ctl.c revision 290774 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 290774 2015-11-13 19:21:45Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_cd.h>
73#include <cam/scsi/scsi_da.h>
74#include <cam/ctl/ctl_io.h>
75#include <cam/ctl/ctl.h>
76#include <cam/ctl/ctl_frontend.h>
77#include <cam/ctl/ctl_util.h>
78#include <cam/ctl/ctl_backend.h>
79#include <cam/ctl/ctl_ioctl.h>
80#include <cam/ctl/ctl_ha.h>
81#include <cam/ctl/ctl_private.h>
82#include <cam/ctl/ctl_debug.h>
83#include <cam/ctl/ctl_scsi_all.h>
84#include <cam/ctl/ctl_error.h>
85
86struct ctl_softc *control_softc = NULL;
87
88/*
89 * Template mode pages.
90 */
91
92/*
93 * Note that these are default values only.  The actual values will be
94 * filled in when the user does a mode sense.
95 */
96const static struct copan_debugconf_subpage debugconf_page_default = {
97	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
98	DBGCNF_SUBPAGE_CODE,		/* subpage */
99	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
100	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
101	DBGCNF_VERSION,			/* page_version */
102	{CTL_TIME_IO_DEFAULT_SECS>>8,
103	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
104};
105
106const static struct copan_debugconf_subpage debugconf_page_changeable = {
107	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
108	DBGCNF_SUBPAGE_CODE,		/* subpage */
109	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
110	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
111	0,				/* page_version */
112	{0xff,0xff},			/* ctl_time_io_secs */
113};
114
115const static struct scsi_da_rw_recovery_page rw_er_page_default = {
116	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
117	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
118	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
119	/*read_retry_count*/0,
120	/*correction_span*/0,
121	/*head_offset_count*/0,
122	/*data_strobe_offset_cnt*/0,
123	/*byte8*/SMS_RWER_LBPERE,
124	/*write_retry_count*/0,
125	/*reserved2*/0,
126	/*recovery_time_limit*/{0, 0},
127};
128
129const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
130	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
131	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
132	/*byte3*/0,
133	/*read_retry_count*/0,
134	/*correction_span*/0,
135	/*head_offset_count*/0,
136	/*data_strobe_offset_cnt*/0,
137	/*byte8*/0,
138	/*write_retry_count*/0,
139	/*reserved2*/0,
140	/*recovery_time_limit*/{0, 0},
141};
142
143const static struct scsi_format_page format_page_default = {
144	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
145	/*page_length*/sizeof(struct scsi_format_page) - 2,
146	/*tracks_per_zone*/ {0, 0},
147	/*alt_sectors_per_zone*/ {0, 0},
148	/*alt_tracks_per_zone*/ {0, 0},
149	/*alt_tracks_per_lun*/ {0, 0},
150	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
151			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
152	/*bytes_per_sector*/ {0, 0},
153	/*interleave*/ {0, 0},
154	/*track_skew*/ {0, 0},
155	/*cylinder_skew*/ {0, 0},
156	/*flags*/ SFP_HSEC,
157	/*reserved*/ {0, 0, 0}
158};
159
160const static struct scsi_format_page format_page_changeable = {
161	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
162	/*page_length*/sizeof(struct scsi_format_page) - 2,
163	/*tracks_per_zone*/ {0, 0},
164	/*alt_sectors_per_zone*/ {0, 0},
165	/*alt_tracks_per_zone*/ {0, 0},
166	/*alt_tracks_per_lun*/ {0, 0},
167	/*sectors_per_track*/ {0, 0},
168	/*bytes_per_sector*/ {0, 0},
169	/*interleave*/ {0, 0},
170	/*track_skew*/ {0, 0},
171	/*cylinder_skew*/ {0, 0},
172	/*flags*/ 0,
173	/*reserved*/ {0, 0, 0}
174};
175
176const static struct scsi_rigid_disk_page rigid_disk_page_default = {
177	/*page_code*/SMS_RIGID_DISK_PAGE,
178	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
179	/*cylinders*/ {0, 0, 0},
180	/*heads*/ CTL_DEFAULT_HEADS,
181	/*start_write_precomp*/ {0, 0, 0},
182	/*start_reduced_current*/ {0, 0, 0},
183	/*step_rate*/ {0, 0},
184	/*landing_zone_cylinder*/ {0, 0, 0},
185	/*rpl*/ SRDP_RPL_DISABLED,
186	/*rotational_offset*/ 0,
187	/*reserved1*/ 0,
188	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
189			   CTL_DEFAULT_ROTATION_RATE & 0xff},
190	/*reserved2*/ {0, 0}
191};
192
193const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
194	/*page_code*/SMS_RIGID_DISK_PAGE,
195	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
196	/*cylinders*/ {0, 0, 0},
197	/*heads*/ 0,
198	/*start_write_precomp*/ {0, 0, 0},
199	/*start_reduced_current*/ {0, 0, 0},
200	/*step_rate*/ {0, 0},
201	/*landing_zone_cylinder*/ {0, 0, 0},
202	/*rpl*/ 0,
203	/*rotational_offset*/ 0,
204	/*reserved1*/ 0,
205	/*rotation_rate*/ {0, 0},
206	/*reserved2*/ {0, 0}
207};
208
209const static struct scsi_caching_page caching_page_default = {
210	/*page_code*/SMS_CACHING_PAGE,
211	/*page_length*/sizeof(struct scsi_caching_page) - 2,
212	/*flags1*/ SCP_DISC | SCP_WCE,
213	/*ret_priority*/ 0,
214	/*disable_pf_transfer_len*/ {0xff, 0xff},
215	/*min_prefetch*/ {0, 0},
216	/*max_prefetch*/ {0xff, 0xff},
217	/*max_pf_ceiling*/ {0xff, 0xff},
218	/*flags2*/ 0,
219	/*cache_segments*/ 0,
220	/*cache_seg_size*/ {0, 0},
221	/*reserved*/ 0,
222	/*non_cache_seg_size*/ {0, 0, 0}
223};
224
225const static struct scsi_caching_page caching_page_changeable = {
226	/*page_code*/SMS_CACHING_PAGE,
227	/*page_length*/sizeof(struct scsi_caching_page) - 2,
228	/*flags1*/ SCP_WCE | SCP_RCD,
229	/*ret_priority*/ 0,
230	/*disable_pf_transfer_len*/ {0, 0},
231	/*min_prefetch*/ {0, 0},
232	/*max_prefetch*/ {0, 0},
233	/*max_pf_ceiling*/ {0, 0},
234	/*flags2*/ 0,
235	/*cache_segments*/ 0,
236	/*cache_seg_size*/ {0, 0},
237	/*reserved*/ 0,
238	/*non_cache_seg_size*/ {0, 0, 0}
239};
240
241const static struct scsi_control_page control_page_default = {
242	/*page_code*/SMS_CONTROL_MODE_PAGE,
243	/*page_length*/sizeof(struct scsi_control_page) - 2,
244	/*rlec*/0,
245	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
246	/*eca_and_aen*/0,
247	/*flags4*/SCP_TAS,
248	/*aen_holdoff_period*/{0, 0},
249	/*busy_timeout_period*/{0, 0},
250	/*extended_selftest_completion_time*/{0, 0}
251};
252
253const static struct scsi_control_page control_page_changeable = {
254	/*page_code*/SMS_CONTROL_MODE_PAGE,
255	/*page_length*/sizeof(struct scsi_control_page) - 2,
256	/*rlec*/SCP_DSENSE,
257	/*queue_flags*/SCP_QUEUE_ALG_MASK,
258	/*eca_and_aen*/SCP_SWP,
259	/*flags4*/0,
260	/*aen_holdoff_period*/{0, 0},
261	/*busy_timeout_period*/{0, 0},
262	/*extended_selftest_completion_time*/{0, 0}
263};
264
265#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
266
267const static struct scsi_control_ext_page control_ext_page_default = {
268	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
269	/*subpage_code*/0x01,
270	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
271	/*flags*/0,
272	/*prio*/0,
273	/*max_sense*/0
274};
275
276const static struct scsi_control_ext_page control_ext_page_changeable = {
277	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
278	/*subpage_code*/0x01,
279	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
280	/*flags*/0,
281	/*prio*/0,
282	/*max_sense*/0
283};
284
285const static struct scsi_info_exceptions_page ie_page_default = {
286	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
287	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
288	/*info_flags*/SIEP_FLAGS_DEXCPT,
289	/*mrie*/0,
290	/*interval_timer*/{0, 0, 0, 0},
291	/*report_count*/{0, 0, 0, 0}
292};
293
294const static struct scsi_info_exceptions_page ie_page_changeable = {
295	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
296	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
297	/*info_flags*/0,
298	/*mrie*/0,
299	/*interval_timer*/{0, 0, 0, 0},
300	/*report_count*/{0, 0, 0, 0}
301};
302
303#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
304
305const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
306	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
307	/*subpage_code*/0x02,
308	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
309	/*flags*/0,
310	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311	/*descr*/{}},
312	{{/*flags*/0,
313	  /*resource*/0x01,
314	  /*reserved*/{0, 0},
315	  /*count*/{0, 0, 0, 0}},
316	 {/*flags*/0,
317	  /*resource*/0x02,
318	  /*reserved*/{0, 0},
319	  /*count*/{0, 0, 0, 0}},
320	 {/*flags*/0,
321	  /*resource*/0xf1,
322	  /*reserved*/{0, 0},
323	  /*count*/{0, 0, 0, 0}},
324	 {/*flags*/0,
325	  /*resource*/0xf2,
326	  /*reserved*/{0, 0},
327	  /*count*/{0, 0, 0, 0}}
328	}
329};
330
331const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
332	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
333	/*subpage_code*/0x02,
334	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
335	/*flags*/0,
336	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
337	/*descr*/{}},
338	{{/*flags*/0,
339	  /*resource*/0,
340	  /*reserved*/{0, 0},
341	  /*count*/{0, 0, 0, 0}},
342	 {/*flags*/0,
343	  /*resource*/0,
344	  /*reserved*/{0, 0},
345	  /*count*/{0, 0, 0, 0}},
346	 {/*flags*/0,
347	  /*resource*/0,
348	  /*reserved*/{0, 0},
349	  /*count*/{0, 0, 0, 0}},
350	 {/*flags*/0,
351	  /*resource*/0,
352	  /*reserved*/{0, 0},
353	  /*count*/{0, 0, 0, 0}}
354	}
355};
356
357const static struct scsi_cddvd_capabilities_page cddvd_page_default = {
358	/*page_code*/SMS_CDDVD_CAPS_PAGE,
359	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
360	/*caps1*/0x3f,
361	/*caps2*/0x00,
362	/*caps3*/0xf0,
363	/*caps4*/0x00,
364	/*caps5*/0x29,
365	/*caps6*/0x00,
366	/*obsolete*/{0, 0},
367	/*nvol_levels*/{0, 0},
368	/*buffer_size*/{8, 0},
369	/*obsolete2*/{0, 0},
370	/*reserved*/0,
371	/*digital*/0,
372	/*obsolete3*/0,
373	/*copy_management*/0,
374	/*reserved2*/0,
375	/*rotation_control*/0,
376	/*cur_write_speed*/0,
377	/*num_speed_descr*/0,
378};
379
380const static struct scsi_cddvd_capabilities_page cddvd_page_changeable = {
381	/*page_code*/SMS_CDDVD_CAPS_PAGE,
382	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
383	/*caps1*/0,
384	/*caps2*/0,
385	/*caps3*/0,
386	/*caps4*/0,
387	/*caps5*/0,
388	/*caps6*/0,
389	/*obsolete*/{0, 0},
390	/*nvol_levels*/{0, 0},
391	/*buffer_size*/{0, 0},
392	/*obsolete2*/{0, 0},
393	/*reserved*/0,
394	/*digital*/0,
395	/*obsolete3*/0,
396	/*copy_management*/0,
397	/*reserved2*/0,
398	/*rotation_control*/0,
399	/*cur_write_speed*/0,
400	/*num_speed_descr*/0,
401};
402
403SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
404static int worker_threads = -1;
405TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
406SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
407    &worker_threads, 1, "Number of worker threads");
408static int ctl_debug = CTL_DEBUG_NONE;
409TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
410SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
411    &ctl_debug, 0, "Enabled debug flags");
412
413/*
414 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
415 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
416 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
417 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
418 */
419#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
420
421static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
422				  int param);
423static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
424static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
425static int ctl_init(void);
426void ctl_shutdown(void);
427static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
428static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
429static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
430static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
431			      struct ctl_ooa *ooa_hdr,
432			      struct ctl_ooa_entry *kern_entries);
433static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
434		     struct thread *td);
435static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
436			 struct ctl_be_lun *be_lun);
437static int ctl_free_lun(struct ctl_lun *lun);
438static void ctl_create_lun(struct ctl_be_lun *be_lun);
439static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
440
441static int ctl_do_mode_select(union ctl_io *io);
442static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
443			   uint64_t res_key, uint64_t sa_res_key,
444			   uint8_t type, uint32_t residx,
445			   struct ctl_scsiio *ctsio,
446			   struct scsi_per_res_out *cdb,
447			   struct scsi_per_res_out_parms* param);
448static void ctl_pro_preempt_other(struct ctl_lun *lun,
449				  union ctl_ha_msg *msg);
450static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
451static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
452static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
453static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
454static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
455static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
456static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
457					 int alloc_len);
458static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
459					 int alloc_len);
460static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
461static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
462static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
463static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
464static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
465static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
466    bool seq);
467static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
468static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
469    union ctl_io *pending_io, union ctl_io *ooa_io);
470static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
471				union ctl_io *starting_io);
472static int ctl_check_blocked(struct ctl_lun *lun);
473static int ctl_scsiio_lun_check(struct ctl_lun *lun,
474				const struct ctl_cmd_entry *entry,
475				struct ctl_scsiio *ctsio);
476static void ctl_failover_lun(union ctl_io *io);
477static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
478			       struct ctl_scsiio *ctsio);
479static int ctl_scsiio(struct ctl_scsiio *ctsio);
480
481static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
482static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
483			    ctl_ua_type ua_type);
484static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
485			 ctl_ua_type ua_type);
486static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
487static int ctl_abort_task(union ctl_io *io);
488static int ctl_abort_task_set(union ctl_io *io);
489static int ctl_query_task(union ctl_io *io, int task_set);
490static int ctl_i_t_nexus_reset(union ctl_io *io);
491static int ctl_query_async_event(union ctl_io *io);
492static void ctl_run_task(union ctl_io *io);
493#ifdef CTL_IO_DELAY
494static void ctl_datamove_timer_wakeup(void *arg);
495static void ctl_done_timer_wakeup(void *arg);
496#endif /* CTL_IO_DELAY */
497
498static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
499static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
500static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
501static void ctl_datamove_remote_write(union ctl_io *io);
502static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
503static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
504static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
505static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
506				    ctl_ha_dt_cb callback);
507static void ctl_datamove_remote_read(union ctl_io *io);
508static void ctl_datamove_remote(union ctl_io *io);
509static void ctl_process_done(union ctl_io *io);
510static void ctl_lun_thread(void *arg);
511static void ctl_thresh_thread(void *arg);
512static void ctl_work_thread(void *arg);
513static void ctl_enqueue_incoming(union ctl_io *io);
514static void ctl_enqueue_rtr(union ctl_io *io);
515static void ctl_enqueue_done(union ctl_io *io);
516static void ctl_enqueue_isc(union ctl_io *io);
517static const struct ctl_cmd_entry *
518    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
519static const struct ctl_cmd_entry *
520    ctl_validate_command(struct ctl_scsiio *ctsio);
521static int ctl_cmd_applicable(uint8_t lun_type,
522    const struct ctl_cmd_entry *entry);
523
524static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
525static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
526static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
527static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
528
529/*
530 * Load the serialization table.  This isn't very pretty, but is probably
531 * the easiest way to do it.
532 */
533#include "ctl_ser_table.c"
534
535/*
536 * We only need to define open, close and ioctl routines for this driver.
537 */
538static struct cdevsw ctl_cdevsw = {
539	.d_version =	D_VERSION,
540	.d_flags =	0,
541	.d_open =	ctl_open,
542	.d_close =	ctl_close,
543	.d_ioctl =	ctl_ioctl,
544	.d_name =	"ctl",
545};
546
547
548MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
549
550static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
551
552static moduledata_t ctl_moduledata = {
553	"ctl",
554	ctl_module_event_handler,
555	NULL
556};
557
558DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
559MODULE_VERSION(ctl, 1);
560
561static struct ctl_frontend ha_frontend =
562{
563	.name = "ha",
564};
565
566static void
567ctl_ha_datamove(union ctl_io *io)
568{
569	struct ctl_lun *lun;
570	struct ctl_sg_entry *sgl;
571	union ctl_ha_msg msg;
572	uint32_t sg_entries_sent;
573	int do_sg_copy, i, j;
574
575	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
576	memset(&msg.dt, 0, sizeof(msg.dt));
577	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
578	msg.hdr.original_sc = io->io_hdr.original_sc;
579	msg.hdr.serializing_sc = io;
580	msg.hdr.nexus = io->io_hdr.nexus;
581	msg.hdr.status = io->io_hdr.status;
582	msg.dt.flags = io->io_hdr.flags;
583
584	/*
585	 * We convert everything into a S/G list here.  We can't
586	 * pass by reference, only by value between controllers.
587	 * So we can't pass a pointer to the S/G list, only as many
588	 * S/G entries as we can fit in here.  If it's possible for
589	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
590	 * then we need to break this up into multiple transfers.
591	 */
592	if (io->scsiio.kern_sg_entries == 0) {
593		msg.dt.kern_sg_entries = 1;
594#if 0
595		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
596			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
597		} else {
598			/* XXX KDM use busdma here! */
599			msg.dt.sg_list[0].addr =
600			    (void *)vtophys(io->scsiio.kern_data_ptr);
601		}
602#else
603		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
604		    ("HA does not support BUS_ADDR"));
605		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
606#endif
607		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
608		do_sg_copy = 0;
609	} else {
610		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
611		do_sg_copy = 1;
612	}
613
614	msg.dt.kern_data_len = io->scsiio.kern_data_len;
615	msg.dt.kern_total_len = io->scsiio.kern_total_len;
616	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
617	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
618	msg.dt.sg_sequence = 0;
619
620	/*
621	 * Loop until we've sent all of the S/G entries.  On the
622	 * other end, we'll recompose these S/G entries into one
623	 * contiguous list before processing.
624	 */
625	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
626	    msg.dt.sg_sequence++) {
627		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
628		    sizeof(msg.dt.sg_list[0])),
629		    msg.dt.kern_sg_entries - sg_entries_sent);
630		if (do_sg_copy != 0) {
631			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
632			for (i = sg_entries_sent, j = 0;
633			     i < msg.dt.cur_sg_entries; i++, j++) {
634#if 0
635				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
636					msg.dt.sg_list[j].addr = sgl[i].addr;
637				} else {
638					/* XXX KDM use busdma here! */
639					msg.dt.sg_list[j].addr =
640					    (void *)vtophys(sgl[i].addr);
641				}
642#else
643				KASSERT((io->io_hdr.flags &
644				    CTL_FLAG_BUS_ADDR) == 0,
645				    ("HA does not support BUS_ADDR"));
646				msg.dt.sg_list[j].addr = sgl[i].addr;
647#endif
648				msg.dt.sg_list[j].len = sgl[i].len;
649			}
650		}
651
652		sg_entries_sent += msg.dt.cur_sg_entries;
653		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
654		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
655		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
656		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
657		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
658			io->io_hdr.port_status = 31341;
659			io->scsiio.be_move_done(io);
660			return;
661		}
662		msg.dt.sent_sg_entries = sg_entries_sent;
663	}
664
665	/*
666	 * Officially handover the request from us to peer.
667	 * If failover has just happened, then we must return error.
668	 * If failover happen just after, then it is not our problem.
669	 */
670	if (lun)
671		mtx_lock(&lun->lun_lock);
672	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
673		if (lun)
674			mtx_unlock(&lun->lun_lock);
675		io->io_hdr.port_status = 31342;
676		io->scsiio.be_move_done(io);
677		return;
678	}
679	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
680	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
681	if (lun)
682		mtx_unlock(&lun->lun_lock);
683}
684
685static void
686ctl_ha_done(union ctl_io *io)
687{
688	union ctl_ha_msg msg;
689
690	if (io->io_hdr.io_type == CTL_IO_SCSI) {
691		memset(&msg, 0, sizeof(msg));
692		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
693		msg.hdr.original_sc = io->io_hdr.original_sc;
694		msg.hdr.nexus = io->io_hdr.nexus;
695		msg.hdr.status = io->io_hdr.status;
696		msg.scsi.scsi_status = io->scsiio.scsi_status;
697		msg.scsi.tag_num = io->scsiio.tag_num;
698		msg.scsi.tag_type = io->scsiio.tag_type;
699		msg.scsi.sense_len = io->scsiio.sense_len;
700		msg.scsi.sense_residual = io->scsiio.sense_residual;
701		msg.scsi.residual = io->scsiio.residual;
702		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
703		    io->scsiio.sense_len);
704		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
705		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
706		    msg.scsi.sense_len, M_WAITOK);
707	}
708	ctl_free_io(io);
709}
710
711static void
712ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
713			    union ctl_ha_msg *msg_info)
714{
715	struct ctl_scsiio *ctsio;
716
717	if (msg_info->hdr.original_sc == NULL) {
718		printf("%s: original_sc == NULL!\n", __func__);
719		/* XXX KDM now what? */
720		return;
721	}
722
723	ctsio = &msg_info->hdr.original_sc->scsiio;
724	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
725	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
726	ctsio->io_hdr.status = msg_info->hdr.status;
727	ctsio->scsi_status = msg_info->scsi.scsi_status;
728	ctsio->sense_len = msg_info->scsi.sense_len;
729	ctsio->sense_residual = msg_info->scsi.sense_residual;
730	ctsio->residual = msg_info->scsi.residual;
731	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
732	       msg_info->scsi.sense_len);
733	ctl_enqueue_isc((union ctl_io *)ctsio);
734}
735
736static void
737ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
738				union ctl_ha_msg *msg_info)
739{
740	struct ctl_scsiio *ctsio;
741
742	if (msg_info->hdr.serializing_sc == NULL) {
743		printf("%s: serializing_sc == NULL!\n", __func__);
744		/* XXX KDM now what? */
745		return;
746	}
747
748	ctsio = &msg_info->hdr.serializing_sc->scsiio;
749	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
750	ctl_enqueue_isc((union ctl_io *)ctsio);
751}
752
753void
754ctl_isc_announce_lun(struct ctl_lun *lun)
755{
756	struct ctl_softc *softc = lun->ctl_softc;
757	union ctl_ha_msg *msg;
758	struct ctl_ha_msg_lun_pr_key pr_key;
759	int i, k;
760
761	if (softc->ha_link != CTL_HA_LINK_ONLINE)
762		return;
763	mtx_lock(&lun->lun_lock);
764	i = sizeof(msg->lun);
765	if (lun->lun_devid)
766		i += lun->lun_devid->len;
767	i += sizeof(pr_key) * lun->pr_key_count;
768alloc:
769	mtx_unlock(&lun->lun_lock);
770	msg = malloc(i, M_CTL, M_WAITOK);
771	mtx_lock(&lun->lun_lock);
772	k = sizeof(msg->lun);
773	if (lun->lun_devid)
774		k += lun->lun_devid->len;
775	k += sizeof(pr_key) * lun->pr_key_count;
776	if (i < k) {
777		free(msg, M_CTL);
778		i = k;
779		goto alloc;
780	}
781	bzero(&msg->lun, sizeof(msg->lun));
782	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
783	msg->hdr.nexus.targ_lun = lun->lun;
784	msg->hdr.nexus.targ_mapped_lun = lun->lun;
785	msg->lun.flags = lun->flags;
786	msg->lun.pr_generation = lun->pr_generation;
787	msg->lun.pr_res_idx = lun->pr_res_idx;
788	msg->lun.pr_res_type = lun->pr_res_type;
789	msg->lun.pr_key_count = lun->pr_key_count;
790	i = 0;
791	if (lun->lun_devid) {
792		msg->lun.lun_devid_len = lun->lun_devid->len;
793		memcpy(&msg->lun.data[i], lun->lun_devid->data,
794		    msg->lun.lun_devid_len);
795		i += msg->lun.lun_devid_len;
796	}
797	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
798		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
799			continue;
800		pr_key.pr_iid = k;
801		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
802		i += sizeof(pr_key);
803	}
804	mtx_unlock(&lun->lun_lock);
805	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
806	    M_WAITOK);
807	free(msg, M_CTL);
808
809	if (lun->flags & CTL_LUN_PRIMARY_SC) {
810		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
811			ctl_isc_announce_mode(lun, -1,
812			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
813			    lun->mode_pages.index[i].subpage);
814		}
815	}
816}
817
818void
819ctl_isc_announce_port(struct ctl_port *port)
820{
821	struct ctl_softc *softc = port->ctl_softc;
822	union ctl_ha_msg *msg;
823	int i;
824
825	if (port->targ_port < softc->port_min ||
826	    port->targ_port >= softc->port_max ||
827	    softc->ha_link != CTL_HA_LINK_ONLINE)
828		return;
829	i = sizeof(msg->port) + strlen(port->port_name) + 1;
830	if (port->lun_map)
831		i += sizeof(uint32_t) * CTL_MAX_LUNS;
832	if (port->port_devid)
833		i += port->port_devid->len;
834	if (port->target_devid)
835		i += port->target_devid->len;
836	if (port->init_devid)
837		i += port->init_devid->len;
838	msg = malloc(i, M_CTL, M_WAITOK);
839	bzero(&msg->port, sizeof(msg->port));
840	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
841	msg->hdr.nexus.targ_port = port->targ_port;
842	msg->port.port_type = port->port_type;
843	msg->port.physical_port = port->physical_port;
844	msg->port.virtual_port = port->virtual_port;
845	msg->port.status = port->status;
846	i = 0;
847	msg->port.name_len = sprintf(&msg->port.data[i],
848	    "%d:%s", softc->ha_id, port->port_name) + 1;
849	i += msg->port.name_len;
850	if (port->lun_map) {
851		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
852		memcpy(&msg->port.data[i], port->lun_map,
853		    msg->port.lun_map_len);
854		i += msg->port.lun_map_len;
855	}
856	if (port->port_devid) {
857		msg->port.port_devid_len = port->port_devid->len;
858		memcpy(&msg->port.data[i], port->port_devid->data,
859		    msg->port.port_devid_len);
860		i += msg->port.port_devid_len;
861	}
862	if (port->target_devid) {
863		msg->port.target_devid_len = port->target_devid->len;
864		memcpy(&msg->port.data[i], port->target_devid->data,
865		    msg->port.target_devid_len);
866		i += msg->port.target_devid_len;
867	}
868	if (port->init_devid) {
869		msg->port.init_devid_len = port->init_devid->len;
870		memcpy(&msg->port.data[i], port->init_devid->data,
871		    msg->port.init_devid_len);
872		i += msg->port.init_devid_len;
873	}
874	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
875	    M_WAITOK);
876	free(msg, M_CTL);
877}
878
879void
880ctl_isc_announce_iid(struct ctl_port *port, int iid)
881{
882	struct ctl_softc *softc = port->ctl_softc;
883	union ctl_ha_msg *msg;
884	int i, l;
885
886	if (port->targ_port < softc->port_min ||
887	    port->targ_port >= softc->port_max ||
888	    softc->ha_link != CTL_HA_LINK_ONLINE)
889		return;
890	mtx_lock(&softc->ctl_lock);
891	i = sizeof(msg->iid);
892	l = 0;
893	if (port->wwpn_iid[iid].name)
894		l = strlen(port->wwpn_iid[iid].name) + 1;
895	i += l;
896	msg = malloc(i, M_CTL, M_NOWAIT);
897	if (msg == NULL) {
898		mtx_unlock(&softc->ctl_lock);
899		return;
900	}
901	bzero(&msg->iid, sizeof(msg->iid));
902	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
903	msg->hdr.nexus.targ_port = port->targ_port;
904	msg->hdr.nexus.initid = iid;
905	msg->iid.in_use = port->wwpn_iid[iid].in_use;
906	msg->iid.name_len = l;
907	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
908	if (port->wwpn_iid[iid].name)
909		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
910	mtx_unlock(&softc->ctl_lock);
911	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
912	free(msg, M_CTL);
913}
914
915void
916ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
917    uint8_t page, uint8_t subpage)
918{
919	struct ctl_softc *softc = lun->ctl_softc;
920	union ctl_ha_msg msg;
921	int i;
922
923	if (softc->ha_link != CTL_HA_LINK_ONLINE)
924		return;
925	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
926		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
927		    page && lun->mode_pages.index[i].subpage == subpage)
928			break;
929	}
930	if (i == CTL_NUM_MODE_PAGES)
931		return;
932
933	/* Don't try to replicate pages not present on this device. */
934	if (lun->mode_pages.index[i].page_data == NULL)
935		return;
936
937	bzero(&msg.mode, sizeof(msg.mode));
938	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
939	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
940	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
941	msg.hdr.nexus.targ_lun = lun->lun;
942	msg.hdr.nexus.targ_mapped_lun = lun->lun;
943	msg.mode.page_code = page;
944	msg.mode.subpage = subpage;
945	msg.mode.page_len = lun->mode_pages.index[i].page_len;
946	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
947	    msg.mode.page_len);
948	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
949	    M_WAITOK);
950}
951
952static void
953ctl_isc_ha_link_up(struct ctl_softc *softc)
954{
955	struct ctl_port *port;
956	struct ctl_lun *lun;
957	union ctl_ha_msg msg;
958	int i;
959
960	/* Announce this node parameters to peer for validation. */
961	msg.login.msg_type = CTL_MSG_LOGIN;
962	msg.login.version = CTL_HA_VERSION;
963	msg.login.ha_mode = softc->ha_mode;
964	msg.login.ha_id = softc->ha_id;
965	msg.login.max_luns = CTL_MAX_LUNS;
966	msg.login.max_ports = CTL_MAX_PORTS;
967	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
968	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
969	    M_WAITOK);
970
971	STAILQ_FOREACH(port, &softc->port_list, links) {
972		ctl_isc_announce_port(port);
973		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
974			if (port->wwpn_iid[i].in_use)
975				ctl_isc_announce_iid(port, i);
976		}
977	}
978	STAILQ_FOREACH(lun, &softc->lun_list, links)
979		ctl_isc_announce_lun(lun);
980}
981
982static void
983ctl_isc_ha_link_down(struct ctl_softc *softc)
984{
985	struct ctl_port *port;
986	struct ctl_lun *lun;
987	union ctl_io *io;
988	int i;
989
990	mtx_lock(&softc->ctl_lock);
991	STAILQ_FOREACH(lun, &softc->lun_list, links) {
992		mtx_lock(&lun->lun_lock);
993		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
994			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
995			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
996		}
997		mtx_unlock(&lun->lun_lock);
998
999		mtx_unlock(&softc->ctl_lock);
1000		io = ctl_alloc_io(softc->othersc_pool);
1001		mtx_lock(&softc->ctl_lock);
1002		ctl_zero_io(io);
1003		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
1004		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
1005		ctl_enqueue_isc(io);
1006	}
1007
1008	STAILQ_FOREACH(port, &softc->port_list, links) {
1009		if (port->targ_port >= softc->port_min &&
1010		    port->targ_port < softc->port_max)
1011			continue;
1012		port->status &= ~CTL_PORT_STATUS_ONLINE;
1013		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1014			port->wwpn_iid[i].in_use = 0;
1015			free(port->wwpn_iid[i].name, M_CTL);
1016			port->wwpn_iid[i].name = NULL;
1017		}
1018	}
1019	mtx_unlock(&softc->ctl_lock);
1020}
1021
1022static void
1023ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1024{
1025	struct ctl_lun *lun;
1026	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
1027
1028	mtx_lock(&softc->ctl_lock);
1029	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
1030	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
1031		mtx_lock(&lun->lun_lock);
1032		mtx_unlock(&softc->ctl_lock);
1033		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
1034		    msg->ua.ua_set)
1035			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
1036		if (msg->ua.ua_all) {
1037			if (msg->ua.ua_set)
1038				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
1039			else
1040				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
1041		} else {
1042			if (msg->ua.ua_set)
1043				ctl_est_ua(lun, iid, msg->ua.ua_type);
1044			else
1045				ctl_clr_ua(lun, iid, msg->ua.ua_type);
1046		}
1047		mtx_unlock(&lun->lun_lock);
1048	} else
1049		mtx_unlock(&softc->ctl_lock);
1050}
1051
1052static void
1053ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1054{
1055	struct ctl_lun *lun;
1056	struct ctl_ha_msg_lun_pr_key pr_key;
1057	int i, k;
1058	ctl_lun_flags oflags;
1059	uint32_t targ_lun;
1060
1061	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1062	mtx_lock(&softc->ctl_lock);
1063	if ((targ_lun >= CTL_MAX_LUNS) ||
1064	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1065		mtx_unlock(&softc->ctl_lock);
1066		return;
1067	}
1068	mtx_lock(&lun->lun_lock);
1069	mtx_unlock(&softc->ctl_lock);
1070	if (lun->flags & CTL_LUN_DISABLED) {
1071		mtx_unlock(&lun->lun_lock);
1072		return;
1073	}
1074	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1075	if (msg->lun.lun_devid_len != i || (i > 0 &&
1076	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1077		mtx_unlock(&lun->lun_lock);
1078		printf("%s: Received conflicting HA LUN %d\n",
1079		    __func__, msg->hdr.nexus.targ_lun);
1080		return;
1081	} else {
1082		/* Record whether peer is primary. */
1083		oflags = lun->flags;
1084		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1085		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1086			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1087		else
1088			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1089		if (oflags != lun->flags)
1090			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1091
1092		/* If peer is primary and we are not -- use data */
1093		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1094		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1095			lun->pr_generation = msg->lun.pr_generation;
1096			lun->pr_res_idx = msg->lun.pr_res_idx;
1097			lun->pr_res_type = msg->lun.pr_res_type;
1098			lun->pr_key_count = msg->lun.pr_key_count;
1099			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1100				ctl_clr_prkey(lun, k);
1101			for (k = 0; k < msg->lun.pr_key_count; k++) {
1102				memcpy(&pr_key, &msg->lun.data[i],
1103				    sizeof(pr_key));
1104				ctl_alloc_prkey(lun, pr_key.pr_iid);
1105				ctl_set_prkey(lun, pr_key.pr_iid,
1106				    pr_key.pr_key);
1107				i += sizeof(pr_key);
1108			}
1109		}
1110
1111		mtx_unlock(&lun->lun_lock);
1112		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1113		    __func__, msg->hdr.nexus.targ_lun,
1114		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1115		    "primary" : "secondary"));
1116
1117		/* If we are primary but peer doesn't know -- notify */
1118		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1119		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1120			ctl_isc_announce_lun(lun);
1121	}
1122}
1123
1124static void
1125ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1126{
1127	struct ctl_port *port;
1128	struct ctl_lun *lun;
1129	int i, new;
1130
1131	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1132	if (port == NULL) {
1133		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1134		    msg->hdr.nexus.targ_port));
1135		new = 1;
1136		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1137		port->frontend = &ha_frontend;
1138		port->targ_port = msg->hdr.nexus.targ_port;
1139		port->fe_datamove = ctl_ha_datamove;
1140		port->fe_done = ctl_ha_done;
1141	} else if (port->frontend == &ha_frontend) {
1142		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1143		    msg->hdr.nexus.targ_port));
1144		new = 0;
1145	} else {
1146		printf("%s: Received conflicting HA port %d\n",
1147		    __func__, msg->hdr.nexus.targ_port);
1148		return;
1149	}
1150	port->port_type = msg->port.port_type;
1151	port->physical_port = msg->port.physical_port;
1152	port->virtual_port = msg->port.virtual_port;
1153	port->status = msg->port.status;
1154	i = 0;
1155	free(port->port_name, M_CTL);
1156	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1157	    M_CTL);
1158	i += msg->port.name_len;
1159	if (msg->port.lun_map_len != 0) {
1160		if (port->lun_map == NULL)
1161			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1162			    M_CTL, M_WAITOK);
1163		memcpy(port->lun_map, &msg->port.data[i],
1164		    sizeof(uint32_t) * CTL_MAX_LUNS);
1165		i += msg->port.lun_map_len;
1166	} else {
1167		free(port->lun_map, M_CTL);
1168		port->lun_map = NULL;
1169	}
1170	if (msg->port.port_devid_len != 0) {
1171		if (port->port_devid == NULL ||
1172		    port->port_devid->len != msg->port.port_devid_len) {
1173			free(port->port_devid, M_CTL);
1174			port->port_devid = malloc(sizeof(struct ctl_devid) +
1175			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1176		}
1177		memcpy(port->port_devid->data, &msg->port.data[i],
1178		    msg->port.port_devid_len);
1179		port->port_devid->len = msg->port.port_devid_len;
1180		i += msg->port.port_devid_len;
1181	} else {
1182		free(port->port_devid, M_CTL);
1183		port->port_devid = NULL;
1184	}
1185	if (msg->port.target_devid_len != 0) {
1186		if (port->target_devid == NULL ||
1187		    port->target_devid->len != msg->port.target_devid_len) {
1188			free(port->target_devid, M_CTL);
1189			port->target_devid = malloc(sizeof(struct ctl_devid) +
1190			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1191		}
1192		memcpy(port->target_devid->data, &msg->port.data[i],
1193		    msg->port.target_devid_len);
1194		port->target_devid->len = msg->port.target_devid_len;
1195		i += msg->port.target_devid_len;
1196	} else {
1197		free(port->target_devid, M_CTL);
1198		port->target_devid = NULL;
1199	}
1200	if (msg->port.init_devid_len != 0) {
1201		if (port->init_devid == NULL ||
1202		    port->init_devid->len != msg->port.init_devid_len) {
1203			free(port->init_devid, M_CTL);
1204			port->init_devid = malloc(sizeof(struct ctl_devid) +
1205			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1206		}
1207		memcpy(port->init_devid->data, &msg->port.data[i],
1208		    msg->port.init_devid_len);
1209		port->init_devid->len = msg->port.init_devid_len;
1210		i += msg->port.init_devid_len;
1211	} else {
1212		free(port->init_devid, M_CTL);
1213		port->init_devid = NULL;
1214	}
1215	if (new) {
1216		if (ctl_port_register(port) != 0) {
1217			printf("%s: ctl_port_register() failed with error\n",
1218			    __func__);
1219		}
1220	}
1221	mtx_lock(&softc->ctl_lock);
1222	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1223		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1224			continue;
1225		mtx_lock(&lun->lun_lock);
1226		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1227		mtx_unlock(&lun->lun_lock);
1228	}
1229	mtx_unlock(&softc->ctl_lock);
1230}
1231
1232static void
1233ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1234{
1235	struct ctl_port *port;
1236	int iid;
1237
1238	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1239	if (port == NULL) {
1240		printf("%s: Received IID for unknown port %d\n",
1241		    __func__, msg->hdr.nexus.targ_port);
1242		return;
1243	}
1244	iid = msg->hdr.nexus.initid;
1245	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1246	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1247	free(port->wwpn_iid[iid].name, M_CTL);
1248	if (msg->iid.name_len) {
1249		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1250		    msg->iid.name_len, M_CTL);
1251	} else
1252		port->wwpn_iid[iid].name = NULL;
1253}
1254
1255static void
1256ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1257{
1258
1259	if (msg->login.version != CTL_HA_VERSION) {
1260		printf("CTL HA peers have different versions %d != %d\n",
1261		    msg->login.version, CTL_HA_VERSION);
1262		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1263		return;
1264	}
1265	if (msg->login.ha_mode != softc->ha_mode) {
1266		printf("CTL HA peers have different ha_mode %d != %d\n",
1267		    msg->login.ha_mode, softc->ha_mode);
1268		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1269		return;
1270	}
1271	if (msg->login.ha_id == softc->ha_id) {
1272		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1273		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1274		return;
1275	}
1276	if (msg->login.max_luns != CTL_MAX_LUNS ||
1277	    msg->login.max_ports != CTL_MAX_PORTS ||
1278	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1279		printf("CTL HA peers have different limits\n");
1280		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1281		return;
1282	}
1283}
1284
1285static void
1286ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1287{
1288	struct ctl_lun *lun;
1289	int i;
1290	uint32_t initidx, targ_lun;
1291
1292	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1293	mtx_lock(&softc->ctl_lock);
1294	if ((targ_lun >= CTL_MAX_LUNS) ||
1295	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1296		mtx_unlock(&softc->ctl_lock);
1297		return;
1298	}
1299	mtx_lock(&lun->lun_lock);
1300	mtx_unlock(&softc->ctl_lock);
1301	if (lun->flags & CTL_LUN_DISABLED) {
1302		mtx_unlock(&lun->lun_lock);
1303		return;
1304	}
1305	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1306		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1307		    msg->mode.page_code &&
1308		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1309			break;
1310	}
1311	if (i == CTL_NUM_MODE_PAGES) {
1312		mtx_unlock(&lun->lun_lock);
1313		return;
1314	}
1315	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1316	    lun->mode_pages.index[i].page_len);
1317	initidx = ctl_get_initindex(&msg->hdr.nexus);
1318	if (initidx != -1)
1319		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1320	mtx_unlock(&lun->lun_lock);
1321}
1322
1323/*
1324 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1325 * subsystem come in here.
1326 */
1327static void
1328ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1329{
1330	struct ctl_softc *softc = control_softc;
1331	union ctl_io *io;
1332	struct ctl_prio *presio;
1333	ctl_ha_status isc_status;
1334
1335	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1336	if (event == CTL_HA_EVT_MSG_RECV) {
1337		union ctl_ha_msg *msg, msgbuf;
1338
1339		if (param > sizeof(msgbuf))
1340			msg = malloc(param, M_CTL, M_WAITOK);
1341		else
1342			msg = &msgbuf;
1343		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1344		    M_WAITOK);
1345		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1346			printf("%s: Error receiving message: %d\n",
1347			    __func__, isc_status);
1348			if (msg != &msgbuf)
1349				free(msg, M_CTL);
1350			return;
1351		}
1352
1353		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1354		switch (msg->hdr.msg_type) {
1355		case CTL_MSG_SERIALIZE:
1356			io = ctl_alloc_io(softc->othersc_pool);
1357			ctl_zero_io(io);
1358			// populate ctsio from msg
1359			io->io_hdr.io_type = CTL_IO_SCSI;
1360			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1361			io->io_hdr.original_sc = msg->hdr.original_sc;
1362			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1363					    CTL_FLAG_IO_ACTIVE;
1364			/*
1365			 * If we're in serialization-only mode, we don't
1366			 * want to go through full done processing.  Thus
1367			 * the COPY flag.
1368			 *
1369			 * XXX KDM add another flag that is more specific.
1370			 */
1371			if (softc->ha_mode != CTL_HA_MODE_XFER)
1372				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1373			io->io_hdr.nexus = msg->hdr.nexus;
1374#if 0
1375			printf("port %u, iid %u, lun %u\n",
1376			       io->io_hdr.nexus.targ_port,
1377			       io->io_hdr.nexus.initid,
1378			       io->io_hdr.nexus.targ_lun);
1379#endif
1380			io->scsiio.tag_num = msg->scsi.tag_num;
1381			io->scsiio.tag_type = msg->scsi.tag_type;
1382#ifdef CTL_TIME_IO
1383			io->io_hdr.start_time = time_uptime;
1384			getbinuptime(&io->io_hdr.start_bt);
1385#endif /* CTL_TIME_IO */
1386			io->scsiio.cdb_len = msg->scsi.cdb_len;
1387			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1388			       CTL_MAX_CDBLEN);
1389			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1390				const struct ctl_cmd_entry *entry;
1391
1392				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1393				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1394				io->io_hdr.flags |=
1395					entry->flags & CTL_FLAG_DATA_MASK;
1396			}
1397			ctl_enqueue_isc(io);
1398			break;
1399
1400		/* Performed on the Originating SC, XFER mode only */
1401		case CTL_MSG_DATAMOVE: {
1402			struct ctl_sg_entry *sgl;
1403			int i, j;
1404
1405			io = msg->hdr.original_sc;
1406			if (io == NULL) {
1407				printf("%s: original_sc == NULL!\n", __func__);
1408				/* XXX KDM do something here */
1409				break;
1410			}
1411			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1412			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1413			/*
1414			 * Keep track of this, we need to send it back over
1415			 * when the datamove is complete.
1416			 */
1417			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1418			if (msg->hdr.status == CTL_SUCCESS)
1419				io->io_hdr.status = msg->hdr.status;
1420
1421			if (msg->dt.sg_sequence == 0) {
1422#ifdef CTL_TIME_IO
1423				getbinuptime(&io->io_hdr.dma_start_bt);
1424#endif
1425				i = msg->dt.kern_sg_entries +
1426				    msg->dt.kern_data_len /
1427				    CTL_HA_DATAMOVE_SEGMENT + 1;
1428				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1429				    M_WAITOK | M_ZERO);
1430				io->io_hdr.remote_sglist = sgl;
1431				io->io_hdr.local_sglist =
1432				    &sgl[msg->dt.kern_sg_entries];
1433
1434				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1435
1436				io->scsiio.kern_sg_entries =
1437					msg->dt.kern_sg_entries;
1438				io->scsiio.rem_sg_entries =
1439					msg->dt.kern_sg_entries;
1440				io->scsiio.kern_data_len =
1441					msg->dt.kern_data_len;
1442				io->scsiio.kern_total_len =
1443					msg->dt.kern_total_len;
1444				io->scsiio.kern_data_resid =
1445					msg->dt.kern_data_resid;
1446				io->scsiio.kern_rel_offset =
1447					msg->dt.kern_rel_offset;
1448				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1449				io->io_hdr.flags |= msg->dt.flags &
1450				    CTL_FLAG_BUS_ADDR;
1451			} else
1452				sgl = (struct ctl_sg_entry *)
1453					io->scsiio.kern_data_ptr;
1454
1455			for (i = msg->dt.sent_sg_entries, j = 0;
1456			     i < (msg->dt.sent_sg_entries +
1457			     msg->dt.cur_sg_entries); i++, j++) {
1458				sgl[i].addr = msg->dt.sg_list[j].addr;
1459				sgl[i].len = msg->dt.sg_list[j].len;
1460
1461#if 0
1462				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1463				    __func__, sgl[i].addr, sgl[i].len, j, i);
1464#endif
1465			}
1466
1467			/*
1468			 * If this is the last piece of the I/O, we've got
1469			 * the full S/G list.  Queue processing in the thread.
1470			 * Otherwise wait for the next piece.
1471			 */
1472			if (msg->dt.sg_last != 0)
1473				ctl_enqueue_isc(io);
1474			break;
1475		}
1476		/* Performed on the Serializing (primary) SC, XFER mode only */
1477		case CTL_MSG_DATAMOVE_DONE: {
1478			if (msg->hdr.serializing_sc == NULL) {
1479				printf("%s: serializing_sc == NULL!\n",
1480				       __func__);
1481				/* XXX KDM now what? */
1482				break;
1483			}
1484			/*
1485			 * We grab the sense information here in case
1486			 * there was a failure, so we can return status
1487			 * back to the initiator.
1488			 */
1489			io = msg->hdr.serializing_sc;
1490			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1491			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1492			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1493			io->io_hdr.port_status = msg->scsi.fetd_status;
1494			io->scsiio.residual = msg->scsi.residual;
1495			if (msg->hdr.status != CTL_STATUS_NONE) {
1496				io->io_hdr.status = msg->hdr.status;
1497				io->scsiio.scsi_status = msg->scsi.scsi_status;
1498				io->scsiio.sense_len = msg->scsi.sense_len;
1499				io->scsiio.sense_residual =msg->scsi.sense_residual;
1500				memcpy(&io->scsiio.sense_data,
1501				    &msg->scsi.sense_data,
1502				    msg->scsi.sense_len);
1503				if (msg->hdr.status == CTL_SUCCESS)
1504					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1505			}
1506			ctl_enqueue_isc(io);
1507			break;
1508		}
1509
1510		/* Preformed on Originating SC, SER_ONLY mode */
1511		case CTL_MSG_R2R:
1512			io = msg->hdr.original_sc;
1513			if (io == NULL) {
1514				printf("%s: original_sc == NULL!\n",
1515				    __func__);
1516				break;
1517			}
1518			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1519			io->io_hdr.msg_type = CTL_MSG_R2R;
1520			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1521			ctl_enqueue_isc(io);
1522			break;
1523
1524		/*
1525		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1526		 * mode.
1527		 * Performed on the Originating (i.e. secondary) SC in XFER
1528		 * mode
1529		 */
1530		case CTL_MSG_FINISH_IO:
1531			if (softc->ha_mode == CTL_HA_MODE_XFER)
1532				ctl_isc_handler_finish_xfer(softc, msg);
1533			else
1534				ctl_isc_handler_finish_ser_only(softc, msg);
1535			break;
1536
1537		/* Preformed on Originating SC */
1538		case CTL_MSG_BAD_JUJU:
1539			io = msg->hdr.original_sc;
1540			if (io == NULL) {
1541				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1542				       __func__);
1543				break;
1544			}
1545			ctl_copy_sense_data(msg, io);
1546			/*
1547			 * IO should have already been cleaned up on other
1548			 * SC so clear this flag so we won't send a message
1549			 * back to finish the IO there.
1550			 */
1551			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1552			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1553
1554			/* io = msg->hdr.serializing_sc; */
1555			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1556			ctl_enqueue_isc(io);
1557			break;
1558
1559		/* Handle resets sent from the other side */
1560		case CTL_MSG_MANAGE_TASKS: {
1561			struct ctl_taskio *taskio;
1562			taskio = (struct ctl_taskio *)ctl_alloc_io(
1563			    softc->othersc_pool);
1564			ctl_zero_io((union ctl_io *)taskio);
1565			taskio->io_hdr.io_type = CTL_IO_TASK;
1566			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1567			taskio->io_hdr.nexus = msg->hdr.nexus;
1568			taskio->task_action = msg->task.task_action;
1569			taskio->tag_num = msg->task.tag_num;
1570			taskio->tag_type = msg->task.tag_type;
1571#ifdef CTL_TIME_IO
1572			taskio->io_hdr.start_time = time_uptime;
1573			getbinuptime(&taskio->io_hdr.start_bt);
1574#endif /* CTL_TIME_IO */
1575			ctl_run_task((union ctl_io *)taskio);
1576			break;
1577		}
1578		/* Persistent Reserve action which needs attention */
1579		case CTL_MSG_PERS_ACTION:
1580			presio = (struct ctl_prio *)ctl_alloc_io(
1581			    softc->othersc_pool);
1582			ctl_zero_io((union ctl_io *)presio);
1583			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1584			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1585			presio->io_hdr.nexus = msg->hdr.nexus;
1586			presio->pr_msg = msg->pr;
1587			ctl_enqueue_isc((union ctl_io *)presio);
1588			break;
1589		case CTL_MSG_UA:
1590			ctl_isc_ua(softc, msg, param);
1591			break;
1592		case CTL_MSG_PORT_SYNC:
1593			ctl_isc_port_sync(softc, msg, param);
1594			break;
1595		case CTL_MSG_LUN_SYNC:
1596			ctl_isc_lun_sync(softc, msg, param);
1597			break;
1598		case CTL_MSG_IID_SYNC:
1599			ctl_isc_iid_sync(softc, msg, param);
1600			break;
1601		case CTL_MSG_LOGIN:
1602			ctl_isc_login(softc, msg, param);
1603			break;
1604		case CTL_MSG_MODE_SYNC:
1605			ctl_isc_mode_sync(softc, msg, param);
1606			break;
1607		default:
1608			printf("Received HA message of unknown type %d\n",
1609			    msg->hdr.msg_type);
1610			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1611			break;
1612		}
1613		if (msg != &msgbuf)
1614			free(msg, M_CTL);
1615	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1616		printf("CTL: HA link status changed from %d to %d\n",
1617		    softc->ha_link, param);
1618		if (param == softc->ha_link)
1619			return;
1620		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1621			softc->ha_link = param;
1622			ctl_isc_ha_link_down(softc);
1623		} else {
1624			softc->ha_link = param;
1625			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1626				ctl_isc_ha_link_up(softc);
1627		}
1628		return;
1629	} else {
1630		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1631		return;
1632	}
1633}
1634
1635static void
1636ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1637{
1638
1639	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1640	    src->scsi.sense_len);
1641	dest->scsiio.scsi_status = src->scsi.scsi_status;
1642	dest->scsiio.sense_len = src->scsi.sense_len;
1643	dest->io_hdr.status = src->hdr.status;
1644}
1645
1646static void
1647ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1648{
1649
1650	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1651	    src->scsiio.sense_len);
1652	dest->scsi.scsi_status = src->scsiio.scsi_status;
1653	dest->scsi.sense_len = src->scsiio.sense_len;
1654	dest->hdr.status = src->io_hdr.status;
1655}
1656
1657void
1658ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1659{
1660	struct ctl_softc *softc = lun->ctl_softc;
1661	ctl_ua_type *pu;
1662
1663	if (initidx < softc->init_min || initidx >= softc->init_max)
1664		return;
1665	mtx_assert(&lun->lun_lock, MA_OWNED);
1666	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1667	if (pu == NULL)
1668		return;
1669	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1670}
1671
1672void
1673ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1674{
1675	int i;
1676
1677	mtx_assert(&lun->lun_lock, MA_OWNED);
1678	if (lun->pending_ua[port] == NULL)
1679		return;
1680	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1681		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1682			continue;
1683		lun->pending_ua[port][i] |= ua;
1684	}
1685}
1686
1687void
1688ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1689{
1690	struct ctl_softc *softc = lun->ctl_softc;
1691	int i;
1692
1693	mtx_assert(&lun->lun_lock, MA_OWNED);
1694	for (i = softc->port_min; i < softc->port_max; i++)
1695		ctl_est_ua_port(lun, i, except, ua);
1696}
1697
1698void
1699ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1700{
1701	struct ctl_softc *softc = lun->ctl_softc;
1702	ctl_ua_type *pu;
1703
1704	if (initidx < softc->init_min || initidx >= softc->init_max)
1705		return;
1706	mtx_assert(&lun->lun_lock, MA_OWNED);
1707	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1708	if (pu == NULL)
1709		return;
1710	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1711}
1712
1713void
1714ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1715{
1716	struct ctl_softc *softc = lun->ctl_softc;
1717	int i, j;
1718
1719	mtx_assert(&lun->lun_lock, MA_OWNED);
1720	for (i = softc->port_min; i < softc->port_max; i++) {
1721		if (lun->pending_ua[i] == NULL)
1722			continue;
1723		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1724			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1725				continue;
1726			lun->pending_ua[i][j] &= ~ua;
1727		}
1728	}
1729}
1730
1731void
1732ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1733    ctl_ua_type ua_type)
1734{
1735	struct ctl_lun *lun;
1736
1737	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1738	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1739		mtx_lock(&lun->lun_lock);
1740		ctl_clr_ua(lun, initidx, ua_type);
1741		mtx_unlock(&lun->lun_lock);
1742	}
1743}
1744
1745static int
1746ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1747{
1748	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1749	struct ctl_lun *lun;
1750	struct ctl_lun_req ireq;
1751	int error, value;
1752
1753	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1754	error = sysctl_handle_int(oidp, &value, 0, req);
1755	if ((error != 0) || (req->newptr == NULL))
1756		return (error);
1757
1758	mtx_lock(&softc->ctl_lock);
1759	if (value == 0)
1760		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1761	else
1762		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1763	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1764		mtx_unlock(&softc->ctl_lock);
1765		bzero(&ireq, sizeof(ireq));
1766		ireq.reqtype = CTL_LUNREQ_MODIFY;
1767		ireq.reqdata.modify.lun_id = lun->lun;
1768		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1769		    curthread);
1770		if (ireq.status != CTL_LUN_OK) {
1771			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1772			    __func__, ireq.status, ireq.error_str);
1773		}
1774		mtx_lock(&softc->ctl_lock);
1775	}
1776	mtx_unlock(&softc->ctl_lock);
1777	return (0);
1778}
1779
1780static int
1781ctl_init(void)
1782{
1783	struct ctl_softc *softc;
1784	void *other_pool;
1785	int i, error;
1786
1787	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1788			       M_WAITOK | M_ZERO);
1789
1790	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1791			      "cam/ctl");
1792	softc->dev->si_drv1 = softc;
1793
1794	sysctl_ctx_init(&softc->sysctl_ctx);
1795	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1796		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1797		CTLFLAG_RD, 0, "CAM Target Layer");
1798
1799	if (softc->sysctl_tree == NULL) {
1800		printf("%s: unable to allocate sysctl tree\n", __func__);
1801		destroy_dev(softc->dev);
1802		free(control_softc, M_DEVBUF);
1803		control_softc = NULL;
1804		return (ENOMEM);
1805	}
1806
1807	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1808	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1809	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1810	softc->flags = 0;
1811
1812	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1813	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1814	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1815
1816	/*
1817	 * In Copan's HA scheme, the "master" and "slave" roles are
1818	 * figured out through the slot the controller is in.  Although it
1819	 * is an active/active system, someone has to be in charge.
