ctl.c revision 288806 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288806 2015-10-05 11:26:46Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_DEXCPT,
288	/*mrie*/0,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 0}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/0,
297	/*mrie*/0,
298	/*interval_timer*/{0, 0, 0, 0},
299	/*report_count*/{0, 0, 0, 0}
300};
301
302#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
303
304const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
305	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
306	/*subpage_code*/0x02,
307	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
308	/*flags*/0,
309	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310	/*descr*/{}},
311	{{/*flags*/0,
312	  /*resource*/0x01,
313	  /*reserved*/{0, 0},
314	  /*count*/{0, 0, 0, 0}},
315	 {/*flags*/0,
316	  /*resource*/0x02,
317	  /*reserved*/{0, 0},
318	  /*count*/{0, 0, 0, 0}},
319	 {/*flags*/0,
320	  /*resource*/0xf1,
321	  /*reserved*/{0, 0},
322	  /*count*/{0, 0, 0, 0}},
323	 {/*flags*/0,
324	  /*resource*/0xf2,
325	  /*reserved*/{0, 0},
326	  /*count*/{0, 0, 0, 0}}
327	}
328};
329
330const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
331	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
332	/*subpage_code*/0x02,
333	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
334	/*flags*/0,
335	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
336	/*descr*/{}},
337	{{/*flags*/0,
338	  /*resource*/0,
339	  /*reserved*/{0, 0},
340	  /*count*/{0, 0, 0, 0}},
341	 {/*flags*/0,
342	  /*resource*/0,
343	  /*reserved*/{0, 0},
344	  /*count*/{0, 0, 0, 0}},
345	 {/*flags*/0,
346	  /*resource*/0,
347	  /*reserved*/{0, 0},
348	  /*count*/{0, 0, 0, 0}},
349	 {/*flags*/0,
350	  /*resource*/0,
351	  /*reserved*/{0, 0},
352	  /*count*/{0, 0, 0, 0}}
353	}
354};
355
356SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
357static int worker_threads = -1;
358TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
359SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
360    &worker_threads, 1, "Number of worker threads");
361static int ctl_debug = CTL_DEBUG_NONE;
362TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
363SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
364    &ctl_debug, 0, "Enabled debug flags");
365
366/*
367 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
368 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
369 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
370 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
371 */
372#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
373
374static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
375				  int param);
376static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
377static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
378static int ctl_init(void);
379void ctl_shutdown(void);
380static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
381static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
382static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
383static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
384			      struct ctl_ooa *ooa_hdr,
385			      struct ctl_ooa_entry *kern_entries);
386static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
387		     struct thread *td);
388static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
389			 struct ctl_be_lun *be_lun);
390static int ctl_free_lun(struct ctl_lun *lun);
391static void ctl_create_lun(struct ctl_be_lun *be_lun);
392static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
393
394static int ctl_do_mode_select(union ctl_io *io);
395static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
396			   uint64_t res_key, uint64_t sa_res_key,
397			   uint8_t type, uint32_t residx,
398			   struct ctl_scsiio *ctsio,
399			   struct scsi_per_res_out *cdb,
400			   struct scsi_per_res_out_parms* param);
401static void ctl_pro_preempt_other(struct ctl_lun *lun,
402				  union ctl_ha_msg *msg);
403static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
404static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
407static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
408static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
409static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
410					 int alloc_len);
411static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
412					 int alloc_len);
413static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
414static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
415static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
416static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
417static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
418static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
419    bool seq);
420static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
421static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
422    union ctl_io *pending_io, union ctl_io *ooa_io);
423static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
424				union ctl_io *starting_io);
425static int ctl_check_blocked(struct ctl_lun *lun);
426static int ctl_scsiio_lun_check(struct ctl_lun *lun,
427				const struct ctl_cmd_entry *entry,
428				struct ctl_scsiio *ctsio);
429static void ctl_failover_lun(union ctl_io *io);
430static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
431			       struct ctl_scsiio *ctsio);
432static int ctl_scsiio(struct ctl_scsiio *ctsio);
433
434static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
435static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
436			    ctl_ua_type ua_type);
437static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
438			 ctl_ua_type ua_type);
439static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
440static int ctl_abort_task(union ctl_io *io);
441static int ctl_abort_task_set(union ctl_io *io);
442static int ctl_query_task(union ctl_io *io, int task_set);
443static int ctl_i_t_nexus_reset(union ctl_io *io);
444static int ctl_query_async_event(union ctl_io *io);
445static void ctl_run_task(union ctl_io *io);
446#ifdef CTL_IO_DELAY
447static void ctl_datamove_timer_wakeup(void *arg);
448static void ctl_done_timer_wakeup(void *arg);
449#endif /* CTL_IO_DELAY */
450
451static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
452static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
453static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
454static void ctl_datamove_remote_write(union ctl_io *io);
455static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
456static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
457static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
458static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
459				    ctl_ha_dt_cb callback);
460static void ctl_datamove_remote_read(union ctl_io *io);
461static void ctl_datamove_remote(union ctl_io *io);
462static void ctl_process_done(union ctl_io *io);
463static void ctl_lun_thread(void *arg);
464static void ctl_thresh_thread(void *arg);
465static void ctl_work_thread(void *arg);
466static void ctl_enqueue_incoming(union ctl_io *io);
467static void ctl_enqueue_rtr(union ctl_io *io);
468static void ctl_enqueue_done(union ctl_io *io);
469static void ctl_enqueue_isc(union ctl_io *io);
470static const struct ctl_cmd_entry *
471    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
472static const struct ctl_cmd_entry *
473    ctl_validate_command(struct ctl_scsiio *ctsio);
474static int ctl_cmd_applicable(uint8_t lun_type,
475    const struct ctl_cmd_entry *entry);
476
477static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
478static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
479static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
480static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
481
482/*
483 * Load the serialization table.  This isn't very pretty, but is probably
484 * the easiest way to do it.
485 */
486#include "ctl_ser_table.c"
487
488/*
489 * We only need to define open, close and ioctl routines for this driver.
490 */
491static struct cdevsw ctl_cdevsw = {
492	.d_version =	D_VERSION,
493	.d_flags =	0,
494	.d_open =	ctl_open,
495	.d_close =	ctl_close,
496	.d_ioctl =	ctl_ioctl,
497	.d_name =	"ctl",
498};
499
500
501MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
502
503static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
504
505static moduledata_t ctl_moduledata = {
506	"ctl",
507	ctl_module_event_handler,
508	NULL
509};
510
511DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
512MODULE_VERSION(ctl, 1);
513
514static struct ctl_frontend ha_frontend =
515{
516	.name = "ha",
517};
518
519static void
520ctl_ha_datamove(union ctl_io *io)
521{
522	struct ctl_lun *lun;
523	struct ctl_sg_entry *sgl;
524	union ctl_ha_msg msg;
525	uint32_t sg_entries_sent;
526	int do_sg_copy, i, j;
527
528	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
529	memset(&msg.dt, 0, sizeof(msg.dt));
530	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
531	msg.hdr.original_sc = io->io_hdr.original_sc;
532	msg.hdr.serializing_sc = io;
533	msg.hdr.nexus = io->io_hdr.nexus;
534	msg.hdr.status = io->io_hdr.status;
535	msg.dt.flags = io->io_hdr.flags;
536
537	/*
538	 * We convert everything into a S/G list here.  We can't
539	 * pass by reference, only by value between controllers.
540	 * So we can't pass a pointer to the S/G list, only as many
541	 * S/G entries as we can fit in here.  If it's possible for
542	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
543	 * then we need to break this up into multiple transfers.
544	 */
545	if (io->scsiio.kern_sg_entries == 0) {
546		msg.dt.kern_sg_entries = 1;
547#if 0
548		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
549			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
550		} else {
551			/* XXX KDM use busdma here! */
552			msg.dt.sg_list[0].addr =
553			    (void *)vtophys(io->scsiio.kern_data_ptr);
554		}
555#else
556		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
557		    ("HA does not support BUS_ADDR"));
558		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
559#endif
560		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
561		do_sg_copy = 0;
562	} else {
563		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
564		do_sg_copy = 1;
565	}
566
567	msg.dt.kern_data_len = io->scsiio.kern_data_len;
568	msg.dt.kern_total_len = io->scsiio.kern_total_len;
569	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
570	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
571	msg.dt.sg_sequence = 0;
572
573	/*
574	 * Loop until we've sent all of the S/G entries.  On the
575	 * other end, we'll recompose these S/G entries into one
576	 * contiguous list before processing.
577	 */
578	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
579	    msg.dt.sg_sequence++) {
580		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
581		    sizeof(msg.dt.sg_list[0])),
582		    msg.dt.kern_sg_entries - sg_entries_sent);
583		if (do_sg_copy != 0) {
584			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
585			for (i = sg_entries_sent, j = 0;
586			     i < msg.dt.cur_sg_entries; i++, j++) {
587#if 0
588				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
589					msg.dt.sg_list[j].addr = sgl[i].addr;
590				} else {
591					/* XXX KDM use busdma here! */
592					msg.dt.sg_list[j].addr =
593					    (void *)vtophys(sgl[i].addr);
594				}
595#else
596				KASSERT((io->io_hdr.flags &
597				    CTL_FLAG_BUS_ADDR) == 0,
598				    ("HA does not support BUS_ADDR"));
599				msg.dt.sg_list[j].addr = sgl[i].addr;
600#endif
601				msg.dt.sg_list[j].len = sgl[i].len;
602			}
603		}
604
605		sg_entries_sent += msg.dt.cur_sg_entries;
606		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
607		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
608		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
609		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
610		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
611			io->io_hdr.port_status = 31341;
612			io->scsiio.be_move_done(io);
613			return;
614		}
615		msg.dt.sent_sg_entries = sg_entries_sent;
616	}
617
618	/*
619	 * Officially handover the request from us to peer.
620	 * If failover has just happened, then we must return error.
621	 * If failover happen just after, then it is not our problem.
622	 */
623	if (lun)
624		mtx_lock(&lun->lun_lock);
625	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
626		if (lun)
627			mtx_unlock(&lun->lun_lock);
628		io->io_hdr.port_status = 31342;
629		io->scsiio.be_move_done(io);
630		return;
631	}
632	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
633	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
634	if (lun)
635		mtx_unlock(&lun->lun_lock);
636}
637
638static void
639ctl_ha_done(union ctl_io *io)
640{
641	union ctl_ha_msg msg;
642
643	if (io->io_hdr.io_type == CTL_IO_SCSI) {
644		memset(&msg, 0, sizeof(msg));
645		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
646		msg.hdr.original_sc = io->io_hdr.original_sc;
647		msg.hdr.nexus = io->io_hdr.nexus;
648		msg.hdr.status = io->io_hdr.status;
649		msg.scsi.scsi_status = io->scsiio.scsi_status;
650		msg.scsi.tag_num = io->scsiio.tag_num;
651		msg.scsi.tag_type = io->scsiio.tag_type;
652		msg.scsi.sense_len = io->scsiio.sense_len;
653		msg.scsi.sense_residual = io->scsiio.sense_residual;
654		msg.scsi.residual = io->scsiio.residual;
655		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
656		    io->scsiio.sense_len);
657		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
658		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
659		    msg.scsi.sense_len, M_WAITOK);
660	}
661	ctl_free_io(io);
662}
663
664static void
665ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
666			    union ctl_ha_msg *msg_info)
667{
668	struct ctl_scsiio *ctsio;
669
670	if (msg_info->hdr.original_sc == NULL) {
671		printf("%s: original_sc == NULL!\n", __func__);
672		/* XXX KDM now what? */
673		return;
674	}
675
676	ctsio = &msg_info->hdr.original_sc->scsiio;
677	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
678	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
679	ctsio->io_hdr.status = msg_info->hdr.status;
680	ctsio->scsi_status = msg_info->scsi.scsi_status;
681	ctsio->sense_len = msg_info->scsi.sense_len;
682	ctsio->sense_residual = msg_info->scsi.sense_residual;
683	ctsio->residual = msg_info->scsi.residual;
684	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
685	       msg_info->scsi.sense_len);
686	ctl_enqueue_isc((union ctl_io *)ctsio);
687}
688
689static void
690ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
691				union ctl_ha_msg *msg_info)
692{
693	struct ctl_scsiio *ctsio;
694
695	if (msg_info->hdr.serializing_sc == NULL) {
696		printf("%s: serializing_sc == NULL!\n", __func__);
697		/* XXX KDM now what? */
698		return;
699	}
700
701	ctsio = &msg_info->hdr.serializing_sc->scsiio;
702	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
703	ctl_enqueue_isc((union ctl_io *)ctsio);
704}
705
706void
707ctl_isc_announce_lun(struct ctl_lun *lun)
708{
709	struct ctl_softc *softc = lun->ctl_softc;
710	union ctl_ha_msg *msg;
711	struct ctl_ha_msg_lun_pr_key pr_key;
712	int i, k;
713
714	if (softc->ha_link != CTL_HA_LINK_ONLINE)
715		return;
716	mtx_lock(&lun->lun_lock);
717	i = sizeof(msg->lun);
718	if (lun->lun_devid)
719		i += lun->lun_devid->len;
720	i += sizeof(pr_key) * lun->pr_key_count;
721alloc:
722	mtx_unlock(&lun->lun_lock);
723	msg = malloc(i, M_CTL, M_WAITOK);
724	mtx_lock(&lun->lun_lock);
725	k = sizeof(msg->lun);
726	if (lun->lun_devid)
727		k += lun->lun_devid->len;
728	k += sizeof(pr_key) * lun->pr_key_count;
729	if (i < k) {
730		free(msg, M_CTL);
731		i = k;
732		goto alloc;
733	}
734	bzero(&msg->lun, sizeof(msg->lun));
735	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
736	msg->hdr.nexus.targ_lun = lun->lun;
737	msg->hdr.nexus.targ_mapped_lun = lun->lun;
738	msg->lun.flags = lun->flags;
739	msg->lun.pr_generation = lun->PRGeneration;
740	msg->lun.pr_res_idx = lun->pr_res_idx;
741	msg->lun.pr_res_type = lun->res_type;
742	msg->lun.pr_key_count = lun->pr_key_count;
743	i = 0;
744	if (lun->lun_devid) {
745		msg->lun.lun_devid_len = lun->lun_devid->len;
746		memcpy(&msg->lun.data[i], lun->lun_devid->data,
747		    msg->lun.lun_devid_len);
748		i += msg->lun.lun_devid_len;
749	}
750	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
751		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
752			continue;
753		pr_key.pr_iid = k;
754		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
755		i += sizeof(pr_key);
756	}
757	mtx_unlock(&lun->lun_lock);
758	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
759	    M_WAITOK);
760	free(msg, M_CTL);
761
762	if (lun->flags & CTL_LUN_PRIMARY_SC) {
763		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
764			ctl_isc_announce_mode(lun, -1,
765			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
766			    lun->mode_pages.index[i].subpage);
767		}
768	}
769}
770
771void
772ctl_isc_announce_port(struct ctl_port *port)
773{
774	struct ctl_softc *softc = port->ctl_softc;
775	union ctl_ha_msg *msg;
776	int i;
777
778	if (port->targ_port < softc->port_min ||
779	    port->targ_port >= softc->port_max ||
780	    softc->ha_link != CTL_HA_LINK_ONLINE)
781		return;
782	i = sizeof(msg->port) + strlen(port->port_name) + 1;
783	if (port->lun_map)
784		i += sizeof(uint32_t) * CTL_MAX_LUNS;
785	if (port->port_devid)
786		i += port->port_devid->len;
787	if (port->target_devid)
788		i += port->target_devid->len;
789	if (port->init_devid)
790		i += port->init_devid->len;
791	msg = malloc(i, M_CTL, M_WAITOK);
792	bzero(&msg->port, sizeof(msg->port));
793	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
794	msg->hdr.nexus.targ_port = port->targ_port;
795	msg->port.port_type = port->port_type;
796	msg->port.physical_port = port->physical_port;
797	msg->port.virtual_port = port->virtual_port;
798	msg->port.status = port->status;
799	i = 0;
800	msg->port.name_len = sprintf(&msg->port.data[i],
801	    "%d:%s", softc->ha_id, port->port_name) + 1;
802	i += msg->port.name_len;
803	if (port->lun_map) {
804		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
805		memcpy(&msg->port.data[i], port->lun_map,
806		    msg->port.lun_map_len);
807		i += msg->port.lun_map_len;
808	}
809	if (port->port_devid) {
810		msg->port.port_devid_len = port->port_devid->len;
811		memcpy(&msg->port.data[i], port->port_devid->data,
812		    msg->port.port_devid_len);
813		i += msg->port.port_devid_len;
814	}
815	if (port->target_devid) {
816		msg->port.target_devid_len = port->target_devid->len;
817		memcpy(&msg->port.data[i], port->target_devid->data,
818		    msg->port.target_devid_len);
819		i += msg->port.target_devid_len;
820	}
821	if (port->init_devid) {
822		msg->port.init_devid_len = port->init_devid->len;
823		memcpy(&msg->port.data[i], port->init_devid->data,
824		    msg->port.init_devid_len);
825		i += msg->port.init_devid_len;
826	}
827	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
828	    M_WAITOK);
829	free(msg, M_CTL);
830}
831
832void
833ctl_isc_announce_iid(struct ctl_port *port, int iid)
834{
835	struct ctl_softc *softc = port->ctl_softc;
836	union ctl_ha_msg *msg;
837	int i, l;
838
839	if (port->targ_port < softc->port_min ||
840	    port->targ_port >= softc->port_max ||
841	    softc->ha_link != CTL_HA_LINK_ONLINE)
842		return;
843	mtx_lock(&softc->ctl_lock);
844	i = sizeof(msg->iid);
845	l = 0;
846	if (port->wwpn_iid[iid].name)
847		l = strlen(port->wwpn_iid[iid].name) + 1;
848	i += l;
849	msg = malloc(i, M_CTL, M_NOWAIT);
850	if (msg == NULL) {
851		mtx_unlock(&softc->ctl_lock);
852		return;
853	}
854	bzero(&msg->iid, sizeof(msg->iid));
855	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
856	msg->hdr.nexus.targ_port = port->targ_port;
857	msg->hdr.nexus.initid = iid;
858	msg->iid.in_use = port->wwpn_iid[iid].in_use;
859	msg->iid.name_len = l;
860	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
861	if (port->wwpn_iid[iid].name)
862		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
863	mtx_unlock(&softc->ctl_lock);
864	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
865	free(msg, M_CTL);
866}
867
868void
869ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
870    uint8_t page, uint8_t subpage)
871{
872	struct ctl_softc *softc = lun->ctl_softc;
873	union ctl_ha_msg msg;
874	int i;
875
876	if (softc->ha_link != CTL_HA_LINK_ONLINE)
877		return;
878	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
879		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
880		    page && lun->mode_pages.index[i].subpage == subpage)
881			break;
882	}
883	if (i == CTL_NUM_MODE_PAGES)
884		return;
885	bzero(&msg.mode, sizeof(msg.mode));
886	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
887	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
888	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
889	msg.hdr.nexus.targ_lun = lun->lun;
890	msg.hdr.nexus.targ_mapped_lun = lun->lun;
891	msg.mode.page_code = page;
892	msg.mode.subpage = subpage;
893	msg.mode.page_len = lun->mode_pages.index[i].page_len;
894	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
895	    msg.mode.page_len);
896	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
897	    M_WAITOK);
898}
899
900static void
901ctl_isc_ha_link_up(struct ctl_softc *softc)
902{
903	struct ctl_port *port;
904	struct ctl_lun *lun;
905	union ctl_ha_msg msg;
906	int i;
907
908	/* Announce this node parameters to peer for validation. */
909	msg.login.msg_type = CTL_MSG_LOGIN;
910	msg.login.version = CTL_HA_VERSION;
911	msg.login.ha_mode = softc->ha_mode;
912	msg.login.ha_id = softc->ha_id;
913	msg.login.max_luns = CTL_MAX_LUNS;
914	msg.login.max_ports = CTL_MAX_PORTS;
915	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
916	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
917	    M_WAITOK);
918
919	STAILQ_FOREACH(port, &softc->port_list, links) {
920		ctl_isc_announce_port(port);
921		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
922			if (port->wwpn_iid[i].in_use)
923				ctl_isc_announce_iid(port, i);
924		}
925	}
926	STAILQ_FOREACH(lun, &softc->lun_list, links)
927		ctl_isc_announce_lun(lun);
928}
929
930static void
931ctl_isc_ha_link_down(struct ctl_softc *softc)
932{
933	struct ctl_port *port;
934	struct ctl_lun *lun;
935	union ctl_io *io;
936	int i;
937
938	mtx_lock(&softc->ctl_lock);
939	STAILQ_FOREACH(lun, &softc->lun_list, links) {
940		mtx_lock(&lun->lun_lock);
941		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
942			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
943			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
944		}
945		mtx_unlock(&lun->lun_lock);
946
947		mtx_unlock(&softc->ctl_lock);
948		io = ctl_alloc_io(softc->othersc_pool);
949		mtx_lock(&softc->ctl_lock);
950		ctl_zero_io(io);
951		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
952		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
953		ctl_enqueue_isc(io);
954	}
955
956	STAILQ_FOREACH(port, &softc->port_list, links) {
957		if (port->targ_port >= softc->port_min &&
958		    port->targ_port < softc->port_max)
959			continue;
960		port->status &= ~CTL_PORT_STATUS_ONLINE;
961		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
962			port->wwpn_iid[i].in_use = 0;
963			free(port->wwpn_iid[i].name, M_CTL);
964			port->wwpn_iid[i].name = NULL;
965		}
966	}
967	mtx_unlock(&softc->ctl_lock);
968}
969
970static void
971ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
972{
973	struct ctl_lun *lun;
974	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
975
976	mtx_lock(&softc->ctl_lock);
977	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
978	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
979		mtx_lock(&lun->lun_lock);
980		mtx_unlock(&softc->ctl_lock);
981		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
982		    msg->ua.ua_set)
983			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
984		if (msg->ua.ua_all) {
985			if (msg->ua.ua_set)
986				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
987			else
988				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
989		} else {
990			if (msg->ua.ua_set)
991				ctl_est_ua(lun, iid, msg->ua.ua_type);
992			else
993				ctl_clr_ua(lun, iid, msg->ua.ua_type);
994		}
995		mtx_unlock(&lun->lun_lock);
996	} else
997		mtx_unlock(&softc->ctl_lock);
998}
999
1000static void
1001ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1002{
1003	struct ctl_lun *lun;
1004	struct ctl_ha_msg_lun_pr_key pr_key;
1005	int i, k;
1006	ctl_lun_flags oflags;
1007	uint32_t targ_lun;
1008
1009	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1010	mtx_lock(&softc->ctl_lock);
1011	if ((targ_lun >= CTL_MAX_LUNS) ||
1012	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1013		mtx_unlock(&softc->ctl_lock);
1014		return;
1015	}
1016	mtx_lock(&lun->lun_lock);
1017	mtx_unlock(&softc->ctl_lock);
1018	if (lun->flags & CTL_LUN_DISABLED) {
1019		mtx_unlock(&lun->lun_lock);
1020		return;
1021	}
1022	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1023	if (msg->lun.lun_devid_len != i || (i > 0 &&
1024	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1025		mtx_unlock(&lun->lun_lock);
1026		printf("%s: Received conflicting HA LUN %d\n",
1027		    __func__, msg->hdr.nexus.targ_lun);
1028		return;
1029	} else {
1030		/* Record whether peer is primary. */
1031		oflags = lun->flags;
1032		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1033		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1034			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1035		else
1036			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1037		if (oflags != lun->flags)
1038			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1039
1040		/* If peer is primary and we are not -- use data */
1041		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1042		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1043			lun->PRGeneration = msg->lun.pr_generation;
1044			lun->pr_res_idx = msg->lun.pr_res_idx;
1045			lun->res_type = msg->lun.pr_res_type;
1046			lun->pr_key_count = msg->lun.pr_key_count;
1047			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1048				ctl_clr_prkey(lun, k);
1049			for (k = 0; k < msg->lun.pr_key_count; k++) {
1050				memcpy(&pr_key, &msg->lun.data[i],
1051				    sizeof(pr_key));
1052				ctl_alloc_prkey(lun, pr_key.pr_iid);
1053				ctl_set_prkey(lun, pr_key.pr_iid,
1054				    pr_key.pr_key);
1055				i += sizeof(pr_key);
1056			}
1057		}
1058
1059		mtx_unlock(&lun->lun_lock);
1060		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1061		    __func__, msg->hdr.nexus.targ_lun,
1062		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1063		    "primary" : "secondary"));
1064
1065		/* If we are primary but peer doesn't know -- notify */
1066		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1067		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1068			ctl_isc_announce_lun(lun);
1069	}
1070}
1071
1072static void
1073ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1074{
1075	struct ctl_port *port;
1076	struct ctl_lun *lun;
1077	int i, new;
1078
1079	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1080	if (port == NULL) {
1081		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1082		    msg->hdr.nexus.targ_port));
1083		new = 1;
1084		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1085		port->frontend = &ha_frontend;
1086		port->targ_port = msg->hdr.nexus.targ_port;
1087		port->fe_datamove = ctl_ha_datamove;
1088		port->fe_done = ctl_ha_done;
1089	} else if (port->frontend == &ha_frontend) {
1090		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1091		    msg->hdr.nexus.targ_port));
1092		new = 0;
1093	} else {
1094		printf("%s: Received conflicting HA port %d\n",
1095		    __func__, msg->hdr.nexus.targ_port);
1096		return;
1097	}
1098	port->port_type = msg->port.port_type;
1099	port->physical_port = msg->port.physical_port;
1100	port->virtual_port = msg->port.virtual_port;
1101	port->status = msg->port.status;
1102	i = 0;
1103	free(port->port_name, M_CTL);
1104	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1105	    M_CTL);
1106	i += msg->port.name_len;
1107	if (msg->port.lun_map_len != 0) {
1108		if (port->lun_map == NULL)
1109			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1110			    M_CTL, M_WAITOK);
1111		memcpy(port->lun_map, &msg->port.data[i],
1112		    sizeof(uint32_t) * CTL_MAX_LUNS);
1113		i += msg->port.lun_map_len;
1114	} else {
1115		free(port->lun_map, M_CTL);
1116		port->lun_map = NULL;
1117	}
1118	if (msg->port.port_devid_len != 0) {
1119		if (port->port_devid == NULL ||
1120		    port->port_devid->len != msg->port.port_devid_len) {
1121			free(port->port_devid, M_CTL);
1122			port->port_devid = malloc(sizeof(struct ctl_devid) +
1123			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1124		}
1125		memcpy(port->port_devid->data, &msg->port.data[i],
1126		    msg->port.port_devid_len);
1127		port->port_devid->len = msg->port.port_devid_len;
1128		i += msg->port.port_devid_len;
1129	} else {
1130		free(port->port_devid, M_CTL);
1131		port->port_devid = NULL;
1132	}
1133	if (msg->port.target_devid_len != 0) {
1134		if (port->target_devid == NULL ||
1135		    port->target_devid->len != msg->port.target_devid_len) {
1136			free(port->target_devid, M_CTL);
1137			port->target_devid = malloc(sizeof(struct ctl_devid) +
1138			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1139		}
1140		memcpy(port->target_devid->data, &msg->port.data[i],
1141		    msg->port.target_devid_len);
1142		port->target_devid->len = msg->port.target_devid_len;
1143		i += msg->port.target_devid_len;
1144	} else {
1145		free(port->target_devid, M_CTL);
1146		port->target_devid = NULL;
1147	}
1148	if (msg->port.init_devid_len != 0) {
1149		if (port->init_devid == NULL ||
1150		    port->init_devid->len != msg->port.init_devid_len) {
1151			free(port->init_devid, M_CTL);
1152			port->init_devid = malloc(sizeof(struct ctl_devid) +
1153			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1154		}
1155		memcpy(port->init_devid->data, &msg->port.data[i],
1156		    msg->port.init_devid_len);
1157		port->init_devid->len = msg->port.init_devid_len;
1158		i += msg->port.init_devid_len;
1159	} else {
1160		free(port->init_devid, M_CTL);
1161		port->init_devid = NULL;
1162	}
1163	if (new) {
1164		if (ctl_port_register(port) != 0) {
1165			printf("%s: ctl_port_register() failed with error\n",
1166			    __func__);
1167		}
1168	}
1169	mtx_lock(&softc->ctl_lock);
1170	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1171		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1172			continue;
1173		mtx_lock(&lun->lun_lock);
1174		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1175		mtx_unlock(&lun->lun_lock);
1176	}
1177	mtx_unlock(&softc->ctl_lock);
1178}
1179
1180static void
1181ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1182{
1183	struct ctl_port *port;
1184	int iid;
1185
1186	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1187	if (port == NULL) {
1188		printf("%s: Received IID for unknown port %d\n",
1189		    __func__, msg->hdr.nexus.targ_port);
1190		return;
1191	}
1192	iid = msg->hdr.nexus.initid;
1193	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1194	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1195	free(port->wwpn_iid[iid].name, M_CTL);
1196	if (msg->iid.name_len) {
1197		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1198		    msg->iid.name_len, M_CTL);
1199	} else
1200		port->wwpn_iid[iid].name = NULL;
1201}
1202
1203static void
1204ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1205{
1206
1207	if (msg->login.version != CTL_HA_VERSION) {
1208		printf("CTL HA peers have different versions %d != %d\n",
1209		    msg->login.version, CTL_HA_VERSION);
1210		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1211		return;
1212	}
1213	if (msg->login.ha_mode != softc->ha_mode) {
1214		printf("CTL HA peers have different ha_mode %d != %d\n",
1215		    msg->login.ha_mode, softc->ha_mode);
1216		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1217		return;
1218	}
1219	if (msg->login.ha_id == softc->ha_id) {
1220		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1221		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1222		return;
1223	}
1224	if (msg->login.max_luns != CTL_MAX_LUNS ||
1225	    msg->login.max_ports != CTL_MAX_PORTS ||
1226	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1227		printf("CTL HA peers have different limits\n");
1228		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1229		return;
1230	}
1231}
1232
1233static void
1234ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1235{
1236	struct ctl_lun *lun;
1237	int i;
1238	uint32_t initidx, targ_lun;
1239
1240	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1241	mtx_lock(&softc->ctl_lock);
1242	if ((targ_lun >= CTL_MAX_LUNS) ||
1243	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1244		mtx_unlock(&softc->ctl_lock);
1245		return;
1246	}
1247	mtx_lock(&lun->lun_lock);
1248	mtx_unlock(&softc->ctl_lock);
1249	if (lun->flags & CTL_LUN_DISABLED) {
1250		mtx_unlock(&lun->lun_lock);
1251		return;
1252	}
1253	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1254		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1255		    msg->mode.page_code &&
1256		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1257			break;
1258	}
1259	if (i == CTL_NUM_MODE_PAGES) {
1260		mtx_unlock(&lun->lun_lock);
1261		return;
1262	}
1263	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1264	    lun->mode_pages.index[i].page_len);
1265	initidx = ctl_get_initindex(&msg->hdr.nexus);
1266	if (initidx != -1)
1267		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1268	mtx_unlock(&lun->lun_lock);
1269}
1270
1271/*
1272 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1273 * subsystem come in here.
1274 */
1275static void
1276ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1277{
1278	struct ctl_softc *softc = control_softc;
1279	union ctl_io *io;
1280	struct ctl_prio *presio;
1281	ctl_ha_status isc_status;
1282
1283	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1284	if (event == CTL_HA_EVT_MSG_RECV) {
1285		union ctl_ha_msg *msg, msgbuf;
1286
1287		if (param > sizeof(msgbuf))
1288			msg = malloc(param, M_CTL, M_WAITOK);
1289		else
1290			msg = &msgbuf;
1291		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1292		    M_WAITOK);
1293		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1294			printf("%s: Error receiving message: %d\n",
1295			    __func__, isc_status);
1296			if (msg != &msgbuf)
1297				free(msg, M_CTL);
1298			return;
1299		}
1300
1301		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1302		switch (msg->hdr.msg_type) {
1303		case CTL_MSG_SERIALIZE:
1304			io = ctl_alloc_io(softc->othersc_pool);
1305			ctl_zero_io(io);
1306			// populate ctsio from msg
1307			io->io_hdr.io_type = CTL_IO_SCSI;
1308			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1309			io->io_hdr.original_sc = msg->hdr.original_sc;
1310			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1311					    CTL_FLAG_IO_ACTIVE;
1312			/*
1313			 * If we're in serialization-only mode, we don't
1314			 * want to go through full done processing.  Thus
1315			 * the COPY flag.
1316			 *
1317			 * XXX KDM add another flag that is more specific.
1318			 */
1319			if (softc->ha_mode != CTL_HA_MODE_XFER)
1320				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1321			io->io_hdr.nexus = msg->hdr.nexus;
1322#if 0
1323			printf("port %u, iid %u, lun %u\n",
1324			       io->io_hdr.nexus.targ_port,
1325			       io->io_hdr.nexus.initid,
1326			       io->io_hdr.nexus.targ_lun);
1327#endif
1328			io->scsiio.tag_num = msg->scsi.tag_num;
1329			io->scsiio.tag_type = msg->scsi.tag_type;
1330#ifdef CTL_TIME_IO
1331			io->io_hdr.start_time = time_uptime;
1332			getbinuptime(&io->io_hdr.start_bt);
1333#endif /* CTL_TIME_IO */
1334			io->scsiio.cdb_len = msg->scsi.cdb_len;
1335			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1336			       CTL_MAX_CDBLEN);
1337			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1338				const struct ctl_cmd_entry *entry;
1339
1340				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1341				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1342				io->io_hdr.flags |=
1343					entry->flags & CTL_FLAG_DATA_MASK;
1344			}
1345			ctl_enqueue_isc(io);
1346			break;
1347
1348		/* Performed on the Originating SC, XFER mode only */
1349		case CTL_MSG_DATAMOVE: {
1350			struct ctl_sg_entry *sgl;
1351			int i, j;
1352
1353			io = msg->hdr.original_sc;
1354			if (io == NULL) {
1355				printf("%s: original_sc == NULL!\n", __func__);
1356				/* XXX KDM do something here */
1357				break;
1358			}
1359			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1360			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1361			/*
1362			 * Keep track of this, we need to send it back over
1363			 * when the datamove is complete.
1364			 */
1365			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1366			if (msg->hdr.status == CTL_SUCCESS)
1367				io->io_hdr.status = msg->hdr.status;
1368
1369			if (msg->dt.sg_sequence == 0) {
1370#ifdef CTL_TIME_IO
1371				getbinuptime(&io->io_hdr.dma_start_bt);
1372#endif
1373				i = msg->dt.kern_sg_entries +
1374				    msg->dt.kern_data_len /
1375				    CTL_HA_DATAMOVE_SEGMENT + 1;
1376				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1377				    M_WAITOK | M_ZERO);
1378				io->io_hdr.remote_sglist = sgl;
1379				io->io_hdr.local_sglist =
1380				    &sgl[msg->dt.kern_sg_entries];
1381
1382				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1383
1384				io->scsiio.kern_sg_entries =
1385					msg->dt.kern_sg_entries;
1386				io->scsiio.rem_sg_entries =
1387					msg->dt.kern_sg_entries;
1388				io->scsiio.kern_data_len =
1389					msg->dt.kern_data_len;
1390				io->scsiio.kern_total_len =
1391					msg->dt.kern_total_len;
1392				io->scsiio.kern_data_resid =
1393					msg->dt.kern_data_resid;
1394				io->scsiio.kern_rel_offset =
1395					msg->dt.kern_rel_offset;
1396				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1397				io->io_hdr.flags |= msg->dt.flags &
1398				    CTL_FLAG_BUS_ADDR;
1399			} else
1400				sgl = (struct ctl_sg_entry *)
1401					io->scsiio.kern_data_ptr;
1402
1403			for (i = msg->dt.sent_sg_entries, j = 0;
1404			     i < (msg->dt.sent_sg_entries +
1405			     msg->dt.cur_sg_entries); i++, j++) {
1406				sgl[i].addr = msg->dt.sg_list[j].addr;
1407				sgl[i].len = msg->dt.sg_list[j].len;
1408
1409#if 0
1410				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1411				    __func__, sgl[i].addr, sgl[i].len, j, i);
1412#endif
1413			}
1414
1415			/*
1416			 * If this is the last piece of the I/O, we've got
1417			 * the full S/G list.  Queue processing in the thread.
1418			 * Otherwise wait for the next piece.
1419			 */
1420			if (msg->dt.sg_last != 0)
1421				ctl_enqueue_isc(io);
1422			break;
1423		}
1424		/* Performed on the Serializing (primary) SC, XFER mode only */
1425		case CTL_MSG_DATAMOVE_DONE: {
1426			if (msg->hdr.serializing_sc == NULL) {
1427				printf("%s: serializing_sc == NULL!\n",
1428				       __func__);
1429				/* XXX KDM now what? */
1430				break;
1431			}
1432			/*
1433			 * We grab the sense information here in case
1434			 * there was a failure, so we can return status
1435			 * back to the initiator.
1436			 */
1437			io = msg->hdr.serializing_sc;
1438			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1439			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1440			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1441			io->io_hdr.port_status = msg->scsi.fetd_status;
1442			io->scsiio.residual = msg->scsi.residual;
1443			if (msg->hdr.status != CTL_STATUS_NONE) {
1444				io->io_hdr.status = msg->hdr.status;
1445				io->scsiio.scsi_status = msg->scsi.scsi_status;
1446				io->scsiio.sense_len = msg->scsi.sense_len;
1447				io->scsiio.sense_residual =msg->scsi.sense_residual;
1448				memcpy(&io->scsiio.sense_data,
1449				    &msg->scsi.sense_data,
1450				    msg->scsi.sense_len);
1451				if (msg->hdr.status == CTL_SUCCESS)
1452					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1453			}
1454			ctl_enqueue_isc(io);
1455			break;
1456		}
1457
1458		/* Preformed on Originating SC, SER_ONLY mode */
1459		case CTL_MSG_R2R:
1460			io = msg->hdr.original_sc;
1461			if (io == NULL) {
1462				printf("%s: original_sc == NULL!\n",
1463				    __func__);
1464				break;
1465			}
1466			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1467			io->io_hdr.msg_type = CTL_MSG_R2R;
1468			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1469			ctl_enqueue_isc(io);
1470			break;
1471
1472		/*
1473		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1474		 * mode.
1475		 * Performed on the Originating (i.e. secondary) SC in XFER
1476		 * mode
1477		 */
1478		case CTL_MSG_FINISH_IO:
1479			if (softc->ha_mode == CTL_HA_MODE_XFER)
1480				ctl_isc_handler_finish_xfer(softc, msg);
1481			else
1482				ctl_isc_handler_finish_ser_only(softc, msg);
1483			break;
1484
1485		/* Preformed on Originating SC */
1486		case CTL_MSG_BAD_JUJU:
1487			io = msg->hdr.original_sc;
1488			if (io == NULL) {
1489				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1490				       __func__);
1491				break;
1492			}
1493			ctl_copy_sense_data(msg, io);
1494			/*
1495			 * IO should have already been cleaned up on other
1496			 * SC so clear this flag so we won't send a message
1497			 * back to finish the IO there.
1498			 */
1499			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1500			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1501
1502			/* io = msg->hdr.serializing_sc; */
1503			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1504			ctl_enqueue_isc(io);
1505			break;
1506
1507		/* Handle resets sent from the other side */
1508		case CTL_MSG_MANAGE_TASKS: {
1509			struct ctl_taskio *taskio;
1510			taskio = (struct ctl_taskio *)ctl_alloc_io(
1511			    softc->othersc_pool);
1512			ctl_zero_io((union ctl_io *)taskio);
1513			taskio->io_hdr.io_type = CTL_IO_TASK;
1514			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1515			taskio->io_hdr.nexus = msg->hdr.nexus;
1516			taskio->task_action = msg->task.task_action;
1517			taskio->tag_num = msg->task.tag_num;
1518			taskio->tag_type = msg->task.tag_type;
1519#ifdef CTL_TIME_IO
1520			taskio->io_hdr.start_time = time_uptime;
1521			getbinuptime(&taskio->io_hdr.start_bt);
1522#endif /* CTL_TIME_IO */
1523			ctl_run_task((union ctl_io *)taskio);
1524			break;
1525		}
1526		/* Persistent Reserve action which needs attention */
1527		case CTL_MSG_PERS_ACTION:
1528			presio = (struct ctl_prio *)ctl_alloc_io(
1529			    softc->othersc_pool);
1530			ctl_zero_io((union ctl_io *)presio);
1531			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1532			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1533			presio->io_hdr.nexus = msg->hdr.nexus;
1534			presio->pr_msg = msg->pr;
1535			ctl_enqueue_isc((union ctl_io *)presio);
1536			break;
1537		case CTL_MSG_UA:
1538			ctl_isc_ua(softc, msg, param);
1539			break;
1540		case CTL_MSG_PORT_SYNC:
1541			ctl_isc_port_sync(softc, msg, param);
1542			break;
1543		case CTL_MSG_LUN_SYNC:
1544			ctl_isc_lun_sync(softc, msg, param);
1545			break;
1546		case CTL_MSG_IID_SYNC:
1547			ctl_isc_iid_sync(softc, msg, param);
1548			break;
1549		case CTL_MSG_LOGIN:
1550			ctl_isc_login(softc, msg, param);
1551			break;
1552		case CTL_MSG_MODE_SYNC:
1553			ctl_isc_mode_sync(softc, msg, param);
1554			break;
1555		default:
1556			printf("Received HA message of unknown type %d\n",
1557			    msg->hdr.msg_type);
1558			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1559			break;
1560		}
1561		if (msg != &msgbuf)
1562			free(msg, M_CTL);
1563	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1564		printf("CTL: HA link status changed from %d to %d\n",
1565		    softc->ha_link, param);
1566		if (param == softc->ha_link)
1567			return;
1568		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1569			softc->ha_link = param;
1570			ctl_isc_ha_link_down(softc);
1571		} else {
1572			softc->ha_link = param;
1573			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1574				ctl_isc_ha_link_up(softc);
1575		}
1576		return;
1577	} else {
1578		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1579		return;
1580	}
1581}
1582
1583static void
1584ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1585{
1586
1587	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1588	    src->scsi.sense_len);
1589	dest->scsiio.scsi_status = src->scsi.scsi_status;
1590	dest->scsiio.sense_len = src->scsi.sense_len;
1591	dest->io_hdr.status = src->hdr.status;
1592}
1593
1594static void
1595ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1596{
1597
1598	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1599	    src->scsiio.sense_len);
1600	dest->scsi.scsi_status = src->scsiio.scsi_status;
1601	dest->scsi.sense_len = src->scsiio.sense_len;
1602	dest->hdr.status = src->io_hdr.status;
1603}
1604
1605void
1606ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1607{
1608	struct ctl_softc *softc = lun->ctl_softc;
1609	ctl_ua_type *pu;
1610
1611	if (initidx < softc->init_min || initidx >= softc->init_max)
1612		return;
1613	mtx_assert(&lun->lun_lock, MA_OWNED);
1614	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1615	if (pu == NULL)
1616		return;
1617	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1618}
1619
1620void
1621ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1622{
1623	int i;
1624
1625	mtx_assert(&lun->lun_lock, MA_OWNED);
1626	if (lun->pending_ua[port] == NULL)
1627		return;
1628	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1629		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1630			continue;
1631		lun->pending_ua[port][i] |= ua;
1632	}
1633}
1634
1635void
1636ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1637{
1638	struct ctl_softc *softc = lun->ctl_softc;
1639	int i;
1640
1641	mtx_assert(&lun->lun_lock, MA_OWNED);
1642	for (i = softc->port_min; i < softc->port_max; i++)
1643		ctl_est_ua_port(lun, i, except, ua);
1644}
1645
1646void
1647ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1648{
1649	struct ctl_softc *softc = lun->ctl_softc;
1650	ctl_ua_type *pu;
1651
1652	if (initidx < softc->init_min || initidx >= softc->init_max)
1653		return;
1654	mtx_assert(&lun->lun_lock, MA_OWNED);
1655	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1656	if (pu == NULL)
1657		return;
1658	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1659}
1660
1661void
1662ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1663{
1664	struct ctl_softc *softc = lun->ctl_softc;
1665	int i, j;
1666
1667	mtx_assert(&lun->lun_lock, MA_OWNED);
1668	for (i = softc->port_min; i < softc->port_max; i++) {
1669		if (lun->pending_ua[i] == NULL)
1670			continue;
1671		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1672			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1673				continue;
1674			lun->pending_ua[i][j] &= ~ua;
1675		}
1676	}
1677}
1678
1679void
1680ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1681    ctl_ua_type ua_type)
1682{
1683	struct ctl_lun *lun;
1684
1685	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1686	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1687		mtx_lock(&lun->lun_lock);
1688		ctl_clr_ua(lun, initidx, ua_type);
1689		mtx_unlock(&lun->lun_lock);
1690	}
1691}
1692
1693static int
1694ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1695{
1696	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1697	struct ctl_lun *lun;
1698	struct ctl_lun_req ireq;
1699	int error, value;
1700
1701	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1702	error = sysctl_handle_int(oidp, &value, 0, req);
1703	if ((error != 0) || (req->newptr == NULL))
1704		return (error);
1705
1706	mtx_lock(&softc->ctl_lock);
1707	if (value == 0)
1708		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1709	else
1710		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1711	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1712		mtx_unlock(&softc->ctl_lock);
1713		bzero(&ireq, sizeof(ireq));
1714		ireq.reqtype = CTL_LUNREQ_MODIFY;
1715		ireq.reqdata.modify.lun_id = lun->lun;
1716		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1717		    curthread);
1718		if (ireq.status != CTL_LUN_OK) {
1719			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1720			    __func__, ireq.status, ireq.error_str);
1721		}
1722		mtx_lock(&softc->ctl_lock);
1723	}
1724	mtx_unlock(&softc->ctl_lock);
1725	return (0);
1726}
1727
1728static int
1729ctl_init(void)
1730{
1731	struct ctl_softc *softc;
1732	void *other_pool;
1733	int i, error;
1734
1735	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1736			       M_WAITOK | M_ZERO);
1737
1738	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1739			      "cam/ctl");
1740	softc->dev->si_drv1 = softc;
1741
1742	sysctl_ctx_init(&softc->sysctl_ctx);
1743	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1744		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1745		CTLFLAG_RD, 0, "CAM Target Layer");
1746
1747	if (softc->sysctl_tree == NULL) {
1748		printf("%s: unable to allocate sysctl tree\n", __func__);
1749		destroy_dev(softc->dev);
1750		free(control_softc, M_DEVBUF);
1751		control_softc = NULL;
1752		return (ENOMEM);
1753	}
1754
1755	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1756	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1757	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1758	softc->flags = 0;
1759
1760	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1761	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1762	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1763
1764	/*
1765	 * In Copan's HA scheme, the "master" and "slave" roles are
1766	 * figured out through the slot the controller is in.  Although it
1767	 * is an active/active system, someone has to be in charge.
1768	 */
1769	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1770	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1771	    "HA head ID (0 - no HA)");
1772	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1773		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1774		softc->is_single = 1;
1775		softc->port_cnt = CTL_MAX_PORTS;
1776		softc->port_min = 0;
1777	} else {
1778		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1779		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1780	}
1781	softc->port_max = softc->port_min + softc->port_cnt;
1782	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1783	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1784
1785	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1786	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1787	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1788
1789	STAILQ_INIT(&softc->lun_list);
1790	STAILQ_INIT(&softc->pending_lun_queue);
1791	STAILQ_INIT(&softc->fe_list);
1792	STAILQ_INIT(&softc->port_list);
1793	STAILQ_INIT(&softc->be_list);
1794	ctl_tpc_init(softc);
1795
1796	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1797	                    &other_pool) != 0)
1798	{
1799		printf("ctl: can't allocate %d entry other SC pool, "
1800		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1801		return (ENOMEM);
1802	}
1803	softc->othersc_pool = other_pool;
1804
1805	if (worker_threads <= 0)
1806		worker_threads = max(1, mp_ncpus / 4);
1807	if (worker_threads > CTL_MAX_THREADS)
1808		worker_threads = CTL_MAX_THREADS;
1809
1810	for (i = 0; i < worker_threads; i++) {
1811		struct ctl_thread *thr = &softc->threads[i];
1812
1813		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1814		thr->ctl_softc = softc;
1815		STAILQ_INIT(&thr->incoming_queue);
1816		STAILQ_INIT(&thr->rtr_queue);
1817		STAILQ_INIT(&thr->done_queue);
1818		STAILQ_INIT(&thr->isc_queue);
1819
1820		error = kproc_kthread_add(ctl_work_thread, thr,
1821		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1822		if (error != 0) {
1823			printf("error creating CTL work thread!\n");
1824			ctl_pool_free(other_pool);
1825			return (error);
1826		}
1827	}
1828	error = kproc_kthread_add(ctl_lun_thread, softc,
1829	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1830	if (error != 0) {
1831		printf("error creating CTL lun thread!\n");
1832		ctl_pool_free(other_pool);
1833		return (error);
1834	}
1835	error = kproc_kthread_add(ctl_thresh_thread, softc,
1836	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1837	if (error != 0) {
1838		printf("error creating CTL threshold thread!\n");
1839		ctl_pool_free(other_pool);
1840		return (error);
1841	}
1842
1843	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1844	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1845	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1846
1847	if (softc->is_single == 0) {
1848		ctl_frontend_register(&ha_frontend);
1849		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1850			printf("ctl_init: ctl_ha_msg_init failed.\n");
1851			softc->is_single = 1;
1852		} else
1853		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1854		    != CTL_HA_STATUS_SUCCESS) {
1855			printf("ctl_init: ctl_ha_msg_register failed.\n");
1856			softc->is_single = 1;
1857		}
1858	}
1859	return (0);
1860}
1861
1862void
1863ctl_shutdown(void)
1864{
1865	struct ctl_softc *softc = control_softc;
1866	struct ctl_lun *lun, *next_lun;
1867
1868	if (softc->is_single == 0) {
1869		ctl_ha_msg_shutdown(softc);
1870		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1871		    != CTL_HA_STATUS_SUCCESS)
1872			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1873		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1874			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1875		ctl_frontend_deregister(&ha_frontend);
1876	}
1877
1878	mtx_lock(&softc->ctl_lock);
1879
1880	/*
1881	 * Free up each LUN.
