lun.pr_key_count = lun->pr_key_count;
578	i = 0;
579	if (lun->lun_devid) {
580		msg->lun.lun_devid_len = lun->lun_devid->len;
581		memcpy(&msg->lun.data[i], lun->lun_devid->data,
582		    msg->lun.lun_devid_len);
583		i += msg->lun.lun_devid_len;
584	}
585	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
586		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
587			continue;
588		pr_key.pr_iid = k;
589		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
590		i += sizeof(pr_key);
591	}
592	mtx_unlock(&lun->lun_lock);
593	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
594	    M_WAITOK);
595	free(msg, M_CTL);
596}
597
598void
599ctl_isc_announce_port(struct ctl_port *port)
600{
601	struct ctl_softc *softc = control_softc;
602	union ctl_ha_msg *msg;
603	int i;
604
605	if (port->targ_port < softc->port_min ||
606	    port->targ_port >= softc->port_max ||
607	    softc->ha_link != CTL_HA_LINK_ONLINE)
608		return;
609	i = sizeof(msg->port) + strlen(port->port_name) + 1;
610	if (port->lun_map)
611		i += sizeof(uint32_t) * CTL_MAX_LUNS;
612	if (port->port_devid)
613		i += port->port_devid->len;
614	if (port->target_devid)
615		i += port->target_devid->len;
616	if (port->init_devid)
617		i += port->init_devid->len;
618	msg = malloc(i, M_CTL, M_WAITOK);
619	bzero(&msg->port, sizeof(msg->port));
620	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
621	msg->hdr.nexus.targ_port = port->targ_port;
622	msg->port.port_type = port->port_type;
623	msg->port.physical_port = port->physical_port;
624	msg->port.virtual_port = port->virtual_port;
625	msg->port.status = port->status;
626	i = 0;
627	msg->port.name_len = sprintf(&msg->port.data[i],
628	    "%d:%s", softc->ha_id, port->port_name) + 1;
629	i += msg->port.name_len;
630	if (port->lun_map) {
631		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
632		memcpy(&msg->port.data[i], port->lun_map,
633		    msg->port.lun_map_len);
634		i += msg->port.lun_map_len;
635	}
636	if (port->port_devid) {
637		msg->port.port_devid_len = port->port_devid->len;
638		memcpy(&msg->port.data[i], port->port_devid->data,
639		    msg->port.port_devid_len);
640		i += msg->port.port_devid_len;
641	}
642	if (port->target_devid) {
643		msg->port.target_devid_len = port->target_devid->len;
644		memcpy(&msg->port.data[i], port->target_devid->data,
645		    msg->port.target_devid_len);
646		i += msg->port.target_devid_len;
647	}
648	if (port->init_devid) {
649		msg->port.init_devid_len = port->init_devid->len;
650		memcpy(&msg->port.data[i], port->init_devid->data,
651		    msg->port.init_devid_len);
652		i += msg->port.init_devid_len;
653	}
654	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
655	    M_WAITOK);
656	free(msg, M_CTL);
657}
658
659void
660ctl_isc_announce_iid(struct ctl_port *port, int iid)
661{
662	struct ctl_softc *softc = control_softc;
663	union ctl_ha_msg *msg;
664	int i, l;
665
666	if (port->targ_port < softc->port_min ||
667	    port->targ_port >= softc->port_max ||
668	    softc->ha_link != CTL_HA_LINK_ONLINE)
669		return;
670	mtx_lock(&softc->ctl_lock);
671	i = sizeof(msg->iid);
672	l = 0;
673	if (port->wwpn_iid[iid].name)
674		l = strlen(port->wwpn_iid[iid].name) + 1;
675	i += l;
676	msg = malloc(i, M_CTL, M_NOWAIT);
677	if (msg == NULL) {
678		mtx_unlock(&softc->ctl_lock);
679		return;
680	}
681	bzero(&msg->iid, sizeof(msg->iid));
682	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
683	msg->hdr.nexus.targ_port = port->targ_port;
684	msg->hdr.nexus.initid = iid;
685	msg->iid.in_use = port->wwpn_iid[iid].in_use;
686	msg->iid.name_len = l;
687	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
688	if (port->wwpn_iid[iid].name)
689		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
690	mtx_unlock(&softc->ctl_lock);
691	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
692	free(msg, M_CTL);
693}
694
695static void
696ctl_isc_ha_link_up(struct ctl_softc *softc)
697{
698	struct ctl_port *port;
699	struct ctl_lun *lun;
700	int i;
701
702	STAILQ_FOREACH(port, &softc->port_list, links) {
703		ctl_isc_announce_port(port);
704		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
705			if (port->wwpn_iid[i].in_use)
706				ctl_isc_announce_iid(port, i);
707		}
708	}
709	STAILQ_FOREACH(lun, &softc->lun_list, links)
710		ctl_isc_announce_lun(lun);
711}
712
713static void
714ctl_isc_ha_link_down(struct ctl_softc *softc)
715{
716	struct ctl_port *port;
717	struct ctl_lun *lun;
718	union ctl_io *io;
719	int i;
720
721	mtx_lock(&softc->ctl_lock);
722	STAILQ_FOREACH(lun, &softc->lun_list, links) {
723		mtx_lock(&lun->lun_lock);
724		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
725			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
726			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
727		}
728		mtx_unlock(&lun->lun_lock);
729
730		mtx_unlock(&softc->ctl_lock);
731		io = ctl_alloc_io(softc->othersc_pool);
732		mtx_lock(&softc->ctl_lock);
733		ctl_zero_io(io);
734		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
735		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
736		ctl_enqueue_isc(io);
737	}
738
739	STAILQ_FOREACH(port, &softc->port_list, links) {
740		if (port->targ_port >= softc->port_min &&
741		    port->targ_port < softc->port_max)
742			continue;
743		port->status &= ~CTL_PORT_STATUS_ONLINE;
744		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
745			port->wwpn_iid[i].in_use = 0;
746			free(port->wwpn_iid[i].name, M_CTL);
747			port->wwpn_iid[i].name = NULL;
748		}
749	}
750	mtx_unlock(&softc->ctl_lock);
751}
752
753static void
754ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
755{
756	struct ctl_lun *lun;
757	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
758
759	mtx_lock(&softc->ctl_lock);
760	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
761	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
762		mtx_lock(&lun->lun_lock);
763		mtx_unlock(&softc->ctl_lock);
764		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
765		    msg->ua.ua_set)
766			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
767		if (msg->ua.ua_all) {
768			if (msg->ua.ua_set)
769				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
770			else
771				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
772		} else {
773			if (msg->ua.ua_set)
774				ctl_est_ua(lun, iid, msg->ua.ua_type);
775			else
776				ctl_clr_ua(lun, iid, msg->ua.ua_type);
777		}
778		mtx_unlock(&lun->lun_lock);
779	} else
780		mtx_unlock(&softc->ctl_lock);
781}
782
783static void
784ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
785{
786	struct ctl_lun *lun;
787	struct ctl_ha_msg_lun_pr_key pr_key;
788	int i, k;
789	ctl_lun_flags oflags;
790	uint32_t targ_lun;
791
792	targ_lun = msg->hdr.nexus.targ_mapped_lun;
793	mtx_lock(&softc->ctl_lock);
794	if ((targ_lun >= CTL_MAX_LUNS) ||
795	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
796		mtx_unlock(&softc->ctl_lock);
797		return;
798	}
799	mtx_lock(&lun->lun_lock);
800	mtx_unlock(&softc->ctl_lock);
801	if (lun->flags & CTL_LUN_DISABLED) {
802		mtx_unlock(&lun->lun_lock);
803		return;
804	}
805	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
806	if (msg->lun.lun_devid_len != i || (i > 0 &&
807	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
808		mtx_unlock(&lun->lun_lock);
809		printf("%s: Received conflicting HA LUN %d\n",
810		    __func__, msg->hdr.nexus.targ_lun);
811		return;
812	} else {
813		/* Record whether peer is primary. */
814		oflags = lun->flags;
815		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
816		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
817			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
818		else
819			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
820		if (oflags != lun->flags)
821			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
822
823		/* If peer is primary and we are not -- use data */
824		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
825		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
826			lun->PRGeneration = msg->lun.pr_generation;
827			lun->pr_res_idx = msg->lun.pr_res_idx;
828			lun->res_type = msg->lun.pr_res_type;
829			lun->pr_key_count = msg->lun.pr_key_count;
830			for (k = 0; k < CTL_MAX_INITIATORS; k++)
831				ctl_clr_prkey(lun, k);
832			for (k = 0; k < msg->lun.pr_key_count; k++) {
833				memcpy(&pr_key, &msg->lun.data[i],
834				    sizeof(pr_key));
835				ctl_alloc_prkey(lun, pr_key.pr_iid);
836				ctl_set_prkey(lun, pr_key.pr_iid,
837				    pr_key.pr_key);
838				i += sizeof(pr_key);
839			}
840		}
841
842		mtx_unlock(&lun->lun_lock);
843		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
844		    __func__, msg->hdr.nexus.targ_lun,
845		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
846		    "primary" : "secondary"));
847
848		/* If we are primary but peer doesn't know -- notify */
849		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
850		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
851			ctl_isc_announce_lun(lun);
852	}
853}
854
855static void
856ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
857{
858	struct ctl_port *port;
859	struct ctl_lun *lun;
860	int i, new;
861
862	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
863	if (port == NULL) {
864		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
865		    msg->hdr.nexus.targ_port));
866		new = 1;
867		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
868		port->frontend = &ha_frontend;
869		port->targ_port = msg->hdr.nexus.targ_port;
870	} else if (port->frontend == &ha_frontend) {
871		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
872		    msg->hdr.nexus.targ_port));
873		new = 0;
874	} else {
875		printf("%s: Received conflicting HA port %d\n",
876		    __func__, msg->hdr.nexus.targ_port);
877		return;
878	}
879	port->port_type = msg->port.port_type;
880	port->physical_port = msg->port.physical_port;
881	port->virtual_port = msg->port.virtual_port;
882	port->status = msg->port.status;
883	i = 0;
884	free(port->port_name, M_CTL);
885	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
886	    M_CTL);
887	i += msg->port.name_len;
888	if (msg->port.lun_map_len != 0) {
889		if (port->lun_map == NULL)
890			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
891			    M_CTL, M_WAITOK);
892		memcpy(port->lun_map, &msg->port.data[i],
893		    sizeof(uint32_t) * CTL_MAX_LUNS);
894		i += msg->port.lun_map_len;
895	} else {
896		free(port->lun_map, M_CTL);
897		port->lun_map = NULL;
898	}
899	if (msg->port.port_devid_len != 0) {
900		if (port->port_devid == NULL ||
901		    port->port_devid->len != msg->port.port_devid_len) {
902			free(port->port_devid, M_CTL);
903			port->port_devid = malloc(sizeof(struct ctl_devid) +
904			    msg->port.port_devid_len, M_CTL, M_WAITOK);
905		}
906		memcpy(port->port_devid->data, &msg->port.data[i],
907		    msg->port.port_devid_len);
908		port->port_devid->len = msg->port.port_devid_len;
909		i += msg->port.port_devid_len;
910	} else {
911		free(port->port_devid, M_CTL);
912		port->port_devid = NULL;
913	}
914	if (msg->port.target_devid_len != 0) {
915		if (port->target_devid == NULL ||
916		    port->target_devid->len != msg->port.target_devid_len) {
917			free(port->target_devid, M_CTL);
918			port->target_devid = malloc(sizeof(struct ctl_devid) +
919			    msg->port.target_devid_len, M_CTL, M_WAITOK);
920		}
921		memcpy(port->target_devid->data, &msg->port.data[i],
922		    msg->port.target_devid_len);
923		port->target_devid->len = msg->port.target_devid_len;
924		i += msg->port.target_devid_len;
925	} else {
926		free(port->target_devid, M_CTL);
927		port->target_devid = NULL;
928	}
929	if (msg->port.init_devid_len != 0) {
930		if (port->init_devid == NULL ||
931		    port->init_devid->len != msg->port.init_devid_len) {
932			free(port->init_devid, M_CTL);
933			port->init_devid = malloc(sizeof(struct ctl_devid) +
934			    msg->port.init_devid_len, M_CTL, M_WAITOK);
935		}
936		memcpy(port->init_devid->data, &msg->port.data[i],
937		    msg->port.init_devid_len);
938		port->init_devid->len = msg->port.init_devid_len;
939		i += msg->port.init_devid_len;
940	} else {
941		free(port->init_devid, M_CTL);
942		port->init_devid = NULL;
943	}
944	if (new) {
945		if (ctl_port_register(port) != 0) {
946			printf("%s: ctl_port_register() failed with error\n",
947			    __func__);
948		}
949	}
950	mtx_lock(&softc->ctl_lock);
951	STAILQ_FOREACH(lun, &softc->lun_list, links) {
952		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
953			continue;
954		mtx_lock(&lun->lun_lock);
955		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
956		mtx_unlock(&lun->lun_lock);
957	}
958	mtx_unlock(&softc->ctl_lock);
959}
960
961static void
962ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
963{
964	struct ctl_port *port;
965	int iid;
966
967	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
968	if (port == NULL) {
969		printf("%s: Received IID for unknown port %d\n",
970		    __func__, msg->hdr.nexus.targ_port);
971		return;
972	}
973	iid = msg->hdr.nexus.initid;
974	port->wwpn_iid[iid].in_use = msg->iid.in_use;
975	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
976	free(port->wwpn_iid[iid].name, M_CTL);
977	if (msg->iid.name_len) {
978		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
979		    msg->iid.name_len, M_CTL);
980	} else
981		port->wwpn_iid[iid].name = NULL;
982}
983
984/*
985 * ISC (Inter Shelf Communication) event handler.  Events from the HA
986 * subsystem come in here.
987 */
988static void
989ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
990{
991	struct ctl_softc *softc;
992	union ctl_io *io;
993	struct ctl_prio *presio;
994	ctl_ha_status isc_status;
995
996	softc = control_softc;
997	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
998	if (event == CTL_HA_EVT_MSG_RECV) {
999		union ctl_ha_msg *msg, msgbuf;
1000
1001		if (param > sizeof(msgbuf))
1002			msg = malloc(param, M_CTL, M_WAITOK);
1003		else
1004			msg = &msgbuf;
1005		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1006		    M_WAITOK);
1007		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1008			printf("%s: Error receiving message: %d\n",
1009			    __func__, isc_status);
1010			if (msg != &msgbuf)
1011				free(msg, M_CTL);
1012			return;
1013		}
1014
1015		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1016		switch (msg->hdr.msg_type) {
1017		case CTL_MSG_SERIALIZE:
1018			io = ctl_alloc_io(softc->othersc_pool);
1019			ctl_zero_io(io);
1020			// populate ctsio from msg
1021			io->io_hdr.io_type = CTL_IO_SCSI;
1022			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1023			io->io_hdr.original_sc = msg->hdr.original_sc;
1024			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1025					    CTL_FLAG_IO_ACTIVE;
1026			/*
1027			 * If we're in serialization-only mode, we don't
1028			 * want to go through full done processing.  Thus
1029			 * the COPY flag.
1030			 *
1031			 * XXX KDM add another flag that is more specific.
1032			 */
1033			if (softc->ha_mode != CTL_HA_MODE_XFER)
1034				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1035			io->io_hdr.nexus = msg->hdr.nexus;
1036#if 0
1037			printf("port %u, iid %u, lun %u\n",
1038			       io->io_hdr.nexus.targ_port,
1039			       io->io_hdr.nexus.initid,
1040			       io->io_hdr.nexus.targ_lun);
1041#endif
1042			io->scsiio.tag_num = msg->scsi.tag_num;
1043			io->scsiio.tag_type = msg->scsi.tag_type;
1044#ifdef CTL_TIME_IO
1045			io->io_hdr.start_time = time_uptime;
1046			getbintime(&io->io_hdr.start_bt);
1047#endif /* CTL_TIME_IO */
1048			io->scsiio.cdb_len = msg->scsi.cdb_len;
1049			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1050			       CTL_MAX_CDBLEN);
1051			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1052				const struct ctl_cmd_entry *entry;
1053
1054				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1055				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1056				io->io_hdr.flags |=
1057					entry->flags & CTL_FLAG_DATA_MASK;
1058			}
1059			ctl_enqueue_isc(io);
1060			break;
1061
1062		/* Performed on the Originating SC, XFER mode only */
1063		case CTL_MSG_DATAMOVE: {
1064			struct ctl_sg_entry *sgl;
1065			int i, j;
1066
1067			io = msg->hdr.original_sc;
1068			if (io == NULL) {
1069				printf("%s: original_sc == NULL!\n", __func__);
1070				/* XXX KDM do something here */
1071				break;
1072			}
1073			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1074			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1075			/*
1076			 * Keep track of this, we need to send it back over
1077			 * when the datamove is complete.
1078			 */
1079			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1080			if (msg->hdr.status == CTL_SUCCESS)
1081				io->io_hdr.status = msg->hdr.status;
1082
1083			if (msg->dt.sg_sequence == 0) {
1084				i = msg->dt.kern_sg_entries +
1085				    msg->dt.kern_data_len /
1086				    CTL_HA_DATAMOVE_SEGMENT + 1;
1087				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1088				    M_WAITOK | M_ZERO);
1089				io->io_hdr.remote_sglist = sgl;
1090				io->io_hdr.local_sglist =
1091				    &sgl[msg->dt.kern_sg_entries];
1092
1093				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1094
1095				io->scsiio.kern_sg_entries =
1096					msg->dt.kern_sg_entries;
1097				io->scsiio.rem_sg_entries =
1098					msg->dt.kern_sg_entries;
1099				io->scsiio.kern_data_len =
1100					msg->dt.kern_data_len;
1101				io->scsiio.kern_total_len =
1102					msg->dt.kern_total_len;
1103				io->scsiio.kern_data_resid =
1104					msg->dt.kern_data_resid;
1105				io->scsiio.kern_rel_offset =
1106					msg->dt.kern_rel_offset;
1107				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1108				io->io_hdr.flags |= msg->dt.flags &
1109				    CTL_FLAG_BUS_ADDR;
1110			} else
1111				sgl = (struct ctl_sg_entry *)
1112					io->scsiio.kern_data_ptr;
1113
1114			for (i = msg->dt.sent_sg_entries, j = 0;
1115			     i < (msg->dt.sent_sg_entries +
1116			     msg->dt.cur_sg_entries); i++, j++) {
1117				sgl[i].addr = msg->dt.sg_list[j].addr;
1118				sgl[i].len = msg->dt.sg_list[j].len;
1119
1120#if 0
1121				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1122				    __func__, sgl[i].addr, sgl[i].len, j, i);
1123#endif
1124			}
1125
1126			/*
1127			 * If this is the last piece of the I/O, we've got
1128			 * the full S/G list.  Queue processing in the thread.
1129			 * Otherwise wait for the next piece.
1130			 */
1131			if (msg->dt.sg_last != 0)
1132				ctl_enqueue_isc(io);
1133			break;
1134		}
1135		/* Performed on the Serializing (primary) SC, XFER mode only */
1136		case CTL_MSG_DATAMOVE_DONE: {
1137			if (msg->hdr.serializing_sc == NULL) {
1138				printf("%s: serializing_sc == NULL!\n",
1139				       __func__);
1140				/* XXX KDM now what? */
1141				break;
1142			}
1143			/*
1144			 * We grab the sense information here in case
1145			 * there was a failure, so we can return status
1146			 * back to the initiator.
1147			 */
1148			io = msg->hdr.serializing_sc;
1149			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1150			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1151			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1152			io->io_hdr.port_status = msg->scsi.fetd_status;
1153			io->scsiio.residual = msg->scsi.residual;
1154			if (msg->hdr.status != CTL_STATUS_NONE) {
1155				io->io_hdr.status = msg->hdr.status;
1156				io->scsiio.scsi_status = msg->scsi.scsi_status;
1157				io->scsiio.sense_len = msg->scsi.sense_len;
1158				io->scsiio.sense_residual =msg->scsi.sense_residual;
1159				memcpy(&io->scsiio.sense_data,
1160				    &msg->scsi.sense_data,
1161				    msg->scsi.sense_len);
1162				if (msg->hdr.status == CTL_SUCCESS)
1163					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1164			}
1165			ctl_enqueue_isc(io);
1166			break;
1167		}
1168
1169		/* Preformed on Originating SC, SER_ONLY mode */
1170		case CTL_MSG_R2R:
1171			io = msg->hdr.original_sc;
1172			if (io == NULL) {
1173				printf("%s: original_sc == NULL!\n",
1174				    __func__);
1175				break;
1176			}
1177			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1178			io->io_hdr.msg_type = CTL_MSG_R2R;
1179			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1180			ctl_enqueue_isc(io);
1181			break;
1182
1183		/*
1184		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1185		 * mode.
1186		 * Performed on the Originating (i.e. secondary) SC in XFER
1187		 * mode
1188		 */
1189		case CTL_MSG_FINISH_IO:
1190			if (softc->ha_mode == CTL_HA_MODE_XFER)
1191				ctl_isc_handler_finish_xfer(softc, msg);
1192			else
1193				ctl_isc_handler_finish_ser_only(softc, msg);
1194			break;
1195
1196		/* Preformed on Originating SC */
1197		case CTL_MSG_BAD_JUJU:
1198			io = msg->hdr.original_sc;
1199			if (io == NULL) {
1200				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1201				       __func__);
1202				break;
1203			}
1204			ctl_copy_sense_data(msg, io);
1205			/*
1206			 * IO should have already been cleaned up on other
1207			 * SC so clear this flag so we won't send a message
1208			 * back to finish the IO there.
1209			 */
1210			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1211			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1212
1213			/* io = msg->hdr.serializing_sc; */
1214			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1215			ctl_enqueue_isc(io);
1216			break;
1217
1218		/* Handle resets sent from the other side */
1219		case CTL_MSG_MANAGE_TASKS: {
1220			struct ctl_taskio *taskio;
1221			taskio = (struct ctl_taskio *)ctl_alloc_io(
1222			    softc->othersc_pool);
1223			ctl_zero_io((union ctl_io *)taskio);
1224			taskio->io_hdr.io_type = CTL_IO_TASK;
1225			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1226			taskio->io_hdr.nexus = msg->hdr.nexus;
1227			taskio->task_action = msg->task.task_action;
1228			taskio->tag_num = msg->task.tag_num;
1229			taskio->tag_type = msg->task.tag_type;
1230#ifdef CTL_TIME_IO
1231			taskio->io_hdr.start_time = time_uptime;
1232			getbintime(&taskio->io_hdr.start_bt);
1233#endif /* CTL_TIME_IO */
1234			ctl_run_task((union ctl_io *)taskio);
1235			break;
1236		}
1237		/* Persistent Reserve action which needs attention */
1238		case CTL_MSG_PERS_ACTION:
1239			presio = (struct ctl_prio *)ctl_alloc_io(
1240			    softc->othersc_pool);
1241			ctl_zero_io((union ctl_io *)presio);
1242			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1243			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1244			presio->io_hdr.nexus = msg->hdr.nexus;
1245			presio->pr_msg = msg->pr;
1246			ctl_enqueue_isc((union ctl_io *)presio);
1247			break;
1248		case CTL_MSG_UA:
1249			ctl_isc_ua(softc, msg, param);
1250			break;
1251		case CTL_MSG_PORT_SYNC:
1252			ctl_isc_port_sync(softc, msg, param);
1253			break;
1254		case CTL_MSG_LUN_SYNC:
1255			ctl_isc_lun_sync(softc, msg, param);
1256			break;
1257		case CTL_MSG_IID_SYNC:
1258			ctl_isc_iid_sync(softc, msg, param);
1259			break;
1260		default:
1261			printf("Received HA message of unknown type %d\n",
1262			    msg->hdr.msg_type);
1263			break;
1264		}
1265		if (msg != &msgbuf)
1266			free(msg, M_CTL);
1267	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1268		printf("CTL: HA link status changed from %d to %d\n",
1269		    softc->ha_link, param);
1270		if (param == softc->ha_link)
1271			return;
1272		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1273			softc->ha_link = param;
1274			ctl_isc_ha_link_down(softc);
1275		} else {
1276			softc->ha_link = param;
1277			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1278				ctl_isc_ha_link_up(softc);
1279		}
1280		return;
1281	} else {
1282		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1283		return;
1284	}
1285}
1286
1287static void
1288ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1289{
1290
1291	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1292	    src->scsi.sense_len);
1293	dest->scsiio.scsi_status = src->scsi.scsi_status;
1294	dest->scsiio.sense_len = src->scsi.sense_len;
1295	dest->io_hdr.status = src->hdr.status;
1296}
1297
1298static void
1299ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1300{
1301
1302	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1303	    src->scsiio.sense_len);
1304	dest->scsi.scsi_status = src->scsiio.scsi_status;
1305	dest->scsi.sense_len = src->scsiio.sense_len;
1306	dest->hdr.status = src->io_hdr.status;
1307}
1308
1309void
1310ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1311{
1312	struct ctl_softc *softc = lun->ctl_softc;
1313	ctl_ua_type *pu;
1314
1315	if (initidx < softc->init_min || initidx >= softc->init_max)
1316		return;
1317	mtx_assert(&lun->lun_lock, MA_OWNED);
1318	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1319	if (pu == NULL)
1320		return;
1321	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1322}
1323
1324void
1325ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1326{
1327	int i;
1328
1329	mtx_assert(&lun->lun_lock, MA_OWNED);
1330	if (lun->pending_ua[port] == NULL)
1331		return;
1332	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1333		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1334			continue;
1335		lun->pending_ua[port][i] |= ua;
1336	}
1337}
1338
1339void
1340ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1341{
1342	struct ctl_softc *softc = lun->ctl_softc;
1343	int i;
1344
1345	mtx_assert(&lun->lun_lock, MA_OWNED);
1346	for (i = softc->port_min; i < softc->port_max; i++)
1347		ctl_est_ua_port(lun, i, except, ua);
1348}
1349
1350void
1351ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1352{
1353	struct ctl_softc *softc = lun->ctl_softc;
1354	ctl_ua_type *pu;
1355
1356	if (initidx < softc->init_min || initidx >= softc->init_max)
1357		return;
1358	mtx_assert(&lun->lun_lock, MA_OWNED);
1359	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1360	if (pu == NULL)
1361		return;
1362	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1363}
1364
1365void
1366ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1367{
1368	struct ctl_softc *softc = lun->ctl_softc;
1369	int i, j;
1370
1371	mtx_assert(&lun->lun_lock, MA_OWNED);
1372	for (i = softc->port_min; i < softc->port_max; i++) {
1373		if (lun->pending_ua[i] == NULL)
1374			continue;
1375		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1376			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1377				continue;
1378			lun->pending_ua[i][j] &= ~ua;
1379		}
1380	}
1381}
1382
1383void
1384ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1385    ctl_ua_type ua_type)
1386{
1387	struct ctl_lun *lun;
1388
1389	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1390	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1391		mtx_lock(&lun->lun_lock);
1392		ctl_clr_ua(lun, initidx, ua_type);
1393		mtx_unlock(&lun->lun_lock);
1394	}
1395}
1396
1397static int
1398ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1399{
1400	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1401	struct ctl_lun *lun;
1402	struct ctl_lun_req ireq;
1403	int error, value;
1404
1405	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1406	error = sysctl_handle_int(oidp, &value, 0, req);
1407	if ((error != 0) || (req->newptr == NULL))
1408		return (error);
1409
1410	mtx_lock(&softc->ctl_lock);
1411	if (value == 0)
1412		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1413	else
1414		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1415	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1416		mtx_unlock(&softc->ctl_lock);
1417		bzero(&ireq, sizeof(ireq));
1418		ireq.reqtype = CTL_LUNREQ_MODIFY;
1419		ireq.reqdata.modify.lun_id = lun->lun;
1420		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1421		    curthread);
1422		if (ireq.status != CTL_LUN_OK) {
1423			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1424			    __func__, ireq.status, ireq.error_str);
1425		}
1426		mtx_lock(&softc->ctl_lock);
1427	}
1428	mtx_unlock(&softc->ctl_lock);
1429	return (0);
1430}
1431
1432static int
1433ctl_init(void)
1434{
1435	struct ctl_softc *softc;
1436	void *other_pool;
1437	int i, error, retval;
1438
1439	retval = 0;
1440	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1441			       M_WAITOK | M_ZERO);
1442	softc = control_softc;
1443
1444	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1445			      "cam/ctl");
1446
1447	softc->dev->si_drv1 = softc;
1448
1449	sysctl_ctx_init(&softc->sysctl_ctx);
1450	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1451		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1452		CTLFLAG_RD, 0, "CAM Target Layer");
1453
1454	if (softc->sysctl_tree == NULL) {
1455		printf("%s: unable to allocate sysctl tree\n", __func__);
1456		destroy_dev(softc->dev);
1457		free(control_softc, M_DEVBUF);
1458		control_softc = NULL;
1459		return (ENOMEM);
1460	}
1461
1462	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1463	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1464	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1465	softc->open_count = 0;
1466
1467	/*
1468	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1469	 * the drive.
1470	 */
1471	softc->flags = CTL_FLAG_REAL_SYNC;
1472
1473	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1474	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1475	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1476
1477	/*
1478	 * In Copan's HA scheme, the "master" and "slave" roles are
1479	 * figured out through the slot the controller is in.  Although it
1480	 * is an active/active system, someone has to be in charge.
1481	 */
1482	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1483	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1484	    "HA head ID (0 - no HA)");
1485	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1486		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1487		softc->is_single = 1;
1488		softc->port_cnt = CTL_MAX_PORTS;
1489		softc->port_min = 0;
1490	} else {
1491		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1492		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1493	}
1494	softc->port_max = softc->port_min + softc->port_cnt;
1495	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1496	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1497
1498	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1499	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1500	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1501
1502	STAILQ_INIT(&softc->lun_list);
1503	STAILQ_INIT(&softc->pending_lun_queue);
1504	STAILQ_INIT(&softc->fe_list);
1505	STAILQ_INIT(&softc->port_list);
1506	STAILQ_INIT(&softc->be_list);
1507	ctl_tpc_init(softc);
1508
1509	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1510	                    &other_pool) != 0)
1511	{
1512		printf("ctl: can't allocate %d entry other SC pool, "
1513		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1514		return (ENOMEM);
1515	}
1516	softc->othersc_pool = other_pool;
1517
1518	if (worker_threads <= 0)
1519		worker_threads = max(1, mp_ncpus / 4);
1520	if (worker_threads > CTL_MAX_THREADS)
1521		worker_threads = CTL_MAX_THREADS;
1522
1523	for (i = 0; i < worker_threads; i++) {
1524		struct ctl_thread *thr = &softc->threads[i];
1525
1526		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1527		thr->ctl_softc = softc;
1528		STAILQ_INIT(&thr->incoming_queue);
1529		STAILQ_INIT(&thr->rtr_queue);
1530		STAILQ_INIT(&thr->done_queue);
1531		STAILQ_INIT(&thr->isc_queue);
1532
1533		error = kproc_kthread_add(ctl_work_thread, thr,
1534		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1535		if (error != 0) {
1536			printf("error creating CTL work thread!\n");
1537			ctl_pool_free(other_pool);
1538			return (error);
1539		}
1540	}
1541	error = kproc_kthread_add(ctl_lun_thread, softc,
1542	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1543	if (error != 0) {
1544		printf("error creating CTL lun thread!\n");
1545		ctl_pool_free(other_pool);
1546		return (error);
1547	}
1548	error = kproc_kthread_add(ctl_thresh_thread, softc,
1549	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1550	if (error != 0) {
1551		printf("error creating CTL threshold thread!\n");
1552		ctl_pool_free(other_pool);
1553		return (error);
1554	}
1555
1556	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1557	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1558	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1559
1560	if (softc->is_single == 0) {
1561		ctl_frontend_register(&ha_frontend);
1562		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1563			printf("ctl_init: ctl_ha_msg_init failed.\n");
1564			softc->is_single = 1;
1565		} else
1566		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1567		    != CTL_HA_STATUS_SUCCESS) {
1568			printf("ctl_init: ctl_ha_msg_register failed.\n");
1569			softc->is_single = 1;
1570		}
1571	}
1572	return (0);
1573}
1574
1575void
1576ctl_shutdown(void)
1577{
1578	struct ctl_softc *softc;
1579	struct ctl_lun *lun, *next_lun;
1580
1581	softc = (struct ctl_softc *)control_softc;
1582
1583	if (softc->is_single == 0) {
1584		ctl_ha_msg_shutdown(softc);
1585		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1586		    != CTL_HA_STATUS_SUCCESS)
1587			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1588		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1589			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1590		ctl_frontend_deregister(&ha_frontend);
1591	}
1592
1593	mtx_lock(&softc->ctl_lock);
1594
1595	/*
1596	 * Free up each LUN.
1597	 */
1598	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1599		next_lun = STAILQ_NEXT(lun, links);
1600		ctl_free_lun(lun);
1601	}
1602
1603	mtx_unlock(&softc->ctl_lock);
1604
1605#if 0
1606	ctl_shutdown_thread(softc->work_thread);
1607	mtx_destroy(&softc->queue_lock);
1608#endif
1609
1610	ctl_tpc_shutdown(softc);
1611	uma_zdestroy(softc->io_zone);
1612	mtx_destroy(&softc->ctl_lock);
1613
1614	destroy_dev(softc->dev);
1615
1616	sysctl_ctx_free(&softc->sysctl_ctx);
1617
1618	free(control_softc, M_DEVBUF);
1619	control_softc = NULL;
1620}
1621
1622static int
1623ctl_module_event_handler(module_t mod, int what, void *arg)
1624{
1625
1626	switch (what) {
1627	case MOD_LOAD:
1628		return (ctl_init());
1629	case MOD_UNLOAD:
1630		return (EBUSY);
1631	default:
1632		return (EOPNOTSUPP);
1633	}
1634}
1635
1636/*
1637 * XXX KDM should we do some access checks here?  Bump a reference count to
1638 * prevent a CTL module from being unloaded while someone has it open?
1639 */
1640static int
1641ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1642{
1643	return (0);
1644}
1645
1646static int
1647ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1648{
1649	return (0);
1650}
1651
1652/*
1653 * Remove an initiator by port number and initiator ID.
1654 * Returns 0 for success, -1 for failure.
1655 */
1656int
1657ctl_remove_initiator(struct ctl_port *port, int iid)
1658{
1659	struct ctl_softc *softc = control_softc;
1660
1661	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1662
1663	if (iid > CTL_MAX_INIT_PER_PORT) {
1664		printf("%s: initiator ID %u > maximun %u!\n",
1665		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1666		return (-1);
1667	}
1668
1669	mtx_lock(&softc->ctl_lock);
1670	port->wwpn_iid[iid].in_use--;
1671	port->wwpn_iid[iid].last_use = time_uptime;
1672	mtx_unlock(&softc->ctl_lock);
1673	ctl_isc_announce_iid(port, iid);
1674
1675	return (0);
1676}
1677
1678/*
1679 * Add an initiator to the initiator map.
1680 * Returns iid for success, < 0 for failure.
1681 */
1682int
1683ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1684{
1685	struct ctl_softc *softc = control_softc;
1686	time_t best_time;
1687	int i, best;
1688
1689	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1690
1691	if (iid >= CTL_MAX_INIT_PER_PORT) {
1692		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1693		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1694		free(name, M_CTL);
1695		return (-1);
1696	}
1697
1698	mtx_lock(&softc->ctl_lock);
1699
1700	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1701		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1702			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1703				iid = i;
1704				break;
1705			}
1706			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1707			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1708				iid = i;
1709				break;
1710			}
1711		}
1712	}
1713
1714	if (iid < 0) {
1715		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1716			if (port->wwpn_iid[i].in_use == 0 &&
1717			    port->wwpn_iid[i].wwpn == 0 &&
1718			    port->wwpn_iid[i].name == NULL) {
1719				iid = i;
1720				break;
1721			}
1722		}
1723	}
1724
1725	if (iid < 0) {
1726		best = -1;
1727		best_time = INT32_MAX;
1728		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1729			if (port->wwpn_iid[i].in_use == 0) {
1730				if (port->wwpn_iid[i].last_use < best_time) {
1731					best = i;
1732					best_time = port->wwpn_iid[i].last_use;
1733				}
1734			}
1735		}
1736		iid = best;
1737	}
1738
1739	if (iid < 0) {
1740		mtx_unlock(&softc->ctl_lock);
1741		free(name, M_CTL);
1742		return (-2);
1743	}
1744
1745	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1746		/*
1747		 * This is not an error yet.
1748		 */
1749		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1750#if 0
1751			printf("%s: port %d iid %u WWPN %#jx arrived"
1752			    " again\n", __func__, port->targ_port,
1753			    iid, (uintmax_t)wwpn);
1754#endif
1755			goto take;
1756		}
1757		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1758		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1759#if 0
1760			printf("%s: port %d iid %u name '%s' arrived"
1761			    " again\n", __func__, port->targ_port,
1762			    iid, name);
1763#endif
1764			goto take;
1765		}
1766
1767		/*
1768		 * This is an error, but what do we do about it?  The
1769		 * driver is telling us we have a new WWPN for this
1770		 * initiator ID, so we pretty much need to use it.
1771		 */
1772		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1773		    " but WWPN %#jx '%s' is still at that address\n",
1774		    __func__, port->targ_port, iid, wwpn, name,
1775		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1776		    port->wwpn_iid[iid].name);
1777
1778		/*
1779		 * XXX KDM clear have_ca and ua_pending on each LUN for
1780		 * this initiator.
1781		 */
1782	}
1783take:
1784	free(port->wwpn_iid[iid].name, M_CTL);
1785	port->wwpn_iid[iid].name = name;
1786	port->wwpn_iid[iid].wwpn = wwpn;
1787	port->wwpn_iid[iid].in_use++;
1788	mtx_unlock(&softc->ctl_lock);
1789	ctl_isc_announce_iid(port, iid);
1790
1791	return (iid);
1792}
1793
1794static int
1795ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1796{
1797	int len;
1798
1799	switch (port->port_type) {
1800	case CTL_PORT_FC:
1801	{
1802		struct scsi_transportid_fcp *id =
1803		    (struct scsi_transportid_fcp *)buf;
1804		if (port->wwpn_iid[iid].wwpn == 0)
1805			return (0);
1806		memset(id, 0, sizeof(*id));
1807		id->format_protocol = SCSI_PROTO_FC;
1808		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1809		return (sizeof(*id));
1810	}
1811	case CTL_PORT_ISCSI:
1812	{
1813		struct scsi_transportid_iscsi_port *id =
1814		    (struct scsi_transportid_iscsi_port *)buf;
1815		if (port->wwpn_iid[iid].name == NULL)
1816			return (0);
1817		memset(id, 0, 256);
1818		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1819		    SCSI_PROTO_ISCSI;
1820		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1821		len = roundup2(min(len, 252), 4);
1822		scsi_ulto2b(len, id->additional_length);
1823		return (sizeof(*id) + len);
1824	}
1825	case CTL_PORT_SAS:
1826	{
1827		struct scsi_transportid_sas *id =
1828		    (struct scsi_transportid_sas *)buf;
1829		if (port->wwpn_iid[iid].wwpn == 0)
1830			return (0);
1831		memset(id, 0, sizeof(*id));
1832		id->format_protocol = SCSI_PROTO_SAS;
1833		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1834		return (sizeof(*id));
1835	}
1836	default:
1837	{
1838		struct scsi_transportid_spi *id =
1839		    (struct scsi_transportid_spi *)buf;
1840		memset(id, 0, sizeof(*id));
1841		id->format_protocol = SCSI_PROTO_SPI;
1842		scsi_ulto2b(iid, id->scsi_addr);
1843		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1844		return (sizeof(*id));
1845	}
1846	}
1847}
1848
1849/*
1850 * Serialize a command that went down the "wrong" side, and so was sent to
1851 * this controller for execution.  The logic is a little different than the
1852 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1853 * sent back to the other side, but in the success case, we execute the
1854 * command on this side (XFER mode) or tell the other side to execute it
1855 * (SER_ONLY mode).
1856 */
1857static int
1858ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1859{
1860	struct ctl_softc *softc;
1861	union ctl_ha_msg msg_info;
1862	struct ctl_lun *lun;
1863	const struct ctl_cmd_entry *entry;
1864	int retval = 0;
1865	uint32_t targ_lun;
1866
1867	softc = control_softc;
1868
1869	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1870	mtx_lock(&softc->ctl_lock);
1871	if ((targ_lun < CTL_MAX_LUNS) &&
1872	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
1873		mtx_lock(&lun->lun_lock);
1874		mtx_unlock(&softc->ctl_lock);
1875		/*
1876		 * If the LUN is invalid, pretend that it doesn't exist.
1877		 * It will go away as soon as all pending I/O has been
1878		 * completed.
1879		 */
1880		if (lun->flags & CTL_LUN_DISABLED) {
1881			mtx_unlock(&lun->lun_lock);
1882			lun = NULL;
1883		}
1884	} else {
1885		mtx_unlock(&softc->ctl_lock);
1886		lun = NULL;
1887	}
1888	if (lun == NULL) {
1889		/*
1890		 * The other node would not send this request to us unless
1891		 * received announce that we are primary node for this LUN.
1892		 * If this LUN does not exist now, it is probably result of
1893		 * a race, so respond to initiator in the most opaque way.
1894		 */
1895		ctl_set_busy(ctsio);
1896		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1897		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1898		msg_info.hdr.serializing_sc = NULL;
1899		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1900		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1901		    sizeof(msg_info.scsi), M_WAITOK);
1902		return(1);
1903	}
1904
1905	entry = ctl_get_cmd_entry(ctsio, NULL);
1906	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
1907		mtx_unlock(&lun->lun_lock);
1908		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1909		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1910		msg_info.hdr.serializing_sc = NULL;
1911		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1912		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1913		    sizeof(msg_info.scsi), M_WAITOK);
1914		return(1);
1915	}
1916
1917	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
1918	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
1919
1920	/*
1921	 * Every I/O goes into the OOA queue for a
1922	 * particular LUN, and stays there until completion.
1923	 */
1924#ifdef CTL_TIME_IO
1925	if (TAILQ_EMPTY(&lun->ooa_queue))
1926		lun->idle_time += getsbinuptime() - lun->last_busy;
1927#endif
1928	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1929
1930	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1931		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1932		 ooa_links))) {
1933	case CTL_ACTION_BLOCK:
1934		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1935		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1936				  blocked_links);
1937		mtx_unlock(&lun->lun_lock);
1938		break;
1939	case CTL_ACTION_PASS:
1940	case CTL_ACTION_SKIP:
1941		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1942			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1943			ctl_enqueue_rtr((union ctl_io *)ctsio);
1944			mtx_unlock(&lun->lun_lock);
1945		} else {
1946			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
1947			mtx_unlock(&lun->lun_lock);
1948
1949			/* send msg back to other side */
1950			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1951			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1952			msg_info.hdr.msg_type = CTL_MSG_R2R;
1953			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1954			    sizeof(msg_info.hdr), M_WAITOK);
1955		}
1956		break;
1957	case CTL_ACTION_OVERLAP:
1958		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1959		mtx_unlock(&lun->lun_lock);
1960		retval = 1;
1961
1962		ctl_set_overlapped_cmd(ctsio);
1963		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1964		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1965		msg_info.hdr.serializing_sc = NULL;
1966		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1967		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1968		    sizeof(msg_info.scsi), M_WAITOK);
1969		break;
1970	case CTL_ACTION_OVERLAP_TAG:
1971		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1972		mtx_unlock(&lun->lun_lock);
1973		retval = 1;
1974		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
1975		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1976		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1977		msg_info.hdr.serializing_sc = NULL;
1978		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1979		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1980		    sizeof(msg_info.scsi), M_WAITOK);
1981		break;
1982	case CTL_ACTION_ERROR:
1983	default:
1984		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1985		mtx_unlock(&lun->lun_lock);
1986		retval = 1;
1987
1988		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
1989					 /*retry_count*/ 0);
1990		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1991		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1992		msg_info.hdr.serializing_sc = NULL;
1993		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1994		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1995		    sizeof(msg_info.scsi), M_WAITOK);
1996		break;
1997	}
1998	return (retval);
1999}
2000
2001/*
2002 * Returns 0 for success, errno for failure.
2003 */
2004static int
2005ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2006		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2007{
2008	union ctl_io *io;
2009	int retval;
2010
2011	retval = 0;
2012
2013	mtx_lock(&lun->lun_lock);
2014	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2015	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2016	     ooa_links)) {
2017		struct ctl_ooa_entry *entry;
2018
2019		/*
2020		 * If we've got more than we can fit, just count the
2021		 * remaining entries.
2022		 */
2023		if (*cur_fill_num >= ooa_hdr->alloc_num)
2024			continue;
2025
2026		entry = &kern_entries[*cur_fill_num];
2027
2028		entry->tag_num = io->scsiio.tag_num;
2029		entry->lun_num = lun->lun;
2030#ifdef CTL_TIME_IO
2031		entry->start_bt = io->io_hdr.start_bt;
2032#endif
2033		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2034		entry->cdb_len = io->scsiio.cdb_len;
2035		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2036			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2037
2038		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2039			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2040
2041		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2042			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2043
2044		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2045			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2046
2047		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2048			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2049	}
2050	mtx_unlock(&lun->lun_lock);
2051
2052	return (retval);
2053}
2054
2055static void *
2056ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2057		 size_t error_str_len)
2058{
2059	void *kptr;
2060
2061	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2062
2063	if (copyin(user_addr, kptr, len) != 0) {
2064		snprintf(error_str, error_str_len, "Error copying %d bytes "
2065			 "from user address %p to kernel address %p", len,
2066			 user_addr, kptr);
2067		free(kptr, M_CTL);
2068		return (NULL);
2069	}
2070
2071	return (kptr);
2072}
2073
2074static void
2075ctl_free_args(int num_args, struct ctl_be_arg *args)
2076{
2077	int i;
2078
2079	if (args == NULL)
2080		return;
2081
2082	for (i = 0; i < num_args; i++) {
2083		free(args[i].kname, M_CTL);
2084		free(args[i].kvalue, M_CTL);
2085	}
2086
2087	free(args, M_CTL);
2088}
2089
2090static struct ctl_be_arg *
2091ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2092		char *error_str, size_t error_str_len)
2093{
2094	struct ctl_be_arg *args;
2095	int i;
2096
2097	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2098				error_str, error_str_len);
2099
2100	if (args == NULL)
2101		goto bailout;
2102
2103	for (i = 0; i < num_args; i++) {
2104		args[i].kname = NULL;
2105		args[i].kvalue = NULL;
2106	}
2107
2108	for (i = 0; i < num_args; i++) {
2109		uint8_t *tmpptr;
2110
2111		args[i].kname = ctl_copyin_alloc(args[i].name,
2112			args[i].namelen, error_str, error_str_len);
2113		if (args[i].kname == NULL)
2114			goto bailout;
2115
2116		if (args[i].kname[args[i].namelen - 1] != '\0') {
2117			snprintf(error_str, error_str_len, "Argument %d "
2118				 "name is not NUL-terminated", i);
2119			goto bailout;
2120		}
2121
2122		if (args[i].flags & CTL_BEARG_RD) {
2123			tmpptr = ctl_copyin_alloc(args[i].value,
2124				args[i].vallen, error_str, error_str_len);
2125			if (tmpptr == NULL)
2126				goto bailout;
2127			if ((args[i].flags & CTL_BEARG_ASCII)
2128			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2129				snprintf(error_str, error_str_len, "Argument "
2130				    "%d value is not NUL-terminated", i);
2131				goto bailout;
2132			}
2133			args[i].kvalue = tmpptr;
2134		} else {
2135			args[i].kvalue = malloc(args[i].vallen,
2136			    M_CTL, M_WAITOK | M_ZERO);
2137		}
2138	}
2139
2140	return (args);
2141bailout:
2142
2143	ctl_free_args(num_args, args);
2144
2145	return (NULL);
2146}
2147
2148static void
2149ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2150{
2151	int i;
2152
2153	for (i = 0; i < num_args; i++) {
2154		if (args[i].flags & CTL_BEARG_WR)
2155			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2156	}
2157}
2158
2159/*
2160 * Escape characters that are illegal or not recommended in XML.
2161 */
2162int
2163ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2164{
2165	char *end = str + size;
2166	int retval;
2167
2168	retval = 0;
2169
2170	for (; *str && str < end; str++) {
2171		switch (*str) {
2172		case '&':
2173			retval = sbuf_printf(sb, "&amp;");
2174			break;
2175		case '>':
2176			retval = sbuf_printf(sb, "&gt;");
2177			break;
2178		case '<':
2179			retval = sbuf_printf(sb, "&lt;");
2180			break;
2181		default:
2182			retval = sbuf_putc(sb, *str);
2183			break;
2184		}
2185
2186		if (retval != 0)
2187			break;
2188
2189	}
2190
2191	return (retval);
2192}
2193
2194static void
2195ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2196{
2197	struct scsi_vpd_id_descriptor *desc;
2198	int i;
2199
2200	if (id == NULL || id->len < 4)
2201		return;
2202	desc = (struct scsi_vpd_id_descriptor *)id->data;
2203	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2204	case SVPD_ID_TYPE_T10:
2205		sbuf_printf(sb, "t10.");
2206		break;
2207	case SVPD_ID_TYPE_EUI64:
2208		sbuf_printf(sb, "eui.");
2209		break;
2210	case SVPD_ID_TYPE_NAA:
2211		sbuf_printf(sb, "naa.");
2212		break;
2213	case SVPD_ID_TYPE_SCSI_NAME:
2214		break;
2215	}
2216	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2217	case SVPD_ID_CODESET_BINARY:
2218		for (i = 0; i < desc->length; i++)
2219			sbuf_printf(sb, "%02x", desc->identifier[i]);
2220		break;
2221	case SVPD_ID_CODESET_ASCII:
2222		sbuf_printf(sb, "%.*s", (int)desc->length,
2223		    (char *)desc->identifier);
2224		break;
2225	case SVPD_ID_CODESET_UTF8:
2226		sbuf_printf(sb, "%s", (char *)desc->identifier);
2227		break;
2228	}
2229}
2230
2231static int
2232ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2233	  struct thread *td)
2234{
2235	struct ctl_softc *softc;
2236	struct ctl_lun *lun;
2237	int retval;
2238
2239	softc = control_softc;
2240
2241	retval = 0;
2242
2243	switch (cmd) {
2244	case CTL_IO:
2245		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2246		break;
2247	case CTL_ENABLE_PORT:
2248	case CTL_DISABLE_PORT:
2249	case CTL_SET_PORT_WWNS: {
2250		struct ctl_port *port;
2251		struct ctl_port_entry *entry;
2252
2253		entry = (struct ctl_port_entry *)addr;
2254
2255		mtx_lock(&softc->ctl_lock);
2256		STAILQ_FOREACH(port, &softc->port_list, links) {
2257			int action, done;
2258
2259			if (port->targ_port < softc->port_min ||
2260			    port->targ_port >= softc->port_max)
2261				continue;
2262
2263			action = 0;
2264			done = 0;
2265			if ((entry->port_type == CTL_PORT_NONE)
2266			 && (entry->targ_port == port->targ_port)) {
2267				/*
2268				 * If the user only wants to enable or
2269				 * disable or set WWNs on a specific port,
2270				 * do the operation and we're done.
