ctl.c revision 288796 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288796 2015-10-05 10:59:37Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_DEXCPT,
288	/*mrie*/0,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 0}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/0,
297	/*mrie*/0,
298	/*interval_timer*/{0, 0, 0, 0},
299	/*report_count*/{0, 0, 0, 0}
300};
301
302#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
303
304const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
305	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
306	/*subpage_code*/0x02,
307	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
308	/*flags*/0,
309	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310	/*descr*/{}},
311	{{/*flags*/0,
312	  /*resource*/0x01,
313	  /*reserved*/{0, 0},
314	  /*count*/{0, 0, 0, 0}},
315	 {/*flags*/0,
316	  /*resource*/0x02,
317	  /*reserved*/{0, 0},
318	  /*count*/{0, 0, 0, 0}},
319	 {/*flags*/0,
320	  /*resource*/0xf1,
321	  /*reserved*/{0, 0},
322	  /*count*/{0, 0, 0, 0}},
323	 {/*flags*/0,
324	  /*resource*/0xf2,
325	  /*reserved*/{0, 0},
326	  /*count*/{0, 0, 0, 0}}
327	}
328};
329
330const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
331	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
332	/*subpage_code*/0x02,
333	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
334	/*flags*/0,
335	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
336	/*descr*/{}},
337	{{/*flags*/0,
338	  /*resource*/0,
339	  /*reserved*/{0, 0},
340	  /*count*/{0, 0, 0, 0}},
341	 {/*flags*/0,
342	  /*resource*/0,
343	  /*reserved*/{0, 0},
344	  /*count*/{0, 0, 0, 0}},
345	 {/*flags*/0,
346	  /*resource*/0,
347	  /*reserved*/{0, 0},
348	  /*count*/{0, 0, 0, 0}},
349	 {/*flags*/0,
350	  /*resource*/0,
351	  /*reserved*/{0, 0},
352	  /*count*/{0, 0, 0, 0}}
353	}
354};
355
356SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
357static int worker_threads = -1;
358TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
359SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
360    &worker_threads, 1, "Number of worker threads");
361static int ctl_debug = CTL_DEBUG_NONE;
362TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
363SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
364    &ctl_debug, 0, "Enabled debug flags");
365
366/*
367 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
368 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
369 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
370 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
371 */
372#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
373
374static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
375				  int param);
376static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
377static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
378static int ctl_init(void);
379void ctl_shutdown(void);
380static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
381static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
382static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
383static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
384			      struct ctl_ooa *ooa_hdr,
385			      struct ctl_ooa_entry *kern_entries);
386static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
387		     struct thread *td);
388static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
389			 struct ctl_be_lun *be_lun);
390static int ctl_free_lun(struct ctl_lun *lun);
391static void ctl_create_lun(struct ctl_be_lun *be_lun);
392static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
393
394static int ctl_do_mode_select(union ctl_io *io);
395static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
396			   uint64_t res_key, uint64_t sa_res_key,
397			   uint8_t type, uint32_t residx,
398			   struct ctl_scsiio *ctsio,
399			   struct scsi_per_res_out *cdb,
400			   struct scsi_per_res_out_parms* param);
401static void ctl_pro_preempt_other(struct ctl_lun *lun,
402				  union ctl_ha_msg *msg);
403static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
404static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
407static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
408static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
409static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
410					 int alloc_len);
411static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
412					 int alloc_len);
413static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
414static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
415static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
416static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
417static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
418static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
419    bool seq);
420static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
421static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
422    union ctl_io *pending_io, union ctl_io *ooa_io);
423static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
424				union ctl_io *starting_io);
425static int ctl_check_blocked(struct ctl_lun *lun);
426static int ctl_scsiio_lun_check(struct ctl_lun *lun,
427				const struct ctl_cmd_entry *entry,
428				struct ctl_scsiio *ctsio);
429static void ctl_failover_lun(struct ctl_lun *lun);
430static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
431			       struct ctl_scsiio *ctsio);
432static int ctl_scsiio(struct ctl_scsiio *ctsio);
433
434static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
435static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
436			    ctl_ua_type ua_type);
437static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
438			 ctl_ua_type ua_type);
439static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
440static int ctl_abort_task(union ctl_io *io);
441static int ctl_abort_task_set(union ctl_io *io);
442static int ctl_query_task(union ctl_io *io, int task_set);
443static int ctl_i_t_nexus_reset(union ctl_io *io);
444static int ctl_query_async_event(union ctl_io *io);
445static void ctl_run_task(union ctl_io *io);
446#ifdef CTL_IO_DELAY
447static void ctl_datamove_timer_wakeup(void *arg);
448static void ctl_done_timer_wakeup(void *arg);
449#endif /* CTL_IO_DELAY */
450
451static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
452static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
453static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
454static void ctl_datamove_remote_write(union ctl_io *io);
455static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
456static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
457static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
458static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
459				    ctl_ha_dt_cb callback);
460static void ctl_datamove_remote_read(union ctl_io *io);
461static void ctl_datamove_remote(union ctl_io *io);
462static int ctl_process_done(union ctl_io *io);
463static void ctl_lun_thread(void *arg);
464static void ctl_thresh_thread(void *arg);
465static void ctl_work_thread(void *arg);
466static void ctl_enqueue_incoming(union ctl_io *io);
467static void ctl_enqueue_rtr(union ctl_io *io);
468static void ctl_enqueue_done(union ctl_io *io);
469static void ctl_enqueue_isc(union ctl_io *io);
470static const struct ctl_cmd_entry *
471    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
472static const struct ctl_cmd_entry *
473    ctl_validate_command(struct ctl_scsiio *ctsio);
474static int ctl_cmd_applicable(uint8_t lun_type,
475    const struct ctl_cmd_entry *entry);
476
477static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
478static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
479static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
480static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
481
482/*
483 * Load the serialization table.  This isn't very pretty, but is probably
484 * the easiest way to do it.
485 */
486#include "ctl_ser_table.c"
487
488/*
489 * We only need to define open, close and ioctl routines for this driver.
490 */
491static struct cdevsw ctl_cdevsw = {
492	.d_version =	D_VERSION,
493	.d_flags =	0,
494	.d_open =	ctl_open,
495	.d_close =	ctl_close,
496	.d_ioctl =	ctl_ioctl,
497	.d_name =	"ctl",
498};
499
500
501MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
502
503static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
504
505static moduledata_t ctl_moduledata = {
506	"ctl",
507	ctl_module_event_handler,
508	NULL
509};
510
511DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
512MODULE_VERSION(ctl, 1);
513
514static struct ctl_frontend ha_frontend =
515{
516	.name = "ha",
517};
518
519static void
520ctl_ha_datamove(union ctl_io *io)
521{
522	struct ctl_lun *lun;
523	struct ctl_sg_entry *sgl;
524	union ctl_ha_msg msg;
525	uint32_t sg_entries_sent;
526	int do_sg_copy, i, j;
527
528	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
529	memset(&msg.dt, 0, sizeof(msg.dt));
530	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
531	msg.hdr.original_sc = io->io_hdr.original_sc;
532	msg.hdr.serializing_sc = io;
533	msg.hdr.nexus = io->io_hdr.nexus;
534	msg.hdr.status = io->io_hdr.status;
535	msg.dt.flags = io->io_hdr.flags;
536
537	/*
538	 * We convert everything into a S/G list here.  We can't
539	 * pass by reference, only by value between controllers.
540	 * So we can't pass a pointer to the S/G list, only as many
541	 * S/G entries as we can fit in here.  If it's possible for
542	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
543	 * then we need to break this up into multiple transfers.
544	 */
545	if (io->scsiio.kern_sg_entries == 0) {
546		msg.dt.kern_sg_entries = 1;
547#if 0
548		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
549			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
550		} else {
551			/* XXX KDM use busdma here! */
552			msg.dt.sg_list[0].addr =
553			    (void *)vtophys(io->scsiio.kern_data_ptr);
554		}
555#else
556		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
557		    ("HA does not support BUS_ADDR"));
558		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
559#endif
560		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
561		do_sg_copy = 0;
562	} else {
563		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
564		do_sg_copy = 1;
565	}
566
567	msg.dt.kern_data_len = io->scsiio.kern_data_len;
568	msg.dt.kern_total_len = io->scsiio.kern_total_len;
569	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
570	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
571	msg.dt.sg_sequence = 0;
572
573	/*
574	 * Loop until we've sent all of the S/G entries.  On the
575	 * other end, we'll recompose these S/G entries into one
576	 * contiguous list before processing.
577	 */
578	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
579	    msg.dt.sg_sequence++) {
580		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
581		    sizeof(msg.dt.sg_list[0])),
582		    msg.dt.kern_sg_entries - sg_entries_sent);
583		if (do_sg_copy != 0) {
584			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
585			for (i = sg_entries_sent, j = 0;
586			     i < msg.dt.cur_sg_entries; i++, j++) {
587#if 0
588				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
589					msg.dt.sg_list[j].addr = sgl[i].addr;
590				} else {
591					/* XXX KDM use busdma here! */
592					msg.dt.sg_list[j].addr =
593					    (void *)vtophys(sgl[i].addr);
594				}
595#else
596				KASSERT((io->io_hdr.flags &
597				    CTL_FLAG_BUS_ADDR) == 0,
598				    ("HA does not support BUS_ADDR"));
599				msg.dt.sg_list[j].addr = sgl[i].addr;
600#endif
601				msg.dt.sg_list[j].len = sgl[i].len;
602			}
603		}
604
605		sg_entries_sent += msg.dt.cur_sg_entries;
606		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
607		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
608		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
609		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
610		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
611			io->io_hdr.port_status = 31341;
612			io->scsiio.be_move_done(io);
613			return;
614		}
615		msg.dt.sent_sg_entries = sg_entries_sent;
616	}
617
618	/*
619	 * Officially handover the request from us to peer.
620	 * If failover has just happened, then we must return error.
621	 * If failover happen just after, then it is not our problem.
622	 */
623	if (lun)
624		mtx_lock(&lun->lun_lock);
625	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
626		if (lun)
627			mtx_unlock(&lun->lun_lock);
628		io->io_hdr.port_status = 31342;
629		io->scsiio.be_move_done(io);
630		return;
631	}
632	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
633	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
634	if (lun)
635		mtx_unlock(&lun->lun_lock);
636}
637
638static void
639ctl_ha_done(union ctl_io *io)
640{
641	union ctl_ha_msg msg;
642
643	if (io->io_hdr.io_type == CTL_IO_SCSI) {
644		memset(&msg, 0, sizeof(msg));
645		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
646		msg.hdr.original_sc = io->io_hdr.original_sc;
647		msg.hdr.nexus = io->io_hdr.nexus;
648		msg.hdr.status = io->io_hdr.status;
649		msg.scsi.scsi_status = io->scsiio.scsi_status;
650		msg.scsi.tag_num = io->scsiio.tag_num;
651		msg.scsi.tag_type = io->scsiio.tag_type;
652		msg.scsi.sense_len = io->scsiio.sense_len;
653		msg.scsi.sense_residual = io->scsiio.sense_residual;
654		msg.scsi.residual = io->scsiio.residual;
655		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
656		    io->scsiio.sense_len);
657		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
658		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
659		    msg.scsi.sense_len, M_WAITOK);
660	}
661	ctl_free_io(io);
662}
663
664static void
665ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
666			    union ctl_ha_msg *msg_info)
667{
668	struct ctl_scsiio *ctsio;
669
670	if (msg_info->hdr.original_sc == NULL) {
671		printf("%s: original_sc == NULL!\n", __func__);
672		/* XXX KDM now what? */
673		return;
674	}
675
676	ctsio = &msg_info->hdr.original_sc->scsiio;
677	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
678	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
679	ctsio->io_hdr.status = msg_info->hdr.status;
680	ctsio->scsi_status = msg_info->scsi.scsi_status;
681	ctsio->sense_len = msg_info->scsi.sense_len;
682	ctsio->sense_residual = msg_info->scsi.sense_residual;
683	ctsio->residual = msg_info->scsi.residual;
684	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
685	       msg_info->scsi.sense_len);
686	ctl_enqueue_isc((union ctl_io *)ctsio);
687}
688
689static void
690ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
691				union ctl_ha_msg *msg_info)
692{
693	struct ctl_scsiio *ctsio;
694
695	if (msg_info->hdr.serializing_sc == NULL) {
696		printf("%s: serializing_sc == NULL!\n", __func__);
697		/* XXX KDM now what? */
698		return;
699	}
700
701	ctsio = &msg_info->hdr.serializing_sc->scsiio;
702	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
703	ctl_enqueue_isc((union ctl_io *)ctsio);
704}
705
706void
707ctl_isc_announce_lun(struct ctl_lun *lun)
708{
709	struct ctl_softc *softc = lun->ctl_softc;
710	union ctl_ha_msg *msg;
711	struct ctl_ha_msg_lun_pr_key pr_key;
712	int i, k;
713
714	if (softc->ha_link != CTL_HA_LINK_ONLINE)
715		return;
716	mtx_lock(&lun->lun_lock);
717	i = sizeof(msg->lun);
718	if (lun->lun_devid)
719		i += lun->lun_devid->len;
720	i += sizeof(pr_key) * lun->pr_key_count;
721alloc:
722	mtx_unlock(&lun->lun_lock);
723	msg = malloc(i, M_CTL, M_WAITOK);
724	mtx_lock(&lun->lun_lock);
725	k = sizeof(msg->lun);
726	if (lun->lun_devid)
727		k += lun->lun_devid->len;
728	k += sizeof(pr_key) * lun->pr_key_count;
729	if (i < k) {
730		free(msg, M_CTL);
731		i = k;
732		goto alloc;
733	}
734	bzero(&msg->lun, sizeof(msg->lun));
735	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
736	msg->hdr.nexus.targ_lun = lun->lun;
737	msg->hdr.nexus.targ_mapped_lun = lun->lun;
738	msg->lun.flags = lun->flags;
739	msg->lun.pr_generation = lun->PRGeneration;
740	msg->lun.pr_res_idx = lun->pr_res_idx;
741	msg->lun.pr_res_type = lun->res_type;
742	msg->lun.pr_key_count = lun->pr_key_count;
743	i = 0;
744	if (lun->lun_devid) {
745		msg->lun.lun_devid_len = lun->lun_devid->len;
746		memcpy(&msg->lun.data[i], lun->lun_devid->data,
747		    msg->lun.lun_devid_len);
748		i += msg->lun.lun_devid_len;
749	}
750	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
751		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
752			continue;
753		pr_key.pr_iid = k;
754		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
755		i += sizeof(pr_key);
756	}
757	mtx_unlock(&lun->lun_lock);
758	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
759	    M_WAITOK);
760	free(msg, M_CTL);
761
762	if (lun->flags & CTL_LUN_PRIMARY_SC) {
763		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
764			ctl_isc_announce_mode(lun, -1,
765			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
766			    lun->mode_pages.index[i].subpage);
767		}
768	}
769}
770
771void
772ctl_isc_announce_port(struct ctl_port *port)
773{
774	struct ctl_softc *softc = port->ctl_softc;
775	union ctl_ha_msg *msg;
776	int i;
777
778	if (port->targ_port < softc->port_min ||
779	    port->targ_port >= softc->port_max ||
780	    softc->ha_link != CTL_HA_LINK_ONLINE)
781		return;
782	i = sizeof(msg->port) + strlen(port->port_name) + 1;
783	if (port->lun_map)
784		i += sizeof(uint32_t) * CTL_MAX_LUNS;
785	if (port->port_devid)
786		i += port->port_devid->len;
787	if (port->target_devid)
788		i += port->target_devid->len;
789	if (port->init_devid)
790		i += port->init_devid->len;
791	msg = malloc(i, M_CTL, M_WAITOK);
792	bzero(&msg->port, sizeof(msg->port));
793	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
794	msg->hdr.nexus.targ_port = port->targ_port;
795	msg->port.port_type = port->port_type;
796	msg->port.physical_port = port->physical_port;
797	msg->port.virtual_port = port->virtual_port;
798	msg->port.status = port->status;
799	i = 0;
800	msg->port.name_len = sprintf(&msg->port.data[i],
801	    "%d:%s", softc->ha_id, port->port_name) + 1;
802	i += msg->port.name_len;
803	if (port->lun_map) {
804		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
805		memcpy(&msg->port.data[i], port->lun_map,
806		    msg->port.lun_map_len);
807		i += msg->port.lun_map_len;
808	}
809	if (port->port_devid) {
810		msg->port.port_devid_len = port->port_devid->len;
811		memcpy(&msg->port.data[i], port->port_devid->data,
812		    msg->port.port_devid_len);
813		i += msg->port.port_devid_len;
814	}
815	if (port->target_devid) {
816		msg->port.target_devid_len = port->target_devid->len;
817		memcpy(&msg->port.data[i], port->target_devid->data,
818		    msg->port.target_devid_len);
819		i += msg->port.target_devid_len;
820	}
821	if (port->init_devid) {
822		msg->port.init_devid_len = port->init_devid->len;
823		memcpy(&msg->port.data[i], port->init_devid->data,
824		    msg->port.init_devid_len);
825		i += msg->port.init_devid_len;
826	}
827	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
828	    M_WAITOK);
829	free(msg, M_CTL);
830}
831
832void
833ctl_isc_announce_iid(struct ctl_port *port, int iid)
834{
835	struct ctl_softc *softc = port->ctl_softc;
836	union ctl_ha_msg *msg;
837	int i, l;
838
839	if (port->targ_port < softc->port_min ||
840	    port->targ_port >= softc->port_max ||
841	    softc->ha_link != CTL_HA_LINK_ONLINE)
842		return;
843	mtx_lock(&softc->ctl_lock);
844	i = sizeof(msg->iid);
845	l = 0;
846	if (port->wwpn_iid[iid].name)
847		l = strlen(port->wwpn_iid[iid].name) + 1;
848	i += l;
849	msg = malloc(i, M_CTL, M_NOWAIT);
850	if (msg == NULL) {
851		mtx_unlock(&softc->ctl_lock);
852		return;
853	}
854	bzero(&msg->iid, sizeof(msg->iid));
855	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
856	msg->hdr.nexus.targ_port = port->targ_port;
857	msg->hdr.nexus.initid = iid;
858	msg->iid.in_use = port->wwpn_iid[iid].in_use;
859	msg->iid.name_len = l;
860	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
861	if (port->wwpn_iid[iid].name)
862		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
863	mtx_unlock(&softc->ctl_lock);
864	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
865	free(msg, M_CTL);
866}
867
868void
869ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
870    uint8_t page, uint8_t subpage)
871{
872	struct ctl_softc *softc = lun->ctl_softc;
873	union ctl_ha_msg msg;
874	int i;
875
876	if (softc->ha_link != CTL_HA_LINK_ONLINE)
877		return;
878	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
879		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
880		    page && lun->mode_pages.index[i].subpage == subpage)
881			break;
882	}
883	if (i == CTL_NUM_MODE_PAGES)
884		return;
885	bzero(&msg.mode, sizeof(msg.mode));
886	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
887	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
888	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
889	msg.hdr.nexus.targ_lun = lun->lun;
890	msg.hdr.nexus.targ_mapped_lun = lun->lun;
891	msg.mode.page_code = page;
892	msg.mode.subpage = subpage;
893	msg.mode.page_len = lun->mode_pages.index[i].page_len;
894	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
895	    msg.mode.page_len);
896	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
897	    M_WAITOK);
898}
899
900static void
901ctl_isc_ha_link_up(struct ctl_softc *softc)
902{
903	struct ctl_port *port;
904	struct ctl_lun *lun;
905	union ctl_ha_msg msg;
906	int i;
907
908	/* Announce this node parameters to peer for validation. */
909	msg.login.msg_type = CTL_MSG_LOGIN;
910	msg.login.version = CTL_HA_VERSION;
911	msg.login.ha_mode = softc->ha_mode;
912	msg.login.ha_id = softc->ha_id;
913	msg.login.max_luns = CTL_MAX_LUNS;
914	msg.login.max_ports = CTL_MAX_PORTS;
915	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
916	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
917	    M_WAITOK);
918
919	STAILQ_FOREACH(port, &softc->port_list, links) {
920		ctl_isc_announce_port(port);
921		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
922			if (port->wwpn_iid[i].in_use)
923				ctl_isc_announce_iid(port, i);
924		}
925	}
926	STAILQ_FOREACH(lun, &softc->lun_list, links)
927		ctl_isc_announce_lun(lun);
928}
929
930static void
931ctl_isc_ha_link_down(struct ctl_softc *softc)
932{
933	struct ctl_port *port;
934	struct ctl_lun *lun;
935	union ctl_io *io;
936	int i;
937
938	mtx_lock(&softc->ctl_lock);
939	STAILQ_FOREACH(lun, &softc->lun_list, links) {
940		mtx_lock(&lun->lun_lock);
941		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
942			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
943			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
944		}
945		mtx_unlock(&lun->lun_lock);
946
947		mtx_unlock(&softc->ctl_lock);
948		io = ctl_alloc_io(softc->othersc_pool);
949		mtx_lock(&softc->ctl_lock);
950		ctl_zero_io(io);
951		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
952		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
953		ctl_enqueue_isc(io);
954	}
955
956	STAILQ_FOREACH(port, &softc->port_list, links) {
957		if (port->targ_port >= softc->port_min &&
958		    port->targ_port < softc->port_max)
959			continue;
960		port->status &= ~CTL_PORT_STATUS_ONLINE;
961		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
962			port->wwpn_iid[i].in_use = 0;
963			free(port->wwpn_iid[i].name, M_CTL);
964			port->wwpn_iid[i].name = NULL;
965		}
966	}
967	mtx_unlock(&softc->ctl_lock);
968}
969
970static void
971ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
972{
973	struct ctl_lun *lun;
974	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
975
976	mtx_lock(&softc->ctl_lock);
977	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
978	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
979		mtx_lock(&lun->lun_lock);
980		mtx_unlock(&softc->ctl_lock);
981		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
982		    msg->ua.ua_set)
983			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
984		if (msg->ua.ua_all) {
985			if (msg->ua.ua_set)
986				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
987			else
988				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
989		} else {
990			if (msg->ua.ua_set)
991				ctl_est_ua(lun, iid, msg->ua.ua_type);
992			else
993				ctl_clr_ua(lun, iid, msg->ua.ua_type);
994		}
995		mtx_unlock(&lun->lun_lock);
996	} else
997		mtx_unlock(&softc->ctl_lock);
998}
999
1000static void
1001ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1002{
1003	struct ctl_lun *lun;
1004	struct ctl_ha_msg_lun_pr_key pr_key;
1005	int i, k;
1006	ctl_lun_flags oflags;
1007	uint32_t targ_lun;
1008
1009	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1010	mtx_lock(&softc->ctl_lock);
1011	if ((targ_lun >= CTL_MAX_LUNS) ||
1012	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1013		mtx_unlock(&softc->ctl_lock);
1014		return;
1015	}
1016	mtx_lock(&lun->lun_lock);
1017	mtx_unlock(&softc->ctl_lock);
1018	if (lun->flags & CTL_LUN_DISABLED) {
1019		mtx_unlock(&lun->lun_lock);
1020		return;
1021	}
1022	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1023	if (msg->lun.lun_devid_len != i || (i > 0 &&
1024	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1025		mtx_unlock(&lun->lun_lock);
1026		printf("%s: Received conflicting HA LUN %d\n",
1027		    __func__, msg->hdr.nexus.targ_lun);
1028		return;
1029	} else {
1030		/* Record whether peer is primary. */
1031		oflags = lun->flags;
1032		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1033		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1034			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1035		else
1036			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1037		if (oflags != lun->flags)
1038			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1039
1040		/* If peer is primary and we are not -- use data */
1041		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1042		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1043			lun->PRGeneration = msg->lun.pr_generation;
1044			lun->pr_res_idx = msg->lun.pr_res_idx;
1045			lun->res_type = msg->lun.pr_res_type;
1046			lun->pr_key_count = msg->lun.pr_key_count;
1047			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1048				ctl_clr_prkey(lun, k);
1049			for (k = 0; k < msg->lun.pr_key_count; k++) {
1050				memcpy(&pr_key, &msg->lun.data[i],
1051				    sizeof(pr_key));
1052				ctl_alloc_prkey(lun, pr_key.pr_iid);
1053				ctl_set_prkey(lun, pr_key.pr_iid,
1054				    pr_key.pr_key);
1055				i += sizeof(pr_key);
1056			}
1057		}
1058
1059		mtx_unlock(&lun->lun_lock);
1060		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1061		    __func__, msg->hdr.nexus.targ_lun,
1062		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1063		    "primary" : "secondary"));
1064
1065		/* If we are primary but peer doesn't know -- notify */
1066		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1067		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1068			ctl_isc_announce_lun(lun);
1069	}
1070}
1071
1072static void
1073ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1074{
1075	struct ctl_port *port;
1076	struct ctl_lun *lun;
1077	int i, new;
1078
1079	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1080	if (port == NULL) {
1081		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1082		    msg->hdr.nexus.targ_port));
1083		new = 1;
1084		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1085		port->frontend = &ha_frontend;
1086		port->targ_port = msg->hdr.nexus.targ_port;
1087		port->fe_datamove = ctl_ha_datamove;
1088		port->fe_done = ctl_ha_done;
1089	} else if (port->frontend == &ha_frontend) {
1090		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1091		    msg->hdr.nexus.targ_port));
1092		new = 0;
1093	} else {
1094		printf("%s: Received conflicting HA port %d\n",
1095		    __func__, msg->hdr.nexus.targ_port);
1096		return;
1097	}
1098	port->port_type = msg->port.port_type;
1099	port->physical_port = msg->port.physical_port;
1100	port->virtual_port = msg->port.virtual_port;
1101	port->status = msg->port.status;
1102	i = 0;
1103	free(port->port_name, M_CTL);
1104	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1105	    M_CTL);
1106	i += msg->port.name_len;
1107	if (msg->port.lun_map_len != 0) {
1108		if (port->lun_map == NULL)
1109			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1110			    M_CTL, M_WAITOK);
1111		memcpy(port->lun_map, &msg->port.data[i],
1112		    sizeof(uint32_t) * CTL_MAX_LUNS);
1113		i += msg->port.lun_map_len;
1114	} else {
1115		free(port->lun_map, M_CTL);
1116		port->lun_map = NULL;
1117	}
1118	if (msg->port.port_devid_len != 0) {
1119		if (port->port_devid == NULL ||
1120		    port->port_devid->len != msg->port.port_devid_len) {
1121			free(port->port_devid, M_CTL);
1122			port->port_devid = malloc(sizeof(struct ctl_devid) +
1123			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1124		}
1125		memcpy(port->port_devid->data, &msg->port.data[i],
1126		    msg->port.port_devid_len);
1127		port->port_devid->len = msg->port.port_devid_len;
1128		i += msg->port.port_devid_len;
1129	} else {
1130		free(port->port_devid, M_CTL);
1131		port->port_devid = NULL;
1132	}
1133	if (msg->port.target_devid_len != 0) {
1134		if (port->target_devid == NULL ||
1135		    port->target_devid->len != msg->port.target_devid_len) {
1136			free(port->target_devid, M_CTL);
1137			port->target_devid = malloc(sizeof(struct ctl_devid) +
1138			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1139		}
1140		memcpy(port->target_devid->data, &msg->port.data[i],
1141		    msg->port.target_devid_len);
1142		port->target_devid->len = msg->port.target_devid_len;
1143		i += msg->port.target_devid_len;
1144	} else {
1145		free(port->target_devid, M_CTL);
1146		port->target_devid = NULL;
1147	}
1148	if (msg->port.init_devid_len != 0) {
1149		if (port->init_devid == NULL ||
1150		    port->init_devid->len != msg->port.init_devid_len) {
1151			free(port->init_devid, M_CTL);
1152			port->init_devid = malloc(sizeof(struct ctl_devid) +
1153			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1154		}
1155		memcpy(port->init_devid->data, &msg->port.data[i],
1156		    msg->port.init_devid_len);
1157		port->init_devid->len = msg->port.init_devid_len;
1158		i += msg->port.init_devid_len;
1159	} else {
1160		free(port->init_devid, M_CTL);
1161		port->init_devid = NULL;
1162	}
1163	if (new) {
1164		if (ctl_port_register(port) != 0) {
1165			printf("%s: ctl_port_register() failed with error\n",
1166			    __func__);
1167		}
1168	}
1169	mtx_lock(&softc->ctl_lock);
1170	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1171		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1172			continue;
1173		mtx_lock(&lun->lun_lock);
1174		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1175		mtx_unlock(&lun->lun_lock);
1176	}
1177	mtx_unlock(&softc->ctl_lock);
1178}
1179
1180static void
1181ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1182{
1183	struct ctl_port *port;
1184	int iid;
1185
1186	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1187	if (port == NULL) {
1188		printf("%s: Received IID for unknown port %d\n",
1189		    __func__, msg->hdr.nexus.targ_port);
1190		return;
1191	}
1192	iid = msg->hdr.nexus.initid;
1193	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1194	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1195	free(port->wwpn_iid[iid].name, M_CTL);
1196	if (msg->iid.name_len) {
1197		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1198		    msg->iid.name_len, M_CTL);
1199	} else
1200		port->wwpn_iid[iid].name = NULL;
1201}
1202
1203static void
1204ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1205{
1206
1207	if (msg->login.version != CTL_HA_VERSION) {
1208		printf("CTL HA peers have different versions %d != %d\n",
1209		    msg->login.version, CTL_HA_VERSION);
1210		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1211		return;
1212	}
1213	if (msg->login.ha_mode != softc->ha_mode) {
1214		printf("CTL HA peers have different ha_mode %d != %d\n",
1215		    msg->login.ha_mode, softc->ha_mode);
1216		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1217		return;
1218	}
1219	if (msg->login.ha_id == softc->ha_id) {
1220		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1221		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1222		return;
1223	}
1224	if (msg->login.max_luns != CTL_MAX_LUNS ||
1225	    msg->login.max_ports != CTL_MAX_PORTS ||
1226	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1227		printf("CTL HA peers have different limits\n");
1228		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1229		return;
1230	}
1231}
1232
1233static void
1234ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1235{
1236	struct ctl_lun *lun;
1237	int i;
1238	uint32_t initidx, targ_lun;
1239
1240	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1241	mtx_lock(&softc->ctl_lock);
1242	if ((targ_lun >= CTL_MAX_LUNS) ||
1243	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1244		mtx_unlock(&softc->ctl_lock);
1245		return;
1246	}
1247	mtx_lock(&lun->lun_lock);
1248	mtx_unlock(&softc->ctl_lock);
1249	if (lun->flags & CTL_LUN_DISABLED) {
1250		mtx_unlock(&lun->lun_lock);
1251		return;
1252	}
1253	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1254		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1255		    msg->mode.page_code &&
1256		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1257			break;
1258	}
1259	if (i == CTL_NUM_MODE_PAGES) {
1260		mtx_unlock(&lun->lun_lock);
1261		return;
1262	}
1263	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1264	    lun->mode_pages.index[i].page_len);
1265	initidx = ctl_get_initindex(&msg->hdr.nexus);
1266	if (initidx != -1)
1267		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1268	mtx_unlock(&lun->lun_lock);
1269}
1270
1271/*
1272 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1273 * subsystem come in here.
1274 */
1275static void
1276ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1277{
1278	struct ctl_softc *softc = control_softc;
1279	union ctl_io *io;
1280	struct ctl_prio *presio;
1281	ctl_ha_status isc_status;
1282
1283	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1284	if (event == CTL_HA_EVT_MSG_RECV) {
1285		union ctl_ha_msg *msg, msgbuf;
1286
1287		if (param > sizeof(msgbuf))
1288			msg = malloc(param, M_CTL, M_WAITOK);
1289		else
1290			msg = &msgbuf;
1291		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1292		    M_WAITOK);
1293		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1294			printf("%s: Error receiving message: %d\n",
1295			    __func__, isc_status);
1296			if (msg != &msgbuf)
1297				free(msg, M_CTL);
1298			return;
1299		}
1300
1301		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1302		switch (msg->hdr.msg_type) {
1303		case CTL_MSG_SERIALIZE:
1304			io = ctl_alloc_io(softc->othersc_pool);
1305			ctl_zero_io(io);
1306			// populate ctsio from msg
1307			io->io_hdr.io_type = CTL_IO_SCSI;
1308			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1309			io->io_hdr.original_sc = msg->hdr.original_sc;
1310			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1311					    CTL_FLAG_IO_ACTIVE;
1312			/*
1313			 * If we're in serialization-only mode, we don't
1314			 * want to go through full done processing.  Thus
1315			 * the COPY flag.
1316			 *
1317			 * XXX KDM add another flag that is more specific.
1318			 */
1319			if (softc->ha_mode != CTL_HA_MODE_XFER)
1320				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1321			io->io_hdr.nexus = msg->hdr.nexus;
1322#if 0
1323			printf("port %u, iid %u, lun %u\n",
1324			       io->io_hdr.nexus.targ_port,
1325			       io->io_hdr.nexus.initid,
1326			       io->io_hdr.nexus.targ_lun);
1327#endif
1328			io->scsiio.tag_num = msg->scsi.tag_num;
1329			io->scsiio.tag_type = msg->scsi.tag_type;
1330#ifdef CTL_TIME_IO
1331			io->io_hdr.start_time = time_uptime;
1332			getbintime(&io->io_hdr.start_bt);
1333#endif /* CTL_TIME_IO */
1334			io->scsiio.cdb_len = msg->scsi.cdb_len;
1335			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1336			       CTL_MAX_CDBLEN);
1337			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1338				const struct ctl_cmd_entry *entry;
1339
1340				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1341				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1342				io->io_hdr.flags |=
1343					entry->flags & CTL_FLAG_DATA_MASK;
1344			}
1345			ctl_enqueue_isc(io);
1346			break;
1347
1348		/* Performed on the Originating SC, XFER mode only */
1349		case CTL_MSG_DATAMOVE: {
1350			struct ctl_sg_entry *sgl;
1351			int i, j;
1352
1353			io = msg->hdr.original_sc;
1354			if (io == NULL) {
1355				printf("%s: original_sc == NULL!\n", __func__);
1356				/* XXX KDM do something here */
1357				break;
1358			}
1359			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1360			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1361			/*
1362			 * Keep track of this, we need to send it back over
1363			 * when the datamove is complete.
1364			 */
1365			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1366			if (msg->hdr.status == CTL_SUCCESS)
1367				io->io_hdr.status = msg->hdr.status;
1368
1369			if (msg->dt.sg_sequence == 0) {
1370				i = msg->dt.kern_sg_entries +
1371				    msg->dt.kern_data_len /
1372				    CTL_HA_DATAMOVE_SEGMENT + 1;
1373				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1374				    M_WAITOK | M_ZERO);
1375				io->io_hdr.remote_sglist = sgl;
1376				io->io_hdr.local_sglist =
1377				    &sgl[msg->dt.kern_sg_entries];
1378
1379				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1380
1381				io->scsiio.kern_sg_entries =
1382					msg->dt.kern_sg_entries;
1383				io->scsiio.rem_sg_entries =
1384					msg->dt.kern_sg_entries;
1385				io->scsiio.kern_data_len =
1386					msg->dt.kern_data_len;
1387				io->scsiio.kern_total_len =
1388					msg->dt.kern_total_len;
1389				io->scsiio.kern_data_resid =
1390					msg->dt.kern_data_resid;
1391				io->scsiio.kern_rel_offset =
1392					msg->dt.kern_rel_offset;
1393				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1394				io->io_hdr.flags |= msg->dt.flags &
1395				    CTL_FLAG_BUS_ADDR;
1396			} else
1397				sgl = (struct ctl_sg_entry *)
1398					io->scsiio.kern_data_ptr;
1399
1400			for (i = msg->dt.sent_sg_entries, j = 0;
1401			     i < (msg->dt.sent_sg_entries +
1402			     msg->dt.cur_sg_entries); i++, j++) {
1403				sgl[i].addr = msg->dt.sg_list[j].addr;
1404				sgl[i].len = msg->dt.sg_list[j].len;
1405
1406#if 0
1407				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1408				    __func__, sgl[i].addr, sgl[i].len, j, i);
1409#endif
1410			}
1411
1412			/*
1413			 * If this is the last piece of the I/O, we've got
1414			 * the full S/G list.  Queue processing in the thread.
1415			 * Otherwise wait for the next piece.
1416			 */
1417			if (msg->dt.sg_last != 0)
1418				ctl_enqueue_isc(io);
1419			break;
1420		}
1421		/* Performed on the Serializing (primary) SC, XFER mode only */
1422		case CTL_MSG_DATAMOVE_DONE: {
1423			if (msg->hdr.serializing_sc == NULL) {
1424				printf("%s: serializing_sc == NULL!\n",
1425				       __func__);
1426				/* XXX KDM now what? */
1427				break;
1428			}
1429			/*
1430			 * We grab the sense information here in case
1431			 * there was a failure, so we can return status
1432			 * back to the initiator.
1433			 */
1434			io = msg->hdr.serializing_sc;
1435			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1436			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1437			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1438			io->io_hdr.port_status = msg->scsi.fetd_status;
1439			io->scsiio.residual = msg->scsi.residual;
1440			if (msg->hdr.status != CTL_STATUS_NONE) {
1441				io->io_hdr.status = msg->hdr.status;
1442				io->scsiio.scsi_status = msg->scsi.scsi_status;
1443				io->scsiio.sense_len = msg->scsi.sense_len;
1444				io->scsiio.sense_residual =msg->scsi.sense_residual;
1445				memcpy(&io->scsiio.sense_data,
1446				    &msg->scsi.sense_data,
1447				    msg->scsi.sense_len);
1448				if (msg->hdr.status == CTL_SUCCESS)
1449					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1450			}
1451			ctl_enqueue_isc(io);
1452			break;
1453		}
1454
1455		/* Preformed on Originating SC, SER_ONLY mode */
1456		case CTL_MSG_R2R:
1457			io = msg->hdr.original_sc;
1458			if (io == NULL) {
1459				printf("%s: original_sc == NULL!\n",
1460				    __func__);
1461				break;
1462			}
1463			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1464			io->io_hdr.msg_type = CTL_MSG_R2R;
1465			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1466			ctl_enqueue_isc(io);
1467			break;
1468
1469		/*
1470		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1471		 * mode.
1472		 * Performed on the Originating (i.e. secondary) SC in XFER
1473		 * mode
1474		 */
1475		case CTL_MSG_FINISH_IO:
1476			if (softc->ha_mode == CTL_HA_MODE_XFER)
1477				ctl_isc_handler_finish_xfer(softc, msg);
1478			else
1479				ctl_isc_handler_finish_ser_only(softc, msg);
1480			break;
1481
1482		/* Preformed on Originating SC */
1483		case CTL_MSG_BAD_JUJU:
1484			io = msg->hdr.original_sc;
1485			if (io == NULL) {
1486				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1487				       __func__);
1488				break;
1489			}
1490			ctl_copy_sense_data(msg, io);
1491			/*
1492			 * IO should have already been cleaned up on other
1493			 * SC so clear this flag so we won't send a message
1494			 * back to finish the IO there.
1495			 */
1496			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1497			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1498
1499			/* io = msg->hdr.serializing_sc; */
1500			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1501			ctl_enqueue_isc(io);
1502			break;
1503
1504		/* Handle resets sent from the other side */
1505		case CTL_MSG_MANAGE_TASKS: {
1506			struct ctl_taskio *taskio;
1507			taskio = (struct ctl_taskio *)ctl_alloc_io(
1508			    softc->othersc_pool);
1509			ctl_zero_io((union ctl_io *)taskio);
1510			taskio->io_hdr.io_type = CTL_IO_TASK;
1511			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1512			taskio->io_hdr.nexus = msg->hdr.nexus;
1513			taskio->task_action = msg->task.task_action;
1514			taskio->tag_num = msg->task.tag_num;
1515			taskio->tag_type = msg->task.tag_type;
1516#ifdef CTL_TIME_IO
1517			taskio->io_hdr.start_time = time_uptime;
1518			getbintime(&taskio->io_hdr.start_bt);
1519#endif /* CTL_TIME_IO */
1520			ctl_run_task((union ctl_io *)taskio);
1521			break;
1522		}
1523		/* Persistent Reserve action which needs attention */
1524		case CTL_MSG_PERS_ACTION:
1525			presio = (struct ctl_prio *)ctl_alloc_io(
1526			    softc->othersc_pool);
1527			ctl_zero_io((union ctl_io *)presio);
1528			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1529			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1530			presio->io_hdr.nexus = msg->hdr.nexus;
1531			presio->pr_msg = msg->pr;
1532			ctl_enqueue_isc((union ctl_io *)presio);
1533			break;
1534		case CTL_MSG_UA:
1535			ctl_isc_ua(softc, msg, param);
1536			break;
1537		case CTL_MSG_PORT_SYNC:
1538			ctl_isc_port_sync(softc, msg, param);
1539			break;
1540		case CTL_MSG_LUN_SYNC:
1541			ctl_isc_lun_sync(softc, msg, param);
1542			break;
1543		case CTL_MSG_IID_SYNC:
1544			ctl_isc_iid_sync(softc, msg, param);
1545			break;
1546		case CTL_MSG_LOGIN:
1547			ctl_isc_login(softc, msg, param);
1548			break;
1549		case CTL_MSG_MODE_SYNC:
1550			ctl_isc_mode_sync(softc, msg, param);
1551			break;
1552		default:
1553			printf("Received HA message of unknown type %d\n",
1554			    msg->hdr.msg_type);
1555			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1556			break;
1557		}
1558		if (msg != &msgbuf)
1559			free(msg, M_CTL);
1560	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1561		printf("CTL: HA link status changed from %d to %d\n",
1562		    softc->ha_link, param);
1563		if (param == softc->ha_link)
1564			return;
1565		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1566			softc->ha_link = param;
1567			ctl_isc_ha_link_down(softc);
1568		} else {
1569			softc->ha_link = param;
1570			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1571				ctl_isc_ha_link_up(softc);
1572		}
1573		return;
1574	} else {
1575		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1576		return;
1577	}
1578}
1579
1580static void
1581ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1582{
1583
1584	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1585	    src->scsi.sense_len);
1586	dest->scsiio.scsi_status = src->scsi.scsi_status;
1587	dest->scsiio.sense_len = src->scsi.sense_len;
1588	dest->io_hdr.status = src->hdr.status;
1589}
1590
1591static void
1592ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1593{
1594
1595	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1596	    src->scsiio.sense_len);
1597	dest->scsi.scsi_status = src->scsiio.scsi_status;
1598	dest->scsi.sense_len = src->scsiio.sense_len;
1599	dest->hdr.status = src->io_hdr.status;
1600}
1601
1602void
1603ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1604{
1605	struct ctl_softc *softc = lun->ctl_softc;
1606	ctl_ua_type *pu;
1607
1608	if (initidx < softc->init_min || initidx >= softc->init_max)
1609		return;
1610	mtx_assert(&lun->lun_lock, MA_OWNED);
1611	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1612	if (pu == NULL)
1613		return;
1614	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1615}
1616
1617void
1618ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1619{
1620	int i;
1621
1622	mtx_assert(&lun->lun_lock, MA_OWNED);
1623	if (lun->pending_ua[port] == NULL)
1624		return;
1625	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1626		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1627			continue;
1628		lun->pending_ua[port][i] |= ua;
1629	}
1630}
1631
1632void
1633ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1634{
1635	struct ctl_softc *softc = lun->ctl_softc;
1636	int i;
1637
1638	mtx_assert(&lun->lun_lock, MA_OWNED);
1639	for (i = softc->port_min; i < softc->port_max; i++)
1640		ctl_est_ua_port(lun, i, except, ua);
1641}
1642
1643void
1644ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1645{
1646	struct ctl_softc *softc = lun->ctl_softc;
1647	ctl_ua_type *pu;
1648
1649	if (initidx < softc->init_min || initidx >= softc->init_max)
1650		return;
1651	mtx_assert(&lun->lun_lock, MA_OWNED);
1652	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1653	if (pu == NULL)
1654		return;
1655	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1656}
1657
1658void
1659ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1660{
1661	struct ctl_softc *softc = lun->ctl_softc;
1662	int i, j;
1663
1664	mtx_assert(&lun->lun_lock, MA_OWNED);
1665	for (i = softc->port_min; i < softc->port_max; i++) {
1666		if (lun->pending_ua[i] == NULL)
1667			continue;
1668		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1669			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1670				continue;
1671			lun->pending_ua[i][j] &= ~ua;
1672		}
1673	}
1674}
1675
1676void
1677ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1678    ctl_ua_type ua_type)
1679{
1680	struct ctl_lun *lun;
1681
1682	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1683	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1684		mtx_lock(&lun->lun_lock);
1685		ctl_clr_ua(lun, initidx, ua_type);
1686		mtx_unlock(&lun->lun_lock);
1687	}
1688}
1689
1690static int
1691ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1692{
1693	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1694	struct ctl_lun *lun;
1695	struct ctl_lun_req ireq;
1696	int error, value;
1697
1698	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1699	error = sysctl_handle_int(oidp, &value, 0, req);
1700	if ((error != 0) || (req->newptr == NULL))
1701		return (error);
1702
1703	mtx_lock(&softc->ctl_lock);
1704	if (value == 0)
1705		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1706	else
1707		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1708	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1709		mtx_unlock(&softc->ctl_lock);
1710		bzero(&ireq, sizeof(ireq));
1711		ireq.reqtype = CTL_LUNREQ_MODIFY;
1712		ireq.reqdata.modify.lun_id = lun->lun;
1713		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1714		    curthread);
1715		if (ireq.status != CTL_LUN_OK) {
1716			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1717			    __func__, ireq.status, ireq.error_str);
1718		}
1719		mtx_lock(&softc->ctl_lock);
1720	}
1721	mtx_unlock(&softc->ctl_lock);
1722	return (0);
1723}
1724
1725static int
1726ctl_init(void)
1727{
1728	struct ctl_softc *softc;
1729	void *other_pool;
1730	int i, error, retval;
1731
1732	retval = 0;
1733	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1734			       M_WAITOK | M_ZERO);
1735
1736	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1737			      "cam/ctl");
1738	softc->dev->si_drv1 = softc;
1739
1740	sysctl_ctx_init(&softc->sysctl_ctx);
1741	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1742		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1743		CTLFLAG_RD, 0, "CAM Target Layer");
1744
1745	if (softc->sysctl_tree == NULL) {
1746		printf("%s: unable to allocate sysctl tree\n", __func__);
1747		destroy_dev(softc->dev);
1748		free(control_softc, M_DEVBUF);
1749		control_softc = NULL;
1750		return (ENOMEM);
1751	}
1752
1753	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1754	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1755	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1756	softc->open_count = 0;
1757
1758	/*
1759	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1760	 * the drive.
1761	 */
1762	softc->flags = CTL_FLAG_REAL_SYNC;
1763
1764	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1765	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1766	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1767
1768	/*
1769	 * In Copan's HA scheme, the "master" and "slave" roles are
1770	 * figured out through the slot the controller is in.  Although it
1771	 * is an active/active system, someone has to be in charge.
1772	 */
1773	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1774	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1775	    "HA head ID (0 - no HA)");
1776	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1777		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1778		softc->is_single = 1;
1779		softc->port_cnt = CTL_MAX_PORTS;
1780		softc->port_min = 0;
1781	} else {
1782		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1783		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1784	}
1785	softc->port_max = softc->port_min + softc->port_cnt;
1786	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1787	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1788
1789	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1790	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1791	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1792
1793	STAILQ_INIT(&softc->lun_list);
1794	STAILQ_INIT(&softc->pending_lun_queue);
1795	STAILQ_INIT(&softc->fe_list);
1796	STAILQ_INIT(&softc->port_list);
1797	STAILQ_INIT(&softc->be_list);
1798	ctl_tpc_init(softc);
1799
1800	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1801	                    &other_pool) != 0)
1802	{
1803		printf("ctl: can't allocate %d entry other SC pool, "
1804		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1805		return (ENOMEM);
1806	}
1807	softc->othersc_pool = other_pool;
1808
1809	if (worker_threads <= 0)
1810		worker_threads = max(1, mp_ncpus / 4);
1811	if (worker_threads > CTL_MAX_THREADS)
1812		worker_threads = CTL_MAX_THREADS;
1813
1814	for (i = 0; i < worker_threads; i++) {
1815		struct ctl_thread *thr = &softc->threads[i];
1816
1817		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1818		thr->ctl_softc = softc;
1819		STAILQ_INIT(&thr->incoming_queue);
1820		STAILQ_INIT(&thr->rtr_queue);
1821		STAILQ_INIT(&thr->done_queue);
1822		STAILQ_INIT(&thr->isc_queue);
1823
1824		error = kproc_kthread_add(ctl_work_thread, thr,
1825		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1826		if (error != 0) {
1827			printf("error creating CTL work thread!\n");
1828			ctl_pool_free(other_pool);
1829			return (error);
1830		}
1831	}
1832	error = kproc_kthread_add(ctl_lun_thread, softc,
1833	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1834	if (error != 0) {
1835		printf("error creating CTL lun thread!\n");
1836		ctl_pool_free(other_pool);
1837		return (error);
1838	}
1839	error = kproc_kthread_add(ctl_thresh_thread, softc,
1840	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1841	if (error != 0) {
1842		printf("error creating CTL threshold thread!\n");
1843		ctl_pool_free(other_pool);
1844		return (error);
1845	}
1846
1847	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1848	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1849	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1850
1851	if (softc->is_single == 0) {
1852		ctl_frontend_register(&ha_frontend);
1853		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1854			printf("ctl_init: ctl_ha_msg_init failed.\n");
1855			softc->is_single = 1;
1856		} else
1857		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1858		    != CTL_HA_STATUS_SUCCESS) {
1859			printf("ctl_init: ctl_ha_msg_register failed.\n");
1860			softc->is_single = 1;
1861		}
1862	}
1863	return (0);
1864}
1865
1866void
1867ctl_shutdown(void)
1868{
1869	struct ctl_softc *softc = control_softc;
1870	struct ctl_lun *lun, *next_lun;
1871
1872	if (softc->is_single == 0) {
1873		ctl_ha_msg_shutdown(softc);
1874		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1875		    != CTL_HA_STATUS_SUCCESS)
1876			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1877		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1878			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1879		ctl_frontend_deregister(&ha_frontend);
1880	}
1881
1882	mtx_lock(&softc->ctl_lock);
1883
1884	/*
1885	 * Free up each LUN.
1886	 */
1887	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1888		next_lun = STAILQ_NEXT(lun, links);
1889		ctl_free_lun(lun);
1890	}
1891
1892	mtx_unlock(&softc->ctl_lock);
1893
1894#if 0
1895	ctl_shutdown_thread(softc->work_thread);
1896	mtx_destroy(&softc->queue_lock);
1897#endif
1898
1899	ctl_tpc_shutdown(softc);
1900	uma_zdestroy(softc->io_zone);
1901	mtx_destroy(&softc->ctl_lock);
1902
1903	destroy_dev(softc->dev);
1904
1905	sysctl_ctx_free(&softc->sysctl_ctx);
1906
1907	free(control_softc, M_DEVBUF);
1908	control_softc = NULL;
1909}
1910
1911static int
1912ctl_module_event_handler(module_t mod, int what, void *arg)
1913{
1914
1915	switch (what) {
1916	case MOD_LOAD:
1917		return (ctl_init());
1918	case MOD_UNLOAD:
1919		return (EBUSY);
1920	default:
1921		return (EOPNOTSUPP);
1922	}
1923}
1924
1925/*
1926 * XXX KDM should we do some access checks here?  Bump a reference count to
1927 * prevent a CTL module from being unloaded while someone has it open?
1928 */
1929static int
1930ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1931{
1932	return (0);
1933}
1934
1935static int
1936ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1937{
1938	return (0);
1939}
1940
1941/*
1942 * Remove an initiator by port number and initiator ID.