1882	 */
1883	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1884		next_lun = STAILQ_NEXT(lun, links);
1885		ctl_free_lun(lun);
1886	}
1887
1888	mtx_unlock(&softc->ctl_lock);
1889
1890#if 0
1891	ctl_shutdown_thread(softc->work_thread);
1892	mtx_destroy(&softc->queue_lock);
1893#endif
1894
1895	ctl_tpc_shutdown(softc);
1896	uma_zdestroy(softc->io_zone);
1897	mtx_destroy(&softc->ctl_lock);
1898
1899	destroy_dev(softc->dev);
1900
1901	sysctl_ctx_free(&softc->sysctl_ctx);
1902
1903	free(control_softc, M_DEVBUF);
1904	control_softc = NULL;
1905}
1906
1907static int
1908ctl_module_event_handler(module_t mod, int what, void *arg)
1909{
1910
1911	switch (what) {
1912	case MOD_LOAD:
1913		return (ctl_init());
1914	case MOD_UNLOAD:
1915		return (EBUSY);
1916	default:
1917		return (EOPNOTSUPP);
1918	}
1919}
1920
1921/*
1922 * XXX KDM should we do some access checks here?  Bump a reference count to
1923 * prevent a CTL module from being unloaded while someone has it open?
1924 */
1925static int
1926ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1927{
1928	return (0);
1929}
1930
1931static int
1932ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1933{
1934	return (0);
1935}
1936
1937/*
1938 * Remove an initiator by port number and initiator ID.
1939 * Returns 0 for success, -1 for failure.
1940 */
1941int
1942ctl_remove_initiator(struct ctl_port *port, int iid)
1943{
1944	struct ctl_softc *softc = port->ctl_softc;
1945
1946	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1947
1948	if (iid > CTL_MAX_INIT_PER_PORT) {
1949		printf("%s: initiator ID %u > maximun %u!\n",
1950		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1951		return (-1);
1952	}
1953
1954	mtx_lock(&softc->ctl_lock);
1955	port->wwpn_iid[iid].in_use--;
1956	port->wwpn_iid[iid].last_use = time_uptime;
1957	mtx_unlock(&softc->ctl_lock);
1958	ctl_isc_announce_iid(port, iid);
1959
1960	return (0);
1961}
1962
1963/*
1964 * Add an initiator to the initiator map.
1965 * Returns iid for success, < 0 for failure.
1966 */
1967int
1968ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1969{
1970	struct ctl_softc *softc = port->ctl_softc;
1971	time_t best_time;
1972	int i, best;
1973
1974	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1975
1976	if (iid >= CTL_MAX_INIT_PER_PORT) {
1977		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1978		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1979		free(name, M_CTL);
1980		return (-1);
1981	}
1982
1983	mtx_lock(&softc->ctl_lock);
1984
1985	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1986		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1987			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1988				iid = i;
1989				break;
1990			}
1991			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1992			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1993				iid = i;
1994				break;
1995			}
1996		}
1997	}
1998
1999	if (iid < 0) {
2000		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2001			if (port->wwpn_iid[i].in_use == 0 &&
2002			    port->wwpn_iid[i].wwpn == 0 &&
2003			    port->wwpn_iid[i].name == NULL) {
2004				iid = i;
2005				break;
2006			}
2007		}
2008	}
2009
2010	if (iid < 0) {
2011		best = -1;
2012		best_time = INT32_MAX;
2013		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2014			if (port->wwpn_iid[i].in_use == 0) {
2015				if (port->wwpn_iid[i].last_use < best_time) {
2016					best = i;
2017					best_time = port->wwpn_iid[i].last_use;
2018				}
2019			}
2020		}
2021		iid = best;
2022	}
2023
2024	if (iid < 0) {
2025		mtx_unlock(&softc->ctl_lock);
2026		free(name, M_CTL);
2027		return (-2);
2028	}
2029
2030	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2031		/*
2032		 * This is not an error yet.
2033		 */
2034		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2035#if 0
2036			printf("%s: port %d iid %u WWPN %#jx arrived"
2037			    " again\n", __func__, port->targ_port,
2038			    iid, (uintmax_t)wwpn);
2039#endif
2040			goto take;
2041		}
2042		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2043		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2044#if 0
2045			printf("%s: port %d iid %u name '%s' arrived"
2046			    " again\n", __func__, port->targ_port,
2047			    iid, name);
2048#endif
2049			goto take;
2050		}
2051
2052		/*
2053		 * This is an error, but what do we do about it?  The
2054		 * driver is telling us we have a new WWPN for this
2055		 * initiator ID, so we pretty much need to use it.
2056		 */
2057		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2058		    " but WWPN %#jx '%s' is still at that address\n",
2059		    __func__, port->targ_port, iid, wwpn, name,
2060		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2061		    port->wwpn_iid[iid].name);
2062
2063		/*
2064		 * XXX KDM clear have_ca and ua_pending on each LUN for
2065		 * this initiator.
2066		 */
2067	}
2068take:
2069	free(port->wwpn_iid[iid].name, M_CTL);
2070	port->wwpn_iid[iid].name = name;
2071	port->wwpn_iid[iid].wwpn = wwpn;
2072	port->wwpn_iid[iid].in_use++;
2073	mtx_unlock(&softc->ctl_lock);
2074	ctl_isc_announce_iid(port, iid);
2075
2076	return (iid);
2077}
2078
2079static int
2080ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2081{
2082	int len;
2083
2084	switch (port->port_type) {
2085	case CTL_PORT_FC:
2086	{
2087		struct scsi_transportid_fcp *id =
2088		    (struct scsi_transportid_fcp *)buf;
2089		if (port->wwpn_iid[iid].wwpn == 0)
2090			return (0);
2091		memset(id, 0, sizeof(*id));
2092		id->format_protocol = SCSI_PROTO_FC;
2093		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2094		return (sizeof(*id));
2095	}
2096	case CTL_PORT_ISCSI:
2097	{
2098		struct scsi_transportid_iscsi_port *id =
2099		    (struct scsi_transportid_iscsi_port *)buf;
2100		if (port->wwpn_iid[iid].name == NULL)
2101			return (0);
2102		memset(id, 0, 256);
2103		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2104		    SCSI_PROTO_ISCSI;
2105		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2106		len = roundup2(min(len, 252), 4);
2107		scsi_ulto2b(len, id->additional_length);
2108		return (sizeof(*id) + len);
2109	}
2110	case CTL_PORT_SAS:
2111	{
2112		struct scsi_transportid_sas *id =
2113		    (struct scsi_transportid_sas *)buf;
2114		if (port->wwpn_iid[iid].wwpn == 0)
2115			return (0);
2116		memset(id, 0, sizeof(*id));
2117		id->format_protocol = SCSI_PROTO_SAS;
2118		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2119		return (sizeof(*id));
2120	}
2121	default:
2122	{
2123		struct scsi_transportid_spi *id =
2124		    (struct scsi_transportid_spi *)buf;
2125		memset(id, 0, sizeof(*id));
2126		id->format_protocol = SCSI_PROTO_SPI;
2127		scsi_ulto2b(iid, id->scsi_addr);
2128		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2129		return (sizeof(*id));
2130	}
2131	}
2132}
2133
2134/*
2135 * Serialize a command that went down the "wrong" side, and so was sent to
2136 * this controller for execution.  The logic is a little different than the
2137 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2138 * sent back to the other side, but in the success case, we execute the
2139 * command on this side (XFER mode) or tell the other side to execute it
2140 * (SER_ONLY mode).
2141 */
2142static int
2143ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2144{
2145	struct ctl_softc *softc = control_softc;
2146	union ctl_ha_msg msg_info;
2147	struct ctl_port *port;
2148	struct ctl_lun *lun;
2149	const struct ctl_cmd_entry *entry;
2150	int retval = 0;
2151	uint32_t targ_lun;
2152
2153	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2154	mtx_lock(&softc->ctl_lock);
2155
2156	/* Make sure that we know about this port. */
2157	port = ctl_io_port(&ctsio->io_hdr);
2158	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2159		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2160					 /*retry_count*/ 1);
2161		goto badjuju;
2162	}
2163
2164	/* Make sure that we know about this LUN. */
2165	if ((targ_lun < CTL_MAX_LUNS) &&
2166	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2167		mtx_lock(&lun->lun_lock);
2168		mtx_unlock(&softc->ctl_lock);
2169		/*
2170		 * If the LUN is invalid, pretend that it doesn't exist.
2171		 * It will go away as soon as all pending I/O has been
2172		 * completed.
2173		 */
2174		if (lun->flags & CTL_LUN_DISABLED) {
2175			mtx_unlock(&lun->lun_lock);
2176			lun = NULL;
2177		}
2178	} else {
2179		mtx_unlock(&softc->ctl_lock);
2180		lun = NULL;
2181	}
2182	if (lun == NULL) {
2183		/*
2184		 * The other node would not send this request to us unless
2185		 * received announce that we are primary node for this LUN.
2186		 * If this LUN does not exist now, it is probably result of
2187		 * a race, so respond to initiator in the most opaque way.
2188		 */
2189		ctl_set_busy(ctsio);
2190		goto badjuju;
2191	}
2192
2193	entry = ctl_get_cmd_entry(ctsio, NULL);
2194	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2195		mtx_unlock(&lun->lun_lock);
2196		goto badjuju;
2197	}
2198
2199	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2200	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2201
2202	/*
2203	 * Every I/O goes into the OOA queue for a
2204	 * particular LUN, and stays there until completion.
2205	 */
2206#ifdef CTL_TIME_IO
2207	if (TAILQ_EMPTY(&lun->ooa_queue))
2208		lun->idle_time += getsbinuptime() - lun->last_busy;
2209#endif
2210	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2211
2212	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2213		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2214		 ooa_links))) {
2215	case CTL_ACTION_BLOCK:
2216		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2217		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2218				  blocked_links);
2219		mtx_unlock(&lun->lun_lock);
2220		break;
2221	case CTL_ACTION_PASS:
2222	case CTL_ACTION_SKIP:
2223		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2224			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2225			ctl_enqueue_rtr((union ctl_io *)ctsio);
2226			mtx_unlock(&lun->lun_lock);
2227		} else {
2228			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2229			mtx_unlock(&lun->lun_lock);
2230
2231			/* send msg back to other side */
2232			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2233			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2234			msg_info.hdr.msg_type = CTL_MSG_R2R;
2235			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2236			    sizeof(msg_info.hdr), M_WAITOK);
2237		}
2238		break;
2239	case CTL_ACTION_OVERLAP:
2240		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2241		mtx_unlock(&lun->lun_lock);
2242		ctl_set_overlapped_cmd(ctsio);
2243		goto badjuju;
2244	case CTL_ACTION_OVERLAP_TAG:
2245		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2246		mtx_unlock(&lun->lun_lock);
2247		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2248		goto badjuju;
2249	case CTL_ACTION_ERROR:
2250	default:
2251		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2252		mtx_unlock(&lun->lun_lock);
2253
2254		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2255					 /*retry_count*/ 0);
2256badjuju:
2257		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2258		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2259		msg_info.hdr.serializing_sc = NULL;
2260		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2261		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2262		    sizeof(msg_info.scsi), M_WAITOK);
2263		retval = 1;
2264		break;
2265	}
2266	return (retval);
2267}
2268
2269/*
2270 * Returns 0 for success, errno for failure.
2271 */
2272static void
2273ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2274		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2275{
2276	union ctl_io *io;
2277
2278	mtx_lock(&lun->lun_lock);
2279	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2280	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2281	     ooa_links)) {
2282		struct ctl_ooa_entry *entry;
2283
2284		/*
2285		 * If we've got more than we can fit, just count the
2286		 * remaining entries.
2287		 */
2288		if (*cur_fill_num >= ooa_hdr->alloc_num)
2289			continue;
2290
2291		entry = &kern_entries[*cur_fill_num];
2292
2293		entry->tag_num = io->scsiio.tag_num;
2294		entry->lun_num = lun->lun;
2295#ifdef CTL_TIME_IO
2296		entry->start_bt = io->io_hdr.start_bt;
2297#endif
2298		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2299		entry->cdb_len = io->scsiio.cdb_len;
2300		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2301			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2302
2303		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2304			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2305
2306		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2307			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2308
2309		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2310			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2311
2312		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2313			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2314	}
2315	mtx_unlock(&lun->lun_lock);
2316}
2317
2318static void *
2319ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2320		 size_t error_str_len)
2321{
2322	void *kptr;
2323
2324	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2325
2326	if (copyin(user_addr, kptr, len) != 0) {
2327		snprintf(error_str, error_str_len, "Error copying %d bytes "
2328			 "from user address %p to kernel address %p", len,
2329			 user_addr, kptr);
2330		free(kptr, M_CTL);
2331		return (NULL);
2332	}
2333
2334	return (kptr);
2335}
2336
2337static void
2338ctl_free_args(int num_args, struct ctl_be_arg *args)
2339{
2340	int i;
2341
2342	if (args == NULL)
2343		return;
2344
2345	for (i = 0; i < num_args; i++) {
2346		free(args[i].kname, M_CTL);
2347		free(args[i].kvalue, M_CTL);
2348	}
2349
2350	free(args, M_CTL);
2351}
2352
2353static struct ctl_be_arg *
2354ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2355		char *error_str, size_t error_str_len)
2356{
2357	struct ctl_be_arg *args;
2358	int i;
2359
2360	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2361				error_str, error_str_len);
2362
2363	if (args == NULL)
2364		goto bailout;
2365
2366	for (i = 0; i < num_args; i++) {
2367		args[i].kname = NULL;
2368		args[i].kvalue = NULL;
2369	}
2370
2371	for (i = 0; i < num_args; i++) {
2372		uint8_t *tmpptr;
2373
2374		args[i].kname = ctl_copyin_alloc(args[i].name,
2375			args[i].namelen, error_str, error_str_len);
2376		if (args[i].kname == NULL)
2377			goto bailout;
2378
2379		if (args[i].kname[args[i].namelen - 1] != '\0') {
2380			snprintf(error_str, error_str_len, "Argument %d "
2381				 "name is not NUL-terminated", i);
2382			goto bailout;
2383		}
2384
2385		if (args[i].flags & CTL_BEARG_RD) {
2386			tmpptr = ctl_copyin_alloc(args[i].value,
2387				args[i].vallen, error_str, error_str_len);
2388			if (tmpptr == NULL)
2389				goto bailout;
2390			if ((args[i].flags & CTL_BEARG_ASCII)
2391			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2392				snprintf(error_str, error_str_len, "Argument "
2393				    "%d value is not NUL-terminated", i);
2394				goto bailout;
2395			}
2396			args[i].kvalue = tmpptr;
2397		} else {
2398			args[i].kvalue = malloc(args[i].vallen,
2399			    M_CTL, M_WAITOK | M_ZERO);
2400		}
2401	}
2402
2403	return (args);
2404bailout:
2405
2406	ctl_free_args(num_args, args);
2407
2408	return (NULL);
2409}
2410
2411static void
2412ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2413{
2414	int i;
2415
2416	for (i = 0; i < num_args; i++) {
2417		if (args[i].flags & CTL_BEARG_WR)
2418			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2419	}
2420}
2421
2422/*
2423 * Escape characters that are illegal or not recommended in XML.
2424 */
2425int
2426ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2427{
2428	char *end = str + size;
2429	int retval;
2430
2431	retval = 0;
2432
2433	for (; *str && str < end; str++) {
2434		switch (*str) {
2435		case '&':
2436			retval = sbuf_printf(sb, "&amp;");
2437			break;
2438		case '>':
2439			retval = sbuf_printf(sb, "&gt;");
2440			break;
2441		case '<':
2442			retval = sbuf_printf(sb, "&lt;");
2443			break;
2444		default:
2445			retval = sbuf_putc(sb, *str);
2446			break;
2447		}
2448
2449		if (retval != 0)
2450			break;
2451
2452	}
2453
2454	return (retval);
2455}
2456
2457static void
2458ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2459{
2460	struct scsi_vpd_id_descriptor *desc;
2461	int i;
2462
2463	if (id == NULL || id->len < 4)
2464		return;
2465	desc = (struct scsi_vpd_id_descriptor *)id->data;
2466	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2467	case SVPD_ID_TYPE_T10:
2468		sbuf_printf(sb, "t10.");
2469		break;
2470	case SVPD_ID_TYPE_EUI64:
2471		sbuf_printf(sb, "eui.");
2472		break;
2473	case SVPD_ID_TYPE_NAA:
2474		sbuf_printf(sb, "naa.");
2475		break;
2476	case SVPD_ID_TYPE_SCSI_NAME:
2477		break;
2478	}
2479	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2480	case SVPD_ID_CODESET_BINARY:
2481		for (i = 0; i < desc->length; i++)
2482			sbuf_printf(sb, "%02x", desc->identifier[i]);
2483		break;
2484	case SVPD_ID_CODESET_ASCII:
2485		sbuf_printf(sb, "%.*s", (int)desc->length,
2486		    (char *)desc->identifier);
2487		break;
2488	case SVPD_ID_CODESET_UTF8:
2489		sbuf_printf(sb, "%s", (char *)desc->identifier);
2490		break;
2491	}
2492}
2493
2494static int
2495ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2496	  struct thread *td)
2497{
2498	struct ctl_softc *softc = dev->si_drv1;
2499	struct ctl_lun *lun;
2500	int retval;
2501
2502	retval = 0;
2503
2504	switch (cmd) {
2505	case CTL_IO:
2506		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2507		break;
2508	case CTL_ENABLE_PORT:
2509	case CTL_DISABLE_PORT:
2510	case CTL_SET_PORT_WWNS: {
2511		struct ctl_port *port;
2512		struct ctl_port_entry *entry;
2513
2514		entry = (struct ctl_port_entry *)addr;
2515
2516		mtx_lock(&softc->ctl_lock);
2517		STAILQ_FOREACH(port, &softc->port_list, links) {
2518			int action, done;
2519
2520			if (port->targ_port < softc->port_min ||
2521			    port->targ_port >= softc->port_max)
2522				continue;
2523
2524			action = 0;
2525			done = 0;
2526			if ((entry->port_type == CTL_PORT_NONE)
2527			 && (entry->targ_port == port->targ_port)) {
2528				/*
2529				 * If the user only wants to enable or
2530				 * disable or set WWNs on a specific port,
2531				 * do the operation and we're done.
2532				 */
2533				action = 1;
2534				done = 1;
2535			} else if (entry->port_type & port->port_type) {
2536				/*
2537				 * Compare the user's type mask with the
2538				 * particular frontend type to see if we
2539				 * have a match.
2540				 */
2541				action = 1;
2542				done = 0;
2543
2544				/*
2545				 * Make sure the user isn't trying to set
2546				 * WWNs on multiple ports at the same time.
2547				 */
2548				if (cmd == CTL_SET_PORT_WWNS) {
2549					printf("%s: Can't set WWNs on "
2550					       "multiple ports\n", __func__);
2551					retval = EINVAL;
2552					break;
2553				}
2554			}
2555			if (action == 0)
2556				continue;
2557
2558			/*
2559			 * XXX KDM we have to drop the lock here, because
2560			 * the online/offline operations can potentially
2561			 * block.  We need to reference count the frontends
2562			 * so they can't go away,
2563			 */
2564			if (cmd == CTL_ENABLE_PORT) {
2565				mtx_unlock(&softc->ctl_lock);
2566				ctl_port_online(port);
2567				mtx_lock(&softc->ctl_lock);
2568			} else if (cmd == CTL_DISABLE_PORT) {
2569				mtx_unlock(&softc->ctl_lock);
2570				ctl_port_offline(port);
2571				mtx_lock(&softc->ctl_lock);
2572			} else if (cmd == CTL_SET_PORT_WWNS) {
2573				ctl_port_set_wwns(port,
2574				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2575				    1 : 0, entry->wwnn,
2576				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2577				    1 : 0, entry->wwpn);
2578			}
2579			if (done != 0)
2580				break;
2581		}
2582		mtx_unlock(&softc->ctl_lock);
2583		break;
2584	}
2585	case CTL_GET_OOA: {
2586		struct ctl_ooa *ooa_hdr;
2587		struct ctl_ooa_entry *entries;
2588		uint32_t cur_fill_num;
2589
2590		ooa_hdr = (struct ctl_ooa *)addr;
2591
2592		if ((ooa_hdr->alloc_len == 0)
2593		 || (ooa_hdr->alloc_num == 0)) {
2594			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2595			       "must be non-zero\n", __func__,
2596			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2597			retval = EINVAL;
2598			break;
2599		}
2600
2601		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2602		    sizeof(struct ctl_ooa_entry))) {
2603			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2604			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2605			       __func__, ooa_hdr->alloc_len,
2606			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2607			retval = EINVAL;
2608			break;
2609		}
2610
2611		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2612		if (entries == NULL) {
2613			printf("%s: could not allocate %d bytes for OOA "
2614			       "dump\n", __func__, ooa_hdr->alloc_len);
2615			retval = ENOMEM;
2616			break;
2617		}
2618
2619		mtx_lock(&softc->ctl_lock);
2620		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2621		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2622		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2623			mtx_unlock(&softc->ctl_lock);
2624			free(entries, M_CTL);
2625			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2626			       __func__, (uintmax_t)ooa_hdr->lun_num);
2627			retval = EINVAL;
2628			break;
2629		}
2630
2631		cur_fill_num = 0;
2632
2633		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2634			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2635				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2636				    ooa_hdr, entries);
2637			}
2638		} else {
2639			lun = softc->ctl_luns[ooa_hdr->lun_num];
2640			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2641			    entries);
2642		}
2643		mtx_unlock(&softc->ctl_lock);
2644
2645		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2646		ooa_hdr->fill_len = ooa_hdr->fill_num *
2647			sizeof(struct ctl_ooa_entry);
2648		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2649		if (retval != 0) {
2650			printf("%s: error copying out %d bytes for OOA dump\n",
2651			       __func__, ooa_hdr->fill_len);
2652		}
2653
2654		getbinuptime(&ooa_hdr->cur_bt);
2655
2656		if (cur_fill_num > ooa_hdr->alloc_num) {
2657			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2658			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2659		} else {
2660			ooa_hdr->dropped_num = 0;
2661			ooa_hdr->status = CTL_OOA_OK;
2662		}
2663
2664		free(entries, M_CTL);
2665		break;
2666	}
2667	case CTL_DELAY_IO: {
2668		struct ctl_io_delay_info *delay_info;
2669
2670		delay_info = (struct ctl_io_delay_info *)addr;
2671
2672#ifdef CTL_IO_DELAY
2673		mtx_lock(&softc->ctl_lock);
2674
2675		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2676		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2677			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2678		} else {
2679			lun = softc->ctl_luns[delay_info->lun_id];
2680			mtx_lock(&lun->lun_lock);
2681
2682			delay_info->status = CTL_DELAY_STATUS_OK;
2683
2684			switch (delay_info->delay_type) {
2685			case CTL_DELAY_TYPE_CONT:
2686				break;
2687			case CTL_DELAY_TYPE_ONESHOT:
2688				break;
2689			default:
2690				delay_info->status =
2691					CTL_DELAY_STATUS_INVALID_TYPE;
2692				break;
2693			}
2694
2695			switch (delay_info->delay_loc) {
2696			case CTL_DELAY_LOC_DATAMOVE:
2697				lun->delay_info.datamove_type =
2698					delay_info->delay_type;
2699				lun->delay_info.datamove_delay =
2700					delay_info->delay_secs;
2701				break;
2702			case CTL_DELAY_LOC_DONE:
2703				lun->delay_info.done_type =
2704					delay_info->delay_type;
2705				lun->delay_info.done_delay =
2706					delay_info->delay_secs;
2707				break;
2708			default:
2709				delay_info->status =
2710					CTL_DELAY_STATUS_INVALID_LOC;
2711				break;
2712			}
2713			mtx_unlock(&lun->lun_lock);
2714		}
2715
2716		mtx_unlock(&softc->ctl_lock);
2717#else
2718		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2719#endif /* CTL_IO_DELAY */
2720		break;
2721	}
2722	case CTL_GETSTATS: {
2723		struct ctl_stats *stats;
2724		int i;
2725
2726		stats = (struct ctl_stats *)addr;
2727
2728		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2729		     stats->alloc_len) {
2730			stats->status = CTL_SS_NEED_MORE_SPACE;
2731			stats->num_luns = softc->num_luns;
2732			break;
2733		}
2734		/*
2735		 * XXX KDM no locking here.  If the LUN list changes,
2736		 * things can blow up.
2737		 */
2738		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2739		     i++, lun = STAILQ_NEXT(lun, links)) {
2740			retval = copyout(&lun->stats, &stats->lun_stats[i],
2741					 sizeof(lun->stats));
2742			if (retval != 0)
2743				break;
2744		}
2745		stats->num_luns = softc->num_luns;
2746		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2747				 softc->num_luns;
2748		stats->status = CTL_SS_OK;
2749#ifdef CTL_TIME_IO
2750		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2751#else
2752		stats->flags = CTL_STATS_FLAG_NONE;
2753#endif
2754		getnanouptime(&stats->timestamp);
2755		break;
2756	}
2757	case CTL_ERROR_INJECT: {
2758		struct ctl_error_desc *err_desc, *new_err_desc;
2759
2760		err_desc = (struct ctl_error_desc *)addr;
2761
2762		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2763				      M_WAITOK | M_ZERO);
2764		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2765
2766		mtx_lock(&softc->ctl_lock);
2767		lun = softc->ctl_luns[err_desc->lun_id];
2768		if (lun == NULL) {
2769			mtx_unlock(&softc->ctl_lock);
2770			free(new_err_desc, M_CTL);
2771			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2772			       __func__, (uintmax_t)err_desc->lun_id);
2773			retval = EINVAL;
2774			break;
2775		}
2776		mtx_lock(&lun->lun_lock);
2777		mtx_unlock(&softc->ctl_lock);
2778
2779		/*
2780		 * We could do some checking here to verify the validity
2781		 * of the request, but given the complexity of error
2782		 * injection requests, the checking logic would be fairly
2783		 * complex.
2784		 *
2785		 * For now, if the request is invalid, it just won't get
2786		 * executed and might get deleted.
2787		 */
2788		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2789
2790		/*
2791		 * XXX KDM check to make sure the serial number is unique,
2792		 * in case we somehow manage to wrap.  That shouldn't
2793		 * happen for a very long time, but it's the right thing to
2794		 * do.
2795		 */
2796		new_err_desc->serial = lun->error_serial;
2797		err_desc->serial = lun->error_serial;
2798		lun->error_serial++;
2799
2800		mtx_unlock(&lun->lun_lock);
2801		break;
2802	}
2803	case CTL_ERROR_INJECT_DELETE: {
2804		struct ctl_error_desc *delete_desc, *desc, *desc2;
2805		int delete_done;
2806
2807		delete_desc = (struct ctl_error_desc *)addr;
2808		delete_done = 0;
2809
2810		mtx_lock(&softc->ctl_lock);
2811		lun = softc->ctl_luns[delete_desc->lun_id];
2812		if (lun == NULL) {
2813			mtx_unlock(&softc->ctl_lock);
2814			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2815			       __func__, (uintmax_t)delete_desc->lun_id);
2816			retval = EINVAL;
2817			break;
2818		}
2819		mtx_lock(&lun->lun_lock);
2820		mtx_unlock(&softc->ctl_lock);
2821		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2822			if (desc->serial != delete_desc->serial)
2823				continue;
2824
2825			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2826				      links);
2827			free(desc, M_CTL);
2828			delete_done = 1;
2829		}
2830		mtx_unlock(&lun->lun_lock);
2831		if (delete_done == 0) {
2832			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2833			       "error serial %ju on LUN %u\n", __func__,
2834			       delete_desc->serial, delete_desc->lun_id);
2835			retval = EINVAL;
2836			break;
2837		}
2838		break;
2839	}
2840	case CTL_DUMP_STRUCTS: {
2841		int i, j, k;
2842		struct ctl_port *port;
2843		struct ctl_frontend *fe;
2844
2845		mtx_lock(&softc->ctl_lock);
2846		printf("CTL Persistent Reservation information start:\n");
2847		for (i = 0; i < CTL_MAX_LUNS; i++) {
2848			lun = softc->ctl_luns[i];
2849
2850			if ((lun == NULL)
2851			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2852				continue;
2853
2854			for (j = 0; j < CTL_MAX_PORTS; j++) {
2855				if (lun->pr_keys[j] == NULL)
2856					continue;
2857				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2858					if (lun->pr_keys[j][k] == 0)
2859						continue;
2860					printf("  LUN %d port %d iid %d key "
2861					       "%#jx\n", i, j, k,
2862					       (uintmax_t)lun->pr_keys[j][k]);
2863				}
2864			}
2865		}
2866		printf("CTL Persistent Reservation information end\n");
2867		printf("CTL Ports:\n");
2868		STAILQ_FOREACH(port, &softc->port_list, links) {
2869			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2870			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2871			       port->frontend->name, port->port_type,
2872			       port->physical_port, port->virtual_port,
2873			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2874			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2875				if (port->wwpn_iid[j].in_use == 0 &&
2876				    port->wwpn_iid[j].wwpn == 0 &&
2877				    port->wwpn_iid[j].name == NULL)
2878					continue;
2879
2880				printf("    iid %u use %d WWPN %#jx '%s'\n",
2881				    j, port->wwpn_iid[j].in_use,
2882				    (uintmax_t)port->wwpn_iid[j].wwpn,
2883				    port->wwpn_iid[j].name);
2884			}
2885		}
2886		printf("CTL Port information end\n");
2887		mtx_unlock(&softc->ctl_lock);
2888		/*
2889		 * XXX KDM calling this without a lock.  We'd likely want
2890		 * to drop the lock before calling the frontend's dump
2891		 * routine anyway.
2892		 */
2893		printf("CTL Frontends:\n");
2894		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2895			printf("  Frontend '%s'\n", fe->name);
2896			if (fe->fe_dump != NULL)
2897				fe->fe_dump();
2898		}
2899		printf("CTL Frontend information end\n");
2900		break;
2901	}
2902	case CTL_LUN_REQ: {
2903		struct ctl_lun_req *lun_req;
2904		struct ctl_backend_driver *backend;
2905
2906		lun_req = (struct ctl_lun_req *)addr;
2907
2908		backend = ctl_backend_find(lun_req->backend);
2909		if (backend == NULL) {
2910			lun_req->status = CTL_LUN_ERROR;
2911			snprintf(lun_req->error_str,
2912				 sizeof(lun_req->error_str),
2913				 "Backend \"%s\" not found.",
2914				 lun_req->backend);
2915			break;
2916		}
2917		if (lun_req->num_be_args > 0) {
2918			lun_req->kern_be_args = ctl_copyin_args(
2919				lun_req->num_be_args,
2920				lun_req->be_args,
2921				lun_req->error_str,
2922				sizeof(lun_req->error_str));
2923			if (lun_req->kern_be_args == NULL) {
2924				lun_req->status = CTL_LUN_ERROR;
2925				break;
2926			}
2927		}
2928
2929		retval = backend->ioctl(dev, cmd, addr, flag, td);
2930
2931		if (lun_req->num_be_args > 0) {
2932			ctl_copyout_args(lun_req->num_be_args,
2933				      lun_req->kern_be_args);
2934			ctl_free_args(lun_req->num_be_args,
2935				      lun_req->kern_be_args);
2936		}
2937		break;
2938	}
2939	case CTL_LUN_LIST: {
2940		struct sbuf *sb;
2941		struct ctl_lun_list *list;
2942		struct ctl_option *opt;
2943
2944		list = (struct ctl_lun_list *)addr;
2945
2946		/*
2947		 * Allocate a fixed length sbuf here, based on the length
2948		 * of the user's buffer.  We could allocate an auto-extending
2949		 * buffer, and then tell the user how much larger our
2950		 * amount of data is than his buffer, but that presents
2951		 * some problems:
2952		 *
2953		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2954		 *     we can't hold a lock while calling them with an
2955		 *     auto-extending buffer.
2956 		 *
2957		 * 2.  There is not currently a LUN reference counting
2958		 *     mechanism, outside of outstanding transactions on
2959		 *     the LUN's OOA queue.  So a LUN could go away on us
2960		 *     while we're getting the LUN number, backend-specific
2961		 *     information, etc.  Thus, given the way things
2962		 *     currently work, we need to hold the CTL lock while
2963		 *     grabbing LUN information.
2964		 *
2965		 * So, from the user's standpoint, the best thing to do is
2966		 * allocate what he thinks is a reasonable buffer length,
2967		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2968		 * double the buffer length and try again.  (And repeat
2969		 * that until he succeeds.)
2970		 */
2971		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2972		if (sb == NULL) {
2973			list->status = CTL_LUN_LIST_ERROR;
2974			snprintf(list->error_str, sizeof(list->error_str),
2975				 "Unable to allocate %d bytes for LUN list",
2976				 list->alloc_len);
2977			break;
2978		}
2979
2980		sbuf_printf(sb, "<ctllunlist>\n");
2981
2982		mtx_lock(&softc->ctl_lock);
2983		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2984			mtx_lock(&lun->lun_lock);
2985			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2986					     (uintmax_t)lun->lun);
2987
2988			/*
2989			 * Bail out as soon as we see that we've overfilled
2990			 * the buffer.
2991			 */
2992			if (retval != 0)
2993				break;
2994
2995			retval = sbuf_printf(sb, "\t<backend_type>%s"
2996					     "</backend_type>\n",
2997					     (lun->backend == NULL) ?  "none" :
2998					     lun->backend->name);
2999
3000			if (retval != 0)
3001				break;
3002
3003			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3004					     lun->be_lun->lun_type);
3005
3006			if (retval != 0)
3007				break;
3008
3009			if (lun->backend == NULL) {
3010				retval = sbuf_printf(sb, "</lun>\n");
3011				if (retval != 0)
3012					break;
3013				continue;
3014			}
3015
3016			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3017					     (lun->be_lun->maxlba > 0) ?
3018					     lun->be_lun->maxlba + 1 : 0);
3019
3020			if (retval != 0)
3021				break;
3022
3023			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3024					     lun->be_lun->blocksize);
3025
3026			if (retval != 0)
3027				break;
3028
3029			retval = sbuf_printf(sb, "\t<serial_number>");
3030
3031			if (retval != 0)
3032				break;
3033
3034			retval = ctl_sbuf_printf_esc(sb,
3035			    lun->be_lun->serial_num,
3036			    sizeof(lun->be_lun->serial_num));
3037
3038			if (retval != 0)
3039				break;
3040
3041			retval = sbuf_printf(sb, "</serial_number>\n");
3042
3043			if (retval != 0)
3044				break;
3045
3046			retval = sbuf_printf(sb, "\t<device_id>");
3047
3048			if (retval != 0)
3049				break;
3050
3051			retval = ctl_sbuf_printf_esc(sb,
3052			    lun->be_lun->device_id,
3053			    sizeof(lun->be_lun->device_id));
3054
3055			if (retval != 0)
3056				break;
3057
3058			retval = sbuf_printf(sb, "</device_id>\n");
3059
3060			if (retval != 0)
3061				break;
3062
3063			if (lun->backend->lun_info != NULL) {
3064				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3065				if (retval != 0)
3066					break;
3067			}
3068			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3069				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3070				    opt->name, opt->value, opt->name);
3071				if (retval != 0)
3072					break;
3073			}
3074
3075			retval = sbuf_printf(sb, "</lun>\n");
3076
3077			if (retval != 0)
3078				break;
3079			mtx_unlock(&lun->lun_lock);
3080		}
3081		if (lun != NULL)
3082			mtx_unlock(&lun->lun_lock);
3083		mtx_unlock(&softc->ctl_lock);
3084
3085		if ((retval != 0)
3086		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3087			retval = 0;
3088			sbuf_delete(sb);
3089			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3090			snprintf(list->error_str, sizeof(list->error_str),
3091				 "Out of space, %d bytes is too small",
3092				 list->alloc_len);
3093			break;
3094		}
3095
3096		sbuf_finish(sb);
3097
3098		retval = copyout(sbuf_data(sb), list->lun_xml,
3099				 sbuf_len(sb) + 1);
3100
3101		list->fill_len = sbuf_len(sb) + 1;
3102		list->status = CTL_LUN_LIST_OK;
3103		sbuf_delete(sb);
3104		break;
3105	}
3106	case CTL_ISCSI: {
3107		struct ctl_iscsi *ci;
3108		struct ctl_frontend *fe;
3109
3110		ci = (struct ctl_iscsi *)addr;
3111
3112		fe = ctl_frontend_find("iscsi");
3113		if (fe == NULL) {
3114			ci->status = CTL_ISCSI_ERROR;
3115			snprintf(ci->error_str, sizeof(ci->error_str),
3116			    "Frontend \"iscsi\" not found.");
3117			break;
3118		}
3119
3120		retval = fe->ioctl(dev, cmd, addr, flag, td);
3121		break;
3122	}
3123	case CTL_PORT_REQ: {
3124		struct ctl_req *req;
3125		struct ctl_frontend *fe;
3126
3127		req = (struct ctl_req *)addr;
3128
3129		fe = ctl_frontend_find(req->driver);
3130		if (fe == NULL) {
3131			req->status = CTL_LUN_ERROR;
3132			snprintf(req->error_str, sizeof(req->error_str),
3133			    "Frontend \"%s\" not found.", req->driver);
3134			break;
3135		}
3136		if (req->num_args > 0) {
3137			req->kern_args = ctl_copyin_args(req->num_args,
3138			    req->args, req->error_str, sizeof(req->error_str));
3139			if (req->kern_args == NULL) {
3140				req->status = CTL_LUN_ERROR;
3141				break;
3142			}
3143		}
3144
3145		if (fe->ioctl)
3146			retval = fe->ioctl(dev, cmd, addr, flag, td);
3147		else
3148			retval = ENODEV;
3149
3150		if (req->num_args > 0) {
3151			ctl_copyout_args(req->num_args, req->kern_args);
3152			ctl_free_args(req->num_args, req->kern_args);
3153		}
3154		break;
3155	}
3156	case CTL_PORT_LIST: {
3157		struct sbuf *sb;
3158		struct ctl_port *port;
3159		struct ctl_lun_list *list;
3160		struct ctl_option *opt;
3161		int j;
3162		uint32_t plun;
3163
3164		list = (struct ctl_lun_list *)addr;
3165
3166		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3167		if (sb == NULL) {
3168			list->status = CTL_LUN_LIST_ERROR;
3169			snprintf(list->error_str, sizeof(list->error_str),
3170				 "Unable to allocate %d bytes for LUN list",
3171				 list->alloc_len);
3172			break;
3173		}
3174
3175		sbuf_printf(sb, "<ctlportlist>\n");
3176
3177		mtx_lock(&softc->ctl_lock);
3178		STAILQ_FOREACH(port, &softc->port_list, links) {
3179			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3180					     (uintmax_t)port->targ_port);
3181
3182			/*
3183			 * Bail out as soon as we see that we've overfilled
3184			 * the buffer.
3185			 */
3186			if (retval != 0)
3187				break;
3188
3189			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3190			    "</frontend_type>\n", port->frontend->name);
3191			if (retval != 0)
3192				break;
3193
3194			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3195					     port->port_type);
3196			if (retval != 0)
3197				break;
3198
3199			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3200			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3201			if (retval != 0)
3202				break;
3203
3204			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3205			    port->port_name);
3206			if (retval != 0)
3207				break;
3208
3209			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3210			    port->physical_port);
3211			if (retval != 0)
3212				break;
3213
3214			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3215			    port->virtual_port);
3216			if (retval != 0)
3217				break;
3218
3219			if (port->target_devid != NULL) {
3220				sbuf_printf(sb, "\t<target>");
3221				ctl_id_sbuf(port->target_devid, sb);
3222				sbuf_printf(sb, "</target>\n");
3223			}
3224
3225			if (port->port_devid != NULL) {
3226				sbuf_printf(sb, "\t<port>");
3227				ctl_id_sbuf(port->port_devid, sb);
3228				sbuf_printf(sb, "</port>\n");
3229			}
3230
3231			if (port->port_info != NULL) {
3232				retval = port->port_info(port->onoff_arg, sb);
3233				if (retval != 0)
3234					break;
3235			}
3236			STAILQ_FOREACH(opt, &port->options, links) {
3237				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3238				    opt->name, opt->value, opt->name);
3239				if (retval != 0)
3240					break;
3241			}
3242
3243			if (port->lun_map != NULL) {
3244				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3245				for (j = 0; j < CTL_MAX_LUNS; j++) {
3246					plun = ctl_lun_map_from_port(port, j);
3247					if (plun >= CTL_MAX_LUNS)
3248						continue;
3249					sbuf_printf(sb,
3250					    "\t<lun id=\"%u\">%u</lun>\n",
3251					    j, plun);
3252				}
3253			}
3254
3255			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3256				if (port->wwpn_iid[j].in_use == 0 ||
3257				    (port->wwpn_iid[j].wwpn == 0 &&
3258				     port->wwpn_iid[j].name == NULL))
3259					continue;
3260
3261				if (port->wwpn_iid[j].name != NULL)
3262					retval = sbuf_printf(sb,
3263					    "\t<initiator id=\"%u\">%s</initiator>\n",
3264					    j, port->wwpn_iid[j].name);
3265				else
3266					retval = sbuf_printf(sb,
3267					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3268					    j, port->wwpn_iid[j].wwpn);
3269				if (retval != 0)
3270					break;
3271			}
3272			if (retval != 0)
3273				break;
3274
3275			retval = sbuf_printf(sb, "</targ_port>\n");
3276			if (retval != 0)
3277				break;
3278		}
3279		mtx_unlock(&softc->ctl_lock);
3280
3281		if ((retval != 0)
3282		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3283			retval = 0;
3284			sbuf_delete(sb);
3285			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3286			snprintf(list->error_str, sizeof(list->error_str),
3287				 "Out of space, %d bytes is too small",
3288				 list->alloc_len);
3289			break;
3290		}
3291
3292		sbuf_finish(sb);
3293
3294		retval = copyout(sbuf_data(sb), list->lun_xml,
3295				 sbuf_len(sb) + 1);
3296
3297		list->fill_len = sbuf_len(sb) + 1;
3298		list->status = CTL_LUN_LIST_OK;
3299		sbuf_delete(sb);
3300		break;
3301	}
3302	case CTL_LUN_MAP: {
3303		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3304		struct ctl_port *port;
3305
3306		mtx_lock(&softc->ctl_lock);
3307		if (lm->port < softc->port_min ||
3308		    lm->port >= softc->port_max ||
3309		    (port = softc->ctl_ports[lm->port]) == NULL) {
3310			mtx_unlock(&softc->ctl_lock);
3311			return (ENXIO);
3312		}
3313		if (port->status & CTL_PORT_STATUS_ONLINE) {
3314			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3315				if (ctl_lun_map_to_port(port, lun->lun) >=
3316				    CTL_MAX_LUNS)
3317					continue;
3318				mtx_lock(&lun->lun_lock);
3319				ctl_est_ua_port(lun, lm->port, -1,
3320				    CTL_UA_LUN_CHANGE);
3321				mtx_unlock(&lun->lun_lock);
3322			}
3323		}
3324		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3325		if (lm->plun < CTL_MAX_LUNS) {
3326			if (lm->lun == UINT32_MAX)
3327				retval = ctl_lun_map_unset(port, lm->plun);
3328			else if (lm->lun < CTL_MAX_LUNS &&
3329			    softc->ctl_luns[lm->lun] != NULL)
3330				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3331			else
3332				return (ENXIO);
3333		} else if (lm->plun == UINT32_MAX) {
3334			if (lm->lun == UINT32_MAX)
3335				retval = ctl_lun_map_deinit(port);
3336			else
3337				retval = ctl_lun_map_init(port);
3338		} else
3339			return (ENXIO);
3340		if (port->status & CTL_PORT_STATUS_ONLINE)
3341			ctl_isc_announce_port(port);
3342		break;
3343	}
3344	default: {
3345		/* XXX KDM should we fix this? */
3346#if 0
3347		struct ctl_backend_driver *backend;
3348		unsigned int type;
3349		int found;
3350
3351		found = 0;
3352
3353		/*
3354		 * We encode the backend type as the ioctl type for backend
3355		 * ioctls.  So parse it out here, and then search for a
3356		 * backend of this type.
3357		 */
3358		type = _IOC_TYPE(cmd);
3359
3360		STAILQ_FOREACH(backend, &softc->be_list, links) {
3361			if (backend->type == type) {
3362				found = 1;
3363				break;
3364			}
3365		}
3366		if (found == 0) {
3367			printf("ctl: unknown ioctl command %#lx or backend "
3368			       "%d\n", cmd, type);
3369			retval = EINVAL;
3370			break;
3371		}
3372		retval = backend->ioctl(dev, cmd, addr, flag, td);
3373#endif
3374		retval = ENOTTY;
3375		break;
3376	}
3377	}
3378	return (retval);
3379}
3380
3381uint32_t
3382ctl_get_initindex(struct ctl_nexus *nexus)
3383{
3384	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3385}
3386
3387int
3388ctl_lun_map_init(struct ctl_port *port)
3389{
3390	struct ctl_softc *softc = port->ctl_softc;
3391	struct ctl_lun *lun;
3392	uint32_t i;
3393
3394	if (port->lun_map == NULL)
3395		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3396		    M_CTL, M_NOWAIT);
3397	if (port->lun_map == NULL)
3398		return (ENOMEM);
3399	for (i = 0; i < CTL_MAX_LUNS; i++)
3400		port->lun_map[i] = UINT32_MAX;
3401	if (port->status & CTL_PORT_STATUS_ONLINE) {
3402		if (port->lun_disable != NULL) {
3403			STAILQ_FOREACH(lun, &softc->lun_list, links)
3404				port->lun_disable(port->targ_lun_arg, lun->lun);
3405		}
3406		ctl_isc_announce_port(port);
3407	}
3408	return (0);
3409}
3410
3411int
3412ctl_lun_map_deinit(struct ctl_port *port)
3413{
3414	struct ctl_softc *softc = port->ctl_softc;
3415	struct ctl_lun *lun;
3416
3417	if (port->lun_map == NULL)
3418		return (0);
3419	free(port->lun_map, M_CTL);
3420	port->lun_map = NULL;
3421	if (port->status & CTL_PORT_STATUS_ONLINE) {
3422		if (port->lun_enable != NULL) {
3423			STAILQ_FOREACH(lun, &softc->lun_list, links)
3424				port->lun_enable(port->targ_lun_arg, lun->lun);
3425		}
3426		ctl_isc_announce_port(port);
3427	}
3428	return (0);
3429}
3430
3431int
3432ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3433{
3434	int status;
3435	uint32_t old;
3436
3437	if (port->lun_map == NULL) {
3438		status = ctl_lun_map_init(port);
3439		if (status != 0)
3440			return (status);
3441	}
3442	old = port->lun_map[plun];
3443	port->lun_map[plun] = glun;
3444	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3445		if (port->lun_enable != NULL)
3446			port->lun_enable(port->targ_lun_arg, plun);
3447		ctl_isc_announce_port(port);
3448	}
3449	return (0);
3450}
3451
3452int
3453ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3454{
3455	uint32_t old;
3456
3457	if (port->lun_map == NULL)
3458		return (0);
3459	old = port->lun_map[plun];
3460	port->lun_map[plun] = UINT32_MAX;
3461	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3462		if (port->lun_disable != NULL)
3463			port->lun_disable(port->targ_lun_arg, plun);
3464		ctl_isc_announce_port(port);
3465	}
3466	return (0);
3467}
3468
3469uint32_t
3470ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3471{
3472
3473	if (port == NULL)
3474		return (UINT32_MAX);
3475	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3476		return (lun_id);
3477	return (port->lun_map[lun_id]);
3478}
3479
3480uint32_t
3481ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3482{
3483	uint32_t i;
3484
3485	if (port == NULL)
3486		return (UINT32_MAX);
3487	if (port->lun_map == NULL)
3488		return (lun_id);
3489	for (i = 0; i < CTL_MAX_LUNS; i++) {
3490		if (port->lun_map[i] == lun_id)
3491			return (i);
3492	}
3493	return (UINT32_MAX);
3494}
3495
3496static struct ctl_port *
3497ctl_io_port(struct ctl_io_hdr *io_hdr)
3498{
3499
3500	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3501}
3502
3503int
3504ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3505{
3506	int i;
3507
3508	for (i = first; i < last; i++) {
3509		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3510			return (i);
3511	}
3512	return (-1);
3513}
3514
3515int
3516ctl_set_mask(uint32_t *mask, uint32_t bit)
3517{
3518	uint32_t chunk, piece;
3519
3520	chunk = bit >> 5;
3521	piece = bit % (sizeof(uint32_t) * 8);
3522
3523	if ((mask[chunk] & (1 << piece)) != 0)
3524		return (-1);
3525	else
3526		mask[chunk] |= (1 << piece);
3527
3528	return (0);
3529}
3530
3531int
3532ctl_clear_mask(uint32_t *mask, uint32_t bit)
3533{
3534	uint32_t chunk, piece;
3535
3536	chunk = bit >> 5;
3537	piece = bit % (sizeof(uint32_t) * 8);
3538
3539	if ((mask[chunk] & (1 << piece)) == 0)
3540		return (-1);
3541	else
3542		mask[chunk] &= ~(1 << piece);
3543
3544	return (0);
3545}
3546
3547int
3548ctl_is_set(uint32_t *mask, uint32_t bit)
3549{
3550	uint32_t chunk, piece;
3551
3552	chunk = bit >> 5;
3553	piece = bit % (sizeof(uint32_t) * 8);
3554
3555	if ((mask[chunk] & (1 << piece)) == 0)
3556		return (0);
3557	else
3558		return (1);
3559}
3560
3561static uint64_t
3562ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3563{
3564	uint64_t *t;
3565
3566	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3567	if (t == NULL)
3568		return (0);
3569	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3570}
3571
3572static void
3573ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3574{
3575	uint64_t *t;
3576
3577	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3578	if (t == NULL)
3579		return;
3580	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3581}
3582
3583static void
3584ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3585{
3586	uint64_t *p;
3587	u_int i;
3588
3589	i = residx/CTL_MAX_INIT_PER_PORT;
3590	if (lun->pr_keys[i] != NULL)
3591		return;
3592	mtx_unlock(&lun->lun_lock);
3593	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3594	    M_WAITOK | M_ZERO);
3595	mtx_lock(&lun->lun_lock);
3596	if (lun->pr_keys[i] == NULL)
3597		lun->pr_keys[i] = p;
3598	else
3599		free(p, M_CTL);
3600}
3601
3602static void
3603ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3604{
3605	uint64_t *t;
3606
3607	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3608	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3609	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3610}
3611
3612/*
3613 * ctl_softc, pool_name, total_ctl_io are passed in.
