ctl.c revision 313367 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2014-2017 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: stable/10/sys/cam/ctl/ctl.c 313367 2017-02-07 01:44:18Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_cd.h>
73#include <cam/scsi/scsi_da.h>
74#include <cam/ctl/ctl_io.h>
75#include <cam/ctl/ctl.h>
76#include <cam/ctl/ctl_frontend.h>
77#include <cam/ctl/ctl_util.h>
78#include <cam/ctl/ctl_backend.h>
79#include <cam/ctl/ctl_ioctl.h>
80#include <cam/ctl/ctl_ha.h>
81#include <cam/ctl/ctl_private.h>
82#include <cam/ctl/ctl_debug.h>
83#include <cam/ctl/ctl_scsi_all.h>
84#include <cam/ctl/ctl_error.h>
85
86struct ctl_softc *control_softc = NULL;
87
88/*
89 * Template mode pages.
90 */
91
92/*
93 * Note that these are default values only.  The actual values will be
94 * filled in when the user does a mode sense.
95 */
96const static struct scsi_da_rw_recovery_page rw_er_page_default = {
97	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
98	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
99	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
100	/*read_retry_count*/0,
101	/*correction_span*/0,
102	/*head_offset_count*/0,
103	/*data_strobe_offset_cnt*/0,
104	/*byte8*/SMS_RWER_LBPERE,
105	/*write_retry_count*/0,
106	/*reserved2*/0,
107	/*recovery_time_limit*/{0, 0},
108};
109
110const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
111	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
112	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
113	/*byte3*/SMS_RWER_PER,
114	/*read_retry_count*/0,
115	/*correction_span*/0,
116	/*head_offset_count*/0,
117	/*data_strobe_offset_cnt*/0,
118	/*byte8*/SMS_RWER_LBPERE,
119	/*write_retry_count*/0,
120	/*reserved2*/0,
121	/*recovery_time_limit*/{0, 0},
122};
123
124const static struct scsi_format_page format_page_default = {
125	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
126	/*page_length*/sizeof(struct scsi_format_page) - 2,
127	/*tracks_per_zone*/ {0, 0},
128	/*alt_sectors_per_zone*/ {0, 0},
129	/*alt_tracks_per_zone*/ {0, 0},
130	/*alt_tracks_per_lun*/ {0, 0},
131	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
132			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
133	/*bytes_per_sector*/ {0, 0},
134	/*interleave*/ {0, 0},
135	/*track_skew*/ {0, 0},
136	/*cylinder_skew*/ {0, 0},
137	/*flags*/ SFP_HSEC,
138	/*reserved*/ {0, 0, 0}
139};
140
141const static struct scsi_format_page format_page_changeable = {
142	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
143	/*page_length*/sizeof(struct scsi_format_page) - 2,
144	/*tracks_per_zone*/ {0, 0},
145	/*alt_sectors_per_zone*/ {0, 0},
146	/*alt_tracks_per_zone*/ {0, 0},
147	/*alt_tracks_per_lun*/ {0, 0},
148	/*sectors_per_track*/ {0, 0},
149	/*bytes_per_sector*/ {0, 0},
150	/*interleave*/ {0, 0},
151	/*track_skew*/ {0, 0},
152	/*cylinder_skew*/ {0, 0},
153	/*flags*/ 0,
154	/*reserved*/ {0, 0, 0}
155};
156
157const static struct scsi_rigid_disk_page rigid_disk_page_default = {
158	/*page_code*/SMS_RIGID_DISK_PAGE,
159	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
160	/*cylinders*/ {0, 0, 0},
161	/*heads*/ CTL_DEFAULT_HEADS,
162	/*start_write_precomp*/ {0, 0, 0},
163	/*start_reduced_current*/ {0, 0, 0},
164	/*step_rate*/ {0, 0},
165	/*landing_zone_cylinder*/ {0, 0, 0},
166	/*rpl*/ SRDP_RPL_DISABLED,
167	/*rotational_offset*/ 0,
168	/*reserved1*/ 0,
169	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
170			   CTL_DEFAULT_ROTATION_RATE & 0xff},
171	/*reserved2*/ {0, 0}
172};
173
174const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
175	/*page_code*/SMS_RIGID_DISK_PAGE,
176	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
177	/*cylinders*/ {0, 0, 0},
178	/*heads*/ 0,
179	/*start_write_precomp*/ {0, 0, 0},
180	/*start_reduced_current*/ {0, 0, 0},
181	/*step_rate*/ {0, 0},
182	/*landing_zone_cylinder*/ {0, 0, 0},
183	/*rpl*/ 0,
184	/*rotational_offset*/ 0,
185	/*reserved1*/ 0,
186	/*rotation_rate*/ {0, 0},
187	/*reserved2*/ {0, 0}
188};
189
190const static struct scsi_da_verify_recovery_page verify_er_page_default = {
191	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
192	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
193	/*byte3*/0,
194	/*read_retry_count*/0,
195	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
196	/*recovery_time_limit*/{0, 0},
197};
198
199const static struct scsi_da_verify_recovery_page verify_er_page_changeable = {
200	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
201	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
202	/*byte3*/SMS_VER_PER,
203	/*read_retry_count*/0,
204	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
205	/*recovery_time_limit*/{0, 0},
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK | SCP_NUAR,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0xff
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_EWASC,
288	/*mrie*/SIEP_MRIE_NO,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 1}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/SIEP_FLAGS_EWASC | SIEP_FLAGS_DEXCPT | SIEP_FLAGS_TEST |
297	    SIEP_FLAGS_LOGERR,
298	/*mrie*/0x0f,
299	/*interval_timer*/{0xff, 0xff, 0xff, 0xff},
300	/*report_count*/{0xff, 0xff, 0xff, 0xff}
301};
302
303#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
304
305const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
306	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
307	/*subpage_code*/0x02,
308	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
309	/*flags*/0,
310	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311	/*descr*/{}},
312	{{/*flags*/0,
313	  /*resource*/0x01,
314	  /*reserved*/{0, 0},
315	  /*count*/{0, 0, 0, 0}},
316	 {/*flags*/0,
317	  /*resource*/0x02,
318	  /*reserved*/{0, 0},
319	  /*count*/{0, 0, 0, 0}},
320	 {/*flags*/0,
321	  /*resource*/0xf1,
322	  /*reserved*/{0, 0},
323	  /*count*/{0, 0, 0, 0}},
324	 {/*flags*/0,
325	  /*resource*/0xf2,
326	  /*reserved*/{0, 0},
327	  /*count*/{0, 0, 0, 0}}
328	}
329};
330
331const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
332	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
333	/*subpage_code*/0x02,
334	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
335	/*flags*/SLBPP_SITUA,
336	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
337	/*descr*/{}},
338	{{/*flags*/0,
339	  /*resource*/0,
340	  /*reserved*/{0, 0},
341	  /*count*/{0, 0, 0, 0}},
342	 {/*flags*/0,
343	  /*resource*/0,
344	  /*reserved*/{0, 0},
345	  /*count*/{0, 0, 0, 0}},
346	 {/*flags*/0,
347	  /*resource*/0,
348	  /*reserved*/{0, 0},
349	  /*count*/{0, 0, 0, 0}},
350	 {/*flags*/0,
351	  /*resource*/0,
352	  /*reserved*/{0, 0},
353	  /*count*/{0, 0, 0, 0}}
354	}
355};
356
357const static struct scsi_cddvd_capabilities_page cddvd_page_default = {
358	/*page_code*/SMS_CDDVD_CAPS_PAGE,
359	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
360	/*caps1*/0x3f,
361	/*caps2*/0x00,
362	/*caps3*/0xf0,
363	/*caps4*/0x00,
364	/*caps5*/0x29,
365	/*caps6*/0x00,
366	/*obsolete*/{0, 0},
367	/*nvol_levels*/{0, 0},
368	/*buffer_size*/{8, 0},
369	/*obsolete2*/{0, 0},
370	/*reserved*/0,
371	/*digital*/0,
372	/*obsolete3*/0,
373	/*copy_management*/0,
374	/*reserved2*/0,
375	/*rotation_control*/0,
376	/*cur_write_speed*/0,
377	/*num_speed_descr*/0,
378};
379
380const static struct scsi_cddvd_capabilities_page cddvd_page_changeable = {
381	/*page_code*/SMS_CDDVD_CAPS_PAGE,
382	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
383	/*caps1*/0,
384	/*caps2*/0,
385	/*caps3*/0,
386	/*caps4*/0,
387	/*caps5*/0,
388	/*caps6*/0,
389	/*obsolete*/{0, 0},
390	/*nvol_levels*/{0, 0},
391	/*buffer_size*/{0, 0},
392	/*obsolete2*/{0, 0},
393	/*reserved*/0,
394	/*digital*/0,
395	/*obsolete3*/0,
396	/*copy_management*/0,
397	/*reserved2*/0,
398	/*rotation_control*/0,
399	/*cur_write_speed*/0,
400	/*num_speed_descr*/0,
401};
402
403SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
404static int worker_threads = -1;
405TUNABLE_INT("kern.cam.ctl.worker_threads", &worker_threads);
406SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
407    &worker_threads, 1, "Number of worker threads");
408static int ctl_debug = CTL_DEBUG_NONE;
409TUNABLE_INT("kern.cam.ctl.debug", &ctl_debug);
410SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
411    &ctl_debug, 0, "Enabled debug flags");
412static int ctl_lun_map_size = 1024;
413SYSCTL_INT(_kern_cam_ctl, OID_AUTO, lun_map_size, CTLFLAG_RWTUN,
414    &ctl_lun_map_size, 0, "Size of per-port LUN map (max LUN + 1)");
415
416/*
417 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
418 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
419 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
420 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
421 */
422#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
423
424static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
425				  int param);
426static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
427static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
428static int ctl_init(void);
429void ctl_shutdown(void);
430static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
431static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
432static void ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
433static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
434			      struct ctl_ooa *ooa_hdr,
435			      struct ctl_ooa_entry *kern_entries);
436static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
437		     struct thread *td);
438static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
439			 struct ctl_be_lun *be_lun);
440static int ctl_free_lun(struct ctl_lun *lun);
441static void ctl_create_lun(struct ctl_be_lun *be_lun);
442
443static int ctl_do_mode_select(union ctl_io *io);
444static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
445			   uint64_t res_key, uint64_t sa_res_key,
446			   uint8_t type, uint32_t residx,
447			   struct ctl_scsiio *ctsio,
448			   struct scsi_per_res_out *cdb,
449			   struct scsi_per_res_out_parms* param);
450static void ctl_pro_preempt_other(struct ctl_lun *lun,
451				  union ctl_ha_msg *msg);
452static void ctl_hndl_per_res_out_on_other_sc(union ctl_io *io);
453static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
454static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
455static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
456static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
457static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
458static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
459					 int alloc_len);
460static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
461					 int alloc_len);
462static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
463static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
464static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
465static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
466static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
467static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
468    bool seq);
469static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
470static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
471    union ctl_io *pending_io, union ctl_io *ooa_io);
472static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
473				union ctl_io *starting_io);
474static int ctl_check_blocked(struct ctl_lun *lun);
475static int ctl_scsiio_lun_check(struct ctl_lun *lun,
476				const struct ctl_cmd_entry *entry,
477				struct ctl_scsiio *ctsio);
478static void ctl_failover_lun(union ctl_io *io);
479static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
480			       struct ctl_scsiio *ctsio);
481static int ctl_scsiio(struct ctl_scsiio *ctsio);
482
483static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
484static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
485			    ctl_ua_type ua_type);
486static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
487			 ctl_ua_type ua_type);
488static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
489static int ctl_abort_task(union ctl_io *io);
490static int ctl_abort_task_set(union ctl_io *io);
491static int ctl_query_task(union ctl_io *io, int task_set);
492static int ctl_i_t_nexus_reset(union ctl_io *io);
493static int ctl_query_async_event(union ctl_io *io);
494static void ctl_run_task(union ctl_io *io);
495#ifdef CTL_IO_DELAY
496static void ctl_datamove_timer_wakeup(void *arg);
497static void ctl_done_timer_wakeup(void *arg);
498#endif /* CTL_IO_DELAY */
499
500static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
501static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
502static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
503static void ctl_datamove_remote_write(union ctl_io *io);
504static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
505static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
506static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
507static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
508				    ctl_ha_dt_cb callback);
509static void ctl_datamove_remote_read(union ctl_io *io);
510static void ctl_datamove_remote(union ctl_io *io);
511static void ctl_process_done(union ctl_io *io);
512static void ctl_lun_thread(void *arg);
513static void ctl_thresh_thread(void *arg);
514static void ctl_work_thread(void *arg);
515static void ctl_enqueue_incoming(union ctl_io *io);
516static void ctl_enqueue_rtr(union ctl_io *io);
517static void ctl_enqueue_done(union ctl_io *io);
518static void ctl_enqueue_isc(union ctl_io *io);
519static const struct ctl_cmd_entry *
520    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
521static const struct ctl_cmd_entry *
522    ctl_validate_command(struct ctl_scsiio *ctsio);
523static int ctl_cmd_applicable(uint8_t lun_type,
524    const struct ctl_cmd_entry *entry);
525
526static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
527static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
528static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
529static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
530
531/*
532 * Load the serialization table.  This isn't very pretty, but is probably
533 * the easiest way to do it.
534 */
535#include "ctl_ser_table.c"
536
537/*
538 * We only need to define open, close and ioctl routines for this driver.
539 */
540static struct cdevsw ctl_cdevsw = {
541	.d_version =	D_VERSION,
542	.d_flags =	0,
543	.d_open =	ctl_open,
544	.d_close =	ctl_close,
545	.d_ioctl =	ctl_ioctl,
546	.d_name =	"ctl",
547};
548
549
550MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
551
552static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
553
554static moduledata_t ctl_moduledata = {
555	"ctl",
556	ctl_module_event_handler,
557	NULL
558};
559
560DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
561MODULE_VERSION(ctl, 1);
562
563static struct ctl_frontend ha_frontend =
564{
565	.name = "ha",
566};
567
568static void
569ctl_ha_datamove(union ctl_io *io)
570{
571	struct ctl_lun *lun = CTL_LUN(io);
572	struct ctl_sg_entry *sgl;
573	union ctl_ha_msg msg;
574	uint32_t sg_entries_sent;
575	int do_sg_copy, i, j;
576
577	memset(&msg.dt, 0, sizeof(msg.dt));
578	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
579	msg.hdr.original_sc = io->io_hdr.original_sc;
580	msg.hdr.serializing_sc = io;
581	msg.hdr.nexus = io->io_hdr.nexus;
582	msg.hdr.status = io->io_hdr.status;
583	msg.dt.flags = io->io_hdr.flags;
584
585	/*
586	 * We convert everything into a S/G list here.  We can't
587	 * pass by reference, only by value between controllers.
588	 * So we can't pass a pointer to the S/G list, only as many
589	 * S/G entries as we can fit in here.  If it's possible for
590	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
591	 * then we need to break this up into multiple transfers.
592	 */
593	if (io->scsiio.kern_sg_entries == 0) {
594		msg.dt.kern_sg_entries = 1;
595#if 0
596		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
597			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
598		} else {
599			/* XXX KDM use busdma here! */
600			msg.dt.sg_list[0].addr =
601			    (void *)vtophys(io->scsiio.kern_data_ptr);
602		}
603#else
604		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
605		    ("HA does not support BUS_ADDR"));
606		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
607#endif
608		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
609		do_sg_copy = 0;
610	} else {
611		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
612		do_sg_copy = 1;
613	}
614
615	msg.dt.kern_data_len = io->scsiio.kern_data_len;
616	msg.dt.kern_total_len = io->scsiio.kern_total_len;
617	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
618	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
619	msg.dt.sg_sequence = 0;
620
621	/*
622	 * Loop until we've sent all of the S/G entries.  On the
623	 * other end, we'll recompose these S/G entries into one
624	 * contiguous list before processing.
625	 */
626	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
627	    msg.dt.sg_sequence++) {
628		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
629		    sizeof(msg.dt.sg_list[0])),
630		    msg.dt.kern_sg_entries - sg_entries_sent);
631		if (do_sg_copy != 0) {
632			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
633			for (i = sg_entries_sent, j = 0;
634			     i < msg.dt.cur_sg_entries; i++, j++) {
635#if 0
636				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
637					msg.dt.sg_list[j].addr = sgl[i].addr;
638				} else {
639					/* XXX KDM use busdma here! */
640					msg.dt.sg_list[j].addr =
641					    (void *)vtophys(sgl[i].addr);
642				}
643#else
644				KASSERT((io->io_hdr.flags &
645				    CTL_FLAG_BUS_ADDR) == 0,
646				    ("HA does not support BUS_ADDR"));
647				msg.dt.sg_list[j].addr = sgl[i].addr;
648#endif
649				msg.dt.sg_list[j].len = sgl[i].len;
650			}
651		}
652
653		sg_entries_sent += msg.dt.cur_sg_entries;
654		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
655		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
656		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
657		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
658		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
659			io->io_hdr.port_status = 31341;
660			io->scsiio.be_move_done(io);
661			return;
662		}
663		msg.dt.sent_sg_entries = sg_entries_sent;
664	}
665
666	/*
667	 * Officially handover the request from us to peer.
668	 * If failover has just happened, then we must return error.
669	 * If failover happen just after, then it is not our problem.
670	 */
671	if (lun)
672		mtx_lock(&lun->lun_lock);
673	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
674		if (lun)
675			mtx_unlock(&lun->lun_lock);
676		io->io_hdr.port_status = 31342;
677		io->scsiio.be_move_done(io);
678		return;
679	}
680	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
681	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
682	if (lun)
683		mtx_unlock(&lun->lun_lock);
684}
685
686static void
687ctl_ha_done(union ctl_io *io)
688{
689	union ctl_ha_msg msg;
690
691	if (io->io_hdr.io_type == CTL_IO_SCSI) {
692		memset(&msg, 0, sizeof(msg));
693		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
694		msg.hdr.original_sc = io->io_hdr.original_sc;
695		msg.hdr.nexus = io->io_hdr.nexus;
696		msg.hdr.status = io->io_hdr.status;
697		msg.scsi.scsi_status = io->scsiio.scsi_status;
698		msg.scsi.tag_num = io->scsiio.tag_num;
699		msg.scsi.tag_type = io->scsiio.tag_type;
700		msg.scsi.sense_len = io->scsiio.sense_len;
701		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
702		    io->scsiio.sense_len);
703		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
704		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
705		    msg.scsi.sense_len, M_WAITOK);
706	}
707	ctl_free_io(io);
708}
709
710static void
711ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
712			    union ctl_ha_msg *msg_info)
713{
714	struct ctl_scsiio *ctsio;
715
716	if (msg_info->hdr.original_sc == NULL) {
717		printf("%s: original_sc == NULL!\n", __func__);
718		/* XXX KDM now what? */
719		return;
720	}
721
722	ctsio = &msg_info->hdr.original_sc->scsiio;
723	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
724	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
725	ctsio->io_hdr.status = msg_info->hdr.status;
726	ctsio->scsi_status = msg_info->scsi.scsi_status;
727	ctsio->sense_len = msg_info->scsi.sense_len;
728	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
729	       msg_info->scsi.sense_len);
730	ctl_enqueue_isc((union ctl_io *)ctsio);
731}
732
733static void
734ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
735				union ctl_ha_msg *msg_info)
736{
737	struct ctl_scsiio *ctsio;
738
739	if (msg_info->hdr.serializing_sc == NULL) {
740		printf("%s: serializing_sc == NULL!\n", __func__);
741		/* XXX KDM now what? */
742		return;
743	}
744
745	ctsio = &msg_info->hdr.serializing_sc->scsiio;
746	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
747	ctl_enqueue_isc((union ctl_io *)ctsio);
748}
749
750void
751ctl_isc_announce_lun(struct ctl_lun *lun)
752{
753	struct ctl_softc *softc = lun->ctl_softc;
754	union ctl_ha_msg *msg;
755	struct ctl_ha_msg_lun_pr_key pr_key;
756	int i, k;
757
758	if (softc->ha_link != CTL_HA_LINK_ONLINE)
759		return;
760	mtx_lock(&lun->lun_lock);
761	i = sizeof(msg->lun);
762	if (lun->lun_devid)
763		i += lun->lun_devid->len;
764	i += sizeof(pr_key) * lun->pr_key_count;
765alloc:
766	mtx_unlock(&lun->lun_lock);
767	msg = malloc(i, M_CTL, M_WAITOK);
768	mtx_lock(&lun->lun_lock);
769	k = sizeof(msg->lun);
770	if (lun->lun_devid)
771		k += lun->lun_devid->len;
772	k += sizeof(pr_key) * lun->pr_key_count;
773	if (i < k) {
774		free(msg, M_CTL);
775		i = k;
776		goto alloc;
777	}
778	bzero(&msg->lun, sizeof(msg->lun));
779	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
780	msg->hdr.nexus.targ_lun = lun->lun;
781	msg->hdr.nexus.targ_mapped_lun = lun->lun;
782	msg->lun.flags = lun->flags;
783	msg->lun.pr_generation = lun->pr_generation;
784	msg->lun.pr_res_idx = lun->pr_res_idx;
785	msg->lun.pr_res_type = lun->pr_res_type;
786	msg->lun.pr_key_count = lun->pr_key_count;
787	i = 0;
788	if (lun->lun_devid) {
789		msg->lun.lun_devid_len = lun->lun_devid->len;
790		memcpy(&msg->lun.data[i], lun->lun_devid->data,
791		    msg->lun.lun_devid_len);
792		i += msg->lun.lun_devid_len;
793	}
794	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
795		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
796			continue;
797		pr_key.pr_iid = k;
798		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
799		i += sizeof(pr_key);
800	}
801	mtx_unlock(&lun->lun_lock);
802	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
803	    M_WAITOK);
804	free(msg, M_CTL);
805
806	if (lun->flags & CTL_LUN_PRIMARY_SC) {
807		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
808			ctl_isc_announce_mode(lun, -1,
809			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
810			    lun->mode_pages.index[i].subpage);
811		}
812	}
813}
814
815void
816ctl_isc_announce_port(struct ctl_port *port)
817{
818	struct ctl_softc *softc = port->ctl_softc;
819	union ctl_ha_msg *msg;
820	int i;
821
822	if (port->targ_port < softc->port_min ||
823	    port->targ_port >= softc->port_max ||
824	    softc->ha_link != CTL_HA_LINK_ONLINE)
825		return;
826	i = sizeof(msg->port) + strlen(port->port_name) + 1;
827	if (port->lun_map)
828		i += port->lun_map_size * sizeof(uint32_t);
829	if (port->port_devid)
830		i += port->port_devid->len;
831	if (port->target_devid)
832		i += port->target_devid->len;
833	if (port->init_devid)
834		i += port->init_devid->len;
835	msg = malloc(i, M_CTL, M_WAITOK);
836	bzero(&msg->port, sizeof(msg->port));
837	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
838	msg->hdr.nexus.targ_port = port->targ_port;
839	msg->port.port_type = port->port_type;
840	msg->port.physical_port = port->physical_port;
841	msg->port.virtual_port = port->virtual_port;
842	msg->port.status = port->status;
843	i = 0;
844	msg->port.name_len = sprintf(&msg->port.data[i],
845	    "%d:%s", softc->ha_id, port->port_name) + 1;
846	i += msg->port.name_len;
847	if (port->lun_map) {
848		msg->port.lun_map_len = port->lun_map_size * sizeof(uint32_t);
849		memcpy(&msg->port.data[i], port->lun_map,
850		    msg->port.lun_map_len);
851		i += msg->port.lun_map_len;
852	}
853	if (port->port_devid) {
854		msg->port.port_devid_len = port->port_devid->len;
855		memcpy(&msg->port.data[i], port->port_devid->data,
856		    msg->port.port_devid_len);
857		i += msg->port.port_devid_len;
858	}
859	if (port->target_devid) {
860		msg->port.target_devid_len = port->target_devid->len;
861		memcpy(&msg->port.data[i], port->target_devid->data,
862		    msg->port.target_devid_len);
863		i += msg->port.target_devid_len;
864	}
865	if (port->init_devid) {
866		msg->port.init_devid_len = port->init_devid->len;
867		memcpy(&msg->port.data[i], port->init_devid->data,
868		    msg->port.init_devid_len);
869		i += msg->port.init_devid_len;
870	}
871	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
872	    M_WAITOK);
873	free(msg, M_CTL);
874}
875
876void
877ctl_isc_announce_iid(struct ctl_port *port, int iid)
878{
879	struct ctl_softc *softc = port->ctl_softc;
880	union ctl_ha_msg *msg;
881	int i, l;
882
883	if (port->targ_port < softc->port_min ||
884	    port->targ_port >= softc->port_max ||
885	    softc->ha_link != CTL_HA_LINK_ONLINE)
886		return;
887	mtx_lock(&softc->ctl_lock);
888	i = sizeof(msg->iid);
889	l = 0;
890	if (port->wwpn_iid[iid].name)
891		l = strlen(port->wwpn_iid[iid].name) + 1;
892	i += l;
893	msg = malloc(i, M_CTL, M_NOWAIT);
894	if (msg == NULL) {
895		mtx_unlock(&softc->ctl_lock);
896		return;
897	}
898	bzero(&msg->iid, sizeof(msg->iid));
899	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
900	msg->hdr.nexus.targ_port = port->targ_port;
901	msg->hdr.nexus.initid = iid;
902	msg->iid.in_use = port->wwpn_iid[iid].in_use;
903	msg->iid.name_len = l;
904	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
905	if (port->wwpn_iid[iid].name)
906		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
907	mtx_unlock(&softc->ctl_lock);
908	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
909	free(msg, M_CTL);
910}
911
912void
913ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
914    uint8_t page, uint8_t subpage)
915{
916	struct ctl_softc *softc = lun->ctl_softc;
917	union ctl_ha_msg msg;
918	u_int i;
919
920	if (softc->ha_link != CTL_HA_LINK_ONLINE)
921		return;
922	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
923		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
924		    page && lun->mode_pages.index[i].subpage == subpage)
925			break;
926	}
927	if (i == CTL_NUM_MODE_PAGES)
928		return;
929
930	/* Don't try to replicate pages not present on this device. */
931	if (lun->mode_pages.index[i].page_data == NULL)
932		return;
933
934	bzero(&msg.mode, sizeof(msg.mode));
935	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
936	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
937	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
938	msg.hdr.nexus.targ_lun = lun->lun;
939	msg.hdr.nexus.targ_mapped_lun = lun->lun;
940	msg.mode.page_code = page;
941	msg.mode.subpage = subpage;
942	msg.mode.page_len = lun->mode_pages.index[i].page_len;
943	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
944	    msg.mode.page_len);
945	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
946	    M_WAITOK);
947}
948
949static void
950ctl_isc_ha_link_up(struct ctl_softc *softc)
951{
952	struct ctl_port *port;
953	struct ctl_lun *lun;
954	union ctl_ha_msg msg;
955	int i;
956
957	/* Announce this node parameters to peer for validation. */
958	msg.login.msg_type = CTL_MSG_LOGIN;
959	msg.login.version = CTL_HA_VERSION;
960	msg.login.ha_mode = softc->ha_mode;
961	msg.login.ha_id = softc->ha_id;
962	msg.login.max_luns = CTL_MAX_LUNS;
963	msg.login.max_ports = CTL_MAX_PORTS;
964	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
965	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
966	    M_WAITOK);
967
968	STAILQ_FOREACH(port, &softc->port_list, links) {
969		ctl_isc_announce_port(port);
970		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
971			if (port->wwpn_iid[i].in_use)
972				ctl_isc_announce_iid(port, i);
973		}
974	}
975	STAILQ_FOREACH(lun, &softc->lun_list, links)
976		ctl_isc_announce_lun(lun);
977}
978
979static void
980ctl_isc_ha_link_down(struct ctl_softc *softc)
981{
982	struct ctl_port *port;
983	struct ctl_lun *lun;
984	union ctl_io *io;
985	int i;
986
987	mtx_lock(&softc->ctl_lock);
988	STAILQ_FOREACH(lun, &softc->lun_list, links) {
989		mtx_lock(&lun->lun_lock);
990		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
991			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
992			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
993		}
994		mtx_unlock(&lun->lun_lock);
995
996		mtx_unlock(&softc->ctl_lock);
997		io = ctl_alloc_io(softc->othersc_pool);
998		mtx_lock(&softc->ctl_lock);
999		ctl_zero_io(io);
1000		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
1001		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
1002		ctl_enqueue_isc(io);
1003	}
1004
1005	STAILQ_FOREACH(port, &softc->port_list, links) {
1006		if (port->targ_port >= softc->port_min &&
1007		    port->targ_port < softc->port_max)
1008			continue;
1009		port->status &= ~CTL_PORT_STATUS_ONLINE;
1010		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1011			port->wwpn_iid[i].in_use = 0;
1012			free(port->wwpn_iid[i].name, M_CTL);
1013			port->wwpn_iid[i].name = NULL;
1014		}
1015	}
1016	mtx_unlock(&softc->ctl_lock);
1017}
1018
1019static void
1020ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1021{
1022	struct ctl_lun *lun;
1023	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
1024
1025	mtx_lock(&softc->ctl_lock);
1026	if (msg->hdr.nexus.targ_mapped_lun >= CTL_MAX_LUNS ||
1027	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) == NULL) {
1028		mtx_unlock(&softc->ctl_lock);
1029		return;
1030	}
1031	mtx_lock(&lun->lun_lock);
1032	mtx_unlock(&softc->ctl_lock);
1033	if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES && msg->ua.ua_set)
1034		memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
1035	if (msg->ua.ua_all) {
1036		if (msg->ua.ua_set)
1037			ctl_est_ua_all(lun, iid, msg->ua.ua_type);
1038		else
1039			ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
1040	} else {
1041		if (msg->ua.ua_set)
1042			ctl_est_ua(lun, iid, msg->ua.ua_type);
1043		else
1044			ctl_clr_ua(lun, iid, msg->ua.ua_type);
1045	}
1046	mtx_unlock(&lun->lun_lock);
1047}
1048
1049static void
1050ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1051{
1052	struct ctl_lun *lun;
1053	struct ctl_ha_msg_lun_pr_key pr_key;
1054	int i, k;
1055	ctl_lun_flags oflags;
1056	uint32_t targ_lun;
1057
1058	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1059	mtx_lock(&softc->ctl_lock);
1060	if (targ_lun >= CTL_MAX_LUNS ||
1061	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
1062		mtx_unlock(&softc->ctl_lock);
1063		return;
1064	}
1065	mtx_lock(&lun->lun_lock);
1066	mtx_unlock(&softc->ctl_lock);
1067	if (lun->flags & CTL_LUN_DISABLED) {
1068		mtx_unlock(&lun->lun_lock);
1069		return;
1070	}
1071	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1072	if (msg->lun.lun_devid_len != i || (i > 0 &&
1073	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1074		mtx_unlock(&lun->lun_lock);
1075		printf("%s: Received conflicting HA LUN %d\n",
1076		    __func__, targ_lun);
1077		return;
1078	} else {
1079		/* Record whether peer is primary. */
1080		oflags = lun->flags;
1081		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1082		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1083			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1084		else
1085			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1086		if (oflags != lun->flags)
1087			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1088
1089		/* If peer is primary and we are not -- use data */
1090		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1091		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1092			lun->pr_generation = msg->lun.pr_generation;
1093			lun->pr_res_idx = msg->lun.pr_res_idx;
1094			lun->pr_res_type = msg->lun.pr_res_type;
1095			lun->pr_key_count = msg->lun.pr_key_count;
1096			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1097				ctl_clr_prkey(lun, k);
1098			for (k = 0; k < msg->lun.pr_key_count; k++) {
1099				memcpy(&pr_key, &msg->lun.data[i],
1100				    sizeof(pr_key));
1101				ctl_alloc_prkey(lun, pr_key.pr_iid);
1102				ctl_set_prkey(lun, pr_key.pr_iid,
1103				    pr_key.pr_key);
1104				i += sizeof(pr_key);
1105			}
1106		}
1107
1108		mtx_unlock(&lun->lun_lock);
1109		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1110		    __func__, targ_lun,
1111		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1112		    "primary" : "secondary"));
1113
1114		/* If we are primary but peer doesn't know -- notify */
1115		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1116		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1117			ctl_isc_announce_lun(lun);
1118	}
1119}
1120
1121static void
1122ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1123{
1124	struct ctl_port *port;
1125	struct ctl_lun *lun;
1126	int i, new;
1127
1128	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1129	if (port == NULL) {
1130		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1131		    msg->hdr.nexus.targ_port));
1132		new = 1;
1133		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1134		port->frontend = &ha_frontend;
1135		port->targ_port = msg->hdr.nexus.targ_port;
1136		port->fe_datamove = ctl_ha_datamove;
1137		port->fe_done = ctl_ha_done;
1138	} else if (port->frontend == &ha_frontend) {
1139		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1140		    msg->hdr.nexus.targ_port));
1141		new = 0;
1142	} else {
1143		printf("%s: Received conflicting HA port %d\n",
1144		    __func__, msg->hdr.nexus.targ_port);
1145		return;
1146	}
1147	port->port_type = msg->port.port_type;
1148	port->physical_port = msg->port.physical_port;
1149	port->virtual_port = msg->port.virtual_port;
1150	port->status = msg->port.status;
1151	i = 0;
1152	free(port->port_name, M_CTL);
1153	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1154	    M_CTL);
1155	i += msg->port.name_len;
1156	if (msg->port.lun_map_len != 0) {
1157		if (port->lun_map == NULL ||
1158		    port->lun_map_size * sizeof(uint32_t) <
1159		    msg->port.lun_map_len) {
1160			port->lun_map_size = 0;
1161			free(port->lun_map, M_CTL);
1162			port->lun_map = malloc(msg->port.lun_map_len,
1163			    M_CTL, M_WAITOK);
1164		}
1165		memcpy(port->lun_map, &msg->port.data[i], msg->port.lun_map_len);
1166		port->lun_map_size = msg->port.lun_map_len / sizeof(uint32_t);
1167		i += msg->port.lun_map_len;
1168	} else {
1169		port->lun_map_size = 0;
1170		free(port->lun_map, M_CTL);
1171		port->lun_map = NULL;
1172	}
1173	if (msg->port.port_devid_len != 0) {
1174		if (port->port_devid == NULL ||
1175		    port->port_devid->len < msg->port.port_devid_len) {
1176			free(port->port_devid, M_CTL);
1177			port->port_devid = malloc(sizeof(struct ctl_devid) +
1178			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1179		}
1180		memcpy(port->port_devid->data, &msg->port.data[i],
1181		    msg->port.port_devid_len);
1182		port->port_devid->len = msg->port.port_devid_len;
1183		i += msg->port.port_devid_len;
1184	} else {
1185		free(port->port_devid, M_CTL);
1186		port->port_devid = NULL;
1187	}
1188	if (msg->port.target_devid_len != 0) {
1189		if (port->target_devid == NULL ||
1190		    port->target_devid->len < msg->port.target_devid_len) {
1191			free(port->target_devid, M_CTL);
1192			port->target_devid = malloc(sizeof(struct ctl_devid) +
1193			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1194		}
1195		memcpy(port->target_devid->data, &msg->port.data[i],
1196		    msg->port.target_devid_len);
1197		port->target_devid->len = msg->port.target_devid_len;
1198		i += msg->port.target_devid_len;
1199	} else {
1200		free(port->target_devid, M_CTL);
1201		port->target_devid = NULL;
1202	}
1203	if (msg->port.init_devid_len != 0) {
1204		if (port->init_devid == NULL ||
1205		    port->init_devid->len < msg->port.init_devid_len) {
1206			free(port->init_devid, M_CTL);
1207			port->init_devid = malloc(sizeof(struct ctl_devid) +
1208			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1209		}
1210		memcpy(port->init_devid->data, &msg->port.data[i],
1211		    msg->port.init_devid_len);
1212		port->init_devid->len = msg->port.init_devid_len;
1213		i += msg->port.init_devid_len;
1214	} else {
1215		free(port->init_devid, M_CTL);
1216		port->init_devid = NULL;
1217	}
1218	if (new) {
1219		if (ctl_port_register(port) != 0) {
1220			printf("%s: ctl_port_register() failed with error\n",
1221			    __func__);
1222		}
1223	}
1224	mtx_lock(&softc->ctl_lock);
1225	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1226		if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
1227			continue;
1228		mtx_lock(&lun->lun_lock);
1229		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1230		mtx_unlock(&lun->lun_lock);
1231	}
1232	mtx_unlock(&softc->ctl_lock);
1233}
1234
1235static void
1236ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1237{
1238	struct ctl_port *port;
1239	int iid;
1240
1241	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1242	if (port == NULL) {
1243		printf("%s: Received IID for unknown port %d\n",
1244		    __func__, msg->hdr.nexus.targ_port);
1245		return;
1246	}
1247	iid = msg->hdr.nexus.initid;
1248	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1249	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1250	free(port->wwpn_iid[iid].name, M_CTL);
1251	if (msg->iid.name_len) {
1252		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1253		    msg->iid.name_len, M_CTL);
1254	} else
1255		port->wwpn_iid[iid].name = NULL;
1256}
1257
1258static void
1259ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1260{
1261
1262	if (msg->login.version != CTL_HA_VERSION) {
1263		printf("CTL HA peers have different versions %d != %d\n",
1264		    msg->login.version, CTL_HA_VERSION);
1265		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1266		return;
1267	}
1268	if (msg->login.ha_mode != softc->ha_mode) {
1269		printf("CTL HA peers have different ha_mode %d != %d\n",
1270		    msg->login.ha_mode, softc->ha_mode);
1271		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1272		return;
1273	}
1274	if (msg->login.ha_id == softc->ha_id) {
1275		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1276		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1277		return;
1278	}
1279	if (msg->login.max_luns != CTL_MAX_LUNS ||
1280	    msg->login.max_ports != CTL_MAX_PORTS ||
1281	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1282		printf("CTL HA peers have different limits\n");
1283		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1284		return;
1285	}
1286}
1287
1288static void
1289ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1290{
1291	struct ctl_lun *lun;
1292	u_int i;
1293	uint32_t initidx, targ_lun;
1294
1295	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1296	mtx_lock(&softc->ctl_lock);
1297	if (targ_lun >= CTL_MAX_LUNS ||
1298	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
1299		mtx_unlock(&softc->ctl_lock);
1300		return;
1301	}
1302	mtx_lock(&lun->lun_lock);
1303	mtx_unlock(&softc->ctl_lock);
1304	if (lun->flags & CTL_LUN_DISABLED) {
1305		mtx_unlock(&lun->lun_lock);
1306		return;
1307	}
1308	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1309		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1310		    msg->mode.page_code &&
1311		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1312			break;
1313	}
1314	if (i == CTL_NUM_MODE_PAGES) {
1315		mtx_unlock(&lun->lun_lock);
1316		return;
1317	}
1318	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1319	    lun->mode_pages.index[i].page_len);
1320	initidx = ctl_get_initindex(&msg->hdr.nexus);
1321	if (initidx != -1)
1322		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1323	mtx_unlock(&lun->lun_lock);
1324}
1325
1326/*
1327 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1328 * subsystem come in here.
1329 */
1330static void
1331ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1332{
1333	struct ctl_softc *softc = control_softc;
1334	union ctl_io *io;
1335	struct ctl_prio *presio;
1336	ctl_ha_status isc_status;
1337
1338	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1339	if (event == CTL_HA_EVT_MSG_RECV) {
1340		union ctl_ha_msg *msg, msgbuf;
1341
1342		if (param > sizeof(msgbuf))
1343			msg = malloc(param, M_CTL, M_WAITOK);
1344		else
1345			msg = &msgbuf;
1346		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1347		    M_WAITOK);
1348		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1349			printf("%s: Error receiving message: %d\n",
1350			    __func__, isc_status);
1351			if (msg != &msgbuf)
1352				free(msg, M_CTL);
1353			return;
1354		}
1355
1356		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1357		switch (msg->hdr.msg_type) {
1358		case CTL_MSG_SERIALIZE:
1359			io = ctl_alloc_io(softc->othersc_pool);
1360			ctl_zero_io(io);
1361			// populate ctsio from msg
1362			io->io_hdr.io_type = CTL_IO_SCSI;
1363			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1364			io->io_hdr.original_sc = msg->hdr.original_sc;
1365			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1366					    CTL_FLAG_IO_ACTIVE;
1367			/*
1368			 * If we're in serialization-only mode, we don't
1369			 * want to go through full done processing.  Thus
1370			 * the COPY flag.
1371			 *
1372			 * XXX KDM add another flag that is more specific.
1373			 */
1374			if (softc->ha_mode != CTL_HA_MODE_XFER)
1375				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1376			io->io_hdr.nexus = msg->hdr.nexus;
1377#if 0
1378			printf("port %u, iid %u, lun %u\n",
1379			       io->io_hdr.nexus.targ_port,
1380			       io->io_hdr.nexus.initid,
1381			       io->io_hdr.nexus.targ_lun);
1382#endif
1383			io->scsiio.tag_num = msg->scsi.tag_num;
1384			io->scsiio.tag_type = msg->scsi.tag_type;
1385#ifdef CTL_TIME_IO
1386			io->io_hdr.start_time = time_uptime;
1387			getbinuptime(&io->io_hdr.start_bt);
1388#endif /* CTL_TIME_IO */
1389			io->scsiio.cdb_len = msg->scsi.cdb_len;
1390			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1391			       CTL_MAX_CDBLEN);
1392			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1393				const struct ctl_cmd_entry *entry;
1394
1395				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1396				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1397				io->io_hdr.flags |=
1398					entry->flags & CTL_FLAG_DATA_MASK;
1399			}
1400			ctl_enqueue_isc(io);
1401			break;
1402
1403		/* Performed on the Originating SC, XFER mode only */
1404		case CTL_MSG_DATAMOVE: {
1405			struct ctl_sg_entry *sgl;
1406			int i, j;
1407
1408			io = msg->hdr.original_sc;
1409			if (io == NULL) {
1410				printf("%s: original_sc == NULL!\n", __func__);
1411				/* XXX KDM do something here */
1412				break;
1413			}
1414			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1415			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1416			/*
1417			 * Keep track of this, we need to send it back over
1418			 * when the datamove is complete.
1419			 */
1420			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1421			if (msg->hdr.status == CTL_SUCCESS)
1422				io->io_hdr.status = msg->hdr.status;
1423
1424			if (msg->dt.sg_sequence == 0) {
1425#ifdef CTL_TIME_IO
1426				getbinuptime(&io->io_hdr.dma_start_bt);
1427#endif
1428				i = msg->dt.kern_sg_entries +
1429				    msg->dt.kern_data_len /
1430				    CTL_HA_DATAMOVE_SEGMENT + 1;
1431				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1432				    M_WAITOK | M_ZERO);
1433				io->io_hdr.remote_sglist = sgl;
1434				io->io_hdr.local_sglist =
1435				    &sgl[msg->dt.kern_sg_entries];
1436
1437				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1438
1439				io->scsiio.kern_sg_entries =
1440					msg->dt.kern_sg_entries;
1441				io->scsiio.rem_sg_entries =
1442					msg->dt.kern_sg_entries;
1443				io->scsiio.kern_data_len =
1444					msg->dt.kern_data_len;
1445				io->scsiio.kern_total_len =
1446					msg->dt.kern_total_len;
1447				io->scsiio.kern_data_resid =
1448					msg->dt.kern_data_resid;
1449				io->scsiio.kern_rel_offset =
1450					msg->dt.kern_rel_offset;
1451				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1452				io->io_hdr.flags |= msg->dt.flags &
1453				    CTL_FLAG_BUS_ADDR;
1454			} else
1455				sgl = (struct ctl_sg_entry *)
1456					io->scsiio.kern_data_ptr;
1457
1458			for (i = msg->dt.sent_sg_entries, j = 0;
1459			     i < (msg->dt.sent_sg_entries +
1460			     msg->dt.cur_sg_entries); i++, j++) {
1461				sgl[i].addr = msg->dt.sg_list[j].addr;
1462				sgl[i].len = msg->dt.sg_list[j].len;
1463
1464#if 0
1465				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1466				    __func__, sgl[i].addr, sgl[i].len, j, i);
1467#endif
1468			}
1469
1470			/*
1471			 * If this is the last piece of the I/O, we've got
1472			 * the full S/G list.  Queue processing in the thread.
1473			 * Otherwise wait for the next piece.
1474			 */
1475			if (msg->dt.sg_last != 0)
1476				ctl_enqueue_isc(io);
1477			break;
1478		}
1479		/* Performed on the Serializing (primary) SC, XFER mode only */
1480		case CTL_MSG_DATAMOVE_DONE: {
1481			if (msg->hdr.serializing_sc == NULL) {
1482				printf("%s: serializing_sc == NULL!\n",
1483				       __func__);
1484				/* XXX KDM now what? */
1485				break;
1486			}
1487			/*
1488			 * We grab the sense information here in case
1489			 * there was a failure, so we can return status
1490			 * back to the initiator.
1491			 */
1492			io = msg->hdr.serializing_sc;
1493			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1494			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1495			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1496			io->io_hdr.port_status = msg->scsi.port_status;
1497			io->scsiio.kern_data_resid = msg->scsi.kern_data_resid;
1498			if (msg->hdr.status != CTL_STATUS_NONE) {
1499				io->io_hdr.status = msg->hdr.status;
1500				io->scsiio.scsi_status = msg->scsi.scsi_status;
1501				io->scsiio.sense_len = msg->scsi.sense_len;
1502				memcpy(&io->scsiio.sense_data,
1503				    &msg->scsi.sense_data,
1504				    msg->scsi.sense_len);
1505				if (msg->hdr.status == CTL_SUCCESS)
1506					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1507			}
1508			ctl_enqueue_isc(io);
1509			break;
1510		}
1511
1512		/* Preformed on Originating SC, SER_ONLY mode */
1513		case CTL_MSG_R2R:
1514			io = msg->hdr.original_sc;
1515			if (io == NULL) {
1516				printf("%s: original_sc == NULL!\n",
1517				    __func__);
1518				break;
1519			}
1520			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1521			io->io_hdr.msg_type = CTL_MSG_R2R;
1522			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1523			ctl_enqueue_isc(io);
1524			break;
1525
1526		/*
1527		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1528		 * mode.
1529		 * Performed on the Originating (i.e. secondary) SC in XFER
1530		 * mode
1531		 */
1532		case CTL_MSG_FINISH_IO:
1533			if (softc->ha_mode == CTL_HA_MODE_XFER)
1534				ctl_isc_handler_finish_xfer(softc, msg);
1535			else
1536				ctl_isc_handler_finish_ser_only(softc, msg);
1537			break;
1538
1539		/* Preformed on Originating SC */
1540		case CTL_MSG_BAD_JUJU:
1541			io = msg->hdr.original_sc;
1542			if (io == NULL) {
1543				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1544				       __func__);
1545				break;
1546			}
1547			ctl_copy_sense_data(msg, io);
1548			/*
1549			 * IO should have already been cleaned up on other
1550			 * SC so clear this flag so we won't send a message
1551			 * back to finish the IO there.
1552			 */
1553			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1554			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1555
1556			/* io = msg->hdr.serializing_sc; */
1557			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1558			ctl_enqueue_isc(io);
1559			break;
1560
1561		/* Handle resets sent from the other side */
1562		case CTL_MSG_MANAGE_TASKS: {
1563			struct ctl_taskio *taskio;
1564			taskio = (struct ctl_taskio *)ctl_alloc_io(
1565			    softc->othersc_pool);
1566			ctl_zero_io((union ctl_io *)taskio);
1567			taskio->io_hdr.io_type = CTL_IO_TASK;
1568			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1569			taskio->io_hdr.nexus = msg->hdr.nexus;
1570			taskio->task_action = msg->task.task_action;
1571			taskio->tag_num = msg->task.tag_num;
1572			taskio->tag_type = msg->task.tag_type;
1573#ifdef CTL_TIME_IO
1574			taskio->io_hdr.start_time = time_uptime;
1575			getbinuptime(&taskio->io_hdr.start_bt);
1576#endif /* CTL_TIME_IO */
1577			ctl_run_task((union ctl_io *)taskio);
1578			break;
1579		}
1580		/* Persistent Reserve action which needs attention */
1581		case CTL_MSG_PERS_ACTION:
1582			presio = (struct ctl_prio *)ctl_alloc_io(
1583			    softc->othersc_pool);
1584			ctl_zero_io((union ctl_io *)presio);
1585			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1586			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1587			presio->io_hdr.nexus = msg->hdr.nexus;
1588			presio->pr_msg = msg->pr;
1589			ctl_enqueue_isc((union ctl_io *)presio);
1590			break;
1591		case CTL_MSG_UA:
1592			ctl_isc_ua(softc, msg, param);
1593			break;
1594		case CTL_MSG_PORT_SYNC:
1595			ctl_isc_port_sync(softc, msg, param);
1596			break;
1597		case CTL_MSG_LUN_SYNC:
1598			ctl_isc_lun_sync(softc, msg, param);
1599			break;
1600		case CTL_MSG_IID_SYNC:
1601			ctl_isc_iid_sync(softc, msg, param);
1602			break;
1603		case CTL_MSG_LOGIN:
1604			ctl_isc_login(softc, msg, param);
1605			break;
1606		case CTL_MSG_MODE_SYNC:
1607			ctl_isc_mode_sync(softc, msg, param);
1608			break;
1609		default:
1610			printf("Received HA message of unknown type %d\n",
1611			    msg->hdr.msg_type);
1612			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1613			break;
1614		}
1615		if (msg != &msgbuf)
1616			free(msg, M_CTL);
1617	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1618		printf("CTL: HA link status changed from %d to %d\n",
1619		    softc->ha_link, param);
1620		if (param == softc->ha_link)
1621			return;
1622		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1623			softc->ha_link = param;
1624			ctl_isc_ha_link_down(softc);
1625		} else {
1626			softc->ha_link = param;
1627			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1628				ctl_isc_ha_link_up(softc);
1629		}
1630		return;
1631	} else {
1632		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1633		return;
1634	}
1635}
1636
1637static void
1638ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1639{
1640
1641	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1642	    src->scsi.sense_len);
1643	dest->scsiio.scsi_status = src->scsi.scsi_status;
1644	dest->scsiio.sense_len = src->scsi.sense_len;
1645	dest->io_hdr.status = src->hdr.status;
1646}
1647
1648static void
1649ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1650{
1651
1652	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1653	    src->scsiio.sense_len);
1654	dest->scsi.scsi_status = src->scsiio.scsi_status;
1655	dest->scsi.sense_len = src->scsiio.sense_len;
1656	dest->hdr.status = src->io_hdr.status;
1657}
1658
1659void
1660ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1661{
1662	struct ctl_softc *softc = lun->ctl_softc;
1663	ctl_ua_type *pu;
1664
1665	if (initidx < softc->init_min || initidx >= softc->init_max)
1666		return;
1667	mtx_assert(&lun->lun_lock, MA_OWNED);
1668	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1669	if (pu == NULL)
1670		return;
1671	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1672}
1673
1674void
1675ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1676{
1677	int i;
1678
1679	mtx_assert(&lun->lun_lock, MA_OWNED);
1680	if (lun->pending_ua[port] == NULL)
1681		return;
1682	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1683		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1684			continue;
1685		lun->pending_ua[port][i] |= ua;
1686	}
1687}
1688
1689void
1690ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1691{
1692	struct ctl_softc *softc = lun->ctl_softc;
1693	int i;
1694
1695	mtx_assert(&lun->lun_lock, MA_OWNED);
1696	for (i = softc->port_min; i < softc->port_max; i++)
1697		ctl_est_ua_port(lun, i, except, ua);
1698}
1699
1700void
1701ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1702{
1703	struct ctl_softc *softc = lun->ctl_softc;
1704	ctl_ua_type *pu;
1705
1706	if (initidx < softc->init_min || initidx >= softc->init_max)
1707		return;
1708	mtx_assert(&lun->lun_lock, MA_OWNED);
1709	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1710	if (pu == NULL)
1711		return;
1712	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1713}
1714
1715void
1716ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1717{
1718	struct ctl_softc *softc = lun->ctl_softc;
1719	int i, j;
1720
1721	mtx_assert(&lun->lun_lock, MA_OWNED);
1722	for (i = softc->port_min; i < softc->port_max; i++) {
1723		if (lun->pending_ua[i] == NULL)
1724			continue;
1725		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1726			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1727				continue;
1728			lun->pending_ua[i][j] &= ~ua;
1729		}
1730	}
1731}
1732
1733void
1734ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1735    ctl_ua_type ua_type)
1736{
1737	struct ctl_lun *lun;
1738
1739	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1740	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1741		mtx_lock(&lun->lun_lock);
1742		ctl_clr_ua(lun, initidx, ua_type);
1743		mtx_unlock(&lun->lun_lock);
1744	}
1745}
1746
1747static int
1748ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1749{
1750	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1751	struct ctl_lun *lun;
1752	struct ctl_lun_req ireq;
1753	int error, value;
1754
1755	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1756	error = sysctl_handle_int(oidp, &value, 0, req);
1757	if ((error != 0) || (req->newptr == NULL))
1758		return (error);
1759
1760	mtx_lock(&softc->ctl_lock);
1761	if (value == 0)
1762		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1763	else
1764		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1765	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1766		mtx_unlock(&softc->ctl_lock);
1767		bzero(&ireq, sizeof(ireq));
1768		ireq.reqtype = CTL_LUNREQ_MODIFY;
1769		ireq.reqdata.modify.lun_id = lun->lun;
1770		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1771		    curthread);
1772		if (ireq.status != CTL_LUN_OK) {
1773			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1774			    __func__, ireq.status, ireq.error_str);
1775		}
1776		mtx_lock(&softc->ctl_lock);
1777	}
1778	mtx_unlock(&softc->ctl_lock);
1779	return (0);
1780}
1781
1782static int
1783ctl_init(void)
1784{
1785	struct make_dev_args args;
1786	struct ctl_softc *softc;
1787	void *other_pool;
1788	int i, error;
1789
1790	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1791			       M_WAITOK | M_ZERO);
1792
1793	make_dev_args_init(&args);
1794	args.mda_devsw = &ctl_cdevsw;
1795	args.mda_uid = UID_ROOT;
1796	args.mda_gid = GID_OPERATOR;
1797	args.mda_mode = 0600;
1798	args.mda_si_drv1 = softc;
1799	error = make_dev_s(&args, &softc->dev, "cam/ctl");
1800	if (error != 0) {
1801		free(softc, M_DEVBUF);
1802		control_softc = NULL;
1803		return (error);
1804	}
1805
1806	sysctl_ctx_init(&softc->sysctl_ctx);
1807	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1808		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1809		CTLFLAG_RD, 0, "CAM Target Layer");
1810
1811	if (softc->sysctl_tree == NULL) {
1812		printf("%s: unable to allocate sysctl tree\n", __func__);
1813		destroy_dev(softc->dev);
1814		free(softc, M_DEVBUF);
1815		control_softc = NULL;
1816		return (ENOMEM);
1817	}
1818
1819	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1820	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1821	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1822	softc->flags = 0;
1823
1824	TUNABLE_INT_FETCH("kern.cam.ctl.ha_mode", (int *)&softc->ha_mode);
1825	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1826	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1827	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1828
1829	/*
1830	 * In Copan's HA scheme, the "master" and "slave" roles are
1831	 * figured out through the slot the controller is in.  Although it
1832	 * is an active/active system, someone has to be in charge.
