ctl.c revision 288810 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 288810 2015-10-05 11:30:18Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_cd.h>
73#include <cam/scsi/scsi_da.h>
74#include <cam/ctl/ctl_io.h>
75#include <cam/ctl/ctl.h>
76#include <cam/ctl/ctl_frontend.h>
77#include <cam/ctl/ctl_util.h>
78#include <cam/ctl/ctl_backend.h>
79#include <cam/ctl/ctl_ioctl.h>
80#include <cam/ctl/ctl_ha.h>
81#include <cam/ctl/ctl_private.h>
82#include <cam/ctl/ctl_debug.h>
83#include <cam/ctl/ctl_scsi_all.h>
84#include <cam/ctl/ctl_error.h>
85
86struct ctl_softc *control_softc = NULL;
87
88/*
89 * Template mode pages.
90 */
91
92/*
93 * Note that these are default values only.  The actual values will be
94 * filled in when the user does a mode sense.
95 */
96const static struct copan_debugconf_subpage debugconf_page_default = {
97	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
98	DBGCNF_SUBPAGE_CODE,		/* subpage */
99	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
100	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
101	DBGCNF_VERSION,			/* page_version */
102	{CTL_TIME_IO_DEFAULT_SECS>>8,
103	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
104};
105
106const static struct copan_debugconf_subpage debugconf_page_changeable = {
107	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
108	DBGCNF_SUBPAGE_CODE,		/* subpage */
109	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
110	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
111	0,				/* page_version */
112	{0xff,0xff},			/* ctl_time_io_secs */
113};
114
115const static struct scsi_da_rw_recovery_page rw_er_page_default = {
116	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
117	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
118	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
119	/*read_retry_count*/0,
120	/*correction_span*/0,
121	/*head_offset_count*/0,
122	/*data_strobe_offset_cnt*/0,
123	/*byte8*/SMS_RWER_LBPERE,
124	/*write_retry_count*/0,
125	/*reserved2*/0,
126	/*recovery_time_limit*/{0, 0},
127};
128
129const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
130	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
131	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
132	/*byte3*/0,
133	/*read_retry_count*/0,
134	/*correction_span*/0,
135	/*head_offset_count*/0,
136	/*data_strobe_offset_cnt*/0,
137	/*byte8*/0,
138	/*write_retry_count*/0,
139	/*reserved2*/0,
140	/*recovery_time_limit*/{0, 0},
141};
142
143const static struct scsi_format_page format_page_default = {
144	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
145	/*page_length*/sizeof(struct scsi_format_page) - 2,
146	/*tracks_per_zone*/ {0, 0},
147	/*alt_sectors_per_zone*/ {0, 0},
148	/*alt_tracks_per_zone*/ {0, 0},
149	/*alt_tracks_per_lun*/ {0, 0},
150	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
151			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
152	/*bytes_per_sector*/ {0, 0},
153	/*interleave*/ {0, 0},
154	/*track_skew*/ {0, 0},
155	/*cylinder_skew*/ {0, 0},
156	/*flags*/ SFP_HSEC,
157	/*reserved*/ {0, 0, 0}
158};
159
160const static struct scsi_format_page format_page_changeable = {
161	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
162	/*page_length*/sizeof(struct scsi_format_page) - 2,
163	/*tracks_per_zone*/ {0, 0},
164	/*alt_sectors_per_zone*/ {0, 0},
165	/*alt_tracks_per_zone*/ {0, 0},
166	/*alt_tracks_per_lun*/ {0, 0},
167	/*sectors_per_track*/ {0, 0},
168	/*bytes_per_sector*/ {0, 0},
169	/*interleave*/ {0, 0},
170	/*track_skew*/ {0, 0},
171	/*cylinder_skew*/ {0, 0},
172	/*flags*/ 0,
173	/*reserved*/ {0, 0, 0}
174};
175
176const static struct scsi_rigid_disk_page rigid_disk_page_default = {
177	/*page_code*/SMS_RIGID_DISK_PAGE,
178	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
179	/*cylinders*/ {0, 0, 0},
180	/*heads*/ CTL_DEFAULT_HEADS,
181	/*start_write_precomp*/ {0, 0, 0},
182	/*start_reduced_current*/ {0, 0, 0},
183	/*step_rate*/ {0, 0},
184	/*landing_zone_cylinder*/ {0, 0, 0},
185	/*rpl*/ SRDP_RPL_DISABLED,
186	/*rotational_offset*/ 0,
187	/*reserved1*/ 0,
188	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
189			   CTL_DEFAULT_ROTATION_RATE & 0xff},
190	/*reserved2*/ {0, 0}
191};
192
193const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
194	/*page_code*/SMS_RIGID_DISK_PAGE,
195	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
196	/*cylinders*/ {0, 0, 0},
197	/*heads*/ 0,
198	/*start_write_precomp*/ {0, 0, 0},
199	/*start_reduced_current*/ {0, 0, 0},
200	/*step_rate*/ {0, 0},
201	/*landing_zone_cylinder*/ {0, 0, 0},
202	/*rpl*/ 0,
203	/*rotational_offset*/ 0,
204	/*reserved1*/ 0,
205	/*rotation_rate*/ {0, 0},
206	/*reserved2*/ {0, 0}
207};
208
209const static struct scsi_caching_page caching_page_default = {
210	/*page_code*/SMS_CACHING_PAGE,
211	/*page_length*/sizeof(struct scsi_caching_page) - 2,
212	/*flags1*/ SCP_DISC | SCP_WCE,
213	/*ret_priority*/ 0,
214	/*disable_pf_transfer_len*/ {0xff, 0xff},
215	/*min_prefetch*/ {0, 0},
216	/*max_prefetch*/ {0xff, 0xff},
217	/*max_pf_ceiling*/ {0xff, 0xff},
218	/*flags2*/ 0,
219	/*cache_segments*/ 0,
220	/*cache_seg_size*/ {0, 0},
221	/*reserved*/ 0,
222	/*non_cache_seg_size*/ {0, 0, 0}
223};
224
225const static struct scsi_caching_page caching_page_changeable = {
226	/*page_code*/SMS_CACHING_PAGE,
227	/*page_length*/sizeof(struct scsi_caching_page) - 2,
228	/*flags1*/ SCP_WCE | SCP_RCD,
229	/*ret_priority*/ 0,
230	/*disable_pf_transfer_len*/ {0, 0},
231	/*min_prefetch*/ {0, 0},
232	/*max_prefetch*/ {0, 0},
233	/*max_pf_ceiling*/ {0, 0},
234	/*flags2*/ 0,
235	/*cache_segments*/ 0,
236	/*cache_seg_size*/ {0, 0},
237	/*reserved*/ 0,
238	/*non_cache_seg_size*/ {0, 0, 0}
239};
240
241const static struct scsi_control_page control_page_default = {
242	/*page_code*/SMS_CONTROL_MODE_PAGE,
243	/*page_length*/sizeof(struct scsi_control_page) - 2,
244	/*rlec*/0,
245	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
246	/*eca_and_aen*/0,
247	/*flags4*/SCP_TAS,
248	/*aen_holdoff_period*/{0, 0},
249	/*busy_timeout_period*/{0, 0},
250	/*extended_selftest_completion_time*/{0, 0}
251};
252
253const static struct scsi_control_page control_page_changeable = {
254	/*page_code*/SMS_CONTROL_MODE_PAGE,
255	/*page_length*/sizeof(struct scsi_control_page) - 2,
256	/*rlec*/SCP_DSENSE,
257	/*queue_flags*/SCP_QUEUE_ALG_MASK,
258	/*eca_and_aen*/SCP_SWP,
259	/*flags4*/0,
260	/*aen_holdoff_period*/{0, 0},
261	/*busy_timeout_period*/{0, 0},
262	/*extended_selftest_completion_time*/{0, 0}
263};
264
265#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
266
267const static struct scsi_control_ext_page control_ext_page_default = {
268	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
269	/*subpage_code*/0x01,
270	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
271	/*flags*/0,
272	/*prio*/0,
273	/*max_sense*/0
274};
275
276const static struct scsi_control_ext_page control_ext_page_changeable = {
277	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
278	/*subpage_code*/0x01,
279	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
280	/*flags*/0,
281	/*prio*/0,
282	/*max_sense*/0
283};
284
285const static struct scsi_info_exceptions_page ie_page_default = {
286	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
287	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
288	/*info_flags*/SIEP_FLAGS_DEXCPT,
289	/*mrie*/0,
290	/*interval_timer*/{0, 0, 0, 0},
291	/*report_count*/{0, 0, 0, 0}
292};
293
294const static struct scsi_info_exceptions_page ie_page_changeable = {
295	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
296	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
297	/*info_flags*/0,
298	/*mrie*/0,
299	/*interval_timer*/{0, 0, 0, 0},
300	/*report_count*/{0, 0, 0, 0}
301};
302
303#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
304
305const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
306	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
307	/*subpage_code*/0x02,
308	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
309	/*flags*/0,
310	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311	/*descr*/{}},
312	{{/*flags*/0,
313	  /*resource*/0x01,
314	  /*reserved*/{0, 0},
315	  /*count*/{0, 0, 0, 0}},
316	 {/*flags*/0,
317	  /*resource*/0x02,
318	  /*reserved*/{0, 0},
319	  /*count*/{0, 0, 0, 0}},
320	 {/*flags*/0,
321	  /*resource*/0xf1,
322	  /*reserved*/{0, 0},
323	  /*count*/{0, 0, 0, 0}},
324	 {/*flags*/0,
325	  /*resource*/0xf2,
326	  /*reserved*/{0, 0},
327	  /*count*/{0, 0, 0, 0}}
328	}
329};
330
331const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
332	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
333	/*subpage_code*/0x02,
334	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
335	/*flags*/0,
336	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
337	/*descr*/{}},
338	{{/*flags*/0,
339	  /*resource*/0,
340	  /*reserved*/{0, 0},
341	  /*count*/{0, 0, 0, 0}},
342	 {/*flags*/0,
343	  /*resource*/0,
344	  /*reserved*/{0, 0},
345	  /*count*/{0, 0, 0, 0}},
346	 {/*flags*/0,
347	  /*resource*/0,
348	  /*reserved*/{0, 0},
349	  /*count*/{0, 0, 0, 0}},
350	 {/*flags*/0,
351	  /*resource*/0,
352	  /*reserved*/{0, 0},
353	  /*count*/{0, 0, 0, 0}}
354	}
355};
356
357SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
358static int worker_threads = -1;
359TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
360SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
361    &worker_threads, 1, "Number of worker threads");
362static int ctl_debug = CTL_DEBUG_NONE;
363TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
364SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
365    &ctl_debug, 0, "Enabled debug flags");
366
367/*
368 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
369 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
370 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
371 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
372 */
373#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
374
375static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
376				  int param);
377static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
378static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
379static int ctl_init(void);
380void ctl_shutdown(void);
381static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
382static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
383static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
384static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
385			      struct ctl_ooa *ooa_hdr,
386			      struct ctl_ooa_entry *kern_entries);
387static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
388		     struct thread *td);
389static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
390			 struct ctl_be_lun *be_lun);
391static int ctl_free_lun(struct ctl_lun *lun);
392static void ctl_create_lun(struct ctl_be_lun *be_lun);
393static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
394
395static int ctl_do_mode_select(union ctl_io *io);
396static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
397			   uint64_t res_key, uint64_t sa_res_key,
398			   uint8_t type, uint32_t residx,
399			   struct ctl_scsiio *ctsio,
400			   struct scsi_per_res_out *cdb,
401			   struct scsi_per_res_out_parms* param);
402static void ctl_pro_preempt_other(struct ctl_lun *lun,
403				  union ctl_ha_msg *msg);
404static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
405static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
407static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
408static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
409static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
410static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
411					 int alloc_len);
412static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
413					 int alloc_len);
414static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
415static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
416static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
417static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
418static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
419static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
420    bool seq);
421static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
422static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
423    union ctl_io *pending_io, union ctl_io *ooa_io);
424static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
425				union ctl_io *starting_io);
426static int ctl_check_blocked(struct ctl_lun *lun);
427static int ctl_scsiio_lun_check(struct ctl_lun *lun,
428				const struct ctl_cmd_entry *entry,
429				struct ctl_scsiio *ctsio);
430static void ctl_failover_lun(union ctl_io *io);
431static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
432			       struct ctl_scsiio *ctsio);
433static int ctl_scsiio(struct ctl_scsiio *ctsio);
434
435static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
436static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
437			    ctl_ua_type ua_type);
438static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
439			 ctl_ua_type ua_type);
440static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
441static int ctl_abort_task(union ctl_io *io);
442static int ctl_abort_task_set(union ctl_io *io);
443static int ctl_query_task(union ctl_io *io, int task_set);
444static int ctl_i_t_nexus_reset(union ctl_io *io);
445static int ctl_query_async_event(union ctl_io *io);
446static void ctl_run_task(union ctl_io *io);
447#ifdef CTL_IO_DELAY
448static void ctl_datamove_timer_wakeup(void *arg);
449static void ctl_done_timer_wakeup(void *arg);
450#endif /* CTL_IO_DELAY */
451
452static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
453static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
454static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
455static void ctl_datamove_remote_write(union ctl_io *io);
456static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
457static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
458static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
459static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
460				    ctl_ha_dt_cb callback);
461static void ctl_datamove_remote_read(union ctl_io *io);
462static void ctl_datamove_remote(union ctl_io *io);
463static void ctl_process_done(union ctl_io *io);
464static void ctl_lun_thread(void *arg);
465static void ctl_thresh_thread(void *arg);
466static void ctl_work_thread(void *arg);
467static void ctl_enqueue_incoming(union ctl_io *io);
468static void ctl_enqueue_rtr(union ctl_io *io);
469static void ctl_enqueue_done(union ctl_io *io);
470static void ctl_enqueue_isc(union ctl_io *io);
471static const struct ctl_cmd_entry *
472    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
473static const struct ctl_cmd_entry *
474    ctl_validate_command(struct ctl_scsiio *ctsio);
475static int ctl_cmd_applicable(uint8_t lun_type,
476    const struct ctl_cmd_entry *entry);
477
478static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
479static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
480static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
481static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
482
483/*
484 * Load the serialization table.  This isn't very pretty, but is probably
485 * the easiest way to do it.
486 */
487#include "ctl_ser_table.c"
488
489/*
490 * We only need to define open, close and ioctl routines for this driver.
491 */
492static struct cdevsw ctl_cdevsw = {
493	.d_version =	D_VERSION,
494	.d_flags =	0,
495	.d_open =	ctl_open,
496	.d_close =	ctl_close,
497	.d_ioctl =	ctl_ioctl,
498	.d_name =	"ctl",
499};
500
501
502MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
503
504static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
505
506static moduledata_t ctl_moduledata = {
507	"ctl",
508	ctl_module_event_handler,
509	NULL
510};
511
512DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
513MODULE_VERSION(ctl, 1);
514
515static struct ctl_frontend ha_frontend =
516{
517	.name = "ha",
518};
519
520static void
521ctl_ha_datamove(union ctl_io *io)
522{
523	struct ctl_lun *lun;
524	struct ctl_sg_entry *sgl;
525	union ctl_ha_msg msg;
526	uint32_t sg_entries_sent;
527	int do_sg_copy, i, j;
528
529	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
530	memset(&msg.dt, 0, sizeof(msg.dt));
531	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
532	msg.hdr.original_sc = io->io_hdr.original_sc;
533	msg.hdr.serializing_sc = io;
534	msg.hdr.nexus = io->io_hdr.nexus;
535	msg.hdr.status = io->io_hdr.status;
536	msg.dt.flags = io->io_hdr.flags;
537
538	/*
539	 * We convert everything into a S/G list here.  We can't
540	 * pass by reference, only by value between controllers.
541	 * So we can't pass a pointer to the S/G list, only as many
542	 * S/G entries as we can fit in here.  If it's possible for
543	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
544	 * then we need to break this up into multiple transfers.
545	 */
546	if (io->scsiio.kern_sg_entries == 0) {
547		msg.dt.kern_sg_entries = 1;
548#if 0
549		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
550			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
551		} else {
552			/* XXX KDM use busdma here! */
553			msg.dt.sg_list[0].addr =
554			    (void *)vtophys(io->scsiio.kern_data_ptr);
555		}
556#else
557		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
558		    ("HA does not support BUS_ADDR"));
559		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
560#endif
561		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
562		do_sg_copy = 0;
563	} else {
564		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
565		do_sg_copy = 1;
566	}
567
568	msg.dt.kern_data_len = io->scsiio.kern_data_len;
569	msg.dt.kern_total_len = io->scsiio.kern_total_len;
570	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
571	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
572	msg.dt.sg_sequence = 0;
573
574	/*
575	 * Loop until we've sent all of the S/G entries.  On the
576	 * other end, we'll recompose these S/G entries into one
577	 * contiguous list before processing.
578	 */
579	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
580	    msg.dt.sg_sequence++) {
581		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
582		    sizeof(msg.dt.sg_list[0])),
583		    msg.dt.kern_sg_entries - sg_entries_sent);
584		if (do_sg_copy != 0) {
585			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
586			for (i = sg_entries_sent, j = 0;
587			     i < msg.dt.cur_sg_entries; i++, j++) {
588#if 0
589				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
590					msg.dt.sg_list[j].addr = sgl[i].addr;
591				} else {
592					/* XXX KDM use busdma here! */
593					msg.dt.sg_list[j].addr =
594					    (void *)vtophys(sgl[i].addr);
595				}
596#else
597				KASSERT((io->io_hdr.flags &
598				    CTL_FLAG_BUS_ADDR) == 0,
599				    ("HA does not support BUS_ADDR"));
600				msg.dt.sg_list[j].addr = sgl[i].addr;
601#endif
602				msg.dt.sg_list[j].len = sgl[i].len;
603			}
604		}
605
606		sg_entries_sent += msg.dt.cur_sg_entries;
607		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
608		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
609		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
610		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
611		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
612			io->io_hdr.port_status = 31341;
613			io->scsiio.be_move_done(io);
614			return;
615		}
616		msg.dt.sent_sg_entries = sg_entries_sent;
617	}
618
619	/*
620	 * Officially handover the request from us to peer.
621	 * If failover has just happened, then we must return error.
622	 * If failover happen just after, then it is not our problem.
623	 */
624	if (lun)
625		mtx_lock(&lun->lun_lock);
626	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
627		if (lun)
628			mtx_unlock(&lun->lun_lock);
629		io->io_hdr.port_status = 31342;
630		io->scsiio.be_move_done(io);
631		return;
632	}
633	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
634	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
635	if (lun)
636		mtx_unlock(&lun->lun_lock);
637}
638
639static void
640ctl_ha_done(union ctl_io *io)
641{
642	union ctl_ha_msg msg;
643
644	if (io->io_hdr.io_type == CTL_IO_SCSI) {
645		memset(&msg, 0, sizeof(msg));
646		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
647		msg.hdr.original_sc = io->io_hdr.original_sc;
648		msg.hdr.nexus = io->io_hdr.nexus;
649		msg.hdr.status = io->io_hdr.status;
650		msg.scsi.scsi_status = io->scsiio.scsi_status;
651		msg.scsi.tag_num = io->scsiio.tag_num;
652		msg.scsi.tag_type = io->scsiio.tag_type;
653		msg.scsi.sense_len = io->scsiio.sense_len;
654		msg.scsi.sense_residual = io->scsiio.sense_residual;
655		msg.scsi.residual = io->scsiio.residual;
656		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
657		    io->scsiio.sense_len);
658		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
659		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
660		    msg.scsi.sense_len, M_WAITOK);
661	}
662	ctl_free_io(io);
663}
664
665static void
666ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
667			    union ctl_ha_msg *msg_info)
668{
669	struct ctl_scsiio *ctsio;
670
671	if (msg_info->hdr.original_sc == NULL) {
672		printf("%s: original_sc == NULL!\n", __func__);
673		/* XXX KDM now what? */
674		return;
675	}
676
677	ctsio = &msg_info->hdr.original_sc->scsiio;
678	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
679	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
680	ctsio->io_hdr.status = msg_info->hdr.status;
681	ctsio->scsi_status = msg_info->scsi.scsi_status;
682	ctsio->sense_len = msg_info->scsi.sense_len;
683	ctsio->sense_residual = msg_info->scsi.sense_residual;
684	ctsio->residual = msg_info->scsi.residual;
685	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
686	       msg_info->scsi.sense_len);
687	ctl_enqueue_isc((union ctl_io *)ctsio);
688}
689
690static void
691ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
692				union ctl_ha_msg *msg_info)
693{
694	struct ctl_scsiio *ctsio;
695
696	if (msg_info->hdr.serializing_sc == NULL) {
697		printf("%s: serializing_sc == NULL!\n", __func__);
698		/* XXX KDM now what? */
699		return;
700	}
701
702	ctsio = &msg_info->hdr.serializing_sc->scsiio;
703	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
704	ctl_enqueue_isc((union ctl_io *)ctsio);
705}
706
707void
708ctl_isc_announce_lun(struct ctl_lun *lun)
709{
710	struct ctl_softc *softc = lun->ctl_softc;
711	union ctl_ha_msg *msg;
712	struct ctl_ha_msg_lun_pr_key pr_key;
713	int i, k;
714
715	if (softc->ha_link != CTL_HA_LINK_ONLINE)
716		return;
717	mtx_lock(&lun->lun_lock);
718	i = sizeof(msg->lun);
719	if (lun->lun_devid)
720		i += lun->lun_devid->len;
721	i += sizeof(pr_key) * lun->pr_key_count;
722alloc:
723	mtx_unlock(&lun->lun_lock);
724	msg = malloc(i, M_CTL, M_WAITOK);
725	mtx_lock(&lun->lun_lock);
726	k = sizeof(msg->lun);
727	if (lun->lun_devid)
728		k += lun->lun_devid->len;
729	k += sizeof(pr_key) * lun->pr_key_count;
730	if (i < k) {
731		free(msg, M_CTL);
732		i = k;
733		goto alloc;
734	}
735	bzero(&msg->lun, sizeof(msg->lun));
736	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
737	msg->hdr.nexus.targ_lun = lun->lun;
738	msg->hdr.nexus.targ_mapped_lun = lun->lun;
739	msg->lun.flags = lun->flags;
740	msg->lun.pr_generation = lun->PRGeneration;
741	msg->lun.pr_res_idx = lun->pr_res_idx;
742	msg->lun.pr_res_type = lun->res_type;
743	msg->lun.pr_key_count = lun->pr_key_count;
744	i = 0;
745	if (lun->lun_devid) {
746		msg->lun.lun_devid_len = lun->lun_devid->len;
747		memcpy(&msg->lun.data[i], lun->lun_devid->data,
748		    msg->lun.lun_devid_len);
749		i += msg->lun.lun_devid_len;
750	}
751	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
752		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
753			continue;
754		pr_key.pr_iid = k;
755		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
756		i += sizeof(pr_key);
757	}
758	mtx_unlock(&lun->lun_lock);
759	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
760	    M_WAITOK);
761	free(msg, M_CTL);
762
763	if (lun->flags & CTL_LUN_PRIMARY_SC) {
764		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
765			ctl_isc_announce_mode(lun, -1,
766			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
767			    lun->mode_pages.index[i].subpage);
768		}
769	}
770}
771
772void
773ctl_isc_announce_port(struct ctl_port *port)
774{
775	struct ctl_softc *softc = port->ctl_softc;
776	union ctl_ha_msg *msg;
777	int i;
778
779	if (port->targ_port < softc->port_min ||
780	    port->targ_port >= softc->port_max ||
781	    softc->ha_link != CTL_HA_LINK_ONLINE)
782		return;
783	i = sizeof(msg->port) + strlen(port->port_name) + 1;
784	if (port->lun_map)
785		i += sizeof(uint32_t) * CTL_MAX_LUNS;
786	if (port->port_devid)
787		i += port->port_devid->len;
788	if (port->target_devid)
789		i += port->target_devid->len;
790	if (port->init_devid)
791		i += port->init_devid->len;
792	msg = malloc(i, M_CTL, M_WAITOK);
793	bzero(&msg->port, sizeof(msg->port));
794	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
795	msg->hdr.nexus.targ_port = port->targ_port;
796	msg->port.port_type = port->port_type;
797	msg->port.physical_port = port->physical_port;
798	msg->port.virtual_port = port->virtual_port;
799	msg->port.status = port->status;
800	i = 0;
801	msg->port.name_len = sprintf(&msg->port.data[i],
802	    "%d:%s", softc->ha_id, port->port_name) + 1;
803	i += msg->port.name_len;
804	if (port->lun_map) {
805		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
806		memcpy(&msg->port.data[i], port->lun_map,
807		    msg->port.lun_map_len);
808		i += msg->port.lun_map_len;
809	}
810	if (port->port_devid) {
811		msg->port.port_devid_len = port->port_devid->len;
812		memcpy(&msg->port.data[i], port->port_devid->data,
813		    msg->port.port_devid_len);
814		i += msg->port.port_devid_len;
815	}
816	if (port->target_devid) {
817		msg->port.target_devid_len = port->target_devid->len;
818		memcpy(&msg->port.data[i], port->target_devid->data,
819		    msg->port.target_devid_len);
820		i += msg->port.target_devid_len;
821	}
822	if (port->init_devid) {
823		msg->port.init_devid_len = port->init_devid->len;
824		memcpy(&msg->port.data[i], port->init_devid->data,
825		    msg->port.init_devid_len);
826		i += msg->port.init_devid_len;
827	}
828	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
829	    M_WAITOK);
830	free(msg, M_CTL);
831}
832
833void
834ctl_isc_announce_iid(struct ctl_port *port, int iid)
835{
836	struct ctl_softc *softc = port->ctl_softc;
837	union ctl_ha_msg *msg;
838	int i, l;
839
840	if (port->targ_port < softc->port_min ||
841	    port->targ_port >= softc->port_max ||
842	    softc->ha_link != CTL_HA_LINK_ONLINE)
843		return;
844	mtx_lock(&softc->ctl_lock);
845	i = sizeof(msg->iid);
846	l = 0;
847	if (port->wwpn_iid[iid].name)
848		l = strlen(port->wwpn_iid[iid].name) + 1;
849	i += l;
850	msg = malloc(i, M_CTL, M_NOWAIT);
851	if (msg == NULL) {
852		mtx_unlock(&softc->ctl_lock);
853		return;
854	}
855	bzero(&msg->iid, sizeof(msg->iid));
856	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
857	msg->hdr.nexus.targ_port = port->targ_port;
858	msg->hdr.nexus.initid = iid;
859	msg->iid.in_use = port->wwpn_iid[iid].in_use;
860	msg->iid.name_len = l;
861	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
862	if (port->wwpn_iid[iid].name)
863		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
864	mtx_unlock(&softc->ctl_lock);
865	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
866	free(msg, M_CTL);
867}
868
869void
870ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
871    uint8_t page, uint8_t subpage)
872{
873	struct ctl_softc *softc = lun->ctl_softc;
874	union ctl_ha_msg msg;
875	int i;
876
877	if (softc->ha_link != CTL_HA_LINK_ONLINE)
878		return;
879	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
880		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
881		    page && lun->mode_pages.index[i].subpage == subpage)
882			break;
883	}
884	if (i == CTL_NUM_MODE_PAGES)
885		return;
886	bzero(&msg.mode, sizeof(msg.mode));
887	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
888	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
889	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
890	msg.hdr.nexus.targ_lun = lun->lun;
891	msg.hdr.nexus.targ_mapped_lun = lun->lun;
892	msg.mode.page_code = page;
893	msg.mode.subpage = subpage;
894	msg.mode.page_len = lun->mode_pages.index[i].page_len;
895	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
896	    msg.mode.page_len);
897	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
898	    M_WAITOK);
899}
900
901static void
902ctl_isc_ha_link_up(struct ctl_softc *softc)
903{
904	struct ctl_port *port;
905	struct ctl_lun *lun;
906	union ctl_ha_msg msg;
907	int i;
908
909	/* Announce this node parameters to peer for validation. */
910	msg.login.msg_type = CTL_MSG_LOGIN;
911	msg.login.version = CTL_HA_VERSION;
912	msg.login.ha_mode = softc->ha_mode;
913	msg.login.ha_id = softc->ha_id;
914	msg.login.max_luns = CTL_MAX_LUNS;
915	msg.login.max_ports = CTL_MAX_PORTS;
916	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
917	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
918	    M_WAITOK);
919
920	STAILQ_FOREACH(port, &softc->port_list, links) {
921		ctl_isc_announce_port(port);
922		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
923			if (port->wwpn_iid[i].in_use)
924				ctl_isc_announce_iid(port, i);
925		}
926	}
927	STAILQ_FOREACH(lun, &softc->lun_list, links)
928		ctl_isc_announce_lun(lun);
929}
930
931static void
932ctl_isc_ha_link_down(struct ctl_softc *softc)
933{
934	struct ctl_port *port;
935	struct ctl_lun *lun;
936	union ctl_io *io;
937	int i;
938
939	mtx_lock(&softc->ctl_lock);
940	STAILQ_FOREACH(lun, &softc->lun_list, links) {
941		mtx_lock(&lun->lun_lock);
942		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
943			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
944			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
945		}
946		mtx_unlock(&lun->lun_lock);
947
948		mtx_unlock(&softc->ctl_lock);
949		io = ctl_alloc_io(softc->othersc_pool);
950		mtx_lock(&softc->ctl_lock);
951		ctl_zero_io(io);
952		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
953		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
954		ctl_enqueue_isc(io);
955	}
956
957	STAILQ_FOREACH(port, &softc->port_list, links) {
958		if (port->targ_port >= softc->port_min &&
959		    port->targ_port < softc->port_max)
960			continue;
961		port->status &= ~CTL_PORT_STATUS_ONLINE;
962		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
963			port->wwpn_iid[i].in_use = 0;
964			free(port->wwpn_iid[i].name, M_CTL);
965			port->wwpn_iid[i].name = NULL;
966		}
967	}
968	mtx_unlock(&softc->ctl_lock);
969}
970
971static void
972ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
973{
974	struct ctl_lun *lun;
975	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
976
977	mtx_lock(&softc->ctl_lock);
978	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
979	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
980		mtx_lock(&lun->lun_lock);
981		mtx_unlock(&softc->ctl_lock);
982		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
983		    msg->ua.ua_set)
984			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
985		if (msg->ua.ua_all) {
986			if (msg->ua.ua_set)
987				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
988			else
989				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
990		} else {
991			if (msg->ua.ua_set)
992				ctl_est_ua(lun, iid, msg->ua.ua_type);
993			else
994				ctl_clr_ua(lun, iid, msg->ua.ua_type);
995		}
996		mtx_unlock(&lun->lun_lock);
997	} else
998		mtx_unlock(&softc->ctl_lock);
999}
1000
1001static void
1002ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1003{
1004	struct ctl_lun *lun;
1005	struct ctl_ha_msg_lun_pr_key pr_key;
1006	int i, k;
1007	ctl_lun_flags oflags;
1008	uint32_t targ_lun;
1009
1010	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1011	mtx_lock(&softc->ctl_lock);
1012	if ((targ_lun >= CTL_MAX_LUNS) ||
1013	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1014		mtx_unlock(&softc->ctl_lock);
1015		return;
1016	}
1017	mtx_lock(&lun->lun_lock);
1018	mtx_unlock(&softc->ctl_lock);
1019	if (lun->flags & CTL_LUN_DISABLED) {
1020		mtx_unlock(&lun->lun_lock);
1021		return;
1022	}
1023	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1024	if (msg->lun.lun_devid_len != i || (i > 0 &&
1025	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1026		mtx_unlock(&lun->lun_lock);
1027		printf("%s: Received conflicting HA LUN %d\n",
1028		    __func__, msg->hdr.nexus.targ_lun);
1029		return;
1030	} else {
1031		/* Record whether peer is primary. */
1032		oflags = lun->flags;
1033		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1034		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1035			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1036		else
1037			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1038		if (oflags != lun->flags)
1039			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1040
1041		/* If peer is primary and we are not -- use data */
1042		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1043		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1044			lun->PRGeneration = msg->lun.pr_generation;
1045			lun->pr_res_idx = msg->lun.pr_res_idx;
1046			lun->res_type = msg->lun.pr_res_type;
1047			lun->pr_key_count = msg->lun.pr_key_count;
1048			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1049				ctl_clr_prkey(lun, k);
1050			for (k = 0; k < msg->lun.pr_key_count; k++) {
1051				memcpy(&pr_key, &msg->lun.data[i],
1052				    sizeof(pr_key));
1053				ctl_alloc_prkey(lun, pr_key.pr_iid);
1054				ctl_set_prkey(lun, pr_key.pr_iid,
1055				    pr_key.pr_key);
1056				i += sizeof(pr_key);
1057			}
1058		}
1059
1060		mtx_unlock(&lun->lun_lock);
1061		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1062		    __func__, msg->hdr.nexus.targ_lun,
1063		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1064		    "primary" : "secondary"));
1065
1066		/* If we are primary but peer doesn't know -- notify */
1067		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1068		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1069			ctl_isc_announce_lun(lun);
1070	}
1071}
1072
1073static void
1074ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1075{
1076	struct ctl_port *port;
1077	struct ctl_lun *lun;
1078	int i, new;
1079
1080	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1081	if (port == NULL) {
1082		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1083		    msg->hdr.nexus.targ_port));
1084		new = 1;
1085		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1086		port->frontend = &ha_frontend;
1087		port->targ_port = msg->hdr.nexus.targ_port;
1088		port->fe_datamove = ctl_ha_datamove;
1089		port->fe_done = ctl_ha_done;
1090	} else if (port->frontend == &ha_frontend) {
1091		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1092		    msg->hdr.nexus.targ_port));
1093		new = 0;
1094	} else {
1095		printf("%s: Received conflicting HA port %d\n",
1096		    __func__, msg->hdr.nexus.targ_port);
1097		return;
1098	}
1099	port->port_type = msg->port.port_type;
1100	port->physical_port = msg->port.physical_port;
1101	port->virtual_port = msg->port.virtual_port;
1102	port->status = msg->port.status;
1103	i = 0;
1104	free(port->port_name, M_CTL);
1105	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1106	    M_CTL);
1107	i += msg->port.name_len;
1108	if (msg->port.lun_map_len != 0) {
1109		if (port->lun_map == NULL)
1110			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1111			    M_CTL, M_WAITOK);
1112		memcpy(port->lun_map, &msg->port.data[i],
1113		    sizeof(uint32_t) * CTL_MAX_LUNS);
1114		i += msg->port.lun_map_len;
1115	} else {
1116		free(port->lun_map, M_CTL);
1117		port->lun_map = NULL;
1118	}
1119	if (msg->port.port_devid_len != 0) {
1120		if (port->port_devid == NULL ||
1121		    port->port_devid->len != msg->port.port_devid_len) {
1122			free(port->port_devid, M_CTL);
1123			port->port_devid = malloc(sizeof(struct ctl_devid) +
1124			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1125		}
1126		memcpy(port->port_devid->data, &msg->port.data[i],
1127		    msg->port.port_devid_len);
1128		port->port_devid->len = msg->port.port_devid_len;
1129		i += msg->port.port_devid_len;
1130	} else {
1131		free(port->port_devid, M_CTL);
1132		port->port_devid = NULL;
1133	}
1134	if (msg->port.target_devid_len != 0) {
1135		if (port->target_devid == NULL ||
1136		    port->target_devid->len != msg->port.target_devid_len) {
1137			free(port->target_devid, M_CTL);
1138			port->target_devid = malloc(sizeof(struct ctl_devid) +
1139			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1140		}
1141		memcpy(port->target_devid->data, &msg->port.data[i],
1142		    msg->port.target_devid_len);
1143		port->target_devid->len = msg->port.target_devid_len;
1144		i += msg->port.target_devid_len;
1145	} else {
1146		free(port->target_devid, M_CTL);
1147		port->target_devid = NULL;
1148	}
1149	if (msg->port.init_devid_len != 0) {
1150		if (port->init_devid == NULL ||
1151		    port->init_devid->len != msg->port.init_devid_len) {
1152			free(port->init_devid, M_CTL);
1153			port->init_devid = malloc(sizeof(struct ctl_devid) +
1154			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1155		}
1156		memcpy(port->init_devid->data, &msg->port.data[i],
1157		    msg->port.init_devid_len);
1158		port->init_devid->len = msg->port.init_devid_len;
1159		i += msg->port.init_devid_len;
1160	} else {
1161		free(port->init_devid, M_CTL);
1162		port->init_devid = NULL;
1163	}
1164	if (new) {
1165		if (ctl_port_register(port) != 0) {
1166			printf("%s: ctl_port_register() failed with error\n",
1167			    __func__);
1168		}
1169	}
1170	mtx_lock(&softc->ctl_lock);
1171	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1172		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1173			continue;
1174		mtx_lock(&lun->lun_lock);
1175		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1176		mtx_unlock(&lun->lun_lock);
1177	}
1178	mtx_unlock(&softc->ctl_lock);
1179}
1180
1181static void
1182ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1183{
1184	struct ctl_port *port;
1185	int iid;
1186
1187	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1188	if (port == NULL) {
1189		printf("%s: Received IID for unknown port %d\n",
1190		    __func__, msg->hdr.nexus.targ_port);
1191		return;
1192	}
1193	iid = msg->hdr.nexus.initid;
1194	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1195	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1196	free(port->wwpn_iid[iid].name, M_CTL);
1197	if (msg->iid.name_len) {
1198		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1199		    msg->iid.name_len, M_CTL);
1200	} else
1201		port->wwpn_iid[iid].name = NULL;
1202}
1203
1204static void
1205ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1206{
1207
1208	if (msg->login.version != CTL_HA_VERSION) {
1209		printf("CTL HA peers have different versions %d != %d\n",
1210		    msg->login.version, CTL_HA_VERSION);
1211		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1212		return;
1213	}
1214	if (msg->login.ha_mode != softc->ha_mode) {
1215		printf("CTL HA peers have different ha_mode %d != %d\n",
1216		    msg->login.ha_mode, softc->ha_mode);
1217		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1218		return;
1219	}
1220	if (msg->login.ha_id == softc->ha_id) {
1221		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1222		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1223		return;
1224	}
1225	if (msg->login.max_luns != CTL_MAX_LUNS ||
1226	    msg->login.max_ports != CTL_MAX_PORTS ||
1227	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1228		printf("CTL HA peers have different limits\n");
1229		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1230		return;
1231	}
1232}
1233
1234static void
1235ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1236{
1237	struct ctl_lun *lun;
1238	int i;
1239	uint32_t initidx, targ_lun;
1240
1241	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1242	mtx_lock(&softc->ctl_lock);
1243	if ((targ_lun >= CTL_MAX_LUNS) ||
1244	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1245		mtx_unlock(&softc->ctl_lock);
1246		return;
1247	}
1248	mtx_lock(&lun->lun_lock);
1249	mtx_unlock(&softc->ctl_lock);
1250	if (lun->flags & CTL_LUN_DISABLED) {
1251		mtx_unlock(&lun->lun_lock);
1252		return;
1253	}
1254	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1255		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1256		    msg->mode.page_code &&
1257		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1258			break;
1259	}
1260	if (i == CTL_NUM_MODE_PAGES) {
1261		mtx_unlock(&lun->lun_lock);
1262		return;
1263	}
1264	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1265	    lun->mode_pages.index[i].page_len);
1266	initidx = ctl_get_initindex(&msg->hdr.nexus);
1267	if (initidx != -1)
1268		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1269	mtx_unlock(&lun->lun_lock);
1270}
1271
1272/*
1273 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1274 * subsystem come in here.
1275 */
1276static void
1277ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1278{
1279	struct ctl_softc *softc = control_softc;
1280	union ctl_io *io;
1281	struct ctl_prio *presio;
1282	ctl_ha_status isc_status;
1283
1284	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1285	if (event == CTL_HA_EVT_MSG_RECV) {
1286		union ctl_ha_msg *msg, msgbuf;
1287
1288		if (param > sizeof(msgbuf))
1289			msg = malloc(param, M_CTL, M_WAITOK);
1290		else
1291			msg = &msgbuf;
1292		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1293		    M_WAITOK);
1294		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1295			printf("%s: Error receiving message: %d\n",
1296			    __func__, isc_status);
1297			if (msg != &msgbuf)
1298				free(msg, M_CTL);
1299			return;
1300		}
1301
1302		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1303		switch (msg->hdr.msg_type) {
1304		case CTL_MSG_SERIALIZE:
1305			io = ctl_alloc_io(softc->othersc_pool);
1306			ctl_zero_io(io);
1307			// populate ctsio from msg
1308			io->io_hdr.io_type = CTL_IO_SCSI;
1309			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1310			io->io_hdr.original_sc = msg->hdr.original_sc;
1311			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1312					    CTL_FLAG_IO_ACTIVE;
1313			/*
1314			 * If we're in serialization-only mode, we don't
1315			 * want to go through full done processing.  Thus
1316			 * the COPY flag.
1317			 *
1318			 * XXX KDM add another flag that is more specific.
1319			 */
1320			if (softc->ha_mode != CTL_HA_MODE_XFER)
1321				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1322			io->io_hdr.nexus = msg->hdr.nexus;
1323#if 0
1324			printf("port %u, iid %u, lun %u\n",
1325			       io->io_hdr.nexus.targ_port,
1326			       io->io_hdr.nexus.initid,
1327			       io->io_hdr.nexus.targ_lun);
1328#endif
1329			io->scsiio.tag_num = msg->scsi.tag_num;
1330			io->scsiio.tag_type = msg->scsi.tag_type;
1331#ifdef CTL_TIME_IO
1332			io->io_hdr.start_time = time_uptime;
1333			getbinuptime(&io->io_hdr.start_bt);
1334#endif /* CTL_TIME_IO */
1335			io->scsiio.cdb_len = msg->scsi.cdb_len;
1336			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1337			       CTL_MAX_CDBLEN);
1338			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1339				const struct ctl_cmd_entry *entry;
1340
1341				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1342				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1343				io->io_hdr.flags |=
1344					entry->flags & CTL_FLAG_DATA_MASK;
1345			}
1346			ctl_enqueue_isc(io);
1347			break;
1348
1349		/* Performed on the Originating SC, XFER mode only */
1350		case CTL_MSG_DATAMOVE: {
1351			struct ctl_sg_entry *sgl;
1352			int i, j;
1353
1354			io = msg->hdr.original_sc;
1355			if (io == NULL) {
1356				printf("%s: original_sc == NULL!\n", __func__);
1357				/* XXX KDM do something here */
1358				break;
1359			}
1360			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1361			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1362			/*
1363			 * Keep track of this, we need to send it back over
1364			 * when the datamove is complete.
1365			 */
1366			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1367			if (msg->hdr.status == CTL_SUCCESS)
1368				io->io_hdr.status = msg->hdr.status;
1369
1370			if (msg->dt.sg_sequence == 0) {
1371#ifdef CTL_TIME_IO
1372				getbinuptime(&io->io_hdr.dma_start_bt);
1373#endif
1374				i = msg->dt.kern_sg_entries +
1375				    msg->dt.kern_data_len /
1376				    CTL_HA_DATAMOVE_SEGMENT + 1;
1377				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1378				    M_WAITOK | M_ZERO);
1379				io->io_hdr.remote_sglist = sgl;
1380				io->io_hdr.local_sglist =
1381				    &sgl[msg->dt.kern_sg_entries];
1382
1383				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1384
1385				io->scsiio.kern_sg_entries =
1386					msg->dt.kern_sg_entries;
1387				io->scsiio.rem_sg_entries =
1388					msg->dt.kern_sg_entries;
1389				io->scsiio.kern_data_len =
1390					msg->dt.kern_data_len;
1391				io->scsiio.kern_total_len =
1392					msg->dt.kern_total_len;
1393				io->scsiio.kern_data_resid =
1394					msg->dt.kern_data_resid;
1395				io->scsiio.kern_rel_offset =
1396					msg->dt.kern_rel_offset;
1397				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1398				io->io_hdr.flags |= msg->dt.flags &
1399				    CTL_FLAG_BUS_ADDR;
1400			} else
1401				sgl = (struct ctl_sg_entry *)
1402					io->scsiio.kern_data_ptr;
1403
1404			for (i = msg->dt.sent_sg_entries, j = 0;
1405			     i < (msg->dt.sent_sg_entries +
1406			     msg->dt.cur_sg_entries); i++, j++) {
1407				sgl[i].addr = msg->dt.sg_list[j].addr;
1408				sgl[i].len = msg->dt.sg_list[j].len;
1409
1410#if 0
1411				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1412				    __func__, sgl[i].addr, sgl[i].len, j, i);
1413#endif
1414			}
1415
1416			/*
1417			 * If this is the last piece of the I/O, we've got
1418			 * the full S/G list.  Queue processing in the thread.
1419			 * Otherwise wait for the next piece.
1420			 */
1421			if (msg->dt.sg_last != 0)
1422				ctl_enqueue_isc(io);
1423			break;
1424		}
1425		/* Performed on the Serializing (primary) SC, XFER mode only */
1426		case CTL_MSG_DATAMOVE_DONE: {
1427			if (msg->hdr.serializing_sc == NULL) {
1428				printf("%s: serializing_sc == NULL!\n",
1429				       __func__);
1430				/* XXX KDM now what? */
1431				break;
1432			}
1433			/*
1434			 * We grab the sense information here in case
1435			 * there was a failure, so we can return status
1436			 * back to the initiator.
1437			 */
1438			io = msg->hdr.serializing_sc;
1439			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1440			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1441			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1442			io->io_hdr.port_status = msg->scsi.fetd_status;
1443			io->scsiio.residual = msg->scsi.residual;
1444			if (msg->hdr.status != CTL_STATUS_NONE) {
1445				io->io_hdr.status = msg->hdr.status;
1446				io->scsiio.scsi_status = msg->scsi.scsi_status;
1447				io->scsiio.sense_len = msg->scsi.sense_len;
1448				io->scsiio.sense_residual =msg->scsi.sense_residual;
1449				memcpy(&io->scsiio.sense_data,
1450				    &msg->scsi.sense_data,
1451				    msg->scsi.sense_len);
1452				if (msg->hdr.status == CTL_SUCCESS)
1453					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1454			}
1455			ctl_enqueue_isc(io);
1456			break;
1457		}
1458
1459		/* Preformed on Originating SC, SER_ONLY mode */
1460		case CTL_MSG_R2R:
1461			io = msg->hdr.original_sc;
1462			if (io == NULL) {
1463				printf("%s: original_sc == NULL!\n",
1464				    __func__);
1465				break;
1466			}
1467			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1468			io->io_hdr.msg_type = CTL_MSG_R2R;
1469			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1470			ctl_enqueue_isc(io);
1471			break;
1472
1473		/*
1474		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1475		 * mode.
1476		 * Performed on the Originating (i.e. secondary) SC in XFER
1477		 * mode
1478		 */
1479		case CTL_MSG_FINISH_IO:
1480			if (softc->ha_mode == CTL_HA_MODE_XFER)
1481				ctl_isc_handler_finish_xfer(softc, msg);
1482			else
1483				ctl_isc_handler_finish_ser_only(softc, msg);
1484			break;
1485
1486		/* Preformed on Originating SC */
1487		case CTL_MSG_BAD_JUJU:
1488			io = msg->hdr.original_sc;
1489			if (io == NULL) {
1490				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1491				       __func__);
1492				break;
1493			}
1494			ctl_copy_sense_data(msg, io);
1495			/*
1496			 * IO should have already been cleaned up on other
1497			 * SC so clear this flag so we won't send a message
1498			 * back to finish the IO there.
1499			 */
1500			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1501			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1502
1503			/* io = msg->hdr.serializing_sc; */
1504			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1505			ctl_enqueue_isc(io);
1506			break;
1507
1508		/* Handle resets sent from the other side */
1509		case CTL_MSG_MANAGE_TASKS: {
1510			struct ctl_taskio *taskio;
1511			taskio = (struct ctl_taskio *)ctl_alloc_io(
1512			    softc->othersc_pool);
1513			ctl_zero_io((union ctl_io *)taskio);
1514			taskio->io_hdr.io_type = CTL_IO_TASK;
1515			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1516			taskio->io_hdr.nexus = msg->hdr.nexus;
1517			taskio->task_action = msg->task.task_action;
1518			taskio->tag_num = msg->task.tag_num;
1519			taskio->tag_type = msg->task.tag_type;
1520#ifdef CTL_TIME_IO
1521			taskio->io_hdr.start_time = time_uptime;
1522			getbinuptime(&taskio->io_hdr.start_bt);
1523#endif /* CTL_TIME_IO */
1524			ctl_run_task((union ctl_io *)taskio);
1525			break;
1526		}
1527		/* Persistent Reserve action which needs attention */
1528		case CTL_MSG_PERS_ACTION:
1529			presio = (struct ctl_prio *)ctl_alloc_io(
1530			    softc->othersc_pool);
1531			ctl_zero_io((union ctl_io *)presio);
1532			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1533			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1534			presio->io_hdr.nexus = msg->hdr.nexus;
1535			presio->pr_msg = msg->pr;
1536			ctl_enqueue_isc((union ctl_io *)presio);
1537			break;
1538		case CTL_MSG_UA:
1539			ctl_isc_ua(softc, msg, param);
1540			break;
1541		case CTL_MSG_PORT_SYNC:
1542			ctl_isc_port_sync(softc, msg, param);
1543			break;
1544		case CTL_MSG_LUN_SYNC:
1545			ctl_isc_lun_sync(softc, msg, param);
1546			break;
1547		case CTL_MSG_IID_SYNC:
1548			ctl_isc_iid_sync(softc, msg, param);
1549			break;
1550		case CTL_MSG_LOGIN:
1551			ctl_isc_login(softc, msg, param);
1552			break;
1553		case CTL_MSG_MODE_SYNC:
1554			ctl_isc_mode_sync(softc, msg, param);
1555			break;
1556		default:
1557			printf("Received HA message of unknown type %d\n",
1558			    msg->hdr.msg_type);
1559			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1560			break;
1561		}
1562		if (msg != &msgbuf)
1563			free(msg, M_CTL);
1564	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1565		printf("CTL: HA link status changed from %d to %d\n",
1566		    softc->ha_link, param);
1567		if (param == softc->ha_link)
1568			return;
1569		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1570			softc->ha_link = param;
1571			ctl_isc_ha_link_down(softc);
1572		} else {
1573			softc->ha_link = param;
1574			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1575				ctl_isc_ha_link_up(softc);
1576		}
1577		return;
1578	} else {
1579		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1580		return;
1581	}
1582}
1583
1584static void
1585ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1586{
1587
1588	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1589	    src->scsi.sense_len);
1590	dest->scsiio.scsi_status = src->scsi.scsi_status;
1591	dest->scsiio.sense_len = src->scsi.sense_len;
1592	dest->io_hdr.status = src->hdr.status;
1593}
1594
1595static void
1596ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1597{
1598
1599	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1600	    src->scsiio.sense_len);
1601	dest->scsi.scsi_status = src->scsiio.scsi_status;
1602	dest->scsi.sense_len = src->scsiio.sense_len;
1603	dest->hdr.status = src->io_hdr.status;
1604}
1605
1606void
1607ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1608{
1609	struct ctl_softc *softc = lun->ctl_softc;
1610	ctl_ua_type *pu;
1611
1612	if (initidx < softc->init_min || initidx >= softc->init_max)
1613		return;
1614	mtx_assert(&lun->lun_lock, MA_OWNED);
1615	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1616	if (pu == NULL)
1617		return;
1618	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1619}
1620
1621void
1622ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1623{
1624	int i;
1625
1626	mtx_assert(&lun->lun_lock, MA_OWNED);
1627	if (lun->pending_ua[port] == NULL)
1628		return;
1629	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1630		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1631			continue;
1632		lun->pending_ua[port][i] |= ua;
1633	}
1634}
1635
1636void
1637ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1638{
1639	struct ctl_softc *softc = lun->ctl_softc;
1640	int i;
1641
1642	mtx_assert(&lun->lun_lock, MA_OWNED);
1643	for (i = softc->port_min; i < softc->port_max; i++)
1644		ctl_est_ua_port(lun, i, except, ua);
1645}
1646
1647void
1648ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1649{
1650	struct ctl_softc *softc = lun->ctl_softc;
1651	ctl_ua_type *pu;
1652
1653	if (initidx < softc->init_min || initidx >= softc->init_max)
1654		return;
1655	mtx_assert(&lun->lun_lock, MA_OWNED);
1656	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1657	if (pu == NULL)
1658		return;
1659	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1660}
1661
1662void
1663ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1664{
1665	struct ctl_softc *softc = lun->ctl_softc;
1666	int i, j;
1667
1668	mtx_assert(&lun->lun_lock, MA_OWNED);
1669	for (i = softc->port_min; i < softc->port_max; i++) {
1670		if (lun->pending_ua[i] == NULL)
1671			continue;
1672		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1673			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1674				continue;
1675			lun->pending_ua[i][j] &= ~ua;
1676		}
1677	}
1678}
1679
1680void
1681ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1682    ctl_ua_type ua_type)
1683{
1684	struct ctl_lun *lun;
1685
1686	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1687	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1688		mtx_lock(&lun->lun_lock);
1689		ctl_clr_ua(lun, initidx, ua_type);
1690		mtx_unlock(&lun->lun_lock);
1691	}
1692}
1693
1694static int
1695ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1696{
1697	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1698	struct ctl_lun *lun;
1699	struct ctl_lun_req ireq;
1700	int error, value;
1701
1702	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1703	error = sysctl_handle_int(oidp, &value, 0, req);
1704	if ((error != 0) || (req->newptr == NULL))
1705		return (error);
1706
1707	mtx_lock(&softc->ctl_lock);
1708	if (value == 0)
1709		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1710	else
1711		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1712	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1713		mtx_unlock(&softc->ctl_lock);
1714		bzero(&ireq, sizeof(ireq));
1715		ireq.reqtype = CTL_LUNREQ_MODIFY;
1716		ireq.reqdata.modify.lun_id = lun->lun;
1717		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1718		    curthread);
1719		if (ireq.status != CTL_LUN_OK) {
1720			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1721			    __func__, ireq.status, ireq.error_str);
1722		}
1723		mtx_lock(&softc->ctl_lock);
1724	}
1725	mtx_unlock(&softc->ctl_lock);
1726	return (0);
1727}
1728
1729static int
1730ctl_init(void)
1731{
1732	struct ctl_softc *softc;
1733	void *other_pool;
1734	int i, error;
1735
1736	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1737			       M_WAITOK | M_ZERO);
1738
1739	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1740			      "cam/ctl");
1741	softc->dev->si_drv1 = softc;
1742
1743	sysctl_ctx_init(&softc->sysctl_ctx);
1744	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1745		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1746		CTLFLAG_RD, 0, "CAM Target Layer");
1747
1748	if (softc->sysctl_tree == NULL) {
1749		printf("%s: unable to allocate sysctl tree\n", __func__);
1750		destroy_dev(softc->dev);
1751		free(control_softc, M_DEVBUF);
1752		control_softc = NULL;
1753		return (ENOMEM);
1754	}
1755
1756	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1757	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1758	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1759	softc->flags = 0;
1760
1761	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1762	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1763	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1764
1765	/*
1766	 * In Copan's HA scheme, the "master" and "slave" roles are
1767	 * figured out through the slot the controller is in.  Although it
1768	 * is an active/active system, someone has to be in charge.