3614 * npool is passed out.
3615 */
3616int
3617ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3618		uint32_t total_ctl_io, void **npool)
3619{
3620#ifdef IO_POOLS
3621	struct ctl_io_pool *pool;
3622
3623	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3624					    M_NOWAIT | M_ZERO);
3625	if (pool == NULL)
3626		return (ENOMEM);
3627
3628	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3629	pool->ctl_softc = ctl_softc;
3630	pool->zone = uma_zsecond_create(pool->name, NULL,
3631	    NULL, NULL, NULL, ctl_softc->io_zone);
3632	/* uma_prealloc(pool->zone, total_ctl_io); */
3633
3634	*npool = pool;
3635#else
3636	*npool = ctl_softc->io_zone;
3637#endif
3638	return (0);
3639}
3640
3641void
3642ctl_pool_free(struct ctl_io_pool *pool)
3643{
3644
3645	if (pool == NULL)
3646		return;
3647
3648#ifdef IO_POOLS
3649	uma_zdestroy(pool->zone);
3650	free(pool, M_CTL);
3651#endif
3652}
3653
3654union ctl_io *
3655ctl_alloc_io(void *pool_ref)
3656{
3657	union ctl_io *io;
3658#ifdef IO_POOLS
3659	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3660
3661	io = uma_zalloc(pool->zone, M_WAITOK);
3662#else
3663	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3664#endif
3665	if (io != NULL)
3666		io->io_hdr.pool = pool_ref;
3667	return (io);
3668}
3669
3670union ctl_io *
3671ctl_alloc_io_nowait(void *pool_ref)
3672{
3673	union ctl_io *io;
3674#ifdef IO_POOLS
3675	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3676
3677	io = uma_zalloc(pool->zone, M_NOWAIT);
3678#else
3679	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3680#endif
3681	if (io != NULL)
3682		io->io_hdr.pool = pool_ref;
3683	return (io);
3684}
3685
3686void
3687ctl_free_io(union ctl_io *io)
3688{
3689#ifdef IO_POOLS
3690	struct ctl_io_pool *pool;
3691#endif
3692
3693	if (io == NULL)
3694		return;
3695
3696#ifdef IO_POOLS
3697	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3698	uma_zfree(pool->zone, io);
3699#else
3700	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3701#endif
3702}
3703
3704void
3705ctl_zero_io(union ctl_io *io)
3706{
3707	void *pool_ref;
3708
3709	if (io == NULL)
3710		return;
3711
3712	/*
3713	 * May need to preserve linked list pointers at some point too.
3714	 */
3715	pool_ref = io->io_hdr.pool;
3716	memset(io, 0, sizeof(*io));
3717	io->io_hdr.pool = pool_ref;
3718}
3719
3720/*
3721 * This routine is currently used for internal copies of ctl_ios that need
3722 * to persist for some reason after we've already returned status to the
3723 * FETD.  (Thus the flag set.)
3724 *
3725 * XXX XXX
3726 * Note that this makes a blind copy of all fields in the ctl_io, except
3727 * for the pool reference.  This includes any memory that has been
3728 * allocated!  That memory will no longer be valid after done has been
3729 * called, so this would be VERY DANGEROUS for command that actually does
3730 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3731 * start and stop commands, which don't transfer any data, so this is not a
3732 * problem.  If it is used for anything else, the caller would also need to
3733 * allocate data buffer space and this routine would need to be modified to
3734 * copy the data buffer(s) as well.
3735 */
3736void
3737ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3738{
3739	void *pool_ref;
3740
3741	if ((src == NULL)
3742	 || (dest == NULL))
3743		return;
3744
3745	/*
3746	 * May need to preserve linked list pointers at some point too.
3747	 */
3748	pool_ref = dest->io_hdr.pool;
3749
3750	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3751
3752	dest->io_hdr.pool = pool_ref;
3753	/*
3754	 * We need to know that this is an internal copy, and doesn't need
3755	 * to get passed back to the FETD that allocated it.
3756	 */
3757	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3758}
3759
3760int
3761ctl_expand_number(const char *buf, uint64_t *num)
3762{
3763	char *endptr;
3764	uint64_t number;
3765	unsigned shift;
3766
3767	number = strtoq(buf, &endptr, 0);
3768
3769	switch (tolower((unsigned char)*endptr)) {
3770	case 'e':
3771		shift = 60;
3772		break;
3773	case 'p':
3774		shift = 50;
3775		break;
3776	case 't':
3777		shift = 40;
3778		break;
3779	case 'g':
3780		shift = 30;
3781		break;
3782	case 'm':
3783		shift = 20;
3784		break;
3785	case 'k':
3786		shift = 10;
3787		break;
3788	case 'b':
3789	case '\0': /* No unit. */
3790		*num = number;
3791		return (0);
3792	default:
3793		/* Unrecognized unit. */
3794		return (-1);
3795	}
3796
3797	if ((number << shift) >> shift != number) {
3798		/* Overflow */
3799		return (-1);
3800	}
3801	*num = number << shift;
3802	return (0);
3803}
3804
3805
3806/*
3807 * This routine could be used in the future to load default and/or saved
3808 * mode page parameters for a particuar lun.
3809 */
3810static int
3811ctl_init_page_index(struct ctl_lun *lun)
3812{
3813	int i;
3814	struct ctl_page_index *page_index;
3815	const char *value;
3816	uint64_t ival;
3817
3818	memcpy(&lun->mode_pages.index, page_index_template,
3819	       sizeof(page_index_template));
3820
3821	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3822
3823		page_index = &lun->mode_pages.index[i];
3824		/*
3825		 * If this is a disk-only mode page, there's no point in
3826		 * setting it up.  For some pages, we have to have some
3827		 * basic information about the disk in order to calculate the
3828		 * mode page data.
3829		 */
3830		if ((lun->be_lun->lun_type != T_DIRECT)
3831		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3832			continue;
3833
3834		switch (page_index->page_code & SMPH_PC_MASK) {
3835		case SMS_RW_ERROR_RECOVERY_PAGE: {
3836			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3837				panic("subpage is incorrect!");
3838			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3839			       &rw_er_page_default,
3840			       sizeof(rw_er_page_default));
3841			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3842			       &rw_er_page_changeable,
3843			       sizeof(rw_er_page_changeable));
3844			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3845			       &rw_er_page_default,
3846			       sizeof(rw_er_page_default));
3847			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3848			       &rw_er_page_default,
3849			       sizeof(rw_er_page_default));
3850			page_index->page_data =
3851				(uint8_t *)lun->mode_pages.rw_er_page;
3852			break;
3853		}
3854		case SMS_FORMAT_DEVICE_PAGE: {
3855			struct scsi_format_page *format_page;
3856
3857			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3858				panic("subpage is incorrect!");
3859
3860			/*
3861			 * Sectors per track are set above.  Bytes per
3862			 * sector need to be set here on a per-LUN basis.
3863			 */
3864			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3865			       &format_page_default,
3866			       sizeof(format_page_default));
3867			memcpy(&lun->mode_pages.format_page[
3868			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3869			       sizeof(format_page_changeable));
3870			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3871			       &format_page_default,
3872			       sizeof(format_page_default));
3873			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3874			       &format_page_default,
3875			       sizeof(format_page_default));
3876
3877			format_page = &lun->mode_pages.format_page[
3878				CTL_PAGE_CURRENT];
3879			scsi_ulto2b(lun->be_lun->blocksize,
3880				    format_page->bytes_per_sector);
3881
3882			format_page = &lun->mode_pages.format_page[
3883				CTL_PAGE_DEFAULT];
3884			scsi_ulto2b(lun->be_lun->blocksize,
3885				    format_page->bytes_per_sector);
3886
3887			format_page = &lun->mode_pages.format_page[
3888				CTL_PAGE_SAVED];
3889			scsi_ulto2b(lun->be_lun->blocksize,
3890				    format_page->bytes_per_sector);
3891
3892			page_index->page_data =
3893				(uint8_t *)lun->mode_pages.format_page;
3894			break;
3895		}
3896		case SMS_RIGID_DISK_PAGE: {
3897			struct scsi_rigid_disk_page *rigid_disk_page;
3898			uint32_t sectors_per_cylinder;
3899			uint64_t cylinders;
3900#ifndef	__XSCALE__
3901			int shift;
3902#endif /* !__XSCALE__ */
3903
3904			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3905				panic("invalid subpage value %d",
3906				      page_index->subpage);
3907
3908			/*
3909			 * Rotation rate and sectors per track are set
3910			 * above.  We calculate the cylinders here based on
3911			 * capacity.  Due to the number of heads and
3912			 * sectors per track we're using, smaller arrays
3913			 * may turn out to have 0 cylinders.  Linux and
3914			 * FreeBSD don't pay attention to these mode pages
3915			 * to figure out capacity, but Solaris does.  It
3916			 * seems to deal with 0 cylinders just fine, and
3917			 * works out a fake geometry based on the capacity.
3918			 */
3919			memcpy(&lun->mode_pages.rigid_disk_page[
3920			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3921			       sizeof(rigid_disk_page_default));
3922			memcpy(&lun->mode_pages.rigid_disk_page[
3923			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3924			       sizeof(rigid_disk_page_changeable));
3925
3926			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3927				CTL_DEFAULT_HEADS;
3928
3929			/*
3930			 * The divide method here will be more accurate,
3931			 * probably, but results in floating point being
3932			 * used in the kernel on i386 (__udivdi3()).  On the
3933			 * XScale, though, __udivdi3() is implemented in
3934			 * software.
3935			 *
3936			 * The shift method for cylinder calculation is
3937			 * accurate if sectors_per_cylinder is a power of
3938			 * 2.  Otherwise it might be slightly off -- you
3939			 * might have a bit of a truncation problem.
3940			 */
3941#ifdef	__XSCALE__
3942			cylinders = (lun->be_lun->maxlba + 1) /
3943				sectors_per_cylinder;
3944#else
3945			for (shift = 31; shift > 0; shift--) {
3946				if (sectors_per_cylinder & (1 << shift))
3947					break;
3948			}
3949			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3950#endif
3951
3952			/*
3953			 * We've basically got 3 bytes, or 24 bits for the
3954			 * cylinder size in the mode page.  If we're over,
3955			 * just round down to 2^24.
3956			 */
3957			if (cylinders > 0xffffff)
3958				cylinders = 0xffffff;
3959
3960			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3961				CTL_PAGE_DEFAULT];
3962			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3963
3964			if ((value = ctl_get_opt(&lun->be_lun->options,
3965			    "rpm")) != NULL) {
3966				scsi_ulto2b(strtol(value, NULL, 0),
3967				     rigid_disk_page->rotation_rate);
3968			}
3969
3970			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3971			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3972			       sizeof(rigid_disk_page_default));
3973			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3974			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3975			       sizeof(rigid_disk_page_default));
3976
3977			page_index->page_data =
3978				(uint8_t *)lun->mode_pages.rigid_disk_page;
3979			break;
3980		}
3981		case SMS_CACHING_PAGE: {
3982			struct scsi_caching_page *caching_page;
3983
3984			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3985				panic("invalid subpage value %d",
3986				      page_index->subpage);
3987			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3988			       &caching_page_default,
3989			       sizeof(caching_page_default));
3990			memcpy(&lun->mode_pages.caching_page[
3991			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3992			       sizeof(caching_page_changeable));
3993			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3994			       &caching_page_default,
3995			       sizeof(caching_page_default));
3996			caching_page = &lun->mode_pages.caching_page[
3997			    CTL_PAGE_SAVED];
3998			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3999			if (value != NULL && strcmp(value, "off") == 0)
4000				caching_page->flags1 &= ~SCP_WCE;
4001			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4002			if (value != NULL && strcmp(value, "off") == 0)
4003				caching_page->flags1 |= SCP_RCD;
4004			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4005			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4006			       sizeof(caching_page_default));
4007			page_index->page_data =
4008				(uint8_t *)lun->mode_pages.caching_page;
4009			break;
4010		}
4011		case SMS_CONTROL_MODE_PAGE: {
4012			switch (page_index->subpage) {
4013			case SMS_SUBPAGE_PAGE_0: {
4014				struct scsi_control_page *control_page;
4015
4016				memcpy(&lun->mode_pages.control_page[
4017				    CTL_PAGE_DEFAULT],
4018				       &control_page_default,
4019				       sizeof(control_page_default));
4020				memcpy(&lun->mode_pages.control_page[
4021				    CTL_PAGE_CHANGEABLE],
4022				       &control_page_changeable,
4023				       sizeof(control_page_changeable));
4024				memcpy(&lun->mode_pages.control_page[
4025				    CTL_PAGE_SAVED],
4026				       &control_page_default,
4027				       sizeof(control_page_default));
4028				control_page = &lun->mode_pages.control_page[
4029				    CTL_PAGE_SAVED];
4030				value = ctl_get_opt(&lun->be_lun->options,
4031				    "reordering");
4032				if (value != NULL &&
4033				    strcmp(value, "unrestricted") == 0) {
4034					control_page->queue_flags &=
4035					    ~SCP_QUEUE_ALG_MASK;
4036					control_page->queue_flags |=
4037					    SCP_QUEUE_ALG_UNRESTRICTED;
4038				}
4039				memcpy(&lun->mode_pages.control_page[
4040				    CTL_PAGE_CURRENT],
4041				       &lun->mode_pages.control_page[
4042				    CTL_PAGE_SAVED],
4043				       sizeof(control_page_default));
4044				page_index->page_data =
4045				    (uint8_t *)lun->mode_pages.control_page;
4046				break;
4047			}
4048			case 0x01:
4049				memcpy(&lun->mode_pages.control_ext_page[
4050				    CTL_PAGE_DEFAULT],
4051				       &control_ext_page_default,
4052				       sizeof(control_ext_page_default));
4053				memcpy(&lun->mode_pages.control_ext_page[
4054				    CTL_PAGE_CHANGEABLE],
4055				       &control_ext_page_changeable,
4056				       sizeof(control_ext_page_changeable));
4057				memcpy(&lun->mode_pages.control_ext_page[
4058				    CTL_PAGE_SAVED],
4059				       &control_ext_page_default,
4060				       sizeof(control_ext_page_default));
4061				memcpy(&lun->mode_pages.control_ext_page[
4062				    CTL_PAGE_CURRENT],
4063				       &lun->mode_pages.control_ext_page[
4064				    CTL_PAGE_SAVED],
4065				       sizeof(control_ext_page_default));
4066				page_index->page_data =
4067				    (uint8_t *)lun->mode_pages.control_ext_page;
4068				break;
4069			}
4070			break;
4071		}
4072		case SMS_INFO_EXCEPTIONS_PAGE: {
4073			switch (page_index->subpage) {
4074			case SMS_SUBPAGE_PAGE_0:
4075				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4076				       &ie_page_default,
4077				       sizeof(ie_page_default));
4078				memcpy(&lun->mode_pages.ie_page[
4079				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4080				       sizeof(ie_page_changeable));
4081				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4082				       &ie_page_default,
4083				       sizeof(ie_page_default));
4084				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4085				       &ie_page_default,
4086				       sizeof(ie_page_default));
4087				page_index->page_data =
4088					(uint8_t *)lun->mode_pages.ie_page;
4089				break;
4090			case 0x02: {
4091				struct ctl_logical_block_provisioning_page *page;
4092
4093				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4094				       &lbp_page_default,
4095				       sizeof(lbp_page_default));
4096				memcpy(&lun->mode_pages.lbp_page[
4097				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4098				       sizeof(lbp_page_changeable));
4099				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4100				       &lbp_page_default,
4101				       sizeof(lbp_page_default));
4102				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4103				value = ctl_get_opt(&lun->be_lun->options,
4104				    "avail-threshold");
4105				if (value != NULL &&
4106				    ctl_expand_number(value, &ival) == 0) {
4107					page->descr[0].flags |= SLBPPD_ENABLED |
4108					    SLBPPD_ARMING_DEC;
4109					if (lun->be_lun->blocksize)
4110						ival /= lun->be_lun->blocksize;
4111					else
4112						ival /= 512;
4113					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4114					    page->descr[0].count);
4115				}
4116				value = ctl_get_opt(&lun->be_lun->options,
4117				    "used-threshold");
4118				if (value != NULL &&
4119				    ctl_expand_number(value, &ival) == 0) {
4120					page->descr[1].flags |= SLBPPD_ENABLED |
4121					    SLBPPD_ARMING_INC;
4122					if (lun->be_lun->blocksize)
4123						ival /= lun->be_lun->blocksize;
4124					else
4125						ival /= 512;
4126					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4127					    page->descr[1].count);
4128				}
4129				value = ctl_get_opt(&lun->be_lun->options,
4130				    "pool-avail-threshold");
4131				if (value != NULL &&
4132				    ctl_expand_number(value, &ival) == 0) {
4133					page->descr[2].flags |= SLBPPD_ENABLED |
4134					    SLBPPD_ARMING_DEC;
4135					if (lun->be_lun->blocksize)
4136						ival /= lun->be_lun->blocksize;
4137					else
4138						ival /= 512;
4139					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4140					    page->descr[2].count);
4141				}
4142				value = ctl_get_opt(&lun->be_lun->options,
4143				    "pool-used-threshold");
4144				if (value != NULL &&
4145				    ctl_expand_number(value, &ival) == 0) {
4146					page->descr[3].flags |= SLBPPD_ENABLED |
4147					    SLBPPD_ARMING_INC;
4148					if (lun->be_lun->blocksize)
4149						ival /= lun->be_lun->blocksize;
4150					else
4151						ival /= 512;
4152					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4153					    page->descr[3].count);
4154				}
4155				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4156				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4157				       sizeof(lbp_page_default));
4158				page_index->page_data =
4159					(uint8_t *)lun->mode_pages.lbp_page;
4160			}}
4161			break;
4162		}
4163		case SMS_VENDOR_SPECIFIC_PAGE:{
4164			switch (page_index->subpage) {
4165			case DBGCNF_SUBPAGE_CODE: {
4166				memcpy(&lun->mode_pages.debugconf_subpage[
4167				       CTL_PAGE_CURRENT],
4168				       &debugconf_page_default,
4169				       sizeof(debugconf_page_default));
4170				memcpy(&lun->mode_pages.debugconf_subpage[
4171				       CTL_PAGE_CHANGEABLE],
4172				       &debugconf_page_changeable,
4173				       sizeof(debugconf_page_changeable));
4174				memcpy(&lun->mode_pages.debugconf_subpage[
4175				       CTL_PAGE_DEFAULT],
4176				       &debugconf_page_default,
4177				       sizeof(debugconf_page_default));
4178				memcpy(&lun->mode_pages.debugconf_subpage[
4179				       CTL_PAGE_SAVED],
4180				       &debugconf_page_default,
4181				       sizeof(debugconf_page_default));
4182				page_index->page_data =
4183				    (uint8_t *)lun->mode_pages.debugconf_subpage;
4184				break;
4185			}
4186			default:
4187				panic("invalid subpage value %d",
4188				      page_index->subpage);
4189				break;
4190			}
4191   			break;
4192		}
4193		default:
4194			panic("invalid page value %d",
4195			      page_index->page_code & SMPH_PC_MASK);
4196			break;
4197    	}
4198	}
4199
4200	return (CTL_RETVAL_COMPLETE);
4201}
4202
4203static int
4204ctl_init_log_page_index(struct ctl_lun *lun)
4205{
4206	struct ctl_page_index *page_index;
4207	int i, j, k, prev;
4208
4209	memcpy(&lun->log_pages.index, log_page_index_template,
4210	       sizeof(log_page_index_template));
4211
4212	prev = -1;
4213	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4214
4215		page_index = &lun->log_pages.index[i];
4216		/*
4217		 * If this is a disk-only mode page, there's no point in
4218		 * setting it up.  For some pages, we have to have some
4219		 * basic information about the disk in order to calculate the
4220		 * mode page data.
4221		 */
4222		if ((lun->be_lun->lun_type != T_DIRECT)
4223		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4224			continue;
4225
4226		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4227		     lun->backend->lun_attr == NULL)
4228			continue;
4229
4230		if (page_index->page_code != prev) {
4231			lun->log_pages.pages_page[j] = page_index->page_code;
4232			prev = page_index->page_code;
4233			j++;
4234		}
4235		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4236		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4237		k++;
4238	}
4239	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4240	lun->log_pages.index[0].page_len = j;
4241	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4242	lun->log_pages.index[1].page_len = k * 2;
4243	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4244	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4245	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4246	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4247
4248	return (CTL_RETVAL_COMPLETE);
4249}
4250
4251static int
4252hex2bin(const char *str, uint8_t *buf, int buf_size)
4253{
4254	int i;
4255	u_char c;
4256
4257	memset(buf, 0, buf_size);
4258	while (isspace(str[0]))
4259		str++;
4260	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4261		str += 2;
4262	buf_size *= 2;
4263	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4264		c = str[i];
4265		if (isdigit(c))
4266			c -= '0';
4267		else if (isalpha(c))
4268			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4269		else
4270			break;
4271		if (c >= 16)
4272			break;
4273		if ((i & 1) == 0)
4274			buf[i / 2] |= (c << 4);
4275		else
4276			buf[i / 2] |= c;
4277	}
4278	return ((i + 1) / 2);
4279}
4280
4281/*
4282 * LUN allocation.
4283 *
4284 * Requirements:
4285 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4286 *   wants us to allocate the LUN and he can block.
4287 * - ctl_softc is always set
4288 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4289 *
4290 * Returns 0 for success, non-zero (errno) for failure.
4291 */
4292static int
4293ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4294	      struct ctl_be_lun *const be_lun)
4295{
4296	struct ctl_lun *nlun, *lun;
4297	struct scsi_vpd_id_descriptor *desc;
4298	struct scsi_vpd_id_t10 *t10id;
4299	const char *eui, *naa, *scsiname, *vendor;
4300	int lun_number, i, lun_malloced;
4301	int devidlen, idlen1, idlen2 = 0, len;
4302
4303	if (be_lun == NULL)
4304		return (EINVAL);
4305
4306	/*
4307	 * We currently only support Direct Access or Processor LUN types.
4308	 */
4309	switch (be_lun->lun_type) {
4310	case T_DIRECT:
4311		break;
4312	case T_PROCESSOR:
4313		break;
4314	case T_SEQUENTIAL:
4315	case T_CHANGER:
4316	default:
4317		be_lun->lun_config_status(be_lun->be_lun,
4318					  CTL_LUN_CONFIG_FAILURE);
4319		break;
4320	}
4321	if (ctl_lun == NULL) {
4322		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4323		lun_malloced = 1;
4324	} else {
4325		lun_malloced = 0;
4326		lun = ctl_lun;
4327	}
4328
4329	memset(lun, 0, sizeof(*lun));
4330	if (lun_malloced)
4331		lun->flags = CTL_LUN_MALLOCED;
4332
4333	/* Generate LUN ID. */
4334	devidlen = max(CTL_DEVID_MIN_LEN,
4335	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4336	idlen1 = sizeof(*t10id) + devidlen;
4337	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4338	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4339	if (scsiname != NULL) {
4340		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4341		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4342	}
4343	eui = ctl_get_opt(&be_lun->options, "eui");
4344	if (eui != NULL) {
4345		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4346	}
4347	naa = ctl_get_opt(&be_lun->options, "naa");
4348	if (naa != NULL) {
4349		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4350	}
4351	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4352	    M_CTL, M_WAITOK | M_ZERO);
4353	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4354	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4355	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4356	desc->length = idlen1;
4357	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4358	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4359	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4360		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4361	} else {
4362		strncpy(t10id->vendor, vendor,
4363		    min(sizeof(t10id->vendor), strlen(vendor)));
4364	}
4365	strncpy((char *)t10id->vendor_spec_id,
4366	    (char *)be_lun->device_id, devidlen);
4367	if (scsiname != NULL) {
4368		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4369		    desc->length);
4370		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4371		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4372		    SVPD_ID_TYPE_SCSI_NAME;
4373		desc->length = idlen2;
4374		strlcpy(desc->identifier, scsiname, idlen2);
4375	}
4376	if (eui != NULL) {
4377		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4378		    desc->length);
4379		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4380		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4381		    SVPD_ID_TYPE_EUI64;
4382		desc->length = hex2bin(eui, desc->identifier, 16);
4383		desc->length = desc->length > 12 ? 16 :
4384		    (desc->length > 8 ? 12 : 8);
4385		len -= 16 - desc->length;
4386	}
4387	if (naa != NULL) {
4388		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4389		    desc->length);
4390		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4391		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4392		    SVPD_ID_TYPE_NAA;
4393		desc->length = hex2bin(naa, desc->identifier, 16);
4394		desc->length = desc->length > 8 ? 16 : 8;
4395		len -= 16 - desc->length;
4396	}
4397	lun->lun_devid->len = len;
4398
4399	mtx_lock(&ctl_softc->ctl_lock);
4400	/*
4401	 * See if the caller requested a particular LUN number.  If so, see
4402	 * if it is available.  Otherwise, allocate the first available LUN.
4403	 */
4404	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4405		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4406		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4407			mtx_unlock(&ctl_softc->ctl_lock);
4408			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4409				printf("ctl: requested LUN ID %d is higher "
4410				       "than CTL_MAX_LUNS - 1 (%d)\n",
4411				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4412			} else {
4413				/*
4414				 * XXX KDM return an error, or just assign
4415				 * another LUN ID in this case??
4416				 */
4417				printf("ctl: requested LUN ID %d is already "
4418				       "in use\n", be_lun->req_lun_id);
4419			}
4420			if (lun->flags & CTL_LUN_MALLOCED)
4421				free(lun, M_CTL);
4422			be_lun->lun_config_status(be_lun->be_lun,
4423						  CTL_LUN_CONFIG_FAILURE);
4424			return (ENOSPC);
4425		}
4426		lun_number = be_lun->req_lun_id;
4427	} else {
4428		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4429		if (lun_number == -1) {
4430			mtx_unlock(&ctl_softc->ctl_lock);
4431			printf("ctl: can't allocate LUN, out of LUNs\n");
4432			if (lun->flags & CTL_LUN_MALLOCED)
4433				free(lun, M_CTL);
4434			be_lun->lun_config_status(be_lun->be_lun,
4435						  CTL_LUN_CONFIG_FAILURE);
4436			return (ENOSPC);
4437		}
4438	}
4439	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4440
4441	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4442	lun->lun = lun_number;
4443	lun->be_lun = be_lun;
4444	/*
4445	 * The processor LUN is always enabled.  Disk LUNs come on line
4446	 * disabled, and must be enabled by the backend.
4447	 */
4448	lun->flags |= CTL_LUN_DISABLED;
4449	lun->backend = be_lun->be;
4450	be_lun->ctl_lun = lun;
4451	be_lun->lun_id = lun_number;
4452	atomic_add_int(&be_lun->be->num_luns, 1);
4453	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4454		lun->flags |= CTL_LUN_OFFLINE;
4455
4456	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4457		lun->flags |= CTL_LUN_STOPPED;
4458
4459	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4460		lun->flags |= CTL_LUN_INOPERABLE;
4461
4462	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4463		lun->flags |= CTL_LUN_PRIMARY_SC;
4464
4465	lun->ctl_softc = ctl_softc;
4466#ifdef CTL_TIME_IO
4467	lun->last_busy = getsbinuptime();
4468#endif
4469	TAILQ_INIT(&lun->ooa_queue);
4470	TAILQ_INIT(&lun->blocked_queue);
4471	STAILQ_INIT(&lun->error_list);
4472	ctl_tpc_lun_init(lun);
4473
4474	/*
4475	 * Initialize the mode and log page index.
4476	 */
4477	ctl_init_page_index(lun);
4478	ctl_init_log_page_index(lun);
4479
4480	/*
4481	 * Now, before we insert this lun on the lun list, set the lun
4482	 * inventory changed UA for all other luns.
4483	 */
4484	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4485		mtx_lock(&nlun->lun_lock);
4486		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4487		mtx_unlock(&nlun->lun_lock);
4488	}
4489
4490	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4491
4492	ctl_softc->ctl_luns[lun_number] = lun;
4493
4494	ctl_softc->num_luns++;
4495
4496	/* Setup statistics gathering */
4497	lun->stats.device_type = be_lun->lun_type;
4498	lun->stats.lun_number = lun_number;
4499	if (lun->stats.device_type == T_DIRECT)
4500		lun->stats.blocksize = be_lun->blocksize;
4501	else
4502		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4503	for (i = 0;i < CTL_MAX_PORTS;i++)
4504		lun->stats.ports[i].targ_port = i;
4505
4506	mtx_unlock(&ctl_softc->ctl_lock);
4507
4508	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4509	return (0);
4510}
4511
4512/*
4513 * Delete a LUN.
4514 * Assumptions:
4515 * - LUN has already been marked invalid and any pending I/O has been taken
4516 *   care of.
4517 */
4518static int
4519ctl_free_lun(struct ctl_lun *lun)
4520{
4521	struct ctl_softc *softc;
4522	struct ctl_lun *nlun;
4523	int i;
4524
4525	softc = lun->ctl_softc;
4526
4527	mtx_assert(&softc->ctl_lock, MA_OWNED);
4528
4529	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4530
4531	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4532
4533	softc->ctl_luns[lun->lun] = NULL;
4534
4535	if (!TAILQ_EMPTY(&lun->ooa_queue))
4536		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4537
4538	softc->num_luns--;
4539
4540	/*
4541	 * Tell the backend to free resources, if this LUN has a backend.
4542	 */
4543	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4544	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4545
4546	ctl_tpc_lun_shutdown(lun);
4547	mtx_destroy(&lun->lun_lock);
4548	free(lun->lun_devid, M_CTL);
4549	for (i = 0; i < CTL_MAX_PORTS; i++)
4550		free(lun->pending_ua[i], M_CTL);
4551	for (i = 0; i < CTL_MAX_PORTS; i++)
4552		free(lun->pr_keys[i], M_CTL);
4553	free(lun->write_buffer, M_CTL);
4554	if (lun->flags & CTL_LUN_MALLOCED)
4555		free(lun, M_CTL);
4556
4557	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4558		mtx_lock(&nlun->lun_lock);
4559		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4560		mtx_unlock(&nlun->lun_lock);
4561	}
4562
4563	return (0);
4564}
4565
4566static void
4567ctl_create_lun(struct ctl_be_lun *be_lun)
4568{
4569
4570	/*
4571	 * ctl_alloc_lun() should handle all potential failure cases.
4572	 */
4573	ctl_alloc_lun(control_softc, NULL, be_lun);
4574}
4575
4576int
4577ctl_add_lun(struct ctl_be_lun *be_lun)
4578{
4579	struct ctl_softc *softc = control_softc;
4580
4581	mtx_lock(&softc->ctl_lock);
4582	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4583	mtx_unlock(&softc->ctl_lock);
4584	wakeup(&softc->pending_lun_queue);
4585
4586	return (0);
4587}
4588
4589int
4590ctl_enable_lun(struct ctl_be_lun *be_lun)
4591{
4592	struct ctl_softc *softc;
4593	struct ctl_port *port, *nport;
4594	struct ctl_lun *lun;
4595	int retval;
4596
4597	lun = (struct ctl_lun *)be_lun->ctl_lun;
4598	softc = lun->ctl_softc;
4599
4600	mtx_lock(&softc->ctl_lock);
4601	mtx_lock(&lun->lun_lock);
4602	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4603		/*
4604		 * eh?  Why did we get called if the LUN is already
4605		 * enabled?
4606		 */
4607		mtx_unlock(&lun->lun_lock);
4608		mtx_unlock(&softc->ctl_lock);
4609		return (0);
4610	}
4611	lun->flags &= ~CTL_LUN_DISABLED;
4612	mtx_unlock(&lun->lun_lock);
4613
4614	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4615		nport = STAILQ_NEXT(port, links);
4616		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4617		    port->lun_map != NULL || port->lun_enable == NULL)
4618			continue;
4619
4620		/*
4621		 * Drop the lock while we call the FETD's enable routine.
4622		 * This can lead to a callback into CTL (at least in the
4623		 * case of the internal initiator frontend.
4624		 */
4625		mtx_unlock(&softc->ctl_lock);
4626		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4627		mtx_lock(&softc->ctl_lock);
4628		if (retval != 0) {
4629			printf("%s: FETD %s port %d returned error "
4630			       "%d for lun_enable on lun %jd\n",
4631			       __func__, port->port_name, port->targ_port,
4632			       retval, (intmax_t)lun->lun);
4633		}
4634	}
4635
4636	mtx_unlock(&softc->ctl_lock);
4637	ctl_isc_announce_lun(lun);
4638
4639	return (0);
4640}
4641
4642int
4643ctl_disable_lun(struct ctl_be_lun *be_lun)
4644{
4645	struct ctl_softc *softc;
4646	struct ctl_port *port;
4647	struct ctl_lun *lun;
4648	int retval;
4649
4650	lun = (struct ctl_lun *)be_lun->ctl_lun;
4651	softc = lun->ctl_softc;
4652
4653	mtx_lock(&softc->ctl_lock);
4654	mtx_lock(&lun->lun_lock);
4655	if (lun->flags & CTL_LUN_DISABLED) {
4656		mtx_unlock(&lun->lun_lock);
4657		mtx_unlock(&softc->ctl_lock);
4658		return (0);
4659	}
4660	lun->flags |= CTL_LUN_DISABLED;
4661	mtx_unlock(&lun->lun_lock);
4662
4663	STAILQ_FOREACH(port, &softc->port_list, links) {
4664		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4665		    port->lun_map != NULL || port->lun_disable == NULL)
4666			continue;
4667
4668		/*
4669		 * Drop the lock before we call the frontend's disable
4670		 * routine, to avoid lock order reversals.
4671		 *
4672		 * XXX KDM what happens if the frontend list changes while
4673		 * we're traversing it?  It's unlikely, but should be handled.
4674		 */
4675		mtx_unlock(&softc->ctl_lock);
4676		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4677		mtx_lock(&softc->ctl_lock);
4678		if (retval != 0) {
4679			printf("%s: FETD %s port %d returned error "
4680			       "%d for lun_disable on lun %jd\n",
4681			       __func__, port->port_name, port->targ_port,
4682			       retval, (intmax_t)lun->lun);
4683		}
4684	}
4685
4686	mtx_unlock(&softc->ctl_lock);
4687	ctl_isc_announce_lun(lun);
4688
4689	return (0);
4690}
4691
4692int
4693ctl_start_lun(struct ctl_be_lun *be_lun)
4694{
4695	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4696
4697	mtx_lock(&lun->lun_lock);
4698	lun->flags &= ~CTL_LUN_STOPPED;
4699	mtx_unlock(&lun->lun_lock);
4700	return (0);
4701}
4702
4703int
4704ctl_stop_lun(struct ctl_be_lun *be_lun)
4705{
4706	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4707
4708	mtx_lock(&lun->lun_lock);
4709	lun->flags |= CTL_LUN_STOPPED;
4710	mtx_unlock(&lun->lun_lock);
4711	return (0);
4712}
4713
4714int
4715ctl_lun_offline(struct ctl_be_lun *be_lun)
4716{
4717	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4718
4719	mtx_lock(&lun->lun_lock);
4720	lun->flags |= CTL_LUN_OFFLINE;
4721	mtx_unlock(&lun->lun_lock);
4722	return (0);
4723}
4724
4725int
4726ctl_lun_online(struct ctl_be_lun *be_lun)
4727{
4728	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4729
4730	mtx_lock(&lun->lun_lock);
4731	lun->flags &= ~CTL_LUN_OFFLINE;
4732	mtx_unlock(&lun->lun_lock);
4733	return (0);
4734}
4735
4736int
4737ctl_lun_primary(struct ctl_be_lun *be_lun)
4738{
4739	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4740
4741	mtx_lock(&lun->lun_lock);
4742	lun->flags |= CTL_LUN_PRIMARY_SC;
4743	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4744	mtx_unlock(&lun->lun_lock);
4745	ctl_isc_announce_lun(lun);
4746	return (0);
4747}
4748
4749int
4750ctl_lun_secondary(struct ctl_be_lun *be_lun)
4751{
4752	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4753
4754	mtx_lock(&lun->lun_lock);
4755	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4756	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4757	mtx_unlock(&lun->lun_lock);
4758	ctl_isc_announce_lun(lun);
4759	return (0);
4760}
4761
4762int
4763ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4764{
4765	struct ctl_softc *softc;
4766	struct ctl_lun *lun;
4767
4768	lun = (struct ctl_lun *)be_lun->ctl_lun;
4769	softc = lun->ctl_softc;
4770
4771	mtx_lock(&lun->lun_lock);
4772
4773	/*
4774	 * The LUN needs to be disabled before it can be marked invalid.
4775	 */
4776	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4777		mtx_unlock(&lun->lun_lock);
4778		return (-1);
4779	}
4780	/*
4781	 * Mark the LUN invalid.
4782	 */
4783	lun->flags |= CTL_LUN_INVALID;
4784
4785	/*
4786	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4787	 * If we have something in the OOA queue, we'll free it when the
4788	 * last I/O completes.
4789	 */
4790	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4791		mtx_unlock(&lun->lun_lock);
4792		mtx_lock(&softc->ctl_lock);
4793		ctl_free_lun(lun);
4794		mtx_unlock(&softc->ctl_lock);
4795	} else
4796		mtx_unlock(&lun->lun_lock);
4797
4798	return (0);
4799}
4800
4801int
4802ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4803{
4804	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4805
4806	mtx_lock(&lun->lun_lock);
4807	lun->flags |= CTL_LUN_INOPERABLE;
4808	mtx_unlock(&lun->lun_lock);
4809	return (0);
4810}
4811
4812int
4813ctl_lun_operable(struct ctl_be_lun *be_lun)
4814{
4815	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4816
4817	mtx_lock(&lun->lun_lock);
4818	lun->flags &= ~CTL_LUN_INOPERABLE;
4819	mtx_unlock(&lun->lun_lock);
4820	return (0);
4821}
4822
4823void
4824ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4825{
4826	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4827	union ctl_ha_msg msg;
4828
4829	mtx_lock(&lun->lun_lock);
4830	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4831	mtx_unlock(&lun->lun_lock);
4832	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4833		/* Send msg to other side. */
4834		bzero(&msg.ua, sizeof(msg.ua));
4835		msg.hdr.msg_type = CTL_MSG_UA;
4836		msg.hdr.nexus.initid = -1;
4837		msg.hdr.nexus.targ_port = -1;
4838		msg.hdr.nexus.targ_lun = lun->lun;
4839		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4840		msg.ua.ua_all = 1;
4841		msg.ua.ua_set = 1;
4842		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4843		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4844		    M_WAITOK);
4845	}
4846}
4847
4848/*
4849 * Backend "memory move is complete" callback for requests that never
4850 * make it down to say RAIDCore's configuration code.
4851 */
4852int
4853ctl_config_move_done(union ctl_io *io)
4854{
4855	int retval;
4856
4857	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4858	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4859	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4860
4861	if ((io->io_hdr.port_status != 0) &&
4862	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4863	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4864		/*
4865		 * For hardware error sense keys, the sense key
4866		 * specific value is defined to be a retry count,
4867		 * but we use it to pass back an internal FETD
4868		 * error code.  XXX KDM  Hopefully the FETD is only
4869		 * using 16 bits for an error code, since that's
4870		 * all the space we have in the sks field.
4871		 */
4872		ctl_set_internal_failure(&io->scsiio,
4873					 /*sks_valid*/ 1,
4874					 /*retry_count*/
4875					 io->io_hdr.port_status);
4876	}
4877
4878	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4879		ctl_data_print(io);
4880	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4881	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4882	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4883	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4884		/*
4885		 * XXX KDM just assuming a single pointer here, and not a
4886		 * S/G list.  If we start using S/G lists for config data,
4887		 * we'll need to know how to clean them up here as well.
4888		 */
4889		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4890			free(io->scsiio.kern_data_ptr, M_CTL);
4891		ctl_done(io);
4892		retval = CTL_RETVAL_COMPLETE;
4893	} else {
4894		/*
4895		 * XXX KDM now we need to continue data movement.  Some
4896		 * options:
4897		 * - call ctl_scsiio() again?  We don't do this for data
4898		 *   writes, because for those at least we know ahead of
4899		 *   time where the write will go and how long it is.  For
4900		 *   config writes, though, that information is largely
4901		 *   contained within the write itself, thus we need to
4902		 *   parse out the data again.
4903		 *
4904		 * - Call some other function once the data is in?
4905		 */
4906
4907		/*
4908		 * XXX KDM call ctl_scsiio() again for now, and check flag
4909		 * bits to see whether we're allocated or not.
4910		 */
4911		retval = ctl_scsiio(&io->scsiio);
4912	}
4913	return (retval);
4914}
4915
4916/*
4917 * This gets called by a backend driver when it is done with a
4918 * data_submit method.
4919 */
4920void
4921ctl_data_submit_done(union ctl_io *io)
4922{
4923	/*
4924	 * If the IO_CONT flag is set, we need to call the supplied
4925	 * function to continue processing the I/O, instead of completing
4926	 * the I/O just yet.
4927	 *
4928	 * If there is an error, though, we don't want to keep processing.
4929	 * Instead, just send status back to the initiator.
4930	 */
4931	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4932	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4933	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4934	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4935		io->scsiio.io_cont(io);
4936		return;
4937	}
4938	ctl_done(io);
4939}
4940
4941/*
4942 * This gets called by a backend driver when it is done with a
4943 * configuration write.
4944 */
4945void
4946ctl_config_write_done(union ctl_io *io)
4947{
4948	uint8_t *buf;
4949
4950	/*
4951	 * If the IO_CONT flag is set, we need to call the supplied
4952	 * function to continue processing the I/O, instead of completing
4953	 * the I/O just yet.
4954	 *
4955	 * If there is an error, though, we don't want to keep processing.
4956	 * Instead, just send status back to the initiator.
4957	 */
4958	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4959	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4960	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4961	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4962		io->scsiio.io_cont(io);
4963		return;
4964	}
4965	/*
4966	 * Since a configuration write can be done for commands that actually
4967	 * have data allocated, like write buffer, and commands that have
4968	 * no data, like start/stop unit, we need to check here.
4969	 */
4970	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4971		buf = io->scsiio.kern_data_ptr;
4972	else
4973		buf = NULL;
4974	ctl_done(io);
4975	if (buf)
4976		free(buf, M_CTL);
4977}
4978
4979void
4980ctl_config_read_done(union ctl_io *io)
4981{
4982	uint8_t *buf;
4983
4984	/*
4985	 * If there is some error -- we are done, skip data transfer.
4986	 */
4987	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4988	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4989	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4990		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4991			buf = io->scsiio.kern_data_ptr;
4992		else
4993			buf = NULL;
4994		ctl_done(io);
4995		if (buf)
4996			free(buf, M_CTL);
4997		return;
4998	}
4999
5000	/*
5001	 * If the IO_CONT flag is set, we need to call the supplied
5002	 * function to continue processing the I/O, instead of completing
5003	 * the I/O just yet.
5004	 */
5005	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5006		io->scsiio.io_cont(io);
5007		return;
5008	}
5009
5010	ctl_datamove(io);
5011}
5012
5013/*
5014 * SCSI release command.
5015 */
5016int
5017ctl_scsi_release(struct ctl_scsiio *ctsio)
5018{
5019	struct ctl_lun *lun;
5020	uint32_t residx;
5021
5022	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5023
5024	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5025	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5026
5027	/*
5028	 * XXX KDM right now, we only support LUN reservation.  We don't
5029	 * support 3rd party reservations, or extent reservations, which
5030	 * might actually need the parameter list.  If we've gotten this
5031	 * far, we've got a LUN reservation.  Anything else got kicked out
5032	 * above.  So, according to SPC, ignore the length.
5033	 */
5034
5035	mtx_lock(&lun->lun_lock);
5036
5037	/*
5038	 * According to SPC, it is not an error for an intiator to attempt
5039	 * to release a reservation on a LUN that isn't reserved, or that
5040	 * is reserved by another initiator.  The reservation can only be
5041	 * released, though, by the initiator who made it or by one of
5042	 * several reset type events.
5043	 */
5044	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5045			lun->flags &= ~CTL_LUN_RESERVED;
5046
5047	mtx_unlock(&lun->lun_lock);
5048
5049	ctl_set_success(ctsio);
5050	ctl_done((union ctl_io *)ctsio);
5051	return (CTL_RETVAL_COMPLETE);
5052}
5053
5054int
5055ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5056{
5057	struct ctl_lun *lun;
5058	uint32_t residx;
5059
5060	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5061
5062	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5063	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5064
5065	/*
5066	 * XXX KDM right now, we only support LUN reservation.  We don't
5067	 * support 3rd party reservations, or extent reservations, which
5068	 * might actually need the parameter list.  If we've gotten this
5069	 * far, we've got a LUN reservation.  Anything else got kicked out
5070	 * above.  So, according to SPC, ignore the length.
5071	 */
5072
5073	mtx_lock(&lun->lun_lock);
5074	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5075		ctl_set_reservation_conflict(ctsio);
5076		goto bailout;
5077	}
5078	lun->flags |= CTL_LUN_RESERVED;
5079	lun->res_idx = residx;
5080	ctl_set_success(ctsio);
5081
5082bailout:
5083	mtx_unlock(&lun->lun_lock);
5084	ctl_done((union ctl_io *)ctsio);
5085	return (CTL_RETVAL_COMPLETE);
5086}
5087
5088int
5089ctl_start_stop(struct ctl_scsiio *ctsio)
5090{
5091	struct scsi_start_stop_unit *cdb;
5092	struct ctl_lun *lun;
5093	int retval;
5094
5095	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5096
5097	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5098	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5099
5100	/*
5101	 * XXX KDM
5102	 * We don't support the immediate bit on a stop unit.  In order to
5103	 * do that, we would need to code up a way to know that a stop is
5104	 * pending, and hold off any new commands until it completes, one
5105	 * way or another.  Then we could accept or reject those commands
5106	 * depending on its status.  We would almost need to do the reverse
5107	 * of what we do below for an immediate start -- return the copy of
5108	 * the ctl_io to the FETD with status to send to the host (and to
5109	 * free the copy!) and then free the original I/O once the stop
5110	 * actually completes.  That way, the OOA queue mechanism can work
5111	 * to block commands that shouldn't proceed.  Another alternative
5112	 * would be to put the copy in the queue in place of the original,
5113	 * and return the original back to the caller.  That could be
5114	 * slightly safer..
5115	 */
5116	if ((cdb->byte2 & SSS_IMMED)
5117	 && ((cdb->how & SSS_START) == 0)) {
5118		ctl_set_invalid_field(ctsio,
5119				      /*sks_valid*/ 1,
5120				      /*command*/ 1,
5121				      /*field*/ 1,
5122				      /*bit_valid*/ 1,
5123				      /*bit*/ 0);
5124		ctl_done((union ctl_io *)ctsio);
5125		return (CTL_RETVAL_COMPLETE);
5126	}
5127
5128	if ((lun->flags & CTL_LUN_PR_RESERVED)
5129	 && ((cdb->how & SSS_START)==0)) {
5130		uint32_t residx;
5131
5132		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5133		if (ctl_get_prkey(lun, residx) == 0
5134		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5135
5136			ctl_set_reservation_conflict(ctsio);
5137			ctl_done((union ctl_io *)ctsio);
5138			return (CTL_RETVAL_COMPLETE);
5139		}
5140	}
5141
5142	/*
5143	 * If there is no backend on this device, we can't start or stop
5144	 * it.  In theory we shouldn't get any start/stop commands in the
5145	 * first place at this level if the LUN doesn't have a backend.
5146	 * That should get stopped by the command decode code.
5147	 */
5148	if (lun->backend == NULL) {
5149		ctl_set_invalid_opcode(ctsio);
5150		ctl_done((union ctl_io *)ctsio);
5151		return (CTL_RETVAL_COMPLETE);
5152	}
5153
5154	/*
5155	 * In the non-immediate case, we send the request to
5156	 * the backend and return status to the user when
5157	 * it is done.
5158	 *
5159	 * In the immediate case, we allocate a new ctl_io
5160	 * to hold a copy of the request, and send that to
5161	 * the backend.  We then set good status on the
5162	 * user's request and return it immediately.
5163	 */
5164	if (cdb->byte2 & SSS_IMMED) {
5165		union ctl_io *new_io;
5166
5167		new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5168		ctl_copy_io((union ctl_io *)ctsio, new_io);
5169		retval = lun->backend->config_write(new_io);
5170		ctl_set_success(ctsio);
5171		ctl_done((union ctl_io *)ctsio);
5172	} else {
5173		retval = lun->backend->config_write(
5174			(union ctl_io *)ctsio);
5175	}
5176	return (retval);
5177}
5178
5179/*
5180 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5181 * we don't really do anything with the LBA and length fields if the user
5182 * passes them in.  Instead we'll just flush out the cache for the entire
5183 * LUN.
