ctl.c revision 311433 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 311433 2017-01-05 11:50:01Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_cd.h>
73#include <cam/scsi/scsi_da.h>
74#include <cam/ctl/ctl_io.h>
75#include <cam/ctl/ctl.h>
76#include <cam/ctl/ctl_frontend.h>
77#include <cam/ctl/ctl_util.h>
78#include <cam/ctl/ctl_backend.h>
79#include <cam/ctl/ctl_ioctl.h>
80#include <cam/ctl/ctl_ha.h>
81#include <cam/ctl/ctl_private.h>
82#include <cam/ctl/ctl_debug.h>
83#include <cam/ctl/ctl_scsi_all.h>
84#include <cam/ctl/ctl_error.h>
85
86struct ctl_softc *control_softc = NULL;
87
88/*
89 * Template mode pages.
90 */
91
92/*
93 * Note that these are default values only.  The actual values will be
94 * filled in when the user does a mode sense.
95 */
96const static struct scsi_da_rw_recovery_page rw_er_page_default = {
97	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
98	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
99	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
100	/*read_retry_count*/0,
101	/*correction_span*/0,
102	/*head_offset_count*/0,
103	/*data_strobe_offset_cnt*/0,
104	/*byte8*/SMS_RWER_LBPERE,
105	/*write_retry_count*/0,
106	/*reserved2*/0,
107	/*recovery_time_limit*/{0, 0},
108};
109
110const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
111	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
112	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
113	/*byte3*/SMS_RWER_PER,
114	/*read_retry_count*/0,
115	/*correction_span*/0,
116	/*head_offset_count*/0,
117	/*data_strobe_offset_cnt*/0,
118	/*byte8*/SMS_RWER_LBPERE,
119	/*write_retry_count*/0,
120	/*reserved2*/0,
121	/*recovery_time_limit*/{0, 0},
122};
123
124const static struct scsi_format_page format_page_default = {
125	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
126	/*page_length*/sizeof(struct scsi_format_page) - 2,
127	/*tracks_per_zone*/ {0, 0},
128	/*alt_sectors_per_zone*/ {0, 0},
129	/*alt_tracks_per_zone*/ {0, 0},
130	/*alt_tracks_per_lun*/ {0, 0},
131	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
132			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
133	/*bytes_per_sector*/ {0, 0},
134	/*interleave*/ {0, 0},
135	/*track_skew*/ {0, 0},
136	/*cylinder_skew*/ {0, 0},
137	/*flags*/ SFP_HSEC,
138	/*reserved*/ {0, 0, 0}
139};
140
141const static struct scsi_format_page format_page_changeable = {
142	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
143	/*page_length*/sizeof(struct scsi_format_page) - 2,
144	/*tracks_per_zone*/ {0, 0},
145	/*alt_sectors_per_zone*/ {0, 0},
146	/*alt_tracks_per_zone*/ {0, 0},
147	/*alt_tracks_per_lun*/ {0, 0},
148	/*sectors_per_track*/ {0, 0},
149	/*bytes_per_sector*/ {0, 0},
150	/*interleave*/ {0, 0},
151	/*track_skew*/ {0, 0},
152	/*cylinder_skew*/ {0, 0},
153	/*flags*/ 0,
154	/*reserved*/ {0, 0, 0}
155};
156
157const static struct scsi_rigid_disk_page rigid_disk_page_default = {
158	/*page_code*/SMS_RIGID_DISK_PAGE,
159	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
160	/*cylinders*/ {0, 0, 0},
161	/*heads*/ CTL_DEFAULT_HEADS,
162	/*start_write_precomp*/ {0, 0, 0},
163	/*start_reduced_current*/ {0, 0, 0},
164	/*step_rate*/ {0, 0},
165	/*landing_zone_cylinder*/ {0, 0, 0},
166	/*rpl*/ SRDP_RPL_DISABLED,
167	/*rotational_offset*/ 0,
168	/*reserved1*/ 0,
169	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
170			   CTL_DEFAULT_ROTATION_RATE & 0xff},
171	/*reserved2*/ {0, 0}
172};
173
174const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
175	/*page_code*/SMS_RIGID_DISK_PAGE,
176	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
177	/*cylinders*/ {0, 0, 0},
178	/*heads*/ 0,
179	/*start_write_precomp*/ {0, 0, 0},
180	/*start_reduced_current*/ {0, 0, 0},
181	/*step_rate*/ {0, 0},
182	/*landing_zone_cylinder*/ {0, 0, 0},
183	/*rpl*/ 0,
184	/*rotational_offset*/ 0,
185	/*reserved1*/ 0,
186	/*rotation_rate*/ {0, 0},
187	/*reserved2*/ {0, 0}
188};
189
190const static struct scsi_da_verify_recovery_page verify_er_page_default = {
191	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
192	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
193	/*byte3*/0,
194	/*read_retry_count*/0,
195	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
196	/*recovery_time_limit*/{0, 0},
197};
198
199const static struct scsi_da_verify_recovery_page verify_er_page_changeable = {
200	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
201	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
202	/*byte3*/SMS_VER_PER,
203	/*read_retry_count*/0,
204	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
205	/*recovery_time_limit*/{0, 0},
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK | SCP_NUAR,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_EWASC,
288	/*mrie*/SIEP_MRIE_NO,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 1}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/SIEP_FLAGS_EWASC | SIEP_FLAGS_DEXCPT | SIEP_FLAGS_TEST |
297	    SIEP_FLAGS_LOGERR,
298	/*mrie*/0x0f,
299	/*interval_timer*/{0xff, 0xff, 0xff, 0xff},
300	/*report_count*/{0xff, 0xff, 0xff, 0xff}
301};
302
303#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
304
305const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
306	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
307	/*subpage_code*/0x02,
308	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
309	/*flags*/0,
310	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311	/*descr*/{}},
312	{{/*flags*/0,
313	  /*resource*/0x01,
314	  /*reserved*/{0, 0},
315	  /*count*/{0, 0, 0, 0}},
316	 {/*flags*/0,
317	  /*resource*/0x02,
318	  /*reserved*/{0, 0},
319	  /*count*/{0, 0, 0, 0}},
320	 {/*flags*/0,
321	  /*resource*/0xf1,
322	  /*reserved*/{0, 0},
323	  /*count*/{0, 0, 0, 0}},
324	 {/*flags*/0,
325	  /*resource*/0xf2,
326	  /*reserved*/{0, 0},
327	  /*count*/{0, 0, 0, 0}}
328	}
329};
330
331const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
332	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
333	/*subpage_code*/0x02,
334	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
335	/*flags*/SLBPP_SITUA,
336	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
337	/*descr*/{}},
338	{{/*flags*/0,
339	  /*resource*/0,
340	  /*reserved*/{0, 0},
341	  /*count*/{0, 0, 0, 0}},
342	 {/*flags*/0,
343	  /*resource*/0,
344	  /*reserved*/{0, 0},
345	  /*count*/{0, 0, 0, 0}},
346	 {/*flags*/0,
347	  /*resource*/0,
348	  /*reserved*/{0, 0},
349	  /*count*/{0, 0, 0, 0}},
350	 {/*flags*/0,
351	  /*resource*/0,
352	  /*reserved*/{0, 0},
353	  /*count*/{0, 0, 0, 0}}
354	}
355};
356
357const static struct scsi_cddvd_capabilities_page cddvd_page_default = {
358	/*page_code*/SMS_CDDVD_CAPS_PAGE,
359	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
360	/*caps1*/0x3f,
361	/*caps2*/0x00,
362	/*caps3*/0xf0,
363	/*caps4*/0x00,
364	/*caps5*/0x29,
365	/*caps6*/0x00,
366	/*obsolete*/{0, 0},
367	/*nvol_levels*/{0, 0},
368	/*buffer_size*/{8, 0},
369	/*obsolete2*/{0, 0},
370	/*reserved*/0,
371	/*digital*/0,
372	/*obsolete3*/0,
373	/*copy_management*/0,
374	/*reserved2*/0,
375	/*rotation_control*/0,
376	/*cur_write_speed*/0,
377	/*num_speed_descr*/0,
378};
379
380const static struct scsi_cddvd_capabilities_page cddvd_page_changeable = {
381	/*page_code*/SMS_CDDVD_CAPS_PAGE,
382	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
383	/*caps1*/0,
384	/*caps2*/0,
385	/*caps3*/0,
386	/*caps4*/0,
387	/*caps5*/0,
388	/*caps6*/0,
389	/*obsolete*/{0, 0},
390	/*nvol_levels*/{0, 0},
391	/*buffer_size*/{0, 0},
392	/*obsolete2*/{0, 0},
393	/*reserved*/0,
394	/*digital*/0,
395	/*obsolete3*/0,
396	/*copy_management*/0,
397	/*reserved2*/0,
398	/*rotation_control*/0,
399	/*cur_write_speed*/0,
400	/*num_speed_descr*/0,
401};
402
403SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
404static int worker_threads = -1;
405TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
406SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
407    &worker_threads, 1, "Number of worker threads");
408static int ctl_debug = CTL_DEBUG_NONE;
409TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
410SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
411    &ctl_debug, 0, "Enabled debug flags");
412
413/*
414 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
415 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
416 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
417 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
418 */
419#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
420
421static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
422				  int param);
423static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
424static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
425static int ctl_init(void);
426void ctl_shutdown(void);
427static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
428static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
429static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
430static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
431			      struct ctl_ooa *ooa_hdr,
432			      struct ctl_ooa_entry *kern_entries);
433static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
434		     struct thread *td);
435static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
436			 struct ctl_be_lun *be_lun);
437static int ctl_free_lun(struct ctl_lun *lun);
438static void ctl_create_lun(struct ctl_be_lun *be_lun);
439static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
440
441static int ctl_do_mode_select(union ctl_io *io);
442static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
443			   uint64_t res_key, uint64_t sa_res_key,
444			   uint8_t type, uint32_t residx,
445			   struct ctl_scsiio *ctsio,
446			   struct scsi_per_res_out *cdb,
447			   struct scsi_per_res_out_parms* param);
448static void ctl_pro_preempt_other(struct ctl_lun *lun,
449				  union ctl_ha_msg *msg);
450static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
451static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
452static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
453static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
454static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
455static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
456static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
457					 int alloc_len);
458static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
459					 int alloc_len);
460static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
461static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
462static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
463static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
464static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
465static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
466    bool seq);
467static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
468static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
469    union ctl_io *pending_io, union ctl_io *ooa_io);
470static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
471				union ctl_io *starting_io);
472static int ctl_check_blocked(struct ctl_lun *lun);
473static int ctl_scsiio_lun_check(struct ctl_lun *lun,
474				const struct ctl_cmd_entry *entry,
475				struct ctl_scsiio *ctsio);
476static void ctl_failover_lun(union ctl_io *io);
477static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
478			       struct ctl_scsiio *ctsio);
479static int ctl_scsiio(struct ctl_scsiio *ctsio);
480
481static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
482static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
483			    ctl_ua_type ua_type);
484static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
485			 ctl_ua_type ua_type);
486static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
487static int ctl_abort_task(union ctl_io *io);
488static int ctl_abort_task_set(union ctl_io *io);
489static int ctl_query_task(union ctl_io *io, int task_set);
490static int ctl_i_t_nexus_reset(union ctl_io *io);
491static int ctl_query_async_event(union ctl_io *io);
492static void ctl_run_task(union ctl_io *io);
493#ifdef CTL_IO_DELAY
494static void ctl_datamove_timer_wakeup(void *arg);
495static void ctl_done_timer_wakeup(void *arg);
496#endif /* CTL_IO_DELAY */
497
498static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
499static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
500static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
501static void ctl_datamove_remote_write(union ctl_io *io);
502static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
503static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
504static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
505static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
506				    ctl_ha_dt_cb callback);
507static void ctl_datamove_remote_read(union ctl_io *io);
508static void ctl_datamove_remote(union ctl_io *io);
509static void ctl_process_done(union ctl_io *io);
510static void ctl_lun_thread(void *arg);
511static void ctl_thresh_thread(void *arg);
512static void ctl_work_thread(void *arg);
513static void ctl_enqueue_incoming(union ctl_io *io);
514static void ctl_enqueue_rtr(union ctl_io *io);
515static void ctl_enqueue_done(union ctl_io *io);
516static void ctl_enqueue_isc(union ctl_io *io);
517static const struct ctl_cmd_entry *
518    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
519static const struct ctl_cmd_entry *
520    ctl_validate_command(struct ctl_scsiio *ctsio);
521static int ctl_cmd_applicable(uint8_t lun_type,
522    const struct ctl_cmd_entry *entry);
523
524static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
525static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
526static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
527static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
528
529/*
530 * Load the serialization table.  This isn't very pretty, but is probably
531 * the easiest way to do it.
532 */
533#include "ctl_ser_table.c"
534
535/*
536 * We only need to define open, close and ioctl routines for this driver.
537 */
538static struct cdevsw ctl_cdevsw = {
539	.d_version =	D_VERSION,
540	.d_flags =	0,
541	.d_open =	ctl_open,
542	.d_close =	ctl_close,
543	.d_ioctl =	ctl_ioctl,
544	.d_name =	"ctl",
545};
546
547
548MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
549
550static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
551
552static moduledata_t ctl_moduledata = {
553	"ctl",
554	ctl_module_event_handler,
555	NULL
556};
557
558DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
559MODULE_VERSION(ctl, 1);
560
561static struct ctl_frontend ha_frontend =
562{
563	.name = "ha",
564};
565
566static void
567ctl_ha_datamove(union ctl_io *io)
568{
569	struct ctl_lun *lun;
570	struct ctl_sg_entry *sgl;
571	union ctl_ha_msg msg;
572	uint32_t sg_entries_sent;
573	int do_sg_copy, i, j;
574
575	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
576	memset(&msg.dt, 0, sizeof(msg.dt));
577	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
578	msg.hdr.original_sc = io->io_hdr.original_sc;
579	msg.hdr.serializing_sc = io;
580	msg.hdr.nexus = io->io_hdr.nexus;
581	msg.hdr.status = io->io_hdr.status;
582	msg.dt.flags = io->io_hdr.flags;
583
584	/*
585	 * We convert everything into a S/G list here.  We can't
586	 * pass by reference, only by value between controllers.
587	 * So we can't pass a pointer to the S/G list, only as many
588	 * S/G entries as we can fit in here.  If it's possible for
589	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
590	 * then we need to break this up into multiple transfers.
591	 */
592	if (io->scsiio.kern_sg_entries == 0) {
593		msg.dt.kern_sg_entries = 1;
594#if 0
595		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
596			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
597		} else {
598			/* XXX KDM use busdma here! */
599			msg.dt.sg_list[0].addr =
600			    (void *)vtophys(io->scsiio.kern_data_ptr);
601		}
602#else
603		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
604		    ("HA does not support BUS_ADDR"));
605		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
606#endif
607		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
608		do_sg_copy = 0;
609	} else {
610		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
611		do_sg_copy = 1;
612	}
613
614	msg.dt.kern_data_len = io->scsiio.kern_data_len;
615	msg.dt.kern_total_len = io->scsiio.kern_total_len;
616	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
617	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
618	msg.dt.sg_sequence = 0;
619
620	/*
621	 * Loop until we've sent all of the S/G entries.  On the
622	 * other end, we'll recompose these S/G entries into one
623	 * contiguous list before processing.
624	 */
625	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
626	    msg.dt.sg_sequence++) {
627		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
628		    sizeof(msg.dt.sg_list[0])),
629		    msg.dt.kern_sg_entries - sg_entries_sent);
630		if (do_sg_copy != 0) {
631			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
632			for (i = sg_entries_sent, j = 0;
633			     i < msg.dt.cur_sg_entries; i++, j++) {
634#if 0
635				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
636					msg.dt.sg_list[j].addr = sgl[i].addr;
637				} else {
638					/* XXX KDM use busdma here! */
639					msg.dt.sg_list[j].addr =
640					    (void *)vtophys(sgl[i].addr);
641				}
642#else
643				KASSERT((io->io_hdr.flags &
644				    CTL_FLAG_BUS_ADDR) == 0,
645				    ("HA does not support BUS_ADDR"));
646				msg.dt.sg_list[j].addr = sgl[i].addr;
647#endif
648				msg.dt.sg_list[j].len = sgl[i].len;
649			}
650		}
651
652		sg_entries_sent += msg.dt.cur_sg_entries;
653		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
654		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
655		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
656		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
657		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
658			io->io_hdr.port_status = 31341;
659			io->scsiio.be_move_done(io);
660			return;
661		}
662		msg.dt.sent_sg_entries = sg_entries_sent;
663	}
664
665	/*
666	 * Officially handover the request from us to peer.
667	 * If failover has just happened, then we must return error.
668	 * If failover happen just after, then it is not our problem.
669	 */
670	if (lun)
671		mtx_lock(&lun->lun_lock);
672	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
673		if (lun)
674			mtx_unlock(&lun->lun_lock);
675		io->io_hdr.port_status = 31342;
676		io->scsiio.be_move_done(io);
677		return;
678	}
679	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
680	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
681	if (lun)
682		mtx_unlock(&lun->lun_lock);
683}
684
685static void
686ctl_ha_done(union ctl_io *io)
687{
688	union ctl_ha_msg msg;
689
690	if (io->io_hdr.io_type == CTL_IO_SCSI) {
691		memset(&msg, 0, sizeof(msg));
692		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
693		msg.hdr.original_sc = io->io_hdr.original_sc;
694		msg.hdr.nexus = io->io_hdr.nexus;
695		msg.hdr.status = io->io_hdr.status;
696		msg.scsi.scsi_status = io->scsiio.scsi_status;
697		msg.scsi.tag_num = io->scsiio.tag_num;
698		msg.scsi.tag_type = io->scsiio.tag_type;
699		msg.scsi.sense_len = io->scsiio.sense_len;
700		msg.scsi.sense_residual = io->scsiio.sense_residual;
701		msg.scsi.residual = io->scsiio.residual;
702		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
703		    io->scsiio.sense_len);
704		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
705		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
706		    msg.scsi.sense_len, M_WAITOK);
707	}
708	ctl_free_io(io);
709}
710
711static void
712ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
713			    union ctl_ha_msg *msg_info)
714{
715	struct ctl_scsiio *ctsio;
716
717	if (msg_info->hdr.original_sc == NULL) {
718		printf("%s: original_sc == NULL!\n", __func__);
719		/* XXX KDM now what? */
720		return;
721	}
722
723	ctsio = &msg_info->hdr.original_sc->scsiio;
724	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
725	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
726	ctsio->io_hdr.status = msg_info->hdr.status;
727	ctsio->scsi_status = msg_info->scsi.scsi_status;
728	ctsio->sense_len = msg_info->scsi.sense_len;
729	ctsio->sense_residual = msg_info->scsi.sense_residual;
730	ctsio->residual = msg_info->scsi.residual;
731	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
732	       msg_info->scsi.sense_len);
733	ctl_enqueue_isc((union ctl_io *)ctsio);
734}
735
736static void
737ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
738				union ctl_ha_msg *msg_info)
739{
740	struct ctl_scsiio *ctsio;
741
742	if (msg_info->hdr.serializing_sc == NULL) {
743		printf("%s: serializing_sc == NULL!\n", __func__);
744		/* XXX KDM now what? */
745		return;
746	}
747
748	ctsio = &msg_info->hdr.serializing_sc->scsiio;
749	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
750	ctl_enqueue_isc((union ctl_io *)ctsio);
751}
752
753void
754ctl_isc_announce_lun(struct ctl_lun *lun)
755{
756	struct ctl_softc *softc = lun->ctl_softc;
757	union ctl_ha_msg *msg;
758	struct ctl_ha_msg_lun_pr_key pr_key;
759	int i, k;
760
761	if (softc->ha_link != CTL_HA_LINK_ONLINE)
762		return;
763	mtx_lock(&lun->lun_lock);
764	i = sizeof(msg->lun);
765	if (lun->lun_devid)
766		i += lun->lun_devid->len;
767	i += sizeof(pr_key) * lun->pr_key_count;
768alloc:
769	mtx_unlock(&lun->lun_lock);
770	msg = malloc(i, M_CTL, M_WAITOK);
771	mtx_lock(&lun->lun_lock);
772	k = sizeof(msg->lun);
773	if (lun->lun_devid)
774		k += lun->lun_devid->len;
775	k += sizeof(pr_key) * lun->pr_key_count;
776	if (i < k) {
777		free(msg, M_CTL);
778		i = k;
779		goto alloc;
780	}
781	bzero(&msg->lun, sizeof(msg->lun));
782	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
783	msg->hdr.nexus.targ_lun = lun->lun;
784	msg->hdr.nexus.targ_mapped_lun = lun->lun;
785	msg->lun.flags = lun->flags;
786	msg->lun.pr_generation = lun->pr_generation;
787	msg->lun.pr_res_idx = lun->pr_res_idx;
788	msg->lun.pr_res_type = lun->pr_res_type;
789	msg->lun.pr_key_count = lun->pr_key_count;
790	i = 0;
791	if (lun->lun_devid) {
792		msg->lun.lun_devid_len = lun->lun_devid->len;
793		memcpy(&msg->lun.data[i], lun->lun_devid->data,
794		    msg->lun.lun_devid_len);
795		i += msg->lun.lun_devid_len;
796	}
797	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
798		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
799			continue;
800		pr_key.pr_iid = k;
801		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
802		i += sizeof(pr_key);
803	}
804	mtx_unlock(&lun->lun_lock);
805	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
806	    M_WAITOK);
807	free(msg, M_CTL);
808
809	if (lun->flags & CTL_LUN_PRIMARY_SC) {
810		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
811			ctl_isc_announce_mode(lun, -1,
812			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
813			    lun->mode_pages.index[i].subpage);
814		}
815	}
816}
817
818void
819ctl_isc_announce_port(struct ctl_port *port)
820{
821	struct ctl_softc *softc = port->ctl_softc;
822	union ctl_ha_msg *msg;
823	int i;
824
825	if (port->targ_port < softc->port_min ||
826	    port->targ_port >= softc->port_max ||
827	    softc->ha_link != CTL_HA_LINK_ONLINE)
828		return;
829	i = sizeof(msg->port) + strlen(port->port_name) + 1;
830	if (port->lun_map)
831		i += sizeof(uint32_t) * CTL_MAX_LUNS;
832	if (port->port_devid)
833		i += port->port_devid->len;
834	if (port->target_devid)
835		i += port->target_devid->len;
836	if (port->init_devid)
837		i += port->init_devid->len;
838	msg = malloc(i, M_CTL, M_WAITOK);
839	bzero(&msg->port, sizeof(msg->port));
840	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
841	msg->hdr.nexus.targ_port = port->targ_port;
842	msg->port.port_type = port->port_type;
843	msg->port.physical_port = port->physical_port;
844	msg->port.virtual_port = port->virtual_port;
845	msg->port.status = port->status;
846	i = 0;
847	msg->port.name_len = sprintf(&msg->port.data[i],
848	    "%d:%s", softc->ha_id, port->port_name) + 1;
849	i += msg->port.name_len;
850	if (port->lun_map) {
851		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
852		memcpy(&msg->port.data[i], port->lun_map,
853		    msg->port.lun_map_len);
854		i += msg->port.lun_map_len;
855	}
856	if (port->port_devid) {
857		msg->port.port_devid_len = port->port_devid->len;
858		memcpy(&msg->port.data[i], port->port_devid->data,
859		    msg->port.port_devid_len);
860		i += msg->port.port_devid_len;
861	}
862	if (port->target_devid) {
863		msg->port.target_devid_len = port->target_devid->len;
864		memcpy(&msg->port.data[i], port->target_devid->data,
865		    msg->port.target_devid_len);
866		i += msg->port.target_devid_len;
867	}
868	if (port->init_devid) {
869		msg->port.init_devid_len = port->init_devid->len;
870		memcpy(&msg->port.data[i], port->init_devid->data,
871		    msg->port.init_devid_len);
872		i += msg->port.init_devid_len;
873	}
874	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
875	    M_WAITOK);
876	free(msg, M_CTL);
877}
878
879void
880ctl_isc_announce_iid(struct ctl_port *port, int iid)
881{
882	struct ctl_softc *softc = port->ctl_softc;
883	union ctl_ha_msg *msg;
884	int i, l;
885
886	if (port->targ_port < softc->port_min ||
887	    port->targ_port >= softc->port_max ||
888	    softc->ha_link != CTL_HA_LINK_ONLINE)
889		return;
890	mtx_lock(&softc->ctl_lock);
891	i = sizeof(msg->iid);
892	l = 0;
893	if (port->wwpn_iid[iid].name)
894		l = strlen(port->wwpn_iid[iid].name) + 1;
895	i += l;
896	msg = malloc(i, M_CTL, M_NOWAIT);
897	if (msg == NULL) {
898		mtx_unlock(&softc->ctl_lock);
899		return;
900	}
901	bzero(&msg->iid, sizeof(msg->iid));
902	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
903	msg->hdr.nexus.targ_port = port->targ_port;
904	msg->hdr.nexus.initid = iid;
905	msg->iid.in_use = port->wwpn_iid[iid].in_use;
906	msg->iid.name_len = l;
907	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
908	if (port->wwpn_iid[iid].name)
909		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
910	mtx_unlock(&softc->ctl_lock);
911	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
912	free(msg, M_CTL);
913}
914
915void
916ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
917    uint8_t page, uint8_t subpage)
918{
919	struct ctl_softc *softc = lun->ctl_softc;
920	union ctl_ha_msg msg;
921	u_int i;
922
923	if (softc->ha_link != CTL_HA_LINK_ONLINE)
924		return;
925	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
926		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
927		    page && lun->mode_pages.index[i].subpage == subpage)
928			break;
929	}
930	if (i == CTL_NUM_MODE_PAGES)
931		return;
932
933	/* Don't try to replicate pages not present on this device. */
934	if (lun->mode_pages.index[i].page_data == NULL)
935		return;
936
937	bzero(&msg.mode, sizeof(msg.mode));
938	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
939	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
940	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
941	msg.hdr.nexus.targ_lun = lun->lun;
942	msg.hdr.nexus.targ_mapped_lun = lun->lun;
943	msg.mode.page_code = page;
944	msg.mode.subpage = subpage;
945	msg.mode.page_len = lun->mode_pages.index[i].page_len;
946	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
947	    msg.mode.page_len);
948	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
949	    M_WAITOK);
950}
951
952static void
953ctl_isc_ha_link_up(struct ctl_softc *softc)
954{
955	struct ctl_port *port;
956	struct ctl_lun *lun;
957	union ctl_ha_msg msg;
958	int i;
959
960	/* Announce this node parameters to peer for validation. */
961	msg.login.msg_type = CTL_MSG_LOGIN;
962	msg.login.version = CTL_HA_VERSION;
963	msg.login.ha_mode = softc->ha_mode;
964	msg.login.ha_id = softc->ha_id;
965	msg.login.max_luns = CTL_MAX_LUNS;
966	msg.login.max_ports = CTL_MAX_PORTS;
967	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
968	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
969	    M_WAITOK);
970
971	STAILQ_FOREACH(port, &softc->port_list, links) {
972		ctl_isc_announce_port(port);
973		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
974			if (port->wwpn_iid[i].in_use)
975				ctl_isc_announce_iid(port, i);
976		}
977	}
978	STAILQ_FOREACH(lun, &softc->lun_list, links)
979		ctl_isc_announce_lun(lun);
980}
981
982static void
983ctl_isc_ha_link_down(struct ctl_softc *softc)
984{
985	struct ctl_port *port;
986	struct ctl_lun *lun;
987	union ctl_io *io;
988	int i;
989
990	mtx_lock(&softc->ctl_lock);
991	STAILQ_FOREACH(lun, &softc->lun_list, links) {
992		mtx_lock(&lun->lun_lock);
993		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
994			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
995			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
996		}
997		mtx_unlock(&lun->lun_lock);
998
999		mtx_unlock(&softc->ctl_lock);
1000		io = ctl_alloc_io(softc->othersc_pool);
1001		mtx_lock(&softc->ctl_lock);
1002		ctl_zero_io(io);
1003		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
1004		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
1005		ctl_enqueue_isc(io);
1006	}
1007
1008	STAILQ_FOREACH(port, &softc->port_list, links) {
1009		if (port->targ_port >= softc->port_min &&
1010		    port->targ_port < softc->port_max)
1011			continue;
1012		port->status &= ~CTL_PORT_STATUS_ONLINE;
1013		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1014			port->wwpn_iid[i].in_use = 0;
1015			free(port->wwpn_iid[i].name, M_CTL);
1016			port->wwpn_iid[i].name = NULL;
1017		}
1018	}
1019	mtx_unlock(&softc->ctl_lock);
1020}
1021
1022static void
1023ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1024{
1025	struct ctl_lun *lun;
1026	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
1027
1028	mtx_lock(&softc->ctl_lock);
1029	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
1030	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
1031		mtx_lock(&lun->lun_lock);
1032		mtx_unlock(&softc->ctl_lock);
1033		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
1034		    msg->ua.ua_set)
1035			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
1036		if (msg->ua.ua_all) {
1037			if (msg->ua.ua_set)
1038				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
1039			else
1040				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
1041		} else {
1042			if (msg->ua.ua_set)
1043				ctl_est_ua(lun, iid, msg->ua.ua_type);
1044			else
1045				ctl_clr_ua(lun, iid, msg->ua.ua_type);
1046		}
1047		mtx_unlock(&lun->lun_lock);
1048	} else
1049		mtx_unlock(&softc->ctl_lock);
1050}
1051
1052static void
1053ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1054{
1055	struct ctl_lun *lun;
1056	struct ctl_ha_msg_lun_pr_key pr_key;
1057	int i, k;
1058	ctl_lun_flags oflags;
1059	uint32_t targ_lun;
1060
1061	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1062	mtx_lock(&softc->ctl_lock);
1063	if ((targ_lun >= CTL_MAX_LUNS) ||
1064	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1065		mtx_unlock(&softc->ctl_lock);
1066		return;
1067	}
1068	mtx_lock(&lun->lun_lock);
1069	mtx_unlock(&softc->ctl_lock);
1070	if (lun->flags & CTL_LUN_DISABLED) {
1071		mtx_unlock(&lun->lun_lock);
1072		return;
1073	}
1074	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1075	if (msg->lun.lun_devid_len != i || (i > 0 &&
1076	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1077		mtx_unlock(&lun->lun_lock);
1078		printf("%s: Received conflicting HA LUN %d\n",
1079		    __func__, msg->hdr.nexus.targ_lun);
1080		return;
1081	} else {
1082		/* Record whether peer is primary. */
1083		oflags = lun->flags;
1084		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1085		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1086			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1087		else
1088			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1089		if (oflags != lun->flags)
1090			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1091
1092		/* If peer is primary and we are not -- use data */
1093		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1094		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1095			lun->pr_generation = msg->lun.pr_generation;
1096			lun->pr_res_idx = msg->lun.pr_res_idx;
1097			lun->pr_res_type = msg->lun.pr_res_type;
1098			lun->pr_key_count = msg->lun.pr_key_count;
1099			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1100				ctl_clr_prkey(lun, k);
1101			for (k = 0; k < msg->lun.pr_key_count; k++) {
1102				memcpy(&pr_key, &msg->lun.data[i],
1103				    sizeof(pr_key));
1104				ctl_alloc_prkey(lun, pr_key.pr_iid);
1105				ctl_set_prkey(lun, pr_key.pr_iid,
1106				    pr_key.pr_key);
1107				i += sizeof(pr_key);
1108			}
1109		}
1110
1111		mtx_unlock(&lun->lun_lock);
1112		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1113		    __func__, msg->hdr.nexus.targ_lun,
1114		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1115		    "primary" : "secondary"));
1116
1117		/* If we are primary but peer doesn't know -- notify */
1118		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1119		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1120			ctl_isc_announce_lun(lun);
1121	}
1122}
1123
1124static void
1125ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1126{
1127	struct ctl_port *port;
1128	struct ctl_lun *lun;
1129	int i, new;
1130
1131	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1132	if (port == NULL) {
1133		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1134		    msg->hdr.nexus.targ_port));
1135		new = 1;
1136		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1137		port->frontend = &ha_frontend;
1138		port->targ_port = msg->hdr.nexus.targ_port;
1139		port->fe_datamove = ctl_ha_datamove;
1140		port->fe_done = ctl_ha_done;
1141	} else if (port->frontend == &ha_frontend) {
1142		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1143		    msg->hdr.nexus.targ_port));
1144		new = 0;
1145	} else {
1146		printf("%s: Received conflicting HA port %d\n",
1147		    __func__, msg->hdr.nexus.targ_port);
1148		return;
1149	}
1150	port->port_type = msg->port.port_type;
1151	port->physical_port = msg->port.physical_port;
1152	port->virtual_port = msg->port.virtual_port;
1153	port->status = msg->port.status;
1154	i = 0;
1155	free(port->port_name, M_CTL);
1156	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1157	    M_CTL);
1158	i += msg->port.name_len;
1159	if (msg->port.lun_map_len != 0) {
1160		if (port->lun_map == NULL)
1161			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1162			    M_CTL, M_WAITOK);
1163		memcpy(port->lun_map, &msg->port.data[i],
1164		    sizeof(uint32_t) * CTL_MAX_LUNS);
1165		i += msg->port.lun_map_len;
1166	} else {
1167		free(port->lun_map, M_CTL);
1168		port->lun_map = NULL;
1169	}
1170	if (msg->port.port_devid_len != 0) {
1171		if (port->port_devid == NULL ||
1172		    port->port_devid->len != msg->port.port_devid_len) {
1173			free(port->port_devid, M_CTL);
1174			port->port_devid = malloc(sizeof(struct ctl_devid) +
1175			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1176		}
1177		memcpy(port->port_devid->data, &msg->port.data[i],
1178		    msg->port.port_devid_len);
1179		port->port_devid->len = msg->port.port_devid_len;
1180		i += msg->port.port_devid_len;
1181	} else {
1182		free(port->port_devid, M_CTL);
1183		port->port_devid = NULL;
1184	}
1185	if (msg->port.target_devid_len != 0) {
1186		if (port->target_devid == NULL ||
1187		    port->target_devid->len != msg->port.target_devid_len) {
1188			free(port->target_devid, M_CTL);
1189			port->target_devid = malloc(sizeof(struct ctl_devid) +
1190			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1191		}
1192		memcpy(port->target_devid->data, &msg->port.data[i],
1193		    msg->port.target_devid_len);
1194		port->target_devid->len = msg->port.target_devid_len;
1195		i += msg->port.target_devid_len;
1196	} else {
1197		free(port->target_devid, M_CTL);
1198		port->target_devid = NULL;
1199	}
1200	if (msg->port.init_devid_len != 0) {
1201		if (port->init_devid == NULL ||
1202		    port->init_devid->len != msg->port.init_devid_len) {
1203			free(port->init_devid, M_CTL);
1204			port->init_devid = malloc(sizeof(struct ctl_devid) +
1205			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1206		}
1207		memcpy(port->init_devid->data, &msg->port.data[i],
1208		    msg->port.init_devid_len);
1209		port->init_devid->len = msg->port.init_devid_len;
1210		i += msg->port.init_devid_len;
1211	} else {
1212		free(port->init_devid, M_CTL);
1213		port->init_devid = NULL;
1214	}
1215	if (new) {
1216		if (ctl_port_register(port) != 0) {
1217			printf("%s: ctl_port_register() failed with error\n",
1218			    __func__);
1219		}
1220	}
1221	mtx_lock(&softc->ctl_lock);
1222	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1223		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1224			continue;
1225		mtx_lock(&lun->lun_lock);
1226		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1227		mtx_unlock(&lun->lun_lock);
1228	}
1229	mtx_unlock(&softc->ctl_lock);
1230}
1231
1232static void
1233ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1234{
1235	struct ctl_port *port;
1236	int iid;
1237
1238	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1239	if (port == NULL) {
1240		printf("%s: Received IID for unknown port %d\n",
1241		    __func__, msg->hdr.nexus.targ_port);
1242		return;
1243	}
1244	iid = msg->hdr.nexus.initid;
1245	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1246	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1247	free(port->wwpn_iid[iid].name, M_CTL);
1248	if (msg->iid.name_len) {
1249		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1250		    msg->iid.name_len, M_CTL);
1251	} else
1252		port->wwpn_iid[iid].name = NULL;
1253}
1254
1255static void
1256ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1257{
1258
1259	if (msg->login.version != CTL_HA_VERSION) {
1260		printf("CTL HA peers have different versions %d != %d\n",
1261		    msg->login.version, CTL_HA_VERSION);
1262		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1263		return;
1264	}
1265	if (msg->login.ha_mode != softc->ha_mode) {
1266		printf("CTL HA peers have different ha_mode %d != %d\n",
1267		    msg->login.ha_mode, softc->ha_mode);
1268		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1269		return;
1270	}
1271	if (msg->login.ha_id == softc->ha_id) {
1272		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1273		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1274		return;
1275	}
1276	if (msg->login.max_luns != CTL_MAX_LUNS ||
1277	    msg->login.max_ports != CTL_MAX_PORTS ||
1278	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1279		printf("CTL HA peers have different limits\n");
1280		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1281		return;
1282	}
1283}
1284
1285static void
1286ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1287{
1288	struct ctl_lun *lun;
1289	u_int i;
1290	uint32_t initidx, targ_lun;
1291
1292	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1293	mtx_lock(&softc->ctl_lock);
1294	if ((targ_lun >= CTL_MAX_LUNS) ||
1295	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1296		mtx_unlock(&softc->ctl_lock);
1297		return;
1298	}
1299	mtx_lock(&lun->lun_lock);
1300	mtx_unlock(&softc->ctl_lock);
1301	if (lun->flags & CTL_LUN_DISABLED) {
1302		mtx_unlock(&lun->lun_lock);
1303		return;
1304	}
1305	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1306		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1307		    msg->mode.page_code &&
1308		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1309			break;
1310	}
1311	if (i == CTL_NUM_MODE_PAGES) {
1312		mtx_unlock(&lun->lun_lock);
1313		return;
1314	}
1315	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1316	    lun->mode_pages.index[i].page_len);
1317	initidx = ctl_get_initindex(&msg->hdr.nexus);
1318	if (initidx != -1)
1319		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1320	mtx_unlock(&lun->lun_lock);
1321}
1322
1323/*
1324 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1325 * subsystem come in here.
1326 */
1327static void
1328ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1329{
1330	struct ctl_softc *softc = control_softc;
1331	union ctl_io *io;
1332	struct ctl_prio *presio;
1333	ctl_ha_status isc_status;
1334
1335	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1336	if (event == CTL_HA_EVT_MSG_RECV) {
1337		union ctl_ha_msg *msg, msgbuf;
1338
1339		if (param > sizeof(msgbuf))
1340			msg = malloc(param, M_CTL, M_WAITOK);
1341		else
1342			msg = &msgbuf;
1343		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1344		    M_WAITOK);
1345		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1346			printf("%s: Error receiving message: %d\n",
1347			    __func__, isc_status);
1348			if (msg != &msgbuf)
1349				free(msg, M_CTL);
1350			return;
1351		}
1352
1353		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1354		switch (msg->hdr.msg_type) {
1355		case CTL_MSG_SERIALIZE:
1356			io = ctl_alloc_io(softc->othersc_pool);
1357			ctl_zero_io(io);
1358			// populate ctsio from msg
1359			io->io_hdr.io_type = CTL_IO_SCSI;
1360			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1361			io->io_hdr.original_sc = msg->hdr.original_sc;
1362			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1363					    CTL_FLAG_IO_ACTIVE;
1364			/*
1365			 * If we're in serialization-only mode, we don't
1366			 * want to go through full done processing.  Thus
1367			 * the COPY flag.
1368			 *
1369			 * XXX KDM add another flag that is more specific.
1370			 */
1371			if (softc->ha_mode != CTL_HA_MODE_XFER)
1372				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1373			io->io_hdr.nexus = msg->hdr.nexus;
1374#if 0
1375			printf("port %u, iid %u, lun %u\n",
1376			       io->io_hdr.nexus.targ_port,
1377			       io->io_hdr.nexus.initid,
1378			       io->io_hdr.nexus.targ_lun);
1379#endif
1380			io->scsiio.tag_num = msg->scsi.tag_num;
1381			io->scsiio.tag_type = msg->scsi.tag_type;
1382#ifdef CTL_TIME_IO
1383			io->io_hdr.start_time = time_uptime;
1384			getbinuptime(&io->io_hdr.start_bt);
1385#endif /* CTL_TIME_IO */
1386			io->scsiio.cdb_len = msg->scsi.cdb_len;
1387			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1388			       CTL_MAX_CDBLEN);
1389			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1390				const struct ctl_cmd_entry *entry;
1391
1392				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1393				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1394				io->io_hdr.flags |=
1395					entry->flags & CTL_FLAG_DATA_MASK;
1396			}
1397			ctl_enqueue_isc(io);
1398			break;
1399
1400		/* Performed on the Originating SC, XFER mode only */
1401		case CTL_MSG_DATAMOVE: {
1402			struct ctl_sg_entry *sgl;
1403			int i, j;
1404
1405			io = msg->hdr.original_sc;
1406			if (io == NULL) {
1407				printf("%s: original_sc == NULL!\n", __func__);
1408				/* XXX KDM do something here */
1409				break;
1410			}
1411			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1412			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1413			/*
1414			 * Keep track of this, we need to send it back over
1415			 * when the datamove is complete.
1416			 */
1417			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1418			if (msg->hdr.status == CTL_SUCCESS)
1419				io->io_hdr.status = msg->hdr.status;
1420
1421			if (msg->dt.sg_sequence == 0) {
1422#ifdef CTL_TIME_IO
1423				getbinuptime(&io->io_hdr.dma_start_bt);
1424#endif
1425				i = msg->dt.kern_sg_entries +
1426				    msg->dt.kern_data_len /
1427				    CTL_HA_DATAMOVE_SEGMENT + 1;
1428				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1429				    M_WAITOK | M_ZERO);
1430				io->io_hdr.remote_sglist = sgl;
1431				io->io_hdr.local_sglist =
1432				    &sgl[msg->dt.kern_sg_entries];
1433
1434				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1435
1436				io->scsiio.kern_sg_entries =
1437					msg->dt.kern_sg_entries;
1438				io->scsiio.rem_sg_entries =
1439					msg->dt.kern_sg_entries;
1440				io->scsiio.kern_data_len =
1441					msg->dt.kern_data_len;
1442				io->scsiio.kern_total_len =
1443					msg->dt.kern_total_len;
1444				io->scsiio.kern_data_resid =
1445					msg->dt.kern_data_resid;
1446				io->scsiio.kern_rel_offset =
1447					msg->dt.kern_rel_offset;
1448				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1449				io->io_hdr.flags |= msg->dt.flags &
1450				    CTL_FLAG_BUS_ADDR;
1451			} else
1452				sgl = (struct ctl_sg_entry *)
1453					io->scsiio.kern_data_ptr;
1454
1455			for (i = msg->dt.sent_sg_entries, j = 0;
1456			     i < (msg->dt.sent_sg_entries +
1457			     msg->dt.cur_sg_entries); i++, j++) {
1458				sgl[i].addr = msg->dt.sg_list[j].addr;
1459				sgl[i].len = msg->dt.sg_list[j].len;
1460
1461#if 0
1462				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1463				    __func__, sgl[i].addr, sgl[i].len, j, i);
1464#endif
1465			}
1466
1467			/*
1468			 * If this is the last piece of the I/O, we've got
1469			 * the full S/G list.  Queue processing in the thread.
1470			 * Otherwise wait for the next piece.
1471			 */
1472			if (msg->dt.sg_last != 0)
1473				ctl_enqueue_isc(io);
1474			break;
1475		}
1476		/* Performed on the Serializing (primary) SC, XFER mode only */
1477		case CTL_MSG_DATAMOVE_DONE: {
1478			if (msg->hdr.serializing_sc == NULL) {
1479				printf("%s: serializing_sc == NULL!\n",
1480				       __func__);
1481				/* XXX KDM now what? */
1482				break;
1483			}
1484			/*
1485			 * We grab the sense information here in case
1486			 * there was a failure, so we can return status
1487			 * back to the initiator.
1488			 */
1489			io = msg->hdr.serializing_sc;
1490			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1491			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1492			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1493			io->io_hdr.port_status = msg->scsi.fetd_status;
1494			io->scsiio.residual = msg->scsi.residual;
1495			if (msg->hdr.status != CTL_STATUS_NONE) {
1496				io->io_hdr.status = msg->hdr.status;
1497				io->scsiio.scsi_status = msg->scsi.scsi_status;
1498				io->scsiio.sense_len = msg->scsi.sense_len;
1499				io->scsiio.sense_residual =msg->scsi.sense_residual;
1500				memcpy(&io->scsiio.sense_data,
1501				    &msg->scsi.sense_data,
1502				    msg->scsi.sense_len);
1503				if (msg->hdr.status == CTL_SUCCESS)
1504					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1505			}
1506			ctl_enqueue_isc(io);
1507			break;
1508		}
1509
1510		/* Preformed on Originating SC, SER_ONLY mode */
1511		case CTL_MSG_R2R:
1512			io = msg->hdr.original_sc;
1513			if (io == NULL) {
1514				printf("%s: original_sc == NULL!\n",
1515				    __func__);
1516				break;
1517			}
1518			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1519			io->io_hdr.msg_type = CTL_MSG_R2R;
1520			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1521			ctl_enqueue_isc(io);
1522			break;
1523
1524		/*
1525		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1526		 * mode.
1527		 * Performed on the Originating (i.e. secondary) SC in XFER
1528		 * mode
1529		 */
1530		case CTL_MSG_FINISH_IO:
1531			if (softc->ha_mode == CTL_HA_MODE_XFER)
1532				ctl_isc_handler_finish_xfer(softc, msg);
1533			else
1534				ctl_isc_handler_finish_ser_only(softc, msg);
1535			break;
1536
1537		/* Preformed on Originating SC */
1538		case CTL_MSG_BAD_JUJU:
1539			io = msg->hdr.original_sc;
1540			if (io == NULL) {
1541				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1542				       __func__);
1543				break;
1544			}
1545			ctl_copy_sense_data(msg, io);
1546			/*
1547			 * IO should have already been cleaned up on other
1548			 * SC so clear this flag so we won't send a message
1549			 * back to finish the IO there.
1550			 */
1551			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1552			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1553
1554			/* io = msg->hdr.serializing_sc; */
1555			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1556			ctl_enqueue_isc(io);
1557			break;
1558
1559		/* Handle resets sent from the other side */
1560		case CTL_MSG_MANAGE_TASKS: {
1561			struct ctl_taskio *taskio;
1562			taskio = (struct ctl_taskio *)ctl_alloc_io(
1563			    softc->othersc_pool);
1564			ctl_zero_io((union ctl_io *)taskio);
1565			taskio->io_hdr.io_type = CTL_IO_TASK;
1566			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1567			taskio->io_hdr.nexus = msg->hdr.nexus;
1568			taskio->task_action = msg->task.task_action;
1569			taskio->tag_num = msg->task.tag_num;
1570			taskio->tag_type = msg->task.tag_type;
1571#ifdef CTL_TIME_IO
1572			taskio->io_hdr.start_time = time_uptime;
1573			getbinuptime(&taskio->io_hdr.start_bt);
1574#endif /* CTL_TIME_IO */
1575			ctl_run_task((union ctl_io *)taskio);
1576			break;
1577		}
1578		/* Persistent Reserve action which needs attention */
1579		case CTL_MSG_PERS_ACTION:
1580			presio = (struct ctl_prio *)ctl_alloc_io(
1581			    softc->othersc_pool);
1582			ctl_zero_io((union ctl_io *)presio);
1583			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1584			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1585			presio->io_hdr.nexus = msg->hdr.nexus;
1586			presio->pr_msg = msg->pr;
1587			ctl_enqueue_isc((union ctl_io *)presio);
1588			break;
1589		case CTL_MSG_UA:
1590			ctl_isc_ua(softc, msg, param);
1591			break;
1592		case CTL_MSG_PORT_SYNC:
1593			ctl_isc_port_sync(softc, msg, param);
1594			break;
1595		case CTL_MSG_LUN_SYNC:
1596			ctl_isc_lun_sync(softc, msg, param);
1597			break;
1598		case CTL_MSG_IID_SYNC:
1599			ctl_isc_iid_sync(softc, msg, param);
1600			break;
1601		case CTL_MSG_LOGIN:
1602			ctl_isc_login(softc, msg, param);
1603			break;
1604		case CTL_MSG_MODE_SYNC:
1605			ctl_isc_mode_sync(softc, msg, param);
1606			break;
1607		default:
1608			printf("Received HA message of unknown type %d\n",
1609			    msg->hdr.msg_type);
1610			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1611			break;
1612		}
1613		if (msg != &msgbuf)
1614			free(msg, M_CTL);
1615	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1616		printf("CTL: HA link status changed from %d to %d\n",
1617		    softc->ha_link, param);
1618		if (param == softc->ha_link)
1619			return;
1620		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1621			softc->ha_link = param;
1622			ctl_isc_ha_link_down(softc);
1623		} else {
1624			softc->ha_link = param;
1625			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1626				ctl_isc_ha_link_up(softc);
1627		}
1628		return;
1629	} else {
1630		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1631		return;
1632	}
1633}
1634
1635static void
1636ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1637{
1638
1639	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1640	    src->scsi.sense_len);
1641	dest->scsiio.scsi_status = src->scsi.scsi_status;
1642	dest->scsiio.sense_len = src->scsi.sense_len;
1643	dest->io_hdr.status = src->hdr.status;
1644}
1645
1646static void
1647ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1648{
1649
1650	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1651	    src->scsiio.sense_len);
1652	dest->scsi.scsi_status = src->scsiio.scsi_status;
1653	dest->scsi.sense_len = src->scsiio.sense_len;
1654	dest->hdr.status = src->io_hdr.status;
1655}
1656
1657void
1658ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1659{
1660	struct ctl_softc *softc = lun->ctl_softc;
1661	ctl_ua_type *pu;
1662
1663	if (initidx < softc->init_min || initidx >= softc->init_max)
1664		return;
1665	mtx_assert(&lun->lun_lock, MA_OWNED);
1666	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1667	if (pu == NULL)
1668		return;
1669	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1670}
1671
1672void
1673ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1674{
1675	int i;
1676
1677	mtx_assert(&lun->lun_lock, MA_OWNED);
1678	if (lun->pending_ua[port] == NULL)
1679		return;
1680	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1681		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1682			continue;
1683		lun->pending_ua[port][i] |= ua;
1684	}
1685}
1686
1687void
1688ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1689{
1690	struct ctl_softc *softc = lun->ctl_softc;
1691	int i;
1692
1693	mtx_assert(&lun->lun_lock, MA_OWNED);
1694	for (i = softc->port_min; i < softc->port_max; i++)
1695		ctl_est_ua_port(lun, i, except, ua);
1696}
1697
1698void
1699ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1700{
1701	struct ctl_softc *softc = lun->ctl_softc;
1702	ctl_ua_type *pu;
1703
1704	if (initidx < softc->init_min || initidx >= softc->init_max)
1705		return;
1706	mtx_assert(&lun->lun_lock, MA_OWNED);
1707	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1708	if (pu == NULL)
1709		return;
1710	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1711}
1712
1713void
1714ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1715{
1716	struct ctl_softc *softc = lun->ctl_softc;
1717	int i, j;
1718
1719	mtx_assert(&lun->lun_lock, MA_OWNED);
1720	for (i = softc->port_min; i < softc->port_max; i++) {
1721		if (lun->pending_ua[i] == NULL)
1722			continue;
1723		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1724			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1725				continue;
1726			lun->pending_ua[i][j] &= ~ua;
1727		}
1728	}
1729}
1730
1731void
1732ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1733    ctl_ua_type ua_type)
1734{
1735	struct ctl_lun *lun;
1736
1737	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1738	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1739		mtx_lock(&lun->lun_lock);
1740		ctl_clr_ua(lun, initidx, ua_type);
1741		mtx_unlock(&lun->lun_lock);
1742	}
1743}
1744
1745static int
1746ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1747{
1748	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1749	struct ctl_lun *lun;
1750	struct ctl_lun_req ireq;
1751	int error, value;
1752
1753	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1754	error = sysctl_handle_int(oidp, &value, 0, req);
1755	if ((error != 0) || (req->newptr == NULL))
1756		return (error);
1757
1758	mtx_lock(&softc->ctl_lock);
1759	if (value == 0)
1760		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1761	else
1762		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1763	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1764		mtx_unlock(&softc->ctl_lock);
1765		bzero(&ireq, sizeof(ireq));
1766		ireq.reqtype = CTL_LUNREQ_MODIFY;
1767		ireq.reqdata.modify.lun_id = lun->lun;
1768		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1769		    curthread);
1770		if (ireq.status != CTL_LUN_OK) {
1771			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1772			    __func__, ireq.status, ireq.error_str);
1773		}
1774		mtx_lock(&softc->ctl_lock);
1775	}
1776	mtx_unlock(&softc->ctl_lock);
1777	return (0);
1778}
1779
1780static int
1781ctl_init(void)
1782{
1783	struct make_dev_args args;
1784	struct ctl_softc *softc;
1785	void *other_pool;
1786	int i, error;
1787
1788	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1789			       M_WAITOK | M_ZERO);
1790
1791	make_dev_args_init(&args);
1792	args.mda_devsw = &ctl_cdevsw;
1793	args.mda_uid = UID_ROOT;
1794	args.mda_gid = GID_OPERATOR;
1795	args.mda_mode = 0600;
1796	args.mda_si_drv1 = softc;
1797	error = make_dev_s(&args, &softc->dev, "cam/ctl");
1798	if (error != 0) {
1799		free(control_softc, M_DEVBUF);
1800		return (error);
1801	}
1802
1803	sysctl_ctx_init(&softc->sysctl_ctx);
1804	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1805		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1806		CTLFLAG_RD, 0, "CAM Target Layer");
1807
1808	if (softc->sysctl_tree == NULL) {
1809		printf("%s: unable to allocate sysctl tree\n", __func__);
1810		destroy_dev(softc->dev);
1811		free(control_softc, M_DEVBUF);
1812		control_softc = NULL;
1813		return (ENOMEM);
1814	}
1815
1816	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1817	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1818	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1819	softc->flags = 0;
1820
1821	TUNABLE_INT_FETCH("kern.cam.ctl.ha_mode", (int *)&softc->ha_mode);
1822	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1823	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1824	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1825
1826	/*
1827	 * In Copan's HA scheme, the "master" and "slave" roles are
1828	 * figured out through the slot the controller is in.  Although it
1829	 * is an active/active system, someone has to be in charge.