1943 * Returns 0 for success, -1 for failure.
1944 */
1945int
1946ctl_remove_initiator(struct ctl_port *port, int iid)
1947{
1948	struct ctl_softc *softc = port->ctl_softc;
1949
1950	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1951
1952	if (iid > CTL_MAX_INIT_PER_PORT) {
1953		printf("%s: initiator ID %u > maximun %u!\n",
1954		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1955		return (-1);
1956	}
1957
1958	mtx_lock(&softc->ctl_lock);
1959	port->wwpn_iid[iid].in_use--;
1960	port->wwpn_iid[iid].last_use = time_uptime;
1961	mtx_unlock(&softc->ctl_lock);
1962	ctl_isc_announce_iid(port, iid);
1963
1964	return (0);
1965}
1966
1967/*
1968 * Add an initiator to the initiator map.
1969 * Returns iid for success, < 0 for failure.
1970 */
1971int
1972ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1973{
1974	struct ctl_softc *softc = port->ctl_softc;
1975	time_t best_time;
1976	int i, best;
1977
1978	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1979
1980	if (iid >= CTL_MAX_INIT_PER_PORT) {
1981		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1982		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1983		free(name, M_CTL);
1984		return (-1);
1985	}
1986
1987	mtx_lock(&softc->ctl_lock);
1988
1989	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1990		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1991			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1992				iid = i;
1993				break;
1994			}
1995			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1996			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1997				iid = i;
1998				break;
1999			}
2000		}
2001	}
2002
2003	if (iid < 0) {
2004		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2005			if (port->wwpn_iid[i].in_use == 0 &&
2006			    port->wwpn_iid[i].wwpn == 0 &&
2007			    port->wwpn_iid[i].name == NULL) {
2008				iid = i;
2009				break;
2010			}
2011		}
2012	}
2013
2014	if (iid < 0) {
2015		best = -1;
2016		best_time = INT32_MAX;
2017		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2018			if (port->wwpn_iid[i].in_use == 0) {
2019				if (port->wwpn_iid[i].last_use < best_time) {
2020					best = i;
2021					best_time = port->wwpn_iid[i].last_use;
2022				}
2023			}
2024		}
2025		iid = best;
2026	}
2027
2028	if (iid < 0) {
2029		mtx_unlock(&softc->ctl_lock);
2030		free(name, M_CTL);
2031		return (-2);
2032	}
2033
2034	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2035		/*
2036		 * This is not an error yet.
2037		 */
2038		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2039#if 0
2040			printf("%s: port %d iid %u WWPN %#jx arrived"
2041			    " again\n", __func__, port->targ_port,
2042			    iid, (uintmax_t)wwpn);
2043#endif
2044			goto take;
2045		}
2046		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2047		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2048#if 0
2049			printf("%s: port %d iid %u name '%s' arrived"
2050			    " again\n", __func__, port->targ_port,
2051			    iid, name);
2052#endif
2053			goto take;
2054		}
2055
2056		/*
2057		 * This is an error, but what do we do about it?  The
2058		 * driver is telling us we have a new WWPN for this
2059		 * initiator ID, so we pretty much need to use it.
2060		 */
2061		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2062		    " but WWPN %#jx '%s' is still at that address\n",
2063		    __func__, port->targ_port, iid, wwpn, name,
2064		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2065		    port->wwpn_iid[iid].name);
2066
2067		/*
2068		 * XXX KDM clear have_ca and ua_pending on each LUN for
2069		 * this initiator.
2070		 */
2071	}
2072take:
2073	free(port->wwpn_iid[iid].name, M_CTL);
2074	port->wwpn_iid[iid].name = name;
2075	port->wwpn_iid[iid].wwpn = wwpn;
2076	port->wwpn_iid[iid].in_use++;
2077	mtx_unlock(&softc->ctl_lock);
2078	ctl_isc_announce_iid(port, iid);
2079
2080	return (iid);
2081}
2082
2083static int
2084ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2085{
2086	int len;
2087
2088	switch (port->port_type) {
2089	case CTL_PORT_FC:
2090	{
2091		struct scsi_transportid_fcp *id =
2092		    (struct scsi_transportid_fcp *)buf;
2093		if (port->wwpn_iid[iid].wwpn == 0)
2094			return (0);
2095		memset(id, 0, sizeof(*id));
2096		id->format_protocol = SCSI_PROTO_FC;
2097		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2098		return (sizeof(*id));
2099	}
2100	case CTL_PORT_ISCSI:
2101	{
2102		struct scsi_transportid_iscsi_port *id =
2103		    (struct scsi_transportid_iscsi_port *)buf;
2104		if (port->wwpn_iid[iid].name == NULL)
2105			return (0);
2106		memset(id, 0, 256);
2107		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2108		    SCSI_PROTO_ISCSI;
2109		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2110		len = roundup2(min(len, 252), 4);
2111		scsi_ulto2b(len, id->additional_length);
2112		return (sizeof(*id) + len);
2113	}
2114	case CTL_PORT_SAS:
2115	{
2116		struct scsi_transportid_sas *id =
2117		    (struct scsi_transportid_sas *)buf;
2118		if (port->wwpn_iid[iid].wwpn == 0)
2119			return (0);
2120		memset(id, 0, sizeof(*id));
2121		id->format_protocol = SCSI_PROTO_SAS;
2122		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2123		return (sizeof(*id));
2124	}
2125	default:
2126	{
2127		struct scsi_transportid_spi *id =
2128		    (struct scsi_transportid_spi *)buf;
2129		memset(id, 0, sizeof(*id));
2130		id->format_protocol = SCSI_PROTO_SPI;
2131		scsi_ulto2b(iid, id->scsi_addr);
2132		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2133		return (sizeof(*id));
2134	}
2135	}
2136}
2137
2138/*
2139 * Serialize a command that went down the "wrong" side, and so was sent to
2140 * this controller for execution.  The logic is a little different than the
2141 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2142 * sent back to the other side, but in the success case, we execute the
2143 * command on this side (XFER mode) or tell the other side to execute it
2144 * (SER_ONLY mode).
2145 */
2146static int
2147ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2148{
2149	struct ctl_softc *softc = control_softc;
2150	union ctl_ha_msg msg_info;
2151	struct ctl_port *port;
2152	struct ctl_lun *lun;
2153	const struct ctl_cmd_entry *entry;
2154	int retval = 0;
2155	uint32_t targ_lun;
2156
2157	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2158	mtx_lock(&softc->ctl_lock);
2159
2160	/* Make sure that we know about this port. */
2161	port = ctl_io_port(&ctsio->io_hdr);
2162	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2163		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2164					 /*retry_count*/ 1);
2165		goto badjuju;
2166	}
2167
2168	/* Make sure that we know about this LUN. */
2169	if ((targ_lun < CTL_MAX_LUNS) &&
2170	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2171		mtx_lock(&lun->lun_lock);
2172		mtx_unlock(&softc->ctl_lock);
2173		/*
2174		 * If the LUN is invalid, pretend that it doesn't exist.
2175		 * It will go away as soon as all pending I/O has been
2176		 * completed.
2177		 */
2178		if (lun->flags & CTL_LUN_DISABLED) {
2179			mtx_unlock(&lun->lun_lock);
2180			lun = NULL;
2181		}
2182	} else {
2183		mtx_unlock(&softc->ctl_lock);
2184		lun = NULL;
2185	}
2186	if (lun == NULL) {
2187		/*
2188		 * The other node would not send this request to us unless
2189		 * received announce that we are primary node for this LUN.
2190		 * If this LUN does not exist now, it is probably result of
2191		 * a race, so respond to initiator in the most opaque way.
2192		 */
2193		ctl_set_busy(ctsio);
2194		goto badjuju;
2195	}
2196
2197	entry = ctl_get_cmd_entry(ctsio, NULL);
2198	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2199		mtx_unlock(&lun->lun_lock);
2200		goto badjuju;
2201	}
2202
2203	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2204	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2205
2206	/*
2207	 * Every I/O goes into the OOA queue for a
2208	 * particular LUN, and stays there until completion.
2209	 */
2210#ifdef CTL_TIME_IO
2211	if (TAILQ_EMPTY(&lun->ooa_queue))
2212		lun->idle_time += getsbinuptime() - lun->last_busy;
2213#endif
2214	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2215
2216	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2217		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2218		 ooa_links))) {
2219	case CTL_ACTION_BLOCK:
2220		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2221		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2222				  blocked_links);
2223		mtx_unlock(&lun->lun_lock);
2224		break;
2225	case CTL_ACTION_PASS:
2226	case CTL_ACTION_SKIP:
2227		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2228			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2229			ctl_enqueue_rtr((union ctl_io *)ctsio);
2230			mtx_unlock(&lun->lun_lock);
2231		} else {
2232			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2233			mtx_unlock(&lun->lun_lock);
2234
2235			/* send msg back to other side */
2236			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2237			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2238			msg_info.hdr.msg_type = CTL_MSG_R2R;
2239			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2240			    sizeof(msg_info.hdr), M_WAITOK);
2241		}
2242		break;
2243	case CTL_ACTION_OVERLAP:
2244		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2245		mtx_unlock(&lun->lun_lock);
2246		ctl_set_overlapped_cmd(ctsio);
2247		goto badjuju;
2248	case CTL_ACTION_OVERLAP_TAG:
2249		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2250		mtx_unlock(&lun->lun_lock);
2251		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2252		goto badjuju;
2253	case CTL_ACTION_ERROR:
2254	default:
2255		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2256		mtx_unlock(&lun->lun_lock);
2257
2258		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2259					 /*retry_count*/ 0);
2260badjuju:
2261		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2262		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2263		msg_info.hdr.serializing_sc = NULL;
2264		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2265		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2266		    sizeof(msg_info.scsi), M_WAITOK);
2267		retval = 1;
2268		break;
2269	}
2270	return (retval);
2271}
2272
2273/*
2274 * Returns 0 for success, errno for failure.
2275 */
2276static int
2277ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2278		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2279{
2280	union ctl_io *io;
2281	int retval;
2282
2283	retval = 0;
2284
2285	mtx_lock(&lun->lun_lock);
2286	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2287	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2288	     ooa_links)) {
2289		struct ctl_ooa_entry *entry;
2290
2291		/*
2292		 * If we've got more than we can fit, just count the
2293		 * remaining entries.
2294		 */
2295		if (*cur_fill_num >= ooa_hdr->alloc_num)
2296			continue;
2297
2298		entry = &kern_entries[*cur_fill_num];
2299
2300		entry->tag_num = io->scsiio.tag_num;
2301		entry->lun_num = lun->lun;
2302#ifdef CTL_TIME_IO
2303		entry->start_bt = io->io_hdr.start_bt;
2304#endif
2305		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2306		entry->cdb_len = io->scsiio.cdb_len;
2307		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2308			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2309
2310		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2311			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2312
2313		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2314			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2315
2316		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2317			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2318
2319		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2320			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2321	}
2322	mtx_unlock(&lun->lun_lock);
2323
2324	return (retval);
2325}
2326
2327static void *
2328ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2329		 size_t error_str_len)
2330{
2331	void *kptr;
2332
2333	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2334
2335	if (copyin(user_addr, kptr, len) != 0) {
2336		snprintf(error_str, error_str_len, "Error copying %d bytes "
2337			 "from user address %p to kernel address %p", len,
2338			 user_addr, kptr);
2339		free(kptr, M_CTL);
2340		return (NULL);
2341	}
2342
2343	return (kptr);
2344}
2345
2346static void
2347ctl_free_args(int num_args, struct ctl_be_arg *args)
2348{
2349	int i;
2350
2351	if (args == NULL)
2352		return;
2353
2354	for (i = 0; i < num_args; i++) {
2355		free(args[i].kname, M_CTL);
2356		free(args[i].kvalue, M_CTL);
2357	}
2358
2359	free(args, M_CTL);
2360}
2361
2362static struct ctl_be_arg *
2363ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2364		char *error_str, size_t error_str_len)
2365{
2366	struct ctl_be_arg *args;
2367	int i;
2368
2369	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2370				error_str, error_str_len);
2371
2372	if (args == NULL)
2373		goto bailout;
2374
2375	for (i = 0; i < num_args; i++) {
2376		args[i].kname = NULL;
2377		args[i].kvalue = NULL;
2378	}
2379
2380	for (i = 0; i < num_args; i++) {
2381		uint8_t *tmpptr;
2382
2383		args[i].kname = ctl_copyin_alloc(args[i].name,
2384			args[i].namelen, error_str, error_str_len);
2385		if (args[i].kname == NULL)
2386			goto bailout;
2387
2388		if (args[i].kname[args[i].namelen - 1] != '\0') {
2389			snprintf(error_str, error_str_len, "Argument %d "
2390				 "name is not NUL-terminated", i);
2391			goto bailout;
2392		}
2393
2394		if (args[i].flags & CTL_BEARG_RD) {
2395			tmpptr = ctl_copyin_alloc(args[i].value,
2396				args[i].vallen, error_str, error_str_len);
2397			if (tmpptr == NULL)
2398				goto bailout;
2399			if ((args[i].flags & CTL_BEARG_ASCII)
2400			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2401				snprintf(error_str, error_str_len, "Argument "
2402				    "%d value is not NUL-terminated", i);
2403				goto bailout;
2404			}
2405			args[i].kvalue = tmpptr;
2406		} else {
2407			args[i].kvalue = malloc(args[i].vallen,
2408			    M_CTL, M_WAITOK | M_ZERO);
2409		}
2410	}
2411
2412	return (args);
2413bailout:
2414
2415	ctl_free_args(num_args, args);
2416
2417	return (NULL);
2418}
2419
2420static void
2421ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2422{
2423	int i;
2424
2425	for (i = 0; i < num_args; i++) {
2426		if (args[i].flags & CTL_BEARG_WR)
2427			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2428	}
2429}
2430
2431/*
2432 * Escape characters that are illegal or not recommended in XML.
2433 */
2434int
2435ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2436{
2437	char *end = str + size;
2438	int retval;
2439
2440	retval = 0;
2441
2442	for (; *str && str < end; str++) {
2443		switch (*str) {
2444		case '&':
2445			retval = sbuf_printf(sb, "&amp;");
2446			break;
2447		case '>':
2448			retval = sbuf_printf(sb, "&gt;");
2449			break;
2450		case '<':
2451			retval = sbuf_printf(sb, "&lt;");
2452			break;
2453		default:
2454			retval = sbuf_putc(sb, *str);
2455			break;
2456		}
2457
2458		if (retval != 0)
2459			break;
2460
2461	}
2462
2463	return (retval);
2464}
2465
2466static void
2467ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2468{
2469	struct scsi_vpd_id_descriptor *desc;
2470	int i;
2471
2472	if (id == NULL || id->len < 4)
2473		return;
2474	desc = (struct scsi_vpd_id_descriptor *)id->data;
2475	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2476	case SVPD_ID_TYPE_T10:
2477		sbuf_printf(sb, "t10.");
2478		break;
2479	case SVPD_ID_TYPE_EUI64:
2480		sbuf_printf(sb, "eui.");
2481		break;
2482	case SVPD_ID_TYPE_NAA:
2483		sbuf_printf(sb, "naa.");
2484		break;
2485	case SVPD_ID_TYPE_SCSI_NAME:
2486		break;
2487	}
2488	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2489	case SVPD_ID_CODESET_BINARY:
2490		for (i = 0; i < desc->length; i++)
2491			sbuf_printf(sb, "%02x", desc->identifier[i]);
2492		break;
2493	case SVPD_ID_CODESET_ASCII:
2494		sbuf_printf(sb, "%.*s", (int)desc->length,
2495		    (char *)desc->identifier);
2496		break;
2497	case SVPD_ID_CODESET_UTF8:
2498		sbuf_printf(sb, "%s", (char *)desc->identifier);
2499		break;
2500	}
2501}
2502
2503static int
2504ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2505	  struct thread *td)
2506{
2507	struct ctl_softc *softc = dev->si_drv1;
2508	struct ctl_lun *lun;
2509	int retval;
2510
2511	retval = 0;
2512
2513	switch (cmd) {
2514	case CTL_IO:
2515		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2516		break;
2517	case CTL_ENABLE_PORT:
2518	case CTL_DISABLE_PORT:
2519	case CTL_SET_PORT_WWNS: {
2520		struct ctl_port *port;
2521		struct ctl_port_entry *entry;
2522
2523		entry = (struct ctl_port_entry *)addr;
2524
2525		mtx_lock(&softc->ctl_lock);
2526		STAILQ_FOREACH(port, &softc->port_list, links) {
2527			int action, done;
2528
2529			if (port->targ_port < softc->port_min ||
2530			    port->targ_port >= softc->port_max)
2531				continue;
2532
2533			action = 0;
2534			done = 0;
2535			if ((entry->port_type == CTL_PORT_NONE)
2536			 && (entry->targ_port == port->targ_port)) {
2537				/*
2538				 * If the user only wants to enable or
2539				 * disable or set WWNs on a specific port,
2540				 * do the operation and we're done.
2541				 */
2542				action = 1;
2543				done = 1;
2544			} else if (entry->port_type & port->port_type) {
2545				/*
2546				 * Compare the user's type mask with the
2547				 * particular frontend type to see if we
2548				 * have a match.
2549				 */
2550				action = 1;
2551				done = 0;
2552
2553				/*
2554				 * Make sure the user isn't trying to set
2555				 * WWNs on multiple ports at the same time.
2556				 */
2557				if (cmd == CTL_SET_PORT_WWNS) {
2558					printf("%s: Can't set WWNs on "
2559					       "multiple ports\n", __func__);
2560					retval = EINVAL;
2561					break;
2562				}
2563			}
2564			if (action == 0)
2565				continue;
2566
2567			/*
2568			 * XXX KDM we have to drop the lock here, because
2569			 * the online/offline operations can potentially
2570			 * block.  We need to reference count the frontends
2571			 * so they can't go away,
2572			 */
2573			if (cmd == CTL_ENABLE_PORT) {
2574				mtx_unlock(&softc->ctl_lock);
2575				ctl_port_online(port);
2576				mtx_lock(&softc->ctl_lock);
2577			} else if (cmd == CTL_DISABLE_PORT) {
2578				mtx_unlock(&softc->ctl_lock);
2579				ctl_port_offline(port);
2580				mtx_lock(&softc->ctl_lock);
2581			} else if (cmd == CTL_SET_PORT_WWNS) {
2582				ctl_port_set_wwns(port,
2583				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2584				    1 : 0, entry->wwnn,
2585				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2586				    1 : 0, entry->wwpn);
2587			}
2588			if (done != 0)
2589				break;
2590		}
2591		mtx_unlock(&softc->ctl_lock);
2592		break;
2593	}
2594	case CTL_GET_PORT_LIST: {
2595		struct ctl_port *port;
2596		struct ctl_port_list *list;
2597		int i;
2598
2599		list = (struct ctl_port_list *)addr;
2600
2601		if (list->alloc_len != (list->alloc_num *
2602		    sizeof(struct ctl_port_entry))) {
2603			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2604			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2605			       "%zu\n", __func__, list->alloc_len,
2606			       list->alloc_num, sizeof(struct ctl_port_entry));
2607			retval = EINVAL;
2608			break;
2609		}
2610		list->fill_len = 0;
2611		list->fill_num = 0;
2612		list->dropped_num = 0;
2613		i = 0;
2614		mtx_lock(&softc->ctl_lock);
2615		STAILQ_FOREACH(port, &softc->port_list, links) {
2616			struct ctl_port_entry entry, *list_entry;
2617
2618			if (list->fill_num >= list->alloc_num) {
2619				list->dropped_num++;
2620				continue;
2621			}
2622
2623			entry.port_type = port->port_type;
2624			strlcpy(entry.port_name, port->port_name,
2625				sizeof(entry.port_name));
2626			entry.targ_port = port->targ_port;
2627			entry.physical_port = port->physical_port;
2628			entry.virtual_port = port->virtual_port;
2629			entry.wwnn = port->wwnn;
2630			entry.wwpn = port->wwpn;
2631			if (port->status & CTL_PORT_STATUS_ONLINE)
2632				entry.online = 1;
2633			else
2634				entry.online = 0;
2635
2636			list_entry = &list->entries[i];
2637
2638			retval = copyout(&entry, list_entry, sizeof(entry));
2639			if (retval != 0) {
2640				printf("%s: CTL_GET_PORT_LIST: copyout "
2641				       "returned %d\n", __func__, retval);
2642				break;
2643			}
2644			i++;
2645			list->fill_num++;
2646			list->fill_len += sizeof(entry);
2647		}
2648		mtx_unlock(&softc->ctl_lock);
2649
2650		/*
2651		 * If this is non-zero, we had a copyout fault, so there's
2652		 * probably no point in attempting to set the status inside
2653		 * the structure.
2654		 */
2655		if (retval != 0)
2656			break;
2657
2658		if (list->dropped_num > 0)
2659			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2660		else
2661			list->status = CTL_PORT_LIST_OK;
2662		break;
2663	}
2664	case CTL_DUMP_OOA: {
2665		union ctl_io *io;
2666		char printbuf[128];
2667		struct sbuf sb;
2668
2669		mtx_lock(&softc->ctl_lock);
2670		printf("Dumping OOA queues:\n");
2671		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2672			mtx_lock(&lun->lun_lock);
2673			for (io = (union ctl_io *)TAILQ_FIRST(
2674			     &lun->ooa_queue); io != NULL;
2675			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2676			     ooa_links)) {
2677				sbuf_new(&sb, printbuf, sizeof(printbuf),
2678					 SBUF_FIXEDLEN);
2679				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2680					    (intmax_t)lun->lun,
2681					    io->scsiio.tag_num,
2682					    (io->io_hdr.flags &
2683					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2684					    (io->io_hdr.flags &
2685					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2686					    (io->io_hdr.flags &
2687					    CTL_FLAG_ABORT) ? " ABORT" : "",
2688			                    (io->io_hdr.flags &
2689		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2690				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2691				sbuf_finish(&sb);
2692				printf("%s\n", sbuf_data(&sb));
2693			}
2694			mtx_unlock(&lun->lun_lock);
2695		}
2696		printf("OOA queues dump done\n");
2697		mtx_unlock(&softc->ctl_lock);
2698		break;
2699	}
2700	case CTL_GET_OOA: {
2701		struct ctl_ooa *ooa_hdr;
2702		struct ctl_ooa_entry *entries;
2703		uint32_t cur_fill_num;
2704
2705		ooa_hdr = (struct ctl_ooa *)addr;
2706
2707		if ((ooa_hdr->alloc_len == 0)
2708		 || (ooa_hdr->alloc_num == 0)) {
2709			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2710			       "must be non-zero\n", __func__,
2711			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2712			retval = EINVAL;
2713			break;
2714		}
2715
2716		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2717		    sizeof(struct ctl_ooa_entry))) {
2718			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2719			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2720			       __func__, ooa_hdr->alloc_len,
2721			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2722			retval = EINVAL;
2723			break;
2724		}
2725
2726		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2727		if (entries == NULL) {
2728			printf("%s: could not allocate %d bytes for OOA "
2729			       "dump\n", __func__, ooa_hdr->alloc_len);
2730			retval = ENOMEM;
2731			break;
2732		}
2733
2734		mtx_lock(&softc->ctl_lock);
2735		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2736		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2737		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2738			mtx_unlock(&softc->ctl_lock);
2739			free(entries, M_CTL);
2740			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2741			       __func__, (uintmax_t)ooa_hdr->lun_num);
2742			retval = EINVAL;
2743			break;
2744		}
2745
2746		cur_fill_num = 0;
2747
2748		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2749			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2750				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2751					ooa_hdr, entries);
2752				if (retval != 0)
2753					break;
2754			}
2755			if (retval != 0) {
2756				mtx_unlock(&softc->ctl_lock);
2757				free(entries, M_CTL);
2758				break;
2759			}
2760		} else {
2761			lun = softc->ctl_luns[ooa_hdr->lun_num];
2762
2763			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2764						    entries);
2765		}
2766		mtx_unlock(&softc->ctl_lock);
2767
2768		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2769		ooa_hdr->fill_len = ooa_hdr->fill_num *
2770			sizeof(struct ctl_ooa_entry);
2771		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2772		if (retval != 0) {
2773			printf("%s: error copying out %d bytes for OOA dump\n",
2774			       __func__, ooa_hdr->fill_len);
2775		}
2776
2777		getbintime(&ooa_hdr->cur_bt);
2778
2779		if (cur_fill_num > ooa_hdr->alloc_num) {
2780			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2781			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2782		} else {
2783			ooa_hdr->dropped_num = 0;
2784			ooa_hdr->status = CTL_OOA_OK;
2785		}
2786
2787		free(entries, M_CTL);
2788		break;
2789	}
2790	case CTL_CHECK_OOA: {
2791		union ctl_io *io;
2792		struct ctl_ooa_info *ooa_info;
2793
2794
2795		ooa_info = (struct ctl_ooa_info *)addr;
2796
2797		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2798			ooa_info->status = CTL_OOA_INVALID_LUN;
2799			break;
2800		}
2801		mtx_lock(&softc->ctl_lock);
2802		lun = softc->ctl_luns[ooa_info->lun_id];
2803		if (lun == NULL) {
2804			mtx_unlock(&softc->ctl_lock);
2805			ooa_info->status = CTL_OOA_INVALID_LUN;
2806			break;
2807		}
2808		mtx_lock(&lun->lun_lock);
2809		mtx_unlock(&softc->ctl_lock);
2810		ooa_info->num_entries = 0;
2811		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2812		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2813		     &io->io_hdr, ooa_links)) {
2814			ooa_info->num_entries++;
2815		}
2816		mtx_unlock(&lun->lun_lock);
2817
2818		ooa_info->status = CTL_OOA_SUCCESS;
2819
2820		break;
2821	}
2822	case CTL_DELAY_IO: {
2823		struct ctl_io_delay_info *delay_info;
2824
2825		delay_info = (struct ctl_io_delay_info *)addr;
2826
2827#ifdef CTL_IO_DELAY
2828		mtx_lock(&softc->ctl_lock);
2829
2830		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2831		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2832			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2833		} else {
2834			lun = softc->ctl_luns[delay_info->lun_id];
2835			mtx_lock(&lun->lun_lock);
2836
2837			delay_info->status = CTL_DELAY_STATUS_OK;
2838
2839			switch (delay_info->delay_type) {
2840			case CTL_DELAY_TYPE_CONT:
2841				break;
2842			case CTL_DELAY_TYPE_ONESHOT:
2843				break;
2844			default:
2845				delay_info->status =
2846					CTL_DELAY_STATUS_INVALID_TYPE;
2847				break;
2848			}
2849
2850			switch (delay_info->delay_loc) {
2851			case CTL_DELAY_LOC_DATAMOVE:
2852				lun->delay_info.datamove_type =
2853					delay_info->delay_type;
2854				lun->delay_info.datamove_delay =
2855					delay_info->delay_secs;
2856				break;
2857			case CTL_DELAY_LOC_DONE:
2858				lun->delay_info.done_type =
2859					delay_info->delay_type;
2860				lun->delay_info.done_delay =
2861					delay_info->delay_secs;
2862				break;
2863			default:
2864				delay_info->status =
2865					CTL_DELAY_STATUS_INVALID_LOC;
2866				break;
2867			}
2868			mtx_unlock(&lun->lun_lock);
2869		}
2870
2871		mtx_unlock(&softc->ctl_lock);
2872#else
2873		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2874#endif /* CTL_IO_DELAY */
2875		break;
2876	}
2877	case CTL_REALSYNC_SET: {
2878		int *syncstate;
2879
2880		syncstate = (int *)addr;
2881
2882		mtx_lock(&softc->ctl_lock);
2883		switch (*syncstate) {
2884		case 0:
2885			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2886			break;
2887		case 1:
2888			softc->flags |= CTL_FLAG_REAL_SYNC;
2889			break;
2890		default:
2891			retval = EINVAL;
2892			break;
2893		}
2894		mtx_unlock(&softc->ctl_lock);
2895		break;
2896	}
2897	case CTL_REALSYNC_GET: {
2898		int *syncstate;
2899
2900		syncstate = (int*)addr;
2901
2902		mtx_lock(&softc->ctl_lock);
2903		if (softc->flags & CTL_FLAG_REAL_SYNC)
2904			*syncstate = 1;
2905		else
2906			*syncstate = 0;
2907		mtx_unlock(&softc->ctl_lock);
2908
2909		break;
2910	}
2911	case CTL_SETSYNC:
2912	case CTL_GETSYNC: {
2913		struct ctl_sync_info *sync_info;
2914
2915		sync_info = (struct ctl_sync_info *)addr;
2916
2917		mtx_lock(&softc->ctl_lock);
2918		lun = softc->ctl_luns[sync_info->lun_id];
2919		if (lun == NULL) {
2920			mtx_unlock(&softc->ctl_lock);
2921			sync_info->status = CTL_GS_SYNC_NO_LUN;
2922			break;
2923		}
2924		/*
2925		 * Get or set the sync interval.  We're not bounds checking
2926		 * in the set case, hopefully the user won't do something
2927		 * silly.
2928		 */
2929		mtx_lock(&lun->lun_lock);
2930		mtx_unlock(&softc->ctl_lock);
2931		if (cmd == CTL_GETSYNC)
2932			sync_info->sync_interval = lun->sync_interval;
2933		else
2934			lun->sync_interval = sync_info->sync_interval;
2935		mtx_unlock(&lun->lun_lock);
2936
2937		sync_info->status = CTL_GS_SYNC_OK;
2938
2939		break;
2940	}
2941	case CTL_GETSTATS: {
2942		struct ctl_stats *stats;
2943		int i;
2944
2945		stats = (struct ctl_stats *)addr;
2946
2947		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2948		     stats->alloc_len) {
2949			stats->status = CTL_SS_NEED_MORE_SPACE;
2950			stats->num_luns = softc->num_luns;
2951			break;
2952		}
2953		/*
2954		 * XXX KDM no locking here.  If the LUN list changes,
2955		 * things can blow up.
2956		 */
2957		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2958		     i++, lun = STAILQ_NEXT(lun, links)) {
2959			retval = copyout(&lun->stats, &stats->lun_stats[i],
2960					 sizeof(lun->stats));
2961			if (retval != 0)
2962				break;
2963		}
2964		stats->num_luns = softc->num_luns;
2965		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2966				 softc->num_luns;
2967		stats->status = CTL_SS_OK;
2968#ifdef CTL_TIME_IO
2969		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2970#else
2971		stats->flags = CTL_STATS_FLAG_NONE;
2972#endif
2973		getnanouptime(&stats->timestamp);
2974		break;
2975	}
2976	case CTL_ERROR_INJECT: {
2977		struct ctl_error_desc *err_desc, *new_err_desc;
2978
2979		err_desc = (struct ctl_error_desc *)addr;
2980
2981		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2982				      M_WAITOK | M_ZERO);
2983		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2984
2985		mtx_lock(&softc->ctl_lock);
2986		lun = softc->ctl_luns[err_desc->lun_id];
2987		if (lun == NULL) {
2988			mtx_unlock(&softc->ctl_lock);
2989			free(new_err_desc, M_CTL);
2990			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2991			       __func__, (uintmax_t)err_desc->lun_id);
2992			retval = EINVAL;
2993			break;
2994		}
2995		mtx_lock(&lun->lun_lock);
2996		mtx_unlock(&softc->ctl_lock);
2997
2998		/*
2999		 * We could do some checking here to verify the validity
3000		 * of the request, but given the complexity of error
3001		 * injection requests, the checking logic would be fairly
3002		 * complex.
3003		 *
3004		 * For now, if the request is invalid, it just won't get
3005		 * executed and might get deleted.
3006		 */
3007		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
3008
3009		/*
3010		 * XXX KDM check to make sure the serial number is unique,
3011		 * in case we somehow manage to wrap.  That shouldn't
3012		 * happen for a very long time, but it's the right thing to
3013		 * do.
3014		 */
3015		new_err_desc->serial = lun->error_serial;
3016		err_desc->serial = lun->error_serial;
3017		lun->error_serial++;
3018
3019		mtx_unlock(&lun->lun_lock);
3020		break;
3021	}
3022	case CTL_ERROR_INJECT_DELETE: {
3023		struct ctl_error_desc *delete_desc, *desc, *desc2;
3024		int delete_done;
3025
3026		delete_desc = (struct ctl_error_desc *)addr;
3027		delete_done = 0;
3028
3029		mtx_lock(&softc->ctl_lock);
3030		lun = softc->ctl_luns[delete_desc->lun_id];
3031		if (lun == NULL) {
3032			mtx_unlock(&softc->ctl_lock);
3033			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
3034			       __func__, (uintmax_t)delete_desc->lun_id);
3035			retval = EINVAL;
3036			break;
3037		}
3038		mtx_lock(&lun->lun_lock);
3039		mtx_unlock(&softc->ctl_lock);
3040		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
3041			if (desc->serial != delete_desc->serial)
3042				continue;
3043
3044			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
3045				      links);
3046			free(desc, M_CTL);
3047			delete_done = 1;
3048		}
3049		mtx_unlock(&lun->lun_lock);
3050		if (delete_done == 0) {
3051			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
3052			       "error serial %ju on LUN %u\n", __func__,
3053			       delete_desc->serial, delete_desc->lun_id);
3054			retval = EINVAL;
3055			break;
3056		}
3057		break;
3058	}
3059	case CTL_DUMP_STRUCTS: {
3060		int i, j, k;
3061		struct ctl_port *port;
3062		struct ctl_frontend *fe;
3063
3064		mtx_lock(&softc->ctl_lock);
3065		printf("CTL Persistent Reservation information start:\n");
3066		for (i = 0; i < CTL_MAX_LUNS; i++) {
3067			lun = softc->ctl_luns[i];
3068
3069			if ((lun == NULL)
3070			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3071				continue;
3072
3073			for (j = 0; j < CTL_MAX_PORTS; j++) {
3074				if (lun->pr_keys[j] == NULL)
3075					continue;
3076				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3077					if (lun->pr_keys[j][k] == 0)
3078						continue;
3079					printf("  LUN %d port %d iid %d key "
3080					       "%#jx\n", i, j, k,
3081					       (uintmax_t)lun->pr_keys[j][k]);
3082				}
3083			}
3084		}
3085		printf("CTL Persistent Reservation information end\n");
3086		printf("CTL Ports:\n");
3087		STAILQ_FOREACH(port, &softc->port_list, links) {
3088			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3089			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3090			       port->frontend->name, port->port_type,
3091			       port->physical_port, port->virtual_port,
3092			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3093			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3094				if (port->wwpn_iid[j].in_use == 0 &&
3095				    port->wwpn_iid[j].wwpn == 0 &&
3096				    port->wwpn_iid[j].name == NULL)
3097					continue;
3098
3099				printf("    iid %u use %d WWPN %#jx '%s'\n",
3100				    j, port->wwpn_iid[j].in_use,
3101				    (uintmax_t)port->wwpn_iid[j].wwpn,
3102				    port->wwpn_iid[j].name);
3103			}
3104		}
3105		printf("CTL Port information end\n");
3106		mtx_unlock(&softc->ctl_lock);
3107		/*
3108		 * XXX KDM calling this without a lock.  We'd likely want
3109		 * to drop the lock before calling the frontend's dump
3110		 * routine anyway.
3111		 */
3112		printf("CTL Frontends:\n");
3113		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3114			printf("  Frontend '%s'\n", fe->name);
3115			if (fe->fe_dump != NULL)
3116				fe->fe_dump();
3117		}
3118		printf("CTL Frontend information end\n");
3119		break;
3120	}
3121	case CTL_LUN_REQ: {
3122		struct ctl_lun_req *lun_req;
3123		struct ctl_backend_driver *backend;
3124
3125		lun_req = (struct ctl_lun_req *)addr;
3126
3127		backend = ctl_backend_find(lun_req->backend);
3128		if (backend == NULL) {
3129			lun_req->status = CTL_LUN_ERROR;
3130			snprintf(lun_req->error_str,
3131				 sizeof(lun_req->error_str),
3132				 "Backend \"%s\" not found.",
3133				 lun_req->backend);
3134			break;
3135		}
3136		if (lun_req->num_be_args > 0) {
3137			lun_req->kern_be_args = ctl_copyin_args(
3138				lun_req->num_be_args,
3139				lun_req->be_args,
3140				lun_req->error_str,
3141				sizeof(lun_req->error_str));
3142			if (lun_req->kern_be_args == NULL) {
3143				lun_req->status = CTL_LUN_ERROR;
3144				break;
3145			}
3146		}
3147
3148		retval = backend->ioctl(dev, cmd, addr, flag, td);
3149
3150		if (lun_req->num_be_args > 0) {
3151			ctl_copyout_args(lun_req->num_be_args,
3152				      lun_req->kern_be_args);
3153			ctl_free_args(lun_req->num_be_args,
3154				      lun_req->kern_be_args);
3155		}
3156		break;
3157	}
3158	case CTL_LUN_LIST: {
3159		struct sbuf *sb;
3160		struct ctl_lun_list *list;
3161		struct ctl_option *opt;
3162
3163		list = (struct ctl_lun_list *)addr;
3164
3165		/*
3166		 * Allocate a fixed length sbuf here, based on the length
3167		 * of the user's buffer.  We could allocate an auto-extending
3168		 * buffer, and then tell the user how much larger our
3169		 * amount of data is than his buffer, but that presents
3170		 * some problems:
3171		 *
3172		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3173		 *     we can't hold a lock while calling them with an
3174		 *     auto-extending buffer.
3175 		 *
3176		 * 2.  There is not currently a LUN reference counting
3177		 *     mechanism, outside of outstanding transactions on
3178		 *     the LUN's OOA queue.  So a LUN could go away on us
3179		 *     while we're getting the LUN number, backend-specific
3180		 *     information, etc.  Thus, given the way things
3181		 *     currently work, we need to hold the CTL lock while
3182		 *     grabbing LUN information.
3183		 *
3184		 * So, from the user's standpoint, the best thing to do is
3185		 * allocate what he thinks is a reasonable buffer length,
3186		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3187		 * double the buffer length and try again.  (And repeat
3188		 * that until he succeeds.)
3189		 */
3190		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3191		if (sb == NULL) {
3192			list->status = CTL_LUN_LIST_ERROR;
3193			snprintf(list->error_str, sizeof(list->error_str),
3194				 "Unable to allocate %d bytes for LUN list",
3195				 list->alloc_len);
3196			break;
3197		}
3198
3199		sbuf_printf(sb, "<ctllunlist>\n");
3200
3201		mtx_lock(&softc->ctl_lock);
3202		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3203			mtx_lock(&lun->lun_lock);
3204			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3205					     (uintmax_t)lun->lun);
3206
3207			/*
3208			 * Bail out as soon as we see that we've overfilled
3209			 * the buffer.
3210			 */
3211			if (retval != 0)
3212				break;
3213
3214			retval = sbuf_printf(sb, "\t<backend_type>%s"
3215					     "</backend_type>\n",
3216					     (lun->backend == NULL) ?  "none" :
3217					     lun->backend->name);
3218
3219			if (retval != 0)
3220				break;
3221
3222			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3223					     lun->be_lun->lun_type);
3224
3225			if (retval != 0)
3226				break;
3227
3228			if (lun->backend == NULL) {
3229				retval = sbuf_printf(sb, "</lun>\n");
3230				if (retval != 0)
3231					break;
3232				continue;
3233			}
3234
3235			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3236					     (lun->be_lun->maxlba > 0) ?
3237					     lun->be_lun->maxlba + 1 : 0);
3238
3239			if (retval != 0)
3240				break;
3241
3242			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3243					     lun->be_lun->blocksize);
3244
3245			if (retval != 0)
3246				break;
3247
3248			retval = sbuf_printf(sb, "\t<serial_number>");
3249
3250			if (retval != 0)
3251				break;
3252
3253			retval = ctl_sbuf_printf_esc(sb,
3254			    lun->be_lun->serial_num,
3255			    sizeof(lun->be_lun->serial_num));
3256
3257			if (retval != 0)
3258				break;
3259
3260			retval = sbuf_printf(sb, "</serial_number>\n");
3261
3262			if (retval != 0)
3263				break;
3264
3265			retval = sbuf_printf(sb, "\t<device_id>");
3266
3267			if (retval != 0)
3268				break;
3269
3270			retval = ctl_sbuf_printf_esc(sb,
3271			    lun->be_lun->device_id,
3272			    sizeof(lun->be_lun->device_id));
3273
3274			if (retval != 0)
3275				break;
3276
3277			retval = sbuf_printf(sb, "</device_id>\n");
3278
3279			if (retval != 0)
3280				break;
3281
3282			if (lun->backend->lun_info != NULL) {
3283				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3284				if (retval != 0)
3285					break;
3286			}
3287			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3288				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3289				    opt->name, opt->value, opt->name);
3290				if (retval != 0)
3291					break;
3292			}
3293
3294			retval = sbuf_printf(sb, "</lun>\n");
3295
3296			if (retval != 0)
3297				break;
3298			mtx_unlock(&lun->lun_lock);
3299		}
3300		if (lun != NULL)
3301			mtx_unlock(&lun->lun_lock);
3302		mtx_unlock(&softc->ctl_lock);
3303
3304		if ((retval != 0)
3305		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3306			retval = 0;
3307			sbuf_delete(sb);
3308			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3309			snprintf(list->error_str, sizeof(list->error_str),
3310				 "Out of space, %d bytes is too small",
3311				 list->alloc_len);
3312			break;
3313		}
3314
3315		sbuf_finish(sb);
3316
3317		retval = copyout(sbuf_data(sb), list->lun_xml,
3318				 sbuf_len(sb) + 1);
3319
3320		list->fill_len = sbuf_len(sb) + 1;
3321		list->status = CTL_LUN_LIST_OK;
3322		sbuf_delete(sb);
3323		break;
3324	}
3325	case CTL_ISCSI: {
3326		struct ctl_iscsi *ci;
3327		struct ctl_frontend *fe;
3328
3329		ci = (struct ctl_iscsi *)addr;
3330
3331		fe = ctl_frontend_find("iscsi");
3332		if (fe == NULL) {
3333			ci->status = CTL_ISCSI_ERROR;
3334			snprintf(ci->error_str, sizeof(ci->error_str),
3335			    "Frontend \"iscsi\" not found.");
3336			break;
3337		}
3338
3339		retval = fe->ioctl(dev, cmd, addr, flag, td);
3340		break;
3341	}
3342	case CTL_PORT_REQ: {
3343		struct ctl_req *req;
3344		struct ctl_frontend *fe;
3345
3346		req = (struct ctl_req *)addr;
3347
3348		fe = ctl_frontend_find(req->driver);
3349		if (fe == NULL) {
3350			req->status = CTL_LUN_ERROR;
3351			snprintf(req->error_str, sizeof(req->error_str),
3352			    "Frontend \"%s\" not found.", req->driver);
3353			break;
3354		}
3355		if (req->num_args > 0) {
3356			req->kern_args = ctl_copyin_args(req->num_args,
3357			    req->args, req->error_str, sizeof(req->error_str));
3358			if (req->kern_args == NULL) {
3359				req->status = CTL_LUN_ERROR;
3360				break;
3361			}
3362		}
3363
3364		if (fe->ioctl)
3365			retval = fe->ioctl(dev, cmd, addr, flag, td);
3366		else
3367			retval = ENODEV;
3368
3369		if (req->num_args > 0) {
3370			ctl_copyout_args(req->num_args, req->kern_args);
3371			ctl_free_args(req->num_args, req->kern_args);
3372		}
3373		break;
3374	}
3375	case CTL_PORT_LIST: {
3376		struct sbuf *sb;
3377		struct ctl_port *port;
3378		struct ctl_lun_list *list;
3379		struct ctl_option *opt;
3380		int j;
3381		uint32_t plun;
3382
3383		list = (struct ctl_lun_list *)addr;
3384
3385		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3386		if (sb == NULL) {
3387			list->status = CTL_LUN_LIST_ERROR;
3388			snprintf(list->error_str, sizeof(list->error_str),
3389				 "Unable to allocate %d bytes for LUN list",
3390				 list->alloc_len);
3391			break;
3392		}
3393
3394		sbuf_printf(sb, "<ctlportlist>\n");
3395
3396		mtx_lock(&softc->ctl_lock);
3397		STAILQ_FOREACH(port, &softc->port_list, links) {
3398			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3399					     (uintmax_t)port->targ_port);
3400
3401			/*
3402			 * Bail out as soon as we see that we've overfilled
3403			 * the buffer.
3404			 */
3405			if (retval != 0)
3406				break;
3407
3408			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3409			    "</frontend_type>\n", port->frontend->name);
3410			if (retval != 0)
3411				break;
3412
3413			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3414					     port->port_type);
3415			if (retval != 0)
3416				break;
3417
3418			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3419			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3420			if (retval != 0)
3421				break;
3422
3423			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3424			    port->port_name);
3425			if (retval != 0)
3426				break;
3427
3428			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3429			    port->physical_port);
3430			if (retval != 0)
3431				break;
3432
3433			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3434			    port->virtual_port);
3435			if (retval != 0)
3436				break;
3437
3438			if (port->target_devid != NULL) {
3439				sbuf_printf(sb, "\t<target>");
3440				ctl_id_sbuf(port->target_devid, sb);
3441				sbuf_printf(sb, "</target>\n");
3442			}
3443
3444			if (port->port_devid != NULL) {
3445				sbuf_printf(sb, "\t<port>");
3446				ctl_id_sbuf(port->port_devid, sb);
3447				sbuf_printf(sb, "</port>\n");
3448			}
3449
3450			if (port->port_info != NULL) {
3451				retval = port->port_info(port->onoff_arg, sb);
3452				if (retval != 0)
3453					break;
3454			}
3455			STAILQ_FOREACH(opt, &port->options, links) {
3456				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3457				    opt->name, opt->value, opt->name);
3458				if (retval != 0)
3459					break;
3460			}
3461
3462			if (port->lun_map != NULL) {
3463				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3464				for (j = 0; j < CTL_MAX_LUNS; j++) {
3465					plun = ctl_lun_map_from_port(port, j);
3466					if (plun >= CTL_MAX_LUNS)
3467						continue;
3468					sbuf_printf(sb,
3469					    "\t<lun id=\"%u\">%u</lun>\n",
3470					    j, plun);
3471				}
3472			}
3473
3474			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3475				if (port->wwpn_iid[j].in_use == 0 ||
3476				    (port->wwpn_iid[j].wwpn == 0 &&
3477				     port->wwpn_iid[j].name == NULL))
3478					continue;
3479
3480				if (port->wwpn_iid[j].name != NULL)
3481					retval = sbuf_printf(sb,
3482					    "\t<initiator id=\"%u\">%s</initiator>\n",
3483					    j, port->wwpn_iid[j].name);
3484				else
3485					retval = sbuf_printf(sb,
3486					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3487					    j, port->wwpn_iid[j].wwpn);
3488				if (retval != 0)
3489					break;
3490			}
3491			if (retval != 0)
3492				break;
3493
3494			retval = sbuf_printf(sb, "</targ_port>\n");
3495			if (retval != 0)
3496				break;
3497		}
3498		mtx_unlock(&softc->ctl_lock);
3499
3500		if ((retval != 0)
3501		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3502			retval = 0;
3503			sbuf_delete(sb);
3504			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3505			snprintf(list->error_str, sizeof(list->error_str),
3506				 "Out of space, %d bytes is too small",
3507				 list->alloc_len);
3508			break;
3509		}
3510
3511		sbuf_finish(sb);
3512
3513		retval = copyout(sbuf_data(sb), list->lun_xml,
3514				 sbuf_len(sb) + 1);
3515
3516		list->fill_len = sbuf_len(sb) + 1;
3517		list->status = CTL_LUN_LIST_OK;
3518		sbuf_delete(sb);
3519		break;
3520	}
3521	case CTL_LUN_MAP: {
3522		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3523		struct ctl_port *port;
3524
3525		mtx_lock(&softc->ctl_lock);
3526		if (lm->port < softc->port_min ||
3527		    lm->port >= softc->port_max ||
3528		    (port = softc->ctl_ports[lm->port]) == NULL) {
3529			mtx_unlock(&softc->ctl_lock);
3530			return (ENXIO);
3531		}
3532		if (port->status & CTL_PORT_STATUS_ONLINE) {
3533			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3534				if (ctl_lun_map_to_port(port, lun->lun) >=
3535				    CTL_MAX_LUNS)
3536					continue;
3537				mtx_lock(&lun->lun_lock);
3538				ctl_est_ua_port(lun, lm->port, -1,
3539				    CTL_UA_LUN_CHANGE);
3540				mtx_unlock(&lun->lun_lock);
3541			}
3542		}
3543		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3544		if (lm->plun < CTL_MAX_LUNS) {
3545			if (lm->lun == UINT32_MAX)
3546				retval = ctl_lun_map_unset(port, lm->plun);
3547			else if (lm->lun < CTL_MAX_LUNS &&
3548			    softc->ctl_luns[lm->lun] != NULL)
3549				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3550			else
3551				return (ENXIO);
3552		} else if (lm->plun == UINT32_MAX) {
3553			if (lm->lun == UINT32_MAX)
3554				retval = ctl_lun_map_deinit(port);
3555			else
3556				retval = ctl_lun_map_init(port);
3557		} else
3558			return (ENXIO);
3559		if (port->status & CTL_PORT_STATUS_ONLINE)
3560			ctl_isc_announce_port(port);
3561		break;
3562	}
3563	default: {
3564		/* XXX KDM should we fix this? */
3565#if 0
3566		struct ctl_backend_driver *backend;
3567		unsigned int type;
3568		int found;
3569
3570		found = 0;
3571
3572		/*
3573		 * We encode the backend type as the ioctl type for backend
3574		 * ioctls.  So parse it out here, and then search for a
3575		 * backend of this type.