1769	 */
1770	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1771	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1772	    "HA head ID (0 - no HA)");
1773	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1774		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1775		softc->is_single = 1;
1776		softc->port_cnt = CTL_MAX_PORTS;
1777		softc->port_min = 0;
1778	} else {
1779		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1780		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1781	}
1782	softc->port_max = softc->port_min + softc->port_cnt;
1783	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1784	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1785
1786	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1787	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1788	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1789
1790	STAILQ_INIT(&softc->lun_list);
1791	STAILQ_INIT(&softc->pending_lun_queue);
1792	STAILQ_INIT(&softc->fe_list);
1793	STAILQ_INIT(&softc->port_list);
1794	STAILQ_INIT(&softc->be_list);
1795	ctl_tpc_init(softc);
1796
1797	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1798	                    &other_pool) != 0)
1799	{
1800		printf("ctl: can't allocate %d entry other SC pool, "
1801		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1802		return (ENOMEM);
1803	}
1804	softc->othersc_pool = other_pool;
1805
1806	if (worker_threads <= 0)
1807		worker_threads = max(1, mp_ncpus / 4);
1808	if (worker_threads > CTL_MAX_THREADS)
1809		worker_threads = CTL_MAX_THREADS;
1810
1811	for (i = 0; i < worker_threads; i++) {
1812		struct ctl_thread *thr = &softc->threads[i];
1813
1814		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1815		thr->ctl_softc = softc;
1816		STAILQ_INIT(&thr->incoming_queue);
1817		STAILQ_INIT(&thr->rtr_queue);
1818		STAILQ_INIT(&thr->done_queue);
1819		STAILQ_INIT(&thr->isc_queue);
1820
1821		error = kproc_kthread_add(ctl_work_thread, thr,
1822		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1823		if (error != 0) {
1824			printf("error creating CTL work thread!\n");
1825			ctl_pool_free(other_pool);
1826			return (error);
1827		}
1828	}
1829	error = kproc_kthread_add(ctl_lun_thread, softc,
1830	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1831	if (error != 0) {
1832		printf("error creating CTL lun thread!\n");
1833		ctl_pool_free(other_pool);
1834		return (error);
1835	}
1836	error = kproc_kthread_add(ctl_thresh_thread, softc,
1837	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1838	if (error != 0) {
1839		printf("error creating CTL threshold thread!\n");
1840		ctl_pool_free(other_pool);
1841		return (error);
1842	}
1843
1844	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1845	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1846	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1847
1848	if (softc->is_single == 0) {
1849		ctl_frontend_register(&ha_frontend);
1850		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1851			printf("ctl_init: ctl_ha_msg_init failed.\n");
1852			softc->is_single = 1;
1853		} else
1854		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1855		    != CTL_HA_STATUS_SUCCESS) {
1856			printf("ctl_init: ctl_ha_msg_register failed.\n");
1857			softc->is_single = 1;
1858		}
1859	}
1860	return (0);
1861}
1862
1863void
1864ctl_shutdown(void)
1865{
1866	struct ctl_softc *softc = control_softc;
1867	struct ctl_lun *lun, *next_lun;
1868
1869	if (softc->is_single == 0) {
1870		ctl_ha_msg_shutdown(softc);
1871		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1872		    != CTL_HA_STATUS_SUCCESS)
1873			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1874		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1875			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1876		ctl_frontend_deregister(&ha_frontend);
1877	}
1878
1879	mtx_lock(&softc->ctl_lock);
1880
1881	/*
1882	 * Free up each LUN.
1883	 */
1884	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1885		next_lun = STAILQ_NEXT(lun, links);
1886		ctl_free_lun(lun);
1887	}
1888
1889	mtx_unlock(&softc->ctl_lock);
1890
1891#if 0
1892	ctl_shutdown_thread(softc->work_thread);
1893	mtx_destroy(&softc->queue_lock);
1894#endif
1895
1896	ctl_tpc_shutdown(softc);
1897	uma_zdestroy(softc->io_zone);
1898	mtx_destroy(&softc->ctl_lock);
1899
1900	destroy_dev(softc->dev);
1901
1902	sysctl_ctx_free(&softc->sysctl_ctx);
1903
1904	free(control_softc, M_DEVBUF);
1905	control_softc = NULL;
1906}
1907
1908static int
1909ctl_module_event_handler(module_t mod, int what, void *arg)
1910{
1911
1912	switch (what) {
1913	case MOD_LOAD:
1914		return (ctl_init());
1915	case MOD_UNLOAD:
1916		return (EBUSY);
1917	default:
1918		return (EOPNOTSUPP);
1919	}
1920}
1921
1922/*
1923 * XXX KDM should we do some access checks here?  Bump a reference count to
1924 * prevent a CTL module from being unloaded while someone has it open?
1925 */
1926static int
1927ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1928{
1929	return (0);
1930}
1931
1932static int
1933ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1934{
1935	return (0);
1936}
1937
1938/*
1939 * Remove an initiator by port number and initiator ID.
1940 * Returns 0 for success, -1 for failure.
1941 */
1942int
1943ctl_remove_initiator(struct ctl_port *port, int iid)
1944{
1945	struct ctl_softc *softc = port->ctl_softc;
1946
1947	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1948
1949	if (iid > CTL_MAX_INIT_PER_PORT) {
1950		printf("%s: initiator ID %u > maximun %u!\n",
1951		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1952		return (-1);
1953	}
1954
1955	mtx_lock(&softc->ctl_lock);
1956	port->wwpn_iid[iid].in_use--;
1957	port->wwpn_iid[iid].last_use = time_uptime;
1958	mtx_unlock(&softc->ctl_lock);
1959	ctl_isc_announce_iid(port, iid);
1960
1961	return (0);
1962}
1963
1964/*
1965 * Add an initiator to the initiator map.
1966 * Returns iid for success, < 0 for failure.
1967 */
1968int
1969ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1970{
1971	struct ctl_softc *softc = port->ctl_softc;
1972	time_t best_time;
1973	int i, best;
1974
1975	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1976
1977	if (iid >= CTL_MAX_INIT_PER_PORT) {
1978		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1979		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1980		free(name, M_CTL);
1981		return (-1);
1982	}
1983
1984	mtx_lock(&softc->ctl_lock);
1985
1986	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1987		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1988			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1989				iid = i;
1990				break;
1991			}
1992			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1993			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1994				iid = i;
1995				break;
1996			}
1997		}
1998	}
1999
2000	if (iid < 0) {
2001		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2002			if (port->wwpn_iid[i].in_use == 0 &&
2003			    port->wwpn_iid[i].wwpn == 0 &&
2004			    port->wwpn_iid[i].name == NULL) {
2005				iid = i;
2006				break;
2007			}
2008		}
2009	}
2010
2011	if (iid < 0) {
2012		best = -1;
2013		best_time = INT32_MAX;
2014		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2015			if (port->wwpn_iid[i].in_use == 0) {
2016				if (port->wwpn_iid[i].last_use < best_time) {
2017					best = i;
2018					best_time = port->wwpn_iid[i].last_use;
2019				}
2020			}
2021		}
2022		iid = best;
2023	}
2024
2025	if (iid < 0) {
2026		mtx_unlock(&softc->ctl_lock);
2027		free(name, M_CTL);
2028		return (-2);
2029	}
2030
2031	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2032		/*
2033		 * This is not an error yet.
2034		 */
2035		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2036#if 0
2037			printf("%s: port %d iid %u WWPN %#jx arrived"
2038			    " again\n", __func__, port->targ_port,
2039			    iid, (uintmax_t)wwpn);
2040#endif
2041			goto take;
2042		}
2043		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2044		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2045#if 0
2046			printf("%s: port %d iid %u name '%s' arrived"
2047			    " again\n", __func__, port->targ_port,
2048			    iid, name);
2049#endif
2050			goto take;
2051		}
2052
2053		/*
2054		 * This is an error, but what do we do about it?  The
2055		 * driver is telling us we have a new WWPN for this
2056		 * initiator ID, so we pretty much need to use it.
2057		 */
2058		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2059		    " but WWPN %#jx '%s' is still at that address\n",
2060		    __func__, port->targ_port, iid, wwpn, name,
2061		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2062		    port->wwpn_iid[iid].name);
2063
2064		/*
2065		 * XXX KDM clear have_ca and ua_pending on each LUN for
2066		 * this initiator.
2067		 */
2068	}
2069take:
2070	free(port->wwpn_iid[iid].name, M_CTL);
2071	port->wwpn_iid[iid].name = name;
2072	port->wwpn_iid[iid].wwpn = wwpn;
2073	port->wwpn_iid[iid].in_use++;
2074	mtx_unlock(&softc->ctl_lock);
2075	ctl_isc_announce_iid(port, iid);
2076
2077	return (iid);
2078}
2079
2080static int
2081ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2082{
2083	int len;
2084
2085	switch (port->port_type) {
2086	case CTL_PORT_FC:
2087	{
2088		struct scsi_transportid_fcp *id =
2089		    (struct scsi_transportid_fcp *)buf;
2090		if (port->wwpn_iid[iid].wwpn == 0)
2091			return (0);
2092		memset(id, 0, sizeof(*id));
2093		id->format_protocol = SCSI_PROTO_FC;
2094		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2095		return (sizeof(*id));
2096	}
2097	case CTL_PORT_ISCSI:
2098	{
2099		struct scsi_transportid_iscsi_port *id =
2100		    (struct scsi_transportid_iscsi_port *)buf;
2101		if (port->wwpn_iid[iid].name == NULL)
2102			return (0);
2103		memset(id, 0, 256);
2104		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2105		    SCSI_PROTO_ISCSI;
2106		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2107		len = roundup2(min(len, 252), 4);
2108		scsi_ulto2b(len, id->additional_length);
2109		return (sizeof(*id) + len);
2110	}
2111	case CTL_PORT_SAS:
2112	{
2113		struct scsi_transportid_sas *id =
2114		    (struct scsi_transportid_sas *)buf;
2115		if (port->wwpn_iid[iid].wwpn == 0)
2116			return (0);
2117		memset(id, 0, sizeof(*id));
2118		id->format_protocol = SCSI_PROTO_SAS;
2119		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2120		return (sizeof(*id));
2121	}
2122	default:
2123	{
2124		struct scsi_transportid_spi *id =
2125		    (struct scsi_transportid_spi *)buf;
2126		memset(id, 0, sizeof(*id));
2127		id->format_protocol = SCSI_PROTO_SPI;
2128		scsi_ulto2b(iid, id->scsi_addr);
2129		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2130		return (sizeof(*id));
2131	}
2132	}
2133}
2134
2135/*
2136 * Serialize a command that went down the "wrong" side, and so was sent to
2137 * this controller for execution.  The logic is a little different than the
2138 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2139 * sent back to the other side, but in the success case, we execute the
2140 * command on this side (XFER mode) or tell the other side to execute it
2141 * (SER_ONLY mode).
2142 */
2143static int
2144ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2145{
2146	struct ctl_softc *softc = control_softc;
2147	union ctl_ha_msg msg_info;
2148	struct ctl_port *port;
2149	struct ctl_lun *lun;
2150	const struct ctl_cmd_entry *entry;
2151	int retval = 0;
2152	uint32_t targ_lun;
2153
2154	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2155	mtx_lock(&softc->ctl_lock);
2156
2157	/* Make sure that we know about this port. */
2158	port = ctl_io_port(&ctsio->io_hdr);
2159	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2160		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2161					 /*retry_count*/ 1);
2162		goto badjuju;
2163	}
2164
2165	/* Make sure that we know about this LUN. */
2166	if ((targ_lun < CTL_MAX_LUNS) &&
2167	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2168		mtx_lock(&lun->lun_lock);
2169		mtx_unlock(&softc->ctl_lock);
2170		/*
2171		 * If the LUN is invalid, pretend that it doesn't exist.
2172		 * It will go away as soon as all pending I/O has been
2173		 * completed.
2174		 */
2175		if (lun->flags & CTL_LUN_DISABLED) {
2176			mtx_unlock(&lun->lun_lock);
2177			lun = NULL;
2178		}
2179	} else {
2180		mtx_unlock(&softc->ctl_lock);
2181		lun = NULL;
2182	}
2183	if (lun == NULL) {
2184		/*
2185		 * The other node would not send this request to us unless
2186		 * received announce that we are primary node for this LUN.
2187		 * If this LUN does not exist now, it is probably result of
2188		 * a race, so respond to initiator in the most opaque way.
2189		 */
2190		ctl_set_busy(ctsio);
2191		goto badjuju;
2192	}
2193
2194	entry = ctl_get_cmd_entry(ctsio, NULL);
2195	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2196		mtx_unlock(&lun->lun_lock);
2197		goto badjuju;
2198	}
2199
2200	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2201	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2202
2203	/*
2204	 * Every I/O goes into the OOA queue for a
2205	 * particular LUN, and stays there until completion.
2206	 */
2207#ifdef CTL_TIME_IO
2208	if (TAILQ_EMPTY(&lun->ooa_queue))
2209		lun->idle_time += getsbinuptime() - lun->last_busy;
2210#endif
2211	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2212
2213	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2214		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2215		 ooa_links))) {
2216	case CTL_ACTION_BLOCK:
2217		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2218		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2219				  blocked_links);
2220		mtx_unlock(&lun->lun_lock);
2221		break;
2222	case CTL_ACTION_PASS:
2223	case CTL_ACTION_SKIP:
2224		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2225			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2226			ctl_enqueue_rtr((union ctl_io *)ctsio);
2227			mtx_unlock(&lun->lun_lock);
2228		} else {
2229			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2230			mtx_unlock(&lun->lun_lock);
2231
2232			/* send msg back to other side */
2233			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2234			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2235			msg_info.hdr.msg_type = CTL_MSG_R2R;
2236			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2237			    sizeof(msg_info.hdr), M_WAITOK);
2238		}
2239		break;
2240	case CTL_ACTION_OVERLAP:
2241		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2242		mtx_unlock(&lun->lun_lock);
2243		ctl_set_overlapped_cmd(ctsio);
2244		goto badjuju;
2245	case CTL_ACTION_OVERLAP_TAG:
2246		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2247		mtx_unlock(&lun->lun_lock);
2248		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2249		goto badjuju;
2250	case CTL_ACTION_ERROR:
2251	default:
2252		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2253		mtx_unlock(&lun->lun_lock);
2254
2255		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2256					 /*retry_count*/ 0);
2257badjuju:
2258		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2259		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2260		msg_info.hdr.serializing_sc = NULL;
2261		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2262		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2263		    sizeof(msg_info.scsi), M_WAITOK);
2264		retval = 1;
2265		break;
2266	}
2267	return (retval);
2268}
2269
2270/*
2271 * Returns 0 for success, errno for failure.
2272 */
2273static void
2274ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2275		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2276{
2277	union ctl_io *io;
2278
2279	mtx_lock(&lun->lun_lock);
2280	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2281	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2282	     ooa_links)) {
2283		struct ctl_ooa_entry *entry;
2284
2285		/*
2286		 * If we've got more than we can fit, just count the
2287		 * remaining entries.
2288		 */
2289		if (*cur_fill_num >= ooa_hdr->alloc_num)
2290			continue;
2291
2292		entry = &kern_entries[*cur_fill_num];
2293
2294		entry->tag_num = io->scsiio.tag_num;
2295		entry->lun_num = lun->lun;
2296#ifdef CTL_TIME_IO
2297		entry->start_bt = io->io_hdr.start_bt;
2298#endif
2299		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2300		entry->cdb_len = io->scsiio.cdb_len;
2301		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2302			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2303
2304		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2305			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2306
2307		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2308			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2309
2310		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2311			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2312
2313		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2314			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2315	}
2316	mtx_unlock(&lun->lun_lock);
2317}
2318
2319static void *
2320ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2321		 size_t error_str_len)
2322{
2323	void *kptr;
2324
2325	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2326
2327	if (copyin(user_addr, kptr, len) != 0) {
2328		snprintf(error_str, error_str_len, "Error copying %d bytes "
2329			 "from user address %p to kernel address %p", len,
2330			 user_addr, kptr);
2331		free(kptr, M_CTL);
2332		return (NULL);
2333	}
2334
2335	return (kptr);
2336}
2337
2338static void
2339ctl_free_args(int num_args, struct ctl_be_arg *args)
2340{
2341	int i;
2342
2343	if (args == NULL)
2344		return;
2345
2346	for (i = 0; i < num_args; i++) {
2347		free(args[i].kname, M_CTL);
2348		free(args[i].kvalue, M_CTL);
2349	}
2350
2351	free(args, M_CTL);
2352}
2353
2354static struct ctl_be_arg *
2355ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2356		char *error_str, size_t error_str_len)
2357{
2358	struct ctl_be_arg *args;
2359	int i;
2360
2361	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2362				error_str, error_str_len);
2363
2364	if (args == NULL)
2365		goto bailout;
2366
2367	for (i = 0; i < num_args; i++) {
2368		args[i].kname = NULL;
2369		args[i].kvalue = NULL;
2370	}
2371
2372	for (i = 0; i < num_args; i++) {
2373		uint8_t *tmpptr;
2374
2375		args[i].kname = ctl_copyin_alloc(args[i].name,
2376			args[i].namelen, error_str, error_str_len);
2377		if (args[i].kname == NULL)
2378			goto bailout;
2379
2380		if (args[i].kname[args[i].namelen - 1] != '\0') {
2381			snprintf(error_str, error_str_len, "Argument %d "
2382				 "name is not NUL-terminated", i);
2383			goto bailout;
2384		}
2385
2386		if (args[i].flags & CTL_BEARG_RD) {
2387			tmpptr = ctl_copyin_alloc(args[i].value,
2388				args[i].vallen, error_str, error_str_len);
2389			if (tmpptr == NULL)
2390				goto bailout;
2391			if ((args[i].flags & CTL_BEARG_ASCII)
2392			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2393				snprintf(error_str, error_str_len, "Argument "
2394				    "%d value is not NUL-terminated", i);
2395				goto bailout;
2396			}
2397			args[i].kvalue = tmpptr;
2398		} else {
2399			args[i].kvalue = malloc(args[i].vallen,
2400			    M_CTL, M_WAITOK | M_ZERO);
2401		}
2402	}
2403
2404	return (args);
2405bailout:
2406
2407	ctl_free_args(num_args, args);
2408
2409	return (NULL);
2410}
2411
2412static void
2413ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2414{
2415	int i;
2416
2417	for (i = 0; i < num_args; i++) {
2418		if (args[i].flags & CTL_BEARG_WR)
2419			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2420	}
2421}
2422
2423/*
2424 * Escape characters that are illegal or not recommended in XML.
2425 */
2426int
2427ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2428{
2429	char *end = str + size;
2430	int retval;
2431
2432	retval = 0;
2433
2434	for (; *str && str < end; str++) {
2435		switch (*str) {
2436		case '&':
2437			retval = sbuf_printf(sb, "&amp;");
2438			break;
2439		case '>':
2440			retval = sbuf_printf(sb, "&gt;");
2441			break;
2442		case '<':
2443			retval = sbuf_printf(sb, "&lt;");
2444			break;
2445		default:
2446			retval = sbuf_putc(sb, *str);
2447			break;
2448		}
2449
2450		if (retval != 0)
2451			break;
2452
2453	}
2454
2455	return (retval);
2456}
2457
2458static void
2459ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2460{
2461	struct scsi_vpd_id_descriptor *desc;
2462	int i;
2463
2464	if (id == NULL || id->len < 4)
2465		return;
2466	desc = (struct scsi_vpd_id_descriptor *)id->data;
2467	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2468	case SVPD_ID_TYPE_T10:
2469		sbuf_printf(sb, "t10.");
2470		break;
2471	case SVPD_ID_TYPE_EUI64:
2472		sbuf_printf(sb, "eui.");
2473		break;
2474	case SVPD_ID_TYPE_NAA:
2475		sbuf_printf(sb, "naa.");
2476		break;
2477	case SVPD_ID_TYPE_SCSI_NAME:
2478		break;
2479	}
2480	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2481	case SVPD_ID_CODESET_BINARY:
2482		for (i = 0; i < desc->length; i++)
2483			sbuf_printf(sb, "%02x", desc->identifier[i]);
2484		break;
2485	case SVPD_ID_CODESET_ASCII:
2486		sbuf_printf(sb, "%.*s", (int)desc->length,
2487		    (char *)desc->identifier);
2488		break;
2489	case SVPD_ID_CODESET_UTF8:
2490		sbuf_printf(sb, "%s", (char *)desc->identifier);
2491		break;
2492	}
2493}
2494
2495static int
2496ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2497	  struct thread *td)
2498{
2499	struct ctl_softc *softc = dev->si_drv1;
2500	struct ctl_lun *lun;
2501	int retval;
2502
2503	retval = 0;
2504
2505	switch (cmd) {
2506	case CTL_IO:
2507		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2508		break;
2509	case CTL_ENABLE_PORT:
2510	case CTL_DISABLE_PORT:
2511	case CTL_SET_PORT_WWNS: {
2512		struct ctl_port *port;
2513		struct ctl_port_entry *entry;
2514
2515		entry = (struct ctl_port_entry *)addr;
2516
2517		mtx_lock(&softc->ctl_lock);
2518		STAILQ_FOREACH(port, &softc->port_list, links) {
2519			int action, done;
2520
2521			if (port->targ_port < softc->port_min ||
2522			    port->targ_port >= softc->port_max)
2523				continue;
2524
2525			action = 0;
2526			done = 0;
2527			if ((entry->port_type == CTL_PORT_NONE)
2528			 && (entry->targ_port == port->targ_port)) {
2529				/*
2530				 * If the user only wants to enable or
2531				 * disable or set WWNs on a specific port,
2532				 * do the operation and we're done.
2533				 */
2534				action = 1;
2535				done = 1;
2536			} else if (entry->port_type & port->port_type) {
2537				/*
2538				 * Compare the user's type mask with the
2539				 * particular frontend type to see if we
2540				 * have a match.
2541				 */
2542				action = 1;
2543				done = 0;
2544
2545				/*
2546				 * Make sure the user isn't trying to set
2547				 * WWNs on multiple ports at the same time.
2548				 */
2549				if (cmd == CTL_SET_PORT_WWNS) {
2550					printf("%s: Can't set WWNs on "
2551					       "multiple ports\n", __func__);
2552					retval = EINVAL;
2553					break;
2554				}
2555			}
2556			if (action == 0)
2557				continue;
2558
2559			/*
2560			 * XXX KDM we have to drop the lock here, because
2561			 * the online/offline operations can potentially
2562			 * block.  We need to reference count the frontends
2563			 * so they can't go away,
2564			 */
2565			if (cmd == CTL_ENABLE_PORT) {
2566				mtx_unlock(&softc->ctl_lock);
2567				ctl_port_online(port);
2568				mtx_lock(&softc->ctl_lock);
2569			} else if (cmd == CTL_DISABLE_PORT) {
2570				mtx_unlock(&softc->ctl_lock);
2571				ctl_port_offline(port);
2572				mtx_lock(&softc->ctl_lock);
2573			} else if (cmd == CTL_SET_PORT_WWNS) {
2574				ctl_port_set_wwns(port,
2575				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2576				    1 : 0, entry->wwnn,
2577				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2578				    1 : 0, entry->wwpn);
2579			}
2580			if (done != 0)
2581				break;
2582		}
2583		mtx_unlock(&softc->ctl_lock);
2584		break;
2585	}
2586	case CTL_GET_OOA: {
2587		struct ctl_ooa *ooa_hdr;
2588		struct ctl_ooa_entry *entries;
2589		uint32_t cur_fill_num;
2590
2591		ooa_hdr = (struct ctl_ooa *)addr;
2592
2593		if ((ooa_hdr->alloc_len == 0)
2594		 || (ooa_hdr->alloc_num == 0)) {
2595			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2596			       "must be non-zero\n", __func__,
2597			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2598			retval = EINVAL;
2599			break;
2600		}
2601
2602		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2603		    sizeof(struct ctl_ooa_entry))) {
2604			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2605			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2606			       __func__, ooa_hdr->alloc_len,
2607			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2608			retval = EINVAL;
2609			break;
2610		}
2611
2612		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2613		if (entries == NULL) {
2614			printf("%s: could not allocate %d bytes for OOA "
2615			       "dump\n", __func__, ooa_hdr->alloc_len);
2616			retval = ENOMEM;
2617			break;
2618		}
2619
2620		mtx_lock(&softc->ctl_lock);
2621		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2622		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2623		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2624			mtx_unlock(&softc->ctl_lock);
2625			free(entries, M_CTL);
2626			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2627			       __func__, (uintmax_t)ooa_hdr->lun_num);
2628			retval = EINVAL;
2629			break;
2630		}
2631
2632		cur_fill_num = 0;
2633
2634		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2635			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2636				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2637				    ooa_hdr, entries);
2638			}
2639		} else {
2640			lun = softc->ctl_luns[ooa_hdr->lun_num];
2641			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2642			    entries);
2643		}
2644		mtx_unlock(&softc->ctl_lock);
2645
2646		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2647		ooa_hdr->fill_len = ooa_hdr->fill_num *
2648			sizeof(struct ctl_ooa_entry);
2649		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2650		if (retval != 0) {
2651			printf("%s: error copying out %d bytes for OOA dump\n",
2652			       __func__, ooa_hdr->fill_len);
2653		}
2654
2655		getbinuptime(&ooa_hdr->cur_bt);
2656
2657		if (cur_fill_num > ooa_hdr->alloc_num) {
2658			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2659			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2660		} else {
2661			ooa_hdr->dropped_num = 0;
2662			ooa_hdr->status = CTL_OOA_OK;
2663		}
2664
2665		free(entries, M_CTL);
2666		break;
2667	}
2668	case CTL_DELAY_IO: {
2669		struct ctl_io_delay_info *delay_info;
2670
2671		delay_info = (struct ctl_io_delay_info *)addr;
2672
2673#ifdef CTL_IO_DELAY
2674		mtx_lock(&softc->ctl_lock);
2675
2676		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2677		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2678			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2679		} else {
2680			lun = softc->ctl_luns[delay_info->lun_id];
2681			mtx_lock(&lun->lun_lock);
2682
2683			delay_info->status = CTL_DELAY_STATUS_OK;
2684
2685			switch (delay_info->delay_type) {
2686			case CTL_DELAY_TYPE_CONT:
2687				break;
2688			case CTL_DELAY_TYPE_ONESHOT:
2689				break;
2690			default:
2691				delay_info->status =
2692					CTL_DELAY_STATUS_INVALID_TYPE;
2693				break;
2694			}
2695
2696			switch (delay_info->delay_loc) {
2697			case CTL_DELAY_LOC_DATAMOVE:
2698				lun->delay_info.datamove_type =
2699					delay_info->delay_type;
2700				lun->delay_info.datamove_delay =
2701					delay_info->delay_secs;
2702				break;
2703			case CTL_DELAY_LOC_DONE:
2704				lun->delay_info.done_type =
2705					delay_info->delay_type;
2706				lun->delay_info.done_delay =
2707					delay_info->delay_secs;
2708				break;
2709			default:
2710				delay_info->status =
2711					CTL_DELAY_STATUS_INVALID_LOC;
2712				break;
2713			}
2714			mtx_unlock(&lun->lun_lock);
2715		}
2716
2717		mtx_unlock(&softc->ctl_lock);
2718#else
2719		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2720#endif /* CTL_IO_DELAY */
2721		break;
2722	}
2723	case CTL_GETSTATS: {
2724		struct ctl_stats *stats;
2725		int i;
2726
2727		stats = (struct ctl_stats *)addr;
2728
2729		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2730		     stats->alloc_len) {
2731			stats->status = CTL_SS_NEED_MORE_SPACE;
2732			stats->num_luns = softc->num_luns;
2733			break;
2734		}
2735		/*
2736		 * XXX KDM no locking here.  If the LUN list changes,
2737		 * things can blow up.
2738		 */
2739		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2740		     i++, lun = STAILQ_NEXT(lun, links)) {
2741			retval = copyout(&lun->stats, &stats->lun_stats[i],
2742					 sizeof(lun->stats));
2743			if (retval != 0)
2744				break;
2745		}
2746		stats->num_luns = softc->num_luns;
2747		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2748				 softc->num_luns;
2749		stats->status = CTL_SS_OK;
2750#ifdef CTL_TIME_IO
2751		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2752#else
2753		stats->flags = CTL_STATS_FLAG_NONE;
2754#endif
2755		getnanouptime(&stats->timestamp);
2756		break;
2757	}
2758	case CTL_ERROR_INJECT: {
2759		struct ctl_error_desc *err_desc, *new_err_desc;
2760
2761		err_desc = (struct ctl_error_desc *)addr;
2762
2763		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2764				      M_WAITOK | M_ZERO);
2765		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2766
2767		mtx_lock(&softc->ctl_lock);
2768		lun = softc->ctl_luns[err_desc->lun_id];
2769		if (lun == NULL) {
2770			mtx_unlock(&softc->ctl_lock);
2771			free(new_err_desc, M_CTL);
2772			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2773			       __func__, (uintmax_t)err_desc->lun_id);
2774			retval = EINVAL;
2775			break;
2776		}
2777		mtx_lock(&lun->lun_lock);
2778		mtx_unlock(&softc->ctl_lock);
2779
2780		/*
2781		 * We could do some checking here to verify the validity
2782		 * of the request, but given the complexity of error
2783		 * injection requests, the checking logic would be fairly
2784		 * complex.
2785		 *
2786		 * For now, if the request is invalid, it just won't get
2787		 * executed and might get deleted.
2788		 */
2789		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2790
2791		/*
2792		 * XXX KDM check to make sure the serial number is unique,
2793		 * in case we somehow manage to wrap.  That shouldn't
2794		 * happen for a very long time, but it's the right thing to
2795		 * do.
2796		 */
2797		new_err_desc->serial = lun->error_serial;
2798		err_desc->serial = lun->error_serial;
2799		lun->error_serial++;
2800
2801		mtx_unlock(&lun->lun_lock);
2802		break;
2803	}
2804	case CTL_ERROR_INJECT_DELETE: {
2805		struct ctl_error_desc *delete_desc, *desc, *desc2;
2806		int delete_done;
2807
2808		delete_desc = (struct ctl_error_desc *)addr;
2809		delete_done = 0;
2810
2811		mtx_lock(&softc->ctl_lock);
2812		lun = softc->ctl_luns[delete_desc->lun_id];
2813		if (lun == NULL) {
2814			mtx_unlock(&softc->ctl_lock);
2815			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2816			       __func__, (uintmax_t)delete_desc->lun_id);
2817			retval = EINVAL;
2818			break;
2819		}
2820		mtx_lock(&lun->lun_lock);
2821		mtx_unlock(&softc->ctl_lock);
2822		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2823			if (desc->serial != delete_desc->serial)
2824				continue;
2825
2826			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2827				      links);
2828			free(desc, M_CTL);
2829			delete_done = 1;
2830		}
2831		mtx_unlock(&lun->lun_lock);
2832		if (delete_done == 0) {
2833			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2834			       "error serial %ju on LUN %u\n", __func__,
2835			       delete_desc->serial, delete_desc->lun_id);
2836			retval = EINVAL;
2837			break;
2838		}
2839		break;
2840	}
2841	case CTL_DUMP_STRUCTS: {
2842		int i, j, k;
2843		struct ctl_port *port;
2844		struct ctl_frontend *fe;
2845
2846		mtx_lock(&softc->ctl_lock);
2847		printf("CTL Persistent Reservation information start:\n");
2848		for (i = 0; i < CTL_MAX_LUNS; i++) {
2849			lun = softc->ctl_luns[i];
2850
2851			if ((lun == NULL)
2852			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2853				continue;
2854
2855			for (j = 0; j < CTL_MAX_PORTS; j++) {
2856				if (lun->pr_keys[j] == NULL)
2857					continue;
2858				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2859					if (lun->pr_keys[j][k] == 0)
2860						continue;
2861					printf("  LUN %d port %d iid %d key "
2862					       "%#jx\n", i, j, k,
2863					       (uintmax_t)lun->pr_keys[j][k]);
2864				}
2865			}
2866		}
2867		printf("CTL Persistent Reservation information end\n");
2868		printf("CTL Ports:\n");
2869		STAILQ_FOREACH(port, &softc->port_list, links) {
2870			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2871			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2872			       port->frontend->name, port->port_type,
2873			       port->physical_port, port->virtual_port,
2874			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2875			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2876				if (port->wwpn_iid[j].in_use == 0 &&
2877				    port->wwpn_iid[j].wwpn == 0 &&
2878				    port->wwpn_iid[j].name == NULL)
2879					continue;
2880
2881				printf("    iid %u use %d WWPN %#jx '%s'\n",
2882				    j, port->wwpn_iid[j].in_use,
2883				    (uintmax_t)port->wwpn_iid[j].wwpn,
2884				    port->wwpn_iid[j].name);
2885			}
2886		}
2887		printf("CTL Port information end\n");
2888		mtx_unlock(&softc->ctl_lock);
2889		/*
2890		 * XXX KDM calling this without a lock.  We'd likely want
2891		 * to drop the lock before calling the frontend's dump
2892		 * routine anyway.
2893		 */
2894		printf("CTL Frontends:\n");
2895		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2896			printf("  Frontend '%s'\n", fe->name);
2897			if (fe->fe_dump != NULL)
2898				fe->fe_dump();
2899		}
2900		printf("CTL Frontend information end\n");
2901		break;
2902	}
2903	case CTL_LUN_REQ: {
2904		struct ctl_lun_req *lun_req;
2905		struct ctl_backend_driver *backend;
2906
2907		lun_req = (struct ctl_lun_req *)addr;
2908
2909		backend = ctl_backend_find(lun_req->backend);
2910		if (backend == NULL) {
2911			lun_req->status = CTL_LUN_ERROR;
2912			snprintf(lun_req->error_str,
2913				 sizeof(lun_req->error_str),
2914				 "Backend \"%s\" not found.",
2915				 lun_req->backend);
2916			break;
2917		}
2918		if (lun_req->num_be_args > 0) {
2919			lun_req->kern_be_args = ctl_copyin_args(
2920				lun_req->num_be_args,
2921				lun_req->be_args,
2922				lun_req->error_str,
2923				sizeof(lun_req->error_str));
2924			if (lun_req->kern_be_args == NULL) {
2925				lun_req->status = CTL_LUN_ERROR;
2926				break;
2927			}
2928		}
2929
2930		retval = backend->ioctl(dev, cmd, addr, flag, td);
2931
2932		if (lun_req->num_be_args > 0) {
2933			ctl_copyout_args(lun_req->num_be_args,
2934				      lun_req->kern_be_args);
2935			ctl_free_args(lun_req->num_be_args,
2936				      lun_req->kern_be_args);
2937		}
2938		break;
2939	}
2940	case CTL_LUN_LIST: {
2941		struct sbuf *sb;
2942		struct ctl_lun_list *list;
2943		struct ctl_option *opt;
2944
2945		list = (struct ctl_lun_list *)addr;
2946
2947		/*
2948		 * Allocate a fixed length sbuf here, based on the length
2949		 * of the user's buffer.  We could allocate an auto-extending
2950		 * buffer, and then tell the user how much larger our
2951		 * amount of data is than his buffer, but that presents
2952		 * some problems:
2953		 *
2954		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2955		 *     we can't hold a lock while calling them with an
2956		 *     auto-extending buffer.
2957 		 *
2958		 * 2.  There is not currently a LUN reference counting
2959		 *     mechanism, outside of outstanding transactions on
2960		 *     the LUN's OOA queue.  So a LUN could go away on us
2961		 *     while we're getting the LUN number, backend-specific
2962		 *     information, etc.  Thus, given the way things
2963		 *     currently work, we need to hold the CTL lock while
2964		 *     grabbing LUN information.
2965		 *
2966		 * So, from the user's standpoint, the best thing to do is
2967		 * allocate what he thinks is a reasonable buffer length,
2968		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2969		 * double the buffer length and try again.  (And repeat
2970		 * that until he succeeds.)
2971		 */
2972		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2973		if (sb == NULL) {
2974			list->status = CTL_LUN_LIST_ERROR;
2975			snprintf(list->error_str, sizeof(list->error_str),
2976				 "Unable to allocate %d bytes for LUN list",
2977				 list->alloc_len);
2978			break;
2979		}
2980
2981		sbuf_printf(sb, "<ctllunlist>\n");
2982
2983		mtx_lock(&softc->ctl_lock);
2984		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2985			mtx_lock(&lun->lun_lock);
2986			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2987					     (uintmax_t)lun->lun);
2988
2989			/*
2990			 * Bail out as soon as we see that we've overfilled
2991			 * the buffer.
2992			 */
2993			if (retval != 0)
2994				break;
2995
2996			retval = sbuf_printf(sb, "\t<backend_type>%s"
2997					     "</backend_type>\n",
2998					     (lun->backend == NULL) ?  "none" :
2999					     lun->backend->name);
3000
3001			if (retval != 0)
3002				break;
3003
3004			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3005					     lun->be_lun->lun_type);
3006
3007			if (retval != 0)
3008				break;
3009
3010			if (lun->backend == NULL) {
3011				retval = sbuf_printf(sb, "</lun>\n");
3012				if (retval != 0)
3013					break;
3014				continue;
3015			}
3016
3017			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3018					     (lun->be_lun->maxlba > 0) ?
3019					     lun->be_lun->maxlba + 1 : 0);
3020
3021			if (retval != 0)
3022				break;
3023
3024			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3025					     lun->be_lun->blocksize);
3026
3027			if (retval != 0)
3028				break;
3029
3030			retval = sbuf_printf(sb, "\t<serial_number>");
3031
3032			if (retval != 0)
3033				break;
3034
3035			retval = ctl_sbuf_printf_esc(sb,
3036			    lun->be_lun->serial_num,
3037			    sizeof(lun->be_lun->serial_num));
3038
3039			if (retval != 0)
3040				break;
3041
3042			retval = sbuf_printf(sb, "</serial_number>\n");
3043
3044			if (retval != 0)
3045				break;
3046
3047			retval = sbuf_printf(sb, "\t<device_id>");
3048
3049			if (retval != 0)
3050				break;
3051
3052			retval = ctl_sbuf_printf_esc(sb,
3053			    lun->be_lun->device_id,
3054			    sizeof(lun->be_lun->device_id));
3055
3056			if (retval != 0)
3057				break;
3058
3059			retval = sbuf_printf(sb, "</device_id>\n");
3060
3061			if (retval != 0)
3062				break;
3063
3064			if (lun->backend->lun_info != NULL) {
3065				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3066				if (retval != 0)
3067					break;
3068			}
3069			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3070				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3071				    opt->name, opt->value, opt->name);
3072				if (retval != 0)
3073					break;
3074			}
3075
3076			retval = sbuf_printf(sb, "</lun>\n");
3077
3078			if (retval != 0)
3079				break;
3080			mtx_unlock(&lun->lun_lock);
3081		}
3082		if (lun != NULL)
3083			mtx_unlock(&lun->lun_lock);
3084		mtx_unlock(&softc->ctl_lock);
3085
3086		if ((retval != 0)
3087		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3088			retval = 0;
3089			sbuf_delete(sb);
3090			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3091			snprintf(list->error_str, sizeof(list->error_str),
3092				 "Out of space, %d bytes is too small",
3093				 list->alloc_len);
3094			break;
3095		}
3096
3097		sbuf_finish(sb);
3098
3099		retval = copyout(sbuf_data(sb), list->lun_xml,
3100				 sbuf_len(sb) + 1);
3101
3102		list->fill_len = sbuf_len(sb) + 1;
3103		list->status = CTL_LUN_LIST_OK;
3104		sbuf_delete(sb);
3105		break;
3106	}
3107	case CTL_ISCSI: {
3108		struct ctl_iscsi *ci;
3109		struct ctl_frontend *fe;
3110
3111		ci = (struct ctl_iscsi *)addr;
3112
3113		fe = ctl_frontend_find("iscsi");
3114		if (fe == NULL) {
3115			ci->status = CTL_ISCSI_ERROR;
3116			snprintf(ci->error_str, sizeof(ci->error_str),
3117			    "Frontend \"iscsi\" not found.");
3118			break;
3119		}
3120
3121		retval = fe->ioctl(dev, cmd, addr, flag, td);
3122		break;
3123	}
3124	case CTL_PORT_REQ: {
3125		struct ctl_req *req;
3126		struct ctl_frontend *fe;
3127
3128		req = (struct ctl_req *)addr;
3129
3130		fe = ctl_frontend_find(req->driver);
3131		if (fe == NULL) {
3132			req->status = CTL_LUN_ERROR;
3133			snprintf(req->error_str, sizeof(req->error_str),
3134			    "Frontend \"%s\" not found.", req->driver);
3135			break;
3136		}
3137		if (req->num_args > 0) {
3138			req->kern_args = ctl_copyin_args(req->num_args,
3139			    req->args, req->error_str, sizeof(req->error_str));
3140			if (req->kern_args == NULL) {
3141				req->status = CTL_LUN_ERROR;
3142				break;
3143			}
3144		}
3145
3146		if (fe->ioctl)
3147			retval = fe->ioctl(dev, cmd, addr, flag, td);
3148		else
3149			retval = ENODEV;
3150
3151		if (req->num_args > 0) {
3152			ctl_copyout_args(req->num_args, req->kern_args);
3153			ctl_free_args(req->num_args, req->kern_args);
3154		}
3155		break;
3156	}
3157	case CTL_PORT_LIST: {
3158		struct sbuf *sb;
3159		struct ctl_port *port;
3160		struct ctl_lun_list *list;
3161		struct ctl_option *opt;
3162		int j;
3163		uint32_t plun;
3164
3165		list = (struct ctl_lun_list *)addr;
3166
3167		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3168		if (sb == NULL) {
3169			list->status = CTL_LUN_LIST_ERROR;
3170			snprintf(list->error_str, sizeof(list->error_str),
3171				 "Unable to allocate %d bytes for LUN list",
3172				 list->alloc_len);
3173			break;
3174		}
3175
3176		sbuf_printf(sb, "<ctlportlist>\n");
3177
3178		mtx_lock(&softc->ctl_lock);
3179		STAILQ_FOREACH(port, &softc->port_list, links) {
3180			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3181					     (uintmax_t)port->targ_port);
3182
3183			/*
3184			 * Bail out as soon as we see that we've overfilled
3185			 * the buffer.
3186			 */
3187			if (retval != 0)
3188				break;
3189
3190			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3191			    "</frontend_type>\n", port->frontend->name);
3192			if (retval != 0)
3193				break;
3194
3195			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3196					     port->port_type);
3197			if (retval != 0)
3198				break;
3199
3200			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3201			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3202			if (retval != 0)
3203				break;
3204
3205			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3206			    port->port_name);
3207			if (retval != 0)
3208				break;
3209
3210			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3211			    port->physical_port);
3212			if (retval != 0)
3213				break;
3214
3215			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3216			    port->virtual_port);
3217			if (retval != 0)
3218				break;
3219
3220			if (port->target_devid != NULL) {
3221				sbuf_printf(sb, "\t<target>");
3222				ctl_id_sbuf(port->target_devid, sb);
3223				sbuf_printf(sb, "</target>\n");
3224			}
3225
3226			if (port->port_devid != NULL) {
3227				sbuf_printf(sb, "\t<port>");
3228				ctl_id_sbuf(port->port_devid, sb);
3229				sbuf_printf(sb, "</port>\n");
3230			}
3231
3232			if (port->port_info != NULL) {
3233				retval = port->port_info(port->onoff_arg, sb);
3234				if (retval != 0)
3235					break;
3236			}
3237			STAILQ_FOREACH(opt, &port->options, links) {
3238				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3239				    opt->name, opt->value, opt->name);
3240				if (retval != 0)
3241					break;
3242			}
3243
3244			if (port->lun_map != NULL) {
3245				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3246				for (j = 0; j < CTL_MAX_LUNS; j++) {
3247					plun = ctl_lun_map_from_port(port, j);
3248					if (plun >= CTL_MAX_LUNS)
3249						continue;
3250					sbuf_printf(sb,
3251					    "\t<lun id=\"%u\">%u</lun>\n",
3252					    j, plun);
3253				}
3254			}
3255
3256			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3257				if (port->wwpn_iid[j].in_use == 0 ||
3258				    (port->wwpn_iid[j].wwpn == 0 &&
3259				     port->wwpn_iid[j].name == NULL))
3260					continue;
3261
3262				if (port->wwpn_iid[j].name != NULL)
3263					retval = sbuf_printf(sb,
3264					    "\t<initiator id=\"%u\">%s</initiator>\n",
3265					    j, port->wwpn_iid[j].name);
3266				else
3267					retval = sbuf_printf(sb,
3268					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3269					    j, port->wwpn_iid[j].wwpn);
3270				if (retval != 0)
3271					break;
3272			}
3273			if (retval != 0)
3274				break;
3275
3276			retval = sbuf_printf(sb, "</targ_port>\n");
3277			if (retval != 0)
3278				break;
3279		}
3280		mtx_unlock(&softc->ctl_lock);
3281
3282		if ((retval != 0)
3283		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3284			retval = 0;
3285			sbuf_delete(sb);
3286			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3287			snprintf(list->error_str, sizeof(list->error_str),
3288				 "Out of space, %d bytes is too small",
3289				 list->alloc_len);
3290			break;
3291		}
3292
3293		sbuf_finish(sb);
3294
3295		retval = copyout(sbuf_data(sb), list->lun_xml,
3296				 sbuf_len(sb) + 1);
3297
3298		list->fill_len = sbuf_len(sb) + 1;
3299		list->status = CTL_LUN_LIST_OK;
3300		sbuf_delete(sb);
3301		break;
3302	}
3303	case CTL_LUN_MAP: {
3304		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3305		struct ctl_port *port;
3306
3307		mtx_lock(&softc->ctl_lock);
3308		if (lm->port < softc->port_min ||
3309		    lm->port >= softc->port_max ||
3310		    (port = softc->ctl_ports[lm->port]) == NULL) {
3311			mtx_unlock(&softc->ctl_lock);
3312			return (ENXIO);
3313		}
3314		if (port->status & CTL_PORT_STATUS_ONLINE) {
3315			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3316				if (ctl_lun_map_to_port(port, lun->lun) >=
3317				    CTL_MAX_LUNS)
3318					continue;
3319				mtx_lock(&lun->lun_lock);
3320				ctl_est_ua_port(lun, lm->port, -1,
3321				    CTL_UA_LUN_CHANGE);
3322				mtx_unlock(&lun->lun_lock);
3323			}
3324		}
3325		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3326		if (lm->plun < CTL_MAX_LUNS) {
3327			if (lm->lun == UINT32_MAX)
3328				retval = ctl_lun_map_unset(port, lm->plun);
3329			else if (lm->lun < CTL_MAX_LUNS &&
3330			    softc->ctl_luns[lm->lun] != NULL)
3331				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3332			else
3333				return (ENXIO);
3334		} else if (lm->plun == UINT32_MAX) {
3335			if (lm->lun == UINT32_MAX)
3336				retval = ctl_lun_map_deinit(port);
3337			else
3338				retval = ctl_lun_map_init(port);
3339		} else
3340			return (ENXIO);
3341		if (port->status & CTL_PORT_STATUS_ONLINE)
3342			ctl_isc_announce_port(port);
3343		break;
3344	}
3345	default: {
3346		/* XXX KDM should we fix this? */
3347#if 0
3348		struct ctl_backend_driver *backend;
3349		unsigned int type;
3350		int found;
3351
3352		found = 0;
3353
3354		/*
3355		 * We encode the backend type as the ioctl type for backend
3356		 * ioctls.  So parse it out here, and then search for a
3357		 * backend of this type.