1830	 */
1831	TUNABLE_INT_FETCH("kern.cam.ctl.ha_id", &softc->ha_id);
1832	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1833	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1834	    "HA head ID (0 - no HA)");
1835	if (softc->ha_id == 0 || softc->ha_id > NUM_HA_SHELVES) {
1836		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1837		softc->is_single = 1;
1838		softc->port_cnt = CTL_MAX_PORTS;
1839		softc->port_min = 0;
1840	} else {
1841		softc->port_cnt = CTL_MAX_PORTS / NUM_HA_SHELVES;
1842		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1843	}
1844	softc->port_max = softc->port_min + softc->port_cnt;
1845	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1846	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1847
1848	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1849	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1850	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1851
1852	STAILQ_INIT(&softc->lun_list);
1853	STAILQ_INIT(&softc->pending_lun_queue);
1854	STAILQ_INIT(&softc->fe_list);
1855	STAILQ_INIT(&softc->port_list);
1856	STAILQ_INIT(&softc->be_list);
1857	ctl_tpc_init(softc);
1858
1859	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1860	                    &other_pool) != 0)
1861	{
1862		printf("ctl: can't allocate %d entry other SC pool, "
1863		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1864		return (ENOMEM);
1865	}
1866	softc->othersc_pool = other_pool;
1867
1868	if (worker_threads <= 0)
1869		worker_threads = max(1, mp_ncpus / 4);
1870	if (worker_threads > CTL_MAX_THREADS)
1871		worker_threads = CTL_MAX_THREADS;
1872
1873	for (i = 0; i < worker_threads; i++) {
1874		struct ctl_thread *thr = &softc->threads[i];
1875
1876		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1877		thr->ctl_softc = softc;
1878		STAILQ_INIT(&thr->incoming_queue);
1879		STAILQ_INIT(&thr->rtr_queue);
1880		STAILQ_INIT(&thr->done_queue);
1881		STAILQ_INIT(&thr->isc_queue);
1882
1883		error = kproc_kthread_add(ctl_work_thread, thr,
1884		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1885		if (error != 0) {
1886			printf("error creating CTL work thread!\n");
1887			ctl_pool_free(other_pool);
1888			return (error);
1889		}
1890	}
1891	error = kproc_kthread_add(ctl_lun_thread, softc,
1892	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1893	if (error != 0) {
1894		printf("error creating CTL lun thread!\n");
1895		ctl_pool_free(other_pool);
1896		return (error);
1897	}
1898	error = kproc_kthread_add(ctl_thresh_thread, softc,
1899	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1900	if (error != 0) {
1901		printf("error creating CTL threshold thread!\n");
1902		ctl_pool_free(other_pool);
1903		return (error);
1904	}
1905
1906	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1907	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1908	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1909
1910	if (softc->is_single == 0) {
1911		ctl_frontend_register(&ha_frontend);
1912		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1913			printf("ctl_init: ctl_ha_msg_init failed.\n");
1914			softc->is_single = 1;
1915		} else
1916		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1917		    != CTL_HA_STATUS_SUCCESS) {
1918			printf("ctl_init: ctl_ha_msg_register failed.\n");
1919			softc->is_single = 1;
1920		}
1921	}
1922	return (0);
1923}
1924
1925void
1926ctl_shutdown(void)
1927{
1928	struct ctl_softc *softc = control_softc;
1929	struct ctl_lun *lun, *next_lun;
1930
1931	if (softc->is_single == 0) {
1932		ctl_ha_msg_shutdown(softc);
1933		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1934		    != CTL_HA_STATUS_SUCCESS)
1935			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1936		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1937			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1938		ctl_frontend_deregister(&ha_frontend);
1939	}
1940
1941	mtx_lock(&softc->ctl_lock);
1942
1943	STAILQ_FOREACH_SAFE(lun, &softc->lun_list, links, next_lun)
1944		ctl_free_lun(lun);
1945
1946	mtx_unlock(&softc->ctl_lock);
1947
1948#if 0
1949	ctl_shutdown_thread(softc->work_thread);
1950	mtx_destroy(&softc->queue_lock);
1951#endif
1952
1953	ctl_tpc_shutdown(softc);
1954	uma_zdestroy(softc->io_zone);
1955	mtx_destroy(&softc->ctl_lock);
1956
1957	destroy_dev(softc->dev);
1958
1959	sysctl_ctx_free(&softc->sysctl_ctx);
1960
1961	free(control_softc, M_DEVBUF);
1962	control_softc = NULL;
1963}
1964
1965static int
1966ctl_module_event_handler(module_t mod, int what, void *arg)
1967{
1968
1969	switch (what) {
1970	case MOD_LOAD:
1971		return (ctl_init());
1972	case MOD_UNLOAD:
1973		return (EBUSY);
1974	default:
1975		return (EOPNOTSUPP);
1976	}
1977}
1978
1979/*
1980 * XXX KDM should we do some access checks here?  Bump a reference count to
1981 * prevent a CTL module from being unloaded while someone has it open?
1982 */
1983static int
1984ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1985{
1986	return (0);
1987}
1988
1989static int
1990ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1991{
1992	return (0);
1993}
1994
1995/*
1996 * Remove an initiator by port number and initiator ID.
1997 * Returns 0 for success, -1 for failure.
1998 */
1999int
2000ctl_remove_initiator(struct ctl_port *port, int iid)
2001{
2002	struct ctl_softc *softc = port->ctl_softc;
2003
2004	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2005
2006	if (iid > CTL_MAX_INIT_PER_PORT) {
2007		printf("%s: initiator ID %u > maximun %u!\n",
2008		       __func__, iid, CTL_MAX_INIT_PER_PORT);
2009		return (-1);
2010	}
2011
2012	mtx_lock(&softc->ctl_lock);
2013	port->wwpn_iid[iid].in_use--;
2014	port->wwpn_iid[iid].last_use = time_uptime;
2015	mtx_unlock(&softc->ctl_lock);
2016	ctl_isc_announce_iid(port, iid);
2017
2018	return (0);
2019}
2020
2021/*
2022 * Add an initiator to the initiator map.
2023 * Returns iid for success, < 0 for failure.
2024 */
2025int
2026ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
2027{
2028	struct ctl_softc *softc = port->ctl_softc;
2029	time_t best_time;
2030	int i, best;
2031
2032	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2033
2034	if (iid >= CTL_MAX_INIT_PER_PORT) {
2035		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
2036		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
2037		free(name, M_CTL);
2038		return (-1);
2039	}
2040
2041	mtx_lock(&softc->ctl_lock);
2042
2043	if (iid < 0 && (wwpn != 0 || name != NULL)) {
2044		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2045			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
2046				iid = i;
2047				break;
2048			}
2049			if (name != NULL && port->wwpn_iid[i].name != NULL &&
2050			    strcmp(name, port->wwpn_iid[i].name) == 0) {
2051				iid = i;
2052				break;
2053			}
2054		}
2055	}
2056
2057	if (iid < 0) {
2058		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2059			if (port->wwpn_iid[i].in_use == 0 &&
2060			    port->wwpn_iid[i].wwpn == 0 &&
2061			    port->wwpn_iid[i].name == NULL) {
2062				iid = i;
2063				break;
2064			}
2065		}
2066	}
2067
2068	if (iid < 0) {
2069		best = -1;
2070		best_time = INT32_MAX;
2071		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2072			if (port->wwpn_iid[i].in_use == 0) {
2073				if (port->wwpn_iid[i].last_use < best_time) {
2074					best = i;
2075					best_time = port->wwpn_iid[i].last_use;
2076				}
2077			}
2078		}
2079		iid = best;
2080	}
2081
2082	if (iid < 0) {
2083		mtx_unlock(&softc->ctl_lock);
2084		free(name, M_CTL);
2085		return (-2);
2086	}
2087
2088	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2089		/*
2090		 * This is not an error yet.
2091		 */
2092		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2093#if 0
2094			printf("%s: port %d iid %u WWPN %#jx arrived"
2095			    " again\n", __func__, port->targ_port,
2096			    iid, (uintmax_t)wwpn);
2097#endif
2098			goto take;
2099		}
2100		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2101		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2102#if 0
2103			printf("%s: port %d iid %u name '%s' arrived"
2104			    " again\n", __func__, port->targ_port,
2105			    iid, name);
2106#endif
2107			goto take;
2108		}
2109
2110		/*
2111		 * This is an error, but what do we do about it?  The
2112		 * driver is telling us we have a new WWPN for this
2113		 * initiator ID, so we pretty much need to use it.
2114		 */
2115		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2116		    " but WWPN %#jx '%s' is still at that address\n",
2117		    __func__, port->targ_port, iid, wwpn, name,
2118		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2119		    port->wwpn_iid[iid].name);
2120
2121		/*
2122		 * XXX KDM clear have_ca and ua_pending on each LUN for
2123		 * this initiator.
2124		 */
2125	}
2126take:
2127	free(port->wwpn_iid[iid].name, M_CTL);
2128	port->wwpn_iid[iid].name = name;
2129	port->wwpn_iid[iid].wwpn = wwpn;
2130	port->wwpn_iid[iid].in_use++;
2131	mtx_unlock(&softc->ctl_lock);
2132	ctl_isc_announce_iid(port, iid);
2133
2134	return (iid);
2135}
2136
2137static int
2138ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2139{
2140	int len;
2141
2142	switch (port->port_type) {
2143	case CTL_PORT_FC:
2144	{
2145		struct scsi_transportid_fcp *id =
2146		    (struct scsi_transportid_fcp *)buf;
2147		if (port->wwpn_iid[iid].wwpn == 0)
2148			return (0);
2149		memset(id, 0, sizeof(*id));
2150		id->format_protocol = SCSI_PROTO_FC;
2151		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2152		return (sizeof(*id));
2153	}
2154	case CTL_PORT_ISCSI:
2155	{
2156		struct scsi_transportid_iscsi_port *id =
2157		    (struct scsi_transportid_iscsi_port *)buf;
2158		if (port->wwpn_iid[iid].name == NULL)
2159			return (0);
2160		memset(id, 0, 256);
2161		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2162		    SCSI_PROTO_ISCSI;
2163		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2164		len = roundup2(min(len, 252), 4);
2165		scsi_ulto2b(len, id->additional_length);
2166		return (sizeof(*id) + len);
2167	}
2168	case CTL_PORT_SAS:
2169	{
2170		struct scsi_transportid_sas *id =
2171		    (struct scsi_transportid_sas *)buf;
2172		if (port->wwpn_iid[iid].wwpn == 0)
2173			return (0);
2174		memset(id, 0, sizeof(*id));
2175		id->format_protocol = SCSI_PROTO_SAS;
2176		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2177		return (sizeof(*id));
2178	}
2179	default:
2180	{
2181		struct scsi_transportid_spi *id =
2182		    (struct scsi_transportid_spi *)buf;
2183		memset(id, 0, sizeof(*id));
2184		id->format_protocol = SCSI_PROTO_SPI;
2185		scsi_ulto2b(iid, id->scsi_addr);
2186		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2187		return (sizeof(*id));
2188	}
2189	}
2190}
2191
2192/*
2193 * Serialize a command that went down the "wrong" side, and so was sent to
2194 * this controller for execution.  The logic is a little different than the
2195 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2196 * sent back to the other side, but in the success case, we execute the
2197 * command on this side (XFER mode) or tell the other side to execute it
2198 * (SER_ONLY mode).
2199 */
2200static int
2201ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2202{
2203	struct ctl_softc *softc = control_softc;
2204	union ctl_ha_msg msg_info;
2205	struct ctl_port *port;
2206	struct ctl_lun *lun;
2207	const struct ctl_cmd_entry *entry;
2208	int retval = 0;
2209	uint32_t targ_lun;
2210
2211	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2212	mtx_lock(&softc->ctl_lock);
2213
2214	/* Make sure that we know about this port. */
2215	port = ctl_io_port(&ctsio->io_hdr);
2216	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2217		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2218					 /*retry_count*/ 1);
2219		goto badjuju;
2220	}
2221
2222	/* Make sure that we know about this LUN. */
2223	if ((targ_lun < CTL_MAX_LUNS) &&
2224	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2225		mtx_lock(&lun->lun_lock);
2226		mtx_unlock(&softc->ctl_lock);
2227		/*
2228		 * If the LUN is invalid, pretend that it doesn't exist.
2229		 * It will go away as soon as all pending I/O has been
2230		 * completed.
2231		 */
2232		if (lun->flags & CTL_LUN_DISABLED) {
2233			mtx_unlock(&lun->lun_lock);
2234			lun = NULL;
2235		}
2236	} else {
2237		mtx_unlock(&softc->ctl_lock);
2238		lun = NULL;
2239	}
2240	if (lun == NULL) {
2241		/*
2242		 * The other node would not send this request to us unless
2243		 * received announce that we are primary node for this LUN.
2244		 * If this LUN does not exist now, it is probably result of
2245		 * a race, so respond to initiator in the most opaque way.
2246		 */
2247		ctl_set_busy(ctsio);
2248		goto badjuju;
2249	}
2250
2251	entry = ctl_get_cmd_entry(ctsio, NULL);
2252	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2253		mtx_unlock(&lun->lun_lock);
2254		goto badjuju;
2255	}
2256
2257	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2258	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2259
2260	/*
2261	 * Every I/O goes into the OOA queue for a
2262	 * particular LUN, and stays there until completion.
2263	 */
2264#ifdef CTL_TIME_IO
2265	if (TAILQ_EMPTY(&lun->ooa_queue))
2266		lun->idle_time += getsbinuptime() - lun->last_busy;
2267#endif
2268	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2269
2270	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2271		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2272		 ooa_links))) {
2273	case CTL_ACTION_BLOCK:
2274		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2275		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2276				  blocked_links);
2277		mtx_unlock(&lun->lun_lock);
2278		break;
2279	case CTL_ACTION_PASS:
2280	case CTL_ACTION_SKIP:
2281		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2282			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2283			ctl_enqueue_rtr((union ctl_io *)ctsio);
2284			mtx_unlock(&lun->lun_lock);
2285		} else {
2286			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2287			mtx_unlock(&lun->lun_lock);
2288
2289			/* send msg back to other side */
2290			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2291			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2292			msg_info.hdr.msg_type = CTL_MSG_R2R;
2293			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2294			    sizeof(msg_info.hdr), M_WAITOK);
2295		}
2296		break;
2297	case CTL_ACTION_OVERLAP:
2298		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2299		mtx_unlock(&lun->lun_lock);
2300		ctl_set_overlapped_cmd(ctsio);
2301		goto badjuju;
2302	case CTL_ACTION_OVERLAP_TAG:
2303		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2304		mtx_unlock(&lun->lun_lock);
2305		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2306		goto badjuju;
2307	case CTL_ACTION_ERROR:
2308	default:
2309		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2310		mtx_unlock(&lun->lun_lock);
2311
2312		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2313					 /*retry_count*/ 0);
2314badjuju:
2315		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2316		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2317		msg_info.hdr.serializing_sc = NULL;
2318		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2319		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2320		    sizeof(msg_info.scsi), M_WAITOK);
2321		retval = 1;
2322		break;
2323	}
2324	return (retval);
2325}
2326
2327/*
2328 * Returns 0 for success, errno for failure.
2329 */
2330static void
2331ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2332		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2333{
2334	union ctl_io *io;
2335
2336	mtx_lock(&lun->lun_lock);
2337	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2338	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2339	     ooa_links)) {
2340		struct ctl_ooa_entry *entry;
2341
2342		/*
2343		 * If we've got more than we can fit, just count the
2344		 * remaining entries.
2345		 */
2346		if (*cur_fill_num >= ooa_hdr->alloc_num)
2347			continue;
2348
2349		entry = &kern_entries[*cur_fill_num];
2350
2351		entry->tag_num = io->scsiio.tag_num;
2352		entry->lun_num = lun->lun;
2353#ifdef CTL_TIME_IO
2354		entry->start_bt = io->io_hdr.start_bt;
2355#endif
2356		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2357		entry->cdb_len = io->scsiio.cdb_len;
2358		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2359			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2360
2361		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2362			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2363
2364		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2365			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2366
2367		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2368			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2369
2370		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2371			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2372	}
2373	mtx_unlock(&lun->lun_lock);
2374}
2375
2376static void *
2377ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2378		 size_t error_str_len)
2379{
2380	void *kptr;
2381
2382	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2383
2384	if (copyin(user_addr, kptr, len) != 0) {
2385		snprintf(error_str, error_str_len, "Error copying %d bytes "
2386			 "from user address %p to kernel address %p", len,
2387			 user_addr, kptr);
2388		free(kptr, M_CTL);
2389		return (NULL);
2390	}
2391
2392	return (kptr);
2393}
2394
2395static void
2396ctl_free_args(int num_args, struct ctl_be_arg *args)
2397{
2398	int i;
2399
2400	if (args == NULL)
2401		return;
2402
2403	for (i = 0; i < num_args; i++) {
2404		free(args[i].kname, M_CTL);
2405		free(args[i].kvalue, M_CTL);
2406	}
2407
2408	free(args, M_CTL);
2409}
2410
2411static struct ctl_be_arg *
2412ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2413		char *error_str, size_t error_str_len)
2414{
2415	struct ctl_be_arg *args;
2416	int i;
2417
2418	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2419				error_str, error_str_len);
2420
2421	if (args == NULL)
2422		goto bailout;
2423
2424	for (i = 0; i < num_args; i++) {
2425		args[i].kname = NULL;
2426		args[i].kvalue = NULL;
2427	}
2428
2429	for (i = 0; i < num_args; i++) {
2430		uint8_t *tmpptr;
2431
2432		args[i].kname = ctl_copyin_alloc(args[i].name,
2433			args[i].namelen, error_str, error_str_len);
2434		if (args[i].kname == NULL)
2435			goto bailout;
2436
2437		if (args[i].kname[args[i].namelen - 1] != '\0') {
2438			snprintf(error_str, error_str_len, "Argument %d "
2439				 "name is not NUL-terminated", i);
2440			goto bailout;
2441		}
2442
2443		if (args[i].flags & CTL_BEARG_RD) {
2444			tmpptr = ctl_copyin_alloc(args[i].value,
2445				args[i].vallen, error_str, error_str_len);
2446			if (tmpptr == NULL)
2447				goto bailout;
2448			if ((args[i].flags & CTL_BEARG_ASCII)
2449			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2450				snprintf(error_str, error_str_len, "Argument "
2451				    "%d value is not NUL-terminated", i);
2452				free(tmpptr, M_CTL);
2453				goto bailout;
2454			}
2455			args[i].kvalue = tmpptr;
2456		} else {
2457			args[i].kvalue = malloc(args[i].vallen,
2458			    M_CTL, M_WAITOK | M_ZERO);
2459		}
2460	}
2461
2462	return (args);
2463bailout:
2464
2465	ctl_free_args(num_args, args);
2466
2467	return (NULL);
2468}
2469
2470static void
2471ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2472{
2473	int i;
2474
2475	for (i = 0; i < num_args; i++) {
2476		if (args[i].flags & CTL_BEARG_WR)
2477			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2478	}
2479}
2480
2481/*
2482 * Escape characters that are illegal or not recommended in XML.
2483 */
2484int
2485ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2486{
2487	char *end = str + size;
2488	int retval;
2489
2490	retval = 0;
2491
2492	for (; *str && str < end; str++) {
2493		switch (*str) {
2494		case '&':
2495			retval = sbuf_printf(sb, "&amp;");
2496			break;
2497		case '>':
2498			retval = sbuf_printf(sb, "&gt;");
2499			break;
2500		case '<':
2501			retval = sbuf_printf(sb, "&lt;");
2502			break;
2503		default:
2504			retval = sbuf_putc(sb, *str);
2505			break;
2506		}
2507
2508		if (retval != 0)
2509			break;
2510
2511	}
2512
2513	return (retval);
2514}
2515
2516static void
2517ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2518{
2519	struct scsi_vpd_id_descriptor *desc;
2520	int i;
2521
2522	if (id == NULL || id->len < 4)
2523		return;
2524	desc = (struct scsi_vpd_id_descriptor *)id->data;
2525	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2526	case SVPD_ID_TYPE_T10:
2527		sbuf_printf(sb, "t10.");
2528		break;
2529	case SVPD_ID_TYPE_EUI64:
2530		sbuf_printf(sb, "eui.");
2531		break;
2532	case SVPD_ID_TYPE_NAA:
2533		sbuf_printf(sb, "naa.");
2534		break;
2535	case SVPD_ID_TYPE_SCSI_NAME:
2536		break;
2537	}
2538	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2539	case SVPD_ID_CODESET_BINARY:
2540		for (i = 0; i < desc->length; i++)
2541			sbuf_printf(sb, "%02x", desc->identifier[i]);
2542		break;
2543	case SVPD_ID_CODESET_ASCII:
2544		sbuf_printf(sb, "%.*s", (int)desc->length,
2545		    (char *)desc->identifier);
2546		break;
2547	case SVPD_ID_CODESET_UTF8:
2548		sbuf_printf(sb, "%s", (char *)desc->identifier);
2549		break;
2550	}
2551}
2552
2553static int
2554ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2555	  struct thread *td)
2556{
2557	struct ctl_softc *softc = dev->si_drv1;
2558	struct ctl_lun *lun;
2559	int retval;
2560
2561	retval = 0;
2562
2563	switch (cmd) {
2564	case CTL_IO:
2565		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2566		break;
2567	case CTL_ENABLE_PORT:
2568	case CTL_DISABLE_PORT:
2569	case CTL_SET_PORT_WWNS: {
2570		struct ctl_port *port;
2571		struct ctl_port_entry *entry;
2572
2573		entry = (struct ctl_port_entry *)addr;
2574
2575		mtx_lock(&softc->ctl_lock);
2576		STAILQ_FOREACH(port, &softc->port_list, links) {
2577			int action, done;
2578
2579			if (port->targ_port < softc->port_min ||
2580			    port->targ_port >= softc->port_max)
2581				continue;
2582
2583			action = 0;
2584			done = 0;
2585			if ((entry->port_type == CTL_PORT_NONE)
2586			 && (entry->targ_port == port->targ_port)) {
2587				/*
2588				 * If the user only wants to enable or
2589				 * disable or set WWNs on a specific port,
2590				 * do the operation and we're done.
2591				 */
2592				action = 1;
2593				done = 1;
2594			} else if (entry->port_type & port->port_type) {
2595				/*
2596				 * Compare the user's type mask with the
2597				 * particular frontend type to see if we
2598				 * have a match.
2599				 */
2600				action = 1;
2601				done = 0;
2602
2603				/*
2604				 * Make sure the user isn't trying to set
2605				 * WWNs on multiple ports at the same time.
2606				 */
2607				if (cmd == CTL_SET_PORT_WWNS) {
2608					printf("%s: Can't set WWNs on "
2609					       "multiple ports\n", __func__);
2610					retval = EINVAL;
2611					break;
2612				}
2613			}
2614			if (action == 0)
2615				continue;
2616
2617			/*
2618			 * XXX KDM we have to drop the lock here, because
2619			 * the online/offline operations can potentially
2620			 * block.  We need to reference count the frontends
2621			 * so they can't go away,
2622			 */
2623			if (cmd == CTL_ENABLE_PORT) {
2624				mtx_unlock(&softc->ctl_lock);
2625				ctl_port_online(port);
2626				mtx_lock(&softc->ctl_lock);
2627			} else if (cmd == CTL_DISABLE_PORT) {
2628				mtx_unlock(&softc->ctl_lock);
2629				ctl_port_offline(port);
2630				mtx_lock(&softc->ctl_lock);
2631			} else if (cmd == CTL_SET_PORT_WWNS) {
2632				ctl_port_set_wwns(port,
2633				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2634				    1 : 0, entry->wwnn,
2635				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2636				    1 : 0, entry->wwpn);
2637			}
2638			if (done != 0)
2639				break;
2640		}
2641		mtx_unlock(&softc->ctl_lock);
2642		break;
2643	}
2644	case CTL_GET_OOA: {
2645		struct ctl_ooa *ooa_hdr;
2646		struct ctl_ooa_entry *entries;
2647		uint32_t cur_fill_num;
2648
2649		ooa_hdr = (struct ctl_ooa *)addr;
2650
2651		if ((ooa_hdr->alloc_len == 0)
2652		 || (ooa_hdr->alloc_num == 0)) {
2653			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2654			       "must be non-zero\n", __func__,
2655			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2656			retval = EINVAL;
2657			break;
2658		}
2659
2660		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2661		    sizeof(struct ctl_ooa_entry))) {
2662			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2663			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2664			       __func__, ooa_hdr->alloc_len,
2665			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2666			retval = EINVAL;
2667			break;
2668		}
2669
2670		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2671		if (entries == NULL) {
2672			printf("%s: could not allocate %d bytes for OOA "
2673			       "dump\n", __func__, ooa_hdr->alloc_len);
2674			retval = ENOMEM;
2675			break;
2676		}
2677
2678		mtx_lock(&softc->ctl_lock);
2679		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2680		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2681		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2682			mtx_unlock(&softc->ctl_lock);
2683			free(entries, M_CTL);
2684			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2685			       __func__, (uintmax_t)ooa_hdr->lun_num);
2686			retval = EINVAL;
2687			break;
2688		}
2689
2690		cur_fill_num = 0;
2691
2692		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2693			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2694				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2695				    ooa_hdr, entries);
2696			}
2697		} else {
2698			lun = softc->ctl_luns[ooa_hdr->lun_num];
2699			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2700			    entries);
2701		}
2702		mtx_unlock(&softc->ctl_lock);
2703
2704		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2705		ooa_hdr->fill_len = ooa_hdr->fill_num *
2706			sizeof(struct ctl_ooa_entry);
2707		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2708		if (retval != 0) {
2709			printf("%s: error copying out %d bytes for OOA dump\n",
2710			       __func__, ooa_hdr->fill_len);
2711		}
2712
2713		getbinuptime(&ooa_hdr->cur_bt);
2714
2715		if (cur_fill_num > ooa_hdr->alloc_num) {
2716			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2717			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2718		} else {
2719			ooa_hdr->dropped_num = 0;
2720			ooa_hdr->status = CTL_OOA_OK;
2721		}
2722
2723		free(entries, M_CTL);
2724		break;
2725	}
2726	case CTL_DELAY_IO: {
2727		struct ctl_io_delay_info *delay_info;
2728
2729		delay_info = (struct ctl_io_delay_info *)addr;
2730
2731#ifdef CTL_IO_DELAY
2732		mtx_lock(&softc->ctl_lock);
2733
2734		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2735		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2736			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2737		} else {
2738			lun = softc->ctl_luns[delay_info->lun_id];
2739			mtx_lock(&lun->lun_lock);
2740
2741			delay_info->status = CTL_DELAY_STATUS_OK;
2742
2743			switch (delay_info->delay_type) {
2744			case CTL_DELAY_TYPE_CONT:
2745				break;
2746			case CTL_DELAY_TYPE_ONESHOT:
2747				break;
2748			default:
2749				delay_info->status =
2750					CTL_DELAY_STATUS_INVALID_TYPE;
2751				break;
2752			}
2753
2754			switch (delay_info->delay_loc) {
2755			case CTL_DELAY_LOC_DATAMOVE:
2756				lun->delay_info.datamove_type =
2757					delay_info->delay_type;
2758				lun->delay_info.datamove_delay =
2759					delay_info->delay_secs;
2760				break;
2761			case CTL_DELAY_LOC_DONE:
2762				lun->delay_info.done_type =
2763					delay_info->delay_type;
2764				lun->delay_info.done_delay =
2765					delay_info->delay_secs;
2766				break;
2767			default:
2768				delay_info->status =
2769					CTL_DELAY_STATUS_INVALID_LOC;
2770				break;
2771			}
2772			mtx_unlock(&lun->lun_lock);
2773		}
2774
2775		mtx_unlock(&softc->ctl_lock);
2776#else
2777		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2778#endif /* CTL_IO_DELAY */
2779		break;
2780	}
2781	case CTL_GETSTATS: {
2782		struct ctl_stats *stats;
2783		int i;
2784
2785		stats = (struct ctl_stats *)addr;
2786
2787		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2788		     stats->alloc_len) {
2789			stats->status = CTL_SS_NEED_MORE_SPACE;
2790			stats->num_luns = softc->num_luns;
2791			break;
2792		}
2793		/*
2794		 * XXX KDM no locking here.  If the LUN list changes,
2795		 * things can blow up.
2796		 */
2797		i = 0;
2798		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2799			retval = copyout(&lun->stats, &stats->lun_stats[i++],
2800					 sizeof(lun->stats));
2801			if (retval != 0)
2802				break;
2803		}
2804		stats->num_luns = softc->num_luns;
2805		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2806				 softc->num_luns;
2807		stats->status = CTL_SS_OK;
2808#ifdef CTL_TIME_IO
2809		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2810#else
2811		stats->flags = CTL_STATS_FLAG_NONE;
2812#endif
2813		getnanouptime(&stats->timestamp);
2814		break;
2815	}
2816	case CTL_ERROR_INJECT: {
2817		struct ctl_error_desc *err_desc, *new_err_desc;
2818
2819		err_desc = (struct ctl_error_desc *)addr;
2820
2821		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2822				      M_WAITOK | M_ZERO);
2823		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2824
2825		mtx_lock(&softc->ctl_lock);
2826		lun = softc->ctl_luns[err_desc->lun_id];
2827		if (lun == NULL) {
2828			mtx_unlock(&softc->ctl_lock);
2829			free(new_err_desc, M_CTL);
2830			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2831			       __func__, (uintmax_t)err_desc->lun_id);
2832			retval = EINVAL;
2833			break;
2834		}
2835		mtx_lock(&lun->lun_lock);
2836		mtx_unlock(&softc->ctl_lock);
2837
2838		/*
2839		 * We could do some checking here to verify the validity
2840		 * of the request, but given the complexity of error
2841		 * injection requests, the checking logic would be fairly
2842		 * complex.
2843		 *
2844		 * For now, if the request is invalid, it just won't get
2845		 * executed and might get deleted.
2846		 */
2847		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2848
2849		/*
2850		 * XXX KDM check to make sure the serial number is unique,
2851		 * in case we somehow manage to wrap.  That shouldn't
2852		 * happen for a very long time, but it's the right thing to
2853		 * do.
2854		 */
2855		new_err_desc->serial = lun->error_serial;
2856		err_desc->serial = lun->error_serial;
2857		lun->error_serial++;
2858
2859		mtx_unlock(&lun->lun_lock);
2860		break;
2861	}
2862	case CTL_ERROR_INJECT_DELETE: {
2863		struct ctl_error_desc *delete_desc, *desc, *desc2;
2864		int delete_done;
2865
2866		delete_desc = (struct ctl_error_desc *)addr;
2867		delete_done = 0;
2868
2869		mtx_lock(&softc->ctl_lock);
2870		lun = softc->ctl_luns[delete_desc->lun_id];
2871		if (lun == NULL) {
2872			mtx_unlock(&softc->ctl_lock);
2873			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2874			       __func__, (uintmax_t)delete_desc->lun_id);
2875			retval = EINVAL;
2876			break;
2877		}
2878		mtx_lock(&lun->lun_lock);
2879		mtx_unlock(&softc->ctl_lock);
2880		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2881			if (desc->serial != delete_desc->serial)
2882				continue;
2883
2884			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2885				      links);
2886			free(desc, M_CTL);
2887			delete_done = 1;
2888		}
2889		mtx_unlock(&lun->lun_lock);
2890		if (delete_done == 0) {
2891			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2892			       "error serial %ju on LUN %u\n", __func__,
2893			       delete_desc->serial, delete_desc->lun_id);
2894			retval = EINVAL;
2895			break;
2896		}
2897		break;
2898	}
2899	case CTL_DUMP_STRUCTS: {
2900		int i, j, k;
2901		struct ctl_port *port;
2902		struct ctl_frontend *fe;
2903
2904		mtx_lock(&softc->ctl_lock);
2905		printf("CTL Persistent Reservation information start:\n");
2906		for (i = 0; i < CTL_MAX_LUNS; i++) {
2907			lun = softc->ctl_luns[i];
2908
2909			if ((lun == NULL)
2910			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2911				continue;
2912
2913			for (j = 0; j < CTL_MAX_PORTS; j++) {
2914				if (lun->pr_keys[j] == NULL)
2915					continue;
2916				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2917					if (lun->pr_keys[j][k] == 0)
2918						continue;
2919					printf("  LUN %d port %d iid %d key "
2920					       "%#jx\n", i, j, k,
2921					       (uintmax_t)lun->pr_keys[j][k]);
2922				}
2923			}
2924		}
2925		printf("CTL Persistent Reservation information end\n");
2926		printf("CTL Ports:\n");
2927		STAILQ_FOREACH(port, &softc->port_list, links) {
2928			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2929			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2930			       port->frontend->name, port->port_type,
2931			       port->physical_port, port->virtual_port,
2932			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2933			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2934				if (port->wwpn_iid[j].in_use == 0 &&
2935				    port->wwpn_iid[j].wwpn == 0 &&
2936				    port->wwpn_iid[j].name == NULL)
2937					continue;
2938
2939				printf("    iid %u use %d WWPN %#jx '%s'\n",
2940				    j, port->wwpn_iid[j].in_use,
2941				    (uintmax_t)port->wwpn_iid[j].wwpn,
2942				    port->wwpn_iid[j].name);
2943			}
2944		}
2945		printf("CTL Port information end\n");
2946		mtx_unlock(&softc->ctl_lock);
2947		/*
2948		 * XXX KDM calling this without a lock.  We'd likely want
2949		 * to drop the lock before calling the frontend's dump
2950		 * routine anyway.
2951		 */
2952		printf("CTL Frontends:\n");
2953		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2954			printf("  Frontend '%s'\n", fe->name);
2955			if (fe->fe_dump != NULL)
2956				fe->fe_dump();
2957		}
2958		printf("CTL Frontend information end\n");
2959		break;
2960	}
2961	case CTL_LUN_REQ: {
2962		struct ctl_lun_req *lun_req;
2963		struct ctl_backend_driver *backend;
2964
2965		lun_req = (struct ctl_lun_req *)addr;
2966
2967		backend = ctl_backend_find(lun_req->backend);
2968		if (backend == NULL) {
2969			lun_req->status = CTL_LUN_ERROR;
2970			snprintf(lun_req->error_str,
2971				 sizeof(lun_req->error_str),
2972				 "Backend \"%s\" not found.",
2973				 lun_req->backend);
2974			break;
2975		}
2976		if (lun_req->num_be_args > 0) {
2977			lun_req->kern_be_args = ctl_copyin_args(
2978				lun_req->num_be_args,
2979				lun_req->be_args,
2980				lun_req->error_str,
2981				sizeof(lun_req->error_str));
2982			if (lun_req->kern_be_args == NULL) {
2983				lun_req->status = CTL_LUN_ERROR;
2984				break;
2985			}
2986		}
2987
2988		retval = backend->ioctl(dev, cmd, addr, flag, td);
2989
2990		if (lun_req->num_be_args > 0) {
2991			ctl_copyout_args(lun_req->num_be_args,
2992				      lun_req->kern_be_args);
2993			ctl_free_args(lun_req->num_be_args,
2994				      lun_req->kern_be_args);
2995		}
2996		break;
2997	}
2998	case CTL_LUN_LIST: {
2999		struct sbuf *sb;
3000		struct ctl_lun_list *list;
3001		struct ctl_option *opt;
3002
3003		list = (struct ctl_lun_list *)addr;
3004
3005		/*
3006		 * Allocate a fixed length sbuf here, based on the length
3007		 * of the user's buffer.  We could allocate an auto-extending
3008		 * buffer, and then tell the user how much larger our
3009		 * amount of data is than his buffer, but that presents
3010		 * some problems:
3011		 *
3012		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3013		 *     we can't hold a lock while calling them with an
3014		 *     auto-extending buffer.
3015 		 *
3016		 * 2.  There is not currently a LUN reference counting
3017		 *     mechanism, outside of outstanding transactions on
3018		 *     the LUN's OOA queue.  So a LUN could go away on us
3019		 *     while we're getting the LUN number, backend-specific
3020		 *     information, etc.  Thus, given the way things
3021		 *     currently work, we need to hold the CTL lock while
3022		 *     grabbing LUN information.
3023		 *
3024		 * So, from the user's standpoint, the best thing to do is
3025		 * allocate what he thinks is a reasonable buffer length,
3026		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3027		 * double the buffer length and try again.  (And repeat
3028		 * that until he succeeds.)
3029		 */
3030		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3031		if (sb == NULL) {
3032			list->status = CTL_LUN_LIST_ERROR;
3033			snprintf(list->error_str, sizeof(list->error_str),
3034				 "Unable to allocate %d bytes for LUN list",
3035				 list->alloc_len);
3036			break;
3037		}
3038
3039		sbuf_printf(sb, "<ctllunlist>\n");
3040
3041		mtx_lock(&softc->ctl_lock);
3042		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3043			mtx_lock(&lun->lun_lock);
3044			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3045					     (uintmax_t)lun->lun);
3046
3047			/*
3048			 * Bail out as soon as we see that we've overfilled
3049			 * the buffer.
3050			 */
3051			if (retval != 0)
3052				break;
3053
3054			retval = sbuf_printf(sb, "\t<backend_type>%s"
3055					     "</backend_type>\n",
3056					     (lun->backend == NULL) ?  "none" :
3057					     lun->backend->name);
3058
3059			if (retval != 0)
3060				break;
3061
3062			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3063					     lun->be_lun->lun_type);
3064
3065			if (retval != 0)
3066				break;
3067
3068			if (lun->backend == NULL) {
3069				retval = sbuf_printf(sb, "</lun>\n");
3070				if (retval != 0)
3071					break;
3072				continue;
3073			}
3074
3075			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3076					     (lun->be_lun->maxlba > 0) ?
3077					     lun->be_lun->maxlba + 1 : 0);
3078
3079			if (retval != 0)
3080				break;
3081
3082			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3083					     lun->be_lun->blocksize);
3084
3085			if (retval != 0)
3086				break;
3087
3088			retval = sbuf_printf(sb, "\t<serial_number>");
3089
3090			if (retval != 0)
3091				break;
3092
3093			retval = ctl_sbuf_printf_esc(sb,
3094			    lun->be_lun->serial_num,
3095			    sizeof(lun->be_lun->serial_num));
3096
3097			if (retval != 0)
3098				break;
3099
3100			retval = sbuf_printf(sb, "</serial_number>\n");
3101
3102			if (retval != 0)
3103				break;
3104
3105			retval = sbuf_printf(sb, "\t<device_id>");
3106
3107			if (retval != 0)
3108				break;
3109
3110			retval = ctl_sbuf_printf_esc(sb,
3111			    lun->be_lun->device_id,
3112			    sizeof(lun->be_lun->device_id));
3113
3114			if (retval != 0)
3115				break;
3116
3117			retval = sbuf_printf(sb, "</device_id>\n");
3118
3119			if (retval != 0)
3120				break;
3121
3122			if (lun->backend->lun_info != NULL) {
3123				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3124				if (retval != 0)
3125					break;
3126			}
3127			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3128				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3129				    opt->name, opt->value, opt->name);
3130				if (retval != 0)
3131					break;
3132			}
3133
3134			retval = sbuf_printf(sb, "</lun>\n");
3135
3136			if (retval != 0)
3137				break;
3138			mtx_unlock(&lun->lun_lock);
3139		}
3140		if (lun != NULL)
3141			mtx_unlock(&lun->lun_lock);
3142		mtx_unlock(&softc->ctl_lock);
3143
3144		if ((retval != 0)
3145		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3146			retval = 0;
3147			sbuf_delete(sb);
3148			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3149			snprintf(list->error_str, sizeof(list->error_str),
3150				 "Out of space, %d bytes is too small",
3151				 list->alloc_len);
3152			break;
3153		}
3154
3155		sbuf_finish(sb);
3156
3157		retval = copyout(sbuf_data(sb), list->lun_xml,
3158				 sbuf_len(sb) + 1);
3159
3160		list->fill_len = sbuf_len(sb) + 1;
3161		list->status = CTL_LUN_LIST_OK;
3162		sbuf_delete(sb);
3163		break;
3164	}
3165	case CTL_ISCSI: {
3166		struct ctl_iscsi *ci;
3167		struct ctl_frontend *fe;
3168
3169		ci = (struct ctl_iscsi *)addr;
3170
3171		fe = ctl_frontend_find("iscsi");
3172		if (fe == NULL) {
3173			ci->status = CTL_ISCSI_ERROR;
3174			snprintf(ci->error_str, sizeof(ci->error_str),
3175			    "Frontend \"iscsi\" not found.");
3176			break;
3177		}
3178
3179		retval = fe->ioctl(dev, cmd, addr, flag, td);
3180		break;
3181	}
3182	case CTL_PORT_REQ: {
3183		struct ctl_req *req;
3184		struct ctl_frontend *fe;
3185
3186		req = (struct ctl_req *)addr;
3187
3188		fe = ctl_frontend_find(req->driver);
3189		if (fe == NULL) {
3190			req->status = CTL_LUN_ERROR;
3191			snprintf(req->error_str, sizeof(req->error_str),
3192			    "Frontend \"%s\" not found.", req->driver);
3193			break;
3194		}
3195		if (req->num_args > 0) {
3196			req->kern_args = ctl_copyin_args(req->num_args,
3197			    req->args, req->error_str, sizeof(req->error_str));
3198			if (req->kern_args == NULL) {
3199				req->status = CTL_LUN_ERROR;
3200				break;
3201			}
3202		}
3203
3204		if (fe->ioctl)
3205			retval = fe->ioctl(dev, cmd, addr, flag, td);
3206		else
3207			retval = ENODEV;
3208
3209		if (req->num_args > 0) {
3210			ctl_copyout_args(req->num_args, req->kern_args);
3211			ctl_free_args(req->num_args, req->kern_args);
3212		}
3213		break;
3214	}
3215	case CTL_PORT_LIST: {
3216		struct sbuf *sb;
3217		struct ctl_port *port;
3218		struct ctl_lun_list *list;
3219		struct ctl_option *opt;
3220		int j;
3221		uint32_t plun;
3222
3223		list = (struct ctl_lun_list *)addr;
3224
3225		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3226		if (sb == NULL) {
3227			list->status = CTL_LUN_LIST_ERROR;
3228			snprintf(list->error_str, sizeof(list->error_str),
3229				 "Unable to allocate %d bytes for LUN list",
3230				 list->alloc_len);
3231			break;
3232		}
3233
3234		sbuf_printf(sb, "<ctlportlist>\n");
3235
3236		mtx_lock(&softc->ctl_lock);
3237		STAILQ_FOREACH(port, &softc->port_list, links) {
3238			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3239					     (uintmax_t)port->targ_port);
3240
3241			/*
3242			 * Bail out as soon as we see that we've overfilled
3243			 * the buffer.
3244			 */
3245			if (retval != 0)
3246				break;
3247
3248			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3249			    "</frontend_type>\n", port->frontend->name);
3250			if (retval != 0)
3251				break;
3252
3253			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3254					     port->port_type);
3255			if (retval != 0)
3256				break;
3257
3258			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3259			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3260			if (retval != 0)
3261				break;
3262
3263			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3264			    port->port_name);
3265			if (retval != 0)
3266				break;
3267
3268			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3269			    port->physical_port);
3270			if (retval != 0)
3271				break;
3272
3273			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3274			    port->virtual_port);
3275			if (retval != 0)
3276				break;
3277
3278			if (port->target_devid != NULL) {
3279				sbuf_printf(sb, "\t<target>");
3280				ctl_id_sbuf(port->target_devid, sb);
3281				sbuf_printf(sb, "</target>\n");
3282			}
3283
3284			if (port->port_devid != NULL) {
3285				sbuf_printf(sb, "\t<port>");
3286				ctl_id_sbuf(port->port_devid, sb);
3287				sbuf_printf(sb, "</port>\n");
3288			}
3289
3290			if (port->port_info != NULL) {
3291				retval = port->port_info(port->onoff_arg, sb);
3292				if (retval != 0)
3293					break;
3294			}
3295			STAILQ_FOREACH(opt, &port->options, links) {
3296				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3297				    opt->name, opt->value, opt->name);
3298				if (retval != 0)
3299					break;
3300			}
3301
3302			if (port->lun_map != NULL) {
3303				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3304				for (j = 0; j < CTL_MAX_LUNS; j++) {
3305					plun = ctl_lun_map_from_port(port, j);
3306					if (plun >= CTL_MAX_LUNS)
3307						continue;
3308					sbuf_printf(sb,
3309					    "\t<lun id=\"%u\">%u</lun>\n",
3310					    j, plun);
3311				}
3312			}
3313
3314			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3315				if (port->wwpn_iid[j].in_use == 0 ||
3316				    (port->wwpn_iid[j].wwpn == 0 &&
3317				     port->wwpn_iid[j].name == NULL))
3318					continue;
3319
3320				if (port->wwpn_iid[j].name != NULL)
3321					retval = sbuf_printf(sb,
3322					    "\t<initiator id=\"%u\">%s</initiator>\n",
3323					    j, port->wwpn_iid[j].name);
3324				else
3325					retval = sbuf_printf(sb,
3326					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3327					    j, port->wwpn_iid[j].wwpn);
3328				if (retval != 0)
3329					break;
3330			}
3331			if (retval != 0)
3332				break;
3333
3334			retval = sbuf_printf(sb, "</targ_port>\n");
3335			if (retval != 0)
3336				break;
3337		}
3338		mtx_unlock(&softc->ctl_lock);
3339
3340		if ((retval != 0)
3341		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3342			retval = 0;
3343			sbuf_delete(sb);
3344			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3345			snprintf(list->error_str, sizeof(list->error_str),
3346				 "Out of space, %d bytes is too small",
3347				 list->alloc_len);
3348			break;
3349		}
3350
3351		sbuf_finish(sb);
3352
3353		retval = copyout(sbuf_data(sb), list->lun_xml,
3354				 sbuf_len(sb) + 1);
3355
3356		list->fill_len = sbuf_len(sb) + 1;
3357		list->status = CTL_LUN_LIST_OK;
3358		sbuf_delete(sb);
3359		break;
3360	}
3361	case CTL_LUN_MAP: {
3362		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3363		struct ctl_port *port;
3364
3365		mtx_lock(&softc->ctl_lock);
3366		if (lm->port < softc->port_min ||
3367		    lm->port >= softc->port_max ||
3368		    (port = softc->ctl_ports[lm->port]) == NULL) {
3369			mtx_unlock(&softc->ctl_lock);
3370			return (ENXIO);
3371		}
3372		if (port->status & CTL_PORT_STATUS_ONLINE) {
3373			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3374				if (ctl_lun_map_to_port(port, lun->lun) >=
3375				    CTL_MAX_LUNS)
3376					continue;
3377				mtx_lock(&lun->lun_lock);
3378				ctl_est_ua_port(lun, lm->port, -1,
3379				    CTL_UA_LUN_CHANGE);
3380				mtx_unlock(&lun->lun_lock);
3381			}
3382		}
3383		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3384		if (lm->plun < CTL_MAX_LUNS) {
3385			if (lm->lun == UINT32_MAX)
3386				retval = ctl_lun_map_unset(port, lm->plun);
3387			else if (lm->lun < CTL_MAX_LUNS &&
3388			    softc->ctl_luns[lm->lun] != NULL)
3389				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3390			else
3391				return (ENXIO);
3392		} else if (lm->plun == UINT32_MAX) {
3393			if (lm->lun == UINT32_MAX)
3394				retval = ctl_lun_map_deinit(port);
3395			else
3396				retval = ctl_lun_map_init(port);
3397		} else
3398			return (ENXIO);
3399		if (port->status & CTL_PORT_STATUS_ONLINE)
3400			ctl_isc_announce_port(port);
3401		break;
3402	}
3403	default: {
3404		/* XXX KDM should we fix this? */
3405#if 0
3406		struct ctl_backend_driver *backend;
3407		unsigned int type;
3408		int found;
3409
3410		found = 0;
3411
3412		/*
3413		 * We encode the backend type as the ioctl type for backend
3414		 * ioctls.  So parse it out here, and then search for a
3415		 * backend of this type.
3416		 */
3417		type = _IOC_TYPE(cmd);
3418
3419		STAILQ_FOREACH(backend, &softc->be_list, links) {
3420			if (backend->type == type) {
3421				found = 1;
3422				break;
3423			}
3424		}
3425		if (found == 0) {
3426			printf("ctl: unknown ioctl command %#lx or backend "
3427			       "%d\n", cmd, type);
3428			retval = EINVAL;
3429			break;
3430		}
3431		retval = backend->ioctl(dev, cmd, addr, flag, td);
3432#endif
3433		retval = ENOTTY;
3434		break;
3435	}
3436	}
3437	return (retval);
3438}
3439
3440uint32_t
3441ctl_get_initindex(struct ctl_nexus *nexus)
3442{
3443	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3444}
3445
3446int
3447ctl_lun_map_init(struct ctl_port *port)
3448{
3449	struct ctl_softc *softc = port->ctl_softc;
3450	struct ctl_lun *lun;
3451	uint32_t i;
3452
3453	if (port->lun_map == NULL)
3454		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3455		    M_CTL, M_NOWAIT);
3456	if (port->lun_map == NULL)
3457		return (ENOMEM);
3458	for (i = 0; i < CTL_MAX_LUNS; i++)
3459		port->lun_map[i] = UINT32_MAX;
3460	if (port->status & CTL_PORT_STATUS_ONLINE) {
3461		if (port->lun_disable != NULL) {
3462			STAILQ_FOREACH(lun, &softc->lun_list, links)
3463				port->lun_disable(port->targ_lun_arg, lun->lun);
3464		}
3465		ctl_isc_announce_port(port);
3466	}
3467	return (0);
3468}
3469
3470int
3471ctl_lun_map_deinit(struct ctl_port *port)
3472{
3473	struct ctl_softc *softc = port->ctl_softc;
3474	struct ctl_lun *lun;
3475
3476	if (port->lun_map == NULL)
3477		return (0);
3478	free(port->lun_map, M_CTL);
3479	port->lun_map = NULL;
3480	if (port->status & CTL_PORT_STATUS_ONLINE) {
3481		if (port->lun_enable != NULL) {
3482			STAILQ_FOREACH(lun, &softc->lun_list, links)
3483				port->lun_enable(port->targ_lun_arg, lun->lun);
3484		}
3485		ctl_isc_announce_port(port);
3486	}
3487	return (0);
3488}
3489
3490int
3491ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3492{
3493	int status;
3494	uint32_t old;
3495
3496	if (port->lun_map == NULL) {
3497		status = ctl_lun_map_init(port);
3498		if (status != 0)
3499			return (status);
3500	}
3501	old = port->lun_map[plun];
3502	port->lun_map[plun] = glun;
3503	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3504		if (port->lun_enable != NULL)
3505			port->lun_enable(port->targ_lun_arg, plun);
3506		ctl_isc_announce_port(port);
3507	}
3508	return (0);
3509}
3510
3511int
3512ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3513{
3514	uint32_t old;
3515
3516	if (port->lun_map == NULL)
3517		return (0);
3518	old = port->lun_map[plun];
3519	port->lun_map[plun] = UINT32_MAX;
3520	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3521		if (port->lun_disable != NULL)
3522			port->lun_disable(port->targ_lun_arg, plun);
3523		ctl_isc_announce_port(port);
3524	}
3525	return (0);
3526}
3527
3528uint32_t
3529ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3530{
3531
3532	if (port == NULL)
3533		return (UINT32_MAX);
3534	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3535		return (lun_id);
3536	return (port->lun_map[lun_id]);
3537}
3538
3539uint32_t
3540ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3541{
3542	uint32_t i;
3543
3544	if (port == NULL)
3545		return (UINT32_MAX);
3546	if (port->lun_map == NULL)
3547		return (lun_id);
3548	for (i = 0; i < CTL_MAX_LUNS; i++) {
3549		if (port->lun_map[i] == lun_id)
3550			return (i);
3551	}
3552	return (UINT32_MAX);
3553}
3554
3555uint32_t
3556ctl_decode_lun(uint64_t encoded)
3557{
3558	uint8_t lun[8];
3559	uint32_t result = 0xffffffff;
3560
3561	be64enc(lun, encoded);
3562	switch (lun[0] & RPL_LUNDATA_ATYP_MASK) {
3563	case RPL_LUNDATA_ATYP_PERIPH:
3564		if ((lun[0] & 0x3f) == 0 && lun[2] == 0 && lun[3] == 0 &&
3565		    lun[4] == 0 && lun[5] == 0 && lun[6] == 0 && lun[7] == 0)
3566			result = lun[1];
3567		break;
3568	case RPL_LUNDATA_ATYP_FLAT:
3569		if (lun[2] == 0 && lun[3] == 0 && lun[4] == 0 && lun[5] == 0 &&
3570		    lun[6] == 0 && lun[7] == 0)
3571			result = ((lun[0] & 0x3f) << 8) + lun[1];
3572		break;
3573	case RPL_LUNDATA_ATYP_EXTLUN:
3574		switch (lun[0] & RPL_LUNDATA_EXT_EAM_MASK) {
3575		case 0x02:
3576			switch (lun[0] & RPL_LUNDATA_EXT_LEN_MASK) {
3577			case 0x00:
3578				result = lun[1];
3579				break;
3580			case 0x10:
3581				result = (lun[1] << 16) + (lun[2] << 8) +
3582				    lun[3];
3583				break;
3584			case 0x20:
3585				if (lun[1] == 0 && lun[6] == 0 && lun[7] == 0)
3586					result = (lun[2] << 24) +
3587					    (lun[3] << 16) + (lun[4] << 8) +
3588					    lun[5];
3589				break;
3590			}
3591			break;
3592		case RPL_LUNDATA_EXT_EAM_NOT_SPEC:
3593			result = 0xffffffff;
3594			break;
3595		}
3596		break;
3597	}
3598	return (result);
3599}
3600
3601uint64_t
3602ctl_encode_lun(uint32_t decoded)
3603{
3604	uint64_t l = decoded;
3605
3606	if (l <= 0xff)
3607		return (((uint64_t)RPL_LUNDATA_ATYP_PERIPH << 56) | (l << 48));
3608	if (l <= 0x3fff)
3609		return (((uint64_t)RPL_LUNDATA_ATYP_FLAT << 56) | (l << 48));
3610	if (l <= 0xffffff)
3611		return (((uint64_t)(RPL_LUNDATA_ATYP_EXTLUN | 0x12) << 56) |
3612		    (l << 32));
3613	return ((((uint64_t)RPL_LUNDATA_ATYP_EXTLUN | 0x22) << 56) | (l << 16));
3614}
3615
3616static struct ctl_port *
3617ctl_io_port(struct ctl_io_hdr *io_hdr)
3618{
3619
3620	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3621}
3622
3623int
3624ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3625{
3626	int i;
3627
3628	for (i = first; i < last; i++) {
3629		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3630			return (i);
3631	}
3632	return (-1);
3633}
3634
3635int
3636ctl_set_mask(uint32_t *mask, uint32_t bit)
3637{
3638	uint32_t chunk, piece;
3639
3640	chunk = bit >> 5;
3641	piece = bit % (sizeof(uint32_t) * 8);
3642
3643	if ((mask[chunk] & (1 << piece)) != 0)
3644		return (-1);
3645	else
3646		mask[chunk] |= (1 << piece);
3647
3648	return (0);
3649}
3650
3651int
3652ctl_clear_mask(uint32_t *mask, uint32_t bit)
3653{
3654	uint32_t chunk, piece;
3655
3656	chunk = bit >> 5;
3657	piece = bit % (sizeof(uint32_t) * 8);
3658
3659	if ((mask[chunk] & (1 << piece)) == 0)
3660		return (-1);
3661	else
3662		mask[chunk] &= ~(1 << piece);
3663
3664	return (0);
3665}
3666
3667int
3668ctl_is_set(uint32_t *mask, uint32_t bit)
3669{
3670	uint32_t chunk, piece;
3671
3672	chunk = bit >> 5;
3673	piece = bit % (sizeof(uint32_t) * 8);
3674
3675	if ((mask[chunk] & (1 << piece)) == 0)
3676		return (0);
3677	else
3678		return (1);
3679}
3680
3681static uint64_t
3682ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3683{
3684	uint64_t *t;
3685
3686	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3687	if (t == NULL)
3688		return (0);
3689	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3690}
3691
3692static void
3693ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3694{
3695	uint64_t *t;
3696
3697	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3698	if (t == NULL)
3699		return;
3700	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3701}
3702
3703static void
3704ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3705{
3706	uint64_t *p;
3707	u_int i;
3708
3709	i = residx/CTL_MAX_INIT_PER_PORT;
3710	if (lun->pr_keys[i] != NULL)
3711		return;
3712	mtx_unlock(&lun->lun_lock);
3713	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3714	    M_WAITOK | M_ZERO);
3715	mtx_lock(&lun->lun_lock);
3716	if (lun->pr_keys[i] == NULL)
3717		lun->pr_keys[i] = p;
3718	else
3719		free(p, M_CTL);
3720}
3721
3722static void
3723ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3724{
3725	uint64_t *t;
3726
3727	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3728	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3729	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3730}
3731
3732/*
3733 * ctl_softc, pool_name, total_ctl_io are passed in.
