xref: /freebsd/sys/cam/ctl/ctl.c (revision 100e2a06e24307b89188b4363280136e30044cea) 
1 /*-
2  * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3  * Copyright (c) 2012 The FreeBSD Foundation
4  * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5  * All rights reserved.
6  *
7  * Portions of this software were developed by Edward Tomasz Napierala
8  * under sponsorship from the FreeBSD Foundation.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions, and the following disclaimer,
15  *    without modification.
16  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17  *    substantially similar to the "NO WARRANTY" disclaimer below
18  *    ("Disclaimer") and any redistribution must be conditioned upon
19  *    including a substantially similar Disclaimer requirement for further
20  *    binary redistribution.
21  *
22  * NO WARRANTY
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33  * POSSIBILITY OF SUCH DAMAGES.
34  *
35  * $Id$
36  */
37 /*
38  * CAM Target Layer, a SCSI device emulation subsystem.
39  *
40  * Author: Ken Merry <ken@FreeBSD.org>
41  */
42 
43 #define _CTL_C
44 
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
47 
48 #include <sys/param.h>
49 #include <sys/systm.h>
50 #include <sys/ctype.h>
51 #include <sys/kernel.h>
52 #include <sys/types.h>
53 #include <sys/kthread.h>
54 #include <sys/bio.h>
55 #include <sys/fcntl.h>
56 #include <sys/lock.h>
57 #include <sys/module.h>
58 #include <sys/mutex.h>
59 #include <sys/condvar.h>
60 #include <sys/malloc.h>
61 #include <sys/conf.h>
62 #include <sys/ioccom.h>
63 #include <sys/queue.h>
64 #include <sys/sbuf.h>
65 #include <sys/smp.h>
66 #include <sys/endian.h>
67 #include <sys/sysctl.h>
68 #include <vm/uma.h>
69 
70 #include <cam/cam.h>
71 #include <cam/scsi/scsi_all.h>
72 #include <cam/scsi/scsi_da.h>
73 #include <cam/ctl/ctl_io.h>
74 #include <cam/ctl/ctl.h>
75 #include <cam/ctl/ctl_frontend.h>
76 #include <cam/ctl/ctl_util.h>
77 #include <cam/ctl/ctl_backend.h>
78 #include <cam/ctl/ctl_ioctl.h>
79 #include <cam/ctl/ctl_ha.h>
80 #include <cam/ctl/ctl_private.h>
81 #include <cam/ctl/ctl_debug.h>
82 #include <cam/ctl/ctl_scsi_all.h>
83 #include <cam/ctl/ctl_error.h>
84 
85 struct ctl_softc *control_softc = NULL;
86 
87 /*
88  * Template mode pages.
89  */
90 
91 /*
92  * Note that these are default values only.  The actual values will be
93  * filled in when the user does a mode sense.
94  */
95 const static struct copan_debugconf_subpage debugconf_page_default = {
96 	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97 	DBGCNF_SUBPAGE_CODE,		/* subpage */
98 	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99 	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100 	DBGCNF_VERSION,			/* page_version */
101 	{CTL_TIME_IO_DEFAULT_SECS>>8,
102 	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103 };
104 
105 const static struct copan_debugconf_subpage debugconf_page_changeable = {
106 	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107 	DBGCNF_SUBPAGE_CODE,		/* subpage */
108 	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109 	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110 	0,				/* page_version */
111 	{0xff,0xff},			/* ctl_time_io_secs */
112 };
113 
114 const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115 	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116 	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117 	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118 	/*read_retry_count*/0,
119 	/*correction_span*/0,
120 	/*head_offset_count*/0,
121 	/*data_strobe_offset_cnt*/0,
122 	/*byte8*/SMS_RWER_LBPERE,
123 	/*write_retry_count*/0,
124 	/*reserved2*/0,
125 	/*recovery_time_limit*/{0, 0},
126 };
127 
128 const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129 	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130 	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131 	/*byte3*/0,
132 	/*read_retry_count*/0,
133 	/*correction_span*/0,
134 	/*head_offset_count*/0,
135 	/*data_strobe_offset_cnt*/0,
136 	/*byte8*/0,
137 	/*write_retry_count*/0,
138 	/*reserved2*/0,
139 	/*recovery_time_limit*/{0, 0},
140 };
141 
142 const static struct scsi_format_page format_page_default = {
143 	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144 	/*page_length*/sizeof(struct scsi_format_page) - 2,
145 	/*tracks_per_zone*/ {0, 0},
146 	/*alt_sectors_per_zone*/ {0, 0},
147 	/*alt_tracks_per_zone*/ {0, 0},
148 	/*alt_tracks_per_lun*/ {0, 0},
149 	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150 			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151 	/*bytes_per_sector*/ {0, 0},
152 	/*interleave*/ {0, 0},
153 	/*track_skew*/ {0, 0},
154 	/*cylinder_skew*/ {0, 0},