2271				 */
2272				action = 1;
2273				done = 1;
2274			} else if (entry->port_type & port->port_type) {
2275				/*
2276				 * Compare the user's type mask with the
2277				 * particular frontend type to see if we
2278				 * have a match.
2279				 */
2280				action = 1;
2281				done = 0;
2282
2283				/*
2284				 * Make sure the user isn't trying to set
2285				 * WWNs on multiple ports at the same time.
2286				 */
2287				if (cmd == CTL_SET_PORT_WWNS) {
2288					printf("%s: Can't set WWNs on "
2289					       "multiple ports\n", __func__);
2290					retval = EINVAL;
2291					break;
2292				}
2293			}
2294			if (action == 0)
2295				continue;
2296
2297			/*
2298			 * XXX KDM we have to drop the lock here, because
2299			 * the online/offline operations can potentially
2300			 * block.  We need to reference count the frontends
2301			 * so they can't go away,
2302			 */
2303			if (cmd == CTL_ENABLE_PORT) {
2304				mtx_unlock(&softc->ctl_lock);
2305				ctl_port_online(port);
2306				mtx_lock(&softc->ctl_lock);
2307			} else if (cmd == CTL_DISABLE_PORT) {
2308				mtx_unlock(&softc->ctl_lock);
2309				ctl_port_offline(port);
2310				mtx_lock(&softc->ctl_lock);
2311			} else if (cmd == CTL_SET_PORT_WWNS) {
2312				ctl_port_set_wwns(port,
2313				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2314				    1 : 0, entry->wwnn,
2315				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2316				    1 : 0, entry->wwpn);
2317			}
2318			if (done != 0)
2319				break;
2320		}
2321		mtx_unlock(&softc->ctl_lock);
2322		break;
2323	}
2324	case CTL_GET_PORT_LIST: {
2325		struct ctl_port *port;
2326		struct ctl_port_list *list;
2327		int i;
2328
2329		list = (struct ctl_port_list *)addr;
2330
2331		if (list->alloc_len != (list->alloc_num *
2332		    sizeof(struct ctl_port_entry))) {
2333			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2334			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2335			       "%zu\n", __func__, list->alloc_len,
2336			       list->alloc_num, sizeof(struct ctl_port_entry));
2337			retval = EINVAL;
2338			break;
2339		}
2340		list->fill_len = 0;
2341		list->fill_num = 0;
2342		list->dropped_num = 0;
2343		i = 0;
2344		mtx_lock(&softc->ctl_lock);
2345		STAILQ_FOREACH(port, &softc->port_list, links) {
2346			struct ctl_port_entry entry, *list_entry;
2347
2348			if (list->fill_num >= list->alloc_num) {
2349				list->dropped_num++;
2350				continue;
2351			}
2352
2353			entry.port_type = port->port_type;
2354			strlcpy(entry.port_name, port->port_name,
2355				sizeof(entry.port_name));
2356			entry.targ_port = port->targ_port;
2357			entry.physical_port = port->physical_port;
2358			entry.virtual_port = port->virtual_port;
2359			entry.wwnn = port->wwnn;
2360			entry.wwpn = port->wwpn;
2361			if (port->status & CTL_PORT_STATUS_ONLINE)
2362				entry.online = 1;
2363			else
2364				entry.online = 0;
2365
2366			list_entry = &list->entries[i];
2367
2368			retval = copyout(&entry, list_entry, sizeof(entry));
2369			if (retval != 0) {
2370				printf("%s: CTL_GET_PORT_LIST: copyout "
2371				       "returned %d\n", __func__, retval);
2372				break;
2373			}
2374			i++;
2375			list->fill_num++;
2376			list->fill_len += sizeof(entry);
2377		}
2378		mtx_unlock(&softc->ctl_lock);
2379
2380		/*
2381		 * If this is non-zero, we had a copyout fault, so there's
2382		 * probably no point in attempting to set the status inside
2383		 * the structure.
2384		 */
2385		if (retval != 0)
2386			break;
2387
2388		if (list->dropped_num > 0)
2389			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2390		else
2391			list->status = CTL_PORT_LIST_OK;
2392		break;
2393	}
2394	case CTL_DUMP_OOA: {
2395		union ctl_io *io;
2396		char printbuf[128];
2397		struct sbuf sb;
2398
2399		mtx_lock(&softc->ctl_lock);
2400		printf("Dumping OOA queues:\n");
2401		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2402			mtx_lock(&lun->lun_lock);
2403			for (io = (union ctl_io *)TAILQ_FIRST(
2404			     &lun->ooa_queue); io != NULL;
2405			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2406			     ooa_links)) {
2407				sbuf_new(&sb, printbuf, sizeof(printbuf),
2408					 SBUF_FIXEDLEN);
2409				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2410					    (intmax_t)lun->lun,
2411					    io->scsiio.tag_num,
2412					    (io->io_hdr.flags &
2413					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2414					    (io->io_hdr.flags &
2415					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2416					    (io->io_hdr.flags &
2417					    CTL_FLAG_ABORT) ? " ABORT" : "",
2418			                    (io->io_hdr.flags &
2419		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2420				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2421				sbuf_finish(&sb);
2422				printf("%s\n", sbuf_data(&sb));
2423			}
2424			mtx_unlock(&lun->lun_lock);
2425		}
2426		printf("OOA queues dump done\n");
2427		mtx_unlock(&softc->ctl_lock);
2428		break;
2429	}
2430	case CTL_GET_OOA: {
2431		struct ctl_ooa *ooa_hdr;
2432		struct ctl_ooa_entry *entries;
2433		uint32_t cur_fill_num;
2434
2435		ooa_hdr = (struct ctl_ooa *)addr;
2436
2437		if ((ooa_hdr->alloc_len == 0)
2438		 || (ooa_hdr->alloc_num == 0)) {
2439			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2440			       "must be non-zero\n", __func__,
2441			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2442			retval = EINVAL;
2443			break;
2444		}
2445
2446		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2447		    sizeof(struct ctl_ooa_entry))) {
2448			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2449			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2450			       __func__, ooa_hdr->alloc_len,
2451			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2452			retval = EINVAL;
2453			break;
2454		}
2455
2456		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2457		if (entries == NULL) {
2458			printf("%s: could not allocate %d bytes for OOA "
2459			       "dump\n", __func__, ooa_hdr->alloc_len);
2460			retval = ENOMEM;
2461			break;
2462		}
2463
2464		mtx_lock(&softc->ctl_lock);
2465		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2466		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2467		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2468			mtx_unlock(&softc->ctl_lock);
2469			free(entries, M_CTL);
2470			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2471			       __func__, (uintmax_t)ooa_hdr->lun_num);
2472			retval = EINVAL;
2473			break;
2474		}
2475
2476		cur_fill_num = 0;
2477
2478		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2479			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2480				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2481					ooa_hdr, entries);
2482				if (retval != 0)
2483					break;
2484			}
2485			if (retval != 0) {
2486				mtx_unlock(&softc->ctl_lock);
2487				free(entries, M_CTL);
2488				break;
2489			}
2490		} else {
2491			lun = softc->ctl_luns[ooa_hdr->lun_num];
2492
2493			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2494						    entries);
2495		}
2496		mtx_unlock(&softc->ctl_lock);
2497
2498		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2499		ooa_hdr->fill_len = ooa_hdr->fill_num *
2500			sizeof(struct ctl_ooa_entry);
2501		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2502		if (retval != 0) {
2503			printf("%s: error copying out %d bytes for OOA dump\n",
2504			       __func__, ooa_hdr->fill_len);
2505		}
2506
2507		getbintime(&ooa_hdr->cur_bt);
2508
2509		if (cur_fill_num > ooa_hdr->alloc_num) {
2510			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2511			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2512		} else {
2513			ooa_hdr->dropped_num = 0;
2514			ooa_hdr->status = CTL_OOA_OK;
2515		}
2516
2517		free(entries, M_CTL);
2518		break;
2519	}
2520	case CTL_CHECK_OOA: {
2521		union ctl_io *io;
2522		struct ctl_ooa_info *ooa_info;
2523
2524
2525		ooa_info = (struct ctl_ooa_info *)addr;
2526
2527		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2528			ooa_info->status = CTL_OOA_INVALID_LUN;
2529			break;
2530		}
2531		mtx_lock(&softc->ctl_lock);
2532		lun = softc->ctl_luns[ooa_info->lun_id];
2533		if (lun == NULL) {
2534			mtx_unlock(&softc->ctl_lock);
2535			ooa_info->status = CTL_OOA_INVALID_LUN;
2536			break;
2537		}
2538		mtx_lock(&lun->lun_lock);
2539		mtx_unlock(&softc->ctl_lock);
2540		ooa_info->num_entries = 0;
2541		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2542		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2543		     &io->io_hdr, ooa_links)) {
2544			ooa_info->num_entries++;
2545		}
2546		mtx_unlock(&lun->lun_lock);
2547
2548		ooa_info->status = CTL_OOA_SUCCESS;
2549
2550		break;
2551	}
2552	case CTL_DELAY_IO: {
2553		struct ctl_io_delay_info *delay_info;
2554
2555		delay_info = (struct ctl_io_delay_info *)addr;
2556
2557#ifdef CTL_IO_DELAY
2558		mtx_lock(&softc->ctl_lock);
2559
2560		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2561		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2562			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2563		} else {
2564			lun = softc->ctl_luns[delay_info->lun_id];
2565			mtx_lock(&lun->lun_lock);
2566
2567			delay_info->status = CTL_DELAY_STATUS_OK;
2568
2569			switch (delay_info->delay_type) {
2570			case CTL_DELAY_TYPE_CONT:
2571				break;
2572			case CTL_DELAY_TYPE_ONESHOT:
2573				break;
2574			default:
2575				delay_info->status =
2576					CTL_DELAY_STATUS_INVALID_TYPE;
2577				break;
2578			}
2579
2580			switch (delay_info->delay_loc) {
2581			case CTL_DELAY_LOC_DATAMOVE:
2582				lun->delay_info.datamove_type =
2583					delay_info->delay_type;
2584				lun->delay_info.datamove_delay =
2585					delay_info->delay_secs;
2586				break;
2587			case CTL_DELAY_LOC_DONE:
2588				lun->delay_info.done_type =
2589					delay_info->delay_type;
2590				lun->delay_info.done_delay =
2591					delay_info->delay_secs;
2592				break;
2593			default:
2594				delay_info->status =
2595					CTL_DELAY_STATUS_INVALID_LOC;
2596				break;
2597			}
2598			mtx_unlock(&lun->lun_lock);
2599		}
2600
2601		mtx_unlock(&softc->ctl_lock);
2602#else
2603		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2604#endif /* CTL_IO_DELAY */
2605		break;
2606	}
2607	case CTL_REALSYNC_SET: {
2608		int *syncstate;
2609
2610		syncstate = (int *)addr;
2611
2612		mtx_lock(&softc->ctl_lock);
2613		switch (*syncstate) {
2614		case 0:
2615			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2616			break;
2617		case 1:
2618			softc->flags |= CTL_FLAG_REAL_SYNC;
2619			break;
2620		default:
2621			retval = EINVAL;
2622			break;
2623		}
2624		mtx_unlock(&softc->ctl_lock);
2625		break;
2626	}
2627	case CTL_REALSYNC_GET: {
2628		int *syncstate;
2629
2630		syncstate = (int*)addr;
2631
2632		mtx_lock(&softc->ctl_lock);
2633		if (softc->flags & CTL_FLAG_REAL_SYNC)
2634			*syncstate = 1;
2635		else
2636			*syncstate = 0;
2637		mtx_unlock(&softc->ctl_lock);
2638
2639		break;
2640	}
2641	case CTL_SETSYNC:
2642	case CTL_GETSYNC: {
2643		struct ctl_sync_info *sync_info;
2644
2645		sync_info = (struct ctl_sync_info *)addr;
2646
2647		mtx_lock(&softc->ctl_lock);
2648		lun = softc->ctl_luns[sync_info->lun_id];
2649		if (lun == NULL) {
2650			mtx_unlock(&softc->ctl_lock);
2651			sync_info->status = CTL_GS_SYNC_NO_LUN;
2652			break;
2653		}
2654		/*
2655		 * Get or set the sync interval.  We're not bounds checking
2656		 * in the set case, hopefully the user won't do something
2657		 * silly.
2658		 */
2659		mtx_lock(&lun->lun_lock);
2660		mtx_unlock(&softc->ctl_lock);
2661		if (cmd == CTL_GETSYNC)
2662			sync_info->sync_interval = lun->sync_interval;
2663		else
2664			lun->sync_interval = sync_info->sync_interval;
2665		mtx_unlock(&lun->lun_lock);
2666
2667		sync_info->status = CTL_GS_SYNC_OK;
2668
2669		break;
2670	}
2671	case CTL_GETSTATS: {
2672		struct ctl_stats *stats;
2673		int i;
2674
2675		stats = (struct ctl_stats *)addr;
2676
2677		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2678		     stats->alloc_len) {
2679			stats->status = CTL_SS_NEED_MORE_SPACE;
2680			stats->num_luns = softc->num_luns;
2681			break;
2682		}
2683		/*
2684		 * XXX KDM no locking here.  If the LUN list changes,
2685		 * things can blow up.
2686		 */
2687		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2688		     i++, lun = STAILQ_NEXT(lun, links)) {
2689			retval = copyout(&lun->stats, &stats->lun_stats[i],
2690					 sizeof(lun->stats));
2691			if (retval != 0)
2692				break;
2693		}
2694		stats->num_luns = softc->num_luns;
2695		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2696				 softc->num_luns;
2697		stats->status = CTL_SS_OK;
2698#ifdef CTL_TIME_IO
2699		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2700#else
2701		stats->flags = CTL_STATS_FLAG_NONE;
2702#endif
2703		getnanouptime(&stats->timestamp);
2704		break;
2705	}
2706	case CTL_ERROR_INJECT: {
2707		struct ctl_error_desc *err_desc, *new_err_desc;
2708
2709		err_desc = (struct ctl_error_desc *)addr;
2710
2711		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2712				      M_WAITOK | M_ZERO);
2713		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2714
2715		mtx_lock(&softc->ctl_lock);
2716		lun = softc->ctl_luns[err_desc->lun_id];
2717		if (lun == NULL) {
2718			mtx_unlock(&softc->ctl_lock);
2719			free(new_err_desc, M_CTL);
2720			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2721			       __func__, (uintmax_t)err_desc->lun_id);
2722			retval = EINVAL;
2723			break;
2724		}
2725		mtx_lock(&lun->lun_lock);
2726		mtx_unlock(&softc->ctl_lock);
2727
2728		/*
2729		 * We could do some checking here to verify the validity
2730		 * of the request, but given the complexity of error
2731		 * injection requests, the checking logic would be fairly
2732		 * complex.
2733		 *
2734		 * For now, if the request is invalid, it just won't get
2735		 * executed and might get deleted.
2736		 */
2737		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2738
2739		/*
2740		 * XXX KDM check to make sure the serial number is unique,
2741		 * in case we somehow manage to wrap.  That shouldn't
2742		 * happen for a very long time, but it's the right thing to
2743		 * do.
2744		 */
2745		new_err_desc->serial = lun->error_serial;
2746		err_desc->serial = lun->error_serial;
2747		lun->error_serial++;
2748
2749		mtx_unlock(&lun->lun_lock);
2750		break;
2751	}
2752	case CTL_ERROR_INJECT_DELETE: {
2753		struct ctl_error_desc *delete_desc, *desc, *desc2;
2754		int delete_done;
2755
2756		delete_desc = (struct ctl_error_desc *)addr;
2757		delete_done = 0;
2758
2759		mtx_lock(&softc->ctl_lock);
2760		lun = softc->ctl_luns[delete_desc->lun_id];
2761		if (lun == NULL) {
2762			mtx_unlock(&softc->ctl_lock);
2763			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2764			       __func__, (uintmax_t)delete_desc->lun_id);
2765			retval = EINVAL;
2766			break;
2767		}
2768		mtx_lock(&lun->lun_lock);
2769		mtx_unlock(&softc->ctl_lock);
2770		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2771			if (desc->serial != delete_desc->serial)
2772				continue;
2773
2774			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2775				      links);
2776			free(desc, M_CTL);
2777			delete_done = 1;
2778		}
2779		mtx_unlock(&lun->lun_lock);
2780		if (delete_done == 0) {
2781			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2782			       "error serial %ju on LUN %u\n", __func__,
2783			       delete_desc->serial, delete_desc->lun_id);
2784			retval = EINVAL;
2785			break;
2786		}
2787		break;
2788	}
2789	case CTL_DUMP_STRUCTS: {
2790		int i, j, k;
2791		struct ctl_port *port;
2792		struct ctl_frontend *fe;
2793
2794		mtx_lock(&softc->ctl_lock);
2795		printf("CTL Persistent Reservation information start:\n");
2796		for (i = 0; i < CTL_MAX_LUNS; i++) {
2797			lun = softc->ctl_luns[i];
2798
2799			if ((lun == NULL)
2800			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2801				continue;
2802
2803			for (j = 0; j < CTL_MAX_PORTS; j++) {
2804				if (lun->pr_keys[j] == NULL)
2805					continue;
2806				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2807					if (lun->pr_keys[j][k] == 0)
2808						continue;
2809					printf("  LUN %d port %d iid %d key "
2810					       "%#jx\n", i, j, k,
2811					       (uintmax_t)lun->pr_keys[j][k]);
2812				}
2813			}
2814		}
2815		printf("CTL Persistent Reservation information end\n");
2816		printf("CTL Ports:\n");
2817		STAILQ_FOREACH(port, &softc->port_list, links) {
2818			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2819			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2820			       port->frontend->name, port->port_type,
2821			       port->physical_port, port->virtual_port,
2822			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2823			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2824				if (port->wwpn_iid[j].in_use == 0 &&
2825				    port->wwpn_iid[j].wwpn == 0 &&
2826				    port->wwpn_iid[j].name == NULL)
2827					continue;
2828
2829				printf("    iid %u use %d WWPN %#jx '%s'\n",
2830				    j, port->wwpn_iid[j].in_use,
2831				    (uintmax_t)port->wwpn_iid[j].wwpn,
2832				    port->wwpn_iid[j].name);
2833			}
2834		}
2835		printf("CTL Port information end\n");
2836		mtx_unlock(&softc->ctl_lock);
2837		/*
2838		 * XXX KDM calling this without a lock.  We'd likely want
2839		 * to drop the lock before calling the frontend's dump
2840		 * routine anyway.
2841		 */
2842		printf("CTL Frontends:\n");
2843		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2844			printf("  Frontend '%s'\n", fe->name);
2845			if (fe->fe_dump != NULL)
2846				fe->fe_dump();
2847		}
2848		printf("CTL Frontend information end\n");
2849		break;
2850	}
2851	case CTL_LUN_REQ: {
2852		struct ctl_lun_req *lun_req;
2853		struct ctl_backend_driver *backend;
2854
2855		lun_req = (struct ctl_lun_req *)addr;
2856
2857		backend = ctl_backend_find(lun_req->backend);
2858		if (backend == NULL) {
2859			lun_req->status = CTL_LUN_ERROR;
2860			snprintf(lun_req->error_str,
2861				 sizeof(lun_req->error_str),
2862				 "Backend \"%s\" not found.",
2863				 lun_req->backend);
2864			break;
2865		}
2866		if (lun_req->num_be_args > 0) {
2867			lun_req->kern_be_args = ctl_copyin_args(
2868				lun_req->num_be_args,
2869				lun_req->be_args,
2870				lun_req->error_str,
2871				sizeof(lun_req->error_str));
2872			if (lun_req->kern_be_args == NULL) {
2873				lun_req->status = CTL_LUN_ERROR;
2874				break;
2875			}
2876		}
2877
2878		retval = backend->ioctl(dev, cmd, addr, flag, td);
2879
2880		if (lun_req->num_be_args > 0) {
2881			ctl_copyout_args(lun_req->num_be_args,
2882				      lun_req->kern_be_args);
2883			ctl_free_args(lun_req->num_be_args,
2884				      lun_req->kern_be_args);
2885		}
2886		break;
2887	}
2888	case CTL_LUN_LIST: {
2889		struct sbuf *sb;
2890		struct ctl_lun_list *list;
2891		struct ctl_option *opt;
2892
2893		list = (struct ctl_lun_list *)addr;
2894
2895		/*
2896		 * Allocate a fixed length sbuf here, based on the length
2897		 * of the user's buffer.  We could allocate an auto-extending
2898		 * buffer, and then tell the user how much larger our
2899		 * amount of data is than his buffer, but that presents
2900		 * some problems:
2901		 *
2902		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2903		 *     we can't hold a lock while calling them with an
2904		 *     auto-extending buffer.
2905 		 *
2906		 * 2.  There is not currently a LUN reference counting
2907		 *     mechanism, outside of outstanding transactions on
2908		 *     the LUN's OOA queue.  So a LUN could go away on us
2909		 *     while we're getting the LUN number, backend-specific
2910		 *     information, etc.  Thus, given the way things
2911		 *     currently work, we need to hold the CTL lock while
2912		 *     grabbing LUN information.
2913		 *
2914		 * So, from the user's standpoint, the best thing to do is
2915		 * allocate what he thinks is a reasonable buffer length,
2916		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2917		 * double the buffer length and try again.  (And repeat
2918		 * that until he succeeds.)
2919		 */
2920		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2921		if (sb == NULL) {
2922			list->status = CTL_LUN_LIST_ERROR;
2923			snprintf(list->error_str, sizeof(list->error_str),
2924				 "Unable to allocate %d bytes for LUN list",
2925				 list->alloc_len);
2926			break;
2927		}
2928
2929		sbuf_printf(sb, "<ctllunlist>\n");
2930
2931		mtx_lock(&softc->ctl_lock);
2932		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2933			mtx_lock(&lun->lun_lock);
2934			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2935					     (uintmax_t)lun->lun);
2936
2937			/*
2938			 * Bail out as soon as we see that we've overfilled
2939			 * the buffer.
2940			 */
2941			if (retval != 0)
2942				break;
2943
2944			retval = sbuf_printf(sb, "\t<backend_type>%s"
2945					     "</backend_type>\n",
2946					     (lun->backend == NULL) ?  "none" :
2947					     lun->backend->name);
2948
2949			if (retval != 0)
2950				break;
2951
2952			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
2953					     lun->be_lun->lun_type);
2954
2955			if (retval != 0)
2956				break;
2957
2958			if (lun->backend == NULL) {
2959				retval = sbuf_printf(sb, "</lun>\n");
2960				if (retval != 0)
2961					break;
2962				continue;
2963			}
2964
2965			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
2966					     (lun->be_lun->maxlba > 0) ?
2967					     lun->be_lun->maxlba + 1 : 0);
2968
2969			if (retval != 0)
2970				break;
2971
2972			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
2973					     lun->be_lun->blocksize);
2974
2975			if (retval != 0)
2976				break;
2977
2978			retval = sbuf_printf(sb, "\t<serial_number>");
2979
2980			if (retval != 0)
2981				break;
2982
2983			retval = ctl_sbuf_printf_esc(sb,
2984			    lun->be_lun->serial_num,
2985			    sizeof(lun->be_lun->serial_num));
2986
2987			if (retval != 0)
2988				break;
2989
2990			retval = sbuf_printf(sb, "</serial_number>\n");
2991
2992			if (retval != 0)
2993				break;
2994
2995			retval = sbuf_printf(sb, "\t<device_id>");
2996
2997			if (retval != 0)
2998				break;
2999
3000			retval = ctl_sbuf_printf_esc(sb,
3001			    lun->be_lun->device_id,
3002			    sizeof(lun->be_lun->device_id));
3003
3004			if (retval != 0)
3005				break;
3006
3007			retval = sbuf_printf(sb, "</device_id>\n");
3008
3009			if (retval != 0)
3010				break;
3011
3012			if (lun->backend->lun_info != NULL) {
3013				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3014				if (retval != 0)
3015					break;
3016			}
3017			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3018				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3019				    opt->name, opt->value, opt->name);
3020				if (retval != 0)
3021					break;
3022			}
3023
3024			retval = sbuf_printf(sb, "</lun>\n");
3025
3026			if (retval != 0)
3027				break;
3028			mtx_unlock(&lun->lun_lock);
3029		}
3030		if (lun != NULL)
3031			mtx_unlock(&lun->lun_lock);
3032		mtx_unlock(&softc->ctl_lock);
3033
3034		if ((retval != 0)
3035		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3036			retval = 0;
3037			sbuf_delete(sb);
3038			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3039			snprintf(list->error_str, sizeof(list->error_str),
3040				 "Out of space, %d bytes is too small",
3041				 list->alloc_len);
3042			break;
3043		}
3044
3045		sbuf_finish(sb);
3046
3047		retval = copyout(sbuf_data(sb), list->lun_xml,
3048				 sbuf_len(sb) + 1);
3049
3050		list->fill_len = sbuf_len(sb) + 1;
3051		list->status = CTL_LUN_LIST_OK;
3052		sbuf_delete(sb);
3053		break;
3054	}
3055	case CTL_ISCSI: {
3056		struct ctl_iscsi *ci;
3057		struct ctl_frontend *fe;
3058
3059		ci = (struct ctl_iscsi *)addr;
3060
3061		fe = ctl_frontend_find("iscsi");
3062		if (fe == NULL) {
3063			ci->status = CTL_ISCSI_ERROR;
3064			snprintf(ci->error_str, sizeof(ci->error_str),
3065			    "Frontend \"iscsi\" not found.");
3066			break;
3067		}
3068
3069		retval = fe->ioctl(dev, cmd, addr, flag, td);
3070		break;
3071	}
3072	case CTL_PORT_REQ: {
3073		struct ctl_req *req;
3074		struct ctl_frontend *fe;
3075
3076		req = (struct ctl_req *)addr;
3077
3078		fe = ctl_frontend_find(req->driver);
3079		if (fe == NULL) {
3080			req->status = CTL_LUN_ERROR;
3081			snprintf(req->error_str, sizeof(req->error_str),
3082			    "Frontend \"%s\" not found.", req->driver);
3083			break;
3084		}
3085		if (req->num_args > 0) {
3086			req->kern_args = ctl_copyin_args(req->num_args,
3087			    req->args, req->error_str, sizeof(req->error_str));
3088			if (req->kern_args == NULL) {
3089				req->status = CTL_LUN_ERROR;
3090				break;
3091			}
3092		}
3093
3094		if (fe->ioctl)
3095			retval = fe->ioctl(dev, cmd, addr, flag, td);
3096		else
3097			retval = ENODEV;
3098
3099		if (req->num_args > 0) {
3100			ctl_copyout_args(req->num_args, req->kern_args);
3101			ctl_free_args(req->num_args, req->kern_args);
3102		}
3103		break;
3104	}
3105	case CTL_PORT_LIST: {
3106		struct sbuf *sb;
3107		struct ctl_port *port;
3108		struct ctl_lun_list *list;
3109		struct ctl_option *opt;
3110		int j;
3111		uint32_t plun;
3112
3113		list = (struct ctl_lun_list *)addr;
3114
3115		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3116		if (sb == NULL) {
3117			list->status = CTL_LUN_LIST_ERROR;
3118			snprintf(list->error_str, sizeof(list->error_str),
3119				 "Unable to allocate %d bytes for LUN list",
3120				 list->alloc_len);
3121			break;
3122		}
3123
3124		sbuf_printf(sb, "<ctlportlist>\n");
3125
3126		mtx_lock(&softc->ctl_lock);
3127		STAILQ_FOREACH(port, &softc->port_list, links) {
3128			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3129					     (uintmax_t)port->targ_port);
3130
3131			/*
3132			 * Bail out as soon as we see that we've overfilled
3133			 * the buffer.
3134			 */
3135			if (retval != 0)
3136				break;
3137
3138			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3139			    "</frontend_type>\n", port->frontend->name);
3140			if (retval != 0)
3141				break;
3142
3143			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3144					     port->port_type);
3145			if (retval != 0)
3146				break;
3147
3148			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3149			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3150			if (retval != 0)
3151				break;
3152
3153			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3154			    port->port_name);
3155			if (retval != 0)
3156				break;
3157
3158			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3159			    port->physical_port);
3160			if (retval != 0)
3161				break;
3162
3163			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3164			    port->virtual_port);
3165			if (retval != 0)
3166				break;
3167
3168			if (port->target_devid != NULL) {
3169				sbuf_printf(sb, "\t<target>");
3170				ctl_id_sbuf(port->target_devid, sb);
3171				sbuf_printf(sb, "</target>\n");
3172			}
3173
3174			if (port->port_devid != NULL) {
3175				sbuf_printf(sb, "\t<port>");
3176				ctl_id_sbuf(port->port_devid, sb);
3177				sbuf_printf(sb, "</port>\n");
3178			}
3179
3180			if (port->port_info != NULL) {
3181				retval = port->port_info(port->onoff_arg, sb);
3182				if (retval != 0)
3183					break;
3184			}
3185			STAILQ_FOREACH(opt, &port->options, links) {
3186				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3187				    opt->name, opt->value, opt->name);
3188				if (retval != 0)
3189					break;
3190			}
3191
3192			if (port->lun_map != NULL) {
3193				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3194				for (j = 0; j < CTL_MAX_LUNS; j++) {
3195					plun = ctl_lun_map_from_port(port, j);
3196					if (plun >= CTL_MAX_LUNS)
3197						continue;
3198					sbuf_printf(sb,
3199					    "\t<lun id=\"%u\">%u</lun>\n",
3200					    j, plun);
3201				}
3202			}
3203
3204			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3205				if (port->wwpn_iid[j].in_use == 0 ||
3206				    (port->wwpn_iid[j].wwpn == 0 &&
3207				     port->wwpn_iid[j].name == NULL))
3208					continue;
3209
3210				if (port->wwpn_iid[j].name != NULL)
3211					retval = sbuf_printf(sb,
3212					    "\t<initiator id=\"%u\">%s</initiator>\n",
3213					    j, port->wwpn_iid[j].name);
3214				else
3215					retval = sbuf_printf(sb,
3216					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3217					    j, port->wwpn_iid[j].wwpn);
3218				if (retval != 0)
3219					break;
3220			}
3221			if (retval != 0)
3222				break;
3223
3224			retval = sbuf_printf(sb, "</targ_port>\n");
3225			if (retval != 0)
3226				break;
3227		}
3228		mtx_unlock(&softc->ctl_lock);
3229
3230		if ((retval != 0)
3231		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3232			retval = 0;
3233			sbuf_delete(sb);
3234			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3235			snprintf(list->error_str, sizeof(list->error_str),
3236				 "Out of space, %d bytes is too small",
3237				 list->alloc_len);
3238			break;
3239		}
3240
3241		sbuf_finish(sb);
3242
3243		retval = copyout(sbuf_data(sb), list->lun_xml,
3244				 sbuf_len(sb) + 1);
3245
3246		list->fill_len = sbuf_len(sb) + 1;
3247		list->status = CTL_LUN_LIST_OK;
3248		sbuf_delete(sb);
3249		break;
3250	}
3251	case CTL_LUN_MAP: {
3252		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3253		struct ctl_port *port;
3254
3255		mtx_lock(&softc->ctl_lock);
3256		if (lm->port < softc->port_min ||
3257		    lm->port >= softc->port_max ||
3258		    (port = softc->ctl_ports[lm->port]) == NULL) {
3259			mtx_unlock(&softc->ctl_lock);
3260			return (ENXIO);
3261		}
3262		if (port->status & CTL_PORT_STATUS_ONLINE) {
3263			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3264				if (ctl_lun_map_to_port(port, lun->lun) >=
3265				    CTL_MAX_LUNS)
3266					continue;
3267				mtx_lock(&lun->lun_lock);
3268				ctl_est_ua_port(lun, lm->port, -1,
3269				    CTL_UA_LUN_CHANGE);
3270				mtx_unlock(&lun->lun_lock);
3271			}
3272		}
3273		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3274		if (lm->plun < CTL_MAX_LUNS) {
3275			if (lm->lun == UINT32_MAX)
3276				retval = ctl_lun_map_unset(port, lm->plun);
3277			else if (lm->lun < CTL_MAX_LUNS &&
3278			    softc->ctl_luns[lm->lun] != NULL)
3279				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3280			else
3281				return (ENXIO);
3282		} else if (lm->plun == UINT32_MAX) {
3283			if (lm->lun == UINT32_MAX)
3284				retval = ctl_lun_map_deinit(port);
3285			else
3286				retval = ctl_lun_map_init(port);
3287		} else
3288			return (ENXIO);
3289		if (port->status & CTL_PORT_STATUS_ONLINE)
3290			ctl_isc_announce_port(port);
3291		break;
3292	}
3293	default: {
3294		/* XXX KDM should we fix this? */
3295#if 0
3296		struct ctl_backend_driver *backend;
3297		unsigned int type;
3298		int found;
3299
3300		found = 0;
3301
3302		/*
3303		 * We encode the backend type as the ioctl type for backend
3304		 * ioctls.  So parse it out here, and then search for a
3305		 * backend of this type.
3306		 */
3307		type = _IOC_TYPE(cmd);
3308
3309		STAILQ_FOREACH(backend, &softc->be_list, links) {
3310			if (backend->type == type) {
3311				found = 1;
3312				break;
3313			}
3314		}
3315		if (found == 0) {
3316			printf("ctl: unknown ioctl command %#lx or backend "
3317			       "%d\n", cmd, type);
3318			retval = EINVAL;
3319			break;
3320		}
3321		retval = backend->ioctl(dev, cmd, addr, flag, td);
3322#endif
3323		retval = ENOTTY;
3324		break;
3325	}
3326	}
3327	return (retval);
3328}
3329
3330uint32_t
3331ctl_get_initindex(struct ctl_nexus *nexus)
3332{
3333	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3334}
3335
3336int
3337ctl_lun_map_init(struct ctl_port *port)
3338{
3339	struct ctl_softc *softc = control_softc;
3340	struct ctl_lun *lun;
3341	uint32_t i;
3342
3343	if (port->lun_map == NULL)
3344		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3345		    M_CTL, M_NOWAIT);
3346	if (port->lun_map == NULL)
3347		return (ENOMEM);
3348	for (i = 0; i < CTL_MAX_LUNS; i++)
3349		port->lun_map[i] = UINT32_MAX;
3350	if (port->status & CTL_PORT_STATUS_ONLINE) {
3351		if (port->lun_disable != NULL) {
3352			STAILQ_FOREACH(lun, &softc->lun_list, links)
3353				port->lun_disable(port->targ_lun_arg, lun->lun);
3354		}
3355		ctl_isc_announce_port(port);
3356	}
3357	return (0);
3358}
3359
3360int
3361ctl_lun_map_deinit(struct ctl_port *port)
3362{
3363	struct ctl_softc *softc = control_softc;
3364	struct ctl_lun *lun;
3365
3366	if (port->lun_map == NULL)
3367		return (0);
3368	free(port->lun_map, M_CTL);
3369	port->lun_map = NULL;
3370	if (port->status & CTL_PORT_STATUS_ONLINE) {
3371		if (port->lun_enable != NULL) {
3372			STAILQ_FOREACH(lun, &softc->lun_list, links)
3373				port->lun_enable(port->targ_lun_arg, lun->lun);
3374		}
3375		ctl_isc_announce_port(port);
3376	}
3377	return (0);
3378}
3379
3380int
3381ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3382{
3383	int status;
3384	uint32_t old;
3385
3386	if (port->lun_map == NULL) {
3387		status = ctl_lun_map_init(port);
3388		if (status != 0)
3389			return (status);
3390	}
3391	old = port->lun_map[plun];
3392	port->lun_map[plun] = glun;
3393	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3394		if (port->lun_enable != NULL)
3395			port->lun_enable(port->targ_lun_arg, plun);
3396		ctl_isc_announce_port(port);
3397	}
3398	return (0);
3399}
3400
3401int
3402ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3403{
3404	uint32_t old;
3405
3406	if (port->lun_map == NULL)
3407		return (0);
3408	old = port->lun_map[plun];
3409	port->lun_map[plun] = UINT32_MAX;
3410	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3411		if (port->lun_disable != NULL)
3412			port->lun_disable(port->targ_lun_arg, plun);
3413		ctl_isc_announce_port(port);
3414	}
3415	return (0);
3416}
3417
3418uint32_t
3419ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3420{
3421
3422	if (port == NULL)
3423		return (UINT32_MAX);
3424	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3425		return (lun_id);
3426	return (port->lun_map[lun_id]);
3427}
3428
3429uint32_t
3430ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3431{
3432	uint32_t i;
3433
3434	if (port == NULL)
3435		return (UINT32_MAX);
3436	if (port->lun_map == NULL)
3437		return (lun_id);
3438	for (i = 0; i < CTL_MAX_LUNS; i++) {
3439		if (port->lun_map[i] == lun_id)
3440			return (i);
3441	}
3442	return (UINT32_MAX);
3443}
3444
3445static struct ctl_port *
3446ctl_io_port(struct ctl_io_hdr *io_hdr)
3447{
3448
3449	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3450}
3451
3452int
3453ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3454{
3455	int i;
3456
3457	for (i = first; i < last; i++) {
3458		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3459			return (i);
3460	}
3461	return (-1);
3462}
3463
3464int
3465ctl_set_mask(uint32_t *mask, uint32_t bit)
3466{
3467	uint32_t chunk, piece;
3468
3469	chunk = bit >> 5;
3470	piece = bit % (sizeof(uint32_t) * 8);
3471
3472	if ((mask[chunk] & (1 << piece)) != 0)
3473		return (-1);
3474	else
3475		mask[chunk] |= (1 << piece);
3476
3477	return (0);
3478}
3479
3480int
3481ctl_clear_mask(uint32_t *mask, uint32_t bit)
3482{
3483	uint32_t chunk, piece;
3484
3485	chunk = bit >> 5;
3486	piece = bit % (sizeof(uint32_t) * 8);
3487
3488	if ((mask[chunk] & (1 << piece)) == 0)
3489		return (-1);
3490	else
3491		mask[chunk] &= ~(1 << piece);
3492
3493	return (0);
3494}
3495
3496int
3497ctl_is_set(uint32_t *mask, uint32_t bit)
3498{
3499	uint32_t chunk, piece;
3500
3501	chunk = bit >> 5;
3502	piece = bit % (sizeof(uint32_t) * 8);
3503
3504	if ((mask[chunk] & (1 << piece)) == 0)
3505		return (0);
3506	else
3507		return (1);
3508}
3509
3510static uint64_t
3511ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3512{
3513	uint64_t *t;
3514
3515	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3516	if (t == NULL)
3517		return (0);
3518	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3519}
3520
3521static void
3522ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3523{
3524	uint64_t *t;
3525
3526	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3527	if (t == NULL)
3528		return;
3529	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3530}
3531
3532static void
3533ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3534{
3535	uint64_t *p;
3536	u_int i;
3537
3538	i = residx/CTL_MAX_INIT_PER_PORT;
3539	if (lun->pr_keys[i] != NULL)
3540		return;
3541	mtx_unlock(&lun->lun_lock);
3542	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3543	    M_WAITOK | M_ZERO);
3544	mtx_lock(&lun->lun_lock);
3545	if (lun->pr_keys[i] == NULL)
3546		lun->pr_keys[i] = p;
3547	else
3548		free(p, M_CTL);
3549}
3550
3551static void
3552ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3553{
3554	uint64_t *t;
3555
3556	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3557	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3558	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3559}
3560
3561/*
3562 * ctl_softc, pool_name, total_ctl_io are passed in.
3563 * npool is passed out.
3564 */
3565int
3566ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3567		uint32_t total_ctl_io, void **npool)
3568{
3569#ifdef IO_POOLS
3570	struct ctl_io_pool *pool;
3571
3572	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3573					    M_NOWAIT | M_ZERO);
3574	if (pool == NULL)
3575		return (ENOMEM);
3576
3577	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3578	pool->ctl_softc = ctl_softc;
3579	pool->zone = uma_zsecond_create(pool->name, NULL,
3580	    NULL, NULL, NULL, ctl_softc->io_zone);
3581	/* uma_prealloc(pool->zone, total_ctl_io); */
3582
3583	*npool = pool;
3584#else
3585	*npool = ctl_softc->io_zone;
3586#endif
3587	return (0);
3588}
3589
3590void
3591ctl_pool_free(struct ctl_io_pool *pool)
3592{
3593
3594	if (pool == NULL)
3595		return;
3596
3597#ifdef IO_POOLS
3598	uma_zdestroy(pool->zone);
3599	free(pool, M_CTL);
3600#endif
3601}
3602
3603union ctl_io *
3604ctl_alloc_io(void *pool_ref)
3605{
3606	union ctl_io *io;
3607#ifdef IO_POOLS
3608	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3609
3610	io = uma_zalloc(pool->zone, M_WAITOK);
3611#else
3612	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3613#endif
3614	if (io != NULL)
3615		io->io_hdr.pool = pool_ref;
3616	return (io);
3617}
3618
3619union ctl_io *
3620ctl_alloc_io_nowait(void *pool_ref)
3621{
3622	union ctl_io *io;
3623#ifdef IO_POOLS
3624	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3625
3626	io = uma_zalloc(pool->zone, M_NOWAIT);
3627#else
3628	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3629#endif
3630	if (io != NULL)
3631		io->io_hdr.pool = pool_ref;
3632	return (io);
3633}
3634
3635void
3636ctl_free_io(union ctl_io *io)
3637{
3638#ifdef IO_POOLS
3639	struct ctl_io_pool *pool;
3640#endif
3641
3642	if (io == NULL)
3643		return;
3644
3645#ifdef IO_POOLS
3646	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3647	uma_zfree(pool->zone, io);
3648#else
3649	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3650#endif
3651}
3652
3653void
3654ctl_zero_io(union ctl_io *io)
3655{
3656	void *pool_ref;
3657
3658	if (io == NULL)
3659		return;
3660
3661	/*
3662	 * May need to preserve linked list pointers at some point too.
3663	 */
3664	pool_ref = io->io_hdr.pool;
3665	memset(io, 0, sizeof(*io));
3666	io->io_hdr.pool = pool_ref;
3667}
3668
3669/*
3670 * This routine is currently used for internal copies of ctl_ios that need
3671 * to persist for some reason after we've already returned status to the
3672 * FETD.  (Thus the flag set.)
3673 *
3674 * XXX XXX
3675 * Note that this makes a blind copy of all fields in the ctl_io, except
3676 * for the pool reference.  This includes any memory that has been
3677 * allocated!  That memory will no longer be valid after done has been
3678 * called, so this would be VERY DANGEROUS for command that actually does
3679 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3680 * start and stop commands, which don't transfer any data, so this is not a
3681 * problem.  If it is used for anything else, the caller would also need to
3682 * allocate data buffer space and this routine would need to be modified to
3683 * copy the data buffer(s) as well.
3684 */
3685void
3686ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3687{
3688	void *pool_ref;
3689
3690	if ((src == NULL)
3691	 || (dest == NULL))
3692		return;
3693
3694	/*
3695	 * May need to preserve linked list pointers at some point too.
3696	 */
3697	pool_ref = dest->io_hdr.pool;
3698
3699	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3700
3701	dest->io_hdr.pool = pool_ref;
3702	/*
3703	 * We need to know that this is an internal copy, and doesn't need
3704	 * to get passed back to the FETD that allocated it.
3705	 */
3706	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3707}
3708
3709int
3710ctl_expand_number(const char *buf, uint64_t *num)
3711{
3712	char *endptr;
3713	uint64_t number;
3714	unsigned shift;
3715
3716	number = strtoq(buf, &endptr, 0);
3717
3718	switch (tolower((unsigned char)*endptr)) {
3719	case 'e':
3720		shift = 60;
3721		break;
3722	case 'p':
3723		shift = 50;
3724		break;
3725	case 't':
3726		shift = 40;
3727		break;
3728	case 'g':
3729		shift = 30;
3730		break;
3731	case 'm':
3732		shift = 20;
3733		break;
3734	case 'k':
3735		shift = 10;
3736		break;
3737	case 'b':
3738	case '\0': /* No unit. */
3739		*num = number;
3740		return (0);
3741	default:
3742		/* Unrecognized unit. */
3743		return (-1);
3744	}
3745
3746	if ((number << shift) >> shift != number) {
3747		/* Overflow */
3748		return (-1);
3749	}
3750	*num = number << shift;
3751	return (0);
3752}
3753
3754
3755/*
3756 * This routine could be used in the future to load default and/or saved
3757 * mode page parameters for a particuar lun.
3758 */
3759static int
3760ctl_init_page_index(struct ctl_lun *lun)
3761{
3762	int i;
3763	struct ctl_page_index *page_index;
3764	const char *value;
3765	uint64_t ival;
3766
3767	memcpy(&lun->mode_pages.index, page_index_template,
3768	       sizeof(page_index_template));
3769
3770	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3771
3772		page_index = &lun->mode_pages.index[i];
3773		/*
3774		 * If this is a disk-only mode page, there's no point in
3775		 * setting it up.  For some pages, we have to have some
3776		 * basic information about the disk in order to calculate the
3777		 * mode page data.
3778		 */
3779		if ((lun->be_lun->lun_type != T_DIRECT)
3780		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3781			continue;
3782
3783		switch (page_index->page_code & SMPH_PC_MASK) {
3784		case SMS_RW_ERROR_RECOVERY_PAGE: {
3785			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3786				panic("subpage is incorrect!");
3787			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3788			       &rw_er_page_default,
3789			       sizeof(rw_er_page_default));
3790			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3791			       &rw_er_page_changeable,
3792			       sizeof(rw_er_page_changeable));
3793			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3794			       &rw_er_page_default,
3795			       sizeof(rw_er_page_default));
3796			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3797			       &rw_er_page_default,
3798			       sizeof(rw_er_page_default));
3799			page_index->page_data =
3800				(uint8_t *)lun->mode_pages.rw_er_page;
3801			break;
3802		}
3803		case SMS_FORMAT_DEVICE_PAGE: {
3804			struct scsi_format_page *format_page;
3805
3806			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3807				panic("subpage is incorrect!");
3808
3809			/*
3810			 * Sectors per track are set above.  Bytes per
3811			 * sector need to be set here on a per-LUN basis.
3812			 */
3813			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3814			       &format_page_default,
3815			       sizeof(format_page_default));
3816			memcpy(&lun->mode_pages.format_page[
3817			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3818			       sizeof(format_page_changeable));
3819			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3820			       &format_page_default,
3821			       sizeof(format_page_default));
3822			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3823			       &format_page_default,
3824			       sizeof(format_page_default));
3825
3826			format_page = &lun->mode_pages.format_page[
3827				CTL_PAGE_CURRENT];
3828			scsi_ulto2b(lun->be_lun->blocksize,
3829				    format_page->bytes_per_sector);
3830
3831			format_page = &lun->mode_pages.format_page[
3832				CTL_PAGE_DEFAULT];
3833			scsi_ulto2b(lun->be_lun->blocksize,
3834				    format_page->bytes_per_sector);
3835
3836			format_page = &lun->mode_pages.format_page[
3837				CTL_PAGE_SAVED];
3838			scsi_ulto2b(lun->be_lun->blocksize,
3839				    format_page->bytes_per_sector);
3840
3841			page_index->page_data =
3842				(uint8_t *)lun->mode_pages.format_page;
3843			break;
3844		}
3845		case SMS_RIGID_DISK_PAGE: {
3846			struct scsi_rigid_disk_page *rigid_disk_page;
3847			uint32_t sectors_per_cylinder;
3848			uint64_t cylinders;
3849#ifndef	__XSCALE__
3850			int shift;
3851#endif /* !__XSCALE__ */
3852
3853			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3854				panic("invalid subpage value %d",
3855				      page_index->subpage);
3856
3857			/*
3858			 * Rotation rate and sectors per track are set
3859			 * above.  We calculate the cylinders here based on
3860			 * capacity.  Due to the number of heads and
3861			 * sectors per track we're using, smaller arrays
3862			 * may turn out to have 0 cylinders.  Linux and
3863			 * FreeBSD don't pay attention to these mode pages
3864			 * to figure out capacity, but Solaris does.  It
3865			 * seems to deal with 0 cylinders just fine, and
3866			 * works out a fake geometry based on the capacity.
