ctl.c revision 288792 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288792 2015-10-05 10:56:04Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_DEXCPT,
288	/*mrie*/0,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 0}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/0,
297	/*mrie*/0,
298	/*interval_timer*/{0, 0, 0, 0},
299	/*report_count*/{0, 0, 0, 0}
300};
301
302#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
303
304const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
305	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
306	/*subpage_code*/0x02,
307	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
308	/*flags*/0,
309	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310	/*descr*/{}},
311	{{/*flags*/0,
312	  /*resource*/0x01,
313	  /*reserved*/{0, 0},
314	  /*count*/{0, 0, 0, 0}},
315	 {/*flags*/0,
316	  /*resource*/0x02,
317	  /*reserved*/{0, 0},
318	  /*count*/{0, 0, 0, 0}},
319	 {/*flags*/0,
320	  /*resource*/0xf1,
321	  /*reserved*/{0, 0},
322	  /*count*/{0, 0, 0, 0}},
323	 {/*flags*/0,
324	  /*resource*/0xf2,
325	  /*reserved*/{0, 0},
326	  /*count*/{0, 0, 0, 0}}
327	}
328};
329
330const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
331	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
332	/*subpage_code*/0x02,
333	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
334	/*flags*/0,
335	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
336	/*descr*/{}},
337	{{/*flags*/0,
338	  /*resource*/0,
339	  /*reserved*/{0, 0},
340	  /*count*/{0, 0, 0, 0}},
341	 {/*flags*/0,
342	  /*resource*/0,
343	  /*reserved*/{0, 0},
344	  /*count*/{0, 0, 0, 0}},
345	 {/*flags*/0,
346	  /*resource*/0,
347	  /*reserved*/{0, 0},
348	  /*count*/{0, 0, 0, 0}},
349	 {/*flags*/0,
350	  /*resource*/0,
351	  /*reserved*/{0, 0},
352	  /*count*/{0, 0, 0, 0}}
353	}
354};
355
356SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
357static int worker_threads = -1;
358TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
359SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
360    &worker_threads, 1, "Number of worker threads");
361static int ctl_debug = CTL_DEBUG_NONE;
362TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
363SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
364    &ctl_debug, 0, "Enabled debug flags");
365
366/*
367 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
368 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
369 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
370 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
371 */
372#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
373
374static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
375				  int param);
376static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
377static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
378static int ctl_init(void);
379void ctl_shutdown(void);
380static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
381static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
382static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
383static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
384			      struct ctl_ooa *ooa_hdr,
385			      struct ctl_ooa_entry *kern_entries);
386static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
387		     struct thread *td);
388static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
389			 struct ctl_be_lun *be_lun);
390static int ctl_free_lun(struct ctl_lun *lun);
391static void ctl_create_lun(struct ctl_be_lun *be_lun);
392static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
393
394static int ctl_do_mode_select(union ctl_io *io);
395static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
396			   uint64_t res_key, uint64_t sa_res_key,
397			   uint8_t type, uint32_t residx,
398			   struct ctl_scsiio *ctsio,
399			   struct scsi_per_res_out *cdb,
400			   struct scsi_per_res_out_parms* param);
401static void ctl_pro_preempt_other(struct ctl_lun *lun,
402				  union ctl_ha_msg *msg);
403static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
404static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
407static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
408static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
409static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
410					 int alloc_len);
411static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
412					 int alloc_len);
413static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
414static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
415static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
416static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
417static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
418static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
419    bool seq);
420static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
421static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
422    union ctl_io *pending_io, union ctl_io *ooa_io);
423static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
424				union ctl_io *starting_io);
425static int ctl_check_blocked(struct ctl_lun *lun);
426static int ctl_scsiio_lun_check(struct ctl_lun *lun,
427				const struct ctl_cmd_entry *entry,
428				struct ctl_scsiio *ctsio);
429static void ctl_failover_lun(struct ctl_lun *lun);
430static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
431			       struct ctl_scsiio *ctsio);
432static int ctl_scsiio(struct ctl_scsiio *ctsio);
433
434static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
435static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
436			    ctl_ua_type ua_type);
437static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
438			 ctl_ua_type ua_type);
439static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
440static int ctl_abort_task(union ctl_io *io);
441static int ctl_abort_task_set(union ctl_io *io);
442static int ctl_query_task(union ctl_io *io, int task_set);
443static int ctl_i_t_nexus_reset(union ctl_io *io);
444static int ctl_query_async_event(union ctl_io *io);
445static void ctl_run_task(union ctl_io *io);
446#ifdef CTL_IO_DELAY
447static void ctl_datamove_timer_wakeup(void *arg);
448static void ctl_done_timer_wakeup(void *arg);
449#endif /* CTL_IO_DELAY */
450
451static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
452static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
453static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
454static void ctl_datamove_remote_write(union ctl_io *io);
455static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
456static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
457static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
458static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
459				    ctl_ha_dt_cb callback);
460static void ctl_datamove_remote_read(union ctl_io *io);
461static void ctl_datamove_remote(union ctl_io *io);
462static int ctl_process_done(union ctl_io *io);
463static void ctl_lun_thread(void *arg);
464static void ctl_thresh_thread(void *arg);
465static void ctl_work_thread(void *arg);
466static void ctl_enqueue_incoming(union ctl_io *io);
467static void ctl_enqueue_rtr(union ctl_io *io);
468static void ctl_enqueue_done(union ctl_io *io);
469static void ctl_enqueue_isc(union ctl_io *io);
470static const struct ctl_cmd_entry *
471    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
472static const struct ctl_cmd_entry *
473    ctl_validate_command(struct ctl_scsiio *ctsio);
474static int ctl_cmd_applicable(uint8_t lun_type,
475    const struct ctl_cmd_entry *entry);
476
477static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
478static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
479static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
480static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
481
482/*
483 * Load the serialization table.  This isn't very pretty, but is probably
484 * the easiest way to do it.
485 */
486#include "ctl_ser_table.c"
487
488/*
489 * We only need to define open, close and ioctl routines for this driver.
490 */
491static struct cdevsw ctl_cdevsw = {
492	.d_version =	D_VERSION,
493	.d_flags =	0,
494	.d_open =	ctl_open,
495	.d_close =	ctl_close,
496	.d_ioctl =	ctl_ioctl,
497	.d_name =	"ctl",
498};
499
500
501MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
502
503static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
504
505static moduledata_t ctl_moduledata = {
506	"ctl",
507	ctl_module_event_handler,
508	NULL
509};
510
511DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
512MODULE_VERSION(ctl, 1);
513
514static struct ctl_frontend ha_frontend =
515{
516	.name = "ha",
517};
518
519static void
520ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
521			    union ctl_ha_msg *msg_info)
522{
523	struct ctl_scsiio *ctsio;
524
525	if (msg_info->hdr.original_sc == NULL) {
526		printf("%s: original_sc == NULL!\n", __func__);
527		/* XXX KDM now what? */
528		return;
529	}
530
531	ctsio = &msg_info->hdr.original_sc->scsiio;
532	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
533	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
534	ctsio->io_hdr.status = msg_info->hdr.status;
535	ctsio->scsi_status = msg_info->scsi.scsi_status;
536	ctsio->sense_len = msg_info->scsi.sense_len;
537	ctsio->sense_residual = msg_info->scsi.sense_residual;
538	ctsio->residual = msg_info->scsi.residual;
539	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
540	       msg_info->scsi.sense_len);
541	ctl_enqueue_isc((union ctl_io *)ctsio);
542}
543
544static void
545ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
546				union ctl_ha_msg *msg_info)
547{
548	struct ctl_scsiio *ctsio;
549
550	if (msg_info->hdr.serializing_sc == NULL) {
551		printf("%s: serializing_sc == NULL!\n", __func__);
552		/* XXX KDM now what? */
553		return;
554	}
555
556	ctsio = &msg_info->hdr.serializing_sc->scsiio;
557	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
558	ctl_enqueue_isc((union ctl_io *)ctsio);
559}
560
561void
562ctl_isc_announce_lun(struct ctl_lun *lun)
563{
564	struct ctl_softc *softc = lun->ctl_softc;
565	union ctl_ha_msg *msg;
566	struct ctl_ha_msg_lun_pr_key pr_key;
567	int i, k;
568
569	if (softc->ha_link != CTL_HA_LINK_ONLINE)
570		return;
571	mtx_lock(&lun->lun_lock);
572	i = sizeof(msg->lun);
573	if (lun->lun_devid)
574		i += lun->lun_devid->len;
575	i += sizeof(pr_key) * lun->pr_key_count;
576alloc:
577	mtx_unlock(&lun->lun_lock);
578	msg = malloc(i, M_CTL, M_WAITOK);
579	mtx_lock(&lun->lun_lock);
580	k = sizeof(msg->lun);
581	if (lun->lun_devid)
582		k += lun->lun_devid->len;
583	k += sizeof(pr_key) * lun->pr_key_count;
584	if (i < k) {
585		free(msg, M_CTL);
586		i = k;
587		goto alloc;
588	}
589	bzero(&msg->lun, sizeof(msg->lun));
590	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
591	msg->hdr.nexus.targ_lun = lun->lun;
592	msg->hdr.nexus.targ_mapped_lun = lun->lun;
593	msg->lun.flags = lun->flags;
594	msg->lun.pr_generation = lun->PRGeneration;
595	msg->lun.pr_res_idx = lun->pr_res_idx;
596	msg->lun.pr_res_type = lun->res_type;
597	msg->lun.pr_key_count = lun->pr_key_count;
598	i = 0;
599	if (lun->lun_devid) {
600		msg->lun.lun_devid_len = lun->lun_devid->len;
601		memcpy(&msg->lun.data[i], lun->lun_devid->data,
602		    msg->lun.lun_devid_len);
603		i += msg->lun.lun_devid_len;
604	}
605	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
606		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
607			continue;
608		pr_key.pr_iid = k;
609		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
610		i += sizeof(pr_key);
611	}
612	mtx_unlock(&lun->lun_lock);
613	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
614	    M_WAITOK);
615	free(msg, M_CTL);
616
617	if (lun->flags & CTL_LUN_PRIMARY_SC) {
618		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
619			ctl_isc_announce_mode(lun, -1,
620			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
621			    lun->mode_pages.index[i].subpage);
622		}
623	}
624}
625
626void
627ctl_isc_announce_port(struct ctl_port *port)
628{
629	struct ctl_softc *softc = control_softc;
630	union ctl_ha_msg *msg;
631	int i;
632
633	if (port->targ_port < softc->port_min ||
634	    port->targ_port >= softc->port_max ||
635	    softc->ha_link != CTL_HA_LINK_ONLINE)
636		return;
637	i = sizeof(msg->port) + strlen(port->port_name) + 1;
638	if (port->lun_map)
639		i += sizeof(uint32_t) * CTL_MAX_LUNS;
640	if (port->port_devid)
641		i += port->port_devid->len;
642	if (port->target_devid)
643		i += port->target_devid->len;
644	if (port->init_devid)
645		i += port->init_devid->len;
646	msg = malloc(i, M_CTL, M_WAITOK);
647	bzero(&msg->port, sizeof(msg->port));
648	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
649	msg->hdr.nexus.targ_port = port->targ_port;
650	msg->port.port_type = port->port_type;
651	msg->port.physical_port = port->physical_port;
652	msg->port.virtual_port = port->virtual_port;
653	msg->port.status = port->status;
654	i = 0;
655	msg->port.name_len = sprintf(&msg->port.data[i],
656	    "%d:%s", softc->ha_id, port->port_name) + 1;
657	i += msg->port.name_len;
658	if (port->lun_map) {
659		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
660		memcpy(&msg->port.data[i], port->lun_map,
661		    msg->port.lun_map_len);
662		i += msg->port.lun_map_len;
663	}
664	if (port->port_devid) {
665		msg->port.port_devid_len = port->port_devid->len;
666		memcpy(&msg->port.data[i], port->port_devid->data,
667		    msg->port.port_devid_len);
668		i += msg->port.port_devid_len;
669	}
670	if (port->target_devid) {
671		msg->port.target_devid_len = port->target_devid->len;
672		memcpy(&msg->port.data[i], port->target_devid->data,
673		    msg->port.target_devid_len);
674		i += msg->port.target_devid_len;
675	}
676	if (port->init_devid) {
677		msg->port.init_devid_len = port->init_devid->len;
678		memcpy(&msg->port.data[i], port->init_devid->data,
679		    msg->port.init_devid_len);
680		i += msg->port.init_devid_len;
681	}
682	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
683	    M_WAITOK);
684	free(msg, M_CTL);
685}
686
687void
688ctl_isc_announce_iid(struct ctl_port *port, int iid)
689{
690	struct ctl_softc *softc = control_softc;
691	union ctl_ha_msg *msg;
692	int i, l;
693
694	if (port->targ_port < softc->port_min ||
695	    port->targ_port >= softc->port_max ||
696	    softc->ha_link != CTL_HA_LINK_ONLINE)
697		return;
698	mtx_lock(&softc->ctl_lock);
699	i = sizeof(msg->iid);
700	l = 0;
701	if (port->wwpn_iid[iid].name)
702		l = strlen(port->wwpn_iid[iid].name) + 1;
703	i += l;
704	msg = malloc(i, M_CTL, M_NOWAIT);
705	if (msg == NULL) {
706		mtx_unlock(&softc->ctl_lock);
707		return;
708	}
709	bzero(&msg->iid, sizeof(msg->iid));
710	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
711	msg->hdr.nexus.targ_port = port->targ_port;
712	msg->hdr.nexus.initid = iid;
713	msg->iid.in_use = port->wwpn_iid[iid].in_use;
714	msg->iid.name_len = l;
715	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
716	if (port->wwpn_iid[iid].name)
717		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
718	mtx_unlock(&softc->ctl_lock);
719	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
720	free(msg, M_CTL);
721}
722
723void
724ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
725    uint8_t page, uint8_t subpage)
726{
727	struct ctl_softc *softc = lun->ctl_softc;
728	union ctl_ha_msg msg;
729	int i;
730
731	if (softc->ha_link != CTL_HA_LINK_ONLINE)
732		return;
733	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
734		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
735		    page && lun->mode_pages.index[i].subpage == subpage)
736			break;
737	}
738	if (i == CTL_NUM_MODE_PAGES)
739		return;
740	bzero(&msg.mode, sizeof(msg.mode));
741	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
742	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
743	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
744	msg.hdr.nexus.targ_lun = lun->lun;
745	msg.hdr.nexus.targ_mapped_lun = lun->lun;
746	msg.mode.page_code = page;
747	msg.mode.subpage = subpage;
748	msg.mode.page_len = lun->mode_pages.index[i].page_len;
749	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
750	    msg.mode.page_len);
751	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
752	    M_WAITOK);
753}
754
755static void
756ctl_isc_ha_link_up(struct ctl_softc *softc)
757{
758	struct ctl_port *port;
759	struct ctl_lun *lun;
760	union ctl_ha_msg msg;
761	int i;
762
763	/* Announce this node parameters to peer for validation. */
764	msg.login.msg_type = CTL_MSG_LOGIN;
765	msg.login.version = CTL_HA_VERSION;
766	msg.login.ha_mode = softc->ha_mode;
767	msg.login.ha_id = softc->ha_id;
768	msg.login.max_luns = CTL_MAX_LUNS;
769	msg.login.max_ports = CTL_MAX_PORTS;
770	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
771	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
772	    M_WAITOK);
773
774	STAILQ_FOREACH(port, &softc->port_list, links) {
775		ctl_isc_announce_port(port);
776		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
777			if (port->wwpn_iid[i].in_use)
778				ctl_isc_announce_iid(port, i);
779		}
780	}
781	STAILQ_FOREACH(lun, &softc->lun_list, links)
782		ctl_isc_announce_lun(lun);
783}
784
785static void
786ctl_isc_ha_link_down(struct ctl_softc *softc)
787{
788	struct ctl_port *port;
789	struct ctl_lun *lun;
790	union ctl_io *io;
791	int i;
792
793	mtx_lock(&softc->ctl_lock);
794	STAILQ_FOREACH(lun, &softc->lun_list, links) {
795		mtx_lock(&lun->lun_lock);
796		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
797			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
798			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
799		}
800		mtx_unlock(&lun->lun_lock);
801
802		mtx_unlock(&softc->ctl_lock);
803		io = ctl_alloc_io(softc->othersc_pool);
804		mtx_lock(&softc->ctl_lock);
805		ctl_zero_io(io);
806		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
807		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
808		ctl_enqueue_isc(io);
809	}
810
811	STAILQ_FOREACH(port, &softc->port_list, links) {
812		if (port->targ_port >= softc->port_min &&
813		    port->targ_port < softc->port_max)
814			continue;
815		port->status &= ~CTL_PORT_STATUS_ONLINE;
816		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
817			port->wwpn_iid[i].in_use = 0;
818			free(port->wwpn_iid[i].name, M_CTL);
819			port->wwpn_iid[i].name = NULL;
820		}
821	}
822	mtx_unlock(&softc->ctl_lock);
823}
824
825static void
826ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
827{
828	struct ctl_lun *lun;
829	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
830
831	mtx_lock(&softc->ctl_lock);
832	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
833	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
834		mtx_lock(&lun->lun_lock);
835		mtx_unlock(&softc->ctl_lock);
836		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
837		    msg->ua.ua_set)
838			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
839		if (msg->ua.ua_all) {
840			if (msg->ua.ua_set)
841				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
842			else
843				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
844		} else {
845			if (msg->ua.ua_set)
846				ctl_est_ua(lun, iid, msg->ua.ua_type);
847			else
848				ctl_clr_ua(lun, iid, msg->ua.ua_type);
849		}
850		mtx_unlock(&lun->lun_lock);
851	} else
852		mtx_unlock(&softc->ctl_lock);
853}
854
855static void
856ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
857{
858	struct ctl_lun *lun;
859	struct ctl_ha_msg_lun_pr_key pr_key;
860	int i, k;
861	ctl_lun_flags oflags;
862	uint32_t targ_lun;
863
864	targ_lun = msg->hdr.nexus.targ_mapped_lun;
865	mtx_lock(&softc->ctl_lock);
866	if ((targ_lun >= CTL_MAX_LUNS) ||
867	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
868		mtx_unlock(&softc->ctl_lock);
869		return;
870	}
871	mtx_lock(&lun->lun_lock);
872	mtx_unlock(&softc->ctl_lock);
873	if (lun->flags & CTL_LUN_DISABLED) {
874		mtx_unlock(&lun->lun_lock);
875		return;
876	}
877	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
878	if (msg->lun.lun_devid_len != i || (i > 0 &&
879	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
880		mtx_unlock(&lun->lun_lock);
881		printf("%s: Received conflicting HA LUN %d\n",
882		    __func__, msg->hdr.nexus.targ_lun);
883		return;
884	} else {
885		/* Record whether peer is primary. */
886		oflags = lun->flags;
887		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
888		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
889			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
890		else
891			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
892		if (oflags != lun->flags)
893			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
894
895		/* If peer is primary and we are not -- use data */
896		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
897		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
898			lun->PRGeneration = msg->lun.pr_generation;
899			lun->pr_res_idx = msg->lun.pr_res_idx;
900			lun->res_type = msg->lun.pr_res_type;
901			lun->pr_key_count = msg->lun.pr_key_count;
902			for (k = 0; k < CTL_MAX_INITIATORS; k++)
903				ctl_clr_prkey(lun, k);
904			for (k = 0; k < msg->lun.pr_key_count; k++) {
905				memcpy(&pr_key, &msg->lun.data[i],
906				    sizeof(pr_key));
907				ctl_alloc_prkey(lun, pr_key.pr_iid);
908				ctl_set_prkey(lun, pr_key.pr_iid,
909				    pr_key.pr_key);
910				i += sizeof(pr_key);
911			}
912		}
913
914		mtx_unlock(&lun->lun_lock);
915		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
916		    __func__, msg->hdr.nexus.targ_lun,
917		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
918		    "primary" : "secondary"));
919
920		/* If we are primary but peer doesn't know -- notify */
921		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
922		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
923			ctl_isc_announce_lun(lun);
924	}
925}
926
927static void
928ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
929{
930	struct ctl_port *port;
931	struct ctl_lun *lun;
932	int i, new;
933
934	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
935	if (port == NULL) {
936		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
937		    msg->hdr.nexus.targ_port));
938		new = 1;
939		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
940		port->frontend = &ha_frontend;
941		port->targ_port = msg->hdr.nexus.targ_port;
942	} else if (port->frontend == &ha_frontend) {
943		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
944		    msg->hdr.nexus.targ_port));
945		new = 0;
946	} else {
947		printf("%s: Received conflicting HA port %d\n",
948		    __func__, msg->hdr.nexus.targ_port);
949		return;
950	}
951	port->port_type = msg->port.port_type;
952	port->physical_port = msg->port.physical_port;
953	port->virtual_port = msg->port.virtual_port;
954	port->status = msg->port.status;
955	i = 0;
956	free(port->port_name, M_CTL);
957	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
958	    M_CTL);
959	i += msg->port.name_len;
960	if (msg->port.lun_map_len != 0) {
961		if (port->lun_map == NULL)
962			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
963			    M_CTL, M_WAITOK);
964		memcpy(port->lun_map, &msg->port.data[i],
965		    sizeof(uint32_t) * CTL_MAX_LUNS);
966		i += msg->port.lun_map_len;
967	} else {
968		free(port->lun_map, M_CTL);
969		port->lun_map = NULL;
970	}
971	if (msg->port.port_devid_len != 0) {
972		if (port->port_devid == NULL ||
973		    port->port_devid->len != msg->port.port_devid_len) {
974			free(port->port_devid, M_CTL);
975			port->port_devid = malloc(sizeof(struct ctl_devid) +
976			    msg->port.port_devid_len, M_CTL, M_WAITOK);
977		}
978		memcpy(port->port_devid->data, &msg->port.data[i],
979		    msg->port.port_devid_len);
980		port->port_devid->len = msg->port.port_devid_len;
981		i += msg->port.port_devid_len;
982	} else {
983		free(port->port_devid, M_CTL);
984		port->port_devid = NULL;
985	}
986	if (msg->port.target_devid_len != 0) {
987		if (port->target_devid == NULL ||
988		    port->target_devid->len != msg->port.target_devid_len) {
989			free(port->target_devid, M_CTL);
990			port->target_devid = malloc(sizeof(struct ctl_devid) +
991			    msg->port.target_devid_len, M_CTL, M_WAITOK);
992		}
993		memcpy(port->target_devid->data, &msg->port.data[i],
994		    msg->port.target_devid_len);
995		port->target_devid->len = msg->port.target_devid_len;
996		i += msg->port.target_devid_len;
997	} else {
998		free(port->target_devid, M_CTL);
999		port->target_devid = NULL;
1000	}
1001	if (msg->port.init_devid_len != 0) {
1002		if (port->init_devid == NULL ||
1003		    port->init_devid->len != msg->port.init_devid_len) {
1004			free(port->init_devid, M_CTL);
1005			port->init_devid = malloc(sizeof(struct ctl_devid) +
1006			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1007		}
1008		memcpy(port->init_devid->data, &msg->port.data[i],
1009		    msg->port.init_devid_len);
1010		port->init_devid->len = msg->port.init_devid_len;
1011		i += msg->port.init_devid_len;
1012	} else {
1013		free(port->init_devid, M_CTL);
1014		port->init_devid = NULL;
1015	}
1016	if (new) {
1017		if (ctl_port_register(port) != 0) {
1018			printf("%s: ctl_port_register() failed with error\n",
1019			    __func__);
1020		}
1021	}
1022	mtx_lock(&softc->ctl_lock);
1023	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1024		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1025			continue;
1026		mtx_lock(&lun->lun_lock);
1027		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1028		mtx_unlock(&lun->lun_lock);
1029	}
1030	mtx_unlock(&softc->ctl_lock);
1031}
1032
1033static void
1034ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1035{
1036	struct ctl_port *port;
1037	int iid;
1038
1039	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1040	if (port == NULL) {
1041		printf("%s: Received IID for unknown port %d\n",
1042		    __func__, msg->hdr.nexus.targ_port);
1043		return;
1044	}
1045	iid = msg->hdr.nexus.initid;
1046	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1047	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1048	free(port->wwpn_iid[iid].name, M_CTL);
1049	if (msg->iid.name_len) {
1050		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1051		    msg->iid.name_len, M_CTL);
1052	} else
1053		port->wwpn_iid[iid].name = NULL;
1054}
1055
1056static void
1057ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1058{
1059
1060	if (msg->login.version != CTL_HA_VERSION) {
1061		printf("CTL HA peers have different versions %d != %d\n",
1062		    msg->login.version, CTL_HA_VERSION);
1063		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1064		return;
1065	}
1066	if (msg->login.ha_mode != softc->ha_mode) {
1067		printf("CTL HA peers have different ha_mode %d != %d\n",
1068		    msg->login.ha_mode, softc->ha_mode);
1069		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1070		return;
1071	}
1072	if (msg->login.ha_id == softc->ha_id) {
1073		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1074		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1075		return;
1076	}
1077	if (msg->login.max_luns != CTL_MAX_LUNS ||
1078	    msg->login.max_ports != CTL_MAX_PORTS ||
1079	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1080		printf("CTL HA peers have different limits\n");
1081		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1082		return;
1083	}
1084}
1085
1086static void
1087ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1088{
1089	struct ctl_lun *lun;
1090	int i;
1091	uint32_t initidx, targ_lun;
1092
1093	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1094	mtx_lock(&softc->ctl_lock);
1095	if ((targ_lun >= CTL_MAX_LUNS) ||
1096	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1097		mtx_unlock(&softc->ctl_lock);
1098		return;
1099	}
1100	mtx_lock(&lun->lun_lock);
1101	mtx_unlock(&softc->ctl_lock);
1102	if (lun->flags & CTL_LUN_DISABLED) {
1103		mtx_unlock(&lun->lun_lock);
1104		return;
1105	}
1106	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1107		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1108		    msg->mode.page_code &&
1109		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1110			break;
1111	}
1112	if (i == CTL_NUM_MODE_PAGES) {
1113		mtx_unlock(&lun->lun_lock);
1114		return;
1115	}
1116	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1117	    lun->mode_pages.index[i].page_len);
1118	initidx = ctl_get_initindex(&msg->hdr.nexus);
1119	if (initidx != -1)
1120		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1121	mtx_unlock(&lun->lun_lock);
1122}
1123
1124/*
1125 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1126 * subsystem come in here.
1127 */
1128static void
1129ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1130{
1131	struct ctl_softc *softc;
1132	union ctl_io *io;
1133	struct ctl_prio *presio;
1134	ctl_ha_status isc_status;
1135
1136	softc = control_softc;
1137	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1138	if (event == CTL_HA_EVT_MSG_RECV) {
1139		union ctl_ha_msg *msg, msgbuf;
1140
1141		if (param > sizeof(msgbuf))
1142			msg = malloc(param, M_CTL, M_WAITOK);
1143		else
1144			msg = &msgbuf;
1145		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1146		    M_WAITOK);
1147		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1148			printf("%s: Error receiving message: %d\n",
1149			    __func__, isc_status);
1150			if (msg != &msgbuf)
1151				free(msg, M_CTL);
1152			return;
1153		}
1154
1155		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1156		switch (msg->hdr.msg_type) {
1157		case CTL_MSG_SERIALIZE:
1158			io = ctl_alloc_io(softc->othersc_pool);
1159			ctl_zero_io(io);
1160			// populate ctsio from msg
1161			io->io_hdr.io_type = CTL_IO_SCSI;
1162			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1163			io->io_hdr.original_sc = msg->hdr.original_sc;
1164			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1165					    CTL_FLAG_IO_ACTIVE;
1166			/*
1167			 * If we're in serialization-only mode, we don't
1168			 * want to go through full done processing.  Thus
1169			 * the COPY flag.
1170			 *
1171			 * XXX KDM add another flag that is more specific.
1172			 */
1173			if (softc->ha_mode != CTL_HA_MODE_XFER)
1174				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1175			io->io_hdr.nexus = msg->hdr.nexus;
1176#if 0
1177			printf("port %u, iid %u, lun %u\n",
1178			       io->io_hdr.nexus.targ_port,
1179			       io->io_hdr.nexus.initid,
1180			       io->io_hdr.nexus.targ_lun);
1181#endif
1182			io->scsiio.tag_num = msg->scsi.tag_num;
1183			io->scsiio.tag_type = msg->scsi.tag_type;
1184#ifdef CTL_TIME_IO
1185			io->io_hdr.start_time = time_uptime;
1186			getbintime(&io->io_hdr.start_bt);
1187#endif /* CTL_TIME_IO */
1188			io->scsiio.cdb_len = msg->scsi.cdb_len;
1189			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1190			       CTL_MAX_CDBLEN);
1191			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1192				const struct ctl_cmd_entry *entry;
1193
1194				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1195				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1196				io->io_hdr.flags |=
1197					entry->flags & CTL_FLAG_DATA_MASK;
1198			}
1199			ctl_enqueue_isc(io);
1200			break;
1201
1202		/* Performed on the Originating SC, XFER mode only */
1203		case CTL_MSG_DATAMOVE: {
1204			struct ctl_sg_entry *sgl;
1205			int i, j;
1206
1207			io = msg->hdr.original_sc;
1208			if (io == NULL) {
1209				printf("%s: original_sc == NULL!\n", __func__);
1210				/* XXX KDM do something here */
1211				break;
1212			}
1213			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1214			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1215			/*
1216			 * Keep track of this, we need to send it back over
1217			 * when the datamove is complete.
1218			 */
1219			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1220			if (msg->hdr.status == CTL_SUCCESS)
1221				io->io_hdr.status = msg->hdr.status;
1222
1223			if (msg->dt.sg_sequence == 0) {
1224				i = msg->dt.kern_sg_entries +
1225				    msg->dt.kern_data_len /
1226				    CTL_HA_DATAMOVE_SEGMENT + 1;
1227				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1228				    M_WAITOK | M_ZERO);
1229				io->io_hdr.remote_sglist = sgl;
1230				io->io_hdr.local_sglist =
1231				    &sgl[msg->dt.kern_sg_entries];
1232
1233				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1234
1235				io->scsiio.kern_sg_entries =
1236					msg->dt.kern_sg_entries;
1237				io->scsiio.rem_sg_entries =
1238					msg->dt.kern_sg_entries;
1239				io->scsiio.kern_data_len =
1240					msg->dt.kern_data_len;
1241				io->scsiio.kern_total_len =
1242					msg->dt.kern_total_len;
1243				io->scsiio.kern_data_resid =
1244					msg->dt.kern_data_resid;
1245				io->scsiio.kern_rel_offset =
1246					msg->dt.kern_rel_offset;
1247				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1248				io->io_hdr.flags |= msg->dt.flags &
1249				    CTL_FLAG_BUS_ADDR;
1250			} else
1251				sgl = (struct ctl_sg_entry *)
1252					io->scsiio.kern_data_ptr;
1253
1254			for (i = msg->dt.sent_sg_entries, j = 0;
1255			     i < (msg->dt.sent_sg_entries +
1256			     msg->dt.cur_sg_entries); i++, j++) {
1257				sgl[i].addr = msg->dt.sg_list[j].addr;
1258				sgl[i].len = msg->dt.sg_list[j].len;
1259
1260#if 0
1261				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1262				    __func__, sgl[i].addr, sgl[i].len, j, i);
1263#endif
1264			}
1265
1266			/*
1267			 * If this is the last piece of the I/O, we've got
1268			 * the full S/G list.  Queue processing in the thread.
1269			 * Otherwise wait for the next piece.
1270			 */
1271			if (msg->dt.sg_last != 0)
1272				ctl_enqueue_isc(io);
1273			break;
1274		}
1275		/* Performed on the Serializing (primary) SC, XFER mode only */
1276		case CTL_MSG_DATAMOVE_DONE: {
1277			if (msg->hdr.serializing_sc == NULL) {
1278				printf("%s: serializing_sc == NULL!\n",
1279				       __func__);
1280				/* XXX KDM now what? */
1281				break;
1282			}
1283			/*
1284			 * We grab the sense information here in case
1285			 * there was a failure, so we can return status
1286			 * back to the initiator.
1287			 */
1288			io = msg->hdr.serializing_sc;
1289			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1290			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1291			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1292			io->io_hdr.port_status = msg->scsi.fetd_status;
1293			io->scsiio.residual = msg->scsi.residual;
1294			if (msg->hdr.status != CTL_STATUS_NONE) {
1295				io->io_hdr.status = msg->hdr.status;
1296				io->scsiio.scsi_status = msg->scsi.scsi_status;
1297				io->scsiio.sense_len = msg->scsi.sense_len;
1298				io->scsiio.sense_residual =msg->scsi.sense_residual;
1299				memcpy(&io->scsiio.sense_data,
1300				    &msg->scsi.sense_data,
1301				    msg->scsi.sense_len);
1302				if (msg->hdr.status == CTL_SUCCESS)
1303					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1304			}
1305			ctl_enqueue_isc(io);
1306			break;
1307		}
1308
1309		/* Preformed on Originating SC, SER_ONLY mode */
1310		case CTL_MSG_R2R:
1311			io = msg->hdr.original_sc;
1312			if (io == NULL) {
1313				printf("%s: original_sc == NULL!\n",
1314				    __func__);
1315				break;
1316			}
1317			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1318			io->io_hdr.msg_type = CTL_MSG_R2R;
1319			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1320			ctl_enqueue_isc(io);
1321			break;
1322
1323		/*
1324		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1325		 * mode.
1326		 * Performed on the Originating (i.e. secondary) SC in XFER
1327		 * mode
1328		 */
1329		case CTL_MSG_FINISH_IO:
1330			if (softc->ha_mode == CTL_HA_MODE_XFER)
1331				ctl_isc_handler_finish_xfer(softc, msg);
1332			else
1333				ctl_isc_handler_finish_ser_only(softc, msg);
1334			break;
1335
1336		/* Preformed on Originating SC */
1337		case CTL_MSG_BAD_JUJU:
1338			io = msg->hdr.original_sc;
1339			if (io == NULL) {
1340				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1341				       __func__);
1342				break;
1343			}
1344			ctl_copy_sense_data(msg, io);
1345			/*
1346			 * IO should have already been cleaned up on other
1347			 * SC so clear this flag so we won't send a message
1348			 * back to finish the IO there.
1349			 */
1350			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1351			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1352
1353			/* io = msg->hdr.serializing_sc; */
1354			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1355			ctl_enqueue_isc(io);
1356			break;
1357
1358		/* Handle resets sent from the other side */
1359		case CTL_MSG_MANAGE_TASKS: {
1360			struct ctl_taskio *taskio;
1361			taskio = (struct ctl_taskio *)ctl_alloc_io(
1362			    softc->othersc_pool);
1363			ctl_zero_io((union ctl_io *)taskio);
1364			taskio->io_hdr.io_type = CTL_IO_TASK;
1365			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1366			taskio->io_hdr.nexus = msg->hdr.nexus;
1367			taskio->task_action = msg->task.task_action;
1368			taskio->tag_num = msg->task.tag_num;
1369			taskio->tag_type = msg->task.tag_type;
1370#ifdef CTL_TIME_IO
1371			taskio->io_hdr.start_time = time_uptime;
1372			getbintime(&taskio->io_hdr.start_bt);
1373#endif /* CTL_TIME_IO */
1374			ctl_run_task((union ctl_io *)taskio);
1375			break;
1376		}
1377		/* Persistent Reserve action which needs attention */
1378		case CTL_MSG_PERS_ACTION:
1379			presio = (struct ctl_prio *)ctl_alloc_io(
1380			    softc->othersc_pool);
1381			ctl_zero_io((union ctl_io *)presio);
1382			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1383			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1384			presio->io_hdr.nexus = msg->hdr.nexus;
1385			presio->pr_msg = msg->pr;
1386			ctl_enqueue_isc((union ctl_io *)presio);
1387			break;
1388		case CTL_MSG_UA:
1389			ctl_isc_ua(softc, msg, param);
1390			break;
1391		case CTL_MSG_PORT_SYNC:
1392			ctl_isc_port_sync(softc, msg, param);
1393			break;
1394		case CTL_MSG_LUN_SYNC:
1395			ctl_isc_lun_sync(softc, msg, param);
1396			break;
1397		case CTL_MSG_IID_SYNC:
1398			ctl_isc_iid_sync(softc, msg, param);
1399			break;
1400		case CTL_MSG_LOGIN:
1401			ctl_isc_login(softc, msg, param);
1402			break;
1403		case CTL_MSG_MODE_SYNC:
1404			ctl_isc_mode_sync(softc, msg, param);
1405			break;
1406		default:
1407			printf("Received HA message of unknown type %d\n",
1408			    msg->hdr.msg_type);
1409			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1410			break;
1411		}
1412		if (msg != &msgbuf)
1413			free(msg, M_CTL);
1414	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1415		printf("CTL: HA link status changed from %d to %d\n",
1416		    softc->ha_link, param);
1417		if (param == softc->ha_link)
1418			return;
1419		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1420			softc->ha_link = param;
1421			ctl_isc_ha_link_down(softc);
1422		} else {
1423			softc->ha_link = param;
1424			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1425				ctl_isc_ha_link_up(softc);
1426		}
1427		return;
1428	} else {
1429		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1430		return;
1431	}
1432}
1433
1434static void
1435ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1436{
1437
1438	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1439	    src->scsi.sense_len);
1440	dest->scsiio.scsi_status = src->scsi.scsi_status;
1441	dest->scsiio.sense_len = src->scsi.sense_len;
1442	dest->io_hdr.status = src->hdr.status;
1443}
1444
1445static void
1446ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1447{
1448
1449	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1450	    src->scsiio.sense_len);
1451	dest->scsi.scsi_status = src->scsiio.scsi_status;
1452	dest->scsi.sense_len = src->scsiio.sense_len;
1453	dest->hdr.status = src->io_hdr.status;
1454}
1455
1456void
1457ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1458{
1459	struct ctl_softc *softc = lun->ctl_softc;
1460	ctl_ua_type *pu;
1461
1462	if (initidx < softc->init_min || initidx >= softc->init_max)
1463		return;
1464	mtx_assert(&lun->lun_lock, MA_OWNED);
1465	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1466	if (pu == NULL)
1467		return;
1468	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1469}
1470
1471void
1472ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1473{
1474	int i;
1475
1476	mtx_assert(&lun->lun_lock, MA_OWNED);
1477	if (lun->pending_ua[port] == NULL)
1478		return;
1479	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1480		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1481			continue;
1482		lun->pending_ua[port][i] |= ua;
1483	}
1484}
1485
1486void
1487ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1488{
1489	struct ctl_softc *softc = lun->ctl_softc;
1490	int i;
1491
1492	mtx_assert(&lun->lun_lock, MA_OWNED);
1493	for (i = softc->port_min; i < softc->port_max; i++)
1494		ctl_est_ua_port(lun, i, except, ua);
1495}
1496
1497void
1498ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1499{
1500	struct ctl_softc *softc = lun->ctl_softc;
1501	ctl_ua_type *pu;
1502
1503	if (initidx < softc->init_min || initidx >= softc->init_max)
1504		return;
1505	mtx_assert(&lun->lun_lock, MA_OWNED);
1506	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1507	if (pu == NULL)
1508		return;
1509	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1510}
1511
1512void
1513ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1514{
1515	struct ctl_softc *softc = lun->ctl_softc;
1516	int i, j;
1517
1518	mtx_assert(&lun->lun_lock, MA_OWNED);
1519	for (i = softc->port_min; i < softc->port_max; i++) {
1520		if (lun->pending_ua[i] == NULL)
1521			continue;
1522		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1523			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1524				continue;
1525			lun->pending_ua[i][j] &= ~ua;
1526		}
1527	}
1528}
1529
1530void
1531ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1532    ctl_ua_type ua_type)
1533{
1534	struct ctl_lun *lun;
1535
1536	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1537	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1538		mtx_lock(&lun->lun_lock);
1539		ctl_clr_ua(lun, initidx, ua_type);
1540		mtx_unlock(&lun->lun_lock);
1541	}
1542}
1543
1544static int
1545ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1546{
1547	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1548	struct ctl_lun *lun;
1549	struct ctl_lun_req ireq;
1550	int error, value;
1551
1552	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1553	error = sysctl_handle_int(oidp, &value, 0, req);
1554	if ((error != 0) || (req->newptr == NULL))
1555		return (error);
1556
1557	mtx_lock(&softc->ctl_lock);
1558	if (value == 0)
1559		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1560	else
1561		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1562	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1563		mtx_unlock(&softc->ctl_lock);
1564		bzero(&ireq, sizeof(ireq));
1565		ireq.reqtype = CTL_LUNREQ_MODIFY;
1566		ireq.reqdata.modify.lun_id = lun->lun;
1567		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1568		    curthread);
1569		if (ireq.status != CTL_LUN_OK) {
1570			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1571			    __func__, ireq.status, ireq.error_str);
1572		}
1573		mtx_lock(&softc->ctl_lock);
1574	}
1575	mtx_unlock(&softc->ctl_lock);
1576	return (0);
1577}
1578
1579static int
1580ctl_init(void)
1581{
1582	struct ctl_softc *softc;
1583	void *other_pool;
1584	int i, error, retval;
1585
1586	retval = 0;
1587	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1588			       M_WAITOK | M_ZERO);
1589	softc = control_softc;
1590
1591	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1592			      "cam/ctl");
1593
1594	softc->dev->si_drv1 = softc;
1595
1596	sysctl_ctx_init(&softc->sysctl_ctx);
1597	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1598		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1599		CTLFLAG_RD, 0, "CAM Target Layer");
1600
1601	if (softc->sysctl_tree == NULL) {
1602		printf("%s: unable to allocate sysctl tree\n", __func__);
1603		destroy_dev(softc->dev);
1604		free(control_softc, M_DEVBUF);
1605		control_softc = NULL;
1606		return (ENOMEM);
1607	}
1608
1609	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1610	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1611	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1612	softc->open_count = 0;
1613
1614	/*
1615	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1616	 * the drive.
1617	 */
1618	softc->flags = CTL_FLAG_REAL_SYNC;
1619
1620	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1621	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1622	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1623
1624	/*
1625	 * In Copan's HA scheme, the "master" and "slave" roles are
1626	 * figured out through the slot the controller is in.  Although it
1627	 * is an active/active system, someone has to be in charge.
1628	 */
1629	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1630	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1631	    "HA head ID (0 - no HA)");
1632	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1633		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1634		softc->is_single = 1;
1635		softc->port_cnt = CTL_MAX_PORTS;
1636		softc->port_min = 0;
1637	} else {
1638		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1639		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1640	}
1641	softc->port_max = softc->port_min + softc->port_cnt;
1642	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1643	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1644
1645	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1646	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1647	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1648
1649	STAILQ_INIT(&softc->lun_list);
1650	STAILQ_INIT(&softc->pending_lun_queue);
1651	STAILQ_INIT(&softc->fe_list);
1652	STAILQ_INIT(&softc->port_list);
1653	STAILQ_INIT(&softc->be_list);
1654	ctl_tpc_init(softc);
1655
1656	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1657	                    &other_pool) != 0)
1658	{
1659		printf("ctl: can't allocate %d entry other SC pool, "
1660		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1661		return (ENOMEM);
1662	}
1663	softc->othersc_pool = other_pool;
1664
1665	if (worker_threads <= 0)
1666		worker_threads = max(1, mp_ncpus / 4);
1667	if (worker_threads > CTL_MAX_THREADS)
1668		worker_threads = CTL_MAX_THREADS;
1669
1670	for (i = 0; i < worker_threads; i++) {
1671		struct ctl_thread *thr = &softc->threads[i];
1672
1673		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1674		thr->ctl_softc = softc;
1675		STAILQ_INIT(&thr->incoming_queue);
1676		STAILQ_INIT(&thr->rtr_queue);
1677		STAILQ_INIT(&thr->done_queue);
1678		STAILQ_INIT(&thr->isc_queue);
1679
1680		error = kproc_kthread_add(ctl_work_thread, thr,
1681		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1682		if (error != 0) {
1683			printf("error creating CTL work thread!\n");
1684			ctl_pool_free(other_pool);
1685			return (error);
1686		}
1687	}
1688	error = kproc_kthread_add(ctl_lun_thread, softc,
1689	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1690	if (error != 0) {
1691		printf("error creating CTL lun thread!\n");
1692		ctl_pool_free(other_pool);
1693		return (error);
1694	}
1695	error = kproc_kthread_add(ctl_thresh_thread, softc,
1696	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1697	if (error != 0) {
1698		printf("error creating CTL threshold thread!\n");
1699		ctl_pool_free(other_pool);
1700		return (error);
1701	}
1702
1703	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1704	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1705	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1706
1707	if (softc->is_single == 0) {
1708		ctl_frontend_register(&ha_frontend);
1709		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1710			printf("ctl_init: ctl_ha_msg_init failed.\n");
1711			softc->is_single = 1;
1712		} else
1713		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1714		    != CTL_HA_STATUS_SUCCESS) {
1715			printf("ctl_init: ctl_ha_msg_register failed.\n");
1716			softc->is_single = 1;
1717		}
1718	}
1719	return (0);
1720}
1721
1722void
1723ctl_shutdown(void)
1724{
1725	struct ctl_softc *softc;
1726	struct ctl_lun *lun, *next_lun;
1727
1728	softc = (struct ctl_softc *)control_softc;
1729
1730	if (softc->is_single == 0) {
1731		ctl_ha_msg_shutdown(softc);
1732		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1733		    != CTL_HA_STATUS_SUCCESS)
1734			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1735		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1736			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1737		ctl_frontend_deregister(&ha_frontend);
1738	}
1739
1740	mtx_lock(&softc->ctl_lock);
1741
1742	/*
1743	 * Free up each LUN.
1744	 */
1745	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1746		next_lun = STAILQ_NEXT(lun, links);
1747		ctl_free_lun(lun);
1748	}
1749
1750	mtx_unlock(&softc->ctl_lock);
1751
1752#if 0
1753	ctl_shutdown_thread(softc->work_thread);
1754	mtx_destroy(&softc->queue_lock);
1755#endif
1756
1757	ctl_tpc_shutdown(softc);
1758	uma_zdestroy(softc->io_zone);
1759	mtx_destroy(&softc->ctl_lock);
1760
1761	destroy_dev(softc->dev);
1762
1763	sysctl_ctx_free(&softc->sysctl_ctx);
1764
1765	free(control_softc, M_DEVBUF);
1766	control_softc = NULL;
1767}
1768
1769static int
1770ctl_module_event_handler(module_t mod, int what, void *arg)
1771{
1772
1773	switch (what) {
1774	case MOD_LOAD:
1775		return (ctl_init());
1776	case MOD_UNLOAD:
1777		return (EBUSY);
1778	default:
1779		return (EOPNOTSUPP);
1780	}
1781}
1782
1783/*
1784 * XXX KDM should we do some access checks here?  Bump a reference count to
1785 * prevent a CTL module from being unloaded while someone has it open?
1786 */
1787static int
1788ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1789{
1790	return (0);
1791}
1792
1793static int
1794ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1795{
1796	return (0);
1797}
1798
1799/*
1800 * Remove an initiator by port number and initiator ID.
1801 * Returns 0 for success, -1 for failure.
1802 */
1803int
1804ctl_remove_initiator(struct ctl_port *port, int iid)
1805{
1806	struct ctl_softc *softc = control_softc;
1807
1808	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1809
1810	if (iid > CTL_MAX_INIT_PER_PORT) {
1811		printf("%s: initiator ID %u > maximun %u!\n",
1812		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1813		return (-1);
1814	}
1815
1816	mtx_lock(&softc->ctl_lock);
1817	port->wwpn_iid[iid].in_use--;
1818	port->wwpn_iid[iid].last_use = time_uptime;
1819	mtx_unlock(&softc->ctl_lock);
1820	ctl_isc_announce_iid(port, iid);
1821
1822	return (0);
1823}
1824
1825/*
1826 * Add an initiator to the initiator map.
1827 * Returns iid for success, < 0 for failure.
1828 */
1829int
1830ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1831{
1832	struct ctl_softc *softc = control_softc;
1833	time_t best_time;
1834	int i, best;
1835
1836	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1837
1838	if (iid >= CTL_MAX_INIT_PER_PORT) {
1839		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1840		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1841		free(name, M_CTL);
1842		return (-1);
1843	}
1844
1845	mtx_lock(&softc->ctl_lock);
1846
1847	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1848		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1849			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1850				iid = i;
1851				break;
1852			}
1853			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1854			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1855				iid = i;
1856				break;
1857			}
1858		}
1859	}
1860
1861	if (iid < 0) {
1862		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1863			if (port->wwpn_iid[i].in_use == 0 &&
1864			    port->wwpn_iid[i].wwpn == 0 &&
1865			    port->wwpn_iid[i].name == NULL) {
1866				iid = i;
1867				break;
1868			}
1869		}
1870	}
1871
1872	if (iid < 0) {
1873		best = -1;
1874		best_time = INT32_MAX;
1875		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1876			if (port->wwpn_iid[i].in_use == 0) {
1877				if (port->wwpn_iid[i].last_use < best_time) {
1878					best = i;
1879					best_time = port->wwpn_iid[i].last_use;
1880				}
1881			}
1882		}
1883		iid = best;
1884	}
1885
1886	if (iid < 0) {
1887		mtx_unlock(&softc->ctl_lock);
1888		free(name, M_CTL);
1889		return (-2);
1890	}
1891
1892	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1893		/*
1894		 * This is not an error yet.
1895		 */
1896		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1897#if 0
1898			printf("%s: port %d iid %u WWPN %#jx arrived"
1899			    " again\n", __func__, port->targ_port,
1900			    iid, (uintmax_t)wwpn);
1901#endif
1902			goto take;
1903		}
1904		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1905		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1906#if 0
1907			printf("%s: port %d iid %u name '%s' arrived"
1908			    " again\n", __func__, port->targ_port,
1909			    iid, name);
1910#endif
1911			goto take;
1912		}
1913
1914		/*
1915		 * This is an error, but what do we do about it?  The
1916		 * driver is telling us we have a new WWPN for this
1917		 * initiator ID, so we pretty much need to use it.
1918		 */
1919		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1920		    " but WWPN %#jx '%s' is still at that address\n",
1921		    __func__, port->targ_port, iid, wwpn, name,
1922		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1923		    port->wwpn_iid[iid].name);
1924
1925		/*
1926		 * XXX KDM clear have_ca and ua_pending on each LUN for
1927		 * this initiator.
1928		 */
1929	}
1930take:
1931	free(port->wwpn_iid[iid].name, M_CTL);
1932	port->wwpn_iid[iid].name = name;
1933	port->wwpn_iid[iid].wwpn = wwpn;
1934	port->wwpn_iid[iid].in_use++;
1935	mtx_unlock(&softc->ctl_lock);
1936	ctl_isc_announce_iid(port, iid);
1937
1938	return (iid);
1939}
1940
1941static int
1942ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1943{
1944	int len;
1945
1946	switch (port->port_type) {
1947	case CTL_PORT_FC:
1948	{
1949		struct scsi_transportid_fcp *id =
1950		    (struct scsi_transportid_fcp *)buf;
1951		if (port->wwpn_iid[iid].wwpn == 0)
1952			return (0);
1953		memset(id, 0, sizeof(*id));
1954		id->format_protocol = SCSI_PROTO_FC;
1955		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1956		return (sizeof(*id));
1957	}
1958	case CTL_PORT_ISCSI:
1959	{
1960		struct scsi_transportid_iscsi_port *id =
1961		    (struct scsi_transportid_iscsi_port *)buf;
1962		if (port->wwpn_iid[iid].name == NULL)
1963			return (0);
1964		memset(id, 0, 256);
1965		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1966		    SCSI_PROTO_ISCSI;
1967		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1968		len = roundup2(min(len, 252), 4);
1969		scsi_ulto2b(len, id->additional_length);
1970		return (sizeof(*id) + len);
1971	}
1972	case CTL_PORT_SAS:
1973	{
1974		struct scsi_transportid_sas *id =
1975		    (struct scsi_transportid_sas *)buf;
1976		if (port->wwpn_iid[iid].wwpn == 0)
1977			return (0);
1978		memset(id, 0, sizeof(*id));
1979		id->format_protocol = SCSI_PROTO_SAS;
1980		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1981		return (sizeof(*id));
1982	}
1983	default:
1984	{
1985		struct scsi_transportid_spi *id =
1986		    (struct scsi_transportid_spi *)buf;
1987		memset(id, 0, sizeof(*id));
1988		id->format_protocol = SCSI_PROTO_SPI;
1989		scsi_ulto2b(iid, id->scsi_addr);
1990		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1991		return (sizeof(*id));
1992	}
1993	}
1994}
1995
1996/*
1997 * Serialize a command that went down the "wrong" side, and so was sent to
1998 * this controller for execution.  The logic is a little different than the
1999 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2000 * sent back to the other side, but in the success case, we execute the
2001 * command on this side (XFER mode) or tell the other side to execute it
2002 * (SER_ONLY mode).