1833	 */
1834	TUNABLE_INT_FETCH("kern.cam.ctl.ha_id", &softc->ha_id);
1835	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1836	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1837	    "HA head ID (0 - no HA)");
1838	if (softc->ha_id == 0 || softc->ha_id > NUM_HA_SHELVES) {
1839		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1840		softc->is_single = 1;
1841		softc->port_cnt = CTL_MAX_PORTS;
1842		softc->port_min = 0;
1843	} else {
1844		softc->port_cnt = CTL_MAX_PORTS / NUM_HA_SHELVES;
1845		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1846	}
1847	softc->port_max = softc->port_min + softc->port_cnt;
1848	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1849	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1850
1851	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1852	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1853	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1854
1855	STAILQ_INIT(&softc->lun_list);
1856	STAILQ_INIT(&softc->pending_lun_queue);
1857	STAILQ_INIT(&softc->fe_list);
1858	STAILQ_INIT(&softc->port_list);
1859	STAILQ_INIT(&softc->be_list);
1860	ctl_tpc_init(softc);
1861
1862	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1863	                    &other_pool) != 0)
1864	{
1865		printf("ctl: can't allocate %d entry other SC pool, "
1866		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1867		return (ENOMEM);
1868	}
1869	softc->othersc_pool = other_pool;
1870
1871	if (worker_threads <= 0)
1872		worker_threads = max(1, mp_ncpus / 4);
1873	if (worker_threads > CTL_MAX_THREADS)
1874		worker_threads = CTL_MAX_THREADS;
1875
1876	for (i = 0; i < worker_threads; i++) {
1877		struct ctl_thread *thr = &softc->threads[i];
1878
1879		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1880		thr->ctl_softc = softc;
1881		STAILQ_INIT(&thr->incoming_queue);
1882		STAILQ_INIT(&thr->rtr_queue);
1883		STAILQ_INIT(&thr->done_queue);
1884		STAILQ_INIT(&thr->isc_queue);
1885
1886		error = kproc_kthread_add(ctl_work_thread, thr,
1887		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1888		if (error != 0) {
1889			printf("error creating CTL work thread!\n");
1890			ctl_pool_free(other_pool);
1891			return (error);
1892		}
1893	}
1894	error = kproc_kthread_add(ctl_lun_thread, softc,
1895	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1896	if (error != 0) {
1897		printf("error creating CTL lun thread!\n");
1898		ctl_pool_free(other_pool);
1899		return (error);
1900	}
1901	error = kproc_kthread_add(ctl_thresh_thread, softc,
1902	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1903	if (error != 0) {
1904		printf("error creating CTL threshold thread!\n");
1905		ctl_pool_free(other_pool);
1906		return (error);
1907	}
1908
1909	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1910	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1911	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1912
1913	if (softc->is_single == 0) {
1914		ctl_frontend_register(&ha_frontend);
1915		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1916			printf("ctl_init: ctl_ha_msg_init failed.\n");
1917			softc->is_single = 1;
1918		} else
1919		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1920		    != CTL_HA_STATUS_SUCCESS) {
1921			printf("ctl_init: ctl_ha_msg_register failed.\n");
1922			softc->is_single = 1;
1923		}
1924	}
1925	return (0);
1926}
1927
1928void
1929ctl_shutdown(void)
1930{
1931	struct ctl_softc *softc = control_softc;
1932	struct ctl_lun *lun, *next_lun;
1933
1934	if (softc->is_single == 0) {
1935		ctl_ha_msg_shutdown(softc);
1936		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1937		    != CTL_HA_STATUS_SUCCESS)
1938			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1939		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1940			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1941		ctl_frontend_deregister(&ha_frontend);
1942	}
1943
1944	mtx_lock(&softc->ctl_lock);
1945
1946	STAILQ_FOREACH_SAFE(lun, &softc->lun_list, links, next_lun)
1947		ctl_free_lun(lun);
1948
1949	mtx_unlock(&softc->ctl_lock);
1950
1951#if 0
1952	ctl_shutdown_thread(softc->work_thread);
1953	mtx_destroy(&softc->queue_lock);
1954#endif
1955
1956	ctl_tpc_shutdown(softc);
1957	uma_zdestroy(softc->io_zone);
1958	mtx_destroy(&softc->ctl_lock);
1959
1960	destroy_dev(softc->dev);
1961
1962	sysctl_ctx_free(&softc->sysctl_ctx);
1963
1964	free(softc, M_DEVBUF);
1965	control_softc = NULL;
1966}
1967
1968static int
1969ctl_module_event_handler(module_t mod, int what, void *arg)
1970{
1971
1972	switch (what) {
1973	case MOD_LOAD:
1974		return (ctl_init());
1975	case MOD_UNLOAD:
1976		return (EBUSY);
1977	default:
1978		return (EOPNOTSUPP);
1979	}
1980}
1981
1982/*
1983 * XXX KDM should we do some access checks here?  Bump a reference count to
1984 * prevent a CTL module from being unloaded while someone has it open?
1985 */
1986static int
1987ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1988{
1989	return (0);
1990}
1991
1992static int
1993ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1994{
1995	return (0);
1996}
1997
1998/*
1999 * Remove an initiator by port number and initiator ID.
2000 * Returns 0 for success, -1 for failure.
2001 */
2002int
2003ctl_remove_initiator(struct ctl_port *port, int iid)
2004{
2005	struct ctl_softc *softc = port->ctl_softc;
2006
2007	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2008
2009	if (iid > CTL_MAX_INIT_PER_PORT) {
2010		printf("%s: initiator ID %u > maximun %u!\n",
2011		       __func__, iid, CTL_MAX_INIT_PER_PORT);
2012		return (-1);
2013	}
2014
2015	mtx_lock(&softc->ctl_lock);
2016	port->wwpn_iid[iid].in_use--;
2017	port->wwpn_iid[iid].last_use = time_uptime;
2018	mtx_unlock(&softc->ctl_lock);
2019	ctl_isc_announce_iid(port, iid);
2020
2021	return (0);
2022}
2023
2024/*
2025 * Add an initiator to the initiator map.
2026 * Returns iid for success, < 0 for failure.
2027 */
2028int
2029ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
2030{
2031	struct ctl_softc *softc = port->ctl_softc;
2032	time_t best_time;
2033	int i, best;
2034
2035	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2036
2037	if (iid >= CTL_MAX_INIT_PER_PORT) {
2038		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
2039		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
2040		free(name, M_CTL);
2041		return (-1);
2042	}
2043
2044	mtx_lock(&softc->ctl_lock);
2045
2046	if (iid < 0 && (wwpn != 0 || name != NULL)) {
2047		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2048			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
2049				iid = i;
2050				break;
2051			}
2052			if (name != NULL && port->wwpn_iid[i].name != NULL &&
2053			    strcmp(name, port->wwpn_iid[i].name) == 0) {
2054				iid = i;
2055				break;
2056			}
2057		}
2058	}
2059
2060	if (iid < 0) {
2061		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2062			if (port->wwpn_iid[i].in_use == 0 &&
2063			    port->wwpn_iid[i].wwpn == 0 &&
2064			    port->wwpn_iid[i].name == NULL) {
2065				iid = i;
2066				break;
2067			}
2068		}
2069	}
2070
2071	if (iid < 0) {
2072		best = -1;
2073		best_time = INT32_MAX;
2074		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2075			if (port->wwpn_iid[i].in_use == 0) {
2076				if (port->wwpn_iid[i].last_use < best_time) {
2077					best = i;
2078					best_time = port->wwpn_iid[i].last_use;
2079				}
2080			}
2081		}
2082		iid = best;
2083	}
2084
2085	if (iid < 0) {
2086		mtx_unlock(&softc->ctl_lock);
2087		free(name, M_CTL);
2088		return (-2);
2089	}
2090
2091	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2092		/*
2093		 * This is not an error yet.
2094		 */
2095		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2096#if 0
2097			printf("%s: port %d iid %u WWPN %#jx arrived"
2098			    " again\n", __func__, port->targ_port,
2099			    iid, (uintmax_t)wwpn);
2100#endif
2101			goto take;
2102		}
2103		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2104		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2105#if 0
2106			printf("%s: port %d iid %u name '%s' arrived"
2107			    " again\n", __func__, port->targ_port,
2108			    iid, name);
2109#endif
2110			goto take;
2111		}
2112
2113		/*
2114		 * This is an error, but what do we do about it?  The
2115		 * driver is telling us we have a new WWPN for this
2116		 * initiator ID, so we pretty much need to use it.
2117		 */
2118		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2119		    " but WWPN %#jx '%s' is still at that address\n",
2120		    __func__, port->targ_port, iid, wwpn, name,
2121		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2122		    port->wwpn_iid[iid].name);
2123
2124		/*
2125		 * XXX KDM clear have_ca and ua_pending on each LUN for
2126		 * this initiator.
2127		 */
2128	}
2129take:
2130	free(port->wwpn_iid[iid].name, M_CTL);
2131	port->wwpn_iid[iid].name = name;
2132	port->wwpn_iid[iid].wwpn = wwpn;
2133	port->wwpn_iid[iid].in_use++;
2134	mtx_unlock(&softc->ctl_lock);
2135	ctl_isc_announce_iid(port, iid);
2136
2137	return (iid);
2138}
2139
2140static int
2141ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2142{
2143	int len;
2144
2145	switch (port->port_type) {
2146	case CTL_PORT_FC:
2147	{
2148		struct scsi_transportid_fcp *id =
2149		    (struct scsi_transportid_fcp *)buf;
2150		if (port->wwpn_iid[iid].wwpn == 0)
2151			return (0);
2152		memset(id, 0, sizeof(*id));
2153		id->format_protocol = SCSI_PROTO_FC;
2154		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2155		return (sizeof(*id));
2156	}
2157	case CTL_PORT_ISCSI:
2158	{
2159		struct scsi_transportid_iscsi_port *id =
2160		    (struct scsi_transportid_iscsi_port *)buf;
2161		if (port->wwpn_iid[iid].name == NULL)
2162			return (0);
2163		memset(id, 0, 256);
2164		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2165		    SCSI_PROTO_ISCSI;
2166		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2167		len = roundup2(min(len, 252), 4);
2168		scsi_ulto2b(len, id->additional_length);
2169		return (sizeof(*id) + len);
2170	}
2171	case CTL_PORT_SAS:
2172	{
2173		struct scsi_transportid_sas *id =
2174		    (struct scsi_transportid_sas *)buf;
2175		if (port->wwpn_iid[iid].wwpn == 0)
2176			return (0);
2177		memset(id, 0, sizeof(*id));
2178		id->format_protocol = SCSI_PROTO_SAS;
2179		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2180		return (sizeof(*id));
2181	}
2182	default:
2183	{
2184		struct scsi_transportid_spi *id =
2185		    (struct scsi_transportid_spi *)buf;
2186		memset(id, 0, sizeof(*id));
2187		id->format_protocol = SCSI_PROTO_SPI;
2188		scsi_ulto2b(iid, id->scsi_addr);
2189		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2190		return (sizeof(*id));
2191	}
2192	}
2193}
2194
2195/*
2196 * Serialize a command that went down the "wrong" side, and so was sent to
2197 * this controller for execution.  The logic is a little different than the
2198 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2199 * sent back to the other side, but in the success case, we execute the
2200 * command on this side (XFER mode) or tell the other side to execute it
2201 * (SER_ONLY mode).
2202 */
2203static void
2204ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2205{
2206	struct ctl_softc *softc = CTL_SOFTC(ctsio);
2207	struct ctl_port *port = CTL_PORT(ctsio);
2208	union ctl_ha_msg msg_info;
2209	struct ctl_lun *lun;
2210	const struct ctl_cmd_entry *entry;
2211	uint32_t targ_lun;
2212
2213	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2214
2215	/* Make sure that we know about this port. */
2216	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2217		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2218					 /*retry_count*/ 1);
2219		goto badjuju;
2220	}
2221
2222	/* Make sure that we know about this LUN. */
2223	mtx_lock(&softc->ctl_lock);
2224	if (targ_lun >= CTL_MAX_LUNS ||
2225	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
2226		mtx_unlock(&softc->ctl_lock);
2227
2228		/*
2229		 * The other node would not send this request to us unless
2230		 * received announce that we are primary node for this LUN.
2231		 * If this LUN does not exist now, it is probably result of
2232		 * a race, so respond to initiator in the most opaque way.
2233		 */
2234		ctl_set_busy(ctsio);
2235		goto badjuju;
2236	}
2237	mtx_lock(&lun->lun_lock);
2238	mtx_unlock(&softc->ctl_lock);
2239
2240	/*
2241	 * If the LUN is invalid, pretend that it doesn't exist.
2242	 * It will go away as soon as all pending I/Os completed.
2243	 */
2244	if (lun->flags & CTL_LUN_DISABLED) {
2245		mtx_unlock(&lun->lun_lock);
2246		ctl_set_busy(ctsio);
2247		goto badjuju;
2248	}
2249
2250	entry = ctl_get_cmd_entry(ctsio, NULL);
2251	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2252		mtx_unlock(&lun->lun_lock);
2253		goto badjuju;
2254	}
2255
2256	CTL_LUN(ctsio) = lun;
2257	CTL_BACKEND_LUN(ctsio) = lun->be_lun;
2258
2259	/*
2260	 * Every I/O goes into the OOA queue for a
2261	 * particular LUN, and stays there until completion.
2262	 */
2263#ifdef CTL_TIME_IO
2264	if (TAILQ_EMPTY(&lun->ooa_queue))
2265		lun->idle_time += getsbinuptime() - lun->last_busy;
2266#endif
2267	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2268
2269	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2270		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2271		 ooa_links))) {
2272	case CTL_ACTION_BLOCK:
2273		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2274		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2275				  blocked_links);
2276		mtx_unlock(&lun->lun_lock);
2277		break;
2278	case CTL_ACTION_PASS:
2279	case CTL_ACTION_SKIP:
2280		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2281			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2282			ctl_enqueue_rtr((union ctl_io *)ctsio);
2283			mtx_unlock(&lun->lun_lock);
2284		} else {
2285			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2286			mtx_unlock(&lun->lun_lock);
2287
2288			/* send msg back to other side */
2289			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2290			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2291			msg_info.hdr.msg_type = CTL_MSG_R2R;
2292			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2293			    sizeof(msg_info.hdr), M_WAITOK);
2294		}
2295		break;
2296	case CTL_ACTION_OVERLAP:
2297		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2298		mtx_unlock(&lun->lun_lock);
2299		ctl_set_overlapped_cmd(ctsio);
2300		goto badjuju;
2301	case CTL_ACTION_OVERLAP_TAG:
2302		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2303		mtx_unlock(&lun->lun_lock);
2304		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2305		goto badjuju;
2306	case CTL_ACTION_ERROR:
2307	default:
2308		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2309		mtx_unlock(&lun->lun_lock);
2310
2311		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2312					 /*retry_count*/ 0);
2313badjuju:
2314		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2315		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2316		msg_info.hdr.serializing_sc = NULL;
2317		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2318		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2319		    sizeof(msg_info.scsi), M_WAITOK);
2320		ctl_free_io((union ctl_io *)ctsio);
2321		break;
2322	}
2323}
2324
2325/*
2326 * Returns 0 for success, errno for failure.
2327 */
2328static void
2329ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2330		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2331{
2332	union ctl_io *io;
2333
2334	mtx_lock(&lun->lun_lock);
2335	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2336	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2337	     ooa_links)) {
2338		struct ctl_ooa_entry *entry;
2339
2340		/*
2341		 * If we've got more than we can fit, just count the
2342		 * remaining entries.
2343		 */
2344		if (*cur_fill_num >= ooa_hdr->alloc_num)
2345			continue;
2346
2347		entry = &kern_entries[*cur_fill_num];
2348
2349		entry->tag_num = io->scsiio.tag_num;
2350		entry->lun_num = lun->lun;
2351#ifdef CTL_TIME_IO
2352		entry->start_bt = io->io_hdr.start_bt;
2353#endif
2354		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2355		entry->cdb_len = io->scsiio.cdb_len;
2356		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2357			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2358
2359		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2360			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2361
2362		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2363			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2364
2365		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2366			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2367
2368		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2369			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2370	}
2371	mtx_unlock(&lun->lun_lock);
2372}
2373
2374static void *
2375ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2376		 size_t error_str_len)
2377{
2378	void *kptr;
2379
2380	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2381
2382	if (copyin(user_addr, kptr, len) != 0) {
2383		snprintf(error_str, error_str_len, "Error copying %d bytes "
2384			 "from user address %p to kernel address %p", len,
2385			 user_addr, kptr);
2386		free(kptr, M_CTL);
2387		return (NULL);
2388	}
2389
2390	return (kptr);
2391}
2392
2393static void
2394ctl_free_args(int num_args, struct ctl_be_arg *args)
2395{
2396	int i;
2397
2398	if (args == NULL)
2399		return;
2400
2401	for (i = 0; i < num_args; i++) {
2402		free(args[i].kname, M_CTL);
2403		free(args[i].kvalue, M_CTL);
2404	}
2405
2406	free(args, M_CTL);
2407}
2408
2409static struct ctl_be_arg *
2410ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2411		char *error_str, size_t error_str_len)
2412{
2413	struct ctl_be_arg *args;
2414	int i;
2415
2416	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2417				error_str, error_str_len);
2418
2419	if (args == NULL)
2420		goto bailout;
2421
2422	for (i = 0; i < num_args; i++) {
2423		args[i].kname = NULL;
2424		args[i].kvalue = NULL;
2425	}
2426
2427	for (i = 0; i < num_args; i++) {
2428		uint8_t *tmpptr;
2429
2430		args[i].kname = ctl_copyin_alloc(args[i].name,
2431			args[i].namelen, error_str, error_str_len);
2432		if (args[i].kname == NULL)
2433			goto bailout;
2434
2435		if (args[i].kname[args[i].namelen - 1] != '\0') {
2436			snprintf(error_str, error_str_len, "Argument %d "
2437				 "name is not NUL-terminated", i);
2438			goto bailout;
2439		}
2440
2441		if (args[i].flags & CTL_BEARG_RD) {
2442			tmpptr = ctl_copyin_alloc(args[i].value,
2443				args[i].vallen, error_str, error_str_len);
2444			if (tmpptr == NULL)
2445				goto bailout;
2446			if ((args[i].flags & CTL_BEARG_ASCII)
2447			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2448				snprintf(error_str, error_str_len, "Argument "
2449				    "%d value is not NUL-terminated", i);
2450				free(tmpptr, M_CTL);
2451				goto bailout;
2452			}
2453			args[i].kvalue = tmpptr;
2454		} else {
2455			args[i].kvalue = malloc(args[i].vallen,
2456			    M_CTL, M_WAITOK | M_ZERO);
2457		}
2458	}
2459
2460	return (args);
2461bailout:
2462
2463	ctl_free_args(num_args, args);
2464
2465	return (NULL);
2466}
2467
2468static void
2469ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2470{
2471	int i;
2472
2473	for (i = 0; i < num_args; i++) {
2474		if (args[i].flags & CTL_BEARG_WR)
2475			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2476	}
2477}
2478
2479/*
2480 * Escape characters that are illegal or not recommended in XML.
2481 */
2482int
2483ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2484{
2485	char *end = str + size;
2486	int retval;
2487
2488	retval = 0;
2489
2490	for (; *str && str < end; str++) {
2491		switch (*str) {
2492		case '&':
2493			retval = sbuf_printf(sb, "&amp;");
2494			break;
2495		case '>':
2496			retval = sbuf_printf(sb, "&gt;");
2497			break;
2498		case '<':
2499			retval = sbuf_printf(sb, "&lt;");
2500			break;
2501		default:
2502			retval = sbuf_putc(sb, *str);
2503			break;
2504		}
2505
2506		if (retval != 0)
2507			break;
2508
2509	}
2510
2511	return (retval);
2512}
2513
2514static void
2515ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2516{
2517	struct scsi_vpd_id_descriptor *desc;
2518	int i;
2519
2520	if (id == NULL || id->len < 4)
2521		return;
2522	desc = (struct scsi_vpd_id_descriptor *)id->data;
2523	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2524	case SVPD_ID_TYPE_T10:
2525		sbuf_printf(sb, "t10.");
2526		break;
2527	case SVPD_ID_TYPE_EUI64:
2528		sbuf_printf(sb, "eui.");
2529		break;
2530	case SVPD_ID_TYPE_NAA:
2531		sbuf_printf(sb, "naa.");
2532		break;
2533	case SVPD_ID_TYPE_SCSI_NAME:
2534		break;
2535	}
2536	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2537	case SVPD_ID_CODESET_BINARY:
2538		for (i = 0; i < desc->length; i++)
2539			sbuf_printf(sb, "%02x", desc->identifier[i]);
2540		break;
2541	case SVPD_ID_CODESET_ASCII:
2542		sbuf_printf(sb, "%.*s", (int)desc->length,
2543		    (char *)desc->identifier);
2544		break;
2545	case SVPD_ID_CODESET_UTF8:
2546		sbuf_printf(sb, "%s", (char *)desc->identifier);
2547		break;
2548	}
2549}
2550
2551static int
2552ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2553	  struct thread *td)
2554{
2555	struct ctl_softc *softc = dev->si_drv1;
2556	struct ctl_port *port;
2557	struct ctl_lun *lun;
2558	int retval;
2559
2560	retval = 0;
2561
2562	switch (cmd) {
2563	case CTL_IO:
2564		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2565		break;
2566	case CTL_ENABLE_PORT:
2567	case CTL_DISABLE_PORT:
2568	case CTL_SET_PORT_WWNS: {
2569		struct ctl_port *port;
2570		struct ctl_port_entry *entry;
2571
2572		entry = (struct ctl_port_entry *)addr;
2573
2574		mtx_lock(&softc->ctl_lock);
2575		STAILQ_FOREACH(port, &softc->port_list, links) {
2576			int action, done;
2577
2578			if (port->targ_port < softc->port_min ||
2579			    port->targ_port >= softc->port_max)
2580				continue;
2581
2582			action = 0;
2583			done = 0;
2584			if ((entry->port_type == CTL_PORT_NONE)
2585			 && (entry->targ_port == port->targ_port)) {
2586				/*
2587				 * If the user only wants to enable or
2588				 * disable or set WWNs on a specific port,
2589				 * do the operation and we're done.
2590				 */
2591				action = 1;
2592				done = 1;
2593			} else if (entry->port_type & port->port_type) {
2594				/*
2595				 * Compare the user's type mask with the
2596				 * particular frontend type to see if we
2597				 * have a match.
2598				 */
2599				action = 1;
2600				done = 0;
2601
2602				/*
2603				 * Make sure the user isn't trying to set
2604				 * WWNs on multiple ports at the same time.
2605				 */
2606				if (cmd == CTL_SET_PORT_WWNS) {
2607					printf("%s: Can't set WWNs on "
2608					       "multiple ports\n", __func__);
2609					retval = EINVAL;
2610					break;
2611				}
2612			}
2613			if (action == 0)
2614				continue;
2615
2616			/*
2617			 * XXX KDM we have to drop the lock here, because
2618			 * the online/offline operations can potentially
2619			 * block.  We need to reference count the frontends
2620			 * so they can't go away,
2621			 */
2622			if (cmd == CTL_ENABLE_PORT) {
2623				mtx_unlock(&softc->ctl_lock);
2624				ctl_port_online(port);
2625				mtx_lock(&softc->ctl_lock);
2626			} else if (cmd == CTL_DISABLE_PORT) {
2627				mtx_unlock(&softc->ctl_lock);
2628				ctl_port_offline(port);
2629				mtx_lock(&softc->ctl_lock);
2630			} else if (cmd == CTL_SET_PORT_WWNS) {
2631				ctl_port_set_wwns(port,
2632				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2633				    1 : 0, entry->wwnn,
2634				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2635				    1 : 0, entry->wwpn);
2636			}
2637			if (done != 0)
2638				break;
2639		}
2640		mtx_unlock(&softc->ctl_lock);
2641		break;
2642	}
2643	case CTL_GET_OOA: {
2644		struct ctl_ooa *ooa_hdr;
2645		struct ctl_ooa_entry *entries;
2646		uint32_t cur_fill_num;
2647
2648		ooa_hdr = (struct ctl_ooa *)addr;
2649
2650		if ((ooa_hdr->alloc_len == 0)
2651		 || (ooa_hdr->alloc_num == 0)) {
2652			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2653			       "must be non-zero\n", __func__,
2654			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2655			retval = EINVAL;
2656			break;
2657		}
2658
2659		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2660		    sizeof(struct ctl_ooa_entry))) {
2661			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2662			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2663			       __func__, ooa_hdr->alloc_len,
2664			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2665			retval = EINVAL;
2666			break;
2667		}
2668
2669		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2670		if (entries == NULL) {
2671			printf("%s: could not allocate %d bytes for OOA "
2672			       "dump\n", __func__, ooa_hdr->alloc_len);
2673			retval = ENOMEM;
2674			break;
2675		}
2676
2677		mtx_lock(&softc->ctl_lock);
2678		if ((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0 &&
2679		    (ooa_hdr->lun_num >= CTL_MAX_LUNS ||
2680		     softc->ctl_luns[ooa_hdr->lun_num] == NULL)) {
2681			mtx_unlock(&softc->ctl_lock);
2682			free(entries, M_CTL);
2683			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2684			       __func__, (uintmax_t)ooa_hdr->lun_num);
2685			retval = EINVAL;
2686			break;
2687		}
2688
2689		cur_fill_num = 0;
2690
2691		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2692			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2693				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2694				    ooa_hdr, entries);
2695			}
2696		} else {
2697			lun = softc->ctl_luns[ooa_hdr->lun_num];
2698			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2699			    entries);
2700		}
2701		mtx_unlock(&softc->ctl_lock);
2702
2703		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2704		ooa_hdr->fill_len = ooa_hdr->fill_num *
2705			sizeof(struct ctl_ooa_entry);
2706		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2707		if (retval != 0) {
2708			printf("%s: error copying out %d bytes for OOA dump\n",
2709			       __func__, ooa_hdr->fill_len);
2710		}
2711
2712		getbinuptime(&ooa_hdr->cur_bt);
2713
2714		if (cur_fill_num > ooa_hdr->alloc_num) {
2715			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2716			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2717		} else {
2718			ooa_hdr->dropped_num = 0;
2719			ooa_hdr->status = CTL_OOA_OK;
2720		}
2721
2722		free(entries, M_CTL);
2723		break;
2724	}
2725	case CTL_DELAY_IO: {
2726		struct ctl_io_delay_info *delay_info;
2727
2728		delay_info = (struct ctl_io_delay_info *)addr;
2729
2730#ifdef CTL_IO_DELAY
2731		mtx_lock(&softc->ctl_lock);
2732		if (delay_info->lun_id >= CTL_MAX_LUNS ||
2733		    (lun = softc->ctl_luns[delay_info->lun_id]) == NULL) {
2734			mtx_unlock(&softc->ctl_lock);
2735			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2736			break;
2737		}
2738		mtx_lock(&lun->lun_lock);
2739		mtx_unlock(&softc->ctl_lock);
2740		delay_info->status = CTL_DELAY_STATUS_OK;
2741		switch (delay_info->delay_type) {
2742		case CTL_DELAY_TYPE_CONT:
2743		case CTL_DELAY_TYPE_ONESHOT:
2744			break;
2745		default:
2746			delay_info->status = CTL_DELAY_STATUS_INVALID_TYPE;
2747			break;
2748		}
2749		switch (delay_info->delay_loc) {
2750		case CTL_DELAY_LOC_DATAMOVE:
2751			lun->delay_info.datamove_type = delay_info->delay_type;
2752			lun->delay_info.datamove_delay = delay_info->delay_secs;
2753			break;
2754		case CTL_DELAY_LOC_DONE:
2755			lun->delay_info.done_type = delay_info->delay_type;
2756			lun->delay_info.done_delay = delay_info->delay_secs;
2757			break;
2758		default:
2759			delay_info->status = CTL_DELAY_STATUS_INVALID_LOC;
2760			break;
2761		}
2762		mtx_unlock(&lun->lun_lock);
2763#else
2764		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2765#endif /* CTL_IO_DELAY */
2766		break;
2767	}
2768#ifdef CTL_LEGACY_STATS
2769	case CTL_GETSTATS: {
2770		struct ctl_stats *stats = (struct ctl_stats *)addr;
2771		int i;
2772
2773		/*
2774		 * XXX KDM no locking here.  If the LUN list changes,
2775		 * things can blow up.
2776		 */
2777		i = 0;
2778		stats->status = CTL_SS_OK;
2779		stats->fill_len = 0;
2780		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2781			if (stats->fill_len + sizeof(lun->legacy_stats) >
2782			    stats->alloc_len) {
2783				stats->status = CTL_SS_NEED_MORE_SPACE;
2784				break;
2785			}
2786			retval = copyout(&lun->legacy_stats, &stats->lun_stats[i++],
2787					 sizeof(lun->legacy_stats));
2788			if (retval != 0)
2789				break;
2790			stats->fill_len += sizeof(lun->legacy_stats);
2791		}
2792		stats->num_luns = softc->num_luns;
2793		stats->flags = CTL_STATS_FLAG_NONE;
2794#ifdef CTL_TIME_IO
2795		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
2796#endif
2797		getnanouptime(&stats->timestamp);
2798		break;
2799	}
2800#endif /* CTL_LEGACY_STATS */
2801	case CTL_ERROR_INJECT: {
2802		struct ctl_error_desc *err_desc, *new_err_desc;
2803
2804		err_desc = (struct ctl_error_desc *)addr;
2805
2806		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2807				      M_WAITOK | M_ZERO);
2808		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2809
2810		mtx_lock(&softc->ctl_lock);
2811		if (err_desc->lun_id >= CTL_MAX_LUNS ||
2812		    (lun = softc->ctl_luns[err_desc->lun_id]) == NULL) {
2813			mtx_unlock(&softc->ctl_lock);
2814			free(new_err_desc, M_CTL);
2815			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2816			       __func__, (uintmax_t)err_desc->lun_id);
2817			retval = EINVAL;
2818			break;
2819		}
2820		mtx_lock(&lun->lun_lock);
2821		mtx_unlock(&softc->ctl_lock);
2822
2823		/*
2824		 * We could do some checking here to verify the validity
2825		 * of the request, but given the complexity of error
2826		 * injection requests, the checking logic would be fairly
2827		 * complex.
2828		 *
2829		 * For now, if the request is invalid, it just won't get
2830		 * executed and might get deleted.
2831		 */
2832		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2833
2834		/*
2835		 * XXX KDM check to make sure the serial number is unique,
2836		 * in case we somehow manage to wrap.  That shouldn't
2837		 * happen for a very long time, but it's the right thing to
2838		 * do.
2839		 */
2840		new_err_desc->serial = lun->error_serial;
2841		err_desc->serial = lun->error_serial;
2842		lun->error_serial++;
2843
2844		mtx_unlock(&lun->lun_lock);
2845		break;
2846	}
2847	case CTL_ERROR_INJECT_DELETE: {
2848		struct ctl_error_desc *delete_desc, *desc, *desc2;
2849		int delete_done;
2850
2851		delete_desc = (struct ctl_error_desc *)addr;
2852		delete_done = 0;
2853
2854		mtx_lock(&softc->ctl_lock);
2855		if (delete_desc->lun_id >= CTL_MAX_LUNS ||
2856		    (lun = softc->ctl_luns[delete_desc->lun_id]) == NULL) {
2857			mtx_unlock(&softc->ctl_lock);
2858			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2859			       __func__, (uintmax_t)delete_desc->lun_id);
2860			retval = EINVAL;
2861			break;
2862		}
2863		mtx_lock(&lun->lun_lock);
2864		mtx_unlock(&softc->ctl_lock);
2865		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2866			if (desc->serial != delete_desc->serial)
2867				continue;
2868
2869			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2870				      links);
2871			free(desc, M_CTL);
2872			delete_done = 1;
2873		}
2874		mtx_unlock(&lun->lun_lock);
2875		if (delete_done == 0) {
2876			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2877			       "error serial %ju on LUN %u\n", __func__,
2878			       delete_desc->serial, delete_desc->lun_id);
2879			retval = EINVAL;
2880			break;
2881		}
2882		break;
2883	}
2884	case CTL_DUMP_STRUCTS: {
2885		int j, k;
2886		struct ctl_port *port;
2887		struct ctl_frontend *fe;
2888
2889		mtx_lock(&softc->ctl_lock);
2890		printf("CTL Persistent Reservation information start:\n");
2891		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2892			mtx_lock(&lun->lun_lock);
2893			if ((lun->flags & CTL_LUN_DISABLED) != 0) {
2894				mtx_unlock(&lun->lun_lock);
2895				continue;
2896			}
2897
2898			for (j = 0; j < CTL_MAX_PORTS; j++) {
2899				if (lun->pr_keys[j] == NULL)
2900					continue;
2901				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2902					if (lun->pr_keys[j][k] == 0)
2903						continue;
2904					printf("  LUN %ju port %d iid %d key "
2905					       "%#jx\n", lun->lun, j, k,
2906					       (uintmax_t)lun->pr_keys[j][k]);
2907				}
2908			}
2909			mtx_unlock(&lun->lun_lock);
2910		}
2911		printf("CTL Persistent Reservation information end\n");
2912		printf("CTL Ports:\n");
2913		STAILQ_FOREACH(port, &softc->port_list, links) {
2914			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2915			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2916			       port->frontend->name, port->port_type,
2917			       port->physical_port, port->virtual_port,
2918			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2919			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2920				if (port->wwpn_iid[j].in_use == 0 &&
2921				    port->wwpn_iid[j].wwpn == 0 &&
2922				    port->wwpn_iid[j].name == NULL)
2923					continue;
2924
2925				printf("    iid %u use %d WWPN %#jx '%s'\n",
2926				    j, port->wwpn_iid[j].in_use,
2927				    (uintmax_t)port->wwpn_iid[j].wwpn,
2928				    port->wwpn_iid[j].name);
2929			}
2930		}
2931		printf("CTL Port information end\n");
2932		mtx_unlock(&softc->ctl_lock);
2933		/*
2934		 * XXX KDM calling this without a lock.  We'd likely want
2935		 * to drop the lock before calling the frontend's dump
2936		 * routine anyway.
2937		 */
2938		printf("CTL Frontends:\n");
2939		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2940			printf("  Frontend '%s'\n", fe->name);
2941			if (fe->fe_dump != NULL)
2942				fe->fe_dump();
2943		}
2944		printf("CTL Frontend information end\n");
2945		break;
2946	}
2947	case CTL_LUN_REQ: {
2948		struct ctl_lun_req *lun_req;
2949		struct ctl_backend_driver *backend;
2950
2951		lun_req = (struct ctl_lun_req *)addr;
2952
2953		backend = ctl_backend_find(lun_req->backend);
2954		if (backend == NULL) {
2955			lun_req->status = CTL_LUN_ERROR;
2956			snprintf(lun_req->error_str,
2957				 sizeof(lun_req->error_str),
2958				 "Backend \"%s\" not found.",
2959				 lun_req->backend);
2960			break;
2961		}
2962		if (lun_req->num_be_args > 0) {
2963			lun_req->kern_be_args = ctl_copyin_args(
2964				lun_req->num_be_args,
2965				lun_req->be_args,
2966				lun_req->error_str,
2967				sizeof(lun_req->error_str));
2968			if (lun_req->kern_be_args == NULL) {
2969				lun_req->status = CTL_LUN_ERROR;
2970				break;
2971			}
2972		}
2973
2974		retval = backend->ioctl(dev, cmd, addr, flag, td);
2975
2976		if (lun_req->num_be_args > 0) {
2977			ctl_copyout_args(lun_req->num_be_args,
2978				      lun_req->kern_be_args);
2979			ctl_free_args(lun_req->num_be_args,
2980				      lun_req->kern_be_args);
2981		}
2982		break;
2983	}
2984	case CTL_LUN_LIST: {
2985		struct sbuf *sb;
2986		struct ctl_lun_list *list;
2987		struct ctl_option *opt;
2988
2989		list = (struct ctl_lun_list *)addr;
2990
2991		/*
2992		 * Allocate a fixed length sbuf here, based on the length
2993		 * of the user's buffer.  We could allocate an auto-extending
2994		 * buffer, and then tell the user how much larger our
2995		 * amount of data is than his buffer, but that presents
2996		 * some problems:
2997		 *
2998		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2999		 *     we can't hold a lock while calling them with an
3000		 *     auto-extending buffer.
3001 		 *
3002		 * 2.  There is not currently a LUN reference counting
3003		 *     mechanism, outside of outstanding transactions on
3004		 *     the LUN's OOA queue.  So a LUN could go away on us
3005		 *     while we're getting the LUN number, backend-specific
3006		 *     information, etc.  Thus, given the way things
3007		 *     currently work, we need to hold the CTL lock while
3008		 *     grabbing LUN information.
3009		 *
3010		 * So, from the user's standpoint, the best thing to do is
3011		 * allocate what he thinks is a reasonable buffer length,
3012		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3013		 * double the buffer length and try again.  (And repeat
3014		 * that until he succeeds.)
3015		 */
3016		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3017		if (sb == NULL) {
3018			list->status = CTL_LUN_LIST_ERROR;
3019			snprintf(list->error_str, sizeof(list->error_str),
3020				 "Unable to allocate %d bytes for LUN list",
3021				 list->alloc_len);
3022			break;
3023		}
3024
3025		sbuf_printf(sb, "<ctllunlist>\n");
3026
3027		mtx_lock(&softc->ctl_lock);
3028		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3029			mtx_lock(&lun->lun_lock);
3030			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3031					     (uintmax_t)lun->lun);
3032
3033			/*
3034			 * Bail out as soon as we see that we've overfilled
3035			 * the buffer.
3036			 */
3037			if (retval != 0)
3038				break;
3039
3040			retval = sbuf_printf(sb, "\t<backend_type>%s"
3041					     "</backend_type>\n",
3042					     (lun->backend == NULL) ?  "none" :
3043					     lun->backend->name);
3044
3045			if (retval != 0)
3046				break;
3047
3048			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3049					     lun->be_lun->lun_type);
3050
3051			if (retval != 0)
3052				break;
3053
3054			if (lun->backend == NULL) {
3055				retval = sbuf_printf(sb, "</lun>\n");
3056				if (retval != 0)
3057					break;
3058				continue;
3059			}
3060
3061			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3062					     (lun->be_lun->maxlba > 0) ?
3063					     lun->be_lun->maxlba + 1 : 0);
3064
3065			if (retval != 0)
3066				break;
3067
3068			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3069					     lun->be_lun->blocksize);
3070
3071			if (retval != 0)
3072				break;
3073
3074			retval = sbuf_printf(sb, "\t<serial_number>");
3075
3076			if (retval != 0)
3077				break;
3078
3079			retval = ctl_sbuf_printf_esc(sb,
3080			    lun->be_lun->serial_num,
3081			    sizeof(lun->be_lun->serial_num));
3082
3083			if (retval != 0)
3084				break;
3085
3086			retval = sbuf_printf(sb, "</serial_number>\n");
3087
3088			if (retval != 0)
3089				break;
3090
3091			retval = sbuf_printf(sb, "\t<device_id>");
3092
3093			if (retval != 0)
3094				break;
3095
3096			retval = ctl_sbuf_printf_esc(sb,
3097			    lun->be_lun->device_id,
3098			    sizeof(lun->be_lun->device_id));
3099
3100			if (retval != 0)
3101				break;
3102
3103			retval = sbuf_printf(sb, "</device_id>\n");
3104
3105			if (retval != 0)
3106				break;
3107
3108			if (lun->backend->lun_info != NULL) {
3109				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3110				if (retval != 0)
3111					break;
3112			}
3113			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3114				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3115				    opt->name, opt->value, opt->name);
3116				if (retval != 0)
3117					break;
3118			}
3119
3120			retval = sbuf_printf(sb, "</lun>\n");
3121
3122			if (retval != 0)
3123				break;
3124			mtx_unlock(&lun->lun_lock);
3125		}
3126		if (lun != NULL)
3127			mtx_unlock(&lun->lun_lock);
3128		mtx_unlock(&softc->ctl_lock);
3129
3130		if ((retval != 0)
3131		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3132			retval = 0;
3133			sbuf_delete(sb);
3134			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3135			snprintf(list->error_str, sizeof(list->error_str),
3136				 "Out of space, %d bytes is too small",
3137				 list->alloc_len);
3138			break;
3139		}
3140
3141		sbuf_finish(sb);
3142
3143		retval = copyout(sbuf_data(sb), list->lun_xml,
3144				 sbuf_len(sb) + 1);
3145
3146		list->fill_len = sbuf_len(sb) + 1;
3147		list->status = CTL_LUN_LIST_OK;
3148		sbuf_delete(sb);
3149		break;
3150	}
3151	case CTL_ISCSI: {
3152		struct ctl_iscsi *ci;
3153		struct ctl_frontend *fe;
3154
3155		ci = (struct ctl_iscsi *)addr;
3156
3157		fe = ctl_frontend_find("iscsi");
3158		if (fe == NULL) {
3159			ci->status = CTL_ISCSI_ERROR;
3160			snprintf(ci->error_str, sizeof(ci->error_str),
3161			    "Frontend \"iscsi\" not found.");
3162			break;
3163		}
3164
3165		retval = fe->ioctl(dev, cmd, addr, flag, td);
3166		break;
3167	}
3168	case CTL_PORT_REQ: {
3169		struct ctl_req *req;
3170		struct ctl_frontend *fe;
3171
3172		req = (struct ctl_req *)addr;
3173
3174		fe = ctl_frontend_find(req->driver);
3175		if (fe == NULL) {
3176			req->status = CTL_LUN_ERROR;
3177			snprintf(req->error_str, sizeof(req->error_str),
3178			    "Frontend \"%s\" not found.", req->driver);
3179			break;
3180		}
3181		if (req->num_args > 0) {
3182			req->kern_args = ctl_copyin_args(req->num_args,
3183			    req->args, req->error_str, sizeof(req->error_str));
3184			if (req->kern_args == NULL) {
3185				req->status = CTL_LUN_ERROR;
3186				break;
3187			}
3188		}
3189
3190		if (fe->ioctl)
3191			retval = fe->ioctl(dev, cmd, addr, flag, td);
3192		else
3193			retval = ENODEV;
3194
3195		if (req->num_args > 0) {
3196			ctl_copyout_args(req->num_args, req->kern_args);
3197			ctl_free_args(req->num_args, req->kern_args);
3198		}
3199		break;
3200	}
3201	case CTL_PORT_LIST: {
3202		struct sbuf *sb;
3203		struct ctl_port *port;
3204		struct ctl_lun_list *list;
3205		struct ctl_option *opt;
3206		int j;
3207		uint32_t plun;
3208
3209		list = (struct ctl_lun_list *)addr;
3210
3211		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3212		if (sb == NULL) {
3213			list->status = CTL_LUN_LIST_ERROR;
3214			snprintf(list->error_str, sizeof(list->error_str),
3215				 "Unable to allocate %d bytes for LUN list",
3216				 list->alloc_len);
3217			break;
3218		}
3219
3220		sbuf_printf(sb, "<ctlportlist>\n");
3221
3222		mtx_lock(&softc->ctl_lock);
3223		STAILQ_FOREACH(port, &softc->port_list, links) {
3224			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3225					     (uintmax_t)port->targ_port);
3226
3227			/*
3228			 * Bail out as soon as we see that we've overfilled
3229			 * the buffer.
3230			 */
3231			if (retval != 0)
3232				break;
3233
3234			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3235			    "</frontend_type>\n", port->frontend->name);
3236			if (retval != 0)
3237				break;
3238
3239			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3240					     port->port_type);
3241			if (retval != 0)
3242				break;
3243
3244			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3245			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3246			if (retval != 0)
3247				break;
3248
3249			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3250			    port->port_name);
3251			if (retval != 0)
3252				break;
3253
3254			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3255			    port->physical_port);
3256			if (retval != 0)
3257				break;
3258
3259			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3260			    port->virtual_port);
3261			if (retval != 0)
3262				break;
3263
3264			if (port->target_devid != NULL) {
3265				sbuf_printf(sb, "\t<target>");
3266				ctl_id_sbuf(port->target_devid, sb);
3267				sbuf_printf(sb, "</target>\n");
3268			}
3269
3270			if (port->port_devid != NULL) {
3271				sbuf_printf(sb, "\t<port>");
3272				ctl_id_sbuf(port->port_devid, sb);
3273				sbuf_printf(sb, "</port>\n");
3274			}
3275
3276			if (port->port_info != NULL) {
3277				retval = port->port_info(port->onoff_arg, sb);
3278				if (retval != 0)
3279					break;
3280			}
3281			STAILQ_FOREACH(opt, &port->options, links) {
3282				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3283				    opt->name, opt->value, opt->name);
3284				if (retval != 0)
3285					break;
3286			}
3287
3288			if (port->lun_map != NULL) {
3289				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3290				for (j = 0; j < port->lun_map_size; j++) {
3291					plun = ctl_lun_map_from_port(port, j);
3292					if (plun == UINT32_MAX)
3293						continue;
3294					sbuf_printf(sb,
3295					    "\t<lun id=\"%u\">%u</lun>\n",
3296					    j, plun);
3297				}
3298			}
3299
3300			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3301				if (port->wwpn_iid[j].in_use == 0 ||
3302				    (port->wwpn_iid[j].wwpn == 0 &&
3303				     port->wwpn_iid[j].name == NULL))
3304					continue;
3305
3306				if (port->wwpn_iid[j].name != NULL)
3307					retval = sbuf_printf(sb,
3308					    "\t<initiator id=\"%u\">%s</initiator>\n",
3309					    j, port->wwpn_iid[j].name);
3310				else
3311					retval = sbuf_printf(sb,
3312					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3313					    j, port->wwpn_iid[j].wwpn);
3314				if (retval != 0)
3315					break;
3316			}
3317			if (retval != 0)
3318				break;
3319
3320			retval = sbuf_printf(sb, "</targ_port>\n");
3321			if (retval != 0)
3322				break;
3323		}
3324		mtx_unlock(&softc->ctl_lock);
3325
3326		if ((retval != 0)
3327		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3328			retval = 0;
3329			sbuf_delete(sb);
3330			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3331			snprintf(list->error_str, sizeof(list->error_str),
3332				 "Out of space, %d bytes is too small",
3333				 list->alloc_len);
3334			break;
3335		}
3336
3337		sbuf_finish(sb);
3338
3339		retval = copyout(sbuf_data(sb), list->lun_xml,
3340				 sbuf_len(sb) + 1);
3341
3342		list->fill_len = sbuf_len(sb) + 1;
3343		list->status = CTL_LUN_LIST_OK;
3344		sbuf_delete(sb);
3345		break;
3346	}
3347	case CTL_LUN_MAP: {
3348		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3349		struct ctl_port *port;
3350
3351		mtx_lock(&softc->ctl_lock);
3352		if (lm->port < softc->port_min ||
3353		    lm->port >= softc->port_max ||
3354		    (port = softc->ctl_ports[lm->port]) == NULL) {
3355			mtx_unlock(&softc->ctl_lock);
3356			return (ENXIO);
3357		}
3358		if (port->status & CTL_PORT_STATUS_ONLINE) {
3359			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3360				if (ctl_lun_map_to_port(port, lun->lun) ==
3361				    UINT32_MAX)
3362					continue;
3363				mtx_lock(&lun->lun_lock);
3364				ctl_est_ua_port(lun, lm->port, -1,
3365				    CTL_UA_LUN_CHANGE);
3366				mtx_unlock(&lun->lun_lock);
3367			}
3368		}
3369		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3370		if (lm->plun != UINT32_MAX) {
3371			if (lm->lun == UINT32_MAX)
3372				retval = ctl_lun_map_unset(port, lm->plun);
3373			else if (lm->lun < CTL_MAX_LUNS &&
3374			    softc->ctl_luns[lm->lun] != NULL)
3375				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3376			else
3377				return (ENXIO);
3378		} else {
3379			if (lm->lun == UINT32_MAX)
3380				retval = ctl_lun_map_deinit(port);
3381			else
3382				retval = ctl_lun_map_init(port);
3383		}
3384		if (port->status & CTL_PORT_STATUS_ONLINE)
3385			ctl_isc_announce_port(port);
3386		break;
3387	}
3388	case CTL_GET_LUN_STATS: {
3389		struct ctl_get_io_stats *stats = (struct ctl_get_io_stats *)addr;
3390		int i;
3391
3392		/*
3393		 * XXX KDM no locking here.  If the LUN list changes,
3394		 * things can blow up.
3395		 */
3396		i = 0;
3397		stats->status = CTL_SS_OK;
3398		stats->fill_len = 0;
3399		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3400			if (lun->lun < stats->first_item)
3401				continue;
3402			if (stats->fill_len + sizeof(lun->stats) >
3403			    stats->alloc_len) {
3404				stats->status = CTL_SS_NEED_MORE_SPACE;
3405				break;
3406			}
3407			retval = copyout(&lun->stats, &stats->stats[i++],
3408					 sizeof(lun->stats));
3409			if (retval != 0)
3410				break;
3411			stats->fill_len += sizeof(lun->stats);
3412		}
3413		stats->num_items = softc->num_luns;
3414		stats->flags = CTL_STATS_FLAG_NONE;
3415#ifdef CTL_TIME_IO
3416		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
3417#endif
3418		getnanouptime(&stats->timestamp);
3419		break;
3420	}
3421	case CTL_GET_PORT_STATS: {
3422		struct ctl_get_io_stats *stats = (struct ctl_get_io_stats *)addr;
3423		int i;
3424
3425		/*
3426		 * XXX KDM no locking here.  If the LUN list changes,
3427		 * things can blow up.
3428		 */
3429		i = 0;
3430		stats->status = CTL_SS_OK;
3431		stats->fill_len = 0;
3432		STAILQ_FOREACH(port, &softc->port_list, links) {
3433			if (port->targ_port < stats->first_item)
3434				continue;
3435			if (stats->fill_len + sizeof(port->stats) >
3436			    stats->alloc_len) {
3437				stats->status = CTL_SS_NEED_MORE_SPACE;
3438				break;
3439			}
3440			retval = copyout(&port->stats, &stats->stats[i++],
3441					 sizeof(port->stats));
3442			if (retval != 0)
3443				break;
3444			stats->fill_len += sizeof(port->stats);
3445		}
3446		stats->num_items = softc->num_ports;
3447		stats->flags = CTL_STATS_FLAG_NONE;
3448#ifdef CTL_TIME_IO
3449		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
3450#endif
3451		getnanouptime(&stats->timestamp);
3452		break;
3453	}
3454	default: {
3455		/* XXX KDM should we fix this? */
3456#if 0
3457		struct ctl_backend_driver *backend;
3458		unsigned int type;
3459		int found;
3460
3461		found = 0;
3462
3463		/*
3464		 * We encode the backend type as the ioctl type for backend
3465		 * ioctls.  So parse it out here, and then search for a
3466		 * backend of this type.