3867			 */
3868			memcpy(&lun->mode_pages.rigid_disk_page[
3869			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3870			       sizeof(rigid_disk_page_default));
3871			memcpy(&lun->mode_pages.rigid_disk_page[
3872			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3873			       sizeof(rigid_disk_page_changeable));
3874
3875			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3876				CTL_DEFAULT_HEADS;
3877
3878			/*
3879			 * The divide method here will be more accurate,
3880			 * probably, but results in floating point being
3881			 * used in the kernel on i386 (__udivdi3()).  On the
3882			 * XScale, though, __udivdi3() is implemented in
3883			 * software.
3884			 *
3885			 * The shift method for cylinder calculation is
3886			 * accurate if sectors_per_cylinder is a power of
3887			 * 2.  Otherwise it might be slightly off -- you
3888			 * might have a bit of a truncation problem.
3889			 */
3890#ifdef	__XSCALE__
3891			cylinders = (lun->be_lun->maxlba + 1) /
3892				sectors_per_cylinder;
3893#else
3894			for (shift = 31; shift > 0; shift--) {
3895				if (sectors_per_cylinder & (1 << shift))
3896					break;
3897			}
3898			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3899#endif
3900
3901			/*
3902			 * We've basically got 3 bytes, or 24 bits for the
3903			 * cylinder size in the mode page.  If we're over,
3904			 * just round down to 2^24.
3905			 */
3906			if (cylinders > 0xffffff)
3907				cylinders = 0xffffff;
3908
3909			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3910				CTL_PAGE_DEFAULT];
3911			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3912
3913			if ((value = ctl_get_opt(&lun->be_lun->options,
3914			    "rpm")) != NULL) {
3915				scsi_ulto2b(strtol(value, NULL, 0),
3916				     rigid_disk_page->rotation_rate);
3917			}
3918
3919			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3920			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3921			       sizeof(rigid_disk_page_default));
3922			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3923			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3924			       sizeof(rigid_disk_page_default));
3925
3926			page_index->page_data =
3927				(uint8_t *)lun->mode_pages.rigid_disk_page;
3928			break;
3929		}
3930		case SMS_CACHING_PAGE: {
3931			struct scsi_caching_page *caching_page;
3932
3933			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3934				panic("invalid subpage value %d",
3935				      page_index->subpage);
3936			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3937			       &caching_page_default,
3938			       sizeof(caching_page_default));
3939			memcpy(&lun->mode_pages.caching_page[
3940			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3941			       sizeof(caching_page_changeable));
3942			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3943			       &caching_page_default,
3944			       sizeof(caching_page_default));
3945			caching_page = &lun->mode_pages.caching_page[
3946			    CTL_PAGE_SAVED];
3947			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3948			if (value != NULL && strcmp(value, "off") == 0)
3949				caching_page->flags1 &= ~SCP_WCE;
3950			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3951			if (value != NULL && strcmp(value, "off") == 0)
3952				caching_page->flags1 |= SCP_RCD;
3953			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3954			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3955			       sizeof(caching_page_default));
3956			page_index->page_data =
3957				(uint8_t *)lun->mode_pages.caching_page;
3958			break;
3959		}
3960		case SMS_CONTROL_MODE_PAGE: {
3961			struct scsi_control_page *control_page;
3962
3963			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3964				panic("invalid subpage value %d",
3965				      page_index->subpage);
3966
3967			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
3968			       &control_page_default,
3969			       sizeof(control_page_default));
3970			memcpy(&lun->mode_pages.control_page[
3971			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
3972			       sizeof(control_page_changeable));
3973			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
3974			       &control_page_default,
3975			       sizeof(control_page_default));
3976			control_page = &lun->mode_pages.control_page[
3977			    CTL_PAGE_SAVED];
3978			value = ctl_get_opt(&lun->be_lun->options, "reordering");
3979			if (value != NULL && strcmp(value, "unrestricted") == 0) {
3980				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
3981				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
3982			}
3983			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3984			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
3985			       sizeof(control_page_default));
3986			page_index->page_data =
3987				(uint8_t *)lun->mode_pages.control_page;
3988			break;
3989
3990		}
3991		case SMS_INFO_EXCEPTIONS_PAGE: {
3992			switch (page_index->subpage) {
3993			case SMS_SUBPAGE_PAGE_0:
3994				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
3995				       &ie_page_default,
3996				       sizeof(ie_page_default));
3997				memcpy(&lun->mode_pages.ie_page[
3998				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
3999				       sizeof(ie_page_changeable));
4000				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4001				       &ie_page_default,
4002				       sizeof(ie_page_default));
4003				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4004				       &ie_page_default,
4005				       sizeof(ie_page_default));
4006				page_index->page_data =
4007					(uint8_t *)lun->mode_pages.ie_page;
4008				break;
4009			case 0x02: {
4010				struct ctl_logical_block_provisioning_page *page;
4011
4012				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4013				       &lbp_page_default,
4014				       sizeof(lbp_page_default));
4015				memcpy(&lun->mode_pages.lbp_page[
4016				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4017				       sizeof(lbp_page_changeable));
4018				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4019				       &lbp_page_default,
4020				       sizeof(lbp_page_default));
4021				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4022				value = ctl_get_opt(&lun->be_lun->options,
4023				    "avail-threshold");
4024				if (value != NULL &&
4025				    ctl_expand_number(value, &ival) == 0) {
4026					page->descr[0].flags |= SLBPPD_ENABLED |
4027					    SLBPPD_ARMING_DEC;
4028					if (lun->be_lun->blocksize)
4029						ival /= lun->be_lun->blocksize;
4030					else
4031						ival /= 512;
4032					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4033					    page->descr[0].count);
4034				}
4035				value = ctl_get_opt(&lun->be_lun->options,
4036				    "used-threshold");
4037				if (value != NULL &&
4038				    ctl_expand_number(value, &ival) == 0) {
4039					page->descr[1].flags |= SLBPPD_ENABLED |
4040					    SLBPPD_ARMING_INC;
4041					if (lun->be_lun->blocksize)
4042						ival /= lun->be_lun->blocksize;
4043					else
4044						ival /= 512;
4045					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4046					    page->descr[1].count);
4047				}
4048				value = ctl_get_opt(&lun->be_lun->options,
4049				    "pool-avail-threshold");
4050				if (value != NULL &&
4051				    ctl_expand_number(value, &ival) == 0) {
4052					page->descr[2].flags |= SLBPPD_ENABLED |
4053					    SLBPPD_ARMING_DEC;
4054					if (lun->be_lun->blocksize)
4055						ival /= lun->be_lun->blocksize;
4056					else
4057						ival /= 512;
4058					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4059					    page->descr[2].count);
4060				}
4061				value = ctl_get_opt(&lun->be_lun->options,
4062				    "pool-used-threshold");
4063				if (value != NULL &&
4064				    ctl_expand_number(value, &ival) == 0) {
4065					page->descr[3].flags |= SLBPPD_ENABLED |
4066					    SLBPPD_ARMING_INC;
4067					if (lun->be_lun->blocksize)
4068						ival /= lun->be_lun->blocksize;
4069					else
4070						ival /= 512;
4071					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4072					    page->descr[3].count);
4073				}
4074				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4075				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4076				       sizeof(lbp_page_default));
4077				page_index->page_data =
4078					(uint8_t *)lun->mode_pages.lbp_page;
4079			}}
4080			break;
4081		}
4082		case SMS_VENDOR_SPECIFIC_PAGE:{
4083			switch (page_index->subpage) {
4084			case DBGCNF_SUBPAGE_CODE: {
4085				struct copan_debugconf_subpage *current_page,
4086							       *saved_page;
4087
4088				memcpy(&lun->mode_pages.debugconf_subpage[
4089				       CTL_PAGE_CURRENT],
4090				       &debugconf_page_default,
4091				       sizeof(debugconf_page_default));
4092				memcpy(&lun->mode_pages.debugconf_subpage[
4093				       CTL_PAGE_CHANGEABLE],
4094				       &debugconf_page_changeable,
4095				       sizeof(debugconf_page_changeable));
4096				memcpy(&lun->mode_pages.debugconf_subpage[
4097				       CTL_PAGE_DEFAULT],
4098				       &debugconf_page_default,
4099				       sizeof(debugconf_page_default));
4100				memcpy(&lun->mode_pages.debugconf_subpage[
4101				       CTL_PAGE_SAVED],
4102				       &debugconf_page_default,
4103				       sizeof(debugconf_page_default));
4104				page_index->page_data =
4105					(uint8_t *)lun->mode_pages.debugconf_subpage;
4106
4107				current_page = (struct copan_debugconf_subpage *)
4108					(page_index->page_data +
4109					 (page_index->page_len *
4110					  CTL_PAGE_CURRENT));
4111				saved_page = (struct copan_debugconf_subpage *)
4112					(page_index->page_data +
4113					 (page_index->page_len *
4114					  CTL_PAGE_SAVED));
4115				break;
4116			}
4117			default:
4118				panic("invalid subpage value %d",
4119				      page_index->subpage);
4120				break;
4121			}
4122   			break;
4123		}
4124		default:
4125			panic("invalid page value %d",
4126			      page_index->page_code & SMPH_PC_MASK);
4127			break;
4128    	}
4129	}
4130
4131	return (CTL_RETVAL_COMPLETE);
4132}
4133
4134static int
4135ctl_init_log_page_index(struct ctl_lun *lun)
4136{
4137	struct ctl_page_index *page_index;
4138	int i, j, k, prev;
4139
4140	memcpy(&lun->log_pages.index, log_page_index_template,
4141	       sizeof(log_page_index_template));
4142
4143	prev = -1;
4144	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4145
4146		page_index = &lun->log_pages.index[i];
4147		/*
4148		 * If this is a disk-only mode page, there's no point in
4149		 * setting it up.  For some pages, we have to have some
4150		 * basic information about the disk in order to calculate the
4151		 * mode page data.
4152		 */
4153		if ((lun->be_lun->lun_type != T_DIRECT)
4154		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4155			continue;
4156
4157		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4158		     lun->backend->lun_attr == NULL)
4159			continue;
4160
4161		if (page_index->page_code != prev) {
4162			lun->log_pages.pages_page[j] = page_index->page_code;
4163			prev = page_index->page_code;
4164			j++;
4165		}
4166		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4167		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4168		k++;
4169	}
4170	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4171	lun->log_pages.index[0].page_len = j;
4172	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4173	lun->log_pages.index[1].page_len = k * 2;
4174	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4175	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4176	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4177	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4178
4179	return (CTL_RETVAL_COMPLETE);
4180}
4181
4182static int
4183hex2bin(const char *str, uint8_t *buf, int buf_size)
4184{
4185	int i;
4186	u_char c;
4187
4188	memset(buf, 0, buf_size);
4189	while (isspace(str[0]))
4190		str++;
4191	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4192		str += 2;
4193	buf_size *= 2;
4194	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4195		c = str[i];
4196		if (isdigit(c))
4197			c -= '0';
4198		else if (isalpha(c))
4199			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4200		else
4201			break;
4202		if (c >= 16)
4203			break;
4204		if ((i & 1) == 0)
4205			buf[i / 2] |= (c << 4);
4206		else
4207			buf[i / 2] |= c;
4208	}
4209	return ((i + 1) / 2);
4210}
4211
4212/*
4213 * LUN allocation.
4214 *
4215 * Requirements:
4216 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4217 *   wants us to allocate the LUN and he can block.
4218 * - ctl_softc is always set
4219 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4220 *
4221 * Returns 0 for success, non-zero (errno) for failure.
4222 */
4223static int
4224ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4225	      struct ctl_be_lun *const be_lun)
4226{
4227	struct ctl_lun *nlun, *lun;
4228	struct scsi_vpd_id_descriptor *desc;
4229	struct scsi_vpd_id_t10 *t10id;
4230	const char *eui, *naa, *scsiname, *vendor;
4231	int lun_number, i, lun_malloced;
4232	int devidlen, idlen1, idlen2 = 0, len;
4233
4234	if (be_lun == NULL)
4235		return (EINVAL);
4236
4237	/*
4238	 * We currently only support Direct Access or Processor LUN types.
4239	 */
4240	switch (be_lun->lun_type) {
4241	case T_DIRECT:
4242		break;
4243	case T_PROCESSOR:
4244		break;
4245	case T_SEQUENTIAL:
4246	case T_CHANGER:
4247	default:
4248		be_lun->lun_config_status(be_lun->be_lun,
4249					  CTL_LUN_CONFIG_FAILURE);
4250		break;
4251	}
4252	if (ctl_lun == NULL) {
4253		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4254		lun_malloced = 1;
4255	} else {
4256		lun_malloced = 0;
4257		lun = ctl_lun;
4258	}
4259
4260	memset(lun, 0, sizeof(*lun));
4261	if (lun_malloced)
4262		lun->flags = CTL_LUN_MALLOCED;
4263
4264	/* Generate LUN ID. */
4265	devidlen = max(CTL_DEVID_MIN_LEN,
4266	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4267	idlen1 = sizeof(*t10id) + devidlen;
4268	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4269	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4270	if (scsiname != NULL) {
4271		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4272		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4273	}
4274	eui = ctl_get_opt(&be_lun->options, "eui");
4275	if (eui != NULL) {
4276		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4277	}
4278	naa = ctl_get_opt(&be_lun->options, "naa");
4279	if (naa != NULL) {
4280		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4281	}
4282	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4283	    M_CTL, M_WAITOK | M_ZERO);
4284	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4285	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4286	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4287	desc->length = idlen1;
4288	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4289	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4290	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4291		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4292	} else {
4293		strncpy(t10id->vendor, vendor,
4294		    min(sizeof(t10id->vendor), strlen(vendor)));
4295	}
4296	strncpy((char *)t10id->vendor_spec_id,
4297	    (char *)be_lun->device_id, devidlen);
4298	if (scsiname != NULL) {
4299		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4300		    desc->length);
4301		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4302		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4303		    SVPD_ID_TYPE_SCSI_NAME;
4304		desc->length = idlen2;
4305		strlcpy(desc->identifier, scsiname, idlen2);
4306	}
4307	if (eui != NULL) {
4308		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4309		    desc->length);
4310		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4311		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4312		    SVPD_ID_TYPE_EUI64;
4313		desc->length = hex2bin(eui, desc->identifier, 16);
4314		desc->length = desc->length > 12 ? 16 :
4315		    (desc->length > 8 ? 12 : 8);
4316		len -= 16 - desc->length;
4317	}
4318	if (naa != NULL) {
4319		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4320		    desc->length);
4321		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4322		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4323		    SVPD_ID_TYPE_NAA;
4324		desc->length = hex2bin(naa, desc->identifier, 16);
4325		desc->length = desc->length > 8 ? 16 : 8;
4326		len -= 16 - desc->length;
4327	}
4328	lun->lun_devid->len = len;
4329
4330	mtx_lock(&ctl_softc->ctl_lock);
4331	/*
4332	 * See if the caller requested a particular LUN number.  If so, see
4333	 * if it is available.  Otherwise, allocate the first available LUN.
4334	 */
4335	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4336		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4337		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4338			mtx_unlock(&ctl_softc->ctl_lock);
4339			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4340				printf("ctl: requested LUN ID %d is higher "
4341				       "than CTL_MAX_LUNS - 1 (%d)\n",
4342				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4343			} else {
4344				/*
4345				 * XXX KDM return an error, or just assign
4346				 * another LUN ID in this case??
4347				 */
4348				printf("ctl: requested LUN ID %d is already "
4349				       "in use\n", be_lun->req_lun_id);
4350			}
4351			if (lun->flags & CTL_LUN_MALLOCED)
4352				free(lun, M_CTL);
4353			be_lun->lun_config_status(be_lun->be_lun,
4354						  CTL_LUN_CONFIG_FAILURE);
4355			return (ENOSPC);
4356		}
4357		lun_number = be_lun->req_lun_id;
4358	} else {
4359		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4360		if (lun_number == -1) {
4361			mtx_unlock(&ctl_softc->ctl_lock);
4362			printf("ctl: can't allocate LUN, out of LUNs\n");
4363			if (lun->flags & CTL_LUN_MALLOCED)
4364				free(lun, M_CTL);
4365			be_lun->lun_config_status(be_lun->be_lun,
4366						  CTL_LUN_CONFIG_FAILURE);
4367			return (ENOSPC);
4368		}
4369	}
4370	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4371
4372	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4373	lun->lun = lun_number;
4374	lun->be_lun = be_lun;
4375	/*
4376	 * The processor LUN is always enabled.  Disk LUNs come on line
4377	 * disabled, and must be enabled by the backend.
4378	 */
4379	lun->flags |= CTL_LUN_DISABLED;
4380	lun->backend = be_lun->be;
4381	be_lun->ctl_lun = lun;
4382	be_lun->lun_id = lun_number;
4383	atomic_add_int(&be_lun->be->num_luns, 1);
4384	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4385		lun->flags |= CTL_LUN_OFFLINE;
4386
4387	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4388		lun->flags |= CTL_LUN_STOPPED;
4389
4390	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4391		lun->flags |= CTL_LUN_INOPERABLE;
4392
4393	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4394		lun->flags |= CTL_LUN_PRIMARY_SC;
4395
4396	lun->ctl_softc = ctl_softc;
4397#ifdef CTL_TIME_IO
4398	lun->last_busy = getsbinuptime();
4399#endif
4400	TAILQ_INIT(&lun->ooa_queue);
4401	TAILQ_INIT(&lun->blocked_queue);
4402	STAILQ_INIT(&lun->error_list);
4403	ctl_tpc_lun_init(lun);
4404
4405	/*
4406	 * Initialize the mode and log page index.
4407	 */
4408	ctl_init_page_index(lun);
4409	ctl_init_log_page_index(lun);
4410
4411	/*
4412	 * Now, before we insert this lun on the lun list, set the lun
4413	 * inventory changed UA for all other luns.
4414	 */
4415	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4416		mtx_lock(&nlun->lun_lock);
4417		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4418		mtx_unlock(&nlun->lun_lock);
4419	}
4420
4421	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4422
4423	ctl_softc->ctl_luns[lun_number] = lun;
4424
4425	ctl_softc->num_luns++;
4426
4427	/* Setup statistics gathering */
4428	lun->stats.device_type = be_lun->lun_type;
4429	lun->stats.lun_number = lun_number;
4430	if (lun->stats.device_type == T_DIRECT)
4431		lun->stats.blocksize = be_lun->blocksize;
4432	else
4433		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4434	for (i = 0;i < CTL_MAX_PORTS;i++)
4435		lun->stats.ports[i].targ_port = i;
4436
4437	mtx_unlock(&ctl_softc->ctl_lock);
4438
4439	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4440	return (0);
4441}
4442
4443/*
4444 * Delete a LUN.
4445 * Assumptions:
4446 * - LUN has already been marked invalid and any pending I/O has been taken
4447 *   care of.
4448 */
4449static int
4450ctl_free_lun(struct ctl_lun *lun)
4451{
4452	struct ctl_softc *softc;
4453	struct ctl_lun *nlun;
4454	int i;
4455
4456	softc = lun->ctl_softc;
4457
4458	mtx_assert(&softc->ctl_lock, MA_OWNED);
4459
4460	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4461
4462	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4463
4464	softc->ctl_luns[lun->lun] = NULL;
4465
4466	if (!TAILQ_EMPTY(&lun->ooa_queue))
4467		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4468
4469	softc->num_luns--;
4470
4471	/*
4472	 * Tell the backend to free resources, if this LUN has a backend.
4473	 */
4474	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4475	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4476
4477	ctl_tpc_lun_shutdown(lun);
4478	mtx_destroy(&lun->lun_lock);
4479	free(lun->lun_devid, M_CTL);
4480	for (i = 0; i < CTL_MAX_PORTS; i++)
4481		free(lun->pending_ua[i], M_CTL);
4482	for (i = 0; i < CTL_MAX_PORTS; i++)
4483		free(lun->pr_keys[i], M_CTL);
4484	free(lun->write_buffer, M_CTL);
4485	if (lun->flags & CTL_LUN_MALLOCED)
4486		free(lun, M_CTL);
4487
4488	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4489		mtx_lock(&nlun->lun_lock);
4490		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4491		mtx_unlock(&nlun->lun_lock);
4492	}
4493
4494	return (0);
4495}
4496
4497static void
4498ctl_create_lun(struct ctl_be_lun *be_lun)
4499{
4500	struct ctl_softc *softc;
4501
4502	softc = control_softc;
4503
4504	/*
4505	 * ctl_alloc_lun() should handle all potential failure cases.
4506	 */
4507	ctl_alloc_lun(softc, NULL, be_lun);
4508}
4509
4510int
4511ctl_add_lun(struct ctl_be_lun *be_lun)
4512{
4513	struct ctl_softc *softc = control_softc;
4514
4515	mtx_lock(&softc->ctl_lock);
4516	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4517	mtx_unlock(&softc->ctl_lock);
4518	wakeup(&softc->pending_lun_queue);
4519
4520	return (0);
4521}
4522
4523int
4524ctl_enable_lun(struct ctl_be_lun *be_lun)
4525{
4526	struct ctl_softc *softc;
4527	struct ctl_port *port, *nport;
4528	struct ctl_lun *lun;
4529	int retval;
4530
4531	lun = (struct ctl_lun *)be_lun->ctl_lun;
4532	softc = lun->ctl_softc;
4533
4534	mtx_lock(&softc->ctl_lock);
4535	mtx_lock(&lun->lun_lock);
4536	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4537		/*
4538		 * eh?  Why did we get called if the LUN is already
4539		 * enabled?
4540		 */
4541		mtx_unlock(&lun->lun_lock);
4542		mtx_unlock(&softc->ctl_lock);
4543		return (0);
4544	}
4545	lun->flags &= ~CTL_LUN_DISABLED;
4546	mtx_unlock(&lun->lun_lock);
4547
4548	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4549		nport = STAILQ_NEXT(port, links);
4550		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4551		    port->lun_map != NULL || port->lun_enable == NULL)
4552			continue;
4553
4554		/*
4555		 * Drop the lock while we call the FETD's enable routine.
4556		 * This can lead to a callback into CTL (at least in the
4557		 * case of the internal initiator frontend.
4558		 */
4559		mtx_unlock(&softc->ctl_lock);
4560		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4561		mtx_lock(&softc->ctl_lock);
4562		if (retval != 0) {
4563			printf("%s: FETD %s port %d returned error "
4564			       "%d for lun_enable on lun %jd\n",
4565			       __func__, port->port_name, port->targ_port,
4566			       retval, (intmax_t)lun->lun);
4567		}
4568	}
4569
4570	mtx_unlock(&softc->ctl_lock);
4571	ctl_isc_announce_lun(lun);
4572
4573	return (0);
4574}
4575
4576int
4577ctl_disable_lun(struct ctl_be_lun *be_lun)
4578{
4579	struct ctl_softc *softc;
4580	struct ctl_port *port;
4581	struct ctl_lun *lun;
4582	int retval;
4583
4584	lun = (struct ctl_lun *)be_lun->ctl_lun;
4585	softc = lun->ctl_softc;
4586
4587	mtx_lock(&softc->ctl_lock);
4588	mtx_lock(&lun->lun_lock);
4589	if (lun->flags & CTL_LUN_DISABLED) {
4590		mtx_unlock(&lun->lun_lock);
4591		mtx_unlock(&softc->ctl_lock);
4592		return (0);
4593	}
4594	lun->flags |= CTL_LUN_DISABLED;
4595	mtx_unlock(&lun->lun_lock);
4596
4597	STAILQ_FOREACH(port, &softc->port_list, links) {
4598		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4599		    port->lun_map != NULL || port->lun_disable == NULL)
4600			continue;
4601
4602		/*
4603		 * Drop the lock before we call the frontend's disable
4604		 * routine, to avoid lock order reversals.
4605		 *
4606		 * XXX KDM what happens if the frontend list changes while
4607		 * we're traversing it?  It's unlikely, but should be handled.
4608		 */
4609		mtx_unlock(&softc->ctl_lock);
4610		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4611		mtx_lock(&softc->ctl_lock);
4612		if (retval != 0) {
4613			printf("%s: FETD %s port %d returned error "
4614			       "%d for lun_disable on lun %jd\n",
4615			       __func__, port->port_name, port->targ_port,
4616			       retval, (intmax_t)lun->lun);
4617		}
4618	}
4619
4620	mtx_unlock(&softc->ctl_lock);
4621	ctl_isc_announce_lun(lun);
4622
4623	return (0);
4624}
4625
4626int
4627ctl_start_lun(struct ctl_be_lun *be_lun)
4628{
4629	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4630
4631	mtx_lock(&lun->lun_lock);
4632	lun->flags &= ~CTL_LUN_STOPPED;
4633	mtx_unlock(&lun->lun_lock);
4634	return (0);
4635}
4636
4637int
4638ctl_stop_lun(struct ctl_be_lun *be_lun)
4639{
4640	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4641
4642	mtx_lock(&lun->lun_lock);
4643	lun->flags |= CTL_LUN_STOPPED;
4644	mtx_unlock(&lun->lun_lock);
4645	return (0);
4646}
4647
4648int
4649ctl_lun_offline(struct ctl_be_lun *be_lun)
4650{
4651	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4652
4653	mtx_lock(&lun->lun_lock);
4654	lun->flags |= CTL_LUN_OFFLINE;
4655	mtx_unlock(&lun->lun_lock);
4656	return (0);
4657}
4658
4659int
4660ctl_lun_online(struct ctl_be_lun *be_lun)
4661{
4662	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4663
4664	mtx_lock(&lun->lun_lock);
4665	lun->flags &= ~CTL_LUN_OFFLINE;
4666	mtx_unlock(&lun->lun_lock);
4667	return (0);
4668}
4669
4670int
4671ctl_lun_primary(struct ctl_be_lun *be_lun)
4672{
4673	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4674
4675	mtx_lock(&lun->lun_lock);
4676	lun->flags |= CTL_LUN_PRIMARY_SC;
4677	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4678	mtx_unlock(&lun->lun_lock);
4679	ctl_isc_announce_lun(lun);
4680	return (0);
4681}
4682
4683int
4684ctl_lun_secondary(struct ctl_be_lun *be_lun)
4685{
4686	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4687
4688	mtx_lock(&lun->lun_lock);
4689	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4690	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4691	mtx_unlock(&lun->lun_lock);
4692	ctl_isc_announce_lun(lun);
4693	return (0);
4694}
4695
4696int
4697ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4698{
4699	struct ctl_softc *softc;
4700	struct ctl_lun *lun;
4701
4702	lun = (struct ctl_lun *)be_lun->ctl_lun;
4703	softc = lun->ctl_softc;
4704
4705	mtx_lock(&lun->lun_lock);
4706
4707	/*
4708	 * The LUN needs to be disabled before it can be marked invalid.
4709	 */
4710	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4711		mtx_unlock(&lun->lun_lock);
4712		return (-1);
4713	}
4714	/*
4715	 * Mark the LUN invalid.
4716	 */
4717	lun->flags |= CTL_LUN_INVALID;
4718
4719	/*
4720	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4721	 * If we have something in the OOA queue, we'll free it when the
4722	 * last I/O completes.
4723	 */
4724	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4725		mtx_unlock(&lun->lun_lock);
4726		mtx_lock(&softc->ctl_lock);
4727		ctl_free_lun(lun);
4728		mtx_unlock(&softc->ctl_lock);
4729	} else
4730		mtx_unlock(&lun->lun_lock);
4731
4732	return (0);
4733}
4734
4735int
4736ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4737{
4738	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4739
4740	mtx_lock(&lun->lun_lock);
4741	lun->flags |= CTL_LUN_INOPERABLE;
4742	mtx_unlock(&lun->lun_lock);
4743	return (0);
4744}
4745
4746int
4747ctl_lun_operable(struct ctl_be_lun *be_lun)
4748{
4749	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4750
4751	mtx_lock(&lun->lun_lock);
4752	lun->flags &= ~CTL_LUN_INOPERABLE;
4753	mtx_unlock(&lun->lun_lock);
4754	return (0);
4755}
4756
4757void
4758ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4759{
4760	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4761	union ctl_ha_msg msg;
4762
4763	mtx_lock(&lun->lun_lock);
4764	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4765	mtx_unlock(&lun->lun_lock);
4766	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4767		/* Send msg to other side. */
4768		bzero(&msg.ua, sizeof(msg.ua));
4769		msg.hdr.msg_type = CTL_MSG_UA;
4770		msg.hdr.nexus.initid = -1;
4771		msg.hdr.nexus.targ_port = -1;
4772		msg.hdr.nexus.targ_lun = lun->lun;
4773		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4774		msg.ua.ua_all = 1;
4775		msg.ua.ua_set = 1;
4776		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4777		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4778		    M_WAITOK);
4779	}
4780}
4781
4782/*
4783 * Backend "memory move is complete" callback for requests that never
4784 * make it down to say RAIDCore's configuration code.
4785 */
4786int
4787ctl_config_move_done(union ctl_io *io)
4788{
4789	int retval;
4790
4791	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4792	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4793	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4794
4795	if ((io->io_hdr.port_status != 0) &&
4796	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4797	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4798		/*
4799		 * For hardware error sense keys, the sense key
4800		 * specific value is defined to be a retry count,
4801		 * but we use it to pass back an internal FETD
4802		 * error code.  XXX KDM  Hopefully the FETD is only
4803		 * using 16 bits for an error code, since that's
4804		 * all the space we have in the sks field.
4805		 */
4806		ctl_set_internal_failure(&io->scsiio,
4807					 /*sks_valid*/ 1,
4808					 /*retry_count*/
4809					 io->io_hdr.port_status);
4810	}
4811
4812	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4813		ctl_data_print(io);
4814	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4815	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4816	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4817	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4818		/*
4819		 * XXX KDM just assuming a single pointer here, and not a
4820		 * S/G list.  If we start using S/G lists for config data,
4821		 * we'll need to know how to clean them up here as well.
4822		 */
4823		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4824			free(io->scsiio.kern_data_ptr, M_CTL);
4825		ctl_done(io);
4826		retval = CTL_RETVAL_COMPLETE;
4827	} else {
4828		/*
4829		 * XXX KDM now we need to continue data movement.  Some
4830		 * options:
4831		 * - call ctl_scsiio() again?  We don't do this for data
4832		 *   writes, because for those at least we know ahead of
4833		 *   time where the write will go and how long it is.  For
4834		 *   config writes, though, that information is largely
4835		 *   contained within the write itself, thus we need to
4836		 *   parse out the data again.
4837		 *
4838		 * - Call some other function once the data is in?
4839		 */
4840
4841		/*
4842		 * XXX KDM call ctl_scsiio() again for now, and check flag
4843		 * bits to see whether we're allocated or not.
4844		 */
4845		retval = ctl_scsiio(&io->scsiio);
4846	}
4847	return (retval);
4848}
4849
4850/*
4851 * This gets called by a backend driver when it is done with a
4852 * data_submit method.
4853 */
4854void
4855ctl_data_submit_done(union ctl_io *io)
4856{
4857	/*
4858	 * If the IO_CONT flag is set, we need to call the supplied
4859	 * function to continue processing the I/O, instead of completing
4860	 * the I/O just yet.
4861	 *
4862	 * If there is an error, though, we don't want to keep processing.
4863	 * Instead, just send status back to the initiator.
4864	 */
4865	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4866	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4867	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4868	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4869		io->scsiio.io_cont(io);
4870		return;
4871	}
4872	ctl_done(io);
4873}
4874
4875/*
4876 * This gets called by a backend driver when it is done with a
4877 * configuration write.
4878 */
4879void
4880ctl_config_write_done(union ctl_io *io)
4881{
4882	uint8_t *buf;
4883
4884	/*
4885	 * If the IO_CONT flag is set, we need to call the supplied
4886	 * function to continue processing the I/O, instead of completing
4887	 * the I/O just yet.
4888	 *
4889	 * If there is an error, though, we don't want to keep processing.
4890	 * Instead, just send status back to the initiator.
4891	 */
4892	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4893	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4894	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4895	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4896		io->scsiio.io_cont(io);
4897		return;
4898	}
4899	/*
4900	 * Since a configuration write can be done for commands that actually
4901	 * have data allocated, like write buffer, and commands that have
4902	 * no data, like start/stop unit, we need to check here.
4903	 */
4904	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4905		buf = io->scsiio.kern_data_ptr;
4906	else
4907		buf = NULL;
4908	ctl_done(io);
4909	if (buf)
4910		free(buf, M_CTL);
4911}
4912
4913void
4914ctl_config_read_done(union ctl_io *io)
4915{
4916	uint8_t *buf;
4917
4918	/*
4919	 * If there is some error -- we are done, skip data transfer.
4920	 */
4921	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4922	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4923	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4924		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4925			buf = io->scsiio.kern_data_ptr;
4926		else
4927			buf = NULL;
4928		ctl_done(io);
4929		if (buf)
4930			free(buf, M_CTL);
4931		return;
4932	}
4933
4934	/*
4935	 * If the IO_CONT flag is set, we need to call the supplied
4936	 * function to continue processing the I/O, instead of completing
4937	 * the I/O just yet.
4938	 */
4939	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4940		io->scsiio.io_cont(io);
4941		return;
4942	}
4943
4944	ctl_datamove(io);
4945}
4946
4947/*
4948 * SCSI release command.
4949 */
4950int
4951ctl_scsi_release(struct ctl_scsiio *ctsio)
4952{
4953	int length, longid, thirdparty_id, resv_id;
4954	struct ctl_lun *lun;
4955	uint32_t residx;
4956
4957	length = 0;
4958	resv_id = 0;
4959
4960	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4961
4962	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4963	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4964
4965	switch (ctsio->cdb[0]) {
4966	case RELEASE_10: {
4967		struct scsi_release_10 *cdb;
4968
4969		cdb = (struct scsi_release_10 *)ctsio->cdb;
4970
4971		if (cdb->byte2 & SR10_LONGID)
4972			longid = 1;
4973		else
4974			thirdparty_id = cdb->thirdparty_id;
4975
4976		resv_id = cdb->resv_id;
4977		length = scsi_2btoul(cdb->length);
4978		break;
4979	}
4980	}
4981
4982
4983	/*
4984	 * XXX KDM right now, we only support LUN reservation.  We don't
4985	 * support 3rd party reservations, or extent reservations, which
4986	 * might actually need the parameter list.  If we've gotten this
4987	 * far, we've got a LUN reservation.  Anything else got kicked out
4988	 * above.  So, according to SPC, ignore the length.
4989	 */
4990	length = 0;
4991
4992	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4993	 && (length > 0)) {
4994		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4995		ctsio->kern_data_len = length;
4996		ctsio->kern_total_len = length;
4997		ctsio->kern_data_resid = 0;
4998		ctsio->kern_rel_offset = 0;
4999		ctsio->kern_sg_entries = 0;
5000		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5001		ctsio->be_move_done = ctl_config_move_done;
5002		ctl_datamove((union ctl_io *)ctsio);
5003
5004		return (CTL_RETVAL_COMPLETE);
5005	}
5006
5007	if (length > 0)
5008		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5009
5010	mtx_lock(&lun->lun_lock);
5011
5012	/*
5013	 * According to SPC, it is not an error for an intiator to attempt
5014	 * to release a reservation on a LUN that isn't reserved, or that
5015	 * is reserved by another initiator.  The reservation can only be
5016	 * released, though, by the initiator who made it or by one of
5017	 * several reset type events.
5018	 */
5019	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5020			lun->flags &= ~CTL_LUN_RESERVED;
5021
5022	mtx_unlock(&lun->lun_lock);
5023
5024	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5025		free(ctsio->kern_data_ptr, M_CTL);
5026		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5027	}
5028
5029	ctl_set_success(ctsio);
5030	ctl_done((union ctl_io *)ctsio);
5031	return (CTL_RETVAL_COMPLETE);
5032}
5033
5034int
5035ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5036{
5037	int extent, thirdparty, longid;
5038	int resv_id, length;
5039	uint64_t thirdparty_id;
5040	struct ctl_lun *lun;
5041	uint32_t residx;
5042
5043	extent = 0;
5044	thirdparty = 0;
5045	longid = 0;
5046	resv_id = 0;
5047	length = 0;
5048	thirdparty_id = 0;
5049
5050	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5051
5052	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5053	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5054
5055	switch (ctsio->cdb[0]) {
5056	case RESERVE_10: {
5057		struct scsi_reserve_10 *cdb;
5058
5059		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5060
5061		if (cdb->byte2 & SR10_LONGID)
5062			longid = 1;
5063		else
5064			thirdparty_id = cdb->thirdparty_id;
5065
5066		resv_id = cdb->resv_id;
5067		length = scsi_2btoul(cdb->length);
5068		break;
5069	}
5070	}
5071
5072	/*
5073	 * XXX KDM right now, we only support LUN reservation.  We don't
5074	 * support 3rd party reservations, or extent reservations, which
5075	 * might actually need the parameter list.  If we've gotten this
5076	 * far, we've got a LUN reservation.  Anything else got kicked out
5077	 * above.  So, according to SPC, ignore the length.
5078	 */
5079	length = 0;
5080
5081	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5082	 && (length > 0)) {
5083		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5084		ctsio->kern_data_len = length;
5085		ctsio->kern_total_len = length;
5086		ctsio->kern_data_resid = 0;
5087		ctsio->kern_rel_offset = 0;
5088		ctsio->kern_sg_entries = 0;
5089		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5090		ctsio->be_move_done = ctl_config_move_done;
5091		ctl_datamove((union ctl_io *)ctsio);
5092
5093		return (CTL_RETVAL_COMPLETE);
5094	}
5095
5096	if (length > 0)
5097		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5098
5099	mtx_lock(&lun->lun_lock);
5100	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5101		ctl_set_reservation_conflict(ctsio);
5102		goto bailout;
5103	}
5104
5105	lun->flags |= CTL_LUN_RESERVED;
5106	lun->res_idx = residx;
5107
5108	ctl_set_success(ctsio);
5109
5110bailout:
5111	mtx_unlock(&lun->lun_lock);
5112
5113	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5114		free(ctsio->kern_data_ptr, M_CTL);
5115		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5116	}
5117
5118	ctl_done((union ctl_io *)ctsio);
5119	return (CTL_RETVAL_COMPLETE);
5120}
5121
5122int
5123ctl_start_stop(struct ctl_scsiio *ctsio)
5124{
5125	struct scsi_start_stop_unit *cdb;
5126	struct ctl_lun *lun;
5127	int retval;
5128
5129	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5130
5131	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5132	retval = 0;
5133
5134	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5135
5136	/*
5137	 * XXX KDM
5138	 * We don't support the immediate bit on a stop unit.  In order to
5139	 * do that, we would need to code up a way to know that a stop is
5140	 * pending, and hold off any new commands until it completes, one
5141	 * way or another.  Then we could accept or reject those commands
5142	 * depending on its status.  We would almost need to do the reverse
5143	 * of what we do below for an immediate start -- return the copy of
5144	 * the ctl_io to the FETD with status to send to the host (and to
5145	 * free the copy!) and then free the original I/O once the stop
5146	 * actually completes.  That way, the OOA queue mechanism can work
5147	 * to block commands that shouldn't proceed.  Another alternative
5148	 * would be to put the copy in the queue in place of the original,
5149	 * and return the original back to the caller.  That could be
5150	 * slightly safer..
5151	 */
5152	if ((cdb->byte2 & SSS_IMMED)
5153	 && ((cdb->how & SSS_START) == 0)) {
5154		ctl_set_invalid_field(ctsio,
5155				      /*sks_valid*/ 1,
5156				      /*command*/ 1,
5157				      /*field*/ 1,
5158				      /*bit_valid*/ 1,
5159				      /*bit*/ 0);
5160		ctl_done((union ctl_io *)ctsio);
5161		return (CTL_RETVAL_COMPLETE);
5162	}
5163
5164	if ((lun->flags & CTL_LUN_PR_RESERVED)
5165	 && ((cdb->how & SSS_START)==0)) {
5166		uint32_t residx;
5167
5168		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5169		if (ctl_get_prkey(lun, residx) == 0
5170		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5171
5172			ctl_set_reservation_conflict(ctsio);
5173			ctl_done((union ctl_io *)ctsio);
5174			return (CTL_RETVAL_COMPLETE);
5175		}
5176	}
5177
5178	/*
5179	 * If there is no backend on this device, we can't start or stop
5180	 * it.  In theory we shouldn't get any start/stop commands in the
5181	 * first place at this level if the LUN doesn't have a backend.
5182	 * That should get stopped by the command decode code.
5183	 */
5184	if (lun->backend == NULL) {
5185		ctl_set_invalid_opcode(ctsio);
5186		ctl_done((union ctl_io *)ctsio);
5187		return (CTL_RETVAL_COMPLETE);
5188	}
5189
5190	/*
5191	 * XXX KDM Copan-specific offline behavior.
5192	 * Figure out a reasonable way to port this?
5193	 */
5194#ifdef NEEDTOPORT
5195	mtx_lock(&lun->lun_lock);
5196
5197	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5198	 && (lun->flags & CTL_LUN_OFFLINE)) {
5199		/*
5200		 * If the LUN is offline, and the on/offline bit isn't set,
5201		 * reject the start or stop.  Otherwise, let it through.
5202		 */
5203		mtx_unlock(&lun->lun_lock);
5204		ctl_set_lun_not_ready(ctsio);
5205		ctl_done((union ctl_io *)ctsio);
5206	} else {
5207		mtx_unlock(&lun->lun_lock);
5208#endif /* NEEDTOPORT */
5209		/*
5210		 * This could be a start or a stop when we're online,
5211		 * or a stop/offline or start/online.  A start or stop when
5212		 * we're offline is covered in the case above.
5213		 */
5214		/*
5215		 * In the non-immediate case, we send the request to
5216		 * the backend and return status to the user when
5217		 * it is done.
5218		 *
5219		 * In the immediate case, we allocate a new ctl_io
5220		 * to hold a copy of the request, and send that to
5221		 * the backend.  We then set good status on the
5222		 * user's request and return it immediately.
5223		 */
5224		if (cdb->byte2 & SSS_IMMED) {
5225			union ctl_io *new_io;
5226
5227			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5228			ctl_copy_io((union ctl_io *)ctsio, new_io);
5229			retval = lun->backend->config_write(new_io);
5230			ctl_set_success(ctsio);
5231			ctl_done((union ctl_io *)ctsio);
5232		} else {
5233			retval = lun->backend->config_write(
5234				(union ctl_io *)ctsio);
5235		}
5236#ifdef NEEDTOPORT
5237	}
5238#endif
5239	return (retval);
5240}
5241
5242/*
5243 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5244 * we don't really do anything with the LBA and length fields if the user
5245 * passes them in.  Instead we'll just flush out the cache for the entire
5246 * LUN.
5247 */
5248int
5249ctl_sync_cache(struct ctl_scsiio *ctsio)
5250{
5251	struct ctl_lun *lun;
5252	struct ctl_softc *softc;
5253	struct ctl_lba_len_flags *lbalen;
5254	uint64_t starting_lba;
5255	uint32_t block_count;
5256	int retval;
5257	uint8_t byte2;
5258
5259	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5260
5261	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5262	softc = lun->ctl_softc;
5263	retval = 0;
5264
5265	switch (ctsio->cdb[0]) {
5266	case SYNCHRONIZE_CACHE: {
5267		struct scsi_sync_cache *cdb;
5268		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5269
5270		starting_lba = scsi_4btoul(cdb->begin_lba);
5271		block_count = scsi_2btoul(cdb->lb_count);
5272		byte2 = cdb->byte2;
5273		break;
5274	}
5275	case SYNCHRONIZE_CACHE_16: {
5276		struct scsi_sync_cache_16 *cdb;
5277		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5278
5279		starting_lba = scsi_8btou64(cdb->begin_lba);
5280		block_count = scsi_4btoul(cdb->lb_count);
5281		byte2 = cdb->byte2;
5282		break;
5283	}
5284	default:
5285		ctl_set_invalid_opcode(ctsio);
5286		ctl_done((union ctl_io *)ctsio);
5287		goto bailout;
5288		break; /* NOTREACHED */
5289	}
5290
5291	/*
5292	 * We check the LBA and length, but don't do anything with them.
5293	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5294	 * get flushed.  This check will just help satisfy anyone who wants
5295	 * to see an error for an out of range LBA.
5296	 */
5297	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5298		ctl_set_lba_out_of_range(ctsio);
5299		ctl_done((union ctl_io *)ctsio);
5300		goto bailout;
5301	}
5302
5303	/*
5304	 * If this LUN has no backend, we can't flush the cache anyway.
5305	 */
5306	if (lun->backend == NULL) {
5307		ctl_set_invalid_opcode(ctsio);
5308		ctl_done((union ctl_io *)ctsio);
5309		goto bailout;
5310	}
5311
5312	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5313	lbalen->lba = starting_lba;
5314	lbalen->len = block_count;
5315	lbalen->flags = byte2;
5316
5317	/*
5318	 * Check to see whether we're configured to send the SYNCHRONIZE
5319	 * CACHE command directly to the back end.
5320	 */
5321	mtx_lock(&lun->lun_lock);
5322	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5323	 && (++(lun->sync_count) >= lun->sync_interval)) {
5324		lun->sync_count = 0;
5325		mtx_unlock(&lun->lun_lock);
5326		retval = lun->backend->config_write((union ctl_io *)ctsio);
5327	} else {
5328		mtx_unlock(&lun->lun_lock);
5329		ctl_set_success(ctsio);
5330		ctl_done((union ctl_io *)ctsio);
5331	}
5332
5333bailout:
5334
5335	return (retval);
5336}
5337
5338int
5339ctl_format(struct ctl_scsiio *ctsio)
5340{
5341	struct scsi_format *cdb;
5342	struct ctl_lun *lun;
5343	int length, defect_list_len;
5344
5345	CTL_DEBUG_PRINT(("ctl_format\n"));
5346
5347	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5348
5349	cdb = (struct scsi_format *)ctsio->cdb;
5350
5351	length = 0;
5352	if (cdb->byte2 & SF_FMTDATA) {
5353		if (cdb->byte2 & SF_LONGLIST)
5354			length = sizeof(struct scsi_format_header_long);
5355		else
5356			length = sizeof(struct scsi_format_header_short);
5357	}
5358
5359	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5360	 && (length > 0)) {
5361		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5362		ctsio->kern_data_len = length;
5363		ctsio->kern_total_len = length;
5364		ctsio->kern_data_resid = 0;
5365		ctsio->kern_rel_offset = 0;
5366		ctsio->kern_sg_entries = 0;
5367		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5368		ctsio->be_move_done = ctl_config_move_done;
5369		ctl_datamove((union ctl_io *)ctsio);
5370
5371		return (CTL_RETVAL_COMPLETE);
5372	}
5373
5374	defect_list_len = 0;
5375
5376	if (cdb->byte2 & SF_FMTDATA) {
5377		if (cdb->byte2 & SF_LONGLIST) {
5378			struct scsi_format_header_long *header;
5379
5380			header = (struct scsi_format_header_long *)
5381				ctsio->kern_data_ptr;
5382
5383			defect_list_len = scsi_4btoul(header->defect_list_len);
5384			if (defect_list_len != 0) {
5385				ctl_set_invalid_field(ctsio,
5386						      /*sks_valid*/ 1,
5387						      /*command*/ 0,
5388						      /*field*/ 2,
5389						      /*bit_valid*/ 0,
5390						      /*bit*/ 0);
5391				goto bailout;
5392			}
5393		} else {
5394			struct scsi_format_header_short *header;
5395
5396			header = (struct scsi_format_header_short *)
5397				ctsio->kern_data_ptr;
5398
5399			defect_list_len = scsi_2btoul(header->defect_list_len);
5400			if (defect_list_len != 0) {
5401				ctl_set_invalid_field(ctsio,
5402						      /*sks_valid*/ 1,
5403						      /*command*/ 0,
5404						      /*field*/ 2,
5405						      /*bit_valid*/ 0,
5406						      /*bit*/ 0);
5407				goto bailout;
5408			}
5409		}
5410	}
5411
5412	/*
5413	 * The format command will clear out the "Medium format corrupted"
5414	 * status if set by the configuration code.  That status is really
5415	 * just a way to notify the host that we have lost the media, and
5416	 * get them to issue a command that will basically make them think
5417	 * they're blowing away the media.