2003 */
2004static int
2005ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2006{
2007	struct ctl_softc *softc;
2008	union ctl_ha_msg msg_info;
2009	struct ctl_lun *lun;
2010	const struct ctl_cmd_entry *entry;
2011	int retval = 0;
2012	uint32_t targ_lun;
2013
2014	softc = control_softc;
2015
2016	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2017	mtx_lock(&softc->ctl_lock);
2018	if ((targ_lun < CTL_MAX_LUNS) &&
2019	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2020		mtx_lock(&lun->lun_lock);
2021		mtx_unlock(&softc->ctl_lock);
2022		/*
2023		 * If the LUN is invalid, pretend that it doesn't exist.
2024		 * It will go away as soon as all pending I/O has been
2025		 * completed.
2026		 */
2027		if (lun->flags & CTL_LUN_DISABLED) {
2028			mtx_unlock(&lun->lun_lock);
2029			lun = NULL;
2030		}
2031	} else {
2032		mtx_unlock(&softc->ctl_lock);
2033		lun = NULL;
2034	}
2035	if (lun == NULL) {
2036		/*
2037		 * The other node would not send this request to us unless
2038		 * received announce that we are primary node for this LUN.
2039		 * If this LUN does not exist now, it is probably result of
2040		 * a race, so respond to initiator in the most opaque way.
2041		 */
2042		ctl_set_busy(ctsio);
2043		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2044		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2045		msg_info.hdr.serializing_sc = NULL;
2046		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2047		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2048		    sizeof(msg_info.scsi), M_WAITOK);
2049		return(1);
2050	}
2051
2052	entry = ctl_get_cmd_entry(ctsio, NULL);
2053	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2054		mtx_unlock(&lun->lun_lock);
2055		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2056		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2057		msg_info.hdr.serializing_sc = NULL;
2058		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2059		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2060		    sizeof(msg_info.scsi), M_WAITOK);
2061		return(1);
2062	}
2063
2064	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2065	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2066
2067	/*
2068	 * Every I/O goes into the OOA queue for a
2069	 * particular LUN, and stays there until completion.
2070	 */
2071#ifdef CTL_TIME_IO
2072	if (TAILQ_EMPTY(&lun->ooa_queue))
2073		lun->idle_time += getsbinuptime() - lun->last_busy;
2074#endif
2075	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2076
2077	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2078		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2079		 ooa_links))) {
2080	case CTL_ACTION_BLOCK:
2081		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2082		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2083				  blocked_links);
2084		mtx_unlock(&lun->lun_lock);
2085		break;
2086	case CTL_ACTION_PASS:
2087	case CTL_ACTION_SKIP:
2088		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2089			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2090			ctl_enqueue_rtr((union ctl_io *)ctsio);
2091			mtx_unlock(&lun->lun_lock);
2092		} else {
2093			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2094			mtx_unlock(&lun->lun_lock);
2095
2096			/* send msg back to other side */
2097			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2098			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2099			msg_info.hdr.msg_type = CTL_MSG_R2R;
2100			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2101			    sizeof(msg_info.hdr), M_WAITOK);
2102		}
2103		break;
2104	case CTL_ACTION_OVERLAP:
2105		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2106		mtx_unlock(&lun->lun_lock);
2107		retval = 1;
2108
2109		ctl_set_overlapped_cmd(ctsio);
2110		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2111		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2112		msg_info.hdr.serializing_sc = NULL;
2113		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2114		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2115		    sizeof(msg_info.scsi), M_WAITOK);
2116		break;
2117	case CTL_ACTION_OVERLAP_TAG:
2118		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2119		mtx_unlock(&lun->lun_lock);
2120		retval = 1;
2121		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2122		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2123		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2124		msg_info.hdr.serializing_sc = NULL;
2125		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2126		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2127		    sizeof(msg_info.scsi), M_WAITOK);
2128		break;
2129	case CTL_ACTION_ERROR:
2130	default:
2131		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2132		mtx_unlock(&lun->lun_lock);
2133		retval = 1;
2134
2135		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2136					 /*retry_count*/ 0);
2137		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2138		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2139		msg_info.hdr.serializing_sc = NULL;
2140		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2141		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2142		    sizeof(msg_info.scsi), M_WAITOK);
2143		break;
2144	}
2145	return (retval);
2146}
2147
2148/*
2149 * Returns 0 for success, errno for failure.
2150 */
2151static int
2152ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2153		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2154{
2155	union ctl_io *io;
2156	int retval;
2157
2158	retval = 0;
2159
2160	mtx_lock(&lun->lun_lock);
2161	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2162	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2163	     ooa_links)) {
2164		struct ctl_ooa_entry *entry;
2165
2166		/*
2167		 * If we've got more than we can fit, just count the
2168		 * remaining entries.
2169		 */
2170		if (*cur_fill_num >= ooa_hdr->alloc_num)
2171			continue;
2172
2173		entry = &kern_entries[*cur_fill_num];
2174
2175		entry->tag_num = io->scsiio.tag_num;
2176		entry->lun_num = lun->lun;
2177#ifdef CTL_TIME_IO
2178		entry->start_bt = io->io_hdr.start_bt;
2179#endif
2180		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2181		entry->cdb_len = io->scsiio.cdb_len;
2182		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2183			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2184
2185		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2186			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2187
2188		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2189			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2190
2191		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2192			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2193
2194		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2195			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2196	}
2197	mtx_unlock(&lun->lun_lock);
2198
2199	return (retval);
2200}
2201
2202static void *
2203ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2204		 size_t error_str_len)
2205{
2206	void *kptr;
2207
2208	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2209
2210	if (copyin(user_addr, kptr, len) != 0) {
2211		snprintf(error_str, error_str_len, "Error copying %d bytes "
2212			 "from user address %p to kernel address %p", len,
2213			 user_addr, kptr);
2214		free(kptr, M_CTL);
2215		return (NULL);
2216	}
2217
2218	return (kptr);
2219}
2220
2221static void
2222ctl_free_args(int num_args, struct ctl_be_arg *args)
2223{
2224	int i;
2225
2226	if (args == NULL)
2227		return;
2228
2229	for (i = 0; i < num_args; i++) {
2230		free(args[i].kname, M_CTL);
2231		free(args[i].kvalue, M_CTL);
2232	}
2233
2234	free(args, M_CTL);
2235}
2236
2237static struct ctl_be_arg *
2238ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2239		char *error_str, size_t error_str_len)
2240{
2241	struct ctl_be_arg *args;
2242	int i;
2243
2244	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2245				error_str, error_str_len);
2246
2247	if (args == NULL)
2248		goto bailout;
2249
2250	for (i = 0; i < num_args; i++) {
2251		args[i].kname = NULL;
2252		args[i].kvalue = NULL;
2253	}
2254
2255	for (i = 0; i < num_args; i++) {
2256		uint8_t *tmpptr;
2257
2258		args[i].kname = ctl_copyin_alloc(args[i].name,
2259			args[i].namelen, error_str, error_str_len);
2260		if (args[i].kname == NULL)
2261			goto bailout;
2262
2263		if (args[i].kname[args[i].namelen - 1] != '\0') {
2264			snprintf(error_str, error_str_len, "Argument %d "
2265				 "name is not NUL-terminated", i);
2266			goto bailout;
2267		}
2268
2269		if (args[i].flags & CTL_BEARG_RD) {
2270			tmpptr = ctl_copyin_alloc(args[i].value,
2271				args[i].vallen, error_str, error_str_len);
2272			if (tmpptr == NULL)
2273				goto bailout;
2274			if ((args[i].flags & CTL_BEARG_ASCII)
2275			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2276				snprintf(error_str, error_str_len, "Argument "
2277				    "%d value is not NUL-terminated", i);
2278				goto bailout;
2279			}
2280			args[i].kvalue = tmpptr;
2281		} else {
2282			args[i].kvalue = malloc(args[i].vallen,
2283			    M_CTL, M_WAITOK | M_ZERO);
2284		}
2285	}
2286
2287	return (args);
2288bailout:
2289
2290	ctl_free_args(num_args, args);
2291
2292	return (NULL);
2293}
2294
2295static void
2296ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2297{
2298	int i;
2299
2300	for (i = 0; i < num_args; i++) {
2301		if (args[i].flags & CTL_BEARG_WR)
2302			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2303	}
2304}
2305
2306/*
2307 * Escape characters that are illegal or not recommended in XML.
2308 */
2309int
2310ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2311{
2312	char *end = str + size;
2313	int retval;
2314
2315	retval = 0;
2316
2317	for (; *str && str < end; str++) {
2318		switch (*str) {
2319		case '&':
2320			retval = sbuf_printf(sb, "&amp;");
2321			break;
2322		case '>':
2323			retval = sbuf_printf(sb, "&gt;");
2324			break;
2325		case '<':
2326			retval = sbuf_printf(sb, "&lt;");
2327			break;
2328		default:
2329			retval = sbuf_putc(sb, *str);
2330			break;
2331		}
2332
2333		if (retval != 0)
2334			break;
2335
2336	}
2337
2338	return (retval);
2339}
2340
2341static void
2342ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2343{
2344	struct scsi_vpd_id_descriptor *desc;
2345	int i;
2346
2347	if (id == NULL || id->len < 4)
2348		return;
2349	desc = (struct scsi_vpd_id_descriptor *)id->data;
2350	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2351	case SVPD_ID_TYPE_T10:
2352		sbuf_printf(sb, "t10.");
2353		break;
2354	case SVPD_ID_TYPE_EUI64:
2355		sbuf_printf(sb, "eui.");
2356		break;
2357	case SVPD_ID_TYPE_NAA:
2358		sbuf_printf(sb, "naa.");
2359		break;
2360	case SVPD_ID_TYPE_SCSI_NAME:
2361		break;
2362	}
2363	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2364	case SVPD_ID_CODESET_BINARY:
2365		for (i = 0; i < desc->length; i++)
2366			sbuf_printf(sb, "%02x", desc->identifier[i]);
2367		break;
2368	case SVPD_ID_CODESET_ASCII:
2369		sbuf_printf(sb, "%.*s", (int)desc->length,
2370		    (char *)desc->identifier);
2371		break;
2372	case SVPD_ID_CODESET_UTF8:
2373		sbuf_printf(sb, "%s", (char *)desc->identifier);
2374		break;
2375	}
2376}
2377
2378static int
2379ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2380	  struct thread *td)
2381{
2382	struct ctl_softc *softc;
2383	struct ctl_lun *lun;
2384	int retval;
2385
2386	softc = control_softc;
2387
2388	retval = 0;
2389
2390	switch (cmd) {
2391	case CTL_IO:
2392		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2393		break;
2394	case CTL_ENABLE_PORT:
2395	case CTL_DISABLE_PORT:
2396	case CTL_SET_PORT_WWNS: {
2397		struct ctl_port *port;
2398		struct ctl_port_entry *entry;
2399
2400		entry = (struct ctl_port_entry *)addr;
2401
2402		mtx_lock(&softc->ctl_lock);
2403		STAILQ_FOREACH(port, &softc->port_list, links) {
2404			int action, done;
2405
2406			if (port->targ_port < softc->port_min ||
2407			    port->targ_port >= softc->port_max)
2408				continue;
2409
2410			action = 0;
2411			done = 0;
2412			if ((entry->port_type == CTL_PORT_NONE)
2413			 && (entry->targ_port == port->targ_port)) {
2414				/*
2415				 * If the user only wants to enable or
2416				 * disable or set WWNs on a specific port,
2417				 * do the operation and we're done.
2418				 */
2419				action = 1;
2420				done = 1;
2421			} else if (entry->port_type & port->port_type) {
2422				/*
2423				 * Compare the user's type mask with the
2424				 * particular frontend type to see if we
2425				 * have a match.
2426				 */
2427				action = 1;
2428				done = 0;
2429
2430				/*
2431				 * Make sure the user isn't trying to set
2432				 * WWNs on multiple ports at the same time.
2433				 */
2434				if (cmd == CTL_SET_PORT_WWNS) {
2435					printf("%s: Can't set WWNs on "
2436					       "multiple ports\n", __func__);
2437					retval = EINVAL;
2438					break;
2439				}
2440			}
2441			if (action == 0)
2442				continue;
2443
2444			/*
2445			 * XXX KDM we have to drop the lock here, because
2446			 * the online/offline operations can potentially
2447			 * block.  We need to reference count the frontends
2448			 * so they can't go away,
2449			 */
2450			if (cmd == CTL_ENABLE_PORT) {
2451				mtx_unlock(&softc->ctl_lock);
2452				ctl_port_online(port);
2453				mtx_lock(&softc->ctl_lock);
2454			} else if (cmd == CTL_DISABLE_PORT) {
2455				mtx_unlock(&softc->ctl_lock);
2456				ctl_port_offline(port);
2457				mtx_lock(&softc->ctl_lock);
2458			} else if (cmd == CTL_SET_PORT_WWNS) {
2459				ctl_port_set_wwns(port,
2460				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2461				    1 : 0, entry->wwnn,
2462				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2463				    1 : 0, entry->wwpn);
2464			}
2465			if (done != 0)
2466				break;
2467		}
2468		mtx_unlock(&softc->ctl_lock);
2469		break;
2470	}
2471	case CTL_GET_PORT_LIST: {
2472		struct ctl_port *port;
2473		struct ctl_port_list *list;
2474		int i;
2475
2476		list = (struct ctl_port_list *)addr;
2477
2478		if (list->alloc_len != (list->alloc_num *
2479		    sizeof(struct ctl_port_entry))) {
2480			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2481			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2482			       "%zu\n", __func__, list->alloc_len,
2483			       list->alloc_num, sizeof(struct ctl_port_entry));
2484			retval = EINVAL;
2485			break;
2486		}
2487		list->fill_len = 0;
2488		list->fill_num = 0;
2489		list->dropped_num = 0;
2490		i = 0;
2491		mtx_lock(&softc->ctl_lock);
2492		STAILQ_FOREACH(port, &softc->port_list, links) {
2493			struct ctl_port_entry entry, *list_entry;
2494
2495			if (list->fill_num >= list->alloc_num) {
2496				list->dropped_num++;
2497				continue;
2498			}
2499
2500			entry.port_type = port->port_type;
2501			strlcpy(entry.port_name, port->port_name,
2502				sizeof(entry.port_name));
2503			entry.targ_port = port->targ_port;
2504			entry.physical_port = port->physical_port;
2505			entry.virtual_port = port->virtual_port;
2506			entry.wwnn = port->wwnn;
2507			entry.wwpn = port->wwpn;
2508			if (port->status & CTL_PORT_STATUS_ONLINE)
2509				entry.online = 1;
2510			else
2511				entry.online = 0;
2512
2513			list_entry = &list->entries[i];
2514
2515			retval = copyout(&entry, list_entry, sizeof(entry));
2516			if (retval != 0) {
2517				printf("%s: CTL_GET_PORT_LIST: copyout "
2518				       "returned %d\n", __func__, retval);
2519				break;
2520			}
2521			i++;
2522			list->fill_num++;
2523			list->fill_len += sizeof(entry);
2524		}
2525		mtx_unlock(&softc->ctl_lock);
2526
2527		/*
2528		 * If this is non-zero, we had a copyout fault, so there's
2529		 * probably no point in attempting to set the status inside
2530		 * the structure.
2531		 */
2532		if (retval != 0)
2533			break;
2534
2535		if (list->dropped_num > 0)
2536			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2537		else
2538			list->status = CTL_PORT_LIST_OK;
2539		break;
2540	}
2541	case CTL_DUMP_OOA: {
2542		union ctl_io *io;
2543		char printbuf[128];
2544		struct sbuf sb;
2545
2546		mtx_lock(&softc->ctl_lock);
2547		printf("Dumping OOA queues:\n");
2548		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2549			mtx_lock(&lun->lun_lock);
2550			for (io = (union ctl_io *)TAILQ_FIRST(
2551			     &lun->ooa_queue); io != NULL;
2552			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2553			     ooa_links)) {
2554				sbuf_new(&sb, printbuf, sizeof(printbuf),
2555					 SBUF_FIXEDLEN);
2556				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2557					    (intmax_t)lun->lun,
2558					    io->scsiio.tag_num,
2559					    (io->io_hdr.flags &
2560					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2561					    (io->io_hdr.flags &
2562					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2563					    (io->io_hdr.flags &
2564					    CTL_FLAG_ABORT) ? " ABORT" : "",
2565			                    (io->io_hdr.flags &
2566		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2567				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2568				sbuf_finish(&sb);
2569				printf("%s\n", sbuf_data(&sb));
2570			}
2571			mtx_unlock(&lun->lun_lock);
2572		}
2573		printf("OOA queues dump done\n");
2574		mtx_unlock(&softc->ctl_lock);
2575		break;
2576	}
2577	case CTL_GET_OOA: {
2578		struct ctl_ooa *ooa_hdr;
2579		struct ctl_ooa_entry *entries;
2580		uint32_t cur_fill_num;
2581
2582		ooa_hdr = (struct ctl_ooa *)addr;
2583
2584		if ((ooa_hdr->alloc_len == 0)
2585		 || (ooa_hdr->alloc_num == 0)) {
2586			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2587			       "must be non-zero\n", __func__,
2588			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2589			retval = EINVAL;
2590			break;
2591		}
2592
2593		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2594		    sizeof(struct ctl_ooa_entry))) {
2595			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2596			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2597			       __func__, ooa_hdr->alloc_len,
2598			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2599			retval = EINVAL;
2600			break;
2601		}
2602
2603		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2604		if (entries == NULL) {
2605			printf("%s: could not allocate %d bytes for OOA "
2606			       "dump\n", __func__, ooa_hdr->alloc_len);
2607			retval = ENOMEM;
2608			break;
2609		}
2610
2611		mtx_lock(&softc->ctl_lock);
2612		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2613		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2614		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2615			mtx_unlock(&softc->ctl_lock);
2616			free(entries, M_CTL);
2617			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2618			       __func__, (uintmax_t)ooa_hdr->lun_num);
2619			retval = EINVAL;
2620			break;
2621		}
2622
2623		cur_fill_num = 0;
2624
2625		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2626			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2627				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2628					ooa_hdr, entries);
2629				if (retval != 0)
2630					break;
2631			}
2632			if (retval != 0) {
2633				mtx_unlock(&softc->ctl_lock);
2634				free(entries, M_CTL);
2635				break;
2636			}
2637		} else {
2638			lun = softc->ctl_luns[ooa_hdr->lun_num];
2639
2640			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2641						    entries);
2642		}
2643		mtx_unlock(&softc->ctl_lock);
2644
2645		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2646		ooa_hdr->fill_len = ooa_hdr->fill_num *
2647			sizeof(struct ctl_ooa_entry);
2648		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2649		if (retval != 0) {
2650			printf("%s: error copying out %d bytes for OOA dump\n",
2651			       __func__, ooa_hdr->fill_len);
2652		}
2653
2654		getbintime(&ooa_hdr->cur_bt);
2655
2656		if (cur_fill_num > ooa_hdr->alloc_num) {
2657			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2658			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2659		} else {
2660			ooa_hdr->dropped_num = 0;
2661			ooa_hdr->status = CTL_OOA_OK;
2662		}
2663
2664		free(entries, M_CTL);
2665		break;
2666	}
2667	case CTL_CHECK_OOA: {
2668		union ctl_io *io;
2669		struct ctl_ooa_info *ooa_info;
2670
2671
2672		ooa_info = (struct ctl_ooa_info *)addr;
2673
2674		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2675			ooa_info->status = CTL_OOA_INVALID_LUN;
2676			break;
2677		}
2678		mtx_lock(&softc->ctl_lock);
2679		lun = softc->ctl_luns[ooa_info->lun_id];
2680		if (lun == NULL) {
2681			mtx_unlock(&softc->ctl_lock);
2682			ooa_info->status = CTL_OOA_INVALID_LUN;
2683			break;
2684		}
2685		mtx_lock(&lun->lun_lock);
2686		mtx_unlock(&softc->ctl_lock);
2687		ooa_info->num_entries = 0;
2688		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2689		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2690		     &io->io_hdr, ooa_links)) {
2691			ooa_info->num_entries++;
2692		}
2693		mtx_unlock(&lun->lun_lock);
2694
2695		ooa_info->status = CTL_OOA_SUCCESS;
2696
2697		break;
2698	}
2699	case CTL_DELAY_IO: {
2700		struct ctl_io_delay_info *delay_info;
2701
2702		delay_info = (struct ctl_io_delay_info *)addr;
2703
2704#ifdef CTL_IO_DELAY
2705		mtx_lock(&softc->ctl_lock);
2706
2707		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2708		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2709			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2710		} else {
2711			lun = softc->ctl_luns[delay_info->lun_id];
2712			mtx_lock(&lun->lun_lock);
2713
2714			delay_info->status = CTL_DELAY_STATUS_OK;
2715
2716			switch (delay_info->delay_type) {
2717			case CTL_DELAY_TYPE_CONT:
2718				break;
2719			case CTL_DELAY_TYPE_ONESHOT:
2720				break;
2721			default:
2722				delay_info->status =
2723					CTL_DELAY_STATUS_INVALID_TYPE;
2724				break;
2725			}
2726
2727			switch (delay_info->delay_loc) {
2728			case CTL_DELAY_LOC_DATAMOVE:
2729				lun->delay_info.datamove_type =
2730					delay_info->delay_type;
2731				lun->delay_info.datamove_delay =
2732					delay_info->delay_secs;
2733				break;
2734			case CTL_DELAY_LOC_DONE:
2735				lun->delay_info.done_type =
2736					delay_info->delay_type;
2737				lun->delay_info.done_delay =
2738					delay_info->delay_secs;
2739				break;
2740			default:
2741				delay_info->status =
2742					CTL_DELAY_STATUS_INVALID_LOC;
2743				break;
2744			}
2745			mtx_unlock(&lun->lun_lock);
2746		}
2747
2748		mtx_unlock(&softc->ctl_lock);
2749#else
2750		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2751#endif /* CTL_IO_DELAY */
2752		break;
2753	}
2754	case CTL_REALSYNC_SET: {
2755		int *syncstate;
2756
2757		syncstate = (int *)addr;
2758
2759		mtx_lock(&softc->ctl_lock);
2760		switch (*syncstate) {
2761		case 0:
2762			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2763			break;
2764		case 1:
2765			softc->flags |= CTL_FLAG_REAL_SYNC;
2766			break;
2767		default:
2768			retval = EINVAL;
2769			break;
2770		}
2771		mtx_unlock(&softc->ctl_lock);
2772		break;
2773	}
2774	case CTL_REALSYNC_GET: {
2775		int *syncstate;
2776
2777		syncstate = (int*)addr;
2778
2779		mtx_lock(&softc->ctl_lock);
2780		if (softc->flags & CTL_FLAG_REAL_SYNC)
2781			*syncstate = 1;
2782		else
2783			*syncstate = 0;
2784		mtx_unlock(&softc->ctl_lock);
2785
2786		break;
2787	}
2788	case CTL_SETSYNC:
2789	case CTL_GETSYNC: {
2790		struct ctl_sync_info *sync_info;
2791
2792		sync_info = (struct ctl_sync_info *)addr;
2793
2794		mtx_lock(&softc->ctl_lock);
2795		lun = softc->ctl_luns[sync_info->lun_id];
2796		if (lun == NULL) {
2797			mtx_unlock(&softc->ctl_lock);
2798			sync_info->status = CTL_GS_SYNC_NO_LUN;
2799			break;
2800		}
2801		/*
2802		 * Get or set the sync interval.  We're not bounds checking
2803		 * in the set case, hopefully the user won't do something
2804		 * silly.
2805		 */
2806		mtx_lock(&lun->lun_lock);
2807		mtx_unlock(&softc->ctl_lock);
2808		if (cmd == CTL_GETSYNC)
2809			sync_info->sync_interval = lun->sync_interval;
2810		else
2811			lun->sync_interval = sync_info->sync_interval;
2812		mtx_unlock(&lun->lun_lock);
2813
2814		sync_info->status = CTL_GS_SYNC_OK;
2815
2816		break;
2817	}
2818	case CTL_GETSTATS: {
2819		struct ctl_stats *stats;
2820		int i;
2821
2822		stats = (struct ctl_stats *)addr;
2823
2824		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2825		     stats->alloc_len) {
2826			stats->status = CTL_SS_NEED_MORE_SPACE;
2827			stats->num_luns = softc->num_luns;
2828			break;
2829		}
2830		/*
2831		 * XXX KDM no locking here.  If the LUN list changes,
2832		 * things can blow up.
2833		 */
2834		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2835		     i++, lun = STAILQ_NEXT(lun, links)) {
2836			retval = copyout(&lun->stats, &stats->lun_stats[i],
2837					 sizeof(lun->stats));
2838			if (retval != 0)
2839				break;
2840		}
2841		stats->num_luns = softc->num_luns;
2842		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2843				 softc->num_luns;
2844		stats->status = CTL_SS_OK;
2845#ifdef CTL_TIME_IO
2846		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2847#else
2848		stats->flags = CTL_STATS_FLAG_NONE;
2849#endif
2850		getnanouptime(&stats->timestamp);
2851		break;
2852	}
2853	case CTL_ERROR_INJECT: {
2854		struct ctl_error_desc *err_desc, *new_err_desc;
2855
2856		err_desc = (struct ctl_error_desc *)addr;
2857
2858		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2859				      M_WAITOK | M_ZERO);
2860		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2861
2862		mtx_lock(&softc->ctl_lock);
2863		lun = softc->ctl_luns[err_desc->lun_id];
2864		if (lun == NULL) {
2865			mtx_unlock(&softc->ctl_lock);
2866			free(new_err_desc, M_CTL);
2867			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2868			       __func__, (uintmax_t)err_desc->lun_id);
2869			retval = EINVAL;
2870			break;
2871		}
2872		mtx_lock(&lun->lun_lock);
2873		mtx_unlock(&softc->ctl_lock);
2874
2875		/*
2876		 * We could do some checking here to verify the validity
2877		 * of the request, but given the complexity of error
2878		 * injection requests, the checking logic would be fairly
2879		 * complex.
2880		 *
2881		 * For now, if the request is invalid, it just won't get
2882		 * executed and might get deleted.
2883		 */
2884		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2885
2886		/*
2887		 * XXX KDM check to make sure the serial number is unique,
2888		 * in case we somehow manage to wrap.  That shouldn't
2889		 * happen for a very long time, but it's the right thing to
2890		 * do.
2891		 */
2892		new_err_desc->serial = lun->error_serial;
2893		err_desc->serial = lun->error_serial;
2894		lun->error_serial++;
2895
2896		mtx_unlock(&lun->lun_lock);
2897		break;
2898	}
2899	case CTL_ERROR_INJECT_DELETE: {
2900		struct ctl_error_desc *delete_desc, *desc, *desc2;
2901		int delete_done;
2902
2903		delete_desc = (struct ctl_error_desc *)addr;
2904		delete_done = 0;
2905
2906		mtx_lock(&softc->ctl_lock);
2907		lun = softc->ctl_luns[delete_desc->lun_id];
2908		if (lun == NULL) {
2909			mtx_unlock(&softc->ctl_lock);
2910			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2911			       __func__, (uintmax_t)delete_desc->lun_id);
2912			retval = EINVAL;
2913			break;
2914		}
2915		mtx_lock(&lun->lun_lock);
2916		mtx_unlock(&softc->ctl_lock);
2917		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2918			if (desc->serial != delete_desc->serial)
2919				continue;
2920
2921			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2922				      links);
2923			free(desc, M_CTL);
2924			delete_done = 1;
2925		}
2926		mtx_unlock(&lun->lun_lock);
2927		if (delete_done == 0) {
2928			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2929			       "error serial %ju on LUN %u\n", __func__,
2930			       delete_desc->serial, delete_desc->lun_id);
2931			retval = EINVAL;
2932			break;
2933		}
2934		break;
2935	}
2936	case CTL_DUMP_STRUCTS: {
2937		int i, j, k;
2938		struct ctl_port *port;
2939		struct ctl_frontend *fe;
2940
2941		mtx_lock(&softc->ctl_lock);
2942		printf("CTL Persistent Reservation information start:\n");
2943		for (i = 0; i < CTL_MAX_LUNS; i++) {
2944			lun = softc->ctl_luns[i];
2945
2946			if ((lun == NULL)
2947			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2948				continue;
2949
2950			for (j = 0; j < CTL_MAX_PORTS; j++) {
2951				if (lun->pr_keys[j] == NULL)
2952					continue;
2953				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2954					if (lun->pr_keys[j][k] == 0)
2955						continue;
2956					printf("  LUN %d port %d iid %d key "
2957					       "%#jx\n", i, j, k,
2958					       (uintmax_t)lun->pr_keys[j][k]);
2959				}
2960			}
2961		}
2962		printf("CTL Persistent Reservation information end\n");
2963		printf("CTL Ports:\n");
2964		STAILQ_FOREACH(port, &softc->port_list, links) {
2965			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2966			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2967			       port->frontend->name, port->port_type,
2968			       port->physical_port, port->virtual_port,
2969			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2970			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2971				if (port->wwpn_iid[j].in_use == 0 &&
2972				    port->wwpn_iid[j].wwpn == 0 &&
2973				    port->wwpn_iid[j].name == NULL)
2974					continue;
2975
2976				printf("    iid %u use %d WWPN %#jx '%s'\n",
2977				    j, port->wwpn_iid[j].in_use,
2978				    (uintmax_t)port->wwpn_iid[j].wwpn,
2979				    port->wwpn_iid[j].name);
2980			}
2981		}
2982		printf("CTL Port information end\n");
2983		mtx_unlock(&softc->ctl_lock);
2984		/*
2985		 * XXX KDM calling this without a lock.  We'd likely want
2986		 * to drop the lock before calling the frontend's dump
2987		 * routine anyway.
2988		 */
2989		printf("CTL Frontends:\n");
2990		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2991			printf("  Frontend '%s'\n", fe->name);
2992			if (fe->fe_dump != NULL)
2993				fe->fe_dump();
2994		}
2995		printf("CTL Frontend information end\n");
2996		break;
2997	}
2998	case CTL_LUN_REQ: {
2999		struct ctl_lun_req *lun_req;
3000		struct ctl_backend_driver *backend;
3001
3002		lun_req = (struct ctl_lun_req *)addr;
3003
3004		backend = ctl_backend_find(lun_req->backend);
3005		if (backend == NULL) {
3006			lun_req->status = CTL_LUN_ERROR;
3007			snprintf(lun_req->error_str,
3008				 sizeof(lun_req->error_str),
3009				 "Backend \"%s\" not found.",
3010				 lun_req->backend);
3011			break;
3012		}
3013		if (lun_req->num_be_args > 0) {
3014			lun_req->kern_be_args = ctl_copyin_args(
3015				lun_req->num_be_args,
3016				lun_req->be_args,
3017				lun_req->error_str,
3018				sizeof(lun_req->error_str));
3019			if (lun_req->kern_be_args == NULL) {
3020				lun_req->status = CTL_LUN_ERROR;
3021				break;
3022			}
3023		}
3024
3025		retval = backend->ioctl(dev, cmd, addr, flag, td);
3026
3027		if (lun_req->num_be_args > 0) {
3028			ctl_copyout_args(lun_req->num_be_args,
3029				      lun_req->kern_be_args);
3030			ctl_free_args(lun_req->num_be_args,
3031				      lun_req->kern_be_args);
3032		}
3033		break;
3034	}
3035	case CTL_LUN_LIST: {
3036		struct sbuf *sb;
3037		struct ctl_lun_list *list;
3038		struct ctl_option *opt;
3039
3040		list = (struct ctl_lun_list *)addr;
3041
3042		/*
3043		 * Allocate a fixed length sbuf here, based on the length
3044		 * of the user's buffer.  We could allocate an auto-extending
3045		 * buffer, and then tell the user how much larger our
3046		 * amount of data is than his buffer, but that presents
3047		 * some problems:
3048		 *
3049		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3050		 *     we can't hold a lock while calling them with an
3051		 *     auto-extending buffer.
3052 		 *
3053		 * 2.  There is not currently a LUN reference counting
3054		 *     mechanism, outside of outstanding transactions on
3055		 *     the LUN's OOA queue.  So a LUN could go away on us
3056		 *     while we're getting the LUN number, backend-specific
3057		 *     information, etc.  Thus, given the way things
3058		 *     currently work, we need to hold the CTL lock while
3059		 *     grabbing LUN information.
3060		 *
3061		 * So, from the user's standpoint, the best thing to do is
3062		 * allocate what he thinks is a reasonable buffer length,
3063		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3064		 * double the buffer length and try again.  (And repeat
3065		 * that until he succeeds.)
3066		 */
3067		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3068		if (sb == NULL) {
3069			list->status = CTL_LUN_LIST_ERROR;
3070			snprintf(list->error_str, sizeof(list->error_str),
3071				 "Unable to allocate %d bytes for LUN list",
3072				 list->alloc_len);
3073			break;
3074		}
3075
3076		sbuf_printf(sb, "<ctllunlist>\n");
3077
3078		mtx_lock(&softc->ctl_lock);
3079		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3080			mtx_lock(&lun->lun_lock);
3081			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3082					     (uintmax_t)lun->lun);
3083
3084			/*
3085			 * Bail out as soon as we see that we've overfilled
3086			 * the buffer.
3087			 */
3088			if (retval != 0)
3089				break;
3090
3091			retval = sbuf_printf(sb, "\t<backend_type>%s"
3092					     "</backend_type>\n",
3093					     (lun->backend == NULL) ?  "none" :
3094					     lun->backend->name);
3095
3096			if (retval != 0)
3097				break;
3098
3099			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3100					     lun->be_lun->lun_type);
3101
3102			if (retval != 0)
3103				break;
3104
3105			if (lun->backend == NULL) {
3106				retval = sbuf_printf(sb, "</lun>\n");
3107				if (retval != 0)
3108					break;
3109				continue;
3110			}
3111
3112			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3113					     (lun->be_lun->maxlba > 0) ?
3114					     lun->be_lun->maxlba + 1 : 0);
3115
3116			if (retval != 0)
3117				break;
3118
3119			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3120					     lun->be_lun->blocksize);
3121
3122			if (retval != 0)
3123				break;
3124
3125			retval = sbuf_printf(sb, "\t<serial_number>");
3126
3127			if (retval != 0)
3128				break;
3129
3130			retval = ctl_sbuf_printf_esc(sb,
3131			    lun->be_lun->serial_num,
3132			    sizeof(lun->be_lun->serial_num));
3133
3134			if (retval != 0)
3135				break;
3136
3137			retval = sbuf_printf(sb, "</serial_number>\n");
3138
3139			if (retval != 0)
3140				break;
3141
3142			retval = sbuf_printf(sb, "\t<device_id>");
3143
3144			if (retval != 0)
3145				break;
3146
3147			retval = ctl_sbuf_printf_esc(sb,
3148			    lun->be_lun->device_id,
3149			    sizeof(lun->be_lun->device_id));
3150
3151			if (retval != 0)
3152				break;
3153
3154			retval = sbuf_printf(sb, "</device_id>\n");
3155
3156			if (retval != 0)
3157				break;
3158
3159			if (lun->backend->lun_info != NULL) {
3160				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3161				if (retval != 0)
3162					break;
3163			}
3164			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3165				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3166				    opt->name, opt->value, opt->name);
3167				if (retval != 0)
3168					break;
3169			}
3170
3171			retval = sbuf_printf(sb, "</lun>\n");
3172
3173			if (retval != 0)
3174				break;
3175			mtx_unlock(&lun->lun_lock);
3176		}
3177		if (lun != NULL)
3178			mtx_unlock(&lun->lun_lock);
3179		mtx_unlock(&softc->ctl_lock);
3180
3181		if ((retval != 0)
3182		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3183			retval = 0;
3184			sbuf_delete(sb);
3185			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3186			snprintf(list->error_str, sizeof(list->error_str),
3187				 "Out of space, %d bytes is too small",
3188				 list->alloc_len);
3189			break;
3190		}
3191
3192		sbuf_finish(sb);
3193
3194		retval = copyout(sbuf_data(sb), list->lun_xml,
3195				 sbuf_len(sb) + 1);
3196
3197		list->fill_len = sbuf_len(sb) + 1;
3198		list->status = CTL_LUN_LIST_OK;
3199		sbuf_delete(sb);
3200		break;
3201	}
3202	case CTL_ISCSI: {
3203		struct ctl_iscsi *ci;
3204		struct ctl_frontend *fe;
3205
3206		ci = (struct ctl_iscsi *)addr;
3207
3208		fe = ctl_frontend_find("iscsi");
3209		if (fe == NULL) {
3210			ci->status = CTL_ISCSI_ERROR;
3211			snprintf(ci->error_str, sizeof(ci->error_str),
3212			    "Frontend \"iscsi\" not found.");
3213			break;
3214		}
3215
3216		retval = fe->ioctl(dev, cmd, addr, flag, td);
3217		break;
3218	}
3219	case CTL_PORT_REQ: {
3220		struct ctl_req *req;
3221		struct ctl_frontend *fe;
3222
3223		req = (struct ctl_req *)addr;
3224
3225		fe = ctl_frontend_find(req->driver);
3226		if (fe == NULL) {
3227			req->status = CTL_LUN_ERROR;
3228			snprintf(req->error_str, sizeof(req->error_str),
3229			    "Frontend \"%s\" not found.", req->driver);
3230			break;
3231		}
3232		if (req->num_args > 0) {
3233			req->kern_args = ctl_copyin_args(req->num_args,
3234			    req->args, req->error_str, sizeof(req->error_str));
3235			if (req->kern_args == NULL) {
3236				req->status = CTL_LUN_ERROR;
3237				break;
3238			}
3239		}
3240
3241		if (fe->ioctl)
3242			retval = fe->ioctl(dev, cmd, addr, flag, td);
3243		else
3244			retval = ENODEV;
3245
3246		if (req->num_args > 0) {
3247			ctl_copyout_args(req->num_args, req->kern_args);
3248			ctl_free_args(req->num_args, req->kern_args);
3249		}
3250		break;
3251	}
3252	case CTL_PORT_LIST: {
3253		struct sbuf *sb;
3254		struct ctl_port *port;
3255		struct ctl_lun_list *list;
3256		struct ctl_option *opt;
3257		int j;
3258		uint32_t plun;
3259
3260		list = (struct ctl_lun_list *)addr;
3261
3262		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3263		if (sb == NULL) {
3264			list->status = CTL_LUN_LIST_ERROR;
3265			snprintf(list->error_str, sizeof(list->error_str),
3266				 "Unable to allocate %d bytes for LUN list",
3267				 list->alloc_len);
3268			break;
3269		}
3270
3271		sbuf_printf(sb, "<ctlportlist>\n");
3272
3273		mtx_lock(&softc->ctl_lock);
3274		STAILQ_FOREACH(port, &softc->port_list, links) {
3275			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3276					     (uintmax_t)port->targ_port);
3277
3278			/*
3279			 * Bail out as soon as we see that we've overfilled
3280			 * the buffer.
3281			 */
3282			if (retval != 0)
3283				break;
3284
3285			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3286			    "</frontend_type>\n", port->frontend->name);
3287			if (retval != 0)
3288				break;
3289
3290			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3291					     port->port_type);
3292			if (retval != 0)
3293				break;
3294
3295			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3296			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3297			if (retval != 0)
3298				break;
3299
3300			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3301			    port->port_name);
3302			if (retval != 0)
3303				break;
3304
3305			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3306			    port->physical_port);
3307			if (retval != 0)
3308				break;
3309
3310			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3311			    port->virtual_port);
3312			if (retval != 0)
3313				break;
3314
3315			if (port->target_devid != NULL) {
3316				sbuf_printf(sb, "\t<target>");
3317				ctl_id_sbuf(port->target_devid, sb);
3318				sbuf_printf(sb, "</target>\n");
3319			}
3320
3321			if (port->port_devid != NULL) {
3322				sbuf_printf(sb, "\t<port>");
3323				ctl_id_sbuf(port->port_devid, sb);
3324				sbuf_printf(sb, "</port>\n");
3325			}
3326
3327			if (port->port_info != NULL) {
3328				retval = port->port_info(port->onoff_arg, sb);
3329				if (retval != 0)
3330					break;
3331			}
3332			STAILQ_FOREACH(opt, &port->options, links) {
3333				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3334				    opt->name, opt->value, opt->name);
3335				if (retval != 0)
3336					break;
3337			}
3338
3339			if (port->lun_map != NULL) {
3340				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3341				for (j = 0; j < CTL_MAX_LUNS; j++) {
3342					plun = ctl_lun_map_from_port(port, j);
3343					if (plun >= CTL_MAX_LUNS)
3344						continue;
3345					sbuf_printf(sb,
3346					    "\t<lun id=\"%u\">%u</lun>\n",
3347					    j, plun);
3348				}
3349			}
3350
3351			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3352				if (port->wwpn_iid[j].in_use == 0 ||
3353				    (port->wwpn_iid[j].wwpn == 0 &&
3354				     port->wwpn_iid[j].name == NULL))
3355					continue;
3356
3357				if (port->wwpn_iid[j].name != NULL)
3358					retval = sbuf_printf(sb,
3359					    "\t<initiator id=\"%u\">%s</initiator>\n",
3360					    j, port->wwpn_iid[j].name);
3361				else
3362					retval = sbuf_printf(sb,
3363					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3364					    j, port->wwpn_iid[j].wwpn);
3365				if (retval != 0)
3366					break;
3367			}
3368			if (retval != 0)
3369				break;
3370
3371			retval = sbuf_printf(sb, "</targ_port>\n");
3372			if (retval != 0)
3373				break;
3374		}
3375		mtx_unlock(&softc->ctl_lock);
3376
3377		if ((retval != 0)
3378		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3379			retval = 0;
3380			sbuf_delete(sb);
3381			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3382			snprintf(list->error_str, sizeof(list->error_str),
3383				 "Out of space, %d bytes is too small",
3384				 list->alloc_len);
3385			break;
3386		}
3387
3388		sbuf_finish(sb);
3389
3390		retval = copyout(sbuf_data(sb), list->lun_xml,
3391				 sbuf_len(sb) + 1);
3392
3393		list->fill_len = sbuf_len(sb) + 1;
3394		list->status = CTL_LUN_LIST_OK;
3395		sbuf_delete(sb);
3396		break;
3397	}
3398	case CTL_LUN_MAP: {
3399		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3400		struct ctl_port *port;
3401
3402		mtx_lock(&softc->ctl_lock);
3403		if (lm->port < softc->port_min ||
3404		    lm->port >= softc->port_max ||
3405		    (port = softc->ctl_ports[lm->port]) == NULL) {
3406			mtx_unlock(&softc->ctl_lock);
3407			return (ENXIO);
3408		}
3409		if (port->status & CTL_PORT_STATUS_ONLINE) {
3410			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3411				if (ctl_lun_map_to_port(port, lun->lun) >=
3412				    CTL_MAX_LUNS)
3413					continue;
3414				mtx_lock(&lun->lun_lock);
3415				ctl_est_ua_port(lun, lm->port, -1,
3416				    CTL_UA_LUN_CHANGE);
3417				mtx_unlock(&lun->lun_lock);
3418			}
3419		}
3420		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3421		if (lm->plun < CTL_MAX_LUNS) {
3422			if (lm->lun == UINT32_MAX)
3423				retval = ctl_lun_map_unset(port, lm->plun);
3424			else if (lm->lun < CTL_MAX_LUNS &&
3425			    softc->ctl_luns[lm->lun] != NULL)
3426				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3427			else
3428				return (ENXIO);
3429		} else if (lm->plun == UINT32_MAX) {
3430			if (lm->lun == UINT32_MAX)
3431				retval = ctl_lun_map_deinit(port);
3432			else
3433				retval = ctl_lun_map_init(port);
3434		} else
3435			return (ENXIO);
3436		if (port->status & CTL_PORT_STATUS_ONLINE)
3437			ctl_isc_announce_port(port);
3438		break;
3439	}
3440	default: {
3441		/* XXX KDM should we fix this? */
3442#if 0
3443		struct ctl_backend_driver *backend;
3444		unsigned int type;
3445		int found;
3446
3447		found = 0;
3448
3449		/*
3450		 * We encode the backend type as the ioctl type for backend
3451		 * ioctls.  So parse it out here, and then search for a
3452		 * backend of this type.
3453		 */
3454		type = _IOC_TYPE(cmd);
3455
3456		STAILQ_FOREACH(backend, &softc->be_list, links) {
3457			if (backend->type == type) {
3458				found = 1;
3459				break;
3460			}
3461		}
3462		if (found == 0) {
3463			printf("ctl: unknown ioctl command %#lx or backend "
3464			       "%d\n", cmd, type);
3465			retval = EINVAL;
3466			break;
3467		}
3468		retval = backend->ioctl(dev, cmd, addr, flag, td);
3469#endif
3470		retval = ENOTTY;
3471		break;
3472	}
3473	}
3474	return (retval);
3475}
3476
3477uint32_t
3478ctl_get_initindex(struct ctl_nexus *nexus)
3479{
3480	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3481}
3482
3483int
3484ctl_lun_map_init(struct ctl_port *port)
3485{
3486	struct ctl_softc *softc = control_softc;
3487	struct ctl_lun *lun;
3488	uint32_t i;
3489
3490	if (port->lun_map == NULL)
3491		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3492		    M_CTL, M_NOWAIT);
3493	if (port->lun_map == NULL)
3494		return (ENOMEM);
3495	for (i = 0; i < CTL_MAX_LUNS; i++)
3496		port->lun_map[i] = UINT32_MAX;
3497	if (port->status & CTL_PORT_STATUS_ONLINE) {
3498		if (port->lun_disable != NULL) {
3499			STAILQ_FOREACH(lun, &softc->lun_list, links)
3500				port->lun_disable(port->targ_lun_arg, lun->lun);
3501		}
3502		ctl_isc_announce_port(port);
3503	}
3504	return (0);
3505}
3506
3507int
3508ctl_lun_map_deinit(struct ctl_port *port)
3509{
3510	struct ctl_softc *softc = control_softc;
3511	struct ctl_lun *lun;
3512
3513	if (port->lun_map == NULL)
3514		return (0);
3515	free(port->lun_map, M_CTL);
3516	port->lun_map = NULL;
3517	if (port->status & CTL_PORT_STATUS_ONLINE) {
3518		if (port->lun_enable != NULL) {
3519			STAILQ_FOREACH(lun, &softc->lun_list, links)
3520				port->lun_enable(port->targ_lun_arg, lun->lun);
3521		}
3522		ctl_isc_announce_port(port);
3523	}
3524	return (0);
3525}
3526
3527int
3528ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3529{
3530	int status;
3531	uint32_t old;
3532
3533	if (port->lun_map == NULL) {
3534		status = ctl_lun_map_init(port);
3535		if (status != 0)
3536			return (status);
3537	}
3538	old = port->lun_map[plun];
3539	port->lun_map[plun] = glun;
3540	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3541		if (port->lun_enable != NULL)
3542			port->lun_enable(port->targ_lun_arg, plun);
3543		ctl_isc_announce_port(port);
3544	}
3545	return (0);
3546}
3547
3548int
3549ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3550{
3551	uint32_t old;
3552
3553	if (port->lun_map == NULL)
3554		return (0);
3555	old = port->lun_map[plun];
3556	port->lun_map[plun] = UINT32_MAX;
3557	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3558		if (port->lun_disable != NULL)
3559			port->lun_disable(port->targ_lun_arg, plun);
3560		ctl_isc_announce_port(port);
3561	}
3562	return (0);
3563}
3564
3565uint32_t
3566ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3567{
3568
3569	if (port == NULL)
3570		return (UINT32_MAX);
3571	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3572		return (lun_id);
3573	return (port->lun_map[lun_id]);
3574}
3575
3576uint32_t
3577ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3578{
3579	uint32_t i;
3580
3581	if (port == NULL)
3582		return (UINT32_MAX);
3583	if (port->lun_map == NULL)
3584		return (lun_id);
3585	for (i = 0; i < CTL_MAX_LUNS; i++) {
3586		if (port->lun_map[i] == lun_id)
3587			return (i);
3588	}
3589	return (UINT32_MAX);
3590}
3591
3592static struct ctl_port *
3593ctl_io_port(struct ctl_io_hdr *io_hdr)
3594{
3595
3596	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3597}
3598
3599int
3600ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3601{
3602	int i;
3603
3604	for (i = first; i < last; i++) {
3605		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3606			return (i);
3607	}
3608	return (-1);
3609}
3610
3611int
3612ctl_set_mask(uint32_t *mask, uint32_t bit)
3613{
3614	uint32_t chunk, piece;
3615
3616	chunk = bit >> 5;
3617	piece = bit % (sizeof(uint32_t) * 8);
3618
3619	if ((mask[chunk] & (1 << piece)) != 0)
3620		return (-1);
3621	else
3622		mask[chunk] |= (1 << piece);
3623
3624	return (0);
3625}
3626
3627int
3628ctl_clear_mask(uint32_t *mask, uint32_t bit)
3629{
3630	uint32_t chunk, piece;
3631
3632	chunk = bit >> 5;
3633	piece = bit % (sizeof(uint32_t) * 8);
3634
3635	if ((mask[chunk] & (1 << piece)) == 0)
3636		return (-1);
3637	else
3638		mask[chunk] &= ~(1 << piece);
3639
3640	return (0);
3641}
3642
3643int
3644ctl_is_set(uint32_t *mask, uint32_t bit)
3645{
3646	uint32_t chunk, piece;
3647
3648	chunk = bit >> 5;
3649	piece = bit % (sizeof(uint32_t) * 8);
3650
3651	if ((mask[chunk] & (1 << piece)) == 0)
3652		return (0);
3653	else
3654		return (1);
3655}
3656
3657static uint64_t
3658ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3659{
3660	uint64_t *t;
3661
3662	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3663	if (t == NULL)
3664		return (0);
3665	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3666}
3667
3668static void
3669ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3670{
3671	uint64_t *t;
3672
3673	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3674	if (t == NULL)
3675		return;
3676	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3677}
3678
3679static void
3680ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3681{
3682	uint64_t *p;
3683	u_int i;
3684
3685	i = residx/CTL_MAX_INIT_PER_PORT;
3686	if (lun->pr_keys[i] != NULL)
3687		return;
3688	mtx_unlock(&lun->lun_lock);
3689	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3690	    M_WAITOK | M_ZERO);
3691	mtx_lock(&lun->lun_lock);
3692	if (lun->pr_keys[i] == NULL)
3693		lun->pr_keys[i] = p;
3694	else
3695		free(p, M_CTL);
3696}
3697
3698static void
3699ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3700{
3701	uint64_t *t;
3702
3703	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3704	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3705	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3706}
3707
3708/*
3709 * ctl_softc, pool_name, total_ctl_io are passed in.
3710 * npool is passed out.