3358		 */
3359		type = _IOC_TYPE(cmd);
3360
3361		STAILQ_FOREACH(backend, &softc->be_list, links) {
3362			if (backend->type == type) {
3363				found = 1;
3364				break;
3365			}
3366		}
3367		if (found == 0) {
3368			printf("ctl: unknown ioctl command %#lx or backend "
3369			       "%d\n", cmd, type);
3370			retval = EINVAL;
3371			break;
3372		}
3373		retval = backend->ioctl(dev, cmd, addr, flag, td);
3374#endif
3375		retval = ENOTTY;
3376		break;
3377	}
3378	}
3379	return (retval);
3380}
3381
3382uint32_t
3383ctl_get_initindex(struct ctl_nexus *nexus)
3384{
3385	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3386}
3387
3388int
3389ctl_lun_map_init(struct ctl_port *port)
3390{
3391	struct ctl_softc *softc = port->ctl_softc;
3392	struct ctl_lun *lun;
3393	uint32_t i;
3394
3395	if (port->lun_map == NULL)
3396		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3397		    M_CTL, M_NOWAIT);
3398	if (port->lun_map == NULL)
3399		return (ENOMEM);
3400	for (i = 0; i < CTL_MAX_LUNS; i++)
3401		port->lun_map[i] = UINT32_MAX;
3402	if (port->status & CTL_PORT_STATUS_ONLINE) {
3403		if (port->lun_disable != NULL) {
3404			STAILQ_FOREACH(lun, &softc->lun_list, links)
3405				port->lun_disable(port->targ_lun_arg, lun->lun);
3406		}
3407		ctl_isc_announce_port(port);
3408	}
3409	return (0);
3410}
3411
3412int
3413ctl_lun_map_deinit(struct ctl_port *port)
3414{
3415	struct ctl_softc *softc = port->ctl_softc;
3416	struct ctl_lun *lun;
3417
3418	if (port->lun_map == NULL)
3419		return (0);
3420	free(port->lun_map, M_CTL);
3421	port->lun_map = NULL;
3422	if (port->status & CTL_PORT_STATUS_ONLINE) {
3423		if (port->lun_enable != NULL) {
3424			STAILQ_FOREACH(lun, &softc->lun_list, links)
3425				port->lun_enable(port->targ_lun_arg, lun->lun);
3426		}
3427		ctl_isc_announce_port(port);
3428	}
3429	return (0);
3430}
3431
3432int
3433ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3434{
3435	int status;
3436	uint32_t old;
3437
3438	if (port->lun_map == NULL) {
3439		status = ctl_lun_map_init(port);
3440		if (status != 0)
3441			return (status);
3442	}
3443	old = port->lun_map[plun];
3444	port->lun_map[plun] = glun;
3445	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3446		if (port->lun_enable != NULL)
3447			port->lun_enable(port->targ_lun_arg, plun);
3448		ctl_isc_announce_port(port);
3449	}
3450	return (0);
3451}
3452
3453int
3454ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3455{
3456	uint32_t old;
3457
3458	if (port->lun_map == NULL)
3459		return (0);
3460	old = port->lun_map[plun];
3461	port->lun_map[plun] = UINT32_MAX;
3462	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3463		if (port->lun_disable != NULL)
3464			port->lun_disable(port->targ_lun_arg, plun);
3465		ctl_isc_announce_port(port);
3466	}
3467	return (0);
3468}
3469
3470uint32_t
3471ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3472{
3473
3474	if (port == NULL)
3475		return (UINT32_MAX);
3476	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3477		return (lun_id);
3478	return (port->lun_map[lun_id]);
3479}
3480
3481uint32_t
3482ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3483{
3484	uint32_t i;
3485
3486	if (port == NULL)
3487		return (UINT32_MAX);
3488	if (port->lun_map == NULL)
3489		return (lun_id);
3490	for (i = 0; i < CTL_MAX_LUNS; i++) {
3491		if (port->lun_map[i] == lun_id)
3492			return (i);
3493	}
3494	return (UINT32_MAX);
3495}
3496
3497static struct ctl_port *
3498ctl_io_port(struct ctl_io_hdr *io_hdr)
3499{
3500
3501	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3502}
3503
3504int
3505ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3506{
3507	int i;
3508
3509	for (i = first; i < last; i++) {
3510		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3511			return (i);
3512	}
3513	return (-1);
3514}
3515
3516int
3517ctl_set_mask(uint32_t *mask, uint32_t bit)
3518{
3519	uint32_t chunk, piece;
3520
3521	chunk = bit >> 5;
3522	piece = bit % (sizeof(uint32_t) * 8);
3523
3524	if ((mask[chunk] & (1 << piece)) != 0)
3525		return (-1);
3526	else
3527		mask[chunk] |= (1 << piece);
3528
3529	return (0);
3530}
3531
3532int
3533ctl_clear_mask(uint32_t *mask, uint32_t bit)
3534{
3535	uint32_t chunk, piece;
3536
3537	chunk = bit >> 5;
3538	piece = bit % (sizeof(uint32_t) * 8);
3539
3540	if ((mask[chunk] & (1 << piece)) == 0)
3541		return (-1);
3542	else
3543		mask[chunk] &= ~(1 << piece);
3544
3545	return (0);
3546}
3547
3548int
3549ctl_is_set(uint32_t *mask, uint32_t bit)
3550{
3551	uint32_t chunk, piece;
3552
3553	chunk = bit >> 5;
3554	piece = bit % (sizeof(uint32_t) * 8);
3555
3556	if ((mask[chunk] & (1 << piece)) == 0)
3557		return (0);
3558	else
3559		return (1);
3560}
3561
3562static uint64_t
3563ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3564{
3565	uint64_t *t;
3566
3567	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3568	if (t == NULL)
3569		return (0);
3570	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3571}
3572
3573static void
3574ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3575{
3576	uint64_t *t;
3577
3578	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3579	if (t == NULL)
3580		return;
3581	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3582}
3583
3584static void
3585ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3586{
3587	uint64_t *p;
3588	u_int i;
3589
3590	i = residx/CTL_MAX_INIT_PER_PORT;
3591	if (lun->pr_keys[i] != NULL)
3592		return;
3593	mtx_unlock(&lun->lun_lock);
3594	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3595	    M_WAITOK | M_ZERO);
3596	mtx_lock(&lun->lun_lock);
3597	if (lun->pr_keys[i] == NULL)
3598		lun->pr_keys[i] = p;
3599	else
3600		free(p, M_CTL);
3601}
3602
3603static void
3604ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3605{
3606	uint64_t *t;
3607
3608	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3609	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3610	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3611}
3612
3613/*
3614 * ctl_softc, pool_name, total_ctl_io are passed in.
3615 * npool is passed out.
3616 */
3617int
3618ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3619		uint32_t total_ctl_io, void **npool)
3620{
3621#ifdef IO_POOLS
3622	struct ctl_io_pool *pool;
3623
3624	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3625					    M_NOWAIT | M_ZERO);
3626	if (pool == NULL)
3627		return (ENOMEM);
3628
3629	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3630	pool->ctl_softc = ctl_softc;
3631	pool->zone = uma_zsecond_create(pool->name, NULL,
3632	    NULL, NULL, NULL, ctl_softc->io_zone);
3633	/* uma_prealloc(pool->zone, total_ctl_io); */
3634
3635	*npool = pool;
3636#else
3637	*npool = ctl_softc->io_zone;
3638#endif
3639	return (0);
3640}
3641
3642void
3643ctl_pool_free(struct ctl_io_pool *pool)
3644{
3645
3646	if (pool == NULL)
3647		return;
3648
3649#ifdef IO_POOLS
3650	uma_zdestroy(pool->zone);
3651	free(pool, M_CTL);
3652#endif
3653}
3654
3655union ctl_io *
3656ctl_alloc_io(void *pool_ref)
3657{
3658	union ctl_io *io;
3659#ifdef IO_POOLS
3660	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3661
3662	io = uma_zalloc(pool->zone, M_WAITOK);
3663#else
3664	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3665#endif
3666	if (io != NULL)
3667		io->io_hdr.pool = pool_ref;
3668	return (io);
3669}
3670
3671union ctl_io *
3672ctl_alloc_io_nowait(void *pool_ref)
3673{
3674	union ctl_io *io;
3675#ifdef IO_POOLS
3676	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3677
3678	io = uma_zalloc(pool->zone, M_NOWAIT);
3679#else
3680	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3681#endif
3682	if (io != NULL)
3683		io->io_hdr.pool = pool_ref;
3684	return (io);
3685}
3686
3687void
3688ctl_free_io(union ctl_io *io)
3689{
3690#ifdef IO_POOLS
3691	struct ctl_io_pool *pool;
3692#endif
3693
3694	if (io == NULL)
3695		return;
3696
3697#ifdef IO_POOLS
3698	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3699	uma_zfree(pool->zone, io);
3700#else
3701	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3702#endif
3703}
3704
3705void
3706ctl_zero_io(union ctl_io *io)
3707{
3708	void *pool_ref;
3709
3710	if (io == NULL)
3711		return;
3712
3713	/*
3714	 * May need to preserve linked list pointers at some point too.
3715	 */
3716	pool_ref = io->io_hdr.pool;
3717	memset(io, 0, sizeof(*io));
3718	io->io_hdr.pool = pool_ref;
3719}
3720
3721/*
3722 * This routine is currently used for internal copies of ctl_ios that need
3723 * to persist for some reason after we've already returned status to the
3724 * FETD.  (Thus the flag set.)
3725 *
3726 * XXX XXX
3727 * Note that this makes a blind copy of all fields in the ctl_io, except
3728 * for the pool reference.  This includes any memory that has been
3729 * allocated!  That memory will no longer be valid after done has been
3730 * called, so this would be VERY DANGEROUS for command that actually does
3731 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3732 * start and stop commands, which don't transfer any data, so this is not a
3733 * problem.  If it is used for anything else, the caller would also need to
3734 * allocate data buffer space and this routine would need to be modified to
3735 * copy the data buffer(s) as well.
3736 */
3737void
3738ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3739{
3740	void *pool_ref;
3741
3742	if ((src == NULL)
3743	 || (dest == NULL))
3744		return;
3745
3746	/*
3747	 * May need to preserve linked list pointers at some point too.
3748	 */
3749	pool_ref = dest->io_hdr.pool;
3750
3751	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3752
3753	dest->io_hdr.pool = pool_ref;
3754	/*
3755	 * We need to know that this is an internal copy, and doesn't need
3756	 * to get passed back to the FETD that allocated it.
3757	 */
3758	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3759}
3760
3761int
3762ctl_expand_number(const char *buf, uint64_t *num)
3763{
3764	char *endptr;
3765	uint64_t number;
3766	unsigned shift;
3767
3768	number = strtoq(buf, &endptr, 0);
3769
3770	switch (tolower((unsigned char)*endptr)) {
3771	case 'e':
3772		shift = 60;
3773		break;
3774	case 'p':
3775		shift = 50;
3776		break;
3777	case 't':
3778		shift = 40;
3779		break;
3780	case 'g':
3781		shift = 30;
3782		break;
3783	case 'm':
3784		shift = 20;
3785		break;
3786	case 'k':
3787		shift = 10;
3788		break;
3789	case 'b':
3790	case '\0': /* No unit. */
3791		*num = number;
3792		return (0);
3793	default:
3794		/* Unrecognized unit. */
3795		return (-1);
3796	}
3797
3798	if ((number << shift) >> shift != number) {
3799		/* Overflow */
3800		return (-1);
3801	}
3802	*num = number << shift;
3803	return (0);
3804}
3805
3806
3807/*
3808 * This routine could be used in the future to load default and/or saved
3809 * mode page parameters for a particuar lun.
3810 */
3811static int
3812ctl_init_page_index(struct ctl_lun *lun)
3813{
3814	int i;
3815	struct ctl_page_index *page_index;
3816	const char *value;
3817	uint64_t ival;
3818
3819	memcpy(&lun->mode_pages.index, page_index_template,
3820	       sizeof(page_index_template));
3821
3822	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3823
3824		page_index = &lun->mode_pages.index[i];
3825		if (lun->be_lun->lun_type == T_DIRECT &&
3826		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
3827			continue;
3828		if (lun->be_lun->lun_type == T_PROCESSOR &&
3829		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
3830			continue;
3831		if (lun->be_lun->lun_type == T_CDROM &&
3832		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
3833			continue;
3834
3835		switch (page_index->page_code & SMPH_PC_MASK) {
3836		case SMS_RW_ERROR_RECOVERY_PAGE: {
3837			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3838				panic("subpage is incorrect!");
3839			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3840			       &rw_er_page_default,
3841			       sizeof(rw_er_page_default));
3842			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3843			       &rw_er_page_changeable,
3844			       sizeof(rw_er_page_changeable));
3845			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3846			       &rw_er_page_default,
3847			       sizeof(rw_er_page_default));
3848			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3849			       &rw_er_page_default,
3850			       sizeof(rw_er_page_default));
3851			page_index->page_data =
3852				(uint8_t *)lun->mode_pages.rw_er_page;
3853			break;
3854		}
3855		case SMS_FORMAT_DEVICE_PAGE: {
3856			struct scsi_format_page *format_page;
3857
3858			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3859				panic("subpage is incorrect!");
3860
3861			/*
3862			 * Sectors per track are set above.  Bytes per
3863			 * sector need to be set here on a per-LUN basis.
3864			 */
3865			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3866			       &format_page_default,
3867			       sizeof(format_page_default));
3868			memcpy(&lun->mode_pages.format_page[
3869			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3870			       sizeof(format_page_changeable));
3871			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3872			       &format_page_default,
3873			       sizeof(format_page_default));
3874			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3875			       &format_page_default,
3876			       sizeof(format_page_default));
3877
3878			format_page = &lun->mode_pages.format_page[
3879				CTL_PAGE_CURRENT];
3880			scsi_ulto2b(lun->be_lun->blocksize,
3881				    format_page->bytes_per_sector);
3882
3883			format_page = &lun->mode_pages.format_page[
3884				CTL_PAGE_DEFAULT];
3885			scsi_ulto2b(lun->be_lun->blocksize,
3886				    format_page->bytes_per_sector);
3887
3888			format_page = &lun->mode_pages.format_page[
3889				CTL_PAGE_SAVED];
3890			scsi_ulto2b(lun->be_lun->blocksize,
3891				    format_page->bytes_per_sector);
3892
3893			page_index->page_data =
3894				(uint8_t *)lun->mode_pages.format_page;
3895			break;
3896		}
3897		case SMS_RIGID_DISK_PAGE: {
3898			struct scsi_rigid_disk_page *rigid_disk_page;
3899			uint32_t sectors_per_cylinder;
3900			uint64_t cylinders;
3901#ifndef	__XSCALE__
3902			int shift;
3903#endif /* !__XSCALE__ */
3904
3905			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3906				panic("invalid subpage value %d",
3907				      page_index->subpage);
3908
3909			/*
3910			 * Rotation rate and sectors per track are set
3911			 * above.  We calculate the cylinders here based on
3912			 * capacity.  Due to the number of heads and
3913			 * sectors per track we're using, smaller arrays
3914			 * may turn out to have 0 cylinders.  Linux and
3915			 * FreeBSD don't pay attention to these mode pages
3916			 * to figure out capacity, but Solaris does.  It
3917			 * seems to deal with 0 cylinders just fine, and
3918			 * works out a fake geometry based on the capacity.
3919			 */
3920			memcpy(&lun->mode_pages.rigid_disk_page[
3921			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3922			       sizeof(rigid_disk_page_default));
3923			memcpy(&lun->mode_pages.rigid_disk_page[
3924			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3925			       sizeof(rigid_disk_page_changeable));
3926
3927			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3928				CTL_DEFAULT_HEADS;
3929
3930			/*
3931			 * The divide method here will be more accurate,
3932			 * probably, but results in floating point being
3933			 * used in the kernel on i386 (__udivdi3()).  On the
3934			 * XScale, though, __udivdi3() is implemented in
3935			 * software.
3936			 *
3937			 * The shift method for cylinder calculation is
3938			 * accurate if sectors_per_cylinder is a power of
3939			 * 2.  Otherwise it might be slightly off -- you
3940			 * might have a bit of a truncation problem.
3941			 */
3942#ifdef	__XSCALE__
3943			cylinders = (lun->be_lun->maxlba + 1) /
3944				sectors_per_cylinder;
3945#else
3946			for (shift = 31; shift > 0; shift--) {
3947				if (sectors_per_cylinder & (1 << shift))
3948					break;
3949			}
3950			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3951#endif
3952
3953			/*
3954			 * We've basically got 3 bytes, or 24 bits for the
3955			 * cylinder size in the mode page.  If we're over,
3956			 * just round down to 2^24.
3957			 */
3958			if (cylinders > 0xffffff)
3959				cylinders = 0xffffff;
3960
3961			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3962				CTL_PAGE_DEFAULT];
3963			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3964
3965			if ((value = ctl_get_opt(&lun->be_lun->options,
3966			    "rpm")) != NULL) {
3967				scsi_ulto2b(strtol(value, NULL, 0),
3968				     rigid_disk_page->rotation_rate);
3969			}
3970
3971			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3972			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3973			       sizeof(rigid_disk_page_default));
3974			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3975			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3976			       sizeof(rigid_disk_page_default));
3977
3978			page_index->page_data =
3979				(uint8_t *)lun->mode_pages.rigid_disk_page;
3980			break;
3981		}
3982		case SMS_CACHING_PAGE: {
3983			struct scsi_caching_page *caching_page;
3984
3985			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3986				panic("invalid subpage value %d",
3987				      page_index->subpage);
3988			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3989			       &caching_page_default,
3990			       sizeof(caching_page_default));
3991			memcpy(&lun->mode_pages.caching_page[
3992			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3993			       sizeof(caching_page_changeable));
3994			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3995			       &caching_page_default,
3996			       sizeof(caching_page_default));
3997			caching_page = &lun->mode_pages.caching_page[
3998			    CTL_PAGE_SAVED];
3999			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4000			if (value != NULL && strcmp(value, "off") == 0)
4001				caching_page->flags1 &= ~SCP_WCE;
4002			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4003			if (value != NULL && strcmp(value, "off") == 0)
4004				caching_page->flags1 |= SCP_RCD;
4005			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4006			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4007			       sizeof(caching_page_default));
4008			page_index->page_data =
4009				(uint8_t *)lun->mode_pages.caching_page;
4010			break;
4011		}
4012		case SMS_CONTROL_MODE_PAGE: {
4013			switch (page_index->subpage) {
4014			case SMS_SUBPAGE_PAGE_0: {
4015				struct scsi_control_page *control_page;
4016
4017				memcpy(&lun->mode_pages.control_page[
4018				    CTL_PAGE_DEFAULT],
4019				       &control_page_default,
4020				       sizeof(control_page_default));
4021				memcpy(&lun->mode_pages.control_page[
4022				    CTL_PAGE_CHANGEABLE],
4023				       &control_page_changeable,
4024				       sizeof(control_page_changeable));
4025				memcpy(&lun->mode_pages.control_page[
4026				    CTL_PAGE_SAVED],
4027				       &control_page_default,
4028				       sizeof(control_page_default));
4029				control_page = &lun->mode_pages.control_page[
4030				    CTL_PAGE_SAVED];
4031				value = ctl_get_opt(&lun->be_lun->options,
4032				    "reordering");
4033				if (value != NULL &&
4034				    strcmp(value, "unrestricted") == 0) {
4035					control_page->queue_flags &=
4036					    ~SCP_QUEUE_ALG_MASK;
4037					control_page->queue_flags |=
4038					    SCP_QUEUE_ALG_UNRESTRICTED;
4039				}
4040				memcpy(&lun->mode_pages.control_page[
4041				    CTL_PAGE_CURRENT],
4042				       &lun->mode_pages.control_page[
4043				    CTL_PAGE_SAVED],
4044				       sizeof(control_page_default));
4045				page_index->page_data =
4046				    (uint8_t *)lun->mode_pages.control_page;
4047				break;
4048			}
4049			case 0x01:
4050				memcpy(&lun->mode_pages.control_ext_page[
4051				    CTL_PAGE_DEFAULT],
4052				       &control_ext_page_default,
4053				       sizeof(control_ext_page_default));
4054				memcpy(&lun->mode_pages.control_ext_page[
4055				    CTL_PAGE_CHANGEABLE],
4056				       &control_ext_page_changeable,
4057				       sizeof(control_ext_page_changeable));
4058				memcpy(&lun->mode_pages.control_ext_page[
4059				    CTL_PAGE_SAVED],
4060				       &control_ext_page_default,
4061				       sizeof(control_ext_page_default));
4062				memcpy(&lun->mode_pages.control_ext_page[
4063				    CTL_PAGE_CURRENT],
4064				       &lun->mode_pages.control_ext_page[
4065				    CTL_PAGE_SAVED],
4066				       sizeof(control_ext_page_default));
4067				page_index->page_data =
4068				    (uint8_t *)lun->mode_pages.control_ext_page;
4069				break;
4070			}
4071			break;
4072		}
4073		case SMS_INFO_EXCEPTIONS_PAGE: {
4074			switch (page_index->subpage) {
4075			case SMS_SUBPAGE_PAGE_0:
4076				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4077				       &ie_page_default,
4078				       sizeof(ie_page_default));
4079				memcpy(&lun->mode_pages.ie_page[
4080				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4081				       sizeof(ie_page_changeable));
4082				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4083				       &ie_page_default,
4084				       sizeof(ie_page_default));
4085				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4086				       &ie_page_default,
4087				       sizeof(ie_page_default));
4088				page_index->page_data =
4089					(uint8_t *)lun->mode_pages.ie_page;
4090				break;
4091			case 0x02: {
4092				struct ctl_logical_block_provisioning_page *page;
4093
4094				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4095				       &lbp_page_default,
4096				       sizeof(lbp_page_default));
4097				memcpy(&lun->mode_pages.lbp_page[
4098				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4099				       sizeof(lbp_page_changeable));
4100				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4101				       &lbp_page_default,
4102				       sizeof(lbp_page_default));
4103				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4104				value = ctl_get_opt(&lun->be_lun->options,
4105				    "avail-threshold");
4106				if (value != NULL &&
4107				    ctl_expand_number(value, &ival) == 0) {
4108					page->descr[0].flags |= SLBPPD_ENABLED |
4109					    SLBPPD_ARMING_DEC;
4110					if (lun->be_lun->blocksize)
4111						ival /= lun->be_lun->blocksize;
4112					else
4113						ival /= 512;
4114					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4115					    page->descr[0].count);
4116				}
4117				value = ctl_get_opt(&lun->be_lun->options,
4118				    "used-threshold");
4119				if (value != NULL &&
4120				    ctl_expand_number(value, &ival) == 0) {
4121					page->descr[1].flags |= SLBPPD_ENABLED |
4122					    SLBPPD_ARMING_INC;
4123					if (lun->be_lun->blocksize)
4124						ival /= lun->be_lun->blocksize;
4125					else
4126						ival /= 512;
4127					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4128					    page->descr[1].count);
4129				}
4130				value = ctl_get_opt(&lun->be_lun->options,
4131				    "pool-avail-threshold");
4132				if (value != NULL &&
4133				    ctl_expand_number(value, &ival) == 0) {
4134					page->descr[2].flags |= SLBPPD_ENABLED |
4135					    SLBPPD_ARMING_DEC;
4136					if (lun->be_lun->blocksize)
4137						ival /= lun->be_lun->blocksize;
4138					else
4139						ival /= 512;
4140					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4141					    page->descr[2].count);
4142				}
4143				value = ctl_get_opt(&lun->be_lun->options,
4144				    "pool-used-threshold");
4145				if (value != NULL &&
4146				    ctl_expand_number(value, &ival) == 0) {
4147					page->descr[3].flags |= SLBPPD_ENABLED |
4148					    SLBPPD_ARMING_INC;
4149					if (lun->be_lun->blocksize)
4150						ival /= lun->be_lun->blocksize;
4151					else
4152						ival /= 512;
4153					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4154					    page->descr[3].count);
4155				}
4156				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4157				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4158				       sizeof(lbp_page_default));
4159				page_index->page_data =
4160					(uint8_t *)lun->mode_pages.lbp_page;
4161			}}
4162			break;
4163		}
4164		case SMS_VENDOR_SPECIFIC_PAGE:{
4165			switch (page_index->subpage) {
4166			case DBGCNF_SUBPAGE_CODE: {
4167				memcpy(&lun->mode_pages.debugconf_subpage[
4168				       CTL_PAGE_CURRENT],
4169				       &debugconf_page_default,
4170				       sizeof(debugconf_page_default));
4171				memcpy(&lun->mode_pages.debugconf_subpage[
4172				       CTL_PAGE_CHANGEABLE],
4173				       &debugconf_page_changeable,
4174				       sizeof(debugconf_page_changeable));
4175				memcpy(&lun->mode_pages.debugconf_subpage[
4176				       CTL_PAGE_DEFAULT],
4177				       &debugconf_page_default,
4178				       sizeof(debugconf_page_default));
4179				memcpy(&lun->mode_pages.debugconf_subpage[
4180				       CTL_PAGE_SAVED],
4181				       &debugconf_page_default,
4182				       sizeof(debugconf_page_default));
4183				page_index->page_data =
4184				    (uint8_t *)lun->mode_pages.debugconf_subpage;
4185				break;
4186			}
4187			default:
4188				panic("invalid subpage value %d",
4189				      page_index->subpage);
4190				break;
4191			}
4192   			break;
4193		}
4194		default:
4195			panic("invalid page value %d",
4196			      page_index->page_code & SMPH_PC_MASK);
4197			break;
4198    	}
4199	}
4200
4201	return (CTL_RETVAL_COMPLETE);
4202}
4203
4204static int
4205ctl_init_log_page_index(struct ctl_lun *lun)
4206{
4207	struct ctl_page_index *page_index;
4208	int i, j, k, prev;
4209
4210	memcpy(&lun->log_pages.index, log_page_index_template,
4211	       sizeof(log_page_index_template));
4212
4213	prev = -1;
4214	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4215
4216		page_index = &lun->log_pages.index[i];
4217		if (lun->be_lun->lun_type == T_DIRECT &&
4218		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4219			continue;
4220		if (lun->be_lun->lun_type == T_PROCESSOR &&
4221		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4222			continue;
4223		if (lun->be_lun->lun_type == T_CDROM &&
4224		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4225			continue;
4226
4227		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4228		    lun->backend->lun_attr == NULL)
4229			continue;
4230
4231		if (page_index->page_code != prev) {
4232			lun->log_pages.pages_page[j] = page_index->page_code;
4233			prev = page_index->page_code;
4234			j++;
4235		}
4236		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4237		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4238		k++;
4239	}
4240	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4241	lun->log_pages.index[0].page_len = j;
4242	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4243	lun->log_pages.index[1].page_len = k * 2;
4244	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4245	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4246	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4247	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4248
4249	return (CTL_RETVAL_COMPLETE);
4250}
4251
4252static int
4253hex2bin(const char *str, uint8_t *buf, int buf_size)
4254{
4255	int i;
4256	u_char c;
4257
4258	memset(buf, 0, buf_size);
4259	while (isspace(str[0]))
4260		str++;
4261	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4262		str += 2;
4263	buf_size *= 2;
4264	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4265		c = str[i];
4266		if (isdigit(c))
4267			c -= '0';
4268		else if (isalpha(c))
4269			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4270		else
4271			break;
4272		if (c >= 16)
4273			break;
4274		if ((i & 1) == 0)
4275			buf[i / 2] |= (c << 4);
4276		else
4277			buf[i / 2] |= c;
4278	}
4279	return ((i + 1) / 2);
4280}
4281
4282/*
4283 * LUN allocation.
4284 *
4285 * Requirements:
4286 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4287 *   wants us to allocate the LUN and he can block.
4288 * - ctl_softc is always set
4289 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4290 *
4291 * Returns 0 for success, non-zero (errno) for failure.
4292 */
4293static int
4294ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4295	      struct ctl_be_lun *const be_lun)
4296{
4297	struct ctl_lun *nlun, *lun;
4298	struct scsi_vpd_id_descriptor *desc;
4299	struct scsi_vpd_id_t10 *t10id;
4300	const char *eui, *naa, *scsiname, *vendor, *value;
4301	int lun_number, i, lun_malloced;
4302	int devidlen, idlen1, idlen2 = 0, len;
4303
4304	if (be_lun == NULL)
4305		return (EINVAL);
4306
4307	/*
4308	 * We currently only support Direct Access or Processor LUN types.
4309	 */
4310	switch (be_lun->lun_type) {
4311	case T_DIRECT:
4312	case T_PROCESSOR:
4313	case T_CDROM:
4314		break;
4315	case T_SEQUENTIAL:
4316	case T_CHANGER:
4317	default:
4318		be_lun->lun_config_status(be_lun->be_lun,
4319					  CTL_LUN_CONFIG_FAILURE);
4320		break;
4321	}
4322	if (ctl_lun == NULL) {
4323		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4324		lun_malloced = 1;
4325	} else {
4326		lun_malloced = 0;
4327		lun = ctl_lun;
4328	}
4329
4330	memset(lun, 0, sizeof(*lun));
4331	if (lun_malloced)
4332		lun->flags = CTL_LUN_MALLOCED;
4333
4334	/* Generate LUN ID. */
4335	devidlen = max(CTL_DEVID_MIN_LEN,
4336	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4337	idlen1 = sizeof(*t10id) + devidlen;
4338	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4339	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4340	if (scsiname != NULL) {
4341		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4342		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4343	}
4344	eui = ctl_get_opt(&be_lun->options, "eui");
4345	if (eui != NULL) {
4346		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4347	}
4348	naa = ctl_get_opt(&be_lun->options, "naa");
4349	if (naa != NULL) {
4350		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4351	}
4352	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4353	    M_CTL, M_WAITOK | M_ZERO);
4354	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4355	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4356	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4357	desc->length = idlen1;
4358	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4359	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4360	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4361		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4362	} else {
4363		strncpy(t10id->vendor, vendor,
4364		    min(sizeof(t10id->vendor), strlen(vendor)));
4365	}
4366	strncpy((char *)t10id->vendor_spec_id,
4367	    (char *)be_lun->device_id, devidlen);
4368	if (scsiname != NULL) {
4369		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4370		    desc->length);
4371		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4372		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4373		    SVPD_ID_TYPE_SCSI_NAME;
4374		desc->length = idlen2;
4375		strlcpy(desc->identifier, scsiname, idlen2);
4376	}
4377	if (eui != NULL) {
4378		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4379		    desc->length);
4380		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4381		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4382		    SVPD_ID_TYPE_EUI64;
4383		desc->length = hex2bin(eui, desc->identifier, 16);
4384		desc->length = desc->length > 12 ? 16 :
4385		    (desc->length > 8 ? 12 : 8);
4386		len -= 16 - desc->length;
4387	}
4388	if (naa != NULL) {
4389		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4390		    desc->length);
4391		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4392		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4393		    SVPD_ID_TYPE_NAA;
4394		desc->length = hex2bin(naa, desc->identifier, 16);
4395		desc->length = desc->length > 8 ? 16 : 8;
4396		len -= 16 - desc->length;
4397	}
4398	lun->lun_devid->len = len;
4399
4400	mtx_lock(&ctl_softc->ctl_lock);
4401	/*
4402	 * See if the caller requested a particular LUN number.  If so, see
4403	 * if it is available.  Otherwise, allocate the first available LUN.
4404	 */
4405	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4406		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4407		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4408			mtx_unlock(&ctl_softc->ctl_lock);
4409			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4410				printf("ctl: requested LUN ID %d is higher "
4411				       "than CTL_MAX_LUNS - 1 (%d)\n",
4412				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4413			} else {
4414				/*
4415				 * XXX KDM return an error, or just assign
4416				 * another LUN ID in this case??
4417				 */
4418				printf("ctl: requested LUN ID %d is already "
4419				       "in use\n", be_lun->req_lun_id);
4420			}
4421			if (lun->flags & CTL_LUN_MALLOCED)
4422				free(lun, M_CTL);
4423			be_lun->lun_config_status(be_lun->be_lun,
4424						  CTL_LUN_CONFIG_FAILURE);
4425			return (ENOSPC);
4426		}
4427		lun_number = be_lun->req_lun_id;
4428	} else {
4429		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4430		if (lun_number == -1) {
4431			mtx_unlock(&ctl_softc->ctl_lock);
4432			printf("ctl: can't allocate LUN, out of LUNs\n");
4433			if (lun->flags & CTL_LUN_MALLOCED)
4434				free(lun, M_CTL);
4435			be_lun->lun_config_status(be_lun->be_lun,
4436						  CTL_LUN_CONFIG_FAILURE);
4437			return (ENOSPC);
4438		}
4439	}
4440	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4441
4442	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4443	lun->lun = lun_number;
4444	lun->be_lun = be_lun;
4445	/*
4446	 * The processor LUN is always enabled.  Disk LUNs come on line
4447	 * disabled, and must be enabled by the backend.
4448	 */
4449	lun->flags |= CTL_LUN_DISABLED;
4450	lun->backend = be_lun->be;
4451	be_lun->ctl_lun = lun;
4452	be_lun->lun_id = lun_number;
4453	atomic_add_int(&be_lun->be->num_luns, 1);
4454	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4455		lun->flags |= CTL_LUN_OFFLINE;
4456
4457	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4458		lun->flags |= CTL_LUN_STOPPED;
4459
4460	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4461		lun->flags |= CTL_LUN_INOPERABLE;
4462
4463	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4464		lun->flags |= CTL_LUN_PRIMARY_SC;
4465
4466	value = ctl_get_opt(&be_lun->options, "removable");
4467	if (value != NULL) {
4468		if (strcmp(value, "on") == 0)
4469			lun->flags |= CTL_LUN_REMOVABLE;
4470	} else if (be_lun->lun_type == T_CDROM)
4471		lun->flags |= CTL_LUN_REMOVABLE;
4472
4473	lun->ctl_softc = ctl_softc;
4474#ifdef CTL_TIME_IO
4475	lun->last_busy = getsbinuptime();
4476#endif
4477	TAILQ_INIT(&lun->ooa_queue);
4478	TAILQ_INIT(&lun->blocked_queue);
4479	STAILQ_INIT(&lun->error_list);
4480	ctl_tpc_lun_init(lun);
4481
4482	/*
4483	 * Initialize the mode and log page index.
4484	 */
4485	ctl_init_page_index(lun);
4486	ctl_init_log_page_index(lun);
4487
4488	/*
4489	 * Now, before we insert this lun on the lun list, set the lun
4490	 * inventory changed UA for all other luns.
4491	 */
4492	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4493		mtx_lock(&nlun->lun_lock);
4494		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4495		mtx_unlock(&nlun->lun_lock);
4496	}
4497
4498	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4499
4500	ctl_softc->ctl_luns[lun_number] = lun;
4501
4502	ctl_softc->num_luns++;
4503
4504	/* Setup statistics gathering */
4505	lun->stats.device_type = be_lun->lun_type;
4506	lun->stats.lun_number = lun_number;
4507	lun->stats.blocksize = be_lun->blocksize;
4508	if (be_lun->blocksize == 0)
4509		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4510	for (i = 0;i < CTL_MAX_PORTS;i++)
4511		lun->stats.ports[i].targ_port = i;
4512
4513	mtx_unlock(&ctl_softc->ctl_lock);
4514
4515	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4516	return (0);
4517}
4518
4519/*
4520 * Delete a LUN.
4521 * Assumptions:
4522 * - LUN has already been marked invalid and any pending I/O has been taken
4523 *   care of.
4524 */
4525static int
4526ctl_free_lun(struct ctl_lun *lun)
4527{
4528	struct ctl_softc *softc;
4529	struct ctl_lun *nlun;
4530	int i;
4531
4532	softc = lun->ctl_softc;
4533
4534	mtx_assert(&softc->ctl_lock, MA_OWNED);
4535
4536	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4537
4538	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4539
4540	softc->ctl_luns[lun->lun] = NULL;
4541
4542	if (!TAILQ_EMPTY(&lun->ooa_queue))
4543		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4544
4545	softc->num_luns--;
4546
4547	/*
4548	 * Tell the backend to free resources, if this LUN has a backend.
4549	 */
4550	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4551	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4552
4553	ctl_tpc_lun_shutdown(lun);
4554	mtx_destroy(&lun->lun_lock);
4555	free(lun->lun_devid, M_CTL);
4556	for (i = 0; i < CTL_MAX_PORTS; i++)
4557		free(lun->pending_ua[i], M_CTL);
4558	for (i = 0; i < CTL_MAX_PORTS; i++)
4559		free(lun->pr_keys[i], M_CTL);
4560	free(lun->write_buffer, M_CTL);
4561	if (lun->flags & CTL_LUN_MALLOCED)
4562		free(lun, M_CTL);
4563
4564	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4565		mtx_lock(&nlun->lun_lock);
4566		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4567		mtx_unlock(&nlun->lun_lock);
4568	}
4569
4570	return (0);
4571}
4572
4573static void
4574ctl_create_lun(struct ctl_be_lun *be_lun)
4575{
4576
4577	/*
4578	 * ctl_alloc_lun() should handle all potential failure cases.
4579	 */
4580	ctl_alloc_lun(control_softc, NULL, be_lun);
4581}
4582
4583int
4584ctl_add_lun(struct ctl_be_lun *be_lun)
4585{
4586	struct ctl_softc *softc = control_softc;
4587
4588	mtx_lock(&softc->ctl_lock);
4589	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4590	mtx_unlock(&softc->ctl_lock);
4591	wakeup(&softc->pending_lun_queue);
4592
4593	return (0);
4594}
4595
4596int
4597ctl_enable_lun(struct ctl_be_lun *be_lun)
4598{
4599	struct ctl_softc *softc;
4600	struct ctl_port *port, *nport;
4601	struct ctl_lun *lun;
4602	int retval;
4603
4604	lun = (struct ctl_lun *)be_lun->ctl_lun;
4605	softc = lun->ctl_softc;
4606
4607	mtx_lock(&softc->ctl_lock);
4608	mtx_lock(&lun->lun_lock);
4609	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4610		/*
4611		 * eh?  Why did we get called if the LUN is already
4612		 * enabled?
4613		 */
4614		mtx_unlock(&lun->lun_lock);
4615		mtx_unlock(&softc->ctl_lock);
4616		return (0);
4617	}
4618	lun->flags &= ~CTL_LUN_DISABLED;
4619	mtx_unlock(&lun->lun_lock);
4620
4621	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4622		nport = STAILQ_NEXT(port, links);
4623		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4624		    port->lun_map != NULL || port->lun_enable == NULL)
4625			continue;
4626
4627		/*
4628		 * Drop the lock while we call the FETD's enable routine.
4629		 * This can lead to a callback into CTL (at least in the
4630		 * case of the internal initiator frontend.
4631		 */
4632		mtx_unlock(&softc->ctl_lock);
4633		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4634		mtx_lock(&softc->ctl_lock);
4635		if (retval != 0) {
4636			printf("%s: FETD %s port %d returned error "
4637			       "%d for lun_enable on lun %jd\n",
4638			       __func__, port->port_name, port->targ_port,
4639			       retval, (intmax_t)lun->lun);
4640		}
4641	}
4642
4643	mtx_unlock(&softc->ctl_lock);
4644	ctl_isc_announce_lun(lun);
4645
4646	return (0);
4647}
4648
4649int
4650ctl_disable_lun(struct ctl_be_lun *be_lun)
4651{
4652	struct ctl_softc *softc;
4653	struct ctl_port *port;
4654	struct ctl_lun *lun;
4655	int retval;
4656
4657	lun = (struct ctl_lun *)be_lun->ctl_lun;
4658	softc = lun->ctl_softc;
4659
4660	mtx_lock(&softc->ctl_lock);
4661	mtx_lock(&lun->lun_lock);
4662	if (lun->flags & CTL_LUN_DISABLED) {
4663		mtx_unlock(&lun->lun_lock);
4664		mtx_unlock(&softc->ctl_lock);
4665		return (0);
4666	}
4667	lun->flags |= CTL_LUN_DISABLED;
4668	mtx_unlock(&lun->lun_lock);
4669
4670	STAILQ_FOREACH(port, &softc->port_list, links) {
4671		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4672		    port->lun_map != NULL || port->lun_disable == NULL)
4673			continue;
4674
4675		/*
4676		 * Drop the lock before we call the frontend's disable
4677		 * routine, to avoid lock order reversals.
4678		 *
4679		 * XXX KDM what happens if the frontend list changes while
4680		 * we're traversing it?  It's unlikely, but should be handled.
4681		 */
4682		mtx_unlock(&softc->ctl_lock);
4683		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4684		mtx_lock(&softc->ctl_lock);
4685		if (retval != 0) {
4686			printf("%s: FETD %s port %d returned error "
4687			       "%d for lun_disable on lun %jd\n",
4688			       __func__, port->port_name, port->targ_port,
4689			       retval, (intmax_t)lun->lun);
4690		}
4691	}
4692
4693	mtx_unlock(&softc->ctl_lock);
4694	ctl_isc_announce_lun(lun);
4695
4696	return (0);
4697}
4698
4699int
4700ctl_start_lun(struct ctl_be_lun *be_lun)
4701{
4702	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4703
4704	mtx_lock(&lun->lun_lock);
4705	lun->flags &= ~CTL_LUN_STOPPED;
4706	mtx_unlock(&lun->lun_lock);
4707	return (0);
4708}
4709
4710int
4711ctl_stop_lun(struct ctl_be_lun *be_lun)
4712{
4713	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4714
4715	mtx_lock(&lun->lun_lock);
4716	lun->flags |= CTL_LUN_STOPPED;
4717	mtx_unlock(&lun->lun_lock);
4718	return (0);
4719}
4720
4721int
4722ctl_lun_offline(struct ctl_be_lun *be_lun)
4723{
4724	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4725
4726	mtx_lock(&lun->lun_lock);
4727	lun->flags |= CTL_LUN_OFFLINE;
4728	mtx_unlock(&lun->lun_lock);
4729	return (0);
4730}
4731
4732int
4733ctl_lun_online(struct ctl_be_lun *be_lun)
4734{
4735	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4736
4737	mtx_lock(&lun->lun_lock);
4738	lun->flags &= ~CTL_LUN_OFFLINE;
4739	mtx_unlock(&lun->lun_lock);
4740	return (0);
4741}
4742
4743int
4744ctl_lun_primary(struct ctl_be_lun *be_lun)
4745{
4746	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4747
4748	mtx_lock(&lun->lun_lock);
4749	lun->flags |= CTL_LUN_PRIMARY_SC;
4750	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4751	mtx_unlock(&lun->lun_lock);
4752	ctl_isc_announce_lun(lun);
4753	return (0);
4754}
4755
4756int
4757ctl_lun_secondary(struct ctl_be_lun *be_lun)
4758{
4759	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4760
4761	mtx_lock(&lun->lun_lock);
4762	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4763	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4764	mtx_unlock(&lun->lun_lock);
4765	ctl_isc_announce_lun(lun);
4766	return (0);
4767}
4768
4769int
4770ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4771{
4772	struct ctl_softc *softc;
4773	struct ctl_lun *lun;
4774
4775	lun = (struct ctl_lun *)be_lun->ctl_lun;
4776	softc = lun->ctl_softc;
4777
4778	mtx_lock(&lun->lun_lock);
4779
4780	/*
4781	 * The LUN needs to be disabled before it can be marked invalid.
4782	 */
4783	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4784		mtx_unlock(&lun->lun_lock);
4785		return (-1);
4786	}
4787	/*
4788	 * Mark the LUN invalid.
4789	 */
4790	lun->flags |= CTL_LUN_INVALID;
4791
4792	/*
4793	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4794	 * If we have something in the OOA queue, we'll free it when the
4795	 * last I/O completes.
4796	 */
4797	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4798		mtx_unlock(&lun->lun_lock);
4799		mtx_lock(&softc->ctl_lock);
4800		ctl_free_lun(lun);
4801		mtx_unlock(&softc->ctl_lock);
4802	} else
4803		mtx_unlock(&lun->lun_lock);
4804
4805	return (0);
4806}
4807
4808int
4809ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4810{
4811	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4812
4813	mtx_lock(&lun->lun_lock);
4814	lun->flags |= CTL_LUN_INOPERABLE;
4815	mtx_unlock(&lun->lun_lock);
4816	return (0);
4817}
4818
4819int
4820ctl_lun_operable(struct ctl_be_lun *be_lun)
4821{
4822	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4823
4824	mtx_lock(&lun->lun_lock);
4825	lun->flags &= ~CTL_LUN_INOPERABLE;
4826	mtx_unlock(&lun->lun_lock);
4827	return (0);
4828}
4829
4830void
4831ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4832{
4833	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4834	union ctl_ha_msg msg;
4835
4836	mtx_lock(&lun->lun_lock);
4837	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4838	mtx_unlock(&lun->lun_lock);
4839	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4840		/* Send msg to other side. */
4841		bzero(&msg.ua, sizeof(msg.ua));
4842		msg.hdr.msg_type = CTL_MSG_UA;
4843		msg.hdr.nexus.initid = -1;
4844		msg.hdr.nexus.targ_port = -1;
4845		msg.hdr.nexus.targ_lun = lun->lun;
4846		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4847		msg.ua.ua_all = 1;
4848		msg.ua.ua_set = 1;
4849		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4850		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4851		    M_WAITOK);
4852	}
4853}
4854
4855/*
4856 * Backend "memory move is complete" callback for requests that never
4857 * make it down to say RAIDCore's configuration code.
4858 */
4859int
4860ctl_config_move_done(union ctl_io *io)
4861{
4862	int retval;
4863
4864	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4865	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4866	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4867
4868	if ((io->io_hdr.port_status != 0) &&
4869	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4870	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4871		/*
4872		 * For hardware error sense keys, the sense key
4873		 * specific value is defined to be a retry count,
4874		 * but we use it to pass back an internal FETD
4875		 * error code.  XXX KDM  Hopefully the FETD is only
4876		 * using 16 bits for an error code, since that's
4877		 * all the space we have in the sks field.
4878		 */
4879		ctl_set_internal_failure(&io->scsiio,
4880					 /*sks_valid*/ 1,
4881					 /*retry_count*/
4882					 io->io_hdr.port_status);
4883	}
4884
4885	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4886		ctl_data_print(io);
4887	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4888	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4889	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4890	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4891		/*
4892		 * XXX KDM just assuming a single pointer here, and not a
4893		 * S/G list.  If we start using S/G lists for config data,
4894		 * we'll need to know how to clean them up here as well.
4895		 */
4896		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4897			free(io->scsiio.kern_data_ptr, M_CTL);
4898		ctl_done(io);
4899		retval = CTL_RETVAL_COMPLETE;
4900	} else {
4901		/*
4902		 * XXX KDM now we need to continue data movement.  Some
4903		 * options:
4904		 * - call ctl_scsiio() again?  We don't do this for data
4905		 *   writes, because for those at least we know ahead of
4906		 *   time where the write will go and how long it is.  For
4907		 *   config writes, though, that information is largely
4908		 *   contained within the write itself, thus we need to
4909		 *   parse out the data again.
4910		 *
4911		 * - Call some other function once the data is in?
4912		 */
4913
4914		/*
4915		 * XXX KDM call ctl_scsiio() again for now, and check flag
4916		 * bits to see whether we're allocated or not.
4917		 */
4918		retval = ctl_scsiio(&io->scsiio);
4919	}
4920	return (retval);
4921}
4922
4923/*
4924 * This gets called by a backend driver when it is done with a
4925 * data_submit method.
4926 */
4927void
4928ctl_data_submit_done(union ctl_io *io)
4929{
4930	/*
4931	 * If the IO_CONT flag is set, we need to call the supplied
4932	 * function to continue processing the I/O, instead of completing
4933	 * the I/O just yet.
4934	 *
4935	 * If there is an error, though, we don't want to keep processing.
4936	 * Instead, just send status back to the initiator.
4937	 */
4938	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4939	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4940	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4941	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4942		io->scsiio.io_cont(io);
4943		return;
4944	}
4945	ctl_done(io);
4946}
4947
4948/*
4949 * This gets called by a backend driver when it is done with a
4950 * configuration write.
4951 */
4952void
4953ctl_config_write_done(union ctl_io *io)
4954{
4955	uint8_t *buf;
4956
4957	/*
4958	 * If the IO_CONT flag is set, we need to call the supplied
4959	 * function to continue processing the I/O, instead of completing
4960	 * the I/O just yet.
4961	 *
4962	 * If there is an error, though, we don't want to keep processing.
4963	 * Instead, just send status back to the initiator.
4964	 */
4965	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4966	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4967	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4968	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4969		io->scsiio.io_cont(io);
4970		return;
4971	}
4972	/*
4973	 * Since a configuration write can be done for commands that actually
4974	 * have data allocated, like write buffer, and commands that have
4975	 * no data, like start/stop unit, we need to check here.
4976	 */
4977	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4978		buf = io->scsiio.kern_data_ptr;
4979	else
4980		buf = NULL;
4981	ctl_done(io);
4982	if (buf)
4983		free(buf, M_CTL);
4984}
4985
4986void
4987ctl_config_read_done(union ctl_io *io)
4988{
4989	uint8_t *buf;
4990
4991	/*
4992	 * If there is some error -- we are done, skip data transfer.
4993	 */
4994	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4995	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4996	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4997		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4998			buf = io->scsiio.kern_data_ptr;
4999		else
5000			buf = NULL;
5001		ctl_done(io);
5002		if (buf)
5003			free(buf, M_CTL);
5004		return;
5005	}
5006
5007	/*
5008	 * If the IO_CONT flag is set, we need to call the supplied
5009	 * function to continue processing the I/O, instead of completing
5010	 * the I/O just yet.
5011	 */
5012	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5013		io->scsiio.io_cont(io);
5014		return;
5015	}
5016
5017	ctl_datamove(io);
5018}
5019
5020/*
5021 * SCSI release command.
5022 */
5023int
5024ctl_scsi_release(struct ctl_scsiio *ctsio)
5025{
5026	struct ctl_lun *lun;
5027	uint32_t residx;
5028
5029	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5030
5031	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5032	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5033
5034	/*
5035	 * XXX KDM right now, we only support LUN reservation.  We don't
5036	 * support 3rd party reservations, or extent reservations, which
5037	 * might actually need the parameter list.  If we've gotten this
5038	 * far, we've got a LUN reservation.  Anything else got kicked out
5039	 * above.  So, according to SPC, ignore the length.
5040	 */
5041
5042	mtx_lock(&lun->lun_lock);
5043
5044	/*
5045	 * According to SPC, it is not an error for an intiator to attempt
5046	 * to release a reservation on a LUN that isn't reserved, or that
5047	 * is reserved by another initiator.  The reservation can only be
5048	 * released, though, by the initiator who made it or by one of
5049	 * several reset type events.
5050	 */
5051	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5052			lun->flags &= ~CTL_LUN_RESERVED;
5053
5054	mtx_unlock(&lun->lun_lock);
5055
5056	ctl_set_success(ctsio);
5057	ctl_done((union ctl_io *)ctsio);
5058	return (CTL_RETVAL_COMPLETE);
5059}
5060
5061int
5062ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5063{
5064	struct ctl_lun *lun;
5065	uint32_t residx;
5066
5067	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5068
5069	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5070	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5071
5072	/*
5073	 * XXX KDM right now, we only support LUN reservation.  We don't
5074	 * support 3rd party reservations, or extent reservations, which
5075	 * might actually need the parameter list.  If we've gotten this
5076	 * far, we've got a LUN reservation.  Anything else got kicked out
5077	 * above.  So, according to SPC, ignore the length.
5078	 */
5079
5080	mtx_lock(&lun->lun_lock);
5081	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5082		ctl_set_reservation_conflict(ctsio);
5083		goto bailout;
5084	}
5085	lun->flags |= CTL_LUN_RESERVED;
5086	lun->res_idx = residx;
5087	ctl_set_success(ctsio);
5088
5089bailout:
5090	mtx_unlock(&lun->lun_lock);
5091	ctl_done((union ctl_io *)ctsio);
5092	return (CTL_RETVAL_COMPLETE);
5093}
5094
5095int
5096ctl_start_stop(struct ctl_scsiio *ctsio)
5097{
5098	struct scsi_start_stop_unit *cdb;
5099	struct ctl_lun *lun;
5100	int retval;
5101
5102	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5103
5104	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5105	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5106
5107	/*
5108	 * XXX KDM
5109	 * We don't support the immediate bit on a stop unit.  In order to
5110	 * do that, we would need to code up a way to know that a stop is
5111	 * pending, and hold off any new commands until it completes, one
5112	 * way or another.  Then we could accept or reject those commands
5113	 * depending on its status.  We would almost need to do the reverse
5114	 * of what we do below for an immediate start -- return the copy of
5115	 * the ctl_io to the FETD with status to send to the host (and to
5116	 * free the copy!) and then free the original I/O once the stop
5117	 * actually completes.  That way, the OOA queue mechanism can work
5118	 * to block commands that shouldn't proceed.  Another alternative
5119	 * would be to put the copy in the queue in place of the original,
5120	 * and return the original back to the caller.  That could be
5121	 * slightly safer..
5122	 */
5123	if ((cdb->byte2 & SSS_IMMED)
5124	 && ((cdb->how & SSS_START) == 0)) {
5125		ctl_set_invalid_field(ctsio,
5126				      /*sks_valid*/ 1,
5127				      /*command*/ 1,
5128				      /*field*/ 1,
5129				      /*bit_valid*/ 1,
5130				      /*bit*/ 0);
5131		ctl_done((union ctl_io *)ctsio);
5132		return (CTL_RETVAL_COMPLETE);
5133	}
5134
5135	if ((lun->flags & CTL_LUN_PR_RESERVED)
5136	 && ((cdb->how & SSS_START)==0)) {
5137		uint32_t residx;
5138
5139		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5140		if (ctl_get_prkey(lun, residx) == 0
5141		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5142
5143			ctl_set_reservation_conflict(ctsio);
5144			ctl_done((union ctl_io *)ctsio);
5145			return (CTL_RETVAL_COMPLETE);
5146		}
5147	}
5148
5149	if ((cdb->how & SSS_LOEJ) &&
5150	    (lun->flags & CTL_LUN_REMOVABLE) == 0) {
5151		ctl_set_invalid_field(ctsio,
5152				      /*sks_valid*/ 1,
5153				      /*command*/ 1,
5154				      /*field*/ 4,
5155				      /*bit_valid*/ 1,
5156				      /*bit*/ 1);
5157		ctl_done((union ctl_io *)ctsio);
5158		return (CTL_RETVAL_COMPLETE);
5159	}
5160
5161	/*
5162	 * In the non-immediate case, we send the request to
5163	 * the backend and return status to the user when
5164	 * it is done.
5165	 *
5166	 * In the immediate case, we allocate a new ctl_io
5167	 * to hold a copy of the request, and send that to
5168	 * the backend.  We then set good status on the
5169	 * user's request and return it immediately.
5170	 */
5171	if (cdb->byte2 & SSS_IMMED) {
5172		union ctl_io *new_io;
5173
5174		new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5175		ctl_copy_io((union ctl_io *)ctsio, new_io);
5176		retval = lun->backend->config_write(new_io);
5177		ctl_set_success(ctsio);
5178		ctl_done((union ctl_io *)ctsio);
5179	} else {
5180		retval = lun->backend->config_write(
5181			(union ctl_io *)ctsio);
5182	}
5183	return (retval);
5184}
5185
5186int
5187ctl_prevent_allow(struct ctl_scsiio *ctsio)
5188{
5189	struct ctl_lun *lun;
5190	int retval;
5191
5192	CTL_DEBUG_PRINT(("ctl_prevent_allow\n"));
5193
5194	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5195
5196	if ((lun->flags & CTL_LUN_REMOVABLE) == 0) {
5197		ctl_set_invalid_opcode(ctsio);
5198		ctl_done((union ctl_io *)ctsio);
5199		return (CTL_RETVAL_COMPLETE);
5200	}
5201
5202	retval = lun->backend->config_write((union ctl_io *)ctsio);
5203	return (retval);
5204}
5205
5206/*
5207 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5208 * we don't really do anything with the LBA and length fields if the user
5209 * passes them in.  Instead we'll just flush out the cache for the entire
5210 * LUN.
