ctl.c revision 288805 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288805 2015-10-05 11:25:48Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_DEXCPT,
288	/*mrie*/0,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 0}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/0,
297	/*mrie*/0,
298	/*interval_timer*/{0, 0, 0, 0},
299	/*report_count*/{0, 0, 0, 0}
300};
301
302#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
303
304const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
305	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
306	/*subpage_code*/0x02,
307	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
308	/*flags*/0,
309	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310	/*descr*/{}},
311	{{/*flags*/0,
312	  /*resource*/0x01,
313	  /*reserved*/{0, 0},
314	  /*count*/{0, 0, 0, 0}},
315	 {/*flags*/0,
316	  /*resource*/0x02,
317	  /*reserved*/{0, 0},
318	  /*count*/{0, 0, 0, 0}},
319	 {/*flags*/0,
320	  /*resource*/0xf1,
321	  /*reserved*/{0, 0},
322	  /*count*/{0, 0, 0, 0}},
323	 {/*flags*/0,
324	  /*resource*/0xf2,
325	  /*reserved*/{0, 0},
326	  /*count*/{0, 0, 0, 0}}
327	}
328};
329
330const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
331	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
332	/*subpage_code*/0x02,
333	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
334	/*flags*/0,
335	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
336	/*descr*/{}},
337	{{/*flags*/0,
338	  /*resource*/0,
339	  /*reserved*/{0, 0},
340	  /*count*/{0, 0, 0, 0}},
341	 {/*flags*/0,
342	  /*resource*/0,
343	  /*reserved*/{0, 0},
344	  /*count*/{0, 0, 0, 0}},
345	 {/*flags*/0,
346	  /*resource*/0,
347	  /*reserved*/{0, 0},
348	  /*count*/{0, 0, 0, 0}},
349	 {/*flags*/0,
350	  /*resource*/0,
351	  /*reserved*/{0, 0},
352	  /*count*/{0, 0, 0, 0}}
353	}
354};
355
356SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
357static int worker_threads = -1;
358TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
359SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
360    &worker_threads, 1, "Number of worker threads");
361static int ctl_debug = CTL_DEBUG_NONE;
362TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
363SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
364    &ctl_debug, 0, "Enabled debug flags");
365
366/*
367 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
368 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
369 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
370 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
371 */
372#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
373
374static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
375				  int param);
376static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
377static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
378static int ctl_init(void);
379void ctl_shutdown(void);
380static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
381static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
382static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
383static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
384			      struct ctl_ooa *ooa_hdr,
385			      struct ctl_ooa_entry *kern_entries);
386static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
387		     struct thread *td);
388static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
389			 struct ctl_be_lun *be_lun);
390static int ctl_free_lun(struct ctl_lun *lun);
391static void ctl_create_lun(struct ctl_be_lun *be_lun);
392static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
393
394static int ctl_do_mode_select(union ctl_io *io);
395static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
396			   uint64_t res_key, uint64_t sa_res_key,
397			   uint8_t type, uint32_t residx,
398			   struct ctl_scsiio *ctsio,
399			   struct scsi_per_res_out *cdb,
400			   struct scsi_per_res_out_parms* param);
401static void ctl_pro_preempt_other(struct ctl_lun *lun,
402				  union ctl_ha_msg *msg);
403static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
404static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
407static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
408static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
409static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
410					 int alloc_len);
411static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
412					 int alloc_len);
413static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
414static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
415static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
416static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
417static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
418static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
419    bool seq);
420static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
421static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
422    union ctl_io *pending_io, union ctl_io *ooa_io);
423static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
424				union ctl_io *starting_io);
425static int ctl_check_blocked(struct ctl_lun *lun);
426static int ctl_scsiio_lun_check(struct ctl_lun *lun,
427				const struct ctl_cmd_entry *entry,
428				struct ctl_scsiio *ctsio);
429static void ctl_failover_lun(union ctl_io *io);
430static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
431			       struct ctl_scsiio *ctsio);
432static int ctl_scsiio(struct ctl_scsiio *ctsio);
433
434static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
435static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
436			    ctl_ua_type ua_type);
437static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
438			 ctl_ua_type ua_type);
439static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
440static int ctl_abort_task(union ctl_io *io);
441static int ctl_abort_task_set(union ctl_io *io);
442static int ctl_query_task(union ctl_io *io, int task_set);
443static int ctl_i_t_nexus_reset(union ctl_io *io);
444static int ctl_query_async_event(union ctl_io *io);
445static void ctl_run_task(union ctl_io *io);
446#ifdef CTL_IO_DELAY
447static void ctl_datamove_timer_wakeup(void *arg);
448static void ctl_done_timer_wakeup(void *arg);
449#endif /* CTL_IO_DELAY */
450
451static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
452static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
453static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
454static void ctl_datamove_remote_write(union ctl_io *io);
455static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
456static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
457static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
458static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
459				    ctl_ha_dt_cb callback);
460static void ctl_datamove_remote_read(union ctl_io *io);
461static void ctl_datamove_remote(union ctl_io *io);
462static void ctl_process_done(union ctl_io *io);
463static void ctl_lun_thread(void *arg);
464static void ctl_thresh_thread(void *arg);
465static void ctl_work_thread(void *arg);
466static void ctl_enqueue_incoming(union ctl_io *io);
467static void ctl_enqueue_rtr(union ctl_io *io);
468static void ctl_enqueue_done(union ctl_io *io);
469static void ctl_enqueue_isc(union ctl_io *io);
470static const struct ctl_cmd_entry *
471    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
472static const struct ctl_cmd_entry *
473    ctl_validate_command(struct ctl_scsiio *ctsio);
474static int ctl_cmd_applicable(uint8_t lun_type,
475    const struct ctl_cmd_entry *entry);
476
477static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
478static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
479static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
480static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
481
482/*
483 * Load the serialization table.  This isn't very pretty, but is probably
484 * the easiest way to do it.
485 */
486#include "ctl_ser_table.c"
487
488/*
489 * We only need to define open, close and ioctl routines for this driver.
490 */
491static struct cdevsw ctl_cdevsw = {
492	.d_version =	D_VERSION,
493	.d_flags =	0,
494	.d_open =	ctl_open,
495	.d_close =	ctl_close,
496	.d_ioctl =	ctl_ioctl,
497	.d_name =	"ctl",
498};
499
500
501MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
502
503static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
504
505static moduledata_t ctl_moduledata = {
506	"ctl",
507	ctl_module_event_handler,
508	NULL
509};
510
511DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
512MODULE_VERSION(ctl, 1);
513
514static struct ctl_frontend ha_frontend =
515{
516	.name = "ha",
517};
518
519static void
520ctl_ha_datamove(union ctl_io *io)
521{
522	struct ctl_lun *lun;
523	struct ctl_sg_entry *sgl;
524	union ctl_ha_msg msg;
525	uint32_t sg_entries_sent;
526	int do_sg_copy, i, j;
527
528	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
529	memset(&msg.dt, 0, sizeof(msg.dt));
530	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
531	msg.hdr.original_sc = io->io_hdr.original_sc;
532	msg.hdr.serializing_sc = io;
533	msg.hdr.nexus = io->io_hdr.nexus;
534	msg.hdr.status = io->io_hdr.status;
535	msg.dt.flags = io->io_hdr.flags;
536
537	/*
538	 * We convert everything into a S/G list here.  We can't
539	 * pass by reference, only by value between controllers.
540	 * So we can't pass a pointer to the S/G list, only as many
541	 * S/G entries as we can fit in here.  If it's possible for
542	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
543	 * then we need to break this up into multiple transfers.
544	 */
545	if (io->scsiio.kern_sg_entries == 0) {
546		msg.dt.kern_sg_entries = 1;
547#if 0
548		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
549			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
550		} else {
551			/* XXX KDM use busdma here! */
552			msg.dt.sg_list[0].addr =
553			    (void *)vtophys(io->scsiio.kern_data_ptr);
554		}
555#else
556		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
557		    ("HA does not support BUS_ADDR"));
558		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
559#endif
560		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
561		do_sg_copy = 0;
562	} else {
563		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
564		do_sg_copy = 1;
565	}
566
567	msg.dt.kern_data_len = io->scsiio.kern_data_len;
568	msg.dt.kern_total_len = io->scsiio.kern_total_len;
569	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
570	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
571	msg.dt.sg_sequence = 0;
572
573	/*
574	 * Loop until we've sent all of the S/G entries.  On the
575	 * other end, we'll recompose these S/G entries into one
576	 * contiguous list before processing.
577	 */
578	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
579	    msg.dt.sg_sequence++) {
580		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
581		    sizeof(msg.dt.sg_list[0])),
582		    msg.dt.kern_sg_entries - sg_entries_sent);
583		if (do_sg_copy != 0) {
584			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
585			for (i = sg_entries_sent, j = 0;
586			     i < msg.dt.cur_sg_entries; i++, j++) {
587#if 0
588				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
589					msg.dt.sg_list[j].addr = sgl[i].addr;
590				} else {
591					/* XXX KDM use busdma here! */
592					msg.dt.sg_list[j].addr =
593					    (void *)vtophys(sgl[i].addr);
594				}
595#else
596				KASSERT((io->io_hdr.flags &
597				    CTL_FLAG_BUS_ADDR) == 0,
598				    ("HA does not support BUS_ADDR"));
599				msg.dt.sg_list[j].addr = sgl[i].addr;
600#endif
601				msg.dt.sg_list[j].len = sgl[i].len;
602			}
603		}
604
605		sg_entries_sent += msg.dt.cur_sg_entries;
606		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
607		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
608		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
609		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
610		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
611			io->io_hdr.port_status = 31341;
612			io->scsiio.be_move_done(io);
613			return;
614		}
615		msg.dt.sent_sg_entries = sg_entries_sent;
616	}
617
618	/*
619	 * Officially handover the request from us to peer.
620	 * If failover has just happened, then we must return error.
621	 * If failover happen just after, then it is not our problem.
622	 */
623	if (lun)
624		mtx_lock(&lun->lun_lock);
625	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
626		if (lun)
627			mtx_unlock(&lun->lun_lock);
628		io->io_hdr.port_status = 31342;
629		io->scsiio.be_move_done(io);
630		return;
631	}
632	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
633	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
634	if (lun)
635		mtx_unlock(&lun->lun_lock);
636}
637
638static void
639ctl_ha_done(union ctl_io *io)
640{
641	union ctl_ha_msg msg;
642
643	if (io->io_hdr.io_type == CTL_IO_SCSI) {
644		memset(&msg, 0, sizeof(msg));
645		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
646		msg.hdr.original_sc = io->io_hdr.original_sc;
647		msg.hdr.nexus = io->io_hdr.nexus;
648		msg.hdr.status = io->io_hdr.status;
649		msg.scsi.scsi_status = io->scsiio.scsi_status;
650		msg.scsi.tag_num = io->scsiio.tag_num;
651		msg.scsi.tag_type = io->scsiio.tag_type;
652		msg.scsi.sense_len = io->scsiio.sense_len;
653		msg.scsi.sense_residual = io->scsiio.sense_residual;
654		msg.scsi.residual = io->scsiio.residual;
655		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
656		    io->scsiio.sense_len);
657		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
658		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
659		    msg.scsi.sense_len, M_WAITOK);
660	}
661	ctl_free_io(io);
662}
663
664static void
665ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
666			    union ctl_ha_msg *msg_info)
667{
668	struct ctl_scsiio *ctsio;
669
670	if (msg_info->hdr.original_sc == NULL) {
671		printf("%s: original_sc == NULL!\n", __func__);
672		/* XXX KDM now what? */
673		return;
674	}
675
676	ctsio = &msg_info->hdr.original_sc->scsiio;
677	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
678	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
679	ctsio->io_hdr.status = msg_info->hdr.status;
680	ctsio->scsi_status = msg_info->scsi.scsi_status;
681	ctsio->sense_len = msg_info->scsi.sense_len;
682	ctsio->sense_residual = msg_info->scsi.sense_residual;
683	ctsio->residual = msg_info->scsi.residual;
684	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
685	       msg_info->scsi.sense_len);
686	ctl_enqueue_isc((union ctl_io *)ctsio);
687}
688
689static void
690ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
691				union ctl_ha_msg *msg_info)
692{
693	struct ctl_scsiio *ctsio;
694
695	if (msg_info->hdr.serializing_sc == NULL) {
696		printf("%s: serializing_sc == NULL!\n", __func__);
697		/* XXX KDM now what? */
698		return;
699	}
700
701	ctsio = &msg_info->hdr.serializing_sc->scsiio;
702	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
703	ctl_enqueue_isc((union ctl_io *)ctsio);
704}
705
706void
707ctl_isc_announce_lun(struct ctl_lun *lun)
708{
709	struct ctl_softc *softc = lun->ctl_softc;
710	union ctl_ha_msg *msg;
711	struct ctl_ha_msg_lun_pr_key pr_key;
712	int i, k;
713
714	if (softc->ha_link != CTL_HA_LINK_ONLINE)
715		return;
716	mtx_lock(&lun->lun_lock);
717	i = sizeof(msg->lun);
718	if (lun->lun_devid)
719		i += lun->lun_devid->len;
720	i += sizeof(pr_key) * lun->pr_key_count;
721alloc:
722	mtx_unlock(&lun->lun_lock);
723	msg = malloc(i, M_CTL, M_WAITOK);
724	mtx_lock(&lun->lun_lock);
725	k = sizeof(msg->lun);
726	if (lun->lun_devid)
727		k += lun->lun_devid->len;
728	k += sizeof(pr_key) * lun->pr_key_count;
729	if (i < k) {
730		free(msg, M_CTL);
731		i = k;
732		goto alloc;
733	}
734	bzero(&msg->lun, sizeof(msg->lun));
735	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
736	msg->hdr.nexus.targ_lun = lun->lun;
737	msg->hdr.nexus.targ_mapped_lun = lun->lun;
738	msg->lun.flags = lun->flags;
739	msg->lun.pr_generation = lun->PRGeneration;
740	msg->lun.pr_res_idx = lun->pr_res_idx;
741	msg->lun.pr_res_type = lun->res_type;
742	msg->lun.pr_key_count = lun->pr_key_count;
743	i = 0;
744	if (lun->lun_devid) {
745		msg->lun.lun_devid_len = lun->lun_devid->len;
746		memcpy(&msg->lun.data[i], lun->lun_devid->data,
747		    msg->lun.lun_devid_len);
748		i += msg->lun.lun_devid_len;
749	}
750	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
751		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
752			continue;
753		pr_key.pr_iid = k;
754		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
755		i += sizeof(pr_key);
756	}
757	mtx_unlock(&lun->lun_lock);
758	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
759	    M_WAITOK);
760	free(msg, M_CTL);
761
762	if (lun->flags & CTL_LUN_PRIMARY_SC) {
763		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
764			ctl_isc_announce_mode(lun, -1,
765			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
766			    lun->mode_pages.index[i].subpage);
767		}
768	}
769}
770
771void
772ctl_isc_announce_port(struct ctl_port *port)
773{
774	struct ctl_softc *softc = port->ctl_softc;
775	union ctl_ha_msg *msg;
776	int i;
777
778	if (port->targ_port < softc->port_min ||
779	    port->targ_port >= softc->port_max ||
780	    softc->ha_link != CTL_HA_LINK_ONLINE)
781		return;
782	i = sizeof(msg->port) + strlen(port->port_name) + 1;
783	if (port->lun_map)
784		i += sizeof(uint32_t) * CTL_MAX_LUNS;
785	if (port->port_devid)
786		i += port->port_devid->len;
787	if (port->target_devid)
788		i += port->target_devid->len;
789	if (port->init_devid)
790		i += port->init_devid->len;
791	msg = malloc(i, M_CTL, M_WAITOK);
792	bzero(&msg->port, sizeof(msg->port));
793	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
794	msg->hdr.nexus.targ_port = port->targ_port;
795	msg->port.port_type = port->port_type;
796	msg->port.physical_port = port->physical_port;
797	msg->port.virtual_port = port->virtual_port;
798	msg->port.status = port->status;
799	i = 0;
800	msg->port.name_len = sprintf(&msg->port.data[i],
801	    "%d:%s", softc->ha_id, port->port_name) + 1;
802	i += msg->port.name_len;
803	if (port->lun_map) {
804		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
805		memcpy(&msg->port.data[i], port->lun_map,
806		    msg->port.lun_map_len);
807		i += msg->port.lun_map_len;
808	}
809	if (port->port_devid) {
810		msg->port.port_devid_len = port->port_devid->len;
811		memcpy(&msg->port.data[i], port->port_devid->data,
812		    msg->port.port_devid_len);
813		i += msg->port.port_devid_len;
814	}
815	if (port->target_devid) {
816		msg->port.target_devid_len = port->target_devid->len;
817		memcpy(&msg->port.data[i], port->target_devid->data,
818		    msg->port.target_devid_len);
819		i += msg->port.target_devid_len;
820	}
821	if (port->init_devid) {
822		msg->port.init_devid_len = port->init_devid->len;
823		memcpy(&msg->port.data[i], port->init_devid->data,
824		    msg->port.init_devid_len);
825		i += msg->port.init_devid_len;
826	}
827	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
828	    M_WAITOK);
829	free(msg, M_CTL);
830}
831
832void
833ctl_isc_announce_iid(struct ctl_port *port, int iid)
834{
835	struct ctl_softc *softc = port->ctl_softc;
836	union ctl_ha_msg *msg;
837	int i, l;
838
839	if (port->targ_port < softc->port_min ||
840	    port->targ_port >= softc->port_max ||
841	    softc->ha_link != CTL_HA_LINK_ONLINE)
842		return;
843	mtx_lock(&softc->ctl_lock);
844	i = sizeof(msg->iid);
845	l = 0;
846	if (port->wwpn_iid[iid].name)
847		l = strlen(port->wwpn_iid[iid].name) + 1;
848	i += l;
849	msg = malloc(i, M_CTL, M_NOWAIT);
850	if (msg == NULL) {
851		mtx_unlock(&softc->ctl_lock);
852		return;
853	}
854	bzero(&msg->iid, sizeof(msg->iid));
855	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
856	msg->hdr.nexus.targ_port = port->targ_port;
857	msg->hdr.nexus.initid = iid;
858	msg->iid.in_use = port->wwpn_iid[iid].in_use;
859	msg->iid.name_len = l;
860	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
861	if (port->wwpn_iid[iid].name)
862		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
863	mtx_unlock(&softc->ctl_lock);
864	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
865	free(msg, M_CTL);
866}
867
868void
869ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
870    uint8_t page, uint8_t subpage)
871{
872	struct ctl_softc *softc = lun->ctl_softc;
873	union ctl_ha_msg msg;
874	int i;
875
876	if (softc->ha_link != CTL_HA_LINK_ONLINE)
877		return;
878	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
879		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
880		    page && lun->mode_pages.index[i].subpage == subpage)
881			break;
882	}
883	if (i == CTL_NUM_MODE_PAGES)
884		return;
885	bzero(&msg.mode, sizeof(msg.mode));
886	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
887	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
888	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
889	msg.hdr.nexus.targ_lun = lun->lun;
890	msg.hdr.nexus.targ_mapped_lun = lun->lun;
891	msg.mode.page_code = page;
892	msg.mode.subpage = subpage;
893	msg.mode.page_len = lun->mode_pages.index[i].page_len;
894	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
895	    msg.mode.page_len);
896	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
897	    M_WAITOK);
898}
899
900static void
901ctl_isc_ha_link_up(struct ctl_softc *softc)
902{
903	struct ctl_port *port;
904	struct ctl_lun *lun;
905	union ctl_ha_msg msg;
906	int i;
907
908	/* Announce this node parameters to peer for validation. */
909	msg.login.msg_type = CTL_MSG_LOGIN;
910	msg.login.version = CTL_HA_VERSION;
911	msg.login.ha_mode = softc->ha_mode;
912	msg.login.ha_id = softc->ha_id;
913	msg.login.max_luns = CTL_MAX_LUNS;
914	msg.login.max_ports = CTL_MAX_PORTS;
915	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
916	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
917	    M_WAITOK);
918
919	STAILQ_FOREACH(port, &softc->port_list, links) {
920		ctl_isc_announce_port(port);
921		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
922			if (port->wwpn_iid[i].in_use)
923				ctl_isc_announce_iid(port, i);
924		}
925	}
926	STAILQ_FOREACH(lun, &softc->lun_list, links)
927		ctl_isc_announce_lun(lun);
928}
929
930static void
931ctl_isc_ha_link_down(struct ctl_softc *softc)
932{
933	struct ctl_port *port;
934	struct ctl_lun *lun;
935	union ctl_io *io;
936	int i;
937
938	mtx_lock(&softc->ctl_lock);
939	STAILQ_FOREACH(lun, &softc->lun_list, links) {
940		mtx_lock(&lun->lun_lock);
941		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
942			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
943			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
944		}
945		mtx_unlock(&lun->lun_lock);
946
947		mtx_unlock(&softc->ctl_lock);
948		io = ctl_alloc_io(softc->othersc_pool);
949		mtx_lock(&softc->ctl_lock);
950		ctl_zero_io(io);
951		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
952		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
953		ctl_enqueue_isc(io);
954	}
955
956	STAILQ_FOREACH(port, &softc->port_list, links) {
957		if (port->targ_port >= softc->port_min &&
958		    port->targ_port < softc->port_max)
959			continue;
960		port->status &= ~CTL_PORT_STATUS_ONLINE;
961		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
962			port->wwpn_iid[i].in_use = 0;
963			free(port->wwpn_iid[i].name, M_CTL);
964			port->wwpn_iid[i].name = NULL;
965		}
966	}
967	mtx_unlock(&softc->ctl_lock);
968}
969
970static void
971ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
972{
973	struct ctl_lun *lun;
974	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
975
976	mtx_lock(&softc->ctl_lock);
977	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
978	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
979		mtx_lock(&lun->lun_lock);
980		mtx_unlock(&softc->ctl_lock);
981		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
982		    msg->ua.ua_set)
983			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
984		if (msg->ua.ua_all) {
985			if (msg->ua.ua_set)
986				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
987			else
988				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
989		} else {
990			if (msg->ua.ua_set)
991				ctl_est_ua(lun, iid, msg->ua.ua_type);
992			else
993				ctl_clr_ua(lun, iid, msg->ua.ua_type);
994		}
995		mtx_unlock(&lun->lun_lock);
996	} else
997		mtx_unlock(&softc->ctl_lock);
998}
999
1000static void
1001ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1002{
1003	struct ctl_lun *lun;
1004	struct ctl_ha_msg_lun_pr_key pr_key;
1005	int i, k;
1006	ctl_lun_flags oflags;
1007	uint32_t targ_lun;
1008
1009	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1010	mtx_lock(&softc->ctl_lock);
1011	if ((targ_lun >= CTL_MAX_LUNS) ||
1012	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1013		mtx_unlock(&softc->ctl_lock);
1014		return;
1015	}
1016	mtx_lock(&lun->lun_lock);
1017	mtx_unlock(&softc->ctl_lock);
1018	if (lun->flags & CTL_LUN_DISABLED) {
1019		mtx_unlock(&lun->lun_lock);
1020		return;
1021	}
1022	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1023	if (msg->lun.lun_devid_len != i || (i > 0 &&
1024	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1025		mtx_unlock(&lun->lun_lock);
1026		printf("%s: Received conflicting HA LUN %d\n",
1027		    __func__, msg->hdr.nexus.targ_lun);
1028		return;
1029	} else {
1030		/* Record whether peer is primary. */
1031		oflags = lun->flags;
1032		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1033		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1034			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1035		else
1036			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1037		if (oflags != lun->flags)
1038			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1039
1040		/* If peer is primary and we are not -- use data */
1041		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1042		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1043			lun->PRGeneration = msg->lun.pr_generation;
1044			lun->pr_res_idx = msg->lun.pr_res_idx;
1045			lun->res_type = msg->lun.pr_res_type;
1046			lun->pr_key_count = msg->lun.pr_key_count;
1047			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1048				ctl_clr_prkey(lun, k);
1049			for (k = 0; k < msg->lun.pr_key_count; k++) {
1050				memcpy(&pr_key, &msg->lun.data[i],
1051				    sizeof(pr_key));
1052				ctl_alloc_prkey(lun, pr_key.pr_iid);
1053				ctl_set_prkey(lun, pr_key.pr_iid,
1054				    pr_key.pr_key);
1055				i += sizeof(pr_key);
1056			}
1057		}
1058
1059		mtx_unlock(&lun->lun_lock);
1060		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1061		    __func__, msg->hdr.nexus.targ_lun,
1062		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1063		    "primary" : "secondary"));
1064
1065		/* If we are primary but peer doesn't know -- notify */
1066		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1067		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1068			ctl_isc_announce_lun(lun);
1069	}
1070}
1071
1072static void
1073ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1074{
1075	struct ctl_port *port;
1076	struct ctl_lun *lun;
1077	int i, new;
1078
1079	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1080	if (port == NULL) {
1081		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1082		    msg->hdr.nexus.targ_port));
1083		new = 1;
1084		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1085		port->frontend = &ha_frontend;
1086		port->targ_port = msg->hdr.nexus.targ_port;
1087		port->fe_datamove = ctl_ha_datamove;
1088		port->fe_done = ctl_ha_done;
1089	} else if (port->frontend == &ha_frontend) {
1090		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1091		    msg->hdr.nexus.targ_port));
1092		new = 0;
1093	} else {
1094		printf("%s: Received conflicting HA port %d\n",
1095		    __func__, msg->hdr.nexus.targ_port);
1096		return;
1097	}
1098	port->port_type = msg->port.port_type;
1099	port->physical_port = msg->port.physical_port;
1100	port->virtual_port = msg->port.virtual_port;
1101	port->status = msg->port.status;
1102	i = 0;
1103	free(port->port_name, M_CTL);
1104	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1105	    M_CTL);
1106	i += msg->port.name_len;
1107	if (msg->port.lun_map_len != 0) {
1108		if (port->lun_map == NULL)
1109			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1110			    M_CTL, M_WAITOK);
1111		memcpy(port->lun_map, &msg->port.data[i],
1112		    sizeof(uint32_t) * CTL_MAX_LUNS);
1113		i += msg->port.lun_map_len;
1114	} else {
1115		free(port->lun_map, M_CTL);
1116		port->lun_map = NULL;
1117	}
1118	if (msg->port.port_devid_len != 0) {
1119		if (port->port_devid == NULL ||
1120		    port->port_devid->len != msg->port.port_devid_len) {
1121			free(port->port_devid, M_CTL);
1122			port->port_devid = malloc(sizeof(struct ctl_devid) +
1123			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1124		}
1125		memcpy(port->port_devid->data, &msg->port.data[i],
1126		    msg->port.port_devid_len);
1127		port->port_devid->len = msg->port.port_devid_len;
1128		i += msg->port.port_devid_len;
1129	} else {
1130		free(port->port_devid, M_CTL);
1131		port->port_devid = NULL;
1132	}
1133	if (msg->port.target_devid_len != 0) {
1134		if (port->target_devid == NULL ||
1135		    port->target_devid->len != msg->port.target_devid_len) {
1136			free(port->target_devid, M_CTL);
1137			port->target_devid = malloc(sizeof(struct ctl_devid) +
1138			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1139		}
1140		memcpy(port->target_devid->data, &msg->port.data[i],
1141		    msg->port.target_devid_len);
1142		port->target_devid->len = msg->port.target_devid_len;
1143		i += msg->port.target_devid_len;
1144	} else {
1145		free(port->target_devid, M_CTL);
1146		port->target_devid = NULL;
1147	}
1148	if (msg->port.init_devid_len != 0) {
1149		if (port->init_devid == NULL ||
1150		    port->init_devid->len != msg->port.init_devid_len) {
1151			free(port->init_devid, M_CTL);
1152			port->init_devid = malloc(sizeof(struct ctl_devid) +
1153			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1154		}
1155		memcpy(port->init_devid->data, &msg->port.data[i],
1156		    msg->port.init_devid_len);
1157		port->init_devid->len = msg->port.init_devid_len;
1158		i += msg->port.init_devid_len;
1159	} else {
1160		free(port->init_devid, M_CTL);
1161		port->init_devid = NULL;
1162	}
1163	if (new) {
1164		if (ctl_port_register(port) != 0) {
1165			printf("%s: ctl_port_register() failed with error\n",
1166			    __func__);
1167		}
1168	}
1169	mtx_lock(&softc->ctl_lock);
1170	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1171		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1172			continue;
1173		mtx_lock(&lun->lun_lock);
1174		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1175		mtx_unlock(&lun->lun_lock);
1176	}
1177	mtx_unlock(&softc->ctl_lock);
1178}
1179
1180static void
1181ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1182{
1183	struct ctl_port *port;
1184	int iid;
1185
1186	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1187	if (port == NULL) {
1188		printf("%s: Received IID for unknown port %d\n",
1189		    __func__, msg->hdr.nexus.targ_port);
1190		return;
1191	}
1192	iid = msg->hdr.nexus.initid;
1193	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1194	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1195	free(port->wwpn_iid[iid].name, M_CTL);
1196	if (msg->iid.name_len) {
1197		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1198		    msg->iid.name_len, M_CTL);
1199	} else
1200		port->wwpn_iid[iid].name = NULL;
1201}
1202
1203static void
1204ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1205{
1206
1207	if (msg->login.version != CTL_HA_VERSION) {
1208		printf("CTL HA peers have different versions %d != %d\n",
1209		    msg->login.version, CTL_HA_VERSION);
1210		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1211		return;
1212	}
1213	if (msg->login.ha_mode != softc->ha_mode) {
1214		printf("CTL HA peers have different ha_mode %d != %d\n",
1215		    msg->login.ha_mode, softc->ha_mode);
1216		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1217		return;
1218	}
1219	if (msg->login.ha_id == softc->ha_id) {
1220		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1221		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1222		return;
1223	}
1224	if (msg->login.max_luns != CTL_MAX_LUNS ||
1225	    msg->login.max_ports != CTL_MAX_PORTS ||
1226	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1227		printf("CTL HA peers have different limits\n");
1228		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1229		return;
1230	}
1231}
1232
1233static void
1234ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1235{
1236	struct ctl_lun *lun;
1237	int i;
1238	uint32_t initidx, targ_lun;
1239
1240	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1241	mtx_lock(&softc->ctl_lock);
1242	if ((targ_lun >= CTL_MAX_LUNS) ||
1243	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1244		mtx_unlock(&softc->ctl_lock);
1245		return;
1246	}
1247	mtx_lock(&lun->lun_lock);
1248	mtx_unlock(&softc->ctl_lock);
1249	if (lun->flags & CTL_LUN_DISABLED) {
1250		mtx_unlock(&lun->lun_lock);
1251		return;
1252	}
1253	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1254		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1255		    msg->mode.page_code &&
1256		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1257			break;
1258	}
1259	if (i == CTL_NUM_MODE_PAGES) {
1260		mtx_unlock(&lun->lun_lock);
1261		return;
1262	}
1263	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1264	    lun->mode_pages.index[i].page_len);
1265	initidx = ctl_get_initindex(&msg->hdr.nexus);
1266	if (initidx != -1)
1267		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1268	mtx_unlock(&lun->lun_lock);
1269}
1270
1271/*
1272 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1273 * subsystem come in here.
1274 */
1275static void
1276ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1277{
1278	struct ctl_softc *softc = control_softc;
1279	union ctl_io *io;
1280	struct ctl_prio *presio;
1281	ctl_ha_status isc_status;
1282
1283	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1284	if (event == CTL_HA_EVT_MSG_RECV) {
1285		union ctl_ha_msg *msg, msgbuf;
1286
1287		if (param > sizeof(msgbuf))
1288			msg = malloc(param, M_CTL, M_WAITOK);
1289		else
1290			msg = &msgbuf;
1291		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1292		    M_WAITOK);
1293		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1294			printf("%s: Error receiving message: %d\n",
1295			    __func__, isc_status);
1296			if (msg != &msgbuf)
1297				free(msg, M_CTL);
1298			return;
1299		}
1300
1301		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1302		switch (msg->hdr.msg_type) {
1303		case CTL_MSG_SERIALIZE:
1304			io = ctl_alloc_io(softc->othersc_pool);
1305			ctl_zero_io(io);
1306			// populate ctsio from msg
1307			io->io_hdr.io_type = CTL_IO_SCSI;
1308			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1309			io->io_hdr.original_sc = msg->hdr.original_sc;
1310			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1311					    CTL_FLAG_IO_ACTIVE;
1312			/*
1313			 * If we're in serialization-only mode, we don't
1314			 * want to go through full done processing.  Thus
1315			 * the COPY flag.
1316			 *
1317			 * XXX KDM add another flag that is more specific.
1318			 */
1319			if (softc->ha_mode != CTL_HA_MODE_XFER)
1320				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1321			io->io_hdr.nexus = msg->hdr.nexus;
1322#if 0
1323			printf("port %u, iid %u, lun %u\n",
1324			       io->io_hdr.nexus.targ_port,
1325			       io->io_hdr.nexus.initid,
1326			       io->io_hdr.nexus.targ_lun);
1327#endif
1328			io->scsiio.tag_num = msg->scsi.tag_num;
1329			io->scsiio.tag_type = msg->scsi.tag_type;
1330#ifdef CTL_TIME_IO
1331			io->io_hdr.start_time = time_uptime;
1332			getbinuptime(&io->io_hdr.start_bt);
1333#endif /* CTL_TIME_IO */
1334			io->scsiio.cdb_len = msg->scsi.cdb_len;
1335			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1336			       CTL_MAX_CDBLEN);
1337			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1338				const struct ctl_cmd_entry *entry;
1339
1340				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1341				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1342				io->io_hdr.flags |=
1343					entry->flags & CTL_FLAG_DATA_MASK;
1344			}
1345			ctl_enqueue_isc(io);
1346			break;
1347
1348		/* Performed on the Originating SC, XFER mode only */
1349		case CTL_MSG_DATAMOVE: {
1350			struct ctl_sg_entry *sgl;
1351			int i, j;
1352
1353			io = msg->hdr.original_sc;
1354			if (io == NULL) {
1355				printf("%s: original_sc == NULL!\n", __func__);
1356				/* XXX KDM do something here */
1357				break;
1358			}
1359			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1360			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1361			/*
1362			 * Keep track of this, we need to send it back over
1363			 * when the datamove is complete.
1364			 */
1365			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1366			if (msg->hdr.status == CTL_SUCCESS)
1367				io->io_hdr.status = msg->hdr.status;
1368
1369			if (msg->dt.sg_sequence == 0) {
1370#ifdef CTL_TIME_IO
1371				getbinuptime(&io->io_hdr.dma_start_bt);
1372#endif
1373				i = msg->dt.kern_sg_entries +
1374				    msg->dt.kern_data_len /
1375				    CTL_HA_DATAMOVE_SEGMENT + 1;
1376				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1377				    M_WAITOK | M_ZERO);
1378				io->io_hdr.remote_sglist = sgl;
1379				io->io_hdr.local_sglist =
1380				    &sgl[msg->dt.kern_sg_entries];
1381
1382				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1383
1384				io->scsiio.kern_sg_entries =
1385					msg->dt.kern_sg_entries;
1386				io->scsiio.rem_sg_entries =
1387					msg->dt.kern_sg_entries;
1388				io->scsiio.kern_data_len =
1389					msg->dt.kern_data_len;
1390				io->scsiio.kern_total_len =
1391					msg->dt.kern_total_len;
1392				io->scsiio.kern_data_resid =
1393					msg->dt.kern_data_resid;
1394				io->scsiio.kern_rel_offset =
1395					msg->dt.kern_rel_offset;
1396				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1397				io->io_hdr.flags |= msg->dt.flags &
1398				    CTL_FLAG_BUS_ADDR;
1399			} else
1400				sgl = (struct ctl_sg_entry *)
1401					io->scsiio.kern_data_ptr;
1402
1403			for (i = msg->dt.sent_sg_entries, j = 0;
1404			     i < (msg->dt.sent_sg_entries +
1405			     msg->dt.cur_sg_entries); i++, j++) {
1406				sgl[i].addr = msg->dt.sg_list[j].addr;
1407				sgl[i].len = msg->dt.sg_list[j].len;
1408
1409#if 0
1410				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1411				    __func__, sgl[i].addr, sgl[i].len, j, i);
1412#endif
1413			}
1414
1415			/*
1416			 * If this is the last piece of the I/O, we've got
1417			 * the full S/G list.  Queue processing in the thread.
1418			 * Otherwise wait for the next piece.
1419			 */
1420			if (msg->dt.sg_last != 0)
1421				ctl_enqueue_isc(io);
1422			break;
1423		}
1424		/* Performed on the Serializing (primary) SC, XFER mode only */
1425		case CTL_MSG_DATAMOVE_DONE: {
1426			if (msg->hdr.serializing_sc == NULL) {
1427				printf("%s: serializing_sc == NULL!\n",
1428				       __func__);
1429				/* XXX KDM now what? */
1430				break;
1431			}
1432			/*
1433			 * We grab the sense information here in case
1434			 * there was a failure, so we can return status
1435			 * back to the initiator.
1436			 */
1437			io = msg->hdr.serializing_sc;
1438			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1439			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1440			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1441			io->io_hdr.port_status = msg->scsi.fetd_status;
1442			io->scsiio.residual = msg->scsi.residual;
1443			if (msg->hdr.status != CTL_STATUS_NONE) {
1444				io->io_hdr.status = msg->hdr.status;
1445				io->scsiio.scsi_status = msg->scsi.scsi_status;
1446				io->scsiio.sense_len = msg->scsi.sense_len;
1447				io->scsiio.sense_residual =msg->scsi.sense_residual;
1448				memcpy(&io->scsiio.sense_data,
1449				    &msg->scsi.sense_data,
1450				    msg->scsi.sense_len);
1451				if (msg->hdr.status == CTL_SUCCESS)
1452					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1453			}
1454			ctl_enqueue_isc(io);
1455			break;
1456		}
1457
1458		/* Preformed on Originating SC, SER_ONLY mode */
1459		case CTL_MSG_R2R:
1460			io = msg->hdr.original_sc;
1461			if (io == NULL) {
1462				printf("%s: original_sc == NULL!\n",
1463				    __func__);
1464				break;
1465			}
1466			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1467			io->io_hdr.msg_type = CTL_MSG_R2R;
1468			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1469			ctl_enqueue_isc(io);
1470			break;
1471
1472		/*
1473		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1474		 * mode.
1475		 * Performed on the Originating (i.e. secondary) SC in XFER
1476		 * mode
1477		 */
1478		case CTL_MSG_FINISH_IO:
1479			if (softc->ha_mode == CTL_HA_MODE_XFER)
1480				ctl_isc_handler_finish_xfer(softc, msg);
1481			else
1482				ctl_isc_handler_finish_ser_only(softc, msg);
1483			break;
1484
1485		/* Preformed on Originating SC */
1486		case CTL_MSG_BAD_JUJU:
1487			io = msg->hdr.original_sc;
1488			if (io == NULL) {
1489				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1490				       __func__);
1491				break;
1492			}
1493			ctl_copy_sense_data(msg, io);
1494			/*
1495			 * IO should have already been cleaned up on other
1496			 * SC so clear this flag so we won't send a message
1497			 * back to finish the IO there.
1498			 */
1499			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1500			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1501
1502			/* io = msg->hdr.serializing_sc; */
1503			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1504			ctl_enqueue_isc(io);
1505			break;
1506
1507		/* Handle resets sent from the other side */
1508		case CTL_MSG_MANAGE_TASKS: {
1509			struct ctl_taskio *taskio;
1510			taskio = (struct ctl_taskio *)ctl_alloc_io(
1511			    softc->othersc_pool);
1512			ctl_zero_io((union ctl_io *)taskio);
1513			taskio->io_hdr.io_type = CTL_IO_TASK;
1514			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1515			taskio->io_hdr.nexus = msg->hdr.nexus;
1516			taskio->task_action = msg->task.task_action;
1517			taskio->tag_num = msg->task.tag_num;
1518			taskio->tag_type = msg->task.tag_type;
1519#ifdef CTL_TIME_IO
1520			taskio->io_hdr.start_time = time_uptime;
1521			getbinuptime(&taskio->io_hdr.start_bt);
1522#endif /* CTL_TIME_IO */
1523			ctl_run_task((union ctl_io *)taskio);
1524			break;
1525		}
1526		/* Persistent Reserve action which needs attention */
1527		case CTL_MSG_PERS_ACTION:
1528			presio = (struct ctl_prio *)ctl_alloc_io(
1529			    softc->othersc_pool);
1530			ctl_zero_io((union ctl_io *)presio);
1531			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1532			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1533			presio->io_hdr.nexus = msg->hdr.nexus;
1534			presio->pr_msg = msg->pr;
1535			ctl_enqueue_isc((union ctl_io *)presio);
1536			break;
1537		case CTL_MSG_UA:
1538			ctl_isc_ua(softc, msg, param);
1539			break;
1540		case CTL_MSG_PORT_SYNC:
1541			ctl_isc_port_sync(softc, msg, param);
1542			break;
1543		case CTL_MSG_LUN_SYNC:
1544			ctl_isc_lun_sync(softc, msg, param);
1545			break;
1546		case CTL_MSG_IID_SYNC:
1547			ctl_isc_iid_sync(softc, msg, param);
1548			break;
1549		case CTL_MSG_LOGIN:
1550			ctl_isc_login(softc, msg, param);
1551			break;
1552		case CTL_MSG_MODE_SYNC:
1553			ctl_isc_mode_sync(softc, msg, param);
1554			break;
1555		default:
1556			printf("Received HA message of unknown type %d\n",
1557			    msg->hdr.msg_type);
1558			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1559			break;
1560		}
1561		if (msg != &msgbuf)
1562			free(msg, M_CTL);
1563	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1564		printf("CTL: HA link status changed from %d to %d\n",
1565		    softc->ha_link, param);
1566		if (param == softc->ha_link)
1567			return;
1568		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1569			softc->ha_link = param;
1570			ctl_isc_ha_link_down(softc);
1571		} else {
1572			softc->ha_link = param;
1573			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1574				ctl_isc_ha_link_up(softc);
1575		}
1576		return;
1577	} else {
1578		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1579		return;
1580	}
1581}
1582
1583static void
1584ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1585{
1586
1587	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1588	    src->scsi.sense_len);
1589	dest->scsiio.scsi_status = src->scsi.scsi_status;
1590	dest->scsiio.sense_len = src->scsi.sense_len;
1591	dest->io_hdr.status = src->hdr.status;
1592}
1593
1594static void
1595ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1596{
1597
1598	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1599	    src->scsiio.sense_len);
1600	dest->scsi.scsi_status = src->scsiio.scsi_status;
1601	dest->scsi.sense_len = src->scsiio.sense_len;
1602	dest->hdr.status = src->io_hdr.status;
1603}
1604
1605void
1606ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1607{
1608	struct ctl_softc *softc = lun->ctl_softc;
1609	ctl_ua_type *pu;
1610
1611	if (initidx < softc->init_min || initidx >= softc->init_max)
1612		return;
1613	mtx_assert(&lun->lun_lock, MA_OWNED);
1614	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1615	if (pu == NULL)
1616		return;
1617	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1618}
1619
1620void
1621ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1622{
1623	int i;
1624
1625	mtx_assert(&lun->lun_lock, MA_OWNED);
1626	if (lun->pending_ua[port] == NULL)
1627		return;
1628	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1629		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1630			continue;
1631		lun->pending_ua[port][i] |= ua;
1632	}
1633}
1634
1635void
1636ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1637{
1638	struct ctl_softc *softc = lun->ctl_softc;
1639	int i;
1640
1641	mtx_assert(&lun->lun_lock, MA_OWNED);
1642	for (i = softc->port_min; i < softc->port_max; i++)
1643		ctl_est_ua_port(lun, i, except, ua);
1644}
1645
1646void
1647ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1648{
1649	struct ctl_softc *softc = lun->ctl_softc;
1650	ctl_ua_type *pu;
1651
1652	if (initidx < softc->init_min || initidx >= softc->init_max)
1653		return;
1654	mtx_assert(&lun->lun_lock, MA_OWNED);
1655	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1656	if (pu == NULL)
1657		return;
1658	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1659}
1660
1661void
1662ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1663{
1664	struct ctl_softc *softc = lun->ctl_softc;
1665	int i, j;
1666
1667	mtx_assert(&lun->lun_lock, MA_OWNED);
1668	for (i = softc->port_min; i < softc->port_max; i++) {
1669		if (lun->pending_ua[i] == NULL)
1670			continue;
1671		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1672			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1673				continue;
1674			lun->pending_ua[i][j] &= ~ua;
1675		}
1676	}
1677}
1678
1679void
1680ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1681    ctl_ua_type ua_type)
1682{
1683	struct ctl_lun *lun;
1684
1685	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1686	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1687		mtx_lock(&lun->lun_lock);
1688		ctl_clr_ua(lun, initidx, ua_type);
1689		mtx_unlock(&lun->lun_lock);
1690	}
1691}
1692
1693static int
1694ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1695{
1696	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1697	struct ctl_lun *lun;
1698	struct ctl_lun_req ireq;
1699	int error, value;
1700
1701	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1702	error = sysctl_handle_int(oidp, &value, 0, req);
1703	if ((error != 0) || (req->newptr == NULL))
1704		return (error);
1705
1706	mtx_lock(&softc->ctl_lock);
1707	if (value == 0)
1708		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1709	else
1710		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1711	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1712		mtx_unlock(&softc->ctl_lock);
1713		bzero(&ireq, sizeof(ireq));
1714		ireq.reqtype = CTL_LUNREQ_MODIFY;
1715		ireq.reqdata.modify.lun_id = lun->lun;
1716		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1717		    curthread);
1718		if (ireq.status != CTL_LUN_OK) {
1719			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1720			    __func__, ireq.status, ireq.error_str);
1721		}
1722		mtx_lock(&softc->ctl_lock);
1723	}
1724	mtx_unlock(&softc->ctl_lock);
1725	return (0);
1726}
1727
1728static int
1729ctl_init(void)
1730{
1731	struct ctl_softc *softc;
1732	void *other_pool;
1733	int i, error;
1734
1735	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1736			       M_WAITOK | M_ZERO);
1737
1738	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1739			      "cam/ctl");
1740	softc->dev->si_drv1 = softc;
1741
1742	sysctl_ctx_init(&softc->sysctl_ctx);
1743	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1744		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1745		CTLFLAG_RD, 0, "CAM Target Layer");
1746
1747	if (softc->sysctl_tree == NULL) {
1748		printf("%s: unable to allocate sysctl tree\n", __func__);
1749		destroy_dev(softc->dev);
1750		free(control_softc, M_DEVBUF);
1751		control_softc = NULL;
1752		return (ENOMEM);
1753	}
1754
1755	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1756	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1757	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1758	softc->open_count = 0;
1759	softc->flags = 0;
1760
1761	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1762	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1763	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1764
1765	/*
1766	 * In Copan's HA scheme, the "master" and "slave" roles are
1767	 * figured out through the slot the controller is in.  Although it
1768	 * is an active/active system, someone has to be in charge.
1769	 */
1770	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1771	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1772	    "HA head ID (0 - no HA)");
1773	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1774		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1775		softc->is_single = 1;
1776		softc->port_cnt = CTL_MAX_PORTS;
1777		softc->port_min = 0;
1778	} else {
1779		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1780		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1781	}
1782	softc->port_max = softc->port_min + softc->port_cnt;
1783	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1784	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1785
1786	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1787	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1788	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1789
1790	STAILQ_INIT(&softc->lun_list);
1791	STAILQ_INIT(&softc->pending_lun_queue);
1792	STAILQ_INIT(&softc->fe_list);
1793	STAILQ_INIT(&softc->port_list);
1794	STAILQ_INIT(&softc->be_list);
1795	ctl_tpc_init(softc);
1796
1797	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1798	                    &other_pool) != 0)
1799	{
1800		printf("ctl: can't allocate %d entry other SC pool, "
1801		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1802		return (ENOMEM);
1803	}
1804	softc->othersc_pool = other_pool;
1805
1806	if (worker_threads <= 0)
1807		worker_threads = max(1, mp_ncpus / 4);
1808	if (worker_threads > CTL_MAX_THREADS)
1809		worker_threads = CTL_MAX_THREADS;
1810
1811	for (i = 0; i < worker_threads; i++) {
1812		struct ctl_thread *thr = &softc->threads[i];
1813
1814		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1815		thr->ctl_softc = softc;
1816		STAILQ_INIT(&thr->incoming_queue);
1817		STAILQ_INIT(&thr->rtr_queue);
1818		STAILQ_INIT(&thr->done_queue);
1819		STAILQ_INIT(&thr->isc_queue);
1820
1821		error = kproc_kthread_add(ctl_work_thread, thr,
1822		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1823		if (error != 0) {
1824			printf("error creating CTL work thread!\n");
1825			ctl_pool_free(other_pool);
1826			return (error);
1827		}
1828	}
1829	error = kproc_kthread_add(ctl_lun_thread, softc,
1830	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1831	if (error != 0) {
1832		printf("error creating CTL lun thread!\n");
1833		ctl_pool_free(other_pool);
1834		return (error);
1835	}
1836	error = kproc_kthread_add(ctl_thresh_thread, softc,
1837	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1838	if (error != 0) {
1839		printf("error creating CTL threshold thread!\n");
1840		ctl_pool_free(other_pool);
1841		return (error);
1842	}
1843
1844	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1845	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1846	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1847
1848	if (softc->is_single == 0) {
1849		ctl_frontend_register(&ha_frontend);
1850		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1851			printf("ctl_init: ctl_ha_msg_init failed.\n");
1852			softc->is_single = 1;
1853		} else
1854		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1855		    != CTL_HA_STATUS_SUCCESS) {
1856			printf("ctl_init: ctl_ha_msg_register failed.\n");
1857			softc->is_single = 1;
1858		}
1859	}
1860	return (0);
1861}
1862
1863void
1864ctl_shutdown(void)
1865{
1866	struct ctl_softc *softc = control_softc;
1867	struct ctl_lun *lun, *next_lun;
1868
1869	if (softc->is_single == 0) {
1870		ctl_ha_msg_shutdown(softc);
1871		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1872		    != CTL_HA_STATUS_SUCCESS)
1873			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1874		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1875			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1876		ctl_frontend_deregister(&ha_frontend);
1877	}
1878
1879	mtx_lock(&softc->ctl_lock);
1880
1881	/*
1882	 * Free up each LUN.