3711 */
3712int
3713ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3714		uint32_t total_ctl_io, void **npool)
3715{
3716#ifdef IO_POOLS
3717	struct ctl_io_pool *pool;
3718
3719	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3720					    M_NOWAIT | M_ZERO);
3721	if (pool == NULL)
3722		return (ENOMEM);
3723
3724	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3725	pool->ctl_softc = ctl_softc;
3726	pool->zone = uma_zsecond_create(pool->name, NULL,
3727	    NULL, NULL, NULL, ctl_softc->io_zone);
3728	/* uma_prealloc(pool->zone, total_ctl_io); */
3729
3730	*npool = pool;
3731#else
3732	*npool = ctl_softc->io_zone;
3733#endif
3734	return (0);
3735}
3736
3737void
3738ctl_pool_free(struct ctl_io_pool *pool)
3739{
3740
3741	if (pool == NULL)
3742		return;
3743
3744#ifdef IO_POOLS
3745	uma_zdestroy(pool->zone);
3746	free(pool, M_CTL);
3747#endif
3748}
3749
3750union ctl_io *
3751ctl_alloc_io(void *pool_ref)
3752{
3753	union ctl_io *io;
3754#ifdef IO_POOLS
3755	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3756
3757	io = uma_zalloc(pool->zone, M_WAITOK);
3758#else
3759	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3760#endif
3761	if (io != NULL)
3762		io->io_hdr.pool = pool_ref;
3763	return (io);
3764}
3765
3766union ctl_io *
3767ctl_alloc_io_nowait(void *pool_ref)
3768{
3769	union ctl_io *io;
3770#ifdef IO_POOLS
3771	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3772
3773	io = uma_zalloc(pool->zone, M_NOWAIT);
3774#else
3775	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3776#endif
3777	if (io != NULL)
3778		io->io_hdr.pool = pool_ref;
3779	return (io);
3780}
3781
3782void
3783ctl_free_io(union ctl_io *io)
3784{
3785#ifdef IO_POOLS
3786	struct ctl_io_pool *pool;
3787#endif
3788
3789	if (io == NULL)
3790		return;
3791
3792#ifdef IO_POOLS
3793	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3794	uma_zfree(pool->zone, io);
3795#else
3796	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3797#endif
3798}
3799
3800void
3801ctl_zero_io(union ctl_io *io)
3802{
3803	void *pool_ref;
3804
3805	if (io == NULL)
3806		return;
3807
3808	/*
3809	 * May need to preserve linked list pointers at some point too.
3810	 */
3811	pool_ref = io->io_hdr.pool;
3812	memset(io, 0, sizeof(*io));
3813	io->io_hdr.pool = pool_ref;
3814}
3815
3816/*
3817 * This routine is currently used for internal copies of ctl_ios that need
3818 * to persist for some reason after we've already returned status to the
3819 * FETD.  (Thus the flag set.)
3820 *
3821 * XXX XXX
3822 * Note that this makes a blind copy of all fields in the ctl_io, except
3823 * for the pool reference.  This includes any memory that has been
3824 * allocated!  That memory will no longer be valid after done has been
3825 * called, so this would be VERY DANGEROUS for command that actually does
3826 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3827 * start and stop commands, which don't transfer any data, so this is not a
3828 * problem.  If it is used for anything else, the caller would also need to
3829 * allocate data buffer space and this routine would need to be modified to
3830 * copy the data buffer(s) as well.
3831 */
3832void
3833ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3834{
3835	void *pool_ref;
3836
3837	if ((src == NULL)
3838	 || (dest == NULL))
3839		return;
3840
3841	/*
3842	 * May need to preserve linked list pointers at some point too.
3843	 */
3844	pool_ref = dest->io_hdr.pool;
3845
3846	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3847
3848	dest->io_hdr.pool = pool_ref;
3849	/*
3850	 * We need to know that this is an internal copy, and doesn't need
3851	 * to get passed back to the FETD that allocated it.
3852	 */
3853	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3854}
3855
3856int
3857ctl_expand_number(const char *buf, uint64_t *num)
3858{
3859	char *endptr;
3860	uint64_t number;
3861	unsigned shift;
3862
3863	number = strtoq(buf, &endptr, 0);
3864
3865	switch (tolower((unsigned char)*endptr)) {
3866	case 'e':
3867		shift = 60;
3868		break;
3869	case 'p':
3870		shift = 50;
3871		break;
3872	case 't':
3873		shift = 40;
3874		break;
3875	case 'g':
3876		shift = 30;
3877		break;
3878	case 'm':
3879		shift = 20;
3880		break;
3881	case 'k':
3882		shift = 10;
3883		break;
3884	case 'b':
3885	case '\0': /* No unit. */
3886		*num = number;
3887		return (0);
3888	default:
3889		/* Unrecognized unit. */
3890		return (-1);
3891	}
3892
3893	if ((number << shift) >> shift != number) {
3894		/* Overflow */
3895		return (-1);
3896	}
3897	*num = number << shift;
3898	return (0);
3899}
3900
3901
3902/*
3903 * This routine could be used in the future to load default and/or saved
3904 * mode page parameters for a particuar lun.
3905 */
3906static int
3907ctl_init_page_index(struct ctl_lun *lun)
3908{
3909	int i;
3910	struct ctl_page_index *page_index;
3911	const char *value;
3912	uint64_t ival;
3913
3914	memcpy(&lun->mode_pages.index, page_index_template,
3915	       sizeof(page_index_template));
3916
3917	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3918
3919		page_index = &lun->mode_pages.index[i];
3920		/*
3921		 * If this is a disk-only mode page, there's no point in
3922		 * setting it up.  For some pages, we have to have some
3923		 * basic information about the disk in order to calculate the
3924		 * mode page data.
3925		 */
3926		if ((lun->be_lun->lun_type != T_DIRECT)
3927		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3928			continue;
3929
3930		switch (page_index->page_code & SMPH_PC_MASK) {
3931		case SMS_RW_ERROR_RECOVERY_PAGE: {
3932			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3933				panic("subpage is incorrect!");
3934			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3935			       &rw_er_page_default,
3936			       sizeof(rw_er_page_default));
3937			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3938			       &rw_er_page_changeable,
3939			       sizeof(rw_er_page_changeable));
3940			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3941			       &rw_er_page_default,
3942			       sizeof(rw_er_page_default));
3943			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3944			       &rw_er_page_default,
3945			       sizeof(rw_er_page_default));
3946			page_index->page_data =
3947				(uint8_t *)lun->mode_pages.rw_er_page;
3948			break;
3949		}
3950		case SMS_FORMAT_DEVICE_PAGE: {
3951			struct scsi_format_page *format_page;
3952
3953			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3954				panic("subpage is incorrect!");
3955
3956			/*
3957			 * Sectors per track are set above.  Bytes per
3958			 * sector need to be set here on a per-LUN basis.
3959			 */
3960			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3961			       &format_page_default,
3962			       sizeof(format_page_default));
3963			memcpy(&lun->mode_pages.format_page[
3964			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3965			       sizeof(format_page_changeable));
3966			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3967			       &format_page_default,
3968			       sizeof(format_page_default));
3969			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3970			       &format_page_default,
3971			       sizeof(format_page_default));
3972
3973			format_page = &lun->mode_pages.format_page[
3974				CTL_PAGE_CURRENT];
3975			scsi_ulto2b(lun->be_lun->blocksize,
3976				    format_page->bytes_per_sector);
3977
3978			format_page = &lun->mode_pages.format_page[
3979				CTL_PAGE_DEFAULT];
3980			scsi_ulto2b(lun->be_lun->blocksize,
3981				    format_page->bytes_per_sector);
3982
3983			format_page = &lun->mode_pages.format_page[
3984				CTL_PAGE_SAVED];
3985			scsi_ulto2b(lun->be_lun->blocksize,
3986				    format_page->bytes_per_sector);
3987
3988			page_index->page_data =
3989				(uint8_t *)lun->mode_pages.format_page;
3990			break;
3991		}
3992		case SMS_RIGID_DISK_PAGE: {
3993			struct scsi_rigid_disk_page *rigid_disk_page;
3994			uint32_t sectors_per_cylinder;
3995			uint64_t cylinders;
3996#ifndef	__XSCALE__
3997			int shift;
3998#endif /* !__XSCALE__ */
3999
4000			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4001				panic("invalid subpage value %d",
4002				      page_index->subpage);
4003
4004			/*
4005			 * Rotation rate and sectors per track are set
4006			 * above.  We calculate the cylinders here based on
4007			 * capacity.  Due to the number of heads and
4008			 * sectors per track we're using, smaller arrays
4009			 * may turn out to have 0 cylinders.  Linux and
4010			 * FreeBSD don't pay attention to these mode pages
4011			 * to figure out capacity, but Solaris does.  It
4012			 * seems to deal with 0 cylinders just fine, and
4013			 * works out a fake geometry based on the capacity.
4014			 */
4015			memcpy(&lun->mode_pages.rigid_disk_page[
4016			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4017			       sizeof(rigid_disk_page_default));
4018			memcpy(&lun->mode_pages.rigid_disk_page[
4019			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4020			       sizeof(rigid_disk_page_changeable));
4021
4022			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4023				CTL_DEFAULT_HEADS;
4024
4025			/*
4026			 * The divide method here will be more accurate,
4027			 * probably, but results in floating point being
4028			 * used in the kernel on i386 (__udivdi3()).  On the
4029			 * XScale, though, __udivdi3() is implemented in
4030			 * software.
4031			 *
4032			 * The shift method for cylinder calculation is
4033			 * accurate if sectors_per_cylinder is a power of
4034			 * 2.  Otherwise it might be slightly off -- you
4035			 * might have a bit of a truncation problem.
4036			 */
4037#ifdef	__XSCALE__
4038			cylinders = (lun->be_lun->maxlba + 1) /
4039				sectors_per_cylinder;
4040#else
4041			for (shift = 31; shift > 0; shift--) {
4042				if (sectors_per_cylinder & (1 << shift))
4043					break;
4044			}
4045			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4046#endif
4047
4048			/*
4049			 * We've basically got 3 bytes, or 24 bits for the
4050			 * cylinder size in the mode page.  If we're over,
4051			 * just round down to 2^24.
4052			 */
4053			if (cylinders > 0xffffff)
4054				cylinders = 0xffffff;
4055
4056			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4057				CTL_PAGE_DEFAULT];
4058			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4059
4060			if ((value = ctl_get_opt(&lun->be_lun->options,
4061			    "rpm")) != NULL) {
4062				scsi_ulto2b(strtol(value, NULL, 0),
4063				     rigid_disk_page->rotation_rate);
4064			}
4065
4066			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4067			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4068			       sizeof(rigid_disk_page_default));
4069			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4070			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4071			       sizeof(rigid_disk_page_default));
4072
4073			page_index->page_data =
4074				(uint8_t *)lun->mode_pages.rigid_disk_page;
4075			break;
4076		}
4077		case SMS_CACHING_PAGE: {
4078			struct scsi_caching_page *caching_page;
4079
4080			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4081				panic("invalid subpage value %d",
4082				      page_index->subpage);
4083			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4084			       &caching_page_default,
4085			       sizeof(caching_page_default));
4086			memcpy(&lun->mode_pages.caching_page[
4087			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4088			       sizeof(caching_page_changeable));
4089			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4090			       &caching_page_default,
4091			       sizeof(caching_page_default));
4092			caching_page = &lun->mode_pages.caching_page[
4093			    CTL_PAGE_SAVED];
4094			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4095			if (value != NULL && strcmp(value, "off") == 0)
4096				caching_page->flags1 &= ~SCP_WCE;
4097			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4098			if (value != NULL && strcmp(value, "off") == 0)
4099				caching_page->flags1 |= SCP_RCD;
4100			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4101			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4102			       sizeof(caching_page_default));
4103			page_index->page_data =
4104				(uint8_t *)lun->mode_pages.caching_page;
4105			break;
4106		}
4107		case SMS_CONTROL_MODE_PAGE: {
4108			switch (page_index->subpage) {
4109			case SMS_SUBPAGE_PAGE_0: {
4110				struct scsi_control_page *control_page;
4111
4112				memcpy(&lun->mode_pages.control_page[
4113				    CTL_PAGE_DEFAULT],
4114				       &control_page_default,
4115				       sizeof(control_page_default));
4116				memcpy(&lun->mode_pages.control_page[
4117				    CTL_PAGE_CHANGEABLE],
4118				       &control_page_changeable,
4119				       sizeof(control_page_changeable));
4120				memcpy(&lun->mode_pages.control_page[
4121				    CTL_PAGE_SAVED],
4122				       &control_page_default,
4123				       sizeof(control_page_default));
4124				control_page = &lun->mode_pages.control_page[
4125				    CTL_PAGE_SAVED];
4126				value = ctl_get_opt(&lun->be_lun->options,
4127				    "reordering");
4128				if (value != NULL &&
4129				    strcmp(value, "unrestricted") == 0) {
4130					control_page->queue_flags &=
4131					    ~SCP_QUEUE_ALG_MASK;
4132					control_page->queue_flags |=
4133					    SCP_QUEUE_ALG_UNRESTRICTED;
4134				}
4135				memcpy(&lun->mode_pages.control_page[
4136				    CTL_PAGE_CURRENT],
4137				       &lun->mode_pages.control_page[
4138				    CTL_PAGE_SAVED],
4139				       sizeof(control_page_default));
4140				page_index->page_data =
4141				    (uint8_t *)lun->mode_pages.control_page;
4142				break;
4143			}
4144			case 0x01:
4145				memcpy(&lun->mode_pages.control_ext_page[
4146				    CTL_PAGE_DEFAULT],
4147				       &control_ext_page_default,
4148				       sizeof(control_ext_page_default));
4149				memcpy(&lun->mode_pages.control_ext_page[
4150				    CTL_PAGE_CHANGEABLE],
4151				       &control_ext_page_changeable,
4152				       sizeof(control_ext_page_changeable));
4153				memcpy(&lun->mode_pages.control_ext_page[
4154				    CTL_PAGE_SAVED],
4155				       &control_ext_page_default,
4156				       sizeof(control_ext_page_default));
4157				memcpy(&lun->mode_pages.control_ext_page[
4158				    CTL_PAGE_CURRENT],
4159				       &lun->mode_pages.control_ext_page[
4160				    CTL_PAGE_SAVED],
4161				       sizeof(control_ext_page_default));
4162				page_index->page_data =
4163				    (uint8_t *)lun->mode_pages.control_ext_page;
4164				break;
4165			}
4166			break;
4167		}
4168		case SMS_INFO_EXCEPTIONS_PAGE: {
4169			switch (page_index->subpage) {
4170			case SMS_SUBPAGE_PAGE_0:
4171				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4172				       &ie_page_default,
4173				       sizeof(ie_page_default));
4174				memcpy(&lun->mode_pages.ie_page[
4175				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4176				       sizeof(ie_page_changeable));
4177				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4178				       &ie_page_default,
4179				       sizeof(ie_page_default));
4180				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4181				       &ie_page_default,
4182				       sizeof(ie_page_default));
4183				page_index->page_data =
4184					(uint8_t *)lun->mode_pages.ie_page;
4185				break;
4186			case 0x02: {
4187				struct ctl_logical_block_provisioning_page *page;
4188
4189				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4190				       &lbp_page_default,
4191				       sizeof(lbp_page_default));
4192				memcpy(&lun->mode_pages.lbp_page[
4193				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4194				       sizeof(lbp_page_changeable));
4195				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4196				       &lbp_page_default,
4197				       sizeof(lbp_page_default));
4198				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4199				value = ctl_get_opt(&lun->be_lun->options,
4200				    "avail-threshold");
4201				if (value != NULL &&
4202				    ctl_expand_number(value, &ival) == 0) {
4203					page->descr[0].flags |= SLBPPD_ENABLED |
4204					    SLBPPD_ARMING_DEC;
4205					if (lun->be_lun->blocksize)
4206						ival /= lun->be_lun->blocksize;
4207					else
4208						ival /= 512;
4209					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4210					    page->descr[0].count);
4211				}
4212				value = ctl_get_opt(&lun->be_lun->options,
4213				    "used-threshold");
4214				if (value != NULL &&
4215				    ctl_expand_number(value, &ival) == 0) {
4216					page->descr[1].flags |= SLBPPD_ENABLED |
4217					    SLBPPD_ARMING_INC;
4218					if (lun->be_lun->blocksize)
4219						ival /= lun->be_lun->blocksize;
4220					else
4221						ival /= 512;
4222					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4223					    page->descr[1].count);
4224				}
4225				value = ctl_get_opt(&lun->be_lun->options,
4226				    "pool-avail-threshold");
4227				if (value != NULL &&
4228				    ctl_expand_number(value, &ival) == 0) {
4229					page->descr[2].flags |= SLBPPD_ENABLED |
4230					    SLBPPD_ARMING_DEC;
4231					if (lun->be_lun->blocksize)
4232						ival /= lun->be_lun->blocksize;
4233					else
4234						ival /= 512;
4235					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4236					    page->descr[2].count);
4237				}
4238				value = ctl_get_opt(&lun->be_lun->options,
4239				    "pool-used-threshold");
4240				if (value != NULL &&
4241				    ctl_expand_number(value, &ival) == 0) {
4242					page->descr[3].flags |= SLBPPD_ENABLED |
4243					    SLBPPD_ARMING_INC;
4244					if (lun->be_lun->blocksize)
4245						ival /= lun->be_lun->blocksize;
4246					else
4247						ival /= 512;
4248					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4249					    page->descr[3].count);
4250				}
4251				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4252				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4253				       sizeof(lbp_page_default));
4254				page_index->page_data =
4255					(uint8_t *)lun->mode_pages.lbp_page;
4256			}}
4257			break;
4258		}
4259		case SMS_VENDOR_SPECIFIC_PAGE:{
4260			switch (page_index->subpage) {
4261			case DBGCNF_SUBPAGE_CODE: {
4262				struct copan_debugconf_subpage *current_page,
4263							       *saved_page;
4264
4265				memcpy(&lun->mode_pages.debugconf_subpage[
4266				       CTL_PAGE_CURRENT],
4267				       &debugconf_page_default,
4268				       sizeof(debugconf_page_default));
4269				memcpy(&lun->mode_pages.debugconf_subpage[
4270				       CTL_PAGE_CHANGEABLE],
4271				       &debugconf_page_changeable,
4272				       sizeof(debugconf_page_changeable));
4273				memcpy(&lun->mode_pages.debugconf_subpage[
4274				       CTL_PAGE_DEFAULT],
4275				       &debugconf_page_default,
4276				       sizeof(debugconf_page_default));
4277				memcpy(&lun->mode_pages.debugconf_subpage[
4278				       CTL_PAGE_SAVED],
4279				       &debugconf_page_default,
4280				       sizeof(debugconf_page_default));
4281				page_index->page_data =
4282					(uint8_t *)lun->mode_pages.debugconf_subpage;
4283
4284				current_page = (struct copan_debugconf_subpage *)
4285					(page_index->page_data +
4286					 (page_index->page_len *
4287					  CTL_PAGE_CURRENT));
4288				saved_page = (struct copan_debugconf_subpage *)
4289					(page_index->page_data +
4290					 (page_index->page_len *
4291					  CTL_PAGE_SAVED));
4292				break;
4293			}
4294			default:
4295				panic("invalid subpage value %d",
4296				      page_index->subpage);
4297				break;
4298			}
4299   			break;
4300		}
4301		default:
4302			panic("invalid page value %d",
4303			      page_index->page_code & SMPH_PC_MASK);
4304			break;
4305    	}
4306	}
4307
4308	return (CTL_RETVAL_COMPLETE);
4309}
4310
4311static int
4312ctl_init_log_page_index(struct ctl_lun *lun)
4313{
4314	struct ctl_page_index *page_index;
4315	int i, j, k, prev;
4316
4317	memcpy(&lun->log_pages.index, log_page_index_template,
4318	       sizeof(log_page_index_template));
4319
4320	prev = -1;
4321	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4322
4323		page_index = &lun->log_pages.index[i];
4324		/*
4325		 * If this is a disk-only mode page, there's no point in
4326		 * setting it up.  For some pages, we have to have some
4327		 * basic information about the disk in order to calculate the
4328		 * mode page data.
4329		 */
4330		if ((lun->be_lun->lun_type != T_DIRECT)
4331		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4332			continue;
4333
4334		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4335		     lun->backend->lun_attr == NULL)
4336			continue;
4337
4338		if (page_index->page_code != prev) {
4339			lun->log_pages.pages_page[j] = page_index->page_code;
4340			prev = page_index->page_code;
4341			j++;
4342		}
4343		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4344		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4345		k++;
4346	}
4347	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4348	lun->log_pages.index[0].page_len = j;
4349	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4350	lun->log_pages.index[1].page_len = k * 2;
4351	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4352	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4353	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4354	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4355
4356	return (CTL_RETVAL_COMPLETE);
4357}
4358
4359static int
4360hex2bin(const char *str, uint8_t *buf, int buf_size)
4361{
4362	int i;
4363	u_char c;
4364
4365	memset(buf, 0, buf_size);
4366	while (isspace(str[0]))
4367		str++;
4368	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4369		str += 2;
4370	buf_size *= 2;
4371	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4372		c = str[i];
4373		if (isdigit(c))
4374			c -= '0';
4375		else if (isalpha(c))
4376			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4377		else
4378			break;
4379		if (c >= 16)
4380			break;
4381		if ((i & 1) == 0)
4382			buf[i / 2] |= (c << 4);
4383		else
4384			buf[i / 2] |= c;
4385	}
4386	return ((i + 1) / 2);
4387}
4388
4389/*
4390 * LUN allocation.
4391 *
4392 * Requirements:
4393 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4394 *   wants us to allocate the LUN and he can block.
4395 * - ctl_softc is always set
4396 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4397 *
4398 * Returns 0 for success, non-zero (errno) for failure.
4399 */
4400static int
4401ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4402	      struct ctl_be_lun *const be_lun)
4403{
4404	struct ctl_lun *nlun, *lun;
4405	struct scsi_vpd_id_descriptor *desc;
4406	struct scsi_vpd_id_t10 *t10id;
4407	const char *eui, *naa, *scsiname, *vendor;
4408	int lun_number, i, lun_malloced;
4409	int devidlen, idlen1, idlen2 = 0, len;
4410
4411	if (be_lun == NULL)
4412		return (EINVAL);
4413
4414	/*
4415	 * We currently only support Direct Access or Processor LUN types.
4416	 */
4417	switch (be_lun->lun_type) {
4418	case T_DIRECT:
4419		break;
4420	case T_PROCESSOR:
4421		break;
4422	case T_SEQUENTIAL:
4423	case T_CHANGER:
4424	default:
4425		be_lun->lun_config_status(be_lun->be_lun,
4426					  CTL_LUN_CONFIG_FAILURE);
4427		break;
4428	}
4429	if (ctl_lun == NULL) {
4430		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4431		lun_malloced = 1;
4432	} else {
4433		lun_malloced = 0;
4434		lun = ctl_lun;
4435	}
4436
4437	memset(lun, 0, sizeof(*lun));
4438	if (lun_malloced)
4439		lun->flags = CTL_LUN_MALLOCED;
4440
4441	/* Generate LUN ID. */
4442	devidlen = max(CTL_DEVID_MIN_LEN,
4443	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4444	idlen1 = sizeof(*t10id) + devidlen;
4445	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4446	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4447	if (scsiname != NULL) {
4448		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4449		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4450	}
4451	eui = ctl_get_opt(&be_lun->options, "eui");
4452	if (eui != NULL) {
4453		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4454	}
4455	naa = ctl_get_opt(&be_lun->options, "naa");
4456	if (naa != NULL) {
4457		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4458	}
4459	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4460	    M_CTL, M_WAITOK | M_ZERO);
4461	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4462	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4463	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4464	desc->length = idlen1;
4465	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4466	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4467	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4468		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4469	} else {
4470		strncpy(t10id->vendor, vendor,
4471		    min(sizeof(t10id->vendor), strlen(vendor)));
4472	}
4473	strncpy((char *)t10id->vendor_spec_id,
4474	    (char *)be_lun->device_id, devidlen);
4475	if (scsiname != NULL) {
4476		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4477		    desc->length);
4478		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4479		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4480		    SVPD_ID_TYPE_SCSI_NAME;
4481		desc->length = idlen2;
4482		strlcpy(desc->identifier, scsiname, idlen2);
4483	}
4484	if (eui != NULL) {
4485		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4486		    desc->length);
4487		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4488		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4489		    SVPD_ID_TYPE_EUI64;
4490		desc->length = hex2bin(eui, desc->identifier, 16);
4491		desc->length = desc->length > 12 ? 16 :
4492		    (desc->length > 8 ? 12 : 8);
4493		len -= 16 - desc->length;
4494	}
4495	if (naa != NULL) {
4496		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4497		    desc->length);
4498		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4499		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4500		    SVPD_ID_TYPE_NAA;
4501		desc->length = hex2bin(naa, desc->identifier, 16);
4502		desc->length = desc->length > 8 ? 16 : 8;
4503		len -= 16 - desc->length;
4504	}
4505	lun->lun_devid->len = len;
4506
4507	mtx_lock(&ctl_softc->ctl_lock);
4508	/*
4509	 * See if the caller requested a particular LUN number.  If so, see
4510	 * if it is available.  Otherwise, allocate the first available LUN.
4511	 */
4512	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4513		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4514		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4515			mtx_unlock(&ctl_softc->ctl_lock);
4516			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4517				printf("ctl: requested LUN ID %d is higher "
4518				       "than CTL_MAX_LUNS - 1 (%d)\n",
4519				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4520			} else {
4521				/*
4522				 * XXX KDM return an error, or just assign
4523				 * another LUN ID in this case??
4524				 */
4525				printf("ctl: requested LUN ID %d is already "
4526				       "in use\n", be_lun->req_lun_id);
4527			}
4528			if (lun->flags & CTL_LUN_MALLOCED)
4529				free(lun, M_CTL);
4530			be_lun->lun_config_status(be_lun->be_lun,
4531						  CTL_LUN_CONFIG_FAILURE);
4532			return (ENOSPC);
4533		}
4534		lun_number = be_lun->req_lun_id;
4535	} else {
4536		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4537		if (lun_number == -1) {
4538			mtx_unlock(&ctl_softc->ctl_lock);
4539			printf("ctl: can't allocate LUN, out of LUNs\n");
4540			if (lun->flags & CTL_LUN_MALLOCED)
4541				free(lun, M_CTL);
4542			be_lun->lun_config_status(be_lun->be_lun,
4543						  CTL_LUN_CONFIG_FAILURE);
4544			return (ENOSPC);
4545		}
4546	}
4547	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4548
4549	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4550	lun->lun = lun_number;
4551	lun->be_lun = be_lun;
4552	/*
4553	 * The processor LUN is always enabled.  Disk LUNs come on line
4554	 * disabled, and must be enabled by the backend.
4555	 */
4556	lun->flags |= CTL_LUN_DISABLED;
4557	lun->backend = be_lun->be;
4558	be_lun->ctl_lun = lun;
4559	be_lun->lun_id = lun_number;
4560	atomic_add_int(&be_lun->be->num_luns, 1);
4561	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4562		lun->flags |= CTL_LUN_OFFLINE;
4563
4564	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4565		lun->flags |= CTL_LUN_STOPPED;
4566
4567	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4568		lun->flags |= CTL_LUN_INOPERABLE;
4569
4570	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4571		lun->flags |= CTL_LUN_PRIMARY_SC;
4572
4573	lun->ctl_softc = ctl_softc;
4574#ifdef CTL_TIME_IO
4575	lun->last_busy = getsbinuptime();
4576#endif
4577	TAILQ_INIT(&lun->ooa_queue);
4578	TAILQ_INIT(&lun->blocked_queue);
4579	STAILQ_INIT(&lun->error_list);
4580	ctl_tpc_lun_init(lun);
4581
4582	/*
4583	 * Initialize the mode and log page index.
4584	 */
4585	ctl_init_page_index(lun);
4586	ctl_init_log_page_index(lun);
4587
4588	/*
4589	 * Now, before we insert this lun on the lun list, set the lun
4590	 * inventory changed UA for all other luns.
4591	 */
4592	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4593		mtx_lock(&nlun->lun_lock);
4594		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4595		mtx_unlock(&nlun->lun_lock);
4596	}
4597
4598	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4599
4600	ctl_softc->ctl_luns[lun_number] = lun;
4601
4602	ctl_softc->num_luns++;
4603
4604	/* Setup statistics gathering */
4605	lun->stats.device_type = be_lun->lun_type;
4606	lun->stats.lun_number = lun_number;
4607	if (lun->stats.device_type == T_DIRECT)
4608		lun->stats.blocksize = be_lun->blocksize;
4609	else
4610		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4611	for (i = 0;i < CTL_MAX_PORTS;i++)
4612		lun->stats.ports[i].targ_port = i;
4613
4614	mtx_unlock(&ctl_softc->ctl_lock);
4615
4616	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4617	return (0);
4618}
4619
4620/*
4621 * Delete a LUN.
4622 * Assumptions:
4623 * - LUN has already been marked invalid and any pending I/O has been taken
4624 *   care of.
4625 */
4626static int
4627ctl_free_lun(struct ctl_lun *lun)
4628{
4629	struct ctl_softc *softc;
4630	struct ctl_lun *nlun;
4631	int i;
4632
4633	softc = lun->ctl_softc;
4634
4635	mtx_assert(&softc->ctl_lock, MA_OWNED);
4636
4637	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4638
4639	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4640
4641	softc->ctl_luns[lun->lun] = NULL;
4642
4643	if (!TAILQ_EMPTY(&lun->ooa_queue))
4644		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4645
4646	softc->num_luns--;
4647
4648	/*
4649	 * Tell the backend to free resources, if this LUN has a backend.
4650	 */
4651	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4652	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4653
4654	ctl_tpc_lun_shutdown(lun);
4655	mtx_destroy(&lun->lun_lock);
4656	free(lun->lun_devid, M_CTL);
4657	for (i = 0; i < CTL_MAX_PORTS; i++)
4658		free(lun->pending_ua[i], M_CTL);
4659	for (i = 0; i < CTL_MAX_PORTS; i++)
4660		free(lun->pr_keys[i], M_CTL);
4661	free(lun->write_buffer, M_CTL);
4662	if (lun->flags & CTL_LUN_MALLOCED)
4663		free(lun, M_CTL);
4664
4665	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4666		mtx_lock(&nlun->lun_lock);
4667		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4668		mtx_unlock(&nlun->lun_lock);
4669	}
4670
4671	return (0);
4672}
4673
4674static void
4675ctl_create_lun(struct ctl_be_lun *be_lun)
4676{
4677	struct ctl_softc *softc;
4678
4679	softc = control_softc;
4680
4681	/*
4682	 * ctl_alloc_lun() should handle all potential failure cases.
4683	 */
4684	ctl_alloc_lun(softc, NULL, be_lun);
4685}
4686
4687int
4688ctl_add_lun(struct ctl_be_lun *be_lun)
4689{
4690	struct ctl_softc *softc = control_softc;
4691
4692	mtx_lock(&softc->ctl_lock);
4693	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4694	mtx_unlock(&softc->ctl_lock);
4695	wakeup(&softc->pending_lun_queue);
4696
4697	return (0);
4698}
4699
4700int
4701ctl_enable_lun(struct ctl_be_lun *be_lun)
4702{
4703	struct ctl_softc *softc;
4704	struct ctl_port *port, *nport;
4705	struct ctl_lun *lun;
4706	int retval;
4707
4708	lun = (struct ctl_lun *)be_lun->ctl_lun;
4709	softc = lun->ctl_softc;
4710
4711	mtx_lock(&softc->ctl_lock);
4712	mtx_lock(&lun->lun_lock);
4713	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4714		/*
4715		 * eh?  Why did we get called if the LUN is already
4716		 * enabled?
4717		 */
4718		mtx_unlock(&lun->lun_lock);
4719		mtx_unlock(&softc->ctl_lock);
4720		return (0);
4721	}
4722	lun->flags &= ~CTL_LUN_DISABLED;
4723	mtx_unlock(&lun->lun_lock);
4724
4725	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4726		nport = STAILQ_NEXT(port, links);
4727		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4728		    port->lun_map != NULL || port->lun_enable == NULL)
4729			continue;
4730
4731		/*
4732		 * Drop the lock while we call the FETD's enable routine.
4733		 * This can lead to a callback into CTL (at least in the
4734		 * case of the internal initiator frontend.
4735		 */
4736		mtx_unlock(&softc->ctl_lock);
4737		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4738		mtx_lock(&softc->ctl_lock);
4739		if (retval != 0) {
4740			printf("%s: FETD %s port %d returned error "
4741			       "%d for lun_enable on lun %jd\n",
4742			       __func__, port->port_name, port->targ_port,
4743			       retval, (intmax_t)lun->lun);
4744		}
4745	}
4746
4747	mtx_unlock(&softc->ctl_lock);
4748	ctl_isc_announce_lun(lun);
4749
4750	return (0);
4751}
4752
4753int
4754ctl_disable_lun(struct ctl_be_lun *be_lun)
4755{
4756	struct ctl_softc *softc;
4757	struct ctl_port *port;
4758	struct ctl_lun *lun;
4759	int retval;
4760
4761	lun = (struct ctl_lun *)be_lun->ctl_lun;
4762	softc = lun->ctl_softc;
4763
4764	mtx_lock(&softc->ctl_lock);
4765	mtx_lock(&lun->lun_lock);
4766	if (lun->flags & CTL_LUN_DISABLED) {
4767		mtx_unlock(&lun->lun_lock);
4768		mtx_unlock(&softc->ctl_lock);
4769		return (0);
4770	}
4771	lun->flags |= CTL_LUN_DISABLED;
4772	mtx_unlock(&lun->lun_lock);
4773
4774	STAILQ_FOREACH(port, &softc->port_list, links) {
4775		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4776		    port->lun_map != NULL || port->lun_disable == NULL)
4777			continue;
4778
4779		/*
4780		 * Drop the lock before we call the frontend's disable
4781		 * routine, to avoid lock order reversals.
4782		 *
4783		 * XXX KDM what happens if the frontend list changes while
4784		 * we're traversing it?  It's unlikely, but should be handled.
4785		 */
4786		mtx_unlock(&softc->ctl_lock);
4787		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4788		mtx_lock(&softc->ctl_lock);
4789		if (retval != 0) {
4790			printf("%s: FETD %s port %d returned error "
4791			       "%d for lun_disable on lun %jd\n",
4792			       __func__, port->port_name, port->targ_port,
4793			       retval, (intmax_t)lun->lun);
4794		}
4795	}
4796
4797	mtx_unlock(&softc->ctl_lock);
4798	ctl_isc_announce_lun(lun);
4799
4800	return (0);
4801}
4802
4803int
4804ctl_start_lun(struct ctl_be_lun *be_lun)
4805{
4806	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4807
4808	mtx_lock(&lun->lun_lock);
4809	lun->flags &= ~CTL_LUN_STOPPED;
4810	mtx_unlock(&lun->lun_lock);
4811	return (0);
4812}
4813
4814int
4815ctl_stop_lun(struct ctl_be_lun *be_lun)
4816{
4817	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4818
4819	mtx_lock(&lun->lun_lock);
4820	lun->flags |= CTL_LUN_STOPPED;
4821	mtx_unlock(&lun->lun_lock);
4822	return (0);
4823}
4824
4825int
4826ctl_lun_offline(struct ctl_be_lun *be_lun)
4827{
4828	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4829
4830	mtx_lock(&lun->lun_lock);
4831	lun->flags |= CTL_LUN_OFFLINE;
4832	mtx_unlock(&lun->lun_lock);
4833	return (0);
4834}
4835
4836int
4837ctl_lun_online(struct ctl_be_lun *be_lun)
4838{
4839	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4840
4841	mtx_lock(&lun->lun_lock);
4842	lun->flags &= ~CTL_LUN_OFFLINE;
4843	mtx_unlock(&lun->lun_lock);
4844	return (0);
4845}
4846
4847int
4848ctl_lun_primary(struct ctl_be_lun *be_lun)
4849{
4850	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4851
4852	mtx_lock(&lun->lun_lock);
4853	lun->flags |= CTL_LUN_PRIMARY_SC;
4854	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4855	mtx_unlock(&lun->lun_lock);
4856	ctl_isc_announce_lun(lun);
4857	return (0);
4858}
4859
4860int
4861ctl_lun_secondary(struct ctl_be_lun *be_lun)
4862{
4863	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4864
4865	mtx_lock(&lun->lun_lock);
4866	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4867	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4868	mtx_unlock(&lun->lun_lock);
4869	ctl_isc_announce_lun(lun);
4870	return (0);
4871}
4872
4873int
4874ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4875{
4876	struct ctl_softc *softc;
4877	struct ctl_lun *lun;
4878
4879	lun = (struct ctl_lun *)be_lun->ctl_lun;
4880	softc = lun->ctl_softc;
4881
4882	mtx_lock(&lun->lun_lock);
4883
4884	/*
4885	 * The LUN needs to be disabled before it can be marked invalid.
4886	 */
4887	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4888		mtx_unlock(&lun->lun_lock);
4889		return (-1);
4890	}
4891	/*
4892	 * Mark the LUN invalid.
4893	 */
4894	lun->flags |= CTL_LUN_INVALID;
4895
4896	/*
4897	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4898	 * If we have something in the OOA queue, we'll free it when the
4899	 * last I/O completes.
4900	 */
4901	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4902		mtx_unlock(&lun->lun_lock);
4903		mtx_lock(&softc->ctl_lock);
4904		ctl_free_lun(lun);
4905		mtx_unlock(&softc->ctl_lock);
4906	} else
4907		mtx_unlock(&lun->lun_lock);
4908
4909	return (0);
4910}
4911
4912int
4913ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4914{
4915	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4916
4917	mtx_lock(&lun->lun_lock);
4918	lun->flags |= CTL_LUN_INOPERABLE;
4919	mtx_unlock(&lun->lun_lock);
4920	return (0);
4921}
4922
4923int
4924ctl_lun_operable(struct ctl_be_lun *be_lun)
4925{
4926	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4927
4928	mtx_lock(&lun->lun_lock);
4929	lun->flags &= ~CTL_LUN_INOPERABLE;
4930	mtx_unlock(&lun->lun_lock);
4931	return (0);
4932}
4933
4934void
4935ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4936{
4937	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4938	union ctl_ha_msg msg;
4939
4940	mtx_lock(&lun->lun_lock);
4941	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4942	mtx_unlock(&lun->lun_lock);
4943	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4944		/* Send msg to other side. */
4945		bzero(&msg.ua, sizeof(msg.ua));
4946		msg.hdr.msg_type = CTL_MSG_UA;
4947		msg.hdr.nexus.initid = -1;
4948		msg.hdr.nexus.targ_port = -1;
4949		msg.hdr.nexus.targ_lun = lun->lun;
4950		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4951		msg.ua.ua_all = 1;
4952		msg.ua.ua_set = 1;
4953		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4954		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4955		    M_WAITOK);
4956	}
4957}
4958
4959/*
4960 * Backend "memory move is complete" callback for requests that never
4961 * make it down to say RAIDCore's configuration code.
4962 */
4963int
4964ctl_config_move_done(union ctl_io *io)
4965{
4966	int retval;
4967
4968	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4969	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4970	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4971
4972	if ((io->io_hdr.port_status != 0) &&
4973	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4974	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4975		/*
4976		 * For hardware error sense keys, the sense key
4977		 * specific value is defined to be a retry count,
4978		 * but we use it to pass back an internal FETD
4979		 * error code.  XXX KDM  Hopefully the FETD is only
4980		 * using 16 bits for an error code, since that's
4981		 * all the space we have in the sks field.
4982		 */
4983		ctl_set_internal_failure(&io->scsiio,
4984					 /*sks_valid*/ 1,
4985					 /*retry_count*/
4986					 io->io_hdr.port_status);
4987	}
4988
4989	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4990		ctl_data_print(io);
4991	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4992	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4993	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4994	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4995		/*
4996		 * XXX KDM just assuming a single pointer here, and not a
4997		 * S/G list.  If we start using S/G lists for config data,
4998		 * we'll need to know how to clean them up here as well.
4999		 */
5000		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5001			free(io->scsiio.kern_data_ptr, M_CTL);
5002		ctl_done(io);
5003		retval = CTL_RETVAL_COMPLETE;
5004	} else {
5005		/*
5006		 * XXX KDM now we need to continue data movement.  Some
5007		 * options:
5008		 * - call ctl_scsiio() again?  We don't do this for data
5009		 *   writes, because for those at least we know ahead of
5010		 *   time where the write will go and how long it is.  For
5011		 *   config writes, though, that information is largely
5012		 *   contained within the write itself, thus we need to
5013		 *   parse out the data again.
5014		 *
5015		 * - Call some other function once the data is in?
5016		 */
5017
5018		/*
5019		 * XXX KDM call ctl_scsiio() again for now, and check flag
5020		 * bits to see whether we're allocated or not.
5021		 */
5022		retval = ctl_scsiio(&io->scsiio);
5023	}
5024	return (retval);
5025}
5026
5027/*
5028 * This gets called by a backend driver when it is done with a
5029 * data_submit method.
5030 */
5031void
5032ctl_data_submit_done(union ctl_io *io)
5033{
5034	/*
5035	 * If the IO_CONT flag is set, we need to call the supplied
5036	 * function to continue processing the I/O, instead of completing
5037	 * the I/O just yet.
5038	 *
5039	 * If there is an error, though, we don't want to keep processing.
5040	 * Instead, just send status back to the initiator.
5041	 */
5042	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5043	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5044	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5045	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5046		io->scsiio.io_cont(io);
5047		return;
5048	}
5049	ctl_done(io);
5050}
5051
5052/*
5053 * This gets called by a backend driver when it is done with a
5054 * configuration write.
5055 */
5056void
5057ctl_config_write_done(union ctl_io *io)
5058{
5059	uint8_t *buf;
5060
5061	/*
5062	 * If the IO_CONT flag is set, we need to call the supplied
5063	 * function to continue processing the I/O, instead of completing
5064	 * the I/O just yet.
5065	 *
5066	 * If there is an error, though, we don't want to keep processing.
5067	 * Instead, just send status back to the initiator.
5068	 */
5069	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5070	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5071	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5072	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5073		io->scsiio.io_cont(io);
5074		return;
5075	}
5076	/*
5077	 * Since a configuration write can be done for commands that actually
5078	 * have data allocated, like write buffer, and commands that have
5079	 * no data, like start/stop unit, we need to check here.
5080	 */
5081	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5082		buf = io->scsiio.kern_data_ptr;
5083	else
5084		buf = NULL;
5085	ctl_done(io);
5086	if (buf)
5087		free(buf, M_CTL);
5088}
5089
5090void
5091ctl_config_read_done(union ctl_io *io)
5092{
5093	uint8_t *buf;
5094
5095	/*
5096	 * If there is some error -- we are done, skip data transfer.
5097	 */
5098	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5099	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5100	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5101		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5102			buf = io->scsiio.kern_data_ptr;
5103		else
5104			buf = NULL;
5105		ctl_done(io);
5106		if (buf)
5107			free(buf, M_CTL);
5108		return;
5109	}
5110
5111	/*
5112	 * If the IO_CONT flag is set, we need to call the supplied
5113	 * function to continue processing the I/O, instead of completing
5114	 * the I/O just yet.
5115	 */
5116	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5117		io->scsiio.io_cont(io);
5118		return;
5119	}
5120
5121	ctl_datamove(io);
5122}
5123
5124/*
5125 * SCSI release command.
5126 */
5127int
5128ctl_scsi_release(struct ctl_scsiio *ctsio)
5129{
5130	int length, longid, thirdparty_id, resv_id;
5131	struct ctl_lun *lun;
5132	uint32_t residx;
5133
5134	length = 0;
5135	resv_id = 0;
5136
5137	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5138
5139	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5140	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5141
5142	switch (ctsio->cdb[0]) {
5143	case RELEASE_10: {
5144		struct scsi_release_10 *cdb;
5145
5146		cdb = (struct scsi_release_10 *)ctsio->cdb;
5147
5148		if (cdb->byte2 & SR10_LONGID)
5149			longid = 1;
5150		else
5151			thirdparty_id = cdb->thirdparty_id;
5152
5153		resv_id = cdb->resv_id;
5154		length = scsi_2btoul(cdb->length);
5155		break;
5156	}
5157	}
5158
5159
5160	/*
5161	 * XXX KDM right now, we only support LUN reservation.  We don't
5162	 * support 3rd party reservations, or extent reservations, which
5163	 * might actually need the parameter list.  If we've gotten this
5164	 * far, we've got a LUN reservation.  Anything else got kicked out
5165	 * above.  So, according to SPC, ignore the length.
5166	 */
5167	length = 0;
5168
5169	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5170	 && (length > 0)) {
5171		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5172		ctsio->kern_data_len = length;
5173		ctsio->kern_total_len = length;
5174		ctsio->kern_data_resid = 0;
5175		ctsio->kern_rel_offset = 0;
5176		ctsio->kern_sg_entries = 0;
5177		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5178		ctsio->be_move_done = ctl_config_move_done;
5179		ctl_datamove((union ctl_io *)ctsio);
5180
5181		return (CTL_RETVAL_COMPLETE);
5182	}
5183
5184	if (length > 0)
5185		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5186
5187	mtx_lock(&lun->lun_lock);
5188
5189	/*
5190	 * According to SPC, it is not an error for an intiator to attempt
5191	 * to release a reservation on a LUN that isn't reserved, or that
5192	 * is reserved by another initiator.  The reservation can only be
5193	 * released, though, by the initiator who made it or by one of
5194	 * several reset type events.
5195	 */
5196	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5197			lun->flags &= ~CTL_LUN_RESERVED;
5198
5199	mtx_unlock(&lun->lun_lock);
5200
5201	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5202		free(ctsio->kern_data_ptr, M_CTL);
5203		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5204	}
5205
5206	ctl_set_success(ctsio);
5207	ctl_done((union ctl_io *)ctsio);
5208	return (CTL_RETVAL_COMPLETE);
5209}
5210
5211int
5212ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5213{
5214	int extent, thirdparty, longid;
5215	int resv_id, length;
5216	uint64_t thirdparty_id;
5217	struct ctl_lun *lun;
5218	uint32_t residx;
5219
5220	extent = 0;
5221	thirdparty = 0;
5222	longid = 0;
5223	resv_id = 0;
5224	length = 0;
5225	thirdparty_id = 0;
5226
5227	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5228
5229	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5230	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5231
5232	switch (ctsio->cdb[0]) {
5233	case RESERVE_10: {
5234		struct scsi_reserve_10 *cdb;
5235
5236		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5237
5238		if (cdb->byte2 & SR10_LONGID)
5239			longid = 1;
5240		else
5241			thirdparty_id = cdb->thirdparty_id;
5242
5243		resv_id = cdb->resv_id;
5244		length = scsi_2btoul(cdb->length);
5245		break;
5246	}
5247	}
5248
5249	/*
5250	 * XXX KDM right now, we only support LUN reservation.  We don't
5251	 * support 3rd party reservations, or extent reservations, which
5252	 * might actually need the parameter list.  If we've gotten this
5253	 * far, we've got a LUN reservation.  Anything else got kicked out
5254	 * above.  So, according to SPC, ignore the length.
5255	 */
5256	length = 0;
5257
5258	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5259	 && (length > 0)) {
5260		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5261		ctsio->kern_data_len = length;
5262		ctsio->kern_total_len = length;
5263		ctsio->kern_data_resid = 0;
5264		ctsio->kern_rel_offset = 0;
5265		ctsio->kern_sg_entries = 0;
5266		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5267		ctsio->be_move_done = ctl_config_move_done;
5268		ctl_datamove((union ctl_io *)ctsio);
5269
5270		return (CTL_RETVAL_COMPLETE);
5271	}
5272
5273	if (length > 0)
5274		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5275
5276	mtx_lock(&lun->lun_lock);
5277	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5278		ctl_set_reservation_conflict(ctsio);
5279		goto bailout;
5280	}
5281
5282	lun->flags |= CTL_LUN_RESERVED;
5283	lun->res_idx = residx;
5284
5285	ctl_set_success(ctsio);
5286
5287bailout:
5288	mtx_unlock(&lun->lun_lock);
5289
5290	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5291		free(ctsio->kern_data_ptr, M_CTL);
5292		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5293	}
5294
5295	ctl_done((union ctl_io *)ctsio);
5296	return (CTL_RETVAL_COMPLETE);
5297}
5298
5299int
5300ctl_start_stop(struct ctl_scsiio *ctsio)
5301{
5302	struct scsi_start_stop_unit *cdb;
5303	struct ctl_lun *lun;
5304	int retval;
5305
5306	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5307
5308	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5309	retval = 0;
5310
5311	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5312
5313	/*
5314	 * XXX KDM
5315	 * We don't support the immediate bit on a stop unit.  In order to
5316	 * do that, we would need to code up a way to know that a stop is
5317	 * pending, and hold off any new commands until it completes, one
5318	 * way or another.  Then we could accept or reject those commands
5319	 * depending on its status.  We would almost need to do the reverse
5320	 * of what we do below for an immediate start -- return the copy of
5321	 * the ctl_io to the FETD with status to send to the host (and to
5322	 * free the copy!) and then free the original I/O once the stop
5323	 * actually completes.  That way, the OOA queue mechanism can work
5324	 * to block commands that shouldn't proceed.  Another alternative
5325	 * would be to put the copy in the queue in place of the original,
5326	 * and return the original back to the caller.  That could be
5327	 * slightly safer..
5328	 */
5329	if ((cdb->byte2 & SSS_IMMED)
5330	 && ((cdb->how & SSS_START) == 0)) {
5331		ctl_set_invalid_field(ctsio,
5332				      /*sks_valid*/ 1,
5333				      /*command*/ 1,
5334				      /*field*/ 1,
5335				      /*bit_valid*/ 1,
5336				      /*bit*/ 0);
5337		ctl_done((union ctl_io *)ctsio);
5338		return (CTL_RETVAL_COMPLETE);
5339	}
5340
5341	if ((lun->flags & CTL_LUN_PR_RESERVED)
5342	 && ((cdb->how & SSS_START)==0)) {
5343		uint32_t residx;
5344
5345		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5346		if (ctl_get_prkey(lun, residx) == 0
5347		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5348
5349			ctl_set_reservation_conflict(ctsio);
5350			ctl_done((union ctl_io *)ctsio);
5351			return (CTL_RETVAL_COMPLETE);
5352		}
5353	}
5354
5355	/*
5356	 * If there is no backend on this device, we can't start or stop
5357	 * it.  In theory we shouldn't get any start/stop commands in the
5358	 * first place at this level if the LUN doesn't have a backend.
5359	 * That should get stopped by the command decode code.
5360	 */
5361	if (lun->backend == NULL) {
5362		ctl_set_invalid_opcode(ctsio);
5363		ctl_done((union ctl_io *)ctsio);
5364		return (CTL_RETVAL_COMPLETE);
5365	}
5366
5367	/*
5368	 * XXX KDM Copan-specific offline behavior.
5369	 * Figure out a reasonable way to port this?
5370	 */
5371#ifdef NEEDTOPORT
5372	mtx_lock(&lun->lun_lock);
5373
5374	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5375	 && (lun->flags & CTL_LUN_OFFLINE)) {
5376		/*
5377		 * If the LUN is offline, and the on/offline bit isn't set,
5378		 * reject the start or stop.  Otherwise, let it through.
5379		 */
5380		mtx_unlock(&lun->lun_lock);
5381		ctl_set_lun_not_ready(ctsio);
5382		ctl_done((union ctl_io *)ctsio);
5383	} else {
5384		mtx_unlock(&lun->lun_lock);
5385#endif /* NEEDTOPORT */
5386		/*
5387		 * This could be a start or a stop when we're online,
5388		 * or a stop/offline or start/online.  A start or stop when
5389		 * we're offline is covered in the case above.
5390		 */
5391		/*
5392		 * In the non-immediate case, we send the request to
5393		 * the backend and return status to the user when
5394		 * it is done.