1820	 */
1821	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1822	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1823	    "HA head ID (0 - no HA)");
1824	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1825		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1826		softc->is_single = 1;
1827		softc->port_cnt = CTL_MAX_PORTS;
1828		softc->port_min = 0;
1829	} else {
1830		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1831		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1832	}
1833	softc->port_max = softc->port_min + softc->port_cnt;
1834	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1835	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1836
1837	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1838	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1839	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1840
1841	STAILQ_INIT(&softc->lun_list);
1842	STAILQ_INIT(&softc->pending_lun_queue);
1843	STAILQ_INIT(&softc->fe_list);
1844	STAILQ_INIT(&softc->port_list);
1845	STAILQ_INIT(&softc->be_list);
1846	ctl_tpc_init(softc);
1847
1848	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1849	                    &other_pool) != 0)
1850	{
1851		printf("ctl: can't allocate %d entry other SC pool, "
1852		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1853		return (ENOMEM);
1854	}
1855	softc->othersc_pool = other_pool;
1856
1857	if (worker_threads <= 0)
1858		worker_threads = max(1, mp_ncpus / 4);
1859	if (worker_threads > CTL_MAX_THREADS)
1860		worker_threads = CTL_MAX_THREADS;
1861
1862	for (i = 0; i < worker_threads; i++) {
1863		struct ctl_thread *thr = &softc->threads[i];
1864
1865		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1866		thr->ctl_softc = softc;
1867		STAILQ_INIT(&thr->incoming_queue);
1868		STAILQ_INIT(&thr->rtr_queue);
1869		STAILQ_INIT(&thr->done_queue);
1870		STAILQ_INIT(&thr->isc_queue);
1871
1872		error = kproc_kthread_add(ctl_work_thread, thr,
1873		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1874		if (error != 0) {
1875			printf("error creating CTL work thread!\n");
1876			ctl_pool_free(other_pool);
1877			return (error);
1878		}
1879	}
1880	error = kproc_kthread_add(ctl_lun_thread, softc,
1881	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1882	if (error != 0) {
1883		printf("error creating CTL lun thread!\n");
1884		ctl_pool_free(other_pool);
1885		return (error);
1886	}
1887	error = kproc_kthread_add(ctl_thresh_thread, softc,
1888	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1889	if (error != 0) {
1890		printf("error creating CTL threshold thread!\n");
1891		ctl_pool_free(other_pool);
1892		return (error);
1893	}
1894
1895	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1896	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1897	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1898
1899	if (softc->is_single == 0) {
1900		ctl_frontend_register(&ha_frontend);
1901		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1902			printf("ctl_init: ctl_ha_msg_init failed.\n");
1903			softc->is_single = 1;
1904		} else
1905		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1906		    != CTL_HA_STATUS_SUCCESS) {
1907			printf("ctl_init: ctl_ha_msg_register failed.\n");
1908			softc->is_single = 1;
1909		}
1910	}
1911	return (0);
1912}
1913
1914void
1915ctl_shutdown(void)
1916{
1917	struct ctl_softc *softc = control_softc;
1918	struct ctl_lun *lun, *next_lun;
1919
1920	if (softc->is_single == 0) {
1921		ctl_ha_msg_shutdown(softc);
1922		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1923		    != CTL_HA_STATUS_SUCCESS)
1924			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1925		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1926			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1927		ctl_frontend_deregister(&ha_frontend);
1928	}
1929
1930	mtx_lock(&softc->ctl_lock);
1931
1932	STAILQ_FOREACH_SAFE(lun, &softc->lun_list, links, next_lun)
1933		ctl_free_lun(lun);
1934
1935	mtx_unlock(&softc->ctl_lock);
1936
1937#if 0
1938	ctl_shutdown_thread(softc->work_thread);
1939	mtx_destroy(&softc->queue_lock);
1940#endif
1941
1942	ctl_tpc_shutdown(softc);
1943	uma_zdestroy(softc->io_zone);
1944	mtx_destroy(&softc->ctl_lock);
1945
1946	destroy_dev(softc->dev);
1947
1948	sysctl_ctx_free(&softc->sysctl_ctx);
1949
1950	free(control_softc, M_DEVBUF);
1951	control_softc = NULL;
1952}
1953
1954static int
1955ctl_module_event_handler(module_t mod, int what, void *arg)
1956{
1957
1958	switch (what) {
1959	case MOD_LOAD:
1960		return (ctl_init());
1961	case MOD_UNLOAD:
1962		return (EBUSY);
1963	default:
1964		return (EOPNOTSUPP);
1965	}
1966}
1967
1968/*
1969 * XXX KDM should we do some access checks here?  Bump a reference count to
1970 * prevent a CTL module from being unloaded while someone has it open?
1971 */
1972static int
1973ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1974{
1975	return (0);
1976}
1977
1978static int
1979ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1980{
1981	return (0);
1982}
1983
1984/*
1985 * Remove an initiator by port number and initiator ID.
1986 * Returns 0 for success, -1 for failure.
1987 */
1988int
1989ctl_remove_initiator(struct ctl_port *port, int iid)
1990{
1991	struct ctl_softc *softc = port->ctl_softc;
1992
1993	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1994
1995	if (iid > CTL_MAX_INIT_PER_PORT) {
1996		printf("%s: initiator ID %u > maximun %u!\n",
1997		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1998		return (-1);
1999	}
2000
2001	mtx_lock(&softc->ctl_lock);
2002	port->wwpn_iid[iid].in_use--;
2003	port->wwpn_iid[iid].last_use = time_uptime;
2004	mtx_unlock(&softc->ctl_lock);
2005	ctl_isc_announce_iid(port, iid);
2006
2007	return (0);
2008}
2009
2010/*
2011 * Add an initiator to the initiator map.
2012 * Returns iid for success, < 0 for failure.
2013 */
2014int
2015ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
2016{
2017	struct ctl_softc *softc = port->ctl_softc;
2018	time_t best_time;
2019	int i, best;
2020
2021	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2022
2023	if (iid >= CTL_MAX_INIT_PER_PORT) {
2024		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
2025		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
2026		free(name, M_CTL);
2027		return (-1);
2028	}
2029
2030	mtx_lock(&softc->ctl_lock);
2031
2032	if (iid < 0 && (wwpn != 0 || name != NULL)) {
2033		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2034			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
2035				iid = i;
2036				break;
2037			}
2038			if (name != NULL && port->wwpn_iid[i].name != NULL &&
2039			    strcmp(name, port->wwpn_iid[i].name) == 0) {
2040				iid = i;
2041				break;
2042			}
2043		}
2044	}
2045
2046	if (iid < 0) {
2047		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2048			if (port->wwpn_iid[i].in_use == 0 &&
2049			    port->wwpn_iid[i].wwpn == 0 &&
2050			    port->wwpn_iid[i].name == NULL) {
2051				iid = i;
2052				break;
2053			}
2054		}
2055	}
2056
2057	if (iid < 0) {
2058		best = -1;
2059		best_time = INT32_MAX;
2060		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2061			if (port->wwpn_iid[i].in_use == 0) {
2062				if (port->wwpn_iid[i].last_use < best_time) {
2063					best = i;
2064					best_time = port->wwpn_iid[i].last_use;
2065				}
2066			}
2067		}
2068		iid = best;
2069	}
2070
2071	if (iid < 0) {
2072		mtx_unlock(&softc->ctl_lock);
2073		free(name, M_CTL);
2074		return (-2);
2075	}
2076
2077	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2078		/*
2079		 * This is not an error yet.
2080		 */
2081		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2082#if 0
2083			printf("%s: port %d iid %u WWPN %#jx arrived"
2084			    " again\n", __func__, port->targ_port,
2085			    iid, (uintmax_t)wwpn);
2086#endif
2087			goto take;
2088		}
2089		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2090		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2091#if 0
2092			printf("%s: port %d iid %u name '%s' arrived"
2093			    " again\n", __func__, port->targ_port,
2094			    iid, name);
2095#endif
2096			goto take;
2097		}
2098
2099		/*
2100		 * This is an error, but what do we do about it?  The
2101		 * driver is telling us we have a new WWPN for this
2102		 * initiator ID, so we pretty much need to use it.
2103		 */
2104		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2105		    " but WWPN %#jx '%s' is still at that address\n",
2106		    __func__, port->targ_port, iid, wwpn, name,
2107		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2108		    port->wwpn_iid[iid].name);
2109
2110		/*
2111		 * XXX KDM clear have_ca and ua_pending on each LUN for
2112		 * this initiator.
2113		 */
2114	}
2115take:
2116	free(port->wwpn_iid[iid].name, M_CTL);
2117	port->wwpn_iid[iid].name = name;
2118	port->wwpn_iid[iid].wwpn = wwpn;
2119	port->wwpn_iid[iid].in_use++;
2120	mtx_unlock(&softc->ctl_lock);
2121	ctl_isc_announce_iid(port, iid);
2122
2123	return (iid);
2124}
2125
2126static int
2127ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2128{
2129	int len;
2130
2131	switch (port->port_type) {
2132	case CTL_PORT_FC:
2133	{
2134		struct scsi_transportid_fcp *id =
2135		    (struct scsi_transportid_fcp *)buf;
2136		if (port->wwpn_iid[iid].wwpn == 0)
2137			return (0);
2138		memset(id, 0, sizeof(*id));
2139		id->format_protocol = SCSI_PROTO_FC;
2140		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2141		return (sizeof(*id));
2142	}
2143	case CTL_PORT_ISCSI:
2144	{
2145		struct scsi_transportid_iscsi_port *id =
2146		    (struct scsi_transportid_iscsi_port *)buf;
2147		if (port->wwpn_iid[iid].name == NULL)
2148			return (0);
2149		memset(id, 0, 256);
2150		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2151		    SCSI_PROTO_ISCSI;
2152		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2153		len = roundup2(min(len, 252), 4);
2154		scsi_ulto2b(len, id->additional_length);
2155		return (sizeof(*id) + len);
2156	}
2157	case CTL_PORT_SAS:
2158	{
2159		struct scsi_transportid_sas *id =
2160		    (struct scsi_transportid_sas *)buf;
2161		if (port->wwpn_iid[iid].wwpn == 0)
2162			return (0);
2163		memset(id, 0, sizeof(*id));
2164		id->format_protocol = SCSI_PROTO_SAS;
2165		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2166		return (sizeof(*id));
2167	}
2168	default:
2169	{
2170		struct scsi_transportid_spi *id =
2171		    (struct scsi_transportid_spi *)buf;
2172		memset(id, 0, sizeof(*id));
2173		id->format_protocol = SCSI_PROTO_SPI;
2174		scsi_ulto2b(iid, id->scsi_addr);
2175		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2176		return (sizeof(*id));
2177	}
2178	}
2179}
2180
2181/*
2182 * Serialize a command that went down the "wrong" side, and so was sent to
2183 * this controller for execution.  The logic is a little different than the
2184 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2185 * sent back to the other side, but in the success case, we execute the
2186 * command on this side (XFER mode) or tell the other side to execute it
2187 * (SER_ONLY mode).
2188 */
2189static int
2190ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2191{
2192	struct ctl_softc *softc = control_softc;
2193	union ctl_ha_msg msg_info;
2194	struct ctl_port *port;
2195	struct ctl_lun *lun;
2196	const struct ctl_cmd_entry *entry;
2197	int retval = 0;
2198	uint32_t targ_lun;
2199
2200	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2201	mtx_lock(&softc->ctl_lock);
2202
2203	/* Make sure that we know about this port. */
2204	port = ctl_io_port(&ctsio->io_hdr);
2205	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2206		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2207					 /*retry_count*/ 1);
2208		goto badjuju;
2209	}
2210
2211	/* Make sure that we know about this LUN. */
2212	if ((targ_lun < CTL_MAX_LUNS) &&
2213	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2214		mtx_lock(&lun->lun_lock);
2215		mtx_unlock(&softc->ctl_lock);
2216		/*
2217		 * If the LUN is invalid, pretend that it doesn't exist.
2218		 * It will go away as soon as all pending I/O has been
2219		 * completed.
2220		 */
2221		if (lun->flags & CTL_LUN_DISABLED) {
2222			mtx_unlock(&lun->lun_lock);
2223			lun = NULL;
2224		}
2225	} else {
2226		mtx_unlock(&softc->ctl_lock);
2227		lun = NULL;
2228	}
2229	if (lun == NULL) {
2230		/*
2231		 * The other node would not send this request to us unless
2232		 * received announce that we are primary node for this LUN.
2233		 * If this LUN does not exist now, it is probably result of
2234		 * a race, so respond to initiator in the most opaque way.
2235		 */
2236		ctl_set_busy(ctsio);
2237		goto badjuju;
2238	}
2239
2240	entry = ctl_get_cmd_entry(ctsio, NULL);
2241	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2242		mtx_unlock(&lun->lun_lock);
2243		goto badjuju;
2244	}
2245
2246	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2247	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2248
2249	/*
2250	 * Every I/O goes into the OOA queue for a
2251	 * particular LUN, and stays there until completion.
2252	 */
2253#ifdef CTL_TIME_IO
2254	if (TAILQ_EMPTY(&lun->ooa_queue))
2255		lun->idle_time += getsbinuptime() - lun->last_busy;
2256#endif
2257	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2258
2259	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2260		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2261		 ooa_links))) {
2262	case CTL_ACTION_BLOCK:
2263		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2264		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2265				  blocked_links);
2266		mtx_unlock(&lun->lun_lock);
2267		break;
2268	case CTL_ACTION_PASS:
2269	case CTL_ACTION_SKIP:
2270		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2271			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2272			ctl_enqueue_rtr((union ctl_io *)ctsio);
2273			mtx_unlock(&lun->lun_lock);
2274		} else {
2275			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2276			mtx_unlock(&lun->lun_lock);
2277
2278			/* send msg back to other side */
2279			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2280			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2281			msg_info.hdr.msg_type = CTL_MSG_R2R;
2282			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2283			    sizeof(msg_info.hdr), M_WAITOK);
2284		}
2285		break;
2286	case CTL_ACTION_OVERLAP:
2287		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2288		mtx_unlock(&lun->lun_lock);
2289		ctl_set_overlapped_cmd(ctsio);
2290		goto badjuju;
2291	case CTL_ACTION_OVERLAP_TAG:
2292		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2293		mtx_unlock(&lun->lun_lock);
2294		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2295		goto badjuju;
2296	case CTL_ACTION_ERROR:
2297	default:
2298		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2299		mtx_unlock(&lun->lun_lock);
2300
2301		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2302					 /*retry_count*/ 0);
2303badjuju:
2304		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2305		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2306		msg_info.hdr.serializing_sc = NULL;
2307		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2308		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2309		    sizeof(msg_info.scsi), M_WAITOK);
2310		retval = 1;
2311		break;
2312	}
2313	return (retval);
2314}
2315
2316/*
2317 * Returns 0 for success, errno for failure.
2318 */
2319static void
2320ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2321		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2322{
2323	union ctl_io *io;
2324
2325	mtx_lock(&lun->lun_lock);
2326	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2327	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2328	     ooa_links)) {
2329		struct ctl_ooa_entry *entry;
2330
2331		/*
2332		 * If we've got more than we can fit, just count the
2333		 * remaining entries.
2334		 */
2335		if (*cur_fill_num >= ooa_hdr->alloc_num)
2336			continue;
2337
2338		entry = &kern_entries[*cur_fill_num];
2339
2340		entry->tag_num = io->scsiio.tag_num;
2341		entry->lun_num = lun->lun;
2342#ifdef CTL_TIME_IO
2343		entry->start_bt = io->io_hdr.start_bt;
2344#endif
2345		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2346		entry->cdb_len = io->scsiio.cdb_len;
2347		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2348			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2349
2350		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2351			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2352
2353		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2354			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2355
2356		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2357			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2358
2359		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2360			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2361	}
2362	mtx_unlock(&lun->lun_lock);
2363}
2364
2365static void *
2366ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2367		 size_t error_str_len)
2368{
2369	void *kptr;
2370
2371	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2372
2373	if (copyin(user_addr, kptr, len) != 0) {
2374		snprintf(error_str, error_str_len, "Error copying %d bytes "
2375			 "from user address %p to kernel address %p", len,
2376			 user_addr, kptr);
2377		free(kptr, M_CTL);
2378		return (NULL);
2379	}
2380
2381	return (kptr);
2382}
2383
2384static void
2385ctl_free_args(int num_args, struct ctl_be_arg *args)
2386{
2387	int i;
2388
2389	if (args == NULL)
2390		return;
2391
2392	for (i = 0; i < num_args; i++) {
2393		free(args[i].kname, M_CTL);
2394		free(args[i].kvalue, M_CTL);
2395	}
2396
2397	free(args, M_CTL);
2398}
2399
2400static struct ctl_be_arg *
2401ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2402		char *error_str, size_t error_str_len)
2403{
2404	struct ctl_be_arg *args;
2405	int i;
2406
2407	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2408				error_str, error_str_len);
2409
2410	if (args == NULL)
2411		goto bailout;
2412
2413	for (i = 0; i < num_args; i++) {
2414		args[i].kname = NULL;
2415		args[i].kvalue = NULL;
2416	}
2417
2418	for (i = 0; i < num_args; i++) {
2419		uint8_t *tmpptr;
2420
2421		args[i].kname = ctl_copyin_alloc(args[i].name,
2422			args[i].namelen, error_str, error_str_len);
2423		if (args[i].kname == NULL)
2424			goto bailout;
2425
2426		if (args[i].kname[args[i].namelen - 1] != '\0') {
2427			snprintf(error_str, error_str_len, "Argument %d "
2428				 "name is not NUL-terminated", i);
2429			goto bailout;
2430		}
2431
2432		if (args[i].flags & CTL_BEARG_RD) {
2433			tmpptr = ctl_copyin_alloc(args[i].value,
2434				args[i].vallen, error_str, error_str_len);
2435			if (tmpptr == NULL)
2436				goto bailout;
2437			if ((args[i].flags & CTL_BEARG_ASCII)
2438			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2439				snprintf(error_str, error_str_len, "Argument "
2440				    "%d value is not NUL-terminated", i);
2441				goto bailout;
2442			}
2443			args[i].kvalue = tmpptr;
2444		} else {
2445			args[i].kvalue = malloc(args[i].vallen,
2446			    M_CTL, M_WAITOK | M_ZERO);
2447		}
2448	}
2449
2450	return (args);
2451bailout:
2452
2453	ctl_free_args(num_args, args);
2454
2455	return (NULL);
2456}
2457
2458static void
2459ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2460{
2461	int i;
2462
2463	for (i = 0; i < num_args; i++) {
2464		if (args[i].flags & CTL_BEARG_WR)
2465			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2466	}
2467}
2468
2469/*
2470 * Escape characters that are illegal or not recommended in XML.
2471 */
2472int
2473ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2474{
2475	char *end = str + size;
2476	int retval;
2477
2478	retval = 0;
2479
2480	for (; *str && str < end; str++) {
2481		switch (*str) {
2482		case '&':
2483			retval = sbuf_printf(sb, "&amp;");
2484			break;
2485		case '>':
2486			retval = sbuf_printf(sb, "&gt;");
2487			break;
2488		case '<':
2489			retval = sbuf_printf(sb, "&lt;");
2490			break;
2491		default:
2492			retval = sbuf_putc(sb, *str);
2493			break;
2494		}
2495
2496		if (retval != 0)
2497			break;
2498
2499	}
2500
2501	return (retval);
2502}
2503
2504static void
2505ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2506{
2507	struct scsi_vpd_id_descriptor *desc;
2508	int i;
2509
2510	if (id == NULL || id->len < 4)
2511		return;
2512	desc = (struct scsi_vpd_id_descriptor *)id->data;
2513	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2514	case SVPD_ID_TYPE_T10:
2515		sbuf_printf(sb, "t10.");
2516		break;
2517	case SVPD_ID_TYPE_EUI64:
2518		sbuf_printf(sb, "eui.");
2519		break;
2520	case SVPD_ID_TYPE_NAA:
2521		sbuf_printf(sb, "naa.");
2522		break;
2523	case SVPD_ID_TYPE_SCSI_NAME:
2524		break;
2525	}
2526	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2527	case SVPD_ID_CODESET_BINARY:
2528		for (i = 0; i < desc->length; i++)
2529			sbuf_printf(sb, "%02x", desc->identifier[i]);
2530		break;
2531	case SVPD_ID_CODESET_ASCII:
2532		sbuf_printf(sb, "%.*s", (int)desc->length,
2533		    (char *)desc->identifier);
2534		break;
2535	case SVPD_ID_CODESET_UTF8:
2536		sbuf_printf(sb, "%s", (char *)desc->identifier);
2537		break;
2538	}
2539}
2540
2541static int
2542ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2543	  struct thread *td)
2544{
2545	struct ctl_softc *softc = dev->si_drv1;
2546	struct ctl_lun *lun;
2547	int retval;
2548
2549	retval = 0;
2550
2551	switch (cmd) {
2552	case CTL_IO:
2553		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2554		break;
2555	case CTL_ENABLE_PORT:
2556	case CTL_DISABLE_PORT:
2557	case CTL_SET_PORT_WWNS: {
2558		struct ctl_port *port;
2559		struct ctl_port_entry *entry;
2560
2561		entry = (struct ctl_port_entry *)addr;
2562
2563		mtx_lock(&softc->ctl_lock);
2564		STAILQ_FOREACH(port, &softc->port_list, links) {
2565			int action, done;
2566
2567			if (port->targ_port < softc->port_min ||
2568			    port->targ_port >= softc->port_max)
2569				continue;
2570
2571			action = 0;
2572			done = 0;
2573			if ((entry->port_type == CTL_PORT_NONE)
2574			 && (entry->targ_port == port->targ_port)) {
2575				/*
2576				 * If the user only wants to enable or
2577				 * disable or set WWNs on a specific port,
2578				 * do the operation and we're done.
2579				 */
2580				action = 1;
2581				done = 1;
2582			} else if (entry->port_type & port->port_type) {
2583				/*
2584				 * Compare the user's type mask with the
2585				 * particular frontend type to see if we
2586				 * have a match.
2587				 */
2588				action = 1;
2589				done = 0;
2590
2591				/*
2592				 * Make sure the user isn't trying to set
2593				 * WWNs on multiple ports at the same time.
2594				 */
2595				if (cmd == CTL_SET_PORT_WWNS) {
2596					printf("%s: Can't set WWNs on "
2597					       "multiple ports\n", __func__);
2598					retval = EINVAL;
2599					break;
2600				}
2601			}
2602			if (action == 0)
2603				continue;
2604
2605			/*
2606			 * XXX KDM we have to drop the lock here, because
2607			 * the online/offline operations can potentially
2608			 * block.  We need to reference count the frontends
2609			 * so they can't go away,
2610			 */
2611			if (cmd == CTL_ENABLE_PORT) {
2612				mtx_unlock(&softc->ctl_lock);
2613				ctl_port_online(port);
2614				mtx_lock(&softc->ctl_lock);
2615			} else if (cmd == CTL_DISABLE_PORT) {
2616				mtx_unlock(&softc->ctl_lock);
2617				ctl_port_offline(port);
2618				mtx_lock(&softc->ctl_lock);
2619			} else if (cmd == CTL_SET_PORT_WWNS) {
2620				ctl_port_set_wwns(port,
2621				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2622				    1 : 0, entry->wwnn,
2623				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2624				    1 : 0, entry->wwpn);
2625			}
2626			if (done != 0)
2627				break;
2628		}
2629		mtx_unlock(&softc->ctl_lock);
2630		break;
2631	}
2632	case CTL_GET_OOA: {
2633		struct ctl_ooa *ooa_hdr;
2634		struct ctl_ooa_entry *entries;
2635		uint32_t cur_fill_num;
2636
2637		ooa_hdr = (struct ctl_ooa *)addr;
2638
2639		if ((ooa_hdr->alloc_len == 0)
2640		 || (ooa_hdr->alloc_num == 0)) {
2641			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2642			       "must be non-zero\n", __func__,
2643			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2644			retval = EINVAL;
2645			break;
2646		}
2647
2648		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2649		    sizeof(struct ctl_ooa_entry))) {
2650			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2651			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2652			       __func__, ooa_hdr->alloc_len,
2653			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2654			retval = EINVAL;
2655			break;
2656		}
2657
2658		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2659		if (entries == NULL) {
2660			printf("%s: could not allocate %d bytes for OOA "
2661			       "dump\n", __func__, ooa_hdr->alloc_len);
2662			retval = ENOMEM;
2663			break;
2664		}
2665
2666		mtx_lock(&softc->ctl_lock);
2667		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2668		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2669		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2670			mtx_unlock(&softc->ctl_lock);
2671			free(entries, M_CTL);
2672			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2673			       __func__, (uintmax_t)ooa_hdr->lun_num);
2674			retval = EINVAL;
2675			break;
2676		}
2677
2678		cur_fill_num = 0;
2679
2680		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2681			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2682				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2683				    ooa_hdr, entries);
2684			}
2685		} else {
2686			lun = softc->ctl_luns[ooa_hdr->lun_num];
2687			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2688			    entries);
2689		}
2690		mtx_unlock(&softc->ctl_lock);
2691
2692		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2693		ooa_hdr->fill_len = ooa_hdr->fill_num *
2694			sizeof(struct ctl_ooa_entry);
2695		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2696		if (retval != 0) {
2697			printf("%s: error copying out %d bytes for OOA dump\n",
2698			       __func__, ooa_hdr->fill_len);
2699		}
2700
2701		getbinuptime(&ooa_hdr->cur_bt);
2702
2703		if (cur_fill_num > ooa_hdr->alloc_num) {
2704			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2705			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2706		} else {
2707			ooa_hdr->dropped_num = 0;
2708			ooa_hdr->status = CTL_OOA_OK;
2709		}
2710
2711		free(entries, M_CTL);
2712		break;
2713	}
2714	case CTL_DELAY_IO: {
2715		struct ctl_io_delay_info *delay_info;
2716
2717		delay_info = (struct ctl_io_delay_info *)addr;
2718
2719#ifdef CTL_IO_DELAY
2720		mtx_lock(&softc->ctl_lock);
2721
2722		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2723		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2724			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2725		} else {
2726			lun = softc->ctl_luns[delay_info->lun_id];
2727			mtx_lock(&lun->lun_lock);
2728
2729			delay_info->status = CTL_DELAY_STATUS_OK;
2730
2731			switch (delay_info->delay_type) {
2732			case CTL_DELAY_TYPE_CONT:
2733				break;
2734			case CTL_DELAY_TYPE_ONESHOT:
2735				break;
2736			default:
2737				delay_info->status =
2738					CTL_DELAY_STATUS_INVALID_TYPE;
2739				break;
2740			}
2741
2742			switch (delay_info->delay_loc) {
2743			case CTL_DELAY_LOC_DATAMOVE:
2744				lun->delay_info.datamove_type =
2745					delay_info->delay_type;
2746				lun->delay_info.datamove_delay =
2747					delay_info->delay_secs;
2748				break;
2749			case CTL_DELAY_LOC_DONE:
2750				lun->delay_info.done_type =
2751					delay_info->delay_type;
2752				lun->delay_info.done_delay =
2753					delay_info->delay_secs;
2754				break;
2755			default:
2756				delay_info->status =
2757					CTL_DELAY_STATUS_INVALID_LOC;
2758				break;
2759			}
2760			mtx_unlock(&lun->lun_lock);
2761		}
2762
2763		mtx_unlock(&softc->ctl_lock);
2764#else
2765		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2766#endif /* CTL_IO_DELAY */
2767		break;
2768	}
2769	case CTL_GETSTATS: {
2770		struct ctl_stats *stats;
2771		int i;
2772
2773		stats = (struct ctl_stats *)addr;
2774
2775		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2776		     stats->alloc_len) {
2777			stats->status = CTL_SS_NEED_MORE_SPACE;
2778			stats->num_luns = softc->num_luns;
2779			break;
2780		}
2781		/*
2782		 * XXX KDM no locking here.  If the LUN list changes,
2783		 * things can blow up.
2784		 */
2785		i = 0;
2786		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2787			retval = copyout(&lun->stats, &stats->lun_stats[i++],
2788					 sizeof(lun->stats));
2789			if (retval != 0)
2790				break;
2791		}
2792		stats->num_luns = softc->num_luns;
2793		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2794				 softc->num_luns;
2795		stats->status = CTL_SS_OK;
2796#ifdef CTL_TIME_IO
2797		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2798#else
2799		stats->flags = CTL_STATS_FLAG_NONE;
2800#endif
2801		getnanouptime(&stats->timestamp);
2802		break;
2803	}
2804	case CTL_ERROR_INJECT: {
2805		struct ctl_error_desc *err_desc, *new_err_desc;
2806
2807		err_desc = (struct ctl_error_desc *)addr;
2808
2809		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2810				      M_WAITOK | M_ZERO);
2811		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2812
2813		mtx_lock(&softc->ctl_lock);
2814		lun = softc->ctl_luns[err_desc->lun_id];
2815		if (lun == NULL) {
2816			mtx_unlock(&softc->ctl_lock);
2817			free(new_err_desc, M_CTL);
2818			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2819			       __func__, (uintmax_t)err_desc->lun_id);
2820			retval = EINVAL;
2821			break;
2822		}
2823		mtx_lock(&lun->lun_lock);
2824		mtx_unlock(&softc->ctl_lock);
2825
2826		/*
2827		 * We could do some checking here to verify the validity
2828		 * of the request, but given the complexity of error
2829		 * injection requests, the checking logic would be fairly
2830		 * complex.
2831		 *
2832		 * For now, if the request is invalid, it just won't get
2833		 * executed and might get deleted.
2834		 */
2835		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2836
2837		/*
2838		 * XXX KDM check to make sure the serial number is unique,
2839		 * in case we somehow manage to wrap.  That shouldn't
2840		 * happen for a very long time, but it's the right thing to
2841		 * do.
2842		 */
2843		new_err_desc->serial = lun->error_serial;
2844		err_desc->serial = lun->error_serial;
2845		lun->error_serial++;
2846
2847		mtx_unlock(&lun->lun_lock);
2848		break;
2849	}
2850	case CTL_ERROR_INJECT_DELETE: {
2851		struct ctl_error_desc *delete_desc, *desc, *desc2;
2852		int delete_done;
2853
2854		delete_desc = (struct ctl_error_desc *)addr;
2855		delete_done = 0;
2856
2857		mtx_lock(&softc->ctl_lock);
2858		lun = softc->ctl_luns[delete_desc->lun_id];
2859		if (lun == NULL) {
2860			mtx_unlock(&softc->ctl_lock);
2861			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2862			       __func__, (uintmax_t)delete_desc->lun_id);
2863			retval = EINVAL;
2864			break;
2865		}
2866		mtx_lock(&lun->lun_lock);
2867		mtx_unlock(&softc->ctl_lock);
2868		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2869			if (desc->serial != delete_desc->serial)
2870				continue;
2871
2872			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2873				      links);
2874			free(desc, M_CTL);
2875			delete_done = 1;
2876		}
2877		mtx_unlock(&lun->lun_lock);
2878		if (delete_done == 0) {
2879			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2880			       "error serial %ju on LUN %u\n", __func__,
2881			       delete_desc->serial, delete_desc->lun_id);
2882			retval = EINVAL;
2883			break;
2884		}
2885		break;
2886	}
2887	case CTL_DUMP_STRUCTS: {
2888		int i, j, k;
2889		struct ctl_port *port;
2890		struct ctl_frontend *fe;
2891
2892		mtx_lock(&softc->ctl_lock);
2893		printf("CTL Persistent Reservation information start:\n");
2894		for (i = 0; i < CTL_MAX_LUNS; i++) {
2895			lun = softc->ctl_luns[i];
2896
2897			if ((lun == NULL)
2898			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2899				continue;
2900
2901			for (j = 0; j < CTL_MAX_PORTS; j++) {
2902				if (lun->pr_keys[j] == NULL)
2903					continue;
2904				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2905					if (lun->pr_keys[j][k] == 0)
2906						continue;
2907					printf("  LUN %d port %d iid %d key "
2908					       "%#jx\n", i, j, k,
2909					       (uintmax_t)lun->pr_keys[j][k]);
2910				}
2911			}
2912		}
2913		printf("CTL Persistent Reservation information end\n");
2914		printf("CTL Ports:\n");
2915		STAILQ_FOREACH(port, &softc->port_list, links) {
2916			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2917			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2918			       port->frontend->name, port->port_type,
2919			       port->physical_port, port->virtual_port,
2920			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2921			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2922				if (port->wwpn_iid[j].in_use == 0 &&
2923				    port->wwpn_iid[j].wwpn == 0 &&
2924				    port->wwpn_iid[j].name == NULL)
2925					continue;
2926
2927				printf("    iid %u use %d WWPN %#jx '%s'\n",
2928				    j, port->wwpn_iid[j].in_use,
2929				    (uintmax_t)port->wwpn_iid[j].wwpn,
2930				    port->wwpn_iid[j].name);
2931			}
2932		}
2933		printf("CTL Port information end\n");
2934		mtx_unlock(&softc->ctl_lock);
2935		/*
2936		 * XXX KDM calling this without a lock.  We'd likely want
2937		 * to drop the lock before calling the frontend's dump
2938		 * routine anyway.
2939		 */
2940		printf("CTL Frontends:\n");
2941		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2942			printf("  Frontend '%s'\n", fe->name);
2943			if (fe->fe_dump != NULL)
2944				fe->fe_dump();
2945		}
2946		printf("CTL Frontend information end\n");
2947		break;
2948	}
2949	case CTL_LUN_REQ: {
2950		struct ctl_lun_req *lun_req;
2951		struct ctl_backend_driver *backend;
2952
2953		lun_req = (struct ctl_lun_req *)addr;
2954
2955		backend = ctl_backend_find(lun_req->backend);
2956		if (backend == NULL) {
2957			lun_req->status = CTL_LUN_ERROR;
2958			snprintf(lun_req->error_str,
2959				 sizeof(lun_req->error_str),
2960				 "Backend \"%s\" not found.",
2961				 lun_req->backend);
2962			break;
2963		}
2964		if (lun_req->num_be_args > 0) {
2965			lun_req->kern_be_args = ctl_copyin_args(
2966				lun_req->num_be_args,
2967				lun_req->be_args,
2968				lun_req->error_str,
2969				sizeof(lun_req->error_str));
2970			if (lun_req->kern_be_args == NULL) {
2971				lun_req->status = CTL_LUN_ERROR;
2972				break;
2973			}
2974		}
2975
2976		retval = backend->ioctl(dev, cmd, addr, flag, td);
2977
2978		if (lun_req->num_be_args > 0) {
2979			ctl_copyout_args(lun_req->num_be_args,
2980				      lun_req->kern_be_args);
2981			ctl_free_args(lun_req->num_be_args,
2982				      lun_req->kern_be_args);
2983		}
2984		break;
2985	}
2986	case CTL_LUN_LIST: {
2987		struct sbuf *sb;
2988		struct ctl_lun_list *list;
2989		struct ctl_option *opt;
2990
2991		list = (struct ctl_lun_list *)addr;
2992
2993		/*
2994		 * Allocate a fixed length sbuf here, based on the length
2995		 * of the user's buffer.  We could allocate an auto-extending
2996		 * buffer, and then tell the user how much larger our
2997		 * amount of data is than his buffer, but that presents
2998		 * some problems:
2999		 *
3000		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3001		 *     we can't hold a lock while calling them with an
3002		 *     auto-extending buffer.
3003 		 *
3004		 * 2.  There is not currently a LUN reference counting
3005		 *     mechanism, outside of outstanding transactions on
3006		 *     the LUN's OOA queue.  So a LUN could go away on us
3007		 *     while we're getting the LUN number, backend-specific
3008		 *     information, etc.  Thus, given the way things
3009		 *     currently work, we need to hold the CTL lock while
3010		 *     grabbing LUN information.
3011		 *
3012		 * So, from the user's standpoint, the best thing to do is
3013		 * allocate what he thinks is a reasonable buffer length,
3014		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3015		 * double the buffer length and try again.  (And repeat
3016		 * that until he succeeds.)
3017		 */
3018		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3019		if (sb == NULL) {
3020			list->status = CTL_LUN_LIST_ERROR;
3021			snprintf(list->error_str, sizeof(list->error_str),
3022				 "Unable to allocate %d bytes for LUN list",
3023				 list->alloc_len);
3024			break;
3025		}
3026
3027		sbuf_printf(sb, "<ctllunlist>\n");
3028
3029		mtx_lock(&softc->ctl_lock);
3030		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3031			mtx_lock(&lun->lun_lock);
3032			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3033					     (uintmax_t)lun->lun);
3034
3035			/*
3036			 * Bail out as soon as we see that we've overfilled
3037			 * the buffer.
3038			 */
3039			if (retval != 0)
3040				break;
3041
3042			retval = sbuf_printf(sb, "\t<backend_type>%s"
3043					     "</backend_type>\n",
3044					     (lun->backend == NULL) ?  "none" :
3045					     lun->backend->name);
3046
3047			if (retval != 0)
3048				break;
3049
3050			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3051					     lun->be_lun->lun_type);
3052
3053			if (retval != 0)
3054				break;
3055
3056			if (lun->backend == NULL) {
3057				retval = sbuf_printf(sb, "</lun>\n");
3058				if (retval != 0)
3059					break;
3060				continue;
3061			}
3062
3063			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3064					     (lun->be_lun->maxlba > 0) ?
3065					     lun->be_lun->maxlba + 1 : 0);
3066
3067			if (retval != 0)
3068				break;
3069
3070			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3071					     lun->be_lun->blocksize);
3072
3073			if (retval != 0)
3074				break;
3075
3076			retval = sbuf_printf(sb, "\t<serial_number>");
3077
3078			if (retval != 0)
3079				break;
3080
3081			retval = ctl_sbuf_printf_esc(sb,
3082			    lun->be_lun->serial_num,
3083			    sizeof(lun->be_lun->serial_num));
3084
3085			if (retval != 0)
3086				break;
3087
3088			retval = sbuf_printf(sb, "</serial_number>\n");
3089
3090			if (retval != 0)
3091				break;
3092
3093			retval = sbuf_printf(sb, "\t<device_id>");
3094
3095			if (retval != 0)
3096				break;
3097
3098			retval = ctl_sbuf_printf_esc(sb,
3099			    lun->be_lun->device_id,
3100			    sizeof(lun->be_lun->device_id));
3101
3102			if (retval != 0)
3103				break;
3104
3105			retval = sbuf_printf(sb, "</device_id>\n");
3106
3107			if (retval != 0)
3108				break;
3109
3110			if (lun->backend->lun_info != NULL) {
3111				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3112				if (retval != 0)
3113					break;
3114			}
3115			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3116				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3117				    opt->name, opt->value, opt->name);
3118				if (retval != 0)
3119					break;
3120			}
3121
3122			retval = sbuf_printf(sb, "</lun>\n");
3123
3124			if (retval != 0)
3125				break;
3126			mtx_unlock(&lun->lun_lock);
3127		}
3128		if (lun != NULL)
3129			mtx_unlock(&lun->lun_lock);
3130		mtx_unlock(&softc->ctl_lock);
3131
3132		if ((retval != 0)
3133		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3134			retval = 0;
3135			sbuf_delete(sb);
3136			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3137			snprintf(list->error_str, sizeof(list->error_str),
3138				 "Out of space, %d bytes is too small",
3139				 list->alloc_len);
3140			break;
3141		}
3142
3143		sbuf_finish(sb);
3144
3145		retval = copyout(sbuf_data(sb), list->lun_xml,
3146				 sbuf_len(sb) + 1);
3147
3148		list->fill_len = sbuf_len(sb) + 1;
3149		list->status = CTL_LUN_LIST_OK;
3150		sbuf_delete(sb);
3151		break;
3152	}
3153	case CTL_ISCSI: {
3154		struct ctl_iscsi *ci;
3155		struct ctl_frontend *fe;
3156
3157		ci = (struct ctl_iscsi *)addr;
3158
3159		fe = ctl_frontend_find("iscsi");
3160		if (fe == NULL) {
3161			ci->status = CTL_ISCSI_ERROR;
3162			snprintf(ci->error_str, sizeof(ci->error_str),
3163			    "Frontend \"iscsi\" not found.");
3164			break;
3165		}
3166
3167		retval = fe->ioctl(dev, cmd, addr, flag, td);
3168		break;
3169	}
3170	case CTL_PORT_REQ: {
3171		struct ctl_req *req;
3172		struct ctl_frontend *fe;
3173
3174		req = (struct ctl_req *)addr;
3175
3176		fe = ctl_frontend_find(req->driver);
3177		if (fe == NULL) {
3178			req->status = CTL_LUN_ERROR;
3179			snprintf(req->error_str, sizeof(req->error_str),
3180			    "Frontend \"%s\" not found.", req->driver);
3181			break;
3182		}
3183		if (req->num_args > 0) {
3184			req->kern_args = ctl_copyin_args(req->num_args,
3185			    req->args, req->error_str, sizeof(req->error_str));
3186			if (req->kern_args == NULL) {
3187				req->status = CTL_LUN_ERROR;
3188				break;
3189			}
3190		}
3191
3192		if (fe->ioctl)
3193			retval = fe->ioctl(dev, cmd, addr, flag, td);
3194		else
3195			retval = ENODEV;
3196
3197		if (req->num_args > 0) {
3198			ctl_copyout_args(req->num_args, req->kern_args);
3199			ctl_free_args(req->num_args, req->kern_args);
3200		}
3201		break;
3202	}
3203	case CTL_PORT_LIST: {
3204		struct sbuf *sb;
3205		struct ctl_port *port;
3206		struct ctl_lun_list *list;
3207		struct ctl_option *opt;
3208		int j;
3209		uint32_t plun;
3210
3211		list = (struct ctl_lun_list *)addr;
3212
3213		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3214		if (sb == NULL) {
3215			list->status = CTL_LUN_LIST_ERROR;
3216			snprintf(list->error_str, sizeof(list->error_str),
3217				 "Unable to allocate %d bytes for LUN list",
3218				 list->alloc_len);
3219			break;
3220		}
3221
3222		sbuf_printf(sb, "<ctlportlist>\n");
3223
3224		mtx_lock(&softc->ctl_lock);
3225		STAILQ_FOREACH(port, &softc->port_list, links) {
3226			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3227					     (uintmax_t)port->targ_port);
3228
3229			/*
3230			 * Bail out as soon as we see that we've overfilled
3231			 * the buffer.
3232			 */
3233			if (retval != 0)
3234				break;
3235
3236			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3237			    "</frontend_type>\n", port->frontend->name);
3238			if (retval != 0)
3239				break;
3240
3241			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3242					     port->port_type);
3243			if (retval != 0)
3244				break;
3245
3246			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3247			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3248			if (retval != 0)
3249				break;
3250
3251			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3252			    port->port_name);
3253			if (retval != 0)
3254				break;
3255
3256			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3257			    port->physical_port);
3258			if (retval != 0)
3259				break;
3260
3261			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3262			    port->virtual_port);
3263			if (retval != 0)
3264				break;
3265
3266			if (port->target_devid != NULL) {
3267				sbuf_printf(sb, "\t<target>");
3268				ctl_id_sbuf(port->target_devid, sb);
3269				sbuf_printf(sb, "</target>\n");
3270			}
3271
3272			if (port->port_devid != NULL) {
3273				sbuf_printf(sb, "\t<port>");
3274				ctl_id_sbuf(port->port_devid, sb);
3275				sbuf_printf(sb, "</port>\n");
3276			}
3277
3278			if (port->port_info != NULL) {
3279				retval = port->port_info(port->onoff_arg, sb);
3280				if (retval != 0)
3281					break;
3282			}
3283			STAILQ_FOREACH(opt, &port->options, links) {
3284				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3285				    opt->name, opt->value, opt->name);
3286				if (retval != 0)
3287					break;
3288			}
3289
3290			if (port->lun_map != NULL) {
3291				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3292				for (j = 0; j < CTL_MAX_LUNS; j++) {
3293					plun = ctl_lun_map_from_port(port, j);
3294					if (plun >= CTL_MAX_LUNS)
3295						continue;
3296					sbuf_printf(sb,
3297					    "\t<lun id=\"%u\">%u</lun>\n",
3298					    j, plun);
3299				}
3300			}
3301
3302			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3303				if (port->wwpn_iid[j].in_use == 0 ||
3304				    (port->wwpn_iid[j].wwpn == 0 &&
3305				     port->wwpn_iid[j].name == NULL))
3306					continue;
3307
3308				if (port->wwpn_iid[j].name != NULL)
3309					retval = sbuf_printf(sb,
3310					    "\t<initiator id=\"%u\">%s</initiator>\n",
3311					    j, port->wwpn_iid[j].name);
3312				else
3313					retval = sbuf_printf(sb,
3314					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3315					    j, port->wwpn_iid[j].wwpn);
3316				if (retval != 0)
3317					break;
3318			}
3319			if (retval != 0)
3320				break;
3321
3322			retval = sbuf_printf(sb, "</targ_port>\n");
3323			if (retval != 0)
3324				break;
3325		}
3326		mtx_unlock(&softc->ctl_lock);
3327
3328		if ((retval != 0)
3329		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3330			retval = 0;
3331			sbuf_delete(sb);
3332			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3333			snprintf(list->error_str, sizeof(list->error_str),
3334				 "Out of space, %d bytes is too small",
3335				 list->alloc_len);
3336			break;
3337		}
3338
3339		sbuf_finish(sb);
3340
3341		retval = copyout(sbuf_data(sb), list->lun_xml,
3342				 sbuf_len(sb) + 1);
3343
3344		list->fill_len = sbuf_len(sb) + 1;
3345		list->status = CTL_LUN_LIST_OK;
3346		sbuf_delete(sb);
3347		break;
3348	}
3349	case CTL_LUN_MAP: {
3350		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3351		struct ctl_port *port;
3352
3353		mtx_lock(&softc->ctl_lock);
3354		if (lm->port < softc->port_min ||
3355		    lm->port >= softc->port_max ||
3356		    (port = softc->ctl_ports[lm->port]) == NULL) {
3357			mtx_unlock(&softc->ctl_lock);
3358			return (ENXIO);
3359		}
3360		if (port->status & CTL_PORT_STATUS_ONLINE) {
3361			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3362				if (ctl_lun_map_to_port(port, lun->lun) >=
3363				    CTL_MAX_LUNS)
3364					continue;
3365				mtx_lock(&lun->lun_lock);
3366				ctl_est_ua_port(lun, lm->port, -1,
3367				    CTL_UA_LUN_CHANGE);
3368				mtx_unlock(&lun->lun_lock);
3369			}
3370		}
3371		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3372		if (lm->plun < CTL_MAX_LUNS) {
3373			if (lm->lun == UINT32_MAX)
3374				retval = ctl_lun_map_unset(port, lm->plun);
3375			else if (lm->lun < CTL_MAX_LUNS &&
3376			    softc->ctl_luns[lm->lun] != NULL)
3377				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3378			else
3379				return (ENXIO);
3380		} else if (lm->plun == UINT32_MAX) {
3381			if (lm->lun == UINT32_MAX)
3382				retval = ctl_lun_map_deinit(port);
3383			else
3384				retval = ctl_lun_map_init(port);
3385		} else
3386			return (ENXIO);
3387		if (port->status & CTL_PORT_STATUS_ONLINE)
3388			ctl_isc_announce_port(port);
3389		break;
3390	}
3391	default: {
3392		/* XXX KDM should we fix this? */
3393#if 0
3394		struct ctl_backend_driver *backend;
3395		unsigned int type;
3396		int found;
3397
3398		found = 0;
3399
3400		/*
3401		 * We encode the backend type as the ioctl type for backend
3402		 * ioctls.  So parse it out here, and then search for a
3403		 * backend of this type.