1883	 */
1884	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1885		next_lun = STAILQ_NEXT(lun, links);
1886		ctl_free_lun(lun);
1887	}
1888
1889	mtx_unlock(&softc->ctl_lock);
1890
1891#if 0
1892	ctl_shutdown_thread(softc->work_thread);
1893	mtx_destroy(&softc->queue_lock);
1894#endif
1895
1896	ctl_tpc_shutdown(softc);
1897	uma_zdestroy(softc->io_zone);
1898	mtx_destroy(&softc->ctl_lock);
1899
1900	destroy_dev(softc->dev);
1901
1902	sysctl_ctx_free(&softc->sysctl_ctx);
1903
1904	free(control_softc, M_DEVBUF);
1905	control_softc = NULL;
1906}
1907
1908static int
1909ctl_module_event_handler(module_t mod, int what, void *arg)
1910{
1911
1912	switch (what) {
1913	case MOD_LOAD:
1914		return (ctl_init());
1915	case MOD_UNLOAD:
1916		return (EBUSY);
1917	default:
1918		return (EOPNOTSUPP);
1919	}
1920}
1921
1922/*
1923 * XXX KDM should we do some access checks here?  Bump a reference count to
1924 * prevent a CTL module from being unloaded while someone has it open?
1925 */
1926static int
1927ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1928{
1929	return (0);
1930}
1931
1932static int
1933ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1934{
1935	return (0);
1936}
1937
1938/*
1939 * Remove an initiator by port number and initiator ID.
1940 * Returns 0 for success, -1 for failure.
1941 */
1942int
1943ctl_remove_initiator(struct ctl_port *port, int iid)
1944{
1945	struct ctl_softc *softc = port->ctl_softc;
1946
1947	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1948
1949	if (iid > CTL_MAX_INIT_PER_PORT) {
1950		printf("%s: initiator ID %u > maximun %u!\n",
1951		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1952		return (-1);
1953	}
1954
1955	mtx_lock(&softc->ctl_lock);
1956	port->wwpn_iid[iid].in_use--;
1957	port->wwpn_iid[iid].last_use = time_uptime;
1958	mtx_unlock(&softc->ctl_lock);
1959	ctl_isc_announce_iid(port, iid);
1960
1961	return (0);
1962}
1963
1964/*
1965 * Add an initiator to the initiator map.
1966 * Returns iid for success, < 0 for failure.
1967 */
1968int
1969ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1970{
1971	struct ctl_softc *softc = port->ctl_softc;
1972	time_t best_time;
1973	int i, best;
1974
1975	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1976
1977	if (iid >= CTL_MAX_INIT_PER_PORT) {
1978		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1979		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1980		free(name, M_CTL);
1981		return (-1);
1982	}
1983
1984	mtx_lock(&softc->ctl_lock);
1985
1986	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1987		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1988			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1989				iid = i;
1990				break;
1991			}
1992			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1993			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1994				iid = i;
1995				break;
1996			}
1997		}
1998	}
1999
2000	if (iid < 0) {
2001		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2002			if (port->wwpn_iid[i].in_use == 0 &&
2003			    port->wwpn_iid[i].wwpn == 0 &&
2004			    port->wwpn_iid[i].name == NULL) {
2005				iid = i;
2006				break;
2007			}
2008		}
2009	}
2010
2011	if (iid < 0) {
2012		best = -1;
2013		best_time = INT32_MAX;
2014		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2015			if (port->wwpn_iid[i].in_use == 0) {
2016				if (port->wwpn_iid[i].last_use < best_time) {
2017					best = i;
2018					best_time = port->wwpn_iid[i].last_use;
2019				}
2020			}
2021		}
2022		iid = best;
2023	}
2024
2025	if (iid < 0) {
2026		mtx_unlock(&softc->ctl_lock);
2027		free(name, M_CTL);
2028		return (-2);
2029	}
2030
2031	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2032		/*
2033		 * This is not an error yet.
2034		 */
2035		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2036#if 0
2037			printf("%s: port %d iid %u WWPN %#jx arrived"
2038			    " again\n", __func__, port->targ_port,
2039			    iid, (uintmax_t)wwpn);
2040#endif
2041			goto take;
2042		}
2043		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2044		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2045#if 0
2046			printf("%s: port %d iid %u name '%s' arrived"
2047			    " again\n", __func__, port->targ_port,
2048			    iid, name);
2049#endif
2050			goto take;
2051		}
2052
2053		/*
2054		 * This is an error, but what do we do about it?  The
2055		 * driver is telling us we have a new WWPN for this
2056		 * initiator ID, so we pretty much need to use it.
2057		 */
2058		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2059		    " but WWPN %#jx '%s' is still at that address\n",
2060		    __func__, port->targ_port, iid, wwpn, name,
2061		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2062		    port->wwpn_iid[iid].name);
2063
2064		/*
2065		 * XXX KDM clear have_ca and ua_pending on each LUN for
2066		 * this initiator.
2067		 */
2068	}
2069take:
2070	free(port->wwpn_iid[iid].name, M_CTL);
2071	port->wwpn_iid[iid].name = name;
2072	port->wwpn_iid[iid].wwpn = wwpn;
2073	port->wwpn_iid[iid].in_use++;
2074	mtx_unlock(&softc->ctl_lock);
2075	ctl_isc_announce_iid(port, iid);
2076
2077	return (iid);
2078}
2079
2080static int
2081ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2082{
2083	int len;
2084
2085	switch (port->port_type) {
2086	case CTL_PORT_FC:
2087	{
2088		struct scsi_transportid_fcp *id =
2089		    (struct scsi_transportid_fcp *)buf;
2090		if (port->wwpn_iid[iid].wwpn == 0)
2091			return (0);
2092		memset(id, 0, sizeof(*id));
2093		id->format_protocol = SCSI_PROTO_FC;
2094		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2095		return (sizeof(*id));
2096	}
2097	case CTL_PORT_ISCSI:
2098	{
2099		struct scsi_transportid_iscsi_port *id =
2100		    (struct scsi_transportid_iscsi_port *)buf;
2101		if (port->wwpn_iid[iid].name == NULL)
2102			return (0);
2103		memset(id, 0, 256);
2104		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2105		    SCSI_PROTO_ISCSI;
2106		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2107		len = roundup2(min(len, 252), 4);
2108		scsi_ulto2b(len, id->additional_length);
2109		return (sizeof(*id) + len);
2110	}
2111	case CTL_PORT_SAS:
2112	{
2113		struct scsi_transportid_sas *id =
2114		    (struct scsi_transportid_sas *)buf;
2115		if (port->wwpn_iid[iid].wwpn == 0)
2116			return (0);
2117		memset(id, 0, sizeof(*id));
2118		id->format_protocol = SCSI_PROTO_SAS;
2119		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2120		return (sizeof(*id));
2121	}
2122	default:
2123	{
2124		struct scsi_transportid_spi *id =
2125		    (struct scsi_transportid_spi *)buf;
2126		memset(id, 0, sizeof(*id));
2127		id->format_protocol = SCSI_PROTO_SPI;
2128		scsi_ulto2b(iid, id->scsi_addr);
2129		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2130		return (sizeof(*id));
2131	}
2132	}
2133}
2134
2135/*
2136 * Serialize a command that went down the "wrong" side, and so was sent to
2137 * this controller for execution.  The logic is a little different than the
2138 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2139 * sent back to the other side, but in the success case, we execute the
2140 * command on this side (XFER mode) or tell the other side to execute it
2141 * (SER_ONLY mode).
2142 */
2143static int
2144ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2145{
2146	struct ctl_softc *softc = control_softc;
2147	union ctl_ha_msg msg_info;
2148	struct ctl_port *port;
2149	struct ctl_lun *lun;
2150	const struct ctl_cmd_entry *entry;
2151	int retval = 0;
2152	uint32_t targ_lun;
2153
2154	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2155	mtx_lock(&softc->ctl_lock);
2156
2157	/* Make sure that we know about this port. */
2158	port = ctl_io_port(&ctsio->io_hdr);
2159	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2160		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2161					 /*retry_count*/ 1);
2162		goto badjuju;
2163	}
2164
2165	/* Make sure that we know about this LUN. */
2166	if ((targ_lun < CTL_MAX_LUNS) &&
2167	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2168		mtx_lock(&lun->lun_lock);
2169		mtx_unlock(&softc->ctl_lock);
2170		/*
2171		 * If the LUN is invalid, pretend that it doesn't exist.
2172		 * It will go away as soon as all pending I/O has been
2173		 * completed.
2174		 */
2175		if (lun->flags & CTL_LUN_DISABLED) {
2176			mtx_unlock(&lun->lun_lock);
2177			lun = NULL;
2178		}
2179	} else {
2180		mtx_unlock(&softc->ctl_lock);
2181		lun = NULL;
2182	}
2183	if (lun == NULL) {
2184		/*
2185		 * The other node would not send this request to us unless
2186		 * received announce that we are primary node for this LUN.
2187		 * If this LUN does not exist now, it is probably result of
2188		 * a race, so respond to initiator in the most opaque way.
2189		 */
2190		ctl_set_busy(ctsio);
2191		goto badjuju;
2192	}
2193
2194	entry = ctl_get_cmd_entry(ctsio, NULL);
2195	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2196		mtx_unlock(&lun->lun_lock);
2197		goto badjuju;
2198	}
2199
2200	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2201	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2202
2203	/*
2204	 * Every I/O goes into the OOA queue for a
2205	 * particular LUN, and stays there until completion.
2206	 */
2207#ifdef CTL_TIME_IO
2208	if (TAILQ_EMPTY(&lun->ooa_queue))
2209		lun->idle_time += getsbinuptime() - lun->last_busy;
2210#endif
2211	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2212
2213	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2214		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2215		 ooa_links))) {
2216	case CTL_ACTION_BLOCK:
2217		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2218		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2219				  blocked_links);
2220		mtx_unlock(&lun->lun_lock);
2221		break;
2222	case CTL_ACTION_PASS:
2223	case CTL_ACTION_SKIP:
2224		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2225			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2226			ctl_enqueue_rtr((union ctl_io *)ctsio);
2227			mtx_unlock(&lun->lun_lock);
2228		} else {
2229			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2230			mtx_unlock(&lun->lun_lock);
2231
2232			/* send msg back to other side */
2233			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2234			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2235			msg_info.hdr.msg_type = CTL_MSG_R2R;
2236			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2237			    sizeof(msg_info.hdr), M_WAITOK);
2238		}
2239		break;
2240	case CTL_ACTION_OVERLAP:
2241		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2242		mtx_unlock(&lun->lun_lock);
2243		ctl_set_overlapped_cmd(ctsio);
2244		goto badjuju;
2245	case CTL_ACTION_OVERLAP_TAG:
2246		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2247		mtx_unlock(&lun->lun_lock);
2248		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2249		goto badjuju;
2250	case CTL_ACTION_ERROR:
2251	default:
2252		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2253		mtx_unlock(&lun->lun_lock);
2254
2255		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2256					 /*retry_count*/ 0);
2257badjuju:
2258		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2259		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2260		msg_info.hdr.serializing_sc = NULL;
2261		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2262		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2263		    sizeof(msg_info.scsi), M_WAITOK);
2264		retval = 1;
2265		break;
2266	}
2267	return (retval);
2268}
2269
2270/*
2271 * Returns 0 for success, errno for failure.
2272 */
2273static void
2274ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2275		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2276{
2277	union ctl_io *io;
2278
2279	mtx_lock(&lun->lun_lock);
2280	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2281	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2282	     ooa_links)) {
2283		struct ctl_ooa_entry *entry;
2284
2285		/*
2286		 * If we've got more than we can fit, just count the
2287		 * remaining entries.
2288		 */
2289		if (*cur_fill_num >= ooa_hdr->alloc_num)
2290			continue;
2291
2292		entry = &kern_entries[*cur_fill_num];
2293
2294		entry->tag_num = io->scsiio.tag_num;
2295		entry->lun_num = lun->lun;
2296#ifdef CTL_TIME_IO
2297		entry->start_bt = io->io_hdr.start_bt;
2298#endif
2299		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2300		entry->cdb_len = io->scsiio.cdb_len;
2301		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2302			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2303
2304		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2305			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2306
2307		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2308			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2309
2310		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2311			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2312
2313		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2314			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2315	}
2316	mtx_unlock(&lun->lun_lock);
2317}
2318
2319static void *
2320ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2321		 size_t error_str_len)
2322{
2323	void *kptr;
2324
2325	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2326
2327	if (copyin(user_addr, kptr, len) != 0) {
2328		snprintf(error_str, error_str_len, "Error copying %d bytes "
2329			 "from user address %p to kernel address %p", len,
2330			 user_addr, kptr);
2331		free(kptr, M_CTL);
2332		return (NULL);
2333	}
2334
2335	return (kptr);
2336}
2337
2338static void
2339ctl_free_args(int num_args, struct ctl_be_arg *args)
2340{
2341	int i;
2342
2343	if (args == NULL)
2344		return;
2345
2346	for (i = 0; i < num_args; i++) {
2347		free(args[i].kname, M_CTL);
2348		free(args[i].kvalue, M_CTL);
2349	}
2350
2351	free(args, M_CTL);
2352}
2353
2354static struct ctl_be_arg *
2355ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2356		char *error_str, size_t error_str_len)
2357{
2358	struct ctl_be_arg *args;
2359	int i;
2360
2361	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2362				error_str, error_str_len);
2363
2364	if (args == NULL)
2365		goto bailout;
2366
2367	for (i = 0; i < num_args; i++) {
2368		args[i].kname = NULL;
2369		args[i].kvalue = NULL;
2370	}
2371
2372	for (i = 0; i < num_args; i++) {
2373		uint8_t *tmpptr;
2374
2375		args[i].kname = ctl_copyin_alloc(args[i].name,
2376			args[i].namelen, error_str, error_str_len);
2377		if (args[i].kname == NULL)
2378			goto bailout;
2379
2380		if (args[i].kname[args[i].namelen - 1] != '\0') {
2381			snprintf(error_str, error_str_len, "Argument %d "
2382				 "name is not NUL-terminated", i);
2383			goto bailout;
2384		}
2385
2386		if (args[i].flags & CTL_BEARG_RD) {
2387			tmpptr = ctl_copyin_alloc(args[i].value,
2388				args[i].vallen, error_str, error_str_len);
2389			if (tmpptr == NULL)
2390				goto bailout;
2391			if ((args[i].flags & CTL_BEARG_ASCII)
2392			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2393				snprintf(error_str, error_str_len, "Argument "
2394				    "%d value is not NUL-terminated", i);
2395				goto bailout;
2396			}
2397			args[i].kvalue = tmpptr;
2398		} else {
2399			args[i].kvalue = malloc(args[i].vallen,
2400			    M_CTL, M_WAITOK | M_ZERO);
2401		}
2402	}
2403
2404	return (args);
2405bailout:
2406
2407	ctl_free_args(num_args, args);
2408
2409	return (NULL);
2410}
2411
2412static void
2413ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2414{
2415	int i;
2416
2417	for (i = 0; i < num_args; i++) {
2418		if (args[i].flags & CTL_BEARG_WR)
2419			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2420	}
2421}
2422
2423/*
2424 * Escape characters that are illegal or not recommended in XML.
2425 */
2426int
2427ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2428{
2429	char *end = str + size;
2430	int retval;
2431
2432	retval = 0;
2433
2434	for (; *str && str < end; str++) {
2435		switch (*str) {
2436		case '&':
2437			retval = sbuf_printf(sb, "&amp;");
2438			break;
2439		case '>':
2440			retval = sbuf_printf(sb, "&gt;");
2441			break;
2442		case '<':
2443			retval = sbuf_printf(sb, "&lt;");
2444			break;
2445		default:
2446			retval = sbuf_putc(sb, *str);
2447			break;
2448		}
2449
2450		if (retval != 0)
2451			break;
2452
2453	}
2454
2455	return (retval);
2456}
2457
2458static void
2459ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2460{
2461	struct scsi_vpd_id_descriptor *desc;
2462	int i;
2463
2464	if (id == NULL || id->len < 4)
2465		return;
2466	desc = (struct scsi_vpd_id_descriptor *)id->data;
2467	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2468	case SVPD_ID_TYPE_T10:
2469		sbuf_printf(sb, "t10.");
2470		break;
2471	case SVPD_ID_TYPE_EUI64:
2472		sbuf_printf(sb, "eui.");
2473		break;
2474	case SVPD_ID_TYPE_NAA:
2475		sbuf_printf(sb, "naa.");
2476		break;
2477	case SVPD_ID_TYPE_SCSI_NAME:
2478		break;
2479	}
2480	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2481	case SVPD_ID_CODESET_BINARY:
2482		for (i = 0; i < desc->length; i++)
2483			sbuf_printf(sb, "%02x", desc->identifier[i]);
2484		break;
2485	case SVPD_ID_CODESET_ASCII:
2486		sbuf_printf(sb, "%.*s", (int)desc->length,
2487		    (char *)desc->identifier);
2488		break;
2489	case SVPD_ID_CODESET_UTF8:
2490		sbuf_printf(sb, "%s", (char *)desc->identifier);
2491		break;
2492	}
2493}
2494
2495static int
2496ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2497	  struct thread *td)
2498{
2499	struct ctl_softc *softc = dev->si_drv1;
2500	struct ctl_lun *lun;
2501	int retval;
2502
2503	retval = 0;
2504
2505	switch (cmd) {
2506	case CTL_IO:
2507		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2508		break;
2509	case CTL_ENABLE_PORT:
2510	case CTL_DISABLE_PORT:
2511	case CTL_SET_PORT_WWNS: {
2512		struct ctl_port *port;
2513		struct ctl_port_entry *entry;
2514
2515		entry = (struct ctl_port_entry *)addr;
2516
2517		mtx_lock(&softc->ctl_lock);
2518		STAILQ_FOREACH(port, &softc->port_list, links) {
2519			int action, done;
2520
2521			if (port->targ_port < softc->port_min ||
2522			    port->targ_port >= softc->port_max)
2523				continue;
2524
2525			action = 0;
2526			done = 0;
2527			if ((entry->port_type == CTL_PORT_NONE)
2528			 && (entry->targ_port == port->targ_port)) {
2529				/*
2530				 * If the user only wants to enable or
2531				 * disable or set WWNs on a specific port,
2532				 * do the operation and we're done.
2533				 */
2534				action = 1;
2535				done = 1;
2536			} else if (entry->port_type & port->port_type) {
2537				/*
2538				 * Compare the user's type mask with the
2539				 * particular frontend type to see if we
2540				 * have a match.
2541				 */
2542				action = 1;
2543				done = 0;
2544
2545				/*
2546				 * Make sure the user isn't trying to set
2547				 * WWNs on multiple ports at the same time.
2548				 */
2549				if (cmd == CTL_SET_PORT_WWNS) {
2550					printf("%s: Can't set WWNs on "
2551					       "multiple ports\n", __func__);
2552					retval = EINVAL;
2553					break;
2554				}
2555			}
2556			if (action == 0)
2557				continue;
2558
2559			/*
2560			 * XXX KDM we have to drop the lock here, because
2561			 * the online/offline operations can potentially
2562			 * block.  We need to reference count the frontends
2563			 * so they can't go away,
2564			 */
2565			if (cmd == CTL_ENABLE_PORT) {
2566				mtx_unlock(&softc->ctl_lock);
2567				ctl_port_online(port);
2568				mtx_lock(&softc->ctl_lock);
2569			} else if (cmd == CTL_DISABLE_PORT) {
2570				mtx_unlock(&softc->ctl_lock);
2571				ctl_port_offline(port);
2572				mtx_lock(&softc->ctl_lock);
2573			} else if (cmd == CTL_SET_PORT_WWNS) {
2574				ctl_port_set_wwns(port,
2575				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2576				    1 : 0, entry->wwnn,
2577				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2578				    1 : 0, entry->wwpn);
2579			}
2580			if (done != 0)
2581				break;
2582		}
2583		mtx_unlock(&softc->ctl_lock);
2584		break;
2585	}
2586	case CTL_GET_OOA: {
2587		struct ctl_ooa *ooa_hdr;
2588		struct ctl_ooa_entry *entries;
2589		uint32_t cur_fill_num;
2590
2591		ooa_hdr = (struct ctl_ooa *)addr;
2592
2593		if ((ooa_hdr->alloc_len == 0)
2594		 || (ooa_hdr->alloc_num == 0)) {
2595			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2596			       "must be non-zero\n", __func__,
2597			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2598			retval = EINVAL;
2599			break;
2600		}
2601
2602		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2603		    sizeof(struct ctl_ooa_entry))) {
2604			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2605			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2606			       __func__, ooa_hdr->alloc_len,
2607			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2608			retval = EINVAL;
2609			break;
2610		}
2611
2612		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2613		if (entries == NULL) {
2614			printf("%s: could not allocate %d bytes for OOA "
2615			       "dump\n", __func__, ooa_hdr->alloc_len);
2616			retval = ENOMEM;
2617			break;
2618		}
2619
2620		mtx_lock(&softc->ctl_lock);
2621		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2622		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2623		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2624			mtx_unlock(&softc->ctl_lock);
2625			free(entries, M_CTL);
2626			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2627			       __func__, (uintmax_t)ooa_hdr->lun_num);
2628			retval = EINVAL;
2629			break;
2630		}
2631
2632		cur_fill_num = 0;
2633
2634		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2635			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2636				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2637				    ooa_hdr, entries);
2638			}
2639		} else {
2640			lun = softc->ctl_luns[ooa_hdr->lun_num];
2641			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2642			    entries);
2643		}
2644		mtx_unlock(&softc->ctl_lock);
2645
2646		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2647		ooa_hdr->fill_len = ooa_hdr->fill_num *
2648			sizeof(struct ctl_ooa_entry);
2649		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2650		if (retval != 0) {
2651			printf("%s: error copying out %d bytes for OOA dump\n",
2652			       __func__, ooa_hdr->fill_len);
2653		}
2654
2655		getbinuptime(&ooa_hdr->cur_bt);
2656
2657		if (cur_fill_num > ooa_hdr->alloc_num) {
2658			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2659			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2660		} else {
2661			ooa_hdr->dropped_num = 0;
2662			ooa_hdr->status = CTL_OOA_OK;
2663		}
2664
2665		free(entries, M_CTL);
2666		break;
2667	}
2668	case CTL_DELAY_IO: {
2669		struct ctl_io_delay_info *delay_info;
2670
2671		delay_info = (struct ctl_io_delay_info *)addr;
2672
2673#ifdef CTL_IO_DELAY
2674		mtx_lock(&softc->ctl_lock);
2675
2676		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2677		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2678			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2679		} else {
2680			lun = softc->ctl_luns[delay_info->lun_id];
2681			mtx_lock(&lun->lun_lock);
2682
2683			delay_info->status = CTL_DELAY_STATUS_OK;
2684
2685			switch (delay_info->delay_type) {
2686			case CTL_DELAY_TYPE_CONT:
2687				break;
2688			case CTL_DELAY_TYPE_ONESHOT:
2689				break;
2690			default:
2691				delay_info->status =
2692					CTL_DELAY_STATUS_INVALID_TYPE;
2693				break;
2694			}
2695
2696			switch (delay_info->delay_loc) {
2697			case CTL_DELAY_LOC_DATAMOVE:
2698				lun->delay_info.datamove_type =
2699					delay_info->delay_type;
2700				lun->delay_info.datamove_delay =
2701					delay_info->delay_secs;
2702				break;
2703			case CTL_DELAY_LOC_DONE:
2704				lun->delay_info.done_type =
2705					delay_info->delay_type;
2706				lun->delay_info.done_delay =
2707					delay_info->delay_secs;
2708				break;
2709			default:
2710				delay_info->status =
2711					CTL_DELAY_STATUS_INVALID_LOC;
2712				break;
2713			}
2714			mtx_unlock(&lun->lun_lock);
2715		}
2716
2717		mtx_unlock(&softc->ctl_lock);
2718#else
2719		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2720#endif /* CTL_IO_DELAY */
2721		break;
2722	}
2723	case CTL_GETSTATS: {
2724		struct ctl_stats *stats;
2725		int i;
2726
2727		stats = (struct ctl_stats *)addr;
2728
2729		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2730		     stats->alloc_len) {
2731			stats->status = CTL_SS_NEED_MORE_SPACE;
2732			stats->num_luns = softc->num_luns;
2733			break;
2734		}
2735		/*
2736		 * XXX KDM no locking here.  If the LUN list changes,
2737		 * things can blow up.
2738		 */
2739		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2740		     i++, lun = STAILQ_NEXT(lun, links)) {
2741			retval = copyout(&lun->stats, &stats->lun_stats[i],
2742					 sizeof(lun->stats));
2743			if (retval != 0)
2744				break;
2745		}
2746		stats->num_luns = softc->num_luns;
2747		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2748				 softc->num_luns;
2749		stats->status = CTL_SS_OK;
2750#ifdef CTL_TIME_IO
2751		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2752#else
2753		stats->flags = CTL_STATS_FLAG_NONE;
2754#endif
2755		getnanouptime(&stats->timestamp);
2756		break;
2757	}
2758	case CTL_ERROR_INJECT: {
2759		struct ctl_error_desc *err_desc, *new_err_desc;
2760
2761		err_desc = (struct ctl_error_desc *)addr;
2762
2763		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2764				      M_WAITOK | M_ZERO);
2765		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2766
2767		mtx_lock(&softc->ctl_lock);
2768		lun = softc->ctl_luns[err_desc->lun_id];
2769		if (lun == NULL) {
2770			mtx_unlock(&softc->ctl_lock);
2771			free(new_err_desc, M_CTL);
2772			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2773			       __func__, (uintmax_t)err_desc->lun_id);
2774			retval = EINVAL;
2775			break;
2776		}
2777		mtx_lock(&lun->lun_lock);
2778		mtx_unlock(&softc->ctl_lock);
2779
2780		/*
2781		 * We could do some checking here to verify the validity
2782		 * of the request, but given the complexity of error
2783		 * injection requests, the checking logic would be fairly
2784		 * complex.
2785		 *
2786		 * For now, if the request is invalid, it just won't get
2787		 * executed and might get deleted.
2788		 */
2789		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2790
2791		/*
2792		 * XXX KDM check to make sure the serial number is unique,
2793		 * in case we somehow manage to wrap.  That shouldn't
2794		 * happen for a very long time, but it's the right thing to
2795		 * do.
2796		 */
2797		new_err_desc->serial = lun->error_serial;
2798		err_desc->serial = lun->error_serial;
2799		lun->error_serial++;
2800
2801		mtx_unlock(&lun->lun_lock);
2802		break;
2803	}
2804	case CTL_ERROR_INJECT_DELETE: {
2805		struct ctl_error_desc *delete_desc, *desc, *desc2;
2806		int delete_done;
2807
2808		delete_desc = (struct ctl_error_desc *)addr;
2809		delete_done = 0;
2810
2811		mtx_lock(&softc->ctl_lock);
2812		lun = softc->ctl_luns[delete_desc->lun_id];
2813		if (lun == NULL) {
2814			mtx_unlock(&softc->ctl_lock);
2815			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2816			       __func__, (uintmax_t)delete_desc->lun_id);
2817			retval = EINVAL;
2818			break;
2819		}
2820		mtx_lock(&lun->lun_lock);
2821		mtx_unlock(&softc->ctl_lock);
2822		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2823			if (desc->serial != delete_desc->serial)
2824				continue;
2825
2826			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2827				      links);
2828			free(desc, M_CTL);
2829			delete_done = 1;
2830		}
2831		mtx_unlock(&lun->lun_lock);
2832		if (delete_done == 0) {
2833			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2834			       "error serial %ju on LUN %u\n", __func__,
2835			       delete_desc->serial, delete_desc->lun_id);
2836			retval = EINVAL;
2837			break;
2838		}
2839		break;
2840	}
2841	case CTL_DUMP_STRUCTS: {
2842		int i, j, k;
2843		struct ctl_port *port;
2844		struct ctl_frontend *fe;
2845
2846		mtx_lock(&softc->ctl_lock);
2847		printf("CTL Persistent Reservation information start:\n");
2848		for (i = 0; i < CTL_MAX_LUNS; i++) {
2849			lun = softc->ctl_luns[i];
2850
2851			if ((lun == NULL)
2852			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2853				continue;
2854
2855			for (j = 0; j < CTL_MAX_PORTS; j++) {
2856				if (lun->pr_keys[j] == NULL)
2857					continue;
2858				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2859					if (lun->pr_keys[j][k] == 0)
2860						continue;
2861					printf("  LUN %d port %d iid %d key "
2862					       "%#jx\n", i, j, k,
2863					       (uintmax_t)lun->pr_keys[j][k]);
2864				}
2865			}
2866		}
2867		printf("CTL Persistent Reservation information end\n");
2868		printf("CTL Ports:\n");
2869		STAILQ_FOREACH(port, &softc->port_list, links) {
2870			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2871			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2872			       port->frontend->name, port->port_type,
2873			       port->physical_port, port->virtual_port,
2874			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2875			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2876				if (port->wwpn_iid[j].in_use == 0 &&
2877				    port->wwpn_iid[j].wwpn == 0 &&
2878				    port->wwpn_iid[j].name == NULL)
2879					continue;
2880
2881				printf("    iid %u use %d WWPN %#jx '%s'\n",
2882				    j, port->wwpn_iid[j].in_use,
2883				    (uintmax_t)port->wwpn_iid[j].wwpn,
2884				    port->wwpn_iid[j].name);
2885			}
2886		}
2887		printf("CTL Port information end\n");
2888		mtx_unlock(&softc->ctl_lock);
2889		/*
2890		 * XXX KDM calling this without a lock.  We'd likely want
2891		 * to drop the lock before calling the frontend's dump
2892		 * routine anyway.
2893		 */
2894		printf("CTL Frontends:\n");
2895		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2896			printf("  Frontend '%s'\n", fe->name);
2897			if (fe->fe_dump != NULL)
2898				fe->fe_dump();
2899		}
2900		printf("CTL Frontend information end\n");
2901		break;
2902	}
2903	case CTL_LUN_REQ: {
2904		struct ctl_lun_req *lun_req;
2905		struct ctl_backend_driver *backend;
2906
2907		lun_req = (struct ctl_lun_req *)addr;
2908
2909		backend = ctl_backend_find(lun_req->backend);
2910		if (backend == NULL) {
2911			lun_req->status = CTL_LUN_ERROR;
2912			snprintf(lun_req->error_str,
2913				 sizeof(lun_req->error_str),
2914				 "Backend \"%s\" not found.",
2915				 lun_req->backend);
2916			break;
2917		}
2918		if (lun_req->num_be_args > 0) {
2919			lun_req->kern_be_args = ctl_copyin_args(
2920				lun_req->num_be_args,
2921				lun_req->be_args,
2922				lun_req->error_str,
2923				sizeof(lun_req->error_str));
2924			if (lun_req->kern_be_args == NULL) {
2925				lun_req->status = CTL_LUN_ERROR;
2926				break;
2927			}
2928		}
2929
2930		retval = backend->ioctl(dev, cmd, addr, flag, td);
2931
2932		if (lun_req->num_be_args > 0) {
2933			ctl_copyout_args(lun_req->num_be_args,
2934				      lun_req->kern_be_args);
2935			ctl_free_args(lun_req->num_be_args,
2936				      lun_req->kern_be_args);
2937		}
2938		break;
2939	}
2940	case CTL_LUN_LIST: {
2941		struct sbuf *sb;
2942		struct ctl_lun_list *list;
2943		struct ctl_option *opt;
2944
2945		list = (struct ctl_lun_list *)addr;
2946
2947		/*
2948		 * Allocate a fixed length sbuf here, based on the length
2949		 * of the user's buffer.  We could allocate an auto-extending
2950		 * buffer, and then tell the user how much larger our
2951		 * amount of data is than his buffer, but that presents
2952		 * some problems:
2953		 *
2954		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2955		 *     we can't hold a lock while calling them with an
2956		 *     auto-extending buffer.
2957 		 *
2958		 * 2.  There is not currently a LUN reference counting
2959		 *     mechanism, outside of outstanding transactions on
2960		 *     the LUN's OOA queue.  So a LUN could go away on us
2961		 *     while we're getting the LUN number, backend-specific
2962		 *     information, etc.  Thus, given the way things
2963		 *     currently work, we need to hold the CTL lock while
2964		 *     grabbing LUN information.
2965		 *
2966		 * So, from the user's standpoint, the best thing to do is
2967		 * allocate what he thinks is a reasonable buffer length,
2968		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2969		 * double the buffer length and try again.  (And repeat
2970		 * that until he succeeds.)
2971		 */
2972		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2973		if (sb == NULL) {
2974			list->status = CTL_LUN_LIST_ERROR;
2975			snprintf(list->error_str, sizeof(list->error_str),
2976				 "Unable to allocate %d bytes for LUN list",
2977				 list->alloc_len);
2978			break;
2979		}
2980
2981		sbuf_printf(sb, "<ctllunlist>\n");
2982
2983		mtx_lock(&softc->ctl_lock);
2984		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2985			mtx_lock(&lun->lun_lock);
2986			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2987					     (uintmax_t)lun->lun);
2988
2989			/*
2990			 * Bail out as soon as we see that we've overfilled
2991			 * the buffer.
2992			 */
2993			if (retval != 0)
2994				break;
2995
2996			retval = sbuf_printf(sb, "\t<backend_type>%s"
2997					     "</backend_type>\n",
2998					     (lun->backend == NULL) ?  "none" :
2999					     lun->backend->name);
3000
3001			if (retval != 0)
3002				break;
3003
3004			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3005					     lun->be_lun->lun_type);
3006
3007			if (retval != 0)
3008				break;
3009
3010			if (lun->backend == NULL) {
3011				retval = sbuf_printf(sb, "</lun>\n");
3012				if (retval != 0)
3013					break;
3014				continue;
3015			}
3016
3017			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3018					     (lun->be_lun->maxlba > 0) ?
3019					     lun->be_lun->maxlba + 1 : 0);
3020
3021			if (retval != 0)
3022				break;
3023
3024			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3025					     lun->be_lun->blocksize);
3026
3027			if (retval != 0)
3028				break;
3029
3030			retval = sbuf_printf(sb, "\t<serial_number>");
3031
3032			if (retval != 0)
3033				break;
3034
3035			retval = ctl_sbuf_printf_esc(sb,
3036			    lun->be_lun->serial_num,
3037			    sizeof(lun->be_lun->serial_num));
3038
3039			if (retval != 0)
3040				break;
3041
3042			retval = sbuf_printf(sb, "</serial_number>\n");
3043
3044			if (retval != 0)
3045				break;
3046
3047			retval = sbuf_printf(sb, "\t<device_id>");
3048
3049			if (retval != 0)
3050				break;
3051
3052			retval = ctl_sbuf_printf_esc(sb,
3053			    lun->be_lun->device_id,
3054			    sizeof(lun->be_lun->device_id));
3055
3056			if (retval != 0)
3057				break;
3058
3059			retval = sbuf_printf(sb, "</device_id>\n");
3060
3061			if (retval != 0)
3062				break;
3063
3064			if (lun->backend->lun_info != NULL) {
3065				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3066				if (retval != 0)
3067					break;
3068			}
3069			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3070				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3071				    opt->name, opt->value, opt->name);
3072				if (retval != 0)
3073					break;
3074			}
3075
3076			retval = sbuf_printf(sb, "</lun>\n");
3077
3078			if (retval != 0)
3079				break;
3080			mtx_unlock(&lun->lun_lock);
3081		}
3082		if (lun != NULL)
3083			mtx_unlock(&lun->lun_lock);
3084		mtx_unlock(&softc->ctl_lock);
3085
3086		if ((retval != 0)
3087		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3088			retval = 0;
3089			sbuf_delete(sb);
3090			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3091			snprintf(list->error_str, sizeof(list->error_str),
3092				 "Out of space, %d bytes is too small",
3093				 list->alloc_len);
3094			break;
3095		}
3096
3097		sbuf_finish(sb);
3098
3099		retval = copyout(sbuf_data(sb), list->lun_xml,
3100				 sbuf_len(sb) + 1);
3101
3102		list->fill_len = sbuf_len(sb) + 1;
3103		list->status = CTL_LUN_LIST_OK;
3104		sbuf_delete(sb);
3105		break;
3106	}
3107	case CTL_ISCSI: {
3108		struct ctl_iscsi *ci;
3109		struct ctl_frontend *fe;
3110
3111		ci = (struct ctl_iscsi *)addr;
3112
3113		fe = ctl_frontend_find("iscsi");
3114		if (fe == NULL) {
3115			ci->status = CTL_ISCSI_ERROR;
3116			snprintf(ci->error_str, sizeof(ci->error_str),
3117			    "Frontend \"iscsi\" not found.");
3118			break;
3119		}
3120
3121		retval = fe->ioctl(dev, cmd, addr, flag, td);
3122		break;
3123	}
3124	case CTL_PORT_REQ: {
3125		struct ctl_req *req;
3126		struct ctl_frontend *fe;
3127
3128		req = (struct ctl_req *)addr;
3129
3130		fe = ctl_frontend_find(req->driver);
3131		if (fe == NULL) {
3132			req->status = CTL_LUN_ERROR;
3133			snprintf(req->error_str, sizeof(req->error_str),
3134			    "Frontend \"%s\" not found.", req->driver);
3135			break;
3136		}
3137		if (req->num_args > 0) {
3138			req->kern_args = ctl_copyin_args(req->num_args,
3139			    req->args, req->error_str, sizeof(req->error_str));
3140			if (req->kern_args == NULL) {
3141				req->status = CTL_LUN_ERROR;
3142				break;
3143			}
3144		}
3145
3146		if (fe->ioctl)
3147			retval = fe->ioctl(dev, cmd, addr, flag, td);
3148		else
3149			retval = ENODEV;
3150
3151		if (req->num_args > 0) {
3152			ctl_copyout_args(req->num_args, req->kern_args);
3153			ctl_free_args(req->num_args, req->kern_args);
3154		}
3155		break;
3156	}
3157	case CTL_PORT_LIST: {
3158		struct sbuf *sb;
3159		struct ctl_port *port;
3160		struct ctl_lun_list *list;
3161		struct ctl_option *opt;
3162		int j;
3163		uint32_t plun;
3164
3165		list = (struct ctl_lun_list *)addr;
3166
3167		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3168		if (sb == NULL) {
3169			list->status = CTL_LUN_LIST_ERROR;
3170			snprintf(list->error_str, sizeof(list->error_str),
3171				 "Unable to allocate %d bytes for LUN list",
3172				 list->alloc_len);
3173			break;
3174		}
3175
3176		sbuf_printf(sb, "<ctlportlist>\n");
3177
3178		mtx_lock(&softc->ctl_lock);
3179		STAILQ_FOREACH(port, &softc->port_list, links) {
3180			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3181					     (uintmax_t)port->targ_port);
3182
3183			/*
3184			 * Bail out as soon as we see that we've overfilled
3185			 * the buffer.
3186			 */
3187			if (retval != 0)
3188				break;
3189
3190			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3191			    "</frontend_type>\n", port->frontend->name);
3192			if (retval != 0)
3193				break;
3194
3195			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3196					     port->port_type);
3197			if (retval != 0)
3198				break;
3199
3200			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3201			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3202			if (retval != 0)
3203				break;
3204
3205			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3206			    port->port_name);
3207			if (retval != 0)
3208				break;
3209
3210			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3211			    port->physical_port);
3212			if (retval != 0)
3213				break;
3214
3215			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3216			    port->virtual_port);
3217			if (retval != 0)
3218				break;
3219
3220			if (port->target_devid != NULL) {
3221				sbuf_printf(sb, "\t<target>");
3222				ctl_id_sbuf(port->target_devid, sb);
3223				sbuf_printf(sb, "</target>\n");
3224			}
3225
3226			if (port->port_devid != NULL) {
3227				sbuf_printf(sb, "\t<port>");
3228				ctl_id_sbuf(port->port_devid, sb);
3229				sbuf_printf(sb, "</port>\n");
3230			}
3231
3232			if (port->port_info != NULL) {
3233				retval = port->port_info(port->onoff_arg, sb);
3234				if (retval != 0)
3235					break;
3236			}
3237			STAILQ_FOREACH(opt, &port->options, links) {
3238				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3239				    opt->name, opt->value, opt->name);
3240				if (retval != 0)
3241					break;
3242			}
3243
3244			if (port->lun_map != NULL) {
3245				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3246				for (j = 0; j < CTL_MAX_LUNS; j++) {
3247					plun = ctl_lun_map_from_port(port, j);
3248					if (plun >= CTL_MAX_LUNS)
3249						continue;
3250					sbuf_printf(sb,
3251					    "\t<lun id=\"%u\">%u</lun>\n",
3252					    j, plun);
3253				}
3254			}
3255
3256			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3257				if (port->wwpn_iid[j].in_use == 0 ||
3258				    (port->wwpn_iid[j].wwpn == 0 &&
3259				     port->wwpn_iid[j].name == NULL))
3260					continue;
3261
3262				if (port->wwpn_iid[j].name != NULL)
3263					retval = sbuf_printf(sb,
3264					    "\t<initiator id=\"%u\">%s</initiator>\n",
3265					    j, port->wwpn_iid[j].name);
3266				else
3267					retval = sbuf_printf(sb,
3268					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3269					    j, port->wwpn_iid[j].wwpn);
3270				if (retval != 0)
3271					break;
3272			}
3273			if (retval != 0)
3274				break;
3275
3276			retval = sbuf_printf(sb, "</targ_port>\n");
3277			if (retval != 0)
3278				break;
3279		}
3280		mtx_unlock(&softc->ctl_lock);
3281
3282		if ((retval != 0)
3283		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3284			retval = 0;
3285			sbuf_delete(sb);
3286			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3287			snprintf(list->error_str, sizeof(list->error_str),
3288				 "Out of space, %d bytes is too small",
3289				 list->alloc_len);
3290			break;
3291		}
3292
3293		sbuf_finish(sb);
3294
3295		retval = copyout(sbuf_data(sb), list->lun_xml,
3296				 sbuf_len(sb) + 1);
3297
3298		list->fill_len = sbuf_len(sb) + 1;
3299		list->status = CTL_LUN_LIST_OK;
3300		sbuf_delete(sb);
3301		break;
3302	}
3303	case CTL_LUN_MAP: {
3304		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3305		struct ctl_port *port;
3306
3307		mtx_lock(&softc->ctl_lock);
3308		if (lm->port < softc->port_min ||
3309		    lm->port >= softc->port_max ||
3310		    (port = softc->ctl_ports[lm->port]) == NULL) {
3311			mtx_unlock(&softc->ctl_lock);
3312			return (ENXIO);
3313		}
3314		if (port->status & CTL_PORT_STATUS_ONLINE) {
3315			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3316				if (ctl_lun_map_to_port(port, lun->lun) >=
3317				    CTL_MAX_LUNS)
3318					continue;
3319				mtx_lock(&lun->lun_lock);
3320				ctl_est_ua_port(lun, lm->port, -1,
3321				    CTL_UA_LUN_CHANGE);
3322				mtx_unlock(&lun->lun_lock);
3323			}
3324		}
3325		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3326		if (lm->plun < CTL_MAX_LUNS) {
3327			if (lm->lun == UINT32_MAX)
3328				retval = ctl_lun_map_unset(port, lm->plun);
3329			else if (lm->lun < CTL_MAX_LUNS &&
3330			    softc->ctl_luns[lm->lun] != NULL)
3331				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3332			else
3333				return (ENXIO);
3334		} else if (lm->plun == UINT32_MAX) {
3335			if (lm->lun == UINT32_MAX)
3336				retval = ctl_lun_map_deinit(port);
3337			else
3338				retval = ctl_lun_map_init(port);
3339		} else
3340			return (ENXIO);
3341		if (port->status & CTL_PORT_STATUS_ONLINE)
3342			ctl_isc_announce_port(port);
3343		break;
3344	}
3345	default: {
3346		/* XXX KDM should we fix this? */
3347#if 0
3348		struct ctl_backend_driver *backend;
3349		unsigned int type;
3350		int found;
3351
3352		found = 0;
3353
3354		/*
3355		 * We encode the backend type as the ioctl type for backend
3356		 * ioctls.  So parse it out here, and then search for a
3357		 * backend of this type.
3358		 */
3359		type = _IOC_TYPE(cmd);
3360
3361		STAILQ_FOREACH(backend, &softc->be_list, links) {
3362			if (backend->type == type) {
3363				found = 1;
3364				break;
3365			}
3366		}
3367		if (found == 0) {
3368			printf("ctl: unknown ioctl command %#lx or backend "
3369			       "%d\n", cmd, type);
3370			retval = EINVAL;
3371			break;
3372		}
3373		retval = backend->ioctl(dev, cmd, addr, flag, td);
3374#endif
3375		retval = ENOTTY;
3376		break;
3377	}
3378	}
3379	return (retval);
3380}
3381
3382uint32_t
3383ctl_get_initindex(struct ctl_nexus *nexus)
3384{
3385	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3386}
3387
3388int
3389ctl_lun_map_init(struct ctl_port *port)
3390{
3391	struct ctl_softc *softc = port->ctl_softc;
3392	struct ctl_lun *lun;
3393	uint32_t i;
3394
3395	if (port->lun_map == NULL)
3396		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3397		    M_CTL, M_NOWAIT);
3398	if (port->lun_map == NULL)
3399		return (ENOMEM);
3400	for (i = 0; i < CTL_MAX_LUNS; i++)
3401		port->lun_map[i] = UINT32_MAX;
3402	if (port->status & CTL_PORT_STATUS_ONLINE) {
3403		if (port->lun_disable != NULL) {
3404			STAILQ_FOREACH(lun, &softc->lun_list, links)
3405				port->lun_disable(port->targ_lun_arg, lun->lun);
3406		}
3407		ctl_isc_announce_port(port);
3408	}
3409	return (0);
3410}
3411
3412int
3413ctl_lun_map_deinit(struct ctl_port *port)
3414{
3415	struct ctl_softc *softc = port->ctl_softc;
3416	struct ctl_lun *lun;
3417
3418	if (port->lun_map == NULL)
3419		return (0);
3420	free(port->lun_map, M_CTL);
3421	port->lun_map = NULL;
3422	if (port->status & CTL_PORT_STATUS_ONLINE) {
3423		if (port->lun_enable != NULL) {
3424			STAILQ_FOREACH(lun, &softc->lun_list, links)
3425				port->lun_enable(port->targ_lun_arg, lun->lun);
3426		}
3427		ctl_isc_announce_port(port);
3428	}
3429	return (0);
3430}
3431
3432int
3433ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3434{
3435	int status;
3436	uint32_t old;
3437
3438	if (port->lun_map == NULL) {
3439		status = ctl_lun_map_init(port);
3440		if (status != 0)
3441			return (status);
3442	}
3443	old = port->lun_map[plun];
3444	port->lun_map[plun] = glun;
3445	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3446		if (port->lun_enable != NULL)
3447			port->lun_enable(port->targ_lun_arg, plun);
3448		ctl_isc_announce_port(port);
3449	}
3450	return (0);
3451}
3452
3453int
3454ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3455{
3456	uint32_t old;
3457
3458	if (port->lun_map == NULL)
3459		return (0);
3460	old = port->lun_map[plun];
3461	port->lun_map[plun] = UINT32_MAX;
3462	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3463		if (port->lun_disable != NULL)
3464			port->lun_disable(port->targ_lun_arg, plun);
3465		ctl_isc_announce_port(port);
3466	}
3467	return (0);
3468}
3469
3470uint32_t
3471ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3472{
3473
3474	if (port == NULL)
3475		return (UINT32_MAX);
3476	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3477		return (lun_id);
3478	return (port->lun_map[lun_id]);
3479}
3480
3481uint32_t
3482ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3483{
3484	uint32_t i;
3485
3486	if (port == NULL)
3487		return (UINT32_MAX);
3488	if (port->lun_map == NULL)
3489		return (lun_id);
3490	for (i = 0; i < CTL_MAX_LUNS; i++) {
3491		if (port->lun_map[i] == lun_id)
3492			return (i);
3493	}
3494	return (UINT32_MAX);
3495}
3496
3497static struct ctl_port *
3498ctl_io_port(struct ctl_io_hdr *io_hdr)
3499{
3500
3501	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3502}
3503
3504int
3505ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3506{
3507	int i;
3508
3509	for (i = first; i < last; i++) {
3510		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3511			return (i);
3512	}
3513	return (-1);
3514}
3515
3516int
3517ctl_set_mask(uint32_t *mask, uint32_t bit)
3518{
3519	uint32_t chunk, piece;
3520
3521	chunk = bit >> 5;
3522	piece = bit % (sizeof(uint32_t) * 8);
3523
3524	if ((mask[chunk] & (1 << piece)) != 0)
3525		return (-1);
3526	else
3527		mask[chunk] |= (1 << piece);
3528
3529	return (0);
3530}
3531
3532int
3533ctl_clear_mask(uint32_t *mask, uint32_t bit)
3534{
3535	uint32_t chunk, piece;
3536
3537	chunk = bit >> 5;
3538	piece = bit % (sizeof(uint32_t) * 8);
3539
3540	if ((mask[chunk] & (1 << piece)) == 0)
3541		return (-1);
3542	else
3543		mask[chunk] &= ~(1 << piece);
3544
3545	return (0);
3546}
3547
3548int
3549ctl_is_set(uint32_t *mask, uint32_t bit)
3550{
3551	uint32_t chunk, piece;
3552
3553	chunk = bit >> 5;
3554	piece = bit % (sizeof(uint32_t) * 8);
3555
3556	if ((mask[chunk] & (1 << piece)) == 0)
3557		return (0);
3558	else
3559		return (1);
3560}
3561
3562static uint64_t
3563ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3564{
3565	uint64_t *t;
3566
3567	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3568	if (t == NULL)
3569		return (0);
3570	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3571}
3572
3573static void
3574ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3575{
3576	uint64_t *t;
3577
3578	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3579	if (t == NULL)
3580		return;
3581	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3582}
3583
3584static void
3585ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3586{
3587	uint64_t *p;
3588	u_int i;
3589
3590	i = residx/CTL_MAX_INIT_PER_PORT;
3591	if (lun->pr_keys[i] != NULL)
3592		return;
3593	mtx_unlock(&lun->lun_lock);
3594	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3595	    M_WAITOK | M_ZERO);
3596	mtx_lock(&lun->lun_lock);
3597	if (lun->pr_keys[i] == NULL)
3598		lun->pr_keys[i] = p;
3599	else
3600		free(p, M_CTL);
3601}
3602
3603static void
3604ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3605{
3606	uint64_t *t;
3607
3608	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3609	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3610	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3611}
3612
3613/*
3614 * ctl_softc, pool_name, total_ctl_io are passed in.