155 	/*flags*/ SFP_HSEC,
156 	/*reserved*/ {0, 0, 0}
157 };
158 
159 const static struct scsi_format_page format_page_changeable = {
160 	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161 	/*page_length*/sizeof(struct scsi_format_page) - 2,
162 	/*tracks_per_zone*/ {0, 0},
163 	/*alt_sectors_per_zone*/ {0, 0},
164 	/*alt_tracks_per_zone*/ {0, 0},
165 	/*alt_tracks_per_lun*/ {0, 0},
166 	/*sectors_per_track*/ {0, 0},
167 	/*bytes_per_sector*/ {0, 0},
168 	/*interleave*/ {0, 0},
169 	/*track_skew*/ {0, 0},
170 	/*cylinder_skew*/ {0, 0},
171 	/*flags*/ 0,
172 	/*reserved*/ {0, 0, 0}
173 };
174 
175 const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176 	/*page_code*/SMS_RIGID_DISK_PAGE,
177 	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178 	/*cylinders*/ {0, 0, 0},
179 	/*heads*/ CTL_DEFAULT_HEADS,
180 	/*start_write_precomp*/ {0, 0, 0},
181 	/*start_reduced_current*/ {0, 0, 0},
182 	/*step_rate*/ {0, 0},
183 	/*landing_zone_cylinder*/ {0, 0, 0},
184 	/*rpl*/ SRDP_RPL_DISABLED,
185 	/*rotational_offset*/ 0,
186 	/*reserved1*/ 0,
187 	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188 			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189 	/*reserved2*/ {0, 0}
190 };
191 
192 const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193 	/*page_code*/SMS_RIGID_DISK_PAGE,
194 	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195 	/*cylinders*/ {0, 0, 0},
196 	/*heads*/ 0,
197 	/*start_write_precomp*/ {0, 0, 0},
198 	/*start_reduced_current*/ {0, 0, 0},
199 	/*step_rate*/ {0, 0},
200 	/*landing_zone_cylinder*/ {0, 0, 0},
201 	/*rpl*/ 0,
202 	/*rotational_offset*/ 0,
203 	/*reserved1*/ 0,
204 	/*rotation_rate*/ {0, 0},
205 	/*reserved2*/ {0, 0}
206 };
207 
208 const static struct scsi_caching_page caching_page_default = {
209 	/*page_code*/SMS_CACHING_PAGE,
210 	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211 	/*flags1*/ SCP_DISC | SCP_WCE,
212 	/*ret_priority*/ 0,
213 	/*disable_pf_transfer_len*/ {0xff, 0xff},
214 	/*min_prefetch*/ {0, 0},
215 	/*max_prefetch*/ {0xff, 0xff},
216 	/*max_pf_ceiling*/ {0xff, 0xff},
217 	/*flags2*/ 0,
218 	/*cache_segments*/ 0,
219 	/*cache_seg_size*/ {0, 0},
220 	/*reserved*/ 0,
221 	/*non_cache_seg_size*/ {0, 0, 0}
222 };
223 
224 const static struct scsi_caching_page caching_page_changeable = {
225 	/*page_code*/SMS_CACHING_PAGE,
226 	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227 	/*flags1*/ SCP_WCE | SCP_RCD,
228 	/*ret_priority*/ 0,
229 	/*disable_pf_transfer_len*/ {0, 0},
230 	/*min_prefetch*/ {0, 0},
231 	/*max_prefetch*/ {0, 0},
232 	/*max_pf_ceiling*/ {0, 0},
233 	/*flags2*/ 0,
234 	/*cache_segments*/ 0,
235 	/*cache_seg_size*/ {0, 0},
236 	/*reserved*/ 0,
237 	/*non_cache_seg_size*/ {0, 0, 0}
238 };
239 
240 const static struct scsi_control_page control_page_default = {
241 	/*page_code*/SMS_CONTROL_MODE_PAGE,
242 	/*page_length*/sizeof(struct scsi_control_page) - 2,
243 	/*rlec*/0,
244 	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245 	/*eca_and_aen*/0,
246 	/*flags4*/SCP_TAS,
247 	/*aen_holdoff_period*/{0, 0},
248 	/*busy_timeout_period*/{0, 0},
249 	/*extended_selftest_completion_time*/{0, 0}
250 };
251 
252 const static struct scsi_control_page control_page_changeable = {
253 	/*page_code*/SMS_CONTROL_MODE_PAGE,
254 	/*page_length*/sizeof(struct scsi_control_page) - 2,
255 	/*rlec*/SCP_DSENSE,
256 	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257 	/*eca_and_aen*/SCP_SWP,
258 	/*flags4*/0,
259 	/*aen_holdoff_period*/{0, 0},
260 	/*busy_timeout_period*/{0, 0},
261 	/*extended_selftest_completion_time*/{0, 0}
262 };
263 
264 #define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265 
266 const static struct scsi_control_ext_page control_ext_page_default = {
267 	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268 	/*subpage_code*/0x01,
269 	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270 	/*flags*/0,
271 	/*prio*/0,
272 	/*max_sense*/0
273 };
274 
275 const static struct scsi_control_ext_page control_ext_page_changeable = {
276 	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277 	/*subpage_code*/0x01,
278 	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279 	/*flags*/0,
280 	/*prio*/0,
281 	/*max_sense*/0
282 };
283 
284 const static struct scsi_info_exceptions_page ie_page_default = {
285 	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286 	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287 	/*info_flags*/SIEP_FLAGS_DEXCPT,
288 	/*mrie*/0,
289 	/*interval_timer*/{0, 0, 0, 0},
290 	/*report_count*/{0, 0, 0, 0}
291 };
292 
293 const static struct scsi_info_exceptions_page ie_page_changeable = {
294 	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295 	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296 	/*info_flags*/0,