3404		 */
3405		type = _IOC_TYPE(cmd);
3406
3407		STAILQ_FOREACH(backend, &softc->be_list, links) {
3408			if (backend->type == type) {
3409				found = 1;
3410				break;
3411			}
3412		}
3413		if (found == 0) {
3414			printf("ctl: unknown ioctl command %#lx or backend "
3415			       "%d\n", cmd, type);
3416			retval = EINVAL;
3417			break;
3418		}
3419		retval = backend->ioctl(dev, cmd, addr, flag, td);
3420#endif
3421		retval = ENOTTY;
3422		break;
3423	}
3424	}
3425	return (retval);
3426}
3427
3428uint32_t
3429ctl_get_initindex(struct ctl_nexus *nexus)
3430{
3431	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3432}
3433
3434int
3435ctl_lun_map_init(struct ctl_port *port)
3436{
3437	struct ctl_softc *softc = port->ctl_softc;
3438	struct ctl_lun *lun;
3439	uint32_t i;
3440
3441	if (port->lun_map == NULL)
3442		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3443		    M_CTL, M_NOWAIT);
3444	if (port->lun_map == NULL)
3445		return (ENOMEM);
3446	for (i = 0; i < CTL_MAX_LUNS; i++)
3447		port->lun_map[i] = UINT32_MAX;
3448	if (port->status & CTL_PORT_STATUS_ONLINE) {
3449		if (port->lun_disable != NULL) {
3450			STAILQ_FOREACH(lun, &softc->lun_list, links)
3451				port->lun_disable(port->targ_lun_arg, lun->lun);
3452		}
3453		ctl_isc_announce_port(port);
3454	}
3455	return (0);
3456}
3457
3458int
3459ctl_lun_map_deinit(struct ctl_port *port)
3460{
3461	struct ctl_softc *softc = port->ctl_softc;
3462	struct ctl_lun *lun;
3463
3464	if (port->lun_map == NULL)
3465		return (0);
3466	free(port->lun_map, M_CTL);
3467	port->lun_map = NULL;
3468	if (port->status & CTL_PORT_STATUS_ONLINE) {
3469		if (port->lun_enable != NULL) {
3470			STAILQ_FOREACH(lun, &softc->lun_list, links)
3471				port->lun_enable(port->targ_lun_arg, lun->lun);
3472		}
3473		ctl_isc_announce_port(port);
3474	}
3475	return (0);
3476}
3477
3478int
3479ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3480{
3481	int status;
3482	uint32_t old;
3483
3484	if (port->lun_map == NULL) {
3485		status = ctl_lun_map_init(port);
3486		if (status != 0)
3487			return (status);
3488	}
3489	old = port->lun_map[plun];
3490	port->lun_map[plun] = glun;
3491	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3492		if (port->lun_enable != NULL)
3493			port->lun_enable(port->targ_lun_arg, plun);
3494		ctl_isc_announce_port(port);
3495	}
3496	return (0);
3497}
3498
3499int
3500ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3501{
3502	uint32_t old;
3503
3504	if (port->lun_map == NULL)
3505		return (0);
3506	old = port->lun_map[plun];
3507	port->lun_map[plun] = UINT32_MAX;
3508	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3509		if (port->lun_disable != NULL)
3510			port->lun_disable(port->targ_lun_arg, plun);
3511		ctl_isc_announce_port(port);
3512	}
3513	return (0);
3514}
3515
3516uint32_t
3517ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3518{
3519
3520	if (port == NULL)
3521		return (UINT32_MAX);
3522	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3523		return (lun_id);
3524	return (port->lun_map[lun_id]);
3525}
3526
3527uint32_t
3528ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3529{
3530	uint32_t i;
3531
3532	if (port == NULL)
3533		return (UINT32_MAX);
3534	if (port->lun_map == NULL)
3535		return (lun_id);
3536	for (i = 0; i < CTL_MAX_LUNS; i++) {
3537		if (port->lun_map[i] == lun_id)
3538			return (i);
3539	}
3540	return (UINT32_MAX);
3541}
3542
3543static struct ctl_port *
3544ctl_io_port(struct ctl_io_hdr *io_hdr)
3545{
3546
3547	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3548}
3549
3550int
3551ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3552{
3553	int i;
3554
3555	for (i = first; i < last; i++) {
3556		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3557			return (i);
3558	}
3559	return (-1);
3560}
3561
3562int
3563ctl_set_mask(uint32_t *mask, uint32_t bit)
3564{
3565	uint32_t chunk, piece;
3566
3567	chunk = bit >> 5;
3568	piece = bit % (sizeof(uint32_t) * 8);
3569
3570	if ((mask[chunk] & (1 << piece)) != 0)
3571		return (-1);
3572	else
3573		mask[chunk] |= (1 << piece);
3574
3575	return (0);
3576}
3577
3578int
3579ctl_clear_mask(uint32_t *mask, uint32_t bit)
3580{
3581	uint32_t chunk, piece;
3582
3583	chunk = bit >> 5;
3584	piece = bit % (sizeof(uint32_t) * 8);
3585
3586	if ((mask[chunk] & (1 << piece)) == 0)
3587		return (-1);
3588	else
3589		mask[chunk] &= ~(1 << piece);
3590
3591	return (0);
3592}
3593
3594int
3595ctl_is_set(uint32_t *mask, uint32_t bit)
3596{
3597	uint32_t chunk, piece;
3598
3599	chunk = bit >> 5;
3600	piece = bit % (sizeof(uint32_t) * 8);
3601
3602	if ((mask[chunk] & (1 << piece)) == 0)
3603		return (0);
3604	else
3605		return (1);
3606}
3607
3608static uint64_t
3609ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3610{
3611	uint64_t *t;
3612
3613	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3614	if (t == NULL)
3615		return (0);
3616	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3617}
3618
3619static void
3620ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3621{
3622	uint64_t *t;
3623
3624	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3625	if (t == NULL)
3626		return;
3627	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3628}
3629
3630static void
3631ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3632{
3633	uint64_t *p;
3634	u_int i;
3635
3636	i = residx/CTL_MAX_INIT_PER_PORT;
3637	if (lun->pr_keys[i] != NULL)
3638		return;
3639	mtx_unlock(&lun->lun_lock);
3640	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3641	    M_WAITOK | M_ZERO);
3642	mtx_lock(&lun->lun_lock);
3643	if (lun->pr_keys[i] == NULL)
3644		lun->pr_keys[i] = p;
3645	else
3646		free(p, M_CTL);
3647}
3648
3649static void
3650ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3651{
3652	uint64_t *t;
3653
3654	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3655	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3656	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3657}
3658
3659/*
3660 * ctl_softc, pool_name, total_ctl_io are passed in.
3661 * npool is passed out.
3662 */
3663int
3664ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3665		uint32_t total_ctl_io, void **npool)
3666{
3667#ifdef IO_POOLS
3668	struct ctl_io_pool *pool;
3669
3670	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3671					    M_NOWAIT | M_ZERO);
3672	if (pool == NULL)
3673		return (ENOMEM);
3674
3675	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3676	pool->ctl_softc = ctl_softc;
3677	pool->zone = uma_zsecond_create(pool->name, NULL,
3678	    NULL, NULL, NULL, ctl_softc->io_zone);
3679	/* uma_prealloc(pool->zone, total_ctl_io); */
3680
3681	*npool = pool;
3682#else
3683	*npool = ctl_softc->io_zone;
3684#endif
3685	return (0);
3686}
3687
3688void
3689ctl_pool_free(struct ctl_io_pool *pool)
3690{
3691
3692	if (pool == NULL)
3693		return;
3694
3695#ifdef IO_POOLS
3696	uma_zdestroy(pool->zone);
3697	free(pool, M_CTL);
3698#endif
3699}
3700
3701union ctl_io *
3702ctl_alloc_io(void *pool_ref)
3703{
3704	union ctl_io *io;
3705#ifdef IO_POOLS
3706	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3707
3708	io = uma_zalloc(pool->zone, M_WAITOK);
3709#else
3710	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3711#endif
3712	if (io != NULL)
3713		io->io_hdr.pool = pool_ref;
3714	return (io);
3715}
3716
3717union ctl_io *
3718ctl_alloc_io_nowait(void *pool_ref)
3719{
3720	union ctl_io *io;
3721#ifdef IO_POOLS
3722	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3723
3724	io = uma_zalloc(pool->zone, M_NOWAIT);
3725#else
3726	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3727#endif
3728	if (io != NULL)
3729		io->io_hdr.pool = pool_ref;
3730	return (io);
3731}
3732
3733void
3734ctl_free_io(union ctl_io *io)
3735{
3736#ifdef IO_POOLS
3737	struct ctl_io_pool *pool;
3738#endif
3739
3740	if (io == NULL)
3741		return;
3742
3743#ifdef IO_POOLS
3744	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3745	uma_zfree(pool->zone, io);
3746#else
3747	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3748#endif
3749}
3750
3751void
3752ctl_zero_io(union ctl_io *io)
3753{
3754	void *pool_ref;
3755
3756	if (io == NULL)
3757		return;
3758
3759	/*
3760	 * May need to preserve linked list pointers at some point too.
3761	 */
3762	pool_ref = io->io_hdr.pool;
3763	memset(io, 0, sizeof(*io));
3764	io->io_hdr.pool = pool_ref;
3765}
3766
3767int
3768ctl_expand_number(const char *buf, uint64_t *num)
3769{
3770	char *endptr;
3771	uint64_t number;
3772	unsigned shift;
3773
3774	number = strtoq(buf, &endptr, 0);
3775
3776	switch (tolower((unsigned char)*endptr)) {
3777	case 'e':
3778		shift = 60;
3779		break;
3780	case 'p':
3781		shift = 50;
3782		break;
3783	case 't':
3784		shift = 40;
3785		break;
3786	case 'g':
3787		shift = 30;
3788		break;
3789	case 'm':
3790		shift = 20;
3791		break;
3792	case 'k':
3793		shift = 10;
3794		break;
3795	case 'b':
3796	case '\0': /* No unit. */
3797		*num = number;
3798		return (0);
3799	default:
3800		/* Unrecognized unit. */
3801		return (-1);
3802	}
3803
3804	if ((number << shift) >> shift != number) {
3805		/* Overflow */
3806		return (-1);
3807	}
3808	*num = number << shift;
3809	return (0);
3810}
3811
3812
3813/*
3814 * This routine could be used in the future to load default and/or saved
3815 * mode page parameters for a particuar lun.
3816 */
3817static int
3818ctl_init_page_index(struct ctl_lun *lun)
3819{
3820	int i, page_code;
3821	struct ctl_page_index *page_index;
3822	const char *value;
3823	uint64_t ival;
3824
3825	memcpy(&lun->mode_pages.index, page_index_template,
3826	       sizeof(page_index_template));
3827
3828	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3829
3830		page_index = &lun->mode_pages.index[i];
3831		if (lun->be_lun->lun_type == T_DIRECT &&
3832		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
3833			continue;
3834		if (lun->be_lun->lun_type == T_PROCESSOR &&
3835		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
3836			continue;
3837		if (lun->be_lun->lun_type == T_CDROM &&
3838		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
3839			continue;
3840
3841		page_code = page_index->page_code & SMPH_PC_MASK;
3842		switch (page_code) {
3843		case SMS_RW_ERROR_RECOVERY_PAGE: {
3844			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3845			    ("subpage %#x for page %#x is incorrect!",
3846			    page_index->subpage, page_code));
3847			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3848			       &rw_er_page_default,
3849			       sizeof(rw_er_page_default));
3850			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3851			       &rw_er_page_changeable,
3852			       sizeof(rw_er_page_changeable));
3853			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3854			       &rw_er_page_default,
3855			       sizeof(rw_er_page_default));
3856			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3857			       &rw_er_page_default,
3858			       sizeof(rw_er_page_default));
3859			page_index->page_data =
3860				(uint8_t *)lun->mode_pages.rw_er_page;
3861			break;
3862		}
3863		case SMS_FORMAT_DEVICE_PAGE: {
3864			struct scsi_format_page *format_page;
3865
3866			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3867			    ("subpage %#x for page %#x is incorrect!",
3868			    page_index->subpage, page_code));
3869
3870			/*
3871			 * Sectors per track are set above.  Bytes per
3872			 * sector need to be set here on a per-LUN basis.
3873			 */
3874			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3875			       &format_page_default,
3876			       sizeof(format_page_default));
3877			memcpy(&lun->mode_pages.format_page[
3878			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3879			       sizeof(format_page_changeable));
3880			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3881			       &format_page_default,
3882			       sizeof(format_page_default));
3883			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3884			       &format_page_default,
3885			       sizeof(format_page_default));
3886
3887			format_page = &lun->mode_pages.format_page[
3888				CTL_PAGE_CURRENT];
3889			scsi_ulto2b(lun->be_lun->blocksize,
3890				    format_page->bytes_per_sector);
3891
3892			format_page = &lun->mode_pages.format_page[
3893				CTL_PAGE_DEFAULT];
3894			scsi_ulto2b(lun->be_lun->blocksize,
3895				    format_page->bytes_per_sector);
3896
3897			format_page = &lun->mode_pages.format_page[
3898				CTL_PAGE_SAVED];
3899			scsi_ulto2b(lun->be_lun->blocksize,
3900				    format_page->bytes_per_sector);
3901
3902			page_index->page_data =
3903				(uint8_t *)lun->mode_pages.format_page;
3904			break;
3905		}
3906		case SMS_RIGID_DISK_PAGE: {
3907			struct scsi_rigid_disk_page *rigid_disk_page;
3908			uint32_t sectors_per_cylinder;
3909			uint64_t cylinders;
3910#ifndef	__XSCALE__
3911			int shift;
3912#endif /* !__XSCALE__ */
3913
3914			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3915			    ("subpage %#x for page %#x is incorrect!",
3916			    page_index->subpage, page_code));
3917
3918			/*
3919			 * Rotation rate and sectors per track are set
3920			 * above.  We calculate the cylinders here based on
3921			 * capacity.  Due to the number of heads and
3922			 * sectors per track we're using, smaller arrays
3923			 * may turn out to have 0 cylinders.  Linux and
3924			 * FreeBSD don't pay attention to these mode pages
3925			 * to figure out capacity, but Solaris does.  It
3926			 * seems to deal with 0 cylinders just fine, and
3927			 * works out a fake geometry based on the capacity.
3928			 */
3929			memcpy(&lun->mode_pages.rigid_disk_page[
3930			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3931			       sizeof(rigid_disk_page_default));
3932			memcpy(&lun->mode_pages.rigid_disk_page[
3933			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3934			       sizeof(rigid_disk_page_changeable));
3935
3936			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3937				CTL_DEFAULT_HEADS;
3938
3939			/*
3940			 * The divide method here will be more accurate,
3941			 * probably, but results in floating point being
3942			 * used in the kernel on i386 (__udivdi3()).  On the
3943			 * XScale, though, __udivdi3() is implemented in
3944			 * software.
3945			 *
3946			 * The shift method for cylinder calculation is
3947			 * accurate if sectors_per_cylinder is a power of
3948			 * 2.  Otherwise it might be slightly off -- you
3949			 * might have a bit of a truncation problem.
3950			 */
3951#ifdef	__XSCALE__
3952			cylinders = (lun->be_lun->maxlba + 1) /
3953				sectors_per_cylinder;
3954#else
3955			for (shift = 31; shift > 0; shift--) {
3956				if (sectors_per_cylinder & (1 << shift))
3957					break;
3958			}
3959			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3960#endif
3961
3962			/*
3963			 * We've basically got 3 bytes, or 24 bits for the
3964			 * cylinder size in the mode page.  If we're over,
3965			 * just round down to 2^24.
3966			 */
3967			if (cylinders > 0xffffff)
3968				cylinders = 0xffffff;
3969
3970			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3971				CTL_PAGE_DEFAULT];
3972			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3973
3974			if ((value = ctl_get_opt(&lun->be_lun->options,
3975			    "rpm")) != NULL) {
3976				scsi_ulto2b(strtol(value, NULL, 0),
3977				     rigid_disk_page->rotation_rate);
3978			}
3979
3980			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3981			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3982			       sizeof(rigid_disk_page_default));
3983			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3984			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3985			       sizeof(rigid_disk_page_default));
3986
3987			page_index->page_data =
3988				(uint8_t *)lun->mode_pages.rigid_disk_page;
3989			break;
3990		}
3991		case SMS_CACHING_PAGE: {
3992			struct scsi_caching_page *caching_page;
3993
3994			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3995			    ("subpage %#x for page %#x is incorrect!",
3996			    page_index->subpage, page_code));
3997			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3998			       &caching_page_default,
3999			       sizeof(caching_page_default));
4000			memcpy(&lun->mode_pages.caching_page[
4001			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4002			       sizeof(caching_page_changeable));
4003			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4004			       &caching_page_default,
4005			       sizeof(caching_page_default));
4006			caching_page = &lun->mode_pages.caching_page[
4007			    CTL_PAGE_SAVED];
4008			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4009			if (value != NULL && strcmp(value, "off") == 0)
4010				caching_page->flags1 &= ~SCP_WCE;
4011			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4012			if (value != NULL && strcmp(value, "off") == 0)
4013				caching_page->flags1 |= SCP_RCD;
4014			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4015			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4016			       sizeof(caching_page_default));
4017			page_index->page_data =
4018				(uint8_t *)lun->mode_pages.caching_page;
4019			break;
4020		}
4021		case SMS_CONTROL_MODE_PAGE: {
4022			switch (page_index->subpage) {
4023			case SMS_SUBPAGE_PAGE_0: {
4024				struct scsi_control_page *control_page;
4025
4026				memcpy(&lun->mode_pages.control_page[
4027				    CTL_PAGE_DEFAULT],
4028				       &control_page_default,
4029				       sizeof(control_page_default));
4030				memcpy(&lun->mode_pages.control_page[
4031				    CTL_PAGE_CHANGEABLE],
4032				       &control_page_changeable,
4033				       sizeof(control_page_changeable));
4034				memcpy(&lun->mode_pages.control_page[
4035				    CTL_PAGE_SAVED],
4036				       &control_page_default,
4037				       sizeof(control_page_default));
4038				control_page = &lun->mode_pages.control_page[
4039				    CTL_PAGE_SAVED];
4040				value = ctl_get_opt(&lun->be_lun->options,
4041				    "reordering");
4042				if (value != NULL &&
4043				    strcmp(value, "unrestricted") == 0) {
4044					control_page->queue_flags &=
4045					    ~SCP_QUEUE_ALG_MASK;
4046					control_page->queue_flags |=
4047					    SCP_QUEUE_ALG_UNRESTRICTED;
4048				}
4049				memcpy(&lun->mode_pages.control_page[
4050				    CTL_PAGE_CURRENT],
4051				       &lun->mode_pages.control_page[
4052				    CTL_PAGE_SAVED],
4053				       sizeof(control_page_default));
4054				page_index->page_data =
4055				    (uint8_t *)lun->mode_pages.control_page;
4056				break;
4057			}
4058			case 0x01:
4059				memcpy(&lun->mode_pages.control_ext_page[
4060				    CTL_PAGE_DEFAULT],
4061				       &control_ext_page_default,
4062				       sizeof(control_ext_page_default));
4063				memcpy(&lun->mode_pages.control_ext_page[
4064				    CTL_PAGE_CHANGEABLE],
4065				       &control_ext_page_changeable,
4066				       sizeof(control_ext_page_changeable));
4067				memcpy(&lun->mode_pages.control_ext_page[
4068				    CTL_PAGE_SAVED],
4069				       &control_ext_page_default,
4070				       sizeof(control_ext_page_default));
4071				memcpy(&lun->mode_pages.control_ext_page[
4072				    CTL_PAGE_CURRENT],
4073				       &lun->mode_pages.control_ext_page[
4074				    CTL_PAGE_SAVED],
4075				       sizeof(control_ext_page_default));
4076				page_index->page_data =
4077				    (uint8_t *)lun->mode_pages.control_ext_page;
4078				break;
4079			default:
4080				panic("subpage %#x for page %#x is incorrect!",
4081				      page_index->subpage, page_code);
4082			}
4083			break;
4084		}
4085		case SMS_INFO_EXCEPTIONS_PAGE: {
4086			switch (page_index->subpage) {
4087			case SMS_SUBPAGE_PAGE_0:
4088				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4089				       &ie_page_default,
4090				       sizeof(ie_page_default));
4091				memcpy(&lun->mode_pages.ie_page[
4092				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4093				       sizeof(ie_page_changeable));
4094				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4095				       &ie_page_default,
4096				       sizeof(ie_page_default));
4097				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4098				       &ie_page_default,
4099				       sizeof(ie_page_default));
4100				page_index->page_data =
4101					(uint8_t *)lun->mode_pages.ie_page;
4102				break;
4103			case 0x02: {
4104				struct ctl_logical_block_provisioning_page *page;
4105
4106				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4107				       &lbp_page_default,
4108				       sizeof(lbp_page_default));
4109				memcpy(&lun->mode_pages.lbp_page[
4110				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4111				       sizeof(lbp_page_changeable));
4112				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4113				       &lbp_page_default,
4114				       sizeof(lbp_page_default));
4115				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4116				value = ctl_get_opt(&lun->be_lun->options,
4117				    "avail-threshold");
4118				if (value != NULL &&
4119				    ctl_expand_number(value, &ival) == 0) {
4120					page->descr[0].flags |= SLBPPD_ENABLED |
4121					    SLBPPD_ARMING_DEC;
4122					if (lun->be_lun->blocksize)
4123						ival /= lun->be_lun->blocksize;
4124					else
4125						ival /= 512;
4126					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4127					    page->descr[0].count);
4128				}
4129				value = ctl_get_opt(&lun->be_lun->options,
4130				    "used-threshold");
4131				if (value != NULL &&
4132				    ctl_expand_number(value, &ival) == 0) {
4133					page->descr[1].flags |= SLBPPD_ENABLED |
4134					    SLBPPD_ARMING_INC;
4135					if (lun->be_lun->blocksize)
4136						ival /= lun->be_lun->blocksize;
4137					else
4138						ival /= 512;
4139					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4140					    page->descr[1].count);
4141				}
4142				value = ctl_get_opt(&lun->be_lun->options,
4143				    "pool-avail-threshold");
4144				if (value != NULL &&
4145				    ctl_expand_number(value, &ival) == 0) {
4146					page->descr[2].flags |= SLBPPD_ENABLED |
4147					    SLBPPD_ARMING_DEC;
4148					if (lun->be_lun->blocksize)
4149						ival /= lun->be_lun->blocksize;
4150					else
4151						ival /= 512;
4152					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4153					    page->descr[2].count);
4154				}
4155				value = ctl_get_opt(&lun->be_lun->options,
4156				    "pool-used-threshold");
4157				if (value != NULL &&
4158				    ctl_expand_number(value, &ival) == 0) {
4159					page->descr[3].flags |= SLBPPD_ENABLED |
4160					    SLBPPD_ARMING_INC;
4161					if (lun->be_lun->blocksize)
4162						ival /= lun->be_lun->blocksize;
4163					else
4164						ival /= 512;
4165					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4166					    page->descr[3].count);
4167				}
4168				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4169				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4170				       sizeof(lbp_page_default));
4171				page_index->page_data =
4172					(uint8_t *)lun->mode_pages.lbp_page;
4173				break;
4174			}
4175			default:
4176				panic("subpage %#x for page %#x is incorrect!",
4177				      page_index->subpage, page_code);
4178			}
4179			break;
4180		}
4181		case SMS_CDDVD_CAPS_PAGE:{
4182			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4183			    ("subpage %#x for page %#x is incorrect!",
4184			    page_index->subpage, page_code));
4185			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_DEFAULT],
4186			       &cddvd_page_default,
4187			       sizeof(cddvd_page_default));
4188			memcpy(&lun->mode_pages.cddvd_page[
4189			       CTL_PAGE_CHANGEABLE], &cddvd_page_changeable,
4190			       sizeof(cddvd_page_changeable));
4191			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4192			       &cddvd_page_default,
4193			       sizeof(cddvd_page_default));
4194			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_CURRENT],
4195			       &lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4196			       sizeof(cddvd_page_default));
4197			page_index->page_data =
4198				(uint8_t *)lun->mode_pages.cddvd_page;
4199			break;
4200		}
4201		case SMS_VENDOR_SPECIFIC_PAGE:{
4202			switch (page_index->subpage) {
4203			case DBGCNF_SUBPAGE_CODE: {
4204				memcpy(&lun->mode_pages.debugconf_subpage[
4205				       CTL_PAGE_CURRENT],
4206				       &debugconf_page_default,
4207				       sizeof(debugconf_page_default));
4208				memcpy(&lun->mode_pages.debugconf_subpage[
4209				       CTL_PAGE_CHANGEABLE],
4210				       &debugconf_page_changeable,
4211				       sizeof(debugconf_page_changeable));
4212				memcpy(&lun->mode_pages.debugconf_subpage[
4213				       CTL_PAGE_DEFAULT],
4214				       &debugconf_page_default,
4215				       sizeof(debugconf_page_default));
4216				memcpy(&lun->mode_pages.debugconf_subpage[
4217				       CTL_PAGE_SAVED],
4218				       &debugconf_page_default,
4219				       sizeof(debugconf_page_default));
4220				page_index->page_data =
4221				    (uint8_t *)lun->mode_pages.debugconf_subpage;
4222				break;
4223			}
4224			default:
4225				panic("subpage %#x for page %#x is incorrect!",
4226				      page_index->subpage, page_code);
4227			}
4228			break;
4229		}
4230		default:
4231			panic("invalid page code value %#x", page_code);
4232		}
4233	}
4234
4235	return (CTL_RETVAL_COMPLETE);
4236}
4237
4238static int
4239ctl_init_log_page_index(struct ctl_lun *lun)
4240{
4241	struct ctl_page_index *page_index;
4242	int i, j, k, prev;
4243
4244	memcpy(&lun->log_pages.index, log_page_index_template,
4245	       sizeof(log_page_index_template));
4246
4247	prev = -1;
4248	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4249
4250		page_index = &lun->log_pages.index[i];
4251		if (lun->be_lun->lun_type == T_DIRECT &&
4252		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4253			continue;
4254		if (lun->be_lun->lun_type == T_PROCESSOR &&
4255		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4256			continue;
4257		if (lun->be_lun->lun_type == T_CDROM &&
4258		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4259			continue;
4260
4261		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4262		    lun->backend->lun_attr == NULL)
4263			continue;
4264
4265		if (page_index->page_code != prev) {
4266			lun->log_pages.pages_page[j] = page_index->page_code;
4267			prev = page_index->page_code;
4268			j++;
4269		}
4270		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4271		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4272		k++;
4273	}
4274	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4275	lun->log_pages.index[0].page_len = j;
4276	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4277	lun->log_pages.index[1].page_len = k * 2;
4278	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4279	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4280	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4281	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4282
4283	return (CTL_RETVAL_COMPLETE);
4284}
4285
4286static int
4287hex2bin(const char *str, uint8_t *buf, int buf_size)
4288{
4289	int i;
4290	u_char c;
4291
4292	memset(buf, 0, buf_size);
4293	while (isspace(str[0]))
4294		str++;
4295	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4296		str += 2;
4297	buf_size *= 2;
4298	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4299		c = str[i];
4300		if (isdigit(c))
4301			c -= '0';
4302		else if (isalpha(c))
4303			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4304		else
4305			break;
4306		if (c >= 16)
4307			break;
4308		if ((i & 1) == 0)
4309			buf[i / 2] |= (c << 4);
4310		else
4311			buf[i / 2] |= c;
4312	}
4313	return ((i + 1) / 2);
4314}
4315
4316/*
4317 * LUN allocation.
4318 *
4319 * Requirements:
4320 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4321 *   wants us to allocate the LUN and he can block.
4322 * - ctl_softc is always set
4323 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4324 *
4325 * Returns 0 for success, non-zero (errno) for failure.
4326 */
4327static int
4328ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4329	      struct ctl_be_lun *const be_lun)
4330{
4331	struct ctl_lun *nlun, *lun;
4332	struct scsi_vpd_id_descriptor *desc;
4333	struct scsi_vpd_id_t10 *t10id;
4334	const char *eui, *naa, *scsiname, *vendor, *value;
4335	int lun_number, i, lun_malloced;
4336	int devidlen, idlen1, idlen2 = 0, len;
4337
4338	if (be_lun == NULL)
4339		return (EINVAL);
4340
4341	/*
4342	 * We currently only support Direct Access or Processor LUN types.
4343	 */
4344	switch (be_lun->lun_type) {
4345	case T_DIRECT:
4346	case T_PROCESSOR:
4347	case T_CDROM:
4348		break;
4349	case T_SEQUENTIAL:
4350	case T_CHANGER:
4351	default:
4352		be_lun->lun_config_status(be_lun->be_lun,
4353					  CTL_LUN_CONFIG_FAILURE);
4354		break;
4355	}
4356	if (ctl_lun == NULL) {
4357		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4358		lun_malloced = 1;
4359	} else {
4360		lun_malloced = 0;
4361		lun = ctl_lun;
4362	}
4363
4364	memset(lun, 0, sizeof(*lun));
4365	if (lun_malloced)
4366		lun->flags = CTL_LUN_MALLOCED;
4367
4368	/* Generate LUN ID. */
4369	devidlen = max(CTL_DEVID_MIN_LEN,
4370	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4371	idlen1 = sizeof(*t10id) + devidlen;
4372	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4373	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4374	if (scsiname != NULL) {
4375		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4376		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4377	}
4378	eui = ctl_get_opt(&be_lun->options, "eui");
4379	if (eui != NULL) {
4380		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4381	}
4382	naa = ctl_get_opt(&be_lun->options, "naa");
4383	if (naa != NULL) {
4384		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4385	}
4386	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4387	    M_CTL, M_WAITOK | M_ZERO);
4388	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4389	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4390	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4391	desc->length = idlen1;
4392	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4393	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4394	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4395		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4396	} else {
4397		strncpy(t10id->vendor, vendor,
4398		    min(sizeof(t10id->vendor), strlen(vendor)));
4399	}
4400	strncpy((char *)t10id->vendor_spec_id,
4401	    (char *)be_lun->device_id, devidlen);
4402	if (scsiname != NULL) {
4403		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4404		    desc->length);
4405		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4406		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4407		    SVPD_ID_TYPE_SCSI_NAME;
4408		desc->length = idlen2;
4409		strlcpy(desc->identifier, scsiname, idlen2);
4410	}
4411	if (eui != NULL) {
4412		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4413		    desc->length);
4414		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4415		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4416		    SVPD_ID_TYPE_EUI64;
4417		desc->length = hex2bin(eui, desc->identifier, 16);
4418		desc->length = desc->length > 12 ? 16 :
4419		    (desc->length > 8 ? 12 : 8);
4420		len -= 16 - desc->length;
4421	}
4422	if (naa != NULL) {
4423		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4424		    desc->length);
4425		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4426		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4427		    SVPD_ID_TYPE_NAA;
4428		desc->length = hex2bin(naa, desc->identifier, 16);
4429		desc->length = desc->length > 8 ? 16 : 8;
4430		len -= 16 - desc->length;
4431	}
4432	lun->lun_devid->len = len;
4433
4434	mtx_lock(&ctl_softc->ctl_lock);
4435	/*
4436	 * See if the caller requested a particular LUN number.  If so, see
4437	 * if it is available.  Otherwise, allocate the first available LUN.
4438	 */
4439	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4440		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4441		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4442			mtx_unlock(&ctl_softc->ctl_lock);
4443			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4444				printf("ctl: requested LUN ID %d is higher "
4445				       "than CTL_MAX_LUNS - 1 (%d)\n",
4446				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4447			} else {
4448				/*
4449				 * XXX KDM return an error, or just assign
4450				 * another LUN ID in this case??
4451				 */
4452				printf("ctl: requested LUN ID %d is already "
4453				       "in use\n", be_lun->req_lun_id);
4454			}
4455			if (lun->flags & CTL_LUN_MALLOCED)
4456				free(lun, M_CTL);
4457			be_lun->lun_config_status(be_lun->be_lun,
4458						  CTL_LUN_CONFIG_FAILURE);
4459			return (ENOSPC);
4460		}
4461		lun_number = be_lun->req_lun_id;
4462	} else {
4463		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4464		if (lun_number == -1) {
4465			mtx_unlock(&ctl_softc->ctl_lock);
4466			printf("ctl: can't allocate LUN, out of LUNs\n");
4467			if (lun->flags & CTL_LUN_MALLOCED)
4468				free(lun, M_CTL);
4469			be_lun->lun_config_status(be_lun->be_lun,
4470						  CTL_LUN_CONFIG_FAILURE);
4471			return (ENOSPC);
4472		}
4473	}
4474	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4475
4476	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4477	lun->lun = lun_number;
4478	lun->be_lun = be_lun;
4479	/*
4480	 * The processor LUN is always enabled.  Disk LUNs come on line
4481	 * disabled, and must be enabled by the backend.
4482	 */
4483	lun->flags |= CTL_LUN_DISABLED;
4484	lun->backend = be_lun->be;
4485	be_lun->ctl_lun = lun;
4486	be_lun->lun_id = lun_number;
4487	atomic_add_int(&be_lun->be->num_luns, 1);
4488	if (be_lun->flags & CTL_LUN_FLAG_EJECTED)
4489		lun->flags |= CTL_LUN_EJECTED;
4490	if (be_lun->flags & CTL_LUN_FLAG_NO_MEDIA)
4491		lun->flags |= CTL_LUN_NO_MEDIA;
4492	if (be_lun->flags & CTL_LUN_FLAG_STOPPED)
4493		lun->flags |= CTL_LUN_STOPPED;
4494
4495	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4496		lun->flags |= CTL_LUN_PRIMARY_SC;
4497
4498	value = ctl_get_opt(&be_lun->options, "removable");
4499	if (value != NULL) {
4500		if (strcmp(value, "on") == 0)
4501			lun->flags |= CTL_LUN_REMOVABLE;
4502	} else if (be_lun->lun_type == T_CDROM)
4503		lun->flags |= CTL_LUN_REMOVABLE;
4504
4505	lun->ctl_softc = ctl_softc;
4506#ifdef CTL_TIME_IO
4507	lun->last_busy = getsbinuptime();
4508#endif
4509	TAILQ_INIT(&lun->ooa_queue);
4510	TAILQ_INIT(&lun->blocked_queue);
4511	STAILQ_INIT(&lun->error_list);
4512	ctl_tpc_lun_init(lun);
4513
4514	/*
4515	 * Initialize the mode and log page index.
4516	 */
4517	ctl_init_page_index(lun);
4518	ctl_init_log_page_index(lun);
4519
4520	/*
4521	 * Now, before we insert this lun on the lun list, set the lun
4522	 * inventory changed UA for all other luns.
4523	 */
4524	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4525		mtx_lock(&nlun->lun_lock);
4526		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4527		mtx_unlock(&nlun->lun_lock);
4528	}
4529
4530	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4531
4532	ctl_softc->ctl_luns[lun_number] = lun;
4533
4534	ctl_softc->num_luns++;
4535
4536	/* Setup statistics gathering */
4537	lun->stats.device_type = be_lun->lun_type;
4538	lun->stats.lun_number = lun_number;
4539	lun->stats.blocksize = be_lun->blocksize;
4540	if (be_lun->blocksize == 0)
4541		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4542	for (i = 0;i < CTL_MAX_PORTS;i++)
4543		lun->stats.ports[i].targ_port = i;
4544
4545	mtx_unlock(&ctl_softc->ctl_lock);
4546
4547	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4548	return (0);
4549}
4550
4551/*
4552 * Delete a LUN.
4553 * Assumptions:
4554 * - LUN has already been marked invalid and any pending I/O has been taken
4555 *   care of.
4556 */
4557static int
4558ctl_free_lun(struct ctl_lun *lun)
4559{
4560	struct ctl_softc *softc;
4561	struct ctl_lun *nlun;
4562	int i;
4563
4564	softc = lun->ctl_softc;
4565
4566	mtx_assert(&softc->ctl_lock, MA_OWNED);
4567
4568	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4569
4570	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4571
4572	softc->ctl_luns[lun->lun] = NULL;
4573
4574	if (!TAILQ_EMPTY(&lun->ooa_queue))
4575		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4576
4577	softc->num_luns--;
4578
4579	/*
4580	 * Tell the backend to free resources, if this LUN has a backend.
4581	 */
4582	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4583	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4584
4585	ctl_tpc_lun_shutdown(lun);
4586	mtx_destroy(&lun->lun_lock);
4587	free(lun->lun_devid, M_CTL);
4588	for (i = 0; i < CTL_MAX_PORTS; i++)
4589		free(lun->pending_ua[i], M_CTL);
4590	for (i = 0; i < CTL_MAX_PORTS; i++)
4591		free(lun->pr_keys[i], M_CTL);
4592	free(lun->write_buffer, M_CTL);
4593	if (lun->flags & CTL_LUN_MALLOCED)
4594		free(lun, M_CTL);
4595
4596	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4597		mtx_lock(&nlun->lun_lock);
4598		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4599		mtx_unlock(&nlun->lun_lock);
4600	}
4601
4602	return (0);
4603}
4604
4605static void
4606ctl_create_lun(struct ctl_be_lun *be_lun)
4607{
4608
4609	/*
4610	 * ctl_alloc_lun() should handle all potential failure cases.
4611	 */
4612	ctl_alloc_lun(control_softc, NULL, be_lun);
4613}
4614
4615int
4616ctl_add_lun(struct ctl_be_lun *be_lun)
4617{
4618	struct ctl_softc *softc = control_softc;
4619
4620	mtx_lock(&softc->ctl_lock);
4621	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4622	mtx_unlock(&softc->ctl_lock);
4623	wakeup(&softc->pending_lun_queue);
4624
4625	return (0);
4626}
4627
4628int
4629ctl_enable_lun(struct ctl_be_lun *be_lun)
4630{
4631	struct ctl_softc *softc;
4632	struct ctl_port *port, *nport;
4633	struct ctl_lun *lun;
4634	int retval;
4635
4636	lun = (struct ctl_lun *)be_lun->ctl_lun;
4637	softc = lun->ctl_softc;
4638
4639	mtx_lock(&softc->ctl_lock);
4640	mtx_lock(&lun->lun_lock);
4641	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4642		/*
4643		 * eh?  Why did we get called if the LUN is already
4644		 * enabled?
4645		 */
4646		mtx_unlock(&lun->lun_lock);
4647		mtx_unlock(&softc->ctl_lock);
4648		return (0);
4649	}
4650	lun->flags &= ~CTL_LUN_DISABLED;
4651	mtx_unlock(&lun->lun_lock);
4652
4653	STAILQ_FOREACH_SAFE(port, &softc->port_list, links, nport) {
4654		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4655		    port->lun_map != NULL || port->lun_enable == NULL)
4656			continue;
4657
4658		/*
4659		 * Drop the lock while we call the FETD's enable routine.
4660		 * This can lead to a callback into CTL (at least in the
4661		 * case of the internal initiator frontend.
4662		 */
4663		mtx_unlock(&softc->ctl_lock);
4664		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4665		mtx_lock(&softc->ctl_lock);
4666		if (retval != 0) {
4667			printf("%s: FETD %s port %d returned error "
4668			       "%d for lun_enable on lun %jd\n",
4669			       __func__, port->port_name, port->targ_port,
4670			       retval, (intmax_t)lun->lun);
4671		}
4672	}
4673
4674	mtx_unlock(&softc->ctl_lock);
4675	ctl_isc_announce_lun(lun);
4676
4677	return (0);
4678}
4679
4680int
4681ctl_disable_lun(struct ctl_be_lun *be_lun)
4682{
4683	struct ctl_softc *softc;
4684	struct ctl_port *port;
4685	struct ctl_lun *lun;
4686	int retval;
4687
4688	lun = (struct ctl_lun *)be_lun->ctl_lun;
4689	softc = lun->ctl_softc;
4690
4691	mtx_lock(&softc->ctl_lock);
4692	mtx_lock(&lun->lun_lock);
4693	if (lun->flags & CTL_LUN_DISABLED) {
4694		mtx_unlock(&lun->lun_lock);
4695		mtx_unlock(&softc->ctl_lock);
4696		return (0);
4697	}
4698	lun->flags |= CTL_LUN_DISABLED;
4699	mtx_unlock(&lun->lun_lock);
4700
4701	STAILQ_FOREACH(port, &softc->port_list, links) {
4702		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4703		    port->lun_map != NULL || port->lun_disable == NULL)
4704			continue;
4705
4706		/*
4707		 * Drop the lock before we call the frontend's disable
4708		 * routine, to avoid lock order reversals.
4709		 *
4710		 * XXX KDM what happens if the frontend list changes while
4711		 * we're traversing it?  It's unlikely, but should be handled.
4712		 */
4713		mtx_unlock(&softc->ctl_lock);
4714		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4715		mtx_lock(&softc->ctl_lock);
4716		if (retval != 0) {
4717			printf("%s: FETD %s port %d returned error "
4718			       "%d for lun_disable on lun %jd\n",
4719			       __func__, port->port_name, port->targ_port,
4720			       retval, (intmax_t)lun->lun);
4721		}
4722	}
4723
4724	mtx_unlock(&softc->ctl_lock);
4725	ctl_isc_announce_lun(lun);
4726
4727	return (0);
4728}
4729
4730int
4731ctl_start_lun(struct ctl_be_lun *be_lun)
4732{
4733	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4734
4735	mtx_lock(&lun->lun_lock);
4736	lun->flags &= ~CTL_LUN_STOPPED;
4737	mtx_unlock(&lun->lun_lock);
4738	return (0);
4739}
4740
4741int
4742ctl_stop_lun(struct ctl_be_lun *be_lun)
4743{
4744	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4745
4746	mtx_lock(&lun->lun_lock);
4747	lun->flags |= CTL_LUN_STOPPED;
4748	mtx_unlock(&lun->lun_lock);
4749	return (0);
4750}
4751
4752int
4753ctl_lun_no_media(struct ctl_be_lun *be_lun)
4754{
4755	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4756
4757	mtx_lock(&lun->lun_lock);
4758	lun->flags |= CTL_LUN_NO_MEDIA;
4759	mtx_unlock(&lun->lun_lock);
4760	return (0);
4761}
4762
4763int
4764ctl_lun_has_media(struct ctl_be_lun *be_lun)
4765{
4766	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4767	union ctl_ha_msg msg;
4768
4769	mtx_lock(&lun->lun_lock);
4770	lun->flags &= ~(CTL_LUN_NO_MEDIA | CTL_LUN_EJECTED);
4771	if (lun->flags & CTL_LUN_REMOVABLE)
4772		ctl_est_ua_all(lun, -1, CTL_UA_MEDIUM_CHANGE);
4773	mtx_unlock(&lun->lun_lock);
4774	if ((lun->flags & CTL_LUN_REMOVABLE) &&
4775	    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4776		bzero(&msg.ua, sizeof(msg.ua));
4777		msg.hdr.msg_type = CTL_MSG_UA;
4778		msg.hdr.nexus.initid = -1;
4779		msg.hdr.nexus.targ_port = -1;
4780		msg.hdr.nexus.targ_lun = lun->lun;
4781		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4782		msg.ua.ua_all = 1;
4783		msg.ua.ua_set = 1;
4784		msg.ua.ua_type = CTL_UA_MEDIUM_CHANGE;
4785		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4786		    M_WAITOK);
4787	}
4788	return (0);
4789}
4790
4791int
4792ctl_lun_ejected(struct ctl_be_lun *be_lun)
4793{
4794	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4795
4796	mtx_lock(&lun->lun_lock);
4797	lun->flags |= CTL_LUN_EJECTED;
4798	mtx_unlock(&lun->lun_lock);
4799	return (0);
4800}
4801
4802int
4803ctl_lun_primary(struct ctl_be_lun *be_lun)
4804{
4805	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4806
4807	mtx_lock(&lun->lun_lock);
4808	lun->flags |= CTL_LUN_PRIMARY_SC;
4809	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4810	mtx_unlock(&lun->lun_lock);
4811	ctl_isc_announce_lun(lun);
4812	return (0);
4813}
4814
4815int
4816ctl_lun_secondary(struct ctl_be_lun *be_lun)
4817{
4818	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4819
4820	mtx_lock(&lun->lun_lock);
4821	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4822	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4823	mtx_unlock(&lun->lun_lock);
4824	ctl_isc_announce_lun(lun);
4825	return (0);
4826}
4827
4828int
4829ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4830{
4831	struct ctl_softc *softc;
4832	struct ctl_lun *lun;
4833
4834	lun = (struct ctl_lun *)be_lun->ctl_lun;
4835	softc = lun->ctl_softc;
4836
4837	mtx_lock(&lun->lun_lock);
4838
4839	/*
4840	 * The LUN needs to be disabled before it can be marked invalid.
4841	 */
4842	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4843		mtx_unlock(&lun->lun_lock);
4844		return (-1);
4845	}
4846	/*
4847	 * Mark the LUN invalid.
4848	 */
4849	lun->flags |= CTL_LUN_INVALID;
4850
4851	/*
4852	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4853	 * If we have something in the OOA queue, we'll free it when the
4854	 * last I/O completes.
4855	 */
4856	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4857		mtx_unlock(&lun->lun_lock);
4858		mtx_lock(&softc->ctl_lock);
4859		ctl_free_lun(lun);
4860		mtx_unlock(&softc->ctl_lock);
4861	} else
4862		mtx_unlock(&lun->lun_lock);
4863
4864	return (0);
4865}
4866
4867void
4868ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4869{
4870	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4871	union ctl_ha_msg msg;
4872
4873	mtx_lock(&lun->lun_lock);
4874	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGE);
4875	mtx_unlock(&lun->lun_lock);
4876	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4877		/* Send msg to other side. */
4878		bzero(&msg.ua, sizeof(msg.ua));
4879		msg.hdr.msg_type = CTL_MSG_UA;
4880		msg.hdr.nexus.initid = -1;
4881		msg.hdr.nexus.targ_port = -1;
4882		msg.hdr.nexus.targ_lun = lun->lun;
4883		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4884		msg.ua.ua_all = 1;
4885		msg.ua.ua_set = 1;
4886		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGE;
4887		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4888		    M_WAITOK);
4889	}
4890}
4891
4892/*
4893 * Backend "memory move is complete" callback for requests that never
4894 * make it down to say RAIDCore's configuration code.
4895 */
4896int
4897ctl_config_move_done(union ctl_io *io)
4898{
4899	int retval;
4900
4901	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4902	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4903	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4904
4905	if ((io->io_hdr.port_status != 0) &&
4906	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4907	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4908		/*
4909		 * For hardware error sense keys, the sense key
4910		 * specific value is defined to be a retry count,
4911		 * but we use it to pass back an internal FETD
4912		 * error code.  XXX KDM  Hopefully the FETD is only
4913		 * using 16 bits for an error code, since that's
4914		 * all the space we have in the sks field.
4915		 */
4916		ctl_set_internal_failure(&io->scsiio,
4917					 /*sks_valid*/ 1,
4918					 /*retry_count*/
4919					 io->io_hdr.port_status);
4920	}
4921
4922	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4923		ctl_data_print(io);
4924	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4925	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4926	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4927	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4928		/*
4929		 * XXX KDM just assuming a single pointer here, and not a
4930		 * S/G list.  If we start using S/G lists for config data,
4931		 * we'll need to know how to clean them up here as well.
4932		 */
4933		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4934			free(io->scsiio.kern_data_ptr, M_CTL);
4935		ctl_done(io);
4936		retval = CTL_RETVAL_COMPLETE;
4937	} else {
4938		/*
4939		 * XXX KDM now we need to continue data movement.  Some
4940		 * options:
4941		 * - call ctl_scsiio() again?  We don't do this for data
4942		 *   writes, because for those at least we know ahead of
4943		 *   time where the write will go and how long it is.  For
4944		 *   config writes, though, that information is largely
4945		 *   contained within the write itself, thus we need to
4946		 *   parse out the data again.
4947		 *
4948		 * - Call some other function once the data is in?
4949		 */
4950
4951		/*
4952		 * XXX KDM call ctl_scsiio() again for now, and check flag
4953		 * bits to see whether we're allocated or not.
4954		 */
4955		retval = ctl_scsiio(&io->scsiio);
4956	}
4957	return (retval);
4958}
4959
4960/*
4961 * This gets called by a backend driver when it is done with a
4962 * data_submit method.
4963 */
4964void
4965ctl_data_submit_done(union ctl_io *io)
4966{
4967	/*
4968	 * If the IO_CONT flag is set, we need to call the supplied
4969	 * function to continue processing the I/O, instead of completing
4970	 * the I/O just yet.
4971	 *
4972	 * If there is an error, though, we don't want to keep processing.
4973	 * Instead, just send status back to the initiator.
4974	 */
4975	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4976	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4977	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4978	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4979		io->scsiio.io_cont(io);
4980		return;
4981	}
4982	ctl_done(io);
4983}
4984
4985/*
4986 * This gets called by a backend driver when it is done with a
4987 * configuration write.
4988 */
4989void
4990ctl_config_write_done(union ctl_io *io)
4991{
4992	uint8_t *buf;
4993
4994	/*
4995	 * If the IO_CONT flag is set, we need to call the supplied
4996	 * function to continue processing the I/O, instead of completing
4997	 * the I/O just yet.
4998	 *
4999	 * If there is an error, though, we don't want to keep processing.
5000	 * Instead, just send status back to the initiator.
5001	 */
5002	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5003	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5004	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5005	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5006		io->scsiio.io_cont(io);
5007		return;
5008	}
5009	/*
5010	 * Since a configuration write can be done for commands that actually
5011	 * have data allocated, like write buffer, and commands that have
5012	 * no data, like start/stop unit, we need to check here.
5013	 */
5014	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5015		buf = io->scsiio.kern_data_ptr;
5016	else
5017		buf = NULL;
5018	ctl_done(io);
5019	if (buf)
5020		free(buf, M_CTL);
5021}
5022
5023void
5024ctl_config_read_done(union ctl_io *io)
5025{
5026	uint8_t *buf;
5027
5028	/*
5029	 * If there is some error -- we are done, skip data transfer.
5030	 */
5031	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5032	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5033	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5034		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5035			buf = io->scsiio.kern_data_ptr;
5036		else
5037			buf = NULL;
5038		ctl_done(io);
5039		if (buf)
5040			free(buf, M_CTL);
5041		return;
5042	}
5043
5044	/*
5045	 * If the IO_CONT flag is set, we need to call the supplied
5046	 * function to continue processing the I/O, instead of completing
5047	 * the I/O just yet.
5048	 */
5049	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5050		io->scsiio.io_cont(io);
5051		return;
5052	}
5053
5054	ctl_datamove(io);
5055}
5056
5057/*
5058 * SCSI release command.
5059 */
5060int
5061ctl_scsi_release(struct ctl_scsiio *ctsio)
5062{
5063	struct ctl_lun *lun;
5064	uint32_t residx;
5065
5066	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5067
5068	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5069	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5070
5071	/*
5072	 * XXX KDM right now, we only support LUN reservation.  We don't
5073	 * support 3rd party reservations, or extent reservations, which
5074	 * might actually need the parameter list.  If we've gotten this
5075	 * far, we've got a LUN reservation.  Anything else got kicked out
5076	 * above.  So, according to SPC, ignore the length.
5077	 */
5078
5079	mtx_lock(&lun->lun_lock);
5080
5081	/*
5082	 * According to SPC, it is not an error for an intiator to attempt
5083	 * to release a reservation on a LUN that isn't reserved, or that
5084	 * is reserved by another initiator.  The reservation can only be
5085	 * released, though, by the initiator who made it or by one of
5086	 * several reset type events.
5087	 */
5088	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5089			lun->flags &= ~CTL_LUN_RESERVED;
5090
5091	mtx_unlock(&lun->lun_lock);
5092
5093	ctl_set_success(ctsio);
5094	ctl_done((union ctl_io *)ctsio);
5095	return (CTL_RETVAL_COMPLETE);
5096}
5097
5098int
5099ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5100{
5101	struct ctl_lun *lun;
5102	uint32_t residx;
5103
5104	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5105
5106	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5107	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5108
5109	/*
5110	 * XXX KDM right now, we only support LUN reservation.  We don't
5111	 * support 3rd party reservations, or extent reservations, which
5112	 * might actually need the parameter list.  If we've gotten this
5113	 * far, we've got a LUN reservation.  Anything else got kicked out
5114	 * above.  So, according to SPC, ignore the length.
5115	 */
5116
5117	mtx_lock(&lun->lun_lock);
5118	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5119		ctl_set_reservation_conflict(ctsio);
5120		goto bailout;
5121	}
5122
5123	/* SPC-3 exceptions to SPC-2 RESERVE and RELEASE behavior. */
5124	if (lun->flags & CTL_LUN_PR_RESERVED) {
5125		ctl_set_success(ctsio);
5126		goto bailout;
5127	}
5128
5129	lun->flags |= CTL_LUN_RESERVED;
5130	lun->res_idx = residx;
5131	ctl_set_success(ctsio);
5132
5133bailout:
5134	mtx_unlock(&lun->lun_lock);
5135	ctl_done((union ctl_io *)ctsio);
5136	return (CTL_RETVAL_COMPLETE);
5137}
5138
5139int
5140ctl_start_stop(struct ctl_scsiio *ctsio)
5141{
5142	struct scsi_start_stop_unit *cdb;
5143	struct ctl_lun *lun;
5144	int retval;
5145
5146	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5147
5148	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5149	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5150
5151	if ((cdb->how & SSS_PC_MASK) == 0) {
5152		if ((lun->flags & CTL_LUN_PR_RESERVED) &&
5153		    (cdb->how & SSS_START) == 0) {
5154			uint32_t residx;
5155
5156			residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5157			if (ctl_get_prkey(lun, residx) == 0 ||
5158			    (lun->pr_res_idx != residx && lun->pr_res_type < 4)) {
5159
5160				ctl_set_reservation_conflict(ctsio);
5161				ctl_done((union ctl_io *)ctsio);
5162				return (CTL_RETVAL_COMPLETE);
5163			}
5164		}
5165
5166		if ((cdb->how & SSS_LOEJ) &&
5167		    (lun->flags & CTL_LUN_REMOVABLE) == 0) {
5168			ctl_set_invalid_field(ctsio,
5169					      /*sks_valid*/ 1,
5170					      /*command*/ 1,
5171					      /*field*/ 4,
5172					      /*bit_valid*/ 1,
5173					      /*bit*/ 1);
5174			ctl_done((union ctl_io *)ctsio);
5175			return (CTL_RETVAL_COMPLETE);
5176		}
5177
5178		if ((cdb->how & SSS_START) == 0 && (cdb->how & SSS_LOEJ) &&
5179		    lun->prevent_count > 0) {
5180			/* "Medium removal prevented" */
5181			ctl_set_sense(ctsio, /*current_error*/ 1,
5182			    /*sense_key*/(lun->flags & CTL_LUN_NO_MEDIA) ?