3615 * npool is passed out.
3616 */
3617int
3618ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3619		uint32_t total_ctl_io, void **npool)
3620{
3621#ifdef IO_POOLS
3622	struct ctl_io_pool *pool;
3623
3624	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3625					    M_NOWAIT | M_ZERO);
3626	if (pool == NULL)
3627		return (ENOMEM);
3628
3629	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3630	pool->ctl_softc = ctl_softc;
3631	pool->zone = uma_zsecond_create(pool->name, NULL,
3632	    NULL, NULL, NULL, ctl_softc->io_zone);
3633	/* uma_prealloc(pool->zone, total_ctl_io); */
3634
3635	*npool = pool;
3636#else
3637	*npool = ctl_softc->io_zone;
3638#endif
3639	return (0);
3640}
3641
3642void
3643ctl_pool_free(struct ctl_io_pool *pool)
3644{
3645
3646	if (pool == NULL)
3647		return;
3648
3649#ifdef IO_POOLS
3650	uma_zdestroy(pool->zone);
3651	free(pool, M_CTL);
3652#endif
3653}
3654
3655union ctl_io *
3656ctl_alloc_io(void *pool_ref)
3657{
3658	union ctl_io *io;
3659#ifdef IO_POOLS
3660	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3661
3662	io = uma_zalloc(pool->zone, M_WAITOK);
3663#else
3664	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3665#endif
3666	if (io != NULL)
3667		io->io_hdr.pool = pool_ref;
3668	return (io);
3669}
3670
3671union ctl_io *
3672ctl_alloc_io_nowait(void *pool_ref)
3673{
3674	union ctl_io *io;
3675#ifdef IO_POOLS
3676	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3677
3678	io = uma_zalloc(pool->zone, M_NOWAIT);
3679#else
3680	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3681#endif
3682	if (io != NULL)
3683		io->io_hdr.pool = pool_ref;
3684	return (io);
3685}
3686
3687void
3688ctl_free_io(union ctl_io *io)
3689{
3690#ifdef IO_POOLS
3691	struct ctl_io_pool *pool;
3692#endif
3693
3694	if (io == NULL)
3695		return;
3696
3697#ifdef IO_POOLS
3698	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3699	uma_zfree(pool->zone, io);
3700#else
3701	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3702#endif
3703}
3704
3705void
3706ctl_zero_io(union ctl_io *io)
3707{
3708	void *pool_ref;
3709
3710	if (io == NULL)
3711		return;
3712
3713	/*
3714	 * May need to preserve linked list pointers at some point too.
3715	 */
3716	pool_ref = io->io_hdr.pool;
3717	memset(io, 0, sizeof(*io));
3718	io->io_hdr.pool = pool_ref;
3719}
3720
3721/*
3722 * This routine is currently used for internal copies of ctl_ios that need
3723 * to persist for some reason after we've already returned status to the
3724 * FETD.  (Thus the flag set.)
3725 *
3726 * XXX XXX
3727 * Note that this makes a blind copy of all fields in the ctl_io, except
3728 * for the pool reference.  This includes any memory that has been
3729 * allocated!  That memory will no longer be valid after done has been
3730 * called, so this would be VERY DANGEROUS for command that actually does
3731 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3732 * start and stop commands, which don't transfer any data, so this is not a
3733 * problem.  If it is used for anything else, the caller would also need to
3734 * allocate data buffer space and this routine would need to be modified to
3735 * copy the data buffer(s) as well.
3736 */
3737void
3738ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3739{
3740	void *pool_ref;
3741
3742	if ((src == NULL)
3743	 || (dest == NULL))
3744		return;
3745
3746	/*
3747	 * May need to preserve linked list pointers at some point too.
3748	 */
3749	pool_ref = dest->io_hdr.pool;
3750
3751	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3752
3753	dest->io_hdr.pool = pool_ref;
3754	/*
3755	 * We need to know that this is an internal copy, and doesn't need
3756	 * to get passed back to the FETD that allocated it.
3757	 */
3758	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3759}
3760
3761int
3762ctl_expand_number(const char *buf, uint64_t *num)
3763{
3764	char *endptr;
3765	uint64_t number;
3766	unsigned shift;
3767
3768	number = strtoq(buf, &endptr, 0);
3769
3770	switch (tolower((unsigned char)*endptr)) {
3771	case 'e':
3772		shift = 60;
3773		break;
3774	case 'p':
3775		shift = 50;
3776		break;
3777	case 't':
3778		shift = 40;
3779		break;
3780	case 'g':
3781		shift = 30;
3782		break;
3783	case 'm':
3784		shift = 20;
3785		break;
3786	case 'k':
3787		shift = 10;
3788		break;
3789	case 'b':
3790	case '\0': /* No unit. */
3791		*num = number;
3792		return (0);
3793	default:
3794		/* Unrecognized unit. */
3795		return (-1);
3796	}
3797
3798	if ((number << shift) >> shift != number) {
3799		/* Overflow */
3800		return (-1);
3801	}
3802	*num = number << shift;
3803	return (0);
3804}
3805
3806
3807/*
3808 * This routine could be used in the future to load default and/or saved
3809 * mode page parameters for a particuar lun.
3810 */
3811static int
3812ctl_init_page_index(struct ctl_lun *lun)
3813{
3814	int i;
3815	struct ctl_page_index *page_index;
3816	const char *value;
3817	uint64_t ival;
3818
3819	memcpy(&lun->mode_pages.index, page_index_template,
3820	       sizeof(page_index_template));
3821
3822	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3823
3824		page_index = &lun->mode_pages.index[i];
3825		/*
3826		 * If this is a disk-only mode page, there's no point in
3827		 * setting it up.  For some pages, we have to have some
3828		 * basic information about the disk in order to calculate the
3829		 * mode page data.
3830		 */
3831		if ((lun->be_lun->lun_type != T_DIRECT)
3832		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3833			continue;
3834
3835		switch (page_index->page_code & SMPH_PC_MASK) {
3836		case SMS_RW_ERROR_RECOVERY_PAGE: {
3837			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3838				panic("subpage is incorrect!");
3839			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3840			       &rw_er_page_default,
3841			       sizeof(rw_er_page_default));
3842			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3843			       &rw_er_page_changeable,
3844			       sizeof(rw_er_page_changeable));
3845			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3846			       &rw_er_page_default,
3847			       sizeof(rw_er_page_default));
3848			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3849			       &rw_er_page_default,
3850			       sizeof(rw_er_page_default));
3851			page_index->page_data =
3852				(uint8_t *)lun->mode_pages.rw_er_page;
3853			break;
3854		}
3855		case SMS_FORMAT_DEVICE_PAGE: {
3856			struct scsi_format_page *format_page;
3857
3858			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3859				panic("subpage is incorrect!");
3860
3861			/*
3862			 * Sectors per track are set above.  Bytes per
3863			 * sector need to be set here on a per-LUN basis.
3864			 */
3865			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3866			       &format_page_default,
3867			       sizeof(format_page_default));
3868			memcpy(&lun->mode_pages.format_page[
3869			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3870			       sizeof(format_page_changeable));
3871			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3872			       &format_page_default,
3873			       sizeof(format_page_default));
3874			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3875			       &format_page_default,
3876			       sizeof(format_page_default));
3877
3878			format_page = &lun->mode_pages.format_page[
3879				CTL_PAGE_CURRENT];
3880			scsi_ulto2b(lun->be_lun->blocksize,
3881				    format_page->bytes_per_sector);
3882
3883			format_page = &lun->mode_pages.format_page[
3884				CTL_PAGE_DEFAULT];
3885			scsi_ulto2b(lun->be_lun->blocksize,
3886				    format_page->bytes_per_sector);
3887
3888			format_page = &lun->mode_pages.format_page[
3889				CTL_PAGE_SAVED];
3890			scsi_ulto2b(lun->be_lun->blocksize,
3891				    format_page->bytes_per_sector);
3892
3893			page_index->page_data =
3894				(uint8_t *)lun->mode_pages.format_page;
3895			break;
3896		}
3897		case SMS_RIGID_DISK_PAGE: {
3898			struct scsi_rigid_disk_page *rigid_disk_page;
3899			uint32_t sectors_per_cylinder;
3900			uint64_t cylinders;
3901#ifndef	__XSCALE__
3902			int shift;
3903#endif /* !__XSCALE__ */
3904
3905			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3906				panic("invalid subpage value %d",
3907				      page_index->subpage);
3908
3909			/*
3910			 * Rotation rate and sectors per track are set
3911			 * above.  We calculate the cylinders here based on
3912			 * capacity.  Due to the number of heads and
3913			 * sectors per track we're using, smaller arrays
3914			 * may turn out to have 0 cylinders.  Linux and
3915			 * FreeBSD don't pay attention to these mode pages
3916			 * to figure out capacity, but Solaris does.  It
3917			 * seems to deal with 0 cylinders just fine, and
3918			 * works out a fake geometry based on the capacity.
3919			 */
3920			memcpy(&lun->mode_pages.rigid_disk_page[
3921			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3922			       sizeof(rigid_disk_page_default));
3923			memcpy(&lun->mode_pages.rigid_disk_page[
3924			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3925			       sizeof(rigid_disk_page_changeable));
3926
3927			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3928				CTL_DEFAULT_HEADS;
3929
3930			/*
3931			 * The divide method here will be more accurate,
3932			 * probably, but results in floating point being
3933			 * used in the kernel on i386 (__udivdi3()).  On the
3934			 * XScale, though, __udivdi3() is implemented in
3935			 * software.
3936			 *
3937			 * The shift method for cylinder calculation is
3938			 * accurate if sectors_per_cylinder is a power of
3939			 * 2.  Otherwise it might be slightly off -- you
3940			 * might have a bit of a truncation problem.
3941			 */
3942#ifdef	__XSCALE__
3943			cylinders = (lun->be_lun->maxlba + 1) /
3944				sectors_per_cylinder;
3945#else
3946			for (shift = 31; shift > 0; shift--) {
3947				if (sectors_per_cylinder & (1 << shift))
3948					break;
3949			}
3950			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3951#endif
3952
3953			/*
3954			 * We've basically got 3 bytes, or 24 bits for the
3955			 * cylinder size in the mode page.  If we're over,
3956			 * just round down to 2^24.
3957			 */
3958			if (cylinders > 0xffffff)
3959				cylinders = 0xffffff;
3960
3961			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3962				CTL_PAGE_DEFAULT];
3963			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3964
3965			if ((value = ctl_get_opt(&lun->be_lun->options,
3966			    "rpm")) != NULL) {
3967				scsi_ulto2b(strtol(value, NULL, 0),
3968				     rigid_disk_page->rotation_rate);
3969			}
3970
3971			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3972			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3973			       sizeof(rigid_disk_page_default));
3974			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3975			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3976			       sizeof(rigid_disk_page_default));
3977
3978			page_index->page_data =
3979				(uint8_t *)lun->mode_pages.rigid_disk_page;
3980			break;
3981		}
3982		case SMS_CACHING_PAGE: {
3983			struct scsi_caching_page *caching_page;
3984
3985			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3986				panic("invalid subpage value %d",
3987				      page_index->subpage);
3988			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3989			       &caching_page_default,
3990			       sizeof(caching_page_default));
3991			memcpy(&lun->mode_pages.caching_page[
3992			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3993			       sizeof(caching_page_changeable));
3994			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3995			       &caching_page_default,
3996			       sizeof(caching_page_default));
3997			caching_page = &lun->mode_pages.caching_page[
3998			    CTL_PAGE_SAVED];
3999			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4000			if (value != NULL && strcmp(value, "off") == 0)
4001				caching_page->flags1 &= ~SCP_WCE;
4002			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4003			if (value != NULL && strcmp(value, "off") == 0)
4004				caching_page->flags1 |= SCP_RCD;
4005			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4006			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4007			       sizeof(caching_page_default));
4008			page_index->page_data =
4009				(uint8_t *)lun->mode_pages.caching_page;
4010			break;
4011		}
4012		case SMS_CONTROL_MODE_PAGE: {
4013			switch (page_index->subpage) {
4014			case SMS_SUBPAGE_PAGE_0: {
4015				struct scsi_control_page *control_page;
4016
4017				memcpy(&lun->mode_pages.control_page[
4018				    CTL_PAGE_DEFAULT],
4019				       &control_page_default,
4020				       sizeof(control_page_default));
4021				memcpy(&lun->mode_pages.control_page[
4022				    CTL_PAGE_CHANGEABLE],
4023				       &control_page_changeable,
4024				       sizeof(control_page_changeable));
4025				memcpy(&lun->mode_pages.control_page[
4026				    CTL_PAGE_SAVED],
4027				       &control_page_default,
4028				       sizeof(control_page_default));
4029				control_page = &lun->mode_pages.control_page[
4030				    CTL_PAGE_SAVED];
4031				value = ctl_get_opt(&lun->be_lun->options,
4032				    "reordering");
4033				if (value != NULL &&
4034				    strcmp(value, "unrestricted") == 0) {
4035					control_page->queue_flags &=
4036					    ~SCP_QUEUE_ALG_MASK;
4037					control_page->queue_flags |=
4038					    SCP_QUEUE_ALG_UNRESTRICTED;
4039				}
4040				memcpy(&lun->mode_pages.control_page[
4041				    CTL_PAGE_CURRENT],
4042				       &lun->mode_pages.control_page[
4043				    CTL_PAGE_SAVED],
4044				       sizeof(control_page_default));
4045				page_index->page_data =
4046				    (uint8_t *)lun->mode_pages.control_page;
4047				break;
4048			}
4049			case 0x01:
4050				memcpy(&lun->mode_pages.control_ext_page[
4051				    CTL_PAGE_DEFAULT],
4052				       &control_ext_page_default,
4053				       sizeof(control_ext_page_default));
4054				memcpy(&lun->mode_pages.control_ext_page[
4055				    CTL_PAGE_CHANGEABLE],
4056				       &control_ext_page_changeable,
4057				       sizeof(control_ext_page_changeable));
4058				memcpy(&lun->mode_pages.control_ext_page[
4059				    CTL_PAGE_SAVED],
4060				       &control_ext_page_default,
4061				       sizeof(control_ext_page_default));
4062				memcpy(&lun->mode_pages.control_ext_page[
4063				    CTL_PAGE_CURRENT],
4064				       &lun->mode_pages.control_ext_page[
4065				    CTL_PAGE_SAVED],
4066				       sizeof(control_ext_page_default));
4067				page_index->page_data =
4068				    (uint8_t *)lun->mode_pages.control_ext_page;
4069				break;
4070			}
4071			break;
4072		}
4073		case SMS_INFO_EXCEPTIONS_PAGE: {
4074			switch (page_index->subpage) {
4075			case SMS_SUBPAGE_PAGE_0:
4076				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4077				       &ie_page_default,
4078				       sizeof(ie_page_default));
4079				memcpy(&lun->mode_pages.ie_page[
4080				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4081				       sizeof(ie_page_changeable));
4082				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4083				       &ie_page_default,
4084				       sizeof(ie_page_default));
4085				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4086				       &ie_page_default,
4087				       sizeof(ie_page_default));
4088				page_index->page_data =
4089					(uint8_t *)lun->mode_pages.ie_page;
4090				break;
4091			case 0x02: {
4092				struct ctl_logical_block_provisioning_page *page;
4093
4094				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4095				       &lbp_page_default,
4096				       sizeof(lbp_page_default));
4097				memcpy(&lun->mode_pages.lbp_page[
4098				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4099				       sizeof(lbp_page_changeable));
4100				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4101				       &lbp_page_default,
4102				       sizeof(lbp_page_default));
4103				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4104				value = ctl_get_opt(&lun->be_lun->options,
4105				    "avail-threshold");
4106				if (value != NULL &&
4107				    ctl_expand_number(value, &ival) == 0) {
4108					page->descr[0].flags |= SLBPPD_ENABLED |
4109					    SLBPPD_ARMING_DEC;
4110					if (lun->be_lun->blocksize)
4111						ival /= lun->be_lun->blocksize;
4112					else
4113						ival /= 512;
4114					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4115					    page->descr[0].count);
4116				}
4117				value = ctl_get_opt(&lun->be_lun->options,
4118				    "used-threshold");
4119				if (value != NULL &&
4120				    ctl_expand_number(value, &ival) == 0) {
4121					page->descr[1].flags |= SLBPPD_ENABLED |
4122					    SLBPPD_ARMING_INC;
4123					if (lun->be_lun->blocksize)
4124						ival /= lun->be_lun->blocksize;
4125					else
4126						ival /= 512;
4127					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4128					    page->descr[1].count);
4129				}
4130				value = ctl_get_opt(&lun->be_lun->options,
4131				    "pool-avail-threshold");
4132				if (value != NULL &&
4133				    ctl_expand_number(value, &ival) == 0) {
4134					page->descr[2].flags |= SLBPPD_ENABLED |
4135					    SLBPPD_ARMING_DEC;
4136					if (lun->be_lun->blocksize)
4137						ival /= lun->be_lun->blocksize;
4138					else
4139						ival /= 512;
4140					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4141					    page->descr[2].count);
4142				}
4143				value = ctl_get_opt(&lun->be_lun->options,
4144				    "pool-used-threshold");
4145				if (value != NULL &&
4146				    ctl_expand_number(value, &ival) == 0) {
4147					page->descr[3].flags |= SLBPPD_ENABLED |
4148					    SLBPPD_ARMING_INC;
4149					if (lun->be_lun->blocksize)
4150						ival /= lun->be_lun->blocksize;
4151					else
4152						ival /= 512;
4153					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4154					    page->descr[3].count);
4155				}
4156				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4157				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4158				       sizeof(lbp_page_default));
4159				page_index->page_data =
4160					(uint8_t *)lun->mode_pages.lbp_page;
4161			}}
4162			break;
4163		}
4164		case SMS_VENDOR_SPECIFIC_PAGE:{
4165			switch (page_index->subpage) {
4166			case DBGCNF_SUBPAGE_CODE: {
4167				memcpy(&lun->mode_pages.debugconf_subpage[
4168				       CTL_PAGE_CURRENT],
4169				       &debugconf_page_default,
4170				       sizeof(debugconf_page_default));
4171				memcpy(&lun->mode_pages.debugconf_subpage[
4172				       CTL_PAGE_CHANGEABLE],
4173				       &debugconf_page_changeable,
4174				       sizeof(debugconf_page_changeable));
4175				memcpy(&lun->mode_pages.debugconf_subpage[
4176				       CTL_PAGE_DEFAULT],
4177				       &debugconf_page_default,
4178				       sizeof(debugconf_page_default));
4179				memcpy(&lun->mode_pages.debugconf_subpage[
4180				       CTL_PAGE_SAVED],
4181				       &debugconf_page_default,
4182				       sizeof(debugconf_page_default));
4183				page_index->page_data =
4184				    (uint8_t *)lun->mode_pages.debugconf_subpage;
4185				break;
4186			}
4187			default:
4188				panic("invalid subpage value %d",
4189				      page_index->subpage);
4190				break;
4191			}
4192   			break;
4193		}
4194		default:
4195			panic("invalid page value %d",
4196			      page_index->page_code & SMPH_PC_MASK);
4197			break;
4198    	}
4199	}
4200
4201	return (CTL_RETVAL_COMPLETE);
4202}
4203
4204static int
4205ctl_init_log_page_index(struct ctl_lun *lun)
4206{
4207	struct ctl_page_index *page_index;
4208	int i, j, k, prev;
4209
4210	memcpy(&lun->log_pages.index, log_page_index_template,
4211	       sizeof(log_page_index_template));
4212
4213	prev = -1;
4214	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4215
4216		page_index = &lun->log_pages.index[i];
4217		/*
4218		 * If this is a disk-only mode page, there's no point in
4219		 * setting it up.  For some pages, we have to have some
4220		 * basic information about the disk in order to calculate the
4221		 * mode page data.
4222		 */
4223		if ((lun->be_lun->lun_type != T_DIRECT)
4224		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4225			continue;
4226
4227		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4228		     lun->backend->lun_attr == NULL)
4229			continue;
4230
4231		if (page_index->page_code != prev) {
4232			lun->log_pages.pages_page[j] = page_index->page_code;
4233			prev = page_index->page_code;
4234			j++;
4235		}
4236		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4237		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4238		k++;
4239	}
4240	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4241	lun->log_pages.index[0].page_len = j;
4242	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4243	lun->log_pages.index[1].page_len = k * 2;
4244	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4245	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4246	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4247	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4248
4249	return (CTL_RETVAL_COMPLETE);
4250}
4251
4252static int
4253hex2bin(const char *str, uint8_t *buf, int buf_size)
4254{
4255	int i;
4256	u_char c;
4257
4258	memset(buf, 0, buf_size);
4259	while (isspace(str[0]))
4260		str++;
4261	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4262		str += 2;
4263	buf_size *= 2;
4264	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4265		c = str[i];
4266		if (isdigit(c))
4267			c -= '0';
4268		else if (isalpha(c))
4269			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4270		else
4271			break;
4272		if (c >= 16)
4273			break;
4274		if ((i & 1) == 0)
4275			buf[i / 2] |= (c << 4);
4276		else
4277			buf[i / 2] |= c;
4278	}
4279	return ((i + 1) / 2);
4280}
4281
4282/*
4283 * LUN allocation.
4284 *
4285 * Requirements:
4286 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4287 *   wants us to allocate the LUN and he can block.
4288 * - ctl_softc is always set
4289 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4290 *
4291 * Returns 0 for success, non-zero (errno) for failure.
4292 */
4293static int
4294ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4295	      struct ctl_be_lun *const be_lun)
4296{
4297	struct ctl_lun *nlun, *lun;
4298	struct scsi_vpd_id_descriptor *desc;
4299	struct scsi_vpd_id_t10 *t10id;
4300	const char *eui, *naa, *scsiname, *vendor;
4301	int lun_number, i, lun_malloced;
4302	int devidlen, idlen1, idlen2 = 0, len;
4303
4304	if (be_lun == NULL)
4305		return (EINVAL);
4306
4307	/*
4308	 * We currently only support Direct Access or Processor LUN types.
4309	 */
4310	switch (be_lun->lun_type) {
4311	case T_DIRECT:
4312		break;
4313	case T_PROCESSOR:
4314		break;
4315	case T_SEQUENTIAL:
4316	case T_CHANGER:
4317	default:
4318		be_lun->lun_config_status(be_lun->be_lun,
4319					  CTL_LUN_CONFIG_FAILURE);
4320		break;
4321	}
4322	if (ctl_lun == NULL) {
4323		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4324		lun_malloced = 1;
4325	} else {
4326		lun_malloced = 0;
4327		lun = ctl_lun;
4328	}
4329
4330	memset(lun, 0, sizeof(*lun));
4331	if (lun_malloced)
4332		lun->flags = CTL_LUN_MALLOCED;
4333
4334	/* Generate LUN ID. */
4335	devidlen = max(CTL_DEVID_MIN_LEN,
4336	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4337	idlen1 = sizeof(*t10id) + devidlen;
4338	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4339	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4340	if (scsiname != NULL) {
4341		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4342		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4343	}
4344	eui = ctl_get_opt(&be_lun->options, "eui");
4345	if (eui != NULL) {
4346		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4347	}
4348	naa = ctl_get_opt(&be_lun->options, "naa");
4349	if (naa != NULL) {
4350		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4351	}
4352	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4353	    M_CTL, M_WAITOK | M_ZERO);
4354	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4355	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4356	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4357	desc->length = idlen1;
4358	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4359	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4360	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4361		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4362	} else {
4363		strncpy(t10id->vendor, vendor,
4364		    min(sizeof(t10id->vendor), strlen(vendor)));
4365	}
4366	strncpy((char *)t10id->vendor_spec_id,
4367	    (char *)be_lun->device_id, devidlen);
4368	if (scsiname != NULL) {
4369		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4370		    desc->length);
4371		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4372		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4373		    SVPD_ID_TYPE_SCSI_NAME;
4374		desc->length = idlen2;
4375		strlcpy(desc->identifier, scsiname, idlen2);
4376	}
4377	if (eui != NULL) {
4378		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4379		    desc->length);
4380		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4381		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4382		    SVPD_ID_TYPE_EUI64;
4383		desc->length = hex2bin(eui, desc->identifier, 16);
4384		desc->length = desc->length > 12 ? 16 :
4385		    (desc->length > 8 ? 12 : 8);
4386		len -= 16 - desc->length;
4387	}
4388	if (naa != NULL) {
4389		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4390		    desc->length);
4391		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4392		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4393		    SVPD_ID_TYPE_NAA;
4394		desc->length = hex2bin(naa, desc->identifier, 16);
4395		desc->length = desc->length > 8 ? 16 : 8;
4396		len -= 16 - desc->length;
4397	}
4398	lun->lun_devid->len = len;
4399
4400	mtx_lock(&ctl_softc->ctl_lock);
4401	/*
4402	 * See if the caller requested a particular LUN number.  If so, see
4403	 * if it is available.  Otherwise, allocate the first available LUN.
4404	 */
4405	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4406		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4407		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4408			mtx_unlock(&ctl_softc->ctl_lock);
4409			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4410				printf("ctl: requested LUN ID %d is higher "
4411				       "than CTL_MAX_LUNS - 1 (%d)\n",
4412				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4413			} else {
4414				/*
4415				 * XXX KDM return an error, or just assign
4416				 * another LUN ID in this case??
4417				 */
4418				printf("ctl: requested LUN ID %d is already "
4419				       "in use\n", be_lun->req_lun_id);
4420			}
4421			if (lun->flags & CTL_LUN_MALLOCED)
4422				free(lun, M_CTL);
4423			be_lun->lun_config_status(be_lun->be_lun,
4424						  CTL_LUN_CONFIG_FAILURE);
4425			return (ENOSPC);
4426		}
4427		lun_number = be_lun->req_lun_id;
4428	} else {
4429		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4430		if (lun_number == -1) {
4431			mtx_unlock(&ctl_softc->ctl_lock);
4432			printf("ctl: can't allocate LUN, out of LUNs\n");
4433			if (lun->flags & CTL_LUN_MALLOCED)
4434				free(lun, M_CTL);
4435			be_lun->lun_config_status(be_lun->be_lun,
4436						  CTL_LUN_CONFIG_FAILURE);
4437			return (ENOSPC);
4438		}
4439	}
4440	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4441
4442	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4443	lun->lun = lun_number;
4444	lun->be_lun = be_lun;
4445	/*
4446	 * The processor LUN is always enabled.  Disk LUNs come on line
4447	 * disabled, and must be enabled by the backend.
4448	 */
4449	lun->flags |= CTL_LUN_DISABLED;
4450	lun->backend = be_lun->be;
4451	be_lun->ctl_lun = lun;
4452	be_lun->lun_id = lun_number;
4453	atomic_add_int(&be_lun->be->num_luns, 1);
4454	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4455		lun->flags |= CTL_LUN_OFFLINE;
4456
4457	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4458		lun->flags |= CTL_LUN_STOPPED;
4459
4460	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4461		lun->flags |= CTL_LUN_INOPERABLE;
4462
4463	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4464		lun->flags |= CTL_LUN_PRIMARY_SC;
4465
4466	lun->ctl_softc = ctl_softc;
4467#ifdef CTL_TIME_IO
4468	lun->last_busy = getsbinuptime();
4469#endif
4470	TAILQ_INIT(&lun->ooa_queue);
4471	TAILQ_INIT(&lun->blocked_queue);
4472	STAILQ_INIT(&lun->error_list);
4473	ctl_tpc_lun_init(lun);
4474
4475	/*
4476	 * Initialize the mode and log page index.
4477	 */
4478	ctl_init_page_index(lun);
4479	ctl_init_log_page_index(lun);
4480
4481	/*
4482	 * Now, before we insert this lun on the lun list, set the lun
4483	 * inventory changed UA for all other luns.
4484	 */
4485	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4486		mtx_lock(&nlun->lun_lock);
4487		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4488		mtx_unlock(&nlun->lun_lock);
4489	}
4490
4491	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4492
4493	ctl_softc->ctl_luns[lun_number] = lun;
4494
4495	ctl_softc->num_luns++;
4496
4497	/* Setup statistics gathering */
4498	lun->stats.device_type = be_lun->lun_type;
4499	lun->stats.lun_number = lun_number;
4500	if (lun->stats.device_type == T_DIRECT)
4501		lun->stats.blocksize = be_lun->blocksize;
4502	else
4503		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4504	for (i = 0;i < CTL_MAX_PORTS;i++)
4505		lun->stats.ports[i].targ_port = i;
4506
4507	mtx_unlock(&ctl_softc->ctl_lock);
4508
4509	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4510	return (0);
4511}
4512
4513/*
4514 * Delete a LUN.
4515 * Assumptions:
4516 * - LUN has already been marked invalid and any pending I/O has been taken
4517 *   care of.
4518 */
4519static int
4520ctl_free_lun(struct ctl_lun *lun)
4521{
4522	struct ctl_softc *softc;
4523	struct ctl_lun *nlun;
4524	int i;
4525
4526	softc = lun->ctl_softc;
4527
4528	mtx_assert(&softc->ctl_lock, MA_OWNED);
4529
4530	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4531
4532	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4533
4534	softc->ctl_luns[lun->lun] = NULL;
4535
4536	if (!TAILQ_EMPTY(&lun->ooa_queue))
4537		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4538
4539	softc->num_luns--;
4540
4541	/*
4542	 * Tell the backend to free resources, if this LUN has a backend.
4543	 */
4544	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4545	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4546
4547	ctl_tpc_lun_shutdown(lun);
4548	mtx_destroy(&lun->lun_lock);
4549	free(lun->lun_devid, M_CTL);
4550	for (i = 0; i < CTL_MAX_PORTS; i++)
4551		free(lun->pending_ua[i], M_CTL);
4552	for (i = 0; i < CTL_MAX_PORTS; i++)
4553		free(lun->pr_keys[i], M_CTL);
4554	free(lun->write_buffer, M_CTL);
4555	if (lun->flags & CTL_LUN_MALLOCED)
4556		free(lun, M_CTL);
4557
4558	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4559		mtx_lock(&nlun->lun_lock);
4560		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4561		mtx_unlock(&nlun->lun_lock);
4562	}
4563
4564	return (0);
4565}
4566
4567static void
4568ctl_create_lun(struct ctl_be_lun *be_lun)
4569{
4570
4571	/*
4572	 * ctl_alloc_lun() should handle all potential failure cases.
4573	 */
4574	ctl_alloc_lun(control_softc, NULL, be_lun);
4575}
4576
4577int
4578ctl_add_lun(struct ctl_be_lun *be_lun)
4579{
4580	struct ctl_softc *softc = control_softc;
4581
4582	mtx_lock(&softc->ctl_lock);
4583	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4584	mtx_unlock(&softc->ctl_lock);
4585	wakeup(&softc->pending_lun_queue);
4586
4587	return (0);
4588}
4589
4590int
4591ctl_enable_lun(struct ctl_be_lun *be_lun)
4592{
4593	struct ctl_softc *softc;
4594	struct ctl_port *port, *nport;
4595	struct ctl_lun *lun;
4596	int retval;
4597
4598	lun = (struct ctl_lun *)be_lun->ctl_lun;
4599	softc = lun->ctl_softc;
4600
4601	mtx_lock(&softc->ctl_lock);
4602	mtx_lock(&lun->lun_lock);
4603	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4604		/*
4605		 * eh?  Why did we get called if the LUN is already
4606		 * enabled?
4607		 */
4608		mtx_unlock(&lun->lun_lock);
4609		mtx_unlock(&softc->ctl_lock);
4610		return (0);
4611	}
4612	lun->flags &= ~CTL_LUN_DISABLED;
4613	mtx_unlock(&lun->lun_lock);
4614
4615	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4616		nport = STAILQ_NEXT(port, links);
4617		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4618		    port->lun_map != NULL || port->lun_enable == NULL)
4619			continue;
4620
4621		/*
4622		 * Drop the lock while we call the FETD's enable routine.
4623		 * This can lead to a callback into CTL (at least in the
4624		 * case of the internal initiator frontend.
4625		 */
4626		mtx_unlock(&softc->ctl_lock);
4627		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4628		mtx_lock(&softc->ctl_lock);
4629		if (retval != 0) {
4630			printf("%s: FETD %s port %d returned error "
4631			       "%d for lun_enable on lun %jd\n",
4632			       __func__, port->port_name, port->targ_port,
4633			       retval, (intmax_t)lun->lun);
4634		}
4635	}
4636
4637	mtx_unlock(&softc->ctl_lock);
4638	ctl_isc_announce_lun(lun);
4639
4640	return (0);
4641}
4642
4643int
4644ctl_disable_lun(struct ctl_be_lun *be_lun)
4645{
4646	struct ctl_softc *softc;
4647	struct ctl_port *port;
4648	struct ctl_lun *lun;
4649	int retval;
4650
4651	lun = (struct ctl_lun *)be_lun->ctl_lun;
4652	softc = lun->ctl_softc;
4653
4654	mtx_lock(&softc->ctl_lock);
4655	mtx_lock(&lun->lun_lock);
4656	if (lun->flags & CTL_LUN_DISABLED) {
4657		mtx_unlock(&lun->lun_lock);
4658		mtx_unlock(&softc->ctl_lock);
4659		return (0);
4660	}
4661	lun->flags |= CTL_LUN_DISABLED;
4662	mtx_unlock(&lun->lun_lock);
4663
4664	STAILQ_FOREACH(port, &softc->port_list, links) {
4665		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4666		    port->lun_map != NULL || port->lun_disable == NULL)
4667			continue;
4668
4669		/*
4670		 * Drop the lock before we call the frontend's disable
4671		 * routine, to avoid lock order reversals.
4672		 *
4673		 * XXX KDM what happens if the frontend list changes while
4674		 * we're traversing it?  It's unlikely, but should be handled.
4675		 */
4676		mtx_unlock(&softc->ctl_lock);
4677		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4678		mtx_lock(&softc->ctl_lock);
4679		if (retval != 0) {
4680			printf("%s: FETD %s port %d returned error "
4681			       "%d for lun_disable on lun %jd\n",
4682			       __func__, port->port_name, port->targ_port,
4683			       retval, (intmax_t)lun->lun);
4684		}
4685	}
4686
4687	mtx_unlock(&softc->ctl_lock);
4688	ctl_isc_announce_lun(lun);
4689
4690	return (0);
4691}
4692
4693int
4694ctl_start_lun(struct ctl_be_lun *be_lun)
4695{
4696	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4697
4698	mtx_lock(&lun->lun_lock);
4699	lun->flags &= ~CTL_LUN_STOPPED;
4700	mtx_unlock(&lun->lun_lock);
4701	return (0);
4702}
4703
4704int
4705ctl_stop_lun(struct ctl_be_lun *be_lun)
4706{
4707	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4708
4709	mtx_lock(&lun->lun_lock);
4710	lun->flags |= CTL_LUN_STOPPED;
4711	mtx_unlock(&lun->lun_lock);
4712	return (0);
4713}
4714
4715int
4716ctl_lun_offline(struct ctl_be_lun *be_lun)
4717{
4718	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4719
4720	mtx_lock(&lun->lun_lock);
4721	lun->flags |= CTL_LUN_OFFLINE;
4722	mtx_unlock(&lun->lun_lock);
4723	return (0);
4724}
4725
4726int
4727ctl_lun_online(struct ctl_be_lun *be_lun)
4728{
4729	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4730
4731	mtx_lock(&lun->lun_lock);
4732	lun->flags &= ~CTL_LUN_OFFLINE;
4733	mtx_unlock(&lun->lun_lock);
4734	return (0);
4735}
4736
4737int
4738ctl_lun_primary(struct ctl_be_lun *be_lun)
4739{
4740	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4741
4742	mtx_lock(&lun->lun_lock);
4743	lun->flags |= CTL_LUN_PRIMARY_SC;
4744	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4745	mtx_unlock(&lun->lun_lock);
4746	ctl_isc_announce_lun(lun);
4747	return (0);
4748}
4749
4750int
4751ctl_lun_secondary(struct ctl_be_lun *be_lun)
4752{
4753	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4754
4755	mtx_lock(&lun->lun_lock);
4756	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4757	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4758	mtx_unlock(&lun->lun_lock);
4759	ctl_isc_announce_lun(lun);
4760	return (0);
4761}
4762
4763int
4764ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4765{
4766	struct ctl_softc *softc;
4767	struct ctl_lun *lun;
4768
4769	lun = (struct ctl_lun *)be_lun->ctl_lun;
4770	softc = lun->ctl_softc;
4771
4772	mtx_lock(&lun->lun_lock);
4773
4774	/*
4775	 * The LUN needs to be disabled before it can be marked invalid.
4776	 */
4777	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4778		mtx_unlock(&lun->lun_lock);
4779		return (-1);
4780	}
4781	/*
4782	 * Mark the LUN invalid.
4783	 */
4784	lun->flags |= CTL_LUN_INVALID;
4785
4786	/*
4787	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4788	 * If we have something in the OOA queue, we'll free it when the
4789	 * last I/O completes.
4790	 */
4791	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4792		mtx_unlock(&lun->lun_lock);
4793		mtx_lock(&softc->ctl_lock);
4794		ctl_free_lun(lun);
4795		mtx_unlock(&softc->ctl_lock);
4796	} else
4797		mtx_unlock(&lun->lun_lock);
4798
4799	return (0);
4800}
4801
4802int
4803ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4804{
4805	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4806
4807	mtx_lock(&lun->lun_lock);
4808	lun->flags |= CTL_LUN_INOPERABLE;
4809	mtx_unlock(&lun->lun_lock);
4810	return (0);
4811}
4812
4813int
4814ctl_lun_operable(struct ctl_be_lun *be_lun)
4815{
4816	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4817
4818	mtx_lock(&lun->lun_lock);
4819	lun->flags &= ~CTL_LUN_INOPERABLE;
4820	mtx_unlock(&lun->lun_lock);
4821	return (0);
4822}
4823
4824void
4825ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4826{
4827	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4828	union ctl_ha_msg msg;
4829
4830	mtx_lock(&lun->lun_lock);
4831	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4832	mtx_unlock(&lun->lun_lock);
4833	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4834		/* Send msg to other side. */
4835		bzero(&msg.ua, sizeof(msg.ua));
4836		msg.hdr.msg_type = CTL_MSG_UA;
4837		msg.hdr.nexus.initid = -1;
4838		msg.hdr.nexus.targ_port = -1;
4839		msg.hdr.nexus.targ_lun = lun->lun;
4840		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4841		msg.ua.ua_all = 1;
4842		msg.ua.ua_set = 1;
4843		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4844		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4845		    M_WAITOK);
4846	}
4847}
4848
4849/*
4850 * Backend "memory move is complete" callback for requests that never
4851 * make it down to say RAIDCore's configuration code.
4852 */
4853int
4854ctl_config_move_done(union ctl_io *io)
4855{
4856	int retval;
4857
4858	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4859	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4860	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4861
4862	if ((io->io_hdr.port_status != 0) &&
4863	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4864	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4865		/*
4866		 * For hardware error sense keys, the sense key
4867		 * specific value is defined to be a retry count,
4868		 * but we use it to pass back an internal FETD
4869		 * error code.  XXX KDM  Hopefully the FETD is only
4870		 * using 16 bits for an error code, since that's
4871		 * all the space we have in the sks field.
4872		 */
4873		ctl_set_internal_failure(&io->scsiio,
4874					 /*sks_valid*/ 1,
4875					 /*retry_count*/
4876					 io->io_hdr.port_status);
4877	}
4878
4879	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4880		ctl_data_print(io);
4881	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4882	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4883	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4884	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4885		/*
4886		 * XXX KDM just assuming a single pointer here, and not a
4887		 * S/G list.  If we start using S/G lists for config data,
4888		 * we'll need to know how to clean them up here as well.
4889		 */
4890		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4891			free(io->scsiio.kern_data_ptr, M_CTL);
4892		ctl_done(io);
4893		retval = CTL_RETVAL_COMPLETE;
4894	} else {
4895		/*
4896		 * XXX KDM now we need to continue data movement.  Some
4897		 * options:
4898		 * - call ctl_scsiio() again?  We don't do this for data
4899		 *   writes, because for those at least we know ahead of
4900		 *   time where the write will go and how long it is.  For
4901		 *   config writes, though, that information is largely
4902		 *   contained within the write itself, thus we need to
4903		 *   parse out the data again.
4904		 *
4905		 * - Call some other function once the data is in?
4906		 */
4907
4908		/*
4909		 * XXX KDM call ctl_scsiio() again for now, and check flag
4910		 * bits to see whether we're allocated or not.
4911		 */
4912		retval = ctl_scsiio(&io->scsiio);
4913	}
4914	return (retval);
4915}
4916
4917/*
4918 * This gets called by a backend driver when it is done with a
4919 * data_submit method.
4920 */
4921void
4922ctl_data_submit_done(union ctl_io *io)
4923{
4924	/*
4925	 * If the IO_CONT flag is set, we need to call the supplied
4926	 * function to continue processing the I/O, instead of completing
4927	 * the I/O just yet.
4928	 *
4929	 * If there is an error, though, we don't want to keep processing.
4930	 * Instead, just send status back to the initiator.
4931	 */
4932	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4933	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4934	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4935	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4936		io->scsiio.io_cont(io);
4937		return;
4938	}
4939	ctl_done(io);
4940}
4941
4942/*
4943 * This gets called by a backend driver when it is done with a
4944 * configuration write.
4945 */
4946void
4947ctl_config_write_done(union ctl_io *io)
4948{
4949	uint8_t *buf;
4950
4951	/*
4952	 * If the IO_CONT flag is set, we need to call the supplied
4953	 * function to continue processing the I/O, instead of completing
4954	 * the I/O just yet.
4955	 *
4956	 * If there is an error, though, we don't want to keep processing.
4957	 * Instead, just send status back to the initiator.
4958	 */
4959	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4960	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4961	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4962	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4963		io->scsiio.io_cont(io);
4964		return;
4965	}
4966	/*
4967	 * Since a configuration write can be done for commands that actually
4968	 * have data allocated, like write buffer, and commands that have
4969	 * no data, like start/stop unit, we need to check here.
4970	 */
4971	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4972		buf = io->scsiio.kern_data_ptr;
4973	else
4974		buf = NULL;
4975	ctl_done(io);
4976	if (buf)
4977		free(buf, M_CTL);
4978}
4979
4980void
4981ctl_config_read_done(union ctl_io *io)
4982{
4983	uint8_t *buf;
4984
4985	/*
4986	 * If there is some error -- we are done, skip data transfer.
4987	 */
4988	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4989	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4990	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4991		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4992			buf = io->scsiio.kern_data_ptr;
4993		else
4994			buf = NULL;
4995		ctl_done(io);
4996		if (buf)
4997			free(buf, M_CTL);
4998		return;
4999	}
5000
5001	/*
5002	 * If the IO_CONT flag is set, we need to call the supplied
5003	 * function to continue processing the I/O, instead of completing
5004	 * the I/O just yet.
5005	 */
5006	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5007		io->scsiio.io_cont(io);
5008		return;
5009	}
5010
5011	ctl_datamove(io);
5012}
5013
5014/*
5015 * SCSI release command.
5016 */
5017int
5018ctl_scsi_release(struct ctl_scsiio *ctsio)
5019{
5020	struct ctl_lun *lun;
5021	uint32_t residx;
5022
5023	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5024
5025	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5026	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5027
5028	/*
5029	 * XXX KDM right now, we only support LUN reservation.  We don't
5030	 * support 3rd party reservations, or extent reservations, which
5031	 * might actually need the parameter list.  If we've gotten this
5032	 * far, we've got a LUN reservation.  Anything else got kicked out
5033	 * above.  So, according to SPC, ignore the length.
5034	 */
5035
5036	mtx_lock(&lun->lun_lock);
5037
5038	/*
5039	 * According to SPC, it is not an error for an intiator to attempt
5040	 * to release a reservation on a LUN that isn't reserved, or that
5041	 * is reserved by another initiator.  The reservation can only be
5042	 * released, though, by the initiator who made it or by one of
5043	 * several reset type events.
5044	 */
5045	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5046			lun->flags &= ~CTL_LUN_RESERVED;
5047
5048	mtx_unlock(&lun->lun_lock);
5049
5050	ctl_set_success(ctsio);
5051	ctl_done((union ctl_io *)ctsio);
5052	return (CTL_RETVAL_COMPLETE);
5053}
5054
5055int
5056ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5057{
5058	struct ctl_lun *lun;
5059	uint32_t residx;
5060
5061	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5062
5063	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5064	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5065
5066	/*
5067	 * XXX KDM right now, we only support LUN reservation.  We don't
5068	 * support 3rd party reservations, or extent reservations, which
5069	 * might actually need the parameter list.  If we've gotten this
5070	 * far, we've got a LUN reservation.  Anything else got kicked out
5071	 * above.  So, according to SPC, ignore the length.
5072	 */
5073
5074	mtx_lock(&lun->lun_lock);
5075	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5076		ctl_set_reservation_conflict(ctsio);
5077		goto bailout;
5078	}
5079	lun->flags |= CTL_LUN_RESERVED;
5080	lun->res_idx = residx;
5081	ctl_set_success(ctsio);
5082
5083bailout:
5084	mtx_unlock(&lun->lun_lock);
5085	ctl_done((union ctl_io *)ctsio);
5086	return (CTL_RETVAL_COMPLETE);
5087}
5088
5089int
5090ctl_start_stop(struct ctl_scsiio *ctsio)
5091{
5092	struct scsi_start_stop_unit *cdb;
5093	struct ctl_lun *lun;
5094	int retval;
5095
5096	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5097
5098	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5099	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5100
5101	/*
5102	 * XXX KDM
5103	 * We don't support the immediate bit on a stop unit.  In order to
5104	 * do that, we would need to code up a way to know that a stop is
5105	 * pending, and hold off any new commands until it completes, one
5106	 * way or another.  Then we could accept or reject those commands
5107	 * depending on its status.  We would almost need to do the reverse
5108	 * of what we do below for an immediate start -- return the copy of
5109	 * the ctl_io to the FETD with status to send to the host (and to
5110	 * free the copy!) and then free the original I/O once the stop
5111	 * actually completes.  That way, the OOA queue mechanism can work
5112	 * to block commands that shouldn't proceed.  Another alternative
5113	 * would be to put the copy in the queue in place of the original,
5114	 * and return the original back to the caller.  That could be
5115	 * slightly safer..
5116	 */
5117	if ((cdb->byte2 & SSS_IMMED)
5118	 && ((cdb->how & SSS_START) == 0)) {
5119		ctl_set_invalid_field(ctsio,
5120				      /*sks_valid*/ 1,
5121				      /*command*/ 1,
5122				      /*field*/ 1,
5123				      /*bit_valid*/ 1,
5124				      /*bit*/ 0);
5125		ctl_done((union ctl_io *)ctsio);
5126		return (CTL_RETVAL_COMPLETE);
5127	}
5128
5129	if ((lun->flags & CTL_LUN_PR_RESERVED)
5130	 && ((cdb->how & SSS_START)==0)) {
5131		uint32_t residx;
5132
5133		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5134		if (ctl_get_prkey(lun, residx) == 0
5135		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5136
5137			ctl_set_reservation_conflict(ctsio);
5138			ctl_done((union ctl_io *)ctsio);
5139			return (CTL_RETVAL_COMPLETE);
5140		}
5141	}
5142
5143	/*
5144	 * If there is no backend on this device, we can't start or stop
5145	 * it.  In theory we shouldn't get any start/stop commands in the
5146	 * first place at this level if the LUN doesn't have a backend.
5147	 * That should get stopped by the command decode code.
5148	 */
5149	if (lun->backend == NULL) {
5150		ctl_set_invalid_opcode(ctsio);
5151		ctl_done((union ctl_io *)ctsio);
5152		return (CTL_RETVAL_COMPLETE);
5153	}
5154
5155	/*
5156	 * In the non-immediate case, we send the request to
5157	 * the backend and return status to the user when
5158	 * it is done.
5159	 *
5160	 * In the immediate case, we allocate a new ctl_io
5161	 * to hold a copy of the request, and send that to
5162	 * the backend.  We then set good status on the
5163	 * user's request and return it immediately.
5164	 */
5165	if (cdb->byte2 & SSS_IMMED) {
5166		union ctl_io *new_io;
5167
5168		new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5169		ctl_copy_io((union ctl_io *)ctsio, new_io);
5170		retval = lun->backend->config_write(new_io);
5171		ctl_set_success(ctsio);
5172		ctl_done((union ctl_io *)ctsio);
5173	} else {
5174		retval = lun->backend->config_write(
5175			(union ctl_io *)ctsio);
5176	}
5177	return (retval);
5178}
5179
5180/*
5181 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5182 * we don't really do anything with the LBA and length fields if the user
5183 * passes them in.  Instead we'll just flush out the cache for the entire
5184 * LUN.