5184 */
5185int
5186ctl_sync_cache(struct ctl_scsiio *ctsio)
5187{
5188	struct ctl_lun *lun;
5189	struct ctl_softc *softc;
5190	struct ctl_lba_len_flags *lbalen;
5191	uint64_t starting_lba;
5192	uint32_t block_count;
5193	int retval;
5194	uint8_t byte2;
5195
5196	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5197
5198	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5199	softc = lun->ctl_softc;
5200	retval = 0;
5201
5202	switch (ctsio->cdb[0]) {
5203	case SYNCHRONIZE_CACHE: {
5204		struct scsi_sync_cache *cdb;
5205		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5206
5207		starting_lba = scsi_4btoul(cdb->begin_lba);
5208		block_count = scsi_2btoul(cdb->lb_count);
5209		byte2 = cdb->byte2;
5210		break;
5211	}
5212	case SYNCHRONIZE_CACHE_16: {
5213		struct scsi_sync_cache_16 *cdb;
5214		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5215
5216		starting_lba = scsi_8btou64(cdb->begin_lba);
5217		block_count = scsi_4btoul(cdb->lb_count);
5218		byte2 = cdb->byte2;
5219		break;
5220	}
5221	default:
5222		ctl_set_invalid_opcode(ctsio);
5223		ctl_done((union ctl_io *)ctsio);
5224		goto bailout;
5225		break; /* NOTREACHED */
5226	}
5227
5228	/*
5229	 * We check the LBA and length, but don't do anything with them.
5230	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5231	 * get flushed.  This check will just help satisfy anyone who wants
5232	 * to see an error for an out of range LBA.
5233	 */
5234	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5235		ctl_set_lba_out_of_range(ctsio);
5236		ctl_done((union ctl_io *)ctsio);
5237		goto bailout;
5238	}
5239
5240	/*
5241	 * If this LUN has no backend, we can't flush the cache anyway.
5242	 */
5243	if (lun->backend == NULL) {
5244		ctl_set_invalid_opcode(ctsio);
5245		ctl_done((union ctl_io *)ctsio);
5246		goto bailout;
5247	}
5248
5249	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5250	lbalen->lba = starting_lba;
5251	lbalen->len = block_count;
5252	lbalen->flags = byte2;
5253	retval = lun->backend->config_write((union ctl_io *)ctsio);
5254
5255bailout:
5256	return (retval);
5257}
5258
5259int
5260ctl_format(struct ctl_scsiio *ctsio)
5261{
5262	struct scsi_format *cdb;
5263	struct ctl_lun *lun;
5264	int length, defect_list_len;
5265
5266	CTL_DEBUG_PRINT(("ctl_format\n"));
5267
5268	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5269
5270	cdb = (struct scsi_format *)ctsio->cdb;
5271
5272	length = 0;
5273	if (cdb->byte2 & SF_FMTDATA) {
5274		if (cdb->byte2 & SF_LONGLIST)
5275			length = sizeof(struct scsi_format_header_long);
5276		else
5277			length = sizeof(struct scsi_format_header_short);
5278	}
5279
5280	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5281	 && (length > 0)) {
5282		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5283		ctsio->kern_data_len = length;
5284		ctsio->kern_total_len = length;
5285		ctsio->kern_data_resid = 0;
5286		ctsio->kern_rel_offset = 0;
5287		ctsio->kern_sg_entries = 0;
5288		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5289		ctsio->be_move_done = ctl_config_move_done;
5290		ctl_datamove((union ctl_io *)ctsio);
5291
5292		return (CTL_RETVAL_COMPLETE);
5293	}
5294
5295	defect_list_len = 0;
5296
5297	if (cdb->byte2 & SF_FMTDATA) {
5298		if (cdb->byte2 & SF_LONGLIST) {
5299			struct scsi_format_header_long *header;
5300
5301			header = (struct scsi_format_header_long *)
5302				ctsio->kern_data_ptr;
5303
5304			defect_list_len = scsi_4btoul(header->defect_list_len);
5305			if (defect_list_len != 0) {
5306				ctl_set_invalid_field(ctsio,
5307						      /*sks_valid*/ 1,
5308						      /*command*/ 0,
5309						      /*field*/ 2,
5310						      /*bit_valid*/ 0,
5311						      /*bit*/ 0);
5312				goto bailout;
5313			}
5314		} else {
5315			struct scsi_format_header_short *header;
5316
5317			header = (struct scsi_format_header_short *)
5318				ctsio->kern_data_ptr;
5319
5320			defect_list_len = scsi_2btoul(header->defect_list_len);
5321			if (defect_list_len != 0) {
5322				ctl_set_invalid_field(ctsio,
5323						      /*sks_valid*/ 1,
5324						      /*command*/ 0,
5325						      /*field*/ 2,
5326						      /*bit_valid*/ 0,
5327						      /*bit*/ 0);
5328				goto bailout;
5329			}
5330		}
5331	}
5332
5333	/*
5334	 * The format command will clear out the "Medium format corrupted"
5335	 * status if set by the configuration code.  That status is really
5336	 * just a way to notify the host that we have lost the media, and
5337	 * get them to issue a command that will basically make them think
5338	 * they're blowing away the media.
5339	 */
5340	mtx_lock(&lun->lun_lock);
5341	lun->flags &= ~CTL_LUN_INOPERABLE;
5342	mtx_unlock(&lun->lun_lock);
5343
5344	ctl_set_success(ctsio);
5345bailout:
5346
5347	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5348		free(ctsio->kern_data_ptr, M_CTL);
5349		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5350	}
5351
5352	ctl_done((union ctl_io *)ctsio);
5353	return (CTL_RETVAL_COMPLETE);
5354}
5355
5356int
5357ctl_read_buffer(struct ctl_scsiio *ctsio)
5358{
5359	struct ctl_lun *lun;
5360	uint64_t buffer_offset;
5361	uint32_t len;
5362	uint8_t byte2;
5363	static uint8_t descr[4];
5364	static uint8_t echo_descr[4] = { 0 };
5365
5366	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5367	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5368	switch (ctsio->cdb[0]) {
5369	case READ_BUFFER: {
5370		struct scsi_read_buffer *cdb;
5371
5372		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5373		buffer_offset = scsi_3btoul(cdb->offset);
5374		len = scsi_3btoul(cdb->length);
5375		byte2 = cdb->byte2;
5376		break;
5377	}
5378	case READ_BUFFER_16: {
5379		struct scsi_read_buffer_16 *cdb;
5380
5381		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5382		buffer_offset = scsi_8btou64(cdb->offset);
5383		len = scsi_4btoul(cdb->length);
5384		byte2 = cdb->byte2;
5385		break;
5386	}
5387	default: /* This shouldn't happen. */
5388		ctl_set_invalid_opcode(ctsio);
5389		ctl_done((union ctl_io *)ctsio);
5390		return (CTL_RETVAL_COMPLETE);
5391	}
5392
5393	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5394	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5395	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5396		ctl_set_invalid_field(ctsio,
5397				      /*sks_valid*/ 1,
5398				      /*command*/ 1,
5399				      /*field*/ 1,
5400				      /*bit_valid*/ 1,
5401				      /*bit*/ 4);
5402		ctl_done((union ctl_io *)ctsio);
5403		return (CTL_RETVAL_COMPLETE);
5404	}
5405
5406	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5407	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5408		ctl_set_invalid_field(ctsio,
5409				      /*sks_valid*/ 1,
5410				      /*command*/ 1,
5411				      /*field*/ 6,
5412				      /*bit_valid*/ 0,
5413				      /*bit*/ 0);
5414		ctl_done((union ctl_io *)ctsio);
5415		return (CTL_RETVAL_COMPLETE);
5416	}
5417
5418	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5419		descr[0] = 0;
5420		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5421		ctsio->kern_data_ptr = descr;
5422		len = min(len, sizeof(descr));
5423	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5424		ctsio->kern_data_ptr = echo_descr;
5425		len = min(len, sizeof(echo_descr));
5426	} else {
5427		if (lun->write_buffer == NULL) {
5428			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5429			    M_CTL, M_WAITOK);
5430		}
5431		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5432	}
5433	ctsio->kern_data_len = len;
5434	ctsio->kern_total_len = len;
5435	ctsio->kern_data_resid = 0;
5436	ctsio->kern_rel_offset = 0;
5437	ctsio->kern_sg_entries = 0;
5438	ctl_set_success(ctsio);
5439	ctsio->be_move_done = ctl_config_move_done;
5440	ctl_datamove((union ctl_io *)ctsio);
5441	return (CTL_RETVAL_COMPLETE);
5442}
5443
5444int
5445ctl_write_buffer(struct ctl_scsiio *ctsio)
5446{
5447	struct scsi_write_buffer *cdb;
5448	struct ctl_lun *lun;
5449	int buffer_offset, len;
5450
5451	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5452
5453	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5454	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5455
5456	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5457		ctl_set_invalid_field(ctsio,
5458				      /*sks_valid*/ 1,
5459				      /*command*/ 1,
5460				      /*field*/ 1,
5461				      /*bit_valid*/ 1,
5462				      /*bit*/ 4);
5463		ctl_done((union ctl_io *)ctsio);
5464		return (CTL_RETVAL_COMPLETE);
5465	}
5466
5467	len = scsi_3btoul(cdb->length);
5468	buffer_offset = scsi_3btoul(cdb->offset);
5469
5470	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5471		ctl_set_invalid_field(ctsio,
5472				      /*sks_valid*/ 1,
5473				      /*command*/ 1,
5474				      /*field*/ 6,
5475				      /*bit_valid*/ 0,
5476				      /*bit*/ 0);
5477		ctl_done((union ctl_io *)ctsio);
5478		return (CTL_RETVAL_COMPLETE);
5479	}
5480
5481	/*
5482	 * If we've got a kernel request that hasn't been malloced yet,
5483	 * malloc it and tell the caller the data buffer is here.
5484	 */
5485	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5486		if (lun->write_buffer == NULL) {
5487			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5488			    M_CTL, M_WAITOK);
5489		}
5490		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5491		ctsio->kern_data_len = len;
5492		ctsio->kern_total_len = len;
5493		ctsio->kern_data_resid = 0;
5494		ctsio->kern_rel_offset = 0;
5495		ctsio->kern_sg_entries = 0;
5496		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5497		ctsio->be_move_done = ctl_config_move_done;
5498		ctl_datamove((union ctl_io *)ctsio);
5499
5500		return (CTL_RETVAL_COMPLETE);
5501	}
5502
5503	ctl_set_success(ctsio);
5504	ctl_done((union ctl_io *)ctsio);
5505	return (CTL_RETVAL_COMPLETE);
5506}
5507
5508int
5509ctl_write_same(struct ctl_scsiio *ctsio)
5510{
5511	struct ctl_lun *lun;
5512	struct ctl_lba_len_flags *lbalen;
5513	uint64_t lba;
5514	uint32_t num_blocks;
5515	int len, retval;
5516	uint8_t byte2;
5517
5518	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5519
5520	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5521
5522	switch (ctsio->cdb[0]) {
5523	case WRITE_SAME_10: {
5524		struct scsi_write_same_10 *cdb;
5525
5526		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5527
5528		lba = scsi_4btoul(cdb->addr);
5529		num_blocks = scsi_2btoul(cdb->length);
5530		byte2 = cdb->byte2;
5531		break;
5532	}
5533	case WRITE_SAME_16: {
5534		struct scsi_write_same_16 *cdb;
5535
5536		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5537
5538		lba = scsi_8btou64(cdb->addr);
5539		num_blocks = scsi_4btoul(cdb->length);
5540		byte2 = cdb->byte2;
5541		break;
5542	}
5543	default:
5544		/*
5545		 * We got a command we don't support.  This shouldn't
5546		 * happen, commands should be filtered out above us.
5547		 */
5548		ctl_set_invalid_opcode(ctsio);
5549		ctl_done((union ctl_io *)ctsio);
5550
5551		return (CTL_RETVAL_COMPLETE);
5552		break; /* NOTREACHED */
5553	}
5554
5555	/* ANCHOR flag can be used only together with UNMAP */
5556	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5557		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5558		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5559		ctl_done((union ctl_io *)ctsio);
5560		return (CTL_RETVAL_COMPLETE);
5561	}
5562
5563	/*
5564	 * The first check is to make sure we're in bounds, the second
5565	 * check is to catch wrap-around problems.  If the lba + num blocks
5566	 * is less than the lba, then we've wrapped around and the block
5567	 * range is invalid anyway.
5568	 */
5569	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5570	 || ((lba + num_blocks) < lba)) {
5571		ctl_set_lba_out_of_range(ctsio);
5572		ctl_done((union ctl_io *)ctsio);
5573		return (CTL_RETVAL_COMPLETE);
5574	}
5575
5576	/* Zero number of blocks means "to the last logical block" */
5577	if (num_blocks == 0) {
5578		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5579			ctl_set_invalid_field(ctsio,
5580					      /*sks_valid*/ 0,
5581					      /*command*/ 1,
5582					      /*field*/ 0,
5583					      /*bit_valid*/ 0,
5584					      /*bit*/ 0);
5585			ctl_done((union ctl_io *)ctsio);
5586			return (CTL_RETVAL_COMPLETE);
5587		}
5588		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5589	}
5590
5591	len = lun->be_lun->blocksize;
5592
5593	/*
5594	 * If we've got a kernel request that hasn't been malloced yet,
5595	 * malloc it and tell the caller the data buffer is here.
5596	 */
5597	if ((byte2 & SWS_NDOB) == 0 &&
5598	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5599		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5600		ctsio->kern_data_len = len;
5601		ctsio->kern_total_len = len;
5602		ctsio->kern_data_resid = 0;
5603		ctsio->kern_rel_offset = 0;
5604		ctsio->kern_sg_entries = 0;
5605		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5606		ctsio->be_move_done = ctl_config_move_done;
5607		ctl_datamove((union ctl_io *)ctsio);
5608
5609		return (CTL_RETVAL_COMPLETE);
5610	}
5611
5612	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5613	lbalen->lba = lba;
5614	lbalen->len = num_blocks;
5615	lbalen->flags = byte2;
5616	retval = lun->backend->config_write((union ctl_io *)ctsio);
5617
5618	return (retval);
5619}
5620
5621int
5622ctl_unmap(struct ctl_scsiio *ctsio)
5623{
5624	struct ctl_lun *lun;
5625	struct scsi_unmap *cdb;
5626	struct ctl_ptr_len_flags *ptrlen;
5627	struct scsi_unmap_header *hdr;
5628	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5629	uint64_t lba;
5630	uint32_t num_blocks;
5631	int len, retval;
5632	uint8_t byte2;
5633
5634	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5635
5636	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5637	cdb = (struct scsi_unmap *)ctsio->cdb;
5638
5639	len = scsi_2btoul(cdb->length);
5640	byte2 = cdb->byte2;
5641
5642	/*
5643	 * If we've got a kernel request that hasn't been malloced yet,
5644	 * malloc it and tell the caller the data buffer is here.
5645	 */
5646	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5647		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5648		ctsio->kern_data_len = len;
5649		ctsio->kern_total_len = len;
5650		ctsio->kern_data_resid = 0;
5651		ctsio->kern_rel_offset = 0;
5652		ctsio->kern_sg_entries = 0;
5653		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5654		ctsio->be_move_done = ctl_config_move_done;
5655		ctl_datamove((union ctl_io *)ctsio);
5656
5657		return (CTL_RETVAL_COMPLETE);
5658	}
5659
5660	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5661	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5662	if (len < sizeof (*hdr) ||
5663	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5664	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5665	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5666		ctl_set_invalid_field(ctsio,
5667				      /*sks_valid*/ 0,
5668				      /*command*/ 0,
5669				      /*field*/ 0,
5670				      /*bit_valid*/ 0,
5671				      /*bit*/ 0);
5672		goto done;
5673	}
5674	len = scsi_2btoul(hdr->desc_length);
5675	buf = (struct scsi_unmap_desc *)(hdr + 1);
5676	end = buf + len / sizeof(*buf);
5677
5678	endnz = buf;
5679	for (range = buf; range < end; range++) {
5680		lba = scsi_8btou64(range->lba);
5681		num_blocks = scsi_4btoul(range->length);
5682		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5683		 || ((lba + num_blocks) < lba)) {
5684			ctl_set_lba_out_of_range(ctsio);
5685			ctl_done((union ctl_io *)ctsio);
5686			return (CTL_RETVAL_COMPLETE);
5687		}
5688		if (num_blocks != 0)
5689			endnz = range + 1;
5690	}
5691
5692	/*
5693	 * Block backend can not handle zero last range.
5694	 * Filter it out and return if there is nothing left.
5695	 */
5696	len = (uint8_t *)endnz - (uint8_t *)buf;
5697	if (len == 0) {
5698		ctl_set_success(ctsio);
5699		goto done;
5700	}
5701
5702	mtx_lock(&lun->lun_lock);
5703	ptrlen = (struct ctl_ptr_len_flags *)
5704	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5705	ptrlen->ptr = (void *)buf;
5706	ptrlen->len = len;
5707	ptrlen->flags = byte2;
5708	ctl_check_blocked(lun);
5709	mtx_unlock(&lun->lun_lock);
5710
5711	retval = lun->backend->config_write((union ctl_io *)ctsio);
5712	return (retval);
5713
5714done:
5715	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5716		free(ctsio->kern_data_ptr, M_CTL);
5717		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5718	}
5719	ctl_done((union ctl_io *)ctsio);
5720	return (CTL_RETVAL_COMPLETE);
5721}
5722
5723/*
5724 * Note that this function currently doesn't actually do anything inside
5725 * CTL to enforce things if the DQue bit is turned on.
5726 *
5727 * Also note that this function can't be used in the default case, because
5728 * the DQue bit isn't set in the changeable mask for the control mode page
5729 * anyway.  This is just here as an example for how to implement a page
5730 * handler, and a placeholder in case we want to allow the user to turn
5731 * tagged queueing on and off.
5732 *
5733 * The D_SENSE bit handling is functional, however, and will turn
5734 * descriptor sense on and off for a given LUN.
5735 */
5736int
5737ctl_control_page_handler(struct ctl_scsiio *ctsio,
5738			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5739{
5740	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5741	struct ctl_lun *lun;
5742	int set_ua;
5743	uint32_t initidx;
5744
5745	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5746	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5747	set_ua = 0;
5748
5749	user_cp = (struct scsi_control_page *)page_ptr;
5750	current_cp = (struct scsi_control_page *)
5751		(page_index->page_data + (page_index->page_len *
5752		CTL_PAGE_CURRENT));
5753	saved_cp = (struct scsi_control_page *)
5754		(page_index->page_data + (page_index->page_len *
5755		CTL_PAGE_SAVED));
5756
5757	mtx_lock(&lun->lun_lock);
5758	if (((current_cp->rlec & SCP_DSENSE) == 0)
5759	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5760		/*
5761		 * Descriptor sense is currently turned off and the user
5762		 * wants to turn it on.
5763		 */
5764		current_cp->rlec |= SCP_DSENSE;
5765		saved_cp->rlec |= SCP_DSENSE;
5766		lun->flags |= CTL_LUN_SENSE_DESC;
5767		set_ua = 1;
5768	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5769		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5770		/*
5771		 * Descriptor sense is currently turned on, and the user
5772		 * wants to turn it off.
5773		 */
5774		current_cp->rlec &= ~SCP_DSENSE;
5775		saved_cp->rlec &= ~SCP_DSENSE;
5776		lun->flags &= ~CTL_LUN_SENSE_DESC;
5777		set_ua = 1;
5778	}
5779	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5780	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5781		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5782		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5783		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5784		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5785		set_ua = 1;
5786	}
5787	if ((current_cp->eca_and_aen & SCP_SWP) !=
5788	    (user_cp->eca_and_aen & SCP_SWP)) {
5789		current_cp->eca_and_aen &= ~SCP_SWP;
5790		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5791		saved_cp->eca_and_aen &= ~SCP_SWP;
5792		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5793		set_ua = 1;
5794	}
5795	if (set_ua != 0)
5796		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5797	mtx_unlock(&lun->lun_lock);
5798	if (set_ua) {
5799		ctl_isc_announce_mode(lun,
5800		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5801		    page_index->page_code, page_index->subpage);
5802	}
5803	return (0);
5804}
5805
5806int
5807ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5808		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5809{
5810	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5811	struct ctl_lun *lun;
5812	int set_ua;
5813	uint32_t initidx;
5814
5815	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5816	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5817	set_ua = 0;
5818
5819	user_cp = (struct scsi_caching_page *)page_ptr;
5820	current_cp = (struct scsi_caching_page *)
5821		(page_index->page_data + (page_index->page_len *
5822		CTL_PAGE_CURRENT));
5823	saved_cp = (struct scsi_caching_page *)
5824		(page_index->page_data + (page_index->page_len *
5825		CTL_PAGE_SAVED));
5826
5827	mtx_lock(&lun->lun_lock);
5828	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5829	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5830		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5831		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5832		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5833		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5834		set_ua = 1;
5835	}
5836	if (set_ua != 0)
5837		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5838	mtx_unlock(&lun->lun_lock);
5839	if (set_ua) {
5840		ctl_isc_announce_mode(lun,
5841		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5842		    page_index->page_code, page_index->subpage);
5843	}
5844	return (0);
5845}
5846
5847int
5848ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5849				struct ctl_page_index *page_index,
5850				uint8_t *page_ptr)
5851{
5852	uint8_t *c;
5853	int i;
5854
5855	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5856	ctl_time_io_secs =
5857		(c[0] << 8) |
5858		(c[1] << 0) |
5859		0;
5860	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5861	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5862	printf("page data:");
5863	for (i=0; i<8; i++)
5864		printf(" %.2x",page_ptr[i]);
5865	printf("\n");
5866	return (0);
5867}
5868
5869int
5870ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5871			       struct ctl_page_index *page_index,
5872			       int pc)
5873{
5874	struct copan_debugconf_subpage *page;
5875
5876	page = (struct copan_debugconf_subpage *)page_index->page_data +
5877		(page_index->page_len * pc);
5878
5879	switch (pc) {
5880	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5881	case SMS_PAGE_CTRL_DEFAULT >> 6:
5882	case SMS_PAGE_CTRL_SAVED >> 6:
5883		/*
5884		 * We don't update the changable or default bits for this page.
5885		 */
5886		break;
5887	case SMS_PAGE_CTRL_CURRENT >> 6:
5888		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5889		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5890		break;
5891	default:
5892		break;
5893	}
5894	return (0);
5895}
5896
5897
5898static int
5899ctl_do_mode_select(union ctl_io *io)
5900{
5901	struct scsi_mode_page_header *page_header;
5902	struct ctl_page_index *page_index;
5903	struct ctl_scsiio *ctsio;
5904	int control_dev, page_len;
5905	int page_len_offset, page_len_size;
5906	union ctl_modepage_info *modepage_info;
5907	struct ctl_lun *lun;
5908	int *len_left, *len_used;
5909	int retval, i;
5910
5911	ctsio = &io->scsiio;
5912	page_index = NULL;
5913	page_len = 0;
5914	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5915
5916	if (lun->be_lun->lun_type != T_DIRECT)
5917		control_dev = 1;
5918	else
5919		control_dev = 0;
5920
5921	modepage_info = (union ctl_modepage_info *)
5922		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5923	len_left = &modepage_info->header.len_left;
5924	len_used = &modepage_info->header.len_used;
5925
5926do_next_page:
5927
5928	page_header = (struct scsi_mode_page_header *)
5929		(ctsio->kern_data_ptr + *len_used);
5930
5931	if (*len_left == 0) {
5932		free(ctsio->kern_data_ptr, M_CTL);
5933		ctl_set_success(ctsio);
5934		ctl_done((union ctl_io *)ctsio);
5935		return (CTL_RETVAL_COMPLETE);
5936	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5937
5938		free(ctsio->kern_data_ptr, M_CTL);
5939		ctl_set_param_len_error(ctsio);
5940		ctl_done((union ctl_io *)ctsio);
5941		return (CTL_RETVAL_COMPLETE);
5942
5943	} else if ((page_header->page_code & SMPH_SPF)
5944		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5945
5946		free(ctsio->kern_data_ptr, M_CTL);
5947		ctl_set_param_len_error(ctsio);
5948		ctl_done((union ctl_io *)ctsio);
5949		return (CTL_RETVAL_COMPLETE);
5950	}
5951
5952
5953	/*
5954	 * XXX KDM should we do something with the block descriptor?
5955	 */
5956	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5957
5958		if ((control_dev != 0)
5959		 && (lun->mode_pages.index[i].page_flags &
5960		     CTL_PAGE_FLAG_DISK_ONLY))
5961			continue;
5962
5963		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5964		    (page_header->page_code & SMPH_PC_MASK))
5965			continue;
5966
5967		/*
5968		 * If neither page has a subpage code, then we've got a
5969		 * match.
5970		 */
5971		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5972		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5973			page_index = &lun->mode_pages.index[i];
5974			page_len = page_header->page_length;
5975			break;
5976		}
5977
5978		/*
5979		 * If both pages have subpages, then the subpage numbers
5980		 * have to match.
5981		 */
5982		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5983		  && (page_header->page_code & SMPH_SPF)) {
5984			struct scsi_mode_page_header_sp *sph;
5985
5986			sph = (struct scsi_mode_page_header_sp *)page_header;
5987
5988			if (lun->mode_pages.index[i].subpage ==
5989			    sph->subpage) {
5990				page_index = &lun->mode_pages.index[i];
5991				page_len = scsi_2btoul(sph->page_length);
5992				break;
5993			}
5994		}
5995	}
5996
5997	/*
5998	 * If we couldn't find the page, or if we don't have a mode select
5999	 * handler for it, send back an error to the user.
6000	 */
6001	if ((page_index == NULL)
6002	 || (page_index->select_handler == NULL)) {
6003		ctl_set_invalid_field(ctsio,
6004				      /*sks_valid*/ 1,
6005				      /*command*/ 0,
6006				      /*field*/ *len_used,
6007				      /*bit_valid*/ 0,
6008				      /*bit*/ 0);
6009		free(ctsio->kern_data_ptr, M_CTL);
6010		ctl_done((union ctl_io *)ctsio);
6011		return (CTL_RETVAL_COMPLETE);
6012	}
6013
6014	if (page_index->page_code & SMPH_SPF) {
6015		page_len_offset = 2;
6016		page_len_size = 2;
6017	} else {
6018		page_len_size = 1;
6019		page_len_offset = 1;
6020	}
6021
6022	/*
6023	 * If the length the initiator gives us isn't the one we specify in
6024	 * the mode page header, or if they didn't specify enough data in
6025	 * the CDB to avoid truncating this page, kick out the request.
6026	 */
6027	if ((page_len != (page_index->page_len - page_len_offset -
6028			  page_len_size))
6029	 || (*len_left < page_index->page_len)) {
6030
6031
6032		ctl_set_invalid_field(ctsio,
6033				      /*sks_valid*/ 1,
6034				      /*command*/ 0,
6035				      /*field*/ *len_used + page_len_offset,
6036				      /*bit_valid*/ 0,
6037				      /*bit*/ 0);
6038		free(ctsio->kern_data_ptr, M_CTL);
6039		ctl_done((union ctl_io *)ctsio);
6040		return (CTL_RETVAL_COMPLETE);
6041	}
6042
6043	/*
6044	 * Run through the mode page, checking to make sure that the bits
6045	 * the user changed are actually legal for him to change.
6046	 */
6047	for (i = 0; i < page_index->page_len; i++) {
6048		uint8_t *user_byte, *change_mask, *current_byte;
6049		int bad_bit;
6050		int j;
6051
6052		user_byte = (uint8_t *)page_header + i;
6053		change_mask = page_index->page_data +
6054			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6055		current_byte = page_index->page_data +
6056			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6057
6058		/*
6059		 * Check to see whether the user set any bits in this byte
6060		 * that he is not allowed to set.
6061		 */
6062		if ((*user_byte & ~(*change_mask)) ==
6063		    (*current_byte & ~(*change_mask)))
6064			continue;
6065
6066		/*
6067		 * Go through bit by bit to determine which one is illegal.
6068		 */
6069		bad_bit = 0;
6070		for (j = 7; j >= 0; j--) {
6071			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6072			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6073				bad_bit = i;
6074				break;
6075			}
6076		}
6077		ctl_set_invalid_field(ctsio,
6078				      /*sks_valid*/ 1,
6079				      /*command*/ 0,
6080				      /*field*/ *len_used + i,
6081				      /*bit_valid*/ 1,
6082				      /*bit*/ bad_bit);
6083		free(ctsio->kern_data_ptr, M_CTL);
6084		ctl_done((union ctl_io *)ctsio);
6085		return (CTL_RETVAL_COMPLETE);
6086	}
6087
6088	/*
6089	 * Decrement these before we call the page handler, since we may
6090	 * end up getting called back one way or another before the handler
6091	 * returns to this context.
6092	 */
6093	*len_left -= page_index->page_len;
6094	*len_used += page_index->page_len;
6095
6096	retval = page_index->select_handler(ctsio, page_index,
6097					    (uint8_t *)page_header);
6098
6099	/*
6100	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6101	 * wait until this queued command completes to finish processing
6102	 * the mode page.  If it returns anything other than
6103	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6104	 * already set the sense information, freed the data pointer, and
6105	 * completed the io for us.
6106	 */
6107	if (retval != CTL_RETVAL_COMPLETE)
6108		goto bailout_no_done;
6109
6110	/*
6111	 * If the initiator sent us more than one page, parse the next one.
6112	 */
6113	if (*len_left > 0)
6114		goto do_next_page;
6115
6116	ctl_set_success(ctsio);
6117	free(ctsio->kern_data_ptr, M_CTL);
6118	ctl_done((union ctl_io *)ctsio);
6119
6120bailout_no_done:
6121
6122	return (CTL_RETVAL_COMPLETE);
6123
6124}
6125
6126int
6127ctl_mode_select(struct ctl_scsiio *ctsio)
6128{
6129	int param_len, pf, sp;
6130	int header_size, bd_len;
6131	union ctl_modepage_info *modepage_info;
6132
6133	switch (ctsio->cdb[0]) {
6134	case MODE_SELECT_6: {
6135		struct scsi_mode_select_6 *cdb;
6136
6137		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6138
6139		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6140		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6141		param_len = cdb->length;
6142		header_size = sizeof(struct scsi_mode_header_6);
6143		break;
6144	}
6145	case MODE_SELECT_10: {
6146		struct scsi_mode_select_10 *cdb;
6147
6148		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6149
6150		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6151		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6152		param_len = scsi_2btoul(cdb->length);
6153		header_size = sizeof(struct scsi_mode_header_10);
6154		break;
6155	}
6156	default:
6157		ctl_set_invalid_opcode(ctsio);
6158		ctl_done((union ctl_io *)ctsio);
6159		return (CTL_RETVAL_COMPLETE);
6160	}
6161
6162	/*
6163	 * From SPC-3:
6164	 * "A parameter list length of zero indicates that the Data-Out Buffer
6165	 * shall be empty. This condition shall not be considered as an error."
6166	 */
6167	if (param_len == 0) {
6168		ctl_set_success(ctsio);
6169		ctl_done((union ctl_io *)ctsio);
6170		return (CTL_RETVAL_COMPLETE);
6171	}
6172
6173	/*
6174	 * Since we'll hit this the first time through, prior to
6175	 * allocation, we don't need to free a data buffer here.
6176	 */
6177	if (param_len < header_size) {
6178		ctl_set_param_len_error(ctsio);
6179		ctl_done((union ctl_io *)ctsio);
6180		return (CTL_RETVAL_COMPLETE);
6181	}
6182
6183	/*
6184	 * Allocate the data buffer and grab the user's data.  In theory,
6185	 * we shouldn't have to sanity check the parameter list length here
6186	 * because the maximum size is 64K.  We should be able to malloc
6187	 * that much without too many problems.
6188	 */
6189	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6190		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6191		ctsio->kern_data_len = param_len;
6192		ctsio->kern_total_len = param_len;
6193		ctsio->kern_data_resid = 0;
6194		ctsio->kern_rel_offset = 0;
6195		ctsio->kern_sg_entries = 0;
6196		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6197		ctsio->be_move_done = ctl_config_move_done;
6198		ctl_datamove((union ctl_io *)ctsio);
6199
6200		return (CTL_RETVAL_COMPLETE);
6201	}
6202
6203	switch (ctsio->cdb[0]) {
6204	case MODE_SELECT_6: {
6205		struct scsi_mode_header_6 *mh6;
6206
6207		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6208		bd_len = mh6->blk_desc_len;
6209		break;
6210	}
6211	case MODE_SELECT_10: {
6212		struct scsi_mode_header_10 *mh10;
6213
6214		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6215		bd_len = scsi_2btoul(mh10->blk_desc_len);
6216		break;
6217	}
6218	default:
6219		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6220		break;
6221	}
6222
6223	if (param_len < (header_size + bd_len)) {
6224		free(ctsio->kern_data_ptr, M_CTL);
6225		ctl_set_param_len_error(ctsio);
6226		ctl_done((union ctl_io *)ctsio);
6227		return (CTL_RETVAL_COMPLETE);
6228	}
6229
6230	/*
6231	 * Set the IO_CONT flag, so that if this I/O gets passed to
6232	 * ctl_config_write_done(), it'll get passed back to
6233	 * ctl_do_mode_select() for further processing, or completion if
6234	 * we're all done.
6235	 */
6236	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6237	ctsio->io_cont = ctl_do_mode_select;
6238
6239	modepage_info = (union ctl_modepage_info *)
6240		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6241	memset(modepage_info, 0, sizeof(*modepage_info));
6242	modepage_info->header.len_left = param_len - header_size - bd_len;
6243	modepage_info->header.len_used = header_size + bd_len;
6244
6245	return (ctl_do_mode_select((union ctl_io *)ctsio));
6246}
6247
6248int
6249ctl_mode_sense(struct ctl_scsiio *ctsio)
6250{
6251	struct ctl_lun *lun;
6252	int pc, page_code, dbd, llba, subpage;
6253	int alloc_len, page_len, header_len, total_len;
6254	struct scsi_mode_block_descr *block_desc;
6255	struct ctl_page_index *page_index;
6256	int control_dev;
6257
6258	dbd = 0;
6259	llba = 0;
6260	block_desc = NULL;
6261	page_index = NULL;
6262
6263	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6264
6265	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6266
6267	if (lun->be_lun->lun_type != T_DIRECT)
6268		control_dev = 1;
6269	else
6270		control_dev = 0;
6271
6272	switch (ctsio->cdb[0]) {
6273	case MODE_SENSE_6: {
6274		struct scsi_mode_sense_6 *cdb;
6275
6276		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6277
6278		header_len = sizeof(struct scsi_mode_hdr_6);
6279		if (cdb->byte2 & SMS_DBD)
6280			dbd = 1;
6281		else
6282			header_len += sizeof(struct scsi_mode_block_descr);
6283
6284		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6285		page_code = cdb->page & SMS_PAGE_CODE;
6286		subpage = cdb->subpage;
6287		alloc_len = cdb->length;
6288		break;
6289	}
6290	case MODE_SENSE_10: {
6291		struct scsi_mode_sense_10 *cdb;
6292
6293		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6294
6295		header_len = sizeof(struct scsi_mode_hdr_10);
6296
6297		if (cdb->byte2 & SMS_DBD)
6298			dbd = 1;
6299		else
6300			header_len += sizeof(struct scsi_mode_block_descr);
6301		if (cdb->byte2 & SMS10_LLBAA)
6302			llba = 1;
6303		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6304		page_code = cdb->page & SMS_PAGE_CODE;
6305		subpage = cdb->subpage;
6306		alloc_len = scsi_2btoul(cdb->length);
6307		break;
6308	}
6309	default:
6310		ctl_set_invalid_opcode(ctsio);
6311		ctl_done((union ctl_io *)ctsio);
6312		return (CTL_RETVAL_COMPLETE);
6313		break; /* NOTREACHED */
6314	}
6315
6316	/*
6317	 * We have to make a first pass through to calculate the size of
6318	 * the pages that match the user's query.  Then we allocate enough
6319	 * memory to hold it, and actually copy the data into the buffer.
6320	 */
6321	switch (page_code) {
6322	case SMS_ALL_PAGES_PAGE: {
6323		int i;
6324
6325		page_len = 0;
6326
6327		/*
6328		 * At the moment, values other than 0 and 0xff here are
6329		 * reserved according to SPC-3.
6330		 */
6331		if ((subpage != SMS_SUBPAGE_PAGE_0)
6332		 && (subpage != SMS_SUBPAGE_ALL)) {
6333			ctl_set_invalid_field(ctsio,
6334					      /*sks_valid*/ 1,
6335					      /*command*/ 1,
6336					      /*field*/ 3,
6337					      /*bit_valid*/ 0,
6338					      /*bit*/ 0);
6339			ctl_done((union ctl_io *)ctsio);
6340			return (CTL_RETVAL_COMPLETE);
6341		}
6342
6343		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6344			if ((control_dev != 0)
6345			 && (lun->mode_pages.index[i].page_flags &
6346			     CTL_PAGE_FLAG_DISK_ONLY))
6347				continue;
6348
6349			/*
6350			 * We don't use this subpage if the user didn't
6351			 * request all subpages.
6352			 */
6353			if ((lun->mode_pages.index[i].subpage != 0)
6354			 && (subpage == SMS_SUBPAGE_PAGE_0))
6355				continue;
6356
6357#if 0
6358			printf("found page %#x len %d\n",
6359			       lun->mode_pages.index[i].page_code &
6360			       SMPH_PC_MASK,
6361			       lun->mode_pages.index[i].page_len);
6362#endif
6363			page_len += lun->mode_pages.index[i].page_len;
6364		}
6365		break;
6366	}
6367	default: {
6368		int i;
6369
6370		page_len = 0;
6371
6372		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6373			/* Look for the right page code */
6374			if ((lun->mode_pages.index[i].page_code &
6375			     SMPH_PC_MASK) != page_code)
6376				continue;
6377
6378			/* Look for the right subpage or the subpage wildcard*/
6379			if ((lun->mode_pages.index[i].subpage != subpage)
6380			 && (subpage != SMS_SUBPAGE_ALL))
6381				continue;
6382
6383			/* Make sure the page is supported for this dev type */
6384			if ((control_dev != 0)
6385			 && (lun->mode_pages.index[i].page_flags &
6386			     CTL_PAGE_FLAG_DISK_ONLY))
6387				continue;
6388
6389#if 0
6390			printf("found page %#x len %d\n",
6391			       lun->mode_pages.index[i].page_code &
6392			       SMPH_PC_MASK,
6393			       lun->mode_pages.index[i].page_len);
6394#endif
6395
6396			page_len += lun->mode_pages.index[i].page_len;
6397		}
6398
6399		if (page_len == 0) {
6400			ctl_set_invalid_field(ctsio,
6401					      /*sks_valid*/ 1,
6402					      /*command*/ 1,
6403					      /*field*/ 2,
6404					      /*bit_valid*/ 1,
6405					      /*bit*/ 5);
6406			ctl_done((union ctl_io *)ctsio);
6407			return (CTL_RETVAL_COMPLETE);
6408		}
6409		break;
6410	}
6411	}
6412
6413	total_len = header_len + page_len;
6414#if 0
6415	printf("header_len = %d, page_len = %d, total_len = %d\n",
6416	       header_len, page_len, total_len);
6417#endif
6418
6419	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6420	ctsio->kern_sg_entries = 0;
6421	ctsio->kern_data_resid = 0;
6422	ctsio->kern_rel_offset = 0;
6423	if (total_len < alloc_len) {
6424		ctsio->residual = alloc_len - total_len;
6425		ctsio->kern_data_len = total_len;
6426		ctsio->kern_total_len = total_len;
6427	} else {
6428		ctsio->residual = 0;
6429		ctsio->kern_data_len = alloc_len;
6430		ctsio->kern_total_len = alloc_len;
6431	}
6432
6433	switch (ctsio->cdb[0]) {
6434	case MODE_SENSE_6: {
6435		struct scsi_mode_hdr_6 *header;
6436
6437		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6438
6439		header->datalen = MIN(total_len - 1, 254);
6440		if (control_dev == 0) {
6441			header->dev_specific = 0x10; /* DPOFUA */
6442			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6443			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6444			    .eca_and_aen & SCP_SWP) != 0)
6445				    header->dev_specific |= 0x80; /* WP */
6446		}
6447		if (dbd)
6448			header->block_descr_len = 0;
6449		else
6450			header->block_descr_len =
6451				sizeof(struct scsi_mode_block_descr);
6452		block_desc = (struct scsi_mode_block_descr *)&header[1];
6453		break;
6454	}
6455	case MODE_SENSE_10: {
6456		struct scsi_mode_hdr_10 *header;
6457		int datalen;
6458
6459		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6460
6461		datalen = MIN(total_len - 2, 65533);
6462		scsi_ulto2b(datalen, header->datalen);
6463		if (control_dev == 0) {
6464			header->dev_specific = 0x10; /* DPOFUA */
6465			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6466			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6467			    .eca_and_aen & SCP_SWP) != 0)
6468				    header->dev_specific |= 0x80; /* WP */
6469		}
6470		if (dbd)
6471			scsi_ulto2b(0, header->block_descr_len);
6472		else
6473			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6474				    header->block_descr_len);
6475		block_desc = (struct scsi_mode_block_descr *)&header[1];
6476		break;
6477	}
6478	default:
6479		panic("invalid CDB type %#x", ctsio->cdb[0]);
6480		break; /* NOTREACHED */
6481	}
6482
6483	/*
6484	 * If we've got a disk, use its blocksize in the block
6485	 * descriptor.  Otherwise, just set it to 0.
6486	 */
6487	if (dbd == 0) {
6488		if (control_dev == 0)
6489			scsi_ulto3b(lun->be_lun->blocksize,
6490				    block_desc->block_len);
6491		else
6492			scsi_ulto3b(0, block_desc->block_len);
6493	}
6494
6495	switch (page_code) {
6496	case SMS_ALL_PAGES_PAGE: {
6497		int i, data_used;
6498
6499		data_used = header_len;
6500		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6501			struct ctl_page_index *page_index;
6502
6503			page_index = &lun->mode_pages.index[i];
6504
6505			if ((control_dev != 0)
6506			 && (page_index->page_flags &
6507			    CTL_PAGE_FLAG_DISK_ONLY))
6508				continue;
6509
6510			/*
6511			 * We don't use this subpage if the user didn't
6512			 * request all subpages.  We already checked (above)
6513			 * to make sure the user only specified a subpage
6514			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6515			 */
6516			if ((page_index->subpage != 0)
6517			 && (subpage == SMS_SUBPAGE_PAGE_0))
6518				continue;
6519
6520			/*
6521			 * Call the handler, if it exists, to update the
6522			 * page to the latest values.
6523			 */
6524			if (page_index->sense_handler != NULL)
6525				page_index->sense_handler(ctsio, page_index,pc);
6526
6527			memcpy(ctsio->kern_data_ptr + data_used,
6528			       page_index->page_data +
6529			       (page_index->page_len * pc),
6530			       page_index->page_len);
6531			data_used += page_index->page_len;
6532		}
6533		break;
6534	}
6535	default: {
6536		int i, data_used;
6537
6538		data_used = header_len;
6539
6540		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6541			struct ctl_page_index *page_index;
6542
6543			page_index = &lun->mode_pages.index[i];
6544
6545			/* Look for the right page code */
6546			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6547				continue;
6548
6549			/* Look for the right subpage or the subpage wildcard*/
6550			if ((page_index->subpage != subpage)
6551			 && (subpage != SMS_SUBPAGE_ALL))
6552				continue;
6553
6554			/* Make sure the page is supported for this dev type */
6555			if ((control_dev != 0)
6556			 && (page_index->page_flags &
6557			     CTL_PAGE_FLAG_DISK_ONLY))
6558				continue;
6559
6560			/*
6561			 * Call the handler, if it exists, to update the
6562			 * page to the latest values.
6563			 */
6564			if (page_index->sense_handler != NULL)
6565				page_index->sense_handler(ctsio, page_index,pc);
6566
6567			memcpy(ctsio->kern_data_ptr + data_used,
6568			       page_index->page_data +
6569			       (page_index->page_len * pc),
6570			       page_index->page_len);
6571			data_used += page_index->page_len;
6572		}
6573		break;
6574	}
6575	}
6576
6577	ctl_set_success(ctsio);
6578	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6579	ctsio->be_move_done = ctl_config_move_done;
6580	ctl_datamove((union ctl_io *)ctsio);
6581	return (CTL_RETVAL_COMPLETE);
6582}
6583
6584int
6585ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6586			       struct ctl_page_index *page_index,
6587			       int pc)
6588{
6589	struct ctl_lun *lun;
6590	struct scsi_log_param_header *phdr;
6591	uint8_t *data;
6592	uint64_t val;
6593
6594	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6595	data = page_index->page_data;
6596
6597	if (lun->backend->lun_attr != NULL &&
6598	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6599	     != UINT64_MAX) {
6600		phdr = (struct scsi_log_param_header *)data;
6601		scsi_ulto2b(0x0001, phdr->param_code);
6602		phdr->param_control = SLP_LBIN | SLP_LP;
6603		phdr->param_len = 8;
6604		data = (uint8_t *)(phdr + 1);
6605		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6606		data[4] = 0x02; /* per-pool */
6607		data += phdr->param_len;
6608	}
6609
6610	if (lun->backend->lun_attr != NULL &&
6611	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6612	     != UINT64_MAX) {
6613		phdr = (struct scsi_log_param_header *)data;
6614		scsi_ulto2b(0x0002, phdr->param_code);
6615		phdr->param_control = SLP_LBIN | SLP_LP;
6616		phdr->param_len = 8;
6617		data = (uint8_t *)(phdr + 1);
6618		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6619		data[4] = 0x01; /* per-LUN */
6620		data += phdr->param_len;
6621	}
6622
6623	if (lun->backend->lun_attr != NULL &&
6624	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6625	     != UINT64_MAX) {
6626		phdr = (struct scsi_log_param_header *)data;
6627		scsi_ulto2b(0x00f1, phdr->param_code);
6628		phdr->param_control = SLP_LBIN | SLP_LP;
6629		phdr->param_len = 8;
6630		data = (uint8_t *)(phdr + 1);
6631		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6632		data[4] = 0x02; /* per-pool */
6633		data += phdr->param_len;
6634	}
6635
6636	if (lun->backend->lun_attr != NULL &&
6637	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6638	     != UINT64_MAX) {
6639		phdr = (struct scsi_log_param_header *)data;
6640		scsi_ulto2b(0x00f2, phdr->param_code);
6641		phdr->param_control = SLP_LBIN | SLP_LP;
6642		phdr->param_len = 8;
6643		data = (uint8_t *)(phdr + 1);
6644		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6645		data[4] = 0x02; /* per-pool */
6646		data += phdr->param_len;
6647	}
6648
6649	page_index->page_len = data - page_index->page_data;
6650	return (0);
6651}
6652
6653int
6654ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6655			       struct ctl_page_index *page_index,
6656			       int pc)
6657{
6658	struct ctl_lun *lun;
6659	struct stat_page *data;
6660	uint64_t rn, wn, rb, wb;
6661	struct bintime rt, wt;
6662	int i;
6663
6664	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6665	data = (struct stat_page *)page_index->page_data;
6666
6667	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6668	data->sap.hdr.param_control = SLP_LBIN;
6669	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6670	    sizeof(struct scsi_log_param_header);
6671	rn = wn = rb = wb = 0;
6672	bintime_clear(&rt);
6673	bintime_clear(&wt);
6674	for (i = 0; i < CTL_MAX_PORTS; i++) {
6675		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6676		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6677		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6678		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6679		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6680		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6681	}
6682	scsi_u64to8b(rn, data->sap.read_num);
6683	scsi_u64to8b(wn, data->sap.write_num);
6684	if (lun->stats.blocksize > 0) {
6685		scsi_u64to8b(wb / lun->stats.blocksize,
6686		    data->sap.recvieved_lba);
6687		scsi_u64to8b(rb / lun->stats.blocksize,
6688		    data->sap.transmitted_lba);
6689	}
6690	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6691	    data->sap.read_int);
6692	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6693	    data->sap.write_int);
6694	scsi_u64to8b(0, data->sap.weighted_num);
6695	scsi_u64to8b(0, data->sap.weighted_int);
6696	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6697	data->it.hdr.param_control = SLP_LBIN;
6698	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6699	    sizeof(struct scsi_log_param_header);
6700#ifdef CTL_TIME_IO
6701	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6702#endif
6703	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6704	data->it.hdr.param_control = SLP_LBIN;
6705	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6706	    sizeof(struct scsi_log_param_header);
6707	scsi_ulto4b(3, data->ti.exponent);
6708	scsi_ulto4b(1, data->ti.integer);
6709
6710	page_index->page_len = sizeof(*data);
6711	return (0);
6712}
6713
6714int
6715ctl_log_sense(struct ctl_scsiio *ctsio)
6716{
6717	struct ctl_lun *lun;
6718	int i, pc, page_code, subpage;
6719	int alloc_len, total_len;
6720	struct ctl_page_index *page_index;
6721	struct scsi_log_sense *cdb;
6722	struct scsi_log_header *header;
6723
6724	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6725
6726	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6727	cdb = (struct scsi_log_sense *)ctsio->cdb;
6728	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6729	page_code = cdb->page & SLS_PAGE_CODE;
6730	subpage = cdb->subpage;
6731	alloc_len = scsi_2btoul(cdb->length);
6732
6733	page_index = NULL;
6734	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6735		page_index = &lun->log_pages.index[i];
6736
6737		/* Look for the right page code */
6738		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6739			continue;
6740
6741		/* Look for the right subpage or the subpage wildcard*/
6742		if (page_index->subpage != subpage)
6743			continue;
6744
6745		break;
6746	}
6747	if (i >= CTL_NUM_LOG_PAGES) {
6748		ctl_set_invalid_field(ctsio,
6749				      /*sks_valid*/ 1,
6750				      /*command*/ 1,
6751				      /*field*/ 2,
6752				      /*bit_valid*/ 0,
6753				      /*bit*/ 0);
6754		ctl_done((union ctl_io *)ctsio);
6755		return (CTL_RETVAL_COMPLETE);
6756	}
6757
6758	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6759
6760	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6761	ctsio->kern_sg_entries = 0;
6762	ctsio->kern_data_resid = 0;
6763	ctsio->kern_rel_offset = 0;
6764	if (total_len < alloc_len) {
6765		ctsio->residual = alloc_len - total_len;
6766		ctsio->kern_data_len = total_len;
6767		ctsio->kern_total_len = total_len;
6768	} else {
6769		ctsio->residual = 0;
6770		ctsio->kern_data_len = alloc_len;
6771		ctsio->kern_total_len = alloc_len;
6772	}
6773
6774	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6775	header->page = page_index->page_code;
6776	if (page_index->subpage) {
6777		header->page |= SL_SPF;
6778		header->subpage = page_index->subpage;
6779	}
6780	scsi_ulto2b(page_index->page_len, header->datalen);
6781
6782	/*
6783	 * Call the handler, if it exists, to update the
6784	 * page to the latest values.