5418	 */
5419	mtx_lock(&lun->lun_lock);
5420	lun->flags &= ~CTL_LUN_INOPERABLE;
5421	mtx_unlock(&lun->lun_lock);
5422
5423	ctl_set_success(ctsio);
5424bailout:
5425
5426	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5427		free(ctsio->kern_data_ptr, M_CTL);
5428		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5429	}
5430
5431	ctl_done((union ctl_io *)ctsio);
5432	return (CTL_RETVAL_COMPLETE);
5433}
5434
5435int
5436ctl_read_buffer(struct ctl_scsiio *ctsio)
5437{
5438	struct scsi_read_buffer *cdb;
5439	struct ctl_lun *lun;
5440	int buffer_offset, len;
5441	static uint8_t descr[4];
5442	static uint8_t echo_descr[4] = { 0 };
5443
5444	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5445
5446	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5447	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5448
5449	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5450	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5451	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5452		ctl_set_invalid_field(ctsio,
5453				      /*sks_valid*/ 1,
5454				      /*command*/ 1,
5455				      /*field*/ 1,
5456				      /*bit_valid*/ 1,
5457				      /*bit*/ 4);
5458		ctl_done((union ctl_io *)ctsio);
5459		return (CTL_RETVAL_COMPLETE);
5460	}
5461
5462	len = scsi_3btoul(cdb->length);
5463	buffer_offset = scsi_3btoul(cdb->offset);
5464
5465	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5466		ctl_set_invalid_field(ctsio,
5467				      /*sks_valid*/ 1,
5468				      /*command*/ 1,
5469				      /*field*/ 6,
5470				      /*bit_valid*/ 0,
5471				      /*bit*/ 0);
5472		ctl_done((union ctl_io *)ctsio);
5473		return (CTL_RETVAL_COMPLETE);
5474	}
5475
5476	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5477		descr[0] = 0;
5478		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5479		ctsio->kern_data_ptr = descr;
5480		len = min(len, sizeof(descr));
5481	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5482		ctsio->kern_data_ptr = echo_descr;
5483		len = min(len, sizeof(echo_descr));
5484	} else {
5485		if (lun->write_buffer == NULL) {
5486			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5487			    M_CTL, M_WAITOK);
5488		}
5489		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5490	}
5491	ctsio->kern_data_len = len;
5492	ctsio->kern_total_len = len;
5493	ctsio->kern_data_resid = 0;
5494	ctsio->kern_rel_offset = 0;
5495	ctsio->kern_sg_entries = 0;
5496	ctl_set_success(ctsio);
5497	ctsio->be_move_done = ctl_config_move_done;
5498	ctl_datamove((union ctl_io *)ctsio);
5499	return (CTL_RETVAL_COMPLETE);
5500}
5501
5502int
5503ctl_write_buffer(struct ctl_scsiio *ctsio)
5504{
5505	struct scsi_write_buffer *cdb;
5506	struct ctl_lun *lun;
5507	int buffer_offset, len;
5508
5509	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5510
5511	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5512	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5513
5514	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5515		ctl_set_invalid_field(ctsio,
5516				      /*sks_valid*/ 1,
5517				      /*command*/ 1,
5518				      /*field*/ 1,
5519				      /*bit_valid*/ 1,
5520				      /*bit*/ 4);
5521		ctl_done((union ctl_io *)ctsio);
5522		return (CTL_RETVAL_COMPLETE);
5523	}
5524
5525	len = scsi_3btoul(cdb->length);
5526	buffer_offset = scsi_3btoul(cdb->offset);
5527
5528	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5529		ctl_set_invalid_field(ctsio,
5530				      /*sks_valid*/ 1,
5531				      /*command*/ 1,
5532				      /*field*/ 6,
5533				      /*bit_valid*/ 0,
5534				      /*bit*/ 0);
5535		ctl_done((union ctl_io *)ctsio);
5536		return (CTL_RETVAL_COMPLETE);
5537	}
5538
5539	/*
5540	 * If we've got a kernel request that hasn't been malloced yet,
5541	 * malloc it and tell the caller the data buffer is here.
5542	 */
5543	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5544		if (lun->write_buffer == NULL) {
5545			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5546			    M_CTL, M_WAITOK);
5547		}
5548		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5549		ctsio->kern_data_len = len;
5550		ctsio->kern_total_len = len;
5551		ctsio->kern_data_resid = 0;
5552		ctsio->kern_rel_offset = 0;
5553		ctsio->kern_sg_entries = 0;
5554		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5555		ctsio->be_move_done = ctl_config_move_done;
5556		ctl_datamove((union ctl_io *)ctsio);
5557
5558		return (CTL_RETVAL_COMPLETE);
5559	}
5560
5561	ctl_set_success(ctsio);
5562	ctl_done((union ctl_io *)ctsio);
5563	return (CTL_RETVAL_COMPLETE);
5564}
5565
5566int
5567ctl_write_same(struct ctl_scsiio *ctsio)
5568{
5569	struct ctl_lun *lun;
5570	struct ctl_lba_len_flags *lbalen;
5571	uint64_t lba;
5572	uint32_t num_blocks;
5573	int len, retval;
5574	uint8_t byte2;
5575
5576	retval = CTL_RETVAL_COMPLETE;
5577
5578	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5579
5580	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5581
5582	switch (ctsio->cdb[0]) {
5583	case WRITE_SAME_10: {
5584		struct scsi_write_same_10 *cdb;
5585
5586		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5587
5588		lba = scsi_4btoul(cdb->addr);
5589		num_blocks = scsi_2btoul(cdb->length);
5590		byte2 = cdb->byte2;
5591		break;
5592	}
5593	case WRITE_SAME_16: {
5594		struct scsi_write_same_16 *cdb;
5595
5596		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5597
5598		lba = scsi_8btou64(cdb->addr);
5599		num_blocks = scsi_4btoul(cdb->length);
5600		byte2 = cdb->byte2;
5601		break;
5602	}
5603	default:
5604		/*
5605		 * We got a command we don't support.  This shouldn't
5606		 * happen, commands should be filtered out above us.
5607		 */
5608		ctl_set_invalid_opcode(ctsio);
5609		ctl_done((union ctl_io *)ctsio);
5610
5611		return (CTL_RETVAL_COMPLETE);
5612		break; /* NOTREACHED */
5613	}
5614
5615	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5616	if ((byte2 & SWS_UNMAP) == 0 &&
5617	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5618		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5619		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5620		ctl_done((union ctl_io *)ctsio);
5621		return (CTL_RETVAL_COMPLETE);
5622	}
5623
5624	/*
5625	 * The first check is to make sure we're in bounds, the second
5626	 * check is to catch wrap-around problems.  If the lba + num blocks
5627	 * is less than the lba, then we've wrapped around and the block
5628	 * range is invalid anyway.
5629	 */
5630	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5631	 || ((lba + num_blocks) < lba)) {
5632		ctl_set_lba_out_of_range(ctsio);
5633		ctl_done((union ctl_io *)ctsio);
5634		return (CTL_RETVAL_COMPLETE);
5635	}
5636
5637	/* Zero number of blocks means "to the last logical block" */
5638	if (num_blocks == 0) {
5639		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5640			ctl_set_invalid_field(ctsio,
5641					      /*sks_valid*/ 0,
5642					      /*command*/ 1,
5643					      /*field*/ 0,
5644					      /*bit_valid*/ 0,
5645					      /*bit*/ 0);
5646			ctl_done((union ctl_io *)ctsio);
5647			return (CTL_RETVAL_COMPLETE);
5648		}
5649		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5650	}
5651
5652	len = lun->be_lun->blocksize;
5653
5654	/*
5655	 * If we've got a kernel request that hasn't been malloced yet,
5656	 * malloc it and tell the caller the data buffer is here.
5657	 */
5658	if ((byte2 & SWS_NDOB) == 0 &&
5659	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5660		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5661		ctsio->kern_data_len = len;
5662		ctsio->kern_total_len = len;
5663		ctsio->kern_data_resid = 0;
5664		ctsio->kern_rel_offset = 0;
5665		ctsio->kern_sg_entries = 0;
5666		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5667		ctsio->be_move_done = ctl_config_move_done;
5668		ctl_datamove((union ctl_io *)ctsio);
5669
5670		return (CTL_RETVAL_COMPLETE);
5671	}
5672
5673	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5674	lbalen->lba = lba;
5675	lbalen->len = num_blocks;
5676	lbalen->flags = byte2;
5677	retval = lun->backend->config_write((union ctl_io *)ctsio);
5678
5679	return (retval);
5680}
5681
5682int
5683ctl_unmap(struct ctl_scsiio *ctsio)
5684{
5685	struct ctl_lun *lun;
5686	struct scsi_unmap *cdb;
5687	struct ctl_ptr_len_flags *ptrlen;
5688	struct scsi_unmap_header *hdr;
5689	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5690	uint64_t lba;
5691	uint32_t num_blocks;
5692	int len, retval;
5693	uint8_t byte2;
5694
5695	retval = CTL_RETVAL_COMPLETE;
5696
5697	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5698
5699	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5700	cdb = (struct scsi_unmap *)ctsio->cdb;
5701
5702	len = scsi_2btoul(cdb->length);
5703	byte2 = cdb->byte2;
5704
5705	/*
5706	 * If we've got a kernel request that hasn't been malloced yet,
5707	 * malloc it and tell the caller the data buffer is here.
5708	 */
5709	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5710		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5711		ctsio->kern_data_len = len;
5712		ctsio->kern_total_len = len;
5713		ctsio->kern_data_resid = 0;
5714		ctsio->kern_rel_offset = 0;
5715		ctsio->kern_sg_entries = 0;
5716		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5717		ctsio->be_move_done = ctl_config_move_done;
5718		ctl_datamove((union ctl_io *)ctsio);
5719
5720		return (CTL_RETVAL_COMPLETE);
5721	}
5722
5723	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5724	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5725	if (len < sizeof (*hdr) ||
5726	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5727	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5728	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5729		ctl_set_invalid_field(ctsio,
5730				      /*sks_valid*/ 0,
5731				      /*command*/ 0,
5732				      /*field*/ 0,
5733				      /*bit_valid*/ 0,
5734				      /*bit*/ 0);
5735		goto done;
5736	}
5737	len = scsi_2btoul(hdr->desc_length);
5738	buf = (struct scsi_unmap_desc *)(hdr + 1);
5739	end = buf + len / sizeof(*buf);
5740
5741	endnz = buf;
5742	for (range = buf; range < end; range++) {
5743		lba = scsi_8btou64(range->lba);
5744		num_blocks = scsi_4btoul(range->length);
5745		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5746		 || ((lba + num_blocks) < lba)) {
5747			ctl_set_lba_out_of_range(ctsio);
5748			ctl_done((union ctl_io *)ctsio);
5749			return (CTL_RETVAL_COMPLETE);
5750		}
5751		if (num_blocks != 0)
5752			endnz = range + 1;
5753	}
5754
5755	/*
5756	 * Block backend can not handle zero last range.
5757	 * Filter it out and return if there is nothing left.
5758	 */
5759	len = (uint8_t *)endnz - (uint8_t *)buf;
5760	if (len == 0) {
5761		ctl_set_success(ctsio);
5762		goto done;
5763	}
5764
5765	mtx_lock(&lun->lun_lock);
5766	ptrlen = (struct ctl_ptr_len_flags *)
5767	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5768	ptrlen->ptr = (void *)buf;
5769	ptrlen->len = len;
5770	ptrlen->flags = byte2;
5771	ctl_check_blocked(lun);
5772	mtx_unlock(&lun->lun_lock);
5773
5774	retval = lun->backend->config_write((union ctl_io *)ctsio);
5775	return (retval);
5776
5777done:
5778	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5779		free(ctsio->kern_data_ptr, M_CTL);
5780		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5781	}
5782	ctl_done((union ctl_io *)ctsio);
5783	return (CTL_RETVAL_COMPLETE);
5784}
5785
5786/*
5787 * Note that this function currently doesn't actually do anything inside
5788 * CTL to enforce things if the DQue bit is turned on.
5789 *
5790 * Also note that this function can't be used in the default case, because
5791 * the DQue bit isn't set in the changeable mask for the control mode page
5792 * anyway.  This is just here as an example for how to implement a page
5793 * handler, and a placeholder in case we want to allow the user to turn
5794 * tagged queueing on and off.
5795 *
5796 * The D_SENSE bit handling is functional, however, and will turn
5797 * descriptor sense on and off for a given LUN.
5798 */
5799int
5800ctl_control_page_handler(struct ctl_scsiio *ctsio,
5801			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5802{
5803	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5804	struct ctl_lun *lun;
5805	int set_ua;
5806	uint32_t initidx;
5807
5808	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5809	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5810	set_ua = 0;
5811
5812	user_cp = (struct scsi_control_page *)page_ptr;
5813	current_cp = (struct scsi_control_page *)
5814		(page_index->page_data + (page_index->page_len *
5815		CTL_PAGE_CURRENT));
5816	saved_cp = (struct scsi_control_page *)
5817		(page_index->page_data + (page_index->page_len *
5818		CTL_PAGE_SAVED));
5819
5820	mtx_lock(&lun->lun_lock);
5821	if (((current_cp->rlec & SCP_DSENSE) == 0)
5822	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5823		/*
5824		 * Descriptor sense is currently turned off and the user
5825		 * wants to turn it on.
5826		 */
5827		current_cp->rlec |= SCP_DSENSE;
5828		saved_cp->rlec |= SCP_DSENSE;
5829		lun->flags |= CTL_LUN_SENSE_DESC;
5830		set_ua = 1;
5831	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5832		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5833		/*
5834		 * Descriptor sense is currently turned on, and the user
5835		 * wants to turn it off.
5836		 */
5837		current_cp->rlec &= ~SCP_DSENSE;
5838		saved_cp->rlec &= ~SCP_DSENSE;
5839		lun->flags &= ~CTL_LUN_SENSE_DESC;
5840		set_ua = 1;
5841	}
5842	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5843	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5844		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5845		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5846		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5847		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5848		set_ua = 1;
5849	}
5850	if ((current_cp->eca_and_aen & SCP_SWP) !=
5851	    (user_cp->eca_and_aen & SCP_SWP)) {
5852		current_cp->eca_and_aen &= ~SCP_SWP;
5853		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5854		saved_cp->eca_and_aen &= ~SCP_SWP;
5855		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5856		set_ua = 1;
5857	}
5858	if (set_ua != 0)
5859		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5860	mtx_unlock(&lun->lun_lock);
5861
5862	return (0);
5863}
5864
5865int
5866ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5867		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5868{
5869	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5870	struct ctl_lun *lun;
5871	int set_ua;
5872	uint32_t initidx;
5873
5874	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5875	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5876	set_ua = 0;
5877
5878	user_cp = (struct scsi_caching_page *)page_ptr;
5879	current_cp = (struct scsi_caching_page *)
5880		(page_index->page_data + (page_index->page_len *
5881		CTL_PAGE_CURRENT));
5882	saved_cp = (struct scsi_caching_page *)
5883		(page_index->page_data + (page_index->page_len *
5884		CTL_PAGE_SAVED));
5885
5886	mtx_lock(&lun->lun_lock);
5887	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5888	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5889		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5890		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5891		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5892		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5893		set_ua = 1;
5894	}
5895	if (set_ua != 0)
5896		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5897	mtx_unlock(&lun->lun_lock);
5898
5899	return (0);
5900}
5901
5902int
5903ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5904				struct ctl_page_index *page_index,
5905				uint8_t *page_ptr)
5906{
5907	uint8_t *c;
5908	int i;
5909
5910	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5911	ctl_time_io_secs =
5912		(c[0] << 8) |
5913		(c[1] << 0) |
5914		0;
5915	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5916	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5917	printf("page data:");
5918	for (i=0; i<8; i++)
5919		printf(" %.2x",page_ptr[i]);
5920	printf("\n");
5921	return (0);
5922}
5923
5924int
5925ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5926			       struct ctl_page_index *page_index,
5927			       int pc)
5928{
5929	struct copan_debugconf_subpage *page;
5930
5931	page = (struct copan_debugconf_subpage *)page_index->page_data +
5932		(page_index->page_len * pc);
5933
5934	switch (pc) {
5935	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5936	case SMS_PAGE_CTRL_DEFAULT >> 6:
5937	case SMS_PAGE_CTRL_SAVED >> 6:
5938		/*
5939		 * We don't update the changable or default bits for this page.
5940		 */
5941		break;
5942	case SMS_PAGE_CTRL_CURRENT >> 6:
5943		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5944		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5945		break;
5946	default:
5947#ifdef NEEDTOPORT
5948		EPRINT(0, "Invalid PC %d!!", pc);
5949#endif /* NEEDTOPORT */
5950		break;
5951	}
5952	return (0);
5953}
5954
5955
5956static int
5957ctl_do_mode_select(union ctl_io *io)
5958{
5959	struct scsi_mode_page_header *page_header;
5960	struct ctl_page_index *page_index;
5961	struct ctl_scsiio *ctsio;
5962	int control_dev, page_len;
5963	int page_len_offset, page_len_size;
5964	union ctl_modepage_info *modepage_info;
5965	struct ctl_lun *lun;
5966	int *len_left, *len_used;
5967	int retval, i;
5968
5969	ctsio = &io->scsiio;
5970	page_index = NULL;
5971	page_len = 0;
5972	retval = CTL_RETVAL_COMPLETE;
5973
5974	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5975
5976	if (lun->be_lun->lun_type != T_DIRECT)
5977		control_dev = 1;
5978	else
5979		control_dev = 0;
5980
5981	modepage_info = (union ctl_modepage_info *)
5982		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5983	len_left = &modepage_info->header.len_left;
5984	len_used = &modepage_info->header.len_used;
5985
5986do_next_page:
5987
5988	page_header = (struct scsi_mode_page_header *)
5989		(ctsio->kern_data_ptr + *len_used);
5990
5991	if (*len_left == 0) {
5992		free(ctsio->kern_data_ptr, M_CTL);
5993		ctl_set_success(ctsio);
5994		ctl_done((union ctl_io *)ctsio);
5995		return (CTL_RETVAL_COMPLETE);
5996	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5997
5998		free(ctsio->kern_data_ptr, M_CTL);
5999		ctl_set_param_len_error(ctsio);
6000		ctl_done((union ctl_io *)ctsio);
6001		return (CTL_RETVAL_COMPLETE);
6002
6003	} else if ((page_header->page_code & SMPH_SPF)
6004		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6005
6006		free(ctsio->kern_data_ptr, M_CTL);
6007		ctl_set_param_len_error(ctsio);
6008		ctl_done((union ctl_io *)ctsio);
6009		return (CTL_RETVAL_COMPLETE);
6010	}
6011
6012
6013	/*
6014	 * XXX KDM should we do something with the block descriptor?
6015	 */
6016	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6017
6018		if ((control_dev != 0)
6019		 && (lun->mode_pages.index[i].page_flags &
6020		     CTL_PAGE_FLAG_DISK_ONLY))
6021			continue;
6022
6023		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6024		    (page_header->page_code & SMPH_PC_MASK))
6025			continue;
6026
6027		/*
6028		 * If neither page has a subpage code, then we've got a
6029		 * match.
6030		 */
6031		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6032		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6033			page_index = &lun->mode_pages.index[i];
6034			page_len = page_header->page_length;
6035			break;
6036		}
6037
6038		/*
6039		 * If both pages have subpages, then the subpage numbers
6040		 * have to match.
6041		 */
6042		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6043		  && (page_header->page_code & SMPH_SPF)) {
6044			struct scsi_mode_page_header_sp *sph;
6045
6046			sph = (struct scsi_mode_page_header_sp *)page_header;
6047
6048			if (lun->mode_pages.index[i].subpage ==
6049			    sph->subpage) {
6050				page_index = &lun->mode_pages.index[i];
6051				page_len = scsi_2btoul(sph->page_length);
6052				break;
6053			}
6054		}
6055	}
6056
6057	/*
6058	 * If we couldn't find the page, or if we don't have a mode select
6059	 * handler for it, send back an error to the user.
6060	 */
6061	if ((page_index == NULL)
6062	 || (page_index->select_handler == NULL)) {
6063		ctl_set_invalid_field(ctsio,
6064				      /*sks_valid*/ 1,
6065				      /*command*/ 0,
6066				      /*field*/ *len_used,
6067				      /*bit_valid*/ 0,
6068				      /*bit*/ 0);
6069		free(ctsio->kern_data_ptr, M_CTL);
6070		ctl_done((union ctl_io *)ctsio);
6071		return (CTL_RETVAL_COMPLETE);
6072	}
6073
6074	if (page_index->page_code & SMPH_SPF) {
6075		page_len_offset = 2;
6076		page_len_size = 2;
6077	} else {
6078		page_len_size = 1;
6079		page_len_offset = 1;
6080	}
6081
6082	/*
6083	 * If the length the initiator gives us isn't the one we specify in
6084	 * the mode page header, or if they didn't specify enough data in
6085	 * the CDB to avoid truncating this page, kick out the request.
6086	 */
6087	if ((page_len != (page_index->page_len - page_len_offset -
6088			  page_len_size))
6089	 || (*len_left < page_index->page_len)) {
6090
6091
6092		ctl_set_invalid_field(ctsio,
6093				      /*sks_valid*/ 1,
6094				      /*command*/ 0,
6095				      /*field*/ *len_used + page_len_offset,
6096				      /*bit_valid*/ 0,
6097				      /*bit*/ 0);
6098		free(ctsio->kern_data_ptr, M_CTL);
6099		ctl_done((union ctl_io *)ctsio);
6100		return (CTL_RETVAL_COMPLETE);
6101	}
6102
6103	/*
6104	 * Run through the mode page, checking to make sure that the bits
6105	 * the user changed are actually legal for him to change.
6106	 */
6107	for (i = 0; i < page_index->page_len; i++) {
6108		uint8_t *user_byte, *change_mask, *current_byte;
6109		int bad_bit;
6110		int j;
6111
6112		user_byte = (uint8_t *)page_header + i;
6113		change_mask = page_index->page_data +
6114			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6115		current_byte = page_index->page_data +
6116			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6117
6118		/*
6119		 * Check to see whether the user set any bits in this byte
6120		 * that he is not allowed to set.
6121		 */
6122		if ((*user_byte & ~(*change_mask)) ==
6123		    (*current_byte & ~(*change_mask)))
6124			continue;
6125
6126		/*
6127		 * Go through bit by bit to determine which one is illegal.
6128		 */
6129		bad_bit = 0;
6130		for (j = 7; j >= 0; j--) {
6131			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6132			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6133				bad_bit = i;
6134				break;
6135			}
6136		}
6137		ctl_set_invalid_field(ctsio,
6138				      /*sks_valid*/ 1,
6139				      /*command*/ 0,
6140				      /*field*/ *len_used + i,
6141				      /*bit_valid*/ 1,
6142				      /*bit*/ bad_bit);
6143		free(ctsio->kern_data_ptr, M_CTL);
6144		ctl_done((union ctl_io *)ctsio);
6145		return (CTL_RETVAL_COMPLETE);
6146	}
6147
6148	/*
6149	 * Decrement these before we call the page handler, since we may
6150	 * end up getting called back one way or another before the handler
6151	 * returns to this context.
6152	 */
6153	*len_left -= page_index->page_len;
6154	*len_used += page_index->page_len;
6155
6156	retval = page_index->select_handler(ctsio, page_index,
6157					    (uint8_t *)page_header);
6158
6159	/*
6160	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6161	 * wait until this queued command completes to finish processing
6162	 * the mode page.  If it returns anything other than
6163	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6164	 * already set the sense information, freed the data pointer, and
6165	 * completed the io for us.
6166	 */
6167	if (retval != CTL_RETVAL_COMPLETE)
6168		goto bailout_no_done;
6169
6170	/*
6171	 * If the initiator sent us more than one page, parse the next one.
6172	 */
6173	if (*len_left > 0)
6174		goto do_next_page;
6175
6176	ctl_set_success(ctsio);
6177	free(ctsio->kern_data_ptr, M_CTL);
6178	ctl_done((union ctl_io *)ctsio);
6179
6180bailout_no_done:
6181
6182	return (CTL_RETVAL_COMPLETE);
6183
6184}
6185
6186int
6187ctl_mode_select(struct ctl_scsiio *ctsio)
6188{
6189	int param_len, pf, sp;
6190	int header_size, bd_len;
6191	int len_left, len_used;
6192	struct ctl_page_index *page_index;
6193	struct ctl_lun *lun;
6194	int control_dev, page_len;
6195	union ctl_modepage_info *modepage_info;
6196	int retval;
6197
6198	pf = 0;
6199	sp = 0;
6200	page_len = 0;
6201	len_used = 0;
6202	len_left = 0;
6203	retval = 0;
6204	bd_len = 0;
6205	page_index = NULL;
6206
6207	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6208
6209	if (lun->be_lun->lun_type != T_DIRECT)
6210		control_dev = 1;
6211	else
6212		control_dev = 0;
6213
6214	switch (ctsio->cdb[0]) {
6215	case MODE_SELECT_6: {
6216		struct scsi_mode_select_6 *cdb;
6217
6218		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6219
6220		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6221		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6222
6223		param_len = cdb->length;
6224		header_size = sizeof(struct scsi_mode_header_6);
6225		break;
6226	}
6227	case MODE_SELECT_10: {
6228		struct scsi_mode_select_10 *cdb;
6229
6230		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6231
6232		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6233		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6234
6235		param_len = scsi_2btoul(cdb->length);
6236		header_size = sizeof(struct scsi_mode_header_10);
6237		break;
6238	}
6239	default:
6240		ctl_set_invalid_opcode(ctsio);
6241		ctl_done((union ctl_io *)ctsio);
6242		return (CTL_RETVAL_COMPLETE);
6243		break; /* NOTREACHED */
6244	}
6245
6246	/*
6247	 * From SPC-3:
6248	 * "A parameter list length of zero indicates that the Data-Out Buffer
6249	 * shall be empty. This condition shall not be considered as an error."
6250	 */
6251	if (param_len == 0) {
6252		ctl_set_success(ctsio);
6253		ctl_done((union ctl_io *)ctsio);
6254		return (CTL_RETVAL_COMPLETE);
6255	}
6256
6257	/*
6258	 * Since we'll hit this the first time through, prior to
6259	 * allocation, we don't need to free a data buffer here.
6260	 */
6261	if (param_len < header_size) {
6262		ctl_set_param_len_error(ctsio);
6263		ctl_done((union ctl_io *)ctsio);
6264		return (CTL_RETVAL_COMPLETE);
6265	}
6266
6267	/*
6268	 * Allocate the data buffer and grab the user's data.  In theory,
6269	 * we shouldn't have to sanity check the parameter list length here
6270	 * because the maximum size is 64K.  We should be able to malloc
6271	 * that much without too many problems.
6272	 */
6273	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6274		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6275		ctsio->kern_data_len = param_len;
6276		ctsio->kern_total_len = param_len;
6277		ctsio->kern_data_resid = 0;
6278		ctsio->kern_rel_offset = 0;
6279		ctsio->kern_sg_entries = 0;
6280		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6281		ctsio->be_move_done = ctl_config_move_done;
6282		ctl_datamove((union ctl_io *)ctsio);
6283
6284		return (CTL_RETVAL_COMPLETE);
6285	}
6286
6287	switch (ctsio->cdb[0]) {
6288	case MODE_SELECT_6: {
6289		struct scsi_mode_header_6 *mh6;
6290
6291		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6292		bd_len = mh6->blk_desc_len;
6293		break;
6294	}
6295	case MODE_SELECT_10: {
6296		struct scsi_mode_header_10 *mh10;
6297
6298		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6299		bd_len = scsi_2btoul(mh10->blk_desc_len);
6300		break;
6301	}
6302	default:
6303		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6304		break;
6305	}
6306
6307	if (param_len < (header_size + bd_len)) {
6308		free(ctsio->kern_data_ptr, M_CTL);
6309		ctl_set_param_len_error(ctsio);
6310		ctl_done((union ctl_io *)ctsio);
6311		return (CTL_RETVAL_COMPLETE);
6312	}
6313
6314	/*
6315	 * Set the IO_CONT flag, so that if this I/O gets passed to
6316	 * ctl_config_write_done(), it'll get passed back to
6317	 * ctl_do_mode_select() for further processing, or completion if
6318	 * we're all done.
6319	 */
6320	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6321	ctsio->io_cont = ctl_do_mode_select;
6322
6323	modepage_info = (union ctl_modepage_info *)
6324		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6325
6326	memset(modepage_info, 0, sizeof(*modepage_info));
6327
6328	len_left = param_len - header_size - bd_len;
6329	len_used = header_size + bd_len;
6330
6331	modepage_info->header.len_left = len_left;
6332	modepage_info->header.len_used = len_used;
6333
6334	return (ctl_do_mode_select((union ctl_io *)ctsio));
6335}
6336
6337int
6338ctl_mode_sense(struct ctl_scsiio *ctsio)
6339{
6340	struct ctl_lun *lun;
6341	int pc, page_code, dbd, llba, subpage;
6342	int alloc_len, page_len, header_len, total_len;
6343	struct scsi_mode_block_descr *block_desc;
6344	struct ctl_page_index *page_index;
6345	int control_dev;
6346
6347	dbd = 0;
6348	llba = 0;
6349	block_desc = NULL;
6350	page_index = NULL;
6351
6352	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6353
6354	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6355
6356	if (lun->be_lun->lun_type != T_DIRECT)
6357		control_dev = 1;
6358	else
6359		control_dev = 0;
6360
6361	switch (ctsio->cdb[0]) {
6362	case MODE_SENSE_6: {
6363		struct scsi_mode_sense_6 *cdb;
6364
6365		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6366
6367		header_len = sizeof(struct scsi_mode_hdr_6);
6368		if (cdb->byte2 & SMS_DBD)
6369			dbd = 1;
6370		else
6371			header_len += sizeof(struct scsi_mode_block_descr);
6372
6373		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6374		page_code = cdb->page & SMS_PAGE_CODE;
6375		subpage = cdb->subpage;
6376		alloc_len = cdb->length;
6377		break;
6378	}
6379	case MODE_SENSE_10: {
6380		struct scsi_mode_sense_10 *cdb;
6381
6382		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6383
6384		header_len = sizeof(struct scsi_mode_hdr_10);
6385
6386		if (cdb->byte2 & SMS_DBD)
6387			dbd = 1;
6388		else
6389			header_len += sizeof(struct scsi_mode_block_descr);
6390		if (cdb->byte2 & SMS10_LLBAA)
6391			llba = 1;
6392		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6393		page_code = cdb->page & SMS_PAGE_CODE;
6394		subpage = cdb->subpage;
6395		alloc_len = scsi_2btoul(cdb->length);
6396		break;
6397	}
6398	default:
6399		ctl_set_invalid_opcode(ctsio);
6400		ctl_done((union ctl_io *)ctsio);
6401		return (CTL_RETVAL_COMPLETE);
6402		break; /* NOTREACHED */
6403	}
6404
6405	/*
6406	 * We have to make a first pass through to calculate the size of
6407	 * the pages that match the user's query.  Then we allocate enough
6408	 * memory to hold it, and actually copy the data into the buffer.
6409	 */
6410	switch (page_code) {
6411	case SMS_ALL_PAGES_PAGE: {
6412		int i;
6413
6414		page_len = 0;
6415
6416		/*
6417		 * At the moment, values other than 0 and 0xff here are
6418		 * reserved according to SPC-3.
6419		 */
6420		if ((subpage != SMS_SUBPAGE_PAGE_0)
6421		 && (subpage != SMS_SUBPAGE_ALL)) {
6422			ctl_set_invalid_field(ctsio,
6423					      /*sks_valid*/ 1,
6424					      /*command*/ 1,
6425					      /*field*/ 3,
6426					      /*bit_valid*/ 0,
6427					      /*bit*/ 0);
6428			ctl_done((union ctl_io *)ctsio);
6429			return (CTL_RETVAL_COMPLETE);
6430		}
6431
6432		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6433			if ((control_dev != 0)
6434			 && (lun->mode_pages.index[i].page_flags &
6435			     CTL_PAGE_FLAG_DISK_ONLY))
6436				continue;
6437
6438			/*
6439			 * We don't use this subpage if the user didn't
6440			 * request all subpages.
6441			 */
6442			if ((lun->mode_pages.index[i].subpage != 0)
6443			 && (subpage == SMS_SUBPAGE_PAGE_0))
6444				continue;
6445
6446#if 0
6447			printf("found page %#x len %d\n",
6448			       lun->mode_pages.index[i].page_code &
6449			       SMPH_PC_MASK,
6450			       lun->mode_pages.index[i].page_len);
6451#endif
6452			page_len += lun->mode_pages.index[i].page_len;
6453		}
6454		break;
6455	}
6456	default: {
6457		int i;
6458
6459		page_len = 0;
6460
6461		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6462			/* Look for the right page code */
6463			if ((lun->mode_pages.index[i].page_code &
6464			     SMPH_PC_MASK) != page_code)
6465				continue;
6466
6467			/* Look for the right subpage or the subpage wildcard*/
6468			if ((lun->mode_pages.index[i].subpage != subpage)
6469			 && (subpage != SMS_SUBPAGE_ALL))
6470				continue;
6471
6472			/* Make sure the page is supported for this dev type */
6473			if ((control_dev != 0)
6474			 && (lun->mode_pages.index[i].page_flags &
6475			     CTL_PAGE_FLAG_DISK_ONLY))
6476				continue;
6477
6478#if 0
6479			printf("found page %#x len %d\n",
6480			       lun->mode_pages.index[i].page_code &
6481			       SMPH_PC_MASK,
6482			       lun->mode_pages.index[i].page_len);
6483#endif
6484
6485			page_len += lun->mode_pages.index[i].page_len;
6486		}
6487
6488		if (page_len == 0) {
6489			ctl_set_invalid_field(ctsio,
6490					      /*sks_valid*/ 1,
6491					      /*command*/ 1,
6492					      /*field*/ 2,
6493					      /*bit_valid*/ 1,
6494					      /*bit*/ 5);
6495			ctl_done((union ctl_io *)ctsio);
6496			return (CTL_RETVAL_COMPLETE);
6497		}
6498		break;
6499	}
6500	}
6501
6502	total_len = header_len + page_len;
6503#if 0
6504	printf("header_len = %d, page_len = %d, total_len = %d\n",
6505	       header_len, page_len, total_len);
6506#endif
6507
6508	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6509	ctsio->kern_sg_entries = 0;
6510	ctsio->kern_data_resid = 0;
6511	ctsio->kern_rel_offset = 0;
6512	if (total_len < alloc_len) {
6513		ctsio->residual = alloc_len - total_len;
6514		ctsio->kern_data_len = total_len;
6515		ctsio->kern_total_len = total_len;
6516	} else {
6517		ctsio->residual = 0;
6518		ctsio->kern_data_len = alloc_len;
6519		ctsio->kern_total_len = alloc_len;
6520	}
6521
6522	switch (ctsio->cdb[0]) {
6523	case MODE_SENSE_6: {
6524		struct scsi_mode_hdr_6 *header;
6525
6526		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6527
6528		header->datalen = MIN(total_len - 1, 254);
6529		if (control_dev == 0) {
6530			header->dev_specific = 0x10; /* DPOFUA */
6531			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6532			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6533			    .eca_and_aen & SCP_SWP) != 0)
6534				    header->dev_specific |= 0x80; /* WP */
6535		}
6536		if (dbd)
6537			header->block_descr_len = 0;
6538		else
6539			header->block_descr_len =
6540				sizeof(struct scsi_mode_block_descr);
6541		block_desc = (struct scsi_mode_block_descr *)&header[1];
6542		break;
6543	}
6544	case MODE_SENSE_10: {
6545		struct scsi_mode_hdr_10 *header;
6546		int datalen;
6547
6548		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6549
6550		datalen = MIN(total_len - 2, 65533);
6551		scsi_ulto2b(datalen, header->datalen);
6552		if (control_dev == 0) {
6553			header->dev_specific = 0x10; /* DPOFUA */
6554			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6555			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6556			    .eca_and_aen & SCP_SWP) != 0)
6557				    header->dev_specific |= 0x80; /* WP */
6558		}
6559		if (dbd)
6560			scsi_ulto2b(0, header->block_descr_len);
6561		else
6562			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6563				    header->block_descr_len);
6564		block_desc = (struct scsi_mode_block_descr *)&header[1];
6565		break;
6566	}
6567	default:
6568		panic("invalid CDB type %#x", ctsio->cdb[0]);
6569		break; /* NOTREACHED */
6570	}
6571
6572	/*
6573	 * If we've got a disk, use its blocksize in the block
6574	 * descriptor.  Otherwise, just set it to 0.
6575	 */
6576	if (dbd == 0) {
6577		if (control_dev == 0)
6578			scsi_ulto3b(lun->be_lun->blocksize,
6579				    block_desc->block_len);
6580		else
6581			scsi_ulto3b(0, block_desc->block_len);
6582	}
6583
6584	switch (page_code) {
6585	case SMS_ALL_PAGES_PAGE: {
6586		int i, data_used;
6587
6588		data_used = header_len;
6589		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6590			struct ctl_page_index *page_index;
6591
6592			page_index = &lun->mode_pages.index[i];
6593
6594			if ((control_dev != 0)
6595			 && (page_index->page_flags &
6596			    CTL_PAGE_FLAG_DISK_ONLY))
6597				continue;
6598
6599			/*
6600			 * We don't use this subpage if the user didn't
6601			 * request all subpages.  We already checked (above)
6602			 * to make sure the user only specified a subpage
6603			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6604			 */
6605			if ((page_index->subpage != 0)
6606			 && (subpage == SMS_SUBPAGE_PAGE_0))
6607				continue;
6608
6609			/*
6610			 * Call the handler, if it exists, to update the
6611			 * page to the latest values.
6612			 */
6613			if (page_index->sense_handler != NULL)
6614				page_index->sense_handler(ctsio, page_index,pc);
6615
6616			memcpy(ctsio->kern_data_ptr + data_used,
6617			       page_index->page_data +
6618			       (page_index->page_len * pc),
6619			       page_index->page_len);
6620			data_used += page_index->page_len;
6621		}
6622		break;
6623	}
6624	default: {
6625		int i, data_used;
6626
6627		data_used = header_len;
6628
6629		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6630			struct ctl_page_index *page_index;
6631
6632			page_index = &lun->mode_pages.index[i];
6633
6634			/* Look for the right page code */
6635			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6636				continue;
6637
6638			/* Look for the right subpage or the subpage wildcard*/
6639			if ((page_index->subpage != subpage)
6640			 && (subpage != SMS_SUBPAGE_ALL))
6641				continue;
6642
6643			/* Make sure the page is supported for this dev type */
6644			if ((control_dev != 0)
6645			 && (page_index->page_flags &
6646			     CTL_PAGE_FLAG_DISK_ONLY))
6647				continue;
6648
6649			/*
6650			 * Call the handler, if it exists, to update the
6651			 * page to the latest values.
6652			 */
6653			if (page_index->sense_handler != NULL)
6654				page_index->sense_handler(ctsio, page_index,pc);
6655
6656			memcpy(ctsio->kern_data_ptr + data_used,
6657			       page_index->page_data +
6658			       (page_index->page_len * pc),
6659			       page_index->page_len);
6660			data_used += page_index->page_len;
6661		}
6662		break;
6663	}
6664	}
6665
6666	ctl_set_success(ctsio);
6667	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6668	ctsio->be_move_done = ctl_config_move_done;
6669	ctl_datamove((union ctl_io *)ctsio);
6670	return (CTL_RETVAL_COMPLETE);
6671}
6672
6673int
6674ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6675			       struct ctl_page_index *page_index,
6676			       int pc)
6677{
6678	struct ctl_lun *lun;
6679	struct scsi_log_param_header *phdr;
6680	uint8_t *data;
6681	uint64_t val;
6682
6683	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6684	data = page_index->page_data;
6685
6686	if (lun->backend->lun_attr != NULL &&
6687	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6688	     != UINT64_MAX) {
6689		phdr = (struct scsi_log_param_header *)data;
6690		scsi_ulto2b(0x0001, phdr->param_code);
6691		phdr->param_control = SLP_LBIN | SLP_LP;
6692		phdr->param_len = 8;
6693		data = (uint8_t *)(phdr + 1);
6694		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6695		data[4] = 0x02; /* per-pool */
6696		data += phdr->param_len;
6697	}
6698
6699	if (lun->backend->lun_attr != NULL &&
6700	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6701	     != UINT64_MAX) {
6702		phdr = (struct scsi_log_param_header *)data;
6703		scsi_ulto2b(0x0002, phdr->param_code);
6704		phdr->param_control = SLP_LBIN | SLP_LP;
6705		phdr->param_len = 8;
6706		data = (uint8_t *)(phdr + 1);
6707		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6708		data[4] = 0x01; /* per-LUN */
6709		data += phdr->param_len;
6710	}
6711
6712	if (lun->backend->lun_attr != NULL &&
6713	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6714	     != UINT64_MAX) {
6715		phdr = (struct scsi_log_param_header *)data;
6716		scsi_ulto2b(0x00f1, phdr->param_code);
6717		phdr->param_control = SLP_LBIN | SLP_LP;
6718		phdr->param_len = 8;
6719		data = (uint8_t *)(phdr + 1);
6720		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6721		data[4] = 0x02; /* per-pool */
6722		data += phdr->param_len;
6723	}
6724
6725	if (lun->backend->lun_attr != NULL &&
6726	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6727	     != UINT64_MAX) {
6728		phdr = (struct scsi_log_param_header *)data;
6729		scsi_ulto2b(0x00f2, phdr->param_code);
6730		phdr->param_control = SLP_LBIN | SLP_LP;
6731		phdr->param_len = 8;
6732		data = (uint8_t *)(phdr + 1);
6733		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6734		data[4] = 0x02; /* per-pool */
6735		data += phdr->param_len;
6736	}
6737
6738	page_index->page_len = data - page_index->page_data;
6739	return (0);
6740}
6741
6742int
6743ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6744			       struct ctl_page_index *page_index,
6745			       int pc)
6746{
6747	struct ctl_lun *lun;
6748	struct stat_page *data;
6749	uint64_t rn, wn, rb, wb;
6750	struct bintime rt, wt;
6751	int i;
6752
6753	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6754	data = (struct stat_page *)page_index->page_data;
6755
6756	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6757	data->sap.hdr.param_control = SLP_LBIN;
6758	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6759	    sizeof(struct scsi_log_param_header);
6760	rn = wn = rb = wb = 0;
6761	bintime_clear(&rt);
6762	bintime_clear(&wt);
6763	for (i = 0; i < CTL_MAX_PORTS; i++) {
6764		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6765		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6766		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6767		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6768		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6769		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6770	}
6771	scsi_u64to8b(rn, data->sap.read_num);
6772	scsi_u64to8b(wn, data->sap.write_num);
6773	if (lun->stats.blocksize > 0) {
6774		scsi_u64to8b(wb / lun->stats.blocksize,
6775		    data->sap.recvieved_lba);
6776		scsi_u64to8b(rb / lun->stats.blocksize,
6777		    data->sap.transmitted_lba);
6778	}
6779	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6780	    data->sap.read_int);
6781	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6782	    data->sap.write_int);
6783	scsi_u64to8b(0, data->sap.weighted_num);
6784	scsi_u64to8b(0, data->sap.weighted_int);
6785	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6786	data->it.hdr.param_control = SLP_LBIN;
6787	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6788	    sizeof(struct scsi_log_param_header);
6789#ifdef CTL_TIME_IO
6790	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6791#endif
6792	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6793	data->it.hdr.param_control = SLP_LBIN;
6794	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6795	    sizeof(struct scsi_log_param_header);
6796	scsi_ulto4b(3, data->ti.exponent);
6797	scsi_ulto4b(1, data->ti.integer);
6798
6799	page_index->page_len = sizeof(*data);
6800	return (0);
6801}
6802
6803int
6804ctl_log_sense(struct ctl_scsiio *ctsio)
6805{
6806	struct ctl_lun *lun;
6807	int i, pc, page_code, subpage;
6808	int alloc_len, total_len;
6809	struct ctl_page_index *page_index;
6810	struct scsi_log_sense *cdb;
6811	struct scsi_log_header *header;
6812
6813	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6814
6815	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6816	cdb = (struct scsi_log_sense *)ctsio->cdb;
6817	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6818	page_code = cdb->page & SLS_PAGE_CODE;
6819	subpage = cdb->subpage;
6820	alloc_len = scsi_2btoul(cdb->length);
6821
6822	page_index = NULL;
6823	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6824		page_index = &lun->log_pages.index[i];
6825
6826		/* Look for the right page code */
6827		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6828			continue;
6829
6830		/* Look for the right subpage or the subpage wildcard*/
6831		if (page_index->subpage != subpage)
6832			continue;
6833
6834		break;
6835	}
6836	if (i >= CTL_NUM_LOG_PAGES) {
6837		ctl_set_invalid_field(ctsio,
6838				      /*sks_valid*/ 1,
6839				      /*command*/ 1,
6840				      /*field*/ 2,
6841				      /*bit_valid*/ 0,
6842				      /*bit*/ 0);
6843		ctl_done((union ctl_io *)ctsio);
6844		return (CTL_RETVAL_COMPLETE);
6845	}
6846
6847	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6848
6849	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6850	ctsio->kern_sg_entries = 0;
6851	ctsio->kern_data_resid = 0;
6852	ctsio->kern_rel_offset = 0;
6853	if (total_len < alloc_len) {
6854		ctsio->residual = alloc_len - total_len;
6855		ctsio->kern_data_len = total_len;
6856		ctsio->kern_total_len = total_len;
6857	} else {
6858		ctsio->residual = 0;
6859		ctsio->kern_data_len = alloc_len;
6860		ctsio->kern_total_len = alloc_len;
6861	}
6862
6863	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6864	header->page = page_index->page_code;
6865	if (page_index->subpage) {
6866		header->page |= SL_SPF;
6867		header->subpage = page_index->subpage;
6868	}
6869	scsi_ulto2b(page_index->page_len, header->datalen);
6870
6871	/*
6872	 * Call the handler, if it exists, to update the
6873	 * page to the latest values.
6874	 */
6875	if (page_index->sense_handler != NULL)
6876		page_index->sense_handler(ctsio, page_index, pc);
6877
6878	memcpy(header + 1, page_index->page_data, page_index->page_len);
6879
6880	ctl_set_success(ctsio);
6881	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6882	ctsio->be_move_done = ctl_config_move_done;
6883	ctl_datamove((union ctl_io *)ctsio);
6884	return (CTL_RETVAL_COMPLETE);
6885}
6886
6887int
6888ctl_read_capacity(struct ctl_scsiio *ctsio)
6889{
6890	struct scsi_read_capacity *cdb;
6891	struct scsi_read_capacity_data *data;
6892	struct ctl_lun *lun;
6893	uint32_t lba;
6894
6895	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6896
6897	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6898
6899	lba = scsi_4btoul(cdb->addr);
6900	if (((cdb->pmi & SRC_PMI) == 0)
6901	 && (lba != 0)) {
6902		ctl_set_invalid_field(/*ctsio*/ ctsio,
6903				      /*sks_valid*/ 1,
6904				      /*command*/ 1,
6905				      /*field*/ 2,
6906				      /*bit_valid*/ 0,
6907				      /*bit*/ 0);
6908		ctl_done((union ctl_io *)ctsio);
6909		return (CTL_RETVAL_COMPLETE);
6910	}
6911
6912	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6913
6914	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6915	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6916	ctsio->residual = 0;
6917	ctsio->kern_data_len = sizeof(*data);
6918	ctsio->kern_total_len = sizeof(*data);
6919	ctsio->kern_data_resid = 0;
6920	ctsio->kern_rel_offset = 0;
6921	ctsio->kern_sg_entries = 0;
6922
6923	/*
6924	 * If the maximum LBA is greater than 0xfffffffe, the user must
6925	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6926	 * serivce action set.
6927	 */
6928	if (lun->be_lun->maxlba > 0xfffffffe)
6929		scsi_ulto4b(0xffffffff, data->addr);
6930	else
6931		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6932
6933	/*
6934	 * XXX KDM this may not be 512 bytes...