5395		 *
5396		 * In the immediate case, we allocate a new ctl_io
5397		 * to hold a copy of the request, and send that to
5398		 * the backend.  We then set good status on the
5399		 * user's request and return it immediately.
5400		 */
5401		if (cdb->byte2 & SSS_IMMED) {
5402			union ctl_io *new_io;
5403
5404			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5405			ctl_copy_io((union ctl_io *)ctsio, new_io);
5406			retval = lun->backend->config_write(new_io);
5407			ctl_set_success(ctsio);
5408			ctl_done((union ctl_io *)ctsio);
5409		} else {
5410			retval = lun->backend->config_write(
5411				(union ctl_io *)ctsio);
5412		}
5413#ifdef NEEDTOPORT
5414	}
5415#endif
5416	return (retval);
5417}
5418
5419/*
5420 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5421 * we don't really do anything with the LBA and length fields if the user
5422 * passes them in.  Instead we'll just flush out the cache for the entire
5423 * LUN.
5424 */
5425int
5426ctl_sync_cache(struct ctl_scsiio *ctsio)
5427{
5428	struct ctl_lun *lun;
5429	struct ctl_softc *softc;
5430	struct ctl_lba_len_flags *lbalen;
5431	uint64_t starting_lba;
5432	uint32_t block_count;
5433	int retval;
5434	uint8_t byte2;
5435
5436	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5437
5438	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5439	softc = lun->ctl_softc;
5440	retval = 0;
5441
5442	switch (ctsio->cdb[0]) {
5443	case SYNCHRONIZE_CACHE: {
5444		struct scsi_sync_cache *cdb;
5445		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5446
5447		starting_lba = scsi_4btoul(cdb->begin_lba);
5448		block_count = scsi_2btoul(cdb->lb_count);
5449		byte2 = cdb->byte2;
5450		break;
5451	}
5452	case SYNCHRONIZE_CACHE_16: {
5453		struct scsi_sync_cache_16 *cdb;
5454		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5455
5456		starting_lba = scsi_8btou64(cdb->begin_lba);
5457		block_count = scsi_4btoul(cdb->lb_count);
5458		byte2 = cdb->byte2;
5459		break;
5460	}
5461	default:
5462		ctl_set_invalid_opcode(ctsio);
5463		ctl_done((union ctl_io *)ctsio);
5464		goto bailout;
5465		break; /* NOTREACHED */
5466	}
5467
5468	/*
5469	 * We check the LBA and length, but don't do anything with them.
5470	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5471	 * get flushed.  This check will just help satisfy anyone who wants
5472	 * to see an error for an out of range LBA.
5473	 */
5474	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5475		ctl_set_lba_out_of_range(ctsio);
5476		ctl_done((union ctl_io *)ctsio);
5477		goto bailout;
5478	}
5479
5480	/*
5481	 * If this LUN has no backend, we can't flush the cache anyway.
5482	 */
5483	if (lun->backend == NULL) {
5484		ctl_set_invalid_opcode(ctsio);
5485		ctl_done((union ctl_io *)ctsio);
5486		goto bailout;
5487	}
5488
5489	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5490	lbalen->lba = starting_lba;
5491	lbalen->len = block_count;
5492	lbalen->flags = byte2;
5493
5494	/*
5495	 * Check to see whether we're configured to send the SYNCHRONIZE
5496	 * CACHE command directly to the back end.
5497	 */
5498	mtx_lock(&lun->lun_lock);
5499	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5500	 && (++(lun->sync_count) >= lun->sync_interval)) {
5501		lun->sync_count = 0;
5502		mtx_unlock(&lun->lun_lock);
5503		retval = lun->backend->config_write((union ctl_io *)ctsio);
5504	} else {
5505		mtx_unlock(&lun->lun_lock);
5506		ctl_set_success(ctsio);
5507		ctl_done((union ctl_io *)ctsio);
5508	}
5509
5510bailout:
5511
5512	return (retval);
5513}
5514
5515int
5516ctl_format(struct ctl_scsiio *ctsio)
5517{
5518	struct scsi_format *cdb;
5519	struct ctl_lun *lun;
5520	int length, defect_list_len;
5521
5522	CTL_DEBUG_PRINT(("ctl_format\n"));
5523
5524	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5525
5526	cdb = (struct scsi_format *)ctsio->cdb;
5527
5528	length = 0;
5529	if (cdb->byte2 & SF_FMTDATA) {
5530		if (cdb->byte2 & SF_LONGLIST)
5531			length = sizeof(struct scsi_format_header_long);
5532		else
5533			length = sizeof(struct scsi_format_header_short);
5534	}
5535
5536	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5537	 && (length > 0)) {
5538		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5539		ctsio->kern_data_len = length;
5540		ctsio->kern_total_len = length;
5541		ctsio->kern_data_resid = 0;
5542		ctsio->kern_rel_offset = 0;
5543		ctsio->kern_sg_entries = 0;
5544		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5545		ctsio->be_move_done = ctl_config_move_done;
5546		ctl_datamove((union ctl_io *)ctsio);
5547
5548		return (CTL_RETVAL_COMPLETE);
5549	}
5550
5551	defect_list_len = 0;
5552
5553	if (cdb->byte2 & SF_FMTDATA) {
5554		if (cdb->byte2 & SF_LONGLIST) {
5555			struct scsi_format_header_long *header;
5556
5557			header = (struct scsi_format_header_long *)
5558				ctsio->kern_data_ptr;
5559
5560			defect_list_len = scsi_4btoul(header->defect_list_len);
5561			if (defect_list_len != 0) {
5562				ctl_set_invalid_field(ctsio,
5563						      /*sks_valid*/ 1,
5564						      /*command*/ 0,
5565						      /*field*/ 2,
5566						      /*bit_valid*/ 0,
5567						      /*bit*/ 0);
5568				goto bailout;
5569			}
5570		} else {
5571			struct scsi_format_header_short *header;
5572
5573			header = (struct scsi_format_header_short *)
5574				ctsio->kern_data_ptr;
5575
5576			defect_list_len = scsi_2btoul(header->defect_list_len);
5577			if (defect_list_len != 0) {
5578				ctl_set_invalid_field(ctsio,
5579						      /*sks_valid*/ 1,
5580						      /*command*/ 0,
5581						      /*field*/ 2,
5582						      /*bit_valid*/ 0,
5583						      /*bit*/ 0);
5584				goto bailout;
5585			}
5586		}
5587	}
5588
5589	/*
5590	 * The format command will clear out the "Medium format corrupted"
5591	 * status if set by the configuration code.  That status is really
5592	 * just a way to notify the host that we have lost the media, and
5593	 * get them to issue a command that will basically make them think
5594	 * they're blowing away the media.
5595	 */
5596	mtx_lock(&lun->lun_lock);
5597	lun->flags &= ~CTL_LUN_INOPERABLE;
5598	mtx_unlock(&lun->lun_lock);
5599
5600	ctl_set_success(ctsio);
5601bailout:
5602
5603	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5604		free(ctsio->kern_data_ptr, M_CTL);
5605		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5606	}
5607
5608	ctl_done((union ctl_io *)ctsio);
5609	return (CTL_RETVAL_COMPLETE);
5610}
5611
5612int
5613ctl_read_buffer(struct ctl_scsiio *ctsio)
5614{
5615	struct ctl_lun *lun;
5616	uint64_t buffer_offset;
5617	uint32_t len;
5618	uint8_t byte2;
5619	static uint8_t descr[4];
5620	static uint8_t echo_descr[4] = { 0 };
5621
5622	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5623	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5624	switch (ctsio->cdb[0]) {
5625	case READ_BUFFER: {
5626		struct scsi_read_buffer *cdb;
5627
5628		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5629		buffer_offset = scsi_3btoul(cdb->offset);
5630		len = scsi_3btoul(cdb->length);
5631		byte2 = cdb->byte2;
5632		break;
5633	}
5634	case READ_BUFFER_16: {
5635		struct scsi_read_buffer_16 *cdb;
5636
5637		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5638		buffer_offset = scsi_8btou64(cdb->offset);
5639		len = scsi_4btoul(cdb->length);
5640		byte2 = cdb->byte2;
5641		break;
5642	}
5643	default: /* This shouldn't happen. */
5644		ctl_set_invalid_opcode(ctsio);
5645		ctl_done((union ctl_io *)ctsio);
5646		return (CTL_RETVAL_COMPLETE);
5647	}
5648
5649	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5650	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5651	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5652		ctl_set_invalid_field(ctsio,
5653				      /*sks_valid*/ 1,
5654				      /*command*/ 1,
5655				      /*field*/ 1,
5656				      /*bit_valid*/ 1,
5657				      /*bit*/ 4);
5658		ctl_done((union ctl_io *)ctsio);
5659		return (CTL_RETVAL_COMPLETE);
5660	}
5661
5662	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5663	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5664		ctl_set_invalid_field(ctsio,
5665				      /*sks_valid*/ 1,
5666				      /*command*/ 1,
5667				      /*field*/ 6,
5668				      /*bit_valid*/ 0,
5669				      /*bit*/ 0);
5670		ctl_done((union ctl_io *)ctsio);
5671		return (CTL_RETVAL_COMPLETE);
5672	}
5673
5674	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5675		descr[0] = 0;
5676		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5677		ctsio->kern_data_ptr = descr;
5678		len = min(len, sizeof(descr));
5679	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5680		ctsio->kern_data_ptr = echo_descr;
5681		len = min(len, sizeof(echo_descr));
5682	} else {
5683		if (lun->write_buffer == NULL) {
5684			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5685			    M_CTL, M_WAITOK);
5686		}
5687		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5688	}
5689	ctsio->kern_data_len = len;
5690	ctsio->kern_total_len = len;
5691	ctsio->kern_data_resid = 0;
5692	ctsio->kern_rel_offset = 0;
5693	ctsio->kern_sg_entries = 0;
5694	ctl_set_success(ctsio);
5695	ctsio->be_move_done = ctl_config_move_done;
5696	ctl_datamove((union ctl_io *)ctsio);
5697	return (CTL_RETVAL_COMPLETE);
5698}
5699
5700int
5701ctl_write_buffer(struct ctl_scsiio *ctsio)
5702{
5703	struct scsi_write_buffer *cdb;
5704	struct ctl_lun *lun;
5705	int buffer_offset, len;
5706
5707	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5708
5709	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5710	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5711
5712	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5713		ctl_set_invalid_field(ctsio,
5714				      /*sks_valid*/ 1,
5715				      /*command*/ 1,
5716				      /*field*/ 1,
5717				      /*bit_valid*/ 1,
5718				      /*bit*/ 4);
5719		ctl_done((union ctl_io *)ctsio);
5720		return (CTL_RETVAL_COMPLETE);
5721	}
5722
5723	len = scsi_3btoul(cdb->length);
5724	buffer_offset = scsi_3btoul(cdb->offset);
5725
5726	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5727		ctl_set_invalid_field(ctsio,
5728				      /*sks_valid*/ 1,
5729				      /*command*/ 1,
5730				      /*field*/ 6,
5731				      /*bit_valid*/ 0,
5732				      /*bit*/ 0);
5733		ctl_done((union ctl_io *)ctsio);
5734		return (CTL_RETVAL_COMPLETE);
5735	}
5736
5737	/*
5738	 * If we've got a kernel request that hasn't been malloced yet,
5739	 * malloc it and tell the caller the data buffer is here.
5740	 */
5741	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5742		if (lun->write_buffer == NULL) {
5743			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5744			    M_CTL, M_WAITOK);
5745		}
5746		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5747		ctsio->kern_data_len = len;
5748		ctsio->kern_total_len = len;
5749		ctsio->kern_data_resid = 0;
5750		ctsio->kern_rel_offset = 0;
5751		ctsio->kern_sg_entries = 0;
5752		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5753		ctsio->be_move_done = ctl_config_move_done;
5754		ctl_datamove((union ctl_io *)ctsio);
5755
5756		return (CTL_RETVAL_COMPLETE);
5757	}
5758
5759	ctl_set_success(ctsio);
5760	ctl_done((union ctl_io *)ctsio);
5761	return (CTL_RETVAL_COMPLETE);
5762}
5763
5764int
5765ctl_write_same(struct ctl_scsiio *ctsio)
5766{
5767	struct ctl_lun *lun;
5768	struct ctl_lba_len_flags *lbalen;
5769	uint64_t lba;
5770	uint32_t num_blocks;
5771	int len, retval;
5772	uint8_t byte2;
5773
5774	retval = CTL_RETVAL_COMPLETE;
5775
5776	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5777
5778	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5779
5780	switch (ctsio->cdb[0]) {
5781	case WRITE_SAME_10: {
5782		struct scsi_write_same_10 *cdb;
5783
5784		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5785
5786		lba = scsi_4btoul(cdb->addr);
5787		num_blocks = scsi_2btoul(cdb->length);
5788		byte2 = cdb->byte2;
5789		break;
5790	}
5791	case WRITE_SAME_16: {
5792		struct scsi_write_same_16 *cdb;
5793
5794		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5795
5796		lba = scsi_8btou64(cdb->addr);
5797		num_blocks = scsi_4btoul(cdb->length);
5798		byte2 = cdb->byte2;
5799		break;
5800	}
5801	default:
5802		/*
5803		 * We got a command we don't support.  This shouldn't
5804		 * happen, commands should be filtered out above us.
5805		 */
5806		ctl_set_invalid_opcode(ctsio);
5807		ctl_done((union ctl_io *)ctsio);
5808
5809		return (CTL_RETVAL_COMPLETE);
5810		break; /* NOTREACHED */
5811	}
5812
5813	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5814	if ((byte2 & SWS_UNMAP) == 0 &&
5815	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5816		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5817		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5818		ctl_done((union ctl_io *)ctsio);
5819		return (CTL_RETVAL_COMPLETE);
5820	}
5821
5822	/*
5823	 * The first check is to make sure we're in bounds, the second
5824	 * check is to catch wrap-around problems.  If the lba + num blocks
5825	 * is less than the lba, then we've wrapped around and the block
5826	 * range is invalid anyway.
5827	 */
5828	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5829	 || ((lba + num_blocks) < lba)) {
5830		ctl_set_lba_out_of_range(ctsio);
5831		ctl_done((union ctl_io *)ctsio);
5832		return (CTL_RETVAL_COMPLETE);
5833	}
5834
5835	/* Zero number of blocks means "to the last logical block" */
5836	if (num_blocks == 0) {
5837		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5838			ctl_set_invalid_field(ctsio,
5839					      /*sks_valid*/ 0,
5840					      /*command*/ 1,
5841					      /*field*/ 0,
5842					      /*bit_valid*/ 0,
5843					      /*bit*/ 0);
5844			ctl_done((union ctl_io *)ctsio);
5845			return (CTL_RETVAL_COMPLETE);
5846		}
5847		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5848	}
5849
5850	len = lun->be_lun->blocksize;
5851
5852	/*
5853	 * If we've got a kernel request that hasn't been malloced yet,
5854	 * malloc it and tell the caller the data buffer is here.
5855	 */
5856	if ((byte2 & SWS_NDOB) == 0 &&
5857	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5858		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5859		ctsio->kern_data_len = len;
5860		ctsio->kern_total_len = len;
5861		ctsio->kern_data_resid = 0;
5862		ctsio->kern_rel_offset = 0;
5863		ctsio->kern_sg_entries = 0;
5864		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5865		ctsio->be_move_done = ctl_config_move_done;
5866		ctl_datamove((union ctl_io *)ctsio);
5867
5868		return (CTL_RETVAL_COMPLETE);
5869	}
5870
5871	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5872	lbalen->lba = lba;
5873	lbalen->len = num_blocks;
5874	lbalen->flags = byte2;
5875	retval = lun->backend->config_write((union ctl_io *)ctsio);
5876
5877	return (retval);
5878}
5879
5880int
5881ctl_unmap(struct ctl_scsiio *ctsio)
5882{
5883	struct ctl_lun *lun;
5884	struct scsi_unmap *cdb;
5885	struct ctl_ptr_len_flags *ptrlen;
5886	struct scsi_unmap_header *hdr;
5887	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5888	uint64_t lba;
5889	uint32_t num_blocks;
5890	int len, retval;
5891	uint8_t byte2;
5892
5893	retval = CTL_RETVAL_COMPLETE;
5894
5895	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5896
5897	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5898	cdb = (struct scsi_unmap *)ctsio->cdb;
5899
5900	len = scsi_2btoul(cdb->length);
5901	byte2 = cdb->byte2;
5902
5903	/*
5904	 * If we've got a kernel request that hasn't been malloced yet,
5905	 * malloc it and tell the caller the data buffer is here.
5906	 */
5907	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5908		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5909		ctsio->kern_data_len = len;
5910		ctsio->kern_total_len = len;
5911		ctsio->kern_data_resid = 0;
5912		ctsio->kern_rel_offset = 0;
5913		ctsio->kern_sg_entries = 0;
5914		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5915		ctsio->be_move_done = ctl_config_move_done;
5916		ctl_datamove((union ctl_io *)ctsio);
5917
5918		return (CTL_RETVAL_COMPLETE);
5919	}
5920
5921	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5922	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5923	if (len < sizeof (*hdr) ||
5924	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5925	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5926	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5927		ctl_set_invalid_field(ctsio,
5928				      /*sks_valid*/ 0,
5929				      /*command*/ 0,
5930				      /*field*/ 0,
5931				      /*bit_valid*/ 0,
5932				      /*bit*/ 0);
5933		goto done;
5934	}
5935	len = scsi_2btoul(hdr->desc_length);
5936	buf = (struct scsi_unmap_desc *)(hdr + 1);
5937	end = buf + len / sizeof(*buf);
5938
5939	endnz = buf;
5940	for (range = buf; range < end; range++) {
5941		lba = scsi_8btou64(range->lba);
5942		num_blocks = scsi_4btoul(range->length);
5943		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5944		 || ((lba + num_blocks) < lba)) {
5945			ctl_set_lba_out_of_range(ctsio);
5946			ctl_done((union ctl_io *)ctsio);
5947			return (CTL_RETVAL_COMPLETE);
5948		}
5949		if (num_blocks != 0)
5950			endnz = range + 1;
5951	}
5952
5953	/*
5954	 * Block backend can not handle zero last range.
5955	 * Filter it out and return if there is nothing left.
5956	 */
5957	len = (uint8_t *)endnz - (uint8_t *)buf;
5958	if (len == 0) {
5959		ctl_set_success(ctsio);
5960		goto done;
5961	}
5962
5963	mtx_lock(&lun->lun_lock);
5964	ptrlen = (struct ctl_ptr_len_flags *)
5965	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5966	ptrlen->ptr = (void *)buf;
5967	ptrlen->len = len;
5968	ptrlen->flags = byte2;
5969	ctl_check_blocked(lun);
5970	mtx_unlock(&lun->lun_lock);
5971
5972	retval = lun->backend->config_write((union ctl_io *)ctsio);
5973	return (retval);
5974
5975done:
5976	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5977		free(ctsio->kern_data_ptr, M_CTL);
5978		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5979	}
5980	ctl_done((union ctl_io *)ctsio);
5981	return (CTL_RETVAL_COMPLETE);
5982}
5983
5984/*
5985 * Note that this function currently doesn't actually do anything inside
5986 * CTL to enforce things if the DQue bit is turned on.
5987 *
5988 * Also note that this function can't be used in the default case, because
5989 * the DQue bit isn't set in the changeable mask for the control mode page
5990 * anyway.  This is just here as an example for how to implement a page
5991 * handler, and a placeholder in case we want to allow the user to turn
5992 * tagged queueing on and off.
5993 *
5994 * The D_SENSE bit handling is functional, however, and will turn
5995 * descriptor sense on and off for a given LUN.
5996 */
5997int
5998ctl_control_page_handler(struct ctl_scsiio *ctsio,
5999			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6000{
6001	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6002	struct ctl_lun *lun;
6003	int set_ua;
6004	uint32_t initidx;
6005
6006	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6007	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6008	set_ua = 0;
6009
6010	user_cp = (struct scsi_control_page *)page_ptr;
6011	current_cp = (struct scsi_control_page *)
6012		(page_index->page_data + (page_index->page_len *
6013		CTL_PAGE_CURRENT));
6014	saved_cp = (struct scsi_control_page *)
6015		(page_index->page_data + (page_index->page_len *
6016		CTL_PAGE_SAVED));
6017
6018	mtx_lock(&lun->lun_lock);
6019	if (((current_cp->rlec & SCP_DSENSE) == 0)
6020	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6021		/*
6022		 * Descriptor sense is currently turned off and the user
6023		 * wants to turn it on.
6024		 */
6025		current_cp->rlec |= SCP_DSENSE;
6026		saved_cp->rlec |= SCP_DSENSE;
6027		lun->flags |= CTL_LUN_SENSE_DESC;
6028		set_ua = 1;
6029	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6030		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6031		/*
6032		 * Descriptor sense is currently turned on, and the user
6033		 * wants to turn it off.
6034		 */
6035		current_cp->rlec &= ~SCP_DSENSE;
6036		saved_cp->rlec &= ~SCP_DSENSE;
6037		lun->flags &= ~CTL_LUN_SENSE_DESC;
6038		set_ua = 1;
6039	}
6040	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6041	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6042		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6043		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6044		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6045		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6046		set_ua = 1;
6047	}
6048	if ((current_cp->eca_and_aen & SCP_SWP) !=
6049	    (user_cp->eca_and_aen & SCP_SWP)) {
6050		current_cp->eca_and_aen &= ~SCP_SWP;
6051		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6052		saved_cp->eca_and_aen &= ~SCP_SWP;
6053		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6054		set_ua = 1;
6055	}
6056	if (set_ua != 0)
6057		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6058	mtx_unlock(&lun->lun_lock);
6059	if (set_ua) {
6060		ctl_isc_announce_mode(lun,
6061		    ctl_get_initindex(&ctsio->io_hdr.nexus),
6062		    page_index->page_code, page_index->subpage);
6063	}
6064	return (0);
6065}
6066
6067int
6068ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6069		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6070{
6071	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6072	struct ctl_lun *lun;
6073	int set_ua;
6074	uint32_t initidx;
6075
6076	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6077	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6078	set_ua = 0;
6079
6080	user_cp = (struct scsi_caching_page *)page_ptr;
6081	current_cp = (struct scsi_caching_page *)
6082		(page_index->page_data + (page_index->page_len *
6083		CTL_PAGE_CURRENT));
6084	saved_cp = (struct scsi_caching_page *)
6085		(page_index->page_data + (page_index->page_len *
6086		CTL_PAGE_SAVED));
6087
6088	mtx_lock(&lun->lun_lock);
6089	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6090	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6091		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6092		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6093		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6094		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6095		set_ua = 1;
6096	}
6097	if (set_ua != 0)
6098		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6099	mtx_unlock(&lun->lun_lock);
6100	if (set_ua) {
6101		ctl_isc_announce_mode(lun,
6102		    ctl_get_initindex(&ctsio->io_hdr.nexus),
6103		    page_index->page_code, page_index->subpage);
6104	}
6105	return (0);
6106}
6107
6108int
6109ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6110				struct ctl_page_index *page_index,
6111				uint8_t *page_ptr)
6112{
6113	uint8_t *c;
6114	int i;
6115
6116	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6117	ctl_time_io_secs =
6118		(c[0] << 8) |
6119		(c[1] << 0) |
6120		0;
6121	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6122	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6123	printf("page data:");
6124	for (i=0; i<8; i++)
6125		printf(" %.2x",page_ptr[i]);
6126	printf("\n");
6127	return (0);
6128}
6129
6130int
6131ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6132			       struct ctl_page_index *page_index,
6133			       int pc)
6134{
6135	struct copan_debugconf_subpage *page;
6136
6137	page = (struct copan_debugconf_subpage *)page_index->page_data +
6138		(page_index->page_len * pc);
6139
6140	switch (pc) {
6141	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6142	case SMS_PAGE_CTRL_DEFAULT >> 6:
6143	case SMS_PAGE_CTRL_SAVED >> 6:
6144		/*
6145		 * We don't update the changable or default bits for this page.
6146		 */
6147		break;
6148	case SMS_PAGE_CTRL_CURRENT >> 6:
6149		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6150		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6151		break;
6152	default:
6153#ifdef NEEDTOPORT
6154		EPRINT(0, "Invalid PC %d!!", pc);
6155#endif /* NEEDTOPORT */
6156		break;
6157	}
6158	return (0);
6159}
6160
6161
6162static int
6163ctl_do_mode_select(union ctl_io *io)
6164{
6165	struct scsi_mode_page_header *page_header;
6166	struct ctl_page_index *page_index;
6167	struct ctl_scsiio *ctsio;
6168	int control_dev, page_len;
6169	int page_len_offset, page_len_size;
6170	union ctl_modepage_info *modepage_info;
6171	struct ctl_lun *lun;
6172	int *len_left, *len_used;
6173	int retval, i;
6174
6175	ctsio = &io->scsiio;
6176	page_index = NULL;
6177	page_len = 0;
6178	retval = CTL_RETVAL_COMPLETE;
6179
6180	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6181
6182	if (lun->be_lun->lun_type != T_DIRECT)
6183		control_dev = 1;
6184	else
6185		control_dev = 0;
6186
6187	modepage_info = (union ctl_modepage_info *)
6188		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6189	len_left = &modepage_info->header.len_left;
6190	len_used = &modepage_info->header.len_used;
6191
6192do_next_page:
6193
6194	page_header = (struct scsi_mode_page_header *)
6195		(ctsio->kern_data_ptr + *len_used);
6196
6197	if (*len_left == 0) {
6198		free(ctsio->kern_data_ptr, M_CTL);
6199		ctl_set_success(ctsio);
6200		ctl_done((union ctl_io *)ctsio);
6201		return (CTL_RETVAL_COMPLETE);
6202	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6203
6204		free(ctsio->kern_data_ptr, M_CTL);
6205		ctl_set_param_len_error(ctsio);
6206		ctl_done((union ctl_io *)ctsio);
6207		return (CTL_RETVAL_COMPLETE);
6208
6209	} else if ((page_header->page_code & SMPH_SPF)
6210		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6211
6212		free(ctsio->kern_data_ptr, M_CTL);
6213		ctl_set_param_len_error(ctsio);
6214		ctl_done((union ctl_io *)ctsio);
6215		return (CTL_RETVAL_COMPLETE);
6216	}
6217
6218
6219	/*
6220	 * XXX KDM should we do something with the block descriptor?
6221	 */
6222	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6223
6224		if ((control_dev != 0)
6225		 && (lun->mode_pages.index[i].page_flags &
6226		     CTL_PAGE_FLAG_DISK_ONLY))
6227			continue;
6228
6229		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6230		    (page_header->page_code & SMPH_PC_MASK))
6231			continue;
6232
6233		/*
6234		 * If neither page has a subpage code, then we've got a
6235		 * match.
6236		 */
6237		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6238		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6239			page_index = &lun->mode_pages.index[i];
6240			page_len = page_header->page_length;
6241			break;
6242		}
6243
6244		/*
6245		 * If both pages have subpages, then the subpage numbers
6246		 * have to match.
6247		 */
6248		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6249		  && (page_header->page_code & SMPH_SPF)) {
6250			struct scsi_mode_page_header_sp *sph;
6251
6252			sph = (struct scsi_mode_page_header_sp *)page_header;
6253
6254			if (lun->mode_pages.index[i].subpage ==
6255			    sph->subpage) {
6256				page_index = &lun->mode_pages.index[i];
6257				page_len = scsi_2btoul(sph->page_length);
6258				break;
6259			}
6260		}
6261	}
6262
6263	/*
6264	 * If we couldn't find the page, or if we don't have a mode select
6265	 * handler for it, send back an error to the user.
6266	 */
6267	if ((page_index == NULL)
6268	 || (page_index->select_handler == NULL)) {
6269		ctl_set_invalid_field(ctsio,
6270				      /*sks_valid*/ 1,
6271				      /*command*/ 0,
6272				      /*field*/ *len_used,
6273				      /*bit_valid*/ 0,
6274				      /*bit*/ 0);
6275		free(ctsio->kern_data_ptr, M_CTL);
6276		ctl_done((union ctl_io *)ctsio);
6277		return (CTL_RETVAL_COMPLETE);
6278	}
6279
6280	if (page_index->page_code & SMPH_SPF) {
6281		page_len_offset = 2;
6282		page_len_size = 2;
6283	} else {
6284		page_len_size = 1;
6285		page_len_offset = 1;
6286	}
6287
6288	/*
6289	 * If the length the initiator gives us isn't the one we specify in
6290	 * the mode page header, or if they didn't specify enough data in
6291	 * the CDB to avoid truncating this page, kick out the request.
6292	 */
6293	if ((page_len != (page_index->page_len - page_len_offset -
6294			  page_len_size))
6295	 || (*len_left < page_index->page_len)) {
6296
6297
6298		ctl_set_invalid_field(ctsio,
6299				      /*sks_valid*/ 1,
6300				      /*command*/ 0,
6301				      /*field*/ *len_used + page_len_offset,
6302				      /*bit_valid*/ 0,
6303				      /*bit*/ 0);
6304		free(ctsio->kern_data_ptr, M_CTL);
6305		ctl_done((union ctl_io *)ctsio);
6306		return (CTL_RETVAL_COMPLETE);
6307	}
6308
6309	/*
6310	 * Run through the mode page, checking to make sure that the bits
6311	 * the user changed are actually legal for him to change.
6312	 */
6313	for (i = 0; i < page_index->page_len; i++) {
6314		uint8_t *user_byte, *change_mask, *current_byte;
6315		int bad_bit;
6316		int j;
6317
6318		user_byte = (uint8_t *)page_header + i;
6319		change_mask = page_index->page_data +
6320			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6321		current_byte = page_index->page_data +
6322			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6323
6324		/*
6325		 * Check to see whether the user set any bits in this byte
6326		 * that he is not allowed to set.
6327		 */
6328		if ((*user_byte & ~(*change_mask)) ==
6329		    (*current_byte & ~(*change_mask)))
6330			continue;
6331
6332		/*
6333		 * Go through bit by bit to determine which one is illegal.
6334		 */
6335		bad_bit = 0;
6336		for (j = 7; j >= 0; j--) {
6337			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6338			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6339				bad_bit = i;
6340				break;
6341			}
6342		}
6343		ctl_set_invalid_field(ctsio,
6344				      /*sks_valid*/ 1,
6345				      /*command*/ 0,
6346				      /*field*/ *len_used + i,
6347				      /*bit_valid*/ 1,
6348				      /*bit*/ bad_bit);
6349		free(ctsio->kern_data_ptr, M_CTL);
6350		ctl_done((union ctl_io *)ctsio);
6351		return (CTL_RETVAL_COMPLETE);
6352	}
6353
6354	/*
6355	 * Decrement these before we call the page handler, since we may
6356	 * end up getting called back one way or another before the handler
6357	 * returns to this context.
6358	 */
6359	*len_left -= page_index->page_len;
6360	*len_used += page_index->page_len;
6361
6362	retval = page_index->select_handler(ctsio, page_index,
6363					    (uint8_t *)page_header);
6364
6365	/*
6366	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6367	 * wait until this queued command completes to finish processing
6368	 * the mode page.  If it returns anything other than
6369	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6370	 * already set the sense information, freed the data pointer, and
6371	 * completed the io for us.
6372	 */
6373	if (retval != CTL_RETVAL_COMPLETE)
6374		goto bailout_no_done;
6375
6376	/*
6377	 * If the initiator sent us more than one page, parse the next one.
6378	 */
6379	if (*len_left > 0)
6380		goto do_next_page;
6381
6382	ctl_set_success(ctsio);
6383	free(ctsio->kern_data_ptr, M_CTL);
6384	ctl_done((union ctl_io *)ctsio);
6385
6386bailout_no_done:
6387
6388	return (CTL_RETVAL_COMPLETE);
6389
6390}
6391
6392int
6393ctl_mode_select(struct ctl_scsiio *ctsio)
6394{
6395	int param_len, pf, sp;
6396	int header_size, bd_len;
6397	int len_left, len_used;
6398	struct ctl_page_index *page_index;
6399	struct ctl_lun *lun;
6400	int control_dev, page_len;
6401	union ctl_modepage_info *modepage_info;
6402	int retval;
6403
6404	pf = 0;
6405	sp = 0;
6406	page_len = 0;
6407	len_used = 0;
6408	len_left = 0;
6409	retval = 0;
6410	bd_len = 0;
6411	page_index = NULL;
6412
6413	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6414
6415	if (lun->be_lun->lun_type != T_DIRECT)
6416		control_dev = 1;
6417	else
6418		control_dev = 0;
6419
6420	switch (ctsio->cdb[0]) {
6421	case MODE_SELECT_6: {
6422		struct scsi_mode_select_6 *cdb;
6423
6424		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6425
6426		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6427		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6428
6429		param_len = cdb->length;
6430		header_size = sizeof(struct scsi_mode_header_6);
6431		break;
6432	}
6433	case MODE_SELECT_10: {
6434		struct scsi_mode_select_10 *cdb;
6435
6436		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6437
6438		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6439		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6440
6441		param_len = scsi_2btoul(cdb->length);
6442		header_size = sizeof(struct scsi_mode_header_10);
6443		break;
6444	}
6445	default:
6446		ctl_set_invalid_opcode(ctsio);
6447		ctl_done((union ctl_io *)ctsio);
6448		return (CTL_RETVAL_COMPLETE);
6449		break; /* NOTREACHED */
6450	}
6451
6452	/*
6453	 * From SPC-3:
6454	 * "A parameter list length of zero indicates that the Data-Out Buffer
6455	 * shall be empty. This condition shall not be considered as an error."
6456	 */
6457	if (param_len == 0) {
6458		ctl_set_success(ctsio);
6459		ctl_done((union ctl_io *)ctsio);
6460		return (CTL_RETVAL_COMPLETE);
6461	}
6462
6463	/*
6464	 * Since we'll hit this the first time through, prior to
6465	 * allocation, we don't need to free a data buffer here.
6466	 */
6467	if (param_len < header_size) {
6468		ctl_set_param_len_error(ctsio);
6469		ctl_done((union ctl_io *)ctsio);
6470		return (CTL_RETVAL_COMPLETE);
6471	}
6472
6473	/*
6474	 * Allocate the data buffer and grab the user's data.  In theory,
6475	 * we shouldn't have to sanity check the parameter list length here
6476	 * because the maximum size is 64K.  We should be able to malloc
6477	 * that much without too many problems.
6478	 */
6479	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6480		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6481		ctsio->kern_data_len = param_len;
6482		ctsio->kern_total_len = param_len;
6483		ctsio->kern_data_resid = 0;
6484		ctsio->kern_rel_offset = 0;
6485		ctsio->kern_sg_entries = 0;
6486		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6487		ctsio->be_move_done = ctl_config_move_done;
6488		ctl_datamove((union ctl_io *)ctsio);
6489
6490		return (CTL_RETVAL_COMPLETE);
6491	}
6492
6493	switch (ctsio->cdb[0]) {
6494	case MODE_SELECT_6: {
6495		struct scsi_mode_header_6 *mh6;
6496
6497		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6498		bd_len = mh6->blk_desc_len;
6499		break;
6500	}
6501	case MODE_SELECT_10: {
6502		struct scsi_mode_header_10 *mh10;
6503
6504		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6505		bd_len = scsi_2btoul(mh10->blk_desc_len);
6506		break;
6507	}
6508	default:
6509		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6510		break;
6511	}
6512
6513	if (param_len < (header_size + bd_len)) {
6514		free(ctsio->kern_data_ptr, M_CTL);
6515		ctl_set_param_len_error(ctsio);
6516		ctl_done((union ctl_io *)ctsio);
6517		return (CTL_RETVAL_COMPLETE);
6518	}
6519
6520	/*
6521	 * Set the IO_CONT flag, so that if this I/O gets passed to
6522	 * ctl_config_write_done(), it'll get passed back to
6523	 * ctl_do_mode_select() for further processing, or completion if
6524	 * we're all done.
6525	 */
6526	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6527	ctsio->io_cont = ctl_do_mode_select;
6528
6529	modepage_info = (union ctl_modepage_info *)
6530		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6531
6532	memset(modepage_info, 0, sizeof(*modepage_info));
6533
6534	len_left = param_len - header_size - bd_len;
6535	len_used = header_size + bd_len;
6536
6537	modepage_info->header.len_left = len_left;
6538	modepage_info->header.len_used = len_used;
6539
6540	return (ctl_do_mode_select((union ctl_io *)ctsio));
6541}
6542
6543int
6544ctl_mode_sense(struct ctl_scsiio *ctsio)
6545{
6546	struct ctl_lun *lun;
6547	int pc, page_code, dbd, llba, subpage;
6548	int alloc_len, page_len, header_len, total_len;
6549	struct scsi_mode_block_descr *block_desc;
6550	struct ctl_page_index *page_index;
6551	int control_dev;
6552
6553	dbd = 0;
6554	llba = 0;
6555	block_desc = NULL;
6556	page_index = NULL;
6557
6558	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6559
6560	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6561
6562	if (lun->be_lun->lun_type != T_DIRECT)
6563		control_dev = 1;
6564	else
6565		control_dev = 0;
6566
6567	switch (ctsio->cdb[0]) {
6568	case MODE_SENSE_6: {
6569		struct scsi_mode_sense_6 *cdb;
6570
6571		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6572
6573		header_len = sizeof(struct scsi_mode_hdr_6);
6574		if (cdb->byte2 & SMS_DBD)
6575			dbd = 1;
6576		else
6577			header_len += sizeof(struct scsi_mode_block_descr);
6578
6579		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6580		page_code = cdb->page & SMS_PAGE_CODE;
6581		subpage = cdb->subpage;
6582		alloc_len = cdb->length;
6583		break;
6584	}
6585	case MODE_SENSE_10: {
6586		struct scsi_mode_sense_10 *cdb;
6587
6588		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6589
6590		header_len = sizeof(struct scsi_mode_hdr_10);
6591
6592		if (cdb->byte2 & SMS_DBD)
6593			dbd = 1;
6594		else
6595			header_len += sizeof(struct scsi_mode_block_descr);
6596		if (cdb->byte2 & SMS10_LLBAA)
6597			llba = 1;
6598		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6599		page_code = cdb->page & SMS_PAGE_CODE;
6600		subpage = cdb->subpage;
6601		alloc_len = scsi_2btoul(cdb->length);
6602		break;
6603	}
6604	default:
6605		ctl_set_invalid_opcode(ctsio);
6606		ctl_done((union ctl_io *)ctsio);
6607		return (CTL_RETVAL_COMPLETE);
6608		break; /* NOTREACHED */
6609	}
6610
6611	/*
6612	 * We have to make a first pass through to calculate the size of
6613	 * the pages that match the user's query.  Then we allocate enough
6614	 * memory to hold it, and actually copy the data into the buffer.
6615	 */
6616	switch (page_code) {
6617	case SMS_ALL_PAGES_PAGE: {
6618		int i;
6619
6620		page_len = 0;
6621
6622		/*
6623		 * At the moment, values other than 0 and 0xff here are
6624		 * reserved according to SPC-3.
6625		 */
6626		if ((subpage != SMS_SUBPAGE_PAGE_0)
6627		 && (subpage != SMS_SUBPAGE_ALL)) {
6628			ctl_set_invalid_field(ctsio,
6629					      /*sks_valid*/ 1,
6630					      /*command*/ 1,
6631					      /*field*/ 3,
6632					      /*bit_valid*/ 0,
6633					      /*bit*/ 0);
6634			ctl_done((union ctl_io *)ctsio);
6635			return (CTL_RETVAL_COMPLETE);
6636		}
6637
6638		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6639			if ((control_dev != 0)
6640			 && (lun->mode_pages.index[i].page_flags &
6641			     CTL_PAGE_FLAG_DISK_ONLY))
6642				continue;
6643
6644			/*
6645			 * We don't use this subpage if the user didn't
6646			 * request all subpages.
6647			 */
6648			if ((lun->mode_pages.index[i].subpage != 0)
6649			 && (subpage == SMS_SUBPAGE_PAGE_0))
6650				continue;
6651
6652#if 0
6653			printf("found page %#x len %d\n",
6654			       lun->mode_pages.index[i].page_code &
6655			       SMPH_PC_MASK,
6656			       lun->mode_pages.index[i].page_len);
6657#endif
6658			page_len += lun->mode_pages.index[i].page_len;
6659		}
6660		break;
6661	}
6662	default: {
6663		int i;
6664
6665		page_len = 0;
6666
6667		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6668			/* Look for the right page code */
6669			if ((lun->mode_pages.index[i].page_code &
6670			     SMPH_PC_MASK) != page_code)
6671				continue;
6672
6673			/* Look for the right subpage or the subpage wildcard*/
6674			if ((lun->mode_pages.index[i].subpage != subpage)
6675			 && (subpage != SMS_SUBPAGE_ALL))
6676				continue;
6677
6678			/* Make sure the page is supported for this dev type */
6679			if ((control_dev != 0)
6680			 && (lun->mode_pages.index[i].page_flags &
6681			     CTL_PAGE_FLAG_DISK_ONLY))
6682				continue;
6683
6684#if 0
6685			printf("found page %#x len %d\n",
6686			       lun->mode_pages.index[i].page_code &
6687			       SMPH_PC_MASK,
6688			       lun->mode_pages.index[i].page_len);
6689#endif
6690
6691			page_len += lun->mode_pages.index[i].page_len;
6692		}
6693
6694		if (page_len == 0) {
6695			ctl_set_invalid_field(ctsio,
6696					      /*sks_valid*/ 1,
6697					      /*command*/ 1,
6698					      /*field*/ 2,
6699					      /*bit_valid*/ 1,
6700					      /*bit*/ 5);
6701			ctl_done((union ctl_io *)ctsio);
6702			return (CTL_RETVAL_COMPLETE);
6703		}
6704		break;
6705	}
6706	}
6707
6708	total_len = header_len + page_len;
6709#if 0
6710	printf("header_len = %d, page_len = %d, total_len = %d\n",
6711	       header_len, page_len, total_len);
6712#endif
6713
6714	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6715	ctsio->kern_sg_entries = 0;
6716	ctsio->kern_data_resid = 0;
6717	ctsio->kern_rel_offset = 0;
6718	if (total_len < alloc_len) {
6719		ctsio->residual = alloc_len - total_len;
6720		ctsio->kern_data_len = total_len;
6721		ctsio->kern_total_len = total_len;
6722	} else {
6723		ctsio->residual = 0;
6724		ctsio->kern_data_len = alloc_len;
6725		ctsio->kern_total_len = alloc_len;
6726	}
6727
6728	switch (ctsio->cdb[0]) {
6729	case MODE_SENSE_6: {
6730		struct scsi_mode_hdr_6 *header;
6731
6732		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6733
6734		header->datalen = MIN(total_len - 1, 254);
6735		if (control_dev == 0) {
6736			header->dev_specific = 0x10; /* DPOFUA */
6737			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6738			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6739			    .eca_and_aen & SCP_SWP) != 0)
6740				    header->dev_specific |= 0x80; /* WP */
6741		}
6742		if (dbd)
6743			header->block_descr_len = 0;
6744		else
6745			header->block_descr_len =
6746				sizeof(struct scsi_mode_block_descr);
6747		block_desc = (struct scsi_mode_block_descr *)&header[1];
6748		break;
6749	}
6750	case MODE_SENSE_10: {
6751		struct scsi_mode_hdr_10 *header;
6752		int datalen;
6753
6754		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6755
6756		datalen = MIN(total_len - 2, 65533);
6757		scsi_ulto2b(datalen, header->datalen);
6758		if (control_dev == 0) {
6759			header->dev_specific = 0x10; /* DPOFUA */
6760			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6761			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6762			    .eca_and_aen & SCP_SWP) != 0)
6763				    header->dev_specific |= 0x80; /* WP */
6764		}
6765		if (dbd)
6766			scsi_ulto2b(0, header->block_descr_len);
6767		else
6768			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6769				    header->block_descr_len);
6770		block_desc = (struct scsi_mode_block_descr *)&header[1];
6771		break;
6772	}
6773	default:
6774		panic("invalid CDB type %#x", ctsio->cdb[0]);
6775		break; /* NOTREACHED */
6776	}
6777
6778	/*
6779	 * If we've got a disk, use its blocksize in the block
6780	 * descriptor.  Otherwise, just set it to 0.
6781	 */
6782	if (dbd == 0) {
6783		if (control_dev == 0)
6784			scsi_ulto3b(lun->be_lun->blocksize,
6785				    block_desc->block_len);
6786		else
6787			scsi_ulto3b(0, block_desc->block_len);
6788	}
6789
6790	switch (page_code) {
6791	case SMS_ALL_PAGES_PAGE: {
6792		int i, data_used;
6793
6794		data_used = header_len;
6795		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6796			struct ctl_page_index *page_index;
6797
6798			page_index = &lun->mode_pages.index[i];
6799
6800			if ((control_dev != 0)
6801			 && (page_index->page_flags &
6802			    CTL_PAGE_FLAG_DISK_ONLY))
6803				continue;
6804
6805			/*
6806			 * We don't use this subpage if the user didn't
6807			 * request all subpages.  We already checked (above)
6808			 * to make sure the user only specified a subpage
6809			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6810			 */
6811			if ((page_index->subpage != 0)
6812			 && (subpage == SMS_SUBPAGE_PAGE_0))
6813				continue;
6814
6815			/*
6816			 * Call the handler, if it exists, to update the
6817			 * page to the latest values.
6818			 */
6819			if (page_index->sense_handler != NULL)
6820				page_index->sense_handler(ctsio, page_index,pc);
6821
6822			memcpy(ctsio->kern_data_ptr + data_used,
6823			       page_index->page_data +
6824			       (page_index->page_len * pc),
6825			       page_index->page_len);
6826			data_used += page_index->page_len;
6827		}
6828		break;
6829	}
6830	default: {
6831		int i, data_used;
6832
6833		data_used = header_len;
6834
6835		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6836			struct ctl_page_index *page_index;
6837
6838			page_index = &lun->mode_pages.index[i];
6839
6840			/* Look for the right page code */
6841			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6842				continue;
6843
6844			/* Look for the right subpage or the subpage wildcard*/
6845			if ((page_index->subpage != subpage)
6846			 && (subpage != SMS_SUBPAGE_ALL))
6847				continue;
6848
6849			/* Make sure the page is supported for this dev type */
6850			if ((control_dev != 0)
6851			 && (page_index->page_flags &
6852			     CTL_PAGE_FLAG_DISK_ONLY))
6853				continue;
6854
6855			/*
6856			 * Call the handler, if it exists, to update the
6857			 * page to the latest values.
6858			 */
6859			if (page_index->sense_handler != NULL)
6860				page_index->sense_handler(ctsio, page_index,pc);
6861
6862			memcpy(ctsio->kern_data_ptr + data_used,
6863			       page_index->page_data +
6864			       (page_index->page_len * pc),
6865			       page_index->page_len);
6866			data_used += page_index->page_len;
6867		}
6868		break;
6869	}
6870	}
6871
6872	ctl_set_success(ctsio);
6873	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6874	ctsio->be_move_done = ctl_config_move_done;
6875	ctl_datamove((union ctl_io *)ctsio);
6876	return (CTL_RETVAL_COMPLETE);
6877}
6878
6879int
6880ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6881			       struct ctl_page_index *page_index,
6882			       int pc)
6883{
6884	struct ctl_lun *lun;
6885	struct scsi_log_param_header *phdr;
6886	uint8_t *data;
6887	uint64_t val;
6888
6889	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6890	data = page_index->page_data;
6891
6892	if (lun->backend->lun_attr != NULL &&
6893	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6894	     != UINT64_MAX) {
6895		phdr = (struct scsi_log_param_header *)data;
6896		scsi_ulto2b(0x0001, phdr->param_code);
6897		phdr->param_control = SLP_LBIN | SLP_LP;
6898		phdr->param_len = 8;
6899		data = (uint8_t *)(phdr + 1);
6900		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6901		data[4] = 0x02; /* per-pool */
6902		data += phdr->param_len;
6903	}
6904
6905	if (lun->backend->lun_attr != NULL &&
6906	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6907	     != UINT64_MAX) {
6908		phdr = (struct scsi_log_param_header *)data;
6909		scsi_ulto2b(0x0002, phdr->param_code);
6910		phdr->param_control = SLP_LBIN | SLP_LP;
6911		phdr->param_len = 8;
6912		data = (uint8_t *)(phdr + 1);
6913		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6914		data[4] = 0x01; /* per-LUN */
6915		data += phdr->param_len;
6916	}
6917
6918	if (lun->backend->lun_attr != NULL &&
6919	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6920	     != UINT64_MAX) {
6921		phdr = (struct scsi_log_param_header *)data;
6922		scsi_ulto2b(0x00f1, phdr->param_code);
6923		phdr->param_control = SLP_LBIN | SLP_LP;
6924		phdr->param_len = 8;
6925		data = (uint8_t *)(phdr + 1);
6926		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6927		data[4] = 0x02; /* per-pool */
6928		data += phdr->param_len;
6929	}
6930
6931	if (lun->backend->lun_attr != NULL &&
6932	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6933	     != UINT64_MAX) {
6934		phdr = (struct scsi_log_param_header *)data;
6935		scsi_ulto2b(0x00f2, phdr->param_code);
6936		phdr->param_control = SLP_LBIN | SLP_LP;
6937		phdr->param_len = 8;
6938		data = (uint8_t *)(phdr + 1);
6939		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6940		data[4] = 0x02; /* per-pool */
6941		data += phdr->param_len;
6942	}
6943
6944	page_index->page_len = data - page_index->page_data;
6945	return (0);
6946}
6947
6948int
6949ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6950			       struct ctl_page_index *page_index,
6951			       int pc)
6952{
6953	struct ctl_lun *lun;
6954	struct stat_page *data;
6955	uint64_t rn, wn, rb, wb;
6956	struct bintime rt, wt;
6957	int i;
6958
6959	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6960	data = (struct stat_page *)page_index->page_data;
6961
6962	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6963	data->sap.hdr.param_control = SLP_LBIN;
6964	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6965	    sizeof(struct scsi_log_param_header);
6966	rn = wn = rb = wb = 0;
6967	bintime_clear(&rt);
6968	bintime_clear(&wt);
6969	for (i = 0; i < CTL_MAX_PORTS; i++) {
6970		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6971		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6972		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6973		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6974		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6975		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6976	}
6977	scsi_u64to8b(rn, data->sap.read_num);
6978	scsi_u64to8b(wn, data->sap.write_num);
6979	if (lun->stats.blocksize > 0) {
6980		scsi_u64to8b(wb / lun->stats.blocksize,
6981		    data->sap.recvieved_lba);
6982		scsi_u64to8b(rb / lun->stats.blocksize,
6983		    data->sap.transmitted_lba);
6984	}
6985	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6986	    data->sap.read_int);
6987	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6988	    data->sap.write_int);
6989	scsi_u64to8b(0, data->sap.weighted_num);
6990	scsi_u64to8b(0, data->sap.weighted_int);
6991	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6992	data->it.hdr.param_control = SLP_LBIN;
6993	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6994	    sizeof(struct scsi_log_param_header);
6995#ifdef CTL_TIME_IO
6996	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6997#endif
6998	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6999	data->it.hdr.param_control = SLP_LBIN;
7000	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
7001	    sizeof(struct scsi_log_param_header);
7002	scsi_ulto4b(3, data->ti.exponent);
7003	scsi_ulto4b(1, data->ti.integer);
7004
7005	page_index->page_len = sizeof(*data);
7006	return (0);
7007}
7008
7009int
7010ctl_log_sense(struct ctl_scsiio *ctsio)
7011{
7012	struct ctl_lun *lun;
7013	int i, pc, page_code, subpage;
7014	int alloc_len, total_len;
7015	struct ctl_page_index *page_index;
7016	struct scsi_log_sense *cdb;
7017	struct scsi_log_header *header;
7018
7019	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
7020
7021	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7022	cdb = (struct scsi_log_sense *)ctsio->cdb;
7023	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
7024	page_code = cdb->page & SLS_PAGE_CODE;
7025	subpage = cdb->subpage;
7026	alloc_len = scsi_2btoul(cdb->length);
7027
7028	page_index = NULL;
7029	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
7030		page_index = &lun->log_pages.index[i];
7031
7032		/* Look for the right page code */
7033		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
7034			continue;
7035
7036		/* Look for the right subpage or the subpage wildcard*/
7037		if (page_index->subpage != subpage)
7038			continue;
7039
7040		break;
7041	}
7042	if (i >= CTL_NUM_LOG_PAGES) {
7043		ctl_set_invalid_field(ctsio,
7044				      /*sks_valid*/ 1,
7045				      /*command*/ 1,
7046				      /*field*/ 2,
7047				      /*bit_valid*/ 0,
7048				      /*bit*/ 0);
7049		ctl_done((union ctl_io *)ctsio);
7050		return (CTL_RETVAL_COMPLETE);
7051	}
7052
7053	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7054
7055	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7056	ctsio->kern_sg_entries = 0;
7057	ctsio->kern_data_resid = 0;
7058	ctsio->kern_rel_offset = 0;
7059	if (total_len < alloc_len) {
7060		ctsio->residual = alloc_len - total_len;
7061		ctsio->kern_data_len = total_len;
7062		ctsio->kern_total_len = total_len;
7063	} else {
7064		ctsio->residual = 0;
7065		ctsio->kern_data_len = alloc_len;
7066		ctsio->kern_total_len = alloc_len;
7067	}
7068
7069	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7070	header->page = page_index->page_code;
7071	if (page_index->subpage) {
7072		header->page |= SL_SPF;
7073		header->subpage = page_index->subpage;
7074	}
7075	scsi_ulto2b(page_index->page_len, header->datalen);
7076
7077	/*
7078	 * Call the handler, if it exists, to update the
7079	 * page to the latest values.