5211 */
5212int
5213ctl_sync_cache(struct ctl_scsiio *ctsio)
5214{
5215	struct ctl_lun *lun;
5216	struct ctl_softc *softc;
5217	struct ctl_lba_len_flags *lbalen;
5218	uint64_t starting_lba;
5219	uint32_t block_count;
5220	int retval;
5221	uint8_t byte2;
5222
5223	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5224
5225	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5226	softc = lun->ctl_softc;
5227	retval = 0;
5228
5229	switch (ctsio->cdb[0]) {
5230	case SYNCHRONIZE_CACHE: {
5231		struct scsi_sync_cache *cdb;
5232		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5233
5234		starting_lba = scsi_4btoul(cdb->begin_lba);
5235		block_count = scsi_2btoul(cdb->lb_count);
5236		byte2 = cdb->byte2;
5237		break;
5238	}
5239	case SYNCHRONIZE_CACHE_16: {
5240		struct scsi_sync_cache_16 *cdb;
5241		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5242
5243		starting_lba = scsi_8btou64(cdb->begin_lba);
5244		block_count = scsi_4btoul(cdb->lb_count);
5245		byte2 = cdb->byte2;
5246		break;
5247	}
5248	default:
5249		ctl_set_invalid_opcode(ctsio);
5250		ctl_done((union ctl_io *)ctsio);
5251		goto bailout;
5252		break; /* NOTREACHED */
5253	}
5254
5255	/*
5256	 * We check the LBA and length, but don't do anything with them.
5257	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5258	 * get flushed.  This check will just help satisfy anyone who wants
5259	 * to see an error for an out of range LBA.
5260	 */
5261	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5262		ctl_set_lba_out_of_range(ctsio);
5263		ctl_done((union ctl_io *)ctsio);
5264		goto bailout;
5265	}
5266
5267	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5268	lbalen->lba = starting_lba;
5269	lbalen->len = block_count;
5270	lbalen->flags = byte2;
5271	retval = lun->backend->config_write((union ctl_io *)ctsio);
5272
5273bailout:
5274	return (retval);
5275}
5276
5277int
5278ctl_format(struct ctl_scsiio *ctsio)
5279{
5280	struct scsi_format *cdb;
5281	struct ctl_lun *lun;
5282	int length, defect_list_len;
5283
5284	CTL_DEBUG_PRINT(("ctl_format\n"));
5285
5286	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5287
5288	cdb = (struct scsi_format *)ctsio->cdb;
5289
5290	length = 0;
5291	if (cdb->byte2 & SF_FMTDATA) {
5292		if (cdb->byte2 & SF_LONGLIST)
5293			length = sizeof(struct scsi_format_header_long);
5294		else
5295			length = sizeof(struct scsi_format_header_short);
5296	}
5297
5298	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5299	 && (length > 0)) {
5300		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5301		ctsio->kern_data_len = length;
5302		ctsio->kern_total_len = length;
5303		ctsio->kern_data_resid = 0;
5304		ctsio->kern_rel_offset = 0;
5305		ctsio->kern_sg_entries = 0;
5306		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5307		ctsio->be_move_done = ctl_config_move_done;
5308		ctl_datamove((union ctl_io *)ctsio);
5309
5310		return (CTL_RETVAL_COMPLETE);
5311	}
5312
5313	defect_list_len = 0;
5314
5315	if (cdb->byte2 & SF_FMTDATA) {
5316		if (cdb->byte2 & SF_LONGLIST) {
5317			struct scsi_format_header_long *header;
5318
5319			header = (struct scsi_format_header_long *)
5320				ctsio->kern_data_ptr;
5321
5322			defect_list_len = scsi_4btoul(header->defect_list_len);
5323			if (defect_list_len != 0) {
5324				ctl_set_invalid_field(ctsio,
5325						      /*sks_valid*/ 1,
5326						      /*command*/ 0,
5327						      /*field*/ 2,
5328						      /*bit_valid*/ 0,
5329						      /*bit*/ 0);
5330				goto bailout;
5331			}
5332		} else {
5333			struct scsi_format_header_short *header;
5334
5335			header = (struct scsi_format_header_short *)
5336				ctsio->kern_data_ptr;
5337
5338			defect_list_len = scsi_2btoul(header->defect_list_len);
5339			if (defect_list_len != 0) {
5340				ctl_set_invalid_field(ctsio,
5341						      /*sks_valid*/ 1,
5342						      /*command*/ 0,
5343						      /*field*/ 2,
5344						      /*bit_valid*/ 0,
5345						      /*bit*/ 0);
5346				goto bailout;
5347			}
5348		}
5349	}
5350
5351	/*
5352	 * The format command will clear out the "Medium format corrupted"
5353	 * status if set by the configuration code.  That status is really
5354	 * just a way to notify the host that we have lost the media, and
5355	 * get them to issue a command that will basically make them think
5356	 * they're blowing away the media.
5357	 */
5358	mtx_lock(&lun->lun_lock);
5359	lun->flags &= ~CTL_LUN_INOPERABLE;
5360	mtx_unlock(&lun->lun_lock);
5361
5362	ctl_set_success(ctsio);
5363bailout:
5364
5365	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5366		free(ctsio->kern_data_ptr, M_CTL);
5367		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5368	}
5369
5370	ctl_done((union ctl_io *)ctsio);
5371	return (CTL_RETVAL_COMPLETE);
5372}
5373
5374int
5375ctl_read_buffer(struct ctl_scsiio *ctsio)
5376{
5377	struct ctl_lun *lun;
5378	uint64_t buffer_offset;
5379	uint32_t len;
5380	uint8_t byte2;
5381	static uint8_t descr[4];
5382	static uint8_t echo_descr[4] = { 0 };
5383
5384	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5385	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5386	switch (ctsio->cdb[0]) {
5387	case READ_BUFFER: {
5388		struct scsi_read_buffer *cdb;
5389
5390		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5391		buffer_offset = scsi_3btoul(cdb->offset);
5392		len = scsi_3btoul(cdb->length);
5393		byte2 = cdb->byte2;
5394		break;
5395	}
5396	case READ_BUFFER_16: {
5397		struct scsi_read_buffer_16 *cdb;
5398
5399		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5400		buffer_offset = scsi_8btou64(cdb->offset);
5401		len = scsi_4btoul(cdb->length);
5402		byte2 = cdb->byte2;
5403		break;
5404	}
5405	default: /* This shouldn't happen. */
5406		ctl_set_invalid_opcode(ctsio);
5407		ctl_done((union ctl_io *)ctsio);
5408		return (CTL_RETVAL_COMPLETE);
5409	}
5410
5411	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5412	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5413	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5414		ctl_set_invalid_field(ctsio,
5415				      /*sks_valid*/ 1,
5416				      /*command*/ 1,
5417				      /*field*/ 1,
5418				      /*bit_valid*/ 1,
5419				      /*bit*/ 4);
5420		ctl_done((union ctl_io *)ctsio);
5421		return (CTL_RETVAL_COMPLETE);
5422	}
5423
5424	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5425	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5426		ctl_set_invalid_field(ctsio,
5427				      /*sks_valid*/ 1,
5428				      /*command*/ 1,
5429				      /*field*/ 6,
5430				      /*bit_valid*/ 0,
5431				      /*bit*/ 0);
5432		ctl_done((union ctl_io *)ctsio);
5433		return (CTL_RETVAL_COMPLETE);
5434	}
5435
5436	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5437		descr[0] = 0;
5438		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5439		ctsio->kern_data_ptr = descr;
5440		len = min(len, sizeof(descr));
5441	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5442		ctsio->kern_data_ptr = echo_descr;
5443		len = min(len, sizeof(echo_descr));
5444	} else {
5445		if (lun->write_buffer == NULL) {
5446			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5447			    M_CTL, M_WAITOK);
5448		}
5449		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5450	}
5451	ctsio->kern_data_len = len;
5452	ctsio->kern_total_len = len;
5453	ctsio->kern_data_resid = 0;
5454	ctsio->kern_rel_offset = 0;
5455	ctsio->kern_sg_entries = 0;
5456	ctl_set_success(ctsio);
5457	ctsio->be_move_done = ctl_config_move_done;
5458	ctl_datamove((union ctl_io *)ctsio);
5459	return (CTL_RETVAL_COMPLETE);
5460}
5461
5462int
5463ctl_write_buffer(struct ctl_scsiio *ctsio)
5464{
5465	struct scsi_write_buffer *cdb;
5466	struct ctl_lun *lun;
5467	int buffer_offset, len;
5468
5469	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5470
5471	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5472	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5473
5474	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5475		ctl_set_invalid_field(ctsio,
5476				      /*sks_valid*/ 1,
5477				      /*command*/ 1,
5478				      /*field*/ 1,
5479				      /*bit_valid*/ 1,
5480				      /*bit*/ 4);
5481		ctl_done((union ctl_io *)ctsio);
5482		return (CTL_RETVAL_COMPLETE);
5483	}
5484
5485	len = scsi_3btoul(cdb->length);
5486	buffer_offset = scsi_3btoul(cdb->offset);
5487
5488	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5489		ctl_set_invalid_field(ctsio,
5490				      /*sks_valid*/ 1,
5491				      /*command*/ 1,
5492				      /*field*/ 6,
5493				      /*bit_valid*/ 0,
5494				      /*bit*/ 0);
5495		ctl_done((union ctl_io *)ctsio);
5496		return (CTL_RETVAL_COMPLETE);
5497	}
5498
5499	/*
5500	 * If we've got a kernel request that hasn't been malloced yet,
5501	 * malloc it and tell the caller the data buffer is here.
5502	 */
5503	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5504		if (lun->write_buffer == NULL) {
5505			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5506			    M_CTL, M_WAITOK);
5507		}
5508		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5509		ctsio->kern_data_len = len;
5510		ctsio->kern_total_len = len;
5511		ctsio->kern_data_resid = 0;
5512		ctsio->kern_rel_offset = 0;
5513		ctsio->kern_sg_entries = 0;
5514		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5515		ctsio->be_move_done = ctl_config_move_done;
5516		ctl_datamove((union ctl_io *)ctsio);
5517
5518		return (CTL_RETVAL_COMPLETE);
5519	}
5520
5521	ctl_set_success(ctsio);
5522	ctl_done((union ctl_io *)ctsio);
5523	return (CTL_RETVAL_COMPLETE);
5524}
5525
5526int
5527ctl_write_same(struct ctl_scsiio *ctsio)
5528{
5529	struct ctl_lun *lun;
5530	struct ctl_lba_len_flags *lbalen;
5531	uint64_t lba;
5532	uint32_t num_blocks;
5533	int len, retval;
5534	uint8_t byte2;
5535
5536	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5537
5538	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5539
5540	switch (ctsio->cdb[0]) {
5541	case WRITE_SAME_10: {
5542		struct scsi_write_same_10 *cdb;
5543
5544		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5545
5546		lba = scsi_4btoul(cdb->addr);
5547		num_blocks = scsi_2btoul(cdb->length);
5548		byte2 = cdb->byte2;
5549		break;
5550	}
5551	case WRITE_SAME_16: {
5552		struct scsi_write_same_16 *cdb;
5553
5554		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5555
5556		lba = scsi_8btou64(cdb->addr);
5557		num_blocks = scsi_4btoul(cdb->length);
5558		byte2 = cdb->byte2;
5559		break;
5560	}
5561	default:
5562		/*
5563		 * We got a command we don't support.  This shouldn't
5564		 * happen, commands should be filtered out above us.
5565		 */
5566		ctl_set_invalid_opcode(ctsio);
5567		ctl_done((union ctl_io *)ctsio);
5568
5569		return (CTL_RETVAL_COMPLETE);
5570		break; /* NOTREACHED */
5571	}
5572
5573	/* ANCHOR flag can be used only together with UNMAP */
5574	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5575		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5576		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5577		ctl_done((union ctl_io *)ctsio);
5578		return (CTL_RETVAL_COMPLETE);
5579	}
5580
5581	/*
5582	 * The first check is to make sure we're in bounds, the second
5583	 * check is to catch wrap-around problems.  If the lba + num blocks
5584	 * is less than the lba, then we've wrapped around and the block
5585	 * range is invalid anyway.
5586	 */
5587	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5588	 || ((lba + num_blocks) < lba)) {
5589		ctl_set_lba_out_of_range(ctsio);
5590		ctl_done((union ctl_io *)ctsio);
5591		return (CTL_RETVAL_COMPLETE);
5592	}
5593
5594	/* Zero number of blocks means "to the last logical block" */
5595	if (num_blocks == 0) {
5596		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5597			ctl_set_invalid_field(ctsio,
5598					      /*sks_valid*/ 0,
5599					      /*command*/ 1,
5600					      /*field*/ 0,
5601					      /*bit_valid*/ 0,
5602					      /*bit*/ 0);
5603			ctl_done((union ctl_io *)ctsio);
5604			return (CTL_RETVAL_COMPLETE);
5605		}
5606		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5607	}
5608
5609	len = lun->be_lun->blocksize;
5610
5611	/*
5612	 * If we've got a kernel request that hasn't been malloced yet,
5613	 * malloc it and tell the caller the data buffer is here.
5614	 */
5615	if ((byte2 & SWS_NDOB) == 0 &&
5616	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5617		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5618		ctsio->kern_data_len = len;
5619		ctsio->kern_total_len = len;
5620		ctsio->kern_data_resid = 0;
5621		ctsio->kern_rel_offset = 0;
5622		ctsio->kern_sg_entries = 0;
5623		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5624		ctsio->be_move_done = ctl_config_move_done;
5625		ctl_datamove((union ctl_io *)ctsio);
5626
5627		return (CTL_RETVAL_COMPLETE);
5628	}
5629
5630	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5631	lbalen->lba = lba;
5632	lbalen->len = num_blocks;
5633	lbalen->flags = byte2;
5634	retval = lun->backend->config_write((union ctl_io *)ctsio);
5635
5636	return (retval);
5637}
5638
5639int
5640ctl_unmap(struct ctl_scsiio *ctsio)
5641{
5642	struct ctl_lun *lun;
5643	struct scsi_unmap *cdb;
5644	struct ctl_ptr_len_flags *ptrlen;
5645	struct scsi_unmap_header *hdr;
5646	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5647	uint64_t lba;
5648	uint32_t num_blocks;
5649	int len, retval;
5650	uint8_t byte2;
5651
5652	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5653
5654	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5655	cdb = (struct scsi_unmap *)ctsio->cdb;
5656
5657	len = scsi_2btoul(cdb->length);
5658	byte2 = cdb->byte2;
5659
5660	/*
5661	 * If we've got a kernel request that hasn't been malloced yet,
5662	 * malloc it and tell the caller the data buffer is here.
5663	 */
5664	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5665		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5666		ctsio->kern_data_len = len;
5667		ctsio->kern_total_len = len;
5668		ctsio->kern_data_resid = 0;
5669		ctsio->kern_rel_offset = 0;
5670		ctsio->kern_sg_entries = 0;
5671		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5672		ctsio->be_move_done = ctl_config_move_done;
5673		ctl_datamove((union ctl_io *)ctsio);
5674
5675		return (CTL_RETVAL_COMPLETE);
5676	}
5677
5678	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5679	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5680	if (len < sizeof (*hdr) ||
5681	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5682	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5683	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5684		ctl_set_invalid_field(ctsio,
5685				      /*sks_valid*/ 0,
5686				      /*command*/ 0,
5687				      /*field*/ 0,
5688				      /*bit_valid*/ 0,
5689				      /*bit*/ 0);
5690		goto done;
5691	}
5692	len = scsi_2btoul(hdr->desc_length);
5693	buf = (struct scsi_unmap_desc *)(hdr + 1);
5694	end = buf + len / sizeof(*buf);
5695
5696	endnz = buf;
5697	for (range = buf; range < end; range++) {
5698		lba = scsi_8btou64(range->lba);
5699		num_blocks = scsi_4btoul(range->length);
5700		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5701		 || ((lba + num_blocks) < lba)) {
5702			ctl_set_lba_out_of_range(ctsio);
5703			ctl_done((union ctl_io *)ctsio);
5704			return (CTL_RETVAL_COMPLETE);
5705		}
5706		if (num_blocks != 0)
5707			endnz = range + 1;
5708	}
5709
5710	/*
5711	 * Block backend can not handle zero last range.
5712	 * Filter it out and return if there is nothing left.
5713	 */
5714	len = (uint8_t *)endnz - (uint8_t *)buf;
5715	if (len == 0) {
5716		ctl_set_success(ctsio);
5717		goto done;
5718	}
5719
5720	mtx_lock(&lun->lun_lock);
5721	ptrlen = (struct ctl_ptr_len_flags *)
5722	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5723	ptrlen->ptr = (void *)buf;
5724	ptrlen->len = len;
5725	ptrlen->flags = byte2;
5726	ctl_check_blocked(lun);
5727	mtx_unlock(&lun->lun_lock);
5728
5729	retval = lun->backend->config_write((union ctl_io *)ctsio);
5730	return (retval);
5731
5732done:
5733	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5734		free(ctsio->kern_data_ptr, M_CTL);
5735		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5736	}
5737	ctl_done((union ctl_io *)ctsio);
5738	return (CTL_RETVAL_COMPLETE);
5739}
5740
5741/*
5742 * Note that this function currently doesn't actually do anything inside
5743 * CTL to enforce things if the DQue bit is turned on.
5744 *
5745 * Also note that this function can't be used in the default case, because
5746 * the DQue bit isn't set in the changeable mask for the control mode page
5747 * anyway.  This is just here as an example for how to implement a page
5748 * handler, and a placeholder in case we want to allow the user to turn
5749 * tagged queueing on and off.
5750 *
5751 * The D_SENSE bit handling is functional, however, and will turn
5752 * descriptor sense on and off for a given LUN.
5753 */
5754int
5755ctl_control_page_handler(struct ctl_scsiio *ctsio,
5756			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5757{
5758	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5759	struct ctl_lun *lun;
5760	int set_ua;
5761	uint32_t initidx;
5762
5763	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5764	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5765	set_ua = 0;
5766
5767	user_cp = (struct scsi_control_page *)page_ptr;
5768	current_cp = (struct scsi_control_page *)
5769		(page_index->page_data + (page_index->page_len *
5770		CTL_PAGE_CURRENT));
5771	saved_cp = (struct scsi_control_page *)
5772		(page_index->page_data + (page_index->page_len *
5773		CTL_PAGE_SAVED));
5774
5775	mtx_lock(&lun->lun_lock);
5776	if (((current_cp->rlec & SCP_DSENSE) == 0)
5777	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5778		/*
5779		 * Descriptor sense is currently turned off and the user
5780		 * wants to turn it on.
5781		 */
5782		current_cp->rlec |= SCP_DSENSE;
5783		saved_cp->rlec |= SCP_DSENSE;
5784		lun->flags |= CTL_LUN_SENSE_DESC;
5785		set_ua = 1;
5786	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5787		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5788		/*
5789		 * Descriptor sense is currently turned on, and the user
5790		 * wants to turn it off.
5791		 */
5792		current_cp->rlec &= ~SCP_DSENSE;
5793		saved_cp->rlec &= ~SCP_DSENSE;
5794		lun->flags &= ~CTL_LUN_SENSE_DESC;
5795		set_ua = 1;
5796	}
5797	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5798	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5799		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5800		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5801		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5802		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5803		set_ua = 1;
5804	}
5805	if ((current_cp->eca_and_aen & SCP_SWP) !=
5806	    (user_cp->eca_and_aen & SCP_SWP)) {
5807		current_cp->eca_and_aen &= ~SCP_SWP;
5808		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5809		saved_cp->eca_and_aen &= ~SCP_SWP;
5810		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5811		set_ua = 1;
5812	}
5813	if (set_ua != 0)
5814		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5815	mtx_unlock(&lun->lun_lock);
5816	if (set_ua) {
5817		ctl_isc_announce_mode(lun,
5818		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5819		    page_index->page_code, page_index->subpage);
5820	}
5821	return (0);
5822}
5823
5824int
5825ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5826		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5827{
5828	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5829	struct ctl_lun *lun;
5830	int set_ua;
5831	uint32_t initidx;
5832
5833	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5834	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5835	set_ua = 0;
5836
5837	user_cp = (struct scsi_caching_page *)page_ptr;
5838	current_cp = (struct scsi_caching_page *)
5839		(page_index->page_data + (page_index->page_len *
5840		CTL_PAGE_CURRENT));
5841	saved_cp = (struct scsi_caching_page *)
5842		(page_index->page_data + (page_index->page_len *
5843		CTL_PAGE_SAVED));
5844
5845	mtx_lock(&lun->lun_lock);
5846	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5847	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5848		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5849		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5850		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5851		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5852		set_ua = 1;
5853	}
5854	if (set_ua != 0)
5855		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5856	mtx_unlock(&lun->lun_lock);
5857	if (set_ua) {
5858		ctl_isc_announce_mode(lun,
5859		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5860		    page_index->page_code, page_index->subpage);
5861	}
5862	return (0);
5863}
5864
5865int
5866ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5867				struct ctl_page_index *page_index,
5868				uint8_t *page_ptr)
5869{
5870	uint8_t *c;
5871	int i;
5872
5873	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5874	ctl_time_io_secs =
5875		(c[0] << 8) |
5876		(c[1] << 0) |
5877		0;
5878	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5879	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5880	printf("page data:");
5881	for (i=0; i<8; i++)
5882		printf(" %.2x",page_ptr[i]);
5883	printf("\n");
5884	return (0);
5885}
5886
5887int
5888ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5889			       struct ctl_page_index *page_index,
5890			       int pc)
5891{
5892	struct copan_debugconf_subpage *page;
5893
5894	page = (struct copan_debugconf_subpage *)page_index->page_data +
5895		(page_index->page_len * pc);
5896
5897	switch (pc) {
5898	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5899	case SMS_PAGE_CTRL_DEFAULT >> 6:
5900	case SMS_PAGE_CTRL_SAVED >> 6:
5901		/*
5902		 * We don't update the changable or default bits for this page.
5903		 */
5904		break;
5905	case SMS_PAGE_CTRL_CURRENT >> 6:
5906		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5907		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5908		break;
5909	default:
5910		break;
5911	}
5912	return (0);
5913}
5914
5915
5916static int
5917ctl_do_mode_select(union ctl_io *io)
5918{
5919	struct scsi_mode_page_header *page_header;
5920	struct ctl_page_index *page_index;
5921	struct ctl_scsiio *ctsio;
5922	int page_len, page_len_offset, page_len_size;
5923	union ctl_modepage_info *modepage_info;
5924	struct ctl_lun *lun;
5925	int *len_left, *len_used;
5926	int retval, i;
5927
5928	ctsio = &io->scsiio;
5929	page_index = NULL;
5930	page_len = 0;
5931	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5932
5933	modepage_info = (union ctl_modepage_info *)
5934		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5935	len_left = &modepage_info->header.len_left;
5936	len_used = &modepage_info->header.len_used;
5937
5938do_next_page:
5939
5940	page_header = (struct scsi_mode_page_header *)
5941		(ctsio->kern_data_ptr + *len_used);
5942
5943	if (*len_left == 0) {
5944		free(ctsio->kern_data_ptr, M_CTL);
5945		ctl_set_success(ctsio);
5946		ctl_done((union ctl_io *)ctsio);
5947		return (CTL_RETVAL_COMPLETE);
5948	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5949
5950		free(ctsio->kern_data_ptr, M_CTL);
5951		ctl_set_param_len_error(ctsio);
5952		ctl_done((union ctl_io *)ctsio);
5953		return (CTL_RETVAL_COMPLETE);
5954
5955	} else if ((page_header->page_code & SMPH_SPF)
5956		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5957
5958		free(ctsio->kern_data_ptr, M_CTL);
5959		ctl_set_param_len_error(ctsio);
5960		ctl_done((union ctl_io *)ctsio);
5961		return (CTL_RETVAL_COMPLETE);
5962	}
5963
5964
5965	/*
5966	 * XXX KDM should we do something with the block descriptor?
5967	 */
5968	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5969		page_index = &lun->mode_pages.index[i];
5970		if (lun->be_lun->lun_type == T_DIRECT &&
5971		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
5972			continue;
5973		if (lun->be_lun->lun_type == T_PROCESSOR &&
5974		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
5975			continue;
5976		if (lun->be_lun->lun_type == T_CDROM &&
5977		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
5978			continue;
5979
5980		if ((page_index->page_code & SMPH_PC_MASK) !=
5981		    (page_header->page_code & SMPH_PC_MASK))
5982			continue;
5983
5984		/*
5985		 * If neither page has a subpage code, then we've got a
5986		 * match.
5987		 */
5988		if (((page_index->page_code & SMPH_SPF) == 0)
5989		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5990			page_len = page_header->page_length;
5991			break;
5992		}
5993
5994		/*
5995		 * If both pages have subpages, then the subpage numbers
5996		 * have to match.
5997		 */
5998		if ((page_index->page_code & SMPH_SPF)
5999		  && (page_header->page_code & SMPH_SPF)) {
6000			struct scsi_mode_page_header_sp *sph;
6001
6002			sph = (struct scsi_mode_page_header_sp *)page_header;
6003			if (page_index->subpage == sph->subpage) {
6004				page_len = scsi_2btoul(sph->page_length);
6005				break;
6006			}
6007		}
6008	}
6009
6010	/*
6011	 * If we couldn't find the page, or if we don't have a mode select
6012	 * handler for it, send back an error to the user.
6013	 */
6014	if ((i >= CTL_NUM_MODE_PAGES)
6015	 || (page_index->select_handler == NULL)) {
6016		ctl_set_invalid_field(ctsio,
6017				      /*sks_valid*/ 1,
6018				      /*command*/ 0,
6019				      /*field*/ *len_used,
6020				      /*bit_valid*/ 0,
6021				      /*bit*/ 0);
6022		free(ctsio->kern_data_ptr, M_CTL);
6023		ctl_done((union ctl_io *)ctsio);
6024		return (CTL_RETVAL_COMPLETE);
6025	}
6026
6027	if (page_index->page_code & SMPH_SPF) {
6028		page_len_offset = 2;
6029		page_len_size = 2;
6030	} else {
6031		page_len_size = 1;
6032		page_len_offset = 1;
6033	}
6034
6035	/*
6036	 * If the length the initiator gives us isn't the one we specify in
6037	 * the mode page header, or if they didn't specify enough data in
6038	 * the CDB to avoid truncating this page, kick out the request.
6039	 */
6040	if ((page_len != (page_index->page_len - page_len_offset -
6041			  page_len_size))
6042	 || (*len_left < page_index->page_len)) {
6043
6044
6045		ctl_set_invalid_field(ctsio,
6046				      /*sks_valid*/ 1,
6047				      /*command*/ 0,
6048				      /*field*/ *len_used + page_len_offset,
6049				      /*bit_valid*/ 0,
6050				      /*bit*/ 0);
6051		free(ctsio->kern_data_ptr, M_CTL);
6052		ctl_done((union ctl_io *)ctsio);
6053		return (CTL_RETVAL_COMPLETE);
6054	}
6055
6056	/*
6057	 * Run through the mode page, checking to make sure that the bits
6058	 * the user changed are actually legal for him to change.
6059	 */
6060	for (i = 0; i < page_index->page_len; i++) {
6061		uint8_t *user_byte, *change_mask, *current_byte;
6062		int bad_bit;
6063		int j;
6064
6065		user_byte = (uint8_t *)page_header + i;
6066		change_mask = page_index->page_data +
6067			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6068		current_byte = page_index->page_data +
6069			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6070
6071		/*
6072		 * Check to see whether the user set any bits in this byte
6073		 * that he is not allowed to set.
6074		 */
6075		if ((*user_byte & ~(*change_mask)) ==
6076		    (*current_byte & ~(*change_mask)))
6077			continue;
6078
6079		/*
6080		 * Go through bit by bit to determine which one is illegal.
6081		 */
6082		bad_bit = 0;
6083		for (j = 7; j >= 0; j--) {
6084			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6085			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6086				bad_bit = i;
6087				break;
6088			}
6089		}
6090		ctl_set_invalid_field(ctsio,
6091				      /*sks_valid*/ 1,
6092				      /*command*/ 0,
6093				      /*field*/ *len_used + i,
6094				      /*bit_valid*/ 1,
6095				      /*bit*/ bad_bit);
6096		free(ctsio->kern_data_ptr, M_CTL);
6097		ctl_done((union ctl_io *)ctsio);
6098		return (CTL_RETVAL_COMPLETE);
6099	}
6100
6101	/*
6102	 * Decrement these before we call the page handler, since we may
6103	 * end up getting called back one way or another before the handler
6104	 * returns to this context.
6105	 */
6106	*len_left -= page_index->page_len;
6107	*len_used += page_index->page_len;
6108
6109	retval = page_index->select_handler(ctsio, page_index,
6110					    (uint8_t *)page_header);
6111
6112	/*
6113	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6114	 * wait until this queued command completes to finish processing
6115	 * the mode page.  If it returns anything other than
6116	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6117	 * already set the sense information, freed the data pointer, and
6118	 * completed the io for us.
6119	 */
6120	if (retval != CTL_RETVAL_COMPLETE)
6121		goto bailout_no_done;
6122
6123	/*
6124	 * If the initiator sent us more than one page, parse the next one.
6125	 */
6126	if (*len_left > 0)
6127		goto do_next_page;
6128
6129	ctl_set_success(ctsio);
6130	free(ctsio->kern_data_ptr, M_CTL);
6131	ctl_done((union ctl_io *)ctsio);
6132
6133bailout_no_done:
6134
6135	return (CTL_RETVAL_COMPLETE);
6136
6137}
6138
6139int
6140ctl_mode_select(struct ctl_scsiio *ctsio)
6141{
6142	int param_len, pf, sp;
6143	int header_size, bd_len;
6144	union ctl_modepage_info *modepage_info;
6145
6146	switch (ctsio->cdb[0]) {
6147	case MODE_SELECT_6: {
6148		struct scsi_mode_select_6 *cdb;
6149
6150		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6151
6152		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6153		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6154		param_len = cdb->length;
6155		header_size = sizeof(struct scsi_mode_header_6);
6156		break;
6157	}
6158	case MODE_SELECT_10: {
6159		struct scsi_mode_select_10 *cdb;
6160
6161		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6162
6163		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6164		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6165		param_len = scsi_2btoul(cdb->length);
6166		header_size = sizeof(struct scsi_mode_header_10);
6167		break;
6168	}
6169	default:
6170		ctl_set_invalid_opcode(ctsio);
6171		ctl_done((union ctl_io *)ctsio);
6172		return (CTL_RETVAL_COMPLETE);
6173	}
6174
6175	/*
6176	 * From SPC-3:
6177	 * "A parameter list length of zero indicates that the Data-Out Buffer
6178	 * shall be empty. This condition shall not be considered as an error."
6179	 */
6180	if (param_len == 0) {
6181		ctl_set_success(ctsio);
6182		ctl_done((union ctl_io *)ctsio);
6183		return (CTL_RETVAL_COMPLETE);
6184	}
6185
6186	/*
6187	 * Since we'll hit this the first time through, prior to
6188	 * allocation, we don't need to free a data buffer here.
6189	 */
6190	if (param_len < header_size) {
6191		ctl_set_param_len_error(ctsio);
6192		ctl_done((union ctl_io *)ctsio);
6193		return (CTL_RETVAL_COMPLETE);
6194	}
6195
6196	/*
6197	 * Allocate the data buffer and grab the user's data.  In theory,
6198	 * we shouldn't have to sanity check the parameter list length here
6199	 * because the maximum size is 64K.  We should be able to malloc
6200	 * that much without too many problems.
6201	 */
6202	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6203		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6204		ctsio->kern_data_len = param_len;
6205		ctsio->kern_total_len = param_len;
6206		ctsio->kern_data_resid = 0;
6207		ctsio->kern_rel_offset = 0;
6208		ctsio->kern_sg_entries = 0;
6209		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6210		ctsio->be_move_done = ctl_config_move_done;
6211		ctl_datamove((union ctl_io *)ctsio);
6212
6213		return (CTL_RETVAL_COMPLETE);
6214	}
6215
6216	switch (ctsio->cdb[0]) {
6217	case MODE_SELECT_6: {
6218		struct scsi_mode_header_6 *mh6;
6219
6220		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6221		bd_len = mh6->blk_desc_len;
6222		break;
6223	}
6224	case MODE_SELECT_10: {
6225		struct scsi_mode_header_10 *mh10;
6226
6227		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6228		bd_len = scsi_2btoul(mh10->blk_desc_len);
6229		break;
6230	}
6231	default:
6232		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6233		break;
6234	}
6235
6236	if (param_len < (header_size + bd_len)) {
6237		free(ctsio->kern_data_ptr, M_CTL);
6238		ctl_set_param_len_error(ctsio);
6239		ctl_done((union ctl_io *)ctsio);
6240		return (CTL_RETVAL_COMPLETE);
6241	}
6242
6243	/*
6244	 * Set the IO_CONT flag, so that if this I/O gets passed to
6245	 * ctl_config_write_done(), it'll get passed back to
6246	 * ctl_do_mode_select() for further processing, or completion if
6247	 * we're all done.
6248	 */
6249	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6250	ctsio->io_cont = ctl_do_mode_select;
6251
6252	modepage_info = (union ctl_modepage_info *)
6253		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6254	memset(modepage_info, 0, sizeof(*modepage_info));
6255	modepage_info->header.len_left = param_len - header_size - bd_len;
6256	modepage_info->header.len_used = header_size + bd_len;
6257
6258	return (ctl_do_mode_select((union ctl_io *)ctsio));
6259}
6260
6261int
6262ctl_mode_sense(struct ctl_scsiio *ctsio)
6263{
6264	struct ctl_lun *lun;
6265	int pc, page_code, dbd, llba, subpage;
6266	int alloc_len, page_len, header_len, total_len;
6267	struct scsi_mode_block_descr *block_desc;
6268	struct ctl_page_index *page_index;
6269
6270	dbd = 0;
6271	llba = 0;
6272	block_desc = NULL;
6273
6274	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6275
6276	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6277	switch (ctsio->cdb[0]) {
6278	case MODE_SENSE_6: {
6279		struct scsi_mode_sense_6 *cdb;
6280
6281		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6282
6283		header_len = sizeof(struct scsi_mode_hdr_6);
6284		if (cdb->byte2 & SMS_DBD)
6285			dbd = 1;
6286		else
6287			header_len += sizeof(struct scsi_mode_block_descr);
6288
6289		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6290		page_code = cdb->page & SMS_PAGE_CODE;
6291		subpage = cdb->subpage;
6292		alloc_len = cdb->length;
6293		break;
6294	}
6295	case MODE_SENSE_10: {
6296		struct scsi_mode_sense_10 *cdb;
6297
6298		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6299
6300		header_len = sizeof(struct scsi_mode_hdr_10);
6301
6302		if (cdb->byte2 & SMS_DBD)
6303			dbd = 1;
6304		else
6305			header_len += sizeof(struct scsi_mode_block_descr);
6306		if (cdb->byte2 & SMS10_LLBAA)
6307			llba = 1;
6308		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6309		page_code = cdb->page & SMS_PAGE_CODE;
6310		subpage = cdb->subpage;
6311		alloc_len = scsi_2btoul(cdb->length);
6312		break;
6313	}
6314	default:
6315		ctl_set_invalid_opcode(ctsio);
6316		ctl_done((union ctl_io *)ctsio);
6317		return (CTL_RETVAL_COMPLETE);
6318		break; /* NOTREACHED */
6319	}
6320
6321	/*
6322	 * We have to make a first pass through to calculate the size of
6323	 * the pages that match the user's query.  Then we allocate enough
6324	 * memory to hold it, and actually copy the data into the buffer.
6325	 */
6326	switch (page_code) {
6327	case SMS_ALL_PAGES_PAGE: {
6328		int i;
6329
6330		page_len = 0;
6331
6332		/*
6333		 * At the moment, values other than 0 and 0xff here are
6334		 * reserved according to SPC-3.
6335		 */
6336		if ((subpage != SMS_SUBPAGE_PAGE_0)
6337		 && (subpage != SMS_SUBPAGE_ALL)) {
6338			ctl_set_invalid_field(ctsio,
6339					      /*sks_valid*/ 1,
6340					      /*command*/ 1,
6341					      /*field*/ 3,
6342					      /*bit_valid*/ 0,
6343					      /*bit*/ 0);
6344			ctl_done((union ctl_io *)ctsio);
6345			return (CTL_RETVAL_COMPLETE);
6346		}
6347
6348		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6349			page_index = &lun->mode_pages.index[i];
6350
6351			/* Make sure the page is supported for this dev type */
6352			if (lun->be_lun->lun_type == T_DIRECT &&
6353			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6354				continue;
6355			if (lun->be_lun->lun_type == T_PROCESSOR &&
6356			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6357				continue;
6358			if (lun->be_lun->lun_type == T_CDROM &&
6359			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6360				continue;
6361
6362			/*
6363			 * We don't use this subpage if the user didn't
6364			 * request all subpages.
6365			 */
6366			if ((page_index->subpage != 0)
6367			 && (subpage == SMS_SUBPAGE_PAGE_0))
6368				continue;
6369
6370#if 0
6371			printf("found page %#x len %d\n",
6372			       page_index->page_code & SMPH_PC_MASK,
6373			       page_index->page_len);
6374#endif
6375			page_len += page_index->page_len;
6376		}
6377		break;
6378	}
6379	default: {
6380		int i;
6381
6382		page_len = 0;
6383
6384		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6385			page_index = &lun->mode_pages.index[i];
6386
6387			/* Make sure the page is supported for this dev type */
6388			if (lun->be_lun->lun_type == T_DIRECT &&
6389			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6390				continue;
6391			if (lun->be_lun->lun_type == T_PROCESSOR &&
6392			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6393				continue;
6394			if (lun->be_lun->lun_type == T_CDROM &&
6395			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6396				continue;
6397
6398			/* Look for the right page code */
6399			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6400				continue;
6401
6402			/* Look for the right subpage or the subpage wildcard*/
6403			if ((page_index->subpage != subpage)
6404			 && (subpage != SMS_SUBPAGE_ALL))
6405				continue;
6406
6407#if 0
6408			printf("found page %#x len %d\n",
6409			       page_index->page_code & SMPH_PC_MASK,
6410			       page_index->page_len);
6411#endif
6412
6413			page_len += page_index->page_len;
6414		}
6415
6416		if (page_len == 0) {
6417			ctl_set_invalid_field(ctsio,
6418					      /*sks_valid*/ 1,
6419					      /*command*/ 1,
6420					      /*field*/ 2,
6421					      /*bit_valid*/ 1,
6422					      /*bit*/ 5);
6423			ctl_done((union ctl_io *)ctsio);
6424			return (CTL_RETVAL_COMPLETE);
6425		}
6426		break;
6427	}
6428	}
6429
6430	total_len = header_len + page_len;
6431#if 0
6432	printf("header_len = %d, page_len = %d, total_len = %d\n",
6433	       header_len, page_len, total_len);
6434#endif
6435
6436	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6437	ctsio->kern_sg_entries = 0;
6438	ctsio->kern_data_resid = 0;
6439	ctsio->kern_rel_offset = 0;
6440	if (total_len < alloc_len) {
6441		ctsio->residual = alloc_len - total_len;
6442		ctsio->kern_data_len = total_len;
6443		ctsio->kern_total_len = total_len;
6444	} else {
6445		ctsio->residual = 0;
6446		ctsio->kern_data_len = alloc_len;
6447		ctsio->kern_total_len = alloc_len;
6448	}
6449
6450	switch (ctsio->cdb[0]) {
6451	case MODE_SENSE_6: {
6452		struct scsi_mode_hdr_6 *header;
6453
6454		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6455
6456		header->datalen = MIN(total_len - 1, 254);
6457		if (lun->be_lun->lun_type == T_DIRECT) {
6458			header->dev_specific = 0x10; /* DPOFUA */
6459			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6460			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6461			    .eca_and_aen & SCP_SWP) != 0)
6462				    header->dev_specific |= 0x80; /* WP */
6463		}
6464		if (dbd)
6465			header->block_descr_len = 0;
6466		else
6467			header->block_descr_len =
6468				sizeof(struct scsi_mode_block_descr);
6469		block_desc = (struct scsi_mode_block_descr *)&header[1];
6470		break;
6471	}
6472	case MODE_SENSE_10: {
6473		struct scsi_mode_hdr_10 *header;
6474		int datalen;
6475
6476		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6477
6478		datalen = MIN(total_len - 2, 65533);
6479		scsi_ulto2b(datalen, header->datalen);
6480		if (lun->be_lun->lun_type == T_DIRECT) {
6481			header->dev_specific = 0x10; /* DPOFUA */
6482			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6483			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6484			    .eca_and_aen & SCP_SWP) != 0)
6485				    header->dev_specific |= 0x80; /* WP */
6486		}
6487		if (dbd)
6488			scsi_ulto2b(0, header->block_descr_len);
6489		else
6490			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6491				    header->block_descr_len);
6492		block_desc = (struct scsi_mode_block_descr *)&header[1];
6493		break;
6494	}
6495	default:
6496		panic("invalid CDB type %#x", ctsio->cdb[0]);
6497		break; /* NOTREACHED */
6498	}
6499
6500	/*
6501	 * If we've got a disk, use its blocksize in the block
6502	 * descriptor.  Otherwise, just set it to 0.
6503	 */
6504	if (dbd == 0) {
6505		if (lun->be_lun->lun_type == T_DIRECT)
6506			scsi_ulto3b(lun->be_lun->blocksize,
6507				    block_desc->block_len);
6508		else
6509			scsi_ulto3b(0, block_desc->block_len);
6510	}
6511
6512	switch (page_code) {
6513	case SMS_ALL_PAGES_PAGE: {
6514		int i, data_used;
6515
6516		data_used = header_len;
6517		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6518			struct ctl_page_index *page_index;
6519
6520			page_index = &lun->mode_pages.index[i];
6521			if (lun->be_lun->lun_type == T_DIRECT &&
6522			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6523				continue;
6524			if (lun->be_lun->lun_type == T_PROCESSOR &&
6525			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6526				continue;
6527			if (lun->be_lun->lun_type == T_CDROM &&
6528			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6529				continue;
6530
6531			/*
6532			 * We don't use this subpage if the user didn't
6533			 * request all subpages.  We already checked (above)
6534			 * to make sure the user only specified a subpage
6535			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6536			 */
6537			if ((page_index->subpage != 0)
6538			 && (subpage == SMS_SUBPAGE_PAGE_0))
6539				continue;
6540
6541			/*
6542			 * Call the handler, if it exists, to update the
6543			 * page to the latest values.
6544			 */
6545			if (page_index->sense_handler != NULL)
6546				page_index->sense_handler(ctsio, page_index,pc);
6547
6548			memcpy(ctsio->kern_data_ptr + data_used,
6549			       page_index->page_data +
6550			       (page_index->page_len * pc),
6551			       page_index->page_len);
6552			data_used += page_index->page_len;
6553		}
6554		break;
6555	}
6556	default: {
6557		int i, data_used;
6558
6559		data_used = header_len;
6560
6561		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6562			struct ctl_page_index *page_index;
6563
6564			page_index = &lun->mode_pages.index[i];
6565
6566			/* Look for the right page code */
6567			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6568				continue;
6569
6570			/* Look for the right subpage or the subpage wildcard*/
6571			if ((page_index->subpage != subpage)
6572			 && (subpage != SMS_SUBPAGE_ALL))
6573				continue;
6574
6575			/* Make sure the page is supported for this dev type */
6576			if (lun->be_lun->lun_type == T_DIRECT &&
6577			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6578				continue;
6579			if (lun->be_lun->lun_type == T_PROCESSOR &&
6580			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6581				continue;
6582			if (lun->be_lun->lun_type == T_CDROM &&
6583			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6584				continue;
6585
6586			/*
6587			 * Call the handler, if it exists, to update the
6588			 * page to the latest values.
6589			 */
6590			if (page_index->sense_handler != NULL)
6591				page_index->sense_handler(ctsio, page_index,pc);
6592
6593			memcpy(ctsio->kern_data_ptr + data_used,
6594			       page_index->page_data +
6595			       (page_index->page_len * pc),
6596			       page_index->page_len);
6597			data_used += page_index->page_len;
6598		}
6599		break;
6600	}
6601	}
6602
6603	ctl_set_success(ctsio);
6604	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6605	ctsio->be_move_done = ctl_config_move_done;
6606	ctl_datamove((union ctl_io *)ctsio);
6607	return (CTL_RETVAL_COMPLETE);
6608}
6609
6610int
6611ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6612			       struct ctl_page_index *page_index,
6613			       int pc)
6614{
6615	struct ctl_lun *lun;
6616	struct scsi_log_param_header *phdr;
6617	uint8_t *data;
6618	uint64_t val;
6619
6620	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6621	data = page_index->page_data;
6622
6623	if (lun->backend->lun_attr != NULL &&
6624	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6625	     != UINT64_MAX) {
6626		phdr = (struct scsi_log_param_header *)data;
6627		scsi_ulto2b(0x0001, phdr->param_code);
6628		phdr->param_control = SLP_LBIN | SLP_LP;
6629		phdr->param_len = 8;
6630		data = (uint8_t *)(phdr + 1);
6631		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6632		data[4] = 0x02; /* per-pool */
6633		data += phdr->param_len;
6634	}
6635
6636	if (lun->backend->lun_attr != NULL &&
6637	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6638	     != UINT64_MAX) {
6639		phdr = (struct scsi_log_param_header *)data;
6640		scsi_ulto2b(0x0002, phdr->param_code);
6641		phdr->param_control = SLP_LBIN | SLP_LP;
6642		phdr->param_len = 8;
6643		data = (uint8_t *)(phdr + 1);
6644		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6645		data[4] = 0x01; /* per-LUN */
6646		data += phdr->param_len;
6647	}
6648
6649	if (lun->backend->lun_attr != NULL &&
6650	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6651	     != UINT64_MAX) {
6652		phdr = (struct scsi_log_param_header *)data;
6653		scsi_ulto2b(0x00f1, phdr->param_code);
6654		phdr->param_control = SLP_LBIN | SLP_LP;
6655		phdr->param_len = 8;
6656		data = (uint8_t *)(phdr + 1);
6657		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6658		data[4] = 0x02; /* per-pool */
6659		data += phdr->param_len;
6660	}
6661
6662	if (lun->backend->lun_attr != NULL &&
6663	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6664	     != UINT64_MAX) {
6665		phdr = (struct scsi_log_param_header *)data;
6666		scsi_ulto2b(0x00f2, phdr->param_code);
6667		phdr->param_control = SLP_LBIN | SLP_LP;
6668		phdr->param_len = 8;
6669		data = (uint8_t *)(phdr + 1);
6670		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6671		data[4] = 0x02; /* per-pool */
6672		data += phdr->param_len;
6673	}
6674
6675	page_index->page_len = data - page_index->page_data;
6676	return (0);
6677}
6678
6679int
6680ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6681			       struct ctl_page_index *page_index,
6682			       int pc)
6683{
6684	struct ctl_lun *lun;
6685	struct stat_page *data;
6686	uint64_t rn, wn, rb, wb;
6687	struct bintime rt, wt;
6688	int i;
6689
6690	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6691	data = (struct stat_page *)page_index->page_data;
6692
6693	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6694	data->sap.hdr.param_control = SLP_LBIN;
6695	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6696	    sizeof(struct scsi_log_param_header);
6697	rn = wn = rb = wb = 0;
6698	bintime_clear(&rt);
6699	bintime_clear(&wt);
6700	for (i = 0; i < CTL_MAX_PORTS; i++) {
6701		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6702		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6703		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6704		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6705		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6706		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6707	}
6708	scsi_u64to8b(rn, data->sap.read_num);
6709	scsi_u64to8b(wn, data->sap.write_num);
6710	if (lun->stats.blocksize > 0) {
6711		scsi_u64to8b(wb / lun->stats.blocksize,
6712		    data->sap.recvieved_lba);
6713		scsi_u64to8b(rb / lun->stats.blocksize,
6714		    data->sap.transmitted_lba);
6715	}
6716	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6717	    data->sap.read_int);
6718	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6719	    data->sap.write_int);
6720	scsi_u64to8b(0, data->sap.weighted_num);
6721	scsi_u64to8b(0, data->sap.weighted_int);
6722	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6723	data->it.hdr.param_control = SLP_LBIN;
6724	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6725	    sizeof(struct scsi_log_param_header);
6726#ifdef CTL_TIME_IO
6727	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6728#endif
6729	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6730	data->it.hdr.param_control = SLP_LBIN;
6731	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6732	    sizeof(struct scsi_log_param_header);
6733	scsi_ulto4b(3, data->ti.exponent);
6734	scsi_ulto4b(1, data->ti.integer);
6735
6736	page_index->page_len = sizeof(*data);
6737	return (0);
6738}
6739
6740int
6741ctl_log_sense(struct ctl_scsiio *ctsio)
6742{
6743	struct ctl_lun *lun;
6744	int i, pc, page_code, subpage;
6745	int alloc_len, total_len;
6746	struct ctl_page_index *page_index;
6747	struct scsi_log_sense *cdb;
6748	struct scsi_log_header *header;
6749
6750	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6751
6752	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6753	cdb = (struct scsi_log_sense *)ctsio->cdb;
6754	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6755	page_code = cdb->page & SLS_PAGE_CODE;
6756	subpage = cdb->subpage;
6757	alloc_len = scsi_2btoul(cdb->length);
6758
6759	page_index = NULL;
6760	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6761		page_index = &lun->log_pages.index[i];
6762
6763		/* Look for the right page code */
6764		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6765			continue;
6766
6767		/* Look for the right subpage or the subpage wildcard*/
6768		if (page_index->subpage != subpage)
6769			continue;
6770
6771		break;
6772	}
6773	if (i >= CTL_NUM_LOG_PAGES) {
6774		ctl_set_invalid_field(ctsio,
6775				      /*sks_valid*/ 1,
6776				      /*command*/ 1,
6777				      /*field*/ 2,
6778				      /*bit_valid*/ 0,
6779				      /*bit*/ 0);
6780		ctl_done((union ctl_io *)ctsio);
6781		return (CTL_RETVAL_COMPLETE);
6782	}
6783
6784	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6785
6786	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6787	ctsio->kern_sg_entries = 0;
6788	ctsio->kern_data_resid = 0;
6789	ctsio->kern_rel_offset = 0;
6790	if (total_len < alloc_len) {
6791		ctsio->residual = alloc_len - total_len;
6792		ctsio->kern_data_len = total_len;
6793		ctsio->kern_total_len = total_len;
6794	} else {
6795		ctsio->residual = 0;
6796		ctsio->kern_data_len = alloc_len;
6797		ctsio->kern_total_len = alloc_len;
6798	}
6799
6800	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6801	header->page = page_index->page_code;
6802	if (page_index->subpage) {
6803		header->page |= SL_SPF;
6804		header->subpage = page_index->subpage;
6805	}
6806	scsi_ulto2b(page_index->page_len, header->datalen);
6807
6808	/*
6809	 * Call the handler, if it exists, to update the
6810	 * page to the latest values.
6811	 */
6812	if (page_index->sense_handler != NULL)
6813		page_index->sense_handler(ctsio, page_index, pc);
6814
6815	memcpy(header + 1, page_index->page_data, page_index->page_len);
6816
6817	ctl_set_success(ctsio);
6818	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6819	ctsio->be_move_done = ctl_config_move_done;
6820	ctl_datamove((union ctl_io *)ctsio);
6821	return (CTL_RETVAL_COMPLETE);
6822}
6823
6824int
6825ctl_read_capacity(struct ctl_scsiio *ctsio)
6826{
6827	struct scsi_read_capacity *cdb;
6828	struct scsi_read_capacity_data *data;
6829	struct ctl_lun *lun;
6830	uint32_t lba;
6831
6832	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6833
6834	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6835
6836	lba = scsi_4btoul(cdb->addr);
6837	if (((cdb->pmi & SRC_PMI) == 0)
6838	 && (lba != 0)) {
6839		ctl_set_invalid_field(/*ctsio*/ ctsio,
6840				      /*sks_valid*/ 1,
6841				      /*command*/ 1,
6842				      /*field*/ 2,
6843				      /*bit_valid*/ 0,
6844				      /*bit*/ 0);
6845		ctl_done((union ctl_io *)ctsio);
6846		return (CTL_RETVAL_COMPLETE);
6847	}
6848
6849	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6850
6851	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6852	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6853	ctsio->residual = 0;
6854	ctsio->kern_data_len = sizeof(*data);
6855	ctsio->kern_total_len = sizeof(*data);
6856	ctsio->kern_data_resid = 0;
6857	ctsio->kern_rel_offset = 0;
6858	ctsio->kern_sg_entries = 0;
6859
6860	/*
6861	 * If the maximum LBA is greater than 0xfffffffe, the user must
6862	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6863	 * serivce action set.