6935	 */
6936	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6937
6938	ctl_set_success(ctsio);
6939	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6940	ctsio->be_move_done = ctl_config_move_done;
6941	ctl_datamove((union ctl_io *)ctsio);
6942	return (CTL_RETVAL_COMPLETE);
6943}
6944
6945int
6946ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6947{
6948	struct scsi_read_capacity_16 *cdb;
6949	struct scsi_read_capacity_data_long *data;
6950	struct ctl_lun *lun;
6951	uint64_t lba;
6952	uint32_t alloc_len;
6953
6954	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6955
6956	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6957
6958	alloc_len = scsi_4btoul(cdb->alloc_len);
6959	lba = scsi_8btou64(cdb->addr);
6960
6961	if ((cdb->reladr & SRC16_PMI)
6962	 && (lba != 0)) {
6963		ctl_set_invalid_field(/*ctsio*/ ctsio,
6964				      /*sks_valid*/ 1,
6965				      /*command*/ 1,
6966				      /*field*/ 2,
6967				      /*bit_valid*/ 0,
6968				      /*bit*/ 0);
6969		ctl_done((union ctl_io *)ctsio);
6970		return (CTL_RETVAL_COMPLETE);
6971	}
6972
6973	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6974
6975	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6976	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6977
6978	if (sizeof(*data) < alloc_len) {
6979		ctsio->residual = alloc_len - sizeof(*data);
6980		ctsio->kern_data_len = sizeof(*data);
6981		ctsio->kern_total_len = sizeof(*data);
6982	} else {
6983		ctsio->residual = 0;
6984		ctsio->kern_data_len = alloc_len;
6985		ctsio->kern_total_len = alloc_len;
6986	}
6987	ctsio->kern_data_resid = 0;
6988	ctsio->kern_rel_offset = 0;
6989	ctsio->kern_sg_entries = 0;
6990
6991	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6992	/* XXX KDM this may not be 512 bytes... */
6993	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6994	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6995	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6996	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6997		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6998
6999	ctl_set_success(ctsio);
7000	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7001	ctsio->be_move_done = ctl_config_move_done;
7002	ctl_datamove((union ctl_io *)ctsio);
7003	return (CTL_RETVAL_COMPLETE);
7004}
7005
7006int
7007ctl_get_lba_status(struct ctl_scsiio *ctsio)
7008{
7009	struct scsi_get_lba_status *cdb;
7010	struct scsi_get_lba_status_data *data;
7011	struct ctl_lun *lun;
7012	struct ctl_lba_len_flags *lbalen;
7013	uint64_t lba;
7014	uint32_t alloc_len, total_len;
7015	int retval;
7016
7017	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7018
7019	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7020	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7021	lba = scsi_8btou64(cdb->addr);
7022	alloc_len = scsi_4btoul(cdb->alloc_len);
7023
7024	if (lba > lun->be_lun->maxlba) {
7025		ctl_set_lba_out_of_range(ctsio);
7026		ctl_done((union ctl_io *)ctsio);
7027		return (CTL_RETVAL_COMPLETE);
7028	}
7029
7030	total_len = sizeof(*data) + sizeof(data->descr[0]);
7031	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7032	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7033
7034	if (total_len < alloc_len) {
7035		ctsio->residual = alloc_len - total_len;
7036		ctsio->kern_data_len = total_len;
7037		ctsio->kern_total_len = total_len;
7038	} else {
7039		ctsio->residual = 0;
7040		ctsio->kern_data_len = alloc_len;
7041		ctsio->kern_total_len = alloc_len;
7042	}
7043	ctsio->kern_data_resid = 0;
7044	ctsio->kern_rel_offset = 0;
7045	ctsio->kern_sg_entries = 0;
7046
7047	/* Fill dummy data in case backend can't tell anything. */
7048	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7049	scsi_u64to8b(lba, data->descr[0].addr);
7050	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7051	    data->descr[0].length);
7052	data->descr[0].status = 0; /* Mapped or unknown. */
7053
7054	ctl_set_success(ctsio);
7055	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7056	ctsio->be_move_done = ctl_config_move_done;
7057
7058	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7059	lbalen->lba = lba;
7060	lbalen->len = total_len;
7061	lbalen->flags = 0;
7062	retval = lun->backend->config_read((union ctl_io *)ctsio);
7063	return (CTL_RETVAL_COMPLETE);
7064}
7065
7066int
7067ctl_read_defect(struct ctl_scsiio *ctsio)
7068{
7069	struct scsi_read_defect_data_10 *ccb10;
7070	struct scsi_read_defect_data_12 *ccb12;
7071	struct scsi_read_defect_data_hdr_10 *data10;
7072	struct scsi_read_defect_data_hdr_12 *data12;
7073	uint32_t alloc_len, data_len;
7074	uint8_t format;
7075
7076	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7077
7078	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7079		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7080		format = ccb10->format;
7081		alloc_len = scsi_2btoul(ccb10->alloc_length);
7082		data_len = sizeof(*data10);
7083	} else {
7084		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7085		format = ccb12->format;
7086		alloc_len = scsi_4btoul(ccb12->alloc_length);
7087		data_len = sizeof(*data12);
7088	}
7089	if (alloc_len == 0) {
7090		ctl_set_success(ctsio);
7091		ctl_done((union ctl_io *)ctsio);
7092		return (CTL_RETVAL_COMPLETE);
7093	}
7094
7095	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7096	if (data_len < alloc_len) {
7097		ctsio->residual = alloc_len - data_len;
7098		ctsio->kern_data_len = data_len;
7099		ctsio->kern_total_len = data_len;
7100	} else {
7101		ctsio->residual = 0;
7102		ctsio->kern_data_len = alloc_len;
7103		ctsio->kern_total_len = alloc_len;
7104	}
7105	ctsio->kern_data_resid = 0;
7106	ctsio->kern_rel_offset = 0;
7107	ctsio->kern_sg_entries = 0;
7108
7109	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7110		data10 = (struct scsi_read_defect_data_hdr_10 *)
7111		    ctsio->kern_data_ptr;
7112		data10->format = format;
7113		scsi_ulto2b(0, data10->length);
7114	} else {
7115		data12 = (struct scsi_read_defect_data_hdr_12 *)
7116		    ctsio->kern_data_ptr;
7117		data12->format = format;
7118		scsi_ulto2b(0, data12->generation);
7119		scsi_ulto4b(0, data12->length);
7120	}
7121
7122	ctl_set_success(ctsio);
7123	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7124	ctsio->be_move_done = ctl_config_move_done;
7125	ctl_datamove((union ctl_io *)ctsio);
7126	return (CTL_RETVAL_COMPLETE);
7127}
7128
7129int
7130ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7131{
7132	struct scsi_maintenance_in *cdb;
7133	int retval;
7134	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7135	int num_target_port_groups, num_target_ports;
7136	struct ctl_lun *lun;
7137	struct ctl_softc *softc;
7138	struct ctl_port *port;
7139	struct scsi_target_group_data *rtg_ptr;
7140	struct scsi_target_group_data_extended *rtg_ext_ptr;
7141	struct scsi_target_port_group_descriptor *tpg_desc;
7142
7143	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7144
7145	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7146	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7147	softc = lun->ctl_softc;
7148
7149	retval = CTL_RETVAL_COMPLETE;
7150
7151	switch (cdb->byte2 & STG_PDF_MASK) {
7152	case STG_PDF_LENGTH:
7153		ext = 0;
7154		break;
7155	case STG_PDF_EXTENDED:
7156		ext = 1;
7157		break;
7158	default:
7159		ctl_set_invalid_field(/*ctsio*/ ctsio,
7160				      /*sks_valid*/ 1,
7161				      /*command*/ 1,
7162				      /*field*/ 2,
7163				      /*bit_valid*/ 1,
7164				      /*bit*/ 5);
7165		ctl_done((union ctl_io *)ctsio);
7166		return(retval);
7167	}
7168
7169	if (softc->is_single)
7170		num_target_port_groups = 1;
7171	else
7172		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7173	num_target_ports = 0;
7174	mtx_lock(&softc->ctl_lock);
7175	STAILQ_FOREACH(port, &softc->port_list, links) {
7176		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7177			continue;
7178		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7179			continue;
7180		num_target_ports++;
7181	}
7182	mtx_unlock(&softc->ctl_lock);
7183
7184	if (ext)
7185		total_len = sizeof(struct scsi_target_group_data_extended);
7186	else
7187		total_len = sizeof(struct scsi_target_group_data);
7188	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7189		num_target_port_groups +
7190	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7191
7192	alloc_len = scsi_4btoul(cdb->length);
7193
7194	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7195
7196	ctsio->kern_sg_entries = 0;
7197
7198	if (total_len < alloc_len) {
7199		ctsio->residual = alloc_len - total_len;
7200		ctsio->kern_data_len = total_len;
7201		ctsio->kern_total_len = total_len;
7202	} else {
7203		ctsio->residual = 0;
7204		ctsio->kern_data_len = alloc_len;
7205		ctsio->kern_total_len = alloc_len;
7206	}
7207	ctsio->kern_data_resid = 0;
7208	ctsio->kern_rel_offset = 0;
7209
7210	if (ext) {
7211		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7212		    ctsio->kern_data_ptr;
7213		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7214		rtg_ext_ptr->format_type = 0x10;
7215		rtg_ext_ptr->implicit_transition_time = 0;
7216		tpg_desc = &rtg_ext_ptr->groups[0];
7217	} else {
7218		rtg_ptr = (struct scsi_target_group_data *)
7219		    ctsio->kern_data_ptr;
7220		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7221		tpg_desc = &rtg_ptr->groups[0];
7222	}
7223
7224	mtx_lock(&softc->ctl_lock);
7225	pg = softc->port_min / softc->port_cnt;
7226	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7227		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7228	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7229		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7230	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7231		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7232	else
7233		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7234	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7235		os = gs;
7236		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7237	} else
7238		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7239	for (g = 0; g < num_target_port_groups; g++) {
7240		tpg_desc->pref_state = (g == pg) ? gs : os;
7241		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7242		    TPG_U_SUP | TPG_T_SUP;
7243		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7244		tpg_desc->status = TPG_IMPLICIT;
7245		pc = 0;
7246		STAILQ_FOREACH(port, &softc->port_list, links) {
7247			if (port->targ_port < g * softc->port_cnt ||
7248			    port->targ_port >= (g + 1) * softc->port_cnt)
7249				continue;
7250			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7251				continue;
7252			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7253				continue;
7254			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7255			    relative_target_port_identifier);
7256			pc++;
7257		}
7258		tpg_desc->target_port_count = pc;
7259		tpg_desc = (struct scsi_target_port_group_descriptor *)
7260		    &tpg_desc->descriptors[pc];
7261	}
7262	mtx_unlock(&softc->ctl_lock);
7263
7264	ctl_set_success(ctsio);
7265	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7266	ctsio->be_move_done = ctl_config_move_done;
7267	ctl_datamove((union ctl_io *)ctsio);
7268	return(retval);
7269}
7270
7271int
7272ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7273{
7274	struct ctl_lun *lun;
7275	struct scsi_report_supported_opcodes *cdb;
7276	const struct ctl_cmd_entry *entry, *sentry;
7277	struct scsi_report_supported_opcodes_all *all;
7278	struct scsi_report_supported_opcodes_descr *descr;
7279	struct scsi_report_supported_opcodes_one *one;
7280	int retval;
7281	int alloc_len, total_len;
7282	int opcode, service_action, i, j, num;
7283
7284	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7285
7286	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7287	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7288
7289	retval = CTL_RETVAL_COMPLETE;
7290
7291	opcode = cdb->requested_opcode;
7292	service_action = scsi_2btoul(cdb->requested_service_action);
7293	switch (cdb->options & RSO_OPTIONS_MASK) {
7294	case RSO_OPTIONS_ALL:
7295		num = 0;
7296		for (i = 0; i < 256; i++) {
7297			entry = &ctl_cmd_table[i];
7298			if (entry->flags & CTL_CMD_FLAG_SA5) {
7299				for (j = 0; j < 32; j++) {
7300					sentry = &((const struct ctl_cmd_entry *)
7301					    entry->execute)[j];
7302					if (ctl_cmd_applicable(
7303					    lun->be_lun->lun_type, sentry))
7304						num++;
7305				}
7306			} else {
7307				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7308				    entry))
7309					num++;
7310			}
7311		}
7312		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7313		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7314		break;
7315	case RSO_OPTIONS_OC:
7316		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7317			ctl_set_invalid_field(/*ctsio*/ ctsio,
7318					      /*sks_valid*/ 1,
7319					      /*command*/ 1,
7320					      /*field*/ 2,
7321					      /*bit_valid*/ 1,
7322					      /*bit*/ 2);
7323			ctl_done((union ctl_io *)ctsio);
7324			return (CTL_RETVAL_COMPLETE);
7325		}
7326		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7327		break;
7328	case RSO_OPTIONS_OC_SA:
7329		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7330		    service_action >= 32) {
7331			ctl_set_invalid_field(/*ctsio*/ ctsio,
7332					      /*sks_valid*/ 1,
7333					      /*command*/ 1,
7334					      /*field*/ 2,
7335					      /*bit_valid*/ 1,
7336					      /*bit*/ 2);
7337			ctl_done((union ctl_io *)ctsio);
7338			return (CTL_RETVAL_COMPLETE);
7339		}
7340		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7341		break;
7342	default:
7343		ctl_set_invalid_field(/*ctsio*/ ctsio,
7344				      /*sks_valid*/ 1,
7345				      /*command*/ 1,
7346				      /*field*/ 2,
7347				      /*bit_valid*/ 1,
7348				      /*bit*/ 2);
7349		ctl_done((union ctl_io *)ctsio);
7350		return (CTL_RETVAL_COMPLETE);
7351	}
7352
7353	alloc_len = scsi_4btoul(cdb->length);
7354
7355	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7356
7357	ctsio->kern_sg_entries = 0;
7358
7359	if (total_len < alloc_len) {
7360		ctsio->residual = alloc_len - total_len;
7361		ctsio->kern_data_len = total_len;
7362		ctsio->kern_total_len = total_len;
7363	} else {
7364		ctsio->residual = 0;
7365		ctsio->kern_data_len = alloc_len;
7366		ctsio->kern_total_len = alloc_len;
7367	}
7368	ctsio->kern_data_resid = 0;
7369	ctsio->kern_rel_offset = 0;
7370
7371	switch (cdb->options & RSO_OPTIONS_MASK) {
7372	case RSO_OPTIONS_ALL:
7373		all = (struct scsi_report_supported_opcodes_all *)
7374		    ctsio->kern_data_ptr;
7375		num = 0;
7376		for (i = 0; i < 256; i++) {
7377			entry = &ctl_cmd_table[i];
7378			if (entry->flags & CTL_CMD_FLAG_SA5) {
7379				for (j = 0; j < 32; j++) {
7380					sentry = &((const struct ctl_cmd_entry *)
7381					    entry->execute)[j];
7382					if (!ctl_cmd_applicable(
7383					    lun->be_lun->lun_type, sentry))
7384						continue;
7385					descr = &all->descr[num++];
7386					descr->opcode = i;
7387					scsi_ulto2b(j, descr->service_action);
7388					descr->flags = RSO_SERVACTV;
7389					scsi_ulto2b(sentry->length,
7390					    descr->cdb_length);
7391				}
7392			} else {
7393				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7394				    entry))
7395					continue;
7396				descr = &all->descr[num++];
7397				descr->opcode = i;
7398				scsi_ulto2b(0, descr->service_action);
7399				descr->flags = 0;
7400				scsi_ulto2b(entry->length, descr->cdb_length);
7401			}
7402		}
7403		scsi_ulto4b(
7404		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7405		    all->length);
7406		break;
7407	case RSO_OPTIONS_OC:
7408		one = (struct scsi_report_supported_opcodes_one *)
7409		    ctsio->kern_data_ptr;
7410		entry = &ctl_cmd_table[opcode];
7411		goto fill_one;
7412	case RSO_OPTIONS_OC_SA:
7413		one = (struct scsi_report_supported_opcodes_one *)
7414		    ctsio->kern_data_ptr;
7415		entry = &ctl_cmd_table[opcode];
7416		entry = &((const struct ctl_cmd_entry *)
7417		    entry->execute)[service_action];
7418fill_one:
7419		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7420			one->support = 3;
7421			scsi_ulto2b(entry->length, one->cdb_length);
7422			one->cdb_usage[0] = opcode;
7423			memcpy(&one->cdb_usage[1], entry->usage,
7424			    entry->length - 1);
7425		} else
7426			one->support = 1;
7427		break;
7428	}
7429
7430	ctl_set_success(ctsio);
7431	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7432	ctsio->be_move_done = ctl_config_move_done;
7433	ctl_datamove((union ctl_io *)ctsio);
7434	return(retval);
7435}
7436
7437int
7438ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7439{
7440	struct scsi_report_supported_tmf *cdb;
7441	struct scsi_report_supported_tmf_data *data;
7442	int retval;
7443	int alloc_len, total_len;
7444
7445	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7446
7447	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7448
7449	retval = CTL_RETVAL_COMPLETE;
7450
7451	total_len = sizeof(struct scsi_report_supported_tmf_data);
7452	alloc_len = scsi_4btoul(cdb->length);
7453
7454	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7455
7456	ctsio->kern_sg_entries = 0;
7457
7458	if (total_len < alloc_len) {
7459		ctsio->residual = alloc_len - total_len;
7460		ctsio->kern_data_len = total_len;
7461		ctsio->kern_total_len = total_len;
7462	} else {
7463		ctsio->residual = 0;
7464		ctsio->kern_data_len = alloc_len;
7465		ctsio->kern_total_len = alloc_len;
7466	}
7467	ctsio->kern_data_resid = 0;
7468	ctsio->kern_rel_offset = 0;
7469
7470	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7471	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7472	    RST_TRS;
7473	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7474
7475	ctl_set_success(ctsio);
7476	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7477	ctsio->be_move_done = ctl_config_move_done;
7478	ctl_datamove((union ctl_io *)ctsio);
7479	return (retval);
7480}
7481
7482int
7483ctl_report_timestamp(struct ctl_scsiio *ctsio)
7484{
7485	struct scsi_report_timestamp *cdb;
7486	struct scsi_report_timestamp_data *data;
7487	struct timeval tv;
7488	int64_t timestamp;
7489	int retval;
7490	int alloc_len, total_len;
7491
7492	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7493
7494	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7495
7496	retval = CTL_RETVAL_COMPLETE;
7497
7498	total_len = sizeof(struct scsi_report_timestamp_data);
7499	alloc_len = scsi_4btoul(cdb->length);
7500
7501	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7502
7503	ctsio->kern_sg_entries = 0;
7504
7505	if (total_len < alloc_len) {
7506		ctsio->residual = alloc_len - total_len;
7507		ctsio->kern_data_len = total_len;
7508		ctsio->kern_total_len = total_len;
7509	} else {
7510		ctsio->residual = 0;
7511		ctsio->kern_data_len = alloc_len;
7512		ctsio->kern_total_len = alloc_len;
7513	}
7514	ctsio->kern_data_resid = 0;
7515	ctsio->kern_rel_offset = 0;
7516
7517	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7518	scsi_ulto2b(sizeof(*data) - 2, data->length);
7519	data->origin = RTS_ORIG_OUTSIDE;
7520	getmicrotime(&tv);
7521	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7522	scsi_ulto4b(timestamp >> 16, data->timestamp);
7523	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7524
7525	ctl_set_success(ctsio);
7526	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7527	ctsio->be_move_done = ctl_config_move_done;
7528	ctl_datamove((union ctl_io *)ctsio);
7529	return (retval);
7530}
7531
7532int
7533ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7534{
7535	struct scsi_per_res_in *cdb;
7536	int alloc_len, total_len = 0;
7537	/* struct scsi_per_res_in_rsrv in_data; */
7538	struct ctl_lun *lun;
7539	struct ctl_softc *softc;
7540	uint64_t key;
7541
7542	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7543
7544	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7545
7546	alloc_len = scsi_2btoul(cdb->length);
7547
7548	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7549	softc = lun->ctl_softc;
7550
7551retry:
7552	mtx_lock(&lun->lun_lock);
7553	switch (cdb->action) {
7554	case SPRI_RK: /* read keys */
7555		total_len = sizeof(struct scsi_per_res_in_keys) +
7556			lun->pr_key_count *
7557			sizeof(struct scsi_per_res_key);
7558		break;
7559	case SPRI_RR: /* read reservation */
7560		if (lun->flags & CTL_LUN_PR_RESERVED)
7561			total_len = sizeof(struct scsi_per_res_in_rsrv);
7562		else
7563			total_len = sizeof(struct scsi_per_res_in_header);
7564		break;
7565	case SPRI_RC: /* report capabilities */
7566		total_len = sizeof(struct scsi_per_res_cap);
7567		break;
7568	case SPRI_RS: /* read full status */
7569		total_len = sizeof(struct scsi_per_res_in_header) +
7570		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7571		    lun->pr_key_count;
7572		break;
7573	default:
7574		panic("Invalid PR type %x", cdb->action);
7575	}
7576	mtx_unlock(&lun->lun_lock);
7577
7578	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7579
7580	if (total_len < alloc_len) {
7581		ctsio->residual = alloc_len - total_len;
7582		ctsio->kern_data_len = total_len;
7583		ctsio->kern_total_len = total_len;
7584	} else {
7585		ctsio->residual = 0;
7586		ctsio->kern_data_len = alloc_len;
7587		ctsio->kern_total_len = alloc_len;
7588	}
7589
7590	ctsio->kern_data_resid = 0;
7591	ctsio->kern_rel_offset = 0;
7592	ctsio->kern_sg_entries = 0;
7593
7594	mtx_lock(&lun->lun_lock);
7595	switch (cdb->action) {
7596	case SPRI_RK: { // read keys
7597        struct scsi_per_res_in_keys *res_keys;
7598		int i, key_count;
7599
7600		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7601
7602		/*
7603		 * We had to drop the lock to allocate our buffer, which
7604		 * leaves time for someone to come in with another
7605		 * persistent reservation.  (That is unlikely, though,
7606		 * since this should be the only persistent reservation
7607		 * command active right now.)
7608		 */
7609		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7610		    (lun->pr_key_count *
7611		     sizeof(struct scsi_per_res_key)))){
7612			mtx_unlock(&lun->lun_lock);
7613			free(ctsio->kern_data_ptr, M_CTL);
7614			printf("%s: reservation length changed, retrying\n",
7615			       __func__);
7616			goto retry;
7617		}
7618
7619		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7620
7621		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7622			     lun->pr_key_count, res_keys->header.length);
7623
7624		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7625			if ((key = ctl_get_prkey(lun, i)) == 0)
7626				continue;
7627
7628			/*
7629			 * We used lun->pr_key_count to calculate the
7630			 * size to allocate.  If it turns out the number of
7631			 * initiators with the registered flag set is
7632			 * larger than that (i.e. they haven't been kept in
7633			 * sync), we've got a problem.
7634			 */
7635			if (key_count >= lun->pr_key_count) {
7636#ifdef NEEDTOPORT
7637				csevent_log(CSC_CTL | CSC_SHELF_SW |
7638					    CTL_PR_ERROR,
7639					    csevent_LogType_Fault,
7640					    csevent_AlertLevel_Yellow,
7641					    csevent_FRU_ShelfController,
7642					    csevent_FRU_Firmware,
7643				        csevent_FRU_Unknown,
7644					    "registered keys %d >= key "
7645					    "count %d", key_count,
7646					    lun->pr_key_count);
7647#endif
7648				key_count++;
7649				continue;
7650			}
7651			scsi_u64to8b(key, res_keys->keys[key_count].key);
7652			key_count++;
7653		}
7654		break;
7655	}
7656	case SPRI_RR: { // read reservation
7657		struct scsi_per_res_in_rsrv *res;
7658		int tmp_len, header_only;
7659
7660		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7661
7662		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7663
7664		if (lun->flags & CTL_LUN_PR_RESERVED)
7665		{
7666			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7667			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7668				    res->header.length);
7669			header_only = 0;
7670		} else {
7671			tmp_len = sizeof(struct scsi_per_res_in_header);
7672			scsi_ulto4b(0, res->header.length);
7673			header_only = 1;
7674		}
7675
7676		/*
7677		 * We had to drop the lock to allocate our buffer, which
7678		 * leaves time for someone to come in with another
7679		 * persistent reservation.  (That is unlikely, though,
7680		 * since this should be the only persistent reservation
7681		 * command active right now.)
7682		 */
7683		if (tmp_len != total_len) {
7684			mtx_unlock(&lun->lun_lock);
7685			free(ctsio->kern_data_ptr, M_CTL);
7686			printf("%s: reservation status changed, retrying\n",
7687			       __func__);
7688			goto retry;
7689		}
7690
7691		/*
7692		 * No reservation held, so we're done.
7693		 */
7694		if (header_only != 0)
7695			break;
7696
7697		/*
7698		 * If the registration is an All Registrants type, the key
7699		 * is 0, since it doesn't really matter.
7700		 */
7701		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7702			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7703			    res->data.reservation);
7704		}
7705		res->data.scopetype = lun->res_type;
7706		break;
7707	}
7708	case SPRI_RC:     //report capabilities
7709	{
7710		struct scsi_per_res_cap *res_cap;
7711		uint16_t type_mask;
7712
7713		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7714		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7715		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7716		type_mask = SPRI_TM_WR_EX_AR |
7717			    SPRI_TM_EX_AC_RO |
7718			    SPRI_TM_WR_EX_RO |
7719			    SPRI_TM_EX_AC |
7720			    SPRI_TM_WR_EX |
7721			    SPRI_TM_EX_AC_AR;
7722		scsi_ulto2b(type_mask, res_cap->type_mask);
7723		break;
7724	}
7725	case SPRI_RS: { // read full status
7726		struct scsi_per_res_in_full *res_status;
7727		struct scsi_per_res_in_full_desc *res_desc;
7728		struct ctl_port *port;
7729		int i, len;
7730
7731		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7732
7733		/*
7734		 * We had to drop the lock to allocate our buffer, which
7735		 * leaves time for someone to come in with another
7736		 * persistent reservation.  (That is unlikely, though,
7737		 * since this should be the only persistent reservation
7738		 * command active right now.)
7739		 */
7740		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7741		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7742		     lun->pr_key_count)){
7743			mtx_unlock(&lun->lun_lock);
7744			free(ctsio->kern_data_ptr, M_CTL);
7745			printf("%s: reservation length changed, retrying\n",
7746			       __func__);
7747			goto retry;
7748		}
7749
7750		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7751
7752		res_desc = &res_status->desc[0];
7753		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7754			if ((key = ctl_get_prkey(lun, i)) == 0)
7755				continue;
7756
7757			scsi_u64to8b(key, res_desc->res_key.key);
7758			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7759			    (lun->pr_res_idx == i ||
7760			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7761				res_desc->flags = SPRI_FULL_R_HOLDER;
7762				res_desc->scopetype = lun->res_type;
7763			}
7764			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7765			    res_desc->rel_trgt_port_id);
7766			len = 0;
7767			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7768			if (port != NULL)
7769				len = ctl_create_iid(port,
7770				    i % CTL_MAX_INIT_PER_PORT,
7771				    res_desc->transport_id);
7772			scsi_ulto4b(len, res_desc->additional_length);
7773			res_desc = (struct scsi_per_res_in_full_desc *)
7774			    &res_desc->transport_id[len];
7775		}
7776		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7777		    res_status->header.length);
7778		break;
7779	}
7780	default:
7781		/*
7782		 * This is a bug, because we just checked for this above,
7783		 * and should have returned an error.
7784		 */
7785		panic("Invalid PR type %x", cdb->action);
7786		break; /* NOTREACHED */
7787	}
7788	mtx_unlock(&lun->lun_lock);
7789
7790	ctl_set_success(ctsio);
7791	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7792	ctsio->be_move_done = ctl_config_move_done;
7793	ctl_datamove((union ctl_io *)ctsio);
7794	return (CTL_RETVAL_COMPLETE);
7795}
7796
7797/*
7798 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7799 * it should return.
7800 */
7801static int
7802ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7803		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7804		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7805		struct scsi_per_res_out_parms* param)
7806{
7807	union ctl_ha_msg persis_io;
7808	int i;
7809
7810	mtx_lock(&lun->lun_lock);
7811	if (sa_res_key == 0) {
7812		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7813			/* validate scope and type */
7814			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7815			     SPR_LU_SCOPE) {
7816				mtx_unlock(&lun->lun_lock);
7817				ctl_set_invalid_field(/*ctsio*/ ctsio,
7818						      /*sks_valid*/ 1,
7819						      /*command*/ 1,
7820						      /*field*/ 2,
7821						      /*bit_valid*/ 1,
7822						      /*bit*/ 4);
7823				ctl_done((union ctl_io *)ctsio);
7824				return (1);
7825			}
7826
7827		        if (type>8 || type==2 || type==4 || type==0) {
7828				mtx_unlock(&lun->lun_lock);
7829				ctl_set_invalid_field(/*ctsio*/ ctsio,
7830       	           				      /*sks_valid*/ 1,
7831						      /*command*/ 1,
7832						      /*field*/ 2,
7833						      /*bit_valid*/ 1,
7834						      /*bit*/ 0);
7835				ctl_done((union ctl_io *)ctsio);
7836				return (1);
7837		        }
7838
7839			/*
7840			 * Unregister everybody else and build UA for
7841			 * them
7842			 */
7843			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7844				if (i == residx || ctl_get_prkey(lun, i) == 0)
7845					continue;
7846
7847				ctl_clr_prkey(lun, i);
7848				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7849			}
7850			lun->pr_key_count = 1;
7851			lun->res_type = type;
7852			if (lun->res_type != SPR_TYPE_WR_EX_AR
7853			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7854				lun->pr_res_idx = residx;
7855			lun->PRGeneration++;
7856			mtx_unlock(&lun->lun_lock);
7857
7858			/* send msg to other side */
7859			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7860			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7861			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7862			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7863			persis_io.pr.pr_info.res_type = type;
7864			memcpy(persis_io.pr.pr_info.sa_res_key,
7865			       param->serv_act_res_key,
7866			       sizeof(param->serv_act_res_key));
7867			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7868			    sizeof(persis_io.pr), M_WAITOK);
7869		} else {
7870			/* not all registrants */
7871			mtx_unlock(&lun->lun_lock);
7872			free(ctsio->kern_data_ptr, M_CTL);
7873			ctl_set_invalid_field(ctsio,
7874					      /*sks_valid*/ 1,
7875					      /*command*/ 0,
7876					      /*field*/ 8,
7877					      /*bit_valid*/ 0,
7878					      /*bit*/ 0);
7879			ctl_done((union ctl_io *)ctsio);
7880			return (1);
7881		}
7882	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7883		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7884		int found = 0;
7885
7886		if (res_key == sa_res_key) {
7887			/* special case */
7888			/*
7889			 * The spec implies this is not good but doesn't
7890			 * say what to do. There are two choices either
7891			 * generate a res conflict or check condition
7892			 * with illegal field in parameter data. Since
7893			 * that is what is done when the sa_res_key is
7894			 * zero I'll take that approach since this has
7895			 * to do with the sa_res_key.
7896			 */
7897			mtx_unlock(&lun->lun_lock);
7898			free(ctsio->kern_data_ptr, M_CTL);
7899			ctl_set_invalid_field(ctsio,
7900					      /*sks_valid*/ 1,
7901					      /*command*/ 0,
7902					      /*field*/ 8,
7903					      /*bit_valid*/ 0,
7904					      /*bit*/ 0);
7905			ctl_done((union ctl_io *)ctsio);
7906			return (1);
7907		}
7908
7909		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7910			if (ctl_get_prkey(lun, i) != sa_res_key)
7911				continue;
7912
7913			found = 1;
7914			ctl_clr_prkey(lun, i);
7915			lun->pr_key_count--;
7916			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7917		}
7918		if (!found) {
7919			mtx_unlock(&lun->lun_lock);
7920			free(ctsio->kern_data_ptr, M_CTL);
7921			ctl_set_reservation_conflict(ctsio);
7922			ctl_done((union ctl_io *)ctsio);
7923			return (CTL_RETVAL_COMPLETE);
7924		}
7925		lun->PRGeneration++;
7926		mtx_unlock(&lun->lun_lock);
7927
7928		/* send msg to other side */
7929		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7930		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7931		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7932		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7933		persis_io.pr.pr_info.res_type = type;
7934		memcpy(persis_io.pr.pr_info.sa_res_key,
7935		       param->serv_act_res_key,
7936		       sizeof(param->serv_act_res_key));
7937		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7938		    sizeof(persis_io.pr), M_WAITOK);
7939	} else {
7940		/* Reserved but not all registrants */
7941		/* sa_res_key is res holder */
7942		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7943			/* validate scope and type */
7944			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7945			     SPR_LU_SCOPE) {
7946				mtx_unlock(&lun->lun_lock);
7947				ctl_set_invalid_field(/*ctsio*/ ctsio,
7948						      /*sks_valid*/ 1,
7949						      /*command*/ 1,
7950						      /*field*/ 2,
7951						      /*bit_valid*/ 1,
7952						      /*bit*/ 4);
7953				ctl_done((union ctl_io *)ctsio);
7954				return (1);
7955			}
7956
7957			if (type>8 || type==2 || type==4 || type==0) {
7958				mtx_unlock(&lun->lun_lock);
7959				ctl_set_invalid_field(/*ctsio*/ ctsio,
7960						      /*sks_valid*/ 1,
7961						      /*command*/ 1,
7962						      /*field*/ 2,
7963						      /*bit_valid*/ 1,
7964						      /*bit*/ 0);
7965				ctl_done((union ctl_io *)ctsio);
7966				return (1);
7967			}
7968
7969			/*
7970			 * Do the following:
7971			 * if sa_res_key != res_key remove all
7972			 * registrants w/sa_res_key and generate UA
7973			 * for these registrants(Registrations
7974			 * Preempted) if it wasn't an exclusive
7975			 * reservation generate UA(Reservations
7976			 * Preempted) for all other registered nexuses
7977			 * if the type has changed. Establish the new
7978			 * reservation and holder. If res_key and
7979			 * sa_res_key are the same do the above
7980			 * except don't unregister the res holder.
7981			 */
7982
7983			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7984				if (i == residx || ctl_get_prkey(lun, i) == 0)
7985					continue;
7986
7987				if (sa_res_key == ctl_get_prkey(lun, i)) {
7988					ctl_clr_prkey(lun, i);
7989					lun->pr_key_count--;
7990					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7991				} else if (type != lun->res_type
7992					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7993					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7994					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7995				}
7996			}
7997			lun->res_type = type;
7998			if (lun->res_type != SPR_TYPE_WR_EX_AR
7999			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8000				lun->pr_res_idx = residx;
8001			else
8002				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8003			lun->PRGeneration++;
8004			mtx_unlock(&lun->lun_lock);
8005
8006			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8007			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8008			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8009			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8010			persis_io.pr.pr_info.res_type = type;
8011			memcpy(persis_io.pr.pr_info.sa_res_key,
8012			       param->serv_act_res_key,
8013			       sizeof(param->serv_act_res_key));
8014			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8015			    sizeof(persis_io.pr), M_WAITOK);
8016		} else {
8017			/*
8018			 * sa_res_key is not the res holder just
8019			 * remove registrants
8020			 */
8021			int found=0;
8022
8023			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8024				if (sa_res_key != ctl_get_prkey(lun, i))
8025					continue;
8026
8027				found = 1;
8028				ctl_clr_prkey(lun, i);
8029				lun->pr_key_count--;
8030				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8031			}
8032
8033			if (!found) {
8034				mtx_unlock(&lun->lun_lock);
8035				free(ctsio->kern_data_ptr, M_CTL);
8036				ctl_set_reservation_conflict(ctsio);
8037				ctl_done((union ctl_io *)ctsio);
8038		        	return (1);
8039			}
8040			lun->PRGeneration++;
8041			mtx_unlock(&lun->lun_lock);
8042
8043			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8044			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8045			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8046			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8047			persis_io.pr.pr_info.res_type = type;
8048			memcpy(persis_io.pr.pr_info.sa_res_key,
8049			       param->serv_act_res_key,
8050			       sizeof(param->serv_act_res_key));
8051			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8052			    sizeof(persis_io.pr), M_WAITOK);
8053		}
8054	}
8055	return (0);
8056}
8057
8058static void
8059ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8060{
8061	uint64_t sa_res_key;
8062	int i;
8063
8064	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8065
8066	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8067	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8068	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8069		if (sa_res_key == 0) {
8070			/*
8071			 * Unregister everybody else and build UA for
8072			 * them
8073			 */
8074			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8075				if (i == msg->pr.pr_info.residx ||
8076				    ctl_get_prkey(lun, i) == 0)
8077					continue;
8078
8079				ctl_clr_prkey(lun, i);
8080				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8081			}
8082
8083			lun->pr_key_count = 1;
8084			lun->res_type = msg->pr.pr_info.res_type;
8085			if (lun->res_type != SPR_TYPE_WR_EX_AR
8086			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8087				lun->pr_res_idx = msg->pr.pr_info.residx;
8088		} else {
8089		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8090				if (sa_res_key == ctl_get_prkey(lun, i))
8091					continue;
8092
8093				ctl_clr_prkey(lun, i);
8094				lun->pr_key_count--;
8095				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8096			}
8097		}
8098	} else {
8099		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8100			if (i == msg->pr.pr_info.residx ||
8101			    ctl_get_prkey(lun, i) == 0)
8102				continue;
8103
8104			if (sa_res_key == ctl_get_prkey(lun, i)) {
8105				ctl_clr_prkey(lun, i);
8106				lun->pr_key_count--;
8107				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8108			} else if (msg->pr.pr_info.res_type != lun->res_type
8109				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8110				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8111				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8112			}
8113		}
8114		lun->res_type = msg->pr.pr_info.res_type;
8115		if (lun->res_type != SPR_TYPE_WR_EX_AR
8116		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8117			lun->pr_res_idx = msg->pr.pr_info.residx;
8118		else
8119			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8120	}
8121	lun->PRGeneration++;
8122
8123}
8124
8125
8126int
8127ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8128{
8129	int retval;
8130	u_int32_t param_len;
8131	struct scsi_per_res_out *cdb;
8132	struct ctl_lun *lun;
8133	struct scsi_per_res_out_parms* param;
8134	struct ctl_softc *softc;
8135	uint32_t residx;
8136	uint64_t res_key, sa_res_key, key;
8137	uint8_t type;
8138	union ctl_ha_msg persis_io;
8139	int    i;
8140
8141	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8142
8143	retval = CTL_RETVAL_COMPLETE;
8144
8145	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8146	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8147	softc = lun->ctl_softc;
8148
8149	/*
8150	 * We only support whole-LUN scope.  The scope & type are ignored for
8151	 * register, register and ignore existing key and clear.
8152	 * We sometimes ignore scope and type on preempts too!!
8153	 * Verify reservation type here as well.
8154	 */
8155	type = cdb->scope_type & SPR_TYPE_MASK;
8156	if ((cdb->action == SPRO_RESERVE)
8157	 || (cdb->action == SPRO_RELEASE)) {
8158		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8159			ctl_set_invalid_field(/*ctsio*/ ctsio,
8160					      /*sks_valid*/ 1,
8161					      /*command*/ 1,
8162					      /*field*/ 2,
8163					      /*bit_valid*/ 1,
8164					      /*bit*/ 4);
8165			ctl_done((union ctl_io *)ctsio);
8166			return (CTL_RETVAL_COMPLETE);
8167		}
8168
8169		if (type>8 || type==2 || type==4 || type==0) {
8170			ctl_set_invalid_field(/*ctsio*/ ctsio,
8171					      /*sks_valid*/ 1,
8172					      /*command*/ 1,
8173					      /*field*/ 2,
8174					      /*bit_valid*/ 1,
8175					      /*bit*/ 0);
8176			ctl_done((union ctl_io *)ctsio);
8177			return (CTL_RETVAL_COMPLETE);
8178		}
8179	}
8180
8181	param_len = scsi_4btoul(cdb->length);
8182
8183	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8184		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8185		ctsio->kern_data_len = param_len;
8186		ctsio->kern_total_len = param_len;
8187		ctsio->kern_data_resid = 0;
8188		ctsio->kern_rel_offset = 0;
8189		ctsio->kern_sg_entries = 0;
8190		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8191		ctsio->be_move_done = ctl_config_move_done;
8192		ctl_datamove((union ctl_io *)ctsio);
8193
8194		return (CTL_RETVAL_COMPLETE);
8195	}
8196
8197	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8198
8199	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8200	res_key = scsi_8btou64(param->res_key.key);
8201	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8202
8203	/*
8204	 * Validate the reservation key here except for SPRO_REG_IGNO
8205	 * This must be done for all other service actions
8206	 */
8207	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8208		mtx_lock(&lun->lun_lock);
8209		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8210			if (res_key != key) {
8211				/*
8212				 * The current key passed in doesn't match
8213				 * the one the initiator previously
8214				 * registered.
8215				 */
8216				mtx_unlock(&lun->lun_lock);
8217				free(ctsio->kern_data_ptr, M_CTL);
8218				ctl_set_reservation_conflict(ctsio);
8219				ctl_done((union ctl_io *)ctsio);
8220				return (CTL_RETVAL_COMPLETE);
8221			}
8222		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8223			/*
8224			 * We are not registered
8225			 */
8226			mtx_unlock(&lun->lun_lock);
8227			free(ctsio->kern_data_ptr, M_CTL);
8228			ctl_set_reservation_conflict(ctsio);
8229			ctl_done((union ctl_io *)ctsio);
8230			return (CTL_RETVAL_COMPLETE);
8231		} else if (res_key != 0) {
8232			/*
8233			 * We are not registered and trying to register but
8234			 * the register key isn't zero.
8235			 */
8236			mtx_unlock(&lun->lun_lock);
8237			free(ctsio->kern_data_ptr, M_CTL);
8238			ctl_set_reservation_conflict(ctsio);
8239			ctl_done((union ctl_io *)ctsio);
8240			return (CTL_RETVAL_COMPLETE);
8241		}
8242		mtx_unlock(&lun->lun_lock);
8243	}
8244
8245	switch (cdb->action & SPRO_ACTION_MASK) {
8246	case SPRO_REGISTER:
8247	case SPRO_REG_IGNO: {
8248
8249#if 0
8250		printf("Registration received\n");
8251#endif
8252
8253		/*
8254		 * We don't support any of these options, as we report in
8255		 * the read capabilities request (see
8256		 * ctl_persistent_reserve_in(), above).
8257		 */
8258		if ((param->flags & SPR_SPEC_I_PT)
8259		 || (param->flags & SPR_ALL_TG_PT)
8260		 || (param->flags & SPR_APTPL)) {
8261			int bit_ptr;
8262
8263			if (param->flags & SPR_APTPL)
8264				bit_ptr = 0;
8265			else if (param->flags & SPR_ALL_TG_PT)
8266				bit_ptr = 2;
8267			else /* SPR_SPEC_I_PT */
8268				bit_ptr = 3;
8269
8270			free(ctsio->kern_data_ptr, M_CTL);
8271			ctl_set_invalid_field(ctsio,
8272					      /*sks_valid*/ 1,
8273					      /*command*/ 0,
8274					      /*field*/ 20,
8275					      /*bit_valid*/ 1,
8276					      /*bit*/ bit_ptr);
8277			ctl_done((union ctl_io *)ctsio);
8278			return (CTL_RETVAL_COMPLETE);
8279		}
8280
8281		mtx_lock(&lun->lun_lock);
8282
8283		/*
8284		 * The initiator wants to clear the
8285		 * key/unregister.
8286		 */
8287		if (sa_res_key == 0) {
8288			if ((res_key == 0
8289			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8290			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8291			  && ctl_get_prkey(lun, residx) == 0)) {
8292				mtx_unlock(&lun->lun_lock);
8293				goto done;
8294			}
8295
8296			ctl_clr_prkey(lun, residx);
8297			lun->pr_key_count--;
8298
8299			if (residx == lun->pr_res_idx) {
8300				lun->flags &= ~CTL_LUN_PR_RESERVED;
8301				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8302
8303				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8304				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8305				 && lun->pr_key_count) {
8306					/*
8307					 * If the reservation is a registrants
8308					 * only type we need to generate a UA
8309					 * for other registered inits.  The
8310					 * sense code should be RESERVATIONS
8311					 * RELEASED
8312					 */
8313
8314					for (i = softc->init_min; i < softc->init_max; i++){
8315						if (ctl_get_prkey(lun, i) == 0)
8316							continue;
8317						ctl_est_ua(lun, i,
8318						    CTL_UA_RES_RELEASE);
8319					}
8320				}
8321				lun->res_type = 0;
8322			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8323				if (lun->pr_key_count==0) {
8324					lun->flags &= ~CTL_LUN_PR_RESERVED;
8325					lun->res_type = 0;
8326					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8327				}
8328			}
8329			lun->PRGeneration++;
8330			mtx_unlock(&lun->lun_lock);
8331
8332			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8333			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8334			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8335			persis_io.pr.pr_info.residx = residx;
8336			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8337			    sizeof(persis_io.pr), M_WAITOK);
8338		} else /* sa_res_key != 0 */ {
8339
8340			/*
8341			 * If we aren't registered currently then increment
8342			 * the key count and set the registered flag.
8343			 */
8344			ctl_alloc_prkey(lun, residx);
8345			if (ctl_get_prkey(lun, residx) == 0)
8346				lun->pr_key_count++;
8347			ctl_set_prkey(lun, residx, sa_res_key);
8348			lun->PRGeneration++;
8349			mtx_unlock(&lun->lun_lock);
8350
8351			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8352			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8353			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8354			persis_io.pr.pr_info.residx = residx;
8355			memcpy(persis_io.pr.pr_info.sa_res_key,
8356			       param->serv_act_res_key,
8357			       sizeof(param->serv_act_res_key));
8358			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8359			    sizeof(persis_io.pr), M_WAITOK);
8360		}
8361
8362		break;
8363	}
8364	case SPRO_RESERVE:
8365#if 0
8366                printf("Reserve executed type %d\n", type);
8367#endif
8368		mtx_lock(&lun->lun_lock);
8369		if (lun->flags & CTL_LUN_PR_RESERVED) {
8370			/*
8371			 * if this isn't the reservation holder and it's
8372			 * not a "all registrants" type or if the type is
8373			 * different then we have a conflict
8374			 */
8375			if ((lun->pr_res_idx != residx
8376			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8377			 || lun->res_type != type) {
8378				mtx_unlock(&lun->lun_lock);
8379				free(ctsio->kern_data_ptr, M_CTL);
8380				ctl_set_reservation_conflict(ctsio);
8381				ctl_done((union ctl_io *)ctsio);
8382				return (CTL_RETVAL_COMPLETE);
8383			}
8384			mtx_unlock(&lun->lun_lock);
8385		} else /* create a reservation */ {
8386			/*
8387			 * If it's not an "all registrants" type record
8388			 * reservation holder
8389			 */
8390			if (type != SPR_TYPE_WR_EX_AR
8391			 && type != SPR_TYPE_EX_AC_AR)
8392				lun->pr_res_idx = residx; /* Res holder */
8393			else
8394				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8395
8396			lun->flags |= CTL_LUN_PR_RESERVED;
8397			lun->res_type = type;
8398
8399			mtx_unlock(&lun->lun_lock);
8400
8401			/* send msg to other side */
8402			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8403			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8404			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8405			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8406			persis_io.pr.pr_info.res_type = type;
8407			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8408			    sizeof(persis_io.pr), M_WAITOK);
8409		}
8410		break;
8411
8412	case SPRO_RELEASE:
8413		mtx_lock(&lun->lun_lock);
8414		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8415			/* No reservation exists return good status */
8416			mtx_unlock(&lun->lun_lock);
8417			goto done;
8418		}
8419		/*
8420		 * Is this nexus a reservation holder?
8421		 */
8422		if (lun->pr_res_idx != residx
8423		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8424			/*
8425			 * not a res holder return good status but
8426			 * do nothing
8427			 */
8428			mtx_unlock(&lun->lun_lock);
8429			goto done;
8430		}
8431
8432		if (lun->res_type != type) {
8433			mtx_unlock(&lun->lun_lock);
8434			free(ctsio->kern_data_ptr, M_CTL);
8435			ctl_set_illegal_pr_release(ctsio);
8436			ctl_done((union ctl_io *)ctsio);
8437			return (CTL_RETVAL_COMPLETE);
8438		}
8439
8440		/* okay to release */
8441		lun->flags &= ~CTL_LUN_PR_RESERVED;
8442		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8443		lun->res_type = 0;
8444
8445		/*
8446		 * if this isn't an exclusive access
8447		 * res generate UA for all other
8448		 * registrants.
8449		 */
8450		if (type != SPR_TYPE_EX_AC
8451		 && type != SPR_TYPE_WR_EX) {
8452			for (i = softc->init_min; i < softc->init_max; i++) {
8453				if (i == residx || ctl_get_prkey(lun, i) == 0)
8454					continue;
8455				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8456			}
8457		}
8458		mtx_unlock(&lun->lun_lock);
8459
8460		/* Send msg to other side */
8461		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8462		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8463		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8464		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8465		     sizeof(persis_io.pr), M_WAITOK);
8466		break;
8467
8468	case SPRO_CLEAR:
8469		/* send msg to other side */
8470
8471		mtx_lock(&lun->lun_lock);
8472		lun->flags &= ~CTL_LUN_PR_RESERVED;
8473		lun->res_type = 0;
8474		lun->pr_key_count = 0;
8475		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8476
8477		ctl_clr_prkey(lun, residx);
8478		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8479			if (ctl_get_prkey(lun, i) != 0) {
8480				ctl_clr_prkey(lun, i);
8481				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8482			}
8483		lun->PRGeneration++;
8484		mtx_unlock(&lun->lun_lock);
8485
8486		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8487		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8488		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8489		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8490		     sizeof(persis_io.pr), M_WAITOK);
8491		break;
8492
8493	case SPRO_PREEMPT:
8494	case SPRO_PRE_ABO: {
8495		int nretval;
8496
8497		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8498					  residx, ctsio, cdb, param);
8499		if (nretval != 0)
8500			return (CTL_RETVAL_COMPLETE);
8501		break;
8502	}
8503	default:
8504		panic("Invalid PR type %x", cdb->action);
8505	}
8506
8507done:
8508	free(ctsio->kern_data_ptr, M_CTL);
8509	ctl_set_success(ctsio);
8510	ctl_done((union ctl_io *)ctsio);
8511
8512	return (retval);
8513}
8514
8515/*
8516 * This routine is for handling a message from the other SC pertaining to
8517 * persistent reserve out. All the error checking will have been done
8518 * so only perorming the action need be done here to keep the two
8519 * in sync.
8520 */
8521static void
8522ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8523{
8524	struct ctl_lun *lun;
8525	struct ctl_softc *softc;
8526	int i;
8527	uint32_t residx, targ_lun;
8528
8529	softc = control_softc;
8530	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8531	mtx_lock(&softc->ctl_lock);
8532	if ((targ_lun >= CTL_MAX_LUNS) ||
8533	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8534		mtx_unlock(&softc->ctl_lock);
8535		return;
8536	}
8537	mtx_lock(&lun->lun_lock);
8538	mtx_unlock(&softc->ctl_lock);
8539	if (lun->flags & CTL_LUN_DISABLED) {
8540		mtx_unlock(&lun->lun_lock);
8541		return;
8542	}
8543	residx = ctl_get_initindex(&msg->hdr.nexus);
8544	switch(msg->pr.pr_info.action) {
8545	case CTL_PR_REG_KEY:
8546		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8547		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8548			lun->pr_key_count++;
8549		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8550		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8551		lun->PRGeneration++;
8552		break;
8553
8554	case CTL_PR_UNREG_KEY:
8555		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8556		lun->pr_key_count--;
8557
8558		/* XXX Need to see if the reservation has been released */
8559		/* if so do we need to generate UA? */
8560		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8561			lun->flags &= ~CTL_LUN_PR_RESERVED;
8562			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8563
8564			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8565			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8566			 && lun->pr_key_count) {
8567				/*
8568				 * If the reservation is a registrants
8569				 * only type we need to generate a UA
8570				 * for other registered inits.  The
8571				 * sense code should be RESERVATIONS
8572				 * RELEASED
8573				 */
8574
8575				for (i = softc->init_min; i < softc->init_max; i++) {
8576					if (ctl_get_prkey(lun, i) == 0)
8577						continue;
8578
8579					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8580				}
8581			}
8582			lun->res_type = 0;
8583		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8584			if (lun->pr_key_count==0) {
8585				lun->flags &= ~CTL_LUN_PR_RESERVED;
8586				lun->res_type = 0;
8587				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8588			}
8589		}
8590		lun->PRGeneration++;
8591		break;
8592
8593	case CTL_PR_RESERVE:
8594		lun->flags |= CTL_LUN_PR_RESERVED;
8595		lun->res_type = msg->pr.pr_info.res_type;
8596		lun->pr_res_idx = msg->pr.pr_info.residx;
8597
8598		break;
8599
8600	case CTL_PR_RELEASE:
8601		/*
8602		 * if this isn't an exclusive access res generate UA for all
8603		 * other registrants.