297 	/*mrie*/0,
298 	/*interval_timer*/{0, 0, 0, 0},
299 	/*report_count*/{0, 0, 0, 0}
300 };
301 
302 #define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
303 
304 const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
305 	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
306 	/*subpage_code*/0x02,
307 	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
308 	/*flags*/0,
309 	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310 	/*descr*/{}},
311 	{{/*flags*/0,
312 	  /*resource*/0x01,
313 	  /*reserved*/{0, 0},
314 	  /*count*/{0, 0, 0, 0}},
315 	 {/*flags*/0,
316 	  /*resource*/0x02,
317 	  /*reserved*/{0, 0},
318 	  /*count*/{0, 0, 0, 0}},
319 	 {/*flags*/0,
320 	  /*resource*/0xf1,
321 	  /*reserved*/{0, 0},
322 	  /*count*/{0, 0, 0, 0}},
323 	 {/*flags*/0,
324 	  /*resource*/0xf2,
325 	  /*reserved*/{0, 0},
326 	  /*count*/{0, 0, 0, 0}}
327 	}
328 };
329 
330 const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
331 	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
332 	/*subpage_code*/0x02,
333 	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
334 	/*flags*/0,
335 	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
336 	/*descr*/{}},
337 	{{/*flags*/0,
338 	  /*resource*/0,
339 	  /*reserved*/{0, 0},
340 	  /*count*/{0, 0, 0, 0}},
341 	 {/*flags*/0,
342 	  /*resource*/0,
343 	  /*reserved*/{0, 0},
344 	  /*count*/{0, 0, 0, 0}},
345 	 {/*flags*/0,
346 	  /*resource*/0,
347 	  /*reserved*/{0, 0},
348 	  /*count*/{0, 0, 0, 0}},
349 	 {/*flags*/0,
350 	  /*resource*/0,
351 	  /*reserved*/{0, 0},
352 	  /*count*/{0, 0, 0, 0}}
353 	}
354 };
355 
356 SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
357 static int worker_threads = -1;
358 SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
359     &worker_threads, 1, "Number of worker threads");
360 static int ctl_debug = CTL_DEBUG_NONE;
361 SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
362     &ctl_debug, 0, "Enabled debug flags");
363 
364 /*
365  * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
366  * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
367  * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
368  * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
369  */
370 #define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
371 
372 static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
373 				  int param);
374 static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
375 static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
376 static int ctl_init(void);
377 void ctl_shutdown(void);
378 static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
379 static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
380 static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
381 static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
382 			      struct ctl_ooa *ooa_hdr,
383 			      struct ctl_ooa_entry *kern_entries);
384 static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
385 		     struct thread *td);
386 static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
387 			 struct ctl_be_lun *be_lun);
388 static int ctl_free_lun(struct ctl_lun *lun);
389 static void ctl_create_lun(struct ctl_be_lun *be_lun);
390 static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
391 
392 static int ctl_do_mode_select(union ctl_io *io);
393 static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
394 			   uint64_t res_key, uint64_t sa_res_key,
395 			   uint8_t type, uint32_t residx,
396 			   struct ctl_scsiio *ctsio,
397 			   struct scsi_per_res_out *cdb,
398 			   struct scsi_per_res_out_parms* param);
399 static void ctl_pro_preempt_other(struct ctl_lun *lun,
400 				  union ctl_ha_msg *msg);
401 static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
402 static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
403 static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
404 static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
405 static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
406 static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
407 static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
408 					 int alloc_len);
409 static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
410 					 int alloc_len);
411 static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
412 static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
413 static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
414 static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
415 static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
416 static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