5183			     SSD_KEY_NOT_READY : SSD_KEY_ILLEGAL_REQUEST,
5184			    /*asc*/ 0x53, /*ascq*/ 0x02, SSD_ELEM_NONE);
5185			ctl_done((union ctl_io *)ctsio);
5186			return (CTL_RETVAL_COMPLETE);
5187		}
5188	}
5189
5190	retval = lun->backend->config_write((union ctl_io *)ctsio);
5191	return (retval);
5192}
5193
5194int
5195ctl_prevent_allow(struct ctl_scsiio *ctsio)
5196{
5197	struct ctl_lun *lun;
5198	struct scsi_prevent *cdb;
5199	int retval;
5200	uint32_t initidx;
5201
5202	CTL_DEBUG_PRINT(("ctl_prevent_allow\n"));
5203
5204	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5205	cdb = (struct scsi_prevent *)ctsio->cdb;
5206
5207	if ((lun->flags & CTL_LUN_REMOVABLE) == 0) {
5208		ctl_set_invalid_opcode(ctsio);
5209		ctl_done((union ctl_io *)ctsio);
5210		return (CTL_RETVAL_COMPLETE);
5211	}
5212
5213	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5214	mtx_lock(&lun->lun_lock);
5215	if ((cdb->how & PR_PREVENT) &&
5216	    ctl_is_set(lun->prevent, initidx) == 0) {
5217		ctl_set_mask(lun->prevent, initidx);
5218		lun->prevent_count++;
5219	} else if ((cdb->how & PR_PREVENT) == 0 &&
5220	    ctl_is_set(lun->prevent, initidx)) {
5221		ctl_clear_mask(lun->prevent, initidx);
5222		lun->prevent_count--;
5223	}
5224	mtx_unlock(&lun->lun_lock);
5225	retval = lun->backend->config_write((union ctl_io *)ctsio);
5226	return (retval);
5227}
5228
5229/*
5230 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5231 * we don't really do anything with the LBA and length fields if the user
5232 * passes them in.  Instead we'll just flush out the cache for the entire
5233 * LUN.
5234 */
5235int
5236ctl_sync_cache(struct ctl_scsiio *ctsio)
5237{
5238	struct ctl_lun *lun;
5239	struct ctl_softc *softc;
5240	struct ctl_lba_len_flags *lbalen;
5241	uint64_t starting_lba;
5242	uint32_t block_count;
5243	int retval;
5244	uint8_t byte2;
5245
5246	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5247
5248	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5249	softc = lun->ctl_softc;
5250	retval = 0;
5251
5252	switch (ctsio->cdb[0]) {
5253	case SYNCHRONIZE_CACHE: {
5254		struct scsi_sync_cache *cdb;
5255		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5256
5257		starting_lba = scsi_4btoul(cdb->begin_lba);
5258		block_count = scsi_2btoul(cdb->lb_count);
5259		byte2 = cdb->byte2;
5260		break;
5261	}
5262	case SYNCHRONIZE_CACHE_16: {
5263		struct scsi_sync_cache_16 *cdb;
5264		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5265
5266		starting_lba = scsi_8btou64(cdb->begin_lba);
5267		block_count = scsi_4btoul(cdb->lb_count);
5268		byte2 = cdb->byte2;
5269		break;
5270	}
5271	default:
5272		ctl_set_invalid_opcode(ctsio);
5273		ctl_done((union ctl_io *)ctsio);
5274		goto bailout;
5275		break; /* NOTREACHED */
5276	}
5277
5278	/*
5279	 * We check the LBA and length, but don't do anything with them.
5280	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5281	 * get flushed.  This check will just help satisfy anyone who wants
5282	 * to see an error for an out of range LBA.
5283	 */
5284	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5285		ctl_set_lba_out_of_range(ctsio);
5286		ctl_done((union ctl_io *)ctsio);
5287		goto bailout;
5288	}
5289
5290	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5291	lbalen->lba = starting_lba;
5292	lbalen->len = block_count;
5293	lbalen->flags = byte2;
5294	retval = lun->backend->config_write((union ctl_io *)ctsio);
5295
5296bailout:
5297	return (retval);
5298}
5299
5300int
5301ctl_format(struct ctl_scsiio *ctsio)
5302{
5303	struct scsi_format *cdb;
5304	struct ctl_lun *lun;
5305	int length, defect_list_len;
5306
5307	CTL_DEBUG_PRINT(("ctl_format\n"));
5308
5309	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5310
5311	cdb = (struct scsi_format *)ctsio->cdb;
5312
5313	length = 0;
5314	if (cdb->byte2 & SF_FMTDATA) {
5315		if (cdb->byte2 & SF_LONGLIST)
5316			length = sizeof(struct scsi_format_header_long);
5317		else
5318			length = sizeof(struct scsi_format_header_short);
5319	}
5320
5321	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5322	 && (length > 0)) {
5323		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5324		ctsio->kern_data_len = length;
5325		ctsio->kern_total_len = length;
5326		ctsio->kern_data_resid = 0;
5327		ctsio->kern_rel_offset = 0;
5328		ctsio->kern_sg_entries = 0;
5329		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5330		ctsio->be_move_done = ctl_config_move_done;
5331		ctl_datamove((union ctl_io *)ctsio);
5332
5333		return (CTL_RETVAL_COMPLETE);
5334	}
5335
5336	defect_list_len = 0;
5337
5338	if (cdb->byte2 & SF_FMTDATA) {
5339		if (cdb->byte2 & SF_LONGLIST) {
5340			struct scsi_format_header_long *header;
5341
5342			header = (struct scsi_format_header_long *)
5343				ctsio->kern_data_ptr;
5344
5345			defect_list_len = scsi_4btoul(header->defect_list_len);
5346			if (defect_list_len != 0) {
5347				ctl_set_invalid_field(ctsio,
5348						      /*sks_valid*/ 1,
5349						      /*command*/ 0,
5350						      /*field*/ 2,
5351						      /*bit_valid*/ 0,
5352						      /*bit*/ 0);
5353				goto bailout;
5354			}
5355		} else {
5356			struct scsi_format_header_short *header;
5357
5358			header = (struct scsi_format_header_short *)
5359				ctsio->kern_data_ptr;
5360
5361			defect_list_len = scsi_2btoul(header->defect_list_len);
5362			if (defect_list_len != 0) {
5363				ctl_set_invalid_field(ctsio,
5364						      /*sks_valid*/ 1,
5365						      /*command*/ 0,
5366						      /*field*/ 2,
5367						      /*bit_valid*/ 0,
5368						      /*bit*/ 0);
5369				goto bailout;
5370			}
5371		}
5372	}
5373
5374	ctl_set_success(ctsio);
5375bailout:
5376
5377	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5378		free(ctsio->kern_data_ptr, M_CTL);
5379		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5380	}
5381
5382	ctl_done((union ctl_io *)ctsio);
5383	return (CTL_RETVAL_COMPLETE);
5384}
5385
5386int
5387ctl_read_buffer(struct ctl_scsiio *ctsio)
5388{
5389	struct ctl_lun *lun;
5390	uint64_t buffer_offset;
5391	uint32_t len;
5392	uint8_t byte2;
5393	static uint8_t descr[4];
5394	static uint8_t echo_descr[4] = { 0 };
5395
5396	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5397	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5398	switch (ctsio->cdb[0]) {
5399	case READ_BUFFER: {
5400		struct scsi_read_buffer *cdb;
5401
5402		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5403		buffer_offset = scsi_3btoul(cdb->offset);
5404		len = scsi_3btoul(cdb->length);
5405		byte2 = cdb->byte2;
5406		break;
5407	}
5408	case READ_BUFFER_16: {
5409		struct scsi_read_buffer_16 *cdb;
5410
5411		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5412		buffer_offset = scsi_8btou64(cdb->offset);
5413		len = scsi_4btoul(cdb->length);
5414		byte2 = cdb->byte2;
5415		break;
5416	}
5417	default: /* This shouldn't happen. */
5418		ctl_set_invalid_opcode(ctsio);
5419		ctl_done((union ctl_io *)ctsio);
5420		return (CTL_RETVAL_COMPLETE);
5421	}
5422
5423	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5424	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5425	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5426		ctl_set_invalid_field(ctsio,
5427				      /*sks_valid*/ 1,
5428				      /*command*/ 1,
5429				      /*field*/ 1,
5430				      /*bit_valid*/ 1,
5431				      /*bit*/ 4);
5432		ctl_done((union ctl_io *)ctsio);
5433		return (CTL_RETVAL_COMPLETE);
5434	}
5435
5436	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5437	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5438		ctl_set_invalid_field(ctsio,
5439				      /*sks_valid*/ 1,
5440				      /*command*/ 1,
5441				      /*field*/ 6,
5442				      /*bit_valid*/ 0,
5443				      /*bit*/ 0);
5444		ctl_done((union ctl_io *)ctsio);
5445		return (CTL_RETVAL_COMPLETE);
5446	}
5447
5448	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5449		descr[0] = 0;
5450		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5451		ctsio->kern_data_ptr = descr;
5452		len = min(len, sizeof(descr));
5453	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5454		ctsio->kern_data_ptr = echo_descr;
5455		len = min(len, sizeof(echo_descr));
5456	} else {
5457		if (lun->write_buffer == NULL) {
5458			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5459			    M_CTL, M_WAITOK);
5460		}
5461		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5462	}
5463	ctsio->kern_data_len = len;
5464	ctsio->kern_total_len = len;
5465	ctsio->kern_data_resid = 0;
5466	ctsio->kern_rel_offset = 0;
5467	ctsio->kern_sg_entries = 0;
5468	ctl_set_success(ctsio);
5469	ctsio->be_move_done = ctl_config_move_done;
5470	ctl_datamove((union ctl_io *)ctsio);
5471	return (CTL_RETVAL_COMPLETE);
5472}
5473
5474int
5475ctl_write_buffer(struct ctl_scsiio *ctsio)
5476{
5477	struct scsi_write_buffer *cdb;
5478	struct ctl_lun *lun;
5479	int buffer_offset, len;
5480
5481	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5482
5483	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5484	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5485
5486	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5487		ctl_set_invalid_field(ctsio,
5488				      /*sks_valid*/ 1,
5489				      /*command*/ 1,
5490				      /*field*/ 1,
5491				      /*bit_valid*/ 1,
5492				      /*bit*/ 4);
5493		ctl_done((union ctl_io *)ctsio);
5494		return (CTL_RETVAL_COMPLETE);
5495	}
5496
5497	len = scsi_3btoul(cdb->length);
5498	buffer_offset = scsi_3btoul(cdb->offset);
5499
5500	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5501		ctl_set_invalid_field(ctsio,
5502				      /*sks_valid*/ 1,
5503				      /*command*/ 1,
5504				      /*field*/ 6,
5505				      /*bit_valid*/ 0,
5506				      /*bit*/ 0);
5507		ctl_done((union ctl_io *)ctsio);
5508		return (CTL_RETVAL_COMPLETE);
5509	}
5510
5511	/*
5512	 * If we've got a kernel request that hasn't been malloced yet,
5513	 * malloc it and tell the caller the data buffer is here.
5514	 */
5515	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5516		if (lun->write_buffer == NULL) {
5517			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5518			    M_CTL, M_WAITOK);
5519		}
5520		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5521		ctsio->kern_data_len = len;
5522		ctsio->kern_total_len = len;
5523		ctsio->kern_data_resid = 0;
5524		ctsio->kern_rel_offset = 0;
5525		ctsio->kern_sg_entries = 0;
5526		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5527		ctsio->be_move_done = ctl_config_move_done;
5528		ctl_datamove((union ctl_io *)ctsio);
5529
5530		return (CTL_RETVAL_COMPLETE);
5531	}
5532
5533	ctl_set_success(ctsio);
5534	ctl_done((union ctl_io *)ctsio);
5535	return (CTL_RETVAL_COMPLETE);
5536}
5537
5538int
5539ctl_write_same(struct ctl_scsiio *ctsio)
5540{
5541	struct ctl_lun *lun;
5542	struct ctl_lba_len_flags *lbalen;
5543	uint64_t lba;
5544	uint32_t num_blocks;
5545	int len, retval;
5546	uint8_t byte2;
5547
5548	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5549
5550	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5551
5552	switch (ctsio->cdb[0]) {
5553	case WRITE_SAME_10: {
5554		struct scsi_write_same_10 *cdb;
5555
5556		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5557
5558		lba = scsi_4btoul(cdb->addr);
5559		num_blocks = scsi_2btoul(cdb->length);
5560		byte2 = cdb->byte2;
5561		break;
5562	}
5563	case WRITE_SAME_16: {
5564		struct scsi_write_same_16 *cdb;
5565
5566		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5567
5568		lba = scsi_8btou64(cdb->addr);
5569		num_blocks = scsi_4btoul(cdb->length);
5570		byte2 = cdb->byte2;
5571		break;
5572	}
5573	default:
5574		/*
5575		 * We got a command we don't support.  This shouldn't
5576		 * happen, commands should be filtered out above us.
5577		 */
5578		ctl_set_invalid_opcode(ctsio);
5579		ctl_done((union ctl_io *)ctsio);
5580
5581		return (CTL_RETVAL_COMPLETE);
5582		break; /* NOTREACHED */
5583	}
5584
5585	/* ANCHOR flag can be used only together with UNMAP */
5586	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5587		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5588		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5589		ctl_done((union ctl_io *)ctsio);
5590		return (CTL_RETVAL_COMPLETE);
5591	}
5592
5593	/*
5594	 * The first check is to make sure we're in bounds, the second
5595	 * check is to catch wrap-around problems.  If the lba + num blocks
5596	 * is less than the lba, then we've wrapped around and the block
5597	 * range is invalid anyway.
5598	 */
5599	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5600	 || ((lba + num_blocks) < lba)) {
5601		ctl_set_lba_out_of_range(ctsio);
5602		ctl_done((union ctl_io *)ctsio);
5603		return (CTL_RETVAL_COMPLETE);
5604	}
5605
5606	/* Zero number of blocks means "to the last logical block" */
5607	if (num_blocks == 0) {
5608		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5609			ctl_set_invalid_field(ctsio,
5610					      /*sks_valid*/ 0,
5611					      /*command*/ 1,
5612					      /*field*/ 0,
5613					      /*bit_valid*/ 0,
5614					      /*bit*/ 0);
5615			ctl_done((union ctl_io *)ctsio);
5616			return (CTL_RETVAL_COMPLETE);
5617		}
5618		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5619	}
5620
5621	len = lun->be_lun->blocksize;
5622
5623	/*
5624	 * If we've got a kernel request that hasn't been malloced yet,
5625	 * malloc it and tell the caller the data buffer is here.
5626	 */
5627	if ((byte2 & SWS_NDOB) == 0 &&
5628	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5629		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5630		ctsio->kern_data_len = len;
5631		ctsio->kern_total_len = len;
5632		ctsio->kern_data_resid = 0;
5633		ctsio->kern_rel_offset = 0;
5634		ctsio->kern_sg_entries = 0;
5635		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5636		ctsio->be_move_done = ctl_config_move_done;
5637		ctl_datamove((union ctl_io *)ctsio);
5638
5639		return (CTL_RETVAL_COMPLETE);
5640	}
5641
5642	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5643	lbalen->lba = lba;
5644	lbalen->len = num_blocks;
5645	lbalen->flags = byte2;
5646	retval = lun->backend->config_write((union ctl_io *)ctsio);
5647
5648	return (retval);
5649}
5650
5651int
5652ctl_unmap(struct ctl_scsiio *ctsio)
5653{
5654	struct ctl_lun *lun;
5655	struct scsi_unmap *cdb;
5656	struct ctl_ptr_len_flags *ptrlen;
5657	struct scsi_unmap_header *hdr;
5658	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5659	uint64_t lba;
5660	uint32_t num_blocks;
5661	int len, retval;
5662	uint8_t byte2;
5663
5664	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5665
5666	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5667	cdb = (struct scsi_unmap *)ctsio->cdb;
5668
5669	len = scsi_2btoul(cdb->length);
5670	byte2 = cdb->byte2;
5671
5672	/*
5673	 * If we've got a kernel request that hasn't been malloced yet,
5674	 * malloc it and tell the caller the data buffer is here.
5675	 */
5676	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5677		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5678		ctsio->kern_data_len = len;
5679		ctsio->kern_total_len = len;
5680		ctsio->kern_data_resid = 0;
5681		ctsio->kern_rel_offset = 0;
5682		ctsio->kern_sg_entries = 0;
5683		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5684		ctsio->be_move_done = ctl_config_move_done;
5685		ctl_datamove((union ctl_io *)ctsio);
5686
5687		return (CTL_RETVAL_COMPLETE);
5688	}
5689
5690	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5691	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5692	if (len < sizeof (*hdr) ||
5693	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5694	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5695	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5696		ctl_set_invalid_field(ctsio,
5697				      /*sks_valid*/ 0,
5698				      /*command*/ 0,
5699				      /*field*/ 0,
5700				      /*bit_valid*/ 0,
5701				      /*bit*/ 0);
5702		goto done;
5703	}
5704	len = scsi_2btoul(hdr->desc_length);
5705	buf = (struct scsi_unmap_desc *)(hdr + 1);
5706	end = buf + len / sizeof(*buf);
5707
5708	endnz = buf;
5709	for (range = buf; range < end; range++) {
5710		lba = scsi_8btou64(range->lba);
5711		num_blocks = scsi_4btoul(range->length);
5712		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5713		 || ((lba + num_blocks) < lba)) {
5714			ctl_set_lba_out_of_range(ctsio);
5715			ctl_done((union ctl_io *)ctsio);
5716			return (CTL_RETVAL_COMPLETE);
5717		}
5718		if (num_blocks != 0)
5719			endnz = range + 1;
5720	}
5721
5722	/*
5723	 * Block backend can not handle zero last range.
5724	 * Filter it out and return if there is nothing left.
5725	 */
5726	len = (uint8_t *)endnz - (uint8_t *)buf;
5727	if (len == 0) {
5728		ctl_set_success(ctsio);
5729		goto done;
5730	}
5731
5732	mtx_lock(&lun->lun_lock);
5733	ptrlen = (struct ctl_ptr_len_flags *)
5734	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5735	ptrlen->ptr = (void *)buf;
5736	ptrlen->len = len;
5737	ptrlen->flags = byte2;
5738	ctl_check_blocked(lun);
5739	mtx_unlock(&lun->lun_lock);
5740
5741	retval = lun->backend->config_write((union ctl_io *)ctsio);
5742	return (retval);
5743
5744done:
5745	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5746		free(ctsio->kern_data_ptr, M_CTL);
5747		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5748	}
5749	ctl_done((union ctl_io *)ctsio);
5750	return (CTL_RETVAL_COMPLETE);
5751}
5752
5753/*
5754 * Note that this function currently doesn't actually do anything inside
5755 * CTL to enforce things if the DQue bit is turned on.
5756 *
5757 * Also note that this function can't be used in the default case, because
5758 * the DQue bit isn't set in the changeable mask for the control mode page
5759 * anyway.  This is just here as an example for how to implement a page
5760 * handler, and a placeholder in case we want to allow the user to turn
5761 * tagged queueing on and off.
5762 *
5763 * The D_SENSE bit handling is functional, however, and will turn
5764 * descriptor sense on and off for a given LUN.
5765 */
5766int
5767ctl_control_page_handler(struct ctl_scsiio *ctsio,
5768			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5769{
5770	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5771	struct ctl_lun *lun;
5772	int set_ua;
5773	uint32_t initidx;
5774
5775	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5776	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5777	set_ua = 0;
5778
5779	user_cp = (struct scsi_control_page *)page_ptr;
5780	current_cp = (struct scsi_control_page *)
5781		(page_index->page_data + (page_index->page_len *
5782		CTL_PAGE_CURRENT));
5783	saved_cp = (struct scsi_control_page *)
5784		(page_index->page_data + (page_index->page_len *
5785		CTL_PAGE_SAVED));
5786
5787	mtx_lock(&lun->lun_lock);
5788	if (((current_cp->rlec & SCP_DSENSE) == 0)
5789	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5790		/*
5791		 * Descriptor sense is currently turned off and the user
5792		 * wants to turn it on.
5793		 */
5794		current_cp->rlec |= SCP_DSENSE;
5795		saved_cp->rlec |= SCP_DSENSE;
5796		lun->flags |= CTL_LUN_SENSE_DESC;
5797		set_ua = 1;
5798	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5799		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5800		/*
5801		 * Descriptor sense is currently turned on, and the user
5802		 * wants to turn it off.
5803		 */
5804		current_cp->rlec &= ~SCP_DSENSE;
5805		saved_cp->rlec &= ~SCP_DSENSE;
5806		lun->flags &= ~CTL_LUN_SENSE_DESC;
5807		set_ua = 1;
5808	}
5809	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5810	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5811		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5812		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5813		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5814		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5815		set_ua = 1;
5816	}
5817	if ((current_cp->eca_and_aen & SCP_SWP) !=
5818	    (user_cp->eca_and_aen & SCP_SWP)) {
5819		current_cp->eca_and_aen &= ~SCP_SWP;
5820		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5821		saved_cp->eca_and_aen &= ~SCP_SWP;
5822		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5823		set_ua = 1;
5824	}
5825	if (set_ua != 0)
5826		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5827	mtx_unlock(&lun->lun_lock);
5828	if (set_ua) {
5829		ctl_isc_announce_mode(lun,
5830		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5831		    page_index->page_code, page_index->subpage);
5832	}
5833	return (0);
5834}
5835
5836int
5837ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5838		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5839{
5840	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5841	struct ctl_lun *lun;
5842	int set_ua;
5843	uint32_t initidx;
5844
5845	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5846	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5847	set_ua = 0;
5848
5849	user_cp = (struct scsi_caching_page *)page_ptr;
5850	current_cp = (struct scsi_caching_page *)
5851		(page_index->page_data + (page_index->page_len *
5852		CTL_PAGE_CURRENT));
5853	saved_cp = (struct scsi_caching_page *)
5854		(page_index->page_data + (page_index->page_len *
5855		CTL_PAGE_SAVED));
5856
5857	mtx_lock(&lun->lun_lock);
5858	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5859	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5860		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5861		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5862		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5863		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5864		set_ua = 1;
5865	}
5866	if (set_ua != 0)
5867		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5868	mtx_unlock(&lun->lun_lock);
5869	if (set_ua) {
5870		ctl_isc_announce_mode(lun,
5871		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5872		    page_index->page_code, page_index->subpage);
5873	}
5874	return (0);
5875}
5876
5877int
5878ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5879				struct ctl_page_index *page_index,
5880				uint8_t *page_ptr)
5881{
5882	uint8_t *c;
5883	int i;
5884
5885	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5886	ctl_time_io_secs =
5887		(c[0] << 8) |
5888		(c[1] << 0) |
5889		0;
5890	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5891	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5892	printf("page data:");
5893	for (i=0; i<8; i++)
5894		printf(" %.2x",page_ptr[i]);
5895	printf("\n");
5896	return (0);
5897}
5898
5899int
5900ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5901			       struct ctl_page_index *page_index,
5902			       int pc)
5903{
5904	struct copan_debugconf_subpage *page;
5905
5906	page = (struct copan_debugconf_subpage *)page_index->page_data +
5907		(page_index->page_len * pc);
5908
5909	switch (pc) {
5910	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5911	case SMS_PAGE_CTRL_DEFAULT >> 6:
5912	case SMS_PAGE_CTRL_SAVED >> 6:
5913		/*
5914		 * We don't update the changable or default bits for this page.
5915		 */
5916		break;
5917	case SMS_PAGE_CTRL_CURRENT >> 6:
5918		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5919		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5920		break;
5921	default:
5922		break;
5923	}
5924	return (0);
5925}
5926
5927
5928static int
5929ctl_do_mode_select(union ctl_io *io)
5930{
5931	struct scsi_mode_page_header *page_header;
5932	struct ctl_page_index *page_index;
5933	struct ctl_scsiio *ctsio;
5934	int page_len, page_len_offset, page_len_size;
5935	union ctl_modepage_info *modepage_info;
5936	struct ctl_lun *lun;
5937	int *len_left, *len_used;
5938	int retval, i;
5939
5940	ctsio = &io->scsiio;
5941	page_index = NULL;
5942	page_len = 0;
5943	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5944
5945	modepage_info = (union ctl_modepage_info *)
5946		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5947	len_left = &modepage_info->header.len_left;
5948	len_used = &modepage_info->header.len_used;
5949
5950do_next_page:
5951
5952	page_header = (struct scsi_mode_page_header *)
5953		(ctsio->kern_data_ptr + *len_used);
5954
5955	if (*len_left == 0) {
5956		free(ctsio->kern_data_ptr, M_CTL);
5957		ctl_set_success(ctsio);
5958		ctl_done((union ctl_io *)ctsio);
5959		return (CTL_RETVAL_COMPLETE);
5960	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5961
5962		free(ctsio->kern_data_ptr, M_CTL);
5963		ctl_set_param_len_error(ctsio);
5964		ctl_done((union ctl_io *)ctsio);
5965		return (CTL_RETVAL_COMPLETE);
5966
5967	} else if ((page_header->page_code & SMPH_SPF)
5968		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5969
5970		free(ctsio->kern_data_ptr, M_CTL);
5971		ctl_set_param_len_error(ctsio);
5972		ctl_done((union ctl_io *)ctsio);
5973		return (CTL_RETVAL_COMPLETE);
5974	}
5975
5976
5977	/*
5978	 * XXX KDM should we do something with the block descriptor?
5979	 */
5980	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5981		page_index = &lun->mode_pages.index[i];
5982		if (lun->be_lun->lun_type == T_DIRECT &&
5983		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
5984			continue;
5985		if (lun->be_lun->lun_type == T_PROCESSOR &&
5986		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
5987			continue;
5988		if (lun->be_lun->lun_type == T_CDROM &&
5989		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
5990			continue;
5991
5992		if ((page_index->page_code & SMPH_PC_MASK) !=
5993		    (page_header->page_code & SMPH_PC_MASK))
5994			continue;
5995
5996		/*
5997		 * If neither page has a subpage code, then we've got a
5998		 * match.
5999		 */
6000		if (((page_index->page_code & SMPH_SPF) == 0)
6001		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6002			page_len = page_header->page_length;
6003			break;
6004		}
6005
6006		/*
6007		 * If both pages have subpages, then the subpage numbers
6008		 * have to match.
6009		 */
6010		if ((page_index->page_code & SMPH_SPF)
6011		  && (page_header->page_code & SMPH_SPF)) {
6012			struct scsi_mode_page_header_sp *sph;
6013
6014			sph = (struct scsi_mode_page_header_sp *)page_header;
6015			if (page_index->subpage == sph->subpage) {
6016				page_len = scsi_2btoul(sph->page_length);
6017				break;
6018			}
6019		}
6020	}
6021
6022	/*
6023	 * If we couldn't find the page, or if we don't have a mode select
6024	 * handler for it, send back an error to the user.
6025	 */
6026	if ((i >= CTL_NUM_MODE_PAGES)
6027	 || (page_index->select_handler == NULL)) {
6028		ctl_set_invalid_field(ctsio,
6029				      /*sks_valid*/ 1,
6030				      /*command*/ 0,
6031				      /*field*/ *len_used,
6032				      /*bit_valid*/ 0,
6033				      /*bit*/ 0);
6034		free(ctsio->kern_data_ptr, M_CTL);
6035		ctl_done((union ctl_io *)ctsio);
6036		return (CTL_RETVAL_COMPLETE);
6037	}
6038
6039	if (page_index->page_code & SMPH_SPF) {
6040		page_len_offset = 2;
6041		page_len_size = 2;
6042	} else {
6043		page_len_size = 1;
6044		page_len_offset = 1;
6045	}
6046
6047	/*
6048	 * If the length the initiator gives us isn't the one we specify in
6049	 * the mode page header, or if they didn't specify enough data in
6050	 * the CDB to avoid truncating this page, kick out the request.
6051	 */
6052	if ((page_len != (page_index->page_len - page_len_offset -
6053			  page_len_size))
6054	 || (*len_left < page_index->page_len)) {
6055
6056
6057		ctl_set_invalid_field(ctsio,
6058				      /*sks_valid*/ 1,
6059				      /*command*/ 0,
6060				      /*field*/ *len_used + page_len_offset,
6061				      /*bit_valid*/ 0,
6062				      /*bit*/ 0);
6063		free(ctsio->kern_data_ptr, M_CTL);
6064		ctl_done((union ctl_io *)ctsio);
6065		return (CTL_RETVAL_COMPLETE);
6066	}
6067
6068	/*
6069	 * Run through the mode page, checking to make sure that the bits
6070	 * the user changed are actually legal for him to change.
6071	 */
6072	for (i = 0; i < page_index->page_len; i++) {
6073		uint8_t *user_byte, *change_mask, *current_byte;
6074		int bad_bit;
6075		int j;
6076
6077		user_byte = (uint8_t *)page_header + i;
6078		change_mask = page_index->page_data +
6079			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6080		current_byte = page_index->page_data +
6081			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6082
6083		/*
6084		 * Check to see whether the user set any bits in this byte
6085		 * that he is not allowed to set.
6086		 */
6087		if ((*user_byte & ~(*change_mask)) ==
6088		    (*current_byte & ~(*change_mask)))
6089			continue;
6090
6091		/*
6092		 * Go through bit by bit to determine which one is illegal.
6093		 */
6094		bad_bit = 0;
6095		for (j = 7; j >= 0; j--) {
6096			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6097			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6098				bad_bit = i;
6099				break;
6100			}
6101		}
6102		ctl_set_invalid_field(ctsio,
6103				      /*sks_valid*/ 1,
6104				      /*command*/ 0,
6105				      /*field*/ *len_used + i,
6106				      /*bit_valid*/ 1,
6107				      /*bit*/ bad_bit);
6108		free(ctsio->kern_data_ptr, M_CTL);
6109		ctl_done((union ctl_io *)ctsio);
6110		return (CTL_RETVAL_COMPLETE);
6111	}
6112
6113	/*
6114	 * Decrement these before we call the page handler, since we may
6115	 * end up getting called back one way or another before the handler
6116	 * returns to this context.
6117	 */
6118	*len_left -= page_index->page_len;
6119	*len_used += page_index->page_len;
6120
6121	retval = page_index->select_handler(ctsio, page_index,
6122					    (uint8_t *)page_header);
6123
6124	/*
6125	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6126	 * wait until this queued command completes to finish processing
6127	 * the mode page.  If it returns anything other than
6128	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6129	 * already set the sense information, freed the data pointer, and
6130	 * completed the io for us.
6131	 */
6132	if (retval != CTL_RETVAL_COMPLETE)
6133		goto bailout_no_done;
6134
6135	/*
6136	 * If the initiator sent us more than one page, parse the next one.
6137	 */
6138	if (*len_left > 0)
6139		goto do_next_page;
6140
6141	ctl_set_success(ctsio);
6142	free(ctsio->kern_data_ptr, M_CTL);
6143	ctl_done((union ctl_io *)ctsio);
6144
6145bailout_no_done:
6146
6147	return (CTL_RETVAL_COMPLETE);
6148
6149}
6150
6151int
6152ctl_mode_select(struct ctl_scsiio *ctsio)
6153{
6154	int param_len, pf, sp;
6155	int header_size, bd_len;
6156	union ctl_modepage_info *modepage_info;
6157
6158	switch (ctsio->cdb[0]) {
6159	case MODE_SELECT_6: {
6160		struct scsi_mode_select_6 *cdb;
6161
6162		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6163
6164		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6165		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6166		param_len = cdb->length;
6167		header_size = sizeof(struct scsi_mode_header_6);
6168		break;
6169	}
6170	case MODE_SELECT_10: {
6171		struct scsi_mode_select_10 *cdb;
6172
6173		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6174
6175		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6176		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6177		param_len = scsi_2btoul(cdb->length);
6178		header_size = sizeof(struct scsi_mode_header_10);
6179		break;
6180	}
6181	default:
6182		ctl_set_invalid_opcode(ctsio);
6183		ctl_done((union ctl_io *)ctsio);
6184		return (CTL_RETVAL_COMPLETE);
6185	}
6186
6187	/*
6188	 * From SPC-3:
6189	 * "A parameter list length of zero indicates that the Data-Out Buffer
6190	 * shall be empty. This condition shall not be considered as an error."
6191	 */
6192	if (param_len == 0) {
6193		ctl_set_success(ctsio);
6194		ctl_done((union ctl_io *)ctsio);
6195		return (CTL_RETVAL_COMPLETE);
6196	}
6197
6198	/*
6199	 * Since we'll hit this the first time through, prior to
6200	 * allocation, we don't need to free a data buffer here.
6201	 */
6202	if (param_len < header_size) {
6203		ctl_set_param_len_error(ctsio);
6204		ctl_done((union ctl_io *)ctsio);
6205		return (CTL_RETVAL_COMPLETE);
6206	}
6207
6208	/*
6209	 * Allocate the data buffer and grab the user's data.  In theory,
6210	 * we shouldn't have to sanity check the parameter list length here
6211	 * because the maximum size is 64K.  We should be able to malloc
6212	 * that much without too many problems.
6213	 */
6214	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6215		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6216		ctsio->kern_data_len = param_len;
6217		ctsio->kern_total_len = param_len;
6218		ctsio->kern_data_resid = 0;
6219		ctsio->kern_rel_offset = 0;
6220		ctsio->kern_sg_entries = 0;
6221		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6222		ctsio->be_move_done = ctl_config_move_done;
6223		ctl_datamove((union ctl_io *)ctsio);
6224
6225		return (CTL_RETVAL_COMPLETE);
6226	}
6227
6228	switch (ctsio->cdb[0]) {
6229	case MODE_SELECT_6: {
6230		struct scsi_mode_header_6 *mh6;
6231
6232		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6233		bd_len = mh6->blk_desc_len;
6234		break;
6235	}
6236	case MODE_SELECT_10: {
6237		struct scsi_mode_header_10 *mh10;
6238
6239		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6240		bd_len = scsi_2btoul(mh10->blk_desc_len);
6241		break;
6242	}
6243	default:
6244		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6245	}
6246
6247	if (param_len < (header_size + bd_len)) {
6248		free(ctsio->kern_data_ptr, M_CTL);
6249		ctl_set_param_len_error(ctsio);
6250		ctl_done((union ctl_io *)ctsio);
6251		return (CTL_RETVAL_COMPLETE);
6252	}
6253
6254	/*
6255	 * Set the IO_CONT flag, so that if this I/O gets passed to
6256	 * ctl_config_write_done(), it'll get passed back to
6257	 * ctl_do_mode_select() for further processing, or completion if
6258	 * we're all done.
6259	 */
6260	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6261	ctsio->io_cont = ctl_do_mode_select;
6262
6263	modepage_info = (union ctl_modepage_info *)
6264		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6265	memset(modepage_info, 0, sizeof(*modepage_info));
6266	modepage_info->header.len_left = param_len - header_size - bd_len;
6267	modepage_info->header.len_used = header_size + bd_len;
6268
6269	return (ctl_do_mode_select((union ctl_io *)ctsio));
6270}
6271
6272int
6273ctl_mode_sense(struct ctl_scsiio *ctsio)
6274{
6275	struct ctl_lun *lun;
6276	int pc, page_code, dbd, llba, subpage;
6277	int alloc_len, page_len, header_len, total_len;
6278	struct scsi_mode_block_descr *block_desc;
6279	struct ctl_page_index *page_index;
6280
6281	dbd = 0;
6282	llba = 0;
6283	block_desc = NULL;
6284
6285	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6286
6287	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6288	switch (ctsio->cdb[0]) {
6289	case MODE_SENSE_6: {
6290		struct scsi_mode_sense_6 *cdb;
6291
6292		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6293
6294		header_len = sizeof(struct scsi_mode_hdr_6);
6295		if (cdb->byte2 & SMS_DBD)
6296			dbd = 1;
6297		else
6298			header_len += sizeof(struct scsi_mode_block_descr);
6299
6300		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6301		page_code = cdb->page & SMS_PAGE_CODE;
6302		subpage = cdb->subpage;
6303		alloc_len = cdb->length;
6304		break;
6305	}
6306	case MODE_SENSE_10: {
6307		struct scsi_mode_sense_10 *cdb;
6308
6309		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6310
6311		header_len = sizeof(struct scsi_mode_hdr_10);
6312
6313		if (cdb->byte2 & SMS_DBD)
6314			dbd = 1;
6315		else
6316			header_len += sizeof(struct scsi_mode_block_descr);
6317		if (cdb->byte2 & SMS10_LLBAA)
6318			llba = 1;
6319		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6320		page_code = cdb->page & SMS_PAGE_CODE;
6321		subpage = cdb->subpage;
6322		alloc_len = scsi_2btoul(cdb->length);
6323		break;
6324	}
6325	default:
6326		ctl_set_invalid_opcode(ctsio);
6327		ctl_done((union ctl_io *)ctsio);
6328		return (CTL_RETVAL_COMPLETE);
6329		break; /* NOTREACHED */
6330	}
6331
6332	/*
6333	 * We have to make a first pass through to calculate the size of
6334	 * the pages that match the user's query.  Then we allocate enough
6335	 * memory to hold it, and actually copy the data into the buffer.
6336	 */
6337	switch (page_code) {
6338	case SMS_ALL_PAGES_PAGE: {
6339		int i;
6340
6341		page_len = 0;
6342
6343		/*
6344		 * At the moment, values other than 0 and 0xff here are
6345		 * reserved according to SPC-3.
6346		 */
6347		if ((subpage != SMS_SUBPAGE_PAGE_0)
6348		 && (subpage != SMS_SUBPAGE_ALL)) {
6349			ctl_set_invalid_field(ctsio,
6350					      /*sks_valid*/ 1,
6351					      /*command*/ 1,
6352					      /*field*/ 3,
6353					      /*bit_valid*/ 0,
6354					      /*bit*/ 0);
6355			ctl_done((union ctl_io *)ctsio);
6356			return (CTL_RETVAL_COMPLETE);
6357		}
6358
6359		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6360			page_index = &lun->mode_pages.index[i];
6361
6362			/* Make sure the page is supported for this dev type */
6363			if (lun->be_lun->lun_type == T_DIRECT &&
6364			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6365				continue;
6366			if (lun->be_lun->lun_type == T_PROCESSOR &&
6367			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6368				continue;
6369			if (lun->be_lun->lun_type == T_CDROM &&
6370			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6371				continue;
6372
6373			/*
6374			 * We don't use this subpage if the user didn't
6375			 * request all subpages.
6376			 */
6377			if ((page_index->subpage != 0)
6378			 && (subpage == SMS_SUBPAGE_PAGE_0))
6379				continue;
6380
6381#if 0
6382			printf("found page %#x len %d\n",
6383			       page_index->page_code & SMPH_PC_MASK,
6384			       page_index->page_len);
6385#endif
6386			page_len += page_index->page_len;
6387		}
6388		break;
6389	}
6390	default: {
6391		int i;
6392
6393		page_len = 0;
6394
6395		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6396			page_index = &lun->mode_pages.index[i];
6397
6398			/* Make sure the page is supported for this dev type */
6399			if (lun->be_lun->lun_type == T_DIRECT &&
6400			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6401				continue;
6402			if (lun->be_lun->lun_type == T_PROCESSOR &&
6403			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6404				continue;
6405			if (lun->be_lun->lun_type == T_CDROM &&
6406			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6407				continue;
6408
6409			/* Look for the right page code */
6410			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6411				continue;
6412
6413			/* Look for the right subpage or the subpage wildcard*/
6414			if ((page_index->subpage != subpage)
6415			 && (subpage != SMS_SUBPAGE_ALL))
6416				continue;
6417
6418#if 0
6419			printf("found page %#x len %d\n",
6420			       page_index->page_code & SMPH_PC_MASK,
6421			       page_index->page_len);
6422#endif
6423
6424			page_len += page_index->page_len;
6425		}
6426
6427		if (page_len == 0) {
6428			ctl_set_invalid_field(ctsio,
6429					      /*sks_valid*/ 1,
6430					      /*command*/ 1,
6431					      /*field*/ 2,
6432					      /*bit_valid*/ 1,
6433					      /*bit*/ 5);
6434			ctl_done((union ctl_io *)ctsio);
6435			return (CTL_RETVAL_COMPLETE);
6436		}
6437		break;
6438	}
6439	}
6440
6441	total_len = header_len + page_len;
6442#if 0
6443	printf("header_len = %d, page_len = %d, total_len = %d\n",
6444	       header_len, page_len, total_len);
6445#endif
6446
6447	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6448	ctsio->kern_sg_entries = 0;
6449	ctsio->kern_data_resid = 0;
6450	ctsio->kern_rel_offset = 0;
6451	if (total_len < alloc_len) {
6452		ctsio->residual = alloc_len - total_len;
6453		ctsio->kern_data_len = total_len;
6454		ctsio->kern_total_len = total_len;
6455	} else {
6456		ctsio->residual = 0;
6457		ctsio->kern_data_len = alloc_len;
6458		ctsio->kern_total_len = alloc_len;
6459	}
6460
6461	switch (ctsio->cdb[0]) {
6462	case MODE_SENSE_6: {
6463		struct scsi_mode_hdr_6 *header;
6464
6465		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6466
6467		header->datalen = MIN(total_len - 1, 254);
6468		if (lun->be_lun->lun_type == T_DIRECT) {
6469			header->dev_specific = 0x10; /* DPOFUA */
6470			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6471			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6472			    .eca_and_aen & SCP_SWP) != 0)
6473				    header->dev_specific |= 0x80; /* WP */
6474		}
6475		if (dbd)
6476			header->block_descr_len = 0;
6477		else
6478			header->block_descr_len =
6479				sizeof(struct scsi_mode_block_descr);
6480		block_desc = (struct scsi_mode_block_descr *)&header[1];
6481		break;
6482	}
6483	case MODE_SENSE_10: {
6484		struct scsi_mode_hdr_10 *header;
6485		int datalen;
6486
6487		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6488
6489		datalen = MIN(total_len - 2, 65533);
6490		scsi_ulto2b(datalen, header->datalen);
6491		if (lun->be_lun->lun_type == T_DIRECT) {
6492			header->dev_specific = 0x10; /* DPOFUA */
6493			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6494			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6495			    .eca_and_aen & SCP_SWP) != 0)
6496				    header->dev_specific |= 0x80; /* WP */
6497		}
6498		if (dbd)
6499			scsi_ulto2b(0, header->block_descr_len);
6500		else
6501			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6502				    header->block_descr_len);
6503		block_desc = (struct scsi_mode_block_descr *)&header[1];
6504		break;
6505	}
6506	default:
6507		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6508	}
6509
6510	/*
6511	 * If we've got a disk, use its blocksize in the block
6512	 * descriptor.  Otherwise, just set it to 0.
6513	 */
6514	if (dbd == 0) {
6515		if (lun->be_lun->lun_type == T_DIRECT)
6516			scsi_ulto3b(lun->be_lun->blocksize,
6517				    block_desc->block_len);
6518		else
6519			scsi_ulto3b(0, block_desc->block_len);
6520	}
6521
6522	switch (page_code) {
6523	case SMS_ALL_PAGES_PAGE: {
6524		int i, data_used;
6525
6526		data_used = header_len;
6527		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6528			struct ctl_page_index *page_index;
6529
6530			page_index = &lun->mode_pages.index[i];
6531			if (lun->be_lun->lun_type == T_DIRECT &&
6532			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6533				continue;
6534			if (lun->be_lun->lun_type == T_PROCESSOR &&
6535			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6536				continue;
6537			if (lun->be_lun->lun_type == T_CDROM &&
6538			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6539				continue;
6540
6541			/*
6542			 * We don't use this subpage if the user didn't
6543			 * request all subpages.  We already checked (above)
6544			 * to make sure the user only specified a subpage
6545			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6546			 */
6547			if ((page_index->subpage != 0)
6548			 && (subpage == SMS_SUBPAGE_PAGE_0))
6549				continue;
6550
6551			/*
6552			 * Call the handler, if it exists, to update the
6553			 * page to the latest values.
6554			 */
6555			if (page_index->sense_handler != NULL)
6556				page_index->sense_handler(ctsio, page_index,pc);
6557
6558			memcpy(ctsio->kern_data_ptr + data_used,
6559			       page_index->page_data +
6560			       (page_index->page_len * pc),
6561			       page_index->page_len);
6562			data_used += page_index->page_len;
6563		}
6564		break;
6565	}
6566	default: {
6567		int i, data_used;
6568
6569		data_used = header_len;
6570
6571		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6572			struct ctl_page_index *page_index;
6573
6574			page_index = &lun->mode_pages.index[i];
6575
6576			/* Look for the right page code */
6577			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6578				continue;
6579
6580			/* Look for the right subpage or the subpage wildcard*/
6581			if ((page_index->subpage != subpage)
6582			 && (subpage != SMS_SUBPAGE_ALL))
6583				continue;
6584
6585			/* Make sure the page is supported for this dev type */
6586			if (lun->be_lun->lun_type == T_DIRECT &&
6587			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6588				continue;
6589			if (lun->be_lun->lun_type == T_PROCESSOR &&
6590			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6591				continue;
6592			if (lun->be_lun->lun_type == T_CDROM &&
6593			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6594				continue;
6595
6596			/*
6597			 * Call the handler, if it exists, to update the
6598			 * page to the latest values.
6599			 */
6600			if (page_index->sense_handler != NULL)
6601				page_index->sense_handler(ctsio, page_index,pc);
6602
6603			memcpy(ctsio->kern_data_ptr + data_used,
6604			       page_index->page_data +
6605			       (page_index->page_len * pc),
6606			       page_index->page_len);
6607			data_used += page_index->page_len;
6608		}
6609		break;
6610	}
6611	}
6612
6613	ctl_set_success(ctsio);
6614	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6615	ctsio->be_move_done = ctl_config_move_done;
6616	ctl_datamove((union ctl_io *)ctsio);
6617	return (CTL_RETVAL_COMPLETE);
6618}
6619
6620int
6621ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6622			       struct ctl_page_index *page_index,
6623			       int pc)
6624{
6625	struct ctl_lun *lun;
6626	struct scsi_log_param_header *phdr;
6627	uint8_t *data;
6628	uint64_t val;
6629
6630	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6631	data = page_index->page_data;
6632
6633	if (lun->backend->lun_attr != NULL &&
6634	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6635	     != UINT64_MAX) {
6636		phdr = (struct scsi_log_param_header *)data;
6637		scsi_ulto2b(0x0001, phdr->param_code);
6638		phdr->param_control = SLP_LBIN | SLP_LP;
6639		phdr->param_len = 8;
6640		data = (uint8_t *)(phdr + 1);
6641		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6642		data[4] = 0x02; /* per-pool */
6643		data += phdr->param_len;
6644	}
6645
6646	if (lun->backend->lun_attr != NULL &&
6647	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6648	     != UINT64_MAX) {
6649		phdr = (struct scsi_log_param_header *)data;
6650		scsi_ulto2b(0x0002, phdr->param_code);
6651		phdr->param_control = SLP_LBIN | SLP_LP;
6652		phdr->param_len = 8;
6653		data = (uint8_t *)(phdr + 1);
6654		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6655		data[4] = 0x01; /* per-LUN */
6656		data += phdr->param_len;
6657	}
6658
6659	if (lun->backend->lun_attr != NULL &&
6660	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6661	     != UINT64_MAX) {
6662		phdr = (struct scsi_log_param_header *)data;
6663		scsi_ulto2b(0x00f1, phdr->param_code);
6664		phdr->param_control = SLP_LBIN | SLP_LP;
6665		phdr->param_len = 8;
6666		data = (uint8_t *)(phdr + 1);
6667		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6668		data[4] = 0x02; /* per-pool */
6669		data += phdr->param_len;
6670	}
6671
6672	if (lun->backend->lun_attr != NULL &&
6673	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6674	     != UINT64_MAX) {
6675		phdr = (struct scsi_log_param_header *)data;
6676		scsi_ulto2b(0x00f2, phdr->param_code);
6677		phdr->param_control = SLP_LBIN | SLP_LP;
6678		phdr->param_len = 8;
6679		data = (uint8_t *)(phdr + 1);
6680		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6681		data[4] = 0x02; /* per-pool */
6682		data += phdr->param_len;
6683	}
6684
6685	page_index->page_len = data - page_index->page_data;
6686	return (0);
6687}
6688
6689int
6690ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6691			       struct ctl_page_index *page_index,
6692			       int pc)
6693{
6694	struct ctl_lun *lun;
6695	struct stat_page *data;
6696	uint64_t rn, wn, rb, wb;
6697	struct bintime rt, wt;
6698	int i;
6699
6700	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6701	data = (struct stat_page *)page_index->page_data;
6702
6703	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6704	data->sap.hdr.param_control = SLP_LBIN;
6705	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6706	    sizeof(struct scsi_log_param_header);
6707	rn = wn = rb = wb = 0;
6708	bintime_clear(&rt);
6709	bintime_clear(&wt);
6710	for (i = 0; i < CTL_MAX_PORTS; i++) {
6711		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6712		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6713		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6714		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6715		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6716		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6717	}
6718	scsi_u64to8b(rn, data->sap.read_num);
6719	scsi_u64to8b(wn, data->sap.write_num);
6720	if (lun->stats.blocksize > 0) {
6721		scsi_u64to8b(wb / lun->stats.blocksize,
6722		    data->sap.recvieved_lba);
6723		scsi_u64to8b(rb / lun->stats.blocksize,
6724		    data->sap.transmitted_lba);
6725	}
6726	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6727	    data->sap.read_int);
6728	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6729	    data->sap.write_int);
6730	scsi_u64to8b(0, data->sap.weighted_num);
6731	scsi_u64to8b(0, data->sap.weighted_int);
6732	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6733	data->it.hdr.param_control = SLP_LBIN;
6734	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6735	    sizeof(struct scsi_log_param_header);
6736#ifdef CTL_TIME_IO
6737	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6738#endif
6739	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6740	data->it.hdr.param_control = SLP_LBIN;
6741	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6742	    sizeof(struct scsi_log_param_header);
6743	scsi_ulto4b(3, data->ti.exponent);
6744	scsi_ulto4b(1, data->ti.integer);
6745
6746	page_index->page_len = sizeof(*data);
6747	return (0);
6748}
6749
6750int
6751ctl_log_sense(struct ctl_scsiio *ctsio)
6752{
6753	struct ctl_lun *lun;
6754	int i, pc, page_code, subpage;
6755	int alloc_len, total_len;
6756	struct ctl_page_index *page_index;
6757	struct scsi_log_sense *cdb;
6758	struct scsi_log_header *header;
6759
6760	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6761
6762	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6763	cdb = (struct scsi_log_sense *)ctsio->cdb;
6764	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6765	page_code = cdb->page & SLS_PAGE_CODE;
6766	subpage = cdb->subpage;
6767	alloc_len = scsi_2btoul(cdb->length);
6768
6769	page_index = NULL;
6770	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6771		page_index = &lun->log_pages.index[i];
6772
6773		/* Look for the right page code */
6774		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6775			continue;
6776
6777		/* Look for the right subpage or the subpage wildcard*/
6778		if (page_index->subpage != subpage)
6779			continue;
6780
6781		break;
6782	}
6783	if (i >= CTL_NUM_LOG_PAGES) {
6784		ctl_set_invalid_field(ctsio,
6785				      /*sks_valid*/ 1,
6786				      /*command*/ 1,
6787				      /*field*/ 2,
6788				      /*bit_valid*/ 0,
6789				      /*bit*/ 0);
6790		ctl_done((union ctl_io *)ctsio);
6791		return (CTL_RETVAL_COMPLETE);
6792	}
6793
6794	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6795
6796	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6797	ctsio->kern_sg_entries = 0;
6798	ctsio->kern_data_resid = 0;
6799	ctsio->kern_rel_offset = 0;
6800	if (total_len < alloc_len) {
6801		ctsio->residual = alloc_len - total_len;
6802		ctsio->kern_data_len = total_len;
6803		ctsio->kern_total_len = total_len;
6804	} else {
6805		ctsio->residual = 0;
6806		ctsio->kern_data_len = alloc_len;
6807		ctsio->kern_total_len = alloc_len;
6808	}
6809
6810	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6811	header->page = page_index->page_code;
6812	if (page_index->subpage) {
6813		header->page |= SL_SPF;
6814		header->subpage = page_index->subpage;
6815	}
6816	scsi_ulto2b(page_index->page_len, header->datalen);
6817
6818	/*
6819	 * Call the handler, if it exists, to update the
6820	 * page to the latest values.
6821	 */
6822	if (page_index->sense_handler != NULL)
6823		page_index->sense_handler(ctsio, page_index, pc);
6824
6825	memcpy(header + 1, page_index->page_data, page_index->page_len);
6826
6827	ctl_set_success(ctsio);
6828	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6829	ctsio->be_move_done = ctl_config_move_done;
6830	ctl_datamove((union ctl_io *)ctsio);
6831	return (CTL_RETVAL_COMPLETE);
6832}
6833
6834int
6835ctl_read_capacity(struct ctl_scsiio *ctsio)
6836{
6837	struct scsi_read_capacity *cdb;
6838	struct scsi_read_capacity_data *data;
6839	struct ctl_lun *lun;
6840	uint32_t lba;
6841
6842	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6843
6844	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6845
6846	lba = scsi_4btoul(cdb->addr);
6847	if (((cdb->pmi & SRC_PMI) == 0)
6848	 && (lba != 0)) {
6849		ctl_set_invalid_field(/*ctsio*/ ctsio,
6850				      /*sks_valid*/ 1,
6851				      /*command*/ 1,
6852				      /*field*/ 2,
6853				      /*bit_valid*/ 0,
6854				      /*bit*/ 0);
6855		ctl_done((union ctl_io *)ctsio);
6856		return (CTL_RETVAL_COMPLETE);
6857	}
6858
6859	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6860
6861	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6862	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6863	ctsio->residual = 0;
6864	ctsio->kern_data_len = sizeof(*data);
6865	ctsio->kern_total_len = sizeof(*data);
6866	ctsio->kern_data_resid = 0;
6867	ctsio->kern_rel_offset = 0;
6868	ctsio->kern_sg_entries = 0;
6869
6870	/*
6871	 * If the maximum LBA is greater than 0xfffffffe, the user must
6872	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6873	 * serivce action set.