8604		 */
8605		if (lun->res_type != SPR_TYPE_EX_AC
8606		 && lun->res_type != SPR_TYPE_WR_EX) {
8607			for (i = softc->init_min; i < softc->init_max; i++)
8608				if (i == residx || ctl_get_prkey(lun, i) == 0)
8609					continue;
8610				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8611		}
8612
8613		lun->flags &= ~CTL_LUN_PR_RESERVED;
8614		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8615		lun->res_type = 0;
8616		break;
8617
8618	case CTL_PR_PREEMPT:
8619		ctl_pro_preempt_other(lun, msg);
8620		break;
8621	case CTL_PR_CLEAR:
8622		lun->flags &= ~CTL_LUN_PR_RESERVED;
8623		lun->res_type = 0;
8624		lun->pr_key_count = 0;
8625		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8626
8627		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8628			if (ctl_get_prkey(lun, i) == 0)
8629				continue;
8630			ctl_clr_prkey(lun, i);
8631			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8632		}
8633		lun->PRGeneration++;
8634		break;
8635	}
8636
8637	mtx_unlock(&lun->lun_lock);
8638}
8639
8640int
8641ctl_read_write(struct ctl_scsiio *ctsio)
8642{
8643	struct ctl_lun *lun;
8644	struct ctl_lba_len_flags *lbalen;
8645	uint64_t lba;
8646	uint32_t num_blocks;
8647	int flags, retval;
8648	int isread;
8649
8650	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8651
8652	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8653
8654	flags = 0;
8655	retval = CTL_RETVAL_COMPLETE;
8656
8657	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8658	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8659	switch (ctsio->cdb[0]) {
8660	case READ_6:
8661	case WRITE_6: {
8662		struct scsi_rw_6 *cdb;
8663
8664		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8665
8666		lba = scsi_3btoul(cdb->addr);
8667		/* only 5 bits are valid in the most significant address byte */
8668		lba &= 0x1fffff;
8669		num_blocks = cdb->length;
8670		/*
8671		 * This is correct according to SBC-2.
8672		 */
8673		if (num_blocks == 0)
8674			num_blocks = 256;
8675		break;
8676	}
8677	case READ_10:
8678	case WRITE_10: {
8679		struct scsi_rw_10 *cdb;
8680
8681		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8682		if (cdb->byte2 & SRW10_FUA)
8683			flags |= CTL_LLF_FUA;
8684		if (cdb->byte2 & SRW10_DPO)
8685			flags |= CTL_LLF_DPO;
8686		lba = scsi_4btoul(cdb->addr);
8687		num_blocks = scsi_2btoul(cdb->length);
8688		break;
8689	}
8690	case WRITE_VERIFY_10: {
8691		struct scsi_write_verify_10 *cdb;
8692
8693		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8694		flags |= CTL_LLF_FUA;
8695		if (cdb->byte2 & SWV_DPO)
8696			flags |= CTL_LLF_DPO;
8697		lba = scsi_4btoul(cdb->addr);
8698		num_blocks = scsi_2btoul(cdb->length);
8699		break;
8700	}
8701	case READ_12:
8702	case WRITE_12: {
8703		struct scsi_rw_12 *cdb;
8704
8705		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8706		if (cdb->byte2 & SRW12_FUA)
8707			flags |= CTL_LLF_FUA;
8708		if (cdb->byte2 & SRW12_DPO)
8709			flags |= CTL_LLF_DPO;
8710		lba = scsi_4btoul(cdb->addr);
8711		num_blocks = scsi_4btoul(cdb->length);
8712		break;
8713	}
8714	case WRITE_VERIFY_12: {
8715		struct scsi_write_verify_12 *cdb;
8716
8717		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8718		flags |= CTL_LLF_FUA;
8719		if (cdb->byte2 & SWV_DPO)
8720			flags |= CTL_LLF_DPO;
8721		lba = scsi_4btoul(cdb->addr);
8722		num_blocks = scsi_4btoul(cdb->length);
8723		break;
8724	}
8725	case READ_16:
8726	case WRITE_16: {
8727		struct scsi_rw_16 *cdb;
8728
8729		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8730		if (cdb->byte2 & SRW12_FUA)
8731			flags |= CTL_LLF_FUA;
8732		if (cdb->byte2 & SRW12_DPO)
8733			flags |= CTL_LLF_DPO;
8734		lba = scsi_8btou64(cdb->addr);
8735		num_blocks = scsi_4btoul(cdb->length);
8736		break;
8737	}
8738	case WRITE_ATOMIC_16: {
8739		struct scsi_rw_16 *cdb;
8740
8741		if (lun->be_lun->atomicblock == 0) {
8742			ctl_set_invalid_opcode(ctsio);
8743			ctl_done((union ctl_io *)ctsio);
8744			return (CTL_RETVAL_COMPLETE);
8745		}
8746
8747		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8748		if (cdb->byte2 & SRW12_FUA)
8749			flags |= CTL_LLF_FUA;
8750		if (cdb->byte2 & SRW12_DPO)
8751			flags |= CTL_LLF_DPO;
8752		lba = scsi_8btou64(cdb->addr);
8753		num_blocks = scsi_4btoul(cdb->length);
8754		if (num_blocks > lun->be_lun->atomicblock) {
8755			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8756			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8757			    /*bit*/ 0);
8758			ctl_done((union ctl_io *)ctsio);
8759			return (CTL_RETVAL_COMPLETE);
8760		}
8761		break;
8762	}
8763	case WRITE_VERIFY_16: {
8764		struct scsi_write_verify_16 *cdb;
8765
8766		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8767		flags |= CTL_LLF_FUA;
8768		if (cdb->byte2 & SWV_DPO)
8769			flags |= CTL_LLF_DPO;
8770		lba = scsi_8btou64(cdb->addr);
8771		num_blocks = scsi_4btoul(cdb->length);
8772		break;
8773	}
8774	default:
8775		/*
8776		 * We got a command we don't support.  This shouldn't
8777		 * happen, commands should be filtered out above us.
8778		 */
8779		ctl_set_invalid_opcode(ctsio);
8780		ctl_done((union ctl_io *)ctsio);
8781
8782		return (CTL_RETVAL_COMPLETE);
8783		break; /* NOTREACHED */
8784	}
8785
8786	/*
8787	 * The first check is to make sure we're in bounds, the second
8788	 * check is to catch wrap-around problems.  If the lba + num blocks
8789	 * is less than the lba, then we've wrapped around and the block
8790	 * range is invalid anyway.
8791	 */
8792	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8793	 || ((lba + num_blocks) < lba)) {
8794		ctl_set_lba_out_of_range(ctsio);
8795		ctl_done((union ctl_io *)ctsio);
8796		return (CTL_RETVAL_COMPLETE);
8797	}
8798
8799	/*
8800	 * According to SBC-3, a transfer length of 0 is not an error.
8801	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8802	 * translates to 256 blocks for those commands.
8803	 */
8804	if (num_blocks == 0) {
8805		ctl_set_success(ctsio);
8806		ctl_done((union ctl_io *)ctsio);
8807		return (CTL_RETVAL_COMPLETE);
8808	}
8809
8810	/* Set FUA and/or DPO if caches are disabled. */
8811	if (isread) {
8812		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8813		    SCP_RCD) != 0)
8814			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8815	} else {
8816		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8817		    SCP_WCE) == 0)
8818			flags |= CTL_LLF_FUA;
8819	}
8820
8821	lbalen = (struct ctl_lba_len_flags *)
8822	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8823	lbalen->lba = lba;
8824	lbalen->len = num_blocks;
8825	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8826
8827	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8828	ctsio->kern_rel_offset = 0;
8829
8830	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8831
8832	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8833
8834	return (retval);
8835}
8836
8837static int
8838ctl_cnw_cont(union ctl_io *io)
8839{
8840	struct ctl_scsiio *ctsio;
8841	struct ctl_lun *lun;
8842	struct ctl_lba_len_flags *lbalen;
8843	int retval;
8844
8845	ctsio = &io->scsiio;
8846	ctsio->io_hdr.status = CTL_STATUS_NONE;
8847	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8848	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8849	lbalen = (struct ctl_lba_len_flags *)
8850	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8851	lbalen->flags &= ~CTL_LLF_COMPARE;
8852	lbalen->flags |= CTL_LLF_WRITE;
8853
8854	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8855	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8856	return (retval);
8857}
8858
8859int
8860ctl_cnw(struct ctl_scsiio *ctsio)
8861{
8862	struct ctl_lun *lun;
8863	struct ctl_lba_len_flags *lbalen;
8864	uint64_t lba;
8865	uint32_t num_blocks;
8866	int flags, retval;
8867
8868	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8869
8870	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8871
8872	flags = 0;
8873	retval = CTL_RETVAL_COMPLETE;
8874
8875	switch (ctsio->cdb[0]) {
8876	case COMPARE_AND_WRITE: {
8877		struct scsi_compare_and_write *cdb;
8878
8879		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8880		if (cdb->byte2 & SRW10_FUA)
8881			flags |= CTL_LLF_FUA;
8882		if (cdb->byte2 & SRW10_DPO)
8883			flags |= CTL_LLF_DPO;
8884		lba = scsi_8btou64(cdb->addr);
8885		num_blocks = cdb->length;
8886		break;
8887	}
8888	default:
8889		/*
8890		 * We got a command we don't support.  This shouldn't
8891		 * happen, commands should be filtered out above us.
8892		 */
8893		ctl_set_invalid_opcode(ctsio);
8894		ctl_done((union ctl_io *)ctsio);
8895
8896		return (CTL_RETVAL_COMPLETE);
8897		break; /* NOTREACHED */
8898	}
8899
8900	/*
8901	 * The first check is to make sure we're in bounds, the second
8902	 * check is to catch wrap-around problems.  If the lba + num blocks
8903	 * is less than the lba, then we've wrapped around and the block
8904	 * range is invalid anyway.
8905	 */
8906	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8907	 || ((lba + num_blocks) < lba)) {
8908		ctl_set_lba_out_of_range(ctsio);
8909		ctl_done((union ctl_io *)ctsio);
8910		return (CTL_RETVAL_COMPLETE);
8911	}
8912
8913	/*
8914	 * According to SBC-3, a transfer length of 0 is not an error.
8915	 */
8916	if (num_blocks == 0) {
8917		ctl_set_success(ctsio);
8918		ctl_done((union ctl_io *)ctsio);
8919		return (CTL_RETVAL_COMPLETE);
8920	}
8921
8922	/* Set FUA if write cache is disabled. */
8923	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8924	    SCP_WCE) == 0)
8925		flags |= CTL_LLF_FUA;
8926
8927	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8928	ctsio->kern_rel_offset = 0;
8929
8930	/*
8931	 * Set the IO_CONT flag, so that if this I/O gets passed to
8932	 * ctl_data_submit_done(), it'll get passed back to
8933	 * ctl_ctl_cnw_cont() for further processing.
8934	 */
8935	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8936	ctsio->io_cont = ctl_cnw_cont;
8937
8938	lbalen = (struct ctl_lba_len_flags *)
8939	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8940	lbalen->lba = lba;
8941	lbalen->len = num_blocks;
8942	lbalen->flags = CTL_LLF_COMPARE | flags;
8943
8944	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8945	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8946	return (retval);
8947}
8948
8949int
8950ctl_verify(struct ctl_scsiio *ctsio)
8951{
8952	struct ctl_lun *lun;
8953	struct ctl_lba_len_flags *lbalen;
8954	uint64_t lba;
8955	uint32_t num_blocks;
8956	int bytchk, flags;
8957	int retval;
8958
8959	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8960
8961	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8962
8963	bytchk = 0;
8964	flags = CTL_LLF_FUA;
8965	retval = CTL_RETVAL_COMPLETE;
8966
8967	switch (ctsio->cdb[0]) {
8968	case VERIFY_10: {
8969		struct scsi_verify_10 *cdb;
8970
8971		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8972		if (cdb->byte2 & SVFY_BYTCHK)
8973			bytchk = 1;
8974		if (cdb->byte2 & SVFY_DPO)
8975			flags |= CTL_LLF_DPO;
8976		lba = scsi_4btoul(cdb->addr);
8977		num_blocks = scsi_2btoul(cdb->length);
8978		break;
8979	}
8980	case VERIFY_12: {
8981		struct scsi_verify_12 *cdb;
8982
8983		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8984		if (cdb->byte2 & SVFY_BYTCHK)
8985			bytchk = 1;
8986		if (cdb->byte2 & SVFY_DPO)
8987			flags |= CTL_LLF_DPO;
8988		lba = scsi_4btoul(cdb->addr);
8989		num_blocks = scsi_4btoul(cdb->length);
8990		break;
8991	}
8992	case VERIFY_16: {
8993		struct scsi_rw_16 *cdb;
8994
8995		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8996		if (cdb->byte2 & SVFY_BYTCHK)
8997			bytchk = 1;
8998		if (cdb->byte2 & SVFY_DPO)
8999			flags |= CTL_LLF_DPO;
9000		lba = scsi_8btou64(cdb->addr);
9001		num_blocks = scsi_4btoul(cdb->length);
9002		break;
9003	}
9004	default:
9005		/*
9006		 * We got a command we don't support.  This shouldn't
9007		 * happen, commands should be filtered out above us.
9008		 */
9009		ctl_set_invalid_opcode(ctsio);
9010		ctl_done((union ctl_io *)ctsio);
9011		return (CTL_RETVAL_COMPLETE);
9012	}
9013
9014	/*
9015	 * The first check is to make sure we're in bounds, the second
9016	 * check is to catch wrap-around problems.  If the lba + num blocks
9017	 * is less than the lba, then we've wrapped around and the block
9018	 * range is invalid anyway.
9019	 */
9020	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9021	 || ((lba + num_blocks) < lba)) {
9022		ctl_set_lba_out_of_range(ctsio);
9023		ctl_done((union ctl_io *)ctsio);
9024		return (CTL_RETVAL_COMPLETE);
9025	}
9026
9027	/*
9028	 * According to SBC-3, a transfer length of 0 is not an error.
9029	 */
9030	if (num_blocks == 0) {
9031		ctl_set_success(ctsio);
9032		ctl_done((union ctl_io *)ctsio);
9033		return (CTL_RETVAL_COMPLETE);
9034	}
9035
9036	lbalen = (struct ctl_lba_len_flags *)
9037	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9038	lbalen->lba = lba;
9039	lbalen->len = num_blocks;
9040	if (bytchk) {
9041		lbalen->flags = CTL_LLF_COMPARE | flags;
9042		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9043	} else {
9044		lbalen->flags = CTL_LLF_VERIFY | flags;
9045		ctsio->kern_total_len = 0;
9046	}
9047	ctsio->kern_rel_offset = 0;
9048
9049	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9050	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9051	return (retval);
9052}
9053
9054int
9055ctl_report_luns(struct ctl_scsiio *ctsio)
9056{
9057	struct ctl_softc *softc = control_softc;
9058	struct scsi_report_luns *cdb;
9059	struct scsi_report_luns_data *lun_data;
9060	struct ctl_lun *lun, *request_lun;
9061	struct ctl_port *port;
9062	int num_luns, retval;
9063	uint32_t alloc_len, lun_datalen;
9064	int num_filled, well_known;
9065	uint32_t initidx, targ_lun_id, lun_id;
9066
9067	retval = CTL_RETVAL_COMPLETE;
9068	well_known = 0;
9069
9070	cdb = (struct scsi_report_luns *)ctsio->cdb;
9071	port = ctl_io_port(&ctsio->io_hdr);
9072
9073	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9074
9075	mtx_lock(&softc->ctl_lock);
9076	num_luns = 0;
9077	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9078		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9079			num_luns++;
9080	}
9081	mtx_unlock(&softc->ctl_lock);
9082
9083	switch (cdb->select_report) {
9084	case RPL_REPORT_DEFAULT:
9085	case RPL_REPORT_ALL:
9086		break;
9087	case RPL_REPORT_WELLKNOWN:
9088		well_known = 1;
9089		num_luns = 0;
9090		break;
9091	default:
9092		ctl_set_invalid_field(ctsio,
9093				      /*sks_valid*/ 1,
9094				      /*command*/ 1,
9095				      /*field*/ 2,
9096				      /*bit_valid*/ 0,
9097				      /*bit*/ 0);
9098		ctl_done((union ctl_io *)ctsio);
9099		return (retval);
9100		break; /* NOTREACHED */
9101	}
9102
9103	alloc_len = scsi_4btoul(cdb->length);
9104	/*
9105	 * The initiator has to allocate at least 16 bytes for this request,
9106	 * so he can at least get the header and the first LUN.  Otherwise
9107	 * we reject the request (per SPC-3 rev 14, section 6.21).
9108	 */
9109	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9110	    sizeof(struct scsi_report_luns_lundata))) {
9111		ctl_set_invalid_field(ctsio,
9112				      /*sks_valid*/ 1,
9113				      /*command*/ 1,
9114				      /*field*/ 6,
9115				      /*bit_valid*/ 0,
9116				      /*bit*/ 0);
9117		ctl_done((union ctl_io *)ctsio);
9118		return (retval);
9119	}
9120
9121	request_lun = (struct ctl_lun *)
9122		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9123
9124	lun_datalen = sizeof(*lun_data) +
9125		(num_luns * sizeof(struct scsi_report_luns_lundata));
9126
9127	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9128	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9129	ctsio->kern_sg_entries = 0;
9130
9131	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9132
9133	mtx_lock(&softc->ctl_lock);
9134	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9135		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9136		if (lun_id >= CTL_MAX_LUNS)
9137			continue;
9138		lun = softc->ctl_luns[lun_id];
9139		if (lun == NULL)
9140			continue;
9141
9142		if (targ_lun_id <= 0xff) {
9143			/*
9144			 * Peripheral addressing method, bus number 0.
9145			 */
9146			lun_data->luns[num_filled].lundata[0] =
9147				RPL_LUNDATA_ATYP_PERIPH;
9148			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9149			num_filled++;
9150		} else if (targ_lun_id <= 0x3fff) {
9151			/*
9152			 * Flat addressing method.
9153			 */
9154			lun_data->luns[num_filled].lundata[0] =
9155				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9156			lun_data->luns[num_filled].lundata[1] =
9157				(targ_lun_id & 0xff);
9158			num_filled++;
9159		} else if (targ_lun_id <= 0xffffff) {
9160			/*
9161			 * Extended flat addressing method.
9162			 */
9163			lun_data->luns[num_filled].lundata[0] =
9164			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9165			scsi_ulto3b(targ_lun_id,
9166			    &lun_data->luns[num_filled].lundata[1]);
9167			num_filled++;
9168		} else {
9169			printf("ctl_report_luns: bogus LUN number %jd, "
9170			       "skipping\n", (intmax_t)targ_lun_id);
9171		}
9172		/*
9173		 * According to SPC-3, rev 14 section 6.21:
9174		 *
9175		 * "The execution of a REPORT LUNS command to any valid and
9176		 * installed logical unit shall clear the REPORTED LUNS DATA
9177		 * HAS CHANGED unit attention condition for all logical
9178		 * units of that target with respect to the requesting
9179		 * initiator. A valid and installed logical unit is one
9180		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9181		 * INQUIRY data (see 6.4.2)."
9182		 *
9183		 * If request_lun is NULL, the LUN this report luns command
9184		 * was issued to is either disabled or doesn't exist. In that
9185		 * case, we shouldn't clear any pending lun change unit
9186		 * attention.
9187		 */
9188		if (request_lun != NULL) {
9189			mtx_lock(&lun->lun_lock);
9190			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9191			mtx_unlock(&lun->lun_lock);
9192		}
9193	}
9194	mtx_unlock(&softc->ctl_lock);
9195
9196	/*
9197	 * It's quite possible that we've returned fewer LUNs than we allocated
9198	 * space for.  Trim it.
9199	 */
9200	lun_datalen = sizeof(*lun_data) +
9201		(num_filled * sizeof(struct scsi_report_luns_lundata));
9202
9203	if (lun_datalen < alloc_len) {
9204		ctsio->residual = alloc_len - lun_datalen;
9205		ctsio->kern_data_len = lun_datalen;
9206		ctsio->kern_total_len = lun_datalen;
9207	} else {
9208		ctsio->residual = 0;
9209		ctsio->kern_data_len = alloc_len;
9210		ctsio->kern_total_len = alloc_len;
9211	}
9212	ctsio->kern_data_resid = 0;
9213	ctsio->kern_rel_offset = 0;
9214	ctsio->kern_sg_entries = 0;
9215
9216	/*
9217	 * We set this to the actual data length, regardless of how much
9218	 * space we actually have to return results.  If the user looks at
9219	 * this value, he'll know whether or not he allocated enough space
9220	 * and reissue the command if necessary.  We don't support well
9221	 * known logical units, so if the user asks for that, return none.
9222	 */
9223	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9224
9225	/*
9226	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9227	 * this request.
9228	 */
9229	ctl_set_success(ctsio);
9230	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9231	ctsio->be_move_done = ctl_config_move_done;
9232	ctl_datamove((union ctl_io *)ctsio);
9233	return (retval);
9234}
9235
9236int
9237ctl_request_sense(struct ctl_scsiio *ctsio)
9238{
9239	struct scsi_request_sense *cdb;
9240	struct scsi_sense_data *sense_ptr;
9241	struct ctl_softc *ctl_softc;
9242	struct ctl_lun *lun;
9243	uint32_t initidx;
9244	int have_error;
9245	scsi_sense_data_type sense_format;
9246	ctl_ua_type ua_type;
9247
9248	cdb = (struct scsi_request_sense *)ctsio->cdb;
9249
9250	ctl_softc = control_softc;
9251	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9252
9253	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9254
9255	/*
9256	 * Determine which sense format the user wants.
9257	 */
9258	if (cdb->byte2 & SRS_DESC)
9259		sense_format = SSD_TYPE_DESC;
9260	else
9261		sense_format = SSD_TYPE_FIXED;
9262
9263	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9264	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9265	ctsio->kern_sg_entries = 0;
9266
9267	/*
9268	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9269	 * larger than the largest allowed value for the length field in the
9270	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9271	 */
9272	ctsio->residual = 0;
9273	ctsio->kern_data_len = cdb->length;
9274	ctsio->kern_total_len = cdb->length;
9275
9276	ctsio->kern_data_resid = 0;
9277	ctsio->kern_rel_offset = 0;
9278	ctsio->kern_sg_entries = 0;
9279
9280	/*
9281	 * If we don't have a LUN, we don't have any pending sense.
9282	 */
9283	if (lun == NULL)
9284		goto no_sense;
9285
9286	have_error = 0;
9287	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9288	/*
9289	 * Check for pending sense, and then for pending unit attentions.
9290	 * Pending sense gets returned first, then pending unit attentions.
9291	 */
9292	mtx_lock(&lun->lun_lock);
9293#ifdef CTL_WITH_CA
9294	if (ctl_is_set(lun->have_ca, initidx)) {
9295		scsi_sense_data_type stored_format;
9296
9297		/*
9298		 * Check to see which sense format was used for the stored
9299		 * sense data.
9300		 */
9301		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9302
9303		/*
9304		 * If the user requested a different sense format than the
9305		 * one we stored, then we need to convert it to the other
9306		 * format.  If we're going from descriptor to fixed format
9307		 * sense data, we may lose things in translation, depending
9308		 * on what options were used.
9309		 *
9310		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9311		 * for some reason we'll just copy it out as-is.
9312		 */
9313		if ((stored_format == SSD_TYPE_FIXED)
9314		 && (sense_format == SSD_TYPE_DESC))
9315			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9316			    &lun->pending_sense[initidx],
9317			    (struct scsi_sense_data_desc *)sense_ptr);
9318		else if ((stored_format == SSD_TYPE_DESC)
9319		      && (sense_format == SSD_TYPE_FIXED))
9320			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9321			    &lun->pending_sense[initidx],
9322			    (struct scsi_sense_data_fixed *)sense_ptr);
9323		else
9324			memcpy(sense_ptr, &lun->pending_sense[initidx],
9325			       MIN(sizeof(*sense_ptr),
9326			       sizeof(lun->pending_sense[initidx])));
9327
9328		ctl_clear_mask(lun->have_ca, initidx);
9329		have_error = 1;
9330	} else
9331#endif
9332	{
9333		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9334		if (ua_type != CTL_UA_NONE)
9335			have_error = 1;
9336		if (ua_type == CTL_UA_LUN_CHANGE) {
9337			mtx_unlock(&lun->lun_lock);
9338			mtx_lock(&ctl_softc->ctl_lock);
9339			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9340			mtx_unlock(&ctl_softc->ctl_lock);
9341			mtx_lock(&lun->lun_lock);
9342		}
9343
9344	}
9345	mtx_unlock(&lun->lun_lock);
9346
9347	/*
9348	 * We already have a pending error, return it.
9349	 */
9350	if (have_error != 0) {
9351		/*
9352		 * We report the SCSI status as OK, since the status of the
9353		 * request sense command itself is OK.
9354		 * We report 0 for the sense length, because we aren't doing
9355		 * autosense in this case.  We're reporting sense as
9356		 * parameter data.
9357		 */
9358		ctl_set_success(ctsio);
9359		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9360		ctsio->be_move_done = ctl_config_move_done;
9361		ctl_datamove((union ctl_io *)ctsio);
9362		return (CTL_RETVAL_COMPLETE);
9363	}
9364
9365no_sense:
9366
9367	/*
9368	 * No sense information to report, so we report that everything is
9369	 * okay.
9370	 */
9371	ctl_set_sense_data(sense_ptr,
9372			   lun,
9373			   sense_format,
9374			   /*current_error*/ 1,
9375			   /*sense_key*/ SSD_KEY_NO_SENSE,
9376			   /*asc*/ 0x00,
9377			   /*ascq*/ 0x00,
9378			   SSD_ELEM_NONE);
9379
9380	/*
9381	 * We report 0 for the sense length, because we aren't doing
9382	 * autosense in this case.  We're reporting sense as parameter data.
9383	 */
9384	ctl_set_success(ctsio);
9385	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9386	ctsio->be_move_done = ctl_config_move_done;
9387	ctl_datamove((union ctl_io *)ctsio);
9388	return (CTL_RETVAL_COMPLETE);
9389}
9390
9391int
9392ctl_tur(struct ctl_scsiio *ctsio)
9393{
9394
9395	CTL_DEBUG_PRINT(("ctl_tur\n"));
9396
9397	ctl_set_success(ctsio);
9398	ctl_done((union ctl_io *)ctsio);
9399
9400	return (CTL_RETVAL_COMPLETE);
9401}
9402
9403/*
9404 * SCSI VPD page 0x00, the Supported VPD Pages page.
9405 */
9406static int
9407ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9408{
9409	struct scsi_vpd_supported_pages *pages;
9410	int sup_page_size;
9411	struct ctl_lun *lun;
9412	int p;
9413
9414	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9415
9416	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9417	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9418	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9419	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9420	ctsio->kern_sg_entries = 0;
9421
9422	if (sup_page_size < alloc_len) {
9423		ctsio->residual = alloc_len - sup_page_size;
9424		ctsio->kern_data_len = sup_page_size;
9425		ctsio->kern_total_len = sup_page_size;
9426	} else {
9427		ctsio->residual = 0;
9428		ctsio->kern_data_len = alloc_len;
9429		ctsio->kern_total_len = alloc_len;
9430	}
9431	ctsio->kern_data_resid = 0;
9432	ctsio->kern_rel_offset = 0;
9433	ctsio->kern_sg_entries = 0;
9434
9435	/*
9436	 * The control device is always connected.  The disk device, on the
9437	 * other hand, may not be online all the time.  Need to change this
9438	 * to figure out whether the disk device is actually online or not.
9439	 */
9440	if (lun != NULL)
9441		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9442				lun->be_lun->lun_type;
9443	else
9444		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9445
9446	p = 0;
9447	/* Supported VPD pages */
9448	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9449	/* Serial Number */
9450	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9451	/* Device Identification */
9452	pages->page_list[p++] = SVPD_DEVICE_ID;
9453	/* Extended INQUIRY Data */
9454	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9455	/* Mode Page Policy */
9456	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9457	/* SCSI Ports */
9458	pages->page_list[p++] = SVPD_SCSI_PORTS;
9459	/* Third-party Copy */
9460	pages->page_list[p++] = SVPD_SCSI_TPC;
9461	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9462		/* Block limits */
9463		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9464		/* Block Device Characteristics */
9465		pages->page_list[p++] = SVPD_BDC;
9466		/* Logical Block Provisioning */
9467		pages->page_list[p++] = SVPD_LBP;
9468	}
9469	pages->length = p;
9470
9471	ctl_set_success(ctsio);
9472	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9473	ctsio->be_move_done = ctl_config_move_done;
9474	ctl_datamove((union ctl_io *)ctsio);
9475	return (CTL_RETVAL_COMPLETE);
9476}
9477
9478/*
9479 * SCSI VPD page 0x80, the Unit Serial Number page.
9480 */
9481static int
9482ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9483{
9484	struct scsi_vpd_unit_serial_number *sn_ptr;
9485	struct ctl_lun *lun;
9486	int data_len;
9487
9488	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9489
9490	data_len = 4 + CTL_SN_LEN;
9491	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9492	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9493	if (data_len < alloc_len) {
9494		ctsio->residual = alloc_len - data_len;
9495		ctsio->kern_data_len = data_len;
9496		ctsio->kern_total_len = data_len;
9497	} else {
9498		ctsio->residual = 0;
9499		ctsio->kern_data_len = alloc_len;
9500		ctsio->kern_total_len = alloc_len;
9501	}
9502	ctsio->kern_data_resid = 0;
9503	ctsio->kern_rel_offset = 0;
9504	ctsio->kern_sg_entries = 0;
9505
9506	/*
9507	 * The control device is always connected.  The disk device, on the
9508	 * other hand, may not be online all the time.  Need to change this
9509	 * to figure out whether the disk device is actually online or not.
9510	 */
9511	if (lun != NULL)
9512		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9513				  lun->be_lun->lun_type;
9514	else
9515		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9516
9517	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9518	sn_ptr->length = CTL_SN_LEN;
9519	/*
9520	 * If we don't have a LUN, we just leave the serial number as
9521	 * all spaces.
9522	 */
9523	if (lun != NULL) {
9524		strncpy((char *)sn_ptr->serial_num,
9525			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9526	} else
9527		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9528
9529	ctl_set_success(ctsio);
9530	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9531	ctsio->be_move_done = ctl_config_move_done;
9532	ctl_datamove((union ctl_io *)ctsio);
9533	return (CTL_RETVAL_COMPLETE);
9534}
9535
9536
9537/*
9538 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9539 */
9540static int
9541ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9542{
9543	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9544	struct ctl_lun *lun;
9545	int data_len;
9546
9547	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9548
9549	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9550	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9551	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9552	ctsio->kern_sg_entries = 0;
9553
9554	if (data_len < alloc_len) {
9555		ctsio->residual = alloc_len - data_len;
9556		ctsio->kern_data_len = data_len;
9557		ctsio->kern_total_len = data_len;
9558	} else {
9559		ctsio->residual = 0;
9560		ctsio->kern_data_len = alloc_len;
9561		ctsio->kern_total_len = alloc_len;
9562	}
9563	ctsio->kern_data_resid = 0;
9564	ctsio->kern_rel_offset = 0;
9565	ctsio->kern_sg_entries = 0;
9566
9567	/*
9568	 * The control device is always connected.  The disk device, on the
9569	 * other hand, may not be online all the time.
9570	 */
9571	if (lun != NULL)
9572		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9573				     lun->be_lun->lun_type;
9574	else
9575		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9576	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9577	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9578	/*
9579	 * We support head of queue, ordered and simple tags.
9580	 */
9581	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9582	/*
9583	 * Volatile cache supported.
9584	 */
9585	eid_ptr->flags3 = SVPD_EID_V_SUP;
9586
9587	/*
9588	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9589	 * attention for a particular IT nexus on all LUNs once we report
9590	 * it to that nexus once.  This bit is required as of SPC-4.
9591	 */
9592	eid_ptr->flags4 = SVPD_EID_LUICLT;
9593
9594	/*
9595	 * XXX KDM in order to correctly answer this, we would need
9596	 * information from the SIM to determine how much sense data it
9597	 * can send.  So this would really be a path inquiry field, most
9598	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9599	 * but the hardware may or may not be able to support that much.
9600	 * 0 just means that the maximum sense data length is not reported.
9601	 */
9602	eid_ptr->max_sense_length = 0;
9603
9604	ctl_set_success(ctsio);
9605	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9606	ctsio->be_move_done = ctl_config_move_done;
9607	ctl_datamove((union ctl_io *)ctsio);
9608	return (CTL_RETVAL_COMPLETE);
9609}
9610
9611static int
9612ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9613{
9614	struct scsi_vpd_mode_page_policy *mpp_ptr;
9615	struct ctl_lun *lun;
9616	int data_len;
9617
9618	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9619
9620	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9621	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9622
9623	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9624	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9625	ctsio->kern_sg_entries = 0;
9626
9627	if (data_len < alloc_len) {
9628		ctsio->residual = alloc_len - data_len;
9629		ctsio->kern_data_len = data_len;
9630		ctsio->kern_total_len = data_len;
9631	} else {
9632		ctsio->residual = 0;
9633		ctsio->kern_data_len = alloc_len;
9634		ctsio->kern_total_len = alloc_len;
9635	}
9636	ctsio->kern_data_resid = 0;
9637	ctsio->kern_rel_offset = 0;
9638	ctsio->kern_sg_entries = 0;
9639
9640	/*
9641	 * The control device is always connected.  The disk device, on the
9642	 * other hand, may not be online all the time.
9643	 */
9644	if (lun != NULL)
9645		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9646				     lun->be_lun->lun_type;
9647	else
9648		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9649	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9650	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9651	mpp_ptr->descr[0].page_code = 0x3f;
9652	mpp_ptr->descr[0].subpage_code = 0xff;
9653	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9654
9655	ctl_set_success(ctsio);
9656	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9657	ctsio->be_move_done = ctl_config_move_done;
9658	ctl_datamove((union ctl_io *)ctsio);
9659	return (CTL_RETVAL_COMPLETE);
9660}
9661
9662/*
9663 * SCSI VPD page 0x83, the Device Identification page.
9664 */
9665static int
9666ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9667{
9668	struct scsi_vpd_device_id *devid_ptr;
9669	struct scsi_vpd_id_descriptor *desc;
9670	struct ctl_softc *softc;
9671	struct ctl_lun *lun;
9672	struct ctl_port *port;
9673	int data_len;
9674	uint8_t proto;
9675
9676	softc = control_softc;
9677
9678	port = ctl_io_port(&ctsio->io_hdr);
9679	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9680
9681	data_len = sizeof(struct scsi_vpd_device_id) +
9682	    sizeof(struct scsi_vpd_id_descriptor) +
9683		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9684	    sizeof(struct scsi_vpd_id_descriptor) +
9685		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9686	if (lun && lun->lun_devid)
9687		data_len += lun->lun_devid->len;
9688	if (port && port->port_devid)
9689		data_len += port->port_devid->len;
9690	if (port && port->target_devid)
9691		data_len += port->target_devid->len;
9692
9693	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9694	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9695	ctsio->kern_sg_entries = 0;
9696
9697	if (data_len < alloc_len) {
9698		ctsio->residual = alloc_len - data_len;
9699		ctsio->kern_data_len = data_len;
9700		ctsio->kern_total_len = data_len;
9701	} else {
9702		ctsio->residual = 0;
9703		ctsio->kern_data_len = alloc_len;
9704		ctsio->kern_total_len = alloc_len;
9705	}
9706	ctsio->kern_data_resid = 0;
9707	ctsio->kern_rel_offset = 0;
9708	ctsio->kern_sg_entries = 0;
9709
9710	/*
9711	 * The control device is always connected.  The disk device, on the
9712	 * other hand, may not be online all the time.
9713	 */
9714	if (lun != NULL)
9715		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9716				     lun->be_lun->lun_type;
9717	else
9718		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9719	devid_ptr->page_code = SVPD_DEVICE_ID;
9720	scsi_ulto2b(data_len - 4, devid_ptr->length);
9721
9722	if (port && port->port_type == CTL_PORT_FC)
9723		proto = SCSI_PROTO_FC << 4;
9724	else if (port && port->port_type == CTL_PORT_ISCSI)
9725		proto = SCSI_PROTO_ISCSI << 4;
9726	else
9727		proto = SCSI_PROTO_SPI << 4;
9728	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9729
9730	/*
9731	 * We're using a LUN association here.  i.e., this device ID is a
9732	 * per-LUN identifier.
9733	 */
9734	if (lun && lun->lun_devid) {
9735		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9736		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9737		    lun->lun_devid->len);
9738	}
9739
9740	/*
9741	 * This is for the WWPN which is a port association.
9742	 */
9743	if (port && port->port_devid) {
9744		memcpy(desc, port->port_devid->data, port->port_devid->len);
9745		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9746		    port->port_devid->len);
9747	}
9748
9749	/*
9750	 * This is for the Relative Target Port(type 4h) identifier
9751	 */
9752	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9753	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9754	    SVPD_ID_TYPE_RELTARG;
9755	desc->length = 4;
9756	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9757	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9758	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9759
9760	/*
9761	 * This is for the Target Port Group(type 5h) identifier
9762	 */
9763	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9764	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9765	    SVPD_ID_TYPE_TPORTGRP;
9766	desc->length = 4;
9767	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9768	    &desc->identifier[2]);
9769	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9770	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9771
9772	/*
9773	 * This is for the Target identifier
9774	 */
9775	if (port && port->target_devid) {
9776		memcpy(desc, port->target_devid->data, port->target_devid->len);
9777	}
9778
9779	ctl_set_success(ctsio);
9780	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9781	ctsio->be_move_done = ctl_config_move_done;
9782	ctl_datamove((union ctl_io *)ctsio);
9783	return (CTL_RETVAL_COMPLETE);
9784}
9785
9786static int
9787ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9788{
9789	struct ctl_softc *softc = control_softc;
9790	struct scsi_vpd_scsi_ports *sp;
9791	struct scsi_vpd_port_designation *pd;
9792	struct scsi_vpd_port_designation_cont *pdc;
9793	struct ctl_lun *lun;
9794	struct ctl_port *port;
9795	int data_len, num_target_ports, iid_len, id_len;
9796
9797	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9798
9799	num_target_ports = 0;
9800	iid_len = 0;
9801	id_len = 0;
9802	mtx_lock(&softc->ctl_lock);
9803	STAILQ_FOREACH(port, &softc->port_list, links) {
9804		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9805			continue;
9806		if (lun != NULL &&
9807		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9808			continue;
9809		num_target_ports++;
9810		if (port->init_devid)
9811			iid_len += port->init_devid->len;
9812		if (port->port_devid)
9813			id_len += port->port_devid->len;
9814	}
9815	mtx_unlock(&softc->ctl_lock);
9816
9817	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9818	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9819	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9820	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9821	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9822	ctsio->kern_sg_entries = 0;
9823
9824	if (data_len < alloc_len) {
9825		ctsio->residual = alloc_len - data_len;
9826		ctsio->kern_data_len = data_len;
9827		ctsio->kern_total_len = data_len;
9828	} else {
9829		ctsio->residual = 0;
9830		ctsio->kern_data_len = alloc_len;
9831		ctsio->kern_total_len = alloc_len;
9832	}
9833	ctsio->kern_data_resid = 0;
9834	ctsio->kern_rel_offset = 0;
9835	ctsio->kern_sg_entries = 0;
9836
9837	/*
9838	 * The control device is always connected.  The disk device, on the
9839	 * other hand, may not be online all the time.  Need to change this
9840	 * to figure out whether the disk device is actually online or not.
9841	 */
9842	if (lun != NULL)
9843		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9844				  lun->be_lun->lun_type;
9845	else
9846		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9847
9848	sp->page_code = SVPD_SCSI_PORTS;
9849	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9850	    sp->page_length);
9851	pd = &sp->design[0];
9852
9853	mtx_lock(&softc->ctl_lock);
9854	STAILQ_FOREACH(port, &softc->port_list, links) {
9855		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9856			continue;
9857		if (lun != NULL &&
9858		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9859			continue;
9860		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9861		if (port->init_devid) {
9862			iid_len = port->init_devid->len;
9863			memcpy(pd->initiator_transportid,
9864			    port->init_devid->data, port->init_devid->len);
9865		} else
9866			iid_len = 0;
9867		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9868		pdc = (struct scsi_vpd_port_designation_cont *)
9869		    (&pd->initiator_transportid[iid_len]);
9870		if (port->port_devid) {
9871			id_len = port->port_devid->len;
9872			memcpy(pdc->target_port_descriptors,
9873			    port->port_devid->data, port->port_devid->len);
9874		} else
9875			id_len = 0;
9876		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9877		pd = (struct scsi_vpd_port_designation *)
9878		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9879	}
9880	mtx_unlock(&softc->ctl_lock);
9881
9882	ctl_set_success(ctsio);
9883	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9884	ctsio->be_move_done = ctl_config_move_done;
9885	ctl_datamove((union ctl_io *)ctsio);
9886	return (CTL_RETVAL_COMPLETE);
9887}
9888
9889static int
9890ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9891{
9892	struct scsi_vpd_block_limits *bl_ptr;
9893	struct ctl_lun *lun;
9894	int bs;
9895
9896	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9897
9898	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9899	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9900	ctsio->kern_sg_entries = 0;
9901
9902	if (sizeof(*bl_ptr) < alloc_len) {
9903		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9904		ctsio->kern_data_len = sizeof(*bl_ptr);
9905		ctsio->kern_total_len = sizeof(*bl_ptr);
9906	} else {
9907		ctsio->residual = 0;
9908		ctsio->kern_data_len = alloc_len;
9909		ctsio->kern_total_len = alloc_len;
9910	}
9911	ctsio->kern_data_resid = 0;
9912	ctsio->kern_rel_offset = 0;
9913	ctsio->kern_sg_entries = 0;
9914
9915	/*
9916	 * The control device is always connected.  The disk device, on the
9917	 * other hand, may not be online all the time.  Need to change this
9918	 * to figure out whether the disk device is actually online or not.
9919	 */
9920	if (lun != NULL)
9921		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9922				  lun->be_lun->lun_type;
9923	else
9924		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9925
9926	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9927	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9928	bl_ptr->max_cmp_write_len = 0xff;
9929	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9930	if (lun != NULL) {
9931		bs = lun->be_lun->blocksize;
9932		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9933		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9934			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9935			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9936			if (lun->be_lun->ublockexp != 0) {
9937				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9938				    bl_ptr->opt_unmap_grain);
9939				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9940				    bl_ptr->unmap_grain_align);
9941			}
9942		}
9943		scsi_ulto4b(lun->be_lun->atomicblock,
9944		    bl_ptr->max_atomic_transfer_length);
9945		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9946		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9947	}
9948	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9949
9950	ctl_set_success(ctsio);
9951	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9952	ctsio->be_move_done = ctl_config_move_done;
9953	ctl_datamove((union ctl_io *)ctsio);
9954	return (CTL_RETVAL_COMPLETE);
9955}
9956
9957static int
9958ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9959{
9960	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9961	struct ctl_lun *lun;
9962	const char *value;
9963	u_int i;
9964
9965	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9966
9967	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9968	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9969	ctsio->kern_sg_entries = 0;
9970
9971	if (sizeof(*bdc_ptr) < alloc_len) {
9972		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9973		ctsio->kern_data_len = sizeof(*bdc_ptr);
9974		ctsio->kern_total_len = sizeof(*bdc_ptr);
9975	} else {
9976		ctsio->residual = 0;
9977		ctsio->kern_data_len = alloc_len;
9978		ctsio->kern_total_len = alloc_len;
9979	}
9980	ctsio->kern_data_resid = 0;
9981	ctsio->kern_rel_offset = 0;
9982	ctsio->kern_sg_entries = 0;
9983
9984	/*
9985	 * The control device is always connected.  The disk device, on the
9986	 * other hand, may not be online all the time.  Need to change this
9987	 * to figure out whether the disk device is actually online or not.
9988	 */
9989	if (lun != NULL)
9990		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9991				  lun->be_lun->lun_type;
9992	else
9993		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9994	bdc_ptr->page_code = SVPD_BDC;
9995	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9996	if (lun != NULL &&
9997	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9998		i = strtol(value, NULL, 0);
9999	else
10000		i = CTL_DEFAULT_ROTATION_RATE;
10001	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10002	if (lun != NULL &&
10003	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10004		i = strtol(value, NULL, 0);
10005	else
10006		i = 0;
10007	bdc_ptr->wab_wac_ff = (i & 0x0f);
10008	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10009
10010	ctl_set_success(ctsio);
10011	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10012	ctsio->be_move_done = ctl_config_move_done;
10013	ctl_datamove((union ctl_io *)ctsio);
10014	return (CTL_RETVAL_COMPLETE);
10015}
10016
10017static int
10018ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10019{
10020	struct scsi_vpd_logical_block_prov *lbp_ptr;
10021	struct ctl_lun *lun;
10022
10023	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10024
10025	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10026	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10027	ctsio->kern_sg_entries = 0;
10028
10029	if (sizeof(*lbp_ptr) < alloc_len) {
10030		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10031		ctsio->kern_data_len = sizeof(*lbp_ptr);
10032		ctsio->kern_total_len = sizeof(*lbp_ptr);
10033	} else {
10034		ctsio->residual = 0;
10035		ctsio->kern_data_len = alloc_len;
10036		ctsio->kern_total_len = alloc_len;
10037	}
10038	ctsio->kern_data_resid = 0;
10039	ctsio->kern_rel_offset = 0;
10040	ctsio->kern_sg_entries = 0;
10041
10042	/*
10043	 * The control device is always connected.  The disk device, on the
10044	 * other hand, may not be online all the time.  Need to change this
10045	 * to figure out whether the disk device is actually online or not.
10046	 */
10047	if (lun != NULL)
10048		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10049				  lun->be_lun->lun_type;
10050	else
10051		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10052
10053	lbp_ptr->page_code = SVPD_LBP;
10054	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10055	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10056	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10057		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10058		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10059		lbp_ptr->prov_type = SVPD_LBP_THIN;
10060	}
10061
10062	ctl_set_success(ctsio);
10063	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10064	ctsio->be_move_done = ctl_config_move_done;
10065	ctl_datamove((union ctl_io *)ctsio);
10066	return (CTL_RETVAL_COMPLETE);
10067}
10068
10069/*
10070 * INQUIRY with the EVPD bit set.
10071 */
10072static int
10073ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10074{
10075	struct ctl_lun *lun;
10076	struct scsi_inquiry *cdb;
10077	int alloc_len, retval;
10078
10079	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10080	cdb = (struct scsi_inquiry *)ctsio->cdb;
10081	alloc_len = scsi_2btoul(cdb->length);
10082
10083	switch (cdb->page_code) {
10084	case SVPD_SUPPORTED_PAGES:
10085		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10086		break;
10087	case SVPD_UNIT_SERIAL_NUMBER:
10088		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10089		break;
10090	case SVPD_DEVICE_ID:
10091		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10092		break;
10093	case SVPD_EXTENDED_INQUIRY_DATA:
10094		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10095		break;
10096	case SVPD_MODE_PAGE_POLICY:
10097		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10098		break;
10099	case SVPD_SCSI_PORTS:
10100		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10101		break;
10102	case SVPD_SCSI_TPC:
10103		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10104		break;
10105	case SVPD_BLOCK_LIMITS:
10106		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10107			goto err;
10108		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10109		break;
10110	case SVPD_BDC:
10111		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10112			goto err;
10113		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10114		break;
10115	case SVPD_LBP:
10116		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10117			goto err;
10118		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10119		break;
10120	default:
10121err:
10122		ctl_set_invalid_field(ctsio,
10123				      /*sks_valid*/ 1,
10124				      /*command*/ 1,
10125				      /*field*/ 2,
10126				      /*bit_valid*/ 0,
10127				      /*bit*/ 0);
10128		ctl_done((union ctl_io *)ctsio);
10129		retval = CTL_RETVAL_COMPLETE;
10130		break;
10131	}
10132
10133	return (retval);
10134}
10135
10136/*
10137 * Standard INQUIRY data.
10138 */
10139static int
10140ctl_inquiry_std(struct ctl_scsiio *ctsio)
10141{
10142	struct scsi_inquiry_data *inq_ptr;
10143	struct scsi_inquiry *cdb;
10144	struct ctl_softc *softc;
10145	struct ctl_port *port;
10146	struct ctl_lun *lun;
10147	char *val;
10148	uint32_t alloc_len, data_len;
10149	ctl_port_type port_type;
10150
10151	softc = control_softc;
10152
10153	/*
10154	 * Figure out whether we're talking to a Fibre Channel port or not.
10155	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10156	 * SCSI front ends.
10157	 */
10158	port = ctl_io_port(&ctsio->io_hdr);
10159	if (port != NULL)
10160		port_type = port->port_type;
10161	else
10162		port_type = CTL_PORT_SCSI;
10163	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10164		port_type = CTL_PORT_SCSI;
10165
10166	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10167	cdb = (struct scsi_inquiry *)ctsio->cdb;
10168	alloc_len = scsi_2btoul(cdb->length);
10169
10170	/*
10171	 * We malloc the full inquiry data size here and fill it
10172	 * in.  If the user only asks for less, we'll give him
10173	 * that much.