417     bool seq);
418 static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
419 static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
420     union ctl_io *pending_io, union ctl_io *ooa_io);
421 static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
422 				union ctl_io *starting_io);
423 static int ctl_check_blocked(struct ctl_lun *lun);
424 static int ctl_scsiio_lun_check(struct ctl_lun *lun,
425 				const struct ctl_cmd_entry *entry,
426 				struct ctl_scsiio *ctsio);
427 static void ctl_failover_lun(union ctl_io *io);
428 static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
429 			       struct ctl_scsiio *ctsio);
430 static int ctl_scsiio(struct ctl_scsiio *ctsio);
431 
432 static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
433 static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
434 			    ctl_ua_type ua_type);
435 static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
436 			 ctl_ua_type ua_type);
437 static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
438 static int ctl_abort_task(union ctl_io *io);
439 static int ctl_abort_task_set(union ctl_io *io);
440 static int ctl_query_task(union ctl_io *io, int task_set);
441 static int ctl_i_t_nexus_reset(union ctl_io *io);
442 static int ctl_query_async_event(union ctl_io *io);
443 static void ctl_run_task(union ctl_io *io);
444 #ifdef CTL_IO_DELAY
445 static void ctl_datamove_timer_wakeup(void *arg);
446 static void ctl_done_timer_wakeup(void *arg);
447 #endif /* CTL_IO_DELAY */
448 
449 static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
450 static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
451 static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
452 static void ctl_datamove_remote_write(union ctl_io *io);
453 static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
454 static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
455 static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
456 static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
457 				    ctl_ha_dt_cb callback);
458 static void ctl_datamove_remote_read(union ctl_io *io);
459 static void ctl_datamove_remote(union ctl_io *io);
460 static void ctl_process_done(union ctl_io *io);
461 static void ctl_lun_thread(void *arg);
462 static void ctl_thresh_thread(void *arg);
463 static void ctl_work_thread(void *arg);
464 static void ctl_enqueue_incoming(union ctl_io *io);
465 static void ctl_enqueue_rtr(union ctl_io *io);
466 static void ctl_enqueue_done(union ctl_io *io);
467 static void ctl_enqueue_isc(union ctl_io *io);
468 static const struct ctl_cmd_entry *
469     ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
470 static const struct ctl_cmd_entry *
471     ctl_validate_command(struct ctl_scsiio *ctsio);
472 static int ctl_cmd_applicable(uint8_t lun_type,
473     const struct ctl_cmd_entry *entry);
474 
475 static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
476 static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
477 static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
478 static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
479 
480 /*
481  * Load the serialization table.  This isn't very pretty, but is probably
482  * the easiest way to do it.
483  */
484 #include "ctl_ser_table.c"
485 
486 /*
487  * We only need to define open, close and ioctl routines for this driver.
488  */
489 static struct cdevsw ctl_cdevsw = {
490 	.d_version =	D_VERSION,
491 	.d_flags =	0,
492 	.d_open =	ctl_open,
493 	.d_close =	ctl_close,
494 	.d_ioctl =	ctl_ioctl,
495 	.d_name =	"ctl",
496 };
497 
498 
499 MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
500 
501 static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
502 
503 static moduledata_t ctl_moduledata = {
504 	"ctl",
505 	ctl_module_event_handler,
506 	NULL
507 };
508 
509 DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
510 MODULE_VERSION(ctl, 1);
511 
512 static struct ctl_frontend ha_frontend =
513 {
514 	.name = "ha",
515 };
516 
517 static void
518 ctl_ha_datamove(union ctl_io *io)
519 {
520 	struct ctl_lun *lun;
521 	struct ctl_sg_entry *sgl;
522 	union ctl_ha_msg msg;
523 	uint32_t sg_entries_sent;
524 	int do_sg_copy, i, j;
525 
526 	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
527 	memset(&msg.dt, 0, sizeof(msg.dt));
528 	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
529 	msg.hdr.original_sc = io->io_hdr.original_sc;
530 	msg.hdr.serializing_sc = io;
531 	msg.hdr.nexus = io->io_hdr.nexus;
532 	msg.hdr.status = io->io_hdr.status;
533 	msg.dt.flags = io->io_hdr.flags;
534 
535 	/*
536 	 * We convert everything into a S/G list here.  We can't
537 	 * pass by reference, only by value between controllers.