3576		 */
3577		type = _IOC_TYPE(cmd);
3578
3579		STAILQ_FOREACH(backend, &softc->be_list, links) {
3580			if (backend->type == type) {
3581				found = 1;
3582				break;
3583			}
3584		}
3585		if (found == 0) {
3586			printf("ctl: unknown ioctl command %#lx or backend "
3587			       "%d\n", cmd, type);
3588			retval = EINVAL;
3589			break;
3590		}
3591		retval = backend->ioctl(dev, cmd, addr, flag, td);
3592#endif
3593		retval = ENOTTY;
3594		break;
3595	}
3596	}
3597	return (retval);
3598}
3599
3600uint32_t
3601ctl_get_initindex(struct ctl_nexus *nexus)
3602{
3603	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3604}
3605
3606int
3607ctl_lun_map_init(struct ctl_port *port)
3608{
3609	struct ctl_softc *softc = port->ctl_softc;
3610	struct ctl_lun *lun;
3611	uint32_t i;
3612
3613	if (port->lun_map == NULL)
3614		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3615		    M_CTL, M_NOWAIT);
3616	if (port->lun_map == NULL)
3617		return (ENOMEM);
3618	for (i = 0; i < CTL_MAX_LUNS; i++)
3619		port->lun_map[i] = UINT32_MAX;
3620	if (port->status & CTL_PORT_STATUS_ONLINE) {
3621		if (port->lun_disable != NULL) {
3622			STAILQ_FOREACH(lun, &softc->lun_list, links)
3623				port->lun_disable(port->targ_lun_arg, lun->lun);
3624		}
3625		ctl_isc_announce_port(port);
3626	}
3627	return (0);
3628}
3629
3630int
3631ctl_lun_map_deinit(struct ctl_port *port)
3632{
3633	struct ctl_softc *softc = port->ctl_softc;
3634	struct ctl_lun *lun;
3635
3636	if (port->lun_map == NULL)
3637		return (0);
3638	free(port->lun_map, M_CTL);
3639	port->lun_map = NULL;
3640	if (port->status & CTL_PORT_STATUS_ONLINE) {
3641		if (port->lun_enable != NULL) {
3642			STAILQ_FOREACH(lun, &softc->lun_list, links)
3643				port->lun_enable(port->targ_lun_arg, lun->lun);
3644		}
3645		ctl_isc_announce_port(port);
3646	}
3647	return (0);
3648}
3649
3650int
3651ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3652{
3653	int status;
3654	uint32_t old;
3655
3656	if (port->lun_map == NULL) {
3657		status = ctl_lun_map_init(port);
3658		if (status != 0)
3659			return (status);
3660	}
3661	old = port->lun_map[plun];
3662	port->lun_map[plun] = glun;
3663	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3664		if (port->lun_enable != NULL)
3665			port->lun_enable(port->targ_lun_arg, plun);
3666		ctl_isc_announce_port(port);
3667	}
3668	return (0);
3669}
3670
3671int
3672ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3673{
3674	uint32_t old;
3675
3676	if (port->lun_map == NULL)
3677		return (0);
3678	old = port->lun_map[plun];
3679	port->lun_map[plun] = UINT32_MAX;
3680	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3681		if (port->lun_disable != NULL)
3682			port->lun_disable(port->targ_lun_arg, plun);
3683		ctl_isc_announce_port(port);
3684	}
3685	return (0);
3686}
3687
3688uint32_t
3689ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3690{
3691
3692	if (port == NULL)
3693		return (UINT32_MAX);
3694	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3695		return (lun_id);
3696	return (port->lun_map[lun_id]);
3697}
3698
3699uint32_t
3700ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3701{
3702	uint32_t i;
3703
3704	if (port == NULL)
3705		return (UINT32_MAX);
3706	if (port->lun_map == NULL)
3707		return (lun_id);
3708	for (i = 0; i < CTL_MAX_LUNS; i++) {
3709		if (port->lun_map[i] == lun_id)
3710			return (i);
3711	}
3712	return (UINT32_MAX);
3713}
3714
3715static struct ctl_port *
3716ctl_io_port(struct ctl_io_hdr *io_hdr)
3717{
3718
3719	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3720}
3721
3722int
3723ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3724{
3725	int i;
3726
3727	for (i = first; i < last; i++) {
3728		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3729			return (i);
3730	}
3731	return (-1);
3732}
3733
3734int
3735ctl_set_mask(uint32_t *mask, uint32_t bit)
3736{
3737	uint32_t chunk, piece;
3738
3739	chunk = bit >> 5;
3740	piece = bit % (sizeof(uint32_t) * 8);
3741
3742	if ((mask[chunk] & (1 << piece)) != 0)
3743		return (-1);
3744	else
3745		mask[chunk] |= (1 << piece);
3746
3747	return (0);
3748}
3749
3750int
3751ctl_clear_mask(uint32_t *mask, uint32_t bit)
3752{
3753	uint32_t chunk, piece;
3754
3755	chunk = bit >> 5;
3756	piece = bit % (sizeof(uint32_t) * 8);
3757
3758	if ((mask[chunk] & (1 << piece)) == 0)
3759		return (-1);
3760	else
3761		mask[chunk] &= ~(1 << piece);
3762
3763	return (0);
3764}
3765
3766int
3767ctl_is_set(uint32_t *mask, uint32_t bit)
3768{
3769	uint32_t chunk, piece;
3770
3771	chunk = bit >> 5;
3772	piece = bit % (sizeof(uint32_t) * 8);
3773
3774	if ((mask[chunk] & (1 << piece)) == 0)
3775		return (0);
3776	else
3777		return (1);
3778}
3779
3780static uint64_t
3781ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3782{
3783	uint64_t *t;
3784
3785	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3786	if (t == NULL)
3787		return (0);
3788	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3789}
3790
3791static void
3792ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3793{
3794	uint64_t *t;
3795
3796	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3797	if (t == NULL)
3798		return;
3799	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3800}
3801
3802static void
3803ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3804{
3805	uint64_t *p;
3806	u_int i;
3807
3808	i = residx/CTL_MAX_INIT_PER_PORT;
3809	if (lun->pr_keys[i] != NULL)
3810		return;
3811	mtx_unlock(&lun->lun_lock);
3812	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3813	    M_WAITOK | M_ZERO);
3814	mtx_lock(&lun->lun_lock);
3815	if (lun->pr_keys[i] == NULL)
3816		lun->pr_keys[i] = p;
3817	else
3818		free(p, M_CTL);
3819}
3820
3821static void
3822ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3823{
3824	uint64_t *t;
3825
3826	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3827	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3828	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3829}
3830
3831/*
3832 * ctl_softc, pool_name, total_ctl_io are passed in.
3833 * npool is passed out.
3834 */
3835int
3836ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3837		uint32_t total_ctl_io, void **npool)
3838{
3839#ifdef IO_POOLS
3840	struct ctl_io_pool *pool;
3841
3842	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3843					    M_NOWAIT | M_ZERO);
3844	if (pool == NULL)
3845		return (ENOMEM);
3846
3847	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3848	pool->ctl_softc = ctl_softc;
3849	pool->zone = uma_zsecond_create(pool->name, NULL,
3850	    NULL, NULL, NULL, ctl_softc->io_zone);
3851	/* uma_prealloc(pool->zone, total_ctl_io); */
3852
3853	*npool = pool;
3854#else
3855	*npool = ctl_softc->io_zone;
3856#endif
3857	return (0);
3858}
3859
3860void
3861ctl_pool_free(struct ctl_io_pool *pool)
3862{
3863
3864	if (pool == NULL)
3865		return;
3866
3867#ifdef IO_POOLS
3868	uma_zdestroy(pool->zone);
3869	free(pool, M_CTL);
3870#endif
3871}
3872
3873union ctl_io *
3874ctl_alloc_io(void *pool_ref)
3875{
3876	union ctl_io *io;
3877#ifdef IO_POOLS
3878	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3879
3880	io = uma_zalloc(pool->zone, M_WAITOK);
3881#else
3882	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3883#endif
3884	if (io != NULL)
3885		io->io_hdr.pool = pool_ref;
3886	return (io);
3887}
3888
3889union ctl_io *
3890ctl_alloc_io_nowait(void *pool_ref)
3891{
3892	union ctl_io *io;
3893#ifdef IO_POOLS
3894	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3895
3896	io = uma_zalloc(pool->zone, M_NOWAIT);
3897#else
3898	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3899#endif
3900	if (io != NULL)
3901		io->io_hdr.pool = pool_ref;
3902	return (io);
3903}
3904
3905void
3906ctl_free_io(union ctl_io *io)
3907{
3908#ifdef IO_POOLS
3909	struct ctl_io_pool *pool;
3910#endif
3911
3912	if (io == NULL)
3913		return;
3914
3915#ifdef IO_POOLS
3916	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3917	uma_zfree(pool->zone, io);
3918#else
3919	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3920#endif
3921}
3922
3923void
3924ctl_zero_io(union ctl_io *io)
3925{
3926	void *pool_ref;
3927
3928	if (io == NULL)
3929		return;
3930
3931	/*
3932	 * May need to preserve linked list pointers at some point too.
3933	 */
3934	pool_ref = io->io_hdr.pool;
3935	memset(io, 0, sizeof(*io));
3936	io->io_hdr.pool = pool_ref;
3937}
3938
3939/*
3940 * This routine is currently used for internal copies of ctl_ios that need
3941 * to persist for some reason after we've already returned status to the
3942 * FETD.  (Thus the flag set.)
3943 *
3944 * XXX XXX
3945 * Note that this makes a blind copy of all fields in the ctl_io, except
3946 * for the pool reference.  This includes any memory that has been
3947 * allocated!  That memory will no longer be valid after done has been
3948 * called, so this would be VERY DANGEROUS for command that actually does
3949 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3950 * start and stop commands, which don't transfer any data, so this is not a
3951 * problem.  If it is used for anything else, the caller would also need to
3952 * allocate data buffer space and this routine would need to be modified to
3953 * copy the data buffer(s) as well.
3954 */
3955void
3956ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3957{
3958	void *pool_ref;
3959
3960	if ((src == NULL)
3961	 || (dest == NULL))
3962		return;
3963
3964	/*
3965	 * May need to preserve linked list pointers at some point too.
3966	 */
3967	pool_ref = dest->io_hdr.pool;
3968
3969	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3970
3971	dest->io_hdr.pool = pool_ref;
3972	/*
3973	 * We need to know that this is an internal copy, and doesn't need
3974	 * to get passed back to the FETD that allocated it.
3975	 */
3976	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3977}
3978
3979int
3980ctl_expand_number(const char *buf, uint64_t *num)
3981{
3982	char *endptr;
3983	uint64_t number;
3984	unsigned shift;
3985
3986	number = strtoq(buf, &endptr, 0);
3987
3988	switch (tolower((unsigned char)*endptr)) {
3989	case 'e':
3990		shift = 60;
3991		break;
3992	case 'p':
3993		shift = 50;
3994		break;
3995	case 't':
3996		shift = 40;
3997		break;
3998	case 'g':
3999		shift = 30;
4000		break;
4001	case 'm':
4002		shift = 20;
4003		break;
4004	case 'k':
4005		shift = 10;
4006		break;
4007	case 'b':
4008	case '\0': /* No unit. */
4009		*num = number;
4010		return (0);
4011	default:
4012		/* Unrecognized unit. */
4013		return (-1);
4014	}
4015
4016	if ((number << shift) >> shift != number) {
4017		/* Overflow */
4018		return (-1);
4019	}
4020	*num = number << shift;
4021	return (0);
4022}
4023
4024
4025/*
4026 * This routine could be used in the future to load default and/or saved
4027 * mode page parameters for a particuar lun.
4028 */
4029static int
4030ctl_init_page_index(struct ctl_lun *lun)
4031{
4032	int i;
4033	struct ctl_page_index *page_index;
4034	const char *value;
4035	uint64_t ival;
4036
4037	memcpy(&lun->mode_pages.index, page_index_template,
4038	       sizeof(page_index_template));
4039
4040	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4041
4042		page_index = &lun->mode_pages.index[i];
4043		/*
4044		 * If this is a disk-only mode page, there's no point in
4045		 * setting it up.  For some pages, we have to have some
4046		 * basic information about the disk in order to calculate the
4047		 * mode page data.
4048		 */
4049		if ((lun->be_lun->lun_type != T_DIRECT)
4050		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4051			continue;
4052
4053		switch (page_index->page_code & SMPH_PC_MASK) {
4054		case SMS_RW_ERROR_RECOVERY_PAGE: {
4055			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4056				panic("subpage is incorrect!");
4057			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4058			       &rw_er_page_default,
4059			       sizeof(rw_er_page_default));
4060			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4061			       &rw_er_page_changeable,
4062			       sizeof(rw_er_page_changeable));
4063			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4064			       &rw_er_page_default,
4065			       sizeof(rw_er_page_default));
4066			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4067			       &rw_er_page_default,
4068			       sizeof(rw_er_page_default));
4069			page_index->page_data =
4070				(uint8_t *)lun->mode_pages.rw_er_page;
4071			break;
4072		}
4073		case SMS_FORMAT_DEVICE_PAGE: {
4074			struct scsi_format_page *format_page;
4075
4076			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4077				panic("subpage is incorrect!");
4078
4079			/*
4080			 * Sectors per track are set above.  Bytes per
4081			 * sector need to be set here on a per-LUN basis.
4082			 */
4083			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4084			       &format_page_default,
4085			       sizeof(format_page_default));
4086			memcpy(&lun->mode_pages.format_page[
4087			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4088			       sizeof(format_page_changeable));
4089			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4090			       &format_page_default,
4091			       sizeof(format_page_default));
4092			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4093			       &format_page_default,
4094			       sizeof(format_page_default));
4095
4096			format_page = &lun->mode_pages.format_page[
4097				CTL_PAGE_CURRENT];
4098			scsi_ulto2b(lun->be_lun->blocksize,
4099				    format_page->bytes_per_sector);
4100
4101			format_page = &lun->mode_pages.format_page[
4102				CTL_PAGE_DEFAULT];
4103			scsi_ulto2b(lun->be_lun->blocksize,
4104				    format_page->bytes_per_sector);
4105
4106			format_page = &lun->mode_pages.format_page[
4107				CTL_PAGE_SAVED];
4108			scsi_ulto2b(lun->be_lun->blocksize,
4109				    format_page->bytes_per_sector);
4110
4111			page_index->page_data =
4112				(uint8_t *)lun->mode_pages.format_page;
4113			break;
4114		}
4115		case SMS_RIGID_DISK_PAGE: {
4116			struct scsi_rigid_disk_page *rigid_disk_page;
4117			uint32_t sectors_per_cylinder;
4118			uint64_t cylinders;
4119#ifndef	__XSCALE__
4120			int shift;
4121#endif /* !__XSCALE__ */
4122
4123			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4124				panic("invalid subpage value %d",
4125				      page_index->subpage);
4126
4127			/*
4128			 * Rotation rate and sectors per track are set
4129			 * above.  We calculate the cylinders here based on
4130			 * capacity.  Due to the number of heads and
4131			 * sectors per track we're using, smaller arrays
4132			 * may turn out to have 0 cylinders.  Linux and
4133			 * FreeBSD don't pay attention to these mode pages
4134			 * to figure out capacity, but Solaris does.  It
4135			 * seems to deal with 0 cylinders just fine, and
4136			 * works out a fake geometry based on the capacity.
4137			 */
4138			memcpy(&lun->mode_pages.rigid_disk_page[
4139			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4140			       sizeof(rigid_disk_page_default));
4141			memcpy(&lun->mode_pages.rigid_disk_page[
4142			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4143			       sizeof(rigid_disk_page_changeable));
4144
4145			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4146				CTL_DEFAULT_HEADS;
4147
4148			/*
4149			 * The divide method here will be more accurate,
4150			 * probably, but results in floating point being
4151			 * used in the kernel on i386 (__udivdi3()).  On the
4152			 * XScale, though, __udivdi3() is implemented in
4153			 * software.
4154			 *
4155			 * The shift method for cylinder calculation is
4156			 * accurate if sectors_per_cylinder is a power of
4157			 * 2.  Otherwise it might be slightly off -- you
4158			 * might have a bit of a truncation problem.
4159			 */
4160#ifdef	__XSCALE__
4161			cylinders = (lun->be_lun->maxlba + 1) /
4162				sectors_per_cylinder;
4163#else
4164			for (shift = 31; shift > 0; shift--) {
4165				if (sectors_per_cylinder & (1 << shift))
4166					break;
4167			}
4168			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4169#endif
4170
4171			/*
4172			 * We've basically got 3 bytes, or 24 bits for the
4173			 * cylinder size in the mode page.  If we're over,
4174			 * just round down to 2^24.
4175			 */
4176			if (cylinders > 0xffffff)
4177				cylinders = 0xffffff;
4178
4179			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4180				CTL_PAGE_DEFAULT];
4181			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4182
4183			if ((value = ctl_get_opt(&lun->be_lun->options,
4184			    "rpm")) != NULL) {
4185				scsi_ulto2b(strtol(value, NULL, 0),
4186				     rigid_disk_page->rotation_rate);
4187			}
4188
4189			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4190			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4191			       sizeof(rigid_disk_page_default));
4192			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4193			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4194			       sizeof(rigid_disk_page_default));
4195
4196			page_index->page_data =
4197				(uint8_t *)lun->mode_pages.rigid_disk_page;
4198			break;
4199		}
4200		case SMS_CACHING_PAGE: {
4201			struct scsi_caching_page *caching_page;
4202
4203			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4204				panic("invalid subpage value %d",
4205				      page_index->subpage);
4206			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4207			       &caching_page_default,
4208			       sizeof(caching_page_default));
4209			memcpy(&lun->mode_pages.caching_page[
4210			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4211			       sizeof(caching_page_changeable));
4212			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4213			       &caching_page_default,
4214			       sizeof(caching_page_default));
4215			caching_page = &lun->mode_pages.caching_page[
4216			    CTL_PAGE_SAVED];
4217			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4218			if (value != NULL && strcmp(value, "off") == 0)
4219				caching_page->flags1 &= ~SCP_WCE;
4220			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4221			if (value != NULL && strcmp(value, "off") == 0)
4222				caching_page->flags1 |= SCP_RCD;
4223			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4224			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4225			       sizeof(caching_page_default));
4226			page_index->page_data =
4227				(uint8_t *)lun->mode_pages.caching_page;
4228			break;
4229		}
4230		case SMS_CONTROL_MODE_PAGE: {
4231			switch (page_index->subpage) {
4232			case SMS_SUBPAGE_PAGE_0: {
4233				struct scsi_control_page *control_page;
4234
4235				memcpy(&lun->mode_pages.control_page[
4236				    CTL_PAGE_DEFAULT],
4237				       &control_page_default,
4238				       sizeof(control_page_default));
4239				memcpy(&lun->mode_pages.control_page[
4240				    CTL_PAGE_CHANGEABLE],
4241				       &control_page_changeable,
4242				       sizeof(control_page_changeable));
4243				memcpy(&lun->mode_pages.control_page[
4244				    CTL_PAGE_SAVED],
4245				       &control_page_default,
4246				       sizeof(control_page_default));
4247				control_page = &lun->mode_pages.control_page[
4248				    CTL_PAGE_SAVED];
4249				value = ctl_get_opt(&lun->be_lun->options,
4250				    "reordering");
4251				if (value != NULL &&
4252				    strcmp(value, "unrestricted") == 0) {
4253					control_page->queue_flags &=
4254					    ~SCP_QUEUE_ALG_MASK;
4255					control_page->queue_flags |=
4256					    SCP_QUEUE_ALG_UNRESTRICTED;
4257				}
4258				memcpy(&lun->mode_pages.control_page[
4259				    CTL_PAGE_CURRENT],
4260				       &lun->mode_pages.control_page[
4261				    CTL_PAGE_SAVED],
4262				       sizeof(control_page_default));
4263				page_index->page_data =
4264				    (uint8_t *)lun->mode_pages.control_page;
4265				break;
4266			}
4267			case 0x01:
4268				memcpy(&lun->mode_pages.control_ext_page[
4269				    CTL_PAGE_DEFAULT],
4270				       &control_ext_page_default,
4271				       sizeof(control_ext_page_default));
4272				memcpy(&lun->mode_pages.control_ext_page[
4273				    CTL_PAGE_CHANGEABLE],
4274				       &control_ext_page_changeable,
4275				       sizeof(control_ext_page_changeable));
4276				memcpy(&lun->mode_pages.control_ext_page[
4277				    CTL_PAGE_SAVED],
4278				       &control_ext_page_default,
4279				       sizeof(control_ext_page_default));
4280				memcpy(&lun->mode_pages.control_ext_page[
4281				    CTL_PAGE_CURRENT],
4282				       &lun->mode_pages.control_ext_page[
4283				    CTL_PAGE_SAVED],
4284				       sizeof(control_ext_page_default));
4285				page_index->page_data =
4286				    (uint8_t *)lun->mode_pages.control_ext_page;
4287				break;
4288			}
4289			break;
4290		}
4291		case SMS_INFO_EXCEPTIONS_PAGE: {
4292			switch (page_index->subpage) {
4293			case SMS_SUBPAGE_PAGE_0:
4294				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4295				       &ie_page_default,
4296				       sizeof(ie_page_default));
4297				memcpy(&lun->mode_pages.ie_page[
4298				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4299				       sizeof(ie_page_changeable));
4300				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4301				       &ie_page_default,
4302				       sizeof(ie_page_default));
4303				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4304				       &ie_page_default,
4305				       sizeof(ie_page_default));
4306				page_index->page_data =
4307					(uint8_t *)lun->mode_pages.ie_page;
4308				break;
4309			case 0x02: {
4310				struct ctl_logical_block_provisioning_page *page;
4311
4312				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4313				       &lbp_page_default,
4314				       sizeof(lbp_page_default));
4315				memcpy(&lun->mode_pages.lbp_page[
4316				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4317				       sizeof(lbp_page_changeable));
4318				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4319				       &lbp_page_default,
4320				       sizeof(lbp_page_default));
4321				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4322				value = ctl_get_opt(&lun->be_lun->options,
4323				    "avail-threshold");
4324				if (value != NULL &&
4325				    ctl_expand_number(value, &ival) == 0) {
4326					page->descr[0].flags |= SLBPPD_ENABLED |
4327					    SLBPPD_ARMING_DEC;
4328					if (lun->be_lun->blocksize)
4329						ival /= lun->be_lun->blocksize;
4330					else
4331						ival /= 512;
4332					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4333					    page->descr[0].count);
4334				}
4335				value = ctl_get_opt(&lun->be_lun->options,
4336				    "used-threshold");
4337				if (value != NULL &&
4338				    ctl_expand_number(value, &ival) == 0) {
4339					page->descr[1].flags |= SLBPPD_ENABLED |
4340					    SLBPPD_ARMING_INC;
4341					if (lun->be_lun->blocksize)
4342						ival /= lun->be_lun->blocksize;
4343					else
4344						ival /= 512;
4345					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4346					    page->descr[1].count);
4347				}
4348				value = ctl_get_opt(&lun->be_lun->options,
4349				    "pool-avail-threshold");
4350				if (value != NULL &&
4351				    ctl_expand_number(value, &ival) == 0) {
4352					page->descr[2].flags |= SLBPPD_ENABLED |
4353					    SLBPPD_ARMING_DEC;
4354					if (lun->be_lun->blocksize)
4355						ival /= lun->be_lun->blocksize;
4356					else
4357						ival /= 512;
4358					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4359					    page->descr[2].count);
4360				}
4361				value = ctl_get_opt(&lun->be_lun->options,
4362				    "pool-used-threshold");
4363				if (value != NULL &&
4364				    ctl_expand_number(value, &ival) == 0) {
4365					page->descr[3].flags |= SLBPPD_ENABLED |
4366					    SLBPPD_ARMING_INC;
4367					if (lun->be_lun->blocksize)
4368						ival /= lun->be_lun->blocksize;
4369					else
4370						ival /= 512;
4371					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4372					    page->descr[3].count);
4373				}
4374				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4375				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4376				       sizeof(lbp_page_default));
4377				page_index->page_data =
4378					(uint8_t *)lun->mode_pages.lbp_page;
4379			}}
4380			break;
4381		}
4382		case SMS_VENDOR_SPECIFIC_PAGE:{
4383			switch (page_index->subpage) {
4384			case DBGCNF_SUBPAGE_CODE: {
4385				struct copan_debugconf_subpage *current_page,
4386							       *saved_page;
4387
4388				memcpy(&lun->mode_pages.debugconf_subpage[
4389				       CTL_PAGE_CURRENT],
4390				       &debugconf_page_default,
4391				       sizeof(debugconf_page_default));
4392				memcpy(&lun->mode_pages.debugconf_subpage[
4393				       CTL_PAGE_CHANGEABLE],
4394				       &debugconf_page_changeable,
4395				       sizeof(debugconf_page_changeable));
4396				memcpy(&lun->mode_pages.debugconf_subpage[
4397				       CTL_PAGE_DEFAULT],
4398				       &debugconf_page_default,
4399				       sizeof(debugconf_page_default));
4400				memcpy(&lun->mode_pages.debugconf_subpage[
4401				       CTL_PAGE_SAVED],
4402				       &debugconf_page_default,
4403				       sizeof(debugconf_page_default));
4404				page_index->page_data =
4405					(uint8_t *)lun->mode_pages.debugconf_subpage;
4406
4407				current_page = (struct copan_debugconf_subpage *)
4408					(page_index->page_data +
4409					 (page_index->page_len *
4410					  CTL_PAGE_CURRENT));
4411				saved_page = (struct copan_debugconf_subpage *)
4412					(page_index->page_data +
4413					 (page_index->page_len *
4414					  CTL_PAGE_SAVED));
4415				break;
4416			}
4417			default:
4418				panic("invalid subpage value %d",
4419				      page_index->subpage);
4420				break;
4421			}
4422   			break;
4423		}
4424		default:
4425			panic("invalid page value %d",
4426			      page_index->page_code & SMPH_PC_MASK);
4427			break;
4428    	}
4429	}
4430
4431	return (CTL_RETVAL_COMPLETE);
4432}
4433
4434static int
4435ctl_init_log_page_index(struct ctl_lun *lun)
4436{
4437	struct ctl_page_index *page_index;
4438	int i, j, k, prev;
4439
4440	memcpy(&lun->log_pages.index, log_page_index_template,
4441	       sizeof(log_page_index_template));
4442
4443	prev = -1;
4444	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4445
4446		page_index = &lun->log_pages.index[i];
4447		/*
4448		 * If this is a disk-only mode page, there's no point in
4449		 * setting it up.  For some pages, we have to have some
4450		 * basic information about the disk in order to calculate the
4451		 * mode page data.
4452		 */
4453		if ((lun->be_lun->lun_type != T_DIRECT)
4454		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4455			continue;
4456
4457		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4458		     lun->backend->lun_attr == NULL)
4459			continue;
4460
4461		if (page_index->page_code != prev) {
4462			lun->log_pages.pages_page[j] = page_index->page_code;
4463			prev = page_index->page_code;
4464			j++;
4465		}
4466		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4467		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4468		k++;
4469	}
4470	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4471	lun->log_pages.index[0].page_len = j;
4472	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4473	lun->log_pages.index[1].page_len = k * 2;
4474	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4475	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4476	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4477	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4478
4479	return (CTL_RETVAL_COMPLETE);
4480}
4481
4482static int
4483hex2bin(const char *str, uint8_t *buf, int buf_size)
4484{
4485	int i;
4486	u_char c;
4487
4488	memset(buf, 0, buf_size);
4489	while (isspace(str[0]))
4490		str++;
4491	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4492		str += 2;
4493	buf_size *= 2;
4494	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4495		c = str[i];
4496		if (isdigit(c))
4497			c -= '0';
4498		else if (isalpha(c))
4499			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4500		else
4501			break;
4502		if (c >= 16)
4503			break;
4504		if ((i & 1) == 0)
4505			buf[i / 2] |= (c << 4);
4506		else
4507			buf[i / 2] |= c;
4508	}
4509	return ((i + 1) / 2);
4510}
4511
4512/*
4513 * LUN allocation.
4514 *
4515 * Requirements:
4516 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4517 *   wants us to allocate the LUN and he can block.
4518 * - ctl_softc is always set
4519 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4520 *
4521 * Returns 0 for success, non-zero (errno) for failure.
4522 */
4523static int
4524ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4525	      struct ctl_be_lun *const be_lun)
4526{
4527	struct ctl_lun *nlun, *lun;
4528	struct scsi_vpd_id_descriptor *desc;
4529	struct scsi_vpd_id_t10 *t10id;
4530	const char *eui, *naa, *scsiname, *vendor;
4531	int lun_number, i, lun_malloced;
4532	int devidlen, idlen1, idlen2 = 0, len;
4533
4534	if (be_lun == NULL)
4535		return (EINVAL);
4536
4537	/*
4538	 * We currently only support Direct Access or Processor LUN types.
4539	 */
4540	switch (be_lun->lun_type) {
4541	case T_DIRECT:
4542		break;
4543	case T_PROCESSOR:
4544		break;
4545	case T_SEQUENTIAL:
4546	case T_CHANGER:
4547	default:
4548		be_lun->lun_config_status(be_lun->be_lun,
4549					  CTL_LUN_CONFIG_FAILURE);
4550		break;
4551	}
4552	if (ctl_lun == NULL) {
4553		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4554		lun_malloced = 1;
4555	} else {
4556		lun_malloced = 0;
4557		lun = ctl_lun;
4558	}
4559
4560	memset(lun, 0, sizeof(*lun));
4561	if (lun_malloced)
4562		lun->flags = CTL_LUN_MALLOCED;
4563
4564	/* Generate LUN ID. */
4565	devidlen = max(CTL_DEVID_MIN_LEN,
4566	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4567	idlen1 = sizeof(*t10id) + devidlen;
4568	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4569	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4570	if (scsiname != NULL) {
4571		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4572		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4573	}
4574	eui = ctl_get_opt(&be_lun->options, "eui");
4575	if (eui != NULL) {
4576		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4577	}
4578	naa = ctl_get_opt(&be_lun->options, "naa");
4579	if (naa != NULL) {
4580		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4581	}
4582	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4583	    M_CTL, M_WAITOK | M_ZERO);
4584	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4585	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4586	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4587	desc->length = idlen1;
4588	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4589	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4590	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4591		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4592	} else {
4593		strncpy(t10id->vendor, vendor,
4594		    min(sizeof(t10id->vendor), strlen(vendor)));
4595	}
4596	strncpy((char *)t10id->vendor_spec_id,
4597	    (char *)be_lun->device_id, devidlen);
4598	if (scsiname != NULL) {
4599		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4600		    desc->length);
4601		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4602		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4603		    SVPD_ID_TYPE_SCSI_NAME;
4604		desc->length = idlen2;
4605		strlcpy(desc->identifier, scsiname, idlen2);
4606	}
4607	if (eui != NULL) {
4608		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4609		    desc->length);
4610		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4611		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4612		    SVPD_ID_TYPE_EUI64;
4613		desc->length = hex2bin(eui, desc->identifier, 16);
4614		desc->length = desc->length > 12 ? 16 :
4615		    (desc->length > 8 ? 12 : 8);
4616		len -= 16 - desc->length;
4617	}
4618	if (naa != NULL) {
4619		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4620		    desc->length);
4621		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4622		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4623		    SVPD_ID_TYPE_NAA;
4624		desc->length = hex2bin(naa, desc->identifier, 16);
4625		desc->length = desc->length > 8 ? 16 : 8;
4626		len -= 16 - desc->length;
4627	}
4628	lun->lun_devid->len = len;
4629
4630	mtx_lock(&ctl_softc->ctl_lock);
4631	/*
4632	 * See if the caller requested a particular LUN number.  If so, see
4633	 * if it is available.  Otherwise, allocate the first available LUN.
4634	 */
4635	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4636		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4637		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4638			mtx_unlock(&ctl_softc->ctl_lock);
4639			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4640				printf("ctl: requested LUN ID %d is higher "
4641				       "than CTL_MAX_LUNS - 1 (%d)\n",
4642				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4643			} else {
4644				/*
4645				 * XXX KDM return an error, or just assign
4646				 * another LUN ID in this case??
4647				 */
4648				printf("ctl: requested LUN ID %d is already "
4649				       "in use\n", be_lun->req_lun_id);
4650			}
4651			if (lun->flags & CTL_LUN_MALLOCED)
4652				free(lun, M_CTL);
4653			be_lun->lun_config_status(be_lun->be_lun,
4654						  CTL_LUN_CONFIG_FAILURE);
4655			return (ENOSPC);
4656		}
4657		lun_number = be_lun->req_lun_id;
4658	} else {
4659		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4660		if (lun_number == -1) {
4661			mtx_unlock(&ctl_softc->ctl_lock);
4662			printf("ctl: can't allocate LUN, out of LUNs\n");
4663			if (lun->flags & CTL_LUN_MALLOCED)
4664				free(lun, M_CTL);
4665			be_lun->lun_config_status(be_lun->be_lun,
4666						  CTL_LUN_CONFIG_FAILURE);
4667			return (ENOSPC);
4668		}
4669	}
4670	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4671
4672	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4673	lun->lun = lun_number;
4674	lun->be_lun = be_lun;
4675	/*
4676	 * The processor LUN is always enabled.  Disk LUNs come on line
4677	 * disabled, and must be enabled by the backend.
4678	 */
4679	lun->flags |= CTL_LUN_DISABLED;
4680	lun->backend = be_lun->be;
4681	be_lun->ctl_lun = lun;
4682	be_lun->lun_id = lun_number;
4683	atomic_add_int(&be_lun->be->num_luns, 1);
4684	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4685		lun->flags |= CTL_LUN_OFFLINE;
4686
4687	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4688		lun->flags |= CTL_LUN_STOPPED;
4689
4690	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4691		lun->flags |= CTL_LUN_INOPERABLE;
4692
4693	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4694		lun->flags |= CTL_LUN_PRIMARY_SC;
4695
4696	lun->ctl_softc = ctl_softc;
4697#ifdef CTL_TIME_IO
4698	lun->last_busy = getsbinuptime();
4699#endif
4700	TAILQ_INIT(&lun->ooa_queue);
4701	TAILQ_INIT(&lun->blocked_queue);
4702	STAILQ_INIT(&lun->error_list);
4703	ctl_tpc_lun_init(lun);
4704
4705	/*
4706	 * Initialize the mode and log page index.
4707	 */
4708	ctl_init_page_index(lun);
4709	ctl_init_log_page_index(lun);
4710
4711	/*
4712	 * Now, before we insert this lun on the lun list, set the lun
4713	 * inventory changed UA for all other luns.
4714	 */
4715	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4716		mtx_lock(&nlun->lun_lock);
4717		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4718		mtx_unlock(&nlun->lun_lock);
4719	}
4720
4721	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4722
4723	ctl_softc->ctl_luns[lun_number] = lun;
4724
4725	ctl_softc->num_luns++;
4726
4727	/* Setup statistics gathering */
4728	lun->stats.device_type = be_lun->lun_type;
4729	lun->stats.lun_number = lun_number;
4730	if (lun->stats.device_type == T_DIRECT)
4731		lun->stats.blocksize = be_lun->blocksize;
4732	else
4733		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4734	for (i = 0;i < CTL_MAX_PORTS;i++)
4735		lun->stats.ports[i].targ_port = i;
4736
4737	mtx_unlock(&ctl_softc->ctl_lock);
4738
4739	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4740	return (0);
4741}
4742
4743/*
4744 * Delete a LUN.
4745 * Assumptions:
4746 * - LUN has already been marked invalid and any pending I/O has been taken
4747 *   care of.
4748 */
4749static int
4750ctl_free_lun(struct ctl_lun *lun)
4751{
4752	struct ctl_softc *softc;
4753	struct ctl_lun *nlun;
4754	int i;
4755
4756	softc = lun->ctl_softc;
4757
4758	mtx_assert(&softc->ctl_lock, MA_OWNED);
4759
4760	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4761
4762	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4763
4764	softc->ctl_luns[lun->lun] = NULL;
4765
4766	if (!TAILQ_EMPTY(&lun->ooa_queue))
4767		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4768
4769	softc->num_luns--;
4770
4771	/*
4772	 * Tell the backend to free resources, if this LUN has a backend.
4773	 */
4774	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4775	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4776
4777	ctl_tpc_lun_shutdown(lun);
4778	mtx_destroy(&lun->lun_lock);
4779	free(lun->lun_devid, M_CTL);
4780	for (i = 0; i < CTL_MAX_PORTS; i++)
4781		free(lun->pending_ua[i], M_CTL);
4782	for (i = 0; i < CTL_MAX_PORTS; i++)
4783		free(lun->pr_keys[i], M_CTL);
4784	free(lun->write_buffer, M_CTL);
4785	if (lun->flags & CTL_LUN_MALLOCED)
4786		free(lun, M_CTL);
4787
4788	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4789		mtx_lock(&nlun->lun_lock);
4790		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4791		mtx_unlock(&nlun->lun_lock);
4792	}
4793
4794	return (0);
4795}
4796
4797static void
4798ctl_create_lun(struct ctl_be_lun *be_lun)
4799{
4800
4801	/*
4802	 * ctl_alloc_lun() should handle all potential failure cases.
4803	 */
4804	ctl_alloc_lun(control_softc, NULL, be_lun);
4805}
4806
4807int
4808ctl_add_lun(struct ctl_be_lun *be_lun)
4809{
4810	struct ctl_softc *softc = control_softc;
4811
4812	mtx_lock(&softc->ctl_lock);
4813	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4814	mtx_unlock(&softc->ctl_lock);
4815	wakeup(&softc->pending_lun_queue);
4816
4817	return (0);
4818}
4819
4820int
4821ctl_enable_lun(struct ctl_be_lun *be_lun)
4822{
4823	struct ctl_softc *softc;
4824	struct ctl_port *port, *nport;
4825	struct ctl_lun *lun;
4826	int retval;
4827
4828	lun = (struct ctl_lun *)be_lun->ctl_lun;
4829	softc = lun->ctl_softc;
4830
4831	mtx_lock(&softc->ctl_lock);
4832	mtx_lock(&lun->lun_lock);
4833	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4834		/*
4835		 * eh?  Why did we get called if the LUN is already
4836		 * enabled?
4837		 */
4838		mtx_unlock(&lun->lun_lock);
4839		mtx_unlock(&softc->ctl_lock);
4840		return (0);
4841	}
4842	lun->flags &= ~CTL_LUN_DISABLED;
4843	mtx_unlock(&lun->lun_lock);
4844
4845	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4846		nport = STAILQ_NEXT(port, links);
4847		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4848		    port->lun_map != NULL || port->lun_enable == NULL)
4849			continue;
4850
4851		/*
4852		 * Drop the lock while we call the FETD's enable routine.
4853		 * This can lead to a callback into CTL (at least in the
4854		 * case of the internal initiator frontend.
4855		 */
4856		mtx_unlock(&softc->ctl_lock);
4857		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4858		mtx_lock(&softc->ctl_lock);
4859		if (retval != 0) {
4860			printf("%s: FETD %s port %d returned error "
4861			       "%d for lun_enable on lun %jd\n",
4862			       __func__, port->port_name, port->targ_port,
4863			       retval, (intmax_t)lun->lun);
4864		}
4865	}
4866
4867	mtx_unlock(&softc->ctl_lock);
4868	ctl_isc_announce_lun(lun);
4869
4870	return (0);
4871}
4872
4873int
4874ctl_disable_lun(struct ctl_be_lun *be_lun)
4875{
4876	struct ctl_softc *softc;
4877	struct ctl_port *port;
4878	struct ctl_lun *lun;
4879	int retval;
4880
4881	lun = (struct ctl_lun *)be_lun->ctl_lun;
4882	softc = lun->ctl_softc;
4883
4884	mtx_lock(&softc->ctl_lock);
4885	mtx_lock(&lun->lun_lock);
4886	if (lun->flags & CTL_LUN_DISABLED) {
4887		mtx_unlock(&lun->lun_lock);
4888		mtx_unlock(&softc->ctl_lock);
4889		return (0);
4890	}
4891	lun->flags |= CTL_LUN_DISABLED;
4892	mtx_unlock(&lun->lun_lock);
4893
4894	STAILQ_FOREACH(port, &softc->port_list, links) {
4895		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4896		    port->lun_map != NULL || port->lun_disable == NULL)
4897			continue;
4898
4899		/*
4900		 * Drop the lock before we call the frontend's disable
4901		 * routine, to avoid lock order reversals.
4902		 *
4903		 * XXX KDM what happens if the frontend list changes while
4904		 * we're traversing it?  It's unlikely, but should be handled.
4905		 */
4906		mtx_unlock(&softc->ctl_lock);
4907		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4908		mtx_lock(&softc->ctl_lock);
4909		if (retval != 0) {
4910			printf("%s: FETD %s port %d returned error "
4911			       "%d for lun_disable on lun %jd\n",
4912			       __func__, port->port_name, port->targ_port,
4913			       retval, (intmax_t)lun->lun);
4914		}
4915	}
4916
4917	mtx_unlock(&softc->ctl_lock);
4918	ctl_isc_announce_lun(lun);
4919
4920	return (0);
4921}
4922
4923int
4924ctl_start_lun(struct ctl_be_lun *be_lun)
4925{
4926	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4927
4928	mtx_lock(&lun->lun_lock);
4929	lun->flags &= ~CTL_LUN_STOPPED;
4930	mtx_unlock(&lun->lun_lock);
4931	return (0);
4932}
4933
4934int
4935ctl_stop_lun(struct ctl_be_lun *be_lun)
4936{
4937	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4938
4939	mtx_lock(&lun->lun_lock);
4940	lun->flags |= CTL_LUN_STOPPED;
4941	mtx_unlock(&lun->lun_lock);
4942	return (0);
4943}
4944
4945int
4946ctl_lun_offline(struct ctl_be_lun *be_lun)
4947{
4948	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4949
4950	mtx_lock(&lun->lun_lock);
4951	lun->flags |= CTL_LUN_OFFLINE;
4952	mtx_unlock(&lun->lun_lock);
4953	return (0);
4954}
4955
4956int
4957ctl_lun_online(struct ctl_be_lun *be_lun)
4958{
4959	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4960
4961	mtx_lock(&lun->lun_lock);
4962	lun->flags &= ~CTL_LUN_OFFLINE;
4963	mtx_unlock(&lun->lun_lock);
4964	return (0);
4965}
4966
4967int
4968ctl_lun_primary(struct ctl_be_lun *be_lun)
4969{
4970	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4971
4972	mtx_lock(&lun->lun_lock);
4973	lun->flags |= CTL_LUN_PRIMARY_SC;
4974	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4975	mtx_unlock(&lun->lun_lock);
4976	ctl_isc_announce_lun(lun);
4977	return (0);
4978}
4979
4980int
4981ctl_lun_secondary(struct ctl_be_lun *be_lun)
4982{
4983	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4984
4985	mtx_lock(&lun->lun_lock);
4986	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4987	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4988	mtx_unlock(&lun->lun_lock);
4989	ctl_isc_announce_lun(lun);
4990	return (0);
4991}
4992
4993int
4994ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4995{
4996	struct ctl_softc *softc;
4997	struct ctl_lun *lun;
4998
4999	lun = (struct ctl_lun *)be_lun->ctl_lun;
5000	softc = lun->ctl_softc;
5001
5002	mtx_lock(&lun->lun_lock);
5003
5004	/*
5005	 * The LUN needs to be disabled before it can be marked invalid.
5006	 */
5007	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
5008		mtx_unlock(&lun->lun_lock);
5009		return (-1);
5010	}
5011	/*
5012	 * Mark the LUN invalid.
5013	 */
5014	lun->flags |= CTL_LUN_INVALID;
5015
5016	/*
5017	 * If there is nothing in the OOA queue, go ahead and free the LUN.
5018	 * If we have something in the OOA queue, we'll free it when the
5019	 * last I/O completes.
5020	 */
5021	if (TAILQ_EMPTY(&lun->ooa_queue)) {
5022		mtx_unlock(&lun->lun_lock);
5023		mtx_lock(&softc->ctl_lock);
5024		ctl_free_lun(lun);
5025		mtx_unlock(&softc->ctl_lock);
5026	} else
5027		mtx_unlock(&lun->lun_lock);
5028
5029	return (0);
5030}
5031
5032int
5033ctl_lun_inoperable(struct ctl_be_lun *be_lun)
5034{
5035	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5036
5037	mtx_lock(&lun->lun_lock);
5038	lun->flags |= CTL_LUN_INOPERABLE;
5039	mtx_unlock(&lun->lun_lock);
5040	return (0);
5041}
5042
5043int
5044ctl_lun_operable(struct ctl_be_lun *be_lun)
5045{
5046	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5047
5048	mtx_lock(&lun->lun_lock);
5049	lun->flags &= ~CTL_LUN_INOPERABLE;
5050	mtx_unlock(&lun->lun_lock);
5051	return (0);
5052}
5053
5054void
5055ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5056{
5057	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5058	union ctl_ha_msg msg;
5059
5060	mtx_lock(&lun->lun_lock);
5061	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
5062	mtx_unlock(&lun->lun_lock);
5063	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
5064		/* Send msg to other side. */
5065		bzero(&msg.ua, sizeof(msg.ua));
5066		msg.hdr.msg_type = CTL_MSG_UA;
5067		msg.hdr.nexus.initid = -1;
5068		msg.hdr.nexus.targ_port = -1;
5069		msg.hdr.nexus.targ_lun = lun->lun;
5070		msg.hdr.nexus.targ_mapped_lun = lun->lun;
5071		msg.ua.ua_all = 1;
5072		msg.ua.ua_set = 1;
5073		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
5074		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
5075		    M_WAITOK);
5076	}
5077}
5078
5079/*
5080 * Backend "memory move is complete" callback for requests that never
5081 * make it down to say RAIDCore's configuration code.
5082 */
5083int
5084ctl_config_move_done(union ctl_io *io)
5085{
5086	int retval;
5087
5088	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5089	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
5090	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
5091
5092	if ((io->io_hdr.port_status != 0) &&
5093	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5094	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5095		/*
5096		 * For hardware error sense keys, the sense key
5097		 * specific value is defined to be a retry count,
5098		 * but we use it to pass back an internal FETD
5099		 * error code.  XXX KDM  Hopefully the FETD is only
5100		 * using 16 bits for an error code, since that's
5101		 * all the space we have in the sks field.
5102		 */
5103		ctl_set_internal_failure(&io->scsiio,
5104					 /*sks_valid*/ 1,
5105					 /*retry_count*/
5106					 io->io_hdr.port_status);
5107	}
5108
5109	if (ctl_debug & CTL_DEBUG_CDB_DATA)
5110		ctl_data_print(io);
5111	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
5112	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5113	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
5114	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5115		/*
5116		 * XXX KDM just assuming a single pointer here, and not a
5117		 * S/G list.  If we start using S/G lists for config data,
5118		 * we'll need to know how to clean them up here as well.
5119		 */
5120		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5121			free(io->scsiio.kern_data_ptr, M_CTL);
5122		ctl_done(io);
5123		retval = CTL_RETVAL_COMPLETE;
5124	} else {
5125		/*
5126		 * XXX KDM now we need to continue data movement.  Some
5127		 * options:
5128		 * - call ctl_scsiio() again?  We don't do this for data
5129		 *   writes, because for those at least we know ahead of
5130		 *   time where the write will go and how long it is.  For
5131		 *   config writes, though, that information is largely
5132		 *   contained within the write itself, thus we need to
5133		 *   parse out the data again.
5134		 *
5135		 * - Call some other function once the data is in?
5136		 */
5137
5138		/*
5139		 * XXX KDM call ctl_scsiio() again for now, and check flag
5140		 * bits to see whether we're allocated or not.
5141		 */
5142		retval = ctl_scsiio(&io->scsiio);
5143	}
5144	return (retval);
5145}
5146
5147/*
5148 * This gets called by a backend driver when it is done with a
5149 * data_submit method.
5150 */
5151void
5152ctl_data_submit_done(union ctl_io *io)
5153{
5154	/*
5155	 * If the IO_CONT flag is set, we need to call the supplied
5156	 * function to continue processing the I/O, instead of completing
5157	 * the I/O just yet.
5158	 *
5159	 * If there is an error, though, we don't want to keep processing.
5160	 * Instead, just send status back to the initiator.
5161	 */
5162	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5163	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5164	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5165	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5166		io->scsiio.io_cont(io);
5167		return;
5168	}
5169	ctl_done(io);
5170}
5171
5172/*
5173 * This gets called by a backend driver when it is done with a
5174 * configuration write.
5175 */
5176void
5177ctl_config_write_done(union ctl_io *io)
5178{
5179	uint8_t *buf;
5180
5181	/*
5182	 * If the IO_CONT flag is set, we need to call the supplied
5183	 * function to continue processing the I/O, instead of completing
5184	 * the I/O just yet.
5185	 *
5186	 * If there is an error, though, we don't want to keep processing.
5187	 * Instead, just send status back to the initiator.
5188	 */
5189	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5190	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5191	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5192	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5193		io->scsiio.io_cont(io);
5194		return;
5195	}
5196	/*
5197	 * Since a configuration write can be done for commands that actually
5198	 * have data allocated, like write buffer, and commands that have
5199	 * no data, like start/stop unit, we need to check here.
5200	 */
5201	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5202		buf = io->scsiio.kern_data_ptr;
5203	else
5204		buf = NULL;
5205	ctl_done(io);
5206	if (buf)
5207		free(buf, M_CTL);
5208}
5209
5210void
5211ctl_config_read_done(union ctl_io *io)
5212{
5213	uint8_t *buf;
5214
5215	/*
5216	 * If there is some error -- we are done, skip data transfer.
5217	 */
5218	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5219	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5220	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5221		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5222			buf = io->scsiio.kern_data_ptr;
5223		else
5224			buf = NULL;
5225		ctl_done(io);
5226		if (buf)
5227			free(buf, M_CTL);
5228		return;
5229	}
5230
5231	/*
5232	 * If the IO_CONT flag is set, we need to call the supplied
5233	 * function to continue processing the I/O, instead of completing
5234	 * the I/O just yet.
5235	 */
5236	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5237		io->scsiio.io_cont(io);
5238		return;
5239	}
5240
5241	ctl_datamove(io);
5242}
5243
5244/*
5245 * SCSI release command.
5246 */
5247int
5248ctl_scsi_release(struct ctl_scsiio *ctsio)
5249{
5250	int length, longid, thirdparty_id, resv_id;
5251	struct ctl_lun *lun;
5252	uint32_t residx;
5253
5254	length = 0;
5255	resv_id = 0;
5256
5257	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5258
5259	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5260	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5261
5262	switch (ctsio->cdb[0]) {
5263	case RELEASE_10: {
5264		struct scsi_release_10 *cdb;
5265
5266		cdb = (struct scsi_release_10 *)ctsio->cdb;
5267
5268		if (cdb->byte2 & SR10_LONGID)
5269			longid = 1;
5270		else
5271			thirdparty_id = cdb->thirdparty_id;
5272
5273		resv_id = cdb->resv_id;
5274		length = scsi_2btoul(cdb->length);
5275		break;
5276	}
5277	}
5278
5279
5280	/*
5281	 * XXX KDM right now, we only support LUN reservation.  We don't
5282	 * support 3rd party reservations, or extent reservations, which
5283	 * might actually need the parameter list.  If we've gotten this
5284	 * far, we've got a LUN reservation.  Anything else got kicked out
5285	 * above.  So, according to SPC, ignore the length.
5286	 */
5287	length = 0;
5288
5289	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5290	 && (length > 0)) {
5291		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5292		ctsio->kern_data_len = length;
5293		ctsio->kern_total_len = length;
5294		ctsio->kern_data_resid = 0;
5295		ctsio->kern_rel_offset = 0;
5296		ctsio->kern_sg_entries = 0;
5297		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5298		ctsio->be_move_done = ctl_config_move_done;
5299		ctl_datamove((union ctl_io *)ctsio);
5300
5301		return (CTL_RETVAL_COMPLETE);
5302	}
5303
5304	if (length > 0)
5305		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5306
5307	mtx_lock(&lun->lun_lock);
5308
5309	/*
5310	 * According to SPC, it is not an error for an intiator to attempt
5311	 * to release a reservation on a LUN that isn't reserved, or that
5312	 * is reserved by another initiator.  The reservation can only be
5313	 * released, though, by the initiator who made it or by one of
5314	 * several reset type events.
5315	 */
5316	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5317			lun->flags &= ~CTL_LUN_RESERVED;
5318
5319	mtx_unlock(&lun->lun_lock);
5320
5321	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5322		free(ctsio->kern_data_ptr, M_CTL);
5323		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5324	}
5325
5326	ctl_set_success(ctsio);
5327	ctl_done((union ctl_io *)ctsio);
5328	return (CTL_RETVAL_COMPLETE);
5329}
5330
5331int
5332ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5333{
5334	int extent, thirdparty, longid;
5335	int resv_id, length;
5336	uint64_t thirdparty_id;
5337	struct ctl_lun *lun;
5338	uint32_t residx;
5339
5340	extent = 0;
5341	thirdparty = 0;
5342	longid = 0;
5343	resv_id = 0;
5344	length = 0;
5345	thirdparty_id = 0;
5346
5347	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5348
5349	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5350	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5351
5352	switch (ctsio->cdb[0]) {
5353	case RESERVE_10: {
5354		struct scsi_reserve_10 *cdb;
5355
5356		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5357
5358		if (cdb->byte2 & SR10_LONGID)
5359			longid = 1;
5360		else
5361			thirdparty_id = cdb->thirdparty_id;
5362
5363		resv_id = cdb->resv_id;
5364		length = scsi_2btoul(cdb->length);
5365		break;
5366	}
5367	}
5368
5369	/*
5370	 * XXX KDM right now, we only support LUN reservation.  We don't
5371	 * support 3rd party reservations, or extent reservations, which
5372	 * might actually need the parameter list.  If we've gotten this
5373	 * far, we've got a LUN reservation.  Anything else got kicked out
5374	 * above.  So, according to SPC, ignore the length.