3734 * npool is passed out.
3735 */
3736int
3737ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3738		uint32_t total_ctl_io, void **npool)
3739{
3740#ifdef IO_POOLS
3741	struct ctl_io_pool *pool;
3742
3743	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3744					    M_NOWAIT | M_ZERO);
3745	if (pool == NULL)
3746		return (ENOMEM);
3747
3748	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3749	pool->ctl_softc = ctl_softc;
3750	pool->zone = uma_zsecond_create(pool->name, NULL,
3751	    NULL, NULL, NULL, ctl_softc->io_zone);
3752	/* uma_prealloc(pool->zone, total_ctl_io); */
3753
3754	*npool = pool;
3755#else
3756	*npool = ctl_softc->io_zone;
3757#endif
3758	return (0);
3759}
3760
3761void
3762ctl_pool_free(struct ctl_io_pool *pool)
3763{
3764
3765	if (pool == NULL)
3766		return;
3767
3768#ifdef IO_POOLS
3769	uma_zdestroy(pool->zone);
3770	free(pool, M_CTL);
3771#endif
3772}
3773
3774union ctl_io *
3775ctl_alloc_io(void *pool_ref)
3776{
3777	union ctl_io *io;
3778#ifdef IO_POOLS
3779	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3780
3781	io = uma_zalloc(pool->zone, M_WAITOK);
3782#else
3783	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3784#endif
3785	if (io != NULL)
3786		io->io_hdr.pool = pool_ref;
3787	return (io);
3788}
3789
3790union ctl_io *
3791ctl_alloc_io_nowait(void *pool_ref)
3792{
3793	union ctl_io *io;
3794#ifdef IO_POOLS
3795	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3796
3797	io = uma_zalloc(pool->zone, M_NOWAIT);
3798#else
3799	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3800#endif
3801	if (io != NULL)
3802		io->io_hdr.pool = pool_ref;
3803	return (io);
3804}
3805
3806void
3807ctl_free_io(union ctl_io *io)
3808{
3809#ifdef IO_POOLS
3810	struct ctl_io_pool *pool;
3811#endif
3812
3813	if (io == NULL)
3814		return;
3815
3816#ifdef IO_POOLS
3817	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3818	uma_zfree(pool->zone, io);
3819#else
3820	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3821#endif
3822}
3823
3824void
3825ctl_zero_io(union ctl_io *io)
3826{
3827	void *pool_ref;
3828
3829	if (io == NULL)
3830		return;
3831
3832	/*
3833	 * May need to preserve linked list pointers at some point too.
3834	 */
3835	pool_ref = io->io_hdr.pool;
3836	memset(io, 0, sizeof(*io));
3837	io->io_hdr.pool = pool_ref;
3838}
3839
3840int
3841ctl_expand_number(const char *buf, uint64_t *num)
3842{
3843	char *endptr;
3844	uint64_t number;
3845	unsigned shift;
3846
3847	number = strtoq(buf, &endptr, 0);
3848
3849	switch (tolower((unsigned char)*endptr)) {
3850	case 'e':
3851		shift = 60;
3852		break;
3853	case 'p':
3854		shift = 50;
3855		break;
3856	case 't':
3857		shift = 40;
3858		break;
3859	case 'g':
3860		shift = 30;
3861		break;
3862	case 'm':
3863		shift = 20;
3864		break;
3865	case 'k':
3866		shift = 10;
3867		break;
3868	case 'b':
3869	case '\0': /* No unit. */
3870		*num = number;
3871		return (0);
3872	default:
3873		/* Unrecognized unit. */
3874		return (-1);
3875	}
3876
3877	if ((number << shift) >> shift != number) {
3878		/* Overflow */
3879		return (-1);
3880	}
3881	*num = number << shift;
3882	return (0);
3883}
3884
3885
3886/*
3887 * This routine could be used in the future to load default and/or saved
3888 * mode page parameters for a particuar lun.
3889 */
3890static int
3891ctl_init_page_index(struct ctl_lun *lun)
3892{
3893	int i, page_code;
3894	struct ctl_page_index *page_index;
3895	const char *value;
3896	uint64_t ival;
3897
3898	memcpy(&lun->mode_pages.index, page_index_template,
3899	       sizeof(page_index_template));
3900
3901	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3902
3903		page_index = &lun->mode_pages.index[i];
3904		if (lun->be_lun->lun_type == T_DIRECT &&
3905		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
3906			continue;
3907		if (lun->be_lun->lun_type == T_PROCESSOR &&
3908		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
3909			continue;
3910		if (lun->be_lun->lun_type == T_CDROM &&
3911		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
3912			continue;
3913
3914		page_code = page_index->page_code & SMPH_PC_MASK;
3915		switch (page_code) {
3916		case SMS_RW_ERROR_RECOVERY_PAGE: {
3917			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3918			    ("subpage %#x for page %#x is incorrect!",
3919			    page_index->subpage, page_code));
3920			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3921			       &rw_er_page_default,
3922			       sizeof(rw_er_page_default));
3923			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3924			       &rw_er_page_changeable,
3925			       sizeof(rw_er_page_changeable));
3926			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3927			       &rw_er_page_default,
3928			       sizeof(rw_er_page_default));
3929			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3930			       &rw_er_page_default,
3931			       sizeof(rw_er_page_default));
3932			page_index->page_data =
3933				(uint8_t *)lun->mode_pages.rw_er_page;
3934			break;
3935		}
3936		case SMS_FORMAT_DEVICE_PAGE: {
3937			struct scsi_format_page *format_page;
3938
3939			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3940			    ("subpage %#x for page %#x is incorrect!",
3941			    page_index->subpage, page_code));
3942
3943			/*
3944			 * Sectors per track are set above.  Bytes per
3945			 * sector need to be set here on a per-LUN basis.
3946			 */
3947			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3948			       &format_page_default,
3949			       sizeof(format_page_default));
3950			memcpy(&lun->mode_pages.format_page[
3951			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3952			       sizeof(format_page_changeable));
3953			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3954			       &format_page_default,
3955			       sizeof(format_page_default));
3956			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3957			       &format_page_default,
3958			       sizeof(format_page_default));
3959
3960			format_page = &lun->mode_pages.format_page[
3961				CTL_PAGE_CURRENT];
3962			scsi_ulto2b(lun->be_lun->blocksize,
3963				    format_page->bytes_per_sector);
3964
3965			format_page = &lun->mode_pages.format_page[
3966				CTL_PAGE_DEFAULT];
3967			scsi_ulto2b(lun->be_lun->blocksize,
3968				    format_page->bytes_per_sector);
3969
3970			format_page = &lun->mode_pages.format_page[
3971				CTL_PAGE_SAVED];
3972			scsi_ulto2b(lun->be_lun->blocksize,
3973				    format_page->bytes_per_sector);
3974
3975			page_index->page_data =
3976				(uint8_t *)lun->mode_pages.format_page;
3977			break;
3978		}
3979		case SMS_RIGID_DISK_PAGE: {
3980			struct scsi_rigid_disk_page *rigid_disk_page;
3981			uint32_t sectors_per_cylinder;
3982			uint64_t cylinders;
3983#ifndef	__XSCALE__
3984			int shift;
3985#endif /* !__XSCALE__ */
3986
3987			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3988			    ("subpage %#x for page %#x is incorrect!",
3989			    page_index->subpage, page_code));
3990
3991			/*
3992			 * Rotation rate and sectors per track are set
3993			 * above.  We calculate the cylinders here based on
3994			 * capacity.  Due to the number of heads and
3995			 * sectors per track we're using, smaller arrays
3996			 * may turn out to have 0 cylinders.  Linux and
3997			 * FreeBSD don't pay attention to these mode pages
3998			 * to figure out capacity, but Solaris does.  It
3999			 * seems to deal with 0 cylinders just fine, and
4000			 * works out a fake geometry based on the capacity.
4001			 */
4002			memcpy(&lun->mode_pages.rigid_disk_page[
4003			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4004			       sizeof(rigid_disk_page_default));
4005			memcpy(&lun->mode_pages.rigid_disk_page[
4006			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4007			       sizeof(rigid_disk_page_changeable));
4008
4009			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4010				CTL_DEFAULT_HEADS;
4011
4012			/*
4013			 * The divide method here will be more accurate,
4014			 * probably, but results in floating point being
4015			 * used in the kernel on i386 (__udivdi3()).  On the
4016			 * XScale, though, __udivdi3() is implemented in
4017			 * software.
4018			 *
4019			 * The shift method for cylinder calculation is
4020			 * accurate if sectors_per_cylinder is a power of
4021			 * 2.  Otherwise it might be slightly off -- you
4022			 * might have a bit of a truncation problem.
4023			 */
4024#ifdef	__XSCALE__
4025			cylinders = (lun->be_lun->maxlba + 1) /
4026				sectors_per_cylinder;
4027#else
4028			for (shift = 31; shift > 0; shift--) {
4029				if (sectors_per_cylinder & (1 << shift))
4030					break;
4031			}
4032			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4033#endif
4034
4035			/*
4036			 * We've basically got 3 bytes, or 24 bits for the
4037			 * cylinder size in the mode page.  If we're over,
4038			 * just round down to 2^24.
4039			 */
4040			if (cylinders > 0xffffff)
4041				cylinders = 0xffffff;
4042
4043			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4044				CTL_PAGE_DEFAULT];
4045			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4046
4047			if ((value = ctl_get_opt(&lun->be_lun->options,
4048			    "rpm")) != NULL) {
4049				scsi_ulto2b(strtol(value, NULL, 0),
4050				     rigid_disk_page->rotation_rate);
4051			}
4052
4053			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4054			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4055			       sizeof(rigid_disk_page_default));
4056			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4057			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4058			       sizeof(rigid_disk_page_default));
4059
4060			page_index->page_data =
4061				(uint8_t *)lun->mode_pages.rigid_disk_page;
4062			break;
4063		}
4064		case SMS_VERIFY_ERROR_RECOVERY_PAGE: {
4065			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4066			    ("subpage %#x for page %#x is incorrect!",
4067			    page_index->subpage, page_code));
4068			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CURRENT],
4069			       &verify_er_page_default,
4070			       sizeof(verify_er_page_default));
4071			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CHANGEABLE],
4072			       &verify_er_page_changeable,
4073			       sizeof(verify_er_page_changeable));
4074			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_DEFAULT],
4075			       &verify_er_page_default,
4076			       sizeof(verify_er_page_default));
4077			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_SAVED],
4078			       &verify_er_page_default,
4079			       sizeof(verify_er_page_default));
4080			page_index->page_data =
4081				(uint8_t *)lun->mode_pages.verify_er_page;
4082			break;
4083		}
4084		case SMS_CACHING_PAGE: {
4085			struct scsi_caching_page *caching_page;
4086
4087			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4088			    ("subpage %#x for page %#x is incorrect!",
4089			    page_index->subpage, page_code));
4090			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4091			       &caching_page_default,
4092			       sizeof(caching_page_default));
4093			memcpy(&lun->mode_pages.caching_page[
4094			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4095			       sizeof(caching_page_changeable));
4096			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4097			       &caching_page_default,
4098			       sizeof(caching_page_default));
4099			caching_page = &lun->mode_pages.caching_page[
4100			    CTL_PAGE_SAVED];
4101			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4102			if (value != NULL && strcmp(value, "off") == 0)
4103				caching_page->flags1 &= ~SCP_WCE;
4104			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4105			if (value != NULL && strcmp(value, "off") == 0)
4106				caching_page->flags1 |= SCP_RCD;
4107			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4108			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4109			       sizeof(caching_page_default));
4110			page_index->page_data =
4111				(uint8_t *)lun->mode_pages.caching_page;
4112			break;
4113		}
4114		case SMS_CONTROL_MODE_PAGE: {
4115			switch (page_index->subpage) {
4116			case SMS_SUBPAGE_PAGE_0: {
4117				struct scsi_control_page *control_page;
4118
4119				memcpy(&lun->mode_pages.control_page[
4120				    CTL_PAGE_DEFAULT],
4121				       &control_page_default,
4122				       sizeof(control_page_default));
4123				memcpy(&lun->mode_pages.control_page[
4124				    CTL_PAGE_CHANGEABLE],
4125				       &control_page_changeable,
4126				       sizeof(control_page_changeable));
4127				memcpy(&lun->mode_pages.control_page[
4128				    CTL_PAGE_SAVED],
4129				       &control_page_default,
4130				       sizeof(control_page_default));
4131				control_page = &lun->mode_pages.control_page[
4132				    CTL_PAGE_SAVED];
4133				value = ctl_get_opt(&lun->be_lun->options,
4134				    "reordering");
4135				if (value != NULL &&
4136				    strcmp(value, "unrestricted") == 0) {
4137					control_page->queue_flags &=
4138					    ~SCP_QUEUE_ALG_MASK;
4139					control_page->queue_flags |=
4140					    SCP_QUEUE_ALG_UNRESTRICTED;
4141				}
4142				memcpy(&lun->mode_pages.control_page[
4143				    CTL_PAGE_CURRENT],
4144				       &lun->mode_pages.control_page[
4145				    CTL_PAGE_SAVED],
4146				       sizeof(control_page_default));
4147				page_index->page_data =
4148				    (uint8_t *)lun->mode_pages.control_page;
4149				break;
4150			}
4151			case 0x01:
4152				memcpy(&lun->mode_pages.control_ext_page[
4153				    CTL_PAGE_DEFAULT],
4154				       &control_ext_page_default,
4155				       sizeof(control_ext_page_default));
4156				memcpy(&lun->mode_pages.control_ext_page[
4157				    CTL_PAGE_CHANGEABLE],
4158				       &control_ext_page_changeable,
4159				       sizeof(control_ext_page_changeable));
4160				memcpy(&lun->mode_pages.control_ext_page[
4161				    CTL_PAGE_SAVED],
4162				       &control_ext_page_default,
4163				       sizeof(control_ext_page_default));
4164				memcpy(&lun->mode_pages.control_ext_page[
4165				    CTL_PAGE_CURRENT],
4166				       &lun->mode_pages.control_ext_page[
4167				    CTL_PAGE_SAVED],
4168				       sizeof(control_ext_page_default));
4169				page_index->page_data =
4170				    (uint8_t *)lun->mode_pages.control_ext_page;
4171				break;
4172			default:
4173				panic("subpage %#x for page %#x is incorrect!",
4174				      page_index->subpage, page_code);
4175			}
4176			break;
4177		}
4178		case SMS_INFO_EXCEPTIONS_PAGE: {
4179			switch (page_index->subpage) {
4180			case SMS_SUBPAGE_PAGE_0:
4181				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4182				       &ie_page_default,
4183				       sizeof(ie_page_default));
4184				memcpy(&lun->mode_pages.ie_page[
4185				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4186				       sizeof(ie_page_changeable));
4187				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4188				       &ie_page_default,
4189				       sizeof(ie_page_default));
4190				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4191				       &ie_page_default,
4192				       sizeof(ie_page_default));
4193				page_index->page_data =
4194					(uint8_t *)lun->mode_pages.ie_page;
4195				break;
4196			case 0x02: {
4197				struct ctl_logical_block_provisioning_page *page;
4198
4199				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4200				       &lbp_page_default,
4201				       sizeof(lbp_page_default));
4202				memcpy(&lun->mode_pages.lbp_page[
4203				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4204				       sizeof(lbp_page_changeable));
4205				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4206				       &lbp_page_default,
4207				       sizeof(lbp_page_default));
4208				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4209				value = ctl_get_opt(&lun->be_lun->options,
4210				    "avail-threshold");
4211				if (value != NULL &&
4212				    ctl_expand_number(value, &ival) == 0) {
4213					page->descr[0].flags |= SLBPPD_ENABLED |
4214					    SLBPPD_ARMING_DEC;
4215					if (lun->be_lun->blocksize)
4216						ival /= lun->be_lun->blocksize;
4217					else
4218						ival /= 512;
4219					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4220					    page->descr[0].count);
4221				}
4222				value = ctl_get_opt(&lun->be_lun->options,
4223				    "used-threshold");
4224				if (value != NULL &&
4225				    ctl_expand_number(value, &ival) == 0) {
4226					page->descr[1].flags |= SLBPPD_ENABLED |
4227					    SLBPPD_ARMING_INC;
4228					if (lun->be_lun->blocksize)
4229						ival /= lun->be_lun->blocksize;
4230					else
4231						ival /= 512;
4232					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4233					    page->descr[1].count);
4234				}
4235				value = ctl_get_opt(&lun->be_lun->options,
4236				    "pool-avail-threshold");
4237				if (value != NULL &&
4238				    ctl_expand_number(value, &ival) == 0) {
4239					page->descr[2].flags |= SLBPPD_ENABLED |
4240					    SLBPPD_ARMING_DEC;
4241					if (lun->be_lun->blocksize)
4242						ival /= lun->be_lun->blocksize;
4243					else
4244						ival /= 512;
4245					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4246					    page->descr[2].count);
4247				}
4248				value = ctl_get_opt(&lun->be_lun->options,
4249				    "pool-used-threshold");
4250				if (value != NULL &&
4251				    ctl_expand_number(value, &ival) == 0) {
4252					page->descr[3].flags |= SLBPPD_ENABLED |
4253					    SLBPPD_ARMING_INC;
4254					if (lun->be_lun->blocksize)
4255						ival /= lun->be_lun->blocksize;
4256					else
4257						ival /= 512;
4258					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4259					    page->descr[3].count);
4260				}
4261				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4262				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4263				       sizeof(lbp_page_default));
4264				page_index->page_data =
4265					(uint8_t *)lun->mode_pages.lbp_page;
4266				break;
4267			}
4268			default:
4269				panic("subpage %#x for page %#x is incorrect!",
4270				      page_index->subpage, page_code);
4271			}
4272			break;
4273		}
4274		case SMS_CDDVD_CAPS_PAGE:{
4275			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4276			    ("subpage %#x for page %#x is incorrect!",
4277			    page_index->subpage, page_code));
4278			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_DEFAULT],
4279			       &cddvd_page_default,
4280			       sizeof(cddvd_page_default));
4281			memcpy(&lun->mode_pages.cddvd_page[
4282			       CTL_PAGE_CHANGEABLE], &cddvd_page_changeable,
4283			       sizeof(cddvd_page_changeable));
4284			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4285			       &cddvd_page_default,
4286			       sizeof(cddvd_page_default));
4287			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_CURRENT],
4288			       &lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4289			       sizeof(cddvd_page_default));
4290			page_index->page_data =
4291				(uint8_t *)lun->mode_pages.cddvd_page;
4292			break;
4293		}
4294		default:
4295			panic("invalid page code value %#x", page_code);
4296		}
4297	}
4298
4299	return (CTL_RETVAL_COMPLETE);
4300}
4301
4302static int
4303ctl_init_log_page_index(struct ctl_lun *lun)
4304{
4305	struct ctl_page_index *page_index;
4306	int i, j, k, prev;
4307
4308	memcpy(&lun->log_pages.index, log_page_index_template,
4309	       sizeof(log_page_index_template));
4310
4311	prev = -1;
4312	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4313
4314		page_index = &lun->log_pages.index[i];
4315		if (lun->be_lun->lun_type == T_DIRECT &&
4316		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4317			continue;
4318		if (lun->be_lun->lun_type == T_PROCESSOR &&
4319		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4320			continue;
4321		if (lun->be_lun->lun_type == T_CDROM &&
4322		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4323			continue;
4324
4325		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4326		    lun->backend->lun_attr == NULL)
4327			continue;
4328
4329		if (page_index->page_code != prev) {
4330			lun->log_pages.pages_page[j] = page_index->page_code;
4331			prev = page_index->page_code;
4332			j++;
4333		}
4334		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4335		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4336		k++;
4337	}
4338	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4339	lun->log_pages.index[0].page_len = j;
4340	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4341	lun->log_pages.index[1].page_len = k * 2;
4342	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4343	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4344	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4345	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4346	lun->log_pages.index[4].page_data = (uint8_t *)&lun->log_pages.ie_page;
4347	lun->log_pages.index[4].page_len = sizeof(lun->log_pages.ie_page);
4348
4349	return (CTL_RETVAL_COMPLETE);
4350}
4351
4352static int
4353hex2bin(const char *str, uint8_t *buf, int buf_size)
4354{
4355	int i;
4356	u_char c;
4357
4358	memset(buf, 0, buf_size);
4359	while (isspace(str[0]))
4360		str++;
4361	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4362		str += 2;
4363	buf_size *= 2;
4364	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4365		while (str[i] == '-')	/* Skip dashes in UUIDs. */
4366			str++;
4367		c = str[i];
4368		if (isdigit(c))
4369			c -= '0';
4370		else if (isalpha(c))
4371			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4372		else
4373			break;
4374		if (c >= 16)
4375			break;
4376		if ((i & 1) == 0)
4377			buf[i / 2] |= (c << 4);
4378		else
4379			buf[i / 2] |= c;
4380	}
4381	return ((i + 1) / 2);
4382}
4383
4384/*
4385 * LUN allocation.
4386 *
4387 * Requirements:
4388 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4389 *   wants us to allocate the LUN and he can block.
4390 * - ctl_softc is always set
4391 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4392 *
4393 * Returns 0 for success, non-zero (errno) for failure.
4394 */
4395static int
4396ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4397	      struct ctl_be_lun *const be_lun)
4398{
4399	struct ctl_lun *nlun, *lun;
4400	struct scsi_vpd_id_descriptor *desc;
4401	struct scsi_vpd_id_t10 *t10id;
4402	const char *eui, *naa, *scsiname, *uuid, *vendor, *value;
4403	int lun_number, i, lun_malloced;
4404	int devidlen, idlen1, idlen2 = 0, len;
4405
4406	if (be_lun == NULL)
4407		return (EINVAL);
4408
4409	/*
4410	 * We currently only support Direct Access or Processor LUN types.
4411	 */
4412	switch (be_lun->lun_type) {
4413	case T_DIRECT:
4414	case T_PROCESSOR:
4415	case T_CDROM:
4416		break;
4417	case T_SEQUENTIAL:
4418	case T_CHANGER:
4419	default:
4420		be_lun->lun_config_status(be_lun->be_lun,
4421					  CTL_LUN_CONFIG_FAILURE);
4422		break;
4423	}
4424	if (ctl_lun == NULL) {
4425		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4426		lun_malloced = 1;
4427	} else {
4428		lun_malloced = 0;
4429		lun = ctl_lun;
4430	}
4431
4432	memset(lun, 0, sizeof(*lun));
4433	if (lun_malloced)
4434		lun->flags = CTL_LUN_MALLOCED;
4435
4436	/* Generate LUN ID. */
4437	devidlen = max(CTL_DEVID_MIN_LEN,
4438	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4439	idlen1 = sizeof(*t10id) + devidlen;
4440	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4441	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4442	if (scsiname != NULL) {
4443		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4444		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4445	}
4446	eui = ctl_get_opt(&be_lun->options, "eui");
4447	if (eui != NULL) {
4448		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4449	}
4450	naa = ctl_get_opt(&be_lun->options, "naa");
4451	if (naa != NULL) {
4452		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4453	}
4454	uuid = ctl_get_opt(&be_lun->options, "uuid");
4455	if (uuid != NULL) {
4456		len += sizeof(struct scsi_vpd_id_descriptor) + 18;
4457	}
4458	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4459	    M_CTL, M_WAITOK | M_ZERO);
4460	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4461	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4462	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4463	desc->length = idlen1;
4464	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4465	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4466	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4467		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4468	} else {
4469		strncpy(t10id->vendor, vendor,
4470		    min(sizeof(t10id->vendor), strlen(vendor)));
4471	}
4472	strncpy((char *)t10id->vendor_spec_id,
4473	    (char *)be_lun->device_id, devidlen);
4474	if (scsiname != NULL) {
4475		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4476		    desc->length);
4477		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4478		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4479		    SVPD_ID_TYPE_SCSI_NAME;
4480		desc->length = idlen2;
4481		strlcpy(desc->identifier, scsiname, idlen2);
4482	}
4483	if (eui != NULL) {
4484		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4485		    desc->length);
4486		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4487		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4488		    SVPD_ID_TYPE_EUI64;
4489		desc->length = hex2bin(eui, desc->identifier, 16);
4490		desc->length = desc->length > 12 ? 16 :
4491		    (desc->length > 8 ? 12 : 8);
4492		len -= 16 - desc->length;
4493	}
4494	if (naa != NULL) {
4495		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4496		    desc->length);
4497		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4498		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4499		    SVPD_ID_TYPE_NAA;
4500		desc->length = hex2bin(naa, desc->identifier, 16);
4501		desc->length = desc->length > 8 ? 16 : 8;
4502		len -= 16 - desc->length;
4503	}
4504	if (uuid != NULL) {
4505		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4506		    desc->length);
4507		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4508		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4509		    SVPD_ID_TYPE_UUID;
4510		desc->identifier[0] = 0x10;
4511		hex2bin(uuid, &desc->identifier[2], 16);
4512		desc->length = 18;
4513	}
4514	lun->lun_devid->len = len;
4515
4516	mtx_lock(&ctl_softc->ctl_lock);
4517	/*
4518	 * See if the caller requested a particular LUN number.  If so, see
4519	 * if it is available.  Otherwise, allocate the first available LUN.
4520	 */
4521	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4522		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4523		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4524			mtx_unlock(&ctl_softc->ctl_lock);
4525			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4526				printf("ctl: requested LUN ID %d is higher "
4527				       "than CTL_MAX_LUNS - 1 (%d)\n",
4528				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4529			} else {
4530				/*
4531				 * XXX KDM return an error, or just assign
4532				 * another LUN ID in this case??
4533				 */
4534				printf("ctl: requested LUN ID %d is already "
4535				       "in use\n", be_lun->req_lun_id);
4536			}
4537			if (lun->flags & CTL_LUN_MALLOCED)
4538				free(lun, M_CTL);
4539			be_lun->lun_config_status(be_lun->be_lun,
4540						  CTL_LUN_CONFIG_FAILURE);
4541			return (ENOSPC);
4542		}
4543		lun_number = be_lun->req_lun_id;
4544	} else {
4545		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4546		if (lun_number == -1) {
4547			mtx_unlock(&ctl_softc->ctl_lock);
4548			printf("ctl: can't allocate LUN, out of LUNs\n");
4549			if (lun->flags & CTL_LUN_MALLOCED)
4550				free(lun, M_CTL);
4551			be_lun->lun_config_status(be_lun->be_lun,
4552						  CTL_LUN_CONFIG_FAILURE);
4553			return (ENOSPC);
4554		}
4555	}
4556	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4557
4558	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4559	lun->lun = lun_number;
4560	lun->be_lun = be_lun;
4561	/*
4562	 * The processor LUN is always enabled.  Disk LUNs come on line
4563	 * disabled, and must be enabled by the backend.
4564	 */
4565	lun->flags |= CTL_LUN_DISABLED;
4566	lun->backend = be_lun->be;
4567	be_lun->ctl_lun = lun;
4568	be_lun->lun_id = lun_number;
4569	atomic_add_int(&be_lun->be->num_luns, 1);
4570	if (be_lun->flags & CTL_LUN_FLAG_EJECTED)
4571		lun->flags |= CTL_LUN_EJECTED;
4572	if (be_lun->flags & CTL_LUN_FLAG_NO_MEDIA)
4573		lun->flags |= CTL_LUN_NO_MEDIA;
4574	if (be_lun->flags & CTL_LUN_FLAG_STOPPED)
4575		lun->flags |= CTL_LUN_STOPPED;
4576
4577	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4578		lun->flags |= CTL_LUN_PRIMARY_SC;
4579
4580	value = ctl_get_opt(&be_lun->options, "removable");
4581	if (value != NULL) {
4582		if (strcmp(value, "on") == 0)
4583			lun->flags |= CTL_LUN_REMOVABLE;
4584	} else if (be_lun->lun_type == T_CDROM)
4585		lun->flags |= CTL_LUN_REMOVABLE;
4586
4587	lun->ctl_softc = ctl_softc;
4588#ifdef CTL_TIME_IO
4589	lun->last_busy = getsbinuptime();
4590#endif
4591	TAILQ_INIT(&lun->ooa_queue);
4592	TAILQ_INIT(&lun->blocked_queue);
4593	STAILQ_INIT(&lun->error_list);
4594	lun->ie_reported = 1;
4595	callout_init_mtx(&lun->ie_callout, &lun->lun_lock, 0);
4596	ctl_tpc_lun_init(lun);
4597
4598	/*
4599	 * Initialize the mode and log page index.
4600	 */
4601	ctl_init_page_index(lun);
4602	ctl_init_log_page_index(lun);
4603
4604	/*
4605	 * Now, before we insert this lun on the lun list, set the lun
4606	 * inventory changed UA for all other luns.
4607	 */
4608	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4609		mtx_lock(&nlun->lun_lock);
4610		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4611		mtx_unlock(&nlun->lun_lock);
4612	}
4613
4614	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4615
4616	ctl_softc->ctl_luns[lun_number] = lun;
4617
4618	ctl_softc->num_luns++;
4619
4620	/* Setup statistics gathering */
4621	lun->stats.device_type = be_lun->lun_type;
4622	lun->stats.lun_number = lun_number;
4623	lun->stats.blocksize = be_lun->blocksize;
4624	if (be_lun->blocksize == 0)
4625		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4626	for (i = 0;i < CTL_MAX_PORTS;i++)
4627		lun->stats.ports[i].targ_port = i;
4628
4629	mtx_unlock(&ctl_softc->ctl_lock);
4630
4631	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4632	return (0);
4633}
4634
4635/*
4636 * Delete a LUN.
4637 * Assumptions:
4638 * - LUN has already been marked invalid and any pending I/O has been taken
4639 *   care of.
4640 */
4641static int
4642ctl_free_lun(struct ctl_lun *lun)
4643{
4644	struct ctl_softc *softc;
4645	struct ctl_lun *nlun;
4646	int i;
4647
4648	softc = lun->ctl_softc;
4649
4650	mtx_assert(&softc->ctl_lock, MA_OWNED);
4651
4652	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4653
4654	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4655
4656	softc->ctl_luns[lun->lun] = NULL;
4657
4658	if (!TAILQ_EMPTY(&lun->ooa_queue))
4659		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4660
4661	softc->num_luns--;
4662
4663	/*
4664	 * Tell the backend to free resources, if this LUN has a backend.
4665	 */
4666	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4667	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4668
4669	lun->ie_reportcnt = UINT32_MAX;
4670	callout_drain(&lun->ie_callout);
4671
4672	ctl_tpc_lun_shutdown(lun);
4673	mtx_destroy(&lun->lun_lock);
4674	free(lun->lun_devid, M_CTL);
4675	for (i = 0; i < CTL_MAX_PORTS; i++)
4676		free(lun->pending_ua[i], M_CTL);
4677	for (i = 0; i < CTL_MAX_PORTS; i++)
4678		free(lun->pr_keys[i], M_CTL);
4679	free(lun->write_buffer, M_CTL);
4680	if (lun->flags & CTL_LUN_MALLOCED)
4681		free(lun, M_CTL);
4682
4683	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4684		mtx_lock(&nlun->lun_lock);
4685		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4686		mtx_unlock(&nlun->lun_lock);
4687	}
4688
4689	return (0);
4690}
4691
4692static void
4693ctl_create_lun(struct ctl_be_lun *be_lun)
4694{
4695
4696	/*
4697	 * ctl_alloc_lun() should handle all potential failure cases.
4698	 */
4699	ctl_alloc_lun(control_softc, NULL, be_lun);
4700}
4701
4702int
4703ctl_add_lun(struct ctl_be_lun *be_lun)
4704{
4705	struct ctl_softc *softc = control_softc;
4706
4707	mtx_lock(&softc->ctl_lock);
4708	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4709	mtx_unlock(&softc->ctl_lock);
4710	wakeup(&softc->pending_lun_queue);
4711
4712	return (0);
4713}
4714
4715int
4716ctl_enable_lun(struct ctl_be_lun *be_lun)
4717{
4718	struct ctl_softc *softc;
4719	struct ctl_port *port, *nport;
4720	struct ctl_lun *lun;
4721	int retval;
4722
4723	lun = (struct ctl_lun *)be_lun->ctl_lun;
4724	softc = lun->ctl_softc;
4725
4726	mtx_lock(&softc->ctl_lock);
4727	mtx_lock(&lun->lun_lock);
4728	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4729		/*
4730		 * eh?  Why did we get called if the LUN is already
4731		 * enabled?
4732		 */
4733		mtx_unlock(&lun->lun_lock);
4734		mtx_unlock(&softc->ctl_lock);
4735		return (0);
4736	}
4737	lun->flags &= ~CTL_LUN_DISABLED;
4738	mtx_unlock(&lun->lun_lock);
4739
4740	STAILQ_FOREACH_SAFE(port, &softc->port_list, links, nport) {
4741		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4742		    port->lun_map != NULL || port->lun_enable == NULL)
4743			continue;
4744
4745		/*
4746		 * Drop the lock while we call the FETD's enable routine.
4747		 * This can lead to a callback into CTL (at least in the
4748		 * case of the internal initiator frontend.
4749		 */
4750		mtx_unlock(&softc->ctl_lock);
4751		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4752		mtx_lock(&softc->ctl_lock);
4753		if (retval != 0) {
4754			printf("%s: FETD %s port %d returned error "
4755			       "%d for lun_enable on lun %jd\n",
4756			       __func__, port->port_name, port->targ_port,
4757			       retval, (intmax_t)lun->lun);
4758		}
4759	}
4760
4761	mtx_unlock(&softc->ctl_lock);
4762	ctl_isc_announce_lun(lun);
4763
4764	return (0);
4765}
4766
4767int
4768ctl_disable_lun(struct ctl_be_lun *be_lun)
4769{
4770	struct ctl_softc *softc;
4771	struct ctl_port *port;
4772	struct ctl_lun *lun;
4773	int retval;
4774
4775	lun = (struct ctl_lun *)be_lun->ctl_lun;
4776	softc = lun->ctl_softc;
4777
4778	mtx_lock(&softc->ctl_lock);
4779	mtx_lock(&lun->lun_lock);
4780	if (lun->flags & CTL_LUN_DISABLED) {
4781		mtx_unlock(&lun->lun_lock);
4782		mtx_unlock(&softc->ctl_lock);
4783		return (0);
4784	}
4785	lun->flags |= CTL_LUN_DISABLED;
4786	mtx_unlock(&lun->lun_lock);
4787
4788	STAILQ_FOREACH(port, &softc->port_list, links) {
4789		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4790		    port->lun_map != NULL || port->lun_disable == NULL)
4791			continue;
4792
4793		/*
4794		 * Drop the lock before we call the frontend's disable
4795		 * routine, to avoid lock order reversals.
4796		 *
4797		 * XXX KDM what happens if the frontend list changes while
4798		 * we're traversing it?  It's unlikely, but should be handled.
4799		 */
4800		mtx_unlock(&softc->ctl_lock);
4801		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4802		mtx_lock(&softc->ctl_lock);
4803		if (retval != 0) {
4804			printf("%s: FETD %s port %d returned error "
4805			       "%d for lun_disable on lun %jd\n",
4806			       __func__, port->port_name, port->targ_port,
4807			       retval, (intmax_t)lun->lun);
4808		}
4809	}
4810
4811	mtx_unlock(&softc->ctl_lock);
4812	ctl_isc_announce_lun(lun);
4813
4814	return (0);
4815}
4816
4817int
4818ctl_start_lun(struct ctl_be_lun *be_lun)
4819{
4820	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4821
4822	mtx_lock(&lun->lun_lock);
4823	lun->flags &= ~CTL_LUN_STOPPED;
4824	mtx_unlock(&lun->lun_lock);
4825	return (0);
4826}
4827
4828int
4829ctl_stop_lun(struct ctl_be_lun *be_lun)
4830{
4831	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4832
4833	mtx_lock(&lun->lun_lock);
4834	lun->flags |= CTL_LUN_STOPPED;
4835	mtx_unlock(&lun->lun_lock);
4836	return (0);
4837}
4838
4839int
4840ctl_lun_no_media(struct ctl_be_lun *be_lun)
4841{
4842	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4843
4844	mtx_lock(&lun->lun_lock);
4845	lun->flags |= CTL_LUN_NO_MEDIA;
4846	mtx_unlock(&lun->lun_lock);
4847	return (0);
4848}
4849
4850int
4851ctl_lun_has_media(struct ctl_be_lun *be_lun)
4852{
4853	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4854	union ctl_ha_msg msg;
4855
4856	mtx_lock(&lun->lun_lock);
4857	lun->flags &= ~(CTL_LUN_NO_MEDIA | CTL_LUN_EJECTED);
4858	if (lun->flags & CTL_LUN_REMOVABLE)
4859		ctl_est_ua_all(lun, -1, CTL_UA_MEDIUM_CHANGE);
4860	mtx_unlock(&lun->lun_lock);
4861	if ((lun->flags & CTL_LUN_REMOVABLE) &&
4862	    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4863		bzero(&msg.ua, sizeof(msg.ua));
4864		msg.hdr.msg_type = CTL_MSG_UA;
4865		msg.hdr.nexus.initid = -1;
4866		msg.hdr.nexus.targ_port = -1;
4867		msg.hdr.nexus.targ_lun = lun->lun;
4868		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4869		msg.ua.ua_all = 1;
4870		msg.ua.ua_set = 1;
4871		msg.ua.ua_type = CTL_UA_MEDIUM_CHANGE;
4872		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4873		    M_WAITOK);
4874	}
4875	return (0);
4876}
4877
4878int
4879ctl_lun_ejected(struct ctl_be_lun *be_lun)
4880{
4881	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4882
4883	mtx_lock(&lun->lun_lock);
4884	lun->flags |= CTL_LUN_EJECTED;
4885	mtx_unlock(&lun->lun_lock);
4886	return (0);
4887}
4888
4889int
4890ctl_lun_primary(struct ctl_be_lun *be_lun)
4891{
4892	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4893
4894	mtx_lock(&lun->lun_lock);
4895	lun->flags |= CTL_LUN_PRIMARY_SC;
4896	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4897	mtx_unlock(&lun->lun_lock);
4898	ctl_isc_announce_lun(lun);
4899	return (0);
4900}
4901
4902int
4903ctl_lun_secondary(struct ctl_be_lun *be_lun)
4904{
4905	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4906
4907	mtx_lock(&lun->lun_lock);
4908	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4909	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4910	mtx_unlock(&lun->lun_lock);
4911	ctl_isc_announce_lun(lun);
4912	return (0);
4913}
4914
4915int
4916ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4917{
4918	struct ctl_softc *softc;
4919	struct ctl_lun *lun;
4920
4921	lun = (struct ctl_lun *)be_lun->ctl_lun;
4922	softc = lun->ctl_softc;
4923
4924	mtx_lock(&lun->lun_lock);
4925
4926	/*
4927	 * The LUN needs to be disabled before it can be marked invalid.
4928	 */
4929	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4930		mtx_unlock(&lun->lun_lock);
4931		return (-1);
4932	}
4933	/*
4934	 * Mark the LUN invalid.
4935	 */
4936	lun->flags |= CTL_LUN_INVALID;
4937
4938	/*
4939	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4940	 * If we have something in the OOA queue, we'll free it when the
4941	 * last I/O completes.
4942	 */
4943	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4944		mtx_unlock(&lun->lun_lock);
4945		mtx_lock(&softc->ctl_lock);
4946		ctl_free_lun(lun);
4947		mtx_unlock(&softc->ctl_lock);
4948	} else
4949		mtx_unlock(&lun->lun_lock);
4950
4951	return (0);
4952}
4953
4954void
4955ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4956{
4957	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4958	union ctl_ha_msg msg;
4959
4960	mtx_lock(&lun->lun_lock);
4961	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGE);
4962	mtx_unlock(&lun->lun_lock);
4963	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4964		/* Send msg to other side. */
4965		bzero(&msg.ua, sizeof(msg.ua));
4966		msg.hdr.msg_type = CTL_MSG_UA;
4967		msg.hdr.nexus.initid = -1;
4968		msg.hdr.nexus.targ_port = -1;
4969		msg.hdr.nexus.targ_lun = lun->lun;
4970		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4971		msg.ua.ua_all = 1;
4972		msg.ua.ua_set = 1;
4973		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGE;
4974		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4975		    M_WAITOK);
4976	}
4977}
4978
4979/*
4980 * Backend "memory move is complete" callback for requests that never
4981 * make it down to say RAIDCore's configuration code.
4982 */
4983int
4984ctl_config_move_done(union ctl_io *io)
4985{
4986	int retval;
4987
4988	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4989	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4990	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4991
4992	if ((io->io_hdr.port_status != 0) &&
4993	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4994	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4995		/*
4996		 * For hardware error sense keys, the sense key
4997		 * specific value is defined to be a retry count,
4998		 * but we use it to pass back an internal FETD
4999		 * error code.  XXX KDM  Hopefully the FETD is only
5000		 * using 16 bits for an error code, since that's
5001		 * all the space we have in the sks field.
5002		 */
5003		ctl_set_internal_failure(&io->scsiio,
5004					 /*sks_valid*/ 1,
5005					 /*retry_count*/
5006					 io->io_hdr.port_status);
5007	}
5008
5009	if (ctl_debug & CTL_DEBUG_CDB_DATA)
5010		ctl_data_print(io);
5011	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
5012	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5013	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
5014	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5015		/*
5016		 * XXX KDM just assuming a single pointer here, and not a
5017		 * S/G list.  If we start using S/G lists for config data,
5018		 * we'll need to know how to clean them up here as well.
5019		 */
5020		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5021			free(io->scsiio.kern_data_ptr, M_CTL);
5022		ctl_done(io);
5023		retval = CTL_RETVAL_COMPLETE;
5024	} else {
5025		/*
5026		 * XXX KDM now we need to continue data movement.  Some
5027		 * options:
5028		 * - call ctl_scsiio() again?  We don't do this for data
5029		 *   writes, because for those at least we know ahead of
5030		 *   time where the write will go and how long it is.  For
5031		 *   config writes, though, that information is largely
5032		 *   contained within the write itself, thus we need to
5033		 *   parse out the data again.
5034		 *
5035		 * - Call some other function once the data is in?
5036		 */
5037
5038		/*
5039		 * XXX KDM call ctl_scsiio() again for now, and check flag
5040		 * bits to see whether we're allocated or not.
5041		 */
5042		retval = ctl_scsiio(&io->scsiio);
5043	}
5044	return (retval);
5045}
5046
5047/*
5048 * This gets called by a backend driver when it is done with a
5049 * data_submit method.
5050 */
5051void
5052ctl_data_submit_done(union ctl_io *io)
5053{
5054	/*
5055	 * If the IO_CONT flag is set, we need to call the supplied
5056	 * function to continue processing the I/O, instead of completing
5057	 * the I/O just yet.
5058	 *
5059	 * If there is an error, though, we don't want to keep processing.
5060	 * Instead, just send status back to the initiator.
5061	 */
5062	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5063	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5064	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5065	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5066		io->scsiio.io_cont(io);
5067		return;
5068	}
5069	ctl_done(io);
5070}
5071
5072/*
5073 * This gets called by a backend driver when it is done with a
5074 * configuration write.
5075 */
5076void
5077ctl_config_write_done(union ctl_io *io)
5078{
5079	uint8_t *buf;
5080
5081	/*
5082	 * If the IO_CONT flag is set, we need to call the supplied
5083	 * function to continue processing the I/O, instead of completing
5084	 * the I/O just yet.
5085	 *
5086	 * If there is an error, though, we don't want to keep processing.
5087	 * Instead, just send status back to the initiator.
5088	 */
5089	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5090	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5091	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5092	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5093		io->scsiio.io_cont(io);
5094		return;
5095	}
5096	/*
5097	 * Since a configuration write can be done for commands that actually
5098	 * have data allocated, like write buffer, and commands that have
5099	 * no data, like start/stop unit, we need to check here.
5100	 */
5101	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5102		buf = io->scsiio.kern_data_ptr;
5103	else
5104		buf = NULL;
5105	ctl_done(io);
5106	if (buf)
5107		free(buf, M_CTL);
5108}
5109
5110void
5111ctl_config_read_done(union ctl_io *io)
5112{
5113	uint8_t *buf;
5114
5115	/*
5116	 * If there is some error -- we are done, skip data transfer.
5117	 */
5118	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5119	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5120	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5121		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5122			buf = io->scsiio.kern_data_ptr;
5123		else
5124			buf = NULL;
5125		ctl_done(io);
5126		if (buf)
5127			free(buf, M_CTL);
5128		return;
5129	}
5130
5131	/*
5132	 * If the IO_CONT flag is set, we need to call the supplied
5133	 * function to continue processing the I/O, instead of completing
5134	 * the I/O just yet.
5135	 */
5136	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5137		io->scsiio.io_cont(io);
5138		return;
5139	}
5140
5141	ctl_datamove(io);
5142}
5143
5144/*
5145 * SCSI release command.
5146 */
5147int
5148ctl_scsi_release(struct ctl_scsiio *ctsio)
5149{
5150	struct ctl_lun *lun;
5151	uint32_t residx;
5152
5153	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5154
5155	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5156	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5157
5158	/*
5159	 * XXX KDM right now, we only support LUN reservation.  We don't
5160	 * support 3rd party reservations, or extent reservations, which
5161	 * might actually need the parameter list.  If we've gotten this
5162	 * far, we've got a LUN reservation.  Anything else got kicked out
5163	 * above.  So, according to SPC, ignore the length.
5164	 */
5165
5166	mtx_lock(&lun->lun_lock);
5167
5168	/*
5169	 * According to SPC, it is not an error for an intiator to attempt
5170	 * to release a reservation on a LUN that isn't reserved, or that
5171	 * is reserved by another initiator.  The reservation can only be
5172	 * released, though, by the initiator who made it or by one of
5173	 * several reset type events.
5174	 */
5175	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5176			lun->flags &= ~CTL_LUN_RESERVED;
5177
5178	mtx_unlock(&lun->lun_lock);
5179
5180	ctl_set_success(ctsio);
5181	ctl_done((union ctl_io *)ctsio);
5182	return (CTL_RETVAL_COMPLETE);
5183}
5184
5185int
5186ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5187{
5188	struct ctl_lun *lun;
5189	uint32_t residx;
5190
5191	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5192
5193	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5194	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5195
5196	/*
5197	 * XXX KDM right now, we only support LUN reservation.  We don't
5198	 * support 3rd party reservations, or extent reservations, which
5199	 * might actually need the parameter list.  If we've gotten this
5200	 * far, we've got a LUN reservation.  Anything else got kicked out
5201	 * above.  So, according to SPC, ignore the length.
5202	 */
5203
5204	mtx_lock(&lun->lun_lock);
5205	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5206		ctl_set_reservation_conflict(ctsio);
5207		goto bailout;
5208	}
5209
5210	/* SPC-3 exceptions to SPC-2 RESERVE and RELEASE behavior. */
5211	if (lun->flags & CTL_LUN_PR_RESERVED) {
5212		ctl_set_success(ctsio);
5213		goto bailout;
5214	}
5215
5216	lun->flags |= CTL_LUN_RESERVED;
5217	lun->res_idx = residx;
5218	ctl_set_success(ctsio);
5219
5220bailout:
5221	mtx_unlock(&lun->lun_lock);
5222	ctl_done((union ctl_io *)ctsio);
5223	return (CTL_RETVAL_COMPLETE);
5224}
5225
5226int
5227ctl_start_stop(struct ctl_scsiio *ctsio)
5228{
5229	struct scsi_start_stop_unit *cdb;
5230	struct ctl_lun *lun;
5231	int retval;
5232
5233	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5234
5235	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5236	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5237
5238	if ((cdb->how & SSS_PC_MASK) == 0) {
5239		if ((lun->flags & CTL_LUN_PR_RESERVED) &&
5240		    (cdb->how & SSS_START) == 0) {
5241			uint32_t residx;
5242
5243			residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5244			if (ctl_get_prkey(lun, residx) == 0 ||
5245			    (lun->pr_res_idx != residx && lun->pr_res_type < 4)) {
5246
5247				ctl_set_reservation_conflict(ctsio);
5248				ctl_done((union ctl_io *)ctsio);
5249				return (CTL_RETVAL_COMPLETE);
5250			}
5251		}
5252
5253		if ((cdb->how & SSS_LOEJ) &&
5254		    (lun->flags & CTL_LUN_REMOVABLE) == 0) {
5255			ctl_set_invalid_field(ctsio,
5256					      /*sks_valid*/ 1,
5257					      /*command*/ 1,
5258					      /*field*/ 4,
5259					      /*bit_valid*/ 1,
5260					      /*bit*/ 1);
5261			ctl_done((union ctl_io *)ctsio);
5262			return (CTL_RETVAL_COMPLETE);
5263		}
5264
5265		if ((cdb->how & SSS_START) == 0 && (cdb->how & SSS_LOEJ) &&
5266		    lun->prevent_count > 0) {
5267			/* "Medium removal prevented" */
5268			ctl_set_sense(ctsio, /*current_error*/ 1,
5269			    /*sense_key*/(lun->flags & CTL_LUN_NO_MEDIA) ?
5270			     SSD_KEY_NOT_READY : SSD_KEY_ILLEGAL_REQUEST,
5271			    /*asc*/ 0x53, /*ascq*/ 0x02, SSD_ELEM_NONE);
5272			ctl_done((union ctl_io *)ctsio);
5273			return (CTL_RETVAL_COMPLETE);
5274		}
5275	}
5276
5277	retval = lun->backend->config_write((union ctl_io *)ctsio);
5278	return (retval);
5279}
5280
5281int
5282ctl_prevent_allow(struct ctl_scsiio *ctsio)
5283{
5284	struct ctl_lun *lun;
5285	struct scsi_prevent *cdb;
5286	int retval;
5287	uint32_t initidx;
5288
5289	CTL_DEBUG_PRINT(("ctl_prevent_allow\n"));
5290
5291	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5292	cdb = (struct scsi_prevent *)ctsio->cdb;
5293
5294	if ((lun->flags & CTL_LUN_REMOVABLE) == 0) {
5295		ctl_set_invalid_opcode(ctsio);
5296		ctl_done((union ctl_io *)ctsio);
5297		return (CTL_RETVAL_COMPLETE);
5298	}
5299
5300	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5301	mtx_lock(&lun->lun_lock);
5302	if ((cdb->how & PR_PREVENT) &&
5303	    ctl_is_set(lun->prevent, initidx) == 0) {
5304		ctl_set_mask(lun->prevent, initidx);
5305		lun->prevent_count++;
5306	} else if ((cdb->how & PR_PREVENT) == 0 &&
5307	    ctl_is_set(lun->prevent, initidx)) {
5308		ctl_clear_mask(lun->prevent, initidx);
5309		lun->prevent_count--;
5310	}
5311	mtx_unlock(&lun->lun_lock);
5312	retval = lun->backend->config_write((union ctl_io *)ctsio);
5313	return (retval);
5314}
5315
5316/*
5317 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5318 * we don't really do anything with the LBA and length fields if the user
5319 * passes them in.  Instead we'll just flush out the cache for the entire
5320 * LUN.