6785	 */
6786	if (page_index->sense_handler != NULL)
6787		page_index->sense_handler(ctsio, page_index, pc);
6788
6789	memcpy(header + 1, page_index->page_data, page_index->page_len);
6790
6791	ctl_set_success(ctsio);
6792	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6793	ctsio->be_move_done = ctl_config_move_done;
6794	ctl_datamove((union ctl_io *)ctsio);
6795	return (CTL_RETVAL_COMPLETE);
6796}
6797
6798int
6799ctl_read_capacity(struct ctl_scsiio *ctsio)
6800{
6801	struct scsi_read_capacity *cdb;
6802	struct scsi_read_capacity_data *data;
6803	struct ctl_lun *lun;
6804	uint32_t lba;
6805
6806	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6807
6808	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6809
6810	lba = scsi_4btoul(cdb->addr);
6811	if (((cdb->pmi & SRC_PMI) == 0)
6812	 && (lba != 0)) {
6813		ctl_set_invalid_field(/*ctsio*/ ctsio,
6814				      /*sks_valid*/ 1,
6815				      /*command*/ 1,
6816				      /*field*/ 2,
6817				      /*bit_valid*/ 0,
6818				      /*bit*/ 0);
6819		ctl_done((union ctl_io *)ctsio);
6820		return (CTL_RETVAL_COMPLETE);
6821	}
6822
6823	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6824
6825	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6826	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6827	ctsio->residual = 0;
6828	ctsio->kern_data_len = sizeof(*data);
6829	ctsio->kern_total_len = sizeof(*data);
6830	ctsio->kern_data_resid = 0;
6831	ctsio->kern_rel_offset = 0;
6832	ctsio->kern_sg_entries = 0;
6833
6834	/*
6835	 * If the maximum LBA is greater than 0xfffffffe, the user must
6836	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6837	 * serivce action set.
6838	 */
6839	if (lun->be_lun->maxlba > 0xfffffffe)
6840		scsi_ulto4b(0xffffffff, data->addr);
6841	else
6842		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6843
6844	/*
6845	 * XXX KDM this may not be 512 bytes...
6846	 */
6847	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6848
6849	ctl_set_success(ctsio);
6850	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6851	ctsio->be_move_done = ctl_config_move_done;
6852	ctl_datamove((union ctl_io *)ctsio);
6853	return (CTL_RETVAL_COMPLETE);
6854}
6855
6856int
6857ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6858{
6859	struct scsi_read_capacity_16 *cdb;
6860	struct scsi_read_capacity_data_long *data;
6861	struct ctl_lun *lun;
6862	uint64_t lba;
6863	uint32_t alloc_len;
6864
6865	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6866
6867	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6868
6869	alloc_len = scsi_4btoul(cdb->alloc_len);
6870	lba = scsi_8btou64(cdb->addr);
6871
6872	if ((cdb->reladr & SRC16_PMI)
6873	 && (lba != 0)) {
6874		ctl_set_invalid_field(/*ctsio*/ ctsio,
6875				      /*sks_valid*/ 1,
6876				      /*command*/ 1,
6877				      /*field*/ 2,
6878				      /*bit_valid*/ 0,
6879				      /*bit*/ 0);
6880		ctl_done((union ctl_io *)ctsio);
6881		return (CTL_RETVAL_COMPLETE);
6882	}
6883
6884	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6885
6886	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6887	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6888
6889	if (sizeof(*data) < alloc_len) {
6890		ctsio->residual = alloc_len - sizeof(*data);
6891		ctsio->kern_data_len = sizeof(*data);
6892		ctsio->kern_total_len = sizeof(*data);
6893	} else {
6894		ctsio->residual = 0;
6895		ctsio->kern_data_len = alloc_len;
6896		ctsio->kern_total_len = alloc_len;
6897	}
6898	ctsio->kern_data_resid = 0;
6899	ctsio->kern_rel_offset = 0;
6900	ctsio->kern_sg_entries = 0;
6901
6902	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6903	/* XXX KDM this may not be 512 bytes... */
6904	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6905	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6906	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6907	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6908		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6909
6910	ctl_set_success(ctsio);
6911	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6912	ctsio->be_move_done = ctl_config_move_done;
6913	ctl_datamove((union ctl_io *)ctsio);
6914	return (CTL_RETVAL_COMPLETE);
6915}
6916
6917int
6918ctl_get_lba_status(struct ctl_scsiio *ctsio)
6919{
6920	struct scsi_get_lba_status *cdb;
6921	struct scsi_get_lba_status_data *data;
6922	struct ctl_lun *lun;
6923	struct ctl_lba_len_flags *lbalen;
6924	uint64_t lba;
6925	uint32_t alloc_len, total_len;
6926	int retval;
6927
6928	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6929
6930	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6931	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6932	lba = scsi_8btou64(cdb->addr);
6933	alloc_len = scsi_4btoul(cdb->alloc_len);
6934
6935	if (lba > lun->be_lun->maxlba) {
6936		ctl_set_lba_out_of_range(ctsio);
6937		ctl_done((union ctl_io *)ctsio);
6938		return (CTL_RETVAL_COMPLETE);
6939	}
6940
6941	total_len = sizeof(*data) + sizeof(data->descr[0]);
6942	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6943	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6944
6945	if (total_len < alloc_len) {
6946		ctsio->residual = alloc_len - total_len;
6947		ctsio->kern_data_len = total_len;
6948		ctsio->kern_total_len = total_len;
6949	} else {
6950		ctsio->residual = 0;
6951		ctsio->kern_data_len = alloc_len;
6952		ctsio->kern_total_len = alloc_len;
6953	}
6954	ctsio->kern_data_resid = 0;
6955	ctsio->kern_rel_offset = 0;
6956	ctsio->kern_sg_entries = 0;
6957
6958	/* Fill dummy data in case backend can't tell anything. */
6959	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6960	scsi_u64to8b(lba, data->descr[0].addr);
6961	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6962	    data->descr[0].length);
6963	data->descr[0].status = 0; /* Mapped or unknown. */
6964
6965	ctl_set_success(ctsio);
6966	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6967	ctsio->be_move_done = ctl_config_move_done;
6968
6969	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6970	lbalen->lba = lba;
6971	lbalen->len = total_len;
6972	lbalen->flags = 0;
6973	retval = lun->backend->config_read((union ctl_io *)ctsio);
6974	return (CTL_RETVAL_COMPLETE);
6975}
6976
6977int
6978ctl_read_defect(struct ctl_scsiio *ctsio)
6979{
6980	struct scsi_read_defect_data_10 *ccb10;
6981	struct scsi_read_defect_data_12 *ccb12;
6982	struct scsi_read_defect_data_hdr_10 *data10;
6983	struct scsi_read_defect_data_hdr_12 *data12;
6984	uint32_t alloc_len, data_len;
6985	uint8_t format;
6986
6987	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6988
6989	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6990		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6991		format = ccb10->format;
6992		alloc_len = scsi_2btoul(ccb10->alloc_length);
6993		data_len = sizeof(*data10);
6994	} else {
6995		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6996		format = ccb12->format;
6997		alloc_len = scsi_4btoul(ccb12->alloc_length);
6998		data_len = sizeof(*data12);
6999	}
7000	if (alloc_len == 0) {
7001		ctl_set_success(ctsio);
7002		ctl_done((union ctl_io *)ctsio);
7003		return (CTL_RETVAL_COMPLETE);
7004	}
7005
7006	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7007	if (data_len < alloc_len) {
7008		ctsio->residual = alloc_len - data_len;
7009		ctsio->kern_data_len = data_len;
7010		ctsio->kern_total_len = data_len;
7011	} else {
7012		ctsio->residual = 0;
7013		ctsio->kern_data_len = alloc_len;
7014		ctsio->kern_total_len = alloc_len;
7015	}
7016	ctsio->kern_data_resid = 0;
7017	ctsio->kern_rel_offset = 0;
7018	ctsio->kern_sg_entries = 0;
7019
7020	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7021		data10 = (struct scsi_read_defect_data_hdr_10 *)
7022		    ctsio->kern_data_ptr;
7023		data10->format = format;
7024		scsi_ulto2b(0, data10->length);
7025	} else {
7026		data12 = (struct scsi_read_defect_data_hdr_12 *)
7027		    ctsio->kern_data_ptr;
7028		data12->format = format;
7029		scsi_ulto2b(0, data12->generation);
7030		scsi_ulto4b(0, data12->length);
7031	}
7032
7033	ctl_set_success(ctsio);
7034	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7035	ctsio->be_move_done = ctl_config_move_done;
7036	ctl_datamove((union ctl_io *)ctsio);
7037	return (CTL_RETVAL_COMPLETE);
7038}
7039
7040int
7041ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7042{
7043	struct scsi_maintenance_in *cdb;
7044	int retval;
7045	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7046	int num_target_port_groups, num_target_ports;
7047	struct ctl_lun *lun;
7048	struct ctl_softc *softc;
7049	struct ctl_port *port;
7050	struct scsi_target_group_data *rtg_ptr;
7051	struct scsi_target_group_data_extended *rtg_ext_ptr;
7052	struct scsi_target_port_group_descriptor *tpg_desc;
7053
7054	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7055
7056	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7057	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7058	softc = lun->ctl_softc;
7059
7060	retval = CTL_RETVAL_COMPLETE;
7061
7062	switch (cdb->byte2 & STG_PDF_MASK) {
7063	case STG_PDF_LENGTH:
7064		ext = 0;
7065		break;
7066	case STG_PDF_EXTENDED:
7067		ext = 1;
7068		break;
7069	default:
7070		ctl_set_invalid_field(/*ctsio*/ ctsio,
7071				      /*sks_valid*/ 1,
7072				      /*command*/ 1,
7073				      /*field*/ 2,
7074				      /*bit_valid*/ 1,
7075				      /*bit*/ 5);
7076		ctl_done((union ctl_io *)ctsio);
7077		return(retval);
7078	}
7079
7080	if (softc->is_single)
7081		num_target_port_groups = 1;
7082	else
7083		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7084	num_target_ports = 0;
7085	mtx_lock(&softc->ctl_lock);
7086	STAILQ_FOREACH(port, &softc->port_list, links) {
7087		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7088			continue;
7089		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7090			continue;
7091		num_target_ports++;
7092	}
7093	mtx_unlock(&softc->ctl_lock);
7094
7095	if (ext)
7096		total_len = sizeof(struct scsi_target_group_data_extended);
7097	else
7098		total_len = sizeof(struct scsi_target_group_data);
7099	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7100		num_target_port_groups +
7101	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7102
7103	alloc_len = scsi_4btoul(cdb->length);
7104
7105	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7106
7107	ctsio->kern_sg_entries = 0;
7108
7109	if (total_len < alloc_len) {
7110		ctsio->residual = alloc_len - total_len;
7111		ctsio->kern_data_len = total_len;
7112		ctsio->kern_total_len = total_len;
7113	} else {
7114		ctsio->residual = 0;
7115		ctsio->kern_data_len = alloc_len;
7116		ctsio->kern_total_len = alloc_len;
7117	}
7118	ctsio->kern_data_resid = 0;
7119	ctsio->kern_rel_offset = 0;
7120
7121	if (ext) {
7122		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7123		    ctsio->kern_data_ptr;
7124		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7125		rtg_ext_ptr->format_type = 0x10;
7126		rtg_ext_ptr->implicit_transition_time = 0;
7127		tpg_desc = &rtg_ext_ptr->groups[0];
7128	} else {
7129		rtg_ptr = (struct scsi_target_group_data *)
7130		    ctsio->kern_data_ptr;
7131		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7132		tpg_desc = &rtg_ptr->groups[0];
7133	}
7134
7135	mtx_lock(&softc->ctl_lock);
7136	pg = softc->port_min / softc->port_cnt;
7137	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7138		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7139	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7140		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7141	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7142		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7143	else
7144		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7145	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7146		os = gs;
7147		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7148	} else
7149		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7150	for (g = 0; g < num_target_port_groups; g++) {
7151		tpg_desc->pref_state = (g == pg) ? gs : os;
7152		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7153		    TPG_U_SUP | TPG_T_SUP;
7154		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7155		tpg_desc->status = TPG_IMPLICIT;
7156		pc = 0;
7157		STAILQ_FOREACH(port, &softc->port_list, links) {
7158			if (port->targ_port < g * softc->port_cnt ||
7159			    port->targ_port >= (g + 1) * softc->port_cnt)
7160				continue;
7161			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7162				continue;
7163			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7164				continue;
7165			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7166			    relative_target_port_identifier);
7167			pc++;
7168		}
7169		tpg_desc->target_port_count = pc;
7170		tpg_desc = (struct scsi_target_port_group_descriptor *)
7171		    &tpg_desc->descriptors[pc];
7172	}
7173	mtx_unlock(&softc->ctl_lock);
7174
7175	ctl_set_success(ctsio);
7176	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7177	ctsio->be_move_done = ctl_config_move_done;
7178	ctl_datamove((union ctl_io *)ctsio);
7179	return(retval);
7180}
7181
7182int
7183ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7184{
7185	struct ctl_lun *lun;
7186	struct scsi_report_supported_opcodes *cdb;
7187	const struct ctl_cmd_entry *entry, *sentry;
7188	struct scsi_report_supported_opcodes_all *all;
7189	struct scsi_report_supported_opcodes_descr *descr;
7190	struct scsi_report_supported_opcodes_one *one;
7191	int retval;
7192	int alloc_len, total_len;
7193	int opcode, service_action, i, j, num;
7194
7195	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7196
7197	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7198	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7199
7200	retval = CTL_RETVAL_COMPLETE;
7201
7202	opcode = cdb->requested_opcode;
7203	service_action = scsi_2btoul(cdb->requested_service_action);
7204	switch (cdb->options & RSO_OPTIONS_MASK) {
7205	case RSO_OPTIONS_ALL:
7206		num = 0;
7207		for (i = 0; i < 256; i++) {
7208			entry = &ctl_cmd_table[i];
7209			if (entry->flags & CTL_CMD_FLAG_SA5) {
7210				for (j = 0; j < 32; j++) {
7211					sentry = &((const struct ctl_cmd_entry *)
7212					    entry->execute)[j];
7213					if (ctl_cmd_applicable(
7214					    lun->be_lun->lun_type, sentry))
7215						num++;
7216				}
7217			} else {
7218				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7219				    entry))
7220					num++;
7221			}
7222		}
7223		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7224		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7225		break;
7226	case RSO_OPTIONS_OC:
7227		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7228			ctl_set_invalid_field(/*ctsio*/ ctsio,
7229					      /*sks_valid*/ 1,
7230					      /*command*/ 1,
7231					      /*field*/ 2,
7232					      /*bit_valid*/ 1,
7233					      /*bit*/ 2);
7234			ctl_done((union ctl_io *)ctsio);
7235			return (CTL_RETVAL_COMPLETE);
7236		}
7237		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7238		break;
7239	case RSO_OPTIONS_OC_SA:
7240		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7241		    service_action >= 32) {
7242			ctl_set_invalid_field(/*ctsio*/ ctsio,
7243					      /*sks_valid*/ 1,
7244					      /*command*/ 1,
7245					      /*field*/ 2,
7246					      /*bit_valid*/ 1,
7247					      /*bit*/ 2);
7248			ctl_done((union ctl_io *)ctsio);
7249			return (CTL_RETVAL_COMPLETE);
7250		}
7251		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7252		break;
7253	default:
7254		ctl_set_invalid_field(/*ctsio*/ ctsio,
7255				      /*sks_valid*/ 1,
7256				      /*command*/ 1,
7257				      /*field*/ 2,
7258				      /*bit_valid*/ 1,
7259				      /*bit*/ 2);
7260		ctl_done((union ctl_io *)ctsio);
7261		return (CTL_RETVAL_COMPLETE);
7262	}
7263
7264	alloc_len = scsi_4btoul(cdb->length);
7265
7266	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7267
7268	ctsio->kern_sg_entries = 0;
7269
7270	if (total_len < alloc_len) {
7271		ctsio->residual = alloc_len - total_len;
7272		ctsio->kern_data_len = total_len;
7273		ctsio->kern_total_len = total_len;
7274	} else {
7275		ctsio->residual = 0;
7276		ctsio->kern_data_len = alloc_len;
7277		ctsio->kern_total_len = alloc_len;
7278	}
7279	ctsio->kern_data_resid = 0;
7280	ctsio->kern_rel_offset = 0;
7281
7282	switch (cdb->options & RSO_OPTIONS_MASK) {
7283	case RSO_OPTIONS_ALL:
7284		all = (struct scsi_report_supported_opcodes_all *)
7285		    ctsio->kern_data_ptr;
7286		num = 0;
7287		for (i = 0; i < 256; i++) {
7288			entry = &ctl_cmd_table[i];
7289			if (entry->flags & CTL_CMD_FLAG_SA5) {
7290				for (j = 0; j < 32; j++) {
7291					sentry = &((const struct ctl_cmd_entry *)
7292					    entry->execute)[j];
7293					if (!ctl_cmd_applicable(
7294					    lun->be_lun->lun_type, sentry))
7295						continue;
7296					descr = &all->descr[num++];
7297					descr->opcode = i;
7298					scsi_ulto2b(j, descr->service_action);
7299					descr->flags = RSO_SERVACTV;
7300					scsi_ulto2b(sentry->length,
7301					    descr->cdb_length);
7302				}
7303			} else {
7304				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7305				    entry))
7306					continue;
7307				descr = &all->descr[num++];
7308				descr->opcode = i;
7309				scsi_ulto2b(0, descr->service_action);
7310				descr->flags = 0;
7311				scsi_ulto2b(entry->length, descr->cdb_length);
7312			}
7313		}
7314		scsi_ulto4b(
7315		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7316		    all->length);
7317		break;
7318	case RSO_OPTIONS_OC:
7319		one = (struct scsi_report_supported_opcodes_one *)
7320		    ctsio->kern_data_ptr;
7321		entry = &ctl_cmd_table[opcode];
7322		goto fill_one;
7323	case RSO_OPTIONS_OC_SA:
7324		one = (struct scsi_report_supported_opcodes_one *)
7325		    ctsio->kern_data_ptr;
7326		entry = &ctl_cmd_table[opcode];
7327		entry = &((const struct ctl_cmd_entry *)
7328		    entry->execute)[service_action];
7329fill_one:
7330		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7331			one->support = 3;
7332			scsi_ulto2b(entry->length, one->cdb_length);
7333			one->cdb_usage[0] = opcode;
7334			memcpy(&one->cdb_usage[1], entry->usage,
7335			    entry->length - 1);
7336		} else
7337			one->support = 1;
7338		break;
7339	}
7340
7341	ctl_set_success(ctsio);
7342	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7343	ctsio->be_move_done = ctl_config_move_done;
7344	ctl_datamove((union ctl_io *)ctsio);
7345	return(retval);
7346}
7347
7348int
7349ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7350{
7351	struct scsi_report_supported_tmf *cdb;
7352	struct scsi_report_supported_tmf_data *data;
7353	int retval;
7354	int alloc_len, total_len;
7355
7356	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7357
7358	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7359
7360	retval = CTL_RETVAL_COMPLETE;
7361
7362	total_len = sizeof(struct scsi_report_supported_tmf_data);
7363	alloc_len = scsi_4btoul(cdb->length);
7364
7365	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7366
7367	ctsio->kern_sg_entries = 0;
7368
7369	if (total_len < alloc_len) {
7370		ctsio->residual = alloc_len - total_len;
7371		ctsio->kern_data_len = total_len;
7372		ctsio->kern_total_len = total_len;
7373	} else {
7374		ctsio->residual = 0;
7375		ctsio->kern_data_len = alloc_len;
7376		ctsio->kern_total_len = alloc_len;
7377	}
7378	ctsio->kern_data_resid = 0;
7379	ctsio->kern_rel_offset = 0;
7380
7381	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7382	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7383	    RST_TRS;
7384	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7385
7386	ctl_set_success(ctsio);
7387	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7388	ctsio->be_move_done = ctl_config_move_done;
7389	ctl_datamove((union ctl_io *)ctsio);
7390	return (retval);
7391}
7392
7393int
7394ctl_report_timestamp(struct ctl_scsiio *ctsio)
7395{
7396	struct scsi_report_timestamp *cdb;
7397	struct scsi_report_timestamp_data *data;
7398	struct timeval tv;
7399	int64_t timestamp;
7400	int retval;
7401	int alloc_len, total_len;
7402
7403	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7404
7405	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7406
7407	retval = CTL_RETVAL_COMPLETE;
7408
7409	total_len = sizeof(struct scsi_report_timestamp_data);
7410	alloc_len = scsi_4btoul(cdb->length);
7411
7412	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7413
7414	ctsio->kern_sg_entries = 0;
7415
7416	if (total_len < alloc_len) {
7417		ctsio->residual = alloc_len - total_len;
7418		ctsio->kern_data_len = total_len;
7419		ctsio->kern_total_len = total_len;
7420	} else {
7421		ctsio->residual = 0;
7422		ctsio->kern_data_len = alloc_len;
7423		ctsio->kern_total_len = alloc_len;
7424	}
7425	ctsio->kern_data_resid = 0;
7426	ctsio->kern_rel_offset = 0;
7427
7428	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7429	scsi_ulto2b(sizeof(*data) - 2, data->length);
7430	data->origin = RTS_ORIG_OUTSIDE;
7431	getmicrotime(&tv);
7432	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7433	scsi_ulto4b(timestamp >> 16, data->timestamp);
7434	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7435
7436	ctl_set_success(ctsio);
7437	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7438	ctsio->be_move_done = ctl_config_move_done;
7439	ctl_datamove((union ctl_io *)ctsio);
7440	return (retval);
7441}
7442
7443int
7444ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7445{
7446	struct scsi_per_res_in *cdb;
7447	int alloc_len, total_len = 0;
7448	/* struct scsi_per_res_in_rsrv in_data; */
7449	struct ctl_lun *lun;
7450	struct ctl_softc *softc;
7451	uint64_t key;
7452
7453	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7454
7455	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7456
7457	alloc_len = scsi_2btoul(cdb->length);
7458
7459	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7460	softc = lun->ctl_softc;
7461
7462retry:
7463	mtx_lock(&lun->lun_lock);
7464	switch (cdb->action) {
7465	case SPRI_RK: /* read keys */
7466		total_len = sizeof(struct scsi_per_res_in_keys) +
7467			lun->pr_key_count *
7468			sizeof(struct scsi_per_res_key);
7469		break;
7470	case SPRI_RR: /* read reservation */
7471		if (lun->flags & CTL_LUN_PR_RESERVED)
7472			total_len = sizeof(struct scsi_per_res_in_rsrv);
7473		else
7474			total_len = sizeof(struct scsi_per_res_in_header);
7475		break;
7476	case SPRI_RC: /* report capabilities */
7477		total_len = sizeof(struct scsi_per_res_cap);
7478		break;
7479	case SPRI_RS: /* read full status */
7480		total_len = sizeof(struct scsi_per_res_in_header) +
7481		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7482		    lun->pr_key_count;
7483		break;
7484	default:
7485		panic("Invalid PR type %x", cdb->action);
7486	}
7487	mtx_unlock(&lun->lun_lock);
7488
7489	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7490
7491	if (total_len < alloc_len) {
7492		ctsio->residual = alloc_len - total_len;
7493		ctsio->kern_data_len = total_len;
7494		ctsio->kern_total_len = total_len;
7495	} else {
7496		ctsio->residual = 0;
7497		ctsio->kern_data_len = alloc_len;
7498		ctsio->kern_total_len = alloc_len;
7499	}
7500
7501	ctsio->kern_data_resid = 0;
7502	ctsio->kern_rel_offset = 0;
7503	ctsio->kern_sg_entries = 0;
7504
7505	mtx_lock(&lun->lun_lock);
7506	switch (cdb->action) {
7507	case SPRI_RK: { // read keys
7508        struct scsi_per_res_in_keys *res_keys;
7509		int i, key_count;
7510
7511		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7512
7513		/*
7514		 * We had to drop the lock to allocate our buffer, which
7515		 * leaves time for someone to come in with another
7516		 * persistent reservation.  (That is unlikely, though,
7517		 * since this should be the only persistent reservation
7518		 * command active right now.)
7519		 */
7520		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7521		    (lun->pr_key_count *
7522		     sizeof(struct scsi_per_res_key)))){
7523			mtx_unlock(&lun->lun_lock);
7524			free(ctsio->kern_data_ptr, M_CTL);
7525			printf("%s: reservation length changed, retrying\n",
7526			       __func__);
7527			goto retry;
7528		}
7529
7530		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7531
7532		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7533			     lun->pr_key_count, res_keys->header.length);
7534
7535		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7536			if ((key = ctl_get_prkey(lun, i)) == 0)
7537				continue;
7538
7539			/*
7540			 * We used lun->pr_key_count to calculate the
7541			 * size to allocate.  If it turns out the number of
7542			 * initiators with the registered flag set is
7543			 * larger than that (i.e. they haven't been kept in
7544			 * sync), we've got a problem.
7545			 */
7546			if (key_count >= lun->pr_key_count) {
7547				key_count++;
7548				continue;
7549			}
7550			scsi_u64to8b(key, res_keys->keys[key_count].key);
7551			key_count++;
7552		}
7553		break;
7554	}
7555	case SPRI_RR: { // read reservation
7556		struct scsi_per_res_in_rsrv *res;
7557		int tmp_len, header_only;
7558
7559		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7560
7561		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7562
7563		if (lun->flags & CTL_LUN_PR_RESERVED)
7564		{
7565			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7566			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7567				    res->header.length);
7568			header_only = 0;
7569		} else {
7570			tmp_len = sizeof(struct scsi_per_res_in_header);
7571			scsi_ulto4b(0, res->header.length);
7572			header_only = 1;
7573		}
7574
7575		/*
7576		 * We had to drop the lock to allocate our buffer, which
7577		 * leaves time for someone to come in with another
7578		 * persistent reservation.  (That is unlikely, though,
7579		 * since this should be the only persistent reservation
7580		 * command active right now.)
7581		 */
7582		if (tmp_len != total_len) {
7583			mtx_unlock(&lun->lun_lock);
7584			free(ctsio->kern_data_ptr, M_CTL);
7585			printf("%s: reservation status changed, retrying\n",
7586			       __func__);
7587			goto retry;
7588		}
7589
7590		/*
7591		 * No reservation held, so we're done.
7592		 */
7593		if (header_only != 0)
7594			break;
7595
7596		/*
7597		 * If the registration is an All Registrants type, the key
7598		 * is 0, since it doesn't really matter.
7599		 */
7600		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7601			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7602			    res->data.reservation);
7603		}
7604		res->data.scopetype = lun->res_type;
7605		break;
7606	}
7607	case SPRI_RC:     //report capabilities
7608	{
7609		struct scsi_per_res_cap *res_cap;
7610		uint16_t type_mask;
7611
7612		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7613		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7614		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7615		type_mask = SPRI_TM_WR_EX_AR |
7616			    SPRI_TM_EX_AC_RO |
7617			    SPRI_TM_WR_EX_RO |
7618			    SPRI_TM_EX_AC |
7619			    SPRI_TM_WR_EX |
7620			    SPRI_TM_EX_AC_AR;
7621		scsi_ulto2b(type_mask, res_cap->type_mask);
7622		break;
7623	}
7624	case SPRI_RS: { // read full status
7625		struct scsi_per_res_in_full *res_status;
7626		struct scsi_per_res_in_full_desc *res_desc;
7627		struct ctl_port *port;
7628		int i, len;
7629
7630		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7631
7632		/*
7633		 * We had to drop the lock to allocate our buffer, which
7634		 * leaves time for someone to come in with another
7635		 * persistent reservation.  (That is unlikely, though,
7636		 * since this should be the only persistent reservation
7637		 * command active right now.)
7638		 */
7639		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7640		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7641		     lun->pr_key_count)){
7642			mtx_unlock(&lun->lun_lock);
7643			free(ctsio->kern_data_ptr, M_CTL);
7644			printf("%s: reservation length changed, retrying\n",
7645			       __func__);
7646			goto retry;
7647		}
7648
7649		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7650
7651		res_desc = &res_status->desc[0];
7652		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7653			if ((key = ctl_get_prkey(lun, i)) == 0)
7654				continue;
7655
7656			scsi_u64to8b(key, res_desc->res_key.key);
7657			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7658			    (lun->pr_res_idx == i ||
7659			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7660				res_desc->flags = SPRI_FULL_R_HOLDER;
7661				res_desc->scopetype = lun->res_type;
7662			}
7663			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7664			    res_desc->rel_trgt_port_id);
7665			len = 0;
7666			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7667			if (port != NULL)
7668				len = ctl_create_iid(port,
7669				    i % CTL_MAX_INIT_PER_PORT,
7670				    res_desc->transport_id);
7671			scsi_ulto4b(len, res_desc->additional_length);
7672			res_desc = (struct scsi_per_res_in_full_desc *)
7673			    &res_desc->transport_id[len];
7674		}
7675		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7676		    res_status->header.length);
7677		break;
7678	}
7679	default:
7680		/*
7681		 * This is a bug, because we just checked for this above,
7682		 * and should have returned an error.
7683		 */
7684		panic("Invalid PR type %x", cdb->action);
7685		break; /* NOTREACHED */
7686	}
7687	mtx_unlock(&lun->lun_lock);
7688
7689	ctl_set_success(ctsio);
7690	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7691	ctsio->be_move_done = ctl_config_move_done;
7692	ctl_datamove((union ctl_io *)ctsio);
7693	return (CTL_RETVAL_COMPLETE);
7694}
7695
7696/*
7697 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7698 * it should return.
7699 */
7700static int
7701ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7702		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7703		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7704		struct scsi_per_res_out_parms* param)
7705{
7706	union ctl_ha_msg persis_io;
7707	int i;
7708
7709	mtx_lock(&lun->lun_lock);
7710	if (sa_res_key == 0) {
7711		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7712			/* validate scope and type */
7713			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7714			     SPR_LU_SCOPE) {
7715				mtx_unlock(&lun->lun_lock);
7716				ctl_set_invalid_field(/*ctsio*/ ctsio,
7717						      /*sks_valid*/ 1,
7718						      /*command*/ 1,
7719						      /*field*/ 2,
7720						      /*bit_valid*/ 1,
7721						      /*bit*/ 4);
7722				ctl_done((union ctl_io *)ctsio);
7723				return (1);
7724			}
7725
7726		        if (type>8 || type==2 || type==4 || type==0) {
7727				mtx_unlock(&lun->lun_lock);
7728				ctl_set_invalid_field(/*ctsio*/ ctsio,
7729       	           				      /*sks_valid*/ 1,
7730						      /*command*/ 1,
7731						      /*field*/ 2,
7732						      /*bit_valid*/ 1,
7733						      /*bit*/ 0);
7734				ctl_done((union ctl_io *)ctsio);
7735				return (1);
7736		        }
7737
7738			/*
7739			 * Unregister everybody else and build UA for
7740			 * them
7741			 */
7742			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7743				if (i == residx || ctl_get_prkey(lun, i) == 0)
7744					continue;
7745
7746				ctl_clr_prkey(lun, i);
7747				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7748			}
7749			lun->pr_key_count = 1;
7750			lun->res_type = type;
7751			if (lun->res_type != SPR_TYPE_WR_EX_AR
7752			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7753				lun->pr_res_idx = residx;
7754			lun->PRGeneration++;
7755			mtx_unlock(&lun->lun_lock);
7756
7757			/* send msg to other side */
7758			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7759			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7760			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7761			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7762			persis_io.pr.pr_info.res_type = type;
7763			memcpy(persis_io.pr.pr_info.sa_res_key,
7764			       param->serv_act_res_key,
7765			       sizeof(param->serv_act_res_key));
7766			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7767			    sizeof(persis_io.pr), M_WAITOK);
7768		} else {
7769			/* not all registrants */
7770			mtx_unlock(&lun->lun_lock);
7771			free(ctsio->kern_data_ptr, M_CTL);
7772			ctl_set_invalid_field(ctsio,
7773					      /*sks_valid*/ 1,
7774					      /*command*/ 0,
7775					      /*field*/ 8,
7776					      /*bit_valid*/ 0,
7777					      /*bit*/ 0);
7778			ctl_done((union ctl_io *)ctsio);
7779			return (1);
7780		}
7781	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7782		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7783		int found = 0;
7784
7785		if (res_key == sa_res_key) {
7786			/* special case */
7787			/*
7788			 * The spec implies this is not good but doesn't
7789			 * say what to do. There are two choices either
7790			 * generate a res conflict or check condition
7791			 * with illegal field in parameter data. Since
7792			 * that is what is done when the sa_res_key is
7793			 * zero I'll take that approach since this has
7794			 * to do with the sa_res_key.
7795			 */
7796			mtx_unlock(&lun->lun_lock);
7797			free(ctsio->kern_data_ptr, M_CTL);
7798			ctl_set_invalid_field(ctsio,
7799					      /*sks_valid*/ 1,
7800					      /*command*/ 0,
7801					      /*field*/ 8,
7802					      /*bit_valid*/ 0,
7803					      /*bit*/ 0);
7804			ctl_done((union ctl_io *)ctsio);
7805			return (1);
7806		}
7807
7808		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7809			if (ctl_get_prkey(lun, i) != sa_res_key)
7810				continue;
7811
7812			found = 1;
7813			ctl_clr_prkey(lun, i);
7814			lun->pr_key_count--;
7815			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7816		}
7817		if (!found) {
7818			mtx_unlock(&lun->lun_lock);
7819			free(ctsio->kern_data_ptr, M_CTL);
7820			ctl_set_reservation_conflict(ctsio);
7821			ctl_done((union ctl_io *)ctsio);
7822			return (CTL_RETVAL_COMPLETE);
7823		}
7824		lun->PRGeneration++;
7825		mtx_unlock(&lun->lun_lock);
7826
7827		/* send msg to other side */
7828		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7829		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7830		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7831		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7832		persis_io.pr.pr_info.res_type = type;
7833		memcpy(persis_io.pr.pr_info.sa_res_key,
7834		       param->serv_act_res_key,
7835		       sizeof(param->serv_act_res_key));
7836		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7837		    sizeof(persis_io.pr), M_WAITOK);
7838	} else {
7839		/* Reserved but not all registrants */
7840		/* sa_res_key is res holder */
7841		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7842			/* validate scope and type */
7843			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7844			     SPR_LU_SCOPE) {
7845				mtx_unlock(&lun->lun_lock);
7846				ctl_set_invalid_field(/*ctsio*/ ctsio,
7847						      /*sks_valid*/ 1,
7848						      /*command*/ 1,
7849						      /*field*/ 2,
7850						      /*bit_valid*/ 1,
7851						      /*bit*/ 4);
7852				ctl_done((union ctl_io *)ctsio);
7853				return (1);
7854			}
7855
7856			if (type>8 || type==2 || type==4 || type==0) {
7857				mtx_unlock(&lun->lun_lock);
7858				ctl_set_invalid_field(/*ctsio*/ ctsio,
7859						      /*sks_valid*/ 1,
7860						      /*command*/ 1,
7861						      /*field*/ 2,
7862						      /*bit_valid*/ 1,
7863						      /*bit*/ 0);
7864				ctl_done((union ctl_io *)ctsio);
7865				return (1);
7866			}
7867
7868			/*
7869			 * Do the following:
7870			 * if sa_res_key != res_key remove all
7871			 * registrants w/sa_res_key and generate UA
7872			 * for these registrants(Registrations
7873			 * Preempted) if it wasn't an exclusive
7874			 * reservation generate UA(Reservations
7875			 * Preempted) for all other registered nexuses
7876			 * if the type has changed. Establish the new
7877			 * reservation and holder. If res_key and
7878			 * sa_res_key are the same do the above
7879			 * except don't unregister the res holder.
7880			 */
7881
7882			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7883				if (i == residx || ctl_get_prkey(lun, i) == 0)
7884					continue;
7885
7886				if (sa_res_key == ctl_get_prkey(lun, i)) {
7887					ctl_clr_prkey(lun, i);
7888					lun->pr_key_count--;
7889					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7890				} else if (type != lun->res_type
7891					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7892					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7893					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7894				}
7895			}
7896			lun->res_type = type;
7897			if (lun->res_type != SPR_TYPE_WR_EX_AR
7898			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7899				lun->pr_res_idx = residx;
7900			else
7901				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7902			lun->PRGeneration++;
7903			mtx_unlock(&lun->lun_lock);
7904
7905			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7906			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7907			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7908			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7909			persis_io.pr.pr_info.res_type = type;
7910			memcpy(persis_io.pr.pr_info.sa_res_key,
7911			       param->serv_act_res_key,
7912			       sizeof(param->serv_act_res_key));
7913			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7914			    sizeof(persis_io.pr), M_WAITOK);
7915		} else {
7916			/*
7917			 * sa_res_key is not the res holder just
7918			 * remove registrants
7919			 */
7920			int found=0;
7921
7922			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7923				if (sa_res_key != ctl_get_prkey(lun, i))
7924					continue;
7925
7926				found = 1;
7927				ctl_clr_prkey(lun, i);
7928				lun->pr_key_count--;
7929				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7930			}
7931
7932			if (!found) {
7933				mtx_unlock(&lun->lun_lock);
7934				free(ctsio->kern_data_ptr, M_CTL);
7935				ctl_set_reservation_conflict(ctsio);
7936				ctl_done((union ctl_io *)ctsio);
7937		        	return (1);
7938			}
7939			lun->PRGeneration++;
7940			mtx_unlock(&lun->lun_lock);
7941
7942			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7943			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7944			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7945			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7946			persis_io.pr.pr_info.res_type = type;
7947			memcpy(persis_io.pr.pr_info.sa_res_key,
7948			       param->serv_act_res_key,
7949			       sizeof(param->serv_act_res_key));
7950			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7951			    sizeof(persis_io.pr), M_WAITOK);
7952		}
7953	}
7954	return (0);
7955}
7956
7957static void
7958ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7959{
7960	uint64_t sa_res_key;
7961	int i;
7962
7963	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7964
7965	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7966	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7967	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7968		if (sa_res_key == 0) {
7969			/*
7970			 * Unregister everybody else and build UA for
7971			 * them
7972			 */
7973			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7974				if (i == msg->pr.pr_info.residx ||
7975				    ctl_get_prkey(lun, i) == 0)
7976					continue;
7977
7978				ctl_clr_prkey(lun, i);
7979				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7980			}
7981
7982			lun->pr_key_count = 1;
7983			lun->res_type = msg->pr.pr_info.res_type;
7984			if (lun->res_type != SPR_TYPE_WR_EX_AR
7985			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7986				lun->pr_res_idx = msg->pr.pr_info.residx;
7987		} else {
7988		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7989				if (sa_res_key == ctl_get_prkey(lun, i))
7990					continue;
7991
7992				ctl_clr_prkey(lun, i);
7993				lun->pr_key_count--;
7994				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7995			}
7996		}
7997	} else {
7998		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7999			if (i == msg->pr.pr_info.residx ||
8000			    ctl_get_prkey(lun, i) == 0)
8001				continue;
8002
8003			if (sa_res_key == ctl_get_prkey(lun, i)) {
8004				ctl_clr_prkey(lun, i);
8005				lun->pr_key_count--;
8006				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8007			} else if (msg->pr.pr_info.res_type != lun->res_type
8008				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8009				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8010				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8011			}
8012		}
8013		lun->res_type = msg->pr.pr_info.res_type;
8014		if (lun->res_type != SPR_TYPE_WR_EX_AR
8015		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8016			lun->pr_res_idx = msg->pr.pr_info.residx;
8017		else
8018			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8019	}
8020	lun->PRGeneration++;
8021
8022}
8023
8024
8025int
8026ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8027{
8028	int retval;
8029	u_int32_t param_len;
8030	struct scsi_per_res_out *cdb;
8031	struct ctl_lun *lun;
8032	struct scsi_per_res_out_parms* param;
8033	struct ctl_softc *softc;
8034	uint32_t residx;
8035	uint64_t res_key, sa_res_key, key;
8036	uint8_t type;
8037	union ctl_ha_msg persis_io;
8038	int    i;
8039
8040	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8041
8042	retval = CTL_RETVAL_COMPLETE;
8043
8044	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8045	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8046	softc = lun->ctl_softc;
8047
8048	/*
8049	 * We only support whole-LUN scope.  The scope & type are ignored for
8050	 * register, register and ignore existing key and clear.
8051	 * We sometimes ignore scope and type on preempts too!!
8052	 * Verify reservation type here as well.
8053	 */
8054	type = cdb->scope_type & SPR_TYPE_MASK;
8055	if ((cdb->action == SPRO_RESERVE)
8056	 || (cdb->action == SPRO_RELEASE)) {
8057		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8058			ctl_set_invalid_field(/*ctsio*/ ctsio,
8059					      /*sks_valid*/ 1,
8060					      /*command*/ 1,
8061					      /*field*/ 2,
8062					      /*bit_valid*/ 1,
8063					      /*bit*/ 4);
8064			ctl_done((union ctl_io *)ctsio);
8065			return (CTL_RETVAL_COMPLETE);
8066		}
8067
8068		if (type>8 || type==2 || type==4 || type==0) {
8069			ctl_set_invalid_field(/*ctsio*/ ctsio,
8070					      /*sks_valid*/ 1,
8071					      /*command*/ 1,
8072					      /*field*/ 2,
8073					      /*bit_valid*/ 1,
8074					      /*bit*/ 0);
8075			ctl_done((union ctl_io *)ctsio);
8076			return (CTL_RETVAL_COMPLETE);
8077		}
8078	}
8079
8080	param_len = scsi_4btoul(cdb->length);
8081
8082	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8083		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8084		ctsio->kern_data_len = param_len;
8085		ctsio->kern_total_len = param_len;
8086		ctsio->kern_data_resid = 0;
8087		ctsio->kern_rel_offset = 0;
8088		ctsio->kern_sg_entries = 0;
8089		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8090		ctsio->be_move_done = ctl_config_move_done;
8091		ctl_datamove((union ctl_io *)ctsio);
8092
8093		return (CTL_RETVAL_COMPLETE);
8094	}
8095
8096	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8097
8098	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8099	res_key = scsi_8btou64(param->res_key.key);
8100	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8101
8102	/*
8103	 * Validate the reservation key here except for SPRO_REG_IGNO
8104	 * This must be done for all other service actions
8105	 */
8106	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8107		mtx_lock(&lun->lun_lock);
8108		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8109			if (res_key != key) {
8110				/*
8111				 * The current key passed in doesn't match
8112				 * the one the initiator previously
8113				 * registered.
8114				 */
8115				mtx_unlock(&lun->lun_lock);
8116				free(ctsio->kern_data_ptr, M_CTL);
8117				ctl_set_reservation_conflict(ctsio);
8118				ctl_done((union ctl_io *)ctsio);
8119				return (CTL_RETVAL_COMPLETE);
8120			}
8121		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8122			/*
8123			 * We are not registered
8124			 */
8125			mtx_unlock(&lun->lun_lock);
8126			free(ctsio->kern_data_ptr, M_CTL);
8127			ctl_set_reservation_conflict(ctsio);
8128			ctl_done((union ctl_io *)ctsio);
8129			return (CTL_RETVAL_COMPLETE);
8130		} else if (res_key != 0) {
8131			/*
8132			 * We are not registered and trying to register but
8133			 * the register key isn't zero.
8134			 */
8135			mtx_unlock(&lun->lun_lock);
8136			free(ctsio->kern_data_ptr, M_CTL);
8137			ctl_set_reservation_conflict(ctsio);
8138			ctl_done((union ctl_io *)ctsio);
8139			return (CTL_RETVAL_COMPLETE);
8140		}
8141		mtx_unlock(&lun->lun_lock);
8142	}
8143
8144	switch (cdb->action & SPRO_ACTION_MASK) {
8145	case SPRO_REGISTER:
8146	case SPRO_REG_IGNO: {
8147
8148#if 0
8149		printf("Registration received\n");
8150#endif
8151
8152		/*
8153		 * We don't support any of these options, as we report in
8154		 * the read capabilities request (see
8155		 * ctl_persistent_reserve_in(), above).
8156		 */
8157		if ((param->flags & SPR_SPEC_I_PT)
8158		 || (param->flags & SPR_ALL_TG_PT)
8159		 || (param->flags & SPR_APTPL)) {
8160			int bit_ptr;
8161
8162			if (param->flags & SPR_APTPL)
8163				bit_ptr = 0;
8164			else if (param->flags & SPR_ALL_TG_PT)
8165				bit_ptr = 2;
8166			else /* SPR_SPEC_I_PT */
8167				bit_ptr = 3;
8168
8169			free(ctsio->kern_data_ptr, M_CTL);
8170			ctl_set_invalid_field(ctsio,
8171					      /*sks_valid*/ 1,
8172					      /*command*/ 0,
8173					      /*field*/ 20,
8174					      /*bit_valid*/ 1,
8175					      /*bit*/ bit_ptr);
8176			ctl_done((union ctl_io *)ctsio);
8177			return (CTL_RETVAL_COMPLETE);
8178		}
8179
8180		mtx_lock(&lun->lun_lock);
8181
8182		/*
8183		 * The initiator wants to clear the
8184		 * key/unregister.
8185		 */
8186		if (sa_res_key == 0) {
8187			if ((res_key == 0
8188			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8189			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8190			  && ctl_get_prkey(lun, residx) == 0)) {
8191				mtx_unlock(&lun->lun_lock);
8192				goto done;
8193			}
8194
8195			ctl_clr_prkey(lun, residx);
8196			lun->pr_key_count--;
8197
8198			if (residx == lun->pr_res_idx) {
8199				lun->flags &= ~CTL_LUN_PR_RESERVED;
8200				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8201
8202				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8203				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8204				 && lun->pr_key_count) {
8205					/*
8206					 * If the reservation is a registrants
8207					 * only type we need to generate a UA
8208					 * for other registered inits.  The
8209					 * sense code should be RESERVATIONS
8210					 * RELEASED
8211					 */
8212
8213					for (i = softc->init_min; i < softc->init_max; i++){
8214						if (ctl_get_prkey(lun, i) == 0)
8215							continue;
8216						ctl_est_ua(lun, i,
8217						    CTL_UA_RES_RELEASE);
8218					}
8219				}
8220				lun->res_type = 0;
8221			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8222				if (lun->pr_key_count==0) {
8223					lun->flags &= ~CTL_LUN_PR_RESERVED;
8224					lun->res_type = 0;
8225					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8226				}
8227			}
8228			lun->PRGeneration++;
8229			mtx_unlock(&lun->lun_lock);
8230
8231			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8232			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8233			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8234			persis_io.pr.pr_info.residx = residx;
8235			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8236			    sizeof(persis_io.pr), M_WAITOK);
8237		} else /* sa_res_key != 0 */ {
8238
8239			/*
8240			 * If we aren't registered currently then increment
8241			 * the key count and set the registered flag.
8242			 */
8243			ctl_alloc_prkey(lun, residx);
8244			if (ctl_get_prkey(lun, residx) == 0)
8245				lun->pr_key_count++;
8246			ctl_set_prkey(lun, residx, sa_res_key);
8247			lun->PRGeneration++;
8248			mtx_unlock(&lun->lun_lock);
8249
8250			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8251			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8252			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8253			persis_io.pr.pr_info.residx = residx;
8254			memcpy(persis_io.pr.pr_info.sa_res_key,
8255			       param->serv_act_res_key,
8256			       sizeof(param->serv_act_res_key));
8257			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8258			    sizeof(persis_io.pr), M_WAITOK);
8259		}
8260
8261		break;
8262	}
8263	case SPRO_RESERVE:
8264#if 0
8265                printf("Reserve executed type %d\n", type);
8266#endif
8267		mtx_lock(&lun->lun_lock);
8268		if (lun->flags & CTL_LUN_PR_RESERVED) {
8269			/*
8270			 * if this isn't the reservation holder and it's
8271			 * not a "all registrants" type or if the type is
8272			 * different then we have a conflict
8273			 */
8274			if ((lun->pr_res_idx != residx
8275			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8276			 || lun->res_type != type) {
8277				mtx_unlock(&lun->lun_lock);
8278				free(ctsio->kern_data_ptr, M_CTL);
8279				ctl_set_reservation_conflict(ctsio);
8280				ctl_done((union ctl_io *)ctsio);
8281				return (CTL_RETVAL_COMPLETE);
8282			}
8283			mtx_unlock(&lun->lun_lock);
8284		} else /* create a reservation */ {
8285			/*
8286			 * If it's not an "all registrants" type record
8287			 * reservation holder
8288			 */
8289			if (type != SPR_TYPE_WR_EX_AR
8290			 && type != SPR_TYPE_EX_AC_AR)
8291				lun->pr_res_idx = residx; /* Res holder */
8292			else
8293				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8294
8295			lun->flags |= CTL_LUN_PR_RESERVED;
8296			lun->res_type = type;
8297
8298			mtx_unlock(&lun->lun_lock);
8299
8300			/* send msg to other side */
8301			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8302			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8303			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8304			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8305			persis_io.pr.pr_info.res_type = type;
8306			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8307			    sizeof(persis_io.pr), M_WAITOK);
8308		}
8309		break;
8310
8311	case SPRO_RELEASE:
8312		mtx_lock(&lun->lun_lock);
8313		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8314			/* No reservation exists return good status */
8315			mtx_unlock(&lun->lun_lock);
8316			goto done;
8317		}
8318		/*
8319		 * Is this nexus a reservation holder?