10174	 */
10175	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10176	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10177	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10178	ctsio->kern_sg_entries = 0;
10179	ctsio->kern_data_resid = 0;
10180	ctsio->kern_rel_offset = 0;
10181
10182	if (data_len < alloc_len) {
10183		ctsio->residual = alloc_len - data_len;
10184		ctsio->kern_data_len = data_len;
10185		ctsio->kern_total_len = data_len;
10186	} else {
10187		ctsio->residual = 0;
10188		ctsio->kern_data_len = alloc_len;
10189		ctsio->kern_total_len = alloc_len;
10190	}
10191
10192	if (lun != NULL) {
10193		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10194		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10195			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10196			    lun->be_lun->lun_type;
10197		} else {
10198			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10199			    lun->be_lun->lun_type;
10200		}
10201	} else
10202		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10203
10204	/* RMB in byte 2 is 0 */
10205	inq_ptr->version = SCSI_REV_SPC4;
10206
10207	/*
10208	 * According to SAM-3, even if a device only supports a single
10209	 * level of LUN addressing, it should still set the HISUP bit:
10210	 *
10211	 * 4.9.1 Logical unit numbers overview
10212	 *
10213	 * All logical unit number formats described in this standard are
10214	 * hierarchical in structure even when only a single level in that
10215	 * hierarchy is used. The HISUP bit shall be set to one in the
10216	 * standard INQUIRY data (see SPC-2) when any logical unit number
10217	 * format described in this standard is used.  Non-hierarchical
10218	 * formats are outside the scope of this standard.
10219	 *
10220	 * Therefore we set the HiSup bit here.
10221	 *
10222	 * The reponse format is 2, per SPC-3.
10223	 */
10224	inq_ptr->response_format = SID_HiSup | 2;
10225
10226	inq_ptr->additional_length = data_len -
10227	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10228	CTL_DEBUG_PRINT(("additional_length = %d\n",
10229			 inq_ptr->additional_length));
10230
10231	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10232	/* 16 bit addressing */
10233	if (port_type == CTL_PORT_SCSI)
10234		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10235	/* XXX set the SID_MultiP bit here if we're actually going to
10236	   respond on multiple ports */
10237	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10238
10239	/* 16 bit data bus, synchronous transfers */
10240	if (port_type == CTL_PORT_SCSI)
10241		inq_ptr->flags = SID_WBus16 | SID_Sync;
10242	/*
10243	 * XXX KDM do we want to support tagged queueing on the control
10244	 * device at all?
10245	 */
10246	if ((lun == NULL)
10247	 || (lun->be_lun->lun_type != T_PROCESSOR))
10248		inq_ptr->flags |= SID_CmdQue;
10249	/*
10250	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10251	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10252	 * name and 4 bytes for the revision.
10253	 */
10254	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10255	    "vendor")) == NULL) {
10256		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10257	} else {
10258		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10259		strncpy(inq_ptr->vendor, val,
10260		    min(sizeof(inq_ptr->vendor), strlen(val)));
10261	}
10262	if (lun == NULL) {
10263		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10264		    sizeof(inq_ptr->product));
10265	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10266		switch (lun->be_lun->lun_type) {
10267		case T_DIRECT:
10268			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10269			    sizeof(inq_ptr->product));
10270			break;
10271		case T_PROCESSOR:
10272			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10273			    sizeof(inq_ptr->product));
10274			break;
10275		default:
10276			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10277			    sizeof(inq_ptr->product));
10278			break;
10279		}
10280	} else {
10281		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10282		strncpy(inq_ptr->product, val,
10283		    min(sizeof(inq_ptr->product), strlen(val)));
10284	}
10285
10286	/*
10287	 * XXX make this a macro somewhere so it automatically gets
10288	 * incremented when we make changes.
10289	 */
10290	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10291	    "revision")) == NULL) {
10292		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10293	} else {
10294		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10295		strncpy(inq_ptr->revision, val,
10296		    min(sizeof(inq_ptr->revision), strlen(val)));
10297	}
10298
10299	/*
10300	 * For parallel SCSI, we support double transition and single
10301	 * transition clocking.  We also support QAS (Quick Arbitration
10302	 * and Selection) and Information Unit transfers on both the
10303	 * control and array devices.
10304	 */
10305	if (port_type == CTL_PORT_SCSI)
10306		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10307				    SID_SPI_IUS;
10308
10309	/* SAM-5 (no version claimed) */
10310	scsi_ulto2b(0x00A0, inq_ptr->version1);
10311	/* SPC-4 (no version claimed) */
10312	scsi_ulto2b(0x0460, inq_ptr->version2);
10313	if (port_type == CTL_PORT_FC) {
10314		/* FCP-2 ANSI INCITS.350:2003 */
10315		scsi_ulto2b(0x0917, inq_ptr->version3);
10316	} else if (port_type == CTL_PORT_SCSI) {
10317		/* SPI-4 ANSI INCITS.362:200x */
10318		scsi_ulto2b(0x0B56, inq_ptr->version3);
10319	} else if (port_type == CTL_PORT_ISCSI) {
10320		/* iSCSI (no version claimed) */
10321		scsi_ulto2b(0x0960, inq_ptr->version3);
10322	} else if (port_type == CTL_PORT_SAS) {
10323		/* SAS (no version claimed) */
10324		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10325	}
10326
10327	if (lun == NULL) {
10328		/* SBC-4 (no version claimed) */
10329		scsi_ulto2b(0x0600, inq_ptr->version4);
10330	} else {
10331		switch (lun->be_lun->lun_type) {
10332		case T_DIRECT:
10333			/* SBC-4 (no version claimed) */
10334			scsi_ulto2b(0x0600, inq_ptr->version4);
10335			break;
10336		case T_PROCESSOR:
10337		default:
10338			break;
10339		}
10340	}
10341
10342	ctl_set_success(ctsio);
10343	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10344	ctsio->be_move_done = ctl_config_move_done;
10345	ctl_datamove((union ctl_io *)ctsio);
10346	return (CTL_RETVAL_COMPLETE);
10347}
10348
10349int
10350ctl_inquiry(struct ctl_scsiio *ctsio)
10351{
10352	struct scsi_inquiry *cdb;
10353	int retval;
10354
10355	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10356
10357	cdb = (struct scsi_inquiry *)ctsio->cdb;
10358	if (cdb->byte2 & SI_EVPD)
10359		retval = ctl_inquiry_evpd(ctsio);
10360	else if (cdb->page_code == 0)
10361		retval = ctl_inquiry_std(ctsio);
10362	else {
10363		ctl_set_invalid_field(ctsio,
10364				      /*sks_valid*/ 1,
10365				      /*command*/ 1,
10366				      /*field*/ 2,
10367				      /*bit_valid*/ 0,
10368				      /*bit*/ 0);
10369		ctl_done((union ctl_io *)ctsio);
10370		return (CTL_RETVAL_COMPLETE);
10371	}
10372
10373	return (retval);
10374}
10375
10376/*
10377 * For known CDB types, parse the LBA and length.
10378 */
10379static int
10380ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10381{
10382	if (io->io_hdr.io_type != CTL_IO_SCSI)
10383		return (1);
10384
10385	switch (io->scsiio.cdb[0]) {
10386	case COMPARE_AND_WRITE: {
10387		struct scsi_compare_and_write *cdb;
10388
10389		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10390
10391		*lba = scsi_8btou64(cdb->addr);
10392		*len = cdb->length;
10393		break;
10394	}
10395	case READ_6:
10396	case WRITE_6: {
10397		struct scsi_rw_6 *cdb;
10398
10399		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10400
10401		*lba = scsi_3btoul(cdb->addr);
10402		/* only 5 bits are valid in the most significant address byte */
10403		*lba &= 0x1fffff;
10404		*len = cdb->length;
10405		break;
10406	}
10407	case READ_10:
10408	case WRITE_10: {
10409		struct scsi_rw_10 *cdb;
10410
10411		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10412
10413		*lba = scsi_4btoul(cdb->addr);
10414		*len = scsi_2btoul(cdb->length);
10415		break;
10416	}
10417	case WRITE_VERIFY_10: {
10418		struct scsi_write_verify_10 *cdb;
10419
10420		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10421
10422		*lba = scsi_4btoul(cdb->addr);
10423		*len = scsi_2btoul(cdb->length);
10424		break;
10425	}
10426	case READ_12:
10427	case WRITE_12: {
10428		struct scsi_rw_12 *cdb;
10429
10430		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10431
10432		*lba = scsi_4btoul(cdb->addr);
10433		*len = scsi_4btoul(cdb->length);
10434		break;
10435	}
10436	case WRITE_VERIFY_12: {
10437		struct scsi_write_verify_12 *cdb;
10438
10439		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10440
10441		*lba = scsi_4btoul(cdb->addr);
10442		*len = scsi_4btoul(cdb->length);
10443		break;
10444	}
10445	case READ_16:
10446	case WRITE_16:
10447	case WRITE_ATOMIC_16: {
10448		struct scsi_rw_16 *cdb;
10449
10450		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10451
10452		*lba = scsi_8btou64(cdb->addr);
10453		*len = scsi_4btoul(cdb->length);
10454		break;
10455	}
10456	case WRITE_VERIFY_16: {
10457		struct scsi_write_verify_16 *cdb;
10458
10459		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10460
10461		*lba = scsi_8btou64(cdb->addr);
10462		*len = scsi_4btoul(cdb->length);
10463		break;
10464	}
10465	case WRITE_SAME_10: {
10466		struct scsi_write_same_10 *cdb;
10467
10468		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10469
10470		*lba = scsi_4btoul(cdb->addr);
10471		*len = scsi_2btoul(cdb->length);
10472		break;
10473	}
10474	case WRITE_SAME_16: {
10475		struct scsi_write_same_16 *cdb;
10476
10477		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10478
10479		*lba = scsi_8btou64(cdb->addr);
10480		*len = scsi_4btoul(cdb->length);
10481		break;
10482	}
10483	case VERIFY_10: {
10484		struct scsi_verify_10 *cdb;
10485
10486		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10487
10488		*lba = scsi_4btoul(cdb->addr);
10489		*len = scsi_2btoul(cdb->length);
10490		break;
10491	}
10492	case VERIFY_12: {
10493		struct scsi_verify_12 *cdb;
10494
10495		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10496
10497		*lba = scsi_4btoul(cdb->addr);
10498		*len = scsi_4btoul(cdb->length);
10499		break;
10500	}
10501	case VERIFY_16: {
10502		struct scsi_verify_16 *cdb;
10503
10504		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10505
10506		*lba = scsi_8btou64(cdb->addr);
10507		*len = scsi_4btoul(cdb->length);
10508		break;
10509	}
10510	case UNMAP: {
10511		*lba = 0;
10512		*len = UINT64_MAX;
10513		break;
10514	}
10515	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10516		struct scsi_get_lba_status *cdb;
10517
10518		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10519		*lba = scsi_8btou64(cdb->addr);
10520		*len = UINT32_MAX;
10521		break;
10522	}
10523	default:
10524		return (1);
10525		break; /* NOTREACHED */
10526	}
10527
10528	return (0);
10529}
10530
10531static ctl_action
10532ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10533    bool seq)
10534{
10535	uint64_t endlba1, endlba2;
10536
10537	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10538	endlba2 = lba2 + len2 - 1;
10539
10540	if ((endlba1 < lba2) || (endlba2 < lba1))
10541		return (CTL_ACTION_PASS);
10542	else
10543		return (CTL_ACTION_BLOCK);
10544}
10545
10546static int
10547ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10548{
10549	struct ctl_ptr_len_flags *ptrlen;
10550	struct scsi_unmap_desc *buf, *end, *range;
10551	uint64_t lba;
10552	uint32_t len;
10553
10554	/* If not UNMAP -- go other way. */
10555	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10556	    io->scsiio.cdb[0] != UNMAP)
10557		return (CTL_ACTION_ERROR);
10558
10559	/* If UNMAP without data -- block and wait for data. */
10560	ptrlen = (struct ctl_ptr_len_flags *)
10561	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10562	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10563	    ptrlen->ptr == NULL)
10564		return (CTL_ACTION_BLOCK);
10565
10566	/* UNMAP with data -- check for collision. */
10567	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10568	end = buf + ptrlen->len / sizeof(*buf);
10569	for (range = buf; range < end; range++) {
10570		lba = scsi_8btou64(range->lba);
10571		len = scsi_4btoul(range->length);
10572		if ((lba < lba2 + len2) && (lba + len > lba2))
10573			return (CTL_ACTION_BLOCK);
10574	}
10575	return (CTL_ACTION_PASS);
10576}
10577
10578static ctl_action
10579ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10580{
10581	uint64_t lba1, lba2;
10582	uint64_t len1, len2;
10583	int retval;
10584
10585	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10586		return (CTL_ACTION_ERROR);
10587
10588	retval = ctl_extent_check_unmap(io1, lba2, len2);
10589	if (retval != CTL_ACTION_ERROR)
10590		return (retval);
10591
10592	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10593		return (CTL_ACTION_ERROR);
10594
10595	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10596		seq = FALSE;
10597	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10598}
10599
10600static ctl_action
10601ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10602{
10603	uint64_t lba1, lba2;
10604	uint64_t len1, len2;
10605
10606	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10607		return (CTL_ACTION_PASS);
10608	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10609		return (CTL_ACTION_ERROR);
10610	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10611		return (CTL_ACTION_ERROR);
10612
10613	if (lba1 + len1 == lba2)
10614		return (CTL_ACTION_BLOCK);
10615	return (CTL_ACTION_PASS);
10616}
10617
10618static ctl_action
10619ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10620    union ctl_io *ooa_io)
10621{
10622	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10623	ctl_serialize_action *serialize_row;
10624
10625	/*
10626	 * The initiator attempted multiple untagged commands at the same
10627	 * time.  Can't do that.
10628	 */
10629	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10630	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10631	 && ((pending_io->io_hdr.nexus.targ_port ==
10632	      ooa_io->io_hdr.nexus.targ_port)
10633	  && (pending_io->io_hdr.nexus.initid ==
10634	      ooa_io->io_hdr.nexus.initid))
10635	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10636	      CTL_FLAG_STATUS_SENT)) == 0))
10637		return (CTL_ACTION_OVERLAP);
10638
10639	/*
10640	 * The initiator attempted to send multiple tagged commands with
10641	 * the same ID.  (It's fine if different initiators have the same
10642	 * tag ID.)
10643	 *
10644	 * Even if all of those conditions are true, we don't kill the I/O
10645	 * if the command ahead of us has been aborted.  We won't end up
10646	 * sending it to the FETD, and it's perfectly legal to resend a
10647	 * command with the same tag number as long as the previous
10648	 * instance of this tag number has been aborted somehow.
10649	 */
10650	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10651	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10652	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10653	 && ((pending_io->io_hdr.nexus.targ_port ==
10654	      ooa_io->io_hdr.nexus.targ_port)
10655	  && (pending_io->io_hdr.nexus.initid ==
10656	      ooa_io->io_hdr.nexus.initid))
10657	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10658	      CTL_FLAG_STATUS_SENT)) == 0))
10659		return (CTL_ACTION_OVERLAP_TAG);
10660
10661	/*
10662	 * If we get a head of queue tag, SAM-3 says that we should
10663	 * immediately execute it.
10664	 *
10665	 * What happens if this command would normally block for some other
10666	 * reason?  e.g. a request sense with a head of queue tag
10667	 * immediately after a write.  Normally that would block, but this
10668	 * will result in its getting executed immediately...
10669	 *
10670	 * We currently return "pass" instead of "skip", so we'll end up
10671	 * going through the rest of the queue to check for overlapped tags.
10672	 *
10673	 * XXX KDM check for other types of blockage first??
10674	 */
10675	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10676		return (CTL_ACTION_PASS);
10677
10678	/*
10679	 * Ordered tags have to block until all items ahead of them
10680	 * have completed.  If we get called with an ordered tag, we always
10681	 * block, if something else is ahead of us in the queue.
10682	 */
10683	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10684		return (CTL_ACTION_BLOCK);
10685
10686	/*
10687	 * Simple tags get blocked until all head of queue and ordered tags
10688	 * ahead of them have completed.  I'm lumping untagged commands in
10689	 * with simple tags here.  XXX KDM is that the right thing to do?
10690	 */
10691	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10692	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10693	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10694	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10695		return (CTL_ACTION_BLOCK);
10696
10697	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10698	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10699
10700	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10701
10702	switch (serialize_row[pending_entry->seridx]) {
10703	case CTL_SER_BLOCK:
10704		return (CTL_ACTION_BLOCK);
10705	case CTL_SER_EXTENT:
10706		return (ctl_extent_check(ooa_io, pending_io,
10707		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10708	case CTL_SER_EXTENTOPT:
10709		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10710		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10711			return (ctl_extent_check(ooa_io, pending_io,
10712			    (lun->be_lun &&
10713			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10714		return (CTL_ACTION_PASS);
10715	case CTL_SER_EXTENTSEQ:
10716		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10717			return (ctl_extent_check_seq(ooa_io, pending_io));
10718		return (CTL_ACTION_PASS);
10719	case CTL_SER_PASS:
10720		return (CTL_ACTION_PASS);
10721	case CTL_SER_BLOCKOPT:
10722		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10723		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10724			return (CTL_ACTION_BLOCK);
10725		return (CTL_ACTION_PASS);
10726	case CTL_SER_SKIP:
10727		return (CTL_ACTION_SKIP);
10728	default:
10729		panic("invalid serialization value %d",
10730		      serialize_row[pending_entry->seridx]);
10731	}
10732
10733	return (CTL_ACTION_ERROR);
10734}
10735
10736/*
10737 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10738 * Assumptions:
10739 * - pending_io is generally either incoming, or on the blocked queue
10740 * - starting I/O is the I/O we want to start the check with.
10741 */
10742static ctl_action
10743ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10744	      union ctl_io *starting_io)
10745{
10746	union ctl_io *ooa_io;
10747	ctl_action action;
10748
10749	mtx_assert(&lun->lun_lock, MA_OWNED);
10750
10751	/*
10752	 * Run back along the OOA queue, starting with the current
10753	 * blocked I/O and going through every I/O before it on the
10754	 * queue.  If starting_io is NULL, we'll just end up returning
10755	 * CTL_ACTION_PASS.
10756	 */
10757	for (ooa_io = starting_io; ooa_io != NULL;
10758	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10759	     ooa_links)){
10760
10761		/*
10762		 * This routine just checks to see whether
10763		 * cur_blocked is blocked by ooa_io, which is ahead
10764		 * of it in the queue.  It doesn't queue/dequeue
10765		 * cur_blocked.
10766		 */
10767		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10768		switch (action) {
10769		case CTL_ACTION_BLOCK:
10770		case CTL_ACTION_OVERLAP:
10771		case CTL_ACTION_OVERLAP_TAG:
10772		case CTL_ACTION_SKIP:
10773		case CTL_ACTION_ERROR:
10774			return (action);
10775			break; /* NOTREACHED */
10776		case CTL_ACTION_PASS:
10777			break;
10778		default:
10779			panic("invalid action %d", action);
10780			break;  /* NOTREACHED */
10781		}
10782	}
10783
10784	return (CTL_ACTION_PASS);
10785}
10786
10787/*
10788 * Assumptions:
10789 * - An I/O has just completed, and has been removed from the per-LUN OOA
10790 *   queue, so some items on the blocked queue may now be unblocked.
10791 */
10792static int
10793ctl_check_blocked(struct ctl_lun *lun)
10794{
10795	struct ctl_softc *softc = lun->ctl_softc;
10796	union ctl_io *cur_blocked, *next_blocked;
10797
10798	mtx_assert(&lun->lun_lock, MA_OWNED);
10799
10800	/*
10801	 * Run forward from the head of the blocked queue, checking each
10802	 * entry against the I/Os prior to it on the OOA queue to see if
10803	 * there is still any blockage.
10804	 *
10805	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10806	 * with our removing a variable on it while it is traversing the
10807	 * list.
10808	 */
10809	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10810	     cur_blocked != NULL; cur_blocked = next_blocked) {
10811		union ctl_io *prev_ooa;
10812		ctl_action action;
10813
10814		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10815							  blocked_links);
10816
10817		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10818						      ctl_ooaq, ooa_links);
10819
10820		/*
10821		 * If cur_blocked happens to be the first item in the OOA
10822		 * queue now, prev_ooa will be NULL, and the action
10823		 * returned will just be CTL_ACTION_PASS.
10824		 */
10825		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10826
10827		switch (action) {
10828		case CTL_ACTION_BLOCK:
10829			/* Nothing to do here, still blocked */
10830			break;
10831		case CTL_ACTION_OVERLAP:
10832		case CTL_ACTION_OVERLAP_TAG:
10833			/*
10834			 * This shouldn't happen!  In theory we've already
10835			 * checked this command for overlap...
10836			 */
10837			break;
10838		case CTL_ACTION_PASS:
10839		case CTL_ACTION_SKIP: {
10840			const struct ctl_cmd_entry *entry;
10841
10842			/*
10843			 * The skip case shouldn't happen, this transaction
10844			 * should have never made it onto the blocked queue.
10845			 */
10846			/*
10847			 * This I/O is no longer blocked, we can remove it
10848			 * from the blocked queue.  Since this is a TAILQ
10849			 * (doubly linked list), we can do O(1) removals
10850			 * from any place on the list.
10851			 */
10852			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10853				     blocked_links);
10854			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10855
10856			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10857			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10858				/*
10859				 * Need to send IO back to original side to
10860				 * run
10861				 */
10862				union ctl_ha_msg msg_info;
10863
10864				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10865				msg_info.hdr.original_sc =
10866					cur_blocked->io_hdr.original_sc;
10867				msg_info.hdr.serializing_sc = cur_blocked;
10868				msg_info.hdr.msg_type = CTL_MSG_R2R;
10869				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10870				    sizeof(msg_info.hdr), M_NOWAIT);
10871				break;
10872			}
10873			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10874
10875			/*
10876			 * Check this I/O for LUN state changes that may
10877			 * have happened while this command was blocked.
10878			 * The LUN state may have been changed by a command
10879			 * ahead of us in the queue, so we need to re-check
10880			 * for any states that can be caused by SCSI
10881			 * commands.
10882			 */
10883			if (ctl_scsiio_lun_check(lun, entry,
10884						 &cur_blocked->scsiio) == 0) {
10885				cur_blocked->io_hdr.flags |=
10886				                      CTL_FLAG_IS_WAS_ON_RTR;
10887				ctl_enqueue_rtr(cur_blocked);
10888			} else
10889				ctl_done(cur_blocked);
10890			break;
10891		}
10892		default:
10893			/*
10894			 * This probably shouldn't happen -- we shouldn't
10895			 * get CTL_ACTION_ERROR, or anything else.
10896			 */
10897			break;
10898		}
10899	}
10900
10901	return (CTL_RETVAL_COMPLETE);
10902}
10903
10904/*
10905 * This routine (with one exception) checks LUN flags that can be set by
10906 * commands ahead of us in the OOA queue.  These flags have to be checked
10907 * when a command initially comes in, and when we pull a command off the
10908 * blocked queue and are preparing to execute it.  The reason we have to
10909 * check these flags for commands on the blocked queue is that the LUN
10910 * state may have been changed by a command ahead of us while we're on the
10911 * blocked queue.
10912 *
10913 * Ordering is somewhat important with these checks, so please pay
10914 * careful attention to the placement of any new checks.
10915 */
10916static int
10917ctl_scsiio_lun_check(struct ctl_lun *lun,
10918    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10919{
10920	struct ctl_softc *softc = lun->ctl_softc;
10921	int retval;
10922	uint32_t residx;
10923
10924	retval = 0;
10925
10926	mtx_assert(&lun->lun_lock, MA_OWNED);
10927
10928	/*
10929	 * If this shelf is a secondary shelf controller, we may have to
10930	 * reject some commands disallowed by HA mode and link state.
10931	 */
10932	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10933		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10934		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10935			ctl_set_lun_unavail(ctsio);
10936			retval = 1;
10937			goto bailout;
10938		}
10939		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10940		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10941			ctl_set_lun_transit(ctsio);
10942			retval = 1;
10943			goto bailout;
10944		}
10945		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10946		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10947			ctl_set_lun_standby(ctsio);
10948			retval = 1;
10949			goto bailout;
10950		}
10951
10952		/* The rest of checks are only done on executing side */
10953		if (softc->ha_mode == CTL_HA_MODE_XFER)
10954			goto bailout;
10955	}
10956
10957	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10958		if (lun->be_lun &&
10959		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10960			ctl_set_hw_write_protected(ctsio);
10961			retval = 1;
10962			goto bailout;
10963		}
10964		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10965		    .eca_and_aen & SCP_SWP) != 0) {
10966			ctl_set_sense(ctsio, /*current_error*/ 1,
10967			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10968			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10969			retval = 1;
10970			goto bailout;
10971		}
10972	}
10973
10974	/*
10975	 * Check for a reservation conflict.  If this command isn't allowed
10976	 * even on reserved LUNs, and if this initiator isn't the one who
10977	 * reserved us, reject the command with a reservation conflict.
10978	 */
10979	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10980	if ((lun->flags & CTL_LUN_RESERVED)
10981	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10982		if (lun->res_idx != residx) {
10983			ctl_set_reservation_conflict(ctsio);
10984			retval = 1;
10985			goto bailout;
10986		}
10987	}
10988
10989	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10990	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10991		/* No reservation or command is allowed. */;
10992	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10993	    (lun->res_type == SPR_TYPE_WR_EX ||
10994	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10995	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10996		/* The command is allowed for Write Exclusive resv. */;
10997	} else {
10998		/*
10999		 * if we aren't registered or it's a res holder type
11000		 * reservation and this isn't the res holder then set a
11001		 * conflict.
11002		 */
11003		if (ctl_get_prkey(lun, residx) == 0
11004		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11005			ctl_set_reservation_conflict(ctsio);
11006			retval = 1;
11007			goto bailout;
11008		}
11009	}
11010
11011	if ((lun->flags & CTL_LUN_OFFLINE)
11012	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
11013		ctl_set_lun_not_ready(ctsio);
11014		retval = 1;
11015		goto bailout;
11016	}
11017
11018	if ((lun->flags & CTL_LUN_STOPPED)
11019	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11020		/* "Logical unit not ready, initializing cmd. required" */
11021		ctl_set_lun_stopped(ctsio);
11022		retval = 1;
11023		goto bailout;
11024	}
11025
11026	if ((lun->flags & CTL_LUN_INOPERABLE)
11027	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11028		/* "Medium format corrupted" */
11029		ctl_set_medium_format_corrupted(ctsio);
11030		retval = 1;
11031		goto bailout;
11032	}
11033
11034bailout:
11035	return (retval);
11036}
11037
11038static void
11039ctl_failover_io(union ctl_io *io, int have_lock)
11040{
11041	ctl_set_busy(&io->scsiio);
11042	ctl_done(io);
11043}
11044
11045static void
11046ctl_failover_lun(struct ctl_lun *lun)
11047{
11048	struct ctl_softc *softc = lun->ctl_softc;
11049	struct ctl_io_hdr *io, *next_io;
11050
11051	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
11052	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11053		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11054			/* We are master */
11055			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11056				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11057					io->flags |= CTL_FLAG_ABORT;
11058					io->flags |= CTL_FLAG_FAILOVER;
11059				} else { /* This can be only due to DATAMOVE */
11060					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11061					io->flags &= ~CTL_FLAG_DMA_INPROG;
11062					io->flags |= CTL_FLAG_IO_ACTIVE;
11063					io->port_status = 31340;
11064					ctl_enqueue_isc((union ctl_io *)io);
11065				}
11066			}
11067			/* We are slave */
11068			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11069				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11070				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11071					io->flags |= CTL_FLAG_FAILOVER;
11072				} else {
11073					ctl_set_busy(&((union ctl_io *)io)->
11074					    scsiio);
11075					ctl_done((union ctl_io *)io);
11076				}
11077			}
11078		}
11079	} else { /* SERIALIZE modes */
11080		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11081		    next_io) {
11082			/* We are master */
11083			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11084				TAILQ_REMOVE(&lun->blocked_queue, io,
11085				    blocked_links);
11086				io->flags &= ~CTL_FLAG_BLOCKED;
11087				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11088				ctl_free_io((union ctl_io *)io);
11089			}
11090		}
11091		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11092			/* We are master */
11093			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11094				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11095				ctl_free_io((union ctl_io *)io);
11096			}
11097			/* We are slave */
11098			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11099				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11100				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11101					ctl_set_busy(&((union ctl_io *)io)->
11102					    scsiio);
11103					ctl_done((union ctl_io *)io);
11104				}
11105			}
11106		}
11107		ctl_check_blocked(lun);
11108	}
11109}
11110
11111static int
11112ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11113{
11114	struct ctl_lun *lun;
11115	const struct ctl_cmd_entry *entry;
11116	uint32_t initidx, targ_lun;
11117	int retval;
11118
11119	retval = 0;
11120
11121	lun = NULL;
11122
11123	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11124	if ((targ_lun < CTL_MAX_LUNS)
11125	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11126		/*
11127		 * If the LUN is invalid, pretend that it doesn't exist.
11128		 * It will go away as soon as all pending I/O has been
11129		 * completed.
11130		 */
11131		mtx_lock(&lun->lun_lock);
11132		if (lun->flags & CTL_LUN_DISABLED) {
11133			mtx_unlock(&lun->lun_lock);
11134			lun = NULL;
11135			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11136			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11137		} else {
11138			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11139			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11140				lun->be_lun;
11141
11142			/*
11143			 * Every I/O goes into the OOA queue for a
11144			 * particular LUN, and stays there until completion.
11145			 */
11146#ifdef CTL_TIME_IO
11147			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11148				lun->idle_time += getsbinuptime() -
11149				    lun->last_busy;
11150			}
11151#endif
11152			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11153			    ooa_links);
11154		}
11155	} else {
11156		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11157		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11158	}
11159
11160	/* Get command entry and return error if it is unsuppotyed. */
11161	entry = ctl_validate_command(ctsio);
11162	if (entry == NULL) {
11163		if (lun)
11164			mtx_unlock(&lun->lun_lock);
11165		return (retval);
11166	}
11167
11168	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11169	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11170
11171	/*
11172	 * Check to see whether we can send this command to LUNs that don't
11173	 * exist.  This should pretty much only be the case for inquiry
11174	 * and request sense.  Further checks, below, really require having
11175	 * a LUN, so we can't really check the command anymore.  Just put
11176	 * it on the rtr queue.
11177	 */
11178	if (lun == NULL) {
11179		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11180			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11181			ctl_enqueue_rtr((union ctl_io *)ctsio);
11182			return (retval);
11183		}
11184
11185		ctl_set_unsupported_lun(ctsio);
11186		ctl_done((union ctl_io *)ctsio);
11187		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11188		return (retval);
11189	} else {
11190		/*
11191		 * Make sure we support this particular command on this LUN.
11192		 * e.g., we don't support writes to the control LUN.
11193		 */
11194		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11195			mtx_unlock(&lun->lun_lock);
11196			ctl_set_invalid_opcode(ctsio);
11197			ctl_done((union ctl_io *)ctsio);
11198			return (retval);
11199		}
11200	}
11201
11202	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11203
11204#ifdef CTL_WITH_CA
11205	/*
11206	 * If we've got a request sense, it'll clear the contingent
11207	 * allegiance condition.  Otherwise, if we have a CA condition for
11208	 * this initiator, clear it, because it sent down a command other
11209	 * than request sense.
11210	 */
11211	if ((ctsio->cdb[0] != REQUEST_SENSE)
11212	 && (ctl_is_set(lun->have_ca, initidx)))
11213		ctl_clear_mask(lun->have_ca, initidx);
11214#endif
11215
11216	/*
11217	 * If the command has this flag set, it handles its own unit
11218	 * attention reporting, we shouldn't do anything.  Otherwise we
11219	 * check for any pending unit attentions, and send them back to the
11220	 * initiator.  We only do this when a command initially comes in,
11221	 * not when we pull it off the blocked queue.
11222	 *
11223	 * According to SAM-3, section 5.3.2, the order that things get
11224	 * presented back to the host is basically unit attentions caused
11225	 * by some sort of reset event, busy status, reservation conflicts
11226	 * or task set full, and finally any other status.
11227	 *
11228	 * One issue here is that some of the unit attentions we report
11229	 * don't fall into the "reset" category (e.g. "reported luns data
11230	 * has changed").  So reporting it here, before the reservation
11231	 * check, may be technically wrong.  I guess the only thing to do
11232	 * would be to check for and report the reset events here, and then
11233	 * check for the other unit attention types after we check for a
11234	 * reservation conflict.
11235	 *
11236	 * XXX KDM need to fix this
11237	 */
11238	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11239		ctl_ua_type ua_type;
11240
11241		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11242		    SSD_TYPE_NONE);
11243		if (ua_type != CTL_UA_NONE) {
11244			mtx_unlock(&lun->lun_lock);
11245			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11246			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11247			ctsio->sense_len = SSD_FULL_SIZE;
11248			ctl_done((union ctl_io *)ctsio);
11249			return (retval);
11250		}
11251	}
11252
11253
11254	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11255		mtx_unlock(&lun->lun_lock);
11256		ctl_done((union ctl_io *)ctsio);
11257		return (retval);
11258	}
11259
11260	/*
11261	 * XXX CHD this is where we want to send IO to other side if
11262	 * this LUN is secondary on this SC. We will need to make a copy
11263	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11264	 * the copy we send as FROM_OTHER.
11265	 * We also need to stuff the address of the original IO so we can
11266	 * find it easily. Something similar will need be done on the other
11267	 * side so when we are done we can find the copy.
11268	 */
11269	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11270	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11271	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11272		union ctl_ha_msg msg_info;
11273		int isc_retval;
11274
11275		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11276		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11277		mtx_unlock(&lun->lun_lock);
11278
11279		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11280		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11281		msg_info.hdr.serializing_sc = NULL;
11282		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11283		msg_info.scsi.tag_num = ctsio->tag_num;
11284		msg_info.scsi.tag_type = ctsio->tag_type;
11285		msg_info.scsi.cdb_len = ctsio->cdb_len;
11286		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11287
11288		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11289		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11290		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11291			ctl_set_busy(ctsio);
11292			ctl_done((union ctl_io *)ctsio);
11293			return (retval);
11294		}
11295		return (retval);
11296	}
11297
11298	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11299			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11300			      ctl_ooaq, ooa_links))) {
11301	case CTL_ACTION_BLOCK:
11302		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11303		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11304				  blocked_links);
11305		mtx_unlock(&lun->lun_lock);
11306		return (retval);
11307	case CTL_ACTION_PASS:
11308	case CTL_ACTION_SKIP:
11309		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11310		mtx_unlock(&lun->lun_lock);
11311		ctl_enqueue_rtr((union ctl_io *)ctsio);
11312		break;
11313	case CTL_ACTION_OVERLAP:
11314		mtx_unlock(&lun->lun_lock);
11315		ctl_set_overlapped_cmd(ctsio);
11316		ctl_done((union ctl_io *)ctsio);
11317		break;
11318	case CTL_ACTION_OVERLAP_TAG:
11319		mtx_unlock(&lun->lun_lock);
11320		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11321		ctl_done((union ctl_io *)ctsio);
11322		break;
11323	case CTL_ACTION_ERROR:
11324	default:
11325		mtx_unlock(&lun->lun_lock);
11326		ctl_set_internal_failure(ctsio,
11327					 /*sks_valid*/ 0,
11328					 /*retry_count*/ 0);
11329		ctl_done((union ctl_io *)ctsio);
11330		break;
11331	}
11332	return (retval);
11333}
11334
11335const struct ctl_cmd_entry *
11336ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11337{
11338	const struct ctl_cmd_entry *entry;
11339	int service_action;
11340
11341	entry = &ctl_cmd_table[ctsio->cdb[0]];
11342	if (sa)
11343		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11344	if (entry->flags & CTL_CMD_FLAG_SA5) {
11345		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11346		entry = &((const struct ctl_cmd_entry *)
11347		    entry->execute)[service_action];
11348	}
11349	return (entry);
11350}
11351
11352const struct ctl_cmd_entry *
11353ctl_validate_command(struct ctl_scsiio *ctsio)
11354{
11355	const struct ctl_cmd_entry *entry;
11356	int i, sa;
11357	uint8_t diff;
11358
11359	entry = ctl_get_cmd_entry(ctsio, &sa);
11360	if (entry->execute == NULL) {
11361		if (sa)
11362			ctl_set_invalid_field(ctsio,
11363					      /*sks_valid*/ 1,
11364					      /*command*/ 1,
11365					      /*field*/ 1,
11366					      /*bit_valid*/ 1,
11367					      /*bit*/ 4);
11368		else
11369			ctl_set_invalid_opcode(ctsio);
11370		ctl_done((union ctl_io *)ctsio);
11371		return (NULL);
11372	}
11373	KASSERT(entry->length > 0,
11374	    ("Not defined length for command 0x%02x/0x%02x",
11375	     ctsio->cdb[0], ctsio->cdb[1]));
11376	for (i = 1; i < entry->length; i++) {
11377		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11378		if (diff == 0)
11379			continue;
11380		ctl_set_invalid_field(ctsio,
11381				      /*sks_valid*/ 1,
11382				      /*command*/ 1,
11383				      /*field*/ i,
11384				      /*bit_valid*/ 1,
11385				      /*bit*/ fls(diff) - 1);
11386		ctl_done((union ctl_io *)ctsio);
11387		return (NULL);
11388	}
11389	return (entry);
11390}
11391
11392static int
11393ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11394{
11395
11396	switch (lun_type) {
11397	case T_PROCESSOR:
11398		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11399			return (0);
11400		break;
11401	case T_DIRECT:
11402		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11403			return (0);
11404		break;
11405	default:
11406		return (0);
11407	}
11408	return (1);
11409}
11410
11411static int
11412ctl_scsiio(struct ctl_scsiio *ctsio)
11413{
11414	int retval;
11415	const struct ctl_cmd_entry *entry;
11416
11417	retval = CTL_RETVAL_COMPLETE;
11418
11419	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11420
11421	entry = ctl_get_cmd_entry(ctsio, NULL);
11422
11423	/*
11424	 * If this I/O has been aborted, just send it straight to
11425	 * ctl_done() without executing it.
11426	 */
11427	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11428		ctl_done((union ctl_io *)ctsio);
11429		goto bailout;
11430	}
11431
11432	/*
11433	 * All the checks should have been handled by ctl_scsiio_precheck().
11434	 * We should be clear now to just execute the I/O.
11435	 */
11436	retval = entry->execute(ctsio);
11437
11438bailout:
11439	return (retval);
11440}
11441
11442/*
11443 * Since we only implement one target right now, a bus reset simply resets
11444 * our single target.
11445 */
11446static int
11447ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11448{
11449	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11450}
11451
11452static int
11453ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11454		 ctl_ua_type ua_type)
11455{
11456	struct ctl_port *port;
11457	struct ctl_lun *lun;
11458	int retval;
11459
11460	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11461		union ctl_ha_msg msg_info;
11462
11463		msg_info.hdr.nexus = io->io_hdr.nexus;
11464		if (ua_type==CTL_UA_TARG_RESET)
11465			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11466		else
11467			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11468		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11469		msg_info.hdr.original_sc = NULL;
11470		msg_info.hdr.serializing_sc = NULL;
11471		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11472		    sizeof(msg_info.task), M_WAITOK);
11473	}
11474	retval = 0;
11475
11476	mtx_lock(&softc->ctl_lock);
11477	port = softc->ctl_ports[io->io_hdr.nexus.targ_port];
11478	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11479		if (port != NULL &&
11480		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11481			continue;
11482		retval += ctl_do_lun_reset(lun, io, ua_type);
11483	}
11484	mtx_unlock(&softc->ctl_lock);
11485	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11486	return (retval);
11487}
11488
11489/*
11490 * The LUN should always be set.  The I/O is optional, and is used to
11491 * distinguish between I/Os sent by this initiator, and by other
11492 * initiators.  We set unit attention for initiators other than this one.
11493 * SAM-3 is vague on this point.  It does say that a unit attention should
11494 * be established for other initiators when a LUN is reset (see section
11495 * 5.7.3), but it doesn't specifically say that the unit attention should
11496 * be established for this particular initiator when a LUN is reset.  Here
11497 * is the relevant text, from SAM-3 rev 8:
11498 *
11499 * 5.7.2 When a SCSI initiator port aborts its own tasks
11500 *
11501 * When a SCSI initiator port causes its own task(s) to be aborted, no
11502 * notification that the task(s) have been aborted shall be returned to
11503 * the SCSI initiator port other than the completion response for the
11504 * command or task management function action that caused the task(s) to
11505 * be aborted and notification(s) associated with related effects of the
11506 * action (e.g., a reset unit attention condition).
11507 *
11508 * XXX KDM for now, we're setting unit attention for all initiators.
11509 */
11510static int
11511ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11512{
11513	union ctl_io *xio;
11514#if 0
11515	uint32_t initidx;
11516#endif
11517#ifdef CTL_WITH_CA
11518	int i;
11519#endif
11520
11521	mtx_lock(&lun->lun_lock);
11522	/*
11523	 * Run through the OOA queue and abort each I/O.
11524	 */
11525	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11526	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11527		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11528	}
11529
11530	/*
11531	 * This version sets unit attention for every
11532	 */
11533#if 0
11534	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11535	ctl_est_ua_all(lun, initidx, ua_type);
11536#else
11537	ctl_est_ua_all(lun, -1, ua_type);
11538#endif
11539
11540	/*
11541	 * A reset (any kind, really) clears reservations established with
11542	 * RESERVE/RELEASE.  It does not clear reservations established
11543	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11544	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11545	 * reservations made with the RESERVE/RELEASE commands, because
11546	 * those commands are obsolete in SPC-3.
11547	 */
11548	lun->flags &= ~CTL_LUN_RESERVED;
11549
11550#ifdef CTL_WITH_CA
11551	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11552		ctl_clear_mask(lun->have_ca, i);
11553#endif
11554	mtx_unlock(&lun->lun_lock);
11555
11556	return (0);
11557}
11558
11559static int
11560ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11561{
11562	struct ctl_lun *lun;
11563	uint32_t targ_lun;
11564	int retval;
11565
11566	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11567	mtx_lock(&softc->ctl_lock);
11568	if ((targ_lun >= CTL_MAX_LUNS) ||
11569	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11570		mtx_unlock(&softc->ctl_lock);
11571		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11572		return (1);
11573	}
11574	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11575	mtx_unlock(&softc->ctl_lock);
11576	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11577
11578	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11579		union ctl_ha_msg msg_info;
11580
11581		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11582		msg_info.hdr.nexus = io->io_hdr.nexus;
11583		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11584		msg_info.hdr.original_sc = NULL;
11585		msg_info.hdr.serializing_sc = NULL;
11586		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11587		    sizeof(msg_info.task), M_WAITOK);
11588	}
11589	return (retval);
11590}
11591
11592static void
11593ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11594    int other_sc)
11595{
11596	union ctl_io *xio;
11597
11598	mtx_assert(&lun->lun_lock, MA_OWNED);
11599
11600	/*
11601	 * Run through the OOA queue and attempt to find the given I/O.
11602	 * The target port, initiator ID, tag type and tag number have to
11603	 * match the values that we got from the initiator.  If we have an
11604	 * untagged command to abort, simply abort the first untagged command
11605	 * we come to.  We only allow one untagged command at a time of course.
11606	 */
11607	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11608	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11609
11610		if ((targ_port == UINT32_MAX ||
11611		     targ_port == xio->io_hdr.nexus.targ_port) &&
11612		    (init_id == UINT32_MAX ||
11613		     init_id == xio->io_hdr.nexus.initid)) {
11614			if (targ_port != xio->io_hdr.nexus.targ_port ||
11615			    init_id != xio->io_hdr.nexus.initid)
11616				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11617			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11618			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11619				union ctl_ha_msg msg_info;
11620
11621				msg_info.hdr.nexus = xio->io_hdr.nexus;
11622				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11623				msg_info.task.tag_num = xio->scsiio.tag_num;
11624				msg_info.task.tag_type = xio->scsiio.tag_type;
11625				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11626				msg_info.hdr.original_sc = NULL;
11627				msg_info.hdr.serializing_sc = NULL;
11628				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11629				    sizeof(msg_info.task), M_NOWAIT);
11630			}
11631		}
11632	}
11633}
11634
11635static int
11636ctl_abort_task_set(union ctl_io *io)
11637{
11638	struct ctl_softc *softc = control_softc;
11639	struct ctl_lun *lun;
11640	uint32_t targ_lun;
11641
11642	/*
11643	 * Look up the LUN.
11644	 */
11645	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11646	mtx_lock(&softc->ctl_lock);
11647	if ((targ_lun >= CTL_MAX_LUNS) ||
11648	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11649		mtx_unlock(&softc->ctl_lock);
11650		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11651		return (1);
11652	}
11653
11654	mtx_lock(&lun->lun_lock);
11655	mtx_unlock(&softc->ctl_lock);
11656	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11657		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11658		    io->io_hdr.nexus.initid,
11659		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11660	} else { /* CTL_TASK_CLEAR_TASK_SET */
11661		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11662		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11663	}
11664	mtx_unlock(&lun->lun_lock);
11665	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11666	return (0);
11667}
11668
11669static int
11670ctl_i_t_nexus_reset(union ctl_io *io)
11671{
11672	struct ctl_softc *softc = control_softc;
11673	struct ctl_lun *lun;
11674	uint32_t initidx;
11675
11676	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11677		union ctl_ha_msg msg_info;
11678
11679		msg_info.hdr.nexus = io->io_hdr.nexus;
11680		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11681		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11682		msg_info.hdr.original_sc = NULL;
11683		msg_info.hdr.serializing_sc = NULL;
11684		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11685		    sizeof(msg_info.task), M_WAITOK);
11686	}
11687
11688	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11689	mtx_lock(&softc->ctl_lock);
11690	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11691		mtx_lock(&lun->lun_lock);
11692		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11693		    io->io_hdr.nexus.initid, 1);
11694#ifdef CTL_WITH_CA
11695		ctl_clear_mask(lun->have_ca, initidx);
11696#endif
11697		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11698			lun->flags &= ~CTL_LUN_RESERVED;
11699		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11700		mtx_unlock(&lun->lun_lock);
11701	}
11702	mtx_unlock(&softc->ctl_lock);
11703	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11704	return (0);
11705}
11706
11707static int
11708ctl_abort_task(union ctl_io *io)
11709{
11710	union ctl_io *xio;
11711	struct ctl_lun *lun;
11712	struct ctl_softc *softc;
11713#if 0
11714	struct sbuf sb;
11715	char printbuf[128];
11716#endif
11717	int found;
11718	uint32_t targ_lun;
11719
11720	softc = control_softc;
11721	found = 0;
11722
11723	/*
11724	 * Look up the LUN.
11725	 */
11726	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11727	mtx_lock(&softc->ctl_lock);
11728	if ((targ_lun >= CTL_MAX_LUNS) ||
11729	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11730		mtx_unlock(&softc->ctl_lock);
11731		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11732		return (1);
11733	}
11734
11735#if 0
11736	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11737	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11738#endif
11739
11740	mtx_lock(&lun->lun_lock);
11741	mtx_unlock(&softc->ctl_lock);
11742	/*
11743	 * Run through the OOA queue and attempt to find the given I/O.
11744	 * The target port, initiator ID, tag type and tag number have to
11745	 * match the values that we got from the initiator.  If we have an
11746	 * untagged command to abort, simply abort the first untagged command
11747	 * we come to.  We only allow one untagged command at a time of course.
11748	 */
11749	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11750	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11751#if 0
11752		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11753
11754		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11755			    lun->lun, xio->scsiio.tag_num,
11756			    xio->scsiio.tag_type,
11757			    (xio->io_hdr.blocked_links.tqe_prev
11758			    == NULL) ? "" : " BLOCKED",
11759			    (xio->io_hdr.flags &
11760			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11761			    (xio->io_hdr.flags &
11762			    CTL_FLAG_ABORT) ? " ABORT" : "",
11763			    (xio->io_hdr.flags &
11764			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11765		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11766		sbuf_finish(&sb);
11767		printf("%s\n", sbuf_data(&sb));
11768#endif
11769
11770		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11771		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11772		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11773			continue;
11774
11775		/*
11776		 * If the abort says that the task is untagged, the
11777		 * task in the queue must be untagged.  Otherwise,
11778		 * we just check to see whether the tag numbers
11779		 * match.  This is because the QLogic firmware
11780		 * doesn't pass back the tag type in an abort
11781		 * request.
11782		 */
11783#if 0
11784		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11785		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11786		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11787#endif
11788		/*
11789		 * XXX KDM we've got problems with FC, because it
11790		 * doesn't send down a tag type with aborts.  So we
11791		 * can only really go by the tag number...
11792		 * This may cause problems with parallel SCSI.
11793		 * Need to figure that out!!
11794		 */
11795		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11796			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11797			found = 1;
11798			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11799			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11800				union ctl_ha_msg msg_info;
11801
11802				msg_info.hdr.nexus = io->io_hdr.nexus;
11803				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11804				msg_info.task.tag_num = io->taskio.tag_num;
11805				msg_info.task.tag_type = io->taskio.tag_type;
11806				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11807				msg_info.hdr.original_sc = NULL;
11808				msg_info.hdr.serializing_sc = NULL;
11809#if 0
11810				printf("Sent Abort to other side\n");
11811#endif
11812				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11813				    sizeof(msg_info.task), M_NOWAIT);
11814			}
11815#if 0
11816			printf("ctl_abort_task: found I/O to abort\n");
11817#endif
11818		}
11819	}
11820	mtx_unlock(&lun->lun_lock);
11821
11822	if (found == 0) {
11823		/*
11824		 * This isn't really an error.  It's entirely possible for
11825		 * the abort and command completion to cross on the wire.
11826		 * This is more of an informative/diagnostic error.