7080	 */
7081	if (page_index->sense_handler != NULL)
7082		page_index->sense_handler(ctsio, page_index, pc);
7083
7084	memcpy(header + 1, page_index->page_data, page_index->page_len);
7085
7086	ctl_set_success(ctsio);
7087	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7088	ctsio->be_move_done = ctl_config_move_done;
7089	ctl_datamove((union ctl_io *)ctsio);
7090	return (CTL_RETVAL_COMPLETE);
7091}
7092
7093int
7094ctl_read_capacity(struct ctl_scsiio *ctsio)
7095{
7096	struct scsi_read_capacity *cdb;
7097	struct scsi_read_capacity_data *data;
7098	struct ctl_lun *lun;
7099	uint32_t lba;
7100
7101	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7102
7103	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7104
7105	lba = scsi_4btoul(cdb->addr);
7106	if (((cdb->pmi & SRC_PMI) == 0)
7107	 && (lba != 0)) {
7108		ctl_set_invalid_field(/*ctsio*/ ctsio,
7109				      /*sks_valid*/ 1,
7110				      /*command*/ 1,
7111				      /*field*/ 2,
7112				      /*bit_valid*/ 0,
7113				      /*bit*/ 0);
7114		ctl_done((union ctl_io *)ctsio);
7115		return (CTL_RETVAL_COMPLETE);
7116	}
7117
7118	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7119
7120	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7121	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7122	ctsio->residual = 0;
7123	ctsio->kern_data_len = sizeof(*data);
7124	ctsio->kern_total_len = sizeof(*data);
7125	ctsio->kern_data_resid = 0;
7126	ctsio->kern_rel_offset = 0;
7127	ctsio->kern_sg_entries = 0;
7128
7129	/*
7130	 * If the maximum LBA is greater than 0xfffffffe, the user must
7131	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7132	 * serivce action set.
7133	 */
7134	if (lun->be_lun->maxlba > 0xfffffffe)
7135		scsi_ulto4b(0xffffffff, data->addr);
7136	else
7137		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7138
7139	/*
7140	 * XXX KDM this may not be 512 bytes...
7141	 */
7142	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7143
7144	ctl_set_success(ctsio);
7145	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7146	ctsio->be_move_done = ctl_config_move_done;
7147	ctl_datamove((union ctl_io *)ctsio);
7148	return (CTL_RETVAL_COMPLETE);
7149}
7150
7151int
7152ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7153{
7154	struct scsi_read_capacity_16 *cdb;
7155	struct scsi_read_capacity_data_long *data;
7156	struct ctl_lun *lun;
7157	uint64_t lba;
7158	uint32_t alloc_len;
7159
7160	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7161
7162	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7163
7164	alloc_len = scsi_4btoul(cdb->alloc_len);
7165	lba = scsi_8btou64(cdb->addr);
7166
7167	if ((cdb->reladr & SRC16_PMI)
7168	 && (lba != 0)) {
7169		ctl_set_invalid_field(/*ctsio*/ ctsio,
7170				      /*sks_valid*/ 1,
7171				      /*command*/ 1,
7172				      /*field*/ 2,
7173				      /*bit_valid*/ 0,
7174				      /*bit*/ 0);
7175		ctl_done((union ctl_io *)ctsio);
7176		return (CTL_RETVAL_COMPLETE);
7177	}
7178
7179	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7180
7181	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7182	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7183
7184	if (sizeof(*data) < alloc_len) {
7185		ctsio->residual = alloc_len - sizeof(*data);
7186		ctsio->kern_data_len = sizeof(*data);
7187		ctsio->kern_total_len = sizeof(*data);
7188	} else {
7189		ctsio->residual = 0;
7190		ctsio->kern_data_len = alloc_len;
7191		ctsio->kern_total_len = alloc_len;
7192	}
7193	ctsio->kern_data_resid = 0;
7194	ctsio->kern_rel_offset = 0;
7195	ctsio->kern_sg_entries = 0;
7196
7197	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7198	/* XXX KDM this may not be 512 bytes... */
7199	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7200	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7201	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7202	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7203		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7204
7205	ctl_set_success(ctsio);
7206	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7207	ctsio->be_move_done = ctl_config_move_done;
7208	ctl_datamove((union ctl_io *)ctsio);
7209	return (CTL_RETVAL_COMPLETE);
7210}
7211
7212int
7213ctl_get_lba_status(struct ctl_scsiio *ctsio)
7214{
7215	struct scsi_get_lba_status *cdb;
7216	struct scsi_get_lba_status_data *data;
7217	struct ctl_lun *lun;
7218	struct ctl_lba_len_flags *lbalen;
7219	uint64_t lba;
7220	uint32_t alloc_len, total_len;
7221	int retval;
7222
7223	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7224
7225	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7226	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7227	lba = scsi_8btou64(cdb->addr);
7228	alloc_len = scsi_4btoul(cdb->alloc_len);
7229
7230	if (lba > lun->be_lun->maxlba) {
7231		ctl_set_lba_out_of_range(ctsio);
7232		ctl_done((union ctl_io *)ctsio);
7233		return (CTL_RETVAL_COMPLETE);
7234	}
7235
7236	total_len = sizeof(*data) + sizeof(data->descr[0]);
7237	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7238	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7239
7240	if (total_len < alloc_len) {
7241		ctsio->residual = alloc_len - total_len;
7242		ctsio->kern_data_len = total_len;
7243		ctsio->kern_total_len = total_len;
7244	} else {
7245		ctsio->residual = 0;
7246		ctsio->kern_data_len = alloc_len;
7247		ctsio->kern_total_len = alloc_len;
7248	}
7249	ctsio->kern_data_resid = 0;
7250	ctsio->kern_rel_offset = 0;
7251	ctsio->kern_sg_entries = 0;
7252
7253	/* Fill dummy data in case backend can't tell anything. */
7254	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7255	scsi_u64to8b(lba, data->descr[0].addr);
7256	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7257	    data->descr[0].length);
7258	data->descr[0].status = 0; /* Mapped or unknown. */
7259
7260	ctl_set_success(ctsio);
7261	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7262	ctsio->be_move_done = ctl_config_move_done;
7263
7264	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7265	lbalen->lba = lba;
7266	lbalen->len = total_len;
7267	lbalen->flags = 0;
7268	retval = lun->backend->config_read((union ctl_io *)ctsio);
7269	return (CTL_RETVAL_COMPLETE);
7270}
7271
7272int
7273ctl_read_defect(struct ctl_scsiio *ctsio)
7274{
7275	struct scsi_read_defect_data_10 *ccb10;
7276	struct scsi_read_defect_data_12 *ccb12;
7277	struct scsi_read_defect_data_hdr_10 *data10;
7278	struct scsi_read_defect_data_hdr_12 *data12;
7279	uint32_t alloc_len, data_len;
7280	uint8_t format;
7281
7282	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7283
7284	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7285		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7286		format = ccb10->format;
7287		alloc_len = scsi_2btoul(ccb10->alloc_length);
7288		data_len = sizeof(*data10);
7289	} else {
7290		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7291		format = ccb12->format;
7292		alloc_len = scsi_4btoul(ccb12->alloc_length);
7293		data_len = sizeof(*data12);
7294	}
7295	if (alloc_len == 0) {
7296		ctl_set_success(ctsio);
7297		ctl_done((union ctl_io *)ctsio);
7298		return (CTL_RETVAL_COMPLETE);
7299	}
7300
7301	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7302	if (data_len < alloc_len) {
7303		ctsio->residual = alloc_len - data_len;
7304		ctsio->kern_data_len = data_len;
7305		ctsio->kern_total_len = data_len;
7306	} else {
7307		ctsio->residual = 0;
7308		ctsio->kern_data_len = alloc_len;
7309		ctsio->kern_total_len = alloc_len;
7310	}
7311	ctsio->kern_data_resid = 0;
7312	ctsio->kern_rel_offset = 0;
7313	ctsio->kern_sg_entries = 0;
7314
7315	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7316		data10 = (struct scsi_read_defect_data_hdr_10 *)
7317		    ctsio->kern_data_ptr;
7318		data10->format = format;
7319		scsi_ulto2b(0, data10->length);
7320	} else {
7321		data12 = (struct scsi_read_defect_data_hdr_12 *)
7322		    ctsio->kern_data_ptr;
7323		data12->format = format;
7324		scsi_ulto2b(0, data12->generation);
7325		scsi_ulto4b(0, data12->length);
7326	}
7327
7328	ctl_set_success(ctsio);
7329	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7330	ctsio->be_move_done = ctl_config_move_done;
7331	ctl_datamove((union ctl_io *)ctsio);
7332	return (CTL_RETVAL_COMPLETE);
7333}
7334
7335int
7336ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7337{
7338	struct scsi_maintenance_in *cdb;
7339	int retval;
7340	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7341	int num_target_port_groups, num_target_ports;
7342	struct ctl_lun *lun;
7343	struct ctl_softc *softc;
7344	struct ctl_port *port;
7345	struct scsi_target_group_data *rtg_ptr;
7346	struct scsi_target_group_data_extended *rtg_ext_ptr;
7347	struct scsi_target_port_group_descriptor *tpg_desc;
7348
7349	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7350
7351	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7352	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7353	softc = lun->ctl_softc;
7354
7355	retval = CTL_RETVAL_COMPLETE;
7356
7357	switch (cdb->byte2 & STG_PDF_MASK) {
7358	case STG_PDF_LENGTH:
7359		ext = 0;
7360		break;
7361	case STG_PDF_EXTENDED:
7362		ext = 1;
7363		break;
7364	default:
7365		ctl_set_invalid_field(/*ctsio*/ ctsio,
7366				      /*sks_valid*/ 1,
7367				      /*command*/ 1,
7368				      /*field*/ 2,
7369				      /*bit_valid*/ 1,
7370				      /*bit*/ 5);
7371		ctl_done((union ctl_io *)ctsio);
7372		return(retval);
7373	}
7374
7375	if (softc->is_single)
7376		num_target_port_groups = 1;
7377	else
7378		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7379	num_target_ports = 0;
7380	mtx_lock(&softc->ctl_lock);
7381	STAILQ_FOREACH(port, &softc->port_list, links) {
7382		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7383			continue;
7384		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7385			continue;
7386		num_target_ports++;
7387	}
7388	mtx_unlock(&softc->ctl_lock);
7389
7390	if (ext)
7391		total_len = sizeof(struct scsi_target_group_data_extended);
7392	else
7393		total_len = sizeof(struct scsi_target_group_data);
7394	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7395		num_target_port_groups +
7396	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7397
7398	alloc_len = scsi_4btoul(cdb->length);
7399
7400	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7401
7402	ctsio->kern_sg_entries = 0;
7403
7404	if (total_len < alloc_len) {
7405		ctsio->residual = alloc_len - total_len;
7406		ctsio->kern_data_len = total_len;
7407		ctsio->kern_total_len = total_len;
7408	} else {
7409		ctsio->residual = 0;
7410		ctsio->kern_data_len = alloc_len;
7411		ctsio->kern_total_len = alloc_len;
7412	}
7413	ctsio->kern_data_resid = 0;
7414	ctsio->kern_rel_offset = 0;
7415
7416	if (ext) {
7417		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7418		    ctsio->kern_data_ptr;
7419		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7420		rtg_ext_ptr->format_type = 0x10;
7421		rtg_ext_ptr->implicit_transition_time = 0;
7422		tpg_desc = &rtg_ext_ptr->groups[0];
7423	} else {
7424		rtg_ptr = (struct scsi_target_group_data *)
7425		    ctsio->kern_data_ptr;
7426		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7427		tpg_desc = &rtg_ptr->groups[0];
7428	}
7429
7430	mtx_lock(&softc->ctl_lock);
7431	pg = softc->port_min / softc->port_cnt;
7432	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7433		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7434	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7435		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7436	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7437		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7438	else
7439		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7440	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7441		os = gs;
7442		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7443	} else
7444		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7445	for (g = 0; g < num_target_port_groups; g++) {
7446		tpg_desc->pref_state = (g == pg) ? gs : os;
7447		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7448		    TPG_U_SUP | TPG_T_SUP;
7449		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7450		tpg_desc->status = TPG_IMPLICIT;
7451		pc = 0;
7452		STAILQ_FOREACH(port, &softc->port_list, links) {
7453			if (port->targ_port < g * softc->port_cnt ||
7454			    port->targ_port >= (g + 1) * softc->port_cnt)
7455				continue;
7456			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7457				continue;
7458			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7459				continue;
7460			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7461			    relative_target_port_identifier);
7462			pc++;
7463		}
7464		tpg_desc->target_port_count = pc;
7465		tpg_desc = (struct scsi_target_port_group_descriptor *)
7466		    &tpg_desc->descriptors[pc];
7467	}
7468	mtx_unlock(&softc->ctl_lock);
7469
7470	ctl_set_success(ctsio);
7471	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7472	ctsio->be_move_done = ctl_config_move_done;
7473	ctl_datamove((union ctl_io *)ctsio);
7474	return(retval);
7475}
7476
7477int
7478ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7479{
7480	struct ctl_lun *lun;
7481	struct scsi_report_supported_opcodes *cdb;
7482	const struct ctl_cmd_entry *entry, *sentry;
7483	struct scsi_report_supported_opcodes_all *all;
7484	struct scsi_report_supported_opcodes_descr *descr;
7485	struct scsi_report_supported_opcodes_one *one;
7486	int retval;
7487	int alloc_len, total_len;
7488	int opcode, service_action, i, j, num;
7489
7490	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7491
7492	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7493	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7494
7495	retval = CTL_RETVAL_COMPLETE;
7496
7497	opcode = cdb->requested_opcode;
7498	service_action = scsi_2btoul(cdb->requested_service_action);
7499	switch (cdb->options & RSO_OPTIONS_MASK) {
7500	case RSO_OPTIONS_ALL:
7501		num = 0;
7502		for (i = 0; i < 256; i++) {
7503			entry = &ctl_cmd_table[i];
7504			if (entry->flags & CTL_CMD_FLAG_SA5) {
7505				for (j = 0; j < 32; j++) {
7506					sentry = &((const struct ctl_cmd_entry *)
7507					    entry->execute)[j];
7508					if (ctl_cmd_applicable(
7509					    lun->be_lun->lun_type, sentry))
7510						num++;
7511				}
7512			} else {
7513				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7514				    entry))
7515					num++;
7516			}
7517		}
7518		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7519		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7520		break;
7521	case RSO_OPTIONS_OC:
7522		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7523			ctl_set_invalid_field(/*ctsio*/ ctsio,
7524					      /*sks_valid*/ 1,
7525					      /*command*/ 1,
7526					      /*field*/ 2,
7527					      /*bit_valid*/ 1,
7528					      /*bit*/ 2);
7529			ctl_done((union ctl_io *)ctsio);
7530			return (CTL_RETVAL_COMPLETE);
7531		}
7532		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7533		break;
7534	case RSO_OPTIONS_OC_SA:
7535		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7536		    service_action >= 32) {
7537			ctl_set_invalid_field(/*ctsio*/ ctsio,
7538					      /*sks_valid*/ 1,
7539					      /*command*/ 1,
7540					      /*field*/ 2,
7541					      /*bit_valid*/ 1,
7542					      /*bit*/ 2);
7543			ctl_done((union ctl_io *)ctsio);
7544			return (CTL_RETVAL_COMPLETE);
7545		}
7546		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7547		break;
7548	default:
7549		ctl_set_invalid_field(/*ctsio*/ ctsio,
7550				      /*sks_valid*/ 1,
7551				      /*command*/ 1,
7552				      /*field*/ 2,
7553				      /*bit_valid*/ 1,
7554				      /*bit*/ 2);
7555		ctl_done((union ctl_io *)ctsio);
7556		return (CTL_RETVAL_COMPLETE);
7557	}
7558
7559	alloc_len = scsi_4btoul(cdb->length);
7560
7561	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7562
7563	ctsio->kern_sg_entries = 0;
7564
7565	if (total_len < alloc_len) {
7566		ctsio->residual = alloc_len - total_len;
7567		ctsio->kern_data_len = total_len;
7568		ctsio->kern_total_len = total_len;
7569	} else {
7570		ctsio->residual = 0;
7571		ctsio->kern_data_len = alloc_len;
7572		ctsio->kern_total_len = alloc_len;
7573	}
7574	ctsio->kern_data_resid = 0;
7575	ctsio->kern_rel_offset = 0;
7576
7577	switch (cdb->options & RSO_OPTIONS_MASK) {
7578	case RSO_OPTIONS_ALL:
7579		all = (struct scsi_report_supported_opcodes_all *)
7580		    ctsio->kern_data_ptr;
7581		num = 0;
7582		for (i = 0; i < 256; i++) {
7583			entry = &ctl_cmd_table[i];
7584			if (entry->flags & CTL_CMD_FLAG_SA5) {
7585				for (j = 0; j < 32; j++) {
7586					sentry = &((const struct ctl_cmd_entry *)
7587					    entry->execute)[j];
7588					if (!ctl_cmd_applicable(
7589					    lun->be_lun->lun_type, sentry))
7590						continue;
7591					descr = &all->descr[num++];
7592					descr->opcode = i;
7593					scsi_ulto2b(j, descr->service_action);
7594					descr->flags = RSO_SERVACTV;
7595					scsi_ulto2b(sentry->length,
7596					    descr->cdb_length);
7597				}
7598			} else {
7599				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7600				    entry))
7601					continue;
7602				descr = &all->descr[num++];
7603				descr->opcode = i;
7604				scsi_ulto2b(0, descr->service_action);
7605				descr->flags = 0;
7606				scsi_ulto2b(entry->length, descr->cdb_length);
7607			}
7608		}
7609		scsi_ulto4b(
7610		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7611		    all->length);
7612		break;
7613	case RSO_OPTIONS_OC:
7614		one = (struct scsi_report_supported_opcodes_one *)
7615		    ctsio->kern_data_ptr;
7616		entry = &ctl_cmd_table[opcode];
7617		goto fill_one;
7618	case RSO_OPTIONS_OC_SA:
7619		one = (struct scsi_report_supported_opcodes_one *)
7620		    ctsio->kern_data_ptr;
7621		entry = &ctl_cmd_table[opcode];
7622		entry = &((const struct ctl_cmd_entry *)
7623		    entry->execute)[service_action];
7624fill_one:
7625		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7626			one->support = 3;
7627			scsi_ulto2b(entry->length, one->cdb_length);
7628			one->cdb_usage[0] = opcode;
7629			memcpy(&one->cdb_usage[1], entry->usage,
7630			    entry->length - 1);
7631		} else
7632			one->support = 1;
7633		break;
7634	}
7635
7636	ctl_set_success(ctsio);
7637	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7638	ctsio->be_move_done = ctl_config_move_done;
7639	ctl_datamove((union ctl_io *)ctsio);
7640	return(retval);
7641}
7642
7643int
7644ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7645{
7646	struct scsi_report_supported_tmf *cdb;
7647	struct scsi_report_supported_tmf_data *data;
7648	int retval;
7649	int alloc_len, total_len;
7650
7651	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7652
7653	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7654
7655	retval = CTL_RETVAL_COMPLETE;
7656
7657	total_len = sizeof(struct scsi_report_supported_tmf_data);
7658	alloc_len = scsi_4btoul(cdb->length);
7659
7660	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7661
7662	ctsio->kern_sg_entries = 0;
7663
7664	if (total_len < alloc_len) {
7665		ctsio->residual = alloc_len - total_len;
7666		ctsio->kern_data_len = total_len;
7667		ctsio->kern_total_len = total_len;
7668	} else {
7669		ctsio->residual = 0;
7670		ctsio->kern_data_len = alloc_len;
7671		ctsio->kern_total_len = alloc_len;
7672	}
7673	ctsio->kern_data_resid = 0;
7674	ctsio->kern_rel_offset = 0;
7675
7676	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7677	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7678	    RST_TRS;
7679	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7680
7681	ctl_set_success(ctsio);
7682	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7683	ctsio->be_move_done = ctl_config_move_done;
7684	ctl_datamove((union ctl_io *)ctsio);
7685	return (retval);
7686}
7687
7688int
7689ctl_report_timestamp(struct ctl_scsiio *ctsio)
7690{
7691	struct scsi_report_timestamp *cdb;
7692	struct scsi_report_timestamp_data *data;
7693	struct timeval tv;
7694	int64_t timestamp;
7695	int retval;
7696	int alloc_len, total_len;
7697
7698	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7699
7700	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7701
7702	retval = CTL_RETVAL_COMPLETE;
7703
7704	total_len = sizeof(struct scsi_report_timestamp_data);
7705	alloc_len = scsi_4btoul(cdb->length);
7706
7707	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7708
7709	ctsio->kern_sg_entries = 0;
7710
7711	if (total_len < alloc_len) {
7712		ctsio->residual = alloc_len - total_len;
7713		ctsio->kern_data_len = total_len;
7714		ctsio->kern_total_len = total_len;
7715	} else {
7716		ctsio->residual = 0;
7717		ctsio->kern_data_len = alloc_len;
7718		ctsio->kern_total_len = alloc_len;
7719	}
7720	ctsio->kern_data_resid = 0;
7721	ctsio->kern_rel_offset = 0;
7722
7723	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7724	scsi_ulto2b(sizeof(*data) - 2, data->length);
7725	data->origin = RTS_ORIG_OUTSIDE;
7726	getmicrotime(&tv);
7727	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7728	scsi_ulto4b(timestamp >> 16, data->timestamp);
7729	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7730
7731	ctl_set_success(ctsio);
7732	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7733	ctsio->be_move_done = ctl_config_move_done;
7734	ctl_datamove((union ctl_io *)ctsio);
7735	return (retval);
7736}
7737
7738int
7739ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7740{
7741	struct scsi_per_res_in *cdb;
7742	int alloc_len, total_len = 0;
7743	/* struct scsi_per_res_in_rsrv in_data; */
7744	struct ctl_lun *lun;
7745	struct ctl_softc *softc;
7746	uint64_t key;
7747
7748	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7749
7750	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7751
7752	alloc_len = scsi_2btoul(cdb->length);
7753
7754	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7755	softc = lun->ctl_softc;
7756
7757retry:
7758	mtx_lock(&lun->lun_lock);
7759	switch (cdb->action) {
7760	case SPRI_RK: /* read keys */
7761		total_len = sizeof(struct scsi_per_res_in_keys) +
7762			lun->pr_key_count *
7763			sizeof(struct scsi_per_res_key);
7764		break;
7765	case SPRI_RR: /* read reservation */
7766		if (lun->flags & CTL_LUN_PR_RESERVED)
7767			total_len = sizeof(struct scsi_per_res_in_rsrv);
7768		else
7769			total_len = sizeof(struct scsi_per_res_in_header);
7770		break;
7771	case SPRI_RC: /* report capabilities */
7772		total_len = sizeof(struct scsi_per_res_cap);
7773		break;
7774	case SPRI_RS: /* read full status */
7775		total_len = sizeof(struct scsi_per_res_in_header) +
7776		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7777		    lun->pr_key_count;
7778		break;
7779	default:
7780		panic("Invalid PR type %x", cdb->action);
7781	}
7782	mtx_unlock(&lun->lun_lock);
7783
7784	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7785
7786	if (total_len < alloc_len) {
7787		ctsio->residual = alloc_len - total_len;
7788		ctsio->kern_data_len = total_len;
7789		ctsio->kern_total_len = total_len;
7790	} else {
7791		ctsio->residual = 0;
7792		ctsio->kern_data_len = alloc_len;
7793		ctsio->kern_total_len = alloc_len;
7794	}
7795
7796	ctsio->kern_data_resid = 0;
7797	ctsio->kern_rel_offset = 0;
7798	ctsio->kern_sg_entries = 0;
7799
7800	mtx_lock(&lun->lun_lock);
7801	switch (cdb->action) {
7802	case SPRI_RK: { // read keys
7803        struct scsi_per_res_in_keys *res_keys;
7804		int i, key_count;
7805
7806		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7807
7808		/*
7809		 * We had to drop the lock to allocate our buffer, which
7810		 * leaves time for someone to come in with another
7811		 * persistent reservation.  (That is unlikely, though,
7812		 * since this should be the only persistent reservation
7813		 * command active right now.)
7814		 */
7815		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7816		    (lun->pr_key_count *
7817		     sizeof(struct scsi_per_res_key)))){
7818			mtx_unlock(&lun->lun_lock);
7819			free(ctsio->kern_data_ptr, M_CTL);
7820			printf("%s: reservation length changed, retrying\n",
7821			       __func__);
7822			goto retry;
7823		}
7824
7825		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7826
7827		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7828			     lun->pr_key_count, res_keys->header.length);
7829
7830		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7831			if ((key = ctl_get_prkey(lun, i)) == 0)
7832				continue;
7833
7834			/*
7835			 * We used lun->pr_key_count to calculate the
7836			 * size to allocate.  If it turns out the number of
7837			 * initiators with the registered flag set is
7838			 * larger than that (i.e. they haven't been kept in
7839			 * sync), we've got a problem.
7840			 */
7841			if (key_count >= lun->pr_key_count) {
7842#ifdef NEEDTOPORT
7843				csevent_log(CSC_CTL | CSC_SHELF_SW |
7844					    CTL_PR_ERROR,
7845					    csevent_LogType_Fault,
7846					    csevent_AlertLevel_Yellow,
7847					    csevent_FRU_ShelfController,
7848					    csevent_FRU_Firmware,
7849				        csevent_FRU_Unknown,
7850					    "registered keys %d >= key "
7851					    "count %d", key_count,
7852					    lun->pr_key_count);
7853#endif
7854				key_count++;
7855				continue;
7856			}
7857			scsi_u64to8b(key, res_keys->keys[key_count].key);
7858			key_count++;
7859		}
7860		break;
7861	}
7862	case SPRI_RR: { // read reservation
7863		struct scsi_per_res_in_rsrv *res;
7864		int tmp_len, header_only;
7865
7866		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7867
7868		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7869
7870		if (lun->flags & CTL_LUN_PR_RESERVED)
7871		{
7872			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7873			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7874				    res->header.length);
7875			header_only = 0;
7876		} else {
7877			tmp_len = sizeof(struct scsi_per_res_in_header);
7878			scsi_ulto4b(0, res->header.length);
7879			header_only = 1;
7880		}
7881
7882		/*
7883		 * We had to drop the lock to allocate our buffer, which
7884		 * leaves time for someone to come in with another
7885		 * persistent reservation.  (That is unlikely, though,
7886		 * since this should be the only persistent reservation
7887		 * command active right now.)
7888		 */
7889		if (tmp_len != total_len) {
7890			mtx_unlock(&lun->lun_lock);
7891			free(ctsio->kern_data_ptr, M_CTL);
7892			printf("%s: reservation status changed, retrying\n",
7893			       __func__);
7894			goto retry;
7895		}
7896
7897		/*
7898		 * No reservation held, so we're done.
7899		 */
7900		if (header_only != 0)
7901			break;
7902
7903		/*
7904		 * If the registration is an All Registrants type, the key
7905		 * is 0, since it doesn't really matter.
7906		 */
7907		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7908			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7909			    res->data.reservation);
7910		}
7911		res->data.scopetype = lun->res_type;
7912		break;
7913	}
7914	case SPRI_RC:     //report capabilities
7915	{
7916		struct scsi_per_res_cap *res_cap;
7917		uint16_t type_mask;
7918
7919		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7920		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7921		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7922		type_mask = SPRI_TM_WR_EX_AR |
7923			    SPRI_TM_EX_AC_RO |
7924			    SPRI_TM_WR_EX_RO |
7925			    SPRI_TM_EX_AC |
7926			    SPRI_TM_WR_EX |
7927			    SPRI_TM_EX_AC_AR;
7928		scsi_ulto2b(type_mask, res_cap->type_mask);
7929		break;
7930	}
7931	case SPRI_RS: { // read full status
7932		struct scsi_per_res_in_full *res_status;
7933		struct scsi_per_res_in_full_desc *res_desc;
7934		struct ctl_port *port;
7935		int i, len;
7936
7937		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7938
7939		/*
7940		 * We had to drop the lock to allocate our buffer, which
7941		 * leaves time for someone to come in with another
7942		 * persistent reservation.  (That is unlikely, though,
7943		 * since this should be the only persistent reservation
7944		 * command active right now.)
7945		 */
7946		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7947		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7948		     lun->pr_key_count)){
7949			mtx_unlock(&lun->lun_lock);
7950			free(ctsio->kern_data_ptr, M_CTL);
7951			printf("%s: reservation length changed, retrying\n",
7952			       __func__);
7953			goto retry;
7954		}
7955
7956		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7957
7958		res_desc = &res_status->desc[0];
7959		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7960			if ((key = ctl_get_prkey(lun, i)) == 0)
7961				continue;
7962
7963			scsi_u64to8b(key, res_desc->res_key.key);
7964			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7965			    (lun->pr_res_idx == i ||
7966			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7967				res_desc->flags = SPRI_FULL_R_HOLDER;
7968				res_desc->scopetype = lun->res_type;
7969			}
7970			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7971			    res_desc->rel_trgt_port_id);
7972			len = 0;
7973			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7974			if (port != NULL)
7975				len = ctl_create_iid(port,
7976				    i % CTL_MAX_INIT_PER_PORT,
7977				    res_desc->transport_id);
7978			scsi_ulto4b(len, res_desc->additional_length);
7979			res_desc = (struct scsi_per_res_in_full_desc *)
7980			    &res_desc->transport_id[len];
7981		}
7982		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7983		    res_status->header.length);
7984		break;
7985	}
7986	default:
7987		/*
7988		 * This is a bug, because we just checked for this above,
7989		 * and should have returned an error.
7990		 */
7991		panic("Invalid PR type %x", cdb->action);
7992		break; /* NOTREACHED */
7993	}
7994	mtx_unlock(&lun->lun_lock);
7995
7996	ctl_set_success(ctsio);
7997	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7998	ctsio->be_move_done = ctl_config_move_done;
7999	ctl_datamove((union ctl_io *)ctsio);
8000	return (CTL_RETVAL_COMPLETE);
8001}
8002
8003/*
8004 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
8005 * it should return.
8006 */
8007static int
8008ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
8009		uint64_t sa_res_key, uint8_t type, uint32_t residx,
8010		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
8011		struct scsi_per_res_out_parms* param)
8012{
8013	union ctl_ha_msg persis_io;
8014	int i;
8015
8016	mtx_lock(&lun->lun_lock);
8017	if (sa_res_key == 0) {
8018		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8019			/* validate scope and type */
8020			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8021			     SPR_LU_SCOPE) {
8022				mtx_unlock(&lun->lun_lock);
8023				ctl_set_invalid_field(/*ctsio*/ ctsio,
8024						      /*sks_valid*/ 1,
8025						      /*command*/ 1,
8026						      /*field*/ 2,
8027						      /*bit_valid*/ 1,
8028						      /*bit*/ 4);
8029				ctl_done((union ctl_io *)ctsio);
8030				return (1);
8031			}
8032
8033		        if (type>8 || type==2 || type==4 || type==0) {
8034				mtx_unlock(&lun->lun_lock);
8035				ctl_set_invalid_field(/*ctsio*/ ctsio,
8036       	           				      /*sks_valid*/ 1,
8037						      /*command*/ 1,
8038						      /*field*/ 2,
8039						      /*bit_valid*/ 1,
8040						      /*bit*/ 0);
8041				ctl_done((union ctl_io *)ctsio);
8042				return (1);
8043		        }
8044
8045			/*
8046			 * Unregister everybody else and build UA for
8047			 * them
8048			 */
8049			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8050				if (i == residx || ctl_get_prkey(lun, i) == 0)
8051					continue;
8052
8053				ctl_clr_prkey(lun, i);
8054				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8055			}
8056			lun->pr_key_count = 1;
8057			lun->res_type = type;
8058			if (lun->res_type != SPR_TYPE_WR_EX_AR
8059			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8060				lun->pr_res_idx = residx;
8061			lun->PRGeneration++;
8062			mtx_unlock(&lun->lun_lock);
8063
8064			/* send msg to other side */
8065			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8066			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8067			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8068			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8069			persis_io.pr.pr_info.res_type = type;
8070			memcpy(persis_io.pr.pr_info.sa_res_key,
8071			       param->serv_act_res_key,
8072			       sizeof(param->serv_act_res_key));
8073			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8074			    sizeof(persis_io.pr), M_WAITOK);
8075		} else {
8076			/* not all registrants */
8077			mtx_unlock(&lun->lun_lock);
8078			free(ctsio->kern_data_ptr, M_CTL);
8079			ctl_set_invalid_field(ctsio,
8080					      /*sks_valid*/ 1,
8081					      /*command*/ 0,
8082					      /*field*/ 8,
8083					      /*bit_valid*/ 0,
8084					      /*bit*/ 0);
8085			ctl_done((union ctl_io *)ctsio);
8086			return (1);
8087		}
8088	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8089		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8090		int found = 0;
8091
8092		if (res_key == sa_res_key) {
8093			/* special case */
8094			/*
8095			 * The spec implies this is not good but doesn't
8096			 * say what to do. There are two choices either
8097			 * generate a res conflict or check condition
8098			 * with illegal field in parameter data. Since
8099			 * that is what is done when the sa_res_key is
8100			 * zero I'll take that approach since this has
8101			 * to do with the sa_res_key.
8102			 */
8103			mtx_unlock(&lun->lun_lock);
8104			free(ctsio->kern_data_ptr, M_CTL);
8105			ctl_set_invalid_field(ctsio,
8106					      /*sks_valid*/ 1,
8107					      /*command*/ 0,
8108					      /*field*/ 8,
8109					      /*bit_valid*/ 0,
8110					      /*bit*/ 0);
8111			ctl_done((union ctl_io *)ctsio);
8112			return (1);
8113		}
8114
8115		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8116			if (ctl_get_prkey(lun, i) != sa_res_key)
8117				continue;
8118
8119			found = 1;
8120			ctl_clr_prkey(lun, i);
8121			lun->pr_key_count--;
8122			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8123		}
8124		if (!found) {
8125			mtx_unlock(&lun->lun_lock);
8126			free(ctsio->kern_data_ptr, M_CTL);
8127			ctl_set_reservation_conflict(ctsio);
8128			ctl_done((union ctl_io *)ctsio);
8129			return (CTL_RETVAL_COMPLETE);
8130		}
8131		lun->PRGeneration++;
8132		mtx_unlock(&lun->lun_lock);
8133
8134		/* send msg to other side */
8135		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8136		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8137		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8138		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8139		persis_io.pr.pr_info.res_type = type;
8140		memcpy(persis_io.pr.pr_info.sa_res_key,
8141		       param->serv_act_res_key,
8142		       sizeof(param->serv_act_res_key));
8143		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8144		    sizeof(persis_io.pr), M_WAITOK);
8145	} else {
8146		/* Reserved but not all registrants */
8147		/* sa_res_key is res holder */
8148		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
8149			/* validate scope and type */
8150			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8151			     SPR_LU_SCOPE) {
8152				mtx_unlock(&lun->lun_lock);
8153				ctl_set_invalid_field(/*ctsio*/ ctsio,
8154						      /*sks_valid*/ 1,
8155						      /*command*/ 1,
8156						      /*field*/ 2,
8157						      /*bit_valid*/ 1,
8158						      /*bit*/ 4);
8159				ctl_done((union ctl_io *)ctsio);
8160				return (1);
8161			}
8162
8163			if (type>8 || type==2 || type==4 || type==0) {
8164				mtx_unlock(&lun->lun_lock);
8165				ctl_set_invalid_field(/*ctsio*/ ctsio,
8166						      /*sks_valid*/ 1,
8167						      /*command*/ 1,
8168						      /*field*/ 2,
8169						      /*bit_valid*/ 1,
8170						      /*bit*/ 0);
8171				ctl_done((union ctl_io *)ctsio);
8172				return (1);
8173			}
8174
8175			/*
8176			 * Do the following:
8177			 * if sa_res_key != res_key remove all
8178			 * registrants w/sa_res_key and generate UA
8179			 * for these registrants(Registrations
8180			 * Preempted) if it wasn't an exclusive
8181			 * reservation generate UA(Reservations
8182			 * Preempted) for all other registered nexuses
8183			 * if the type has changed. Establish the new
8184			 * reservation and holder. If res_key and
8185			 * sa_res_key are the same do the above
8186			 * except don't unregister the res holder.
8187			 */
8188
8189			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8190				if (i == residx || ctl_get_prkey(lun, i) == 0)
8191					continue;
8192
8193				if (sa_res_key == ctl_get_prkey(lun, i)) {
8194					ctl_clr_prkey(lun, i);
8195					lun->pr_key_count--;
8196					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8197				} else if (type != lun->res_type
8198					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8199					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8200					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8201				}
8202			}
8203			lun->res_type = type;
8204			if (lun->res_type != SPR_TYPE_WR_EX_AR
8205			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8206				lun->pr_res_idx = residx;
8207			else
8208				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8209			lun->PRGeneration++;
8210			mtx_unlock(&lun->lun_lock);
8211
8212			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8213			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8214			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8215			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8216			persis_io.pr.pr_info.res_type = type;
8217			memcpy(persis_io.pr.pr_info.sa_res_key,
8218			       param->serv_act_res_key,
8219			       sizeof(param->serv_act_res_key));
8220			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8221			    sizeof(persis_io.pr), M_WAITOK);
8222		} else {
8223			/*
8224			 * sa_res_key is not the res holder just
8225			 * remove registrants
8226			 */
8227			int found=0;
8228
8229			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8230				if (sa_res_key != ctl_get_prkey(lun, i))
8231					continue;
8232
8233				found = 1;
8234				ctl_clr_prkey(lun, i);
8235				lun->pr_key_count--;
8236				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8237			}
8238
8239			if (!found) {
8240				mtx_unlock(&lun->lun_lock);
8241				free(ctsio->kern_data_ptr, M_CTL);
8242				ctl_set_reservation_conflict(ctsio);
8243				ctl_done((union ctl_io *)ctsio);
8244		        	return (1);
8245			}
8246			lun->PRGeneration++;
8247			mtx_unlock(&lun->lun_lock);
8248
8249			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8250			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8251			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8252			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8253			persis_io.pr.pr_info.res_type = type;
8254			memcpy(persis_io.pr.pr_info.sa_res_key,
8255			       param->serv_act_res_key,
8256			       sizeof(param->serv_act_res_key));
8257			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8258			    sizeof(persis_io.pr), M_WAITOK);
8259		}
8260	}
8261	return (0);
8262}
8263
8264static void
8265ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8266{
8267	uint64_t sa_res_key;
8268	int i;
8269
8270	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8271
8272	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8273	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8274	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8275		if (sa_res_key == 0) {
8276			/*
8277			 * Unregister everybody else and build UA for
8278			 * them
8279			 */
8280			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8281				if (i == msg->pr.pr_info.residx ||
8282				    ctl_get_prkey(lun, i) == 0)
8283					continue;
8284
8285				ctl_clr_prkey(lun, i);
8286				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8287			}
8288
8289			lun->pr_key_count = 1;
8290			lun->res_type = msg->pr.pr_info.res_type;
8291			if (lun->res_type != SPR_TYPE_WR_EX_AR
8292			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8293				lun->pr_res_idx = msg->pr.pr_info.residx;
8294		} else {
8295		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8296				if (sa_res_key == ctl_get_prkey(lun, i))
8297					continue;
8298
8299				ctl_clr_prkey(lun, i);
8300				lun->pr_key_count--;
8301				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8302			}
8303		}
8304	} else {
8305		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8306			if (i == msg->pr.pr_info.residx ||
8307			    ctl_get_prkey(lun, i) == 0)
8308				continue;
8309
8310			if (sa_res_key == ctl_get_prkey(lun, i)) {
8311				ctl_clr_prkey(lun, i);
8312				lun->pr_key_count--;
8313				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8314			} else if (msg->pr.pr_info.res_type != lun->res_type
8315				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8316				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8317				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8318			}
8319		}
8320		lun->res_type = msg->pr.pr_info.res_type;
8321		if (lun->res_type != SPR_TYPE_WR_EX_AR
8322		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8323			lun->pr_res_idx = msg->pr.pr_info.residx;
8324		else
8325			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8326	}
8327	lun->PRGeneration++;
8328
8329}
8330
8331
8332int
8333ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8334{
8335	int retval;
8336	u_int32_t param_len;
8337	struct scsi_per_res_out *cdb;
8338	struct ctl_lun *lun;
8339	struct scsi_per_res_out_parms* param;
8340	struct ctl_softc *softc;
8341	uint32_t residx;
8342	uint64_t res_key, sa_res_key, key;
8343	uint8_t type;
8344	union ctl_ha_msg persis_io;
8345	int    i;
8346
8347	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8348
8349	retval = CTL_RETVAL_COMPLETE;
8350
8351	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8352	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8353	softc = lun->ctl_softc;
8354
8355	/*
8356	 * We only support whole-LUN scope.  The scope & type are ignored for
8357	 * register, register and ignore existing key and clear.
8358	 * We sometimes ignore scope and type on preempts too!!
8359	 * Verify reservation type here as well.
8360	 */
8361	type = cdb->scope_type & SPR_TYPE_MASK;
8362	if ((cdb->action == SPRO_RESERVE)
8363	 || (cdb->action == SPRO_RELEASE)) {
8364		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8365			ctl_set_invalid_field(/*ctsio*/ ctsio,
8366					      /*sks_valid*/ 1,
8367					      /*command*/ 1,
8368					      /*field*/ 2,
8369					      /*bit_valid*/ 1,
8370					      /*bit*/ 4);
8371			ctl_done((union ctl_io *)ctsio);
8372			return (CTL_RETVAL_COMPLETE);
8373		}
8374
8375		if (type>8 || type==2 || type==4 || type==0) {
8376			ctl_set_invalid_field(/*ctsio*/ ctsio,
8377					      /*sks_valid*/ 1,
8378					      /*command*/ 1,
8379					      /*field*/ 2,
8380					      /*bit_valid*/ 1,
8381					      /*bit*/ 0);
8382			ctl_done((union ctl_io *)ctsio);
8383			return (CTL_RETVAL_COMPLETE);
8384		}
8385	}
8386
8387	param_len = scsi_4btoul(cdb->length);
8388
8389	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8390		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8391		ctsio->kern_data_len = param_len;
8392		ctsio->kern_total_len = param_len;
8393		ctsio->kern_data_resid = 0;
8394		ctsio->kern_rel_offset = 0;
8395		ctsio->kern_sg_entries = 0;
8396		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8397		ctsio->be_move_done = ctl_config_move_done;
8398		ctl_datamove((union ctl_io *)ctsio);
8399
8400		return (CTL_RETVAL_COMPLETE);
8401	}
8402
8403	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8404
8405	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8406	res_key = scsi_8btou64(param->res_key.key);
8407	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8408
8409	/*
8410	 * Validate the reservation key here except for SPRO_REG_IGNO
8411	 * This must be done for all other service actions
8412	 */
8413	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8414		mtx_lock(&lun->lun_lock);
8415		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8416			if (res_key != key) {
8417				/*
8418				 * The current key passed in doesn't match
8419				 * the one the initiator previously
8420				 * registered.
8421				 */
8422				mtx_unlock(&lun->lun_lock);
8423				free(ctsio->kern_data_ptr, M_CTL);
8424				ctl_set_reservation_conflict(ctsio);
8425				ctl_done((union ctl_io *)ctsio);
8426				return (CTL_RETVAL_COMPLETE);
8427			}
8428		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8429			/*
8430			 * We are not registered
8431			 */
8432			mtx_unlock(&lun->lun_lock);
8433			free(ctsio->kern_data_ptr, M_CTL);
8434			ctl_set_reservation_conflict(ctsio);
8435			ctl_done((union ctl_io *)ctsio);
8436			return (CTL_RETVAL_COMPLETE);
8437		} else if (res_key != 0) {
8438			/*
8439			 * We are not registered and trying to register but
8440			 * the register key isn't zero.
8441			 */
8442			mtx_unlock(&lun->lun_lock);
8443			free(ctsio->kern_data_ptr, M_CTL);
8444			ctl_set_reservation_conflict(ctsio);
8445			ctl_done((union ctl_io *)ctsio);
8446			return (CTL_RETVAL_COMPLETE);
8447		}
8448		mtx_unlock(&lun->lun_lock);
8449	}
8450
8451	switch (cdb->action & SPRO_ACTION_MASK) {
8452	case SPRO_REGISTER:
8453	case SPRO_REG_IGNO: {
8454
8455#if 0
8456		printf("Registration received\n");
8457#endif
8458
8459		/*
8460		 * We don't support any of these options, as we report in
8461		 * the read capabilities request (see
8462		 * ctl_persistent_reserve_in(), above).
8463		 */
8464		if ((param->flags & SPR_SPEC_I_PT)
8465		 || (param->flags & SPR_ALL_TG_PT)
8466		 || (param->flags & SPR_APTPL)) {
8467			int bit_ptr;
8468
8469			if (param->flags & SPR_APTPL)
8470				bit_ptr = 0;
8471			else if (param->flags & SPR_ALL_TG_PT)
8472				bit_ptr = 2;
8473			else /* SPR_SPEC_I_PT */
8474				bit_ptr = 3;
8475
8476			free(ctsio->kern_data_ptr, M_CTL);
8477			ctl_set_invalid_field(ctsio,
8478					      /*sks_valid*/ 1,
8479					      /*command*/ 0,
8480					      /*field*/ 20,
8481					      /*bit_valid*/ 1,
8482					      /*bit*/ bit_ptr);
8483			ctl_done((union ctl_io *)ctsio);
8484			return (CTL_RETVAL_COMPLETE);
8485		}
8486
8487		mtx_lock(&lun->lun_lock);
8488
8489		/*
8490		 * The initiator wants to clear the
8491		 * key/unregister.
8492		 */
8493		if (sa_res_key == 0) {
8494			if ((res_key == 0
8495			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8496			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8497			  && ctl_get_prkey(lun, residx) == 0)) {
8498				mtx_unlock(&lun->lun_lock);
8499				goto done;
8500			}
8501
8502			ctl_clr_prkey(lun, residx);
8503			lun->pr_key_count--;
8504
8505			if (residx == lun->pr_res_idx) {
8506				lun->flags &= ~CTL_LUN_PR_RESERVED;
8507				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8508
8509				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8510				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8511				 && lun->pr_key_count) {
8512					/*
8513					 * If the reservation is a registrants
8514					 * only type we need to generate a UA
8515					 * for other registered inits.  The
8516					 * sense code should be RESERVATIONS
8517					 * RELEASED
8518					 */
8519
8520					for (i = softc->init_min; i < softc->init_max; i++){
8521						if (ctl_get_prkey(lun, i) == 0)
8522							continue;
8523						ctl_est_ua(lun, i,
8524						    CTL_UA_RES_RELEASE);
8525					}
8526				}
8527				lun->res_type = 0;
8528			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8529				if (lun->pr_key_count==0) {
8530					lun->flags &= ~CTL_LUN_PR_RESERVED;
8531					lun->res_type = 0;
8532					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8533				}
8534			}
8535			lun->PRGeneration++;
8536			mtx_unlock(&lun->lun_lock);
8537
8538			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8539			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8540			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8541			persis_io.pr.pr_info.residx = residx;
8542			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8543			    sizeof(persis_io.pr), M_WAITOK);
8544		} else /* sa_res_key != 0 */ {
8545
8546			/*
8547			 * If we aren't registered currently then increment
8548			 * the key count and set the registered flag.
8549			 */
8550			ctl_alloc_prkey(lun, residx);
8551			if (ctl_get_prkey(lun, residx) == 0)
8552				lun->pr_key_count++;
8553			ctl_set_prkey(lun, residx, sa_res_key);
8554			lun->PRGeneration++;
8555			mtx_unlock(&lun->lun_lock);
8556
8557			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8558			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8559			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8560			persis_io.pr.pr_info.residx = residx;
8561			memcpy(persis_io.pr.pr_info.sa_res_key,
8562			       param->serv_act_res_key,
8563			       sizeof(param->serv_act_res_key));
8564			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8565			    sizeof(persis_io.pr), M_WAITOK);
8566		}
8567
8568		break;
8569	}
8570	case SPRO_RESERVE:
8571#if 0
8572                printf("Reserve executed type %d\n", type);
8573#endif
8574		mtx_lock(&lun->lun_lock);
8575		if (lun->flags & CTL_LUN_PR_RESERVED) {
8576			/*
8577			 * if this isn't the reservation holder and it's
8578			 * not a "all registrants" type or if the type is
8579			 * different then we have a conflict
8580			 */
8581			if ((lun->pr_res_idx != residx
8582			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8583			 || lun->res_type != type) {
8584				mtx_unlock(&lun->lun_lock);
8585				free(ctsio->kern_data_ptr, M_CTL);
8586				ctl_set_reservation_conflict(ctsio);
8587				ctl_done((union ctl_io *)ctsio);
8588				return (CTL_RETVAL_COMPLETE);
8589			}
8590			mtx_unlock(&lun->lun_lock);
8591		} else /* create a reservation */ {
8592			/*
8593			 * If it's not an "all registrants" type record
8594			 * reservation holder
8595			 */
8596			if (type != SPR_TYPE_WR_EX_AR
8597			 && type != SPR_TYPE_EX_AC_AR)
8598				lun->pr_res_idx = residx; /* Res holder */
8599			else
8600				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8601
8602			lun->flags |= CTL_LUN_PR_RESERVED;
8603			lun->res_type = type;
8604
8605			mtx_unlock(&lun->lun_lock);
8606
8607			/* send msg to other side */
8608			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8609			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8610			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8611			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8612			persis_io.pr.pr_info.res_type = type;
8613			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8614			    sizeof(persis_io.pr), M_WAITOK);
8615		}
8616		break;
8617
8618	case SPRO_RELEASE:
8619		mtx_lock(&lun->lun_lock);
8620		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8621			/* No reservation exists return good status */
8622			mtx_unlock(&lun->lun_lock);
8623			goto done;
8624		}
8625		/*
8626		 * Is this nexus a reservation holder?