5375	 */
5376	length = 0;
5377
5378	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5379	 && (length > 0)) {
5380		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5381		ctsio->kern_data_len = length;
5382		ctsio->kern_total_len = length;
5383		ctsio->kern_data_resid = 0;
5384		ctsio->kern_rel_offset = 0;
5385		ctsio->kern_sg_entries = 0;
5386		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5387		ctsio->be_move_done = ctl_config_move_done;
5388		ctl_datamove((union ctl_io *)ctsio);
5389
5390		return (CTL_RETVAL_COMPLETE);
5391	}
5392
5393	if (length > 0)
5394		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5395
5396	mtx_lock(&lun->lun_lock);
5397	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5398		ctl_set_reservation_conflict(ctsio);
5399		goto bailout;
5400	}
5401
5402	lun->flags |= CTL_LUN_RESERVED;
5403	lun->res_idx = residx;
5404
5405	ctl_set_success(ctsio);
5406
5407bailout:
5408	mtx_unlock(&lun->lun_lock);
5409
5410	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5411		free(ctsio->kern_data_ptr, M_CTL);
5412		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5413	}
5414
5415	ctl_done((union ctl_io *)ctsio);
5416	return (CTL_RETVAL_COMPLETE);
5417}
5418
5419int
5420ctl_start_stop(struct ctl_scsiio *ctsio)
5421{
5422	struct scsi_start_stop_unit *cdb;
5423	struct ctl_lun *lun;
5424	int retval;
5425
5426	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5427
5428	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5429	retval = 0;
5430
5431	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5432
5433	/*
5434	 * XXX KDM
5435	 * We don't support the immediate bit on a stop unit.  In order to
5436	 * do that, we would need to code up a way to know that a stop is
5437	 * pending, and hold off any new commands until it completes, one
5438	 * way or another.  Then we could accept or reject those commands
5439	 * depending on its status.  We would almost need to do the reverse
5440	 * of what we do below for an immediate start -- return the copy of
5441	 * the ctl_io to the FETD with status to send to the host (and to
5442	 * free the copy!) and then free the original I/O once the stop
5443	 * actually completes.  That way, the OOA queue mechanism can work
5444	 * to block commands that shouldn't proceed.  Another alternative
5445	 * would be to put the copy in the queue in place of the original,
5446	 * and return the original back to the caller.  That could be
5447	 * slightly safer..
5448	 */
5449	if ((cdb->byte2 & SSS_IMMED)
5450	 && ((cdb->how & SSS_START) == 0)) {
5451		ctl_set_invalid_field(ctsio,
5452				      /*sks_valid*/ 1,
5453				      /*command*/ 1,
5454				      /*field*/ 1,
5455				      /*bit_valid*/ 1,
5456				      /*bit*/ 0);
5457		ctl_done((union ctl_io *)ctsio);
5458		return (CTL_RETVAL_COMPLETE);
5459	}
5460
5461	if ((lun->flags & CTL_LUN_PR_RESERVED)
5462	 && ((cdb->how & SSS_START)==0)) {
5463		uint32_t residx;
5464
5465		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5466		if (ctl_get_prkey(lun, residx) == 0
5467		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5468
5469			ctl_set_reservation_conflict(ctsio);
5470			ctl_done((union ctl_io *)ctsio);
5471			return (CTL_RETVAL_COMPLETE);
5472		}
5473	}
5474
5475	/*
5476	 * If there is no backend on this device, we can't start or stop
5477	 * it.  In theory we shouldn't get any start/stop commands in the
5478	 * first place at this level if the LUN doesn't have a backend.
5479	 * That should get stopped by the command decode code.
5480	 */
5481	if (lun->backend == NULL) {
5482		ctl_set_invalid_opcode(ctsio);
5483		ctl_done((union ctl_io *)ctsio);
5484		return (CTL_RETVAL_COMPLETE);
5485	}
5486
5487	/*
5488	 * XXX KDM Copan-specific offline behavior.
5489	 * Figure out a reasonable way to port this?
5490	 */
5491#ifdef NEEDTOPORT
5492	mtx_lock(&lun->lun_lock);
5493
5494	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5495	 && (lun->flags & CTL_LUN_OFFLINE)) {
5496		/*
5497		 * If the LUN is offline, and the on/offline bit isn't set,
5498		 * reject the start or stop.  Otherwise, let it through.
5499		 */
5500		mtx_unlock(&lun->lun_lock);
5501		ctl_set_lun_not_ready(ctsio);
5502		ctl_done((union ctl_io *)ctsio);
5503	} else {
5504		mtx_unlock(&lun->lun_lock);
5505#endif /* NEEDTOPORT */
5506		/*
5507		 * This could be a start or a stop when we're online,
5508		 * or a stop/offline or start/online.  A start or stop when
5509		 * we're offline is covered in the case above.
5510		 */
5511		/*
5512		 * In the non-immediate case, we send the request to
5513		 * the backend and return status to the user when
5514		 * it is done.
5515		 *
5516		 * In the immediate case, we allocate a new ctl_io
5517		 * to hold a copy of the request, and send that to
5518		 * the backend.  We then set good status on the
5519		 * user's request and return it immediately.
5520		 */
5521		if (cdb->byte2 & SSS_IMMED) {
5522			union ctl_io *new_io;
5523
5524			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5525			ctl_copy_io((union ctl_io *)ctsio, new_io);
5526			retval = lun->backend->config_write(new_io);
5527			ctl_set_success(ctsio);
5528			ctl_done((union ctl_io *)ctsio);
5529		} else {
5530			retval = lun->backend->config_write(
5531				(union ctl_io *)ctsio);
5532		}
5533#ifdef NEEDTOPORT
5534	}
5535#endif
5536	return (retval);
5537}
5538
5539/*
5540 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5541 * we don't really do anything with the LBA and length fields if the user
5542 * passes them in.  Instead we'll just flush out the cache for the entire
5543 * LUN.
5544 */
5545int
5546ctl_sync_cache(struct ctl_scsiio *ctsio)
5547{
5548	struct ctl_lun *lun;
5549	struct ctl_softc *softc;
5550	struct ctl_lba_len_flags *lbalen;
5551	uint64_t starting_lba;
5552	uint32_t block_count;
5553	int retval;
5554	uint8_t byte2;
5555
5556	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5557
5558	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5559	softc = lun->ctl_softc;
5560	retval = 0;
5561
5562	switch (ctsio->cdb[0]) {
5563	case SYNCHRONIZE_CACHE: {
5564		struct scsi_sync_cache *cdb;
5565		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5566
5567		starting_lba = scsi_4btoul(cdb->begin_lba);
5568		block_count = scsi_2btoul(cdb->lb_count);
5569		byte2 = cdb->byte2;
5570		break;
5571	}
5572	case SYNCHRONIZE_CACHE_16: {
5573		struct scsi_sync_cache_16 *cdb;
5574		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5575
5576		starting_lba = scsi_8btou64(cdb->begin_lba);
5577		block_count = scsi_4btoul(cdb->lb_count);
5578		byte2 = cdb->byte2;
5579		break;
5580	}
5581	default:
5582		ctl_set_invalid_opcode(ctsio);
5583		ctl_done((union ctl_io *)ctsio);
5584		goto bailout;
5585		break; /* NOTREACHED */
5586	}
5587
5588	/*
5589	 * We check the LBA and length, but don't do anything with them.
5590	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5591	 * get flushed.  This check will just help satisfy anyone who wants
5592	 * to see an error for an out of range LBA.
5593	 */
5594	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5595		ctl_set_lba_out_of_range(ctsio);
5596		ctl_done((union ctl_io *)ctsio);
5597		goto bailout;
5598	}
5599
5600	/*
5601	 * If this LUN has no backend, we can't flush the cache anyway.
5602	 */
5603	if (lun->backend == NULL) {
5604		ctl_set_invalid_opcode(ctsio);
5605		ctl_done((union ctl_io *)ctsio);
5606		goto bailout;
5607	}
5608
5609	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5610	lbalen->lba = starting_lba;
5611	lbalen->len = block_count;
5612	lbalen->flags = byte2;
5613
5614	/*
5615	 * Check to see whether we're configured to send the SYNCHRONIZE
5616	 * CACHE command directly to the back end.
5617	 */
5618	mtx_lock(&lun->lun_lock);
5619	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5620	 && (++(lun->sync_count) >= lun->sync_interval)) {
5621		lun->sync_count = 0;
5622		mtx_unlock(&lun->lun_lock);
5623		retval = lun->backend->config_write((union ctl_io *)ctsio);
5624	} else {
5625		mtx_unlock(&lun->lun_lock);
5626		ctl_set_success(ctsio);
5627		ctl_done((union ctl_io *)ctsio);
5628	}
5629
5630bailout:
5631
5632	return (retval);
5633}
5634
5635int
5636ctl_format(struct ctl_scsiio *ctsio)
5637{
5638	struct scsi_format *cdb;
5639	struct ctl_lun *lun;
5640	int length, defect_list_len;
5641
5642	CTL_DEBUG_PRINT(("ctl_format\n"));
5643
5644	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5645
5646	cdb = (struct scsi_format *)ctsio->cdb;
5647
5648	length = 0;
5649	if (cdb->byte2 & SF_FMTDATA) {
5650		if (cdb->byte2 & SF_LONGLIST)
5651			length = sizeof(struct scsi_format_header_long);
5652		else
5653			length = sizeof(struct scsi_format_header_short);
5654	}
5655
5656	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5657	 && (length > 0)) {
5658		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5659		ctsio->kern_data_len = length;
5660		ctsio->kern_total_len = length;
5661		ctsio->kern_data_resid = 0;
5662		ctsio->kern_rel_offset = 0;
5663		ctsio->kern_sg_entries = 0;
5664		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5665		ctsio->be_move_done = ctl_config_move_done;
5666		ctl_datamove((union ctl_io *)ctsio);
5667
5668		return (CTL_RETVAL_COMPLETE);
5669	}
5670
5671	defect_list_len = 0;
5672
5673	if (cdb->byte2 & SF_FMTDATA) {
5674		if (cdb->byte2 & SF_LONGLIST) {
5675			struct scsi_format_header_long *header;
5676
5677			header = (struct scsi_format_header_long *)
5678				ctsio->kern_data_ptr;
5679
5680			defect_list_len = scsi_4btoul(header->defect_list_len);
5681			if (defect_list_len != 0) {
5682				ctl_set_invalid_field(ctsio,
5683						      /*sks_valid*/ 1,
5684						      /*command*/ 0,
5685						      /*field*/ 2,
5686						      /*bit_valid*/ 0,
5687						      /*bit*/ 0);
5688				goto bailout;
5689			}
5690		} else {
5691			struct scsi_format_header_short *header;
5692
5693			header = (struct scsi_format_header_short *)
5694				ctsio->kern_data_ptr;
5695
5696			defect_list_len = scsi_2btoul(header->defect_list_len);
5697			if (defect_list_len != 0) {
5698				ctl_set_invalid_field(ctsio,
5699						      /*sks_valid*/ 1,
5700						      /*command*/ 0,
5701						      /*field*/ 2,
5702						      /*bit_valid*/ 0,
5703						      /*bit*/ 0);
5704				goto bailout;
5705			}
5706		}
5707	}
5708
5709	/*
5710	 * The format command will clear out the "Medium format corrupted"
5711	 * status if set by the configuration code.  That status is really
5712	 * just a way to notify the host that we have lost the media, and
5713	 * get them to issue a command that will basically make them think
5714	 * they're blowing away the media.
5715	 */
5716	mtx_lock(&lun->lun_lock);
5717	lun->flags &= ~CTL_LUN_INOPERABLE;
5718	mtx_unlock(&lun->lun_lock);
5719
5720	ctl_set_success(ctsio);
5721bailout:
5722
5723	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5724		free(ctsio->kern_data_ptr, M_CTL);
5725		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5726	}
5727
5728	ctl_done((union ctl_io *)ctsio);
5729	return (CTL_RETVAL_COMPLETE);
5730}
5731
5732int
5733ctl_read_buffer(struct ctl_scsiio *ctsio)
5734{
5735	struct ctl_lun *lun;
5736	uint64_t buffer_offset;
5737	uint32_t len;
5738	uint8_t byte2;
5739	static uint8_t descr[4];
5740	static uint8_t echo_descr[4] = { 0 };
5741
5742	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5743	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5744	switch (ctsio->cdb[0]) {
5745	case READ_BUFFER: {
5746		struct scsi_read_buffer *cdb;
5747
5748		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5749		buffer_offset = scsi_3btoul(cdb->offset);
5750		len = scsi_3btoul(cdb->length);
5751		byte2 = cdb->byte2;
5752		break;
5753	}
5754	case READ_BUFFER_16: {
5755		struct scsi_read_buffer_16 *cdb;
5756
5757		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5758		buffer_offset = scsi_8btou64(cdb->offset);
5759		len = scsi_4btoul(cdb->length);
5760		byte2 = cdb->byte2;
5761		break;
5762	}
5763	default: /* This shouldn't happen. */
5764		ctl_set_invalid_opcode(ctsio);
5765		ctl_done((union ctl_io *)ctsio);
5766		return (CTL_RETVAL_COMPLETE);
5767	}
5768
5769	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5770	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5771	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5772		ctl_set_invalid_field(ctsio,
5773				      /*sks_valid*/ 1,
5774				      /*command*/ 1,
5775				      /*field*/ 1,
5776				      /*bit_valid*/ 1,
5777				      /*bit*/ 4);
5778		ctl_done((union ctl_io *)ctsio);
5779		return (CTL_RETVAL_COMPLETE);
5780	}
5781
5782	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5783	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5784		ctl_set_invalid_field(ctsio,
5785				      /*sks_valid*/ 1,
5786				      /*command*/ 1,
5787				      /*field*/ 6,
5788				      /*bit_valid*/ 0,
5789				      /*bit*/ 0);
5790		ctl_done((union ctl_io *)ctsio);
5791		return (CTL_RETVAL_COMPLETE);
5792	}
5793
5794	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5795		descr[0] = 0;
5796		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5797		ctsio->kern_data_ptr = descr;
5798		len = min(len, sizeof(descr));
5799	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5800		ctsio->kern_data_ptr = echo_descr;
5801		len = min(len, sizeof(echo_descr));
5802	} else {
5803		if (lun->write_buffer == NULL) {
5804			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5805			    M_CTL, M_WAITOK);
5806		}
5807		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5808	}
5809	ctsio->kern_data_len = len;
5810	ctsio->kern_total_len = len;
5811	ctsio->kern_data_resid = 0;
5812	ctsio->kern_rel_offset = 0;
5813	ctsio->kern_sg_entries = 0;
5814	ctl_set_success(ctsio);
5815	ctsio->be_move_done = ctl_config_move_done;
5816	ctl_datamove((union ctl_io *)ctsio);
5817	return (CTL_RETVAL_COMPLETE);
5818}
5819
5820int
5821ctl_write_buffer(struct ctl_scsiio *ctsio)
5822{
5823	struct scsi_write_buffer *cdb;
5824	struct ctl_lun *lun;
5825	int buffer_offset, len;
5826
5827	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5828
5829	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5830	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5831
5832	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5833		ctl_set_invalid_field(ctsio,
5834				      /*sks_valid*/ 1,
5835				      /*command*/ 1,
5836				      /*field*/ 1,
5837				      /*bit_valid*/ 1,
5838				      /*bit*/ 4);
5839		ctl_done((union ctl_io *)ctsio);
5840		return (CTL_RETVAL_COMPLETE);
5841	}
5842
5843	len = scsi_3btoul(cdb->length);
5844	buffer_offset = scsi_3btoul(cdb->offset);
5845
5846	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5847		ctl_set_invalid_field(ctsio,
5848				      /*sks_valid*/ 1,
5849				      /*command*/ 1,
5850				      /*field*/ 6,
5851				      /*bit_valid*/ 0,
5852				      /*bit*/ 0);
5853		ctl_done((union ctl_io *)ctsio);
5854		return (CTL_RETVAL_COMPLETE);
5855	}
5856
5857	/*
5858	 * If we've got a kernel request that hasn't been malloced yet,
5859	 * malloc it and tell the caller the data buffer is here.
5860	 */
5861	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5862		if (lun->write_buffer == NULL) {
5863			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5864			    M_CTL, M_WAITOK);
5865		}
5866		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5867		ctsio->kern_data_len = len;
5868		ctsio->kern_total_len = len;
5869		ctsio->kern_data_resid = 0;
5870		ctsio->kern_rel_offset = 0;
5871		ctsio->kern_sg_entries = 0;
5872		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5873		ctsio->be_move_done = ctl_config_move_done;
5874		ctl_datamove((union ctl_io *)ctsio);
5875
5876		return (CTL_RETVAL_COMPLETE);
5877	}
5878
5879	ctl_set_success(ctsio);
5880	ctl_done((union ctl_io *)ctsio);
5881	return (CTL_RETVAL_COMPLETE);
5882}
5883
5884int
5885ctl_write_same(struct ctl_scsiio *ctsio)
5886{
5887	struct ctl_lun *lun;
5888	struct ctl_lba_len_flags *lbalen;
5889	uint64_t lba;
5890	uint32_t num_blocks;
5891	int len, retval;
5892	uint8_t byte2;
5893
5894	retval = CTL_RETVAL_COMPLETE;
5895
5896	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5897
5898	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5899
5900	switch (ctsio->cdb[0]) {
5901	case WRITE_SAME_10: {
5902		struct scsi_write_same_10 *cdb;
5903
5904		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5905
5906		lba = scsi_4btoul(cdb->addr);
5907		num_blocks = scsi_2btoul(cdb->length);
5908		byte2 = cdb->byte2;
5909		break;
5910	}
5911	case WRITE_SAME_16: {
5912		struct scsi_write_same_16 *cdb;
5913
5914		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5915
5916		lba = scsi_8btou64(cdb->addr);
5917		num_blocks = scsi_4btoul(cdb->length);
5918		byte2 = cdb->byte2;
5919		break;
5920	}
5921	default:
5922		/*
5923		 * We got a command we don't support.  This shouldn't
5924		 * happen, commands should be filtered out above us.
5925		 */
5926		ctl_set_invalid_opcode(ctsio);
5927		ctl_done((union ctl_io *)ctsio);
5928
5929		return (CTL_RETVAL_COMPLETE);
5930		break; /* NOTREACHED */
5931	}
5932
5933	/* ANCHOR flag can be used only together with UNMAP */
5934	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5935		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5936		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5937		ctl_done((union ctl_io *)ctsio);
5938		return (CTL_RETVAL_COMPLETE);
5939	}
5940
5941	/*
5942	 * The first check is to make sure we're in bounds, the second
5943	 * check is to catch wrap-around problems.  If the lba + num blocks
5944	 * is less than the lba, then we've wrapped around and the block
5945	 * range is invalid anyway.
5946	 */
5947	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5948	 || ((lba + num_blocks) < lba)) {
5949		ctl_set_lba_out_of_range(ctsio);
5950		ctl_done((union ctl_io *)ctsio);
5951		return (CTL_RETVAL_COMPLETE);
5952	}
5953
5954	/* Zero number of blocks means "to the last logical block" */
5955	if (num_blocks == 0) {
5956		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5957			ctl_set_invalid_field(ctsio,
5958					      /*sks_valid*/ 0,
5959					      /*command*/ 1,
5960					      /*field*/ 0,
5961					      /*bit_valid*/ 0,
5962					      /*bit*/ 0);
5963			ctl_done((union ctl_io *)ctsio);
5964			return (CTL_RETVAL_COMPLETE);
5965		}
5966		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5967	}
5968
5969	len = lun->be_lun->blocksize;
5970
5971	/*
5972	 * If we've got a kernel request that hasn't been malloced yet,
5973	 * malloc it and tell the caller the data buffer is here.
5974	 */
5975	if ((byte2 & SWS_NDOB) == 0 &&
5976	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5977		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5978		ctsio->kern_data_len = len;
5979		ctsio->kern_total_len = len;
5980		ctsio->kern_data_resid = 0;
5981		ctsio->kern_rel_offset = 0;
5982		ctsio->kern_sg_entries = 0;
5983		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5984		ctsio->be_move_done = ctl_config_move_done;
5985		ctl_datamove((union ctl_io *)ctsio);
5986
5987		return (CTL_RETVAL_COMPLETE);
5988	}
5989
5990	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5991	lbalen->lba = lba;
5992	lbalen->len = num_blocks;
5993	lbalen->flags = byte2;
5994	retval = lun->backend->config_write((union ctl_io *)ctsio);
5995
5996	return (retval);
5997}
5998
5999int
6000ctl_unmap(struct ctl_scsiio *ctsio)
6001{
6002	struct ctl_lun *lun;
6003	struct scsi_unmap *cdb;
6004	struct ctl_ptr_len_flags *ptrlen;
6005	struct scsi_unmap_header *hdr;
6006	struct scsi_unmap_desc *buf, *end, *endnz, *range;
6007	uint64_t lba;
6008	uint32_t num_blocks;
6009	int len, retval;
6010	uint8_t byte2;
6011
6012	retval = CTL_RETVAL_COMPLETE;
6013
6014	CTL_DEBUG_PRINT(("ctl_unmap\n"));
6015
6016	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6017	cdb = (struct scsi_unmap *)ctsio->cdb;
6018
6019	len = scsi_2btoul(cdb->length);
6020	byte2 = cdb->byte2;
6021
6022	/*
6023	 * If we've got a kernel request that hasn't been malloced yet,
6024	 * malloc it and tell the caller the data buffer is here.
6025	 */
6026	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6027		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
6028		ctsio->kern_data_len = len;
6029		ctsio->kern_total_len = len;
6030		ctsio->kern_data_resid = 0;
6031		ctsio->kern_rel_offset = 0;
6032		ctsio->kern_sg_entries = 0;
6033		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6034		ctsio->be_move_done = ctl_config_move_done;
6035		ctl_datamove((union ctl_io *)ctsio);
6036
6037		return (CTL_RETVAL_COMPLETE);
6038	}
6039
6040	len = ctsio->kern_total_len - ctsio->kern_data_resid;
6041	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
6042	if (len < sizeof (*hdr) ||
6043	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
6044	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
6045	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
6046		ctl_set_invalid_field(ctsio,
6047				      /*sks_valid*/ 0,
6048				      /*command*/ 0,
6049				      /*field*/ 0,
6050				      /*bit_valid*/ 0,
6051				      /*bit*/ 0);
6052		goto done;
6053	}
6054	len = scsi_2btoul(hdr->desc_length);
6055	buf = (struct scsi_unmap_desc *)(hdr + 1);
6056	end = buf + len / sizeof(*buf);
6057
6058	endnz = buf;
6059	for (range = buf; range < end; range++) {
6060		lba = scsi_8btou64(range->lba);
6061		num_blocks = scsi_4btoul(range->length);
6062		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6063		 || ((lba + num_blocks) < lba)) {
6064			ctl_set_lba_out_of_range(ctsio);
6065			ctl_done((union ctl_io *)ctsio);
6066			return (CTL_RETVAL_COMPLETE);
6067		}
6068		if (num_blocks != 0)
6069			endnz = range + 1;
6070	}
6071
6072	/*
6073	 * Block backend can not handle zero last range.
6074	 * Filter it out and return if there is nothing left.
6075	 */
6076	len = (uint8_t *)endnz - (uint8_t *)buf;
6077	if (len == 0) {
6078		ctl_set_success(ctsio);
6079		goto done;
6080	}
6081
6082	mtx_lock(&lun->lun_lock);
6083	ptrlen = (struct ctl_ptr_len_flags *)
6084	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6085	ptrlen->ptr = (void *)buf;
6086	ptrlen->len = len;
6087	ptrlen->flags = byte2;
6088	ctl_check_blocked(lun);
6089	mtx_unlock(&lun->lun_lock);
6090
6091	retval = lun->backend->config_write((union ctl_io *)ctsio);
6092	return (retval);
6093
6094done:
6095	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
6096		free(ctsio->kern_data_ptr, M_CTL);
6097		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
6098	}
6099	ctl_done((union ctl_io *)ctsio);
6100	return (CTL_RETVAL_COMPLETE);
6101}
6102
6103/*
6104 * Note that this function currently doesn't actually do anything inside
6105 * CTL to enforce things if the DQue bit is turned on.
6106 *
6107 * Also note that this function can't be used in the default case, because
6108 * the DQue bit isn't set in the changeable mask for the control mode page
6109 * anyway.  This is just here as an example for how to implement a page
6110 * handler, and a placeholder in case we want to allow the user to turn
6111 * tagged queueing on and off.
6112 *
6113 * The D_SENSE bit handling is functional, however, and will turn
6114 * descriptor sense on and off for a given LUN.
6115 */
6116int
6117ctl_control_page_handler(struct ctl_scsiio *ctsio,
6118			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6119{
6120	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6121	struct ctl_lun *lun;
6122	int set_ua;
6123	uint32_t initidx;
6124
6125	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6126	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6127	set_ua = 0;
6128
6129	user_cp = (struct scsi_control_page *)page_ptr;
6130	current_cp = (struct scsi_control_page *)
6131		(page_index->page_data + (page_index->page_len *
6132		CTL_PAGE_CURRENT));
6133	saved_cp = (struct scsi_control_page *)
6134		(page_index->page_data + (page_index->page_len *
6135		CTL_PAGE_SAVED));
6136
6137	mtx_lock(&lun->lun_lock);
6138	if (((current_cp->rlec & SCP_DSENSE) == 0)
6139	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6140		/*
6141		 * Descriptor sense is currently turned off and the user
6142		 * wants to turn it on.
6143		 */
6144		current_cp->rlec |= SCP_DSENSE;
6145		saved_cp->rlec |= SCP_DSENSE;
6146		lun->flags |= CTL_LUN_SENSE_DESC;
6147		set_ua = 1;
6148	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6149		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6150		/*
6151		 * Descriptor sense is currently turned on, and the user
6152		 * wants to turn it off.
6153		 */
6154		current_cp->rlec &= ~SCP_DSENSE;
6155		saved_cp->rlec &= ~SCP_DSENSE;
6156		lun->flags &= ~CTL_LUN_SENSE_DESC;
6157		set_ua = 1;
6158	}
6159	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6160	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6161		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6162		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6163		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6164		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6165		set_ua = 1;
6166	}
6167	if ((current_cp->eca_and_aen & SCP_SWP) !=
6168	    (user_cp->eca_and_aen & SCP_SWP)) {
6169		current_cp->eca_and_aen &= ~SCP_SWP;
6170		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6171		saved_cp->eca_and_aen &= ~SCP_SWP;
6172		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6173		set_ua = 1;
6174	}
6175	if (set_ua != 0)
6176		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6177	mtx_unlock(&lun->lun_lock);
6178	if (set_ua) {
6179		ctl_isc_announce_mode(lun,
6180		    ctl_get_initindex(&ctsio->io_hdr.nexus),
6181		    page_index->page_code, page_index->subpage);
6182	}
6183	return (0);
6184}
6185
6186int
6187ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6188		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6189{
6190	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6191	struct ctl_lun *lun;
6192	int set_ua;
6193	uint32_t initidx;
6194
6195	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6196	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6197	set_ua = 0;
6198
6199	user_cp = (struct scsi_caching_page *)page_ptr;
6200	current_cp = (struct scsi_caching_page *)
6201		(page_index->page_data + (page_index->page_len *
6202		CTL_PAGE_CURRENT));
6203	saved_cp = (struct scsi_caching_page *)
6204		(page_index->page_data + (page_index->page_len *
6205		CTL_PAGE_SAVED));
6206
6207	mtx_lock(&lun->lun_lock);
6208	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6209	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6210		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6211		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6212		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6213		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6214		set_ua = 1;
6215	}
6216	if (set_ua != 0)
6217		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6218	mtx_unlock(&lun->lun_lock);
6219	if (set_ua) {
6220		ctl_isc_announce_mode(lun,
6221		    ctl_get_initindex(&ctsio->io_hdr.nexus),
6222		    page_index->page_code, page_index->subpage);
6223	}
6224	return (0);
6225}
6226
6227int
6228ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6229				struct ctl_page_index *page_index,
6230				uint8_t *page_ptr)
6231{
6232	uint8_t *c;
6233	int i;
6234
6235	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6236	ctl_time_io_secs =
6237		(c[0] << 8) |
6238		(c[1] << 0) |
6239		0;
6240	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6241	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6242	printf("page data:");
6243	for (i=0; i<8; i++)
6244		printf(" %.2x",page_ptr[i]);
6245	printf("\n");
6246	return (0);
6247}
6248
6249int
6250ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6251			       struct ctl_page_index *page_index,
6252			       int pc)
6253{
6254	struct copan_debugconf_subpage *page;
6255
6256	page = (struct copan_debugconf_subpage *)page_index->page_data +
6257		(page_index->page_len * pc);
6258
6259	switch (pc) {
6260	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6261	case SMS_PAGE_CTRL_DEFAULT >> 6:
6262	case SMS_PAGE_CTRL_SAVED >> 6:
6263		/*
6264		 * We don't update the changable or default bits for this page.
6265		 */
6266		break;
6267	case SMS_PAGE_CTRL_CURRENT >> 6:
6268		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6269		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6270		break;
6271	default:
6272#ifdef NEEDTOPORT
6273		EPRINT(0, "Invalid PC %d!!", pc);
6274#endif /* NEEDTOPORT */
6275		break;
6276	}
6277	return (0);
6278}
6279
6280
6281static int
6282ctl_do_mode_select(union ctl_io *io)
6283{
6284	struct scsi_mode_page_header *page_header;
6285	struct ctl_page_index *page_index;
6286	struct ctl_scsiio *ctsio;
6287	int control_dev, page_len;
6288	int page_len_offset, page_len_size;
6289	union ctl_modepage_info *modepage_info;
6290	struct ctl_lun *lun;
6291	int *len_left, *len_used;
6292	int retval, i;
6293
6294	ctsio = &io->scsiio;
6295	page_index = NULL;
6296	page_len = 0;
6297	retval = CTL_RETVAL_COMPLETE;
6298
6299	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6300
6301	if (lun->be_lun->lun_type != T_DIRECT)
6302		control_dev = 1;
6303	else
6304		control_dev = 0;
6305
6306	modepage_info = (union ctl_modepage_info *)
6307		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6308	len_left = &modepage_info->header.len_left;
6309	len_used = &modepage_info->header.len_used;
6310
6311do_next_page:
6312
6313	page_header = (struct scsi_mode_page_header *)
6314		(ctsio->kern_data_ptr + *len_used);
6315
6316	if (*len_left == 0) {
6317		free(ctsio->kern_data_ptr, M_CTL);
6318		ctl_set_success(ctsio);
6319		ctl_done((union ctl_io *)ctsio);
6320		return (CTL_RETVAL_COMPLETE);
6321	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6322
6323		free(ctsio->kern_data_ptr, M_CTL);
6324		ctl_set_param_len_error(ctsio);
6325		ctl_done((union ctl_io *)ctsio);
6326		return (CTL_RETVAL_COMPLETE);
6327
6328	} else if ((page_header->page_code & SMPH_SPF)
6329		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6330
6331		free(ctsio->kern_data_ptr, M_CTL);
6332		ctl_set_param_len_error(ctsio);
6333		ctl_done((union ctl_io *)ctsio);
6334		return (CTL_RETVAL_COMPLETE);
6335	}
6336
6337
6338	/*
6339	 * XXX KDM should we do something with the block descriptor?
6340	 */
6341	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6342
6343		if ((control_dev != 0)
6344		 && (lun->mode_pages.index[i].page_flags &
6345		     CTL_PAGE_FLAG_DISK_ONLY))
6346			continue;
6347
6348		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6349		    (page_header->page_code & SMPH_PC_MASK))
6350			continue;
6351
6352		/*
6353		 * If neither page has a subpage code, then we've got a
6354		 * match.
6355		 */
6356		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6357		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6358			page_index = &lun->mode_pages.index[i];
6359			page_len = page_header->page_length;
6360			break;
6361		}
6362
6363		/*
6364		 * If both pages have subpages, then the subpage numbers
6365		 * have to match.
6366		 */
6367		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6368		  && (page_header->page_code & SMPH_SPF)) {
6369			struct scsi_mode_page_header_sp *sph;
6370
6371			sph = (struct scsi_mode_page_header_sp *)page_header;
6372
6373			if (lun->mode_pages.index[i].subpage ==
6374			    sph->subpage) {
6375				page_index = &lun->mode_pages.index[i];
6376				page_len = scsi_2btoul(sph->page_length);
6377				break;
6378			}
6379		}
6380	}
6381
6382	/*
6383	 * If we couldn't find the page, or if we don't have a mode select
6384	 * handler for it, send back an error to the user.
6385	 */
6386	if ((page_index == NULL)
6387	 || (page_index->select_handler == NULL)) {
6388		ctl_set_invalid_field(ctsio,
6389				      /*sks_valid*/ 1,
6390				      /*command*/ 0,
6391				      /*field*/ *len_used,
6392				      /*bit_valid*/ 0,
6393				      /*bit*/ 0);
6394		free(ctsio->kern_data_ptr, M_CTL);
6395		ctl_done((union ctl_io *)ctsio);
6396		return (CTL_RETVAL_COMPLETE);
6397	}
6398
6399	if (page_index->page_code & SMPH_SPF) {
6400		page_len_offset = 2;
6401		page_len_size = 2;
6402	} else {
6403		page_len_size = 1;
6404		page_len_offset = 1;
6405	}
6406
6407	/*
6408	 * If the length the initiator gives us isn't the one we specify in
6409	 * the mode page header, or if they didn't specify enough data in
6410	 * the CDB to avoid truncating this page, kick out the request.
6411	 */
6412	if ((page_len != (page_index->page_len - page_len_offset -
6413			  page_len_size))
6414	 || (*len_left < page_index->page_len)) {
6415
6416
6417		ctl_set_invalid_field(ctsio,
6418				      /*sks_valid*/ 1,
6419				      /*command*/ 0,
6420				      /*field*/ *len_used + page_len_offset,
6421				      /*bit_valid*/ 0,
6422				      /*bit*/ 0);
6423		free(ctsio->kern_data_ptr, M_CTL);
6424		ctl_done((union ctl_io *)ctsio);
6425		return (CTL_RETVAL_COMPLETE);
6426	}
6427
6428	/*
6429	 * Run through the mode page, checking to make sure that the bits
6430	 * the user changed are actually legal for him to change.
6431	 */
6432	for (i = 0; i < page_index->page_len; i++) {
6433		uint8_t *user_byte, *change_mask, *current_byte;
6434		int bad_bit;
6435		int j;
6436
6437		user_byte = (uint8_t *)page_header + i;
6438		change_mask = page_index->page_data +
6439			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6440		current_byte = page_index->page_data +
6441			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6442
6443		/*
6444		 * Check to see whether the user set any bits in this byte
6445		 * that he is not allowed to set.
6446		 */
6447		if ((*user_byte & ~(*change_mask)) ==
6448		    (*current_byte & ~(*change_mask)))
6449			continue;
6450
6451		/*
6452		 * Go through bit by bit to determine which one is illegal.
6453		 */
6454		bad_bit = 0;
6455		for (j = 7; j >= 0; j--) {
6456			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6457			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6458				bad_bit = i;
6459				break;
6460			}
6461		}
6462		ctl_set_invalid_field(ctsio,
6463				      /*sks_valid*/ 1,
6464				      /*command*/ 0,
6465				      /*field*/ *len_used + i,
6466				      /*bit_valid*/ 1,
6467				      /*bit*/ bad_bit);
6468		free(ctsio->kern_data_ptr, M_CTL);
6469		ctl_done((union ctl_io *)ctsio);
6470		return (CTL_RETVAL_COMPLETE);
6471	}
6472
6473	/*
6474	 * Decrement these before we call the page handler, since we may
6475	 * end up getting called back one way or another before the handler
6476	 * returns to this context.
6477	 */
6478	*len_left -= page_index->page_len;
6479	*len_used += page_index->page_len;
6480
6481	retval = page_index->select_handler(ctsio, page_index,
6482					    (uint8_t *)page_header);
6483
6484	/*
6485	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6486	 * wait until this queued command completes to finish processing
6487	 * the mode page.  If it returns anything other than
6488	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6489	 * already set the sense information, freed the data pointer, and
6490	 * completed the io for us.
6491	 */
6492	if (retval != CTL_RETVAL_COMPLETE)
6493		goto bailout_no_done;
6494
6495	/*
6496	 * If the initiator sent us more than one page, parse the next one.
6497	 */
6498	if (*len_left > 0)
6499		goto do_next_page;
6500
6501	ctl_set_success(ctsio);
6502	free(ctsio->kern_data_ptr, M_CTL);
6503	ctl_done((union ctl_io *)ctsio);
6504
6505bailout_no_done:
6506
6507	return (CTL_RETVAL_COMPLETE);
6508
6509}
6510
6511int
6512ctl_mode_select(struct ctl_scsiio *ctsio)
6513{
6514	int param_len, pf, sp;
6515	int header_size, bd_len;
6516	int len_left, len_used;
6517	struct ctl_page_index *page_index;
6518	struct ctl_lun *lun;
6519	int control_dev, page_len;
6520	union ctl_modepage_info *modepage_info;
6521	int retval;
6522
6523	pf = 0;
6524	sp = 0;
6525	page_len = 0;
6526	len_used = 0;
6527	len_left = 0;
6528	retval = 0;
6529	bd_len = 0;
6530	page_index = NULL;
6531
6532	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6533
6534	if (lun->be_lun->lun_type != T_DIRECT)
6535		control_dev = 1;
6536	else
6537		control_dev = 0;
6538
6539	switch (ctsio->cdb[0]) {
6540	case MODE_SELECT_6: {
6541		struct scsi_mode_select_6 *cdb;
6542
6543		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6544
6545		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6546		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6547
6548		param_len = cdb->length;
6549		header_size = sizeof(struct scsi_mode_header_6);
6550		break;
6551	}
6552	case MODE_SELECT_10: {
6553		struct scsi_mode_select_10 *cdb;
6554
6555		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6556
6557		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6558		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6559
6560		param_len = scsi_2btoul(cdb->length);
6561		header_size = sizeof(struct scsi_mode_header_10);
6562		break;
6563	}
6564	default:
6565		ctl_set_invalid_opcode(ctsio);
6566		ctl_done((union ctl_io *)ctsio);
6567		return (CTL_RETVAL_COMPLETE);
6568		break; /* NOTREACHED */
6569	}
6570
6571	/*
6572	 * From SPC-3:
6573	 * "A parameter list length of zero indicates that the Data-Out Buffer
6574	 * shall be empty. This condition shall not be considered as an error."
6575	 */
6576	if (param_len == 0) {
6577		ctl_set_success(ctsio);
6578		ctl_done((union ctl_io *)ctsio);
6579		return (CTL_RETVAL_COMPLETE);
6580	}
6581
6582	/*
6583	 * Since we'll hit this the first time through, prior to
6584	 * allocation, we don't need to free a data buffer here.
6585	 */
6586	if (param_len < header_size) {
6587		ctl_set_param_len_error(ctsio);
6588		ctl_done((union ctl_io *)ctsio);
6589		return (CTL_RETVAL_COMPLETE);
6590	}
6591
6592	/*
6593	 * Allocate the data buffer and grab the user's data.  In theory,
6594	 * we shouldn't have to sanity check the parameter list length here
6595	 * because the maximum size is 64K.  We should be able to malloc
6596	 * that much without too many problems.
6597	 */
6598	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6599		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6600		ctsio->kern_data_len = param_len;
6601		ctsio->kern_total_len = param_len;
6602		ctsio->kern_data_resid = 0;
6603		ctsio->kern_rel_offset = 0;
6604		ctsio->kern_sg_entries = 0;
6605		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6606		ctsio->be_move_done = ctl_config_move_done;
6607		ctl_datamove((union ctl_io *)ctsio);
6608
6609		return (CTL_RETVAL_COMPLETE);
6610	}
6611
6612	switch (ctsio->cdb[0]) {
6613	case MODE_SELECT_6: {
6614		struct scsi_mode_header_6 *mh6;
6615
6616		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6617		bd_len = mh6->blk_desc_len;
6618		break;
6619	}
6620	case MODE_SELECT_10: {
6621		struct scsi_mode_header_10 *mh10;
6622
6623		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6624		bd_len = scsi_2btoul(mh10->blk_desc_len);
6625		break;
6626	}
6627	default:
6628		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6629		break;
6630	}
6631
6632	if (param_len < (header_size + bd_len)) {
6633		free(ctsio->kern_data_ptr, M_CTL);
6634		ctl_set_param_len_error(ctsio);
6635		ctl_done((union ctl_io *)ctsio);
6636		return (CTL_RETVAL_COMPLETE);
6637	}
6638
6639	/*
6640	 * Set the IO_CONT flag, so that if this I/O gets passed to
6641	 * ctl_config_write_done(), it'll get passed back to
6642	 * ctl_do_mode_select() for further processing, or completion if
6643	 * we're all done.
6644	 */
6645	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6646	ctsio->io_cont = ctl_do_mode_select;
6647
6648	modepage_info = (union ctl_modepage_info *)
6649		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6650
6651	memset(modepage_info, 0, sizeof(*modepage_info));
6652
6653	len_left = param_len - header_size - bd_len;
6654	len_used = header_size + bd_len;
6655
6656	modepage_info->header.len_left = len_left;
6657	modepage_info->header.len_used = len_used;
6658
6659	return (ctl_do_mode_select((union ctl_io *)ctsio));
6660}
6661
6662int
6663ctl_mode_sense(struct ctl_scsiio *ctsio)
6664{
6665	struct ctl_lun *lun;
6666	int pc, page_code, dbd, llba, subpage;
6667	int alloc_len, page_len, header_len, total_len;
6668	struct scsi_mode_block_descr *block_desc;
6669	struct ctl_page_index *page_index;
6670	int control_dev;
6671
6672	dbd = 0;
6673	llba = 0;
6674	block_desc = NULL;
6675	page_index = NULL;
6676
6677	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6678
6679	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6680
6681	if (lun->be_lun->lun_type != T_DIRECT)
6682		control_dev = 1;
6683	else
6684		control_dev = 0;
6685
6686	switch (ctsio->cdb[0]) {
6687	case MODE_SENSE_6: {
6688		struct scsi_mode_sense_6 *cdb;
6689
6690		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6691
6692		header_len = sizeof(struct scsi_mode_hdr_6);
6693		if (cdb->byte2 & SMS_DBD)
6694			dbd = 1;
6695		else
6696			header_len += sizeof(struct scsi_mode_block_descr);
6697
6698		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6699		page_code = cdb->page & SMS_PAGE_CODE;
6700		subpage = cdb->subpage;
6701		alloc_len = cdb->length;
6702		break;
6703	}
6704	case MODE_SENSE_10: {
6705		struct scsi_mode_sense_10 *cdb;
6706
6707		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6708
6709		header_len = sizeof(struct scsi_mode_hdr_10);
6710
6711		if (cdb->byte2 & SMS_DBD)
6712			dbd = 1;
6713		else
6714			header_len += sizeof(struct scsi_mode_block_descr);
6715		if (cdb->byte2 & SMS10_LLBAA)
6716			llba = 1;
6717		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6718		page_code = cdb->page & SMS_PAGE_CODE;
6719		subpage = cdb->subpage;
6720		alloc_len = scsi_2btoul(cdb->length);
6721		break;
6722	}
6723	default:
6724		ctl_set_invalid_opcode(ctsio);
6725		ctl_done((union ctl_io *)ctsio);
6726		return (CTL_RETVAL_COMPLETE);
6727		break; /* NOTREACHED */
6728	}
6729
6730	/*
6731	 * We have to make a first pass through to calculate the size of
6732	 * the pages that match the user's query.  Then we allocate enough
6733	 * memory to hold it, and actually copy the data into the buffer.
6734	 */
6735	switch (page_code) {
6736	case SMS_ALL_PAGES_PAGE: {
6737		int i;
6738
6739		page_len = 0;
6740
6741		/*
6742		 * At the moment, values other than 0 and 0xff here are
6743		 * reserved according to SPC-3.
6744		 */
6745		if ((subpage != SMS_SUBPAGE_PAGE_0)
6746		 && (subpage != SMS_SUBPAGE_ALL)) {
6747			ctl_set_invalid_field(ctsio,
6748					      /*sks_valid*/ 1,
6749					      /*command*/ 1,
6750					      /*field*/ 3,
6751					      /*bit_valid*/ 0,
6752					      /*bit*/ 0);
6753			ctl_done((union ctl_io *)ctsio);
6754			return (CTL_RETVAL_COMPLETE);
6755		}
6756
6757		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6758			if ((control_dev != 0)
6759			 && (lun->mode_pages.index[i].page_flags &
6760			     CTL_PAGE_FLAG_DISK_ONLY))
6761				continue;
6762
6763			/*
6764			 * We don't use this subpage if the user didn't
6765			 * request all subpages.
6766			 */
6767			if ((lun->mode_pages.index[i].subpage != 0)
6768			 && (subpage == SMS_SUBPAGE_PAGE_0))
6769				continue;
6770
6771#if 0
6772			printf("found page %#x len %d\n",
6773			       lun->mode_pages.index[i].page_code &
6774			       SMPH_PC_MASK,
6775			       lun->mode_pages.index[i].page_len);
6776#endif
6777			page_len += lun->mode_pages.index[i].page_len;
6778		}
6779		break;
6780	}
6781	default: {
6782		int i;
6783
6784		page_len = 0;
6785
6786		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6787			/* Look for the right page code */
6788			if ((lun->mode_pages.index[i].page_code &
6789			     SMPH_PC_MASK) != page_code)
6790				continue;
6791
6792			/* Look for the right subpage or the subpage wildcard*/
6793			if ((lun->mode_pages.index[i].subpage != subpage)
6794			 && (subpage != SMS_SUBPAGE_ALL))
6795				continue;
6796
6797			/* Make sure the page is supported for this dev type */
6798			if ((control_dev != 0)
6799			 && (lun->mode_pages.index[i].page_flags &
6800			     CTL_PAGE_FLAG_DISK_ONLY))
6801				continue;
6802
6803#if 0
6804			printf("found page %#x len %d\n",
6805			       lun->mode_pages.index[i].page_code &
6806			       SMPH_PC_MASK,
6807			       lun->mode_pages.index[i].page_len);
6808#endif
6809
6810			page_len += lun->mode_pages.index[i].page_len;
6811		}
6812
6813		if (page_len == 0) {
6814			ctl_set_invalid_field(ctsio,
6815					      /*sks_valid*/ 1,
6816					      /*command*/ 1,
6817					      /*field*/ 2,
6818					      /*bit_valid*/ 1,
6819					      /*bit*/ 5);
6820			ctl_done((union ctl_io *)ctsio);
6821			return (CTL_RETVAL_COMPLETE);
6822		}
6823		break;
6824	}
6825	}
6826
6827	total_len = header_len + page_len;
6828#if 0
6829	printf("header_len = %d, page_len = %d, total_len = %d\n",
6830	       header_len, page_len, total_len);
6831#endif
6832
6833	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6834	ctsio->kern_sg_entries = 0;
6835	ctsio->kern_data_resid = 0;
6836	ctsio->kern_rel_offset = 0;
6837	if (total_len < alloc_len) {
6838		ctsio->residual = alloc_len - total_len;
6839		ctsio->kern_data_len = total_len;
6840		ctsio->kern_total_len = total_len;
6841	} else {
6842		ctsio->residual = 0;
6843		ctsio->kern_data_len = alloc_len;
6844		ctsio->kern_total_len = alloc_len;
6845	}
6846
6847	switch (ctsio->cdb[0]) {
6848	case MODE_SENSE_6: {
6849		struct scsi_mode_hdr_6 *header;
6850
6851		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6852
6853		header->datalen = MIN(total_len - 1, 254);
6854		if (control_dev == 0) {
6855			header->dev_specific = 0x10; /* DPOFUA */
6856			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6857			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6858			    .eca_and_aen & SCP_SWP) != 0)
6859				    header->dev_specific |= 0x80; /* WP */
6860		}
6861		if (dbd)
6862			header->block_descr_len = 0;
6863		else
6864			header->block_descr_len =
6865				sizeof(struct scsi_mode_block_descr);
6866		block_desc = (struct scsi_mode_block_descr *)&header[1];
6867		break;
6868	}
6869	case MODE_SENSE_10: {
6870		struct scsi_mode_hdr_10 *header;
6871		int datalen;
6872
6873		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6874
6875		datalen = MIN(total_len - 2, 65533);
6876		scsi_ulto2b(datalen, header->datalen);
6877		if (control_dev == 0) {
6878			header->dev_specific = 0x10; /* DPOFUA */
6879			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6880			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6881			    .eca_and_aen & SCP_SWP) != 0)
6882				    header->dev_specific |= 0x80; /* WP */
6883		}
6884		if (dbd)
6885			scsi_ulto2b(0, header->block_descr_len);
6886		else
6887			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6888				    header->block_descr_len);
6889		block_desc = (struct scsi_mode_block_descr *)&header[1];
6890		break;
6891	}
6892	default:
6893		panic("invalid CDB type %#x", ctsio->cdb[0]);
6894		break; /* NOTREACHED */
6895	}
6896
6897	/*
6898	 * If we've got a disk, use its blocksize in the block
6899	 * descriptor.  Otherwise, just set it to 0.
6900	 */
6901	if (dbd == 0) {
6902		if (control_dev == 0)
6903			scsi_ulto3b(lun->be_lun->blocksize,
6904				    block_desc->block_len);
6905		else
6906			scsi_ulto3b(0, block_desc->block_len);
6907	}
6908
6909	switch (page_code) {
6910	case SMS_ALL_PAGES_PAGE: {
6911		int i, data_used;
6912
6913		data_used = header_len;
6914		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6915			struct ctl_page_index *page_index;
6916
6917			page_index = &lun->mode_pages.index[i];
6918
6919			if ((control_dev != 0)
6920			 && (page_index->page_flags &
6921			    CTL_PAGE_FLAG_DISK_ONLY))
6922				continue;
6923
6924			/*
6925			 * We don't use this subpage if the user didn't
6926			 * request all subpages.  We already checked (above)
6927			 * to make sure the user only specified a subpage
6928			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6929			 */
6930			if ((page_index->subpage != 0)
6931			 && (subpage == SMS_SUBPAGE_PAGE_0))
6932				continue;
6933
6934			/*
6935			 * Call the handler, if it exists, to update the
6936			 * page to the latest values.
6937			 */
6938			if (page_index->sense_handler != NULL)
6939				page_index->sense_handler(ctsio, page_index,pc);
6940
6941			memcpy(ctsio->kern_data_ptr + data_used,
6942			       page_index->page_data +
6943			       (page_index->page_len * pc),
6944			       page_index->page_len);
6945			data_used += page_index->page_len;
6946		}
6947		break;
6948	}
6949	default: {
6950		int i, data_used;
6951
6952		data_used = header_len;
6953
6954		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6955			struct ctl_page_index *page_index;
6956
6957			page_index = &lun->mode_pages.index[i];
6958
6959			/* Look for the right page code */
6960			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6961				continue;
6962
6963			/* Look for the right subpage or the subpage wildcard*/
6964			if ((page_index->subpage != subpage)
6965			 && (subpage != SMS_SUBPAGE_ALL))
6966				continue;
6967
6968			/* Make sure the page is supported for this dev type */
6969			if ((control_dev != 0)
6970			 && (page_index->page_flags &
6971			     CTL_PAGE_FLAG_DISK_ONLY))
6972				continue;
6973
6974			/*
6975			 * Call the handler, if it exists, to update the
6976			 * page to the latest values.