5321 */
5322int
5323ctl_sync_cache(struct ctl_scsiio *ctsio)
5324{
5325	struct ctl_lun *lun;
5326	struct ctl_softc *softc;
5327	struct ctl_lba_len_flags *lbalen;
5328	uint64_t starting_lba;
5329	uint32_t block_count;
5330	int retval;
5331	uint8_t byte2;
5332
5333	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5334
5335	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5336	softc = lun->ctl_softc;
5337	retval = 0;
5338
5339	switch (ctsio->cdb[0]) {
5340	case SYNCHRONIZE_CACHE: {
5341		struct scsi_sync_cache *cdb;
5342		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5343
5344		starting_lba = scsi_4btoul(cdb->begin_lba);
5345		block_count = scsi_2btoul(cdb->lb_count);
5346		byte2 = cdb->byte2;
5347		break;
5348	}
5349	case SYNCHRONIZE_CACHE_16: {
5350		struct scsi_sync_cache_16 *cdb;
5351		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5352
5353		starting_lba = scsi_8btou64(cdb->begin_lba);
5354		block_count = scsi_4btoul(cdb->lb_count);
5355		byte2 = cdb->byte2;
5356		break;
5357	}
5358	default:
5359		ctl_set_invalid_opcode(ctsio);
5360		ctl_done((union ctl_io *)ctsio);
5361		goto bailout;
5362		break; /* NOTREACHED */
5363	}
5364
5365	/*
5366	 * We check the LBA and length, but don't do anything with them.
5367	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5368	 * get flushed.  This check will just help satisfy anyone who wants
5369	 * to see an error for an out of range LBA.
5370	 */
5371	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5372		ctl_set_lba_out_of_range(ctsio,
5373		    MAX(starting_lba, lun->be_lun->maxlba + 1));
5374		ctl_done((union ctl_io *)ctsio);
5375		goto bailout;
5376	}
5377
5378	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5379	lbalen->lba = starting_lba;
5380	lbalen->len = block_count;
5381	lbalen->flags = byte2;
5382	retval = lun->backend->config_write((union ctl_io *)ctsio);
5383
5384bailout:
5385	return (retval);
5386}
5387
5388int
5389ctl_format(struct ctl_scsiio *ctsio)
5390{
5391	struct scsi_format *cdb;
5392	struct ctl_lun *lun;
5393	int length, defect_list_len;
5394
5395	CTL_DEBUG_PRINT(("ctl_format\n"));
5396
5397	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5398
5399	cdb = (struct scsi_format *)ctsio->cdb;
5400
5401	length = 0;
5402	if (cdb->byte2 & SF_FMTDATA) {
5403		if (cdb->byte2 & SF_LONGLIST)
5404			length = sizeof(struct scsi_format_header_long);
5405		else
5406			length = sizeof(struct scsi_format_header_short);
5407	}
5408
5409	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5410	 && (length > 0)) {
5411		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5412		ctsio->kern_data_len = length;
5413		ctsio->kern_total_len = length;
5414		ctsio->kern_data_resid = 0;
5415		ctsio->kern_rel_offset = 0;
5416		ctsio->kern_sg_entries = 0;
5417		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5418		ctsio->be_move_done = ctl_config_move_done;
5419		ctl_datamove((union ctl_io *)ctsio);
5420
5421		return (CTL_RETVAL_COMPLETE);
5422	}
5423
5424	defect_list_len = 0;
5425
5426	if (cdb->byte2 & SF_FMTDATA) {
5427		if (cdb->byte2 & SF_LONGLIST) {
5428			struct scsi_format_header_long *header;
5429
5430			header = (struct scsi_format_header_long *)
5431				ctsio->kern_data_ptr;
5432
5433			defect_list_len = scsi_4btoul(header->defect_list_len);
5434			if (defect_list_len != 0) {
5435				ctl_set_invalid_field(ctsio,
5436						      /*sks_valid*/ 1,
5437						      /*command*/ 0,
5438						      /*field*/ 2,
5439						      /*bit_valid*/ 0,
5440						      /*bit*/ 0);
5441				goto bailout;
5442			}
5443		} else {
5444			struct scsi_format_header_short *header;
5445
5446			header = (struct scsi_format_header_short *)
5447				ctsio->kern_data_ptr;
5448
5449			defect_list_len = scsi_2btoul(header->defect_list_len);
5450			if (defect_list_len != 0) {
5451				ctl_set_invalid_field(ctsio,
5452						      /*sks_valid*/ 1,
5453						      /*command*/ 0,
5454						      /*field*/ 2,
5455						      /*bit_valid*/ 0,
5456						      /*bit*/ 0);
5457				goto bailout;
5458			}
5459		}
5460	}
5461
5462	ctl_set_success(ctsio);
5463bailout:
5464
5465	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5466		free(ctsio->kern_data_ptr, M_CTL);
5467		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5468	}
5469
5470	ctl_done((union ctl_io *)ctsio);
5471	return (CTL_RETVAL_COMPLETE);
5472}
5473
5474int
5475ctl_read_buffer(struct ctl_scsiio *ctsio)
5476{
5477	struct ctl_lun *lun;
5478	uint64_t buffer_offset;
5479	uint32_t len;
5480	uint8_t byte2;
5481	static uint8_t descr[4];
5482	static uint8_t echo_descr[4] = { 0 };
5483
5484	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5485	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5486	switch (ctsio->cdb[0]) {
5487	case READ_BUFFER: {
5488		struct scsi_read_buffer *cdb;
5489
5490		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5491		buffer_offset = scsi_3btoul(cdb->offset);
5492		len = scsi_3btoul(cdb->length);
5493		byte2 = cdb->byte2;
5494		break;
5495	}
5496	case READ_BUFFER_16: {
5497		struct scsi_read_buffer_16 *cdb;
5498
5499		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5500		buffer_offset = scsi_8btou64(cdb->offset);
5501		len = scsi_4btoul(cdb->length);
5502		byte2 = cdb->byte2;
5503		break;
5504	}
5505	default: /* This shouldn't happen. */
5506		ctl_set_invalid_opcode(ctsio);
5507		ctl_done((union ctl_io *)ctsio);
5508		return (CTL_RETVAL_COMPLETE);
5509	}
5510
5511	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5512	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5513		ctl_set_invalid_field(ctsio,
5514				      /*sks_valid*/ 1,
5515				      /*command*/ 1,
5516				      /*field*/ 6,
5517				      /*bit_valid*/ 0,
5518				      /*bit*/ 0);
5519		ctl_done((union ctl_io *)ctsio);
5520		return (CTL_RETVAL_COMPLETE);
5521	}
5522
5523	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5524		descr[0] = 0;
5525		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5526		ctsio->kern_data_ptr = descr;
5527		len = min(len, sizeof(descr));
5528	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5529		ctsio->kern_data_ptr = echo_descr;
5530		len = min(len, sizeof(echo_descr));
5531	} else {
5532		if (lun->write_buffer == NULL) {
5533			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5534			    M_CTL, M_WAITOK);
5535		}
5536		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5537	}
5538	ctsio->kern_data_len = len;
5539	ctsio->kern_total_len = len;
5540	ctsio->kern_data_resid = 0;
5541	ctsio->kern_rel_offset = 0;
5542	ctsio->kern_sg_entries = 0;
5543	ctl_set_success(ctsio);
5544	ctsio->be_move_done = ctl_config_move_done;
5545	ctl_datamove((union ctl_io *)ctsio);
5546	return (CTL_RETVAL_COMPLETE);
5547}
5548
5549int
5550ctl_write_buffer(struct ctl_scsiio *ctsio)
5551{
5552	struct scsi_write_buffer *cdb;
5553	struct ctl_lun *lun;
5554	int buffer_offset, len;
5555
5556	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5557
5558	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5559	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5560
5561	len = scsi_3btoul(cdb->length);
5562	buffer_offset = scsi_3btoul(cdb->offset);
5563
5564	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5565		ctl_set_invalid_field(ctsio,
5566				      /*sks_valid*/ 1,
5567				      /*command*/ 1,
5568				      /*field*/ 6,
5569				      /*bit_valid*/ 0,
5570				      /*bit*/ 0);
5571		ctl_done((union ctl_io *)ctsio);
5572		return (CTL_RETVAL_COMPLETE);
5573	}
5574
5575	/*
5576	 * If we've got a kernel request that hasn't been malloced yet,
5577	 * malloc it and tell the caller the data buffer is here.
5578	 */
5579	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5580		if (lun->write_buffer == NULL) {
5581			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5582			    M_CTL, M_WAITOK);
5583		}
5584		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5585		ctsio->kern_data_len = len;
5586		ctsio->kern_total_len = len;
5587		ctsio->kern_data_resid = 0;
5588		ctsio->kern_rel_offset = 0;
5589		ctsio->kern_sg_entries = 0;
5590		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5591		ctsio->be_move_done = ctl_config_move_done;
5592		ctl_datamove((union ctl_io *)ctsio);
5593
5594		return (CTL_RETVAL_COMPLETE);
5595	}
5596
5597	ctl_set_success(ctsio);
5598	ctl_done((union ctl_io *)ctsio);
5599	return (CTL_RETVAL_COMPLETE);
5600}
5601
5602int
5603ctl_write_same(struct ctl_scsiio *ctsio)
5604{
5605	struct ctl_lun *lun;
5606	struct ctl_lba_len_flags *lbalen;
5607	uint64_t lba;
5608	uint32_t num_blocks;
5609	int len, retval;
5610	uint8_t byte2;
5611
5612	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5613
5614	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5615
5616	switch (ctsio->cdb[0]) {
5617	case WRITE_SAME_10: {
5618		struct scsi_write_same_10 *cdb;
5619
5620		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5621
5622		lba = scsi_4btoul(cdb->addr);
5623		num_blocks = scsi_2btoul(cdb->length);
5624		byte2 = cdb->byte2;
5625		break;
5626	}
5627	case WRITE_SAME_16: {
5628		struct scsi_write_same_16 *cdb;
5629
5630		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5631
5632		lba = scsi_8btou64(cdb->addr);
5633		num_blocks = scsi_4btoul(cdb->length);
5634		byte2 = cdb->byte2;
5635		break;
5636	}
5637	default:
5638		/*
5639		 * We got a command we don't support.  This shouldn't
5640		 * happen, commands should be filtered out above us.
5641		 */
5642		ctl_set_invalid_opcode(ctsio);
5643		ctl_done((union ctl_io *)ctsio);
5644
5645		return (CTL_RETVAL_COMPLETE);
5646		break; /* NOTREACHED */
5647	}
5648
5649	/* ANCHOR flag can be used only together with UNMAP */
5650	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5651		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5652		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5653		ctl_done((union ctl_io *)ctsio);
5654		return (CTL_RETVAL_COMPLETE);
5655	}
5656
5657	/*
5658	 * The first check is to make sure we're in bounds, the second
5659	 * check is to catch wrap-around problems.  If the lba + num blocks
5660	 * is less than the lba, then we've wrapped around and the block
5661	 * range is invalid anyway.
5662	 */
5663	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5664	 || ((lba + num_blocks) < lba)) {
5665		ctl_set_lba_out_of_range(ctsio,
5666		    MAX(lba, lun->be_lun->maxlba + 1));
5667		ctl_done((union ctl_io *)ctsio);
5668		return (CTL_RETVAL_COMPLETE);
5669	}
5670
5671	/* Zero number of blocks means "to the last logical block" */
5672	if (num_blocks == 0) {
5673		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5674			ctl_set_invalid_field(ctsio,
5675					      /*sks_valid*/ 0,
5676					      /*command*/ 1,
5677					      /*field*/ 0,
5678					      /*bit_valid*/ 0,
5679					      /*bit*/ 0);
5680			ctl_done((union ctl_io *)ctsio);
5681			return (CTL_RETVAL_COMPLETE);
5682		}
5683		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5684	}
5685
5686	len = lun->be_lun->blocksize;
5687
5688	/*
5689	 * If we've got a kernel request that hasn't been malloced yet,
5690	 * malloc it and tell the caller the data buffer is here.
5691	 */
5692	if ((byte2 & SWS_NDOB) == 0 &&
5693	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5694		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5695		ctsio->kern_data_len = len;
5696		ctsio->kern_total_len = len;
5697		ctsio->kern_data_resid = 0;
5698		ctsio->kern_rel_offset = 0;
5699		ctsio->kern_sg_entries = 0;
5700		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5701		ctsio->be_move_done = ctl_config_move_done;
5702		ctl_datamove((union ctl_io *)ctsio);
5703
5704		return (CTL_RETVAL_COMPLETE);
5705	}
5706
5707	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5708	lbalen->lba = lba;
5709	lbalen->len = num_blocks;
5710	lbalen->flags = byte2;
5711	retval = lun->backend->config_write((union ctl_io *)ctsio);
5712
5713	return (retval);
5714}
5715
5716int
5717ctl_unmap(struct ctl_scsiio *ctsio)
5718{
5719	struct ctl_lun *lun;
5720	struct scsi_unmap *cdb;
5721	struct ctl_ptr_len_flags *ptrlen;
5722	struct scsi_unmap_header *hdr;
5723	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5724	uint64_t lba;
5725	uint32_t num_blocks;
5726	int len, retval;
5727	uint8_t byte2;
5728
5729	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5730
5731	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5732	cdb = (struct scsi_unmap *)ctsio->cdb;
5733
5734	len = scsi_2btoul(cdb->length);
5735	byte2 = cdb->byte2;
5736
5737	/*
5738	 * If we've got a kernel request that hasn't been malloced yet,
5739	 * malloc it and tell the caller the data buffer is here.
5740	 */
5741	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5742		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5743		ctsio->kern_data_len = len;
5744		ctsio->kern_total_len = len;
5745		ctsio->kern_data_resid = 0;
5746		ctsio->kern_rel_offset = 0;
5747		ctsio->kern_sg_entries = 0;
5748		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5749		ctsio->be_move_done = ctl_config_move_done;
5750		ctl_datamove((union ctl_io *)ctsio);
5751
5752		return (CTL_RETVAL_COMPLETE);
5753	}
5754
5755	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5756	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5757	if (len < sizeof (*hdr) ||
5758	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5759	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5760	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5761		ctl_set_invalid_field(ctsio,
5762				      /*sks_valid*/ 0,
5763				      /*command*/ 0,
5764				      /*field*/ 0,
5765				      /*bit_valid*/ 0,
5766				      /*bit*/ 0);
5767		goto done;
5768	}
5769	len = scsi_2btoul(hdr->desc_length);
5770	buf = (struct scsi_unmap_desc *)(hdr + 1);
5771	end = buf + len / sizeof(*buf);
5772
5773	endnz = buf;
5774	for (range = buf; range < end; range++) {
5775		lba = scsi_8btou64(range->lba);
5776		num_blocks = scsi_4btoul(range->length);
5777		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5778		 || ((lba + num_blocks) < lba)) {
5779			ctl_set_lba_out_of_range(ctsio,
5780			    MAX(lba, lun->be_lun->maxlba + 1));
5781			ctl_done((union ctl_io *)ctsio);
5782			return (CTL_RETVAL_COMPLETE);
5783		}
5784		if (num_blocks != 0)
5785			endnz = range + 1;
5786	}
5787
5788	/*
5789	 * Block backend can not handle zero last range.
5790	 * Filter it out and return if there is nothing left.
5791	 */
5792	len = (uint8_t *)endnz - (uint8_t *)buf;
5793	if (len == 0) {
5794		ctl_set_success(ctsio);
5795		goto done;
5796	}
5797
5798	mtx_lock(&lun->lun_lock);
5799	ptrlen = (struct ctl_ptr_len_flags *)
5800	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5801	ptrlen->ptr = (void *)buf;
5802	ptrlen->len = len;
5803	ptrlen->flags = byte2;
5804	ctl_check_blocked(lun);
5805	mtx_unlock(&lun->lun_lock);
5806
5807	retval = lun->backend->config_write((union ctl_io *)ctsio);
5808	return (retval);
5809
5810done:
5811	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5812		free(ctsio->kern_data_ptr, M_CTL);
5813		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5814	}
5815	ctl_done((union ctl_io *)ctsio);
5816	return (CTL_RETVAL_COMPLETE);
5817}
5818
5819int
5820ctl_default_page_handler(struct ctl_scsiio *ctsio,
5821			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5822{
5823	struct ctl_lun *lun;
5824	uint8_t *current_cp, *saved_cp;
5825	int set_ua;
5826	uint32_t initidx;
5827
5828	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5829	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5830	set_ua = 0;
5831
5832	current_cp = (page_index->page_data + (page_index->page_len *
5833	    CTL_PAGE_CURRENT));
5834	saved_cp = (page_index->page_data + (page_index->page_len *
5835	    CTL_PAGE_SAVED));
5836
5837	mtx_lock(&lun->lun_lock);
5838	if (memcmp(current_cp, page_ptr, page_index->page_len)) {
5839		memcpy(current_cp, page_ptr, page_index->page_len);
5840		memcpy(saved_cp, page_ptr, page_index->page_len);
5841		set_ua = 1;
5842	}
5843	if (set_ua != 0)
5844		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5845	mtx_unlock(&lun->lun_lock);
5846	if (set_ua) {
5847		ctl_isc_announce_mode(lun,
5848		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5849		    page_index->page_code, page_index->subpage);
5850	}
5851	return (CTL_RETVAL_COMPLETE);
5852}
5853
5854static void
5855ctl_ie_timer(void *arg)
5856{
5857	struct ctl_lun *lun = arg;
5858	uint64_t t;
5859
5860	if (lun->ie_asc == 0)
5861		return;
5862
5863	if (lun->MODE_IE.mrie == SIEP_MRIE_UA)
5864		ctl_est_ua_all(lun, -1, CTL_UA_IE);
5865	else
5866		lun->ie_reported = 0;
5867
5868	if (lun->ie_reportcnt < scsi_4btoul(lun->MODE_IE.report_count)) {
5869		lun->ie_reportcnt++;
5870		t = scsi_4btoul(lun->MODE_IE.interval_timer);
5871		if (t == 0 || t == UINT32_MAX)
5872			t = 3000;  /* 5 min */
5873		callout_schedule(&lun->ie_callout, t * hz / 10);
5874	}
5875}
5876
5877int
5878ctl_ie_page_handler(struct ctl_scsiio *ctsio,
5879			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5880{
5881	struct scsi_info_exceptions_page *pg;
5882	struct ctl_lun *lun;
5883	uint64_t t;
5884
5885	(void)ctl_default_page_handler(ctsio, page_index, page_ptr);
5886
5887	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5888	pg = (struct scsi_info_exceptions_page *)page_ptr;
5889	mtx_lock(&lun->lun_lock);
5890	if (pg->info_flags & SIEP_FLAGS_TEST) {
5891		lun->ie_asc = 0x5d;
5892		lun->ie_ascq = 0xff;
5893		if (pg->mrie == SIEP_MRIE_UA) {
5894			ctl_est_ua_all(lun, -1, CTL_UA_IE);
5895			lun->ie_reported = 1;
5896		} else {
5897			ctl_clr_ua_all(lun, -1, CTL_UA_IE);
5898			lun->ie_reported = -1;
5899		}
5900		lun->ie_reportcnt = 1;
5901		if (lun->ie_reportcnt < scsi_4btoul(pg->report_count)) {
5902			lun->ie_reportcnt++;
5903			t = scsi_4btoul(pg->interval_timer);
5904			if (t == 0 || t == UINT32_MAX)
5905				t = 3000;  /* 5 min */
5906			callout_reset(&lun->ie_callout, t * hz / 10,
5907			    ctl_ie_timer, lun);
5908		}
5909	} else {
5910		lun->ie_asc = 0;
5911		lun->ie_ascq = 0;
5912		lun->ie_reported = 1;
5913		ctl_clr_ua_all(lun, -1, CTL_UA_IE);
5914		lun->ie_reportcnt = UINT32_MAX;
5915		callout_stop(&lun->ie_callout);
5916	}
5917	mtx_unlock(&lun->lun_lock);
5918	return (CTL_RETVAL_COMPLETE);
5919}
5920
5921static int
5922ctl_do_mode_select(union ctl_io *io)
5923{
5924	struct scsi_mode_page_header *page_header;
5925	struct ctl_page_index *page_index;
5926	struct ctl_scsiio *ctsio;
5927	int page_len, page_len_offset, page_len_size;
5928	union ctl_modepage_info *modepage_info;
5929	struct ctl_lun *lun;
5930	int *len_left, *len_used;
5931	int retval, i;
5932
5933	ctsio = &io->scsiio;
5934	page_index = NULL;
5935	page_len = 0;
5936	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5937
5938	modepage_info = (union ctl_modepage_info *)
5939		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5940	len_left = &modepage_info->header.len_left;
5941	len_used = &modepage_info->header.len_used;
5942
5943do_next_page:
5944
5945	page_header = (struct scsi_mode_page_header *)
5946		(ctsio->kern_data_ptr + *len_used);
5947
5948	if (*len_left == 0) {
5949		free(ctsio->kern_data_ptr, M_CTL);
5950		ctl_set_success(ctsio);
5951		ctl_done((union ctl_io *)ctsio);
5952		return (CTL_RETVAL_COMPLETE);
5953	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5954
5955		free(ctsio->kern_data_ptr, M_CTL);
5956		ctl_set_param_len_error(ctsio);
5957		ctl_done((union ctl_io *)ctsio);
5958		return (CTL_RETVAL_COMPLETE);
5959
5960	} else if ((page_header->page_code & SMPH_SPF)
5961		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5962
5963		free(ctsio->kern_data_ptr, M_CTL);
5964		ctl_set_param_len_error(ctsio);
5965		ctl_done((union ctl_io *)ctsio);
5966		return (CTL_RETVAL_COMPLETE);
5967	}
5968
5969
5970	/*
5971	 * XXX KDM should we do something with the block descriptor?
5972	 */
5973	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5974		page_index = &lun->mode_pages.index[i];
5975		if (lun->be_lun->lun_type == T_DIRECT &&
5976		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
5977			continue;
5978		if (lun->be_lun->lun_type == T_PROCESSOR &&
5979		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
5980			continue;
5981		if (lun->be_lun->lun_type == T_CDROM &&
5982		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
5983			continue;
5984
5985		if ((page_index->page_code & SMPH_PC_MASK) !=
5986		    (page_header->page_code & SMPH_PC_MASK))
5987			continue;
5988
5989		/*
5990		 * If neither page has a subpage code, then we've got a
5991		 * match.
5992		 */
5993		if (((page_index->page_code & SMPH_SPF) == 0)
5994		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5995			page_len = page_header->page_length;
5996			break;
5997		}
5998
5999		/*
6000		 * If both pages have subpages, then the subpage numbers
6001		 * have to match.
6002		 */
6003		if ((page_index->page_code & SMPH_SPF)
6004		  && (page_header->page_code & SMPH_SPF)) {
6005			struct scsi_mode_page_header_sp *sph;
6006
6007			sph = (struct scsi_mode_page_header_sp *)page_header;
6008			if (page_index->subpage == sph->subpage) {
6009				page_len = scsi_2btoul(sph->page_length);
6010				break;
6011			}
6012		}
6013	}
6014
6015	/*
6016	 * If we couldn't find the page, or if we don't have a mode select
6017	 * handler for it, send back an error to the user.
6018	 */
6019	if ((i >= CTL_NUM_MODE_PAGES)
6020	 || (page_index->select_handler == NULL)) {
6021		ctl_set_invalid_field(ctsio,
6022				      /*sks_valid*/ 1,
6023				      /*command*/ 0,
6024				      /*field*/ *len_used,
6025				      /*bit_valid*/ 0,
6026				      /*bit*/ 0);
6027		free(ctsio->kern_data_ptr, M_CTL);
6028		ctl_done((union ctl_io *)ctsio);
6029		return (CTL_RETVAL_COMPLETE);
6030	}
6031
6032	if (page_index->page_code & SMPH_SPF) {
6033		page_len_offset = 2;
6034		page_len_size = 2;
6035	} else {
6036		page_len_size = 1;
6037		page_len_offset = 1;
6038	}
6039
6040	/*
6041	 * If the length the initiator gives us isn't the one we specify in
6042	 * the mode page header, or if they didn't specify enough data in
6043	 * the CDB to avoid truncating this page, kick out the request.
6044	 */
6045	if (page_len != page_index->page_len - page_len_offset - page_len_size) {
6046		ctl_set_invalid_field(ctsio,
6047				      /*sks_valid*/ 1,
6048				      /*command*/ 0,
6049				      /*field*/ *len_used + page_len_offset,
6050				      /*bit_valid*/ 0,
6051				      /*bit*/ 0);
6052		free(ctsio->kern_data_ptr, M_CTL);
6053		ctl_done((union ctl_io *)ctsio);
6054		return (CTL_RETVAL_COMPLETE);
6055	}
6056	if (*len_left < page_index->page_len) {
6057		free(ctsio->kern_data_ptr, M_CTL);
6058		ctl_set_param_len_error(ctsio);
6059		ctl_done((union ctl_io *)ctsio);
6060		return (CTL_RETVAL_COMPLETE);
6061	}
6062
6063	/*
6064	 * Run through the mode page, checking to make sure that the bits
6065	 * the user changed are actually legal for him to change.
6066	 */
6067	for (i = 0; i < page_index->page_len; i++) {
6068		uint8_t *user_byte, *change_mask, *current_byte;
6069		int bad_bit;
6070		int j;
6071
6072		user_byte = (uint8_t *)page_header + i;
6073		change_mask = page_index->page_data +
6074			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6075		current_byte = page_index->page_data +
6076			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6077
6078		/*
6079		 * Check to see whether the user set any bits in this byte
6080		 * that he is not allowed to set.
6081		 */
6082		if ((*user_byte & ~(*change_mask)) ==
6083		    (*current_byte & ~(*change_mask)))
6084			continue;
6085
6086		/*
6087		 * Go through bit by bit to determine which one is illegal.
6088		 */
6089		bad_bit = 0;
6090		for (j = 7; j >= 0; j--) {
6091			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6092			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6093				bad_bit = i;
6094				break;
6095			}
6096		}
6097		ctl_set_invalid_field(ctsio,
6098				      /*sks_valid*/ 1,
6099				      /*command*/ 0,
6100				      /*field*/ *len_used + i,
6101				      /*bit_valid*/ 1,
6102				      /*bit*/ bad_bit);
6103		free(ctsio->kern_data_ptr, M_CTL);
6104		ctl_done((union ctl_io *)ctsio);
6105		return (CTL_RETVAL_COMPLETE);
6106	}
6107
6108	/*
6109	 * Decrement these before we call the page handler, since we may
6110	 * end up getting called back one way or another before the handler
6111	 * returns to this context.
6112	 */
6113	*len_left -= page_index->page_len;
6114	*len_used += page_index->page_len;
6115
6116	retval = page_index->select_handler(ctsio, page_index,
6117					    (uint8_t *)page_header);
6118
6119	/*
6120	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6121	 * wait until this queued command completes to finish processing
6122	 * the mode page.  If it returns anything other than
6123	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6124	 * already set the sense information, freed the data pointer, and
6125	 * completed the io for us.
6126	 */
6127	if (retval != CTL_RETVAL_COMPLETE)
6128		goto bailout_no_done;
6129
6130	/*
6131	 * If the initiator sent us more than one page, parse the next one.
6132	 */
6133	if (*len_left > 0)
6134		goto do_next_page;
6135
6136	ctl_set_success(ctsio);
6137	free(ctsio->kern_data_ptr, M_CTL);
6138	ctl_done((union ctl_io *)ctsio);
6139
6140bailout_no_done:
6141
6142	return (CTL_RETVAL_COMPLETE);
6143
6144}
6145
6146int
6147ctl_mode_select(struct ctl_scsiio *ctsio)
6148{
6149	int param_len, pf, sp;
6150	int header_size, bd_len;
6151	union ctl_modepage_info *modepage_info;
6152
6153	switch (ctsio->cdb[0]) {
6154	case MODE_SELECT_6: {
6155		struct scsi_mode_select_6 *cdb;
6156
6157		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6158
6159		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6160		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6161		param_len = cdb->length;
6162		header_size = sizeof(struct scsi_mode_header_6);
6163		break;
6164	}
6165	case MODE_SELECT_10: {
6166		struct scsi_mode_select_10 *cdb;
6167
6168		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6169
6170		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6171		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6172		param_len = scsi_2btoul(cdb->length);
6173		header_size = sizeof(struct scsi_mode_header_10);
6174		break;
6175	}
6176	default:
6177		ctl_set_invalid_opcode(ctsio);
6178		ctl_done((union ctl_io *)ctsio);
6179		return (CTL_RETVAL_COMPLETE);
6180	}
6181
6182	/*
6183	 * From SPC-3:
6184	 * "A parameter list length of zero indicates that the Data-Out Buffer
6185	 * shall be empty. This condition shall not be considered as an error."
6186	 */
6187	if (param_len == 0) {
6188		ctl_set_success(ctsio);
6189		ctl_done((union ctl_io *)ctsio);
6190		return (CTL_RETVAL_COMPLETE);
6191	}
6192
6193	/*
6194	 * Since we'll hit this the first time through, prior to
6195	 * allocation, we don't need to free a data buffer here.
6196	 */
6197	if (param_len < header_size) {
6198		ctl_set_param_len_error(ctsio);
6199		ctl_done((union ctl_io *)ctsio);
6200		return (CTL_RETVAL_COMPLETE);
6201	}
6202
6203	/*
6204	 * Allocate the data buffer and grab the user's data.  In theory,
6205	 * we shouldn't have to sanity check the parameter list length here
6206	 * because the maximum size is 64K.  We should be able to malloc
6207	 * that much without too many problems.
6208	 */
6209	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6210		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6211		ctsio->kern_data_len = param_len;
6212		ctsio->kern_total_len = param_len;
6213		ctsio->kern_data_resid = 0;
6214		ctsio->kern_rel_offset = 0;
6215		ctsio->kern_sg_entries = 0;
6216		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6217		ctsio->be_move_done = ctl_config_move_done;
6218		ctl_datamove((union ctl_io *)ctsio);
6219
6220		return (CTL_RETVAL_COMPLETE);
6221	}
6222
6223	switch (ctsio->cdb[0]) {
6224	case MODE_SELECT_6: {
6225		struct scsi_mode_header_6 *mh6;
6226
6227		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6228		bd_len = mh6->blk_desc_len;
6229		break;
6230	}
6231	case MODE_SELECT_10: {
6232		struct scsi_mode_header_10 *mh10;
6233
6234		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6235		bd_len = scsi_2btoul(mh10->blk_desc_len);
6236		break;
6237	}
6238	default:
6239		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6240	}
6241
6242	if (param_len < (header_size + bd_len)) {
6243		free(ctsio->kern_data_ptr, M_CTL);
6244		ctl_set_param_len_error(ctsio);
6245		ctl_done((union ctl_io *)ctsio);
6246		return (CTL_RETVAL_COMPLETE);
6247	}
6248
6249	/*
6250	 * Set the IO_CONT flag, so that if this I/O gets passed to
6251	 * ctl_config_write_done(), it'll get passed back to
6252	 * ctl_do_mode_select() for further processing, or completion if
6253	 * we're all done.
6254	 */
6255	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6256	ctsio->io_cont = ctl_do_mode_select;
6257
6258	modepage_info = (union ctl_modepage_info *)
6259		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6260	memset(modepage_info, 0, sizeof(*modepage_info));
6261	modepage_info->header.len_left = param_len - header_size - bd_len;
6262	modepage_info->header.len_used = header_size + bd_len;
6263
6264	return (ctl_do_mode_select((union ctl_io *)ctsio));
6265}
6266
6267int
6268ctl_mode_sense(struct ctl_scsiio *ctsio)
6269{
6270	struct ctl_lun *lun;
6271	int pc, page_code, dbd, llba, subpage;
6272	int alloc_len, page_len, header_len, total_len;
6273	struct scsi_mode_block_descr *block_desc;
6274	struct ctl_page_index *page_index;
6275
6276	dbd = 0;
6277	llba = 0;
6278	block_desc = NULL;
6279
6280	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6281
6282	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6283	switch (ctsio->cdb[0]) {
6284	case MODE_SENSE_6: {
6285		struct scsi_mode_sense_6 *cdb;
6286
6287		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6288
6289		header_len = sizeof(struct scsi_mode_hdr_6);
6290		if (cdb->byte2 & SMS_DBD)
6291			dbd = 1;
6292		else
6293			header_len += sizeof(struct scsi_mode_block_descr);
6294
6295		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6296		page_code = cdb->page & SMS_PAGE_CODE;
6297		subpage = cdb->subpage;
6298		alloc_len = cdb->length;
6299		break;
6300	}
6301	case MODE_SENSE_10: {
6302		struct scsi_mode_sense_10 *cdb;
6303
6304		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6305
6306		header_len = sizeof(struct scsi_mode_hdr_10);
6307
6308		if (cdb->byte2 & SMS_DBD)
6309			dbd = 1;
6310		else
6311			header_len += sizeof(struct scsi_mode_block_descr);
6312		if (cdb->byte2 & SMS10_LLBAA)
6313			llba = 1;
6314		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6315		page_code = cdb->page & SMS_PAGE_CODE;
6316		subpage = cdb->subpage;
6317		alloc_len = scsi_2btoul(cdb->length);
6318		break;
6319	}
6320	default:
6321		ctl_set_invalid_opcode(ctsio);
6322		ctl_done((union ctl_io *)ctsio);
6323		return (CTL_RETVAL_COMPLETE);
6324		break; /* NOTREACHED */
6325	}
6326
6327	/*
6328	 * We have to make a first pass through to calculate the size of
6329	 * the pages that match the user's query.  Then we allocate enough
6330	 * memory to hold it, and actually copy the data into the buffer.
6331	 */
6332	switch (page_code) {
6333	case SMS_ALL_PAGES_PAGE: {
6334		u_int i;
6335
6336		page_len = 0;
6337
6338		/*
6339		 * At the moment, values other than 0 and 0xff here are
6340		 * reserved according to SPC-3.
6341		 */
6342		if ((subpage != SMS_SUBPAGE_PAGE_0)
6343		 && (subpage != SMS_SUBPAGE_ALL)) {
6344			ctl_set_invalid_field(ctsio,
6345					      /*sks_valid*/ 1,
6346					      /*command*/ 1,
6347					      /*field*/ 3,
6348					      /*bit_valid*/ 0,
6349					      /*bit*/ 0);
6350			ctl_done((union ctl_io *)ctsio);
6351			return (CTL_RETVAL_COMPLETE);
6352		}
6353
6354		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6355			page_index = &lun->mode_pages.index[i];
6356
6357			/* Make sure the page is supported for this dev type */
6358			if (lun->be_lun->lun_type == T_DIRECT &&
6359			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6360				continue;
6361			if (lun->be_lun->lun_type == T_PROCESSOR &&
6362			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6363				continue;
6364			if (lun->be_lun->lun_type == T_CDROM &&
6365			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6366				continue;
6367
6368			/*
6369			 * We don't use this subpage if the user didn't
6370			 * request all subpages.
6371			 */
6372			if ((page_index->subpage != 0)
6373			 && (subpage == SMS_SUBPAGE_PAGE_0))
6374				continue;
6375
6376#if 0
6377			printf("found page %#x len %d\n",
6378			       page_index->page_code & SMPH_PC_MASK,
6379			       page_index->page_len);
6380#endif
6381			page_len += page_index->page_len;
6382		}
6383		break;
6384	}
6385	default: {
6386		u_int i;
6387
6388		page_len = 0;
6389
6390		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6391			page_index = &lun->mode_pages.index[i];
6392
6393			/* Make sure the page is supported for this dev type */
6394			if (lun->be_lun->lun_type == T_DIRECT &&
6395			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6396				continue;
6397			if (lun->be_lun->lun_type == T_PROCESSOR &&
6398			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6399				continue;
6400			if (lun->be_lun->lun_type == T_CDROM &&
6401			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6402				continue;
6403
6404			/* Look for the right page code */
6405			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6406				continue;
6407
6408			/* Look for the right subpage or the subpage wildcard*/
6409			if ((page_index->subpage != subpage)
6410			 && (subpage != SMS_SUBPAGE_ALL))
6411				continue;
6412
6413#if 0
6414			printf("found page %#x len %d\n",
6415			       page_index->page_code & SMPH_PC_MASK,
6416			       page_index->page_len);
6417#endif
6418
6419			page_len += page_index->page_len;
6420		}
6421
6422		if (page_len == 0) {
6423			ctl_set_invalid_field(ctsio,
6424					      /*sks_valid*/ 1,
6425					      /*command*/ 1,
6426					      /*field*/ 2,
6427					      /*bit_valid*/ 1,
6428					      /*bit*/ 5);
6429			ctl_done((union ctl_io *)ctsio);
6430			return (CTL_RETVAL_COMPLETE);
6431		}
6432		break;
6433	}
6434	}
6435
6436	total_len = header_len + page_len;
6437#if 0
6438	printf("header_len = %d, page_len = %d, total_len = %d\n",
6439	       header_len, page_len, total_len);
6440#endif
6441
6442	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6443	ctsio->kern_sg_entries = 0;
6444	ctsio->kern_data_resid = 0;
6445	ctsio->kern_rel_offset = 0;
6446	if (total_len < alloc_len) {
6447		ctsio->residual = alloc_len - total_len;
6448		ctsio->kern_data_len = total_len;
6449		ctsio->kern_total_len = total_len;
6450	} else {
6451		ctsio->residual = 0;
6452		ctsio->kern_data_len = alloc_len;
6453		ctsio->kern_total_len = alloc_len;
6454	}
6455
6456	switch (ctsio->cdb[0]) {
6457	case MODE_SENSE_6: {
6458		struct scsi_mode_hdr_6 *header;
6459
6460		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6461
6462		header->datalen = MIN(total_len - 1, 254);
6463		if (lun->be_lun->lun_type == T_DIRECT) {
6464			header->dev_specific = 0x10; /* DPOFUA */
6465			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6466			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6467				header->dev_specific |= 0x80; /* WP */
6468		}
6469		if (dbd)
6470			header->block_descr_len = 0;
6471		else
6472			header->block_descr_len =
6473				sizeof(struct scsi_mode_block_descr);
6474		block_desc = (struct scsi_mode_block_descr *)&header[1];
6475		break;
6476	}
6477	case MODE_SENSE_10: {
6478		struct scsi_mode_hdr_10 *header;
6479		int datalen;
6480
6481		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6482
6483		datalen = MIN(total_len - 2, 65533);
6484		scsi_ulto2b(datalen, header->datalen);
6485		if (lun->be_lun->lun_type == T_DIRECT) {
6486			header->dev_specific = 0x10; /* DPOFUA */
6487			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6488			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6489				header->dev_specific |= 0x80; /* WP */
6490		}
6491		if (dbd)
6492			scsi_ulto2b(0, header->block_descr_len);
6493		else
6494			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6495				    header->block_descr_len);
6496		block_desc = (struct scsi_mode_block_descr *)&header[1];
6497		break;
6498	}
6499	default:
6500		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6501	}
6502
6503	/*
6504	 * If we've got a disk, use its blocksize in the block
6505	 * descriptor.  Otherwise, just set it to 0.
6506	 */
6507	if (dbd == 0) {
6508		if (lun->be_lun->lun_type == T_DIRECT)
6509			scsi_ulto3b(lun->be_lun->blocksize,
6510				    block_desc->block_len);
6511		else
6512			scsi_ulto3b(0, block_desc->block_len);
6513	}
6514
6515	switch (page_code) {
6516	case SMS_ALL_PAGES_PAGE: {
6517		int i, data_used;
6518
6519		data_used = header_len;
6520		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6521			struct ctl_page_index *page_index;
6522
6523			page_index = &lun->mode_pages.index[i];
6524			if (lun->be_lun->lun_type == T_DIRECT &&
6525			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6526				continue;
6527			if (lun->be_lun->lun_type == T_PROCESSOR &&
6528			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6529				continue;
6530			if (lun->be_lun->lun_type == T_CDROM &&
6531			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6532				continue;
6533
6534			/*
6535			 * We don't use this subpage if the user didn't
6536			 * request all subpages.  We already checked (above)
6537			 * to make sure the user only specified a subpage
6538			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6539			 */
6540			if ((page_index->subpage != 0)
6541			 && (subpage == SMS_SUBPAGE_PAGE_0))
6542				continue;
6543
6544			/*
6545			 * Call the handler, if it exists, to update the
6546			 * page to the latest values.
6547			 */
6548			if (page_index->sense_handler != NULL)
6549				page_index->sense_handler(ctsio, page_index,pc);
6550
6551			memcpy(ctsio->kern_data_ptr + data_used,
6552			       page_index->page_data +
6553			       (page_index->page_len * pc),
6554			       page_index->page_len);
6555			data_used += page_index->page_len;
6556		}
6557		break;
6558	}
6559	default: {
6560		int i, data_used;
6561
6562		data_used = header_len;
6563
6564		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6565			struct ctl_page_index *page_index;
6566
6567			page_index = &lun->mode_pages.index[i];
6568
6569			/* Look for the right page code */
6570			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6571				continue;
6572
6573			/* Look for the right subpage or the subpage wildcard*/
6574			if ((page_index->subpage != subpage)
6575			 && (subpage != SMS_SUBPAGE_ALL))
6576				continue;
6577
6578			/* Make sure the page is supported for this dev type */
6579			if (lun->be_lun->lun_type == T_DIRECT &&
6580			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6581				continue;
6582			if (lun->be_lun->lun_type == T_PROCESSOR &&
6583			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6584				continue;
6585			if (lun->be_lun->lun_type == T_CDROM &&
6586			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6587				continue;
6588
6589			/*
6590			 * Call the handler, if it exists, to update the
6591			 * page to the latest values.
6592			 */
6593			if (page_index->sense_handler != NULL)
6594				page_index->sense_handler(ctsio, page_index,pc);
6595
6596			memcpy(ctsio->kern_data_ptr + data_used,
6597			       page_index->page_data +
6598			       (page_index->page_len * pc),
6599			       page_index->page_len);
6600			data_used += page_index->page_len;
6601		}
6602		break;
6603	}
6604	}
6605
6606	ctl_set_success(ctsio);
6607	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6608	ctsio->be_move_done = ctl_config_move_done;
6609	ctl_datamove((union ctl_io *)ctsio);
6610	return (CTL_RETVAL_COMPLETE);
6611}
6612
6613int
6614ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6615			       struct ctl_page_index *page_index,
6616			       int pc)
6617{
6618	struct ctl_lun *lun;
6619	struct scsi_log_param_header *phdr;
6620	uint8_t *data;
6621	uint64_t val;
6622
6623	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6624	data = page_index->page_data;
6625
6626	if (lun->backend->lun_attr != NULL &&
6627	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6628	     != UINT64_MAX) {
6629		phdr = (struct scsi_log_param_header *)data;
6630		scsi_ulto2b(0x0001, phdr->param_code);
6631		phdr->param_control = SLP_LBIN | SLP_LP;
6632		phdr->param_len = 8;
6633		data = (uint8_t *)(phdr + 1);
6634		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6635		data[4] = 0x02; /* per-pool */
6636		data += phdr->param_len;
6637	}
6638
6639	if (lun->backend->lun_attr != NULL &&
6640	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6641	     != UINT64_MAX) {
6642		phdr = (struct scsi_log_param_header *)data;
6643		scsi_ulto2b(0x0002, phdr->param_code);
6644		phdr->param_control = SLP_LBIN | SLP_LP;
6645		phdr->param_len = 8;
6646		data = (uint8_t *)(phdr + 1);
6647		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6648		data[4] = 0x01; /* per-LUN */
6649		data += phdr->param_len;
6650	}
6651
6652	if (lun->backend->lun_attr != NULL &&
6653	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6654	     != UINT64_MAX) {
6655		phdr = (struct scsi_log_param_header *)data;
6656		scsi_ulto2b(0x00f1, phdr->param_code);
6657		phdr->param_control = SLP_LBIN | SLP_LP;
6658		phdr->param_len = 8;
6659		data = (uint8_t *)(phdr + 1);
6660		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6661		data[4] = 0x02; /* per-pool */
6662		data += phdr->param_len;
6663	}
6664
6665	if (lun->backend->lun_attr != NULL &&
6666	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6667	     != UINT64_MAX) {
6668		phdr = (struct scsi_log_param_header *)data;
6669		scsi_ulto2b(0x00f2, phdr->param_code);
6670		phdr->param_control = SLP_LBIN | SLP_LP;
6671		phdr->param_len = 8;
6672		data = (uint8_t *)(phdr + 1);
6673		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6674		data[4] = 0x02; /* per-pool */
6675		data += phdr->param_len;
6676	}
6677
6678	page_index->page_len = data - page_index->page_data;
6679	return (0);
6680}
6681
6682int
6683ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6684			       struct ctl_page_index *page_index,
6685			       int pc)
6686{
6687	struct ctl_lun *lun;
6688	struct stat_page *data;
6689	uint64_t rn, wn, rb, wb;
6690	struct bintime rt, wt;
6691	int i;
6692
6693	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6694	data = (struct stat_page *)page_index->page_data;
6695
6696	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6697	data->sap.hdr.param_control = SLP_LBIN;
6698	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6699	    sizeof(struct scsi_log_param_header);
6700	rn = wn = rb = wb = 0;
6701	bintime_clear(&rt);
6702	bintime_clear(&wt);
6703	for (i = 0; i < CTL_MAX_PORTS; i++) {
6704		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6705		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6706		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6707		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6708		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6709		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6710	}
6711	scsi_u64to8b(rn, data->sap.read_num);
6712	scsi_u64to8b(wn, data->sap.write_num);
6713	if (lun->stats.blocksize > 0) {
6714		scsi_u64to8b(wb / lun->stats.blocksize,
6715		    data->sap.recvieved_lba);
6716		scsi_u64to8b(rb / lun->stats.blocksize,
6717		    data->sap.transmitted_lba);
6718	}
6719	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6720	    data->sap.read_int);
6721	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6722	    data->sap.write_int);
6723	scsi_u64to8b(0, data->sap.weighted_num);
6724	scsi_u64to8b(0, data->sap.weighted_int);
6725	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6726	data->it.hdr.param_control = SLP_LBIN;
6727	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6728	    sizeof(struct scsi_log_param_header);
6729#ifdef CTL_TIME_IO
6730	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6731#endif
6732	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6733	data->it.hdr.param_control = SLP_LBIN;
6734	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6735	    sizeof(struct scsi_log_param_header);
6736	scsi_ulto4b(3, data->ti.exponent);
6737	scsi_ulto4b(1, data->ti.integer);
6738	return (0);
6739}
6740
6741int
6742ctl_ie_log_sense_handler(struct ctl_scsiio *ctsio,
6743			       struct ctl_page_index *page_index,
6744			       int pc)
6745{
6746	struct ctl_lun *lun;
6747	struct scsi_log_informational_exceptions *data;
6748
6749	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6750	data = (struct scsi_log_informational_exceptions *)page_index->page_data;
6751
6752	scsi_ulto2b(SLP_IE_GEN, data->hdr.param_code);
6753	data->hdr.param_control = SLP_LBIN;
6754	data->hdr.param_len = sizeof(struct scsi_log_informational_exceptions) -
6755	    sizeof(struct scsi_log_param_header);
6756	data->ie_asc = lun->ie_asc;
6757	data->ie_ascq = lun->ie_ascq;
6758	data->temperature = 0xff;
6759	return (0);
6760}
6761
6762int
6763ctl_log_sense(struct ctl_scsiio *ctsio)
6764{
6765	struct ctl_lun *lun;
6766	int i, pc, page_code, subpage;
6767	int alloc_len, total_len;
6768	struct ctl_page_index *page_index;
6769	struct scsi_log_sense *cdb;
6770	struct scsi_log_header *header;
6771
6772	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6773
6774	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6775	cdb = (struct scsi_log_sense *)ctsio->cdb;
6776	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6777	page_code = cdb->page & SLS_PAGE_CODE;
6778	subpage = cdb->subpage;
6779	alloc_len = scsi_2btoul(cdb->length);
6780
6781	page_index = NULL;
6782	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6783		page_index = &lun->log_pages.index[i];
6784
6785		/* Look for the right page code */
6786		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6787			continue;
6788
6789		/* Look for the right subpage or the subpage wildcard*/
6790		if (page_index->subpage != subpage)
6791			continue;
6792
6793		break;
6794	}
6795	if (i >= CTL_NUM_LOG_PAGES) {
6796		ctl_set_invalid_field(ctsio,
6797				      /*sks_valid*/ 1,
6798				      /*command*/ 1,
6799				      /*field*/ 2,
6800				      /*bit_valid*/ 0,
6801				      /*bit*/ 0);
6802		ctl_done((union ctl_io *)ctsio);
6803		return (CTL_RETVAL_COMPLETE);
6804	}
6805
6806	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6807
6808	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6809	ctsio->kern_sg_entries = 0;
6810	ctsio->kern_data_resid = 0;
6811	ctsio->kern_rel_offset = 0;
6812	if (total_len < alloc_len) {
6813		ctsio->residual = alloc_len - total_len;
6814		ctsio->kern_data_len = total_len;
6815		ctsio->kern_total_len = total_len;
6816	} else {
6817		ctsio->residual = 0;
6818		ctsio->kern_data_len = alloc_len;
6819		ctsio->kern_total_len = alloc_len;
6820	}
6821
6822	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6823	header->page = page_index->page_code;
6824	if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING)
6825		header->page |= SL_DS;
6826	if (page_index->subpage) {
6827		header->page |= SL_SPF;
6828		header->subpage = page_index->subpage;
6829	}
6830	scsi_ulto2b(page_index->page_len, header->datalen);
6831
6832	/*
6833	 * Call the handler, if it exists, to update the
6834	 * page to the latest values.
6835	 */
6836	if (page_index->sense_handler != NULL)
6837		page_index->sense_handler(ctsio, page_index, pc);
6838
6839	memcpy(header + 1, page_index->page_data, page_index->page_len);
6840
6841	ctl_set_success(ctsio);
6842	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6843	ctsio->be_move_done = ctl_config_move_done;
6844	ctl_datamove((union ctl_io *)ctsio);
6845	return (CTL_RETVAL_COMPLETE);
6846}
6847
6848int
6849ctl_read_capacity(struct ctl_scsiio *ctsio)
6850{
6851	struct scsi_read_capacity *cdb;
6852	struct scsi_read_capacity_data *data;
6853	struct ctl_lun *lun;
6854	uint32_t lba;
6855
6856	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6857
6858	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6859
6860	lba = scsi_4btoul(cdb->addr);
6861	if (((cdb->pmi & SRC_PMI) == 0)
6862	 && (lba != 0)) {
6863		ctl_set_invalid_field(/*ctsio*/ ctsio,
6864				      /*sks_valid*/ 1,
6865				      /*command*/ 1,
6866				      /*field*/ 2,
6867				      /*bit_valid*/ 0,
6868				      /*bit*/ 0);
6869		ctl_done((union ctl_io *)ctsio);
6870		return (CTL_RETVAL_COMPLETE);
6871	}
6872
6873	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6874
6875	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6876	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6877	ctsio->residual = 0;
6878	ctsio->kern_data_len = sizeof(*data);
6879	ctsio->kern_total_len = sizeof(*data);
6880	ctsio->kern_data_resid = 0;
6881	ctsio->kern_rel_offset = 0;
6882	ctsio->kern_sg_entries = 0;
6883
6884	/*
6885	 * If the maximum LBA is greater than 0xfffffffe, the user must
6886	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6887	 * serivce action set.
6888	 */
6889	if (lun->be_lun->maxlba > 0xfffffffe)
6890		scsi_ulto4b(0xffffffff, data->addr);
6891	else
6892		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6893
6894	/*
6895	 * XXX KDM this may not be 512 bytes...