8320		 */
8321		if (lun->pr_res_idx != residx
8322		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8323			/*
8324			 * not a res holder return good status but
8325			 * do nothing
8326			 */
8327			mtx_unlock(&lun->lun_lock);
8328			goto done;
8329		}
8330
8331		if (lun->res_type != type) {
8332			mtx_unlock(&lun->lun_lock);
8333			free(ctsio->kern_data_ptr, M_CTL);
8334			ctl_set_illegal_pr_release(ctsio);
8335			ctl_done((union ctl_io *)ctsio);
8336			return (CTL_RETVAL_COMPLETE);
8337		}
8338
8339		/* okay to release */
8340		lun->flags &= ~CTL_LUN_PR_RESERVED;
8341		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8342		lun->res_type = 0;
8343
8344		/*
8345		 * if this isn't an exclusive access
8346		 * res generate UA for all other
8347		 * registrants.
8348		 */
8349		if (type != SPR_TYPE_EX_AC
8350		 && type != SPR_TYPE_WR_EX) {
8351			for (i = softc->init_min; i < softc->init_max; i++) {
8352				if (i == residx || ctl_get_prkey(lun, i) == 0)
8353					continue;
8354				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8355			}
8356		}
8357		mtx_unlock(&lun->lun_lock);
8358
8359		/* Send msg to other side */
8360		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8361		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8362		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8363		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8364		     sizeof(persis_io.pr), M_WAITOK);
8365		break;
8366
8367	case SPRO_CLEAR:
8368		/* send msg to other side */
8369
8370		mtx_lock(&lun->lun_lock);
8371		lun->flags &= ~CTL_LUN_PR_RESERVED;
8372		lun->res_type = 0;
8373		lun->pr_key_count = 0;
8374		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8375
8376		ctl_clr_prkey(lun, residx);
8377		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8378			if (ctl_get_prkey(lun, i) != 0) {
8379				ctl_clr_prkey(lun, i);
8380				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8381			}
8382		lun->PRGeneration++;
8383		mtx_unlock(&lun->lun_lock);
8384
8385		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8386		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8387		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8388		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8389		     sizeof(persis_io.pr), M_WAITOK);
8390		break;
8391
8392	case SPRO_PREEMPT:
8393	case SPRO_PRE_ABO: {
8394		int nretval;
8395
8396		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8397					  residx, ctsio, cdb, param);
8398		if (nretval != 0)
8399			return (CTL_RETVAL_COMPLETE);
8400		break;
8401	}
8402	default:
8403		panic("Invalid PR type %x", cdb->action);
8404	}
8405
8406done:
8407	free(ctsio->kern_data_ptr, M_CTL);
8408	ctl_set_success(ctsio);
8409	ctl_done((union ctl_io *)ctsio);
8410
8411	return (retval);
8412}
8413
8414/*
8415 * This routine is for handling a message from the other SC pertaining to
8416 * persistent reserve out. All the error checking will have been done
8417 * so only perorming the action need be done here to keep the two
8418 * in sync.
8419 */
8420static void
8421ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8422{
8423	struct ctl_softc *softc = control_softc;
8424	struct ctl_lun *lun;
8425	int i;
8426	uint32_t residx, targ_lun;
8427
8428	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8429	mtx_lock(&softc->ctl_lock);
8430	if ((targ_lun >= CTL_MAX_LUNS) ||
8431	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8432		mtx_unlock(&softc->ctl_lock);
8433		return;
8434	}
8435	mtx_lock(&lun->lun_lock);
8436	mtx_unlock(&softc->ctl_lock);
8437	if (lun->flags & CTL_LUN_DISABLED) {
8438		mtx_unlock(&lun->lun_lock);
8439		return;
8440	}
8441	residx = ctl_get_initindex(&msg->hdr.nexus);
8442	switch(msg->pr.pr_info.action) {
8443	case CTL_PR_REG_KEY:
8444		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8445		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8446			lun->pr_key_count++;
8447		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8448		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8449		lun->PRGeneration++;
8450		break;
8451
8452	case CTL_PR_UNREG_KEY:
8453		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8454		lun->pr_key_count--;
8455
8456		/* XXX Need to see if the reservation has been released */
8457		/* if so do we need to generate UA? */
8458		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8459			lun->flags &= ~CTL_LUN_PR_RESERVED;
8460			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8461
8462			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8463			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8464			 && lun->pr_key_count) {
8465				/*
8466				 * If the reservation is a registrants
8467				 * only type we need to generate a UA
8468				 * for other registered inits.  The
8469				 * sense code should be RESERVATIONS
8470				 * RELEASED
8471				 */
8472
8473				for (i = softc->init_min; i < softc->init_max; i++) {
8474					if (ctl_get_prkey(lun, i) == 0)
8475						continue;
8476
8477					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8478				}
8479			}
8480			lun->res_type = 0;
8481		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8482			if (lun->pr_key_count==0) {
8483				lun->flags &= ~CTL_LUN_PR_RESERVED;
8484				lun->res_type = 0;
8485				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8486			}
8487		}
8488		lun->PRGeneration++;
8489		break;
8490
8491	case CTL_PR_RESERVE:
8492		lun->flags |= CTL_LUN_PR_RESERVED;
8493		lun->res_type = msg->pr.pr_info.res_type;
8494		lun->pr_res_idx = msg->pr.pr_info.residx;
8495
8496		break;
8497
8498	case CTL_PR_RELEASE:
8499		/*
8500		 * if this isn't an exclusive access res generate UA for all
8501		 * other registrants.
8502		 */
8503		if (lun->res_type != SPR_TYPE_EX_AC
8504		 && lun->res_type != SPR_TYPE_WR_EX) {
8505			for (i = softc->init_min; i < softc->init_max; i++)
8506				if (i == residx || ctl_get_prkey(lun, i) == 0)
8507					continue;
8508				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8509		}
8510
8511		lun->flags &= ~CTL_LUN_PR_RESERVED;
8512		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8513		lun->res_type = 0;
8514		break;
8515
8516	case CTL_PR_PREEMPT:
8517		ctl_pro_preempt_other(lun, msg);
8518		break;
8519	case CTL_PR_CLEAR:
8520		lun->flags &= ~CTL_LUN_PR_RESERVED;
8521		lun->res_type = 0;
8522		lun->pr_key_count = 0;
8523		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8524
8525		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8526			if (ctl_get_prkey(lun, i) == 0)
8527				continue;
8528			ctl_clr_prkey(lun, i);
8529			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8530		}
8531		lun->PRGeneration++;
8532		break;
8533	}
8534
8535	mtx_unlock(&lun->lun_lock);
8536}
8537
8538int
8539ctl_read_write(struct ctl_scsiio *ctsio)
8540{
8541	struct ctl_lun *lun;
8542	struct ctl_lba_len_flags *lbalen;
8543	uint64_t lba;
8544	uint32_t num_blocks;
8545	int flags, retval;
8546	int isread;
8547
8548	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8549
8550	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8551
8552	flags = 0;
8553	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8554	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8555	switch (ctsio->cdb[0]) {
8556	case READ_6:
8557	case WRITE_6: {
8558		struct scsi_rw_6 *cdb;
8559
8560		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8561
8562		lba = scsi_3btoul(cdb->addr);
8563		/* only 5 bits are valid in the most significant address byte */
8564		lba &= 0x1fffff;
8565		num_blocks = cdb->length;
8566		/*
8567		 * This is correct according to SBC-2.
8568		 */
8569		if (num_blocks == 0)
8570			num_blocks = 256;
8571		break;
8572	}
8573	case READ_10:
8574	case WRITE_10: {
8575		struct scsi_rw_10 *cdb;
8576
8577		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8578		if (cdb->byte2 & SRW10_FUA)
8579			flags |= CTL_LLF_FUA;
8580		if (cdb->byte2 & SRW10_DPO)
8581			flags |= CTL_LLF_DPO;
8582		lba = scsi_4btoul(cdb->addr);
8583		num_blocks = scsi_2btoul(cdb->length);
8584		break;
8585	}
8586	case WRITE_VERIFY_10: {
8587		struct scsi_write_verify_10 *cdb;
8588
8589		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8590		flags |= CTL_LLF_FUA;
8591		if (cdb->byte2 & SWV_DPO)
8592			flags |= CTL_LLF_DPO;
8593		lba = scsi_4btoul(cdb->addr);
8594		num_blocks = scsi_2btoul(cdb->length);
8595		break;
8596	}
8597	case READ_12:
8598	case WRITE_12: {
8599		struct scsi_rw_12 *cdb;
8600
8601		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8602		if (cdb->byte2 & SRW12_FUA)
8603			flags |= CTL_LLF_FUA;
8604		if (cdb->byte2 & SRW12_DPO)
8605			flags |= CTL_LLF_DPO;
8606		lba = scsi_4btoul(cdb->addr);
8607		num_blocks = scsi_4btoul(cdb->length);
8608		break;
8609	}
8610	case WRITE_VERIFY_12: {
8611		struct scsi_write_verify_12 *cdb;
8612
8613		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8614		flags |= CTL_LLF_FUA;
8615		if (cdb->byte2 & SWV_DPO)
8616			flags |= CTL_LLF_DPO;
8617		lba = scsi_4btoul(cdb->addr);
8618		num_blocks = scsi_4btoul(cdb->length);
8619		break;
8620	}
8621	case READ_16:
8622	case WRITE_16: {
8623		struct scsi_rw_16 *cdb;
8624
8625		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8626		if (cdb->byte2 & SRW12_FUA)
8627			flags |= CTL_LLF_FUA;
8628		if (cdb->byte2 & SRW12_DPO)
8629			flags |= CTL_LLF_DPO;
8630		lba = scsi_8btou64(cdb->addr);
8631		num_blocks = scsi_4btoul(cdb->length);
8632		break;
8633	}
8634	case WRITE_ATOMIC_16: {
8635		struct scsi_write_atomic_16 *cdb;
8636
8637		if (lun->be_lun->atomicblock == 0) {
8638			ctl_set_invalid_opcode(ctsio);
8639			ctl_done((union ctl_io *)ctsio);
8640			return (CTL_RETVAL_COMPLETE);
8641		}
8642
8643		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8644		if (cdb->byte2 & SRW12_FUA)
8645			flags |= CTL_LLF_FUA;
8646		if (cdb->byte2 & SRW12_DPO)
8647			flags |= CTL_LLF_DPO;
8648		lba = scsi_8btou64(cdb->addr);
8649		num_blocks = scsi_2btoul(cdb->length);
8650		if (num_blocks > lun->be_lun->atomicblock) {
8651			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8652			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8653			    /*bit*/ 0);
8654			ctl_done((union ctl_io *)ctsio);
8655			return (CTL_RETVAL_COMPLETE);
8656		}
8657		break;
8658	}
8659	case WRITE_VERIFY_16: {
8660		struct scsi_write_verify_16 *cdb;
8661
8662		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8663		flags |= CTL_LLF_FUA;
8664		if (cdb->byte2 & SWV_DPO)
8665			flags |= CTL_LLF_DPO;
8666		lba = scsi_8btou64(cdb->addr);
8667		num_blocks = scsi_4btoul(cdb->length);
8668		break;
8669	}
8670	default:
8671		/*
8672		 * We got a command we don't support.  This shouldn't
8673		 * happen, commands should be filtered out above us.
8674		 */
8675		ctl_set_invalid_opcode(ctsio);
8676		ctl_done((union ctl_io *)ctsio);
8677
8678		return (CTL_RETVAL_COMPLETE);
8679		break; /* NOTREACHED */
8680	}
8681
8682	/*
8683	 * The first check is to make sure we're in bounds, the second
8684	 * check is to catch wrap-around problems.  If the lba + num blocks
8685	 * is less than the lba, then we've wrapped around and the block
8686	 * range is invalid anyway.
8687	 */
8688	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8689	 || ((lba + num_blocks) < lba)) {
8690		ctl_set_lba_out_of_range(ctsio);
8691		ctl_done((union ctl_io *)ctsio);
8692		return (CTL_RETVAL_COMPLETE);
8693	}
8694
8695	/*
8696	 * According to SBC-3, a transfer length of 0 is not an error.
8697	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8698	 * translates to 256 blocks for those commands.
8699	 */
8700	if (num_blocks == 0) {
8701		ctl_set_success(ctsio);
8702		ctl_done((union ctl_io *)ctsio);
8703		return (CTL_RETVAL_COMPLETE);
8704	}
8705
8706	/* Set FUA and/or DPO if caches are disabled. */
8707	if (isread) {
8708		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8709		    SCP_RCD) != 0)
8710			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8711	} else {
8712		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8713		    SCP_WCE) == 0)
8714			flags |= CTL_LLF_FUA;
8715	}
8716
8717	lbalen = (struct ctl_lba_len_flags *)
8718	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8719	lbalen->lba = lba;
8720	lbalen->len = num_blocks;
8721	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8722
8723	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8724	ctsio->kern_rel_offset = 0;
8725
8726	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8727
8728	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8729	return (retval);
8730}
8731
8732static int
8733ctl_cnw_cont(union ctl_io *io)
8734{
8735	struct ctl_scsiio *ctsio;
8736	struct ctl_lun *lun;
8737	struct ctl_lba_len_flags *lbalen;
8738	int retval;
8739
8740	ctsio = &io->scsiio;
8741	ctsio->io_hdr.status = CTL_STATUS_NONE;
8742	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8743	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8744	lbalen = (struct ctl_lba_len_flags *)
8745	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8746	lbalen->flags &= ~CTL_LLF_COMPARE;
8747	lbalen->flags |= CTL_LLF_WRITE;
8748
8749	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8750	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8751	return (retval);
8752}
8753
8754int
8755ctl_cnw(struct ctl_scsiio *ctsio)
8756{
8757	struct ctl_lun *lun;
8758	struct ctl_lba_len_flags *lbalen;
8759	uint64_t lba;
8760	uint32_t num_blocks;
8761	int flags, retval;
8762
8763	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8764
8765	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8766
8767	flags = 0;
8768	switch (ctsio->cdb[0]) {
8769	case COMPARE_AND_WRITE: {
8770		struct scsi_compare_and_write *cdb;
8771
8772		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8773		if (cdb->byte2 & SRW10_FUA)
8774			flags |= CTL_LLF_FUA;
8775		if (cdb->byte2 & SRW10_DPO)
8776			flags |= CTL_LLF_DPO;
8777		lba = scsi_8btou64(cdb->addr);
8778		num_blocks = cdb->length;
8779		break;
8780	}
8781	default:
8782		/*
8783		 * We got a command we don't support.  This shouldn't
8784		 * happen, commands should be filtered out above us.
8785		 */
8786		ctl_set_invalid_opcode(ctsio);
8787		ctl_done((union ctl_io *)ctsio);
8788
8789		return (CTL_RETVAL_COMPLETE);
8790		break; /* NOTREACHED */
8791	}
8792
8793	/*
8794	 * The first check is to make sure we're in bounds, the second
8795	 * check is to catch wrap-around problems.  If the lba + num blocks
8796	 * is less than the lba, then we've wrapped around and the block
8797	 * range is invalid anyway.
8798	 */
8799	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8800	 || ((lba + num_blocks) < lba)) {
8801		ctl_set_lba_out_of_range(ctsio);
8802		ctl_done((union ctl_io *)ctsio);
8803		return (CTL_RETVAL_COMPLETE);
8804	}
8805
8806	/*
8807	 * According to SBC-3, a transfer length of 0 is not an error.
8808	 */
8809	if (num_blocks == 0) {
8810		ctl_set_success(ctsio);
8811		ctl_done((union ctl_io *)ctsio);
8812		return (CTL_RETVAL_COMPLETE);
8813	}
8814
8815	/* Set FUA if write cache is disabled. */
8816	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8817	    SCP_WCE) == 0)
8818		flags |= CTL_LLF_FUA;
8819
8820	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8821	ctsio->kern_rel_offset = 0;
8822
8823	/*
8824	 * Set the IO_CONT flag, so that if this I/O gets passed to
8825	 * ctl_data_submit_done(), it'll get passed back to
8826	 * ctl_ctl_cnw_cont() for further processing.
8827	 */
8828	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8829	ctsio->io_cont = ctl_cnw_cont;
8830
8831	lbalen = (struct ctl_lba_len_flags *)
8832	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8833	lbalen->lba = lba;
8834	lbalen->len = num_blocks;
8835	lbalen->flags = CTL_LLF_COMPARE | flags;
8836
8837	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8838	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8839	return (retval);
8840}
8841
8842int
8843ctl_verify(struct ctl_scsiio *ctsio)
8844{
8845	struct ctl_lun *lun;
8846	struct ctl_lba_len_flags *lbalen;
8847	uint64_t lba;
8848	uint32_t num_blocks;
8849	int bytchk, flags;
8850	int retval;
8851
8852	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8853
8854	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8855
8856	bytchk = 0;
8857	flags = CTL_LLF_FUA;
8858	switch (ctsio->cdb[0]) {
8859	case VERIFY_10: {
8860		struct scsi_verify_10 *cdb;
8861
8862		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8863		if (cdb->byte2 & SVFY_BYTCHK)
8864			bytchk = 1;
8865		if (cdb->byte2 & SVFY_DPO)
8866			flags |= CTL_LLF_DPO;
8867		lba = scsi_4btoul(cdb->addr);
8868		num_blocks = scsi_2btoul(cdb->length);
8869		break;
8870	}
8871	case VERIFY_12: {
8872		struct scsi_verify_12 *cdb;
8873
8874		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8875		if (cdb->byte2 & SVFY_BYTCHK)
8876			bytchk = 1;
8877		if (cdb->byte2 & SVFY_DPO)
8878			flags |= CTL_LLF_DPO;
8879		lba = scsi_4btoul(cdb->addr);
8880		num_blocks = scsi_4btoul(cdb->length);
8881		break;
8882	}
8883	case VERIFY_16: {
8884		struct scsi_rw_16 *cdb;
8885
8886		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8887		if (cdb->byte2 & SVFY_BYTCHK)
8888			bytchk = 1;
8889		if (cdb->byte2 & SVFY_DPO)
8890			flags |= CTL_LLF_DPO;
8891		lba = scsi_8btou64(cdb->addr);
8892		num_blocks = scsi_4btoul(cdb->length);
8893		break;
8894	}
8895	default:
8896		/*
8897		 * We got a command we don't support.  This shouldn't
8898		 * happen, commands should be filtered out above us.
8899		 */
8900		ctl_set_invalid_opcode(ctsio);
8901		ctl_done((union ctl_io *)ctsio);
8902		return (CTL_RETVAL_COMPLETE);
8903	}
8904
8905	/*
8906	 * The first check is to make sure we're in bounds, the second
8907	 * check is to catch wrap-around problems.  If the lba + num blocks
8908	 * is less than the lba, then we've wrapped around and the block
8909	 * range is invalid anyway.
8910	 */
8911	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8912	 || ((lba + num_blocks) < lba)) {
8913		ctl_set_lba_out_of_range(ctsio);
8914		ctl_done((union ctl_io *)ctsio);
8915		return (CTL_RETVAL_COMPLETE);
8916	}
8917
8918	/*
8919	 * According to SBC-3, a transfer length of 0 is not an error.
8920	 */
8921	if (num_blocks == 0) {
8922		ctl_set_success(ctsio);
8923		ctl_done((union ctl_io *)ctsio);
8924		return (CTL_RETVAL_COMPLETE);
8925	}
8926
8927	lbalen = (struct ctl_lba_len_flags *)
8928	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8929	lbalen->lba = lba;
8930	lbalen->len = num_blocks;
8931	if (bytchk) {
8932		lbalen->flags = CTL_LLF_COMPARE | flags;
8933		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8934	} else {
8935		lbalen->flags = CTL_LLF_VERIFY | flags;
8936		ctsio->kern_total_len = 0;
8937	}
8938	ctsio->kern_rel_offset = 0;
8939
8940	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8941	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8942	return (retval);
8943}
8944
8945int
8946ctl_report_luns(struct ctl_scsiio *ctsio)
8947{
8948	struct ctl_softc *softc;
8949	struct scsi_report_luns *cdb;
8950	struct scsi_report_luns_data *lun_data;
8951	struct ctl_lun *lun, *request_lun;
8952	struct ctl_port *port;
8953	int num_luns, retval;
8954	uint32_t alloc_len, lun_datalen;
8955	int num_filled;
8956	uint32_t initidx, targ_lun_id, lun_id;
8957
8958	retval = CTL_RETVAL_COMPLETE;
8959	cdb = (struct scsi_report_luns *)ctsio->cdb;
8960	port = ctl_io_port(&ctsio->io_hdr);
8961	softc = port->ctl_softc;
8962
8963	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8964
8965	mtx_lock(&softc->ctl_lock);
8966	num_luns = 0;
8967	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8968		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8969			num_luns++;
8970	}
8971	mtx_unlock(&softc->ctl_lock);
8972
8973	switch (cdb->select_report) {
8974	case RPL_REPORT_DEFAULT:
8975	case RPL_REPORT_ALL:
8976	case RPL_REPORT_NONSUBSID:
8977		break;
8978	case RPL_REPORT_WELLKNOWN:
8979	case RPL_REPORT_ADMIN:
8980	case RPL_REPORT_CONGLOM:
8981		num_luns = 0;
8982		break;
8983	default:
8984		ctl_set_invalid_field(ctsio,
8985				      /*sks_valid*/ 1,
8986				      /*command*/ 1,
8987				      /*field*/ 2,
8988				      /*bit_valid*/ 0,
8989				      /*bit*/ 0);
8990		ctl_done((union ctl_io *)ctsio);
8991		return (retval);
8992		break; /* NOTREACHED */
8993	}
8994
8995	alloc_len = scsi_4btoul(cdb->length);
8996	/*
8997	 * The initiator has to allocate at least 16 bytes for this request,
8998	 * so he can at least get the header and the first LUN.  Otherwise
8999	 * we reject the request (per SPC-3 rev 14, section 6.21).
9000	 */
9001	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9002	    sizeof(struct scsi_report_luns_lundata))) {
9003		ctl_set_invalid_field(ctsio,
9004				      /*sks_valid*/ 1,
9005				      /*command*/ 1,
9006				      /*field*/ 6,
9007				      /*bit_valid*/ 0,
9008				      /*bit*/ 0);
9009		ctl_done((union ctl_io *)ctsio);
9010		return (retval);
9011	}
9012
9013	request_lun = (struct ctl_lun *)
9014		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9015
9016	lun_datalen = sizeof(*lun_data) +
9017		(num_luns * sizeof(struct scsi_report_luns_lundata));
9018
9019	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9020	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9021	ctsio->kern_sg_entries = 0;
9022
9023	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9024
9025	mtx_lock(&softc->ctl_lock);
9026	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9027		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9028		if (lun_id >= CTL_MAX_LUNS)
9029			continue;
9030		lun = softc->ctl_luns[lun_id];
9031		if (lun == NULL)
9032			continue;
9033
9034		if (targ_lun_id <= 0xff) {
9035			/*
9036			 * Peripheral addressing method, bus number 0.
9037			 */
9038			lun_data->luns[num_filled].lundata[0] =
9039				RPL_LUNDATA_ATYP_PERIPH;
9040			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9041			num_filled++;
9042		} else if (targ_lun_id <= 0x3fff) {
9043			/*
9044			 * Flat addressing method.
9045			 */
9046			lun_data->luns[num_filled].lundata[0] =
9047				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9048			lun_data->luns[num_filled].lundata[1] =
9049				(targ_lun_id & 0xff);
9050			num_filled++;
9051		} else if (targ_lun_id <= 0xffffff) {
9052			/*
9053			 * Extended flat addressing method.
9054			 */
9055			lun_data->luns[num_filled].lundata[0] =
9056			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9057			scsi_ulto3b(targ_lun_id,
9058			    &lun_data->luns[num_filled].lundata[1]);
9059			num_filled++;
9060		} else {
9061			printf("ctl_report_luns: bogus LUN number %jd, "
9062			       "skipping\n", (intmax_t)targ_lun_id);
9063		}
9064		/*
9065		 * According to SPC-3, rev 14 section 6.21:
9066		 *
9067		 * "The execution of a REPORT LUNS command to any valid and
9068		 * installed logical unit shall clear the REPORTED LUNS DATA
9069		 * HAS CHANGED unit attention condition for all logical
9070		 * units of that target with respect to the requesting
9071		 * initiator. A valid and installed logical unit is one
9072		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9073		 * INQUIRY data (see 6.4.2)."
9074		 *
9075		 * If request_lun is NULL, the LUN this report luns command
9076		 * was issued to is either disabled or doesn't exist. In that
9077		 * case, we shouldn't clear any pending lun change unit
9078		 * attention.
9079		 */
9080		if (request_lun != NULL) {
9081			mtx_lock(&lun->lun_lock);
9082			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9083			mtx_unlock(&lun->lun_lock);
9084		}
9085	}
9086	mtx_unlock(&softc->ctl_lock);
9087
9088	/*
9089	 * It's quite possible that we've returned fewer LUNs than we allocated
9090	 * space for.  Trim it.
9091	 */
9092	lun_datalen = sizeof(*lun_data) +
9093		(num_filled * sizeof(struct scsi_report_luns_lundata));
9094
9095	if (lun_datalen < alloc_len) {
9096		ctsio->residual = alloc_len - lun_datalen;
9097		ctsio->kern_data_len = lun_datalen;
9098		ctsio->kern_total_len = lun_datalen;
9099	} else {
9100		ctsio->residual = 0;
9101		ctsio->kern_data_len = alloc_len;
9102		ctsio->kern_total_len = alloc_len;
9103	}
9104	ctsio->kern_data_resid = 0;
9105	ctsio->kern_rel_offset = 0;
9106	ctsio->kern_sg_entries = 0;
9107
9108	/*
9109	 * We set this to the actual data length, regardless of how much
9110	 * space we actually have to return results.  If the user looks at
9111	 * this value, he'll know whether or not he allocated enough space
9112	 * and reissue the command if necessary.  We don't support well
9113	 * known logical units, so if the user asks for that, return none.
9114	 */
9115	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9116
9117	/*
9118	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9119	 * this request.
9120	 */
9121	ctl_set_success(ctsio);
9122	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9123	ctsio->be_move_done = ctl_config_move_done;
9124	ctl_datamove((union ctl_io *)ctsio);
9125	return (retval);
9126}
9127
9128int
9129ctl_request_sense(struct ctl_scsiio *ctsio)
9130{
9131	struct scsi_request_sense *cdb;
9132	struct scsi_sense_data *sense_ptr;
9133	struct ctl_softc *ctl_softc;
9134	struct ctl_lun *lun;
9135	uint32_t initidx;
9136	int have_error;
9137	scsi_sense_data_type sense_format;
9138	ctl_ua_type ua_type;
9139
9140	cdb = (struct scsi_request_sense *)ctsio->cdb;
9141
9142	ctl_softc = control_softc;
9143	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9144
9145	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9146
9147	/*
9148	 * Determine which sense format the user wants.
9149	 */
9150	if (cdb->byte2 & SRS_DESC)
9151		sense_format = SSD_TYPE_DESC;
9152	else
9153		sense_format = SSD_TYPE_FIXED;
9154
9155	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9156	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9157	ctsio->kern_sg_entries = 0;
9158
9159	/*
9160	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9161	 * larger than the largest allowed value for the length field in the
9162	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9163	 */
9164	ctsio->residual = 0;
9165	ctsio->kern_data_len = cdb->length;
9166	ctsio->kern_total_len = cdb->length;
9167
9168	ctsio->kern_data_resid = 0;
9169	ctsio->kern_rel_offset = 0;
9170	ctsio->kern_sg_entries = 0;
9171
9172	/*
9173	 * If we don't have a LUN, we don't have any pending sense.
9174	 */
9175	if (lun == NULL)
9176		goto no_sense;
9177
9178	have_error = 0;
9179	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9180	/*
9181	 * Check for pending sense, and then for pending unit attentions.
9182	 * Pending sense gets returned first, then pending unit attentions.
9183	 */
9184	mtx_lock(&lun->lun_lock);
9185#ifdef CTL_WITH_CA
9186	if (ctl_is_set(lun->have_ca, initidx)) {
9187		scsi_sense_data_type stored_format;
9188
9189		/*
9190		 * Check to see which sense format was used for the stored
9191		 * sense data.
9192		 */
9193		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9194
9195		/*
9196		 * If the user requested a different sense format than the
9197		 * one we stored, then we need to convert it to the other
9198		 * format.  If we're going from descriptor to fixed format
9199		 * sense data, we may lose things in translation, depending
9200		 * on what options were used.
9201		 *
9202		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9203		 * for some reason we'll just copy it out as-is.
9204		 */
9205		if ((stored_format == SSD_TYPE_FIXED)
9206		 && (sense_format == SSD_TYPE_DESC))
9207			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9208			    &lun->pending_sense[initidx],
9209			    (struct scsi_sense_data_desc *)sense_ptr);
9210		else if ((stored_format == SSD_TYPE_DESC)
9211		      && (sense_format == SSD_TYPE_FIXED))
9212			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9213			    &lun->pending_sense[initidx],
9214			    (struct scsi_sense_data_fixed *)sense_ptr);
9215		else
9216			memcpy(sense_ptr, &lun->pending_sense[initidx],
9217			       MIN(sizeof(*sense_ptr),
9218			       sizeof(lun->pending_sense[initidx])));
9219
9220		ctl_clear_mask(lun->have_ca, initidx);
9221		have_error = 1;
9222	} else
9223#endif
9224	{
9225		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9226		if (ua_type != CTL_UA_NONE)
9227			have_error = 1;
9228		if (ua_type == CTL_UA_LUN_CHANGE) {
9229			mtx_unlock(&lun->lun_lock);
9230			mtx_lock(&ctl_softc->ctl_lock);
9231			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9232			mtx_unlock(&ctl_softc->ctl_lock);
9233			mtx_lock(&lun->lun_lock);
9234		}
9235
9236	}
9237	mtx_unlock(&lun->lun_lock);
9238
9239	/*
9240	 * We already have a pending error, return it.
9241	 */
9242	if (have_error != 0) {
9243		/*
9244		 * We report the SCSI status as OK, since the status of the
9245		 * request sense command itself is OK.
9246		 * We report 0 for the sense length, because we aren't doing
9247		 * autosense in this case.  We're reporting sense as
9248		 * parameter data.
9249		 */
9250		ctl_set_success(ctsio);
9251		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9252		ctsio->be_move_done = ctl_config_move_done;
9253		ctl_datamove((union ctl_io *)ctsio);
9254		return (CTL_RETVAL_COMPLETE);
9255	}
9256
9257no_sense:
9258
9259	/*
9260	 * No sense information to report, so we report that everything is
9261	 * okay.
9262	 */
9263	ctl_set_sense_data(sense_ptr,
9264			   lun,
9265			   sense_format,
9266			   /*current_error*/ 1,
9267			   /*sense_key*/ SSD_KEY_NO_SENSE,
9268			   /*asc*/ 0x00,
9269			   /*ascq*/ 0x00,
9270			   SSD_ELEM_NONE);
9271
9272	/*
9273	 * We report 0 for the sense length, because we aren't doing
9274	 * autosense in this case.  We're reporting sense as parameter data.
9275	 */
9276	ctl_set_success(ctsio);
9277	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9278	ctsio->be_move_done = ctl_config_move_done;
9279	ctl_datamove((union ctl_io *)ctsio);
9280	return (CTL_RETVAL_COMPLETE);
9281}
9282
9283int
9284ctl_tur(struct ctl_scsiio *ctsio)
9285{
9286
9287	CTL_DEBUG_PRINT(("ctl_tur\n"));
9288
9289	ctl_set_success(ctsio);
9290	ctl_done((union ctl_io *)ctsio);
9291
9292	return (CTL_RETVAL_COMPLETE);
9293}
9294
9295/*
9296 * SCSI VPD page 0x00, the Supported VPD Pages page.
9297 */
9298static int
9299ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9300{
9301	struct scsi_vpd_supported_pages *pages;
9302	int sup_page_size;
9303	struct ctl_lun *lun;
9304	int p;
9305
9306	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9307
9308	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9309	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9310	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9311	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9312	ctsio->kern_sg_entries = 0;
9313
9314	if (sup_page_size < alloc_len) {
9315		ctsio->residual = alloc_len - sup_page_size;
9316		ctsio->kern_data_len = sup_page_size;
9317		ctsio->kern_total_len = sup_page_size;
9318	} else {
9319		ctsio->residual = 0;
9320		ctsio->kern_data_len = alloc_len;
9321		ctsio->kern_total_len = alloc_len;
9322	}
9323	ctsio->kern_data_resid = 0;
9324	ctsio->kern_rel_offset = 0;
9325	ctsio->kern_sg_entries = 0;
9326
9327	/*
9328	 * The control device is always connected.  The disk device, on the
9329	 * other hand, may not be online all the time.  Need to change this
9330	 * to figure out whether the disk device is actually online or not.
9331	 */
9332	if (lun != NULL)
9333		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9334				lun->be_lun->lun_type;
9335	else
9336		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9337
9338	p = 0;
9339	/* Supported VPD pages */
9340	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9341	/* Serial Number */
9342	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9343	/* Device Identification */
9344	pages->page_list[p++] = SVPD_DEVICE_ID;
9345	/* Extended INQUIRY Data */
9346	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9347	/* Mode Page Policy */
9348	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9349	/* SCSI Ports */
9350	pages->page_list[p++] = SVPD_SCSI_PORTS;
9351	/* Third-party Copy */
9352	pages->page_list[p++] = SVPD_SCSI_TPC;
9353	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9354		/* Block limits */
9355		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9356		/* Block Device Characteristics */
9357		pages->page_list[p++] = SVPD_BDC;
9358		/* Logical Block Provisioning */
9359		pages->page_list[p++] = SVPD_LBP;
9360	}
9361	pages->length = p;
9362
9363	ctl_set_success(ctsio);
9364	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9365	ctsio->be_move_done = ctl_config_move_done;
9366	ctl_datamove((union ctl_io *)ctsio);
9367	return (CTL_RETVAL_COMPLETE);
9368}
9369
9370/*
9371 * SCSI VPD page 0x80, the Unit Serial Number page.
9372 */
9373static int
9374ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9375{
9376	struct scsi_vpd_unit_serial_number *sn_ptr;
9377	struct ctl_lun *lun;
9378	int data_len;
9379
9380	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9381
9382	data_len = 4 + CTL_SN_LEN;
9383	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9384	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9385	if (data_len < alloc_len) {
9386		ctsio->residual = alloc_len - data_len;
9387		ctsio->kern_data_len = data_len;
9388		ctsio->kern_total_len = data_len;
9389	} else {
9390		ctsio->residual = 0;
9391		ctsio->kern_data_len = alloc_len;
9392		ctsio->kern_total_len = alloc_len;
9393	}
9394	ctsio->kern_data_resid = 0;
9395	ctsio->kern_rel_offset = 0;
9396	ctsio->kern_sg_entries = 0;
9397
9398	/*
9399	 * The control device is always connected.  The disk device, on the
9400	 * other hand, may not be online all the time.  Need to change this
9401	 * to figure out whether the disk device is actually online or not.
9402	 */
9403	if (lun != NULL)
9404		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9405				  lun->be_lun->lun_type;
9406	else
9407		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9408
9409	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9410	sn_ptr->length = CTL_SN_LEN;
9411	/*
9412	 * If we don't have a LUN, we just leave the serial number as
9413	 * all spaces.
9414	 */
9415	if (lun != NULL) {
9416		strncpy((char *)sn_ptr->serial_num,
9417			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9418	} else
9419		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9420
9421	ctl_set_success(ctsio);
9422	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9423	ctsio->be_move_done = ctl_config_move_done;
9424	ctl_datamove((union ctl_io *)ctsio);
9425	return (CTL_RETVAL_COMPLETE);
9426}
9427
9428
9429/*
9430 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9431 */
9432static int
9433ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9434{
9435	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9436	struct ctl_lun *lun;
9437	int data_len;
9438
9439	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9440
9441	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9442	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9443	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9444	ctsio->kern_sg_entries = 0;
9445
9446	if (data_len < alloc_len) {
9447		ctsio->residual = alloc_len - data_len;
9448		ctsio->kern_data_len = data_len;
9449		ctsio->kern_total_len = data_len;
9450	} else {
9451		ctsio->residual = 0;
9452		ctsio->kern_data_len = alloc_len;
9453		ctsio->kern_total_len = alloc_len;
9454	}
9455	ctsio->kern_data_resid = 0;
9456	ctsio->kern_rel_offset = 0;
9457	ctsio->kern_sg_entries = 0;
9458
9459	/*
9460	 * The control device is always connected.  The disk device, on the
9461	 * other hand, may not be online all the time.
9462	 */
9463	if (lun != NULL)
9464		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9465				     lun->be_lun->lun_type;
9466	else
9467		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9468	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9469	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9470	/*
9471	 * We support head of queue, ordered and simple tags.
9472	 */
9473	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9474	/*
9475	 * Volatile cache supported.
9476	 */
9477	eid_ptr->flags3 = SVPD_EID_V_SUP;
9478
9479	/*
9480	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9481	 * attention for a particular IT nexus on all LUNs once we report
9482	 * it to that nexus once.  This bit is required as of SPC-4.
9483	 */
9484	eid_ptr->flags4 = SVPD_EID_LUICLT;
9485
9486	/*
9487	 * XXX KDM in order to correctly answer this, we would need
9488	 * information from the SIM to determine how much sense data it
9489	 * can send.  So this would really be a path inquiry field, most
9490	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9491	 * but the hardware may or may not be able to support that much.
9492	 * 0 just means that the maximum sense data length is not reported.
9493	 */
9494	eid_ptr->max_sense_length = 0;
9495
9496	ctl_set_success(ctsio);
9497	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9498	ctsio->be_move_done = ctl_config_move_done;
9499	ctl_datamove((union ctl_io *)ctsio);
9500	return (CTL_RETVAL_COMPLETE);
9501}
9502
9503static int
9504ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9505{
9506	struct scsi_vpd_mode_page_policy *mpp_ptr;
9507	struct ctl_lun *lun;
9508	int data_len;
9509
9510	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9511
9512	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9513	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9514
9515	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9516	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9517	ctsio->kern_sg_entries = 0;
9518
9519	if (data_len < alloc_len) {
9520		ctsio->residual = alloc_len - data_len;
9521		ctsio->kern_data_len = data_len;
9522		ctsio->kern_total_len = data_len;
9523	} else {
9524		ctsio->residual = 0;
9525		ctsio->kern_data_len = alloc_len;
9526		ctsio->kern_total_len = alloc_len;
9527	}
9528	ctsio->kern_data_resid = 0;
9529	ctsio->kern_rel_offset = 0;
9530	ctsio->kern_sg_entries = 0;
9531
9532	/*
9533	 * The control device is always connected.  The disk device, on the
9534	 * other hand, may not be online all the time.
9535	 */
9536	if (lun != NULL)
9537		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9538				     lun->be_lun->lun_type;
9539	else
9540		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9541	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9542	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9543	mpp_ptr->descr[0].page_code = 0x3f;
9544	mpp_ptr->descr[0].subpage_code = 0xff;
9545	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9546
9547	ctl_set_success(ctsio);
9548	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9549	ctsio->be_move_done = ctl_config_move_done;
9550	ctl_datamove((union ctl_io *)ctsio);
9551	return (CTL_RETVAL_COMPLETE);
9552}
9553
9554/*
9555 * SCSI VPD page 0x83, the Device Identification page.
9556 */
9557static int
9558ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9559{
9560	struct scsi_vpd_device_id *devid_ptr;
9561	struct scsi_vpd_id_descriptor *desc;
9562	struct ctl_softc *softc;
9563	struct ctl_lun *lun;
9564	struct ctl_port *port;
9565	int data_len;
9566	uint8_t proto;
9567
9568	softc = control_softc;
9569
9570	port = ctl_io_port(&ctsio->io_hdr);
9571	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9572
9573	data_len = sizeof(struct scsi_vpd_device_id) +
9574	    sizeof(struct scsi_vpd_id_descriptor) +
9575		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9576	    sizeof(struct scsi_vpd_id_descriptor) +
9577		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9578	if (lun && lun->lun_devid)
9579		data_len += lun->lun_devid->len;
9580	if (port && port->port_devid)
9581		data_len += port->port_devid->len;
9582	if (port && port->target_devid)
9583		data_len += port->target_devid->len;
9584
9585	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9586	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9587	ctsio->kern_sg_entries = 0;
9588
9589	if (data_len < alloc_len) {
9590		ctsio->residual = alloc_len - data_len;
9591		ctsio->kern_data_len = data_len;
9592		ctsio->kern_total_len = data_len;
9593	} else {
9594		ctsio->residual = 0;
9595		ctsio->kern_data_len = alloc_len;
9596		ctsio->kern_total_len = alloc_len;
9597	}
9598	ctsio->kern_data_resid = 0;
9599	ctsio->kern_rel_offset = 0;
9600	ctsio->kern_sg_entries = 0;
9601
9602	/*
9603	 * The control device is always connected.  The disk device, on the
9604	 * other hand, may not be online all the time.
9605	 */
9606	if (lun != NULL)
9607		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9608				     lun->be_lun->lun_type;
9609	else
9610		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9611	devid_ptr->page_code = SVPD_DEVICE_ID;
9612	scsi_ulto2b(data_len - 4, devid_ptr->length);
9613
9614	if (port && port->port_type == CTL_PORT_FC)
9615		proto = SCSI_PROTO_FC << 4;
9616	else if (port && port->port_type == CTL_PORT_ISCSI)
9617		proto = SCSI_PROTO_ISCSI << 4;
9618	else
9619		proto = SCSI_PROTO_SPI << 4;
9620	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9621
9622	/*
9623	 * We're using a LUN association here.  i.e., this device ID is a
9624	 * per-LUN identifier.
9625	 */
9626	if (lun && lun->lun_devid) {
9627		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9628		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9629		    lun->lun_devid->len);
9630	}
9631
9632	/*
9633	 * This is for the WWPN which is a port association.
9634	 */
9635	if (port && port->port_devid) {
9636		memcpy(desc, port->port_devid->data, port->port_devid->len);
9637		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9638		    port->port_devid->len);
9639	}
9640
9641	/*
9642	 * This is for the Relative Target Port(type 4h) identifier
9643	 */
9644	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9645	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9646	    SVPD_ID_TYPE_RELTARG;
9647	desc->length = 4;
9648	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9649	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9650	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9651
9652	/*
9653	 * This is for the Target Port Group(type 5h) identifier
9654	 */
9655	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9656	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9657	    SVPD_ID_TYPE_TPORTGRP;
9658	desc->length = 4;
9659	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9660	    &desc->identifier[2]);
9661	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9662	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9663
9664	/*
9665	 * This is for the Target identifier
9666	 */
9667	if (port && port->target_devid) {
9668		memcpy(desc, port->target_devid->data, port->target_devid->len);
9669	}
9670
9671	ctl_set_success(ctsio);
9672	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9673	ctsio->be_move_done = ctl_config_move_done;
9674	ctl_datamove((union ctl_io *)ctsio);
9675	return (CTL_RETVAL_COMPLETE);
9676}
9677
9678static int
9679ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9680{
9681	struct ctl_softc *softc = control_softc;
9682	struct scsi_vpd_scsi_ports *sp;
9683	struct scsi_vpd_port_designation *pd;
9684	struct scsi_vpd_port_designation_cont *pdc;
9685	struct ctl_lun *lun;
9686	struct ctl_port *port;
9687	int data_len, num_target_ports, iid_len, id_len;
9688
9689	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9690
9691	num_target_ports = 0;
9692	iid_len = 0;
9693	id_len = 0;
9694	mtx_lock(&softc->ctl_lock);
9695	STAILQ_FOREACH(port, &softc->port_list, links) {
9696		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9697			continue;
9698		if (lun != NULL &&
9699		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9700			continue;
9701		num_target_ports++;
9702		if (port->init_devid)
9703			iid_len += port->init_devid->len;
9704		if (port->port_devid)
9705			id_len += port->port_devid->len;
9706	}
9707	mtx_unlock(&softc->ctl_lock);
9708
9709	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9710	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9711	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9712	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9713	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9714	ctsio->kern_sg_entries = 0;
9715
9716	if (data_len < alloc_len) {
9717		ctsio->residual = alloc_len - data_len;
9718		ctsio->kern_data_len = data_len;
9719		ctsio->kern_total_len = data_len;
9720	} else {
9721		ctsio->residual = 0;
9722		ctsio->kern_data_len = alloc_len;
9723		ctsio->kern_total_len = alloc_len;
9724	}
9725	ctsio->kern_data_resid = 0;
9726	ctsio->kern_rel_offset = 0;
9727	ctsio->kern_sg_entries = 0;
9728
9729	/*
9730	 * The control device is always connected.  The disk device, on the
9731	 * other hand, may not be online all the time.  Need to change this
9732	 * to figure out whether the disk device is actually online or not.
9733	 */
9734	if (lun != NULL)
9735		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9736				  lun->be_lun->lun_type;
9737	else
9738		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9739
9740	sp->page_code = SVPD_SCSI_PORTS;
9741	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9742	    sp->page_length);
9743	pd = &sp->design[0];
9744
9745	mtx_lock(&softc->ctl_lock);
9746	STAILQ_FOREACH(port, &softc->port_list, links) {
9747		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9748			continue;
9749		if (lun != NULL &&
9750		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9751			continue;
9752		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9753		if (port->init_devid) {
9754			iid_len = port->init_devid->len;
9755			memcpy(pd->initiator_transportid,
9756			    port->init_devid->data, port->init_devid->len);
9757		} else
9758			iid_len = 0;
9759		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9760		pdc = (struct scsi_vpd_port_designation_cont *)
9761		    (&pd->initiator_transportid[iid_len]);
9762		if (port->port_devid) {
9763			id_len = port->port_devid->len;
9764			memcpy(pdc->target_port_descriptors,
9765			    port->port_devid->data, port->port_devid->len);
9766		} else
9767			id_len = 0;
9768		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9769		pd = (struct scsi_vpd_port_designation *)
9770		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9771	}
9772	mtx_unlock(&softc->ctl_lock);
9773
9774	ctl_set_success(ctsio);
9775	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9776	ctsio->be_move_done = ctl_config_move_done;
9777	ctl_datamove((union ctl_io *)ctsio);
9778	return (CTL_RETVAL_COMPLETE);
9779}
9780
9781static int
9782ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9783{
9784	struct scsi_vpd_block_limits *bl_ptr;
9785	struct ctl_lun *lun;
9786
9787	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9788
9789	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9790	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9791	ctsio->kern_sg_entries = 0;
9792
9793	if (sizeof(*bl_ptr) < alloc_len) {
9794		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9795		ctsio->kern_data_len = sizeof(*bl_ptr);
9796		ctsio->kern_total_len = sizeof(*bl_ptr);
9797	} else {
9798		ctsio->residual = 0;
9799		ctsio->kern_data_len = alloc_len;
9800		ctsio->kern_total_len = alloc_len;
9801	}
9802	ctsio->kern_data_resid = 0;
9803	ctsio->kern_rel_offset = 0;
9804	ctsio->kern_sg_entries = 0;
9805
9806	/*
9807	 * The control device is always connected.  The disk device, on the
9808	 * other hand, may not be online all the time.  Need to change this
9809	 * to figure out whether the disk device is actually online or not.
9810	 */
9811	if (lun != NULL)
9812		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9813				  lun->be_lun->lun_type;
9814	else
9815		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9816
9817	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9818	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9819	bl_ptr->max_cmp_write_len = 0xff;
9820	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9821	if (lun != NULL) {
9822		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9823		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9824			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9825			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9826			if (lun->be_lun->ublockexp != 0) {
9827				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9828				    bl_ptr->opt_unmap_grain);
9829				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9830				    bl_ptr->unmap_grain_align);
9831			}
9832		}
9833		scsi_ulto4b(lun->be_lun->atomicblock,
9834		    bl_ptr->max_atomic_transfer_length);
9835		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9836		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9837		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9838		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9839	}
9840	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9841
9842	ctl_set_success(ctsio);
9843	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9844	ctsio->be_move_done = ctl_config_move_done;
9845	ctl_datamove((union ctl_io *)ctsio);
9846	return (CTL_RETVAL_COMPLETE);
9847}
9848
9849static int
9850ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9851{
9852	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9853	struct ctl_lun *lun;
9854	const char *value;
9855	u_int i;
9856
9857	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9858
9859	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9860	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9861	ctsio->kern_sg_entries = 0;
9862
9863	if (sizeof(*bdc_ptr) < alloc_len) {
9864		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9865		ctsio->kern_data_len = sizeof(*bdc_ptr);
9866		ctsio->kern_total_len = sizeof(*bdc_ptr);
9867	} else {
9868		ctsio->residual = 0;
9869		ctsio->kern_data_len = alloc_len;
9870		ctsio->kern_total_len = alloc_len;
9871	}
9872	ctsio->kern_data_resid = 0;
9873	ctsio->kern_rel_offset = 0;
9874	ctsio->kern_sg_entries = 0;
9875
9876	/*
9877	 * The control device is always connected.  The disk device, on the
9878	 * other hand, may not be online all the time.  Need to change this
9879	 * to figure out whether the disk device is actually online or not.