5185 */
5186int
5187ctl_sync_cache(struct ctl_scsiio *ctsio)
5188{
5189	struct ctl_lun *lun;
5190	struct ctl_softc *softc;
5191	struct ctl_lba_len_flags *lbalen;
5192	uint64_t starting_lba;
5193	uint32_t block_count;
5194	int retval;
5195	uint8_t byte2;
5196
5197	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5198
5199	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5200	softc = lun->ctl_softc;
5201	retval = 0;
5202
5203	switch (ctsio->cdb[0]) {
5204	case SYNCHRONIZE_CACHE: {
5205		struct scsi_sync_cache *cdb;
5206		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5207
5208		starting_lba = scsi_4btoul(cdb->begin_lba);
5209		block_count = scsi_2btoul(cdb->lb_count);
5210		byte2 = cdb->byte2;
5211		break;
5212	}
5213	case SYNCHRONIZE_CACHE_16: {
5214		struct scsi_sync_cache_16 *cdb;
5215		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5216
5217		starting_lba = scsi_8btou64(cdb->begin_lba);
5218		block_count = scsi_4btoul(cdb->lb_count);
5219		byte2 = cdb->byte2;
5220		break;
5221	}
5222	default:
5223		ctl_set_invalid_opcode(ctsio);
5224		ctl_done((union ctl_io *)ctsio);
5225		goto bailout;
5226		break; /* NOTREACHED */
5227	}
5228
5229	/*
5230	 * We check the LBA and length, but don't do anything with them.
5231	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5232	 * get flushed.  This check will just help satisfy anyone who wants
5233	 * to see an error for an out of range LBA.
5234	 */
5235	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5236		ctl_set_lba_out_of_range(ctsio);
5237		ctl_done((union ctl_io *)ctsio);
5238		goto bailout;
5239	}
5240
5241	/*
5242	 * If this LUN has no backend, we can't flush the cache anyway.
5243	 */
5244	if (lun->backend == NULL) {
5245		ctl_set_invalid_opcode(ctsio);
5246		ctl_done((union ctl_io *)ctsio);
5247		goto bailout;
5248	}
5249
5250	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5251	lbalen->lba = starting_lba;
5252	lbalen->len = block_count;
5253	lbalen->flags = byte2;
5254	retval = lun->backend->config_write((union ctl_io *)ctsio);
5255
5256bailout:
5257	return (retval);
5258}
5259
5260int
5261ctl_format(struct ctl_scsiio *ctsio)
5262{
5263	struct scsi_format *cdb;
5264	struct ctl_lun *lun;
5265	int length, defect_list_len;
5266
5267	CTL_DEBUG_PRINT(("ctl_format\n"));
5268
5269	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5270
5271	cdb = (struct scsi_format *)ctsio->cdb;
5272
5273	length = 0;
5274	if (cdb->byte2 & SF_FMTDATA) {
5275		if (cdb->byte2 & SF_LONGLIST)
5276			length = sizeof(struct scsi_format_header_long);
5277		else
5278			length = sizeof(struct scsi_format_header_short);
5279	}
5280
5281	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5282	 && (length > 0)) {
5283		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5284		ctsio->kern_data_len = length;
5285		ctsio->kern_total_len = length;
5286		ctsio->kern_data_resid = 0;
5287		ctsio->kern_rel_offset = 0;
5288		ctsio->kern_sg_entries = 0;
5289		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5290		ctsio->be_move_done = ctl_config_move_done;
5291		ctl_datamove((union ctl_io *)ctsio);
5292
5293		return (CTL_RETVAL_COMPLETE);
5294	}
5295
5296	defect_list_len = 0;
5297
5298	if (cdb->byte2 & SF_FMTDATA) {
5299		if (cdb->byte2 & SF_LONGLIST) {
5300			struct scsi_format_header_long *header;
5301
5302			header = (struct scsi_format_header_long *)
5303				ctsio->kern_data_ptr;
5304
5305			defect_list_len = scsi_4btoul(header->defect_list_len);
5306			if (defect_list_len != 0) {
5307				ctl_set_invalid_field(ctsio,
5308						      /*sks_valid*/ 1,
5309						      /*command*/ 0,
5310						      /*field*/ 2,
5311						      /*bit_valid*/ 0,
5312						      /*bit*/ 0);
5313				goto bailout;
5314			}
5315		} else {
5316			struct scsi_format_header_short *header;
5317
5318			header = (struct scsi_format_header_short *)
5319				ctsio->kern_data_ptr;
5320
5321			defect_list_len = scsi_2btoul(header->defect_list_len);
5322			if (defect_list_len != 0) {
5323				ctl_set_invalid_field(ctsio,
5324						      /*sks_valid*/ 1,
5325						      /*command*/ 0,
5326						      /*field*/ 2,
5327						      /*bit_valid*/ 0,
5328						      /*bit*/ 0);
5329				goto bailout;
5330			}
5331		}
5332	}
5333
5334	/*
5335	 * The format command will clear out the "Medium format corrupted"
5336	 * status if set by the configuration code.  That status is really
5337	 * just a way to notify the host that we have lost the media, and
5338	 * get them to issue a command that will basically make them think
5339	 * they're blowing away the media.
5340	 */
5341	mtx_lock(&lun->lun_lock);
5342	lun->flags &= ~CTL_LUN_INOPERABLE;
5343	mtx_unlock(&lun->lun_lock);
5344
5345	ctl_set_success(ctsio);
5346bailout:
5347
5348	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5349		free(ctsio->kern_data_ptr, M_CTL);
5350		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5351	}
5352
5353	ctl_done((union ctl_io *)ctsio);
5354	return (CTL_RETVAL_COMPLETE);
5355}
5356
5357int
5358ctl_read_buffer(struct ctl_scsiio *ctsio)
5359{
5360	struct ctl_lun *lun;
5361	uint64_t buffer_offset;
5362	uint32_t len;
5363	uint8_t byte2;
5364	static uint8_t descr[4];
5365	static uint8_t echo_descr[4] = { 0 };
5366
5367	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5368	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5369	switch (ctsio->cdb[0]) {
5370	case READ_BUFFER: {
5371		struct scsi_read_buffer *cdb;
5372
5373		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5374		buffer_offset = scsi_3btoul(cdb->offset);
5375		len = scsi_3btoul(cdb->length);
5376		byte2 = cdb->byte2;
5377		break;
5378	}
5379	case READ_BUFFER_16: {
5380		struct scsi_read_buffer_16 *cdb;
5381
5382		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5383		buffer_offset = scsi_8btou64(cdb->offset);
5384		len = scsi_4btoul(cdb->length);
5385		byte2 = cdb->byte2;
5386		break;
5387	}
5388	default: /* This shouldn't happen. */
5389		ctl_set_invalid_opcode(ctsio);
5390		ctl_done((union ctl_io *)ctsio);
5391		return (CTL_RETVAL_COMPLETE);
5392	}
5393
5394	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5395	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5396	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5397		ctl_set_invalid_field(ctsio,
5398				      /*sks_valid*/ 1,
5399				      /*command*/ 1,
5400				      /*field*/ 1,
5401				      /*bit_valid*/ 1,
5402				      /*bit*/ 4);
5403		ctl_done((union ctl_io *)ctsio);
5404		return (CTL_RETVAL_COMPLETE);
5405	}
5406
5407	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5408	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5409		ctl_set_invalid_field(ctsio,
5410				      /*sks_valid*/ 1,
5411				      /*command*/ 1,
5412				      /*field*/ 6,
5413				      /*bit_valid*/ 0,
5414				      /*bit*/ 0);
5415		ctl_done((union ctl_io *)ctsio);
5416		return (CTL_RETVAL_COMPLETE);
5417	}
5418
5419	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5420		descr[0] = 0;
5421		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5422		ctsio->kern_data_ptr = descr;
5423		len = min(len, sizeof(descr));
5424	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5425		ctsio->kern_data_ptr = echo_descr;
5426		len = min(len, sizeof(echo_descr));
5427	} else {
5428		if (lun->write_buffer == NULL) {
5429			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5430			    M_CTL, M_WAITOK);
5431		}
5432		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5433	}
5434	ctsio->kern_data_len = len;
5435	ctsio->kern_total_len = len;
5436	ctsio->kern_data_resid = 0;
5437	ctsio->kern_rel_offset = 0;
5438	ctsio->kern_sg_entries = 0;
5439	ctl_set_success(ctsio);
5440	ctsio->be_move_done = ctl_config_move_done;
5441	ctl_datamove((union ctl_io *)ctsio);
5442	return (CTL_RETVAL_COMPLETE);
5443}
5444
5445int
5446ctl_write_buffer(struct ctl_scsiio *ctsio)
5447{
5448	struct scsi_write_buffer *cdb;
5449	struct ctl_lun *lun;
5450	int buffer_offset, len;
5451
5452	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5453
5454	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5455	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5456
5457	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5458		ctl_set_invalid_field(ctsio,
5459				      /*sks_valid*/ 1,
5460				      /*command*/ 1,
5461				      /*field*/ 1,
5462				      /*bit_valid*/ 1,
5463				      /*bit*/ 4);
5464		ctl_done((union ctl_io *)ctsio);
5465		return (CTL_RETVAL_COMPLETE);
5466	}
5467
5468	len = scsi_3btoul(cdb->length);
5469	buffer_offset = scsi_3btoul(cdb->offset);
5470
5471	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5472		ctl_set_invalid_field(ctsio,
5473				      /*sks_valid*/ 1,
5474				      /*command*/ 1,
5475				      /*field*/ 6,
5476				      /*bit_valid*/ 0,
5477				      /*bit*/ 0);
5478		ctl_done((union ctl_io *)ctsio);
5479		return (CTL_RETVAL_COMPLETE);
5480	}
5481
5482	/*
5483	 * If we've got a kernel request that hasn't been malloced yet,
5484	 * malloc it and tell the caller the data buffer is here.
5485	 */
5486	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5487		if (lun->write_buffer == NULL) {
5488			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5489			    M_CTL, M_WAITOK);
5490		}
5491		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5492		ctsio->kern_data_len = len;
5493		ctsio->kern_total_len = len;
5494		ctsio->kern_data_resid = 0;
5495		ctsio->kern_rel_offset = 0;
5496		ctsio->kern_sg_entries = 0;
5497		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5498		ctsio->be_move_done = ctl_config_move_done;
5499		ctl_datamove((union ctl_io *)ctsio);
5500
5501		return (CTL_RETVAL_COMPLETE);
5502	}
5503
5504	ctl_set_success(ctsio);
5505	ctl_done((union ctl_io *)ctsio);
5506	return (CTL_RETVAL_COMPLETE);
5507}
5508
5509int
5510ctl_write_same(struct ctl_scsiio *ctsio)
5511{
5512	struct ctl_lun *lun;
5513	struct ctl_lba_len_flags *lbalen;
5514	uint64_t lba;
5515	uint32_t num_blocks;
5516	int len, retval;
5517	uint8_t byte2;
5518
5519	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5520
5521	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5522
5523	switch (ctsio->cdb[0]) {
5524	case WRITE_SAME_10: {
5525		struct scsi_write_same_10 *cdb;
5526
5527		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5528
5529		lba = scsi_4btoul(cdb->addr);
5530		num_blocks = scsi_2btoul(cdb->length);
5531		byte2 = cdb->byte2;
5532		break;
5533	}
5534	case WRITE_SAME_16: {
5535		struct scsi_write_same_16 *cdb;
5536
5537		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5538
5539		lba = scsi_8btou64(cdb->addr);
5540		num_blocks = scsi_4btoul(cdb->length);
5541		byte2 = cdb->byte2;
5542		break;
5543	}
5544	default:
5545		/*
5546		 * We got a command we don't support.  This shouldn't
5547		 * happen, commands should be filtered out above us.
5548		 */
5549		ctl_set_invalid_opcode(ctsio);
5550		ctl_done((union ctl_io *)ctsio);
5551
5552		return (CTL_RETVAL_COMPLETE);
5553		break; /* NOTREACHED */
5554	}
5555
5556	/* ANCHOR flag can be used only together with UNMAP */
5557	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5558		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5559		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5560		ctl_done((union ctl_io *)ctsio);
5561		return (CTL_RETVAL_COMPLETE);
5562	}
5563
5564	/*
5565	 * The first check is to make sure we're in bounds, the second
5566	 * check is to catch wrap-around problems.  If the lba + num blocks
5567	 * is less than the lba, then we've wrapped around and the block
5568	 * range is invalid anyway.
5569	 */
5570	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5571	 || ((lba + num_blocks) < lba)) {
5572		ctl_set_lba_out_of_range(ctsio);
5573		ctl_done((union ctl_io *)ctsio);
5574		return (CTL_RETVAL_COMPLETE);
5575	}
5576
5577	/* Zero number of blocks means "to the last logical block" */
5578	if (num_blocks == 0) {
5579		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5580			ctl_set_invalid_field(ctsio,
5581					      /*sks_valid*/ 0,
5582					      /*command*/ 1,
5583					      /*field*/ 0,
5584					      /*bit_valid*/ 0,
5585					      /*bit*/ 0);
5586			ctl_done((union ctl_io *)ctsio);
5587			return (CTL_RETVAL_COMPLETE);
5588		}
5589		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5590	}
5591
5592	len = lun->be_lun->blocksize;
5593
5594	/*
5595	 * If we've got a kernel request that hasn't been malloced yet,
5596	 * malloc it and tell the caller the data buffer is here.
5597	 */
5598	if ((byte2 & SWS_NDOB) == 0 &&
5599	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5600		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5601		ctsio->kern_data_len = len;
5602		ctsio->kern_total_len = len;
5603		ctsio->kern_data_resid = 0;
5604		ctsio->kern_rel_offset = 0;
5605		ctsio->kern_sg_entries = 0;
5606		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5607		ctsio->be_move_done = ctl_config_move_done;
5608		ctl_datamove((union ctl_io *)ctsio);
5609
5610		return (CTL_RETVAL_COMPLETE);
5611	}
5612
5613	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5614	lbalen->lba = lba;
5615	lbalen->len = num_blocks;
5616	lbalen->flags = byte2;
5617	retval = lun->backend->config_write((union ctl_io *)ctsio);
5618
5619	return (retval);
5620}
5621
5622int
5623ctl_unmap(struct ctl_scsiio *ctsio)
5624{
5625	struct ctl_lun *lun;
5626	struct scsi_unmap *cdb;
5627	struct ctl_ptr_len_flags *ptrlen;
5628	struct scsi_unmap_header *hdr;
5629	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5630	uint64_t lba;
5631	uint32_t num_blocks;
5632	int len, retval;
5633	uint8_t byte2;
5634
5635	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5636
5637	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5638	cdb = (struct scsi_unmap *)ctsio->cdb;
5639
5640	len = scsi_2btoul(cdb->length);
5641	byte2 = cdb->byte2;
5642
5643	/*
5644	 * If we've got a kernel request that hasn't been malloced yet,
5645	 * malloc it and tell the caller the data buffer is here.
5646	 */
5647	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5648		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5649		ctsio->kern_data_len = len;
5650		ctsio->kern_total_len = len;
5651		ctsio->kern_data_resid = 0;
5652		ctsio->kern_rel_offset = 0;
5653		ctsio->kern_sg_entries = 0;
5654		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5655		ctsio->be_move_done = ctl_config_move_done;
5656		ctl_datamove((union ctl_io *)ctsio);
5657
5658		return (CTL_RETVAL_COMPLETE);
5659	}
5660
5661	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5662	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5663	if (len < sizeof (*hdr) ||
5664	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5665	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5666	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5667		ctl_set_invalid_field(ctsio,
5668				      /*sks_valid*/ 0,
5669				      /*command*/ 0,
5670				      /*field*/ 0,
5671				      /*bit_valid*/ 0,
5672				      /*bit*/ 0);
5673		goto done;
5674	}
5675	len = scsi_2btoul(hdr->desc_length);
5676	buf = (struct scsi_unmap_desc *)(hdr + 1);
5677	end = buf + len / sizeof(*buf);
5678
5679	endnz = buf;
5680	for (range = buf; range < end; range++) {
5681		lba = scsi_8btou64(range->lba);
5682		num_blocks = scsi_4btoul(range->length);
5683		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5684		 || ((lba + num_blocks) < lba)) {
5685			ctl_set_lba_out_of_range(ctsio);
5686			ctl_done((union ctl_io *)ctsio);
5687			return (CTL_RETVAL_COMPLETE);
5688		}
5689		if (num_blocks != 0)
5690			endnz = range + 1;
5691	}
5692
5693	/*
5694	 * Block backend can not handle zero last range.
5695	 * Filter it out and return if there is nothing left.
5696	 */
5697	len = (uint8_t *)endnz - (uint8_t *)buf;
5698	if (len == 0) {
5699		ctl_set_success(ctsio);
5700		goto done;
5701	}
5702
5703	mtx_lock(&lun->lun_lock);
5704	ptrlen = (struct ctl_ptr_len_flags *)
5705	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5706	ptrlen->ptr = (void *)buf;
5707	ptrlen->len = len;
5708	ptrlen->flags = byte2;
5709	ctl_check_blocked(lun);
5710	mtx_unlock(&lun->lun_lock);
5711
5712	retval = lun->backend->config_write((union ctl_io *)ctsio);
5713	return (retval);
5714
5715done:
5716	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5717		free(ctsio->kern_data_ptr, M_CTL);
5718		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5719	}
5720	ctl_done((union ctl_io *)ctsio);
5721	return (CTL_RETVAL_COMPLETE);
5722}
5723
5724/*
5725 * Note that this function currently doesn't actually do anything inside
5726 * CTL to enforce things if the DQue bit is turned on.
5727 *
5728 * Also note that this function can't be used in the default case, because
5729 * the DQue bit isn't set in the changeable mask for the control mode page
5730 * anyway.  This is just here as an example for how to implement a page
5731 * handler, and a placeholder in case we want to allow the user to turn
5732 * tagged queueing on and off.
5733 *
5734 * The D_SENSE bit handling is functional, however, and will turn
5735 * descriptor sense on and off for a given LUN.
5736 */
5737int
5738ctl_control_page_handler(struct ctl_scsiio *ctsio,
5739			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5740{
5741	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5742	struct ctl_lun *lun;
5743	int set_ua;
5744	uint32_t initidx;
5745
5746	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5747	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5748	set_ua = 0;
5749
5750	user_cp = (struct scsi_control_page *)page_ptr;
5751	current_cp = (struct scsi_control_page *)
5752		(page_index->page_data + (page_index->page_len *
5753		CTL_PAGE_CURRENT));
5754	saved_cp = (struct scsi_control_page *)
5755		(page_index->page_data + (page_index->page_len *
5756		CTL_PAGE_SAVED));
5757
5758	mtx_lock(&lun->lun_lock);
5759	if (((current_cp->rlec & SCP_DSENSE) == 0)
5760	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5761		/*
5762		 * Descriptor sense is currently turned off and the user
5763		 * wants to turn it on.
5764		 */
5765		current_cp->rlec |= SCP_DSENSE;
5766		saved_cp->rlec |= SCP_DSENSE;
5767		lun->flags |= CTL_LUN_SENSE_DESC;
5768		set_ua = 1;
5769	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5770		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5771		/*
5772		 * Descriptor sense is currently turned on, and the user
5773		 * wants to turn it off.
5774		 */
5775		current_cp->rlec &= ~SCP_DSENSE;
5776		saved_cp->rlec &= ~SCP_DSENSE;
5777		lun->flags &= ~CTL_LUN_SENSE_DESC;
5778		set_ua = 1;
5779	}
5780	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5781	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5782		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5783		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5784		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5785		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5786		set_ua = 1;
5787	}
5788	if ((current_cp->eca_and_aen & SCP_SWP) !=
5789	    (user_cp->eca_and_aen & SCP_SWP)) {
5790		current_cp->eca_and_aen &= ~SCP_SWP;
5791		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5792		saved_cp->eca_and_aen &= ~SCP_SWP;
5793		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5794		set_ua = 1;
5795	}
5796	if (set_ua != 0)
5797		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5798	mtx_unlock(&lun->lun_lock);
5799	if (set_ua) {
5800		ctl_isc_announce_mode(lun,
5801		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5802		    page_index->page_code, page_index->subpage);
5803	}
5804	return (0);
5805}
5806
5807int
5808ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5809		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5810{
5811	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5812	struct ctl_lun *lun;
5813	int set_ua;
5814	uint32_t initidx;
5815
5816	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5817	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5818	set_ua = 0;
5819
5820	user_cp = (struct scsi_caching_page *)page_ptr;
5821	current_cp = (struct scsi_caching_page *)
5822		(page_index->page_data + (page_index->page_len *
5823		CTL_PAGE_CURRENT));
5824	saved_cp = (struct scsi_caching_page *)
5825		(page_index->page_data + (page_index->page_len *
5826		CTL_PAGE_SAVED));
5827
5828	mtx_lock(&lun->lun_lock);
5829	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5830	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5831		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5832		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5833		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5834		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5835		set_ua = 1;
5836	}
5837	if (set_ua != 0)
5838		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5839	mtx_unlock(&lun->lun_lock);
5840	if (set_ua) {
5841		ctl_isc_announce_mode(lun,
5842		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5843		    page_index->page_code, page_index->subpage);
5844	}
5845	return (0);
5846}
5847
5848int
5849ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5850				struct ctl_page_index *page_index,
5851				uint8_t *page_ptr)
5852{
5853	uint8_t *c;
5854	int i;
5855
5856	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5857	ctl_time_io_secs =
5858		(c[0] << 8) |
5859		(c[1] << 0) |
5860		0;
5861	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5862	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5863	printf("page data:");
5864	for (i=0; i<8; i++)
5865		printf(" %.2x",page_ptr[i]);
5866	printf("\n");
5867	return (0);
5868}
5869
5870int
5871ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5872			       struct ctl_page_index *page_index,
5873			       int pc)
5874{
5875	struct copan_debugconf_subpage *page;
5876
5877	page = (struct copan_debugconf_subpage *)page_index->page_data +
5878		(page_index->page_len * pc);
5879
5880	switch (pc) {
5881	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5882	case SMS_PAGE_CTRL_DEFAULT >> 6:
5883	case SMS_PAGE_CTRL_SAVED >> 6:
5884		/*
5885		 * We don't update the changable or default bits for this page.
5886		 */
5887		break;
5888	case SMS_PAGE_CTRL_CURRENT >> 6:
5889		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5890		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5891		break;
5892	default:
5893		break;
5894	}
5895	return (0);
5896}
5897
5898
5899static int
5900ctl_do_mode_select(union ctl_io *io)
5901{
5902	struct scsi_mode_page_header *page_header;
5903	struct ctl_page_index *page_index;
5904	struct ctl_scsiio *ctsio;
5905	int control_dev, page_len;
5906	int page_len_offset, page_len_size;
5907	union ctl_modepage_info *modepage_info;
5908	struct ctl_lun *lun;
5909	int *len_left, *len_used;
5910	int retval, i;
5911
5912	ctsio = &io->scsiio;
5913	page_index = NULL;
5914	page_len = 0;
5915	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5916
5917	if (lun->be_lun->lun_type != T_DIRECT)
5918		control_dev = 1;
5919	else
5920		control_dev = 0;
5921
5922	modepage_info = (union ctl_modepage_info *)
5923		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5924	len_left = &modepage_info->header.len_left;
5925	len_used = &modepage_info->header.len_used;
5926
5927do_next_page:
5928
5929	page_header = (struct scsi_mode_page_header *)
5930		(ctsio->kern_data_ptr + *len_used);
5931
5932	if (*len_left == 0) {
5933		free(ctsio->kern_data_ptr, M_CTL);
5934		ctl_set_success(ctsio);
5935		ctl_done((union ctl_io *)ctsio);
5936		return (CTL_RETVAL_COMPLETE);
5937	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5938
5939		free(ctsio->kern_data_ptr, M_CTL);
5940		ctl_set_param_len_error(ctsio);
5941		ctl_done((union ctl_io *)ctsio);
5942		return (CTL_RETVAL_COMPLETE);
5943
5944	} else if ((page_header->page_code & SMPH_SPF)
5945		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5946
5947		free(ctsio->kern_data_ptr, M_CTL);
5948		ctl_set_param_len_error(ctsio);
5949		ctl_done((union ctl_io *)ctsio);
5950		return (CTL_RETVAL_COMPLETE);
5951	}
5952
5953
5954	/*
5955	 * XXX KDM should we do something with the block descriptor?
5956	 */
5957	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5958
5959		if ((control_dev != 0)
5960		 && (lun->mode_pages.index[i].page_flags &
5961		     CTL_PAGE_FLAG_DISK_ONLY))
5962			continue;
5963
5964		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5965		    (page_header->page_code & SMPH_PC_MASK))
5966			continue;
5967
5968		/*
5969		 * If neither page has a subpage code, then we've got a
5970		 * match.
5971		 */
5972		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5973		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5974			page_index = &lun->mode_pages.index[i];
5975			page_len = page_header->page_length;
5976			break;
5977		}
5978
5979		/*
5980		 * If both pages have subpages, then the subpage numbers
5981		 * have to match.
5982		 */
5983		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5984		  && (page_header->page_code & SMPH_SPF)) {
5985			struct scsi_mode_page_header_sp *sph;
5986
5987			sph = (struct scsi_mode_page_header_sp *)page_header;
5988
5989			if (lun->mode_pages.index[i].subpage ==
5990			    sph->subpage) {
5991				page_index = &lun->mode_pages.index[i];
5992				page_len = scsi_2btoul(sph->page_length);
5993				break;
5994			}
5995		}
5996	}
5997
5998	/*
5999	 * If we couldn't find the page, or if we don't have a mode select
6000	 * handler for it, send back an error to the user.
6001	 */
6002	if ((page_index == NULL)
6003	 || (page_index->select_handler == NULL)) {
6004		ctl_set_invalid_field(ctsio,
6005				      /*sks_valid*/ 1,
6006				      /*command*/ 0,
6007				      /*field*/ *len_used,
6008				      /*bit_valid*/ 0,
6009				      /*bit*/ 0);
6010		free(ctsio->kern_data_ptr, M_CTL);
6011		ctl_done((union ctl_io *)ctsio);
6012		return (CTL_RETVAL_COMPLETE);
6013	}
6014
6015	if (page_index->page_code & SMPH_SPF) {
6016		page_len_offset = 2;
6017		page_len_size = 2;
6018	} else {
6019		page_len_size = 1;
6020		page_len_offset = 1;
6021	}
6022
6023	/*
6024	 * If the length the initiator gives us isn't the one we specify in
6025	 * the mode page header, or if they didn't specify enough data in
6026	 * the CDB to avoid truncating this page, kick out the request.
6027	 */
6028	if ((page_len != (page_index->page_len - page_len_offset -
6029			  page_len_size))
6030	 || (*len_left < page_index->page_len)) {
6031
6032
6033		ctl_set_invalid_field(ctsio,
6034				      /*sks_valid*/ 1,
6035				      /*command*/ 0,
6036				      /*field*/ *len_used + page_len_offset,
6037				      /*bit_valid*/ 0,
6038				      /*bit*/ 0);
6039		free(ctsio->kern_data_ptr, M_CTL);
6040		ctl_done((union ctl_io *)ctsio);
6041		return (CTL_RETVAL_COMPLETE);
6042	}
6043
6044	/*
6045	 * Run through the mode page, checking to make sure that the bits
6046	 * the user changed are actually legal for him to change.
6047	 */
6048	for (i = 0; i < page_index->page_len; i++) {
6049		uint8_t *user_byte, *change_mask, *current_byte;
6050		int bad_bit;
6051		int j;
6052
6053		user_byte = (uint8_t *)page_header + i;
6054		change_mask = page_index->page_data +
6055			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6056		current_byte = page_index->page_data +
6057			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6058
6059		/*
6060		 * Check to see whether the user set any bits in this byte
6061		 * that he is not allowed to set.
6062		 */
6063		if ((*user_byte & ~(*change_mask)) ==
6064		    (*current_byte & ~(*change_mask)))
6065			continue;
6066
6067		/*
6068		 * Go through bit by bit to determine which one is illegal.
6069		 */
6070		bad_bit = 0;
6071		for (j = 7; j >= 0; j--) {
6072			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6073			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6074				bad_bit = i;
6075				break;
6076			}
6077		}
6078		ctl_set_invalid_field(ctsio,
6079				      /*sks_valid*/ 1,
6080				      /*command*/ 0,
6081				      /*field*/ *len_used + i,
6082				      /*bit_valid*/ 1,
6083				      /*bit*/ bad_bit);
6084		free(ctsio->kern_data_ptr, M_CTL);
6085		ctl_done((union ctl_io *)ctsio);
6086		return (CTL_RETVAL_COMPLETE);
6087	}
6088
6089	/*
6090	 * Decrement these before we call the page handler, since we may
6091	 * end up getting called back one way or another before the handler
6092	 * returns to this context.
6093	 */
6094	*len_left -= page_index->page_len;
6095	*len_used += page_index->page_len;
6096
6097	retval = page_index->select_handler(ctsio, page_index,
6098					    (uint8_t *)page_header);
6099
6100	/*
6101	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6102	 * wait until this queued command completes to finish processing
6103	 * the mode page.  If it returns anything other than
6104	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6105	 * already set the sense information, freed the data pointer, and
6106	 * completed the io for us.
6107	 */
6108	if (retval != CTL_RETVAL_COMPLETE)
6109		goto bailout_no_done;
6110
6111	/*
6112	 * If the initiator sent us more than one page, parse the next one.
6113	 */
6114	if (*len_left > 0)
6115		goto do_next_page;
6116
6117	ctl_set_success(ctsio);
6118	free(ctsio->kern_data_ptr, M_CTL);
6119	ctl_done((union ctl_io *)ctsio);
6120
6121bailout_no_done:
6122
6123	return (CTL_RETVAL_COMPLETE);
6124
6125}
6126
6127int
6128ctl_mode_select(struct ctl_scsiio *ctsio)
6129{
6130	int param_len, pf, sp;
6131	int header_size, bd_len;
6132	union ctl_modepage_info *modepage_info;
6133
6134	switch (ctsio->cdb[0]) {
6135	case MODE_SELECT_6: {
6136		struct scsi_mode_select_6 *cdb;
6137
6138		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6139
6140		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6141		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6142		param_len = cdb->length;
6143		header_size = sizeof(struct scsi_mode_header_6);
6144		break;
6145	}
6146	case MODE_SELECT_10: {
6147		struct scsi_mode_select_10 *cdb;
6148
6149		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6150
6151		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6152		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6153		param_len = scsi_2btoul(cdb->length);
6154		header_size = sizeof(struct scsi_mode_header_10);
6155		break;
6156	}
6157	default:
6158		ctl_set_invalid_opcode(ctsio);
6159		ctl_done((union ctl_io *)ctsio);
6160		return (CTL_RETVAL_COMPLETE);
6161	}
6162
6163	/*
6164	 * From SPC-3:
6165	 * "A parameter list length of zero indicates that the Data-Out Buffer
6166	 * shall be empty. This condition shall not be considered as an error."
6167	 */
6168	if (param_len == 0) {
6169		ctl_set_success(ctsio);
6170		ctl_done((union ctl_io *)ctsio);
6171		return (CTL_RETVAL_COMPLETE);
6172	}
6173
6174	/*
6175	 * Since we'll hit this the first time through, prior to
6176	 * allocation, we don't need to free a data buffer here.
6177	 */
6178	if (param_len < header_size) {
6179		ctl_set_param_len_error(ctsio);
6180		ctl_done((union ctl_io *)ctsio);
6181		return (CTL_RETVAL_COMPLETE);
6182	}
6183
6184	/*
6185	 * Allocate the data buffer and grab the user's data.  In theory,
6186	 * we shouldn't have to sanity check the parameter list length here
6187	 * because the maximum size is 64K.  We should be able to malloc
6188	 * that much without too many problems.
6189	 */
6190	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6191		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6192		ctsio->kern_data_len = param_len;
6193		ctsio->kern_total_len = param_len;
6194		ctsio->kern_data_resid = 0;
6195		ctsio->kern_rel_offset = 0;
6196		ctsio->kern_sg_entries = 0;
6197		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6198		ctsio->be_move_done = ctl_config_move_done;
6199		ctl_datamove((union ctl_io *)ctsio);
6200
6201		return (CTL_RETVAL_COMPLETE);
6202	}
6203
6204	switch (ctsio->cdb[0]) {
6205	case MODE_SELECT_6: {
6206		struct scsi_mode_header_6 *mh6;
6207
6208		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6209		bd_len = mh6->blk_desc_len;
6210		break;
6211	}
6212	case MODE_SELECT_10: {
6213		struct scsi_mode_header_10 *mh10;
6214
6215		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6216		bd_len = scsi_2btoul(mh10->blk_desc_len);
6217		break;
6218	}
6219	default:
6220		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6221		break;
6222	}
6223
6224	if (param_len < (header_size + bd_len)) {
6225		free(ctsio->kern_data_ptr, M_CTL);
6226		ctl_set_param_len_error(ctsio);
6227		ctl_done((union ctl_io *)ctsio);
6228		return (CTL_RETVAL_COMPLETE);
6229	}
6230
6231	/*
6232	 * Set the IO_CONT flag, so that if this I/O gets passed to
6233	 * ctl_config_write_done(), it'll get passed back to
6234	 * ctl_do_mode_select() for further processing, or completion if
6235	 * we're all done.
6236	 */
6237	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6238	ctsio->io_cont = ctl_do_mode_select;
6239
6240	modepage_info = (union ctl_modepage_info *)
6241		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6242	memset(modepage_info, 0, sizeof(*modepage_info));
6243	modepage_info->header.len_left = param_len - header_size - bd_len;
6244	modepage_info->header.len_used = header_size + bd_len;
6245
6246	return (ctl_do_mode_select((union ctl_io *)ctsio));
6247}
6248
6249int
6250ctl_mode_sense(struct ctl_scsiio *ctsio)
6251{
6252	struct ctl_lun *lun;
6253	int pc, page_code, dbd, llba, subpage;
6254	int alloc_len, page_len, header_len, total_len;
6255	struct scsi_mode_block_descr *block_desc;
6256	struct ctl_page_index *page_index;
6257	int control_dev;
6258
6259	dbd = 0;
6260	llba = 0;
6261	block_desc = NULL;
6262	page_index = NULL;
6263
6264	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6265
6266	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6267
6268	if (lun->be_lun->lun_type != T_DIRECT)
6269		control_dev = 1;
6270	else
6271		control_dev = 0;
6272
6273	switch (ctsio->cdb[0]) {
6274	case MODE_SENSE_6: {
6275		struct scsi_mode_sense_6 *cdb;
6276
6277		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6278
6279		header_len = sizeof(struct scsi_mode_hdr_6);
6280		if (cdb->byte2 & SMS_DBD)
6281			dbd = 1;
6282		else
6283			header_len += sizeof(struct scsi_mode_block_descr);
6284
6285		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6286		page_code = cdb->page & SMS_PAGE_CODE;
6287		subpage = cdb->subpage;
6288		alloc_len = cdb->length;
6289		break;
6290	}
6291	case MODE_SENSE_10: {
6292		struct scsi_mode_sense_10 *cdb;
6293
6294		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6295
6296		header_len = sizeof(struct scsi_mode_hdr_10);
6297
6298		if (cdb->byte2 & SMS_DBD)
6299			dbd = 1;
6300		else
6301			header_len += sizeof(struct scsi_mode_block_descr);
6302		if (cdb->byte2 & SMS10_LLBAA)
6303			llba = 1;
6304		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6305		page_code = cdb->page & SMS_PAGE_CODE;
6306		subpage = cdb->subpage;
6307		alloc_len = scsi_2btoul(cdb->length);
6308		break;
6309	}
6310	default:
6311		ctl_set_invalid_opcode(ctsio);
6312		ctl_done((union ctl_io *)ctsio);
6313		return (CTL_RETVAL_COMPLETE);
6314		break; /* NOTREACHED */
6315	}
6316
6317	/*
6318	 * We have to make a first pass through to calculate the size of
6319	 * the pages that match the user's query.  Then we allocate enough
6320	 * memory to hold it, and actually copy the data into the buffer.
6321	 */
6322	switch (page_code) {
6323	case SMS_ALL_PAGES_PAGE: {
6324		int i;
6325
6326		page_len = 0;
6327
6328		/*
6329		 * At the moment, values other than 0 and 0xff here are
6330		 * reserved according to SPC-3.
6331		 */
6332		if ((subpage != SMS_SUBPAGE_PAGE_0)
6333		 && (subpage != SMS_SUBPAGE_ALL)) {
6334			ctl_set_invalid_field(ctsio,
6335					      /*sks_valid*/ 1,
6336					      /*command*/ 1,
6337					      /*field*/ 3,
6338					      /*bit_valid*/ 0,
6339					      /*bit*/ 0);
6340			ctl_done((union ctl_io *)ctsio);
6341			return (CTL_RETVAL_COMPLETE);
6342		}
6343
6344		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6345			if ((control_dev != 0)
6346			 && (lun->mode_pages.index[i].page_flags &
6347			     CTL_PAGE_FLAG_DISK_ONLY))
6348				continue;
6349
6350			/*
6351			 * We don't use this subpage if the user didn't
6352			 * request all subpages.
6353			 */
6354			if ((lun->mode_pages.index[i].subpage != 0)
6355			 && (subpage == SMS_SUBPAGE_PAGE_0))
6356				continue;
6357
6358#if 0
6359			printf("found page %#x len %d\n",
6360			       lun->mode_pages.index[i].page_code &
6361			       SMPH_PC_MASK,
6362			       lun->mode_pages.index[i].page_len);
6363#endif
6364			page_len += lun->mode_pages.index[i].page_len;
6365		}
6366		break;
6367	}
6368	default: {
6369		int i;
6370
6371		page_len = 0;
6372
6373		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6374			/* Look for the right page code */
6375			if ((lun->mode_pages.index[i].page_code &
6376			     SMPH_PC_MASK) != page_code)
6377				continue;
6378
6379			/* Look for the right subpage or the subpage wildcard*/
6380			if ((lun->mode_pages.index[i].subpage != subpage)
6381			 && (subpage != SMS_SUBPAGE_ALL))
6382				continue;
6383
6384			/* Make sure the page is supported for this dev type */
6385			if ((control_dev != 0)
6386			 && (lun->mode_pages.index[i].page_flags &
6387			     CTL_PAGE_FLAG_DISK_ONLY))
6388				continue;
6389
6390#if 0
6391			printf("found page %#x len %d\n",
6392			       lun->mode_pages.index[i].page_code &
6393			       SMPH_PC_MASK,
6394			       lun->mode_pages.index[i].page_len);
6395#endif
6396
6397			page_len += lun->mode_pages.index[i].page_len;
6398		}
6399
6400		if (page_len == 0) {
6401			ctl_set_invalid_field(ctsio,
6402					      /*sks_valid*/ 1,
6403					      /*command*/ 1,
6404					      /*field*/ 2,
6405					      /*bit_valid*/ 1,
6406					      /*bit*/ 5);
6407			ctl_done((union ctl_io *)ctsio);
6408			return (CTL_RETVAL_COMPLETE);
6409		}
6410		break;
6411	}
6412	}
6413
6414	total_len = header_len + page_len;
6415#if 0
6416	printf("header_len = %d, page_len = %d, total_len = %d\n",
6417	       header_len, page_len, total_len);
6418#endif
6419
6420	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6421	ctsio->kern_sg_entries = 0;
6422	ctsio->kern_data_resid = 0;
6423	ctsio->kern_rel_offset = 0;
6424	if (total_len < alloc_len) {
6425		ctsio->residual = alloc_len - total_len;
6426		ctsio->kern_data_len = total_len;
6427		ctsio->kern_total_len = total_len;
6428	} else {
6429		ctsio->residual = 0;
6430		ctsio->kern_data_len = alloc_len;
6431		ctsio->kern_total_len = alloc_len;
6432	}
6433
6434	switch (ctsio->cdb[0]) {
6435	case MODE_SENSE_6: {
6436		struct scsi_mode_hdr_6 *header;
6437
6438		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6439
6440		header->datalen = MIN(total_len - 1, 254);
6441		if (control_dev == 0) {
6442			header->dev_specific = 0x10; /* DPOFUA */
6443			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6444			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6445			    .eca_and_aen & SCP_SWP) != 0)
6446				    header->dev_specific |= 0x80; /* WP */
6447		}
6448		if (dbd)
6449			header->block_descr_len = 0;
6450		else
6451			header->block_descr_len =
6452				sizeof(struct scsi_mode_block_descr);
6453		block_desc = (struct scsi_mode_block_descr *)&header[1];
6454		break;
6455	}
6456	case MODE_SENSE_10: {
6457		struct scsi_mode_hdr_10 *header;
6458		int datalen;
6459
6460		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6461
6462		datalen = MIN(total_len - 2, 65533);
6463		scsi_ulto2b(datalen, header->datalen);
6464		if (control_dev == 0) {
6465			header->dev_specific = 0x10; /* DPOFUA */
6466			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6467			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6468			    .eca_and_aen & SCP_SWP) != 0)
6469				    header->dev_specific |= 0x80; /* WP */
6470		}
6471		if (dbd)
6472			scsi_ulto2b(0, header->block_descr_len);
6473		else
6474			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6475				    header->block_descr_len);
6476		block_desc = (struct scsi_mode_block_descr *)&header[1];
6477		break;
6478	}
6479	default:
6480		panic("invalid CDB type %#x", ctsio->cdb[0]);
6481		break; /* NOTREACHED */
6482	}
6483
6484	/*
6485	 * If we've got a disk, use its blocksize in the block
6486	 * descriptor.  Otherwise, just set it to 0.
6487	 */
6488	if (dbd == 0) {
6489		if (control_dev == 0)
6490			scsi_ulto3b(lun->be_lun->blocksize,
6491				    block_desc->block_len);
6492		else
6493			scsi_ulto3b(0, block_desc->block_len);
6494	}
6495
6496	switch (page_code) {
6497	case SMS_ALL_PAGES_PAGE: {
6498		int i, data_used;
6499
6500		data_used = header_len;
6501		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6502			struct ctl_page_index *page_index;
6503
6504			page_index = &lun->mode_pages.index[i];
6505
6506			if ((control_dev != 0)
6507			 && (page_index->page_flags &
6508			    CTL_PAGE_FLAG_DISK_ONLY))
6509				continue;
6510
6511			/*
6512			 * We don't use this subpage if the user didn't
6513			 * request all subpages.  We already checked (above)
6514			 * to make sure the user only specified a subpage
6515			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6516			 */
6517			if ((page_index->subpage != 0)
6518			 && (subpage == SMS_SUBPAGE_PAGE_0))
6519				continue;
6520
6521			/*
6522			 * Call the handler, if it exists, to update the
6523			 * page to the latest values.
6524			 */
6525			if (page_index->sense_handler != NULL)
6526				page_index->sense_handler(ctsio, page_index,pc);
6527
6528			memcpy(ctsio->kern_data_ptr + data_used,
6529			       page_index->page_data +
6530			       (page_index->page_len * pc),
6531			       page_index->page_len);
6532			data_used += page_index->page_len;
6533		}
6534		break;
6535	}
6536	default: {
6537		int i, data_used;
6538
6539		data_used = header_len;
6540
6541		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6542			struct ctl_page_index *page_index;
6543
6544			page_index = &lun->mode_pages.index[i];
6545
6546			/* Look for the right page code */
6547			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6548				continue;
6549
6550			/* Look for the right subpage or the subpage wildcard*/
6551			if ((page_index->subpage != subpage)
6552			 && (subpage != SMS_SUBPAGE_ALL))
6553				continue;
6554
6555			/* Make sure the page is supported for this dev type */
6556			if ((control_dev != 0)
6557			 && (page_index->page_flags &
6558			     CTL_PAGE_FLAG_DISK_ONLY))
6559				continue;
6560
6561			/*
6562			 * Call the handler, if it exists, to update the
6563			 * page to the latest values.
6564			 */
6565			if (page_index->sense_handler != NULL)
6566				page_index->sense_handler(ctsio, page_index,pc);
6567
6568			memcpy(ctsio->kern_data_ptr + data_used,
6569			       page_index->page_data +
6570			       (page_index->page_len * pc),
6571			       page_index->page_len);
6572			data_used += page_index->page_len;
6573		}
6574		break;
6575	}
6576	}
6577
6578	ctl_set_success(ctsio);
6579	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6580	ctsio->be_move_done = ctl_config_move_done;
6581	ctl_datamove((union ctl_io *)ctsio);
6582	return (CTL_RETVAL_COMPLETE);
6583}
6584
6585int
6586ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6587			       struct ctl_page_index *page_index,
6588			       int pc)
6589{
6590	struct ctl_lun *lun;
6591	struct scsi_log_param_header *phdr;
6592	uint8_t *data;
6593	uint64_t val;
6594
6595	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6596	data = page_index->page_data;
6597
6598	if (lun->backend->lun_attr != NULL &&
6599	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6600	     != UINT64_MAX) {
6601		phdr = (struct scsi_log_param_header *)data;
6602		scsi_ulto2b(0x0001, phdr->param_code);
6603		phdr->param_control = SLP_LBIN | SLP_LP;
6604		phdr->param_len = 8;
6605		data = (uint8_t *)(phdr + 1);
6606		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6607		data[4] = 0x02; /* per-pool */
6608		data += phdr->param_len;
6609	}
6610
6611	if (lun->backend->lun_attr != NULL &&
6612	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6613	     != UINT64_MAX) {
6614		phdr = (struct scsi_log_param_header *)data;
6615		scsi_ulto2b(0x0002, phdr->param_code);
6616		phdr->param_control = SLP_LBIN | SLP_LP;
6617		phdr->param_len = 8;
6618		data = (uint8_t *)(phdr + 1);
6619		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6620		data[4] = 0x01; /* per-LUN */
6621		data += phdr->param_len;
6622	}
6623
6624	if (lun->backend->lun_attr != NULL &&
6625	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6626	     != UINT64_MAX) {
6627		phdr = (struct scsi_log_param_header *)data;
6628		scsi_ulto2b(0x00f1, phdr->param_code);
6629		phdr->param_control = SLP_LBIN | SLP_LP;
6630		phdr->param_len = 8;
6631		data = (uint8_t *)(phdr + 1);
6632		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6633		data[4] = 0x02; /* per-pool */
6634		data += phdr->param_len;
6635	}
6636
6637	if (lun->backend->lun_attr != NULL &&
6638	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6639	     != UINT64_MAX) {
6640		phdr = (struct scsi_log_param_header *)data;
6641		scsi_ulto2b(0x00f2, phdr->param_code);
6642		phdr->param_control = SLP_LBIN | SLP_LP;
6643		phdr->param_len = 8;
6644		data = (uint8_t *)(phdr + 1);
6645		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6646		data[4] = 0x02; /* per-pool */
6647		data += phdr->param_len;
6648	}
6649
6650	page_index->page_len = data - page_index->page_data;
6651	return (0);
6652}
6653
6654int
6655ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6656			       struct ctl_page_index *page_index,
6657			       int pc)
6658{
6659	struct ctl_lun *lun;
6660	struct stat_page *data;
6661	uint64_t rn, wn, rb, wb;
6662	struct bintime rt, wt;
6663	int i;
6664
6665	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6666	data = (struct stat_page *)page_index->page_data;
6667
6668	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6669	data->sap.hdr.param_control = SLP_LBIN;
6670	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6671	    sizeof(struct scsi_log_param_header);
6672	rn = wn = rb = wb = 0;
6673	bintime_clear(&rt);
6674	bintime_clear(&wt);
6675	for (i = 0; i < CTL_MAX_PORTS; i++) {
6676		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6677		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6678		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6679		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6680		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6681		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6682	}
6683	scsi_u64to8b(rn, data->sap.read_num);
6684	scsi_u64to8b(wn, data->sap.write_num);
6685	if (lun->stats.blocksize > 0) {
6686		scsi_u64to8b(wb / lun->stats.blocksize,
6687		    data->sap.recvieved_lba);
6688		scsi_u64to8b(rb / lun->stats.blocksize,
6689		    data->sap.transmitted_lba);
6690	}
6691	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6692	    data->sap.read_int);
6693	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6694	    data->sap.write_int);
6695	scsi_u64to8b(0, data->sap.weighted_num);
6696	scsi_u64to8b(0, data->sap.weighted_int);
6697	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6698	data->it.hdr.param_control = SLP_LBIN;
6699	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6700	    sizeof(struct scsi_log_param_header);
6701#ifdef CTL_TIME_IO
6702	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6703#endif
6704	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6705	data->it.hdr.param_control = SLP_LBIN;
6706	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6707	    sizeof(struct scsi_log_param_header);
6708	scsi_ulto4b(3, data->ti.exponent);
6709	scsi_ulto4b(1, data->ti.integer);
6710
6711	page_index->page_len = sizeof(*data);
6712	return (0);
6713}
6714
6715int
6716ctl_log_sense(struct ctl_scsiio *ctsio)
6717{
6718	struct ctl_lun *lun;
6719	int i, pc, page_code, subpage;
6720	int alloc_len, total_len;
6721	struct ctl_page_index *page_index;
6722	struct scsi_log_sense *cdb;
6723	struct scsi_log_header *header;
6724
6725	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6726
6727	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6728	cdb = (struct scsi_log_sense *)ctsio->cdb;
6729	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6730	page_code = cdb->page & SLS_PAGE_CODE;
6731	subpage = cdb->subpage;
6732	alloc_len = scsi_2btoul(cdb->length);
6733
6734	page_index = NULL;
6735	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6736		page_index = &lun->log_pages.index[i];
6737
6738		/* Look for the right page code */
6739		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6740			continue;
6741
6742		/* Look for the right subpage or the subpage wildcard*/
6743		if (page_index->subpage != subpage)
6744			continue;
6745
6746		break;
6747	}
6748	if (i >= CTL_NUM_LOG_PAGES) {
6749		ctl_set_invalid_field(ctsio,
6750				      /*sks_valid*/ 1,
6751				      /*command*/ 1,
6752				      /*field*/ 2,
6753				      /*bit_valid*/ 0,
6754				      /*bit*/ 0);
6755		ctl_done((union ctl_io *)ctsio);
6756		return (CTL_RETVAL_COMPLETE);
6757	}
6758
6759	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6760
6761	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6762	ctsio->kern_sg_entries = 0;
6763	ctsio->kern_data_resid = 0;
6764	ctsio->kern_rel_offset = 0;
6765	if (total_len < alloc_len) {
6766		ctsio->residual = alloc_len - total_len;
6767		ctsio->kern_data_len = total_len;
6768		ctsio->kern_total_len = total_len;
6769	} else {
6770		ctsio->residual = 0;
6771		ctsio->kern_data_len = alloc_len;
6772		ctsio->kern_total_len = alloc_len;
6773	}
6774
6775	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6776	header->page = page_index->page_code;
6777	if (page_index->subpage) {
6778		header->page |= SL_SPF;
6779		header->subpage = page_index->subpage;
6780	}
6781	scsi_ulto2b(page_index->page_len, header->datalen);
6782
6783	/*
6784	 * Call the handler, if it exists, to update the
6785	 * page to the latest values.