6896	 */
6897	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6898
6899	ctl_set_success(ctsio);
6900	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6901	ctsio->be_move_done = ctl_config_move_done;
6902	ctl_datamove((union ctl_io *)ctsio);
6903	return (CTL_RETVAL_COMPLETE);
6904}
6905
6906int
6907ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6908{
6909	struct scsi_read_capacity_16 *cdb;
6910	struct scsi_read_capacity_data_long *data;
6911	struct ctl_lun *lun;
6912	uint64_t lba;
6913	uint32_t alloc_len;
6914
6915	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6916
6917	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6918
6919	alloc_len = scsi_4btoul(cdb->alloc_len);
6920	lba = scsi_8btou64(cdb->addr);
6921
6922	if ((cdb->reladr & SRC16_PMI)
6923	 && (lba != 0)) {
6924		ctl_set_invalid_field(/*ctsio*/ ctsio,
6925				      /*sks_valid*/ 1,
6926				      /*command*/ 1,
6927				      /*field*/ 2,
6928				      /*bit_valid*/ 0,
6929				      /*bit*/ 0);
6930		ctl_done((union ctl_io *)ctsio);
6931		return (CTL_RETVAL_COMPLETE);
6932	}
6933
6934	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6935
6936	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6937	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6938
6939	if (sizeof(*data) < alloc_len) {
6940		ctsio->residual = alloc_len - sizeof(*data);
6941		ctsio->kern_data_len = sizeof(*data);
6942		ctsio->kern_total_len = sizeof(*data);
6943	} else {
6944		ctsio->residual = 0;
6945		ctsio->kern_data_len = alloc_len;
6946		ctsio->kern_total_len = alloc_len;
6947	}
6948	ctsio->kern_data_resid = 0;
6949	ctsio->kern_rel_offset = 0;
6950	ctsio->kern_sg_entries = 0;
6951
6952	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6953	/* XXX KDM this may not be 512 bytes... */
6954	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6955	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6956	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6957	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6958		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6959
6960	ctl_set_success(ctsio);
6961	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6962	ctsio->be_move_done = ctl_config_move_done;
6963	ctl_datamove((union ctl_io *)ctsio);
6964	return (CTL_RETVAL_COMPLETE);
6965}
6966
6967int
6968ctl_get_lba_status(struct ctl_scsiio *ctsio)
6969{
6970	struct scsi_get_lba_status *cdb;
6971	struct scsi_get_lba_status_data *data;
6972	struct ctl_lun *lun;
6973	struct ctl_lba_len_flags *lbalen;
6974	uint64_t lba;
6975	uint32_t alloc_len, total_len;
6976	int retval;
6977
6978	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6979
6980	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6981	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6982	lba = scsi_8btou64(cdb->addr);
6983	alloc_len = scsi_4btoul(cdb->alloc_len);
6984
6985	if (lba > lun->be_lun->maxlba) {
6986		ctl_set_lba_out_of_range(ctsio, lba);
6987		ctl_done((union ctl_io *)ctsio);
6988		return (CTL_RETVAL_COMPLETE);
6989	}
6990
6991	total_len = sizeof(*data) + sizeof(data->descr[0]);
6992	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6993	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6994
6995	if (total_len < alloc_len) {
6996		ctsio->residual = alloc_len - total_len;
6997		ctsio->kern_data_len = total_len;
6998		ctsio->kern_total_len = total_len;
6999	} else {
7000		ctsio->residual = 0;
7001		ctsio->kern_data_len = alloc_len;
7002		ctsio->kern_total_len = alloc_len;
7003	}
7004	ctsio->kern_data_resid = 0;
7005	ctsio->kern_rel_offset = 0;
7006	ctsio->kern_sg_entries = 0;
7007
7008	/* Fill dummy data in case backend can't tell anything. */
7009	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7010	scsi_u64to8b(lba, data->descr[0].addr);
7011	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7012	    data->descr[0].length);
7013	data->descr[0].status = 0; /* Mapped or unknown. */
7014
7015	ctl_set_success(ctsio);
7016	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7017	ctsio->be_move_done = ctl_config_move_done;
7018
7019	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7020	lbalen->lba = lba;
7021	lbalen->len = total_len;
7022	lbalen->flags = 0;
7023	retval = lun->backend->config_read((union ctl_io *)ctsio);
7024	return (CTL_RETVAL_COMPLETE);
7025}
7026
7027int
7028ctl_read_defect(struct ctl_scsiio *ctsio)
7029{
7030	struct scsi_read_defect_data_10 *ccb10;
7031	struct scsi_read_defect_data_12 *ccb12;
7032	struct scsi_read_defect_data_hdr_10 *data10;
7033	struct scsi_read_defect_data_hdr_12 *data12;
7034	uint32_t alloc_len, data_len;
7035	uint8_t format;
7036
7037	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7038
7039	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7040		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7041		format = ccb10->format;
7042		alloc_len = scsi_2btoul(ccb10->alloc_length);
7043		data_len = sizeof(*data10);
7044	} else {
7045		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7046		format = ccb12->format;
7047		alloc_len = scsi_4btoul(ccb12->alloc_length);
7048		data_len = sizeof(*data12);
7049	}
7050	if (alloc_len == 0) {
7051		ctl_set_success(ctsio);
7052		ctl_done((union ctl_io *)ctsio);
7053		return (CTL_RETVAL_COMPLETE);
7054	}
7055
7056	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7057	if (data_len < alloc_len) {
7058		ctsio->residual = alloc_len - data_len;
7059		ctsio->kern_data_len = data_len;
7060		ctsio->kern_total_len = data_len;
7061	} else {
7062		ctsio->residual = 0;
7063		ctsio->kern_data_len = alloc_len;
7064		ctsio->kern_total_len = alloc_len;
7065	}
7066	ctsio->kern_data_resid = 0;
7067	ctsio->kern_rel_offset = 0;
7068	ctsio->kern_sg_entries = 0;
7069
7070	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7071		data10 = (struct scsi_read_defect_data_hdr_10 *)
7072		    ctsio->kern_data_ptr;
7073		data10->format = format;
7074		scsi_ulto2b(0, data10->length);
7075	} else {
7076		data12 = (struct scsi_read_defect_data_hdr_12 *)
7077		    ctsio->kern_data_ptr;
7078		data12->format = format;
7079		scsi_ulto2b(0, data12->generation);
7080		scsi_ulto4b(0, data12->length);
7081	}
7082
7083	ctl_set_success(ctsio);
7084	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7085	ctsio->be_move_done = ctl_config_move_done;
7086	ctl_datamove((union ctl_io *)ctsio);
7087	return (CTL_RETVAL_COMPLETE);
7088}
7089
7090int
7091ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7092{
7093	struct scsi_maintenance_in *cdb;
7094	int retval;
7095	int alloc_len, ext, total_len = 0, g, pc, pg, ts, os;
7096	int num_ha_groups, num_target_ports, shared_group;
7097	struct ctl_lun *lun;
7098	struct ctl_softc *softc;
7099	struct ctl_port *port;
7100	struct scsi_target_group_data *rtg_ptr;
7101	struct scsi_target_group_data_extended *rtg_ext_ptr;
7102	struct scsi_target_port_group_descriptor *tpg_desc;
7103
7104	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7105
7106	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7107	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7108	softc = lun->ctl_softc;
7109
7110	retval = CTL_RETVAL_COMPLETE;
7111
7112	switch (cdb->byte2 & STG_PDF_MASK) {
7113	case STG_PDF_LENGTH:
7114		ext = 0;
7115		break;
7116	case STG_PDF_EXTENDED:
7117		ext = 1;
7118		break;
7119	default:
7120		ctl_set_invalid_field(/*ctsio*/ ctsio,
7121				      /*sks_valid*/ 1,
7122				      /*command*/ 1,
7123				      /*field*/ 2,
7124				      /*bit_valid*/ 1,
7125				      /*bit*/ 5);
7126		ctl_done((union ctl_io *)ctsio);
7127		return(retval);
7128	}
7129
7130	num_target_ports = 0;
7131	shared_group = (softc->is_single != 0);
7132	mtx_lock(&softc->ctl_lock);
7133	STAILQ_FOREACH(port, &softc->port_list, links) {
7134		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7135			continue;
7136		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7137			continue;
7138		num_target_ports++;
7139		if (port->status & CTL_PORT_STATUS_HA_SHARED)
7140			shared_group = 1;
7141	}
7142	mtx_unlock(&softc->ctl_lock);
7143	num_ha_groups = (softc->is_single) ? 0 : NUM_HA_SHELVES;
7144
7145	if (ext)
7146		total_len = sizeof(struct scsi_target_group_data_extended);
7147	else
7148		total_len = sizeof(struct scsi_target_group_data);
7149	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7150		(shared_group + num_ha_groups) +
7151	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7152
7153	alloc_len = scsi_4btoul(cdb->length);
7154
7155	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7156
7157	ctsio->kern_sg_entries = 0;
7158
7159	if (total_len < alloc_len) {
7160		ctsio->residual = alloc_len - total_len;
7161		ctsio->kern_data_len = total_len;
7162		ctsio->kern_total_len = total_len;
7163	} else {
7164		ctsio->residual = 0;
7165		ctsio->kern_data_len = alloc_len;
7166		ctsio->kern_total_len = alloc_len;
7167	}
7168	ctsio->kern_data_resid = 0;
7169	ctsio->kern_rel_offset = 0;
7170
7171	if (ext) {
7172		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7173		    ctsio->kern_data_ptr;
7174		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7175		rtg_ext_ptr->format_type = 0x10;
7176		rtg_ext_ptr->implicit_transition_time = 0;
7177		tpg_desc = &rtg_ext_ptr->groups[0];
7178	} else {
7179		rtg_ptr = (struct scsi_target_group_data *)
7180		    ctsio->kern_data_ptr;
7181		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7182		tpg_desc = &rtg_ptr->groups[0];
7183	}
7184
7185	mtx_lock(&softc->ctl_lock);
7186	pg = softc->port_min / softc->port_cnt;
7187	if (lun->flags & (CTL_LUN_PRIMARY_SC | CTL_LUN_PEER_SC_PRIMARY)) {
7188		/* Some shelf is known to be primary. */
7189		if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7190			os = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7191		else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7192			os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7193		else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7194			os = TPG_ASYMMETRIC_ACCESS_STANDBY;
7195		else
7196			os = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7197		if (lun->flags & CTL_LUN_PRIMARY_SC) {
7198			ts = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7199		} else {
7200			ts = os;
7201			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7202		}
7203	} else {
7204		/* No known primary shelf. */
7205		if (softc->ha_link == CTL_HA_LINK_OFFLINE) {
7206			ts = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7207			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7208		} else if (softc->ha_link == CTL_HA_LINK_UNKNOWN) {
7209			ts = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7210			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7211		} else {
7212			ts = os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7213		}
7214	}
7215	if (shared_group) {
7216		tpg_desc->pref_state = ts;
7217		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7218		    TPG_U_SUP | TPG_T_SUP;
7219		scsi_ulto2b(1, tpg_desc->target_port_group);
7220		tpg_desc->status = TPG_IMPLICIT;
7221		pc = 0;
7222		STAILQ_FOREACH(port, &softc->port_list, links) {
7223			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7224				continue;
7225			if (!softc->is_single &&
7226			    (port->status & CTL_PORT_STATUS_HA_SHARED) == 0)
7227				continue;
7228			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7229				continue;
7230			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7231			    relative_target_port_identifier);
7232			pc++;
7233		}
7234		tpg_desc->target_port_count = pc;
7235		tpg_desc = (struct scsi_target_port_group_descriptor *)
7236		    &tpg_desc->descriptors[pc];
7237	}
7238	for (g = 0; g < num_ha_groups; g++) {
7239		tpg_desc->pref_state = (g == pg) ? ts : os;
7240		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7241		    TPG_U_SUP | TPG_T_SUP;
7242		scsi_ulto2b(2 + g, tpg_desc->target_port_group);
7243		tpg_desc->status = TPG_IMPLICIT;
7244		pc = 0;
7245		STAILQ_FOREACH(port, &softc->port_list, links) {
7246			if (port->targ_port < g * softc->port_cnt ||
7247			    port->targ_port >= (g + 1) * softc->port_cnt)
7248				continue;
7249			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7250				continue;
7251			if (port->status & CTL_PORT_STATUS_HA_SHARED)
7252				continue;
7253			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7254				continue;
7255			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7256			    relative_target_port_identifier);
7257			pc++;
7258		}
7259		tpg_desc->target_port_count = pc;
7260		tpg_desc = (struct scsi_target_port_group_descriptor *)
7261		    &tpg_desc->descriptors[pc];
7262	}
7263	mtx_unlock(&softc->ctl_lock);
7264
7265	ctl_set_success(ctsio);
7266	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7267	ctsio->be_move_done = ctl_config_move_done;
7268	ctl_datamove((union ctl_io *)ctsio);
7269	return(retval);
7270}
7271
7272int
7273ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7274{
7275	struct ctl_lun *lun;
7276	struct scsi_report_supported_opcodes *cdb;
7277	const struct ctl_cmd_entry *entry, *sentry;
7278	struct scsi_report_supported_opcodes_all *all;
7279	struct scsi_report_supported_opcodes_descr *descr;
7280	struct scsi_report_supported_opcodes_one *one;
7281	int retval;
7282	int alloc_len, total_len;
7283	int opcode, service_action, i, j, num;
7284
7285	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7286
7287	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7288	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7289
7290	retval = CTL_RETVAL_COMPLETE;
7291
7292	opcode = cdb->requested_opcode;
7293	service_action = scsi_2btoul(cdb->requested_service_action);
7294	switch (cdb->options & RSO_OPTIONS_MASK) {
7295	case RSO_OPTIONS_ALL:
7296		num = 0;
7297		for (i = 0; i < 256; i++) {
7298			entry = &ctl_cmd_table[i];
7299			if (entry->flags & CTL_CMD_FLAG_SA5) {
7300				for (j = 0; j < 32; j++) {
7301					sentry = &((const struct ctl_cmd_entry *)
7302					    entry->execute)[j];
7303					if (ctl_cmd_applicable(
7304					    lun->be_lun->lun_type, sentry))
7305						num++;
7306				}
7307			} else {
7308				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7309				    entry))
7310					num++;
7311			}
7312		}
7313		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7314		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7315		break;
7316	case RSO_OPTIONS_OC:
7317		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7318			ctl_set_invalid_field(/*ctsio*/ ctsio,
7319					      /*sks_valid*/ 1,
7320					      /*command*/ 1,
7321					      /*field*/ 2,
7322					      /*bit_valid*/ 1,
7323					      /*bit*/ 2);
7324			ctl_done((union ctl_io *)ctsio);
7325			return (CTL_RETVAL_COMPLETE);
7326		}
7327		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7328		break;
7329	case RSO_OPTIONS_OC_SA:
7330		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7331		    service_action >= 32) {
7332			ctl_set_invalid_field(/*ctsio*/ ctsio,
7333					      /*sks_valid*/ 1,
7334					      /*command*/ 1,
7335					      /*field*/ 2,
7336					      /*bit_valid*/ 1,
7337					      /*bit*/ 2);
7338			ctl_done((union ctl_io *)ctsio);
7339			return (CTL_RETVAL_COMPLETE);
7340		}
7341		/* FALLTHROUGH */
7342	case RSO_OPTIONS_OC_ASA:
7343		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7344		break;
7345	default:
7346		ctl_set_invalid_field(/*ctsio*/ ctsio,
7347				      /*sks_valid*/ 1,
7348				      /*command*/ 1,
7349				      /*field*/ 2,
7350				      /*bit_valid*/ 1,
7351				      /*bit*/ 2);
7352		ctl_done((union ctl_io *)ctsio);
7353		return (CTL_RETVAL_COMPLETE);
7354	}
7355
7356	alloc_len = scsi_4btoul(cdb->length);
7357
7358	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7359
7360	ctsio->kern_sg_entries = 0;
7361
7362	if (total_len < alloc_len) {
7363		ctsio->residual = alloc_len - total_len;
7364		ctsio->kern_data_len = total_len;
7365		ctsio->kern_total_len = total_len;
7366	} else {
7367		ctsio->residual = 0;
7368		ctsio->kern_data_len = alloc_len;
7369		ctsio->kern_total_len = alloc_len;
7370	}
7371	ctsio->kern_data_resid = 0;
7372	ctsio->kern_rel_offset = 0;
7373
7374	switch (cdb->options & RSO_OPTIONS_MASK) {
7375	case RSO_OPTIONS_ALL:
7376		all = (struct scsi_report_supported_opcodes_all *)
7377		    ctsio->kern_data_ptr;
7378		num = 0;
7379		for (i = 0; i < 256; i++) {
7380			entry = &ctl_cmd_table[i];
7381			if (entry->flags & CTL_CMD_FLAG_SA5) {
7382				for (j = 0; j < 32; j++) {
7383					sentry = &((const struct ctl_cmd_entry *)
7384					    entry->execute)[j];
7385					if (!ctl_cmd_applicable(
7386					    lun->be_lun->lun_type, sentry))
7387						continue;
7388					descr = &all->descr[num++];
7389					descr->opcode = i;
7390					scsi_ulto2b(j, descr->service_action);
7391					descr->flags = RSO_SERVACTV;
7392					scsi_ulto2b(sentry->length,
7393					    descr->cdb_length);
7394				}
7395			} else {
7396				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7397				    entry))
7398					continue;
7399				descr = &all->descr[num++];
7400				descr->opcode = i;
7401				scsi_ulto2b(0, descr->service_action);
7402				descr->flags = 0;
7403				scsi_ulto2b(entry->length, descr->cdb_length);
7404			}
7405		}
7406		scsi_ulto4b(
7407		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7408		    all->length);
7409		break;
7410	case RSO_OPTIONS_OC:
7411		one = (struct scsi_report_supported_opcodes_one *)
7412		    ctsio->kern_data_ptr;
7413		entry = &ctl_cmd_table[opcode];
7414		goto fill_one;
7415	case RSO_OPTIONS_OC_SA:
7416		one = (struct scsi_report_supported_opcodes_one *)
7417		    ctsio->kern_data_ptr;
7418		entry = &ctl_cmd_table[opcode];
7419		entry = &((const struct ctl_cmd_entry *)
7420		    entry->execute)[service_action];
7421fill_one:
7422		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7423			one->support = 3;
7424			scsi_ulto2b(entry->length, one->cdb_length);
7425			one->cdb_usage[0] = opcode;
7426			memcpy(&one->cdb_usage[1], entry->usage,
7427			    entry->length - 1);
7428		} else
7429			one->support = 1;
7430		break;
7431	case RSO_OPTIONS_OC_ASA:
7432		one = (struct scsi_report_supported_opcodes_one *)
7433		    ctsio->kern_data_ptr;
7434		entry = &ctl_cmd_table[opcode];
7435		if (entry->flags & CTL_CMD_FLAG_SA5) {
7436			entry = &((const struct ctl_cmd_entry *)
7437			    entry->execute)[service_action];
7438		} else if (service_action != 0) {
7439			one->support = 1;
7440			break;
7441		}
7442		goto fill_one;
7443	}
7444
7445	ctl_set_success(ctsio);
7446	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7447	ctsio->be_move_done = ctl_config_move_done;
7448	ctl_datamove((union ctl_io *)ctsio);
7449	return(retval);
7450}
7451
7452int
7453ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7454{
7455	struct scsi_report_supported_tmf *cdb;
7456	struct scsi_report_supported_tmf_ext_data *data;
7457	int retval;
7458	int alloc_len, total_len;
7459
7460	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7461
7462	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7463
7464	retval = CTL_RETVAL_COMPLETE;
7465
7466	if (cdb->options & RST_REPD)
7467		total_len = sizeof(struct scsi_report_supported_tmf_ext_data);
7468	else
7469		total_len = sizeof(struct scsi_report_supported_tmf_data);
7470	alloc_len = scsi_4btoul(cdb->length);
7471
7472	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7473
7474	ctsio->kern_sg_entries = 0;
7475
7476	if (total_len < alloc_len) {
7477		ctsio->residual = alloc_len - total_len;
7478		ctsio->kern_data_len = total_len;
7479		ctsio->kern_total_len = total_len;
7480	} else {
7481		ctsio->residual = 0;
7482		ctsio->kern_data_len = alloc_len;
7483		ctsio->kern_total_len = alloc_len;
7484	}
7485	ctsio->kern_data_resid = 0;
7486	ctsio->kern_rel_offset = 0;
7487
7488	data = (struct scsi_report_supported_tmf_ext_data *)ctsio->kern_data_ptr;
7489	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7490	    RST_TRS;
7491	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7492	data->length = total_len - 4;
7493
7494	ctl_set_success(ctsio);
7495	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7496	ctsio->be_move_done = ctl_config_move_done;
7497	ctl_datamove((union ctl_io *)ctsio);
7498	return (retval);
7499}
7500
7501int
7502ctl_report_timestamp(struct ctl_scsiio *ctsio)
7503{
7504	struct scsi_report_timestamp *cdb;
7505	struct scsi_report_timestamp_data *data;
7506	struct timeval tv;
7507	int64_t timestamp;
7508	int retval;
7509	int alloc_len, total_len;
7510
7511	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7512
7513	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7514
7515	retval = CTL_RETVAL_COMPLETE;
7516
7517	total_len = sizeof(struct scsi_report_timestamp_data);
7518	alloc_len = scsi_4btoul(cdb->length);
7519
7520	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7521
7522	ctsio->kern_sg_entries = 0;
7523
7524	if (total_len < alloc_len) {
7525		ctsio->residual = alloc_len - total_len;
7526		ctsio->kern_data_len = total_len;
7527		ctsio->kern_total_len = total_len;
7528	} else {
7529		ctsio->residual = 0;
7530		ctsio->kern_data_len = alloc_len;
7531		ctsio->kern_total_len = alloc_len;
7532	}
7533	ctsio->kern_data_resid = 0;
7534	ctsio->kern_rel_offset = 0;
7535
7536	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7537	scsi_ulto2b(sizeof(*data) - 2, data->length);
7538	data->origin = RTS_ORIG_OUTSIDE;
7539	getmicrotime(&tv);
7540	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7541	scsi_ulto4b(timestamp >> 16, data->timestamp);
7542	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7543
7544	ctl_set_success(ctsio);
7545	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7546	ctsio->be_move_done = ctl_config_move_done;
7547	ctl_datamove((union ctl_io *)ctsio);
7548	return (retval);
7549}
7550
7551int
7552ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7553{
7554	struct scsi_per_res_in *cdb;
7555	int alloc_len, total_len = 0;
7556	/* struct scsi_per_res_in_rsrv in_data; */
7557	struct ctl_lun *lun;
7558	struct ctl_softc *softc;
7559	uint64_t key;
7560
7561	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7562
7563	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7564
7565	alloc_len = scsi_2btoul(cdb->length);
7566
7567	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7568	softc = lun->ctl_softc;
7569
7570retry:
7571	mtx_lock(&lun->lun_lock);
7572	switch (cdb->action) {
7573	case SPRI_RK: /* read keys */
7574		total_len = sizeof(struct scsi_per_res_in_keys) +
7575			lun->pr_key_count *
7576			sizeof(struct scsi_per_res_key);
7577		break;
7578	case SPRI_RR: /* read reservation */
7579		if (lun->flags & CTL_LUN_PR_RESERVED)
7580			total_len = sizeof(struct scsi_per_res_in_rsrv);
7581		else
7582			total_len = sizeof(struct scsi_per_res_in_header);
7583		break;
7584	case SPRI_RC: /* report capabilities */
7585		total_len = sizeof(struct scsi_per_res_cap);
7586		break;
7587	case SPRI_RS: /* read full status */
7588		total_len = sizeof(struct scsi_per_res_in_header) +
7589		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7590		    lun->pr_key_count;
7591		break;
7592	default:
7593		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7594	}
7595	mtx_unlock(&lun->lun_lock);
7596
7597	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7598
7599	if (total_len < alloc_len) {
7600		ctsio->residual = alloc_len - total_len;
7601		ctsio->kern_data_len = total_len;
7602		ctsio->kern_total_len = total_len;
7603	} else {
7604		ctsio->residual = 0;
7605		ctsio->kern_data_len = alloc_len;
7606		ctsio->kern_total_len = alloc_len;
7607	}
7608
7609	ctsio->kern_data_resid = 0;
7610	ctsio->kern_rel_offset = 0;
7611	ctsio->kern_sg_entries = 0;
7612
7613	mtx_lock(&lun->lun_lock);
7614	switch (cdb->action) {
7615	case SPRI_RK: { // read keys
7616        struct scsi_per_res_in_keys *res_keys;
7617		int i, key_count;
7618
7619		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7620
7621		/*
7622		 * We had to drop the lock to allocate our buffer, which
7623		 * leaves time for someone to come in with another
7624		 * persistent reservation.  (That is unlikely, though,
7625		 * since this should be the only persistent reservation
7626		 * command active right now.)
7627		 */
7628		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7629		    (lun->pr_key_count *
7630		     sizeof(struct scsi_per_res_key)))){
7631			mtx_unlock(&lun->lun_lock);
7632			free(ctsio->kern_data_ptr, M_CTL);
7633			printf("%s: reservation length changed, retrying\n",
7634			       __func__);
7635			goto retry;
7636		}
7637
7638		scsi_ulto4b(lun->pr_generation, res_keys->header.generation);
7639
7640		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7641			     lun->pr_key_count, res_keys->header.length);
7642
7643		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7644			if ((key = ctl_get_prkey(lun, i)) == 0)
7645				continue;
7646
7647			/*
7648			 * We used lun->pr_key_count to calculate the
7649			 * size to allocate.  If it turns out the number of
7650			 * initiators with the registered flag set is
7651			 * larger than that (i.e. they haven't been kept in
7652			 * sync), we've got a problem.
7653			 */
7654			if (key_count >= lun->pr_key_count) {
7655				key_count++;
7656				continue;
7657			}
7658			scsi_u64to8b(key, res_keys->keys[key_count].key);
7659			key_count++;
7660		}
7661		break;
7662	}
7663	case SPRI_RR: { // read reservation
7664		struct scsi_per_res_in_rsrv *res;
7665		int tmp_len, header_only;
7666
7667		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7668
7669		scsi_ulto4b(lun->pr_generation, res->header.generation);
7670
7671		if (lun->flags & CTL_LUN_PR_RESERVED)
7672		{
7673			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7674			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7675				    res->header.length);
7676			header_only = 0;
7677		} else {
7678			tmp_len = sizeof(struct scsi_per_res_in_header);
7679			scsi_ulto4b(0, res->header.length);
7680			header_only = 1;
7681		}
7682
7683		/*
7684		 * We had to drop the lock to allocate our buffer, which
7685		 * leaves time for someone to come in with another
7686		 * persistent reservation.  (That is unlikely, though,
7687		 * since this should be the only persistent reservation
7688		 * command active right now.)
7689		 */
7690		if (tmp_len != total_len) {
7691			mtx_unlock(&lun->lun_lock);
7692			free(ctsio->kern_data_ptr, M_CTL);
7693			printf("%s: reservation status changed, retrying\n",
7694			       __func__);
7695			goto retry;
7696		}
7697
7698		/*
7699		 * No reservation held, so we're done.
7700		 */
7701		if (header_only != 0)
7702			break;
7703
7704		/*
7705		 * If the registration is an All Registrants type, the key
7706		 * is 0, since it doesn't really matter.
7707		 */
7708		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7709			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7710			    res->data.reservation);
7711		}
7712		res->data.scopetype = lun->pr_res_type;
7713		break;
7714	}
7715	case SPRI_RC:     //report capabilities
7716	{
7717		struct scsi_per_res_cap *res_cap;
7718		uint16_t type_mask;
7719
7720		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7721		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7722		res_cap->flags1 = SPRI_CRH;
7723		res_cap->flags2 = SPRI_TMV | SPRI_ALLOW_5;
7724		type_mask = SPRI_TM_WR_EX_AR |
7725			    SPRI_TM_EX_AC_RO |
7726			    SPRI_TM_WR_EX_RO |
7727			    SPRI_TM_EX_AC |
7728			    SPRI_TM_WR_EX |
7729			    SPRI_TM_EX_AC_AR;
7730		scsi_ulto2b(type_mask, res_cap->type_mask);
7731		break;
7732	}
7733	case SPRI_RS: { // read full status
7734		struct scsi_per_res_in_full *res_status;
7735		struct scsi_per_res_in_full_desc *res_desc;
7736		struct ctl_port *port;
7737		int i, len;
7738
7739		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7740
7741		/*
7742		 * We had to drop the lock to allocate our buffer, which
7743		 * leaves time for someone to come in with another
7744		 * persistent reservation.  (That is unlikely, though,
7745		 * since this should be the only persistent reservation
7746		 * command active right now.)
7747		 */
7748		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7749		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7750		     lun->pr_key_count)){
7751			mtx_unlock(&lun->lun_lock);
7752			free(ctsio->kern_data_ptr, M_CTL);
7753			printf("%s: reservation length changed, retrying\n",
7754			       __func__);
7755			goto retry;
7756		}
7757
7758		scsi_ulto4b(lun->pr_generation, res_status->header.generation);
7759
7760		res_desc = &res_status->desc[0];
7761		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7762			if ((key = ctl_get_prkey(lun, i)) == 0)
7763				continue;
7764
7765			scsi_u64to8b(key, res_desc->res_key.key);
7766			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7767			    (lun->pr_res_idx == i ||
7768			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7769				res_desc->flags = SPRI_FULL_R_HOLDER;
7770				res_desc->scopetype = lun->pr_res_type;
7771			}
7772			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7773			    res_desc->rel_trgt_port_id);
7774			len = 0;
7775			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7776			if (port != NULL)
7777				len = ctl_create_iid(port,
7778				    i % CTL_MAX_INIT_PER_PORT,
7779				    res_desc->transport_id);
7780			scsi_ulto4b(len, res_desc->additional_length);
7781			res_desc = (struct scsi_per_res_in_full_desc *)
7782			    &res_desc->transport_id[len];
7783		}
7784		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7785		    res_status->header.length);
7786		break;
7787	}
7788	default:
7789		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7790	}
7791	mtx_unlock(&lun->lun_lock);
7792
7793	ctl_set_success(ctsio);
7794	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7795	ctsio->be_move_done = ctl_config_move_done;
7796	ctl_datamove((union ctl_io *)ctsio);
7797	return (CTL_RETVAL_COMPLETE);
7798}
7799
7800/*
7801 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7802 * it should return.
7803 */
7804static int
7805ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7806		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7807		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7808		struct scsi_per_res_out_parms* param)
7809{
7810	union ctl_ha_msg persis_io;
7811	int i;
7812
7813	mtx_lock(&lun->lun_lock);
7814	if (sa_res_key == 0) {
7815		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7816			/* validate scope and type */
7817			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7818			     SPR_LU_SCOPE) {
7819				mtx_unlock(&lun->lun_lock);
7820				ctl_set_invalid_field(/*ctsio*/ ctsio,
7821						      /*sks_valid*/ 1,
7822						      /*command*/ 1,
7823						      /*field*/ 2,
7824						      /*bit_valid*/ 1,
7825						      /*bit*/ 4);
7826				ctl_done((union ctl_io *)ctsio);
7827				return (1);
7828			}
7829
7830		        if (type>8 || type==2 || type==4 || type==0) {
7831				mtx_unlock(&lun->lun_lock);
7832				ctl_set_invalid_field(/*ctsio*/ ctsio,
7833       	           				      /*sks_valid*/ 1,
7834						      /*command*/ 1,
7835						      /*field*/ 2,
7836						      /*bit_valid*/ 1,
7837						      /*bit*/ 0);
7838				ctl_done((union ctl_io *)ctsio);
7839				return (1);
7840		        }
7841
7842			/*
7843			 * Unregister everybody else and build UA for
7844			 * them
7845			 */
7846			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7847				if (i == residx || ctl_get_prkey(lun, i) == 0)
7848					continue;
7849
7850				ctl_clr_prkey(lun, i);
7851				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7852			}
7853			lun->pr_key_count = 1;
7854			lun->pr_res_type = type;
7855			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7856			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7857				lun->pr_res_idx = residx;
7858			lun->pr_generation++;
7859			mtx_unlock(&lun->lun_lock);
7860
7861			/* send msg to other side */
7862			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7863			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7864			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7865			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7866			persis_io.pr.pr_info.res_type = type;
7867			memcpy(persis_io.pr.pr_info.sa_res_key,
7868			       param->serv_act_res_key,
7869			       sizeof(param->serv_act_res_key));
7870			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7871			    sizeof(persis_io.pr), M_WAITOK);
7872		} else {
7873			/* not all registrants */
7874			mtx_unlock(&lun->lun_lock);
7875			free(ctsio->kern_data_ptr, M_CTL);
7876			ctl_set_invalid_field(ctsio,
7877					      /*sks_valid*/ 1,
7878					      /*command*/ 0,
7879					      /*field*/ 8,
7880					      /*bit_valid*/ 0,
7881					      /*bit*/ 0);
7882			ctl_done((union ctl_io *)ctsio);
7883			return (1);
7884		}
7885	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7886		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7887		int found = 0;
7888
7889		if (res_key == sa_res_key) {
7890			/* special case */
7891			/*
7892			 * The spec implies this is not good but doesn't
7893			 * say what to do. There are two choices either
7894			 * generate a res conflict or check condition
7895			 * with illegal field in parameter data. Since
7896			 * that is what is done when the sa_res_key is
7897			 * zero I'll take that approach since this has
7898			 * to do with the sa_res_key.
7899			 */
7900			mtx_unlock(&lun->lun_lock);
7901			free(ctsio->kern_data_ptr, M_CTL);
7902			ctl_set_invalid_field(ctsio,
7903					      /*sks_valid*/ 1,
7904					      /*command*/ 0,
7905					      /*field*/ 8,
7906					      /*bit_valid*/ 0,
7907					      /*bit*/ 0);
7908			ctl_done((union ctl_io *)ctsio);
7909			return (1);
7910		}
7911
7912		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7913			if (ctl_get_prkey(lun, i) != sa_res_key)
7914				continue;
7915
7916			found = 1;
7917			ctl_clr_prkey(lun, i);
7918			lun->pr_key_count--;
7919			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7920		}
7921		if (!found) {
7922			mtx_unlock(&lun->lun_lock);
7923			free(ctsio->kern_data_ptr, M_CTL);
7924			ctl_set_reservation_conflict(ctsio);
7925			ctl_done((union ctl_io *)ctsio);
7926			return (CTL_RETVAL_COMPLETE);
7927		}
7928		lun->pr_generation++;
7929		mtx_unlock(&lun->lun_lock);
7930
7931		/* send msg to other side */
7932		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7933		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7934		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7935		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7936		persis_io.pr.pr_info.res_type = type;
7937		memcpy(persis_io.pr.pr_info.sa_res_key,
7938		       param->serv_act_res_key,
7939		       sizeof(param->serv_act_res_key));
7940		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7941		    sizeof(persis_io.pr), M_WAITOK);
7942	} else {
7943		/* Reserved but not all registrants */
7944		/* sa_res_key is res holder */
7945		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7946			/* validate scope and type */
7947			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7948			     SPR_LU_SCOPE) {
7949				mtx_unlock(&lun->lun_lock);
7950				ctl_set_invalid_field(/*ctsio*/ ctsio,
7951						      /*sks_valid*/ 1,
7952						      /*command*/ 1,
7953						      /*field*/ 2,
7954						      /*bit_valid*/ 1,
7955						      /*bit*/ 4);
7956				ctl_done((union ctl_io *)ctsio);
7957				return (1);
7958			}
7959
7960			if (type>8 || type==2 || type==4 || type==0) {
7961				mtx_unlock(&lun->lun_lock);
7962				ctl_set_invalid_field(/*ctsio*/ ctsio,
7963						      /*sks_valid*/ 1,
7964						      /*command*/ 1,
7965						      /*field*/ 2,
7966						      /*bit_valid*/ 1,
7967						      /*bit*/ 0);
7968				ctl_done((union ctl_io *)ctsio);
7969				return (1);
7970			}
7971
7972			/*
7973			 * Do the following:
7974			 * if sa_res_key != res_key remove all
7975			 * registrants w/sa_res_key and generate UA
7976			 * for these registrants(Registrations
7977			 * Preempted) if it wasn't an exclusive
7978			 * reservation generate UA(Reservations
7979			 * Preempted) for all other registered nexuses
7980			 * if the type has changed. Establish the new
7981			 * reservation and holder. If res_key and
7982			 * sa_res_key are the same do the above
7983			 * except don't unregister the res holder.
7984			 */
7985
7986			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7987				if (i == residx || ctl_get_prkey(lun, i) == 0)
7988					continue;
7989
7990				if (sa_res_key == ctl_get_prkey(lun, i)) {
7991					ctl_clr_prkey(lun, i);
7992					lun->pr_key_count--;
7993					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7994				} else if (type != lun->pr_res_type &&
7995				    (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
7996				     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
7997					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7998				}
7999			}
8000			lun->pr_res_type = type;
8001			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8002			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8003				lun->pr_res_idx = residx;
8004			else
8005				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8006			lun->pr_generation++;
8007			mtx_unlock(&lun->lun_lock);
8008
8009			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8010			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8011			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8012			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8013			persis_io.pr.pr_info.res_type = type;
8014			memcpy(persis_io.pr.pr_info.sa_res_key,
8015			       param->serv_act_res_key,
8016			       sizeof(param->serv_act_res_key));
8017			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8018			    sizeof(persis_io.pr), M_WAITOK);
8019		} else {
8020			/*
8021			 * sa_res_key is not the res holder just
8022			 * remove registrants
8023			 */
8024			int found=0;
8025
8026			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8027				if (sa_res_key != ctl_get_prkey(lun, i))
8028					continue;
8029
8030				found = 1;
8031				ctl_clr_prkey(lun, i);
8032				lun->pr_key_count--;
8033				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8034			}
8035
8036			if (!found) {
8037				mtx_unlock(&lun->lun_lock);
8038				free(ctsio->kern_data_ptr, M_CTL);
8039				ctl_set_reservation_conflict(ctsio);
8040				ctl_done((union ctl_io *)ctsio);
8041		        	return (1);
8042			}
8043			lun->pr_generation++;
8044			mtx_unlock(&lun->lun_lock);
8045
8046			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8047			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8048			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8049			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8050			persis_io.pr.pr_info.res_type = type;
8051			memcpy(persis_io.pr.pr_info.sa_res_key,
8052			       param->serv_act_res_key,
8053			       sizeof(param->serv_act_res_key));
8054			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8055			    sizeof(persis_io.pr), M_WAITOK);
8056		}
8057	}
8058	return (0);
8059}
8060
8061static void
8062ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8063{
8064	uint64_t sa_res_key;
8065	int i;
8066
8067	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8068
8069	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8070	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8071	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8072		if (sa_res_key == 0) {
8073			/*
8074			 * Unregister everybody else and build UA for
8075			 * them
8076			 */
8077			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8078				if (i == msg->pr.pr_info.residx ||
8079				    ctl_get_prkey(lun, i) == 0)
8080					continue;
8081
8082				ctl_clr_prkey(lun, i);
8083				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8084			}
8085
8086			lun->pr_key_count = 1;
8087			lun->pr_res_type = msg->pr.pr_info.res_type;
8088			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8089			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8090				lun->pr_res_idx = msg->pr.pr_info.residx;
8091		} else {
8092		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8093				if (sa_res_key == ctl_get_prkey(lun, i))
8094					continue;
8095
8096				ctl_clr_prkey(lun, i);
8097				lun->pr_key_count--;
8098				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8099			}
8100		}
8101	} else {
8102		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8103			if (i == msg->pr.pr_info.residx ||
8104			    ctl_get_prkey(lun, i) == 0)
8105				continue;
8106
8107			if (sa_res_key == ctl_get_prkey(lun, i)) {
8108				ctl_clr_prkey(lun, i);
8109				lun->pr_key_count--;
8110				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8111			} else if (msg->pr.pr_info.res_type != lun->pr_res_type
8112			    && (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8113			     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
8114				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8115			}
8116		}
8117		lun->pr_res_type = msg->pr.pr_info.res_type;
8118		if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8119		    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8120			lun->pr_res_idx = msg->pr.pr_info.residx;
8121		else
8122			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8123	}
8124	lun->pr_generation++;
8125
8126}
8127
8128
8129int
8130ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8131{
8132	int retval;
8133	u_int32_t param_len;
8134	struct scsi_per_res_out *cdb;
8135	struct ctl_lun *lun;
8136	struct scsi_per_res_out_parms* param;
8137	struct ctl_softc *softc;
8138	uint32_t residx;
8139	uint64_t res_key, sa_res_key, key;
8140	uint8_t type;
8141	union ctl_ha_msg persis_io;
8142	int    i;
8143
8144	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8145
8146	retval = CTL_RETVAL_COMPLETE;
8147
8148	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8149	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8150	softc = lun->ctl_softc;
8151
8152	/*
8153	 * We only support whole-LUN scope.  The scope & type are ignored for
8154	 * register, register and ignore existing key and clear.
8155	 * We sometimes ignore scope and type on preempts too!!
8156	 * Verify reservation type here as well.
8157	 */
8158	type = cdb->scope_type & SPR_TYPE_MASK;
8159	if ((cdb->action == SPRO_RESERVE)
8160	 || (cdb->action == SPRO_RELEASE)) {
8161		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8162			ctl_set_invalid_field(/*ctsio*/ ctsio,
8163					      /*sks_valid*/ 1,
8164					      /*command*/ 1,
8165					      /*field*/ 2,
8166					      /*bit_valid*/ 1,
8167					      /*bit*/ 4);
8168			ctl_done((union ctl_io *)ctsio);
8169			return (CTL_RETVAL_COMPLETE);
8170		}
8171
8172		if (type>8 || type==2 || type==4 || type==0) {
8173			ctl_set_invalid_field(/*ctsio*/ ctsio,
8174					      /*sks_valid*/ 1,
8175					      /*command*/ 1,
8176					      /*field*/ 2,
8177					      /*bit_valid*/ 1,
8178					      /*bit*/ 0);
8179			ctl_done((union ctl_io *)ctsio);
8180			return (CTL_RETVAL_COMPLETE);
8181		}
8182	}
8183
8184	param_len = scsi_4btoul(cdb->length);
8185
8186	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8187		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8188		ctsio->kern_data_len = param_len;
8189		ctsio->kern_total_len = param_len;
8190		ctsio->kern_data_resid = 0;
8191		ctsio->kern_rel_offset = 0;
8192		ctsio->kern_sg_entries = 0;
8193		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8194		ctsio->be_move_done = ctl_config_move_done;
8195		ctl_datamove((union ctl_io *)ctsio);
8196
8197		return (CTL_RETVAL_COMPLETE);
8198	}
8199
8200	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8201
8202	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8203	res_key = scsi_8btou64(param->res_key.key);
8204	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8205
8206	/*
8207	 * Validate the reservation key here except for SPRO_REG_IGNO
8208	 * This must be done for all other service actions
8209	 */
8210	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8211		mtx_lock(&lun->lun_lock);
8212		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8213			if (res_key != key) {
8214				/*
8215				 * The current key passed in doesn't match
8216				 * the one the initiator previously
8217				 * registered.
8218				 */
8219				mtx_unlock(&lun->lun_lock);
8220				free(ctsio->kern_data_ptr, M_CTL);
8221				ctl_set_reservation_conflict(ctsio);
8222				ctl_done((union ctl_io *)ctsio);
8223				return (CTL_RETVAL_COMPLETE);
8224			}
8225		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8226			/*
8227			 * We are not registered
8228			 */
8229			mtx_unlock(&lun->lun_lock);
8230			free(ctsio->kern_data_ptr, M_CTL);
8231			ctl_set_reservation_conflict(ctsio);
8232			ctl_done((union ctl_io *)ctsio);
8233			return (CTL_RETVAL_COMPLETE);
8234		} else if (res_key != 0) {
8235			/*
8236			 * We are not registered and trying to register but
8237			 * the register key isn't zero.
8238			 */
8239			mtx_unlock(&lun->lun_lock);
8240			free(ctsio->kern_data_ptr, M_CTL);
8241			ctl_set_reservation_conflict(ctsio);
8242			ctl_done((union ctl_io *)ctsio);
8243			return (CTL_RETVAL_COMPLETE);
8244		}
8245		mtx_unlock(&lun->lun_lock);
8246	}
8247
8248	switch (cdb->action & SPRO_ACTION_MASK) {
8249	case SPRO_REGISTER:
8250	case SPRO_REG_IGNO: {
8251
8252#if 0
8253		printf("Registration received\n");
8254#endif
8255
8256		/*
8257		 * We don't support any of these options, as we report in
8258		 * the read capabilities request (see
8259		 * ctl_persistent_reserve_in(), above).
8260		 */
8261		if ((param->flags & SPR_SPEC_I_PT)
8262		 || (param->flags & SPR_ALL_TG_PT)
8263		 || (param->flags & SPR_APTPL)) {
8264			int bit_ptr;
8265
8266			if (param->flags & SPR_APTPL)
8267				bit_ptr = 0;
8268			else if (param->flags & SPR_ALL_TG_PT)
8269				bit_ptr = 2;
8270			else /* SPR_SPEC_I_PT */
8271				bit_ptr = 3;
8272
8273			free(ctsio->kern_data_ptr, M_CTL);
8274			ctl_set_invalid_field(ctsio,
8275					      /*sks_valid*/ 1,
8276					      /*command*/ 0,
8277					      /*field*/ 20,
8278					      /*bit_valid*/ 1,
8279					      /*bit*/ bit_ptr);
8280			ctl_done((union ctl_io *)ctsio);
8281			return (CTL_RETVAL_COMPLETE);
8282		}
8283
8284		mtx_lock(&lun->lun_lock);
8285
8286		/*
8287		 * The initiator wants to clear the
8288		 * key/unregister.
8289		 */
8290		if (sa_res_key == 0) {
8291			if ((res_key == 0
8292			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8293			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8294			  && ctl_get_prkey(lun, residx) == 0)) {
8295				mtx_unlock(&lun->lun_lock);
8296				goto done;
8297			}
8298
8299			ctl_clr_prkey(lun, residx);
8300			lun->pr_key_count--;
8301
8302			if (residx == lun->pr_res_idx) {
8303				lun->flags &= ~CTL_LUN_PR_RESERVED;
8304				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8305
8306				if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8307				     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8308				    lun->pr_key_count) {
8309					/*
8310					 * If the reservation is a registrants
8311					 * only type we need to generate a UA
8312					 * for other registered inits.  The
8313					 * sense code should be RESERVATIONS
8314					 * RELEASED
8315					 */
8316
8317					for (i = softc->init_min; i < softc->init_max; i++){
8318						if (ctl_get_prkey(lun, i) == 0)
8319							continue;
8320						ctl_est_ua(lun, i,
8321						    CTL_UA_RES_RELEASE);
8322					}
8323				}
8324				lun->pr_res_type = 0;
8325			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8326				if (lun->pr_key_count==0) {
8327					lun->flags &= ~CTL_LUN_PR_RESERVED;
8328					lun->pr_res_type = 0;
8329					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8330				}
8331			}
8332			lun->pr_generation++;
8333			mtx_unlock(&lun->lun_lock);
8334
8335			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8336			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8337			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8338			persis_io.pr.pr_info.residx = residx;
8339			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8340			    sizeof(persis_io.pr), M_WAITOK);
8341		} else /* sa_res_key != 0 */ {
8342
8343			/*
8344			 * If we aren't registered currently then increment
8345			 * the key count and set the registered flag.
8346			 */
8347			ctl_alloc_prkey(lun, residx);
8348			if (ctl_get_prkey(lun, residx) == 0)
8349				lun->pr_key_count++;
8350			ctl_set_prkey(lun, residx, sa_res_key);
8351			lun->pr_generation++;
8352			mtx_unlock(&lun->lun_lock);
8353
8354			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8355			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8356			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8357			persis_io.pr.pr_info.residx = residx;
8358			memcpy(persis_io.pr.pr_info.sa_res_key,
8359			       param->serv_act_res_key,
8360			       sizeof(param->serv_act_res_key));
8361			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8362			    sizeof(persis_io.pr), M_WAITOK);
8363		}
8364
8365		break;
8366	}
8367	case SPRO_RESERVE:
8368#if 0
8369                printf("Reserve executed type %d\n", type);
8370#endif
8371		mtx_lock(&lun->lun_lock);
8372		if (lun->flags & CTL_LUN_PR_RESERVED) {
8373			/*
8374			 * if this isn't the reservation holder and it's
8375			 * not a "all registrants" type or if the type is
8376			 * different then we have a conflict
8377			 */
8378			if ((lun->pr_res_idx != residx
8379			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8380			 || lun->pr_res_type != type) {
8381				mtx_unlock(&lun->lun_lock);
8382				free(ctsio->kern_data_ptr, M_CTL);
8383				ctl_set_reservation_conflict(ctsio);
8384				ctl_done((union ctl_io *)ctsio);
8385				return (CTL_RETVAL_COMPLETE);
8386			}
8387			mtx_unlock(&lun->lun_lock);
8388		} else /* create a reservation */ {
8389			/*
8390			 * If it's not an "all registrants" type record
8391			 * reservation holder
8392			 */
8393			if (type != SPR_TYPE_WR_EX_AR
8394			 && type != SPR_TYPE_EX_AC_AR)
8395				lun->pr_res_idx = residx; /* Res holder */
8396			else
8397				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8398
8399			lun->flags |= CTL_LUN_PR_RESERVED;
8400			lun->pr_res_type = type;
8401
8402			mtx_unlock(&lun->lun_lock);
8403
8404			/* send msg to other side */
8405			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8406			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8407			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8408			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8409			persis_io.pr.pr_info.res_type = type;
8410			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8411			    sizeof(persis_io.pr), M_WAITOK);
8412		}
8413		break;
8414
8415	case SPRO_RELEASE:
8416		mtx_lock(&lun->lun_lock);
8417		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8418			/* No reservation exists return good status */
8419			mtx_unlock(&lun->lun_lock);
8420			goto done;
8421		}
8422		/*
8423		 * Is this nexus a reservation holder?
8424		 */
8425		if (lun->pr_res_idx != residx
8426		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8427			/*
8428			 * not a res holder return good status but
8429			 * do nothing
8430			 */
8431			mtx_unlock(&lun->lun_lock);
8432			goto done;
8433		}
8434
8435		if (lun->pr_res_type != type) {
8436			mtx_unlock(&lun->lun_lock);
8437			free(ctsio->kern_data_ptr, M_CTL);
8438			ctl_set_illegal_pr_release(ctsio);
8439			ctl_done((union ctl_io *)ctsio);
8440			return (CTL_RETVAL_COMPLETE);
8441		}
8442
8443		/* okay to release */
8444		lun->flags &= ~CTL_LUN_PR_RESERVED;
8445		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8446		lun->pr_res_type = 0;
8447
8448		/*
8449		 * If this isn't an exclusive access reservation and NUAR
8450		 * is not set, generate UA for all other registrants.
8451		 */
8452		if (type != SPR_TYPE_EX_AC && type != SPR_TYPE_WR_EX &&
8453		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8454			for (i = softc->init_min; i < softc->init_max; i++) {
8455				if (i == residx || ctl_get_prkey(lun, i) == 0)
8456					continue;
8457				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8458			}
8459		}
8460		mtx_unlock(&lun->lun_lock);
8461
8462		/* Send msg to other side */
8463		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8464		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8465		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8466		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8467		     sizeof(persis_io.pr), M_WAITOK);
8468		break;
8469
8470	case SPRO_CLEAR:
8471		/* send msg to other side */
8472
8473		mtx_lock(&lun->lun_lock);
8474		lun->flags &= ~CTL_LUN_PR_RESERVED;
8475		lun->pr_res_type = 0;
8476		lun->pr_key_count = 0;
8477		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8478
8479		ctl_clr_prkey(lun, residx);
8480		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8481			if (ctl_get_prkey(lun, i) != 0) {
8482				ctl_clr_prkey(lun, i);
8483				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8484			}
8485		lun->pr_generation++;
8486		mtx_unlock(&lun->lun_lock);
8487
8488		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8489		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8490		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8491		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8492		     sizeof(persis_io.pr), M_WAITOK);
8493		break;
8494
8495	case SPRO_PREEMPT:
8496	case SPRO_PRE_ABO: {
8497		int nretval;
8498
8499		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8500					  residx, ctsio, cdb, param);
8501		if (nretval != 0)
8502			return (CTL_RETVAL_COMPLETE);
8503		break;
8504	}
8505	default:
8506		panic("%s: Invalid PR type %#x", __func__, cdb->action);
8507	}
8508
8509done:
8510	free(ctsio->kern_data_ptr, M_CTL);
8511	ctl_set_success(ctsio);
8512	ctl_done((union ctl_io *)ctsio);
8513
8514	return (retval);
8515}
8516
8517/*
8518 * This routine is for handling a message from the other SC pertaining to
8519 * persistent reserve out. All the error checking will have been done
8520 * so only perorming the action need be done here to keep the two
8521 * in sync.
8522 */
8523static void
8524ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8525{
8526	struct ctl_softc *softc = control_softc;
8527	struct ctl_lun *lun;
8528	int i;
8529	uint32_t residx, targ_lun;
8530
8531	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8532	mtx_lock(&softc->ctl_lock);
8533	if ((targ_lun >= CTL_MAX_LUNS) ||
8534	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8535		mtx_unlock(&softc->ctl_lock);
8536		return;
8537	}
8538	mtx_lock(&lun->lun_lock);
8539	mtx_unlock(&softc->ctl_lock);
8540	if (lun->flags & CTL_LUN_DISABLED) {
8541		mtx_unlock(&lun->lun_lock);
8542		return;
8543	}
8544	residx = ctl_get_initindex(&msg->hdr.nexus);
8545	switch(msg->pr.pr_info.action) {
8546	case CTL_PR_REG_KEY:
8547		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8548		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8549			lun->pr_key_count++;
8550		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8551		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8552		lun->pr_generation++;
8553		break;
8554
8555	case CTL_PR_UNREG_KEY:
8556		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8557		lun->pr_key_count--;
8558
8559		/* XXX Need to see if the reservation has been released */
8560		/* if so do we need to generate UA? */
8561		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8562			lun->flags &= ~CTL_LUN_PR_RESERVED;
8563			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8564
8565			if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8566			     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8567			    lun->pr_key_count) {
8568				/*
8569				 * If the reservation is a registrants
8570				 * only type we need to generate a UA
8571				 * for other registered inits.  The
8572				 * sense code should be RESERVATIONS
8573				 * RELEASED
8574				 */
8575
8576				for (i = softc->init_min; i < softc->init_max; i++) {
8577					if (ctl_get_prkey(lun, i) == 0)
8578						continue;
8579
8580					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8581				}
8582			}
8583			lun->pr_res_type = 0;
8584		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8585			if (lun->pr_key_count==0) {
8586				lun->flags &= ~CTL_LUN_PR_RESERVED;
8587				lun->pr_res_type = 0;
8588				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8589			}
8590		}
8591		lun->pr_generation++;
8592		break;
8593
8594	case CTL_PR_RESERVE:
8595		lun->flags |= CTL_LUN_PR_RESERVED;
8596		lun->pr_res_type = msg->pr.pr_info.res_type;
8597		lun->pr_res_idx = msg->pr.pr_info.residx;
8598
8599		break;
8600
8601	case CTL_PR_RELEASE:
8602		/*
8603		 * If this isn't an exclusive access reservation and NUAR
8604		 * is not set, generate UA for all other registrants.