8627		 */
8628		if (lun->pr_res_idx != residx
8629		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8630			/*
8631			 * not a res holder return good status but
8632			 * do nothing
8633			 */
8634			mtx_unlock(&lun->lun_lock);
8635			goto done;
8636		}
8637
8638		if (lun->res_type != type) {
8639			mtx_unlock(&lun->lun_lock);
8640			free(ctsio->kern_data_ptr, M_CTL);
8641			ctl_set_illegal_pr_release(ctsio);
8642			ctl_done((union ctl_io *)ctsio);
8643			return (CTL_RETVAL_COMPLETE);
8644		}
8645
8646		/* okay to release */
8647		lun->flags &= ~CTL_LUN_PR_RESERVED;
8648		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8649		lun->res_type = 0;
8650
8651		/*
8652		 * if this isn't an exclusive access
8653		 * res generate UA for all other
8654		 * registrants.
8655		 */
8656		if (type != SPR_TYPE_EX_AC
8657		 && type != SPR_TYPE_WR_EX) {
8658			for (i = softc->init_min; i < softc->init_max; i++) {
8659				if (i == residx || ctl_get_prkey(lun, i) == 0)
8660					continue;
8661				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8662			}
8663		}
8664		mtx_unlock(&lun->lun_lock);
8665
8666		/* Send msg to other side */
8667		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8668		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8669		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8670		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8671		     sizeof(persis_io.pr), M_WAITOK);
8672		break;
8673
8674	case SPRO_CLEAR:
8675		/* send msg to other side */
8676
8677		mtx_lock(&lun->lun_lock);
8678		lun->flags &= ~CTL_LUN_PR_RESERVED;
8679		lun->res_type = 0;
8680		lun->pr_key_count = 0;
8681		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8682
8683		ctl_clr_prkey(lun, residx);
8684		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8685			if (ctl_get_prkey(lun, i) != 0) {
8686				ctl_clr_prkey(lun, i);
8687				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8688			}
8689		lun->PRGeneration++;
8690		mtx_unlock(&lun->lun_lock);
8691
8692		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8693		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8694		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8695		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8696		     sizeof(persis_io.pr), M_WAITOK);
8697		break;
8698
8699	case SPRO_PREEMPT:
8700	case SPRO_PRE_ABO: {
8701		int nretval;
8702
8703		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8704					  residx, ctsio, cdb, param);
8705		if (nretval != 0)
8706			return (CTL_RETVAL_COMPLETE);
8707		break;
8708	}
8709	default:
8710		panic("Invalid PR type %x", cdb->action);
8711	}
8712
8713done:
8714	free(ctsio->kern_data_ptr, M_CTL);
8715	ctl_set_success(ctsio);
8716	ctl_done((union ctl_io *)ctsio);
8717
8718	return (retval);
8719}
8720
8721/*
8722 * This routine is for handling a message from the other SC pertaining to
8723 * persistent reserve out. All the error checking will have been done
8724 * so only perorming the action need be done here to keep the two
8725 * in sync.
8726 */
8727static void
8728ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8729{
8730	struct ctl_lun *lun;
8731	struct ctl_softc *softc;
8732	int i;
8733	uint32_t residx, targ_lun;
8734
8735	softc = control_softc;
8736	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8737	mtx_lock(&softc->ctl_lock);
8738	if ((targ_lun >= CTL_MAX_LUNS) ||
8739	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8740		mtx_unlock(&softc->ctl_lock);
8741		return;
8742	}
8743	mtx_lock(&lun->lun_lock);
8744	mtx_unlock(&softc->ctl_lock);
8745	if (lun->flags & CTL_LUN_DISABLED) {
8746		mtx_unlock(&lun->lun_lock);
8747		return;
8748	}
8749	residx = ctl_get_initindex(&msg->hdr.nexus);
8750	switch(msg->pr.pr_info.action) {
8751	case CTL_PR_REG_KEY:
8752		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8753		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8754			lun->pr_key_count++;
8755		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8756		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8757		lun->PRGeneration++;
8758		break;
8759
8760	case CTL_PR_UNREG_KEY:
8761		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8762		lun->pr_key_count--;
8763
8764		/* XXX Need to see if the reservation has been released */
8765		/* if so do we need to generate UA? */
8766		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8767			lun->flags &= ~CTL_LUN_PR_RESERVED;
8768			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8769
8770			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8771			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8772			 && lun->pr_key_count) {
8773				/*
8774				 * If the reservation is a registrants
8775				 * only type we need to generate a UA
8776				 * for other registered inits.  The
8777				 * sense code should be RESERVATIONS
8778				 * RELEASED
8779				 */
8780
8781				for (i = softc->init_min; i < softc->init_max; i++) {
8782					if (ctl_get_prkey(lun, i) == 0)
8783						continue;
8784
8785					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8786				}
8787			}
8788			lun->res_type = 0;
8789		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8790			if (lun->pr_key_count==0) {
8791				lun->flags &= ~CTL_LUN_PR_RESERVED;
8792				lun->res_type = 0;
8793				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8794			}
8795		}
8796		lun->PRGeneration++;
8797		break;
8798
8799	case CTL_PR_RESERVE:
8800		lun->flags |= CTL_LUN_PR_RESERVED;
8801		lun->res_type = msg->pr.pr_info.res_type;
8802		lun->pr_res_idx = msg->pr.pr_info.residx;
8803
8804		break;
8805
8806	case CTL_PR_RELEASE:
8807		/*
8808		 * if this isn't an exclusive access res generate UA for all
8809		 * other registrants.
8810		 */
8811		if (lun->res_type != SPR_TYPE_EX_AC
8812		 && lun->res_type != SPR_TYPE_WR_EX) {
8813			for (i = softc->init_min; i < softc->init_max; i++)
8814				if (i == residx || ctl_get_prkey(lun, i) == 0)
8815					continue;
8816				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8817		}
8818
8819		lun->flags &= ~CTL_LUN_PR_RESERVED;
8820		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8821		lun->res_type = 0;
8822		break;
8823
8824	case CTL_PR_PREEMPT:
8825		ctl_pro_preempt_other(lun, msg);
8826		break;
8827	case CTL_PR_CLEAR:
8828		lun->flags &= ~CTL_LUN_PR_RESERVED;
8829		lun->res_type = 0;
8830		lun->pr_key_count = 0;
8831		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8832
8833		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8834			if (ctl_get_prkey(lun, i) == 0)
8835				continue;
8836			ctl_clr_prkey(lun, i);
8837			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8838		}
8839		lun->PRGeneration++;
8840		break;
8841	}
8842
8843	mtx_unlock(&lun->lun_lock);
8844}
8845
8846int
8847ctl_read_write(struct ctl_scsiio *ctsio)
8848{
8849	struct ctl_lun *lun;
8850	struct ctl_lba_len_flags *lbalen;
8851	uint64_t lba;
8852	uint32_t num_blocks;
8853	int flags, retval;
8854	int isread;
8855
8856	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8857
8858	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8859
8860	flags = 0;
8861	retval = CTL_RETVAL_COMPLETE;
8862
8863	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8864	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8865	switch (ctsio->cdb[0]) {
8866	case READ_6:
8867	case WRITE_6: {
8868		struct scsi_rw_6 *cdb;
8869
8870		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8871
8872		lba = scsi_3btoul(cdb->addr);
8873		/* only 5 bits are valid in the most significant address byte */
8874		lba &= 0x1fffff;
8875		num_blocks = cdb->length;
8876		/*
8877		 * This is correct according to SBC-2.
8878		 */
8879		if (num_blocks == 0)
8880			num_blocks = 256;
8881		break;
8882	}
8883	case READ_10:
8884	case WRITE_10: {
8885		struct scsi_rw_10 *cdb;
8886
8887		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8888		if (cdb->byte2 & SRW10_FUA)
8889			flags |= CTL_LLF_FUA;
8890		if (cdb->byte2 & SRW10_DPO)
8891			flags |= CTL_LLF_DPO;
8892		lba = scsi_4btoul(cdb->addr);
8893		num_blocks = scsi_2btoul(cdb->length);
8894		break;
8895	}
8896	case WRITE_VERIFY_10: {
8897		struct scsi_write_verify_10 *cdb;
8898
8899		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8900		flags |= CTL_LLF_FUA;
8901		if (cdb->byte2 & SWV_DPO)
8902			flags |= CTL_LLF_DPO;
8903		lba = scsi_4btoul(cdb->addr);
8904		num_blocks = scsi_2btoul(cdb->length);
8905		break;
8906	}
8907	case READ_12:
8908	case WRITE_12: {
8909		struct scsi_rw_12 *cdb;
8910
8911		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8912		if (cdb->byte2 & SRW12_FUA)
8913			flags |= CTL_LLF_FUA;
8914		if (cdb->byte2 & SRW12_DPO)
8915			flags |= CTL_LLF_DPO;
8916		lba = scsi_4btoul(cdb->addr);
8917		num_blocks = scsi_4btoul(cdb->length);
8918		break;
8919	}
8920	case WRITE_VERIFY_12: {
8921		struct scsi_write_verify_12 *cdb;
8922
8923		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8924		flags |= CTL_LLF_FUA;
8925		if (cdb->byte2 & SWV_DPO)
8926			flags |= CTL_LLF_DPO;
8927		lba = scsi_4btoul(cdb->addr);
8928		num_blocks = scsi_4btoul(cdb->length);
8929		break;
8930	}
8931	case READ_16:
8932	case WRITE_16: {
8933		struct scsi_rw_16 *cdb;
8934
8935		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8936		if (cdb->byte2 & SRW12_FUA)
8937			flags |= CTL_LLF_FUA;
8938		if (cdb->byte2 & SRW12_DPO)
8939			flags |= CTL_LLF_DPO;
8940		lba = scsi_8btou64(cdb->addr);
8941		num_blocks = scsi_4btoul(cdb->length);
8942		break;
8943	}
8944	case WRITE_ATOMIC_16: {
8945		struct scsi_write_atomic_16 *cdb;
8946
8947		if (lun->be_lun->atomicblock == 0) {
8948			ctl_set_invalid_opcode(ctsio);
8949			ctl_done((union ctl_io *)ctsio);
8950			return (CTL_RETVAL_COMPLETE);
8951		}
8952
8953		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8954		if (cdb->byte2 & SRW12_FUA)
8955			flags |= CTL_LLF_FUA;
8956		if (cdb->byte2 & SRW12_DPO)
8957			flags |= CTL_LLF_DPO;
8958		lba = scsi_8btou64(cdb->addr);
8959		num_blocks = scsi_2btoul(cdb->length);
8960		if (num_blocks > lun->be_lun->atomicblock) {
8961			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8962			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8963			    /*bit*/ 0);
8964			ctl_done((union ctl_io *)ctsio);
8965			return (CTL_RETVAL_COMPLETE);
8966		}
8967		break;
8968	}
8969	case WRITE_VERIFY_16: {
8970		struct scsi_write_verify_16 *cdb;
8971
8972		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8973		flags |= CTL_LLF_FUA;
8974		if (cdb->byte2 & SWV_DPO)
8975			flags |= CTL_LLF_DPO;
8976		lba = scsi_8btou64(cdb->addr);
8977		num_blocks = scsi_4btoul(cdb->length);
8978		break;
8979	}
8980	default:
8981		/*
8982		 * We got a command we don't support.  This shouldn't
8983		 * happen, commands should be filtered out above us.
8984		 */
8985		ctl_set_invalid_opcode(ctsio);
8986		ctl_done((union ctl_io *)ctsio);
8987
8988		return (CTL_RETVAL_COMPLETE);
8989		break; /* NOTREACHED */
8990	}
8991
8992	/*
8993	 * The first check is to make sure we're in bounds, the second
8994	 * check is to catch wrap-around problems.  If the lba + num blocks
8995	 * is less than the lba, then we've wrapped around and the block
8996	 * range is invalid anyway.
8997	 */
8998	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8999	 || ((lba + num_blocks) < lba)) {
9000		ctl_set_lba_out_of_range(ctsio);
9001		ctl_done((union ctl_io *)ctsio);
9002		return (CTL_RETVAL_COMPLETE);
9003	}
9004
9005	/*
9006	 * According to SBC-3, a transfer length of 0 is not an error.
9007	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9008	 * translates to 256 blocks for those commands.
9009	 */
9010	if (num_blocks == 0) {
9011		ctl_set_success(ctsio);
9012		ctl_done((union ctl_io *)ctsio);
9013		return (CTL_RETVAL_COMPLETE);
9014	}
9015
9016	/* Set FUA and/or DPO if caches are disabled. */
9017	if (isread) {
9018		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9019		    SCP_RCD) != 0)
9020			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9021	} else {
9022		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9023		    SCP_WCE) == 0)
9024			flags |= CTL_LLF_FUA;
9025	}
9026
9027	lbalen = (struct ctl_lba_len_flags *)
9028	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9029	lbalen->lba = lba;
9030	lbalen->len = num_blocks;
9031	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9032
9033	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9034	ctsio->kern_rel_offset = 0;
9035
9036	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9037
9038	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9039
9040	return (retval);
9041}
9042
9043static int
9044ctl_cnw_cont(union ctl_io *io)
9045{
9046	struct ctl_scsiio *ctsio;
9047	struct ctl_lun *lun;
9048	struct ctl_lba_len_flags *lbalen;
9049	int retval;
9050
9051	ctsio = &io->scsiio;
9052	ctsio->io_hdr.status = CTL_STATUS_NONE;
9053	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9054	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9055	lbalen = (struct ctl_lba_len_flags *)
9056	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9057	lbalen->flags &= ~CTL_LLF_COMPARE;
9058	lbalen->flags |= CTL_LLF_WRITE;
9059
9060	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9061	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9062	return (retval);
9063}
9064
9065int
9066ctl_cnw(struct ctl_scsiio *ctsio)
9067{
9068	struct ctl_lun *lun;
9069	struct ctl_lba_len_flags *lbalen;
9070	uint64_t lba;
9071	uint32_t num_blocks;
9072	int flags, retval;
9073
9074	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9075
9076	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9077
9078	flags = 0;
9079	retval = CTL_RETVAL_COMPLETE;
9080
9081	switch (ctsio->cdb[0]) {
9082	case COMPARE_AND_WRITE: {
9083		struct scsi_compare_and_write *cdb;
9084
9085		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9086		if (cdb->byte2 & SRW10_FUA)
9087			flags |= CTL_LLF_FUA;
9088		if (cdb->byte2 & SRW10_DPO)
9089			flags |= CTL_LLF_DPO;
9090		lba = scsi_8btou64(cdb->addr);
9091		num_blocks = cdb->length;
9092		break;
9093	}
9094	default:
9095		/*
9096		 * We got a command we don't support.  This shouldn't
9097		 * happen, commands should be filtered out above us.
9098		 */
9099		ctl_set_invalid_opcode(ctsio);
9100		ctl_done((union ctl_io *)ctsio);
9101
9102		return (CTL_RETVAL_COMPLETE);
9103		break; /* NOTREACHED */
9104	}
9105
9106	/*
9107	 * The first check is to make sure we're in bounds, the second
9108	 * check is to catch wrap-around problems.  If the lba + num blocks
9109	 * is less than the lba, then we've wrapped around and the block
9110	 * range is invalid anyway.
9111	 */
9112	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9113	 || ((lba + num_blocks) < lba)) {
9114		ctl_set_lba_out_of_range(ctsio);
9115		ctl_done((union ctl_io *)ctsio);
9116		return (CTL_RETVAL_COMPLETE);
9117	}
9118
9119	/*
9120	 * According to SBC-3, a transfer length of 0 is not an error.
9121	 */
9122	if (num_blocks == 0) {
9123		ctl_set_success(ctsio);
9124		ctl_done((union ctl_io *)ctsio);
9125		return (CTL_RETVAL_COMPLETE);
9126	}
9127
9128	/* Set FUA if write cache is disabled. */
9129	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9130	    SCP_WCE) == 0)
9131		flags |= CTL_LLF_FUA;
9132
9133	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9134	ctsio->kern_rel_offset = 0;
9135
9136	/*
9137	 * Set the IO_CONT flag, so that if this I/O gets passed to
9138	 * ctl_data_submit_done(), it'll get passed back to
9139	 * ctl_ctl_cnw_cont() for further processing.
9140	 */
9141	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9142	ctsio->io_cont = ctl_cnw_cont;
9143
9144	lbalen = (struct ctl_lba_len_flags *)
9145	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9146	lbalen->lba = lba;
9147	lbalen->len = num_blocks;
9148	lbalen->flags = CTL_LLF_COMPARE | flags;
9149
9150	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9151	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9152	return (retval);
9153}
9154
9155int
9156ctl_verify(struct ctl_scsiio *ctsio)
9157{
9158	struct ctl_lun *lun;
9159	struct ctl_lba_len_flags *lbalen;
9160	uint64_t lba;
9161	uint32_t num_blocks;
9162	int bytchk, flags;
9163	int retval;
9164
9165	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9166
9167	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9168
9169	bytchk = 0;
9170	flags = CTL_LLF_FUA;
9171	retval = CTL_RETVAL_COMPLETE;
9172
9173	switch (ctsio->cdb[0]) {
9174	case VERIFY_10: {
9175		struct scsi_verify_10 *cdb;
9176
9177		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9178		if (cdb->byte2 & SVFY_BYTCHK)
9179			bytchk = 1;
9180		if (cdb->byte2 & SVFY_DPO)
9181			flags |= CTL_LLF_DPO;
9182		lba = scsi_4btoul(cdb->addr);
9183		num_blocks = scsi_2btoul(cdb->length);
9184		break;
9185	}
9186	case VERIFY_12: {
9187		struct scsi_verify_12 *cdb;
9188
9189		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9190		if (cdb->byte2 & SVFY_BYTCHK)
9191			bytchk = 1;
9192		if (cdb->byte2 & SVFY_DPO)
9193			flags |= CTL_LLF_DPO;
9194		lba = scsi_4btoul(cdb->addr);
9195		num_blocks = scsi_4btoul(cdb->length);
9196		break;
9197	}
9198	case VERIFY_16: {
9199		struct scsi_rw_16 *cdb;
9200
9201		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9202		if (cdb->byte2 & SVFY_BYTCHK)
9203			bytchk = 1;
9204		if (cdb->byte2 & SVFY_DPO)
9205			flags |= CTL_LLF_DPO;
9206		lba = scsi_8btou64(cdb->addr);
9207		num_blocks = scsi_4btoul(cdb->length);
9208		break;
9209	}
9210	default:
9211		/*
9212		 * We got a command we don't support.  This shouldn't
9213		 * happen, commands should be filtered out above us.
9214		 */
9215		ctl_set_invalid_opcode(ctsio);
9216		ctl_done((union ctl_io *)ctsio);
9217		return (CTL_RETVAL_COMPLETE);
9218	}
9219
9220	/*
9221	 * The first check is to make sure we're in bounds, the second
9222	 * check is to catch wrap-around problems.  If the lba + num blocks
9223	 * is less than the lba, then we've wrapped around and the block
9224	 * range is invalid anyway.
9225	 */
9226	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9227	 || ((lba + num_blocks) < lba)) {
9228		ctl_set_lba_out_of_range(ctsio);
9229		ctl_done((union ctl_io *)ctsio);
9230		return (CTL_RETVAL_COMPLETE);
9231	}
9232
9233	/*
9234	 * According to SBC-3, a transfer length of 0 is not an error.
9235	 */
9236	if (num_blocks == 0) {
9237		ctl_set_success(ctsio);
9238		ctl_done((union ctl_io *)ctsio);
9239		return (CTL_RETVAL_COMPLETE);
9240	}
9241
9242	lbalen = (struct ctl_lba_len_flags *)
9243	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9244	lbalen->lba = lba;
9245	lbalen->len = num_blocks;
9246	if (bytchk) {
9247		lbalen->flags = CTL_LLF_COMPARE | flags;
9248		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9249	} else {
9250		lbalen->flags = CTL_LLF_VERIFY | flags;
9251		ctsio->kern_total_len = 0;
9252	}
9253	ctsio->kern_rel_offset = 0;
9254
9255	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9256	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9257	return (retval);
9258}
9259
9260int
9261ctl_report_luns(struct ctl_scsiio *ctsio)
9262{
9263	struct ctl_softc *softc = control_softc;
9264	struct scsi_report_luns *cdb;
9265	struct scsi_report_luns_data *lun_data;
9266	struct ctl_lun *lun, *request_lun;
9267	struct ctl_port *port;
9268	int num_luns, retval;
9269	uint32_t alloc_len, lun_datalen;
9270	int num_filled, well_known;
9271	uint32_t initidx, targ_lun_id, lun_id;
9272
9273	retval = CTL_RETVAL_COMPLETE;
9274	well_known = 0;
9275
9276	cdb = (struct scsi_report_luns *)ctsio->cdb;
9277	port = ctl_io_port(&ctsio->io_hdr);
9278
9279	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9280
9281	mtx_lock(&softc->ctl_lock);
9282	num_luns = 0;
9283	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9284		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9285			num_luns++;
9286	}
9287	mtx_unlock(&softc->ctl_lock);
9288
9289	switch (cdb->select_report) {
9290	case RPL_REPORT_DEFAULT:
9291	case RPL_REPORT_ALL:
9292		break;
9293	case RPL_REPORT_WELLKNOWN:
9294		well_known = 1;
9295		num_luns = 0;
9296		break;
9297	default:
9298		ctl_set_invalid_field(ctsio,
9299				      /*sks_valid*/ 1,
9300				      /*command*/ 1,
9301				      /*field*/ 2,
9302				      /*bit_valid*/ 0,
9303				      /*bit*/ 0);
9304		ctl_done((union ctl_io *)ctsio);
9305		return (retval);
9306		break; /* NOTREACHED */
9307	}
9308
9309	alloc_len = scsi_4btoul(cdb->length);
9310	/*
9311	 * The initiator has to allocate at least 16 bytes for this request,
9312	 * so he can at least get the header and the first LUN.  Otherwise
9313	 * we reject the request (per SPC-3 rev 14, section 6.21).
9314	 */
9315	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9316	    sizeof(struct scsi_report_luns_lundata))) {
9317		ctl_set_invalid_field(ctsio,
9318				      /*sks_valid*/ 1,
9319				      /*command*/ 1,
9320				      /*field*/ 6,
9321				      /*bit_valid*/ 0,
9322				      /*bit*/ 0);
9323		ctl_done((union ctl_io *)ctsio);
9324		return (retval);
9325	}
9326
9327	request_lun = (struct ctl_lun *)
9328		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9329
9330	lun_datalen = sizeof(*lun_data) +
9331		(num_luns * sizeof(struct scsi_report_luns_lundata));
9332
9333	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9334	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9335	ctsio->kern_sg_entries = 0;
9336
9337	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9338
9339	mtx_lock(&softc->ctl_lock);
9340	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9341		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9342		if (lun_id >= CTL_MAX_LUNS)
9343			continue;
9344		lun = softc->ctl_luns[lun_id];
9345		if (lun == NULL)
9346			continue;
9347
9348		if (targ_lun_id <= 0xff) {
9349			/*
9350			 * Peripheral addressing method, bus number 0.
9351			 */
9352			lun_data->luns[num_filled].lundata[0] =
9353				RPL_LUNDATA_ATYP_PERIPH;
9354			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9355			num_filled++;
9356		} else if (targ_lun_id <= 0x3fff) {
9357			/*
9358			 * Flat addressing method.
9359			 */
9360			lun_data->luns[num_filled].lundata[0] =
9361				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9362			lun_data->luns[num_filled].lundata[1] =
9363				(targ_lun_id & 0xff);
9364			num_filled++;
9365		} else if (targ_lun_id <= 0xffffff) {
9366			/*
9367			 * Extended flat addressing method.
9368			 */
9369			lun_data->luns[num_filled].lundata[0] =
9370			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9371			scsi_ulto3b(targ_lun_id,
9372			    &lun_data->luns[num_filled].lundata[1]);
9373			num_filled++;
9374		} else {
9375			printf("ctl_report_luns: bogus LUN number %jd, "
9376			       "skipping\n", (intmax_t)targ_lun_id);
9377		}
9378		/*
9379		 * According to SPC-3, rev 14 section 6.21:
9380		 *
9381		 * "The execution of a REPORT LUNS command to any valid and
9382		 * installed logical unit shall clear the REPORTED LUNS DATA
9383		 * HAS CHANGED unit attention condition for all logical
9384		 * units of that target with respect to the requesting
9385		 * initiator. A valid and installed logical unit is one
9386		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9387		 * INQUIRY data (see 6.4.2)."
9388		 *
9389		 * If request_lun is NULL, the LUN this report luns command
9390		 * was issued to is either disabled or doesn't exist. In that
9391		 * case, we shouldn't clear any pending lun change unit
9392		 * attention.
9393		 */
9394		if (request_lun != NULL) {
9395			mtx_lock(&lun->lun_lock);
9396			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9397			mtx_unlock(&lun->lun_lock);
9398		}
9399	}
9400	mtx_unlock(&softc->ctl_lock);
9401
9402	/*
9403	 * It's quite possible that we've returned fewer LUNs than we allocated
9404	 * space for.  Trim it.
9405	 */
9406	lun_datalen = sizeof(*lun_data) +
9407		(num_filled * sizeof(struct scsi_report_luns_lundata));
9408
9409	if (lun_datalen < alloc_len) {
9410		ctsio->residual = alloc_len - lun_datalen;
9411		ctsio->kern_data_len = lun_datalen;
9412		ctsio->kern_total_len = lun_datalen;
9413	} else {
9414		ctsio->residual = 0;
9415		ctsio->kern_data_len = alloc_len;
9416		ctsio->kern_total_len = alloc_len;
9417	}
9418	ctsio->kern_data_resid = 0;
9419	ctsio->kern_rel_offset = 0;
9420	ctsio->kern_sg_entries = 0;
9421
9422	/*
9423	 * We set this to the actual data length, regardless of how much
9424	 * space we actually have to return results.  If the user looks at
9425	 * this value, he'll know whether or not he allocated enough space
9426	 * and reissue the command if necessary.  We don't support well
9427	 * known logical units, so if the user asks for that, return none.
9428	 */
9429	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9430
9431	/*
9432	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9433	 * this request.
9434	 */
9435	ctl_set_success(ctsio);
9436	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9437	ctsio->be_move_done = ctl_config_move_done;
9438	ctl_datamove((union ctl_io *)ctsio);
9439	return (retval);
9440}
9441
9442int
9443ctl_request_sense(struct ctl_scsiio *ctsio)
9444{
9445	struct scsi_request_sense *cdb;
9446	struct scsi_sense_data *sense_ptr;
9447	struct ctl_softc *ctl_softc;
9448	struct ctl_lun *lun;
9449	uint32_t initidx;
9450	int have_error;
9451	scsi_sense_data_type sense_format;
9452	ctl_ua_type ua_type;
9453
9454	cdb = (struct scsi_request_sense *)ctsio->cdb;
9455
9456	ctl_softc = control_softc;
9457	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9458
9459	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9460
9461	/*
9462	 * Determine which sense format the user wants.
9463	 */
9464	if (cdb->byte2 & SRS_DESC)
9465		sense_format = SSD_TYPE_DESC;
9466	else
9467		sense_format = SSD_TYPE_FIXED;
9468
9469	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9470	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9471	ctsio->kern_sg_entries = 0;
9472
9473	/*
9474	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9475	 * larger than the largest allowed value for the length field in the
9476	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9477	 */
9478	ctsio->residual = 0;
9479	ctsio->kern_data_len = cdb->length;
9480	ctsio->kern_total_len = cdb->length;
9481
9482	ctsio->kern_data_resid = 0;
9483	ctsio->kern_rel_offset = 0;
9484	ctsio->kern_sg_entries = 0;
9485
9486	/*
9487	 * If we don't have a LUN, we don't have any pending sense.
9488	 */
9489	if (lun == NULL)
9490		goto no_sense;
9491
9492	have_error = 0;
9493	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9494	/*
9495	 * Check for pending sense, and then for pending unit attentions.
9496	 * Pending sense gets returned first, then pending unit attentions.
9497	 */
9498	mtx_lock(&lun->lun_lock);
9499#ifdef CTL_WITH_CA
9500	if (ctl_is_set(lun->have_ca, initidx)) {
9501		scsi_sense_data_type stored_format;
9502
9503		/*
9504		 * Check to see which sense format was used for the stored
9505		 * sense data.
9506		 */
9507		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9508
9509		/*
9510		 * If the user requested a different sense format than the
9511		 * one we stored, then we need to convert it to the other
9512		 * format.  If we're going from descriptor to fixed format
9513		 * sense data, we may lose things in translation, depending
9514		 * on what options were used.
9515		 *
9516		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9517		 * for some reason we'll just copy it out as-is.
9518		 */
9519		if ((stored_format == SSD_TYPE_FIXED)
9520		 && (sense_format == SSD_TYPE_DESC))
9521			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9522			    &lun->pending_sense[initidx],
9523			    (struct scsi_sense_data_desc *)sense_ptr);
9524		else if ((stored_format == SSD_TYPE_DESC)
9525		      && (sense_format == SSD_TYPE_FIXED))
9526			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9527			    &lun->pending_sense[initidx],
9528			    (struct scsi_sense_data_fixed *)sense_ptr);
9529		else
9530			memcpy(sense_ptr, &lun->pending_sense[initidx],
9531			       MIN(sizeof(*sense_ptr),
9532			       sizeof(lun->pending_sense[initidx])));
9533
9534		ctl_clear_mask(lun->have_ca, initidx);
9535		have_error = 1;
9536	} else
9537#endif
9538	{
9539		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9540		if (ua_type != CTL_UA_NONE)
9541			have_error = 1;
9542		if (ua_type == CTL_UA_LUN_CHANGE) {
9543			mtx_unlock(&lun->lun_lock);
9544			mtx_lock(&ctl_softc->ctl_lock);
9545			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9546			mtx_unlock(&ctl_softc->ctl_lock);
9547			mtx_lock(&lun->lun_lock);
9548		}
9549
9550	}
9551	mtx_unlock(&lun->lun_lock);
9552
9553	/*
9554	 * We already have a pending error, return it.
9555	 */
9556	if (have_error != 0) {
9557		/*
9558		 * We report the SCSI status as OK, since the status of the
9559		 * request sense command itself is OK.
9560		 * We report 0 for the sense length, because we aren't doing
9561		 * autosense in this case.  We're reporting sense as
9562		 * parameter data.
9563		 */
9564		ctl_set_success(ctsio);
9565		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9566		ctsio->be_move_done = ctl_config_move_done;
9567		ctl_datamove((union ctl_io *)ctsio);
9568		return (CTL_RETVAL_COMPLETE);
9569	}
9570
9571no_sense:
9572
9573	/*
9574	 * No sense information to report, so we report that everything is
9575	 * okay.
9576	 */
9577	ctl_set_sense_data(sense_ptr,
9578			   lun,
9579			   sense_format,
9580			   /*current_error*/ 1,
9581			   /*sense_key*/ SSD_KEY_NO_SENSE,
9582			   /*asc*/ 0x00,
9583			   /*ascq*/ 0x00,
9584			   SSD_ELEM_NONE);
9585
9586	/*
9587	 * We report 0 for the sense length, because we aren't doing
9588	 * autosense in this case.  We're reporting sense as parameter data.
9589	 */
9590	ctl_set_success(ctsio);
9591	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9592	ctsio->be_move_done = ctl_config_move_done;
9593	ctl_datamove((union ctl_io *)ctsio);
9594	return (CTL_RETVAL_COMPLETE);
9595}
9596
9597int
9598ctl_tur(struct ctl_scsiio *ctsio)
9599{
9600
9601	CTL_DEBUG_PRINT(("ctl_tur\n"));
9602
9603	ctl_set_success(ctsio);
9604	ctl_done((union ctl_io *)ctsio);
9605
9606	return (CTL_RETVAL_COMPLETE);
9607}
9608
9609/*
9610 * SCSI VPD page 0x00, the Supported VPD Pages page.
9611 */
9612static int
9613ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9614{
9615	struct scsi_vpd_supported_pages *pages;
9616	int sup_page_size;
9617	struct ctl_lun *lun;
9618	int p;
9619
9620	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9621
9622	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9623	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9624	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9625	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9626	ctsio->kern_sg_entries = 0;
9627
9628	if (sup_page_size < alloc_len) {
9629		ctsio->residual = alloc_len - sup_page_size;
9630		ctsio->kern_data_len = sup_page_size;
9631		ctsio->kern_total_len = sup_page_size;
9632	} else {
9633		ctsio->residual = 0;
9634		ctsio->kern_data_len = alloc_len;
9635		ctsio->kern_total_len = alloc_len;
9636	}
9637	ctsio->kern_data_resid = 0;
9638	ctsio->kern_rel_offset = 0;
9639	ctsio->kern_sg_entries = 0;
9640
9641	/*
9642	 * The control device is always connected.  The disk device, on the
9643	 * other hand, may not be online all the time.  Need to change this
9644	 * to figure out whether the disk device is actually online or not.
9645	 */
9646	if (lun != NULL)
9647		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9648				lun->be_lun->lun_type;
9649	else
9650		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9651
9652	p = 0;
9653	/* Supported VPD pages */
9654	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9655	/* Serial Number */
9656	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9657	/* Device Identification */
9658	pages->page_list[p++] = SVPD_DEVICE_ID;
9659	/* Extended INQUIRY Data */
9660	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9661	/* Mode Page Policy */
9662	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9663	/* SCSI Ports */
9664	pages->page_list[p++] = SVPD_SCSI_PORTS;
9665	/* Third-party Copy */
9666	pages->page_list[p++] = SVPD_SCSI_TPC;
9667	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9668		/* Block limits */
9669		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9670		/* Block Device Characteristics */
9671		pages->page_list[p++] = SVPD_BDC;
9672		/* Logical Block Provisioning */
9673		pages->page_list[p++] = SVPD_LBP;
9674	}
9675	pages->length = p;
9676
9677	ctl_set_success(ctsio);
9678	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9679	ctsio->be_move_done = ctl_config_move_done;
9680	ctl_datamove((union ctl_io *)ctsio);
9681	return (CTL_RETVAL_COMPLETE);
9682}
9683
9684/*
9685 * SCSI VPD page 0x80, the Unit Serial Number page.
9686 */
9687static int
9688ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9689{
9690	struct scsi_vpd_unit_serial_number *sn_ptr;
9691	struct ctl_lun *lun;
9692	int data_len;
9693
9694	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9695
9696	data_len = 4 + CTL_SN_LEN;
9697	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9698	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9699	if (data_len < alloc_len) {
9700		ctsio->residual = alloc_len - data_len;
9701		ctsio->kern_data_len = data_len;
9702		ctsio->kern_total_len = data_len;
9703	} else {
9704		ctsio->residual = 0;
9705		ctsio->kern_data_len = alloc_len;
9706		ctsio->kern_total_len = alloc_len;
9707	}
9708	ctsio->kern_data_resid = 0;
9709	ctsio->kern_rel_offset = 0;
9710	ctsio->kern_sg_entries = 0;
9711
9712	/*
9713	 * The control device is always connected.  The disk device, on the
9714	 * other hand, may not be online all the time.  Need to change this
9715	 * to figure out whether the disk device is actually online or not.
9716	 */
9717	if (lun != NULL)
9718		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9719				  lun->be_lun->lun_type;
9720	else
9721		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9722
9723	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9724	sn_ptr->length = CTL_SN_LEN;
9725	/*
9726	 * If we don't have a LUN, we just leave the serial number as
9727	 * all spaces.
9728	 */
9729	if (lun != NULL) {
9730		strncpy((char *)sn_ptr->serial_num,
9731			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9732	} else
9733		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9734
9735	ctl_set_success(ctsio);
9736	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9737	ctsio->be_move_done = ctl_config_move_done;
9738	ctl_datamove((union ctl_io *)ctsio);
9739	return (CTL_RETVAL_COMPLETE);
9740}
9741
9742
9743/*
9744 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9745 */
9746static int
9747ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9748{
9749	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9750	struct ctl_lun *lun;
9751	int data_len;
9752
9753	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9754
9755	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9756	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9757	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9758	ctsio->kern_sg_entries = 0;
9759
9760	if (data_len < alloc_len) {
9761		ctsio->residual = alloc_len - data_len;
9762		ctsio->kern_data_len = data_len;
9763		ctsio->kern_total_len = data_len;
9764	} else {
9765		ctsio->residual = 0;
9766		ctsio->kern_data_len = alloc_len;
9767		ctsio->kern_total_len = alloc_len;
9768	}
9769	ctsio->kern_data_resid = 0;
9770	ctsio->kern_rel_offset = 0;
9771	ctsio->kern_sg_entries = 0;
9772
9773	/*
9774	 * The control device is always connected.  The disk device, on the
9775	 * other hand, may not be online all the time.
9776	 */
9777	if (lun != NULL)
9778		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9779				     lun->be_lun->lun_type;
9780	else
9781		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9782	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9783	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9784	/*
9785	 * We support head of queue, ordered and simple tags.
9786	 */
9787	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9788	/*
9789	 * Volatile cache supported.
9790	 */
9791	eid_ptr->flags3 = SVPD_EID_V_SUP;
9792
9793	/*
9794	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9795	 * attention for a particular IT nexus on all LUNs once we report
9796	 * it to that nexus once.  This bit is required as of SPC-4.
9797	 */
9798	eid_ptr->flags4 = SVPD_EID_LUICLT;
9799
9800	/*
9801	 * XXX KDM in order to correctly answer this, we would need
9802	 * information from the SIM to determine how much sense data it
9803	 * can send.  So this would really be a path inquiry field, most
9804	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9805	 * but the hardware may or may not be able to support that much.
9806	 * 0 just means that the maximum sense data length is not reported.
9807	 */
9808	eid_ptr->max_sense_length = 0;
9809
9810	ctl_set_success(ctsio);
9811	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9812	ctsio->be_move_done = ctl_config_move_done;
9813	ctl_datamove((union ctl_io *)ctsio);
9814	return (CTL_RETVAL_COMPLETE);
9815}
9816
9817static int
9818ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9819{
9820	struct scsi_vpd_mode_page_policy *mpp_ptr;
9821	struct ctl_lun *lun;
9822	int data_len;
9823
9824	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9825
9826	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9827	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9828
9829	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9830	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9831	ctsio->kern_sg_entries = 0;
9832
9833	if (data_len < alloc_len) {
9834		ctsio->residual = alloc_len - data_len;
9835		ctsio->kern_data_len = data_len;
9836		ctsio->kern_total_len = data_len;
9837	} else {
9838		ctsio->residual = 0;
9839		ctsio->kern_data_len = alloc_len;
9840		ctsio->kern_total_len = alloc_len;
9841	}
9842	ctsio->kern_data_resid = 0;
9843	ctsio->kern_rel_offset = 0;
9844	ctsio->kern_sg_entries = 0;
9845
9846	/*
9847	 * The control device is always connected.  The disk device, on the
9848	 * other hand, may not be online all the time.
9849	 */
9850	if (lun != NULL)
9851		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9852				     lun->be_lun->lun_type;
9853	else
9854		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9855	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9856	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9857	mpp_ptr->descr[0].page_code = 0x3f;
9858	mpp_ptr->descr[0].subpage_code = 0xff;
9859	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9860
9861	ctl_set_success(ctsio);
9862	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9863	ctsio->be_move_done = ctl_config_move_done;
9864	ctl_datamove((union ctl_io *)ctsio);
9865	return (CTL_RETVAL_COMPLETE);
9866}
9867
9868/*
9869 * SCSI VPD page 0x83, the Device Identification page.
9870 */
9871static int
9872ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9873{
9874	struct scsi_vpd_device_id *devid_ptr;
9875	struct scsi_vpd_id_descriptor *desc;
9876	struct ctl_softc *softc;
9877	struct ctl_lun *lun;
9878	struct ctl_port *port;
9879	int data_len;
9880	uint8_t proto;
9881
9882	softc = control_softc;
9883
9884	port = ctl_io_port(&ctsio->io_hdr);
9885	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9886
9887	data_len = sizeof(struct scsi_vpd_device_id) +
9888	    sizeof(struct scsi_vpd_id_descriptor) +
9889		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9890	    sizeof(struct scsi_vpd_id_descriptor) +
9891		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9892	if (lun && lun->lun_devid)
9893		data_len += lun->lun_devid->len;
9894	if (port && port->port_devid)
9895		data_len += port->port_devid->len;
9896	if (port && port->target_devid)
9897		data_len += port->target_devid->len;
9898
9899	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9900	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9901	ctsio->kern_sg_entries = 0;
9902
9903	if (data_len < alloc_len) {
9904		ctsio->residual = alloc_len - data_len;
9905		ctsio->kern_data_len = data_len;
9906		ctsio->kern_total_len = data_len;
9907	} else {
9908		ctsio->residual = 0;
9909		ctsio->kern_data_len = alloc_len;
9910		ctsio->kern_total_len = alloc_len;
9911	}
9912	ctsio->kern_data_resid = 0;
9913	ctsio->kern_rel_offset = 0;
9914	ctsio->kern_sg_entries = 0;
9915
9916	/*
9917	 * The control device is always connected.  The disk device, on the
9918	 * other hand, may not be online all the time.
9919	 */
9920	if (lun != NULL)
9921		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9922				     lun->be_lun->lun_type;
9923	else
9924		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9925	devid_ptr->page_code = SVPD_DEVICE_ID;
9926	scsi_ulto2b(data_len - 4, devid_ptr->length);
9927
9928	if (port && port->port_type == CTL_PORT_FC)
9929		proto = SCSI_PROTO_FC << 4;
9930	else if (port && port->port_type == CTL_PORT_ISCSI)
9931		proto = SCSI_PROTO_ISCSI << 4;
9932	else
9933		proto = SCSI_PROTO_SPI << 4;
9934	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9935
9936	/*
9937	 * We're using a LUN association here.  i.e., this device ID is a
9938	 * per-LUN identifier.
9939	 */
9940	if (lun && lun->lun_devid) {
9941		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9942		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9943		    lun->lun_devid->len);
9944	}
9945
9946	/*
9947	 * This is for the WWPN which is a port association.
9948	 */
9949	if (port && port->port_devid) {
9950		memcpy(desc, port->port_devid->data, port->port_devid->len);
9951		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9952		    port->port_devid->len);
9953	}
9954
9955	/*
9956	 * This is for the Relative Target Port(type 4h) identifier
9957	 */
9958	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9959	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9960	    SVPD_ID_TYPE_RELTARG;
9961	desc->length = 4;
9962	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9963	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9964	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9965
9966	/*
9967	 * This is for the Target Port Group(type 5h) identifier
9968	 */
9969	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9970	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9971	    SVPD_ID_TYPE_TPORTGRP;
9972	desc->length = 4;
9973	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9974	    &desc->identifier[2]);
9975	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9976	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9977
9978	/*
9979	 * This is for the Target identifier
9980	 */
9981	if (port && port->target_devid) {
9982		memcpy(desc, port->target_devid->data, port->target_devid->len);
9983	}
9984
9985	ctl_set_success(ctsio);
9986	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9987	ctsio->be_move_done = ctl_config_move_done;
9988	ctl_datamove((union ctl_io *)ctsio);
9989	return (CTL_RETVAL_COMPLETE);
9990}
9991
9992static int
9993ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9994{
9995	struct ctl_softc *softc = control_softc;
9996	struct scsi_vpd_scsi_ports *sp;
9997	struct scsi_vpd_port_designation *pd;
9998	struct scsi_vpd_port_designation_cont *pdc;
9999	struct ctl_lun *lun;
10000	struct ctl_port *port;
10001	int data_len, num_target_ports, iid_len, id_len;
10002
10003	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10004
10005	num_target_ports = 0;
10006	iid_len = 0;
10007	id_len = 0;
10008	mtx_lock(&softc->ctl_lock);
10009	STAILQ_FOREACH(port, &softc->port_list, links) {
10010		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10011			continue;
10012		if (lun != NULL &&
10013		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
10014			continue;
10015		num_target_ports++;
10016		if (port->init_devid)
10017			iid_len += port->init_devid->len;
10018		if (port->port_devid)
10019			id_len += port->port_devid->len;
10020	}
10021	mtx_unlock(&softc->ctl_lock);
10022
10023	data_len = sizeof(struct scsi_vpd_scsi_ports) +
10024	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10025	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10026	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10027	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10028	ctsio->kern_sg_entries = 0;
10029
10030	if (data_len < alloc_len) {
10031		ctsio->residual = alloc_len - data_len;
10032		ctsio->kern_data_len = data_len;
10033		ctsio->kern_total_len = data_len;
10034	} else {
10035		ctsio->residual = 0;
10036		ctsio->kern_data_len = alloc_len;
10037		ctsio->kern_total_len = alloc_len;
10038	}
10039	ctsio->kern_data_resid = 0;
10040	ctsio->kern_rel_offset = 0;
10041	ctsio->kern_sg_entries = 0;
10042
10043	/*
10044	 * The control device is always connected.  The disk device, on the
10045	 * other hand, may not be online all the time.  Need to change this
10046	 * to figure out whether the disk device is actually online or not.
10047	 */
10048	if (lun != NULL)
10049		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10050				  lun->be_lun->lun_type;
10051	else
10052		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10053
10054	sp->page_code = SVPD_SCSI_PORTS;
10055	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10056	    sp->page_length);
10057	pd = &sp->design[0];
10058
10059	mtx_lock(&softc->ctl_lock);
10060	STAILQ_FOREACH(port, &softc->port_list, links) {
10061		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10062			continue;
10063		if (lun != NULL &&
10064		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
10065			continue;
10066		scsi_ulto2b(port->targ_port, pd->relative_port_id);
10067		if (port->init_devid) {
10068			iid_len = port->init_devid->len;
10069			memcpy(pd->initiator_transportid,
10070			    port->init_devid->data, port->init_devid->len);
10071		} else
10072			iid_len = 0;
10073		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10074		pdc = (struct scsi_vpd_port_designation_cont *)
10075		    (&pd->initiator_transportid[iid_len]);
10076		if (port->port_devid) {
10077			id_len = port->port_devid->len;
10078			memcpy(pdc->target_port_descriptors,
10079			    port->port_devid->data, port->port_devid->len);
10080		} else
10081			id_len = 0;
10082		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10083		pd = (struct scsi_vpd_port_designation *)
10084		    ((uint8_t *)pdc->target_port_descriptors + id_len);
10085	}
10086	mtx_unlock(&softc->ctl_lock);
10087
10088	ctl_set_success(ctsio);
10089	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10090	ctsio->be_move_done = ctl_config_move_done;
10091	ctl_datamove((union ctl_io *)ctsio);
10092	return (CTL_RETVAL_COMPLETE);
10093}
10094
10095static int
10096ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10097{
10098	struct scsi_vpd_block_limits *bl_ptr;
10099	struct ctl_lun *lun;
10100	int bs;
10101
10102	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10103
10104	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10105	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10106	ctsio->kern_sg_entries = 0;
10107
10108	if (sizeof(*bl_ptr) < alloc_len) {
10109		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10110		ctsio->kern_data_len = sizeof(*bl_ptr);
10111		ctsio->kern_total_len = sizeof(*bl_ptr);
10112	} else {
10113		ctsio->residual = 0;
10114		ctsio->kern_data_len = alloc_len;
10115		ctsio->kern_total_len = alloc_len;
10116	}
10117	ctsio->kern_data_resid = 0;
10118	ctsio->kern_rel_offset = 0;
10119	ctsio->kern_sg_entries = 0;
10120
10121	/*
10122	 * The control device is always connected.  The disk device, on the
10123	 * other hand, may not be online all the time.  Need to change this
10124	 * to figure out whether the disk device is actually online or not.
10125	 */
10126	if (lun != NULL)
10127		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10128				  lun->be_lun->lun_type;
10129	else
10130		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10131
10132	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10133	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10134	bl_ptr->max_cmp_write_len = 0xff;
10135	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10136	if (lun != NULL) {
10137		bs = lun->be_lun->blocksize;
10138		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
10139		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10140			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10141			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10142			if (lun->be_lun->ublockexp != 0) {
10143				scsi_ulto4b((1 << lun->be_lun->ublockexp),
10144				    bl_ptr->opt_unmap_grain);
10145				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
10146				    bl_ptr->unmap_grain_align);
10147			}
10148		}
10149		scsi_ulto4b(lun->be_lun->atomicblock,
10150		    bl_ptr->max_atomic_transfer_length);
10151		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10152		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10153		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
10154		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
10155	}
10156	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10157
10158	ctl_set_success(ctsio);
10159	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10160	ctsio->be_move_done = ctl_config_move_done;
10161	ctl_datamove((union ctl_io *)ctsio);
10162	return (CTL_RETVAL_COMPLETE);
10163}
10164
10165static int
10166ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10167{
10168	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10169	struct ctl_lun *lun;
10170	const char *value;
10171	u_int i;
10172
10173	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10174
10175	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10176	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10177	ctsio->kern_sg_entries = 0;
10178
10179	if (sizeof(*bdc_ptr) < alloc_len) {
10180		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10181		ctsio->kern_data_len = sizeof(*bdc_ptr);
10182		ctsio->kern_total_len = sizeof(*bdc_ptr);
10183	} else {
10184		ctsio->residual = 0;
10185		ctsio->kern_data_len = alloc_len;
10186		ctsio->kern_total_len = alloc_len;
10187	}
10188	ctsio->kern_data_resid = 0;
10189	ctsio->kern_rel_offset = 0;
10190	ctsio->kern_sg_entries = 0;
10191
10192	/*
10193	 * The control device is always connected.  The disk device, on the
10194	 * other hand, may not be online all the time.  Need to change this
10195	 * to figure out whether the disk device is actually online or not.
10196	 */
10197	if (lun != NULL)
10198		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10199				  lun->be_lun->lun_type;
10200	else
10201		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10202	bdc_ptr->page_code = SVPD_BDC;
10203	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10204	if (lun != NULL &&
10205	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10206		i = strtol(value, NULL, 0);
10207	else
10208		i = CTL_DEFAULT_ROTATION_RATE;
10209	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10210	if (lun != NULL &&
10211	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10212		i = strtol(value, NULL, 0);
10213	else
10214		i = 0;
10215	bdc_ptr->wab_wac_ff = (i & 0x0f);
10216	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10217
10218	ctl_set_success(ctsio);
10219	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10220	ctsio->be_move_done = ctl_config_move_done;
10221	ctl_datamove((union ctl_io *)ctsio);
10222	return (CTL_RETVAL_COMPLETE);
10223}
10224
10225static int
10226ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10227{
10228	struct scsi_vpd_logical_block_prov *lbp_ptr;
10229	struct ctl_lun *lun;
10230
10231	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10232
10233	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10234	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10235	ctsio->kern_sg_entries = 0;
10236
10237	if (sizeof(*lbp_ptr) < alloc_len) {
10238		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10239		ctsio->kern_data_len = sizeof(*lbp_ptr);
10240		ctsio->kern_total_len = sizeof(*lbp_ptr);
10241	} else {
10242		ctsio->residual = 0;
10243		ctsio->kern_data_len = alloc_len;
10244		ctsio->kern_total_len = alloc_len;
10245	}
10246	ctsio->kern_data_resid = 0;
10247	ctsio->kern_rel_offset = 0;
10248	ctsio->kern_sg_entries = 0;
10249
10250	/*
10251	 * The control device is always connected.  The disk device, on the
10252	 * other hand, may not be online all the time.  Need to change this
10253	 * to figure out whether the disk device is actually online or not.
10254	 */
10255	if (lun != NULL)
10256		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10257				  lun->be_lun->lun_type;
10258	else
10259		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10260
10261	lbp_ptr->page_code = SVPD_LBP;
10262	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10263	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10264	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10265		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10266		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10267		lbp_ptr->prov_type = SVPD_LBP_THIN;
10268	}
10269
10270	ctl_set_success(ctsio);
10271	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10272	ctsio->be_move_done = ctl_config_move_done;
10273	ctl_datamove((union ctl_io *)ctsio);
10274	return (CTL_RETVAL_COMPLETE);
10275}
10276
10277/*
10278 * INQUIRY with the EVPD bit set.