3467		 */
3468		type = _IOC_TYPE(cmd);
3469
3470		STAILQ_FOREACH(backend, &softc->be_list, links) {
3471			if (backend->type == type) {
3472				found = 1;
3473				break;
3474			}
3475		}
3476		if (found == 0) {
3477			printf("ctl: unknown ioctl command %#lx or backend "
3478			       "%d\n", cmd, type);
3479			retval = EINVAL;
3480			break;
3481		}
3482		retval = backend->ioctl(dev, cmd, addr, flag, td);
3483#endif
3484		retval = ENOTTY;
3485		break;
3486	}
3487	}
3488	return (retval);
3489}
3490
3491uint32_t
3492ctl_get_initindex(struct ctl_nexus *nexus)
3493{
3494	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3495}
3496
3497int
3498ctl_lun_map_init(struct ctl_port *port)
3499{
3500	struct ctl_softc *softc = port->ctl_softc;
3501	struct ctl_lun *lun;
3502	int size = ctl_lun_map_size;
3503	uint32_t i;
3504
3505	if (port->lun_map == NULL || port->lun_map_size < size) {
3506		port->lun_map_size = 0;
3507		free(port->lun_map, M_CTL);
3508		port->lun_map = malloc(size * sizeof(uint32_t),
3509		    M_CTL, M_NOWAIT);
3510	}
3511	if (port->lun_map == NULL)
3512		return (ENOMEM);
3513	for (i = 0; i < size; i++)
3514		port->lun_map[i] = UINT32_MAX;
3515	port->lun_map_size = size;
3516	if (port->status & CTL_PORT_STATUS_ONLINE) {
3517		if (port->lun_disable != NULL) {
3518			STAILQ_FOREACH(lun, &softc->lun_list, links)
3519				port->lun_disable(port->targ_lun_arg, lun->lun);
3520		}
3521		ctl_isc_announce_port(port);
3522	}
3523	return (0);
3524}
3525
3526int
3527ctl_lun_map_deinit(struct ctl_port *port)
3528{
3529	struct ctl_softc *softc = port->ctl_softc;
3530	struct ctl_lun *lun;
3531
3532	if (port->lun_map == NULL)
3533		return (0);
3534	port->lun_map_size = 0;
3535	free(port->lun_map, M_CTL);
3536	port->lun_map = NULL;
3537	if (port->status & CTL_PORT_STATUS_ONLINE) {
3538		if (port->lun_enable != NULL) {
3539			STAILQ_FOREACH(lun, &softc->lun_list, links)
3540				port->lun_enable(port->targ_lun_arg, lun->lun);
3541		}
3542		ctl_isc_announce_port(port);
3543	}
3544	return (0);
3545}
3546
3547int
3548ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3549{
3550	int status;
3551	uint32_t old;
3552
3553	if (port->lun_map == NULL) {
3554		status = ctl_lun_map_init(port);
3555		if (status != 0)
3556			return (status);
3557	}
3558	if (plun >= port->lun_map_size)
3559		return (EINVAL);
3560	old = port->lun_map[plun];
3561	port->lun_map[plun] = glun;
3562	if ((port->status & CTL_PORT_STATUS_ONLINE) && old == UINT32_MAX) {
3563		if (port->lun_enable != NULL)
3564			port->lun_enable(port->targ_lun_arg, plun);
3565		ctl_isc_announce_port(port);
3566	}
3567	return (0);
3568}
3569
3570int
3571ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3572{
3573	uint32_t old;
3574
3575	if (port->lun_map == NULL || plun >= port->lun_map_size)
3576		return (0);
3577	old = port->lun_map[plun];
3578	port->lun_map[plun] = UINT32_MAX;
3579	if ((port->status & CTL_PORT_STATUS_ONLINE) && old != UINT32_MAX) {
3580		if (port->lun_disable != NULL)
3581			port->lun_disable(port->targ_lun_arg, plun);
3582		ctl_isc_announce_port(port);
3583	}
3584	return (0);
3585}
3586
3587uint32_t
3588ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3589{
3590
3591	if (port == NULL)
3592		return (UINT32_MAX);
3593	if (port->lun_map == NULL)
3594		return (lun_id);
3595	if (lun_id > port->lun_map_size)
3596		return (UINT32_MAX);
3597	return (port->lun_map[lun_id]);
3598}
3599
3600uint32_t
3601ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3602{
3603	uint32_t i;
3604
3605	if (port == NULL)
3606		return (UINT32_MAX);
3607	if (port->lun_map == NULL)
3608		return (lun_id);
3609	for (i = 0; i < port->lun_map_size; i++) {
3610		if (port->lun_map[i] == lun_id)
3611			return (i);
3612	}
3613	return (UINT32_MAX);
3614}
3615
3616uint32_t
3617ctl_decode_lun(uint64_t encoded)
3618{
3619	uint8_t lun[8];
3620	uint32_t result = 0xffffffff;
3621
3622	be64enc(lun, encoded);
3623	switch (lun[0] & RPL_LUNDATA_ATYP_MASK) {
3624	case RPL_LUNDATA_ATYP_PERIPH:
3625		if ((lun[0] & 0x3f) == 0 && lun[2] == 0 && lun[3] == 0 &&
3626		    lun[4] == 0 && lun[5] == 0 && lun[6] == 0 && lun[7] == 0)
3627			result = lun[1];
3628		break;
3629	case RPL_LUNDATA_ATYP_FLAT:
3630		if (lun[2] == 0 && lun[3] == 0 && lun[4] == 0 && lun[5] == 0 &&
3631		    lun[6] == 0 && lun[7] == 0)
3632			result = ((lun[0] & 0x3f) << 8) + lun[1];
3633		break;
3634	case RPL_LUNDATA_ATYP_EXTLUN:
3635		switch (lun[0] & RPL_LUNDATA_EXT_EAM_MASK) {
3636		case 0x02:
3637			switch (lun[0] & RPL_LUNDATA_EXT_LEN_MASK) {
3638			case 0x00:
3639				result = lun[1];
3640				break;
3641			case 0x10:
3642				result = (lun[1] << 16) + (lun[2] << 8) +
3643				    lun[3];
3644				break;
3645			case 0x20:
3646				if (lun[1] == 0 && lun[6] == 0 && lun[7] == 0)
3647					result = (lun[2] << 24) +
3648					    (lun[3] << 16) + (lun[4] << 8) +
3649					    lun[5];
3650				break;
3651			}
3652			break;
3653		case RPL_LUNDATA_EXT_EAM_NOT_SPEC:
3654			result = 0xffffffff;
3655			break;
3656		}
3657		break;
3658	}
3659	return (result);
3660}
3661
3662uint64_t
3663ctl_encode_lun(uint32_t decoded)
3664{
3665	uint64_t l = decoded;
3666
3667	if (l <= 0xff)
3668		return (((uint64_t)RPL_LUNDATA_ATYP_PERIPH << 56) | (l << 48));
3669	if (l <= 0x3fff)
3670		return (((uint64_t)RPL_LUNDATA_ATYP_FLAT << 56) | (l << 48));
3671	if (l <= 0xffffff)
3672		return (((uint64_t)(RPL_LUNDATA_ATYP_EXTLUN | 0x12) << 56) |
3673		    (l << 32));
3674	return ((((uint64_t)RPL_LUNDATA_ATYP_EXTLUN | 0x22) << 56) | (l << 16));
3675}
3676
3677int
3678ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3679{
3680	int i;
3681
3682	for (i = first; i < last; i++) {
3683		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3684			return (i);
3685	}
3686	return (-1);
3687}
3688
3689int
3690ctl_set_mask(uint32_t *mask, uint32_t bit)
3691{
3692	uint32_t chunk, piece;
3693
3694	chunk = bit >> 5;
3695	piece = bit % (sizeof(uint32_t) * 8);
3696
3697	if ((mask[chunk] & (1 << piece)) != 0)
3698		return (-1);
3699	else
3700		mask[chunk] |= (1 << piece);
3701
3702	return (0);
3703}
3704
3705int
3706ctl_clear_mask(uint32_t *mask, uint32_t bit)
3707{
3708	uint32_t chunk, piece;
3709
3710	chunk = bit >> 5;
3711	piece = bit % (sizeof(uint32_t) * 8);
3712
3713	if ((mask[chunk] & (1 << piece)) == 0)
3714		return (-1);
3715	else
3716		mask[chunk] &= ~(1 << piece);
3717
3718	return (0);
3719}
3720
3721int
3722ctl_is_set(uint32_t *mask, uint32_t bit)
3723{
3724	uint32_t chunk, piece;
3725
3726	chunk = bit >> 5;
3727	piece = bit % (sizeof(uint32_t) * 8);
3728
3729	if ((mask[chunk] & (1 << piece)) == 0)
3730		return (0);
3731	else
3732		return (1);
3733}
3734
3735static uint64_t
3736ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3737{
3738	uint64_t *t;
3739
3740	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3741	if (t == NULL)
3742		return (0);
3743	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3744}
3745
3746static void
3747ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3748{
3749	uint64_t *t;
3750
3751	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3752	if (t == NULL)
3753		return;
3754	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3755}
3756
3757static void
3758ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3759{
3760	uint64_t *p;
3761	u_int i;
3762
3763	i = residx/CTL_MAX_INIT_PER_PORT;
3764	if (lun->pr_keys[i] != NULL)
3765		return;
3766	mtx_unlock(&lun->lun_lock);
3767	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3768	    M_WAITOK | M_ZERO);
3769	mtx_lock(&lun->lun_lock);
3770	if (lun->pr_keys[i] == NULL)
3771		lun->pr_keys[i] = p;
3772	else
3773		free(p, M_CTL);
3774}
3775
3776static void
3777ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3778{
3779	uint64_t *t;
3780
3781	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3782	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3783	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3784}
3785
3786/*
3787 * ctl_softc, pool_name, total_ctl_io are passed in.
3788 * npool is passed out.
3789 */
3790int
3791ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3792		uint32_t total_ctl_io, void **npool)
3793{
3794	struct ctl_io_pool *pool;
3795
3796	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3797					    M_NOWAIT | M_ZERO);
3798	if (pool == NULL)
3799		return (ENOMEM);
3800
3801	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3802	pool->ctl_softc = ctl_softc;
3803#ifdef IO_POOLS
3804	pool->zone = uma_zsecond_create(pool->name, NULL,
3805	    NULL, NULL, NULL, ctl_softc->io_zone);
3806	/* uma_prealloc(pool->zone, total_ctl_io); */
3807#else
3808	pool->zone = ctl_softc->io_zone;
3809#endif
3810
3811	*npool = pool;
3812	return (0);
3813}
3814
3815void
3816ctl_pool_free(struct ctl_io_pool *pool)
3817{
3818
3819	if (pool == NULL)
3820		return;
3821
3822#ifdef IO_POOLS
3823	uma_zdestroy(pool->zone);
3824#endif
3825	free(pool, M_CTL);
3826}
3827
3828union ctl_io *
3829ctl_alloc_io(void *pool_ref)
3830{
3831	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3832	union ctl_io *io;
3833
3834	io = uma_zalloc(pool->zone, M_WAITOK);
3835	if (io != NULL) {
3836		io->io_hdr.pool = pool_ref;
3837		CTL_SOFTC(io) = pool->ctl_softc;
3838	}
3839	return (io);
3840}
3841
3842union ctl_io *
3843ctl_alloc_io_nowait(void *pool_ref)
3844{
3845	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3846	union ctl_io *io;
3847
3848	io = uma_zalloc(pool->zone, M_NOWAIT);
3849	if (io != NULL) {
3850		io->io_hdr.pool = pool_ref;
3851		CTL_SOFTC(io) = pool->ctl_softc;
3852	}
3853	return (io);
3854}
3855
3856void
3857ctl_free_io(union ctl_io *io)
3858{
3859	struct ctl_io_pool *pool;
3860
3861	if (io == NULL)
3862		return;
3863
3864	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3865	uma_zfree(pool->zone, io);
3866}
3867
3868void
3869ctl_zero_io(union ctl_io *io)
3870{
3871	struct ctl_io_pool *pool;
3872
3873	if (io == NULL)
3874		return;
3875
3876	/*
3877	 * May need to preserve linked list pointers at some point too.
3878	 */
3879	pool = io->io_hdr.pool;
3880	memset(io, 0, sizeof(*io));
3881	io->io_hdr.pool = pool;
3882	CTL_SOFTC(io) = pool->ctl_softc;
3883}
3884
3885int
3886ctl_expand_number(const char *buf, uint64_t *num)
3887{
3888	char *endptr;
3889	uint64_t number;
3890	unsigned shift;
3891
3892	number = strtoq(buf, &endptr, 0);
3893
3894	switch (tolower((unsigned char)*endptr)) {
3895	case 'e':
3896		shift = 60;
3897		break;
3898	case 'p':
3899		shift = 50;
3900		break;
3901	case 't':
3902		shift = 40;
3903		break;
3904	case 'g':
3905		shift = 30;
3906		break;
3907	case 'm':
3908		shift = 20;
3909		break;
3910	case 'k':
3911		shift = 10;
3912		break;
3913	case 'b':
3914	case '\0': /* No unit. */
3915		*num = number;
3916		return (0);
3917	default:
3918		/* Unrecognized unit. */
3919		return (-1);
3920	}
3921
3922	if ((number << shift) >> shift != number) {
3923		/* Overflow */
3924		return (-1);
3925	}
3926	*num = number << shift;
3927	return (0);
3928}
3929
3930
3931/*
3932 * This routine could be used in the future to load default and/or saved
3933 * mode page parameters for a particuar lun.
3934 */
3935static int
3936ctl_init_page_index(struct ctl_lun *lun)
3937{
3938	int i, page_code;
3939	struct ctl_page_index *page_index;
3940	const char *value;
3941	uint64_t ival;
3942
3943	memcpy(&lun->mode_pages.index, page_index_template,
3944	       sizeof(page_index_template));
3945
3946	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3947
3948		page_index = &lun->mode_pages.index[i];
3949		if (lun->be_lun->lun_type == T_DIRECT &&
3950		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
3951			continue;
3952		if (lun->be_lun->lun_type == T_PROCESSOR &&
3953		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
3954			continue;
3955		if (lun->be_lun->lun_type == T_CDROM &&
3956		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
3957			continue;
3958
3959		page_code = page_index->page_code & SMPH_PC_MASK;
3960		switch (page_code) {
3961		case SMS_RW_ERROR_RECOVERY_PAGE: {
3962			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3963			    ("subpage %#x for page %#x is incorrect!",
3964			    page_index->subpage, page_code));
3965			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3966			       &rw_er_page_default,
3967			       sizeof(rw_er_page_default));
3968			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3969			       &rw_er_page_changeable,
3970			       sizeof(rw_er_page_changeable));
3971			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3972			       &rw_er_page_default,
3973			       sizeof(rw_er_page_default));
3974			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3975			       &rw_er_page_default,
3976			       sizeof(rw_er_page_default));
3977			page_index->page_data =
3978				(uint8_t *)lun->mode_pages.rw_er_page;
3979			break;
3980		}
3981		case SMS_FORMAT_DEVICE_PAGE: {
3982			struct scsi_format_page *format_page;
3983
3984			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
3985			    ("subpage %#x for page %#x is incorrect!",
3986			    page_index->subpage, page_code));
3987
3988			/*
3989			 * Sectors per track are set above.  Bytes per
3990			 * sector need to be set here on a per-LUN basis.
3991			 */
3992			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3993			       &format_page_default,
3994			       sizeof(format_page_default));
3995			memcpy(&lun->mode_pages.format_page[
3996			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3997			       sizeof(format_page_changeable));
3998			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3999			       &format_page_default,
4000			       sizeof(format_page_default));
4001			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4002			       &format_page_default,
4003			       sizeof(format_page_default));
4004
4005			format_page = &lun->mode_pages.format_page[
4006				CTL_PAGE_CURRENT];
4007			scsi_ulto2b(lun->be_lun->blocksize,
4008				    format_page->bytes_per_sector);
4009
4010			format_page = &lun->mode_pages.format_page[
4011				CTL_PAGE_DEFAULT];
4012			scsi_ulto2b(lun->be_lun->blocksize,
4013				    format_page->bytes_per_sector);
4014
4015			format_page = &lun->mode_pages.format_page[
4016				CTL_PAGE_SAVED];
4017			scsi_ulto2b(lun->be_lun->blocksize,
4018				    format_page->bytes_per_sector);
4019
4020			page_index->page_data =
4021				(uint8_t *)lun->mode_pages.format_page;
4022			break;
4023		}
4024		case SMS_RIGID_DISK_PAGE: {
4025			struct scsi_rigid_disk_page *rigid_disk_page;
4026			uint32_t sectors_per_cylinder;
4027			uint64_t cylinders;
4028#ifndef	__XSCALE__
4029			int shift;
4030#endif /* !__XSCALE__ */
4031
4032			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4033			    ("subpage %#x for page %#x is incorrect!",
4034			    page_index->subpage, page_code));
4035
4036			/*
4037			 * Rotation rate and sectors per track are set
4038			 * above.  We calculate the cylinders here based on
4039			 * capacity.  Due to the number of heads and
4040			 * sectors per track we're using, smaller arrays
4041			 * may turn out to have 0 cylinders.  Linux and
4042			 * FreeBSD don't pay attention to these mode pages
4043			 * to figure out capacity, but Solaris does.  It
4044			 * seems to deal with 0 cylinders just fine, and
4045			 * works out a fake geometry based on the capacity.
4046			 */
4047			memcpy(&lun->mode_pages.rigid_disk_page[
4048			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4049			       sizeof(rigid_disk_page_default));
4050			memcpy(&lun->mode_pages.rigid_disk_page[
4051			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4052			       sizeof(rigid_disk_page_changeable));
4053
4054			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4055				CTL_DEFAULT_HEADS;
4056
4057			/*
4058			 * The divide method here will be more accurate,
4059			 * probably, but results in floating point being
4060			 * used in the kernel on i386 (__udivdi3()).  On the
4061			 * XScale, though, __udivdi3() is implemented in
4062			 * software.
4063			 *
4064			 * The shift method for cylinder calculation is
4065			 * accurate if sectors_per_cylinder is a power of
4066			 * 2.  Otherwise it might be slightly off -- you
4067			 * might have a bit of a truncation problem.
4068			 */
4069#ifdef	__XSCALE__
4070			cylinders = (lun->be_lun->maxlba + 1) /
4071				sectors_per_cylinder;
4072#else
4073			for (shift = 31; shift > 0; shift--) {
4074				if (sectors_per_cylinder & (1 << shift))
4075					break;
4076			}
4077			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4078#endif
4079
4080			/*
4081			 * We've basically got 3 bytes, or 24 bits for the
4082			 * cylinder size in the mode page.  If we're over,
4083			 * just round down to 2^24.
4084			 */
4085			if (cylinders > 0xffffff)
4086				cylinders = 0xffffff;
4087
4088			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4089				CTL_PAGE_DEFAULT];
4090			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4091
4092			if ((value = ctl_get_opt(&lun->be_lun->options,
4093			    "rpm")) != NULL) {
4094				scsi_ulto2b(strtol(value, NULL, 0),
4095				     rigid_disk_page->rotation_rate);
4096			}
4097
4098			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4099			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4100			       sizeof(rigid_disk_page_default));
4101			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4102			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4103			       sizeof(rigid_disk_page_default));
4104
4105			page_index->page_data =
4106				(uint8_t *)lun->mode_pages.rigid_disk_page;
4107			break;
4108		}
4109		case SMS_VERIFY_ERROR_RECOVERY_PAGE: {
4110			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4111			    ("subpage %#x for page %#x is incorrect!",
4112			    page_index->subpage, page_code));
4113			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CURRENT],
4114			       &verify_er_page_default,
4115			       sizeof(verify_er_page_default));
4116			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CHANGEABLE],
4117			       &verify_er_page_changeable,
4118			       sizeof(verify_er_page_changeable));
4119			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_DEFAULT],
4120			       &verify_er_page_default,
4121			       sizeof(verify_er_page_default));
4122			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_SAVED],
4123			       &verify_er_page_default,
4124			       sizeof(verify_er_page_default));
4125			page_index->page_data =
4126				(uint8_t *)lun->mode_pages.verify_er_page;
4127			break;
4128		}
4129		case SMS_CACHING_PAGE: {
4130			struct scsi_caching_page *caching_page;
4131
4132			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4133			    ("subpage %#x for page %#x is incorrect!",
4134			    page_index->subpage, page_code));
4135			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4136			       &caching_page_default,
4137			       sizeof(caching_page_default));
4138			memcpy(&lun->mode_pages.caching_page[
4139			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4140			       sizeof(caching_page_changeable));
4141			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4142			       &caching_page_default,
4143			       sizeof(caching_page_default));
4144			caching_page = &lun->mode_pages.caching_page[
4145			    CTL_PAGE_SAVED];
4146			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4147			if (value != NULL && strcmp(value, "off") == 0)
4148				caching_page->flags1 &= ~SCP_WCE;
4149			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4150			if (value != NULL && strcmp(value, "off") == 0)
4151				caching_page->flags1 |= SCP_RCD;
4152			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4153			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4154			       sizeof(caching_page_default));
4155			page_index->page_data =
4156				(uint8_t *)lun->mode_pages.caching_page;
4157			break;
4158		}
4159		case SMS_CONTROL_MODE_PAGE: {
4160			switch (page_index->subpage) {
4161			case SMS_SUBPAGE_PAGE_0: {
4162				struct scsi_control_page *control_page;
4163
4164				memcpy(&lun->mode_pages.control_page[
4165				    CTL_PAGE_DEFAULT],
4166				       &control_page_default,
4167				       sizeof(control_page_default));
4168				memcpy(&lun->mode_pages.control_page[
4169				    CTL_PAGE_CHANGEABLE],
4170				       &control_page_changeable,
4171				       sizeof(control_page_changeable));
4172				memcpy(&lun->mode_pages.control_page[
4173				    CTL_PAGE_SAVED],
4174				       &control_page_default,
4175				       sizeof(control_page_default));
4176				control_page = &lun->mode_pages.control_page[
4177				    CTL_PAGE_SAVED];
4178				value = ctl_get_opt(&lun->be_lun->options,
4179				    "reordering");
4180				if (value != NULL &&
4181				    strcmp(value, "unrestricted") == 0) {
4182					control_page->queue_flags &=
4183					    ~SCP_QUEUE_ALG_MASK;
4184					control_page->queue_flags |=
4185					    SCP_QUEUE_ALG_UNRESTRICTED;
4186				}
4187				memcpy(&lun->mode_pages.control_page[
4188				    CTL_PAGE_CURRENT],
4189				       &lun->mode_pages.control_page[
4190				    CTL_PAGE_SAVED],
4191				       sizeof(control_page_default));
4192				page_index->page_data =
4193				    (uint8_t *)lun->mode_pages.control_page;
4194				break;
4195			}
4196			case 0x01:
4197				memcpy(&lun->mode_pages.control_ext_page[
4198				    CTL_PAGE_DEFAULT],
4199				       &control_ext_page_default,
4200				       sizeof(control_ext_page_default));
4201				memcpy(&lun->mode_pages.control_ext_page[
4202				    CTL_PAGE_CHANGEABLE],
4203				       &control_ext_page_changeable,
4204				       sizeof(control_ext_page_changeable));
4205				memcpy(&lun->mode_pages.control_ext_page[
4206				    CTL_PAGE_SAVED],
4207				       &control_ext_page_default,
4208				       sizeof(control_ext_page_default));
4209				memcpy(&lun->mode_pages.control_ext_page[
4210				    CTL_PAGE_CURRENT],
4211				       &lun->mode_pages.control_ext_page[
4212				    CTL_PAGE_SAVED],
4213				       sizeof(control_ext_page_default));
4214				page_index->page_data =
4215				    (uint8_t *)lun->mode_pages.control_ext_page;
4216				break;
4217			default:
4218				panic("subpage %#x for page %#x is incorrect!",
4219				      page_index->subpage, page_code);
4220			}
4221			break;
4222		}
4223		case SMS_INFO_EXCEPTIONS_PAGE: {
4224			switch (page_index->subpage) {
4225			case SMS_SUBPAGE_PAGE_0:
4226				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4227				       &ie_page_default,
4228				       sizeof(ie_page_default));
4229				memcpy(&lun->mode_pages.ie_page[
4230				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4231				       sizeof(ie_page_changeable));
4232				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4233				       &ie_page_default,
4234				       sizeof(ie_page_default));
4235				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4236				       &ie_page_default,
4237				       sizeof(ie_page_default));
4238				page_index->page_data =
4239					(uint8_t *)lun->mode_pages.ie_page;
4240				break;
4241			case 0x02: {
4242				struct ctl_logical_block_provisioning_page *page;
4243
4244				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4245				       &lbp_page_default,
4246				       sizeof(lbp_page_default));
4247				memcpy(&lun->mode_pages.lbp_page[
4248				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4249				       sizeof(lbp_page_changeable));
4250				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4251				       &lbp_page_default,
4252				       sizeof(lbp_page_default));
4253				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4254				value = ctl_get_opt(&lun->be_lun->options,
4255				    "avail-threshold");
4256				if (value != NULL &&
4257				    ctl_expand_number(value, &ival) == 0) {
4258					page->descr[0].flags |= SLBPPD_ENABLED |
4259					    SLBPPD_ARMING_DEC;
4260					if (lun->be_lun->blocksize)
4261						ival /= lun->be_lun->blocksize;
4262					else
4263						ival /= 512;
4264					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4265					    page->descr[0].count);
4266				}
4267				value = ctl_get_opt(&lun->be_lun->options,
4268				    "used-threshold");
4269				if (value != NULL &&
4270				    ctl_expand_number(value, &ival) == 0) {
4271					page->descr[1].flags |= SLBPPD_ENABLED |
4272					    SLBPPD_ARMING_INC;
4273					if (lun->be_lun->blocksize)
4274						ival /= lun->be_lun->blocksize;
4275					else
4276						ival /= 512;
4277					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4278					    page->descr[1].count);
4279				}
4280				value = ctl_get_opt(&lun->be_lun->options,
4281				    "pool-avail-threshold");
4282				if (value != NULL &&
4283				    ctl_expand_number(value, &ival) == 0) {
4284					page->descr[2].flags |= SLBPPD_ENABLED |
4285					    SLBPPD_ARMING_DEC;
4286					if (lun->be_lun->blocksize)
4287						ival /= lun->be_lun->blocksize;
4288					else
4289						ival /= 512;
4290					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4291					    page->descr[2].count);
4292				}
4293				value = ctl_get_opt(&lun->be_lun->options,
4294				    "pool-used-threshold");
4295				if (value != NULL &&
4296				    ctl_expand_number(value, &ival) == 0) {
4297					page->descr[3].flags |= SLBPPD_ENABLED |
4298					    SLBPPD_ARMING_INC;
4299					if (lun->be_lun->blocksize)
4300						ival /= lun->be_lun->blocksize;
4301					else
4302						ival /= 512;
4303					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4304					    page->descr[3].count);
4305				}
4306				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4307				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4308				       sizeof(lbp_page_default));
4309				page_index->page_data =
4310					(uint8_t *)lun->mode_pages.lbp_page;
4311				break;
4312			}
4313			default:
4314				panic("subpage %#x for page %#x is incorrect!",
4315				      page_index->subpage, page_code);
4316			}
4317			break;
4318		}
4319		case SMS_CDDVD_CAPS_PAGE:{
4320			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4321			    ("subpage %#x for page %#x is incorrect!",
4322			    page_index->subpage, page_code));
4323			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_DEFAULT],
4324			       &cddvd_page_default,
4325			       sizeof(cddvd_page_default));
4326			memcpy(&lun->mode_pages.cddvd_page[
4327			       CTL_PAGE_CHANGEABLE], &cddvd_page_changeable,
4328			       sizeof(cddvd_page_changeable));
4329			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4330			       &cddvd_page_default,
4331			       sizeof(cddvd_page_default));
4332			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_CURRENT],
4333			       &lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4334			       sizeof(cddvd_page_default));
4335			page_index->page_data =
4336				(uint8_t *)lun->mode_pages.cddvd_page;
4337			break;
4338		}
4339		default:
4340			panic("invalid page code value %#x", page_code);
4341		}
4342	}
4343
4344	return (CTL_RETVAL_COMPLETE);
4345}
4346
4347static int
4348ctl_init_log_page_index(struct ctl_lun *lun)
4349{
4350	struct ctl_page_index *page_index;
4351	int i, j, k, prev;
4352
4353	memcpy(&lun->log_pages.index, log_page_index_template,
4354	       sizeof(log_page_index_template));
4355
4356	prev = -1;
4357	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4358
4359		page_index = &lun->log_pages.index[i];
4360		if (lun->be_lun->lun_type == T_DIRECT &&
4361		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4362			continue;
4363		if (lun->be_lun->lun_type == T_PROCESSOR &&
4364		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4365			continue;
4366		if (lun->be_lun->lun_type == T_CDROM &&
4367		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4368			continue;
4369
4370		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4371		    lun->backend->lun_attr == NULL)
4372			continue;
4373
4374		if (page_index->page_code != prev) {
4375			lun->log_pages.pages_page[j] = page_index->page_code;
4376			prev = page_index->page_code;
4377			j++;
4378		}
4379		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4380		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4381		k++;
4382	}
4383	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4384	lun->log_pages.index[0].page_len = j;
4385	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4386	lun->log_pages.index[1].page_len = k * 2;
4387	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4388	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4389	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4390	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4391	lun->log_pages.index[4].page_data = (uint8_t *)&lun->log_pages.ie_page;
4392	lun->log_pages.index[4].page_len = sizeof(lun->log_pages.ie_page);
4393
4394	return (CTL_RETVAL_COMPLETE);
4395}
4396
4397static int
4398hex2bin(const char *str, uint8_t *buf, int buf_size)
4399{
4400	int i;
4401	u_char c;
4402
4403	memset(buf, 0, buf_size);
4404	while (isspace(str[0]))
4405		str++;
4406	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4407		str += 2;
4408	buf_size *= 2;
4409	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4410		while (str[i] == '-')	/* Skip dashes in UUIDs. */
4411			str++;
4412		c = str[i];
4413		if (isdigit(c))
4414			c -= '0';
4415		else if (isalpha(c))
4416			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4417		else
4418			break;
4419		if (c >= 16)
4420			break;
4421		if ((i & 1) == 0)
4422			buf[i / 2] |= (c << 4);
4423		else
4424			buf[i / 2] |= c;
4425	}
4426	return ((i + 1) / 2);
4427}
4428
4429/*
4430 * LUN allocation.
4431 *
4432 * Requirements:
4433 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4434 *   wants us to allocate the LUN and he can block.
4435 * - ctl_softc is always set
4436 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4437 *
4438 * Returns 0 for success, non-zero (errno) for failure.
4439 */
4440static int
4441ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4442	      struct ctl_be_lun *const be_lun)
4443{
4444	struct ctl_lun *nlun, *lun;
4445	struct scsi_vpd_id_descriptor *desc;
4446	struct scsi_vpd_id_t10 *t10id;
4447	const char *eui, *naa, *scsiname, *uuid, *vendor, *value;
4448	int lun_number, lun_malloced;
4449	int devidlen, idlen1, idlen2 = 0, len;
4450
4451	if (be_lun == NULL)
4452		return (EINVAL);
4453
4454	/*
4455	 * We currently only support Direct Access or Processor LUN types.
4456	 */
4457	switch (be_lun->lun_type) {
4458	case T_DIRECT:
4459	case T_PROCESSOR:
4460	case T_CDROM:
4461		break;
4462	case T_SEQUENTIAL:
4463	case T_CHANGER:
4464	default:
4465		be_lun->lun_config_status(be_lun->be_lun,
4466					  CTL_LUN_CONFIG_FAILURE);
4467		break;
4468	}
4469	if (ctl_lun == NULL) {
4470		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4471		lun_malloced = 1;
4472	} else {
4473		lun_malloced = 0;
4474		lun = ctl_lun;
4475	}
4476
4477	memset(lun, 0, sizeof(*lun));
4478	if (lun_malloced)
4479		lun->flags = CTL_LUN_MALLOCED;
4480
4481	/* Generate LUN ID. */
4482	devidlen = max(CTL_DEVID_MIN_LEN,
4483	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4484	idlen1 = sizeof(*t10id) + devidlen;
4485	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4486	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4487	if (scsiname != NULL) {
4488		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4489		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4490	}
4491	eui = ctl_get_opt(&be_lun->options, "eui");
4492	if (eui != NULL) {
4493		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4494	}
4495	naa = ctl_get_opt(&be_lun->options, "naa");
4496	if (naa != NULL) {
4497		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4498	}
4499	uuid = ctl_get_opt(&be_lun->options, "uuid");
4500	if (uuid != NULL) {
4501		len += sizeof(struct scsi_vpd_id_descriptor) + 18;
4502	}
4503	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4504	    M_CTL, M_WAITOK | M_ZERO);
4505	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4506	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4507	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4508	desc->length = idlen1;
4509	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4510	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4511	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4512		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4513	} else {
4514		strncpy(t10id->vendor, vendor,
4515		    min(sizeof(t10id->vendor), strlen(vendor)));
4516	}
4517	strncpy((char *)t10id->vendor_spec_id,
4518	    (char *)be_lun->device_id, devidlen);
4519	if (scsiname != NULL) {
4520		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4521		    desc->length);
4522		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4523		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4524		    SVPD_ID_TYPE_SCSI_NAME;
4525		desc->length = idlen2;
4526		strlcpy(desc->identifier, scsiname, idlen2);
4527	}
4528	if (eui != NULL) {
4529		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4530		    desc->length);
4531		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4532		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4533		    SVPD_ID_TYPE_EUI64;
4534		desc->length = hex2bin(eui, desc->identifier, 16);
4535		desc->length = desc->length > 12 ? 16 :
4536		    (desc->length > 8 ? 12 : 8);
4537		len -= 16 - desc->length;
4538	}
4539	if (naa != NULL) {
4540		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4541		    desc->length);
4542		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4543		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4544		    SVPD_ID_TYPE_NAA;
4545		desc->length = hex2bin(naa, desc->identifier, 16);
4546		desc->length = desc->length > 8 ? 16 : 8;
4547		len -= 16 - desc->length;
4548	}
4549	if (uuid != NULL) {
4550		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4551		    desc->length);
4552		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4553		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4554		    SVPD_ID_TYPE_UUID;
4555		desc->identifier[0] = 0x10;
4556		hex2bin(uuid, &desc->identifier[2], 16);
4557		desc->length = 18;
4558	}
4559	lun->lun_devid->len = len;
4560
4561	mtx_lock(&ctl_softc->ctl_lock);
4562	/*
4563	 * See if the caller requested a particular LUN number.  If so, see
4564	 * if it is available.  Otherwise, allocate the first available LUN.
4565	 */
4566	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4567		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4568		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4569			mtx_unlock(&ctl_softc->ctl_lock);
4570			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4571				printf("ctl: requested LUN ID %d is higher "
4572				       "than CTL_MAX_LUNS - 1 (%d)\n",
4573				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4574			} else {
4575				/*
4576				 * XXX KDM return an error, or just assign
4577				 * another LUN ID in this case??
4578				 */
4579				printf("ctl: requested LUN ID %d is already "
4580				       "in use\n", be_lun->req_lun_id);
4581			}
4582fail:
4583			free(lun->lun_devid, M_CTL);
4584			if (lun->flags & CTL_LUN_MALLOCED)
4585				free(lun, M_CTL);
4586			be_lun->lun_config_status(be_lun->be_lun,
4587						  CTL_LUN_CONFIG_FAILURE);
4588			return (ENOSPC);
4589		}
4590		lun_number = be_lun->req_lun_id;
4591	} else {
4592		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4593		if (lun_number == -1) {
4594			mtx_unlock(&ctl_softc->ctl_lock);
4595			printf("ctl: can't allocate LUN, out of LUNs\n");
4596			goto fail;
4597		}
4598	}
4599	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4600	mtx_unlock(&ctl_softc->ctl_lock);
4601
4602	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4603	lun->lun = lun_number;
4604	lun->be_lun = be_lun;
4605	/*
4606	 * The processor LUN is always enabled.  Disk LUNs come on line
4607	 * disabled, and must be enabled by the backend.
4608	 */
4609	lun->flags |= CTL_LUN_DISABLED;
4610	lun->backend = be_lun->be;
4611	be_lun->ctl_lun = lun;
4612	be_lun->lun_id = lun_number;
4613	atomic_add_int(&be_lun->be->num_luns, 1);
4614	if (be_lun->flags & CTL_LUN_FLAG_EJECTED)
4615		lun->flags |= CTL_LUN_EJECTED;
4616	if (be_lun->flags & CTL_LUN_FLAG_NO_MEDIA)
4617		lun->flags |= CTL_LUN_NO_MEDIA;
4618	if (be_lun->flags & CTL_LUN_FLAG_STOPPED)
4619		lun->flags |= CTL_LUN_STOPPED;
4620
4621	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4622		lun->flags |= CTL_LUN_PRIMARY_SC;
4623
4624	value = ctl_get_opt(&be_lun->options, "removable");
4625	if (value != NULL) {
4626		if (strcmp(value, "on") == 0)
4627			lun->flags |= CTL_LUN_REMOVABLE;
4628	} else if (be_lun->lun_type == T_CDROM)
4629		lun->flags |= CTL_LUN_REMOVABLE;
4630
4631	lun->ctl_softc = ctl_softc;
4632#ifdef CTL_TIME_IO
4633	lun->last_busy = getsbinuptime();
4634#endif
4635	TAILQ_INIT(&lun->ooa_queue);
4636	TAILQ_INIT(&lun->blocked_queue);
4637	STAILQ_INIT(&lun->error_list);
4638	lun->ie_reported = 1;
4639	callout_init_mtx(&lun->ie_callout, &lun->lun_lock, 0);
4640	ctl_tpc_lun_init(lun);
4641	if (lun->flags & CTL_LUN_REMOVABLE) {
4642		lun->prevent = malloc((CTL_MAX_INITIATORS + 31) / 32 * 4,
4643		    M_CTL, M_WAITOK);
4644	}
4645
4646	/*
4647	 * Initialize the mode and log page index.
4648	 */
4649	ctl_init_page_index(lun);
4650	ctl_init_log_page_index(lun);
4651
4652	/* Setup statistics gathering */
4653#ifdef CTL_LEGACY_STATS
4654	lun->legacy_stats.device_type = be_lun->lun_type;
4655	lun->legacy_stats.lun_number = lun_number;
4656	lun->legacy_stats.blocksize = be_lun->blocksize;
4657	if (be_lun->blocksize == 0)
4658		lun->legacy_stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4659	for (len = 0; len < CTL_MAX_PORTS; len++)
4660		lun->legacy_stats.ports[len].targ_port = len;
4661#endif /* CTL_LEGACY_STATS */
4662	lun->stats.item = lun_number;
4663
4664	/*
4665	 * Now, before we insert this lun on the lun list, set the lun
4666	 * inventory changed UA for all other luns.
4667	 */
4668	mtx_lock(&ctl_softc->ctl_lock);
4669	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4670		mtx_lock(&nlun->lun_lock);
4671		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4672		mtx_unlock(&nlun->lun_lock);
4673	}
4674	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4675	ctl_softc->ctl_luns[lun_number] = lun;
4676	ctl_softc->num_luns++;
4677	mtx_unlock(&ctl_softc->ctl_lock);
4678
4679	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4680	return (0);
4681}
4682
4683/*
4684 * Delete a LUN.
4685 * Assumptions:
4686 * - LUN has already been marked invalid and any pending I/O has been taken
4687 *   care of.
4688 */
4689static int
4690ctl_free_lun(struct ctl_lun *lun)
4691{
4692	struct ctl_softc *softc = lun->ctl_softc;
4693	struct ctl_lun *nlun;
4694	int i;
4695
4696	mtx_assert(&softc->ctl_lock, MA_OWNED);
4697
4698	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4699
4700	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4701
4702	softc->ctl_luns[lun->lun] = NULL;
4703
4704	if (!TAILQ_EMPTY(&lun->ooa_queue))
4705		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4706
4707	softc->num_luns--;
4708
4709	/*
4710	 * Tell the backend to free resources, if this LUN has a backend.
4711	 */
4712	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4713	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4714
4715	lun->ie_reportcnt = UINT32_MAX;
4716	callout_drain(&lun->ie_callout);
4717
4718	ctl_tpc_lun_shutdown(lun);
4719	mtx_destroy(&lun->lun_lock);
4720	free(lun->lun_devid, M_CTL);
4721	for (i = 0; i < CTL_MAX_PORTS; i++)
4722		free(lun->pending_ua[i], M_CTL);
4723	for (i = 0; i < CTL_MAX_PORTS; i++)
4724		free(lun->pr_keys[i], M_CTL);
4725	free(lun->write_buffer, M_CTL);
4726	free(lun->prevent, M_CTL);
4727	if (lun->flags & CTL_LUN_MALLOCED)
4728		free(lun, M_CTL);
4729
4730	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4731		mtx_lock(&nlun->lun_lock);
4732		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4733		mtx_unlock(&nlun->lun_lock);
4734	}
4735
4736	return (0);
4737}
4738
4739static void
4740ctl_create_lun(struct ctl_be_lun *be_lun)
4741{
4742
4743	/*
4744	 * ctl_alloc_lun() should handle all potential failure cases.
4745	 */
4746	ctl_alloc_lun(control_softc, NULL, be_lun);
4747}
4748
4749int
4750ctl_add_lun(struct ctl_be_lun *be_lun)
4751{
4752	struct ctl_softc *softc = control_softc;
4753
4754	mtx_lock(&softc->ctl_lock);
4755	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4756	mtx_unlock(&softc->ctl_lock);
4757	wakeup(&softc->pending_lun_queue);
4758
4759	return (0);
4760}
4761
4762int
4763ctl_enable_lun(struct ctl_be_lun *be_lun)
4764{
4765	struct ctl_softc *softc;
4766	struct ctl_port *port, *nport;
4767	struct ctl_lun *lun;
4768	int retval;
4769
4770	lun = (struct ctl_lun *)be_lun->ctl_lun;
4771	softc = lun->ctl_softc;
4772
4773	mtx_lock(&softc->ctl_lock);
4774	mtx_lock(&lun->lun_lock);
4775	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4776		/*
4777		 * eh?  Why did we get called if the LUN is already
4778		 * enabled?
4779		 */
4780		mtx_unlock(&lun->lun_lock);
4781		mtx_unlock(&softc->ctl_lock);
4782		return (0);
4783	}
4784	lun->flags &= ~CTL_LUN_DISABLED;
4785	mtx_unlock(&lun->lun_lock);
4786
4787	STAILQ_FOREACH_SAFE(port, &softc->port_list, links, nport) {
4788		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4789		    port->lun_map != NULL || port->lun_enable == NULL)
4790			continue;
4791
4792		/*
4793		 * Drop the lock while we call the FETD's enable routine.
4794		 * This can lead to a callback into CTL (at least in the
4795		 * case of the internal initiator frontend.
4796		 */
4797		mtx_unlock(&softc->ctl_lock);
4798		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4799		mtx_lock(&softc->ctl_lock);
4800		if (retval != 0) {
4801			printf("%s: FETD %s port %d returned error "
4802			       "%d for lun_enable on lun %jd\n",
4803			       __func__, port->port_name, port->targ_port,
4804			       retval, (intmax_t)lun->lun);
4805		}
4806	}
4807
4808	mtx_unlock(&softc->ctl_lock);
4809	ctl_isc_announce_lun(lun);
4810
4811	return (0);
4812}
4813
4814int
4815ctl_disable_lun(struct ctl_be_lun *be_lun)
4816{
4817	struct ctl_softc *softc;
4818	struct ctl_port *port;
4819	struct ctl_lun *lun;
4820	int retval;
4821
4822	lun = (struct ctl_lun *)be_lun->ctl_lun;
4823	softc = lun->ctl_softc;
4824
4825	mtx_lock(&softc->ctl_lock);
4826	mtx_lock(&lun->lun_lock);
4827	if (lun->flags & CTL_LUN_DISABLED) {
4828		mtx_unlock(&lun->lun_lock);
4829		mtx_unlock(&softc->ctl_lock);
4830		return (0);
4831	}
4832	lun->flags |= CTL_LUN_DISABLED;
4833	mtx_unlock(&lun->lun_lock);
4834
4835	STAILQ_FOREACH(port, &softc->port_list, links) {
4836		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4837		    port->lun_map != NULL || port->lun_disable == NULL)
4838			continue;
4839
4840		/*
4841		 * Drop the lock before we call the frontend's disable
4842		 * routine, to avoid lock order reversals.
4843		 *
4844		 * XXX KDM what happens if the frontend list changes while
4845		 * we're traversing it?  It's unlikely, but should be handled.
4846		 */
4847		mtx_unlock(&softc->ctl_lock);
4848		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4849		mtx_lock(&softc->ctl_lock);
4850		if (retval != 0) {
4851			printf("%s: FETD %s port %d returned error "
4852			       "%d for lun_disable on lun %jd\n",
4853			       __func__, port->port_name, port->targ_port,
4854			       retval, (intmax_t)lun->lun);
4855		}
4856	}
4857
4858	mtx_unlock(&softc->ctl_lock);
4859	ctl_isc_announce_lun(lun);
4860
4861	return (0);
4862}
4863
4864int
4865ctl_start_lun(struct ctl_be_lun *be_lun)
4866{
4867	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4868
4869	mtx_lock(&lun->lun_lock);
4870	lun->flags &= ~CTL_LUN_STOPPED;
4871	mtx_unlock(&lun->lun_lock);
4872	return (0);
4873}
4874
4875int
4876ctl_stop_lun(struct ctl_be_lun *be_lun)
4877{
4878	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4879
4880	mtx_lock(&lun->lun_lock);
4881	lun->flags |= CTL_LUN_STOPPED;
4882	mtx_unlock(&lun->lun_lock);
4883	return (0);
4884}
4885
4886int
4887ctl_lun_no_media(struct ctl_be_lun *be_lun)
4888{
4889	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4890
4891	mtx_lock(&lun->lun_lock);
4892	lun->flags |= CTL_LUN_NO_MEDIA;
4893	mtx_unlock(&lun->lun_lock);
4894	return (0);
4895}
4896
4897int
4898ctl_lun_has_media(struct ctl_be_lun *be_lun)
4899{
4900	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4901	union ctl_ha_msg msg;
4902
4903	mtx_lock(&lun->lun_lock);
4904	lun->flags &= ~(CTL_LUN_NO_MEDIA | CTL_LUN_EJECTED);
4905	if (lun->flags & CTL_LUN_REMOVABLE)
4906		ctl_est_ua_all(lun, -1, CTL_UA_MEDIUM_CHANGE);
4907	mtx_unlock(&lun->lun_lock);
4908	if ((lun->flags & CTL_LUN_REMOVABLE) &&
4909	    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4910		bzero(&msg.ua, sizeof(msg.ua));
4911		msg.hdr.msg_type = CTL_MSG_UA;
4912		msg.hdr.nexus.initid = -1;
4913		msg.hdr.nexus.targ_port = -1;
4914		msg.hdr.nexus.targ_lun = lun->lun;
4915		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4916		msg.ua.ua_all = 1;
4917		msg.ua.ua_set = 1;
4918		msg.ua.ua_type = CTL_UA_MEDIUM_CHANGE;
4919		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4920		    M_WAITOK);
4921	}
4922	return (0);
4923}
4924
4925int
4926ctl_lun_ejected(struct ctl_be_lun *be_lun)
4927{
4928	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4929
4930	mtx_lock(&lun->lun_lock);
4931	lun->flags |= CTL_LUN_EJECTED;
4932	mtx_unlock(&lun->lun_lock);
4933	return (0);
4934}
4935
4936int
4937ctl_lun_primary(struct ctl_be_lun *be_lun)
4938{
4939	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4940
4941	mtx_lock(&lun->lun_lock);
4942	lun->flags |= CTL_LUN_PRIMARY_SC;
4943	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4944	mtx_unlock(&lun->lun_lock);
4945	ctl_isc_announce_lun(lun);
4946	return (0);
4947}
4948
4949int
4950ctl_lun_secondary(struct ctl_be_lun *be_lun)
4951{
4952	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4953
4954	mtx_lock(&lun->lun_lock);
4955	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4956	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4957	mtx_unlock(&lun->lun_lock);
4958	ctl_isc_announce_lun(lun);
4959	return (0);
4960}
4961
4962int
4963ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4964{
4965	struct ctl_softc *softc;
4966	struct ctl_lun *lun;
4967
4968	lun = (struct ctl_lun *)be_lun->ctl_lun;
4969	softc = lun->ctl_softc;
4970
4971	mtx_lock(&lun->lun_lock);
4972
4973	/*
4974	 * The LUN needs to be disabled before it can be marked invalid.
4975	 */
4976	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4977		mtx_unlock(&lun->lun_lock);
4978		return (-1);
4979	}
4980	/*
4981	 * Mark the LUN invalid.
4982	 */
4983	lun->flags |= CTL_LUN_INVALID;
4984
4985	/*
4986	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4987	 * If we have something in the OOA queue, we'll free it when the
4988	 * last I/O completes.
4989	 */
4990	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4991		mtx_unlock(&lun->lun_lock);
4992		mtx_lock(&softc->ctl_lock);
4993		ctl_free_lun(lun);
4994		mtx_unlock(&softc->ctl_lock);
4995	} else
4996		mtx_unlock(&lun->lun_lock);
4997
4998	return (0);
4999}
5000
5001void
5002ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5003{
5004	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5005	union ctl_ha_msg msg;
5006
5007	mtx_lock(&lun->lun_lock);
5008	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGE);
5009	mtx_unlock(&lun->lun_lock);
5010	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
5011		/* Send msg to other side. */
5012		bzero(&msg.ua, sizeof(msg.ua));
5013		msg.hdr.msg_type = CTL_MSG_UA;
5014		msg.hdr.nexus.initid = -1;
5015		msg.hdr.nexus.targ_port = -1;
5016		msg.hdr.nexus.targ_lun = lun->lun;
5017		msg.hdr.nexus.targ_mapped_lun = lun->lun;
5018		msg.ua.ua_all = 1;
5019		msg.ua.ua_set = 1;
5020		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGE;
5021		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
5022		    M_WAITOK);
5023	}
5024}
5025
5026/*
5027 * Backend "memory move is complete" callback for requests that never
5028 * make it down to say RAIDCore's configuration code.
5029 */
5030int
5031ctl_config_move_done(union ctl_io *io)
5032{
5033	int retval;
5034
5035	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5036	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
5037	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
5038
5039	if ((io->io_hdr.port_status != 0) &&
5040	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5041	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5042		ctl_set_internal_failure(&io->scsiio, /*sks_valid*/ 1,
5043		    /*retry_count*/ io->io_hdr.port_status);
5044	} else if (io->scsiio.kern_data_resid != 0 &&
5045	    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT &&
5046	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5047	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5048		ctl_set_invalid_field_ciu(&io->scsiio);
5049	}
5050
5051	if (ctl_debug & CTL_DEBUG_CDB_DATA)
5052		ctl_data_print(io);
5053	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
5054	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5055	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
5056	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5057		/*
5058		 * XXX KDM just assuming a single pointer here, and not a
5059		 * S/G list.  If we start using S/G lists for config data,
5060		 * we'll need to know how to clean them up here as well.
5061		 */
5062		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5063			free(io->scsiio.kern_data_ptr, M_CTL);
5064		ctl_done(io);
5065		retval = CTL_RETVAL_COMPLETE;
5066	} else {
5067		/*
5068		 * XXX KDM now we need to continue data movement.  Some
5069		 * options:
5070		 * - call ctl_scsiio() again?  We don't do this for data
5071		 *   writes, because for those at least we know ahead of
5072		 *   time where the write will go and how long it is.  For
5073		 *   config writes, though, that information is largely
5074		 *   contained within the write itself, thus we need to
5075		 *   parse out the data again.
5076		 *
5077		 * - Call some other function once the data is in?
5078		 */
5079
5080		/*
5081		 * XXX KDM call ctl_scsiio() again for now, and check flag
5082		 * bits to see whether we're allocated or not.
5083		 */
5084		retval = ctl_scsiio(&io->scsiio);
5085	}
5086	return (retval);
5087}
5088
5089/*
5090 * This gets called by a backend driver when it is done with a
5091 * data_submit method.
5092 */
5093void
5094ctl_data_submit_done(union ctl_io *io)
5095{
5096	/*
5097	 * If the IO_CONT flag is set, we need to call the supplied
5098	 * function to continue processing the I/O, instead of completing
5099	 * the I/O just yet.
5100	 *
5101	 * If there is an error, though, we don't want to keep processing.
5102	 * Instead, just send status back to the initiator.
5103	 */
5104	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5105	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5106	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5107	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5108		io->scsiio.io_cont(io);
5109		return;
5110	}
5111	ctl_done(io);
5112}
5113
5114/*
5115 * This gets called by a backend driver when it is done with a
5116 * configuration write.
5117 */
5118void
5119ctl_config_write_done(union ctl_io *io)
5120{
5121	uint8_t *buf;
5122
5123	/*
5124	 * If the IO_CONT flag is set, we need to call the supplied
5125	 * function to continue processing the I/O, instead of completing
5126	 * the I/O just yet.
5127	 *
5128	 * If there is an error, though, we don't want to keep processing.
5129	 * Instead, just send status back to the initiator.
5130	 */
5131	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5132	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5133	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5134	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5135		io->scsiio.io_cont(io);
5136		return;
5137	}
5138	/*
5139	 * Since a configuration write can be done for commands that actually
5140	 * have data allocated, like write buffer, and commands that have
5141	 * no data, like start/stop unit, we need to check here.
5142	 */
5143	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5144		buf = io->scsiio.kern_data_ptr;
5145	else
5146		buf = NULL;
5147	ctl_done(io);
5148	if (buf)
5149		free(buf, M_CTL);
5150}
5151
5152void
5153ctl_config_read_done(union ctl_io *io)
5154{
5155	uint8_t *buf;
5156
5157	/*
5158	 * If there is some error -- we are done, skip data transfer.
5159	 */
5160	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5161	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5162	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5163		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5164			buf = io->scsiio.kern_data_ptr;
5165		else
5166			buf = NULL;
5167		ctl_done(io);
5168		if (buf)
5169			free(buf, M_CTL);
5170		return;
5171	}
5172
5173	/*
5174	 * If the IO_CONT flag is set, we need to call the supplied
5175	 * function to continue processing the I/O, instead of completing
5176	 * the I/O just yet.
5177	 */
5178	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5179		io->scsiio.io_cont(io);
5180		return;
5181	}
5182
5183	ctl_datamove(io);
5184}
5185
5186/*
5187 * SCSI release command.
5188 */
5189int
5190ctl_scsi_release(struct ctl_scsiio *ctsio)
5191{
5192	struct ctl_lun *lun = CTL_LUN(ctsio);
5193	uint32_t residx;
5194
5195	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5196
5197	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5198
5199	/*
5200	 * XXX KDM right now, we only support LUN reservation.  We don't
5201	 * support 3rd party reservations, or extent reservations, which
5202	 * might actually need the parameter list.  If we've gotten this
5203	 * far, we've got a LUN reservation.  Anything else got kicked out
5204	 * above.  So, according to SPC, ignore the length.
5205	 */
5206
5207	mtx_lock(&lun->lun_lock);
5208
5209	/*
5210	 * According to SPC, it is not an error for an intiator to attempt
5211	 * to release a reservation on a LUN that isn't reserved, or that
5212	 * is reserved by another initiator.  The reservation can only be
5213	 * released, though, by the initiator who made it or by one of
5214	 * several reset type events.
5215	 */
5216	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5217			lun->flags &= ~CTL_LUN_RESERVED;
5218
5219	mtx_unlock(&lun->lun_lock);
5220
5221	ctl_set_success(ctsio);
5222	ctl_done((union ctl_io *)ctsio);
5223	return (CTL_RETVAL_COMPLETE);
5224}
5225
5226int
5227ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5228{
5229	struct ctl_lun *lun = CTL_LUN(ctsio);
5230	uint32_t residx;
5231
5232	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5233
5234	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5235
5236	/*
5237	 * XXX KDM right now, we only support LUN reservation.  We don't
5238	 * support 3rd party reservations, or extent reservations, which
5239	 * might actually need the parameter list.  If we've gotten this
5240	 * far, we've got a LUN reservation.  Anything else got kicked out
5241	 * above.  So, according to SPC, ignore the length.