8605		 */
8606		if (lun->pr_res_type != SPR_TYPE_EX_AC &&
8607		    lun->pr_res_type != SPR_TYPE_WR_EX &&
8608		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8609			for (i = softc->init_min; i < softc->init_max; i++)
8610				if (i == residx || ctl_get_prkey(lun, i) == 0)
8611					continue;
8612				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8613		}
8614
8615		lun->flags &= ~CTL_LUN_PR_RESERVED;
8616		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8617		lun->pr_res_type = 0;
8618		break;
8619
8620	case CTL_PR_PREEMPT:
8621		ctl_pro_preempt_other(lun, msg);
8622		break;
8623	case CTL_PR_CLEAR:
8624		lun->flags &= ~CTL_LUN_PR_RESERVED;
8625		lun->pr_res_type = 0;
8626		lun->pr_key_count = 0;
8627		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8628
8629		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8630			if (ctl_get_prkey(lun, i) == 0)
8631				continue;
8632			ctl_clr_prkey(lun, i);
8633			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8634		}
8635		lun->pr_generation++;
8636		break;
8637	}
8638
8639	mtx_unlock(&lun->lun_lock);
8640}
8641
8642int
8643ctl_read_write(struct ctl_scsiio *ctsio)
8644{
8645	struct ctl_lun *lun;
8646	struct ctl_lba_len_flags *lbalen;
8647	uint64_t lba;
8648	uint32_t num_blocks;
8649	int flags, retval;
8650	int isread;
8651
8652	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8653
8654	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8655
8656	flags = 0;
8657	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8658	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8659	switch (ctsio->cdb[0]) {
8660	case READ_6:
8661	case WRITE_6: {
8662		struct scsi_rw_6 *cdb;
8663
8664		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8665
8666		lba = scsi_3btoul(cdb->addr);
8667		/* only 5 bits are valid in the most significant address byte */
8668		lba &= 0x1fffff;
8669		num_blocks = cdb->length;
8670		/*
8671		 * This is correct according to SBC-2.
8672		 */
8673		if (num_blocks == 0)
8674			num_blocks = 256;
8675		break;
8676	}
8677	case READ_10:
8678	case WRITE_10: {
8679		struct scsi_rw_10 *cdb;
8680
8681		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8682		if (cdb->byte2 & SRW10_FUA)
8683			flags |= CTL_LLF_FUA;
8684		if (cdb->byte2 & SRW10_DPO)
8685			flags |= CTL_LLF_DPO;
8686		lba = scsi_4btoul(cdb->addr);
8687		num_blocks = scsi_2btoul(cdb->length);
8688		break;
8689	}
8690	case WRITE_VERIFY_10: {
8691		struct scsi_write_verify_10 *cdb;
8692
8693		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8694		flags |= CTL_LLF_FUA;
8695		if (cdb->byte2 & SWV_DPO)
8696			flags |= CTL_LLF_DPO;
8697		lba = scsi_4btoul(cdb->addr);
8698		num_blocks = scsi_2btoul(cdb->length);
8699		break;
8700	}
8701	case READ_12:
8702	case WRITE_12: {
8703		struct scsi_rw_12 *cdb;
8704
8705		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8706		if (cdb->byte2 & SRW12_FUA)
8707			flags |= CTL_LLF_FUA;
8708		if (cdb->byte2 & SRW12_DPO)
8709			flags |= CTL_LLF_DPO;
8710		lba = scsi_4btoul(cdb->addr);
8711		num_blocks = scsi_4btoul(cdb->length);
8712		break;
8713	}
8714	case WRITE_VERIFY_12: {
8715		struct scsi_write_verify_12 *cdb;
8716
8717		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8718		flags |= CTL_LLF_FUA;
8719		if (cdb->byte2 & SWV_DPO)
8720			flags |= CTL_LLF_DPO;
8721		lba = scsi_4btoul(cdb->addr);
8722		num_blocks = scsi_4btoul(cdb->length);
8723		break;
8724	}
8725	case READ_16:
8726	case WRITE_16: {
8727		struct scsi_rw_16 *cdb;
8728
8729		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8730		if (cdb->byte2 & SRW12_FUA)
8731			flags |= CTL_LLF_FUA;
8732		if (cdb->byte2 & SRW12_DPO)
8733			flags |= CTL_LLF_DPO;
8734		lba = scsi_8btou64(cdb->addr);
8735		num_blocks = scsi_4btoul(cdb->length);
8736		break;
8737	}
8738	case WRITE_ATOMIC_16: {
8739		struct scsi_write_atomic_16 *cdb;
8740
8741		if (lun->be_lun->atomicblock == 0) {
8742			ctl_set_invalid_opcode(ctsio);
8743			ctl_done((union ctl_io *)ctsio);
8744			return (CTL_RETVAL_COMPLETE);
8745		}
8746
8747		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8748		if (cdb->byte2 & SRW12_FUA)
8749			flags |= CTL_LLF_FUA;
8750		if (cdb->byte2 & SRW12_DPO)
8751			flags |= CTL_LLF_DPO;
8752		lba = scsi_8btou64(cdb->addr);
8753		num_blocks = scsi_2btoul(cdb->length);
8754		if (num_blocks > lun->be_lun->atomicblock) {
8755			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8756			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8757			    /*bit*/ 0);
8758			ctl_done((union ctl_io *)ctsio);
8759			return (CTL_RETVAL_COMPLETE);
8760		}
8761		break;
8762	}
8763	case WRITE_VERIFY_16: {
8764		struct scsi_write_verify_16 *cdb;
8765
8766		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8767		flags |= CTL_LLF_FUA;
8768		if (cdb->byte2 & SWV_DPO)
8769			flags |= CTL_LLF_DPO;
8770		lba = scsi_8btou64(cdb->addr);
8771		num_blocks = scsi_4btoul(cdb->length);
8772		break;
8773	}
8774	default:
8775		/*
8776		 * We got a command we don't support.  This shouldn't
8777		 * happen, commands should be filtered out above us.
8778		 */
8779		ctl_set_invalid_opcode(ctsio);
8780		ctl_done((union ctl_io *)ctsio);
8781
8782		return (CTL_RETVAL_COMPLETE);
8783		break; /* NOTREACHED */
8784	}
8785
8786	/*
8787	 * The first check is to make sure we're in bounds, the second
8788	 * check is to catch wrap-around problems.  If the lba + num blocks
8789	 * is less than the lba, then we've wrapped around and the block
8790	 * range is invalid anyway.
8791	 */
8792	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8793	 || ((lba + num_blocks) < lba)) {
8794		ctl_set_lba_out_of_range(ctsio,
8795		    MAX(lba, lun->be_lun->maxlba + 1));
8796		ctl_done((union ctl_io *)ctsio);
8797		return (CTL_RETVAL_COMPLETE);
8798	}
8799
8800	/*
8801	 * According to SBC-3, a transfer length of 0 is not an error.
8802	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8803	 * translates to 256 blocks for those commands.
8804	 */
8805	if (num_blocks == 0) {
8806		ctl_set_success(ctsio);
8807		ctl_done((union ctl_io *)ctsio);
8808		return (CTL_RETVAL_COMPLETE);
8809	}
8810
8811	/* Set FUA and/or DPO if caches are disabled. */
8812	if (isread) {
8813		if ((lun->MODE_CACHING.flags1 & SCP_RCD) != 0)
8814			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8815	} else {
8816		if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8817			flags |= CTL_LLF_FUA;
8818	}
8819
8820	lbalen = (struct ctl_lba_len_flags *)
8821	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8822	lbalen->lba = lba;
8823	lbalen->len = num_blocks;
8824	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8825
8826	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8827	ctsio->kern_rel_offset = 0;
8828
8829	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8830
8831	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8832	return (retval);
8833}
8834
8835static int
8836ctl_cnw_cont(union ctl_io *io)
8837{
8838	struct ctl_scsiio *ctsio;
8839	struct ctl_lun *lun;
8840	struct ctl_lba_len_flags *lbalen;
8841	int retval;
8842
8843	ctsio = &io->scsiio;
8844	ctsio->io_hdr.status = CTL_STATUS_NONE;
8845	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8846	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8847	lbalen = (struct ctl_lba_len_flags *)
8848	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8849	lbalen->flags &= ~CTL_LLF_COMPARE;
8850	lbalen->flags |= CTL_LLF_WRITE;
8851
8852	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8853	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8854	return (retval);
8855}
8856
8857int
8858ctl_cnw(struct ctl_scsiio *ctsio)
8859{
8860	struct ctl_lun *lun;
8861	struct ctl_lba_len_flags *lbalen;
8862	uint64_t lba;
8863	uint32_t num_blocks;
8864	int flags, retval;
8865
8866	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8867
8868	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8869
8870	flags = 0;
8871	switch (ctsio->cdb[0]) {
8872	case COMPARE_AND_WRITE: {
8873		struct scsi_compare_and_write *cdb;
8874
8875		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8876		if (cdb->byte2 & SRW10_FUA)
8877			flags |= CTL_LLF_FUA;
8878		if (cdb->byte2 & SRW10_DPO)
8879			flags |= CTL_LLF_DPO;
8880		lba = scsi_8btou64(cdb->addr);
8881		num_blocks = cdb->length;
8882		break;
8883	}
8884	default:
8885		/*
8886		 * We got a command we don't support.  This shouldn't
8887		 * happen, commands should be filtered out above us.
8888		 */
8889		ctl_set_invalid_opcode(ctsio);
8890		ctl_done((union ctl_io *)ctsio);
8891
8892		return (CTL_RETVAL_COMPLETE);
8893		break; /* NOTREACHED */
8894	}
8895
8896	/*
8897	 * The first check is to make sure we're in bounds, the second
8898	 * check is to catch wrap-around problems.  If the lba + num blocks
8899	 * is less than the lba, then we've wrapped around and the block
8900	 * range is invalid anyway.
8901	 */
8902	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8903	 || ((lba + num_blocks) < lba)) {
8904		ctl_set_lba_out_of_range(ctsio,
8905		    MAX(lba, lun->be_lun->maxlba + 1));
8906		ctl_done((union ctl_io *)ctsio);
8907		return (CTL_RETVAL_COMPLETE);
8908	}
8909
8910	/*
8911	 * According to SBC-3, a transfer length of 0 is not an error.
8912	 */
8913	if (num_blocks == 0) {
8914		ctl_set_success(ctsio);
8915		ctl_done((union ctl_io *)ctsio);
8916		return (CTL_RETVAL_COMPLETE);
8917	}
8918
8919	/* Set FUA if write cache is disabled. */
8920	if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8921		flags |= CTL_LLF_FUA;
8922
8923	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8924	ctsio->kern_rel_offset = 0;
8925
8926	/*
8927	 * Set the IO_CONT flag, so that if this I/O gets passed to
8928	 * ctl_data_submit_done(), it'll get passed back to
8929	 * ctl_ctl_cnw_cont() for further processing.
8930	 */
8931	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8932	ctsio->io_cont = ctl_cnw_cont;
8933
8934	lbalen = (struct ctl_lba_len_flags *)
8935	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8936	lbalen->lba = lba;
8937	lbalen->len = num_blocks;
8938	lbalen->flags = CTL_LLF_COMPARE | flags;
8939
8940	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8941	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8942	return (retval);
8943}
8944
8945int
8946ctl_verify(struct ctl_scsiio *ctsio)
8947{
8948	struct ctl_lun *lun;
8949	struct ctl_lba_len_flags *lbalen;
8950	uint64_t lba;
8951	uint32_t num_blocks;
8952	int bytchk, flags;
8953	int retval;
8954
8955	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8956
8957	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8958
8959	bytchk = 0;
8960	flags = CTL_LLF_FUA;
8961	switch (ctsio->cdb[0]) {
8962	case VERIFY_10: {
8963		struct scsi_verify_10 *cdb;
8964
8965		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8966		if (cdb->byte2 & SVFY_BYTCHK)
8967			bytchk = 1;
8968		if (cdb->byte2 & SVFY_DPO)
8969			flags |= CTL_LLF_DPO;
8970		lba = scsi_4btoul(cdb->addr);
8971		num_blocks = scsi_2btoul(cdb->length);
8972		break;
8973	}
8974	case VERIFY_12: {
8975		struct scsi_verify_12 *cdb;
8976
8977		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8978		if (cdb->byte2 & SVFY_BYTCHK)
8979			bytchk = 1;
8980		if (cdb->byte2 & SVFY_DPO)
8981			flags |= CTL_LLF_DPO;
8982		lba = scsi_4btoul(cdb->addr);
8983		num_blocks = scsi_4btoul(cdb->length);
8984		break;
8985	}
8986	case VERIFY_16: {
8987		struct scsi_rw_16 *cdb;
8988
8989		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8990		if (cdb->byte2 & SVFY_BYTCHK)
8991			bytchk = 1;
8992		if (cdb->byte2 & SVFY_DPO)
8993			flags |= CTL_LLF_DPO;
8994		lba = scsi_8btou64(cdb->addr);
8995		num_blocks = scsi_4btoul(cdb->length);
8996		break;
8997	}
8998	default:
8999		/*
9000		 * We got a command we don't support.  This shouldn't
9001		 * happen, commands should be filtered out above us.
9002		 */
9003		ctl_set_invalid_opcode(ctsio);
9004		ctl_done((union ctl_io *)ctsio);
9005		return (CTL_RETVAL_COMPLETE);
9006	}
9007
9008	/*
9009	 * The first check is to make sure we're in bounds, the second
9010	 * check is to catch wrap-around problems.  If the lba + num blocks
9011	 * is less than the lba, then we've wrapped around and the block
9012	 * range is invalid anyway.
9013	 */
9014	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9015	 || ((lba + num_blocks) < lba)) {
9016		ctl_set_lba_out_of_range(ctsio,
9017		    MAX(lba, lun->be_lun->maxlba + 1));
9018		ctl_done((union ctl_io *)ctsio);
9019		return (CTL_RETVAL_COMPLETE);
9020	}
9021
9022	/*
9023	 * According to SBC-3, a transfer length of 0 is not an error.
9024	 */
9025	if (num_blocks == 0) {
9026		ctl_set_success(ctsio);
9027		ctl_done((union ctl_io *)ctsio);
9028		return (CTL_RETVAL_COMPLETE);
9029	}
9030
9031	lbalen = (struct ctl_lba_len_flags *)
9032	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9033	lbalen->lba = lba;
9034	lbalen->len = num_blocks;
9035	if (bytchk) {
9036		lbalen->flags = CTL_LLF_COMPARE | flags;
9037		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9038	} else {
9039		lbalen->flags = CTL_LLF_VERIFY | flags;
9040		ctsio->kern_total_len = 0;
9041	}
9042	ctsio->kern_rel_offset = 0;
9043
9044	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9045	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9046	return (retval);
9047}
9048
9049int
9050ctl_report_luns(struct ctl_scsiio *ctsio)
9051{
9052	struct ctl_softc *softc;
9053	struct scsi_report_luns *cdb;
9054	struct scsi_report_luns_data *lun_data;
9055	struct ctl_lun *lun, *request_lun;
9056	struct ctl_port *port;
9057	int num_luns, retval;
9058	uint32_t alloc_len, lun_datalen;
9059	int num_filled;
9060	uint32_t initidx, targ_lun_id, lun_id;
9061
9062	retval = CTL_RETVAL_COMPLETE;
9063	cdb = (struct scsi_report_luns *)ctsio->cdb;
9064	port = ctl_io_port(&ctsio->io_hdr);
9065	softc = port->ctl_softc;
9066
9067	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9068
9069	mtx_lock(&softc->ctl_lock);
9070	num_luns = 0;
9071	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9072		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9073			num_luns++;
9074	}
9075	mtx_unlock(&softc->ctl_lock);
9076
9077	switch (cdb->select_report) {
9078	case RPL_REPORT_DEFAULT:
9079	case RPL_REPORT_ALL:
9080	case RPL_REPORT_NONSUBSID:
9081		break;
9082	case RPL_REPORT_WELLKNOWN:
9083	case RPL_REPORT_ADMIN:
9084	case RPL_REPORT_CONGLOM:
9085		num_luns = 0;
9086		break;
9087	default:
9088		ctl_set_invalid_field(ctsio,
9089				      /*sks_valid*/ 1,
9090				      /*command*/ 1,
9091				      /*field*/ 2,
9092				      /*bit_valid*/ 0,
9093				      /*bit*/ 0);
9094		ctl_done((union ctl_io *)ctsio);
9095		return (retval);
9096		break; /* NOTREACHED */
9097	}
9098
9099	alloc_len = scsi_4btoul(cdb->length);
9100	/*
9101	 * The initiator has to allocate at least 16 bytes for this request,
9102	 * so he can at least get the header and the first LUN.  Otherwise
9103	 * we reject the request (per SPC-3 rev 14, section 6.21).
9104	 */
9105	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9106	    sizeof(struct scsi_report_luns_lundata))) {
9107		ctl_set_invalid_field(ctsio,
9108				      /*sks_valid*/ 1,
9109				      /*command*/ 1,
9110				      /*field*/ 6,
9111				      /*bit_valid*/ 0,
9112				      /*bit*/ 0);
9113		ctl_done((union ctl_io *)ctsio);
9114		return (retval);
9115	}
9116
9117	request_lun = (struct ctl_lun *)
9118		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9119
9120	lun_datalen = sizeof(*lun_data) +
9121		(num_luns * sizeof(struct scsi_report_luns_lundata));
9122
9123	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9124	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9125	ctsio->kern_sg_entries = 0;
9126
9127	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9128
9129	mtx_lock(&softc->ctl_lock);
9130	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9131		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9132		if (lun_id >= CTL_MAX_LUNS)
9133			continue;
9134		lun = softc->ctl_luns[lun_id];
9135		if (lun == NULL)
9136			continue;
9137
9138		be64enc(lun_data->luns[num_filled++].lundata,
9139		    ctl_encode_lun(targ_lun_id));
9140
9141		/*
9142		 * According to SPC-3, rev 14 section 6.21:
9143		 *
9144		 * "The execution of a REPORT LUNS command to any valid and
9145		 * installed logical unit shall clear the REPORTED LUNS DATA
9146		 * HAS CHANGED unit attention condition for all logical
9147		 * units of that target with respect to the requesting
9148		 * initiator. A valid and installed logical unit is one
9149		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9150		 * INQUIRY data (see 6.4.2)."
9151		 *
9152		 * If request_lun is NULL, the LUN this report luns command
9153		 * was issued to is either disabled or doesn't exist. In that
9154		 * case, we shouldn't clear any pending lun change unit
9155		 * attention.
9156		 */
9157		if (request_lun != NULL) {
9158			mtx_lock(&lun->lun_lock);
9159			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9160			mtx_unlock(&lun->lun_lock);
9161		}
9162	}
9163	mtx_unlock(&softc->ctl_lock);
9164
9165	/*
9166	 * It's quite possible that we've returned fewer LUNs than we allocated
9167	 * space for.  Trim it.
9168	 */
9169	lun_datalen = sizeof(*lun_data) +
9170		(num_filled * sizeof(struct scsi_report_luns_lundata));
9171
9172	if (lun_datalen < alloc_len) {
9173		ctsio->residual = alloc_len - lun_datalen;
9174		ctsio->kern_data_len = lun_datalen;
9175		ctsio->kern_total_len = lun_datalen;
9176	} else {
9177		ctsio->residual = 0;
9178		ctsio->kern_data_len = alloc_len;
9179		ctsio->kern_total_len = alloc_len;
9180	}
9181	ctsio->kern_data_resid = 0;
9182	ctsio->kern_rel_offset = 0;
9183	ctsio->kern_sg_entries = 0;
9184
9185	/*
9186	 * We set this to the actual data length, regardless of how much
9187	 * space we actually have to return results.  If the user looks at
9188	 * this value, he'll know whether or not he allocated enough space
9189	 * and reissue the command if necessary.  We don't support well
9190	 * known logical units, so if the user asks for that, return none.
9191	 */
9192	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9193
9194	/*
9195	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9196	 * this request.
9197	 */
9198	ctl_set_success(ctsio);
9199	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9200	ctsio->be_move_done = ctl_config_move_done;
9201	ctl_datamove((union ctl_io *)ctsio);
9202	return (retval);
9203}
9204
9205int
9206ctl_request_sense(struct ctl_scsiio *ctsio)
9207{
9208	struct scsi_request_sense *cdb;
9209	struct scsi_sense_data *sense_ptr;
9210	struct ctl_softc *softc;
9211	struct ctl_lun *lun;
9212	uint32_t initidx;
9213	int have_error;
9214	scsi_sense_data_type sense_format;
9215	ctl_ua_type ua_type;
9216	uint8_t asc = 0, ascq = 0;
9217
9218	cdb = (struct scsi_request_sense *)ctsio->cdb;
9219
9220	softc = control_softc;
9221	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9222
9223	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9224
9225	/*
9226	 * Determine which sense format the user wants.
9227	 */
9228	if (cdb->byte2 & SRS_DESC)
9229		sense_format = SSD_TYPE_DESC;
9230	else
9231		sense_format = SSD_TYPE_FIXED;
9232
9233	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9234	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9235	ctsio->kern_sg_entries = 0;
9236
9237	/*
9238	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9239	 * larger than the largest allowed value for the length field in the
9240	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9241	 */
9242	ctsio->residual = 0;
9243	ctsio->kern_data_len = cdb->length;
9244	ctsio->kern_total_len = cdb->length;
9245
9246	ctsio->kern_data_resid = 0;
9247	ctsio->kern_rel_offset = 0;
9248	ctsio->kern_sg_entries = 0;
9249
9250	/*
9251	 * If we don't have a LUN, we don't have any pending sense.
9252	 */
9253	if (lun == NULL ||
9254	    ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
9255	     softc->ha_link < CTL_HA_LINK_UNKNOWN)) {
9256		/* "Logical unit not supported" */
9257		ctl_set_sense_data(sense_ptr, NULL, sense_format,
9258		    /*current_error*/ 1,
9259		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
9260		    /*asc*/ 0x25,
9261		    /*ascq*/ 0x00,
9262		    SSD_ELEM_NONE);
9263		goto send;
9264	}
9265
9266	have_error = 0;
9267	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9268	/*
9269	 * Check for pending sense, and then for pending unit attentions.
9270	 * Pending sense gets returned first, then pending unit attentions.
9271	 */
9272	mtx_lock(&lun->lun_lock);
9273#ifdef CTL_WITH_CA
9274	if (ctl_is_set(lun->have_ca, initidx)) {
9275		scsi_sense_data_type stored_format;
9276
9277		/*
9278		 * Check to see which sense format was used for the stored
9279		 * sense data.
9280		 */
9281		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9282
9283		/*
9284		 * If the user requested a different sense format than the
9285		 * one we stored, then we need to convert it to the other
9286		 * format.  If we're going from descriptor to fixed format
9287		 * sense data, we may lose things in translation, depending
9288		 * on what options were used.
9289		 *
9290		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9291		 * for some reason we'll just copy it out as-is.
9292		 */
9293		if ((stored_format == SSD_TYPE_FIXED)
9294		 && (sense_format == SSD_TYPE_DESC))
9295			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9296			    &lun->pending_sense[initidx],
9297			    (struct scsi_sense_data_desc *)sense_ptr);
9298		else if ((stored_format == SSD_TYPE_DESC)
9299		      && (sense_format == SSD_TYPE_FIXED))
9300			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9301			    &lun->pending_sense[initidx],
9302			    (struct scsi_sense_data_fixed *)sense_ptr);
9303		else
9304			memcpy(sense_ptr, &lun->pending_sense[initidx],
9305			       MIN(sizeof(*sense_ptr),
9306			       sizeof(lun->pending_sense[initidx])));
9307
9308		ctl_clear_mask(lun->have_ca, initidx);
9309		have_error = 1;
9310	} else
9311#endif
9312	if (have_error == 0) {
9313		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9314		if (ua_type != CTL_UA_NONE)
9315			have_error = 1;
9316	}
9317	if (have_error == 0) {
9318		/*
9319		 * Report informational exception if have one and allowed.
9320		 */
9321		if (lun->MODE_IE.mrie != SIEP_MRIE_NO) {
9322			asc = lun->ie_asc;
9323			ascq = lun->ie_ascq;
9324		}
9325		ctl_set_sense_data(sense_ptr, lun, sense_format,
9326		    /*current_error*/ 1,
9327		    /*sense_key*/ SSD_KEY_NO_SENSE,
9328		    /*asc*/ asc,
9329		    /*ascq*/ ascq,
9330		    SSD_ELEM_NONE);
9331	}
9332	mtx_unlock(&lun->lun_lock);
9333
9334send:
9335	/*
9336	 * We report the SCSI status as OK, since the status of the command
9337	 * itself is OK.  We're reporting sense as parameter data.
9338	 */
9339	ctl_set_success(ctsio);
9340	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9341	ctsio->be_move_done = ctl_config_move_done;
9342	ctl_datamove((union ctl_io *)ctsio);
9343	return (CTL_RETVAL_COMPLETE);
9344}
9345
9346int
9347ctl_tur(struct ctl_scsiio *ctsio)
9348{
9349
9350	CTL_DEBUG_PRINT(("ctl_tur\n"));
9351
9352	ctl_set_success(ctsio);
9353	ctl_done((union ctl_io *)ctsio);
9354
9355	return (CTL_RETVAL_COMPLETE);
9356}
9357
9358/*
9359 * SCSI VPD page 0x00, the Supported VPD Pages page.
9360 */
9361static int
9362ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9363{
9364	struct scsi_vpd_supported_pages *pages;
9365	int sup_page_size;
9366	struct ctl_lun *lun;
9367	int p;
9368
9369	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9370
9371	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9372	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9373	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9374	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9375	ctsio->kern_sg_entries = 0;
9376
9377	if (sup_page_size < alloc_len) {
9378		ctsio->residual = alloc_len - sup_page_size;
9379		ctsio->kern_data_len = sup_page_size;
9380		ctsio->kern_total_len = sup_page_size;
9381	} else {
9382		ctsio->residual = 0;
9383		ctsio->kern_data_len = alloc_len;
9384		ctsio->kern_total_len = alloc_len;
9385	}
9386	ctsio->kern_data_resid = 0;
9387	ctsio->kern_rel_offset = 0;
9388	ctsio->kern_sg_entries = 0;
9389
9390	/*
9391	 * The control device is always connected.  The disk device, on the
9392	 * other hand, may not be online all the time.  Need to change this
9393	 * to figure out whether the disk device is actually online or not.
9394	 */
9395	if (lun != NULL)
9396		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9397				lun->be_lun->lun_type;
9398	else
9399		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9400
9401	p = 0;
9402	/* Supported VPD pages */
9403	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9404	/* Serial Number */
9405	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9406	/* Device Identification */
9407	pages->page_list[p++] = SVPD_DEVICE_ID;
9408	/* Extended INQUIRY Data */
9409	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9410	/* Mode Page Policy */
9411	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9412	/* SCSI Ports */
9413	pages->page_list[p++] = SVPD_SCSI_PORTS;
9414	/* Third-party Copy */
9415	pages->page_list[p++] = SVPD_SCSI_TPC;
9416	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9417		/* Block limits */
9418		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9419		/* Block Device Characteristics */
9420		pages->page_list[p++] = SVPD_BDC;
9421		/* Logical Block Provisioning */
9422		pages->page_list[p++] = SVPD_LBP;
9423	}
9424	pages->length = p;
9425
9426	ctl_set_success(ctsio);
9427	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9428	ctsio->be_move_done = ctl_config_move_done;
9429	ctl_datamove((union ctl_io *)ctsio);
9430	return (CTL_RETVAL_COMPLETE);
9431}
9432
9433/*
9434 * SCSI VPD page 0x80, the Unit Serial Number page.
9435 */
9436static int
9437ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9438{
9439	struct scsi_vpd_unit_serial_number *sn_ptr;
9440	struct ctl_lun *lun;
9441	int data_len;
9442
9443	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9444
9445	data_len = 4 + CTL_SN_LEN;
9446	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9447	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9448	if (data_len < alloc_len) {
9449		ctsio->residual = alloc_len - data_len;
9450		ctsio->kern_data_len = data_len;
9451		ctsio->kern_total_len = data_len;
9452	} else {
9453		ctsio->residual = 0;
9454		ctsio->kern_data_len = alloc_len;
9455		ctsio->kern_total_len = alloc_len;
9456	}
9457	ctsio->kern_data_resid = 0;
9458	ctsio->kern_rel_offset = 0;
9459	ctsio->kern_sg_entries = 0;
9460
9461	/*
9462	 * The control device is always connected.  The disk device, on the
9463	 * other hand, may not be online all the time.  Need to change this
9464	 * to figure out whether the disk device is actually online or not.
9465	 */
9466	if (lun != NULL)
9467		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9468				  lun->be_lun->lun_type;
9469	else
9470		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9471
9472	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9473	sn_ptr->length = CTL_SN_LEN;
9474	/*
9475	 * If we don't have a LUN, we just leave the serial number as
9476	 * all spaces.
9477	 */
9478	if (lun != NULL) {
9479		strncpy((char *)sn_ptr->serial_num,
9480			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9481	} else
9482		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9483
9484	ctl_set_success(ctsio);
9485	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9486	ctsio->be_move_done = ctl_config_move_done;
9487	ctl_datamove((union ctl_io *)ctsio);
9488	return (CTL_RETVAL_COMPLETE);
9489}
9490
9491
9492/*
9493 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9494 */
9495static int
9496ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9497{
9498	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9499	struct ctl_lun *lun;
9500	int data_len;
9501
9502	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9503
9504	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9505	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9506	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9507	ctsio->kern_sg_entries = 0;
9508
9509	if (data_len < alloc_len) {
9510		ctsio->residual = alloc_len - data_len;
9511		ctsio->kern_data_len = data_len;
9512		ctsio->kern_total_len = data_len;
9513	} else {
9514		ctsio->residual = 0;
9515		ctsio->kern_data_len = alloc_len;
9516		ctsio->kern_total_len = alloc_len;
9517	}
9518	ctsio->kern_data_resid = 0;
9519	ctsio->kern_rel_offset = 0;
9520	ctsio->kern_sg_entries = 0;
9521
9522	/*
9523	 * The control device is always connected.  The disk device, on the
9524	 * other hand, may not be online all the time.
9525	 */
9526	if (lun != NULL)
9527		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9528				     lun->be_lun->lun_type;
9529	else
9530		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9531	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9532	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9533	/*
9534	 * We support head of queue, ordered and simple tags.
9535	 */
9536	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9537	/*
9538	 * Volatile cache supported.
9539	 */
9540	eid_ptr->flags3 = SVPD_EID_V_SUP;
9541
9542	/*
9543	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9544	 * attention for a particular IT nexus on all LUNs once we report
9545	 * it to that nexus once.  This bit is required as of SPC-4.
9546	 */
9547	eid_ptr->flags4 = SVPD_EID_LUICLR;
9548
9549	/*
9550	 * XXX KDM in order to correctly answer this, we would need
9551	 * information from the SIM to determine how much sense data it
9552	 * can send.  So this would really be a path inquiry field, most
9553	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9554	 * but the hardware may or may not be able to support that much.
9555	 * 0 just means that the maximum sense data length is not reported.
9556	 */
9557	eid_ptr->max_sense_length = 0;
9558
9559	ctl_set_success(ctsio);
9560	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9561	ctsio->be_move_done = ctl_config_move_done;
9562	ctl_datamove((union ctl_io *)ctsio);
9563	return (CTL_RETVAL_COMPLETE);
9564}
9565
9566static int
9567ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9568{
9569	struct scsi_vpd_mode_page_policy *mpp_ptr;
9570	struct ctl_lun *lun;
9571	int data_len;
9572
9573	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9574
9575	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9576	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9577
9578	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9579	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9580	ctsio->kern_sg_entries = 0;
9581
9582	if (data_len < alloc_len) {
9583		ctsio->residual = alloc_len - data_len;
9584		ctsio->kern_data_len = data_len;
9585		ctsio->kern_total_len = data_len;
9586	} else {
9587		ctsio->residual = 0;
9588		ctsio->kern_data_len = alloc_len;
9589		ctsio->kern_total_len = alloc_len;
9590	}
9591	ctsio->kern_data_resid = 0;
9592	ctsio->kern_rel_offset = 0;
9593	ctsio->kern_sg_entries = 0;
9594
9595	/*
9596	 * The control device is always connected.  The disk device, on the
9597	 * other hand, may not be online all the time.
9598	 */
9599	if (lun != NULL)
9600		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9601				     lun->be_lun->lun_type;
9602	else
9603		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9604	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9605	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9606	mpp_ptr->descr[0].page_code = 0x3f;
9607	mpp_ptr->descr[0].subpage_code = 0xff;
9608	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9609
9610	ctl_set_success(ctsio);
9611	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9612	ctsio->be_move_done = ctl_config_move_done;
9613	ctl_datamove((union ctl_io *)ctsio);
9614	return (CTL_RETVAL_COMPLETE);
9615}
9616
9617/*
9618 * SCSI VPD page 0x83, the Device Identification page.
9619 */
9620static int
9621ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9622{
9623	struct scsi_vpd_device_id *devid_ptr;
9624	struct scsi_vpd_id_descriptor *desc;
9625	struct ctl_softc *softc;
9626	struct ctl_lun *lun;
9627	struct ctl_port *port;
9628	int data_len, g;
9629	uint8_t proto;
9630
9631	softc = control_softc;
9632
9633	port = ctl_io_port(&ctsio->io_hdr);
9634	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9635
9636	data_len = sizeof(struct scsi_vpd_device_id) +
9637	    sizeof(struct scsi_vpd_id_descriptor) +
9638		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9639	    sizeof(struct scsi_vpd_id_descriptor) +
9640		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9641	if (lun && lun->lun_devid)
9642		data_len += lun->lun_devid->len;
9643	if (port && port->port_devid)
9644		data_len += port->port_devid->len;
9645	if (port && port->target_devid)
9646		data_len += port->target_devid->len;
9647
9648	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9649	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9650	ctsio->kern_sg_entries = 0;
9651
9652	if (data_len < alloc_len) {
9653		ctsio->residual = alloc_len - data_len;
9654		ctsio->kern_data_len = data_len;
9655		ctsio->kern_total_len = data_len;
9656	} else {
9657		ctsio->residual = 0;
9658		ctsio->kern_data_len = alloc_len;
9659		ctsio->kern_total_len = alloc_len;
9660	}
9661	ctsio->kern_data_resid = 0;
9662	ctsio->kern_rel_offset = 0;
9663	ctsio->kern_sg_entries = 0;
9664
9665	/*
9666	 * The control device is always connected.  The disk device, on the
9667	 * other hand, may not be online all the time.
9668	 */
9669	if (lun != NULL)
9670		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9671				     lun->be_lun->lun_type;
9672	else
9673		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9674	devid_ptr->page_code = SVPD_DEVICE_ID;
9675	scsi_ulto2b(data_len - 4, devid_ptr->length);
9676
9677	if (port && port->port_type == CTL_PORT_FC)
9678		proto = SCSI_PROTO_FC << 4;
9679	else if (port && port->port_type == CTL_PORT_ISCSI)
9680		proto = SCSI_PROTO_ISCSI << 4;
9681	else
9682		proto = SCSI_PROTO_SPI << 4;
9683	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9684
9685	/*
9686	 * We're using a LUN association here.  i.e., this device ID is a
9687	 * per-LUN identifier.
9688	 */
9689	if (lun && lun->lun_devid) {
9690		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9691		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9692		    lun->lun_devid->len);
9693	}
9694
9695	/*
9696	 * This is for the WWPN which is a port association.
9697	 */
9698	if (port && port->port_devid) {
9699		memcpy(desc, port->port_devid->data, port->port_devid->len);
9700		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9701		    port->port_devid->len);
9702	}
9703
9704	/*
9705	 * This is for the Relative Target Port(type 4h) identifier
9706	 */
9707	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9708	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9709	    SVPD_ID_TYPE_RELTARG;
9710	desc->length = 4;
9711	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9712	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9713	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9714
9715	/*
9716	 * This is for the Target Port Group(type 5h) identifier
9717	 */
9718	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9719	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9720	    SVPD_ID_TYPE_TPORTGRP;
9721	desc->length = 4;
9722	if (softc->is_single ||
9723	    (port && port->status & CTL_PORT_STATUS_HA_SHARED))
9724		g = 1;
9725	else
9726		g = 2 + ctsio->io_hdr.nexus.targ_port / softc->port_cnt;
9727	scsi_ulto2b(g, &desc->identifier[2]);
9728	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9729	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9730
9731	/*
9732	 * This is for the Target identifier
9733	 */
9734	if (port && port->target_devid) {
9735		memcpy(desc, port->target_devid->data, port->target_devid->len);
9736	}
9737
9738	ctl_set_success(ctsio);
9739	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9740	ctsio->be_move_done = ctl_config_move_done;
9741	ctl_datamove((union ctl_io *)ctsio);
9742	return (CTL_RETVAL_COMPLETE);
9743}
9744
9745static int
9746ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9747{
9748	struct ctl_softc *softc = control_softc;
9749	struct scsi_vpd_scsi_ports *sp;
9750	struct scsi_vpd_port_designation *pd;
9751	struct scsi_vpd_port_designation_cont *pdc;
9752	struct ctl_lun *lun;
9753	struct ctl_port *port;
9754	int data_len, num_target_ports, iid_len, id_len;
9755
9756	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9757
9758	num_target_ports = 0;
9759	iid_len = 0;
9760	id_len = 0;
9761	mtx_lock(&softc->ctl_lock);
9762	STAILQ_FOREACH(port, &softc->port_list, links) {
9763		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9764			continue;
9765		if (lun != NULL &&
9766		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9767			continue;
9768		num_target_ports++;
9769		if (port->init_devid)
9770			iid_len += port->init_devid->len;
9771		if (port->port_devid)
9772			id_len += port->port_devid->len;
9773	}
9774	mtx_unlock(&softc->ctl_lock);
9775
9776	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9777	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9778	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9779	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9780	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9781	ctsio->kern_sg_entries = 0;
9782
9783	if (data_len < alloc_len) {
9784		ctsio->residual = alloc_len - data_len;
9785		ctsio->kern_data_len = data_len;
9786		ctsio->kern_total_len = data_len;
9787	} else {
9788		ctsio->residual = 0;
9789		ctsio->kern_data_len = alloc_len;
9790		ctsio->kern_total_len = alloc_len;
9791	}
9792	ctsio->kern_data_resid = 0;
9793	ctsio->kern_rel_offset = 0;
9794	ctsio->kern_sg_entries = 0;
9795
9796	/*
9797	 * The control device is always connected.  The disk device, on the
9798	 * other hand, may not be online all the time.  Need to change this
9799	 * to figure out whether the disk device is actually online or not.
9800	 */
9801	if (lun != NULL)
9802		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9803				  lun->be_lun->lun_type;
9804	else
9805		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9806
9807	sp->page_code = SVPD_SCSI_PORTS;
9808	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9809	    sp->page_length);
9810	pd = &sp->design[0];
9811
9812	mtx_lock(&softc->ctl_lock);
9813	STAILQ_FOREACH(port, &softc->port_list, links) {
9814		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9815			continue;
9816		if (lun != NULL &&
9817		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9818			continue;
9819		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9820		if (port->init_devid) {
9821			iid_len = port->init_devid->len;
9822			memcpy(pd->initiator_transportid,
9823			    port->init_devid->data, port->init_devid->len);
9824		} else
9825			iid_len = 0;
9826		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9827		pdc = (struct scsi_vpd_port_designation_cont *)
9828		    (&pd->initiator_transportid[iid_len]);
9829		if (port->port_devid) {
9830			id_len = port->port_devid->len;
9831			memcpy(pdc->target_port_descriptors,
9832			    port->port_devid->data, port->port_devid->len);
9833		} else
9834			id_len = 0;
9835		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9836		pd = (struct scsi_vpd_port_designation *)
9837		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9838	}
9839	mtx_unlock(&softc->ctl_lock);
9840
9841	ctl_set_success(ctsio);
9842	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9843	ctsio->be_move_done = ctl_config_move_done;
9844	ctl_datamove((union ctl_io *)ctsio);
9845	return (CTL_RETVAL_COMPLETE);
9846}
9847
9848static int
9849ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9850{
9851	struct scsi_vpd_block_limits *bl_ptr;
9852	struct ctl_lun *lun;
9853	uint64_t ival;
9854
9855	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9856
9857	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9858	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9859	ctsio->kern_sg_entries = 0;
9860
9861	if (sizeof(*bl_ptr) < alloc_len) {
9862		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9863		ctsio->kern_data_len = sizeof(*bl_ptr);
9864		ctsio->kern_total_len = sizeof(*bl_ptr);
9865	} else {
9866		ctsio->residual = 0;
9867		ctsio->kern_data_len = alloc_len;
9868		ctsio->kern_total_len = alloc_len;
9869	}
9870	ctsio->kern_data_resid = 0;
9871	ctsio->kern_rel_offset = 0;
9872	ctsio->kern_sg_entries = 0;
9873
9874	/*
9875	 * The control device is always connected.  The disk device, on the
9876	 * other hand, may not be online all the time.  Need to change this
9877	 * to figure out whether the disk device is actually online or not.
9878	 */
9879	if (lun != NULL)
9880		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9881				  lun->be_lun->lun_type;
9882	else
9883		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9884
9885	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9886	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9887	bl_ptr->max_cmp_write_len = 0xff;
9888	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9889	if (lun != NULL) {
9890		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9891		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9892			ival = 0xffffffff;
9893			ctl_get_opt_number(&lun->be_lun->options,
9894			    "unmap_max_lba", &ival);
9895			scsi_ulto4b(ival, bl_ptr->max_unmap_lba_cnt);
9896			ival = 0xffffffff;
9897			ctl_get_opt_number(&lun->be_lun->options,
9898			    "unmap_max_descr", &ival);
9899			scsi_ulto4b(ival, bl_ptr->max_unmap_blk_cnt);
9900			if (lun->be_lun->ublockexp != 0) {
9901				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9902				    bl_ptr->opt_unmap_grain);
9903				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9904				    bl_ptr->unmap_grain_align);
9905			}
9906		}
9907		scsi_ulto4b(lun->be_lun->atomicblock,
9908		    bl_ptr->max_atomic_transfer_length);
9909		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9910		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9911		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9912		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9913		ival = UINT64_MAX;
9914		ctl_get_opt_number(&lun->be_lun->options, "write_same_max_lba", &ival);
9915		scsi_u64to8b(ival, bl_ptr->max_write_same_length);
9916	}
9917
9918	ctl_set_success(ctsio);
9919	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9920	ctsio->be_move_done = ctl_config_move_done;
9921	ctl_datamove((union ctl_io *)ctsio);
9922	return (CTL_RETVAL_COMPLETE);
9923}
9924
9925static int
9926ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9927{
9928	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9929	struct ctl_lun *lun;
9930	const char *value;
9931	u_int i;
9932
9933	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9934
9935	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9936	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9937	ctsio->kern_sg_entries = 0;
9938
9939	if (sizeof(*bdc_ptr) < alloc_len) {
9940		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9941		ctsio->kern_data_len = sizeof(*bdc_ptr);
9942		ctsio->kern_total_len = sizeof(*bdc_ptr);
9943	} else {
9944		ctsio->residual = 0;
9945		ctsio->kern_data_len = alloc_len;
9946		ctsio->kern_total_len = alloc_len;
9947	}
9948	ctsio->kern_data_resid = 0;
9949	ctsio->kern_rel_offset = 0;
9950	ctsio->kern_sg_entries = 0;
9951
9952	/*
9953	 * The control device is always connected.  The disk device, on the
9954	 * other hand, may not be online all the time.  Need to change this
9955	 * to figure out whether the disk device is actually online or not.
9956	 */
9957	if (lun != NULL)
9958		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9959				  lun->be_lun->lun_type;
9960	else
9961		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9962	bdc_ptr->page_code = SVPD_BDC;
9963	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9964	if (lun != NULL &&
9965	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9966		i = strtol(value, NULL, 0);
9967	else
9968		i = CTL_DEFAULT_ROTATION_RATE;
9969	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9970	if (lun != NULL &&
9971	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9972		i = strtol(value, NULL, 0);
9973	else
9974		i = 0;
9975	bdc_ptr->wab_wac_ff = (i & 0x0f);
9976	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9977
9978	ctl_set_success(ctsio);
9979	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9980	ctsio->be_move_done = ctl_config_move_done;
9981	ctl_datamove((union ctl_io *)ctsio);
9982	return (CTL_RETVAL_COMPLETE);
9983}
9984
9985static int
9986ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9987{
9988	struct scsi_vpd_logical_block_prov *lbp_ptr;
9989	struct ctl_lun *lun;
9990	const char *value;
9991
9992	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9993
9994	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9995	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9996	ctsio->kern_sg_entries = 0;
9997
9998	if (sizeof(*lbp_ptr) < alloc_len) {
9999		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10000		ctsio->kern_data_len = sizeof(*lbp_ptr);
10001		ctsio->kern_total_len = sizeof(*lbp_ptr);
10002	} else {
10003		ctsio->residual = 0;
10004		ctsio->kern_data_len = alloc_len;
10005		ctsio->kern_total_len = alloc_len;
10006	}
10007	ctsio->kern_data_resid = 0;
10008	ctsio->kern_rel_offset = 0;
10009	ctsio->kern_sg_entries = 0;
10010
10011	/*
10012	 * The control device is always connected.  The disk device, on the
10013	 * other hand, may not be online all the time.  Need to change this
10014	 * to figure out whether the disk device is actually online or not.
10015	 */
10016	if (lun != NULL)
10017		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10018				  lun->be_lun->lun_type;
10019	else
10020		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10021
10022	lbp_ptr->page_code = SVPD_LBP;
10023	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10024	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10025	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10026		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10027		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10028		value = ctl_get_opt(&lun->be_lun->options, "provisioning_type");
10029		if (value != NULL) {
10030			if (strcmp(value, "resource") == 0)
10031				lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
10032			else if (strcmp(value, "thin") == 0)
10033				lbp_ptr->prov_type = SVPD_LBP_THIN;
10034		} else
10035			lbp_ptr->prov_type = SVPD_LBP_THIN;
10036	}
10037
10038	ctl_set_success(ctsio);
10039	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10040	ctsio->be_move_done = ctl_config_move_done;
10041	ctl_datamove((union ctl_io *)ctsio);
10042	return (CTL_RETVAL_COMPLETE);
10043}
10044
10045/*
10046 * INQUIRY with the EVPD bit set.
10047 */
10048static int
10049ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10050{
10051	struct ctl_lun *lun;
10052	struct scsi_inquiry *cdb;
10053	int alloc_len, retval;
10054
10055	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10056	cdb = (struct scsi_inquiry *)ctsio->cdb;
10057	alloc_len = scsi_2btoul(cdb->length);
10058
10059	switch (cdb->page_code) {
10060	case SVPD_SUPPORTED_PAGES:
10061		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10062		break;
10063	case SVPD_UNIT_SERIAL_NUMBER:
10064		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10065		break;
10066	case SVPD_DEVICE_ID:
10067		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10068		break;
10069	case SVPD_EXTENDED_INQUIRY_DATA:
10070		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10071		break;
10072	case SVPD_MODE_PAGE_POLICY:
10073		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10074		break;
10075	case SVPD_SCSI_PORTS:
10076		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10077		break;
10078	case SVPD_SCSI_TPC:
10079		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10080		break;
10081	case SVPD_BLOCK_LIMITS:
10082		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10083			goto err;
10084		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10085		break;
10086	case SVPD_BDC:
10087		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10088			goto err;
10089		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10090		break;
10091	case SVPD_LBP:
10092		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10093			goto err;
10094		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10095		break;
10096	default:
10097err:
10098		ctl_set_invalid_field(ctsio,
10099				      /*sks_valid*/ 1,
10100				      /*command*/ 1,
10101				      /*field*/ 2,
10102				      /*bit_valid*/ 0,
10103				      /*bit*/ 0);
10104		ctl_done((union ctl_io *)ctsio);
10105		retval = CTL_RETVAL_COMPLETE;
10106		break;
10107	}
10108
10109	return (retval);
10110}
10111
10112/*
10113 * Standard INQUIRY data.
10114 */
10115static int
10116ctl_inquiry_std(struct ctl_scsiio *ctsio)
10117{
10118	struct scsi_inquiry_data *inq_ptr;
10119	struct scsi_inquiry *cdb;
10120	struct ctl_softc *softc = control_softc;
10121	struct ctl_port *port;
10122	struct ctl_lun *lun;
10123	char *val;
10124	uint32_t alloc_len, data_len;
10125	ctl_port_type port_type;
10126
10127	port = ctl_io_port(&ctsio->io_hdr);
10128	port_type = port->port_type;
10129	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10130		port_type = CTL_PORT_SCSI;
10131
10132	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10133	cdb = (struct scsi_inquiry *)ctsio->cdb;
10134	alloc_len = scsi_2btoul(cdb->length);
10135
10136	/*
10137	 * We malloc the full inquiry data size here and fill it
10138	 * in.  If the user only asks for less, we'll give him
10139	 * that much.
10140	 */
10141	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10142	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10143	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10144	ctsio->kern_sg_entries = 0;
10145	ctsio->kern_data_resid = 0;
10146	ctsio->kern_rel_offset = 0;
10147
10148	if (data_len < alloc_len) {
10149		ctsio->residual = alloc_len - data_len;
10150		ctsio->kern_data_len = data_len;
10151		ctsio->kern_total_len = data_len;
10152	} else {
10153		ctsio->residual = 0;
10154		ctsio->kern_data_len = alloc_len;
10155		ctsio->kern_total_len = alloc_len;
10156	}
10157
10158	if (lun != NULL) {
10159		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10160		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10161			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10162			    lun->be_lun->lun_type;
10163		} else {
10164			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10165			    lun->be_lun->lun_type;
10166		}
10167		if (lun->flags & CTL_LUN_REMOVABLE)
10168			inq_ptr->dev_qual2 |= SID_RMB;
10169	} else
10170		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10171
10172	/* RMB in byte 2 is 0 */
10173	inq_ptr->version = SCSI_REV_SPC5;
10174
10175	/*
10176	 * According to SAM-3, even if a device only supports a single
10177	 * level of LUN addressing, it should still set the HISUP bit:
10178	 *
10179	 * 4.9.1 Logical unit numbers overview
10180	 *
10181	 * All logical unit number formats described in this standard are
10182	 * hierarchical in structure even when only a single level in that
10183	 * hierarchy is used. The HISUP bit shall be set to one in the
10184	 * standard INQUIRY data (see SPC-2) when any logical unit number
10185	 * format described in this standard is used.  Non-hierarchical
10186	 * formats are outside the scope of this standard.
10187	 *
10188	 * Therefore we set the HiSup bit here.
10189	 *
10190	 * The response format is 2, per SPC-3.
10191	 */
10192	inq_ptr->response_format = SID_HiSup | 2;
10193
10194	inq_ptr->additional_length = data_len -
10195	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10196	CTL_DEBUG_PRINT(("additional_length = %d\n",
10197			 inq_ptr->additional_length));
10198
10199	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10200	if (port_type == CTL_PORT_SCSI)
10201		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10202	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10203	inq_ptr->flags = SID_CmdQue;
10204	if (port_type == CTL_PORT_SCSI)
10205		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10206
10207	/*
10208	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10209	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10210	 * name and 4 bytes for the revision.
10211	 */
10212	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10213	    "vendor")) == NULL) {
10214		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10215	} else {
10216		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10217		strncpy(inq_ptr->vendor, val,
10218		    min(sizeof(inq_ptr->vendor), strlen(val)));
10219	}
10220	if (lun == NULL) {
10221		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10222		    sizeof(inq_ptr->product));
10223	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10224		switch (lun->be_lun->lun_type) {
10225		case T_DIRECT:
10226			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10227			    sizeof(inq_ptr->product));
10228			break;
10229		case T_PROCESSOR:
10230			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10231			    sizeof(inq_ptr->product));
10232			break;
10233		case T_CDROM:
10234			strncpy(inq_ptr->product, CTL_CDROM_PRODUCT,
10235			    sizeof(inq_ptr->product));
10236			break;
10237		default:
10238			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10239			    sizeof(inq_ptr->product));
10240			break;
10241		}
10242	} else {
10243		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10244		strncpy(inq_ptr->product, val,
10245		    min(sizeof(inq_ptr->product), strlen(val)));
10246	}
10247
10248	/*
10249	 * XXX make this a macro somewhere so it automatically gets
10250	 * incremented when we make changes.
10251	 */
10252	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10253	    "revision")) == NULL) {
10254		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10255	} else {
10256		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10257		strncpy(inq_ptr->revision, val,
10258		    min(sizeof(inq_ptr->revision), strlen(val)));
10259	}
10260
10261	/*
10262	 * For parallel SCSI, we support double transition and single
10263	 * transition clocking.  We also support QAS (Quick Arbitration
10264	 * and Selection) and Information Unit transfers on both the
10265	 * control and array devices.