538 	 * So we can't pass a pointer to the S/G list, only as many
539 	 * S/G entries as we can fit in here.  If it's possible for
540 	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
541 	 * then we need to break this up into multiple transfers.
542 	 */
543 	if (io->scsiio.kern_sg_entries == 0) {
544 		msg.dt.kern_sg_entries = 1;
545 #if 0
546 		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
547 			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
548 		} else {
549 			/* XXX KDM use busdma here! */
550 			msg.dt.sg_list[0].addr =
551 			    (void *)vtophys(io->scsiio.kern_data_ptr);
552 		}
553 #else
554 		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
555 		    ("HA does not support BUS_ADDR"));
556 		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
557 #endif
558 		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
559 		do_sg_copy = 0;
560 	} else {
561 		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
562 		do_sg_copy = 1;
563 	}
564 
565 	msg.dt.kern_data_len = io->scsiio.kern_data_len;
566 	msg.dt.kern_total_len = io->scsiio.kern_total_len;
567 	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
568 	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
569 	msg.dt.sg_sequence = 0;
570 
571 	/*
572 	 * Loop until we've sent all of the S/G entries.  On the
573 	 * other end, we'll recompose these S/G entries into one
574 	 * contiguous list before processing.
575 	 */
576 	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
577 	    msg.dt.sg_sequence++) {
578 		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
579 		    sizeof(msg.dt.sg_list[0])),
580 		    msg.dt.kern_sg_entries - sg_entries_sent);
581 		if (do_sg_copy != 0) {
582 			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
583 			for (i = sg_entries_sent, j = 0;
584 			     i < msg.dt.cur_sg_entries; i++, j++) {
585 #if 0
586 				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
587 					msg.dt.sg_list[j].addr = sgl[i].addr;
588 				} else {
589 					/* XXX KDM use busdma here! */
590 					msg.dt.sg_list[j].addr =
591 					    (void *)vtophys(sgl[i].addr);
592 				}
593 #else
594 				KASSERT((io->io_hdr.flags &
595 				    CTL_FLAG_BUS_ADDR) == 0,
596 				    ("HA does not support BUS_ADDR"));
597 				msg.dt.sg_list[j].addr = sgl[i].addr;
598 #endif
599 				msg.dt.sg_list[j].len = sgl[i].len;
600 			}
601 		}
602 
603 		sg_entries_sent += msg.dt.cur_sg_entries;
604 		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
605 		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
606 		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
607 		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
608 		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
609 			io->io_hdr.port_status = 31341;
610 			io->scsiio.be_move_done(io);
611 			return;
612 		}
613 		msg.dt.sent_sg_entries = sg_entries_sent;
614 	}
615 
616 	/*
617 	 * Officially handover the request from us to peer.
618 	 * If failover has just happened, then we must return error.
619 	 * If failover happen just after, then it is not our problem.