5242	 */
5243
5244	mtx_lock(&lun->lun_lock);
5245	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5246		ctl_set_reservation_conflict(ctsio);
5247		goto bailout;
5248	}
5249
5250	/* SPC-3 exceptions to SPC-2 RESERVE and RELEASE behavior. */
5251	if (lun->flags & CTL_LUN_PR_RESERVED) {
5252		ctl_set_success(ctsio);
5253		goto bailout;
5254	}
5255
5256	lun->flags |= CTL_LUN_RESERVED;
5257	lun->res_idx = residx;
5258	ctl_set_success(ctsio);
5259
5260bailout:
5261	mtx_unlock(&lun->lun_lock);
5262	ctl_done((union ctl_io *)ctsio);
5263	return (CTL_RETVAL_COMPLETE);
5264}
5265
5266int
5267ctl_start_stop(struct ctl_scsiio *ctsio)
5268{
5269	struct ctl_lun *lun = CTL_LUN(ctsio);
5270	struct scsi_start_stop_unit *cdb;
5271	int retval;
5272
5273	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5274
5275	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5276
5277	if ((cdb->how & SSS_PC_MASK) == 0) {
5278		if ((lun->flags & CTL_LUN_PR_RESERVED) &&
5279		    (cdb->how & SSS_START) == 0) {
5280			uint32_t residx;
5281
5282			residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5283			if (ctl_get_prkey(lun, residx) == 0 ||
5284			    (lun->pr_res_idx != residx && lun->pr_res_type < 4)) {
5285
5286				ctl_set_reservation_conflict(ctsio);
5287				ctl_done((union ctl_io *)ctsio);
5288				return (CTL_RETVAL_COMPLETE);
5289			}
5290		}
5291
5292		if ((cdb->how & SSS_LOEJ) &&
5293		    (lun->flags & CTL_LUN_REMOVABLE) == 0) {
5294			ctl_set_invalid_field(ctsio,
5295					      /*sks_valid*/ 1,
5296					      /*command*/ 1,
5297					      /*field*/ 4,
5298					      /*bit_valid*/ 1,
5299					      /*bit*/ 1);
5300			ctl_done((union ctl_io *)ctsio);
5301			return (CTL_RETVAL_COMPLETE);
5302		}
5303
5304		if ((cdb->how & SSS_START) == 0 && (cdb->how & SSS_LOEJ) &&
5305		    lun->prevent_count > 0) {
5306			/* "Medium removal prevented" */
5307			ctl_set_sense(ctsio, /*current_error*/ 1,
5308			    /*sense_key*/(lun->flags & CTL_LUN_NO_MEDIA) ?
5309			     SSD_KEY_NOT_READY : SSD_KEY_ILLEGAL_REQUEST,
5310			    /*asc*/ 0x53, /*ascq*/ 0x02, SSD_ELEM_NONE);
5311			ctl_done((union ctl_io *)ctsio);
5312			return (CTL_RETVAL_COMPLETE);
5313		}
5314	}
5315
5316	retval = lun->backend->config_write((union ctl_io *)ctsio);
5317	return (retval);
5318}
5319
5320int
5321ctl_prevent_allow(struct ctl_scsiio *ctsio)
5322{
5323	struct ctl_lun *lun = CTL_LUN(ctsio);
5324	struct scsi_prevent *cdb;
5325	int retval;
5326	uint32_t initidx;
5327
5328	CTL_DEBUG_PRINT(("ctl_prevent_allow\n"));
5329
5330	cdb = (struct scsi_prevent *)ctsio->cdb;
5331
5332	if ((lun->flags & CTL_LUN_REMOVABLE) == 0 || lun->prevent == NULL) {
5333		ctl_set_invalid_opcode(ctsio);
5334		ctl_done((union ctl_io *)ctsio);
5335		return (CTL_RETVAL_COMPLETE);
5336	}
5337
5338	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5339	mtx_lock(&lun->lun_lock);
5340	if ((cdb->how & PR_PREVENT) &&
5341	    ctl_is_set(lun->prevent, initidx) == 0) {
5342		ctl_set_mask(lun->prevent, initidx);
5343		lun->prevent_count++;
5344	} else if ((cdb->how & PR_PREVENT) == 0 &&
5345	    ctl_is_set(lun->prevent, initidx)) {
5346		ctl_clear_mask(lun->prevent, initidx);
5347		lun->prevent_count--;
5348	}
5349	mtx_unlock(&lun->lun_lock);
5350	retval = lun->backend->config_write((union ctl_io *)ctsio);
5351	return (retval);
5352}
5353
5354/*
5355 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5356 * we don't really do anything with the LBA and length fields if the user
5357 * passes them in.  Instead we'll just flush out the cache for the entire
5358 * LUN.
5359 */
5360int
5361ctl_sync_cache(struct ctl_scsiio *ctsio)
5362{
5363	struct ctl_lun *lun = CTL_LUN(ctsio);
5364	struct ctl_lba_len_flags *lbalen;
5365	uint64_t starting_lba;
5366	uint32_t block_count;
5367	int retval;
5368	uint8_t byte2;
5369
5370	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5371
5372	retval = 0;
5373
5374	switch (ctsio->cdb[0]) {
5375	case SYNCHRONIZE_CACHE: {
5376		struct scsi_sync_cache *cdb;
5377		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5378
5379		starting_lba = scsi_4btoul(cdb->begin_lba);
5380		block_count = scsi_2btoul(cdb->lb_count);
5381		byte2 = cdb->byte2;
5382		break;
5383	}
5384	case SYNCHRONIZE_CACHE_16: {
5385		struct scsi_sync_cache_16 *cdb;
5386		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5387
5388		starting_lba = scsi_8btou64(cdb->begin_lba);
5389		block_count = scsi_4btoul(cdb->lb_count);
5390		byte2 = cdb->byte2;
5391		break;
5392	}
5393	default:
5394		ctl_set_invalid_opcode(ctsio);
5395		ctl_done((union ctl_io *)ctsio);
5396		goto bailout;
5397		break; /* NOTREACHED */
5398	}
5399
5400	/*
5401	 * We check the LBA and length, but don't do anything with them.
5402	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5403	 * get flushed.  This check will just help satisfy anyone who wants
5404	 * to see an error for an out of range LBA.
5405	 */
5406	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5407		ctl_set_lba_out_of_range(ctsio,
5408		    MAX(starting_lba, lun->be_lun->maxlba + 1));
5409		ctl_done((union ctl_io *)ctsio);
5410		goto bailout;
5411	}
5412
5413	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5414	lbalen->lba = starting_lba;
5415	lbalen->len = block_count;
5416	lbalen->flags = byte2;
5417	retval = lun->backend->config_write((union ctl_io *)ctsio);
5418
5419bailout:
5420	return (retval);
5421}
5422
5423int
5424ctl_format(struct ctl_scsiio *ctsio)
5425{
5426	struct scsi_format *cdb;
5427	int length, defect_list_len;
5428
5429	CTL_DEBUG_PRINT(("ctl_format\n"));
5430
5431	cdb = (struct scsi_format *)ctsio->cdb;
5432
5433	length = 0;
5434	if (cdb->byte2 & SF_FMTDATA) {
5435		if (cdb->byte2 & SF_LONGLIST)
5436			length = sizeof(struct scsi_format_header_long);
5437		else
5438			length = sizeof(struct scsi_format_header_short);
5439	}
5440
5441	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5442	 && (length > 0)) {
5443		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5444		ctsio->kern_data_len = length;
5445		ctsio->kern_total_len = length;
5446		ctsio->kern_rel_offset = 0;
5447		ctsio->kern_sg_entries = 0;
5448		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5449		ctsio->be_move_done = ctl_config_move_done;
5450		ctl_datamove((union ctl_io *)ctsio);
5451
5452		return (CTL_RETVAL_COMPLETE);
5453	}
5454
5455	defect_list_len = 0;
5456
5457	if (cdb->byte2 & SF_FMTDATA) {
5458		if (cdb->byte2 & SF_LONGLIST) {
5459			struct scsi_format_header_long *header;
5460
5461			header = (struct scsi_format_header_long *)
5462				ctsio->kern_data_ptr;
5463
5464			defect_list_len = scsi_4btoul(header->defect_list_len);
5465			if (defect_list_len != 0) {
5466				ctl_set_invalid_field(ctsio,
5467						      /*sks_valid*/ 1,
5468						      /*command*/ 0,
5469						      /*field*/ 2,
5470						      /*bit_valid*/ 0,
5471						      /*bit*/ 0);
5472				goto bailout;
5473			}
5474		} else {
5475			struct scsi_format_header_short *header;
5476
5477			header = (struct scsi_format_header_short *)
5478				ctsio->kern_data_ptr;
5479
5480			defect_list_len = scsi_2btoul(header->defect_list_len);
5481			if (defect_list_len != 0) {
5482				ctl_set_invalid_field(ctsio,
5483						      /*sks_valid*/ 1,
5484						      /*command*/ 0,
5485						      /*field*/ 2,
5486						      /*bit_valid*/ 0,
5487						      /*bit*/ 0);
5488				goto bailout;
5489			}
5490		}
5491	}
5492
5493	ctl_set_success(ctsio);
5494bailout:
5495
5496	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5497		free(ctsio->kern_data_ptr, M_CTL);
5498		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5499	}
5500
5501	ctl_done((union ctl_io *)ctsio);
5502	return (CTL_RETVAL_COMPLETE);
5503}
5504
5505int
5506ctl_read_buffer(struct ctl_scsiio *ctsio)
5507{
5508	struct ctl_lun *lun = CTL_LUN(ctsio);
5509	uint64_t buffer_offset;
5510	uint32_t len;
5511	uint8_t byte2;
5512	static uint8_t descr[4];
5513	static uint8_t echo_descr[4] = { 0 };
5514
5515	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5516
5517	switch (ctsio->cdb[0]) {
5518	case READ_BUFFER: {
5519		struct scsi_read_buffer *cdb;
5520
5521		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5522		buffer_offset = scsi_3btoul(cdb->offset);
5523		len = scsi_3btoul(cdb->length);
5524		byte2 = cdb->byte2;
5525		break;
5526	}
5527	case READ_BUFFER_16: {
5528		struct scsi_read_buffer_16 *cdb;
5529
5530		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5531		buffer_offset = scsi_8btou64(cdb->offset);
5532		len = scsi_4btoul(cdb->length);
5533		byte2 = cdb->byte2;
5534		break;
5535	}
5536	default: /* This shouldn't happen. */
5537		ctl_set_invalid_opcode(ctsio);
5538		ctl_done((union ctl_io *)ctsio);
5539		return (CTL_RETVAL_COMPLETE);
5540	}
5541
5542	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5543	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5544		ctl_set_invalid_field(ctsio,
5545				      /*sks_valid*/ 1,
5546				      /*command*/ 1,
5547				      /*field*/ 6,
5548				      /*bit_valid*/ 0,
5549				      /*bit*/ 0);
5550		ctl_done((union ctl_io *)ctsio);
5551		return (CTL_RETVAL_COMPLETE);
5552	}
5553
5554	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5555		descr[0] = 0;
5556		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5557		ctsio->kern_data_ptr = descr;
5558		len = min(len, sizeof(descr));
5559	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5560		ctsio->kern_data_ptr = echo_descr;
5561		len = min(len, sizeof(echo_descr));
5562	} else {
5563		if (lun->write_buffer == NULL) {
5564			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5565			    M_CTL, M_WAITOK);
5566		}
5567		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5568	}
5569	ctsio->kern_data_len = len;
5570	ctsio->kern_total_len = len;
5571	ctsio->kern_rel_offset = 0;
5572	ctsio->kern_sg_entries = 0;
5573	ctl_set_success(ctsio);
5574	ctsio->be_move_done = ctl_config_move_done;
5575	ctl_datamove((union ctl_io *)ctsio);
5576	return (CTL_RETVAL_COMPLETE);
5577}
5578
5579int
5580ctl_write_buffer(struct ctl_scsiio *ctsio)
5581{
5582	struct ctl_lun *lun = CTL_LUN(ctsio);
5583	struct scsi_write_buffer *cdb;
5584	int buffer_offset, len;
5585
5586	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5587
5588	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5589
5590	len = scsi_3btoul(cdb->length);
5591	buffer_offset = scsi_3btoul(cdb->offset);
5592
5593	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5594		ctl_set_invalid_field(ctsio,
5595				      /*sks_valid*/ 1,
5596				      /*command*/ 1,
5597				      /*field*/ 6,
5598				      /*bit_valid*/ 0,
5599				      /*bit*/ 0);
5600		ctl_done((union ctl_io *)ctsio);
5601		return (CTL_RETVAL_COMPLETE);
5602	}
5603
5604	/*
5605	 * If we've got a kernel request that hasn't been malloced yet,
5606	 * malloc it and tell the caller the data buffer is here.
5607	 */
5608	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5609		if (lun->write_buffer == NULL) {
5610			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5611			    M_CTL, M_WAITOK);
5612		}
5613		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5614		ctsio->kern_data_len = len;
5615		ctsio->kern_total_len = len;
5616		ctsio->kern_rel_offset = 0;
5617		ctsio->kern_sg_entries = 0;
5618		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5619		ctsio->be_move_done = ctl_config_move_done;
5620		ctl_datamove((union ctl_io *)ctsio);
5621
5622		return (CTL_RETVAL_COMPLETE);
5623	}
5624
5625	ctl_set_success(ctsio);
5626	ctl_done((union ctl_io *)ctsio);
5627	return (CTL_RETVAL_COMPLETE);
5628}
5629
5630int
5631ctl_write_same(struct ctl_scsiio *ctsio)
5632{
5633	struct ctl_lun *lun = CTL_LUN(ctsio);
5634	struct ctl_lba_len_flags *lbalen;
5635	uint64_t lba;
5636	uint32_t num_blocks;
5637	int len, retval;
5638	uint8_t byte2;
5639
5640	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5641
5642	switch (ctsio->cdb[0]) {
5643	case WRITE_SAME_10: {
5644		struct scsi_write_same_10 *cdb;
5645
5646		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5647
5648		lba = scsi_4btoul(cdb->addr);
5649		num_blocks = scsi_2btoul(cdb->length);
5650		byte2 = cdb->byte2;
5651		break;
5652	}
5653	case WRITE_SAME_16: {
5654		struct scsi_write_same_16 *cdb;
5655
5656		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5657
5658		lba = scsi_8btou64(cdb->addr);
5659		num_blocks = scsi_4btoul(cdb->length);
5660		byte2 = cdb->byte2;
5661		break;
5662	}
5663	default:
5664		/*
5665		 * We got a command we don't support.  This shouldn't
5666		 * happen, commands should be filtered out above us.
5667		 */
5668		ctl_set_invalid_opcode(ctsio);
5669		ctl_done((union ctl_io *)ctsio);
5670
5671		return (CTL_RETVAL_COMPLETE);
5672		break; /* NOTREACHED */
5673	}
5674
5675	/* ANCHOR flag can be used only together with UNMAP */
5676	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5677		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5678		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5679		ctl_done((union ctl_io *)ctsio);
5680		return (CTL_RETVAL_COMPLETE);
5681	}
5682
5683	/*
5684	 * The first check is to make sure we're in bounds, the second
5685	 * check is to catch wrap-around problems.  If the lba + num blocks
5686	 * is less than the lba, then we've wrapped around and the block
5687	 * range is invalid anyway.
5688	 */
5689	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5690	 || ((lba + num_blocks) < lba)) {
5691		ctl_set_lba_out_of_range(ctsio,
5692		    MAX(lba, lun->be_lun->maxlba + 1));
5693		ctl_done((union ctl_io *)ctsio);
5694		return (CTL_RETVAL_COMPLETE);
5695	}
5696
5697	/* Zero number of blocks means "to the last logical block" */
5698	if (num_blocks == 0) {
5699		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5700			ctl_set_invalid_field(ctsio,
5701					      /*sks_valid*/ 0,
5702					      /*command*/ 1,
5703					      /*field*/ 0,
5704					      /*bit_valid*/ 0,
5705					      /*bit*/ 0);
5706			ctl_done((union ctl_io *)ctsio);
5707			return (CTL_RETVAL_COMPLETE);
5708		}
5709		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5710	}
5711
5712	len = lun->be_lun->blocksize;
5713
5714	/*
5715	 * If we've got a kernel request that hasn't been malloced yet,
5716	 * malloc it and tell the caller the data buffer is here.
5717	 */
5718	if ((byte2 & SWS_NDOB) == 0 &&
5719	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5720		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5721		ctsio->kern_data_len = len;
5722		ctsio->kern_total_len = len;
5723		ctsio->kern_rel_offset = 0;
5724		ctsio->kern_sg_entries = 0;
5725		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5726		ctsio->be_move_done = ctl_config_move_done;
5727		ctl_datamove((union ctl_io *)ctsio);
5728
5729		return (CTL_RETVAL_COMPLETE);
5730	}
5731
5732	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5733	lbalen->lba = lba;
5734	lbalen->len = num_blocks;
5735	lbalen->flags = byte2;
5736	retval = lun->backend->config_write((union ctl_io *)ctsio);
5737
5738	return (retval);
5739}
5740
5741int
5742ctl_unmap(struct ctl_scsiio *ctsio)
5743{
5744	struct ctl_lun *lun = CTL_LUN(ctsio);
5745	struct scsi_unmap *cdb;
5746	struct ctl_ptr_len_flags *ptrlen;
5747	struct scsi_unmap_header *hdr;
5748	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5749	uint64_t lba;
5750	uint32_t num_blocks;
5751	int len, retval;
5752	uint8_t byte2;
5753
5754	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5755
5756	cdb = (struct scsi_unmap *)ctsio->cdb;
5757	len = scsi_2btoul(cdb->length);
5758	byte2 = cdb->byte2;
5759
5760	/*
5761	 * If we've got a kernel request that hasn't been malloced yet,
5762	 * malloc it and tell the caller the data buffer is here.
5763	 */
5764	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5765		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5766		ctsio->kern_data_len = len;
5767		ctsio->kern_total_len = len;
5768		ctsio->kern_rel_offset = 0;
5769		ctsio->kern_sg_entries = 0;
5770		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5771		ctsio->be_move_done = ctl_config_move_done;
5772		ctl_datamove((union ctl_io *)ctsio);
5773
5774		return (CTL_RETVAL_COMPLETE);
5775	}
5776
5777	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5778	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5779	if (len < sizeof (*hdr) ||
5780	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5781	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5782	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5783		ctl_set_invalid_field(ctsio,
5784				      /*sks_valid*/ 0,
5785				      /*command*/ 0,
5786				      /*field*/ 0,
5787				      /*bit_valid*/ 0,
5788				      /*bit*/ 0);
5789		goto done;
5790	}
5791	len = scsi_2btoul(hdr->desc_length);
5792	buf = (struct scsi_unmap_desc *)(hdr + 1);
5793	end = buf + len / sizeof(*buf);
5794
5795	endnz = buf;
5796	for (range = buf; range < end; range++) {
5797		lba = scsi_8btou64(range->lba);
5798		num_blocks = scsi_4btoul(range->length);
5799		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5800		 || ((lba + num_blocks) < lba)) {
5801			ctl_set_lba_out_of_range(ctsio,
5802			    MAX(lba, lun->be_lun->maxlba + 1));
5803			ctl_done((union ctl_io *)ctsio);
5804			return (CTL_RETVAL_COMPLETE);
5805		}
5806		if (num_blocks != 0)
5807			endnz = range + 1;
5808	}
5809
5810	/*
5811	 * Block backend can not handle zero last range.
5812	 * Filter it out and return if there is nothing left.
5813	 */
5814	len = (uint8_t *)endnz - (uint8_t *)buf;
5815	if (len == 0) {
5816		ctl_set_success(ctsio);
5817		goto done;
5818	}
5819
5820	mtx_lock(&lun->lun_lock);
5821	ptrlen = (struct ctl_ptr_len_flags *)
5822	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5823	ptrlen->ptr = (void *)buf;
5824	ptrlen->len = len;
5825	ptrlen->flags = byte2;
5826	ctl_check_blocked(lun);
5827	mtx_unlock(&lun->lun_lock);
5828
5829	retval = lun->backend->config_write((union ctl_io *)ctsio);
5830	return (retval);
5831
5832done:
5833	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5834		free(ctsio->kern_data_ptr, M_CTL);
5835		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5836	}
5837	ctl_done((union ctl_io *)ctsio);
5838	return (CTL_RETVAL_COMPLETE);
5839}
5840
5841int
5842ctl_default_page_handler(struct ctl_scsiio *ctsio,
5843			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5844{
5845	struct ctl_lun *lun = CTL_LUN(ctsio);
5846	uint8_t *current_cp;
5847	int set_ua;
5848	uint32_t initidx;
5849
5850	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5851	set_ua = 0;
5852
5853	current_cp = (page_index->page_data + (page_index->page_len *
5854	    CTL_PAGE_CURRENT));
5855
5856	mtx_lock(&lun->lun_lock);
5857	if (memcmp(current_cp, page_ptr, page_index->page_len)) {
5858		memcpy(current_cp, page_ptr, page_index->page_len);
5859		set_ua = 1;
5860	}
5861	if (set_ua != 0)
5862		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5863	mtx_unlock(&lun->lun_lock);
5864	if (set_ua) {
5865		ctl_isc_announce_mode(lun,
5866		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5867		    page_index->page_code, page_index->subpage);
5868	}
5869	return (CTL_RETVAL_COMPLETE);
5870}
5871
5872static void
5873ctl_ie_timer(void *arg)
5874{
5875	struct ctl_lun *lun = arg;
5876	uint64_t t;
5877
5878	if (lun->ie_asc == 0)
5879		return;
5880
5881	if (lun->MODE_IE.mrie == SIEP_MRIE_UA)
5882		ctl_est_ua_all(lun, -1, CTL_UA_IE);
5883	else
5884		lun->ie_reported = 0;
5885
5886	if (lun->ie_reportcnt < scsi_4btoul(lun->MODE_IE.report_count)) {
5887		lun->ie_reportcnt++;
5888		t = scsi_4btoul(lun->MODE_IE.interval_timer);
5889		if (t == 0 || t == UINT32_MAX)
5890			t = 3000;  /* 5 min */
5891		callout_schedule(&lun->ie_callout, t * hz / 10);
5892	}
5893}
5894
5895int
5896ctl_ie_page_handler(struct ctl_scsiio *ctsio,
5897			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5898{
5899	struct ctl_lun *lun = CTL_LUN(ctsio);
5900	struct scsi_info_exceptions_page *pg;
5901	uint64_t t;
5902
5903	(void)ctl_default_page_handler(ctsio, page_index, page_ptr);
5904
5905	pg = (struct scsi_info_exceptions_page *)page_ptr;
5906	mtx_lock(&lun->lun_lock);
5907	if (pg->info_flags & SIEP_FLAGS_TEST) {
5908		lun->ie_asc = 0x5d;
5909		lun->ie_ascq = 0xff;
5910		if (pg->mrie == SIEP_MRIE_UA) {
5911			ctl_est_ua_all(lun, -1, CTL_UA_IE);
5912			lun->ie_reported = 1;
5913		} else {
5914			ctl_clr_ua_all(lun, -1, CTL_UA_IE);
5915			lun->ie_reported = -1;
5916		}
5917		lun->ie_reportcnt = 1;
5918		if (lun->ie_reportcnt < scsi_4btoul(pg->report_count)) {
5919			lun->ie_reportcnt++;
5920			t = scsi_4btoul(pg->interval_timer);
5921			if (t == 0 || t == UINT32_MAX)
5922				t = 3000;  /* 5 min */
5923			callout_reset(&lun->ie_callout, t * hz / 10,
5924			    ctl_ie_timer, lun);
5925		}
5926	} else {
5927		lun->ie_asc = 0;
5928		lun->ie_ascq = 0;
5929		lun->ie_reported = 1;
5930		ctl_clr_ua_all(lun, -1, CTL_UA_IE);
5931		lun->ie_reportcnt = UINT32_MAX;
5932		callout_stop(&lun->ie_callout);
5933	}
5934	mtx_unlock(&lun->lun_lock);
5935	return (CTL_RETVAL_COMPLETE);
5936}
5937
5938static int
5939ctl_do_mode_select(union ctl_io *io)
5940{
5941	struct ctl_lun *lun = CTL_LUN(io);
5942	struct scsi_mode_page_header *page_header;
5943	struct ctl_page_index *page_index;
5944	struct ctl_scsiio *ctsio;
5945	int page_len, page_len_offset, page_len_size;
5946	union ctl_modepage_info *modepage_info;
5947	uint16_t *len_left, *len_used;
5948	int retval, i;
5949
5950	ctsio = &io->scsiio;
5951	page_index = NULL;
5952	page_len = 0;
5953
5954	modepage_info = (union ctl_modepage_info *)
5955		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5956	len_left = &modepage_info->header.len_left;
5957	len_used = &modepage_info->header.len_used;
5958
5959do_next_page:
5960
5961	page_header = (struct scsi_mode_page_header *)
5962		(ctsio->kern_data_ptr + *len_used);
5963
5964	if (*len_left == 0) {
5965		free(ctsio->kern_data_ptr, M_CTL);
5966		ctl_set_success(ctsio);
5967		ctl_done((union ctl_io *)ctsio);
5968		return (CTL_RETVAL_COMPLETE);
5969	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5970
5971		free(ctsio->kern_data_ptr, M_CTL);
5972		ctl_set_param_len_error(ctsio);
5973		ctl_done((union ctl_io *)ctsio);
5974		return (CTL_RETVAL_COMPLETE);
5975
5976	} else if ((page_header->page_code & SMPH_SPF)
5977		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5978
5979		free(ctsio->kern_data_ptr, M_CTL);
5980		ctl_set_param_len_error(ctsio);
5981		ctl_done((union ctl_io *)ctsio);
5982		return (CTL_RETVAL_COMPLETE);
5983	}
5984
5985
5986	/*
5987	 * XXX KDM should we do something with the block descriptor?
5988	 */
5989	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5990		page_index = &lun->mode_pages.index[i];
5991		if (lun->be_lun->lun_type == T_DIRECT &&
5992		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
5993			continue;
5994		if (lun->be_lun->lun_type == T_PROCESSOR &&
5995		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
5996			continue;
5997		if (lun->be_lun->lun_type == T_CDROM &&
5998		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
5999			continue;
6000
6001		if ((page_index->page_code & SMPH_PC_MASK) !=
6002		    (page_header->page_code & SMPH_PC_MASK))
6003			continue;
6004
6005		/*
6006		 * If neither page has a subpage code, then we've got a
6007		 * match.
6008		 */
6009		if (((page_index->page_code & SMPH_SPF) == 0)
6010		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6011			page_len = page_header->page_length;
6012			break;
6013		}
6014
6015		/*
6016		 * If both pages have subpages, then the subpage numbers
6017		 * have to match.
6018		 */
6019		if ((page_index->page_code & SMPH_SPF)
6020		  && (page_header->page_code & SMPH_SPF)) {
6021			struct scsi_mode_page_header_sp *sph;
6022
6023			sph = (struct scsi_mode_page_header_sp *)page_header;
6024			if (page_index->subpage == sph->subpage) {
6025				page_len = scsi_2btoul(sph->page_length);
6026				break;
6027			}
6028		}
6029	}
6030
6031	/*
6032	 * If we couldn't find the page, or if we don't have a mode select
6033	 * handler for it, send back an error to the user.
6034	 */
6035	if ((i >= CTL_NUM_MODE_PAGES)
6036	 || (page_index->select_handler == NULL)) {
6037		ctl_set_invalid_field(ctsio,
6038				      /*sks_valid*/ 1,
6039				      /*command*/ 0,
6040				      /*field*/ *len_used,
6041				      /*bit_valid*/ 0,
6042				      /*bit*/ 0);
6043		free(ctsio->kern_data_ptr, M_CTL);
6044		ctl_done((union ctl_io *)ctsio);
6045		return (CTL_RETVAL_COMPLETE);
6046	}
6047
6048	if (page_index->page_code & SMPH_SPF) {
6049		page_len_offset = 2;
6050		page_len_size = 2;
6051	} else {
6052		page_len_size = 1;
6053		page_len_offset = 1;
6054	}
6055
6056	/*
6057	 * If the length the initiator gives us isn't the one we specify in
6058	 * the mode page header, or if they didn't specify enough data in
6059	 * the CDB to avoid truncating this page, kick out the request.
6060	 */
6061	if (page_len != page_index->page_len - page_len_offset - page_len_size) {
6062		ctl_set_invalid_field(ctsio,
6063				      /*sks_valid*/ 1,
6064				      /*command*/ 0,
6065				      /*field*/ *len_used + page_len_offset,
6066				      /*bit_valid*/ 0,
6067				      /*bit*/ 0);
6068		free(ctsio->kern_data_ptr, M_CTL);
6069		ctl_done((union ctl_io *)ctsio);
6070		return (CTL_RETVAL_COMPLETE);
6071	}
6072	if (*len_left < page_index->page_len) {
6073		free(ctsio->kern_data_ptr, M_CTL);
6074		ctl_set_param_len_error(ctsio);
6075		ctl_done((union ctl_io *)ctsio);
6076		return (CTL_RETVAL_COMPLETE);
6077	}
6078
6079	/*
6080	 * Run through the mode page, checking to make sure that the bits
6081	 * the user changed are actually legal for him to change.
6082	 */
6083	for (i = 0; i < page_index->page_len; i++) {
6084		uint8_t *user_byte, *change_mask, *current_byte;
6085		int bad_bit;
6086		int j;
6087
6088		user_byte = (uint8_t *)page_header + i;
6089		change_mask = page_index->page_data +
6090			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6091		current_byte = page_index->page_data +
6092			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6093
6094		/*
6095		 * Check to see whether the user set any bits in this byte
6096		 * that he is not allowed to set.
6097		 */
6098		if ((*user_byte & ~(*change_mask)) ==
6099		    (*current_byte & ~(*change_mask)))
6100			continue;
6101
6102		/*
6103		 * Go through bit by bit to determine which one is illegal.
6104		 */
6105		bad_bit = 0;
6106		for (j = 7; j >= 0; j--) {
6107			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6108			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6109				bad_bit = i;
6110				break;
6111			}
6112		}
6113		ctl_set_invalid_field(ctsio,
6114				      /*sks_valid*/ 1,
6115				      /*command*/ 0,
6116				      /*field*/ *len_used + i,
6117				      /*bit_valid*/ 1,
6118				      /*bit*/ bad_bit);
6119		free(ctsio->kern_data_ptr, M_CTL);
6120		ctl_done((union ctl_io *)ctsio);
6121		return (CTL_RETVAL_COMPLETE);
6122	}
6123
6124	/*
6125	 * Decrement these before we call the page handler, since we may
6126	 * end up getting called back one way or another before the handler
6127	 * returns to this context.
6128	 */
6129	*len_left -= page_index->page_len;
6130	*len_used += page_index->page_len;
6131
6132	retval = page_index->select_handler(ctsio, page_index,
6133					    (uint8_t *)page_header);
6134
6135	/*
6136	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6137	 * wait until this queued command completes to finish processing
6138	 * the mode page.  If it returns anything other than
6139	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6140	 * already set the sense information, freed the data pointer, and
6141	 * completed the io for us.
6142	 */
6143	if (retval != CTL_RETVAL_COMPLETE)
6144		goto bailout_no_done;
6145
6146	/*
6147	 * If the initiator sent us more than one page, parse the next one.
6148	 */
6149	if (*len_left > 0)
6150		goto do_next_page;
6151
6152	ctl_set_success(ctsio);
6153	free(ctsio->kern_data_ptr, M_CTL);
6154	ctl_done((union ctl_io *)ctsio);
6155
6156bailout_no_done:
6157
6158	return (CTL_RETVAL_COMPLETE);
6159
6160}
6161
6162int
6163ctl_mode_select(struct ctl_scsiio *ctsio)
6164{
6165	struct ctl_lun *lun = CTL_LUN(ctsio);
6166	union ctl_modepage_info *modepage_info;
6167	int bd_len, i, header_size, param_len, pf, rtd, sp;
6168	uint32_t initidx;
6169
6170	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6171	switch (ctsio->cdb[0]) {
6172	case MODE_SELECT_6: {
6173		struct scsi_mode_select_6 *cdb;
6174
6175		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6176
6177		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6178		rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
6179		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6180		param_len = cdb->length;
6181		header_size = sizeof(struct scsi_mode_header_6);
6182		break;
6183	}
6184	case MODE_SELECT_10: {
6185		struct scsi_mode_select_10 *cdb;
6186
6187		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6188
6189		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6190		rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
6191		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6192		param_len = scsi_2btoul(cdb->length);
6193		header_size = sizeof(struct scsi_mode_header_10);
6194		break;
6195	}
6196	default:
6197		ctl_set_invalid_opcode(ctsio);
6198		ctl_done((union ctl_io *)ctsio);
6199		return (CTL_RETVAL_COMPLETE);
6200	}
6201
6202	if (rtd) {
6203		if (param_len != 0) {
6204			ctl_set_invalid_field(ctsio, /*sks_valid*/ 0,
6205			    /*command*/ 1, /*field*/ 0,
6206			    /*bit_valid*/ 0, /*bit*/ 0);
6207			ctl_done((union ctl_io *)ctsio);
6208			return (CTL_RETVAL_COMPLETE);
6209		}
6210
6211		/* Revert to defaults. */
6212		ctl_init_page_index(lun);
6213		mtx_lock(&lun->lun_lock);
6214		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6215		mtx_unlock(&lun->lun_lock);
6216		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6217			ctl_isc_announce_mode(lun, -1,
6218			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
6219			    lun->mode_pages.index[i].subpage);
6220		}
6221		ctl_set_success(ctsio);
6222		ctl_done((union ctl_io *)ctsio);
6223		return (CTL_RETVAL_COMPLETE);
6224	}
6225
6226	/*
6227	 * From SPC-3:
6228	 * "A parameter list length of zero indicates that the Data-Out Buffer
6229	 * shall be empty. This condition shall not be considered as an error."
6230	 */
6231	if (param_len == 0) {
6232		ctl_set_success(ctsio);
6233		ctl_done((union ctl_io *)ctsio);
6234		return (CTL_RETVAL_COMPLETE);
6235	}
6236
6237	/*
6238	 * Since we'll hit this the first time through, prior to
6239	 * allocation, we don't need to free a data buffer here.
6240	 */
6241	if (param_len < header_size) {
6242		ctl_set_param_len_error(ctsio);
6243		ctl_done((union ctl_io *)ctsio);
6244		return (CTL_RETVAL_COMPLETE);
6245	}
6246
6247	/*
6248	 * Allocate the data buffer and grab the user's data.  In theory,
6249	 * we shouldn't have to sanity check the parameter list length here
6250	 * because the maximum size is 64K.  We should be able to malloc
6251	 * that much without too many problems.
6252	 */
6253	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6254		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6255		ctsio->kern_data_len = param_len;
6256		ctsio->kern_total_len = param_len;
6257		ctsio->kern_rel_offset = 0;
6258		ctsio->kern_sg_entries = 0;
6259		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6260		ctsio->be_move_done = ctl_config_move_done;
6261		ctl_datamove((union ctl_io *)ctsio);
6262
6263		return (CTL_RETVAL_COMPLETE);
6264	}
6265
6266	switch (ctsio->cdb[0]) {
6267	case MODE_SELECT_6: {
6268		struct scsi_mode_header_6 *mh6;
6269
6270		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6271		bd_len = mh6->blk_desc_len;
6272		break;
6273	}
6274	case MODE_SELECT_10: {
6275		struct scsi_mode_header_10 *mh10;
6276
6277		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6278		bd_len = scsi_2btoul(mh10->blk_desc_len);
6279		break;
6280	}
6281	default:
6282		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6283	}
6284
6285	if (param_len < (header_size + bd_len)) {
6286		free(ctsio->kern_data_ptr, M_CTL);
6287		ctl_set_param_len_error(ctsio);
6288		ctl_done((union ctl_io *)ctsio);
6289		return (CTL_RETVAL_COMPLETE);
6290	}
6291
6292	/*
6293	 * Set the IO_CONT flag, so that if this I/O gets passed to
6294	 * ctl_config_write_done(), it'll get passed back to
6295	 * ctl_do_mode_select() for further processing, or completion if
6296	 * we're all done.
6297	 */
6298	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6299	ctsio->io_cont = ctl_do_mode_select;
6300
6301	modepage_info = (union ctl_modepage_info *)
6302		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6303	memset(modepage_info, 0, sizeof(*modepage_info));
6304	modepage_info->header.len_left = param_len - header_size - bd_len;
6305	modepage_info->header.len_used = header_size + bd_len;
6306
6307	return (ctl_do_mode_select((union ctl_io *)ctsio));
6308}
6309
6310int
6311ctl_mode_sense(struct ctl_scsiio *ctsio)
6312{
6313	struct ctl_lun *lun = CTL_LUN(ctsio);
6314	int pc, page_code, dbd, llba, subpage;
6315	int alloc_len, page_len, header_len, total_len;
6316	struct scsi_mode_block_descr *block_desc;
6317	struct ctl_page_index *page_index;
6318
6319	dbd = 0;
6320	llba = 0;
6321	block_desc = NULL;
6322
6323	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6324
6325	switch (ctsio->cdb[0]) {
6326	case MODE_SENSE_6: {
6327		struct scsi_mode_sense_6 *cdb;
6328
6329		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6330
6331		header_len = sizeof(struct scsi_mode_hdr_6);
6332		if (cdb->byte2 & SMS_DBD)
6333			dbd = 1;
6334		else
6335			header_len += sizeof(struct scsi_mode_block_descr);
6336
6337		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6338		page_code = cdb->page & SMS_PAGE_CODE;
6339		subpage = cdb->subpage;
6340		alloc_len = cdb->length;
6341		break;
6342	}
6343	case MODE_SENSE_10: {
6344		struct scsi_mode_sense_10 *cdb;
6345
6346		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6347
6348		header_len = sizeof(struct scsi_mode_hdr_10);
6349
6350		if (cdb->byte2 & SMS_DBD)
6351			dbd = 1;
6352		else
6353			header_len += sizeof(struct scsi_mode_block_descr);
6354		if (cdb->byte2 & SMS10_LLBAA)
6355			llba = 1;
6356		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6357		page_code = cdb->page & SMS_PAGE_CODE;
6358		subpage = cdb->subpage;
6359		alloc_len = scsi_2btoul(cdb->length);
6360		break;
6361	}
6362	default:
6363		ctl_set_invalid_opcode(ctsio);
6364		ctl_done((union ctl_io *)ctsio);
6365		return (CTL_RETVAL_COMPLETE);
6366		break; /* NOTREACHED */
6367	}
6368
6369	/*
6370	 * We have to make a first pass through to calculate the size of
6371	 * the pages that match the user's query.  Then we allocate enough
6372	 * memory to hold it, and actually copy the data into the buffer.
6373	 */
6374	switch (page_code) {
6375	case SMS_ALL_PAGES_PAGE: {
6376		u_int i;
6377
6378		page_len = 0;
6379
6380		/*
6381		 * At the moment, values other than 0 and 0xff here are
6382		 * reserved according to SPC-3.
6383		 */
6384		if ((subpage != SMS_SUBPAGE_PAGE_0)
6385		 && (subpage != SMS_SUBPAGE_ALL)) {
6386			ctl_set_invalid_field(ctsio,
6387					      /*sks_valid*/ 1,
6388					      /*command*/ 1,
6389					      /*field*/ 3,
6390					      /*bit_valid*/ 0,
6391					      /*bit*/ 0);
6392			ctl_done((union ctl_io *)ctsio);
6393			return (CTL_RETVAL_COMPLETE);
6394		}
6395
6396		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6397			page_index = &lun->mode_pages.index[i];
6398
6399			/* Make sure the page is supported for this dev type */
6400			if (lun->be_lun->lun_type == T_DIRECT &&
6401			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6402				continue;
6403			if (lun->be_lun->lun_type == T_PROCESSOR &&
6404			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6405				continue;
6406			if (lun->be_lun->lun_type == T_CDROM &&
6407			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6408				continue;
6409
6410			/*
6411			 * We don't use this subpage if the user didn't
6412			 * request all subpages.
6413			 */
6414			if ((page_index->subpage != 0)
6415			 && (subpage == SMS_SUBPAGE_PAGE_0))
6416				continue;
6417
6418#if 0
6419			printf("found page %#x len %d\n",
6420			       page_index->page_code & SMPH_PC_MASK,
6421			       page_index->page_len);
6422#endif
6423			page_len += page_index->page_len;
6424		}
6425		break;
6426	}
6427	default: {
6428		u_int i;
6429
6430		page_len = 0;
6431
6432		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6433			page_index = &lun->mode_pages.index[i];
6434
6435			/* Make sure the page is supported for this dev type */
6436			if (lun->be_lun->lun_type == T_DIRECT &&
6437			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6438				continue;
6439			if (lun->be_lun->lun_type == T_PROCESSOR &&
6440			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6441				continue;
6442			if (lun->be_lun->lun_type == T_CDROM &&
6443			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6444				continue;
6445
6446			/* Look for the right page code */
6447			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6448				continue;
6449
6450			/* Look for the right subpage or the subpage wildcard*/
6451			if ((page_index->subpage != subpage)
6452			 && (subpage != SMS_SUBPAGE_ALL))
6453				continue;
6454
6455#if 0
6456			printf("found page %#x len %d\n",
6457			       page_index->page_code & SMPH_PC_MASK,
6458			       page_index->page_len);
6459#endif
6460
6461			page_len += page_index->page_len;
6462		}
6463
6464		if (page_len == 0) {
6465			ctl_set_invalid_field(ctsio,
6466					      /*sks_valid*/ 1,
6467					      /*command*/ 1,
6468					      /*field*/ 2,
6469					      /*bit_valid*/ 1,
6470					      /*bit*/ 5);
6471			ctl_done((union ctl_io *)ctsio);
6472			return (CTL_RETVAL_COMPLETE);
6473		}
6474		break;
6475	}
6476	}
6477
6478	total_len = header_len + page_len;
6479#if 0
6480	printf("header_len = %d, page_len = %d, total_len = %d\n",
6481	       header_len, page_len, total_len);
6482#endif
6483
6484	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6485	ctsio->kern_sg_entries = 0;
6486	ctsio->kern_rel_offset = 0;
6487	ctsio->kern_data_len = min(total_len, alloc_len);
6488	ctsio->kern_total_len = ctsio->kern_data_len;
6489
6490	switch (ctsio->cdb[0]) {
6491	case MODE_SENSE_6: {
6492		struct scsi_mode_hdr_6 *header;
6493
6494		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6495
6496		header->datalen = MIN(total_len - 1, 254);
6497		if (lun->be_lun->lun_type == T_DIRECT) {
6498			header->dev_specific = 0x10; /* DPOFUA */
6499			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6500			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6501				header->dev_specific |= 0x80; /* WP */
6502		}
6503		if (dbd)
6504			header->block_descr_len = 0;
6505		else
6506			header->block_descr_len =
6507				sizeof(struct scsi_mode_block_descr);
6508		block_desc = (struct scsi_mode_block_descr *)&header[1];
6509		break;
6510	}
6511	case MODE_SENSE_10: {
6512		struct scsi_mode_hdr_10 *header;
6513		int datalen;
6514
6515		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6516
6517		datalen = MIN(total_len - 2, 65533);
6518		scsi_ulto2b(datalen, header->datalen);
6519		if (lun->be_lun->lun_type == T_DIRECT) {
6520			header->dev_specific = 0x10; /* DPOFUA */
6521			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6522			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6523				header->dev_specific |= 0x80; /* WP */
6524		}
6525		if (dbd)
6526			scsi_ulto2b(0, header->block_descr_len);
6527		else
6528			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6529				    header->block_descr_len);
6530		block_desc = (struct scsi_mode_block_descr *)&header[1];
6531		break;
6532	}
6533	default:
6534		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6535	}
6536
6537	/*
6538	 * If we've got a disk, use its blocksize in the block
6539	 * descriptor.  Otherwise, just set it to 0.
6540	 */
6541	if (dbd == 0) {
6542		if (lun->be_lun->lun_type == T_DIRECT)
6543			scsi_ulto3b(lun->be_lun->blocksize,
6544				    block_desc->block_len);
6545		else
6546			scsi_ulto3b(0, block_desc->block_len);
6547	}
6548
6549	switch (page_code) {
6550	case SMS_ALL_PAGES_PAGE: {
6551		int i, data_used;
6552
6553		data_used = header_len;
6554		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6555			struct ctl_page_index *page_index;
6556
6557			page_index = &lun->mode_pages.index[i];
6558			if (lun->be_lun->lun_type == T_DIRECT &&
6559			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6560				continue;
6561			if (lun->be_lun->lun_type == T_PROCESSOR &&
6562			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6563				continue;
6564			if (lun->be_lun->lun_type == T_CDROM &&
6565			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6566				continue;
6567
6568			/*
6569			 * We don't use this subpage if the user didn't
6570			 * request all subpages.  We already checked (above)
6571			 * to make sure the user only specified a subpage
6572			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6573			 */
6574			if ((page_index->subpage != 0)
6575			 && (subpage == SMS_SUBPAGE_PAGE_0))
6576				continue;
6577
6578			/*
6579			 * Call the handler, if it exists, to update the
6580			 * page to the latest values.
6581			 */
6582			if (page_index->sense_handler != NULL)
6583				page_index->sense_handler(ctsio, page_index,pc);
6584
6585			memcpy(ctsio->kern_data_ptr + data_used,
6586			       page_index->page_data +
6587			       (page_index->page_len * pc),
6588			       page_index->page_len);
6589			data_used += page_index->page_len;
6590		}
6591		break;
6592	}
6593	default: {
6594		int i, data_used;
6595
6596		data_used = header_len;
6597
6598		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6599			struct ctl_page_index *page_index;
6600
6601			page_index = &lun->mode_pages.index[i];
6602
6603			/* Look for the right page code */
6604			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6605				continue;
6606
6607			/* Look for the right subpage or the subpage wildcard*/
6608			if ((page_index->subpage != subpage)
6609			 && (subpage != SMS_SUBPAGE_ALL))
6610				continue;
6611
6612			/* Make sure the page is supported for this dev type */
6613			if (lun->be_lun->lun_type == T_DIRECT &&
6614			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6615				continue;
6616			if (lun->be_lun->lun_type == T_PROCESSOR &&
6617			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6618				continue;
6619			if (lun->be_lun->lun_type == T_CDROM &&
6620			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6621				continue;
6622
6623			/*
6624			 * Call the handler, if it exists, to update the
6625			 * page to the latest values.
6626			 */
6627			if (page_index->sense_handler != NULL)
6628				page_index->sense_handler(ctsio, page_index,pc);
6629
6630			memcpy(ctsio->kern_data_ptr + data_used,
6631			       page_index->page_data +
6632			       (page_index->page_len * pc),
6633			       page_index->page_len);
6634			data_used += page_index->page_len;
6635		}
6636		break;
6637	}
6638	}
6639
6640	ctl_set_success(ctsio);
6641	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6642	ctsio->be_move_done = ctl_config_move_done;
6643	ctl_datamove((union ctl_io *)ctsio);
6644	return (CTL_RETVAL_COMPLETE);
6645}
6646
6647int
6648ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6649			       struct ctl_page_index *page_index,
6650			       int pc)
6651{
6652	struct ctl_lun *lun = CTL_LUN(ctsio);
6653	struct scsi_log_param_header *phdr;
6654	uint8_t *data;
6655	uint64_t val;
6656
6657	data = page_index->page_data;
6658
6659	if (lun->backend->lun_attr != NULL &&
6660	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6661	     != UINT64_MAX) {
6662		phdr = (struct scsi_log_param_header *)data;
6663		scsi_ulto2b(0x0001, phdr->param_code);
6664		phdr->param_control = SLP_LBIN | SLP_LP;
6665		phdr->param_len = 8;
6666		data = (uint8_t *)(phdr + 1);
6667		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6668		data[4] = 0x02; /* per-pool */
6669		data += phdr->param_len;
6670	}
6671
6672	if (lun->backend->lun_attr != NULL &&
6673	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6674	     != UINT64_MAX) {
6675		phdr = (struct scsi_log_param_header *)data;
6676		scsi_ulto2b(0x0002, phdr->param_code);
6677		phdr->param_control = SLP_LBIN | SLP_LP;
6678		phdr->param_len = 8;
6679		data = (uint8_t *)(phdr + 1);
6680		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6681		data[4] = 0x01; /* per-LUN */
6682		data += phdr->param_len;
6683	}
6684
6685	if (lun->backend->lun_attr != NULL &&
6686	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6687	     != UINT64_MAX) {
6688		phdr = (struct scsi_log_param_header *)data;
6689		scsi_ulto2b(0x00f1, phdr->param_code);
6690		phdr->param_control = SLP_LBIN | SLP_LP;
6691		phdr->param_len = 8;
6692		data = (uint8_t *)(phdr + 1);
6693		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6694		data[4] = 0x02; /* per-pool */
6695		data += phdr->param_len;
6696	}
6697
6698	if (lun->backend->lun_attr != NULL &&
6699	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6700	     != UINT64_MAX) {
6701		phdr = (struct scsi_log_param_header *)data;
6702		scsi_ulto2b(0x00f2, phdr->param_code);
6703		phdr->param_control = SLP_LBIN | SLP_LP;
6704		phdr->param_len = 8;
6705		data = (uint8_t *)(phdr + 1);
6706		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6707		data[4] = 0x02; /* per-pool */
6708		data += phdr->param_len;
6709	}
6710
6711	page_index->page_len = data - page_index->page_data;
6712	return (0);
6713}
6714
6715int
6716ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6717			       struct ctl_page_index *page_index,
6718			       int pc)
6719{
6720	struct ctl_lun *lun = CTL_LUN(ctsio);
6721	struct stat_page *data;
6722	struct bintime *t;
6723
6724	data = (struct stat_page *)page_index->page_data;
6725
6726	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6727	data->sap.hdr.param_control = SLP_LBIN;
6728	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6729	    sizeof(struct scsi_log_param_header);
6730	scsi_u64to8b(lun->stats.operations[CTL_STATS_READ],
6731	    data->sap.read_num);
6732	scsi_u64to8b(lun->stats.operations[CTL_STATS_WRITE],
6733	    data->sap.write_num);
6734	if (lun->be_lun->blocksize > 0) {
6735		scsi_u64to8b(lun->stats.bytes[CTL_STATS_WRITE] /
6736		    lun->be_lun->blocksize, data->sap.recvieved_lba);
6737		scsi_u64to8b(lun->stats.bytes[CTL_STATS_READ] /
6738		    lun->be_lun->blocksize, data->sap.transmitted_lba);
6739	}
6740	t = &lun->stats.time[CTL_STATS_READ];
6741	scsi_u64to8b((uint64_t)t->sec * 1000 + t->frac / (UINT64_MAX / 1000),
6742	    data->sap.read_int);
6743	t = &lun->stats.time[CTL_STATS_WRITE];
6744	scsi_u64to8b((uint64_t)t->sec * 1000 + t->frac / (UINT64_MAX / 1000),
6745	    data->sap.write_int);
6746	scsi_u64to8b(0, data->sap.weighted_num);
6747	scsi_u64to8b(0, data->sap.weighted_int);
6748	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6749	data->it.hdr.param_control = SLP_LBIN;
6750	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6751	    sizeof(struct scsi_log_param_header);
6752#ifdef CTL_TIME_IO
6753	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6754#endif
6755	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6756	data->it.hdr.param_control = SLP_LBIN;
6757	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6758	    sizeof(struct scsi_log_param_header);
6759	scsi_ulto4b(3, data->ti.exponent);
6760	scsi_ulto4b(1, data->ti.integer);
6761	return (0);
6762}
6763
6764int
6765ctl_ie_log_sense_handler(struct ctl_scsiio *ctsio,
6766			       struct ctl_page_index *page_index,
6767			       int pc)
6768{
6769	struct ctl_lun *lun = CTL_LUN(ctsio);
6770	struct scsi_log_informational_exceptions *data;
6771
6772	data = (struct scsi_log_informational_exceptions *)page_index->page_data;
6773
6774	scsi_ulto2b(SLP_IE_GEN, data->hdr.param_code);
6775	data->hdr.param_control = SLP_LBIN;
6776	data->hdr.param_len = sizeof(struct scsi_log_informational_exceptions) -
6777	    sizeof(struct scsi_log_param_header);
6778	data->ie_asc = lun->ie_asc;
6779	data->ie_ascq = lun->ie_ascq;
6780	data->temperature = 0xff;
6781	return (0);
6782}
6783
6784int
6785ctl_log_sense(struct ctl_scsiio *ctsio)
6786{
6787	struct ctl_lun *lun = CTL_LUN(ctsio);
6788	int i, pc, page_code, subpage;
6789	int alloc_len, total_len;
6790	struct ctl_page_index *page_index;
6791	struct scsi_log_sense *cdb;
6792	struct scsi_log_header *header;
6793
6794	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6795
6796	cdb = (struct scsi_log_sense *)ctsio->cdb;
6797	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6798	page_code = cdb->page & SLS_PAGE_CODE;
6799	subpage = cdb->subpage;
6800	alloc_len = scsi_2btoul(cdb->length);
6801
6802	page_index = NULL;
6803	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6804		page_index = &lun->log_pages.index[i];
6805
6806		/* Look for the right page code */
6807		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6808			continue;
6809
6810		/* Look for the right subpage or the subpage wildcard*/
6811		if (page_index->subpage != subpage)
6812			continue;
6813
6814		break;
6815	}
6816	if (i >= CTL_NUM_LOG_PAGES) {
6817		ctl_set_invalid_field(ctsio,
6818				      /*sks_valid*/ 1,
6819				      /*command*/ 1,
6820				      /*field*/ 2,
6821				      /*bit_valid*/ 0,
6822				      /*bit*/ 0);
6823		ctl_done((union ctl_io *)ctsio);
6824		return (CTL_RETVAL_COMPLETE);
6825	}
6826
6827	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6828
6829	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6830	ctsio->kern_sg_entries = 0;
6831	ctsio->kern_rel_offset = 0;
6832	ctsio->kern_data_len = min(total_len, alloc_len);
6833	ctsio->kern_total_len = ctsio->kern_data_len;
6834
6835	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6836	header->page = page_index->page_code;
6837	if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING)
6838		header->page |= SL_DS;
6839	if (page_index->subpage) {
6840		header->page |= SL_SPF;
6841		header->subpage = page_index->subpage;
6842	}
6843	scsi_ulto2b(page_index->page_len, header->datalen);
6844
6845	/*
6846	 * Call the handler, if it exists, to update the
6847	 * page to the latest values.