6874	 */
6875	if (lun->be_lun->maxlba > 0xfffffffe)
6876		scsi_ulto4b(0xffffffff, data->addr);
6877	else
6878		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6879
6880	/*
6881	 * XXX KDM this may not be 512 bytes...
6882	 */
6883	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6884
6885	ctl_set_success(ctsio);
6886	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6887	ctsio->be_move_done = ctl_config_move_done;
6888	ctl_datamove((union ctl_io *)ctsio);
6889	return (CTL_RETVAL_COMPLETE);
6890}
6891
6892int
6893ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6894{
6895	struct scsi_read_capacity_16 *cdb;
6896	struct scsi_read_capacity_data_long *data;
6897	struct ctl_lun *lun;
6898	uint64_t lba;
6899	uint32_t alloc_len;
6900
6901	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6902
6903	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6904
6905	alloc_len = scsi_4btoul(cdb->alloc_len);
6906	lba = scsi_8btou64(cdb->addr);
6907
6908	if ((cdb->reladr & SRC16_PMI)
6909	 && (lba != 0)) {
6910		ctl_set_invalid_field(/*ctsio*/ ctsio,
6911				      /*sks_valid*/ 1,
6912				      /*command*/ 1,
6913				      /*field*/ 2,
6914				      /*bit_valid*/ 0,
6915				      /*bit*/ 0);
6916		ctl_done((union ctl_io *)ctsio);
6917		return (CTL_RETVAL_COMPLETE);
6918	}
6919
6920	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6921
6922	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6923	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6924
6925	if (sizeof(*data) < alloc_len) {
6926		ctsio->residual = alloc_len - sizeof(*data);
6927		ctsio->kern_data_len = sizeof(*data);
6928		ctsio->kern_total_len = sizeof(*data);
6929	} else {
6930		ctsio->residual = 0;
6931		ctsio->kern_data_len = alloc_len;
6932		ctsio->kern_total_len = alloc_len;
6933	}
6934	ctsio->kern_data_resid = 0;
6935	ctsio->kern_rel_offset = 0;
6936	ctsio->kern_sg_entries = 0;
6937
6938	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6939	/* XXX KDM this may not be 512 bytes... */
6940	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6941	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6942	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6943	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6944		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6945
6946	ctl_set_success(ctsio);
6947	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6948	ctsio->be_move_done = ctl_config_move_done;
6949	ctl_datamove((union ctl_io *)ctsio);
6950	return (CTL_RETVAL_COMPLETE);
6951}
6952
6953int
6954ctl_get_lba_status(struct ctl_scsiio *ctsio)
6955{
6956	struct scsi_get_lba_status *cdb;
6957	struct scsi_get_lba_status_data *data;
6958	struct ctl_lun *lun;
6959	struct ctl_lba_len_flags *lbalen;
6960	uint64_t lba;
6961	uint32_t alloc_len, total_len;
6962	int retval;
6963
6964	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6965
6966	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6967	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6968	lba = scsi_8btou64(cdb->addr);
6969	alloc_len = scsi_4btoul(cdb->alloc_len);
6970
6971	if (lba > lun->be_lun->maxlba) {
6972		ctl_set_lba_out_of_range(ctsio);
6973		ctl_done((union ctl_io *)ctsio);
6974		return (CTL_RETVAL_COMPLETE);
6975	}
6976
6977	total_len = sizeof(*data) + sizeof(data->descr[0]);
6978	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6979	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6980
6981	if (total_len < alloc_len) {
6982		ctsio->residual = alloc_len - total_len;
6983		ctsio->kern_data_len = total_len;
6984		ctsio->kern_total_len = total_len;
6985	} else {
6986		ctsio->residual = 0;
6987		ctsio->kern_data_len = alloc_len;
6988		ctsio->kern_total_len = alloc_len;
6989	}
6990	ctsio->kern_data_resid = 0;
6991	ctsio->kern_rel_offset = 0;
6992	ctsio->kern_sg_entries = 0;
6993
6994	/* Fill dummy data in case backend can't tell anything. */
6995	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6996	scsi_u64to8b(lba, data->descr[0].addr);
6997	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6998	    data->descr[0].length);
6999	data->descr[0].status = 0; /* Mapped or unknown. */
7000
7001	ctl_set_success(ctsio);
7002	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7003	ctsio->be_move_done = ctl_config_move_done;
7004
7005	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7006	lbalen->lba = lba;
7007	lbalen->len = total_len;
7008	lbalen->flags = 0;
7009	retval = lun->backend->config_read((union ctl_io *)ctsio);
7010	return (CTL_RETVAL_COMPLETE);
7011}
7012
7013int
7014ctl_read_defect(struct ctl_scsiio *ctsio)
7015{
7016	struct scsi_read_defect_data_10 *ccb10;
7017	struct scsi_read_defect_data_12 *ccb12;
7018	struct scsi_read_defect_data_hdr_10 *data10;
7019	struct scsi_read_defect_data_hdr_12 *data12;
7020	uint32_t alloc_len, data_len;
7021	uint8_t format;
7022
7023	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7024
7025	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7026		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7027		format = ccb10->format;
7028		alloc_len = scsi_2btoul(ccb10->alloc_length);
7029		data_len = sizeof(*data10);
7030	} else {
7031		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7032		format = ccb12->format;
7033		alloc_len = scsi_4btoul(ccb12->alloc_length);
7034		data_len = sizeof(*data12);
7035	}
7036	if (alloc_len == 0) {
7037		ctl_set_success(ctsio);
7038		ctl_done((union ctl_io *)ctsio);
7039		return (CTL_RETVAL_COMPLETE);
7040	}
7041
7042	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7043	if (data_len < alloc_len) {
7044		ctsio->residual = alloc_len - data_len;
7045		ctsio->kern_data_len = data_len;
7046		ctsio->kern_total_len = data_len;
7047	} else {
7048		ctsio->residual = 0;
7049		ctsio->kern_data_len = alloc_len;
7050		ctsio->kern_total_len = alloc_len;
7051	}
7052	ctsio->kern_data_resid = 0;
7053	ctsio->kern_rel_offset = 0;
7054	ctsio->kern_sg_entries = 0;
7055
7056	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7057		data10 = (struct scsi_read_defect_data_hdr_10 *)
7058		    ctsio->kern_data_ptr;
7059		data10->format = format;
7060		scsi_ulto2b(0, data10->length);
7061	} else {
7062		data12 = (struct scsi_read_defect_data_hdr_12 *)
7063		    ctsio->kern_data_ptr;
7064		data12->format = format;
7065		scsi_ulto2b(0, data12->generation);
7066		scsi_ulto4b(0, data12->length);
7067	}
7068
7069	ctl_set_success(ctsio);
7070	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7071	ctsio->be_move_done = ctl_config_move_done;
7072	ctl_datamove((union ctl_io *)ctsio);
7073	return (CTL_RETVAL_COMPLETE);
7074}
7075
7076int
7077ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7078{
7079	struct scsi_maintenance_in *cdb;
7080	int retval;
7081	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7082	int num_target_port_groups, num_target_ports;
7083	struct ctl_lun *lun;
7084	struct ctl_softc *softc;
7085	struct ctl_port *port;
7086	struct scsi_target_group_data *rtg_ptr;
7087	struct scsi_target_group_data_extended *rtg_ext_ptr;
7088	struct scsi_target_port_group_descriptor *tpg_desc;
7089
7090	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7091
7092	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7093	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7094	softc = lun->ctl_softc;
7095
7096	retval = CTL_RETVAL_COMPLETE;
7097
7098	switch (cdb->byte2 & STG_PDF_MASK) {
7099	case STG_PDF_LENGTH:
7100		ext = 0;
7101		break;
7102	case STG_PDF_EXTENDED:
7103		ext = 1;
7104		break;
7105	default:
7106		ctl_set_invalid_field(/*ctsio*/ ctsio,
7107				      /*sks_valid*/ 1,
7108				      /*command*/ 1,
7109				      /*field*/ 2,
7110				      /*bit_valid*/ 1,
7111				      /*bit*/ 5);
7112		ctl_done((union ctl_io *)ctsio);
7113		return(retval);
7114	}
7115
7116	if (softc->is_single)
7117		num_target_port_groups = 1;
7118	else
7119		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7120	num_target_ports = 0;
7121	mtx_lock(&softc->ctl_lock);
7122	STAILQ_FOREACH(port, &softc->port_list, links) {
7123		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7124			continue;
7125		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7126			continue;
7127		num_target_ports++;
7128	}
7129	mtx_unlock(&softc->ctl_lock);
7130
7131	if (ext)
7132		total_len = sizeof(struct scsi_target_group_data_extended);
7133	else
7134		total_len = sizeof(struct scsi_target_group_data);
7135	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7136		num_target_port_groups +
7137	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7138
7139	alloc_len = scsi_4btoul(cdb->length);
7140
7141	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7142
7143	ctsio->kern_sg_entries = 0;
7144
7145	if (total_len < alloc_len) {
7146		ctsio->residual = alloc_len - total_len;
7147		ctsio->kern_data_len = total_len;
7148		ctsio->kern_total_len = total_len;
7149	} else {
7150		ctsio->residual = 0;
7151		ctsio->kern_data_len = alloc_len;
7152		ctsio->kern_total_len = alloc_len;
7153	}
7154	ctsio->kern_data_resid = 0;
7155	ctsio->kern_rel_offset = 0;
7156
7157	if (ext) {
7158		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7159		    ctsio->kern_data_ptr;
7160		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7161		rtg_ext_ptr->format_type = 0x10;
7162		rtg_ext_ptr->implicit_transition_time = 0;
7163		tpg_desc = &rtg_ext_ptr->groups[0];
7164	} else {
7165		rtg_ptr = (struct scsi_target_group_data *)
7166		    ctsio->kern_data_ptr;
7167		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7168		tpg_desc = &rtg_ptr->groups[0];
7169	}
7170
7171	mtx_lock(&softc->ctl_lock);
7172	pg = softc->port_min / softc->port_cnt;
7173	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7174		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7175	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7176		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7177	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7178		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7179	else
7180		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7181	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7182		os = gs;
7183		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7184	} else
7185		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7186	for (g = 0; g < num_target_port_groups; g++) {
7187		tpg_desc->pref_state = (g == pg) ? gs : os;
7188		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7189		    TPG_U_SUP | TPG_T_SUP;
7190		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7191		tpg_desc->status = TPG_IMPLICIT;
7192		pc = 0;
7193		STAILQ_FOREACH(port, &softc->port_list, links) {
7194			if (port->targ_port < g * softc->port_cnt ||
7195			    port->targ_port >= (g + 1) * softc->port_cnt)
7196				continue;
7197			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7198				continue;
7199			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7200				continue;
7201			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7202			    relative_target_port_identifier);
7203			pc++;
7204		}
7205		tpg_desc->target_port_count = pc;
7206		tpg_desc = (struct scsi_target_port_group_descriptor *)
7207		    &tpg_desc->descriptors[pc];
7208	}
7209	mtx_unlock(&softc->ctl_lock);
7210
7211	ctl_set_success(ctsio);
7212	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7213	ctsio->be_move_done = ctl_config_move_done;
7214	ctl_datamove((union ctl_io *)ctsio);
7215	return(retval);
7216}
7217
7218int
7219ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7220{
7221	struct ctl_lun *lun;
7222	struct scsi_report_supported_opcodes *cdb;
7223	const struct ctl_cmd_entry *entry, *sentry;
7224	struct scsi_report_supported_opcodes_all *all;
7225	struct scsi_report_supported_opcodes_descr *descr;
7226	struct scsi_report_supported_opcodes_one *one;
7227	int retval;
7228	int alloc_len, total_len;
7229	int opcode, service_action, i, j, num;
7230
7231	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7232
7233	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7234	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7235
7236	retval = CTL_RETVAL_COMPLETE;
7237
7238	opcode = cdb->requested_opcode;
7239	service_action = scsi_2btoul(cdb->requested_service_action);
7240	switch (cdb->options & RSO_OPTIONS_MASK) {
7241	case RSO_OPTIONS_ALL:
7242		num = 0;
7243		for (i = 0; i < 256; i++) {
7244			entry = &ctl_cmd_table[i];
7245			if (entry->flags & CTL_CMD_FLAG_SA5) {
7246				for (j = 0; j < 32; j++) {
7247					sentry = &((const struct ctl_cmd_entry *)
7248					    entry->execute)[j];
7249					if (ctl_cmd_applicable(
7250					    lun->be_lun->lun_type, sentry))
7251						num++;
7252				}
7253			} else {
7254				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7255				    entry))
7256					num++;
7257			}
7258		}
7259		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7260		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7261		break;
7262	case RSO_OPTIONS_OC:
7263		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7264			ctl_set_invalid_field(/*ctsio*/ ctsio,
7265					      /*sks_valid*/ 1,
7266					      /*command*/ 1,
7267					      /*field*/ 2,
7268					      /*bit_valid*/ 1,
7269					      /*bit*/ 2);
7270			ctl_done((union ctl_io *)ctsio);
7271			return (CTL_RETVAL_COMPLETE);
7272		}
7273		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7274		break;
7275	case RSO_OPTIONS_OC_SA:
7276		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7277		    service_action >= 32) {
7278			ctl_set_invalid_field(/*ctsio*/ ctsio,
7279					      /*sks_valid*/ 1,
7280					      /*command*/ 1,
7281					      /*field*/ 2,
7282					      /*bit_valid*/ 1,
7283					      /*bit*/ 2);
7284			ctl_done((union ctl_io *)ctsio);
7285			return (CTL_RETVAL_COMPLETE);
7286		}
7287		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7288		break;
7289	default:
7290		ctl_set_invalid_field(/*ctsio*/ ctsio,
7291				      /*sks_valid*/ 1,
7292				      /*command*/ 1,
7293				      /*field*/ 2,
7294				      /*bit_valid*/ 1,
7295				      /*bit*/ 2);
7296		ctl_done((union ctl_io *)ctsio);
7297		return (CTL_RETVAL_COMPLETE);
7298	}
7299
7300	alloc_len = scsi_4btoul(cdb->length);
7301
7302	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7303
7304	ctsio->kern_sg_entries = 0;
7305
7306	if (total_len < alloc_len) {
7307		ctsio->residual = alloc_len - total_len;
7308		ctsio->kern_data_len = total_len;
7309		ctsio->kern_total_len = total_len;
7310	} else {
7311		ctsio->residual = 0;
7312		ctsio->kern_data_len = alloc_len;
7313		ctsio->kern_total_len = alloc_len;
7314	}
7315	ctsio->kern_data_resid = 0;
7316	ctsio->kern_rel_offset = 0;
7317
7318	switch (cdb->options & RSO_OPTIONS_MASK) {
7319	case RSO_OPTIONS_ALL:
7320		all = (struct scsi_report_supported_opcodes_all *)
7321		    ctsio->kern_data_ptr;
7322		num = 0;
7323		for (i = 0; i < 256; i++) {
7324			entry = &ctl_cmd_table[i];
7325			if (entry->flags & CTL_CMD_FLAG_SA5) {
7326				for (j = 0; j < 32; j++) {
7327					sentry = &((const struct ctl_cmd_entry *)
7328					    entry->execute)[j];
7329					if (!ctl_cmd_applicable(
7330					    lun->be_lun->lun_type, sentry))
7331						continue;
7332					descr = &all->descr[num++];
7333					descr->opcode = i;
7334					scsi_ulto2b(j, descr->service_action);
7335					descr->flags = RSO_SERVACTV;
7336					scsi_ulto2b(sentry->length,
7337					    descr->cdb_length);
7338				}
7339			} else {
7340				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7341				    entry))
7342					continue;
7343				descr = &all->descr[num++];
7344				descr->opcode = i;
7345				scsi_ulto2b(0, descr->service_action);
7346				descr->flags = 0;
7347				scsi_ulto2b(entry->length, descr->cdb_length);
7348			}
7349		}
7350		scsi_ulto4b(
7351		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7352		    all->length);
7353		break;
7354	case RSO_OPTIONS_OC:
7355		one = (struct scsi_report_supported_opcodes_one *)
7356		    ctsio->kern_data_ptr;
7357		entry = &ctl_cmd_table[opcode];
7358		goto fill_one;
7359	case RSO_OPTIONS_OC_SA:
7360		one = (struct scsi_report_supported_opcodes_one *)
7361		    ctsio->kern_data_ptr;
7362		entry = &ctl_cmd_table[opcode];
7363		entry = &((const struct ctl_cmd_entry *)
7364		    entry->execute)[service_action];
7365fill_one:
7366		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7367			one->support = 3;
7368			scsi_ulto2b(entry->length, one->cdb_length);
7369			one->cdb_usage[0] = opcode;
7370			memcpy(&one->cdb_usage[1], entry->usage,
7371			    entry->length - 1);
7372		} else
7373			one->support = 1;
7374		break;
7375	}
7376
7377	ctl_set_success(ctsio);
7378	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7379	ctsio->be_move_done = ctl_config_move_done;
7380	ctl_datamove((union ctl_io *)ctsio);
7381	return(retval);
7382}
7383
7384int
7385ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7386{
7387	struct scsi_report_supported_tmf *cdb;
7388	struct scsi_report_supported_tmf_data *data;
7389	int retval;
7390	int alloc_len, total_len;
7391
7392	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7393
7394	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7395
7396	retval = CTL_RETVAL_COMPLETE;
7397
7398	total_len = sizeof(struct scsi_report_supported_tmf_data);
7399	alloc_len = scsi_4btoul(cdb->length);
7400
7401	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7402
7403	ctsio->kern_sg_entries = 0;
7404
7405	if (total_len < alloc_len) {
7406		ctsio->residual = alloc_len - total_len;
7407		ctsio->kern_data_len = total_len;
7408		ctsio->kern_total_len = total_len;
7409	} else {
7410		ctsio->residual = 0;
7411		ctsio->kern_data_len = alloc_len;
7412		ctsio->kern_total_len = alloc_len;
7413	}
7414	ctsio->kern_data_resid = 0;
7415	ctsio->kern_rel_offset = 0;
7416
7417	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7418	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7419	    RST_TRS;
7420	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7421
7422	ctl_set_success(ctsio);
7423	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7424	ctsio->be_move_done = ctl_config_move_done;
7425	ctl_datamove((union ctl_io *)ctsio);
7426	return (retval);
7427}
7428
7429int
7430ctl_report_timestamp(struct ctl_scsiio *ctsio)
7431{
7432	struct scsi_report_timestamp *cdb;
7433	struct scsi_report_timestamp_data *data;
7434	struct timeval tv;
7435	int64_t timestamp;
7436	int retval;
7437	int alloc_len, total_len;
7438
7439	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7440
7441	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7442
7443	retval = CTL_RETVAL_COMPLETE;
7444
7445	total_len = sizeof(struct scsi_report_timestamp_data);
7446	alloc_len = scsi_4btoul(cdb->length);
7447
7448	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7449
7450	ctsio->kern_sg_entries = 0;
7451
7452	if (total_len < alloc_len) {
7453		ctsio->residual = alloc_len - total_len;
7454		ctsio->kern_data_len = total_len;
7455		ctsio->kern_total_len = total_len;
7456	} else {
7457		ctsio->residual = 0;
7458		ctsio->kern_data_len = alloc_len;
7459		ctsio->kern_total_len = alloc_len;
7460	}
7461	ctsio->kern_data_resid = 0;
7462	ctsio->kern_rel_offset = 0;
7463
7464	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7465	scsi_ulto2b(sizeof(*data) - 2, data->length);
7466	data->origin = RTS_ORIG_OUTSIDE;
7467	getmicrotime(&tv);
7468	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7469	scsi_ulto4b(timestamp >> 16, data->timestamp);
7470	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7471
7472	ctl_set_success(ctsio);
7473	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7474	ctsio->be_move_done = ctl_config_move_done;
7475	ctl_datamove((union ctl_io *)ctsio);
7476	return (retval);
7477}
7478
7479int
7480ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7481{
7482	struct scsi_per_res_in *cdb;
7483	int alloc_len, total_len = 0;
7484	/* struct scsi_per_res_in_rsrv in_data; */
7485	struct ctl_lun *lun;
7486	struct ctl_softc *softc;
7487	uint64_t key;
7488
7489	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7490
7491	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7492
7493	alloc_len = scsi_2btoul(cdb->length);
7494
7495	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7496	softc = lun->ctl_softc;
7497
7498retry:
7499	mtx_lock(&lun->lun_lock);
7500	switch (cdb->action) {
7501	case SPRI_RK: /* read keys */
7502		total_len = sizeof(struct scsi_per_res_in_keys) +
7503			lun->pr_key_count *
7504			sizeof(struct scsi_per_res_key);
7505		break;
7506	case SPRI_RR: /* read reservation */
7507		if (lun->flags & CTL_LUN_PR_RESERVED)
7508			total_len = sizeof(struct scsi_per_res_in_rsrv);
7509		else
7510			total_len = sizeof(struct scsi_per_res_in_header);
7511		break;
7512	case SPRI_RC: /* report capabilities */
7513		total_len = sizeof(struct scsi_per_res_cap);
7514		break;
7515	case SPRI_RS: /* read full status */
7516		total_len = sizeof(struct scsi_per_res_in_header) +
7517		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7518		    lun->pr_key_count;
7519		break;
7520	default:
7521		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7522	}
7523	mtx_unlock(&lun->lun_lock);
7524
7525	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7526
7527	if (total_len < alloc_len) {
7528		ctsio->residual = alloc_len - total_len;
7529		ctsio->kern_data_len = total_len;
7530		ctsio->kern_total_len = total_len;
7531	} else {
7532		ctsio->residual = 0;
7533		ctsio->kern_data_len = alloc_len;
7534		ctsio->kern_total_len = alloc_len;
7535	}
7536
7537	ctsio->kern_data_resid = 0;
7538	ctsio->kern_rel_offset = 0;
7539	ctsio->kern_sg_entries = 0;
7540
7541	mtx_lock(&lun->lun_lock);
7542	switch (cdb->action) {
7543	case SPRI_RK: { // read keys
7544        struct scsi_per_res_in_keys *res_keys;
7545		int i, key_count;
7546
7547		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7548
7549		/*
7550		 * We had to drop the lock to allocate our buffer, which
7551		 * leaves time for someone to come in with another
7552		 * persistent reservation.  (That is unlikely, though,
7553		 * since this should be the only persistent reservation
7554		 * command active right now.)
7555		 */
7556		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7557		    (lun->pr_key_count *
7558		     sizeof(struct scsi_per_res_key)))){
7559			mtx_unlock(&lun->lun_lock);
7560			free(ctsio->kern_data_ptr, M_CTL);
7561			printf("%s: reservation length changed, retrying\n",
7562			       __func__);
7563			goto retry;
7564		}
7565
7566		scsi_ulto4b(lun->pr_generation, res_keys->header.generation);
7567
7568		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7569			     lun->pr_key_count, res_keys->header.length);
7570
7571		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7572			if ((key = ctl_get_prkey(lun, i)) == 0)
7573				continue;
7574
7575			/*
7576			 * We used lun->pr_key_count to calculate the
7577			 * size to allocate.  If it turns out the number of
7578			 * initiators with the registered flag set is
7579			 * larger than that (i.e. they haven't been kept in
7580			 * sync), we've got a problem.
7581			 */
7582			if (key_count >= lun->pr_key_count) {
7583				key_count++;
7584				continue;
7585			}
7586			scsi_u64to8b(key, res_keys->keys[key_count].key);
7587			key_count++;
7588		}
7589		break;
7590	}
7591	case SPRI_RR: { // read reservation
7592		struct scsi_per_res_in_rsrv *res;
7593		int tmp_len, header_only;
7594
7595		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7596
7597		scsi_ulto4b(lun->pr_generation, res->header.generation);
7598
7599		if (lun->flags & CTL_LUN_PR_RESERVED)
7600		{
7601			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7602			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7603				    res->header.length);
7604			header_only = 0;
7605		} else {
7606			tmp_len = sizeof(struct scsi_per_res_in_header);
7607			scsi_ulto4b(0, res->header.length);
7608			header_only = 1;
7609		}
7610
7611		/*
7612		 * We had to drop the lock to allocate our buffer, which
7613		 * leaves time for someone to come in with another
7614		 * persistent reservation.  (That is unlikely, though,
7615		 * since this should be the only persistent reservation
7616		 * command active right now.)
7617		 */
7618		if (tmp_len != total_len) {
7619			mtx_unlock(&lun->lun_lock);
7620			free(ctsio->kern_data_ptr, M_CTL);
7621			printf("%s: reservation status changed, retrying\n",
7622			       __func__);
7623			goto retry;
7624		}
7625
7626		/*
7627		 * No reservation held, so we're done.
7628		 */
7629		if (header_only != 0)
7630			break;
7631
7632		/*
7633		 * If the registration is an All Registrants type, the key
7634		 * is 0, since it doesn't really matter.
7635		 */
7636		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7637			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7638			    res->data.reservation);
7639		}
7640		res->data.scopetype = lun->pr_res_type;
7641		break;
7642	}
7643	case SPRI_RC:     //report capabilities
7644	{
7645		struct scsi_per_res_cap *res_cap;
7646		uint16_t type_mask;
7647
7648		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7649		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7650		res_cap->flags1 = SPRI_CRH;
7651		res_cap->flags2 = SPRI_TMV | SPRI_ALLOW_5;
7652		type_mask = SPRI_TM_WR_EX_AR |
7653			    SPRI_TM_EX_AC_RO |
7654			    SPRI_TM_WR_EX_RO |
7655			    SPRI_TM_EX_AC |
7656			    SPRI_TM_WR_EX |
7657			    SPRI_TM_EX_AC_AR;
7658		scsi_ulto2b(type_mask, res_cap->type_mask);
7659		break;
7660	}
7661	case SPRI_RS: { // read full status
7662		struct scsi_per_res_in_full *res_status;
7663		struct scsi_per_res_in_full_desc *res_desc;
7664		struct ctl_port *port;
7665		int i, len;
7666
7667		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7668
7669		/*
7670		 * We had to drop the lock to allocate our buffer, which
7671		 * leaves time for someone to come in with another
7672		 * persistent reservation.  (That is unlikely, though,
7673		 * since this should be the only persistent reservation
7674		 * command active right now.)
7675		 */
7676		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7677		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7678		     lun->pr_key_count)){
7679			mtx_unlock(&lun->lun_lock);
7680			free(ctsio->kern_data_ptr, M_CTL);
7681			printf("%s: reservation length changed, retrying\n",
7682			       __func__);
7683			goto retry;
7684		}
7685
7686		scsi_ulto4b(lun->pr_generation, res_status->header.generation);
7687
7688		res_desc = &res_status->desc[0];
7689		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7690			if ((key = ctl_get_prkey(lun, i)) == 0)
7691				continue;
7692
7693			scsi_u64to8b(key, res_desc->res_key.key);
7694			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7695			    (lun->pr_res_idx == i ||
7696			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7697				res_desc->flags = SPRI_FULL_R_HOLDER;
7698				res_desc->scopetype = lun->pr_res_type;
7699			}
7700			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7701			    res_desc->rel_trgt_port_id);
7702			len = 0;
7703			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7704			if (port != NULL)
7705				len = ctl_create_iid(port,
7706				    i % CTL_MAX_INIT_PER_PORT,
7707				    res_desc->transport_id);
7708			scsi_ulto4b(len, res_desc->additional_length);
7709			res_desc = (struct scsi_per_res_in_full_desc *)
7710			    &res_desc->transport_id[len];
7711		}
7712		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7713		    res_status->header.length);
7714		break;
7715	}
7716	default:
7717		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7718	}
7719	mtx_unlock(&lun->lun_lock);
7720
7721	ctl_set_success(ctsio);
7722	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7723	ctsio->be_move_done = ctl_config_move_done;
7724	ctl_datamove((union ctl_io *)ctsio);
7725	return (CTL_RETVAL_COMPLETE);
7726}
7727
7728/*
7729 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7730 * it should return.
7731 */
7732static int
7733ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7734		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7735		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7736		struct scsi_per_res_out_parms* param)
7737{
7738	union ctl_ha_msg persis_io;
7739	int i;
7740
7741	mtx_lock(&lun->lun_lock);
7742	if (sa_res_key == 0) {
7743		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7744			/* validate scope and type */
7745			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7746			     SPR_LU_SCOPE) {
7747				mtx_unlock(&lun->lun_lock);
7748				ctl_set_invalid_field(/*ctsio*/ ctsio,
7749						      /*sks_valid*/ 1,
7750						      /*command*/ 1,
7751						      /*field*/ 2,
7752						      /*bit_valid*/ 1,
7753						      /*bit*/ 4);
7754				ctl_done((union ctl_io *)ctsio);
7755				return (1);
7756			}
7757
7758		        if (type>8 || type==2 || type==4 || type==0) {
7759				mtx_unlock(&lun->lun_lock);
7760				ctl_set_invalid_field(/*ctsio*/ ctsio,
7761       	           				      /*sks_valid*/ 1,
7762						      /*command*/ 1,
7763						      /*field*/ 2,
7764						      /*bit_valid*/ 1,
7765						      /*bit*/ 0);
7766				ctl_done((union ctl_io *)ctsio);
7767				return (1);
7768		        }
7769
7770			/*
7771			 * Unregister everybody else and build UA for
7772			 * them
7773			 */
7774			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7775				if (i == residx || ctl_get_prkey(lun, i) == 0)
7776					continue;
7777
7778				ctl_clr_prkey(lun, i);
7779				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7780			}
7781			lun->pr_key_count = 1;
7782			lun->pr_res_type = type;
7783			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7784			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7785				lun->pr_res_idx = residx;
7786			lun->pr_generation++;
7787			mtx_unlock(&lun->lun_lock);
7788
7789			/* send msg to other side */
7790			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7791			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7792			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7793			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7794			persis_io.pr.pr_info.res_type = type;
7795			memcpy(persis_io.pr.pr_info.sa_res_key,
7796			       param->serv_act_res_key,
7797			       sizeof(param->serv_act_res_key));
7798			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7799			    sizeof(persis_io.pr), M_WAITOK);
7800		} else {
7801			/* not all registrants */
7802			mtx_unlock(&lun->lun_lock);
7803			free(ctsio->kern_data_ptr, M_CTL);
7804			ctl_set_invalid_field(ctsio,
7805					      /*sks_valid*/ 1,
7806					      /*command*/ 0,
7807					      /*field*/ 8,
7808					      /*bit_valid*/ 0,
7809					      /*bit*/ 0);
7810			ctl_done((union ctl_io *)ctsio);
7811			return (1);
7812		}
7813	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7814		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7815		int found = 0;
7816
7817		if (res_key == sa_res_key) {
7818			/* special case */
7819			/*
7820			 * The spec implies this is not good but doesn't
7821			 * say what to do. There are two choices either
7822			 * generate a res conflict or check condition
7823			 * with illegal field in parameter data. Since
7824			 * that is what is done when the sa_res_key is
7825			 * zero I'll take that approach since this has
7826			 * to do with the sa_res_key.
7827			 */
7828			mtx_unlock(&lun->lun_lock);
7829			free(ctsio->kern_data_ptr, M_CTL);
7830			ctl_set_invalid_field(ctsio,
7831					      /*sks_valid*/ 1,
7832					      /*command*/ 0,
7833					      /*field*/ 8,
7834					      /*bit_valid*/ 0,
7835					      /*bit*/ 0);
7836			ctl_done((union ctl_io *)ctsio);
7837			return (1);
7838		}
7839
7840		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7841			if (ctl_get_prkey(lun, i) != sa_res_key)
7842				continue;
7843
7844			found = 1;
7845			ctl_clr_prkey(lun, i);
7846			lun->pr_key_count--;
7847			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7848		}
7849		if (!found) {
7850			mtx_unlock(&lun->lun_lock);
7851			free(ctsio->kern_data_ptr, M_CTL);
7852			ctl_set_reservation_conflict(ctsio);
7853			ctl_done((union ctl_io *)ctsio);
7854			return (CTL_RETVAL_COMPLETE);
7855		}
7856		lun->pr_generation++;
7857		mtx_unlock(&lun->lun_lock);
7858
7859		/* send msg to other side */
7860		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7861		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7862		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7863		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7864		persis_io.pr.pr_info.res_type = type;
7865		memcpy(persis_io.pr.pr_info.sa_res_key,
7866		       param->serv_act_res_key,
7867		       sizeof(param->serv_act_res_key));
7868		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7869		    sizeof(persis_io.pr), M_WAITOK);
7870	} else {
7871		/* Reserved but not all registrants */
7872		/* sa_res_key is res holder */
7873		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7874			/* validate scope and type */
7875			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7876			     SPR_LU_SCOPE) {
7877				mtx_unlock(&lun->lun_lock);
7878				ctl_set_invalid_field(/*ctsio*/ ctsio,
7879						      /*sks_valid*/ 1,
7880						      /*command*/ 1,
7881						      /*field*/ 2,
7882						      /*bit_valid*/ 1,
7883						      /*bit*/ 4);
7884				ctl_done((union ctl_io *)ctsio);
7885				return (1);
7886			}
7887
7888			if (type>8 || type==2 || type==4 || type==0) {
7889				mtx_unlock(&lun->lun_lock);
7890				ctl_set_invalid_field(/*ctsio*/ ctsio,
7891						      /*sks_valid*/ 1,
7892						      /*command*/ 1,
7893						      /*field*/ 2,
7894						      /*bit_valid*/ 1,
7895						      /*bit*/ 0);
7896				ctl_done((union ctl_io *)ctsio);
7897				return (1);
7898			}
7899
7900			/*
7901			 * Do the following:
7902			 * if sa_res_key != res_key remove all
7903			 * registrants w/sa_res_key and generate UA
7904			 * for these registrants(Registrations
7905			 * Preempted) if it wasn't an exclusive
7906			 * reservation generate UA(Reservations
7907			 * Preempted) for all other registered nexuses
7908			 * if the type has changed. Establish the new
7909			 * reservation and holder. If res_key and
7910			 * sa_res_key are the same do the above
7911			 * except don't unregister the res holder.
7912			 */
7913
7914			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7915				if (i == residx || ctl_get_prkey(lun, i) == 0)
7916					continue;
7917
7918				if (sa_res_key == ctl_get_prkey(lun, i)) {
7919					ctl_clr_prkey(lun, i);
7920					lun->pr_key_count--;
7921					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7922				} else if (type != lun->pr_res_type &&
7923				    (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
7924				     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
7925					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7926				}
7927			}
7928			lun->pr_res_type = type;
7929			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7930			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7931				lun->pr_res_idx = residx;
7932			else
7933				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7934			lun->pr_generation++;
7935			mtx_unlock(&lun->lun_lock);
7936
7937			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7938			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7939			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7940			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7941			persis_io.pr.pr_info.res_type = type;
7942			memcpy(persis_io.pr.pr_info.sa_res_key,
7943			       param->serv_act_res_key,
7944			       sizeof(param->serv_act_res_key));
7945			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7946			    sizeof(persis_io.pr), M_WAITOK);
7947		} else {
7948			/*
7949			 * sa_res_key is not the res holder just
7950			 * remove registrants
7951			 */
7952			int found=0;
7953
7954			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7955				if (sa_res_key != ctl_get_prkey(lun, i))
7956					continue;
7957
7958				found = 1;
7959				ctl_clr_prkey(lun, i);
7960				lun->pr_key_count--;
7961				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7962			}
7963
7964			if (!found) {
7965				mtx_unlock(&lun->lun_lock);
7966				free(ctsio->kern_data_ptr, M_CTL);
7967				ctl_set_reservation_conflict(ctsio);
7968				ctl_done((union ctl_io *)ctsio);
7969		        	return (1);
7970			}
7971			lun->pr_generation++;
7972			mtx_unlock(&lun->lun_lock);
7973
7974			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7975			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7976			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7977			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7978			persis_io.pr.pr_info.res_type = type;
7979			memcpy(persis_io.pr.pr_info.sa_res_key,
7980			       param->serv_act_res_key,
7981			       sizeof(param->serv_act_res_key));
7982			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7983			    sizeof(persis_io.pr), M_WAITOK);
7984		}
7985	}
7986	return (0);
7987}
7988
7989static void
7990ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7991{
7992	uint64_t sa_res_key;
7993	int i;
7994
7995	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7996
7997	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7998	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7999	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8000		if (sa_res_key == 0) {
8001			/*
8002			 * Unregister everybody else and build UA for
8003			 * them
8004			 */
8005			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8006				if (i == msg->pr.pr_info.residx ||
8007				    ctl_get_prkey(lun, i) == 0)
8008					continue;
8009
8010				ctl_clr_prkey(lun, i);
8011				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8012			}
8013
8014			lun->pr_key_count = 1;
8015			lun->pr_res_type = msg->pr.pr_info.res_type;
8016			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8017			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8018				lun->pr_res_idx = msg->pr.pr_info.residx;
8019		} else {
8020		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8021				if (sa_res_key == ctl_get_prkey(lun, i))
8022					continue;
8023
8024				ctl_clr_prkey(lun, i);
8025				lun->pr_key_count--;
8026				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8027			}
8028		}
8029	} else {
8030		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8031			if (i == msg->pr.pr_info.residx ||
8032			    ctl_get_prkey(lun, i) == 0)
8033				continue;
8034
8035			if (sa_res_key == ctl_get_prkey(lun, i)) {
8036				ctl_clr_prkey(lun, i);
8037				lun->pr_key_count--;
8038				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8039			} else if (msg->pr.pr_info.res_type != lun->pr_res_type
8040			    && (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8041			     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
8042				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8043			}
8044		}
8045		lun->pr_res_type = msg->pr.pr_info.res_type;
8046		if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8047		    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8048			lun->pr_res_idx = msg->pr.pr_info.residx;
8049		else
8050			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8051	}
8052	lun->pr_generation++;
8053
8054}
8055
8056
8057int
8058ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8059{
8060	int retval;
8061	u_int32_t param_len;
8062	struct scsi_per_res_out *cdb;
8063	struct ctl_lun *lun;
8064	struct scsi_per_res_out_parms* param;
8065	struct ctl_softc *softc;
8066	uint32_t residx;
8067	uint64_t res_key, sa_res_key, key;
8068	uint8_t type;
8069	union ctl_ha_msg persis_io;
8070	int    i;
8071
8072	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8073
8074	retval = CTL_RETVAL_COMPLETE;
8075
8076	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8077	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8078	softc = lun->ctl_softc;
8079
8080	/*
8081	 * We only support whole-LUN scope.  The scope & type are ignored for
8082	 * register, register and ignore existing key and clear.
8083	 * We sometimes ignore scope and type on preempts too!!
8084	 * Verify reservation type here as well.
8085	 */
8086	type = cdb->scope_type & SPR_TYPE_MASK;
8087	if ((cdb->action == SPRO_RESERVE)
8088	 || (cdb->action == SPRO_RELEASE)) {
8089		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8090			ctl_set_invalid_field(/*ctsio*/ ctsio,
8091					      /*sks_valid*/ 1,
8092					      /*command*/ 1,
8093					      /*field*/ 2,
8094					      /*bit_valid*/ 1,
8095					      /*bit*/ 4);
8096			ctl_done((union ctl_io *)ctsio);
8097			return (CTL_RETVAL_COMPLETE);
8098		}
8099
8100		if (type>8 || type==2 || type==4 || type==0) {
8101			ctl_set_invalid_field(/*ctsio*/ ctsio,
8102					      /*sks_valid*/ 1,
8103					      /*command*/ 1,
8104					      /*field*/ 2,
8105					      /*bit_valid*/ 1,
8106					      /*bit*/ 0);
8107			ctl_done((union ctl_io *)ctsio);
8108			return (CTL_RETVAL_COMPLETE);
8109		}
8110	}
8111
8112	param_len = scsi_4btoul(cdb->length);
8113
8114	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8115		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8116		ctsio->kern_data_len = param_len;
8117		ctsio->kern_total_len = param_len;
8118		ctsio->kern_data_resid = 0;
8119		ctsio->kern_rel_offset = 0;
8120		ctsio->kern_sg_entries = 0;
8121		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8122		ctsio->be_move_done = ctl_config_move_done;
8123		ctl_datamove((union ctl_io *)ctsio);
8124
8125		return (CTL_RETVAL_COMPLETE);
8126	}
8127
8128	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8129
8130	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8131	res_key = scsi_8btou64(param->res_key.key);
8132	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8133
8134	/*
8135	 * Validate the reservation key here except for SPRO_REG_IGNO
8136	 * This must be done for all other service actions
8137	 */
8138	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8139		mtx_lock(&lun->lun_lock);
8140		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8141			if (res_key != key) {
8142				/*
8143				 * The current key passed in doesn't match
8144				 * the one the initiator previously
8145				 * registered.
8146				 */
8147				mtx_unlock(&lun->lun_lock);
8148				free(ctsio->kern_data_ptr, M_CTL);
8149				ctl_set_reservation_conflict(ctsio);
8150				ctl_done((union ctl_io *)ctsio);
8151				return (CTL_RETVAL_COMPLETE);
8152			}
8153		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8154			/*
8155			 * We are not registered
8156			 */
8157			mtx_unlock(&lun->lun_lock);
8158			free(ctsio->kern_data_ptr, M_CTL);
8159			ctl_set_reservation_conflict(ctsio);
8160			ctl_done((union ctl_io *)ctsio);
8161			return (CTL_RETVAL_COMPLETE);
8162		} else if (res_key != 0) {
8163			/*
8164			 * We are not registered and trying to register but
8165			 * the register key isn't zero.
8166			 */
8167			mtx_unlock(&lun->lun_lock);
8168			free(ctsio->kern_data_ptr, M_CTL);
8169			ctl_set_reservation_conflict(ctsio);
8170			ctl_done((union ctl_io *)ctsio);
8171			return (CTL_RETVAL_COMPLETE);
8172		}
8173		mtx_unlock(&lun->lun_lock);
8174	}
8175
8176	switch (cdb->action & SPRO_ACTION_MASK) {
8177	case SPRO_REGISTER:
8178	case SPRO_REG_IGNO: {
8179
8180#if 0
8181		printf("Registration received\n");
8182#endif
8183
8184		/*
8185		 * We don't support any of these options, as we report in
8186		 * the read capabilities request (see
8187		 * ctl_persistent_reserve_in(), above).
8188		 */
8189		if ((param->flags & SPR_SPEC_I_PT)
8190		 || (param->flags & SPR_ALL_TG_PT)
8191		 || (param->flags & SPR_APTPL)) {
8192			int bit_ptr;
8193
8194			if (param->flags & SPR_APTPL)
8195				bit_ptr = 0;
8196			else if (param->flags & SPR_ALL_TG_PT)
8197				bit_ptr = 2;
8198			else /* SPR_SPEC_I_PT */
8199				bit_ptr = 3;
8200
8201			free(ctsio->kern_data_ptr, M_CTL);
8202			ctl_set_invalid_field(ctsio,
8203					      /*sks_valid*/ 1,
8204					      /*command*/ 0,
8205					      /*field*/ 20,
8206					      /*bit_valid*/ 1,
8207					      /*bit*/ bit_ptr);
8208			ctl_done((union ctl_io *)ctsio);
8209			return (CTL_RETVAL_COMPLETE);
8210		}
8211
8212		mtx_lock(&lun->lun_lock);
8213
8214		/*
8215		 * The initiator wants to clear the
8216		 * key/unregister.
8217		 */
8218		if (sa_res_key == 0) {
8219			if ((res_key == 0
8220			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8221			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8222			  && ctl_get_prkey(lun, residx) == 0)) {
8223				mtx_unlock(&lun->lun_lock);
8224				goto done;
8225			}
8226
8227			ctl_clr_prkey(lun, residx);
8228			lun->pr_key_count--;
8229
8230			if (residx == lun->pr_res_idx) {
8231				lun->flags &= ~CTL_LUN_PR_RESERVED;
8232				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8233
8234				if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8235				     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8236				    lun->pr_key_count) {
8237					/*
8238					 * If the reservation is a registrants
8239					 * only type we need to generate a UA
8240					 * for other registered inits.  The
8241					 * sense code should be RESERVATIONS
8242					 * RELEASED
8243					 */
8244
8245					for (i = softc->init_min; i < softc->init_max; i++){
8246						if (ctl_get_prkey(lun, i) == 0)
8247							continue;
8248						ctl_est_ua(lun, i,
8249						    CTL_UA_RES_RELEASE);
8250					}
8251				}
8252				lun->pr_res_type = 0;
8253			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8254				if (lun->pr_key_count==0) {
8255					lun->flags &= ~CTL_LUN_PR_RESERVED;
8256					lun->pr_res_type = 0;
8257					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8258				}
8259			}
8260			lun->pr_generation++;
8261			mtx_unlock(&lun->lun_lock);
8262
8263			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8264			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8265			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8266			persis_io.pr.pr_info.residx = residx;
8267			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8268			    sizeof(persis_io.pr), M_WAITOK);
8269		} else /* sa_res_key != 0 */ {
8270
8271			/*
8272			 * If we aren't registered currently then increment
8273			 * the key count and set the registered flag.
8274			 */
8275			ctl_alloc_prkey(lun, residx);
8276			if (ctl_get_prkey(lun, residx) == 0)
8277				lun->pr_key_count++;
8278			ctl_set_prkey(lun, residx, sa_res_key);
8279			lun->pr_generation++;
8280			mtx_unlock(&lun->lun_lock);
8281
8282			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8283			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8284			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8285			persis_io.pr.pr_info.residx = residx;
8286			memcpy(persis_io.pr.pr_info.sa_res_key,
8287			       param->serv_act_res_key,
8288			       sizeof(param->serv_act_res_key));
8289			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8290			    sizeof(persis_io.pr), M_WAITOK);
8291		}
8292
8293		break;
8294	}
8295	case SPRO_RESERVE:
8296#if 0
8297                printf("Reserve executed type %d\n", type);
8298#endif
8299		mtx_lock(&lun->lun_lock);
8300		if (lun->flags & CTL_LUN_PR_RESERVED) {
8301			/*
8302			 * if this isn't the reservation holder and it's
8303			 * not a "all registrants" type or if the type is
8304			 * different then we have a conflict
8305			 */
8306			if ((lun->pr_res_idx != residx
8307			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8308			 || lun->pr_res_type != type) {
8309				mtx_unlock(&lun->lun_lock);
8310				free(ctsio->kern_data_ptr, M_CTL);
8311				ctl_set_reservation_conflict(ctsio);
8312				ctl_done((union ctl_io *)ctsio);
8313				return (CTL_RETVAL_COMPLETE);
8314			}
8315			mtx_unlock(&lun->lun_lock);
8316		} else /* create a reservation */ {
8317			/*
8318			 * If it's not an "all registrants" type record
8319			 * reservation holder
8320			 */
8321			if (type != SPR_TYPE_WR_EX_AR
8322			 && type != SPR_TYPE_EX_AC_AR)
8323				lun->pr_res_idx = residx; /* Res holder */
8324			else
8325				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8326
8327			lun->flags |= CTL_LUN_PR_RESERVED;
8328			lun->pr_res_type = type;
8329
8330			mtx_unlock(&lun->lun_lock);
8331
8332			/* send msg to other side */
8333			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8334			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8335			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8336			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8337			persis_io.pr.pr_info.res_type = type;
8338			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8339			    sizeof(persis_io.pr), M_WAITOK);
8340		}
8341		break;
8342
8343	case SPRO_RELEASE:
8344		mtx_lock(&lun->lun_lock);
8345		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8346			/* No reservation exists return good status */
8347			mtx_unlock(&lun->lun_lock);
8348			goto done;
8349		}
8350		/*
8351		 * Is this nexus a reservation holder?
8352		 */
8353		if (lun->pr_res_idx != residx
8354		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8355			/*
8356			 * not a res holder return good status but
8357			 * do nothing
8358			 */
8359			mtx_unlock(&lun->lun_lock);
8360			goto done;
8361		}
8362
8363		if (lun->pr_res_type != type) {
8364			mtx_unlock(&lun->lun_lock);
8365			free(ctsio->kern_data_ptr, M_CTL);
8366			ctl_set_illegal_pr_release(ctsio);
8367			ctl_done((union ctl_io *)ctsio);
8368			return (CTL_RETVAL_COMPLETE);
8369		}
8370
8371		/* okay to release */
8372		lun->flags &= ~CTL_LUN_PR_RESERVED;
8373		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8374		lun->pr_res_type = 0;
8375
8376		/*
8377		 * if this isn't an exclusive access
8378		 * res generate UA for all other
8379		 * registrants.
8380		 */
8381		if (type != SPR_TYPE_EX_AC
8382		 && type != SPR_TYPE_WR_EX) {
8383			for (i = softc->init_min; i < softc->init_max; i++) {
8384				if (i == residx || ctl_get_prkey(lun, i) == 0)
8385					continue;
8386				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8387			}
8388		}
8389		mtx_unlock(&lun->lun_lock);
8390
8391		/* Send msg to other side */
8392		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8393		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8394		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8395		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8396		     sizeof(persis_io.pr), M_WAITOK);
8397		break;
8398
8399	case SPRO_CLEAR:
8400		/* send msg to other side */
8401
8402		mtx_lock(&lun->lun_lock);
8403		lun->flags &= ~CTL_LUN_PR_RESERVED;
8404		lun->pr_res_type = 0;
8405		lun->pr_key_count = 0;
8406		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8407
8408		ctl_clr_prkey(lun, residx);
8409		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8410			if (ctl_get_prkey(lun, i) != 0) {
8411				ctl_clr_prkey(lun, i);
8412				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8413			}
8414		lun->pr_generation++;
8415		mtx_unlock(&lun->lun_lock);
8416
8417		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8418		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8419		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8420		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8421		     sizeof(persis_io.pr), M_WAITOK);
8422		break;
8423
8424	case SPRO_PREEMPT:
8425	case SPRO_PRE_ABO: {
8426		int nretval;
8427
8428		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8429					  residx, ctsio, cdb, param);
8430		if (nretval != 0)
8431			return (CTL_RETVAL_COMPLETE);
8432		break;
8433	}
8434	default:
8435		panic("%s: Invalid PR type %#x", __func__, cdb->action);
8436	}
8437
8438done:
8439	free(ctsio->kern_data_ptr, M_CTL);
8440	ctl_set_success(ctsio);
8441	ctl_done((union ctl_io *)ctsio);
8442
8443	return (retval);
8444}
8445
8446/*
8447 * This routine is for handling a message from the other SC pertaining to
8448 * persistent reserve out. All the error checking will have been done
8449 * so only perorming the action need be done here to keep the two
8450 * in sync.
8451 */
8452static void
8453ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8454{
8455	struct ctl_softc *softc = control_softc;
8456	struct ctl_lun *lun;
8457	int i;
8458	uint32_t residx, targ_lun;
8459
8460	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8461	mtx_lock(&softc->ctl_lock);
8462	if ((targ_lun >= CTL_MAX_LUNS) ||
8463	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8464		mtx_unlock(&softc->ctl_lock);
8465		return;
8466	}
8467	mtx_lock(&lun->lun_lock);
8468	mtx_unlock(&softc->ctl_lock);
8469	if (lun->flags & CTL_LUN_DISABLED) {
8470		mtx_unlock(&lun->lun_lock);
8471		return;
8472	}
8473	residx = ctl_get_initindex(&msg->hdr.nexus);
8474	switch(msg->pr.pr_info.action) {
8475	case CTL_PR_REG_KEY:
8476		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8477		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8478			lun->pr_key_count++;
8479		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8480		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8481		lun->pr_generation++;
8482		break;
8483
8484	case CTL_PR_UNREG_KEY:
8485		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8486		lun->pr_key_count--;
8487
8488		/* XXX Need to see if the reservation has been released */
8489		/* if so do we need to generate UA? */
8490		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8491			lun->flags &= ~CTL_LUN_PR_RESERVED;
8492			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8493
8494			if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8495			     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8496			    lun->pr_key_count) {
8497				/*
8498				 * If the reservation is a registrants
8499				 * only type we need to generate a UA
8500				 * for other registered inits.  The
8501				 * sense code should be RESERVATIONS
8502				 * RELEASED
8503				 */
8504
8505				for (i = softc->init_min; i < softc->init_max; i++) {
8506					if (ctl_get_prkey(lun, i) == 0)
8507						continue;
8508
8509					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8510				}
8511			}
8512			lun->pr_res_type = 0;
8513		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8514			if (lun->pr_key_count==0) {
8515				lun->flags &= ~CTL_LUN_PR_RESERVED;
8516				lun->pr_res_type = 0;
8517				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8518			}
8519		}
8520		lun->pr_generation++;
8521		break;
8522
8523	case CTL_PR_RESERVE:
8524		lun->flags |= CTL_LUN_PR_RESERVED;
8525		lun->pr_res_type = msg->pr.pr_info.res_type;
8526		lun->pr_res_idx = msg->pr.pr_info.residx;
8527
8528		break;
8529
8530	case CTL_PR_RELEASE:
8531		/*
8532		 * if this isn't an exclusive access res generate UA for all
8533		 * other registrants.