9880	 */
9881	if (lun != NULL)
9882		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9883				  lun->be_lun->lun_type;
9884	else
9885		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9886	bdc_ptr->page_code = SVPD_BDC;
9887	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9888	if (lun != NULL &&
9889	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9890		i = strtol(value, NULL, 0);
9891	else
9892		i = CTL_DEFAULT_ROTATION_RATE;
9893	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9894	if (lun != NULL &&
9895	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9896		i = strtol(value, NULL, 0);
9897	else
9898		i = 0;
9899	bdc_ptr->wab_wac_ff = (i & 0x0f);
9900	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9901
9902	ctl_set_success(ctsio);
9903	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9904	ctsio->be_move_done = ctl_config_move_done;
9905	ctl_datamove((union ctl_io *)ctsio);
9906	return (CTL_RETVAL_COMPLETE);
9907}
9908
9909static int
9910ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9911{
9912	struct scsi_vpd_logical_block_prov *lbp_ptr;
9913	struct ctl_lun *lun;
9914
9915	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9916
9917	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9918	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9919	ctsio->kern_sg_entries = 0;
9920
9921	if (sizeof(*lbp_ptr) < alloc_len) {
9922		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9923		ctsio->kern_data_len = sizeof(*lbp_ptr);
9924		ctsio->kern_total_len = sizeof(*lbp_ptr);
9925	} else {
9926		ctsio->residual = 0;
9927		ctsio->kern_data_len = alloc_len;
9928		ctsio->kern_total_len = alloc_len;
9929	}
9930	ctsio->kern_data_resid = 0;
9931	ctsio->kern_rel_offset = 0;
9932	ctsio->kern_sg_entries = 0;
9933
9934	/*
9935	 * The control device is always connected.  The disk device, on the
9936	 * other hand, may not be online all the time.  Need to change this
9937	 * to figure out whether the disk device is actually online or not.
9938	 */
9939	if (lun != NULL)
9940		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9941				  lun->be_lun->lun_type;
9942	else
9943		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9944
9945	lbp_ptr->page_code = SVPD_LBP;
9946	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9947	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9948	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9949		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9950		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9951		lbp_ptr->prov_type = SVPD_LBP_THIN;
9952	}
9953
9954	ctl_set_success(ctsio);
9955	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9956	ctsio->be_move_done = ctl_config_move_done;
9957	ctl_datamove((union ctl_io *)ctsio);
9958	return (CTL_RETVAL_COMPLETE);
9959}
9960
9961/*
9962 * INQUIRY with the EVPD bit set.
9963 */
9964static int
9965ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9966{
9967	struct ctl_lun *lun;
9968	struct scsi_inquiry *cdb;
9969	int alloc_len, retval;
9970
9971	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9972	cdb = (struct scsi_inquiry *)ctsio->cdb;
9973	alloc_len = scsi_2btoul(cdb->length);
9974
9975	switch (cdb->page_code) {
9976	case SVPD_SUPPORTED_PAGES:
9977		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9978		break;
9979	case SVPD_UNIT_SERIAL_NUMBER:
9980		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9981		break;
9982	case SVPD_DEVICE_ID:
9983		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9984		break;
9985	case SVPD_EXTENDED_INQUIRY_DATA:
9986		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9987		break;
9988	case SVPD_MODE_PAGE_POLICY:
9989		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9990		break;
9991	case SVPD_SCSI_PORTS:
9992		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9993		break;
9994	case SVPD_SCSI_TPC:
9995		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9996		break;
9997	case SVPD_BLOCK_LIMITS:
9998		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9999			goto err;
10000		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10001		break;
10002	case SVPD_BDC:
10003		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10004			goto err;
10005		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10006		break;
10007	case SVPD_LBP:
10008		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10009			goto err;
10010		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10011		break;
10012	default:
10013err:
10014		ctl_set_invalid_field(ctsio,
10015				      /*sks_valid*/ 1,
10016				      /*command*/ 1,
10017				      /*field*/ 2,
10018				      /*bit_valid*/ 0,
10019				      /*bit*/ 0);
10020		ctl_done((union ctl_io *)ctsio);
10021		retval = CTL_RETVAL_COMPLETE;
10022		break;
10023	}
10024
10025	return (retval);
10026}
10027
10028/*
10029 * Standard INQUIRY data.
10030 */
10031static int
10032ctl_inquiry_std(struct ctl_scsiio *ctsio)
10033{
10034	struct scsi_inquiry_data *inq_ptr;
10035	struct scsi_inquiry *cdb;
10036	struct ctl_softc *softc = control_softc;
10037	struct ctl_port *port;
10038	struct ctl_lun *lun;
10039	char *val;
10040	uint32_t alloc_len, data_len;
10041	ctl_port_type port_type;
10042
10043	port = ctl_io_port(&ctsio->io_hdr);
10044	port_type = port->port_type;
10045	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10046		port_type = CTL_PORT_SCSI;
10047
10048	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10049	cdb = (struct scsi_inquiry *)ctsio->cdb;
10050	alloc_len = scsi_2btoul(cdb->length);
10051
10052	/*
10053	 * We malloc the full inquiry data size here and fill it
10054	 * in.  If the user only asks for less, we'll give him
10055	 * that much.
10056	 */
10057	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10058	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10059	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10060	ctsio->kern_sg_entries = 0;
10061	ctsio->kern_data_resid = 0;
10062	ctsio->kern_rel_offset = 0;
10063
10064	if (data_len < alloc_len) {
10065		ctsio->residual = alloc_len - data_len;
10066		ctsio->kern_data_len = data_len;
10067		ctsio->kern_total_len = data_len;
10068	} else {
10069		ctsio->residual = 0;
10070		ctsio->kern_data_len = alloc_len;
10071		ctsio->kern_total_len = alloc_len;
10072	}
10073
10074	if (lun != NULL) {
10075		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10076		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10077			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10078			    lun->be_lun->lun_type;
10079		} else {
10080			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10081			    lun->be_lun->lun_type;
10082		}
10083	} else
10084		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10085
10086	/* RMB in byte 2 is 0 */
10087	inq_ptr->version = SCSI_REV_SPC4;
10088
10089	/*
10090	 * According to SAM-3, even if a device only supports a single
10091	 * level of LUN addressing, it should still set the HISUP bit:
10092	 *
10093	 * 4.9.1 Logical unit numbers overview
10094	 *
10095	 * All logical unit number formats described in this standard are
10096	 * hierarchical in structure even when only a single level in that
10097	 * hierarchy is used. The HISUP bit shall be set to one in the
10098	 * standard INQUIRY data (see SPC-2) when any logical unit number
10099	 * format described in this standard is used.  Non-hierarchical
10100	 * formats are outside the scope of this standard.
10101	 *
10102	 * Therefore we set the HiSup bit here.
10103	 *
10104	 * The reponse format is 2, per SPC-3.
10105	 */
10106	inq_ptr->response_format = SID_HiSup | 2;
10107
10108	inq_ptr->additional_length = data_len -
10109	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10110	CTL_DEBUG_PRINT(("additional_length = %d\n",
10111			 inq_ptr->additional_length));
10112
10113	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10114	/* 16 bit addressing */
10115	if (port_type == CTL_PORT_SCSI)
10116		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10117	/* XXX set the SID_MultiP bit here if we're actually going to
10118	   respond on multiple ports */
10119	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10120
10121	/* 16 bit data bus, synchronous transfers */
10122	if (port_type == CTL_PORT_SCSI)
10123		inq_ptr->flags = SID_WBus16 | SID_Sync;
10124	/*
10125	 * XXX KDM do we want to support tagged queueing on the control
10126	 * device at all?
10127	 */
10128	if ((lun == NULL)
10129	 || (lun->be_lun->lun_type != T_PROCESSOR))
10130		inq_ptr->flags |= SID_CmdQue;
10131	/*
10132	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10133	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10134	 * name and 4 bytes for the revision.
10135	 */
10136	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10137	    "vendor")) == NULL) {
10138		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10139	} else {
10140		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10141		strncpy(inq_ptr->vendor, val,
10142		    min(sizeof(inq_ptr->vendor), strlen(val)));
10143	}
10144	if (lun == NULL) {
10145		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10146		    sizeof(inq_ptr->product));
10147	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10148		switch (lun->be_lun->lun_type) {
10149		case T_DIRECT:
10150			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10151			    sizeof(inq_ptr->product));
10152			break;
10153		case T_PROCESSOR:
10154			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10155			    sizeof(inq_ptr->product));
10156			break;
10157		default:
10158			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10159			    sizeof(inq_ptr->product));
10160			break;
10161		}
10162	} else {
10163		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10164		strncpy(inq_ptr->product, val,
10165		    min(sizeof(inq_ptr->product), strlen(val)));
10166	}
10167
10168	/*
10169	 * XXX make this a macro somewhere so it automatically gets
10170	 * incremented when we make changes.
10171	 */
10172	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10173	    "revision")) == NULL) {
10174		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10175	} else {
10176		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10177		strncpy(inq_ptr->revision, val,
10178		    min(sizeof(inq_ptr->revision), strlen(val)));
10179	}
10180
10181	/*
10182	 * For parallel SCSI, we support double transition and single
10183	 * transition clocking.  We also support QAS (Quick Arbitration
10184	 * and Selection) and Information Unit transfers on both the
10185	 * control and array devices.
10186	 */
10187	if (port_type == CTL_PORT_SCSI)
10188		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10189				    SID_SPI_IUS;
10190
10191	/* SAM-5 (no version claimed) */
10192	scsi_ulto2b(0x00A0, inq_ptr->version1);
10193	/* SPC-4 (no version claimed) */
10194	scsi_ulto2b(0x0460, inq_ptr->version2);
10195	if (port_type == CTL_PORT_FC) {
10196		/* FCP-2 ANSI INCITS.350:2003 */
10197		scsi_ulto2b(0x0917, inq_ptr->version3);
10198	} else if (port_type == CTL_PORT_SCSI) {
10199		/* SPI-4 ANSI INCITS.362:200x */
10200		scsi_ulto2b(0x0B56, inq_ptr->version3);
10201	} else if (port_type == CTL_PORT_ISCSI) {
10202		/* iSCSI (no version claimed) */
10203		scsi_ulto2b(0x0960, inq_ptr->version3);
10204	} else if (port_type == CTL_PORT_SAS) {
10205		/* SAS (no version claimed) */
10206		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10207	}
10208
10209	if (lun == NULL) {
10210		/* SBC-4 (no version claimed) */
10211		scsi_ulto2b(0x0600, inq_ptr->version4);
10212	} else {
10213		switch (lun->be_lun->lun_type) {
10214		case T_DIRECT:
10215			/* SBC-4 (no version claimed) */
10216			scsi_ulto2b(0x0600, inq_ptr->version4);
10217			break;
10218		case T_PROCESSOR:
10219		default:
10220			break;
10221		}
10222	}
10223
10224	ctl_set_success(ctsio);
10225	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10226	ctsio->be_move_done = ctl_config_move_done;
10227	ctl_datamove((union ctl_io *)ctsio);
10228	return (CTL_RETVAL_COMPLETE);
10229}
10230
10231int
10232ctl_inquiry(struct ctl_scsiio *ctsio)
10233{
10234	struct scsi_inquiry *cdb;
10235	int retval;
10236
10237	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10238
10239	cdb = (struct scsi_inquiry *)ctsio->cdb;
10240	if (cdb->byte2 & SI_EVPD)
10241		retval = ctl_inquiry_evpd(ctsio);
10242	else if (cdb->page_code == 0)
10243		retval = ctl_inquiry_std(ctsio);
10244	else {
10245		ctl_set_invalid_field(ctsio,
10246				      /*sks_valid*/ 1,
10247				      /*command*/ 1,
10248				      /*field*/ 2,
10249				      /*bit_valid*/ 0,
10250				      /*bit*/ 0);
10251		ctl_done((union ctl_io *)ctsio);
10252		return (CTL_RETVAL_COMPLETE);
10253	}
10254
10255	return (retval);
10256}
10257
10258/*
10259 * For known CDB types, parse the LBA and length.
10260 */
10261static int
10262ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10263{
10264	if (io->io_hdr.io_type != CTL_IO_SCSI)
10265		return (1);
10266
10267	switch (io->scsiio.cdb[0]) {
10268	case COMPARE_AND_WRITE: {
10269		struct scsi_compare_and_write *cdb;
10270
10271		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10272
10273		*lba = scsi_8btou64(cdb->addr);
10274		*len = cdb->length;
10275		break;
10276	}
10277	case READ_6:
10278	case WRITE_6: {
10279		struct scsi_rw_6 *cdb;
10280
10281		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10282
10283		*lba = scsi_3btoul(cdb->addr);
10284		/* only 5 bits are valid in the most significant address byte */
10285		*lba &= 0x1fffff;
10286		*len = cdb->length;
10287		break;
10288	}
10289	case READ_10:
10290	case WRITE_10: {
10291		struct scsi_rw_10 *cdb;
10292
10293		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10294
10295		*lba = scsi_4btoul(cdb->addr);
10296		*len = scsi_2btoul(cdb->length);
10297		break;
10298	}
10299	case WRITE_VERIFY_10: {
10300		struct scsi_write_verify_10 *cdb;
10301
10302		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10303
10304		*lba = scsi_4btoul(cdb->addr);
10305		*len = scsi_2btoul(cdb->length);
10306		break;
10307	}
10308	case READ_12:
10309	case WRITE_12: {
10310		struct scsi_rw_12 *cdb;
10311
10312		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10313
10314		*lba = scsi_4btoul(cdb->addr);
10315		*len = scsi_4btoul(cdb->length);
10316		break;
10317	}
10318	case WRITE_VERIFY_12: {
10319		struct scsi_write_verify_12 *cdb;
10320
10321		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10322
10323		*lba = scsi_4btoul(cdb->addr);
10324		*len = scsi_4btoul(cdb->length);
10325		break;
10326	}
10327	case READ_16:
10328	case WRITE_16: {
10329		struct scsi_rw_16 *cdb;
10330
10331		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10332
10333		*lba = scsi_8btou64(cdb->addr);
10334		*len = scsi_4btoul(cdb->length);
10335		break;
10336	}
10337	case WRITE_ATOMIC_16: {
10338		struct scsi_write_atomic_16 *cdb;
10339
10340		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10341
10342		*lba = scsi_8btou64(cdb->addr);
10343		*len = scsi_2btoul(cdb->length);
10344		break;
10345	}
10346	case WRITE_VERIFY_16: {
10347		struct scsi_write_verify_16 *cdb;
10348
10349		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10350
10351		*lba = scsi_8btou64(cdb->addr);
10352		*len = scsi_4btoul(cdb->length);
10353		break;
10354	}
10355	case WRITE_SAME_10: {
10356		struct scsi_write_same_10 *cdb;
10357
10358		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10359
10360		*lba = scsi_4btoul(cdb->addr);
10361		*len = scsi_2btoul(cdb->length);
10362		break;
10363	}
10364	case WRITE_SAME_16: {
10365		struct scsi_write_same_16 *cdb;
10366
10367		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10368
10369		*lba = scsi_8btou64(cdb->addr);
10370		*len = scsi_4btoul(cdb->length);
10371		break;
10372	}
10373	case VERIFY_10: {
10374		struct scsi_verify_10 *cdb;
10375
10376		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10377
10378		*lba = scsi_4btoul(cdb->addr);
10379		*len = scsi_2btoul(cdb->length);
10380		break;
10381	}
10382	case VERIFY_12: {
10383		struct scsi_verify_12 *cdb;
10384
10385		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10386
10387		*lba = scsi_4btoul(cdb->addr);
10388		*len = scsi_4btoul(cdb->length);
10389		break;
10390	}
10391	case VERIFY_16: {
10392		struct scsi_verify_16 *cdb;
10393
10394		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10395
10396		*lba = scsi_8btou64(cdb->addr);
10397		*len = scsi_4btoul(cdb->length);
10398		break;
10399	}
10400	case UNMAP: {
10401		*lba = 0;
10402		*len = UINT64_MAX;
10403		break;
10404	}
10405	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10406		struct scsi_get_lba_status *cdb;
10407
10408		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10409		*lba = scsi_8btou64(cdb->addr);
10410		*len = UINT32_MAX;
10411		break;
10412	}
10413	default:
10414		return (1);
10415		break; /* NOTREACHED */
10416	}
10417
10418	return (0);
10419}
10420
10421static ctl_action
10422ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10423    bool seq)
10424{
10425	uint64_t endlba1, endlba2;
10426
10427	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10428	endlba2 = lba2 + len2 - 1;
10429
10430	if ((endlba1 < lba2) || (endlba2 < lba1))
10431		return (CTL_ACTION_PASS);
10432	else
10433		return (CTL_ACTION_BLOCK);
10434}
10435
10436static int
10437ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10438{
10439	struct ctl_ptr_len_flags *ptrlen;
10440	struct scsi_unmap_desc *buf, *end, *range;
10441	uint64_t lba;
10442	uint32_t len;
10443
10444	/* If not UNMAP -- go other way. */
10445	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10446	    io->scsiio.cdb[0] != UNMAP)
10447		return (CTL_ACTION_ERROR);
10448
10449	/* If UNMAP without data -- block and wait for data. */
10450	ptrlen = (struct ctl_ptr_len_flags *)
10451	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10452	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10453	    ptrlen->ptr == NULL)
10454		return (CTL_ACTION_BLOCK);
10455
10456	/* UNMAP with data -- check for collision. */
10457	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10458	end = buf + ptrlen->len / sizeof(*buf);
10459	for (range = buf; range < end; range++) {
10460		lba = scsi_8btou64(range->lba);
10461		len = scsi_4btoul(range->length);
10462		if ((lba < lba2 + len2) && (lba + len > lba2))
10463			return (CTL_ACTION_BLOCK);
10464	}
10465	return (CTL_ACTION_PASS);
10466}
10467
10468static ctl_action
10469ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10470{
10471	uint64_t lba1, lba2;
10472	uint64_t len1, len2;
10473	int retval;
10474
10475	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10476		return (CTL_ACTION_ERROR);
10477
10478	retval = ctl_extent_check_unmap(io1, lba2, len2);
10479	if (retval != CTL_ACTION_ERROR)
10480		return (retval);
10481
10482	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10483		return (CTL_ACTION_ERROR);
10484
10485	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10486		seq = FALSE;
10487	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10488}
10489
10490static ctl_action
10491ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10492{
10493	uint64_t lba1, lba2;
10494	uint64_t len1, len2;
10495
10496	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10497		return (CTL_ACTION_PASS);
10498	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10499		return (CTL_ACTION_ERROR);
10500	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10501		return (CTL_ACTION_ERROR);
10502
10503	if (lba1 + len1 == lba2)
10504		return (CTL_ACTION_BLOCK);
10505	return (CTL_ACTION_PASS);
10506}
10507
10508static ctl_action
10509ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10510    union ctl_io *ooa_io)
10511{
10512	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10513	const ctl_serialize_action *serialize_row;
10514
10515	/*
10516	 * The initiator attempted multiple untagged commands at the same
10517	 * time.  Can't do that.
10518	 */
10519	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10520	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10521	 && ((pending_io->io_hdr.nexus.targ_port ==
10522	      ooa_io->io_hdr.nexus.targ_port)
10523	  && (pending_io->io_hdr.nexus.initid ==
10524	      ooa_io->io_hdr.nexus.initid))
10525	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10526	      CTL_FLAG_STATUS_SENT)) == 0))
10527		return (CTL_ACTION_OVERLAP);
10528
10529	/*
10530	 * The initiator attempted to send multiple tagged commands with
10531	 * the same ID.  (It's fine if different initiators have the same
10532	 * tag ID.)
10533	 *
10534	 * Even if all of those conditions are true, we don't kill the I/O
10535	 * if the command ahead of us has been aborted.  We won't end up
10536	 * sending it to the FETD, and it's perfectly legal to resend a
10537	 * command with the same tag number as long as the previous
10538	 * instance of this tag number has been aborted somehow.
10539	 */
10540	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10541	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10542	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10543	 && ((pending_io->io_hdr.nexus.targ_port ==
10544	      ooa_io->io_hdr.nexus.targ_port)
10545	  && (pending_io->io_hdr.nexus.initid ==
10546	      ooa_io->io_hdr.nexus.initid))
10547	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10548	      CTL_FLAG_STATUS_SENT)) == 0))
10549		return (CTL_ACTION_OVERLAP_TAG);
10550
10551	/*
10552	 * If we get a head of queue tag, SAM-3 says that we should
10553	 * immediately execute it.
10554	 *
10555	 * What happens if this command would normally block for some other
10556	 * reason?  e.g. a request sense with a head of queue tag
10557	 * immediately after a write.  Normally that would block, but this
10558	 * will result in its getting executed immediately...
10559	 *
10560	 * We currently return "pass" instead of "skip", so we'll end up
10561	 * going through the rest of the queue to check for overlapped tags.
10562	 *
10563	 * XXX KDM check for other types of blockage first??
10564	 */
10565	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10566		return (CTL_ACTION_PASS);
10567
10568	/*
10569	 * Ordered tags have to block until all items ahead of them
10570	 * have completed.  If we get called with an ordered tag, we always
10571	 * block, if something else is ahead of us in the queue.
10572	 */
10573	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10574		return (CTL_ACTION_BLOCK);
10575
10576	/*
10577	 * Simple tags get blocked until all head of queue and ordered tags
10578	 * ahead of them have completed.  I'm lumping untagged commands in
10579	 * with simple tags here.  XXX KDM is that the right thing to do?
10580	 */
10581	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10582	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10583	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10584	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10585		return (CTL_ACTION_BLOCK);
10586
10587	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10588	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10589
10590	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10591
10592	switch (serialize_row[pending_entry->seridx]) {
10593	case CTL_SER_BLOCK:
10594		return (CTL_ACTION_BLOCK);
10595	case CTL_SER_EXTENT:
10596		return (ctl_extent_check(ooa_io, pending_io,
10597		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10598	case CTL_SER_EXTENTOPT:
10599		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10600		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10601			return (ctl_extent_check(ooa_io, pending_io,
10602			    (lun->be_lun &&
10603			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10604		return (CTL_ACTION_PASS);
10605	case CTL_SER_EXTENTSEQ:
10606		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10607			return (ctl_extent_check_seq(ooa_io, pending_io));
10608		return (CTL_ACTION_PASS);
10609	case CTL_SER_PASS:
10610		return (CTL_ACTION_PASS);
10611	case CTL_SER_BLOCKOPT:
10612		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10613		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10614			return (CTL_ACTION_BLOCK);
10615		return (CTL_ACTION_PASS);
10616	case CTL_SER_SKIP:
10617		return (CTL_ACTION_SKIP);
10618	default:
10619		panic("invalid serialization value %d",
10620		      serialize_row[pending_entry->seridx]);
10621	}
10622
10623	return (CTL_ACTION_ERROR);
10624}
10625
10626/*
10627 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10628 * Assumptions:
10629 * - pending_io is generally either incoming, or on the blocked queue
10630 * - starting I/O is the I/O we want to start the check with.
10631 */
10632static ctl_action
10633ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10634	      union ctl_io *starting_io)
10635{
10636	union ctl_io *ooa_io;
10637	ctl_action action;
10638
10639	mtx_assert(&lun->lun_lock, MA_OWNED);
10640
10641	/*
10642	 * Run back along the OOA queue, starting with the current
10643	 * blocked I/O and going through every I/O before it on the
10644	 * queue.  If starting_io is NULL, we'll just end up returning
10645	 * CTL_ACTION_PASS.
10646	 */
10647	for (ooa_io = starting_io; ooa_io != NULL;
10648	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10649	     ooa_links)){
10650
10651		/*
10652		 * This routine just checks to see whether
10653		 * cur_blocked is blocked by ooa_io, which is ahead
10654		 * of it in the queue.  It doesn't queue/dequeue
10655		 * cur_blocked.
10656		 */
10657		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10658		switch (action) {
10659		case CTL_ACTION_BLOCK:
10660		case CTL_ACTION_OVERLAP:
10661		case CTL_ACTION_OVERLAP_TAG:
10662		case CTL_ACTION_SKIP:
10663		case CTL_ACTION_ERROR:
10664			return (action);
10665			break; /* NOTREACHED */
10666		case CTL_ACTION_PASS:
10667			break;
10668		default:
10669			panic("invalid action %d", action);
10670			break;  /* NOTREACHED */
10671		}
10672	}
10673
10674	return (CTL_ACTION_PASS);
10675}
10676
10677/*
10678 * Assumptions:
10679 * - An I/O has just completed, and has been removed from the per-LUN OOA
10680 *   queue, so some items on the blocked queue may now be unblocked.
10681 */
10682static int
10683ctl_check_blocked(struct ctl_lun *lun)
10684{
10685	struct ctl_softc *softc = lun->ctl_softc;
10686	union ctl_io *cur_blocked, *next_blocked;
10687
10688	mtx_assert(&lun->lun_lock, MA_OWNED);
10689
10690	/*
10691	 * Run forward from the head of the blocked queue, checking each
10692	 * entry against the I/Os prior to it on the OOA queue to see if
10693	 * there is still any blockage.
10694	 *
10695	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10696	 * with our removing a variable on it while it is traversing the
10697	 * list.
10698	 */
10699	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10700	     cur_blocked != NULL; cur_blocked = next_blocked) {
10701		union ctl_io *prev_ooa;
10702		ctl_action action;
10703
10704		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10705							  blocked_links);
10706
10707		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10708						      ctl_ooaq, ooa_links);
10709
10710		/*
10711		 * If cur_blocked happens to be the first item in the OOA
10712		 * queue now, prev_ooa will be NULL, and the action
10713		 * returned will just be CTL_ACTION_PASS.
10714		 */
10715		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10716
10717		switch (action) {
10718		case CTL_ACTION_BLOCK:
10719			/* Nothing to do here, still blocked */
10720			break;
10721		case CTL_ACTION_OVERLAP:
10722		case CTL_ACTION_OVERLAP_TAG:
10723			/*
10724			 * This shouldn't happen!  In theory we've already
10725			 * checked this command for overlap...
10726			 */
10727			break;
10728		case CTL_ACTION_PASS:
10729		case CTL_ACTION_SKIP: {
10730			const struct ctl_cmd_entry *entry;
10731
10732			/*
10733			 * The skip case shouldn't happen, this transaction
10734			 * should have never made it onto the blocked queue.
10735			 */
10736			/*
10737			 * This I/O is no longer blocked, we can remove it
10738			 * from the blocked queue.  Since this is a TAILQ
10739			 * (doubly linked list), we can do O(1) removals
10740			 * from any place on the list.
10741			 */
10742			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10743				     blocked_links);
10744			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10745
10746			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10747			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10748				/*
10749				 * Need to send IO back to original side to
10750				 * run
10751				 */
10752				union ctl_ha_msg msg_info;
10753
10754				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10755				msg_info.hdr.original_sc =
10756					cur_blocked->io_hdr.original_sc;
10757				msg_info.hdr.serializing_sc = cur_blocked;
10758				msg_info.hdr.msg_type = CTL_MSG_R2R;
10759				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10760				    sizeof(msg_info.hdr), M_NOWAIT);
10761				break;
10762			}
10763			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10764
10765			/*
10766			 * Check this I/O for LUN state changes that may
10767			 * have happened while this command was blocked.
10768			 * The LUN state may have been changed by a command
10769			 * ahead of us in the queue, so we need to re-check
10770			 * for any states that can be caused by SCSI
10771			 * commands.
10772			 */
10773			if (ctl_scsiio_lun_check(lun, entry,
10774						 &cur_blocked->scsiio) == 0) {
10775				cur_blocked->io_hdr.flags |=
10776				                      CTL_FLAG_IS_WAS_ON_RTR;
10777				ctl_enqueue_rtr(cur_blocked);
10778			} else
10779				ctl_done(cur_blocked);
10780			break;
10781		}
10782		default:
10783			/*
10784			 * This probably shouldn't happen -- we shouldn't
10785			 * get CTL_ACTION_ERROR, or anything else.
10786			 */
10787			break;
10788		}
10789	}
10790
10791	return (CTL_RETVAL_COMPLETE);
10792}
10793
10794/*
10795 * This routine (with one exception) checks LUN flags that can be set by
10796 * commands ahead of us in the OOA queue.  These flags have to be checked
10797 * when a command initially comes in, and when we pull a command off the
10798 * blocked queue and are preparing to execute it.  The reason we have to
10799 * check these flags for commands on the blocked queue is that the LUN
10800 * state may have been changed by a command ahead of us while we're on the
10801 * blocked queue.
10802 *
10803 * Ordering is somewhat important with these checks, so please pay
10804 * careful attention to the placement of any new checks.
10805 */
10806static int
10807ctl_scsiio_lun_check(struct ctl_lun *lun,
10808    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10809{
10810	struct ctl_softc *softc = lun->ctl_softc;
10811	int retval;
10812	uint32_t residx;
10813
10814	retval = 0;
10815
10816	mtx_assert(&lun->lun_lock, MA_OWNED);
10817
10818	/*
10819	 * If this shelf is a secondary shelf controller, we may have to
10820	 * reject some commands disallowed by HA mode and link state.
10821	 */
10822	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10823		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10824		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10825			ctl_set_lun_unavail(ctsio);
10826			retval = 1;
10827			goto bailout;
10828		}
10829		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10830		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10831			ctl_set_lun_transit(ctsio);
10832			retval = 1;
10833			goto bailout;
10834		}
10835		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10836		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10837			ctl_set_lun_standby(ctsio);
10838			retval = 1;
10839			goto bailout;
10840		}
10841
10842		/* The rest of checks are only done on executing side */
10843		if (softc->ha_mode == CTL_HA_MODE_XFER)
10844			goto bailout;
10845	}
10846
10847	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10848		if (lun->be_lun &&
10849		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10850			ctl_set_hw_write_protected(ctsio);
10851			retval = 1;
10852			goto bailout;
10853		}
10854		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10855		    .eca_and_aen & SCP_SWP) != 0) {
10856			ctl_set_sense(ctsio, /*current_error*/ 1,
10857			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10858			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10859			retval = 1;
10860			goto bailout;
10861		}
10862	}
10863
10864	/*
10865	 * Check for a reservation conflict.  If this command isn't allowed
10866	 * even on reserved LUNs, and if this initiator isn't the one who
10867	 * reserved us, reject the command with a reservation conflict.
10868	 */
10869	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10870	if ((lun->flags & CTL_LUN_RESERVED)
10871	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10872		if (lun->res_idx != residx) {
10873			ctl_set_reservation_conflict(ctsio);
10874			retval = 1;
10875			goto bailout;
10876		}
10877	}
10878
10879	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10880	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10881		/* No reservation or command is allowed. */;
10882	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10883	    (lun->res_type == SPR_TYPE_WR_EX ||
10884	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10885	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10886		/* The command is allowed for Write Exclusive resv. */;
10887	} else {
10888		/*
10889		 * if we aren't registered or it's a res holder type
10890		 * reservation and this isn't the res holder then set a
10891		 * conflict.
10892		 */
10893		if (ctl_get_prkey(lun, residx) == 0
10894		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10895			ctl_set_reservation_conflict(ctsio);
10896			retval = 1;
10897			goto bailout;
10898		}
10899	}
10900
10901	if ((lun->flags & CTL_LUN_OFFLINE)
10902	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10903		ctl_set_lun_not_ready(ctsio);
10904		retval = 1;
10905		goto bailout;
10906	}
10907
10908	if ((lun->flags & CTL_LUN_STOPPED)
10909	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10910		/* "Logical unit not ready, initializing cmd. required" */
10911		ctl_set_lun_stopped(ctsio);
10912		retval = 1;
10913		goto bailout;
10914	}
10915
10916	if ((lun->flags & CTL_LUN_INOPERABLE)
10917	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10918		/* "Medium format corrupted" */
10919		ctl_set_medium_format_corrupted(ctsio);
10920		retval = 1;
10921		goto bailout;
10922	}
10923
10924bailout:
10925	return (retval);
10926}
10927
10928static void
10929ctl_failover_io(union ctl_io *io, int have_lock)
10930{
10931	ctl_set_busy(&io->scsiio);
10932	ctl_done(io);
10933}
10934
10935static void
10936ctl_failover_lun(union ctl_io *rio)
10937{
10938	struct ctl_softc *softc = control_softc;
10939	struct ctl_lun *lun;
10940	struct ctl_io_hdr *io, *next_io;
10941	uint32_t targ_lun;
10942
10943	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
10944	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
10945
10946	/* Find and lock the LUN. */
10947	mtx_lock(&softc->ctl_lock);
10948	if ((targ_lun < CTL_MAX_LUNS) &&
10949	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
10950		mtx_lock(&lun->lun_lock);
10951		mtx_unlock(&softc->ctl_lock);
10952		if (lun->flags & CTL_LUN_DISABLED) {
10953			mtx_unlock(&lun->lun_lock);
10954			return;
10955		}
10956	} else {
10957		mtx_unlock(&softc->ctl_lock);
10958		return;
10959	}
10960
10961	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10962		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10963			/* We are master */
10964			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10965				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10966					io->flags |= CTL_FLAG_ABORT;
10967					io->flags |= CTL_FLAG_FAILOVER;
10968				} else { /* This can be only due to DATAMOVE */
10969					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10970					io->flags &= ~CTL_FLAG_DMA_INPROG;
10971					io->flags |= CTL_FLAG_IO_ACTIVE;
10972					io->port_status = 31340;
10973					ctl_enqueue_isc((union ctl_io *)io);
10974				}
10975			}
10976			/* We are slave */
10977			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10978				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10979				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10980					io->flags |= CTL_FLAG_FAILOVER;
10981				} else {
10982					ctl_set_busy(&((union ctl_io *)io)->
10983					    scsiio);
10984					ctl_done((union ctl_io *)io);
10985				}
10986			}
10987		}
10988	} else { /* SERIALIZE modes */
10989		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10990		    next_io) {
10991			/* We are master */
10992			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10993				TAILQ_REMOVE(&lun->blocked_queue, io,
10994				    blocked_links);
10995				io->flags &= ~CTL_FLAG_BLOCKED;
10996				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10997				ctl_free_io((union ctl_io *)io);
10998			}
10999		}
11000		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11001			/* We are master */
11002			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11003				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11004				ctl_free_io((union ctl_io *)io);
11005			}
11006			/* We are slave */
11007			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11008				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11009				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11010					ctl_set_busy(&((union ctl_io *)io)->
11011					    scsiio);
11012					ctl_done((union ctl_io *)io);
11013				}
11014			}
11015		}
11016		ctl_check_blocked(lun);
11017	}
11018	mtx_unlock(&lun->lun_lock);
11019}
11020
11021static int
11022ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11023{
11024	struct ctl_lun *lun;
11025	const struct ctl_cmd_entry *entry;
11026	uint32_t initidx, targ_lun;
11027	int retval;
11028
11029	retval = 0;
11030
11031	lun = NULL;
11032
11033	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11034	if ((targ_lun < CTL_MAX_LUNS)
11035	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11036		/*
11037		 * If the LUN is invalid, pretend that it doesn't exist.
11038		 * It will go away as soon as all pending I/O has been
11039		 * completed.
11040		 */
11041		mtx_lock(&lun->lun_lock);
11042		if (lun->flags & CTL_LUN_DISABLED) {
11043			mtx_unlock(&lun->lun_lock);
11044			lun = NULL;
11045			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11046			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11047		} else {
11048			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11049			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11050				lun->be_lun;
11051
11052			/*
11053			 * Every I/O goes into the OOA queue for a
11054			 * particular LUN, and stays there until completion.
11055			 */
11056#ifdef CTL_TIME_IO
11057			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11058				lun->idle_time += getsbinuptime() -
11059				    lun->last_busy;
11060			}
11061#endif
11062			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11063			    ooa_links);
11064		}
11065	} else {
11066		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11067		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11068	}
11069
11070	/* Get command entry and return error if it is unsuppotyed. */
11071	entry = ctl_validate_command(ctsio);
11072	if (entry == NULL) {
11073		if (lun)
11074			mtx_unlock(&lun->lun_lock);
11075		return (retval);
11076	}
11077
11078	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11079	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11080
11081	/*
11082	 * Check to see whether we can send this command to LUNs that don't
11083	 * exist.  This should pretty much only be the case for inquiry
11084	 * and request sense.  Further checks, below, really require having
11085	 * a LUN, so we can't really check the command anymore.  Just put
11086	 * it on the rtr queue.
11087	 */
11088	if (lun == NULL) {
11089		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11090			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11091			ctl_enqueue_rtr((union ctl_io *)ctsio);
11092			return (retval);
11093		}
11094
11095		ctl_set_unsupported_lun(ctsio);
11096		ctl_done((union ctl_io *)ctsio);
11097		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11098		return (retval);
11099	} else {
11100		/*
11101		 * Make sure we support this particular command on this LUN.
11102		 * e.g., we don't support writes to the control LUN.
11103		 */
11104		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11105			mtx_unlock(&lun->lun_lock);
11106			ctl_set_invalid_opcode(ctsio);
11107			ctl_done((union ctl_io *)ctsio);
11108			return (retval);
11109		}
11110	}
11111
11112	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11113
11114#ifdef CTL_WITH_CA
11115	/*
11116	 * If we've got a request sense, it'll clear the contingent
11117	 * allegiance condition.  Otherwise, if we have a CA condition for
11118	 * this initiator, clear it, because it sent down a command other
11119	 * than request sense.
11120	 */
11121	if ((ctsio->cdb[0] != REQUEST_SENSE)
11122	 && (ctl_is_set(lun->have_ca, initidx)))
11123		ctl_clear_mask(lun->have_ca, initidx);
11124#endif
11125
11126	/*
11127	 * If the command has this flag set, it handles its own unit
11128	 * attention reporting, we shouldn't do anything.  Otherwise we
11129	 * check for any pending unit attentions, and send them back to the
11130	 * initiator.  We only do this when a command initially comes in,
11131	 * not when we pull it off the blocked queue.
11132	 *
11133	 * According to SAM-3, section 5.3.2, the order that things get
11134	 * presented back to the host is basically unit attentions caused
11135	 * by some sort of reset event, busy status, reservation conflicts
11136	 * or task set full, and finally any other status.
11137	 *
11138	 * One issue here is that some of the unit attentions we report
11139	 * don't fall into the "reset" category (e.g. "reported luns data
11140	 * has changed").  So reporting it here, before the reservation
11141	 * check, may be technically wrong.  I guess the only thing to do
11142	 * would be to check for and report the reset events here, and then
11143	 * check for the other unit attention types after we check for a
11144	 * reservation conflict.
11145	 *
11146	 * XXX KDM need to fix this
11147	 */
11148	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11149		ctl_ua_type ua_type;
11150
11151		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11152		    SSD_TYPE_NONE);
11153		if (ua_type != CTL_UA_NONE) {
11154			mtx_unlock(&lun->lun_lock);
11155			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11156			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11157			ctsio->sense_len = SSD_FULL_SIZE;
11158			ctl_done((union ctl_io *)ctsio);
11159			return (retval);
11160		}
11161	}
11162
11163
11164	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11165		mtx_unlock(&lun->lun_lock);
11166		ctl_done((union ctl_io *)ctsio);
11167		return (retval);
11168	}
11169
11170	/*
11171	 * XXX CHD this is where we want to send IO to other side if
11172	 * this LUN is secondary on this SC. We will need to make a copy
11173	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11174	 * the copy we send as FROM_OTHER.
11175	 * We also need to stuff the address of the original IO so we can
11176	 * find it easily. Something similar will need be done on the other
11177	 * side so when we are done we can find the copy.
11178	 */
11179	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11180	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11181	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11182		union ctl_ha_msg msg_info;
11183		int isc_retval;
11184
11185		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11186		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11187		mtx_unlock(&lun->lun_lock);
11188
11189		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11190		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11191		msg_info.hdr.serializing_sc = NULL;
11192		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11193		msg_info.scsi.tag_num = ctsio->tag_num;
11194		msg_info.scsi.tag_type = ctsio->tag_type;
11195		msg_info.scsi.cdb_len = ctsio->cdb_len;
11196		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11197
11198		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11199		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11200		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11201			ctl_set_busy(ctsio);
11202			ctl_done((union ctl_io *)ctsio);
11203			return (retval);
11204		}
11205		return (retval);
11206	}
11207
11208	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11209			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11210			      ctl_ooaq, ooa_links))) {
11211	case CTL_ACTION_BLOCK:
11212		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11213		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11214				  blocked_links);
11215		mtx_unlock(&lun->lun_lock);
11216		return (retval);
11217	case CTL_ACTION_PASS:
11218	case CTL_ACTION_SKIP:
11219		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11220		mtx_unlock(&lun->lun_lock);
11221		ctl_enqueue_rtr((union ctl_io *)ctsio);
11222		break;
11223	case CTL_ACTION_OVERLAP:
11224		mtx_unlock(&lun->lun_lock);
11225		ctl_set_overlapped_cmd(ctsio);
11226		ctl_done((union ctl_io *)ctsio);
11227		break;
11228	case CTL_ACTION_OVERLAP_TAG:
11229		mtx_unlock(&lun->lun_lock);
11230		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11231		ctl_done((union ctl_io *)ctsio);
11232		break;
11233	case CTL_ACTION_ERROR:
11234	default:
11235		mtx_unlock(&lun->lun_lock);
11236		ctl_set_internal_failure(ctsio,
11237					 /*sks_valid*/ 0,
11238					 /*retry_count*/ 0);
11239		ctl_done((union ctl_io *)ctsio);
11240		break;
11241	}
11242	return (retval);
11243}
11244
11245const struct ctl_cmd_entry *
11246ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11247{
11248	const struct ctl_cmd_entry *entry;
11249	int service_action;
11250
11251	entry = &ctl_cmd_table[ctsio->cdb[0]];
11252	if (sa)
11253		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11254	if (entry->flags & CTL_CMD_FLAG_SA5) {
11255		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11256		entry = &((const struct ctl_cmd_entry *)
11257		    entry->execute)[service_action];
11258	}
11259	return (entry);
11260}
11261
11262const struct ctl_cmd_entry *
11263ctl_validate_command(struct ctl_scsiio *ctsio)
11264{
11265	const struct ctl_cmd_entry *entry;
11266	int i, sa;
11267	uint8_t diff;
11268
11269	entry = ctl_get_cmd_entry(ctsio, &sa);
11270	if (entry->execute == NULL) {
11271		if (sa)
11272			ctl_set_invalid_field(ctsio,
11273					      /*sks_valid*/ 1,
11274					      /*command*/ 1,
11275					      /*field*/ 1,
11276					      /*bit_valid*/ 1,
11277					      /*bit*/ 4);
11278		else
11279			ctl_set_invalid_opcode(ctsio);
11280		ctl_done((union ctl_io *)ctsio);
11281		return (NULL);
11282	}
11283	KASSERT(entry->length > 0,
11284	    ("Not defined length for command 0x%02x/0x%02x",
11285	     ctsio->cdb[0], ctsio->cdb[1]));
11286	for (i = 1; i < entry->length; i++) {
11287		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11288		if (diff == 0)
11289			continue;
11290		ctl_set_invalid_field(ctsio,
11291				      /*sks_valid*/ 1,
11292				      /*command*/ 1,
11293				      /*field*/ i,
11294				      /*bit_valid*/ 1,
11295				      /*bit*/ fls(diff) - 1);
11296		ctl_done((union ctl_io *)ctsio);
11297		return (NULL);
11298	}
11299	return (entry);
11300}
11301
11302static int
11303ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11304{
11305
11306	switch (lun_type) {
11307	case T_PROCESSOR:
11308		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11309			return (0);
11310		break;
11311	case T_DIRECT:
11312		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11313			return (0);
11314		break;
11315	default:
11316		return (0);
11317	}
11318	return (1);
11319}
11320
11321static int
11322ctl_scsiio(struct ctl_scsiio *ctsio)
11323{
11324	int retval;
11325	const struct ctl_cmd_entry *entry;
11326
11327	retval = CTL_RETVAL_COMPLETE;
11328
11329	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11330
11331	entry = ctl_get_cmd_entry(ctsio, NULL);
11332
11333	/*
11334	 * If this I/O has been aborted, just send it straight to
11335	 * ctl_done() without executing it.
11336	 */
11337	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11338		ctl_done((union ctl_io *)ctsio);
11339		goto bailout;
11340	}
11341
11342	/*
11343	 * All the checks should have been handled by ctl_scsiio_precheck().
11344	 * We should be clear now to just execute the I/O.
11345	 */
11346	retval = entry->execute(ctsio);
11347
11348bailout:
11349	return (retval);
11350}
11351
11352/*
11353 * Since we only implement one target right now, a bus reset simply resets
11354 * our single target.
11355 */
11356static int
11357ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11358{
11359	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11360}
11361
11362static int
11363ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11364		 ctl_ua_type ua_type)
11365{
11366	struct ctl_port *port;
11367	struct ctl_lun *lun;
11368	int retval;
11369
11370	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11371		union ctl_ha_msg msg_info;
11372
11373		msg_info.hdr.nexus = io->io_hdr.nexus;
11374		if (ua_type==CTL_UA_TARG_RESET)
11375			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11376		else
11377			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11378		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11379		msg_info.hdr.original_sc = NULL;
11380		msg_info.hdr.serializing_sc = NULL;
11381		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11382		    sizeof(msg_info.task), M_WAITOK);
11383	}
11384	retval = 0;
11385
11386	mtx_lock(&softc->ctl_lock);
11387	port = ctl_io_port(&io->io_hdr);
11388	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11389		if (port != NULL &&
11390		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11391			continue;
11392		retval += ctl_do_lun_reset(lun, io, ua_type);
11393	}
11394	mtx_unlock(&softc->ctl_lock);
11395	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11396	return (retval);
11397}
11398
11399/*
11400 * The LUN should always be set.  The I/O is optional, and is used to
11401 * distinguish between I/Os sent by this initiator, and by other
11402 * initiators.  We set unit attention for initiators other than this one.
11403 * SAM-3 is vague on this point.  It does say that a unit attention should
11404 * be established for other initiators when a LUN is reset (see section
11405 * 5.7.3), but it doesn't specifically say that the unit attention should
11406 * be established for this particular initiator when a LUN is reset.  Here
11407 * is the relevant text, from SAM-3 rev 8:
11408 *
11409 * 5.7.2 When a SCSI initiator port aborts its own tasks
11410 *
11411 * When a SCSI initiator port causes its own task(s) to be aborted, no
11412 * notification that the task(s) have been aborted shall be returned to
11413 * the SCSI initiator port other than the completion response for the
11414 * command or task management function action that caused the task(s) to
11415 * be aborted and notification(s) associated with related effects of the
11416 * action (e.g., a reset unit attention condition).
11417 *
11418 * XXX KDM for now, we're setting unit attention for all initiators.
11419 */
11420static int
11421ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11422{
11423	union ctl_io *xio;
11424#if 0
11425	uint32_t initidx;
11426#endif
11427#ifdef CTL_WITH_CA
11428	int i;
11429#endif
11430
11431	mtx_lock(&lun->lun_lock);
11432	/*
11433	 * Run through the OOA queue and abort each I/O.
11434	 */
11435	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11436	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11437		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11438	}
11439
11440	/*
11441	 * This version sets unit attention for every
11442	 */
11443#if 0
11444	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11445	ctl_est_ua_all(lun, initidx, ua_type);
11446#else
11447	ctl_est_ua_all(lun, -1, ua_type);
11448#endif
11449
11450	/*
11451	 * A reset (any kind, really) clears reservations established with
11452	 * RESERVE/RELEASE.  It does not clear reservations established
11453	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11454	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11455	 * reservations made with the RESERVE/RELEASE commands, because
11456	 * those commands are obsolete in SPC-3.
11457	 */
11458	lun->flags &= ~CTL_LUN_RESERVED;
11459
11460#ifdef CTL_WITH_CA
11461	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11462		ctl_clear_mask(lun->have_ca, i);
11463#endif
11464	mtx_unlock(&lun->lun_lock);
11465
11466	return (0);
11467}
11468
11469static int
11470ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11471{
11472	struct ctl_lun *lun;
11473	uint32_t targ_lun;
11474	int retval;
11475
11476	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11477	mtx_lock(&softc->ctl_lock);
11478	if ((targ_lun >= CTL_MAX_LUNS) ||
11479	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11480		mtx_unlock(&softc->ctl_lock);
11481		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11482		return (1);
11483	}
11484	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11485	mtx_unlock(&softc->ctl_lock);
11486	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11487
11488	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11489		union ctl_ha_msg msg_info;
11490
11491		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11492		msg_info.hdr.nexus = io->io_hdr.nexus;
11493		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11494		msg_info.hdr.original_sc = NULL;
11495		msg_info.hdr.serializing_sc = NULL;
11496		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11497		    sizeof(msg_info.task), M_WAITOK);
11498	}
11499	return (retval);
11500}
11501
11502static void
11503ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11504    int other_sc)
11505{
11506	union ctl_io *xio;
11507
11508	mtx_assert(&lun->lun_lock, MA_OWNED);
11509
11510	/*
11511	 * Run through the OOA queue and attempt to find the given I/O.
11512	 * The target port, initiator ID, tag type and tag number have to
11513	 * match the values that we got from the initiator.  If we have an
11514	 * untagged command to abort, simply abort the first untagged command
11515	 * we come to.  We only allow one untagged command at a time of course.
11516	 */
11517	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11518	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11519
11520		if ((targ_port == UINT32_MAX ||
11521		     targ_port == xio->io_hdr.nexus.targ_port) &&
11522		    (init_id == UINT32_MAX ||
11523		     init_id == xio->io_hdr.nexus.initid)) {
11524			if (targ_port != xio->io_hdr.nexus.targ_port ||
11525			    init_id != xio->io_hdr.nexus.initid)
11526				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11527			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11528			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11529				union ctl_ha_msg msg_info;
11530
11531				msg_info.hdr.nexus = xio->io_hdr.nexus;
11532				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11533				msg_info.task.tag_num = xio->scsiio.tag_num;
11534				msg_info.task.tag_type = xio->scsiio.tag_type;
11535				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11536				msg_info.hdr.original_sc = NULL;
11537				msg_info.hdr.serializing_sc = NULL;
11538				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11539				    sizeof(msg_info.task), M_NOWAIT);
11540			}
11541		}
11542	}
11543}
11544
11545static int
11546ctl_abort_task_set(union ctl_io *io)
11547{
11548	struct ctl_softc *softc = control_softc;
11549	struct ctl_lun *lun;
11550	uint32_t targ_lun;
11551
11552	/*
11553	 * Look up the LUN.