6977			 */
6978			if (page_index->sense_handler != NULL)
6979				page_index->sense_handler(ctsio, page_index,pc);
6980
6981			memcpy(ctsio->kern_data_ptr + data_used,
6982			       page_index->page_data +
6983			       (page_index->page_len * pc),
6984			       page_index->page_len);
6985			data_used += page_index->page_len;
6986		}
6987		break;
6988	}
6989	}
6990
6991	ctl_set_success(ctsio);
6992	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6993	ctsio->be_move_done = ctl_config_move_done;
6994	ctl_datamove((union ctl_io *)ctsio);
6995	return (CTL_RETVAL_COMPLETE);
6996}
6997
6998int
6999ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
7000			       struct ctl_page_index *page_index,
7001			       int pc)
7002{
7003	struct ctl_lun *lun;
7004	struct scsi_log_param_header *phdr;
7005	uint8_t *data;
7006	uint64_t val;
7007
7008	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7009	data = page_index->page_data;
7010
7011	if (lun->backend->lun_attr != NULL &&
7012	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
7013	     != UINT64_MAX) {
7014		phdr = (struct scsi_log_param_header *)data;
7015		scsi_ulto2b(0x0001, phdr->param_code);
7016		phdr->param_control = SLP_LBIN | SLP_LP;
7017		phdr->param_len = 8;
7018		data = (uint8_t *)(phdr + 1);
7019		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
7020		data[4] = 0x02; /* per-pool */
7021		data += phdr->param_len;
7022	}
7023
7024	if (lun->backend->lun_attr != NULL &&
7025	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
7026	     != UINT64_MAX) {
7027		phdr = (struct scsi_log_param_header *)data;
7028		scsi_ulto2b(0x0002, phdr->param_code);
7029		phdr->param_control = SLP_LBIN | SLP_LP;
7030		phdr->param_len = 8;
7031		data = (uint8_t *)(phdr + 1);
7032		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
7033		data[4] = 0x01; /* per-LUN */
7034		data += phdr->param_len;
7035	}
7036
7037	if (lun->backend->lun_attr != NULL &&
7038	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
7039	     != UINT64_MAX) {
7040		phdr = (struct scsi_log_param_header *)data;
7041		scsi_ulto2b(0x00f1, phdr->param_code);
7042		phdr->param_control = SLP_LBIN | SLP_LP;
7043		phdr->param_len = 8;
7044		data = (uint8_t *)(phdr + 1);
7045		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
7046		data[4] = 0x02; /* per-pool */
7047		data += phdr->param_len;
7048	}
7049
7050	if (lun->backend->lun_attr != NULL &&
7051	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
7052	     != UINT64_MAX) {
7053		phdr = (struct scsi_log_param_header *)data;
7054		scsi_ulto2b(0x00f2, phdr->param_code);
7055		phdr->param_control = SLP_LBIN | SLP_LP;
7056		phdr->param_len = 8;
7057		data = (uint8_t *)(phdr + 1);
7058		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
7059		data[4] = 0x02; /* per-pool */
7060		data += phdr->param_len;
7061	}
7062
7063	page_index->page_len = data - page_index->page_data;
7064	return (0);
7065}
7066
7067int
7068ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
7069			       struct ctl_page_index *page_index,
7070			       int pc)
7071{
7072	struct ctl_lun *lun;
7073	struct stat_page *data;
7074	uint64_t rn, wn, rb, wb;
7075	struct bintime rt, wt;
7076	int i;
7077
7078	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7079	data = (struct stat_page *)page_index->page_data;
7080
7081	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
7082	data->sap.hdr.param_control = SLP_LBIN;
7083	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
7084	    sizeof(struct scsi_log_param_header);
7085	rn = wn = rb = wb = 0;
7086	bintime_clear(&rt);
7087	bintime_clear(&wt);
7088	for (i = 0; i < CTL_MAX_PORTS; i++) {
7089		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
7090		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
7091		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
7092		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
7093		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
7094		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
7095	}
7096	scsi_u64to8b(rn, data->sap.read_num);
7097	scsi_u64to8b(wn, data->sap.write_num);
7098	if (lun->stats.blocksize > 0) {
7099		scsi_u64to8b(wb / lun->stats.blocksize,
7100		    data->sap.recvieved_lba);
7101		scsi_u64to8b(rb / lun->stats.blocksize,
7102		    data->sap.transmitted_lba);
7103	}
7104	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
7105	    data->sap.read_int);
7106	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
7107	    data->sap.write_int);
7108	scsi_u64to8b(0, data->sap.weighted_num);
7109	scsi_u64to8b(0, data->sap.weighted_int);
7110	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
7111	data->it.hdr.param_control = SLP_LBIN;
7112	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
7113	    sizeof(struct scsi_log_param_header);
7114#ifdef CTL_TIME_IO
7115	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
7116#endif
7117	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
7118	data->it.hdr.param_control = SLP_LBIN;
7119	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
7120	    sizeof(struct scsi_log_param_header);
7121	scsi_ulto4b(3, data->ti.exponent);
7122	scsi_ulto4b(1, data->ti.integer);
7123
7124	page_index->page_len = sizeof(*data);
7125	return (0);
7126}
7127
7128int
7129ctl_log_sense(struct ctl_scsiio *ctsio)
7130{
7131	struct ctl_lun *lun;
7132	int i, pc, page_code, subpage;
7133	int alloc_len, total_len;
7134	struct ctl_page_index *page_index;
7135	struct scsi_log_sense *cdb;
7136	struct scsi_log_header *header;
7137
7138	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
7139
7140	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7141	cdb = (struct scsi_log_sense *)ctsio->cdb;
7142	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
7143	page_code = cdb->page & SLS_PAGE_CODE;
7144	subpage = cdb->subpage;
7145	alloc_len = scsi_2btoul(cdb->length);
7146
7147	page_index = NULL;
7148	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
7149		page_index = &lun->log_pages.index[i];
7150
7151		/* Look for the right page code */
7152		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
7153			continue;
7154
7155		/* Look for the right subpage or the subpage wildcard*/
7156		if (page_index->subpage != subpage)
7157			continue;
7158
7159		break;
7160	}
7161	if (i >= CTL_NUM_LOG_PAGES) {
7162		ctl_set_invalid_field(ctsio,
7163				      /*sks_valid*/ 1,
7164				      /*command*/ 1,
7165				      /*field*/ 2,
7166				      /*bit_valid*/ 0,
7167				      /*bit*/ 0);
7168		ctl_done((union ctl_io *)ctsio);
7169		return (CTL_RETVAL_COMPLETE);
7170	}
7171
7172	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7173
7174	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7175	ctsio->kern_sg_entries = 0;
7176	ctsio->kern_data_resid = 0;
7177	ctsio->kern_rel_offset = 0;
7178	if (total_len < alloc_len) {
7179		ctsio->residual = alloc_len - total_len;
7180		ctsio->kern_data_len = total_len;
7181		ctsio->kern_total_len = total_len;
7182	} else {
7183		ctsio->residual = 0;
7184		ctsio->kern_data_len = alloc_len;
7185		ctsio->kern_total_len = alloc_len;
7186	}
7187
7188	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7189	header->page = page_index->page_code;
7190	if (page_index->subpage) {
7191		header->page |= SL_SPF;
7192		header->subpage = page_index->subpage;
7193	}
7194	scsi_ulto2b(page_index->page_len, header->datalen);
7195
7196	/*
7197	 * Call the handler, if it exists, to update the
7198	 * page to the latest values.
7199	 */
7200	if (page_index->sense_handler != NULL)
7201		page_index->sense_handler(ctsio, page_index, pc);
7202
7203	memcpy(header + 1, page_index->page_data, page_index->page_len);
7204
7205	ctl_set_success(ctsio);
7206	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7207	ctsio->be_move_done = ctl_config_move_done;
7208	ctl_datamove((union ctl_io *)ctsio);
7209	return (CTL_RETVAL_COMPLETE);
7210}
7211
7212int
7213ctl_read_capacity(struct ctl_scsiio *ctsio)
7214{
7215	struct scsi_read_capacity *cdb;
7216	struct scsi_read_capacity_data *data;
7217	struct ctl_lun *lun;
7218	uint32_t lba;
7219
7220	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7221
7222	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7223
7224	lba = scsi_4btoul(cdb->addr);
7225	if (((cdb->pmi & SRC_PMI) == 0)
7226	 && (lba != 0)) {
7227		ctl_set_invalid_field(/*ctsio*/ ctsio,
7228				      /*sks_valid*/ 1,
7229				      /*command*/ 1,
7230				      /*field*/ 2,
7231				      /*bit_valid*/ 0,
7232				      /*bit*/ 0);
7233		ctl_done((union ctl_io *)ctsio);
7234		return (CTL_RETVAL_COMPLETE);
7235	}
7236
7237	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7238
7239	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7240	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7241	ctsio->residual = 0;
7242	ctsio->kern_data_len = sizeof(*data);
7243	ctsio->kern_total_len = sizeof(*data);
7244	ctsio->kern_data_resid = 0;
7245	ctsio->kern_rel_offset = 0;
7246	ctsio->kern_sg_entries = 0;
7247
7248	/*
7249	 * If the maximum LBA is greater than 0xfffffffe, the user must
7250	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7251	 * serivce action set.
7252	 */
7253	if (lun->be_lun->maxlba > 0xfffffffe)
7254		scsi_ulto4b(0xffffffff, data->addr);
7255	else
7256		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7257
7258	/*
7259	 * XXX KDM this may not be 512 bytes...
7260	 */
7261	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7262
7263	ctl_set_success(ctsio);
7264	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7265	ctsio->be_move_done = ctl_config_move_done;
7266	ctl_datamove((union ctl_io *)ctsio);
7267	return (CTL_RETVAL_COMPLETE);
7268}
7269
7270int
7271ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7272{
7273	struct scsi_read_capacity_16 *cdb;
7274	struct scsi_read_capacity_data_long *data;
7275	struct ctl_lun *lun;
7276	uint64_t lba;
7277	uint32_t alloc_len;
7278
7279	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7280
7281	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7282
7283	alloc_len = scsi_4btoul(cdb->alloc_len);
7284	lba = scsi_8btou64(cdb->addr);
7285
7286	if ((cdb->reladr & SRC16_PMI)
7287	 && (lba != 0)) {
7288		ctl_set_invalid_field(/*ctsio*/ ctsio,
7289				      /*sks_valid*/ 1,
7290				      /*command*/ 1,
7291				      /*field*/ 2,
7292				      /*bit_valid*/ 0,
7293				      /*bit*/ 0);
7294		ctl_done((union ctl_io *)ctsio);
7295		return (CTL_RETVAL_COMPLETE);
7296	}
7297
7298	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7299
7300	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7301	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7302
7303	if (sizeof(*data) < alloc_len) {
7304		ctsio->residual = alloc_len - sizeof(*data);
7305		ctsio->kern_data_len = sizeof(*data);
7306		ctsio->kern_total_len = sizeof(*data);
7307	} else {
7308		ctsio->residual = 0;
7309		ctsio->kern_data_len = alloc_len;
7310		ctsio->kern_total_len = alloc_len;
7311	}
7312	ctsio->kern_data_resid = 0;
7313	ctsio->kern_rel_offset = 0;
7314	ctsio->kern_sg_entries = 0;
7315
7316	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7317	/* XXX KDM this may not be 512 bytes... */
7318	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7319	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7320	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7321	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7322		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7323
7324	ctl_set_success(ctsio);
7325	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7326	ctsio->be_move_done = ctl_config_move_done;
7327	ctl_datamove((union ctl_io *)ctsio);
7328	return (CTL_RETVAL_COMPLETE);
7329}
7330
7331int
7332ctl_get_lba_status(struct ctl_scsiio *ctsio)
7333{
7334	struct scsi_get_lba_status *cdb;
7335	struct scsi_get_lba_status_data *data;
7336	struct ctl_lun *lun;
7337	struct ctl_lba_len_flags *lbalen;
7338	uint64_t lba;
7339	uint32_t alloc_len, total_len;
7340	int retval;
7341
7342	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7343
7344	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7345	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7346	lba = scsi_8btou64(cdb->addr);
7347	alloc_len = scsi_4btoul(cdb->alloc_len);
7348
7349	if (lba > lun->be_lun->maxlba) {
7350		ctl_set_lba_out_of_range(ctsio);
7351		ctl_done((union ctl_io *)ctsio);
7352		return (CTL_RETVAL_COMPLETE);
7353	}
7354
7355	total_len = sizeof(*data) + sizeof(data->descr[0]);
7356	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7357	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7358
7359	if (total_len < alloc_len) {
7360		ctsio->residual = alloc_len - total_len;
7361		ctsio->kern_data_len = total_len;
7362		ctsio->kern_total_len = total_len;
7363	} else {
7364		ctsio->residual = 0;
7365		ctsio->kern_data_len = alloc_len;
7366		ctsio->kern_total_len = alloc_len;
7367	}
7368	ctsio->kern_data_resid = 0;
7369	ctsio->kern_rel_offset = 0;
7370	ctsio->kern_sg_entries = 0;
7371
7372	/* Fill dummy data in case backend can't tell anything. */
7373	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7374	scsi_u64to8b(lba, data->descr[0].addr);
7375	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7376	    data->descr[0].length);
7377	data->descr[0].status = 0; /* Mapped or unknown. */
7378
7379	ctl_set_success(ctsio);
7380	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7381	ctsio->be_move_done = ctl_config_move_done;
7382
7383	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7384	lbalen->lba = lba;
7385	lbalen->len = total_len;
7386	lbalen->flags = 0;
7387	retval = lun->backend->config_read((union ctl_io *)ctsio);
7388	return (CTL_RETVAL_COMPLETE);
7389}
7390
7391int
7392ctl_read_defect(struct ctl_scsiio *ctsio)
7393{
7394	struct scsi_read_defect_data_10 *ccb10;
7395	struct scsi_read_defect_data_12 *ccb12;
7396	struct scsi_read_defect_data_hdr_10 *data10;
7397	struct scsi_read_defect_data_hdr_12 *data12;
7398	uint32_t alloc_len, data_len;
7399	uint8_t format;
7400
7401	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7402
7403	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7404		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7405		format = ccb10->format;
7406		alloc_len = scsi_2btoul(ccb10->alloc_length);
7407		data_len = sizeof(*data10);
7408	} else {
7409		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7410		format = ccb12->format;
7411		alloc_len = scsi_4btoul(ccb12->alloc_length);
7412		data_len = sizeof(*data12);
7413	}
7414	if (alloc_len == 0) {
7415		ctl_set_success(ctsio);
7416		ctl_done((union ctl_io *)ctsio);
7417		return (CTL_RETVAL_COMPLETE);
7418	}
7419
7420	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7421	if (data_len < alloc_len) {
7422		ctsio->residual = alloc_len - data_len;
7423		ctsio->kern_data_len = data_len;
7424		ctsio->kern_total_len = data_len;
7425	} else {
7426		ctsio->residual = 0;
7427		ctsio->kern_data_len = alloc_len;
7428		ctsio->kern_total_len = alloc_len;
7429	}
7430	ctsio->kern_data_resid = 0;
7431	ctsio->kern_rel_offset = 0;
7432	ctsio->kern_sg_entries = 0;
7433
7434	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7435		data10 = (struct scsi_read_defect_data_hdr_10 *)
7436		    ctsio->kern_data_ptr;
7437		data10->format = format;
7438		scsi_ulto2b(0, data10->length);
7439	} else {
7440		data12 = (struct scsi_read_defect_data_hdr_12 *)
7441		    ctsio->kern_data_ptr;
7442		data12->format = format;
7443		scsi_ulto2b(0, data12->generation);
7444		scsi_ulto4b(0, data12->length);
7445	}
7446
7447	ctl_set_success(ctsio);
7448	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7449	ctsio->be_move_done = ctl_config_move_done;
7450	ctl_datamove((union ctl_io *)ctsio);
7451	return (CTL_RETVAL_COMPLETE);
7452}
7453
7454int
7455ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7456{
7457	struct scsi_maintenance_in *cdb;
7458	int retval;
7459	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7460	int num_target_port_groups, num_target_ports;
7461	struct ctl_lun *lun;
7462	struct ctl_softc *softc;
7463	struct ctl_port *port;
7464	struct scsi_target_group_data *rtg_ptr;
7465	struct scsi_target_group_data_extended *rtg_ext_ptr;
7466	struct scsi_target_port_group_descriptor *tpg_desc;
7467
7468	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7469
7470	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7471	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7472	softc = lun->ctl_softc;
7473
7474	retval = CTL_RETVAL_COMPLETE;
7475
7476	switch (cdb->byte2 & STG_PDF_MASK) {
7477	case STG_PDF_LENGTH:
7478		ext = 0;
7479		break;
7480	case STG_PDF_EXTENDED:
7481		ext = 1;
7482		break;
7483	default:
7484		ctl_set_invalid_field(/*ctsio*/ ctsio,
7485				      /*sks_valid*/ 1,
7486				      /*command*/ 1,
7487				      /*field*/ 2,
7488				      /*bit_valid*/ 1,
7489				      /*bit*/ 5);
7490		ctl_done((union ctl_io *)ctsio);
7491		return(retval);
7492	}
7493
7494	if (softc->is_single)
7495		num_target_port_groups = 1;
7496	else
7497		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7498	num_target_ports = 0;
7499	mtx_lock(&softc->ctl_lock);
7500	STAILQ_FOREACH(port, &softc->port_list, links) {
7501		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7502			continue;
7503		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7504			continue;
7505		num_target_ports++;
7506	}
7507	mtx_unlock(&softc->ctl_lock);
7508
7509	if (ext)
7510		total_len = sizeof(struct scsi_target_group_data_extended);
7511	else
7512		total_len = sizeof(struct scsi_target_group_data);
7513	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7514		num_target_port_groups +
7515	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7516
7517	alloc_len = scsi_4btoul(cdb->length);
7518
7519	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7520
7521	ctsio->kern_sg_entries = 0;
7522
7523	if (total_len < alloc_len) {
7524		ctsio->residual = alloc_len - total_len;
7525		ctsio->kern_data_len = total_len;
7526		ctsio->kern_total_len = total_len;
7527	} else {
7528		ctsio->residual = 0;
7529		ctsio->kern_data_len = alloc_len;
7530		ctsio->kern_total_len = alloc_len;
7531	}
7532	ctsio->kern_data_resid = 0;
7533	ctsio->kern_rel_offset = 0;
7534
7535	if (ext) {
7536		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7537		    ctsio->kern_data_ptr;
7538		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7539		rtg_ext_ptr->format_type = 0x10;
7540		rtg_ext_ptr->implicit_transition_time = 0;
7541		tpg_desc = &rtg_ext_ptr->groups[0];
7542	} else {
7543		rtg_ptr = (struct scsi_target_group_data *)
7544		    ctsio->kern_data_ptr;
7545		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7546		tpg_desc = &rtg_ptr->groups[0];
7547	}
7548
7549	mtx_lock(&softc->ctl_lock);
7550	pg = softc->port_min / softc->port_cnt;
7551	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7552		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7553	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7554		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7555	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7556		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7557	else
7558		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7559	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7560		os = gs;
7561		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7562	} else
7563		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7564	for (g = 0; g < num_target_port_groups; g++) {
7565		tpg_desc->pref_state = (g == pg) ? gs : os;
7566		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7567		    TPG_U_SUP | TPG_T_SUP;
7568		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7569		tpg_desc->status = TPG_IMPLICIT;
7570		pc = 0;
7571		STAILQ_FOREACH(port, &softc->port_list, links) {
7572			if (port->targ_port < g * softc->port_cnt ||
7573			    port->targ_port >= (g + 1) * softc->port_cnt)
7574				continue;
7575			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7576				continue;
7577			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7578				continue;
7579			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7580			    relative_target_port_identifier);
7581			pc++;
7582		}
7583		tpg_desc->target_port_count = pc;
7584		tpg_desc = (struct scsi_target_port_group_descriptor *)
7585		    &tpg_desc->descriptors[pc];
7586	}
7587	mtx_unlock(&softc->ctl_lock);
7588
7589	ctl_set_success(ctsio);
7590	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7591	ctsio->be_move_done = ctl_config_move_done;
7592	ctl_datamove((union ctl_io *)ctsio);
7593	return(retval);
7594}
7595
7596int
7597ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7598{
7599	struct ctl_lun *lun;
7600	struct scsi_report_supported_opcodes *cdb;
7601	const struct ctl_cmd_entry *entry, *sentry;
7602	struct scsi_report_supported_opcodes_all *all;
7603	struct scsi_report_supported_opcodes_descr *descr;
7604	struct scsi_report_supported_opcodes_one *one;
7605	int retval;
7606	int alloc_len, total_len;
7607	int opcode, service_action, i, j, num;
7608
7609	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7610
7611	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7612	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7613
7614	retval = CTL_RETVAL_COMPLETE;
7615
7616	opcode = cdb->requested_opcode;
7617	service_action = scsi_2btoul(cdb->requested_service_action);
7618	switch (cdb->options & RSO_OPTIONS_MASK) {
7619	case RSO_OPTIONS_ALL:
7620		num = 0;
7621		for (i = 0; i < 256; i++) {
7622			entry = &ctl_cmd_table[i];
7623			if (entry->flags & CTL_CMD_FLAG_SA5) {
7624				for (j = 0; j < 32; j++) {
7625					sentry = &((const struct ctl_cmd_entry *)
7626					    entry->execute)[j];
7627					if (ctl_cmd_applicable(
7628					    lun->be_lun->lun_type, sentry))
7629						num++;
7630				}
7631			} else {
7632				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7633				    entry))
7634					num++;
7635			}
7636		}
7637		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7638		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7639		break;
7640	case RSO_OPTIONS_OC:
7641		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7642			ctl_set_invalid_field(/*ctsio*/ ctsio,
7643					      /*sks_valid*/ 1,
7644					      /*command*/ 1,
7645					      /*field*/ 2,
7646					      /*bit_valid*/ 1,
7647					      /*bit*/ 2);
7648			ctl_done((union ctl_io *)ctsio);
7649			return (CTL_RETVAL_COMPLETE);
7650		}
7651		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7652		break;
7653	case RSO_OPTIONS_OC_SA:
7654		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7655		    service_action >= 32) {
7656			ctl_set_invalid_field(/*ctsio*/ ctsio,
7657					      /*sks_valid*/ 1,
7658					      /*command*/ 1,
7659					      /*field*/ 2,
7660					      /*bit_valid*/ 1,
7661					      /*bit*/ 2);
7662			ctl_done((union ctl_io *)ctsio);
7663			return (CTL_RETVAL_COMPLETE);
7664		}
7665		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7666		break;
7667	default:
7668		ctl_set_invalid_field(/*ctsio*/ ctsio,
7669				      /*sks_valid*/ 1,
7670				      /*command*/ 1,
7671				      /*field*/ 2,
7672				      /*bit_valid*/ 1,
7673				      /*bit*/ 2);
7674		ctl_done((union ctl_io *)ctsio);
7675		return (CTL_RETVAL_COMPLETE);
7676	}
7677
7678	alloc_len = scsi_4btoul(cdb->length);
7679
7680	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7681
7682	ctsio->kern_sg_entries = 0;
7683
7684	if (total_len < alloc_len) {
7685		ctsio->residual = alloc_len - total_len;
7686		ctsio->kern_data_len = total_len;
7687		ctsio->kern_total_len = total_len;
7688	} else {
7689		ctsio->residual = 0;
7690		ctsio->kern_data_len = alloc_len;
7691		ctsio->kern_total_len = alloc_len;
7692	}
7693	ctsio->kern_data_resid = 0;
7694	ctsio->kern_rel_offset = 0;
7695
7696	switch (cdb->options & RSO_OPTIONS_MASK) {
7697	case RSO_OPTIONS_ALL:
7698		all = (struct scsi_report_supported_opcodes_all *)
7699		    ctsio->kern_data_ptr;
7700		num = 0;
7701		for (i = 0; i < 256; i++) {
7702			entry = &ctl_cmd_table[i];
7703			if (entry->flags & CTL_CMD_FLAG_SA5) {
7704				for (j = 0; j < 32; j++) {
7705					sentry = &((const struct ctl_cmd_entry *)
7706					    entry->execute)[j];
7707					if (!ctl_cmd_applicable(
7708					    lun->be_lun->lun_type, sentry))
7709						continue;
7710					descr = &all->descr[num++];
7711					descr->opcode = i;
7712					scsi_ulto2b(j, descr->service_action);
7713					descr->flags = RSO_SERVACTV;
7714					scsi_ulto2b(sentry->length,
7715					    descr->cdb_length);
7716				}
7717			} else {
7718				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7719				    entry))
7720					continue;
7721				descr = &all->descr[num++];
7722				descr->opcode = i;
7723				scsi_ulto2b(0, descr->service_action);
7724				descr->flags = 0;
7725				scsi_ulto2b(entry->length, descr->cdb_length);
7726			}
7727		}
7728		scsi_ulto4b(
7729		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7730		    all->length);
7731		break;
7732	case RSO_OPTIONS_OC:
7733		one = (struct scsi_report_supported_opcodes_one *)
7734		    ctsio->kern_data_ptr;
7735		entry = &ctl_cmd_table[opcode];
7736		goto fill_one;
7737	case RSO_OPTIONS_OC_SA:
7738		one = (struct scsi_report_supported_opcodes_one *)
7739		    ctsio->kern_data_ptr;
7740		entry = &ctl_cmd_table[opcode];
7741		entry = &((const struct ctl_cmd_entry *)
7742		    entry->execute)[service_action];
7743fill_one:
7744		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7745			one->support = 3;
7746			scsi_ulto2b(entry->length, one->cdb_length);
7747			one->cdb_usage[0] = opcode;
7748			memcpy(&one->cdb_usage[1], entry->usage,
7749			    entry->length - 1);
7750		} else
7751			one->support = 1;
7752		break;
7753	}
7754
7755	ctl_set_success(ctsio);
7756	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7757	ctsio->be_move_done = ctl_config_move_done;
7758	ctl_datamove((union ctl_io *)ctsio);
7759	return(retval);
7760}
7761
7762int
7763ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7764{
7765	struct scsi_report_supported_tmf *cdb;
7766	struct scsi_report_supported_tmf_data *data;
7767	int retval;
7768	int alloc_len, total_len;
7769
7770	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7771
7772	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7773
7774	retval = CTL_RETVAL_COMPLETE;
7775
7776	total_len = sizeof(struct scsi_report_supported_tmf_data);
7777	alloc_len = scsi_4btoul(cdb->length);
7778
7779	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7780
7781	ctsio->kern_sg_entries = 0;
7782
7783	if (total_len < alloc_len) {
7784		ctsio->residual = alloc_len - total_len;
7785		ctsio->kern_data_len = total_len;
7786		ctsio->kern_total_len = total_len;
7787	} else {
7788		ctsio->residual = 0;
7789		ctsio->kern_data_len = alloc_len;
7790		ctsio->kern_total_len = alloc_len;
7791	}
7792	ctsio->kern_data_resid = 0;
7793	ctsio->kern_rel_offset = 0;
7794
7795	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7796	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7797	    RST_TRS;
7798	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7799
7800	ctl_set_success(ctsio);
7801	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7802	ctsio->be_move_done = ctl_config_move_done;
7803	ctl_datamove((union ctl_io *)ctsio);
7804	return (retval);
7805}
7806
7807int
7808ctl_report_timestamp(struct ctl_scsiio *ctsio)
7809{
7810	struct scsi_report_timestamp *cdb;
7811	struct scsi_report_timestamp_data *data;
7812	struct timeval tv;
7813	int64_t timestamp;
7814	int retval;
7815	int alloc_len, total_len;
7816
7817	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7818
7819	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7820
7821	retval = CTL_RETVAL_COMPLETE;
7822
7823	total_len = sizeof(struct scsi_report_timestamp_data);
7824	alloc_len = scsi_4btoul(cdb->length);
7825
7826	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7827
7828	ctsio->kern_sg_entries = 0;
7829
7830	if (total_len < alloc_len) {
7831		ctsio->residual = alloc_len - total_len;
7832		ctsio->kern_data_len = total_len;
7833		ctsio->kern_total_len = total_len;
7834	} else {
7835		ctsio->residual = 0;
7836		ctsio->kern_data_len = alloc_len;
7837		ctsio->kern_total_len = alloc_len;
7838	}
7839	ctsio->kern_data_resid = 0;
7840	ctsio->kern_rel_offset = 0;
7841
7842	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7843	scsi_ulto2b(sizeof(*data) - 2, data->length);
7844	data->origin = RTS_ORIG_OUTSIDE;
7845	getmicrotime(&tv);
7846	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7847	scsi_ulto4b(timestamp >> 16, data->timestamp);
7848	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7849
7850	ctl_set_success(ctsio);
7851	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7852	ctsio->be_move_done = ctl_config_move_done;
7853	ctl_datamove((union ctl_io *)ctsio);
7854	return (retval);
7855}
7856
7857int
7858ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7859{
7860	struct scsi_per_res_in *cdb;
7861	int alloc_len, total_len = 0;
7862	/* struct scsi_per_res_in_rsrv in_data; */
7863	struct ctl_lun *lun;
7864	struct ctl_softc *softc;
7865	uint64_t key;
7866
7867	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7868
7869	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7870
7871	alloc_len = scsi_2btoul(cdb->length);
7872
7873	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7874	softc = lun->ctl_softc;
7875
7876retry:
7877	mtx_lock(&lun->lun_lock);
7878	switch (cdb->action) {
7879	case SPRI_RK: /* read keys */
7880		total_len = sizeof(struct scsi_per_res_in_keys) +
7881			lun->pr_key_count *
7882			sizeof(struct scsi_per_res_key);
7883		break;
7884	case SPRI_RR: /* read reservation */
7885		if (lun->flags & CTL_LUN_PR_RESERVED)
7886			total_len = sizeof(struct scsi_per_res_in_rsrv);
7887		else
7888			total_len = sizeof(struct scsi_per_res_in_header);
7889		break;
7890	case SPRI_RC: /* report capabilities */
7891		total_len = sizeof(struct scsi_per_res_cap);
7892		break;
7893	case SPRI_RS: /* read full status */
7894		total_len = sizeof(struct scsi_per_res_in_header) +
7895		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7896		    lun->pr_key_count;
7897		break;
7898	default:
7899		panic("Invalid PR type %x", cdb->action);
7900	}
7901	mtx_unlock(&lun->lun_lock);
7902
7903	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7904
7905	if (total_len < alloc_len) {
7906		ctsio->residual = alloc_len - total_len;
7907		ctsio->kern_data_len = total_len;
7908		ctsio->kern_total_len = total_len;
7909	} else {
7910		ctsio->residual = 0;
7911		ctsio->kern_data_len = alloc_len;
7912		ctsio->kern_total_len = alloc_len;
7913	}
7914
7915	ctsio->kern_data_resid = 0;
7916	ctsio->kern_rel_offset = 0;
7917	ctsio->kern_sg_entries = 0;
7918
7919	mtx_lock(&lun->lun_lock);
7920	switch (cdb->action) {
7921	case SPRI_RK: { // read keys
7922        struct scsi_per_res_in_keys *res_keys;
7923		int i, key_count;
7924
7925		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7926
7927		/*
7928		 * We had to drop the lock to allocate our buffer, which
7929		 * leaves time for someone to come in with another
7930		 * persistent reservation.  (That is unlikely, though,
7931		 * since this should be the only persistent reservation
7932		 * command active right now.)
7933		 */
7934		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7935		    (lun->pr_key_count *
7936		     sizeof(struct scsi_per_res_key)))){
7937			mtx_unlock(&lun->lun_lock);
7938			free(ctsio->kern_data_ptr, M_CTL);
7939			printf("%s: reservation length changed, retrying\n",
7940			       __func__);
7941			goto retry;
7942		}
7943
7944		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7945
7946		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7947			     lun->pr_key_count, res_keys->header.length);
7948
7949		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7950			if ((key = ctl_get_prkey(lun, i)) == 0)
7951				continue;
7952
7953			/*
7954			 * We used lun->pr_key_count to calculate the
7955			 * size to allocate.  If it turns out the number of
7956			 * initiators with the registered flag set is
7957			 * larger than that (i.e. they haven't been kept in
7958			 * sync), we've got a problem.
7959			 */
7960			if (key_count >= lun->pr_key_count) {
7961#ifdef NEEDTOPORT
7962				csevent_log(CSC_CTL | CSC_SHELF_SW |
7963					    CTL_PR_ERROR,
7964					    csevent_LogType_Fault,
7965					    csevent_AlertLevel_Yellow,
7966					    csevent_FRU_ShelfController,
7967					    csevent_FRU_Firmware,
7968				        csevent_FRU_Unknown,
7969					    "registered keys %d >= key "
7970					    "count %d", key_count,
7971					    lun->pr_key_count);
7972#endif
7973				key_count++;
7974				continue;
7975			}
7976			scsi_u64to8b(key, res_keys->keys[key_count].key);
7977			key_count++;
7978		}
7979		break;
7980	}
7981	case SPRI_RR: { // read reservation
7982		struct scsi_per_res_in_rsrv *res;
7983		int tmp_len, header_only;
7984
7985		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7986
7987		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7988
7989		if (lun->flags & CTL_LUN_PR_RESERVED)
7990		{
7991			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7992			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7993				    res->header.length);
7994			header_only = 0;
7995		} else {
7996			tmp_len = sizeof(struct scsi_per_res_in_header);
7997			scsi_ulto4b(0, res->header.length);
7998			header_only = 1;
7999		}
8000
8001		/*
8002		 * We had to drop the lock to allocate our buffer, which
8003		 * leaves time for someone to come in with another
8004		 * persistent reservation.  (That is unlikely, though,
8005		 * since this should be the only persistent reservation
8006		 * command active right now.)
8007		 */
8008		if (tmp_len != total_len) {
8009			mtx_unlock(&lun->lun_lock);
8010			free(ctsio->kern_data_ptr, M_CTL);
8011			printf("%s: reservation status changed, retrying\n",
8012			       __func__);
8013			goto retry;
8014		}
8015
8016		/*
8017		 * No reservation held, so we're done.
8018		 */
8019		if (header_only != 0)
8020			break;
8021
8022		/*
8023		 * If the registration is an All Registrants type, the key
8024		 * is 0, since it doesn't really matter.
8025		 */
8026		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8027			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
8028			    res->data.reservation);
8029		}
8030		res->data.scopetype = lun->res_type;
8031		break;
8032	}
8033	case SPRI_RC:     //report capabilities
8034	{
8035		struct scsi_per_res_cap *res_cap;
8036		uint16_t type_mask;
8037
8038		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
8039		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
8040		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
8041		type_mask = SPRI_TM_WR_EX_AR |
8042			    SPRI_TM_EX_AC_RO |
8043			    SPRI_TM_WR_EX_RO |
8044			    SPRI_TM_EX_AC |
8045			    SPRI_TM_WR_EX |
8046			    SPRI_TM_EX_AC_AR;
8047		scsi_ulto2b(type_mask, res_cap->type_mask);
8048		break;
8049	}
8050	case SPRI_RS: { // read full status
8051		struct scsi_per_res_in_full *res_status;
8052		struct scsi_per_res_in_full_desc *res_desc;
8053		struct ctl_port *port;
8054		int i, len;
8055
8056		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
8057
8058		/*
8059		 * We had to drop the lock to allocate our buffer, which
8060		 * leaves time for someone to come in with another
8061		 * persistent reservation.  (That is unlikely, though,
8062		 * since this should be the only persistent reservation
8063		 * command active right now.)
8064		 */
8065		if (total_len < (sizeof(struct scsi_per_res_in_header) +
8066		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
8067		     lun->pr_key_count)){
8068			mtx_unlock(&lun->lun_lock);
8069			free(ctsio->kern_data_ptr, M_CTL);
8070			printf("%s: reservation length changed, retrying\n",
8071			       __func__);
8072			goto retry;
8073		}
8074
8075		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
8076
8077		res_desc = &res_status->desc[0];
8078		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8079			if ((key = ctl_get_prkey(lun, i)) == 0)
8080				continue;
8081
8082			scsi_u64to8b(key, res_desc->res_key.key);
8083			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
8084			    (lun->pr_res_idx == i ||
8085			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
8086				res_desc->flags = SPRI_FULL_R_HOLDER;
8087				res_desc->scopetype = lun->res_type;
8088			}
8089			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
8090			    res_desc->rel_trgt_port_id);
8091			len = 0;
8092			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
8093			if (port != NULL)
8094				len = ctl_create_iid(port,
8095				    i % CTL_MAX_INIT_PER_PORT,
8096				    res_desc->transport_id);
8097			scsi_ulto4b(len, res_desc->additional_length);
8098			res_desc = (struct scsi_per_res_in_full_desc *)
8099			    &res_desc->transport_id[len];
8100		}
8101		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
8102		    res_status->header.length);
8103		break;
8104	}
8105	default:
8106		/*
8107		 * This is a bug, because we just checked for this above,
8108		 * and should have returned an error.
8109		 */
8110		panic("Invalid PR type %x", cdb->action);
8111		break; /* NOTREACHED */
8112	}
8113	mtx_unlock(&lun->lun_lock);
8114
8115	ctl_set_success(ctsio);
8116	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8117	ctsio->be_move_done = ctl_config_move_done;
8118	ctl_datamove((union ctl_io *)ctsio);
8119	return (CTL_RETVAL_COMPLETE);
8120}
8121
8122/*
8123 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
8124 * it should return.
8125 */
8126static int
8127ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
8128		uint64_t sa_res_key, uint8_t type, uint32_t residx,
8129		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
8130		struct scsi_per_res_out_parms* param)
8131{
8132	union ctl_ha_msg persis_io;
8133	int i;
8134
8135	mtx_lock(&lun->lun_lock);
8136	if (sa_res_key == 0) {
8137		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8138			/* validate scope and type */
8139			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8140			     SPR_LU_SCOPE) {
8141				mtx_unlock(&lun->lun_lock);
8142				ctl_set_invalid_field(/*ctsio*/ ctsio,
8143						      /*sks_valid*/ 1,
8144						      /*command*/ 1,
8145						      /*field*/ 2,
8146						      /*bit_valid*/ 1,
8147						      /*bit*/ 4);
8148				ctl_done((union ctl_io *)ctsio);
8149				return (1);
8150			}
8151
8152		        if (type>8 || type==2 || type==4 || type==0) {
8153				mtx_unlock(&lun->lun_lock);
8154				ctl_set_invalid_field(/*ctsio*/ ctsio,
8155       	           				      /*sks_valid*/ 1,
8156						      /*command*/ 1,
8157						      /*field*/ 2,
8158						      /*bit_valid*/ 1,
8159						      /*bit*/ 0);
8160				ctl_done((union ctl_io *)ctsio);
8161				return (1);
8162		        }
8163
8164			/*
8165			 * Unregister everybody else and build UA for
8166			 * them
8167			 */
8168			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8169				if (i == residx || ctl_get_prkey(lun, i) == 0)
8170					continue;
8171
8172				ctl_clr_prkey(lun, i);
8173				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8174			}
8175			lun->pr_key_count = 1;
8176			lun->res_type = type;
8177			if (lun->res_type != SPR_TYPE_WR_EX_AR
8178			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8179				lun->pr_res_idx = residx;
8180			lun->PRGeneration++;
8181			mtx_unlock(&lun->lun_lock);
8182
8183			/* send msg to other side */
8184			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8185			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8186			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8187			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8188			persis_io.pr.pr_info.res_type = type;
8189			memcpy(persis_io.pr.pr_info.sa_res_key,
8190			       param->serv_act_res_key,
8191			       sizeof(param->serv_act_res_key));
8192			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8193			    sizeof(persis_io.pr), M_WAITOK);
8194		} else {
8195			/* not all registrants */
8196			mtx_unlock(&lun->lun_lock);
8197			free(ctsio->kern_data_ptr, M_CTL);
8198			ctl_set_invalid_field(ctsio,
8199					      /*sks_valid*/ 1,
8200					      /*command*/ 0,
8201					      /*field*/ 8,
8202					      /*bit_valid*/ 0,
8203					      /*bit*/ 0);
8204			ctl_done((union ctl_io *)ctsio);
8205			return (1);
8206		}
8207	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8208		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8209		int found = 0;
8210
8211		if (res_key == sa_res_key) {
8212			/* special case */
8213			/*
8214			 * The spec implies this is not good but doesn't
8215			 * say what to do. There are two choices either
8216			 * generate a res conflict or check condition
8217			 * with illegal field in parameter data. Since
8218			 * that is what is done when the sa_res_key is
8219			 * zero I'll take that approach since this has
8220			 * to do with the sa_res_key.
8221			 */
8222			mtx_unlock(&lun->lun_lock);
8223			free(ctsio->kern_data_ptr, M_CTL);
8224			ctl_set_invalid_field(ctsio,
8225					      /*sks_valid*/ 1,
8226					      /*command*/ 0,
8227					      /*field*/ 8,
8228					      /*bit_valid*/ 0,
8229					      /*bit*/ 0);
8230			ctl_done((union ctl_io *)ctsio);
8231			return (1);
8232		}
8233
8234		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8235			if (ctl_get_prkey(lun, i) != sa_res_key)
8236				continue;
8237
8238			found = 1;
8239			ctl_clr_prkey(lun, i);
8240			lun->pr_key_count--;
8241			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8242		}
8243		if (!found) {
8244			mtx_unlock(&lun->lun_lock);
8245			free(ctsio->kern_data_ptr, M_CTL);
8246			ctl_set_reservation_conflict(ctsio);
8247			ctl_done((union ctl_io *)ctsio);
8248			return (CTL_RETVAL_COMPLETE);
8249		}
8250		lun->PRGeneration++;
8251		mtx_unlock(&lun->lun_lock);
8252
8253		/* send msg to other side */
8254		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8255		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8256		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8257		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8258		persis_io.pr.pr_info.res_type = type;
8259		memcpy(persis_io.pr.pr_info.sa_res_key,
8260		       param->serv_act_res_key,
8261		       sizeof(param->serv_act_res_key));
8262		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8263		    sizeof(persis_io.pr), M_WAITOK);
8264	} else {
8265		/* Reserved but not all registrants */
8266		/* sa_res_key is res holder */
8267		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
8268			/* validate scope and type */
8269			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8270			     SPR_LU_SCOPE) {
8271				mtx_unlock(&lun->lun_lock);
8272				ctl_set_invalid_field(/*ctsio*/ ctsio,
8273						      /*sks_valid*/ 1,
8274						      /*command*/ 1,
8275						      /*field*/ 2,
8276						      /*bit_valid*/ 1,
8277						      /*bit*/ 4);
8278				ctl_done((union ctl_io *)ctsio);
8279				return (1);
8280			}
8281
8282			if (type>8 || type==2 || type==4 || type==0) {
8283				mtx_unlock(&lun->lun_lock);
8284				ctl_set_invalid_field(/*ctsio*/ ctsio,
8285						      /*sks_valid*/ 1,
8286						      /*command*/ 1,
8287						      /*field*/ 2,
8288						      /*bit_valid*/ 1,
8289						      /*bit*/ 0);
8290				ctl_done((union ctl_io *)ctsio);
8291				return (1);
8292			}
8293
8294			/*
8295			 * Do the following:
8296			 * if sa_res_key != res_key remove all
8297			 * registrants w/sa_res_key and generate UA
8298			 * for these registrants(Registrations
8299			 * Preempted) if it wasn't an exclusive
8300			 * reservation generate UA(Reservations
8301			 * Preempted) for all other registered nexuses
8302			 * if the type has changed. Establish the new
8303			 * reservation and holder. If res_key and
8304			 * sa_res_key are the same do the above
8305			 * except don't unregister the res holder.
8306			 */
8307
8308			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8309				if (i == residx || ctl_get_prkey(lun, i) == 0)
8310					continue;
8311
8312				if (sa_res_key == ctl_get_prkey(lun, i)) {
8313					ctl_clr_prkey(lun, i);
8314					lun->pr_key_count--;
8315					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8316				} else if (type != lun->res_type
8317					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8318					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8319					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8320				}
8321			}
8322			lun->res_type = type;
8323			if (lun->res_type != SPR_TYPE_WR_EX_AR
8324			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8325				lun->pr_res_idx = residx;
8326			else
8327				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8328			lun->PRGeneration++;
8329			mtx_unlock(&lun->lun_lock);
8330
8331			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8332			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8333			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8334			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8335			persis_io.pr.pr_info.res_type = type;
8336			memcpy(persis_io.pr.pr_info.sa_res_key,
8337			       param->serv_act_res_key,
8338			       sizeof(param->serv_act_res_key));
8339			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8340			    sizeof(persis_io.pr), M_WAITOK);
8341		} else {
8342			/*
8343			 * sa_res_key is not the res holder just
8344			 * remove registrants
8345			 */
8346			int found=0;
8347
8348			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8349				if (sa_res_key != ctl_get_prkey(lun, i))
8350					continue;
8351
8352				found = 1;
8353				ctl_clr_prkey(lun, i);
8354				lun->pr_key_count--;
8355				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8356			}
8357
8358			if (!found) {
8359				mtx_unlock(&lun->lun_lock);
8360				free(ctsio->kern_data_ptr, M_CTL);
8361				ctl_set_reservation_conflict(ctsio);
8362				ctl_done((union ctl_io *)ctsio);
8363		        	return (1);
8364			}
8365			lun->PRGeneration++;
8366			mtx_unlock(&lun->lun_lock);
8367
8368			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8369			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8370			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8371			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8372			persis_io.pr.pr_info.res_type = type;
8373			memcpy(persis_io.pr.pr_info.sa_res_key,
8374			       param->serv_act_res_key,
8375			       sizeof(param->serv_act_res_key));
8376			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8377			    sizeof(persis_io.pr), M_WAITOK);
8378		}
8379	}
8380	return (0);
8381}
8382
8383static void
8384ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8385{
8386	uint64_t sa_res_key;
8387	int i;
8388
8389	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8390
8391	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8392	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8393	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8394		if (sa_res_key == 0) {
8395			/*
8396			 * Unregister everybody else and build UA for
8397			 * them
8398			 */
8399			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8400				if (i == msg->pr.pr_info.residx ||
8401				    ctl_get_prkey(lun, i) == 0)
8402					continue;
8403
8404				ctl_clr_prkey(lun, i);
8405				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8406			}
8407
8408			lun->pr_key_count = 1;
8409			lun->res_type = msg->pr.pr_info.res_type;
8410			if (lun->res_type != SPR_TYPE_WR_EX_AR
8411			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8412				lun->pr_res_idx = msg->pr.pr_info.residx;
8413		} else {
8414		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8415				if (sa_res_key == ctl_get_prkey(lun, i))
8416					continue;
8417
8418				ctl_clr_prkey(lun, i);
8419				lun->pr_key_count--;
8420				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8421			}
8422		}
8423	} else {
8424		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8425			if (i == msg->pr.pr_info.residx ||
8426			    ctl_get_prkey(lun, i) == 0)
8427				continue;
8428
8429			if (sa_res_key == ctl_get_prkey(lun, i)) {
8430				ctl_clr_prkey(lun, i);
8431				lun->pr_key_count--;
8432				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8433			} else if (msg->pr.pr_info.res_type != lun->res_type
8434				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8435				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8436				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8437			}
8438		}
8439		lun->res_type = msg->pr.pr_info.res_type;
8440		if (lun->res_type != SPR_TYPE_WR_EX_AR
8441		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8442			lun->pr_res_idx = msg->pr.pr_info.residx;
8443		else
8444			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8445	}
8446	lun->PRGeneration++;
8447
8448}
8449
8450
8451int
8452ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8453{
8454	int retval;
8455	u_int32_t param_len;
8456	struct scsi_per_res_out *cdb;
8457	struct ctl_lun *lun;
8458	struct scsi_per_res_out_parms* param;
8459	struct ctl_softc *softc;
8460	uint32_t residx;
8461	uint64_t res_key, sa_res_key, key;
8462	uint8_t type;
8463	union ctl_ha_msg persis_io;
8464	int    i;
8465
8466	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8467
8468	retval = CTL_RETVAL_COMPLETE;
8469
8470	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8471	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8472	softc = lun->ctl_softc;
8473
8474	/*
8475	 * We only support whole-LUN scope.  The scope & type are ignored for
8476	 * register, register and ignore existing key and clear.
8477	 * We sometimes ignore scope and type on preempts too!!
8478	 * Verify reservation type here as well.
8479	 */
8480	type = cdb->scope_type & SPR_TYPE_MASK;
8481	if ((cdb->action == SPRO_RESERVE)
8482	 || (cdb->action == SPRO_RELEASE)) {
8483		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8484			ctl_set_invalid_field(/*ctsio*/ ctsio,
8485					      /*sks_valid*/ 1,
8486					      /*command*/ 1,
8487					      /*field*/ 2,
8488					      /*bit_valid*/ 1,
8489					      /*bit*/ 4);
8490			ctl_done((union ctl_io *)ctsio);
8491			return (CTL_RETVAL_COMPLETE);
8492		}
8493
8494		if (type>8 || type==2 || type==4 || type==0) {
8495			ctl_set_invalid_field(/*ctsio*/ ctsio,
8496					      /*sks_valid*/ 1,
8497					      /*command*/ 1,
8498					      /*field*/ 2,
8499					      /*bit_valid*/ 1,
8500					      /*bit*/ 0);
8501			ctl_done((union ctl_io *)ctsio);
8502			return (CTL_RETVAL_COMPLETE);
8503		}
8504	}
8505
8506	param_len = scsi_4btoul(cdb->length);
8507
8508	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8509		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8510		ctsio->kern_data_len = param_len;
8511		ctsio->kern_total_len = param_len;
8512		ctsio->kern_data_resid = 0;
8513		ctsio->kern_rel_offset = 0;
8514		ctsio->kern_sg_entries = 0;
8515		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8516		ctsio->be_move_done = ctl_config_move_done;
8517		ctl_datamove((union ctl_io *)ctsio);
8518
8519		return (CTL_RETVAL_COMPLETE);
8520	}
8521
8522	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8523
8524	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8525	res_key = scsi_8btou64(param->res_key.key);
8526	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8527
8528	/*
8529	 * Validate the reservation key here except for SPRO_REG_IGNO
8530	 * This must be done for all other service actions
8531	 */
8532	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8533		mtx_lock(&lun->lun_lock);
8534		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8535			if (res_key != key) {
8536				/*
8537				 * The current key passed in doesn't match
8538				 * the one the initiator previously
8539				 * registered.
8540				 */
8541				mtx_unlock(&lun->lun_lock);
8542				free(ctsio->kern_data_ptr, M_CTL);
8543				ctl_set_reservation_conflict(ctsio);
8544				ctl_done((union ctl_io *)ctsio);
8545				return (CTL_RETVAL_COMPLETE);
8546			}
8547		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8548			/*
8549			 * We are not registered
8550			 */
8551			mtx_unlock(&lun->lun_lock);
8552			free(ctsio->kern_data_ptr, M_CTL);
8553			ctl_set_reservation_conflict(ctsio);
8554			ctl_done((union ctl_io *)ctsio);
8555			return (CTL_RETVAL_COMPLETE);
8556		} else if (res_key != 0) {
8557			/*
8558			 * We are not registered and trying to register but
8559			 * the register key isn't zero.
8560			 */
8561			mtx_unlock(&lun->lun_lock);
8562			free(ctsio->kern_data_ptr, M_CTL);
8563			ctl_set_reservation_conflict(ctsio);
8564			ctl_done((union ctl_io *)ctsio);
8565			return (CTL_RETVAL_COMPLETE);
8566		}
8567		mtx_unlock(&lun->lun_lock);
8568	}
8569
8570	switch (cdb->action & SPRO_ACTION_MASK) {
8571	case SPRO_REGISTER:
8572	case SPRO_REG_IGNO: {
8573
8574#if 0
8575		printf("Registration received\n");
8576#endif
8577
8578		/*
8579		 * We don't support any of these options, as we report in
8580		 * the read capabilities request (see
8581		 * ctl_persistent_reserve_in(), above).