10266	 */
10267	if (port_type == CTL_PORT_SCSI)
10268		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10269				    SID_SPI_IUS;
10270
10271	/* SAM-6 (no version claimed) */
10272	scsi_ulto2b(0x00C0, inq_ptr->version1);
10273	/* SPC-5 (no version claimed) */
10274	scsi_ulto2b(0x05C0, inq_ptr->version2);
10275	if (port_type == CTL_PORT_FC) {
10276		/* FCP-2 ANSI INCITS.350:2003 */
10277		scsi_ulto2b(0x0917, inq_ptr->version3);
10278	} else if (port_type == CTL_PORT_SCSI) {
10279		/* SPI-4 ANSI INCITS.362:200x */
10280		scsi_ulto2b(0x0B56, inq_ptr->version3);
10281	} else if (port_type == CTL_PORT_ISCSI) {
10282		/* iSCSI (no version claimed) */
10283		scsi_ulto2b(0x0960, inq_ptr->version3);
10284	} else if (port_type == CTL_PORT_SAS) {
10285		/* SAS (no version claimed) */
10286		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10287	}
10288
10289	if (lun == NULL) {
10290		/* SBC-4 (no version claimed) */
10291		scsi_ulto2b(0x0600, inq_ptr->version4);
10292	} else {
10293		switch (lun->be_lun->lun_type) {
10294		case T_DIRECT:
10295			/* SBC-4 (no version claimed) */
10296			scsi_ulto2b(0x0600, inq_ptr->version4);
10297			break;
10298		case T_PROCESSOR:
10299			break;
10300		case T_CDROM:
10301			/* MMC-6 (no version claimed) */
10302			scsi_ulto2b(0x04E0, inq_ptr->version4);
10303			break;
10304		default:
10305			break;
10306		}
10307	}
10308
10309	ctl_set_success(ctsio);
10310	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10311	ctsio->be_move_done = ctl_config_move_done;
10312	ctl_datamove((union ctl_io *)ctsio);
10313	return (CTL_RETVAL_COMPLETE);
10314}
10315
10316int
10317ctl_inquiry(struct ctl_scsiio *ctsio)
10318{
10319	struct scsi_inquiry *cdb;
10320	int retval;
10321
10322	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10323
10324	cdb = (struct scsi_inquiry *)ctsio->cdb;
10325	if (cdb->byte2 & SI_EVPD)
10326		retval = ctl_inquiry_evpd(ctsio);
10327	else if (cdb->page_code == 0)
10328		retval = ctl_inquiry_std(ctsio);
10329	else {
10330		ctl_set_invalid_field(ctsio,
10331				      /*sks_valid*/ 1,
10332				      /*command*/ 1,
10333				      /*field*/ 2,
10334				      /*bit_valid*/ 0,
10335				      /*bit*/ 0);
10336		ctl_done((union ctl_io *)ctsio);
10337		return (CTL_RETVAL_COMPLETE);
10338	}
10339
10340	return (retval);
10341}
10342
10343int
10344ctl_get_config(struct ctl_scsiio *ctsio)
10345{
10346	struct scsi_get_config_header *hdr;
10347	struct scsi_get_config_feature *feature;
10348	struct scsi_get_config *cdb;
10349	struct ctl_lun *lun;
10350	uint32_t alloc_len, data_len;
10351	int rt, starting;
10352
10353	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10354	cdb = (struct scsi_get_config *)ctsio->cdb;
10355	rt = (cdb->rt & SGC_RT_MASK);
10356	starting = scsi_2btoul(cdb->starting_feature);
10357	alloc_len = scsi_2btoul(cdb->length);
10358
10359	data_len = sizeof(struct scsi_get_config_header) +
10360	    sizeof(struct scsi_get_config_feature) + 8 +
10361	    sizeof(struct scsi_get_config_feature) + 8 +
10362	    sizeof(struct scsi_get_config_feature) + 4 +
10363	    sizeof(struct scsi_get_config_feature) + 4 +
10364	    sizeof(struct scsi_get_config_feature) + 8 +
10365	    sizeof(struct scsi_get_config_feature) +
10366	    sizeof(struct scsi_get_config_feature) + 4 +
10367	    sizeof(struct scsi_get_config_feature) + 4 +
10368	    sizeof(struct scsi_get_config_feature) + 4 +
10369	    sizeof(struct scsi_get_config_feature) + 4 +
10370	    sizeof(struct scsi_get_config_feature) + 4 +
10371	    sizeof(struct scsi_get_config_feature) + 4;
10372	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10373	ctsio->kern_sg_entries = 0;
10374	ctsio->kern_data_resid = 0;
10375	ctsio->kern_rel_offset = 0;
10376
10377	hdr = (struct scsi_get_config_header *)ctsio->kern_data_ptr;
10378	if (lun->flags & CTL_LUN_NO_MEDIA)
10379		scsi_ulto2b(0x0000, hdr->current_profile);
10380	else
10381		scsi_ulto2b(0x0010, hdr->current_profile);
10382	feature = (struct scsi_get_config_feature *)(hdr + 1);
10383
10384	if (starting > 0x003b)
10385		goto done;
10386	if (starting > 0x003a)
10387		goto f3b;
10388	if (starting > 0x002b)
10389		goto f3a;
10390	if (starting > 0x002a)
10391		goto f2b;
10392	if (starting > 0x001f)
10393		goto f2a;
10394	if (starting > 0x001e)
10395		goto f1f;
10396	if (starting > 0x001d)
10397		goto f1e;
10398	if (starting > 0x0010)
10399		goto f1d;
10400	if (starting > 0x0003)
10401		goto f10;
10402	if (starting > 0x0002)
10403		goto f3;
10404	if (starting > 0x0001)
10405		goto f2;
10406	if (starting > 0x0000)
10407		goto f1;
10408
10409	/* Profile List */
10410	scsi_ulto2b(0x0000, feature->feature_code);
10411	feature->flags = SGC_F_PERSISTENT | SGC_F_CURRENT;
10412	feature->add_length = 8;
10413	scsi_ulto2b(0x0008, &feature->feature_data[0]);	/* CD-ROM */
10414	feature->feature_data[2] = 0x00;
10415	scsi_ulto2b(0x0010, &feature->feature_data[4]);	/* DVD-ROM */
10416	feature->feature_data[6] = 0x01;
10417	feature = (struct scsi_get_config_feature *)
10418	    &feature->feature_data[feature->add_length];
10419
10420f1:	/* Core */
10421	scsi_ulto2b(0x0001, feature->feature_code);
10422	feature->flags = 0x08 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10423	feature->add_length = 8;
10424	scsi_ulto4b(0x00000000, &feature->feature_data[0]);
10425	feature->feature_data[4] = 0x03;
10426	feature = (struct scsi_get_config_feature *)
10427	    &feature->feature_data[feature->add_length];
10428
10429f2:	/* Morphing */
10430	scsi_ulto2b(0x0002, feature->feature_code);
10431	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10432	feature->add_length = 4;
10433	feature->feature_data[0] = 0x02;
10434	feature = (struct scsi_get_config_feature *)
10435	    &feature->feature_data[feature->add_length];
10436
10437f3:	/* Removable Medium */
10438	scsi_ulto2b(0x0003, feature->feature_code);
10439	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10440	feature->add_length = 4;
10441	feature->feature_data[0] = 0x39;
10442	feature = (struct scsi_get_config_feature *)
10443	    &feature->feature_data[feature->add_length];
10444
10445	if (rt == SGC_RT_CURRENT && (lun->flags & CTL_LUN_NO_MEDIA))
10446		goto done;
10447
10448f10:	/* Random Read */
10449	scsi_ulto2b(0x0010, feature->feature_code);
10450	feature->flags = 0x00;
10451	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10452		feature->flags |= SGC_F_CURRENT;
10453	feature->add_length = 8;
10454	scsi_ulto4b(lun->be_lun->blocksize, &feature->feature_data[0]);
10455	scsi_ulto2b(1, &feature->feature_data[4]);
10456	feature->feature_data[6] = 0x00;
10457	feature = (struct scsi_get_config_feature *)
10458	    &feature->feature_data[feature->add_length];
10459
10460f1d:	/* Multi-Read */
10461	scsi_ulto2b(0x001D, feature->feature_code);
10462	feature->flags = 0x00;
10463	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10464		feature->flags |= SGC_F_CURRENT;
10465	feature->add_length = 0;
10466	feature = (struct scsi_get_config_feature *)
10467	    &feature->feature_data[feature->add_length];
10468
10469f1e:	/* CD Read */
10470	scsi_ulto2b(0x001E, feature->feature_code);
10471	feature->flags = 0x00;
10472	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10473		feature->flags |= SGC_F_CURRENT;
10474	feature->add_length = 4;
10475	feature->feature_data[0] = 0x00;
10476	feature = (struct scsi_get_config_feature *)
10477	    &feature->feature_data[feature->add_length];
10478
10479f1f:	/* DVD Read */
10480	scsi_ulto2b(0x001F, feature->feature_code);
10481	feature->flags = 0x08;
10482	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10483		feature->flags |= SGC_F_CURRENT;
10484	feature->add_length = 4;
10485	feature->feature_data[0] = 0x01;
10486	feature->feature_data[2] = 0x03;
10487	feature = (struct scsi_get_config_feature *)
10488	    &feature->feature_data[feature->add_length];
10489
10490f2a:	/* DVD+RW */
10491	scsi_ulto2b(0x002A, feature->feature_code);
10492	feature->flags = 0x04;
10493	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10494		feature->flags |= SGC_F_CURRENT;
10495	feature->add_length = 4;
10496	feature->feature_data[0] = 0x00;
10497	feature->feature_data[1] = 0x00;
10498	feature = (struct scsi_get_config_feature *)
10499	    &feature->feature_data[feature->add_length];
10500
10501f2b:	/* DVD+R */
10502	scsi_ulto2b(0x002B, feature->feature_code);
10503	feature->flags = 0x00;
10504	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10505		feature->flags |= SGC_F_CURRENT;
10506	feature->add_length = 4;
10507	feature->feature_data[0] = 0x00;
10508	feature = (struct scsi_get_config_feature *)
10509	    &feature->feature_data[feature->add_length];
10510
10511f3a:	/* DVD+RW Dual Layer */
10512	scsi_ulto2b(0x003A, feature->feature_code);
10513	feature->flags = 0x00;
10514	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10515		feature->flags |= SGC_F_CURRENT;
10516	feature->add_length = 4;
10517	feature->feature_data[0] = 0x00;
10518	feature->feature_data[1] = 0x00;
10519	feature = (struct scsi_get_config_feature *)
10520	    &feature->feature_data[feature->add_length];
10521
10522f3b:	/* DVD+R Dual Layer */
10523	scsi_ulto2b(0x003B, feature->feature_code);
10524	feature->flags = 0x00;
10525	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10526		feature->flags |= SGC_F_CURRENT;
10527	feature->add_length = 4;
10528	feature->feature_data[0] = 0x00;
10529	feature = (struct scsi_get_config_feature *)
10530	    &feature->feature_data[feature->add_length];
10531
10532done:
10533	data_len = (uint8_t *)feature - (uint8_t *)hdr;
10534	if (rt == SGC_RT_SPECIFIC && data_len > 4) {
10535		feature = (struct scsi_get_config_feature *)(hdr + 1);
10536		if (scsi_2btoul(feature->feature_code) == starting)
10537			feature = (struct scsi_get_config_feature *)
10538			    &feature->feature_data[feature->add_length];
10539		data_len = (uint8_t *)feature - (uint8_t *)hdr;
10540	}
10541	scsi_ulto4b(data_len - 4, hdr->data_length);
10542	if (data_len < alloc_len) {
10543		ctsio->residual = alloc_len - data_len;
10544		ctsio->kern_data_len = data_len;
10545		ctsio->kern_total_len = data_len;
10546	} else {
10547		ctsio->residual = 0;
10548		ctsio->kern_data_len = alloc_len;
10549		ctsio->kern_total_len = alloc_len;
10550	}
10551
10552	ctl_set_success(ctsio);
10553	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10554	ctsio->be_move_done = ctl_config_move_done;
10555	ctl_datamove((union ctl_io *)ctsio);
10556	return (CTL_RETVAL_COMPLETE);
10557}
10558
10559int
10560ctl_get_event_status(struct ctl_scsiio *ctsio)
10561{
10562	struct scsi_get_event_status_header *hdr;
10563	struct scsi_get_event_status *cdb;
10564	struct ctl_lun *lun;
10565	uint32_t alloc_len, data_len;
10566	int notif_class;
10567
10568	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10569	cdb = (struct scsi_get_event_status *)ctsio->cdb;
10570	if ((cdb->byte2 & SGESN_POLLED) == 0) {
10571		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
10572		    /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
10573		ctl_done((union ctl_io *)ctsio);
10574		return (CTL_RETVAL_COMPLETE);
10575	}
10576	notif_class = cdb->notif_class;
10577	alloc_len = scsi_2btoul(cdb->length);
10578
10579	data_len = sizeof(struct scsi_get_event_status_header);
10580	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10581	ctsio->kern_sg_entries = 0;
10582	ctsio->kern_data_resid = 0;
10583	ctsio->kern_rel_offset = 0;
10584
10585	if (data_len < alloc_len) {
10586		ctsio->residual = alloc_len - data_len;
10587		ctsio->kern_data_len = data_len;
10588		ctsio->kern_total_len = data_len;
10589	} else {
10590		ctsio->residual = 0;
10591		ctsio->kern_data_len = alloc_len;
10592		ctsio->kern_total_len = alloc_len;
10593	}
10594
10595	hdr = (struct scsi_get_event_status_header *)ctsio->kern_data_ptr;
10596	scsi_ulto2b(0, hdr->descr_length);
10597	hdr->nea_class = SGESN_NEA;
10598	hdr->supported_class = 0;
10599
10600	ctl_set_success(ctsio);
10601	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10602	ctsio->be_move_done = ctl_config_move_done;
10603	ctl_datamove((union ctl_io *)ctsio);
10604	return (CTL_RETVAL_COMPLETE);
10605}
10606
10607int
10608ctl_mechanism_status(struct ctl_scsiio *ctsio)
10609{
10610	struct scsi_mechanism_status_header *hdr;
10611	struct scsi_mechanism_status *cdb;
10612	struct ctl_lun *lun;
10613	uint32_t alloc_len, data_len;
10614
10615	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10616	cdb = (struct scsi_mechanism_status *)ctsio->cdb;
10617	alloc_len = scsi_2btoul(cdb->length);
10618
10619	data_len = sizeof(struct scsi_mechanism_status_header);
10620	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10621	ctsio->kern_sg_entries = 0;
10622	ctsio->kern_data_resid = 0;
10623	ctsio->kern_rel_offset = 0;
10624
10625	if (data_len < alloc_len) {
10626		ctsio->residual = alloc_len - data_len;
10627		ctsio->kern_data_len = data_len;
10628		ctsio->kern_total_len = data_len;
10629	} else {
10630		ctsio->residual = 0;
10631		ctsio->kern_data_len = alloc_len;
10632		ctsio->kern_total_len = alloc_len;
10633	}
10634
10635	hdr = (struct scsi_mechanism_status_header *)ctsio->kern_data_ptr;
10636	hdr->state1 = 0x00;
10637	hdr->state2 = 0xe0;
10638	scsi_ulto3b(0, hdr->lba);
10639	hdr->slots_num = 0;
10640	scsi_ulto2b(0, hdr->slots_length);
10641
10642	ctl_set_success(ctsio);
10643	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10644	ctsio->be_move_done = ctl_config_move_done;
10645	ctl_datamove((union ctl_io *)ctsio);
10646	return (CTL_RETVAL_COMPLETE);
10647}
10648
10649static void
10650ctl_ultomsf(uint32_t lba, uint8_t *buf)
10651{
10652
10653	lba += 150;
10654	buf[0] = 0;
10655	buf[1] = bin2bcd((lba / 75) / 60);
10656	buf[2] = bin2bcd((lba / 75) % 60);
10657	buf[3] = bin2bcd(lba % 75);
10658}
10659
10660int
10661ctl_read_toc(struct ctl_scsiio *ctsio)
10662{
10663	struct scsi_read_toc_hdr *hdr;
10664	struct scsi_read_toc_type01_descr *descr;
10665	struct scsi_read_toc *cdb;
10666	struct ctl_lun *lun;
10667	uint32_t alloc_len, data_len;
10668	int format, msf;
10669
10670	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10671	cdb = (struct scsi_read_toc *)ctsio->cdb;
10672	msf = (cdb->byte2 & CD_MSF) != 0;
10673	format = cdb->format;
10674	alloc_len = scsi_2btoul(cdb->data_len);
10675
10676	data_len = sizeof(struct scsi_read_toc_hdr);
10677	if (format == 0)
10678		data_len += 2 * sizeof(struct scsi_read_toc_type01_descr);
10679	else
10680		data_len += sizeof(struct scsi_read_toc_type01_descr);
10681	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10682	ctsio->kern_sg_entries = 0;
10683	ctsio->kern_data_resid = 0;
10684	ctsio->kern_rel_offset = 0;
10685
10686	if (data_len < alloc_len) {
10687		ctsio->residual = alloc_len - data_len;
10688		ctsio->kern_data_len = data_len;
10689		ctsio->kern_total_len = data_len;
10690	} else {
10691		ctsio->residual = 0;
10692		ctsio->kern_data_len = alloc_len;
10693		ctsio->kern_total_len = alloc_len;
10694	}
10695
10696	hdr = (struct scsi_read_toc_hdr *)ctsio->kern_data_ptr;
10697	if (format == 0) {
10698		scsi_ulto2b(0x12, hdr->data_length);
10699		hdr->first = 1;
10700		hdr->last = 1;
10701		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10702		descr->addr_ctl = 0x14;
10703		descr->track_number = 1;
10704		if (msf)
10705			ctl_ultomsf(0, descr->track_start);
10706		else
10707			scsi_ulto4b(0, descr->track_start);
10708		descr++;
10709		descr->addr_ctl = 0x14;
10710		descr->track_number = 0xaa;
10711		if (msf)
10712			ctl_ultomsf(lun->be_lun->maxlba+1, descr->track_start);
10713		else
10714			scsi_ulto4b(lun->be_lun->maxlba+1, descr->track_start);
10715	} else {
10716		scsi_ulto2b(0x0a, hdr->data_length);
10717		hdr->first = 1;
10718		hdr->last = 1;
10719		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10720		descr->addr_ctl = 0x14;
10721		descr->track_number = 1;
10722		if (msf)
10723			ctl_ultomsf(0, descr->track_start);
10724		else
10725			scsi_ulto4b(0, descr->track_start);
10726	}
10727
10728	ctl_set_success(ctsio);
10729	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10730	ctsio->be_move_done = ctl_config_move_done;
10731	ctl_datamove((union ctl_io *)ctsio);
10732	return (CTL_RETVAL_COMPLETE);
10733}
10734
10735/*
10736 * For known CDB types, parse the LBA and length.
10737 */
10738static int
10739ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10740{
10741	if (io->io_hdr.io_type != CTL_IO_SCSI)
10742		return (1);
10743
10744	switch (io->scsiio.cdb[0]) {
10745	case COMPARE_AND_WRITE: {
10746		struct scsi_compare_and_write *cdb;
10747
10748		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10749
10750		*lba = scsi_8btou64(cdb->addr);
10751		*len = cdb->length;
10752		break;
10753	}
10754	case READ_6:
10755	case WRITE_6: {
10756		struct scsi_rw_6 *cdb;
10757
10758		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10759
10760		*lba = scsi_3btoul(cdb->addr);
10761		/* only 5 bits are valid in the most significant address byte */
10762		*lba &= 0x1fffff;
10763		*len = cdb->length;
10764		break;
10765	}
10766	case READ_10:
10767	case WRITE_10: {
10768		struct scsi_rw_10 *cdb;
10769
10770		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10771
10772		*lba = scsi_4btoul(cdb->addr);
10773		*len = scsi_2btoul(cdb->length);
10774		break;
10775	}
10776	case WRITE_VERIFY_10: {
10777		struct scsi_write_verify_10 *cdb;
10778
10779		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10780
10781		*lba = scsi_4btoul(cdb->addr);
10782		*len = scsi_2btoul(cdb->length);
10783		break;
10784	}
10785	case READ_12:
10786	case WRITE_12: {
10787		struct scsi_rw_12 *cdb;
10788
10789		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10790
10791		*lba = scsi_4btoul(cdb->addr);
10792		*len = scsi_4btoul(cdb->length);
10793		break;
10794	}
10795	case WRITE_VERIFY_12: {
10796		struct scsi_write_verify_12 *cdb;
10797
10798		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10799
10800		*lba = scsi_4btoul(cdb->addr);
10801		*len = scsi_4btoul(cdb->length);
10802		break;
10803	}
10804	case READ_16:
10805	case WRITE_16: {
10806		struct scsi_rw_16 *cdb;
10807
10808		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10809
10810		*lba = scsi_8btou64(cdb->addr);
10811		*len = scsi_4btoul(cdb->length);
10812		break;
10813	}
10814	case WRITE_ATOMIC_16: {
10815		struct scsi_write_atomic_16 *cdb;
10816
10817		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10818
10819		*lba = scsi_8btou64(cdb->addr);
10820		*len = scsi_2btoul(cdb->length);
10821		break;
10822	}
10823	case WRITE_VERIFY_16: {
10824		struct scsi_write_verify_16 *cdb;
10825
10826		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10827
10828		*lba = scsi_8btou64(cdb->addr);
10829		*len = scsi_4btoul(cdb->length);
10830		break;
10831	}
10832	case WRITE_SAME_10: {
10833		struct scsi_write_same_10 *cdb;
10834
10835		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10836
10837		*lba = scsi_4btoul(cdb->addr);
10838		*len = scsi_2btoul(cdb->length);
10839		break;
10840	}
10841	case WRITE_SAME_16: {
10842		struct scsi_write_same_16 *cdb;
10843
10844		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10845
10846		*lba = scsi_8btou64(cdb->addr);
10847		*len = scsi_4btoul(cdb->length);
10848		break;
10849	}
10850	case VERIFY_10: {
10851		struct scsi_verify_10 *cdb;
10852
10853		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10854
10855		*lba = scsi_4btoul(cdb->addr);
10856		*len = scsi_2btoul(cdb->length);
10857		break;
10858	}
10859	case VERIFY_12: {
10860		struct scsi_verify_12 *cdb;
10861
10862		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10863
10864		*lba = scsi_4btoul(cdb->addr);
10865		*len = scsi_4btoul(cdb->length);
10866		break;
10867	}
10868	case VERIFY_16: {
10869		struct scsi_verify_16 *cdb;
10870
10871		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10872
10873		*lba = scsi_8btou64(cdb->addr);
10874		*len = scsi_4btoul(cdb->length);
10875		break;
10876	}
10877	case UNMAP: {
10878		*lba = 0;
10879		*len = UINT64_MAX;
10880		break;
10881	}
10882	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10883		struct scsi_get_lba_status *cdb;
10884
10885		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10886		*lba = scsi_8btou64(cdb->addr);
10887		*len = UINT32_MAX;
10888		break;
10889	}
10890	default:
10891		return (1);
10892		break; /* NOTREACHED */
10893	}
10894
10895	return (0);
10896}
10897
10898static ctl_action
10899ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10900    bool seq)
10901{
10902	uint64_t endlba1, endlba2;
10903
10904	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10905	endlba2 = lba2 + len2 - 1;
10906
10907	if ((endlba1 < lba2) || (endlba2 < lba1))
10908		return (CTL_ACTION_PASS);
10909	else
10910		return (CTL_ACTION_BLOCK);
10911}
10912
10913static int
10914ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10915{
10916	struct ctl_ptr_len_flags *ptrlen;
10917	struct scsi_unmap_desc *buf, *end, *range;
10918	uint64_t lba;
10919	uint32_t len;
10920
10921	/* If not UNMAP -- go other way. */
10922	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10923	    io->scsiio.cdb[0] != UNMAP)
10924		return (CTL_ACTION_ERROR);
10925
10926	/* If UNMAP without data -- block and wait for data. */
10927	ptrlen = (struct ctl_ptr_len_flags *)
10928	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10929	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10930	    ptrlen->ptr == NULL)
10931		return (CTL_ACTION_BLOCK);
10932
10933	/* UNMAP with data -- check for collision. */
10934	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10935	end = buf + ptrlen->len / sizeof(*buf);
10936	for (range = buf; range < end; range++) {
10937		lba = scsi_8btou64(range->lba);
10938		len = scsi_4btoul(range->length);
10939		if ((lba < lba2 + len2) && (lba + len > lba2))
10940			return (CTL_ACTION_BLOCK);
10941	}
10942	return (CTL_ACTION_PASS);
10943}
10944
10945static ctl_action
10946ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10947{
10948	uint64_t lba1, lba2;
10949	uint64_t len1, len2;
10950	int retval;
10951
10952	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10953		return (CTL_ACTION_ERROR);
10954
10955	retval = ctl_extent_check_unmap(io1, lba2, len2);
10956	if (retval != CTL_ACTION_ERROR)
10957		return (retval);
10958
10959	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10960		return (CTL_ACTION_ERROR);
10961
10962	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10963		seq = FALSE;
10964	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10965}
10966
10967static ctl_action
10968ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10969{
10970	uint64_t lba1, lba2;
10971	uint64_t len1, len2;
10972
10973	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10974		return (CTL_ACTION_PASS);
10975	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10976		return (CTL_ACTION_ERROR);
10977	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10978		return (CTL_ACTION_ERROR);
10979
10980	if (lba1 + len1 == lba2)
10981		return (CTL_ACTION_BLOCK);
10982	return (CTL_ACTION_PASS);
10983}
10984
10985static ctl_action
10986ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10987    union ctl_io *ooa_io)
10988{
10989	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10990	const ctl_serialize_action *serialize_row;
10991
10992	/*
10993	 * The initiator attempted multiple untagged commands at the same
10994	 * time.  Can't do that.
10995	 */
10996	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10997	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10998	 && ((pending_io->io_hdr.nexus.targ_port ==
10999	      ooa_io->io_hdr.nexus.targ_port)
11000	  && (pending_io->io_hdr.nexus.initid ==
11001	      ooa_io->io_hdr.nexus.initid))
11002	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
11003	      CTL_FLAG_STATUS_SENT)) == 0))
11004		return (CTL_ACTION_OVERLAP);
11005
11006	/*
11007	 * The initiator attempted to send multiple tagged commands with
11008	 * the same ID.  (It's fine if different initiators have the same
11009	 * tag ID.)
11010	 *
11011	 * Even if all of those conditions are true, we don't kill the I/O
11012	 * if the command ahead of us has been aborted.  We won't end up
11013	 * sending it to the FETD, and it's perfectly legal to resend a
11014	 * command with the same tag number as long as the previous
11015	 * instance of this tag number has been aborted somehow.
11016	 */
11017	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
11018	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
11019	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
11020	 && ((pending_io->io_hdr.nexus.targ_port ==
11021	      ooa_io->io_hdr.nexus.targ_port)
11022	  && (pending_io->io_hdr.nexus.initid ==
11023	      ooa_io->io_hdr.nexus.initid))
11024	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
11025	      CTL_FLAG_STATUS_SENT)) == 0))
11026		return (CTL_ACTION_OVERLAP_TAG);
11027
11028	/*
11029	 * If we get a head of queue tag, SAM-3 says that we should
11030	 * immediately execute it.
11031	 *
11032	 * What happens if this command would normally block for some other
11033	 * reason?  e.g. a request sense with a head of queue tag
11034	 * immediately after a write.  Normally that would block, but this
11035	 * will result in its getting executed immediately...
11036	 *
11037	 * We currently return "pass" instead of "skip", so we'll end up
11038	 * going through the rest of the queue to check for overlapped tags.
11039	 *
11040	 * XXX KDM check for other types of blockage first??
11041	 */
11042	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11043		return (CTL_ACTION_PASS);
11044
11045	/*
11046	 * Ordered tags have to block until all items ahead of them
11047	 * have completed.  If we get called with an ordered tag, we always
11048	 * block, if something else is ahead of us in the queue.
11049	 */
11050	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
11051		return (CTL_ACTION_BLOCK);
11052
11053	/*
11054	 * Simple tags get blocked until all head of queue and ordered tags
11055	 * ahead of them have completed.  I'm lumping untagged commands in
11056	 * with simple tags here.  XXX KDM is that the right thing to do?
11057	 */
11058	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11059	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
11060	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11061	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
11062		return (CTL_ACTION_BLOCK);
11063
11064	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
11065	KASSERT(pending_entry->seridx < CTL_SERIDX_COUNT,
11066	    ("%s: Invalid seridx %d for pending CDB %02x %02x @ %p",
11067	     __func__, pending_entry->seridx, pending_io->scsiio.cdb[0],
11068	     pending_io->scsiio.cdb[1], pending_io));
11069	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
11070	if (ooa_entry->seridx == CTL_SERIDX_INVLD)
11071		return (CTL_ACTION_PASS); /* Unsupported command in OOA queue */
11072	KASSERT(ooa_entry->seridx < CTL_SERIDX_COUNT,
11073	    ("%s: Invalid seridx %d for ooa CDB %02x %02x @ %p",
11074	     __func__, ooa_entry->seridx, ooa_io->scsiio.cdb[0],
11075	     ooa_io->scsiio.cdb[1], ooa_io));
11076
11077	serialize_row = ctl_serialize_table[ooa_entry->seridx];
11078
11079	switch (serialize_row[pending_entry->seridx]) {
11080	case CTL_SER_BLOCK:
11081		return (CTL_ACTION_BLOCK);
11082	case CTL_SER_EXTENT:
11083		return (ctl_extent_check(ooa_io, pending_io,
11084		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
11085	case CTL_SER_EXTENTOPT:
11086		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
11087		    SCP_QUEUE_ALG_UNRESTRICTED)
11088			return (ctl_extent_check(ooa_io, pending_io,
11089			    (lun->be_lun &&
11090			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
11091		return (CTL_ACTION_PASS);
11092	case CTL_SER_EXTENTSEQ:
11093		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
11094			return (ctl_extent_check_seq(ooa_io, pending_io));
11095		return (CTL_ACTION_PASS);
11096	case CTL_SER_PASS:
11097		return (CTL_ACTION_PASS);
11098	case CTL_SER_BLOCKOPT:
11099		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
11100		    SCP_QUEUE_ALG_UNRESTRICTED)
11101			return (CTL_ACTION_BLOCK);
11102		return (CTL_ACTION_PASS);
11103	case CTL_SER_SKIP:
11104		return (CTL_ACTION_SKIP);
11105	default:
11106		panic("%s: Invalid serialization value %d for %d => %d",
11107		    __func__, serialize_row[pending_entry->seridx],
11108		    pending_entry->seridx, ooa_entry->seridx);
11109	}
11110
11111	return (CTL_ACTION_ERROR);
11112}
11113
11114/*
11115 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
11116 * Assumptions:
11117 * - pending_io is generally either incoming, or on the blocked queue
11118 * - starting I/O is the I/O we want to start the check with.
11119 */
11120static ctl_action
11121ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
11122	      union ctl_io *starting_io)
11123{
11124	union ctl_io *ooa_io;
11125	ctl_action action;
11126
11127	mtx_assert(&lun->lun_lock, MA_OWNED);
11128
11129	/*
11130	 * Run back along the OOA queue, starting with the current
11131	 * blocked I/O and going through every I/O before it on the
11132	 * queue.  If starting_io is NULL, we'll just end up returning
11133	 * CTL_ACTION_PASS.
11134	 */
11135	for (ooa_io = starting_io; ooa_io != NULL;
11136	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11137	     ooa_links)){
11138
11139		/*
11140		 * This routine just checks to see whether
11141		 * cur_blocked is blocked by ooa_io, which is ahead
11142		 * of it in the queue.  It doesn't queue/dequeue
11143		 * cur_blocked.
11144		 */
11145		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11146		switch (action) {
11147		case CTL_ACTION_BLOCK:
11148		case CTL_ACTION_OVERLAP:
11149		case CTL_ACTION_OVERLAP_TAG:
11150		case CTL_ACTION_SKIP:
11151		case CTL_ACTION_ERROR:
11152			return (action);
11153			break; /* NOTREACHED */
11154		case CTL_ACTION_PASS:
11155			break;
11156		default:
11157			panic("%s: Invalid action %d\n", __func__, action);
11158		}
11159	}
11160
11161	return (CTL_ACTION_PASS);
11162}
11163
11164/*
11165 * Assumptions:
11166 * - An I/O has just completed, and has been removed from the per-LUN OOA
11167 *   queue, so some items on the blocked queue may now be unblocked.
11168 */
11169static int
11170ctl_check_blocked(struct ctl_lun *lun)
11171{
11172	struct ctl_softc *softc = lun->ctl_softc;
11173	union ctl_io *cur_blocked, *next_blocked;
11174
11175	mtx_assert(&lun->lun_lock, MA_OWNED);
11176
11177	/*
11178	 * Run forward from the head of the blocked queue, checking each
11179	 * entry against the I/Os prior to it on the OOA queue to see if
11180	 * there is still any blockage.
11181	 *
11182	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11183	 * with our removing a variable on it while it is traversing the
11184	 * list.
11185	 */
11186	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11187	     cur_blocked != NULL; cur_blocked = next_blocked) {
11188		union ctl_io *prev_ooa;
11189		ctl_action action;
11190
11191		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11192							  blocked_links);
11193
11194		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11195						      ctl_ooaq, ooa_links);
11196
11197		/*
11198		 * If cur_blocked happens to be the first item in the OOA
11199		 * queue now, prev_ooa will be NULL, and the action
11200		 * returned will just be CTL_ACTION_PASS.
11201		 */
11202		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11203
11204		switch (action) {
11205		case CTL_ACTION_BLOCK:
11206			/* Nothing to do here, still blocked */
11207			break;
11208		case CTL_ACTION_OVERLAP:
11209		case CTL_ACTION_OVERLAP_TAG:
11210			/*
11211			 * This shouldn't happen!  In theory we've already
11212			 * checked this command for overlap...
11213			 */
11214			break;
11215		case CTL_ACTION_PASS:
11216		case CTL_ACTION_SKIP: {
11217			const struct ctl_cmd_entry *entry;
11218
11219			/*
11220			 * The skip case shouldn't happen, this transaction
11221			 * should have never made it onto the blocked queue.
11222			 */
11223			/*
11224			 * This I/O is no longer blocked, we can remove it
11225			 * from the blocked queue.  Since this is a TAILQ
11226			 * (doubly linked list), we can do O(1) removals
11227			 * from any place on the list.
11228			 */
11229			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11230				     blocked_links);
11231			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11232
11233			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11234			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11235				/*
11236				 * Need to send IO back to original side to
11237				 * run
11238				 */
11239				union ctl_ha_msg msg_info;
11240
11241				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11242				msg_info.hdr.original_sc =
11243					cur_blocked->io_hdr.original_sc;
11244				msg_info.hdr.serializing_sc = cur_blocked;
11245				msg_info.hdr.msg_type = CTL_MSG_R2R;
11246				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11247				    sizeof(msg_info.hdr), M_NOWAIT);
11248				break;
11249			}
11250			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11251
11252			/*
11253			 * Check this I/O for LUN state changes that may
11254			 * have happened while this command was blocked.
11255			 * The LUN state may have been changed by a command
11256			 * ahead of us in the queue, so we need to re-check
11257			 * for any states that can be caused by SCSI
11258			 * commands.
11259			 */
11260			if (ctl_scsiio_lun_check(lun, entry,
11261						 &cur_blocked->scsiio) == 0) {
11262				cur_blocked->io_hdr.flags |=
11263				                      CTL_FLAG_IS_WAS_ON_RTR;
11264				ctl_enqueue_rtr(cur_blocked);
11265			} else
11266				ctl_done(cur_blocked);
11267			break;
11268		}
11269		default:
11270			/*
11271			 * This probably shouldn't happen -- we shouldn't
11272			 * get CTL_ACTION_ERROR, or anything else.
11273			 */
11274			break;
11275		}
11276	}
11277
11278	return (CTL_RETVAL_COMPLETE);
11279}
11280
11281/*
11282 * This routine (with one exception) checks LUN flags that can be set by
11283 * commands ahead of us in the OOA queue.  These flags have to be checked
11284 * when a command initially comes in, and when we pull a command off the
11285 * blocked queue and are preparing to execute it.  The reason we have to
11286 * check these flags for commands on the blocked queue is that the LUN
11287 * state may have been changed by a command ahead of us while we're on the
11288 * blocked queue.
11289 *
11290 * Ordering is somewhat important with these checks, so please pay
11291 * careful attention to the placement of any new checks.
11292 */
11293static int
11294ctl_scsiio_lun_check(struct ctl_lun *lun,
11295    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11296{
11297	struct ctl_softc *softc = lun->ctl_softc;
11298	int retval;
11299	uint32_t residx;
11300
11301	retval = 0;
11302
11303	mtx_assert(&lun->lun_lock, MA_OWNED);
11304
11305	/*
11306	 * If this shelf is a secondary shelf controller, we may have to
11307	 * reject some commands disallowed by HA mode and link state.
11308	 */
11309	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11310		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11311		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11312			ctl_set_lun_unavail(ctsio);
11313			retval = 1;
11314			goto bailout;
11315		}
11316		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11317		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11318			ctl_set_lun_transit(ctsio);
11319			retval = 1;
11320			goto bailout;
11321		}
11322		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11323		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11324			ctl_set_lun_standby(ctsio);
11325			retval = 1;
11326			goto bailout;
11327		}
11328
11329		/* The rest of checks are only done on executing side */
11330		if (softc->ha_mode == CTL_HA_MODE_XFER)
11331			goto bailout;
11332	}
11333
11334	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11335		if (lun->be_lun &&
11336		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11337			ctl_set_hw_write_protected(ctsio);
11338			retval = 1;
11339			goto bailout;
11340		}
11341		if ((lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0) {
11342			ctl_set_sense(ctsio, /*current_error*/ 1,
11343			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11344			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11345			retval = 1;
11346			goto bailout;
11347		}
11348	}
11349
11350	/*
11351	 * Check for a reservation conflict.  If this command isn't allowed
11352	 * even on reserved LUNs, and if this initiator isn't the one who
11353	 * reserved us, reject the command with a reservation conflict.
11354	 */
11355	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11356	if ((lun->flags & CTL_LUN_RESERVED)
11357	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11358		if (lun->res_idx != residx) {
11359			ctl_set_reservation_conflict(ctsio);
11360			retval = 1;
11361			goto bailout;
11362		}
11363	}
11364
11365	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11366	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11367		/* No reservation or command is allowed. */;
11368	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11369	    (lun->pr_res_type == SPR_TYPE_WR_EX ||
11370	     lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
11371	     lun->pr_res_type == SPR_TYPE_WR_EX_AR)) {
11372		/* The command is allowed for Write Exclusive resv. */;
11373	} else {
11374		/*
11375		 * if we aren't registered or it's a res holder type
11376		 * reservation and this isn't the res holder then set a
11377		 * conflict.
11378		 */
11379		if (ctl_get_prkey(lun, residx) == 0 ||
11380		    (residx != lun->pr_res_idx && lun->pr_res_type < 4)) {
11381			ctl_set_reservation_conflict(ctsio);
11382			retval = 1;
11383			goto bailout;
11384		}
11385	}
11386
11387	if ((entry->flags & CTL_CMD_FLAG_OK_ON_NO_MEDIA) == 0) {
11388		if (lun->flags & CTL_LUN_EJECTED)
11389			ctl_set_lun_ejected(ctsio);
11390		else if (lun->flags & CTL_LUN_NO_MEDIA) {
11391			if (lun->flags & CTL_LUN_REMOVABLE)
11392				ctl_set_lun_no_media(ctsio);
11393			else
11394				ctl_set_lun_int_reqd(ctsio);
11395		} else if (lun->flags & CTL_LUN_STOPPED)
11396			ctl_set_lun_stopped(ctsio);
11397		else
11398			goto bailout;
11399		retval = 1;
11400		goto bailout;
11401	}
11402
11403bailout:
11404	return (retval);
11405}
11406
11407static void
11408ctl_failover_io(union ctl_io *io, int have_lock)
11409{
11410	ctl_set_busy(&io->scsiio);
11411	ctl_done(io);
11412}
11413
11414static void
11415ctl_failover_lun(union ctl_io *rio)
11416{
11417	struct ctl_softc *softc = control_softc;
11418	struct ctl_lun *lun;
11419	struct ctl_io_hdr *io, *next_io;
11420	uint32_t targ_lun;
11421
11422	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
11423	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
11424
11425	/* Find and lock the LUN. */
11426	mtx_lock(&softc->ctl_lock);
11427	if ((targ_lun < CTL_MAX_LUNS) &&
11428	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11429		mtx_lock(&lun->lun_lock);
11430		mtx_unlock(&softc->ctl_lock);
11431		if (lun->flags & CTL_LUN_DISABLED) {
11432			mtx_unlock(&lun->lun_lock);
11433			return;
11434		}
11435	} else {
11436		mtx_unlock(&softc->ctl_lock);
11437		return;
11438	}
11439
11440	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11441		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11442			/* We are master */
11443			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11444				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11445					io->flags |= CTL_FLAG_ABORT;
11446					io->flags |= CTL_FLAG_FAILOVER;
11447				} else { /* This can be only due to DATAMOVE */
11448					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11449					io->flags &= ~CTL_FLAG_DMA_INPROG;
11450					io->flags |= CTL_FLAG_IO_ACTIVE;
11451					io->port_status = 31340;
11452					ctl_enqueue_isc((union ctl_io *)io);
11453				}
11454			}
11455			/* We are slave */
11456			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11457				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11458				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11459					io->flags |= CTL_FLAG_FAILOVER;
11460				} else {
11461					ctl_set_busy(&((union ctl_io *)io)->
11462					    scsiio);
11463					ctl_done((union ctl_io *)io);
11464				}
11465			}
11466		}
11467	} else { /* SERIALIZE modes */
11468		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11469		    next_io) {
11470			/* We are master */
11471			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11472				TAILQ_REMOVE(&lun->blocked_queue, io,
11473				    blocked_links);
11474				io->flags &= ~CTL_FLAG_BLOCKED;
11475				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11476				ctl_free_io((union ctl_io *)io);
11477			}
11478		}
11479		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11480			/* We are master */
11481			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11482				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11483				ctl_free_io((union ctl_io *)io);
11484			}
11485			/* We are slave */
11486			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11487				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11488				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11489					ctl_set_busy(&((union ctl_io *)io)->
11490					    scsiio);
11491					ctl_done((union ctl_io *)io);
11492				}
11493			}
11494		}
11495		ctl_check_blocked(lun);
11496	}
11497	mtx_unlock(&lun->lun_lock);
11498}
11499
11500static int
11501ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11502{
11503	struct ctl_lun *lun;
11504	const struct ctl_cmd_entry *entry;
11505	uint32_t initidx, targ_lun;
11506	int retval;
11507
11508	retval = 0;
11509
11510	lun = NULL;
11511
11512	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11513	if ((targ_lun < CTL_MAX_LUNS)
11514	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11515		/*
11516		 * If the LUN is invalid, pretend that it doesn't exist.
11517		 * It will go away as soon as all pending I/O has been
11518		 * completed.
11519		 */
11520		mtx_lock(&lun->lun_lock);
11521		if (lun->flags & CTL_LUN_DISABLED) {
11522			mtx_unlock(&lun->lun_lock);
11523			lun = NULL;
11524			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11525			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11526		} else {
11527			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11528			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11529				lun->be_lun;
11530
11531			/*
11532			 * Every I/O goes into the OOA queue for a
11533			 * particular LUN, and stays there until completion.
11534			 */
11535#ifdef CTL_TIME_IO
11536			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11537				lun->idle_time += getsbinuptime() -
11538				    lun->last_busy;
11539			}
11540#endif
11541			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11542			    ooa_links);
11543		}
11544	} else {
11545		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11546		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11547	}
11548
11549	/* Get command entry and return error if it is unsuppotyed. */
11550	entry = ctl_validate_command(ctsio);
11551	if (entry == NULL) {
11552		if (lun)
11553			mtx_unlock(&lun->lun_lock);
11554		return (retval);
11555	}
11556
11557	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11558	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11559
11560	/*
11561	 * Check to see whether we can send this command to LUNs that don't
11562	 * exist.  This should pretty much only be the case for inquiry
11563	 * and request sense.  Further checks, below, really require having
11564	 * a LUN, so we can't really check the command anymore.  Just put
11565	 * it on the rtr queue.
11566	 */
11567	if (lun == NULL) {
11568		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11569			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11570			ctl_enqueue_rtr((union ctl_io *)ctsio);
11571			return (retval);
11572		}
11573
11574		ctl_set_unsupported_lun(ctsio);
11575		ctl_done((union ctl_io *)ctsio);
11576		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11577		return (retval);
11578	} else {
11579		/*
11580		 * Make sure we support this particular command on this LUN.
11581		 * e.g., we don't support writes to the control LUN.
11582		 */
11583		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11584			mtx_unlock(&lun->lun_lock);
11585			ctl_set_invalid_opcode(ctsio);
11586			ctl_done((union ctl_io *)ctsio);
11587			return (retval);
11588		}
11589	}
11590
11591	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11592
11593#ifdef CTL_WITH_CA
11594	/*
11595	 * If we've got a request sense, it'll clear the contingent
11596	 * allegiance condition.  Otherwise, if we have a CA condition for
11597	 * this initiator, clear it, because it sent down a command other
11598	 * than request sense.
11599	 */
11600	if ((ctsio->cdb[0] != REQUEST_SENSE)
11601	 && (ctl_is_set(lun->have_ca, initidx)))
11602		ctl_clear_mask(lun->have_ca, initidx);
11603#endif
11604
11605	/*
11606	 * If the command has this flag set, it handles its own unit
11607	 * attention reporting, we shouldn't do anything.  Otherwise we
11608	 * check for any pending unit attentions, and send them back to the
11609	 * initiator.  We only do this when a command initially comes in,
11610	 * not when we pull it off the blocked queue.
11611	 *
11612	 * According to SAM-3, section 5.3.2, the order that things get
11613	 * presented back to the host is basically unit attentions caused
11614	 * by some sort of reset event, busy status, reservation conflicts
11615	 * or task set full, and finally any other status.
11616	 *
11617	 * One issue here is that some of the unit attentions we report
11618	 * don't fall into the "reset" category (e.g. "reported luns data
11619	 * has changed").  So reporting it here, before the reservation
11620	 * check, may be technically wrong.  I guess the only thing to do
11621	 * would be to check for and report the reset events here, and then
11622	 * check for the other unit attention types after we check for a
11623	 * reservation conflict.
11624	 *
11625	 * XXX KDM need to fix this
11626	 */
11627	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11628		ctl_ua_type ua_type;
11629
11630		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11631		    SSD_TYPE_NONE);
11632		if (ua_type != CTL_UA_NONE) {
11633			mtx_unlock(&lun->lun_lock);
11634			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11635			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11636			ctsio->sense_len = SSD_FULL_SIZE;
11637			ctl_done((union ctl_io *)ctsio);
11638			return (retval);
11639		}
11640	}
11641
11642
11643	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11644		mtx_unlock(&lun->lun_lock);
11645		ctl_done((union ctl_io *)ctsio);
11646		return (retval);
11647	}
11648
11649	/*
11650	 * XXX CHD this is where we want to send IO to other side if
11651	 * this LUN is secondary on this SC. We will need to make a copy
11652	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11653	 * the copy we send as FROM_OTHER.
11654	 * We also need to stuff the address of the original IO so we can
11655	 * find it easily. Something similar will need be done on the other
11656	 * side so when we are done we can find the copy.
11657	 */
11658	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11659	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11660	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11661		union ctl_ha_msg msg_info;
11662		int isc_retval;
11663
11664		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11665		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11666		mtx_unlock(&lun->lun_lock);
11667
11668		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11669		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11670		msg_info.hdr.serializing_sc = NULL;
11671		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11672		msg_info.scsi.tag_num = ctsio->tag_num;
11673		msg_info.scsi.tag_type = ctsio->tag_type;
11674		msg_info.scsi.cdb_len = ctsio->cdb_len;
11675		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11676
11677		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11678		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11679		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11680			ctl_set_busy(ctsio);
11681			ctl_done((union ctl_io *)ctsio);
11682			return (retval);
11683		}
11684		return (retval);
11685	}
11686
11687	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11688			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11689			      ctl_ooaq, ooa_links))) {
11690	case CTL_ACTION_BLOCK:
11691		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11692		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11693				  blocked_links);
11694		mtx_unlock(&lun->lun_lock);
11695		return (retval);
11696	case CTL_ACTION_PASS:
11697	case CTL_ACTION_SKIP:
11698		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11699		mtx_unlock(&lun->lun_lock);
11700		ctl_enqueue_rtr((union ctl_io *)ctsio);
11701		break;
11702	case CTL_ACTION_OVERLAP:
11703		mtx_unlock(&lun->lun_lock);
11704		ctl_set_overlapped_cmd(ctsio);
11705		ctl_done((union ctl_io *)ctsio);
11706		break;
11707	case CTL_ACTION_OVERLAP_TAG:
11708		mtx_unlock(&lun->lun_lock);
11709		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11710		ctl_done((union ctl_io *)ctsio);
11711		break;
11712	case CTL_ACTION_ERROR:
11713	default:
11714		mtx_unlock(&lun->lun_lock);
11715		ctl_set_internal_failure(ctsio,
11716					 /*sks_valid*/ 0,
11717					 /*retry_count*/ 0);
11718		ctl_done((union ctl_io *)ctsio);
11719		break;
11720	}
11721	return (retval);
11722}
11723
11724const struct ctl_cmd_entry *
11725ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11726{
11727	const struct ctl_cmd_entry *entry;
11728	int service_action;
11729
11730	entry = &ctl_cmd_table[ctsio->cdb[0]];
11731	if (sa)
11732		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11733	if (entry->flags & CTL_CMD_FLAG_SA5) {
11734		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11735		entry = &((const struct ctl_cmd_entry *)
11736		    entry->execute)[service_action];
11737	}
11738	return (entry);
11739}
11740
11741const struct ctl_cmd_entry *
11742ctl_validate_command(struct ctl_scsiio *ctsio)
11743{
11744	const struct ctl_cmd_entry *entry;
11745	int i, sa;
11746	uint8_t diff;
11747
11748	entry = ctl_get_cmd_entry(ctsio, &sa);
11749	if (entry->execute == NULL) {
11750		if (sa)
11751			ctl_set_invalid_field(ctsio,
11752					      /*sks_valid*/ 1,
11753					      /*command*/ 1,
11754					      /*field*/ 1,
11755					      /*bit_valid*/ 1,
11756					      /*bit*/ 4);
11757		else
11758			ctl_set_invalid_opcode(ctsio);
11759		ctl_done((union ctl_io *)ctsio);
11760		return (NULL);
11761	}
11762	KASSERT(entry->length > 0,
11763	    ("Not defined length for command 0x%02x/0x%02x",
11764	     ctsio->cdb[0], ctsio->cdb[1]));
11765	for (i = 1; i < entry->length; i++) {
11766		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11767		if (diff == 0)
11768			continue;
11769		ctl_set_invalid_field(ctsio,
11770				      /*sks_valid*/ 1,
11771				      /*command*/ 1,
11772				      /*field*/ i,
11773				      /*bit_valid*/ 1,
11774				      /*bit*/ fls(diff) - 1);
11775		ctl_done((union ctl_io *)ctsio);
11776		return (NULL);
11777	}
11778	return (entry);
11779}
11780
11781static int
11782ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11783{
11784
11785	switch (lun_type) {
11786	case T_DIRECT:
11787		if ((entry->flags & CTL_CMD_FLAG_OK_ON_DIRECT) == 0)
11788			return (0);
11789		break;
11790	case T_PROCESSOR:
11791		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11792			return (0);
11793		break;
11794	case T_CDROM:
11795		if ((entry->flags & CTL_CMD_FLAG_OK_ON_CDROM) == 0)
11796			return (0);
11797		break;
11798	default:
11799		return (0);
11800	}
11801	return (1);
11802}
11803
11804static int
11805ctl_scsiio(struct ctl_scsiio *ctsio)
11806{
11807	int retval;
11808	const struct ctl_cmd_entry *entry;
11809
11810	retval = CTL_RETVAL_COMPLETE;
11811
11812	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11813
11814	entry = ctl_get_cmd_entry(ctsio, NULL);
11815
11816	/*
11817	 * If this I/O has been aborted, just send it straight to
11818	 * ctl_done() without executing it.
11819	 */
11820	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11821		ctl_done((union ctl_io *)ctsio);
11822		goto bailout;
11823	}
11824
11825	/*
11826	 * All the checks should have been handled by ctl_scsiio_precheck().
11827	 * We should be clear now to just execute the I/O.
11828	 */
11829	retval = entry->execute(ctsio);
11830
11831bailout:
11832	return (retval);
11833}
11834
11835/*
11836 * Since we only implement one target right now, a bus reset simply resets
11837 * our single target.
11838 */
11839static int
11840ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11841{
11842	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11843}
11844
11845static int
11846ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11847		 ctl_ua_type ua_type)
11848{
11849	struct ctl_port *port;
11850	struct ctl_lun *lun;
11851	int retval;
11852
11853	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11854		union ctl_ha_msg msg_info;
11855
11856		msg_info.hdr.nexus = io->io_hdr.nexus;
11857		if (ua_type==CTL_UA_TARG_RESET)
11858			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11859		else
11860			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11861		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11862		msg_info.hdr.original_sc = NULL;
11863		msg_info.hdr.serializing_sc = NULL;
11864		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11865		    sizeof(msg_info.task), M_WAITOK);
11866	}
11867	retval = 0;
11868
11869	mtx_lock(&softc->ctl_lock);
11870	port = ctl_io_port(&io->io_hdr);
11871	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11872		if (port != NULL &&
11873		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11874			continue;
11875		retval += ctl_do_lun_reset(lun, io, ua_type);
11876	}
11877	mtx_unlock(&softc->ctl_lock);
11878	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11879	return (retval);
11880}
11881
11882/*
11883 * The LUN should always be set.  The I/O is optional, and is used to
11884 * distinguish between I/Os sent by this initiator, and by other
11885 * initiators.  We set unit attention for initiators other than this one.
11886 * SAM-3 is vague on this point.  It does say that a unit attention should
11887 * be established for other initiators when a LUN is reset (see section
11888 * 5.7.3), but it doesn't specifically say that the unit attention should
11889 * be established for this particular initiator when a LUN is reset.  Here
11890 * is the relevant text, from SAM-3 rev 8:
11891 *
11892 * 5.7.2 When a SCSI initiator port aborts its own tasks
11893 *
11894 * When a SCSI initiator port causes its own task(s) to be aborted, no
11895 * notification that the task(s) have been aborted shall be returned to
11896 * the SCSI initiator port other than the completion response for the
11897 * command or task management function action that caused the task(s) to
11898 * be aborted and notification(s) associated with related effects of the
11899 * action (e.g., a reset unit attention condition).
11900 *
11901 * XXX KDM for now, we're setting unit attention for all initiators.
11902 */
11903static int
11904ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11905{
11906	union ctl_io *xio;
11907#if 0
11908	uint32_t initidx;
11909#endif
11910	int i;
11911
11912	mtx_lock(&lun->lun_lock);
11913	/*
11914	 * Run through the OOA queue and abort each I/O.
11915	 */
11916	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11917	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11918		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11919	}
11920
11921	/*
11922	 * This version sets unit attention for every
11923	 */
11924#if 0
11925	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11926	ctl_est_ua_all(lun, initidx, ua_type);
11927#else
11928	ctl_est_ua_all(lun, -1, ua_type);
11929#endif
11930
11931	/*
11932	 * A reset (any kind, really) clears reservations established with
11933	 * RESERVE/RELEASE.  It does not clear reservations established
11934	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11935	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11936	 * reservations made with the RESERVE/RELEASE commands, because
11937	 * those commands are obsolete in SPC-3.