6864	 */
6865	if (lun->be_lun->maxlba > 0xfffffffe)
6866		scsi_ulto4b(0xffffffff, data->addr);
6867	else
6868		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6869
6870	/*
6871	 * XXX KDM this may not be 512 bytes...
6872	 */
6873	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6874
6875	ctl_set_success(ctsio);
6876	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6877	ctsio->be_move_done = ctl_config_move_done;
6878	ctl_datamove((union ctl_io *)ctsio);
6879	return (CTL_RETVAL_COMPLETE);
6880}
6881
6882int
6883ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6884{
6885	struct scsi_read_capacity_16 *cdb;
6886	struct scsi_read_capacity_data_long *data;
6887	struct ctl_lun *lun;
6888	uint64_t lba;
6889	uint32_t alloc_len;
6890
6891	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6892
6893	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6894
6895	alloc_len = scsi_4btoul(cdb->alloc_len);
6896	lba = scsi_8btou64(cdb->addr);
6897
6898	if ((cdb->reladr & SRC16_PMI)
6899	 && (lba != 0)) {
6900		ctl_set_invalid_field(/*ctsio*/ ctsio,
6901				      /*sks_valid*/ 1,
6902				      /*command*/ 1,
6903				      /*field*/ 2,
6904				      /*bit_valid*/ 0,
6905				      /*bit*/ 0);
6906		ctl_done((union ctl_io *)ctsio);
6907		return (CTL_RETVAL_COMPLETE);
6908	}
6909
6910	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6911
6912	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6913	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6914
6915	if (sizeof(*data) < alloc_len) {
6916		ctsio->residual = alloc_len - sizeof(*data);
6917		ctsio->kern_data_len = sizeof(*data);
6918		ctsio->kern_total_len = sizeof(*data);
6919	} else {
6920		ctsio->residual = 0;
6921		ctsio->kern_data_len = alloc_len;
6922		ctsio->kern_total_len = alloc_len;
6923	}
6924	ctsio->kern_data_resid = 0;
6925	ctsio->kern_rel_offset = 0;
6926	ctsio->kern_sg_entries = 0;
6927
6928	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6929	/* XXX KDM this may not be 512 bytes... */
6930	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6931	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6932	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6933	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6934		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6935
6936	ctl_set_success(ctsio);
6937	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6938	ctsio->be_move_done = ctl_config_move_done;
6939	ctl_datamove((union ctl_io *)ctsio);
6940	return (CTL_RETVAL_COMPLETE);
6941}
6942
6943int
6944ctl_get_lba_status(struct ctl_scsiio *ctsio)
6945{
6946	struct scsi_get_lba_status *cdb;
6947	struct scsi_get_lba_status_data *data;
6948	struct ctl_lun *lun;
6949	struct ctl_lba_len_flags *lbalen;
6950	uint64_t lba;
6951	uint32_t alloc_len, total_len;
6952	int retval;
6953
6954	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6955
6956	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6957	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6958	lba = scsi_8btou64(cdb->addr);
6959	alloc_len = scsi_4btoul(cdb->alloc_len);
6960
6961	if (lba > lun->be_lun->maxlba) {
6962		ctl_set_lba_out_of_range(ctsio);
6963		ctl_done((union ctl_io *)ctsio);
6964		return (CTL_RETVAL_COMPLETE);
6965	}
6966
6967	total_len = sizeof(*data) + sizeof(data->descr[0]);
6968	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6969	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6970
6971	if (total_len < alloc_len) {
6972		ctsio->residual = alloc_len - total_len;
6973		ctsio->kern_data_len = total_len;
6974		ctsio->kern_total_len = total_len;
6975	} else {
6976		ctsio->residual = 0;
6977		ctsio->kern_data_len = alloc_len;
6978		ctsio->kern_total_len = alloc_len;
6979	}
6980	ctsio->kern_data_resid = 0;
6981	ctsio->kern_rel_offset = 0;
6982	ctsio->kern_sg_entries = 0;
6983
6984	/* Fill dummy data in case backend can't tell anything. */
6985	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6986	scsi_u64to8b(lba, data->descr[0].addr);
6987	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6988	    data->descr[0].length);
6989	data->descr[0].status = 0; /* Mapped or unknown. */
6990
6991	ctl_set_success(ctsio);
6992	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6993	ctsio->be_move_done = ctl_config_move_done;
6994
6995	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6996	lbalen->lba = lba;
6997	lbalen->len = total_len;
6998	lbalen->flags = 0;
6999	retval = lun->backend->config_read((union ctl_io *)ctsio);
7000	return (CTL_RETVAL_COMPLETE);
7001}
7002
7003int
7004ctl_read_defect(struct ctl_scsiio *ctsio)
7005{
7006	struct scsi_read_defect_data_10 *ccb10;
7007	struct scsi_read_defect_data_12 *ccb12;
7008	struct scsi_read_defect_data_hdr_10 *data10;
7009	struct scsi_read_defect_data_hdr_12 *data12;
7010	uint32_t alloc_len, data_len;
7011	uint8_t format;
7012
7013	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7014
7015	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7016		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7017		format = ccb10->format;
7018		alloc_len = scsi_2btoul(ccb10->alloc_length);
7019		data_len = sizeof(*data10);
7020	} else {
7021		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7022		format = ccb12->format;
7023		alloc_len = scsi_4btoul(ccb12->alloc_length);
7024		data_len = sizeof(*data12);
7025	}
7026	if (alloc_len == 0) {
7027		ctl_set_success(ctsio);
7028		ctl_done((union ctl_io *)ctsio);
7029		return (CTL_RETVAL_COMPLETE);
7030	}
7031
7032	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7033	if (data_len < alloc_len) {
7034		ctsio->residual = alloc_len - data_len;
7035		ctsio->kern_data_len = data_len;
7036		ctsio->kern_total_len = data_len;
7037	} else {
7038		ctsio->residual = 0;
7039		ctsio->kern_data_len = alloc_len;
7040		ctsio->kern_total_len = alloc_len;
7041	}
7042	ctsio->kern_data_resid = 0;
7043	ctsio->kern_rel_offset = 0;
7044	ctsio->kern_sg_entries = 0;
7045
7046	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7047		data10 = (struct scsi_read_defect_data_hdr_10 *)
7048		    ctsio->kern_data_ptr;
7049		data10->format = format;
7050		scsi_ulto2b(0, data10->length);
7051	} else {
7052		data12 = (struct scsi_read_defect_data_hdr_12 *)
7053		    ctsio->kern_data_ptr;
7054		data12->format = format;
7055		scsi_ulto2b(0, data12->generation);
7056		scsi_ulto4b(0, data12->length);
7057	}
7058
7059	ctl_set_success(ctsio);
7060	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7061	ctsio->be_move_done = ctl_config_move_done;
7062	ctl_datamove((union ctl_io *)ctsio);
7063	return (CTL_RETVAL_COMPLETE);
7064}
7065
7066int
7067ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7068{
7069	struct scsi_maintenance_in *cdb;
7070	int retval;
7071	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7072	int num_target_port_groups, num_target_ports;
7073	struct ctl_lun *lun;
7074	struct ctl_softc *softc;
7075	struct ctl_port *port;
7076	struct scsi_target_group_data *rtg_ptr;
7077	struct scsi_target_group_data_extended *rtg_ext_ptr;
7078	struct scsi_target_port_group_descriptor *tpg_desc;
7079
7080	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7081
7082	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7083	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7084	softc = lun->ctl_softc;
7085
7086	retval = CTL_RETVAL_COMPLETE;
7087
7088	switch (cdb->byte2 & STG_PDF_MASK) {
7089	case STG_PDF_LENGTH:
7090		ext = 0;
7091		break;
7092	case STG_PDF_EXTENDED:
7093		ext = 1;
7094		break;
7095	default:
7096		ctl_set_invalid_field(/*ctsio*/ ctsio,
7097				      /*sks_valid*/ 1,
7098				      /*command*/ 1,
7099				      /*field*/ 2,
7100				      /*bit_valid*/ 1,
7101				      /*bit*/ 5);
7102		ctl_done((union ctl_io *)ctsio);
7103		return(retval);
7104	}
7105
7106	if (softc->is_single)
7107		num_target_port_groups = 1;
7108	else
7109		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7110	num_target_ports = 0;
7111	mtx_lock(&softc->ctl_lock);
7112	STAILQ_FOREACH(port, &softc->port_list, links) {
7113		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7114			continue;
7115		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7116			continue;
7117		num_target_ports++;
7118	}
7119	mtx_unlock(&softc->ctl_lock);
7120
7121	if (ext)
7122		total_len = sizeof(struct scsi_target_group_data_extended);
7123	else
7124		total_len = sizeof(struct scsi_target_group_data);
7125	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7126		num_target_port_groups +
7127	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7128
7129	alloc_len = scsi_4btoul(cdb->length);
7130
7131	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7132
7133	ctsio->kern_sg_entries = 0;
7134
7135	if (total_len < alloc_len) {
7136		ctsio->residual = alloc_len - total_len;
7137		ctsio->kern_data_len = total_len;
7138		ctsio->kern_total_len = total_len;
7139	} else {
7140		ctsio->residual = 0;
7141		ctsio->kern_data_len = alloc_len;
7142		ctsio->kern_total_len = alloc_len;
7143	}
7144	ctsio->kern_data_resid = 0;
7145	ctsio->kern_rel_offset = 0;
7146
7147	if (ext) {
7148		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7149		    ctsio->kern_data_ptr;
7150		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7151		rtg_ext_ptr->format_type = 0x10;
7152		rtg_ext_ptr->implicit_transition_time = 0;
7153		tpg_desc = &rtg_ext_ptr->groups[0];
7154	} else {
7155		rtg_ptr = (struct scsi_target_group_data *)
7156		    ctsio->kern_data_ptr;
7157		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7158		tpg_desc = &rtg_ptr->groups[0];
7159	}
7160
7161	mtx_lock(&softc->ctl_lock);
7162	pg = softc->port_min / softc->port_cnt;
7163	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7164		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7165	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7166		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7167	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7168		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7169	else
7170		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7171	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7172		os = gs;
7173		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7174	} else
7175		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7176	for (g = 0; g < num_target_port_groups; g++) {
7177		tpg_desc->pref_state = (g == pg) ? gs : os;
7178		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7179		    TPG_U_SUP | TPG_T_SUP;
7180		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7181		tpg_desc->status = TPG_IMPLICIT;
7182		pc = 0;
7183		STAILQ_FOREACH(port, &softc->port_list, links) {
7184			if (port->targ_port < g * softc->port_cnt ||
7185			    port->targ_port >= (g + 1) * softc->port_cnt)
7186				continue;
7187			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7188				continue;
7189			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7190				continue;
7191			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7192			    relative_target_port_identifier);
7193			pc++;
7194		}
7195		tpg_desc->target_port_count = pc;
7196		tpg_desc = (struct scsi_target_port_group_descriptor *)
7197		    &tpg_desc->descriptors[pc];
7198	}
7199	mtx_unlock(&softc->ctl_lock);
7200
7201	ctl_set_success(ctsio);
7202	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7203	ctsio->be_move_done = ctl_config_move_done;
7204	ctl_datamove((union ctl_io *)ctsio);
7205	return(retval);
7206}
7207
7208int
7209ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7210{
7211	struct ctl_lun *lun;
7212	struct scsi_report_supported_opcodes *cdb;
7213	const struct ctl_cmd_entry *entry, *sentry;
7214	struct scsi_report_supported_opcodes_all *all;
7215	struct scsi_report_supported_opcodes_descr *descr;
7216	struct scsi_report_supported_opcodes_one *one;
7217	int retval;
7218	int alloc_len, total_len;
7219	int opcode, service_action, i, j, num;
7220
7221	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7222
7223	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7224	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7225
7226	retval = CTL_RETVAL_COMPLETE;
7227
7228	opcode = cdb->requested_opcode;
7229	service_action = scsi_2btoul(cdb->requested_service_action);
7230	switch (cdb->options & RSO_OPTIONS_MASK) {
7231	case RSO_OPTIONS_ALL:
7232		num = 0;
7233		for (i = 0; i < 256; i++) {
7234			entry = &ctl_cmd_table[i];
7235			if (entry->flags & CTL_CMD_FLAG_SA5) {
7236				for (j = 0; j < 32; j++) {
7237					sentry = &((const struct ctl_cmd_entry *)
7238					    entry->execute)[j];
7239					if (ctl_cmd_applicable(
7240					    lun->be_lun->lun_type, sentry))
7241						num++;
7242				}
7243			} else {
7244				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7245				    entry))
7246					num++;
7247			}
7248		}
7249		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7250		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7251		break;
7252	case RSO_OPTIONS_OC:
7253		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7254			ctl_set_invalid_field(/*ctsio*/ ctsio,
7255					      /*sks_valid*/ 1,
7256					      /*command*/ 1,
7257					      /*field*/ 2,
7258					      /*bit_valid*/ 1,
7259					      /*bit*/ 2);
7260			ctl_done((union ctl_io *)ctsio);
7261			return (CTL_RETVAL_COMPLETE);
7262		}
7263		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7264		break;
7265	case RSO_OPTIONS_OC_SA:
7266		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7267		    service_action >= 32) {
7268			ctl_set_invalid_field(/*ctsio*/ ctsio,
7269					      /*sks_valid*/ 1,
7270					      /*command*/ 1,
7271					      /*field*/ 2,
7272					      /*bit_valid*/ 1,
7273					      /*bit*/ 2);
7274			ctl_done((union ctl_io *)ctsio);
7275			return (CTL_RETVAL_COMPLETE);
7276		}
7277		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7278		break;
7279	default:
7280		ctl_set_invalid_field(/*ctsio*/ ctsio,
7281				      /*sks_valid*/ 1,
7282				      /*command*/ 1,
7283				      /*field*/ 2,
7284				      /*bit_valid*/ 1,
7285				      /*bit*/ 2);
7286		ctl_done((union ctl_io *)ctsio);
7287		return (CTL_RETVAL_COMPLETE);
7288	}
7289
7290	alloc_len = scsi_4btoul(cdb->length);
7291
7292	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7293
7294	ctsio->kern_sg_entries = 0;
7295
7296	if (total_len < alloc_len) {
7297		ctsio->residual = alloc_len - total_len;
7298		ctsio->kern_data_len = total_len;
7299		ctsio->kern_total_len = total_len;
7300	} else {
7301		ctsio->residual = 0;
7302		ctsio->kern_data_len = alloc_len;
7303		ctsio->kern_total_len = alloc_len;
7304	}
7305	ctsio->kern_data_resid = 0;
7306	ctsio->kern_rel_offset = 0;
7307
7308	switch (cdb->options & RSO_OPTIONS_MASK) {
7309	case RSO_OPTIONS_ALL:
7310		all = (struct scsi_report_supported_opcodes_all *)
7311		    ctsio->kern_data_ptr;
7312		num = 0;
7313		for (i = 0; i < 256; i++) {
7314			entry = &ctl_cmd_table[i];
7315			if (entry->flags & CTL_CMD_FLAG_SA5) {
7316				for (j = 0; j < 32; j++) {
7317					sentry = &((const struct ctl_cmd_entry *)
7318					    entry->execute)[j];
7319					if (!ctl_cmd_applicable(
7320					    lun->be_lun->lun_type, sentry))
7321						continue;
7322					descr = &all->descr[num++];
7323					descr->opcode = i;
7324					scsi_ulto2b(j, descr->service_action);
7325					descr->flags = RSO_SERVACTV;
7326					scsi_ulto2b(sentry->length,
7327					    descr->cdb_length);
7328				}
7329			} else {
7330				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7331				    entry))
7332					continue;
7333				descr = &all->descr[num++];
7334				descr->opcode = i;
7335				scsi_ulto2b(0, descr->service_action);
7336				descr->flags = 0;
7337				scsi_ulto2b(entry->length, descr->cdb_length);
7338			}
7339		}
7340		scsi_ulto4b(
7341		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7342		    all->length);
7343		break;
7344	case RSO_OPTIONS_OC:
7345		one = (struct scsi_report_supported_opcodes_one *)
7346		    ctsio->kern_data_ptr;
7347		entry = &ctl_cmd_table[opcode];
7348		goto fill_one;
7349	case RSO_OPTIONS_OC_SA:
7350		one = (struct scsi_report_supported_opcodes_one *)
7351		    ctsio->kern_data_ptr;
7352		entry = &ctl_cmd_table[opcode];
7353		entry = &((const struct ctl_cmd_entry *)
7354		    entry->execute)[service_action];
7355fill_one:
7356		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7357			one->support = 3;
7358			scsi_ulto2b(entry->length, one->cdb_length);
7359			one->cdb_usage[0] = opcode;
7360			memcpy(&one->cdb_usage[1], entry->usage,
7361			    entry->length - 1);
7362		} else
7363			one->support = 1;
7364		break;
7365	}
7366
7367	ctl_set_success(ctsio);
7368	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7369	ctsio->be_move_done = ctl_config_move_done;
7370	ctl_datamove((union ctl_io *)ctsio);
7371	return(retval);
7372}
7373
7374int
7375ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7376{
7377	struct scsi_report_supported_tmf *cdb;
7378	struct scsi_report_supported_tmf_data *data;
7379	int retval;
7380	int alloc_len, total_len;
7381
7382	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7383
7384	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7385
7386	retval = CTL_RETVAL_COMPLETE;
7387
7388	total_len = sizeof(struct scsi_report_supported_tmf_data);
7389	alloc_len = scsi_4btoul(cdb->length);
7390
7391	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7392
7393	ctsio->kern_sg_entries = 0;
7394
7395	if (total_len < alloc_len) {
7396		ctsio->residual = alloc_len - total_len;
7397		ctsio->kern_data_len = total_len;
7398		ctsio->kern_total_len = total_len;
7399	} else {
7400		ctsio->residual = 0;
7401		ctsio->kern_data_len = alloc_len;
7402		ctsio->kern_total_len = alloc_len;
7403	}
7404	ctsio->kern_data_resid = 0;
7405	ctsio->kern_rel_offset = 0;
7406
7407	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7408	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7409	    RST_TRS;
7410	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7411
7412	ctl_set_success(ctsio);
7413	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7414	ctsio->be_move_done = ctl_config_move_done;
7415	ctl_datamove((union ctl_io *)ctsio);
7416	return (retval);
7417}
7418
7419int
7420ctl_report_timestamp(struct ctl_scsiio *ctsio)
7421{
7422	struct scsi_report_timestamp *cdb;
7423	struct scsi_report_timestamp_data *data;
7424	struct timeval tv;
7425	int64_t timestamp;
7426	int retval;
7427	int alloc_len, total_len;
7428
7429	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7430
7431	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7432
7433	retval = CTL_RETVAL_COMPLETE;
7434
7435	total_len = sizeof(struct scsi_report_timestamp_data);
7436	alloc_len = scsi_4btoul(cdb->length);
7437
7438	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7439
7440	ctsio->kern_sg_entries = 0;
7441
7442	if (total_len < alloc_len) {
7443		ctsio->residual = alloc_len - total_len;
7444		ctsio->kern_data_len = total_len;
7445		ctsio->kern_total_len = total_len;
7446	} else {
7447		ctsio->residual = 0;
7448		ctsio->kern_data_len = alloc_len;
7449		ctsio->kern_total_len = alloc_len;
7450	}
7451	ctsio->kern_data_resid = 0;
7452	ctsio->kern_rel_offset = 0;
7453
7454	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7455	scsi_ulto2b(sizeof(*data) - 2, data->length);
7456	data->origin = RTS_ORIG_OUTSIDE;
7457	getmicrotime(&tv);
7458	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7459	scsi_ulto4b(timestamp >> 16, data->timestamp);
7460	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7461
7462	ctl_set_success(ctsio);
7463	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7464	ctsio->be_move_done = ctl_config_move_done;
7465	ctl_datamove((union ctl_io *)ctsio);
7466	return (retval);
7467}
7468
7469int
7470ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7471{
7472	struct scsi_per_res_in *cdb;
7473	int alloc_len, total_len = 0;
7474	/* struct scsi_per_res_in_rsrv in_data; */
7475	struct ctl_lun *lun;
7476	struct ctl_softc *softc;
7477	uint64_t key;
7478
7479	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7480
7481	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7482
7483	alloc_len = scsi_2btoul(cdb->length);
7484
7485	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7486	softc = lun->ctl_softc;
7487
7488retry:
7489	mtx_lock(&lun->lun_lock);
7490	switch (cdb->action) {
7491	case SPRI_RK: /* read keys */
7492		total_len = sizeof(struct scsi_per_res_in_keys) +
7493			lun->pr_key_count *
7494			sizeof(struct scsi_per_res_key);
7495		break;
7496	case SPRI_RR: /* read reservation */
7497		if (lun->flags & CTL_LUN_PR_RESERVED)
7498			total_len = sizeof(struct scsi_per_res_in_rsrv);
7499		else
7500			total_len = sizeof(struct scsi_per_res_in_header);
7501		break;
7502	case SPRI_RC: /* report capabilities */
7503		total_len = sizeof(struct scsi_per_res_cap);
7504		break;
7505	case SPRI_RS: /* read full status */
7506		total_len = sizeof(struct scsi_per_res_in_header) +
7507		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7508		    lun->pr_key_count;
7509		break;
7510	default:
7511		panic("Invalid PR type %x", cdb->action);
7512	}
7513	mtx_unlock(&lun->lun_lock);
7514
7515	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7516
7517	if (total_len < alloc_len) {
7518		ctsio->residual = alloc_len - total_len;
7519		ctsio->kern_data_len = total_len;
7520		ctsio->kern_total_len = total_len;
7521	} else {
7522		ctsio->residual = 0;
7523		ctsio->kern_data_len = alloc_len;
7524		ctsio->kern_total_len = alloc_len;
7525	}
7526
7527	ctsio->kern_data_resid = 0;
7528	ctsio->kern_rel_offset = 0;
7529	ctsio->kern_sg_entries = 0;
7530
7531	mtx_lock(&lun->lun_lock);
7532	switch (cdb->action) {
7533	case SPRI_RK: { // read keys
7534        struct scsi_per_res_in_keys *res_keys;
7535		int i, key_count;
7536
7537		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7538
7539		/*
7540		 * We had to drop the lock to allocate our buffer, which
7541		 * leaves time for someone to come in with another
7542		 * persistent reservation.  (That is unlikely, though,
7543		 * since this should be the only persistent reservation
7544		 * command active right now.)
7545		 */
7546		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7547		    (lun->pr_key_count *
7548		     sizeof(struct scsi_per_res_key)))){
7549			mtx_unlock(&lun->lun_lock);
7550			free(ctsio->kern_data_ptr, M_CTL);
7551			printf("%s: reservation length changed, retrying\n",
7552			       __func__);
7553			goto retry;
7554		}
7555
7556		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7557
7558		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7559			     lun->pr_key_count, res_keys->header.length);
7560
7561		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7562			if ((key = ctl_get_prkey(lun, i)) == 0)
7563				continue;
7564
7565			/*
7566			 * We used lun->pr_key_count to calculate the
7567			 * size to allocate.  If it turns out the number of
7568			 * initiators with the registered flag set is
7569			 * larger than that (i.e. they haven't been kept in
7570			 * sync), we've got a problem.
7571			 */
7572			if (key_count >= lun->pr_key_count) {
7573				key_count++;
7574				continue;
7575			}
7576			scsi_u64to8b(key, res_keys->keys[key_count].key);
7577			key_count++;
7578		}
7579		break;
7580	}
7581	case SPRI_RR: { // read reservation
7582		struct scsi_per_res_in_rsrv *res;
7583		int tmp_len, header_only;
7584
7585		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7586
7587		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7588
7589		if (lun->flags & CTL_LUN_PR_RESERVED)
7590		{
7591			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7592			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7593				    res->header.length);
7594			header_only = 0;
7595		} else {
7596			tmp_len = sizeof(struct scsi_per_res_in_header);
7597			scsi_ulto4b(0, res->header.length);
7598			header_only = 1;
7599		}
7600
7601		/*
7602		 * We had to drop the lock to allocate our buffer, which
7603		 * leaves time for someone to come in with another
7604		 * persistent reservation.  (That is unlikely, though,
7605		 * since this should be the only persistent reservation
7606		 * command active right now.)
7607		 */
7608		if (tmp_len != total_len) {
7609			mtx_unlock(&lun->lun_lock);
7610			free(ctsio->kern_data_ptr, M_CTL);
7611			printf("%s: reservation status changed, retrying\n",
7612			       __func__);
7613			goto retry;
7614		}
7615
7616		/*
7617		 * No reservation held, so we're done.
7618		 */
7619		if (header_only != 0)
7620			break;
7621
7622		/*
7623		 * If the registration is an All Registrants type, the key
7624		 * is 0, since it doesn't really matter.
7625		 */
7626		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7627			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7628			    res->data.reservation);
7629		}
7630		res->data.scopetype = lun->res_type;
7631		break;
7632	}
7633	case SPRI_RC:     //report capabilities
7634	{
7635		struct scsi_per_res_cap *res_cap;
7636		uint16_t type_mask;
7637
7638		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7639		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7640		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7641		type_mask = SPRI_TM_WR_EX_AR |
7642			    SPRI_TM_EX_AC_RO |
7643			    SPRI_TM_WR_EX_RO |
7644			    SPRI_TM_EX_AC |
7645			    SPRI_TM_WR_EX |
7646			    SPRI_TM_EX_AC_AR;
7647		scsi_ulto2b(type_mask, res_cap->type_mask);
7648		break;
7649	}
7650	case SPRI_RS: { // read full status
7651		struct scsi_per_res_in_full *res_status;
7652		struct scsi_per_res_in_full_desc *res_desc;
7653		struct ctl_port *port;
7654		int i, len;
7655
7656		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7657
7658		/*
7659		 * We had to drop the lock to allocate our buffer, which
7660		 * leaves time for someone to come in with another
7661		 * persistent reservation.  (That is unlikely, though,
7662		 * since this should be the only persistent reservation
7663		 * command active right now.)
7664		 */
7665		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7666		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7667		     lun->pr_key_count)){
7668			mtx_unlock(&lun->lun_lock);
7669			free(ctsio->kern_data_ptr, M_CTL);
7670			printf("%s: reservation length changed, retrying\n",
7671			       __func__);
7672			goto retry;
7673		}
7674
7675		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7676
7677		res_desc = &res_status->desc[0];
7678		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7679			if ((key = ctl_get_prkey(lun, i)) == 0)
7680				continue;
7681
7682			scsi_u64to8b(key, res_desc->res_key.key);
7683			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7684			    (lun->pr_res_idx == i ||
7685			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7686				res_desc->flags = SPRI_FULL_R_HOLDER;
7687				res_desc->scopetype = lun->res_type;
7688			}
7689			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7690			    res_desc->rel_trgt_port_id);
7691			len = 0;
7692			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7693			if (port != NULL)
7694				len = ctl_create_iid(port,
7695				    i % CTL_MAX_INIT_PER_PORT,
7696				    res_desc->transport_id);
7697			scsi_ulto4b(len, res_desc->additional_length);
7698			res_desc = (struct scsi_per_res_in_full_desc *)
7699			    &res_desc->transport_id[len];
7700		}
7701		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7702		    res_status->header.length);
7703		break;
7704	}
7705	default:
7706		/*
7707		 * This is a bug, because we just checked for this above,
7708		 * and should have returned an error.
7709		 */
7710		panic("Invalid PR type %x", cdb->action);
7711		break; /* NOTREACHED */
7712	}
7713	mtx_unlock(&lun->lun_lock);
7714
7715	ctl_set_success(ctsio);
7716	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7717	ctsio->be_move_done = ctl_config_move_done;
7718	ctl_datamove((union ctl_io *)ctsio);
7719	return (CTL_RETVAL_COMPLETE);
7720}
7721
7722/*
7723 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7724 * it should return.
7725 */
7726static int
7727ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7728		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7729		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7730		struct scsi_per_res_out_parms* param)
7731{
7732	union ctl_ha_msg persis_io;
7733	int i;
7734
7735	mtx_lock(&lun->lun_lock);
7736	if (sa_res_key == 0) {
7737		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7738			/* validate scope and type */
7739			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7740			     SPR_LU_SCOPE) {
7741				mtx_unlock(&lun->lun_lock);
7742				ctl_set_invalid_field(/*ctsio*/ ctsio,
7743						      /*sks_valid*/ 1,
7744						      /*command*/ 1,
7745						      /*field*/ 2,
7746						      /*bit_valid*/ 1,
7747						      /*bit*/ 4);
7748				ctl_done((union ctl_io *)ctsio);
7749				return (1);
7750			}
7751
7752		        if (type>8 || type==2 || type==4 || type==0) {
7753				mtx_unlock(&lun->lun_lock);
7754				ctl_set_invalid_field(/*ctsio*/ ctsio,
7755       	           				      /*sks_valid*/ 1,
7756						      /*command*/ 1,
7757						      /*field*/ 2,
7758						      /*bit_valid*/ 1,
7759						      /*bit*/ 0);
7760				ctl_done((union ctl_io *)ctsio);
7761				return (1);
7762		        }
7763
7764			/*
7765			 * Unregister everybody else and build UA for
7766			 * them
7767			 */
7768			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7769				if (i == residx || ctl_get_prkey(lun, i) == 0)
7770					continue;
7771
7772				ctl_clr_prkey(lun, i);
7773				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7774			}
7775			lun->pr_key_count = 1;
7776			lun->res_type = type;
7777			if (lun->res_type != SPR_TYPE_WR_EX_AR
7778			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7779				lun->pr_res_idx = residx;
7780			lun->PRGeneration++;
7781			mtx_unlock(&lun->lun_lock);
7782
7783			/* send msg to other side */
7784			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7785			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7786			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7787			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7788			persis_io.pr.pr_info.res_type = type;
7789			memcpy(persis_io.pr.pr_info.sa_res_key,
7790			       param->serv_act_res_key,
7791			       sizeof(param->serv_act_res_key));
7792			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7793			    sizeof(persis_io.pr), M_WAITOK);
7794		} else {
7795			/* not all registrants */
7796			mtx_unlock(&lun->lun_lock);
7797			free(ctsio->kern_data_ptr, M_CTL);
7798			ctl_set_invalid_field(ctsio,
7799					      /*sks_valid*/ 1,
7800					      /*command*/ 0,
7801					      /*field*/ 8,
7802					      /*bit_valid*/ 0,
7803					      /*bit*/ 0);
7804			ctl_done((union ctl_io *)ctsio);
7805			return (1);
7806		}
7807	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7808		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7809		int found = 0;
7810
7811		if (res_key == sa_res_key) {
7812			/* special case */
7813			/*
7814			 * The spec implies this is not good but doesn't
7815			 * say what to do. There are two choices either
7816			 * generate a res conflict or check condition
7817			 * with illegal field in parameter data. Since
7818			 * that is what is done when the sa_res_key is
7819			 * zero I'll take that approach since this has
7820			 * to do with the sa_res_key.
7821			 */
7822			mtx_unlock(&lun->lun_lock);
7823			free(ctsio->kern_data_ptr, M_CTL);
7824			ctl_set_invalid_field(ctsio,
7825					      /*sks_valid*/ 1,
7826					      /*command*/ 0,
7827					      /*field*/ 8,
7828					      /*bit_valid*/ 0,
7829					      /*bit*/ 0);
7830			ctl_done((union ctl_io *)ctsio);
7831			return (1);
7832		}
7833
7834		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7835			if (ctl_get_prkey(lun, i) != sa_res_key)
7836				continue;
7837
7838			found = 1;
7839			ctl_clr_prkey(lun, i);
7840			lun->pr_key_count--;
7841			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7842		}
7843		if (!found) {
7844			mtx_unlock(&lun->lun_lock);
7845			free(ctsio->kern_data_ptr, M_CTL);
7846			ctl_set_reservation_conflict(ctsio);
7847			ctl_done((union ctl_io *)ctsio);
7848			return (CTL_RETVAL_COMPLETE);
7849		}
7850		lun->PRGeneration++;
7851		mtx_unlock(&lun->lun_lock);
7852
7853		/* send msg to other side */
7854		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7855		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7856		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7857		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7858		persis_io.pr.pr_info.res_type = type;
7859		memcpy(persis_io.pr.pr_info.sa_res_key,
7860		       param->serv_act_res_key,
7861		       sizeof(param->serv_act_res_key));
7862		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7863		    sizeof(persis_io.pr), M_WAITOK);
7864	} else {
7865		/* Reserved but not all registrants */
7866		/* sa_res_key is res holder */
7867		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7868			/* validate scope and type */
7869			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7870			     SPR_LU_SCOPE) {
7871				mtx_unlock(&lun->lun_lock);
7872				ctl_set_invalid_field(/*ctsio*/ ctsio,
7873						      /*sks_valid*/ 1,
7874						      /*command*/ 1,
7875						      /*field*/ 2,
7876						      /*bit_valid*/ 1,
7877						      /*bit*/ 4);
7878				ctl_done((union ctl_io *)ctsio);
7879				return (1);
7880			}
7881
7882			if (type>8 || type==2 || type==4 || type==0) {
7883				mtx_unlock(&lun->lun_lock);
7884				ctl_set_invalid_field(/*ctsio*/ ctsio,
7885						      /*sks_valid*/ 1,
7886						      /*command*/ 1,
7887						      /*field*/ 2,
7888						      /*bit_valid*/ 1,
7889						      /*bit*/ 0);
7890				ctl_done((union ctl_io *)ctsio);
7891				return (1);
7892			}
7893
7894			/*
7895			 * Do the following:
7896			 * if sa_res_key != res_key remove all
7897			 * registrants w/sa_res_key and generate UA
7898			 * for these registrants(Registrations
7899			 * Preempted) if it wasn't an exclusive
7900			 * reservation generate UA(Reservations
7901			 * Preempted) for all other registered nexuses
7902			 * if the type has changed. Establish the new
7903			 * reservation and holder. If res_key and
7904			 * sa_res_key are the same do the above
7905			 * except don't unregister the res holder.
7906			 */
7907
7908			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7909				if (i == residx || ctl_get_prkey(lun, i) == 0)
7910					continue;
7911
7912				if (sa_res_key == ctl_get_prkey(lun, i)) {
7913					ctl_clr_prkey(lun, i);
7914					lun->pr_key_count--;
7915					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7916				} else if (type != lun->res_type
7917					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7918					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7919					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7920				}
7921			}
7922			lun->res_type = type;
7923			if (lun->res_type != SPR_TYPE_WR_EX_AR
7924			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7925				lun->pr_res_idx = residx;
7926			else
7927				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7928			lun->PRGeneration++;
7929			mtx_unlock(&lun->lun_lock);
7930
7931			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7932			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7933			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7934			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7935			persis_io.pr.pr_info.res_type = type;
7936			memcpy(persis_io.pr.pr_info.sa_res_key,
7937			       param->serv_act_res_key,
7938			       sizeof(param->serv_act_res_key));
7939			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7940			    sizeof(persis_io.pr), M_WAITOK);
7941		} else {
7942			/*
7943			 * sa_res_key is not the res holder just
7944			 * remove registrants
7945			 */
7946			int found=0;
7947
7948			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7949				if (sa_res_key != ctl_get_prkey(lun, i))
7950					continue;
7951
7952				found = 1;
7953				ctl_clr_prkey(lun, i);
7954				lun->pr_key_count--;
7955				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7956			}
7957
7958			if (!found) {
7959				mtx_unlock(&lun->lun_lock);
7960				free(ctsio->kern_data_ptr, M_CTL);
7961				ctl_set_reservation_conflict(ctsio);
7962				ctl_done((union ctl_io *)ctsio);
7963		        	return (1);
7964			}
7965			lun->PRGeneration++;
7966			mtx_unlock(&lun->lun_lock);
7967
7968			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7969			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7970			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7971			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7972			persis_io.pr.pr_info.res_type = type;
7973			memcpy(persis_io.pr.pr_info.sa_res_key,
7974			       param->serv_act_res_key,
7975			       sizeof(param->serv_act_res_key));
7976			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7977			    sizeof(persis_io.pr), M_WAITOK);
7978		}
7979	}
7980	return (0);
7981}
7982
7983static void
7984ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7985{
7986	uint64_t sa_res_key;
7987	int i;
7988
7989	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7990
7991	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7992	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7993	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7994		if (sa_res_key == 0) {
7995			/*
7996			 * Unregister everybody else and build UA for
7997			 * them
7998			 */
7999			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8000				if (i == msg->pr.pr_info.residx ||
8001				    ctl_get_prkey(lun, i) == 0)
8002					continue;
8003
8004				ctl_clr_prkey(lun, i);
8005				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8006			}
8007
8008			lun->pr_key_count = 1;
8009			lun->res_type = msg->pr.pr_info.res_type;
8010			if (lun->res_type != SPR_TYPE_WR_EX_AR
8011			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8012				lun->pr_res_idx = msg->pr.pr_info.residx;
8013		} else {
8014		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8015				if (sa_res_key == ctl_get_prkey(lun, i))
8016					continue;
8017
8018				ctl_clr_prkey(lun, i);
8019				lun->pr_key_count--;
8020				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8021			}
8022		}
8023	} else {
8024		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8025			if (i == msg->pr.pr_info.residx ||
8026			    ctl_get_prkey(lun, i) == 0)
8027				continue;
8028
8029			if (sa_res_key == ctl_get_prkey(lun, i)) {
8030				ctl_clr_prkey(lun, i);
8031				lun->pr_key_count--;
8032				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8033			} else if (msg->pr.pr_info.res_type != lun->res_type
8034				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8035				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8036				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8037			}
8038		}
8039		lun->res_type = msg->pr.pr_info.res_type;
8040		if (lun->res_type != SPR_TYPE_WR_EX_AR
8041		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8042			lun->pr_res_idx = msg->pr.pr_info.residx;
8043		else
8044			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8045	}
8046	lun->PRGeneration++;
8047
8048}
8049
8050
8051int
8052ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8053{
8054	int retval;
8055	u_int32_t param_len;
8056	struct scsi_per_res_out *cdb;
8057	struct ctl_lun *lun;
8058	struct scsi_per_res_out_parms* param;
8059	struct ctl_softc *softc;
8060	uint32_t residx;
8061	uint64_t res_key, sa_res_key, key;
8062	uint8_t type;
8063	union ctl_ha_msg persis_io;
8064	int    i;
8065
8066	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8067
8068	retval = CTL_RETVAL_COMPLETE;
8069
8070	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8071	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8072	softc = lun->ctl_softc;
8073
8074	/*
8075	 * We only support whole-LUN scope.  The scope & type are ignored for
8076	 * register, register and ignore existing key and clear.
8077	 * We sometimes ignore scope and type on preempts too!!
8078	 * Verify reservation type here as well.
8079	 */
8080	type = cdb->scope_type & SPR_TYPE_MASK;
8081	if ((cdb->action == SPRO_RESERVE)
8082	 || (cdb->action == SPRO_RELEASE)) {
8083		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8084			ctl_set_invalid_field(/*ctsio*/ ctsio,
8085					      /*sks_valid*/ 1,
8086					      /*command*/ 1,
8087					      /*field*/ 2,
8088					      /*bit_valid*/ 1,
8089					      /*bit*/ 4);
8090			ctl_done((union ctl_io *)ctsio);
8091			return (CTL_RETVAL_COMPLETE);
8092		}
8093
8094		if (type>8 || type==2 || type==4 || type==0) {
8095			ctl_set_invalid_field(/*ctsio*/ ctsio,
8096					      /*sks_valid*/ 1,
8097					      /*command*/ 1,
8098					      /*field*/ 2,
8099					      /*bit_valid*/ 1,
8100					      /*bit*/ 0);
8101			ctl_done((union ctl_io *)ctsio);
8102			return (CTL_RETVAL_COMPLETE);
8103		}
8104	}
8105
8106	param_len = scsi_4btoul(cdb->length);
8107
8108	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8109		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8110		ctsio->kern_data_len = param_len;
8111		ctsio->kern_total_len = param_len;
8112		ctsio->kern_data_resid = 0;
8113		ctsio->kern_rel_offset = 0;
8114		ctsio->kern_sg_entries = 0;
8115		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8116		ctsio->be_move_done = ctl_config_move_done;
8117		ctl_datamove((union ctl_io *)ctsio);
8118
8119		return (CTL_RETVAL_COMPLETE);
8120	}
8121
8122	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8123
8124	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8125	res_key = scsi_8btou64(param->res_key.key);
8126	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8127
8128	/*
8129	 * Validate the reservation key here except for SPRO_REG_IGNO
8130	 * This must be done for all other service actions
8131	 */
8132	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8133		mtx_lock(&lun->lun_lock);
8134		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8135			if (res_key != key) {
8136				/*
8137				 * The current key passed in doesn't match
8138				 * the one the initiator previously
8139				 * registered.
8140				 */
8141				mtx_unlock(&lun->lun_lock);
8142				free(ctsio->kern_data_ptr, M_CTL);
8143				ctl_set_reservation_conflict(ctsio);
8144				ctl_done((union ctl_io *)ctsio);
8145				return (CTL_RETVAL_COMPLETE);
8146			}
8147		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8148			/*
8149			 * We are not registered
8150			 */
8151			mtx_unlock(&lun->lun_lock);
8152			free(ctsio->kern_data_ptr, M_CTL);
8153			ctl_set_reservation_conflict(ctsio);
8154			ctl_done((union ctl_io *)ctsio);
8155			return (CTL_RETVAL_COMPLETE);
8156		} else if (res_key != 0) {
8157			/*
8158			 * We are not registered and trying to register but
8159			 * the register key isn't zero.
8160			 */
8161			mtx_unlock(&lun->lun_lock);
8162			free(ctsio->kern_data_ptr, M_CTL);
8163			ctl_set_reservation_conflict(ctsio);
8164			ctl_done((union ctl_io *)ctsio);
8165			return (CTL_RETVAL_COMPLETE);
8166		}
8167		mtx_unlock(&lun->lun_lock);
8168	}
8169
8170	switch (cdb->action & SPRO_ACTION_MASK) {
8171	case SPRO_REGISTER:
8172	case SPRO_REG_IGNO: {
8173
8174#if 0
8175		printf("Registration received\n");
8176#endif
8177
8178		/*
8179		 * We don't support any of these options, as we report in
8180		 * the read capabilities request (see
8181		 * ctl_persistent_reserve_in(), above).
8182		 */
8183		if ((param->flags & SPR_SPEC_I_PT)
8184		 || (param->flags & SPR_ALL_TG_PT)
8185		 || (param->flags & SPR_APTPL)) {
8186			int bit_ptr;
8187
8188			if (param->flags & SPR_APTPL)
8189				bit_ptr = 0;
8190			else if (param->flags & SPR_ALL_TG_PT)
8191				bit_ptr = 2;
8192			else /* SPR_SPEC_I_PT */
8193				bit_ptr = 3;
8194
8195			free(ctsio->kern_data_ptr, M_CTL);
8196			ctl_set_invalid_field(ctsio,
8197					      /*sks_valid*/ 1,
8198					      /*command*/ 0,
8199					      /*field*/ 20,
8200					      /*bit_valid*/ 1,
8201					      /*bit*/ bit_ptr);
8202			ctl_done((union ctl_io *)ctsio);
8203			return (CTL_RETVAL_COMPLETE);
8204		}
8205
8206		mtx_lock(&lun->lun_lock);
8207
8208		/*
8209		 * The initiator wants to clear the
8210		 * key/unregister.
8211		 */
8212		if (sa_res_key == 0) {
8213			if ((res_key == 0
8214			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8215			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8216			  && ctl_get_prkey(lun, residx) == 0)) {
8217				mtx_unlock(&lun->lun_lock);
8218				goto done;
8219			}
8220
8221			ctl_clr_prkey(lun, residx);
8222			lun->pr_key_count--;
8223
8224			if (residx == lun->pr_res_idx) {
8225				lun->flags &= ~CTL_LUN_PR_RESERVED;
8226				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8227
8228				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8229				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8230				 && lun->pr_key_count) {
8231					/*
8232					 * If the reservation is a registrants
8233					 * only type we need to generate a UA
8234					 * for other registered inits.  The
8235					 * sense code should be RESERVATIONS
8236					 * RELEASED
8237					 */
8238
8239					for (i = softc->init_min; i < softc->init_max; i++){
8240						if (ctl_get_prkey(lun, i) == 0)
8241							continue;
8242						ctl_est_ua(lun, i,
8243						    CTL_UA_RES_RELEASE);
8244					}
8245				}
8246				lun->res_type = 0;
8247			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8248				if (lun->pr_key_count==0) {
8249					lun->flags &= ~CTL_LUN_PR_RESERVED;
8250					lun->res_type = 0;
8251					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8252				}
8253			}
8254			lun->PRGeneration++;
8255			mtx_unlock(&lun->lun_lock);
8256
8257			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8258			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8259			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8260			persis_io.pr.pr_info.residx = residx;
8261			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8262			    sizeof(persis_io.pr), M_WAITOK);
8263		} else /* sa_res_key != 0 */ {
8264
8265			/*
8266			 * If we aren't registered currently then increment
8267			 * the key count and set the registered flag.
8268			 */
8269			ctl_alloc_prkey(lun, residx);
8270			if (ctl_get_prkey(lun, residx) == 0)
8271				lun->pr_key_count++;
8272			ctl_set_prkey(lun, residx, sa_res_key);
8273			lun->PRGeneration++;
8274			mtx_unlock(&lun->lun_lock);
8275
8276			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8277			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8278			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8279			persis_io.pr.pr_info.residx = residx;
8280			memcpy(persis_io.pr.pr_info.sa_res_key,
8281			       param->serv_act_res_key,
8282			       sizeof(param->serv_act_res_key));
8283			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8284			    sizeof(persis_io.pr), M_WAITOK);
8285		}
8286
8287		break;
8288	}
8289	case SPRO_RESERVE:
8290#if 0
8291                printf("Reserve executed type %d\n", type);
8292#endif
8293		mtx_lock(&lun->lun_lock);
8294		if (lun->flags & CTL_LUN_PR_RESERVED) {
8295			/*
8296			 * if this isn't the reservation holder and it's
8297			 * not a "all registrants" type or if the type is
8298			 * different then we have a conflict
8299			 */
8300			if ((lun->pr_res_idx != residx
8301			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8302			 || lun->res_type != type) {
8303				mtx_unlock(&lun->lun_lock);
8304				free(ctsio->kern_data_ptr, M_CTL);
8305				ctl_set_reservation_conflict(ctsio);
8306				ctl_done((union ctl_io *)ctsio);
8307				return (CTL_RETVAL_COMPLETE);
8308			}
8309			mtx_unlock(&lun->lun_lock);
8310		} else /* create a reservation */ {
8311			/*
8312			 * If it's not an "all registrants" type record
8313			 * reservation holder
8314			 */
8315			if (type != SPR_TYPE_WR_EX_AR
8316			 && type != SPR_TYPE_EX_AC_AR)
8317				lun->pr_res_idx = residx; /* Res holder */
8318			else
8319				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8320
8321			lun->flags |= CTL_LUN_PR_RESERVED;
8322			lun->res_type = type;
8323
8324			mtx_unlock(&lun->lun_lock);
8325
8326			/* send msg to other side */
8327			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8328			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8329			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8330			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8331			persis_io.pr.pr_info.res_type = type;
8332			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8333			    sizeof(persis_io.pr), M_WAITOK);
8334		}
8335		break;
8336
8337	case SPRO_RELEASE:
8338		mtx_lock(&lun->lun_lock);
8339		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8340			/* No reservation exists return good status */
8341			mtx_unlock(&lun->lun_lock);
8342			goto done;
8343		}
8344		/*
8345		 * Is this nexus a reservation holder?
8346		 */
8347		if (lun->pr_res_idx != residx
8348		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8349			/*
8350			 * not a res holder return good status but
8351			 * do nothing
8352			 */
8353			mtx_unlock(&lun->lun_lock);
8354			goto done;
8355		}
8356
8357		if (lun->res_type != type) {
8358			mtx_unlock(&lun->lun_lock);
8359			free(ctsio->kern_data_ptr, M_CTL);
8360			ctl_set_illegal_pr_release(ctsio);
8361			ctl_done((union ctl_io *)ctsio);
8362			return (CTL_RETVAL_COMPLETE);
8363		}
8364
8365		/* okay to release */
8366		lun->flags &= ~CTL_LUN_PR_RESERVED;
8367		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8368		lun->res_type = 0;
8369
8370		/*
8371		 * if this isn't an exclusive access
8372		 * res generate UA for all other
8373		 * registrants.
8374		 */
8375		if (type != SPR_TYPE_EX_AC
8376		 && type != SPR_TYPE_WR_EX) {
8377			for (i = softc->init_min; i < softc->init_max; i++) {
8378				if (i == residx || ctl_get_prkey(lun, i) == 0)
8379					continue;
8380				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8381			}
8382		}
8383		mtx_unlock(&lun->lun_lock);
8384
8385		/* Send msg to other side */
8386		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8387		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8388		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8389		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8390		     sizeof(persis_io.pr), M_WAITOK);
8391		break;
8392
8393	case SPRO_CLEAR:
8394		/* send msg to other side */
8395
8396		mtx_lock(&lun->lun_lock);
8397		lun->flags &= ~CTL_LUN_PR_RESERVED;
8398		lun->res_type = 0;
8399		lun->pr_key_count = 0;
8400		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8401
8402		ctl_clr_prkey(lun, residx);
8403		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8404			if (ctl_get_prkey(lun, i) != 0) {
8405				ctl_clr_prkey(lun, i);
8406				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8407			}
8408		lun->PRGeneration++;
8409		mtx_unlock(&lun->lun_lock);
8410
8411		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8412		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8413		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8414		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8415		     sizeof(persis_io.pr), M_WAITOK);
8416		break;
8417
8418	case SPRO_PREEMPT:
8419	case SPRO_PRE_ABO: {
8420		int nretval;
8421
8422		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8423					  residx, ctsio, cdb, param);
8424		if (nretval != 0)
8425			return (CTL_RETVAL_COMPLETE);
8426		break;
8427	}
8428	default:
8429		panic("Invalid PR type %x", cdb->action);
8430	}
8431
8432done:
8433	free(ctsio->kern_data_ptr, M_CTL);
8434	ctl_set_success(ctsio);
8435	ctl_done((union ctl_io *)ctsio);
8436
8437	return (retval);
8438}
8439
8440/*
8441 * This routine is for handling a message from the other SC pertaining to
8442 * persistent reserve out. All the error checking will have been done
8443 * so only perorming the action need be done here to keep the two
8444 * in sync.
8445 */
8446static void
8447ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8448{
8449	struct ctl_softc *softc = control_softc;
8450	struct ctl_lun *lun;
8451	int i;
8452	uint32_t residx, targ_lun;
8453
8454	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8455	mtx_lock(&softc->ctl_lock);
8456	if ((targ_lun >= CTL_MAX_LUNS) ||
8457	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8458		mtx_unlock(&softc->ctl_lock);
8459		return;
8460	}
8461	mtx_lock(&lun->lun_lock);
8462	mtx_unlock(&softc->ctl_lock);
8463	if (lun->flags & CTL_LUN_DISABLED) {
8464		mtx_unlock(&lun->lun_lock);
8465		return;
8466	}
8467	residx = ctl_get_initindex(&msg->hdr.nexus);
8468	switch(msg->pr.pr_info.action) {
8469	case CTL_PR_REG_KEY:
8470		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8471		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8472			lun->pr_key_count++;
8473		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8474		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8475		lun->PRGeneration++;
8476		break;
8477
8478	case CTL_PR_UNREG_KEY:
8479		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8480		lun->pr_key_count--;
8481
8482		/* XXX Need to see if the reservation has been released */
8483		/* if so do we need to generate UA? */
8484		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8485			lun->flags &= ~CTL_LUN_PR_RESERVED;
8486			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8487
8488			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8489			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8490			 && lun->pr_key_count) {
8491				/*
8492				 * If the reservation is a registrants
8493				 * only type we need to generate a UA
8494				 * for other registered inits.  The
8495				 * sense code should be RESERVATIONS
8496				 * RELEASED
8497				 */
8498
8499				for (i = softc->init_min; i < softc->init_max; i++) {
8500					if (ctl_get_prkey(lun, i) == 0)
8501						continue;
8502
8503					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8504				}
8505			}
8506			lun->res_type = 0;
8507		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8508			if (lun->pr_key_count==0) {
8509				lun->flags &= ~CTL_LUN_PR_RESERVED;
8510				lun->res_type = 0;
8511				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8512			}
8513		}
8514		lun->PRGeneration++;
8515		break;
8516
8517	case CTL_PR_RESERVE:
8518		lun->flags |= CTL_LUN_PR_RESERVED;
8519		lun->res_type = msg->pr.pr_info.res_type;
8520		lun->pr_res_idx = msg->pr.pr_info.residx;
8521
8522		break;
8523
8524	case CTL_PR_RELEASE:
8525		/*
8526		 * if this isn't an exclusive access res generate UA for all
8527		 * other registrants.