6848	 */
6849	if (page_index->sense_handler != NULL)
6850		page_index->sense_handler(ctsio, page_index, pc);
6851
6852	memcpy(header + 1, page_index->page_data, page_index->page_len);
6853
6854	ctl_set_success(ctsio);
6855	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6856	ctsio->be_move_done = ctl_config_move_done;
6857	ctl_datamove((union ctl_io *)ctsio);
6858	return (CTL_RETVAL_COMPLETE);
6859}
6860
6861int
6862ctl_read_capacity(struct ctl_scsiio *ctsio)
6863{
6864	struct ctl_lun *lun = CTL_LUN(ctsio);
6865	struct scsi_read_capacity *cdb;
6866	struct scsi_read_capacity_data *data;
6867	uint32_t lba;
6868
6869	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6870
6871	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6872
6873	lba = scsi_4btoul(cdb->addr);
6874	if (((cdb->pmi & SRC_PMI) == 0)
6875	 && (lba != 0)) {
6876		ctl_set_invalid_field(/*ctsio*/ ctsio,
6877				      /*sks_valid*/ 1,
6878				      /*command*/ 1,
6879				      /*field*/ 2,
6880				      /*bit_valid*/ 0,
6881				      /*bit*/ 0);
6882		ctl_done((union ctl_io *)ctsio);
6883		return (CTL_RETVAL_COMPLETE);
6884	}
6885
6886	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6887	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6888	ctsio->kern_data_len = sizeof(*data);
6889	ctsio->kern_total_len = sizeof(*data);
6890	ctsio->kern_rel_offset = 0;
6891	ctsio->kern_sg_entries = 0;
6892
6893	/*
6894	 * If the maximum LBA is greater than 0xfffffffe, the user must
6895	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6896	 * serivce action set.
6897	 */
6898	if (lun->be_lun->maxlba > 0xfffffffe)
6899		scsi_ulto4b(0xffffffff, data->addr);
6900	else
6901		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6902
6903	/*
6904	 * XXX KDM this may not be 512 bytes...
6905	 */
6906	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6907
6908	ctl_set_success(ctsio);
6909	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6910	ctsio->be_move_done = ctl_config_move_done;
6911	ctl_datamove((union ctl_io *)ctsio);
6912	return (CTL_RETVAL_COMPLETE);
6913}
6914
6915int
6916ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6917{
6918	struct ctl_lun *lun = CTL_LUN(ctsio);
6919	struct scsi_read_capacity_16 *cdb;
6920	struct scsi_read_capacity_data_long *data;
6921	uint64_t lba;
6922	uint32_t alloc_len;
6923
6924	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6925
6926	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6927
6928	alloc_len = scsi_4btoul(cdb->alloc_len);
6929	lba = scsi_8btou64(cdb->addr);
6930
6931	if ((cdb->reladr & SRC16_PMI)
6932	 && (lba != 0)) {
6933		ctl_set_invalid_field(/*ctsio*/ ctsio,
6934				      /*sks_valid*/ 1,
6935				      /*command*/ 1,
6936				      /*field*/ 2,
6937				      /*bit_valid*/ 0,
6938				      /*bit*/ 0);
6939		ctl_done((union ctl_io *)ctsio);
6940		return (CTL_RETVAL_COMPLETE);
6941	}
6942
6943	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6944	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6945	ctsio->kern_rel_offset = 0;
6946	ctsio->kern_sg_entries = 0;
6947	ctsio->kern_data_len = min(sizeof(*data), alloc_len);
6948	ctsio->kern_total_len = ctsio->kern_data_len;
6949
6950	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6951	/* XXX KDM this may not be 512 bytes... */
6952	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6953	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6954	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6955	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6956		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6957
6958	ctl_set_success(ctsio);
6959	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6960	ctsio->be_move_done = ctl_config_move_done;
6961	ctl_datamove((union ctl_io *)ctsio);
6962	return (CTL_RETVAL_COMPLETE);
6963}
6964
6965int
6966ctl_get_lba_status(struct ctl_scsiio *ctsio)
6967{
6968	struct ctl_lun *lun = CTL_LUN(ctsio);
6969	struct scsi_get_lba_status *cdb;
6970	struct scsi_get_lba_status_data *data;
6971	struct ctl_lba_len_flags *lbalen;
6972	uint64_t lba;
6973	uint32_t alloc_len, total_len;
6974	int retval;
6975
6976	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6977
6978	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6979	lba = scsi_8btou64(cdb->addr);
6980	alloc_len = scsi_4btoul(cdb->alloc_len);
6981
6982	if (lba > lun->be_lun->maxlba) {
6983		ctl_set_lba_out_of_range(ctsio, lba);
6984		ctl_done((union ctl_io *)ctsio);
6985		return (CTL_RETVAL_COMPLETE);
6986	}
6987
6988	total_len = sizeof(*data) + sizeof(data->descr[0]);
6989	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6990	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6991	ctsio->kern_rel_offset = 0;
6992	ctsio->kern_sg_entries = 0;
6993	ctsio->kern_data_len = min(total_len, alloc_len);
6994	ctsio->kern_total_len = ctsio->kern_data_len;
6995
6996	/* Fill dummy data in case backend can't tell anything. */
6997	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6998	scsi_u64to8b(lba, data->descr[0].addr);
6999	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7000	    data->descr[0].length);
7001	data->descr[0].status = 0; /* Mapped or unknown. */
7002
7003	ctl_set_success(ctsio);
7004	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7005	ctsio->be_move_done = ctl_config_move_done;
7006
7007	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7008	lbalen->lba = lba;
7009	lbalen->len = total_len;
7010	lbalen->flags = 0;
7011	retval = lun->backend->config_read((union ctl_io *)ctsio);
7012	return (CTL_RETVAL_COMPLETE);
7013}
7014
7015int
7016ctl_read_defect(struct ctl_scsiio *ctsio)
7017{
7018	struct scsi_read_defect_data_10 *ccb10;
7019	struct scsi_read_defect_data_12 *ccb12;
7020	struct scsi_read_defect_data_hdr_10 *data10;
7021	struct scsi_read_defect_data_hdr_12 *data12;
7022	uint32_t alloc_len, data_len;
7023	uint8_t format;
7024
7025	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7026
7027	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7028		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7029		format = ccb10->format;
7030		alloc_len = scsi_2btoul(ccb10->alloc_length);
7031		data_len = sizeof(*data10);
7032	} else {
7033		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7034		format = ccb12->format;
7035		alloc_len = scsi_4btoul(ccb12->alloc_length);
7036		data_len = sizeof(*data12);
7037	}
7038	if (alloc_len == 0) {
7039		ctl_set_success(ctsio);
7040		ctl_done((union ctl_io *)ctsio);
7041		return (CTL_RETVAL_COMPLETE);
7042	}
7043
7044	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7045	ctsio->kern_rel_offset = 0;
7046	ctsio->kern_sg_entries = 0;
7047	ctsio->kern_data_len = min(data_len, alloc_len);
7048	ctsio->kern_total_len = ctsio->kern_data_len;
7049
7050	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7051		data10 = (struct scsi_read_defect_data_hdr_10 *)
7052		    ctsio->kern_data_ptr;
7053		data10->format = format;
7054		scsi_ulto2b(0, data10->length);
7055	} else {
7056		data12 = (struct scsi_read_defect_data_hdr_12 *)
7057		    ctsio->kern_data_ptr;
7058		data12->format = format;
7059		scsi_ulto2b(0, data12->generation);
7060		scsi_ulto4b(0, data12->length);
7061	}
7062
7063	ctl_set_success(ctsio);
7064	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7065	ctsio->be_move_done = ctl_config_move_done;
7066	ctl_datamove((union ctl_io *)ctsio);
7067	return (CTL_RETVAL_COMPLETE);
7068}
7069
7070int
7071ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7072{
7073	struct ctl_softc *softc = CTL_SOFTC(ctsio);
7074	struct ctl_lun *lun = CTL_LUN(ctsio);
7075	struct scsi_maintenance_in *cdb;
7076	int retval;
7077	int alloc_len, ext, total_len = 0, g, pc, pg, ts, os;
7078	int num_ha_groups, num_target_ports, shared_group;
7079	struct ctl_port *port;
7080	struct scsi_target_group_data *rtg_ptr;
7081	struct scsi_target_group_data_extended *rtg_ext_ptr;
7082	struct scsi_target_port_group_descriptor *tpg_desc;
7083
7084	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7085
7086	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7087	retval = CTL_RETVAL_COMPLETE;
7088
7089	switch (cdb->byte2 & STG_PDF_MASK) {
7090	case STG_PDF_LENGTH:
7091		ext = 0;
7092		break;
7093	case STG_PDF_EXTENDED:
7094		ext = 1;
7095		break;
7096	default:
7097		ctl_set_invalid_field(/*ctsio*/ ctsio,
7098				      /*sks_valid*/ 1,
7099				      /*command*/ 1,
7100				      /*field*/ 2,
7101				      /*bit_valid*/ 1,
7102				      /*bit*/ 5);
7103		ctl_done((union ctl_io *)ctsio);
7104		return(retval);
7105	}
7106
7107	num_target_ports = 0;
7108	shared_group = (softc->is_single != 0);
7109	mtx_lock(&softc->ctl_lock);
7110	STAILQ_FOREACH(port, &softc->port_list, links) {
7111		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7112			continue;
7113		if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7114			continue;
7115		num_target_ports++;
7116		if (port->status & CTL_PORT_STATUS_HA_SHARED)
7117			shared_group = 1;
7118	}
7119	mtx_unlock(&softc->ctl_lock);
7120	num_ha_groups = (softc->is_single) ? 0 : NUM_HA_SHELVES;
7121
7122	if (ext)
7123		total_len = sizeof(struct scsi_target_group_data_extended);
7124	else
7125		total_len = sizeof(struct scsi_target_group_data);
7126	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7127		(shared_group + num_ha_groups) +
7128	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7129
7130	alloc_len = scsi_4btoul(cdb->length);
7131
7132	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7133	ctsio->kern_sg_entries = 0;
7134	ctsio->kern_rel_offset = 0;
7135	ctsio->kern_data_len = min(total_len, alloc_len);
7136	ctsio->kern_total_len = ctsio->kern_data_len;
7137
7138	if (ext) {
7139		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7140		    ctsio->kern_data_ptr;
7141		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7142		rtg_ext_ptr->format_type = 0x10;
7143		rtg_ext_ptr->implicit_transition_time = 0;
7144		tpg_desc = &rtg_ext_ptr->groups[0];
7145	} else {
7146		rtg_ptr = (struct scsi_target_group_data *)
7147		    ctsio->kern_data_ptr;
7148		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7149		tpg_desc = &rtg_ptr->groups[0];
7150	}
7151
7152	mtx_lock(&softc->ctl_lock);
7153	pg = softc->port_min / softc->port_cnt;
7154	if (lun->flags & (CTL_LUN_PRIMARY_SC | CTL_LUN_PEER_SC_PRIMARY)) {
7155		/* Some shelf is known to be primary. */
7156		if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7157			os = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7158		else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7159			os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7160		else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7161			os = TPG_ASYMMETRIC_ACCESS_STANDBY;
7162		else
7163			os = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7164		if (lun->flags & CTL_LUN_PRIMARY_SC) {
7165			ts = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7166		} else {
7167			ts = os;
7168			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7169		}
7170	} else {
7171		/* No known primary shelf. */
7172		if (softc->ha_link == CTL_HA_LINK_OFFLINE) {
7173			ts = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7174			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7175		} else if (softc->ha_link == CTL_HA_LINK_UNKNOWN) {
7176			ts = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7177			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7178		} else {
7179			ts = os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7180		}
7181	}
7182	if (shared_group) {
7183		tpg_desc->pref_state = ts;
7184		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7185		    TPG_U_SUP | TPG_T_SUP;
7186		scsi_ulto2b(1, tpg_desc->target_port_group);
7187		tpg_desc->status = TPG_IMPLICIT;
7188		pc = 0;
7189		STAILQ_FOREACH(port, &softc->port_list, links) {
7190			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7191				continue;
7192			if (!softc->is_single &&
7193			    (port->status & CTL_PORT_STATUS_HA_SHARED) == 0)
7194				continue;
7195			if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7196				continue;
7197			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7198			    relative_target_port_identifier);
7199			pc++;
7200		}
7201		tpg_desc->target_port_count = pc;
7202		tpg_desc = (struct scsi_target_port_group_descriptor *)
7203		    &tpg_desc->descriptors[pc];
7204	}
7205	for (g = 0; g < num_ha_groups; g++) {
7206		tpg_desc->pref_state = (g == pg) ? ts : os;
7207		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7208		    TPG_U_SUP | TPG_T_SUP;
7209		scsi_ulto2b(2 + g, tpg_desc->target_port_group);
7210		tpg_desc->status = TPG_IMPLICIT;
7211		pc = 0;
7212		STAILQ_FOREACH(port, &softc->port_list, links) {
7213			if (port->targ_port < g * softc->port_cnt ||
7214			    port->targ_port >= (g + 1) * softc->port_cnt)
7215				continue;
7216			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7217				continue;
7218			if (port->status & CTL_PORT_STATUS_HA_SHARED)
7219				continue;
7220			if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7221				continue;
7222			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7223			    relative_target_port_identifier);
7224			pc++;
7225		}
7226		tpg_desc->target_port_count = pc;
7227		tpg_desc = (struct scsi_target_port_group_descriptor *)
7228		    &tpg_desc->descriptors[pc];
7229	}
7230	mtx_unlock(&softc->ctl_lock);
7231
7232	ctl_set_success(ctsio);
7233	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7234	ctsio->be_move_done = ctl_config_move_done;
7235	ctl_datamove((union ctl_io *)ctsio);
7236	return(retval);
7237}
7238
7239int
7240ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7241{
7242	struct ctl_lun *lun = CTL_LUN(ctsio);
7243	struct scsi_report_supported_opcodes *cdb;
7244	const struct ctl_cmd_entry *entry, *sentry;
7245	struct scsi_report_supported_opcodes_all *all;
7246	struct scsi_report_supported_opcodes_descr *descr;
7247	struct scsi_report_supported_opcodes_one *one;
7248	int retval;
7249	int alloc_len, total_len;
7250	int opcode, service_action, i, j, num;
7251
7252	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7253
7254	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7255	retval = CTL_RETVAL_COMPLETE;
7256
7257	opcode = cdb->requested_opcode;
7258	service_action = scsi_2btoul(cdb->requested_service_action);
7259	switch (cdb->options & RSO_OPTIONS_MASK) {
7260	case RSO_OPTIONS_ALL:
7261		num = 0;
7262		for (i = 0; i < 256; i++) {
7263			entry = &ctl_cmd_table[i];
7264			if (entry->flags & CTL_CMD_FLAG_SA5) {
7265				for (j = 0; j < 32; j++) {
7266					sentry = &((const struct ctl_cmd_entry *)
7267					    entry->execute)[j];
7268					if (ctl_cmd_applicable(
7269					    lun->be_lun->lun_type, sentry))
7270						num++;
7271				}
7272			} else {
7273				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7274				    entry))
7275					num++;
7276			}
7277		}
7278		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7279		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7280		break;
7281	case RSO_OPTIONS_OC:
7282		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7283			ctl_set_invalid_field(/*ctsio*/ ctsio,
7284					      /*sks_valid*/ 1,
7285					      /*command*/ 1,
7286					      /*field*/ 2,
7287					      /*bit_valid*/ 1,
7288					      /*bit*/ 2);
7289			ctl_done((union ctl_io *)ctsio);
7290			return (CTL_RETVAL_COMPLETE);
7291		}
7292		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7293		break;
7294	case RSO_OPTIONS_OC_SA:
7295		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7296		    service_action >= 32) {
7297			ctl_set_invalid_field(/*ctsio*/ ctsio,
7298					      /*sks_valid*/ 1,
7299					      /*command*/ 1,
7300					      /*field*/ 2,
7301					      /*bit_valid*/ 1,
7302					      /*bit*/ 2);
7303			ctl_done((union ctl_io *)ctsio);
7304			return (CTL_RETVAL_COMPLETE);
7305		}
7306		/* FALLTHROUGH */
7307	case RSO_OPTIONS_OC_ASA:
7308		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7309		break;
7310	default:
7311		ctl_set_invalid_field(/*ctsio*/ ctsio,
7312				      /*sks_valid*/ 1,
7313				      /*command*/ 1,
7314				      /*field*/ 2,
7315				      /*bit_valid*/ 1,
7316				      /*bit*/ 2);
7317		ctl_done((union ctl_io *)ctsio);
7318		return (CTL_RETVAL_COMPLETE);
7319	}
7320
7321	alloc_len = scsi_4btoul(cdb->length);
7322
7323	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7324	ctsio->kern_sg_entries = 0;
7325	ctsio->kern_rel_offset = 0;
7326	ctsio->kern_data_len = min(total_len, alloc_len);
7327	ctsio->kern_total_len = ctsio->kern_data_len;
7328
7329	switch (cdb->options & RSO_OPTIONS_MASK) {
7330	case RSO_OPTIONS_ALL:
7331		all = (struct scsi_report_supported_opcodes_all *)
7332		    ctsio->kern_data_ptr;
7333		num = 0;
7334		for (i = 0; i < 256; i++) {
7335			entry = &ctl_cmd_table[i];
7336			if (entry->flags & CTL_CMD_FLAG_SA5) {
7337				for (j = 0; j < 32; j++) {
7338					sentry = &((const struct ctl_cmd_entry *)
7339					    entry->execute)[j];
7340					if (!ctl_cmd_applicable(
7341					    lun->be_lun->lun_type, sentry))
7342						continue;
7343					descr = &all->descr[num++];
7344					descr->opcode = i;
7345					scsi_ulto2b(j, descr->service_action);
7346					descr->flags = RSO_SERVACTV;
7347					scsi_ulto2b(sentry->length,
7348					    descr->cdb_length);
7349				}
7350			} else {
7351				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7352				    entry))
7353					continue;
7354				descr = &all->descr[num++];
7355				descr->opcode = i;
7356				scsi_ulto2b(0, descr->service_action);
7357				descr->flags = 0;
7358				scsi_ulto2b(entry->length, descr->cdb_length);
7359			}
7360		}
7361		scsi_ulto4b(
7362		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7363		    all->length);
7364		break;
7365	case RSO_OPTIONS_OC:
7366		one = (struct scsi_report_supported_opcodes_one *)
7367		    ctsio->kern_data_ptr;
7368		entry = &ctl_cmd_table[opcode];
7369		goto fill_one;
7370	case RSO_OPTIONS_OC_SA:
7371		one = (struct scsi_report_supported_opcodes_one *)
7372		    ctsio->kern_data_ptr;
7373		entry = &ctl_cmd_table[opcode];
7374		entry = &((const struct ctl_cmd_entry *)
7375		    entry->execute)[service_action];
7376fill_one:
7377		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7378			one->support = 3;
7379			scsi_ulto2b(entry->length, one->cdb_length);
7380			one->cdb_usage[0] = opcode;
7381			memcpy(&one->cdb_usage[1], entry->usage,
7382			    entry->length - 1);
7383		} else
7384			one->support = 1;
7385		break;
7386	case RSO_OPTIONS_OC_ASA:
7387		one = (struct scsi_report_supported_opcodes_one *)
7388		    ctsio->kern_data_ptr;
7389		entry = &ctl_cmd_table[opcode];
7390		if (entry->flags & CTL_CMD_FLAG_SA5) {
7391			entry = &((const struct ctl_cmd_entry *)
7392			    entry->execute)[service_action];
7393		} else if (service_action != 0) {
7394			one->support = 1;
7395			break;
7396		}
7397		goto fill_one;
7398	}
7399
7400	ctl_set_success(ctsio);
7401	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7402	ctsio->be_move_done = ctl_config_move_done;
7403	ctl_datamove((union ctl_io *)ctsio);
7404	return(retval);
7405}
7406
7407int
7408ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7409{
7410	struct scsi_report_supported_tmf *cdb;
7411	struct scsi_report_supported_tmf_ext_data *data;
7412	int retval;
7413	int alloc_len, total_len;
7414
7415	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7416
7417	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7418
7419	retval = CTL_RETVAL_COMPLETE;
7420
7421	if (cdb->options & RST_REPD)
7422		total_len = sizeof(struct scsi_report_supported_tmf_ext_data);
7423	else
7424		total_len = sizeof(struct scsi_report_supported_tmf_data);
7425	alloc_len = scsi_4btoul(cdb->length);
7426
7427	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7428	ctsio->kern_sg_entries = 0;
7429	ctsio->kern_rel_offset = 0;
7430	ctsio->kern_data_len = min(total_len, alloc_len);
7431	ctsio->kern_total_len = ctsio->kern_data_len;
7432
7433	data = (struct scsi_report_supported_tmf_ext_data *)ctsio->kern_data_ptr;
7434	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7435	    RST_TRS;
7436	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7437	data->length = total_len - 4;
7438
7439	ctl_set_success(ctsio);
7440	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7441	ctsio->be_move_done = ctl_config_move_done;
7442	ctl_datamove((union ctl_io *)ctsio);
7443	return (retval);
7444}
7445
7446int
7447ctl_report_timestamp(struct ctl_scsiio *ctsio)
7448{
7449	struct scsi_report_timestamp *cdb;
7450	struct scsi_report_timestamp_data *data;
7451	struct timeval tv;
7452	int64_t timestamp;
7453	int retval;
7454	int alloc_len, total_len;
7455
7456	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7457
7458	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7459
7460	retval = CTL_RETVAL_COMPLETE;
7461
7462	total_len = sizeof(struct scsi_report_timestamp_data);
7463	alloc_len = scsi_4btoul(cdb->length);
7464
7465	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7466	ctsio->kern_sg_entries = 0;
7467	ctsio->kern_rel_offset = 0;
7468	ctsio->kern_data_len = min(total_len, alloc_len);
7469	ctsio->kern_total_len = ctsio->kern_data_len;
7470
7471	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7472	scsi_ulto2b(sizeof(*data) - 2, data->length);
7473	data->origin = RTS_ORIG_OUTSIDE;
7474	getmicrotime(&tv);
7475	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7476	scsi_ulto4b(timestamp >> 16, data->timestamp);
7477	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7478
7479	ctl_set_success(ctsio);
7480	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7481	ctsio->be_move_done = ctl_config_move_done;
7482	ctl_datamove((union ctl_io *)ctsio);
7483	return (retval);
7484}
7485
7486int
7487ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7488{
7489	struct ctl_softc *softc = CTL_SOFTC(ctsio);
7490	struct ctl_lun *lun = CTL_LUN(ctsio);
7491	struct scsi_per_res_in *cdb;
7492	int alloc_len, total_len = 0;
7493	/* struct scsi_per_res_in_rsrv in_data; */
7494	uint64_t key;
7495
7496	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7497
7498	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7499
7500	alloc_len = scsi_2btoul(cdb->length);
7501
7502retry:
7503	mtx_lock(&lun->lun_lock);
7504	switch (cdb->action) {
7505	case SPRI_RK: /* read keys */
7506		total_len = sizeof(struct scsi_per_res_in_keys) +
7507			lun->pr_key_count *
7508			sizeof(struct scsi_per_res_key);
7509		break;
7510	case SPRI_RR: /* read reservation */
7511		if (lun->flags & CTL_LUN_PR_RESERVED)
7512			total_len = sizeof(struct scsi_per_res_in_rsrv);
7513		else
7514			total_len = sizeof(struct scsi_per_res_in_header);
7515		break;
7516	case SPRI_RC: /* report capabilities */
7517		total_len = sizeof(struct scsi_per_res_cap);
7518		break;
7519	case SPRI_RS: /* read full status */
7520		total_len = sizeof(struct scsi_per_res_in_header) +
7521		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7522		    lun->pr_key_count;
7523		break;
7524	default:
7525		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7526	}
7527	mtx_unlock(&lun->lun_lock);
7528
7529	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7530	ctsio->kern_rel_offset = 0;
7531	ctsio->kern_sg_entries = 0;
7532	ctsio->kern_data_len = min(total_len, alloc_len);
7533	ctsio->kern_total_len = ctsio->kern_data_len;
7534
7535	mtx_lock(&lun->lun_lock);
7536	switch (cdb->action) {
7537	case SPRI_RK: { // read keys
7538        struct scsi_per_res_in_keys *res_keys;
7539		int i, key_count;
7540
7541		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7542
7543		/*
7544		 * We had to drop the lock to allocate our buffer, which
7545		 * leaves time for someone to come in with another
7546		 * persistent reservation.  (That is unlikely, though,
7547		 * since this should be the only persistent reservation
7548		 * command active right now.)
7549		 */
7550		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7551		    (lun->pr_key_count *
7552		     sizeof(struct scsi_per_res_key)))){
7553			mtx_unlock(&lun->lun_lock);
7554			free(ctsio->kern_data_ptr, M_CTL);
7555			printf("%s: reservation length changed, retrying\n",
7556			       __func__);
7557			goto retry;
7558		}
7559
7560		scsi_ulto4b(lun->pr_generation, res_keys->header.generation);
7561
7562		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7563			     lun->pr_key_count, res_keys->header.length);
7564
7565		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7566			if ((key = ctl_get_prkey(lun, i)) == 0)
7567				continue;
7568
7569			/*
7570			 * We used lun->pr_key_count to calculate the
7571			 * size to allocate.  If it turns out the number of
7572			 * initiators with the registered flag set is
7573			 * larger than that (i.e. they haven't been kept in
7574			 * sync), we've got a problem.
7575			 */
7576			if (key_count >= lun->pr_key_count) {
7577				key_count++;
7578				continue;
7579			}
7580			scsi_u64to8b(key, res_keys->keys[key_count].key);
7581			key_count++;
7582		}
7583		break;
7584	}
7585	case SPRI_RR: { // read reservation
7586		struct scsi_per_res_in_rsrv *res;
7587		int tmp_len, header_only;
7588
7589		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7590
7591		scsi_ulto4b(lun->pr_generation, res->header.generation);
7592
7593		if (lun->flags & CTL_LUN_PR_RESERVED)
7594		{
7595			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7596			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7597				    res->header.length);
7598			header_only = 0;
7599		} else {
7600			tmp_len = sizeof(struct scsi_per_res_in_header);
7601			scsi_ulto4b(0, res->header.length);
7602			header_only = 1;
7603		}
7604
7605		/*
7606		 * We had to drop the lock to allocate our buffer, which
7607		 * leaves time for someone to come in with another
7608		 * persistent reservation.  (That is unlikely, though,
7609		 * since this should be the only persistent reservation
7610		 * command active right now.)
7611		 */
7612		if (tmp_len != total_len) {
7613			mtx_unlock(&lun->lun_lock);
7614			free(ctsio->kern_data_ptr, M_CTL);
7615			printf("%s: reservation status changed, retrying\n",
7616			       __func__);
7617			goto retry;
7618		}
7619
7620		/*
7621		 * No reservation held, so we're done.
7622		 */
7623		if (header_only != 0)
7624			break;
7625
7626		/*
7627		 * If the registration is an All Registrants type, the key
7628		 * is 0, since it doesn't really matter.
7629		 */
7630		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7631			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7632			    res->data.reservation);
7633		}
7634		res->data.scopetype = lun->pr_res_type;
7635		break;
7636	}
7637	case SPRI_RC:     //report capabilities
7638	{
7639		struct scsi_per_res_cap *res_cap;
7640		uint16_t type_mask;
7641
7642		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7643		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7644		res_cap->flags1 = SPRI_CRH;
7645		res_cap->flags2 = SPRI_TMV | SPRI_ALLOW_5;
7646		type_mask = SPRI_TM_WR_EX_AR |
7647			    SPRI_TM_EX_AC_RO |
7648			    SPRI_TM_WR_EX_RO |
7649			    SPRI_TM_EX_AC |
7650			    SPRI_TM_WR_EX |
7651			    SPRI_TM_EX_AC_AR;
7652		scsi_ulto2b(type_mask, res_cap->type_mask);
7653		break;
7654	}
7655	case SPRI_RS: { // read full status
7656		struct scsi_per_res_in_full *res_status;
7657		struct scsi_per_res_in_full_desc *res_desc;
7658		struct ctl_port *port;
7659		int i, len;
7660
7661		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7662
7663		/*
7664		 * We had to drop the lock to allocate our buffer, which
7665		 * leaves time for someone to come in with another
7666		 * persistent reservation.  (That is unlikely, though,
7667		 * since this should be the only persistent reservation
7668		 * command active right now.)
7669		 */
7670		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7671		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7672		     lun->pr_key_count)){
7673			mtx_unlock(&lun->lun_lock);
7674			free(ctsio->kern_data_ptr, M_CTL);
7675			printf("%s: reservation length changed, retrying\n",
7676			       __func__);
7677			goto retry;
7678		}
7679
7680		scsi_ulto4b(lun->pr_generation, res_status->header.generation);
7681
7682		res_desc = &res_status->desc[0];
7683		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7684			if ((key = ctl_get_prkey(lun, i)) == 0)
7685				continue;
7686
7687			scsi_u64to8b(key, res_desc->res_key.key);
7688			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7689			    (lun->pr_res_idx == i ||
7690			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7691				res_desc->flags = SPRI_FULL_R_HOLDER;
7692				res_desc->scopetype = lun->pr_res_type;
7693			}
7694			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7695			    res_desc->rel_trgt_port_id);
7696			len = 0;
7697			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7698			if (port != NULL)
7699				len = ctl_create_iid(port,
7700				    i % CTL_MAX_INIT_PER_PORT,
7701				    res_desc->transport_id);
7702			scsi_ulto4b(len, res_desc->additional_length);
7703			res_desc = (struct scsi_per_res_in_full_desc *)
7704			    &res_desc->transport_id[len];
7705		}
7706		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7707		    res_status->header.length);
7708		break;
7709	}
7710	default:
7711		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7712	}
7713	mtx_unlock(&lun->lun_lock);
7714
7715	ctl_set_success(ctsio);
7716	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7717	ctsio->be_move_done = ctl_config_move_done;
7718	ctl_datamove((union ctl_io *)ctsio);
7719	return (CTL_RETVAL_COMPLETE);
7720}
7721
7722/*
7723 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7724 * it should return.
7725 */
7726static int
7727ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7728		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7729		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7730		struct scsi_per_res_out_parms* param)
7731{
7732	union ctl_ha_msg persis_io;
7733	int i;
7734
7735	mtx_lock(&lun->lun_lock);
7736	if (sa_res_key == 0) {
7737		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7738			/* validate scope and type */
7739			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7740			     SPR_LU_SCOPE) {
7741				mtx_unlock(&lun->lun_lock);
7742				ctl_set_invalid_field(/*ctsio*/ ctsio,
7743						      /*sks_valid*/ 1,
7744						      /*command*/ 1,
7745						      /*field*/ 2,
7746						      /*bit_valid*/ 1,
7747						      /*bit*/ 4);
7748				ctl_done((union ctl_io *)ctsio);
7749				return (1);
7750			}
7751
7752		        if (type>8 || type==2 || type==4 || type==0) {
7753				mtx_unlock(&lun->lun_lock);
7754				ctl_set_invalid_field(/*ctsio*/ ctsio,
7755       	           				      /*sks_valid*/ 1,
7756						      /*command*/ 1,
7757						      /*field*/ 2,
7758						      /*bit_valid*/ 1,
7759						      /*bit*/ 0);
7760				ctl_done((union ctl_io *)ctsio);
7761				return (1);
7762		        }
7763
7764			/*
7765			 * Unregister everybody else and build UA for
7766			 * them
7767			 */
7768			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7769				if (i == residx || ctl_get_prkey(lun, i) == 0)
7770					continue;
7771
7772				ctl_clr_prkey(lun, i);
7773				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7774			}
7775			lun->pr_key_count = 1;
7776			lun->pr_res_type = type;
7777			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7778			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7779				lun->pr_res_idx = residx;
7780			lun->pr_generation++;
7781			mtx_unlock(&lun->lun_lock);
7782
7783			/* send msg to other side */
7784			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7785			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7786			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7787			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7788			persis_io.pr.pr_info.res_type = type;
7789			memcpy(persis_io.pr.pr_info.sa_res_key,
7790			       param->serv_act_res_key,
7791			       sizeof(param->serv_act_res_key));
7792			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7793			    sizeof(persis_io.pr), M_WAITOK);
7794		} else {
7795			/* not all registrants */
7796			mtx_unlock(&lun->lun_lock);
7797			free(ctsio->kern_data_ptr, M_CTL);
7798			ctl_set_invalid_field(ctsio,
7799					      /*sks_valid*/ 1,
7800					      /*command*/ 0,
7801					      /*field*/ 8,
7802					      /*bit_valid*/ 0,
7803					      /*bit*/ 0);
7804			ctl_done((union ctl_io *)ctsio);
7805			return (1);
7806		}
7807	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7808		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7809		int found = 0;
7810
7811		if (res_key == sa_res_key) {
7812			/* special case */
7813			/*
7814			 * The spec implies this is not good but doesn't
7815			 * say what to do. There are two choices either
7816			 * generate a res conflict or check condition
7817			 * with illegal field in parameter data. Since
7818			 * that is what is done when the sa_res_key is
7819			 * zero I'll take that approach since this has
7820			 * to do with the sa_res_key.
7821			 */
7822			mtx_unlock(&lun->lun_lock);
7823			free(ctsio->kern_data_ptr, M_CTL);
7824			ctl_set_invalid_field(ctsio,
7825					      /*sks_valid*/ 1,
7826					      /*command*/ 0,
7827					      /*field*/ 8,
7828					      /*bit_valid*/ 0,
7829					      /*bit*/ 0);
7830			ctl_done((union ctl_io *)ctsio);
7831			return (1);
7832		}
7833
7834		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7835			if (ctl_get_prkey(lun, i) != sa_res_key)
7836				continue;
7837
7838			found = 1;
7839			ctl_clr_prkey(lun, i);
7840			lun->pr_key_count--;
7841			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7842		}
7843		if (!found) {
7844			mtx_unlock(&lun->lun_lock);
7845			free(ctsio->kern_data_ptr, M_CTL);
7846			ctl_set_reservation_conflict(ctsio);
7847			ctl_done((union ctl_io *)ctsio);
7848			return (CTL_RETVAL_COMPLETE);
7849		}
7850		lun->pr_generation++;
7851		mtx_unlock(&lun->lun_lock);
7852
7853		/* send msg to other side */
7854		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7855		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7856		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7857		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7858		persis_io.pr.pr_info.res_type = type;
7859		memcpy(persis_io.pr.pr_info.sa_res_key,
7860		       param->serv_act_res_key,
7861		       sizeof(param->serv_act_res_key));
7862		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7863		    sizeof(persis_io.pr), M_WAITOK);
7864	} else {
7865		/* Reserved but not all registrants */
7866		/* sa_res_key is res holder */
7867		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7868			/* validate scope and type */
7869			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7870			     SPR_LU_SCOPE) {
7871				mtx_unlock(&lun->lun_lock);
7872				ctl_set_invalid_field(/*ctsio*/ ctsio,
7873						      /*sks_valid*/ 1,
7874						      /*command*/ 1,
7875						      /*field*/ 2,
7876						      /*bit_valid*/ 1,
7877						      /*bit*/ 4);
7878				ctl_done((union ctl_io *)ctsio);
7879				return (1);
7880			}
7881
7882			if (type>8 || type==2 || type==4 || type==0) {
7883				mtx_unlock(&lun->lun_lock);
7884				ctl_set_invalid_field(/*ctsio*/ ctsio,
7885						      /*sks_valid*/ 1,
7886						      /*command*/ 1,
7887						      /*field*/ 2,
7888						      /*bit_valid*/ 1,
7889						      /*bit*/ 0);
7890				ctl_done((union ctl_io *)ctsio);
7891				return (1);
7892			}
7893
7894			/*
7895			 * Do the following:
7896			 * if sa_res_key != res_key remove all
7897			 * registrants w/sa_res_key and generate UA
7898			 * for these registrants(Registrations
7899			 * Preempted) if it wasn't an exclusive
7900			 * reservation generate UA(Reservations
7901			 * Preempted) for all other registered nexuses
7902			 * if the type has changed. Establish the new
7903			 * reservation and holder. If res_key and
7904			 * sa_res_key are the same do the above
7905			 * except don't unregister the res holder.
7906			 */
7907
7908			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7909				if (i == residx || ctl_get_prkey(lun, i) == 0)
7910					continue;
7911
7912				if (sa_res_key == ctl_get_prkey(lun, i)) {
7913					ctl_clr_prkey(lun, i);
7914					lun->pr_key_count--;
7915					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7916				} else if (type != lun->pr_res_type &&
7917				    (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
7918				     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
7919					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7920				}
7921			}
7922			lun->pr_res_type = type;
7923			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7924			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7925				lun->pr_res_idx = residx;
7926			else
7927				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7928			lun->pr_generation++;
7929			mtx_unlock(&lun->lun_lock);
7930
7931			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7932			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7933			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7934			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7935			persis_io.pr.pr_info.res_type = type;
7936			memcpy(persis_io.pr.pr_info.sa_res_key,
7937			       param->serv_act_res_key,
7938			       sizeof(param->serv_act_res_key));
7939			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7940			    sizeof(persis_io.pr), M_WAITOK);
7941		} else {
7942			/*
7943			 * sa_res_key is not the res holder just
7944			 * remove registrants
7945			 */
7946			int found=0;
7947
7948			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7949				if (sa_res_key != ctl_get_prkey(lun, i))
7950					continue;
7951
7952				found = 1;
7953				ctl_clr_prkey(lun, i);
7954				lun->pr_key_count--;
7955				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7956			}
7957
7958			if (!found) {
7959				mtx_unlock(&lun->lun_lock);
7960				free(ctsio->kern_data_ptr, M_CTL);
7961				ctl_set_reservation_conflict(ctsio);
7962				ctl_done((union ctl_io *)ctsio);
7963		        	return (1);
7964			}
7965			lun->pr_generation++;
7966			mtx_unlock(&lun->lun_lock);
7967
7968			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7969			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7970			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7971			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7972			persis_io.pr.pr_info.res_type = type;
7973			memcpy(persis_io.pr.pr_info.sa_res_key,
7974			       param->serv_act_res_key,
7975			       sizeof(param->serv_act_res_key));
7976			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7977			    sizeof(persis_io.pr), M_WAITOK);
7978		}
7979	}
7980	return (0);
7981}
7982
7983static void
7984ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7985{
7986	uint64_t sa_res_key;
7987	int i;
7988
7989	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7990
7991	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7992	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7993	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7994		if (sa_res_key == 0) {
7995			/*
7996			 * Unregister everybody else and build UA for
7997			 * them
7998			 */
7999			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8000				if (i == msg->pr.pr_info.residx ||
8001				    ctl_get_prkey(lun, i) == 0)
8002					continue;
8003
8004				ctl_clr_prkey(lun, i);
8005				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8006			}
8007
8008			lun->pr_key_count = 1;
8009			lun->pr_res_type = msg->pr.pr_info.res_type;
8010			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8011			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8012				lun->pr_res_idx = msg->pr.pr_info.residx;
8013		} else {
8014		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8015				if (sa_res_key == ctl_get_prkey(lun, i))
8016					continue;
8017
8018				ctl_clr_prkey(lun, i);
8019				lun->pr_key_count--;
8020				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8021			}
8022		}
8023	} else {
8024		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8025			if (i == msg->pr.pr_info.residx ||
8026			    ctl_get_prkey(lun, i) == 0)
8027				continue;
8028
8029			if (sa_res_key == ctl_get_prkey(lun, i)) {
8030				ctl_clr_prkey(lun, i);
8031				lun->pr_key_count--;
8032				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8033			} else if (msg->pr.pr_info.res_type != lun->pr_res_type
8034			    && (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8035			     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
8036				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8037			}
8038		}
8039		lun->pr_res_type = msg->pr.pr_info.res_type;
8040		if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8041		    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8042			lun->pr_res_idx = msg->pr.pr_info.residx;
8043		else
8044			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8045	}
8046	lun->pr_generation++;
8047
8048}
8049
8050
8051int
8052ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8053{
8054	struct ctl_softc *softc = CTL_SOFTC(ctsio);
8055	struct ctl_lun *lun = CTL_LUN(ctsio);
8056	int retval;
8057	u_int32_t param_len;
8058	struct scsi_per_res_out *cdb;
8059	struct scsi_per_res_out_parms* param;
8060	uint32_t residx;
8061	uint64_t res_key, sa_res_key, key;
8062	uint8_t type;
8063	union ctl_ha_msg persis_io;
8064	int    i;
8065
8066	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8067
8068	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8069	retval = CTL_RETVAL_COMPLETE;
8070
8071	/*
8072	 * We only support whole-LUN scope.  The scope & type are ignored for
8073	 * register, register and ignore existing key and clear.
8074	 * We sometimes ignore scope and type on preempts too!!
8075	 * Verify reservation type here as well.
8076	 */
8077	type = cdb->scope_type & SPR_TYPE_MASK;
8078	if ((cdb->action == SPRO_RESERVE)
8079	 || (cdb->action == SPRO_RELEASE)) {
8080		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8081			ctl_set_invalid_field(/*ctsio*/ ctsio,
8082					      /*sks_valid*/ 1,
8083					      /*command*/ 1,
8084					      /*field*/ 2,
8085					      /*bit_valid*/ 1,
8086					      /*bit*/ 4);
8087			ctl_done((union ctl_io *)ctsio);
8088			return (CTL_RETVAL_COMPLETE);
8089		}
8090
8091		if (type>8 || type==2 || type==4 || type==0) {
8092			ctl_set_invalid_field(/*ctsio*/ ctsio,
8093					      /*sks_valid*/ 1,
8094					      /*command*/ 1,
8095					      /*field*/ 2,
8096					      /*bit_valid*/ 1,
8097					      /*bit*/ 0);
8098			ctl_done((union ctl_io *)ctsio);
8099			return (CTL_RETVAL_COMPLETE);
8100		}
8101	}
8102
8103	param_len = scsi_4btoul(cdb->length);
8104
8105	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8106		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8107		ctsio->kern_data_len = param_len;
8108		ctsio->kern_total_len = param_len;
8109		ctsio->kern_rel_offset = 0;
8110		ctsio->kern_sg_entries = 0;
8111		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8112		ctsio->be_move_done = ctl_config_move_done;
8113		ctl_datamove((union ctl_io *)ctsio);
8114
8115		return (CTL_RETVAL_COMPLETE);
8116	}
8117
8118	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8119
8120	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8121	res_key = scsi_8btou64(param->res_key.key);
8122	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8123
8124	/*
8125	 * Validate the reservation key here except for SPRO_REG_IGNO
8126	 * This must be done for all other service actions
8127	 */
8128	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8129		mtx_lock(&lun->lun_lock);
8130		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8131			if (res_key != key) {
8132				/*
8133				 * The current key passed in doesn't match
8134				 * the one the initiator previously
8135				 * registered.
8136				 */
8137				mtx_unlock(&lun->lun_lock);
8138				free(ctsio->kern_data_ptr, M_CTL);
8139				ctl_set_reservation_conflict(ctsio);
8140				ctl_done((union ctl_io *)ctsio);
8141				return (CTL_RETVAL_COMPLETE);
8142			}
8143		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8144			/*
8145			 * We are not registered
8146			 */
8147			mtx_unlock(&lun->lun_lock);
8148			free(ctsio->kern_data_ptr, M_CTL);
8149			ctl_set_reservation_conflict(ctsio);
8150			ctl_done((union ctl_io *)ctsio);
8151			return (CTL_RETVAL_COMPLETE);
8152		} else if (res_key != 0) {
8153			/*
8154			 * We are not registered and trying to register but
8155			 * the register key isn't zero.
8156			 */
8157			mtx_unlock(&lun->lun_lock);
8158			free(ctsio->kern_data_ptr, M_CTL);
8159			ctl_set_reservation_conflict(ctsio);
8160			ctl_done((union ctl_io *)ctsio);
8161			return (CTL_RETVAL_COMPLETE);
8162		}
8163		mtx_unlock(&lun->lun_lock);
8164	}
8165
8166	switch (cdb->action & SPRO_ACTION_MASK) {
8167	case SPRO_REGISTER:
8168	case SPRO_REG_IGNO: {
8169
8170#if 0
8171		printf("Registration received\n");
8172#endif
8173
8174		/*
8175		 * We don't support any of these options, as we report in
8176		 * the read capabilities request (see
8177		 * ctl_persistent_reserve_in(), above).
8178		 */
8179		if ((param->flags & SPR_SPEC_I_PT)
8180		 || (param->flags & SPR_ALL_TG_PT)
8181		 || (param->flags & SPR_APTPL)) {
8182			int bit_ptr;
8183
8184			if (param->flags & SPR_APTPL)
8185				bit_ptr = 0;
8186			else if (param->flags & SPR_ALL_TG_PT)
8187				bit_ptr = 2;
8188			else /* SPR_SPEC_I_PT */
8189				bit_ptr = 3;
8190
8191			free(ctsio->kern_data_ptr, M_CTL);
8192			ctl_set_invalid_field(ctsio,
8193					      /*sks_valid*/ 1,
8194					      /*command*/ 0,
8195					      /*field*/ 20,
8196					      /*bit_valid*/ 1,
8197					      /*bit*/ bit_ptr);
8198			ctl_done((union ctl_io *)ctsio);
8199			return (CTL_RETVAL_COMPLETE);
8200		}
8201
8202		mtx_lock(&lun->lun_lock);
8203
8204		/*
8205		 * The initiator wants to clear the
8206		 * key/unregister.
8207		 */
8208		if (sa_res_key == 0) {
8209			if ((res_key == 0
8210			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8211			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8212			  && ctl_get_prkey(lun, residx) == 0)) {
8213				mtx_unlock(&lun->lun_lock);
8214				goto done;
8215			}
8216
8217			ctl_clr_prkey(lun, residx);
8218			lun->pr_key_count--;
8219
8220			if (residx == lun->pr_res_idx) {
8221				lun->flags &= ~CTL_LUN_PR_RESERVED;
8222				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8223
8224				if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8225				     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8226				    lun->pr_key_count) {
8227					/*
8228					 * If the reservation is a registrants
8229					 * only type we need to generate a UA
8230					 * for other registered inits.  The
8231					 * sense code should be RESERVATIONS
8232					 * RELEASED
8233					 */
8234
8235					for (i = softc->init_min; i < softc->init_max; i++){
8236						if (ctl_get_prkey(lun, i) == 0)
8237							continue;
8238						ctl_est_ua(lun, i,
8239						    CTL_UA_RES_RELEASE);
8240					}
8241				}
8242				lun->pr_res_type = 0;
8243			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8244				if (lun->pr_key_count==0) {
8245					lun->flags &= ~CTL_LUN_PR_RESERVED;
8246					lun->pr_res_type = 0;
8247					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8248				}
8249			}
8250			lun->pr_generation++;
8251			mtx_unlock(&lun->lun_lock);
8252
8253			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8254			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8255			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8256			persis_io.pr.pr_info.residx = residx;
8257			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8258			    sizeof(persis_io.pr), M_WAITOK);
8259		} else /* sa_res_key != 0 */ {
8260
8261			/*
8262			 * If we aren't registered currently then increment
8263			 * the key count and set the registered flag.
8264			 */
8265			ctl_alloc_prkey(lun, residx);
8266			if (ctl_get_prkey(lun, residx) == 0)
8267				lun->pr_key_count++;
8268			ctl_set_prkey(lun, residx, sa_res_key);
8269			lun->pr_generation++;
8270			mtx_unlock(&lun->lun_lock);
8271
8272			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8273			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8274			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8275			persis_io.pr.pr_info.residx = residx;
8276			memcpy(persis_io.pr.pr_info.sa_res_key,
8277			       param->serv_act_res_key,
8278			       sizeof(param->serv_act_res_key));
8279			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8280			    sizeof(persis_io.pr), M_WAITOK);
8281		}
8282
8283		break;
8284	}
8285	case SPRO_RESERVE:
8286#if 0
8287                printf("Reserve executed type %d\n", type);
8288#endif
8289		mtx_lock(&lun->lun_lock);
8290		if (lun->flags & CTL_LUN_PR_RESERVED) {
8291			/*
8292			 * if this isn't the reservation holder and it's
8293			 * not a "all registrants" type or if the type is
8294			 * different then we have a conflict
8295			 */
8296			if ((lun->pr_res_idx != residx
8297			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8298			 || lun->pr_res_type != type) {
8299				mtx_unlock(&lun->lun_lock);
8300				free(ctsio->kern_data_ptr, M_CTL);
8301				ctl_set_reservation_conflict(ctsio);
8302				ctl_done((union ctl_io *)ctsio);
8303				return (CTL_RETVAL_COMPLETE);
8304			}
8305			mtx_unlock(&lun->lun_lock);
8306		} else /* create a reservation */ {
8307			/*
8308			 * If it's not an "all registrants" type record
8309			 * reservation holder
8310			 */
8311			if (type != SPR_TYPE_WR_EX_AR
8312			 && type != SPR_TYPE_EX_AC_AR)
8313				lun->pr_res_idx = residx; /* Res holder */
8314			else
8315				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8316
8317			lun->flags |= CTL_LUN_PR_RESERVED;
8318			lun->pr_res_type = type;
8319
8320			mtx_unlock(&lun->lun_lock);
8321
8322			/* send msg to other side */
8323			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8324			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8325			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8326			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8327			persis_io.pr.pr_info.res_type = type;
8328			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8329			    sizeof(persis_io.pr), M_WAITOK);
8330		}
8331		break;
8332
8333	case SPRO_RELEASE:
8334		mtx_lock(&lun->lun_lock);
8335		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8336			/* No reservation exists return good status */
8337			mtx_unlock(&lun->lun_lock);
8338			goto done;
8339		}
8340		/*
8341		 * Is this nexus a reservation holder?
8342		 */
8343		if (lun->pr_res_idx != residx
8344		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8345			/*
8346			 * not a res holder return good status but
8347			 * do nothing
8348			 */
8349			mtx_unlock(&lun->lun_lock);
8350			goto done;
8351		}
8352
8353		if (lun->pr_res_type != type) {
8354			mtx_unlock(&lun->lun_lock);
8355			free(ctsio->kern_data_ptr, M_CTL);
8356			ctl_set_illegal_pr_release(ctsio);
8357			ctl_done((union ctl_io *)ctsio);
8358			return (CTL_RETVAL_COMPLETE);
8359		}
8360
8361		/* okay to release */
8362		lun->flags &= ~CTL_LUN_PR_RESERVED;
8363		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8364		lun->pr_res_type = 0;
8365
8366		/*
8367		 * If this isn't an exclusive access reservation and NUAR
8368		 * is not set, generate UA for all other registrants.
8369		 */
8370		if (type != SPR_TYPE_EX_AC && type != SPR_TYPE_WR_EX &&
8371		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8372			for (i = softc->init_min; i < softc->init_max; i++) {
8373				if (i == residx || ctl_get_prkey(lun, i) == 0)
8374					continue;
8375				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8376			}
8377		}
8378		mtx_unlock(&lun->lun_lock);
8379
8380		/* Send msg to other side */
8381		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8382		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8383		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8384		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8385		     sizeof(persis_io.pr), M_WAITOK);
8386		break;
8387
8388	case SPRO_CLEAR:
8389		/* send msg to other side */
8390
8391		mtx_lock(&lun->lun_lock);
8392		lun->flags &= ~CTL_LUN_PR_RESERVED;
8393		lun->pr_res_type = 0;
8394		lun->pr_key_count = 0;
8395		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8396
8397		ctl_clr_prkey(lun, residx);
8398		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8399			if (ctl_get_prkey(lun, i) != 0) {
8400				ctl_clr_prkey(lun, i);
8401				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8402			}
8403		lun->pr_generation++;
8404		mtx_unlock(&lun->lun_lock);
8405
8406		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8407		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8408		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8409		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8410		     sizeof(persis_io.pr), M_WAITOK);
8411		break;
8412
8413	case SPRO_PREEMPT:
8414	case SPRO_PRE_ABO: {
8415		int nretval;
8416
8417		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8418					  residx, ctsio, cdb, param);
8419		if (nretval != 0)
8420			return (CTL_RETVAL_COMPLETE);
8421		break;
8422	}
8423	default:
8424		panic("%s: Invalid PR type %#x", __func__, cdb->action);
8425	}
8426
8427done:
8428	free(ctsio->kern_data_ptr, M_CTL);
8429	ctl_set_success(ctsio);
8430	ctl_done((union ctl_io *)ctsio);
8431
8432	return (retval);
8433}
8434
8435/*
8436 * This routine is for handling a message from the other SC pertaining to
8437 * persistent reserve out. All the error checking will have been done
8438 * so only perorming the action need be done here to keep the two
8439 * in sync.