620 	 */
621 	if (lun)
622 		mtx_lock(&lun->lun_lock);
623 	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
624 		if (lun)
625 			mtx_unlock(&lun->lun_lock);
626 		io->io_hdr.port_status = 31342;
627 		io->scsiio.be_move_done(io);
628 		return;
629 	}
630 	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
631 	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
632 	if (lun)
633 		mtx_unlock(&lun->lun_lock);
634 }
635 
636 static void
637 ctl_ha_done(union ctl_io *io)
638 {
639 	union ctl_ha_msg msg;
640 
641 	if (io->io_hdr.io_type == CTL_IO_SCSI) {
642 		memset(&msg, 0, sizeof(msg));
643 		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
644 		msg.hdr.original_sc = io->io_hdr.original_sc;
645 		msg.hdr.nexus = io->io_hdr.nexus;
646 		msg.hdr.status = io->io_hdr.status;
647 		msg.scsi.scsi_status = io->scsiio.scsi_status;
648 		msg.scsi.tag_num = io->scsiio.tag_num;
649 		msg.scsi.tag_type = io->scsiio.tag_type;
650 		msg.scsi.sense_len = io->scsiio.sense_len;
651 		msg.scsi.sense_residual = io->scsiio.sense_residual;
652 		msg.scsi.residual = io->scsiio.residual;
653 		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
654 		    io->scsiio.sense_len);
655 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
656 		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
657 		    msg.scsi.sense_len, M_WAITOK);
658 	}
659 	ctl_free_io(io);
660 }
661 
662 static void
663 ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
664 			    union ctl_ha_msg *msg_info)
665 {
666 	struct ctl_scsiio *ctsio;
667 
668 	if (msg_info->hdr.original_sc == NULL) {
669 		printf("%s: original_sc == NULL!\n", __func__);
670 		/* XXX KDM now what? */
671 		return;
672 	}
673 
674 	ctsio = &msg_info->hdr.original_sc->scsiio;
675 	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
676 	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
677 	ctsio->io_hdr.status = msg_info->hdr.status;
678 	ctsio->scsi_status = msg_info->scsi.scsi_status;
679 	ctsio->sense_len = msg_info->scsi.sense_len;
680 	ctsio->sense_residual = msg_info->scsi.sense_residual;
681 	ctsio->residual = msg_info->scsi.residual;
682 	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
683 	       msg_info->scsi.sense_len);
684 	ctl_enqueue_isc((union ctl_io *)ctsio);
685 }
686 
687 static void
688 ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
689 				union ctl_ha_msg *msg_info)
690 {
691 	struct ctl_scsiio *ctsio;
692 
693 	if (msg_info->hdr.serializing_sc == NULL) {
694 		printf("%s: serializing_sc == NULL!\n", __func__);
695 		/* XXX KDM now what? */
696 		return;
697 	}
698 
699 	ctsio = &msg_info->hdr.serializing_sc->scsiio;
700 	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
701 	ctl_enqueue_isc((union ctl_io *)ctsio);
702 }
703 
704 void
705 ctl_isc_announce_lun(struct ctl_lun *lun)
706 {
707 	struct ctl_softc *softc = lun->ctl_softc;
708 	union ctl_ha_msg *msg;
709 	struct ctl_ha_msg_lun_pr_key pr_key;
710 	int i, k;
711 
712 	if (softc->ha_link != CTL_HA_LINK_ONLINE)
713 		return;
714 	mtx_lock(&lun->lun_lock);
715 	i = sizeof(msg->lun);
716 	if (lun->lun_devid)
717 		i += lun->lun_devid->len;
718 	i += sizeof(pr_key) * lun->pr_key_count;
719 alloc:
720 	mtx_unlock(&lun->lun_lock);
721 	msg = malloc(i, M_CTL, M_WAITOK);
722 	mtx_lock(&lun->lun_lock);
723 	k = sizeof(msg->lun);
724 	if (lun->lun_devid)
725 		k += lun->lun_devid->len;
726 	k += sizeof(pr_key) * lun->pr_key_count;
727 	if (i < k) {
728 		free(msg, M_CTL);
729 		i = k;
730 		goto alloc;
731 	}
732 	bzero(&msg->lun, sizeof(msg->lun));
733 	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
734 	msg->hdr.nexus.targ_lun = lun->lun;
735 	msg->hdr.nexus.targ_mapped_lun = lun->lun;
736 	msg->lun.flags = lun->flags;
737 	msg->lun.pr_generation = lun->PRGeneration;
738 	msg->lun.pr_res_idx = lun->pr_res_idx;
739 	msg->lun.pr_res_type = lun->res_type;
740 	msg->lun.pr_key_count = lun->pr_key_count;
741 	i = 0;
742 	if (lun->lun_devid) {
743 		msg->lun.lun_devid_len = lun->lun_devid->len;
744 		memcpy(&msg->lun.data[i], lun->lun_devid->data,
745 		    msg->lun.lun_devid_len);
746 		i += msg->lun.lun_devid_len;
747 	}
748 	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
749 		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