8534		 */
8535		if (lun->pr_res_type != SPR_TYPE_EX_AC &&
8536		    lun->pr_res_type != SPR_TYPE_WR_EX) {
8537			for (i = softc->init_min; i < softc->init_max; i++)
8538				if (i == residx || ctl_get_prkey(lun, i) == 0)
8539					continue;
8540				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8541		}
8542
8543		lun->flags &= ~CTL_LUN_PR_RESERVED;
8544		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8545		lun->pr_res_type = 0;
8546		break;
8547
8548	case CTL_PR_PREEMPT:
8549		ctl_pro_preempt_other(lun, msg);
8550		break;
8551	case CTL_PR_CLEAR:
8552		lun->flags &= ~CTL_LUN_PR_RESERVED;
8553		lun->pr_res_type = 0;
8554		lun->pr_key_count = 0;
8555		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8556
8557		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8558			if (ctl_get_prkey(lun, i) == 0)
8559				continue;
8560			ctl_clr_prkey(lun, i);
8561			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8562		}
8563		lun->pr_generation++;
8564		break;
8565	}
8566
8567	mtx_unlock(&lun->lun_lock);
8568}
8569
8570int
8571ctl_read_write(struct ctl_scsiio *ctsio)
8572{
8573	struct ctl_lun *lun;
8574	struct ctl_lba_len_flags *lbalen;
8575	uint64_t lba;
8576	uint32_t num_blocks;
8577	int flags, retval;
8578	int isread;
8579
8580	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8581
8582	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8583
8584	flags = 0;
8585	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8586	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8587	switch (ctsio->cdb[0]) {
8588	case READ_6:
8589	case WRITE_6: {
8590		struct scsi_rw_6 *cdb;
8591
8592		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8593
8594		lba = scsi_3btoul(cdb->addr);
8595		/* only 5 bits are valid in the most significant address byte */
8596		lba &= 0x1fffff;
8597		num_blocks = cdb->length;
8598		/*
8599		 * This is correct according to SBC-2.
8600		 */
8601		if (num_blocks == 0)
8602			num_blocks = 256;
8603		break;
8604	}
8605	case READ_10:
8606	case WRITE_10: {
8607		struct scsi_rw_10 *cdb;
8608
8609		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8610		if (cdb->byte2 & SRW10_FUA)
8611			flags |= CTL_LLF_FUA;
8612		if (cdb->byte2 & SRW10_DPO)
8613			flags |= CTL_LLF_DPO;
8614		lba = scsi_4btoul(cdb->addr);
8615		num_blocks = scsi_2btoul(cdb->length);
8616		break;
8617	}
8618	case WRITE_VERIFY_10: {
8619		struct scsi_write_verify_10 *cdb;
8620
8621		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8622		flags |= CTL_LLF_FUA;
8623		if (cdb->byte2 & SWV_DPO)
8624			flags |= CTL_LLF_DPO;
8625		lba = scsi_4btoul(cdb->addr);
8626		num_blocks = scsi_2btoul(cdb->length);
8627		break;
8628	}
8629	case READ_12:
8630	case WRITE_12: {
8631		struct scsi_rw_12 *cdb;
8632
8633		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8634		if (cdb->byte2 & SRW12_FUA)
8635			flags |= CTL_LLF_FUA;
8636		if (cdb->byte2 & SRW12_DPO)
8637			flags |= CTL_LLF_DPO;
8638		lba = scsi_4btoul(cdb->addr);
8639		num_blocks = scsi_4btoul(cdb->length);
8640		break;
8641	}
8642	case WRITE_VERIFY_12: {
8643		struct scsi_write_verify_12 *cdb;
8644
8645		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8646		flags |= CTL_LLF_FUA;
8647		if (cdb->byte2 & SWV_DPO)
8648			flags |= CTL_LLF_DPO;
8649		lba = scsi_4btoul(cdb->addr);
8650		num_blocks = scsi_4btoul(cdb->length);
8651		break;
8652	}
8653	case READ_16:
8654	case WRITE_16: {
8655		struct scsi_rw_16 *cdb;
8656
8657		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8658		if (cdb->byte2 & SRW12_FUA)
8659			flags |= CTL_LLF_FUA;
8660		if (cdb->byte2 & SRW12_DPO)
8661			flags |= CTL_LLF_DPO;
8662		lba = scsi_8btou64(cdb->addr);
8663		num_blocks = scsi_4btoul(cdb->length);
8664		break;
8665	}
8666	case WRITE_ATOMIC_16: {
8667		struct scsi_write_atomic_16 *cdb;
8668
8669		if (lun->be_lun->atomicblock == 0) {
8670			ctl_set_invalid_opcode(ctsio);
8671			ctl_done((union ctl_io *)ctsio);
8672			return (CTL_RETVAL_COMPLETE);
8673		}
8674
8675		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8676		if (cdb->byte2 & SRW12_FUA)
8677			flags |= CTL_LLF_FUA;
8678		if (cdb->byte2 & SRW12_DPO)
8679			flags |= CTL_LLF_DPO;
8680		lba = scsi_8btou64(cdb->addr);
8681		num_blocks = scsi_2btoul(cdb->length);
8682		if (num_blocks > lun->be_lun->atomicblock) {
8683			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8684			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8685			    /*bit*/ 0);
8686			ctl_done((union ctl_io *)ctsio);
8687			return (CTL_RETVAL_COMPLETE);
8688		}
8689		break;
8690	}
8691	case WRITE_VERIFY_16: {
8692		struct scsi_write_verify_16 *cdb;
8693
8694		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8695		flags |= CTL_LLF_FUA;
8696		if (cdb->byte2 & SWV_DPO)
8697			flags |= CTL_LLF_DPO;
8698		lba = scsi_8btou64(cdb->addr);
8699		num_blocks = scsi_4btoul(cdb->length);
8700		break;
8701	}
8702	default:
8703		/*
8704		 * We got a command we don't support.  This shouldn't
8705		 * happen, commands should be filtered out above us.
8706		 */
8707		ctl_set_invalid_opcode(ctsio);
8708		ctl_done((union ctl_io *)ctsio);
8709
8710		return (CTL_RETVAL_COMPLETE);
8711		break; /* NOTREACHED */
8712	}
8713
8714	/*
8715	 * The first check is to make sure we're in bounds, the second
8716	 * check is to catch wrap-around problems.  If the lba + num blocks
8717	 * is less than the lba, then we've wrapped around and the block
8718	 * range is invalid anyway.
8719	 */
8720	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8721	 || ((lba + num_blocks) < lba)) {
8722		ctl_set_lba_out_of_range(ctsio);
8723		ctl_done((union ctl_io *)ctsio);
8724		return (CTL_RETVAL_COMPLETE);
8725	}
8726
8727	/*
8728	 * According to SBC-3, a transfer length of 0 is not an error.
8729	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8730	 * translates to 256 blocks for those commands.
8731	 */
8732	if (num_blocks == 0) {
8733		ctl_set_success(ctsio);
8734		ctl_done((union ctl_io *)ctsio);
8735		return (CTL_RETVAL_COMPLETE);
8736	}
8737
8738	/* Set FUA and/or DPO if caches are disabled. */
8739	if (isread) {
8740		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8741		    SCP_RCD) != 0)
8742			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8743	} else {
8744		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8745		    SCP_WCE) == 0)
8746			flags |= CTL_LLF_FUA;
8747	}
8748
8749	lbalen = (struct ctl_lba_len_flags *)
8750	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8751	lbalen->lba = lba;
8752	lbalen->len = num_blocks;
8753	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8754
8755	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8756	ctsio->kern_rel_offset = 0;
8757
8758	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8759
8760	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8761	return (retval);
8762}
8763
8764static int
8765ctl_cnw_cont(union ctl_io *io)
8766{
8767	struct ctl_scsiio *ctsio;
8768	struct ctl_lun *lun;
8769	struct ctl_lba_len_flags *lbalen;
8770	int retval;
8771
8772	ctsio = &io->scsiio;
8773	ctsio->io_hdr.status = CTL_STATUS_NONE;
8774	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8775	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8776	lbalen = (struct ctl_lba_len_flags *)
8777	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8778	lbalen->flags &= ~CTL_LLF_COMPARE;
8779	lbalen->flags |= CTL_LLF_WRITE;
8780
8781	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8782	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8783	return (retval);
8784}
8785
8786int
8787ctl_cnw(struct ctl_scsiio *ctsio)
8788{
8789	struct ctl_lun *lun;
8790	struct ctl_lba_len_flags *lbalen;
8791	uint64_t lba;
8792	uint32_t num_blocks;
8793	int flags, retval;
8794
8795	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8796
8797	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8798
8799	flags = 0;
8800	switch (ctsio->cdb[0]) {
8801	case COMPARE_AND_WRITE: {
8802		struct scsi_compare_and_write *cdb;
8803
8804		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8805		if (cdb->byte2 & SRW10_FUA)
8806			flags |= CTL_LLF_FUA;
8807		if (cdb->byte2 & SRW10_DPO)
8808			flags |= CTL_LLF_DPO;
8809		lba = scsi_8btou64(cdb->addr);
8810		num_blocks = cdb->length;
8811		break;
8812	}
8813	default:
8814		/*
8815		 * We got a command we don't support.  This shouldn't
8816		 * happen, commands should be filtered out above us.
8817		 */
8818		ctl_set_invalid_opcode(ctsio);
8819		ctl_done((union ctl_io *)ctsio);
8820
8821		return (CTL_RETVAL_COMPLETE);
8822		break; /* NOTREACHED */
8823	}
8824
8825	/*
8826	 * The first check is to make sure we're in bounds, the second
8827	 * check is to catch wrap-around problems.  If the lba + num blocks
8828	 * is less than the lba, then we've wrapped around and the block
8829	 * range is invalid anyway.
8830	 */
8831	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8832	 || ((lba + num_blocks) < lba)) {
8833		ctl_set_lba_out_of_range(ctsio);
8834		ctl_done((union ctl_io *)ctsio);
8835		return (CTL_RETVAL_COMPLETE);
8836	}
8837
8838	/*
8839	 * According to SBC-3, a transfer length of 0 is not an error.
8840	 */
8841	if (num_blocks == 0) {
8842		ctl_set_success(ctsio);
8843		ctl_done((union ctl_io *)ctsio);
8844		return (CTL_RETVAL_COMPLETE);
8845	}
8846
8847	/* Set FUA if write cache is disabled. */
8848	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8849	    SCP_WCE) == 0)
8850		flags |= CTL_LLF_FUA;
8851
8852	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8853	ctsio->kern_rel_offset = 0;
8854
8855	/*
8856	 * Set the IO_CONT flag, so that if this I/O gets passed to
8857	 * ctl_data_submit_done(), it'll get passed back to
8858	 * ctl_ctl_cnw_cont() for further processing.
8859	 */
8860	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8861	ctsio->io_cont = ctl_cnw_cont;
8862
8863	lbalen = (struct ctl_lba_len_flags *)
8864	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8865	lbalen->lba = lba;
8866	lbalen->len = num_blocks;
8867	lbalen->flags = CTL_LLF_COMPARE | flags;
8868
8869	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8870	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8871	return (retval);
8872}
8873
8874int
8875ctl_verify(struct ctl_scsiio *ctsio)
8876{
8877	struct ctl_lun *lun;
8878	struct ctl_lba_len_flags *lbalen;
8879	uint64_t lba;
8880	uint32_t num_blocks;
8881	int bytchk, flags;
8882	int retval;
8883
8884	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8885
8886	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8887
8888	bytchk = 0;
8889	flags = CTL_LLF_FUA;
8890	switch (ctsio->cdb[0]) {
8891	case VERIFY_10: {
8892		struct scsi_verify_10 *cdb;
8893
8894		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8895		if (cdb->byte2 & SVFY_BYTCHK)
8896			bytchk = 1;
8897		if (cdb->byte2 & SVFY_DPO)
8898			flags |= CTL_LLF_DPO;
8899		lba = scsi_4btoul(cdb->addr);
8900		num_blocks = scsi_2btoul(cdb->length);
8901		break;
8902	}
8903	case VERIFY_12: {
8904		struct scsi_verify_12 *cdb;
8905
8906		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8907		if (cdb->byte2 & SVFY_BYTCHK)
8908			bytchk = 1;
8909		if (cdb->byte2 & SVFY_DPO)
8910			flags |= CTL_LLF_DPO;
8911		lba = scsi_4btoul(cdb->addr);
8912		num_blocks = scsi_4btoul(cdb->length);
8913		break;
8914	}
8915	case VERIFY_16: {
8916		struct scsi_rw_16 *cdb;
8917
8918		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8919		if (cdb->byte2 & SVFY_BYTCHK)
8920			bytchk = 1;
8921		if (cdb->byte2 & SVFY_DPO)
8922			flags |= CTL_LLF_DPO;
8923		lba = scsi_8btou64(cdb->addr);
8924		num_blocks = scsi_4btoul(cdb->length);
8925		break;
8926	}
8927	default:
8928		/*
8929		 * We got a command we don't support.  This shouldn't
8930		 * happen, commands should be filtered out above us.
8931		 */
8932		ctl_set_invalid_opcode(ctsio);
8933		ctl_done((union ctl_io *)ctsio);
8934		return (CTL_RETVAL_COMPLETE);
8935	}
8936
8937	/*
8938	 * The first check is to make sure we're in bounds, the second
8939	 * check is to catch wrap-around problems.  If the lba + num blocks
8940	 * is less than the lba, then we've wrapped around and the block
8941	 * range is invalid anyway.
8942	 */
8943	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8944	 || ((lba + num_blocks) < lba)) {
8945		ctl_set_lba_out_of_range(ctsio);
8946		ctl_done((union ctl_io *)ctsio);
8947		return (CTL_RETVAL_COMPLETE);
8948	}
8949
8950	/*
8951	 * According to SBC-3, a transfer length of 0 is not an error.
8952	 */
8953	if (num_blocks == 0) {
8954		ctl_set_success(ctsio);
8955		ctl_done((union ctl_io *)ctsio);
8956		return (CTL_RETVAL_COMPLETE);
8957	}
8958
8959	lbalen = (struct ctl_lba_len_flags *)
8960	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8961	lbalen->lba = lba;
8962	lbalen->len = num_blocks;
8963	if (bytchk) {
8964		lbalen->flags = CTL_LLF_COMPARE | flags;
8965		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8966	} else {
8967		lbalen->flags = CTL_LLF_VERIFY | flags;
8968		ctsio->kern_total_len = 0;
8969	}
8970	ctsio->kern_rel_offset = 0;
8971
8972	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8973	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8974	return (retval);
8975}
8976
8977int
8978ctl_report_luns(struct ctl_scsiio *ctsio)
8979{
8980	struct ctl_softc *softc;
8981	struct scsi_report_luns *cdb;
8982	struct scsi_report_luns_data *lun_data;
8983	struct ctl_lun *lun, *request_lun;
8984	struct ctl_port *port;
8985	int num_luns, retval;
8986	uint32_t alloc_len, lun_datalen;
8987	int num_filled;
8988	uint32_t initidx, targ_lun_id, lun_id;
8989
8990	retval = CTL_RETVAL_COMPLETE;
8991	cdb = (struct scsi_report_luns *)ctsio->cdb;
8992	port = ctl_io_port(&ctsio->io_hdr);
8993	softc = port->ctl_softc;
8994
8995	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8996
8997	mtx_lock(&softc->ctl_lock);
8998	num_luns = 0;
8999	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9000		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9001			num_luns++;
9002	}
9003	mtx_unlock(&softc->ctl_lock);
9004
9005	switch (cdb->select_report) {
9006	case RPL_REPORT_DEFAULT:
9007	case RPL_REPORT_ALL:
9008	case RPL_REPORT_NONSUBSID:
9009		break;
9010	case RPL_REPORT_WELLKNOWN:
9011	case RPL_REPORT_ADMIN:
9012	case RPL_REPORT_CONGLOM:
9013		num_luns = 0;
9014		break;
9015	default:
9016		ctl_set_invalid_field(ctsio,
9017				      /*sks_valid*/ 1,
9018				      /*command*/ 1,
9019				      /*field*/ 2,
9020				      /*bit_valid*/ 0,
9021				      /*bit*/ 0);
9022		ctl_done((union ctl_io *)ctsio);
9023		return (retval);
9024		break; /* NOTREACHED */
9025	}
9026
9027	alloc_len = scsi_4btoul(cdb->length);
9028	/*
9029	 * The initiator has to allocate at least 16 bytes for this request,
9030	 * so he can at least get the header and the first LUN.  Otherwise
9031	 * we reject the request (per SPC-3 rev 14, section 6.21).
9032	 */
9033	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9034	    sizeof(struct scsi_report_luns_lundata))) {
9035		ctl_set_invalid_field(ctsio,
9036				      /*sks_valid*/ 1,
9037				      /*command*/ 1,
9038				      /*field*/ 6,
9039				      /*bit_valid*/ 0,
9040				      /*bit*/ 0);
9041		ctl_done((union ctl_io *)ctsio);
9042		return (retval);
9043	}
9044
9045	request_lun = (struct ctl_lun *)
9046		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9047
9048	lun_datalen = sizeof(*lun_data) +
9049		(num_luns * sizeof(struct scsi_report_luns_lundata));
9050
9051	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9052	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9053	ctsio->kern_sg_entries = 0;
9054
9055	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9056
9057	mtx_lock(&softc->ctl_lock);
9058	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9059		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9060		if (lun_id >= CTL_MAX_LUNS)
9061			continue;
9062		lun = softc->ctl_luns[lun_id];
9063		if (lun == NULL)
9064			continue;
9065
9066		if (targ_lun_id <= 0xff) {
9067			/*
9068			 * Peripheral addressing method, bus number 0.
9069			 */
9070			lun_data->luns[num_filled].lundata[0] =
9071				RPL_LUNDATA_ATYP_PERIPH;
9072			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9073			num_filled++;
9074		} else if (targ_lun_id <= 0x3fff) {
9075			/*
9076			 * Flat addressing method.
9077			 */
9078			lun_data->luns[num_filled].lundata[0] =
9079				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9080			lun_data->luns[num_filled].lundata[1] =
9081				(targ_lun_id & 0xff);
9082			num_filled++;
9083		} else if (targ_lun_id <= 0xffffff) {
9084			/*
9085			 * Extended flat addressing method.
9086			 */
9087			lun_data->luns[num_filled].lundata[0] =
9088			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9089			scsi_ulto3b(targ_lun_id,
9090			    &lun_data->luns[num_filled].lundata[1]);
9091			num_filled++;
9092		} else {
9093			printf("ctl_report_luns: bogus LUN number %jd, "
9094			       "skipping\n", (intmax_t)targ_lun_id);
9095		}
9096		/*
9097		 * According to SPC-3, rev 14 section 6.21:
9098		 *
9099		 * "The execution of a REPORT LUNS command to any valid and
9100		 * installed logical unit shall clear the REPORTED LUNS DATA
9101		 * HAS CHANGED unit attention condition for all logical
9102		 * units of that target with respect to the requesting
9103		 * initiator. A valid and installed logical unit is one
9104		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9105		 * INQUIRY data (see 6.4.2)."
9106		 *
9107		 * If request_lun is NULL, the LUN this report luns command
9108		 * was issued to is either disabled or doesn't exist. In that
9109		 * case, we shouldn't clear any pending lun change unit
9110		 * attention.
9111		 */
9112		if (request_lun != NULL) {
9113			mtx_lock(&lun->lun_lock);
9114			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9115			mtx_unlock(&lun->lun_lock);
9116		}
9117	}
9118	mtx_unlock(&softc->ctl_lock);
9119
9120	/*
9121	 * It's quite possible that we've returned fewer LUNs than we allocated
9122	 * space for.  Trim it.
9123	 */
9124	lun_datalen = sizeof(*lun_data) +
9125		(num_filled * sizeof(struct scsi_report_luns_lundata));
9126
9127	if (lun_datalen < alloc_len) {
9128		ctsio->residual = alloc_len - lun_datalen;
9129		ctsio->kern_data_len = lun_datalen;
9130		ctsio->kern_total_len = lun_datalen;
9131	} else {
9132		ctsio->residual = 0;
9133		ctsio->kern_data_len = alloc_len;
9134		ctsio->kern_total_len = alloc_len;
9135	}
9136	ctsio->kern_data_resid = 0;
9137	ctsio->kern_rel_offset = 0;
9138	ctsio->kern_sg_entries = 0;
9139
9140	/*
9141	 * We set this to the actual data length, regardless of how much
9142	 * space we actually have to return results.  If the user looks at
9143	 * this value, he'll know whether or not he allocated enough space
9144	 * and reissue the command if necessary.  We don't support well
9145	 * known logical units, so if the user asks for that, return none.
9146	 */
9147	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9148
9149	/*
9150	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9151	 * this request.
9152	 */
9153	ctl_set_success(ctsio);
9154	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9155	ctsio->be_move_done = ctl_config_move_done;
9156	ctl_datamove((union ctl_io *)ctsio);
9157	return (retval);
9158}
9159
9160int
9161ctl_request_sense(struct ctl_scsiio *ctsio)
9162{
9163	struct scsi_request_sense *cdb;
9164	struct scsi_sense_data *sense_ptr;
9165	struct ctl_softc *ctl_softc;
9166	struct ctl_lun *lun;
9167	uint32_t initidx;
9168	int have_error;
9169	scsi_sense_data_type sense_format;
9170	ctl_ua_type ua_type;
9171
9172	cdb = (struct scsi_request_sense *)ctsio->cdb;
9173
9174	ctl_softc = control_softc;
9175	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9176
9177	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9178
9179	/*
9180	 * Determine which sense format the user wants.
9181	 */
9182	if (cdb->byte2 & SRS_DESC)
9183		sense_format = SSD_TYPE_DESC;
9184	else
9185		sense_format = SSD_TYPE_FIXED;
9186
9187	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9188	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9189	ctsio->kern_sg_entries = 0;
9190
9191	/*
9192	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9193	 * larger than the largest allowed value for the length field in the
9194	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9195	 */
9196	ctsio->residual = 0;
9197	ctsio->kern_data_len = cdb->length;
9198	ctsio->kern_total_len = cdb->length;
9199
9200	ctsio->kern_data_resid = 0;
9201	ctsio->kern_rel_offset = 0;
9202	ctsio->kern_sg_entries = 0;
9203
9204	/*
9205	 * If we don't have a LUN, we don't have any pending sense.
9206	 */
9207	if (lun == NULL)
9208		goto no_sense;
9209
9210	have_error = 0;
9211	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9212	/*
9213	 * Check for pending sense, and then for pending unit attentions.
9214	 * Pending sense gets returned first, then pending unit attentions.
9215	 */
9216	mtx_lock(&lun->lun_lock);
9217#ifdef CTL_WITH_CA
9218	if (ctl_is_set(lun->have_ca, initidx)) {
9219		scsi_sense_data_type stored_format;
9220
9221		/*
9222		 * Check to see which sense format was used for the stored
9223		 * sense data.
9224		 */
9225		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9226
9227		/*
9228		 * If the user requested a different sense format than the
9229		 * one we stored, then we need to convert it to the other
9230		 * format.  If we're going from descriptor to fixed format
9231		 * sense data, we may lose things in translation, depending
9232		 * on what options were used.
9233		 *
9234		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9235		 * for some reason we'll just copy it out as-is.
9236		 */
9237		if ((stored_format == SSD_TYPE_FIXED)
9238		 && (sense_format == SSD_TYPE_DESC))
9239			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9240			    &lun->pending_sense[initidx],
9241			    (struct scsi_sense_data_desc *)sense_ptr);
9242		else if ((stored_format == SSD_TYPE_DESC)
9243		      && (sense_format == SSD_TYPE_FIXED))
9244			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9245			    &lun->pending_sense[initidx],
9246			    (struct scsi_sense_data_fixed *)sense_ptr);
9247		else
9248			memcpy(sense_ptr, &lun->pending_sense[initidx],
9249			       MIN(sizeof(*sense_ptr),
9250			       sizeof(lun->pending_sense[initidx])));
9251
9252		ctl_clear_mask(lun->have_ca, initidx);
9253		have_error = 1;
9254	} else
9255#endif
9256	{
9257		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9258		if (ua_type != CTL_UA_NONE)
9259			have_error = 1;
9260		if (ua_type == CTL_UA_LUN_CHANGE) {
9261			mtx_unlock(&lun->lun_lock);
9262			mtx_lock(&ctl_softc->ctl_lock);
9263			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9264			mtx_unlock(&ctl_softc->ctl_lock);
9265			mtx_lock(&lun->lun_lock);
9266		}
9267
9268	}
9269	mtx_unlock(&lun->lun_lock);
9270
9271	/*
9272	 * We already have a pending error, return it.
9273	 */
9274	if (have_error != 0) {
9275		/*
9276		 * We report the SCSI status as OK, since the status of the
9277		 * request sense command itself is OK.
9278		 * We report 0 for the sense length, because we aren't doing
9279		 * autosense in this case.  We're reporting sense as
9280		 * parameter data.
9281		 */
9282		ctl_set_success(ctsio);
9283		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9284		ctsio->be_move_done = ctl_config_move_done;
9285		ctl_datamove((union ctl_io *)ctsio);
9286		return (CTL_RETVAL_COMPLETE);
9287	}
9288
9289no_sense:
9290
9291	/*
9292	 * No sense information to report, so we report that everything is
9293	 * okay.
9294	 */
9295	ctl_set_sense_data(sense_ptr,
9296			   lun,
9297			   sense_format,
9298			   /*current_error*/ 1,
9299			   /*sense_key*/ SSD_KEY_NO_SENSE,
9300			   /*asc*/ 0x00,
9301			   /*ascq*/ 0x00,
9302			   SSD_ELEM_NONE);
9303
9304	/*
9305	 * We report 0 for the sense length, because we aren't doing
9306	 * autosense in this case.  We're reporting sense as parameter data.
9307	 */
9308	ctl_set_success(ctsio);
9309	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9310	ctsio->be_move_done = ctl_config_move_done;
9311	ctl_datamove((union ctl_io *)ctsio);
9312	return (CTL_RETVAL_COMPLETE);
9313}
9314
9315int
9316ctl_tur(struct ctl_scsiio *ctsio)
9317{
9318
9319	CTL_DEBUG_PRINT(("ctl_tur\n"));
9320
9321	ctl_set_success(ctsio);
9322	ctl_done((union ctl_io *)ctsio);
9323
9324	return (CTL_RETVAL_COMPLETE);
9325}
9326
9327/*
9328 * SCSI VPD page 0x00, the Supported VPD Pages page.
9329 */
9330static int
9331ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9332{
9333	struct scsi_vpd_supported_pages *pages;
9334	int sup_page_size;
9335	struct ctl_lun *lun;
9336	int p;
9337
9338	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9339
9340	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9341	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9342	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9343	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9344	ctsio->kern_sg_entries = 0;
9345
9346	if (sup_page_size < alloc_len) {
9347		ctsio->residual = alloc_len - sup_page_size;
9348		ctsio->kern_data_len = sup_page_size;
9349		ctsio->kern_total_len = sup_page_size;
9350	} else {
9351		ctsio->residual = 0;
9352		ctsio->kern_data_len = alloc_len;
9353		ctsio->kern_total_len = alloc_len;
9354	}
9355	ctsio->kern_data_resid = 0;
9356	ctsio->kern_rel_offset = 0;
9357	ctsio->kern_sg_entries = 0;
9358
9359	/*
9360	 * The control device is always connected.  The disk device, on the
9361	 * other hand, may not be online all the time.  Need to change this
9362	 * to figure out whether the disk device is actually online or not.
9363	 */
9364	if (lun != NULL)
9365		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9366				lun->be_lun->lun_type;
9367	else
9368		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9369
9370	p = 0;
9371	/* Supported VPD pages */
9372	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9373	/* Serial Number */
9374	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9375	/* Device Identification */
9376	pages->page_list[p++] = SVPD_DEVICE_ID;
9377	/* Extended INQUIRY Data */
9378	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9379	/* Mode Page Policy */
9380	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9381	/* SCSI Ports */
9382	pages->page_list[p++] = SVPD_SCSI_PORTS;
9383	/* Third-party Copy */
9384	pages->page_list[p++] = SVPD_SCSI_TPC;
9385	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9386		/* Block limits */
9387		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9388		/* Block Device Characteristics */
9389		pages->page_list[p++] = SVPD_BDC;
9390		/* Logical Block Provisioning */
9391		pages->page_list[p++] = SVPD_LBP;
9392	}
9393	pages->length = p;
9394
9395	ctl_set_success(ctsio);
9396	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9397	ctsio->be_move_done = ctl_config_move_done;
9398	ctl_datamove((union ctl_io *)ctsio);
9399	return (CTL_RETVAL_COMPLETE);
9400}
9401
9402/*
9403 * SCSI VPD page 0x80, the Unit Serial Number page.
9404 */
9405static int
9406ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9407{
9408	struct scsi_vpd_unit_serial_number *sn_ptr;
9409	struct ctl_lun *lun;
9410	int data_len;
9411
9412	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9413
9414	data_len = 4 + CTL_SN_LEN;
9415	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9416	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9417	if (data_len < alloc_len) {
9418		ctsio->residual = alloc_len - data_len;
9419		ctsio->kern_data_len = data_len;
9420		ctsio->kern_total_len = data_len;
9421	} else {
9422		ctsio->residual = 0;
9423		ctsio->kern_data_len = alloc_len;
9424		ctsio->kern_total_len = alloc_len;
9425	}
9426	ctsio->kern_data_resid = 0;
9427	ctsio->kern_rel_offset = 0;
9428	ctsio->kern_sg_entries = 0;
9429
9430	/*
9431	 * The control device is always connected.  The disk device, on the
9432	 * other hand, may not be online all the time.  Need to change this
9433	 * to figure out whether the disk device is actually online or not.
9434	 */
9435	if (lun != NULL)
9436		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9437				  lun->be_lun->lun_type;
9438	else
9439		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9440
9441	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9442	sn_ptr->length = CTL_SN_LEN;
9443	/*
9444	 * If we don't have a LUN, we just leave the serial number as
9445	 * all spaces.
9446	 */
9447	if (lun != NULL) {
9448		strncpy((char *)sn_ptr->serial_num,
9449			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9450	} else
9451		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9452
9453	ctl_set_success(ctsio);
9454	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9455	ctsio->be_move_done = ctl_config_move_done;
9456	ctl_datamove((union ctl_io *)ctsio);
9457	return (CTL_RETVAL_COMPLETE);
9458}
9459
9460
9461/*
9462 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9463 */
9464static int
9465ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9466{
9467	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9468	struct ctl_lun *lun;
9469	int data_len;
9470
9471	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9472
9473	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9474	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9475	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9476	ctsio->kern_sg_entries = 0;
9477
9478	if (data_len < alloc_len) {
9479		ctsio->residual = alloc_len - data_len;
9480		ctsio->kern_data_len = data_len;
9481		ctsio->kern_total_len = data_len;
9482	} else {
9483		ctsio->residual = 0;
9484		ctsio->kern_data_len = alloc_len;
9485		ctsio->kern_total_len = alloc_len;
9486	}
9487	ctsio->kern_data_resid = 0;
9488	ctsio->kern_rel_offset = 0;
9489	ctsio->kern_sg_entries = 0;
9490
9491	/*
9492	 * The control device is always connected.  The disk device, on the
9493	 * other hand, may not be online all the time.
9494	 */
9495	if (lun != NULL)
9496		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9497				     lun->be_lun->lun_type;
9498	else
9499		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9500	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9501	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9502	/*
9503	 * We support head of queue, ordered and simple tags.
9504	 */
9505	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9506	/*
9507	 * Volatile cache supported.
9508	 */
9509	eid_ptr->flags3 = SVPD_EID_V_SUP;
9510
9511	/*
9512	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9513	 * attention for a particular IT nexus on all LUNs once we report
9514	 * it to that nexus once.  This bit is required as of SPC-4.
9515	 */
9516	eid_ptr->flags4 = SVPD_EID_LUICLT;
9517
9518	/*
9519	 * XXX KDM in order to correctly answer this, we would need
9520	 * information from the SIM to determine how much sense data it
9521	 * can send.  So this would really be a path inquiry field, most
9522	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9523	 * but the hardware may or may not be able to support that much.
9524	 * 0 just means that the maximum sense data length is not reported.
9525	 */
9526	eid_ptr->max_sense_length = 0;
9527
9528	ctl_set_success(ctsio);
9529	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9530	ctsio->be_move_done = ctl_config_move_done;
9531	ctl_datamove((union ctl_io *)ctsio);
9532	return (CTL_RETVAL_COMPLETE);
9533}
9534
9535static int
9536ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9537{
9538	struct scsi_vpd_mode_page_policy *mpp_ptr;
9539	struct ctl_lun *lun;
9540	int data_len;
9541
9542	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9543
9544	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9545	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9546
9547	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9548	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9549	ctsio->kern_sg_entries = 0;
9550
9551	if (data_len < alloc_len) {
9552		ctsio->residual = alloc_len - data_len;
9553		ctsio->kern_data_len = data_len;
9554		ctsio->kern_total_len = data_len;
9555	} else {
9556		ctsio->residual = 0;
9557		ctsio->kern_data_len = alloc_len;
9558		ctsio->kern_total_len = alloc_len;
9559	}
9560	ctsio->kern_data_resid = 0;
9561	ctsio->kern_rel_offset = 0;
9562	ctsio->kern_sg_entries = 0;
9563
9564	/*
9565	 * The control device is always connected.  The disk device, on the
9566	 * other hand, may not be online all the time.
9567	 */
9568	if (lun != NULL)
9569		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9570				     lun->be_lun->lun_type;
9571	else
9572		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9573	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9574	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9575	mpp_ptr->descr[0].page_code = 0x3f;
9576	mpp_ptr->descr[0].subpage_code = 0xff;
9577	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9578
9579	ctl_set_success(ctsio);
9580	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9581	ctsio->be_move_done = ctl_config_move_done;
9582	ctl_datamove((union ctl_io *)ctsio);
9583	return (CTL_RETVAL_COMPLETE);
9584}
9585
9586/*
9587 * SCSI VPD page 0x83, the Device Identification page.
9588 */
9589static int
9590ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9591{
9592	struct scsi_vpd_device_id *devid_ptr;
9593	struct scsi_vpd_id_descriptor *desc;
9594	struct ctl_softc *softc;
9595	struct ctl_lun *lun;
9596	struct ctl_port *port;
9597	int data_len;
9598	uint8_t proto;
9599
9600	softc = control_softc;
9601
9602	port = ctl_io_port(&ctsio->io_hdr);
9603	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9604
9605	data_len = sizeof(struct scsi_vpd_device_id) +
9606	    sizeof(struct scsi_vpd_id_descriptor) +
9607		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9608	    sizeof(struct scsi_vpd_id_descriptor) +
9609		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9610	if (lun && lun->lun_devid)
9611		data_len += lun->lun_devid->len;
9612	if (port && port->port_devid)
9613		data_len += port->port_devid->len;
9614	if (port && port->target_devid)
9615		data_len += port->target_devid->len;
9616
9617	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9618	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9619	ctsio->kern_sg_entries = 0;
9620
9621	if (data_len < alloc_len) {
9622		ctsio->residual = alloc_len - data_len;
9623		ctsio->kern_data_len = data_len;
9624		ctsio->kern_total_len = data_len;
9625	} else {
9626		ctsio->residual = 0;
9627		ctsio->kern_data_len = alloc_len;
9628		ctsio->kern_total_len = alloc_len;
9629	}
9630	ctsio->kern_data_resid = 0;
9631	ctsio->kern_rel_offset = 0;
9632	ctsio->kern_sg_entries = 0;
9633
9634	/*
9635	 * The control device is always connected.  The disk device, on the
9636	 * other hand, may not be online all the time.
9637	 */
9638	if (lun != NULL)
9639		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9640				     lun->be_lun->lun_type;
9641	else
9642		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9643	devid_ptr->page_code = SVPD_DEVICE_ID;
9644	scsi_ulto2b(data_len - 4, devid_ptr->length);
9645
9646	if (port && port->port_type == CTL_PORT_FC)
9647		proto = SCSI_PROTO_FC << 4;
9648	else if (port && port->port_type == CTL_PORT_ISCSI)
9649		proto = SCSI_PROTO_ISCSI << 4;
9650	else
9651		proto = SCSI_PROTO_SPI << 4;
9652	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9653
9654	/*
9655	 * We're using a LUN association here.  i.e., this device ID is a
9656	 * per-LUN identifier.
9657	 */
9658	if (lun && lun->lun_devid) {
9659		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9660		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9661		    lun->lun_devid->len);
9662	}
9663
9664	/*
9665	 * This is for the WWPN which is a port association.
9666	 */
9667	if (port && port->port_devid) {
9668		memcpy(desc, port->port_devid->data, port->port_devid->len);
9669		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9670		    port->port_devid->len);
9671	}
9672
9673	/*
9674	 * This is for the Relative Target Port(type 4h) identifier
9675	 */
9676	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9677	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9678	    SVPD_ID_TYPE_RELTARG;
9679	desc->length = 4;
9680	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9681	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9682	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9683
9684	/*
9685	 * This is for the Target Port Group(type 5h) identifier
9686	 */
9687	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9688	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9689	    SVPD_ID_TYPE_TPORTGRP;
9690	desc->length = 4;
9691	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9692	    &desc->identifier[2]);
9693	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9694	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9695
9696	/*
9697	 * This is for the Target identifier
9698	 */
9699	if (port && port->target_devid) {
9700		memcpy(desc, port->target_devid->data, port->target_devid->len);
9701	}
9702
9703	ctl_set_success(ctsio);
9704	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9705	ctsio->be_move_done = ctl_config_move_done;
9706	ctl_datamove((union ctl_io *)ctsio);
9707	return (CTL_RETVAL_COMPLETE);
9708}
9709
9710static int
9711ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9712{
9713	struct ctl_softc *softc = control_softc;
9714	struct scsi_vpd_scsi_ports *sp;
9715	struct scsi_vpd_port_designation *pd;
9716	struct scsi_vpd_port_designation_cont *pdc;
9717	struct ctl_lun *lun;
9718	struct ctl_port *port;
9719	int data_len, num_target_ports, iid_len, id_len;
9720
9721	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9722
9723	num_target_ports = 0;
9724	iid_len = 0;
9725	id_len = 0;
9726	mtx_lock(&softc->ctl_lock);
9727	STAILQ_FOREACH(port, &softc->port_list, links) {
9728		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9729			continue;
9730		if (lun != NULL &&
9731		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9732			continue;
9733		num_target_ports++;
9734		if (port->init_devid)
9735			iid_len += port->init_devid->len;
9736		if (port->port_devid)
9737			id_len += port->port_devid->len;
9738	}
9739	mtx_unlock(&softc->ctl_lock);
9740
9741	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9742	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9743	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9744	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9745	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9746	ctsio->kern_sg_entries = 0;
9747
9748	if (data_len < alloc_len) {
9749		ctsio->residual = alloc_len - data_len;
9750		ctsio->kern_data_len = data_len;
9751		ctsio->kern_total_len = data_len;
9752	} else {
9753		ctsio->residual = 0;
9754		ctsio->kern_data_len = alloc_len;
9755		ctsio->kern_total_len = alloc_len;
9756	}
9757	ctsio->kern_data_resid = 0;
9758	ctsio->kern_rel_offset = 0;
9759	ctsio->kern_sg_entries = 0;
9760
9761	/*
9762	 * The control device is always connected.  The disk device, on the
9763	 * other hand, may not be online all the time.  Need to change this
9764	 * to figure out whether the disk device is actually online or not.
9765	 */
9766	if (lun != NULL)
9767		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9768				  lun->be_lun->lun_type;
9769	else
9770		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9771
9772	sp->page_code = SVPD_SCSI_PORTS;
9773	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9774	    sp->page_length);
9775	pd = &sp->design[0];
9776
9777	mtx_lock(&softc->ctl_lock);
9778	STAILQ_FOREACH(port, &softc->port_list, links) {
9779		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9780			continue;
9781		if (lun != NULL &&
9782		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9783			continue;
9784		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9785		if (port->init_devid) {
9786			iid_len = port->init_devid->len;
9787			memcpy(pd->initiator_transportid,
9788			    port->init_devid->data, port->init_devid->len);
9789		} else
9790			iid_len = 0;
9791		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9792		pdc = (struct scsi_vpd_port_designation_cont *)
9793		    (&pd->initiator_transportid[iid_len]);
9794		if (port->port_devid) {
9795			id_len = port->port_devid->len;
9796			memcpy(pdc->target_port_descriptors,
9797			    port->port_devid->data, port->port_devid->len);
9798		} else
9799			id_len = 0;
9800		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9801		pd = (struct scsi_vpd_port_designation *)
9802		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9803	}
9804	mtx_unlock(&softc->ctl_lock);
9805
9806	ctl_set_success(ctsio);
9807	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9808	ctsio->be_move_done = ctl_config_move_done;
9809	ctl_datamove((union ctl_io *)ctsio);
9810	return (CTL_RETVAL_COMPLETE);
9811}
9812
9813static int
9814ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9815{
9816	struct scsi_vpd_block_limits *bl_ptr;
9817	struct ctl_lun *lun;
9818
9819	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9820
9821	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9822	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9823	ctsio->kern_sg_entries = 0;
9824
9825	if (sizeof(*bl_ptr) < alloc_len) {
9826		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9827		ctsio->kern_data_len = sizeof(*bl_ptr);
9828		ctsio->kern_total_len = sizeof(*bl_ptr);
9829	} else {
9830		ctsio->residual = 0;
9831		ctsio->kern_data_len = alloc_len;
9832		ctsio->kern_total_len = alloc_len;
9833	}
9834	ctsio->kern_data_resid = 0;
9835	ctsio->kern_rel_offset = 0;
9836	ctsio->kern_sg_entries = 0;
9837
9838	/*
9839	 * The control device is always connected.  The disk device, on the
9840	 * other hand, may not be online all the time.  Need to change this
9841	 * to figure out whether the disk device is actually online or not.
9842	 */
9843	if (lun != NULL)
9844		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9845				  lun->be_lun->lun_type;
9846	else
9847		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9848
9849	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9850	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9851	bl_ptr->max_cmp_write_len = 0xff;
9852	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9853	if (lun != NULL) {
9854		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9855		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9856			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9857			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9858			if (lun->be_lun->ublockexp != 0) {
9859				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9860				    bl_ptr->opt_unmap_grain);
9861				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9862				    bl_ptr->unmap_grain_align);
9863			}
9864		}
9865		scsi_ulto4b(lun->be_lun->atomicblock,
9866		    bl_ptr->max_atomic_transfer_length);
9867		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9868		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9869		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9870		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9871	}
9872	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9873
9874	ctl_set_success(ctsio);
9875	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9876	ctsio->be_move_done = ctl_config_move_done;
9877	ctl_datamove((union ctl_io *)ctsio);
9878	return (CTL_RETVAL_COMPLETE);
9879}
9880
9881static int
9882ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9883{
9884	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9885	struct ctl_lun *lun;
9886	const char *value;
9887	u_int i;
9888
9889	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9890
9891	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9892	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9893	ctsio->kern_sg_entries = 0;
9894
9895	if (sizeof(*bdc_ptr) < alloc_len) {
9896		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9897		ctsio->kern_data_len = sizeof(*bdc_ptr);
9898		ctsio->kern_total_len = sizeof(*bdc_ptr);
9899	} else {
9900		ctsio->residual = 0;
9901		ctsio->kern_data_len = alloc_len;
9902		ctsio->kern_total_len = alloc_len;
9903	}
9904	ctsio->kern_data_resid = 0;
9905	ctsio->kern_rel_offset = 0;
9906	ctsio->kern_sg_entries = 0;
9907
9908	/*
9909	 * The control device is always connected.  The disk device, on the
9910	 * other hand, may not be online all the time.  Need to change this
9911	 * to figure out whether the disk device is actually online or not.
9912	 */
9913	if (lun != NULL)
9914		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9915				  lun->be_lun->lun_type;
9916	else
9917		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9918	bdc_ptr->page_code = SVPD_BDC;
9919	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9920	if (lun != NULL &&
9921	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9922		i = strtol(value, NULL, 0);
9923	else
9924		i = CTL_DEFAULT_ROTATION_RATE;
9925	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9926	if (lun != NULL &&
9927	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9928		i = strtol(value, NULL, 0);
9929	else
9930		i = 0;
9931	bdc_ptr->wab_wac_ff = (i & 0x0f);
9932	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9933
9934	ctl_set_success(ctsio);
9935	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9936	ctsio->be_move_done = ctl_config_move_done;
9937	ctl_datamove((union ctl_io *)ctsio);
9938	return (CTL_RETVAL_COMPLETE);
9939}
9940
9941static int
9942ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9943{
9944	struct scsi_vpd_logical_block_prov *lbp_ptr;
9945	struct ctl_lun *lun;
9946
9947	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9948
9949	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9950	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9951	ctsio->kern_sg_entries = 0;
9952
9953	if (sizeof(*lbp_ptr) < alloc_len) {
9954		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9955		ctsio->kern_data_len = sizeof(*lbp_ptr);
9956		ctsio->kern_total_len = sizeof(*lbp_ptr);
9957	} else {
9958		ctsio->residual = 0;
9959		ctsio->kern_data_len = alloc_len;
9960		ctsio->kern_total_len = alloc_len;
9961	}
9962	ctsio->kern_data_resid = 0;
9963	ctsio->kern_rel_offset = 0;
9964	ctsio->kern_sg_entries = 0;
9965
9966	/*
9967	 * The control device is always connected.  The disk device, on the
9968	 * other hand, may not be online all the time.  Need to change this
9969	 * to figure out whether the disk device is actually online or not.
9970	 */
9971	if (lun != NULL)
9972		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9973				  lun->be_lun->lun_type;
9974	else
9975		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9976
9977	lbp_ptr->page_code = SVPD_LBP;
9978	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9979	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9980	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9981		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9982		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9983		lbp_ptr->prov_type = SVPD_LBP_THIN;
9984	}
9985
9986	ctl_set_success(ctsio);
9987	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9988	ctsio->be_move_done = ctl_config_move_done;
9989	ctl_datamove((union ctl_io *)ctsio);
9990	return (CTL_RETVAL_COMPLETE);
9991}
9992
9993/*
9994 * INQUIRY with the EVPD bit set.
9995 */
9996static int
9997ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9998{
9999	struct ctl_lun *lun;
10000	struct scsi_inquiry *cdb;
10001	int alloc_len, retval;
10002
10003	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10004	cdb = (struct scsi_inquiry *)ctsio->cdb;
10005	alloc_len = scsi_2btoul(cdb->length);
10006
10007	switch (cdb->page_code) {
10008	case SVPD_SUPPORTED_PAGES:
10009		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10010		break;
10011	case SVPD_UNIT_SERIAL_NUMBER:
10012		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10013		break;
10014	case SVPD_DEVICE_ID:
10015		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10016		break;
10017	case SVPD_EXTENDED_INQUIRY_DATA:
10018		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10019		break;
10020	case SVPD_MODE_PAGE_POLICY:
10021		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10022		break;
10023	case SVPD_SCSI_PORTS:
10024		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10025		break;
10026	case SVPD_SCSI_TPC:
10027		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10028		break;
10029	case SVPD_BLOCK_LIMITS:
10030		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10031			goto err;
10032		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10033		break;
10034	case SVPD_BDC:
10035		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10036			goto err;
10037		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10038		break;
10039	case SVPD_LBP:
10040		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10041			goto err;
10042		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10043		break;
10044	default:
10045err:
10046		ctl_set_invalid_field(ctsio,
10047				      /*sks_valid*/ 1,
10048				      /*command*/ 1,
10049				      /*field*/ 2,
10050				      /*bit_valid*/ 0,
10051				      /*bit*/ 0);
10052		ctl_done((union ctl_io *)ctsio);
10053		retval = CTL_RETVAL_COMPLETE;
10054		break;
10055	}
10056
10057	return (retval);
10058}
10059
10060/*
10061 * Standard INQUIRY data.
10062 */
10063static int
10064ctl_inquiry_std(struct ctl_scsiio *ctsio)
10065{
10066	struct scsi_inquiry_data *inq_ptr;
10067	struct scsi_inquiry *cdb;
10068	struct ctl_softc *softc = control_softc;
10069	struct ctl_port *port;
10070	struct ctl_lun *lun;
10071	char *val;
10072	uint32_t alloc_len, data_len;
10073	ctl_port_type port_type;
10074
10075	port = ctl_io_port(&ctsio->io_hdr);
10076	port_type = port->port_type;
10077	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10078		port_type = CTL_PORT_SCSI;
10079
10080	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10081	cdb = (struct scsi_inquiry *)ctsio->cdb;
10082	alloc_len = scsi_2btoul(cdb->length);
10083
10084	/*
10085	 * We malloc the full inquiry data size here and fill it
10086	 * in.  If the user only asks for less, we'll give him
10087	 * that much.
10088	 */
10089	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10090	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10091	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10092	ctsio->kern_sg_entries = 0;
10093	ctsio->kern_data_resid = 0;
10094	ctsio->kern_rel_offset = 0;
10095
10096	if (data_len < alloc_len) {
10097		ctsio->residual = alloc_len - data_len;
10098		ctsio->kern_data_len = data_len;
10099		ctsio->kern_total_len = data_len;
10100	} else {
10101		ctsio->residual = 0;
10102		ctsio->kern_data_len = alloc_len;
10103		ctsio->kern_total_len = alloc_len;
10104	}
10105
10106	if (lun != NULL) {
10107		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10108		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10109			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10110			    lun->be_lun->lun_type;
10111		} else {
10112			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10113			    lun->be_lun->lun_type;
10114		}
10115		if (lun->flags & CTL_LUN_REMOVABLE)
10116			inq_ptr->dev_qual2 |= SID_RMB;
10117	} else
10118		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10119
10120	/* RMB in byte 2 is 0 */
10121	inq_ptr->version = SCSI_REV_SPC4;
10122
10123	/*
10124	 * According to SAM-3, even if a device only supports a single
10125	 * level of LUN addressing, it should still set the HISUP bit:
10126	 *
10127	 * 4.9.1 Logical unit numbers overview
10128	 *
10129	 * All logical unit number formats described in this standard are
10130	 * hierarchical in structure even when only a single level in that
10131	 * hierarchy is used. The HISUP bit shall be set to one in the
10132	 * standard INQUIRY data (see SPC-2) when any logical unit number
10133	 * format described in this standard is used.  Non-hierarchical
10134	 * formats are outside the scope of this standard.
10135	 *
10136	 * Therefore we set the HiSup bit here.
10137	 *
10138	 * The reponse format is 2, per SPC-3.
10139	 */
10140	inq_ptr->response_format = SID_HiSup | 2;
10141
10142	inq_ptr->additional_length = data_len -
10143	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10144	CTL_DEBUG_PRINT(("additional_length = %d\n",
10145			 inq_ptr->additional_length));
10146
10147	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10148	if (port_type == CTL_PORT_SCSI)
10149		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10150	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10151	inq_ptr->flags = SID_CmdQue;
10152	if (port_type == CTL_PORT_SCSI)
10153		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10154
10155	/*
10156	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10157	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10158	 * name and 4 bytes for the revision.
10159	 */
10160	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10161	    "vendor")) == NULL) {
10162		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10163	} else {
10164		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10165		strncpy(inq_ptr->vendor, val,
10166		    min(sizeof(inq_ptr->vendor), strlen(val)));
10167	}
10168	if (lun == NULL) {
10169		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10170		    sizeof(inq_ptr->product));
10171	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10172		switch (lun->be_lun->lun_type) {
10173		case T_DIRECT:
10174			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10175			    sizeof(inq_ptr->product));
10176			break;
10177		case T_PROCESSOR:
10178			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10179			    sizeof(inq_ptr->product));
10180			break;
10181		case T_CDROM:
10182			strncpy(inq_ptr->product, CTL_CDROM_PRODUCT,
10183			    sizeof(inq_ptr->product));
10184			break;
10185		default:
10186			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10187			    sizeof(inq_ptr->product));
10188			break;
10189		}
10190	} else {
10191		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10192		strncpy(inq_ptr->product, val,
10193		    min(sizeof(inq_ptr->product), strlen(val)));
10194	}
10195
10196	/*
10197	 * XXX make this a macro somewhere so it automatically gets
10198	 * incremented when we make changes.
10199	 */
10200	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10201	    "revision")) == NULL) {
10202		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10203	} else {
10204		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10205		strncpy(inq_ptr->revision, val,
10206		    min(sizeof(inq_ptr->revision), strlen(val)));
10207	}
10208
10209	/*
10210	 * For parallel SCSI, we support double transition and single
10211	 * transition clocking.  We also support QAS (Quick Arbitration
10212	 * and Selection) and Information Unit transfers on both the
10213	 * control and array devices.