10279 */
10280static int
10281ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10282{
10283	struct ctl_lun *lun;
10284	struct scsi_inquiry *cdb;
10285	int alloc_len, retval;
10286
10287	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10288	cdb = (struct scsi_inquiry *)ctsio->cdb;
10289	alloc_len = scsi_2btoul(cdb->length);
10290
10291	switch (cdb->page_code) {
10292	case SVPD_SUPPORTED_PAGES:
10293		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10294		break;
10295	case SVPD_UNIT_SERIAL_NUMBER:
10296		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10297		break;
10298	case SVPD_DEVICE_ID:
10299		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10300		break;
10301	case SVPD_EXTENDED_INQUIRY_DATA:
10302		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10303		break;
10304	case SVPD_MODE_PAGE_POLICY:
10305		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10306		break;
10307	case SVPD_SCSI_PORTS:
10308		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10309		break;
10310	case SVPD_SCSI_TPC:
10311		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10312		break;
10313	case SVPD_BLOCK_LIMITS:
10314		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10315			goto err;
10316		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10317		break;
10318	case SVPD_BDC:
10319		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10320			goto err;
10321		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10322		break;
10323	case SVPD_LBP:
10324		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10325			goto err;
10326		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10327		break;
10328	default:
10329err:
10330		ctl_set_invalid_field(ctsio,
10331				      /*sks_valid*/ 1,
10332				      /*command*/ 1,
10333				      /*field*/ 2,
10334				      /*bit_valid*/ 0,
10335				      /*bit*/ 0);
10336		ctl_done((union ctl_io *)ctsio);
10337		retval = CTL_RETVAL_COMPLETE;
10338		break;
10339	}
10340
10341	return (retval);
10342}
10343
10344/*
10345 * Standard INQUIRY data.
10346 */
10347static int
10348ctl_inquiry_std(struct ctl_scsiio *ctsio)
10349{
10350	struct scsi_inquiry_data *inq_ptr;
10351	struct scsi_inquiry *cdb;
10352	struct ctl_softc *softc;
10353	struct ctl_port *port;
10354	struct ctl_lun *lun;
10355	char *val;
10356	uint32_t alloc_len, data_len;
10357	ctl_port_type port_type;
10358
10359	softc = control_softc;
10360
10361	/*
10362	 * Figure out whether we're talking to a Fibre Channel port or not.
10363	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10364	 * SCSI front ends.
10365	 */
10366	port = ctl_io_port(&ctsio->io_hdr);
10367	if (port != NULL)
10368		port_type = port->port_type;
10369	else
10370		port_type = CTL_PORT_SCSI;
10371	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10372		port_type = CTL_PORT_SCSI;
10373
10374	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10375	cdb = (struct scsi_inquiry *)ctsio->cdb;
10376	alloc_len = scsi_2btoul(cdb->length);
10377
10378	/*
10379	 * We malloc the full inquiry data size here and fill it
10380	 * in.  If the user only asks for less, we'll give him
10381	 * that much.
10382	 */
10383	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10384	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10385	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10386	ctsio->kern_sg_entries = 0;
10387	ctsio->kern_data_resid = 0;
10388	ctsio->kern_rel_offset = 0;
10389
10390	if (data_len < alloc_len) {
10391		ctsio->residual = alloc_len - data_len;
10392		ctsio->kern_data_len = data_len;
10393		ctsio->kern_total_len = data_len;
10394	} else {
10395		ctsio->residual = 0;
10396		ctsio->kern_data_len = alloc_len;
10397		ctsio->kern_total_len = alloc_len;
10398	}
10399
10400	if (lun != NULL) {
10401		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10402		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10403			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10404			    lun->be_lun->lun_type;
10405		} else {
10406			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10407			    lun->be_lun->lun_type;
10408		}
10409	} else
10410		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10411
10412	/* RMB in byte 2 is 0 */
10413	inq_ptr->version = SCSI_REV_SPC4;
10414
10415	/*
10416	 * According to SAM-3, even if a device only supports a single
10417	 * level of LUN addressing, it should still set the HISUP bit:
10418	 *
10419	 * 4.9.1 Logical unit numbers overview
10420	 *
10421	 * All logical unit number formats described in this standard are
10422	 * hierarchical in structure even when only a single level in that
10423	 * hierarchy is used. The HISUP bit shall be set to one in the
10424	 * standard INQUIRY data (see SPC-2) when any logical unit number
10425	 * format described in this standard is used.  Non-hierarchical
10426	 * formats are outside the scope of this standard.
10427	 *
10428	 * Therefore we set the HiSup bit here.
10429	 *
10430	 * The reponse format is 2, per SPC-3.
10431	 */
10432	inq_ptr->response_format = SID_HiSup | 2;
10433
10434	inq_ptr->additional_length = data_len -
10435	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10436	CTL_DEBUG_PRINT(("additional_length = %d\n",
10437			 inq_ptr->additional_length));
10438
10439	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10440	/* 16 bit addressing */
10441	if (port_type == CTL_PORT_SCSI)
10442		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10443	/* XXX set the SID_MultiP bit here if we're actually going to
10444	   respond on multiple ports */
10445	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10446
10447	/* 16 bit data bus, synchronous transfers */
10448	if (port_type == CTL_PORT_SCSI)
10449		inq_ptr->flags = SID_WBus16 | SID_Sync;
10450	/*
10451	 * XXX KDM do we want to support tagged queueing on the control
10452	 * device at all?
10453	 */
10454	if ((lun == NULL)
10455	 || (lun->be_lun->lun_type != T_PROCESSOR))
10456		inq_ptr->flags |= SID_CmdQue;
10457	/*
10458	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10459	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10460	 * name and 4 bytes for the revision.
10461	 */
10462	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10463	    "vendor")) == NULL) {
10464		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10465	} else {
10466		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10467		strncpy(inq_ptr->vendor, val,
10468		    min(sizeof(inq_ptr->vendor), strlen(val)));
10469	}
10470	if (lun == NULL) {
10471		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10472		    sizeof(inq_ptr->product));
10473	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10474		switch (lun->be_lun->lun_type) {
10475		case T_DIRECT:
10476			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10477			    sizeof(inq_ptr->product));
10478			break;
10479		case T_PROCESSOR:
10480			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10481			    sizeof(inq_ptr->product));
10482			break;
10483		default:
10484			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10485			    sizeof(inq_ptr->product));
10486			break;
10487		}
10488	} else {
10489		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10490		strncpy(inq_ptr->product, val,
10491		    min(sizeof(inq_ptr->product), strlen(val)));
10492	}
10493
10494	/*
10495	 * XXX make this a macro somewhere so it automatically gets
10496	 * incremented when we make changes.
10497	 */
10498	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10499	    "revision")) == NULL) {
10500		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10501	} else {
10502		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10503		strncpy(inq_ptr->revision, val,
10504		    min(sizeof(inq_ptr->revision), strlen(val)));
10505	}
10506
10507	/*
10508	 * For parallel SCSI, we support double transition and single
10509	 * transition clocking.  We also support QAS (Quick Arbitration
10510	 * and Selection) and Information Unit transfers on both the
10511	 * control and array devices.
10512	 */
10513	if (port_type == CTL_PORT_SCSI)
10514		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10515				    SID_SPI_IUS;
10516
10517	/* SAM-5 (no version claimed) */
10518	scsi_ulto2b(0x00A0, inq_ptr->version1);
10519	/* SPC-4 (no version claimed) */
10520	scsi_ulto2b(0x0460, inq_ptr->version2);
10521	if (port_type == CTL_PORT_FC) {
10522		/* FCP-2 ANSI INCITS.350:2003 */
10523		scsi_ulto2b(0x0917, inq_ptr->version3);
10524	} else if (port_type == CTL_PORT_SCSI) {
10525		/* SPI-4 ANSI INCITS.362:200x */
10526		scsi_ulto2b(0x0B56, inq_ptr->version3);
10527	} else if (port_type == CTL_PORT_ISCSI) {
10528		/* iSCSI (no version claimed) */
10529		scsi_ulto2b(0x0960, inq_ptr->version3);
10530	} else if (port_type == CTL_PORT_SAS) {
10531		/* SAS (no version claimed) */
10532		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10533	}
10534
10535	if (lun == NULL) {
10536		/* SBC-4 (no version claimed) */
10537		scsi_ulto2b(0x0600, inq_ptr->version4);
10538	} else {
10539		switch (lun->be_lun->lun_type) {
10540		case T_DIRECT:
10541			/* SBC-4 (no version claimed) */
10542			scsi_ulto2b(0x0600, inq_ptr->version4);
10543			break;
10544		case T_PROCESSOR:
10545		default:
10546			break;
10547		}
10548	}
10549
10550	ctl_set_success(ctsio);
10551	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10552	ctsio->be_move_done = ctl_config_move_done;
10553	ctl_datamove((union ctl_io *)ctsio);
10554	return (CTL_RETVAL_COMPLETE);
10555}
10556
10557int
10558ctl_inquiry(struct ctl_scsiio *ctsio)
10559{
10560	struct scsi_inquiry *cdb;
10561	int retval;
10562
10563	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10564
10565	cdb = (struct scsi_inquiry *)ctsio->cdb;
10566	if (cdb->byte2 & SI_EVPD)
10567		retval = ctl_inquiry_evpd(ctsio);
10568	else if (cdb->page_code == 0)
10569		retval = ctl_inquiry_std(ctsio);
10570	else {
10571		ctl_set_invalid_field(ctsio,
10572				      /*sks_valid*/ 1,
10573				      /*command*/ 1,
10574				      /*field*/ 2,
10575				      /*bit_valid*/ 0,
10576				      /*bit*/ 0);
10577		ctl_done((union ctl_io *)ctsio);
10578		return (CTL_RETVAL_COMPLETE);
10579	}
10580
10581	return (retval);
10582}
10583
10584/*
10585 * For known CDB types, parse the LBA and length.
10586 */
10587static int
10588ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10589{
10590	if (io->io_hdr.io_type != CTL_IO_SCSI)
10591		return (1);
10592
10593	switch (io->scsiio.cdb[0]) {
10594	case COMPARE_AND_WRITE: {
10595		struct scsi_compare_and_write *cdb;
10596
10597		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10598
10599		*lba = scsi_8btou64(cdb->addr);
10600		*len = cdb->length;
10601		break;
10602	}
10603	case READ_6:
10604	case WRITE_6: {
10605		struct scsi_rw_6 *cdb;
10606
10607		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10608
10609		*lba = scsi_3btoul(cdb->addr);
10610		/* only 5 bits are valid in the most significant address byte */
10611		*lba &= 0x1fffff;
10612		*len = cdb->length;
10613		break;
10614	}
10615	case READ_10:
10616	case WRITE_10: {
10617		struct scsi_rw_10 *cdb;
10618
10619		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10620
10621		*lba = scsi_4btoul(cdb->addr);
10622		*len = scsi_2btoul(cdb->length);
10623		break;
10624	}
10625	case WRITE_VERIFY_10: {
10626		struct scsi_write_verify_10 *cdb;
10627
10628		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10629
10630		*lba = scsi_4btoul(cdb->addr);
10631		*len = scsi_2btoul(cdb->length);
10632		break;
10633	}
10634	case READ_12:
10635	case WRITE_12: {
10636		struct scsi_rw_12 *cdb;
10637
10638		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10639
10640		*lba = scsi_4btoul(cdb->addr);
10641		*len = scsi_4btoul(cdb->length);
10642		break;
10643	}
10644	case WRITE_VERIFY_12: {
10645		struct scsi_write_verify_12 *cdb;
10646
10647		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10648
10649		*lba = scsi_4btoul(cdb->addr);
10650		*len = scsi_4btoul(cdb->length);
10651		break;
10652	}
10653	case READ_16:
10654	case WRITE_16: {
10655		struct scsi_rw_16 *cdb;
10656
10657		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10658
10659		*lba = scsi_8btou64(cdb->addr);
10660		*len = scsi_4btoul(cdb->length);
10661		break;
10662	}
10663	case WRITE_ATOMIC_16: {
10664		struct scsi_write_atomic_16 *cdb;
10665
10666		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10667
10668		*lba = scsi_8btou64(cdb->addr);
10669		*len = scsi_2btoul(cdb->length);
10670		break;
10671	}
10672	case WRITE_VERIFY_16: {
10673		struct scsi_write_verify_16 *cdb;
10674
10675		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10676
10677		*lba = scsi_8btou64(cdb->addr);
10678		*len = scsi_4btoul(cdb->length);
10679		break;
10680	}
10681	case WRITE_SAME_10: {
10682		struct scsi_write_same_10 *cdb;
10683
10684		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10685
10686		*lba = scsi_4btoul(cdb->addr);
10687		*len = scsi_2btoul(cdb->length);
10688		break;
10689	}
10690	case WRITE_SAME_16: {
10691		struct scsi_write_same_16 *cdb;
10692
10693		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10694
10695		*lba = scsi_8btou64(cdb->addr);
10696		*len = scsi_4btoul(cdb->length);
10697		break;
10698	}
10699	case VERIFY_10: {
10700		struct scsi_verify_10 *cdb;
10701
10702		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10703
10704		*lba = scsi_4btoul(cdb->addr);
10705		*len = scsi_2btoul(cdb->length);
10706		break;
10707	}
10708	case VERIFY_12: {
10709		struct scsi_verify_12 *cdb;
10710
10711		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10712
10713		*lba = scsi_4btoul(cdb->addr);
10714		*len = scsi_4btoul(cdb->length);
10715		break;
10716	}
10717	case VERIFY_16: {
10718		struct scsi_verify_16 *cdb;
10719
10720		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10721
10722		*lba = scsi_8btou64(cdb->addr);
10723		*len = scsi_4btoul(cdb->length);
10724		break;
10725	}
10726	case UNMAP: {
10727		*lba = 0;
10728		*len = UINT64_MAX;
10729		break;
10730	}
10731	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10732		struct scsi_get_lba_status *cdb;
10733
10734		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10735		*lba = scsi_8btou64(cdb->addr);
10736		*len = UINT32_MAX;
10737		break;
10738	}
10739	default:
10740		return (1);
10741		break; /* NOTREACHED */
10742	}
10743
10744	return (0);
10745}
10746
10747static ctl_action
10748ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10749    bool seq)
10750{
10751	uint64_t endlba1, endlba2;
10752
10753	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10754	endlba2 = lba2 + len2 - 1;
10755
10756	if ((endlba1 < lba2) || (endlba2 < lba1))
10757		return (CTL_ACTION_PASS);
10758	else
10759		return (CTL_ACTION_BLOCK);
10760}
10761
10762static int
10763ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10764{
10765	struct ctl_ptr_len_flags *ptrlen;
10766	struct scsi_unmap_desc *buf, *end, *range;
10767	uint64_t lba;
10768	uint32_t len;
10769
10770	/* If not UNMAP -- go other way. */
10771	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10772	    io->scsiio.cdb[0] != UNMAP)
10773		return (CTL_ACTION_ERROR);
10774
10775	/* If UNMAP without data -- block and wait for data. */
10776	ptrlen = (struct ctl_ptr_len_flags *)
10777	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10778	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10779	    ptrlen->ptr == NULL)
10780		return (CTL_ACTION_BLOCK);
10781
10782	/* UNMAP with data -- check for collision. */
10783	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10784	end = buf + ptrlen->len / sizeof(*buf);
10785	for (range = buf; range < end; range++) {
10786		lba = scsi_8btou64(range->lba);
10787		len = scsi_4btoul(range->length);
10788		if ((lba < lba2 + len2) && (lba + len > lba2))
10789			return (CTL_ACTION_BLOCK);
10790	}
10791	return (CTL_ACTION_PASS);
10792}
10793
10794static ctl_action
10795ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10796{
10797	uint64_t lba1, lba2;
10798	uint64_t len1, len2;
10799	int retval;
10800
10801	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10802		return (CTL_ACTION_ERROR);
10803
10804	retval = ctl_extent_check_unmap(io1, lba2, len2);
10805	if (retval != CTL_ACTION_ERROR)
10806		return (retval);
10807
10808	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10809		return (CTL_ACTION_ERROR);
10810
10811	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10812		seq = FALSE;
10813	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10814}
10815
10816static ctl_action
10817ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10818{
10819	uint64_t lba1, lba2;
10820	uint64_t len1, len2;
10821
10822	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10823		return (CTL_ACTION_PASS);
10824	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10825		return (CTL_ACTION_ERROR);
10826	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10827		return (CTL_ACTION_ERROR);
10828
10829	if (lba1 + len1 == lba2)
10830		return (CTL_ACTION_BLOCK);
10831	return (CTL_ACTION_PASS);
10832}
10833
10834static ctl_action
10835ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10836    union ctl_io *ooa_io)
10837{
10838	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10839	ctl_serialize_action *serialize_row;
10840
10841	/*
10842	 * The initiator attempted multiple untagged commands at the same
10843	 * time.  Can't do that.
10844	 */
10845	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10846	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10847	 && ((pending_io->io_hdr.nexus.targ_port ==
10848	      ooa_io->io_hdr.nexus.targ_port)
10849	  && (pending_io->io_hdr.nexus.initid ==
10850	      ooa_io->io_hdr.nexus.initid))
10851	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10852	      CTL_FLAG_STATUS_SENT)) == 0))
10853		return (CTL_ACTION_OVERLAP);
10854
10855	/*
10856	 * The initiator attempted to send multiple tagged commands with
10857	 * the same ID.  (It's fine if different initiators have the same
10858	 * tag ID.)
10859	 *
10860	 * Even if all of those conditions are true, we don't kill the I/O
10861	 * if the command ahead of us has been aborted.  We won't end up
10862	 * sending it to the FETD, and it's perfectly legal to resend a
10863	 * command with the same tag number as long as the previous
10864	 * instance of this tag number has been aborted somehow.
10865	 */
10866	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10867	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10868	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10869	 && ((pending_io->io_hdr.nexus.targ_port ==
10870	      ooa_io->io_hdr.nexus.targ_port)
10871	  && (pending_io->io_hdr.nexus.initid ==
10872	      ooa_io->io_hdr.nexus.initid))
10873	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10874	      CTL_FLAG_STATUS_SENT)) == 0))
10875		return (CTL_ACTION_OVERLAP_TAG);
10876
10877	/*
10878	 * If we get a head of queue tag, SAM-3 says that we should
10879	 * immediately execute it.
10880	 *
10881	 * What happens if this command would normally block for some other
10882	 * reason?  e.g. a request sense with a head of queue tag
10883	 * immediately after a write.  Normally that would block, but this
10884	 * will result in its getting executed immediately...
10885	 *
10886	 * We currently return "pass" instead of "skip", so we'll end up
10887	 * going through the rest of the queue to check for overlapped tags.
10888	 *
10889	 * XXX KDM check for other types of blockage first??
10890	 */
10891	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10892		return (CTL_ACTION_PASS);
10893
10894	/*
10895	 * Ordered tags have to block until all items ahead of them
10896	 * have completed.  If we get called with an ordered tag, we always
10897	 * block, if something else is ahead of us in the queue.
10898	 */
10899	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10900		return (CTL_ACTION_BLOCK);
10901
10902	/*
10903	 * Simple tags get blocked until all head of queue and ordered tags
10904	 * ahead of them have completed.  I'm lumping untagged commands in
10905	 * with simple tags here.  XXX KDM is that the right thing to do?
10906	 */
10907	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10908	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10909	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10910	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10911		return (CTL_ACTION_BLOCK);
10912
10913	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10914	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10915
10916	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10917
10918	switch (serialize_row[pending_entry->seridx]) {
10919	case CTL_SER_BLOCK:
10920		return (CTL_ACTION_BLOCK);
10921	case CTL_SER_EXTENT:
10922		return (ctl_extent_check(ooa_io, pending_io,
10923		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10924	case CTL_SER_EXTENTOPT:
10925		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10926		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10927			return (ctl_extent_check(ooa_io, pending_io,
10928			    (lun->be_lun &&
10929			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10930		return (CTL_ACTION_PASS);
10931	case CTL_SER_EXTENTSEQ:
10932		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10933			return (ctl_extent_check_seq(ooa_io, pending_io));
10934		return (CTL_ACTION_PASS);
10935	case CTL_SER_PASS:
10936		return (CTL_ACTION_PASS);
10937	case CTL_SER_BLOCKOPT:
10938		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10939		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10940			return (CTL_ACTION_BLOCK);
10941		return (CTL_ACTION_PASS);
10942	case CTL_SER_SKIP:
10943		return (CTL_ACTION_SKIP);
10944	default:
10945		panic("invalid serialization value %d",
10946		      serialize_row[pending_entry->seridx]);
10947	}
10948
10949	return (CTL_ACTION_ERROR);
10950}
10951
10952/*
10953 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10954 * Assumptions:
10955 * - pending_io is generally either incoming, or on the blocked queue
10956 * - starting I/O is the I/O we want to start the check with.
10957 */
10958static ctl_action
10959ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10960	      union ctl_io *starting_io)
10961{
10962	union ctl_io *ooa_io;
10963	ctl_action action;
10964
10965	mtx_assert(&lun->lun_lock, MA_OWNED);
10966
10967	/*
10968	 * Run back along the OOA queue, starting with the current
10969	 * blocked I/O and going through every I/O before it on the
10970	 * queue.  If starting_io is NULL, we'll just end up returning
10971	 * CTL_ACTION_PASS.
10972	 */
10973	for (ooa_io = starting_io; ooa_io != NULL;
10974	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10975	     ooa_links)){
10976
10977		/*
10978		 * This routine just checks to see whether
10979		 * cur_blocked is blocked by ooa_io, which is ahead
10980		 * of it in the queue.  It doesn't queue/dequeue
10981		 * cur_blocked.
10982		 */
10983		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10984		switch (action) {
10985		case CTL_ACTION_BLOCK:
10986		case CTL_ACTION_OVERLAP:
10987		case CTL_ACTION_OVERLAP_TAG:
10988		case CTL_ACTION_SKIP:
10989		case CTL_ACTION_ERROR:
10990			return (action);
10991			break; /* NOTREACHED */
10992		case CTL_ACTION_PASS:
10993			break;
10994		default:
10995			panic("invalid action %d", action);
10996			break;  /* NOTREACHED */
10997		}
10998	}
10999
11000	return (CTL_ACTION_PASS);
11001}
11002
11003/*
11004 * Assumptions:
11005 * - An I/O has just completed, and has been removed from the per-LUN OOA
11006 *   queue, so some items on the blocked queue may now be unblocked.
11007 */
11008static int
11009ctl_check_blocked(struct ctl_lun *lun)
11010{
11011	struct ctl_softc *softc = lun->ctl_softc;
11012	union ctl_io *cur_blocked, *next_blocked;
11013
11014	mtx_assert(&lun->lun_lock, MA_OWNED);
11015
11016	/*
11017	 * Run forward from the head of the blocked queue, checking each
11018	 * entry against the I/Os prior to it on the OOA queue to see if
11019	 * there is still any blockage.
11020	 *
11021	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11022	 * with our removing a variable on it while it is traversing the
11023	 * list.
11024	 */
11025	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11026	     cur_blocked != NULL; cur_blocked = next_blocked) {
11027		union ctl_io *prev_ooa;
11028		ctl_action action;
11029
11030		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11031							  blocked_links);
11032
11033		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11034						      ctl_ooaq, ooa_links);
11035
11036		/*
11037		 * If cur_blocked happens to be the first item in the OOA
11038		 * queue now, prev_ooa will be NULL, and the action
11039		 * returned will just be CTL_ACTION_PASS.
11040		 */
11041		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11042
11043		switch (action) {
11044		case CTL_ACTION_BLOCK:
11045			/* Nothing to do here, still blocked */
11046			break;
11047		case CTL_ACTION_OVERLAP:
11048		case CTL_ACTION_OVERLAP_TAG:
11049			/*
11050			 * This shouldn't happen!  In theory we've already
11051			 * checked this command for overlap...
11052			 */
11053			break;
11054		case CTL_ACTION_PASS:
11055		case CTL_ACTION_SKIP: {
11056			const struct ctl_cmd_entry *entry;
11057
11058			/*
11059			 * The skip case shouldn't happen, this transaction
11060			 * should have never made it onto the blocked queue.
11061			 */
11062			/*
11063			 * This I/O is no longer blocked, we can remove it
11064			 * from the blocked queue.  Since this is a TAILQ
11065			 * (doubly linked list), we can do O(1) removals
11066			 * from any place on the list.
11067			 */
11068			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11069				     blocked_links);
11070			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11071
11072			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11073			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11074				/*
11075				 * Need to send IO back to original side to
11076				 * run
11077				 */
11078				union ctl_ha_msg msg_info;
11079
11080				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11081				msg_info.hdr.original_sc =
11082					cur_blocked->io_hdr.original_sc;
11083				msg_info.hdr.serializing_sc = cur_blocked;
11084				msg_info.hdr.msg_type = CTL_MSG_R2R;
11085				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11086				    sizeof(msg_info.hdr), M_NOWAIT);
11087				break;
11088			}
11089			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11090
11091			/*
11092			 * Check this I/O for LUN state changes that may
11093			 * have happened while this command was blocked.
11094			 * The LUN state may have been changed by a command
11095			 * ahead of us in the queue, so we need to re-check
11096			 * for any states that can be caused by SCSI
11097			 * commands.
11098			 */
11099			if (ctl_scsiio_lun_check(lun, entry,
11100						 &cur_blocked->scsiio) == 0) {
11101				cur_blocked->io_hdr.flags |=
11102				                      CTL_FLAG_IS_WAS_ON_RTR;
11103				ctl_enqueue_rtr(cur_blocked);
11104			} else
11105				ctl_done(cur_blocked);
11106			break;
11107		}
11108		default:
11109			/*
11110			 * This probably shouldn't happen -- we shouldn't
11111			 * get CTL_ACTION_ERROR, or anything else.
11112			 */
11113			break;
11114		}
11115	}
11116
11117	return (CTL_RETVAL_COMPLETE);
11118}
11119
11120/*
11121 * This routine (with one exception) checks LUN flags that can be set by
11122 * commands ahead of us in the OOA queue.  These flags have to be checked
11123 * when a command initially comes in, and when we pull a command off the
11124 * blocked queue and are preparing to execute it.  The reason we have to
11125 * check these flags for commands on the blocked queue is that the LUN
11126 * state may have been changed by a command ahead of us while we're on the
11127 * blocked queue.
11128 *
11129 * Ordering is somewhat important with these checks, so please pay
11130 * careful attention to the placement of any new checks.
11131 */
11132static int
11133ctl_scsiio_lun_check(struct ctl_lun *lun,
11134    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11135{
11136	struct ctl_softc *softc = lun->ctl_softc;
11137	int retval;
11138	uint32_t residx;
11139
11140	retval = 0;
11141
11142	mtx_assert(&lun->lun_lock, MA_OWNED);
11143
11144	/*
11145	 * If this shelf is a secondary shelf controller, we may have to
11146	 * reject some commands disallowed by HA mode and link state.
11147	 */
11148	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11149		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11150		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11151			ctl_set_lun_unavail(ctsio);
11152			retval = 1;
11153			goto bailout;
11154		}
11155		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11156		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11157			ctl_set_lun_transit(ctsio);
11158			retval = 1;
11159			goto bailout;
11160		}
11161		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11162		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11163			ctl_set_lun_standby(ctsio);
11164			retval = 1;
11165			goto bailout;
11166		}
11167
11168		/* The rest of checks are only done on executing side */
11169		if (softc->ha_mode == CTL_HA_MODE_XFER)
11170			goto bailout;
11171	}
11172
11173	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11174		if (lun->be_lun &&
11175		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11176			ctl_set_hw_write_protected(ctsio);
11177			retval = 1;
11178			goto bailout;
11179		}
11180		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11181		    .eca_and_aen & SCP_SWP) != 0) {
11182			ctl_set_sense(ctsio, /*current_error*/ 1,
11183			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11184			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11185			retval = 1;
11186			goto bailout;
11187		}
11188	}
11189
11190	/*
11191	 * Check for a reservation conflict.  If this command isn't allowed
11192	 * even on reserved LUNs, and if this initiator isn't the one who
11193	 * reserved us, reject the command with a reservation conflict.
11194	 */
11195	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11196	if ((lun->flags & CTL_LUN_RESERVED)
11197	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11198		if (lun->res_idx != residx) {
11199			ctl_set_reservation_conflict(ctsio);
11200			retval = 1;
11201			goto bailout;
11202		}
11203	}
11204
11205	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11206	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11207		/* No reservation or command is allowed. */;
11208	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11209	    (lun->res_type == SPR_TYPE_WR_EX ||
11210	     lun->res_type == SPR_TYPE_WR_EX_RO ||
11211	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
11212		/* The command is allowed for Write Exclusive resv. */;
11213	} else {
11214		/*
11215		 * if we aren't registered or it's a res holder type
11216		 * reservation and this isn't the res holder then set a
11217		 * conflict.
11218		 */
11219		if (ctl_get_prkey(lun, residx) == 0
11220		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11221			ctl_set_reservation_conflict(ctsio);
11222			retval = 1;
11223			goto bailout;
11224		}
11225	}
11226
11227	if ((lun->flags & CTL_LUN_OFFLINE)
11228	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
11229		ctl_set_lun_not_ready(ctsio);
11230		retval = 1;
11231		goto bailout;
11232	}
11233
11234	if ((lun->flags & CTL_LUN_STOPPED)
11235	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11236		/* "Logical unit not ready, initializing cmd. required" */
11237		ctl_set_lun_stopped(ctsio);
11238		retval = 1;
11239		goto bailout;
11240	}
11241
11242	if ((lun->flags & CTL_LUN_INOPERABLE)
11243	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11244		/* "Medium format corrupted" */
11245		ctl_set_medium_format_corrupted(ctsio);
11246		retval = 1;
11247		goto bailout;
11248	}
11249
11250bailout:
11251	return (retval);
11252}
11253
11254static void
11255ctl_failover_io(union ctl_io *io, int have_lock)
11256{
11257	ctl_set_busy(&io->scsiio);
11258	ctl_done(io);
11259}
11260
11261static void
11262ctl_failover_lun(struct ctl_lun *lun)
11263{
11264	struct ctl_softc *softc = lun->ctl_softc;
11265	struct ctl_io_hdr *io, *next_io;
11266
11267	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
11268	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11269		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11270			/* We are master */
11271			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11272				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11273					io->flags |= CTL_FLAG_ABORT;
11274					io->flags |= CTL_FLAG_FAILOVER;
11275				} else { /* This can be only due to DATAMOVE */
11276					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11277					io->flags &= ~CTL_FLAG_DMA_INPROG;
11278					io->flags |= CTL_FLAG_IO_ACTIVE;
11279					io->port_status = 31340;
11280					ctl_enqueue_isc((union ctl_io *)io);
11281				}
11282			}
11283			/* We are slave */
11284			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11285				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11286				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11287					io->flags |= CTL_FLAG_FAILOVER;
11288				} else {
11289					ctl_set_busy(&((union ctl_io *)io)->
11290					    scsiio);
11291					ctl_done((union ctl_io *)io);
11292				}
11293			}
11294		}
11295	} else { /* SERIALIZE modes */
11296		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11297		    next_io) {
11298			/* We are master */
11299			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11300				TAILQ_REMOVE(&lun->blocked_queue, io,
11301				    blocked_links);
11302				io->flags &= ~CTL_FLAG_BLOCKED;
11303				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11304				ctl_free_io((union ctl_io *)io);
11305			}
11306		}
11307		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11308			/* We are master */
11309			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11310				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11311				ctl_free_io((union ctl_io *)io);
11312			}
11313			/* We are slave */
11314			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11315				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11316				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11317					ctl_set_busy(&((union ctl_io *)io)->
11318					    scsiio);
11319					ctl_done((union ctl_io *)io);
11320				}
11321			}
11322		}
11323		ctl_check_blocked(lun);
11324	}
11325}
11326
11327static int
11328ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11329{
11330	struct ctl_lun *lun;
11331	const struct ctl_cmd_entry *entry;
11332	uint32_t initidx, targ_lun;
11333	int retval;
11334
11335	retval = 0;
11336
11337	lun = NULL;
11338
11339	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11340	if ((targ_lun < CTL_MAX_LUNS)
11341	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11342		/*
11343		 * If the LUN is invalid, pretend that it doesn't exist.
11344		 * It will go away as soon as all pending I/O has been
11345		 * completed.
11346		 */
11347		mtx_lock(&lun->lun_lock);
11348		if (lun->flags & CTL_LUN_DISABLED) {
11349			mtx_unlock(&lun->lun_lock);
11350			lun = NULL;
11351			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11352			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11353		} else {
11354			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11355			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11356				lun->be_lun;
11357
11358			/*
11359			 * Every I/O goes into the OOA queue for a
11360			 * particular LUN, and stays there until completion.
11361			 */
11362#ifdef CTL_TIME_IO
11363			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11364				lun->idle_time += getsbinuptime() -
11365				    lun->last_busy;
11366			}
11367#endif
11368			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11369			    ooa_links);
11370		}
11371	} else {
11372		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11373		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11374	}
11375
11376	/* Get command entry and return error if it is unsuppotyed. */
11377	entry = ctl_validate_command(ctsio);
11378	if (entry == NULL) {
11379		if (lun)
11380			mtx_unlock(&lun->lun_lock);
11381		return (retval);
11382	}
11383
11384	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11385	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11386
11387	/*
11388	 * Check to see whether we can send this command to LUNs that don't
11389	 * exist.  This should pretty much only be the case for inquiry
11390	 * and request sense.  Further checks, below, really require having
11391	 * a LUN, so we can't really check the command anymore.  Just put
11392	 * it on the rtr queue.
11393	 */
11394	if (lun == NULL) {
11395		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11396			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11397			ctl_enqueue_rtr((union ctl_io *)ctsio);
11398			return (retval);
11399		}
11400
11401		ctl_set_unsupported_lun(ctsio);
11402		ctl_done((union ctl_io *)ctsio);
11403		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11404		return (retval);
11405	} else {
11406		/*
11407		 * Make sure we support this particular command on this LUN.
11408		 * e.g., we don't support writes to the control LUN.
11409		 */
11410		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11411			mtx_unlock(&lun->lun_lock);
11412			ctl_set_invalid_opcode(ctsio);
11413			ctl_done((union ctl_io *)ctsio);
11414			return (retval);
11415		}
11416	}
11417
11418	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11419
11420#ifdef CTL_WITH_CA
11421	/*
11422	 * If we've got a request sense, it'll clear the contingent
11423	 * allegiance condition.  Otherwise, if we have a CA condition for
11424	 * this initiator, clear it, because it sent down a command other
11425	 * than request sense.
11426	 */
11427	if ((ctsio->cdb[0] != REQUEST_SENSE)
11428	 && (ctl_is_set(lun->have_ca, initidx)))
11429		ctl_clear_mask(lun->have_ca, initidx);
11430#endif
11431
11432	/*
11433	 * If the command has this flag set, it handles its own unit
11434	 * attention reporting, we shouldn't do anything.  Otherwise we
11435	 * check for any pending unit attentions, and send them back to the
11436	 * initiator.  We only do this when a command initially comes in,
11437	 * not when we pull it off the blocked queue.
11438	 *
11439	 * According to SAM-3, section 5.3.2, the order that things get
11440	 * presented back to the host is basically unit attentions caused
11441	 * by some sort of reset event, busy status, reservation conflicts
11442	 * or task set full, and finally any other status.
11443	 *
11444	 * One issue here is that some of the unit attentions we report
11445	 * don't fall into the "reset" category (e.g. "reported luns data
11446	 * has changed").  So reporting it here, before the reservation
11447	 * check, may be technically wrong.  I guess the only thing to do
11448	 * would be to check for and report the reset events here, and then
11449	 * check for the other unit attention types after we check for a
11450	 * reservation conflict.
11451	 *
11452	 * XXX KDM need to fix this
11453	 */
11454	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11455		ctl_ua_type ua_type;
11456
11457		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11458		    SSD_TYPE_NONE);
11459		if (ua_type != CTL_UA_NONE) {
11460			mtx_unlock(&lun->lun_lock);
11461			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11462			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11463			ctsio->sense_len = SSD_FULL_SIZE;
11464			ctl_done((union ctl_io *)ctsio);
11465			return (retval);
11466		}
11467	}
11468
11469
11470	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11471		mtx_unlock(&lun->lun_lock);
11472		ctl_done((union ctl_io *)ctsio);
11473		return (retval);
11474	}
11475
11476	/*
11477	 * XXX CHD this is where we want to send IO to other side if
11478	 * this LUN is secondary on this SC. We will need to make a copy
11479	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11480	 * the copy we send as FROM_OTHER.
11481	 * We also need to stuff the address of the original IO so we can
11482	 * find it easily. Something similar will need be done on the other
11483	 * side so when we are done we can find the copy.
11484	 */
11485	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11486	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11487	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11488		union ctl_ha_msg msg_info;
11489		int isc_retval;
11490
11491		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11492		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11493		mtx_unlock(&lun->lun_lock);
11494
11495		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11496		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11497		msg_info.hdr.serializing_sc = NULL;
11498		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11499		msg_info.scsi.tag_num = ctsio->tag_num;
11500		msg_info.scsi.tag_type = ctsio->tag_type;
11501		msg_info.scsi.cdb_len = ctsio->cdb_len;
11502		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11503
11504		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11505		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11506		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11507			ctl_set_busy(ctsio);
11508			ctl_done((union ctl_io *)ctsio);
11509			return (retval);
11510		}
11511		return (retval);
11512	}
11513
11514	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11515			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11516			      ctl_ooaq, ooa_links))) {
11517	case CTL_ACTION_BLOCK:
11518		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11519		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11520				  blocked_links);
11521		mtx_unlock(&lun->lun_lock);
11522		return (retval);
11523	case CTL_ACTION_PASS:
11524	case CTL_ACTION_SKIP:
11525		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11526		mtx_unlock(&lun->lun_lock);
11527		ctl_enqueue_rtr((union ctl_io *)ctsio);
11528		break;
11529	case CTL_ACTION_OVERLAP:
11530		mtx_unlock(&lun->lun_lock);
11531		ctl_set_overlapped_cmd(ctsio);
11532		ctl_done((union ctl_io *)ctsio);
11533		break;
11534	case CTL_ACTION_OVERLAP_TAG:
11535		mtx_unlock(&lun->lun_lock);
11536		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11537		ctl_done((union ctl_io *)ctsio);
11538		break;
11539	case CTL_ACTION_ERROR:
11540	default:
11541		mtx_unlock(&lun->lun_lock);
11542		ctl_set_internal_failure(ctsio,
11543					 /*sks_valid*/ 0,
11544					 /*retry_count*/ 0);
11545		ctl_done((union ctl_io *)ctsio);
11546		break;
11547	}
11548	return (retval);
11549}
11550
11551const struct ctl_cmd_entry *
11552ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11553{
11554	const struct ctl_cmd_entry *entry;
11555	int service_action;
11556
11557	entry = &ctl_cmd_table[ctsio->cdb[0]];
11558	if (sa)
11559		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11560	if (entry->flags & CTL_CMD_FLAG_SA5) {
11561		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11562		entry = &((const struct ctl_cmd_entry *)
11563		    entry->execute)[service_action];
11564	}
11565	return (entry);
11566}
11567
11568const struct ctl_cmd_entry *
11569ctl_validate_command(struct ctl_scsiio *ctsio)
11570{
11571	const struct ctl_cmd_entry *entry;
11572	int i, sa;
11573	uint8_t diff;
11574
11575	entry = ctl_get_cmd_entry(ctsio, &sa);
11576	if (entry->execute == NULL) {
11577		if (sa)
11578			ctl_set_invalid_field(ctsio,
11579					      /*sks_valid*/ 1,
11580					      /*command*/ 1,
11581					      /*field*/ 1,
11582					      /*bit_valid*/ 1,
11583					      /*bit*/ 4);
11584		else
11585			ctl_set_invalid_opcode(ctsio);
11586		ctl_done((union ctl_io *)ctsio);
11587		return (NULL);
11588	}
11589	KASSERT(entry->length > 0,
11590	    ("Not defined length for command 0x%02x/0x%02x",
11591	     ctsio->cdb[0], ctsio->cdb[1]));
11592	for (i = 1; i < entry->length; i++) {
11593		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11594		if (diff == 0)
11595			continue;
11596		ctl_set_invalid_field(ctsio,
11597				      /*sks_valid*/ 1,
11598				      /*command*/ 1,
11599				      /*field*/ i,
11600				      /*bit_valid*/ 1,
11601				      /*bit*/ fls(diff) - 1);
11602		ctl_done((union ctl_io *)ctsio);
11603		return (NULL);
11604	}
11605	return (entry);
11606}
11607
11608static int
11609ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11610{
11611
11612	switch (lun_type) {
11613	case T_PROCESSOR:
11614		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11615			return (0);
11616		break;
11617	case T_DIRECT:
11618		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11619			return (0);
11620		break;
11621	default:
11622		return (0);
11623	}
11624	return (1);
11625}
11626
11627static int
11628ctl_scsiio(struct ctl_scsiio *ctsio)
11629{
11630	int retval;
11631	const struct ctl_cmd_entry *entry;
11632
11633	retval = CTL_RETVAL_COMPLETE;
11634
11635	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11636
11637	entry = ctl_get_cmd_entry(ctsio, NULL);
11638
11639	/*
11640	 * If this I/O has been aborted, just send it straight to
11641	 * ctl_done() without executing it.
11642	 */
11643	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11644		ctl_done((union ctl_io *)ctsio);
11645		goto bailout;
11646	}
11647
11648	/*
11649	 * All the checks should have been handled by ctl_scsiio_precheck().
11650	 * We should be clear now to just execute the I/O.
11651	 */
11652	retval = entry->execute(ctsio);
11653
11654bailout:
11655	return (retval);
11656}
11657
11658/*
11659 * Since we only implement one target right now, a bus reset simply resets
11660 * our single target.
11661 */
11662static int
11663ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11664{
11665	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11666}
11667
11668static int
11669ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11670		 ctl_ua_type ua_type)
11671{
11672	struct ctl_port *port;
11673	struct ctl_lun *lun;
11674	int retval;
11675
11676	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11677		union ctl_ha_msg msg_info;
11678
11679		msg_info.hdr.nexus = io->io_hdr.nexus;
11680		if (ua_type==CTL_UA_TARG_RESET)
11681			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11682		else
11683			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11684		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11685		msg_info.hdr.original_sc = NULL;
11686		msg_info.hdr.serializing_sc = NULL;
11687		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11688		    sizeof(msg_info.task), M_WAITOK);
11689	}
11690	retval = 0;
11691
11692	mtx_lock(&softc->ctl_lock);
11693	port = softc->ctl_ports[io->io_hdr.nexus.targ_port];
11694	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11695		if (port != NULL &&
11696		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11697			continue;
11698		retval += ctl_do_lun_reset(lun, io, ua_type);
11699	}
11700	mtx_unlock(&softc->ctl_lock);
11701	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11702	return (retval);
11703}
11704
11705/*
11706 * The LUN should always be set.  The I/O is optional, and is used to
11707 * distinguish between I/Os sent by this initiator, and by other
11708 * initiators.  We set unit attention for initiators other than this one.
11709 * SAM-3 is vague on this point.  It does say that a unit attention should
11710 * be established for other initiators when a LUN is reset (see section
11711 * 5.7.3), but it doesn't specifically say that the unit attention should
11712 * be established for this particular initiator when a LUN is reset.  Here
11713 * is the relevant text, from SAM-3 rev 8:
11714 *
11715 * 5.7.2 When a SCSI initiator port aborts its own tasks
11716 *
11717 * When a SCSI initiator port causes its own task(s) to be aborted, no
11718 * notification that the task(s) have been aborted shall be returned to
11719 * the SCSI initiator port other than the completion response for the
11720 * command or task management function action that caused the task(s) to
11721 * be aborted and notification(s) associated with related effects of the
11722 * action (e.g., a reset unit attention condition).
11723 *
11724 * XXX KDM for now, we're setting unit attention for all initiators.
11725 */
11726static int
11727ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11728{
11729	union ctl_io *xio;
11730#if 0
11731	uint32_t initidx;
11732#endif
11733#ifdef CTL_WITH_CA
11734	int i;
11735#endif
11736
11737	mtx_lock(&lun->lun_lock);
11738	/*
11739	 * Run through the OOA queue and abort each I/O.
11740	 */
11741	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11742	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11743		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11744	}
11745
11746	/*
11747	 * This version sets unit attention for every
11748	 */
11749#if 0
11750	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11751	ctl_est_ua_all(lun, initidx, ua_type);
11752#else
11753	ctl_est_ua_all(lun, -1, ua_type);
11754#endif
11755
11756	/*
11757	 * A reset (any kind, really) clears reservations established with
11758	 * RESERVE/RELEASE.  It does not clear reservations established
11759	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11760	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11761	 * reservations made with the RESERVE/RELEASE commands, because
11762	 * those commands are obsolete in SPC-3.
11763	 */
11764	lun->flags &= ~CTL_LUN_RESERVED;
11765
11766#ifdef CTL_WITH_CA
11767	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11768		ctl_clear_mask(lun->have_ca, i);
11769#endif
11770	mtx_unlock(&lun->lun_lock);
11771
11772	return (0);
11773}
11774
11775static int
11776ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11777{
11778	struct ctl_lun *lun;
11779	uint32_t targ_lun;
11780	int retval;
11781
11782	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11783	mtx_lock(&softc->ctl_lock);
11784	if ((targ_lun >= CTL_MAX_LUNS) ||
11785	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11786		mtx_unlock(&softc->ctl_lock);
11787		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11788		return (1);
11789	}
11790	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11791	mtx_unlock(&softc->ctl_lock);
11792	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11793
11794	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11795		union ctl_ha_msg msg_info;
11796
11797		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11798		msg_info.hdr.nexus = io->io_hdr.nexus;
11799		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11800		msg_info.hdr.original_sc = NULL;
11801		msg_info.hdr.serializing_sc = NULL;
11802		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11803		    sizeof(msg_info.task), M_WAITOK);
11804	}
11805	return (retval);
11806}
11807
11808static void
11809ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11810    int other_sc)
11811{
11812	union ctl_io *xio;
11813
11814	mtx_assert(&lun->lun_lock, MA_OWNED);
11815
11816	/*
11817	 * Run through the OOA queue and attempt to find the given I/O.
11818	 * The target port, initiator ID, tag type and tag number have to
11819	 * match the values that we got from the initiator.  If we have an
11820	 * untagged command to abort, simply abort the first untagged command
11821	 * we come to.  We only allow one untagged command at a time of course.
11822	 */
11823	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11824	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11825
11826		if ((targ_port == UINT32_MAX ||
11827		     targ_port == xio->io_hdr.nexus.targ_port) &&
11828		    (init_id == UINT32_MAX ||
11829		     init_id == xio->io_hdr.nexus.initid)) {
11830			if (targ_port != xio->io_hdr.nexus.targ_port ||
11831			    init_id != xio->io_hdr.nexus.initid)
11832				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11833			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11834			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11835				union ctl_ha_msg msg_info;
11836
11837				msg_info.hdr.nexus = xio->io_hdr.nexus;
11838				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11839				msg_info.task.tag_num = xio->scsiio.tag_num;
11840				msg_info.task.tag_type = xio->scsiio.tag_type;
11841				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11842				msg_info.hdr.original_sc = NULL;
11843				msg_info.hdr.serializing_sc = NULL;
11844				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11845				    sizeof(msg_info.task), M_NOWAIT);
11846			}
11847		}
11848	}
11849}
11850
11851static int
11852ctl_abort_task_set(union ctl_io *io)
11853{
11854	struct ctl_softc *softc = control_softc;
11855	struct ctl_lun *lun;
11856	uint32_t targ_lun;
11857
11858	/*
11859	 * Look up the LUN.
11860	 */
11861	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11862	mtx_lock(&softc->ctl_lock);
11863	if ((targ_lun >= CTL_MAX_LUNS) ||
11864	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11865		mtx_unlock(&softc->ctl_lock);
11866		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11867		return (1);
11868	}
11869
11870	mtx_lock(&lun->lun_lock);
11871	mtx_unlock(&softc->ctl_lock);
11872	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11873		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11874		    io->io_hdr.nexus.initid,
11875		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11876	} else { /* CTL_TASK_CLEAR_TASK_SET */
11877		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11878		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11879	}
11880	mtx_unlock(&lun->lun_lock);
11881	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11882	return (0);
11883}
11884
11885static int
11886ctl_i_t_nexus_reset(union ctl_io *io)
11887{
11888	struct ctl_softc *softc = control_softc;
11889	struct ctl_lun *lun;
11890	uint32_t initidx;
11891
11892	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11893		union ctl_ha_msg msg_info;
11894
11895		msg_info.hdr.nexus = io->io_hdr.nexus;
11896		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11897		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11898		msg_info.hdr.original_sc = NULL;
11899		msg_info.hdr.serializing_sc = NULL;
11900		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11901		    sizeof(msg_info.task), M_WAITOK);
11902	}
11903
11904	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11905	mtx_lock(&softc->ctl_lock);
11906	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11907		mtx_lock(&lun->lun_lock);
11908		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11909		    io->io_hdr.nexus.initid, 1);
11910#ifdef CTL_WITH_CA
11911		ctl_clear_mask(lun->have_ca, initidx);
11912#endif
11913		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11914			lun->flags &= ~CTL_LUN_RESERVED;
11915		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11916		mtx_unlock(&lun->lun_lock);
11917	}
11918	mtx_unlock(&softc->ctl_lock);
11919	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11920	return (0);
11921}
11922
11923static int
11924ctl_abort_task(union ctl_io *io)
11925{
11926	union ctl_io *xio;
11927	struct ctl_lun *lun;
11928	struct ctl_softc *softc;
11929#if 0
11930	struct sbuf sb;
11931	char printbuf[128];
11932#endif
11933	int found;
11934	uint32_t targ_lun;
11935
11936	softc = control_softc;
11937	found = 0;
11938
11939	/*
11940	 * Look up the LUN.
11941	 */
11942	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11943	mtx_lock(&softc->ctl_lock);
11944	if ((targ_lun >= CTL_MAX_LUNS) ||
11945	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11946		mtx_unlock(&softc->ctl_lock);
11947		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11948		return (1);
11949	}
11950
11951#if 0
11952	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11953	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11954#endif
11955
11956	mtx_lock(&lun->lun_lock);
11957	mtx_unlock(&softc->ctl_lock);
11958	/*
11959	 * Run through the OOA queue and attempt to find the given I/O.
11960	 * The target port, initiator ID, tag type and tag number have to
11961	 * match the values that we got from the initiator.  If we have an
11962	 * untagged command to abort, simply abort the first untagged command
11963	 * we come to.  We only allow one untagged command at a time of course.
11964	 */
11965	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11966	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11967#if 0
11968		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11969
11970		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11971			    lun->lun, xio->scsiio.tag_num,
11972			    xio->scsiio.tag_type,
11973			    (xio->io_hdr.blocked_links.tqe_prev
11974			    == NULL) ? "" : " BLOCKED",
11975			    (xio->io_hdr.flags &
11976			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11977			    (xio->io_hdr.flags &
11978			    CTL_FLAG_ABORT) ? " ABORT" : "",
11979			    (xio->io_hdr.flags &
11980			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11981		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11982		sbuf_finish(&sb);
11983		printf("%s\n", sbuf_data(&sb));
11984#endif
11985
11986		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11987		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11988		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11989			continue;
11990
11991		/*
11992		 * If the abort says that the task is untagged, the
11993		 * task in the queue must be untagged.  Otherwise,
11994		 * we just check to see whether the tag numbers
11995		 * match.  This is because the QLogic firmware
11996		 * doesn't pass back the tag type in an abort
11997		 * request.
11998		 */
11999#if 0
12000		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12001		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12002		 || (xio->scsiio.tag_num == io->taskio.tag_num))
12003#endif
12004		/*
12005		 * XXX KDM we've got problems with FC, because it
12006		 * doesn't send down a tag type with aborts.  So we
12007		 * can only really go by the tag number...