6786	 */
6787	if (page_index->sense_handler != NULL)
6788		page_index->sense_handler(ctsio, page_index, pc);
6789
6790	memcpy(header + 1, page_index->page_data, page_index->page_len);
6791
6792	ctl_set_success(ctsio);
6793	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6794	ctsio->be_move_done = ctl_config_move_done;
6795	ctl_datamove((union ctl_io *)ctsio);
6796	return (CTL_RETVAL_COMPLETE);
6797}
6798
6799int
6800ctl_read_capacity(struct ctl_scsiio *ctsio)
6801{
6802	struct scsi_read_capacity *cdb;
6803	struct scsi_read_capacity_data *data;
6804	struct ctl_lun *lun;
6805	uint32_t lba;
6806
6807	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6808
6809	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6810
6811	lba = scsi_4btoul(cdb->addr);
6812	if (((cdb->pmi & SRC_PMI) == 0)
6813	 && (lba != 0)) {
6814		ctl_set_invalid_field(/*ctsio*/ ctsio,
6815				      /*sks_valid*/ 1,
6816				      /*command*/ 1,
6817				      /*field*/ 2,
6818				      /*bit_valid*/ 0,
6819				      /*bit*/ 0);
6820		ctl_done((union ctl_io *)ctsio);
6821		return (CTL_RETVAL_COMPLETE);
6822	}
6823
6824	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6825
6826	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6827	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6828	ctsio->residual = 0;
6829	ctsio->kern_data_len = sizeof(*data);
6830	ctsio->kern_total_len = sizeof(*data);
6831	ctsio->kern_data_resid = 0;
6832	ctsio->kern_rel_offset = 0;
6833	ctsio->kern_sg_entries = 0;
6834
6835	/*
6836	 * If the maximum LBA is greater than 0xfffffffe, the user must
6837	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6838	 * serivce action set.
6839	 */
6840	if (lun->be_lun->maxlba > 0xfffffffe)
6841		scsi_ulto4b(0xffffffff, data->addr);
6842	else
6843		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6844
6845	/*
6846	 * XXX KDM this may not be 512 bytes...
6847	 */
6848	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6849
6850	ctl_set_success(ctsio);
6851	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6852	ctsio->be_move_done = ctl_config_move_done;
6853	ctl_datamove((union ctl_io *)ctsio);
6854	return (CTL_RETVAL_COMPLETE);
6855}
6856
6857int
6858ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6859{
6860	struct scsi_read_capacity_16 *cdb;
6861	struct scsi_read_capacity_data_long *data;
6862	struct ctl_lun *lun;
6863	uint64_t lba;
6864	uint32_t alloc_len;
6865
6866	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6867
6868	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6869
6870	alloc_len = scsi_4btoul(cdb->alloc_len);
6871	lba = scsi_8btou64(cdb->addr);
6872
6873	if ((cdb->reladr & SRC16_PMI)
6874	 && (lba != 0)) {
6875		ctl_set_invalid_field(/*ctsio*/ ctsio,
6876				      /*sks_valid*/ 1,
6877				      /*command*/ 1,
6878				      /*field*/ 2,
6879				      /*bit_valid*/ 0,
6880				      /*bit*/ 0);
6881		ctl_done((union ctl_io *)ctsio);
6882		return (CTL_RETVAL_COMPLETE);
6883	}
6884
6885	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6886
6887	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6888	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6889
6890	if (sizeof(*data) < alloc_len) {
6891		ctsio->residual = alloc_len - sizeof(*data);
6892		ctsio->kern_data_len = sizeof(*data);
6893		ctsio->kern_total_len = sizeof(*data);
6894	} else {
6895		ctsio->residual = 0;
6896		ctsio->kern_data_len = alloc_len;
6897		ctsio->kern_total_len = alloc_len;
6898	}
6899	ctsio->kern_data_resid = 0;
6900	ctsio->kern_rel_offset = 0;
6901	ctsio->kern_sg_entries = 0;
6902
6903	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6904	/* XXX KDM this may not be 512 bytes... */
6905	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6906	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6907	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6908	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6909		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6910
6911	ctl_set_success(ctsio);
6912	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6913	ctsio->be_move_done = ctl_config_move_done;
6914	ctl_datamove((union ctl_io *)ctsio);
6915	return (CTL_RETVAL_COMPLETE);
6916}
6917
6918int
6919ctl_get_lba_status(struct ctl_scsiio *ctsio)
6920{
6921	struct scsi_get_lba_status *cdb;
6922	struct scsi_get_lba_status_data *data;
6923	struct ctl_lun *lun;
6924	struct ctl_lba_len_flags *lbalen;
6925	uint64_t lba;
6926	uint32_t alloc_len, total_len;
6927	int retval;
6928
6929	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6930
6931	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6932	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6933	lba = scsi_8btou64(cdb->addr);
6934	alloc_len = scsi_4btoul(cdb->alloc_len);
6935
6936	if (lba > lun->be_lun->maxlba) {
6937		ctl_set_lba_out_of_range(ctsio);
6938		ctl_done((union ctl_io *)ctsio);
6939		return (CTL_RETVAL_COMPLETE);
6940	}
6941
6942	total_len = sizeof(*data) + sizeof(data->descr[0]);
6943	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6944	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6945
6946	if (total_len < alloc_len) {
6947		ctsio->residual = alloc_len - total_len;
6948		ctsio->kern_data_len = total_len;
6949		ctsio->kern_total_len = total_len;
6950	} else {
6951		ctsio->residual = 0;
6952		ctsio->kern_data_len = alloc_len;
6953		ctsio->kern_total_len = alloc_len;
6954	}
6955	ctsio->kern_data_resid = 0;
6956	ctsio->kern_rel_offset = 0;
6957	ctsio->kern_sg_entries = 0;
6958
6959	/* Fill dummy data in case backend can't tell anything. */
6960	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6961	scsi_u64to8b(lba, data->descr[0].addr);
6962	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6963	    data->descr[0].length);
6964	data->descr[0].status = 0; /* Mapped or unknown. */
6965
6966	ctl_set_success(ctsio);
6967	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6968	ctsio->be_move_done = ctl_config_move_done;
6969
6970	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6971	lbalen->lba = lba;
6972	lbalen->len = total_len;
6973	lbalen->flags = 0;
6974	retval = lun->backend->config_read((union ctl_io *)ctsio);
6975	return (CTL_RETVAL_COMPLETE);
6976}
6977
6978int
6979ctl_read_defect(struct ctl_scsiio *ctsio)
6980{
6981	struct scsi_read_defect_data_10 *ccb10;
6982	struct scsi_read_defect_data_12 *ccb12;
6983	struct scsi_read_defect_data_hdr_10 *data10;
6984	struct scsi_read_defect_data_hdr_12 *data12;
6985	uint32_t alloc_len, data_len;
6986	uint8_t format;
6987
6988	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6989
6990	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6991		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6992		format = ccb10->format;
6993		alloc_len = scsi_2btoul(ccb10->alloc_length);
6994		data_len = sizeof(*data10);
6995	} else {
6996		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6997		format = ccb12->format;
6998		alloc_len = scsi_4btoul(ccb12->alloc_length);
6999		data_len = sizeof(*data12);
7000	}
7001	if (alloc_len == 0) {
7002		ctl_set_success(ctsio);
7003		ctl_done((union ctl_io *)ctsio);
7004		return (CTL_RETVAL_COMPLETE);
7005	}
7006
7007	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7008	if (data_len < alloc_len) {
7009		ctsio->residual = alloc_len - data_len;
7010		ctsio->kern_data_len = data_len;
7011		ctsio->kern_total_len = data_len;
7012	} else {
7013		ctsio->residual = 0;
7014		ctsio->kern_data_len = alloc_len;
7015		ctsio->kern_total_len = alloc_len;
7016	}
7017	ctsio->kern_data_resid = 0;
7018	ctsio->kern_rel_offset = 0;
7019	ctsio->kern_sg_entries = 0;
7020
7021	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7022		data10 = (struct scsi_read_defect_data_hdr_10 *)
7023		    ctsio->kern_data_ptr;
7024		data10->format = format;
7025		scsi_ulto2b(0, data10->length);
7026	} else {
7027		data12 = (struct scsi_read_defect_data_hdr_12 *)
7028		    ctsio->kern_data_ptr;
7029		data12->format = format;
7030		scsi_ulto2b(0, data12->generation);
7031		scsi_ulto4b(0, data12->length);
7032	}
7033
7034	ctl_set_success(ctsio);
7035	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7036	ctsio->be_move_done = ctl_config_move_done;
7037	ctl_datamove((union ctl_io *)ctsio);
7038	return (CTL_RETVAL_COMPLETE);
7039}
7040
7041int
7042ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7043{
7044	struct scsi_maintenance_in *cdb;
7045	int retval;
7046	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7047	int num_target_port_groups, num_target_ports;
7048	struct ctl_lun *lun;
7049	struct ctl_softc *softc;
7050	struct ctl_port *port;
7051	struct scsi_target_group_data *rtg_ptr;
7052	struct scsi_target_group_data_extended *rtg_ext_ptr;
7053	struct scsi_target_port_group_descriptor *tpg_desc;
7054
7055	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7056
7057	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7058	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7059	softc = lun->ctl_softc;
7060
7061	retval = CTL_RETVAL_COMPLETE;
7062
7063	switch (cdb->byte2 & STG_PDF_MASK) {
7064	case STG_PDF_LENGTH:
7065		ext = 0;
7066		break;
7067	case STG_PDF_EXTENDED:
7068		ext = 1;
7069		break;
7070	default:
7071		ctl_set_invalid_field(/*ctsio*/ ctsio,
7072				      /*sks_valid*/ 1,
7073				      /*command*/ 1,
7074				      /*field*/ 2,
7075				      /*bit_valid*/ 1,
7076				      /*bit*/ 5);
7077		ctl_done((union ctl_io *)ctsio);
7078		return(retval);
7079	}
7080
7081	if (softc->is_single)
7082		num_target_port_groups = 1;
7083	else
7084		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7085	num_target_ports = 0;
7086	mtx_lock(&softc->ctl_lock);
7087	STAILQ_FOREACH(port, &softc->port_list, links) {
7088		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7089			continue;
7090		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7091			continue;
7092		num_target_ports++;
7093	}
7094	mtx_unlock(&softc->ctl_lock);
7095
7096	if (ext)
7097		total_len = sizeof(struct scsi_target_group_data_extended);
7098	else
7099		total_len = sizeof(struct scsi_target_group_data);
7100	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7101		num_target_port_groups +
7102	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7103
7104	alloc_len = scsi_4btoul(cdb->length);
7105
7106	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7107
7108	ctsio->kern_sg_entries = 0;
7109
7110	if (total_len < alloc_len) {
7111		ctsio->residual = alloc_len - total_len;
7112		ctsio->kern_data_len = total_len;
7113		ctsio->kern_total_len = total_len;
7114	} else {
7115		ctsio->residual = 0;
7116		ctsio->kern_data_len = alloc_len;
7117		ctsio->kern_total_len = alloc_len;
7118	}
7119	ctsio->kern_data_resid = 0;
7120	ctsio->kern_rel_offset = 0;
7121
7122	if (ext) {
7123		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7124		    ctsio->kern_data_ptr;
7125		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7126		rtg_ext_ptr->format_type = 0x10;
7127		rtg_ext_ptr->implicit_transition_time = 0;
7128		tpg_desc = &rtg_ext_ptr->groups[0];
7129	} else {
7130		rtg_ptr = (struct scsi_target_group_data *)
7131		    ctsio->kern_data_ptr;
7132		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7133		tpg_desc = &rtg_ptr->groups[0];
7134	}
7135
7136	mtx_lock(&softc->ctl_lock);
7137	pg = softc->port_min / softc->port_cnt;
7138	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7139		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7140	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7141		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7142	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7143		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7144	else
7145		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7146	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7147		os = gs;
7148		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7149	} else
7150		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7151	for (g = 0; g < num_target_port_groups; g++) {
7152		tpg_desc->pref_state = (g == pg) ? gs : os;
7153		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7154		    TPG_U_SUP | TPG_T_SUP;
7155		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7156		tpg_desc->status = TPG_IMPLICIT;
7157		pc = 0;
7158		STAILQ_FOREACH(port, &softc->port_list, links) {
7159			if (port->targ_port < g * softc->port_cnt ||
7160			    port->targ_port >= (g + 1) * softc->port_cnt)
7161				continue;
7162			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7163				continue;
7164			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7165				continue;
7166			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7167			    relative_target_port_identifier);
7168			pc++;
7169		}
7170		tpg_desc->target_port_count = pc;
7171		tpg_desc = (struct scsi_target_port_group_descriptor *)
7172		    &tpg_desc->descriptors[pc];
7173	}
7174	mtx_unlock(&softc->ctl_lock);
7175
7176	ctl_set_success(ctsio);
7177	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7178	ctsio->be_move_done = ctl_config_move_done;
7179	ctl_datamove((union ctl_io *)ctsio);
7180	return(retval);
7181}
7182
7183int
7184ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7185{
7186	struct ctl_lun *lun;
7187	struct scsi_report_supported_opcodes *cdb;
7188	const struct ctl_cmd_entry *entry, *sentry;
7189	struct scsi_report_supported_opcodes_all *all;
7190	struct scsi_report_supported_opcodes_descr *descr;
7191	struct scsi_report_supported_opcodes_one *one;
7192	int retval;
7193	int alloc_len, total_len;
7194	int opcode, service_action, i, j, num;
7195
7196	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7197
7198	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7199	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7200
7201	retval = CTL_RETVAL_COMPLETE;
7202
7203	opcode = cdb->requested_opcode;
7204	service_action = scsi_2btoul(cdb->requested_service_action);
7205	switch (cdb->options & RSO_OPTIONS_MASK) {
7206	case RSO_OPTIONS_ALL:
7207		num = 0;
7208		for (i = 0; i < 256; i++) {
7209			entry = &ctl_cmd_table[i];
7210			if (entry->flags & CTL_CMD_FLAG_SA5) {
7211				for (j = 0; j < 32; j++) {
7212					sentry = &((const struct ctl_cmd_entry *)
7213					    entry->execute)[j];
7214					if (ctl_cmd_applicable(
7215					    lun->be_lun->lun_type, sentry))
7216						num++;
7217				}
7218			} else {
7219				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7220				    entry))
7221					num++;
7222			}
7223		}
7224		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7225		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7226		break;
7227	case RSO_OPTIONS_OC:
7228		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7229			ctl_set_invalid_field(/*ctsio*/ ctsio,
7230					      /*sks_valid*/ 1,
7231					      /*command*/ 1,
7232					      /*field*/ 2,
7233					      /*bit_valid*/ 1,
7234					      /*bit*/ 2);
7235			ctl_done((union ctl_io *)ctsio);
7236			return (CTL_RETVAL_COMPLETE);
7237		}
7238		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7239		break;
7240	case RSO_OPTIONS_OC_SA:
7241		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7242		    service_action >= 32) {
7243			ctl_set_invalid_field(/*ctsio*/ ctsio,
7244					      /*sks_valid*/ 1,
7245					      /*command*/ 1,
7246					      /*field*/ 2,
7247					      /*bit_valid*/ 1,
7248					      /*bit*/ 2);
7249			ctl_done((union ctl_io *)ctsio);
7250			return (CTL_RETVAL_COMPLETE);
7251		}
7252		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7253		break;
7254	default:
7255		ctl_set_invalid_field(/*ctsio*/ ctsio,
7256				      /*sks_valid*/ 1,
7257				      /*command*/ 1,
7258				      /*field*/ 2,
7259				      /*bit_valid*/ 1,
7260				      /*bit*/ 2);
7261		ctl_done((union ctl_io *)ctsio);
7262		return (CTL_RETVAL_COMPLETE);
7263	}
7264
7265	alloc_len = scsi_4btoul(cdb->length);
7266
7267	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7268
7269	ctsio->kern_sg_entries = 0;
7270
7271	if (total_len < alloc_len) {
7272		ctsio->residual = alloc_len - total_len;
7273		ctsio->kern_data_len = total_len;
7274		ctsio->kern_total_len = total_len;
7275	} else {
7276		ctsio->residual = 0;
7277		ctsio->kern_data_len = alloc_len;
7278		ctsio->kern_total_len = alloc_len;
7279	}
7280	ctsio->kern_data_resid = 0;
7281	ctsio->kern_rel_offset = 0;
7282
7283	switch (cdb->options & RSO_OPTIONS_MASK) {
7284	case RSO_OPTIONS_ALL:
7285		all = (struct scsi_report_supported_opcodes_all *)
7286		    ctsio->kern_data_ptr;
7287		num = 0;
7288		for (i = 0; i < 256; i++) {
7289			entry = &ctl_cmd_table[i];
7290			if (entry->flags & CTL_CMD_FLAG_SA5) {
7291				for (j = 0; j < 32; j++) {
7292					sentry = &((const struct ctl_cmd_entry *)
7293					    entry->execute)[j];
7294					if (!ctl_cmd_applicable(
7295					    lun->be_lun->lun_type, sentry))
7296						continue;
7297					descr = &all->descr[num++];
7298					descr->opcode = i;
7299					scsi_ulto2b(j, descr->service_action);
7300					descr->flags = RSO_SERVACTV;
7301					scsi_ulto2b(sentry->length,
7302					    descr->cdb_length);
7303				}
7304			} else {
7305				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7306				    entry))
7307					continue;
7308				descr = &all->descr[num++];
7309				descr->opcode = i;
7310				scsi_ulto2b(0, descr->service_action);
7311				descr->flags = 0;
7312				scsi_ulto2b(entry->length, descr->cdb_length);
7313			}
7314		}
7315		scsi_ulto4b(
7316		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7317		    all->length);
7318		break;
7319	case RSO_OPTIONS_OC:
7320		one = (struct scsi_report_supported_opcodes_one *)
7321		    ctsio->kern_data_ptr;
7322		entry = &ctl_cmd_table[opcode];
7323		goto fill_one;
7324	case RSO_OPTIONS_OC_SA:
7325		one = (struct scsi_report_supported_opcodes_one *)
7326		    ctsio->kern_data_ptr;
7327		entry = &ctl_cmd_table[opcode];
7328		entry = &((const struct ctl_cmd_entry *)
7329		    entry->execute)[service_action];
7330fill_one:
7331		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7332			one->support = 3;
7333			scsi_ulto2b(entry->length, one->cdb_length);
7334			one->cdb_usage[0] = opcode;
7335			memcpy(&one->cdb_usage[1], entry->usage,
7336			    entry->length - 1);
7337		} else
7338			one->support = 1;
7339		break;
7340	}
7341
7342	ctl_set_success(ctsio);
7343	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7344	ctsio->be_move_done = ctl_config_move_done;
7345	ctl_datamove((union ctl_io *)ctsio);
7346	return(retval);
7347}
7348
7349int
7350ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7351{
7352	struct scsi_report_supported_tmf *cdb;
7353	struct scsi_report_supported_tmf_data *data;
7354	int retval;
7355	int alloc_len, total_len;
7356
7357	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7358
7359	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7360
7361	retval = CTL_RETVAL_COMPLETE;
7362
7363	total_len = sizeof(struct scsi_report_supported_tmf_data);
7364	alloc_len = scsi_4btoul(cdb->length);
7365
7366	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7367
7368	ctsio->kern_sg_entries = 0;
7369
7370	if (total_len < alloc_len) {
7371		ctsio->residual = alloc_len - total_len;
7372		ctsio->kern_data_len = total_len;
7373		ctsio->kern_total_len = total_len;
7374	} else {
7375		ctsio->residual = 0;
7376		ctsio->kern_data_len = alloc_len;
7377		ctsio->kern_total_len = alloc_len;
7378	}
7379	ctsio->kern_data_resid = 0;
7380	ctsio->kern_rel_offset = 0;
7381
7382	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7383	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7384	    RST_TRS;
7385	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7386
7387	ctl_set_success(ctsio);
7388	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7389	ctsio->be_move_done = ctl_config_move_done;
7390	ctl_datamove((union ctl_io *)ctsio);
7391	return (retval);
7392}
7393
7394int
7395ctl_report_timestamp(struct ctl_scsiio *ctsio)
7396{
7397	struct scsi_report_timestamp *cdb;
7398	struct scsi_report_timestamp_data *data;
7399	struct timeval tv;
7400	int64_t timestamp;
7401	int retval;
7402	int alloc_len, total_len;
7403
7404	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7405
7406	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7407
7408	retval = CTL_RETVAL_COMPLETE;
7409
7410	total_len = sizeof(struct scsi_report_timestamp_data);
7411	alloc_len = scsi_4btoul(cdb->length);
7412
7413	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7414
7415	ctsio->kern_sg_entries = 0;
7416
7417	if (total_len < alloc_len) {
7418		ctsio->residual = alloc_len - total_len;
7419		ctsio->kern_data_len = total_len;
7420		ctsio->kern_total_len = total_len;
7421	} else {
7422		ctsio->residual = 0;
7423		ctsio->kern_data_len = alloc_len;
7424		ctsio->kern_total_len = alloc_len;
7425	}
7426	ctsio->kern_data_resid = 0;
7427	ctsio->kern_rel_offset = 0;
7428
7429	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7430	scsi_ulto2b(sizeof(*data) - 2, data->length);
7431	data->origin = RTS_ORIG_OUTSIDE;
7432	getmicrotime(&tv);
7433	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7434	scsi_ulto4b(timestamp >> 16, data->timestamp);
7435	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7436
7437	ctl_set_success(ctsio);
7438	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7439	ctsio->be_move_done = ctl_config_move_done;
7440	ctl_datamove((union ctl_io *)ctsio);
7441	return (retval);
7442}
7443
7444int
7445ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7446{
7447	struct scsi_per_res_in *cdb;
7448	int alloc_len, total_len = 0;
7449	/* struct scsi_per_res_in_rsrv in_data; */
7450	struct ctl_lun *lun;
7451	struct ctl_softc *softc;
7452	uint64_t key;
7453
7454	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7455
7456	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7457
7458	alloc_len = scsi_2btoul(cdb->length);
7459
7460	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7461	softc = lun->ctl_softc;
7462
7463retry:
7464	mtx_lock(&lun->lun_lock);
7465	switch (cdb->action) {
7466	case SPRI_RK: /* read keys */
7467		total_len = sizeof(struct scsi_per_res_in_keys) +
7468			lun->pr_key_count *
7469			sizeof(struct scsi_per_res_key);
7470		break;
7471	case SPRI_RR: /* read reservation */
7472		if (lun->flags & CTL_LUN_PR_RESERVED)
7473			total_len = sizeof(struct scsi_per_res_in_rsrv);
7474		else
7475			total_len = sizeof(struct scsi_per_res_in_header);
7476		break;
7477	case SPRI_RC: /* report capabilities */
7478		total_len = sizeof(struct scsi_per_res_cap);
7479		break;
7480	case SPRI_RS: /* read full status */
7481		total_len = sizeof(struct scsi_per_res_in_header) +
7482		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7483		    lun->pr_key_count;
7484		break;
7485	default:
7486		panic("Invalid PR type %x", cdb->action);
7487	}
7488	mtx_unlock(&lun->lun_lock);
7489
7490	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7491
7492	if (total_len < alloc_len) {
7493		ctsio->residual = alloc_len - total_len;
7494		ctsio->kern_data_len = total_len;
7495		ctsio->kern_total_len = total_len;
7496	} else {
7497		ctsio->residual = 0;
7498		ctsio->kern_data_len = alloc_len;
7499		ctsio->kern_total_len = alloc_len;
7500	}
7501
7502	ctsio->kern_data_resid = 0;
7503	ctsio->kern_rel_offset = 0;
7504	ctsio->kern_sg_entries = 0;
7505
7506	mtx_lock(&lun->lun_lock);
7507	switch (cdb->action) {
7508	case SPRI_RK: { // read keys
7509        struct scsi_per_res_in_keys *res_keys;
7510		int i, key_count;
7511
7512		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7513
7514		/*
7515		 * We had to drop the lock to allocate our buffer, which
7516		 * leaves time for someone to come in with another
7517		 * persistent reservation.  (That is unlikely, though,
7518		 * since this should be the only persistent reservation
7519		 * command active right now.)
7520		 */
7521		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7522		    (lun->pr_key_count *
7523		     sizeof(struct scsi_per_res_key)))){
7524			mtx_unlock(&lun->lun_lock);
7525			free(ctsio->kern_data_ptr, M_CTL);
7526			printf("%s: reservation length changed, retrying\n",
7527			       __func__);
7528			goto retry;
7529		}
7530
7531		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7532
7533		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7534			     lun->pr_key_count, res_keys->header.length);
7535
7536		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7537			if ((key = ctl_get_prkey(lun, i)) == 0)
7538				continue;
7539
7540			/*
7541			 * We used lun->pr_key_count to calculate the
7542			 * size to allocate.  If it turns out the number of
7543			 * initiators with the registered flag set is
7544			 * larger than that (i.e. they haven't been kept in
7545			 * sync), we've got a problem.
7546			 */
7547			if (key_count >= lun->pr_key_count) {
7548				key_count++;
7549				continue;
7550			}
7551			scsi_u64to8b(key, res_keys->keys[key_count].key);
7552			key_count++;
7553		}
7554		break;
7555	}
7556	case SPRI_RR: { // read reservation
7557		struct scsi_per_res_in_rsrv *res;
7558		int tmp_len, header_only;
7559
7560		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7561
7562		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7563
7564		if (lun->flags & CTL_LUN_PR_RESERVED)
7565		{
7566			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7567			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7568				    res->header.length);
7569			header_only = 0;
7570		} else {
7571			tmp_len = sizeof(struct scsi_per_res_in_header);
7572			scsi_ulto4b(0, res->header.length);
7573			header_only = 1;
7574		}
7575
7576		/*
7577		 * We had to drop the lock to allocate our buffer, which
7578		 * leaves time for someone to come in with another
7579		 * persistent reservation.  (That is unlikely, though,
7580		 * since this should be the only persistent reservation
7581		 * command active right now.)
7582		 */
7583		if (tmp_len != total_len) {
7584			mtx_unlock(&lun->lun_lock);
7585			free(ctsio->kern_data_ptr, M_CTL);
7586			printf("%s: reservation status changed, retrying\n",
7587			       __func__);
7588			goto retry;
7589		}
7590
7591		/*
7592		 * No reservation held, so we're done.
7593		 */
7594		if (header_only != 0)
7595			break;
7596
7597		/*
7598		 * If the registration is an All Registrants type, the key
7599		 * is 0, since it doesn't really matter.
7600		 */
7601		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7602			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7603			    res->data.reservation);
7604		}
7605		res->data.scopetype = lun->res_type;
7606		break;
7607	}
7608	case SPRI_RC:     //report capabilities
7609	{
7610		struct scsi_per_res_cap *res_cap;
7611		uint16_t type_mask;
7612
7613		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7614		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7615		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7616		type_mask = SPRI_TM_WR_EX_AR |
7617			    SPRI_TM_EX_AC_RO |
7618			    SPRI_TM_WR_EX_RO |
7619			    SPRI_TM_EX_AC |
7620			    SPRI_TM_WR_EX |
7621			    SPRI_TM_EX_AC_AR;
7622		scsi_ulto2b(type_mask, res_cap->type_mask);
7623		break;
7624	}
7625	case SPRI_RS: { // read full status
7626		struct scsi_per_res_in_full *res_status;
7627		struct scsi_per_res_in_full_desc *res_desc;
7628		struct ctl_port *port;
7629		int i, len;
7630
7631		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7632
7633		/*
7634		 * We had to drop the lock to allocate our buffer, which
7635		 * leaves time for someone to come in with another
7636		 * persistent reservation.  (That is unlikely, though,
7637		 * since this should be the only persistent reservation
7638		 * command active right now.)
7639		 */
7640		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7641		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7642		     lun->pr_key_count)){
7643			mtx_unlock(&lun->lun_lock);
7644			free(ctsio->kern_data_ptr, M_CTL);
7645			printf("%s: reservation length changed, retrying\n",
7646			       __func__);
7647			goto retry;
7648		}
7649
7650		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7651
7652		res_desc = &res_status->desc[0];
7653		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7654			if ((key = ctl_get_prkey(lun, i)) == 0)
7655				continue;
7656
7657			scsi_u64to8b(key, res_desc->res_key.key);
7658			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7659			    (lun->pr_res_idx == i ||
7660			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7661				res_desc->flags = SPRI_FULL_R_HOLDER;
7662				res_desc->scopetype = lun->res_type;
7663			}
7664			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7665			    res_desc->rel_trgt_port_id);
7666			len = 0;
7667			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7668			if (port != NULL)
7669				len = ctl_create_iid(port,
7670				    i % CTL_MAX_INIT_PER_PORT,
7671				    res_desc->transport_id);
7672			scsi_ulto4b(len, res_desc->additional_length);
7673			res_desc = (struct scsi_per_res_in_full_desc *)
7674			    &res_desc->transport_id[len];
7675		}
7676		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7677		    res_status->header.length);
7678		break;
7679	}
7680	default:
7681		/*
7682		 * This is a bug, because we just checked for this above,
7683		 * and should have returned an error.
7684		 */
7685		panic("Invalid PR type %x", cdb->action);
7686		break; /* NOTREACHED */
7687	}
7688	mtx_unlock(&lun->lun_lock);
7689
7690	ctl_set_success(ctsio);
7691	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7692	ctsio->be_move_done = ctl_config_move_done;
7693	ctl_datamove((union ctl_io *)ctsio);
7694	return (CTL_RETVAL_COMPLETE);
7695}
7696
7697/*
7698 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7699 * it should return.
7700 */
7701static int
7702ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7703		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7704		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7705		struct scsi_per_res_out_parms* param)
7706{
7707	union ctl_ha_msg persis_io;
7708	int i;
7709
7710	mtx_lock(&lun->lun_lock);
7711	if (sa_res_key == 0) {
7712		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7713			/* validate scope and type */
7714			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7715			     SPR_LU_SCOPE) {
7716				mtx_unlock(&lun->lun_lock);
7717				ctl_set_invalid_field(/*ctsio*/ ctsio,
7718						      /*sks_valid*/ 1,
7719						      /*command*/ 1,
7720						      /*field*/ 2,
7721						      /*bit_valid*/ 1,
7722						      /*bit*/ 4);
7723				ctl_done((union ctl_io *)ctsio);
7724				return (1);
7725			}
7726
7727		        if (type>8 || type==2 || type==4 || type==0) {
7728				mtx_unlock(&lun->lun_lock);
7729				ctl_set_invalid_field(/*ctsio*/ ctsio,
7730       	           				      /*sks_valid*/ 1,
7731						      /*command*/ 1,
7732						      /*field*/ 2,
7733						      /*bit_valid*/ 1,
7734						      /*bit*/ 0);
7735				ctl_done((union ctl_io *)ctsio);
7736				return (1);
7737		        }
7738
7739			/*
7740			 * Unregister everybody else and build UA for
7741			 * them
7742			 */
7743			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7744				if (i == residx || ctl_get_prkey(lun, i) == 0)
7745					continue;
7746
7747				ctl_clr_prkey(lun, i);
7748				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7749			}
7750			lun->pr_key_count = 1;
7751			lun->res_type = type;
7752			if (lun->res_type != SPR_TYPE_WR_EX_AR
7753			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7754				lun->pr_res_idx = residx;
7755			lun->PRGeneration++;
7756			mtx_unlock(&lun->lun_lock);
7757
7758			/* send msg to other side */
7759			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7760			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7761			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7762			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7763			persis_io.pr.pr_info.res_type = type;
7764			memcpy(persis_io.pr.pr_info.sa_res_key,
7765			       param->serv_act_res_key,
7766			       sizeof(param->serv_act_res_key));
7767			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7768			    sizeof(persis_io.pr), M_WAITOK);
7769		} else {
7770			/* not all registrants */
7771			mtx_unlock(&lun->lun_lock);
7772			free(ctsio->kern_data_ptr, M_CTL);
7773			ctl_set_invalid_field(ctsio,
7774					      /*sks_valid*/ 1,
7775					      /*command*/ 0,
7776					      /*field*/ 8,
7777					      /*bit_valid*/ 0,
7778					      /*bit*/ 0);
7779			ctl_done((union ctl_io *)ctsio);
7780			return (1);
7781		}
7782	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7783		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7784		int found = 0;
7785
7786		if (res_key == sa_res_key) {
7787			/* special case */
7788			/*
7789			 * The spec implies this is not good but doesn't
7790			 * say what to do. There are two choices either
7791			 * generate a res conflict or check condition
7792			 * with illegal field in parameter data. Since
7793			 * that is what is done when the sa_res_key is
7794			 * zero I'll take that approach since this has
7795			 * to do with the sa_res_key.
7796			 */
7797			mtx_unlock(&lun->lun_lock);
7798			free(ctsio->kern_data_ptr, M_CTL);
7799			ctl_set_invalid_field(ctsio,
7800					      /*sks_valid*/ 1,
7801					      /*command*/ 0,
7802					      /*field*/ 8,
7803					      /*bit_valid*/ 0,
7804					      /*bit*/ 0);
7805			ctl_done((union ctl_io *)ctsio);
7806			return (1);
7807		}
7808
7809		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7810			if (ctl_get_prkey(lun, i) != sa_res_key)
7811				continue;
7812
7813			found = 1;
7814			ctl_clr_prkey(lun, i);
7815			lun->pr_key_count--;
7816			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7817		}
7818		if (!found) {
7819			mtx_unlock(&lun->lun_lock);
7820			free(ctsio->kern_data_ptr, M_CTL);
7821			ctl_set_reservation_conflict(ctsio);
7822			ctl_done((union ctl_io *)ctsio);
7823			return (CTL_RETVAL_COMPLETE);
7824		}
7825		lun->PRGeneration++;
7826		mtx_unlock(&lun->lun_lock);
7827
7828		/* send msg to other side */
7829		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7830		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7831		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7832		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7833		persis_io.pr.pr_info.res_type = type;
7834		memcpy(persis_io.pr.pr_info.sa_res_key,
7835		       param->serv_act_res_key,
7836		       sizeof(param->serv_act_res_key));
7837		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7838		    sizeof(persis_io.pr), M_WAITOK);
7839	} else {
7840		/* Reserved but not all registrants */
7841		/* sa_res_key is res holder */
7842		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7843			/* validate scope and type */
7844			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7845			     SPR_LU_SCOPE) {
7846				mtx_unlock(&lun->lun_lock);
7847				ctl_set_invalid_field(/*ctsio*/ ctsio,
7848						      /*sks_valid*/ 1,
7849						      /*command*/ 1,
7850						      /*field*/ 2,
7851						      /*bit_valid*/ 1,
7852						      /*bit*/ 4);
7853				ctl_done((union ctl_io *)ctsio);
7854				return (1);
7855			}
7856
7857			if (type>8 || type==2 || type==4 || type==0) {
7858				mtx_unlock(&lun->lun_lock);
7859				ctl_set_invalid_field(/*ctsio*/ ctsio,
7860						      /*sks_valid*/ 1,
7861						      /*command*/ 1,
7862						      /*field*/ 2,
7863						      /*bit_valid*/ 1,
7864						      /*bit*/ 0);
7865				ctl_done((union ctl_io *)ctsio);
7866				return (1);
7867			}
7868
7869			/*
7870			 * Do the following:
7871			 * if sa_res_key != res_key remove all
7872			 * registrants w/sa_res_key and generate UA
7873			 * for these registrants(Registrations
7874			 * Preempted) if it wasn't an exclusive
7875			 * reservation generate UA(Reservations
7876			 * Preempted) for all other registered nexuses
7877			 * if the type has changed. Establish the new
7878			 * reservation and holder. If res_key and
7879			 * sa_res_key are the same do the above
7880			 * except don't unregister the res holder.
7881			 */
7882
7883			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7884				if (i == residx || ctl_get_prkey(lun, i) == 0)
7885					continue;
7886
7887				if (sa_res_key == ctl_get_prkey(lun, i)) {
7888					ctl_clr_prkey(lun, i);
7889					lun->pr_key_count--;
7890					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7891				} else if (type != lun->res_type
7892					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7893					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7894					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7895				}
7896			}
7897			lun->res_type = type;
7898			if (lun->res_type != SPR_TYPE_WR_EX_AR
7899			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7900				lun->pr_res_idx = residx;
7901			else
7902				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7903			lun->PRGeneration++;
7904			mtx_unlock(&lun->lun_lock);
7905
7906			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7907			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7908			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7909			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7910			persis_io.pr.pr_info.res_type = type;
7911			memcpy(persis_io.pr.pr_info.sa_res_key,
7912			       param->serv_act_res_key,
7913			       sizeof(param->serv_act_res_key));
7914			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7915			    sizeof(persis_io.pr), M_WAITOK);
7916		} else {
7917			/*
7918			 * sa_res_key is not the res holder just
7919			 * remove registrants
7920			 */
7921			int found=0;
7922
7923			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7924				if (sa_res_key != ctl_get_prkey(lun, i))
7925					continue;
7926
7927				found = 1;
7928				ctl_clr_prkey(lun, i);
7929				lun->pr_key_count--;
7930				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7931			}
7932
7933			if (!found) {
7934				mtx_unlock(&lun->lun_lock);
7935				free(ctsio->kern_data_ptr, M_CTL);
7936				ctl_set_reservation_conflict(ctsio);
7937				ctl_done((union ctl_io *)ctsio);
7938		        	return (1);
7939			}
7940			lun->PRGeneration++;
7941			mtx_unlock(&lun->lun_lock);
7942
7943			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7944			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7945			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7946			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7947			persis_io.pr.pr_info.res_type = type;
7948			memcpy(persis_io.pr.pr_info.sa_res_key,
7949			       param->serv_act_res_key,
7950			       sizeof(param->serv_act_res_key));
7951			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7952			    sizeof(persis_io.pr), M_WAITOK);
7953		}
7954	}
7955	return (0);
7956}
7957
7958static void
7959ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7960{
7961	uint64_t sa_res_key;
7962	int i;
7963
7964	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7965
7966	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7967	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7968	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7969		if (sa_res_key == 0) {
7970			/*
7971			 * Unregister everybody else and build UA for
7972			 * them
7973			 */
7974			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7975				if (i == msg->pr.pr_info.residx ||
7976				    ctl_get_prkey(lun, i) == 0)
7977					continue;
7978
7979				ctl_clr_prkey(lun, i);
7980				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7981			}
7982
7983			lun->pr_key_count = 1;
7984			lun->res_type = msg->pr.pr_info.res_type;
7985			if (lun->res_type != SPR_TYPE_WR_EX_AR
7986			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7987				lun->pr_res_idx = msg->pr.pr_info.residx;
7988		} else {
7989		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7990				if (sa_res_key == ctl_get_prkey(lun, i))
7991					continue;
7992
7993				ctl_clr_prkey(lun, i);
7994				lun->pr_key_count--;
7995				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7996			}
7997		}
7998	} else {
7999		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8000			if (i == msg->pr.pr_info.residx ||
8001			    ctl_get_prkey(lun, i) == 0)
8002				continue;
8003
8004			if (sa_res_key == ctl_get_prkey(lun, i)) {
8005				ctl_clr_prkey(lun, i);
8006				lun->pr_key_count--;
8007				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8008			} else if (msg->pr.pr_info.res_type != lun->res_type
8009				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8010				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8011				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8012			}
8013		}
8014		lun->res_type = msg->pr.pr_info.res_type;
8015		if (lun->res_type != SPR_TYPE_WR_EX_AR
8016		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8017			lun->pr_res_idx = msg->pr.pr_info.residx;
8018		else
8019			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8020	}
8021	lun->PRGeneration++;
8022
8023}
8024
8025
8026int
8027ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8028{
8029	int retval;
8030	u_int32_t param_len;
8031	struct scsi_per_res_out *cdb;
8032	struct ctl_lun *lun;
8033	struct scsi_per_res_out_parms* param;
8034	struct ctl_softc *softc;
8035	uint32_t residx;
8036	uint64_t res_key, sa_res_key, key;
8037	uint8_t type;
8038	union ctl_ha_msg persis_io;
8039	int    i;
8040
8041	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8042
8043	retval = CTL_RETVAL_COMPLETE;
8044
8045	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8046	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8047	softc = lun->ctl_softc;
8048
8049	/*
8050	 * We only support whole-LUN scope.  The scope & type are ignored for
8051	 * register, register and ignore existing key and clear.
8052	 * We sometimes ignore scope and type on preempts too!!
8053	 * Verify reservation type here as well.
8054	 */
8055	type = cdb->scope_type & SPR_TYPE_MASK;
8056	if ((cdb->action == SPRO_RESERVE)
8057	 || (cdb->action == SPRO_RELEASE)) {
8058		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8059			ctl_set_invalid_field(/*ctsio*/ ctsio,
8060					      /*sks_valid*/ 1,
8061					      /*command*/ 1,
8062					      /*field*/ 2,
8063					      /*bit_valid*/ 1,
8064					      /*bit*/ 4);
8065			ctl_done((union ctl_io *)ctsio);
8066			return (CTL_RETVAL_COMPLETE);
8067		}
8068
8069		if (type>8 || type==2 || type==4 || type==0) {
8070			ctl_set_invalid_field(/*ctsio*/ ctsio,
8071					      /*sks_valid*/ 1,
8072					      /*command*/ 1,
8073					      /*field*/ 2,
8074					      /*bit_valid*/ 1,
8075					      /*bit*/ 0);
8076			ctl_done((union ctl_io *)ctsio);
8077			return (CTL_RETVAL_COMPLETE);
8078		}
8079	}
8080
8081	param_len = scsi_4btoul(cdb->length);
8082
8083	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8084		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8085		ctsio->kern_data_len = param_len;
8086		ctsio->kern_total_len = param_len;
8087		ctsio->kern_data_resid = 0;
8088		ctsio->kern_rel_offset = 0;
8089		ctsio->kern_sg_entries = 0;
8090		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8091		ctsio->be_move_done = ctl_config_move_done;
8092		ctl_datamove((union ctl_io *)ctsio);
8093
8094		return (CTL_RETVAL_COMPLETE);
8095	}
8096
8097	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8098
8099	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8100	res_key = scsi_8btou64(param->res_key.key);
8101	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8102
8103	/*
8104	 * Validate the reservation key here except for SPRO_REG_IGNO
8105	 * This must be done for all other service actions
8106	 */
8107	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8108		mtx_lock(&lun->lun_lock);
8109		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8110			if (res_key != key) {
8111				/*
8112				 * The current key passed in doesn't match
8113				 * the one the initiator previously
8114				 * registered.
8115				 */
8116				mtx_unlock(&lun->lun_lock);
8117				free(ctsio->kern_data_ptr, M_CTL);
8118				ctl_set_reservation_conflict(ctsio);
8119				ctl_done((union ctl_io *)ctsio);
8120				return (CTL_RETVAL_COMPLETE);
8121			}
8122		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8123			/*
8124			 * We are not registered
8125			 */
8126			mtx_unlock(&lun->lun_lock);
8127			free(ctsio->kern_data_ptr, M_CTL);
8128			ctl_set_reservation_conflict(ctsio);
8129			ctl_done((union ctl_io *)ctsio);
8130			return (CTL_RETVAL_COMPLETE);
8131		} else if (res_key != 0) {
8132			/*
8133			 * We are not registered and trying to register but
8134			 * the register key isn't zero.
8135			 */
8136			mtx_unlock(&lun->lun_lock);
8137			free(ctsio->kern_data_ptr, M_CTL);
8138			ctl_set_reservation_conflict(ctsio);
8139			ctl_done((union ctl_io *)ctsio);
8140			return (CTL_RETVAL_COMPLETE);
8141		}
8142		mtx_unlock(&lun->lun_lock);
8143	}
8144
8145	switch (cdb->action & SPRO_ACTION_MASK) {
8146	case SPRO_REGISTER:
8147	case SPRO_REG_IGNO: {
8148
8149#if 0
8150		printf("Registration received\n");
8151#endif
8152
8153		/*
8154		 * We don't support any of these options, as we report in
8155		 * the read capabilities request (see
8156		 * ctl_persistent_reserve_in(), above).
8157		 */
8158		if ((param->flags & SPR_SPEC_I_PT)
8159		 || (param->flags & SPR_ALL_TG_PT)
8160		 || (param->flags & SPR_APTPL)) {
8161			int bit_ptr;
8162
8163			if (param->flags & SPR_APTPL)
8164				bit_ptr = 0;
8165			else if (param->flags & SPR_ALL_TG_PT)
8166				bit_ptr = 2;
8167			else /* SPR_SPEC_I_PT */
8168				bit_ptr = 3;
8169
8170			free(ctsio->kern_data_ptr, M_CTL);
8171			ctl_set_invalid_field(ctsio,
8172					      /*sks_valid*/ 1,
8173					      /*command*/ 0,
8174					      /*field*/ 20,
8175					      /*bit_valid*/ 1,
8176					      /*bit*/ bit_ptr);
8177			ctl_done((union ctl_io *)ctsio);
8178			return (CTL_RETVAL_COMPLETE);
8179		}
8180
8181		mtx_lock(&lun->lun_lock);
8182
8183		/*
8184		 * The initiator wants to clear the
8185		 * key/unregister.
8186		 */
8187		if (sa_res_key == 0) {
8188			if ((res_key == 0
8189			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8190			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8191			  && ctl_get_prkey(lun, residx) == 0)) {
8192				mtx_unlock(&lun->lun_lock);
8193				goto done;
8194			}
8195
8196			ctl_clr_prkey(lun, residx);
8197			lun->pr_key_count--;
8198
8199			if (residx == lun->pr_res_idx) {
8200				lun->flags &= ~CTL_LUN_PR_RESERVED;
8201				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8202
8203				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8204				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8205				 && lun->pr_key_count) {
8206					/*
8207					 * If the reservation is a registrants
8208					 * only type we need to generate a UA
8209					 * for other registered inits.  The
8210					 * sense code should be RESERVATIONS
8211					 * RELEASED
8212					 */
8213
8214					for (i = softc->init_min; i < softc->init_max; i++){
8215						if (ctl_get_prkey(lun, i) == 0)
8216							continue;
8217						ctl_est_ua(lun, i,
8218						    CTL_UA_RES_RELEASE);
8219					}
8220				}
8221				lun->res_type = 0;
8222			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8223				if (lun->pr_key_count==0) {
8224					lun->flags &= ~CTL_LUN_PR_RESERVED;
8225					lun->res_type = 0;
8226					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8227				}
8228			}
8229			lun->PRGeneration++;
8230			mtx_unlock(&lun->lun_lock);
8231
8232			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8233			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8234			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8235			persis_io.pr.pr_info.residx = residx;
8236			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8237			    sizeof(persis_io.pr), M_WAITOK);
8238		} else /* sa_res_key != 0 */ {
8239
8240			/*
8241			 * If we aren't registered currently then increment
8242			 * the key count and set the registered flag.
8243			 */
8244			ctl_alloc_prkey(lun, residx);
8245			if (ctl_get_prkey(lun, residx) == 0)
8246				lun->pr_key_count++;
8247			ctl_set_prkey(lun, residx, sa_res_key);
8248			lun->PRGeneration++;
8249			mtx_unlock(&lun->lun_lock);
8250
8251			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8252			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8253			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8254			persis_io.pr.pr_info.residx = residx;
8255			memcpy(persis_io.pr.pr_info.sa_res_key,
8256			       param->serv_act_res_key,
8257			       sizeof(param->serv_act_res_key));
8258			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8259			    sizeof(persis_io.pr), M_WAITOK);
8260		}
8261
8262		break;
8263	}
8264	case SPRO_RESERVE:
8265#if 0
8266                printf("Reserve executed type %d\n", type);
8267#endif
8268		mtx_lock(&lun->lun_lock);
8269		if (lun->flags & CTL_LUN_PR_RESERVED) {
8270			/*
8271			 * if this isn't the reservation holder and it's
8272			 * not a "all registrants" type or if the type is
8273			 * different then we have a conflict
8274			 */
8275			if ((lun->pr_res_idx != residx
8276			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8277			 || lun->res_type != type) {
8278				mtx_unlock(&lun->lun_lock);
8279				free(ctsio->kern_data_ptr, M_CTL);
8280				ctl_set_reservation_conflict(ctsio);
8281				ctl_done((union ctl_io *)ctsio);
8282				return (CTL_RETVAL_COMPLETE);
8283			}
8284			mtx_unlock(&lun->lun_lock);
8285		} else /* create a reservation */ {
8286			/*
8287			 * If it's not an "all registrants" type record
8288			 * reservation holder
8289			 */
8290			if (type != SPR_TYPE_WR_EX_AR
8291			 && type != SPR_TYPE_EX_AC_AR)
8292				lun->pr_res_idx = residx; /* Res holder */
8293			else
8294				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8295
8296			lun->flags |= CTL_LUN_PR_RESERVED;
8297			lun->res_type = type;
8298
8299			mtx_unlock(&lun->lun_lock);
8300
8301			/* send msg to other side */
8302			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8303			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8304			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8305			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8306			persis_io.pr.pr_info.res_type = type;
8307			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8308			    sizeof(persis_io.pr), M_WAITOK);
8309		}
8310		break;
8311
8312	case SPRO_RELEASE:
8313		mtx_lock(&lun->lun_lock);
8314		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8315			/* No reservation exists return good status */
8316			mtx_unlock(&lun->lun_lock);
8317			goto done;
8318		}
8319		/*
8320		 * Is this nexus a reservation holder?