8582		 */
8583		if ((param->flags & SPR_SPEC_I_PT)
8584		 || (param->flags & SPR_ALL_TG_PT)
8585		 || (param->flags & SPR_APTPL)) {
8586			int bit_ptr;
8587
8588			if (param->flags & SPR_APTPL)
8589				bit_ptr = 0;
8590			else if (param->flags & SPR_ALL_TG_PT)
8591				bit_ptr = 2;
8592			else /* SPR_SPEC_I_PT */
8593				bit_ptr = 3;
8594
8595			free(ctsio->kern_data_ptr, M_CTL);
8596			ctl_set_invalid_field(ctsio,
8597					      /*sks_valid*/ 1,
8598					      /*command*/ 0,
8599					      /*field*/ 20,
8600					      /*bit_valid*/ 1,
8601					      /*bit*/ bit_ptr);
8602			ctl_done((union ctl_io *)ctsio);
8603			return (CTL_RETVAL_COMPLETE);
8604		}
8605
8606		mtx_lock(&lun->lun_lock);
8607
8608		/*
8609		 * The initiator wants to clear the
8610		 * key/unregister.
8611		 */
8612		if (sa_res_key == 0) {
8613			if ((res_key == 0
8614			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8615			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8616			  && ctl_get_prkey(lun, residx) == 0)) {
8617				mtx_unlock(&lun->lun_lock);
8618				goto done;
8619			}
8620
8621			ctl_clr_prkey(lun, residx);
8622			lun->pr_key_count--;
8623
8624			if (residx == lun->pr_res_idx) {
8625				lun->flags &= ~CTL_LUN_PR_RESERVED;
8626				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8627
8628				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8629				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8630				 && lun->pr_key_count) {
8631					/*
8632					 * If the reservation is a registrants
8633					 * only type we need to generate a UA
8634					 * for other registered inits.  The
8635					 * sense code should be RESERVATIONS
8636					 * RELEASED
8637					 */
8638
8639					for (i = softc->init_min; i < softc->init_max; i++){
8640						if (ctl_get_prkey(lun, i) == 0)
8641							continue;
8642						ctl_est_ua(lun, i,
8643						    CTL_UA_RES_RELEASE);
8644					}
8645				}
8646				lun->res_type = 0;
8647			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8648				if (lun->pr_key_count==0) {
8649					lun->flags &= ~CTL_LUN_PR_RESERVED;
8650					lun->res_type = 0;
8651					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8652				}
8653			}
8654			lun->PRGeneration++;
8655			mtx_unlock(&lun->lun_lock);
8656
8657			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8658			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8659			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8660			persis_io.pr.pr_info.residx = residx;
8661			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8662			    sizeof(persis_io.pr), M_WAITOK);
8663		} else /* sa_res_key != 0 */ {
8664
8665			/*
8666			 * If we aren't registered currently then increment
8667			 * the key count and set the registered flag.
8668			 */
8669			ctl_alloc_prkey(lun, residx);
8670			if (ctl_get_prkey(lun, residx) == 0)
8671				lun->pr_key_count++;
8672			ctl_set_prkey(lun, residx, sa_res_key);
8673			lun->PRGeneration++;
8674			mtx_unlock(&lun->lun_lock);
8675
8676			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8677			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8678			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8679			persis_io.pr.pr_info.residx = residx;
8680			memcpy(persis_io.pr.pr_info.sa_res_key,
8681			       param->serv_act_res_key,
8682			       sizeof(param->serv_act_res_key));
8683			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8684			    sizeof(persis_io.pr), M_WAITOK);
8685		}
8686
8687		break;
8688	}
8689	case SPRO_RESERVE:
8690#if 0
8691                printf("Reserve executed type %d\n", type);
8692#endif
8693		mtx_lock(&lun->lun_lock);
8694		if (lun->flags & CTL_LUN_PR_RESERVED) {
8695			/*
8696			 * if this isn't the reservation holder and it's
8697			 * not a "all registrants" type or if the type is
8698			 * different then we have a conflict
8699			 */
8700			if ((lun->pr_res_idx != residx
8701			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8702			 || lun->res_type != type) {
8703				mtx_unlock(&lun->lun_lock);
8704				free(ctsio->kern_data_ptr, M_CTL);
8705				ctl_set_reservation_conflict(ctsio);
8706				ctl_done((union ctl_io *)ctsio);
8707				return (CTL_RETVAL_COMPLETE);
8708			}
8709			mtx_unlock(&lun->lun_lock);
8710		} else /* create a reservation */ {
8711			/*
8712			 * If it's not an "all registrants" type record
8713			 * reservation holder
8714			 */
8715			if (type != SPR_TYPE_WR_EX_AR
8716			 && type != SPR_TYPE_EX_AC_AR)
8717				lun->pr_res_idx = residx; /* Res holder */
8718			else
8719				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8720
8721			lun->flags |= CTL_LUN_PR_RESERVED;
8722			lun->res_type = type;
8723
8724			mtx_unlock(&lun->lun_lock);
8725
8726			/* send msg to other side */
8727			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8728			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8729			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8730			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8731			persis_io.pr.pr_info.res_type = type;
8732			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8733			    sizeof(persis_io.pr), M_WAITOK);
8734		}
8735		break;
8736
8737	case SPRO_RELEASE:
8738		mtx_lock(&lun->lun_lock);
8739		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8740			/* No reservation exists return good status */
8741			mtx_unlock(&lun->lun_lock);
8742			goto done;
8743		}
8744		/*
8745		 * Is this nexus a reservation holder?
8746		 */
8747		if (lun->pr_res_idx != residx
8748		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8749			/*
8750			 * not a res holder return good status but
8751			 * do nothing
8752			 */
8753			mtx_unlock(&lun->lun_lock);
8754			goto done;
8755		}
8756
8757		if (lun->res_type != type) {
8758			mtx_unlock(&lun->lun_lock);
8759			free(ctsio->kern_data_ptr, M_CTL);
8760			ctl_set_illegal_pr_release(ctsio);
8761			ctl_done((union ctl_io *)ctsio);
8762			return (CTL_RETVAL_COMPLETE);
8763		}
8764
8765		/* okay to release */
8766		lun->flags &= ~CTL_LUN_PR_RESERVED;
8767		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8768		lun->res_type = 0;
8769
8770		/*
8771		 * if this isn't an exclusive access
8772		 * res generate UA for all other
8773		 * registrants.
8774		 */
8775		if (type != SPR_TYPE_EX_AC
8776		 && type != SPR_TYPE_WR_EX) {
8777			for (i = softc->init_min; i < softc->init_max; i++) {
8778				if (i == residx || ctl_get_prkey(lun, i) == 0)
8779					continue;
8780				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8781			}
8782		}
8783		mtx_unlock(&lun->lun_lock);
8784
8785		/* Send msg to other side */
8786		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8787		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8788		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8789		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8790		     sizeof(persis_io.pr), M_WAITOK);
8791		break;
8792
8793	case SPRO_CLEAR:
8794		/* send msg to other side */
8795
8796		mtx_lock(&lun->lun_lock);
8797		lun->flags &= ~CTL_LUN_PR_RESERVED;
8798		lun->res_type = 0;
8799		lun->pr_key_count = 0;
8800		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8801
8802		ctl_clr_prkey(lun, residx);
8803		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8804			if (ctl_get_prkey(lun, i) != 0) {
8805				ctl_clr_prkey(lun, i);
8806				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8807			}
8808		lun->PRGeneration++;
8809		mtx_unlock(&lun->lun_lock);
8810
8811		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8812		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8813		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8814		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8815		     sizeof(persis_io.pr), M_WAITOK);
8816		break;
8817
8818	case SPRO_PREEMPT:
8819	case SPRO_PRE_ABO: {
8820		int nretval;
8821
8822		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8823					  residx, ctsio, cdb, param);
8824		if (nretval != 0)
8825			return (CTL_RETVAL_COMPLETE);
8826		break;
8827	}
8828	default:
8829		panic("Invalid PR type %x", cdb->action);
8830	}
8831
8832done:
8833	free(ctsio->kern_data_ptr, M_CTL);
8834	ctl_set_success(ctsio);
8835	ctl_done((union ctl_io *)ctsio);
8836
8837	return (retval);
8838}
8839
8840/*
8841 * This routine is for handling a message from the other SC pertaining to
8842 * persistent reserve out. All the error checking will have been done
8843 * so only perorming the action need be done here to keep the two
8844 * in sync.
8845 */
8846static void
8847ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8848{
8849	struct ctl_softc *softc = control_softc;
8850	struct ctl_lun *lun;
8851	int i;
8852	uint32_t residx, targ_lun;
8853
8854	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8855	mtx_lock(&softc->ctl_lock);
8856	if ((targ_lun >= CTL_MAX_LUNS) ||
8857	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8858		mtx_unlock(&softc->ctl_lock);
8859		return;
8860	}
8861	mtx_lock(&lun->lun_lock);
8862	mtx_unlock(&softc->ctl_lock);
8863	if (lun->flags & CTL_LUN_DISABLED) {
8864		mtx_unlock(&lun->lun_lock);
8865		return;
8866	}
8867	residx = ctl_get_initindex(&msg->hdr.nexus);
8868	switch(msg->pr.pr_info.action) {
8869	case CTL_PR_REG_KEY:
8870		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8871		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8872			lun->pr_key_count++;
8873		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8874		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8875		lun->PRGeneration++;
8876		break;
8877
8878	case CTL_PR_UNREG_KEY:
8879		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8880		lun->pr_key_count--;
8881
8882		/* XXX Need to see if the reservation has been released */
8883		/* if so do we need to generate UA? */
8884		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8885			lun->flags &= ~CTL_LUN_PR_RESERVED;
8886			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8887
8888			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8889			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8890			 && lun->pr_key_count) {
8891				/*
8892				 * If the reservation is a registrants
8893				 * only type we need to generate a UA
8894				 * for other registered inits.  The
8895				 * sense code should be RESERVATIONS
8896				 * RELEASED
8897				 */
8898
8899				for (i = softc->init_min; i < softc->init_max; i++) {
8900					if (ctl_get_prkey(lun, i) == 0)
8901						continue;
8902
8903					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8904				}
8905			}
8906			lun->res_type = 0;
8907		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8908			if (lun->pr_key_count==0) {
8909				lun->flags &= ~CTL_LUN_PR_RESERVED;
8910				lun->res_type = 0;
8911				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8912			}
8913		}
8914		lun->PRGeneration++;
8915		break;
8916
8917	case CTL_PR_RESERVE:
8918		lun->flags |= CTL_LUN_PR_RESERVED;
8919		lun->res_type = msg->pr.pr_info.res_type;
8920		lun->pr_res_idx = msg->pr.pr_info.residx;
8921
8922		break;
8923
8924	case CTL_PR_RELEASE:
8925		/*
8926		 * if this isn't an exclusive access res generate UA for all
8927		 * other registrants.
8928		 */
8929		if (lun->res_type != SPR_TYPE_EX_AC
8930		 && lun->res_type != SPR_TYPE_WR_EX) {
8931			for (i = softc->init_min; i < softc->init_max; i++)
8932				if (i == residx || ctl_get_prkey(lun, i) == 0)
8933					continue;
8934				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8935		}
8936
8937		lun->flags &= ~CTL_LUN_PR_RESERVED;
8938		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8939		lun->res_type = 0;
8940		break;
8941
8942	case CTL_PR_PREEMPT:
8943		ctl_pro_preempt_other(lun, msg);
8944		break;
8945	case CTL_PR_CLEAR:
8946		lun->flags &= ~CTL_LUN_PR_RESERVED;
8947		lun->res_type = 0;
8948		lun->pr_key_count = 0;
8949		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8950
8951		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8952			if (ctl_get_prkey(lun, i) == 0)
8953				continue;
8954			ctl_clr_prkey(lun, i);
8955			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8956		}
8957		lun->PRGeneration++;
8958		break;
8959	}
8960
8961	mtx_unlock(&lun->lun_lock);
8962}
8963
8964int
8965ctl_read_write(struct ctl_scsiio *ctsio)
8966{
8967	struct ctl_lun *lun;
8968	struct ctl_lba_len_flags *lbalen;
8969	uint64_t lba;
8970	uint32_t num_blocks;
8971	int flags, retval;
8972	int isread;
8973
8974	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8975
8976	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8977
8978	flags = 0;
8979	retval = CTL_RETVAL_COMPLETE;
8980
8981	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8982	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8983	switch (ctsio->cdb[0]) {
8984	case READ_6:
8985	case WRITE_6: {
8986		struct scsi_rw_6 *cdb;
8987
8988		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8989
8990		lba = scsi_3btoul(cdb->addr);
8991		/* only 5 bits are valid in the most significant address byte */
8992		lba &= 0x1fffff;
8993		num_blocks = cdb->length;
8994		/*
8995		 * This is correct according to SBC-2.
8996		 */
8997		if (num_blocks == 0)
8998			num_blocks = 256;
8999		break;
9000	}
9001	case READ_10:
9002	case WRITE_10: {
9003		struct scsi_rw_10 *cdb;
9004
9005		cdb = (struct scsi_rw_10 *)ctsio->cdb;
9006		if (cdb->byte2 & SRW10_FUA)
9007			flags |= CTL_LLF_FUA;
9008		if (cdb->byte2 & SRW10_DPO)
9009			flags |= CTL_LLF_DPO;
9010		lba = scsi_4btoul(cdb->addr);
9011		num_blocks = scsi_2btoul(cdb->length);
9012		break;
9013	}
9014	case WRITE_VERIFY_10: {
9015		struct scsi_write_verify_10 *cdb;
9016
9017		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
9018		flags |= CTL_LLF_FUA;
9019		if (cdb->byte2 & SWV_DPO)
9020			flags |= CTL_LLF_DPO;
9021		lba = scsi_4btoul(cdb->addr);
9022		num_blocks = scsi_2btoul(cdb->length);
9023		break;
9024	}
9025	case READ_12:
9026	case WRITE_12: {
9027		struct scsi_rw_12 *cdb;
9028
9029		cdb = (struct scsi_rw_12 *)ctsio->cdb;
9030		if (cdb->byte2 & SRW12_FUA)
9031			flags |= CTL_LLF_FUA;
9032		if (cdb->byte2 & SRW12_DPO)
9033			flags |= CTL_LLF_DPO;
9034		lba = scsi_4btoul(cdb->addr);
9035		num_blocks = scsi_4btoul(cdb->length);
9036		break;
9037	}
9038	case WRITE_VERIFY_12: {
9039		struct scsi_write_verify_12 *cdb;
9040
9041		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
9042		flags |= CTL_LLF_FUA;
9043		if (cdb->byte2 & SWV_DPO)
9044			flags |= CTL_LLF_DPO;
9045		lba = scsi_4btoul(cdb->addr);
9046		num_blocks = scsi_4btoul(cdb->length);
9047		break;
9048	}
9049	case READ_16:
9050	case WRITE_16: {
9051		struct scsi_rw_16 *cdb;
9052
9053		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9054		if (cdb->byte2 & SRW12_FUA)
9055			flags |= CTL_LLF_FUA;
9056		if (cdb->byte2 & SRW12_DPO)
9057			flags |= CTL_LLF_DPO;
9058		lba = scsi_8btou64(cdb->addr);
9059		num_blocks = scsi_4btoul(cdb->length);
9060		break;
9061	}
9062	case WRITE_ATOMIC_16: {
9063		struct scsi_write_atomic_16 *cdb;
9064
9065		if (lun->be_lun->atomicblock == 0) {
9066			ctl_set_invalid_opcode(ctsio);
9067			ctl_done((union ctl_io *)ctsio);
9068			return (CTL_RETVAL_COMPLETE);
9069		}
9070
9071		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
9072		if (cdb->byte2 & SRW12_FUA)
9073			flags |= CTL_LLF_FUA;
9074		if (cdb->byte2 & SRW12_DPO)
9075			flags |= CTL_LLF_DPO;
9076		lba = scsi_8btou64(cdb->addr);
9077		num_blocks = scsi_2btoul(cdb->length);
9078		if (num_blocks > lun->be_lun->atomicblock) {
9079			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
9080			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
9081			    /*bit*/ 0);
9082			ctl_done((union ctl_io *)ctsio);
9083			return (CTL_RETVAL_COMPLETE);
9084		}
9085		break;
9086	}
9087	case WRITE_VERIFY_16: {
9088		struct scsi_write_verify_16 *cdb;
9089
9090		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
9091		flags |= CTL_LLF_FUA;
9092		if (cdb->byte2 & SWV_DPO)
9093			flags |= CTL_LLF_DPO;
9094		lba = scsi_8btou64(cdb->addr);
9095		num_blocks = scsi_4btoul(cdb->length);
9096		break;
9097	}
9098	default:
9099		/*
9100		 * We got a command we don't support.  This shouldn't
9101		 * happen, commands should be filtered out above us.
9102		 */
9103		ctl_set_invalid_opcode(ctsio);
9104		ctl_done((union ctl_io *)ctsio);
9105
9106		return (CTL_RETVAL_COMPLETE);
9107		break; /* NOTREACHED */
9108	}
9109
9110	/*
9111	 * The first check is to make sure we're in bounds, the second
9112	 * check is to catch wrap-around problems.  If the lba + num blocks
9113	 * is less than the lba, then we've wrapped around and the block
9114	 * range is invalid anyway.
9115	 */
9116	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9117	 || ((lba + num_blocks) < lba)) {
9118		ctl_set_lba_out_of_range(ctsio);
9119		ctl_done((union ctl_io *)ctsio);
9120		return (CTL_RETVAL_COMPLETE);
9121	}
9122
9123	/*
9124	 * According to SBC-3, a transfer length of 0 is not an error.
9125	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9126	 * translates to 256 blocks for those commands.
9127	 */
9128	if (num_blocks == 0) {
9129		ctl_set_success(ctsio);
9130		ctl_done((union ctl_io *)ctsio);
9131		return (CTL_RETVAL_COMPLETE);
9132	}
9133
9134	/* Set FUA and/or DPO if caches are disabled. */
9135	if (isread) {
9136		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9137		    SCP_RCD) != 0)
9138			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9139	} else {
9140		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9141		    SCP_WCE) == 0)
9142			flags |= CTL_LLF_FUA;
9143	}
9144
9145	lbalen = (struct ctl_lba_len_flags *)
9146	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9147	lbalen->lba = lba;
9148	lbalen->len = num_blocks;
9149	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9150
9151	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9152	ctsio->kern_rel_offset = 0;
9153
9154	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9155
9156	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9157
9158	return (retval);
9159}
9160
9161static int
9162ctl_cnw_cont(union ctl_io *io)
9163{
9164	struct ctl_scsiio *ctsio;
9165	struct ctl_lun *lun;
9166	struct ctl_lba_len_flags *lbalen;
9167	int retval;
9168
9169	ctsio = &io->scsiio;
9170	ctsio->io_hdr.status = CTL_STATUS_NONE;
9171	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9172	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9173	lbalen = (struct ctl_lba_len_flags *)
9174	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9175	lbalen->flags &= ~CTL_LLF_COMPARE;
9176	lbalen->flags |= CTL_LLF_WRITE;
9177
9178	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9179	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9180	return (retval);
9181}
9182
9183int
9184ctl_cnw(struct ctl_scsiio *ctsio)
9185{
9186	struct ctl_lun *lun;
9187	struct ctl_lba_len_flags *lbalen;
9188	uint64_t lba;
9189	uint32_t num_blocks;
9190	int flags, retval;
9191
9192	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9193
9194	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9195
9196	flags = 0;
9197	retval = CTL_RETVAL_COMPLETE;
9198
9199	switch (ctsio->cdb[0]) {
9200	case COMPARE_AND_WRITE: {
9201		struct scsi_compare_and_write *cdb;
9202
9203		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9204		if (cdb->byte2 & SRW10_FUA)
9205			flags |= CTL_LLF_FUA;
9206		if (cdb->byte2 & SRW10_DPO)
9207			flags |= CTL_LLF_DPO;
9208		lba = scsi_8btou64(cdb->addr);
9209		num_blocks = cdb->length;
9210		break;
9211	}
9212	default:
9213		/*
9214		 * We got a command we don't support.  This shouldn't
9215		 * happen, commands should be filtered out above us.
9216		 */
9217		ctl_set_invalid_opcode(ctsio);
9218		ctl_done((union ctl_io *)ctsio);
9219
9220		return (CTL_RETVAL_COMPLETE);
9221		break; /* NOTREACHED */
9222	}
9223
9224	/*
9225	 * The first check is to make sure we're in bounds, the second
9226	 * check is to catch wrap-around problems.  If the lba + num blocks
9227	 * is less than the lba, then we've wrapped around and the block
9228	 * range is invalid anyway.
9229	 */
9230	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9231	 || ((lba + num_blocks) < lba)) {
9232		ctl_set_lba_out_of_range(ctsio);
9233		ctl_done((union ctl_io *)ctsio);
9234		return (CTL_RETVAL_COMPLETE);
9235	}
9236
9237	/*
9238	 * According to SBC-3, a transfer length of 0 is not an error.
9239	 */
9240	if (num_blocks == 0) {
9241		ctl_set_success(ctsio);
9242		ctl_done((union ctl_io *)ctsio);
9243		return (CTL_RETVAL_COMPLETE);
9244	}
9245
9246	/* Set FUA if write cache is disabled. */
9247	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9248	    SCP_WCE) == 0)
9249		flags |= CTL_LLF_FUA;
9250
9251	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9252	ctsio->kern_rel_offset = 0;
9253
9254	/*
9255	 * Set the IO_CONT flag, so that if this I/O gets passed to
9256	 * ctl_data_submit_done(), it'll get passed back to
9257	 * ctl_ctl_cnw_cont() for further processing.
9258	 */
9259	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9260	ctsio->io_cont = ctl_cnw_cont;
9261
9262	lbalen = (struct ctl_lba_len_flags *)
9263	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9264	lbalen->lba = lba;
9265	lbalen->len = num_blocks;
9266	lbalen->flags = CTL_LLF_COMPARE | flags;
9267
9268	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9269	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9270	return (retval);
9271}
9272
9273int
9274ctl_verify(struct ctl_scsiio *ctsio)
9275{
9276	struct ctl_lun *lun;
9277	struct ctl_lba_len_flags *lbalen;
9278	uint64_t lba;
9279	uint32_t num_blocks;
9280	int bytchk, flags;
9281	int retval;
9282
9283	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9284
9285	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9286
9287	bytchk = 0;
9288	flags = CTL_LLF_FUA;
9289	retval = CTL_RETVAL_COMPLETE;
9290
9291	switch (ctsio->cdb[0]) {
9292	case VERIFY_10: {
9293		struct scsi_verify_10 *cdb;
9294
9295		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9296		if (cdb->byte2 & SVFY_BYTCHK)
9297			bytchk = 1;
9298		if (cdb->byte2 & SVFY_DPO)
9299			flags |= CTL_LLF_DPO;
9300		lba = scsi_4btoul(cdb->addr);
9301		num_blocks = scsi_2btoul(cdb->length);
9302		break;
9303	}
9304	case VERIFY_12: {
9305		struct scsi_verify_12 *cdb;
9306
9307		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9308		if (cdb->byte2 & SVFY_BYTCHK)
9309			bytchk = 1;
9310		if (cdb->byte2 & SVFY_DPO)
9311			flags |= CTL_LLF_DPO;
9312		lba = scsi_4btoul(cdb->addr);
9313		num_blocks = scsi_4btoul(cdb->length);
9314		break;
9315	}
9316	case VERIFY_16: {
9317		struct scsi_rw_16 *cdb;
9318
9319		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9320		if (cdb->byte2 & SVFY_BYTCHK)
9321			bytchk = 1;
9322		if (cdb->byte2 & SVFY_DPO)
9323			flags |= CTL_LLF_DPO;
9324		lba = scsi_8btou64(cdb->addr);
9325		num_blocks = scsi_4btoul(cdb->length);
9326		break;
9327	}
9328	default:
9329		/*
9330		 * We got a command we don't support.  This shouldn't
9331		 * happen, commands should be filtered out above us.
9332		 */
9333		ctl_set_invalid_opcode(ctsio);
9334		ctl_done((union ctl_io *)ctsio);
9335		return (CTL_RETVAL_COMPLETE);
9336	}
9337
9338	/*
9339	 * The first check is to make sure we're in bounds, the second
9340	 * check is to catch wrap-around problems.  If the lba + num blocks
9341	 * is less than the lba, then we've wrapped around and the block
9342	 * range is invalid anyway.
9343	 */
9344	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9345	 || ((lba + num_blocks) < lba)) {
9346		ctl_set_lba_out_of_range(ctsio);
9347		ctl_done((union ctl_io *)ctsio);
9348		return (CTL_RETVAL_COMPLETE);
9349	}
9350
9351	/*
9352	 * According to SBC-3, a transfer length of 0 is not an error.
9353	 */
9354	if (num_blocks == 0) {
9355		ctl_set_success(ctsio);
9356		ctl_done((union ctl_io *)ctsio);
9357		return (CTL_RETVAL_COMPLETE);
9358	}
9359
9360	lbalen = (struct ctl_lba_len_flags *)
9361	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9362	lbalen->lba = lba;
9363	lbalen->len = num_blocks;
9364	if (bytchk) {
9365		lbalen->flags = CTL_LLF_COMPARE | flags;
9366		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9367	} else {
9368		lbalen->flags = CTL_LLF_VERIFY | flags;
9369		ctsio->kern_total_len = 0;
9370	}
9371	ctsio->kern_rel_offset = 0;
9372
9373	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9374	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9375	return (retval);
9376}
9377
9378int
9379ctl_report_luns(struct ctl_scsiio *ctsio)
9380{
9381	struct ctl_softc *softc;
9382	struct scsi_report_luns *cdb;
9383	struct scsi_report_luns_data *lun_data;
9384	struct ctl_lun *lun, *request_lun;
9385	struct ctl_port *port;
9386	int num_luns, retval;
9387	uint32_t alloc_len, lun_datalen;
9388	int num_filled;
9389	uint32_t initidx, targ_lun_id, lun_id;
9390
9391	retval = CTL_RETVAL_COMPLETE;
9392	cdb = (struct scsi_report_luns *)ctsio->cdb;
9393	port = ctl_io_port(&ctsio->io_hdr);
9394	softc = port->ctl_softc;
9395
9396	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9397
9398	mtx_lock(&softc->ctl_lock);
9399	num_luns = 0;
9400	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9401		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9402			num_luns++;
9403	}
9404	mtx_unlock(&softc->ctl_lock);
9405
9406	switch (cdb->select_report) {
9407	case RPL_REPORT_DEFAULT:
9408	case RPL_REPORT_ALL:
9409	case RPL_REPORT_NONSUBSID:
9410		break;
9411	case RPL_REPORT_WELLKNOWN:
9412	case RPL_REPORT_ADMIN:
9413	case RPL_REPORT_CONGLOM:
9414		num_luns = 0;
9415		break;
9416	default:
9417		ctl_set_invalid_field(ctsio,
9418				      /*sks_valid*/ 1,
9419				      /*command*/ 1,
9420				      /*field*/ 2,
9421				      /*bit_valid*/ 0,
9422				      /*bit*/ 0);
9423		ctl_done((union ctl_io *)ctsio);
9424		return (retval);
9425		break; /* NOTREACHED */
9426	}
9427
9428	alloc_len = scsi_4btoul(cdb->length);
9429	/*
9430	 * The initiator has to allocate at least 16 bytes for this request,
9431	 * so he can at least get the header and the first LUN.  Otherwise
9432	 * we reject the request (per SPC-3 rev 14, section 6.21).
9433	 */
9434	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9435	    sizeof(struct scsi_report_luns_lundata))) {
9436		ctl_set_invalid_field(ctsio,
9437				      /*sks_valid*/ 1,
9438				      /*command*/ 1,
9439				      /*field*/ 6,
9440				      /*bit_valid*/ 0,
9441				      /*bit*/ 0);
9442		ctl_done((union ctl_io *)ctsio);
9443		return (retval);
9444	}
9445
9446	request_lun = (struct ctl_lun *)
9447		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9448
9449	lun_datalen = sizeof(*lun_data) +
9450		(num_luns * sizeof(struct scsi_report_luns_lundata));
9451
9452	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9453	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9454	ctsio->kern_sg_entries = 0;
9455
9456	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9457
9458	mtx_lock(&softc->ctl_lock);
9459	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9460		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9461		if (lun_id >= CTL_MAX_LUNS)
9462			continue;
9463		lun = softc->ctl_luns[lun_id];
9464		if (lun == NULL)
9465			continue;
9466
9467		if (targ_lun_id <= 0xff) {
9468			/*
9469			 * Peripheral addressing method, bus number 0.
9470			 */
9471			lun_data->luns[num_filled].lundata[0] =
9472				RPL_LUNDATA_ATYP_PERIPH;
9473			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9474			num_filled++;
9475		} else if (targ_lun_id <= 0x3fff) {
9476			/*
9477			 * Flat addressing method.
9478			 */
9479			lun_data->luns[num_filled].lundata[0] =
9480				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9481			lun_data->luns[num_filled].lundata[1] =
9482				(targ_lun_id & 0xff);
9483			num_filled++;
9484		} else if (targ_lun_id <= 0xffffff) {
9485			/*
9486			 * Extended flat addressing method.
9487			 */
9488			lun_data->luns[num_filled].lundata[0] =
9489			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9490			scsi_ulto3b(targ_lun_id,
9491			    &lun_data->luns[num_filled].lundata[1]);
9492			num_filled++;
9493		} else {
9494			printf("ctl_report_luns: bogus LUN number %jd, "
9495			       "skipping\n", (intmax_t)targ_lun_id);
9496		}
9497		/*
9498		 * According to SPC-3, rev 14 section 6.21:
9499		 *
9500		 * "The execution of a REPORT LUNS command to any valid and
9501		 * installed logical unit shall clear the REPORTED LUNS DATA
9502		 * HAS CHANGED unit attention condition for all logical
9503		 * units of that target with respect to the requesting
9504		 * initiator. A valid and installed logical unit is one
9505		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9506		 * INQUIRY data (see 6.4.2)."
9507		 *
9508		 * If request_lun is NULL, the LUN this report luns command
9509		 * was issued to is either disabled or doesn't exist. In that
9510		 * case, we shouldn't clear any pending lun change unit
9511		 * attention.
9512		 */
9513		if (request_lun != NULL) {
9514			mtx_lock(&lun->lun_lock);
9515			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9516			mtx_unlock(&lun->lun_lock);
9517		}
9518	}
9519	mtx_unlock(&softc->ctl_lock);
9520
9521	/*
9522	 * It's quite possible that we've returned fewer LUNs than we allocated
9523	 * space for.  Trim it.
9524	 */
9525	lun_datalen = sizeof(*lun_data) +
9526		(num_filled * sizeof(struct scsi_report_luns_lundata));
9527
9528	if (lun_datalen < alloc_len) {
9529		ctsio->residual = alloc_len - lun_datalen;
9530		ctsio->kern_data_len = lun_datalen;
9531		ctsio->kern_total_len = lun_datalen;
9532	} else {
9533		ctsio->residual = 0;
9534		ctsio->kern_data_len = alloc_len;
9535		ctsio->kern_total_len = alloc_len;
9536	}
9537	ctsio->kern_data_resid = 0;
9538	ctsio->kern_rel_offset = 0;
9539	ctsio->kern_sg_entries = 0;
9540
9541	/*
9542	 * We set this to the actual data length, regardless of how much
9543	 * space we actually have to return results.  If the user looks at
9544	 * this value, he'll know whether or not he allocated enough space
9545	 * and reissue the command if necessary.  We don't support well
9546	 * known logical units, so if the user asks for that, return none.
9547	 */
9548	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9549
9550	/*
9551	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9552	 * this request.
9553	 */
9554	ctl_set_success(ctsio);
9555	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9556	ctsio->be_move_done = ctl_config_move_done;
9557	ctl_datamove((union ctl_io *)ctsio);
9558	return (retval);
9559}
9560
9561int
9562ctl_request_sense(struct ctl_scsiio *ctsio)
9563{
9564	struct scsi_request_sense *cdb;
9565	struct scsi_sense_data *sense_ptr;
9566	struct ctl_softc *ctl_softc;
9567	struct ctl_lun *lun;
9568	uint32_t initidx;
9569	int have_error;
9570	scsi_sense_data_type sense_format;
9571	ctl_ua_type ua_type;
9572
9573	cdb = (struct scsi_request_sense *)ctsio->cdb;
9574
9575	ctl_softc = control_softc;
9576	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9577
9578	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9579
9580	/*
9581	 * Determine which sense format the user wants.
9582	 */
9583	if (cdb->byte2 & SRS_DESC)
9584		sense_format = SSD_TYPE_DESC;
9585	else
9586		sense_format = SSD_TYPE_FIXED;
9587
9588	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9589	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9590	ctsio->kern_sg_entries = 0;
9591
9592	/*
9593	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9594	 * larger than the largest allowed value for the length field in the
9595	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9596	 */
9597	ctsio->residual = 0;
9598	ctsio->kern_data_len = cdb->length;
9599	ctsio->kern_total_len = cdb->length;
9600
9601	ctsio->kern_data_resid = 0;
9602	ctsio->kern_rel_offset = 0;
9603	ctsio->kern_sg_entries = 0;
9604
9605	/*
9606	 * If we don't have a LUN, we don't have any pending sense.
9607	 */
9608	if (lun == NULL)
9609		goto no_sense;
9610
9611	have_error = 0;
9612	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9613	/*
9614	 * Check for pending sense, and then for pending unit attentions.
9615	 * Pending sense gets returned first, then pending unit attentions.
9616	 */
9617	mtx_lock(&lun->lun_lock);
9618#ifdef CTL_WITH_CA
9619	if (ctl_is_set(lun->have_ca, initidx)) {
9620		scsi_sense_data_type stored_format;
9621
9622		/*
9623		 * Check to see which sense format was used for the stored
9624		 * sense data.
9625		 */
9626		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9627
9628		/*
9629		 * If the user requested a different sense format than the
9630		 * one we stored, then we need to convert it to the other
9631		 * format.  If we're going from descriptor to fixed format
9632		 * sense data, we may lose things in translation, depending
9633		 * on what options were used.
9634		 *
9635		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9636		 * for some reason we'll just copy it out as-is.
9637		 */
9638		if ((stored_format == SSD_TYPE_FIXED)
9639		 && (sense_format == SSD_TYPE_DESC))
9640			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9641			    &lun->pending_sense[initidx],
9642			    (struct scsi_sense_data_desc *)sense_ptr);
9643		else if ((stored_format == SSD_TYPE_DESC)
9644		      && (sense_format == SSD_TYPE_FIXED))
9645			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9646			    &lun->pending_sense[initidx],
9647			    (struct scsi_sense_data_fixed *)sense_ptr);
9648		else
9649			memcpy(sense_ptr, &lun->pending_sense[initidx],
9650			       MIN(sizeof(*sense_ptr),
9651			       sizeof(lun->pending_sense[initidx])));
9652
9653		ctl_clear_mask(lun->have_ca, initidx);
9654		have_error = 1;
9655	} else
9656#endif
9657	{
9658		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9659		if (ua_type != CTL_UA_NONE)
9660			have_error = 1;
9661		if (ua_type == CTL_UA_LUN_CHANGE) {
9662			mtx_unlock(&lun->lun_lock);
9663			mtx_lock(&ctl_softc->ctl_lock);
9664			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9665			mtx_unlock(&ctl_softc->ctl_lock);
9666			mtx_lock(&lun->lun_lock);
9667		}
9668
9669	}
9670	mtx_unlock(&lun->lun_lock);
9671
9672	/*
9673	 * We already have a pending error, return it.
9674	 */
9675	if (have_error != 0) {
9676		/*
9677		 * We report the SCSI status as OK, since the status of the
9678		 * request sense command itself is OK.
9679		 * We report 0 for the sense length, because we aren't doing
9680		 * autosense in this case.  We're reporting sense as
9681		 * parameter data.
9682		 */
9683		ctl_set_success(ctsio);
9684		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9685		ctsio->be_move_done = ctl_config_move_done;
9686		ctl_datamove((union ctl_io *)ctsio);
9687		return (CTL_RETVAL_COMPLETE);
9688	}
9689
9690no_sense:
9691
9692	/*
9693	 * No sense information to report, so we report that everything is
9694	 * okay.
9695	 */
9696	ctl_set_sense_data(sense_ptr,
9697			   lun,
9698			   sense_format,
9699			   /*current_error*/ 1,
9700			   /*sense_key*/ SSD_KEY_NO_SENSE,
9701			   /*asc*/ 0x00,
9702			   /*ascq*/ 0x00,
9703			   SSD_ELEM_NONE);
9704
9705	/*
9706	 * We report 0 for the sense length, because we aren't doing
9707	 * autosense in this case.  We're reporting sense as parameter data.
9708	 */
9709	ctl_set_success(ctsio);
9710	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9711	ctsio->be_move_done = ctl_config_move_done;
9712	ctl_datamove((union ctl_io *)ctsio);
9713	return (CTL_RETVAL_COMPLETE);
9714}
9715
9716int
9717ctl_tur(struct ctl_scsiio *ctsio)
9718{
9719
9720	CTL_DEBUG_PRINT(("ctl_tur\n"));
9721
9722	ctl_set_success(ctsio);
9723	ctl_done((union ctl_io *)ctsio);
9724
9725	return (CTL_RETVAL_COMPLETE);
9726}
9727
9728/*
9729 * SCSI VPD page 0x00, the Supported VPD Pages page.
9730 */
9731static int
9732ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9733{
9734	struct scsi_vpd_supported_pages *pages;
9735	int sup_page_size;
9736	struct ctl_lun *lun;
9737	int p;
9738
9739	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9740
9741	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9742	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9743	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9744	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9745	ctsio->kern_sg_entries = 0;
9746
9747	if (sup_page_size < alloc_len) {
9748		ctsio->residual = alloc_len - sup_page_size;
9749		ctsio->kern_data_len = sup_page_size;
9750		ctsio->kern_total_len = sup_page_size;
9751	} else {
9752		ctsio->residual = 0;
9753		ctsio->kern_data_len = alloc_len;
9754		ctsio->kern_total_len = alloc_len;
9755	}
9756	ctsio->kern_data_resid = 0;
9757	ctsio->kern_rel_offset = 0;
9758	ctsio->kern_sg_entries = 0;
9759
9760	/*
9761	 * The control device is always connected.  The disk device, on the
9762	 * other hand, may not be online all the time.  Need to change this
9763	 * to figure out whether the disk device is actually online or not.
9764	 */
9765	if (lun != NULL)
9766		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9767				lun->be_lun->lun_type;
9768	else
9769		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9770
9771	p = 0;
9772	/* Supported VPD pages */
9773	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9774	/* Serial Number */
9775	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9776	/* Device Identification */
9777	pages->page_list[p++] = SVPD_DEVICE_ID;
9778	/* Extended INQUIRY Data */
9779	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9780	/* Mode Page Policy */
9781	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9782	/* SCSI Ports */
9783	pages->page_list[p++] = SVPD_SCSI_PORTS;
9784	/* Third-party Copy */
9785	pages->page_list[p++] = SVPD_SCSI_TPC;
9786	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9787		/* Block limits */
9788		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9789		/* Block Device Characteristics */
9790		pages->page_list[p++] = SVPD_BDC;
9791		/* Logical Block Provisioning */
9792		pages->page_list[p++] = SVPD_LBP;
9793	}
9794	pages->length = p;
9795
9796	ctl_set_success(ctsio);
9797	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9798	ctsio->be_move_done = ctl_config_move_done;
9799	ctl_datamove((union ctl_io *)ctsio);
9800	return (CTL_RETVAL_COMPLETE);
9801}
9802
9803/*
9804 * SCSI VPD page 0x80, the Unit Serial Number page.
9805 */
9806static int
9807ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9808{
9809	struct scsi_vpd_unit_serial_number *sn_ptr;
9810	struct ctl_lun *lun;
9811	int data_len;
9812
9813	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9814
9815	data_len = 4 + CTL_SN_LEN;
9816	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9817	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9818	if (data_len < alloc_len) {
9819		ctsio->residual = alloc_len - data_len;
9820		ctsio->kern_data_len = data_len;
9821		ctsio->kern_total_len = data_len;
9822	} else {
9823		ctsio->residual = 0;
9824		ctsio->kern_data_len = alloc_len;
9825		ctsio->kern_total_len = alloc_len;
9826	}
9827	ctsio->kern_data_resid = 0;
9828	ctsio->kern_rel_offset = 0;
9829	ctsio->kern_sg_entries = 0;
9830
9831	/*
9832	 * The control device is always connected.  The disk device, on the
9833	 * other hand, may not be online all the time.  Need to change this
9834	 * to figure out whether the disk device is actually online or not.
9835	 */
9836	if (lun != NULL)
9837		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9838				  lun->be_lun->lun_type;
9839	else
9840		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9841
9842	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9843	sn_ptr->length = CTL_SN_LEN;
9844	/*
9845	 * If we don't have a LUN, we just leave the serial number as
9846	 * all spaces.
9847	 */
9848	if (lun != NULL) {
9849		strncpy((char *)sn_ptr->serial_num,
9850			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9851	} else
9852		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9853
9854	ctl_set_success(ctsio);
9855	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9856	ctsio->be_move_done = ctl_config_move_done;
9857	ctl_datamove((union ctl_io *)ctsio);
9858	return (CTL_RETVAL_COMPLETE);
9859}
9860
9861
9862/*
9863 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9864 */
9865static int
9866ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9867{
9868	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9869	struct ctl_lun *lun;
9870	int data_len;
9871
9872	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9873
9874	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9875	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9876	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9877	ctsio->kern_sg_entries = 0;
9878
9879	if (data_len < alloc_len) {
9880		ctsio->residual = alloc_len - data_len;
9881		ctsio->kern_data_len = data_len;
9882		ctsio->kern_total_len = data_len;
9883	} else {
9884		ctsio->residual = 0;
9885		ctsio->kern_data_len = alloc_len;
9886		ctsio->kern_total_len = alloc_len;
9887	}
9888	ctsio->kern_data_resid = 0;
9889	ctsio->kern_rel_offset = 0;
9890	ctsio->kern_sg_entries = 0;
9891
9892	/*
9893	 * The control device is always connected.  The disk device, on the
9894	 * other hand, may not be online all the time.
9895	 */
9896	if (lun != NULL)
9897		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9898				     lun->be_lun->lun_type;
9899	else
9900		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9901	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9902	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9903	/*
9904	 * We support head of queue, ordered and simple tags.
9905	 */
9906	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9907	/*
9908	 * Volatile cache supported.
9909	 */
9910	eid_ptr->flags3 = SVPD_EID_V_SUP;
9911
9912	/*
9913	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9914	 * attention for a particular IT nexus on all LUNs once we report
9915	 * it to that nexus once.  This bit is required as of SPC-4.
9916	 */
9917	eid_ptr->flags4 = SVPD_EID_LUICLT;
9918
9919	/*
9920	 * XXX KDM in order to correctly answer this, we would need
9921	 * information from the SIM to determine how much sense data it
9922	 * can send.  So this would really be a path inquiry field, most
9923	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9924	 * but the hardware may or may not be able to support that much.
9925	 * 0 just means that the maximum sense data length is not reported.
9926	 */
9927	eid_ptr->max_sense_length = 0;
9928
9929	ctl_set_success(ctsio);
9930	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9931	ctsio->be_move_done = ctl_config_move_done;
9932	ctl_datamove((union ctl_io *)ctsio);
9933	return (CTL_RETVAL_COMPLETE);
9934}
9935
9936static int
9937ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9938{
9939	struct scsi_vpd_mode_page_policy *mpp_ptr;
9940	struct ctl_lun *lun;
9941	int data_len;
9942
9943	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9944
9945	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9946	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9947
9948	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9949	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9950	ctsio->kern_sg_entries = 0;
9951
9952	if (data_len < alloc_len) {
9953		ctsio->residual = alloc_len - data_len;
9954		ctsio->kern_data_len = data_len;
9955		ctsio->kern_total_len = data_len;
9956	} else {
9957		ctsio->residual = 0;
9958		ctsio->kern_data_len = alloc_len;
9959		ctsio->kern_total_len = alloc_len;
9960	}
9961	ctsio->kern_data_resid = 0;
9962	ctsio->kern_rel_offset = 0;
9963	ctsio->kern_sg_entries = 0;
9964
9965	/*
9966	 * The control device is always connected.  The disk device, on the
9967	 * other hand, may not be online all the time.
9968	 */
9969	if (lun != NULL)
9970		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9971				     lun->be_lun->lun_type;
9972	else
9973		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9974	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9975	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9976	mpp_ptr->descr[0].page_code = 0x3f;
9977	mpp_ptr->descr[0].subpage_code = 0xff;
9978	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9979
9980	ctl_set_success(ctsio);
9981	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9982	ctsio->be_move_done = ctl_config_move_done;
9983	ctl_datamove((union ctl_io *)ctsio);
9984	return (CTL_RETVAL_COMPLETE);
9985}
9986
9987/*
9988 * SCSI VPD page 0x83, the Device Identification page.
9989 */
9990static int
9991ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9992{
9993	struct scsi_vpd_device_id *devid_ptr;
9994	struct scsi_vpd_id_descriptor *desc;
9995	struct ctl_softc *softc;
9996	struct ctl_lun *lun;
9997	struct ctl_port *port;
9998	int data_len;
9999	uint8_t proto;
10000
10001	softc = control_softc;
10002
10003	port = ctl_io_port(&ctsio->io_hdr);
10004	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10005
10006	data_len = sizeof(struct scsi_vpd_device_id) +
10007	    sizeof(struct scsi_vpd_id_descriptor) +
10008		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
10009	    sizeof(struct scsi_vpd_id_descriptor) +
10010		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
10011	if (lun && lun->lun_devid)
10012		data_len += lun->lun_devid->len;
10013	if (port && port->port_devid)
10014		data_len += port->port_devid->len;
10015	if (port && port->target_devid)
10016		data_len += port->target_devid->len;
10017
10018	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10019	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
10020	ctsio->kern_sg_entries = 0;
10021
10022	if (data_len < alloc_len) {
10023		ctsio->residual = alloc_len - data_len;
10024		ctsio->kern_data_len = data_len;
10025		ctsio->kern_total_len = data_len;
10026	} else {
10027		ctsio->residual = 0;
10028		ctsio->kern_data_len = alloc_len;
10029		ctsio->kern_total_len = alloc_len;
10030	}
10031	ctsio->kern_data_resid = 0;
10032	ctsio->kern_rel_offset = 0;
10033	ctsio->kern_sg_entries = 0;
10034
10035	/*
10036	 * The control device is always connected.  The disk device, on the
10037	 * other hand, may not be online all the time.
10038	 */
10039	if (lun != NULL)
10040		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10041				     lun->be_lun->lun_type;
10042	else
10043		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10044	devid_ptr->page_code = SVPD_DEVICE_ID;
10045	scsi_ulto2b(data_len - 4, devid_ptr->length);
10046
10047	if (port && port->port_type == CTL_PORT_FC)
10048		proto = SCSI_PROTO_FC << 4;
10049	else if (port && port->port_type == CTL_PORT_ISCSI)
10050		proto = SCSI_PROTO_ISCSI << 4;
10051	else
10052		proto = SCSI_PROTO_SPI << 4;
10053	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
10054
10055	/*
10056	 * We're using a LUN association here.  i.e., this device ID is a
10057	 * per-LUN identifier.
10058	 */
10059	if (lun && lun->lun_devid) {
10060		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
10061		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
10062		    lun->lun_devid->len);
10063	}
10064
10065	/*
10066	 * This is for the WWPN which is a port association.
10067	 */
10068	if (port && port->port_devid) {
10069		memcpy(desc, port->port_devid->data, port->port_devid->len);
10070		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
10071		    port->port_devid->len);
10072	}
10073
10074	/*
10075	 * This is for the Relative Target Port(type 4h) identifier
10076	 */
10077	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
10078	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
10079	    SVPD_ID_TYPE_RELTARG;
10080	desc->length = 4;
10081	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
10082	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10083	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
10084
10085	/*
10086	 * This is for the Target Port Group(type 5h) identifier
10087	 */
10088	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
10089	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
10090	    SVPD_ID_TYPE_TPORTGRP;
10091	desc->length = 4;
10092	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
10093	    &desc->identifier[2]);
10094	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10095	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
10096
10097	/*
10098	 * This is for the Target identifier
10099	 */
10100	if (port && port->target_devid) {
10101		memcpy(desc, port->target_devid->data, port->target_devid->len);
10102	}
10103
10104	ctl_set_success(ctsio);
10105	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10106	ctsio->be_move_done = ctl_config_move_done;
10107	ctl_datamove((union ctl_io *)ctsio);
10108	return (CTL_RETVAL_COMPLETE);
10109}
10110
10111static int
10112ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
10113{
10114	struct ctl_softc *softc = control_softc;
10115	struct scsi_vpd_scsi_ports *sp;
10116	struct scsi_vpd_port_designation *pd;
10117	struct scsi_vpd_port_designation_cont *pdc;
10118	struct ctl_lun *lun;
10119	struct ctl_port *port;
10120	int data_len, num_target_ports, iid_len, id_len;
10121
10122	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10123
10124	num_target_ports = 0;
10125	iid_len = 0;
10126	id_len = 0;
10127	mtx_lock(&softc->ctl_lock);
10128	STAILQ_FOREACH(port, &softc->port_list, links) {
10129		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10130			continue;
10131		if (lun != NULL &&
10132		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
10133			continue;
10134		num_target_ports++;
10135		if (port->init_devid)
10136			iid_len += port->init_devid->len;
10137		if (port->port_devid)
10138			id_len += port->port_devid->len;
10139	}
10140	mtx_unlock(&softc->ctl_lock);
10141
10142	data_len = sizeof(struct scsi_vpd_scsi_ports) +
10143	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10144	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10145	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10146	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10147	ctsio->kern_sg_entries = 0;
10148
10149	if (data_len < alloc_len) {
10150		ctsio->residual = alloc_len - data_len;
10151		ctsio->kern_data_len = data_len;
10152		ctsio->kern_total_len = data_len;
10153	} else {
10154		ctsio->residual = 0;
10155		ctsio->kern_data_len = alloc_len;
10156		ctsio->kern_total_len = alloc_len;
10157	}
10158	ctsio->kern_data_resid = 0;
10159	ctsio->kern_rel_offset = 0;
10160	ctsio->kern_sg_entries = 0;
10161
10162	/*
10163	 * The control device is always connected.  The disk device, on the
10164	 * other hand, may not be online all the time.  Need to change this
10165	 * to figure out whether the disk device is actually online or not.