8440 */
8441static void
8442ctl_hndl_per_res_out_on_other_sc(union ctl_io *io)
8443{
8444	struct ctl_softc *softc = CTL_SOFTC(io);
8445	union ctl_ha_msg *msg = (union ctl_ha_msg *)&io->presio.pr_msg;
8446	struct ctl_lun *lun;
8447	int i;
8448	uint32_t residx, targ_lun;
8449
8450	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8451	mtx_lock(&softc->ctl_lock);
8452	if (targ_lun >= CTL_MAX_LUNS ||
8453	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
8454		mtx_unlock(&softc->ctl_lock);
8455		return;
8456	}
8457	mtx_lock(&lun->lun_lock);
8458	mtx_unlock(&softc->ctl_lock);
8459	if (lun->flags & CTL_LUN_DISABLED) {
8460		mtx_unlock(&lun->lun_lock);
8461		return;
8462	}
8463	residx = ctl_get_initindex(&msg->hdr.nexus);
8464	switch(msg->pr.pr_info.action) {
8465	case CTL_PR_REG_KEY:
8466		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8467		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8468			lun->pr_key_count++;
8469		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8470		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8471		lun->pr_generation++;
8472		break;
8473
8474	case CTL_PR_UNREG_KEY:
8475		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8476		lun->pr_key_count--;
8477
8478		/* XXX Need to see if the reservation has been released */
8479		/* if so do we need to generate UA? */
8480		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8481			lun->flags &= ~CTL_LUN_PR_RESERVED;
8482			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8483
8484			if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8485			     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8486			    lun->pr_key_count) {
8487				/*
8488				 * If the reservation is a registrants
8489				 * only type we need to generate a UA
8490				 * for other registered inits.  The
8491				 * sense code should be RESERVATIONS
8492				 * RELEASED
8493				 */
8494
8495				for (i = softc->init_min; i < softc->init_max; i++) {
8496					if (ctl_get_prkey(lun, i) == 0)
8497						continue;
8498
8499					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8500				}
8501			}
8502			lun->pr_res_type = 0;
8503		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8504			if (lun->pr_key_count==0) {
8505				lun->flags &= ~CTL_LUN_PR_RESERVED;
8506				lun->pr_res_type = 0;
8507				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8508			}
8509		}
8510		lun->pr_generation++;
8511		break;
8512
8513	case CTL_PR_RESERVE:
8514		lun->flags |= CTL_LUN_PR_RESERVED;
8515		lun->pr_res_type = msg->pr.pr_info.res_type;
8516		lun->pr_res_idx = msg->pr.pr_info.residx;
8517
8518		break;
8519
8520	case CTL_PR_RELEASE:
8521		/*
8522		 * If this isn't an exclusive access reservation and NUAR
8523		 * is not set, generate UA for all other registrants.
8524		 */
8525		if (lun->pr_res_type != SPR_TYPE_EX_AC &&
8526		    lun->pr_res_type != SPR_TYPE_WR_EX &&
8527		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8528			for (i = softc->init_min; i < softc->init_max; i++)
8529				if (i == residx || ctl_get_prkey(lun, i) == 0)
8530					continue;
8531				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8532		}
8533
8534		lun->flags &= ~CTL_LUN_PR_RESERVED;
8535		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8536		lun->pr_res_type = 0;
8537		break;
8538
8539	case CTL_PR_PREEMPT:
8540		ctl_pro_preempt_other(lun, msg);
8541		break;
8542	case CTL_PR_CLEAR:
8543		lun->flags &= ~CTL_LUN_PR_RESERVED;
8544		lun->pr_res_type = 0;
8545		lun->pr_key_count = 0;
8546		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8547
8548		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8549			if (ctl_get_prkey(lun, i) == 0)
8550				continue;
8551			ctl_clr_prkey(lun, i);
8552			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8553		}
8554		lun->pr_generation++;
8555		break;
8556	}
8557
8558	mtx_unlock(&lun->lun_lock);
8559}
8560
8561int
8562ctl_read_write(struct ctl_scsiio *ctsio)
8563{
8564	struct ctl_lun *lun = CTL_LUN(ctsio);
8565	struct ctl_lba_len_flags *lbalen;
8566	uint64_t lba;
8567	uint32_t num_blocks;
8568	int flags, retval;
8569	int isread;
8570
8571	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8572
8573	flags = 0;
8574	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8575	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8576	switch (ctsio->cdb[0]) {
8577	case READ_6:
8578	case WRITE_6: {
8579		struct scsi_rw_6 *cdb;
8580
8581		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8582
8583		lba = scsi_3btoul(cdb->addr);
8584		/* only 5 bits are valid in the most significant address byte */
8585		lba &= 0x1fffff;
8586		num_blocks = cdb->length;
8587		/*
8588		 * This is correct according to SBC-2.
8589		 */
8590		if (num_blocks == 0)
8591			num_blocks = 256;
8592		break;
8593	}
8594	case READ_10:
8595	case WRITE_10: {
8596		struct scsi_rw_10 *cdb;
8597
8598		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8599		if (cdb->byte2 & SRW10_FUA)
8600			flags |= CTL_LLF_FUA;
8601		if (cdb->byte2 & SRW10_DPO)
8602			flags |= CTL_LLF_DPO;
8603		lba = scsi_4btoul(cdb->addr);
8604		num_blocks = scsi_2btoul(cdb->length);
8605		break;
8606	}
8607	case WRITE_VERIFY_10: {
8608		struct scsi_write_verify_10 *cdb;
8609
8610		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8611		flags |= CTL_LLF_FUA;
8612		if (cdb->byte2 & SWV_DPO)
8613			flags |= CTL_LLF_DPO;
8614		lba = scsi_4btoul(cdb->addr);
8615		num_blocks = scsi_2btoul(cdb->length);
8616		break;
8617	}
8618	case READ_12:
8619	case WRITE_12: {
8620		struct scsi_rw_12 *cdb;
8621
8622		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8623		if (cdb->byte2 & SRW12_FUA)
8624			flags |= CTL_LLF_FUA;
8625		if (cdb->byte2 & SRW12_DPO)
8626			flags |= CTL_LLF_DPO;
8627		lba = scsi_4btoul(cdb->addr);
8628		num_blocks = scsi_4btoul(cdb->length);
8629		break;
8630	}
8631	case WRITE_VERIFY_12: {
8632		struct scsi_write_verify_12 *cdb;
8633
8634		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8635		flags |= CTL_LLF_FUA;
8636		if (cdb->byte2 & SWV_DPO)
8637			flags |= CTL_LLF_DPO;
8638		lba = scsi_4btoul(cdb->addr);
8639		num_blocks = scsi_4btoul(cdb->length);
8640		break;
8641	}
8642	case READ_16:
8643	case WRITE_16: {
8644		struct scsi_rw_16 *cdb;
8645
8646		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8647		if (cdb->byte2 & SRW12_FUA)
8648			flags |= CTL_LLF_FUA;
8649		if (cdb->byte2 & SRW12_DPO)
8650			flags |= CTL_LLF_DPO;
8651		lba = scsi_8btou64(cdb->addr);
8652		num_blocks = scsi_4btoul(cdb->length);
8653		break;
8654	}
8655	case WRITE_ATOMIC_16: {
8656		struct scsi_write_atomic_16 *cdb;
8657
8658		if (lun->be_lun->atomicblock == 0) {
8659			ctl_set_invalid_opcode(ctsio);
8660			ctl_done((union ctl_io *)ctsio);
8661			return (CTL_RETVAL_COMPLETE);
8662		}
8663
8664		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8665		if (cdb->byte2 & SRW12_FUA)
8666			flags |= CTL_LLF_FUA;
8667		if (cdb->byte2 & SRW12_DPO)
8668			flags |= CTL_LLF_DPO;
8669		lba = scsi_8btou64(cdb->addr);
8670		num_blocks = scsi_2btoul(cdb->length);
8671		if (num_blocks > lun->be_lun->atomicblock) {
8672			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8673			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8674			    /*bit*/ 0);
8675			ctl_done((union ctl_io *)ctsio);
8676			return (CTL_RETVAL_COMPLETE);
8677		}
8678		break;
8679	}
8680	case WRITE_VERIFY_16: {
8681		struct scsi_write_verify_16 *cdb;
8682
8683		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8684		flags |= CTL_LLF_FUA;
8685		if (cdb->byte2 & SWV_DPO)
8686			flags |= CTL_LLF_DPO;
8687		lba = scsi_8btou64(cdb->addr);
8688		num_blocks = scsi_4btoul(cdb->length);
8689		break;
8690	}
8691	default:
8692		/*
8693		 * We got a command we don't support.  This shouldn't
8694		 * happen, commands should be filtered out above us.
8695		 */
8696		ctl_set_invalid_opcode(ctsio);
8697		ctl_done((union ctl_io *)ctsio);
8698
8699		return (CTL_RETVAL_COMPLETE);
8700		break; /* NOTREACHED */
8701	}
8702
8703	/*
8704	 * The first check is to make sure we're in bounds, the second
8705	 * check is to catch wrap-around problems.  If the lba + num blocks
8706	 * is less than the lba, then we've wrapped around and the block
8707	 * range is invalid anyway.
8708	 */
8709	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8710	 || ((lba + num_blocks) < lba)) {
8711		ctl_set_lba_out_of_range(ctsio,
8712		    MAX(lba, lun->be_lun->maxlba + 1));
8713		ctl_done((union ctl_io *)ctsio);
8714		return (CTL_RETVAL_COMPLETE);
8715	}
8716
8717	/*
8718	 * According to SBC-3, a transfer length of 0 is not an error.
8719	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8720	 * translates to 256 blocks for those commands.
8721	 */
8722	if (num_blocks == 0) {
8723		ctl_set_success(ctsio);
8724		ctl_done((union ctl_io *)ctsio);
8725		return (CTL_RETVAL_COMPLETE);
8726	}
8727
8728	/* Set FUA and/or DPO if caches are disabled. */
8729	if (isread) {
8730		if ((lun->MODE_CACHING.flags1 & SCP_RCD) != 0)
8731			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8732	} else {
8733		if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8734			flags |= CTL_LLF_FUA;
8735	}
8736
8737	lbalen = (struct ctl_lba_len_flags *)
8738	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8739	lbalen->lba = lba;
8740	lbalen->len = num_blocks;
8741	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8742
8743	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8744	ctsio->kern_rel_offset = 0;
8745
8746	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8747
8748	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8749	return (retval);
8750}
8751
8752static int
8753ctl_cnw_cont(union ctl_io *io)
8754{
8755	struct ctl_lun *lun = CTL_LUN(io);
8756	struct ctl_scsiio *ctsio;
8757	struct ctl_lba_len_flags *lbalen;
8758	int retval;
8759
8760	ctsio = &io->scsiio;
8761	ctsio->io_hdr.status = CTL_STATUS_NONE;
8762	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8763	lbalen = (struct ctl_lba_len_flags *)
8764	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8765	lbalen->flags &= ~CTL_LLF_COMPARE;
8766	lbalen->flags |= CTL_LLF_WRITE;
8767
8768	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8769	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8770	return (retval);
8771}
8772
8773int
8774ctl_cnw(struct ctl_scsiio *ctsio)
8775{
8776	struct ctl_lun *lun = CTL_LUN(ctsio);
8777	struct ctl_lba_len_flags *lbalen;
8778	uint64_t lba;
8779	uint32_t num_blocks;
8780	int flags, retval;
8781
8782	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8783
8784	flags = 0;
8785	switch (ctsio->cdb[0]) {
8786	case COMPARE_AND_WRITE: {
8787		struct scsi_compare_and_write *cdb;
8788
8789		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8790		if (cdb->byte2 & SRW10_FUA)
8791			flags |= CTL_LLF_FUA;
8792		if (cdb->byte2 & SRW10_DPO)
8793			flags |= CTL_LLF_DPO;
8794		lba = scsi_8btou64(cdb->addr);
8795		num_blocks = cdb->length;
8796		break;
8797	}
8798	default:
8799		/*
8800		 * We got a command we don't support.  This shouldn't
8801		 * happen, commands should be filtered out above us.
8802		 */
8803		ctl_set_invalid_opcode(ctsio);
8804		ctl_done((union ctl_io *)ctsio);
8805
8806		return (CTL_RETVAL_COMPLETE);
8807		break; /* NOTREACHED */
8808	}
8809
8810	/*
8811	 * The first check is to make sure we're in bounds, the second
8812	 * check is to catch wrap-around problems.  If the lba + num blocks
8813	 * is less than the lba, then we've wrapped around and the block
8814	 * range is invalid anyway.
8815	 */
8816	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8817	 || ((lba + num_blocks) < lba)) {
8818		ctl_set_lba_out_of_range(ctsio,
8819		    MAX(lba, lun->be_lun->maxlba + 1));
8820		ctl_done((union ctl_io *)ctsio);
8821		return (CTL_RETVAL_COMPLETE);
8822	}
8823
8824	/*
8825	 * According to SBC-3, a transfer length of 0 is not an error.
8826	 */
8827	if (num_blocks == 0) {
8828		ctl_set_success(ctsio);
8829		ctl_done((union ctl_io *)ctsio);
8830		return (CTL_RETVAL_COMPLETE);
8831	}
8832
8833	/* Set FUA if write cache is disabled. */
8834	if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8835		flags |= CTL_LLF_FUA;
8836
8837	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8838	ctsio->kern_rel_offset = 0;
8839
8840	/*
8841	 * Set the IO_CONT flag, so that if this I/O gets passed to
8842	 * ctl_data_submit_done(), it'll get passed back to
8843	 * ctl_ctl_cnw_cont() for further processing.
8844	 */
8845	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8846	ctsio->io_cont = ctl_cnw_cont;
8847
8848	lbalen = (struct ctl_lba_len_flags *)
8849	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8850	lbalen->lba = lba;
8851	lbalen->len = num_blocks;
8852	lbalen->flags = CTL_LLF_COMPARE | flags;
8853
8854	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8855	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8856	return (retval);
8857}
8858
8859int
8860ctl_verify(struct ctl_scsiio *ctsio)
8861{
8862	struct ctl_lun *lun = CTL_LUN(ctsio);
8863	struct ctl_lba_len_flags *lbalen;
8864	uint64_t lba;
8865	uint32_t num_blocks;
8866	int bytchk, flags;
8867	int retval;
8868
8869	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8870
8871	bytchk = 0;
8872	flags = CTL_LLF_FUA;
8873	switch (ctsio->cdb[0]) {
8874	case VERIFY_10: {
8875		struct scsi_verify_10 *cdb;
8876
8877		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8878		if (cdb->byte2 & SVFY_BYTCHK)
8879			bytchk = 1;
8880		if (cdb->byte2 & SVFY_DPO)
8881			flags |= CTL_LLF_DPO;
8882		lba = scsi_4btoul(cdb->addr);
8883		num_blocks = scsi_2btoul(cdb->length);
8884		break;
8885	}
8886	case VERIFY_12: {
8887		struct scsi_verify_12 *cdb;
8888
8889		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8890		if (cdb->byte2 & SVFY_BYTCHK)
8891			bytchk = 1;
8892		if (cdb->byte2 & SVFY_DPO)
8893			flags |= CTL_LLF_DPO;
8894		lba = scsi_4btoul(cdb->addr);
8895		num_blocks = scsi_4btoul(cdb->length);
8896		break;
8897	}
8898	case VERIFY_16: {
8899		struct scsi_rw_16 *cdb;
8900
8901		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8902		if (cdb->byte2 & SVFY_BYTCHK)
8903			bytchk = 1;
8904		if (cdb->byte2 & SVFY_DPO)
8905			flags |= CTL_LLF_DPO;
8906		lba = scsi_8btou64(cdb->addr);
8907		num_blocks = scsi_4btoul(cdb->length);
8908		break;
8909	}
8910	default:
8911		/*
8912		 * We got a command we don't support.  This shouldn't
8913		 * happen, commands should be filtered out above us.
8914		 */
8915		ctl_set_invalid_opcode(ctsio);
8916		ctl_done((union ctl_io *)ctsio);
8917		return (CTL_RETVAL_COMPLETE);
8918	}
8919
8920	/*
8921	 * The first check is to make sure we're in bounds, the second
8922	 * check is to catch wrap-around problems.  If the lba + num blocks
8923	 * is less than the lba, then we've wrapped around and the block
8924	 * range is invalid anyway.
8925	 */
8926	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8927	 || ((lba + num_blocks) < lba)) {
8928		ctl_set_lba_out_of_range(ctsio,
8929		    MAX(lba, lun->be_lun->maxlba + 1));
8930		ctl_done((union ctl_io *)ctsio);
8931		return (CTL_RETVAL_COMPLETE);
8932	}
8933
8934	/*
8935	 * According to SBC-3, a transfer length of 0 is not an error.
8936	 */
8937	if (num_blocks == 0) {
8938		ctl_set_success(ctsio);
8939		ctl_done((union ctl_io *)ctsio);
8940		return (CTL_RETVAL_COMPLETE);
8941	}
8942
8943	lbalen = (struct ctl_lba_len_flags *)
8944	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8945	lbalen->lba = lba;
8946	lbalen->len = num_blocks;
8947	if (bytchk) {
8948		lbalen->flags = CTL_LLF_COMPARE | flags;
8949		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8950	} else {
8951		lbalen->flags = CTL_LLF_VERIFY | flags;
8952		ctsio->kern_total_len = 0;
8953	}
8954	ctsio->kern_rel_offset = 0;
8955
8956	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8957	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8958	return (retval);
8959}
8960
8961int
8962ctl_report_luns(struct ctl_scsiio *ctsio)
8963{
8964	struct ctl_softc *softc = CTL_SOFTC(ctsio);
8965	struct ctl_port *port = CTL_PORT(ctsio);
8966	struct ctl_lun *lun, *request_lun = CTL_LUN(ctsio);
8967	struct scsi_report_luns *cdb;
8968	struct scsi_report_luns_data *lun_data;
8969	int num_filled, num_luns, num_port_luns, retval;
8970	uint32_t alloc_len, lun_datalen;
8971	uint32_t initidx, targ_lun_id, lun_id;
8972
8973	retval = CTL_RETVAL_COMPLETE;
8974	cdb = (struct scsi_report_luns *)ctsio->cdb;
8975
8976	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8977
8978	num_luns = 0;
8979	num_port_luns = port->lun_map ? port->lun_map_size : CTL_MAX_LUNS;
8980	mtx_lock(&softc->ctl_lock);
8981	for (targ_lun_id = 0; targ_lun_id < num_port_luns; targ_lun_id++) {
8982		if (ctl_lun_map_from_port(port, targ_lun_id) != UINT32_MAX)
8983			num_luns++;
8984	}
8985	mtx_unlock(&softc->ctl_lock);
8986
8987	switch (cdb->select_report) {
8988	case RPL_REPORT_DEFAULT:
8989	case RPL_REPORT_ALL:
8990	case RPL_REPORT_NONSUBSID:
8991		break;
8992	case RPL_REPORT_WELLKNOWN:
8993	case RPL_REPORT_ADMIN:
8994	case RPL_REPORT_CONGLOM:
8995		num_luns = 0;
8996		break;
8997	default:
8998		ctl_set_invalid_field(ctsio,
8999				      /*sks_valid*/ 1,
9000				      /*command*/ 1,
9001				      /*field*/ 2,
9002				      /*bit_valid*/ 0,
9003				      /*bit*/ 0);
9004		ctl_done((union ctl_io *)ctsio);
9005		return (retval);
9006		break; /* NOTREACHED */
9007	}
9008
9009	alloc_len = scsi_4btoul(cdb->length);
9010	/*
9011	 * The initiator has to allocate at least 16 bytes for this request,
9012	 * so he can at least get the header and the first LUN.  Otherwise
9013	 * we reject the request (per SPC-3 rev 14, section 6.21).
9014	 */
9015	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9016	    sizeof(struct scsi_report_luns_lundata))) {
9017		ctl_set_invalid_field(ctsio,
9018				      /*sks_valid*/ 1,
9019				      /*command*/ 1,
9020				      /*field*/ 6,
9021				      /*bit_valid*/ 0,
9022				      /*bit*/ 0);
9023		ctl_done((union ctl_io *)ctsio);
9024		return (retval);
9025	}
9026
9027	lun_datalen = sizeof(*lun_data) +
9028		(num_luns * sizeof(struct scsi_report_luns_lundata));
9029
9030	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9031	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9032	ctsio->kern_sg_entries = 0;
9033
9034	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9035
9036	mtx_lock(&softc->ctl_lock);
9037	for (targ_lun_id = 0, num_filled = 0;
9038	    targ_lun_id < num_port_luns && num_filled < num_luns;
9039	    targ_lun_id++) {
9040		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9041		if (lun_id == UINT32_MAX)
9042			continue;
9043		lun = softc->ctl_luns[lun_id];
9044		if (lun == NULL)
9045			continue;
9046
9047		be64enc(lun_data->luns[num_filled++].lundata,
9048		    ctl_encode_lun(targ_lun_id));
9049
9050		/*
9051		 * According to SPC-3, rev 14 section 6.21:
9052		 *
9053		 * "The execution of a REPORT LUNS command to any valid and
9054		 * installed logical unit shall clear the REPORTED LUNS DATA
9055		 * HAS CHANGED unit attention condition for all logical
9056		 * units of that target with respect to the requesting
9057		 * initiator. A valid and installed logical unit is one
9058		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9059		 * INQUIRY data (see 6.4.2)."
9060		 *
9061		 * If request_lun is NULL, the LUN this report luns command
9062		 * was issued to is either disabled or doesn't exist. In that
9063		 * case, we shouldn't clear any pending lun change unit
9064		 * attention.
9065		 */
9066		if (request_lun != NULL) {
9067			mtx_lock(&lun->lun_lock);
9068			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9069			mtx_unlock(&lun->lun_lock);
9070		}
9071	}
9072	mtx_unlock(&softc->ctl_lock);
9073
9074	/*
9075	 * It's quite possible that we've returned fewer LUNs than we allocated
9076	 * space for.  Trim it.
9077	 */
9078	lun_datalen = sizeof(*lun_data) +
9079		(num_filled * sizeof(struct scsi_report_luns_lundata));
9080	ctsio->kern_rel_offset = 0;
9081	ctsio->kern_sg_entries = 0;
9082	ctsio->kern_data_len = min(lun_datalen, alloc_len);
9083	ctsio->kern_total_len = ctsio->kern_data_len;
9084
9085	/*
9086	 * We set this to the actual data length, regardless of how much
9087	 * space we actually have to return results.  If the user looks at
9088	 * this value, he'll know whether or not he allocated enough space
9089	 * and reissue the command if necessary.  We don't support well
9090	 * known logical units, so if the user asks for that, return none.
9091	 */
9092	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9093
9094	/*
9095	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9096	 * this request.
9097	 */
9098	ctl_set_success(ctsio);
9099	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9100	ctsio->be_move_done = ctl_config_move_done;
9101	ctl_datamove((union ctl_io *)ctsio);
9102	return (retval);
9103}
9104
9105int
9106ctl_request_sense(struct ctl_scsiio *ctsio)
9107{
9108	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9109	struct ctl_lun *lun = CTL_LUN(ctsio);
9110	struct scsi_request_sense *cdb;
9111	struct scsi_sense_data *sense_ptr;
9112	uint32_t initidx;
9113	int have_error;
9114	u_int sense_len = SSD_FULL_SIZE;
9115	scsi_sense_data_type sense_format;
9116	ctl_ua_type ua_type;
9117	uint8_t asc = 0, ascq = 0;
9118
9119	cdb = (struct scsi_request_sense *)ctsio->cdb;
9120
9121	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9122
9123	/*
9124	 * Determine which sense format the user wants.
9125	 */
9126	if (cdb->byte2 & SRS_DESC)
9127		sense_format = SSD_TYPE_DESC;
9128	else
9129		sense_format = SSD_TYPE_FIXED;
9130
9131	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9132	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9133	ctsio->kern_sg_entries = 0;
9134	ctsio->kern_rel_offset = 0;
9135
9136	/*
9137	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9138	 * larger than the largest allowed value for the length field in the
9139	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9140	 */
9141	ctsio->kern_data_len = cdb->length;
9142	ctsio->kern_total_len = cdb->length;
9143
9144	/*
9145	 * If we don't have a LUN, we don't have any pending sense.
9146	 */
9147	if (lun == NULL ||
9148	    ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
9149	     softc->ha_link < CTL_HA_LINK_UNKNOWN)) {
9150		/* "Logical unit not supported" */
9151		ctl_set_sense_data(sense_ptr, &sense_len, NULL, sense_format,
9152		    /*current_error*/ 1,
9153		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
9154		    /*asc*/ 0x25,
9155		    /*ascq*/ 0x00,
9156		    SSD_ELEM_NONE);
9157		goto send;
9158	}
9159
9160	have_error = 0;
9161	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9162	/*
9163	 * Check for pending sense, and then for pending unit attentions.
9164	 * Pending sense gets returned first, then pending unit attentions.
9165	 */
9166	mtx_lock(&lun->lun_lock);
9167#ifdef CTL_WITH_CA
9168	if (ctl_is_set(lun->have_ca, initidx)) {
9169		scsi_sense_data_type stored_format;
9170
9171		/*
9172		 * Check to see which sense format was used for the stored
9173		 * sense data.
9174		 */
9175		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9176
9177		/*
9178		 * If the user requested a different sense format than the
9179		 * one we stored, then we need to convert it to the other
9180		 * format.  If we're going from descriptor to fixed format
9181		 * sense data, we may lose things in translation, depending
9182		 * on what options were used.
9183		 *
9184		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9185		 * for some reason we'll just copy it out as-is.
9186		 */
9187		if ((stored_format == SSD_TYPE_FIXED)
9188		 && (sense_format == SSD_TYPE_DESC))
9189			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9190			    &lun->pending_sense[initidx],
9191			    (struct scsi_sense_data_desc *)sense_ptr);
9192		else if ((stored_format == SSD_TYPE_DESC)
9193		      && (sense_format == SSD_TYPE_FIXED))
9194			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9195			    &lun->pending_sense[initidx],
9196			    (struct scsi_sense_data_fixed *)sense_ptr);
9197		else
9198			memcpy(sense_ptr, &lun->pending_sense[initidx],
9199			       MIN(sizeof(*sense_ptr),
9200			       sizeof(lun->pending_sense[initidx])));
9201
9202		ctl_clear_mask(lun->have_ca, initidx);
9203		have_error = 1;
9204	} else
9205#endif
9206	if (have_error == 0) {
9207		ua_type = ctl_build_ua(lun, initidx, sense_ptr, &sense_len,
9208		    sense_format);
9209		if (ua_type != CTL_UA_NONE)
9210			have_error = 1;
9211	}
9212	if (have_error == 0) {
9213		/*
9214		 * Report informational exception if have one and allowed.
9215		 */
9216		if (lun->MODE_IE.mrie != SIEP_MRIE_NO) {
9217			asc = lun->ie_asc;
9218			ascq = lun->ie_ascq;
9219		}
9220		ctl_set_sense_data(sense_ptr, &sense_len, lun, sense_format,
9221		    /*current_error*/ 1,
9222		    /*sense_key*/ SSD_KEY_NO_SENSE,
9223		    /*asc*/ asc,
9224		    /*ascq*/ ascq,
9225		    SSD_ELEM_NONE);
9226	}
9227	mtx_unlock(&lun->lun_lock);
9228
9229send:
9230	/*
9231	 * We report the SCSI status as OK, since the status of the command
9232	 * itself is OK.  We're reporting sense as parameter data.
9233	 */
9234	ctl_set_success(ctsio);
9235	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9236	ctsio->be_move_done = ctl_config_move_done;
9237	ctl_datamove((union ctl_io *)ctsio);
9238	return (CTL_RETVAL_COMPLETE);
9239}
9240
9241int
9242ctl_tur(struct ctl_scsiio *ctsio)
9243{
9244
9245	CTL_DEBUG_PRINT(("ctl_tur\n"));
9246
9247	ctl_set_success(ctsio);
9248	ctl_done((union ctl_io *)ctsio);
9249
9250	return (CTL_RETVAL_COMPLETE);
9251}
9252
9253/*
9254 * SCSI VPD page 0x00, the Supported VPD Pages page.
9255 */
9256static int
9257ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9258{
9259	struct ctl_lun *lun = CTL_LUN(ctsio);
9260	struct scsi_vpd_supported_pages *pages;
9261	int sup_page_size;
9262	int p;
9263
9264	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9265	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9266	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9267	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9268	ctsio->kern_rel_offset = 0;
9269	ctsio->kern_sg_entries = 0;
9270	ctsio->kern_data_len = min(sup_page_size, alloc_len);
9271	ctsio->kern_total_len = ctsio->kern_data_len;
9272
9273	/*
9274	 * The control device is always connected.  The disk device, on the
9275	 * other hand, may not be online all the time.  Need to change this
9276	 * to figure out whether the disk device is actually online or not.
9277	 */
9278	if (lun != NULL)
9279		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9280				lun->be_lun->lun_type;
9281	else
9282		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9283
9284	p = 0;
9285	/* Supported VPD pages */
9286	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9287	/* Serial Number */
9288	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9289	/* Device Identification */
9290	pages->page_list[p++] = SVPD_DEVICE_ID;
9291	/* Extended INQUIRY Data */
9292	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9293	/* Mode Page Policy */
9294	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9295	/* SCSI Ports */
9296	pages->page_list[p++] = SVPD_SCSI_PORTS;
9297	/* Third-party Copy */
9298	pages->page_list[p++] = SVPD_SCSI_TPC;
9299	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9300		/* Block limits */
9301		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9302		/* Block Device Characteristics */
9303		pages->page_list[p++] = SVPD_BDC;
9304		/* Logical Block Provisioning */
9305		pages->page_list[p++] = SVPD_LBP;
9306	}
9307	pages->length = p;
9308
9309	ctl_set_success(ctsio);
9310	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9311	ctsio->be_move_done = ctl_config_move_done;
9312	ctl_datamove((union ctl_io *)ctsio);
9313	return (CTL_RETVAL_COMPLETE);
9314}
9315
9316/*
9317 * SCSI VPD page 0x80, the Unit Serial Number page.
9318 */
9319static int
9320ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9321{
9322	struct ctl_lun *lun = CTL_LUN(ctsio);
9323	struct scsi_vpd_unit_serial_number *sn_ptr;
9324	int data_len;
9325
9326	data_len = 4 + CTL_SN_LEN;
9327	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9328	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9329	ctsio->kern_rel_offset = 0;
9330	ctsio->kern_sg_entries = 0;
9331	ctsio->kern_data_len = min(data_len, alloc_len);
9332	ctsio->kern_total_len = ctsio->kern_data_len;
9333
9334	/*
9335	 * The control device is always connected.  The disk device, on the
9336	 * other hand, may not be online all the time.  Need to change this
9337	 * to figure out whether the disk device is actually online or not.
9338	 */
9339	if (lun != NULL)
9340		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9341				  lun->be_lun->lun_type;
9342	else
9343		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9344
9345	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9346	sn_ptr->length = CTL_SN_LEN;
9347	/*
9348	 * If we don't have a LUN, we just leave the serial number as
9349	 * all spaces.
9350	 */
9351	if (lun != NULL) {
9352		strncpy((char *)sn_ptr->serial_num,
9353			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9354	} else
9355		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9356
9357	ctl_set_success(ctsio);
9358	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9359	ctsio->be_move_done = ctl_config_move_done;
9360	ctl_datamove((union ctl_io *)ctsio);
9361	return (CTL_RETVAL_COMPLETE);
9362}
9363
9364
9365/*
9366 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9367 */
9368static int
9369ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9370{
9371	struct ctl_lun *lun = CTL_LUN(ctsio);
9372	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9373	int data_len;
9374
9375	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9376	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9377	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9378	ctsio->kern_sg_entries = 0;
9379	ctsio->kern_rel_offset = 0;
9380	ctsio->kern_data_len = min(data_len, alloc_len);
9381	ctsio->kern_total_len = ctsio->kern_data_len;
9382
9383	/*
9384	 * The control device is always connected.  The disk device, on the
9385	 * other hand, may not be online all the time.
9386	 */
9387	if (lun != NULL)
9388		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9389				     lun->be_lun->lun_type;
9390	else
9391		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9392	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9393	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9394	/*
9395	 * We support head of queue, ordered and simple tags.
9396	 */
9397	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9398	/*
9399	 * Volatile cache supported.
9400	 */
9401	eid_ptr->flags3 = SVPD_EID_V_SUP;
9402
9403	/*
9404	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9405	 * attention for a particular IT nexus on all LUNs once we report
9406	 * it to that nexus once.  This bit is required as of SPC-4.
9407	 */
9408	eid_ptr->flags4 = SVPD_EID_LUICLR;
9409
9410	/*
9411	 * We support revert to defaults (RTD) bit in MODE SELECT.
9412	 */
9413	eid_ptr->flags5 = SVPD_EID_RTD_SUP;
9414
9415	/*
9416	 * XXX KDM in order to correctly answer this, we would need
9417	 * information from the SIM to determine how much sense data it
9418	 * can send.  So this would really be a path inquiry field, most
9419	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9420	 * but the hardware may or may not be able to support that much.
9421	 * 0 just means that the maximum sense data length is not reported.
9422	 */
9423	eid_ptr->max_sense_length = 0;
9424
9425	ctl_set_success(ctsio);
9426	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9427	ctsio->be_move_done = ctl_config_move_done;
9428	ctl_datamove((union ctl_io *)ctsio);
9429	return (CTL_RETVAL_COMPLETE);
9430}
9431
9432static int
9433ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9434{
9435	struct ctl_lun *lun = CTL_LUN(ctsio);
9436	struct scsi_vpd_mode_page_policy *mpp_ptr;
9437	int data_len;
9438
9439	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9440	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9441
9442	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9443	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9444	ctsio->kern_rel_offset = 0;
9445	ctsio->kern_sg_entries = 0;
9446	ctsio->kern_data_len = min(data_len, alloc_len);
9447	ctsio->kern_total_len = ctsio->kern_data_len;
9448
9449	/*
9450	 * The control device is always connected.  The disk device, on the
9451	 * other hand, may not be online all the time.
9452	 */
9453	if (lun != NULL)
9454		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9455				     lun->be_lun->lun_type;
9456	else
9457		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9458	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9459	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9460	mpp_ptr->descr[0].page_code = 0x3f;
9461	mpp_ptr->descr[0].subpage_code = 0xff;
9462	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9463
9464	ctl_set_success(ctsio);
9465	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9466	ctsio->be_move_done = ctl_config_move_done;
9467	ctl_datamove((union ctl_io *)ctsio);
9468	return (CTL_RETVAL_COMPLETE);
9469}
9470
9471/*
9472 * SCSI VPD page 0x83, the Device Identification page.
9473 */
9474static int
9475ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9476{
9477	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9478	struct ctl_port *port = CTL_PORT(ctsio);
9479	struct ctl_lun *lun = CTL_LUN(ctsio);
9480	struct scsi_vpd_device_id *devid_ptr;
9481	struct scsi_vpd_id_descriptor *desc;
9482	int data_len, g;
9483	uint8_t proto;
9484
9485	data_len = sizeof(struct scsi_vpd_device_id) +
9486	    sizeof(struct scsi_vpd_id_descriptor) +
9487		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9488	    sizeof(struct scsi_vpd_id_descriptor) +
9489		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9490	if (lun && lun->lun_devid)
9491		data_len += lun->lun_devid->len;
9492	if (port && port->port_devid)
9493		data_len += port->port_devid->len;
9494	if (port && port->target_devid)
9495		data_len += port->target_devid->len;
9496
9497	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9498	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9499	ctsio->kern_sg_entries = 0;
9500	ctsio->kern_rel_offset = 0;
9501	ctsio->kern_sg_entries = 0;
9502	ctsio->kern_data_len = min(data_len, alloc_len);
9503	ctsio->kern_total_len = ctsio->kern_data_len;
9504
9505	/*
9506	 * The control device is always connected.  The disk device, on the
9507	 * other hand, may not be online all the time.
9508	 */
9509	if (lun != NULL)
9510		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9511				     lun->be_lun->lun_type;
9512	else
9513		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9514	devid_ptr->page_code = SVPD_DEVICE_ID;
9515	scsi_ulto2b(data_len - 4, devid_ptr->length);
9516
9517	if (port && port->port_type == CTL_PORT_FC)
9518		proto = SCSI_PROTO_FC << 4;
9519	else if (port && port->port_type == CTL_PORT_ISCSI)
9520		proto = SCSI_PROTO_ISCSI << 4;
9521	else
9522		proto = SCSI_PROTO_SPI << 4;
9523	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9524
9525	/*
9526	 * We're using a LUN association here.  i.e., this device ID is a
9527	 * per-LUN identifier.
9528	 */
9529	if (lun && lun->lun_devid) {
9530		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9531		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9532		    lun->lun_devid->len);
9533	}
9534
9535	/*
9536	 * This is for the WWPN which is a port association.
9537	 */
9538	if (port && port->port_devid) {
9539		memcpy(desc, port->port_devid->data, port->port_devid->len);
9540		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9541		    port->port_devid->len);
9542	}
9543
9544	/*
9545	 * This is for the Relative Target Port(type 4h) identifier
9546	 */
9547	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9548	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9549	    SVPD_ID_TYPE_RELTARG;
9550	desc->length = 4;
9551	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9552	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9553	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9554
9555	/*
9556	 * This is for the Target Port Group(type 5h) identifier
9557	 */
9558	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9559	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9560	    SVPD_ID_TYPE_TPORTGRP;
9561	desc->length = 4;
9562	if (softc->is_single ||
9563	    (port && port->status & CTL_PORT_STATUS_HA_SHARED))
9564		g = 1;
9565	else
9566		g = 2 + ctsio->io_hdr.nexus.targ_port / softc->port_cnt;
9567	scsi_ulto2b(g, &desc->identifier[2]);
9568	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9569	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9570
9571	/*
9572	 * This is for the Target identifier
9573	 */
9574	if (port && port->target_devid) {
9575		memcpy(desc, port->target_devid->data, port->target_devid->len);
9576	}
9577
9578	ctl_set_success(ctsio);
9579	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9580	ctsio->be_move_done = ctl_config_move_done;
9581	ctl_datamove((union ctl_io *)ctsio);
9582	return (CTL_RETVAL_COMPLETE);
9583}
9584
9585static int
9586ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9587{
9588	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9589	struct ctl_lun *lun = CTL_LUN(ctsio);
9590	struct scsi_vpd_scsi_ports *sp;
9591	struct scsi_vpd_port_designation *pd;
9592	struct scsi_vpd_port_designation_cont *pdc;
9593	struct ctl_port *port;
9594	int data_len, num_target_ports, iid_len, id_len;
9595
9596	num_target_ports = 0;
9597	iid_len = 0;
9598	id_len = 0;
9599	mtx_lock(&softc->ctl_lock);
9600	STAILQ_FOREACH(port, &softc->port_list, links) {
9601		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9602			continue;
9603		if (lun != NULL &&
9604		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
9605			continue;
9606		num_target_ports++;
9607		if (port->init_devid)
9608			iid_len += port->init_devid->len;
9609		if (port->port_devid)
9610			id_len += port->port_devid->len;
9611	}
9612	mtx_unlock(&softc->ctl_lock);
9613
9614	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9615	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9616	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9617	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9618	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9619	ctsio->kern_sg_entries = 0;
9620	ctsio->kern_rel_offset = 0;
9621	ctsio->kern_sg_entries = 0;
9622	ctsio->kern_data_len = min(data_len, alloc_len);
9623	ctsio->kern_total_len = ctsio->kern_data_len;
9624
9625	/*
9626	 * The control device is always connected.  The disk device, on the
9627	 * other hand, may not be online all the time.  Need to change this
9628	 * to figure out whether the disk device is actually online or not.
9629	 */
9630	if (lun != NULL)
9631		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9632				  lun->be_lun->lun_type;
9633	else
9634		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9635
9636	sp->page_code = SVPD_SCSI_PORTS;
9637	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9638	    sp->page_length);
9639	pd = &sp->design[0];
9640
9641	mtx_lock(&softc->ctl_lock);
9642	STAILQ_FOREACH(port, &softc->port_list, links) {
9643		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9644			continue;
9645		if (lun != NULL &&
9646		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
9647			continue;
9648		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9649		if (port->init_devid) {
9650			iid_len = port->init_devid->len;
9651			memcpy(pd->initiator_transportid,
9652			    port->init_devid->data, port->init_devid->len);
9653		} else
9654			iid_len = 0;
9655		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9656		pdc = (struct scsi_vpd_port_designation_cont *)
9657		    (&pd->initiator_transportid[iid_len]);
9658		if (port->port_devid) {
9659			id_len = port->port_devid->len;
9660			memcpy(pdc->target_port_descriptors,
9661			    port->port_devid->data, port->port_devid->len);
9662		} else
9663			id_len = 0;
9664		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9665		pd = (struct scsi_vpd_port_designation *)
9666		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9667	}
9668	mtx_unlock(&softc->ctl_lock);
9669
9670	ctl_set_success(ctsio);
9671	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9672	ctsio->be_move_done = ctl_config_move_done;
9673	ctl_datamove((union ctl_io *)ctsio);
9674	return (CTL_RETVAL_COMPLETE);
9675}
9676
9677static int
9678ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9679{
9680	struct ctl_lun *lun = CTL_LUN(ctsio);
9681	struct scsi_vpd_block_limits *bl_ptr;
9682	uint64_t ival;
9683
9684	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9685	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9686	ctsio->kern_sg_entries = 0;
9687	ctsio->kern_rel_offset = 0;
9688	ctsio->kern_sg_entries = 0;
9689	ctsio->kern_data_len = min(sizeof(*bl_ptr), alloc_len);
9690	ctsio->kern_total_len = ctsio->kern_data_len;
9691
9692	/*
9693	 * The control device is always connected.  The disk device, on the
9694	 * other hand, may not be online all the time.  Need to change this
9695	 * to figure out whether the disk device is actually online or not.
9696	 */
9697	if (lun != NULL)
9698		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9699				  lun->be_lun->lun_type;
9700	else
9701		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9702
9703	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9704	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9705	bl_ptr->max_cmp_write_len = 0xff;
9706	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9707	if (lun != NULL) {
9708		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9709		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9710			ival = 0xffffffff;
9711			ctl_get_opt_number(&lun->be_lun->options,
9712			    "unmap_max_lba", &ival);
9713			scsi_ulto4b(ival, bl_ptr->max_unmap_lba_cnt);
9714			ival = 0xffffffff;
9715			ctl_get_opt_number(&lun->be_lun->options,
9716			    "unmap_max_descr", &ival);
9717			scsi_ulto4b(ival, bl_ptr->max_unmap_blk_cnt);
9718			if (lun->be_lun->ublockexp != 0) {
9719				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9720				    bl_ptr->opt_unmap_grain);
9721				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9722				    bl_ptr->unmap_grain_align);
9723			}
9724		}
9725		scsi_ulto4b(lun->be_lun->atomicblock,
9726		    bl_ptr->max_atomic_transfer_length);
9727		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9728		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9729		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9730		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9731		ival = UINT64_MAX;
9732		ctl_get_opt_number(&lun->be_lun->options, "write_same_max_lba", &ival);
9733		scsi_u64to8b(ival, bl_ptr->max_write_same_length);
9734	}
9735
9736	ctl_set_success(ctsio);
9737	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9738	ctsio->be_move_done = ctl_config_move_done;
9739	ctl_datamove((union ctl_io *)ctsio);
9740	return (CTL_RETVAL_COMPLETE);
9741}
9742
9743static int
9744ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9745{
9746	struct ctl_lun *lun = CTL_LUN(ctsio);
9747	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9748	const char *value;
9749	u_int i;
9750
9751	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9752	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9753	ctsio->kern_sg_entries = 0;
9754	ctsio->kern_rel_offset = 0;
9755	ctsio->kern_data_len = min(sizeof(*bdc_ptr), alloc_len);
9756	ctsio->kern_total_len = ctsio->kern_data_len;
9757
9758	/*
9759	 * The control device is always connected.  The disk device, on the
9760	 * other hand, may not be online all the time.  Need to change this
9761	 * to figure out whether the disk device is actually online or not.
9762	 */
9763	if (lun != NULL)
9764		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9765				  lun->be_lun->lun_type;
9766	else
9767		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9768	bdc_ptr->page_code = SVPD_BDC;
9769	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9770	if (lun != NULL &&
9771	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9772		i = strtol(value, NULL, 0);
9773	else
9774		i = CTL_DEFAULT_ROTATION_RATE;
9775	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9776	if (lun != NULL &&
9777	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9778		i = strtol(value, NULL, 0);
9779	else
9780		i = 0;
9781	bdc_ptr->wab_wac_ff = (i & 0x0f);
9782	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9783
9784	ctl_set_success(ctsio);
9785	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9786	ctsio->be_move_done = ctl_config_move_done;
9787	ctl_datamove((union ctl_io *)ctsio);
9788	return (CTL_RETVAL_COMPLETE);
9789}
9790
9791static int
9792ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9793{
9794	struct ctl_lun *lun = CTL_LUN(ctsio);
9795	struct scsi_vpd_logical_block_prov *lbp_ptr;
9796	const char *value;
9797
9798	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9799	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9800	ctsio->kern_sg_entries = 0;
9801	ctsio->kern_rel_offset = 0;
9802	ctsio->kern_data_len = min(sizeof(*lbp_ptr), alloc_len);
9803	ctsio->kern_total_len = ctsio->kern_data_len;
9804
9805	/*
9806	 * The control device is always connected.  The disk device, on the
9807	 * other hand, may not be online all the time.  Need to change this
9808	 * to figure out whether the disk device is actually online or not.
9809	 */
9810	if (lun != NULL)
9811		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9812				  lun->be_lun->lun_type;
9813	else
9814		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9815
9816	lbp_ptr->page_code = SVPD_LBP;
9817	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9818	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9819	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9820		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9821		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9822		value = ctl_get_opt(&lun->be_lun->options, "provisioning_type");
9823		if (value != NULL) {
9824			if (strcmp(value, "resource") == 0)
9825				lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
9826			else if (strcmp(value, "thin") == 0)
9827				lbp_ptr->prov_type = SVPD_LBP_THIN;
9828		} else
9829			lbp_ptr->prov_type = SVPD_LBP_THIN;
9830	}
9831
9832	ctl_set_success(ctsio);
9833	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9834	ctsio->be_move_done = ctl_config_move_done;
9835	ctl_datamove((union ctl_io *)ctsio);
9836	return (CTL_RETVAL_COMPLETE);
9837}
9838
9839/*
9840 * INQUIRY with the EVPD bit set.
9841 */
9842static int
9843ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9844{
9845	struct ctl_lun *lun = CTL_LUN(ctsio);
9846	struct scsi_inquiry *cdb;
9847	int alloc_len, retval;
9848
9849	cdb = (struct scsi_inquiry *)ctsio->cdb;
9850	alloc_len = scsi_2btoul(cdb->length);
9851
9852	switch (cdb->page_code) {
9853	case SVPD_SUPPORTED_PAGES:
9854		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9855		break;
9856	case SVPD_UNIT_SERIAL_NUMBER:
9857		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9858		break;
9859	case SVPD_DEVICE_ID:
9860		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9861		break;
9862	case SVPD_EXTENDED_INQUIRY_DATA:
9863		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9864		break;
9865	case SVPD_MODE_PAGE_POLICY:
9866		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9867		break;
9868	case SVPD_SCSI_PORTS:
9869		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9870		break;
9871	case SVPD_SCSI_TPC:
9872		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9873		break;
9874	case SVPD_BLOCK_LIMITS:
9875		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9876			goto err;
9877		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9878		break;
9879	case SVPD_BDC:
9880		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9881			goto err;
9882		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9883		break;
9884	case SVPD_LBP:
9885		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9886			goto err;
9887		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9888		break;
9889	default:
9890err:
9891		ctl_set_invalid_field(ctsio,
9892				      /*sks_valid*/ 1,
9893				      /*command*/ 1,
9894				      /*field*/ 2,
9895				      /*bit_valid*/ 0,
9896				      /*bit*/ 0);
9897		ctl_done((union ctl_io *)ctsio);
9898		retval = CTL_RETVAL_COMPLETE;
9899		break;
9900	}
9901
9902	return (retval);
9903}
9904
9905/*
9906 * Standard INQUIRY data.
9907 */
9908static int
9909ctl_inquiry_std(struct ctl_scsiio *ctsio)
9910{
9911	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9912	struct ctl_port *port = CTL_PORT(ctsio);
9913	struct ctl_lun *lun = CTL_LUN(ctsio);
9914	struct scsi_inquiry_data *inq_ptr;
9915	struct scsi_inquiry *cdb;
9916	char *val;
9917	uint32_t alloc_len, data_len;
9918	ctl_port_type port_type;
9919
9920	port_type = port->port_type;
9921	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
9922		port_type = CTL_PORT_SCSI;
9923
9924	cdb = (struct scsi_inquiry *)ctsio->cdb;
9925	alloc_len = scsi_2btoul(cdb->length);
9926
9927	/*
9928	 * We malloc the full inquiry data size here and fill it
9929	 * in.  If the user only asks for less, we'll give him
9930	 * that much.
9931	 */
9932	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
9933	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9934	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
9935	ctsio->kern_sg_entries = 0;
9936	ctsio->kern_rel_offset = 0;
9937	ctsio->kern_data_len = min(data_len, alloc_len);
9938	ctsio->kern_total_len = ctsio->kern_data_len;
9939
9940	if (lun != NULL) {
9941		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
9942		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
9943			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9944			    lun->be_lun->lun_type;
9945		} else {
9946			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
9947			    lun->be_lun->lun_type;
9948		}
9949		if (lun->flags & CTL_LUN_REMOVABLE)
9950			inq_ptr->dev_qual2 |= SID_RMB;
9951	} else
9952		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
9953
9954	/* RMB in byte 2 is 0 */
9955	inq_ptr->version = SCSI_REV_SPC5;
9956
9957	/*
9958	 * According to SAM-3, even if a device only supports a single
9959	 * level of LUN addressing, it should still set the HISUP bit:
9960	 *
9961	 * 4.9.1 Logical unit numbers overview
9962	 *
9963	 * All logical unit number formats described in this standard are
9964	 * hierarchical in structure even when only a single level in that
9965	 * hierarchy is used. The HISUP bit shall be set to one in the
9966	 * standard INQUIRY data (see SPC-2) when any logical unit number
9967	 * format described in this standard is used.  Non-hierarchical
9968	 * formats are outside the scope of this standard.
9969	 *
9970	 * Therefore we set the HiSup bit here.
9971	 *
9972	 * The response format is 2, per SPC-3.
9973	 */
9974	inq_ptr->response_format = SID_HiSup | 2;
9975
9976	inq_ptr->additional_length = data_len -
9977	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
9978	CTL_DEBUG_PRINT(("additional_length = %d\n",
9979			 inq_ptr->additional_length));
9980
9981	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
9982	if (port_type == CTL_PORT_SCSI)
9983		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
9984	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
9985	inq_ptr->flags = SID_CmdQue;
9986	if (port_type == CTL_PORT_SCSI)
9987		inq_ptr->flags |= SID_WBus16 | SID_Sync;
9988
9989	/*
9990	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
9991	 * We have 8 bytes for the vendor name, and 16 bytes for the device
9992	 * name and 4 bytes for the revision.
9993	 */
9994	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
9995	    "vendor")) == NULL) {
9996		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
9997	} else {
9998		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
9999		strncpy(inq_ptr->vendor, val,
10000		    min(sizeof(inq_ptr->vendor), strlen(val)));
10001	}
10002	if (lun == NULL) {
10003		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10004		    sizeof(inq_ptr->product));
10005	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10006		switch (lun->be_lun->lun_type) {
10007		case T_DIRECT:
10008			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10009			    sizeof(inq_ptr->product));
10010			break;
10011		case T_PROCESSOR:
10012			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10013			    sizeof(inq_ptr->product));
10014			break;
10015		case T_CDROM:
10016			strncpy(inq_ptr->product, CTL_CDROM_PRODUCT,
10017			    sizeof(inq_ptr->product));
10018			break;
10019		default:
10020			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10021			    sizeof(inq_ptr->product));
10022			break;
10023		}
10024	} else {
10025		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10026		strncpy(inq_ptr->product, val,
10027		    min(sizeof(inq_ptr->product), strlen(val)));
10028	}
10029
10030	/*
10031	 * XXX make this a macro somewhere so it automatically gets
10032	 * incremented when we make changes.
10033	 */
10034	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10035	    "revision")) == NULL) {
10036		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10037	} else {
10038		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10039		strncpy(inq_ptr->revision, val,
10040		    min(sizeof(inq_ptr->revision), strlen(val)));
10041	}
10042
10043	/*
10044	 * For parallel SCSI, we support double transition and single
10045	 * transition clocking.  We also support QAS (Quick Arbitration
10046	 * and Selection) and Information Unit transfers on both the
10047	 * control and array devices.