11554	 */
11555	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11556	mtx_lock(&softc->ctl_lock);
11557	if ((targ_lun >= CTL_MAX_LUNS) ||
11558	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11559		mtx_unlock(&softc->ctl_lock);
11560		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11561		return (1);
11562	}
11563
11564	mtx_lock(&lun->lun_lock);
11565	mtx_unlock(&softc->ctl_lock);
11566	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11567		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11568		    io->io_hdr.nexus.initid,
11569		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11570	} else { /* CTL_TASK_CLEAR_TASK_SET */
11571		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11572		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11573	}
11574	mtx_unlock(&lun->lun_lock);
11575	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11576	return (0);
11577}
11578
11579static int
11580ctl_i_t_nexus_reset(union ctl_io *io)
11581{
11582	struct ctl_softc *softc = control_softc;
11583	struct ctl_lun *lun;
11584	uint32_t initidx;
11585
11586	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11587		union ctl_ha_msg msg_info;
11588
11589		msg_info.hdr.nexus = io->io_hdr.nexus;
11590		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11591		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11592		msg_info.hdr.original_sc = NULL;
11593		msg_info.hdr.serializing_sc = NULL;
11594		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11595		    sizeof(msg_info.task), M_WAITOK);
11596	}
11597
11598	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11599	mtx_lock(&softc->ctl_lock);
11600	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11601		mtx_lock(&lun->lun_lock);
11602		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11603		    io->io_hdr.nexus.initid, 1);
11604#ifdef CTL_WITH_CA
11605		ctl_clear_mask(lun->have_ca, initidx);
11606#endif
11607		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11608			lun->flags &= ~CTL_LUN_RESERVED;
11609		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11610		mtx_unlock(&lun->lun_lock);
11611	}
11612	mtx_unlock(&softc->ctl_lock);
11613	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11614	return (0);
11615}
11616
11617static int
11618ctl_abort_task(union ctl_io *io)
11619{
11620	union ctl_io *xio;
11621	struct ctl_lun *lun;
11622	struct ctl_softc *softc;
11623#if 0
11624	struct sbuf sb;
11625	char printbuf[128];
11626#endif
11627	int found;
11628	uint32_t targ_lun;
11629
11630	softc = control_softc;
11631	found = 0;
11632
11633	/*
11634	 * Look up the LUN.
11635	 */
11636	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11637	mtx_lock(&softc->ctl_lock);
11638	if ((targ_lun >= CTL_MAX_LUNS) ||
11639	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11640		mtx_unlock(&softc->ctl_lock);
11641		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11642		return (1);
11643	}
11644
11645#if 0
11646	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11647	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11648#endif
11649
11650	mtx_lock(&lun->lun_lock);
11651	mtx_unlock(&softc->ctl_lock);
11652	/*
11653	 * Run through the OOA queue and attempt to find the given I/O.
11654	 * The target port, initiator ID, tag type and tag number have to
11655	 * match the values that we got from the initiator.  If we have an
11656	 * untagged command to abort, simply abort the first untagged command
11657	 * we come to.  We only allow one untagged command at a time of course.
11658	 */
11659	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11660	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11661#if 0
11662		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11663
11664		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11665			    lun->lun, xio->scsiio.tag_num,
11666			    xio->scsiio.tag_type,
11667			    (xio->io_hdr.blocked_links.tqe_prev
11668			    == NULL) ? "" : " BLOCKED",
11669			    (xio->io_hdr.flags &
11670			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11671			    (xio->io_hdr.flags &
11672			    CTL_FLAG_ABORT) ? " ABORT" : "",
11673			    (xio->io_hdr.flags &
11674			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11675		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11676		sbuf_finish(&sb);
11677		printf("%s\n", sbuf_data(&sb));
11678#endif
11679
11680		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11681		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11682		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11683			continue;
11684
11685		/*
11686		 * If the abort says that the task is untagged, the
11687		 * task in the queue must be untagged.  Otherwise,
11688		 * we just check to see whether the tag numbers
11689		 * match.  This is because the QLogic firmware
11690		 * doesn't pass back the tag type in an abort
11691		 * request.
11692		 */
11693#if 0
11694		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11695		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11696		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11697#endif
11698		/*
11699		 * XXX KDM we've got problems with FC, because it
11700		 * doesn't send down a tag type with aborts.  So we
11701		 * can only really go by the tag number...
11702		 * This may cause problems with parallel SCSI.
11703		 * Need to figure that out!!
11704		 */
11705		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11706			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11707			found = 1;
11708			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11709			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11710				union ctl_ha_msg msg_info;
11711
11712				msg_info.hdr.nexus = io->io_hdr.nexus;
11713				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11714				msg_info.task.tag_num = io->taskio.tag_num;
11715				msg_info.task.tag_type = io->taskio.tag_type;
11716				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11717				msg_info.hdr.original_sc = NULL;
11718				msg_info.hdr.serializing_sc = NULL;
11719#if 0
11720				printf("Sent Abort to other side\n");
11721#endif
11722				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11723				    sizeof(msg_info.task), M_NOWAIT);
11724			}
11725#if 0
11726			printf("ctl_abort_task: found I/O to abort\n");
11727#endif
11728		}
11729	}
11730	mtx_unlock(&lun->lun_lock);
11731
11732	if (found == 0) {
11733		/*
11734		 * This isn't really an error.  It's entirely possible for
11735		 * the abort and command completion to cross on the wire.
11736		 * This is more of an informative/diagnostic error.
11737		 */
11738#if 0
11739		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11740		       "%u:%u:%u tag %d type %d\n",
11741		       io->io_hdr.nexus.initid,
11742		       io->io_hdr.nexus.targ_port,
11743		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11744		       io->taskio.tag_type);
11745#endif
11746	}
11747	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11748	return (0);
11749}
11750
11751static int
11752ctl_query_task(union ctl_io *io, int task_set)
11753{
11754	union ctl_io *xio;
11755	struct ctl_lun *lun;
11756	struct ctl_softc *softc;
11757	int found = 0;
11758	uint32_t targ_lun;
11759
11760	softc = control_softc;
11761	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11762	mtx_lock(&softc->ctl_lock);
11763	if ((targ_lun >= CTL_MAX_LUNS) ||
11764	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11765		mtx_unlock(&softc->ctl_lock);
11766		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11767		return (1);
11768	}
11769	mtx_lock(&lun->lun_lock);
11770	mtx_unlock(&softc->ctl_lock);
11771	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11772	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11773
11774		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11775		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11776		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11777			continue;
11778
11779		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11780			found = 1;
11781			break;
11782		}
11783	}
11784	mtx_unlock(&lun->lun_lock);
11785	if (found)
11786		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11787	else
11788		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11789	return (0);
11790}
11791
11792static int
11793ctl_query_async_event(union ctl_io *io)
11794{
11795	struct ctl_lun *lun;
11796	struct ctl_softc *softc;
11797	ctl_ua_type ua;
11798	uint32_t targ_lun, initidx;
11799
11800	softc = control_softc;
11801	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11802	mtx_lock(&softc->ctl_lock);
11803	if ((targ_lun >= CTL_MAX_LUNS) ||
11804	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11805		mtx_unlock(&softc->ctl_lock);
11806		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11807		return (1);
11808	}
11809	mtx_lock(&lun->lun_lock);
11810	mtx_unlock(&softc->ctl_lock);
11811	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11812	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11813	mtx_unlock(&lun->lun_lock);
11814	if (ua != CTL_UA_NONE)
11815		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11816	else
11817		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11818	return (0);
11819}
11820
11821static void
11822ctl_run_task(union ctl_io *io)
11823{
11824	struct ctl_softc *softc = control_softc;
11825	int retval = 1;
11826
11827	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11828	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11829	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11830	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11831	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11832	switch (io->taskio.task_action) {
11833	case CTL_TASK_ABORT_TASK:
11834		retval = ctl_abort_task(io);
11835		break;
11836	case CTL_TASK_ABORT_TASK_SET:
11837	case CTL_TASK_CLEAR_TASK_SET:
11838		retval = ctl_abort_task_set(io);
11839		break;
11840	case CTL_TASK_CLEAR_ACA:
11841		break;
11842	case CTL_TASK_I_T_NEXUS_RESET:
11843		retval = ctl_i_t_nexus_reset(io);
11844		break;
11845	case CTL_TASK_LUN_RESET:
11846		retval = ctl_lun_reset(softc, io);
11847		break;
11848	case CTL_TASK_TARGET_RESET:
11849		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11850		break;
11851	case CTL_TASK_BUS_RESET:
11852		retval = ctl_bus_reset(softc, io);
11853		break;
11854	case CTL_TASK_PORT_LOGIN:
11855		break;
11856	case CTL_TASK_PORT_LOGOUT:
11857		break;
11858	case CTL_TASK_QUERY_TASK:
11859		retval = ctl_query_task(io, 0);
11860		break;
11861	case CTL_TASK_QUERY_TASK_SET:
11862		retval = ctl_query_task(io, 1);
11863		break;
11864	case CTL_TASK_QUERY_ASYNC_EVENT:
11865		retval = ctl_query_async_event(io);
11866		break;
11867	default:
11868		printf("%s: got unknown task management event %d\n",
11869		       __func__, io->taskio.task_action);
11870		break;
11871	}
11872	if (retval == 0)
11873		io->io_hdr.status = CTL_SUCCESS;
11874	else
11875		io->io_hdr.status = CTL_ERROR;
11876	ctl_done(io);
11877}
11878
11879/*
11880 * For HA operation.  Handle commands that come in from the other
11881 * controller.
11882 */
11883static void
11884ctl_handle_isc(union ctl_io *io)
11885{
11886	int free_io;
11887	struct ctl_lun *lun;
11888	struct ctl_softc *softc = control_softc;
11889	uint32_t targ_lun;
11890
11891	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11892	lun = softc->ctl_luns[targ_lun];
11893
11894	switch (io->io_hdr.msg_type) {
11895	case CTL_MSG_SERIALIZE:
11896		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11897		break;
11898	case CTL_MSG_R2R: {
11899		const struct ctl_cmd_entry *entry;
11900
11901		/*
11902		 * This is only used in SER_ONLY mode.
11903		 */
11904		free_io = 0;
11905		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11906		mtx_lock(&lun->lun_lock);
11907		if (ctl_scsiio_lun_check(lun,
11908		    entry, (struct ctl_scsiio *)io) != 0) {
11909			mtx_unlock(&lun->lun_lock);
11910			ctl_done(io);
11911			break;
11912		}
11913		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11914		mtx_unlock(&lun->lun_lock);
11915		ctl_enqueue_rtr(io);
11916		break;
11917	}
11918	case CTL_MSG_FINISH_IO:
11919		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11920			free_io = 0;
11921			ctl_done(io);
11922		} else {
11923			free_io = 1;
11924			mtx_lock(&lun->lun_lock);
11925			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11926				     ooa_links);
11927			ctl_check_blocked(lun);
11928			mtx_unlock(&lun->lun_lock);
11929		}
11930		break;
11931	case CTL_MSG_PERS_ACTION:
11932		ctl_hndl_per_res_out_on_other_sc(
11933			(union ctl_ha_msg *)&io->presio.pr_msg);
11934		free_io = 1;
11935		break;
11936	case CTL_MSG_BAD_JUJU:
11937		free_io = 0;
11938		ctl_done(io);
11939		break;
11940	case CTL_MSG_DATAMOVE:
11941		/* Only used in XFER mode */
11942		free_io = 0;
11943		ctl_datamove_remote(io);
11944		break;
11945	case CTL_MSG_DATAMOVE_DONE:
11946		/* Only used in XFER mode */
11947		free_io = 0;
11948		io->scsiio.be_move_done(io);
11949		break;
11950	case CTL_MSG_FAILOVER:
11951		ctl_failover_lun(io);
11952		free_io = 1;
11953		break;
11954	default:
11955		free_io = 1;
11956		printf("%s: Invalid message type %d\n",
11957		       __func__, io->io_hdr.msg_type);
11958		break;
11959	}
11960	if (free_io)
11961		ctl_free_io(io);
11962
11963}
11964
11965
11966/*
11967 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11968 * there is no match.
11969 */
11970static ctl_lun_error_pattern
11971ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11972{
11973	const struct ctl_cmd_entry *entry;
11974	ctl_lun_error_pattern filtered_pattern, pattern;
11975
11976	pattern = desc->error_pattern;
11977
11978	/*
11979	 * XXX KDM we need more data passed into this function to match a
11980	 * custom pattern, and we actually need to implement custom pattern
11981	 * matching.
11982	 */
11983	if (pattern & CTL_LUN_PAT_CMD)
11984		return (CTL_LUN_PAT_CMD);
11985
11986	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11987		return (CTL_LUN_PAT_ANY);
11988
11989	entry = ctl_get_cmd_entry(ctsio, NULL);
11990
11991	filtered_pattern = entry->pattern & pattern;
11992
11993	/*
11994	 * If the user requested specific flags in the pattern (e.g.
11995	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11996	 * flags.
11997	 *
11998	 * If the user did not specify any flags, it doesn't matter whether
11999	 * or not the command supports the flags.
12000	 */
12001	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12002	     (pattern & ~CTL_LUN_PAT_MASK))
12003		return (CTL_LUN_PAT_NONE);
12004
12005	/*
12006	 * If the user asked for a range check, see if the requested LBA
12007	 * range overlaps with this command's LBA range.
12008	 */
12009	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12010		uint64_t lba1;
12011		uint64_t len1;
12012		ctl_action action;
12013		int retval;
12014
12015		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12016		if (retval != 0)
12017			return (CTL_LUN_PAT_NONE);
12018
12019		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12020					      desc->lba_range.len, FALSE);
12021		/*
12022		 * A "pass" means that the LBA ranges don't overlap, so
12023		 * this doesn't match the user's range criteria.
12024		 */
12025		if (action == CTL_ACTION_PASS)
12026			return (CTL_LUN_PAT_NONE);
12027	}
12028
12029	return (filtered_pattern);
12030}
12031
12032static void
12033ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12034{
12035	struct ctl_error_desc *desc, *desc2;
12036
12037	mtx_assert(&lun->lun_lock, MA_OWNED);
12038
12039	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12040		ctl_lun_error_pattern pattern;
12041		/*
12042		 * Check to see whether this particular command matches
12043		 * the pattern in the descriptor.
12044		 */
12045		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12046		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12047			continue;
12048
12049		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12050		case CTL_LUN_INJ_ABORTED:
12051			ctl_set_aborted(&io->scsiio);
12052			break;
12053		case CTL_LUN_INJ_MEDIUM_ERR:
12054			ctl_set_medium_error(&io->scsiio,
12055			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12056			     CTL_FLAG_DATA_OUT);
12057			break;
12058		case CTL_LUN_INJ_UA:
12059			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12060			 * OCCURRED */
12061			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12062			break;
12063		case CTL_LUN_INJ_CUSTOM:
12064			/*
12065			 * We're assuming the user knows what he is doing.
12066			 * Just copy the sense information without doing
12067			 * checks.
12068			 */
12069			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12070			      MIN(sizeof(desc->custom_sense),
12071				  sizeof(io->scsiio.sense_data)));
12072			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12073			io->scsiio.sense_len = SSD_FULL_SIZE;
12074			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12075			break;
12076		case CTL_LUN_INJ_NONE:
12077		default:
12078			/*
12079			 * If this is an error injection type we don't know
12080			 * about, clear the continuous flag (if it is set)
12081			 * so it will get deleted below.
12082			 */
12083			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12084			break;
12085		}
12086		/*
12087		 * By default, each error injection action is a one-shot
12088		 */
12089		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12090			continue;
12091
12092		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12093
12094		free(desc, M_CTL);
12095	}
12096}
12097
12098#ifdef CTL_IO_DELAY
12099static void
12100ctl_datamove_timer_wakeup(void *arg)
12101{
12102	union ctl_io *io;
12103
12104	io = (union ctl_io *)arg;
12105
12106	ctl_datamove(io);
12107}
12108#endif /* CTL_IO_DELAY */
12109
12110void
12111ctl_datamove(union ctl_io *io)
12112{
12113	struct ctl_lun *lun;
12114	void (*fe_datamove)(union ctl_io *io);
12115
12116	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12117
12118	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12119
12120	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12121#ifdef CTL_TIME_IO
12122	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12123		char str[256];
12124		char path_str[64];
12125		struct sbuf sb;
12126
12127		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12128		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12129
12130		sbuf_cat(&sb, path_str);
12131		switch (io->io_hdr.io_type) {
12132		case CTL_IO_SCSI:
12133			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12134			sbuf_printf(&sb, "\n");
12135			sbuf_cat(&sb, path_str);
12136			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12137				    io->scsiio.tag_num, io->scsiio.tag_type);
12138			break;
12139		case CTL_IO_TASK:
12140			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12141				    "Tag Type: %d\n", io->taskio.task_action,
12142				    io->taskio.tag_num, io->taskio.tag_type);
12143			break;
12144		default:
12145			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12146			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12147			break;
12148		}
12149		sbuf_cat(&sb, path_str);
12150		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12151			    (intmax_t)time_uptime - io->io_hdr.start_time);
12152		sbuf_finish(&sb);
12153		printf("%s", sbuf_data(&sb));
12154	}
12155#endif /* CTL_TIME_IO */
12156
12157#ifdef CTL_IO_DELAY
12158	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12159		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12160	} else {
12161		if ((lun != NULL)
12162		 && (lun->delay_info.datamove_delay > 0)) {
12163
12164			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12165			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12166			callout_reset(&io->io_hdr.delay_callout,
12167				      lun->delay_info.datamove_delay * hz,
12168				      ctl_datamove_timer_wakeup, io);
12169			if (lun->delay_info.datamove_type ==
12170			    CTL_DELAY_TYPE_ONESHOT)
12171				lun->delay_info.datamove_delay = 0;
12172			return;
12173		}
12174	}
12175#endif
12176
12177	/*
12178	 * This command has been aborted.  Set the port status, so we fail
12179	 * the data move.
12180	 */
12181	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12182		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12183		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12184		       io->io_hdr.nexus.targ_port,
12185		       io->io_hdr.nexus.targ_lun);
12186		io->io_hdr.port_status = 31337;
12187		/*
12188		 * Note that the backend, in this case, will get the
12189		 * callback in its context.  In other cases it may get
12190		 * called in the frontend's interrupt thread context.
12191		 */
12192		io->scsiio.be_move_done(io);
12193		return;
12194	}
12195
12196	/* Don't confuse frontend with zero length data move. */
12197	if (io->scsiio.kern_data_len == 0) {
12198		io->scsiio.be_move_done(io);
12199		return;
12200	}
12201
12202	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12203	fe_datamove(io);
12204}
12205
12206static void
12207ctl_send_datamove_done(union ctl_io *io, int have_lock)
12208{
12209	union ctl_ha_msg msg;
12210#ifdef CTL_TIME_IO
12211	struct bintime cur_bt;
12212#endif
12213
12214	memset(&msg, 0, sizeof(msg));
12215	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12216	msg.hdr.original_sc = io;
12217	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12218	msg.hdr.nexus = io->io_hdr.nexus;
12219	msg.hdr.status = io->io_hdr.status;
12220	msg.scsi.tag_num = io->scsiio.tag_num;
12221	msg.scsi.tag_type = io->scsiio.tag_type;
12222	msg.scsi.scsi_status = io->scsiio.scsi_status;
12223	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12224	       io->scsiio.sense_len);
12225	msg.scsi.sense_len = io->scsiio.sense_len;
12226	msg.scsi.sense_residual = io->scsiio.sense_residual;
12227	msg.scsi.fetd_status = io->io_hdr.port_status;
12228	msg.scsi.residual = io->scsiio.residual;
12229	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12230	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12231		ctl_failover_io(io, /*have_lock*/ have_lock);
12232		return;
12233	}
12234	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12235	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12236	    msg.scsi.sense_len, M_WAITOK);
12237
12238#ifdef CTL_TIME_IO
12239	getbinuptime(&cur_bt);
12240	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12241	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12242#endif
12243	io->io_hdr.num_dmas++;
12244}
12245
12246/*
12247 * The DMA to the remote side is done, now we need to tell the other side
12248 * we're done so it can continue with its data movement.
12249 */
12250static void
12251ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12252{
12253	union ctl_io *io;
12254	int i;
12255
12256	io = rq->context;
12257
12258	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12259		printf("%s: ISC DMA write failed with error %d", __func__,
12260		       rq->ret);
12261		ctl_set_internal_failure(&io->scsiio,
12262					 /*sks_valid*/ 1,
12263					 /*retry_count*/ rq->ret);
12264	}
12265
12266	ctl_dt_req_free(rq);
12267
12268	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12269		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12270	free(io->io_hdr.remote_sglist, M_CTL);
12271	io->io_hdr.remote_sglist = NULL;
12272	io->io_hdr.local_sglist = NULL;
12273
12274	/*
12275	 * The data is in local and remote memory, so now we need to send
12276	 * status (good or back) back to the other side.
12277	 */
12278	ctl_send_datamove_done(io, /*have_lock*/ 0);
12279}
12280
12281/*
12282 * We've moved the data from the host/controller into local memory.  Now we
12283 * need to push it over to the remote controller's memory.
12284 */
12285static int
12286ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12287{
12288	int retval;
12289
12290	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12291					  ctl_datamove_remote_write_cb);
12292	return (retval);
12293}
12294
12295static void
12296ctl_datamove_remote_write(union ctl_io *io)
12297{
12298	int retval;
12299	void (*fe_datamove)(union ctl_io *io);
12300
12301	/*
12302	 * - Get the data from the host/HBA into local memory.
12303	 * - DMA memory from the local controller to the remote controller.
12304	 * - Send status back to the remote controller.
12305	 */
12306
12307	retval = ctl_datamove_remote_sgl_setup(io);
12308	if (retval != 0)
12309		return;
12310
12311	/* Switch the pointer over so the FETD knows what to do */
12312	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12313
12314	/*
12315	 * Use a custom move done callback, since we need to send completion
12316	 * back to the other controller, not to the backend on this side.
12317	 */
12318	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12319
12320	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12321	fe_datamove(io);
12322}
12323
12324static int
12325ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12326{
12327#if 0
12328	char str[256];
12329	char path_str[64];
12330	struct sbuf sb;
12331#endif
12332	int i;
12333
12334	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12335		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12336	free(io->io_hdr.remote_sglist, M_CTL);
12337	io->io_hdr.remote_sglist = NULL;
12338	io->io_hdr.local_sglist = NULL;
12339
12340#if 0
12341	scsi_path_string(io, path_str, sizeof(path_str));
12342	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12343	sbuf_cat(&sb, path_str);
12344	scsi_command_string(&io->scsiio, NULL, &sb);
12345	sbuf_printf(&sb, "\n");
12346	sbuf_cat(&sb, path_str);
12347	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12348		    io->scsiio.tag_num, io->scsiio.tag_type);
12349	sbuf_cat(&sb, path_str);
12350	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12351		    io->io_hdr.flags, io->io_hdr.status);
12352	sbuf_finish(&sb);
12353	printk("%s", sbuf_data(&sb));
12354#endif
12355
12356
12357	/*
12358	 * The read is done, now we need to send status (good or bad) back
12359	 * to the other side.
12360	 */
12361	ctl_send_datamove_done(io, /*have_lock*/ 0);
12362
12363	return (0);
12364}
12365
12366static void
12367ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12368{
12369	union ctl_io *io;
12370	void (*fe_datamove)(union ctl_io *io);
12371
12372	io = rq->context;
12373
12374	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12375		printf("%s: ISC DMA read failed with error %d\n", __func__,
12376		       rq->ret);
12377		ctl_set_internal_failure(&io->scsiio,
12378					 /*sks_valid*/ 1,
12379					 /*retry_count*/ rq->ret);
12380	}
12381
12382	ctl_dt_req_free(rq);
12383
12384	/* Switch the pointer over so the FETD knows what to do */
12385	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12386
12387	/*
12388	 * Use a custom move done callback, since we need to send completion
12389	 * back to the other controller, not to the backend on this side.
12390	 */
12391	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12392
12393	/* XXX KDM add checks like the ones in ctl_datamove? */
12394
12395	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12396	fe_datamove(io);
12397}
12398
12399static int
12400ctl_datamove_remote_sgl_setup(union ctl_io *io)
12401{
12402	struct ctl_sg_entry *local_sglist;
12403	uint32_t len_to_go;
12404	int retval;
12405	int i;
12406
12407	retval = 0;
12408	local_sglist = io->io_hdr.local_sglist;
12409	len_to_go = io->scsiio.kern_data_len;
12410
12411	/*
12412	 * The difficult thing here is that the size of the various
12413	 * S/G segments may be different than the size from the
12414	 * remote controller.  That'll make it harder when DMAing
12415	 * the data back to the other side.
12416	 */
12417	for (i = 0; len_to_go > 0; i++) {
12418		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12419		local_sglist[i].addr =
12420		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12421
12422		len_to_go -= local_sglist[i].len;
12423	}
12424	/*
12425	 * Reset the number of S/G entries accordingly.  The original
12426	 * number of S/G entries is available in rem_sg_entries.
12427	 */
12428	io->scsiio.kern_sg_entries = i;
12429
12430#if 0
12431	printf("%s: kern_sg_entries = %d\n", __func__,
12432	       io->scsiio.kern_sg_entries);
12433	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12434		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12435		       local_sglist[i].addr, local_sglist[i].len);
12436#endif
12437
12438	return (retval);
12439}
12440
12441static int
12442ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12443			 ctl_ha_dt_cb callback)
12444{
12445	struct ctl_ha_dt_req *rq;
12446	struct ctl_sg_entry *remote_sglist, *local_sglist;
12447	uint32_t local_used, remote_used, total_used;
12448	int i, j, isc_ret;
12449
12450	rq = ctl_dt_req_alloc();
12451
12452	/*
12453	 * If we failed to allocate the request, and if the DMA didn't fail
12454	 * anyway, set busy status.  This is just a resource allocation
12455	 * failure.
12456	 */
12457	if ((rq == NULL)
12458	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12459	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12460		ctl_set_busy(&io->scsiio);
12461
12462	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12463	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12464
12465		if (rq != NULL)
12466			ctl_dt_req_free(rq);
12467
12468		/*
12469		 * The data move failed.  We need to return status back
12470		 * to the other controller.  No point in trying to DMA
12471		 * data to the remote controller.
12472		 */
12473
12474		ctl_send_datamove_done(io, /*have_lock*/ 0);
12475
12476		return (1);
12477	}
12478
12479	local_sglist = io->io_hdr.local_sglist;
12480	remote_sglist = io->io_hdr.remote_sglist;
12481	local_used = 0;
12482	remote_used = 0;
12483	total_used = 0;
12484
12485	/*
12486	 * Pull/push the data over the wire from/to the other controller.
12487	 * This takes into account the possibility that the local and
12488	 * remote sglists may not be identical in terms of the size of
12489	 * the elements and the number of elements.
12490	 *
12491	 * One fundamental assumption here is that the length allocated for
12492	 * both the local and remote sglists is identical.  Otherwise, we've
12493	 * essentially got a coding error of some sort.
12494	 */
12495	isc_ret = CTL_HA_STATUS_SUCCESS;
12496	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12497		uint32_t cur_len;
12498		uint8_t *tmp_ptr;
12499
12500		rq->command = command;
12501		rq->context = io;
12502
12503		/*
12504		 * Both pointers should be aligned.  But it is possible
12505		 * that the allocation length is not.  They should both
12506		 * also have enough slack left over at the end, though,
12507		 * to round up to the next 8 byte boundary.
12508		 */
12509		cur_len = MIN(local_sglist[i].len - local_used,
12510			      remote_sglist[j].len - remote_used);
12511		rq->size = cur_len;
12512
12513		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12514		tmp_ptr += local_used;
12515
12516#if 0
12517		/* Use physical addresses when talking to ISC hardware */
12518		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12519			/* XXX KDM use busdma */
12520			rq->local = vtophys(tmp_ptr);
12521		} else
12522			rq->local = tmp_ptr;
12523#else
12524		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12525		    ("HA does not support BUS_ADDR"));
12526		rq->local = tmp_ptr;
12527#endif
12528
12529		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12530		tmp_ptr += remote_used;
12531		rq->remote = tmp_ptr;
12532
12533		rq->callback = NULL;
12534
12535		local_used += cur_len;
12536		if (local_used >= local_sglist[i].len) {
12537			i++;
12538			local_used = 0;
12539		}
12540
12541		remote_used += cur_len;
12542		if (remote_used >= remote_sglist[j].len) {
12543			j++;
12544			remote_used = 0;
12545		}
12546		total_used += cur_len;
12547
12548		if (total_used >= io->scsiio.kern_data_len)
12549			rq->callback = callback;
12550
12551#if 0
12552		printf("%s: %s: local %p remote %p size %d\n", __func__,
12553		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12554		       rq->local, rq->remote, rq->size);
12555#endif
12556
12557		isc_ret = ctl_dt_single(rq);
12558		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12559			break;
12560	}
12561	if (isc_ret != CTL_HA_STATUS_WAIT) {
12562		rq->ret = isc_ret;
12563		callback(rq);
12564	}
12565
12566	return (0);
12567}
12568
12569static void
12570ctl_datamove_remote_read(union ctl_io *io)
12571{
12572	int retval;
12573	int i;
12574
12575	/*
12576	 * This will send an error to the other controller in the case of a
12577	 * failure.
12578	 */
12579	retval = ctl_datamove_remote_sgl_setup(io);
12580	if (retval != 0)
12581		return;
12582
12583	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12584					  ctl_datamove_remote_read_cb);
12585	if (retval != 0) {
12586		/*
12587		 * Make sure we free memory if there was an error..  The
12588		 * ctl_datamove_remote_xfer() function will send the
12589		 * datamove done message, or call the callback with an
12590		 * error if there is a problem.
12591		 */
12592		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12593			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12594		free(io->io_hdr.remote_sglist, M_CTL);
12595		io->io_hdr.remote_sglist = NULL;
12596		io->io_hdr.local_sglist = NULL;
12597	}
12598}
12599
12600/*
12601 * Process a datamove request from the other controller.  This is used for
12602 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12603 * first.  Once that is complete, the data gets DMAed into the remote
12604 * controller's memory.  For reads, we DMA from the remote controller's
12605 * memory into our memory first, and then move it out to the FETD.
12606 */
12607static void
12608ctl_datamove_remote(union ctl_io *io)
12609{
12610
12611	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12612
12613	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12614		ctl_failover_io(io, /*have_lock*/ 0);
12615		return;
12616	}
12617
12618	/*
12619	 * Note that we look for an aborted I/O here, but don't do some of
12620	 * the other checks that ctl_datamove() normally does.
12621	 * We don't need to run the datamove delay code, since that should
12622	 * have been done if need be on the other controller.
12623	 */
12624	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12625		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12626		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12627		       io->io_hdr.nexus.targ_port,
12628		       io->io_hdr.nexus.targ_lun);
12629		io->io_hdr.port_status = 31338;
12630		ctl_send_datamove_done(io, /*have_lock*/ 0);
12631		return;
12632	}
12633
12634	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12635		ctl_datamove_remote_write(io);
12636	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12637		ctl_datamove_remote_read(io);
12638	else {
12639		io->io_hdr.port_status = 31339;
12640		ctl_send_datamove_done(io, /*have_lock*/ 0);
12641	}
12642}
12643
12644static void
12645ctl_process_done(union ctl_io *io)
12646{
12647	struct ctl_lun *lun;
12648	struct ctl_softc *softc = control_softc;
12649	void (*fe_done)(union ctl_io *io);
12650	union ctl_ha_msg msg;
12651	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12652
12653	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12654	fe_done = softc->ctl_ports[targ_port]->fe_done;
12655
12656#ifdef CTL_TIME_IO
12657	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12658		char str[256];
12659		char path_str[64];
12660		struct sbuf sb;
12661
12662		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12663		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12664
12665		sbuf_cat(&sb, path_str);
12666		switch (io->io_hdr.io_type) {
12667		case CTL_IO_SCSI:
12668			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12669			sbuf_printf(&sb, "\n");
12670			sbuf_cat(&sb, path_str);
12671			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12672				    io->scsiio.tag_num, io->scsiio.tag_type);
12673			break;
12674		case CTL_IO_TASK:
12675			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12676				    "Tag Type: %d\n", io->taskio.task_action,
12677				    io->taskio.tag_num, io->taskio.tag_type);
12678			break;
12679		default:
12680			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12681			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12682			break;
12683		}
12684		sbuf_cat(&sb, path_str);
12685		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12686			    (intmax_t)time_uptime - io->io_hdr.start_time);
12687		sbuf_finish(&sb);
12688		printf("%s", sbuf_data(&sb));
12689	}
12690#endif /* CTL_TIME_IO */
12691
12692	switch (io->io_hdr.io_type) {
12693	case CTL_IO_SCSI:
12694		break;
12695	case CTL_IO_TASK:
12696		if (ctl_debug & CTL_DEBUG_INFO)
12697			ctl_io_error_print(io, NULL);
12698		fe_done(io);
12699		return;
12700	default:
12701		panic("ctl_process_done: invalid io type %d\n",
12702		      io->io_hdr.io_type);
12703		break; /* NOTREACHED */
12704	}
12705
12706	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12707	if (lun == NULL) {
12708		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12709				 io->io_hdr.nexus.targ_mapped_lun));
12710		goto bailout;
12711	}
12712
12713	mtx_lock(&lun->lun_lock);
12714
12715	/*
12716	 * Check to see if we have any errors to inject here.  We only
12717	 * inject errors for commands that don't already have errors set.
12718	 */
12719	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12720	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12721	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12722		ctl_inject_error(lun, io);
12723
12724	/*
12725	 * XXX KDM how do we treat commands that aren't completed
12726	 * successfully?
12727	 *
12728	 * XXX KDM should we also track I/O latency?
12729	 */
12730	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12731	    io->io_hdr.io_type == CTL_IO_SCSI) {
12732#ifdef CTL_TIME_IO
12733		struct bintime cur_bt;
12734#endif
12735		int type;
12736
12737		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12738		    CTL_FLAG_DATA_IN)
12739			type = CTL_STATS_READ;
12740		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12741		    CTL_FLAG_DATA_OUT)
12742			type = CTL_STATS_WRITE;
12743		else
12744			type = CTL_STATS_NO_IO;
12745
12746		lun->stats.ports[targ_port].bytes[type] +=
12747		    io->scsiio.kern_total_len;
12748		lun->stats.ports[targ_port].operations[type]++;
12749#ifdef CTL_TIME_IO
12750		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12751		   &io->io_hdr.dma_bt);
12752		getbinuptime(&cur_bt);
12753		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12754		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12755#endif
12756		lun->stats.ports[targ_port].num_dmas[type] +=
12757		    io->io_hdr.num_dmas;
12758	}
12759
12760	/*
12761	 * Remove this from the OOA queue.
12762	 */
12763	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12764#ifdef CTL_TIME_IO
12765	if (TAILQ_EMPTY(&lun->ooa_queue))
12766		lun->last_busy = getsbinuptime();
12767#endif
12768
12769	/*
12770	 * Run through the blocked queue on this LUN and see if anything
12771	 * has become unblocked, now that this transaction is done.
12772	 */
12773	ctl_check_blocked(lun);
12774
12775	/*
12776	 * If the LUN has been invalidated, free it if there is nothing
12777	 * left on its OOA queue.
12778	 */
12779	if ((lun->flags & CTL_LUN_INVALID)
12780	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12781		mtx_unlock(&lun->lun_lock);
12782		mtx_lock(&softc->ctl_lock);
12783		ctl_free_lun(lun);
12784		mtx_unlock(&softc->ctl_lock);
12785	} else
12786		mtx_unlock(&lun->lun_lock);
12787
12788bailout:
12789
12790	/*
12791	 * If this command has been aborted, make sure we set the status
12792	 * properly.  The FETD is responsible for freeing the I/O and doing
12793	 * whatever it needs to do to clean up its state.
12794	 */
12795	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12796		ctl_set_task_aborted(&io->scsiio);
12797
12798	/*
12799	 * If enabled, print command error status.
12800	 */
12801	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12802	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12803		ctl_io_error_print(io, NULL);
12804
12805	/*
12806	 * Tell the FETD or the other shelf controller we're done with this
12807	 * command.  Note that only SCSI commands get to this point.  Task
12808	 * management commands are completed above.
12809	 */
12810	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12811	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12812		memset(&msg, 0, sizeof(msg));
12813		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12814		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12815		msg.hdr.nexus = io->io_hdr.nexus;
12816		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12817		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12818		    M_WAITOK);
12819	}
12820
12821	fe_done(io);
12822}
12823
12824#ifdef CTL_WITH_CA
12825/*
12826 * Front end should call this if it doesn't do autosense.  When the request
12827 * sense comes back in from the initiator, we'll dequeue this and send it.
12828 */
12829int
12830ctl_queue_sense(union ctl_io *io)
12831{
12832	struct ctl_lun *lun;
12833	struct ctl_port *port;
12834	struct ctl_softc *softc;
12835	uint32_t initidx, targ_lun;
12836
12837	softc = control_softc;
12838
12839	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
12840
12841	/*
12842	 * LUN lookup will likely move to the ctl_work_thread() once we
12843	 * have our new queueing infrastructure (that doesn't put things on
12844	 * a per-LUN queue initially).  That is so that we can handle
12845	 * things like an INQUIRY to a LUN that we don't have enabled.  We
12846	 * can't deal with that right now.
12847	 */
12848	mtx_lock(&softc->ctl_lock);
12849
12850	/*
12851	 * If we don't have a LUN for this, just toss the sense
12852	 * information.
12853	 */
12854	port = ctl_io_port(&ctsio->io_hdr);
12855	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12856	if ((targ_lun < CTL_MAX_LUNS)
12857	 && (softc->ctl_luns[targ_lun] != NULL))
12858		lun = softc->ctl_luns[targ_lun];
12859	else
12860		goto bailout;
12861
12862	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12863
12864	mtx_lock(&lun->lun_lock);
12865	/*
12866	 * Already have CA set for this LUN...toss the sense information.
12867	 */
12868	if (ctl_is_set(lun->have_ca, initidx)) {
12869		mtx_unlock(&lun->lun_lock);
12870		goto bailout;
12871	}
12872
12873	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
12874	       MIN(sizeof(lun->pending_sense[initidx]),
12875	       sizeof(io->scsiio.sense_data)));
12876	ctl_set_mask(lun->have_ca, initidx);
12877	mtx_unlock(&lun->lun_lock);
12878
12879bailout:
12880	mtx_unlock(&softc->ctl_lock);
12881
12882	ctl_free_io(io);
12883
12884	return (CTL_RETVAL_COMPLETE);
12885}
12886#endif
12887
12888/*
12889 * Primary command inlet from frontend ports.  All SCSI and task I/O
12890 * requests must go through this function.
12891 */
12892int
12893ctl_queue(union ctl_io *io)
12894{
12895	struct ctl_port *port;
12896
12897	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
12898
12899#ifdef CTL_TIME_IO
12900	io->io_hdr.start_time = time_uptime;
12901	getbinuptime(&io->io_hdr.start_bt);
12902#endif /* CTL_TIME_IO */
12903
12904	/* Map FE-specific LUN ID into global one. */
12905	port = ctl_io_port(&io->io_hdr);
12906	io->io_hdr.nexus.targ_mapped_lun =
12907	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12908
12909	switch (io->io_hdr.io_type) {
12910	case CTL_IO_SCSI:
12911	case CTL_IO_TASK:
12912		if (ctl_debug & CTL_DEBUG_CDB)
12913			ctl_io_print(io);
12914		ctl_enqueue_incoming(io);
12915		break;
12916	default:
12917		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
12918		return (EINVAL);
12919	}
12920
12921	return (CTL_RETVAL_COMPLETE);
12922}
12923
12924#ifdef CTL_IO_DELAY
12925static void
12926ctl_done_timer_wakeup(void *arg)
12927{
12928	union ctl_io *io;
12929
12930	io = (union ctl_io *)arg;
12931	ctl_done(io);
12932}
12933#endif /* CTL_IO_DELAY */
12934
12935void
12936ctl_serseq_done(union ctl_io *io)
12937{
12938	struct ctl_lun *lun;
12939
12940	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12941	if (lun->be_lun == NULL ||
12942	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
12943		return;
12944	mtx_lock(&lun->lun_lock);
12945	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
12946	ctl_check_blocked(lun);
12947	mtx_unlock(&lun->lun_lock);
12948}
12949
12950void
12951ctl_done(union ctl_io *io)
12952{
12953
12954	/*
12955	 * Enable this to catch duplicate completion issues.
12956	 */
12957#if 0
12958	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
12959		printf("%s: type %d msg %d cdb %x iptl: "
12960		       "%u:%u:%u tag 0x%04x "
12961		       "flag %#x status %x\n",
12962			__func__,
12963			io->io_hdr.io_type,
12964			io->io_hdr.msg_type,
12965			io->scsiio.cdb[0],
12966			io->io_hdr.nexus.initid,
12967			io->io_hdr.nexus.targ_port,
12968			io->io_hdr.nexus.targ_lun,
12969			(io->io_hdr.io_type ==
12970			CTL_IO_TASK) ?
12971			io->taskio.tag_num :
12972			io->scsiio.tag_num,
12973		        io->io_hdr.flags,
12974			io->io_hdr.status);
12975	} else
12976		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
12977#endif
12978
12979	/*
12980	 * This is an internal copy of an I/O, and should not go through
12981	 * the normal done processing logic.
12982	 */
12983	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
12984		return;
12985
12986#ifdef CTL_IO_DELAY
12987	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12988		struct ctl_lun *lun;
12989
12990		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12991
12992		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12993	} else {
12994		struct ctl_lun *lun;
12995
12996		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12997
12998		if ((lun != NULL)
12999		 && (lun->delay_info.done_delay > 0)) {
13000
13001			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13002			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13003			callout_reset(&io->io_hdr.delay_callout,
13004				      lun->delay_info.done_delay * hz,
13005				      ctl_done_timer_wakeup, io);
13006			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13007				lun->delay_info.done_delay = 0;
13008			return;
13009		}
13010	}
13011#endif /* CTL_IO_DELAY */
13012
13013	ctl_enqueue_done(io);
13014}
13015
13016static void
13017ctl_work_thread(void *arg)
13018{
13019	struct ctl_thread *thr = (struct ctl_thread *)arg;
13020	struct ctl_softc *softc = thr->ctl_softc;
13021	union ctl_io *io;
13022	int retval;
13023
13024	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13025
13026	for (;;) {
13027		/*
13028		 * We handle the queues in this order:
13029		 * - ISC
13030		 * - done queue (to free up resources, unblock other commands)
13031		 * - RtR queue
13032		 * - incoming queue
13033		 *
13034		 * If those queues are empty, we break out of the loop and
13035		 * go to sleep.
13036		 */
13037		mtx_lock(&thr->queue_lock);
13038		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13039		if (io != NULL) {
13040			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13041			mtx_unlock(&thr->queue_lock);
13042			ctl_handle_isc(io);
13043			continue;
13044		}
13045		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13046		if (io != NULL) {
13047			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13048			/* clear any blocked commands, call fe_done */
13049			mtx_unlock(&thr->queue_lock);
13050			ctl_process_done(io);
13051			continue;
13052		}
13053		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13054		if (io != NULL) {
13055			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13056			mtx_unlock(&thr->queue_lock);
13057			if (io->io_hdr.io_type == CTL_IO_TASK)
13058				ctl_run_task(io);
13059			else
13060				ctl_scsiio_precheck(softc, &io->scsiio);
13061			continue;
13062		}
13063		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13064		if (io != NULL) {
13065			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13066			mtx_unlock(&thr->queue_lock);
13067			retval = ctl_scsiio(&io->scsiio);
13068			if (retval != CTL_RETVAL_COMPLETE)
13069				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13070			continue;
13071		}
13072
13073		/* Sleep until we have something to do. */
13074		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13075	}
13076}
13077
13078static void
13079ctl_lun_thread(void *arg)
13080{
13081	struct ctl_softc *softc = (struct ctl_softc *)arg;
13082	struct ctl_be_lun *be_lun;
13083
13084	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13085
13086	for (;;) {
13087		mtx_lock(&softc->ctl_lock);
13088		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13089		if (be_lun != NULL) {
13090			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13091			mtx_unlock(&softc->ctl_lock);
13092			ctl_create_lun(be_lun);
13093			continue;
13094		}
13095
13096		/* Sleep until we have something to do. */
13097		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13098		    PDROP | PRIBIO, "-", 0);
13099	}
13100}
13101
13102static void
13103ctl_thresh_thread(void *arg)
13104{
13105	struct ctl_softc *softc = (struct ctl_softc *)arg;
13106	struct ctl_lun *lun;
13107	struct scsi_da_rw_recovery_page *rwpage;
13108	struct ctl_logical_block_provisioning_page *page;
13109	const char *attr;
13110	union ctl_ha_msg msg;
13111	uint64_t thres, val;
13112	int i, e, set;
13113
13114	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13115
13116	for (;;) {
13117		mtx_lock(&softc->ctl_lock);
13118		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13119			if ((lun->flags & CTL_LUN_DISABLED) ||
13120			    (lun->flags & CTL_LUN_OFFLINE) ||
13121			    lun->backend->lun_attr == NULL)
13122				continue;
13123			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13124			    softc->ha_mode == CTL_HA_MODE_XFER)
13125				continue;
13126			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13127			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13128				continue;
13129			e = 0;
13130			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13131			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13132				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13133					continue;
13134				thres = scsi_4btoul(page->descr[i].count);
13135				thres <<= CTL_LBP_EXPONENT;
13136				switch (page->descr[i].resource) {
13137				case 0x01:
13138					attr = "blocksavail";
13139					break;
13140				case 0x02:
13141					attr = "blocksused";
13142					break;
13143				case 0xf1:
13144					attr = "poolblocksavail";
13145					break;
13146				case 0xf2:
13147					attr = "poolblocksused";
13148					break;
13149				default:
13150					continue;
13151				}
13152				mtx_unlock(&softc->ctl_lock); // XXX
13153				val = lun->backend->lun_attr(
13154				    lun->be_lun->be_lun, attr);
13155				mtx_lock(&softc->ctl_lock);
13156				if (val == UINT64_MAX)
13157					continue;
13158				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13159				    == SLBPPD_ARMING_INC)
13160					e = (val >= thres);
13161				else
13162					e = (val <= thres);
13163				if (e)
13164					break;
13165			}
13166			mtx_lock(&lun->lun_lock);
13167			if (e) {
13168				scsi_u64to8b((uint8_t *)&page->descr[i] -
13169				    (uint8_t *)page, lun->ua_tpt_info);
13170				if (lun->lasttpt == 0 ||
13171				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13172					lun->lasttpt = time_uptime;
13173					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13174					set = 1;
13175				} else
13176					set = 0;
13177			} else {
13178				lun->lasttpt = 0;
13179				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13180				set = -1;
13181			}
13182			mtx_unlock(&lun->lun_lock);
13183			if (set != 0 &&
13184			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13185				/* Send msg to other side. */
13186				bzero(&msg.ua, sizeof(msg.ua));
13187				msg.hdr.msg_type = CTL_MSG_UA;
13188				msg.hdr.nexus.initid = -1;
13189				msg.hdr.nexus.targ_port = -1;
13190				msg.hdr.nexus.targ_lun = lun->lun;
13191				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13192				msg.ua.ua_all = 1;
13193				msg.ua.ua_set = (set > 0);
13194				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13195				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13196				mtx_unlock(&softc->ctl_lock); // XXX
13197				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13198				    sizeof(msg.ua), M_WAITOK);
13199				mtx_lock(&softc->ctl_lock);
13200			}
13201		}
13202		mtx_unlock(&softc->ctl_lock);
13203		pause("-", CTL_LBP_PERIOD * hz);
13204	}
13205}
13206
13207static void
13208ctl_enqueue_incoming(union ctl_io *io)
13209{
13210	struct ctl_softc *softc = control_softc;
13211	struct ctl_thread *thr;
13212	u_int idx;
13213
13214	idx = (io->io_hdr.nexus.targ_port * 127 +
13215	       io->io_hdr.nexus.initid) % worker_threads;
13216	thr = &softc->threads[idx];
13217	mtx_lock(&thr->queue_lock);
13218	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13219	mtx_unlock(&thr->queue_lock);
13220	wakeup(thr);
13221}
13222
13223static void
13224ctl_enqueue_rtr(union ctl_io *io)
13225{
13226	struct ctl_softc *softc = control_softc;
13227	struct ctl_thread *thr;
13228
13229	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13230	mtx_lock(&thr->queue_lock);
13231	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13232	mtx_unlock(&thr->queue_lock);
13233	wakeup(thr);
13234}
13235
13236static void
13237ctl_enqueue_done(union ctl_io *io)
13238{
13239	struct ctl_softc *softc = control_softc;
13240	struct ctl_thread *thr;
13241
13242	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13243	mtx_lock(&thr->queue_lock);
13244	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13245	mtx_unlock(&thr->queue_lock);
13246	wakeup(thr);
13247}
13248
13249static void
13250ctl_enqueue_isc(union ctl_io *io)
13251{
13252	struct ctl_softc *softc = control_softc;
13253	struct ctl_thread *thr;
13254
13255	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13256	mtx_lock(&thr->queue_lock);
13257	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13258	mtx_unlock(&thr->queue_lock);
13259	wakeup(thr);
13260}
13261
13262/*
13263 *  vim: ts=8
13264 */
13265