10166	 */
10167	if (lun != NULL)
10168		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10169				  lun->be_lun->lun_type;
10170	else
10171		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10172
10173	sp->page_code = SVPD_SCSI_PORTS;
10174	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10175	    sp->page_length);
10176	pd = &sp->design[0];
10177
10178	mtx_lock(&softc->ctl_lock);
10179	STAILQ_FOREACH(port, &softc->port_list, links) {
10180		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10181			continue;
10182		if (lun != NULL &&
10183		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
10184			continue;
10185		scsi_ulto2b(port->targ_port, pd->relative_port_id);
10186		if (port->init_devid) {
10187			iid_len = port->init_devid->len;
10188			memcpy(pd->initiator_transportid,
10189			    port->init_devid->data, port->init_devid->len);
10190		} else
10191			iid_len = 0;
10192		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10193		pdc = (struct scsi_vpd_port_designation_cont *)
10194		    (&pd->initiator_transportid[iid_len]);
10195		if (port->port_devid) {
10196			id_len = port->port_devid->len;
10197			memcpy(pdc->target_port_descriptors,
10198			    port->port_devid->data, port->port_devid->len);
10199		} else
10200			id_len = 0;
10201		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10202		pd = (struct scsi_vpd_port_designation *)
10203		    ((uint8_t *)pdc->target_port_descriptors + id_len);
10204	}
10205	mtx_unlock(&softc->ctl_lock);
10206
10207	ctl_set_success(ctsio);
10208	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10209	ctsio->be_move_done = ctl_config_move_done;
10210	ctl_datamove((union ctl_io *)ctsio);
10211	return (CTL_RETVAL_COMPLETE);
10212}
10213
10214static int
10215ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10216{
10217	struct scsi_vpd_block_limits *bl_ptr;
10218	struct ctl_lun *lun;
10219	int bs;
10220
10221	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10222
10223	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10224	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10225	ctsio->kern_sg_entries = 0;
10226
10227	if (sizeof(*bl_ptr) < alloc_len) {
10228		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10229		ctsio->kern_data_len = sizeof(*bl_ptr);
10230		ctsio->kern_total_len = sizeof(*bl_ptr);
10231	} else {
10232		ctsio->residual = 0;
10233		ctsio->kern_data_len = alloc_len;
10234		ctsio->kern_total_len = alloc_len;
10235	}
10236	ctsio->kern_data_resid = 0;
10237	ctsio->kern_rel_offset = 0;
10238	ctsio->kern_sg_entries = 0;
10239
10240	/*
10241	 * The control device is always connected.  The disk device, on the
10242	 * other hand, may not be online all the time.  Need to change this
10243	 * to figure out whether the disk device is actually online or not.
10244	 */
10245	if (lun != NULL)
10246		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10247				  lun->be_lun->lun_type;
10248	else
10249		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10250
10251	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10252	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10253	bl_ptr->max_cmp_write_len = 0xff;
10254	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10255	if (lun != NULL) {
10256		bs = lun->be_lun->blocksize;
10257		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
10258		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10259			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10260			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10261			if (lun->be_lun->ublockexp != 0) {
10262				scsi_ulto4b((1 << lun->be_lun->ublockexp),
10263				    bl_ptr->opt_unmap_grain);
10264				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
10265				    bl_ptr->unmap_grain_align);
10266			}
10267		}
10268		scsi_ulto4b(lun->be_lun->atomicblock,
10269		    bl_ptr->max_atomic_transfer_length);
10270		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10271		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10272		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
10273		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
10274	}
10275	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10276
10277	ctl_set_success(ctsio);
10278	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10279	ctsio->be_move_done = ctl_config_move_done;
10280	ctl_datamove((union ctl_io *)ctsio);
10281	return (CTL_RETVAL_COMPLETE);
10282}
10283
10284static int
10285ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10286{
10287	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10288	struct ctl_lun *lun;
10289	const char *value;
10290	u_int i;
10291
10292	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10293
10294	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10295	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10296	ctsio->kern_sg_entries = 0;
10297
10298	if (sizeof(*bdc_ptr) < alloc_len) {
10299		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10300		ctsio->kern_data_len = sizeof(*bdc_ptr);
10301		ctsio->kern_total_len = sizeof(*bdc_ptr);
10302	} else {
10303		ctsio->residual = 0;
10304		ctsio->kern_data_len = alloc_len;
10305		ctsio->kern_total_len = alloc_len;
10306	}
10307	ctsio->kern_data_resid = 0;
10308	ctsio->kern_rel_offset = 0;
10309	ctsio->kern_sg_entries = 0;
10310
10311	/*
10312	 * The control device is always connected.  The disk device, on the
10313	 * other hand, may not be online all the time.  Need to change this
10314	 * to figure out whether the disk device is actually online or not.
10315	 */
10316	if (lun != NULL)
10317		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10318				  lun->be_lun->lun_type;
10319	else
10320		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10321	bdc_ptr->page_code = SVPD_BDC;
10322	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10323	if (lun != NULL &&
10324	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10325		i = strtol(value, NULL, 0);
10326	else
10327		i = CTL_DEFAULT_ROTATION_RATE;
10328	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10329	if (lun != NULL &&
10330	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10331		i = strtol(value, NULL, 0);
10332	else
10333		i = 0;
10334	bdc_ptr->wab_wac_ff = (i & 0x0f);
10335	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10336
10337	ctl_set_success(ctsio);
10338	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10339	ctsio->be_move_done = ctl_config_move_done;
10340	ctl_datamove((union ctl_io *)ctsio);
10341	return (CTL_RETVAL_COMPLETE);
10342}
10343
10344static int
10345ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10346{
10347	struct scsi_vpd_logical_block_prov *lbp_ptr;
10348	struct ctl_lun *lun;
10349
10350	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10351
10352	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10353	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10354	ctsio->kern_sg_entries = 0;
10355
10356	if (sizeof(*lbp_ptr) < alloc_len) {
10357		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10358		ctsio->kern_data_len = sizeof(*lbp_ptr);
10359		ctsio->kern_total_len = sizeof(*lbp_ptr);
10360	} else {
10361		ctsio->residual = 0;
10362		ctsio->kern_data_len = alloc_len;
10363		ctsio->kern_total_len = alloc_len;
10364	}
10365	ctsio->kern_data_resid = 0;
10366	ctsio->kern_rel_offset = 0;
10367	ctsio->kern_sg_entries = 0;
10368
10369	/*
10370	 * The control device is always connected.  The disk device, on the
10371	 * other hand, may not be online all the time.  Need to change this
10372	 * to figure out whether the disk device is actually online or not.
10373	 */
10374	if (lun != NULL)
10375		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10376				  lun->be_lun->lun_type;
10377	else
10378		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10379
10380	lbp_ptr->page_code = SVPD_LBP;
10381	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10382	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10383	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10384		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10385		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10386		lbp_ptr->prov_type = SVPD_LBP_THIN;
10387	}
10388
10389	ctl_set_success(ctsio);
10390	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10391	ctsio->be_move_done = ctl_config_move_done;
10392	ctl_datamove((union ctl_io *)ctsio);
10393	return (CTL_RETVAL_COMPLETE);
10394}
10395
10396/*
10397 * INQUIRY with the EVPD bit set.
10398 */
10399static int
10400ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10401{
10402	struct ctl_lun *lun;
10403	struct scsi_inquiry *cdb;
10404	int alloc_len, retval;
10405
10406	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10407	cdb = (struct scsi_inquiry *)ctsio->cdb;
10408	alloc_len = scsi_2btoul(cdb->length);
10409
10410	switch (cdb->page_code) {
10411	case SVPD_SUPPORTED_PAGES:
10412		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10413		break;
10414	case SVPD_UNIT_SERIAL_NUMBER:
10415		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10416		break;
10417	case SVPD_DEVICE_ID:
10418		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10419		break;
10420	case SVPD_EXTENDED_INQUIRY_DATA:
10421		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10422		break;
10423	case SVPD_MODE_PAGE_POLICY:
10424		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10425		break;
10426	case SVPD_SCSI_PORTS:
10427		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10428		break;
10429	case SVPD_SCSI_TPC:
10430		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10431		break;
10432	case SVPD_BLOCK_LIMITS:
10433		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10434			goto err;
10435		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10436		break;
10437	case SVPD_BDC:
10438		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10439			goto err;
10440		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10441		break;
10442	case SVPD_LBP:
10443		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10444			goto err;
10445		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10446		break;
10447	default:
10448err:
10449		ctl_set_invalid_field(ctsio,
10450				      /*sks_valid*/ 1,
10451				      /*command*/ 1,
10452				      /*field*/ 2,
10453				      /*bit_valid*/ 0,
10454				      /*bit*/ 0);
10455		ctl_done((union ctl_io *)ctsio);
10456		retval = CTL_RETVAL_COMPLETE;
10457		break;
10458	}
10459
10460	return (retval);
10461}
10462
10463/*
10464 * Standard INQUIRY data.
10465 */
10466static int
10467ctl_inquiry_std(struct ctl_scsiio *ctsio)
10468{
10469	struct scsi_inquiry_data *inq_ptr;
10470	struct scsi_inquiry *cdb;
10471	struct ctl_softc *softc = control_softc;
10472	struct ctl_port *port;
10473	struct ctl_lun *lun;
10474	char *val;
10475	uint32_t alloc_len, data_len;
10476	ctl_port_type port_type;
10477
10478	port = ctl_io_port(&ctsio->io_hdr);
10479	port_type = port->port_type;
10480	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10481		port_type = CTL_PORT_SCSI;
10482
10483	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10484	cdb = (struct scsi_inquiry *)ctsio->cdb;
10485	alloc_len = scsi_2btoul(cdb->length);
10486
10487	/*
10488	 * We malloc the full inquiry data size here and fill it
10489	 * in.  If the user only asks for less, we'll give him
10490	 * that much.
10491	 */
10492	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10493	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10494	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10495	ctsio->kern_sg_entries = 0;
10496	ctsio->kern_data_resid = 0;
10497	ctsio->kern_rel_offset = 0;
10498
10499	if (data_len < alloc_len) {
10500		ctsio->residual = alloc_len - data_len;
10501		ctsio->kern_data_len = data_len;
10502		ctsio->kern_total_len = data_len;
10503	} else {
10504		ctsio->residual = 0;
10505		ctsio->kern_data_len = alloc_len;
10506		ctsio->kern_total_len = alloc_len;
10507	}
10508
10509	if (lun != NULL) {
10510		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10511		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10512			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10513			    lun->be_lun->lun_type;
10514		} else {
10515			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10516			    lun->be_lun->lun_type;
10517		}
10518	} else
10519		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10520
10521	/* RMB in byte 2 is 0 */
10522	inq_ptr->version = SCSI_REV_SPC4;
10523
10524	/*
10525	 * According to SAM-3, even if a device only supports a single
10526	 * level of LUN addressing, it should still set the HISUP bit:
10527	 *
10528	 * 4.9.1 Logical unit numbers overview
10529	 *
10530	 * All logical unit number formats described in this standard are
10531	 * hierarchical in structure even when only a single level in that
10532	 * hierarchy is used. The HISUP bit shall be set to one in the
10533	 * standard INQUIRY data (see SPC-2) when any logical unit number
10534	 * format described in this standard is used.  Non-hierarchical
10535	 * formats are outside the scope of this standard.
10536	 *
10537	 * Therefore we set the HiSup bit here.
10538	 *
10539	 * The reponse format is 2, per SPC-3.
10540	 */
10541	inq_ptr->response_format = SID_HiSup | 2;
10542
10543	inq_ptr->additional_length = data_len -
10544	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10545	CTL_DEBUG_PRINT(("additional_length = %d\n",
10546			 inq_ptr->additional_length));
10547
10548	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10549	/* 16 bit addressing */
10550	if (port_type == CTL_PORT_SCSI)
10551		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10552	/* XXX set the SID_MultiP bit here if we're actually going to
10553	   respond on multiple ports */
10554	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10555
10556	/* 16 bit data bus, synchronous transfers */
10557	if (port_type == CTL_PORT_SCSI)
10558		inq_ptr->flags = SID_WBus16 | SID_Sync;
10559	/*
10560	 * XXX KDM do we want to support tagged queueing on the control
10561	 * device at all?
10562	 */
10563	if ((lun == NULL)
10564	 || (lun->be_lun->lun_type != T_PROCESSOR))
10565		inq_ptr->flags |= SID_CmdQue;
10566	/*
10567	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10568	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10569	 * name and 4 bytes for the revision.
10570	 */
10571	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10572	    "vendor")) == NULL) {
10573		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10574	} else {
10575		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10576		strncpy(inq_ptr->vendor, val,
10577		    min(sizeof(inq_ptr->vendor), strlen(val)));
10578	}
10579	if (lun == NULL) {
10580		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10581		    sizeof(inq_ptr->product));
10582	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10583		switch (lun->be_lun->lun_type) {
10584		case T_DIRECT:
10585			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10586			    sizeof(inq_ptr->product));
10587			break;
10588		case T_PROCESSOR:
10589			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10590			    sizeof(inq_ptr->product));
10591			break;
10592		default:
10593			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10594			    sizeof(inq_ptr->product));
10595			break;
10596		}
10597	} else {
10598		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10599		strncpy(inq_ptr->product, val,
10600		    min(sizeof(inq_ptr->product), strlen(val)));
10601	}
10602
10603	/*
10604	 * XXX make this a macro somewhere so it automatically gets
10605	 * incremented when we make changes.
10606	 */
10607	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10608	    "revision")) == NULL) {
10609		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10610	} else {
10611		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10612		strncpy(inq_ptr->revision, val,
10613		    min(sizeof(inq_ptr->revision), strlen(val)));
10614	}
10615
10616	/*
10617	 * For parallel SCSI, we support double transition and single
10618	 * transition clocking.  We also support QAS (Quick Arbitration
10619	 * and Selection) and Information Unit transfers on both the
10620	 * control and array devices.
10621	 */
10622	if (port_type == CTL_PORT_SCSI)
10623		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10624				    SID_SPI_IUS;
10625
10626	/* SAM-5 (no version claimed) */
10627	scsi_ulto2b(0x00A0, inq_ptr->version1);
10628	/* SPC-4 (no version claimed) */
10629	scsi_ulto2b(0x0460, inq_ptr->version2);
10630	if (port_type == CTL_PORT_FC) {
10631		/* FCP-2 ANSI INCITS.350:2003 */
10632		scsi_ulto2b(0x0917, inq_ptr->version3);
10633	} else if (port_type == CTL_PORT_SCSI) {
10634		/* SPI-4 ANSI INCITS.362:200x */
10635		scsi_ulto2b(0x0B56, inq_ptr->version3);
10636	} else if (port_type == CTL_PORT_ISCSI) {
10637		/* iSCSI (no version claimed) */
10638		scsi_ulto2b(0x0960, inq_ptr->version3);
10639	} else if (port_type == CTL_PORT_SAS) {
10640		/* SAS (no version claimed) */
10641		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10642	}
10643
10644	if (lun == NULL) {
10645		/* SBC-4 (no version claimed) */
10646		scsi_ulto2b(0x0600, inq_ptr->version4);
10647	} else {
10648		switch (lun->be_lun->lun_type) {
10649		case T_DIRECT:
10650			/* SBC-4 (no version claimed) */
10651			scsi_ulto2b(0x0600, inq_ptr->version4);
10652			break;
10653		case T_PROCESSOR:
10654		default:
10655			break;
10656		}
10657	}
10658
10659	ctl_set_success(ctsio);
10660	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10661	ctsio->be_move_done = ctl_config_move_done;
10662	ctl_datamove((union ctl_io *)ctsio);
10663	return (CTL_RETVAL_COMPLETE);
10664}
10665
10666int
10667ctl_inquiry(struct ctl_scsiio *ctsio)
10668{
10669	struct scsi_inquiry *cdb;
10670	int retval;
10671
10672	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10673
10674	cdb = (struct scsi_inquiry *)ctsio->cdb;
10675	if (cdb->byte2 & SI_EVPD)
10676		retval = ctl_inquiry_evpd(ctsio);
10677	else if (cdb->page_code == 0)
10678		retval = ctl_inquiry_std(ctsio);
10679	else {
10680		ctl_set_invalid_field(ctsio,
10681				      /*sks_valid*/ 1,
10682				      /*command*/ 1,
10683				      /*field*/ 2,
10684				      /*bit_valid*/ 0,
10685				      /*bit*/ 0);
10686		ctl_done((union ctl_io *)ctsio);
10687		return (CTL_RETVAL_COMPLETE);
10688	}
10689
10690	return (retval);
10691}
10692
10693/*
10694 * For known CDB types, parse the LBA and length.
10695 */
10696static int
10697ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10698{
10699	if (io->io_hdr.io_type != CTL_IO_SCSI)
10700		return (1);
10701
10702	switch (io->scsiio.cdb[0]) {
10703	case COMPARE_AND_WRITE: {
10704		struct scsi_compare_and_write *cdb;
10705
10706		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10707
10708		*lba = scsi_8btou64(cdb->addr);
10709		*len = cdb->length;
10710		break;
10711	}
10712	case READ_6:
10713	case WRITE_6: {
10714		struct scsi_rw_6 *cdb;
10715
10716		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10717
10718		*lba = scsi_3btoul(cdb->addr);
10719		/* only 5 bits are valid in the most significant address byte */
10720		*lba &= 0x1fffff;
10721		*len = cdb->length;
10722		break;
10723	}
10724	case READ_10:
10725	case WRITE_10: {
10726		struct scsi_rw_10 *cdb;
10727
10728		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10729
10730		*lba = scsi_4btoul(cdb->addr);
10731		*len = scsi_2btoul(cdb->length);
10732		break;
10733	}
10734	case WRITE_VERIFY_10: {
10735		struct scsi_write_verify_10 *cdb;
10736
10737		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10738
10739		*lba = scsi_4btoul(cdb->addr);
10740		*len = scsi_2btoul(cdb->length);
10741		break;
10742	}
10743	case READ_12:
10744	case WRITE_12: {
10745		struct scsi_rw_12 *cdb;
10746
10747		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10748
10749		*lba = scsi_4btoul(cdb->addr);
10750		*len = scsi_4btoul(cdb->length);
10751		break;
10752	}
10753	case WRITE_VERIFY_12: {
10754		struct scsi_write_verify_12 *cdb;
10755
10756		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10757
10758		*lba = scsi_4btoul(cdb->addr);
10759		*len = scsi_4btoul(cdb->length);
10760		break;
10761	}
10762	case READ_16:
10763	case WRITE_16: {
10764		struct scsi_rw_16 *cdb;
10765
10766		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10767
10768		*lba = scsi_8btou64(cdb->addr);
10769		*len = scsi_4btoul(cdb->length);
10770		break;
10771	}
10772	case WRITE_ATOMIC_16: {
10773		struct scsi_write_atomic_16 *cdb;
10774
10775		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10776
10777		*lba = scsi_8btou64(cdb->addr);
10778		*len = scsi_2btoul(cdb->length);
10779		break;
10780	}
10781	case WRITE_VERIFY_16: {
10782		struct scsi_write_verify_16 *cdb;
10783
10784		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10785
10786		*lba = scsi_8btou64(cdb->addr);
10787		*len = scsi_4btoul(cdb->length);
10788		break;
10789	}
10790	case WRITE_SAME_10: {
10791		struct scsi_write_same_10 *cdb;
10792
10793		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10794
10795		*lba = scsi_4btoul(cdb->addr);
10796		*len = scsi_2btoul(cdb->length);
10797		break;
10798	}
10799	case WRITE_SAME_16: {
10800		struct scsi_write_same_16 *cdb;
10801
10802		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10803
10804		*lba = scsi_8btou64(cdb->addr);
10805		*len = scsi_4btoul(cdb->length);
10806		break;
10807	}
10808	case VERIFY_10: {
10809		struct scsi_verify_10 *cdb;
10810
10811		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10812
10813		*lba = scsi_4btoul(cdb->addr);
10814		*len = scsi_2btoul(cdb->length);
10815		break;
10816	}
10817	case VERIFY_12: {
10818		struct scsi_verify_12 *cdb;
10819
10820		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10821
10822		*lba = scsi_4btoul(cdb->addr);
10823		*len = scsi_4btoul(cdb->length);
10824		break;
10825	}
10826	case VERIFY_16: {
10827		struct scsi_verify_16 *cdb;
10828
10829		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10830
10831		*lba = scsi_8btou64(cdb->addr);
10832		*len = scsi_4btoul(cdb->length);
10833		break;
10834	}
10835	case UNMAP: {
10836		*lba = 0;
10837		*len = UINT64_MAX;
10838		break;
10839	}
10840	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10841		struct scsi_get_lba_status *cdb;
10842
10843		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10844		*lba = scsi_8btou64(cdb->addr);
10845		*len = UINT32_MAX;
10846		break;
10847	}
10848	default:
10849		return (1);
10850		break; /* NOTREACHED */
10851	}
10852
10853	return (0);
10854}
10855
10856static ctl_action
10857ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10858    bool seq)
10859{
10860	uint64_t endlba1, endlba2;
10861
10862	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10863	endlba2 = lba2 + len2 - 1;
10864
10865	if ((endlba1 < lba2) || (endlba2 < lba1))
10866		return (CTL_ACTION_PASS);
10867	else
10868		return (CTL_ACTION_BLOCK);
10869}
10870
10871static int
10872ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10873{
10874	struct ctl_ptr_len_flags *ptrlen;
10875	struct scsi_unmap_desc *buf, *end, *range;
10876	uint64_t lba;
10877	uint32_t len;
10878
10879	/* If not UNMAP -- go other way. */
10880	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10881	    io->scsiio.cdb[0] != UNMAP)
10882		return (CTL_ACTION_ERROR);
10883
10884	/* If UNMAP without data -- block and wait for data. */
10885	ptrlen = (struct ctl_ptr_len_flags *)
10886	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10887	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10888	    ptrlen->ptr == NULL)
10889		return (CTL_ACTION_BLOCK);
10890
10891	/* UNMAP with data -- check for collision. */
10892	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10893	end = buf + ptrlen->len / sizeof(*buf);
10894	for (range = buf; range < end; range++) {
10895		lba = scsi_8btou64(range->lba);
10896		len = scsi_4btoul(range->length);
10897		if ((lba < lba2 + len2) && (lba + len > lba2))
10898			return (CTL_ACTION_BLOCK);
10899	}
10900	return (CTL_ACTION_PASS);
10901}
10902
10903static ctl_action
10904ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10905{
10906	uint64_t lba1, lba2;
10907	uint64_t len1, len2;
10908	int retval;
10909
10910	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10911		return (CTL_ACTION_ERROR);
10912
10913	retval = ctl_extent_check_unmap(io1, lba2, len2);
10914	if (retval != CTL_ACTION_ERROR)
10915		return (retval);
10916
10917	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10918		return (CTL_ACTION_ERROR);
10919
10920	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10921		seq = FALSE;
10922	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10923}
10924
10925static ctl_action
10926ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10927{
10928	uint64_t lba1, lba2;
10929	uint64_t len1, len2;
10930
10931	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10932		return (CTL_ACTION_PASS);
10933	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10934		return (CTL_ACTION_ERROR);
10935	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10936		return (CTL_ACTION_ERROR);
10937
10938	if (lba1 + len1 == lba2)
10939		return (CTL_ACTION_BLOCK);
10940	return (CTL_ACTION_PASS);
10941}
10942
10943static ctl_action
10944ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10945    union ctl_io *ooa_io)
10946{
10947	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10948	ctl_serialize_action *serialize_row;
10949
10950	/*
10951	 * The initiator attempted multiple untagged commands at the same
10952	 * time.  Can't do that.
10953	 */
10954	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10955	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10956	 && ((pending_io->io_hdr.nexus.targ_port ==
10957	      ooa_io->io_hdr.nexus.targ_port)
10958	  && (pending_io->io_hdr.nexus.initid ==
10959	      ooa_io->io_hdr.nexus.initid))
10960	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10961	      CTL_FLAG_STATUS_SENT)) == 0))
10962		return (CTL_ACTION_OVERLAP);
10963
10964	/*
10965	 * The initiator attempted to send multiple tagged commands with
10966	 * the same ID.  (It's fine if different initiators have the same
10967	 * tag ID.)
10968	 *
10969	 * Even if all of those conditions are true, we don't kill the I/O
10970	 * if the command ahead of us has been aborted.  We won't end up
10971	 * sending it to the FETD, and it's perfectly legal to resend a
10972	 * command with the same tag number as long as the previous
10973	 * instance of this tag number has been aborted somehow.
10974	 */
10975	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10976	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10977	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10978	 && ((pending_io->io_hdr.nexus.targ_port ==
10979	      ooa_io->io_hdr.nexus.targ_port)
10980	  && (pending_io->io_hdr.nexus.initid ==
10981	      ooa_io->io_hdr.nexus.initid))
10982	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10983	      CTL_FLAG_STATUS_SENT)) == 0))
10984		return (CTL_ACTION_OVERLAP_TAG);
10985
10986	/*
10987	 * If we get a head of queue tag, SAM-3 says that we should
10988	 * immediately execute it.
10989	 *
10990	 * What happens if this command would normally block for some other
10991	 * reason?  e.g. a request sense with a head of queue tag
10992	 * immediately after a write.  Normally that would block, but this
10993	 * will result in its getting executed immediately...
10994	 *
10995	 * We currently return "pass" instead of "skip", so we'll end up
10996	 * going through the rest of the queue to check for overlapped tags.
10997	 *
10998	 * XXX KDM check for other types of blockage first??
10999	 */
11000	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11001		return (CTL_ACTION_PASS);
11002
11003	/*
11004	 * Ordered tags have to block until all items ahead of them
11005	 * have completed.  If we get called with an ordered tag, we always
11006	 * block, if something else is ahead of us in the queue.
11007	 */
11008	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
11009		return (CTL_ACTION_BLOCK);
11010
11011	/*
11012	 * Simple tags get blocked until all head of queue and ordered tags
11013	 * ahead of them have completed.  I'm lumping untagged commands in
11014	 * with simple tags here.  XXX KDM is that the right thing to do?
11015	 */
11016	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11017	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
11018	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11019	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
11020		return (CTL_ACTION_BLOCK);
11021
11022	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
11023	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
11024
11025	serialize_row = ctl_serialize_table[ooa_entry->seridx];
11026
11027	switch (serialize_row[pending_entry->seridx]) {
11028	case CTL_SER_BLOCK:
11029		return (CTL_ACTION_BLOCK);
11030	case CTL_SER_EXTENT:
11031		return (ctl_extent_check(ooa_io, pending_io,
11032		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
11033	case CTL_SER_EXTENTOPT:
11034		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11035		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11036			return (ctl_extent_check(ooa_io, pending_io,
11037			    (lun->be_lun &&
11038			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
11039		return (CTL_ACTION_PASS);
11040	case CTL_SER_EXTENTSEQ:
11041		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
11042			return (ctl_extent_check_seq(ooa_io, pending_io));
11043		return (CTL_ACTION_PASS);
11044	case CTL_SER_PASS:
11045		return (CTL_ACTION_PASS);
11046	case CTL_SER_BLOCKOPT:
11047		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11048		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11049			return (CTL_ACTION_BLOCK);
11050		return (CTL_ACTION_PASS);
11051	case CTL_SER_SKIP:
11052		return (CTL_ACTION_SKIP);
11053	default:
11054		panic("invalid serialization value %d",
11055		      serialize_row[pending_entry->seridx]);
11056	}
11057
11058	return (CTL_ACTION_ERROR);
11059}
11060
11061/*
11062 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
11063 * Assumptions:
11064 * - pending_io is generally either incoming, or on the blocked queue
11065 * - starting I/O is the I/O we want to start the check with.
11066 */
11067static ctl_action
11068ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
11069	      union ctl_io *starting_io)
11070{
11071	union ctl_io *ooa_io;
11072	ctl_action action;
11073
11074	mtx_assert(&lun->lun_lock, MA_OWNED);
11075
11076	/*
11077	 * Run back along the OOA queue, starting with the current
11078	 * blocked I/O and going through every I/O before it on the
11079	 * queue.  If starting_io is NULL, we'll just end up returning
11080	 * CTL_ACTION_PASS.
11081	 */
11082	for (ooa_io = starting_io; ooa_io != NULL;
11083	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11084	     ooa_links)){
11085
11086		/*
11087		 * This routine just checks to see whether
11088		 * cur_blocked is blocked by ooa_io, which is ahead
11089		 * of it in the queue.  It doesn't queue/dequeue
11090		 * cur_blocked.
11091		 */
11092		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11093		switch (action) {
11094		case CTL_ACTION_BLOCK:
11095		case CTL_ACTION_OVERLAP:
11096		case CTL_ACTION_OVERLAP_TAG:
11097		case CTL_ACTION_SKIP:
11098		case CTL_ACTION_ERROR:
11099			return (action);
11100			break; /* NOTREACHED */
11101		case CTL_ACTION_PASS:
11102			break;
11103		default:
11104			panic("invalid action %d", action);
11105			break;  /* NOTREACHED */
11106		}
11107	}
11108
11109	return (CTL_ACTION_PASS);
11110}
11111
11112/*
11113 * Assumptions:
11114 * - An I/O has just completed, and has been removed from the per-LUN OOA
11115 *   queue, so some items on the blocked queue may now be unblocked.
11116 */
11117static int
11118ctl_check_blocked(struct ctl_lun *lun)
11119{
11120	struct ctl_softc *softc = lun->ctl_softc;
11121	union ctl_io *cur_blocked, *next_blocked;
11122
11123	mtx_assert(&lun->lun_lock, MA_OWNED);
11124
11125	/*
11126	 * Run forward from the head of the blocked queue, checking each
11127	 * entry against the I/Os prior to it on the OOA queue to see if
11128	 * there is still any blockage.
11129	 *
11130	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11131	 * with our removing a variable on it while it is traversing the
11132	 * list.
11133	 */
11134	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11135	     cur_blocked != NULL; cur_blocked = next_blocked) {
11136		union ctl_io *prev_ooa;
11137		ctl_action action;
11138
11139		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11140							  blocked_links);
11141
11142		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11143						      ctl_ooaq, ooa_links);
11144
11145		/*
11146		 * If cur_blocked happens to be the first item in the OOA
11147		 * queue now, prev_ooa will be NULL, and the action
11148		 * returned will just be CTL_ACTION_PASS.
11149		 */
11150		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11151
11152		switch (action) {
11153		case CTL_ACTION_BLOCK:
11154			/* Nothing to do here, still blocked */
11155			break;
11156		case CTL_ACTION_OVERLAP:
11157		case CTL_ACTION_OVERLAP_TAG:
11158			/*
11159			 * This shouldn't happen!  In theory we've already
11160			 * checked this command for overlap...
11161			 */
11162			break;
11163		case CTL_ACTION_PASS:
11164		case CTL_ACTION_SKIP: {
11165			const struct ctl_cmd_entry *entry;
11166
11167			/*
11168			 * The skip case shouldn't happen, this transaction
11169			 * should have never made it onto the blocked queue.
11170			 */
11171			/*
11172			 * This I/O is no longer blocked, we can remove it
11173			 * from the blocked queue.  Since this is a TAILQ
11174			 * (doubly linked list), we can do O(1) removals
11175			 * from any place on the list.
11176			 */
11177			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11178				     blocked_links);
11179			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11180
11181			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11182			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11183				/*
11184				 * Need to send IO back to original side to
11185				 * run
11186				 */
11187				union ctl_ha_msg msg_info;
11188
11189				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11190				msg_info.hdr.original_sc =
11191					cur_blocked->io_hdr.original_sc;
11192				msg_info.hdr.serializing_sc = cur_blocked;
11193				msg_info.hdr.msg_type = CTL_MSG_R2R;
11194				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11195				    sizeof(msg_info.hdr), M_NOWAIT);
11196				break;
11197			}
11198			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11199
11200			/*
11201			 * Check this I/O for LUN state changes that may
11202			 * have happened while this command was blocked.
11203			 * The LUN state may have been changed by a command
11204			 * ahead of us in the queue, so we need to re-check
11205			 * for any states that can be caused by SCSI
11206			 * commands.
11207			 */
11208			if (ctl_scsiio_lun_check(lun, entry,
11209						 &cur_blocked->scsiio) == 0) {
11210				cur_blocked->io_hdr.flags |=
11211				                      CTL_FLAG_IS_WAS_ON_RTR;
11212				ctl_enqueue_rtr(cur_blocked);
11213			} else
11214				ctl_done(cur_blocked);
11215			break;
11216		}
11217		default:
11218			/*
11219			 * This probably shouldn't happen -- we shouldn't
11220			 * get CTL_ACTION_ERROR, or anything else.
11221			 */
11222			break;
11223		}
11224	}
11225
11226	return (CTL_RETVAL_COMPLETE);
11227}
11228
11229/*
11230 * This routine (with one exception) checks LUN flags that can be set by
11231 * commands ahead of us in the OOA queue.  These flags have to be checked
11232 * when a command initially comes in, and when we pull a command off the
11233 * blocked queue and are preparing to execute it.  The reason we have to
11234 * check these flags for commands on the blocked queue is that the LUN
11235 * state may have been changed by a command ahead of us while we're on the
11236 * blocked queue.
11237 *
11238 * Ordering is somewhat important with these checks, so please pay
11239 * careful attention to the placement of any new checks.
11240 */
11241static int
11242ctl_scsiio_lun_check(struct ctl_lun *lun,
11243    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11244{
11245	struct ctl_softc *softc = lun->ctl_softc;
11246	int retval;
11247	uint32_t residx;
11248
11249	retval = 0;
11250
11251	mtx_assert(&lun->lun_lock, MA_OWNED);
11252
11253	/*
11254	 * If this shelf is a secondary shelf controller, we may have to
11255	 * reject some commands disallowed by HA mode and link state.
11256	 */
11257	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11258		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11259		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11260			ctl_set_lun_unavail(ctsio);
11261			retval = 1;
11262			goto bailout;
11263		}
11264		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11265		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11266			ctl_set_lun_transit(ctsio);
11267			retval = 1;
11268			goto bailout;
11269		}
11270		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11271		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11272			ctl_set_lun_standby(ctsio);
11273			retval = 1;
11274			goto bailout;
11275		}
11276
11277		/* The rest of checks are only done on executing side */
11278		if (softc->ha_mode == CTL_HA_MODE_XFER)
11279			goto bailout;
11280	}
11281
11282	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11283		if (lun->be_lun &&
11284		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11285			ctl_set_hw_write_protected(ctsio);
11286			retval = 1;
11287			goto bailout;
11288		}
11289		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11290		    .eca_and_aen & SCP_SWP) != 0) {
11291			ctl_set_sense(ctsio, /*current_error*/ 1,
11292			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11293			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11294			retval = 1;
11295			goto bailout;
11296		}
11297	}
11298
11299	/*
11300	 * Check for a reservation conflict.  If this command isn't allowed
11301	 * even on reserved LUNs, and if this initiator isn't the one who
11302	 * reserved us, reject the command with a reservation conflict.
11303	 */
11304	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11305	if ((lun->flags & CTL_LUN_RESERVED)
11306	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11307		if (lun->res_idx != residx) {
11308			ctl_set_reservation_conflict(ctsio);
11309			retval = 1;
11310			goto bailout;
11311		}
11312	}
11313
11314	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11315	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11316		/* No reservation or command is allowed. */;
11317	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11318	    (lun->res_type == SPR_TYPE_WR_EX ||
11319	     lun->res_type == SPR_TYPE_WR_EX_RO ||
11320	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
11321		/* The command is allowed for Write Exclusive resv. */;
11322	} else {
11323		/*
11324		 * if we aren't registered or it's a res holder type
11325		 * reservation and this isn't the res holder then set a
11326		 * conflict.
11327		 */
11328		if (ctl_get_prkey(lun, residx) == 0
11329		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11330			ctl_set_reservation_conflict(ctsio);
11331			retval = 1;
11332			goto bailout;
11333		}
11334	}
11335
11336	if ((lun->flags & CTL_LUN_OFFLINE)
11337	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
11338		ctl_set_lun_not_ready(ctsio);
11339		retval = 1;
11340		goto bailout;
11341	}
11342
11343	if ((lun->flags & CTL_LUN_STOPPED)
11344	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11345		/* "Logical unit not ready, initializing cmd. required" */
11346		ctl_set_lun_stopped(ctsio);
11347		retval = 1;
11348		goto bailout;
11349	}
11350
11351	if ((lun->flags & CTL_LUN_INOPERABLE)
11352	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11353		/* "Medium format corrupted" */
11354		ctl_set_medium_format_corrupted(ctsio);
11355		retval = 1;
11356		goto bailout;
11357	}
11358
11359bailout:
11360	return (retval);
11361}
11362
11363static void
11364ctl_failover_io(union ctl_io *io, int have_lock)
11365{
11366	ctl_set_busy(&io->scsiio);
11367	ctl_done(io);
11368}
11369
11370static void
11371ctl_failover_lun(struct ctl_lun *lun)
11372{
11373	struct ctl_softc *softc = lun->ctl_softc;
11374	struct ctl_io_hdr *io, *next_io;
11375
11376	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
11377	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11378		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11379			/* We are master */
11380			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11381				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11382					io->flags |= CTL_FLAG_ABORT;
11383					io->flags |= CTL_FLAG_FAILOVER;
11384				} else { /* This can be only due to DATAMOVE */
11385					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11386					io->flags &= ~CTL_FLAG_DMA_INPROG;
11387					io->flags |= CTL_FLAG_IO_ACTIVE;
11388					io->port_status = 31340;
11389					ctl_enqueue_isc((union ctl_io *)io);
11390				}
11391			}
11392			/* We are slave */
11393			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11394				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11395				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11396					io->flags |= CTL_FLAG_FAILOVER;
11397				} else {
11398					ctl_set_busy(&((union ctl_io *)io)->
11399					    scsiio);
11400					ctl_done((union ctl_io *)io);
11401				}
11402			}
11403		}
11404	} else { /* SERIALIZE modes */
11405		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11406		    next_io) {
11407			/* We are master */
11408			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11409				TAILQ_REMOVE(&lun->blocked_queue, io,
11410				    blocked_links);
11411				io->flags &= ~CTL_FLAG_BLOCKED;
11412				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11413				ctl_free_io((union ctl_io *)io);
11414			}
11415		}
11416		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11417			/* We are master */
11418			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11419				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11420				ctl_free_io((union ctl_io *)io);
11421			}
11422			/* We are slave */
11423			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11424				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11425				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11426					ctl_set_busy(&((union ctl_io *)io)->
11427					    scsiio);
11428					ctl_done((union ctl_io *)io);
11429				}
11430			}
11431		}
11432		ctl_check_blocked(lun);
11433	}
11434}
11435
11436static int
11437ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11438{
11439	struct ctl_lun *lun;
11440	const struct ctl_cmd_entry *entry;
11441	uint32_t initidx, targ_lun;
11442	int retval;
11443
11444	retval = 0;
11445
11446	lun = NULL;
11447
11448	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11449	if ((targ_lun < CTL_MAX_LUNS)
11450	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11451		/*
11452		 * If the LUN is invalid, pretend that it doesn't exist.
11453		 * It will go away as soon as all pending I/O has been
11454		 * completed.
11455		 */
11456		mtx_lock(&lun->lun_lock);
11457		if (lun->flags & CTL_LUN_DISABLED) {
11458			mtx_unlock(&lun->lun_lock);
11459			lun = NULL;
11460			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11461			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11462		} else {
11463			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11464			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11465				lun->be_lun;
11466
11467			/*
11468			 * Every I/O goes into the OOA queue for a
11469			 * particular LUN, and stays there until completion.
11470			 */
11471#ifdef CTL_TIME_IO
11472			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11473				lun->idle_time += getsbinuptime() -
11474				    lun->last_busy;
11475			}
11476#endif
11477			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11478			    ooa_links);
11479		}
11480	} else {
11481		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11482		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11483	}
11484
11485	/* Get command entry and return error if it is unsuppotyed. */
11486	entry = ctl_validate_command(ctsio);
11487	if (entry == NULL) {
11488		if (lun)
11489			mtx_unlock(&lun->lun_lock);
11490		return (retval);
11491	}
11492
11493	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11494	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11495
11496	/*
11497	 * Check to see whether we can send this command to LUNs that don't
11498	 * exist.  This should pretty much only be the case for inquiry
11499	 * and request sense.  Further checks, below, really require having
11500	 * a LUN, so we can't really check the command anymore.  Just put
11501	 * it on the rtr queue.
11502	 */
11503	if (lun == NULL) {
11504		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11505			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11506			ctl_enqueue_rtr((union ctl_io *)ctsio);
11507			return (retval);
11508		}
11509
11510		ctl_set_unsupported_lun(ctsio);
11511		ctl_done((union ctl_io *)ctsio);
11512		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11513		return (retval);
11514	} else {
11515		/*
11516		 * Make sure we support this particular command on this LUN.
11517		 * e.g., we don't support writes to the control LUN.
11518		 */
11519		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11520			mtx_unlock(&lun->lun_lock);
11521			ctl_set_invalid_opcode(ctsio);
11522			ctl_done((union ctl_io *)ctsio);
11523			return (retval);
11524		}
11525	}
11526
11527	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11528
11529#ifdef CTL_WITH_CA
11530	/*
11531	 * If we've got a request sense, it'll clear the contingent
11532	 * allegiance condition.  Otherwise, if we have a CA condition for
11533	 * this initiator, clear it, because it sent down a command other
11534	 * than request sense.
11535	 */
11536	if ((ctsio->cdb[0] != REQUEST_SENSE)
11537	 && (ctl_is_set(lun->have_ca, initidx)))
11538		ctl_clear_mask(lun->have_ca, initidx);
11539#endif
11540
11541	/*
11542	 * If the command has this flag set, it handles its own unit
11543	 * attention reporting, we shouldn't do anything.  Otherwise we
11544	 * check for any pending unit attentions, and send them back to the
11545	 * initiator.  We only do this when a command initially comes in,
11546	 * not when we pull it off the blocked queue.
11547	 *
11548	 * According to SAM-3, section 5.3.2, the order that things get
11549	 * presented back to the host is basically unit attentions caused
11550	 * by some sort of reset event, busy status, reservation conflicts
11551	 * or task set full, and finally any other status.
11552	 *
11553	 * One issue here is that some of the unit attentions we report
11554	 * don't fall into the "reset" category (e.g. "reported luns data
11555	 * has changed").  So reporting it here, before the reservation
11556	 * check, may be technically wrong.  I guess the only thing to do
11557	 * would be to check for and report the reset events here, and then
11558	 * check for the other unit attention types after we check for a
11559	 * reservation conflict.
11560	 *
11561	 * XXX KDM need to fix this
11562	 */
11563	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11564		ctl_ua_type ua_type;
11565
11566		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11567		    SSD_TYPE_NONE);
11568		if (ua_type != CTL_UA_NONE) {
11569			mtx_unlock(&lun->lun_lock);
11570			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11571			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11572			ctsio->sense_len = SSD_FULL_SIZE;
11573			ctl_done((union ctl_io *)ctsio);
11574			return (retval);
11575		}
11576	}
11577
11578
11579	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11580		mtx_unlock(&lun->lun_lock);
11581		ctl_done((union ctl_io *)ctsio);
11582		return (retval);
11583	}
11584
11585	/*
11586	 * XXX CHD this is where we want to send IO to other side if
11587	 * this LUN is secondary on this SC. We will need to make a copy
11588	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11589	 * the copy we send as FROM_OTHER.
11590	 * We also need to stuff the address of the original IO so we can
11591	 * find it easily. Something similar will need be done on the other
11592	 * side so when we are done we can find the copy.
11593	 */
11594	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11595	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11596	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11597		union ctl_ha_msg msg_info;
11598		int isc_retval;
11599
11600		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11601		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11602		mtx_unlock(&lun->lun_lock);
11603
11604		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11605		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11606		msg_info.hdr.serializing_sc = NULL;
11607		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11608		msg_info.scsi.tag_num = ctsio->tag_num;
11609		msg_info.scsi.tag_type = ctsio->tag_type;
11610		msg_info.scsi.cdb_len = ctsio->cdb_len;
11611		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11612
11613		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11614		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11615		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11616			ctl_set_busy(ctsio);
11617			ctl_done((union ctl_io *)ctsio);
11618			return (retval);
11619		}
11620		return (retval);
11621	}
11622
11623	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11624			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11625			      ctl_ooaq, ooa_links))) {
11626	case CTL_ACTION_BLOCK:
11627		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11628		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11629				  blocked_links);
11630		mtx_unlock(&lun->lun_lock);
11631		return (retval);
11632	case CTL_ACTION_PASS:
11633	case CTL_ACTION_SKIP:
11634		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11635		mtx_unlock(&lun->lun_lock);
11636		ctl_enqueue_rtr((union ctl_io *)ctsio);
11637		break;
11638	case CTL_ACTION_OVERLAP:
11639		mtx_unlock(&lun->lun_lock);
11640		ctl_set_overlapped_cmd(ctsio);
11641		ctl_done((union ctl_io *)ctsio);
11642		break;
11643	case CTL_ACTION_OVERLAP_TAG:
11644		mtx_unlock(&lun->lun_lock);
11645		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11646		ctl_done((union ctl_io *)ctsio);
11647		break;
11648	case CTL_ACTION_ERROR:
11649	default:
11650		mtx_unlock(&lun->lun_lock);
11651		ctl_set_internal_failure(ctsio,
11652					 /*sks_valid*/ 0,
11653					 /*retry_count*/ 0);
11654		ctl_done((union ctl_io *)ctsio);
11655		break;
11656	}
11657	return (retval);
11658}
11659
11660const struct ctl_cmd_entry *
11661ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11662{
11663	const struct ctl_cmd_entry *entry;
11664	int service_action;
11665
11666	entry = &ctl_cmd_table[ctsio->cdb[0]];
11667	if (sa)
11668		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11669	if (entry->flags & CTL_CMD_FLAG_SA5) {
11670		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11671		entry = &((const struct ctl_cmd_entry *)
11672		    entry->execute)[service_action];
11673	}
11674	return (entry);
11675}
11676
11677const struct ctl_cmd_entry *
11678ctl_validate_command(struct ctl_scsiio *ctsio)
11679{
11680	const struct ctl_cmd_entry *entry;
11681	int i, sa;
11682	uint8_t diff;
11683
11684	entry = ctl_get_cmd_entry(ctsio, &sa);
11685	if (entry->execute == NULL) {
11686		if (sa)
11687			ctl_set_invalid_field(ctsio,
11688					      /*sks_valid*/ 1,
11689					      /*command*/ 1,
11690					      /*field*/ 1,
11691					      /*bit_valid*/ 1,
11692					      /*bit*/ 4);
11693		else
11694			ctl_set_invalid_opcode(ctsio);
11695		ctl_done((union ctl_io *)ctsio);
11696		return (NULL);
11697	}
11698	KASSERT(entry->length > 0,
11699	    ("Not defined length for command 0x%02x/0x%02x",
11700	     ctsio->cdb[0], ctsio->cdb[1]));
11701	for (i = 1; i < entry->length; i++) {
11702		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11703		if (diff == 0)
11704			continue;
11705		ctl_set_invalid_field(ctsio,
11706				      /*sks_valid*/ 1,
11707				      /*command*/ 1,
11708				      /*field*/ i,
11709				      /*bit_valid*/ 1,
11710				      /*bit*/ fls(diff) - 1);
11711		ctl_done((union ctl_io *)ctsio);
11712		return (NULL);
11713	}
11714	return (entry);
11715}
11716
11717static int
11718ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11719{
11720
11721	switch (lun_type) {
11722	case T_PROCESSOR:
11723		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11724			return (0);
11725		break;
11726	case T_DIRECT:
11727		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11728			return (0);
11729		break;
11730	default:
11731		return (0);
11732	}
11733	return (1);
11734}
11735
11736static int
11737ctl_scsiio(struct ctl_scsiio *ctsio)
11738{
11739	int retval;
11740	const struct ctl_cmd_entry *entry;
11741
11742	retval = CTL_RETVAL_COMPLETE;
11743
11744	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11745
11746	entry = ctl_get_cmd_entry(ctsio, NULL);
11747
11748	/*
11749	 * If this I/O has been aborted, just send it straight to
11750	 * ctl_done() without executing it.
11751	 */
11752	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11753		ctl_done((union ctl_io *)ctsio);
11754		goto bailout;
11755	}
11756
11757	/*
11758	 * All the checks should have been handled by ctl_scsiio_precheck().
11759	 * We should be clear now to just execute the I/O.
11760	 */
11761	retval = entry->execute(ctsio);
11762
11763bailout:
11764	return (retval);
11765}
11766
11767/*
11768 * Since we only implement one target right now, a bus reset simply resets
11769 * our single target.
11770 */
11771static int
11772ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11773{
11774	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11775}
11776
11777static int
11778ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11779		 ctl_ua_type ua_type)
11780{
11781	struct ctl_port *port;
11782	struct ctl_lun *lun;
11783	int retval;
11784
11785	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11786		union ctl_ha_msg msg_info;
11787
11788		msg_info.hdr.nexus = io->io_hdr.nexus;
11789		if (ua_type==CTL_UA_TARG_RESET)
11790			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11791		else
11792			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11793		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11794		msg_info.hdr.original_sc = NULL;
11795		msg_info.hdr.serializing_sc = NULL;
11796		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11797		    sizeof(msg_info.task), M_WAITOK);
11798	}
11799	retval = 0;
11800
11801	mtx_lock(&softc->ctl_lock);
11802	port = ctl_io_port(&io->io_hdr);
11803	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11804		if (port != NULL &&
11805		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11806			continue;
11807		retval += ctl_do_lun_reset(lun, io, ua_type);
11808	}
11809	mtx_unlock(&softc->ctl_lock);
11810	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11811	return (retval);
11812}
11813
11814/*
11815 * The LUN should always be set.  The I/O is optional, and is used to
11816 * distinguish between I/Os sent by this initiator, and by other
11817 * initiators.  We set unit attention for initiators other than this one.
11818 * SAM-3 is vague on this point.  It does say that a unit attention should
11819 * be established for other initiators when a LUN is reset (see section
11820 * 5.7.3), but it doesn't specifically say that the unit attention should
11821 * be established for this particular initiator when a LUN is reset.  Here
11822 * is the relevant text, from SAM-3 rev 8:
11823 *
11824 * 5.7.2 When a SCSI initiator port aborts its own tasks
11825 *
11826 * When a SCSI initiator port causes its own task(s) to be aborted, no
11827 * notification that the task(s) have been aborted shall be returned to
11828 * the SCSI initiator port other than the completion response for the
11829 * command or task management function action that caused the task(s) to
11830 * be aborted and notification(s) associated with related effects of the
11831 * action (e.g., a reset unit attention condition).
11832 *
11833 * XXX KDM for now, we're setting unit attention for all initiators.
11834 */
11835static int
11836ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11837{
11838	union ctl_io *xio;
11839#if 0
11840	uint32_t initidx;
11841#endif
11842#ifdef CTL_WITH_CA
11843	int i;
11844#endif
11845
11846	mtx_lock(&lun->lun_lock);
11847	/*
11848	 * Run through the OOA queue and abort each I/O.
11849	 */
11850	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11851	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11852		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11853	}
11854
11855	/*
11856	 * This version sets unit attention for every
11857	 */
11858#if 0
11859	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11860	ctl_est_ua_all(lun, initidx, ua_type);
11861#else
11862	ctl_est_ua_all(lun, -1, ua_type);
11863#endif
11864
11865	/*
11866	 * A reset (any kind, really) clears reservations established with
11867	 * RESERVE/RELEASE.  It does not clear reservations established
11868	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11869	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11870	 * reservations made with the RESERVE/RELEASE commands, because
11871	 * those commands are obsolete in SPC-3.
11872	 */
11873	lun->flags &= ~CTL_LUN_RESERVED;
11874
11875#ifdef CTL_WITH_CA
11876	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11877		ctl_clear_mask(lun->have_ca, i);
11878#endif
11879	mtx_unlock(&lun->lun_lock);
11880
11881	return (0);
11882}
11883
11884static int
11885ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11886{
11887	struct ctl_lun *lun;
11888	uint32_t targ_lun;
11889	int retval;
11890
11891	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11892	mtx_lock(&softc->ctl_lock);
11893	if ((targ_lun >= CTL_MAX_LUNS) ||
11894	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11895		mtx_unlock(&softc->ctl_lock);
11896		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11897		return (1);
11898	}
11899	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11900	mtx_unlock(&softc->ctl_lock);
11901	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11902
11903	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11904		union ctl_ha_msg msg_info;
11905
11906		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11907		msg_info.hdr.nexus = io->io_hdr.nexus;
11908		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11909		msg_info.hdr.original_sc = NULL;
11910		msg_info.hdr.serializing_sc = NULL;
11911		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11912		    sizeof(msg_info.task), M_WAITOK);
11913	}
11914	return (retval);
11915}
11916
11917static void
11918ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11919    int other_sc)
11920{
11921	union ctl_io *xio;
11922
11923	mtx_assert(&lun->lun_lock, MA_OWNED);
11924
11925	/*
11926	 * Run through the OOA queue and attempt to find the given I/O.