10048	 */
10049	if (port_type == CTL_PORT_SCSI)
10050		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10051				    SID_SPI_IUS;
10052
10053	/* SAM-6 (no version claimed) */
10054	scsi_ulto2b(0x00C0, inq_ptr->version1);
10055	/* SPC-5 (no version claimed) */
10056	scsi_ulto2b(0x05C0, inq_ptr->version2);
10057	if (port_type == CTL_PORT_FC) {
10058		/* FCP-2 ANSI INCITS.350:2003 */
10059		scsi_ulto2b(0x0917, inq_ptr->version3);
10060	} else if (port_type == CTL_PORT_SCSI) {
10061		/* SPI-4 ANSI INCITS.362:200x */
10062		scsi_ulto2b(0x0B56, inq_ptr->version3);
10063	} else if (port_type == CTL_PORT_ISCSI) {
10064		/* iSCSI (no version claimed) */
10065		scsi_ulto2b(0x0960, inq_ptr->version3);
10066	} else if (port_type == CTL_PORT_SAS) {
10067		/* SAS (no version claimed) */
10068		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10069	}
10070
10071	if (lun == NULL) {
10072		/* SBC-4 (no version claimed) */
10073		scsi_ulto2b(0x0600, inq_ptr->version4);
10074	} else {
10075		switch (lun->be_lun->lun_type) {
10076		case T_DIRECT:
10077			/* SBC-4 (no version claimed) */
10078			scsi_ulto2b(0x0600, inq_ptr->version4);
10079			break;
10080		case T_PROCESSOR:
10081			break;
10082		case T_CDROM:
10083			/* MMC-6 (no version claimed) */
10084			scsi_ulto2b(0x04E0, inq_ptr->version4);
10085			break;
10086		default:
10087			break;
10088		}
10089	}
10090
10091	ctl_set_success(ctsio);
10092	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10093	ctsio->be_move_done = ctl_config_move_done;
10094	ctl_datamove((union ctl_io *)ctsio);
10095	return (CTL_RETVAL_COMPLETE);
10096}
10097
10098int
10099ctl_inquiry(struct ctl_scsiio *ctsio)
10100{
10101	struct scsi_inquiry *cdb;
10102	int retval;
10103
10104	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10105
10106	cdb = (struct scsi_inquiry *)ctsio->cdb;
10107	if (cdb->byte2 & SI_EVPD)
10108		retval = ctl_inquiry_evpd(ctsio);
10109	else if (cdb->page_code == 0)
10110		retval = ctl_inquiry_std(ctsio);
10111	else {
10112		ctl_set_invalid_field(ctsio,
10113				      /*sks_valid*/ 1,
10114				      /*command*/ 1,
10115				      /*field*/ 2,
10116				      /*bit_valid*/ 0,
10117				      /*bit*/ 0);
10118		ctl_done((union ctl_io *)ctsio);
10119		return (CTL_RETVAL_COMPLETE);
10120	}
10121
10122	return (retval);
10123}
10124
10125int
10126ctl_get_config(struct ctl_scsiio *ctsio)
10127{
10128	struct ctl_lun *lun = CTL_LUN(ctsio);
10129	struct scsi_get_config_header *hdr;
10130	struct scsi_get_config_feature *feature;
10131	struct scsi_get_config *cdb;
10132	uint32_t alloc_len, data_len;
10133	int rt, starting;
10134
10135	cdb = (struct scsi_get_config *)ctsio->cdb;
10136	rt = (cdb->rt & SGC_RT_MASK);
10137	starting = scsi_2btoul(cdb->starting_feature);
10138	alloc_len = scsi_2btoul(cdb->length);
10139
10140	data_len = sizeof(struct scsi_get_config_header) +
10141	    sizeof(struct scsi_get_config_feature) + 8 +
10142	    sizeof(struct scsi_get_config_feature) + 8 +
10143	    sizeof(struct scsi_get_config_feature) + 4 +
10144	    sizeof(struct scsi_get_config_feature) + 4 +
10145	    sizeof(struct scsi_get_config_feature) + 8 +
10146	    sizeof(struct scsi_get_config_feature) +
10147	    sizeof(struct scsi_get_config_feature) + 4 +
10148	    sizeof(struct scsi_get_config_feature) + 4 +
10149	    sizeof(struct scsi_get_config_feature) + 4 +
10150	    sizeof(struct scsi_get_config_feature) + 4 +
10151	    sizeof(struct scsi_get_config_feature) + 4 +
10152	    sizeof(struct scsi_get_config_feature) + 4;
10153	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10154	ctsio->kern_sg_entries = 0;
10155	ctsio->kern_rel_offset = 0;
10156
10157	hdr = (struct scsi_get_config_header *)ctsio->kern_data_ptr;
10158	if (lun->flags & CTL_LUN_NO_MEDIA)
10159		scsi_ulto2b(0x0000, hdr->current_profile);
10160	else
10161		scsi_ulto2b(0x0010, hdr->current_profile);
10162	feature = (struct scsi_get_config_feature *)(hdr + 1);
10163
10164	if (starting > 0x003b)
10165		goto done;
10166	if (starting > 0x003a)
10167		goto f3b;
10168	if (starting > 0x002b)
10169		goto f3a;
10170	if (starting > 0x002a)
10171		goto f2b;
10172	if (starting > 0x001f)
10173		goto f2a;
10174	if (starting > 0x001e)
10175		goto f1f;
10176	if (starting > 0x001d)
10177		goto f1e;
10178	if (starting > 0x0010)
10179		goto f1d;
10180	if (starting > 0x0003)
10181		goto f10;
10182	if (starting > 0x0002)
10183		goto f3;
10184	if (starting > 0x0001)
10185		goto f2;
10186	if (starting > 0x0000)
10187		goto f1;
10188
10189	/* Profile List */
10190	scsi_ulto2b(0x0000, feature->feature_code);
10191	feature->flags = SGC_F_PERSISTENT | SGC_F_CURRENT;
10192	feature->add_length = 8;
10193	scsi_ulto2b(0x0008, &feature->feature_data[0]);	/* CD-ROM */
10194	feature->feature_data[2] = 0x00;
10195	scsi_ulto2b(0x0010, &feature->feature_data[4]);	/* DVD-ROM */
10196	feature->feature_data[6] = 0x01;
10197	feature = (struct scsi_get_config_feature *)
10198	    &feature->feature_data[feature->add_length];
10199
10200f1:	/* Core */
10201	scsi_ulto2b(0x0001, feature->feature_code);
10202	feature->flags = 0x08 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10203	feature->add_length = 8;
10204	scsi_ulto4b(0x00000000, &feature->feature_data[0]);
10205	feature->feature_data[4] = 0x03;
10206	feature = (struct scsi_get_config_feature *)
10207	    &feature->feature_data[feature->add_length];
10208
10209f2:	/* Morphing */
10210	scsi_ulto2b(0x0002, feature->feature_code);
10211	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10212	feature->add_length = 4;
10213	feature->feature_data[0] = 0x02;
10214	feature = (struct scsi_get_config_feature *)
10215	    &feature->feature_data[feature->add_length];
10216
10217f3:	/* Removable Medium */
10218	scsi_ulto2b(0x0003, feature->feature_code);
10219	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10220	feature->add_length = 4;
10221	feature->feature_data[0] = 0x39;
10222	feature = (struct scsi_get_config_feature *)
10223	    &feature->feature_data[feature->add_length];
10224
10225	if (rt == SGC_RT_CURRENT && (lun->flags & CTL_LUN_NO_MEDIA))
10226		goto done;
10227
10228f10:	/* Random Read */
10229	scsi_ulto2b(0x0010, feature->feature_code);
10230	feature->flags = 0x00;
10231	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10232		feature->flags |= SGC_F_CURRENT;
10233	feature->add_length = 8;
10234	scsi_ulto4b(lun->be_lun->blocksize, &feature->feature_data[0]);
10235	scsi_ulto2b(1, &feature->feature_data[4]);
10236	feature->feature_data[6] = 0x00;
10237	feature = (struct scsi_get_config_feature *)
10238	    &feature->feature_data[feature->add_length];
10239
10240f1d:	/* Multi-Read */
10241	scsi_ulto2b(0x001D, feature->feature_code);
10242	feature->flags = 0x00;
10243	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10244		feature->flags |= SGC_F_CURRENT;
10245	feature->add_length = 0;
10246	feature = (struct scsi_get_config_feature *)
10247	    &feature->feature_data[feature->add_length];
10248
10249f1e:	/* CD Read */
10250	scsi_ulto2b(0x001E, feature->feature_code);
10251	feature->flags = 0x00;
10252	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10253		feature->flags |= SGC_F_CURRENT;
10254	feature->add_length = 4;
10255	feature->feature_data[0] = 0x00;
10256	feature = (struct scsi_get_config_feature *)
10257	    &feature->feature_data[feature->add_length];
10258
10259f1f:	/* DVD Read */
10260	scsi_ulto2b(0x001F, feature->feature_code);
10261	feature->flags = 0x08;
10262	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10263		feature->flags |= SGC_F_CURRENT;
10264	feature->add_length = 4;
10265	feature->feature_data[0] = 0x01;
10266	feature->feature_data[2] = 0x03;
10267	feature = (struct scsi_get_config_feature *)
10268	    &feature->feature_data[feature->add_length];
10269
10270f2a:	/* DVD+RW */
10271	scsi_ulto2b(0x002A, feature->feature_code);
10272	feature->flags = 0x04;
10273	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10274		feature->flags |= SGC_F_CURRENT;
10275	feature->add_length = 4;
10276	feature->feature_data[0] = 0x00;
10277	feature->feature_data[1] = 0x00;
10278	feature = (struct scsi_get_config_feature *)
10279	    &feature->feature_data[feature->add_length];
10280
10281f2b:	/* DVD+R */
10282	scsi_ulto2b(0x002B, feature->feature_code);
10283	feature->flags = 0x00;
10284	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10285		feature->flags |= SGC_F_CURRENT;
10286	feature->add_length = 4;
10287	feature->feature_data[0] = 0x00;
10288	feature = (struct scsi_get_config_feature *)
10289	    &feature->feature_data[feature->add_length];
10290
10291f3a:	/* DVD+RW Dual Layer */
10292	scsi_ulto2b(0x003A, feature->feature_code);
10293	feature->flags = 0x00;
10294	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10295		feature->flags |= SGC_F_CURRENT;
10296	feature->add_length = 4;
10297	feature->feature_data[0] = 0x00;
10298	feature->feature_data[1] = 0x00;
10299	feature = (struct scsi_get_config_feature *)
10300	    &feature->feature_data[feature->add_length];
10301
10302f3b:	/* DVD+R Dual Layer */
10303	scsi_ulto2b(0x003B, feature->feature_code);
10304	feature->flags = 0x00;
10305	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10306		feature->flags |= SGC_F_CURRENT;
10307	feature->add_length = 4;
10308	feature->feature_data[0] = 0x00;
10309	feature = (struct scsi_get_config_feature *)
10310	    &feature->feature_data[feature->add_length];
10311
10312done:
10313	data_len = (uint8_t *)feature - (uint8_t *)hdr;
10314	if (rt == SGC_RT_SPECIFIC && data_len > 4) {
10315		feature = (struct scsi_get_config_feature *)(hdr + 1);
10316		if (scsi_2btoul(feature->feature_code) == starting)
10317			feature = (struct scsi_get_config_feature *)
10318			    &feature->feature_data[feature->add_length];
10319		data_len = (uint8_t *)feature - (uint8_t *)hdr;
10320	}
10321	scsi_ulto4b(data_len - 4, hdr->data_length);
10322	ctsio->kern_data_len = min(data_len, alloc_len);
10323	ctsio->kern_total_len = ctsio->kern_data_len;
10324
10325	ctl_set_success(ctsio);
10326	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10327	ctsio->be_move_done = ctl_config_move_done;
10328	ctl_datamove((union ctl_io *)ctsio);
10329	return (CTL_RETVAL_COMPLETE);
10330}
10331
10332int
10333ctl_get_event_status(struct ctl_scsiio *ctsio)
10334{
10335	struct scsi_get_event_status_header *hdr;
10336	struct scsi_get_event_status *cdb;
10337	uint32_t alloc_len, data_len;
10338	int notif_class;
10339
10340	cdb = (struct scsi_get_event_status *)ctsio->cdb;
10341	if ((cdb->byte2 & SGESN_POLLED) == 0) {
10342		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
10343		    /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
10344		ctl_done((union ctl_io *)ctsio);
10345		return (CTL_RETVAL_COMPLETE);
10346	}
10347	notif_class = cdb->notif_class;
10348	alloc_len = scsi_2btoul(cdb->length);
10349
10350	data_len = sizeof(struct scsi_get_event_status_header);
10351	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10352	ctsio->kern_sg_entries = 0;
10353	ctsio->kern_rel_offset = 0;
10354	ctsio->kern_data_len = min(data_len, alloc_len);
10355	ctsio->kern_total_len = ctsio->kern_data_len;
10356
10357	hdr = (struct scsi_get_event_status_header *)ctsio->kern_data_ptr;
10358	scsi_ulto2b(0, hdr->descr_length);
10359	hdr->nea_class = SGESN_NEA;
10360	hdr->supported_class = 0;
10361
10362	ctl_set_success(ctsio);
10363	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10364	ctsio->be_move_done = ctl_config_move_done;
10365	ctl_datamove((union ctl_io *)ctsio);
10366	return (CTL_RETVAL_COMPLETE);
10367}
10368
10369int
10370ctl_mechanism_status(struct ctl_scsiio *ctsio)
10371{
10372	struct scsi_mechanism_status_header *hdr;
10373	struct scsi_mechanism_status *cdb;
10374	uint32_t alloc_len, data_len;
10375
10376	cdb = (struct scsi_mechanism_status *)ctsio->cdb;
10377	alloc_len = scsi_2btoul(cdb->length);
10378
10379	data_len = sizeof(struct scsi_mechanism_status_header);
10380	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10381	ctsio->kern_sg_entries = 0;
10382	ctsio->kern_rel_offset = 0;
10383	ctsio->kern_data_len = min(data_len, alloc_len);
10384	ctsio->kern_total_len = ctsio->kern_data_len;
10385
10386	hdr = (struct scsi_mechanism_status_header *)ctsio->kern_data_ptr;
10387	hdr->state1 = 0x00;
10388	hdr->state2 = 0xe0;
10389	scsi_ulto3b(0, hdr->lba);
10390	hdr->slots_num = 0;
10391	scsi_ulto2b(0, hdr->slots_length);
10392
10393	ctl_set_success(ctsio);
10394	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10395	ctsio->be_move_done = ctl_config_move_done;
10396	ctl_datamove((union ctl_io *)ctsio);
10397	return (CTL_RETVAL_COMPLETE);
10398}
10399
10400static void
10401ctl_ultomsf(uint32_t lba, uint8_t *buf)
10402{
10403
10404	lba += 150;
10405	buf[0] = 0;
10406	buf[1] = bin2bcd((lba / 75) / 60);
10407	buf[2] = bin2bcd((lba / 75) % 60);
10408	buf[3] = bin2bcd(lba % 75);
10409}
10410
10411int
10412ctl_read_toc(struct ctl_scsiio *ctsio)
10413{
10414	struct ctl_lun *lun = CTL_LUN(ctsio);
10415	struct scsi_read_toc_hdr *hdr;
10416	struct scsi_read_toc_type01_descr *descr;
10417	struct scsi_read_toc *cdb;
10418	uint32_t alloc_len, data_len;
10419	int format, msf;
10420
10421	cdb = (struct scsi_read_toc *)ctsio->cdb;
10422	msf = (cdb->byte2 & CD_MSF) != 0;
10423	format = cdb->format;
10424	alloc_len = scsi_2btoul(cdb->data_len);
10425
10426	data_len = sizeof(struct scsi_read_toc_hdr);
10427	if (format == 0)
10428		data_len += 2 * sizeof(struct scsi_read_toc_type01_descr);
10429	else
10430		data_len += sizeof(struct scsi_read_toc_type01_descr);
10431	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10432	ctsio->kern_sg_entries = 0;
10433	ctsio->kern_rel_offset = 0;
10434	ctsio->kern_data_len = min(data_len, alloc_len);
10435	ctsio->kern_total_len = ctsio->kern_data_len;
10436
10437	hdr = (struct scsi_read_toc_hdr *)ctsio->kern_data_ptr;
10438	if (format == 0) {
10439		scsi_ulto2b(0x12, hdr->data_length);
10440		hdr->first = 1;
10441		hdr->last = 1;
10442		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10443		descr->addr_ctl = 0x14;
10444		descr->track_number = 1;
10445		if (msf)
10446			ctl_ultomsf(0, descr->track_start);
10447		else
10448			scsi_ulto4b(0, descr->track_start);
10449		descr++;
10450		descr->addr_ctl = 0x14;
10451		descr->track_number = 0xaa;
10452		if (msf)
10453			ctl_ultomsf(lun->be_lun->maxlba+1, descr->track_start);
10454		else
10455			scsi_ulto4b(lun->be_lun->maxlba+1, descr->track_start);
10456	} else {
10457		scsi_ulto2b(0x0a, hdr->data_length);
10458		hdr->first = 1;
10459		hdr->last = 1;
10460		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10461		descr->addr_ctl = 0x14;
10462		descr->track_number = 1;
10463		if (msf)
10464			ctl_ultomsf(0, descr->track_start);
10465		else
10466			scsi_ulto4b(0, descr->track_start);
10467	}
10468
10469	ctl_set_success(ctsio);
10470	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10471	ctsio->be_move_done = ctl_config_move_done;
10472	ctl_datamove((union ctl_io *)ctsio);
10473	return (CTL_RETVAL_COMPLETE);
10474}
10475
10476/*
10477 * For known CDB types, parse the LBA and length.
10478 */
10479static int
10480ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10481{
10482	if (io->io_hdr.io_type != CTL_IO_SCSI)
10483		return (1);
10484
10485	switch (io->scsiio.cdb[0]) {
10486	case COMPARE_AND_WRITE: {
10487		struct scsi_compare_and_write *cdb;
10488
10489		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10490
10491		*lba = scsi_8btou64(cdb->addr);
10492		*len = cdb->length;
10493		break;
10494	}
10495	case READ_6:
10496	case WRITE_6: {
10497		struct scsi_rw_6 *cdb;
10498
10499		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10500
10501		*lba = scsi_3btoul(cdb->addr);
10502		/* only 5 bits are valid in the most significant address byte */
10503		*lba &= 0x1fffff;
10504		*len = cdb->length;
10505		break;
10506	}
10507	case READ_10:
10508	case WRITE_10: {
10509		struct scsi_rw_10 *cdb;
10510
10511		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10512
10513		*lba = scsi_4btoul(cdb->addr);
10514		*len = scsi_2btoul(cdb->length);
10515		break;
10516	}
10517	case WRITE_VERIFY_10: {
10518		struct scsi_write_verify_10 *cdb;
10519
10520		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10521
10522		*lba = scsi_4btoul(cdb->addr);
10523		*len = scsi_2btoul(cdb->length);
10524		break;
10525	}
10526	case READ_12:
10527	case WRITE_12: {
10528		struct scsi_rw_12 *cdb;
10529
10530		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10531
10532		*lba = scsi_4btoul(cdb->addr);
10533		*len = scsi_4btoul(cdb->length);
10534		break;
10535	}
10536	case WRITE_VERIFY_12: {
10537		struct scsi_write_verify_12 *cdb;
10538
10539		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10540
10541		*lba = scsi_4btoul(cdb->addr);
10542		*len = scsi_4btoul(cdb->length);
10543		break;
10544	}
10545	case READ_16:
10546	case WRITE_16: {
10547		struct scsi_rw_16 *cdb;
10548
10549		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10550
10551		*lba = scsi_8btou64(cdb->addr);
10552		*len = scsi_4btoul(cdb->length);
10553		break;
10554	}
10555	case WRITE_ATOMIC_16: {
10556		struct scsi_write_atomic_16 *cdb;
10557
10558		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10559
10560		*lba = scsi_8btou64(cdb->addr);
10561		*len = scsi_2btoul(cdb->length);
10562		break;
10563	}
10564	case WRITE_VERIFY_16: {
10565		struct scsi_write_verify_16 *cdb;
10566
10567		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10568
10569		*lba = scsi_8btou64(cdb->addr);
10570		*len = scsi_4btoul(cdb->length);
10571		break;
10572	}
10573	case WRITE_SAME_10: {
10574		struct scsi_write_same_10 *cdb;
10575
10576		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10577
10578		*lba = scsi_4btoul(cdb->addr);
10579		*len = scsi_2btoul(cdb->length);
10580		break;
10581	}
10582	case WRITE_SAME_16: {
10583		struct scsi_write_same_16 *cdb;
10584
10585		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10586
10587		*lba = scsi_8btou64(cdb->addr);
10588		*len = scsi_4btoul(cdb->length);
10589		break;
10590	}
10591	case VERIFY_10: {
10592		struct scsi_verify_10 *cdb;
10593
10594		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10595
10596		*lba = scsi_4btoul(cdb->addr);
10597		*len = scsi_2btoul(cdb->length);
10598		break;
10599	}
10600	case VERIFY_12: {
10601		struct scsi_verify_12 *cdb;
10602
10603		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10604
10605		*lba = scsi_4btoul(cdb->addr);
10606		*len = scsi_4btoul(cdb->length);
10607		break;
10608	}
10609	case VERIFY_16: {
10610		struct scsi_verify_16 *cdb;
10611
10612		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10613
10614		*lba = scsi_8btou64(cdb->addr);
10615		*len = scsi_4btoul(cdb->length);
10616		break;
10617	}
10618	case UNMAP: {
10619		*lba = 0;
10620		*len = UINT64_MAX;
10621		break;
10622	}
10623	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10624		struct scsi_get_lba_status *cdb;
10625
10626		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10627		*lba = scsi_8btou64(cdb->addr);
10628		*len = UINT32_MAX;
10629		break;
10630	}
10631	default:
10632		return (1);
10633		break; /* NOTREACHED */
10634	}
10635
10636	return (0);
10637}
10638
10639static ctl_action
10640ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10641    bool seq)
10642{
10643	uint64_t endlba1, endlba2;
10644
10645	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10646	endlba2 = lba2 + len2 - 1;
10647
10648	if ((endlba1 < lba2) || (endlba2 < lba1))
10649		return (CTL_ACTION_PASS);
10650	else
10651		return (CTL_ACTION_BLOCK);
10652}
10653
10654static int
10655ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10656{
10657	struct ctl_ptr_len_flags *ptrlen;
10658	struct scsi_unmap_desc *buf, *end, *range;
10659	uint64_t lba;
10660	uint32_t len;
10661
10662	/* If not UNMAP -- go other way. */
10663	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10664	    io->scsiio.cdb[0] != UNMAP)
10665		return (CTL_ACTION_ERROR);
10666
10667	/* If UNMAP without data -- block and wait for data. */
10668	ptrlen = (struct ctl_ptr_len_flags *)
10669	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10670	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10671	    ptrlen->ptr == NULL)
10672		return (CTL_ACTION_BLOCK);
10673
10674	/* UNMAP with data -- check for collision. */
10675	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10676	end = buf + ptrlen->len / sizeof(*buf);
10677	for (range = buf; range < end; range++) {
10678		lba = scsi_8btou64(range->lba);
10679		len = scsi_4btoul(range->length);
10680		if ((lba < lba2 + len2) && (lba + len > lba2))
10681			return (CTL_ACTION_BLOCK);
10682	}
10683	return (CTL_ACTION_PASS);
10684}
10685
10686static ctl_action
10687ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10688{
10689	uint64_t lba1, lba2;
10690	uint64_t len1, len2;
10691	int retval;
10692
10693	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10694		return (CTL_ACTION_ERROR);
10695
10696	retval = ctl_extent_check_unmap(io1, lba2, len2);
10697	if (retval != CTL_ACTION_ERROR)
10698		return (retval);
10699
10700	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10701		return (CTL_ACTION_ERROR);
10702
10703	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10704		seq = FALSE;
10705	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10706}
10707
10708static ctl_action
10709ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10710{
10711	uint64_t lba1, lba2;
10712	uint64_t len1, len2;
10713
10714	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10715		return (CTL_ACTION_PASS);
10716	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10717		return (CTL_ACTION_ERROR);
10718	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10719		return (CTL_ACTION_ERROR);
10720
10721	if (lba1 + len1 == lba2)
10722		return (CTL_ACTION_BLOCK);
10723	return (CTL_ACTION_PASS);
10724}
10725
10726static ctl_action
10727ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10728    union ctl_io *ooa_io)
10729{
10730	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10731	const ctl_serialize_action *serialize_row;
10732
10733	/*
10734	 * The initiator attempted multiple untagged commands at the same
10735	 * time.  Can't do that.
10736	 */
10737	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10738	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10739	 && ((pending_io->io_hdr.nexus.targ_port ==
10740	      ooa_io->io_hdr.nexus.targ_port)
10741	  && (pending_io->io_hdr.nexus.initid ==
10742	      ooa_io->io_hdr.nexus.initid))
10743	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10744	      CTL_FLAG_STATUS_SENT)) == 0))
10745		return (CTL_ACTION_OVERLAP);
10746
10747	/*
10748	 * The initiator attempted to send multiple tagged commands with
10749	 * the same ID.  (It's fine if different initiators have the same
10750	 * tag ID.)
10751	 *
10752	 * Even if all of those conditions are true, we don't kill the I/O
10753	 * if the command ahead of us has been aborted.  We won't end up
10754	 * sending it to the FETD, and it's perfectly legal to resend a
10755	 * command with the same tag number as long as the previous
10756	 * instance of this tag number has been aborted somehow.
10757	 */
10758	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10759	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10760	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10761	 && ((pending_io->io_hdr.nexus.targ_port ==
10762	      ooa_io->io_hdr.nexus.targ_port)
10763	  && (pending_io->io_hdr.nexus.initid ==
10764	      ooa_io->io_hdr.nexus.initid))
10765	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10766	      CTL_FLAG_STATUS_SENT)) == 0))
10767		return (CTL_ACTION_OVERLAP_TAG);
10768
10769	/*
10770	 * If we get a head of queue tag, SAM-3 says that we should
10771	 * immediately execute it.
10772	 *
10773	 * What happens if this command would normally block for some other
10774	 * reason?  e.g. a request sense with a head of queue tag
10775	 * immediately after a write.  Normally that would block, but this
10776	 * will result in its getting executed immediately...
10777	 *
10778	 * We currently return "pass" instead of "skip", so we'll end up
10779	 * going through the rest of the queue to check for overlapped tags.
10780	 *
10781	 * XXX KDM check for other types of blockage first??
10782	 */
10783	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10784		return (CTL_ACTION_PASS);
10785
10786	/*
10787	 * Ordered tags have to block until all items ahead of them
10788	 * have completed.  If we get called with an ordered tag, we always
10789	 * block, if something else is ahead of us in the queue.
10790	 */
10791	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10792		return (CTL_ACTION_BLOCK);
10793
10794	/*
10795	 * Simple tags get blocked until all head of queue and ordered tags
10796	 * ahead of them have completed.  I'm lumping untagged commands in
10797	 * with simple tags here.  XXX KDM is that the right thing to do?
10798	 */
10799	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10800	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10801	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10802	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10803		return (CTL_ACTION_BLOCK);
10804
10805	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10806	KASSERT(pending_entry->seridx < CTL_SERIDX_COUNT,
10807	    ("%s: Invalid seridx %d for pending CDB %02x %02x @ %p",
10808	     __func__, pending_entry->seridx, pending_io->scsiio.cdb[0],
10809	     pending_io->scsiio.cdb[1], pending_io));
10810	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10811	if (ooa_entry->seridx == CTL_SERIDX_INVLD)
10812		return (CTL_ACTION_PASS); /* Unsupported command in OOA queue */
10813	KASSERT(ooa_entry->seridx < CTL_SERIDX_COUNT,
10814	    ("%s: Invalid seridx %d for ooa CDB %02x %02x @ %p",
10815	     __func__, ooa_entry->seridx, ooa_io->scsiio.cdb[0],
10816	     ooa_io->scsiio.cdb[1], ooa_io));
10817
10818	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10819
10820	switch (serialize_row[pending_entry->seridx]) {
10821	case CTL_SER_BLOCK:
10822		return (CTL_ACTION_BLOCK);
10823	case CTL_SER_EXTENT:
10824		return (ctl_extent_check(ooa_io, pending_io,
10825		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10826	case CTL_SER_EXTENTOPT:
10827		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
10828		    SCP_QUEUE_ALG_UNRESTRICTED)
10829			return (ctl_extent_check(ooa_io, pending_io,
10830			    (lun->be_lun &&
10831			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10832		return (CTL_ACTION_PASS);
10833	case CTL_SER_EXTENTSEQ:
10834		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10835			return (ctl_extent_check_seq(ooa_io, pending_io));
10836		return (CTL_ACTION_PASS);
10837	case CTL_SER_PASS:
10838		return (CTL_ACTION_PASS);
10839	case CTL_SER_BLOCKOPT:
10840		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
10841		    SCP_QUEUE_ALG_UNRESTRICTED)
10842			return (CTL_ACTION_BLOCK);
10843		return (CTL_ACTION_PASS);
10844	case CTL_SER_SKIP:
10845		return (CTL_ACTION_SKIP);
10846	default:
10847		panic("%s: Invalid serialization value %d for %d => %d",
10848		    __func__, serialize_row[pending_entry->seridx],
10849		    pending_entry->seridx, ooa_entry->seridx);
10850	}
10851
10852	return (CTL_ACTION_ERROR);
10853}
10854
10855/*
10856 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10857 * Assumptions:
10858 * - pending_io is generally either incoming, or on the blocked queue
10859 * - starting I/O is the I/O we want to start the check with.
10860 */
10861static ctl_action
10862ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10863	      union ctl_io *starting_io)
10864{
10865	union ctl_io *ooa_io;
10866	ctl_action action;
10867
10868	mtx_assert(&lun->lun_lock, MA_OWNED);
10869
10870	/*
10871	 * Run back along the OOA queue, starting with the current
10872	 * blocked I/O and going through every I/O before it on the
10873	 * queue.  If starting_io is NULL, we'll just end up returning
10874	 * CTL_ACTION_PASS.
10875	 */
10876	for (ooa_io = starting_io; ooa_io != NULL;
10877	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10878	     ooa_links)){
10879
10880		/*
10881		 * This routine just checks to see whether
10882		 * cur_blocked is blocked by ooa_io, which is ahead
10883		 * of it in the queue.  It doesn't queue/dequeue
10884		 * cur_blocked.
10885		 */
10886		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10887		switch (action) {
10888		case CTL_ACTION_BLOCK:
10889		case CTL_ACTION_OVERLAP:
10890		case CTL_ACTION_OVERLAP_TAG:
10891		case CTL_ACTION_SKIP:
10892		case CTL_ACTION_ERROR:
10893			return (action);
10894			break; /* NOTREACHED */
10895		case CTL_ACTION_PASS:
10896			break;
10897		default:
10898			panic("%s: Invalid action %d\n", __func__, action);
10899		}
10900	}
10901
10902	return (CTL_ACTION_PASS);
10903}
10904
10905/*
10906 * Assumptions:
10907 * - An I/O has just completed, and has been removed from the per-LUN OOA
10908 *   queue, so some items on the blocked queue may now be unblocked.
10909 */
10910static int
10911ctl_check_blocked(struct ctl_lun *lun)
10912{
10913	struct ctl_softc *softc = lun->ctl_softc;
10914	union ctl_io *cur_blocked, *next_blocked;
10915
10916	mtx_assert(&lun->lun_lock, MA_OWNED);
10917
10918	/*
10919	 * Run forward from the head of the blocked queue, checking each
10920	 * entry against the I/Os prior to it on the OOA queue to see if
10921	 * there is still any blockage.
10922	 *
10923	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10924	 * with our removing a variable on it while it is traversing the
10925	 * list.
10926	 */
10927	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10928	     cur_blocked != NULL; cur_blocked = next_blocked) {
10929		union ctl_io *prev_ooa;
10930		ctl_action action;
10931
10932		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10933							  blocked_links);
10934
10935		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10936						      ctl_ooaq, ooa_links);
10937
10938		/*
10939		 * If cur_blocked happens to be the first item in the OOA
10940		 * queue now, prev_ooa will be NULL, and the action
10941		 * returned will just be CTL_ACTION_PASS.
10942		 */
10943		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10944
10945		switch (action) {
10946		case CTL_ACTION_BLOCK:
10947			/* Nothing to do here, still blocked */
10948			break;
10949		case CTL_ACTION_OVERLAP:
10950		case CTL_ACTION_OVERLAP_TAG:
10951			/*
10952			 * This shouldn't happen!  In theory we've already
10953			 * checked this command for overlap...
10954			 */
10955			break;
10956		case CTL_ACTION_PASS:
10957		case CTL_ACTION_SKIP: {
10958			const struct ctl_cmd_entry *entry;
10959
10960			/*
10961			 * The skip case shouldn't happen, this transaction
10962			 * should have never made it onto the blocked queue.
10963			 */
10964			/*
10965			 * This I/O is no longer blocked, we can remove it
10966			 * from the blocked queue.  Since this is a TAILQ
10967			 * (doubly linked list), we can do O(1) removals
10968			 * from any place on the list.
10969			 */
10970			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10971				     blocked_links);
10972			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10973
10974			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10975			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10976				/*
10977				 * Need to send IO back to original side to
10978				 * run
10979				 */
10980				union ctl_ha_msg msg_info;
10981
10982				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10983				msg_info.hdr.original_sc =
10984					cur_blocked->io_hdr.original_sc;
10985				msg_info.hdr.serializing_sc = cur_blocked;
10986				msg_info.hdr.msg_type = CTL_MSG_R2R;
10987				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10988				    sizeof(msg_info.hdr), M_NOWAIT);
10989				break;
10990			}
10991			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10992
10993			/*
10994			 * Check this I/O for LUN state changes that may
10995			 * have happened while this command was blocked.
10996			 * The LUN state may have been changed by a command
10997			 * ahead of us in the queue, so we need to re-check
10998			 * for any states that can be caused by SCSI
10999			 * commands.
11000			 */
11001			if (ctl_scsiio_lun_check(lun, entry,
11002						 &cur_blocked->scsiio) == 0) {
11003				cur_blocked->io_hdr.flags |=
11004				                      CTL_FLAG_IS_WAS_ON_RTR;
11005				ctl_enqueue_rtr(cur_blocked);
11006			} else
11007				ctl_done(cur_blocked);
11008			break;
11009		}
11010		default:
11011			/*
11012			 * This probably shouldn't happen -- we shouldn't
11013			 * get CTL_ACTION_ERROR, or anything else.
11014			 */
11015			break;
11016		}
11017	}
11018
11019	return (CTL_RETVAL_COMPLETE);
11020}
11021
11022/*
11023 * This routine (with one exception) checks LUN flags that can be set by
11024 * commands ahead of us in the OOA queue.  These flags have to be checked
11025 * when a command initially comes in, and when we pull a command off the
11026 * blocked queue and are preparing to execute it.  The reason we have to
11027 * check these flags for commands on the blocked queue is that the LUN
11028 * state may have been changed by a command ahead of us while we're on the
11029 * blocked queue.
11030 *
11031 * Ordering is somewhat important with these checks, so please pay
11032 * careful attention to the placement of any new checks.
11033 */
11034static int
11035ctl_scsiio_lun_check(struct ctl_lun *lun,
11036    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11037{
11038	struct ctl_softc *softc = lun->ctl_softc;
11039	int retval;
11040	uint32_t residx;
11041
11042	retval = 0;
11043
11044	mtx_assert(&lun->lun_lock, MA_OWNED);
11045
11046	/*
11047	 * If this shelf is a secondary shelf controller, we may have to
11048	 * reject some commands disallowed by HA mode and link state.
11049	 */
11050	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11051		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11052		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11053			ctl_set_lun_unavail(ctsio);
11054			retval = 1;
11055			goto bailout;
11056		}
11057		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11058		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11059			ctl_set_lun_transit(ctsio);
11060			retval = 1;
11061			goto bailout;
11062		}
11063		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11064		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11065			ctl_set_lun_standby(ctsio);
11066			retval = 1;
11067			goto bailout;
11068		}
11069
11070		/* The rest of checks are only done on executing side */
11071		if (softc->ha_mode == CTL_HA_MODE_XFER)
11072			goto bailout;
11073	}
11074
11075	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11076		if (lun->be_lun &&
11077		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11078			ctl_set_hw_write_protected(ctsio);
11079			retval = 1;
11080			goto bailout;
11081		}
11082		if ((lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0) {
11083			ctl_set_sense(ctsio, /*current_error*/ 1,
11084			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11085			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11086			retval = 1;
11087			goto bailout;
11088		}
11089	}
11090
11091	/*
11092	 * Check for a reservation conflict.  If this command isn't allowed
11093	 * even on reserved LUNs, and if this initiator isn't the one who
11094	 * reserved us, reject the command with a reservation conflict.
11095	 */
11096	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11097	if ((lun->flags & CTL_LUN_RESERVED)
11098	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11099		if (lun->res_idx != residx) {
11100			ctl_set_reservation_conflict(ctsio);
11101			retval = 1;
11102			goto bailout;
11103		}
11104	}
11105
11106	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11107	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11108		/* No reservation or command is allowed. */;
11109	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11110	    (lun->pr_res_type == SPR_TYPE_WR_EX ||
11111	     lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
11112	     lun->pr_res_type == SPR_TYPE_WR_EX_AR)) {
11113		/* The command is allowed for Write Exclusive resv. */;
11114	} else {
11115		/*
11116		 * if we aren't registered or it's a res holder type
11117		 * reservation and this isn't the res holder then set a
11118		 * conflict.
11119		 */
11120		if (ctl_get_prkey(lun, residx) == 0 ||
11121		    (residx != lun->pr_res_idx && lun->pr_res_type < 4)) {
11122			ctl_set_reservation_conflict(ctsio);
11123			retval = 1;
11124			goto bailout;
11125		}
11126	}
11127
11128	if ((entry->flags & CTL_CMD_FLAG_OK_ON_NO_MEDIA) == 0) {
11129		if (lun->flags & CTL_LUN_EJECTED)
11130			ctl_set_lun_ejected(ctsio);
11131		else if (lun->flags & CTL_LUN_NO_MEDIA) {
11132			if (lun->flags & CTL_LUN_REMOVABLE)
11133				ctl_set_lun_no_media(ctsio);
11134			else
11135				ctl_set_lun_int_reqd(ctsio);
11136		} else if (lun->flags & CTL_LUN_STOPPED)
11137			ctl_set_lun_stopped(ctsio);
11138		else
11139			goto bailout;
11140		retval = 1;
11141		goto bailout;
11142	}
11143
11144bailout:
11145	return (retval);
11146}
11147
11148static void
11149ctl_failover_io(union ctl_io *io, int have_lock)
11150{
11151	ctl_set_busy(&io->scsiio);
11152	ctl_done(io);
11153}
11154
11155static void
11156ctl_failover_lun(union ctl_io *rio)
11157{
11158	struct ctl_softc *softc = CTL_SOFTC(rio);
11159	struct ctl_lun *lun;
11160	struct ctl_io_hdr *io, *next_io;
11161	uint32_t targ_lun;
11162
11163	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
11164	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
11165
11166	/* Find and lock the LUN. */
11167	mtx_lock(&softc->ctl_lock);
11168	if (targ_lun > CTL_MAX_LUNS ||
11169	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11170		mtx_unlock(&softc->ctl_lock);
11171		return;
11172	}
11173	mtx_lock(&lun->lun_lock);
11174	mtx_unlock(&softc->ctl_lock);
11175	if (lun->flags & CTL_LUN_DISABLED) {
11176		mtx_unlock(&lun->lun_lock);
11177		return;
11178	}
11179
11180	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11181		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11182			/* We are master */
11183			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11184				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11185					io->flags |= CTL_FLAG_ABORT;
11186					io->flags |= CTL_FLAG_FAILOVER;
11187				} else { /* This can be only due to DATAMOVE */
11188					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11189					io->flags &= ~CTL_FLAG_DMA_INPROG;
11190					io->flags |= CTL_FLAG_IO_ACTIVE;
11191					io->port_status = 31340;
11192					ctl_enqueue_isc((union ctl_io *)io);
11193				}
11194			}
11195			/* We are slave */
11196			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11197				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11198				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11199					io->flags |= CTL_FLAG_FAILOVER;
11200				} else {
11201					ctl_set_busy(&((union ctl_io *)io)->
11202					    scsiio);
11203					ctl_done((union ctl_io *)io);
11204				}
11205			}
11206		}
11207	} else { /* SERIALIZE modes */
11208		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11209		    next_io) {
11210			/* We are master */
11211			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11212				TAILQ_REMOVE(&lun->blocked_queue, io,
11213				    blocked_links);
11214				io->flags &= ~CTL_FLAG_BLOCKED;
11215				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11216				ctl_free_io((union ctl_io *)io);
11217			}
11218		}
11219		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11220			/* We are master */
11221			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11222				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11223				ctl_free_io((union ctl_io *)io);
11224			}
11225			/* We are slave */
11226			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11227				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11228				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11229					ctl_set_busy(&((union ctl_io *)io)->
11230					    scsiio);
11231					ctl_done((union ctl_io *)io);
11232				}
11233			}
11234		}
11235		ctl_check_blocked(lun);
11236	}
11237	mtx_unlock(&lun->lun_lock);
11238}
11239
11240static int
11241ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11242{
11243	struct ctl_lun *lun;
11244	const struct ctl_cmd_entry *entry;
11245	uint32_t initidx, targ_lun;
11246	int retval = 0;
11247
11248	lun = NULL;
11249	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11250	if (targ_lun < CTL_MAX_LUNS)
11251		lun = softc->ctl_luns[targ_lun];
11252	if (lun) {
11253		/*
11254		 * If the LUN is invalid, pretend that it doesn't exist.
11255		 * It will go away as soon as all pending I/O has been
11256		 * completed.
11257		 */
11258		mtx_lock(&lun->lun_lock);
11259		if (lun->flags & CTL_LUN_DISABLED) {
11260			mtx_unlock(&lun->lun_lock);
11261			lun = NULL;
11262		}
11263	}
11264	CTL_LUN(ctsio) = lun;
11265	if (lun) {
11266		CTL_BACKEND_LUN(ctsio) = lun->be_lun;
11267
11268		/*
11269		 * Every I/O goes into the OOA queue for a particular LUN,
11270		 * and stays there until completion.
11271		 */
11272#ifdef CTL_TIME_IO
11273		if (TAILQ_EMPTY(&lun->ooa_queue))
11274			lun->idle_time += getsbinuptime() - lun->last_busy;
11275#endif
11276		TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
11277	}
11278
11279	/* Get command entry and return error if it is unsuppotyed. */
11280	entry = ctl_validate_command(ctsio);
11281	if (entry == NULL) {
11282		if (lun)
11283			mtx_unlock(&lun->lun_lock);
11284		return (retval);
11285	}
11286
11287	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11288	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11289
11290	/*
11291	 * Check to see whether we can send this command to LUNs that don't
11292	 * exist.  This should pretty much only be the case for inquiry
11293	 * and request sense.  Further checks, below, really require having
11294	 * a LUN, so we can't really check the command anymore.  Just put
11295	 * it on the rtr queue.
11296	 */
11297	if (lun == NULL) {
11298		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11299			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11300			ctl_enqueue_rtr((union ctl_io *)ctsio);
11301			return (retval);
11302		}
11303
11304		ctl_set_unsupported_lun(ctsio);
11305		ctl_done((union ctl_io *)ctsio);
11306		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11307		return (retval);
11308	} else {
11309		/*
11310		 * Make sure we support this particular command on this LUN.
11311		 * e.g., we don't support writes to the control LUN.
11312		 */
11313		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11314			mtx_unlock(&lun->lun_lock);
11315			ctl_set_invalid_opcode(ctsio);
11316			ctl_done((union ctl_io *)ctsio);
11317			return (retval);
11318		}
11319	}
11320
11321	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11322
11323#ifdef CTL_WITH_CA
11324	/*
11325	 * If we've got a request sense, it'll clear the contingent
11326	 * allegiance condition.  Otherwise, if we have a CA condition for
11327	 * this initiator, clear it, because it sent down a command other
11328	 * than request sense.
11329	 */
11330	if ((ctsio->cdb[0] != REQUEST_SENSE)
11331	 && (ctl_is_set(lun->have_ca, initidx)))
11332		ctl_clear_mask(lun->have_ca, initidx);
11333#endif
11334
11335	/*
11336	 * If the command has this flag set, it handles its own unit
11337	 * attention reporting, we shouldn't do anything.  Otherwise we
11338	 * check for any pending unit attentions, and send them back to the
11339	 * initiator.  We only do this when a command initially comes in,
11340	 * not when we pull it off the blocked queue.
11341	 *
11342	 * According to SAM-3, section 5.3.2, the order that things get
11343	 * presented back to the host is basically unit attentions caused
11344	 * by some sort of reset event, busy status, reservation conflicts
11345	 * or task set full, and finally any other status.
11346	 *
11347	 * One issue here is that some of the unit attentions we report
11348	 * don't fall into the "reset" category (e.g. "reported luns data
11349	 * has changed").  So reporting it here, before the reservation
11350	 * check, may be technically wrong.  I guess the only thing to do
11351	 * would be to check for and report the reset events here, and then
11352	 * check for the other unit attention types after we check for a
11353	 * reservation conflict.
11354	 *
11355	 * XXX KDM need to fix this
11356	 */
11357	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11358		ctl_ua_type ua_type;
11359		u_int sense_len = 0;
11360
11361		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11362		    &sense_len, SSD_TYPE_NONE);
11363		if (ua_type != CTL_UA_NONE) {
11364			mtx_unlock(&lun->lun_lock);
11365			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11366			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11367			ctsio->sense_len = sense_len;
11368			ctl_done((union ctl_io *)ctsio);
11369			return (retval);
11370		}
11371	}
11372
11373
11374	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11375		mtx_unlock(&lun->lun_lock);
11376		ctl_done((union ctl_io *)ctsio);
11377		return (retval);
11378	}
11379
11380	/*
11381	 * XXX CHD this is where we want to send IO to other side if
11382	 * this LUN is secondary on this SC. We will need to make a copy
11383	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11384	 * the copy we send as FROM_OTHER.
11385	 * We also need to stuff the address of the original IO so we can
11386	 * find it easily. Something similar will need be done on the other
11387	 * side so when we are done we can find the copy.
11388	 */
11389	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11390	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11391	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11392		union ctl_ha_msg msg_info;
11393		int isc_retval;
11394
11395		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11396		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11397		mtx_unlock(&lun->lun_lock);
11398
11399		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11400		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11401		msg_info.hdr.serializing_sc = NULL;
11402		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11403		msg_info.scsi.tag_num = ctsio->tag_num;
11404		msg_info.scsi.tag_type = ctsio->tag_type;
11405		msg_info.scsi.cdb_len = ctsio->cdb_len;
11406		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11407
11408		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11409		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11410		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11411			ctl_set_busy(ctsio);
11412			ctl_done((union ctl_io *)ctsio);
11413			return (retval);
11414		}
11415		return (retval);
11416	}
11417
11418	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11419			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11420			      ctl_ooaq, ooa_links))) {
11421	case CTL_ACTION_BLOCK:
11422		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11423		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11424				  blocked_links);
11425		mtx_unlock(&lun->lun_lock);
11426		return (retval);
11427	case CTL_ACTION_PASS:
11428	case CTL_ACTION_SKIP:
11429		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11430		mtx_unlock(&lun->lun_lock);
11431		ctl_enqueue_rtr((union ctl_io *)ctsio);
11432		break;
11433	case CTL_ACTION_OVERLAP:
11434		mtx_unlock(&lun->lun_lock);
11435		ctl_set_overlapped_cmd(ctsio);
11436		ctl_done((union ctl_io *)ctsio);
11437		break;
11438	case CTL_ACTION_OVERLAP_TAG:
11439		mtx_unlock(&lun->lun_lock);
11440		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11441		ctl_done((union ctl_io *)ctsio);
11442		break;
11443	case CTL_ACTION_ERROR:
11444	default:
11445		mtx_unlock(&lun->lun_lock);
11446		ctl_set_internal_failure(ctsio,
11447					 /*sks_valid*/ 0,
11448					 /*retry_count*/ 0);
11449		ctl_done((union ctl_io *)ctsio);
11450		break;
11451	}
11452	return (retval);
11453}
11454
11455const struct ctl_cmd_entry *
11456ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11457{
11458	const struct ctl_cmd_entry *entry;
11459	int service_action;
11460
11461	entry = &ctl_cmd_table[ctsio->cdb[0]];
11462	if (sa)
11463		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11464	if (entry->flags & CTL_CMD_FLAG_SA5) {
11465		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11466		entry = &((const struct ctl_cmd_entry *)
11467		    entry->execute)[service_action];
11468	}
11469	return (entry);
11470}
11471
11472const struct ctl_cmd_entry *
11473ctl_validate_command(struct ctl_scsiio *ctsio)
11474{
11475	const struct ctl_cmd_entry *entry;
11476	int i, sa;
11477	uint8_t diff;
11478
11479	entry = ctl_get_cmd_entry(ctsio, &sa);
11480	if (entry->execute == NULL) {
11481		if (sa)
11482			ctl_set_invalid_field(ctsio,
11483					      /*sks_valid*/ 1,
11484					      /*command*/ 1,
11485					      /*field*/ 1,
11486					      /*bit_valid*/ 1,
11487					      /*bit*/ 4);
11488		else
11489			ctl_set_invalid_opcode(ctsio);
11490		ctl_done((union ctl_io *)ctsio);
11491		return (NULL);
11492	}
11493	KASSERT(entry->length > 0,
11494	    ("Not defined length for command 0x%02x/0x%02x",
11495	     ctsio->cdb[0], ctsio->cdb[1]));
11496	for (i = 1; i < entry->length; i++) {
11497		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11498		if (diff == 0)
11499			continue;
11500		ctl_set_invalid_field(ctsio,
11501				      /*sks_valid*/ 1,
11502				      /*command*/ 1,
11503				      /*field*/ i,
11504				      /*bit_valid*/ 1,
11505				      /*bit*/ fls(diff) - 1);
11506		ctl_done((union ctl_io *)ctsio);
11507		return (NULL);
11508	}
11509	return (entry);
11510}
11511
11512static int
11513ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11514{
11515
11516	switch (lun_type) {
11517	case T_DIRECT:
11518		if ((entry->flags & CTL_CMD_FLAG_OK_ON_DIRECT) == 0)
11519			return (0);
11520		break;
11521	case T_PROCESSOR:
11522		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11523			return (0);
11524		break;
11525	case T_CDROM:
11526		if ((entry->flags & CTL_CMD_FLAG_OK_ON_CDROM) == 0)
11527			return (0);
11528		break;
11529	default:
11530		return (0);
11531	}
11532	return (1);
11533}
11534
11535static int
11536ctl_scsiio(struct ctl_scsiio *ctsio)
11537{
11538	int retval;
11539	const struct ctl_cmd_entry *entry;
11540
11541	retval = CTL_RETVAL_COMPLETE;
11542
11543	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11544
11545	entry = ctl_get_cmd_entry(ctsio, NULL);
11546
11547	/*
11548	 * If this I/O has been aborted, just send it straight to
11549	 * ctl_done() without executing it.
11550	 */
11551	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11552		ctl_done((union ctl_io *)ctsio);
11553		goto bailout;
11554	}
11555
11556	/*
11557	 * All the checks should have been handled by ctl_scsiio_precheck().
11558	 * We should be clear now to just execute the I/O.
11559	 */
11560	retval = entry->execute(ctsio);
11561
11562bailout:
11563	return (retval);
11564}
11565
11566/*
11567 * Since we only implement one target right now, a bus reset simply resets
11568 * our single target.
11569 */
11570static int
11571ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11572{
11573	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11574}
11575
11576static int
11577ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11578		 ctl_ua_type ua_type)
11579{
11580	struct ctl_port *port = CTL_PORT(io);
11581	struct ctl_lun *lun;
11582	int retval;
11583
11584	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11585		union ctl_ha_msg msg_info;
11586
11587		msg_info.hdr.nexus = io->io_hdr.nexus;
11588		if (ua_type==CTL_UA_TARG_RESET)
11589			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11590		else
11591			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11592		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11593		msg_info.hdr.original_sc = NULL;
11594		msg_info.hdr.serializing_sc = NULL;
11595		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11596		    sizeof(msg_info.task), M_WAITOK);
11597	}
11598	retval = 0;
11599
11600	mtx_lock(&softc->ctl_lock);
11601	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11602		if (port != NULL &&
11603		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
11604			continue;
11605		retval += ctl_do_lun_reset(lun, io, ua_type);
11606	}
11607	mtx_unlock(&softc->ctl_lock);
11608	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11609	return (retval);
11610}
11611
11612/*
11613 * The LUN should always be set.  The I/O is optional, and is used to
11614 * distinguish between I/Os sent by this initiator, and by other
11615 * initiators.  We set unit attention for initiators other than this one.
11616 * SAM-3 is vague on this point.  It does say that a unit attention should
11617 * be established for other initiators when a LUN is reset (see section
11618 * 5.7.3), but it doesn't specifically say that the unit attention should
11619 * be established for this particular initiator when a LUN is reset.  Here
11620 * is the relevant text, from SAM-3 rev 8:
11621 *
11622 * 5.7.2 When a SCSI initiator port aborts its own tasks
11623 *
11624 * When a SCSI initiator port causes its own task(s) to be aborted, no
11625 * notification that the task(s) have been aborted shall be returned to
11626 * the SCSI initiator port other than the completion response for the
11627 * command or task management function action that caused the task(s) to
11628 * be aborted and notification(s) associated with related effects of the
11629 * action (e.g., a reset unit attention condition).
11630 *
11631 * XXX KDM for now, we're setting unit attention for all initiators.
11632 */
11633static int
11634ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11635{
11636	union ctl_io *xio;
11637#if 0
11638	uint32_t initidx;
11639#endif
11640	int i;
11641
11642	mtx_lock(&lun->lun_lock);
11643	/*
11644	 * Run through the OOA queue and abort each I/O.
11645	 */
11646	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11647	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11648		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11649	}
11650
11651	/*
11652	 * This version sets unit attention for every
11653	 */
11654#if 0
11655	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11656	ctl_est_ua_all(lun, initidx, ua_type);
11657#else
11658	ctl_est_ua_all(lun, -1, ua_type);
11659#endif
11660
11661	/*
11662	 * A reset (any kind, really) clears reservations established with
11663	 * RESERVE/RELEASE.  It does not clear reservations established
11664	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11665	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11666	 * reservations made with the RESERVE/RELEASE commands, because
11667	 * those commands are obsolete in SPC-3.
11668	 */
11669	lun->flags &= ~CTL_LUN_RESERVED;
11670
11671#ifdef CTL_WITH_CA
11672	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11673		ctl_clear_mask(lun->have_ca, i);
11674#endif
11675	lun->prevent_count = 0;
11676	if (lun->prevent) {
11677		for (i = 0; i < CTL_MAX_INITIATORS; i++)
11678			ctl_clear_mask(lun->prevent, i);
11679	}
11680	mtx_unlock(&lun->lun_lock);
11681
11682	return (0);
11683}
11684
11685static int
11686ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11687{
11688	struct ctl_lun *lun;
11689	uint32_t targ_lun;
11690	int retval;
11691
11692	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11693	mtx_lock(&softc->ctl_lock);
11694	if (targ_lun >= CTL_MAX_LUNS ||
11695	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11696		mtx_unlock(&softc->ctl_lock);
11697		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11698		return (1);
11699	}
11700	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11701	mtx_unlock(&softc->ctl_lock);
11702	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11703
11704	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11705		union ctl_ha_msg msg_info;
11706
11707		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11708		msg_info.hdr.nexus = io->io_hdr.nexus;
11709		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11710		msg_info.hdr.original_sc = NULL;
11711		msg_info.hdr.serializing_sc = NULL;
11712		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11713		    sizeof(msg_info.task), M_WAITOK);
11714	}
11715	return (retval);
11716}
11717
11718static void
11719ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11720    int other_sc)
11721{
11722	union ctl_io *xio;
11723
11724	mtx_assert(&lun->lun_lock, MA_OWNED);
11725
11726	/*
11727	 * Run through the OOA queue and attempt to find the given I/O.
11728	 * The target port, initiator ID, tag type and tag number have to
11729	 * match the values that we got from the initiator.  If we have an
11730	 * untagged command to abort, simply abort the first untagged command
11731	 * we come to.  We only allow one untagged command at a time of course.