8321		 */
8322		if (lun->pr_res_idx != residx
8323		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8324			/*
8325			 * not a res holder return good status but
8326			 * do nothing
8327			 */
8328			mtx_unlock(&lun->lun_lock);
8329			goto done;
8330		}
8331
8332		if (lun->res_type != type) {
8333			mtx_unlock(&lun->lun_lock);
8334			free(ctsio->kern_data_ptr, M_CTL);
8335			ctl_set_illegal_pr_release(ctsio);
8336			ctl_done((union ctl_io *)ctsio);
8337			return (CTL_RETVAL_COMPLETE);
8338		}
8339
8340		/* okay to release */
8341		lun->flags &= ~CTL_LUN_PR_RESERVED;
8342		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8343		lun->res_type = 0;
8344
8345		/*
8346		 * if this isn't an exclusive access
8347		 * res generate UA for all other
8348		 * registrants.
8349		 */
8350		if (type != SPR_TYPE_EX_AC
8351		 && type != SPR_TYPE_WR_EX) {
8352			for (i = softc->init_min; i < softc->init_max; i++) {
8353				if (i == residx || ctl_get_prkey(lun, i) == 0)
8354					continue;
8355				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8356			}
8357		}
8358		mtx_unlock(&lun->lun_lock);
8359
8360		/* Send msg to other side */
8361		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8362		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8363		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8364		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8365		     sizeof(persis_io.pr), M_WAITOK);
8366		break;
8367
8368	case SPRO_CLEAR:
8369		/* send msg to other side */
8370
8371		mtx_lock(&lun->lun_lock);
8372		lun->flags &= ~CTL_LUN_PR_RESERVED;
8373		lun->res_type = 0;
8374		lun->pr_key_count = 0;
8375		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8376
8377		ctl_clr_prkey(lun, residx);
8378		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8379			if (ctl_get_prkey(lun, i) != 0) {
8380				ctl_clr_prkey(lun, i);
8381				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8382			}
8383		lun->PRGeneration++;
8384		mtx_unlock(&lun->lun_lock);
8385
8386		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8387		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8388		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8389		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8390		     sizeof(persis_io.pr), M_WAITOK);
8391		break;
8392
8393	case SPRO_PREEMPT:
8394	case SPRO_PRE_ABO: {
8395		int nretval;
8396
8397		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8398					  residx, ctsio, cdb, param);
8399		if (nretval != 0)
8400			return (CTL_RETVAL_COMPLETE);
8401		break;
8402	}
8403	default:
8404		panic("Invalid PR type %x", cdb->action);
8405	}
8406
8407done:
8408	free(ctsio->kern_data_ptr, M_CTL);
8409	ctl_set_success(ctsio);
8410	ctl_done((union ctl_io *)ctsio);
8411
8412	return (retval);
8413}
8414
8415/*
8416 * This routine is for handling a message from the other SC pertaining to
8417 * persistent reserve out. All the error checking will have been done
8418 * so only perorming the action need be done here to keep the two
8419 * in sync.
8420 */
8421static void
8422ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8423{
8424	struct ctl_softc *softc = control_softc;
8425	struct ctl_lun *lun;
8426	int i;
8427	uint32_t residx, targ_lun;
8428
8429	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8430	mtx_lock(&softc->ctl_lock);
8431	if ((targ_lun >= CTL_MAX_LUNS) ||
8432	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8433		mtx_unlock(&softc->ctl_lock);
8434		return;
8435	}
8436	mtx_lock(&lun->lun_lock);
8437	mtx_unlock(&softc->ctl_lock);
8438	if (lun->flags & CTL_LUN_DISABLED) {
8439		mtx_unlock(&lun->lun_lock);
8440		return;
8441	}
8442	residx = ctl_get_initindex(&msg->hdr.nexus);
8443	switch(msg->pr.pr_info.action) {
8444	case CTL_PR_REG_KEY:
8445		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8446		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8447			lun->pr_key_count++;
8448		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8449		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8450		lun->PRGeneration++;
8451		break;
8452
8453	case CTL_PR_UNREG_KEY:
8454		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8455		lun->pr_key_count--;
8456
8457		/* XXX Need to see if the reservation has been released */
8458		/* if so do we need to generate UA? */
8459		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8460			lun->flags &= ~CTL_LUN_PR_RESERVED;
8461			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8462
8463			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8464			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8465			 && lun->pr_key_count) {
8466				/*
8467				 * If the reservation is a registrants
8468				 * only type we need to generate a UA
8469				 * for other registered inits.  The
8470				 * sense code should be RESERVATIONS
8471				 * RELEASED
8472				 */
8473
8474				for (i = softc->init_min; i < softc->init_max; i++) {
8475					if (ctl_get_prkey(lun, i) == 0)
8476						continue;
8477
8478					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8479				}
8480			}
8481			lun->res_type = 0;
8482		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8483			if (lun->pr_key_count==0) {
8484				lun->flags &= ~CTL_LUN_PR_RESERVED;
8485				lun->res_type = 0;
8486				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8487			}
8488		}
8489		lun->PRGeneration++;
8490		break;
8491
8492	case CTL_PR_RESERVE:
8493		lun->flags |= CTL_LUN_PR_RESERVED;
8494		lun->res_type = msg->pr.pr_info.res_type;
8495		lun->pr_res_idx = msg->pr.pr_info.residx;
8496
8497		break;
8498
8499	case CTL_PR_RELEASE:
8500		/*
8501		 * if this isn't an exclusive access res generate UA for all
8502		 * other registrants.
8503		 */
8504		if (lun->res_type != SPR_TYPE_EX_AC
8505		 && lun->res_type != SPR_TYPE_WR_EX) {
8506			for (i = softc->init_min; i < softc->init_max; i++)
8507				if (i == residx || ctl_get_prkey(lun, i) == 0)
8508					continue;
8509				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8510		}
8511
8512		lun->flags &= ~CTL_LUN_PR_RESERVED;
8513		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8514		lun->res_type = 0;
8515		break;
8516
8517	case CTL_PR_PREEMPT:
8518		ctl_pro_preempt_other(lun, msg);
8519		break;
8520	case CTL_PR_CLEAR:
8521		lun->flags &= ~CTL_LUN_PR_RESERVED;
8522		lun->res_type = 0;
8523		lun->pr_key_count = 0;
8524		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8525
8526		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8527			if (ctl_get_prkey(lun, i) == 0)
8528				continue;
8529			ctl_clr_prkey(lun, i);
8530			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8531		}
8532		lun->PRGeneration++;
8533		break;
8534	}
8535
8536	mtx_unlock(&lun->lun_lock);
8537}
8538
8539int
8540ctl_read_write(struct ctl_scsiio *ctsio)
8541{
8542	struct ctl_lun *lun;
8543	struct ctl_lba_len_flags *lbalen;
8544	uint64_t lba;
8545	uint32_t num_blocks;
8546	int flags, retval;
8547	int isread;
8548
8549	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8550
8551	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8552
8553	flags = 0;
8554	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8555	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8556	switch (ctsio->cdb[0]) {
8557	case READ_6:
8558	case WRITE_6: {
8559		struct scsi_rw_6 *cdb;
8560
8561		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8562
8563		lba = scsi_3btoul(cdb->addr);
8564		/* only 5 bits are valid in the most significant address byte */
8565		lba &= 0x1fffff;
8566		num_blocks = cdb->length;
8567		/*
8568		 * This is correct according to SBC-2.
8569		 */
8570		if (num_blocks == 0)
8571			num_blocks = 256;
8572		break;
8573	}
8574	case READ_10:
8575	case WRITE_10: {
8576		struct scsi_rw_10 *cdb;
8577
8578		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8579		if (cdb->byte2 & SRW10_FUA)
8580			flags |= CTL_LLF_FUA;
8581		if (cdb->byte2 & SRW10_DPO)
8582			flags |= CTL_LLF_DPO;
8583		lba = scsi_4btoul(cdb->addr);
8584		num_blocks = scsi_2btoul(cdb->length);
8585		break;
8586	}
8587	case WRITE_VERIFY_10: {
8588		struct scsi_write_verify_10 *cdb;
8589
8590		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8591		flags |= CTL_LLF_FUA;
8592		if (cdb->byte2 & SWV_DPO)
8593			flags |= CTL_LLF_DPO;
8594		lba = scsi_4btoul(cdb->addr);
8595		num_blocks = scsi_2btoul(cdb->length);
8596		break;
8597	}
8598	case READ_12:
8599	case WRITE_12: {
8600		struct scsi_rw_12 *cdb;
8601
8602		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8603		if (cdb->byte2 & SRW12_FUA)
8604			flags |= CTL_LLF_FUA;
8605		if (cdb->byte2 & SRW12_DPO)
8606			flags |= CTL_LLF_DPO;
8607		lba = scsi_4btoul(cdb->addr);
8608		num_blocks = scsi_4btoul(cdb->length);
8609		break;
8610	}
8611	case WRITE_VERIFY_12: {
8612		struct scsi_write_verify_12 *cdb;
8613
8614		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8615		flags |= CTL_LLF_FUA;
8616		if (cdb->byte2 & SWV_DPO)
8617			flags |= CTL_LLF_DPO;
8618		lba = scsi_4btoul(cdb->addr);
8619		num_blocks = scsi_4btoul(cdb->length);
8620		break;
8621	}
8622	case READ_16:
8623	case WRITE_16: {
8624		struct scsi_rw_16 *cdb;
8625
8626		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8627		if (cdb->byte2 & SRW12_FUA)
8628			flags |= CTL_LLF_FUA;
8629		if (cdb->byte2 & SRW12_DPO)
8630			flags |= CTL_LLF_DPO;
8631		lba = scsi_8btou64(cdb->addr);
8632		num_blocks = scsi_4btoul(cdb->length);
8633		break;
8634	}
8635	case WRITE_ATOMIC_16: {
8636		struct scsi_write_atomic_16 *cdb;
8637
8638		if (lun->be_lun->atomicblock == 0) {
8639			ctl_set_invalid_opcode(ctsio);
8640			ctl_done((union ctl_io *)ctsio);
8641			return (CTL_RETVAL_COMPLETE);
8642		}
8643
8644		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8645		if (cdb->byte2 & SRW12_FUA)
8646			flags |= CTL_LLF_FUA;
8647		if (cdb->byte2 & SRW12_DPO)
8648			flags |= CTL_LLF_DPO;
8649		lba = scsi_8btou64(cdb->addr);
8650		num_blocks = scsi_2btoul(cdb->length);
8651		if (num_blocks > lun->be_lun->atomicblock) {
8652			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8653			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8654			    /*bit*/ 0);
8655			ctl_done((union ctl_io *)ctsio);
8656			return (CTL_RETVAL_COMPLETE);
8657		}
8658		break;
8659	}
8660	case WRITE_VERIFY_16: {
8661		struct scsi_write_verify_16 *cdb;
8662
8663		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8664		flags |= CTL_LLF_FUA;
8665		if (cdb->byte2 & SWV_DPO)
8666			flags |= CTL_LLF_DPO;
8667		lba = scsi_8btou64(cdb->addr);
8668		num_blocks = scsi_4btoul(cdb->length);
8669		break;
8670	}
8671	default:
8672		/*
8673		 * We got a command we don't support.  This shouldn't
8674		 * happen, commands should be filtered out above us.
8675		 */
8676		ctl_set_invalid_opcode(ctsio);
8677		ctl_done((union ctl_io *)ctsio);
8678
8679		return (CTL_RETVAL_COMPLETE);
8680		break; /* NOTREACHED */
8681	}
8682
8683	/*
8684	 * The first check is to make sure we're in bounds, the second
8685	 * check is to catch wrap-around problems.  If the lba + num blocks
8686	 * is less than the lba, then we've wrapped around and the block
8687	 * range is invalid anyway.
8688	 */
8689	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8690	 || ((lba + num_blocks) < lba)) {
8691		ctl_set_lba_out_of_range(ctsio);
8692		ctl_done((union ctl_io *)ctsio);
8693		return (CTL_RETVAL_COMPLETE);
8694	}
8695
8696	/*
8697	 * According to SBC-3, a transfer length of 0 is not an error.
8698	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8699	 * translates to 256 blocks for those commands.
8700	 */
8701	if (num_blocks == 0) {
8702		ctl_set_success(ctsio);
8703		ctl_done((union ctl_io *)ctsio);
8704		return (CTL_RETVAL_COMPLETE);
8705	}
8706
8707	/* Set FUA and/or DPO if caches are disabled. */
8708	if (isread) {
8709		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8710		    SCP_RCD) != 0)
8711			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8712	} else {
8713		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8714		    SCP_WCE) == 0)
8715			flags |= CTL_LLF_FUA;
8716	}
8717
8718	lbalen = (struct ctl_lba_len_flags *)
8719	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8720	lbalen->lba = lba;
8721	lbalen->len = num_blocks;
8722	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8723
8724	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8725	ctsio->kern_rel_offset = 0;
8726
8727	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8728
8729	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8730	return (retval);
8731}
8732
8733static int
8734ctl_cnw_cont(union ctl_io *io)
8735{
8736	struct ctl_scsiio *ctsio;
8737	struct ctl_lun *lun;
8738	struct ctl_lba_len_flags *lbalen;
8739	int retval;
8740
8741	ctsio = &io->scsiio;
8742	ctsio->io_hdr.status = CTL_STATUS_NONE;
8743	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8744	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8745	lbalen = (struct ctl_lba_len_flags *)
8746	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8747	lbalen->flags &= ~CTL_LLF_COMPARE;
8748	lbalen->flags |= CTL_LLF_WRITE;
8749
8750	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8751	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8752	return (retval);
8753}
8754
8755int
8756ctl_cnw(struct ctl_scsiio *ctsio)
8757{
8758	struct ctl_lun *lun;
8759	struct ctl_lba_len_flags *lbalen;
8760	uint64_t lba;
8761	uint32_t num_blocks;
8762	int flags, retval;
8763
8764	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8765
8766	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8767
8768	flags = 0;
8769	switch (ctsio->cdb[0]) {
8770	case COMPARE_AND_WRITE: {
8771		struct scsi_compare_and_write *cdb;
8772
8773		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8774		if (cdb->byte2 & SRW10_FUA)
8775			flags |= CTL_LLF_FUA;
8776		if (cdb->byte2 & SRW10_DPO)
8777			flags |= CTL_LLF_DPO;
8778		lba = scsi_8btou64(cdb->addr);
8779		num_blocks = cdb->length;
8780		break;
8781	}
8782	default:
8783		/*
8784		 * We got a command we don't support.  This shouldn't
8785		 * happen, commands should be filtered out above us.
8786		 */
8787		ctl_set_invalid_opcode(ctsio);
8788		ctl_done((union ctl_io *)ctsio);
8789
8790		return (CTL_RETVAL_COMPLETE);
8791		break; /* NOTREACHED */
8792	}
8793
8794	/*
8795	 * The first check is to make sure we're in bounds, the second
8796	 * check is to catch wrap-around problems.  If the lba + num blocks
8797	 * is less than the lba, then we've wrapped around and the block
8798	 * range is invalid anyway.
8799	 */
8800	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8801	 || ((lba + num_blocks) < lba)) {
8802		ctl_set_lba_out_of_range(ctsio);
8803		ctl_done((union ctl_io *)ctsio);
8804		return (CTL_RETVAL_COMPLETE);
8805	}
8806
8807	/*
8808	 * According to SBC-3, a transfer length of 0 is not an error.
8809	 */
8810	if (num_blocks == 0) {
8811		ctl_set_success(ctsio);
8812		ctl_done((union ctl_io *)ctsio);
8813		return (CTL_RETVAL_COMPLETE);
8814	}
8815
8816	/* Set FUA if write cache is disabled. */
8817	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8818	    SCP_WCE) == 0)
8819		flags |= CTL_LLF_FUA;
8820
8821	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8822	ctsio->kern_rel_offset = 0;
8823
8824	/*
8825	 * Set the IO_CONT flag, so that if this I/O gets passed to
8826	 * ctl_data_submit_done(), it'll get passed back to
8827	 * ctl_ctl_cnw_cont() for further processing.
8828	 */
8829	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8830	ctsio->io_cont = ctl_cnw_cont;
8831
8832	lbalen = (struct ctl_lba_len_flags *)
8833	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8834	lbalen->lba = lba;
8835	lbalen->len = num_blocks;
8836	lbalen->flags = CTL_LLF_COMPARE | flags;
8837
8838	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8839	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8840	return (retval);
8841}
8842
8843int
8844ctl_verify(struct ctl_scsiio *ctsio)
8845{
8846	struct ctl_lun *lun;
8847	struct ctl_lba_len_flags *lbalen;
8848	uint64_t lba;
8849	uint32_t num_blocks;
8850	int bytchk, flags;
8851	int retval;
8852
8853	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8854
8855	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8856
8857	bytchk = 0;
8858	flags = CTL_LLF_FUA;
8859	switch (ctsio->cdb[0]) {
8860	case VERIFY_10: {
8861		struct scsi_verify_10 *cdb;
8862
8863		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8864		if (cdb->byte2 & SVFY_BYTCHK)
8865			bytchk = 1;
8866		if (cdb->byte2 & SVFY_DPO)
8867			flags |= CTL_LLF_DPO;
8868		lba = scsi_4btoul(cdb->addr);
8869		num_blocks = scsi_2btoul(cdb->length);
8870		break;
8871	}
8872	case VERIFY_12: {
8873		struct scsi_verify_12 *cdb;
8874
8875		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8876		if (cdb->byte2 & SVFY_BYTCHK)
8877			bytchk = 1;
8878		if (cdb->byte2 & SVFY_DPO)
8879			flags |= CTL_LLF_DPO;
8880		lba = scsi_4btoul(cdb->addr);
8881		num_blocks = scsi_4btoul(cdb->length);
8882		break;
8883	}
8884	case VERIFY_16: {
8885		struct scsi_rw_16 *cdb;
8886
8887		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8888		if (cdb->byte2 & SVFY_BYTCHK)
8889			bytchk = 1;
8890		if (cdb->byte2 & SVFY_DPO)
8891			flags |= CTL_LLF_DPO;
8892		lba = scsi_8btou64(cdb->addr);
8893		num_blocks = scsi_4btoul(cdb->length);
8894		break;
8895	}
8896	default:
8897		/*
8898		 * We got a command we don't support.  This shouldn't
8899		 * happen, commands should be filtered out above us.
8900		 */
8901		ctl_set_invalid_opcode(ctsio);
8902		ctl_done((union ctl_io *)ctsio);
8903		return (CTL_RETVAL_COMPLETE);
8904	}
8905
8906	/*
8907	 * The first check is to make sure we're in bounds, the second
8908	 * check is to catch wrap-around problems.  If the lba + num blocks
8909	 * is less than the lba, then we've wrapped around and the block
8910	 * range is invalid anyway.
8911	 */
8912	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8913	 || ((lba + num_blocks) < lba)) {
8914		ctl_set_lba_out_of_range(ctsio);
8915		ctl_done((union ctl_io *)ctsio);
8916		return (CTL_RETVAL_COMPLETE);
8917	}
8918
8919	/*
8920	 * According to SBC-3, a transfer length of 0 is not an error.
8921	 */
8922	if (num_blocks == 0) {
8923		ctl_set_success(ctsio);
8924		ctl_done((union ctl_io *)ctsio);
8925		return (CTL_RETVAL_COMPLETE);
8926	}
8927
8928	lbalen = (struct ctl_lba_len_flags *)
8929	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8930	lbalen->lba = lba;
8931	lbalen->len = num_blocks;
8932	if (bytchk) {
8933		lbalen->flags = CTL_LLF_COMPARE | flags;
8934		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8935	} else {
8936		lbalen->flags = CTL_LLF_VERIFY | flags;
8937		ctsio->kern_total_len = 0;
8938	}
8939	ctsio->kern_rel_offset = 0;
8940
8941	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8942	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8943	return (retval);
8944}
8945
8946int
8947ctl_report_luns(struct ctl_scsiio *ctsio)
8948{
8949	struct ctl_softc *softc;
8950	struct scsi_report_luns *cdb;
8951	struct scsi_report_luns_data *lun_data;
8952	struct ctl_lun *lun, *request_lun;
8953	struct ctl_port *port;
8954	int num_luns, retval;
8955	uint32_t alloc_len, lun_datalen;
8956	int num_filled;
8957	uint32_t initidx, targ_lun_id, lun_id;
8958
8959	retval = CTL_RETVAL_COMPLETE;
8960	cdb = (struct scsi_report_luns *)ctsio->cdb;
8961	port = ctl_io_port(&ctsio->io_hdr);
8962	softc = port->ctl_softc;
8963
8964	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8965
8966	mtx_lock(&softc->ctl_lock);
8967	num_luns = 0;
8968	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8969		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8970			num_luns++;
8971	}
8972	mtx_unlock(&softc->ctl_lock);
8973
8974	switch (cdb->select_report) {
8975	case RPL_REPORT_DEFAULT:
8976	case RPL_REPORT_ALL:
8977	case RPL_REPORT_NONSUBSID:
8978		break;
8979	case RPL_REPORT_WELLKNOWN:
8980	case RPL_REPORT_ADMIN:
8981	case RPL_REPORT_CONGLOM:
8982		num_luns = 0;
8983		break;
8984	default:
8985		ctl_set_invalid_field(ctsio,
8986				      /*sks_valid*/ 1,
8987				      /*command*/ 1,
8988				      /*field*/ 2,
8989				      /*bit_valid*/ 0,
8990				      /*bit*/ 0);
8991		ctl_done((union ctl_io *)ctsio);
8992		return (retval);
8993		break; /* NOTREACHED */
8994	}
8995
8996	alloc_len = scsi_4btoul(cdb->length);
8997	/*
8998	 * The initiator has to allocate at least 16 bytes for this request,
8999	 * so he can at least get the header and the first LUN.  Otherwise
9000	 * we reject the request (per SPC-3 rev 14, section 6.21).
9001	 */
9002	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9003	    sizeof(struct scsi_report_luns_lundata))) {
9004		ctl_set_invalid_field(ctsio,
9005				      /*sks_valid*/ 1,
9006				      /*command*/ 1,
9007				      /*field*/ 6,
9008				      /*bit_valid*/ 0,
9009				      /*bit*/ 0);
9010		ctl_done((union ctl_io *)ctsio);
9011		return (retval);
9012	}
9013
9014	request_lun = (struct ctl_lun *)
9015		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9016
9017	lun_datalen = sizeof(*lun_data) +
9018		(num_luns * sizeof(struct scsi_report_luns_lundata));
9019
9020	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9021	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9022	ctsio->kern_sg_entries = 0;
9023
9024	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9025
9026	mtx_lock(&softc->ctl_lock);
9027	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9028		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9029		if (lun_id >= CTL_MAX_LUNS)
9030			continue;
9031		lun = softc->ctl_luns[lun_id];
9032		if (lun == NULL)
9033			continue;
9034
9035		if (targ_lun_id <= 0xff) {
9036			/*
9037			 * Peripheral addressing method, bus number 0.
9038			 */
9039			lun_data->luns[num_filled].lundata[0] =
9040				RPL_LUNDATA_ATYP_PERIPH;
9041			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9042			num_filled++;
9043		} else if (targ_lun_id <= 0x3fff) {
9044			/*
9045			 * Flat addressing method.
9046			 */
9047			lun_data->luns[num_filled].lundata[0] =
9048				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9049			lun_data->luns[num_filled].lundata[1] =
9050				(targ_lun_id & 0xff);
9051			num_filled++;
9052		} else if (targ_lun_id <= 0xffffff) {
9053			/*
9054			 * Extended flat addressing method.
9055			 */
9056			lun_data->luns[num_filled].lundata[0] =
9057			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9058			scsi_ulto3b(targ_lun_id,
9059			    &lun_data->luns[num_filled].lundata[1]);
9060			num_filled++;
9061		} else {
9062			printf("ctl_report_luns: bogus LUN number %jd, "
9063			       "skipping\n", (intmax_t)targ_lun_id);
9064		}
9065		/*
9066		 * According to SPC-3, rev 14 section 6.21:
9067		 *
9068		 * "The execution of a REPORT LUNS command to any valid and
9069		 * installed logical unit shall clear the REPORTED LUNS DATA
9070		 * HAS CHANGED unit attention condition for all logical
9071		 * units of that target with respect to the requesting
9072		 * initiator. A valid and installed logical unit is one
9073		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9074		 * INQUIRY data (see 6.4.2)."
9075		 *
9076		 * If request_lun is NULL, the LUN this report luns command
9077		 * was issued to is either disabled or doesn't exist. In that
9078		 * case, we shouldn't clear any pending lun change unit
9079		 * attention.
9080		 */
9081		if (request_lun != NULL) {
9082			mtx_lock(&lun->lun_lock);
9083			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9084			mtx_unlock(&lun->lun_lock);
9085		}
9086	}
9087	mtx_unlock(&softc->ctl_lock);
9088
9089	/*
9090	 * It's quite possible that we've returned fewer LUNs than we allocated
9091	 * space for.  Trim it.
9092	 */
9093	lun_datalen = sizeof(*lun_data) +
9094		(num_filled * sizeof(struct scsi_report_luns_lundata));
9095
9096	if (lun_datalen < alloc_len) {
9097		ctsio->residual = alloc_len - lun_datalen;
9098		ctsio->kern_data_len = lun_datalen;
9099		ctsio->kern_total_len = lun_datalen;
9100	} else {
9101		ctsio->residual = 0;
9102		ctsio->kern_data_len = alloc_len;
9103		ctsio->kern_total_len = alloc_len;
9104	}
9105	ctsio->kern_data_resid = 0;
9106	ctsio->kern_rel_offset = 0;
9107	ctsio->kern_sg_entries = 0;
9108
9109	/*
9110	 * We set this to the actual data length, regardless of how much
9111	 * space we actually have to return results.  If the user looks at
9112	 * this value, he'll know whether or not he allocated enough space
9113	 * and reissue the command if necessary.  We don't support well
9114	 * known logical units, so if the user asks for that, return none.
9115	 */
9116	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9117
9118	/*
9119	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9120	 * this request.
9121	 */
9122	ctl_set_success(ctsio);
9123	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9124	ctsio->be_move_done = ctl_config_move_done;
9125	ctl_datamove((union ctl_io *)ctsio);
9126	return (retval);
9127}
9128
9129int
9130ctl_request_sense(struct ctl_scsiio *ctsio)
9131{
9132	struct scsi_request_sense *cdb;
9133	struct scsi_sense_data *sense_ptr;
9134	struct ctl_softc *ctl_softc;
9135	struct ctl_lun *lun;
9136	uint32_t initidx;
9137	int have_error;
9138	scsi_sense_data_type sense_format;
9139	ctl_ua_type ua_type;
9140
9141	cdb = (struct scsi_request_sense *)ctsio->cdb;
9142
9143	ctl_softc = control_softc;
9144	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9145
9146	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9147
9148	/*
9149	 * Determine which sense format the user wants.
9150	 */
9151	if (cdb->byte2 & SRS_DESC)
9152		sense_format = SSD_TYPE_DESC;
9153	else
9154		sense_format = SSD_TYPE_FIXED;
9155
9156	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9157	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9158	ctsio->kern_sg_entries = 0;
9159
9160	/*
9161	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9162	 * larger than the largest allowed value for the length field in the
9163	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9164	 */
9165	ctsio->residual = 0;
9166	ctsio->kern_data_len = cdb->length;
9167	ctsio->kern_total_len = cdb->length;
9168
9169	ctsio->kern_data_resid = 0;
9170	ctsio->kern_rel_offset = 0;
9171	ctsio->kern_sg_entries = 0;
9172
9173	/*
9174	 * If we don't have a LUN, we don't have any pending sense.
9175	 */
9176	if (lun == NULL)
9177		goto no_sense;
9178
9179	have_error = 0;
9180	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9181	/*
9182	 * Check for pending sense, and then for pending unit attentions.
9183	 * Pending sense gets returned first, then pending unit attentions.
9184	 */
9185	mtx_lock(&lun->lun_lock);
9186#ifdef CTL_WITH_CA
9187	if (ctl_is_set(lun->have_ca, initidx)) {
9188		scsi_sense_data_type stored_format;
9189
9190		/*
9191		 * Check to see which sense format was used for the stored
9192		 * sense data.
9193		 */
9194		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9195
9196		/*
9197		 * If the user requested a different sense format than the
9198		 * one we stored, then we need to convert it to the other
9199		 * format.  If we're going from descriptor to fixed format
9200		 * sense data, we may lose things in translation, depending
9201		 * on what options were used.
9202		 *
9203		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9204		 * for some reason we'll just copy it out as-is.
9205		 */
9206		if ((stored_format == SSD_TYPE_FIXED)
9207		 && (sense_format == SSD_TYPE_DESC))
9208			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9209			    &lun->pending_sense[initidx],
9210			    (struct scsi_sense_data_desc *)sense_ptr);
9211		else if ((stored_format == SSD_TYPE_DESC)
9212		      && (sense_format == SSD_TYPE_FIXED))
9213			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9214			    &lun->pending_sense[initidx],
9215			    (struct scsi_sense_data_fixed *)sense_ptr);
9216		else
9217			memcpy(sense_ptr, &lun->pending_sense[initidx],
9218			       MIN(sizeof(*sense_ptr),
9219			       sizeof(lun->pending_sense[initidx])));
9220
9221		ctl_clear_mask(lun->have_ca, initidx);
9222		have_error = 1;
9223	} else
9224#endif
9225	{
9226		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9227		if (ua_type != CTL_UA_NONE)
9228			have_error = 1;
9229		if (ua_type == CTL_UA_LUN_CHANGE) {
9230			mtx_unlock(&lun->lun_lock);
9231			mtx_lock(&ctl_softc->ctl_lock);
9232			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9233			mtx_unlock(&ctl_softc->ctl_lock);
9234			mtx_lock(&lun->lun_lock);
9235		}
9236
9237	}
9238	mtx_unlock(&lun->lun_lock);
9239
9240	/*
9241	 * We already have a pending error, return it.
9242	 */
9243	if (have_error != 0) {
9244		/*
9245		 * We report the SCSI status as OK, since the status of the
9246		 * request sense command itself is OK.
9247		 * We report 0 for the sense length, because we aren't doing
9248		 * autosense in this case.  We're reporting sense as
9249		 * parameter data.
9250		 */
9251		ctl_set_success(ctsio);
9252		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9253		ctsio->be_move_done = ctl_config_move_done;
9254		ctl_datamove((union ctl_io *)ctsio);
9255		return (CTL_RETVAL_COMPLETE);
9256	}
9257
9258no_sense:
9259
9260	/*
9261	 * No sense information to report, so we report that everything is
9262	 * okay.
9263	 */
9264	ctl_set_sense_data(sense_ptr,
9265			   lun,
9266			   sense_format,
9267			   /*current_error*/ 1,
9268			   /*sense_key*/ SSD_KEY_NO_SENSE,
9269			   /*asc*/ 0x00,
9270			   /*ascq*/ 0x00,
9271			   SSD_ELEM_NONE);
9272
9273	/*
9274	 * We report 0 for the sense length, because we aren't doing
9275	 * autosense in this case.  We're reporting sense as parameter data.
9276	 */
9277	ctl_set_success(ctsio);
9278	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9279	ctsio->be_move_done = ctl_config_move_done;
9280	ctl_datamove((union ctl_io *)ctsio);
9281	return (CTL_RETVAL_COMPLETE);
9282}
9283
9284int
9285ctl_tur(struct ctl_scsiio *ctsio)
9286{
9287
9288	CTL_DEBUG_PRINT(("ctl_tur\n"));
9289
9290	ctl_set_success(ctsio);
9291	ctl_done((union ctl_io *)ctsio);
9292
9293	return (CTL_RETVAL_COMPLETE);
9294}
9295
9296/*
9297 * SCSI VPD page 0x00, the Supported VPD Pages page.
9298 */
9299static int
9300ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9301{
9302	struct scsi_vpd_supported_pages *pages;
9303	int sup_page_size;
9304	struct ctl_lun *lun;
9305	int p;
9306
9307	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9308
9309	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9310	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9311	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9312	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9313	ctsio->kern_sg_entries = 0;
9314
9315	if (sup_page_size < alloc_len) {
9316		ctsio->residual = alloc_len - sup_page_size;
9317		ctsio->kern_data_len = sup_page_size;
9318		ctsio->kern_total_len = sup_page_size;
9319	} else {
9320		ctsio->residual = 0;
9321		ctsio->kern_data_len = alloc_len;
9322		ctsio->kern_total_len = alloc_len;
9323	}
9324	ctsio->kern_data_resid = 0;
9325	ctsio->kern_rel_offset = 0;
9326	ctsio->kern_sg_entries = 0;
9327
9328	/*
9329	 * The control device is always connected.  The disk device, on the
9330	 * other hand, may not be online all the time.  Need to change this
9331	 * to figure out whether the disk device is actually online or not.
9332	 */
9333	if (lun != NULL)
9334		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9335				lun->be_lun->lun_type;
9336	else
9337		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9338
9339	p = 0;
9340	/* Supported VPD pages */
9341	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9342	/* Serial Number */
9343	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9344	/* Device Identification */
9345	pages->page_list[p++] = SVPD_DEVICE_ID;
9346	/* Extended INQUIRY Data */
9347	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9348	/* Mode Page Policy */
9349	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9350	/* SCSI Ports */
9351	pages->page_list[p++] = SVPD_SCSI_PORTS;
9352	/* Third-party Copy */
9353	pages->page_list[p++] = SVPD_SCSI_TPC;
9354	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9355		/* Block limits */
9356		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9357		/* Block Device Characteristics */
9358		pages->page_list[p++] = SVPD_BDC;
9359		/* Logical Block Provisioning */
9360		pages->page_list[p++] = SVPD_LBP;
9361	}
9362	pages->length = p;
9363
9364	ctl_set_success(ctsio);
9365	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9366	ctsio->be_move_done = ctl_config_move_done;
9367	ctl_datamove((union ctl_io *)ctsio);
9368	return (CTL_RETVAL_COMPLETE);
9369}
9370
9371/*
9372 * SCSI VPD page 0x80, the Unit Serial Number page.
9373 */
9374static int
9375ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9376{
9377	struct scsi_vpd_unit_serial_number *sn_ptr;
9378	struct ctl_lun *lun;
9379	int data_len;
9380
9381	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9382
9383	data_len = 4 + CTL_SN_LEN;
9384	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9385	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9386	if (data_len < alloc_len) {
9387		ctsio->residual = alloc_len - data_len;
9388		ctsio->kern_data_len = data_len;
9389		ctsio->kern_total_len = data_len;
9390	} else {
9391		ctsio->residual = 0;
9392		ctsio->kern_data_len = alloc_len;
9393		ctsio->kern_total_len = alloc_len;
9394	}
9395	ctsio->kern_data_resid = 0;
9396	ctsio->kern_rel_offset = 0;
9397	ctsio->kern_sg_entries = 0;
9398
9399	/*
9400	 * The control device is always connected.  The disk device, on the
9401	 * other hand, may not be online all the time.  Need to change this
9402	 * to figure out whether the disk device is actually online or not.
9403	 */
9404	if (lun != NULL)
9405		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9406				  lun->be_lun->lun_type;
9407	else
9408		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9409
9410	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9411	sn_ptr->length = CTL_SN_LEN;
9412	/*
9413	 * If we don't have a LUN, we just leave the serial number as
9414	 * all spaces.
9415	 */
9416	if (lun != NULL) {
9417		strncpy((char *)sn_ptr->serial_num,
9418			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9419	} else
9420		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9421
9422	ctl_set_success(ctsio);
9423	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9424	ctsio->be_move_done = ctl_config_move_done;
9425	ctl_datamove((union ctl_io *)ctsio);
9426	return (CTL_RETVAL_COMPLETE);
9427}
9428
9429
9430/*
9431 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9432 */
9433static int
9434ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9435{
9436	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9437	struct ctl_lun *lun;
9438	int data_len;
9439
9440	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9441
9442	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9443	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9444	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9445	ctsio->kern_sg_entries = 0;
9446
9447	if (data_len < alloc_len) {
9448		ctsio->residual = alloc_len - data_len;
9449		ctsio->kern_data_len = data_len;
9450		ctsio->kern_total_len = data_len;
9451	} else {
9452		ctsio->residual = 0;
9453		ctsio->kern_data_len = alloc_len;
9454		ctsio->kern_total_len = alloc_len;
9455	}
9456	ctsio->kern_data_resid = 0;
9457	ctsio->kern_rel_offset = 0;
9458	ctsio->kern_sg_entries = 0;
9459
9460	/*
9461	 * The control device is always connected.  The disk device, on the
9462	 * other hand, may not be online all the time.
9463	 */
9464	if (lun != NULL)
9465		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9466				     lun->be_lun->lun_type;
9467	else
9468		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9469	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9470	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9471	/*
9472	 * We support head of queue, ordered and simple tags.
9473	 */
9474	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9475	/*
9476	 * Volatile cache supported.
9477	 */
9478	eid_ptr->flags3 = SVPD_EID_V_SUP;
9479
9480	/*
9481	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9482	 * attention for a particular IT nexus on all LUNs once we report
9483	 * it to that nexus once.  This bit is required as of SPC-4.
9484	 */
9485	eid_ptr->flags4 = SVPD_EID_LUICLT;
9486
9487	/*
9488	 * XXX KDM in order to correctly answer this, we would need
9489	 * information from the SIM to determine how much sense data it
9490	 * can send.  So this would really be a path inquiry field, most
9491	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9492	 * but the hardware may or may not be able to support that much.
9493	 * 0 just means that the maximum sense data length is not reported.
9494	 */
9495	eid_ptr->max_sense_length = 0;
9496
9497	ctl_set_success(ctsio);
9498	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9499	ctsio->be_move_done = ctl_config_move_done;
9500	ctl_datamove((union ctl_io *)ctsio);
9501	return (CTL_RETVAL_COMPLETE);
9502}
9503
9504static int
9505ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9506{
9507	struct scsi_vpd_mode_page_policy *mpp_ptr;
9508	struct ctl_lun *lun;
9509	int data_len;
9510
9511	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9512
9513	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9514	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9515
9516	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9517	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9518	ctsio->kern_sg_entries = 0;
9519
9520	if (data_len < alloc_len) {
9521		ctsio->residual = alloc_len - data_len;
9522		ctsio->kern_data_len = data_len;
9523		ctsio->kern_total_len = data_len;
9524	} else {
9525		ctsio->residual = 0;
9526		ctsio->kern_data_len = alloc_len;
9527		ctsio->kern_total_len = alloc_len;
9528	}
9529	ctsio->kern_data_resid = 0;
9530	ctsio->kern_rel_offset = 0;
9531	ctsio->kern_sg_entries = 0;
9532
9533	/*
9534	 * The control device is always connected.  The disk device, on the
9535	 * other hand, may not be online all the time.
9536	 */
9537	if (lun != NULL)
9538		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9539				     lun->be_lun->lun_type;
9540	else
9541		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9542	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9543	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9544	mpp_ptr->descr[0].page_code = 0x3f;
9545	mpp_ptr->descr[0].subpage_code = 0xff;
9546	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9547
9548	ctl_set_success(ctsio);
9549	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9550	ctsio->be_move_done = ctl_config_move_done;
9551	ctl_datamove((union ctl_io *)ctsio);
9552	return (CTL_RETVAL_COMPLETE);
9553}
9554
9555/*
9556 * SCSI VPD page 0x83, the Device Identification page.
9557 */
9558static int
9559ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9560{
9561	struct scsi_vpd_device_id *devid_ptr;
9562	struct scsi_vpd_id_descriptor *desc;
9563	struct ctl_softc *softc;
9564	struct ctl_lun *lun;
9565	struct ctl_port *port;
9566	int data_len;
9567	uint8_t proto;
9568
9569	softc = control_softc;
9570
9571	port = ctl_io_port(&ctsio->io_hdr);
9572	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9573
9574	data_len = sizeof(struct scsi_vpd_device_id) +
9575	    sizeof(struct scsi_vpd_id_descriptor) +
9576		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9577	    sizeof(struct scsi_vpd_id_descriptor) +
9578		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9579	if (lun && lun->lun_devid)
9580		data_len += lun->lun_devid->len;
9581	if (port && port->port_devid)
9582		data_len += port->port_devid->len;
9583	if (port && port->target_devid)
9584		data_len += port->target_devid->len;
9585
9586	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9587	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9588	ctsio->kern_sg_entries = 0;
9589
9590	if (data_len < alloc_len) {
9591		ctsio->residual = alloc_len - data_len;
9592		ctsio->kern_data_len = data_len;
9593		ctsio->kern_total_len = data_len;
9594	} else {
9595		ctsio->residual = 0;
9596		ctsio->kern_data_len = alloc_len;
9597		ctsio->kern_total_len = alloc_len;
9598	}
9599	ctsio->kern_data_resid = 0;
9600	ctsio->kern_rel_offset = 0;
9601	ctsio->kern_sg_entries = 0;
9602
9603	/*
9604	 * The control device is always connected.  The disk device, on the
9605	 * other hand, may not be online all the time.
9606	 */
9607	if (lun != NULL)
9608		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9609				     lun->be_lun->lun_type;
9610	else
9611		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9612	devid_ptr->page_code = SVPD_DEVICE_ID;
9613	scsi_ulto2b(data_len - 4, devid_ptr->length);
9614
9615	if (port && port->port_type == CTL_PORT_FC)
9616		proto = SCSI_PROTO_FC << 4;
9617	else if (port && port->port_type == CTL_PORT_ISCSI)
9618		proto = SCSI_PROTO_ISCSI << 4;
9619	else
9620		proto = SCSI_PROTO_SPI << 4;
9621	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9622
9623	/*
9624	 * We're using a LUN association here.  i.e., this device ID is a
9625	 * per-LUN identifier.
9626	 */
9627	if (lun && lun->lun_devid) {
9628		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9629		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9630		    lun->lun_devid->len);
9631	}
9632
9633	/*
9634	 * This is for the WWPN which is a port association.
9635	 */
9636	if (port && port->port_devid) {
9637		memcpy(desc, port->port_devid->data, port->port_devid->len);
9638		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9639		    port->port_devid->len);
9640	}
9641
9642	/*
9643	 * This is for the Relative Target Port(type 4h) identifier
9644	 */
9645	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9646	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9647	    SVPD_ID_TYPE_RELTARG;
9648	desc->length = 4;
9649	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9650	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9651	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9652
9653	/*
9654	 * This is for the Target Port Group(type 5h) identifier
9655	 */
9656	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9657	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9658	    SVPD_ID_TYPE_TPORTGRP;
9659	desc->length = 4;
9660	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9661	    &desc->identifier[2]);
9662	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9663	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9664
9665	/*
9666	 * This is for the Target identifier
9667	 */
9668	if (port && port->target_devid) {
9669		memcpy(desc, port->target_devid->data, port->target_devid->len);
9670	}
9671
9672	ctl_set_success(ctsio);
9673	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9674	ctsio->be_move_done = ctl_config_move_done;
9675	ctl_datamove((union ctl_io *)ctsio);
9676	return (CTL_RETVAL_COMPLETE);
9677}
9678
9679static int
9680ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9681{
9682	struct ctl_softc *softc = control_softc;
9683	struct scsi_vpd_scsi_ports *sp;
9684	struct scsi_vpd_port_designation *pd;
9685	struct scsi_vpd_port_designation_cont *pdc;
9686	struct ctl_lun *lun;
9687	struct ctl_port *port;
9688	int data_len, num_target_ports, iid_len, id_len;
9689
9690	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9691
9692	num_target_ports = 0;
9693	iid_len = 0;
9694	id_len = 0;
9695	mtx_lock(&softc->ctl_lock);
9696	STAILQ_FOREACH(port, &softc->port_list, links) {
9697		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9698			continue;
9699		if (lun != NULL &&
9700		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9701			continue;
9702		num_target_ports++;
9703		if (port->init_devid)
9704			iid_len += port->init_devid->len;
9705		if (port->port_devid)
9706			id_len += port->port_devid->len;
9707	}
9708	mtx_unlock(&softc->ctl_lock);
9709
9710	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9711	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9712	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9713	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9714	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9715	ctsio->kern_sg_entries = 0;
9716
9717	if (data_len < alloc_len) {
9718		ctsio->residual = alloc_len - data_len;
9719		ctsio->kern_data_len = data_len;
9720		ctsio->kern_total_len = data_len;
9721	} else {
9722		ctsio->residual = 0;
9723		ctsio->kern_data_len = alloc_len;
9724		ctsio->kern_total_len = alloc_len;
9725	}
9726	ctsio->kern_data_resid = 0;
9727	ctsio->kern_rel_offset = 0;
9728	ctsio->kern_sg_entries = 0;
9729
9730	/*
9731	 * The control device is always connected.  The disk device, on the
9732	 * other hand, may not be online all the time.  Need to change this
9733	 * to figure out whether the disk device is actually online or not.
9734	 */
9735	if (lun != NULL)
9736		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9737				  lun->be_lun->lun_type;
9738	else
9739		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9740
9741	sp->page_code = SVPD_SCSI_PORTS;
9742	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9743	    sp->page_length);
9744	pd = &sp->design[0];
9745
9746	mtx_lock(&softc->ctl_lock);
9747	STAILQ_FOREACH(port, &softc->port_list, links) {
9748		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9749			continue;
9750		if (lun != NULL &&
9751		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9752			continue;
9753		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9754		if (port->init_devid) {
9755			iid_len = port->init_devid->len;
9756			memcpy(pd->initiator_transportid,
9757			    port->init_devid->data, port->init_devid->len);
9758		} else
9759			iid_len = 0;
9760		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9761		pdc = (struct scsi_vpd_port_designation_cont *)
9762		    (&pd->initiator_transportid[iid_len]);
9763		if (port->port_devid) {
9764			id_len = port->port_devid->len;
9765			memcpy(pdc->target_port_descriptors,
9766			    port->port_devid->data, port->port_devid->len);
9767		} else
9768			id_len = 0;
9769		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9770		pd = (struct scsi_vpd_port_designation *)
9771		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9772	}
9773	mtx_unlock(&softc->ctl_lock);
9774
9775	ctl_set_success(ctsio);
9776	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9777	ctsio->be_move_done = ctl_config_move_done;
9778	ctl_datamove((union ctl_io *)ctsio);
9779	return (CTL_RETVAL_COMPLETE);
9780}
9781
9782static int
9783ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9784{
9785	struct scsi_vpd_block_limits *bl_ptr;
9786	struct ctl_lun *lun;
9787
9788	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9789
9790	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9791	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9792	ctsio->kern_sg_entries = 0;
9793
9794	if (sizeof(*bl_ptr) < alloc_len) {
9795		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9796		ctsio->kern_data_len = sizeof(*bl_ptr);
9797		ctsio->kern_total_len = sizeof(*bl_ptr);
9798	} else {
9799		ctsio->residual = 0;
9800		ctsio->kern_data_len = alloc_len;
9801		ctsio->kern_total_len = alloc_len;
9802	}
9803	ctsio->kern_data_resid = 0;
9804	ctsio->kern_rel_offset = 0;
9805	ctsio->kern_sg_entries = 0;
9806
9807	/*
9808	 * The control device is always connected.  The disk device, on the
9809	 * other hand, may not be online all the time.  Need to change this
9810	 * to figure out whether the disk device is actually online or not.
9811	 */
9812	if (lun != NULL)
9813		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9814				  lun->be_lun->lun_type;
9815	else
9816		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9817
9818	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9819	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9820	bl_ptr->max_cmp_write_len = 0xff;
9821	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9822	if (lun != NULL) {
9823		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9824		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9825			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9826			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9827			if (lun->be_lun->ublockexp != 0) {
9828				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9829				    bl_ptr->opt_unmap_grain);
9830				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9831				    bl_ptr->unmap_grain_align);
9832			}
9833		}
9834		scsi_ulto4b(lun->be_lun->atomicblock,
9835		    bl_ptr->max_atomic_transfer_length);
9836		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9837		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9838		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9839		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9840	}
9841	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9842
9843	ctl_set_success(ctsio);
9844	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9845	ctsio->be_move_done = ctl_config_move_done;
9846	ctl_datamove((union ctl_io *)ctsio);
9847	return (CTL_RETVAL_COMPLETE);
9848}
9849
9850static int
9851ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9852{
9853	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9854	struct ctl_lun *lun;
9855	const char *value;
9856	u_int i;
9857
9858	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9859
9860	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9861	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9862	ctsio->kern_sg_entries = 0;
9863
9864	if (sizeof(*bdc_ptr) < alloc_len) {
9865		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9866		ctsio->kern_data_len = sizeof(*bdc_ptr);
9867		ctsio->kern_total_len = sizeof(*bdc_ptr);
9868	} else {
9869		ctsio->residual = 0;
9870		ctsio->kern_data_len = alloc_len;
9871		ctsio->kern_total_len = alloc_len;
9872	}
9873	ctsio->kern_data_resid = 0;
9874	ctsio->kern_rel_offset = 0;
9875	ctsio->kern_sg_entries = 0;
9876
9877	/*
9878	 * The control device is always connected.  The disk device, on the
9879	 * other hand, may not be online all the time.  Need to change this
9880	 * to figure out whether the disk device is actually online or not.