11927	 * The target port, initiator ID, tag type and tag number have to
11928	 * match the values that we got from the initiator.  If we have an
11929	 * untagged command to abort, simply abort the first untagged command
11930	 * we come to.  We only allow one untagged command at a time of course.
11931	 */
11932	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11933	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11934
11935		if ((targ_port == UINT32_MAX ||
11936		     targ_port == xio->io_hdr.nexus.targ_port) &&
11937		    (init_id == UINT32_MAX ||
11938		     init_id == xio->io_hdr.nexus.initid)) {
11939			if (targ_port != xio->io_hdr.nexus.targ_port ||
11940			    init_id != xio->io_hdr.nexus.initid)
11941				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11942			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11943			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11944				union ctl_ha_msg msg_info;
11945
11946				msg_info.hdr.nexus = xio->io_hdr.nexus;
11947				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11948				msg_info.task.tag_num = xio->scsiio.tag_num;
11949				msg_info.task.tag_type = xio->scsiio.tag_type;
11950				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11951				msg_info.hdr.original_sc = NULL;
11952				msg_info.hdr.serializing_sc = NULL;
11953				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11954				    sizeof(msg_info.task), M_NOWAIT);
11955			}
11956		}
11957	}
11958}
11959
11960static int
11961ctl_abort_task_set(union ctl_io *io)
11962{
11963	struct ctl_softc *softc = control_softc;
11964	struct ctl_lun *lun;
11965	uint32_t targ_lun;
11966
11967	/*
11968	 * Look up the LUN.
11969	 */
11970	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11971	mtx_lock(&softc->ctl_lock);
11972	if ((targ_lun >= CTL_MAX_LUNS) ||
11973	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11974		mtx_unlock(&softc->ctl_lock);
11975		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11976		return (1);
11977	}
11978
11979	mtx_lock(&lun->lun_lock);
11980	mtx_unlock(&softc->ctl_lock);
11981	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11982		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11983		    io->io_hdr.nexus.initid,
11984		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11985	} else { /* CTL_TASK_CLEAR_TASK_SET */
11986		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11987		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11988	}
11989	mtx_unlock(&lun->lun_lock);
11990	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11991	return (0);
11992}
11993
11994static int
11995ctl_i_t_nexus_reset(union ctl_io *io)
11996{
11997	struct ctl_softc *softc = control_softc;
11998	struct ctl_lun *lun;
11999	uint32_t initidx;
12000
12001	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12002		union ctl_ha_msg msg_info;
12003
12004		msg_info.hdr.nexus = io->io_hdr.nexus;
12005		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
12006		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12007		msg_info.hdr.original_sc = NULL;
12008		msg_info.hdr.serializing_sc = NULL;
12009		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12010		    sizeof(msg_info.task), M_WAITOK);
12011	}
12012
12013	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12014	mtx_lock(&softc->ctl_lock);
12015	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12016		mtx_lock(&lun->lun_lock);
12017		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12018		    io->io_hdr.nexus.initid, 1);
12019#ifdef CTL_WITH_CA
12020		ctl_clear_mask(lun->have_ca, initidx);
12021#endif
12022		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
12023			lun->flags &= ~CTL_LUN_RESERVED;
12024		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
12025		mtx_unlock(&lun->lun_lock);
12026	}
12027	mtx_unlock(&softc->ctl_lock);
12028	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12029	return (0);
12030}
12031
12032static int
12033ctl_abort_task(union ctl_io *io)
12034{
12035	union ctl_io *xio;
12036	struct ctl_lun *lun;
12037	struct ctl_softc *softc;
12038#if 0
12039	struct sbuf sb;
12040	char printbuf[128];
12041#endif
12042	int found;
12043	uint32_t targ_lun;
12044
12045	softc = control_softc;
12046	found = 0;
12047
12048	/*
12049	 * Look up the LUN.
12050	 */
12051	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12052	mtx_lock(&softc->ctl_lock);
12053	if ((targ_lun >= CTL_MAX_LUNS) ||
12054	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12055		mtx_unlock(&softc->ctl_lock);
12056		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12057		return (1);
12058	}
12059
12060#if 0
12061	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12062	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12063#endif
12064
12065	mtx_lock(&lun->lun_lock);
12066	mtx_unlock(&softc->ctl_lock);
12067	/*
12068	 * Run through the OOA queue and attempt to find the given I/O.
12069	 * The target port, initiator ID, tag type and tag number have to
12070	 * match the values that we got from the initiator.  If we have an
12071	 * untagged command to abort, simply abort the first untagged command
12072	 * we come to.  We only allow one untagged command at a time of course.
12073	 */
12074	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12075	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12076#if 0
12077		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12078
12079		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12080			    lun->lun, xio->scsiio.tag_num,
12081			    xio->scsiio.tag_type,
12082			    (xio->io_hdr.blocked_links.tqe_prev
12083			    == NULL) ? "" : " BLOCKED",
12084			    (xio->io_hdr.flags &
12085			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12086			    (xio->io_hdr.flags &
12087			    CTL_FLAG_ABORT) ? " ABORT" : "",
12088			    (xio->io_hdr.flags &
12089			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12090		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12091		sbuf_finish(&sb);
12092		printf("%s\n", sbuf_data(&sb));
12093#endif
12094
12095		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12096		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12097		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12098			continue;
12099
12100		/*
12101		 * If the abort says that the task is untagged, the
12102		 * task in the queue must be untagged.  Otherwise,
12103		 * we just check to see whether the tag numbers
12104		 * match.  This is because the QLogic firmware
12105		 * doesn't pass back the tag type in an abort
12106		 * request.
12107		 */
12108#if 0
12109		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12110		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12111		 || (xio->scsiio.tag_num == io->taskio.tag_num))
12112#endif
12113		/*
12114		 * XXX KDM we've got problems with FC, because it
12115		 * doesn't send down a tag type with aborts.  So we
12116		 * can only really go by the tag number...
12117		 * This may cause problems with parallel SCSI.
12118		 * Need to figure that out!!
12119		 */
12120		if (xio->scsiio.tag_num == io->taskio.tag_num) {
12121			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12122			found = 1;
12123			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
12124			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12125				union ctl_ha_msg msg_info;
12126
12127				msg_info.hdr.nexus = io->io_hdr.nexus;
12128				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12129				msg_info.task.tag_num = io->taskio.tag_num;
12130				msg_info.task.tag_type = io->taskio.tag_type;
12131				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12132				msg_info.hdr.original_sc = NULL;
12133				msg_info.hdr.serializing_sc = NULL;
12134#if 0
12135				printf("Sent Abort to other side\n");
12136#endif
12137				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12138				    sizeof(msg_info.task), M_NOWAIT);
12139			}
12140#if 0
12141			printf("ctl_abort_task: found I/O to abort\n");
12142#endif
12143		}
12144	}
12145	mtx_unlock(&lun->lun_lock);
12146
12147	if (found == 0) {
12148		/*
12149		 * This isn't really an error.  It's entirely possible for
12150		 * the abort and command completion to cross on the wire.
12151		 * This is more of an informative/diagnostic error.
12152		 */
12153#if 0
12154		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12155		       "%u:%u:%u tag %d type %d\n",
12156		       io->io_hdr.nexus.initid,
12157		       io->io_hdr.nexus.targ_port,
12158		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12159		       io->taskio.tag_type);
12160#endif
12161	}
12162	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12163	return (0);
12164}
12165
12166static int
12167ctl_query_task(union ctl_io *io, int task_set)
12168{
12169	union ctl_io *xio;
12170	struct ctl_lun *lun;
12171	struct ctl_softc *softc;
12172	int found = 0;
12173	uint32_t targ_lun;
12174
12175	softc = control_softc;
12176	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12177	mtx_lock(&softc->ctl_lock);
12178	if ((targ_lun >= CTL_MAX_LUNS) ||
12179	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12180		mtx_unlock(&softc->ctl_lock);
12181		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12182		return (1);
12183	}
12184	mtx_lock(&lun->lun_lock);
12185	mtx_unlock(&softc->ctl_lock);
12186	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12187	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12188
12189		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12190		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12191		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12192			continue;
12193
12194		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12195			found = 1;
12196			break;
12197		}
12198	}
12199	mtx_unlock(&lun->lun_lock);
12200	if (found)
12201		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12202	else
12203		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12204	return (0);
12205}
12206
12207static int
12208ctl_query_async_event(union ctl_io *io)
12209{
12210	struct ctl_lun *lun;
12211	struct ctl_softc *softc;
12212	ctl_ua_type ua;
12213	uint32_t targ_lun, initidx;
12214
12215	softc = control_softc;
12216	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12217	mtx_lock(&softc->ctl_lock);
12218	if ((targ_lun >= CTL_MAX_LUNS) ||
12219	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12220		mtx_unlock(&softc->ctl_lock);
12221		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12222		return (1);
12223	}
12224	mtx_lock(&lun->lun_lock);
12225	mtx_unlock(&softc->ctl_lock);
12226	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12227	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12228	mtx_unlock(&lun->lun_lock);
12229	if (ua != CTL_UA_NONE)
12230		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12231	else
12232		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12233	return (0);
12234}
12235
12236static void
12237ctl_run_task(union ctl_io *io)
12238{
12239	struct ctl_softc *softc = control_softc;
12240	int retval = 1;
12241
12242	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12243	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12244	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12245	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12246	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12247	switch (io->taskio.task_action) {
12248	case CTL_TASK_ABORT_TASK:
12249		retval = ctl_abort_task(io);
12250		break;
12251	case CTL_TASK_ABORT_TASK_SET:
12252	case CTL_TASK_CLEAR_TASK_SET:
12253		retval = ctl_abort_task_set(io);
12254		break;
12255	case CTL_TASK_CLEAR_ACA:
12256		break;
12257	case CTL_TASK_I_T_NEXUS_RESET:
12258		retval = ctl_i_t_nexus_reset(io);
12259		break;
12260	case CTL_TASK_LUN_RESET:
12261		retval = ctl_lun_reset(softc, io);
12262		break;
12263	case CTL_TASK_TARGET_RESET:
12264		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12265		break;
12266	case CTL_TASK_BUS_RESET:
12267		retval = ctl_bus_reset(softc, io);
12268		break;
12269	case CTL_TASK_PORT_LOGIN:
12270		break;
12271	case CTL_TASK_PORT_LOGOUT:
12272		break;
12273	case CTL_TASK_QUERY_TASK:
12274		retval = ctl_query_task(io, 0);
12275		break;
12276	case CTL_TASK_QUERY_TASK_SET:
12277		retval = ctl_query_task(io, 1);
12278		break;
12279	case CTL_TASK_QUERY_ASYNC_EVENT:
12280		retval = ctl_query_async_event(io);
12281		break;
12282	default:
12283		printf("%s: got unknown task management event %d\n",
12284		       __func__, io->taskio.task_action);
12285		break;
12286	}
12287	if (retval == 0)
12288		io->io_hdr.status = CTL_SUCCESS;
12289	else
12290		io->io_hdr.status = CTL_ERROR;
12291	ctl_done(io);
12292}
12293
12294/*
12295 * For HA operation.  Handle commands that come in from the other
12296 * controller.
12297 */
12298static void
12299ctl_handle_isc(union ctl_io *io)
12300{
12301	int free_io;
12302	struct ctl_lun *lun;
12303	struct ctl_softc *softc = control_softc;
12304	uint32_t targ_lun;
12305
12306	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12307	lun = softc->ctl_luns[targ_lun];
12308
12309	switch (io->io_hdr.msg_type) {
12310	case CTL_MSG_SERIALIZE:
12311		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12312		break;
12313	case CTL_MSG_R2R: {
12314		const struct ctl_cmd_entry *entry;
12315
12316		/*
12317		 * This is only used in SER_ONLY mode.
12318		 */
12319		free_io = 0;
12320		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12321		mtx_lock(&lun->lun_lock);
12322		if (ctl_scsiio_lun_check(lun,
12323		    entry, (struct ctl_scsiio *)io) != 0) {
12324			mtx_unlock(&lun->lun_lock);
12325			ctl_done(io);
12326			break;
12327		}
12328		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12329		mtx_unlock(&lun->lun_lock);
12330		ctl_enqueue_rtr(io);
12331		break;
12332	}
12333	case CTL_MSG_FINISH_IO:
12334		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12335			free_io = 0;
12336			ctl_done(io);
12337		} else {
12338			free_io = 1;
12339			mtx_lock(&lun->lun_lock);
12340			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12341				     ooa_links);
12342			ctl_check_blocked(lun);
12343			mtx_unlock(&lun->lun_lock);
12344		}
12345		break;
12346	case CTL_MSG_PERS_ACTION:
12347		ctl_hndl_per_res_out_on_other_sc(
12348			(union ctl_ha_msg *)&io->presio.pr_msg);
12349		free_io = 1;
12350		break;
12351	case CTL_MSG_BAD_JUJU:
12352		free_io = 0;
12353		ctl_done(io);
12354		break;
12355	case CTL_MSG_DATAMOVE:
12356		/* Only used in XFER mode */
12357		free_io = 0;
12358		ctl_datamove_remote(io);
12359		break;
12360	case CTL_MSG_DATAMOVE_DONE:
12361		/* Only used in XFER mode */
12362		free_io = 0;
12363		io->scsiio.be_move_done(io);
12364		break;
12365	case CTL_MSG_FAILOVER:
12366		mtx_lock(&lun->lun_lock);
12367		ctl_failover_lun(lun);
12368		mtx_unlock(&lun->lun_lock);
12369		free_io = 1;
12370		break;
12371	default:
12372		free_io = 1;
12373		printf("%s: Invalid message type %d\n",
12374		       __func__, io->io_hdr.msg_type);
12375		break;
12376	}
12377	if (free_io)
12378		ctl_free_io(io);
12379
12380}
12381
12382
12383/*
12384 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12385 * there is no match.
12386 */
12387static ctl_lun_error_pattern
12388ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12389{
12390	const struct ctl_cmd_entry *entry;
12391	ctl_lun_error_pattern filtered_pattern, pattern;
12392
12393	pattern = desc->error_pattern;
12394
12395	/*
12396	 * XXX KDM we need more data passed into this function to match a
12397	 * custom pattern, and we actually need to implement custom pattern
12398	 * matching.
12399	 */
12400	if (pattern & CTL_LUN_PAT_CMD)
12401		return (CTL_LUN_PAT_CMD);
12402
12403	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12404		return (CTL_LUN_PAT_ANY);
12405
12406	entry = ctl_get_cmd_entry(ctsio, NULL);
12407
12408	filtered_pattern = entry->pattern & pattern;
12409
12410	/*
12411	 * If the user requested specific flags in the pattern (e.g.
12412	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12413	 * flags.
12414	 *
12415	 * If the user did not specify any flags, it doesn't matter whether
12416	 * or not the command supports the flags.
12417	 */
12418	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12419	     (pattern & ~CTL_LUN_PAT_MASK))
12420		return (CTL_LUN_PAT_NONE);
12421
12422	/*
12423	 * If the user asked for a range check, see if the requested LBA
12424	 * range overlaps with this command's LBA range.
12425	 */
12426	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12427		uint64_t lba1;
12428		uint64_t len1;
12429		ctl_action action;
12430		int retval;
12431
12432		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12433		if (retval != 0)
12434			return (CTL_LUN_PAT_NONE);
12435
12436		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12437					      desc->lba_range.len, FALSE);
12438		/*
12439		 * A "pass" means that the LBA ranges don't overlap, so
12440		 * this doesn't match the user's range criteria.
12441		 */
12442		if (action == CTL_ACTION_PASS)
12443			return (CTL_LUN_PAT_NONE);
12444	}
12445
12446	return (filtered_pattern);
12447}
12448
12449static void
12450ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12451{
12452	struct ctl_error_desc *desc, *desc2;
12453
12454	mtx_assert(&lun->lun_lock, MA_OWNED);
12455
12456	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12457		ctl_lun_error_pattern pattern;
12458		/*
12459		 * Check to see whether this particular command matches
12460		 * the pattern in the descriptor.
12461		 */
12462		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12463		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12464			continue;
12465
12466		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12467		case CTL_LUN_INJ_ABORTED:
12468			ctl_set_aborted(&io->scsiio);
12469			break;
12470		case CTL_LUN_INJ_MEDIUM_ERR:
12471			ctl_set_medium_error(&io->scsiio,
12472			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12473			     CTL_FLAG_DATA_OUT);
12474			break;
12475		case CTL_LUN_INJ_UA:
12476			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12477			 * OCCURRED */
12478			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12479			break;
12480		case CTL_LUN_INJ_CUSTOM:
12481			/*
12482			 * We're assuming the user knows what he is doing.
12483			 * Just copy the sense information without doing
12484			 * checks.
12485			 */
12486			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12487			      MIN(sizeof(desc->custom_sense),
12488				  sizeof(io->scsiio.sense_data)));
12489			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12490			io->scsiio.sense_len = SSD_FULL_SIZE;
12491			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12492			break;
12493		case CTL_LUN_INJ_NONE:
12494		default:
12495			/*
12496			 * If this is an error injection type we don't know
12497			 * about, clear the continuous flag (if it is set)
12498			 * so it will get deleted below.
12499			 */
12500			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12501			break;
12502		}
12503		/*
12504		 * By default, each error injection action is a one-shot
12505		 */
12506		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12507			continue;
12508
12509		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12510
12511		free(desc, M_CTL);
12512	}
12513}
12514
12515#ifdef CTL_IO_DELAY
12516static void
12517ctl_datamove_timer_wakeup(void *arg)
12518{
12519	union ctl_io *io;
12520
12521	io = (union ctl_io *)arg;
12522
12523	ctl_datamove(io);
12524}
12525#endif /* CTL_IO_DELAY */
12526
12527void
12528ctl_datamove(union ctl_io *io)
12529{
12530	struct ctl_lun *lun;
12531	void (*fe_datamove)(union ctl_io *io);
12532
12533	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12534
12535	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12536
12537	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12538#ifdef CTL_TIME_IO
12539	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12540		char str[256];
12541		char path_str[64];
12542		struct sbuf sb;
12543
12544		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12545		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12546
12547		sbuf_cat(&sb, path_str);
12548		switch (io->io_hdr.io_type) {
12549		case CTL_IO_SCSI:
12550			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12551			sbuf_printf(&sb, "\n");
12552			sbuf_cat(&sb, path_str);
12553			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12554				    io->scsiio.tag_num, io->scsiio.tag_type);
12555			break;
12556		case CTL_IO_TASK:
12557			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12558				    "Tag Type: %d\n", io->taskio.task_action,
12559				    io->taskio.tag_num, io->taskio.tag_type);
12560			break;
12561		default:
12562			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12563			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12564			break;
12565		}
12566		sbuf_cat(&sb, path_str);
12567		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12568			    (intmax_t)time_uptime - io->io_hdr.start_time);
12569		sbuf_finish(&sb);
12570		printf("%s", sbuf_data(&sb));
12571	}
12572#endif /* CTL_TIME_IO */
12573
12574#ifdef CTL_IO_DELAY
12575	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12576		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12577	} else {
12578		if ((lun != NULL)
12579		 && (lun->delay_info.datamove_delay > 0)) {
12580
12581			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12582			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12583			callout_reset(&io->io_hdr.delay_callout,
12584				      lun->delay_info.datamove_delay * hz,
12585				      ctl_datamove_timer_wakeup, io);
12586			if (lun->delay_info.datamove_type ==
12587			    CTL_DELAY_TYPE_ONESHOT)
12588				lun->delay_info.datamove_delay = 0;
12589			return;
12590		}
12591	}
12592#endif
12593
12594	/*
12595	 * This command has been aborted.  Set the port status, so we fail
12596	 * the data move.
12597	 */
12598	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12599		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12600		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12601		       io->io_hdr.nexus.targ_port,
12602		       io->io_hdr.nexus.targ_lun);
12603		io->io_hdr.port_status = 31337;
12604		/*
12605		 * Note that the backend, in this case, will get the
12606		 * callback in its context.  In other cases it may get
12607		 * called in the frontend's interrupt thread context.
12608		 */
12609		io->scsiio.be_move_done(io);
12610		return;
12611	}
12612
12613	/* Don't confuse frontend with zero length data move. */
12614	if (io->scsiio.kern_data_len == 0) {
12615		io->scsiio.be_move_done(io);
12616		return;
12617	}
12618
12619	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12620	fe_datamove(io);
12621}
12622
12623static void
12624ctl_send_datamove_done(union ctl_io *io, int have_lock)
12625{
12626	union ctl_ha_msg msg;
12627
12628	memset(&msg, 0, sizeof(msg));
12629
12630	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12631	msg.hdr.original_sc = io;
12632	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12633	msg.hdr.nexus = io->io_hdr.nexus;
12634	msg.hdr.status = io->io_hdr.status;
12635	msg.scsi.tag_num = io->scsiio.tag_num;
12636	msg.scsi.tag_type = io->scsiio.tag_type;
12637	msg.scsi.scsi_status = io->scsiio.scsi_status;
12638	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12639	       io->scsiio.sense_len);
12640	msg.scsi.sense_len = io->scsiio.sense_len;
12641	msg.scsi.sense_residual = io->scsiio.sense_residual;
12642	msg.scsi.fetd_status = io->io_hdr.port_status;
12643	msg.scsi.residual = io->scsiio.residual;
12644	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12645
12646	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12647		ctl_failover_io(io, /*have_lock*/ have_lock);
12648		return;
12649	}
12650
12651	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12652	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12653	    msg.scsi.sense_len, M_WAITOK);
12654}
12655
12656/*
12657 * The DMA to the remote side is done, now we need to tell the other side
12658 * we're done so it can continue with its data movement.
12659 */
12660static void
12661ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12662{
12663	union ctl_io *io;
12664	int i;
12665
12666	io = rq->context;
12667
12668	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12669		printf("%s: ISC DMA write failed with error %d", __func__,
12670		       rq->ret);
12671		ctl_set_internal_failure(&io->scsiio,
12672					 /*sks_valid*/ 1,
12673					 /*retry_count*/ rq->ret);
12674	}
12675
12676	ctl_dt_req_free(rq);
12677
12678	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12679		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12680	free(io->io_hdr.remote_sglist, M_CTL);
12681	io->io_hdr.remote_sglist = NULL;
12682	io->io_hdr.local_sglist = NULL;
12683
12684	/*
12685	 * The data is in local and remote memory, so now we need to send
12686	 * status (good or back) back to the other side.
12687	 */
12688	ctl_send_datamove_done(io, /*have_lock*/ 0);
12689}
12690
12691/*
12692 * We've moved the data from the host/controller into local memory.  Now we
12693 * need to push it over to the remote controller's memory.
12694 */
12695static int
12696ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12697{
12698	int retval;
12699
12700	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12701					  ctl_datamove_remote_write_cb);
12702	return (retval);
12703}
12704
12705static void
12706ctl_datamove_remote_write(union ctl_io *io)
12707{
12708	int retval;
12709	void (*fe_datamove)(union ctl_io *io);
12710
12711	/*
12712	 * - Get the data from the host/HBA into local memory.
12713	 * - DMA memory from the local controller to the remote controller.
12714	 * - Send status back to the remote controller.
12715	 */
12716
12717	retval = ctl_datamove_remote_sgl_setup(io);
12718	if (retval != 0)
12719		return;
12720
12721	/* Switch the pointer over so the FETD knows what to do */
12722	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12723
12724	/*
12725	 * Use a custom move done callback, since we need to send completion
12726	 * back to the other controller, not to the backend on this side.
12727	 */
12728	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12729
12730	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12731	fe_datamove(io);
12732}
12733
12734static int
12735ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12736{
12737#if 0
12738	char str[256];
12739	char path_str[64];
12740	struct sbuf sb;
12741#endif
12742	int i;
12743
12744	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12745		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12746	free(io->io_hdr.remote_sglist, M_CTL);
12747	io->io_hdr.remote_sglist = NULL;
12748	io->io_hdr.local_sglist = NULL;
12749
12750#if 0
12751	scsi_path_string(io, path_str, sizeof(path_str));
12752	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12753	sbuf_cat(&sb, path_str);
12754	scsi_command_string(&io->scsiio, NULL, &sb);
12755	sbuf_printf(&sb, "\n");
12756	sbuf_cat(&sb, path_str);
12757	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12758		    io->scsiio.tag_num, io->scsiio.tag_type);
12759	sbuf_cat(&sb, path_str);
12760	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12761		    io->io_hdr.flags, io->io_hdr.status);
12762	sbuf_finish(&sb);
12763	printk("%s", sbuf_data(&sb));
12764#endif
12765
12766
12767	/*
12768	 * The read is done, now we need to send status (good or bad) back
12769	 * to the other side.
12770	 */
12771	ctl_send_datamove_done(io, /*have_lock*/ 0);
12772
12773	return (0);
12774}
12775
12776static void
12777ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12778{
12779	union ctl_io *io;
12780	void (*fe_datamove)(union ctl_io *io);
12781
12782	io = rq->context;
12783
12784	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12785		printf("%s: ISC DMA read failed with error %d\n", __func__,
12786		       rq->ret);
12787		ctl_set_internal_failure(&io->scsiio,
12788					 /*sks_valid*/ 1,
12789					 /*retry_count*/ rq->ret);
12790	}
12791
12792	ctl_dt_req_free(rq);
12793
12794	/* Switch the pointer over so the FETD knows what to do */
12795	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12796
12797	/*
12798	 * Use a custom move done callback, since we need to send completion
12799	 * back to the other controller, not to the backend on this side.
12800	 */
12801	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12802
12803	/* XXX KDM add checks like the ones in ctl_datamove? */
12804
12805	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12806	fe_datamove(io);
12807}
12808
12809static int
12810ctl_datamove_remote_sgl_setup(union ctl_io *io)
12811{
12812	struct ctl_sg_entry *local_sglist;
12813	uint32_t len_to_go;
12814	int retval;
12815	int i;
12816
12817	retval = 0;
12818	local_sglist = io->io_hdr.local_sglist;
12819	len_to_go = io->scsiio.kern_data_len;
12820
12821	/*
12822	 * The difficult thing here is that the size of the various
12823	 * S/G segments may be different than the size from the
12824	 * remote controller.  That'll make it harder when DMAing
12825	 * the data back to the other side.
12826	 */
12827	for (i = 0; len_to_go > 0; i++) {
12828		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12829		local_sglist[i].addr =
12830		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12831
12832		len_to_go -= local_sglist[i].len;
12833	}
12834	/*
12835	 * Reset the number of S/G entries accordingly.  The original
12836	 * number of S/G entries is available in rem_sg_entries.
12837	 */
12838	io->scsiio.kern_sg_entries = i;
12839
12840#if 0
12841	printf("%s: kern_sg_entries = %d\n", __func__,
12842	       io->scsiio.kern_sg_entries);
12843	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12844		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12845		       local_sglist[i].addr, local_sglist[i].len);
12846#endif
12847
12848	return (retval);
12849}
12850
12851static int
12852ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12853			 ctl_ha_dt_cb callback)
12854{
12855	struct ctl_ha_dt_req *rq;
12856	struct ctl_sg_entry *remote_sglist, *local_sglist;
12857	uint32_t local_used, remote_used, total_used;
12858	int i, j, isc_ret;
12859
12860	rq = ctl_dt_req_alloc();
12861
12862	/*
12863	 * If we failed to allocate the request, and if the DMA didn't fail
12864	 * anyway, set busy status.  This is just a resource allocation
12865	 * failure.
12866	 */
12867	if ((rq == NULL)
12868	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12869	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12870		ctl_set_busy(&io->scsiio);
12871
12872	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12873	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12874
12875		if (rq != NULL)
12876			ctl_dt_req_free(rq);
12877
12878		/*
12879		 * The data move failed.  We need to return status back
12880		 * to the other controller.  No point in trying to DMA
12881		 * data to the remote controller.
12882		 */
12883
12884		ctl_send_datamove_done(io, /*have_lock*/ 0);
12885
12886		return (1);
12887	}
12888
12889	local_sglist = io->io_hdr.local_sglist;
12890	remote_sglist = io->io_hdr.remote_sglist;
12891	local_used = 0;
12892	remote_used = 0;
12893	total_used = 0;
12894
12895	/*
12896	 * Pull/push the data over the wire from/to the other controller.
12897	 * This takes into account the possibility that the local and
12898	 * remote sglists may not be identical in terms of the size of
12899	 * the elements and the number of elements.
12900	 *
12901	 * One fundamental assumption here is that the length allocated for
12902	 * both the local and remote sglists is identical.  Otherwise, we've
12903	 * essentially got a coding error of some sort.
12904	 */
12905	isc_ret = CTL_HA_STATUS_SUCCESS;
12906	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12907		uint32_t cur_len;
12908		uint8_t *tmp_ptr;
12909
12910		rq->command = command;
12911		rq->context = io;
12912
12913		/*
12914		 * Both pointers should be aligned.  But it is possible
12915		 * that the allocation length is not.  They should both
12916		 * also have enough slack left over at the end, though,
12917		 * to round up to the next 8 byte boundary.
12918		 */
12919		cur_len = MIN(local_sglist[i].len - local_used,
12920			      remote_sglist[j].len - remote_used);
12921		rq->size = cur_len;
12922
12923		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12924		tmp_ptr += local_used;
12925
12926#if 0
12927		/* Use physical addresses when talking to ISC hardware */
12928		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12929			/* XXX KDM use busdma */
12930			rq->local = vtophys(tmp_ptr);
12931		} else
12932			rq->local = tmp_ptr;
12933#else
12934		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12935		    ("HA does not support BUS_ADDR"));
12936		rq->local = tmp_ptr;
12937#endif
12938
12939		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12940		tmp_ptr += remote_used;
12941		rq->remote = tmp_ptr;
12942
12943		rq->callback = NULL;
12944
12945		local_used += cur_len;
12946		if (local_used >= local_sglist[i].len) {
12947			i++;
12948			local_used = 0;
12949		}
12950
12951		remote_used += cur_len;
12952		if (remote_used >= remote_sglist[j].len) {
12953			j++;
12954			remote_used = 0;
12955		}
12956		total_used += cur_len;
12957
12958		if (total_used >= io->scsiio.kern_data_len)
12959			rq->callback = callback;
12960
12961#if 0
12962		printf("%s: %s: local %p remote %p size %d\n", __func__,
12963		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12964		       rq->local, rq->remote, rq->size);
12965#endif
12966
12967		isc_ret = ctl_dt_single(rq);
12968		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12969			break;
12970	}
12971	if (isc_ret != CTL_HA_STATUS_WAIT) {
12972		rq->ret = isc_ret;
12973		callback(rq);
12974	}
12975
12976	return (0);
12977}
12978
12979static void
12980ctl_datamove_remote_read(union ctl_io *io)
12981{
12982	int retval;
12983	int i;
12984
12985	/*
12986	 * This will send an error to the other controller in the case of a
12987	 * failure.
12988	 */
12989	retval = ctl_datamove_remote_sgl_setup(io);
12990	if (retval != 0)
12991		return;
12992
12993	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12994					  ctl_datamove_remote_read_cb);
12995	if (retval != 0) {
12996		/*
12997		 * Make sure we free memory if there was an error..  The
12998		 * ctl_datamove_remote_xfer() function will send the
12999		 * datamove done message, or call the callback with an
13000		 * error if there is a problem.
13001		 */
13002		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13003			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13004		free(io->io_hdr.remote_sglist, M_CTL);
13005		io->io_hdr.remote_sglist = NULL;
13006		io->io_hdr.local_sglist = NULL;
13007	}
13008}
13009
13010/*
13011 * Process a datamove request from the other controller.  This is used for
13012 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13013 * first.  Once that is complete, the data gets DMAed into the remote
13014 * controller's memory.  For reads, we DMA from the remote controller's
13015 * memory into our memory first, and then move it out to the FETD.
13016 */
13017static void
13018ctl_datamove_remote(union ctl_io *io)
13019{
13020
13021	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
13022
13023	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13024		ctl_failover_io(io, /*have_lock*/ 0);
13025		return;
13026	}
13027
13028	/*
13029	 * Note that we look for an aborted I/O here, but don't do some of
13030	 * the other checks that ctl_datamove() normally does.
13031	 * We don't need to run the datamove delay code, since that should
13032	 * have been done if need be on the other controller.
13033	 */
13034	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13035		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
13036		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
13037		       io->io_hdr.nexus.targ_port,
13038		       io->io_hdr.nexus.targ_lun);
13039		io->io_hdr.port_status = 31338;
13040		ctl_send_datamove_done(io, /*have_lock*/ 0);
13041		return;
13042	}
13043
13044	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
13045		ctl_datamove_remote_write(io);
13046	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
13047		ctl_datamove_remote_read(io);
13048	else {
13049		io->io_hdr.port_status = 31339;
13050		ctl_send_datamove_done(io, /*have_lock*/ 0);
13051	}
13052}
13053
13054static int
13055ctl_process_done(union ctl_io *io)
13056{
13057	struct ctl_lun *lun;
13058	struct ctl_softc *softc = control_softc;
13059	void (*fe_done)(union ctl_io *io);
13060	union ctl_ha_msg msg;
13061	uint32_t targ_port = io->io_hdr.nexus.targ_port;
13062
13063	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13064	fe_done = softc->ctl_ports[targ_port]->fe_done;
13065
13066#ifdef CTL_TIME_IO
13067	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13068		char str[256];
13069		char path_str[64];
13070		struct sbuf sb;
13071
13072		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13073		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13074
13075		sbuf_cat(&sb, path_str);
13076		switch (io->io_hdr.io_type) {
13077		case CTL_IO_SCSI:
13078			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13079			sbuf_printf(&sb, "\n");
13080			sbuf_cat(&sb, path_str);
13081			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13082				    io->scsiio.tag_num, io->scsiio.tag_type);
13083			break;
13084		case CTL_IO_TASK:
13085			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13086				    "Tag Type: %d\n", io->taskio.task_action,
13087				    io->taskio.tag_num, io->taskio.tag_type);
13088			break;
13089		default:
13090			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13091			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13092			break;
13093		}
13094		sbuf_cat(&sb, path_str);
13095		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13096			    (intmax_t)time_uptime - io->io_hdr.start_time);
13097		sbuf_finish(&sb);
13098		printf("%s", sbuf_data(&sb));
13099	}
13100#endif /* CTL_TIME_IO */
13101
13102	switch (io->io_hdr.io_type) {
13103	case CTL_IO_SCSI:
13104		break;
13105	case CTL_IO_TASK:
13106		if (ctl_debug & CTL_DEBUG_INFO)
13107			ctl_io_error_print(io, NULL);
13108		fe_done(io);
13109		return (CTL_RETVAL_COMPLETE);
13110	default:
13111		panic("ctl_process_done: invalid io type %d\n",
13112		      io->io_hdr.io_type);
13113		break; /* NOTREACHED */
13114	}
13115
13116	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13117	if (lun == NULL) {
13118		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13119				 io->io_hdr.nexus.targ_mapped_lun));
13120		goto bailout;
13121	}
13122
13123	mtx_lock(&lun->lun_lock);
13124
13125	/*
13126	 * Check to see if we have any errors to inject here.  We only
13127	 * inject errors for commands that don't already have errors set.
13128	 */
13129	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
13130	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13131	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13132		ctl_inject_error(lun, io);
13133
13134	/*
13135	 * XXX KDM how do we treat commands that aren't completed
13136	 * successfully?
13137	 *
13138	 * XXX KDM should we also track I/O latency?
13139	 */
13140	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13141	    io->io_hdr.io_type == CTL_IO_SCSI) {
13142#ifdef CTL_TIME_IO
13143		struct bintime cur_bt;
13144#endif
13145		int type;
13146
13147		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13148		    CTL_FLAG_DATA_IN)
13149			type = CTL_STATS_READ;
13150		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13151		    CTL_FLAG_DATA_OUT)
13152			type = CTL_STATS_WRITE;
13153		else
13154			type = CTL_STATS_NO_IO;
13155
13156		lun->stats.ports[targ_port].bytes[type] +=
13157		    io->scsiio.kern_total_len;
13158		lun->stats.ports[targ_port].operations[type]++;
13159#ifdef CTL_TIME_IO
13160		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13161		   &io->io_hdr.dma_bt);
13162		lun->stats.ports[targ_port].num_dmas[type] +=
13163		    io->io_hdr.num_dmas;
13164		getbintime(&cur_bt);
13165		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13166		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13167#endif
13168	}
13169
13170	/*
13171	 * Remove this from the OOA queue.
13172	 */
13173	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13174#ifdef CTL_TIME_IO
13175	if (TAILQ_EMPTY(&lun->ooa_queue))
13176		lun->last_busy = getsbinuptime();
13177#endif
13178
13179	/*
13180	 * Run through the blocked queue on this LUN and see if anything
13181	 * has become unblocked, now that this transaction is done.
13182	 */
13183	ctl_check_blocked(lun);
13184
13185	/*
13186	 * If the LUN has been invalidated, free it if there is nothing
13187	 * left on its OOA queue.
13188	 */
13189	if ((lun->flags & CTL_LUN_INVALID)
13190	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13191		mtx_unlock(&lun->lun_lock);
13192		mtx_lock(&softc->ctl_lock);
13193		ctl_free_lun(lun);
13194		mtx_unlock(&softc->ctl_lock);
13195	} else
13196		mtx_unlock(&lun->lun_lock);
13197
13198bailout:
13199
13200	/*
13201	 * If this command has been aborted, make sure we set the status
13202	 * properly.  The FETD is responsible for freeing the I/O and doing
13203	 * whatever it needs to do to clean up its state.
13204	 */
13205	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13206		ctl_set_task_aborted(&io->scsiio);
13207
13208	/*
13209	 * If enabled, print command error status.
13210	 */
13211	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13212	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13213		ctl_io_error_print(io, NULL);
13214
13215	/*
13216	 * Tell the FETD or the other shelf controller we're done with this
13217	 * command.  Note that only SCSI commands get to this point.  Task
13218	 * management commands are completed above.
13219	 */
13220	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13221	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13222		memset(&msg, 0, sizeof(msg));
13223		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13224		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13225		msg.hdr.nexus = io->io_hdr.nexus;
13226		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13227		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13228		    M_WAITOK);
13229	}
13230
13231	fe_done(io);
13232	return (CTL_RETVAL_COMPLETE);
13233}
13234
13235#ifdef CTL_WITH_CA
13236/*
13237 * Front end should call this if it doesn't do autosense.  When the request
13238 * sense comes back in from the initiator, we'll dequeue this and send it.
13239 */
13240int
13241ctl_queue_sense(union ctl_io *io)
13242{
13243	struct ctl_lun *lun;
13244	struct ctl_port *port;
13245	struct ctl_softc *softc;
13246	uint32_t initidx, targ_lun;
13247
13248	softc = control_softc;
13249
13250	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13251
13252	/*
13253	 * LUN lookup will likely move to the ctl_work_thread() once we
13254	 * have our new queueing infrastructure (that doesn't put things on
13255	 * a per-LUN queue initially).  That is so that we can handle
13256	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13257	 * can't deal with that right now.
13258	 */
13259	mtx_lock(&softc->ctl_lock);
13260
13261	/*
13262	 * If we don't have a LUN for this, just toss the sense
13263	 * information.
13264	 */
13265	port = ctl_io_port(&ctsio->io_hdr);
13266	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13267	if ((targ_lun < CTL_MAX_LUNS)
13268	 && (softc->ctl_luns[targ_lun] != NULL))
13269		lun = softc->ctl_luns[targ_lun];
13270	else
13271		goto bailout;
13272
13273	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13274
13275	mtx_lock(&lun->lun_lock);
13276	/*
13277	 * Already have CA set for this LUN...toss the sense information.
13278	 */
13279	if (ctl_is_set(lun->have_ca, initidx)) {
13280		mtx_unlock(&lun->lun_lock);
13281		goto bailout;
13282	}
13283
13284	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13285	       MIN(sizeof(lun->pending_sense[initidx]),
13286	       sizeof(io->scsiio.sense_data)));
13287	ctl_set_mask(lun->have_ca, initidx);
13288	mtx_unlock(&lun->lun_lock);
13289
13290bailout:
13291	mtx_unlock(&softc->ctl_lock);
13292
13293	ctl_free_io(io);
13294
13295	return (CTL_RETVAL_COMPLETE);
13296}
13297#endif
13298
13299/*
13300 * Primary command inlet from frontend ports.  All SCSI and task I/O
13301 * requests must go through this function.
13302 */
13303int
13304ctl_queue(union ctl_io *io)
13305{
13306	struct ctl_port *port;
13307
13308	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13309
13310#ifdef CTL_TIME_IO
13311	io->io_hdr.start_time = time_uptime;
13312	getbintime(&io->io_hdr.start_bt);
13313#endif /* CTL_TIME_IO */
13314
13315	/* Map FE-specific LUN ID into global one. */
13316	port = ctl_io_port(&io->io_hdr);
13317	io->io_hdr.nexus.targ_mapped_lun =
13318	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13319
13320	switch (io->io_hdr.io_type) {
13321	case CTL_IO_SCSI:
13322	case CTL_IO_TASK:
13323		if (ctl_debug & CTL_DEBUG_CDB)
13324			ctl_io_print(io);
13325		ctl_enqueue_incoming(io);
13326		break;
13327	default:
13328		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13329		return (EINVAL);
13330	}
13331
13332	return (CTL_RETVAL_COMPLETE);
13333}
13334
13335#ifdef CTL_IO_DELAY
13336static void
13337ctl_done_timer_wakeup(void *arg)
13338{
13339	union ctl_io *io;
13340
13341	io = (union ctl_io *)arg;
13342	ctl_done(io);
13343}
13344#endif /* CTL_IO_DELAY */
13345
13346void
13347ctl_serseq_done(union ctl_io *io)
13348{
13349	struct ctl_lun *lun;
13350
13351	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13352	if (lun->be_lun == NULL ||
13353	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13354		return;
13355	mtx_lock(&lun->lun_lock);
13356	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13357	ctl_check_blocked(lun);
13358	mtx_unlock(&lun->lun_lock);
13359}
13360
13361void
13362ctl_done(union ctl_io *io)
13363{
13364
13365	/*
13366	 * Enable this to catch duplicate completion issues.
13367	 */
13368#if 0
13369	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13370		printf("%s: type %d msg %d cdb %x iptl: "
13371		       "%u:%u:%u tag 0x%04x "
13372		       "flag %#x status %x\n",
13373			__func__,
13374			io->io_hdr.io_type,
13375			io->io_hdr.msg_type,
13376			io->scsiio.cdb[0],
13377			io->io_hdr.nexus.initid,
13378			io->io_hdr.nexus.targ_port,
13379			io->io_hdr.nexus.targ_lun,
13380			(io->io_hdr.io_type ==
13381			CTL_IO_TASK) ?
13382			io->taskio.tag_num :
13383			io->scsiio.tag_num,
13384		        io->io_hdr.flags,
13385			io->io_hdr.status);
13386	} else
13387		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13388#endif
13389
13390	/*
13391	 * This is an internal copy of an I/O, and should not go through
13392	 * the normal done processing logic.
13393	 */
13394	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13395		return;
13396
13397#ifdef CTL_IO_DELAY
13398	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13399		struct ctl_lun *lun;
13400
13401		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13402
13403		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13404	} else {
13405		struct ctl_lun *lun;
13406
13407		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13408
13409		if ((lun != NULL)
13410		 && (lun->delay_info.done_delay > 0)) {
13411
13412			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13413			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13414			callout_reset(&io->io_hdr.delay_callout,
13415				      lun->delay_info.done_delay * hz,
13416				      ctl_done_timer_wakeup, io);
13417			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13418				lun->delay_info.done_delay = 0;
13419			return;
13420		}
13421	}
13422#endif /* CTL_IO_DELAY */
13423
13424	ctl_enqueue_done(io);
13425}
13426
13427static void
13428ctl_work_thread(void *arg)
13429{
13430	struct ctl_thread *thr = (struct ctl_thread *)arg;
13431	struct ctl_softc *softc = thr->ctl_softc;
13432	union ctl_io *io;
13433	int retval;
13434
13435	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13436
13437	for (;;) {
13438		retval = 0;
13439
13440		/*
13441		 * We handle the queues in this order:
13442		 * - ISC
13443		 * - done queue (to free up resources, unblock other commands)
13444		 * - RtR queue
13445		 * - incoming queue
13446		 *
13447		 * If those queues are empty, we break out of the loop and
13448		 * go to sleep.
13449		 */
13450		mtx_lock(&thr->queue_lock);
13451		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13452		if (io != NULL) {
13453			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13454			mtx_unlock(&thr->queue_lock);
13455			ctl_handle_isc(io);
13456			continue;
13457		}
13458		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13459		if (io != NULL) {
13460			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13461			/* clear any blocked commands, call fe_done */
13462			mtx_unlock(&thr->queue_lock);
13463			retval = ctl_process_done(io);
13464			continue;
13465		}
13466		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13467		if (io != NULL) {
13468			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13469			mtx_unlock(&thr->queue_lock);
13470			if (io->io_hdr.io_type == CTL_IO_TASK)
13471				ctl_run_task(io);
13472			else
13473				ctl_scsiio_precheck(softc, &io->scsiio);
13474			continue;
13475		}
13476		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13477		if (io != NULL) {
13478			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13479			mtx_unlock(&thr->queue_lock);
13480			retval = ctl_scsiio(&io->scsiio);
13481			if (retval != CTL_RETVAL_COMPLETE)
13482				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13483			continue;
13484		}
13485
13486		/* Sleep until we have something to do. */
13487		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13488	}
13489}
13490
13491static void
13492ctl_lun_thread(void *arg)
13493{
13494	struct ctl_softc *softc = (struct ctl_softc *)arg;
13495	struct ctl_be_lun *be_lun;
13496	int retval;
13497
13498	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13499
13500	for (;;) {
13501		retval = 0;
13502		mtx_lock(&softc->ctl_lock);
13503		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13504		if (be_lun != NULL) {
13505			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13506			mtx_unlock(&softc->ctl_lock);
13507			ctl_create_lun(be_lun);
13508			continue;
13509		}
13510
13511		/* Sleep until we have something to do. */
13512		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13513		    PDROP | PRIBIO, "-", 0);
13514	}
13515}
13516
13517static void
13518ctl_thresh_thread(void *arg)
13519{
13520	struct ctl_softc *softc = (struct ctl_softc *)arg;
13521	struct ctl_lun *lun;
13522	struct ctl_be_lun *be_lun;
13523	struct scsi_da_rw_recovery_page *rwpage;
13524	struct ctl_logical_block_provisioning_page *page;
13525	const char *attr;
13526	union ctl_ha_msg msg;
13527	uint64_t thres, val;
13528	int i, e, set;
13529
13530	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13531
13532	for (;;) {
13533		mtx_lock(&softc->ctl_lock);
13534		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13535			be_lun = lun->be_lun;
13536			if ((lun->flags & CTL_LUN_DISABLED) ||
13537			    (lun->flags & CTL_LUN_OFFLINE) ||
13538			    lun->backend->lun_attr == NULL)
13539				continue;
13540			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13541			    softc->ha_mode == CTL_HA_MODE_XFER)
13542				continue;
13543			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13544			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13545				continue;
13546			e = 0;
13547			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13548			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13549				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13550					continue;
13551				thres = scsi_4btoul(page->descr[i].count);
13552				thres <<= CTL_LBP_EXPONENT;
13553				switch (page->descr[i].resource) {
13554				case 0x01:
13555					attr = "blocksavail";
13556					break;
13557				case 0x02:
13558					attr = "blocksused";
13559					break;
13560				case 0xf1:
13561					attr = "poolblocksavail";
13562					break;
13563				case 0xf2:
13564					attr = "poolblocksused";
13565					break;
13566				default:
13567					continue;
13568				}
13569				mtx_unlock(&softc->ctl_lock); // XXX
13570				val = lun->backend->lun_attr(
13571				    lun->be_lun->be_lun, attr);
13572				mtx_lock(&softc->ctl_lock);
13573				if (val == UINT64_MAX)
13574					continue;
13575				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13576				    == SLBPPD_ARMING_INC)
13577					e = (val >= thres);
13578				else
13579					e = (val <= thres);
13580				if (e)
13581					break;
13582			}
13583			mtx_lock(&lun->lun_lock);
13584			if (e) {
13585				scsi_u64to8b((uint8_t *)&page->descr[i] -
13586				    (uint8_t *)page, lun->ua_tpt_info);
13587				if (lun->lasttpt == 0 ||
13588				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13589					lun->lasttpt = time_uptime;
13590					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13591					set = 1;
13592				} else
13593					set = 0;
13594			} else {
13595				lun->lasttpt = 0;
13596				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13597				set = -1;
13598			}
13599			mtx_unlock(&lun->lun_lock);
13600			if (set != 0 &&
13601			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13602				/* Send msg to other side. */
13603				bzero(&msg.ua, sizeof(msg.ua));
13604				msg.hdr.msg_type = CTL_MSG_UA;
13605				msg.hdr.nexus.initid = -1;
13606				msg.hdr.nexus.targ_port = -1;
13607				msg.hdr.nexus.targ_lun = lun->lun;
13608				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13609				msg.ua.ua_all = 1;
13610				msg.ua.ua_set = (set > 0);
13611				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13612				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13613				mtx_unlock(&softc->ctl_lock); // XXX
13614				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13615				    sizeof(msg.ua), M_WAITOK);
13616				mtx_lock(&softc->ctl_lock);
13617			}
13618		}
13619		mtx_unlock(&softc->ctl_lock);
13620		pause("-", CTL_LBP_PERIOD * hz);
13621	}
13622}
13623
13624static void
13625ctl_enqueue_incoming(union ctl_io *io)
13626{
13627	struct ctl_softc *softc = control_softc;
13628	struct ctl_thread *thr;
13629	u_int idx;
13630
13631	idx = (io->io_hdr.nexus.targ_port * 127 +
13632	       io->io_hdr.nexus.initid) % worker_threads;
13633	thr = &softc->threads[idx];
13634	mtx_lock(&thr->queue_lock);
13635	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13636	mtx_unlock(&thr->queue_lock);
13637	wakeup(thr);
13638}
13639
13640static void
13641ctl_enqueue_rtr(union ctl_io *io)
13642{
13643	struct ctl_softc *softc = control_softc;
13644	struct ctl_thread *thr;
13645
13646	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13647	mtx_lock(&thr->queue_lock);
13648	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13649	mtx_unlock(&thr->queue_lock);
13650	wakeup(thr);
13651}
13652
13653static void
13654ctl_enqueue_done(union ctl_io *io)
13655{
13656	struct ctl_softc *softc = control_softc;
13657	struct ctl_thread *thr;
13658
13659	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13660	mtx_lock(&thr->queue_lock);
13661	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13662	mtx_unlock(&thr->queue_lock);
13663	wakeup(thr);
13664}
13665
13666static void
13667ctl_enqueue_isc(union ctl_io *io)
13668{
13669	struct ctl_softc *softc = control_softc;
13670	struct ctl_thread *thr;
13671
13672	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13673	mtx_lock(&thr->queue_lock);
13674	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13675	mtx_unlock(&thr->queue_lock);
13676	wakeup(thr);
13677}
13678
13679/*
13680 *  vim: ts=8
13681 */
13682