10214	 */
10215	if (port_type == CTL_PORT_SCSI)
10216		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10217				    SID_SPI_IUS;
10218
10219	/* SAM-5 (no version claimed) */
10220	scsi_ulto2b(0x00A0, inq_ptr->version1);
10221	/* SPC-4 (no version claimed) */
10222	scsi_ulto2b(0x0460, inq_ptr->version2);
10223	if (port_type == CTL_PORT_FC) {
10224		/* FCP-2 ANSI INCITS.350:2003 */
10225		scsi_ulto2b(0x0917, inq_ptr->version3);
10226	} else if (port_type == CTL_PORT_SCSI) {
10227		/* SPI-4 ANSI INCITS.362:200x */
10228		scsi_ulto2b(0x0B56, inq_ptr->version3);
10229	} else if (port_type == CTL_PORT_ISCSI) {
10230		/* iSCSI (no version claimed) */
10231		scsi_ulto2b(0x0960, inq_ptr->version3);
10232	} else if (port_type == CTL_PORT_SAS) {
10233		/* SAS (no version claimed) */
10234		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10235	}
10236
10237	if (lun == NULL) {
10238		/* SBC-4 (no version claimed) */
10239		scsi_ulto2b(0x0600, inq_ptr->version4);
10240	} else {
10241		switch (lun->be_lun->lun_type) {
10242		case T_DIRECT:
10243			/* SBC-4 (no version claimed) */
10244			scsi_ulto2b(0x0600, inq_ptr->version4);
10245			break;
10246		case T_PROCESSOR:
10247			break;
10248		case T_CDROM:
10249			/* MMC-6 (no version claimed) */
10250			scsi_ulto2b(0x04E0, inq_ptr->version4);
10251			break;
10252		default:
10253			break;
10254		}
10255	}
10256
10257	ctl_set_success(ctsio);
10258	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10259	ctsio->be_move_done = ctl_config_move_done;
10260	ctl_datamove((union ctl_io *)ctsio);
10261	return (CTL_RETVAL_COMPLETE);
10262}
10263
10264int
10265ctl_inquiry(struct ctl_scsiio *ctsio)
10266{
10267	struct scsi_inquiry *cdb;
10268	int retval;
10269
10270	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10271
10272	cdb = (struct scsi_inquiry *)ctsio->cdb;
10273	if (cdb->byte2 & SI_EVPD)
10274		retval = ctl_inquiry_evpd(ctsio);
10275	else if (cdb->page_code == 0)
10276		retval = ctl_inquiry_std(ctsio);
10277	else {
10278		ctl_set_invalid_field(ctsio,
10279				      /*sks_valid*/ 1,
10280				      /*command*/ 1,
10281				      /*field*/ 2,
10282				      /*bit_valid*/ 0,
10283				      /*bit*/ 0);
10284		ctl_done((union ctl_io *)ctsio);
10285		return (CTL_RETVAL_COMPLETE);
10286	}
10287
10288	return (retval);
10289}
10290
10291int
10292ctl_get_config(struct ctl_scsiio *ctsio)
10293{
10294	struct scsi_get_config_header *hdr;
10295	struct scsi_get_config_feature *feature;
10296	struct scsi_get_config *cdb;
10297	struct ctl_lun *lun;
10298	uint32_t alloc_len, data_len;
10299	int rt, starting;
10300
10301	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10302	cdb = (struct scsi_get_config *)ctsio->cdb;
10303	rt = (cdb->rt & SGC_RT_MASK);
10304	starting = scsi_2btoul(cdb->starting_feature);
10305	alloc_len = scsi_2btoul(cdb->length);
10306
10307	data_len = sizeof(struct scsi_get_config_header) +
10308	    sizeof(struct scsi_get_config_feature) + 8 +
10309	    sizeof(struct scsi_get_config_feature) + 8 +
10310	    sizeof(struct scsi_get_config_feature) + 4 +
10311	    sizeof(struct scsi_get_config_feature) + 4 +
10312	    sizeof(struct scsi_get_config_feature) + 8 +
10313	    sizeof(struct scsi_get_config_feature) +
10314	    sizeof(struct scsi_get_config_feature) + 4 +
10315	    sizeof(struct scsi_get_config_feature) + 4 +
10316	    sizeof(struct scsi_get_config_feature) + 4 +
10317	    sizeof(struct scsi_get_config_feature) + 4 +
10318	    sizeof(struct scsi_get_config_feature) + 4 +
10319	    sizeof(struct scsi_get_config_feature) + 4;
10320	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10321	ctsio->kern_sg_entries = 0;
10322	ctsio->kern_data_resid = 0;
10323	ctsio->kern_rel_offset = 0;
10324
10325	hdr = (struct scsi_get_config_header *)ctsio->kern_data_ptr;
10326	if (lun->flags & CTL_LUN_NO_MEDIA)
10327		scsi_ulto2b(0x0000, hdr->current_profile);
10328	else
10329		scsi_ulto2b(0x0010, hdr->current_profile);
10330	feature = (struct scsi_get_config_feature *)(hdr + 1);
10331
10332	if (starting > 0x003b)
10333		goto done;
10334	if (starting > 0x003a)
10335		goto f3b;
10336	if (starting > 0x002b)
10337		goto f3a;
10338	if (starting > 0x002a)
10339		goto f2b;
10340	if (starting > 0x001f)
10341		goto f2a;
10342	if (starting > 0x001e)
10343		goto f1f;
10344	if (starting > 0x001d)
10345		goto f1e;
10346	if (starting > 0x0010)
10347		goto f1d;
10348	if (starting > 0x0003)
10349		goto f10;
10350	if (starting > 0x0002)
10351		goto f3;
10352	if (starting > 0x0001)
10353		goto f2;
10354	if (starting > 0x0000)
10355		goto f1;
10356
10357	/* Profile List */
10358	scsi_ulto2b(0x0000, feature->feature_code);
10359	feature->flags = SGC_F_PERSISTENT | SGC_F_CURRENT;
10360	feature->add_length = 8;
10361	scsi_ulto2b(0x0008, &feature->feature_data[0]);	/* CD-ROM */
10362	feature->feature_data[2] = 0x00;
10363	scsi_ulto2b(0x0010, &feature->feature_data[4]);	/* DVD-ROM */
10364	feature->feature_data[6] = 0x01;
10365	feature = (struct scsi_get_config_feature *)
10366	    &feature->feature_data[feature->add_length];
10367
10368f1:	/* Core */
10369	scsi_ulto2b(0x0001, feature->feature_code);
10370	feature->flags = 0x08 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10371	feature->add_length = 8;
10372	scsi_ulto4b(0x00000000, &feature->feature_data[0]);
10373	feature->feature_data[4] = 0x03;
10374	feature = (struct scsi_get_config_feature *)
10375	    &feature->feature_data[feature->add_length];
10376
10377f2:	/* Morphing */
10378	scsi_ulto2b(0x0002, feature->feature_code);
10379	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10380	feature->add_length = 4;
10381	feature->feature_data[0] = 0x02;
10382	feature = (struct scsi_get_config_feature *)
10383	    &feature->feature_data[feature->add_length];
10384
10385f3:	/* Removable Medium */
10386	scsi_ulto2b(0x0003, feature->feature_code);
10387	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10388	feature->add_length = 4;
10389	feature->feature_data[0] = 0x39;
10390	feature = (struct scsi_get_config_feature *)
10391	    &feature->feature_data[feature->add_length];
10392
10393	if (rt == SGC_RT_CURRENT && (lun->flags & CTL_LUN_NO_MEDIA))
10394		goto done;
10395
10396f10:	/* Random Read */
10397	scsi_ulto2b(0x0010, feature->feature_code);
10398	feature->flags = 0x00;
10399	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10400		feature->flags |= SGC_F_CURRENT;
10401	feature->add_length = 8;
10402	scsi_ulto4b(lun->be_lun->blocksize, &feature->feature_data[0]);
10403	scsi_ulto2b(1, &feature->feature_data[4]);
10404	feature->feature_data[6] = 0x00;
10405	feature = (struct scsi_get_config_feature *)
10406	    &feature->feature_data[feature->add_length];
10407
10408f1d:	/* Multi-Read */
10409	scsi_ulto2b(0x001D, feature->feature_code);
10410	feature->flags = 0x00;
10411	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10412		feature->flags |= SGC_F_CURRENT;
10413	feature->add_length = 0;
10414	feature = (struct scsi_get_config_feature *)
10415	    &feature->feature_data[feature->add_length];
10416
10417f1e:	/* CD Read */
10418	scsi_ulto2b(0x001E, feature->feature_code);
10419	feature->flags = 0x00;
10420	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10421		feature->flags |= SGC_F_CURRENT;
10422	feature->add_length = 4;
10423	feature->feature_data[0] = 0x00;
10424	feature = (struct scsi_get_config_feature *)
10425	    &feature->feature_data[feature->add_length];
10426
10427f1f:	/* DVD Read */
10428	scsi_ulto2b(0x001F, feature->feature_code);
10429	feature->flags = 0x08;
10430	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10431		feature->flags |= SGC_F_CURRENT;
10432	feature->add_length = 4;
10433	feature->feature_data[0] = 0x01;
10434	feature->feature_data[2] = 0x03;
10435	feature = (struct scsi_get_config_feature *)
10436	    &feature->feature_data[feature->add_length];
10437
10438f2a:	/* DVD+RW */
10439	scsi_ulto2b(0x002A, feature->feature_code);
10440	feature->flags = 0x04;
10441	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10442		feature->flags |= SGC_F_CURRENT;
10443	feature->add_length = 4;
10444	feature->feature_data[0] = 0x00;
10445	feature->feature_data[1] = 0x00;
10446	feature = (struct scsi_get_config_feature *)
10447	    &feature->feature_data[feature->add_length];
10448
10449f2b:	/* DVD+R */
10450	scsi_ulto2b(0x002B, feature->feature_code);
10451	feature->flags = 0x00;
10452	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10453		feature->flags |= SGC_F_CURRENT;
10454	feature->add_length = 4;
10455	feature->feature_data[0] = 0x00;
10456	feature = (struct scsi_get_config_feature *)
10457	    &feature->feature_data[feature->add_length];
10458
10459f3a:	/* DVD+RW Dual Layer */
10460	scsi_ulto2b(0x003A, feature->feature_code);
10461	feature->flags = 0x00;
10462	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10463		feature->flags |= SGC_F_CURRENT;
10464	feature->add_length = 4;
10465	feature->feature_data[0] = 0x00;
10466	feature->feature_data[1] = 0x00;
10467	feature = (struct scsi_get_config_feature *)
10468	    &feature->feature_data[feature->add_length];
10469
10470f3b:	/* DVD+R Dual Layer */
10471	scsi_ulto2b(0x003B, feature->feature_code);
10472	feature->flags = 0x00;
10473	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10474		feature->flags |= SGC_F_CURRENT;
10475	feature->add_length = 4;
10476	feature->feature_data[0] = 0x00;
10477	feature = (struct scsi_get_config_feature *)
10478	    &feature->feature_data[feature->add_length];
10479
10480done:
10481	data_len = (uint8_t *)feature - (uint8_t *)hdr;
10482	if (rt == SGC_RT_SPECIFIC && data_len > 4) {
10483		feature = (struct scsi_get_config_feature *)(hdr + 1);
10484		if (scsi_2btoul(feature->feature_code) == starting)
10485			feature = (struct scsi_get_config_feature *)
10486			    &feature->feature_data[feature->add_length];
10487		data_len = (uint8_t *)feature - (uint8_t *)hdr;
10488	}
10489	scsi_ulto4b(data_len - 4, hdr->data_length);
10490	if (data_len < alloc_len) {
10491		ctsio->residual = alloc_len - data_len;
10492		ctsio->kern_data_len = data_len;
10493		ctsio->kern_total_len = data_len;
10494	} else {
10495		ctsio->residual = 0;
10496		ctsio->kern_data_len = alloc_len;
10497		ctsio->kern_total_len = alloc_len;
10498	}
10499
10500	ctl_set_success(ctsio);
10501	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10502	ctsio->be_move_done = ctl_config_move_done;
10503	ctl_datamove((union ctl_io *)ctsio);
10504	return (CTL_RETVAL_COMPLETE);
10505}
10506
10507int
10508ctl_get_event_status(struct ctl_scsiio *ctsio)
10509{
10510	struct scsi_get_event_status_header *hdr;
10511	struct scsi_get_event_status *cdb;
10512	struct ctl_lun *lun;
10513	uint32_t alloc_len, data_len;
10514	int notif_class;
10515
10516	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10517	cdb = (struct scsi_get_event_status *)ctsio->cdb;
10518	if ((cdb->byte2 & SGESN_POLLED) == 0) {
10519		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
10520		    /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
10521		ctl_done((union ctl_io *)ctsio);
10522		return (CTL_RETVAL_COMPLETE);
10523	}
10524	notif_class = cdb->notif_class;
10525	alloc_len = scsi_2btoul(cdb->length);
10526
10527	data_len = sizeof(struct scsi_get_event_status_header);
10528	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10529	ctsio->kern_sg_entries = 0;
10530	ctsio->kern_data_resid = 0;
10531	ctsio->kern_rel_offset = 0;
10532
10533	if (data_len < alloc_len) {
10534		ctsio->residual = alloc_len - data_len;
10535		ctsio->kern_data_len = data_len;
10536		ctsio->kern_total_len = data_len;
10537	} else {
10538		ctsio->residual = 0;
10539		ctsio->kern_data_len = alloc_len;
10540		ctsio->kern_total_len = alloc_len;
10541	}
10542
10543	hdr = (struct scsi_get_event_status_header *)ctsio->kern_data_ptr;
10544	scsi_ulto2b(0, hdr->descr_length);
10545	hdr->nea_class = SGESN_NEA;
10546	hdr->supported_class = 0;
10547
10548	ctl_set_success(ctsio);
10549	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10550	ctsio->be_move_done = ctl_config_move_done;
10551	ctl_datamove((union ctl_io *)ctsio);
10552	return (CTL_RETVAL_COMPLETE);
10553}
10554
10555int
10556ctl_mechanism_status(struct ctl_scsiio *ctsio)
10557{
10558	struct scsi_mechanism_status_header *hdr;
10559	struct scsi_mechanism_status *cdb;
10560	struct ctl_lun *lun;
10561	uint32_t alloc_len, data_len;
10562
10563	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10564	cdb = (struct scsi_mechanism_status *)ctsio->cdb;
10565	alloc_len = scsi_2btoul(cdb->length);
10566
10567	data_len = sizeof(struct scsi_mechanism_status_header);
10568	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10569	ctsio->kern_sg_entries = 0;
10570	ctsio->kern_data_resid = 0;
10571	ctsio->kern_rel_offset = 0;
10572
10573	if (data_len < alloc_len) {
10574		ctsio->residual = alloc_len - data_len;
10575		ctsio->kern_data_len = data_len;
10576		ctsio->kern_total_len = data_len;
10577	} else {
10578		ctsio->residual = 0;
10579		ctsio->kern_data_len = alloc_len;
10580		ctsio->kern_total_len = alloc_len;
10581	}
10582
10583	hdr = (struct scsi_mechanism_status_header *)ctsio->kern_data_ptr;
10584	hdr->state1 = 0x00;
10585	hdr->state2 = 0xe0;
10586	scsi_ulto3b(0, hdr->lba);
10587	hdr->slots_num = 0;
10588	scsi_ulto2b(0, hdr->slots_length);
10589
10590	ctl_set_success(ctsio);
10591	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10592	ctsio->be_move_done = ctl_config_move_done;
10593	ctl_datamove((union ctl_io *)ctsio);
10594	return (CTL_RETVAL_COMPLETE);
10595}
10596
10597static void
10598ctl_ultomsf(uint32_t lba, uint8_t *buf)
10599{
10600
10601	lba += 150;
10602	buf[0] = 0;
10603	buf[1] = bin2bcd((lba / 75) / 60);
10604	buf[2] = bin2bcd((lba / 75) % 60);
10605	buf[3] = bin2bcd(lba % 75);
10606}
10607
10608int
10609ctl_read_toc(struct ctl_scsiio *ctsio)
10610{
10611	struct scsi_read_toc_hdr *hdr;
10612	struct scsi_read_toc_type01_descr *descr;
10613	struct scsi_read_toc *cdb;
10614	struct ctl_lun *lun;
10615	uint32_t alloc_len, data_len;
10616	int format, msf;
10617
10618	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10619	cdb = (struct scsi_read_toc *)ctsio->cdb;
10620	msf = (cdb->byte2 & CD_MSF) != 0;
10621	format = cdb->format;
10622	alloc_len = scsi_2btoul(cdb->data_len);
10623
10624	data_len = sizeof(struct scsi_read_toc_hdr);
10625	if (format == 0)
10626		data_len += 2 * sizeof(struct scsi_read_toc_type01_descr);
10627	else
10628		data_len += sizeof(struct scsi_read_toc_type01_descr);
10629	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10630	ctsio->kern_sg_entries = 0;
10631	ctsio->kern_data_resid = 0;
10632	ctsio->kern_rel_offset = 0;
10633
10634	if (data_len < alloc_len) {
10635		ctsio->residual = alloc_len - data_len;
10636		ctsio->kern_data_len = data_len;
10637		ctsio->kern_total_len = data_len;
10638	} else {
10639		ctsio->residual = 0;
10640		ctsio->kern_data_len = alloc_len;
10641		ctsio->kern_total_len = alloc_len;
10642	}
10643
10644	hdr = (struct scsi_read_toc_hdr *)ctsio->kern_data_ptr;
10645	if (format == 0) {
10646		scsi_ulto2b(0x12, hdr->data_length);
10647		hdr->first = 1;
10648		hdr->last = 1;
10649		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10650		descr->addr_ctl = 0x14;
10651		descr->track_number = 1;
10652		if (msf)
10653			ctl_ultomsf(0, descr->track_start);
10654		else
10655			scsi_ulto4b(0, descr->track_start);
10656		descr++;
10657		descr->addr_ctl = 0x14;
10658		descr->track_number = 0xaa;
10659		if (msf)
10660			ctl_ultomsf(lun->be_lun->maxlba+1, descr->track_start);
10661		else
10662			scsi_ulto4b(lun->be_lun->maxlba+1, descr->track_start);
10663	} else {
10664		scsi_ulto2b(0x0a, hdr->data_length);
10665		hdr->first = 1;
10666		hdr->last = 1;
10667		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10668		descr->addr_ctl = 0x14;
10669		descr->track_number = 1;
10670		if (msf)
10671			ctl_ultomsf(0, descr->track_start);
10672		else
10673			scsi_ulto4b(0, descr->track_start);
10674	}
10675
10676	ctl_set_success(ctsio);
10677	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10678	ctsio->be_move_done = ctl_config_move_done;
10679	ctl_datamove((union ctl_io *)ctsio);
10680	return (CTL_RETVAL_COMPLETE);
10681}
10682
10683/*
10684 * For known CDB types, parse the LBA and length.
10685 */
10686static int
10687ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10688{
10689	if (io->io_hdr.io_type != CTL_IO_SCSI)
10690		return (1);
10691
10692	switch (io->scsiio.cdb[0]) {
10693	case COMPARE_AND_WRITE: {
10694		struct scsi_compare_and_write *cdb;
10695
10696		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10697
10698		*lba = scsi_8btou64(cdb->addr);
10699		*len = cdb->length;
10700		break;
10701	}
10702	case READ_6:
10703	case WRITE_6: {
10704		struct scsi_rw_6 *cdb;
10705
10706		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10707
10708		*lba = scsi_3btoul(cdb->addr);
10709		/* only 5 bits are valid in the most significant address byte */
10710		*lba &= 0x1fffff;
10711		*len = cdb->length;
10712		break;
10713	}
10714	case READ_10:
10715	case WRITE_10: {
10716		struct scsi_rw_10 *cdb;
10717
10718		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10719
10720		*lba = scsi_4btoul(cdb->addr);
10721		*len = scsi_2btoul(cdb->length);
10722		break;
10723	}
10724	case WRITE_VERIFY_10: {
10725		struct scsi_write_verify_10 *cdb;
10726
10727		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10728
10729		*lba = scsi_4btoul(cdb->addr);
10730		*len = scsi_2btoul(cdb->length);
10731		break;
10732	}
10733	case READ_12:
10734	case WRITE_12: {
10735		struct scsi_rw_12 *cdb;
10736
10737		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10738
10739		*lba = scsi_4btoul(cdb->addr);
10740		*len = scsi_4btoul(cdb->length);
10741		break;
10742	}
10743	case WRITE_VERIFY_12: {
10744		struct scsi_write_verify_12 *cdb;
10745
10746		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10747
10748		*lba = scsi_4btoul(cdb->addr);
10749		*len = scsi_4btoul(cdb->length);
10750		break;
10751	}
10752	case READ_16:
10753	case WRITE_16: {
10754		struct scsi_rw_16 *cdb;
10755
10756		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10757
10758		*lba = scsi_8btou64(cdb->addr);
10759		*len = scsi_4btoul(cdb->length);
10760		break;
10761	}
10762	case WRITE_ATOMIC_16: {
10763		struct scsi_write_atomic_16 *cdb;
10764
10765		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10766
10767		*lba = scsi_8btou64(cdb->addr);
10768		*len = scsi_2btoul(cdb->length);
10769		break;
10770	}
10771	case WRITE_VERIFY_16: {
10772		struct scsi_write_verify_16 *cdb;
10773
10774		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10775
10776		*lba = scsi_8btou64(cdb->addr);
10777		*len = scsi_4btoul(cdb->length);
10778		break;
10779	}
10780	case WRITE_SAME_10: {
10781		struct scsi_write_same_10 *cdb;
10782
10783		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10784
10785		*lba = scsi_4btoul(cdb->addr);
10786		*len = scsi_2btoul(cdb->length);
10787		break;
10788	}
10789	case WRITE_SAME_16: {
10790		struct scsi_write_same_16 *cdb;
10791
10792		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10793
10794		*lba = scsi_8btou64(cdb->addr);
10795		*len = scsi_4btoul(cdb->length);
10796		break;
10797	}
10798	case VERIFY_10: {
10799		struct scsi_verify_10 *cdb;
10800
10801		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10802
10803		*lba = scsi_4btoul(cdb->addr);
10804		*len = scsi_2btoul(cdb->length);
10805		break;
10806	}
10807	case VERIFY_12: {
10808		struct scsi_verify_12 *cdb;
10809
10810		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10811
10812		*lba = scsi_4btoul(cdb->addr);
10813		*len = scsi_4btoul(cdb->length);
10814		break;
10815	}
10816	case VERIFY_16: {
10817		struct scsi_verify_16 *cdb;
10818
10819		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10820
10821		*lba = scsi_8btou64(cdb->addr);
10822		*len = scsi_4btoul(cdb->length);
10823		break;
10824	}
10825	case UNMAP: {
10826		*lba = 0;
10827		*len = UINT64_MAX;
10828		break;
10829	}
10830	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10831		struct scsi_get_lba_status *cdb;
10832
10833		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10834		*lba = scsi_8btou64(cdb->addr);
10835		*len = UINT32_MAX;
10836		break;
10837	}
10838	default:
10839		return (1);
10840		break; /* NOTREACHED */
10841	}
10842
10843	return (0);
10844}
10845
10846static ctl_action
10847ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10848    bool seq)
10849{
10850	uint64_t endlba1, endlba2;
10851
10852	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10853	endlba2 = lba2 + len2 - 1;
10854
10855	if ((endlba1 < lba2) || (endlba2 < lba1))
10856		return (CTL_ACTION_PASS);
10857	else
10858		return (CTL_ACTION_BLOCK);
10859}
10860
10861static int
10862ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10863{
10864	struct ctl_ptr_len_flags *ptrlen;
10865	struct scsi_unmap_desc *buf, *end, *range;
10866	uint64_t lba;
10867	uint32_t len;
10868
10869	/* If not UNMAP -- go other way. */
10870	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10871	    io->scsiio.cdb[0] != UNMAP)
10872		return (CTL_ACTION_ERROR);
10873
10874	/* If UNMAP without data -- block and wait for data. */
10875	ptrlen = (struct ctl_ptr_len_flags *)
10876	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10877	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10878	    ptrlen->ptr == NULL)
10879		return (CTL_ACTION_BLOCK);
10880
10881	/* UNMAP with data -- check for collision. */
10882	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10883	end = buf + ptrlen->len / sizeof(*buf);
10884	for (range = buf; range < end; range++) {
10885		lba = scsi_8btou64(range->lba);
10886		len = scsi_4btoul(range->length);
10887		if ((lba < lba2 + len2) && (lba + len > lba2))
10888			return (CTL_ACTION_BLOCK);
10889	}
10890	return (CTL_ACTION_PASS);
10891}
10892
10893static ctl_action
10894ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10895{
10896	uint64_t lba1, lba2;
10897	uint64_t len1, len2;
10898	int retval;
10899
10900	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10901		return (CTL_ACTION_ERROR);
10902
10903	retval = ctl_extent_check_unmap(io1, lba2, len2);
10904	if (retval != CTL_ACTION_ERROR)
10905		return (retval);
10906
10907	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10908		return (CTL_ACTION_ERROR);
10909
10910	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10911		seq = FALSE;
10912	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10913}
10914
10915static ctl_action
10916ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10917{
10918	uint64_t lba1, lba2;
10919	uint64_t len1, len2;
10920
10921	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10922		return (CTL_ACTION_PASS);
10923	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10924		return (CTL_ACTION_ERROR);
10925	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10926		return (CTL_ACTION_ERROR);
10927
10928	if (lba1 + len1 == lba2)
10929		return (CTL_ACTION_BLOCK);
10930	return (CTL_ACTION_PASS);
10931}
10932
10933static ctl_action
10934ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10935    union ctl_io *ooa_io)
10936{
10937	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10938	const ctl_serialize_action *serialize_row;
10939
10940	/*
10941	 * The initiator attempted multiple untagged commands at the same
10942	 * time.  Can't do that.
10943	 */
10944	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10945	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10946	 && ((pending_io->io_hdr.nexus.targ_port ==
10947	      ooa_io->io_hdr.nexus.targ_port)
10948	  && (pending_io->io_hdr.nexus.initid ==
10949	      ooa_io->io_hdr.nexus.initid))
10950	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10951	      CTL_FLAG_STATUS_SENT)) == 0))
10952		return (CTL_ACTION_OVERLAP);
10953
10954	/*
10955	 * The initiator attempted to send multiple tagged commands with
10956	 * the same ID.  (It's fine if different initiators have the same
10957	 * tag ID.)
10958	 *
10959	 * Even if all of those conditions are true, we don't kill the I/O
10960	 * if the command ahead of us has been aborted.  We won't end up
10961	 * sending it to the FETD, and it's perfectly legal to resend a
10962	 * command with the same tag number as long as the previous
10963	 * instance of this tag number has been aborted somehow.
10964	 */
10965	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10966	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10967	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10968	 && ((pending_io->io_hdr.nexus.targ_port ==
10969	      ooa_io->io_hdr.nexus.targ_port)
10970	  && (pending_io->io_hdr.nexus.initid ==
10971	      ooa_io->io_hdr.nexus.initid))
10972	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10973	      CTL_FLAG_STATUS_SENT)) == 0))
10974		return (CTL_ACTION_OVERLAP_TAG);
10975
10976	/*
10977	 * If we get a head of queue tag, SAM-3 says that we should
10978	 * immediately execute it.
10979	 *
10980	 * What happens if this command would normally block for some other
10981	 * reason?  e.g. a request sense with a head of queue tag
10982	 * immediately after a write.  Normally that would block, but this
10983	 * will result in its getting executed immediately...
10984	 *
10985	 * We currently return "pass" instead of "skip", so we'll end up
10986	 * going through the rest of the queue to check for overlapped tags.
10987	 *
10988	 * XXX KDM check for other types of blockage first??
10989	 */
10990	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10991		return (CTL_ACTION_PASS);
10992
10993	/*
10994	 * Ordered tags have to block until all items ahead of them
10995	 * have completed.  If we get called with an ordered tag, we always
10996	 * block, if something else is ahead of us in the queue.
10997	 */
10998	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10999		return (CTL_ACTION_BLOCK);
11000
11001	/*
11002	 * Simple tags get blocked until all head of queue and ordered tags
11003	 * ahead of them have completed.  I'm lumping untagged commands in
11004	 * with simple tags here.  XXX KDM is that the right thing to do?
11005	 */
11006	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11007	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
11008	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11009	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
11010		return (CTL_ACTION_BLOCK);
11011
11012	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
11013	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
11014
11015	serialize_row = ctl_serialize_table[ooa_entry->seridx];
11016
11017	switch (serialize_row[pending_entry->seridx]) {
11018	case CTL_SER_BLOCK:
11019		return (CTL_ACTION_BLOCK);
11020	case CTL_SER_EXTENT:
11021		return (ctl_extent_check(ooa_io, pending_io,
11022		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
11023	case CTL_SER_EXTENTOPT:
11024		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11025		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11026			return (ctl_extent_check(ooa_io, pending_io,
11027			    (lun->be_lun &&
11028			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
11029		return (CTL_ACTION_PASS);
11030	case CTL_SER_EXTENTSEQ:
11031		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
11032			return (ctl_extent_check_seq(ooa_io, pending_io));
11033		return (CTL_ACTION_PASS);
11034	case CTL_SER_PASS:
11035		return (CTL_ACTION_PASS);
11036	case CTL_SER_BLOCKOPT:
11037		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11038		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11039			return (CTL_ACTION_BLOCK);
11040		return (CTL_ACTION_PASS);
11041	case CTL_SER_SKIP:
11042		return (CTL_ACTION_SKIP);
11043	default:
11044		panic("%s: Invalid serialization value %d for %d => %d",
11045		    __func__, serialize_row[pending_entry->seridx],
11046		    pending_entry->seridx, ooa_entry->seridx);
11047	}
11048
11049	return (CTL_ACTION_ERROR);
11050}
11051
11052/*
11053 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
11054 * Assumptions:
11055 * - pending_io is generally either incoming, or on the blocked queue
11056 * - starting I/O is the I/O we want to start the check with.
11057 */
11058static ctl_action
11059ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
11060	      union ctl_io *starting_io)
11061{
11062	union ctl_io *ooa_io;
11063	ctl_action action;
11064
11065	mtx_assert(&lun->lun_lock, MA_OWNED);
11066
11067	/*
11068	 * Run back along the OOA queue, starting with the current
11069	 * blocked I/O and going through every I/O before it on the
11070	 * queue.  If starting_io is NULL, we'll just end up returning
11071	 * CTL_ACTION_PASS.
11072	 */
11073	for (ooa_io = starting_io; ooa_io != NULL;
11074	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11075	     ooa_links)){
11076
11077		/*
11078		 * This routine just checks to see whether
11079		 * cur_blocked is blocked by ooa_io, which is ahead
11080		 * of it in the queue.  It doesn't queue/dequeue
11081		 * cur_blocked.
11082		 */
11083		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11084		switch (action) {
11085		case CTL_ACTION_BLOCK:
11086		case CTL_ACTION_OVERLAP:
11087		case CTL_ACTION_OVERLAP_TAG:
11088		case CTL_ACTION_SKIP:
11089		case CTL_ACTION_ERROR:
11090			return (action);
11091			break; /* NOTREACHED */
11092		case CTL_ACTION_PASS:
11093			break;
11094		default:
11095			panic("%s: Invalid action %d\n", __func__, action);
11096		}
11097	}
11098
11099	return (CTL_ACTION_PASS);
11100}
11101
11102/*
11103 * Assumptions:
11104 * - An I/O has just completed, and has been removed from the per-LUN OOA
11105 *   queue, so some items on the blocked queue may now be unblocked.
11106 */
11107static int
11108ctl_check_blocked(struct ctl_lun *lun)
11109{
11110	struct ctl_softc *softc = lun->ctl_softc;
11111	union ctl_io *cur_blocked, *next_blocked;
11112
11113	mtx_assert(&lun->lun_lock, MA_OWNED);
11114
11115	/*
11116	 * Run forward from the head of the blocked queue, checking each
11117	 * entry against the I/Os prior to it on the OOA queue to see if
11118	 * there is still any blockage.
11119	 *
11120	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11121	 * with our removing a variable on it while it is traversing the
11122	 * list.
11123	 */
11124	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11125	     cur_blocked != NULL; cur_blocked = next_blocked) {
11126		union ctl_io *prev_ooa;
11127		ctl_action action;
11128
11129		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11130							  blocked_links);
11131
11132		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11133						      ctl_ooaq, ooa_links);
11134
11135		/*
11136		 * If cur_blocked happens to be the first item in the OOA
11137		 * queue now, prev_ooa will be NULL, and the action
11138		 * returned will just be CTL_ACTION_PASS.
11139		 */
11140		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11141
11142		switch (action) {
11143		case CTL_ACTION_BLOCK:
11144			/* Nothing to do here, still blocked */
11145			break;
11146		case CTL_ACTION_OVERLAP:
11147		case CTL_ACTION_OVERLAP_TAG:
11148			/*
11149			 * This shouldn't happen!  In theory we've already
11150			 * checked this command for overlap...
11151			 */
11152			break;
11153		case CTL_ACTION_PASS:
11154		case CTL_ACTION_SKIP: {
11155			const struct ctl_cmd_entry *entry;
11156
11157			/*
11158			 * The skip case shouldn't happen, this transaction
11159			 * should have never made it onto the blocked queue.
11160			 */
11161			/*
11162			 * This I/O is no longer blocked, we can remove it
11163			 * from the blocked queue.  Since this is a TAILQ
11164			 * (doubly linked list), we can do O(1) removals
11165			 * from any place on the list.
11166			 */
11167			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11168				     blocked_links);
11169			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11170
11171			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11172			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11173				/*
11174				 * Need to send IO back to original side to
11175				 * run
11176				 */
11177				union ctl_ha_msg msg_info;
11178
11179				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11180				msg_info.hdr.original_sc =
11181					cur_blocked->io_hdr.original_sc;
11182				msg_info.hdr.serializing_sc = cur_blocked;
11183				msg_info.hdr.msg_type = CTL_MSG_R2R;
11184				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11185				    sizeof(msg_info.hdr), M_NOWAIT);
11186				break;
11187			}
11188			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11189
11190			/*
11191			 * Check this I/O for LUN state changes that may
11192			 * have happened while this command was blocked.
11193			 * The LUN state may have been changed by a command
11194			 * ahead of us in the queue, so we need to re-check
11195			 * for any states that can be caused by SCSI
11196			 * commands.
11197			 */
11198			if (ctl_scsiio_lun_check(lun, entry,
11199						 &cur_blocked->scsiio) == 0) {
11200				cur_blocked->io_hdr.flags |=
11201				                      CTL_FLAG_IS_WAS_ON_RTR;
11202				ctl_enqueue_rtr(cur_blocked);
11203			} else
11204				ctl_done(cur_blocked);
11205			break;
11206		}
11207		default:
11208			/*
11209			 * This probably shouldn't happen -- we shouldn't
11210			 * get CTL_ACTION_ERROR, or anything else.
11211			 */
11212			break;
11213		}
11214	}
11215
11216	return (CTL_RETVAL_COMPLETE);
11217}
11218
11219/*
11220 * This routine (with one exception) checks LUN flags that can be set by
11221 * commands ahead of us in the OOA queue.  These flags have to be checked
11222 * when a command initially comes in, and when we pull a command off the
11223 * blocked queue and are preparing to execute it.  The reason we have to
11224 * check these flags for commands on the blocked queue is that the LUN
11225 * state may have been changed by a command ahead of us while we're on the
11226 * blocked queue.
11227 *
11228 * Ordering is somewhat important with these checks, so please pay
11229 * careful attention to the placement of any new checks.
11230 */
11231static int
11232ctl_scsiio_lun_check(struct ctl_lun *lun,
11233    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11234{
11235	struct ctl_softc *softc = lun->ctl_softc;
11236	int retval;
11237	uint32_t residx;
11238
11239	retval = 0;
11240
11241	mtx_assert(&lun->lun_lock, MA_OWNED);
11242
11243	/*
11244	 * If this shelf is a secondary shelf controller, we may have to
11245	 * reject some commands disallowed by HA mode and link state.
11246	 */
11247	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11248		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11249		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11250			ctl_set_lun_unavail(ctsio);
11251			retval = 1;
11252			goto bailout;
11253		}
11254		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11255		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11256			ctl_set_lun_transit(ctsio);
11257			retval = 1;
11258			goto bailout;
11259		}
11260		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11261		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11262			ctl_set_lun_standby(ctsio);
11263			retval = 1;
11264			goto bailout;
11265		}
11266
11267		/* The rest of checks are only done on executing side */
11268		if (softc->ha_mode == CTL_HA_MODE_XFER)
11269			goto bailout;
11270	}
11271
11272	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11273		if (lun->be_lun &&
11274		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11275			ctl_set_hw_write_protected(ctsio);
11276			retval = 1;
11277			goto bailout;
11278		}
11279		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11280		    .eca_and_aen & SCP_SWP) != 0) {
11281			ctl_set_sense(ctsio, /*current_error*/ 1,
11282			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11283			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11284			retval = 1;
11285			goto bailout;
11286		}
11287	}
11288
11289	/*
11290	 * Check for a reservation conflict.  If this command isn't allowed
11291	 * even on reserved LUNs, and if this initiator isn't the one who
11292	 * reserved us, reject the command with a reservation conflict.
11293	 */
11294	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11295	if ((lun->flags & CTL_LUN_RESERVED)
11296	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11297		if (lun->res_idx != residx) {
11298			ctl_set_reservation_conflict(ctsio);
11299			retval = 1;
11300			goto bailout;
11301		}
11302	}
11303
11304	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11305	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11306		/* No reservation or command is allowed. */;
11307	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11308	    (lun->pr_res_type == SPR_TYPE_WR_EX ||
11309	     lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
11310	     lun->pr_res_type == SPR_TYPE_WR_EX_AR)) {
11311		/* The command is allowed for Write Exclusive resv. */;
11312	} else {
11313		/*
11314		 * if we aren't registered or it's a res holder type
11315		 * reservation and this isn't the res holder then set a
11316		 * conflict.
11317		 */
11318		if (ctl_get_prkey(lun, residx) == 0 ||
11319		    (residx != lun->pr_res_idx && lun->pr_res_type < 4)) {
11320			ctl_set_reservation_conflict(ctsio);
11321			retval = 1;
11322			goto bailout;
11323		}
11324	}
11325
11326	if ((entry->flags & CTL_CMD_FLAG_OK_ON_NO_MEDIA) == 0) {
11327		if (lun->flags & CTL_LUN_EJECTED)
11328			ctl_set_lun_ejected(ctsio);
11329		else if (lun->flags & CTL_LUN_NO_MEDIA) {
11330			if (lun->flags & CTL_LUN_REMOVABLE)
11331				ctl_set_lun_no_media(ctsio);
11332			else
11333				ctl_set_lun_int_reqd(ctsio);
11334		} else if (lun->flags & CTL_LUN_STOPPED)
11335			ctl_set_lun_stopped(ctsio);
11336		else
11337			goto bailout;
11338		retval = 1;
11339		goto bailout;
11340	}
11341
11342bailout:
11343	return (retval);
11344}
11345
11346static void
11347ctl_failover_io(union ctl_io *io, int have_lock)
11348{
11349	ctl_set_busy(&io->scsiio);
11350	ctl_done(io);
11351}
11352
11353static void
11354ctl_failover_lun(union ctl_io *rio)
11355{
11356	struct ctl_softc *softc = control_softc;
11357	struct ctl_lun *lun;
11358	struct ctl_io_hdr *io, *next_io;
11359	uint32_t targ_lun;
11360
11361	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
11362	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
11363
11364	/* Find and lock the LUN. */
11365	mtx_lock(&softc->ctl_lock);
11366	if ((targ_lun < CTL_MAX_LUNS) &&
11367	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11368		mtx_lock(&lun->lun_lock);
11369		mtx_unlock(&softc->ctl_lock);
11370		if (lun->flags & CTL_LUN_DISABLED) {
11371			mtx_unlock(&lun->lun_lock);
11372			return;
11373		}
11374	} else {
11375		mtx_unlock(&softc->ctl_lock);
11376		return;
11377	}
11378
11379	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11380		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11381			/* We are master */
11382			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11383				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11384					io->flags |= CTL_FLAG_ABORT;
11385					io->flags |= CTL_FLAG_FAILOVER;
11386				} else { /* This can be only due to DATAMOVE */
11387					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11388					io->flags &= ~CTL_FLAG_DMA_INPROG;
11389					io->flags |= CTL_FLAG_IO_ACTIVE;
11390					io->port_status = 31340;
11391					ctl_enqueue_isc((union ctl_io *)io);
11392				}
11393			}
11394			/* We are slave */
11395			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11396				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11397				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11398					io->flags |= CTL_FLAG_FAILOVER;
11399				} else {
11400					ctl_set_busy(&((union ctl_io *)io)->
11401					    scsiio);
11402					ctl_done((union ctl_io *)io);
11403				}
11404			}
11405		}
11406	} else { /* SERIALIZE modes */
11407		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11408		    next_io) {
11409			/* We are master */
11410			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11411				TAILQ_REMOVE(&lun->blocked_queue, io,
11412				    blocked_links);
11413				io->flags &= ~CTL_FLAG_BLOCKED;
11414				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11415				ctl_free_io((union ctl_io *)io);
11416			}
11417		}
11418		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11419			/* We are master */
11420			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11421				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11422				ctl_free_io((union ctl_io *)io);
11423			}
11424			/* We are slave */
11425			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11426				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11427				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11428					ctl_set_busy(&((union ctl_io *)io)->
11429					    scsiio);
11430					ctl_done((union ctl_io *)io);
11431				}
11432			}
11433		}
11434		ctl_check_blocked(lun);
11435	}
11436	mtx_unlock(&lun->lun_lock);
11437}
11438
11439static int
11440ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11441{
11442	struct ctl_lun *lun;
11443	const struct ctl_cmd_entry *entry;
11444	uint32_t initidx, targ_lun;
11445	int retval;
11446
11447	retval = 0;
11448
11449	lun = NULL;
11450
11451	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11452	if ((targ_lun < CTL_MAX_LUNS)
11453	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11454		/*
11455		 * If the LUN is invalid, pretend that it doesn't exist.
11456		 * It will go away as soon as all pending I/O has been
11457		 * completed.
11458		 */
11459		mtx_lock(&lun->lun_lock);
11460		if (lun->flags & CTL_LUN_DISABLED) {
11461			mtx_unlock(&lun->lun_lock);
11462			lun = NULL;
11463			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11464			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11465		} else {
11466			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11467			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11468				lun->be_lun;
11469
11470			/*
11471			 * Every I/O goes into the OOA queue for a
11472			 * particular LUN, and stays there until completion.
11473			 */
11474#ifdef CTL_TIME_IO
11475			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11476				lun->idle_time += getsbinuptime() -
11477				    lun->last_busy;
11478			}
11479#endif
11480			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11481			    ooa_links);
11482		}
11483	} else {
11484		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11485		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11486	}
11487
11488	/* Get command entry and return error if it is unsuppotyed. */
11489	entry = ctl_validate_command(ctsio);
11490	if (entry == NULL) {
11491		if (lun)
11492			mtx_unlock(&lun->lun_lock);
11493		return (retval);
11494	}
11495
11496	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11497	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11498
11499	/*
11500	 * Check to see whether we can send this command to LUNs that don't
11501	 * exist.  This should pretty much only be the case for inquiry
11502	 * and request sense.  Further checks, below, really require having
11503	 * a LUN, so we can't really check the command anymore.  Just put
11504	 * it on the rtr queue.
11505	 */
11506	if (lun == NULL) {
11507		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11508			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11509			ctl_enqueue_rtr((union ctl_io *)ctsio);
11510			return (retval);
11511		}
11512
11513		ctl_set_unsupported_lun(ctsio);
11514		ctl_done((union ctl_io *)ctsio);
11515		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11516		return (retval);
11517	} else {
11518		/*
11519		 * Make sure we support this particular command on this LUN.
11520		 * e.g., we don't support writes to the control LUN.
11521		 */
11522		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11523			mtx_unlock(&lun->lun_lock);
11524			ctl_set_invalid_opcode(ctsio);
11525			ctl_done((union ctl_io *)ctsio);
11526			return (retval);
11527		}
11528	}
11529
11530	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11531
11532#ifdef CTL_WITH_CA
11533	/*
11534	 * If we've got a request sense, it'll clear the contingent
11535	 * allegiance condition.  Otherwise, if we have a CA condition for
11536	 * this initiator, clear it, because it sent down a command other
11537	 * than request sense.
11538	 */
11539	if ((ctsio->cdb[0] != REQUEST_SENSE)
11540	 && (ctl_is_set(lun->have_ca, initidx)))
11541		ctl_clear_mask(lun->have_ca, initidx);
11542#endif
11543
11544	/*
11545	 * If the command has this flag set, it handles its own unit
11546	 * attention reporting, we shouldn't do anything.  Otherwise we
11547	 * check for any pending unit attentions, and send them back to the
11548	 * initiator.  We only do this when a command initially comes in,
11549	 * not when we pull it off the blocked queue.
11550	 *
11551	 * According to SAM-3, section 5.3.2, the order that things get
11552	 * presented back to the host is basically unit attentions caused
11553	 * by some sort of reset event, busy status, reservation conflicts
11554	 * or task set full, and finally any other status.
11555	 *
11556	 * One issue here is that some of the unit attentions we report
11557	 * don't fall into the "reset" category (e.g. "reported luns data
11558	 * has changed").  So reporting it here, before the reservation
11559	 * check, may be technically wrong.  I guess the only thing to do
11560	 * would be to check for and report the reset events here, and then
11561	 * check for the other unit attention types after we check for a
11562	 * reservation conflict.
11563	 *
11564	 * XXX KDM need to fix this
11565	 */
11566	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11567		ctl_ua_type ua_type;
11568
11569		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11570		    SSD_TYPE_NONE);
11571		if (ua_type != CTL_UA_NONE) {
11572			mtx_unlock(&lun->lun_lock);
11573			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11574			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11575			ctsio->sense_len = SSD_FULL_SIZE;
11576			ctl_done((union ctl_io *)ctsio);
11577			return (retval);
11578		}
11579	}
11580
11581
11582	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11583		mtx_unlock(&lun->lun_lock);
11584		ctl_done((union ctl_io *)ctsio);
11585		return (retval);
11586	}
11587
11588	/*
11589	 * XXX CHD this is where we want to send IO to other side if
11590	 * this LUN is secondary on this SC. We will need to make a copy
11591	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11592	 * the copy we send as FROM_OTHER.
11593	 * We also need to stuff the address of the original IO so we can
11594	 * find it easily. Something similar will need be done on the other
11595	 * side so when we are done we can find the copy.
11596	 */
11597	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11598	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11599	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11600		union ctl_ha_msg msg_info;
11601		int isc_retval;
11602
11603		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11604		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11605		mtx_unlock(&lun->lun_lock);
11606
11607		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11608		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11609		msg_info.hdr.serializing_sc = NULL;
11610		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11611		msg_info.scsi.tag_num = ctsio->tag_num;
11612		msg_info.scsi.tag_type = ctsio->tag_type;
11613		msg_info.scsi.cdb_len = ctsio->cdb_len;
11614		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11615
11616		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11617		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11618		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11619			ctl_set_busy(ctsio);
11620			ctl_done((union ctl_io *)ctsio);
11621			return (retval);
11622		}
11623		return (retval);
11624	}
11625
11626	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11627			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11628			      ctl_ooaq, ooa_links))) {
11629	case CTL_ACTION_BLOCK:
11630		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11631		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11632				  blocked_links);
11633		mtx_unlock(&lun->lun_lock);
11634		return (retval);
11635	case CTL_ACTION_PASS:
11636	case CTL_ACTION_SKIP:
11637		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11638		mtx_unlock(&lun->lun_lock);
11639		ctl_enqueue_rtr((union ctl_io *)ctsio);
11640		break;
11641	case CTL_ACTION_OVERLAP:
11642		mtx_unlock(&lun->lun_lock);
11643		ctl_set_overlapped_cmd(ctsio);
11644		ctl_done((union ctl_io *)ctsio);
11645		break;
11646	case CTL_ACTION_OVERLAP_TAG:
11647		mtx_unlock(&lun->lun_lock);
11648		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11649		ctl_done((union ctl_io *)ctsio);
11650		break;
11651	case CTL_ACTION_ERROR:
11652	default:
11653		mtx_unlock(&lun->lun_lock);
11654		ctl_set_internal_failure(ctsio,
11655					 /*sks_valid*/ 0,
11656					 /*retry_count*/ 0);
11657		ctl_done((union ctl_io *)ctsio);
11658		break;
11659	}
11660	return (retval);
11661}
11662
11663const struct ctl_cmd_entry *
11664ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11665{
11666	const struct ctl_cmd_entry *entry;
11667	int service_action;
11668
11669	entry = &ctl_cmd_table[ctsio->cdb[0]];
11670	if (sa)
11671		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11672	if (entry->flags & CTL_CMD_FLAG_SA5) {
11673		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11674		entry = &((const struct ctl_cmd_entry *)
11675		    entry->execute)[service_action];
11676	}
11677	return (entry);
11678}
11679
11680const struct ctl_cmd_entry *
11681ctl_validate_command(struct ctl_scsiio *ctsio)
11682{
11683	const struct ctl_cmd_entry *entry;
11684	int i, sa;
11685	uint8_t diff;
11686
11687	entry = ctl_get_cmd_entry(ctsio, &sa);
11688	if (entry->execute == NULL) {
11689		if (sa)
11690			ctl_set_invalid_field(ctsio,
11691					      /*sks_valid*/ 1,
11692					      /*command*/ 1,
11693					      /*field*/ 1,
11694					      /*bit_valid*/ 1,
11695					      /*bit*/ 4);
11696		else
11697			ctl_set_invalid_opcode(ctsio);
11698		ctl_done((union ctl_io *)ctsio);
11699		return (NULL);
11700	}
11701	KASSERT(entry->length > 0,
11702	    ("Not defined length for command 0x%02x/0x%02x",
11703	     ctsio->cdb[0], ctsio->cdb[1]));
11704	for (i = 1; i < entry->length; i++) {
11705		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11706		if (diff == 0)
11707			continue;
11708		ctl_set_invalid_field(ctsio,
11709				      /*sks_valid*/ 1,
11710				      /*command*/ 1,
11711				      /*field*/ i,
11712				      /*bit_valid*/ 1,
11713				      /*bit*/ fls(diff) - 1);
11714		ctl_done((union ctl_io *)ctsio);
11715		return (NULL);
11716	}
11717	return (entry);
11718}
11719
11720static int
11721ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11722{
11723
11724	switch (lun_type) {
11725	case T_DIRECT:
11726		if ((entry->flags & CTL_CMD_FLAG_OK_ON_DIRECT) == 0)
11727			return (0);
11728		break;
11729	case T_PROCESSOR:
11730		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11731			return (0);
11732		break;
11733	case T_CDROM:
11734		if ((entry->flags & CTL_CMD_FLAG_OK_ON_CDROM) == 0)
11735			return (0);
11736		break;
11737	default:
11738		return (0);
11739	}
11740	return (1);
11741}
11742
11743static int
11744ctl_scsiio(struct ctl_scsiio *ctsio)
11745{
11746	int retval;
11747	const struct ctl_cmd_entry *entry;
11748
11749	retval = CTL_RETVAL_COMPLETE;
11750
11751	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11752
11753	entry = ctl_get_cmd_entry(ctsio, NULL);
11754
11755	/*
11756	 * If this I/O has been aborted, just send it straight to
11757	 * ctl_done() without executing it.
11758	 */
11759	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11760		ctl_done((union ctl_io *)ctsio);
11761		goto bailout;
11762	}
11763
11764	/*
11765	 * All the checks should have been handled by ctl_scsiio_precheck().
11766	 * We should be clear now to just execute the I/O.
11767	 */
11768	retval = entry->execute(ctsio);
11769
11770bailout:
11771	return (retval);
11772}
11773
11774/*
11775 * Since we only implement one target right now, a bus reset simply resets
11776 * our single target.
11777 */
11778static int
11779ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11780{
11781	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11782}
11783
11784static int
11785ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11786		 ctl_ua_type ua_type)
11787{
11788	struct ctl_port *port;
11789	struct ctl_lun *lun;
11790	int retval;
11791
11792	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11793		union ctl_ha_msg msg_info;
11794
11795		msg_info.hdr.nexus = io->io_hdr.nexus;
11796		if (ua_type==CTL_UA_TARG_RESET)
11797			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11798		else
11799			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11800		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11801		msg_info.hdr.original_sc = NULL;
11802		msg_info.hdr.serializing_sc = NULL;
11803		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11804		    sizeof(msg_info.task), M_WAITOK);
11805	}
11806	retval = 0;
11807
11808	mtx_lock(&softc->ctl_lock);
11809	port = ctl_io_port(&io->io_hdr);
11810	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11811		if (port != NULL &&
11812		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11813			continue;
11814		retval += ctl_do_lun_reset(lun, io, ua_type);
11815	}
11816	mtx_unlock(&softc->ctl_lock);
11817	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11818	return (retval);
11819}
11820
11821/*
11822 * The LUN should always be set.  The I/O is optional, and is used to
11823 * distinguish between I/Os sent by this initiator, and by other
11824 * initiators.  We set unit attention for initiators other than this one.
11825 * SAM-3 is vague on this point.  It does say that a unit attention should
11826 * be established for other initiators when a LUN is reset (see section
11827 * 5.7.3), but it doesn't specifically say that the unit attention should
11828 * be established for this particular initiator when a LUN is reset.  Here
11829 * is the relevant text, from SAM-3 rev 8:
11830 *
11831 * 5.7.2 When a SCSI initiator port aborts its own tasks
11832 *
11833 * When a SCSI initiator port causes its own task(s) to be aborted, no
11834 * notification that the task(s) have been aborted shall be returned to
11835 * the SCSI initiator port other than the completion response for the
11836 * command or task management function action that caused the task(s) to
11837 * be aborted and notification(s) associated with related effects of the
11838 * action (e.g., a reset unit attention condition).
11839 *
11840 * XXX KDM for now, we're setting unit attention for all initiators.
11841 */
11842static int
11843ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11844{
11845	union ctl_io *xio;
11846#if 0
11847	uint32_t initidx;
11848#endif
11849	int i;
11850
11851	mtx_lock(&lun->lun_lock);
11852	/*
11853	 * Run through the OOA queue and abort each I/O.