8528		 */
8529		if (lun->res_type != SPR_TYPE_EX_AC
8530		 && lun->res_type != SPR_TYPE_WR_EX) {
8531			for (i = softc->init_min; i < softc->init_max; i++)
8532				if (i == residx || ctl_get_prkey(lun, i) == 0)
8533					continue;
8534				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8535		}
8536
8537		lun->flags &= ~CTL_LUN_PR_RESERVED;
8538		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8539		lun->res_type = 0;
8540		break;
8541
8542	case CTL_PR_PREEMPT:
8543		ctl_pro_preempt_other(lun, msg);
8544		break;
8545	case CTL_PR_CLEAR:
8546		lun->flags &= ~CTL_LUN_PR_RESERVED;
8547		lun->res_type = 0;
8548		lun->pr_key_count = 0;
8549		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8550
8551		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8552			if (ctl_get_prkey(lun, i) == 0)
8553				continue;
8554			ctl_clr_prkey(lun, i);
8555			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8556		}
8557		lun->PRGeneration++;
8558		break;
8559	}
8560
8561	mtx_unlock(&lun->lun_lock);
8562}
8563
8564int
8565ctl_read_write(struct ctl_scsiio *ctsio)
8566{
8567	struct ctl_lun *lun;
8568	struct ctl_lba_len_flags *lbalen;
8569	uint64_t lba;
8570	uint32_t num_blocks;
8571	int flags, retval;
8572	int isread;
8573
8574	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8575
8576	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8577
8578	flags = 0;
8579	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8580	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8581	switch (ctsio->cdb[0]) {
8582	case READ_6:
8583	case WRITE_6: {
8584		struct scsi_rw_6 *cdb;
8585
8586		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8587
8588		lba = scsi_3btoul(cdb->addr);
8589		/* only 5 bits are valid in the most significant address byte */
8590		lba &= 0x1fffff;
8591		num_blocks = cdb->length;
8592		/*
8593		 * This is correct according to SBC-2.
8594		 */
8595		if (num_blocks == 0)
8596			num_blocks = 256;
8597		break;
8598	}
8599	case READ_10:
8600	case WRITE_10: {
8601		struct scsi_rw_10 *cdb;
8602
8603		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8604		if (cdb->byte2 & SRW10_FUA)
8605			flags |= CTL_LLF_FUA;
8606		if (cdb->byte2 & SRW10_DPO)
8607			flags |= CTL_LLF_DPO;
8608		lba = scsi_4btoul(cdb->addr);
8609		num_blocks = scsi_2btoul(cdb->length);
8610		break;
8611	}
8612	case WRITE_VERIFY_10: {
8613		struct scsi_write_verify_10 *cdb;
8614
8615		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8616		flags |= CTL_LLF_FUA;
8617		if (cdb->byte2 & SWV_DPO)
8618			flags |= CTL_LLF_DPO;
8619		lba = scsi_4btoul(cdb->addr);
8620		num_blocks = scsi_2btoul(cdb->length);
8621		break;
8622	}
8623	case READ_12:
8624	case WRITE_12: {
8625		struct scsi_rw_12 *cdb;
8626
8627		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8628		if (cdb->byte2 & SRW12_FUA)
8629			flags |= CTL_LLF_FUA;
8630		if (cdb->byte2 & SRW12_DPO)
8631			flags |= CTL_LLF_DPO;
8632		lba = scsi_4btoul(cdb->addr);
8633		num_blocks = scsi_4btoul(cdb->length);
8634		break;
8635	}
8636	case WRITE_VERIFY_12: {
8637		struct scsi_write_verify_12 *cdb;
8638
8639		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8640		flags |= CTL_LLF_FUA;
8641		if (cdb->byte2 & SWV_DPO)
8642			flags |= CTL_LLF_DPO;
8643		lba = scsi_4btoul(cdb->addr);
8644		num_blocks = scsi_4btoul(cdb->length);
8645		break;
8646	}
8647	case READ_16:
8648	case WRITE_16: {
8649		struct scsi_rw_16 *cdb;
8650
8651		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8652		if (cdb->byte2 & SRW12_FUA)
8653			flags |= CTL_LLF_FUA;
8654		if (cdb->byte2 & SRW12_DPO)
8655			flags |= CTL_LLF_DPO;
8656		lba = scsi_8btou64(cdb->addr);
8657		num_blocks = scsi_4btoul(cdb->length);
8658		break;
8659	}
8660	case WRITE_ATOMIC_16: {
8661		struct scsi_write_atomic_16 *cdb;
8662
8663		if (lun->be_lun->atomicblock == 0) {
8664			ctl_set_invalid_opcode(ctsio);
8665			ctl_done((union ctl_io *)ctsio);
8666			return (CTL_RETVAL_COMPLETE);
8667		}
8668
8669		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8670		if (cdb->byte2 & SRW12_FUA)
8671			flags |= CTL_LLF_FUA;
8672		if (cdb->byte2 & SRW12_DPO)
8673			flags |= CTL_LLF_DPO;
8674		lba = scsi_8btou64(cdb->addr);
8675		num_blocks = scsi_2btoul(cdb->length);
8676		if (num_blocks > lun->be_lun->atomicblock) {
8677			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8678			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8679			    /*bit*/ 0);
8680			ctl_done((union ctl_io *)ctsio);
8681			return (CTL_RETVAL_COMPLETE);
8682		}
8683		break;
8684	}
8685	case WRITE_VERIFY_16: {
8686		struct scsi_write_verify_16 *cdb;
8687
8688		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8689		flags |= CTL_LLF_FUA;
8690		if (cdb->byte2 & SWV_DPO)
8691			flags |= CTL_LLF_DPO;
8692		lba = scsi_8btou64(cdb->addr);
8693		num_blocks = scsi_4btoul(cdb->length);
8694		break;
8695	}
8696	default:
8697		/*
8698		 * We got a command we don't support.  This shouldn't
8699		 * happen, commands should be filtered out above us.
8700		 */
8701		ctl_set_invalid_opcode(ctsio);
8702		ctl_done((union ctl_io *)ctsio);
8703
8704		return (CTL_RETVAL_COMPLETE);
8705		break; /* NOTREACHED */
8706	}
8707
8708	/*
8709	 * The first check is to make sure we're in bounds, the second
8710	 * check is to catch wrap-around problems.  If the lba + num blocks
8711	 * is less than the lba, then we've wrapped around and the block
8712	 * range is invalid anyway.
8713	 */
8714	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8715	 || ((lba + num_blocks) < lba)) {
8716		ctl_set_lba_out_of_range(ctsio);
8717		ctl_done((union ctl_io *)ctsio);
8718		return (CTL_RETVAL_COMPLETE);
8719	}
8720
8721	/*
8722	 * According to SBC-3, a transfer length of 0 is not an error.
8723	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8724	 * translates to 256 blocks for those commands.
8725	 */
8726	if (num_blocks == 0) {
8727		ctl_set_success(ctsio);
8728		ctl_done((union ctl_io *)ctsio);
8729		return (CTL_RETVAL_COMPLETE);
8730	}
8731
8732	/* Set FUA and/or DPO if caches are disabled. */
8733	if (isread) {
8734		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8735		    SCP_RCD) != 0)
8736			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8737	} else {
8738		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8739		    SCP_WCE) == 0)
8740			flags |= CTL_LLF_FUA;
8741	}
8742
8743	lbalen = (struct ctl_lba_len_flags *)
8744	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8745	lbalen->lba = lba;
8746	lbalen->len = num_blocks;
8747	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8748
8749	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8750	ctsio->kern_rel_offset = 0;
8751
8752	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8753
8754	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8755	return (retval);
8756}
8757
8758static int
8759ctl_cnw_cont(union ctl_io *io)
8760{
8761	struct ctl_scsiio *ctsio;
8762	struct ctl_lun *lun;
8763	struct ctl_lba_len_flags *lbalen;
8764	int retval;
8765
8766	ctsio = &io->scsiio;
8767	ctsio->io_hdr.status = CTL_STATUS_NONE;
8768	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8769	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8770	lbalen = (struct ctl_lba_len_flags *)
8771	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8772	lbalen->flags &= ~CTL_LLF_COMPARE;
8773	lbalen->flags |= CTL_LLF_WRITE;
8774
8775	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8776	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8777	return (retval);
8778}
8779
8780int
8781ctl_cnw(struct ctl_scsiio *ctsio)
8782{
8783	struct ctl_lun *lun;
8784	struct ctl_lba_len_flags *lbalen;
8785	uint64_t lba;
8786	uint32_t num_blocks;
8787	int flags, retval;
8788
8789	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8790
8791	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8792
8793	flags = 0;
8794	switch (ctsio->cdb[0]) {
8795	case COMPARE_AND_WRITE: {
8796		struct scsi_compare_and_write *cdb;
8797
8798		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8799		if (cdb->byte2 & SRW10_FUA)
8800			flags |= CTL_LLF_FUA;
8801		if (cdb->byte2 & SRW10_DPO)
8802			flags |= CTL_LLF_DPO;
8803		lba = scsi_8btou64(cdb->addr);
8804		num_blocks = cdb->length;
8805		break;
8806	}
8807	default:
8808		/*
8809		 * We got a command we don't support.  This shouldn't
8810		 * happen, commands should be filtered out above us.
8811		 */
8812		ctl_set_invalid_opcode(ctsio);
8813		ctl_done((union ctl_io *)ctsio);
8814
8815		return (CTL_RETVAL_COMPLETE);
8816		break; /* NOTREACHED */
8817	}
8818
8819	/*
8820	 * The first check is to make sure we're in bounds, the second
8821	 * check is to catch wrap-around problems.  If the lba + num blocks
8822	 * is less than the lba, then we've wrapped around and the block
8823	 * range is invalid anyway.
8824	 */
8825	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8826	 || ((lba + num_blocks) < lba)) {
8827		ctl_set_lba_out_of_range(ctsio);
8828		ctl_done((union ctl_io *)ctsio);
8829		return (CTL_RETVAL_COMPLETE);
8830	}
8831
8832	/*
8833	 * According to SBC-3, a transfer length of 0 is not an error.
8834	 */
8835	if (num_blocks == 0) {
8836		ctl_set_success(ctsio);
8837		ctl_done((union ctl_io *)ctsio);
8838		return (CTL_RETVAL_COMPLETE);
8839	}
8840
8841	/* Set FUA if write cache is disabled. */
8842	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8843	    SCP_WCE) == 0)
8844		flags |= CTL_LLF_FUA;
8845
8846	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8847	ctsio->kern_rel_offset = 0;
8848
8849	/*
8850	 * Set the IO_CONT flag, so that if this I/O gets passed to
8851	 * ctl_data_submit_done(), it'll get passed back to
8852	 * ctl_ctl_cnw_cont() for further processing.
8853	 */
8854	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8855	ctsio->io_cont = ctl_cnw_cont;
8856
8857	lbalen = (struct ctl_lba_len_flags *)
8858	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8859	lbalen->lba = lba;
8860	lbalen->len = num_blocks;
8861	lbalen->flags = CTL_LLF_COMPARE | flags;
8862
8863	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8864	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8865	return (retval);
8866}
8867
8868int
8869ctl_verify(struct ctl_scsiio *ctsio)
8870{
8871	struct ctl_lun *lun;
8872	struct ctl_lba_len_flags *lbalen;
8873	uint64_t lba;
8874	uint32_t num_blocks;
8875	int bytchk, flags;
8876	int retval;
8877
8878	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8879
8880	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8881
8882	bytchk = 0;
8883	flags = CTL_LLF_FUA;
8884	switch (ctsio->cdb[0]) {
8885	case VERIFY_10: {
8886		struct scsi_verify_10 *cdb;
8887
8888		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8889		if (cdb->byte2 & SVFY_BYTCHK)
8890			bytchk = 1;
8891		if (cdb->byte2 & SVFY_DPO)
8892			flags |= CTL_LLF_DPO;
8893		lba = scsi_4btoul(cdb->addr);
8894		num_blocks = scsi_2btoul(cdb->length);
8895		break;
8896	}
8897	case VERIFY_12: {
8898		struct scsi_verify_12 *cdb;
8899
8900		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8901		if (cdb->byte2 & SVFY_BYTCHK)
8902			bytchk = 1;
8903		if (cdb->byte2 & SVFY_DPO)
8904			flags |= CTL_LLF_DPO;
8905		lba = scsi_4btoul(cdb->addr);
8906		num_blocks = scsi_4btoul(cdb->length);
8907		break;
8908	}
8909	case VERIFY_16: {
8910		struct scsi_rw_16 *cdb;
8911
8912		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8913		if (cdb->byte2 & SVFY_BYTCHK)
8914			bytchk = 1;
8915		if (cdb->byte2 & SVFY_DPO)
8916			flags |= CTL_LLF_DPO;
8917		lba = scsi_8btou64(cdb->addr);
8918		num_blocks = scsi_4btoul(cdb->length);
8919		break;
8920	}
8921	default:
8922		/*
8923		 * We got a command we don't support.  This shouldn't
8924		 * happen, commands should be filtered out above us.
8925		 */
8926		ctl_set_invalid_opcode(ctsio);
8927		ctl_done((union ctl_io *)ctsio);
8928		return (CTL_RETVAL_COMPLETE);
8929	}
8930
8931	/*
8932	 * The first check is to make sure we're in bounds, the second
8933	 * check is to catch wrap-around problems.  If the lba + num blocks
8934	 * is less than the lba, then we've wrapped around and the block
8935	 * range is invalid anyway.
8936	 */
8937	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8938	 || ((lba + num_blocks) < lba)) {
8939		ctl_set_lba_out_of_range(ctsio);
8940		ctl_done((union ctl_io *)ctsio);
8941		return (CTL_RETVAL_COMPLETE);
8942	}
8943
8944	/*
8945	 * According to SBC-3, a transfer length of 0 is not an error.
8946	 */
8947	if (num_blocks == 0) {
8948		ctl_set_success(ctsio);
8949		ctl_done((union ctl_io *)ctsio);
8950		return (CTL_RETVAL_COMPLETE);
8951	}
8952
8953	lbalen = (struct ctl_lba_len_flags *)
8954	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8955	lbalen->lba = lba;
8956	lbalen->len = num_blocks;
8957	if (bytchk) {
8958		lbalen->flags = CTL_LLF_COMPARE | flags;
8959		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8960	} else {
8961		lbalen->flags = CTL_LLF_VERIFY | flags;
8962		ctsio->kern_total_len = 0;
8963	}
8964	ctsio->kern_rel_offset = 0;
8965
8966	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8967	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8968	return (retval);
8969}
8970
8971int
8972ctl_report_luns(struct ctl_scsiio *ctsio)
8973{
8974	struct ctl_softc *softc;
8975	struct scsi_report_luns *cdb;
8976	struct scsi_report_luns_data *lun_data;
8977	struct ctl_lun *lun, *request_lun;
8978	struct ctl_port *port;
8979	int num_luns, retval;
8980	uint32_t alloc_len, lun_datalen;
8981	int num_filled;
8982	uint32_t initidx, targ_lun_id, lun_id;
8983
8984	retval = CTL_RETVAL_COMPLETE;
8985	cdb = (struct scsi_report_luns *)ctsio->cdb;
8986	port = ctl_io_port(&ctsio->io_hdr);
8987	softc = port->ctl_softc;
8988
8989	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8990
8991	mtx_lock(&softc->ctl_lock);
8992	num_luns = 0;
8993	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8994		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8995			num_luns++;
8996	}
8997	mtx_unlock(&softc->ctl_lock);
8998
8999	switch (cdb->select_report) {
9000	case RPL_REPORT_DEFAULT:
9001	case RPL_REPORT_ALL:
9002	case RPL_REPORT_NONSUBSID:
9003		break;
9004	case RPL_REPORT_WELLKNOWN:
9005	case RPL_REPORT_ADMIN:
9006	case RPL_REPORT_CONGLOM:
9007		num_luns = 0;
9008		break;
9009	default:
9010		ctl_set_invalid_field(ctsio,
9011				      /*sks_valid*/ 1,
9012				      /*command*/ 1,
9013				      /*field*/ 2,
9014				      /*bit_valid*/ 0,
9015				      /*bit*/ 0);
9016		ctl_done((union ctl_io *)ctsio);
9017		return (retval);
9018		break; /* NOTREACHED */
9019	}
9020
9021	alloc_len = scsi_4btoul(cdb->length);
9022	/*
9023	 * The initiator has to allocate at least 16 bytes for this request,
9024	 * so he can at least get the header and the first LUN.  Otherwise
9025	 * we reject the request (per SPC-3 rev 14, section 6.21).
9026	 */
9027	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9028	    sizeof(struct scsi_report_luns_lundata))) {
9029		ctl_set_invalid_field(ctsio,
9030				      /*sks_valid*/ 1,
9031				      /*command*/ 1,
9032				      /*field*/ 6,
9033				      /*bit_valid*/ 0,
9034				      /*bit*/ 0);
9035		ctl_done((union ctl_io *)ctsio);
9036		return (retval);
9037	}
9038
9039	request_lun = (struct ctl_lun *)
9040		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9041
9042	lun_datalen = sizeof(*lun_data) +
9043		(num_luns * sizeof(struct scsi_report_luns_lundata));
9044
9045	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9046	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9047	ctsio->kern_sg_entries = 0;
9048
9049	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9050
9051	mtx_lock(&softc->ctl_lock);
9052	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9053		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9054		if (lun_id >= CTL_MAX_LUNS)
9055			continue;
9056		lun = softc->ctl_luns[lun_id];
9057		if (lun == NULL)
9058			continue;
9059
9060		if (targ_lun_id <= 0xff) {
9061			/*
9062			 * Peripheral addressing method, bus number 0.
9063			 */
9064			lun_data->luns[num_filled].lundata[0] =
9065				RPL_LUNDATA_ATYP_PERIPH;
9066			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9067			num_filled++;
9068		} else if (targ_lun_id <= 0x3fff) {
9069			/*
9070			 * Flat addressing method.
9071			 */
9072			lun_data->luns[num_filled].lundata[0] =
9073				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9074			lun_data->luns[num_filled].lundata[1] =
9075				(targ_lun_id & 0xff);
9076			num_filled++;
9077		} else if (targ_lun_id <= 0xffffff) {
9078			/*
9079			 * Extended flat addressing method.
9080			 */
9081			lun_data->luns[num_filled].lundata[0] =
9082			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9083			scsi_ulto3b(targ_lun_id,
9084			    &lun_data->luns[num_filled].lundata[1]);
9085			num_filled++;
9086		} else {
9087			printf("ctl_report_luns: bogus LUN number %jd, "
9088			       "skipping\n", (intmax_t)targ_lun_id);
9089		}
9090		/*
9091		 * According to SPC-3, rev 14 section 6.21:
9092		 *
9093		 * "The execution of a REPORT LUNS command to any valid and
9094		 * installed logical unit shall clear the REPORTED LUNS DATA
9095		 * HAS CHANGED unit attention condition for all logical
9096		 * units of that target with respect to the requesting
9097		 * initiator. A valid and installed logical unit is one
9098		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9099		 * INQUIRY data (see 6.4.2)."
9100		 *
9101		 * If request_lun is NULL, the LUN this report luns command
9102		 * was issued to is either disabled or doesn't exist. In that
9103		 * case, we shouldn't clear any pending lun change unit
9104		 * attention.
9105		 */
9106		if (request_lun != NULL) {
9107			mtx_lock(&lun->lun_lock);
9108			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9109			mtx_unlock(&lun->lun_lock);
9110		}
9111	}
9112	mtx_unlock(&softc->ctl_lock);
9113
9114	/*
9115	 * It's quite possible that we've returned fewer LUNs than we allocated
9116	 * space for.  Trim it.
9117	 */
9118	lun_datalen = sizeof(*lun_data) +
9119		(num_filled * sizeof(struct scsi_report_luns_lundata));
9120
9121	if (lun_datalen < alloc_len) {
9122		ctsio->residual = alloc_len - lun_datalen;
9123		ctsio->kern_data_len = lun_datalen;
9124		ctsio->kern_total_len = lun_datalen;
9125	} else {
9126		ctsio->residual = 0;
9127		ctsio->kern_data_len = alloc_len;
9128		ctsio->kern_total_len = alloc_len;
9129	}
9130	ctsio->kern_data_resid = 0;
9131	ctsio->kern_rel_offset = 0;
9132	ctsio->kern_sg_entries = 0;
9133
9134	/*
9135	 * We set this to the actual data length, regardless of how much
9136	 * space we actually have to return results.  If the user looks at
9137	 * this value, he'll know whether or not he allocated enough space
9138	 * and reissue the command if necessary.  We don't support well
9139	 * known logical units, so if the user asks for that, return none.
9140	 */
9141	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9142
9143	/*
9144	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9145	 * this request.
9146	 */
9147	ctl_set_success(ctsio);
9148	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9149	ctsio->be_move_done = ctl_config_move_done;
9150	ctl_datamove((union ctl_io *)ctsio);
9151	return (retval);
9152}
9153
9154int
9155ctl_request_sense(struct ctl_scsiio *ctsio)
9156{
9157	struct scsi_request_sense *cdb;
9158	struct scsi_sense_data *sense_ptr;
9159	struct ctl_softc *ctl_softc;
9160	struct ctl_lun *lun;
9161	uint32_t initidx;
9162	int have_error;
9163	scsi_sense_data_type sense_format;
9164	ctl_ua_type ua_type;
9165
9166	cdb = (struct scsi_request_sense *)ctsio->cdb;
9167
9168	ctl_softc = control_softc;
9169	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9170
9171	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9172
9173	/*
9174	 * Determine which sense format the user wants.
9175	 */
9176	if (cdb->byte2 & SRS_DESC)
9177		sense_format = SSD_TYPE_DESC;
9178	else
9179		sense_format = SSD_TYPE_FIXED;
9180
9181	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9182	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9183	ctsio->kern_sg_entries = 0;
9184
9185	/*
9186	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9187	 * larger than the largest allowed value for the length field in the
9188	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9189	 */
9190	ctsio->residual = 0;
9191	ctsio->kern_data_len = cdb->length;
9192	ctsio->kern_total_len = cdb->length;
9193
9194	ctsio->kern_data_resid = 0;
9195	ctsio->kern_rel_offset = 0;
9196	ctsio->kern_sg_entries = 0;
9197
9198	/*
9199	 * If we don't have a LUN, we don't have any pending sense.
9200	 */
9201	if (lun == NULL)
9202		goto no_sense;
9203
9204	have_error = 0;
9205	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9206	/*
9207	 * Check for pending sense, and then for pending unit attentions.
9208	 * Pending sense gets returned first, then pending unit attentions.
9209	 */
9210	mtx_lock(&lun->lun_lock);
9211#ifdef CTL_WITH_CA
9212	if (ctl_is_set(lun->have_ca, initidx)) {
9213		scsi_sense_data_type stored_format;
9214
9215		/*
9216		 * Check to see which sense format was used for the stored
9217		 * sense data.
9218		 */
9219		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9220
9221		/*
9222		 * If the user requested a different sense format than the
9223		 * one we stored, then we need to convert it to the other
9224		 * format.  If we're going from descriptor to fixed format
9225		 * sense data, we may lose things in translation, depending
9226		 * on what options were used.
9227		 *
9228		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9229		 * for some reason we'll just copy it out as-is.
9230		 */
9231		if ((stored_format == SSD_TYPE_FIXED)
9232		 && (sense_format == SSD_TYPE_DESC))
9233			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9234			    &lun->pending_sense[initidx],
9235			    (struct scsi_sense_data_desc *)sense_ptr);
9236		else if ((stored_format == SSD_TYPE_DESC)
9237		      && (sense_format == SSD_TYPE_FIXED))
9238			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9239			    &lun->pending_sense[initidx],
9240			    (struct scsi_sense_data_fixed *)sense_ptr);
9241		else
9242			memcpy(sense_ptr, &lun->pending_sense[initidx],
9243			       MIN(sizeof(*sense_ptr),
9244			       sizeof(lun->pending_sense[initidx])));
9245
9246		ctl_clear_mask(lun->have_ca, initidx);
9247		have_error = 1;
9248	} else
9249#endif
9250	{
9251		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9252		if (ua_type != CTL_UA_NONE)
9253			have_error = 1;
9254		if (ua_type == CTL_UA_LUN_CHANGE) {
9255			mtx_unlock(&lun->lun_lock);
9256			mtx_lock(&ctl_softc->ctl_lock);
9257			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9258			mtx_unlock(&ctl_softc->ctl_lock);
9259			mtx_lock(&lun->lun_lock);
9260		}
9261
9262	}
9263	mtx_unlock(&lun->lun_lock);
9264
9265	/*
9266	 * We already have a pending error, return it.
9267	 */
9268	if (have_error != 0) {
9269		/*
9270		 * We report the SCSI status as OK, since the status of the
9271		 * request sense command itself is OK.
9272		 * We report 0 for the sense length, because we aren't doing
9273		 * autosense in this case.  We're reporting sense as
9274		 * parameter data.
9275		 */
9276		ctl_set_success(ctsio);
9277		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9278		ctsio->be_move_done = ctl_config_move_done;
9279		ctl_datamove((union ctl_io *)ctsio);
9280		return (CTL_RETVAL_COMPLETE);
9281	}
9282
9283no_sense:
9284
9285	/*
9286	 * No sense information to report, so we report that everything is
9287	 * okay.
9288	 */
9289	ctl_set_sense_data(sense_ptr,
9290			   lun,
9291			   sense_format,
9292			   /*current_error*/ 1,
9293			   /*sense_key*/ SSD_KEY_NO_SENSE,
9294			   /*asc*/ 0x00,
9295			   /*ascq*/ 0x00,
9296			   SSD_ELEM_NONE);
9297
9298	/*
9299	 * We report 0 for the sense length, because we aren't doing
9300	 * autosense in this case.  We're reporting sense as parameter data.
9301	 */
9302	ctl_set_success(ctsio);
9303	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9304	ctsio->be_move_done = ctl_config_move_done;
9305	ctl_datamove((union ctl_io *)ctsio);
9306	return (CTL_RETVAL_COMPLETE);
9307}
9308
9309int
9310ctl_tur(struct ctl_scsiio *ctsio)
9311{
9312
9313	CTL_DEBUG_PRINT(("ctl_tur\n"));
9314
9315	ctl_set_success(ctsio);
9316	ctl_done((union ctl_io *)ctsio);
9317
9318	return (CTL_RETVAL_COMPLETE);
9319}
9320
9321/*
9322 * SCSI VPD page 0x00, the Supported VPD Pages page.
9323 */
9324static int
9325ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9326{
9327	struct scsi_vpd_supported_pages *pages;
9328	int sup_page_size;
9329	struct ctl_lun *lun;
9330	int p;
9331
9332	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9333
9334	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9335	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9336	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9337	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9338	ctsio->kern_sg_entries = 0;
9339
9340	if (sup_page_size < alloc_len) {
9341		ctsio->residual = alloc_len - sup_page_size;
9342		ctsio->kern_data_len = sup_page_size;
9343		ctsio->kern_total_len = sup_page_size;
9344	} else {
9345		ctsio->residual = 0;
9346		ctsio->kern_data_len = alloc_len;
9347		ctsio->kern_total_len = alloc_len;
9348	}
9349	ctsio->kern_data_resid = 0;
9350	ctsio->kern_rel_offset = 0;
9351	ctsio->kern_sg_entries = 0;
9352
9353	/*
9354	 * The control device is always connected.  The disk device, on the
9355	 * other hand, may not be online all the time.  Need to change this
9356	 * to figure out whether the disk device is actually online or not.
9357	 */
9358	if (lun != NULL)
9359		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9360				lun->be_lun->lun_type;
9361	else
9362		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9363
9364	p = 0;
9365	/* Supported VPD pages */
9366	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9367	/* Serial Number */
9368	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9369	/* Device Identification */
9370	pages->page_list[p++] = SVPD_DEVICE_ID;
9371	/* Extended INQUIRY Data */
9372	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9373	/* Mode Page Policy */
9374	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9375	/* SCSI Ports */
9376	pages->page_list[p++] = SVPD_SCSI_PORTS;
9377	/* Third-party Copy */
9378	pages->page_list[p++] = SVPD_SCSI_TPC;
9379	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9380		/* Block limits */
9381		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9382		/* Block Device Characteristics */
9383		pages->page_list[p++] = SVPD_BDC;
9384		/* Logical Block Provisioning */
9385		pages->page_list[p++] = SVPD_LBP;
9386	}
9387	pages->length = p;
9388
9389	ctl_set_success(ctsio);
9390	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9391	ctsio->be_move_done = ctl_config_move_done;
9392	ctl_datamove((union ctl_io *)ctsio);
9393	return (CTL_RETVAL_COMPLETE);
9394}
9395
9396/*
9397 * SCSI VPD page 0x80, the Unit Serial Number page.
9398 */
9399static int
9400ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9401{
9402	struct scsi_vpd_unit_serial_number *sn_ptr;
9403	struct ctl_lun *lun;
9404	int data_len;
9405
9406	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9407
9408	data_len = 4 + CTL_SN_LEN;
9409	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9410	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9411	if (data_len < alloc_len) {
9412		ctsio->residual = alloc_len - data_len;
9413		ctsio->kern_data_len = data_len;
9414		ctsio->kern_total_len = data_len;
9415	} else {
9416		ctsio->residual = 0;
9417		ctsio->kern_data_len = alloc_len;
9418		ctsio->kern_total_len = alloc_len;
9419	}
9420	ctsio->kern_data_resid = 0;
9421	ctsio->kern_rel_offset = 0;
9422	ctsio->kern_sg_entries = 0;
9423
9424	/*
9425	 * The control device is always connected.  The disk device, on the
9426	 * other hand, may not be online all the time.  Need to change this
9427	 * to figure out whether the disk device is actually online or not.
9428	 */
9429	if (lun != NULL)
9430		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9431				  lun->be_lun->lun_type;
9432	else
9433		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9434
9435	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9436	sn_ptr->length = CTL_SN_LEN;
9437	/*
9438	 * If we don't have a LUN, we just leave the serial number as
9439	 * all spaces.
9440	 */
9441	if (lun != NULL) {
9442		strncpy((char *)sn_ptr->serial_num,
9443			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9444	} else
9445		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9446
9447	ctl_set_success(ctsio);
9448	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9449	ctsio->be_move_done = ctl_config_move_done;
9450	ctl_datamove((union ctl_io *)ctsio);
9451	return (CTL_RETVAL_COMPLETE);
9452}
9453
9454
9455/*
9456 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9457 */
9458static int
9459ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9460{
9461	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9462	struct ctl_lun *lun;
9463	int data_len;
9464
9465	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9466
9467	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9468	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9469	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9470	ctsio->kern_sg_entries = 0;
9471
9472	if (data_len < alloc_len) {
9473		ctsio->residual = alloc_len - data_len;
9474		ctsio->kern_data_len = data_len;
9475		ctsio->kern_total_len = data_len;
9476	} else {
9477		ctsio->residual = 0;
9478		ctsio->kern_data_len = alloc_len;
9479		ctsio->kern_total_len = alloc_len;
9480	}
9481	ctsio->kern_data_resid = 0;
9482	ctsio->kern_rel_offset = 0;
9483	ctsio->kern_sg_entries = 0;
9484
9485	/*
9486	 * The control device is always connected.  The disk device, on the
9487	 * other hand, may not be online all the time.
9488	 */
9489	if (lun != NULL)
9490		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9491				     lun->be_lun->lun_type;
9492	else
9493		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9494	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9495	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9496	/*
9497	 * We support head of queue, ordered and simple tags.
9498	 */
9499	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9500	/*
9501	 * Volatile cache supported.
9502	 */
9503	eid_ptr->flags3 = SVPD_EID_V_SUP;
9504
9505	/*
9506	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9507	 * attention for a particular IT nexus on all LUNs once we report
9508	 * it to that nexus once.  This bit is required as of SPC-4.
9509	 */
9510	eid_ptr->flags4 = SVPD_EID_LUICLT;
9511
9512	/*
9513	 * XXX KDM in order to correctly answer this, we would need
9514	 * information from the SIM to determine how much sense data it
9515	 * can send.  So this would really be a path inquiry field, most
9516	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9517	 * but the hardware may or may not be able to support that much.
9518	 * 0 just means that the maximum sense data length is not reported.
9519	 */
9520	eid_ptr->max_sense_length = 0;
9521
9522	ctl_set_success(ctsio);
9523	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9524	ctsio->be_move_done = ctl_config_move_done;
9525	ctl_datamove((union ctl_io *)ctsio);
9526	return (CTL_RETVAL_COMPLETE);
9527}
9528
9529static int
9530ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9531{
9532	struct scsi_vpd_mode_page_policy *mpp_ptr;
9533	struct ctl_lun *lun;
9534	int data_len;
9535
9536	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9537
9538	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9539	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9540
9541	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9542	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9543	ctsio->kern_sg_entries = 0;
9544
9545	if (data_len < alloc_len) {
9546		ctsio->residual = alloc_len - data_len;
9547		ctsio->kern_data_len = data_len;
9548		ctsio->kern_total_len = data_len;
9549	} else {
9550		ctsio->residual = 0;
9551		ctsio->kern_data_len = alloc_len;
9552		ctsio->kern_total_len = alloc_len;
9553	}
9554	ctsio->kern_data_resid = 0;
9555	ctsio->kern_rel_offset = 0;
9556	ctsio->kern_sg_entries = 0;
9557
9558	/*
9559	 * The control device is always connected.  The disk device, on the
9560	 * other hand, may not be online all the time.
9561	 */
9562	if (lun != NULL)
9563		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9564				     lun->be_lun->lun_type;
9565	else
9566		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9567	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9568	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9569	mpp_ptr->descr[0].page_code = 0x3f;
9570	mpp_ptr->descr[0].subpage_code = 0xff;
9571	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9572
9573	ctl_set_success(ctsio);
9574	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9575	ctsio->be_move_done = ctl_config_move_done;
9576	ctl_datamove((union ctl_io *)ctsio);
9577	return (CTL_RETVAL_COMPLETE);
9578}
9579
9580/*
9581 * SCSI VPD page 0x83, the Device Identification page.
9582 */
9583static int
9584ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9585{
9586	struct scsi_vpd_device_id *devid_ptr;
9587	struct scsi_vpd_id_descriptor *desc;
9588	struct ctl_softc *softc;
9589	struct ctl_lun *lun;
9590	struct ctl_port *port;
9591	int data_len;
9592	uint8_t proto;
9593
9594	softc = control_softc;
9595
9596	port = ctl_io_port(&ctsio->io_hdr);
9597	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9598
9599	data_len = sizeof(struct scsi_vpd_device_id) +
9600	    sizeof(struct scsi_vpd_id_descriptor) +
9601		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9602	    sizeof(struct scsi_vpd_id_descriptor) +
9603		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9604	if (lun && lun->lun_devid)
9605		data_len += lun->lun_devid->len;
9606	if (port && port->port_devid)
9607		data_len += port->port_devid->len;
9608	if (port && port->target_devid)
9609		data_len += port->target_devid->len;
9610
9611	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9612	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9613	ctsio->kern_sg_entries = 0;
9614
9615	if (data_len < alloc_len) {
9616		ctsio->residual = alloc_len - data_len;
9617		ctsio->kern_data_len = data_len;
9618		ctsio->kern_total_len = data_len;
9619	} else {
9620		ctsio->residual = 0;
9621		ctsio->kern_data_len = alloc_len;
9622		ctsio->kern_total_len = alloc_len;
9623	}
9624	ctsio->kern_data_resid = 0;
9625	ctsio->kern_rel_offset = 0;
9626	ctsio->kern_sg_entries = 0;
9627
9628	/*
9629	 * The control device is always connected.  The disk device, on the
9630	 * other hand, may not be online all the time.
9631	 */
9632	if (lun != NULL)
9633		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9634				     lun->be_lun->lun_type;
9635	else
9636		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9637	devid_ptr->page_code = SVPD_DEVICE_ID;
9638	scsi_ulto2b(data_len - 4, devid_ptr->length);
9639
9640	if (port && port->port_type == CTL_PORT_FC)
9641		proto = SCSI_PROTO_FC << 4;
9642	else if (port && port->port_type == CTL_PORT_ISCSI)
9643		proto = SCSI_PROTO_ISCSI << 4;
9644	else
9645		proto = SCSI_PROTO_SPI << 4;
9646	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9647
9648	/*
9649	 * We're using a LUN association here.  i.e., this device ID is a
9650	 * per-LUN identifier.
9651	 */
9652	if (lun && lun->lun_devid) {
9653		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9654		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9655		    lun->lun_devid->len);
9656	}
9657
9658	/*
9659	 * This is for the WWPN which is a port association.
9660	 */
9661	if (port && port->port_devid) {
9662		memcpy(desc, port->port_devid->data, port->port_devid->len);
9663		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9664		    port->port_devid->len);
9665	}
9666
9667	/*
9668	 * This is for the Relative Target Port(type 4h) identifier
9669	 */
9670	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9671	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9672	    SVPD_ID_TYPE_RELTARG;
9673	desc->length = 4;
9674	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9675	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9676	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9677
9678	/*
9679	 * This is for the Target Port Group(type 5h) identifier
9680	 */
9681	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9682	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9683	    SVPD_ID_TYPE_TPORTGRP;
9684	desc->length = 4;
9685	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9686	    &desc->identifier[2]);
9687	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9688	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9689
9690	/*
9691	 * This is for the Target identifier
9692	 */
9693	if (port && port->target_devid) {
9694		memcpy(desc, port->target_devid->data, port->target_devid->len);
9695	}
9696
9697	ctl_set_success(ctsio);
9698	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9699	ctsio->be_move_done = ctl_config_move_done;
9700	ctl_datamove((union ctl_io *)ctsio);
9701	return (CTL_RETVAL_COMPLETE);
9702}
9703
9704static int
9705ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9706{
9707	struct ctl_softc *softc = control_softc;
9708	struct scsi_vpd_scsi_ports *sp;
9709	struct scsi_vpd_port_designation *pd;
9710	struct scsi_vpd_port_designation_cont *pdc;
9711	struct ctl_lun *lun;
9712	struct ctl_port *port;
9713	int data_len, num_target_ports, iid_len, id_len;
9714
9715	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9716
9717	num_target_ports = 0;
9718	iid_len = 0;
9719	id_len = 0;
9720	mtx_lock(&softc->ctl_lock);
9721	STAILQ_FOREACH(port, &softc->port_list, links) {
9722		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9723			continue;
9724		if (lun != NULL &&
9725		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9726			continue;
9727		num_target_ports++;
9728		if (port->init_devid)
9729			iid_len += port->init_devid->len;
9730		if (port->port_devid)
9731			id_len += port->port_devid->len;
9732	}
9733	mtx_unlock(&softc->ctl_lock);
9734
9735	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9736	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9737	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9738	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9739	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9740	ctsio->kern_sg_entries = 0;
9741
9742	if (data_len < alloc_len) {
9743		ctsio->residual = alloc_len - data_len;
9744		ctsio->kern_data_len = data_len;
9745		ctsio->kern_total_len = data_len;
9746	} else {
9747		ctsio->residual = 0;
9748		ctsio->kern_data_len = alloc_len;
9749		ctsio->kern_total_len = alloc_len;
9750	}
9751	ctsio->kern_data_resid = 0;
9752	ctsio->kern_rel_offset = 0;
9753	ctsio->kern_sg_entries = 0;
9754
9755	/*
9756	 * The control device is always connected.  The disk device, on the
9757	 * other hand, may not be online all the time.  Need to change this
9758	 * to figure out whether the disk device is actually online or not.
9759	 */
9760	if (lun != NULL)
9761		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9762				  lun->be_lun->lun_type;
9763	else
9764		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9765
9766	sp->page_code = SVPD_SCSI_PORTS;
9767	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9768	    sp->page_length);
9769	pd = &sp->design[0];
9770
9771	mtx_lock(&softc->ctl_lock);
9772	STAILQ_FOREACH(port, &softc->port_list, links) {
9773		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9774			continue;
9775		if (lun != NULL &&
9776		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9777			continue;
9778		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9779		if (port->init_devid) {
9780			iid_len = port->init_devid->len;
9781			memcpy(pd->initiator_transportid,
9782			    port->init_devid->data, port->init_devid->len);
9783		} else
9784			iid_len = 0;
9785		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9786		pdc = (struct scsi_vpd_port_designation_cont *)
9787		    (&pd->initiator_transportid[iid_len]);
9788		if (port->port_devid) {
9789			id_len = port->port_devid->len;
9790			memcpy(pdc->target_port_descriptors,
9791			    port->port_devid->data, port->port_devid->len);
9792		} else
9793			id_len = 0;
9794		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9795		pd = (struct scsi_vpd_port_designation *)
9796		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9797	}
9798	mtx_unlock(&softc->ctl_lock);
9799
9800	ctl_set_success(ctsio);
9801	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9802	ctsio->be_move_done = ctl_config_move_done;
9803	ctl_datamove((union ctl_io *)ctsio);
9804	return (CTL_RETVAL_COMPLETE);
9805}
9806
9807static int
9808ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9809{
9810	struct scsi_vpd_block_limits *bl_ptr;
9811	struct ctl_lun *lun;
9812
9813	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9814
9815	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9816	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9817	ctsio->kern_sg_entries = 0;
9818
9819	if (sizeof(*bl_ptr) < alloc_len) {
9820		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9821		ctsio->kern_data_len = sizeof(*bl_ptr);
9822		ctsio->kern_total_len = sizeof(*bl_ptr);
9823	} else {
9824		ctsio->residual = 0;
9825		ctsio->kern_data_len = alloc_len;
9826		ctsio->kern_total_len = alloc_len;
9827	}
9828	ctsio->kern_data_resid = 0;
9829	ctsio->kern_rel_offset = 0;
9830	ctsio->kern_sg_entries = 0;
9831
9832	/*
9833	 * The control device is always connected.  The disk device, on the
9834	 * other hand, may not be online all the time.  Need to change this
9835	 * to figure out whether the disk device is actually online or not.
9836	 */
9837	if (lun != NULL)
9838		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9839				  lun->be_lun->lun_type;
9840	else
9841		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9842
9843	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9844	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9845	bl_ptr->max_cmp_write_len = 0xff;
9846	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9847	if (lun != NULL) {
9848		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9849		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9850			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9851			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9852			if (lun->be_lun->ublockexp != 0) {
9853				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9854				    bl_ptr->opt_unmap_grain);
9855				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9856				    bl_ptr->unmap_grain_align);
9857			}
9858		}
9859		scsi_ulto4b(lun->be_lun->atomicblock,
9860		    bl_ptr->max_atomic_transfer_length);
9861		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9862		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9863		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9864		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9865	}
9866	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9867
9868	ctl_set_success(ctsio);
9869	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9870	ctsio->be_move_done = ctl_config_move_done;
9871	ctl_datamove((union ctl_io *)ctsio);
9872	return (CTL_RETVAL_COMPLETE);
9873}
9874
9875static int
9876ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9877{
9878	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9879	struct ctl_lun *lun;
9880	const char *value;
9881	u_int i;
9882
9883	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9884
9885	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9886	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9887	ctsio->kern_sg_entries = 0;
9888
9889	if (sizeof(*bdc_ptr) < alloc_len) {
9890		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9891		ctsio->kern_data_len = sizeof(*bdc_ptr);
9892		ctsio->kern_total_len = sizeof(*bdc_ptr);
9893	} else {
9894		ctsio->residual = 0;
9895		ctsio->kern_data_len = alloc_len;
9896		ctsio->kern_total_len = alloc_len;
9897	}
9898	ctsio->kern_data_resid = 0;
9899	ctsio->kern_rel_offset = 0;
9900	ctsio->kern_sg_entries = 0;
9901
9902	/*
9903	 * The control device is always connected.  The disk device, on the
9904	 * other hand, may not be online all the time.  Need to change this
9905	 * to figure out whether the disk device is actually online or not.
9906	 */
9907	if (lun != NULL)
9908		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9909				  lun->be_lun->lun_type;
9910	else
9911		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9912	bdc_ptr->page_code = SVPD_BDC;
9913	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9914	if (lun != NULL &&
9915	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9916		i = strtol(value, NULL, 0);
9917	else
9918		i = CTL_DEFAULT_ROTATION_RATE;
9919	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9920	if (lun != NULL &&
9921	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9922		i = strtol(value, NULL, 0);
9923	else
9924		i = 0;
9925	bdc_ptr->wab_wac_ff = (i & 0x0f);
9926	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9927
9928	ctl_set_success(ctsio);
9929	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9930	ctsio->be_move_done = ctl_config_move_done;
9931	ctl_datamove((union ctl_io *)ctsio);
9932	return (CTL_RETVAL_COMPLETE);
9933}
9934
9935static int
9936ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9937{
9938	struct scsi_vpd_logical_block_prov *lbp_ptr;
9939	struct ctl_lun *lun;
9940
9941	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9942
9943	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9944	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9945	ctsio->kern_sg_entries = 0;
9946
9947	if (sizeof(*lbp_ptr) < alloc_len) {
9948		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9949		ctsio->kern_data_len = sizeof(*lbp_ptr);
9950		ctsio->kern_total_len = sizeof(*lbp_ptr);
9951	} else {
9952		ctsio->residual = 0;
9953		ctsio->kern_data_len = alloc_len;
9954		ctsio->kern_total_len = alloc_len;
9955	}
9956	ctsio->kern_data_resid = 0;
9957	ctsio->kern_rel_offset = 0;
9958	ctsio->kern_sg_entries = 0;
9959
9960	/*
9961	 * The control device is always connected.  The disk device, on the
9962	 * other hand, may not be online all the time.  Need to change this
9963	 * to figure out whether the disk device is actually online or not.
9964	 */
9965	if (lun != NULL)
9966		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9967				  lun->be_lun->lun_type;
9968	else
9969		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9970
9971	lbp_ptr->page_code = SVPD_LBP;
9972	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9973	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9974	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9975		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9976		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9977		lbp_ptr->prov_type = SVPD_LBP_THIN;
9978	}
9979
9980	ctl_set_success(ctsio);
9981	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9982	ctsio->be_move_done = ctl_config_move_done;
9983	ctl_datamove((union ctl_io *)ctsio);
9984	return (CTL_RETVAL_COMPLETE);
9985}
9986
9987/*
9988 * INQUIRY with the EVPD bit set.
9989 */
9990static int
9991ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9992{
9993	struct ctl_lun *lun;
9994	struct scsi_inquiry *cdb;
9995	int alloc_len, retval;
9996
9997	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9998	cdb = (struct scsi_inquiry *)ctsio->cdb;
9999	alloc_len = scsi_2btoul(cdb->length);
10000
10001	switch (cdb->page_code) {
10002	case SVPD_SUPPORTED_PAGES:
10003		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10004		break;
10005	case SVPD_UNIT_SERIAL_NUMBER:
10006		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10007		break;
10008	case SVPD_DEVICE_ID:
10009		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10010		break;
10011	case SVPD_EXTENDED_INQUIRY_DATA:
10012		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10013		break;
10014	case SVPD_MODE_PAGE_POLICY:
10015		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10016		break;
10017	case SVPD_SCSI_PORTS:
10018		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10019		break;
10020	case SVPD_SCSI_TPC:
10021		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10022		break;
10023	case SVPD_BLOCK_LIMITS:
10024		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10025			goto err;
10026		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10027		break;
10028	case SVPD_BDC:
10029		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10030			goto err;
10031		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10032		break;
10033	case SVPD_LBP:
10034		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10035			goto err;
10036		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10037		break;
10038	default:
10039err:
10040		ctl_set_invalid_field(ctsio,
10041				      /*sks_valid*/ 1,
10042				      /*command*/ 1,
10043				      /*field*/ 2,
10044				      /*bit_valid*/ 0,
10045				      /*bit*/ 0);
10046		ctl_done((union ctl_io *)ctsio);
10047		retval = CTL_RETVAL_COMPLETE;
10048		break;
10049	}
10050
10051	return (retval);
10052}
10053
10054/*
10055 * Standard INQUIRY data.
10056 */
10057static int
10058ctl_inquiry_std(struct ctl_scsiio *ctsio)
10059{
10060	struct scsi_inquiry_data *inq_ptr;
10061	struct scsi_inquiry *cdb;
10062	struct ctl_softc *softc = control_softc;
10063	struct ctl_port *port;
10064	struct ctl_lun *lun;
10065	char *val;
10066	uint32_t alloc_len, data_len;
10067	ctl_port_type port_type;
10068
10069	port = ctl_io_port(&ctsio->io_hdr);
10070	port_type = port->port_type;
10071	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10072		port_type = CTL_PORT_SCSI;
10073
10074	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10075	cdb = (struct scsi_inquiry *)ctsio->cdb;
10076	alloc_len = scsi_2btoul(cdb->length);
10077
10078	/*
10079	 * We malloc the full inquiry data size here and fill it
10080	 * in.  If the user only asks for less, we'll give him
10081	 * that much.
10082	 */
10083	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10084	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10085	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10086	ctsio->kern_sg_entries = 0;
10087	ctsio->kern_data_resid = 0;
10088	ctsio->kern_rel_offset = 0;
10089
10090	if (data_len < alloc_len) {
10091		ctsio->residual = alloc_len - data_len;
10092		ctsio->kern_data_len = data_len;
10093		ctsio->kern_total_len = data_len;
10094	} else {
10095		ctsio->residual = 0;
10096		ctsio->kern_data_len = alloc_len;
10097		ctsio->kern_total_len = alloc_len;
10098	}
10099
10100	if (lun != NULL) {
10101		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10102		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10103			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10104			    lun->be_lun->lun_type;
10105		} else {
10106			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10107			    lun->be_lun->lun_type;
10108		}
10109		if (lun->flags & CTL_LUN_REMOVABLE)
10110			inq_ptr->dev_qual2 |= SID_RMB;
10111	} else
10112		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10113
10114	/* RMB in byte 2 is 0 */
10115	inq_ptr->version = SCSI_REV_SPC4;
10116
10117	/*
10118	 * According to SAM-3, even if a device only supports a single
10119	 * level of LUN addressing, it should still set the HISUP bit:
10120	 *
10121	 * 4.9.1 Logical unit numbers overview
10122	 *
10123	 * All logical unit number formats described in this standard are
10124	 * hierarchical in structure even when only a single level in that
10125	 * hierarchy is used. The HISUP bit shall be set to one in the
10126	 * standard INQUIRY data (see SPC-2) when any logical unit number
10127	 * format described in this standard is used.  Non-hierarchical
10128	 * formats are outside the scope of this standard.
10129	 *
10130	 * Therefore we set the HiSup bit here.
10131	 *
10132	 * The reponse format is 2, per SPC-3.
10133	 */
10134	inq_ptr->response_format = SID_HiSup | 2;
10135
10136	inq_ptr->additional_length = data_len -
10137	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10138	CTL_DEBUG_PRINT(("additional_length = %d\n",
10139			 inq_ptr->additional_length));
10140
10141	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10142	if (port_type == CTL_PORT_SCSI)
10143		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10144	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10145	inq_ptr->flags = SID_CmdQue;
10146	if (port_type == CTL_PORT_SCSI)
10147		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10148
10149	/*
10150	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10151	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10152	 * name and 4 bytes for the revision.
10153	 */
10154	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10155	    "vendor")) == NULL) {
10156		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10157	} else {
10158		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10159		strncpy(inq_ptr->vendor, val,
10160		    min(sizeof(inq_ptr->vendor), strlen(val)));
10161	}
10162	if (lun == NULL) {
10163		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10164		    sizeof(inq_ptr->product));
10165	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10166		switch (lun->be_lun->lun_type) {
10167		case T_DIRECT:
10168			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10169			    sizeof(inq_ptr->product));
10170			break;
10171		case T_PROCESSOR:
10172			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10173			    sizeof(inq_ptr->product));
10174			break;
10175		case T_CDROM:
10176			strncpy(inq_ptr->product, CTL_CDROM_PRODUCT,
10177			    sizeof(inq_ptr->product));
10178			break;
10179		default:
10180			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10181			    sizeof(inq_ptr->product));
10182			break;
10183		}
10184	} else {
10185		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10186		strncpy(inq_ptr->product, val,
10187		    min(sizeof(inq_ptr->product), strlen(val)));
10188	}
10189
10190	/*
10191	 * XXX make this a macro somewhere so it automatically gets
10192	 * incremented when we make changes.