750 			continue;
751 		pr_key.pr_iid = k;
752 		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
753 		i += sizeof(pr_key);
754 	}
755 	mtx_unlock(&lun->lun_lock);
756 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
757 	    M_WAITOK);
758 	free(msg, M_CTL);
759 
760 	if (lun->flags & CTL_LUN_PRIMARY_SC) {
761 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
762 			ctl_isc_announce_mode(lun, -1,
763 			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
764 			    lun->mode_pages.index[i].subpage);
765 		}
766 	}
767 }
768 
769 void
770 ctl_isc_announce_port(struct ctl_port *port)
771 {
772 	struct ctl_softc *softc = port->ctl_softc;
773 	union ctl_ha_msg *msg;
774 	int i;
775 
776 	if (port->targ_port < softc->port_min ||
777 	    port->targ_port >= softc->port_max ||
778 	    softc->ha_link != CTL_HA_LINK_ONLINE)
779 		return;
780 	i = sizeof(msg->port) + strlen(port->port_name) + 1;
781 	if (port->lun_map)
782 		i += sizeof(uint32_t) * CTL_MAX_LUNS;
783 	if (port->port_devid)
784 		i += port->port_devid->len;
785 	if (port->target_devid)
786 		i += port->target_devid->len;
787 	if (port->init_devid)
788 		i += port->init_devid->len;
789 	msg = malloc(i, M_CTL, M_WAITOK);
790 	bzero(&msg->port, sizeof(msg->port));
791 	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
792 	msg->hdr.nexus.targ_port = port->targ_port;
793 	msg->port.port_type = port->port_type;
794 	msg->port.physical_port = port->physical_port;
795 	msg->port.virtual_port = port->virtual_port;
796 	msg->port.status = port->status;
797 	i = 0;
798 	msg->port.name_len = sprintf(&msg->port.data[i],
799 	    "%d:%s", softc->ha_id, port->port_name) + 1;
800 	i += msg->port.name_len;
801 	if (port->lun_map) {
802 		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
803 		memcpy(&msg->port.data[i], port->lun_map,
804 		    msg->port.lun_map_len);
805 		i += msg->port.lun_map_len;
806 	}
807 	if (port->port_devid) {
808 		msg->port.port_devid_len = port->port_devid->len;
809 		memcpy(&msg->port.data[i], port->port_devid->data,
810 		    msg->port.port_devid_len);
811 		i += msg->port.port_devid_len;
812 	}
813 	if (port->target_devid) {
814 		msg->port.target_devid_len = port->target_devid->len;
815 		memcpy(&msg->port.data[i], port->target_devid->data,
816 		    msg->port.target_devid_len);
817 		i += msg->port.target_devid_len;
818 	}
819 	if (port->init_devid) {
820 		msg->port.init_devid_len = port->init_devid->len;
821 		memcpy(&msg->port.data[i], port->init_devid->data,
822 		    msg->port.init_devid_len);
823 		i += msg->port.init_devid_len;
824 	}
825 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
826 	    M_WAITOK);
827 	free(msg, M_CTL);
828 }
829 
830 void
831 ctl_isc_announce_iid(struct ctl_port *port, int iid)
832 {
833 	struct ctl_softc *softc = port->ctl_softc;
834 	union ctl_ha_msg *msg;
835 	int i, l;
836 
837 	if (port->targ_port < softc->port_min ||
838 	    port->targ_port >= softc->port_max ||
839 	    softc->ha_link != CTL_HA_LINK_ONLINE)
840 		return;
841 	mtx_lock(&softc->ctl_lock);
842 	i = sizeof(msg->iid);
843 	l = 0;
844 	if (port->wwpn_iid[iid].name)
845 		l = strlen(port->wwpn_iid[iid].name) + 1;
846 	i += l;
847 	msg = malloc(i, M_CTL, M_NOWAIT);
848 	if (msg == NULL) {
849 		mtx_unlock(&softc->ctl_lock);
850 		return;
851 	}
852 	bzero(&msg->iid, sizeof(msg->iid));
853 	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
854 	msg->hdr.nexus.targ_port = port->targ_port;
855 	msg->hdr.nexus.initid = iid;
856 	msg->iid.in_use = port->wwpn_iid[iid].in_use;
857 	msg->iid.name_len = l;
858 	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
859 	if (port->wwpn_iid[iid].name)
860 		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
861 	mtx_unlock(&softc->ctl_lock);
862 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
863 	free(msg, M_CTL);
864 }
865 
866 void
867 ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
868     uint8_t page, uint8_t subpage)
869 {
870 	struct ctl_softc *softc = lun->ctl_softc;
871 	union ctl_ha_msg msg;
872 	int i;
873 
874 	if (softc->ha_link != CTL_HA_LINK_ONLINE)
875 		return;
876 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
877 		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