9881	 */
9882	if (lun != NULL)
9883		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9884				  lun->be_lun->lun_type;
9885	else
9886		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9887	bdc_ptr->page_code = SVPD_BDC;
9888	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9889	if (lun != NULL &&
9890	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9891		i = strtol(value, NULL, 0);
9892	else
9893		i = CTL_DEFAULT_ROTATION_RATE;
9894	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9895	if (lun != NULL &&
9896	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9897		i = strtol(value, NULL, 0);
9898	else
9899		i = 0;
9900	bdc_ptr->wab_wac_ff = (i & 0x0f);
9901	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9902
9903	ctl_set_success(ctsio);
9904	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9905	ctsio->be_move_done = ctl_config_move_done;
9906	ctl_datamove((union ctl_io *)ctsio);
9907	return (CTL_RETVAL_COMPLETE);
9908}
9909
9910static int
9911ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9912{
9913	struct scsi_vpd_logical_block_prov *lbp_ptr;
9914	struct ctl_lun *lun;
9915
9916	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9917
9918	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9919	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9920	ctsio->kern_sg_entries = 0;
9921
9922	if (sizeof(*lbp_ptr) < alloc_len) {
9923		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9924		ctsio->kern_data_len = sizeof(*lbp_ptr);
9925		ctsio->kern_total_len = sizeof(*lbp_ptr);
9926	} else {
9927		ctsio->residual = 0;
9928		ctsio->kern_data_len = alloc_len;
9929		ctsio->kern_total_len = alloc_len;
9930	}
9931	ctsio->kern_data_resid = 0;
9932	ctsio->kern_rel_offset = 0;
9933	ctsio->kern_sg_entries = 0;
9934
9935	/*
9936	 * The control device is always connected.  The disk device, on the
9937	 * other hand, may not be online all the time.  Need to change this
9938	 * to figure out whether the disk device is actually online or not.
9939	 */
9940	if (lun != NULL)
9941		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9942				  lun->be_lun->lun_type;
9943	else
9944		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9945
9946	lbp_ptr->page_code = SVPD_LBP;
9947	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9948	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9949	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9950		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9951		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9952		lbp_ptr->prov_type = SVPD_LBP_THIN;
9953	}
9954
9955	ctl_set_success(ctsio);
9956	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9957	ctsio->be_move_done = ctl_config_move_done;
9958	ctl_datamove((union ctl_io *)ctsio);
9959	return (CTL_RETVAL_COMPLETE);
9960}
9961
9962/*
9963 * INQUIRY with the EVPD bit set.
9964 */
9965static int
9966ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9967{
9968	struct ctl_lun *lun;
9969	struct scsi_inquiry *cdb;
9970	int alloc_len, retval;
9971
9972	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9973	cdb = (struct scsi_inquiry *)ctsio->cdb;
9974	alloc_len = scsi_2btoul(cdb->length);
9975
9976	switch (cdb->page_code) {
9977	case SVPD_SUPPORTED_PAGES:
9978		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9979		break;
9980	case SVPD_UNIT_SERIAL_NUMBER:
9981		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9982		break;
9983	case SVPD_DEVICE_ID:
9984		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9985		break;
9986	case SVPD_EXTENDED_INQUIRY_DATA:
9987		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9988		break;
9989	case SVPD_MODE_PAGE_POLICY:
9990		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9991		break;
9992	case SVPD_SCSI_PORTS:
9993		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9994		break;
9995	case SVPD_SCSI_TPC:
9996		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9997		break;
9998	case SVPD_BLOCK_LIMITS:
9999		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10000			goto err;
10001		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10002		break;
10003	case SVPD_BDC:
10004		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10005			goto err;
10006		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10007		break;
10008	case SVPD_LBP:
10009		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10010			goto err;
10011		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10012		break;
10013	default:
10014err:
10015		ctl_set_invalid_field(ctsio,
10016				      /*sks_valid*/ 1,
10017				      /*command*/ 1,
10018				      /*field*/ 2,
10019				      /*bit_valid*/ 0,
10020				      /*bit*/ 0);
10021		ctl_done((union ctl_io *)ctsio);
10022		retval = CTL_RETVAL_COMPLETE;
10023		break;
10024	}
10025
10026	return (retval);
10027}
10028
10029/*
10030 * Standard INQUIRY data.
10031 */
10032static int
10033ctl_inquiry_std(struct ctl_scsiio *ctsio)
10034{
10035	struct scsi_inquiry_data *inq_ptr;
10036	struct scsi_inquiry *cdb;
10037	struct ctl_softc *softc = control_softc;
10038	struct ctl_port *port;
10039	struct ctl_lun *lun;
10040	char *val;
10041	uint32_t alloc_len, data_len;
10042	ctl_port_type port_type;
10043
10044	port = ctl_io_port(&ctsio->io_hdr);
10045	port_type = port->port_type;
10046	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10047		port_type = CTL_PORT_SCSI;
10048
10049	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10050	cdb = (struct scsi_inquiry *)ctsio->cdb;
10051	alloc_len = scsi_2btoul(cdb->length);
10052
10053	/*
10054	 * We malloc the full inquiry data size here and fill it
10055	 * in.  If the user only asks for less, we'll give him
10056	 * that much.
10057	 */
10058	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10059	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10060	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10061	ctsio->kern_sg_entries = 0;
10062	ctsio->kern_data_resid = 0;
10063	ctsio->kern_rel_offset = 0;
10064
10065	if (data_len < alloc_len) {
10066		ctsio->residual = alloc_len - data_len;
10067		ctsio->kern_data_len = data_len;
10068		ctsio->kern_total_len = data_len;
10069	} else {
10070		ctsio->residual = 0;
10071		ctsio->kern_data_len = alloc_len;
10072		ctsio->kern_total_len = alloc_len;
10073	}
10074
10075	if (lun != NULL) {
10076		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10077		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10078			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10079			    lun->be_lun->lun_type;
10080		} else {
10081			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10082			    lun->be_lun->lun_type;
10083		}
10084	} else
10085		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10086
10087	/* RMB in byte 2 is 0 */
10088	inq_ptr->version = SCSI_REV_SPC4;
10089
10090	/*
10091	 * According to SAM-3, even if a device only supports a single
10092	 * level of LUN addressing, it should still set the HISUP bit:
10093	 *
10094	 * 4.9.1 Logical unit numbers overview
10095	 *
10096	 * All logical unit number formats described in this standard are
10097	 * hierarchical in structure even when only a single level in that
10098	 * hierarchy is used. The HISUP bit shall be set to one in the
10099	 * standard INQUIRY data (see SPC-2) when any logical unit number
10100	 * format described in this standard is used.  Non-hierarchical
10101	 * formats are outside the scope of this standard.
10102	 *
10103	 * Therefore we set the HiSup bit here.
10104	 *
10105	 * The reponse format is 2, per SPC-3.
10106	 */
10107	inq_ptr->response_format = SID_HiSup | 2;
10108
10109	inq_ptr->additional_length = data_len -
10110	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10111	CTL_DEBUG_PRINT(("additional_length = %d\n",
10112			 inq_ptr->additional_length));
10113
10114	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10115	/* 16 bit addressing */
10116	if (port_type == CTL_PORT_SCSI)
10117		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10118	/* XXX set the SID_MultiP bit here if we're actually going to
10119	   respond on multiple ports */
10120	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10121
10122	/* 16 bit data bus, synchronous transfers */
10123	if (port_type == CTL_PORT_SCSI)
10124		inq_ptr->flags = SID_WBus16 | SID_Sync;
10125	/*
10126	 * XXX KDM do we want to support tagged queueing on the control
10127	 * device at all?
10128	 */
10129	if ((lun == NULL)
10130	 || (lun->be_lun->lun_type != T_PROCESSOR))
10131		inq_ptr->flags |= SID_CmdQue;
10132	/*
10133	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10134	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10135	 * name and 4 bytes for the revision.
10136	 */
10137	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10138	    "vendor")) == NULL) {
10139		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10140	} else {
10141		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10142		strncpy(inq_ptr->vendor, val,
10143		    min(sizeof(inq_ptr->vendor), strlen(val)));
10144	}
10145	if (lun == NULL) {
10146		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10147		    sizeof(inq_ptr->product));
10148	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10149		switch (lun->be_lun->lun_type) {
10150		case T_DIRECT:
10151			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10152			    sizeof(inq_ptr->product));
10153			break;
10154		case T_PROCESSOR:
10155			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10156			    sizeof(inq_ptr->product));
10157			break;
10158		default:
10159			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10160			    sizeof(inq_ptr->product));
10161			break;
10162		}
10163	} else {
10164		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10165		strncpy(inq_ptr->product, val,
10166		    min(sizeof(inq_ptr->product), strlen(val)));
10167	}
10168
10169	/*
10170	 * XXX make this a macro somewhere so it automatically gets
10171	 * incremented when we make changes.
10172	 */
10173	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10174	    "revision")) == NULL) {
10175		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10176	} else {
10177		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10178		strncpy(inq_ptr->revision, val,
10179		    min(sizeof(inq_ptr->revision), strlen(val)));
10180	}
10181
10182	/*
10183	 * For parallel SCSI, we support double transition and single
10184	 * transition clocking.  We also support QAS (Quick Arbitration
10185	 * and Selection) and Information Unit transfers on both the
10186	 * control and array devices.
10187	 */
10188	if (port_type == CTL_PORT_SCSI)
10189		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10190				    SID_SPI_IUS;
10191
10192	/* SAM-5 (no version claimed) */
10193	scsi_ulto2b(0x00A0, inq_ptr->version1);
10194	/* SPC-4 (no version claimed) */
10195	scsi_ulto2b(0x0460, inq_ptr->version2);
10196	if (port_type == CTL_PORT_FC) {
10197		/* FCP-2 ANSI INCITS.350:2003 */
10198		scsi_ulto2b(0x0917, inq_ptr->version3);
10199	} else if (port_type == CTL_PORT_SCSI) {
10200		/* SPI-4 ANSI INCITS.362:200x */
10201		scsi_ulto2b(0x0B56, inq_ptr->version3);
10202	} else if (port_type == CTL_PORT_ISCSI) {
10203		/* iSCSI (no version claimed) */
10204		scsi_ulto2b(0x0960, inq_ptr->version3);
10205	} else if (port_type == CTL_PORT_SAS) {
10206		/* SAS (no version claimed) */
10207		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10208	}
10209
10210	if (lun == NULL) {
10211		/* SBC-4 (no version claimed) */
10212		scsi_ulto2b(0x0600, inq_ptr->version4);
10213	} else {
10214		switch (lun->be_lun->lun_type) {
10215		case T_DIRECT:
10216			/* SBC-4 (no version claimed) */
10217			scsi_ulto2b(0x0600, inq_ptr->version4);
10218			break;
10219		case T_PROCESSOR:
10220		default:
10221			break;
10222		}
10223	}
10224
10225	ctl_set_success(ctsio);
10226	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10227	ctsio->be_move_done = ctl_config_move_done;
10228	ctl_datamove((union ctl_io *)ctsio);
10229	return (CTL_RETVAL_COMPLETE);
10230}
10231
10232int
10233ctl_inquiry(struct ctl_scsiio *ctsio)
10234{
10235	struct scsi_inquiry *cdb;
10236	int retval;
10237
10238	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10239
10240	cdb = (struct scsi_inquiry *)ctsio->cdb;
10241	if (cdb->byte2 & SI_EVPD)
10242		retval = ctl_inquiry_evpd(ctsio);
10243	else if (cdb->page_code == 0)
10244		retval = ctl_inquiry_std(ctsio);
10245	else {
10246		ctl_set_invalid_field(ctsio,
10247				      /*sks_valid*/ 1,
10248				      /*command*/ 1,
10249				      /*field*/ 2,
10250				      /*bit_valid*/ 0,
10251				      /*bit*/ 0);
10252		ctl_done((union ctl_io *)ctsio);
10253		return (CTL_RETVAL_COMPLETE);
10254	}
10255
10256	return (retval);
10257}
10258
10259/*
10260 * For known CDB types, parse the LBA and length.
10261 */
10262static int
10263ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10264{
10265	if (io->io_hdr.io_type != CTL_IO_SCSI)
10266		return (1);
10267
10268	switch (io->scsiio.cdb[0]) {
10269	case COMPARE_AND_WRITE: {
10270		struct scsi_compare_and_write *cdb;
10271
10272		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10273
10274		*lba = scsi_8btou64(cdb->addr);
10275		*len = cdb->length;
10276		break;
10277	}
10278	case READ_6:
10279	case WRITE_6: {
10280		struct scsi_rw_6 *cdb;
10281
10282		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10283
10284		*lba = scsi_3btoul(cdb->addr);
10285		/* only 5 bits are valid in the most significant address byte */
10286		*lba &= 0x1fffff;
10287		*len = cdb->length;
10288		break;
10289	}
10290	case READ_10:
10291	case WRITE_10: {
10292		struct scsi_rw_10 *cdb;
10293
10294		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10295
10296		*lba = scsi_4btoul(cdb->addr);
10297		*len = scsi_2btoul(cdb->length);
10298		break;
10299	}
10300	case WRITE_VERIFY_10: {
10301		struct scsi_write_verify_10 *cdb;
10302
10303		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10304
10305		*lba = scsi_4btoul(cdb->addr);
10306		*len = scsi_2btoul(cdb->length);
10307		break;
10308	}
10309	case READ_12:
10310	case WRITE_12: {
10311		struct scsi_rw_12 *cdb;
10312
10313		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10314
10315		*lba = scsi_4btoul(cdb->addr);
10316		*len = scsi_4btoul(cdb->length);
10317		break;
10318	}
10319	case WRITE_VERIFY_12: {
10320		struct scsi_write_verify_12 *cdb;
10321
10322		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10323
10324		*lba = scsi_4btoul(cdb->addr);
10325		*len = scsi_4btoul(cdb->length);
10326		break;
10327	}
10328	case READ_16:
10329	case WRITE_16: {
10330		struct scsi_rw_16 *cdb;
10331
10332		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10333
10334		*lba = scsi_8btou64(cdb->addr);
10335		*len = scsi_4btoul(cdb->length);
10336		break;
10337	}
10338	case WRITE_ATOMIC_16: {
10339		struct scsi_write_atomic_16 *cdb;
10340
10341		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10342
10343		*lba = scsi_8btou64(cdb->addr);
10344		*len = scsi_2btoul(cdb->length);
10345		break;
10346	}
10347	case WRITE_VERIFY_16: {
10348		struct scsi_write_verify_16 *cdb;
10349
10350		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10351
10352		*lba = scsi_8btou64(cdb->addr);
10353		*len = scsi_4btoul(cdb->length);
10354		break;
10355	}
10356	case WRITE_SAME_10: {
10357		struct scsi_write_same_10 *cdb;
10358
10359		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10360
10361		*lba = scsi_4btoul(cdb->addr);
10362		*len = scsi_2btoul(cdb->length);
10363		break;
10364	}
10365	case WRITE_SAME_16: {
10366		struct scsi_write_same_16 *cdb;
10367
10368		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10369
10370		*lba = scsi_8btou64(cdb->addr);
10371		*len = scsi_4btoul(cdb->length);
10372		break;
10373	}
10374	case VERIFY_10: {
10375		struct scsi_verify_10 *cdb;
10376
10377		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10378
10379		*lba = scsi_4btoul(cdb->addr);
10380		*len = scsi_2btoul(cdb->length);
10381		break;
10382	}
10383	case VERIFY_12: {
10384		struct scsi_verify_12 *cdb;
10385
10386		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10387
10388		*lba = scsi_4btoul(cdb->addr);
10389		*len = scsi_4btoul(cdb->length);
10390		break;
10391	}
10392	case VERIFY_16: {
10393		struct scsi_verify_16 *cdb;
10394
10395		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10396
10397		*lba = scsi_8btou64(cdb->addr);
10398		*len = scsi_4btoul(cdb->length);
10399		break;
10400	}
10401	case UNMAP: {
10402		*lba = 0;
10403		*len = UINT64_MAX;
10404		break;
10405	}
10406	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10407		struct scsi_get_lba_status *cdb;
10408
10409		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10410		*lba = scsi_8btou64(cdb->addr);
10411		*len = UINT32_MAX;
10412		break;
10413	}
10414	default:
10415		return (1);
10416		break; /* NOTREACHED */
10417	}
10418
10419	return (0);
10420}
10421
10422static ctl_action
10423ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10424    bool seq)
10425{
10426	uint64_t endlba1, endlba2;
10427
10428	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10429	endlba2 = lba2 + len2 - 1;
10430
10431	if ((endlba1 < lba2) || (endlba2 < lba1))
10432		return (CTL_ACTION_PASS);
10433	else
10434		return (CTL_ACTION_BLOCK);
10435}
10436
10437static int
10438ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10439{
10440	struct ctl_ptr_len_flags *ptrlen;
10441	struct scsi_unmap_desc *buf, *end, *range;
10442	uint64_t lba;
10443	uint32_t len;
10444
10445	/* If not UNMAP -- go other way. */
10446	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10447	    io->scsiio.cdb[0] != UNMAP)
10448		return (CTL_ACTION_ERROR);
10449
10450	/* If UNMAP without data -- block and wait for data. */
10451	ptrlen = (struct ctl_ptr_len_flags *)
10452	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10453	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10454	    ptrlen->ptr == NULL)
10455		return (CTL_ACTION_BLOCK);
10456
10457	/* UNMAP with data -- check for collision. */
10458	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10459	end = buf + ptrlen->len / sizeof(*buf);
10460	for (range = buf; range < end; range++) {
10461		lba = scsi_8btou64(range->lba);
10462		len = scsi_4btoul(range->length);
10463		if ((lba < lba2 + len2) && (lba + len > lba2))
10464			return (CTL_ACTION_BLOCK);
10465	}
10466	return (CTL_ACTION_PASS);
10467}
10468
10469static ctl_action
10470ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10471{
10472	uint64_t lba1, lba2;
10473	uint64_t len1, len2;
10474	int retval;
10475
10476	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10477		return (CTL_ACTION_ERROR);
10478
10479	retval = ctl_extent_check_unmap(io1, lba2, len2);
10480	if (retval != CTL_ACTION_ERROR)
10481		return (retval);
10482
10483	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10484		return (CTL_ACTION_ERROR);
10485
10486	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10487		seq = FALSE;
10488	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10489}
10490
10491static ctl_action
10492ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10493{
10494	uint64_t lba1, lba2;
10495	uint64_t len1, len2;
10496
10497	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10498		return (CTL_ACTION_PASS);
10499	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10500		return (CTL_ACTION_ERROR);
10501	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10502		return (CTL_ACTION_ERROR);
10503
10504	if (lba1 + len1 == lba2)
10505		return (CTL_ACTION_BLOCK);
10506	return (CTL_ACTION_PASS);
10507}
10508
10509static ctl_action
10510ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10511    union ctl_io *ooa_io)
10512{
10513	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10514	const ctl_serialize_action *serialize_row;
10515
10516	/*
10517	 * The initiator attempted multiple untagged commands at the same
10518	 * time.  Can't do that.
10519	 */
10520	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10521	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10522	 && ((pending_io->io_hdr.nexus.targ_port ==
10523	      ooa_io->io_hdr.nexus.targ_port)
10524	  && (pending_io->io_hdr.nexus.initid ==
10525	      ooa_io->io_hdr.nexus.initid))
10526	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10527	      CTL_FLAG_STATUS_SENT)) == 0))
10528		return (CTL_ACTION_OVERLAP);
10529
10530	/*
10531	 * The initiator attempted to send multiple tagged commands with
10532	 * the same ID.  (It's fine if different initiators have the same
10533	 * tag ID.)
10534	 *
10535	 * Even if all of those conditions are true, we don't kill the I/O
10536	 * if the command ahead of us has been aborted.  We won't end up
10537	 * sending it to the FETD, and it's perfectly legal to resend a
10538	 * command with the same tag number as long as the previous
10539	 * instance of this tag number has been aborted somehow.
10540	 */
10541	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10542	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10543	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10544	 && ((pending_io->io_hdr.nexus.targ_port ==
10545	      ooa_io->io_hdr.nexus.targ_port)
10546	  && (pending_io->io_hdr.nexus.initid ==
10547	      ooa_io->io_hdr.nexus.initid))
10548	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10549	      CTL_FLAG_STATUS_SENT)) == 0))
10550		return (CTL_ACTION_OVERLAP_TAG);
10551
10552	/*
10553	 * If we get a head of queue tag, SAM-3 says that we should
10554	 * immediately execute it.
10555	 *
10556	 * What happens if this command would normally block for some other
10557	 * reason?  e.g. a request sense with a head of queue tag
10558	 * immediately after a write.  Normally that would block, but this
10559	 * will result in its getting executed immediately...
10560	 *
10561	 * We currently return "pass" instead of "skip", so we'll end up
10562	 * going through the rest of the queue to check for overlapped tags.
10563	 *
10564	 * XXX KDM check for other types of blockage first??
10565	 */
10566	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10567		return (CTL_ACTION_PASS);
10568
10569	/*
10570	 * Ordered tags have to block until all items ahead of them
10571	 * have completed.  If we get called with an ordered tag, we always
10572	 * block, if something else is ahead of us in the queue.
10573	 */
10574	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10575		return (CTL_ACTION_BLOCK);
10576
10577	/*
10578	 * Simple tags get blocked until all head of queue and ordered tags
10579	 * ahead of them have completed.  I'm lumping untagged commands in
10580	 * with simple tags here.  XXX KDM is that the right thing to do?
10581	 */
10582	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10583	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10584	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10585	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10586		return (CTL_ACTION_BLOCK);
10587
10588	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10589	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10590
10591	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10592
10593	switch (serialize_row[pending_entry->seridx]) {
10594	case CTL_SER_BLOCK:
10595		return (CTL_ACTION_BLOCK);
10596	case CTL_SER_EXTENT:
10597		return (ctl_extent_check(ooa_io, pending_io,
10598		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10599	case CTL_SER_EXTENTOPT:
10600		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10601		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10602			return (ctl_extent_check(ooa_io, pending_io,
10603			    (lun->be_lun &&
10604			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10605		return (CTL_ACTION_PASS);
10606	case CTL_SER_EXTENTSEQ:
10607		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10608			return (ctl_extent_check_seq(ooa_io, pending_io));
10609		return (CTL_ACTION_PASS);
10610	case CTL_SER_PASS:
10611		return (CTL_ACTION_PASS);
10612	case CTL_SER_BLOCKOPT:
10613		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10614		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10615			return (CTL_ACTION_BLOCK);
10616		return (CTL_ACTION_PASS);
10617	case CTL_SER_SKIP:
10618		return (CTL_ACTION_SKIP);
10619	default:
10620		panic("invalid serialization value %d",
10621		      serialize_row[pending_entry->seridx]);
10622	}
10623
10624	return (CTL_ACTION_ERROR);
10625}
10626
10627/*
10628 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10629 * Assumptions:
10630 * - pending_io is generally either incoming, or on the blocked queue
10631 * - starting I/O is the I/O we want to start the check with.
10632 */
10633static ctl_action
10634ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10635	      union ctl_io *starting_io)
10636{
10637	union ctl_io *ooa_io;
10638	ctl_action action;
10639
10640	mtx_assert(&lun->lun_lock, MA_OWNED);
10641
10642	/*
10643	 * Run back along the OOA queue, starting with the current
10644	 * blocked I/O and going through every I/O before it on the
10645	 * queue.  If starting_io is NULL, we'll just end up returning
10646	 * CTL_ACTION_PASS.
10647	 */
10648	for (ooa_io = starting_io; ooa_io != NULL;
10649	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10650	     ooa_links)){
10651
10652		/*
10653		 * This routine just checks to see whether
10654		 * cur_blocked is blocked by ooa_io, which is ahead
10655		 * of it in the queue.  It doesn't queue/dequeue
10656		 * cur_blocked.
10657		 */
10658		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10659		switch (action) {
10660		case CTL_ACTION_BLOCK:
10661		case CTL_ACTION_OVERLAP:
10662		case CTL_ACTION_OVERLAP_TAG:
10663		case CTL_ACTION_SKIP:
10664		case CTL_ACTION_ERROR:
10665			return (action);
10666			break; /* NOTREACHED */
10667		case CTL_ACTION_PASS:
10668			break;
10669		default:
10670			panic("invalid action %d", action);
10671			break;  /* NOTREACHED */
10672		}
10673	}
10674
10675	return (CTL_ACTION_PASS);
10676}
10677
10678/*
10679 * Assumptions:
10680 * - An I/O has just completed, and has been removed from the per-LUN OOA
10681 *   queue, so some items on the blocked queue may now be unblocked.
10682 */
10683static int
10684ctl_check_blocked(struct ctl_lun *lun)
10685{
10686	struct ctl_softc *softc = lun->ctl_softc;
10687	union ctl_io *cur_blocked, *next_blocked;
10688
10689	mtx_assert(&lun->lun_lock, MA_OWNED);
10690
10691	/*
10692	 * Run forward from the head of the blocked queue, checking each
10693	 * entry against the I/Os prior to it on the OOA queue to see if
10694	 * there is still any blockage.
10695	 *
10696	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10697	 * with our removing a variable on it while it is traversing the
10698	 * list.
10699	 */
10700	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10701	     cur_blocked != NULL; cur_blocked = next_blocked) {
10702		union ctl_io *prev_ooa;
10703		ctl_action action;
10704
10705		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10706							  blocked_links);
10707
10708		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10709						      ctl_ooaq, ooa_links);
10710
10711		/*
10712		 * If cur_blocked happens to be the first item in the OOA
10713		 * queue now, prev_ooa will be NULL, and the action
10714		 * returned will just be CTL_ACTION_PASS.
10715		 */
10716		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10717
10718		switch (action) {
10719		case CTL_ACTION_BLOCK:
10720			/* Nothing to do here, still blocked */
10721			break;
10722		case CTL_ACTION_OVERLAP:
10723		case CTL_ACTION_OVERLAP_TAG:
10724			/*
10725			 * This shouldn't happen!  In theory we've already
10726			 * checked this command for overlap...
10727			 */
10728			break;
10729		case CTL_ACTION_PASS:
10730		case CTL_ACTION_SKIP: {
10731			const struct ctl_cmd_entry *entry;
10732
10733			/*
10734			 * The skip case shouldn't happen, this transaction
10735			 * should have never made it onto the blocked queue.
10736			 */
10737			/*
10738			 * This I/O is no longer blocked, we can remove it
10739			 * from the blocked queue.  Since this is a TAILQ
10740			 * (doubly linked list), we can do O(1) removals
10741			 * from any place on the list.
10742			 */
10743			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10744				     blocked_links);
10745			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10746
10747			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10748			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10749				/*
10750				 * Need to send IO back to original side to
10751				 * run
10752				 */
10753				union ctl_ha_msg msg_info;
10754
10755				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10756				msg_info.hdr.original_sc =
10757					cur_blocked->io_hdr.original_sc;
10758				msg_info.hdr.serializing_sc = cur_blocked;
10759				msg_info.hdr.msg_type = CTL_MSG_R2R;
10760				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10761				    sizeof(msg_info.hdr), M_NOWAIT);
10762				break;
10763			}
10764			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10765
10766			/*
10767			 * Check this I/O for LUN state changes that may
10768			 * have happened while this command was blocked.
10769			 * The LUN state may have been changed by a command
10770			 * ahead of us in the queue, so we need to re-check
10771			 * for any states that can be caused by SCSI
10772			 * commands.
10773			 */
10774			if (ctl_scsiio_lun_check(lun, entry,
10775						 &cur_blocked->scsiio) == 0) {
10776				cur_blocked->io_hdr.flags |=
10777				                      CTL_FLAG_IS_WAS_ON_RTR;
10778				ctl_enqueue_rtr(cur_blocked);
10779			} else
10780				ctl_done(cur_blocked);
10781			break;
10782		}
10783		default:
10784			/*
10785			 * This probably shouldn't happen -- we shouldn't
10786			 * get CTL_ACTION_ERROR, or anything else.
10787			 */
10788			break;
10789		}
10790	}
10791
10792	return (CTL_RETVAL_COMPLETE);
10793}
10794
10795/*
10796 * This routine (with one exception) checks LUN flags that can be set by
10797 * commands ahead of us in the OOA queue.  These flags have to be checked
10798 * when a command initially comes in, and when we pull a command off the
10799 * blocked queue and are preparing to execute it.  The reason we have to
10800 * check these flags for commands on the blocked queue is that the LUN
10801 * state may have been changed by a command ahead of us while we're on the
10802 * blocked queue.
10803 *
10804 * Ordering is somewhat important with these checks, so please pay
10805 * careful attention to the placement of any new checks.
10806 */
10807static int
10808ctl_scsiio_lun_check(struct ctl_lun *lun,
10809    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10810{
10811	struct ctl_softc *softc = lun->ctl_softc;
10812	int retval;
10813	uint32_t residx;
10814
10815	retval = 0;
10816
10817	mtx_assert(&lun->lun_lock, MA_OWNED);
10818
10819	/*
10820	 * If this shelf is a secondary shelf controller, we may have to
10821	 * reject some commands disallowed by HA mode and link state.
10822	 */
10823	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10824		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10825		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10826			ctl_set_lun_unavail(ctsio);
10827			retval = 1;
10828			goto bailout;
10829		}
10830		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10831		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10832			ctl_set_lun_transit(ctsio);
10833			retval = 1;
10834			goto bailout;
10835		}
10836		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10837		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10838			ctl_set_lun_standby(ctsio);
10839			retval = 1;
10840			goto bailout;
10841		}
10842
10843		/* The rest of checks are only done on executing side */
10844		if (softc->ha_mode == CTL_HA_MODE_XFER)
10845			goto bailout;
10846	}
10847
10848	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10849		if (lun->be_lun &&
10850		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10851			ctl_set_hw_write_protected(ctsio);
10852			retval = 1;
10853			goto bailout;
10854		}
10855		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10856		    .eca_and_aen & SCP_SWP) != 0) {
10857			ctl_set_sense(ctsio, /*current_error*/ 1,
10858			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10859			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10860			retval = 1;
10861			goto bailout;
10862		}
10863	}
10864
10865	/*
10866	 * Check for a reservation conflict.  If this command isn't allowed
10867	 * even on reserved LUNs, and if this initiator isn't the one who
10868	 * reserved us, reject the command with a reservation conflict.
10869	 */
10870	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10871	if ((lun->flags & CTL_LUN_RESERVED)
10872	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10873		if (lun->res_idx != residx) {
10874			ctl_set_reservation_conflict(ctsio);
10875			retval = 1;
10876			goto bailout;
10877		}
10878	}
10879
10880	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10881	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10882		/* No reservation or command is allowed. */;
10883	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10884	    (lun->res_type == SPR_TYPE_WR_EX ||
10885	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10886	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10887		/* The command is allowed for Write Exclusive resv. */;
10888	} else {
10889		/*
10890		 * if we aren't registered or it's a res holder type
10891		 * reservation and this isn't the res holder then set a
10892		 * conflict.
10893		 */
10894		if (ctl_get_prkey(lun, residx) == 0
10895		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10896			ctl_set_reservation_conflict(ctsio);
10897			retval = 1;
10898			goto bailout;
10899		}
10900	}
10901
10902	if ((lun->flags & CTL_LUN_OFFLINE)
10903	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10904		ctl_set_lun_not_ready(ctsio);
10905		retval = 1;
10906		goto bailout;
10907	}
10908
10909	if ((lun->flags & CTL_LUN_STOPPED)
10910	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10911		/* "Logical unit not ready, initializing cmd. required" */
10912		ctl_set_lun_stopped(ctsio);
10913		retval = 1;
10914		goto bailout;
10915	}
10916
10917	if ((lun->flags & CTL_LUN_INOPERABLE)
10918	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10919		/* "Medium format corrupted" */
10920		ctl_set_medium_format_corrupted(ctsio);
10921		retval = 1;
10922		goto bailout;
10923	}
10924
10925bailout:
10926	return (retval);
10927}
10928
10929static void
10930ctl_failover_io(union ctl_io *io, int have_lock)
10931{
10932	ctl_set_busy(&io->scsiio);
10933	ctl_done(io);
10934}
10935
10936static void
10937ctl_failover_lun(union ctl_io *rio)
10938{
10939	struct ctl_softc *softc = control_softc;
10940	struct ctl_lun *lun;
10941	struct ctl_io_hdr *io, *next_io;
10942	uint32_t targ_lun;
10943
10944	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
10945	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
10946
10947	/* Find and lock the LUN. */
10948	mtx_lock(&softc->ctl_lock);
10949	if ((targ_lun < CTL_MAX_LUNS) &&
10950	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
10951		mtx_lock(&lun->lun_lock);
10952		mtx_unlock(&softc->ctl_lock);
10953		if (lun->flags & CTL_LUN_DISABLED) {
10954			mtx_unlock(&lun->lun_lock);
10955			return;
10956		}
10957	} else {
10958		mtx_unlock(&softc->ctl_lock);
10959		return;
10960	}
10961
10962	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10963		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10964			/* We are master */
10965			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10966				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10967					io->flags |= CTL_FLAG_ABORT;
10968					io->flags |= CTL_FLAG_FAILOVER;
10969				} else { /* This can be only due to DATAMOVE */
10970					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10971					io->flags &= ~CTL_FLAG_DMA_INPROG;
10972					io->flags |= CTL_FLAG_IO_ACTIVE;
10973					io->port_status = 31340;
10974					ctl_enqueue_isc((union ctl_io *)io);
10975				}
10976			}
10977			/* We are slave */
10978			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10979				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10980				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10981					io->flags |= CTL_FLAG_FAILOVER;
10982				} else {
10983					ctl_set_busy(&((union ctl_io *)io)->
10984					    scsiio);
10985					ctl_done((union ctl_io *)io);
10986				}
10987			}
10988		}
10989	} else { /* SERIALIZE modes */
10990		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10991		    next_io) {
10992			/* We are master */
10993			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10994				TAILQ_REMOVE(&lun->blocked_queue, io,
10995				    blocked_links);
10996				io->flags &= ~CTL_FLAG_BLOCKED;
10997				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10998				ctl_free_io((union ctl_io *)io);
10999			}
11000		}
11001		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11002			/* We are master */
11003			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11004				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11005				ctl_free_io((union ctl_io *)io);
11006			}
11007			/* We are slave */
11008			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11009				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11010				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11011					ctl_set_busy(&((union ctl_io *)io)->
11012					    scsiio);
11013					ctl_done((union ctl_io *)io);
11014				}
11015			}
11016		}
11017		ctl_check_blocked(lun);
11018	}
11019	mtx_unlock(&lun->lun_lock);
11020}
11021
11022static int
11023ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11024{
11025	struct ctl_lun *lun;
11026	const struct ctl_cmd_entry *entry;
11027	uint32_t initidx, targ_lun;
11028	int retval;
11029
11030	retval = 0;
11031
11032	lun = NULL;
11033
11034	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11035	if ((targ_lun < CTL_MAX_LUNS)
11036	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11037		/*
11038		 * If the LUN is invalid, pretend that it doesn't exist.
11039		 * It will go away as soon as all pending I/O has been
11040		 * completed.
11041		 */
11042		mtx_lock(&lun->lun_lock);
11043		if (lun->flags & CTL_LUN_DISABLED) {
11044			mtx_unlock(&lun->lun_lock);
11045			lun = NULL;
11046			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11047			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11048		} else {
11049			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11050			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11051				lun->be_lun;
11052
11053			/*
11054			 * Every I/O goes into the OOA queue for a
11055			 * particular LUN, and stays there until completion.
11056			 */
11057#ifdef CTL_TIME_IO
11058			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11059				lun->idle_time += getsbinuptime() -
11060				    lun->last_busy;
11061			}
11062#endif
11063			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11064			    ooa_links);
11065		}
11066	} else {
11067		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11068		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11069	}
11070
11071	/* Get command entry and return error if it is unsuppotyed. */
11072	entry = ctl_validate_command(ctsio);
11073	if (entry == NULL) {
11074		if (lun)
11075			mtx_unlock(&lun->lun_lock);
11076		return (retval);
11077	}
11078
11079	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11080	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11081
11082	/*
11083	 * Check to see whether we can send this command to LUNs that don't
11084	 * exist.  This should pretty much only be the case for inquiry
11085	 * and request sense.  Further checks, below, really require having
11086	 * a LUN, so we can't really check the command anymore.  Just put
11087	 * it on the rtr queue.
11088	 */
11089	if (lun == NULL) {
11090		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11091			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11092			ctl_enqueue_rtr((union ctl_io *)ctsio);
11093			return (retval);
11094		}
11095
11096		ctl_set_unsupported_lun(ctsio);
11097		ctl_done((union ctl_io *)ctsio);
11098		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11099		return (retval);
11100	} else {
11101		/*
11102		 * Make sure we support this particular command on this LUN.
11103		 * e.g., we don't support writes to the control LUN.
11104		 */
11105		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11106			mtx_unlock(&lun->lun_lock);
11107			ctl_set_invalid_opcode(ctsio);
11108			ctl_done((union ctl_io *)ctsio);
11109			return (retval);
11110		}
11111	}
11112
11113	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11114
11115#ifdef CTL_WITH_CA
11116	/*
11117	 * If we've got a request sense, it'll clear the contingent
11118	 * allegiance condition.  Otherwise, if we have a CA condition for
11119	 * this initiator, clear it, because it sent down a command other
11120	 * than request sense.
11121	 */
11122	if ((ctsio->cdb[0] != REQUEST_SENSE)
11123	 && (ctl_is_set(lun->have_ca, initidx)))
11124		ctl_clear_mask(lun->have_ca, initidx);
11125#endif
11126
11127	/*
11128	 * If the command has this flag set, it handles its own unit
11129	 * attention reporting, we shouldn't do anything.  Otherwise we
11130	 * check for any pending unit attentions, and send them back to the
11131	 * initiator.  We only do this when a command initially comes in,
11132	 * not when we pull it off the blocked queue.
11133	 *
11134	 * According to SAM-3, section 5.3.2, the order that things get
11135	 * presented back to the host is basically unit attentions caused
11136	 * by some sort of reset event, busy status, reservation conflicts
11137	 * or task set full, and finally any other status.
11138	 *
11139	 * One issue here is that some of the unit attentions we report
11140	 * don't fall into the "reset" category (e.g. "reported luns data
11141	 * has changed").  So reporting it here, before the reservation
11142	 * check, may be technically wrong.  I guess the only thing to do
11143	 * would be to check for and report the reset events here, and then
11144	 * check for the other unit attention types after we check for a
11145	 * reservation conflict.
11146	 *
11147	 * XXX KDM need to fix this
11148	 */
11149	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11150		ctl_ua_type ua_type;
11151
11152		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11153		    SSD_TYPE_NONE);
11154		if (ua_type != CTL_UA_NONE) {
11155			mtx_unlock(&lun->lun_lock);
11156			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11157			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11158			ctsio->sense_len = SSD_FULL_SIZE;
11159			ctl_done((union ctl_io *)ctsio);
11160			return (retval);
11161		}
11162	}
11163
11164
11165	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11166		mtx_unlock(&lun->lun_lock);
11167		ctl_done((union ctl_io *)ctsio);
11168		return (retval);
11169	}
11170
11171	/*
11172	 * XXX CHD this is where we want to send IO to other side if
11173	 * this LUN is secondary on this SC. We will need to make a copy
11174	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11175	 * the copy we send as FROM_OTHER.
11176	 * We also need to stuff the address of the original IO so we can
11177	 * find it easily. Something similar will need be done on the other
11178	 * side so when we are done we can find the copy.
11179	 */
11180	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11181	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11182	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11183		union ctl_ha_msg msg_info;
11184		int isc_retval;
11185
11186		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11187		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11188		mtx_unlock(&lun->lun_lock);
11189
11190		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11191		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11192		msg_info.hdr.serializing_sc = NULL;
11193		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11194		msg_info.scsi.tag_num = ctsio->tag_num;
11195		msg_info.scsi.tag_type = ctsio->tag_type;
11196		msg_info.scsi.cdb_len = ctsio->cdb_len;
11197		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11198
11199		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11200		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11201		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11202			ctl_set_busy(ctsio);
11203			ctl_done((union ctl_io *)ctsio);
11204			return (retval);
11205		}
11206		return (retval);
11207	}
11208
11209	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11210			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11211			      ctl_ooaq, ooa_links))) {
11212	case CTL_ACTION_BLOCK:
11213		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11214		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11215				  blocked_links);
11216		mtx_unlock(&lun->lun_lock);
11217		return (retval);
11218	case CTL_ACTION_PASS:
11219	case CTL_ACTION_SKIP:
11220		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11221		mtx_unlock(&lun->lun_lock);
11222		ctl_enqueue_rtr((union ctl_io *)ctsio);
11223		break;
11224	case CTL_ACTION_OVERLAP:
11225		mtx_unlock(&lun->lun_lock);
11226		ctl_set_overlapped_cmd(ctsio);
11227		ctl_done((union ctl_io *)ctsio);
11228		break;
11229	case CTL_ACTION_OVERLAP_TAG:
11230		mtx_unlock(&lun->lun_lock);
11231		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11232		ctl_done((union ctl_io *)ctsio);
11233		break;
11234	case CTL_ACTION_ERROR:
11235	default:
11236		mtx_unlock(&lun->lun_lock);
11237		ctl_set_internal_failure(ctsio,
11238					 /*sks_valid*/ 0,
11239					 /*retry_count*/ 0);
11240		ctl_done((union ctl_io *)ctsio);
11241		break;
11242	}
11243	return (retval);
11244}
11245
11246const struct ctl_cmd_entry *
11247ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11248{
11249	const struct ctl_cmd_entry *entry;
11250	int service_action;
11251
11252	entry = &ctl_cmd_table[ctsio->cdb[0]];
11253	if (sa)
11254		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11255	if (entry->flags & CTL_CMD_FLAG_SA5) {
11256		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11257		entry = &((const struct ctl_cmd_entry *)
11258		    entry->execute)[service_action];
11259	}
11260	return (entry);
11261}
11262
11263const struct ctl_cmd_entry *
11264ctl_validate_command(struct ctl_scsiio *ctsio)
11265{
11266	const struct ctl_cmd_entry *entry;
11267	int i, sa;
11268	uint8_t diff;
11269
11270	entry = ctl_get_cmd_entry(ctsio, &sa);
11271	if (entry->execute == NULL) {
11272		if (sa)
11273			ctl_set_invalid_field(ctsio,
11274					      /*sks_valid*/ 1,
11275					      /*command*/ 1,
11276					      /*field*/ 1,
11277					      /*bit_valid*/ 1,
11278					      /*bit*/ 4);
11279		else
11280			ctl_set_invalid_opcode(ctsio);
11281		ctl_done((union ctl_io *)ctsio);
11282		return (NULL);
11283	}
11284	KASSERT(entry->length > 0,
11285	    ("Not defined length for command 0x%02x/0x%02x",
11286	     ctsio->cdb[0], ctsio->cdb[1]));
11287	for (i = 1; i < entry->length; i++) {
11288		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11289		if (diff == 0)
11290			continue;
11291		ctl_set_invalid_field(ctsio,
11292				      /*sks_valid*/ 1,
11293				      /*command*/ 1,
11294				      /*field*/ i,
11295				      /*bit_valid*/ 1,
11296				      /*bit*/ fls(diff) - 1);
11297		ctl_done((union ctl_io *)ctsio);
11298		return (NULL);
11299	}
11300	return (entry);
11301}
11302
11303static int
11304ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11305{
11306
11307	switch (lun_type) {
11308	case T_PROCESSOR:
11309		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11310			return (0);
11311		break;
11312	case T_DIRECT:
11313		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11314			return (0);
11315		break;
11316	default:
11317		return (0);
11318	}
11319	return (1);
11320}
11321
11322static int
11323ctl_scsiio(struct ctl_scsiio *ctsio)
11324{
11325	int retval;
11326	const struct ctl_cmd_entry *entry;
11327
11328	retval = CTL_RETVAL_COMPLETE;
11329
11330	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11331
11332	entry = ctl_get_cmd_entry(ctsio, NULL);
11333
11334	/*
11335	 * If this I/O has been aborted, just send it straight to
11336	 * ctl_done() without executing it.
11337	 */
11338	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11339		ctl_done((union ctl_io *)ctsio);
11340		goto bailout;
11341	}
11342
11343	/*
11344	 * All the checks should have been handled by ctl_scsiio_precheck().
11345	 * We should be clear now to just execute the I/O.
11346	 */
11347	retval = entry->execute(ctsio);
11348
11349bailout:
11350	return (retval);
11351}
11352
11353/*
11354 * Since we only implement one target right now, a bus reset simply resets
11355 * our single target.
11356 */
11357static int
11358ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11359{
11360	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11361}
11362
11363static int
11364ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11365		 ctl_ua_type ua_type)
11366{
11367	struct ctl_port *port;
11368	struct ctl_lun *lun;
11369	int retval;
11370
11371	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11372		union ctl_ha_msg msg_info;
11373
11374		msg_info.hdr.nexus = io->io_hdr.nexus;
11375		if (ua_type==CTL_UA_TARG_RESET)
11376			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11377		else
11378			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11379		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11380		msg_info.hdr.original_sc = NULL;
11381		msg_info.hdr.serializing_sc = NULL;
11382		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11383		    sizeof(msg_info.task), M_WAITOK);
11384	}
11385	retval = 0;
11386
11387	mtx_lock(&softc->ctl_lock);
11388	port = ctl_io_port(&io->io_hdr);
11389	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11390		if (port != NULL &&
11391		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11392			continue;
11393		retval += ctl_do_lun_reset(lun, io, ua_type);
11394	}
11395	mtx_unlock(&softc->ctl_lock);
11396	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11397	return (retval);
11398}
11399
11400/*
11401 * The LUN should always be set.  The I/O is optional, and is used to
11402 * distinguish between I/Os sent by this initiator, and by other
11403 * initiators.  We set unit attention for initiators other than this one.
11404 * SAM-3 is vague on this point.  It does say that a unit attention should
11405 * be established for other initiators when a LUN is reset (see section
11406 * 5.7.3), but it doesn't specifically say that the unit attention should
11407 * be established for this particular initiator when a LUN is reset.  Here
11408 * is the relevant text, from SAM-3 rev 8:
11409 *
11410 * 5.7.2 When a SCSI initiator port aborts its own tasks
11411 *
11412 * When a SCSI initiator port causes its own task(s) to be aborted, no
11413 * notification that the task(s) have been aborted shall be returned to
11414 * the SCSI initiator port other than the completion response for the
11415 * command or task management function action that caused the task(s) to
11416 * be aborted and notification(s) associated with related effects of the
11417 * action (e.g., a reset unit attention condition).
11418 *
11419 * XXX KDM for now, we're setting unit attention for all initiators.
11420 */
11421static int
11422ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11423{
11424	union ctl_io *xio;
11425#if 0
11426	uint32_t initidx;
11427#endif
11428#ifdef CTL_WITH_CA
11429	int i;
11430#endif
11431
11432	mtx_lock(&lun->lun_lock);
11433	/*
11434	 * Run through the OOA queue and abort each I/O.
11435	 */
11436	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11437	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11438		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11439	}
11440
11441	/*
11442	 * This version sets unit attention for every
11443	 */
11444#if 0
11445	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11446	ctl_est_ua_all(lun, initidx, ua_type);
11447#else
11448	ctl_est_ua_all(lun, -1, ua_type);
11449#endif
11450
11451	/*
11452	 * A reset (any kind, really) clears reservations established with
11453	 * RESERVE/RELEASE.  It does not clear reservations established
11454	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11455	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11456	 * reservations made with the RESERVE/RELEASE commands, because
11457	 * those commands are obsolete in SPC-3.
11458	 */
11459	lun->flags &= ~CTL_LUN_RESERVED;
11460
11461#ifdef CTL_WITH_CA
11462	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11463		ctl_clear_mask(lun->have_ca, i);
11464#endif
11465	mtx_unlock(&lun->lun_lock);
11466
11467	return (0);
11468}
11469
11470static int
11471ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11472{
11473	struct ctl_lun *lun;
11474	uint32_t targ_lun;
11475	int retval;
11476
11477	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11478	mtx_lock(&softc->ctl_lock);
11479	if ((targ_lun >= CTL_MAX_LUNS) ||
11480	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11481		mtx_unlock(&softc->ctl_lock);
11482		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11483		return (1);
11484	}
11485	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11486	mtx_unlock(&softc->ctl_lock);
11487	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11488
11489	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11490		union ctl_ha_msg msg_info;
11491
11492		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11493		msg_info.hdr.nexus = io->io_hdr.nexus;
11494		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11495		msg_info.hdr.original_sc = NULL;
11496		msg_info.hdr.serializing_sc = NULL;
11497		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11498		    sizeof(msg_info.task), M_WAITOK);
11499	}
11500	return (retval);
11501}
11502
11503static void
11504ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11505    int other_sc)
11506{
11507	union ctl_io *xio;
11508
11509	mtx_assert(&lun->lun_lock, MA_OWNED);
11510
11511	/*
11512	 * Run through the OOA queue and attempt to find the given I/O.
11513	 * The target port, initiator ID, tag type and tag number have to
11514	 * match the values that we got from the initiator.  If we have an
11515	 * untagged command to abort, simply abort the first untagged command
11516	 * we come to.  We only allow one untagged command at a time of course.
11517	 */
11518	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11519	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11520
11521		if ((targ_port == UINT32_MAX ||
11522		     targ_port == xio->io_hdr.nexus.targ_port) &&
11523		    (init_id == UINT32_MAX ||
11524		     init_id == xio->io_hdr.nexus.initid)) {
11525			if (targ_port != xio->io_hdr.nexus.targ_port ||
11526			    init_id != xio->io_hdr.nexus.initid)
11527				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11528			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11529			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11530				union ctl_ha_msg msg_info;
11531
11532				msg_info.hdr.nexus = xio->io_hdr.nexus;
11533				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11534				msg_info.task.tag_num = xio->scsiio.tag_num;
11535				msg_info.task.tag_type = xio->scsiio.tag_type;
11536				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11537				msg_info.hdr.original_sc = NULL;
11538				msg_info.hdr.serializing_sc = NULL;
11539				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11540				    sizeof(msg_info.task), M_NOWAIT);
11541			}
11542		}
11543	}
11544}
11545
11546static int
11547ctl_abort_task_set(union ctl_io *io)
11548{
11549	struct ctl_softc *softc = control_softc;
11550	struct ctl_lun *lun;
11551	uint32_t targ_lun;
11552
11553	/*
11554	 * Look up the LUN.