10193	 */
10194	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10195	    "revision")) == NULL) {
10196		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10197	} else {
10198		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10199		strncpy(inq_ptr->revision, val,
10200		    min(sizeof(inq_ptr->revision), strlen(val)));
10201	}
10202
10203	/*
10204	 * For parallel SCSI, we support double transition and single
10205	 * transition clocking.  We also support QAS (Quick Arbitration
10206	 * and Selection) and Information Unit transfers on both the
10207	 * control and array devices.
10208	 */
10209	if (port_type == CTL_PORT_SCSI)
10210		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10211				    SID_SPI_IUS;
10212
10213	/* SAM-5 (no version claimed) */
10214	scsi_ulto2b(0x00A0, inq_ptr->version1);
10215	/* SPC-4 (no version claimed) */
10216	scsi_ulto2b(0x0460, inq_ptr->version2);
10217	if (port_type == CTL_PORT_FC) {
10218		/* FCP-2 ANSI INCITS.350:2003 */
10219		scsi_ulto2b(0x0917, inq_ptr->version3);
10220	} else if (port_type == CTL_PORT_SCSI) {
10221		/* SPI-4 ANSI INCITS.362:200x */
10222		scsi_ulto2b(0x0B56, inq_ptr->version3);
10223	} else if (port_type == CTL_PORT_ISCSI) {
10224		/* iSCSI (no version claimed) */
10225		scsi_ulto2b(0x0960, inq_ptr->version3);
10226	} else if (port_type == CTL_PORT_SAS) {
10227		/* SAS (no version claimed) */
10228		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10229	}
10230
10231	if (lun == NULL) {
10232		/* SBC-4 (no version claimed) */
10233		scsi_ulto2b(0x0600, inq_ptr->version4);
10234	} else {
10235		switch (lun->be_lun->lun_type) {
10236		case T_DIRECT:
10237			/* SBC-4 (no version claimed) */
10238			scsi_ulto2b(0x0600, inq_ptr->version4);
10239			break;
10240		case T_PROCESSOR:
10241			break;
10242		case T_CDROM:
10243			/* MMC-6 (no version claimed) */
10244			scsi_ulto2b(0x04E0, inq_ptr->version4);
10245			break;
10246		default:
10247			break;
10248		}
10249	}
10250
10251	ctl_set_success(ctsio);
10252	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10253	ctsio->be_move_done = ctl_config_move_done;
10254	ctl_datamove((union ctl_io *)ctsio);
10255	return (CTL_RETVAL_COMPLETE);
10256}
10257
10258int
10259ctl_inquiry(struct ctl_scsiio *ctsio)
10260{
10261	struct scsi_inquiry *cdb;
10262	int retval;
10263
10264	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10265
10266	cdb = (struct scsi_inquiry *)ctsio->cdb;
10267	if (cdb->byte2 & SI_EVPD)
10268		retval = ctl_inquiry_evpd(ctsio);
10269	else if (cdb->page_code == 0)
10270		retval = ctl_inquiry_std(ctsio);
10271	else {
10272		ctl_set_invalid_field(ctsio,
10273				      /*sks_valid*/ 1,
10274				      /*command*/ 1,
10275				      /*field*/ 2,
10276				      /*bit_valid*/ 0,
10277				      /*bit*/ 0);
10278		ctl_done((union ctl_io *)ctsio);
10279		return (CTL_RETVAL_COMPLETE);
10280	}
10281
10282	return (retval);
10283}
10284
10285int
10286ctl_get_config(struct ctl_scsiio *ctsio)
10287{
10288	struct scsi_get_config_header *hdr;
10289	struct scsi_get_config_feature *feature;
10290	struct scsi_get_config *cdb;
10291	struct ctl_lun *lun;
10292	uint32_t alloc_len, data_len;
10293	int rt, starting;
10294
10295	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10296	cdb = (struct scsi_get_config *)ctsio->cdb;
10297	rt = (cdb->rt & SGC_RT_MASK);
10298	starting = scsi_2btoul(cdb->starting_feature);
10299	alloc_len = scsi_2btoul(cdb->length);
10300
10301	data_len = sizeof(struct scsi_get_config_header) +
10302	    sizeof(struct scsi_get_config_feature) + 8 +
10303	    sizeof(struct scsi_get_config_feature) + 8 +
10304	    sizeof(struct scsi_get_config_feature) + 4 +
10305	    sizeof(struct scsi_get_config_feature) + 4 +
10306	    sizeof(struct scsi_get_config_feature) + 8 +
10307	    sizeof(struct scsi_get_config_feature) +
10308	    sizeof(struct scsi_get_config_feature) + 4 +
10309	    sizeof(struct scsi_get_config_feature) + 4;
10310	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10311	ctsio->kern_sg_entries = 0;
10312	ctsio->kern_data_resid = 0;
10313	ctsio->kern_rel_offset = 0;
10314
10315	hdr = (struct scsi_get_config_header *)ctsio->kern_data_ptr;
10316	if (lun->flags & CTL_LUN_OFFLINE)
10317		scsi_ulto2b(0x0000, hdr->current_profile);
10318	else
10319		scsi_ulto2b(0x0010, hdr->current_profile);
10320	feature = (struct scsi_get_config_feature *)(hdr + 1);
10321
10322	if (starting > 0x001f)
10323		goto done;
10324	if (starting > 0x001e)
10325		goto f1f;
10326	if (starting > 0x001d)
10327		goto f1e;
10328	if (starting > 0x0010)
10329		goto f1d;
10330	if (starting > 0x0003)
10331		goto f10;
10332	if (starting > 0x0002)
10333		goto f3;
10334	if (starting > 0x0001)
10335		goto f2;
10336	if (starting > 0x0000)
10337		goto f1;
10338
10339	/* Profile List */
10340	scsi_ulto2b(0x0000, feature->feature_code);
10341	feature->flags = SGC_F_PERSISTENT | SGC_F_CURRENT;
10342	feature->add_length = 8;
10343	scsi_ulto2b(0x0008, &feature->feature_data[0]);	/* CD-ROM */
10344	feature->feature_data[2] = 0x00;
10345	scsi_ulto2b(0x0010, &feature->feature_data[4]);	/* DVD-ROM */
10346	feature->feature_data[6] = 0x01;
10347	feature = (struct scsi_get_config_feature *)
10348	    &feature->feature_data[feature->add_length];
10349
10350f1:	/* Core */
10351	scsi_ulto2b(0x0001, feature->feature_code);
10352	feature->flags = 0x08 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10353	feature->add_length = 8;
10354	scsi_ulto4b(0x00000000, &feature->feature_data[0]);
10355	feature->feature_data[4] = 0x03;
10356	feature = (struct scsi_get_config_feature *)
10357	    &feature->feature_data[feature->add_length];
10358
10359f2:	/* Morphing */
10360	scsi_ulto2b(0x0002, feature->feature_code);
10361	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10362	feature->add_length = 4;
10363	feature->feature_data[0] = 0x02;
10364	feature = (struct scsi_get_config_feature *)
10365	    &feature->feature_data[feature->add_length];
10366
10367f3:	/* Removable Medium */
10368	scsi_ulto2b(0x0003, feature->feature_code);
10369	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10370	feature->add_length = 4;
10371	feature->feature_data[0] = 0x39;
10372	feature = (struct scsi_get_config_feature *)
10373	    &feature->feature_data[feature->add_length];
10374
10375	if (rt == SGC_RT_CURRENT && (lun->flags & CTL_LUN_OFFLINE))
10376		goto done;
10377
10378f10:	/* Random Read */
10379	scsi_ulto2b(0x0010, feature->feature_code);
10380	feature->flags = 0x00;
10381	if ((lun->flags & CTL_LUN_OFFLINE) == 0)
10382		feature->flags |= SGC_F_CURRENT;
10383	feature->add_length = 8;
10384	scsi_ulto4b(lun->be_lun->blocksize, &feature->feature_data[0]);
10385	scsi_ulto2b(1, &feature->feature_data[4]);
10386	feature->feature_data[6] = 0x00;
10387	feature = (struct scsi_get_config_feature *)
10388	    &feature->feature_data[feature->add_length];
10389
10390f1d:	/* Multi-Read */
10391	scsi_ulto2b(0x001D, feature->feature_code);
10392	feature->flags = 0x00;
10393	if ((lun->flags & CTL_LUN_OFFLINE) == 0)
10394		feature->flags |= SGC_F_CURRENT;
10395	feature->add_length = 0;
10396	feature = (struct scsi_get_config_feature *)
10397	    &feature->feature_data[feature->add_length];
10398
10399f1e:	/* CD Read */
10400	scsi_ulto2b(0x001E, feature->feature_code);
10401	feature->flags = 0x00;
10402	if ((lun->flags & CTL_LUN_OFFLINE) == 0)
10403		feature->flags |= SGC_F_CURRENT;
10404	feature->add_length = 4;
10405	feature->feature_data[0] = 0x00;
10406	feature = (struct scsi_get_config_feature *)
10407	    &feature->feature_data[feature->add_length];
10408
10409f1f:	/* DVD Read */
10410	scsi_ulto2b(0x001F, feature->feature_code);
10411	feature->flags = 0x08;
10412	if ((lun->flags & CTL_LUN_OFFLINE) == 0)
10413		feature->flags |= SGC_F_CURRENT;
10414	feature->add_length = 4;
10415	feature->feature_data[0] = 0x01;
10416	feature->feature_data[2] = 0x03;
10417	feature = (struct scsi_get_config_feature *)
10418	    &feature->feature_data[feature->add_length];
10419
10420done:
10421	data_len = (uint8_t *)feature - (uint8_t *)hdr;
10422	if (rt == SGC_RT_SPECIFIC && data_len > 4) {
10423		feature = (struct scsi_get_config_feature *)(hdr + 1);
10424		if (scsi_2btoul(feature->feature_code) == starting)
10425			feature = (struct scsi_get_config_feature *)
10426			    &feature->feature_data[feature->add_length];
10427		data_len = (uint8_t *)feature - (uint8_t *)hdr;
10428	}
10429	scsi_ulto4b(data_len - 4, hdr->data_length);
10430	if (data_len < alloc_len) {
10431		ctsio->residual = alloc_len - data_len;
10432		ctsio->kern_data_len = data_len;
10433		ctsio->kern_total_len = data_len;
10434	} else {
10435		ctsio->residual = 0;
10436		ctsio->kern_data_len = alloc_len;
10437		ctsio->kern_total_len = alloc_len;
10438	}
10439
10440	ctl_set_success(ctsio);
10441	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10442	ctsio->be_move_done = ctl_config_move_done;
10443	ctl_datamove((union ctl_io *)ctsio);
10444	return (CTL_RETVAL_COMPLETE);
10445}
10446
10447int
10448ctl_get_event_status(struct ctl_scsiio *ctsio)
10449{
10450	struct scsi_get_event_status_header *hdr;
10451	struct scsi_get_event_status *cdb;
10452	struct ctl_lun *lun;
10453	uint32_t alloc_len, data_len;
10454	int notif_class;
10455
10456	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10457	cdb = (struct scsi_get_event_status *)ctsio->cdb;
10458	if ((cdb->byte2 & SGESN_POLLED) == 0) {
10459		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
10460		    /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
10461		ctl_done((union ctl_io *)ctsio);
10462		return (CTL_RETVAL_COMPLETE);
10463	}
10464	notif_class = cdb->notif_class;
10465	alloc_len = scsi_2btoul(cdb->length);
10466
10467	data_len = sizeof(struct scsi_get_event_status_header);
10468	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10469	ctsio->kern_sg_entries = 0;
10470	ctsio->kern_data_resid = 0;
10471	ctsio->kern_rel_offset = 0;
10472
10473	if (data_len < alloc_len) {
10474		ctsio->residual = alloc_len - data_len;
10475		ctsio->kern_data_len = data_len;
10476		ctsio->kern_total_len = data_len;
10477	} else {
10478		ctsio->residual = 0;
10479		ctsio->kern_data_len = alloc_len;
10480		ctsio->kern_total_len = alloc_len;
10481	}
10482
10483	hdr = (struct scsi_get_event_status_header *)ctsio->kern_data_ptr;
10484	scsi_ulto2b(0, hdr->descr_length);
10485	hdr->nea_class = SGESN_NEA;
10486	hdr->supported_class = 0;
10487
10488	ctl_set_success(ctsio);
10489	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10490	ctsio->be_move_done = ctl_config_move_done;
10491	ctl_datamove((union ctl_io *)ctsio);
10492	return (CTL_RETVAL_COMPLETE);
10493}
10494
10495int
10496ctl_mechanism_status(struct ctl_scsiio *ctsio)
10497{
10498	struct scsi_mechanism_status_header *hdr;
10499	struct scsi_mechanism_status *cdb;
10500	struct ctl_lun *lun;
10501	uint32_t alloc_len, data_len;
10502
10503	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10504	cdb = (struct scsi_mechanism_status *)ctsio->cdb;
10505	alloc_len = scsi_2btoul(cdb->length);
10506
10507	data_len = sizeof(struct scsi_mechanism_status_header);
10508	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10509	ctsio->kern_sg_entries = 0;
10510	ctsio->kern_data_resid = 0;
10511	ctsio->kern_rel_offset = 0;
10512
10513	if (data_len < alloc_len) {
10514		ctsio->residual = alloc_len - data_len;
10515		ctsio->kern_data_len = data_len;
10516		ctsio->kern_total_len = data_len;
10517	} else {
10518		ctsio->residual = 0;
10519		ctsio->kern_data_len = alloc_len;
10520		ctsio->kern_total_len = alloc_len;
10521	}
10522
10523	hdr = (struct scsi_mechanism_status_header *)ctsio->kern_data_ptr;
10524	hdr->state1 = 0x00;
10525	hdr->state2 = 0xe0;
10526	scsi_ulto3b(0, hdr->lba);
10527	hdr->slots_num = 0;
10528	scsi_ulto2b(0, hdr->slots_length);
10529
10530	ctl_set_success(ctsio);
10531	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10532	ctsio->be_move_done = ctl_config_move_done;
10533	ctl_datamove((union ctl_io *)ctsio);
10534	return (CTL_RETVAL_COMPLETE);
10535}
10536
10537static void
10538ctl_ultomsf(uint32_t lba, uint8_t *buf)
10539{
10540
10541	lba += 150;
10542	buf[0] = 0;
10543	buf[1] = bin2bcd((lba / 75) / 60);
10544	buf[2] = bin2bcd((lba / 75) % 60);
10545	buf[3] = bin2bcd(lba % 75);
10546}
10547
10548int
10549ctl_read_toc(struct ctl_scsiio *ctsio)
10550{
10551	struct scsi_read_toc_hdr *hdr;
10552	struct scsi_read_toc_type01_descr *descr;
10553	struct scsi_read_toc *cdb;
10554	struct ctl_lun *lun;
10555	uint32_t alloc_len, data_len;
10556	int format, msf;
10557
10558	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10559	cdb = (struct scsi_read_toc *)ctsio->cdb;
10560	msf = (cdb->byte2 & CD_MSF) != 0;
10561	format = cdb->format;
10562	alloc_len = scsi_2btoul(cdb->data_len);
10563
10564	data_len = sizeof(struct scsi_read_toc_hdr);
10565	if (format == 0)
10566		data_len += 2 * sizeof(struct scsi_read_toc_type01_descr);
10567	else
10568		data_len += sizeof(struct scsi_read_toc_type01_descr);
10569	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10570	ctsio->kern_sg_entries = 0;
10571	ctsio->kern_data_resid = 0;
10572	ctsio->kern_rel_offset = 0;
10573
10574	if (data_len < alloc_len) {
10575		ctsio->residual = alloc_len - data_len;
10576		ctsio->kern_data_len = data_len;
10577		ctsio->kern_total_len = data_len;
10578	} else {
10579		ctsio->residual = 0;
10580		ctsio->kern_data_len = alloc_len;
10581		ctsio->kern_total_len = alloc_len;
10582	}
10583
10584	hdr = (struct scsi_read_toc_hdr *)ctsio->kern_data_ptr;
10585	if (format == 0) {
10586		scsi_ulto2b(0x12, hdr->data_length);
10587		hdr->first = 1;
10588		hdr->last = 1;
10589		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10590		descr->addr_ctl = 0x14;
10591		descr->track_number = 1;
10592		if (msf)
10593			ctl_ultomsf(0, descr->track_start);
10594		else
10595			scsi_ulto4b(0, descr->track_start);
10596		descr++;
10597		descr->addr_ctl = 0x14;
10598		descr->track_number = 0xaa;
10599		if (msf)
10600			ctl_ultomsf(lun->be_lun->maxlba+1, descr->track_start);
10601		else
10602			scsi_ulto4b(lun->be_lun->maxlba+1, descr->track_start);
10603	} else {
10604		scsi_ulto2b(0x0a, hdr->data_length);
10605		hdr->first = 1;
10606		hdr->last = 1;
10607		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10608		descr->addr_ctl = 0x14;
10609		descr->track_number = 1;
10610		if (msf)
10611			ctl_ultomsf(0, descr->track_start);
10612		else
10613			scsi_ulto4b(0, descr->track_start);
10614	}
10615
10616	ctl_set_success(ctsio);
10617	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10618	ctsio->be_move_done = ctl_config_move_done;
10619	ctl_datamove((union ctl_io *)ctsio);
10620	return (CTL_RETVAL_COMPLETE);
10621}
10622
10623/*
10624 * For known CDB types, parse the LBA and length.
10625 */
10626static int
10627ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10628{
10629	if (io->io_hdr.io_type != CTL_IO_SCSI)
10630		return (1);
10631
10632	switch (io->scsiio.cdb[0]) {
10633	case COMPARE_AND_WRITE: {
10634		struct scsi_compare_and_write *cdb;
10635
10636		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10637
10638		*lba = scsi_8btou64(cdb->addr);
10639		*len = cdb->length;
10640		break;
10641	}
10642	case READ_6:
10643	case WRITE_6: {
10644		struct scsi_rw_6 *cdb;
10645
10646		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10647
10648		*lba = scsi_3btoul(cdb->addr);
10649		/* only 5 bits are valid in the most significant address byte */
10650		*lba &= 0x1fffff;
10651		*len = cdb->length;
10652		break;
10653	}
10654	case READ_10:
10655	case WRITE_10: {
10656		struct scsi_rw_10 *cdb;
10657
10658		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10659
10660		*lba = scsi_4btoul(cdb->addr);
10661		*len = scsi_2btoul(cdb->length);
10662		break;
10663	}
10664	case WRITE_VERIFY_10: {
10665		struct scsi_write_verify_10 *cdb;
10666
10667		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10668
10669		*lba = scsi_4btoul(cdb->addr);
10670		*len = scsi_2btoul(cdb->length);
10671		break;
10672	}
10673	case READ_12:
10674	case WRITE_12: {
10675		struct scsi_rw_12 *cdb;
10676
10677		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10678
10679		*lba = scsi_4btoul(cdb->addr);
10680		*len = scsi_4btoul(cdb->length);
10681		break;
10682	}
10683	case WRITE_VERIFY_12: {
10684		struct scsi_write_verify_12 *cdb;
10685
10686		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10687
10688		*lba = scsi_4btoul(cdb->addr);
10689		*len = scsi_4btoul(cdb->length);
10690		break;
10691	}
10692	case READ_16:
10693	case WRITE_16: {
10694		struct scsi_rw_16 *cdb;
10695
10696		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10697
10698		*lba = scsi_8btou64(cdb->addr);
10699		*len = scsi_4btoul(cdb->length);
10700		break;
10701	}
10702	case WRITE_ATOMIC_16: {
10703		struct scsi_write_atomic_16 *cdb;
10704
10705		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10706
10707		*lba = scsi_8btou64(cdb->addr);
10708		*len = scsi_2btoul(cdb->length);
10709		break;
10710	}
10711	case WRITE_VERIFY_16: {
10712		struct scsi_write_verify_16 *cdb;
10713
10714		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10715
10716		*lba = scsi_8btou64(cdb->addr);
10717		*len = scsi_4btoul(cdb->length);
10718		break;
10719	}
10720	case WRITE_SAME_10: {
10721		struct scsi_write_same_10 *cdb;
10722
10723		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10724
10725		*lba = scsi_4btoul(cdb->addr);
10726		*len = scsi_2btoul(cdb->length);
10727		break;
10728	}
10729	case WRITE_SAME_16: {
10730		struct scsi_write_same_16 *cdb;
10731
10732		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10733
10734		*lba = scsi_8btou64(cdb->addr);
10735		*len = scsi_4btoul(cdb->length);
10736		break;
10737	}
10738	case VERIFY_10: {
10739		struct scsi_verify_10 *cdb;
10740
10741		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10742
10743		*lba = scsi_4btoul(cdb->addr);
10744		*len = scsi_2btoul(cdb->length);
10745		break;
10746	}
10747	case VERIFY_12: {
10748		struct scsi_verify_12 *cdb;
10749
10750		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10751
10752		*lba = scsi_4btoul(cdb->addr);
10753		*len = scsi_4btoul(cdb->length);
10754		break;
10755	}
10756	case VERIFY_16: {
10757		struct scsi_verify_16 *cdb;
10758
10759		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10760
10761		*lba = scsi_8btou64(cdb->addr);
10762		*len = scsi_4btoul(cdb->length);
10763		break;
10764	}
10765	case UNMAP: {
10766		*lba = 0;
10767		*len = UINT64_MAX;
10768		break;
10769	}
10770	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10771		struct scsi_get_lba_status *cdb;
10772
10773		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10774		*lba = scsi_8btou64(cdb->addr);
10775		*len = UINT32_MAX;
10776		break;
10777	}
10778	default:
10779		return (1);
10780		break; /* NOTREACHED */
10781	}
10782
10783	return (0);
10784}
10785
10786static ctl_action
10787ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10788    bool seq)
10789{
10790	uint64_t endlba1, endlba2;
10791
10792	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10793	endlba2 = lba2 + len2 - 1;
10794
10795	if ((endlba1 < lba2) || (endlba2 < lba1))
10796		return (CTL_ACTION_PASS);
10797	else
10798		return (CTL_ACTION_BLOCK);
10799}
10800
10801static int
10802ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10803{
10804	struct ctl_ptr_len_flags *ptrlen;
10805	struct scsi_unmap_desc *buf, *end, *range;
10806	uint64_t lba;
10807	uint32_t len;
10808
10809	/* If not UNMAP -- go other way. */
10810	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10811	    io->scsiio.cdb[0] != UNMAP)
10812		return (CTL_ACTION_ERROR);
10813
10814	/* If UNMAP without data -- block and wait for data. */
10815	ptrlen = (struct ctl_ptr_len_flags *)
10816	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10817	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10818	    ptrlen->ptr == NULL)
10819		return (CTL_ACTION_BLOCK);
10820
10821	/* UNMAP with data -- check for collision. */
10822	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10823	end = buf + ptrlen->len / sizeof(*buf);
10824	for (range = buf; range < end; range++) {
10825		lba = scsi_8btou64(range->lba);
10826		len = scsi_4btoul(range->length);
10827		if ((lba < lba2 + len2) && (lba + len > lba2))
10828			return (CTL_ACTION_BLOCK);
10829	}
10830	return (CTL_ACTION_PASS);
10831}
10832
10833static ctl_action
10834ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10835{
10836	uint64_t lba1, lba2;
10837	uint64_t len1, len2;
10838	int retval;
10839
10840	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10841		return (CTL_ACTION_ERROR);
10842
10843	retval = ctl_extent_check_unmap(io1, lba2, len2);
10844	if (retval != CTL_ACTION_ERROR)
10845		return (retval);
10846
10847	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10848		return (CTL_ACTION_ERROR);
10849
10850	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10851		seq = FALSE;
10852	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10853}
10854
10855static ctl_action
10856ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10857{
10858	uint64_t lba1, lba2;
10859	uint64_t len1, len2;
10860
10861	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10862		return (CTL_ACTION_PASS);
10863	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10864		return (CTL_ACTION_ERROR);
10865	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10866		return (CTL_ACTION_ERROR);
10867
10868	if (lba1 + len1 == lba2)
10869		return (CTL_ACTION_BLOCK);
10870	return (CTL_ACTION_PASS);
10871}
10872
10873static ctl_action
10874ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10875    union ctl_io *ooa_io)
10876{
10877	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10878	const ctl_serialize_action *serialize_row;
10879
10880	/*
10881	 * The initiator attempted multiple untagged commands at the same
10882	 * time.  Can't do that.
10883	 */
10884	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10885	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10886	 && ((pending_io->io_hdr.nexus.targ_port ==
10887	      ooa_io->io_hdr.nexus.targ_port)
10888	  && (pending_io->io_hdr.nexus.initid ==
10889	      ooa_io->io_hdr.nexus.initid))
10890	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10891	      CTL_FLAG_STATUS_SENT)) == 0))
10892		return (CTL_ACTION_OVERLAP);
10893
10894	/*
10895	 * The initiator attempted to send multiple tagged commands with
10896	 * the same ID.  (It's fine if different initiators have the same
10897	 * tag ID.)
10898	 *
10899	 * Even if all of those conditions are true, we don't kill the I/O
10900	 * if the command ahead of us has been aborted.  We won't end up
10901	 * sending it to the FETD, and it's perfectly legal to resend a
10902	 * command with the same tag number as long as the previous
10903	 * instance of this tag number has been aborted somehow.
10904	 */
10905	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10906	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10907	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10908	 && ((pending_io->io_hdr.nexus.targ_port ==
10909	      ooa_io->io_hdr.nexus.targ_port)
10910	  && (pending_io->io_hdr.nexus.initid ==
10911	      ooa_io->io_hdr.nexus.initid))
10912	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10913	      CTL_FLAG_STATUS_SENT)) == 0))
10914		return (CTL_ACTION_OVERLAP_TAG);
10915
10916	/*
10917	 * If we get a head of queue tag, SAM-3 says that we should
10918	 * immediately execute it.
10919	 *
10920	 * What happens if this command would normally block for some other
10921	 * reason?  e.g. a request sense with a head of queue tag
10922	 * immediately after a write.  Normally that would block, but this
10923	 * will result in its getting executed immediately...
10924	 *
10925	 * We currently return "pass" instead of "skip", so we'll end up
10926	 * going through the rest of the queue to check for overlapped tags.
10927	 *
10928	 * XXX KDM check for other types of blockage first??
10929	 */
10930	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10931		return (CTL_ACTION_PASS);
10932
10933	/*
10934	 * Ordered tags have to block until all items ahead of them
10935	 * have completed.  If we get called with an ordered tag, we always
10936	 * block, if something else is ahead of us in the queue.
10937	 */
10938	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10939		return (CTL_ACTION_BLOCK);
10940
10941	/*
10942	 * Simple tags get blocked until all head of queue and ordered tags
10943	 * ahead of them have completed.  I'm lumping untagged commands in
10944	 * with simple tags here.  XXX KDM is that the right thing to do?
10945	 */
10946	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10947	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10948	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10949	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10950		return (CTL_ACTION_BLOCK);
10951
10952	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10953	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10954
10955	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10956
10957	switch (serialize_row[pending_entry->seridx]) {
10958	case CTL_SER_BLOCK:
10959		return (CTL_ACTION_BLOCK);
10960	case CTL_SER_EXTENT:
10961		return (ctl_extent_check(ooa_io, pending_io,
10962		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10963	case CTL_SER_EXTENTOPT:
10964		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10965		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10966			return (ctl_extent_check(ooa_io, pending_io,
10967			    (lun->be_lun &&
10968			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10969		return (CTL_ACTION_PASS);
10970	case CTL_SER_EXTENTSEQ:
10971		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10972			return (ctl_extent_check_seq(ooa_io, pending_io));
10973		return (CTL_ACTION_PASS);
10974	case CTL_SER_PASS:
10975		return (CTL_ACTION_PASS);
10976	case CTL_SER_BLOCKOPT:
10977		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10978		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10979			return (CTL_ACTION_BLOCK);
10980		return (CTL_ACTION_PASS);
10981	case CTL_SER_SKIP:
10982		return (CTL_ACTION_SKIP);
10983	default:
10984		panic("invalid serialization value %d",
10985		      serialize_row[pending_entry->seridx]);
10986	}
10987
10988	return (CTL_ACTION_ERROR);
10989}
10990
10991/*
10992 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10993 * Assumptions:
10994 * - pending_io is generally either incoming, or on the blocked queue
10995 * - starting I/O is the I/O we want to start the check with.
10996 */
10997static ctl_action
10998ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10999	      union ctl_io *starting_io)
11000{
11001	union ctl_io *ooa_io;
11002	ctl_action action;
11003
11004	mtx_assert(&lun->lun_lock, MA_OWNED);
11005
11006	/*
11007	 * Run back along the OOA queue, starting with the current
11008	 * blocked I/O and going through every I/O before it on the
11009	 * queue.  If starting_io is NULL, we'll just end up returning
11010	 * CTL_ACTION_PASS.
11011	 */
11012	for (ooa_io = starting_io; ooa_io != NULL;
11013	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11014	     ooa_links)){
11015
11016		/*
11017		 * This routine just checks to see whether
11018		 * cur_blocked is blocked by ooa_io, which is ahead
11019		 * of it in the queue.  It doesn't queue/dequeue
11020		 * cur_blocked.
11021		 */
11022		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11023		switch (action) {
11024		case CTL_ACTION_BLOCK:
11025		case CTL_ACTION_OVERLAP:
11026		case CTL_ACTION_OVERLAP_TAG:
11027		case CTL_ACTION_SKIP:
11028		case CTL_ACTION_ERROR:
11029			return (action);
11030			break; /* NOTREACHED */
11031		case CTL_ACTION_PASS:
11032			break;
11033		default:
11034			panic("invalid action %d", action);
11035			break;  /* NOTREACHED */
11036		}
11037	}
11038
11039	return (CTL_ACTION_PASS);
11040}
11041
11042/*
11043 * Assumptions:
11044 * - An I/O has just completed, and has been removed from the per-LUN OOA
11045 *   queue, so some items on the blocked queue may now be unblocked.
11046 */
11047static int
11048ctl_check_blocked(struct ctl_lun *lun)
11049{
11050	struct ctl_softc *softc = lun->ctl_softc;
11051	union ctl_io *cur_blocked, *next_blocked;
11052
11053	mtx_assert(&lun->lun_lock, MA_OWNED);
11054
11055	/*
11056	 * Run forward from the head of the blocked queue, checking each
11057	 * entry against the I/Os prior to it on the OOA queue to see if
11058	 * there is still any blockage.
11059	 *
11060	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11061	 * with our removing a variable on it while it is traversing the
11062	 * list.
11063	 */
11064	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11065	     cur_blocked != NULL; cur_blocked = next_blocked) {
11066		union ctl_io *prev_ooa;
11067		ctl_action action;
11068
11069		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11070							  blocked_links);
11071
11072		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11073						      ctl_ooaq, ooa_links);
11074
11075		/*
11076		 * If cur_blocked happens to be the first item in the OOA
11077		 * queue now, prev_ooa will be NULL, and the action
11078		 * returned will just be CTL_ACTION_PASS.
11079		 */
11080		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11081
11082		switch (action) {
11083		case CTL_ACTION_BLOCK:
11084			/* Nothing to do here, still blocked */
11085			break;
11086		case CTL_ACTION_OVERLAP:
11087		case CTL_ACTION_OVERLAP_TAG:
11088			/*
11089			 * This shouldn't happen!  In theory we've already
11090			 * checked this command for overlap...
11091			 */
11092			break;
11093		case CTL_ACTION_PASS:
11094		case CTL_ACTION_SKIP: {
11095			const struct ctl_cmd_entry *entry;
11096
11097			/*
11098			 * The skip case shouldn't happen, this transaction
11099			 * should have never made it onto the blocked queue.
11100			 */
11101			/*
11102			 * This I/O is no longer blocked, we can remove it
11103			 * from the blocked queue.  Since this is a TAILQ
11104			 * (doubly linked list), we can do O(1) removals
11105			 * from any place on the list.
11106			 */
11107			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11108				     blocked_links);
11109			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11110
11111			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11112			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11113				/*
11114				 * Need to send IO back to original side to
11115				 * run
11116				 */
11117				union ctl_ha_msg msg_info;
11118
11119				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11120				msg_info.hdr.original_sc =
11121					cur_blocked->io_hdr.original_sc;
11122				msg_info.hdr.serializing_sc = cur_blocked;
11123				msg_info.hdr.msg_type = CTL_MSG_R2R;
11124				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11125				    sizeof(msg_info.hdr), M_NOWAIT);
11126				break;
11127			}
11128			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11129
11130			/*
11131			 * Check this I/O for LUN state changes that may
11132			 * have happened while this command was blocked.
11133			 * The LUN state may have been changed by a command
11134			 * ahead of us in the queue, so we need to re-check
11135			 * for any states that can be caused by SCSI
11136			 * commands.
11137			 */
11138			if (ctl_scsiio_lun_check(lun, entry,
11139						 &cur_blocked->scsiio) == 0) {
11140				cur_blocked->io_hdr.flags |=
11141				                      CTL_FLAG_IS_WAS_ON_RTR;
11142				ctl_enqueue_rtr(cur_blocked);
11143			} else
11144				ctl_done(cur_blocked);
11145			break;
11146		}
11147		default:
11148			/*
11149			 * This probably shouldn't happen -- we shouldn't
11150			 * get CTL_ACTION_ERROR, or anything else.
11151			 */
11152			break;
11153		}
11154	}
11155
11156	return (CTL_RETVAL_COMPLETE);
11157}
11158
11159/*
11160 * This routine (with one exception) checks LUN flags that can be set by
11161 * commands ahead of us in the OOA queue.  These flags have to be checked
11162 * when a command initially comes in, and when we pull a command off the
11163 * blocked queue and are preparing to execute it.  The reason we have to
11164 * check these flags for commands on the blocked queue is that the LUN
11165 * state may have been changed by a command ahead of us while we're on the
11166 * blocked queue.
11167 *
11168 * Ordering is somewhat important with these checks, so please pay
11169 * careful attention to the placement of any new checks.
11170 */
11171static int
11172ctl_scsiio_lun_check(struct ctl_lun *lun,
11173    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11174{
11175	struct ctl_softc *softc = lun->ctl_softc;
11176	int retval;
11177	uint32_t residx;
11178
11179	retval = 0;
11180
11181	mtx_assert(&lun->lun_lock, MA_OWNED);
11182
11183	/*
11184	 * If this shelf is a secondary shelf controller, we may have to
11185	 * reject some commands disallowed by HA mode and link state.
11186	 */
11187	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11188		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11189		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11190			ctl_set_lun_unavail(ctsio);
11191			retval = 1;
11192			goto bailout;
11193		}
11194		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11195		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11196			ctl_set_lun_transit(ctsio);
11197			retval = 1;
11198			goto bailout;
11199		}
11200		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11201		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11202			ctl_set_lun_standby(ctsio);
11203			retval = 1;
11204			goto bailout;
11205		}
11206
11207		/* The rest of checks are only done on executing side */
11208		if (softc->ha_mode == CTL_HA_MODE_XFER)
11209			goto bailout;
11210	}
11211
11212	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11213		if (lun->be_lun &&
11214		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11215			ctl_set_hw_write_protected(ctsio);
11216			retval = 1;
11217			goto bailout;
11218		}
11219		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11220		    .eca_and_aen & SCP_SWP) != 0) {
11221			ctl_set_sense(ctsio, /*current_error*/ 1,
11222			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11223			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11224			retval = 1;
11225			goto bailout;
11226		}
11227	}
11228
11229	/*
11230	 * Check for a reservation conflict.  If this command isn't allowed
11231	 * even on reserved LUNs, and if this initiator isn't the one who
11232	 * reserved us, reject the command with a reservation conflict.
11233	 */
11234	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11235	if ((lun->flags & CTL_LUN_RESERVED)
11236	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11237		if (lun->res_idx != residx) {
11238			ctl_set_reservation_conflict(ctsio);
11239			retval = 1;
11240			goto bailout;
11241		}
11242	}
11243
11244	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11245	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11246		/* No reservation or command is allowed. */;
11247	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11248	    (lun->res_type == SPR_TYPE_WR_EX ||
11249	     lun->res_type == SPR_TYPE_WR_EX_RO ||
11250	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
11251		/* The command is allowed for Write Exclusive resv. */;
11252	} else {
11253		/*
11254		 * if we aren't registered or it's a res holder type
11255		 * reservation and this isn't the res holder then set a
11256		 * conflict.
11257		 */
11258		if (ctl_get_prkey(lun, residx) == 0
11259		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11260			ctl_set_reservation_conflict(ctsio);
11261			retval = 1;
11262			goto bailout;
11263		}
11264	}
11265
11266	if ((lun->flags & CTL_LUN_OFFLINE)
11267	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
11268		ctl_set_lun_not_ready(ctsio);
11269		retval = 1;
11270		goto bailout;
11271	}
11272
11273	if ((lun->flags & CTL_LUN_STOPPED)
11274	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11275		/* "Logical unit not ready, initializing cmd. required" */
11276		ctl_set_lun_stopped(ctsio);
11277		retval = 1;
11278		goto bailout;
11279	}
11280
11281	if ((lun->flags & CTL_LUN_INOPERABLE)
11282	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11283		/* "Medium format corrupted" */
11284		ctl_set_medium_format_corrupted(ctsio);
11285		retval = 1;
11286		goto bailout;
11287	}
11288
11289bailout:
11290	return (retval);
11291}
11292
11293static void
11294ctl_failover_io(union ctl_io *io, int have_lock)
11295{
11296	ctl_set_busy(&io->scsiio);
11297	ctl_done(io);
11298}
11299
11300static void
11301ctl_failover_lun(union ctl_io *rio)
11302{
11303	struct ctl_softc *softc = control_softc;
11304	struct ctl_lun *lun;
11305	struct ctl_io_hdr *io, *next_io;
11306	uint32_t targ_lun;
11307
11308	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
11309	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
11310
11311	/* Find and lock the LUN. */
11312	mtx_lock(&softc->ctl_lock);
11313	if ((targ_lun < CTL_MAX_LUNS) &&
11314	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11315		mtx_lock(&lun->lun_lock);
11316		mtx_unlock(&softc->ctl_lock);
11317		if (lun->flags & CTL_LUN_DISABLED) {
11318			mtx_unlock(&lun->lun_lock);
11319			return;
11320		}
11321	} else {
11322		mtx_unlock(&softc->ctl_lock);
11323		return;
11324	}
11325
11326	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11327		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11328			/* We are master */
11329			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11330				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11331					io->flags |= CTL_FLAG_ABORT;
11332					io->flags |= CTL_FLAG_FAILOVER;
11333				} else { /* This can be only due to DATAMOVE */
11334					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11335					io->flags &= ~CTL_FLAG_DMA_INPROG;
11336					io->flags |= CTL_FLAG_IO_ACTIVE;
11337					io->port_status = 31340;
11338					ctl_enqueue_isc((union ctl_io *)io);
11339				}
11340			}
11341			/* We are slave */
11342			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11343				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11344				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11345					io->flags |= CTL_FLAG_FAILOVER;
11346				} else {
11347					ctl_set_busy(&((union ctl_io *)io)->
11348					    scsiio);
11349					ctl_done((union ctl_io *)io);
11350				}
11351			}
11352		}
11353	} else { /* SERIALIZE modes */
11354		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11355		    next_io) {
11356			/* We are master */
11357			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11358				TAILQ_REMOVE(&lun->blocked_queue, io,
11359				    blocked_links);
11360				io->flags &= ~CTL_FLAG_BLOCKED;
11361				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11362				ctl_free_io((union ctl_io *)io);
11363			}
11364		}
11365		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11366			/* We are master */
11367			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11368				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11369				ctl_free_io((union ctl_io *)io);
11370			}
11371			/* We are slave */
11372			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11373				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11374				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11375					ctl_set_busy(&((union ctl_io *)io)->
11376					    scsiio);
11377					ctl_done((union ctl_io *)io);
11378				}
11379			}
11380		}
11381		ctl_check_blocked(lun);
11382	}
11383	mtx_unlock(&lun->lun_lock);
11384}
11385
11386static int
11387ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11388{
11389	struct ctl_lun *lun;
11390	const struct ctl_cmd_entry *entry;
11391	uint32_t initidx, targ_lun;
11392	int retval;
11393
11394	retval = 0;
11395
11396	lun = NULL;
11397
11398	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11399	if ((targ_lun < CTL_MAX_LUNS)
11400	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11401		/*
11402		 * If the LUN is invalid, pretend that it doesn't exist.
11403		 * It will go away as soon as all pending I/O has been
11404		 * completed.
11405		 */
11406		mtx_lock(&lun->lun_lock);
11407		if (lun->flags & CTL_LUN_DISABLED) {
11408			mtx_unlock(&lun->lun_lock);
11409			lun = NULL;
11410			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11411			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11412		} else {
11413			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11414			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11415				lun->be_lun;
11416
11417			/*
11418			 * Every I/O goes into the OOA queue for a
11419			 * particular LUN, and stays there until completion.
11420			 */
11421#ifdef CTL_TIME_IO
11422			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11423				lun->idle_time += getsbinuptime() -
11424				    lun->last_busy;
11425			}
11426#endif
11427			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11428			    ooa_links);
11429		}
11430	} else {
11431		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11432		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11433	}
11434
11435	/* Get command entry and return error if it is unsuppotyed. */
11436	entry = ctl_validate_command(ctsio);
11437	if (entry == NULL) {
11438		if (lun)
11439			mtx_unlock(&lun->lun_lock);
11440		return (retval);
11441	}
11442
11443	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11444	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11445
11446	/*
11447	 * Check to see whether we can send this command to LUNs that don't
11448	 * exist.  This should pretty much only be the case for inquiry
11449	 * and request sense.  Further checks, below, really require having
11450	 * a LUN, so we can't really check the command anymore.  Just put
11451	 * it on the rtr queue.
11452	 */
11453	if (lun == NULL) {
11454		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11455			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11456			ctl_enqueue_rtr((union ctl_io *)ctsio);
11457			return (retval);
11458		}
11459
11460		ctl_set_unsupported_lun(ctsio);
11461		ctl_done((union ctl_io *)ctsio);
11462		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11463		return (retval);
11464	} else {
11465		/*
11466		 * Make sure we support this particular command on this LUN.
11467		 * e.g., we don't support writes to the control LUN.
11468		 */
11469		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11470			mtx_unlock(&lun->lun_lock);
11471			ctl_set_invalid_opcode(ctsio);
11472			ctl_done((union ctl_io *)ctsio);
11473			return (retval);
11474		}
11475	}
11476
11477	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11478
11479#ifdef CTL_WITH_CA
11480	/*
11481	 * If we've got a request sense, it'll clear the contingent
11482	 * allegiance condition.  Otherwise, if we have a CA condition for
11483	 * this initiator, clear it, because it sent down a command other
11484	 * than request sense.
11485	 */
11486	if ((ctsio->cdb[0] != REQUEST_SENSE)
11487	 && (ctl_is_set(lun->have_ca, initidx)))
11488		ctl_clear_mask(lun->have_ca, initidx);
11489#endif
11490
11491	/*
11492	 * If the command has this flag set, it handles its own unit
11493	 * attention reporting, we shouldn't do anything.  Otherwise we
11494	 * check for any pending unit attentions, and send them back to the
11495	 * initiator.  We only do this when a command initially comes in,
11496	 * not when we pull it off the blocked queue.
11497	 *
11498	 * According to SAM-3, section 5.3.2, the order that things get
11499	 * presented back to the host is basically unit attentions caused
11500	 * by some sort of reset event, busy status, reservation conflicts
11501	 * or task set full, and finally any other status.
11502	 *
11503	 * One issue here is that some of the unit attentions we report
11504	 * don't fall into the "reset" category (e.g. "reported luns data
11505	 * has changed").  So reporting it here, before the reservation
11506	 * check, may be technically wrong.  I guess the only thing to do
11507	 * would be to check for and report the reset events here, and then
11508	 * check for the other unit attention types after we check for a
11509	 * reservation conflict.
11510	 *
11511	 * XXX KDM need to fix this
11512	 */
11513	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11514		ctl_ua_type ua_type;
11515
11516		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11517		    SSD_TYPE_NONE);
11518		if (ua_type != CTL_UA_NONE) {
11519			mtx_unlock(&lun->lun_lock);
11520			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11521			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11522			ctsio->sense_len = SSD_FULL_SIZE;
11523			ctl_done((union ctl_io *)ctsio);
11524			return (retval);
11525		}
11526	}
11527
11528
11529	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11530		mtx_unlock(&lun->lun_lock);
11531		ctl_done((union ctl_io *)ctsio);
11532		return (retval);
11533	}
11534
11535	/*
11536	 * XXX CHD this is where we want to send IO to other side if
11537	 * this LUN is secondary on this SC. We will need to make a copy
11538	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11539	 * the copy we send as FROM_OTHER.
11540	 * We also need to stuff the address of the original IO so we can
11541	 * find it easily. Something similar will need be done on the other
11542	 * side so when we are done we can find the copy.
11543	 */
11544	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11545	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11546	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11547		union ctl_ha_msg msg_info;
11548		int isc_retval;
11549
11550		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11551		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11552		mtx_unlock(&lun->lun_lock);
11553
11554		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11555		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11556		msg_info.hdr.serializing_sc = NULL;
11557		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11558		msg_info.scsi.tag_num = ctsio->tag_num;
11559		msg_info.scsi.tag_type = ctsio->tag_type;
11560		msg_info.scsi.cdb_len = ctsio->cdb_len;
11561		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11562
11563		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11564		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11565		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11566			ctl_set_busy(ctsio);
11567			ctl_done((union ctl_io *)ctsio);
11568			return (retval);
11569		}
11570		return (retval);
11571	}
11572
11573	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11574			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11575			      ctl_ooaq, ooa_links))) {
11576	case CTL_ACTION_BLOCK:
11577		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11578		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11579				  blocked_links);
11580		mtx_unlock(&lun->lun_lock);
11581		return (retval);
11582	case CTL_ACTION_PASS:
11583	case CTL_ACTION_SKIP:
11584		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11585		mtx_unlock(&lun->lun_lock);
11586		ctl_enqueue_rtr((union ctl_io *)ctsio);
11587		break;
11588	case CTL_ACTION_OVERLAP:
11589		mtx_unlock(&lun->lun_lock);
11590		ctl_set_overlapped_cmd(ctsio);
11591		ctl_done((union ctl_io *)ctsio);
11592		break;
11593	case CTL_ACTION_OVERLAP_TAG:
11594		mtx_unlock(&lun->lun_lock);
11595		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11596		ctl_done((union ctl_io *)ctsio);
11597		break;
11598	case CTL_ACTION_ERROR:
11599	default:
11600		mtx_unlock(&lun->lun_lock);
11601		ctl_set_internal_failure(ctsio,
11602					 /*sks_valid*/ 0,
11603					 /*retry_count*/ 0);
11604		ctl_done((union ctl_io *)ctsio);
11605		break;
11606	}
11607	return (retval);
11608}
11609
11610const struct ctl_cmd_entry *
11611ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11612{
11613	const struct ctl_cmd_entry *entry;
11614	int service_action;
11615
11616	entry = &ctl_cmd_table[ctsio->cdb[0]];
11617	if (sa)
11618		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11619	if (entry->flags & CTL_CMD_FLAG_SA5) {
11620		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11621		entry = &((const struct ctl_cmd_entry *)
11622		    entry->execute)[service_action];
11623	}
11624	return (entry);
11625}
11626
11627const struct ctl_cmd_entry *
11628ctl_validate_command(struct ctl_scsiio *ctsio)
11629{
11630	const struct ctl_cmd_entry *entry;
11631	int i, sa;
11632	uint8_t diff;
11633
11634	entry = ctl_get_cmd_entry(ctsio, &sa);
11635	if (entry->execute == NULL) {
11636		if (sa)
11637			ctl_set_invalid_field(ctsio,
11638					      /*sks_valid*/ 1,
11639					      /*command*/ 1,
11640					      /*field*/ 1,
11641					      /*bit_valid*/ 1,
11642					      /*bit*/ 4);
11643		else
11644			ctl_set_invalid_opcode(ctsio);
11645		ctl_done((union ctl_io *)ctsio);
11646		return (NULL);
11647	}
11648	KASSERT(entry->length > 0,
11649	    ("Not defined length for command 0x%02x/0x%02x",
11650	     ctsio->cdb[0], ctsio->cdb[1]));
11651	for (i = 1; i < entry->length; i++) {
11652		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11653		if (diff == 0)
11654			continue;
11655		ctl_set_invalid_field(ctsio,
11656				      /*sks_valid*/ 1,
11657				      /*command*/ 1,
11658				      /*field*/ i,
11659				      /*bit_valid*/ 1,
11660				      /*bit*/ fls(diff) - 1);
11661		ctl_done((union ctl_io *)ctsio);
11662		return (NULL);
11663	}
11664	return (entry);
11665}
11666
11667static int
11668ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11669{
11670
11671	switch (lun_type) {
11672	case T_DIRECT:
11673		if ((entry->flags & CTL_CMD_FLAG_OK_ON_DIRECT) == 0)
11674			return (0);
11675		break;
11676	case T_PROCESSOR:
11677		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11678			return (0);
11679		break;
11680	case T_CDROM:
11681		if ((entry->flags & CTL_CMD_FLAG_OK_ON_CDROM) == 0)
11682			return (0);
11683		break;
11684	default:
11685		return (0);
11686	}
11687	return (1);
11688}
11689
11690static int
11691ctl_scsiio(struct ctl_scsiio *ctsio)
11692{
11693	int retval;
11694	const struct ctl_cmd_entry *entry;
11695
11696	retval = CTL_RETVAL_COMPLETE;
11697
11698	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11699
11700	entry = ctl_get_cmd_entry(ctsio, NULL);
11701
11702	/*
11703	 * If this I/O has been aborted, just send it straight to
11704	 * ctl_done() without executing it.
11705	 */
11706	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11707		ctl_done((union ctl_io *)ctsio);
11708		goto bailout;
11709	}
11710
11711	/*
11712	 * All the checks should have been handled by ctl_scsiio_precheck().
11713	 * We should be clear now to just execute the I/O.
11714	 */
11715	retval = entry->execute(ctsio);
11716
11717bailout:
11718	return (retval);
11719}
11720
11721/*
11722 * Since we only implement one target right now, a bus reset simply resets
11723 * our single target.
11724 */
11725static int
11726ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11727{
11728	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11729}
11730
11731static int
11732ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11733		 ctl_ua_type ua_type)
11734{
11735	struct ctl_port *port;
11736	struct ctl_lun *lun;
11737	int retval;
11738
11739	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11740		union ctl_ha_msg msg_info;
11741
11742		msg_info.hdr.nexus = io->io_hdr.nexus;
11743		if (ua_type==CTL_UA_TARG_RESET)
11744			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11745		else
11746			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11747		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11748		msg_info.hdr.original_sc = NULL;
11749		msg_info.hdr.serializing_sc = NULL;
11750		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11751		    sizeof(msg_info.task), M_WAITOK);
11752	}
11753	retval = 0;
11754
11755	mtx_lock(&softc->ctl_lock);
11756	port = ctl_io_port(&io->io_hdr);
11757	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11758		if (port != NULL &&
11759		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11760			continue;
11761		retval += ctl_do_lun_reset(lun, io, ua_type);
11762	}
11763	mtx_unlock(&softc->ctl_lock);
11764	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11765	return (retval);
11766}
11767
11768/*
11769 * The LUN should always be set.  The I/O is optional, and is used to
11770 * distinguish between I/Os sent by this initiator, and by other
11771 * initiators.  We set unit attention for initiators other than this one.
11772 * SAM-3 is vague on this point.  It does say that a unit attention should
11773 * be established for other initiators when a LUN is reset (see section
11774 * 5.7.3), but it doesn't specifically say that the unit attention should
11775 * be established for this particular initiator when a LUN is reset.  Here
11776 * is the relevant text, from SAM-3 rev 8:
11777 *
11778 * 5.7.2 When a SCSI initiator port aborts its own tasks
11779 *
11780 * When a SCSI initiator port causes its own task(s) to be aborted, no
11781 * notification that the task(s) have been aborted shall be returned to
11782 * the SCSI initiator port other than the completion response for the
11783 * command or task management function action that caused the task(s) to
11784 * be aborted and notification(s) associated with related effects of the
11785 * action (e.g., a reset unit attention condition).
11786 *
11787 * XXX KDM for now, we're setting unit attention for all initiators.
11788 */
11789static int
11790ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11791{
11792	union ctl_io *xio;
11793#if 0
11794	uint32_t initidx;
11795#endif
11796#ifdef CTL_WITH_CA
11797	int i;
11798#endif
11799
11800	mtx_lock(&lun->lun_lock);
11801	/*
11802	 * Run through the OOA queue and abort each I/O.