11854	 */
11855	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11856	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11857		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11858	}
11859
11860	/*
11861	 * This version sets unit attention for every
11862	 */
11863#if 0
11864	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11865	ctl_est_ua_all(lun, initidx, ua_type);
11866#else
11867	ctl_est_ua_all(lun, -1, ua_type);
11868#endif
11869
11870	/*
11871	 * A reset (any kind, really) clears reservations established with
11872	 * RESERVE/RELEASE.  It does not clear reservations established
11873	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11874	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11875	 * reservations made with the RESERVE/RELEASE commands, because
11876	 * those commands are obsolete in SPC-3.
11877	 */
11878	lun->flags &= ~CTL_LUN_RESERVED;
11879
11880#ifdef CTL_WITH_CA
11881	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11882		ctl_clear_mask(lun->have_ca, i);
11883#endif
11884	lun->prevent_count = 0;
11885	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11886		ctl_clear_mask(lun->prevent, i);
11887	mtx_unlock(&lun->lun_lock);
11888
11889	return (0);
11890}
11891
11892static int
11893ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11894{
11895	struct ctl_lun *lun;
11896	uint32_t targ_lun;
11897	int retval;
11898
11899	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11900	mtx_lock(&softc->ctl_lock);
11901	if ((targ_lun >= CTL_MAX_LUNS) ||
11902	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11903		mtx_unlock(&softc->ctl_lock);
11904		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11905		return (1);
11906	}
11907	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11908	mtx_unlock(&softc->ctl_lock);
11909	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11910
11911	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11912		union ctl_ha_msg msg_info;
11913
11914		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11915		msg_info.hdr.nexus = io->io_hdr.nexus;
11916		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11917		msg_info.hdr.original_sc = NULL;
11918		msg_info.hdr.serializing_sc = NULL;
11919		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11920		    sizeof(msg_info.task), M_WAITOK);
11921	}
11922	return (retval);
11923}
11924
11925static void
11926ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11927    int other_sc)
11928{
11929	union ctl_io *xio;
11930
11931	mtx_assert(&lun->lun_lock, MA_OWNED);
11932
11933	/*
11934	 * Run through the OOA queue and attempt to find the given I/O.
11935	 * The target port, initiator ID, tag type and tag number have to
11936	 * match the values that we got from the initiator.  If we have an
11937	 * untagged command to abort, simply abort the first untagged command
11938	 * we come to.  We only allow one untagged command at a time of course.
11939	 */
11940	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11941	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11942
11943		if ((targ_port == UINT32_MAX ||
11944		     targ_port == xio->io_hdr.nexus.targ_port) &&
11945		    (init_id == UINT32_MAX ||
11946		     init_id == xio->io_hdr.nexus.initid)) {
11947			if (targ_port != xio->io_hdr.nexus.targ_port ||
11948			    init_id != xio->io_hdr.nexus.initid)
11949				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11950			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11951			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11952				union ctl_ha_msg msg_info;
11953
11954				msg_info.hdr.nexus = xio->io_hdr.nexus;
11955				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11956				msg_info.task.tag_num = xio->scsiio.tag_num;
11957				msg_info.task.tag_type = xio->scsiio.tag_type;
11958				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11959				msg_info.hdr.original_sc = NULL;
11960				msg_info.hdr.serializing_sc = NULL;
11961				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11962				    sizeof(msg_info.task), M_NOWAIT);
11963			}
11964		}
11965	}
11966}
11967
11968static int
11969ctl_abort_task_set(union ctl_io *io)
11970{
11971	struct ctl_softc *softc = control_softc;
11972	struct ctl_lun *lun;
11973	uint32_t targ_lun;
11974
11975	/*
11976	 * Look up the LUN.
11977	 */
11978	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11979	mtx_lock(&softc->ctl_lock);
11980	if ((targ_lun >= CTL_MAX_LUNS) ||
11981	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11982		mtx_unlock(&softc->ctl_lock);
11983		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11984		return (1);
11985	}
11986
11987	mtx_lock(&lun->lun_lock);
11988	mtx_unlock(&softc->ctl_lock);
11989	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11990		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11991		    io->io_hdr.nexus.initid,
11992		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11993	} else { /* CTL_TASK_CLEAR_TASK_SET */
11994		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11995		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11996	}
11997	mtx_unlock(&lun->lun_lock);
11998	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11999	return (0);
12000}
12001
12002static int
12003ctl_i_t_nexus_reset(union ctl_io *io)
12004{
12005	struct ctl_softc *softc = control_softc;
12006	struct ctl_lun *lun;
12007	uint32_t initidx;
12008
12009	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12010		union ctl_ha_msg msg_info;
12011
12012		msg_info.hdr.nexus = io->io_hdr.nexus;
12013		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
12014		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12015		msg_info.hdr.original_sc = NULL;
12016		msg_info.hdr.serializing_sc = NULL;
12017		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12018		    sizeof(msg_info.task), M_WAITOK);
12019	}
12020
12021	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12022	mtx_lock(&softc->ctl_lock);
12023	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12024		mtx_lock(&lun->lun_lock);
12025		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12026		    io->io_hdr.nexus.initid, 1);
12027#ifdef CTL_WITH_CA
12028		ctl_clear_mask(lun->have_ca, initidx);
12029#endif
12030		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
12031			lun->flags &= ~CTL_LUN_RESERVED;
12032		if (ctl_is_set(lun->prevent, initidx)) {
12033			ctl_clear_mask(lun->prevent, initidx);
12034			lun->prevent_count--;
12035		}
12036		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
12037		mtx_unlock(&lun->lun_lock);
12038	}
12039	mtx_unlock(&softc->ctl_lock);
12040	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12041	return (0);
12042}
12043
12044static int
12045ctl_abort_task(union ctl_io *io)
12046{
12047	union ctl_io *xio;
12048	struct ctl_lun *lun;
12049	struct ctl_softc *softc;
12050#if 0
12051	struct sbuf sb;
12052	char printbuf[128];
12053#endif
12054	int found;
12055	uint32_t targ_lun;
12056
12057	softc = control_softc;
12058	found = 0;
12059
12060	/*
12061	 * Look up the LUN.
12062	 */
12063	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12064	mtx_lock(&softc->ctl_lock);
12065	if ((targ_lun >= CTL_MAX_LUNS) ||
12066	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12067		mtx_unlock(&softc->ctl_lock);
12068		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12069		return (1);
12070	}
12071
12072#if 0
12073	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12074	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12075#endif
12076
12077	mtx_lock(&lun->lun_lock);
12078	mtx_unlock(&softc->ctl_lock);
12079	/*
12080	 * Run through the OOA queue and attempt to find the given I/O.
12081	 * The target port, initiator ID, tag type and tag number have to
12082	 * match the values that we got from the initiator.  If we have an
12083	 * untagged command to abort, simply abort the first untagged command
12084	 * we come to.  We only allow one untagged command at a time of course.
12085	 */
12086	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12087	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12088#if 0
12089		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12090
12091		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12092			    lun->lun, xio->scsiio.tag_num,
12093			    xio->scsiio.tag_type,
12094			    (xio->io_hdr.blocked_links.tqe_prev
12095			    == NULL) ? "" : " BLOCKED",
12096			    (xio->io_hdr.flags &
12097			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12098			    (xio->io_hdr.flags &
12099			    CTL_FLAG_ABORT) ? " ABORT" : "",
12100			    (xio->io_hdr.flags &
12101			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12102		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12103		sbuf_finish(&sb);
12104		printf("%s\n", sbuf_data(&sb));
12105#endif
12106
12107		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12108		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12109		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12110			continue;
12111
12112		/*
12113		 * If the abort says that the task is untagged, the
12114		 * task in the queue must be untagged.  Otherwise,
12115		 * we just check to see whether the tag numbers
12116		 * match.  This is because the QLogic firmware
12117		 * doesn't pass back the tag type in an abort
12118		 * request.
12119		 */
12120#if 0
12121		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12122		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12123		 || (xio->scsiio.tag_num == io->taskio.tag_num))
12124#endif
12125		/*
12126		 * XXX KDM we've got problems with FC, because it
12127		 * doesn't send down a tag type with aborts.  So we
12128		 * can only really go by the tag number...
12129		 * This may cause problems with parallel SCSI.
12130		 * Need to figure that out!!
12131		 */
12132		if (xio->scsiio.tag_num == io->taskio.tag_num) {
12133			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12134			found = 1;
12135			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
12136			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12137				union ctl_ha_msg msg_info;
12138
12139				msg_info.hdr.nexus = io->io_hdr.nexus;
12140				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12141				msg_info.task.tag_num = io->taskio.tag_num;
12142				msg_info.task.tag_type = io->taskio.tag_type;
12143				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12144				msg_info.hdr.original_sc = NULL;
12145				msg_info.hdr.serializing_sc = NULL;
12146#if 0
12147				printf("Sent Abort to other side\n");
12148#endif
12149				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12150				    sizeof(msg_info.task), M_NOWAIT);
12151			}
12152#if 0
12153			printf("ctl_abort_task: found I/O to abort\n");
12154#endif
12155		}
12156	}
12157	mtx_unlock(&lun->lun_lock);
12158
12159	if (found == 0) {
12160		/*
12161		 * This isn't really an error.  It's entirely possible for
12162		 * the abort and command completion to cross on the wire.
12163		 * This is more of an informative/diagnostic error.
12164		 */
12165#if 0
12166		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12167		       "%u:%u:%u tag %d type %d\n",
12168		       io->io_hdr.nexus.initid,
12169		       io->io_hdr.nexus.targ_port,
12170		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12171		       io->taskio.tag_type);
12172#endif
12173	}
12174	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12175	return (0);
12176}
12177
12178static int
12179ctl_query_task(union ctl_io *io, int task_set)
12180{
12181	union ctl_io *xio;
12182	struct ctl_lun *lun;
12183	struct ctl_softc *softc;
12184	int found = 0;
12185	uint32_t targ_lun;
12186
12187	softc = control_softc;
12188	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12189	mtx_lock(&softc->ctl_lock);
12190	if ((targ_lun >= CTL_MAX_LUNS) ||
12191	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12192		mtx_unlock(&softc->ctl_lock);
12193		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12194		return (1);
12195	}
12196	mtx_lock(&lun->lun_lock);
12197	mtx_unlock(&softc->ctl_lock);
12198	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12199	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12200
12201		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12202		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12203		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12204			continue;
12205
12206		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12207			found = 1;
12208			break;
12209		}
12210	}
12211	mtx_unlock(&lun->lun_lock);
12212	if (found)
12213		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12214	else
12215		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12216	return (0);
12217}
12218
12219static int
12220ctl_query_async_event(union ctl_io *io)
12221{
12222	struct ctl_lun *lun;
12223	struct ctl_softc *softc;
12224	ctl_ua_type ua;
12225	uint32_t targ_lun, initidx;
12226
12227	softc = control_softc;
12228	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12229	mtx_lock(&softc->ctl_lock);
12230	if ((targ_lun >= CTL_MAX_LUNS) ||
12231	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12232		mtx_unlock(&softc->ctl_lock);
12233		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12234		return (1);
12235	}
12236	mtx_lock(&lun->lun_lock);
12237	mtx_unlock(&softc->ctl_lock);
12238	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12239	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12240	mtx_unlock(&lun->lun_lock);
12241	if (ua != CTL_UA_NONE)
12242		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12243	else
12244		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12245	return (0);
12246}
12247
12248static void
12249ctl_run_task(union ctl_io *io)
12250{
12251	struct ctl_softc *softc = control_softc;
12252	int retval = 1;
12253
12254	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12255	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12256	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12257	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12258	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12259	switch (io->taskio.task_action) {
12260	case CTL_TASK_ABORT_TASK:
12261		retval = ctl_abort_task(io);
12262		break;
12263	case CTL_TASK_ABORT_TASK_SET:
12264	case CTL_TASK_CLEAR_TASK_SET:
12265		retval = ctl_abort_task_set(io);
12266		break;
12267	case CTL_TASK_CLEAR_ACA:
12268		break;
12269	case CTL_TASK_I_T_NEXUS_RESET:
12270		retval = ctl_i_t_nexus_reset(io);
12271		break;
12272	case CTL_TASK_LUN_RESET:
12273		retval = ctl_lun_reset(softc, io);
12274		break;
12275	case CTL_TASK_TARGET_RESET:
12276		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12277		break;
12278	case CTL_TASK_BUS_RESET:
12279		retval = ctl_bus_reset(softc, io);
12280		break;
12281	case CTL_TASK_PORT_LOGIN:
12282		break;
12283	case CTL_TASK_PORT_LOGOUT:
12284		break;
12285	case CTL_TASK_QUERY_TASK:
12286		retval = ctl_query_task(io, 0);
12287		break;
12288	case CTL_TASK_QUERY_TASK_SET:
12289		retval = ctl_query_task(io, 1);
12290		break;
12291	case CTL_TASK_QUERY_ASYNC_EVENT:
12292		retval = ctl_query_async_event(io);
12293		break;
12294	default:
12295		printf("%s: got unknown task management event %d\n",
12296		       __func__, io->taskio.task_action);
12297		break;
12298	}
12299	if (retval == 0)
12300		io->io_hdr.status = CTL_SUCCESS;
12301	else
12302		io->io_hdr.status = CTL_ERROR;
12303	ctl_done(io);
12304}
12305
12306/*
12307 * For HA operation.  Handle commands that come in from the other
12308 * controller.
12309 */
12310static void
12311ctl_handle_isc(union ctl_io *io)
12312{
12313	int free_io;
12314	struct ctl_lun *lun;
12315	struct ctl_softc *softc = control_softc;
12316	uint32_t targ_lun;
12317
12318	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12319	lun = softc->ctl_luns[targ_lun];
12320
12321	switch (io->io_hdr.msg_type) {
12322	case CTL_MSG_SERIALIZE:
12323		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12324		break;
12325	case CTL_MSG_R2R: {
12326		const struct ctl_cmd_entry *entry;
12327
12328		/*
12329		 * This is only used in SER_ONLY mode.
12330		 */
12331		free_io = 0;
12332		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12333		mtx_lock(&lun->lun_lock);
12334		if (ctl_scsiio_lun_check(lun,
12335		    entry, (struct ctl_scsiio *)io) != 0) {
12336			mtx_unlock(&lun->lun_lock);
12337			ctl_done(io);
12338			break;
12339		}
12340		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12341		mtx_unlock(&lun->lun_lock);
12342		ctl_enqueue_rtr(io);
12343		break;
12344	}
12345	case CTL_MSG_FINISH_IO:
12346		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12347			free_io = 0;
12348			ctl_done(io);
12349		} else {
12350			free_io = 1;
12351			mtx_lock(&lun->lun_lock);
12352			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12353				     ooa_links);
12354			ctl_check_blocked(lun);
12355			mtx_unlock(&lun->lun_lock);
12356		}
12357		break;
12358	case CTL_MSG_PERS_ACTION:
12359		ctl_hndl_per_res_out_on_other_sc(
12360			(union ctl_ha_msg *)&io->presio.pr_msg);
12361		free_io = 1;
12362		break;
12363	case CTL_MSG_BAD_JUJU:
12364		free_io = 0;
12365		ctl_done(io);
12366		break;
12367	case CTL_MSG_DATAMOVE:
12368		/* Only used in XFER mode */
12369		free_io = 0;
12370		ctl_datamove_remote(io);
12371		break;
12372	case CTL_MSG_DATAMOVE_DONE:
12373		/* Only used in XFER mode */
12374		free_io = 0;
12375		io->scsiio.be_move_done(io);
12376		break;
12377	case CTL_MSG_FAILOVER:
12378		ctl_failover_lun(io);
12379		free_io = 1;
12380		break;
12381	default:
12382		free_io = 1;
12383		printf("%s: Invalid message type %d\n",
12384		       __func__, io->io_hdr.msg_type);
12385		break;
12386	}
12387	if (free_io)
12388		ctl_free_io(io);
12389
12390}
12391
12392
12393/*
12394 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12395 * there is no match.
12396 */
12397static ctl_lun_error_pattern
12398ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12399{
12400	const struct ctl_cmd_entry *entry;
12401	ctl_lun_error_pattern filtered_pattern, pattern;
12402
12403	pattern = desc->error_pattern;
12404
12405	/*
12406	 * XXX KDM we need more data passed into this function to match a
12407	 * custom pattern, and we actually need to implement custom pattern
12408	 * matching.
12409	 */
12410	if (pattern & CTL_LUN_PAT_CMD)
12411		return (CTL_LUN_PAT_CMD);
12412
12413	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12414		return (CTL_LUN_PAT_ANY);
12415
12416	entry = ctl_get_cmd_entry(ctsio, NULL);
12417
12418	filtered_pattern = entry->pattern & pattern;
12419
12420	/*
12421	 * If the user requested specific flags in the pattern (e.g.
12422	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12423	 * flags.
12424	 *
12425	 * If the user did not specify any flags, it doesn't matter whether
12426	 * or not the command supports the flags.
12427	 */
12428	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12429	     (pattern & ~CTL_LUN_PAT_MASK))
12430		return (CTL_LUN_PAT_NONE);
12431
12432	/*
12433	 * If the user asked for a range check, see if the requested LBA
12434	 * range overlaps with this command's LBA range.
12435	 */
12436	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12437		uint64_t lba1;
12438		uint64_t len1;
12439		ctl_action action;
12440		int retval;
12441
12442		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12443		if (retval != 0)
12444			return (CTL_LUN_PAT_NONE);
12445
12446		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12447					      desc->lba_range.len, FALSE);
12448		/*
12449		 * A "pass" means that the LBA ranges don't overlap, so
12450		 * this doesn't match the user's range criteria.
12451		 */
12452		if (action == CTL_ACTION_PASS)
12453			return (CTL_LUN_PAT_NONE);
12454	}
12455
12456	return (filtered_pattern);
12457}
12458
12459static void
12460ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12461{
12462	struct ctl_error_desc *desc, *desc2;
12463
12464	mtx_assert(&lun->lun_lock, MA_OWNED);
12465
12466	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12467		ctl_lun_error_pattern pattern;
12468		/*
12469		 * Check to see whether this particular command matches
12470		 * the pattern in the descriptor.
12471		 */
12472		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12473		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12474			continue;
12475
12476		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12477		case CTL_LUN_INJ_ABORTED:
12478			ctl_set_aborted(&io->scsiio);
12479			break;
12480		case CTL_LUN_INJ_MEDIUM_ERR:
12481			ctl_set_medium_error(&io->scsiio,
12482			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12483			     CTL_FLAG_DATA_OUT);
12484			break;
12485		case CTL_LUN_INJ_UA:
12486			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12487			 * OCCURRED */
12488			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12489			break;
12490		case CTL_LUN_INJ_CUSTOM:
12491			/*
12492			 * We're assuming the user knows what he is doing.
12493			 * Just copy the sense information without doing
12494			 * checks.
12495			 */
12496			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12497			      MIN(sizeof(desc->custom_sense),
12498				  sizeof(io->scsiio.sense_data)));
12499			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12500			io->scsiio.sense_len = SSD_FULL_SIZE;
12501			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12502			break;
12503		case CTL_LUN_INJ_NONE:
12504		default:
12505			/*
12506			 * If this is an error injection type we don't know
12507			 * about, clear the continuous flag (if it is set)
12508			 * so it will get deleted below.
12509			 */
12510			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12511			break;
12512		}
12513		/*
12514		 * By default, each error injection action is a one-shot
12515		 */
12516		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12517			continue;
12518
12519		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12520
12521		free(desc, M_CTL);
12522	}
12523}
12524
12525#ifdef CTL_IO_DELAY
12526static void
12527ctl_datamove_timer_wakeup(void *arg)
12528{
12529	union ctl_io *io;
12530
12531	io = (union ctl_io *)arg;
12532
12533	ctl_datamove(io);
12534}
12535#endif /* CTL_IO_DELAY */
12536
12537void
12538ctl_datamove(union ctl_io *io)
12539{
12540	struct ctl_lun *lun;
12541	void (*fe_datamove)(union ctl_io *io);
12542
12543	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12544
12545	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12546
12547	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12548#ifdef CTL_TIME_IO
12549	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12550		char str[256];
12551		char path_str[64];
12552		struct sbuf sb;
12553
12554		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12555		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12556
12557		sbuf_cat(&sb, path_str);
12558		switch (io->io_hdr.io_type) {
12559		case CTL_IO_SCSI:
12560			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12561			sbuf_printf(&sb, "\n");
12562			sbuf_cat(&sb, path_str);
12563			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12564				    io->scsiio.tag_num, io->scsiio.tag_type);
12565			break;
12566		case CTL_IO_TASK:
12567			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12568				    "Tag Type: %d\n", io->taskio.task_action,
12569				    io->taskio.tag_num, io->taskio.tag_type);
12570			break;
12571		default:
12572			panic("%s: Invalid CTL I/O type %d\n",
12573			    __func__, io->io_hdr.io_type);
12574		}
12575		sbuf_cat(&sb, path_str);
12576		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12577			    (intmax_t)time_uptime - io->io_hdr.start_time);
12578		sbuf_finish(&sb);
12579		printf("%s", sbuf_data(&sb));
12580	}
12581#endif /* CTL_TIME_IO */
12582
12583#ifdef CTL_IO_DELAY
12584	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12585		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12586	} else {
12587		if ((lun != NULL)
12588		 && (lun->delay_info.datamove_delay > 0)) {
12589
12590			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12591			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12592			callout_reset(&io->io_hdr.delay_callout,
12593				      lun->delay_info.datamove_delay * hz,
12594				      ctl_datamove_timer_wakeup, io);
12595			if (lun->delay_info.datamove_type ==
12596			    CTL_DELAY_TYPE_ONESHOT)
12597				lun->delay_info.datamove_delay = 0;
12598			return;
12599		}
12600	}
12601#endif
12602
12603	/*
12604	 * This command has been aborted.  Set the port status, so we fail
12605	 * the data move.
12606	 */
12607	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12608		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12609		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12610		       io->io_hdr.nexus.targ_port,
12611		       io->io_hdr.nexus.targ_lun);
12612		io->io_hdr.port_status = 31337;
12613		/*
12614		 * Note that the backend, in this case, will get the
12615		 * callback in its context.  In other cases it may get
12616		 * called in the frontend's interrupt thread context.
12617		 */
12618		io->scsiio.be_move_done(io);
12619		return;
12620	}
12621
12622	/* Don't confuse frontend with zero length data move. */
12623	if (io->scsiio.kern_data_len == 0) {
12624		io->scsiio.be_move_done(io);
12625		return;
12626	}
12627
12628	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12629	fe_datamove(io);
12630}
12631
12632static void
12633ctl_send_datamove_done(union ctl_io *io, int have_lock)
12634{
12635	union ctl_ha_msg msg;
12636#ifdef CTL_TIME_IO
12637	struct bintime cur_bt;
12638#endif
12639
12640	memset(&msg, 0, sizeof(msg));
12641	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12642	msg.hdr.original_sc = io;
12643	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12644	msg.hdr.nexus = io->io_hdr.nexus;
12645	msg.hdr.status = io->io_hdr.status;
12646	msg.scsi.tag_num = io->scsiio.tag_num;
12647	msg.scsi.tag_type = io->scsiio.tag_type;
12648	msg.scsi.scsi_status = io->scsiio.scsi_status;
12649	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12650	       io->scsiio.sense_len);
12651	msg.scsi.sense_len = io->scsiio.sense_len;
12652	msg.scsi.sense_residual = io->scsiio.sense_residual;
12653	msg.scsi.fetd_status = io->io_hdr.port_status;
12654	msg.scsi.residual = io->scsiio.residual;
12655	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12656	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12657		ctl_failover_io(io, /*have_lock*/ have_lock);
12658		return;
12659	}
12660	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12661	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12662	    msg.scsi.sense_len, M_WAITOK);
12663
12664#ifdef CTL_TIME_IO
12665	getbinuptime(&cur_bt);
12666	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12667	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12668#endif
12669	io->io_hdr.num_dmas++;
12670}
12671
12672/*
12673 * The DMA to the remote side is done, now we need to tell the other side
12674 * we're done so it can continue with its data movement.
12675 */
12676static void
12677ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12678{
12679	union ctl_io *io;
12680	int i;
12681
12682	io = rq->context;
12683
12684	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12685		printf("%s: ISC DMA write failed with error %d", __func__,
12686		       rq->ret);
12687		ctl_set_internal_failure(&io->scsiio,
12688					 /*sks_valid*/ 1,
12689					 /*retry_count*/ rq->ret);
12690	}
12691
12692	ctl_dt_req_free(rq);
12693
12694	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12695		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12696	free(io->io_hdr.remote_sglist, M_CTL);
12697	io->io_hdr.remote_sglist = NULL;
12698	io->io_hdr.local_sglist = NULL;
12699
12700	/*
12701	 * The data is in local and remote memory, so now we need to send
12702	 * status (good or back) back to the other side.
12703	 */
12704	ctl_send_datamove_done(io, /*have_lock*/ 0);
12705}
12706
12707/*
12708 * We've moved the data from the host/controller into local memory.  Now we
12709 * need to push it over to the remote controller's memory.
12710 */
12711static int
12712ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12713{
12714	int retval;
12715
12716	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12717					  ctl_datamove_remote_write_cb);
12718	return (retval);
12719}
12720
12721static void
12722ctl_datamove_remote_write(union ctl_io *io)
12723{
12724	int retval;
12725	void (*fe_datamove)(union ctl_io *io);
12726
12727	/*
12728	 * - Get the data from the host/HBA into local memory.
12729	 * - DMA memory from the local controller to the remote controller.
12730	 * - Send status back to the remote controller.
12731	 */
12732
12733	retval = ctl_datamove_remote_sgl_setup(io);
12734	if (retval != 0)
12735		return;
12736
12737	/* Switch the pointer over so the FETD knows what to do */
12738	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12739
12740	/*
12741	 * Use a custom move done callback, since we need to send completion
12742	 * back to the other controller, not to the backend on this side.
12743	 */
12744	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12745
12746	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12747	fe_datamove(io);
12748}
12749
12750static int
12751ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12752{
12753#if 0
12754	char str[256];
12755	char path_str[64];
12756	struct sbuf sb;
12757#endif
12758	int i;
12759
12760	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12761		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12762	free(io->io_hdr.remote_sglist, M_CTL);
12763	io->io_hdr.remote_sglist = NULL;
12764	io->io_hdr.local_sglist = NULL;
12765
12766#if 0
12767	scsi_path_string(io, path_str, sizeof(path_str));
12768	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12769	sbuf_cat(&sb, path_str);
12770	scsi_command_string(&io->scsiio, NULL, &sb);
12771	sbuf_printf(&sb, "\n");
12772	sbuf_cat(&sb, path_str);
12773	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12774		    io->scsiio.tag_num, io->scsiio.tag_type);
12775	sbuf_cat(&sb, path_str);
12776	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12777		    io->io_hdr.flags, io->io_hdr.status);
12778	sbuf_finish(&sb);
12779	printk("%s", sbuf_data(&sb));
12780#endif
12781
12782
12783	/*
12784	 * The read is done, now we need to send status (good or bad) back
12785	 * to the other side.
12786	 */
12787	ctl_send_datamove_done(io, /*have_lock*/ 0);
12788
12789	return (0);
12790}
12791
12792static void
12793ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12794{
12795	union ctl_io *io;
12796	void (*fe_datamove)(union ctl_io *io);
12797
12798	io = rq->context;
12799
12800	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12801		printf("%s: ISC DMA read failed with error %d\n", __func__,
12802		       rq->ret);
12803		ctl_set_internal_failure(&io->scsiio,
12804					 /*sks_valid*/ 1,
12805					 /*retry_count*/ rq->ret);
12806	}
12807
12808	ctl_dt_req_free(rq);
12809
12810	/* Switch the pointer over so the FETD knows what to do */
12811	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12812
12813	/*
12814	 * Use a custom move done callback, since we need to send completion
12815	 * back to the other controller, not to the backend on this side.
12816	 */
12817	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12818
12819	/* XXX KDM add checks like the ones in ctl_datamove? */
12820
12821	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12822	fe_datamove(io);
12823}
12824
12825static int
12826ctl_datamove_remote_sgl_setup(union ctl_io *io)
12827{
12828	struct ctl_sg_entry *local_sglist;
12829	uint32_t len_to_go;
12830	int retval;
12831	int i;
12832
12833	retval = 0;
12834	local_sglist = io->io_hdr.local_sglist;
12835	len_to_go = io->scsiio.kern_data_len;
12836
12837	/*
12838	 * The difficult thing here is that the size of the various
12839	 * S/G segments may be different than the size from the
12840	 * remote controller.  That'll make it harder when DMAing
12841	 * the data back to the other side.
12842	 */
12843	for (i = 0; len_to_go > 0; i++) {
12844		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12845		local_sglist[i].addr =
12846		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12847
12848		len_to_go -= local_sglist[i].len;
12849	}
12850	/*
12851	 * Reset the number of S/G entries accordingly.  The original
12852	 * number of S/G entries is available in rem_sg_entries.
12853	 */
12854	io->scsiio.kern_sg_entries = i;
12855
12856#if 0
12857	printf("%s: kern_sg_entries = %d\n", __func__,
12858	       io->scsiio.kern_sg_entries);
12859	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12860		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12861		       local_sglist[i].addr, local_sglist[i].len);
12862#endif
12863
12864	return (retval);
12865}
12866
12867static int
12868ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12869			 ctl_ha_dt_cb callback)
12870{
12871	struct ctl_ha_dt_req *rq;
12872	struct ctl_sg_entry *remote_sglist, *local_sglist;
12873	uint32_t local_used, remote_used, total_used;
12874	int i, j, isc_ret;
12875
12876	rq = ctl_dt_req_alloc();
12877
12878	/*
12879	 * If we failed to allocate the request, and if the DMA didn't fail
12880	 * anyway, set busy status.  This is just a resource allocation
12881	 * failure.
12882	 */
12883	if ((rq == NULL)
12884	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12885	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12886		ctl_set_busy(&io->scsiio);
12887
12888	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12889	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12890
12891		if (rq != NULL)
12892			ctl_dt_req_free(rq);
12893
12894		/*
12895		 * The data move failed.  We need to return status back
12896		 * to the other controller.  No point in trying to DMA
12897		 * data to the remote controller.
12898		 */
12899
12900		ctl_send_datamove_done(io, /*have_lock*/ 0);
12901
12902		return (1);
12903	}
12904
12905	local_sglist = io->io_hdr.local_sglist;
12906	remote_sglist = io->io_hdr.remote_sglist;
12907	local_used = 0;
12908	remote_used = 0;
12909	total_used = 0;
12910
12911	/*
12912	 * Pull/push the data over the wire from/to the other controller.
12913	 * This takes into account the possibility that the local and
12914	 * remote sglists may not be identical in terms of the size of
12915	 * the elements and the number of elements.
12916	 *
12917	 * One fundamental assumption here is that the length allocated for
12918	 * both the local and remote sglists is identical.  Otherwise, we've
12919	 * essentially got a coding error of some sort.
12920	 */
12921	isc_ret = CTL_HA_STATUS_SUCCESS;
12922	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12923		uint32_t cur_len;
12924		uint8_t *tmp_ptr;
12925
12926		rq->command = command;
12927		rq->context = io;
12928
12929		/*
12930		 * Both pointers should be aligned.  But it is possible
12931		 * that the allocation length is not.  They should both
12932		 * also have enough slack left over at the end, though,
12933		 * to round up to the next 8 byte boundary.
12934		 */
12935		cur_len = MIN(local_sglist[i].len - local_used,
12936			      remote_sglist[j].len - remote_used);
12937		rq->size = cur_len;
12938
12939		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12940		tmp_ptr += local_used;
12941
12942#if 0
12943		/* Use physical addresses when talking to ISC hardware */
12944		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12945			/* XXX KDM use busdma */
12946			rq->local = vtophys(tmp_ptr);
12947		} else
12948			rq->local = tmp_ptr;
12949#else
12950		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12951		    ("HA does not support BUS_ADDR"));
12952		rq->local = tmp_ptr;
12953#endif
12954
12955		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12956		tmp_ptr += remote_used;
12957		rq->remote = tmp_ptr;
12958
12959		rq->callback = NULL;
12960
12961		local_used += cur_len;
12962		if (local_used >= local_sglist[i].len) {
12963			i++;
12964			local_used = 0;
12965		}
12966
12967		remote_used += cur_len;
12968		if (remote_used >= remote_sglist[j].len) {
12969			j++;
12970			remote_used = 0;
12971		}
12972		total_used += cur_len;
12973
12974		if (total_used >= io->scsiio.kern_data_len)
12975			rq->callback = callback;
12976
12977#if 0
12978		printf("%s: %s: local %p remote %p size %d\n", __func__,
12979		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12980		       rq->local, rq->remote, rq->size);
12981#endif
12982
12983		isc_ret = ctl_dt_single(rq);
12984		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12985			break;
12986	}
12987	if (isc_ret != CTL_HA_STATUS_WAIT) {
12988		rq->ret = isc_ret;
12989		callback(rq);
12990	}
12991
12992	return (0);
12993}
12994
12995static void
12996ctl_datamove_remote_read(union ctl_io *io)
12997{
12998	int retval;
12999	int i;
13000
13001	/*
13002	 * This will send an error to the other controller in the case of a
13003	 * failure.
13004	 */
13005	retval = ctl_datamove_remote_sgl_setup(io);
13006	if (retval != 0)
13007		return;
13008
13009	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13010					  ctl_datamove_remote_read_cb);
13011	if (retval != 0) {
13012		/*
13013		 * Make sure we free memory if there was an error..  The
13014		 * ctl_datamove_remote_xfer() function will send the
13015		 * datamove done message, or call the callback with an
13016		 * error if there is a problem.
13017		 */
13018		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13019			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13020		free(io->io_hdr.remote_sglist, M_CTL);
13021		io->io_hdr.remote_sglist = NULL;
13022		io->io_hdr.local_sglist = NULL;
13023	}
13024}
13025
13026/*
13027 * Process a datamove request from the other controller.  This is used for
13028 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13029 * first.  Once that is complete, the data gets DMAed into the remote
13030 * controller's memory.  For reads, we DMA from the remote controller's
13031 * memory into our memory first, and then move it out to the FETD.
13032 */
13033static void
13034ctl_datamove_remote(union ctl_io *io)
13035{
13036
13037	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
13038
13039	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13040		ctl_failover_io(io, /*have_lock*/ 0);
13041		return;
13042	}
13043
13044	/*
13045	 * Note that we look for an aborted I/O here, but don't do some of
13046	 * the other checks that ctl_datamove() normally does.
13047	 * We don't need to run the datamove delay code, since that should
13048	 * have been done if need be on the other controller.
13049	 */
13050	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13051		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
13052		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
13053		       io->io_hdr.nexus.targ_port,
13054		       io->io_hdr.nexus.targ_lun);
13055		io->io_hdr.port_status = 31338;
13056		ctl_send_datamove_done(io, /*have_lock*/ 0);
13057		return;
13058	}
13059
13060	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
13061		ctl_datamove_remote_write(io);
13062	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
13063		ctl_datamove_remote_read(io);
13064	else {
13065		io->io_hdr.port_status = 31339;
13066		ctl_send_datamove_done(io, /*have_lock*/ 0);
13067	}
13068}
13069
13070static void
13071ctl_process_done(union ctl_io *io)
13072{
13073	struct ctl_lun *lun;
13074	struct ctl_softc *softc = control_softc;
13075	void (*fe_done)(union ctl_io *io);
13076	union ctl_ha_msg msg;
13077	uint32_t targ_port = io->io_hdr.nexus.targ_port;
13078
13079	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13080	fe_done = softc->ctl_ports[targ_port]->fe_done;
13081
13082#ifdef CTL_TIME_IO
13083	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13084		char str[256];
13085		char path_str[64];
13086		struct sbuf sb;
13087
13088		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13089		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13090
13091		sbuf_cat(&sb, path_str);
13092		switch (io->io_hdr.io_type) {
13093		case CTL_IO_SCSI:
13094			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13095			sbuf_printf(&sb, "\n");
13096			sbuf_cat(&sb, path_str);
13097			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13098				    io->scsiio.tag_num, io->scsiio.tag_type);
13099			break;
13100		case CTL_IO_TASK:
13101			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13102				    "Tag Type: %d\n", io->taskio.task_action,
13103				    io->taskio.tag_num, io->taskio.tag_type);
13104			break;
13105		default:
13106			panic("%s: Invalid CTL I/O type %d\n",
13107			    __func__, io->io_hdr.io_type);
13108		}
13109		sbuf_cat(&sb, path_str);
13110		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13111			    (intmax_t)time_uptime - io->io_hdr.start_time);
13112		sbuf_finish(&sb);
13113		printf("%s", sbuf_data(&sb));
13114	}
13115#endif /* CTL_TIME_IO */
13116
13117	switch (io->io_hdr.io_type) {
13118	case CTL_IO_SCSI:
13119		break;
13120	case CTL_IO_TASK:
13121		if (ctl_debug & CTL_DEBUG_INFO)
13122			ctl_io_error_print(io, NULL);
13123		fe_done(io);
13124		return;
13125	default:
13126		panic("%s: Invalid CTL I/O type %d\n",
13127		    __func__, io->io_hdr.io_type);
13128	}
13129
13130	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13131	if (lun == NULL) {
13132		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13133				 io->io_hdr.nexus.targ_mapped_lun));
13134		goto bailout;
13135	}
13136
13137	mtx_lock(&lun->lun_lock);
13138
13139	/*
13140	 * Check to see if we have any errors to inject here.  We only
13141	 * inject errors for commands that don't already have errors set.
13142	 */
13143	if (!STAILQ_EMPTY(&lun->error_list) &&
13144	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13145	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13146		ctl_inject_error(lun, io);
13147
13148	/*
13149	 * XXX KDM how do we treat commands that aren't completed
13150	 * successfully?
13151	 *
13152	 * XXX KDM should we also track I/O latency?
13153	 */
13154	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13155	    io->io_hdr.io_type == CTL_IO_SCSI) {
13156#ifdef CTL_TIME_IO
13157		struct bintime cur_bt;
13158#endif
13159		int type;
13160
13161		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13162		    CTL_FLAG_DATA_IN)
13163			type = CTL_STATS_READ;
13164		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13165		    CTL_FLAG_DATA_OUT)
13166			type = CTL_STATS_WRITE;
13167		else
13168			type = CTL_STATS_NO_IO;
13169
13170		lun->stats.ports[targ_port].bytes[type] +=
13171		    io->scsiio.kern_total_len;
13172		lun->stats.ports[targ_port].operations[type]++;
13173#ifdef CTL_TIME_IO
13174		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13175		   &io->io_hdr.dma_bt);
13176		getbinuptime(&cur_bt);
13177		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13178		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13179#endif
13180		lun->stats.ports[targ_port].num_dmas[type] +=
13181		    io->io_hdr.num_dmas;
13182	}
13183
13184	/*
13185	 * Remove this from the OOA queue.
13186	 */
13187	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13188#ifdef CTL_TIME_IO
13189	if (TAILQ_EMPTY(&lun->ooa_queue))
13190		lun->last_busy = getsbinuptime();
13191#endif
13192
13193	/*
13194	 * Run through the blocked queue on this LUN and see if anything
13195	 * has become unblocked, now that this transaction is done.
13196	 */
13197	ctl_check_blocked(lun);
13198
13199	/*
13200	 * If the LUN has been invalidated, free it if there is nothing
13201	 * left on its OOA queue.
13202	 */
13203	if ((lun->flags & CTL_LUN_INVALID)
13204	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13205		mtx_unlock(&lun->lun_lock);
13206		mtx_lock(&softc->ctl_lock);
13207		ctl_free_lun(lun);
13208		mtx_unlock(&softc->ctl_lock);
13209	} else
13210		mtx_unlock(&lun->lun_lock);
13211
13212bailout:
13213
13214	/*
13215	 * If this command has been aborted, make sure we set the status
13216	 * properly.  The FETD is responsible for freeing the I/O and doing
13217	 * whatever it needs to do to clean up its state.
13218	 */
13219	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13220		ctl_set_task_aborted(&io->scsiio);
13221
13222	/*
13223	 * If enabled, print command error status.
13224	 */
13225	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13226	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13227		ctl_io_error_print(io, NULL);
13228
13229	/*
13230	 * Tell the FETD or the other shelf controller we're done with this
13231	 * command.  Note that only SCSI commands get to this point.  Task
13232	 * management commands are completed above.
13233	 */
13234	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13235	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13236		memset(&msg, 0, sizeof(msg));
13237		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13238		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13239		msg.hdr.nexus = io->io_hdr.nexus;
13240		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13241		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13242		    M_WAITOK);
13243	}
13244
13245	fe_done(io);
13246}
13247
13248#ifdef CTL_WITH_CA
13249/*
13250 * Front end should call this if it doesn't do autosense.  When the request
13251 * sense comes back in from the initiator, we'll dequeue this and send it.
13252 */
13253int
13254ctl_queue_sense(union ctl_io *io)
13255{
13256	struct ctl_lun *lun;
13257	struct ctl_port *port;
13258	struct ctl_softc *softc;
13259	uint32_t initidx, targ_lun;
13260
13261	softc = control_softc;
13262
13263	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13264
13265	/*
13266	 * LUN lookup will likely move to the ctl_work_thread() once we
13267	 * have our new queueing infrastructure (that doesn't put things on
13268	 * a per-LUN queue initially).  That is so that we can handle
13269	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13270	 * can't deal with that right now.
13271	 */
13272	mtx_lock(&softc->ctl_lock);
13273
13274	/*
13275	 * If we don't have a LUN for this, just toss the sense
13276	 * information.
13277	 */
13278	port = ctl_io_port(&ctsio->io_hdr);
13279	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13280	if ((targ_lun < CTL_MAX_LUNS)
13281	 && (softc->ctl_luns[targ_lun] != NULL))
13282		lun = softc->ctl_luns[targ_lun];
13283	else
13284		goto bailout;
13285
13286	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13287
13288	mtx_lock(&lun->lun_lock);
13289	/*
13290	 * Already have CA set for this LUN...toss the sense information.
13291	 */
13292	if (ctl_is_set(lun->have_ca, initidx)) {
13293		mtx_unlock(&lun->lun_lock);
13294		goto bailout;
13295	}
13296
13297	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13298	       MIN(sizeof(lun->pending_sense[initidx]),
13299	       sizeof(io->scsiio.sense_data)));
13300	ctl_set_mask(lun->have_ca, initidx);
13301	mtx_unlock(&lun->lun_lock);
13302
13303bailout:
13304	mtx_unlock(&softc->ctl_lock);
13305
13306	ctl_free_io(io);
13307
13308	return (CTL_RETVAL_COMPLETE);
13309}
13310#endif
13311
13312/*
13313 * Primary command inlet from frontend ports.  All SCSI and task I/O
13314 * requests must go through this function.
13315 */
13316int
13317ctl_queue(union ctl_io *io)
13318{
13319	struct ctl_port *port;
13320
13321	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13322
13323#ifdef CTL_TIME_IO
13324	io->io_hdr.start_time = time_uptime;
13325	getbinuptime(&io->io_hdr.start_bt);
13326#endif /* CTL_TIME_IO */
13327
13328	/* Map FE-specific LUN ID into global one. */
13329	port = ctl_io_port(&io->io_hdr);
13330	io->io_hdr.nexus.targ_mapped_lun =
13331	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13332
13333	switch (io->io_hdr.io_type) {
13334	case CTL_IO_SCSI:
13335	case CTL_IO_TASK:
13336		if (ctl_debug & CTL_DEBUG_CDB)
13337			ctl_io_print(io);
13338		ctl_enqueue_incoming(io);
13339		break;
13340	default:
13341		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13342		return (EINVAL);
13343	}
13344
13345	return (CTL_RETVAL_COMPLETE);
13346}
13347
13348#ifdef CTL_IO_DELAY
13349static void
13350ctl_done_timer_wakeup(void *arg)
13351{
13352	union ctl_io *io;
13353
13354	io = (union ctl_io *)arg;
13355	ctl_done(io);
13356}
13357#endif /* CTL_IO_DELAY */
13358
13359void
13360ctl_serseq_done(union ctl_io *io)
13361{
13362	struct ctl_lun *lun;
13363
13364	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13365	if (lun->be_lun == NULL ||
13366	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13367		return;
13368	mtx_lock(&lun->lun_lock);
13369	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13370	ctl_check_blocked(lun);
13371	mtx_unlock(&lun->lun_lock);
13372}
13373
13374void
13375ctl_done(union ctl_io *io)
13376{
13377
13378	/*
13379	 * Enable this to catch duplicate completion issues.
13380	 */
13381#if 0
13382	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13383		printf("%s: type %d msg %d cdb %x iptl: "
13384		       "%u:%u:%u tag 0x%04x "
13385		       "flag %#x status %x\n",
13386			__func__,
13387			io->io_hdr.io_type,
13388			io->io_hdr.msg_type,
13389			io->scsiio.cdb[0],
13390			io->io_hdr.nexus.initid,
13391			io->io_hdr.nexus.targ_port,
13392			io->io_hdr.nexus.targ_lun,
13393			(io->io_hdr.io_type ==
13394			CTL_IO_TASK) ?
13395			io->taskio.tag_num :
13396			io->scsiio.tag_num,
13397		        io->io_hdr.flags,
13398			io->io_hdr.status);
13399	} else
13400		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13401#endif
13402
13403	/*
13404	 * This is an internal copy of an I/O, and should not go through
13405	 * the normal done processing logic.
13406	 */
13407	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13408		return;
13409
13410#ifdef CTL_IO_DELAY
13411	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13412		struct ctl_lun *lun;
13413
13414		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13415
13416		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13417	} else {
13418		struct ctl_lun *lun;
13419
13420		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13421
13422		if ((lun != NULL)
13423		 && (lun->delay_info.done_delay > 0)) {
13424
13425			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13426			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13427			callout_reset(&io->io_hdr.delay_callout,
13428				      lun->delay_info.done_delay * hz,
13429				      ctl_done_timer_wakeup, io);
13430			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13431				lun->delay_info.done_delay = 0;
13432			return;
13433		}
13434	}
13435#endif /* CTL_IO_DELAY */
13436
13437	ctl_enqueue_done(io);
13438}
13439
13440static void
13441ctl_work_thread(void *arg)
13442{
13443	struct ctl_thread *thr = (struct ctl_thread *)arg;
13444	struct ctl_softc *softc = thr->ctl_softc;
13445	union ctl_io *io;
13446	int retval;
13447
13448	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13449
13450	for (;;) {
13451		/*
13452		 * We handle the queues in this order:
13453		 * - ISC
13454		 * - done queue (to free up resources, unblock other commands)
13455		 * - RtR queue
13456		 * - incoming queue
13457		 *
13458		 * If those queues are empty, we break out of the loop and
13459		 * go to sleep.
13460		 */
13461		mtx_lock(&thr->queue_lock);
13462		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13463		if (io != NULL) {
13464			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13465			mtx_unlock(&thr->queue_lock);
13466			ctl_handle_isc(io);
13467			continue;
13468		}
13469		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13470		if (io != NULL) {
13471			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13472			/* clear any blocked commands, call fe_done */
13473			mtx_unlock(&thr->queue_lock);
13474			ctl_process_done(io);
13475			continue;
13476		}
13477		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13478		if (io != NULL) {
13479			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13480			mtx_unlock(&thr->queue_lock);
13481			if (io->io_hdr.io_type == CTL_IO_TASK)
13482				ctl_run_task(io);
13483			else
13484				ctl_scsiio_precheck(softc, &io->scsiio);
13485			continue;
13486		}
13487		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13488		if (io != NULL) {
13489			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13490			mtx_unlock(&thr->queue_lock);
13491			retval = ctl_scsiio(&io->scsiio);
13492			if (retval != CTL_RETVAL_COMPLETE)
13493				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13494			continue;
13495		}
13496
13497		/* Sleep until we have something to do. */
13498		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13499	}
13500}
13501
13502static void
13503ctl_lun_thread(void *arg)
13504{
13505	struct ctl_softc *softc = (struct ctl_softc *)arg;
13506	struct ctl_be_lun *be_lun;
13507
13508	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13509
13510	for (;;) {
13511		mtx_lock(&softc->ctl_lock);
13512		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13513		if (be_lun != NULL) {
13514			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13515			mtx_unlock(&softc->ctl_lock);
13516			ctl_create_lun(be_lun);
13517			continue;
13518		}
13519
13520		/* Sleep until we have something to do. */
13521		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13522		    PDROP | PRIBIO, "-", 0);
13523	}
13524}
13525
13526static void
13527ctl_thresh_thread(void *arg)
13528{
13529	struct ctl_softc *softc = (struct ctl_softc *)arg;
13530	struct ctl_lun *lun;
13531	struct scsi_da_rw_recovery_page *rwpage;
13532	struct ctl_logical_block_provisioning_page *page;
13533	const char *attr;
13534	union ctl_ha_msg msg;
13535	uint64_t thres, val;
13536	int i, e, set;
13537
13538	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13539
13540	for (;;) {
13541		mtx_lock(&softc->ctl_lock);
13542		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13543			if ((lun->flags & CTL_LUN_DISABLED) ||
13544			    (lun->flags & CTL_LUN_NO_MEDIA) ||
13545			    lun->backend->lun_attr == NULL)
13546				continue;
13547			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13548			    softc->ha_mode == CTL_HA_MODE_XFER)
13549				continue;
13550			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13551			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13552				continue;
13553			e = 0;
13554			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13555			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13556				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13557					continue;
13558				thres = scsi_4btoul(page->descr[i].count);
13559				thres <<= CTL_LBP_EXPONENT;
13560				switch (page->descr[i].resource) {
13561				case 0x01:
13562					attr = "blocksavail";
13563					break;
13564				case 0x02:
13565					attr = "blocksused";
13566					break;
13567				case 0xf1:
13568					attr = "poolblocksavail";
13569					break;
13570				case 0xf2:
13571					attr = "poolblocksused";
13572					break;
13573				default:
13574					continue;
13575				}
13576				mtx_unlock(&softc->ctl_lock); // XXX
13577				val = lun->backend->lun_attr(
13578				    lun->be_lun->be_lun, attr);
13579				mtx_lock(&softc->ctl_lock);
13580				if (val == UINT64_MAX)
13581					continue;
13582				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13583				    == SLBPPD_ARMING_INC)
13584					e = (val >= thres);
13585				else
13586					e = (val <= thres);
13587				if (e)
13588					break;
13589			}
13590			mtx_lock(&lun->lun_lock);
13591			if (e) {
13592				scsi_u64to8b((uint8_t *)&page->descr[i] -
13593				    (uint8_t *)page, lun->ua_tpt_info);
13594				if (lun->lasttpt == 0 ||
13595				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13596					lun->lasttpt = time_uptime;
13597					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13598					set = 1;
13599				} else
13600					set = 0;
13601			} else {
13602				lun->lasttpt = 0;
13603				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13604				set = -1;
13605			}
13606			mtx_unlock(&lun->lun_lock);
13607			if (set != 0 &&
13608			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13609				/* Send msg to other side. */
13610				bzero(&msg.ua, sizeof(msg.ua));
13611				msg.hdr.msg_type = CTL_MSG_UA;
13612				msg.hdr.nexus.initid = -1;
13613				msg.hdr.nexus.targ_port = -1;
13614				msg.hdr.nexus.targ_lun = lun->lun;
13615				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13616				msg.ua.ua_all = 1;
13617				msg.ua.ua_set = (set > 0);
13618				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13619				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13620				mtx_unlock(&softc->ctl_lock); // XXX
13621				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13622				    sizeof(msg.ua), M_WAITOK);
13623				mtx_lock(&softc->ctl_lock);
13624			}
13625		}
13626		mtx_unlock(&softc->ctl_lock);
13627		pause("-", CTL_LBP_PERIOD * hz);
13628	}
13629}
13630
13631static void
13632ctl_enqueue_incoming(union ctl_io *io)
13633{
13634	struct ctl_softc *softc = control_softc;
13635	struct ctl_thread *thr;
13636	u_int idx;
13637
13638	idx = (io->io_hdr.nexus.targ_port * 127 +
13639	       io->io_hdr.nexus.initid) % worker_threads;
13640	thr = &softc->threads[idx];
13641	mtx_lock(&thr->queue_lock);
13642	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13643	mtx_unlock(&thr->queue_lock);
13644	wakeup(thr);
13645}
13646
13647static void
13648ctl_enqueue_rtr(union ctl_io *io)
13649{
13650	struct ctl_softc *softc = control_softc;
13651	struct ctl_thread *thr;
13652
13653	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13654	mtx_lock(&thr->queue_lock);
13655	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13656	mtx_unlock(&thr->queue_lock);
13657	wakeup(thr);
13658}
13659
13660static void
13661ctl_enqueue_done(union ctl_io *io)
13662{
13663	struct ctl_softc *softc = control_softc;
13664	struct ctl_thread *thr;
13665
13666	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13667	mtx_lock(&thr->queue_lock);
13668	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13669	mtx_unlock(&thr->queue_lock);
13670	wakeup(thr);
13671}
13672
13673static void
13674ctl_enqueue_isc(union ctl_io *io)
13675{
13676	struct ctl_softc *softc = control_softc;
13677	struct ctl_thread *thr;
13678
13679	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13680	mtx_lock(&thr->queue_lock);
13681	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13682	mtx_unlock(&thr->queue_lock);
13683	wakeup(thr);
13684}
13685
13686/*
13687 *  vim: ts=8
13688 */
13689