11555	 */
11556	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11557	mtx_lock(&softc->ctl_lock);
11558	if ((targ_lun >= CTL_MAX_LUNS) ||
11559	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11560		mtx_unlock(&softc->ctl_lock);
11561		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11562		return (1);
11563	}
11564
11565	mtx_lock(&lun->lun_lock);
11566	mtx_unlock(&softc->ctl_lock);
11567	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11568		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11569		    io->io_hdr.nexus.initid,
11570		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11571	} else { /* CTL_TASK_CLEAR_TASK_SET */
11572		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11573		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11574	}
11575	mtx_unlock(&lun->lun_lock);
11576	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11577	return (0);
11578}
11579
11580static int
11581ctl_i_t_nexus_reset(union ctl_io *io)
11582{
11583	struct ctl_softc *softc = control_softc;
11584	struct ctl_lun *lun;
11585	uint32_t initidx;
11586
11587	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11588		union ctl_ha_msg msg_info;
11589
11590		msg_info.hdr.nexus = io->io_hdr.nexus;
11591		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11592		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11593		msg_info.hdr.original_sc = NULL;
11594		msg_info.hdr.serializing_sc = NULL;
11595		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11596		    sizeof(msg_info.task), M_WAITOK);
11597	}
11598
11599	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11600	mtx_lock(&softc->ctl_lock);
11601	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11602		mtx_lock(&lun->lun_lock);
11603		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11604		    io->io_hdr.nexus.initid, 1);
11605#ifdef CTL_WITH_CA
11606		ctl_clear_mask(lun->have_ca, initidx);
11607#endif
11608		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11609			lun->flags &= ~CTL_LUN_RESERVED;
11610		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11611		mtx_unlock(&lun->lun_lock);
11612	}
11613	mtx_unlock(&softc->ctl_lock);
11614	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11615	return (0);
11616}
11617
11618static int
11619ctl_abort_task(union ctl_io *io)
11620{
11621	union ctl_io *xio;
11622	struct ctl_lun *lun;
11623	struct ctl_softc *softc;
11624#if 0
11625	struct sbuf sb;
11626	char printbuf[128];
11627#endif
11628	int found;
11629	uint32_t targ_lun;
11630
11631	softc = control_softc;
11632	found = 0;
11633
11634	/*
11635	 * Look up the LUN.
11636	 */
11637	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11638	mtx_lock(&softc->ctl_lock);
11639	if ((targ_lun >= CTL_MAX_LUNS) ||
11640	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11641		mtx_unlock(&softc->ctl_lock);
11642		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11643		return (1);
11644	}
11645
11646#if 0
11647	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11648	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11649#endif
11650
11651	mtx_lock(&lun->lun_lock);
11652	mtx_unlock(&softc->ctl_lock);
11653	/*
11654	 * Run through the OOA queue and attempt to find the given I/O.
11655	 * The target port, initiator ID, tag type and tag number have to
11656	 * match the values that we got from the initiator.  If we have an
11657	 * untagged command to abort, simply abort the first untagged command
11658	 * we come to.  We only allow one untagged command at a time of course.
11659	 */
11660	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11661	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11662#if 0
11663		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11664
11665		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11666			    lun->lun, xio->scsiio.tag_num,
11667			    xio->scsiio.tag_type,
11668			    (xio->io_hdr.blocked_links.tqe_prev
11669			    == NULL) ? "" : " BLOCKED",
11670			    (xio->io_hdr.flags &
11671			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11672			    (xio->io_hdr.flags &
11673			    CTL_FLAG_ABORT) ? " ABORT" : "",
11674			    (xio->io_hdr.flags &
11675			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11676		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11677		sbuf_finish(&sb);
11678		printf("%s\n", sbuf_data(&sb));
11679#endif
11680
11681		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11682		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11683		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11684			continue;
11685
11686		/*
11687		 * If the abort says that the task is untagged, the
11688		 * task in the queue must be untagged.  Otherwise,
11689		 * we just check to see whether the tag numbers
11690		 * match.  This is because the QLogic firmware
11691		 * doesn't pass back the tag type in an abort
11692		 * request.
11693		 */
11694#if 0
11695		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11696		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11697		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11698#endif
11699		/*
11700		 * XXX KDM we've got problems with FC, because it
11701		 * doesn't send down a tag type with aborts.  So we
11702		 * can only really go by the tag number...
11703		 * This may cause problems with parallel SCSI.
11704		 * Need to figure that out!!
11705		 */
11706		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11707			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11708			found = 1;
11709			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11710			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11711				union ctl_ha_msg msg_info;
11712
11713				msg_info.hdr.nexus = io->io_hdr.nexus;
11714				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11715				msg_info.task.tag_num = io->taskio.tag_num;
11716				msg_info.task.tag_type = io->taskio.tag_type;
11717				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11718				msg_info.hdr.original_sc = NULL;
11719				msg_info.hdr.serializing_sc = NULL;
11720#if 0
11721				printf("Sent Abort to other side\n");
11722#endif
11723				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11724				    sizeof(msg_info.task), M_NOWAIT);
11725			}
11726#if 0
11727			printf("ctl_abort_task: found I/O to abort\n");
11728#endif
11729		}
11730	}
11731	mtx_unlock(&lun->lun_lock);
11732
11733	if (found == 0) {
11734		/*
11735		 * This isn't really an error.  It's entirely possible for
11736		 * the abort and command completion to cross on the wire.
11737		 * This is more of an informative/diagnostic error.
11738		 */
11739#if 0
11740		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11741		       "%u:%u:%u tag %d type %d\n",
11742		       io->io_hdr.nexus.initid,
11743		       io->io_hdr.nexus.targ_port,
11744		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11745		       io->taskio.tag_type);
11746#endif
11747	}
11748	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11749	return (0);
11750}
11751
11752static int
11753ctl_query_task(union ctl_io *io, int task_set)
11754{
11755	union ctl_io *xio;
11756	struct ctl_lun *lun;
11757	struct ctl_softc *softc;
11758	int found = 0;
11759	uint32_t targ_lun;
11760
11761	softc = control_softc;
11762	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11763	mtx_lock(&softc->ctl_lock);
11764	if ((targ_lun >= CTL_MAX_LUNS) ||
11765	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11766		mtx_unlock(&softc->ctl_lock);
11767		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11768		return (1);
11769	}
11770	mtx_lock(&lun->lun_lock);
11771	mtx_unlock(&softc->ctl_lock);
11772	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11773	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11774
11775		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11776		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11777		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11778			continue;
11779
11780		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11781			found = 1;
11782			break;
11783		}
11784	}
11785	mtx_unlock(&lun->lun_lock);
11786	if (found)
11787		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11788	else
11789		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11790	return (0);
11791}
11792
11793static int
11794ctl_query_async_event(union ctl_io *io)
11795{
11796	struct ctl_lun *lun;
11797	struct ctl_softc *softc;
11798	ctl_ua_type ua;
11799	uint32_t targ_lun, initidx;
11800
11801	softc = control_softc;
11802	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11803	mtx_lock(&softc->ctl_lock);
11804	if ((targ_lun >= CTL_MAX_LUNS) ||
11805	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11806		mtx_unlock(&softc->ctl_lock);
11807		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11808		return (1);
11809	}
11810	mtx_lock(&lun->lun_lock);
11811	mtx_unlock(&softc->ctl_lock);
11812	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11813	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11814	mtx_unlock(&lun->lun_lock);
11815	if (ua != CTL_UA_NONE)
11816		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11817	else
11818		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11819	return (0);
11820}
11821
11822static void
11823ctl_run_task(union ctl_io *io)
11824{
11825	struct ctl_softc *softc = control_softc;
11826	int retval = 1;
11827
11828	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11829	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11830	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11831	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11832	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11833	switch (io->taskio.task_action) {
11834	case CTL_TASK_ABORT_TASK:
11835		retval = ctl_abort_task(io);
11836		break;
11837	case CTL_TASK_ABORT_TASK_SET:
11838	case CTL_TASK_CLEAR_TASK_SET:
11839		retval = ctl_abort_task_set(io);
11840		break;
11841	case CTL_TASK_CLEAR_ACA:
11842		break;
11843	case CTL_TASK_I_T_NEXUS_RESET:
11844		retval = ctl_i_t_nexus_reset(io);
11845		break;
11846	case CTL_TASK_LUN_RESET:
11847		retval = ctl_lun_reset(softc, io);
11848		break;
11849	case CTL_TASK_TARGET_RESET:
11850		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11851		break;
11852	case CTL_TASK_BUS_RESET:
11853		retval = ctl_bus_reset(softc, io);
11854		break;
11855	case CTL_TASK_PORT_LOGIN:
11856		break;
11857	case CTL_TASK_PORT_LOGOUT:
11858		break;
11859	case CTL_TASK_QUERY_TASK:
11860		retval = ctl_query_task(io, 0);
11861		break;
11862	case CTL_TASK_QUERY_TASK_SET:
11863		retval = ctl_query_task(io, 1);
11864		break;
11865	case CTL_TASK_QUERY_ASYNC_EVENT:
11866		retval = ctl_query_async_event(io);
11867		break;
11868	default:
11869		printf("%s: got unknown task management event %d\n",
11870		       __func__, io->taskio.task_action);
11871		break;
11872	}
11873	if (retval == 0)
11874		io->io_hdr.status = CTL_SUCCESS;
11875	else
11876		io->io_hdr.status = CTL_ERROR;
11877	ctl_done(io);
11878}
11879
11880/*
11881 * For HA operation.  Handle commands that come in from the other
11882 * controller.
11883 */
11884static void
11885ctl_handle_isc(union ctl_io *io)
11886{
11887	int free_io;
11888	struct ctl_lun *lun;
11889	struct ctl_softc *softc = control_softc;
11890	uint32_t targ_lun;
11891
11892	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11893	lun = softc->ctl_luns[targ_lun];
11894
11895	switch (io->io_hdr.msg_type) {
11896	case CTL_MSG_SERIALIZE:
11897		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11898		break;
11899	case CTL_MSG_R2R: {
11900		const struct ctl_cmd_entry *entry;
11901
11902		/*
11903		 * This is only used in SER_ONLY mode.
11904		 */
11905		free_io = 0;
11906		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11907		mtx_lock(&lun->lun_lock);
11908		if (ctl_scsiio_lun_check(lun,
11909		    entry, (struct ctl_scsiio *)io) != 0) {
11910			mtx_unlock(&lun->lun_lock);
11911			ctl_done(io);
11912			break;
11913		}
11914		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11915		mtx_unlock(&lun->lun_lock);
11916		ctl_enqueue_rtr(io);
11917		break;
11918	}
11919	case CTL_MSG_FINISH_IO:
11920		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11921			free_io = 0;
11922			ctl_done(io);
11923		} else {
11924			free_io = 1;
11925			mtx_lock(&lun->lun_lock);
11926			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11927				     ooa_links);
11928			ctl_check_blocked(lun);
11929			mtx_unlock(&lun->lun_lock);
11930		}
11931		break;
11932	case CTL_MSG_PERS_ACTION:
11933		ctl_hndl_per_res_out_on_other_sc(
11934			(union ctl_ha_msg *)&io->presio.pr_msg);
11935		free_io = 1;
11936		break;
11937	case CTL_MSG_BAD_JUJU:
11938		free_io = 0;
11939		ctl_done(io);
11940		break;
11941	case CTL_MSG_DATAMOVE:
11942		/* Only used in XFER mode */
11943		free_io = 0;
11944		ctl_datamove_remote(io);
11945		break;
11946	case CTL_MSG_DATAMOVE_DONE:
11947		/* Only used in XFER mode */
11948		free_io = 0;
11949		io->scsiio.be_move_done(io);
11950		break;
11951	case CTL_MSG_FAILOVER:
11952		ctl_failover_lun(io);
11953		free_io = 1;
11954		break;
11955	default:
11956		free_io = 1;
11957		printf("%s: Invalid message type %d\n",
11958		       __func__, io->io_hdr.msg_type);
11959		break;
11960	}
11961	if (free_io)
11962		ctl_free_io(io);
11963
11964}
11965
11966
11967/*
11968 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11969 * there is no match.
11970 */
11971static ctl_lun_error_pattern
11972ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11973{
11974	const struct ctl_cmd_entry *entry;
11975	ctl_lun_error_pattern filtered_pattern, pattern;
11976
11977	pattern = desc->error_pattern;
11978
11979	/*
11980	 * XXX KDM we need more data passed into this function to match a
11981	 * custom pattern, and we actually need to implement custom pattern
11982	 * matching.
11983	 */
11984	if (pattern & CTL_LUN_PAT_CMD)
11985		return (CTL_LUN_PAT_CMD);
11986
11987	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11988		return (CTL_LUN_PAT_ANY);
11989
11990	entry = ctl_get_cmd_entry(ctsio, NULL);
11991
11992	filtered_pattern = entry->pattern & pattern;
11993
11994	/*
11995	 * If the user requested specific flags in the pattern (e.g.
11996	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11997	 * flags.
11998	 *
11999	 * If the user did not specify any flags, it doesn't matter whether
12000	 * or not the command supports the flags.
12001	 */
12002	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12003	     (pattern & ~CTL_LUN_PAT_MASK))
12004		return (CTL_LUN_PAT_NONE);
12005
12006	/*
12007	 * If the user asked for a range check, see if the requested LBA
12008	 * range overlaps with this command's LBA range.
12009	 */
12010	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12011		uint64_t lba1;
12012		uint64_t len1;
12013		ctl_action action;
12014		int retval;
12015
12016		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12017		if (retval != 0)
12018			return (CTL_LUN_PAT_NONE);
12019
12020		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12021					      desc->lba_range.len, FALSE);
12022		/*
12023		 * A "pass" means that the LBA ranges don't overlap, so
12024		 * this doesn't match the user's range criteria.
12025		 */
12026		if (action == CTL_ACTION_PASS)
12027			return (CTL_LUN_PAT_NONE);
12028	}
12029
12030	return (filtered_pattern);
12031}
12032
12033static void
12034ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12035{
12036	struct ctl_error_desc *desc, *desc2;
12037
12038	mtx_assert(&lun->lun_lock, MA_OWNED);
12039
12040	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12041		ctl_lun_error_pattern pattern;
12042		/*
12043		 * Check to see whether this particular command matches
12044		 * the pattern in the descriptor.
12045		 */
12046		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12047		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12048			continue;
12049
12050		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12051		case CTL_LUN_INJ_ABORTED:
12052			ctl_set_aborted(&io->scsiio);
12053			break;
12054		case CTL_LUN_INJ_MEDIUM_ERR:
12055			ctl_set_medium_error(&io->scsiio,
12056			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12057			     CTL_FLAG_DATA_OUT);
12058			break;
12059		case CTL_LUN_INJ_UA:
12060			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12061			 * OCCURRED */
12062			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12063			break;
12064		case CTL_LUN_INJ_CUSTOM:
12065			/*
12066			 * We're assuming the user knows what he is doing.
12067			 * Just copy the sense information without doing
12068			 * checks.
12069			 */
12070			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12071			      MIN(sizeof(desc->custom_sense),
12072				  sizeof(io->scsiio.sense_data)));
12073			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12074			io->scsiio.sense_len = SSD_FULL_SIZE;
12075			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12076			break;
12077		case CTL_LUN_INJ_NONE:
12078		default:
12079			/*
12080			 * If this is an error injection type we don't know
12081			 * about, clear the continuous flag (if it is set)
12082			 * so it will get deleted below.
12083			 */
12084			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12085			break;
12086		}
12087		/*
12088		 * By default, each error injection action is a one-shot
12089		 */
12090		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12091			continue;
12092
12093		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12094
12095		free(desc, M_CTL);
12096	}
12097}
12098
12099#ifdef CTL_IO_DELAY
12100static void
12101ctl_datamove_timer_wakeup(void *arg)
12102{
12103	union ctl_io *io;
12104
12105	io = (union ctl_io *)arg;
12106
12107	ctl_datamove(io);
12108}
12109#endif /* CTL_IO_DELAY */
12110
12111void
12112ctl_datamove(union ctl_io *io)
12113{
12114	struct ctl_lun *lun;
12115	void (*fe_datamove)(union ctl_io *io);
12116
12117	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12118
12119	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12120
12121	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12122#ifdef CTL_TIME_IO
12123	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12124		char str[256];
12125		char path_str[64];
12126		struct sbuf sb;
12127
12128		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12129		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12130
12131		sbuf_cat(&sb, path_str);
12132		switch (io->io_hdr.io_type) {
12133		case CTL_IO_SCSI:
12134			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12135			sbuf_printf(&sb, "\n");
12136			sbuf_cat(&sb, path_str);
12137			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12138				    io->scsiio.tag_num, io->scsiio.tag_type);
12139			break;
12140		case CTL_IO_TASK:
12141			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12142				    "Tag Type: %d\n", io->taskio.task_action,
12143				    io->taskio.tag_num, io->taskio.tag_type);
12144			break;
12145		default:
12146			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12147			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12148			break;
12149		}
12150		sbuf_cat(&sb, path_str);
12151		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12152			    (intmax_t)time_uptime - io->io_hdr.start_time);
12153		sbuf_finish(&sb);
12154		printf("%s", sbuf_data(&sb));
12155	}
12156#endif /* CTL_TIME_IO */
12157
12158#ifdef CTL_IO_DELAY
12159	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12160		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12161	} else {
12162		if ((lun != NULL)
12163		 && (lun->delay_info.datamove_delay > 0)) {
12164
12165			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12166			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12167			callout_reset(&io->io_hdr.delay_callout,
12168				      lun->delay_info.datamove_delay * hz,
12169				      ctl_datamove_timer_wakeup, io);
12170			if (lun->delay_info.datamove_type ==
12171			    CTL_DELAY_TYPE_ONESHOT)
12172				lun->delay_info.datamove_delay = 0;
12173			return;
12174		}
12175	}
12176#endif
12177
12178	/*
12179	 * This command has been aborted.  Set the port status, so we fail
12180	 * the data move.
12181	 */
12182	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12183		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12184		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12185		       io->io_hdr.nexus.targ_port,
12186		       io->io_hdr.nexus.targ_lun);
12187		io->io_hdr.port_status = 31337;
12188		/*
12189		 * Note that the backend, in this case, will get the
12190		 * callback in its context.  In other cases it may get
12191		 * called in the frontend's interrupt thread context.
12192		 */
12193		io->scsiio.be_move_done(io);
12194		return;
12195	}
12196
12197	/* Don't confuse frontend with zero length data move. */
12198	if (io->scsiio.kern_data_len == 0) {
12199		io->scsiio.be_move_done(io);
12200		return;
12201	}
12202
12203	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12204	fe_datamove(io);
12205}
12206
12207static void
12208ctl_send_datamove_done(union ctl_io *io, int have_lock)
12209{
12210	union ctl_ha_msg msg;
12211#ifdef CTL_TIME_IO
12212	struct bintime cur_bt;
12213#endif
12214
12215	memset(&msg, 0, sizeof(msg));
12216	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12217	msg.hdr.original_sc = io;
12218	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12219	msg.hdr.nexus = io->io_hdr.nexus;
12220	msg.hdr.status = io->io_hdr.status;
12221	msg.scsi.tag_num = io->scsiio.tag_num;
12222	msg.scsi.tag_type = io->scsiio.tag_type;
12223	msg.scsi.scsi_status = io->scsiio.scsi_status;
12224	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12225	       io->scsiio.sense_len);
12226	msg.scsi.sense_len = io->scsiio.sense_len;
12227	msg.scsi.sense_residual = io->scsiio.sense_residual;
12228	msg.scsi.fetd_status = io->io_hdr.port_status;
12229	msg.scsi.residual = io->scsiio.residual;
12230	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12231	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12232		ctl_failover_io(io, /*have_lock*/ have_lock);
12233		return;
12234	}
12235	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12236	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12237	    msg.scsi.sense_len, M_WAITOK);
12238
12239#ifdef CTL_TIME_IO
12240	getbinuptime(&cur_bt);
12241	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12242	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12243#endif
12244	io->io_hdr.num_dmas++;
12245}
12246
12247/*
12248 * The DMA to the remote side is done, now we need to tell the other side
12249 * we're done so it can continue with its data movement.
12250 */
12251static void
12252ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12253{
12254	union ctl_io *io;
12255	int i;
12256
12257	io = rq->context;
12258
12259	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12260		printf("%s: ISC DMA write failed with error %d", __func__,
12261		       rq->ret);
12262		ctl_set_internal_failure(&io->scsiio,
12263					 /*sks_valid*/ 1,
12264					 /*retry_count*/ rq->ret);
12265	}
12266
12267	ctl_dt_req_free(rq);
12268
12269	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12270		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12271	free(io->io_hdr.remote_sglist, M_CTL);
12272	io->io_hdr.remote_sglist = NULL;
12273	io->io_hdr.local_sglist = NULL;
12274
12275	/*
12276	 * The data is in local and remote memory, so now we need to send
12277	 * status (good or back) back to the other side.
12278	 */
12279	ctl_send_datamove_done(io, /*have_lock*/ 0);
12280}
12281
12282/*
12283 * We've moved the data from the host/controller into local memory.  Now we
12284 * need to push it over to the remote controller's memory.
12285 */
12286static int
12287ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12288{
12289	int retval;
12290
12291	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12292					  ctl_datamove_remote_write_cb);
12293	return (retval);
12294}
12295
12296static void
12297ctl_datamove_remote_write(union ctl_io *io)
12298{
12299	int retval;
12300	void (*fe_datamove)(union ctl_io *io);
12301
12302	/*
12303	 * - Get the data from the host/HBA into local memory.
12304	 * - DMA memory from the local controller to the remote controller.
12305	 * - Send status back to the remote controller.
12306	 */
12307
12308	retval = ctl_datamove_remote_sgl_setup(io);
12309	if (retval != 0)
12310		return;
12311
12312	/* Switch the pointer over so the FETD knows what to do */
12313	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12314
12315	/*
12316	 * Use a custom move done callback, since we need to send completion
12317	 * back to the other controller, not to the backend on this side.
12318	 */
12319	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12320
12321	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12322	fe_datamove(io);
12323}
12324
12325static int
12326ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12327{
12328#if 0
12329	char str[256];
12330	char path_str[64];
12331	struct sbuf sb;
12332#endif
12333	int i;
12334
12335	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12336		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12337	free(io->io_hdr.remote_sglist, M_CTL);
12338	io->io_hdr.remote_sglist = NULL;
12339	io->io_hdr.local_sglist = NULL;
12340
12341#if 0
12342	scsi_path_string(io, path_str, sizeof(path_str));
12343	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12344	sbuf_cat(&sb, path_str);
12345	scsi_command_string(&io->scsiio, NULL, &sb);
12346	sbuf_printf(&sb, "\n");
12347	sbuf_cat(&sb, path_str);
12348	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12349		    io->scsiio.tag_num, io->scsiio.tag_type);
12350	sbuf_cat(&sb, path_str);
12351	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12352		    io->io_hdr.flags, io->io_hdr.status);
12353	sbuf_finish(&sb);
12354	printk("%s", sbuf_data(&sb));
12355#endif
12356
12357
12358	/*
12359	 * The read is done, now we need to send status (good or bad) back
12360	 * to the other side.
12361	 */
12362	ctl_send_datamove_done(io, /*have_lock*/ 0);
12363
12364	return (0);
12365}
12366
12367static void
12368ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12369{
12370	union ctl_io *io;
12371	void (*fe_datamove)(union ctl_io *io);
12372
12373	io = rq->context;
12374
12375	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12376		printf("%s: ISC DMA read failed with error %d\n", __func__,
12377		       rq->ret);
12378		ctl_set_internal_failure(&io->scsiio,
12379					 /*sks_valid*/ 1,
12380					 /*retry_count*/ rq->ret);
12381	}
12382
12383	ctl_dt_req_free(rq);
12384
12385	/* Switch the pointer over so the FETD knows what to do */
12386	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12387
12388	/*
12389	 * Use a custom move done callback, since we need to send completion
12390	 * back to the other controller, not to the backend on this side.
12391	 */
12392	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12393
12394	/* XXX KDM add checks like the ones in ctl_datamove? */
12395
12396	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12397	fe_datamove(io);
12398}
12399
12400static int
12401ctl_datamove_remote_sgl_setup(union ctl_io *io)
12402{
12403	struct ctl_sg_entry *local_sglist;
12404	uint32_t len_to_go;
12405	int retval;
12406	int i;
12407
12408	retval = 0;
12409	local_sglist = io->io_hdr.local_sglist;
12410	len_to_go = io->scsiio.kern_data_len;
12411
12412	/*
12413	 * The difficult thing here is that the size of the various
12414	 * S/G segments may be different than the size from the
12415	 * remote controller.  That'll make it harder when DMAing
12416	 * the data back to the other side.
12417	 */
12418	for (i = 0; len_to_go > 0; i++) {
12419		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12420		local_sglist[i].addr =
12421		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12422
12423		len_to_go -= local_sglist[i].len;
12424	}
12425	/*
12426	 * Reset the number of S/G entries accordingly.  The original
12427	 * number of S/G entries is available in rem_sg_entries.
12428	 */
12429	io->scsiio.kern_sg_entries = i;
12430
12431#if 0
12432	printf("%s: kern_sg_entries = %d\n", __func__,
12433	       io->scsiio.kern_sg_entries);
12434	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12435		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12436		       local_sglist[i].addr, local_sglist[i].len);
12437#endif
12438
12439	return (retval);
12440}
12441
12442static int
12443ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12444			 ctl_ha_dt_cb callback)
12445{
12446	struct ctl_ha_dt_req *rq;
12447	struct ctl_sg_entry *remote_sglist, *local_sglist;
12448	uint32_t local_used, remote_used, total_used;
12449	int i, j, isc_ret;
12450
12451	rq = ctl_dt_req_alloc();
12452
12453	/*
12454	 * If we failed to allocate the request, and if the DMA didn't fail
12455	 * anyway, set busy status.  This is just a resource allocation
12456	 * failure.
12457	 */
12458	if ((rq == NULL)
12459	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12460	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12461		ctl_set_busy(&io->scsiio);
12462
12463	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12464	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12465
12466		if (rq != NULL)
12467			ctl_dt_req_free(rq);
12468
12469		/*
12470		 * The data move failed.  We need to return status back
12471		 * to the other controller.  No point in trying to DMA
12472		 * data to the remote controller.
12473		 */
12474
12475		ctl_send_datamove_done(io, /*have_lock*/ 0);
12476
12477		return (1);
12478	}
12479
12480	local_sglist = io->io_hdr.local_sglist;
12481	remote_sglist = io->io_hdr.remote_sglist;
12482	local_used = 0;
12483	remote_used = 0;
12484	total_used = 0;
12485
12486	/*
12487	 * Pull/push the data over the wire from/to the other controller.
12488	 * This takes into account the possibility that the local and
12489	 * remote sglists may not be identical in terms of the size of
12490	 * the elements and the number of elements.
12491	 *
12492	 * One fundamental assumption here is that the length allocated for
12493	 * both the local and remote sglists is identical.  Otherwise, we've
12494	 * essentially got a coding error of some sort.
12495	 */
12496	isc_ret = CTL_HA_STATUS_SUCCESS;
12497	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12498		uint32_t cur_len;
12499		uint8_t *tmp_ptr;
12500
12501		rq->command = command;
12502		rq->context = io;
12503
12504		/*
12505		 * Both pointers should be aligned.  But it is possible
12506		 * that the allocation length is not.  They should both
12507		 * also have enough slack left over at the end, though,
12508		 * to round up to the next 8 byte boundary.
12509		 */
12510		cur_len = MIN(local_sglist[i].len - local_used,
12511			      remote_sglist[j].len - remote_used);
12512		rq->size = cur_len;
12513
12514		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12515		tmp_ptr += local_used;
12516
12517#if 0
12518		/* Use physical addresses when talking to ISC hardware */
12519		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12520			/* XXX KDM use busdma */
12521			rq->local = vtophys(tmp_ptr);
12522		} else
12523			rq->local = tmp_ptr;
12524#else
12525		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12526		    ("HA does not support BUS_ADDR"));
12527		rq->local = tmp_ptr;
12528#endif
12529
12530		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12531		tmp_ptr += remote_used;
12532		rq->remote = tmp_ptr;
12533
12534		rq->callback = NULL;
12535
12536		local_used += cur_len;
12537		if (local_used >= local_sglist[i].len) {
12538			i++;
12539			local_used = 0;
12540		}
12541
12542		remote_used += cur_len;
12543		if (remote_used >= remote_sglist[j].len) {
12544			j++;
12545			remote_used = 0;
12546		}
12547		total_used += cur_len;
12548
12549		if (total_used >= io->scsiio.kern_data_len)
12550			rq->callback = callback;
12551
12552#if 0
12553		printf("%s: %s: local %p remote %p size %d\n", __func__,
12554		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12555		       rq->local, rq->remote, rq->size);
12556#endif
12557
12558		isc_ret = ctl_dt_single(rq);
12559		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12560			break;
12561	}
12562	if (isc_ret != CTL_HA_STATUS_WAIT) {
12563		rq->ret = isc_ret;
12564		callback(rq);
12565	}
12566
12567	return (0);
12568}
12569
12570static void
12571ctl_datamove_remote_read(union ctl_io *io)
12572{
12573	int retval;
12574	int i;
12575
12576	/*
12577	 * This will send an error to the other controller in the case of a
12578	 * failure.
12579	 */
12580	retval = ctl_datamove_remote_sgl_setup(io);
12581	if (retval != 0)
12582		return;
12583
12584	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12585					  ctl_datamove_remote_read_cb);
12586	if (retval != 0) {
12587		/*
12588		 * Make sure we free memory if there was an error..  The
12589		 * ctl_datamove_remote_xfer() function will send the
12590		 * datamove done message, or call the callback with an
12591		 * error if there is a problem.
12592		 */
12593		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12594			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12595		free(io->io_hdr.remote_sglist, M_CTL);
12596		io->io_hdr.remote_sglist = NULL;
12597		io->io_hdr.local_sglist = NULL;
12598	}
12599}
12600
12601/*
12602 * Process a datamove request from the other controller.  This is used for
12603 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12604 * first.  Once that is complete, the data gets DMAed into the remote
12605 * controller's memory.  For reads, we DMA from the remote controller's
12606 * memory into our memory first, and then move it out to the FETD.
12607 */
12608static void
12609ctl_datamove_remote(union ctl_io *io)
12610{
12611
12612	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12613
12614	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12615		ctl_failover_io(io, /*have_lock*/ 0);
12616		return;
12617	}
12618
12619	/*
12620	 * Note that we look for an aborted I/O here, but don't do some of
12621	 * the other checks that ctl_datamove() normally does.
12622	 * We don't need to run the datamove delay code, since that should
12623	 * have been done if need be on the other controller.
12624	 */
12625	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12626		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12627		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12628		       io->io_hdr.nexus.targ_port,
12629		       io->io_hdr.nexus.targ_lun);
12630		io->io_hdr.port_status = 31338;
12631		ctl_send_datamove_done(io, /*have_lock*/ 0);
12632		return;
12633	}
12634
12635	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12636		ctl_datamove_remote_write(io);
12637	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12638		ctl_datamove_remote_read(io);
12639	else {
12640		io->io_hdr.port_status = 31339;
12641		ctl_send_datamove_done(io, /*have_lock*/ 0);
12642	}
12643}
12644
12645static void
12646ctl_process_done(union ctl_io *io)
12647{
12648	struct ctl_lun *lun;
12649	struct ctl_softc *softc = control_softc;
12650	void (*fe_done)(union ctl_io *io);
12651	union ctl_ha_msg msg;
12652	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12653
12654	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12655	fe_done = softc->ctl_ports[targ_port]->fe_done;
12656
12657#ifdef CTL_TIME_IO
12658	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12659		char str[256];
12660		char path_str[64];
12661		struct sbuf sb;
12662
12663		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12664		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12665
12666		sbuf_cat(&sb, path_str);
12667		switch (io->io_hdr.io_type) {
12668		case CTL_IO_SCSI:
12669			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12670			sbuf_printf(&sb, "\n");
12671			sbuf_cat(&sb, path_str);
12672			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12673				    io->scsiio.tag_num, io->scsiio.tag_type);
12674			break;
12675		case CTL_IO_TASK:
12676			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12677				    "Tag Type: %d\n", io->taskio.task_action,
12678				    io->taskio.tag_num, io->taskio.tag_type);
12679			break;
12680		default:
12681			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12682			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12683			break;
12684		}
12685		sbuf_cat(&sb, path_str);
12686		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12687			    (intmax_t)time_uptime - io->io_hdr.start_time);
12688		sbuf_finish(&sb);
12689		printf("%s", sbuf_data(&sb));
12690	}
12691#endif /* CTL_TIME_IO */
12692
12693	switch (io->io_hdr.io_type) {
12694	case CTL_IO_SCSI:
12695		break;
12696	case CTL_IO_TASK:
12697		if (ctl_debug & CTL_DEBUG_INFO)
12698			ctl_io_error_print(io, NULL);
12699		fe_done(io);
12700		return;
12701	default:
12702		panic("ctl_process_done: invalid io type %d\n",
12703		      io->io_hdr.io_type);
12704		break; /* NOTREACHED */
12705	}
12706
12707	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12708	if (lun == NULL) {
12709		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12710				 io->io_hdr.nexus.targ_mapped_lun));
12711		goto bailout;
12712	}
12713
12714	mtx_lock(&lun->lun_lock);
12715
12716	/*
12717	 * Check to see if we have any errors to inject here.  We only
12718	 * inject errors for commands that don't already have errors set.
12719	 */
12720	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12721	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12722	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12723		ctl_inject_error(lun, io);
12724
12725	/*
12726	 * XXX KDM how do we treat commands that aren't completed
12727	 * successfully?
12728	 *
12729	 * XXX KDM should we also track I/O latency?
12730	 */
12731	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12732	    io->io_hdr.io_type == CTL_IO_SCSI) {
12733#ifdef CTL_TIME_IO
12734		struct bintime cur_bt;
12735#endif
12736		int type;
12737
12738		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12739		    CTL_FLAG_DATA_IN)
12740			type = CTL_STATS_READ;
12741		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12742		    CTL_FLAG_DATA_OUT)
12743			type = CTL_STATS_WRITE;
12744		else
12745			type = CTL_STATS_NO_IO;
12746
12747		lun->stats.ports[targ_port].bytes[type] +=
12748		    io->scsiio.kern_total_len;
12749		lun->stats.ports[targ_port].operations[type]++;
12750#ifdef CTL_TIME_IO
12751		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12752		   &io->io_hdr.dma_bt);
12753		getbinuptime(&cur_bt);
12754		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12755		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12756#endif
12757		lun->stats.ports[targ_port].num_dmas[type] +=
12758		    io->io_hdr.num_dmas;
12759	}
12760
12761	/*
12762	 * Remove this from the OOA queue.
12763	 */
12764	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12765#ifdef CTL_TIME_IO
12766	if (TAILQ_EMPTY(&lun->ooa_queue))
12767		lun->last_busy = getsbinuptime();
12768#endif
12769
12770	/*
12771	 * Run through the blocked queue on this LUN and see if anything
12772	 * has become unblocked, now that this transaction is done.
12773	 */
12774	ctl_check_blocked(lun);
12775
12776	/*
12777	 * If the LUN has been invalidated, free it if there is nothing
12778	 * left on its OOA queue.
12779	 */
12780	if ((lun->flags & CTL_LUN_INVALID)
12781	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12782		mtx_unlock(&lun->lun_lock);
12783		mtx_lock(&softc->ctl_lock);
12784		ctl_free_lun(lun);
12785		mtx_unlock(&softc->ctl_lock);
12786	} else
12787		mtx_unlock(&lun->lun_lock);
12788
12789bailout:
12790
12791	/*
12792	 * If this command has been aborted, make sure we set the status
12793	 * properly.  The FETD is responsible for freeing the I/O and doing
12794	 * whatever it needs to do to clean up its state.
12795	 */
12796	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12797		ctl_set_task_aborted(&io->scsiio);
12798
12799	/*
12800	 * If enabled, print command error status.
12801	 */
12802	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12803	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12804		ctl_io_error_print(io, NULL);
12805
12806	/*
12807	 * Tell the FETD or the other shelf controller we're done with this
12808	 * command.  Note that only SCSI commands get to this point.  Task
12809	 * management commands are completed above.
12810	 */
12811	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12812	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12813		memset(&msg, 0, sizeof(msg));
12814		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12815		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12816		msg.hdr.nexus = io->io_hdr.nexus;
12817		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12818		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12819		    M_WAITOK);
12820	}
12821
12822	fe_done(io);
12823}
12824
12825#ifdef CTL_WITH_CA
12826/*
12827 * Front end should call this if it doesn't do autosense.  When the request
12828 * sense comes back in from the initiator, we'll dequeue this and send it.
12829 */
12830int
12831ctl_queue_sense(union ctl_io *io)
12832{
12833	struct ctl_lun *lun;
12834	struct ctl_port *port;
12835	struct ctl_softc *softc;
12836	uint32_t initidx, targ_lun;
12837
12838	softc = control_softc;
12839
12840	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
12841
12842	/*
12843	 * LUN lookup will likely move to the ctl_work_thread() once we
12844	 * have our new queueing infrastructure (that doesn't put things on
12845	 * a per-LUN queue initially).  That is so that we can handle
12846	 * things like an INQUIRY to a LUN that we don't have enabled.  We
12847	 * can't deal with that right now.
12848	 */
12849	mtx_lock(&softc->ctl_lock);
12850
12851	/*
12852	 * If we don't have a LUN for this, just toss the sense
12853	 * information.
12854	 */
12855	port = ctl_io_port(&ctsio->io_hdr);
12856	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12857	if ((targ_lun < CTL_MAX_LUNS)
12858	 && (softc->ctl_luns[targ_lun] != NULL))
12859		lun = softc->ctl_luns[targ_lun];
12860	else
12861		goto bailout;
12862
12863	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12864
12865	mtx_lock(&lun->lun_lock);
12866	/*
12867	 * Already have CA set for this LUN...toss the sense information.
12868	 */
12869	if (ctl_is_set(lun->have_ca, initidx)) {
12870		mtx_unlock(&lun->lun_lock);
12871		goto bailout;
12872	}
12873
12874	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
12875	       MIN(sizeof(lun->pending_sense[initidx]),
12876	       sizeof(io->scsiio.sense_data)));
12877	ctl_set_mask(lun->have_ca, initidx);
12878	mtx_unlock(&lun->lun_lock);
12879
12880bailout:
12881	mtx_unlock(&softc->ctl_lock);
12882
12883	ctl_free_io(io);
12884
12885	return (CTL_RETVAL_COMPLETE);
12886}
12887#endif
12888
12889/*
12890 * Primary command inlet from frontend ports.  All SCSI and task I/O
12891 * requests must go through this function.
12892 */
12893int
12894ctl_queue(union ctl_io *io)
12895{
12896	struct ctl_port *port;
12897
12898	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
12899
12900#ifdef CTL_TIME_IO
12901	io->io_hdr.start_time = time_uptime;
12902	getbinuptime(&io->io_hdr.start_bt);
12903#endif /* CTL_TIME_IO */
12904
12905	/* Map FE-specific LUN ID into global one. */
12906	port = ctl_io_port(&io->io_hdr);
12907	io->io_hdr.nexus.targ_mapped_lun =
12908	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12909
12910	switch (io->io_hdr.io_type) {
12911	case CTL_IO_SCSI:
12912	case CTL_IO_TASK:
12913		if (ctl_debug & CTL_DEBUG_CDB)
12914			ctl_io_print(io);
12915		ctl_enqueue_incoming(io);
12916		break;
12917	default:
12918		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
12919		return (EINVAL);
12920	}
12921
12922	return (CTL_RETVAL_COMPLETE);
12923}
12924
12925#ifdef CTL_IO_DELAY
12926static void
12927ctl_done_timer_wakeup(void *arg)
12928{
12929	union ctl_io *io;
12930
12931	io = (union ctl_io *)arg;
12932	ctl_done(io);
12933}
12934#endif /* CTL_IO_DELAY */
12935
12936void
12937ctl_serseq_done(union ctl_io *io)
12938{
12939	struct ctl_lun *lun;
12940
12941	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12942	if (lun->be_lun == NULL ||
12943	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
12944		return;
12945	mtx_lock(&lun->lun_lock);
12946	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
12947	ctl_check_blocked(lun);
12948	mtx_unlock(&lun->lun_lock);
12949}
12950
12951void
12952ctl_done(union ctl_io *io)
12953{
12954
12955	/*
12956	 * Enable this to catch duplicate completion issues.
12957	 */
12958#if 0
12959	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
12960		printf("%s: type %d msg %d cdb %x iptl: "
12961		       "%u:%u:%u tag 0x%04x "
12962		       "flag %#x status %x\n",
12963			__func__,
12964			io->io_hdr.io_type,
12965			io->io_hdr.msg_type,
12966			io->scsiio.cdb[0],
12967			io->io_hdr.nexus.initid,
12968			io->io_hdr.nexus.targ_port,
12969			io->io_hdr.nexus.targ_lun,
12970			(io->io_hdr.io_type ==
12971			CTL_IO_TASK) ?
12972			io->taskio.tag_num :
12973			io->scsiio.tag_num,
12974		        io->io_hdr.flags,
12975			io->io_hdr.status);
12976	} else
12977		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
12978#endif
12979
12980	/*
12981	 * This is an internal copy of an I/O, and should not go through
12982	 * the normal done processing logic.
12983	 */
12984	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
12985		return;
12986
12987#ifdef CTL_IO_DELAY
12988	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12989		struct ctl_lun *lun;
12990
12991		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12992
12993		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12994	} else {
12995		struct ctl_lun *lun;
12996
12997		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12998
12999		if ((lun != NULL)
13000		 && (lun->delay_info.done_delay > 0)) {
13001
13002			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13003			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13004			callout_reset(&io->io_hdr.delay_callout,
13005				      lun->delay_info.done_delay * hz,
13006				      ctl_done_timer_wakeup, io);
13007			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13008				lun->delay_info.done_delay = 0;
13009			return;
13010		}
13011	}
13012#endif /* CTL_IO_DELAY */
13013
13014	ctl_enqueue_done(io);
13015}
13016
13017static void
13018ctl_work_thread(void *arg)
13019{
13020	struct ctl_thread *thr = (struct ctl_thread *)arg;
13021	struct ctl_softc *softc = thr->ctl_softc;
13022	union ctl_io *io;
13023	int retval;
13024
13025	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13026
13027	for (;;) {
13028		/*
13029		 * We handle the queues in this order:
13030		 * - ISC
13031		 * - done queue (to free up resources, unblock other commands)
13032		 * - RtR queue
13033		 * - incoming queue
13034		 *
13035		 * If those queues are empty, we break out of the loop and
13036		 * go to sleep.
13037		 */
13038		mtx_lock(&thr->queue_lock);
13039		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13040		if (io != NULL) {
13041			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13042			mtx_unlock(&thr->queue_lock);
13043			ctl_handle_isc(io);
13044			continue;
13045		}
13046		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13047		if (io != NULL) {
13048			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13049			/* clear any blocked commands, call fe_done */
13050			mtx_unlock(&thr->queue_lock);
13051			ctl_process_done(io);
13052			continue;
13053		}
13054		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13055		if (io != NULL) {
13056			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13057			mtx_unlock(&thr->queue_lock);
13058			if (io->io_hdr.io_type == CTL_IO_TASK)
13059				ctl_run_task(io);
13060			else
13061				ctl_scsiio_precheck(softc, &io->scsiio);
13062			continue;
13063		}
13064		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13065		if (io != NULL) {
13066			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13067			mtx_unlock(&thr->queue_lock);
13068			retval = ctl_scsiio(&io->scsiio);
13069			if (retval != CTL_RETVAL_COMPLETE)
13070				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13071			continue;
13072		}
13073
13074		/* Sleep until we have something to do. */
13075		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13076	}
13077}
13078
13079static void
13080ctl_lun_thread(void *arg)
13081{
13082	struct ctl_softc *softc = (struct ctl_softc *)arg;
13083	struct ctl_be_lun *be_lun;
13084
13085	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13086
13087	for (;;) {
13088		mtx_lock(&softc->ctl_lock);
13089		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13090		if (be_lun != NULL) {
13091			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13092			mtx_unlock(&softc->ctl_lock);
13093			ctl_create_lun(be_lun);
13094			continue;
13095		}
13096
13097		/* Sleep until we have something to do. */
13098		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13099		    PDROP | PRIBIO, "-", 0);
13100	}
13101}
13102
13103static void
13104ctl_thresh_thread(void *arg)
13105{
13106	struct ctl_softc *softc = (struct ctl_softc *)arg;
13107	struct ctl_lun *lun;
13108	struct scsi_da_rw_recovery_page *rwpage;
13109	struct ctl_logical_block_provisioning_page *page;
13110	const char *attr;
13111	union ctl_ha_msg msg;
13112	uint64_t thres, val;
13113	int i, e, set;
13114
13115	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13116
13117	for (;;) {
13118		mtx_lock(&softc->ctl_lock);
13119		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13120			if ((lun->flags & CTL_LUN_DISABLED) ||
13121			    (lun->flags & CTL_LUN_OFFLINE) ||
13122			    lun->backend->lun_attr == NULL)
13123				continue;
13124			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13125			    softc->ha_mode == CTL_HA_MODE_XFER)
13126				continue;
13127			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13128			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13129				continue;
13130			e = 0;
13131			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13132			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13133				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13134					continue;
13135				thres = scsi_4btoul(page->descr[i].count);
13136				thres <<= CTL_LBP_EXPONENT;
13137				switch (page->descr[i].resource) {
13138				case 0x01:
13139					attr = "blocksavail";
13140					break;
13141				case 0x02:
13142					attr = "blocksused";
13143					break;
13144				case 0xf1:
13145					attr = "poolblocksavail";
13146					break;
13147				case 0xf2:
13148					attr = "poolblocksused";
13149					break;
13150				default:
13151					continue;
13152				}
13153				mtx_unlock(&softc->ctl_lock); // XXX
13154				val = lun->backend->lun_attr(
13155				    lun->be_lun->be_lun, attr);
13156				mtx_lock(&softc->ctl_lock);
13157				if (val == UINT64_MAX)
13158					continue;
13159				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13160				    == SLBPPD_ARMING_INC)
13161					e = (val >= thres);
13162				else
13163					e = (val <= thres);
13164				if (e)
13165					break;
13166			}
13167			mtx_lock(&lun->lun_lock);
13168			if (e) {
13169				scsi_u64to8b((uint8_t *)&page->descr[i] -
13170				    (uint8_t *)page, lun->ua_tpt_info);
13171				if (lun->lasttpt == 0 ||
13172				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13173					lun->lasttpt = time_uptime;
13174					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13175					set = 1;
13176				} else
13177					set = 0;
13178			} else {
13179				lun->lasttpt = 0;
13180				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13181				set = -1;
13182			}
13183			mtx_unlock(&lun->lun_lock);
13184			if (set != 0 &&
13185			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13186				/* Send msg to other side. */
13187				bzero(&msg.ua, sizeof(msg.ua));
13188				msg.hdr.msg_type = CTL_MSG_UA;
13189				msg.hdr.nexus.initid = -1;
13190				msg.hdr.nexus.targ_port = -1;
13191				msg.hdr.nexus.targ_lun = lun->lun;
13192				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13193				msg.ua.ua_all = 1;
13194				msg.ua.ua_set = (set > 0);
13195				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13196				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13197				mtx_unlock(&softc->ctl_lock); // XXX
13198				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13199				    sizeof(msg.ua), M_WAITOK);
13200				mtx_lock(&softc->ctl_lock);
13201			}
13202		}
13203		mtx_unlock(&softc->ctl_lock);
13204		pause("-", CTL_LBP_PERIOD * hz);
13205	}
13206}
13207
13208static void
13209ctl_enqueue_incoming(union ctl_io *io)
13210{
13211	struct ctl_softc *softc = control_softc;
13212	struct ctl_thread *thr;
13213	u_int idx;
13214
13215	idx = (io->io_hdr.nexus.targ_port * 127 +
13216	       io->io_hdr.nexus.initid) % worker_threads;
13217	thr = &softc->threads[idx];
13218	mtx_lock(&thr->queue_lock);
13219	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13220	mtx_unlock(&thr->queue_lock);
13221	wakeup(thr);
13222}
13223
13224static void
13225ctl_enqueue_rtr(union ctl_io *io)
13226{
13227	struct ctl_softc *softc = control_softc;
13228	struct ctl_thread *thr;
13229
13230	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13231	mtx_lock(&thr->queue_lock);
13232	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13233	mtx_unlock(&thr->queue_lock);
13234	wakeup(thr);
13235}
13236
13237static void
13238ctl_enqueue_done(union ctl_io *io)
13239{
13240	struct ctl_softc *softc = control_softc;
13241	struct ctl_thread *thr;
13242
13243	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13244	mtx_lock(&thr->queue_lock);
13245	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13246	mtx_unlock(&thr->queue_lock);
13247	wakeup(thr);
13248}
13249
13250static void
13251ctl_enqueue_isc(union ctl_io *io)
13252{
13253	struct ctl_softc *softc = control_softc;
13254	struct ctl_thread *thr;
13255
13256	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13257	mtx_lock(&thr->queue_lock);
13258	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13259	mtx_unlock(&thr->queue_lock);
13260	wakeup(thr);
13261}
13262
13263/*
13264 *  vim: ts=8
13265 */
13266