11938	 */
11939	lun->flags &= ~CTL_LUN_RESERVED;
11940
11941#ifdef CTL_WITH_CA
11942	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11943		ctl_clear_mask(lun->have_ca, i);
11944#endif
11945	lun->prevent_count = 0;
11946	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11947		ctl_clear_mask(lun->prevent, i);
11948	mtx_unlock(&lun->lun_lock);
11949
11950	return (0);
11951}
11952
11953static int
11954ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11955{
11956	struct ctl_lun *lun;
11957	uint32_t targ_lun;
11958	int retval;
11959
11960	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11961	mtx_lock(&softc->ctl_lock);
11962	if ((targ_lun >= CTL_MAX_LUNS) ||
11963	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11964		mtx_unlock(&softc->ctl_lock);
11965		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11966		return (1);
11967	}
11968	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11969	mtx_unlock(&softc->ctl_lock);
11970	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11971
11972	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11973		union ctl_ha_msg msg_info;
11974
11975		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11976		msg_info.hdr.nexus = io->io_hdr.nexus;
11977		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11978		msg_info.hdr.original_sc = NULL;
11979		msg_info.hdr.serializing_sc = NULL;
11980		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11981		    sizeof(msg_info.task), M_WAITOK);
11982	}
11983	return (retval);
11984}
11985
11986static void
11987ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11988    int other_sc)
11989{
11990	union ctl_io *xio;
11991
11992	mtx_assert(&lun->lun_lock, MA_OWNED);
11993
11994	/*
11995	 * Run through the OOA queue and attempt to find the given I/O.
11996	 * The target port, initiator ID, tag type and tag number have to
11997	 * match the values that we got from the initiator.  If we have an
11998	 * untagged command to abort, simply abort the first untagged command
11999	 * we come to.  We only allow one untagged command at a time of course.
12000	 */
12001	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12002	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12003
12004		if ((targ_port == UINT32_MAX ||
12005		     targ_port == xio->io_hdr.nexus.targ_port) &&
12006		    (init_id == UINT32_MAX ||
12007		     init_id == xio->io_hdr.nexus.initid)) {
12008			if (targ_port != xio->io_hdr.nexus.targ_port ||
12009			    init_id != xio->io_hdr.nexus.initid)
12010				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
12011			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12012			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12013				union ctl_ha_msg msg_info;
12014
12015				msg_info.hdr.nexus = xio->io_hdr.nexus;
12016				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12017				msg_info.task.tag_num = xio->scsiio.tag_num;
12018				msg_info.task.tag_type = xio->scsiio.tag_type;
12019				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12020				msg_info.hdr.original_sc = NULL;
12021				msg_info.hdr.serializing_sc = NULL;
12022				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12023				    sizeof(msg_info.task), M_NOWAIT);
12024			}
12025		}
12026	}
12027}
12028
12029static int
12030ctl_abort_task_set(union ctl_io *io)
12031{
12032	struct ctl_softc *softc = control_softc;
12033	struct ctl_lun *lun;
12034	uint32_t targ_lun;
12035
12036	/*
12037	 * Look up the LUN.
12038	 */
12039	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12040	mtx_lock(&softc->ctl_lock);
12041	if ((targ_lun >= CTL_MAX_LUNS) ||
12042	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12043		mtx_unlock(&softc->ctl_lock);
12044		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12045		return (1);
12046	}
12047
12048	mtx_lock(&lun->lun_lock);
12049	mtx_unlock(&softc->ctl_lock);
12050	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12051		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12052		    io->io_hdr.nexus.initid,
12053		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12054	} else { /* CTL_TASK_CLEAR_TASK_SET */
12055		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12056		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12057	}
12058	mtx_unlock(&lun->lun_lock);
12059	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12060	return (0);
12061}
12062
12063static int
12064ctl_i_t_nexus_reset(union ctl_io *io)
12065{
12066	struct ctl_softc *softc = control_softc;
12067	struct ctl_lun *lun;
12068	uint32_t initidx;
12069
12070	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12071		union ctl_ha_msg msg_info;
12072
12073		msg_info.hdr.nexus = io->io_hdr.nexus;
12074		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
12075		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12076		msg_info.hdr.original_sc = NULL;
12077		msg_info.hdr.serializing_sc = NULL;
12078		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12079		    sizeof(msg_info.task), M_WAITOK);
12080	}
12081
12082	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12083	mtx_lock(&softc->ctl_lock);
12084	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12085		mtx_lock(&lun->lun_lock);
12086		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12087		    io->io_hdr.nexus.initid, 1);
12088#ifdef CTL_WITH_CA
12089		ctl_clear_mask(lun->have_ca, initidx);
12090#endif
12091		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
12092			lun->flags &= ~CTL_LUN_RESERVED;
12093		if (ctl_is_set(lun->prevent, initidx)) {
12094			ctl_clear_mask(lun->prevent, initidx);
12095			lun->prevent_count--;
12096		}
12097		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
12098		mtx_unlock(&lun->lun_lock);
12099	}
12100	mtx_unlock(&softc->ctl_lock);
12101	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12102	return (0);
12103}
12104
12105static int
12106ctl_abort_task(union ctl_io *io)
12107{
12108	union ctl_io *xio;
12109	struct ctl_lun *lun;
12110	struct ctl_softc *softc;
12111#if 0
12112	struct sbuf sb;
12113	char printbuf[128];
12114#endif
12115	int found;
12116	uint32_t targ_lun;
12117
12118	softc = control_softc;
12119	found = 0;
12120
12121	/*
12122	 * Look up the LUN.
12123	 */
12124	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12125	mtx_lock(&softc->ctl_lock);
12126	if ((targ_lun >= CTL_MAX_LUNS) ||
12127	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12128		mtx_unlock(&softc->ctl_lock);
12129		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12130		return (1);
12131	}
12132
12133#if 0
12134	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12135	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12136#endif
12137
12138	mtx_lock(&lun->lun_lock);
12139	mtx_unlock(&softc->ctl_lock);
12140	/*
12141	 * Run through the OOA queue and attempt to find the given I/O.
12142	 * The target port, initiator ID, tag type and tag number have to
12143	 * match the values that we got from the initiator.  If we have an
12144	 * untagged command to abort, simply abort the first untagged command
12145	 * we come to.  We only allow one untagged command at a time of course.
12146	 */
12147	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12148	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12149#if 0
12150		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12151
12152		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12153			    lun->lun, xio->scsiio.tag_num,
12154			    xio->scsiio.tag_type,
12155			    (xio->io_hdr.blocked_links.tqe_prev
12156			    == NULL) ? "" : " BLOCKED",
12157			    (xio->io_hdr.flags &
12158			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12159			    (xio->io_hdr.flags &
12160			    CTL_FLAG_ABORT) ? " ABORT" : "",
12161			    (xio->io_hdr.flags &
12162			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12163		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12164		sbuf_finish(&sb);
12165		printf("%s\n", sbuf_data(&sb));
12166#endif
12167
12168		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12169		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12170		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12171			continue;
12172
12173		/*
12174		 * If the abort says that the task is untagged, the
12175		 * task in the queue must be untagged.  Otherwise,
12176		 * we just check to see whether the tag numbers
12177		 * match.  This is because the QLogic firmware
12178		 * doesn't pass back the tag type in an abort
12179		 * request.
12180		 */
12181#if 0
12182		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12183		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12184		 || (xio->scsiio.tag_num == io->taskio.tag_num))
12185#endif
12186		/*
12187		 * XXX KDM we've got problems with FC, because it
12188		 * doesn't send down a tag type with aborts.  So we
12189		 * can only really go by the tag number...
12190		 * This may cause problems with parallel SCSI.
12191		 * Need to figure that out!!
12192		 */
12193		if (xio->scsiio.tag_num == io->taskio.tag_num) {
12194			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12195			found = 1;
12196			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
12197			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12198				union ctl_ha_msg msg_info;
12199
12200				msg_info.hdr.nexus = io->io_hdr.nexus;
12201				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12202				msg_info.task.tag_num = io->taskio.tag_num;
12203				msg_info.task.tag_type = io->taskio.tag_type;
12204				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12205				msg_info.hdr.original_sc = NULL;
12206				msg_info.hdr.serializing_sc = NULL;
12207#if 0
12208				printf("Sent Abort to other side\n");
12209#endif
12210				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12211				    sizeof(msg_info.task), M_NOWAIT);
12212			}
12213#if 0
12214			printf("ctl_abort_task: found I/O to abort\n");
12215#endif
12216		}
12217	}
12218	mtx_unlock(&lun->lun_lock);
12219
12220	if (found == 0) {
12221		/*
12222		 * This isn't really an error.  It's entirely possible for
12223		 * the abort and command completion to cross on the wire.
12224		 * This is more of an informative/diagnostic error.
12225		 */
12226#if 0
12227		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12228		       "%u:%u:%u tag %d type %d\n",
12229		       io->io_hdr.nexus.initid,
12230		       io->io_hdr.nexus.targ_port,
12231		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12232		       io->taskio.tag_type);
12233#endif
12234	}
12235	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12236	return (0);
12237}
12238
12239static int
12240ctl_query_task(union ctl_io *io, int task_set)
12241{
12242	union ctl_io *xio;
12243	struct ctl_lun *lun;
12244	struct ctl_softc *softc;
12245	int found = 0;
12246	uint32_t targ_lun;
12247
12248	softc = control_softc;
12249	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12250	mtx_lock(&softc->ctl_lock);
12251	if ((targ_lun >= CTL_MAX_LUNS) ||
12252	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12253		mtx_unlock(&softc->ctl_lock);
12254		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12255		return (1);
12256	}
12257	mtx_lock(&lun->lun_lock);
12258	mtx_unlock(&softc->ctl_lock);
12259	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12260	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12261
12262		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12263		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12264		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12265			continue;
12266
12267		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12268			found = 1;
12269			break;
12270		}
12271	}
12272	mtx_unlock(&lun->lun_lock);
12273	if (found)
12274		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12275	else
12276		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12277	return (0);
12278}
12279
12280static int
12281ctl_query_async_event(union ctl_io *io)
12282{
12283	struct ctl_lun *lun;
12284	struct ctl_softc *softc;
12285	ctl_ua_type ua;
12286	uint32_t targ_lun, initidx;
12287
12288	softc = control_softc;
12289	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12290	mtx_lock(&softc->ctl_lock);
12291	if ((targ_lun >= CTL_MAX_LUNS) ||
12292	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12293		mtx_unlock(&softc->ctl_lock);
12294		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12295		return (1);
12296	}
12297	mtx_lock(&lun->lun_lock);
12298	mtx_unlock(&softc->ctl_lock);
12299	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12300	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12301	mtx_unlock(&lun->lun_lock);
12302	if (ua != CTL_UA_NONE)
12303		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12304	else
12305		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12306	return (0);
12307}
12308
12309static void
12310ctl_run_task(union ctl_io *io)
12311{
12312	struct ctl_softc *softc = control_softc;
12313	int retval = 1;
12314
12315	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12316	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12317	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12318	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12319	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12320	switch (io->taskio.task_action) {
12321	case CTL_TASK_ABORT_TASK:
12322		retval = ctl_abort_task(io);
12323		break;
12324	case CTL_TASK_ABORT_TASK_SET:
12325	case CTL_TASK_CLEAR_TASK_SET:
12326		retval = ctl_abort_task_set(io);
12327		break;
12328	case CTL_TASK_CLEAR_ACA:
12329		break;
12330	case CTL_TASK_I_T_NEXUS_RESET:
12331		retval = ctl_i_t_nexus_reset(io);
12332		break;
12333	case CTL_TASK_LUN_RESET:
12334		retval = ctl_lun_reset(softc, io);
12335		break;
12336	case CTL_TASK_TARGET_RESET:
12337		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12338		break;
12339	case CTL_TASK_BUS_RESET:
12340		retval = ctl_bus_reset(softc, io);
12341		break;
12342	case CTL_TASK_PORT_LOGIN:
12343		break;
12344	case CTL_TASK_PORT_LOGOUT:
12345		break;
12346	case CTL_TASK_QUERY_TASK:
12347		retval = ctl_query_task(io, 0);
12348		break;
12349	case CTL_TASK_QUERY_TASK_SET:
12350		retval = ctl_query_task(io, 1);
12351		break;
12352	case CTL_TASK_QUERY_ASYNC_EVENT:
12353		retval = ctl_query_async_event(io);
12354		break;
12355	default:
12356		printf("%s: got unknown task management event %d\n",
12357		       __func__, io->taskio.task_action);
12358		break;
12359	}
12360	if (retval == 0)
12361		io->io_hdr.status = CTL_SUCCESS;
12362	else
12363		io->io_hdr.status = CTL_ERROR;
12364	ctl_done(io);
12365}
12366
12367/*
12368 * For HA operation.  Handle commands that come in from the other
12369 * controller.
12370 */
12371static void
12372ctl_handle_isc(union ctl_io *io)
12373{
12374	int free_io;
12375	struct ctl_lun *lun;
12376	struct ctl_softc *softc = control_softc;
12377	uint32_t targ_lun;
12378
12379	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12380	lun = softc->ctl_luns[targ_lun];
12381
12382	switch (io->io_hdr.msg_type) {
12383	case CTL_MSG_SERIALIZE:
12384		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12385		break;
12386	case CTL_MSG_R2R: {
12387		const struct ctl_cmd_entry *entry;
12388
12389		/*
12390		 * This is only used in SER_ONLY mode.
12391		 */
12392		free_io = 0;
12393		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12394		mtx_lock(&lun->lun_lock);
12395		if (ctl_scsiio_lun_check(lun,
12396		    entry, (struct ctl_scsiio *)io) != 0) {
12397			mtx_unlock(&lun->lun_lock);
12398			ctl_done(io);
12399			break;
12400		}
12401		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12402		mtx_unlock(&lun->lun_lock);
12403		ctl_enqueue_rtr(io);
12404		break;
12405	}
12406	case CTL_MSG_FINISH_IO:
12407		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12408			free_io = 0;
12409			ctl_done(io);
12410		} else {
12411			free_io = 1;
12412			mtx_lock(&lun->lun_lock);
12413			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12414				     ooa_links);
12415			ctl_check_blocked(lun);
12416			mtx_unlock(&lun->lun_lock);
12417		}
12418		break;
12419	case CTL_MSG_PERS_ACTION:
12420		ctl_hndl_per_res_out_on_other_sc(
12421			(union ctl_ha_msg *)&io->presio.pr_msg);
12422		free_io = 1;
12423		break;
12424	case CTL_MSG_BAD_JUJU:
12425		free_io = 0;
12426		ctl_done(io);
12427		break;
12428	case CTL_MSG_DATAMOVE:
12429		/* Only used in XFER mode */
12430		free_io = 0;
12431		ctl_datamove_remote(io);
12432		break;
12433	case CTL_MSG_DATAMOVE_DONE:
12434		/* Only used in XFER mode */
12435		free_io = 0;
12436		io->scsiio.be_move_done(io);
12437		break;
12438	case CTL_MSG_FAILOVER:
12439		ctl_failover_lun(io);
12440		free_io = 1;
12441		break;
12442	default:
12443		free_io = 1;
12444		printf("%s: Invalid message type %d\n",
12445		       __func__, io->io_hdr.msg_type);
12446		break;
12447	}
12448	if (free_io)
12449		ctl_free_io(io);
12450
12451}
12452
12453
12454/*
12455 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12456 * there is no match.
12457 */
12458static ctl_lun_error_pattern
12459ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12460{
12461	const struct ctl_cmd_entry *entry;
12462	ctl_lun_error_pattern filtered_pattern, pattern;
12463
12464	pattern = desc->error_pattern;
12465
12466	/*
12467	 * XXX KDM we need more data passed into this function to match a
12468	 * custom pattern, and we actually need to implement custom pattern
12469	 * matching.
12470	 */
12471	if (pattern & CTL_LUN_PAT_CMD)
12472		return (CTL_LUN_PAT_CMD);
12473
12474	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12475		return (CTL_LUN_PAT_ANY);
12476
12477	entry = ctl_get_cmd_entry(ctsio, NULL);
12478
12479	filtered_pattern = entry->pattern & pattern;
12480
12481	/*
12482	 * If the user requested specific flags in the pattern (e.g.
12483	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12484	 * flags.
12485	 *
12486	 * If the user did not specify any flags, it doesn't matter whether
12487	 * or not the command supports the flags.
12488	 */
12489	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12490	     (pattern & ~CTL_LUN_PAT_MASK))
12491		return (CTL_LUN_PAT_NONE);
12492
12493	/*
12494	 * If the user asked for a range check, see if the requested LBA
12495	 * range overlaps with this command's LBA range.
12496	 */
12497	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12498		uint64_t lba1;
12499		uint64_t len1;
12500		ctl_action action;
12501		int retval;
12502
12503		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12504		if (retval != 0)
12505			return (CTL_LUN_PAT_NONE);
12506
12507		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12508					      desc->lba_range.len, FALSE);
12509		/*
12510		 * A "pass" means that the LBA ranges don't overlap, so
12511		 * this doesn't match the user's range criteria.
12512		 */
12513		if (action == CTL_ACTION_PASS)
12514			return (CTL_LUN_PAT_NONE);
12515	}
12516
12517	return (filtered_pattern);
12518}
12519
12520static void
12521ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12522{
12523	struct ctl_error_desc *desc, *desc2;
12524
12525	mtx_assert(&lun->lun_lock, MA_OWNED);
12526
12527	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12528		ctl_lun_error_pattern pattern;
12529		/*
12530		 * Check to see whether this particular command matches
12531		 * the pattern in the descriptor.
12532		 */
12533		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12534		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12535			continue;
12536
12537		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12538		case CTL_LUN_INJ_ABORTED:
12539			ctl_set_aborted(&io->scsiio);
12540			break;
12541		case CTL_LUN_INJ_MEDIUM_ERR:
12542			ctl_set_medium_error(&io->scsiio,
12543			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12544			     CTL_FLAG_DATA_OUT);
12545			break;
12546		case CTL_LUN_INJ_UA:
12547			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12548			 * OCCURRED */
12549			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12550			break;
12551		case CTL_LUN_INJ_CUSTOM:
12552			/*
12553			 * We're assuming the user knows what he is doing.
12554			 * Just copy the sense information without doing
12555			 * checks.
12556			 */
12557			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12558			      MIN(sizeof(desc->custom_sense),
12559				  sizeof(io->scsiio.sense_data)));
12560			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12561			io->scsiio.sense_len = SSD_FULL_SIZE;
12562			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12563			break;
12564		case CTL_LUN_INJ_NONE:
12565		default:
12566			/*
12567			 * If this is an error injection type we don't know
12568			 * about, clear the continuous flag (if it is set)
12569			 * so it will get deleted below.
12570			 */
12571			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12572			break;
12573		}
12574		/*
12575		 * By default, each error injection action is a one-shot
12576		 */
12577		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12578			continue;
12579
12580		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12581
12582		free(desc, M_CTL);
12583	}
12584}
12585
12586#ifdef CTL_IO_DELAY
12587static void
12588ctl_datamove_timer_wakeup(void *arg)
12589{
12590	union ctl_io *io;
12591
12592	io = (union ctl_io *)arg;
12593
12594	ctl_datamove(io);
12595}
12596#endif /* CTL_IO_DELAY */
12597
12598void
12599ctl_datamove(union ctl_io *io)
12600{
12601	struct ctl_lun *lun;
12602	void (*fe_datamove)(union ctl_io *io);
12603
12604	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12605
12606	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12607
12608	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12609#ifdef CTL_TIME_IO
12610	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12611		char str[256];
12612		char path_str[64];
12613		struct sbuf sb;
12614
12615		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12616		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12617
12618		sbuf_cat(&sb, path_str);
12619		switch (io->io_hdr.io_type) {
12620		case CTL_IO_SCSI:
12621			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12622			sbuf_printf(&sb, "\n");
12623			sbuf_cat(&sb, path_str);
12624			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12625				    io->scsiio.tag_num, io->scsiio.tag_type);
12626			break;
12627		case CTL_IO_TASK:
12628			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12629				    "Tag Type: %d\n", io->taskio.task_action,
12630				    io->taskio.tag_num, io->taskio.tag_type);
12631			break;
12632		default:
12633			panic("%s: Invalid CTL I/O type %d\n",
12634			    __func__, io->io_hdr.io_type);
12635		}
12636		sbuf_cat(&sb, path_str);
12637		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12638			    (intmax_t)time_uptime - io->io_hdr.start_time);
12639		sbuf_finish(&sb);
12640		printf("%s", sbuf_data(&sb));
12641	}
12642#endif /* CTL_TIME_IO */
12643
12644#ifdef CTL_IO_DELAY
12645	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12646		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12647	} else {
12648		if ((lun != NULL)
12649		 && (lun->delay_info.datamove_delay > 0)) {
12650
12651			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12652			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12653			callout_reset(&io->io_hdr.delay_callout,
12654				      lun->delay_info.datamove_delay * hz,
12655				      ctl_datamove_timer_wakeup, io);
12656			if (lun->delay_info.datamove_type ==
12657			    CTL_DELAY_TYPE_ONESHOT)
12658				lun->delay_info.datamove_delay = 0;
12659			return;
12660		}
12661	}
12662#endif
12663
12664	/*
12665	 * This command has been aborted.  Set the port status, so we fail
12666	 * the data move.
12667	 */
12668	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12669		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12670		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12671		       io->io_hdr.nexus.targ_port,
12672		       io->io_hdr.nexus.targ_lun);
12673		io->io_hdr.port_status = 31337;
12674		/*
12675		 * Note that the backend, in this case, will get the
12676		 * callback in its context.  In other cases it may get
12677		 * called in the frontend's interrupt thread context.
12678		 */
12679		io->scsiio.be_move_done(io);
12680		return;
12681	}
12682
12683	/* Don't confuse frontend with zero length data move. */
12684	if (io->scsiio.kern_data_len == 0) {
12685		io->scsiio.be_move_done(io);
12686		return;
12687	}
12688
12689	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12690	fe_datamove(io);
12691}
12692
12693static void
12694ctl_send_datamove_done(union ctl_io *io, int have_lock)
12695{
12696	union ctl_ha_msg msg;
12697#ifdef CTL_TIME_IO
12698	struct bintime cur_bt;
12699#endif
12700
12701	memset(&msg, 0, sizeof(msg));
12702	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12703	msg.hdr.original_sc = io;
12704	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12705	msg.hdr.nexus = io->io_hdr.nexus;
12706	msg.hdr.status = io->io_hdr.status;
12707	msg.scsi.tag_num = io->scsiio.tag_num;
12708	msg.scsi.tag_type = io->scsiio.tag_type;
12709	msg.scsi.scsi_status = io->scsiio.scsi_status;
12710	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12711	       io->scsiio.sense_len);
12712	msg.scsi.sense_len = io->scsiio.sense_len;
12713	msg.scsi.sense_residual = io->scsiio.sense_residual;
12714	msg.scsi.fetd_status = io->io_hdr.port_status;
12715	msg.scsi.residual = io->scsiio.residual;
12716	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12717	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12718		ctl_failover_io(io, /*have_lock*/ have_lock);
12719		return;
12720	}
12721	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12722	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12723	    msg.scsi.sense_len, M_WAITOK);
12724
12725#ifdef CTL_TIME_IO
12726	getbinuptime(&cur_bt);
12727	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12728	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12729#endif
12730	io->io_hdr.num_dmas++;
12731}
12732
12733/*
12734 * The DMA to the remote side is done, now we need to tell the other side
12735 * we're done so it can continue with its data movement.
12736 */
12737static void
12738ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12739{
12740	union ctl_io *io;
12741	uint32_t i;
12742
12743	io = rq->context;
12744
12745	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12746		printf("%s: ISC DMA write failed with error %d", __func__,
12747		       rq->ret);
12748		ctl_set_internal_failure(&io->scsiio,
12749					 /*sks_valid*/ 1,
12750					 /*retry_count*/ rq->ret);
12751	}
12752
12753	ctl_dt_req_free(rq);
12754
12755	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12756		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12757	free(io->io_hdr.remote_sglist, M_CTL);
12758	io->io_hdr.remote_sglist = NULL;
12759	io->io_hdr.local_sglist = NULL;
12760
12761	/*
12762	 * The data is in local and remote memory, so now we need to send
12763	 * status (good or back) back to the other side.
12764	 */
12765	ctl_send_datamove_done(io, /*have_lock*/ 0);
12766}
12767
12768/*
12769 * We've moved the data from the host/controller into local memory.  Now we
12770 * need to push it over to the remote controller's memory.
12771 */
12772static int
12773ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12774{
12775	int retval;
12776
12777	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12778					  ctl_datamove_remote_write_cb);
12779	return (retval);
12780}
12781
12782static void
12783ctl_datamove_remote_write(union ctl_io *io)
12784{
12785	int retval;
12786	void (*fe_datamove)(union ctl_io *io);
12787
12788	/*
12789	 * - Get the data from the host/HBA into local memory.
12790	 * - DMA memory from the local controller to the remote controller.
12791	 * - Send status back to the remote controller.
12792	 */
12793
12794	retval = ctl_datamove_remote_sgl_setup(io);
12795	if (retval != 0)
12796		return;
12797
12798	/* Switch the pointer over so the FETD knows what to do */
12799	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12800
12801	/*
12802	 * Use a custom move done callback, since we need to send completion
12803	 * back to the other controller, not to the backend on this side.
12804	 */
12805	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12806
12807	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12808	fe_datamove(io);
12809}
12810
12811static int
12812ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12813{
12814#if 0
12815	char str[256];
12816	char path_str[64];
12817	struct sbuf sb;
12818#endif
12819	uint32_t i;
12820
12821	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12822		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12823	free(io->io_hdr.remote_sglist, M_CTL);
12824	io->io_hdr.remote_sglist = NULL;
12825	io->io_hdr.local_sglist = NULL;
12826
12827#if 0
12828	scsi_path_string(io, path_str, sizeof(path_str));
12829	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12830	sbuf_cat(&sb, path_str);
12831	scsi_command_string(&io->scsiio, NULL, &sb);
12832	sbuf_printf(&sb, "\n");
12833	sbuf_cat(&sb, path_str);
12834	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12835		    io->scsiio.tag_num, io->scsiio.tag_type);
12836	sbuf_cat(&sb, path_str);
12837	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12838		    io->io_hdr.flags, io->io_hdr.status);
12839	sbuf_finish(&sb);
12840	printk("%s", sbuf_data(&sb));
12841#endif
12842
12843
12844	/*
12845	 * The read is done, now we need to send status (good or bad) back
12846	 * to the other side.
12847	 */
12848	ctl_send_datamove_done(io, /*have_lock*/ 0);
12849
12850	return (0);
12851}
12852
12853static void
12854ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12855{
12856	union ctl_io *io;
12857	void (*fe_datamove)(union ctl_io *io);
12858
12859	io = rq->context;
12860
12861	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12862		printf("%s: ISC DMA read failed with error %d\n", __func__,
12863		       rq->ret);
12864		ctl_set_internal_failure(&io->scsiio,
12865					 /*sks_valid*/ 1,
12866					 /*retry_count*/ rq->ret);
12867	}
12868
12869	ctl_dt_req_free(rq);
12870
12871	/* Switch the pointer over so the FETD knows what to do */
12872	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12873
12874	/*
12875	 * Use a custom move done callback, since we need to send completion
12876	 * back to the other controller, not to the backend on this side.
12877	 */
12878	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12879
12880	/* XXX KDM add checks like the ones in ctl_datamove? */
12881
12882	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12883	fe_datamove(io);
12884}
12885
12886static int
12887ctl_datamove_remote_sgl_setup(union ctl_io *io)
12888{
12889	struct ctl_sg_entry *local_sglist;
12890	uint32_t len_to_go;
12891	int retval;
12892	int i;
12893
12894	retval = 0;
12895	local_sglist = io->io_hdr.local_sglist;
12896	len_to_go = io->scsiio.kern_data_len;
12897
12898	/*
12899	 * The difficult thing here is that the size of the various
12900	 * S/G segments may be different than the size from the
12901	 * remote controller.  That'll make it harder when DMAing
12902	 * the data back to the other side.
12903	 */
12904	for (i = 0; len_to_go > 0; i++) {
12905		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12906		local_sglist[i].addr =
12907		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12908
12909		len_to_go -= local_sglist[i].len;
12910	}
12911	/*
12912	 * Reset the number of S/G entries accordingly.  The original
12913	 * number of S/G entries is available in rem_sg_entries.
12914	 */
12915	io->scsiio.kern_sg_entries = i;
12916
12917#if 0
12918	printf("%s: kern_sg_entries = %d\n", __func__,
12919	       io->scsiio.kern_sg_entries);
12920	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12921		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12922		       local_sglist[i].addr, local_sglist[i].len);
12923#endif
12924
12925	return (retval);
12926}
12927
12928static int
12929ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12930			 ctl_ha_dt_cb callback)
12931{
12932	struct ctl_ha_dt_req *rq;
12933	struct ctl_sg_entry *remote_sglist, *local_sglist;
12934	uint32_t local_used, remote_used, total_used;
12935	int i, j, isc_ret;
12936
12937	rq = ctl_dt_req_alloc();
12938
12939	/*
12940	 * If we failed to allocate the request, and if the DMA didn't fail
12941	 * anyway, set busy status.  This is just a resource allocation
12942	 * failure.
12943	 */
12944	if ((rq == NULL)
12945	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12946	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12947		ctl_set_busy(&io->scsiio);
12948
12949	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12950	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12951
12952		if (rq != NULL)
12953			ctl_dt_req_free(rq);
12954
12955		/*
12956		 * The data move failed.  We need to return status back
12957		 * to the other controller.  No point in trying to DMA
12958		 * data to the remote controller.
12959		 */
12960
12961		ctl_send_datamove_done(io, /*have_lock*/ 0);
12962
12963		return (1);
12964	}
12965
12966	local_sglist = io->io_hdr.local_sglist;
12967	remote_sglist = io->io_hdr.remote_sglist;
12968	local_used = 0;
12969	remote_used = 0;
12970	total_used = 0;
12971
12972	/*
12973	 * Pull/push the data over the wire from/to the other controller.
12974	 * This takes into account the possibility that the local and
12975	 * remote sglists may not be identical in terms of the size of
12976	 * the elements and the number of elements.
12977	 *
12978	 * One fundamental assumption here is that the length allocated for
12979	 * both the local and remote sglists is identical.  Otherwise, we've
12980	 * essentially got a coding error of some sort.
12981	 */
12982	isc_ret = CTL_HA_STATUS_SUCCESS;
12983	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12984		uint32_t cur_len;
12985		uint8_t *tmp_ptr;
12986
12987		rq->command = command;
12988		rq->context = io;
12989
12990		/*
12991		 * Both pointers should be aligned.  But it is possible
12992		 * that the allocation length is not.  They should both
12993		 * also have enough slack left over at the end, though,
12994		 * to round up to the next 8 byte boundary.
12995		 */
12996		cur_len = MIN(local_sglist[i].len - local_used,
12997			      remote_sglist[j].len - remote_used);
12998		rq->size = cur_len;
12999
13000		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13001		tmp_ptr += local_used;
13002
13003#if 0
13004		/* Use physical addresses when talking to ISC hardware */
13005		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13006			/* XXX KDM use busdma */
13007			rq->local = vtophys(tmp_ptr);
13008		} else
13009			rq->local = tmp_ptr;
13010#else
13011		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
13012		    ("HA does not support BUS_ADDR"));
13013		rq->local = tmp_ptr;
13014#endif
13015
13016		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13017		tmp_ptr += remote_used;
13018		rq->remote = tmp_ptr;
13019
13020		rq->callback = NULL;
13021
13022		local_used += cur_len;
13023		if (local_used >= local_sglist[i].len) {
13024			i++;
13025			local_used = 0;
13026		}
13027
13028		remote_used += cur_len;
13029		if (remote_used >= remote_sglist[j].len) {
13030			j++;
13031			remote_used = 0;
13032		}
13033		total_used += cur_len;
13034
13035		if (total_used >= io->scsiio.kern_data_len)
13036			rq->callback = callback;
13037
13038#if 0
13039		printf("%s: %s: local %p remote %p size %d\n", __func__,
13040		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13041		       rq->local, rq->remote, rq->size);
13042#endif
13043
13044		isc_ret = ctl_dt_single(rq);
13045		if (isc_ret > CTL_HA_STATUS_SUCCESS)
13046			break;
13047	}
13048	if (isc_ret != CTL_HA_STATUS_WAIT) {
13049		rq->ret = isc_ret;
13050		callback(rq);
13051	}
13052
13053	return (0);
13054}
13055
13056static void
13057ctl_datamove_remote_read(union ctl_io *io)
13058{
13059	int retval;
13060	uint32_t i;
13061
13062	/*
13063	 * This will send an error to the other controller in the case of a
13064	 * failure.
13065	 */
13066	retval = ctl_datamove_remote_sgl_setup(io);
13067	if (retval != 0)
13068		return;
13069
13070	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13071					  ctl_datamove_remote_read_cb);
13072	if (retval != 0) {
13073		/*
13074		 * Make sure we free memory if there was an error..  The
13075		 * ctl_datamove_remote_xfer() function will send the
13076		 * datamove done message, or call the callback with an
13077		 * error if there is a problem.
13078		 */
13079		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13080			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13081		free(io->io_hdr.remote_sglist, M_CTL);
13082		io->io_hdr.remote_sglist = NULL;
13083		io->io_hdr.local_sglist = NULL;
13084	}
13085}
13086
13087/*
13088 * Process a datamove request from the other controller.  This is used for
13089 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13090 * first.  Once that is complete, the data gets DMAed into the remote
13091 * controller's memory.  For reads, we DMA from the remote controller's
13092 * memory into our memory first, and then move it out to the FETD.
13093 */
13094static void
13095ctl_datamove_remote(union ctl_io *io)
13096{
13097
13098	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
13099
13100	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13101		ctl_failover_io(io, /*have_lock*/ 0);
13102		return;
13103	}
13104
13105	/*
13106	 * Note that we look for an aborted I/O here, but don't do some of
13107	 * the other checks that ctl_datamove() normally does.
13108	 * We don't need to run the datamove delay code, since that should
13109	 * have been done if need be on the other controller.
13110	 */
13111	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13112		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
13113		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
13114		       io->io_hdr.nexus.targ_port,
13115		       io->io_hdr.nexus.targ_lun);
13116		io->io_hdr.port_status = 31338;
13117		ctl_send_datamove_done(io, /*have_lock*/ 0);
13118		return;
13119	}
13120
13121	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
13122		ctl_datamove_remote_write(io);
13123	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
13124		ctl_datamove_remote_read(io);
13125	else {
13126		io->io_hdr.port_status = 31339;
13127		ctl_send_datamove_done(io, /*have_lock*/ 0);
13128	}
13129}
13130
13131static void
13132ctl_process_done(union ctl_io *io)
13133{
13134	struct ctl_lun *lun;
13135	struct ctl_softc *softc = control_softc;
13136	void (*fe_done)(union ctl_io *io);
13137	union ctl_ha_msg msg;
13138	uint32_t targ_port = io->io_hdr.nexus.targ_port;
13139
13140	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13141	fe_done = softc->ctl_ports[targ_port]->fe_done;
13142
13143#ifdef CTL_TIME_IO
13144	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13145		char str[256];
13146		char path_str[64];
13147		struct sbuf sb;
13148
13149		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13150		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13151
13152		sbuf_cat(&sb, path_str);
13153		switch (io->io_hdr.io_type) {
13154		case CTL_IO_SCSI:
13155			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13156			sbuf_printf(&sb, "\n");
13157			sbuf_cat(&sb, path_str);
13158			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13159				    io->scsiio.tag_num, io->scsiio.tag_type);
13160			break;
13161		case CTL_IO_TASK:
13162			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13163				    "Tag Type: %d\n", io->taskio.task_action,
13164				    io->taskio.tag_num, io->taskio.tag_type);
13165			break;
13166		default:
13167			panic("%s: Invalid CTL I/O type %d\n",
13168			    __func__, io->io_hdr.io_type);
13169		}
13170		sbuf_cat(&sb, path_str);
13171		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13172			    (intmax_t)time_uptime - io->io_hdr.start_time);
13173		sbuf_finish(&sb);
13174		printf("%s", sbuf_data(&sb));
13175	}
13176#endif /* CTL_TIME_IO */
13177
13178	switch (io->io_hdr.io_type) {
13179	case CTL_IO_SCSI:
13180		break;
13181	case CTL_IO_TASK:
13182		if (ctl_debug & CTL_DEBUG_INFO)
13183			ctl_io_error_print(io, NULL);
13184		fe_done(io);
13185		return;
13186	default:
13187		panic("%s: Invalid CTL I/O type %d\n",
13188		    __func__, io->io_hdr.io_type);
13189	}
13190
13191	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13192	if (lun == NULL) {
13193		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13194				 io->io_hdr.nexus.targ_mapped_lun));
13195		goto bailout;
13196	}
13197
13198	mtx_lock(&lun->lun_lock);
13199
13200	/*
13201	 * Check to see if we have any informational exception and status
13202	 * of this command can be modified to report it in form of either
13203	 * RECOVERED ERROR or NO SENSE, depending on MRIE mode page field.
13204	 */
13205	if (lun->ie_reported == 0 && lun->ie_asc != 0 &&
13206	    io->io_hdr.status == CTL_SUCCESS &&
13207	    (io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0) {
13208		uint8_t mrie = lun->MODE_IE.mrie;
13209		uint8_t per = ((lun->MODE_RWER.byte3 & SMS_RWER_PER) ||
13210		    (lun->MODE_VER.byte3 & SMS_VER_PER));
13211		if (((mrie == SIEP_MRIE_REC_COND && per) ||
13212		     mrie == SIEP_MRIE_REC_UNCOND ||
13213		     mrie == SIEP_MRIE_NO_SENSE) &&
13214		    (ctl_get_cmd_entry(&io->scsiio, NULL)->flags &
13215		     CTL_CMD_FLAG_NO_SENSE) == 0) {
13216			ctl_set_sense(&io->scsiio,
13217			      /*current_error*/ 1,
13218			      /*sense_key*/ (mrie == SIEP_MRIE_NO_SENSE) ?
13219			        SSD_KEY_NO_SENSE : SSD_KEY_RECOVERED_ERROR,
13220			      /*asc*/ lun->ie_asc,
13221			      /*ascq*/ lun->ie_ascq,
13222			      SSD_ELEM_NONE);
13223			lun->ie_reported = 1;
13224		}
13225	} else if (lun->ie_reported < 0)
13226		lun->ie_reported = 0;
13227
13228	/*
13229	 * Check to see if we have any errors to inject here.  We only
13230	 * inject errors for commands that don't already have errors set.
13231	 */
13232	if (!STAILQ_EMPTY(&lun->error_list) &&
13233	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13234	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13235		ctl_inject_error(lun, io);
13236
13237	/*
13238	 * XXX KDM how do we treat commands that aren't completed
13239	 * successfully?
13240	 *
13241	 * XXX KDM should we also track I/O latency?
13242	 */
13243	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13244	    io->io_hdr.io_type == CTL_IO_SCSI) {
13245#ifdef CTL_TIME_IO
13246		struct bintime cur_bt;
13247#endif
13248		int type;
13249
13250		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13251		    CTL_FLAG_DATA_IN)
13252			type = CTL_STATS_READ;
13253		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13254		    CTL_FLAG_DATA_OUT)
13255			type = CTL_STATS_WRITE;
13256		else
13257			type = CTL_STATS_NO_IO;
13258
13259		lun->stats.ports[targ_port].bytes[type] +=
13260		    io->scsiio.kern_total_len;
13261		lun->stats.ports[targ_port].operations[type]++;
13262#ifdef CTL_TIME_IO
13263		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13264		   &io->io_hdr.dma_bt);
13265		getbinuptime(&cur_bt);
13266		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13267		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13268#endif
13269		lun->stats.ports[targ_port].num_dmas[type] +=
13270		    io->io_hdr.num_dmas;
13271	}
13272
13273	/*
13274	 * Remove this from the OOA queue.
13275	 */
13276	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13277#ifdef CTL_TIME_IO
13278	if (TAILQ_EMPTY(&lun->ooa_queue))
13279		lun->last_busy = getsbinuptime();
13280#endif
13281
13282	/*
13283	 * Run through the blocked queue on this LUN and see if anything
13284	 * has become unblocked, now that this transaction is done.
13285	 */
13286	ctl_check_blocked(lun);
13287
13288	/*
13289	 * If the LUN has been invalidated, free it if there is nothing
13290	 * left on its OOA queue.
13291	 */
13292	if ((lun->flags & CTL_LUN_INVALID)
13293	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13294		mtx_unlock(&lun->lun_lock);
13295		mtx_lock(&softc->ctl_lock);
13296		ctl_free_lun(lun);
13297		mtx_unlock(&softc->ctl_lock);
13298	} else
13299		mtx_unlock(&lun->lun_lock);
13300
13301bailout:
13302
13303	/*
13304	 * If this command has been aborted, make sure we set the status
13305	 * properly.  The FETD is responsible for freeing the I/O and doing
13306	 * whatever it needs to do to clean up its state.
13307	 */
13308	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13309		ctl_set_task_aborted(&io->scsiio);
13310
13311	/*
13312	 * If enabled, print command error status.
13313	 */
13314	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13315	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13316		ctl_io_error_print(io, NULL);
13317
13318	/*
13319	 * Tell the FETD or the other shelf controller we're done with this
13320	 * command.  Note that only SCSI commands get to this point.  Task
13321	 * management commands are completed above.
13322	 */
13323	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13324	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13325		memset(&msg, 0, sizeof(msg));
13326		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13327		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13328		msg.hdr.nexus = io->io_hdr.nexus;
13329		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13330		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13331		    M_WAITOK);
13332	}
13333
13334	fe_done(io);
13335}
13336
13337#ifdef CTL_WITH_CA
13338/*
13339 * Front end should call this if it doesn't do autosense.  When the request
13340 * sense comes back in from the initiator, we'll dequeue this and send it.
13341 */
13342int
13343ctl_queue_sense(union ctl_io *io)
13344{
13345	struct ctl_lun *lun;
13346	struct ctl_port *port;
13347	struct ctl_softc *softc;
13348	uint32_t initidx, targ_lun;
13349
13350	softc = control_softc;
13351
13352	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13353
13354	/*
13355	 * LUN lookup will likely move to the ctl_work_thread() once we
13356	 * have our new queueing infrastructure (that doesn't put things on
13357	 * a per-LUN queue initially).  That is so that we can handle
13358	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13359	 * can't deal with that right now.
13360	 */
13361	mtx_lock(&softc->ctl_lock);
13362
13363	/*
13364	 * If we don't have a LUN for this, just toss the sense
13365	 * information.
13366	 */
13367	port = ctl_io_port(&ctsio->io_hdr);
13368	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13369	if ((targ_lun < CTL_MAX_LUNS)
13370	 && (softc->ctl_luns[targ_lun] != NULL))
13371		lun = softc->ctl_luns[targ_lun];
13372	else
13373		goto bailout;
13374
13375	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13376
13377	mtx_lock(&lun->lun_lock);
13378	/*
13379	 * Already have CA set for this LUN...toss the sense information.
13380	 */
13381	if (ctl_is_set(lun->have_ca, initidx)) {
13382		mtx_unlock(&lun->lun_lock);
13383		goto bailout;
13384	}
13385
13386	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13387	       MIN(sizeof(lun->pending_sense[initidx]),
13388	       sizeof(io->scsiio.sense_data)));
13389	ctl_set_mask(lun->have_ca, initidx);
13390	mtx_unlock(&lun->lun_lock);
13391
13392bailout:
13393	mtx_unlock(&softc->ctl_lock);
13394
13395	ctl_free_io(io);
13396
13397	return (CTL_RETVAL_COMPLETE);
13398}
13399#endif
13400
13401/*
13402 * Primary command inlet from frontend ports.  All SCSI and task I/O
13403 * requests must go through this function.
13404 */
13405int
13406ctl_queue(union ctl_io *io)
13407{
13408	struct ctl_port *port;
13409
13410	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13411
13412#ifdef CTL_TIME_IO
13413	io->io_hdr.start_time = time_uptime;
13414	getbinuptime(&io->io_hdr.start_bt);
13415#endif /* CTL_TIME_IO */
13416
13417	/* Map FE-specific LUN ID into global one. */
13418	port = ctl_io_port(&io->io_hdr);
13419	io->io_hdr.nexus.targ_mapped_lun =
13420	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13421
13422	switch (io->io_hdr.io_type) {
13423	case CTL_IO_SCSI:
13424	case CTL_IO_TASK:
13425		if (ctl_debug & CTL_DEBUG_CDB)
13426			ctl_io_print(io);
13427		ctl_enqueue_incoming(io);
13428		break;
13429	default:
13430		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13431		return (EINVAL);
13432	}
13433
13434	return (CTL_RETVAL_COMPLETE);
13435}
13436
13437#ifdef CTL_IO_DELAY
13438static void
13439ctl_done_timer_wakeup(void *arg)
13440{
13441	union ctl_io *io;
13442
13443	io = (union ctl_io *)arg;
13444	ctl_done(io);
13445}
13446#endif /* CTL_IO_DELAY */
13447
13448void
13449ctl_serseq_done(union ctl_io *io)
13450{
13451	struct ctl_lun *lun;
13452
13453	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13454	if (lun->be_lun == NULL ||
13455	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13456		return;
13457	mtx_lock(&lun->lun_lock);
13458	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13459	ctl_check_blocked(lun);
13460	mtx_unlock(&lun->lun_lock);
13461}
13462
13463void
13464ctl_done(union ctl_io *io)
13465{
13466
13467	/*
13468	 * Enable this to catch duplicate completion issues.
13469	 */
13470#if 0
13471	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13472		printf("%s: type %d msg %d cdb %x iptl: "
13473		       "%u:%u:%u tag 0x%04x "
13474		       "flag %#x status %x\n",
13475			__func__,
13476			io->io_hdr.io_type,
13477			io->io_hdr.msg_type,
13478			io->scsiio.cdb[0],
13479			io->io_hdr.nexus.initid,
13480			io->io_hdr.nexus.targ_port,
13481			io->io_hdr.nexus.targ_lun,
13482			(io->io_hdr.io_type ==
13483			CTL_IO_TASK) ?
13484			io->taskio.tag_num :
13485			io->scsiio.tag_num,
13486		        io->io_hdr.flags,
13487			io->io_hdr.status);
13488	} else
13489		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13490#endif
13491
13492	/*
13493	 * This is an internal copy of an I/O, and should not go through
13494	 * the normal done processing logic.
13495	 */
13496	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13497		return;
13498
13499#ifdef CTL_IO_DELAY
13500	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13501		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13502	} else {
13503		struct ctl_lun *lun;
13504
13505		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13506
13507		if ((lun != NULL)
13508		 && (lun->delay_info.done_delay > 0)) {
13509
13510			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13511			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13512			callout_reset(&io->io_hdr.delay_callout,
13513				      lun->delay_info.done_delay * hz,
13514				      ctl_done_timer_wakeup, io);
13515			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13516				lun->delay_info.done_delay = 0;
13517			return;
13518		}
13519	}
13520#endif /* CTL_IO_DELAY */
13521
13522	ctl_enqueue_done(io);
13523}
13524
13525static void
13526ctl_work_thread(void *arg)
13527{
13528	struct ctl_thread *thr = (struct ctl_thread *)arg;
13529	struct ctl_softc *softc = thr->ctl_softc;
13530	union ctl_io *io;
13531	int retval;
13532
13533	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13534
13535	for (;;) {
13536		/*
13537		 * We handle the queues in this order:
13538		 * - ISC
13539		 * - done queue (to free up resources, unblock other commands)
13540		 * - RtR queue
13541		 * - incoming queue
13542		 *
13543		 * If those queues are empty, we break out of the loop and
13544		 * go to sleep.
13545		 */
13546		mtx_lock(&thr->queue_lock);
13547		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13548		if (io != NULL) {
13549			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13550			mtx_unlock(&thr->queue_lock);
13551			ctl_handle_isc(io);
13552			continue;
13553		}
13554		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13555		if (io != NULL) {
13556			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13557			/* clear any blocked commands, call fe_done */
13558			mtx_unlock(&thr->queue_lock);
13559			ctl_process_done(io);
13560			continue;
13561		}
13562		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13563		if (io != NULL) {
13564			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13565			mtx_unlock(&thr->queue_lock);
13566			if (io->io_hdr.io_type == CTL_IO_TASK)
13567				ctl_run_task(io);
13568			else
13569				ctl_scsiio_precheck(softc, &io->scsiio);
13570			continue;
13571		}
13572		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13573		if (io != NULL) {
13574			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13575			mtx_unlock(&thr->queue_lock);
13576			retval = ctl_scsiio(&io->scsiio);
13577			if (retval != CTL_RETVAL_COMPLETE)
13578				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13579			continue;
13580		}
13581
13582		/* Sleep until we have something to do. */
13583		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13584	}
13585}
13586
13587static void
13588ctl_lun_thread(void *arg)
13589{
13590	struct ctl_softc *softc = (struct ctl_softc *)arg;
13591	struct ctl_be_lun *be_lun;
13592
13593	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13594
13595	for (;;) {
13596		mtx_lock(&softc->ctl_lock);
13597		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13598		if (be_lun != NULL) {
13599			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13600			mtx_unlock(&softc->ctl_lock);
13601			ctl_create_lun(be_lun);
13602			continue;
13603		}
13604
13605		/* Sleep until we have something to do. */
13606		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13607		    PDROP | PRIBIO, "-", 0);
13608	}
13609}
13610
13611static void
13612ctl_thresh_thread(void *arg)
13613{
13614	struct ctl_softc *softc = (struct ctl_softc *)arg;
13615	struct ctl_lun *lun;
13616	struct ctl_logical_block_provisioning_page *page;
13617	const char *attr;
13618	union ctl_ha_msg msg;
13619	uint64_t thres, val;
13620	int i, e, set;
13621
13622	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13623
13624	for (;;) {
13625		mtx_lock(&softc->ctl_lock);
13626		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13627			if ((lun->flags & CTL_LUN_DISABLED) ||
13628			    (lun->flags & CTL_LUN_NO_MEDIA) ||
13629			    lun->backend->lun_attr == NULL)
13630				continue;
13631			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13632			    softc->ha_mode == CTL_HA_MODE_XFER)
13633				continue;
13634			if ((lun->MODE_RWER.byte8 & SMS_RWER_LBPERE) == 0)
13635				continue;
13636			e = 0;
13637			page = &lun->MODE_LBP;
13638			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13639				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13640					continue;
13641				thres = scsi_4btoul(page->descr[i].count);
13642				thres <<= CTL_LBP_EXPONENT;
13643				switch (page->descr[i].resource) {
13644				case 0x01:
13645					attr = "blocksavail";
13646					break;
13647				case 0x02:
13648					attr = "blocksused";
13649					break;
13650				case 0xf1:
13651					attr = "poolblocksavail";
13652					break;
13653				case 0xf2:
13654					attr = "poolblocksused";
13655					break;
13656				default:
13657					continue;
13658				}
13659				mtx_unlock(&softc->ctl_lock); // XXX
13660				val = lun->backend->lun_attr(
13661				    lun->be_lun->be_lun, attr);
13662				mtx_lock(&softc->ctl_lock);
13663				if (val == UINT64_MAX)
13664					continue;
13665				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13666				    == SLBPPD_ARMING_INC)
13667					e = (val >= thres);
13668				else
13669					e = (val <= thres);
13670				if (e)
13671					break;
13672			}
13673			mtx_lock(&lun->lun_lock);
13674			if (e) {
13675				scsi_u64to8b((uint8_t *)&page->descr[i] -
13676				    (uint8_t *)page, lun->ua_tpt_info);
13677				if (lun->lasttpt == 0 ||
13678				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13679					lun->lasttpt = time_uptime;
13680					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13681					set = 1;
13682				} else
13683					set = 0;
13684			} else {
13685				lun->lasttpt = 0;
13686				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13687				set = -1;
13688			}
13689			mtx_unlock(&lun->lun_lock);
13690			if (set != 0 &&
13691			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13692				/* Send msg to other side. */
13693				bzero(&msg.ua, sizeof(msg.ua));
13694				msg.hdr.msg_type = CTL_MSG_UA;
13695				msg.hdr.nexus.initid = -1;
13696				msg.hdr.nexus.targ_port = -1;
13697				msg.hdr.nexus.targ_lun = lun->lun;
13698				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13699				msg.ua.ua_all = 1;
13700				msg.ua.ua_set = (set > 0);
13701				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13702				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13703				mtx_unlock(&softc->ctl_lock); // XXX
13704				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13705				    sizeof(msg.ua), M_WAITOK);
13706				mtx_lock(&softc->ctl_lock);
13707			}
13708		}
13709		mtx_unlock(&softc->ctl_lock);
13710		pause("-", CTL_LBP_PERIOD * hz);
13711	}
13712}
13713
13714static void
13715ctl_enqueue_incoming(union ctl_io *io)
13716{
13717	struct ctl_softc *softc = control_softc;
13718	struct ctl_thread *thr;
13719	u_int idx;
13720
13721	idx = (io->io_hdr.nexus.targ_port * 127 +
13722	       io->io_hdr.nexus.initid) % worker_threads;
13723	thr = &softc->threads[idx];
13724	mtx_lock(&thr->queue_lock);
13725	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13726	mtx_unlock(&thr->queue_lock);
13727	wakeup(thr);
13728}
13729
13730static void
13731ctl_enqueue_rtr(union ctl_io *io)
13732{
13733	struct ctl_softc *softc = control_softc;
13734	struct ctl_thread *thr;
13735
13736	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13737	mtx_lock(&thr->queue_lock);
13738	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13739	mtx_unlock(&thr->queue_lock);
13740	wakeup(thr);
13741}
13742
13743static void
13744ctl_enqueue_done(union ctl_io *io)
13745{
13746	struct ctl_softc *softc = control_softc;
13747	struct ctl_thread *thr;
13748
13749	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13750	mtx_lock(&thr->queue_lock);
13751	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13752	mtx_unlock(&thr->queue_lock);
13753	wakeup(thr);
13754}
13755
13756static void
13757ctl_enqueue_isc(union ctl_io *io)
13758{
13759	struct ctl_softc *softc = control_softc;
13760	struct ctl_thread *thr;
13761
13762	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13763	mtx_lock(&thr->queue_lock);
13764	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13765	mtx_unlock(&thr->queue_lock);
13766	wakeup(thr);
13767}
13768
13769/*
13770 *  vim: ts=8
13771 */
13772