11827		 */
11828#if 0
11829		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11830		       "%u:%u:%u tag %d type %d\n",
11831		       io->io_hdr.nexus.initid,
11832		       io->io_hdr.nexus.targ_port,
11833		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11834		       io->taskio.tag_type);
11835#endif
11836	}
11837	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11838	return (0);
11839}
11840
11841static int
11842ctl_query_task(union ctl_io *io, int task_set)
11843{
11844	union ctl_io *xio;
11845	struct ctl_lun *lun;
11846	struct ctl_softc *softc;
11847	int found = 0;
11848	uint32_t targ_lun;
11849
11850	softc = control_softc;
11851	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11852	mtx_lock(&softc->ctl_lock);
11853	if ((targ_lun >= CTL_MAX_LUNS) ||
11854	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11855		mtx_unlock(&softc->ctl_lock);
11856		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11857		return (1);
11858	}
11859	mtx_lock(&lun->lun_lock);
11860	mtx_unlock(&softc->ctl_lock);
11861	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11862	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11863
11864		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11865		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11866		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11867			continue;
11868
11869		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11870			found = 1;
11871			break;
11872		}
11873	}
11874	mtx_unlock(&lun->lun_lock);
11875	if (found)
11876		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11877	else
11878		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11879	return (0);
11880}
11881
11882static int
11883ctl_query_async_event(union ctl_io *io)
11884{
11885	struct ctl_lun *lun;
11886	struct ctl_softc *softc;
11887	ctl_ua_type ua;
11888	uint32_t targ_lun, initidx;
11889
11890	softc = control_softc;
11891	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11892	mtx_lock(&softc->ctl_lock);
11893	if ((targ_lun >= CTL_MAX_LUNS) ||
11894	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11895		mtx_unlock(&softc->ctl_lock);
11896		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11897		return (1);
11898	}
11899	mtx_lock(&lun->lun_lock);
11900	mtx_unlock(&softc->ctl_lock);
11901	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11902	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11903	mtx_unlock(&lun->lun_lock);
11904	if (ua != CTL_UA_NONE)
11905		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11906	else
11907		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11908	return (0);
11909}
11910
11911static void
11912ctl_run_task(union ctl_io *io)
11913{
11914	struct ctl_softc *softc = control_softc;
11915	int retval = 1;
11916
11917	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11918	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11919	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11920	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11921	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11922	switch (io->taskio.task_action) {
11923	case CTL_TASK_ABORT_TASK:
11924		retval = ctl_abort_task(io);
11925		break;
11926	case CTL_TASK_ABORT_TASK_SET:
11927	case CTL_TASK_CLEAR_TASK_SET:
11928		retval = ctl_abort_task_set(io);
11929		break;
11930	case CTL_TASK_CLEAR_ACA:
11931		break;
11932	case CTL_TASK_I_T_NEXUS_RESET:
11933		retval = ctl_i_t_nexus_reset(io);
11934		break;
11935	case CTL_TASK_LUN_RESET:
11936		retval = ctl_lun_reset(softc, io);
11937		break;
11938	case CTL_TASK_TARGET_RESET:
11939		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11940		break;
11941	case CTL_TASK_BUS_RESET:
11942		retval = ctl_bus_reset(softc, io);
11943		break;
11944	case CTL_TASK_PORT_LOGIN:
11945		break;
11946	case CTL_TASK_PORT_LOGOUT:
11947		break;
11948	case CTL_TASK_QUERY_TASK:
11949		retval = ctl_query_task(io, 0);
11950		break;
11951	case CTL_TASK_QUERY_TASK_SET:
11952		retval = ctl_query_task(io, 1);
11953		break;
11954	case CTL_TASK_QUERY_ASYNC_EVENT:
11955		retval = ctl_query_async_event(io);
11956		break;
11957	default:
11958		printf("%s: got unknown task management event %d\n",
11959		       __func__, io->taskio.task_action);
11960		break;
11961	}
11962	if (retval == 0)
11963		io->io_hdr.status = CTL_SUCCESS;
11964	else
11965		io->io_hdr.status = CTL_ERROR;
11966	ctl_done(io);
11967}
11968
11969/*
11970 * For HA operation.  Handle commands that come in from the other
11971 * controller.
11972 */
11973static void
11974ctl_handle_isc(union ctl_io *io)
11975{
11976	int free_io;
11977	struct ctl_lun *lun;
11978	struct ctl_softc *softc;
11979	uint32_t targ_lun;
11980
11981	softc = control_softc;
11982
11983	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11984	lun = softc->ctl_luns[targ_lun];
11985
11986	switch (io->io_hdr.msg_type) {
11987	case CTL_MSG_SERIALIZE:
11988		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11989		break;
11990	case CTL_MSG_R2R: {
11991		const struct ctl_cmd_entry *entry;
11992
11993		/*
11994		 * This is only used in SER_ONLY mode.
11995		 */
11996		free_io = 0;
11997		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11998		mtx_lock(&lun->lun_lock);
11999		if (ctl_scsiio_lun_check(lun,
12000		    entry, (struct ctl_scsiio *)io) != 0) {
12001			mtx_unlock(&lun->lun_lock);
12002			ctl_done(io);
12003			break;
12004		}
12005		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12006		mtx_unlock(&lun->lun_lock);
12007		ctl_enqueue_rtr(io);
12008		break;
12009	}
12010	case CTL_MSG_FINISH_IO:
12011		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12012			free_io = 0;
12013			ctl_done(io);
12014		} else {
12015			free_io = 1;
12016			mtx_lock(&lun->lun_lock);
12017			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12018				     ooa_links);
12019			ctl_check_blocked(lun);
12020			mtx_unlock(&lun->lun_lock);
12021		}
12022		break;
12023	case CTL_MSG_PERS_ACTION:
12024		ctl_hndl_per_res_out_on_other_sc(
12025			(union ctl_ha_msg *)&io->presio.pr_msg);
12026		free_io = 1;
12027		break;
12028	case CTL_MSG_BAD_JUJU:
12029		free_io = 0;
12030		ctl_done(io);
12031		break;
12032	case CTL_MSG_DATAMOVE:
12033		/* Only used in XFER mode */
12034		free_io = 0;
12035		ctl_datamove_remote(io);
12036		break;
12037	case CTL_MSG_DATAMOVE_DONE:
12038		/* Only used in XFER mode */
12039		free_io = 0;
12040		io->scsiio.be_move_done(io);
12041		break;
12042	case CTL_MSG_FAILOVER:
12043		mtx_lock(&lun->lun_lock);
12044		ctl_failover_lun(lun);
12045		mtx_unlock(&lun->lun_lock);
12046		free_io = 1;
12047		break;
12048	default:
12049		free_io = 1;
12050		printf("%s: Invalid message type %d\n",
12051		       __func__, io->io_hdr.msg_type);
12052		break;
12053	}
12054	if (free_io)
12055		ctl_free_io(io);
12056
12057}
12058
12059
12060/*
12061 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12062 * there is no match.
12063 */
12064static ctl_lun_error_pattern
12065ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12066{
12067	const struct ctl_cmd_entry *entry;
12068	ctl_lun_error_pattern filtered_pattern, pattern;
12069
12070	pattern = desc->error_pattern;
12071
12072	/*
12073	 * XXX KDM we need more data passed into this function to match a
12074	 * custom pattern, and we actually need to implement custom pattern
12075	 * matching.
12076	 */
12077	if (pattern & CTL_LUN_PAT_CMD)
12078		return (CTL_LUN_PAT_CMD);
12079
12080	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12081		return (CTL_LUN_PAT_ANY);
12082
12083	entry = ctl_get_cmd_entry(ctsio, NULL);
12084
12085	filtered_pattern = entry->pattern & pattern;
12086
12087	/*
12088	 * If the user requested specific flags in the pattern (e.g.
12089	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12090	 * flags.
12091	 *
12092	 * If the user did not specify any flags, it doesn't matter whether
12093	 * or not the command supports the flags.
12094	 */
12095	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12096	     (pattern & ~CTL_LUN_PAT_MASK))
12097		return (CTL_LUN_PAT_NONE);
12098
12099	/*
12100	 * If the user asked for a range check, see if the requested LBA
12101	 * range overlaps with this command's LBA range.
12102	 */
12103	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12104		uint64_t lba1;
12105		uint64_t len1;
12106		ctl_action action;
12107		int retval;
12108
12109		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12110		if (retval != 0)
12111			return (CTL_LUN_PAT_NONE);
12112
12113		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12114					      desc->lba_range.len, FALSE);
12115		/*
12116		 * A "pass" means that the LBA ranges don't overlap, so
12117		 * this doesn't match the user's range criteria.
12118		 */
12119		if (action == CTL_ACTION_PASS)
12120			return (CTL_LUN_PAT_NONE);
12121	}
12122
12123	return (filtered_pattern);
12124}
12125
12126static void
12127ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12128{
12129	struct ctl_error_desc *desc, *desc2;
12130
12131	mtx_assert(&lun->lun_lock, MA_OWNED);
12132
12133	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12134		ctl_lun_error_pattern pattern;
12135		/*
12136		 * Check to see whether this particular command matches
12137		 * the pattern in the descriptor.
12138		 */
12139		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12140		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12141			continue;
12142
12143		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12144		case CTL_LUN_INJ_ABORTED:
12145			ctl_set_aborted(&io->scsiio);
12146			break;
12147		case CTL_LUN_INJ_MEDIUM_ERR:
12148			ctl_set_medium_error(&io->scsiio,
12149			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12150			     CTL_FLAG_DATA_OUT);
12151			break;
12152		case CTL_LUN_INJ_UA:
12153			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12154			 * OCCURRED */
12155			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12156			break;
12157		case CTL_LUN_INJ_CUSTOM:
12158			/*
12159			 * We're assuming the user knows what he is doing.
12160			 * Just copy the sense information without doing
12161			 * checks.
12162			 */
12163			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12164			      MIN(sizeof(desc->custom_sense),
12165				  sizeof(io->scsiio.sense_data)));
12166			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12167			io->scsiio.sense_len = SSD_FULL_SIZE;
12168			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12169			break;
12170		case CTL_LUN_INJ_NONE:
12171		default:
12172			/*
12173			 * If this is an error injection type we don't know
12174			 * about, clear the continuous flag (if it is set)
12175			 * so it will get deleted below.
12176			 */
12177			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12178			break;
12179		}
12180		/*
12181		 * By default, each error injection action is a one-shot
12182		 */
12183		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12184			continue;
12185
12186		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12187
12188		free(desc, M_CTL);
12189	}
12190}
12191
12192#ifdef CTL_IO_DELAY
12193static void
12194ctl_datamove_timer_wakeup(void *arg)
12195{
12196	union ctl_io *io;
12197
12198	io = (union ctl_io *)arg;
12199
12200	ctl_datamove(io);
12201}
12202#endif /* CTL_IO_DELAY */
12203
12204void
12205ctl_datamove(union ctl_io *io)
12206{
12207	struct ctl_lun *lun;
12208	void (*fe_datamove)(union ctl_io *io);
12209
12210	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12211
12212	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12213
12214	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12215#ifdef CTL_TIME_IO
12216	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12217		char str[256];
12218		char path_str[64];
12219		struct sbuf sb;
12220
12221		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12222		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12223
12224		sbuf_cat(&sb, path_str);
12225		switch (io->io_hdr.io_type) {
12226		case CTL_IO_SCSI:
12227			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12228			sbuf_printf(&sb, "\n");
12229			sbuf_cat(&sb, path_str);
12230			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12231				    io->scsiio.tag_num, io->scsiio.tag_type);
12232			break;
12233		case CTL_IO_TASK:
12234			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12235				    "Tag Type: %d\n", io->taskio.task_action,
12236				    io->taskio.tag_num, io->taskio.tag_type);
12237			break;
12238		default:
12239			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12240			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12241			break;
12242		}
12243		sbuf_cat(&sb, path_str);
12244		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12245			    (intmax_t)time_uptime - io->io_hdr.start_time);
12246		sbuf_finish(&sb);
12247		printf("%s", sbuf_data(&sb));
12248	}
12249#endif /* CTL_TIME_IO */
12250
12251#ifdef CTL_IO_DELAY
12252	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12253		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12254	} else {
12255		if ((lun != NULL)
12256		 && (lun->delay_info.datamove_delay > 0)) {
12257
12258			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12259			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12260			callout_reset(&io->io_hdr.delay_callout,
12261				      lun->delay_info.datamove_delay * hz,
12262				      ctl_datamove_timer_wakeup, io);
12263			if (lun->delay_info.datamove_type ==
12264			    CTL_DELAY_TYPE_ONESHOT)
12265				lun->delay_info.datamove_delay = 0;
12266			return;
12267		}
12268	}
12269#endif
12270
12271	/*
12272	 * This command has been aborted.  Set the port status, so we fail
12273	 * the data move.
12274	 */
12275	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12276		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12277		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12278		       io->io_hdr.nexus.targ_port,
12279		       io->io_hdr.nexus.targ_lun);
12280		io->io_hdr.port_status = 31337;
12281		/*
12282		 * Note that the backend, in this case, will get the
12283		 * callback in its context.  In other cases it may get
12284		 * called in the frontend's interrupt thread context.
12285		 */
12286		io->scsiio.be_move_done(io);
12287		return;
12288	}
12289
12290	/* Don't confuse frontend with zero length data move. */
12291	if (io->scsiio.kern_data_len == 0) {
12292		io->scsiio.be_move_done(io);
12293		return;
12294	}
12295
12296	/*
12297	 * If we're in XFER mode and this I/O is from the other shelf
12298	 * controller, we need to send the DMA to the other side to
12299	 * actually transfer the data to/from the host.  In serialize only
12300	 * mode the transfer happens below CTL and ctl_datamove() is only
12301	 * called on the machine that originally received the I/O.
12302	 */
12303	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12304	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12305		union ctl_ha_msg msg;
12306		uint32_t sg_entries_sent;
12307		int do_sg_copy;
12308		int i;
12309
12310		memset(&msg, 0, sizeof(msg));
12311		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12312		msg.hdr.original_sc = io->io_hdr.original_sc;
12313		msg.hdr.serializing_sc = io;
12314		msg.hdr.nexus = io->io_hdr.nexus;
12315		msg.hdr.status = io->io_hdr.status;
12316		msg.dt.flags = io->io_hdr.flags;
12317		/*
12318		 * We convert everything into a S/G list here.  We can't
12319		 * pass by reference, only by value between controllers.
12320		 * So we can't pass a pointer to the S/G list, only as many
12321		 * S/G entries as we can fit in here.  If it's possible for
12322		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12323		 * then we need to break this up into multiple transfers.
12324		 */
12325		if (io->scsiio.kern_sg_entries == 0) {
12326			msg.dt.kern_sg_entries = 1;
12327#if 0
12328			/*
12329			 * Convert to a physical address if this is a
12330			 * virtual address.
12331			 */
12332			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12333				msg.dt.sg_list[0].addr =
12334					io->scsiio.kern_data_ptr;
12335			} else {
12336				/*
12337				 * XXX KDM use busdma here!
12338				 */
12339				msg.dt.sg_list[0].addr = (void *)
12340					vtophys(io->scsiio.kern_data_ptr);
12341			}
12342#else
12343			KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12344			    ("HA does not support BUS_ADDR"));
12345			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
12346#endif
12347
12348			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12349			do_sg_copy = 0;
12350		} else {
12351			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12352			do_sg_copy = 1;
12353		}
12354
12355		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12356		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12357		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12358		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12359		msg.dt.sg_sequence = 0;
12360
12361		/*
12362		 * Loop until we've sent all of the S/G entries.  On the
12363		 * other end, we'll recompose these S/G entries into one
12364		 * contiguous list before passing it to the
12365		 */
12366		for (sg_entries_sent = 0; sg_entries_sent <
12367		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12368			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12369				sizeof(msg.dt.sg_list[0])),
12370				msg.dt.kern_sg_entries - sg_entries_sent);
12371
12372			if (do_sg_copy != 0) {
12373				struct ctl_sg_entry *sgl;
12374				int j;
12375
12376				sgl = (struct ctl_sg_entry *)
12377					io->scsiio.kern_data_ptr;
12378				/*
12379				 * If this is in cached memory, flush the cache
12380				 * before we send the DMA request to the other
12381				 * controller.  We want to do this in either
12382				 * the * read or the write case.  The read
12383				 * case is straightforward.  In the write
12384				 * case, we want to make sure nothing is
12385				 * in the local cache that could overwrite
12386				 * the DMAed data.
12387				 */
12388
12389				for (i = sg_entries_sent, j = 0;
12390				     i < msg.dt.cur_sg_entries; i++, j++) {
12391#if 0
12392					if ((io->io_hdr.flags &
12393					     CTL_FLAG_BUS_ADDR) == 0) {
12394						/*
12395						 * XXX KDM use busdma.
12396						 */
12397						msg.dt.sg_list[j].addr =(void *)
12398						       vtophys(sgl[i].addr);
12399					} else {
12400						msg.dt.sg_list[j].addr =
12401							sgl[i].addr;
12402					}
12403#else
12404					KASSERT((io->io_hdr.flags &
12405					    CTL_FLAG_BUS_ADDR) == 0,
12406					    ("HA does not support BUS_ADDR"));
12407					msg.dt.sg_list[j].addr = sgl[i].addr;
12408#endif
12409					msg.dt.sg_list[j].len = sgl[i].len;
12410				}
12411			}
12412
12413			sg_entries_sent += msg.dt.cur_sg_entries;
12414			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12415				msg.dt.sg_last = 1;
12416			else
12417				msg.dt.sg_last = 0;
12418
12419			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12420			    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
12421			    sizeof(struct ctl_sg_entry)*msg.dt.cur_sg_entries,
12422			    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
12423				io->io_hdr.port_status = 31341;
12424				io->scsiio.be_move_done(io);
12425				return;
12426			}
12427
12428			msg.dt.sent_sg_entries = sg_entries_sent;
12429		}
12430
12431		/*
12432		 * Officially handover the request from us to peer.
12433		 * If failover has just happened, then we must return error.
12434		 * If failover happen just after, then it is not our problem.
12435		 */
12436		if (lun)
12437			mtx_lock(&lun->lun_lock);
12438		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12439			if (lun)
12440				mtx_unlock(&lun->lun_lock);
12441			io->io_hdr.port_status = 31342;
12442			io->scsiio.be_move_done(io);
12443			return;
12444		}
12445		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12446		io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
12447		if (lun)
12448			mtx_unlock(&lun->lun_lock);
12449	} else {
12450
12451		/*
12452		 * Lookup the fe_datamove() function for this particular
12453		 * front end.
12454		 */
12455		fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12456
12457		fe_datamove(io);
12458	}
12459}
12460
12461static void
12462ctl_send_datamove_done(union ctl_io *io, int have_lock)
12463{
12464	union ctl_ha_msg msg;
12465
12466	memset(&msg, 0, sizeof(msg));
12467
12468	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12469	msg.hdr.original_sc = io;
12470	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12471	msg.hdr.nexus = io->io_hdr.nexus;
12472	msg.hdr.status = io->io_hdr.status;
12473	msg.scsi.tag_num = io->scsiio.tag_num;
12474	msg.scsi.tag_type = io->scsiio.tag_type;
12475	msg.scsi.scsi_status = io->scsiio.scsi_status;
12476	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12477	       io->scsiio.sense_len);
12478	msg.scsi.sense_len = io->scsiio.sense_len;
12479	msg.scsi.sense_residual = io->scsiio.sense_residual;
12480	msg.scsi.fetd_status = io->io_hdr.port_status;
12481	msg.scsi.residual = io->scsiio.residual;
12482	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12483
12484	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12485		ctl_failover_io(io, /*have_lock*/ have_lock);
12486		return;
12487	}
12488
12489	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12490	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12491	    msg.scsi.sense_len, M_WAITOK);
12492}
12493
12494/*
12495 * The DMA to the remote side is done, now we need to tell the other side
12496 * we're done so it can continue with its data movement.
12497 */
12498static void
12499ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12500{
12501	union ctl_io *io;
12502	int i;
12503
12504	io = rq->context;
12505
12506	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12507		printf("%s: ISC DMA write failed with error %d", __func__,
12508		       rq->ret);
12509		ctl_set_internal_failure(&io->scsiio,
12510					 /*sks_valid*/ 1,
12511					 /*retry_count*/ rq->ret);
12512	}
12513
12514	ctl_dt_req_free(rq);
12515
12516	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12517		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12518	free(io->io_hdr.remote_sglist, M_CTL);
12519	io->io_hdr.remote_sglist = NULL;
12520	io->io_hdr.local_sglist = NULL;
12521
12522	/*
12523	 * The data is in local and remote memory, so now we need to send
12524	 * status (good or back) back to the other side.
12525	 */
12526	ctl_send_datamove_done(io, /*have_lock*/ 0);
12527}
12528
12529/*
12530 * We've moved the data from the host/controller into local memory.  Now we
12531 * need to push it over to the remote controller's memory.
12532 */
12533static int
12534ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12535{
12536	int retval;
12537
12538	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12539					  ctl_datamove_remote_write_cb);
12540	return (retval);
12541}
12542
12543static void
12544ctl_datamove_remote_write(union ctl_io *io)
12545{
12546	int retval;
12547	void (*fe_datamove)(union ctl_io *io);
12548
12549	/*
12550	 * - Get the data from the host/HBA into local memory.
12551	 * - DMA memory from the local controller to the remote controller.
12552	 * - Send status back to the remote controller.
12553	 */
12554
12555	retval = ctl_datamove_remote_sgl_setup(io);
12556	if (retval != 0)
12557		return;
12558
12559	/* Switch the pointer over so the FETD knows what to do */
12560	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12561
12562	/*
12563	 * Use a custom move done callback, since we need to send completion
12564	 * back to the other controller, not to the backend on this side.
12565	 */
12566	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12567
12568	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12569	fe_datamove(io);
12570}
12571
12572static int
12573ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12574{
12575#if 0
12576	char str[256];
12577	char path_str[64];
12578	struct sbuf sb;
12579#endif
12580	int i;
12581
12582	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12583		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12584	free(io->io_hdr.remote_sglist, M_CTL);
12585	io->io_hdr.remote_sglist = NULL;
12586	io->io_hdr.local_sglist = NULL;
12587
12588#if 0
12589	scsi_path_string(io, path_str, sizeof(path_str));
12590	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12591	sbuf_cat(&sb, path_str);
12592	scsi_command_string(&io->scsiio, NULL, &sb);
12593	sbuf_printf(&sb, "\n");
12594	sbuf_cat(&sb, path_str);
12595	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12596		    io->scsiio.tag_num, io->scsiio.tag_type);
12597	sbuf_cat(&sb, path_str);
12598	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12599		    io->io_hdr.flags, io->io_hdr.status);
12600	sbuf_finish(&sb);
12601	printk("%s", sbuf_data(&sb));
12602#endif
12603
12604
12605	/*
12606	 * The read is done, now we need to send status (good or bad) back
12607	 * to the other side.
12608	 */
12609	ctl_send_datamove_done(io, /*have_lock*/ 0);
12610
12611	return (0);
12612}
12613
12614static void
12615ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12616{
12617	union ctl_io *io;
12618	void (*fe_datamove)(union ctl_io *io);
12619
12620	io = rq->context;
12621
12622	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12623		printf("%s: ISC DMA read failed with error %d\n", __func__,
12624		       rq->ret);
12625		ctl_set_internal_failure(&io->scsiio,
12626					 /*sks_valid*/ 1,
12627					 /*retry_count*/ rq->ret);
12628	}
12629
12630	ctl_dt_req_free(rq);
12631
12632	/* Switch the pointer over so the FETD knows what to do */
12633	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12634
12635	/*
12636	 * Use a custom move done callback, since we need to send completion
12637	 * back to the other controller, not to the backend on this side.
12638	 */
12639	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12640
12641	/* XXX KDM add checks like the ones in ctl_datamove? */
12642
12643	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12644	fe_datamove(io);
12645}
12646
12647static int
12648ctl_datamove_remote_sgl_setup(union ctl_io *io)
12649{
12650	struct ctl_sg_entry *local_sglist;
12651	struct ctl_softc *softc;
12652	uint32_t len_to_go;
12653	int retval;
12654	int i;
12655
12656	retval = 0;
12657	softc = control_softc;
12658	local_sglist = io->io_hdr.local_sglist;
12659	len_to_go = io->scsiio.kern_data_len;
12660
12661	/*
12662	 * The difficult thing here is that the size of the various
12663	 * S/G segments may be different than the size from the
12664	 * remote controller.  That'll make it harder when DMAing
12665	 * the data back to the other side.
12666	 */
12667	for (i = 0; len_to_go > 0; i++) {
12668		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12669		local_sglist[i].addr =
12670		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12671
12672		len_to_go -= local_sglist[i].len;
12673	}
12674	/*
12675	 * Reset the number of S/G entries accordingly.  The original
12676	 * number of S/G entries is available in rem_sg_entries.
12677	 */
12678	io->scsiio.kern_sg_entries = i;
12679
12680#if 0
12681	printf("%s: kern_sg_entries = %d\n", __func__,
12682	       io->scsiio.kern_sg_entries);
12683	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12684		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12685		       local_sglist[i].addr, local_sglist[i].len);
12686#endif
12687
12688	return (retval);
12689}
12690
12691static int
12692ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12693			 ctl_ha_dt_cb callback)
12694{
12695	struct ctl_ha_dt_req *rq;
12696	struct ctl_sg_entry *remote_sglist, *local_sglist;
12697	uint32_t local_used, remote_used, total_used;
12698	int i, j, isc_ret;
12699
12700	rq = ctl_dt_req_alloc();
12701
12702	/*
12703	 * If we failed to allocate the request, and if the DMA didn't fail
12704	 * anyway, set busy status.  This is just a resource allocation
12705	 * failure.
12706	 */
12707	if ((rq == NULL)
12708	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12709	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12710		ctl_set_busy(&io->scsiio);
12711
12712	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12713	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12714
12715		if (rq != NULL)
12716			ctl_dt_req_free(rq);
12717
12718		/*
12719		 * The data move failed.  We need to return status back
12720		 * to the other controller.  No point in trying to DMA
12721		 * data to the remote controller.
12722		 */
12723
12724		ctl_send_datamove_done(io, /*have_lock*/ 0);
12725
12726		return (1);
12727	}
12728
12729	local_sglist = io->io_hdr.local_sglist;
12730	remote_sglist = io->io_hdr.remote_sglist;
12731	local_used = 0;
12732	remote_used = 0;
12733	total_used = 0;
12734
12735	/*
12736	 * Pull/push the data over the wire from/to the other controller.
12737	 * This takes into account the possibility that the local and
12738	 * remote sglists may not be identical in terms of the size of
12739	 * the elements and the number of elements.
12740	 *
12741	 * One fundamental assumption here is that the length allocated for
12742	 * both the local and remote sglists is identical.  Otherwise, we've
12743	 * essentially got a coding error of some sort.
12744	 */
12745	isc_ret = CTL_HA_STATUS_SUCCESS;
12746	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12747		uint32_t cur_len;
12748		uint8_t *tmp_ptr;
12749
12750		rq->command = command;
12751		rq->context = io;
12752
12753		/*
12754		 * Both pointers should be aligned.  But it is possible
12755		 * that the allocation length is not.  They should both
12756		 * also have enough slack left over at the end, though,
12757		 * to round up to the next 8 byte boundary.
12758		 */
12759		cur_len = MIN(local_sglist[i].len - local_used,
12760			      remote_sglist[j].len - remote_used);
12761		rq->size = cur_len;
12762
12763		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12764		tmp_ptr += local_used;
12765
12766#if 0
12767		/* Use physical addresses when talking to ISC hardware */
12768		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12769			/* XXX KDM use busdma */
12770			rq->local = vtophys(tmp_ptr);
12771		} else
12772			rq->local = tmp_ptr;
12773#else
12774		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12775		    ("HA does not support BUS_ADDR"));
12776		rq->local = tmp_ptr;
12777#endif
12778
12779		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12780		tmp_ptr += remote_used;
12781		rq->remote = tmp_ptr;
12782
12783		rq->callback = NULL;
12784
12785		local_used += cur_len;
12786		if (local_used >= local_sglist[i].len) {
12787			i++;
12788			local_used = 0;
12789		}
12790
12791		remote_used += cur_len;
12792		if (remote_used >= remote_sglist[j].len) {
12793			j++;
12794			remote_used = 0;
12795		}
12796		total_used += cur_len;
12797
12798		if (total_used >= io->scsiio.kern_data_len)
12799			rq->callback = callback;
12800
12801#if 0
12802		printf("%s: %s: local %p remote %p size %d\n", __func__,
12803		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12804		       rq->local, rq->remote, rq->size);
12805#endif
12806
12807		isc_ret = ctl_dt_single(rq);
12808		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12809			break;
12810	}
12811	if (isc_ret != CTL_HA_STATUS_WAIT) {
12812		rq->ret = isc_ret;
12813		callback(rq);
12814	}
12815
12816	return (0);
12817}
12818
12819static void
12820ctl_datamove_remote_read(union ctl_io *io)
12821{
12822	int retval;
12823	int i;
12824
12825	/*
12826	 * This will send an error to the other controller in the case of a
12827	 * failure.
12828	 */
12829	retval = ctl_datamove_remote_sgl_setup(io);
12830	if (retval != 0)
12831		return;
12832
12833	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12834					  ctl_datamove_remote_read_cb);
12835	if (retval != 0) {
12836		/*
12837		 * Make sure we free memory if there was an error..  The
12838		 * ctl_datamove_remote_xfer() function will send the
12839		 * datamove done message, or call the callback with an
12840		 * error if there is a problem.
12841		 */
12842		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12843			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12844		free(io->io_hdr.remote_sglist, M_CTL);
12845		io->io_hdr.remote_sglist = NULL;
12846		io->io_hdr.local_sglist = NULL;
12847	}
12848}
12849
12850/*
12851 * Process a datamove request from the other controller.  This is used for
12852 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12853 * first.  Once that is complete, the data gets DMAed into the remote
12854 * controller's memory.  For reads, we DMA from the remote controller's
12855 * memory into our memory first, and then move it out to the FETD.
12856 */
12857static void
12858ctl_datamove_remote(union ctl_io *io)
12859{
12860
12861	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12862
12863	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12864		ctl_failover_io(io, /*have_lock*/ 0);
12865		return;
12866	}
12867
12868	/*
12869	 * Note that we look for an aborted I/O here, but don't do some of
12870	 * the other checks that ctl_datamove() normally does.
12871	 * We don't need to run the datamove delay code, since that should
12872	 * have been done if need be on the other controller.
12873	 */
12874	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12875		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12876		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12877		       io->io_hdr.nexus.targ_port,
12878		       io->io_hdr.nexus.targ_lun);
12879		io->io_hdr.port_status = 31338;
12880		ctl_send_datamove_done(io, /*have_lock*/ 0);
12881		return;
12882	}
12883
12884	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12885		ctl_datamove_remote_write(io);
12886	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12887		ctl_datamove_remote_read(io);
12888	else {
12889		io->io_hdr.port_status = 31339;
12890		ctl_send_datamove_done(io, /*have_lock*/ 0);
12891	}
12892}
12893
12894static int
12895ctl_process_done(union ctl_io *io)
12896{
12897	struct ctl_lun *lun;
12898	struct ctl_softc *softc = control_softc;
12899	void (*fe_done)(union ctl_io *io);
12900	union ctl_ha_msg msg;
12901	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12902
12903	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12904
12905	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0)
12906		fe_done = softc->ctl_ports[targ_port]->fe_done;
12907	else
12908		fe_done = NULL;
12909
12910#ifdef CTL_TIME_IO
12911	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12912		char str[256];
12913		char path_str[64];
12914		struct sbuf sb;
12915
12916		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12917		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12918
12919		sbuf_cat(&sb, path_str);
12920		switch (io->io_hdr.io_type) {
12921		case CTL_IO_SCSI:
12922			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12923			sbuf_printf(&sb, "\n");
12924			sbuf_cat(&sb, path_str);
12925			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12926				    io->scsiio.tag_num, io->scsiio.tag_type);
12927			break;
12928		case CTL_IO_TASK:
12929			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12930				    "Tag Type: %d\n", io->taskio.task_action,
12931				    io->taskio.tag_num, io->taskio.tag_type);
12932			break;
12933		default:
12934			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12935			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12936			break;
12937		}
12938		sbuf_cat(&sb, path_str);
12939		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12940			    (intmax_t)time_uptime - io->io_hdr.start_time);
12941		sbuf_finish(&sb);
12942		printf("%s", sbuf_data(&sb));
12943	}
12944#endif /* CTL_TIME_IO */
12945
12946	switch (io->io_hdr.io_type) {
12947	case CTL_IO_SCSI:
12948		break;
12949	case CTL_IO_TASK:
12950		if (ctl_debug & CTL_DEBUG_INFO)
12951			ctl_io_error_print(io, NULL);
12952		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12953			ctl_free_io(io);
12954		else
12955			fe_done(io);
12956		return (CTL_RETVAL_COMPLETE);
12957	default:
12958		panic("ctl_process_done: invalid io type %d\n",
12959		      io->io_hdr.io_type);
12960		break; /* NOTREACHED */
12961	}
12962
12963	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12964	if (lun == NULL) {
12965		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12966				 io->io_hdr.nexus.targ_mapped_lun));
12967		goto bailout;
12968	}
12969
12970	mtx_lock(&lun->lun_lock);
12971
12972	/*
12973	 * Check to see if we have any errors to inject here.  We only
12974	 * inject errors for commands that don't already have errors set.
12975	 */
12976	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12977	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12978	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12979		ctl_inject_error(lun, io);
12980
12981	/*
12982	 * XXX KDM how do we treat commands that aren't completed
12983	 * successfully?
12984	 *
12985	 * XXX KDM should we also track I/O latency?
12986	 */
12987	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12988	    io->io_hdr.io_type == CTL_IO_SCSI) {
12989#ifdef CTL_TIME_IO
12990		struct bintime cur_bt;
12991#endif
12992		int type;
12993
12994		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12995		    CTL_FLAG_DATA_IN)
12996			type = CTL_STATS_READ;
12997		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12998		    CTL_FLAG_DATA_OUT)
12999			type = CTL_STATS_WRITE;
13000		else
13001			type = CTL_STATS_NO_IO;
13002
13003		lun->stats.ports[targ_port].bytes[type] +=
13004		    io->scsiio.kern_total_len;
13005		lun->stats.ports[targ_port].operations[type]++;
13006#ifdef CTL_TIME_IO
13007		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13008		   &io->io_hdr.dma_bt);
13009		lun->stats.ports[targ_port].num_dmas[type] +=
13010		    io->io_hdr.num_dmas;
13011		getbintime(&cur_bt);
13012		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13013		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13014#endif
13015	}
13016
13017	/*
13018	 * Remove this from the OOA queue.
13019	 */
13020	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13021#ifdef CTL_TIME_IO
13022	if (TAILQ_EMPTY(&lun->ooa_queue))
13023		lun->last_busy = getsbinuptime();
13024#endif
13025
13026	/*
13027	 * Run through the blocked queue on this LUN and see if anything
13028	 * has become unblocked, now that this transaction is done.
13029	 */
13030	ctl_check_blocked(lun);
13031
13032	/*
13033	 * If the LUN has been invalidated, free it if there is nothing
13034	 * left on its OOA queue.
13035	 */
13036	if ((lun->flags & CTL_LUN_INVALID)
13037	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13038		mtx_unlock(&lun->lun_lock);
13039		mtx_lock(&softc->ctl_lock);
13040		ctl_free_lun(lun);
13041		mtx_unlock(&softc->ctl_lock);
13042	} else
13043		mtx_unlock(&lun->lun_lock);
13044
13045bailout:
13046
13047	/*
13048	 * If this command has been aborted, make sure we set the status
13049	 * properly.  The FETD is responsible for freeing the I/O and doing
13050	 * whatever it needs to do to clean up its state.
13051	 */
13052	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13053		ctl_set_task_aborted(&io->scsiio);
13054
13055	/*
13056	 * If enabled, print command error status.
13057	 */
13058	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13059	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13060		ctl_io_error_print(io, NULL);
13061
13062	/*
13063	 * Tell the FETD or the other shelf controller we're done with this
13064	 * command.  Note that only SCSI commands get to this point.  Task
13065	 * management commands are completed above.
13066	 */
13067	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13068	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13069		memset(&msg, 0, sizeof(msg));
13070		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13071		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13072		msg.hdr.nexus = io->io_hdr.nexus;
13073		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13074		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13075		    M_WAITOK);
13076	}
13077	if ((softc->ha_mode == CTL_HA_MODE_XFER)
13078	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13079		memset(&msg, 0, sizeof(msg));
13080		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13081		msg.hdr.original_sc = io->io_hdr.original_sc;
13082		msg.hdr.nexus = io->io_hdr.nexus;
13083		msg.hdr.status = io->io_hdr.status;
13084		msg.scsi.scsi_status = io->scsiio.scsi_status;
13085		msg.scsi.tag_num = io->scsiio.tag_num;
13086		msg.scsi.tag_type = io->scsiio.tag_type;
13087		msg.scsi.sense_len = io->scsiio.sense_len;
13088		msg.scsi.sense_residual = io->scsiio.sense_residual;
13089		msg.scsi.residual = io->scsiio.residual;
13090		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13091		       io->scsiio.sense_len);
13092
13093		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13094		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
13095		    msg.scsi.sense_len, M_WAITOK);
13096		ctl_free_io(io);
13097	} else
13098		fe_done(io);
13099
13100	return (CTL_RETVAL_COMPLETE);
13101}
13102
13103#ifdef CTL_WITH_CA
13104/*
13105 * Front end should call this if it doesn't do autosense.  When the request
13106 * sense comes back in from the initiator, we'll dequeue this and send it.
13107 */
13108int
13109ctl_queue_sense(union ctl_io *io)
13110{
13111	struct ctl_lun *lun;
13112	struct ctl_port *port;
13113	struct ctl_softc *softc;
13114	uint32_t initidx, targ_lun;
13115
13116	softc = control_softc;
13117
13118	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13119
13120	/*
13121	 * LUN lookup will likely move to the ctl_work_thread() once we
13122	 * have our new queueing infrastructure (that doesn't put things on
13123	 * a per-LUN queue initially).  That is so that we can handle
13124	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13125	 * can't deal with that right now.
13126	 */
13127	mtx_lock(&softc->ctl_lock);
13128
13129	/*
13130	 * If we don't have a LUN for this, just toss the sense
13131	 * information.
13132	 */
13133	port = ctl_io_port(&ctsio->io_hdr);
13134	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13135	if ((targ_lun < CTL_MAX_LUNS)
13136	 && (softc->ctl_luns[targ_lun] != NULL))
13137		lun = softc->ctl_luns[targ_lun];
13138	else
13139		goto bailout;
13140
13141	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13142
13143	mtx_lock(&lun->lun_lock);
13144	/*
13145	 * Already have CA set for this LUN...toss the sense information.
13146	 */
13147	if (ctl_is_set(lun->have_ca, initidx)) {
13148		mtx_unlock(&lun->lun_lock);
13149		goto bailout;
13150	}
13151
13152	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13153	       MIN(sizeof(lun->pending_sense[initidx]),
13154	       sizeof(io->scsiio.sense_data)));
13155	ctl_set_mask(lun->have_ca, initidx);
13156	mtx_unlock(&lun->lun_lock);
13157
13158bailout:
13159	mtx_unlock(&softc->ctl_lock);
13160
13161	ctl_free_io(io);
13162
13163	return (CTL_RETVAL_COMPLETE);
13164}
13165#endif
13166
13167/*
13168 * Primary command inlet from frontend ports.  All SCSI and task I/O
13169 * requests must go through this function.
13170 */
13171int
13172ctl_queue(union ctl_io *io)
13173{
13174	struct ctl_port *port;
13175
13176	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13177
13178#ifdef CTL_TIME_IO
13179	io->io_hdr.start_time = time_uptime;
13180	getbintime(&io->io_hdr.start_bt);
13181#endif /* CTL_TIME_IO */
13182
13183	/* Map FE-specific LUN ID into global one. */
13184	port = ctl_io_port(&io->io_hdr);
13185	io->io_hdr.nexus.targ_mapped_lun =
13186	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13187
13188	switch (io->io_hdr.io_type) {
13189	case CTL_IO_SCSI:
13190	case CTL_IO_TASK:
13191		if (ctl_debug & CTL_DEBUG_CDB)
13192			ctl_io_print(io);
13193		ctl_enqueue_incoming(io);
13194		break;
13195	default:
13196		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13197		return (EINVAL);
13198	}
13199
13200	return (CTL_RETVAL_COMPLETE);
13201}
13202
13203#ifdef CTL_IO_DELAY
13204static void
13205ctl_done_timer_wakeup(void *arg)
13206{
13207	union ctl_io *io;
13208
13209	io = (union ctl_io *)arg;
13210	ctl_done(io);
13211}
13212#endif /* CTL_IO_DELAY */
13213
13214void
13215ctl_serseq_done(union ctl_io *io)
13216{
13217	struct ctl_lun *lun;
13218
13219	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13220	if (lun->be_lun == NULL ||
13221	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13222		return;
13223	mtx_lock(&lun->lun_lock);
13224	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13225	ctl_check_blocked(lun);
13226	mtx_unlock(&lun->lun_lock);
13227}
13228
13229void
13230ctl_done(union ctl_io *io)
13231{
13232
13233	/*
13234	 * Enable this to catch duplicate completion issues.
13235	 */
13236#if 0
13237	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13238		printf("%s: type %d msg %d cdb %x iptl: "
13239		       "%u:%u:%u tag 0x%04x "
13240		       "flag %#x status %x\n",
13241			__func__,
13242			io->io_hdr.io_type,
13243			io->io_hdr.msg_type,
13244			io->scsiio.cdb[0],
13245			io->io_hdr.nexus.initid,
13246			io->io_hdr.nexus.targ_port,
13247			io->io_hdr.nexus.targ_lun,
13248			(io->io_hdr.io_type ==
13249			CTL_IO_TASK) ?
13250			io->taskio.tag_num :
13251			io->scsiio.tag_num,
13252		        io->io_hdr.flags,
13253			io->io_hdr.status);
13254	} else
13255		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13256#endif
13257
13258	/*
13259	 * This is an internal copy of an I/O, and should not go through
13260	 * the normal done processing logic.
13261	 */
13262	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13263		return;
13264
13265#ifdef CTL_IO_DELAY
13266	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13267		struct ctl_lun *lun;
13268
13269		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13270
13271		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13272	} else {
13273		struct ctl_lun *lun;
13274
13275		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13276
13277		if ((lun != NULL)
13278		 && (lun->delay_info.done_delay > 0)) {
13279
13280			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13281			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13282			callout_reset(&io->io_hdr.delay_callout,
13283				      lun->delay_info.done_delay * hz,
13284				      ctl_done_timer_wakeup, io);
13285			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13286				lun->delay_info.done_delay = 0;
13287			return;
13288		}
13289	}
13290#endif /* CTL_IO_DELAY */
13291
13292	ctl_enqueue_done(io);
13293}
13294
13295static void
13296ctl_work_thread(void *arg)
13297{
13298	struct ctl_thread *thr = (struct ctl_thread *)arg;
13299	struct ctl_softc *softc = thr->ctl_softc;
13300	union ctl_io *io;
13301	int retval;
13302
13303	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13304
13305	for (;;) {
13306		retval = 0;
13307
13308		/*
13309		 * We handle the queues in this order:
13310		 * - ISC
13311		 * - done queue (to free up resources, unblock other commands)
13312		 * - RtR queue
13313		 * - incoming queue
13314		 *
13315		 * If those queues are empty, we break out of the loop and
13316		 * go to sleep.
13317		 */
13318		mtx_lock(&thr->queue_lock);
13319		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13320		if (io != NULL) {
13321			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13322			mtx_unlock(&thr->queue_lock);
13323			ctl_handle_isc(io);
13324			continue;
13325		}
13326		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13327		if (io != NULL) {
13328			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13329			/* clear any blocked commands, call fe_done */
13330			mtx_unlock(&thr->queue_lock);
13331			retval = ctl_process_done(io);
13332			continue;
13333		}
13334		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13335		if (io != NULL) {
13336			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13337			mtx_unlock(&thr->queue_lock);
13338			if (io->io_hdr.io_type == CTL_IO_TASK)
13339				ctl_run_task(io);
13340			else
13341				ctl_scsiio_precheck(softc, &io->scsiio);
13342			continue;
13343		}
13344		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13345		if (io != NULL) {
13346			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13347			mtx_unlock(&thr->queue_lock);
13348			retval = ctl_scsiio(&io->scsiio);
13349			if (retval != CTL_RETVAL_COMPLETE)
13350				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13351			continue;
13352		}
13353
13354		/* Sleep until we have something to do. */
13355		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13356	}
13357}
13358
13359static void
13360ctl_lun_thread(void *arg)
13361{
13362	struct ctl_softc *softc = (struct ctl_softc *)arg;
13363	struct ctl_be_lun *be_lun;
13364	int retval;
13365
13366	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13367
13368	for (;;) {
13369		retval = 0;
13370		mtx_lock(&softc->ctl_lock);
13371		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13372		if (be_lun != NULL) {
13373			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13374			mtx_unlock(&softc->ctl_lock);
13375			ctl_create_lun(be_lun);
13376			continue;
13377		}
13378
13379		/* Sleep until we have something to do. */
13380		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13381		    PDROP | PRIBIO, "-", 0);
13382	}
13383}
13384
13385static void
13386ctl_thresh_thread(void *arg)
13387{
13388	struct ctl_softc *softc = (struct ctl_softc *)arg;
13389	struct ctl_lun *lun;
13390	struct ctl_be_lun *be_lun;
13391	struct scsi_da_rw_recovery_page *rwpage;
13392	struct ctl_logical_block_provisioning_page *page;
13393	const char *attr;
13394	union ctl_ha_msg msg;
13395	uint64_t thres, val;
13396	int i, e, set;
13397
13398	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13399
13400	for (;;) {
13401		mtx_lock(&softc->ctl_lock);
13402		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13403			be_lun = lun->be_lun;
13404			if ((lun->flags & CTL_LUN_DISABLED) ||
13405			    (lun->flags & CTL_LUN_OFFLINE) ||
13406			    lun->backend->lun_attr == NULL)
13407				continue;
13408			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13409			    softc->ha_mode == CTL_HA_MODE_XFER)
13410				continue;
13411			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13412			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13413				continue;
13414			e = 0;
13415			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13416			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13417				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13418					continue;
13419				thres = scsi_4btoul(page->descr[i].count);
13420				thres <<= CTL_LBP_EXPONENT;
13421				switch (page->descr[i].resource) {
13422				case 0x01:
13423					attr = "blocksavail";
13424					break;
13425				case 0x02:
13426					attr = "blocksused";
13427					break;
13428				case 0xf1:
13429					attr = "poolblocksavail";
13430					break;
13431				case 0xf2:
13432					attr = "poolblocksused";
13433					break;
13434				default:
13435					continue;
13436				}
13437				mtx_unlock(&softc->ctl_lock); // XXX
13438				val = lun->backend->lun_attr(
13439				    lun->be_lun->be_lun, attr);
13440				mtx_lock(&softc->ctl_lock);
13441				if (val == UINT64_MAX)
13442					continue;
13443				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13444				    == SLBPPD_ARMING_INC)
13445					e = (val >= thres);
13446				else
13447					e = (val <= thres);
13448				if (e)
13449					break;
13450			}
13451			mtx_lock(&lun->lun_lock);
13452			if (e) {
13453				scsi_u64to8b((uint8_t *)&page->descr[i] -
13454				    (uint8_t *)page, lun->ua_tpt_info);
13455				if (lun->lasttpt == 0 ||
13456				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13457					lun->lasttpt = time_uptime;
13458					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13459					set = 1;
13460				} else
13461					set = 0;
13462			} else {
13463				lun->lasttpt = 0;
13464				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13465				set = -1;
13466			}
13467			mtx_unlock(&lun->lun_lock);
13468			if (set != 0 &&
13469			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13470				/* Send msg to other side. */
13471				bzero(&msg.ua, sizeof(msg.ua));
13472				msg.hdr.msg_type = CTL_MSG_UA;
13473				msg.hdr.nexus.initid = -1;
13474				msg.hdr.nexus.targ_port = -1;
13475				msg.hdr.nexus.targ_lun = lun->lun;
13476				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13477				msg.ua.ua_all = 1;
13478				msg.ua.ua_set = (set > 0);
13479				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13480				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13481				mtx_unlock(&softc->ctl_lock); // XXX
13482				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13483				    sizeof(msg.ua), M_WAITOK);
13484				mtx_lock(&softc->ctl_lock);
13485			}
13486		}
13487		mtx_unlock(&softc->ctl_lock);
13488		pause("-", CTL_LBP_PERIOD * hz);
13489	}
13490}
13491
13492static void
13493ctl_enqueue_incoming(union ctl_io *io)
13494{
13495	struct ctl_softc *softc = control_softc;
13496	struct ctl_thread *thr;
13497	u_int idx;
13498
13499	idx = (io->io_hdr.nexus.targ_port * 127 +
13500	       io->io_hdr.nexus.initid) % worker_threads;
13501	thr = &softc->threads[idx];
13502	mtx_lock(&thr->queue_lock);
13503	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13504	mtx_unlock(&thr->queue_lock);
13505	wakeup(thr);
13506}
13507
13508static void
13509ctl_enqueue_rtr(union ctl_io *io)
13510{
13511	struct ctl_softc *softc = control_softc;
13512	struct ctl_thread *thr;
13513
13514	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13515	mtx_lock(&thr->queue_lock);
13516	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13517	mtx_unlock(&thr->queue_lock);
13518	wakeup(thr);
13519}
13520
13521static void
13522ctl_enqueue_done(union ctl_io *io)
13523{
13524	struct ctl_softc *softc = control_softc;
13525	struct ctl_thread *thr;
13526
13527	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13528	mtx_lock(&thr->queue_lock);
13529	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13530	mtx_unlock(&thr->queue_lock);
13531	wakeup(thr);
13532}
13533
13534static void
13535ctl_enqueue_isc(union ctl_io *io)
13536{
13537	struct ctl_softc *softc = control_softc;
13538	struct ctl_thread *thr;
13539
13540	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13541	mtx_lock(&thr->queue_lock);
13542	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13543	mtx_unlock(&thr->queue_lock);
13544	wakeup(thr);
13545}
13546
13547/*
13548 *  vim: ts=8
13549 */
13550