11732	 */
11733	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11734	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11735
11736		if ((targ_port == UINT32_MAX ||
11737		     targ_port == xio->io_hdr.nexus.targ_port) &&
11738		    (init_id == UINT32_MAX ||
11739		     init_id == xio->io_hdr.nexus.initid)) {
11740			if (targ_port != xio->io_hdr.nexus.targ_port ||
11741			    init_id != xio->io_hdr.nexus.initid)
11742				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11743			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11744			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11745				union ctl_ha_msg msg_info;
11746
11747				msg_info.hdr.nexus = xio->io_hdr.nexus;
11748				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11749				msg_info.task.tag_num = xio->scsiio.tag_num;
11750				msg_info.task.tag_type = xio->scsiio.tag_type;
11751				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11752				msg_info.hdr.original_sc = NULL;
11753				msg_info.hdr.serializing_sc = NULL;
11754				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11755				    sizeof(msg_info.task), M_NOWAIT);
11756			}
11757		}
11758	}
11759}
11760
11761static int
11762ctl_abort_task_set(union ctl_io *io)
11763{
11764	struct ctl_softc *softc = CTL_SOFTC(io);
11765	struct ctl_lun *lun;
11766	uint32_t targ_lun;
11767
11768	/*
11769	 * Look up the LUN.
11770	 */
11771	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11772	mtx_lock(&softc->ctl_lock);
11773	if (targ_lun >= CTL_MAX_LUNS ||
11774	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11775		mtx_unlock(&softc->ctl_lock);
11776		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11777		return (1);
11778	}
11779
11780	mtx_lock(&lun->lun_lock);
11781	mtx_unlock(&softc->ctl_lock);
11782	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11783		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11784		    io->io_hdr.nexus.initid,
11785		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11786	} else { /* CTL_TASK_CLEAR_TASK_SET */
11787		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11788		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11789	}
11790	mtx_unlock(&lun->lun_lock);
11791	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11792	return (0);
11793}
11794
11795static int
11796ctl_i_t_nexus_reset(union ctl_io *io)
11797{
11798	struct ctl_softc *softc = CTL_SOFTC(io);
11799	struct ctl_lun *lun;
11800	uint32_t initidx;
11801
11802	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11803		union ctl_ha_msg msg_info;
11804
11805		msg_info.hdr.nexus = io->io_hdr.nexus;
11806		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11807		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11808		msg_info.hdr.original_sc = NULL;
11809		msg_info.hdr.serializing_sc = NULL;
11810		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11811		    sizeof(msg_info.task), M_WAITOK);
11812	}
11813
11814	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11815	mtx_lock(&softc->ctl_lock);
11816	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11817		mtx_lock(&lun->lun_lock);
11818		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11819		    io->io_hdr.nexus.initid, 1);
11820#ifdef CTL_WITH_CA
11821		ctl_clear_mask(lun->have_ca, initidx);
11822#endif
11823		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11824			lun->flags &= ~CTL_LUN_RESERVED;
11825		if (lun->prevent && ctl_is_set(lun->prevent, initidx)) {
11826			ctl_clear_mask(lun->prevent, initidx);
11827			lun->prevent_count--;
11828		}
11829		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11830		mtx_unlock(&lun->lun_lock);
11831	}
11832	mtx_unlock(&softc->ctl_lock);
11833	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11834	return (0);
11835}
11836
11837static int
11838ctl_abort_task(union ctl_io *io)
11839{
11840	struct ctl_softc *softc = CTL_SOFTC(io);
11841	union ctl_io *xio;
11842	struct ctl_lun *lun;
11843#if 0
11844	struct sbuf sb;
11845	char printbuf[128];
11846#endif
11847	int found;
11848	uint32_t targ_lun;
11849
11850	found = 0;
11851
11852	/*
11853	 * Look up the LUN.
11854	 */
11855	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11856	mtx_lock(&softc->ctl_lock);
11857	if (targ_lun >= CTL_MAX_LUNS ||
11858	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11859		mtx_unlock(&softc->ctl_lock);
11860		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11861		return (1);
11862	}
11863
11864#if 0
11865	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11866	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11867#endif
11868
11869	mtx_lock(&lun->lun_lock);
11870	mtx_unlock(&softc->ctl_lock);
11871	/*
11872	 * Run through the OOA queue and attempt to find the given I/O.
11873	 * The target port, initiator ID, tag type and tag number have to
11874	 * match the values that we got from the initiator.  If we have an
11875	 * untagged command to abort, simply abort the first untagged command
11876	 * we come to.  We only allow one untagged command at a time of course.
11877	 */
11878	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11879	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11880#if 0
11881		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11882
11883		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11884			    lun->lun, xio->scsiio.tag_num,
11885			    xio->scsiio.tag_type,
11886			    (xio->io_hdr.blocked_links.tqe_prev
11887			    == NULL) ? "" : " BLOCKED",
11888			    (xio->io_hdr.flags &
11889			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11890			    (xio->io_hdr.flags &
11891			    CTL_FLAG_ABORT) ? " ABORT" : "",
11892			    (xio->io_hdr.flags &
11893			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11894		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11895		sbuf_finish(&sb);
11896		printf("%s\n", sbuf_data(&sb));
11897#endif
11898
11899		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11900		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11901		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11902			continue;
11903
11904		/*
11905		 * If the abort says that the task is untagged, the
11906		 * task in the queue must be untagged.  Otherwise,
11907		 * we just check to see whether the tag numbers
11908		 * match.  This is because the QLogic firmware
11909		 * doesn't pass back the tag type in an abort
11910		 * request.
11911		 */
11912#if 0
11913		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11914		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11915		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11916#endif
11917		/*
11918		 * XXX KDM we've got problems with FC, because it
11919		 * doesn't send down a tag type with aborts.  So we
11920		 * can only really go by the tag number...
11921		 * This may cause problems with parallel SCSI.
11922		 * Need to figure that out!!
11923		 */
11924		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11925			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11926			found = 1;
11927			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11928			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11929				union ctl_ha_msg msg_info;
11930
11931				msg_info.hdr.nexus = io->io_hdr.nexus;
11932				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11933				msg_info.task.tag_num = io->taskio.tag_num;
11934				msg_info.task.tag_type = io->taskio.tag_type;
11935				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11936				msg_info.hdr.original_sc = NULL;
11937				msg_info.hdr.serializing_sc = NULL;
11938#if 0
11939				printf("Sent Abort to other side\n");
11940#endif
11941				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11942				    sizeof(msg_info.task), M_NOWAIT);
11943			}
11944#if 0
11945			printf("ctl_abort_task: found I/O to abort\n");
11946#endif
11947		}
11948	}
11949	mtx_unlock(&lun->lun_lock);
11950
11951	if (found == 0) {
11952		/*
11953		 * This isn't really an error.  It's entirely possible for
11954		 * the abort and command completion to cross on the wire.
11955		 * This is more of an informative/diagnostic error.
11956		 */
11957#if 0
11958		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11959		       "%u:%u:%u tag %d type %d\n",
11960		       io->io_hdr.nexus.initid,
11961		       io->io_hdr.nexus.targ_port,
11962		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11963		       io->taskio.tag_type);
11964#endif
11965	}
11966	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11967	return (0);
11968}
11969
11970static int
11971ctl_query_task(union ctl_io *io, int task_set)
11972{
11973	struct ctl_softc *softc = CTL_SOFTC(io);
11974	union ctl_io *xio;
11975	struct ctl_lun *lun;
11976	int found = 0;
11977	uint32_t targ_lun;
11978
11979	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11980	mtx_lock(&softc->ctl_lock);
11981	if (targ_lun >= CTL_MAX_LUNS ||
11982	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11983		mtx_unlock(&softc->ctl_lock);
11984		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11985		return (1);
11986	}
11987	mtx_lock(&lun->lun_lock);
11988	mtx_unlock(&softc->ctl_lock);
11989	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11990	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11991
11992		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11993		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11994		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11995			continue;
11996
11997		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11998			found = 1;
11999			break;
12000		}
12001	}
12002	mtx_unlock(&lun->lun_lock);
12003	if (found)
12004		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12005	else
12006		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12007	return (0);
12008}
12009
12010static int
12011ctl_query_async_event(union ctl_io *io)
12012{
12013	struct ctl_softc *softc = CTL_SOFTC(io);
12014	struct ctl_lun *lun;
12015	ctl_ua_type ua;
12016	uint32_t targ_lun, initidx;
12017
12018	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12019	mtx_lock(&softc->ctl_lock);
12020	if (targ_lun >= CTL_MAX_LUNS ||
12021	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12022		mtx_unlock(&softc->ctl_lock);
12023		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12024		return (1);
12025	}
12026	mtx_lock(&lun->lun_lock);
12027	mtx_unlock(&softc->ctl_lock);
12028	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12029	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12030	mtx_unlock(&lun->lun_lock);
12031	if (ua != CTL_UA_NONE)
12032		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12033	else
12034		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12035	return (0);
12036}
12037
12038static void
12039ctl_run_task(union ctl_io *io)
12040{
12041	struct ctl_softc *softc = CTL_SOFTC(io);
12042	int retval = 1;
12043
12044	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12045	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12046	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12047	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12048	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12049	switch (io->taskio.task_action) {
12050	case CTL_TASK_ABORT_TASK:
12051		retval = ctl_abort_task(io);
12052		break;
12053	case CTL_TASK_ABORT_TASK_SET:
12054	case CTL_TASK_CLEAR_TASK_SET:
12055		retval = ctl_abort_task_set(io);
12056		break;
12057	case CTL_TASK_CLEAR_ACA:
12058		break;
12059	case CTL_TASK_I_T_NEXUS_RESET:
12060		retval = ctl_i_t_nexus_reset(io);
12061		break;
12062	case CTL_TASK_LUN_RESET:
12063		retval = ctl_lun_reset(softc, io);
12064		break;
12065	case CTL_TASK_TARGET_RESET:
12066		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12067		break;
12068	case CTL_TASK_BUS_RESET:
12069		retval = ctl_bus_reset(softc, io);
12070		break;
12071	case CTL_TASK_PORT_LOGIN:
12072		break;
12073	case CTL_TASK_PORT_LOGOUT:
12074		break;
12075	case CTL_TASK_QUERY_TASK:
12076		retval = ctl_query_task(io, 0);
12077		break;
12078	case CTL_TASK_QUERY_TASK_SET:
12079		retval = ctl_query_task(io, 1);
12080		break;
12081	case CTL_TASK_QUERY_ASYNC_EVENT:
12082		retval = ctl_query_async_event(io);
12083		break;
12084	default:
12085		printf("%s: got unknown task management event %d\n",
12086		       __func__, io->taskio.task_action);
12087		break;
12088	}
12089	if (retval == 0)
12090		io->io_hdr.status = CTL_SUCCESS;
12091	else
12092		io->io_hdr.status = CTL_ERROR;
12093	ctl_done(io);
12094}
12095
12096/*
12097 * For HA operation.  Handle commands that come in from the other
12098 * controller.
12099 */
12100static void
12101ctl_handle_isc(union ctl_io *io)
12102{
12103	struct ctl_softc *softc = CTL_SOFTC(io);
12104	struct ctl_lun *lun;
12105	const struct ctl_cmd_entry *entry;
12106	uint32_t targ_lun;
12107
12108	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12109	switch (io->io_hdr.msg_type) {
12110	case CTL_MSG_SERIALIZE:
12111		ctl_serialize_other_sc_cmd(&io->scsiio);
12112		break;
12113	case CTL_MSG_R2R:		/* Only used in SER_ONLY mode. */
12114		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12115		if (targ_lun >= CTL_MAX_LUNS ||
12116		    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12117			ctl_done(io);
12118			break;
12119		}
12120		mtx_lock(&lun->lun_lock);
12121		if (ctl_scsiio_lun_check(lun, entry, &io->scsiio) != 0) {
12122			mtx_unlock(&lun->lun_lock);
12123			ctl_done(io);
12124			break;
12125		}
12126		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12127		mtx_unlock(&lun->lun_lock);
12128		ctl_enqueue_rtr(io);
12129		break;
12130	case CTL_MSG_FINISH_IO:
12131		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12132			ctl_done(io);
12133			break;
12134		}
12135		if (targ_lun >= CTL_MAX_LUNS ||
12136		    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12137			ctl_free_io(io);
12138			break;
12139		}
12140		mtx_lock(&lun->lun_lock);
12141		TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12142		ctl_check_blocked(lun);
12143		mtx_unlock(&lun->lun_lock);
12144		ctl_free_io(io);
12145		break;
12146	case CTL_MSG_PERS_ACTION:
12147		ctl_hndl_per_res_out_on_other_sc(io);
12148		ctl_free_io(io);
12149		break;
12150	case CTL_MSG_BAD_JUJU:
12151		ctl_done(io);
12152		break;
12153	case CTL_MSG_DATAMOVE:		/* Only used in XFER mode */
12154		ctl_datamove_remote(io);
12155		break;
12156	case CTL_MSG_DATAMOVE_DONE:	/* Only used in XFER mode */
12157		io->scsiio.be_move_done(io);
12158		break;
12159	case CTL_MSG_FAILOVER:
12160		ctl_failover_lun(io);
12161		ctl_free_io(io);
12162		break;
12163	default:
12164		printf("%s: Invalid message type %d\n",
12165		       __func__, io->io_hdr.msg_type);
12166		ctl_free_io(io);
12167		break;
12168	}
12169
12170}
12171
12172
12173/*
12174 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12175 * there is no match.
12176 */
12177static ctl_lun_error_pattern
12178ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12179{
12180	const struct ctl_cmd_entry *entry;
12181	ctl_lun_error_pattern filtered_pattern, pattern;
12182
12183	pattern = desc->error_pattern;
12184
12185	/*
12186	 * XXX KDM we need more data passed into this function to match a
12187	 * custom pattern, and we actually need to implement custom pattern
12188	 * matching.
12189	 */
12190	if (pattern & CTL_LUN_PAT_CMD)
12191		return (CTL_LUN_PAT_CMD);
12192
12193	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12194		return (CTL_LUN_PAT_ANY);
12195
12196	entry = ctl_get_cmd_entry(ctsio, NULL);
12197
12198	filtered_pattern = entry->pattern & pattern;
12199
12200	/*
12201	 * If the user requested specific flags in the pattern (e.g.
12202	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12203	 * flags.
12204	 *
12205	 * If the user did not specify any flags, it doesn't matter whether
12206	 * or not the command supports the flags.
12207	 */
12208	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12209	     (pattern & ~CTL_LUN_PAT_MASK))
12210		return (CTL_LUN_PAT_NONE);
12211
12212	/*
12213	 * If the user asked for a range check, see if the requested LBA
12214	 * range overlaps with this command's LBA range.
12215	 */
12216	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12217		uint64_t lba1;
12218		uint64_t len1;
12219		ctl_action action;
12220		int retval;
12221
12222		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12223		if (retval != 0)
12224			return (CTL_LUN_PAT_NONE);
12225
12226		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12227					      desc->lba_range.len, FALSE);
12228		/*
12229		 * A "pass" means that the LBA ranges don't overlap, so
12230		 * this doesn't match the user's range criteria.
12231		 */
12232		if (action == CTL_ACTION_PASS)
12233			return (CTL_LUN_PAT_NONE);
12234	}
12235
12236	return (filtered_pattern);
12237}
12238
12239static void
12240ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12241{
12242	struct ctl_error_desc *desc, *desc2;
12243
12244	mtx_assert(&lun->lun_lock, MA_OWNED);
12245
12246	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12247		ctl_lun_error_pattern pattern;
12248		/*
12249		 * Check to see whether this particular command matches
12250		 * the pattern in the descriptor.
12251		 */
12252		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12253		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12254			continue;
12255
12256		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12257		case CTL_LUN_INJ_ABORTED:
12258			ctl_set_aborted(&io->scsiio);
12259			break;
12260		case CTL_LUN_INJ_MEDIUM_ERR:
12261			ctl_set_medium_error(&io->scsiio,
12262			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12263			     CTL_FLAG_DATA_OUT);
12264			break;
12265		case CTL_LUN_INJ_UA:
12266			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12267			 * OCCURRED */
12268			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12269			break;
12270		case CTL_LUN_INJ_CUSTOM:
12271			/*
12272			 * We're assuming the user knows what he is doing.
12273			 * Just copy the sense information without doing
12274			 * checks.
12275			 */
12276			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12277			      MIN(sizeof(desc->custom_sense),
12278				  sizeof(io->scsiio.sense_data)));
12279			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12280			io->scsiio.sense_len = SSD_FULL_SIZE;
12281			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12282			break;
12283		case CTL_LUN_INJ_NONE:
12284		default:
12285			/*
12286			 * If this is an error injection type we don't know
12287			 * about, clear the continuous flag (if it is set)
12288			 * so it will get deleted below.
12289			 */
12290			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12291			break;
12292		}
12293		/*
12294		 * By default, each error injection action is a one-shot
12295		 */
12296		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12297			continue;
12298
12299		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12300
12301		free(desc, M_CTL);
12302	}
12303}
12304
12305#ifdef CTL_IO_DELAY
12306static void
12307ctl_datamove_timer_wakeup(void *arg)
12308{
12309	union ctl_io *io;
12310
12311	io = (union ctl_io *)arg;
12312
12313	ctl_datamove(io);
12314}
12315#endif /* CTL_IO_DELAY */
12316
12317void
12318ctl_datamove(union ctl_io *io)
12319{
12320	void (*fe_datamove)(union ctl_io *io);
12321
12322	mtx_assert(&((struct ctl_softc *)CTL_SOFTC(io))->ctl_lock, MA_NOTOWNED);
12323
12324	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12325
12326	/* No data transferred yet.  Frontend must update this when done. */
12327	io->scsiio.kern_data_resid = io->scsiio.kern_data_len;
12328
12329#ifdef CTL_TIME_IO
12330	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12331		char str[256];
12332		char path_str[64];
12333		struct sbuf sb;
12334
12335		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12336		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12337
12338		sbuf_cat(&sb, path_str);
12339		switch (io->io_hdr.io_type) {
12340		case CTL_IO_SCSI:
12341			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12342			sbuf_printf(&sb, "\n");
12343			sbuf_cat(&sb, path_str);
12344			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12345				    io->scsiio.tag_num, io->scsiio.tag_type);
12346			break;
12347		case CTL_IO_TASK:
12348			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12349				    "Tag Type: %d\n", io->taskio.task_action,
12350				    io->taskio.tag_num, io->taskio.tag_type);
12351			break;
12352		default:
12353			panic("%s: Invalid CTL I/O type %d\n",
12354			    __func__, io->io_hdr.io_type);
12355		}
12356		sbuf_cat(&sb, path_str);
12357		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12358			    (intmax_t)time_uptime - io->io_hdr.start_time);
12359		sbuf_finish(&sb);
12360		printf("%s", sbuf_data(&sb));
12361	}
12362#endif /* CTL_TIME_IO */
12363
12364#ifdef CTL_IO_DELAY
12365	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12366		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12367	} else {
12368		if ((lun != NULL)
12369		 && (lun->delay_info.datamove_delay > 0)) {
12370
12371			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12372			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12373			callout_reset(&io->io_hdr.delay_callout,
12374				      lun->delay_info.datamove_delay * hz,
12375				      ctl_datamove_timer_wakeup, io);
12376			if (lun->delay_info.datamove_type ==
12377			    CTL_DELAY_TYPE_ONESHOT)
12378				lun->delay_info.datamove_delay = 0;
12379			return;
12380		}
12381	}
12382#endif
12383
12384	/*
12385	 * This command has been aborted.  Set the port status, so we fail
12386	 * the data move.
12387	 */
12388	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12389		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12390		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12391		       io->io_hdr.nexus.targ_port,
12392		       io->io_hdr.nexus.targ_lun);
12393		io->io_hdr.port_status = 31337;
12394		/*
12395		 * Note that the backend, in this case, will get the
12396		 * callback in its context.  In other cases it may get
12397		 * called in the frontend's interrupt thread context.
12398		 */
12399		io->scsiio.be_move_done(io);
12400		return;
12401	}
12402
12403	/* Don't confuse frontend with zero length data move. */
12404	if (io->scsiio.kern_data_len == 0) {
12405		io->scsiio.be_move_done(io);
12406		return;
12407	}
12408
12409	fe_datamove = CTL_PORT(io)->fe_datamove;
12410	fe_datamove(io);
12411}
12412
12413static void
12414ctl_send_datamove_done(union ctl_io *io, int have_lock)
12415{
12416	union ctl_ha_msg msg;
12417#ifdef CTL_TIME_IO
12418	struct bintime cur_bt;
12419#endif
12420
12421	memset(&msg, 0, sizeof(msg));
12422	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12423	msg.hdr.original_sc = io;
12424	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12425	msg.hdr.nexus = io->io_hdr.nexus;
12426	msg.hdr.status = io->io_hdr.status;
12427	msg.scsi.kern_data_resid = io->scsiio.kern_data_resid;
12428	msg.scsi.tag_num = io->scsiio.tag_num;
12429	msg.scsi.tag_type = io->scsiio.tag_type;
12430	msg.scsi.scsi_status = io->scsiio.scsi_status;
12431	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12432	       io->scsiio.sense_len);
12433	msg.scsi.sense_len = io->scsiio.sense_len;
12434	msg.scsi.port_status = io->io_hdr.port_status;
12435	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12436	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12437		ctl_failover_io(io, /*have_lock*/ have_lock);
12438		return;
12439	}
12440	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12441	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12442	    msg.scsi.sense_len, M_WAITOK);
12443
12444#ifdef CTL_TIME_IO
12445	getbinuptime(&cur_bt);
12446	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12447	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12448#endif
12449	io->io_hdr.num_dmas++;
12450}
12451
12452/*
12453 * The DMA to the remote side is done, now we need to tell the other side
12454 * we're done so it can continue with its data movement.
12455 */
12456static void
12457ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12458{
12459	union ctl_io *io;
12460	uint32_t i;
12461
12462	io = rq->context;
12463
12464	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12465		printf("%s: ISC DMA write failed with error %d", __func__,
12466		       rq->ret);
12467		ctl_set_internal_failure(&io->scsiio,
12468					 /*sks_valid*/ 1,
12469					 /*retry_count*/ rq->ret);
12470	}
12471
12472	ctl_dt_req_free(rq);
12473
12474	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12475		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12476	free(io->io_hdr.remote_sglist, M_CTL);
12477	io->io_hdr.remote_sglist = NULL;
12478	io->io_hdr.local_sglist = NULL;
12479
12480	/*
12481	 * The data is in local and remote memory, so now we need to send
12482	 * status (good or back) back to the other side.
12483	 */
12484	ctl_send_datamove_done(io, /*have_lock*/ 0);
12485}
12486
12487/*
12488 * We've moved the data from the host/controller into local memory.  Now we
12489 * need to push it over to the remote controller's memory.
12490 */
12491static int
12492ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12493{
12494	int retval;
12495
12496	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12497					  ctl_datamove_remote_write_cb);
12498	return (retval);
12499}
12500
12501static void
12502ctl_datamove_remote_write(union ctl_io *io)
12503{
12504	int retval;
12505	void (*fe_datamove)(union ctl_io *io);
12506
12507	/*
12508	 * - Get the data from the host/HBA into local memory.
12509	 * - DMA memory from the local controller to the remote controller.
12510	 * - Send status back to the remote controller.
12511	 */
12512
12513	retval = ctl_datamove_remote_sgl_setup(io);
12514	if (retval != 0)
12515		return;
12516
12517	/* Switch the pointer over so the FETD knows what to do */
12518	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12519
12520	/*
12521	 * Use a custom move done callback, since we need to send completion
12522	 * back to the other controller, not to the backend on this side.
12523	 */
12524	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12525
12526	fe_datamove = CTL_PORT(io)->fe_datamove;
12527	fe_datamove(io);
12528}
12529
12530static int
12531ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12532{
12533#if 0
12534	char str[256];
12535	char path_str[64];
12536	struct sbuf sb;
12537#endif
12538	uint32_t i;
12539
12540	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12541		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12542	free(io->io_hdr.remote_sglist, M_CTL);
12543	io->io_hdr.remote_sglist = NULL;
12544	io->io_hdr.local_sglist = NULL;
12545
12546#if 0
12547	scsi_path_string(io, path_str, sizeof(path_str));
12548	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12549	sbuf_cat(&sb, path_str);
12550	scsi_command_string(&io->scsiio, NULL, &sb);
12551	sbuf_printf(&sb, "\n");
12552	sbuf_cat(&sb, path_str);
12553	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12554		    io->scsiio.tag_num, io->scsiio.tag_type);
12555	sbuf_cat(&sb, path_str);
12556	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12557		    io->io_hdr.flags, io->io_hdr.status);
12558	sbuf_finish(&sb);
12559	printk("%s", sbuf_data(&sb));
12560#endif
12561
12562
12563	/*
12564	 * The read is done, now we need to send status (good or bad) back
12565	 * to the other side.
12566	 */
12567	ctl_send_datamove_done(io, /*have_lock*/ 0);
12568
12569	return (0);
12570}
12571
12572static void
12573ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12574{
12575	union ctl_io *io;
12576	void (*fe_datamove)(union ctl_io *io);
12577
12578	io = rq->context;
12579
12580	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12581		printf("%s: ISC DMA read failed with error %d\n", __func__,
12582		       rq->ret);
12583		ctl_set_internal_failure(&io->scsiio,
12584					 /*sks_valid*/ 1,
12585					 /*retry_count*/ rq->ret);
12586	}
12587
12588	ctl_dt_req_free(rq);
12589
12590	/* Switch the pointer over so the FETD knows what to do */
12591	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12592
12593	/*
12594	 * Use a custom move done callback, since we need to send completion
12595	 * back to the other controller, not to the backend on this side.
12596	 */
12597	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12598
12599	/* XXX KDM add checks like the ones in ctl_datamove? */
12600
12601	fe_datamove = CTL_PORT(io)->fe_datamove;
12602	fe_datamove(io);
12603}
12604
12605static int
12606ctl_datamove_remote_sgl_setup(union ctl_io *io)
12607{
12608	struct ctl_sg_entry *local_sglist;
12609	uint32_t len_to_go;
12610	int retval;
12611	int i;
12612
12613	retval = 0;
12614	local_sglist = io->io_hdr.local_sglist;
12615	len_to_go = io->scsiio.kern_data_len;
12616
12617	/*
12618	 * The difficult thing here is that the size of the various
12619	 * S/G segments may be different than the size from the
12620	 * remote controller.  That'll make it harder when DMAing
12621	 * the data back to the other side.
12622	 */
12623	for (i = 0; len_to_go > 0; i++) {
12624		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12625		local_sglist[i].addr =
12626		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12627
12628		len_to_go -= local_sglist[i].len;
12629	}
12630	/*
12631	 * Reset the number of S/G entries accordingly.  The original
12632	 * number of S/G entries is available in rem_sg_entries.
12633	 */
12634	io->scsiio.kern_sg_entries = i;
12635
12636#if 0
12637	printf("%s: kern_sg_entries = %d\n", __func__,
12638	       io->scsiio.kern_sg_entries);
12639	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12640		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12641		       local_sglist[i].addr, local_sglist[i].len);
12642#endif
12643
12644	return (retval);
12645}
12646
12647static int
12648ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12649			 ctl_ha_dt_cb callback)
12650{
12651	struct ctl_ha_dt_req *rq;
12652	struct ctl_sg_entry *remote_sglist, *local_sglist;
12653	uint32_t local_used, remote_used, total_used;
12654	int i, j, isc_ret;
12655
12656	rq = ctl_dt_req_alloc();
12657
12658	/*
12659	 * If we failed to allocate the request, and if the DMA didn't fail
12660	 * anyway, set busy status.  This is just a resource allocation
12661	 * failure.
12662	 */
12663	if ((rq == NULL)
12664	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12665	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12666		ctl_set_busy(&io->scsiio);
12667
12668	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12669	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12670
12671		if (rq != NULL)
12672			ctl_dt_req_free(rq);
12673
12674		/*
12675		 * The data move failed.  We need to return status back
12676		 * to the other controller.  No point in trying to DMA
12677		 * data to the remote controller.
12678		 */
12679
12680		ctl_send_datamove_done(io, /*have_lock*/ 0);
12681
12682		return (1);
12683	}
12684
12685	local_sglist = io->io_hdr.local_sglist;
12686	remote_sglist = io->io_hdr.remote_sglist;
12687	local_used = 0;
12688	remote_used = 0;
12689	total_used = 0;
12690
12691	/*
12692	 * Pull/push the data over the wire from/to the other controller.
12693	 * This takes into account the possibility that the local and
12694	 * remote sglists may not be identical in terms of the size of
12695	 * the elements and the number of elements.
12696	 *
12697	 * One fundamental assumption here is that the length allocated for
12698	 * both the local and remote sglists is identical.  Otherwise, we've
12699	 * essentially got a coding error of some sort.
12700	 */
12701	isc_ret = CTL_HA_STATUS_SUCCESS;
12702	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12703		uint32_t cur_len;
12704		uint8_t *tmp_ptr;
12705
12706		rq->command = command;
12707		rq->context = io;
12708
12709		/*
12710		 * Both pointers should be aligned.  But it is possible
12711		 * that the allocation length is not.  They should both
12712		 * also have enough slack left over at the end, though,
12713		 * to round up to the next 8 byte boundary.
12714		 */
12715		cur_len = MIN(local_sglist[i].len - local_used,
12716			      remote_sglist[j].len - remote_used);
12717		rq->size = cur_len;
12718
12719		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12720		tmp_ptr += local_used;
12721
12722#if 0
12723		/* Use physical addresses when talking to ISC hardware */
12724		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12725			/* XXX KDM use busdma */
12726			rq->local = vtophys(tmp_ptr);
12727		} else
12728			rq->local = tmp_ptr;
12729#else
12730		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12731		    ("HA does not support BUS_ADDR"));
12732		rq->local = tmp_ptr;
12733#endif
12734
12735		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12736		tmp_ptr += remote_used;
12737		rq->remote = tmp_ptr;
12738
12739		rq->callback = NULL;
12740
12741		local_used += cur_len;
12742		if (local_used >= local_sglist[i].len) {
12743			i++;
12744			local_used = 0;
12745		}
12746
12747		remote_used += cur_len;
12748		if (remote_used >= remote_sglist[j].len) {
12749			j++;
12750			remote_used = 0;
12751		}
12752		total_used += cur_len;
12753
12754		if (total_used >= io->scsiio.kern_data_len)
12755			rq->callback = callback;
12756
12757#if 0
12758		printf("%s: %s: local %p remote %p size %d\n", __func__,
12759		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12760		       rq->local, rq->remote, rq->size);
12761#endif
12762
12763		isc_ret = ctl_dt_single(rq);
12764		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12765			break;
12766	}
12767	if (isc_ret != CTL_HA_STATUS_WAIT) {
12768		rq->ret = isc_ret;
12769		callback(rq);
12770	}
12771
12772	return (0);
12773}
12774
12775static void
12776ctl_datamove_remote_read(union ctl_io *io)
12777{
12778	int retval;
12779	uint32_t i;
12780
12781	/*
12782	 * This will send an error to the other controller in the case of a
12783	 * failure.
12784	 */
12785	retval = ctl_datamove_remote_sgl_setup(io);
12786	if (retval != 0)
12787		return;
12788
12789	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12790					  ctl_datamove_remote_read_cb);
12791	if (retval != 0) {
12792		/*
12793		 * Make sure we free memory if there was an error..  The
12794		 * ctl_datamove_remote_xfer() function will send the
12795		 * datamove done message, or call the callback with an
12796		 * error if there is a problem.
12797		 */
12798		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12799			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12800		free(io->io_hdr.remote_sglist, M_CTL);
12801		io->io_hdr.remote_sglist = NULL;
12802		io->io_hdr.local_sglist = NULL;
12803	}
12804}
12805
12806/*
12807 * Process a datamove request from the other controller.  This is used for
12808 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12809 * first.  Once that is complete, the data gets DMAed into the remote
12810 * controller's memory.  For reads, we DMA from the remote controller's
12811 * memory into our memory first, and then move it out to the FETD.
12812 */
12813static void
12814ctl_datamove_remote(union ctl_io *io)
12815{
12816
12817	mtx_assert(&((struct ctl_softc *)CTL_SOFTC(io))->ctl_lock, MA_NOTOWNED);
12818
12819	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12820		ctl_failover_io(io, /*have_lock*/ 0);
12821		return;
12822	}
12823
12824	/*
12825	 * Note that we look for an aborted I/O here, but don't do some of
12826	 * the other checks that ctl_datamove() normally does.
12827	 * We don't need to run the datamove delay code, since that should
12828	 * have been done if need be on the other controller.
12829	 */
12830	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12831		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12832		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12833		       io->io_hdr.nexus.targ_port,
12834		       io->io_hdr.nexus.targ_lun);
12835		io->io_hdr.port_status = 31338;
12836		ctl_send_datamove_done(io, /*have_lock*/ 0);
12837		return;
12838	}
12839
12840	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12841		ctl_datamove_remote_write(io);
12842	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12843		ctl_datamove_remote_read(io);
12844	else {
12845		io->io_hdr.port_status = 31339;
12846		ctl_send_datamove_done(io, /*have_lock*/ 0);
12847	}
12848}
12849
12850static void
12851ctl_process_done(union ctl_io *io)
12852{
12853	struct ctl_softc *softc = CTL_SOFTC(io);
12854	struct ctl_port *port = CTL_PORT(io);
12855	struct ctl_lun *lun = CTL_LUN(io);
12856	void (*fe_done)(union ctl_io *io);
12857	union ctl_ha_msg msg;
12858
12859	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12860	fe_done = port->fe_done;
12861
12862#ifdef CTL_TIME_IO
12863	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12864		char str[256];
12865		char path_str[64];
12866		struct sbuf sb;
12867
12868		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12869		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12870
12871		sbuf_cat(&sb, path_str);
12872		switch (io->io_hdr.io_type) {
12873		case CTL_IO_SCSI:
12874			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12875			sbuf_printf(&sb, "\n");
12876			sbuf_cat(&sb, path_str);
12877			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12878				    io->scsiio.tag_num, io->scsiio.tag_type);
12879			break;
12880		case CTL_IO_TASK:
12881			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12882				    "Tag Type: %d\n", io->taskio.task_action,
12883				    io->taskio.tag_num, io->taskio.tag_type);
12884			break;
12885		default:
12886			panic("%s: Invalid CTL I/O type %d\n",
12887			    __func__, io->io_hdr.io_type);
12888		}
12889		sbuf_cat(&sb, path_str);
12890		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12891			    (intmax_t)time_uptime - io->io_hdr.start_time);
12892		sbuf_finish(&sb);
12893		printf("%s", sbuf_data(&sb));
12894	}
12895#endif /* CTL_TIME_IO */
12896
12897	switch (io->io_hdr.io_type) {
12898	case CTL_IO_SCSI:
12899		break;
12900	case CTL_IO_TASK:
12901		if (ctl_debug & CTL_DEBUG_INFO)
12902			ctl_io_error_print(io, NULL);
12903		fe_done(io);
12904		return;
12905	default:
12906		panic("%s: Invalid CTL I/O type %d\n",
12907		    __func__, io->io_hdr.io_type);
12908	}
12909
12910	if (lun == NULL) {
12911		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12912				 io->io_hdr.nexus.targ_mapped_lun));
12913		goto bailout;
12914	}
12915
12916	mtx_lock(&lun->lun_lock);
12917
12918	/*
12919	 * Check to see if we have any informational exception and status
12920	 * of this command can be modified to report it in form of either
12921	 * RECOVERED ERROR or NO SENSE, depending on MRIE mode page field.
12922	 */
12923	if (lun->ie_reported == 0 && lun->ie_asc != 0 &&
12924	    io->io_hdr.status == CTL_SUCCESS &&
12925	    (io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0) {
12926		uint8_t mrie = lun->MODE_IE.mrie;
12927		uint8_t per = ((lun->MODE_RWER.byte3 & SMS_RWER_PER) ||
12928		    (lun->MODE_VER.byte3 & SMS_VER_PER));
12929		if (((mrie == SIEP_MRIE_REC_COND && per) ||
12930		     mrie == SIEP_MRIE_REC_UNCOND ||
12931		     mrie == SIEP_MRIE_NO_SENSE) &&
12932		    (ctl_get_cmd_entry(&io->scsiio, NULL)->flags &
12933		     CTL_CMD_FLAG_NO_SENSE) == 0) {
12934			ctl_set_sense(&io->scsiio,
12935			      /*current_error*/ 1,
12936			      /*sense_key*/ (mrie == SIEP_MRIE_NO_SENSE) ?
12937			        SSD_KEY_NO_SENSE : SSD_KEY_RECOVERED_ERROR,
12938			      /*asc*/ lun->ie_asc,
12939			      /*ascq*/ lun->ie_ascq,
12940			      SSD_ELEM_NONE);
12941			lun->ie_reported = 1;
12942		}
12943	} else if (lun->ie_reported < 0)
12944		lun->ie_reported = 0;
12945
12946	/*
12947	 * Check to see if we have any errors to inject here.  We only
12948	 * inject errors for commands that don't already have errors set.
12949	 */
12950	if (!STAILQ_EMPTY(&lun->error_list) &&
12951	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12952	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12953		ctl_inject_error(lun, io);
12954
12955	/*
12956	 * XXX KDM how do we treat commands that aren't completed
12957	 * successfully?
12958	 *
12959	 * XXX KDM should we also track I/O latency?
12960	 */
12961	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12962	    io->io_hdr.io_type == CTL_IO_SCSI) {
12963		int type;
12964#ifdef CTL_TIME_IO
12965		struct bintime bt;
12966
12967		getbinuptime(&bt);
12968		bintime_sub(&bt, &io->io_hdr.start_bt);
12969#endif
12970		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12971		    CTL_FLAG_DATA_IN)
12972			type = CTL_STATS_READ;
12973		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12974		    CTL_FLAG_DATA_OUT)
12975			type = CTL_STATS_WRITE;
12976		else
12977			type = CTL_STATS_NO_IO;
12978
12979#ifdef CTL_LEGACY_STATS
12980		uint32_t targ_port = port->targ_port;
12981		lun->legacy_stats.ports[targ_port].bytes[type] +=
12982		    io->scsiio.kern_total_len;
12983		lun->legacy_stats.ports[targ_port].operations[type] ++;
12984		lun->legacy_stats.ports[targ_port].num_dmas[type] +=
12985		    io->io_hdr.num_dmas;
12986#ifdef CTL_TIME_IO
12987		bintime_add(&lun->legacy_stats.ports[targ_port].dma_time[type],
12988		   &io->io_hdr.dma_bt);
12989		bintime_add(&lun->legacy_stats.ports[targ_port].time[type],
12990		    &bt);
12991#endif
12992#endif /* CTL_LEGACY_STATS */
12993
12994		lun->stats.bytes[type] += io->scsiio.kern_total_len;
12995		lun->stats.operations[type] ++;
12996		lun->stats.dmas[type] += io->io_hdr.num_dmas;
12997#ifdef CTL_TIME_IO
12998		bintime_add(&lun->stats.dma_time[type], &io->io_hdr.dma_bt);
12999		bintime_add(&lun->stats.time[type], &bt);
13000#endif
13001
13002		mtx_lock(&port->port_lock);
13003		port->stats.bytes[type] += io->scsiio.kern_total_len;
13004		port->stats.operations[type] ++;
13005		port->stats.dmas[type] += io->io_hdr.num_dmas;
13006#ifdef CTL_TIME_IO
13007		bintime_add(&port->stats.dma_time[type], &io->io_hdr.dma_bt);
13008		bintime_add(&port->stats.time[type], &bt);
13009#endif
13010		mtx_unlock(&port->port_lock);
13011	}
13012
13013	/*
13014	 * Remove this from the OOA queue.
13015	 */
13016	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13017#ifdef CTL_TIME_IO
13018	if (TAILQ_EMPTY(&lun->ooa_queue))
13019		lun->last_busy = getsbinuptime();
13020#endif
13021
13022	/*
13023	 * Run through the blocked queue on this LUN and see if anything
13024	 * has become unblocked, now that this transaction is done.
13025	 */
13026	ctl_check_blocked(lun);
13027
13028	/*
13029	 * If the LUN has been invalidated, free it if there is nothing
13030	 * left on its OOA queue.
13031	 */
13032	if ((lun->flags & CTL_LUN_INVALID)
13033	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13034		mtx_unlock(&lun->lun_lock);
13035		mtx_lock(&softc->ctl_lock);
13036		ctl_free_lun(lun);
13037		mtx_unlock(&softc->ctl_lock);
13038	} else
13039		mtx_unlock(&lun->lun_lock);
13040
13041bailout:
13042
13043	/*
13044	 * If this command has been aborted, make sure we set the status
13045	 * properly.  The FETD is responsible for freeing the I/O and doing
13046	 * whatever it needs to do to clean up its state.
13047	 */
13048	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13049		ctl_set_task_aborted(&io->scsiio);
13050
13051	/*
13052	 * If enabled, print command error status.
13053	 */
13054	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13055	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13056		ctl_io_error_print(io, NULL);
13057
13058	/*
13059	 * Tell the FETD or the other shelf controller we're done with this
13060	 * command.  Note that only SCSI commands get to this point.  Task
13061	 * management commands are completed above.
13062	 */
13063	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13064	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13065		memset(&msg, 0, sizeof(msg));
13066		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13067		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13068		msg.hdr.nexus = io->io_hdr.nexus;
13069		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13070		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13071		    M_WAITOK);
13072	}
13073
13074	fe_done(io);
13075}
13076
13077#ifdef CTL_WITH_CA
13078/*
13079 * Front end should call this if it doesn't do autosense.  When the request
13080 * sense comes back in from the initiator, we'll dequeue this and send it.
13081 */
13082int
13083ctl_queue_sense(union ctl_io *io)
13084{
13085	struct ctl_softc *softc = CTL_SOFTC(io);
13086	struct ctl_port *port = CTL_PORT(io);
13087	struct ctl_lun *lun;
13088	uint32_t initidx, targ_lun;
13089
13090	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13091
13092	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13093
13094	/*
13095	 * LUN lookup will likely move to the ctl_work_thread() once we
13096	 * have our new queueing infrastructure (that doesn't put things on
13097	 * a per-LUN queue initially).  That is so that we can handle
13098	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13099	 * can't deal with that right now.
13100	 * If we don't have a LUN for this, just toss the sense information.
13101	 */
13102	mtx_lock(&softc->ctl_lock);
13103	if (targ_lun >= CTL_MAX_LUNS ||
13104	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
13105		mtx_unlock(&softc->ctl_lock);
13106		goto bailout;
13107	}
13108	mtx_lock(&lun->lun_lock);
13109	mtx_unlock(&softc->ctl_lock);
13110
13111	/*
13112	 * Already have CA set for this LUN...toss the sense information.
13113	 */
13114	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13115	if (ctl_is_set(lun->have_ca, initidx)) {
13116		mtx_unlock(&lun->lun_lock);
13117		goto bailout;
13118	}
13119
13120	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13121	       MIN(sizeof(lun->pending_sense[initidx]),
13122	       sizeof(io->scsiio.sense_data)));
13123	ctl_set_mask(lun->have_ca, initidx);
13124	mtx_unlock(&lun->lun_lock);
13125
13126bailout:
13127	ctl_free_io(io);
13128	return (CTL_RETVAL_COMPLETE);
13129}
13130#endif
13131
13132/*
13133 * Primary command inlet from frontend ports.  All SCSI and task I/O
13134 * requests must go through this function.
13135 */
13136int
13137ctl_queue(union ctl_io *io)
13138{
13139	struct ctl_port *port = CTL_PORT(io);
13140
13141	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13142
13143#ifdef CTL_TIME_IO
13144	io->io_hdr.start_time = time_uptime;
13145	getbinuptime(&io->io_hdr.start_bt);
13146#endif /* CTL_TIME_IO */
13147
13148	/* Map FE-specific LUN ID into global one. */
13149	io->io_hdr.nexus.targ_mapped_lun =
13150	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13151
13152	switch (io->io_hdr.io_type) {
13153	case CTL_IO_SCSI:
13154	case CTL_IO_TASK:
13155		if (ctl_debug & CTL_DEBUG_CDB)
13156			ctl_io_print(io);
13157		ctl_enqueue_incoming(io);
13158		break;
13159	default:
13160		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13161		return (EINVAL);
13162	}
13163
13164	return (CTL_RETVAL_COMPLETE);
13165}
13166
13167#ifdef CTL_IO_DELAY
13168static void
13169ctl_done_timer_wakeup(void *arg)
13170{
13171	union ctl_io *io;
13172
13173	io = (union ctl_io *)arg;
13174	ctl_done(io);
13175}
13176#endif /* CTL_IO_DELAY */
13177
13178void
13179ctl_serseq_done(union ctl_io *io)
13180{
13181	struct ctl_lun *lun = CTL_LUN(io);;
13182
13183	if (lun->be_lun == NULL ||
13184	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13185		return;
13186	mtx_lock(&lun->lun_lock);
13187	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13188	ctl_check_blocked(lun);
13189	mtx_unlock(&lun->lun_lock);
13190}
13191
13192void
13193ctl_done(union ctl_io *io)
13194{
13195
13196	/*
13197	 * Enable this to catch duplicate completion issues.
13198	 */
13199#if 0
13200	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13201		printf("%s: type %d msg %d cdb %x iptl: "
13202		       "%u:%u:%u tag 0x%04x "
13203		       "flag %#x status %x\n",
13204			__func__,
13205			io->io_hdr.io_type,
13206			io->io_hdr.msg_type,
13207			io->scsiio.cdb[0],
13208			io->io_hdr.nexus.initid,
13209			io->io_hdr.nexus.targ_port,
13210			io->io_hdr.nexus.targ_lun,
13211			(io->io_hdr.io_type ==
13212			CTL_IO_TASK) ?
13213			io->taskio.tag_num :
13214			io->scsiio.tag_num,
13215		        io->io_hdr.flags,
13216			io->io_hdr.status);
13217	} else
13218		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13219#endif
13220
13221	/*
13222	 * This is an internal copy of an I/O, and should not go through
13223	 * the normal done processing logic.
13224	 */
13225	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13226		return;
13227
13228#ifdef CTL_IO_DELAY
13229	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13230		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13231	} else {
13232		struct ctl_lun *lun = CTL_LUN(io);
13233
13234		if ((lun != NULL)
13235		 && (lun->delay_info.done_delay > 0)) {
13236
13237			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13238			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13239			callout_reset(&io->io_hdr.delay_callout,
13240				      lun->delay_info.done_delay * hz,
13241				      ctl_done_timer_wakeup, io);
13242			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13243				lun->delay_info.done_delay = 0;
13244			return;
13245		}
13246	}
13247#endif /* CTL_IO_DELAY */
13248
13249	ctl_enqueue_done(io);
13250}
13251
13252static void
13253ctl_work_thread(void *arg)
13254{
13255	struct ctl_thread *thr = (struct ctl_thread *)arg;
13256	struct ctl_softc *softc = thr->ctl_softc;
13257	union ctl_io *io;
13258	int retval;
13259
13260	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13261
13262	for (;;) {
13263		/*
13264		 * We handle the queues in this order:
13265		 * - ISC
13266		 * - done queue (to free up resources, unblock other commands)
13267		 * - RtR queue
13268		 * - incoming queue
13269		 *
13270		 * If those queues are empty, we break out of the loop and
13271		 * go to sleep.
13272		 */
13273		mtx_lock(&thr->queue_lock);
13274		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13275		if (io != NULL) {
13276			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13277			mtx_unlock(&thr->queue_lock);
13278			ctl_handle_isc(io);
13279			continue;
13280		}
13281		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13282		if (io != NULL) {
13283			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13284			/* clear any blocked commands, call fe_done */
13285			mtx_unlock(&thr->queue_lock);
13286			ctl_process_done(io);
13287			continue;
13288		}
13289		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13290		if (io != NULL) {
13291			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13292			mtx_unlock(&thr->queue_lock);
13293			if (io->io_hdr.io_type == CTL_IO_TASK)
13294				ctl_run_task(io);
13295			else
13296				ctl_scsiio_precheck(softc, &io->scsiio);
13297			continue;
13298		}
13299		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13300		if (io != NULL) {
13301			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13302			mtx_unlock(&thr->queue_lock);
13303			retval = ctl_scsiio(&io->scsiio);
13304			if (retval != CTL_RETVAL_COMPLETE)
13305				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13306			continue;
13307		}
13308
13309		/* Sleep until we have something to do. */
13310		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13311	}
13312}
13313
13314static void
13315ctl_lun_thread(void *arg)
13316{
13317	struct ctl_softc *softc = (struct ctl_softc *)arg;
13318	struct ctl_be_lun *be_lun;
13319
13320	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13321
13322	for (;;) {
13323		mtx_lock(&softc->ctl_lock);
13324		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13325		if (be_lun != NULL) {
13326			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13327			mtx_unlock(&softc->ctl_lock);
13328			ctl_create_lun(be_lun);
13329			continue;
13330		}
13331
13332		/* Sleep until we have something to do. */
13333		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13334		    PDROP | PRIBIO, "-", 0);
13335	}
13336}
13337
13338static void
13339ctl_thresh_thread(void *arg)
13340{
13341	struct ctl_softc *softc = (struct ctl_softc *)arg;
13342	struct ctl_lun *lun;
13343	struct ctl_logical_block_provisioning_page *page;
13344	const char *attr;
13345	union ctl_ha_msg msg;
13346	uint64_t thres, val;
13347	int i, e, set;
13348
13349	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13350
13351	for (;;) {
13352		mtx_lock(&softc->ctl_lock);
13353		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13354			if ((lun->flags & CTL_LUN_DISABLED) ||
13355			    (lun->flags & CTL_LUN_NO_MEDIA) ||
13356			    lun->backend->lun_attr == NULL)
13357				continue;
13358			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13359			    softc->ha_mode == CTL_HA_MODE_XFER)
13360				continue;
13361			if ((lun->MODE_RWER.byte8 & SMS_RWER_LBPERE) == 0)
13362				continue;
13363			e = 0;
13364			page = &lun->MODE_LBP;
13365			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13366				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13367					continue;
13368				thres = scsi_4btoul(page->descr[i].count);
13369				thres <<= CTL_LBP_EXPONENT;
13370				switch (page->descr[i].resource) {
13371				case 0x01:
13372					attr = "blocksavail";
13373					break;
13374				case 0x02:
13375					attr = "blocksused";
13376					break;
13377				case 0xf1:
13378					attr = "poolblocksavail";
13379					break;
13380				case 0xf2:
13381					attr = "poolblocksused";
13382					break;
13383				default:
13384					continue;
13385				}
13386				mtx_unlock(&softc->ctl_lock); // XXX
13387				val = lun->backend->lun_attr(
13388				    lun->be_lun->be_lun, attr);
13389				mtx_lock(&softc->ctl_lock);
13390				if (val == UINT64_MAX)
13391					continue;
13392				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13393				    == SLBPPD_ARMING_INC)
13394					e = (val >= thres);
13395				else
13396					e = (val <= thres);
13397				if (e)
13398					break;
13399			}
13400			mtx_lock(&lun->lun_lock);
13401			if (e) {
13402				scsi_u64to8b((uint8_t *)&page->descr[i] -
13403				    (uint8_t *)page, lun->ua_tpt_info);
13404				if (lun->lasttpt == 0 ||
13405				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13406					lun->lasttpt = time_uptime;
13407					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13408					set = 1;
13409				} else
13410					set = 0;
13411			} else {
13412				lun->lasttpt = 0;
13413				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13414				set = -1;
13415			}
13416			mtx_unlock(&lun->lun_lock);
13417			if (set != 0 &&
13418			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13419				/* Send msg to other side. */
13420				bzero(&msg.ua, sizeof(msg.ua));
13421				msg.hdr.msg_type = CTL_MSG_UA;
13422				msg.hdr.nexus.initid = -1;
13423				msg.hdr.nexus.targ_port = -1;
13424				msg.hdr.nexus.targ_lun = lun->lun;
13425				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13426				msg.ua.ua_all = 1;
13427				msg.ua.ua_set = (set > 0);
13428				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13429				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13430				mtx_unlock(&softc->ctl_lock); // XXX
13431				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13432				    sizeof(msg.ua), M_WAITOK);
13433				mtx_lock(&softc->ctl_lock);
13434			}
13435		}
13436		mtx_unlock(&softc->ctl_lock);
13437		pause("-", CTL_LBP_PERIOD * hz);
13438	}
13439}
13440
13441static void
13442ctl_enqueue_incoming(union ctl_io *io)
13443{
13444	struct ctl_softc *softc = CTL_SOFTC(io);
13445	struct ctl_thread *thr;
13446	u_int idx;
13447
13448	idx = (io->io_hdr.nexus.targ_port * 127 +
13449	       io->io_hdr.nexus.initid) % worker_threads;
13450	thr = &softc->threads[idx];
13451	mtx_lock(&thr->queue_lock);
13452	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13453	mtx_unlock(&thr->queue_lock);
13454	wakeup(thr);
13455}
13456
13457static void
13458ctl_enqueue_rtr(union ctl_io *io)
13459{
13460	struct ctl_softc *softc = CTL_SOFTC(io);
13461	struct ctl_thread *thr;
13462
13463	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13464	mtx_lock(&thr->queue_lock);
13465	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13466	mtx_unlock(&thr->queue_lock);
13467	wakeup(thr);
13468}
13469
13470static void
13471ctl_enqueue_done(union ctl_io *io)
13472{
13473	struct ctl_softc *softc = CTL_SOFTC(io);
13474	struct ctl_thread *thr;
13475
13476	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13477	mtx_lock(&thr->queue_lock);
13478	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13479	mtx_unlock(&thr->queue_lock);
13480	wakeup(thr);
13481}
13482
13483static void
13484ctl_enqueue_isc(union ctl_io *io)
13485{
13486	struct ctl_softc *softc = CTL_SOFTC(io);
13487	struct ctl_thread *thr;
13488
13489	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13490	mtx_lock(&thr->queue_lock);
13491	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13492	mtx_unlock(&thr->queue_lock);
13493	wakeup(thr);
13494}
13495
13496/*
13497 *  vim: ts=8
13498 */
13499