11803	 */
11804	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11805	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11806		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11807	}
11808
11809	/*
11810	 * This version sets unit attention for every
11811	 */
11812#if 0
11813	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11814	ctl_est_ua_all(lun, initidx, ua_type);
11815#else
11816	ctl_est_ua_all(lun, -1, ua_type);
11817#endif
11818
11819	/*
11820	 * A reset (any kind, really) clears reservations established with
11821	 * RESERVE/RELEASE.  It does not clear reservations established
11822	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11823	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11824	 * reservations made with the RESERVE/RELEASE commands, because
11825	 * those commands are obsolete in SPC-3.
11826	 */
11827	lun->flags &= ~CTL_LUN_RESERVED;
11828
11829#ifdef CTL_WITH_CA
11830	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11831		ctl_clear_mask(lun->have_ca, i);
11832#endif
11833	mtx_unlock(&lun->lun_lock);
11834
11835	return (0);
11836}
11837
11838static int
11839ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11840{
11841	struct ctl_lun *lun;
11842	uint32_t targ_lun;
11843	int retval;
11844
11845	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11846	mtx_lock(&softc->ctl_lock);
11847	if ((targ_lun >= CTL_MAX_LUNS) ||
11848	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11849		mtx_unlock(&softc->ctl_lock);
11850		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11851		return (1);
11852	}
11853	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11854	mtx_unlock(&softc->ctl_lock);
11855	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11856
11857	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11858		union ctl_ha_msg msg_info;
11859
11860		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11861		msg_info.hdr.nexus = io->io_hdr.nexus;
11862		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11863		msg_info.hdr.original_sc = NULL;
11864		msg_info.hdr.serializing_sc = NULL;
11865		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11866		    sizeof(msg_info.task), M_WAITOK);
11867	}
11868	return (retval);
11869}
11870
11871static void
11872ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11873    int other_sc)
11874{
11875	union ctl_io *xio;
11876
11877	mtx_assert(&lun->lun_lock, MA_OWNED);
11878
11879	/*
11880	 * Run through the OOA queue and attempt to find the given I/O.
11881	 * The target port, initiator ID, tag type and tag number have to
11882	 * match the values that we got from the initiator.  If we have an
11883	 * untagged command to abort, simply abort the first untagged command
11884	 * we come to.  We only allow one untagged command at a time of course.
11885	 */
11886	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11887	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11888
11889		if ((targ_port == UINT32_MAX ||
11890		     targ_port == xio->io_hdr.nexus.targ_port) &&
11891		    (init_id == UINT32_MAX ||
11892		     init_id == xio->io_hdr.nexus.initid)) {
11893			if (targ_port != xio->io_hdr.nexus.targ_port ||
11894			    init_id != xio->io_hdr.nexus.initid)
11895				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11896			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11897			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11898				union ctl_ha_msg msg_info;
11899
11900				msg_info.hdr.nexus = xio->io_hdr.nexus;
11901				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11902				msg_info.task.tag_num = xio->scsiio.tag_num;
11903				msg_info.task.tag_type = xio->scsiio.tag_type;
11904				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11905				msg_info.hdr.original_sc = NULL;
11906				msg_info.hdr.serializing_sc = NULL;
11907				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11908				    sizeof(msg_info.task), M_NOWAIT);
11909			}
11910		}
11911	}
11912}
11913
11914static int
11915ctl_abort_task_set(union ctl_io *io)
11916{
11917	struct ctl_softc *softc = control_softc;
11918	struct ctl_lun *lun;
11919	uint32_t targ_lun;
11920
11921	/*
11922	 * Look up the LUN.
11923	 */
11924	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11925	mtx_lock(&softc->ctl_lock);
11926	if ((targ_lun >= CTL_MAX_LUNS) ||
11927	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11928		mtx_unlock(&softc->ctl_lock);
11929		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11930		return (1);
11931	}
11932
11933	mtx_lock(&lun->lun_lock);
11934	mtx_unlock(&softc->ctl_lock);
11935	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11936		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11937		    io->io_hdr.nexus.initid,
11938		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11939	} else { /* CTL_TASK_CLEAR_TASK_SET */
11940		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11941		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11942	}
11943	mtx_unlock(&lun->lun_lock);
11944	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11945	return (0);
11946}
11947
11948static int
11949ctl_i_t_nexus_reset(union ctl_io *io)
11950{
11951	struct ctl_softc *softc = control_softc;
11952	struct ctl_lun *lun;
11953	uint32_t initidx;
11954
11955	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11956		union ctl_ha_msg msg_info;
11957
11958		msg_info.hdr.nexus = io->io_hdr.nexus;
11959		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11960		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11961		msg_info.hdr.original_sc = NULL;
11962		msg_info.hdr.serializing_sc = NULL;
11963		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11964		    sizeof(msg_info.task), M_WAITOK);
11965	}
11966
11967	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11968	mtx_lock(&softc->ctl_lock);
11969	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11970		mtx_lock(&lun->lun_lock);
11971		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11972		    io->io_hdr.nexus.initid, 1);
11973#ifdef CTL_WITH_CA
11974		ctl_clear_mask(lun->have_ca, initidx);
11975#endif
11976		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11977			lun->flags &= ~CTL_LUN_RESERVED;
11978		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11979		mtx_unlock(&lun->lun_lock);
11980	}
11981	mtx_unlock(&softc->ctl_lock);
11982	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11983	return (0);
11984}
11985
11986static int
11987ctl_abort_task(union ctl_io *io)
11988{
11989	union ctl_io *xio;
11990	struct ctl_lun *lun;
11991	struct ctl_softc *softc;
11992#if 0
11993	struct sbuf sb;
11994	char printbuf[128];
11995#endif
11996	int found;
11997	uint32_t targ_lun;
11998
11999	softc = control_softc;
12000	found = 0;
12001
12002	/*
12003	 * Look up the LUN.
12004	 */
12005	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12006	mtx_lock(&softc->ctl_lock);
12007	if ((targ_lun >= CTL_MAX_LUNS) ||
12008	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12009		mtx_unlock(&softc->ctl_lock);
12010		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12011		return (1);
12012	}
12013
12014#if 0
12015	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12016	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12017#endif
12018
12019	mtx_lock(&lun->lun_lock);
12020	mtx_unlock(&softc->ctl_lock);
12021	/*
12022	 * Run through the OOA queue and attempt to find the given I/O.
12023	 * The target port, initiator ID, tag type and tag number have to
12024	 * match the values that we got from the initiator.  If we have an
12025	 * untagged command to abort, simply abort the first untagged command
12026	 * we come to.  We only allow one untagged command at a time of course.
12027	 */
12028	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12029	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12030#if 0
12031		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12032
12033		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12034			    lun->lun, xio->scsiio.tag_num,
12035			    xio->scsiio.tag_type,
12036			    (xio->io_hdr.blocked_links.tqe_prev
12037			    == NULL) ? "" : " BLOCKED",
12038			    (xio->io_hdr.flags &
12039			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12040			    (xio->io_hdr.flags &
12041			    CTL_FLAG_ABORT) ? " ABORT" : "",
12042			    (xio->io_hdr.flags &
12043			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12044		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12045		sbuf_finish(&sb);
12046		printf("%s\n", sbuf_data(&sb));
12047#endif
12048
12049		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12050		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12051		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12052			continue;
12053
12054		/*
12055		 * If the abort says that the task is untagged, the
12056		 * task in the queue must be untagged.  Otherwise,
12057		 * we just check to see whether the tag numbers
12058		 * match.  This is because the QLogic firmware
12059		 * doesn't pass back the tag type in an abort
12060		 * request.
12061		 */
12062#if 0
12063		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12064		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12065		 || (xio->scsiio.tag_num == io->taskio.tag_num))
12066#endif
12067		/*
12068		 * XXX KDM we've got problems with FC, because it
12069		 * doesn't send down a tag type with aborts.  So we
12070		 * can only really go by the tag number...
12071		 * This may cause problems with parallel SCSI.
12072		 * Need to figure that out!!
12073		 */
12074		if (xio->scsiio.tag_num == io->taskio.tag_num) {
12075			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12076			found = 1;
12077			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
12078			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12079				union ctl_ha_msg msg_info;
12080
12081				msg_info.hdr.nexus = io->io_hdr.nexus;
12082				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12083				msg_info.task.tag_num = io->taskio.tag_num;
12084				msg_info.task.tag_type = io->taskio.tag_type;
12085				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12086				msg_info.hdr.original_sc = NULL;
12087				msg_info.hdr.serializing_sc = NULL;
12088#if 0
12089				printf("Sent Abort to other side\n");
12090#endif
12091				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12092				    sizeof(msg_info.task), M_NOWAIT);
12093			}
12094#if 0
12095			printf("ctl_abort_task: found I/O to abort\n");
12096#endif
12097		}
12098	}
12099	mtx_unlock(&lun->lun_lock);
12100
12101	if (found == 0) {
12102		/*
12103		 * This isn't really an error.  It's entirely possible for
12104		 * the abort and command completion to cross on the wire.
12105		 * This is more of an informative/diagnostic error.
12106		 */
12107#if 0
12108		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12109		       "%u:%u:%u tag %d type %d\n",
12110		       io->io_hdr.nexus.initid,
12111		       io->io_hdr.nexus.targ_port,
12112		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12113		       io->taskio.tag_type);
12114#endif
12115	}
12116	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12117	return (0);
12118}
12119
12120static int
12121ctl_query_task(union ctl_io *io, int task_set)
12122{
12123	union ctl_io *xio;
12124	struct ctl_lun *lun;
12125	struct ctl_softc *softc;
12126	int found = 0;
12127	uint32_t targ_lun;
12128
12129	softc = control_softc;
12130	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12131	mtx_lock(&softc->ctl_lock);
12132	if ((targ_lun >= CTL_MAX_LUNS) ||
12133	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12134		mtx_unlock(&softc->ctl_lock);
12135		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12136		return (1);
12137	}
12138	mtx_lock(&lun->lun_lock);
12139	mtx_unlock(&softc->ctl_lock);
12140	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12141	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12142
12143		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12144		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12145		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12146			continue;
12147
12148		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12149			found = 1;
12150			break;
12151		}
12152	}
12153	mtx_unlock(&lun->lun_lock);
12154	if (found)
12155		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12156	else
12157		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12158	return (0);
12159}
12160
12161static int
12162ctl_query_async_event(union ctl_io *io)
12163{
12164	struct ctl_lun *lun;
12165	struct ctl_softc *softc;
12166	ctl_ua_type ua;
12167	uint32_t targ_lun, initidx;
12168
12169	softc = control_softc;
12170	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12171	mtx_lock(&softc->ctl_lock);
12172	if ((targ_lun >= CTL_MAX_LUNS) ||
12173	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12174		mtx_unlock(&softc->ctl_lock);
12175		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12176		return (1);
12177	}
12178	mtx_lock(&lun->lun_lock);
12179	mtx_unlock(&softc->ctl_lock);
12180	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12181	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12182	mtx_unlock(&lun->lun_lock);
12183	if (ua != CTL_UA_NONE)
12184		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12185	else
12186		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12187	return (0);
12188}
12189
12190static void
12191ctl_run_task(union ctl_io *io)
12192{
12193	struct ctl_softc *softc = control_softc;
12194	int retval = 1;
12195
12196	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12197	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12198	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12199	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12200	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12201	switch (io->taskio.task_action) {
12202	case CTL_TASK_ABORT_TASK:
12203		retval = ctl_abort_task(io);
12204		break;
12205	case CTL_TASK_ABORT_TASK_SET:
12206	case CTL_TASK_CLEAR_TASK_SET:
12207		retval = ctl_abort_task_set(io);
12208		break;
12209	case CTL_TASK_CLEAR_ACA:
12210		break;
12211	case CTL_TASK_I_T_NEXUS_RESET:
12212		retval = ctl_i_t_nexus_reset(io);
12213		break;
12214	case CTL_TASK_LUN_RESET:
12215		retval = ctl_lun_reset(softc, io);
12216		break;
12217	case CTL_TASK_TARGET_RESET:
12218		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12219		break;
12220	case CTL_TASK_BUS_RESET:
12221		retval = ctl_bus_reset(softc, io);
12222		break;
12223	case CTL_TASK_PORT_LOGIN:
12224		break;
12225	case CTL_TASK_PORT_LOGOUT:
12226		break;
12227	case CTL_TASK_QUERY_TASK:
12228		retval = ctl_query_task(io, 0);
12229		break;
12230	case CTL_TASK_QUERY_TASK_SET:
12231		retval = ctl_query_task(io, 1);
12232		break;
12233	case CTL_TASK_QUERY_ASYNC_EVENT:
12234		retval = ctl_query_async_event(io);
12235		break;
12236	default:
12237		printf("%s: got unknown task management event %d\n",
12238		       __func__, io->taskio.task_action);
12239		break;
12240	}
12241	if (retval == 0)
12242		io->io_hdr.status = CTL_SUCCESS;
12243	else
12244		io->io_hdr.status = CTL_ERROR;
12245	ctl_done(io);
12246}
12247
12248/*
12249 * For HA operation.  Handle commands that come in from the other
12250 * controller.
12251 */
12252static void
12253ctl_handle_isc(union ctl_io *io)
12254{
12255	int free_io;
12256	struct ctl_lun *lun;
12257	struct ctl_softc *softc = control_softc;
12258	uint32_t targ_lun;
12259
12260	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12261	lun = softc->ctl_luns[targ_lun];
12262
12263	switch (io->io_hdr.msg_type) {
12264	case CTL_MSG_SERIALIZE:
12265		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12266		break;
12267	case CTL_MSG_R2R: {
12268		const struct ctl_cmd_entry *entry;
12269
12270		/*
12271		 * This is only used in SER_ONLY mode.
12272		 */
12273		free_io = 0;
12274		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12275		mtx_lock(&lun->lun_lock);
12276		if (ctl_scsiio_lun_check(lun,
12277		    entry, (struct ctl_scsiio *)io) != 0) {
12278			mtx_unlock(&lun->lun_lock);
12279			ctl_done(io);
12280			break;
12281		}
12282		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12283		mtx_unlock(&lun->lun_lock);
12284		ctl_enqueue_rtr(io);
12285		break;
12286	}
12287	case CTL_MSG_FINISH_IO:
12288		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12289			free_io = 0;
12290			ctl_done(io);
12291		} else {
12292			free_io = 1;
12293			mtx_lock(&lun->lun_lock);
12294			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12295				     ooa_links);
12296			ctl_check_blocked(lun);
12297			mtx_unlock(&lun->lun_lock);
12298		}
12299		break;
12300	case CTL_MSG_PERS_ACTION:
12301		ctl_hndl_per_res_out_on_other_sc(
12302			(union ctl_ha_msg *)&io->presio.pr_msg);
12303		free_io = 1;
12304		break;
12305	case CTL_MSG_BAD_JUJU:
12306		free_io = 0;
12307		ctl_done(io);
12308		break;
12309	case CTL_MSG_DATAMOVE:
12310		/* Only used in XFER mode */
12311		free_io = 0;
12312		ctl_datamove_remote(io);
12313		break;
12314	case CTL_MSG_DATAMOVE_DONE:
12315		/* Only used in XFER mode */
12316		free_io = 0;
12317		io->scsiio.be_move_done(io);
12318		break;
12319	case CTL_MSG_FAILOVER:
12320		ctl_failover_lun(io);
12321		free_io = 1;
12322		break;
12323	default:
12324		free_io = 1;
12325		printf("%s: Invalid message type %d\n",
12326		       __func__, io->io_hdr.msg_type);
12327		break;
12328	}
12329	if (free_io)
12330		ctl_free_io(io);
12331
12332}
12333
12334
12335/*
12336 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12337 * there is no match.
12338 */
12339static ctl_lun_error_pattern
12340ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12341{
12342	const struct ctl_cmd_entry *entry;
12343	ctl_lun_error_pattern filtered_pattern, pattern;
12344
12345	pattern = desc->error_pattern;
12346
12347	/*
12348	 * XXX KDM we need more data passed into this function to match a
12349	 * custom pattern, and we actually need to implement custom pattern
12350	 * matching.
12351	 */
12352	if (pattern & CTL_LUN_PAT_CMD)
12353		return (CTL_LUN_PAT_CMD);
12354
12355	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12356		return (CTL_LUN_PAT_ANY);
12357
12358	entry = ctl_get_cmd_entry(ctsio, NULL);
12359
12360	filtered_pattern = entry->pattern & pattern;
12361
12362	/*
12363	 * If the user requested specific flags in the pattern (e.g.
12364	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12365	 * flags.
12366	 *
12367	 * If the user did not specify any flags, it doesn't matter whether
12368	 * or not the command supports the flags.
12369	 */
12370	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12371	     (pattern & ~CTL_LUN_PAT_MASK))
12372		return (CTL_LUN_PAT_NONE);
12373
12374	/*
12375	 * If the user asked for a range check, see if the requested LBA
12376	 * range overlaps with this command's LBA range.
12377	 */
12378	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12379		uint64_t lba1;
12380		uint64_t len1;
12381		ctl_action action;
12382		int retval;
12383
12384		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12385		if (retval != 0)
12386			return (CTL_LUN_PAT_NONE);
12387
12388		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12389					      desc->lba_range.len, FALSE);
12390		/*
12391		 * A "pass" means that the LBA ranges don't overlap, so
12392		 * this doesn't match the user's range criteria.
12393		 */
12394		if (action == CTL_ACTION_PASS)
12395			return (CTL_LUN_PAT_NONE);
12396	}
12397
12398	return (filtered_pattern);
12399}
12400
12401static void
12402ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12403{
12404	struct ctl_error_desc *desc, *desc2;
12405
12406	mtx_assert(&lun->lun_lock, MA_OWNED);
12407
12408	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12409		ctl_lun_error_pattern pattern;
12410		/*
12411		 * Check to see whether this particular command matches
12412		 * the pattern in the descriptor.
12413		 */
12414		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12415		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12416			continue;
12417
12418		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12419		case CTL_LUN_INJ_ABORTED:
12420			ctl_set_aborted(&io->scsiio);
12421			break;
12422		case CTL_LUN_INJ_MEDIUM_ERR:
12423			ctl_set_medium_error(&io->scsiio,
12424			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12425			     CTL_FLAG_DATA_OUT);
12426			break;
12427		case CTL_LUN_INJ_UA:
12428			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12429			 * OCCURRED */
12430			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12431			break;
12432		case CTL_LUN_INJ_CUSTOM:
12433			/*
12434			 * We're assuming the user knows what he is doing.
12435			 * Just copy the sense information without doing
12436			 * checks.
12437			 */
12438			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12439			      MIN(sizeof(desc->custom_sense),
12440				  sizeof(io->scsiio.sense_data)));
12441			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12442			io->scsiio.sense_len = SSD_FULL_SIZE;
12443			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12444			break;
12445		case CTL_LUN_INJ_NONE:
12446		default:
12447			/*
12448			 * If this is an error injection type we don't know
12449			 * about, clear the continuous flag (if it is set)
12450			 * so it will get deleted below.
12451			 */
12452			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12453			break;
12454		}
12455		/*
12456		 * By default, each error injection action is a one-shot
12457		 */
12458		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12459			continue;
12460
12461		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12462
12463		free(desc, M_CTL);
12464	}
12465}
12466
12467#ifdef CTL_IO_DELAY
12468static void
12469ctl_datamove_timer_wakeup(void *arg)
12470{
12471	union ctl_io *io;
12472
12473	io = (union ctl_io *)arg;
12474
12475	ctl_datamove(io);
12476}
12477#endif /* CTL_IO_DELAY */
12478
12479void
12480ctl_datamove(union ctl_io *io)
12481{
12482	struct ctl_lun *lun;
12483	void (*fe_datamove)(union ctl_io *io);
12484
12485	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12486
12487	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12488
12489	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12490#ifdef CTL_TIME_IO
12491	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12492		char str[256];
12493		char path_str[64];
12494		struct sbuf sb;
12495
12496		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12497		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12498
12499		sbuf_cat(&sb, path_str);
12500		switch (io->io_hdr.io_type) {
12501		case CTL_IO_SCSI:
12502			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12503			sbuf_printf(&sb, "\n");
12504			sbuf_cat(&sb, path_str);
12505			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12506				    io->scsiio.tag_num, io->scsiio.tag_type);
12507			break;
12508		case CTL_IO_TASK:
12509			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12510				    "Tag Type: %d\n", io->taskio.task_action,
12511				    io->taskio.tag_num, io->taskio.tag_type);
12512			break;
12513		default:
12514			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12515			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12516			break;
12517		}
12518		sbuf_cat(&sb, path_str);
12519		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12520			    (intmax_t)time_uptime - io->io_hdr.start_time);
12521		sbuf_finish(&sb);
12522		printf("%s", sbuf_data(&sb));
12523	}
12524#endif /* CTL_TIME_IO */
12525
12526#ifdef CTL_IO_DELAY
12527	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12528		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12529	} else {
12530		if ((lun != NULL)
12531		 && (lun->delay_info.datamove_delay > 0)) {
12532
12533			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12534			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12535			callout_reset(&io->io_hdr.delay_callout,
12536				      lun->delay_info.datamove_delay * hz,
12537				      ctl_datamove_timer_wakeup, io);
12538			if (lun->delay_info.datamove_type ==
12539			    CTL_DELAY_TYPE_ONESHOT)
12540				lun->delay_info.datamove_delay = 0;
12541			return;
12542		}
12543	}
12544#endif
12545
12546	/*
12547	 * This command has been aborted.  Set the port status, so we fail
12548	 * the data move.
12549	 */
12550	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12551		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12552		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12553		       io->io_hdr.nexus.targ_port,
12554		       io->io_hdr.nexus.targ_lun);
12555		io->io_hdr.port_status = 31337;
12556		/*
12557		 * Note that the backend, in this case, will get the
12558		 * callback in its context.  In other cases it may get
12559		 * called in the frontend's interrupt thread context.
12560		 */
12561		io->scsiio.be_move_done(io);
12562		return;
12563	}
12564
12565	/* Don't confuse frontend with zero length data move. */
12566	if (io->scsiio.kern_data_len == 0) {
12567		io->scsiio.be_move_done(io);
12568		return;
12569	}
12570
12571	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12572	fe_datamove(io);
12573}
12574
12575static void
12576ctl_send_datamove_done(union ctl_io *io, int have_lock)
12577{
12578	union ctl_ha_msg msg;
12579#ifdef CTL_TIME_IO
12580	struct bintime cur_bt;
12581#endif
12582
12583	memset(&msg, 0, sizeof(msg));
12584	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12585	msg.hdr.original_sc = io;
12586	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12587	msg.hdr.nexus = io->io_hdr.nexus;
12588	msg.hdr.status = io->io_hdr.status;
12589	msg.scsi.tag_num = io->scsiio.tag_num;
12590	msg.scsi.tag_type = io->scsiio.tag_type;
12591	msg.scsi.scsi_status = io->scsiio.scsi_status;
12592	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12593	       io->scsiio.sense_len);
12594	msg.scsi.sense_len = io->scsiio.sense_len;
12595	msg.scsi.sense_residual = io->scsiio.sense_residual;
12596	msg.scsi.fetd_status = io->io_hdr.port_status;
12597	msg.scsi.residual = io->scsiio.residual;
12598	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12599	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12600		ctl_failover_io(io, /*have_lock*/ have_lock);
12601		return;
12602	}
12603	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12604	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12605	    msg.scsi.sense_len, M_WAITOK);
12606
12607#ifdef CTL_TIME_IO
12608	getbinuptime(&cur_bt);
12609	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12610	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12611#endif
12612	io->io_hdr.num_dmas++;
12613}
12614
12615/*
12616 * The DMA to the remote side is done, now we need to tell the other side
12617 * we're done so it can continue with its data movement.
12618 */
12619static void
12620ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12621{
12622	union ctl_io *io;
12623	int i;
12624
12625	io = rq->context;
12626
12627	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12628		printf("%s: ISC DMA write failed with error %d", __func__,
12629		       rq->ret);
12630		ctl_set_internal_failure(&io->scsiio,
12631					 /*sks_valid*/ 1,
12632					 /*retry_count*/ rq->ret);
12633	}
12634
12635	ctl_dt_req_free(rq);
12636
12637	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12638		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12639	free(io->io_hdr.remote_sglist, M_CTL);
12640	io->io_hdr.remote_sglist = NULL;
12641	io->io_hdr.local_sglist = NULL;
12642
12643	/*
12644	 * The data is in local and remote memory, so now we need to send
12645	 * status (good or back) back to the other side.
12646	 */
12647	ctl_send_datamove_done(io, /*have_lock*/ 0);
12648}
12649
12650/*
12651 * We've moved the data from the host/controller into local memory.  Now we
12652 * need to push it over to the remote controller's memory.
12653 */
12654static int
12655ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12656{
12657	int retval;
12658
12659	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12660					  ctl_datamove_remote_write_cb);
12661	return (retval);
12662}
12663
12664static void
12665ctl_datamove_remote_write(union ctl_io *io)
12666{
12667	int retval;
12668	void (*fe_datamove)(union ctl_io *io);
12669
12670	/*
12671	 * - Get the data from the host/HBA into local memory.
12672	 * - DMA memory from the local controller to the remote controller.
12673	 * - Send status back to the remote controller.
12674	 */
12675
12676	retval = ctl_datamove_remote_sgl_setup(io);
12677	if (retval != 0)
12678		return;
12679
12680	/* Switch the pointer over so the FETD knows what to do */
12681	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12682
12683	/*
12684	 * Use a custom move done callback, since we need to send completion
12685	 * back to the other controller, not to the backend on this side.
12686	 */
12687	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12688
12689	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12690	fe_datamove(io);
12691}
12692
12693static int
12694ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12695{
12696#if 0
12697	char str[256];
12698	char path_str[64];
12699	struct sbuf sb;
12700#endif
12701	int i;
12702
12703	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12704		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12705	free(io->io_hdr.remote_sglist, M_CTL);
12706	io->io_hdr.remote_sglist = NULL;
12707	io->io_hdr.local_sglist = NULL;
12708
12709#if 0
12710	scsi_path_string(io, path_str, sizeof(path_str));
12711	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12712	sbuf_cat(&sb, path_str);
12713	scsi_command_string(&io->scsiio, NULL, &sb);
12714	sbuf_printf(&sb, "\n");
12715	sbuf_cat(&sb, path_str);
12716	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12717		    io->scsiio.tag_num, io->scsiio.tag_type);
12718	sbuf_cat(&sb, path_str);
12719	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12720		    io->io_hdr.flags, io->io_hdr.status);
12721	sbuf_finish(&sb);
12722	printk("%s", sbuf_data(&sb));
12723#endif
12724
12725
12726	/*
12727	 * The read is done, now we need to send status (good or bad) back
12728	 * to the other side.
12729	 */
12730	ctl_send_datamove_done(io, /*have_lock*/ 0);
12731
12732	return (0);
12733}
12734
12735static void
12736ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12737{
12738	union ctl_io *io;
12739	void (*fe_datamove)(union ctl_io *io);
12740
12741	io = rq->context;
12742
12743	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12744		printf("%s: ISC DMA read failed with error %d\n", __func__,
12745		       rq->ret);
12746		ctl_set_internal_failure(&io->scsiio,
12747					 /*sks_valid*/ 1,
12748					 /*retry_count*/ rq->ret);
12749	}
12750
12751	ctl_dt_req_free(rq);
12752
12753	/* Switch the pointer over so the FETD knows what to do */
12754	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12755
12756	/*
12757	 * Use a custom move done callback, since we need to send completion
12758	 * back to the other controller, not to the backend on this side.
12759	 */
12760	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12761
12762	/* XXX KDM add checks like the ones in ctl_datamove? */
12763
12764	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12765	fe_datamove(io);
12766}
12767
12768static int
12769ctl_datamove_remote_sgl_setup(union ctl_io *io)
12770{
12771	struct ctl_sg_entry *local_sglist;
12772	uint32_t len_to_go;
12773	int retval;
12774	int i;
12775
12776	retval = 0;
12777	local_sglist = io->io_hdr.local_sglist;
12778	len_to_go = io->scsiio.kern_data_len;
12779
12780	/*
12781	 * The difficult thing here is that the size of the various
12782	 * S/G segments may be different than the size from the
12783	 * remote controller.  That'll make it harder when DMAing
12784	 * the data back to the other side.
12785	 */
12786	for (i = 0; len_to_go > 0; i++) {
12787		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12788		local_sglist[i].addr =
12789		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12790
12791		len_to_go -= local_sglist[i].len;
12792	}
12793	/*
12794	 * Reset the number of S/G entries accordingly.  The original
12795	 * number of S/G entries is available in rem_sg_entries.
12796	 */
12797	io->scsiio.kern_sg_entries = i;
12798
12799#if 0
12800	printf("%s: kern_sg_entries = %d\n", __func__,
12801	       io->scsiio.kern_sg_entries);
12802	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12803		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12804		       local_sglist[i].addr, local_sglist[i].len);
12805#endif
12806
12807	return (retval);
12808}
12809
12810static int
12811ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12812			 ctl_ha_dt_cb callback)
12813{
12814	struct ctl_ha_dt_req *rq;
12815	struct ctl_sg_entry *remote_sglist, *local_sglist;
12816	uint32_t local_used, remote_used, total_used;
12817	int i, j, isc_ret;
12818
12819	rq = ctl_dt_req_alloc();
12820
12821	/*
12822	 * If we failed to allocate the request, and if the DMA didn't fail
12823	 * anyway, set busy status.  This is just a resource allocation
12824	 * failure.
12825	 */
12826	if ((rq == NULL)
12827	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12828	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12829		ctl_set_busy(&io->scsiio);
12830
12831	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12832	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12833
12834		if (rq != NULL)
12835			ctl_dt_req_free(rq);
12836
12837		/*
12838		 * The data move failed.  We need to return status back
12839		 * to the other controller.  No point in trying to DMA
12840		 * data to the remote controller.
12841		 */
12842
12843		ctl_send_datamove_done(io, /*have_lock*/ 0);
12844
12845		return (1);
12846	}
12847
12848	local_sglist = io->io_hdr.local_sglist;
12849	remote_sglist = io->io_hdr.remote_sglist;
12850	local_used = 0;
12851	remote_used = 0;
12852	total_used = 0;
12853
12854	/*
12855	 * Pull/push the data over the wire from/to the other controller.
12856	 * This takes into account the possibility that the local and
12857	 * remote sglists may not be identical in terms of the size of
12858	 * the elements and the number of elements.
12859	 *
12860	 * One fundamental assumption here is that the length allocated for
12861	 * both the local and remote sglists is identical.  Otherwise, we've
12862	 * essentially got a coding error of some sort.
12863	 */
12864	isc_ret = CTL_HA_STATUS_SUCCESS;
12865	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12866		uint32_t cur_len;
12867		uint8_t *tmp_ptr;
12868
12869		rq->command = command;
12870		rq->context = io;
12871
12872		/*
12873		 * Both pointers should be aligned.  But it is possible
12874		 * that the allocation length is not.  They should both
12875		 * also have enough slack left over at the end, though,
12876		 * to round up to the next 8 byte boundary.
12877		 */
12878		cur_len = MIN(local_sglist[i].len - local_used,
12879			      remote_sglist[j].len - remote_used);
12880		rq->size = cur_len;
12881
12882		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12883		tmp_ptr += local_used;
12884
12885#if 0
12886		/* Use physical addresses when talking to ISC hardware */
12887		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12888			/* XXX KDM use busdma */
12889			rq->local = vtophys(tmp_ptr);
12890		} else
12891			rq->local = tmp_ptr;
12892#else
12893		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12894		    ("HA does not support BUS_ADDR"));
12895		rq->local = tmp_ptr;
12896#endif
12897
12898		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12899		tmp_ptr += remote_used;
12900		rq->remote = tmp_ptr;
12901
12902		rq->callback = NULL;
12903
12904		local_used += cur_len;
12905		if (local_used >= local_sglist[i].len) {
12906			i++;
12907			local_used = 0;
12908		}
12909
12910		remote_used += cur_len;
12911		if (remote_used >= remote_sglist[j].len) {
12912			j++;
12913			remote_used = 0;
12914		}
12915		total_used += cur_len;
12916
12917		if (total_used >= io->scsiio.kern_data_len)
12918			rq->callback = callback;
12919
12920#if 0
12921		printf("%s: %s: local %p remote %p size %d\n", __func__,
12922		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12923		       rq->local, rq->remote, rq->size);
12924#endif
12925
12926		isc_ret = ctl_dt_single(rq);
12927		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12928			break;
12929	}
12930	if (isc_ret != CTL_HA_STATUS_WAIT) {
12931		rq->ret = isc_ret;
12932		callback(rq);
12933	}
12934
12935	return (0);
12936}
12937
12938static void
12939ctl_datamove_remote_read(union ctl_io *io)
12940{
12941	int retval;
12942	int i;
12943
12944	/*
12945	 * This will send an error to the other controller in the case of a
12946	 * failure.
12947	 */
12948	retval = ctl_datamove_remote_sgl_setup(io);
12949	if (retval != 0)
12950		return;
12951
12952	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12953					  ctl_datamove_remote_read_cb);
12954	if (retval != 0) {
12955		/*
12956		 * Make sure we free memory if there was an error..  The
12957		 * ctl_datamove_remote_xfer() function will send the
12958		 * datamove done message, or call the callback with an
12959		 * error if there is a problem.
12960		 */
12961		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12962			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12963		free(io->io_hdr.remote_sglist, M_CTL);
12964		io->io_hdr.remote_sglist = NULL;
12965		io->io_hdr.local_sglist = NULL;
12966	}
12967}
12968
12969/*
12970 * Process a datamove request from the other controller.  This is used for
12971 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12972 * first.  Once that is complete, the data gets DMAed into the remote
12973 * controller's memory.  For reads, we DMA from the remote controller's
12974 * memory into our memory first, and then move it out to the FETD.
12975 */
12976static void
12977ctl_datamove_remote(union ctl_io *io)
12978{
12979
12980	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12981
12982	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12983		ctl_failover_io(io, /*have_lock*/ 0);
12984		return;
12985	}
12986
12987	/*
12988	 * Note that we look for an aborted I/O here, but don't do some of
12989	 * the other checks that ctl_datamove() normally does.
12990	 * We don't need to run the datamove delay code, since that should
12991	 * have been done if need be on the other controller.
12992	 */
12993	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12994		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12995		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12996		       io->io_hdr.nexus.targ_port,
12997		       io->io_hdr.nexus.targ_lun);
12998		io->io_hdr.port_status = 31338;
12999		ctl_send_datamove_done(io, /*have_lock*/ 0);
13000		return;
13001	}
13002
13003	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
13004		ctl_datamove_remote_write(io);
13005	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
13006		ctl_datamove_remote_read(io);
13007	else {
13008		io->io_hdr.port_status = 31339;
13009		ctl_send_datamove_done(io, /*have_lock*/ 0);
13010	}
13011}
13012
13013static void
13014ctl_process_done(union ctl_io *io)
13015{
13016	struct ctl_lun *lun;
13017	struct ctl_softc *softc = control_softc;
13018	void (*fe_done)(union ctl_io *io);
13019	union ctl_ha_msg msg;
13020	uint32_t targ_port = io->io_hdr.nexus.targ_port;
13021
13022	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13023	fe_done = softc->ctl_ports[targ_port]->fe_done;
13024
13025#ifdef CTL_TIME_IO
13026	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13027		char str[256];
13028		char path_str[64];
13029		struct sbuf sb;
13030
13031		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13032		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13033
13034		sbuf_cat(&sb, path_str);
13035		switch (io->io_hdr.io_type) {
13036		case CTL_IO_SCSI:
13037			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13038			sbuf_printf(&sb, "\n");
13039			sbuf_cat(&sb, path_str);
13040			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13041				    io->scsiio.tag_num, io->scsiio.tag_type);
13042			break;
13043		case CTL_IO_TASK:
13044			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13045				    "Tag Type: %d\n", io->taskio.task_action,
13046				    io->taskio.tag_num, io->taskio.tag_type);
13047			break;
13048		default:
13049			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13050			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13051			break;
13052		}
13053		sbuf_cat(&sb, path_str);
13054		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13055			    (intmax_t)time_uptime - io->io_hdr.start_time);
13056		sbuf_finish(&sb);
13057		printf("%s", sbuf_data(&sb));
13058	}
13059#endif /* CTL_TIME_IO */
13060
13061	switch (io->io_hdr.io_type) {
13062	case CTL_IO_SCSI:
13063		break;
13064	case CTL_IO_TASK:
13065		if (ctl_debug & CTL_DEBUG_INFO)
13066			ctl_io_error_print(io, NULL);
13067		fe_done(io);
13068		return;
13069	default:
13070		panic("ctl_process_done: invalid io type %d\n",
13071		      io->io_hdr.io_type);
13072		break; /* NOTREACHED */
13073	}
13074
13075	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13076	if (lun == NULL) {
13077		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13078				 io->io_hdr.nexus.targ_mapped_lun));
13079		goto bailout;
13080	}
13081
13082	mtx_lock(&lun->lun_lock);
13083
13084	/*
13085	 * Check to see if we have any errors to inject here.  We only
13086	 * inject errors for commands that don't already have errors set.
13087	 */
13088	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
13089	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13090	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13091		ctl_inject_error(lun, io);
13092
13093	/*
13094	 * XXX KDM how do we treat commands that aren't completed
13095	 * successfully?
13096	 *
13097	 * XXX KDM should we also track I/O latency?
13098	 */
13099	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13100	    io->io_hdr.io_type == CTL_IO_SCSI) {
13101#ifdef CTL_TIME_IO
13102		struct bintime cur_bt;
13103#endif
13104		int type;
13105
13106		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13107		    CTL_FLAG_DATA_IN)
13108			type = CTL_STATS_READ;
13109		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13110		    CTL_FLAG_DATA_OUT)
13111			type = CTL_STATS_WRITE;
13112		else
13113			type = CTL_STATS_NO_IO;
13114
13115		lun->stats.ports[targ_port].bytes[type] +=
13116		    io->scsiio.kern_total_len;
13117		lun->stats.ports[targ_port].operations[type]++;
13118#ifdef CTL_TIME_IO
13119		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13120		   &io->io_hdr.dma_bt);
13121		getbinuptime(&cur_bt);
13122		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13123		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13124#endif
13125		lun->stats.ports[targ_port].num_dmas[type] +=
13126		    io->io_hdr.num_dmas;
13127	}
13128
13129	/*
13130	 * Remove this from the OOA queue.
13131	 */
13132	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13133#ifdef CTL_TIME_IO
13134	if (TAILQ_EMPTY(&lun->ooa_queue))
13135		lun->last_busy = getsbinuptime();
13136#endif
13137
13138	/*
13139	 * Run through the blocked queue on this LUN and see if anything
13140	 * has become unblocked, now that this transaction is done.
13141	 */
13142	ctl_check_blocked(lun);
13143
13144	/*
13145	 * If the LUN has been invalidated, free it if there is nothing
13146	 * left on its OOA queue.
13147	 */
13148	if ((lun->flags & CTL_LUN_INVALID)
13149	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13150		mtx_unlock(&lun->lun_lock);
13151		mtx_lock(&softc->ctl_lock);
13152		ctl_free_lun(lun);
13153		mtx_unlock(&softc->ctl_lock);
13154	} else
13155		mtx_unlock(&lun->lun_lock);
13156
13157bailout:
13158
13159	/*
13160	 * If this command has been aborted, make sure we set the status
13161	 * properly.  The FETD is responsible for freeing the I/O and doing
13162	 * whatever it needs to do to clean up its state.
13163	 */
13164	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13165		ctl_set_task_aborted(&io->scsiio);
13166
13167	/*
13168	 * If enabled, print command error status.
13169	 */
13170	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13171	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13172		ctl_io_error_print(io, NULL);
13173
13174	/*
13175	 * Tell the FETD or the other shelf controller we're done with this
13176	 * command.  Note that only SCSI commands get to this point.  Task
13177	 * management commands are completed above.
13178	 */
13179	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13180	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13181		memset(&msg, 0, sizeof(msg));
13182		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13183		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13184		msg.hdr.nexus = io->io_hdr.nexus;
13185		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13186		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13187		    M_WAITOK);
13188	}
13189
13190	fe_done(io);
13191}
13192
13193#ifdef CTL_WITH_CA
13194/*
13195 * Front end should call this if it doesn't do autosense.  When the request
13196 * sense comes back in from the initiator, we'll dequeue this and send it.
13197 */
13198int
13199ctl_queue_sense(union ctl_io *io)
13200{
13201	struct ctl_lun *lun;
13202	struct ctl_port *port;
13203	struct ctl_softc *softc;
13204	uint32_t initidx, targ_lun;
13205
13206	softc = control_softc;
13207
13208	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13209
13210	/*
13211	 * LUN lookup will likely move to the ctl_work_thread() once we
13212	 * have our new queueing infrastructure (that doesn't put things on
13213	 * a per-LUN queue initially).  That is so that we can handle
13214	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13215	 * can't deal with that right now.
13216	 */
13217	mtx_lock(&softc->ctl_lock);
13218
13219	/*
13220	 * If we don't have a LUN for this, just toss the sense
13221	 * information.
13222	 */
13223	port = ctl_io_port(&ctsio->io_hdr);
13224	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13225	if ((targ_lun < CTL_MAX_LUNS)
13226	 && (softc->ctl_luns[targ_lun] != NULL))
13227		lun = softc->ctl_luns[targ_lun];
13228	else
13229		goto bailout;
13230
13231	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13232
13233	mtx_lock(&lun->lun_lock);
13234	/*
13235	 * Already have CA set for this LUN...toss the sense information.
13236	 */
13237	if (ctl_is_set(lun->have_ca, initidx)) {
13238		mtx_unlock(&lun->lun_lock);
13239		goto bailout;
13240	}
13241
13242	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13243	       MIN(sizeof(lun->pending_sense[initidx]),
13244	       sizeof(io->scsiio.sense_data)));
13245	ctl_set_mask(lun->have_ca, initidx);
13246	mtx_unlock(&lun->lun_lock);
13247
13248bailout:
13249	mtx_unlock(&softc->ctl_lock);
13250
13251	ctl_free_io(io);
13252
13253	return (CTL_RETVAL_COMPLETE);
13254}
13255#endif
13256
13257/*
13258 * Primary command inlet from frontend ports.  All SCSI and task I/O
13259 * requests must go through this function.
13260 */
13261int
13262ctl_queue(union ctl_io *io)
13263{
13264	struct ctl_port *port;
13265
13266	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13267
13268#ifdef CTL_TIME_IO
13269	io->io_hdr.start_time = time_uptime;
13270	getbinuptime(&io->io_hdr.start_bt);
13271#endif /* CTL_TIME_IO */
13272
13273	/* Map FE-specific LUN ID into global one. */
13274	port = ctl_io_port(&io->io_hdr);
13275	io->io_hdr.nexus.targ_mapped_lun =
13276	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13277
13278	switch (io->io_hdr.io_type) {
13279	case CTL_IO_SCSI:
13280	case CTL_IO_TASK:
13281		if (ctl_debug & CTL_DEBUG_CDB)
13282			ctl_io_print(io);
13283		ctl_enqueue_incoming(io);
13284		break;
13285	default:
13286		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13287		return (EINVAL);
13288	}
13289
13290	return (CTL_RETVAL_COMPLETE);
13291}
13292
13293#ifdef CTL_IO_DELAY
13294static void
13295ctl_done_timer_wakeup(void *arg)
13296{
13297	union ctl_io *io;
13298
13299	io = (union ctl_io *)arg;
13300	ctl_done(io);
13301}
13302#endif /* CTL_IO_DELAY */
13303
13304void
13305ctl_serseq_done(union ctl_io *io)
13306{
13307	struct ctl_lun *lun;
13308
13309	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13310	if (lun->be_lun == NULL ||
13311	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13312		return;
13313	mtx_lock(&lun->lun_lock);
13314	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13315	ctl_check_blocked(lun);
13316	mtx_unlock(&lun->lun_lock);
13317}
13318
13319void
13320ctl_done(union ctl_io *io)
13321{
13322
13323	/*
13324	 * Enable this to catch duplicate completion issues.
13325	 */
13326#if 0
13327	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13328		printf("%s: type %d msg %d cdb %x iptl: "
13329		       "%u:%u:%u tag 0x%04x "
13330		       "flag %#x status %x\n",
13331			__func__,
13332			io->io_hdr.io_type,
13333			io->io_hdr.msg_type,
13334			io->scsiio.cdb[0],
13335			io->io_hdr.nexus.initid,
13336			io->io_hdr.nexus.targ_port,
13337			io->io_hdr.nexus.targ_lun,
13338			(io->io_hdr.io_type ==
13339			CTL_IO_TASK) ?
13340			io->taskio.tag_num :
13341			io->scsiio.tag_num,
13342		        io->io_hdr.flags,
13343			io->io_hdr.status);
13344	} else
13345		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13346#endif
13347
13348	/*
13349	 * This is an internal copy of an I/O, and should not go through
13350	 * the normal done processing logic.
13351	 */
13352	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13353		return;
13354
13355#ifdef CTL_IO_DELAY
13356	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13357		struct ctl_lun *lun;
13358
13359		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13360
13361		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13362	} else {
13363		struct ctl_lun *lun;
13364
13365		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13366
13367		if ((lun != NULL)
13368		 && (lun->delay_info.done_delay > 0)) {
13369
13370			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13371			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13372			callout_reset(&io->io_hdr.delay_callout,
13373				      lun->delay_info.done_delay * hz,
13374				      ctl_done_timer_wakeup, io);
13375			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13376				lun->delay_info.done_delay = 0;
13377			return;
13378		}
13379	}
13380#endif /* CTL_IO_DELAY */
13381
13382	ctl_enqueue_done(io);
13383}
13384
13385static void
13386ctl_work_thread(void *arg)
13387{
13388	struct ctl_thread *thr = (struct ctl_thread *)arg;
13389	struct ctl_softc *softc = thr->ctl_softc;
13390	union ctl_io *io;
13391	int retval;
13392
13393	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13394
13395	for (;;) {
13396		/*
13397		 * We handle the queues in this order:
13398		 * - ISC
13399		 * - done queue (to free up resources, unblock other commands)
13400		 * - RtR queue
13401		 * - incoming queue
13402		 *
13403		 * If those queues are empty, we break out of the loop and
13404		 * go to sleep.
13405		 */
13406		mtx_lock(&thr->queue_lock);
13407		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13408		if (io != NULL) {
13409			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13410			mtx_unlock(&thr->queue_lock);
13411			ctl_handle_isc(io);
13412			continue;
13413		}
13414		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13415		if (io != NULL) {
13416			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13417			/* clear any blocked commands, call fe_done */
13418			mtx_unlock(&thr->queue_lock);
13419			ctl_process_done(io);
13420			continue;
13421		}
13422		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13423		if (io != NULL) {
13424			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13425			mtx_unlock(&thr->queue_lock);
13426			if (io->io_hdr.io_type == CTL_IO_TASK)
13427				ctl_run_task(io);
13428			else
13429				ctl_scsiio_precheck(softc, &io->scsiio);
13430			continue;
13431		}
13432		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13433		if (io != NULL) {
13434			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13435			mtx_unlock(&thr->queue_lock);
13436			retval = ctl_scsiio(&io->scsiio);
13437			if (retval != CTL_RETVAL_COMPLETE)
13438				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13439			continue;
13440		}
13441
13442		/* Sleep until we have something to do. */
13443		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13444	}
13445}
13446
13447static void
13448ctl_lun_thread(void *arg)
13449{
13450	struct ctl_softc *softc = (struct ctl_softc *)arg;
13451	struct ctl_be_lun *be_lun;
13452
13453	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13454
13455	for (;;) {
13456		mtx_lock(&softc->ctl_lock);
13457		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13458		if (be_lun != NULL) {
13459			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13460			mtx_unlock(&softc->ctl_lock);
13461			ctl_create_lun(be_lun);
13462			continue;
13463		}
13464
13465		/* Sleep until we have something to do. */
13466		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13467		    PDROP | PRIBIO, "-", 0);
13468	}
13469}
13470
13471static void
13472ctl_thresh_thread(void *arg)
13473{
13474	struct ctl_softc *softc = (struct ctl_softc *)arg;
13475	struct ctl_lun *lun;
13476	struct scsi_da_rw_recovery_page *rwpage;
13477	struct ctl_logical_block_provisioning_page *page;
13478	const char *attr;
13479	union ctl_ha_msg msg;
13480	uint64_t thres, val;
13481	int i, e, set;
13482
13483	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13484
13485	for (;;) {
13486		mtx_lock(&softc->ctl_lock);
13487		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13488			if ((lun->flags & CTL_LUN_DISABLED) ||
13489			    (lun->flags & CTL_LUN_OFFLINE) ||
13490			    lun->backend->lun_attr == NULL)
13491				continue;
13492			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13493			    softc->ha_mode == CTL_HA_MODE_XFER)
13494				continue;
13495			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13496			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13497				continue;
13498			e = 0;
13499			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13500			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13501				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13502					continue;
13503				thres = scsi_4btoul(page->descr[i].count);
13504				thres <<= CTL_LBP_EXPONENT;
13505				switch (page->descr[i].resource) {
13506				case 0x01:
13507					attr = "blocksavail";
13508					break;
13509				case 0x02:
13510					attr = "blocksused";
13511					break;
13512				case 0xf1:
13513					attr = "poolblocksavail";
13514					break;
13515				case 0xf2:
13516					attr = "poolblocksused";
13517					break;
13518				default:
13519					continue;
13520				}
13521				mtx_unlock(&softc->ctl_lock); // XXX
13522				val = lun->backend->lun_attr(
13523				    lun->be_lun->be_lun, attr);
13524				mtx_lock(&softc->ctl_lock);
13525				if (val == UINT64_MAX)
13526					continue;
13527				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13528				    == SLBPPD_ARMING_INC)
13529					e = (val >= thres);
13530				else
13531					e = (val <= thres);
13532				if (e)
13533					break;
13534			}
13535			mtx_lock(&lun->lun_lock);
13536			if (e) {
13537				scsi_u64to8b((uint8_t *)&page->descr[i] -
13538				    (uint8_t *)page, lun->ua_tpt_info);
13539				if (lun->lasttpt == 0 ||
13540				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13541					lun->lasttpt = time_uptime;
13542					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13543					set = 1;
13544				} else
13545					set = 0;
13546			} else {
13547				lun->lasttpt = 0;
13548				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13549				set = -1;
13550			}
13551			mtx_unlock(&lun->lun_lock);
13552			if (set != 0 &&
13553			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13554				/* Send msg to other side. */
13555				bzero(&msg.ua, sizeof(msg.ua));
13556				msg.hdr.msg_type = CTL_MSG_UA;
13557				msg.hdr.nexus.initid = -1;
13558				msg.hdr.nexus.targ_port = -1;
13559				msg.hdr.nexus.targ_lun = lun->lun;
13560				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13561				msg.ua.ua_all = 1;
13562				msg.ua.ua_set = (set > 0);
13563				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13564				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13565				mtx_unlock(&softc->ctl_lock); // XXX
13566				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13567				    sizeof(msg.ua), M_WAITOK);
13568				mtx_lock(&softc->ctl_lock);
13569			}
13570		}
13571		mtx_unlock(&softc->ctl_lock);
13572		pause("-", CTL_LBP_PERIOD * hz);
13573	}
13574}
13575
13576static void
13577ctl_enqueue_incoming(union ctl_io *io)
13578{
13579	struct ctl_softc *softc = control_softc;
13580	struct ctl_thread *thr;
13581	u_int idx;
13582
13583	idx = (io->io_hdr.nexus.targ_port * 127 +
13584	       io->io_hdr.nexus.initid) % worker_threads;
13585	thr = &softc->threads[idx];
13586	mtx_lock(&thr->queue_lock);
13587	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13588	mtx_unlock(&thr->queue_lock);
13589	wakeup(thr);
13590}
13591
13592static void
13593ctl_enqueue_rtr(union ctl_io *io)
13594{
13595	struct ctl_softc *softc = control_softc;
13596	struct ctl_thread *thr;
13597
13598	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13599	mtx_lock(&thr->queue_lock);
13600	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13601	mtx_unlock(&thr->queue_lock);
13602	wakeup(thr);
13603}
13604
13605static void
13606ctl_enqueue_done(union ctl_io *io)
13607{
13608	struct ctl_softc *softc = control_softc;
13609	struct ctl_thread *thr;
13610
13611	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13612	mtx_lock(&thr->queue_lock);
13613	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13614	mtx_unlock(&thr->queue_lock);
13615	wakeup(thr);
13616}
13617
13618static void
13619ctl_enqueue_isc(union ctl_io *io)
13620{
13621	struct ctl_softc *softc = control_softc;
13622	struct ctl_thread *thr;
13623
13624	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13625	mtx_lock(&thr->queue_lock);
13626	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13627	mtx_unlock(&thr->queue_lock);
13628	wakeup(thr);
13629}
13630
13631/*
13632 *  vim: ts=8
13633 */
13634