12008		 * This may cause problems with parallel SCSI.
12009		 * Need to figure that out!!
12010		 */
12011		if (xio->scsiio.tag_num == io->taskio.tag_num) {
12012			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12013			found = 1;
12014			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
12015			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12016				union ctl_ha_msg msg_info;
12017
12018				msg_info.hdr.nexus = io->io_hdr.nexus;
12019				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12020				msg_info.task.tag_num = io->taskio.tag_num;
12021				msg_info.task.tag_type = io->taskio.tag_type;
12022				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12023				msg_info.hdr.original_sc = NULL;
12024				msg_info.hdr.serializing_sc = NULL;
12025#if 0
12026				printf("Sent Abort to other side\n");
12027#endif
12028				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12029				    sizeof(msg_info.task), M_NOWAIT);
12030			}
12031#if 0
12032			printf("ctl_abort_task: found I/O to abort\n");
12033#endif
12034		}
12035	}
12036	mtx_unlock(&lun->lun_lock);
12037
12038	if (found == 0) {
12039		/*
12040		 * This isn't really an error.  It's entirely possible for
12041		 * the abort and command completion to cross on the wire.
12042		 * This is more of an informative/diagnostic error.
12043		 */
12044#if 0
12045		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12046		       "%u:%u:%u tag %d type %d\n",
12047		       io->io_hdr.nexus.initid,
12048		       io->io_hdr.nexus.targ_port,
12049		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12050		       io->taskio.tag_type);
12051#endif
12052	}
12053	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12054	return (0);
12055}
12056
12057static int
12058ctl_query_task(union ctl_io *io, int task_set)
12059{
12060	union ctl_io *xio;
12061	struct ctl_lun *lun;
12062	struct ctl_softc *softc;
12063	int found = 0;
12064	uint32_t targ_lun;
12065
12066	softc = control_softc;
12067	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12068	mtx_lock(&softc->ctl_lock);
12069	if ((targ_lun >= CTL_MAX_LUNS) ||
12070	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12071		mtx_unlock(&softc->ctl_lock);
12072		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12073		return (1);
12074	}
12075	mtx_lock(&lun->lun_lock);
12076	mtx_unlock(&softc->ctl_lock);
12077	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12078	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12079
12080		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12081		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12082		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12083			continue;
12084
12085		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12086			found = 1;
12087			break;
12088		}
12089	}
12090	mtx_unlock(&lun->lun_lock);
12091	if (found)
12092		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12093	else
12094		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12095	return (0);
12096}
12097
12098static int
12099ctl_query_async_event(union ctl_io *io)
12100{
12101	struct ctl_lun *lun;
12102	struct ctl_softc *softc;
12103	ctl_ua_type ua;
12104	uint32_t targ_lun, initidx;
12105
12106	softc = control_softc;
12107	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12108	mtx_lock(&softc->ctl_lock);
12109	if ((targ_lun >= CTL_MAX_LUNS) ||
12110	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12111		mtx_unlock(&softc->ctl_lock);
12112		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12113		return (1);
12114	}
12115	mtx_lock(&lun->lun_lock);
12116	mtx_unlock(&softc->ctl_lock);
12117	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12118	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12119	mtx_unlock(&lun->lun_lock);
12120	if (ua != CTL_UA_NONE)
12121		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12122	else
12123		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12124	return (0);
12125}
12126
12127static void
12128ctl_run_task(union ctl_io *io)
12129{
12130	struct ctl_softc *softc = control_softc;
12131	int retval = 1;
12132
12133	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12134	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12135	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12136	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12137	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12138	switch (io->taskio.task_action) {
12139	case CTL_TASK_ABORT_TASK:
12140		retval = ctl_abort_task(io);
12141		break;
12142	case CTL_TASK_ABORT_TASK_SET:
12143	case CTL_TASK_CLEAR_TASK_SET:
12144		retval = ctl_abort_task_set(io);
12145		break;
12146	case CTL_TASK_CLEAR_ACA:
12147		break;
12148	case CTL_TASK_I_T_NEXUS_RESET:
12149		retval = ctl_i_t_nexus_reset(io);
12150		break;
12151	case CTL_TASK_LUN_RESET:
12152		retval = ctl_lun_reset(softc, io);
12153		break;
12154	case CTL_TASK_TARGET_RESET:
12155		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12156		break;
12157	case CTL_TASK_BUS_RESET:
12158		retval = ctl_bus_reset(softc, io);
12159		break;
12160	case CTL_TASK_PORT_LOGIN:
12161		break;
12162	case CTL_TASK_PORT_LOGOUT:
12163		break;
12164	case CTL_TASK_QUERY_TASK:
12165		retval = ctl_query_task(io, 0);
12166		break;
12167	case CTL_TASK_QUERY_TASK_SET:
12168		retval = ctl_query_task(io, 1);
12169		break;
12170	case CTL_TASK_QUERY_ASYNC_EVENT:
12171		retval = ctl_query_async_event(io);
12172		break;
12173	default:
12174		printf("%s: got unknown task management event %d\n",
12175		       __func__, io->taskio.task_action);
12176		break;
12177	}
12178	if (retval == 0)
12179		io->io_hdr.status = CTL_SUCCESS;
12180	else
12181		io->io_hdr.status = CTL_ERROR;
12182	ctl_done(io);
12183}
12184
12185/*
12186 * For HA operation.  Handle commands that come in from the other
12187 * controller.
12188 */
12189static void
12190ctl_handle_isc(union ctl_io *io)
12191{
12192	int free_io;
12193	struct ctl_lun *lun;
12194	struct ctl_softc *softc;
12195	uint32_t targ_lun;
12196
12197	softc = control_softc;
12198
12199	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12200	lun = softc->ctl_luns[targ_lun];
12201
12202	switch (io->io_hdr.msg_type) {
12203	case CTL_MSG_SERIALIZE:
12204		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12205		break;
12206	case CTL_MSG_R2R: {
12207		const struct ctl_cmd_entry *entry;
12208
12209		/*
12210		 * This is only used in SER_ONLY mode.
12211		 */
12212		free_io = 0;
12213		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12214		mtx_lock(&lun->lun_lock);
12215		if (ctl_scsiio_lun_check(lun,
12216		    entry, (struct ctl_scsiio *)io) != 0) {
12217			mtx_unlock(&lun->lun_lock);
12218			ctl_done(io);
12219			break;
12220		}
12221		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12222		mtx_unlock(&lun->lun_lock);
12223		ctl_enqueue_rtr(io);
12224		break;
12225	}
12226	case CTL_MSG_FINISH_IO:
12227		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12228			free_io = 0;
12229			ctl_done(io);
12230		} else {
12231			free_io = 1;
12232			mtx_lock(&lun->lun_lock);
12233			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12234				     ooa_links);
12235			ctl_check_blocked(lun);
12236			mtx_unlock(&lun->lun_lock);
12237		}
12238		break;
12239	case CTL_MSG_PERS_ACTION:
12240		ctl_hndl_per_res_out_on_other_sc(
12241			(union ctl_ha_msg *)&io->presio.pr_msg);
12242		free_io = 1;
12243		break;
12244	case CTL_MSG_BAD_JUJU:
12245		free_io = 0;
12246		ctl_done(io);
12247		break;
12248	case CTL_MSG_DATAMOVE:
12249		/* Only used in XFER mode */
12250		free_io = 0;
12251		ctl_datamove_remote(io);
12252		break;
12253	case CTL_MSG_DATAMOVE_DONE:
12254		/* Only used in XFER mode */
12255		free_io = 0;
12256		io->scsiio.be_move_done(io);
12257		break;
12258	case CTL_MSG_FAILOVER:
12259		mtx_lock(&lun->lun_lock);
12260		ctl_failover_lun(lun);
12261		mtx_unlock(&lun->lun_lock);
12262		free_io = 1;
12263		break;
12264	default:
12265		free_io = 1;
12266		printf("%s: Invalid message type %d\n",
12267		       __func__, io->io_hdr.msg_type);
12268		break;
12269	}
12270	if (free_io)
12271		ctl_free_io(io);
12272
12273}
12274
12275
12276/*
12277 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12278 * there is no match.
12279 */
12280static ctl_lun_error_pattern
12281ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12282{
12283	const struct ctl_cmd_entry *entry;
12284	ctl_lun_error_pattern filtered_pattern, pattern;
12285
12286	pattern = desc->error_pattern;
12287
12288	/*
12289	 * XXX KDM we need more data passed into this function to match a
12290	 * custom pattern, and we actually need to implement custom pattern
12291	 * matching.
12292	 */
12293	if (pattern & CTL_LUN_PAT_CMD)
12294		return (CTL_LUN_PAT_CMD);
12295
12296	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12297		return (CTL_LUN_PAT_ANY);
12298
12299	entry = ctl_get_cmd_entry(ctsio, NULL);
12300
12301	filtered_pattern = entry->pattern & pattern;
12302
12303	/*
12304	 * If the user requested specific flags in the pattern (e.g.
12305	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12306	 * flags.
12307	 *
12308	 * If the user did not specify any flags, it doesn't matter whether
12309	 * or not the command supports the flags.
12310	 */
12311	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12312	     (pattern & ~CTL_LUN_PAT_MASK))
12313		return (CTL_LUN_PAT_NONE);
12314
12315	/*
12316	 * If the user asked for a range check, see if the requested LBA
12317	 * range overlaps with this command's LBA range.
12318	 */
12319	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12320		uint64_t lba1;
12321		uint64_t len1;
12322		ctl_action action;
12323		int retval;
12324
12325		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12326		if (retval != 0)
12327			return (CTL_LUN_PAT_NONE);
12328
12329		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12330					      desc->lba_range.len, FALSE);
12331		/*
12332		 * A "pass" means that the LBA ranges don't overlap, so
12333		 * this doesn't match the user's range criteria.
12334		 */
12335		if (action == CTL_ACTION_PASS)
12336			return (CTL_LUN_PAT_NONE);
12337	}
12338
12339	return (filtered_pattern);
12340}
12341
12342static void
12343ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12344{
12345	struct ctl_error_desc *desc, *desc2;
12346
12347	mtx_assert(&lun->lun_lock, MA_OWNED);
12348
12349	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12350		ctl_lun_error_pattern pattern;
12351		/*
12352		 * Check to see whether this particular command matches
12353		 * the pattern in the descriptor.
12354		 */
12355		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12356		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12357			continue;
12358
12359		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12360		case CTL_LUN_INJ_ABORTED:
12361			ctl_set_aborted(&io->scsiio);
12362			break;
12363		case CTL_LUN_INJ_MEDIUM_ERR:
12364			ctl_set_medium_error(&io->scsiio,
12365			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12366			     CTL_FLAG_DATA_OUT);
12367			break;
12368		case CTL_LUN_INJ_UA:
12369			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12370			 * OCCURRED */
12371			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12372			break;
12373		case CTL_LUN_INJ_CUSTOM:
12374			/*
12375			 * We're assuming the user knows what he is doing.
12376			 * Just copy the sense information without doing
12377			 * checks.
12378			 */
12379			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12380			      MIN(sizeof(desc->custom_sense),
12381				  sizeof(io->scsiio.sense_data)));
12382			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12383			io->scsiio.sense_len = SSD_FULL_SIZE;
12384			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12385			break;
12386		case CTL_LUN_INJ_NONE:
12387		default:
12388			/*
12389			 * If this is an error injection type we don't know
12390			 * about, clear the continuous flag (if it is set)
12391			 * so it will get deleted below.
12392			 */
12393			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12394			break;
12395		}
12396		/*
12397		 * By default, each error injection action is a one-shot
12398		 */
12399		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12400			continue;
12401
12402		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12403
12404		free(desc, M_CTL);
12405	}
12406}
12407
12408#ifdef CTL_IO_DELAY
12409static void
12410ctl_datamove_timer_wakeup(void *arg)
12411{
12412	union ctl_io *io;
12413
12414	io = (union ctl_io *)arg;
12415
12416	ctl_datamove(io);
12417}
12418#endif /* CTL_IO_DELAY */
12419
12420void
12421ctl_datamove(union ctl_io *io)
12422{
12423	struct ctl_lun *lun;
12424	void (*fe_datamove)(union ctl_io *io);
12425
12426	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12427
12428	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12429
12430	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12431#ifdef CTL_TIME_IO
12432	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12433		char str[256];
12434		char path_str[64];
12435		struct sbuf sb;
12436
12437		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12438		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12439
12440		sbuf_cat(&sb, path_str);
12441		switch (io->io_hdr.io_type) {
12442		case CTL_IO_SCSI:
12443			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12444			sbuf_printf(&sb, "\n");
12445			sbuf_cat(&sb, path_str);
12446			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12447				    io->scsiio.tag_num, io->scsiio.tag_type);
12448			break;
12449		case CTL_IO_TASK:
12450			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12451				    "Tag Type: %d\n", io->taskio.task_action,
12452				    io->taskio.tag_num, io->taskio.tag_type);
12453			break;
12454		default:
12455			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12456			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12457			break;
12458		}
12459		sbuf_cat(&sb, path_str);
12460		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12461			    (intmax_t)time_uptime - io->io_hdr.start_time);
12462		sbuf_finish(&sb);
12463		printf("%s", sbuf_data(&sb));
12464	}
12465#endif /* CTL_TIME_IO */
12466
12467#ifdef CTL_IO_DELAY
12468	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12469		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12470	} else {
12471		if ((lun != NULL)
12472		 && (lun->delay_info.datamove_delay > 0)) {
12473
12474			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12475			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12476			callout_reset(&io->io_hdr.delay_callout,
12477				      lun->delay_info.datamove_delay * hz,
12478				      ctl_datamove_timer_wakeup, io);
12479			if (lun->delay_info.datamove_type ==
12480			    CTL_DELAY_TYPE_ONESHOT)
12481				lun->delay_info.datamove_delay = 0;
12482			return;
12483		}
12484	}
12485#endif
12486
12487	/*
12488	 * This command has been aborted.  Set the port status, so we fail
12489	 * the data move.
12490	 */
12491	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12492		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12493		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12494		       io->io_hdr.nexus.targ_port,
12495		       io->io_hdr.nexus.targ_lun);
12496		io->io_hdr.port_status = 31337;
12497		/*
12498		 * Note that the backend, in this case, will get the
12499		 * callback in its context.  In other cases it may get
12500		 * called in the frontend's interrupt thread context.
12501		 */
12502		io->scsiio.be_move_done(io);
12503		return;
12504	}
12505
12506	/* Don't confuse frontend with zero length data move. */
12507	if (io->scsiio.kern_data_len == 0) {
12508		io->scsiio.be_move_done(io);
12509		return;
12510	}
12511
12512	/*
12513	 * If we're in XFER mode and this I/O is from the other shelf
12514	 * controller, we need to send the DMA to the other side to
12515	 * actually transfer the data to/from the host.  In serialize only
12516	 * mode the transfer happens below CTL and ctl_datamove() is only
12517	 * called on the machine that originally received the I/O.
12518	 */
12519	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12520	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12521		union ctl_ha_msg msg;
12522		uint32_t sg_entries_sent;
12523		int do_sg_copy;
12524		int i;
12525
12526		memset(&msg, 0, sizeof(msg));
12527		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12528		msg.hdr.original_sc = io->io_hdr.original_sc;
12529		msg.hdr.serializing_sc = io;
12530		msg.hdr.nexus = io->io_hdr.nexus;
12531		msg.hdr.status = io->io_hdr.status;
12532		msg.dt.flags = io->io_hdr.flags;
12533		/*
12534		 * We convert everything into a S/G list here.  We can't
12535		 * pass by reference, only by value between controllers.
12536		 * So we can't pass a pointer to the S/G list, only as many
12537		 * S/G entries as we can fit in here.  If it's possible for
12538		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12539		 * then we need to break this up into multiple transfers.
12540		 */
12541		if (io->scsiio.kern_sg_entries == 0) {
12542			msg.dt.kern_sg_entries = 1;
12543#if 0
12544			/*
12545			 * Convert to a physical address if this is a
12546			 * virtual address.
12547			 */
12548			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12549				msg.dt.sg_list[0].addr =
12550					io->scsiio.kern_data_ptr;
12551			} else {
12552				/*
12553				 * XXX KDM use busdma here!
12554				 */
12555				msg.dt.sg_list[0].addr = (void *)
12556					vtophys(io->scsiio.kern_data_ptr);
12557			}
12558#else
12559			KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12560			    ("HA does not support BUS_ADDR"));
12561			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
12562#endif
12563
12564			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12565			do_sg_copy = 0;
12566		} else {
12567			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12568			do_sg_copy = 1;
12569		}
12570
12571		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12572		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12573		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12574		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12575		msg.dt.sg_sequence = 0;
12576
12577		/*
12578		 * Loop until we've sent all of the S/G entries.  On the
12579		 * other end, we'll recompose these S/G entries into one
12580		 * contiguous list before passing it to the
12581		 */
12582		for (sg_entries_sent = 0; sg_entries_sent <
12583		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12584			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12585				sizeof(msg.dt.sg_list[0])),
12586				msg.dt.kern_sg_entries - sg_entries_sent);
12587
12588			if (do_sg_copy != 0) {
12589				struct ctl_sg_entry *sgl;
12590				int j;
12591
12592				sgl = (struct ctl_sg_entry *)
12593					io->scsiio.kern_data_ptr;
12594				/*
12595				 * If this is in cached memory, flush the cache
12596				 * before we send the DMA request to the other
12597				 * controller.  We want to do this in either
12598				 * the * read or the write case.  The read
12599				 * case is straightforward.  In the write
12600				 * case, we want to make sure nothing is
12601				 * in the local cache that could overwrite
12602				 * the DMAed data.
12603				 */
12604
12605				for (i = sg_entries_sent, j = 0;
12606				     i < msg.dt.cur_sg_entries; i++, j++) {
12607#if 0
12608					if ((io->io_hdr.flags &
12609					     CTL_FLAG_BUS_ADDR) == 0) {
12610						/*
12611						 * XXX KDM use busdma.
12612						 */
12613						msg.dt.sg_list[j].addr =(void *)
12614						       vtophys(sgl[i].addr);
12615					} else {
12616						msg.dt.sg_list[j].addr =
12617							sgl[i].addr;
12618					}
12619#else
12620					KASSERT((io->io_hdr.flags &
12621					    CTL_FLAG_BUS_ADDR) == 0,
12622					    ("HA does not support BUS_ADDR"));
12623					msg.dt.sg_list[j].addr = sgl[i].addr;
12624#endif
12625					msg.dt.sg_list[j].len = sgl[i].len;
12626				}
12627			}
12628
12629			sg_entries_sent += msg.dt.cur_sg_entries;
12630			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12631				msg.dt.sg_last = 1;
12632			else
12633				msg.dt.sg_last = 0;
12634
12635			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12636			    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
12637			    sizeof(struct ctl_sg_entry)*msg.dt.cur_sg_entries,
12638			    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
12639				io->io_hdr.port_status = 31341;
12640				io->scsiio.be_move_done(io);
12641				return;
12642			}
12643
12644			msg.dt.sent_sg_entries = sg_entries_sent;
12645		}
12646
12647		/*
12648		 * Officially handover the request from us to peer.
12649		 * If failover has just happened, then we must return error.
12650		 * If failover happen just after, then it is not our problem.
12651		 */
12652		if (lun)
12653			mtx_lock(&lun->lun_lock);
12654		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12655			if (lun)
12656				mtx_unlock(&lun->lun_lock);
12657			io->io_hdr.port_status = 31342;
12658			io->scsiio.be_move_done(io);
12659			return;
12660		}
12661		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12662		io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
12663		if (lun)
12664			mtx_unlock(&lun->lun_lock);
12665	} else {
12666
12667		/*
12668		 * Lookup the fe_datamove() function for this particular
12669		 * front end.
12670		 */
12671		fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12672
12673		fe_datamove(io);
12674	}
12675}
12676
12677static void
12678ctl_send_datamove_done(union ctl_io *io, int have_lock)
12679{
12680	union ctl_ha_msg msg;
12681
12682	memset(&msg, 0, sizeof(msg));
12683
12684	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12685	msg.hdr.original_sc = io;
12686	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12687	msg.hdr.nexus = io->io_hdr.nexus;
12688	msg.hdr.status = io->io_hdr.status;
12689	msg.scsi.tag_num = io->scsiio.tag_num;
12690	msg.scsi.tag_type = io->scsiio.tag_type;
12691	msg.scsi.scsi_status = io->scsiio.scsi_status;
12692	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12693	       io->scsiio.sense_len);
12694	msg.scsi.sense_len = io->scsiio.sense_len;
12695	msg.scsi.sense_residual = io->scsiio.sense_residual;
12696	msg.scsi.fetd_status = io->io_hdr.port_status;
12697	msg.scsi.residual = io->scsiio.residual;
12698	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12699
12700	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12701		ctl_failover_io(io, /*have_lock*/ have_lock);
12702		return;
12703	}
12704
12705	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12706	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12707	    msg.scsi.sense_len, M_WAITOK);
12708}
12709
12710/*
12711 * The DMA to the remote side is done, now we need to tell the other side
12712 * we're done so it can continue with its data movement.
12713 */
12714static void
12715ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12716{
12717	union ctl_io *io;
12718	int i;
12719
12720	io = rq->context;
12721
12722	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12723		printf("%s: ISC DMA write failed with error %d", __func__,
12724		       rq->ret);
12725		ctl_set_internal_failure(&io->scsiio,
12726					 /*sks_valid*/ 1,
12727					 /*retry_count*/ rq->ret);
12728	}
12729
12730	ctl_dt_req_free(rq);
12731
12732	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12733		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12734	free(io->io_hdr.remote_sglist, M_CTL);
12735	io->io_hdr.remote_sglist = NULL;
12736	io->io_hdr.local_sglist = NULL;
12737
12738	/*
12739	 * The data is in local and remote memory, so now we need to send
12740	 * status (good or back) back to the other side.
12741	 */
12742	ctl_send_datamove_done(io, /*have_lock*/ 0);
12743}
12744
12745/*
12746 * We've moved the data from the host/controller into local memory.  Now we
12747 * need to push it over to the remote controller's memory.
12748 */
12749static int
12750ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12751{
12752	int retval;
12753
12754	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12755					  ctl_datamove_remote_write_cb);
12756	return (retval);
12757}
12758
12759static void
12760ctl_datamove_remote_write(union ctl_io *io)
12761{
12762	int retval;
12763	void (*fe_datamove)(union ctl_io *io);
12764
12765	/*
12766	 * - Get the data from the host/HBA into local memory.
12767	 * - DMA memory from the local controller to the remote controller.
12768	 * - Send status back to the remote controller.
12769	 */
12770
12771	retval = ctl_datamove_remote_sgl_setup(io);
12772	if (retval != 0)
12773		return;
12774
12775	/* Switch the pointer over so the FETD knows what to do */
12776	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12777
12778	/*
12779	 * Use a custom move done callback, since we need to send completion
12780	 * back to the other controller, not to the backend on this side.
12781	 */
12782	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12783
12784	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12785	fe_datamove(io);
12786}
12787
12788static int
12789ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12790{
12791#if 0
12792	char str[256];
12793	char path_str[64];
12794	struct sbuf sb;
12795#endif
12796	int i;
12797
12798	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12799		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12800	free(io->io_hdr.remote_sglist, M_CTL);
12801	io->io_hdr.remote_sglist = NULL;
12802	io->io_hdr.local_sglist = NULL;
12803
12804#if 0
12805	scsi_path_string(io, path_str, sizeof(path_str));
12806	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12807	sbuf_cat(&sb, path_str);
12808	scsi_command_string(&io->scsiio, NULL, &sb);
12809	sbuf_printf(&sb, "\n");
12810	sbuf_cat(&sb, path_str);
12811	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12812		    io->scsiio.tag_num, io->scsiio.tag_type);
12813	sbuf_cat(&sb, path_str);
12814	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12815		    io->io_hdr.flags, io->io_hdr.status);
12816	sbuf_finish(&sb);
12817	printk("%s", sbuf_data(&sb));
12818#endif
12819
12820
12821	/*
12822	 * The read is done, now we need to send status (good or bad) back
12823	 * to the other side.
12824	 */
12825	ctl_send_datamove_done(io, /*have_lock*/ 0);
12826
12827	return (0);
12828}
12829
12830static void
12831ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12832{
12833	union ctl_io *io;
12834	void (*fe_datamove)(union ctl_io *io);
12835
12836	io = rq->context;
12837
12838	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12839		printf("%s: ISC DMA read failed with error %d\n", __func__,
12840		       rq->ret);
12841		ctl_set_internal_failure(&io->scsiio,
12842					 /*sks_valid*/ 1,
12843					 /*retry_count*/ rq->ret);
12844	}
12845
12846	ctl_dt_req_free(rq);
12847
12848	/* Switch the pointer over so the FETD knows what to do */
12849	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12850
12851	/*
12852	 * Use a custom move done callback, since we need to send completion
12853	 * back to the other controller, not to the backend on this side.
12854	 */
12855	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12856
12857	/* XXX KDM add checks like the ones in ctl_datamove? */
12858
12859	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12860	fe_datamove(io);
12861}
12862
12863static int
12864ctl_datamove_remote_sgl_setup(union ctl_io *io)
12865{
12866	struct ctl_sg_entry *local_sglist;
12867	struct ctl_softc *softc;
12868	uint32_t len_to_go;
12869	int retval;
12870	int i;
12871
12872	retval = 0;
12873	softc = control_softc;
12874	local_sglist = io->io_hdr.local_sglist;
12875	len_to_go = io->scsiio.kern_data_len;
12876
12877	/*
12878	 * The difficult thing here is that the size of the various
12879	 * S/G segments may be different than the size from the
12880	 * remote controller.  That'll make it harder when DMAing
12881	 * the data back to the other side.
12882	 */
12883	for (i = 0; len_to_go > 0; i++) {
12884		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12885		local_sglist[i].addr =
12886		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12887
12888		len_to_go -= local_sglist[i].len;
12889	}
12890	/*
12891	 * Reset the number of S/G entries accordingly.  The original
12892	 * number of S/G entries is available in rem_sg_entries.
12893	 */
12894	io->scsiio.kern_sg_entries = i;
12895
12896#if 0
12897	printf("%s: kern_sg_entries = %d\n", __func__,
12898	       io->scsiio.kern_sg_entries);
12899	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12900		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12901		       local_sglist[i].addr, local_sglist[i].len);
12902#endif
12903
12904	return (retval);
12905}
12906
12907static int
12908ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12909			 ctl_ha_dt_cb callback)
12910{
12911	struct ctl_ha_dt_req *rq;
12912	struct ctl_sg_entry *remote_sglist, *local_sglist;
12913	uint32_t local_used, remote_used, total_used;
12914	int i, j, isc_ret;
12915
12916	rq = ctl_dt_req_alloc();
12917
12918	/*
12919	 * If we failed to allocate the request, and if the DMA didn't fail
12920	 * anyway, set busy status.  This is just a resource allocation
12921	 * failure.
12922	 */
12923	if ((rq == NULL)
12924	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12925	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12926		ctl_set_busy(&io->scsiio);
12927
12928	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12929	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12930
12931		if (rq != NULL)
12932			ctl_dt_req_free(rq);
12933
12934		/*
12935		 * The data move failed.  We need to return status back
12936		 * to the other controller.  No point in trying to DMA
12937		 * data to the remote controller.
12938		 */
12939
12940		ctl_send_datamove_done(io, /*have_lock*/ 0);
12941
12942		return (1);
12943	}
12944
12945	local_sglist = io->io_hdr.local_sglist;
12946	remote_sglist = io->io_hdr.remote_sglist;
12947	local_used = 0;
12948	remote_used = 0;
12949	total_used = 0;
12950
12951	/*
12952	 * Pull/push the data over the wire from/to the other controller.
12953	 * This takes into account the possibility that the local and
12954	 * remote sglists may not be identical in terms of the size of
12955	 * the elements and the number of elements.
12956	 *
12957	 * One fundamental assumption here is that the length allocated for
12958	 * both the local and remote sglists is identical.  Otherwise, we've
12959	 * essentially got a coding error of some sort.
12960	 */
12961	isc_ret = CTL_HA_STATUS_SUCCESS;
12962	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12963		uint32_t cur_len;
12964		uint8_t *tmp_ptr;
12965
12966		rq->command = command;
12967		rq->context = io;
12968
12969		/*
12970		 * Both pointers should be aligned.  But it is possible
12971		 * that the allocation length is not.  They should both
12972		 * also have enough slack left over at the end, though,
12973		 * to round up to the next 8 byte boundary.
12974		 */
12975		cur_len = MIN(local_sglist[i].len - local_used,
12976			      remote_sglist[j].len - remote_used);
12977		rq->size = cur_len;
12978
12979		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12980		tmp_ptr += local_used;
12981
12982#if 0
12983		/* Use physical addresses when talking to ISC hardware */
12984		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12985			/* XXX KDM use busdma */
12986			rq->local = vtophys(tmp_ptr);
12987		} else
12988			rq->local = tmp_ptr;
12989#else
12990		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12991		    ("HA does not support BUS_ADDR"));
12992		rq->local = tmp_ptr;
12993#endif
12994
12995		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12996		tmp_ptr += remote_used;
12997		rq->remote = tmp_ptr;
12998
12999		rq->callback = NULL;
13000
13001		local_used += cur_len;
13002		if (local_used >= local_sglist[i].len) {
13003			i++;
13004			local_used = 0;
13005		}
13006
13007		remote_used += cur_len;
13008		if (remote_used >= remote_sglist[j].len) {
13009			j++;
13010			remote_used = 0;
13011		}
13012		total_used += cur_len;
13013
13014		if (total_used >= io->scsiio.kern_data_len)
13015			rq->callback = callback;
13016
13017#if 0
13018		printf("%s: %s: local %p remote %p size %d\n", __func__,
13019		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13020		       rq->local, rq->remote, rq->size);
13021#endif
13022
13023		isc_ret = ctl_dt_single(rq);
13024		if (isc_ret > CTL_HA_STATUS_SUCCESS)
13025			break;
13026	}
13027	if (isc_ret != CTL_HA_STATUS_WAIT) {
13028		rq->ret = isc_ret;
13029		callback(rq);
13030	}
13031
13032	return (0);
13033}
13034
13035static void
13036ctl_datamove_remote_read(union ctl_io *io)
13037{
13038	int retval;
13039	int i;
13040
13041	/*
13042	 * This will send an error to the other controller in the case of a
13043	 * failure.
13044	 */
13045	retval = ctl_datamove_remote_sgl_setup(io);
13046	if (retval != 0)
13047		return;
13048
13049	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13050					  ctl_datamove_remote_read_cb);
13051	if (retval != 0) {
13052		/*
13053		 * Make sure we free memory if there was an error..  The
13054		 * ctl_datamove_remote_xfer() function will send the
13055		 * datamove done message, or call the callback with an
13056		 * error if there is a problem.
13057		 */
13058		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13059			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13060		free(io->io_hdr.remote_sglist, M_CTL);
13061		io->io_hdr.remote_sglist = NULL;
13062		io->io_hdr.local_sglist = NULL;
13063	}
13064}
13065
13066/*
13067 * Process a datamove request from the other controller.  This is used for
13068 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13069 * first.  Once that is complete, the data gets DMAed into the remote
13070 * controller's memory.  For reads, we DMA from the remote controller's
13071 * memory into our memory first, and then move it out to the FETD.
13072 */
13073static void
13074ctl_datamove_remote(union ctl_io *io)
13075{
13076
13077	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
13078
13079	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13080		ctl_failover_io(io, /*have_lock*/ 0);
13081		return;
13082	}
13083
13084	/*
13085	 * Note that we look for an aborted I/O here, but don't do some of
13086	 * the other checks that ctl_datamove() normally does.
13087	 * We don't need to run the datamove delay code, since that should
13088	 * have been done if need be on the other controller.
13089	 */
13090	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13091		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
13092		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
13093		       io->io_hdr.nexus.targ_port,
13094		       io->io_hdr.nexus.targ_lun);
13095		io->io_hdr.port_status = 31338;
13096		ctl_send_datamove_done(io, /*have_lock*/ 0);
13097		return;
13098	}
13099
13100	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
13101		ctl_datamove_remote_write(io);
13102	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
13103		ctl_datamove_remote_read(io);
13104	else {
13105		io->io_hdr.port_status = 31339;
13106		ctl_send_datamove_done(io, /*have_lock*/ 0);
13107	}
13108}
13109
13110static int
13111ctl_process_done(union ctl_io *io)
13112{
13113	struct ctl_lun *lun;
13114	struct ctl_softc *softc = control_softc;
13115	void (*fe_done)(union ctl_io *io);
13116	union ctl_ha_msg msg;
13117	uint32_t targ_port = io->io_hdr.nexus.targ_port;
13118
13119	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13120
13121	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0)
13122		fe_done = softc->ctl_ports[targ_port]->fe_done;
13123	else
13124		fe_done = NULL;
13125
13126#ifdef CTL_TIME_IO
13127	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13128		char str[256];
13129		char path_str[64];
13130		struct sbuf sb;
13131
13132		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13133		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13134
13135		sbuf_cat(&sb, path_str);
13136		switch (io->io_hdr.io_type) {
13137		case CTL_IO_SCSI:
13138			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13139			sbuf_printf(&sb, "\n");
13140			sbuf_cat(&sb, path_str);
13141			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13142				    io->scsiio.tag_num, io->scsiio.tag_type);
13143			break;
13144		case CTL_IO_TASK:
13145			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13146				    "Tag Type: %d\n", io->taskio.task_action,
13147				    io->taskio.tag_num, io->taskio.tag_type);
13148			break;
13149		default:
13150			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13151			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13152			break;
13153		}
13154		sbuf_cat(&sb, path_str);
13155		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13156			    (intmax_t)time_uptime - io->io_hdr.start_time);
13157		sbuf_finish(&sb);
13158		printf("%s", sbuf_data(&sb));
13159	}
13160#endif /* CTL_TIME_IO */
13161
13162	switch (io->io_hdr.io_type) {
13163	case CTL_IO_SCSI:
13164		break;
13165	case CTL_IO_TASK:
13166		if (ctl_debug & CTL_DEBUG_INFO)
13167			ctl_io_error_print(io, NULL);
13168		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13169			ctl_free_io(io);
13170		else
13171			fe_done(io);
13172		return (CTL_RETVAL_COMPLETE);
13173	default:
13174		panic("ctl_process_done: invalid io type %d\n",
13175		      io->io_hdr.io_type);
13176		break; /* NOTREACHED */
13177	}
13178
13179	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13180	if (lun == NULL) {
13181		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13182				 io->io_hdr.nexus.targ_mapped_lun));
13183		goto bailout;
13184	}
13185
13186	mtx_lock(&lun->lun_lock);
13187
13188	/*
13189	 * Check to see if we have any errors to inject here.  We only
13190	 * inject errors for commands that don't already have errors set.
13191	 */
13192	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
13193	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13194	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13195		ctl_inject_error(lun, io);
13196
13197	/*
13198	 * XXX KDM how do we treat commands that aren't completed
13199	 * successfully?
13200	 *
13201	 * XXX KDM should we also track I/O latency?
13202	 */
13203	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13204	    io->io_hdr.io_type == CTL_IO_SCSI) {
13205#ifdef CTL_TIME_IO
13206		struct bintime cur_bt;
13207#endif
13208		int type;
13209
13210		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13211		    CTL_FLAG_DATA_IN)
13212			type = CTL_STATS_READ;
13213		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13214		    CTL_FLAG_DATA_OUT)
13215			type = CTL_STATS_WRITE;
13216		else
13217			type = CTL_STATS_NO_IO;
13218
13219		lun->stats.ports[targ_port].bytes[type] +=
13220		    io->scsiio.kern_total_len;
13221		lun->stats.ports[targ_port].operations[type]++;
13222#ifdef CTL_TIME_IO
13223		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13224		   &io->io_hdr.dma_bt);
13225		lun->stats.ports[targ_port].num_dmas[type] +=
13226		    io->io_hdr.num_dmas;
13227		getbintime(&cur_bt);
13228		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13229		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13230#endif
13231	}
13232
13233	/*
13234	 * Remove this from the OOA queue.
13235	 */
13236	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13237#ifdef CTL_TIME_IO
13238	if (TAILQ_EMPTY(&lun->ooa_queue))
13239		lun->last_busy = getsbinuptime();
13240#endif
13241
13242	/*
13243	 * Run through the blocked queue on this LUN and see if anything
13244	 * has become unblocked, now that this transaction is done.
13245	 */
13246	ctl_check_blocked(lun);
13247
13248	/*
13249	 * If the LUN has been invalidated, free it if there is nothing
13250	 * left on its OOA queue.
13251	 */
13252	if ((lun->flags & CTL_LUN_INVALID)
13253	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13254		mtx_unlock(&lun->lun_lock);
13255		mtx_lock(&softc->ctl_lock);
13256		ctl_free_lun(lun);
13257		mtx_unlock(&softc->ctl_lock);
13258	} else
13259		mtx_unlock(&lun->lun_lock);
13260
13261bailout:
13262
13263	/*
13264	 * If this command has been aborted, make sure we set the status
13265	 * properly.  The FETD is responsible for freeing the I/O and doing
13266	 * whatever it needs to do to clean up its state.
13267	 */
13268	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13269		ctl_set_task_aborted(&io->scsiio);
13270
13271	/*
13272	 * If enabled, print command error status.
13273	 */
13274	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13275	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13276		ctl_io_error_print(io, NULL);
13277
13278	/*
13279	 * Tell the FETD or the other shelf controller we're done with this
13280	 * command.  Note that only SCSI commands get to this point.  Task
13281	 * management commands are completed above.
13282	 */
13283	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13284	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13285		memset(&msg, 0, sizeof(msg));
13286		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13287		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13288		msg.hdr.nexus = io->io_hdr.nexus;
13289		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13290		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13291		    M_WAITOK);
13292	}
13293	if ((softc->ha_mode == CTL_HA_MODE_XFER)
13294	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13295		memset(&msg, 0, sizeof(msg));
13296		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13297		msg.hdr.original_sc = io->io_hdr.original_sc;
13298		msg.hdr.nexus = io->io_hdr.nexus;
13299		msg.hdr.status = io->io_hdr.status;
13300		msg.scsi.scsi_status = io->scsiio.scsi_status;
13301		msg.scsi.tag_num = io->scsiio.tag_num;
13302		msg.scsi.tag_type = io->scsiio.tag_type;
13303		msg.scsi.sense_len = io->scsiio.sense_len;
13304		msg.scsi.sense_residual = io->scsiio.sense_residual;
13305		msg.scsi.residual = io->scsiio.residual;
13306		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13307		       io->scsiio.sense_len);
13308
13309		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13310		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
13311		    msg.scsi.sense_len, M_WAITOK);
13312		ctl_free_io(io);
13313	} else
13314		fe_done(io);
13315
13316	return (CTL_RETVAL_COMPLETE);
13317}
13318
13319#ifdef CTL_WITH_CA
13320/*
13321 * Front end should call this if it doesn't do autosense.  When the request
13322 * sense comes back in from the initiator, we'll dequeue this and send it.
13323 */
13324int
13325ctl_queue_sense(union ctl_io *io)
13326{
13327	struct ctl_lun *lun;
13328	struct ctl_port *port;
13329	struct ctl_softc *softc;
13330	uint32_t initidx, targ_lun;
13331
13332	softc = control_softc;
13333
13334	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13335
13336	/*
13337	 * LUN lookup will likely move to the ctl_work_thread() once we
13338	 * have our new queueing infrastructure (that doesn't put things on
13339	 * a per-LUN queue initially).  That is so that we can handle
13340	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13341	 * can't deal with that right now.
13342	 */
13343	mtx_lock(&softc->ctl_lock);
13344
13345	/*
13346	 * If we don't have a LUN for this, just toss the sense
13347	 * information.
13348	 */
13349	port = ctl_io_port(&ctsio->io_hdr);
13350	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13351	if ((targ_lun < CTL_MAX_LUNS)
13352	 && (softc->ctl_luns[targ_lun] != NULL))
13353		lun = softc->ctl_luns[targ_lun];
13354	else
13355		goto bailout;
13356
13357	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13358
13359	mtx_lock(&lun->lun_lock);
13360	/*
13361	 * Already have CA set for this LUN...toss the sense information.
13362	 */
13363	if (ctl_is_set(lun->have_ca, initidx)) {
13364		mtx_unlock(&lun->lun_lock);
13365		goto bailout;
13366	}
13367
13368	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13369	       MIN(sizeof(lun->pending_sense[initidx]),
13370	       sizeof(io->scsiio.sense_data)));
13371	ctl_set_mask(lun->have_ca, initidx);
13372	mtx_unlock(&lun->lun_lock);
13373
13374bailout:
13375	mtx_unlock(&softc->ctl_lock);
13376
13377	ctl_free_io(io);
13378
13379	return (CTL_RETVAL_COMPLETE);
13380}
13381#endif
13382
13383/*
13384 * Primary command inlet from frontend ports.  All SCSI and task I/O
13385 * requests must go through this function.
13386 */
13387int
13388ctl_queue(union ctl_io *io)
13389{
13390	struct ctl_port *port;
13391
13392	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13393
13394#ifdef CTL_TIME_IO
13395	io->io_hdr.start_time = time_uptime;
13396	getbintime(&io->io_hdr.start_bt);
13397#endif /* CTL_TIME_IO */
13398
13399	/* Map FE-specific LUN ID into global one. */
13400	port = ctl_io_port(&io->io_hdr);
13401	io->io_hdr.nexus.targ_mapped_lun =
13402	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13403
13404	switch (io->io_hdr.io_type) {
13405	case CTL_IO_SCSI:
13406	case CTL_IO_TASK:
13407		if (ctl_debug & CTL_DEBUG_CDB)
13408			ctl_io_print(io);
13409		ctl_enqueue_incoming(io);
13410		break;
13411	default:
13412		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13413		return (EINVAL);
13414	}
13415
13416	return (CTL_RETVAL_COMPLETE);
13417}
13418
13419#ifdef CTL_IO_DELAY
13420static void
13421ctl_done_timer_wakeup(void *arg)
13422{
13423	union ctl_io *io;
13424
13425	io = (union ctl_io *)arg;
13426	ctl_done(io);
13427}
13428#endif /* CTL_IO_DELAY */
13429
13430void
13431ctl_serseq_done(union ctl_io *io)
13432{
13433	struct ctl_lun *lun;
13434
13435	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13436	if (lun->be_lun == NULL ||
13437	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13438		return;
13439	mtx_lock(&lun->lun_lock);
13440	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13441	ctl_check_blocked(lun);
13442	mtx_unlock(&lun->lun_lock);
13443}
13444
13445void
13446ctl_done(union ctl_io *io)
13447{
13448
13449	/*
13450	 * Enable this to catch duplicate completion issues.
13451	 */
13452#if 0
13453	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13454		printf("%s: type %d msg %d cdb %x iptl: "
13455		       "%u:%u:%u tag 0x%04x "
13456		       "flag %#x status %x\n",
13457			__func__,
13458			io->io_hdr.io_type,
13459			io->io_hdr.msg_type,
13460			io->scsiio.cdb[0],
13461			io->io_hdr.nexus.initid,
13462			io->io_hdr.nexus.targ_port,
13463			io->io_hdr.nexus.targ_lun,
13464			(io->io_hdr.io_type ==
13465			CTL_IO_TASK) ?
13466			io->taskio.tag_num :
13467			io->scsiio.tag_num,
13468		        io->io_hdr.flags,
13469			io->io_hdr.status);
13470	} else
13471		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13472#endif
13473
13474	/*
13475	 * This is an internal copy of an I/O, and should not go through
13476	 * the normal done processing logic.
13477	 */
13478	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13479		return;
13480
13481#ifdef CTL_IO_DELAY
13482	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13483		struct ctl_lun *lun;
13484
13485		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13486
13487		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13488	} else {
13489		struct ctl_lun *lun;
13490
13491		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13492
13493		if ((lun != NULL)
13494		 && (lun->delay_info.done_delay > 0)) {
13495
13496			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13497			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13498			callout_reset(&io->io_hdr.delay_callout,
13499				      lun->delay_info.done_delay * hz,
13500				      ctl_done_timer_wakeup, io);
13501			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13502				lun->delay_info.done_delay = 0;
13503			return;
13504		}
13505	}
13506#endif /* CTL_IO_DELAY */
13507
13508	ctl_enqueue_done(io);
13509}
13510
13511static void
13512ctl_work_thread(void *arg)
13513{
13514	struct ctl_thread *thr = (struct ctl_thread *)arg;
13515	struct ctl_softc *softc = thr->ctl_softc;
13516	union ctl_io *io;
13517	int retval;
13518
13519	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13520
13521	for (;;) {
13522		retval = 0;
13523
13524		/*
13525		 * We handle the queues in this order:
13526		 * - ISC
13527		 * - done queue (to free up resources, unblock other commands)
13528		 * - RtR queue
13529		 * - incoming queue
13530		 *
13531		 * If those queues are empty, we break out of the loop and
13532		 * go to sleep.
13533		 */
13534		mtx_lock(&thr->queue_lock);
13535		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13536		if (io != NULL) {
13537			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13538			mtx_unlock(&thr->queue_lock);
13539			ctl_handle_isc(io);
13540			continue;
13541		}
13542		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13543		if (io != NULL) {
13544			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13545			/* clear any blocked commands, call fe_done */
13546			mtx_unlock(&thr->queue_lock);
13547			retval = ctl_process_done(io);
13548			continue;
13549		}
13550		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13551		if (io != NULL) {
13552			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13553			mtx_unlock(&thr->queue_lock);
13554			if (io->io_hdr.io_type == CTL_IO_TASK)
13555				ctl_run_task(io);
13556			else
13557				ctl_scsiio_precheck(softc, &io->scsiio);
13558			continue;
13559		}
13560		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13561		if (io != NULL) {
13562			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13563			mtx_unlock(&thr->queue_lock);
13564			retval = ctl_scsiio(&io->scsiio);
13565			if (retval != CTL_RETVAL_COMPLETE)
13566				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13567			continue;
13568		}
13569
13570		/* Sleep until we have something to do. */
13571		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13572	}
13573}
13574
13575static void
13576ctl_lun_thread(void *arg)
13577{
13578	struct ctl_softc *softc = (struct ctl_softc *)arg;
13579	struct ctl_be_lun *be_lun;
13580	int retval;
13581
13582	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13583
13584	for (;;) {
13585		retval = 0;
13586		mtx_lock(&softc->ctl_lock);
13587		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13588		if (be_lun != NULL) {
13589			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13590			mtx_unlock(&softc->ctl_lock);
13591			ctl_create_lun(be_lun);
13592			continue;
13593		}
13594
13595		/* Sleep until we have something to do. */
13596		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13597		    PDROP | PRIBIO, "-", 0);
13598	}
13599}
13600
13601static void
13602ctl_thresh_thread(void *arg)
13603{
13604	struct ctl_softc *softc = (struct ctl_softc *)arg;
13605	struct ctl_lun *lun;
13606	struct ctl_be_lun *be_lun;
13607	struct scsi_da_rw_recovery_page *rwpage;
13608	struct ctl_logical_block_provisioning_page *page;
13609	const char *attr;
13610	union ctl_ha_msg msg;
13611	uint64_t thres, val;
13612	int i, e, set;
13613
13614	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13615
13616	for (;;) {
13617		mtx_lock(&softc->ctl_lock);
13618		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13619			be_lun = lun->be_lun;
13620			if ((lun->flags & CTL_LUN_DISABLED) ||
13621			    (lun->flags & CTL_LUN_OFFLINE) ||
13622			    lun->backend->lun_attr == NULL)
13623				continue;
13624			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13625			    softc->ha_mode == CTL_HA_MODE_XFER)
13626				continue;
13627			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13628			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13629				continue;
13630			e = 0;
13631			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13632			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13633				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13634					continue;
13635				thres = scsi_4btoul(page->descr[i].count);
13636				thres <<= CTL_LBP_EXPONENT;
13637				switch (page->descr[i].resource) {
13638				case 0x01:
13639					attr = "blocksavail";
13640					break;
13641				case 0x02:
13642					attr = "blocksused";
13643					break;
13644				case 0xf1:
13645					attr = "poolblocksavail";
13646					break;
13647				case 0xf2:
13648					attr = "poolblocksused";
13649					break;
13650				default:
13651					continue;
13652				}
13653				mtx_unlock(&softc->ctl_lock); // XXX
13654				val = lun->backend->lun_attr(
13655				    lun->be_lun->be_lun, attr);
13656				mtx_lock(&softc->ctl_lock);
13657				if (val == UINT64_MAX)
13658					continue;
13659				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13660				    == SLBPPD_ARMING_INC)
13661					e = (val >= thres);
13662				else
13663					e = (val <= thres);
13664				if (e)
13665					break;
13666			}
13667			mtx_lock(&lun->lun_lock);
13668			if (e) {
13669				scsi_u64to8b((uint8_t *)&page->descr[i] -
13670				    (uint8_t *)page, lun->ua_tpt_info);
13671				if (lun->lasttpt == 0 ||
13672				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13673					lun->lasttpt = time_uptime;
13674					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13675					set = 1;
13676				} else
13677					set = 0;
13678			} else {
13679				lun->lasttpt = 0;
13680				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13681				set = -1;
13682			}
13683			mtx_unlock(&lun->lun_lock);
13684			if (set != 0 &&
13685			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13686				/* Send msg to other side. */
13687				bzero(&msg.ua, sizeof(msg.ua));
13688				msg.hdr.msg_type = CTL_MSG_UA;
13689				msg.hdr.nexus.initid = -1;
13690				msg.hdr.nexus.targ_port = -1;
13691				msg.hdr.nexus.targ_lun = lun->lun;
13692				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13693				msg.ua.ua_all = 1;
13694				msg.ua.ua_set = (set > 0);
13695				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13696				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13697				mtx_unlock(&softc->ctl_lock); // XXX
13698				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13699				    sizeof(msg.ua), M_WAITOK);
13700				mtx_lock(&softc->ctl_lock);
13701			}
13702		}
13703		mtx_unlock(&softc->ctl_lock);
13704		pause("-", CTL_LBP_PERIOD * hz);
13705	}
13706}
13707
13708static void
13709ctl_enqueue_incoming(union ctl_io *io)
13710{
13711	struct ctl_softc *softc = control_softc;
13712	struct ctl_thread *thr;
13713	u_int idx;
13714
13715	idx = (io->io_hdr.nexus.targ_port * 127 +
13716	       io->io_hdr.nexus.initid) % worker_threads;
13717	thr = &softc->threads[idx];
13718	mtx_lock(&thr->queue_lock);
13719	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13720	mtx_unlock(&thr->queue_lock);
13721	wakeup(thr);
13722}
13723
13724static void
13725ctl_enqueue_rtr(union ctl_io *io)
13726{
13727	struct ctl_softc *softc = control_softc;
13728	struct ctl_thread *thr;
13729
13730	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13731	mtx_lock(&thr->queue_lock);
13732	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13733	mtx_unlock(&thr->queue_lock);
13734	wakeup(thr);
13735}
13736
13737static void
13738ctl_enqueue_done(union ctl_io *io)
13739{
13740	struct ctl_softc *softc = control_softc;
13741	struct ctl_thread *thr;
13742
13743	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13744	mtx_lock(&thr->queue_lock);
13745	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13746	mtx_unlock(&thr->queue_lock);
13747	wakeup(thr);
13748}
13749
13750static void
13751ctl_enqueue_isc(union ctl_io *io)
13752{
13753	struct ctl_softc *softc = control_softc;
13754	struct ctl_thread *thr;
13755
13756	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13757	mtx_lock(&thr->queue_lock);
13758	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13759	mtx_unlock(&thr->queue_lock);
13760	wakeup(thr);
13761}
13762
13763/*
13764 *  vim: ts=8
13765 */
13766