878 		    page && lun->mode_pages.index[i].subpage == subpage)
879 			break;
880 	}
881 	if (i == CTL_NUM_MODE_PAGES)
882 		return;
883 	bzero(&msg.mode, sizeof(msg.mode));
884 	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
885 	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
886 	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
887 	msg.hdr.nexus.targ_lun = lun->lun;
888 	msg.hdr.nexus.targ_mapped_lun = lun->lun;
889 	msg.mode.page_code = page;
890 	msg.mode.subpage = subpage;
891 	msg.mode.page_len = lun->mode_pages.index[i].page_len;
892 	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
893 	    msg.mode.page_len);
894 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
895 	    M_WAITOK);
896 }
897 
898 static void
899 ctl_isc_ha_link_up(struct ctl_softc *softc)
900 {
901 	struct ctl_port *port;
902 	struct ctl_lun *lun;
903 	union ctl_ha_msg msg;
904 	int i;
905 
906 	/* Announce this node parameters to peer for validation. */
907 	msg.login.msg_type = CTL_MSG_LOGIN;
908 	msg.login.version = CTL_HA_VERSION;
909 	msg.login.ha_mode = softc->ha_mode;
910 	msg.login.ha_id = softc->ha_id;
911 	msg.login.max_luns = CTL_MAX_LUNS;
912 	msg.login.max_ports = CTL_MAX_PORTS;
913 	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
914 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
915 	    M_WAITOK);
916 
917 	STAILQ_FOREACH(port, &softc->port_list, links) {
918 		ctl_isc_announce_port(port);
919 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
920 			if (port->wwpn_iid[i].in_use)
921 				ctl_isc_announce_iid(port, i);
922 		}
923 	}
924 	STAILQ_FOREACH(lun, &softc->lun_list, links)
925 		ctl_isc_announce_lun(lun);
926 }
927 
928 static void
929 ctl_isc_ha_link_down(struct ctl_softc *softc)
930 {
931 	struct ctl_port *port;
932 	struct ctl_lun *lun;
933 	union ctl_io *io;
934 	int i;
935 
936 	mtx_lock(&softc->ctl_lock);
937 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
938 		mtx_lock(&lun->lun_lock);
939 		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
940 			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
941 			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
942 		}
943 		mtx_unlock(&lun->lun_lock);
944 
945 		mtx_unlock(&softc->ctl_lock);
946 		io = ctl_alloc_io(softc->othersc_pool);
947 		mtx_lock(&softc->ctl_lock);
948 		ctl_zero_io(io);
949 		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
950 		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
951 		ctl_enqueue_isc(io);
952 	}
953 
954 	STAILQ_FOREACH(port, &softc->port_list, links) {
955 		if (port->targ_port >= softc->port_min &&
956 		    port->targ_port < softc->port_max)
957 			continue;
958 		port->status &= ~CTL_PORT_STATUS_ONLINE;
959 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
960 			port->wwpn_iid[i].in_use = 0;
961 			free(port->wwpn_iid[i].name, M_CTL);
962 			port->wwpn_iid[i].name = NULL;
963 		}
964 	}
965 	mtx_unlock(&softc->ctl_lock);
966 }
967 
968 static void
969 ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
970 {
971 	struct ctl_lun *lun;
972 	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
973 
974 	mtx_lock(&softc->ctl_lock);
975 	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
976 	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
977 		mtx_lock(&lun->lun_lock);
978 		mtx_unlock(&softc->ctl_lock);
979 		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
980 		    msg->ua.ua_set)
981 			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
982 		if (msg->ua.ua_all) {
983 			if (msg->ua.ua_set)
984 				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
985 			else
986 				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
987 		} else {
988 			if (msg->ua.ua_set)
989 				ctl_est_ua(lun, iid, msg->ua.ua_type);
990 			else
991 				ctl_clr_ua(lun, iid, msg->ua.ua_type);
992 		}
993 		mtx_unlock(&lun->lun_lock);
994 	} else
995 		mtx_unlock(&softc->ctl_lock);
996 }
997 
998 static void
999 ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1000 {
1001 	struct ctl_lun *lun;
1002 	struct ctl_ha_msg_lun_pr_key pr_key;
1003 	int i, k;
1004 	ctl_lun_flags oflags;
1005 	uint32_t targ_lun;
1006 
1007 	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1008 	mtx_lock(&softc->ctl_lock);
1009 	if ((targ_lun >= CTL_MAX_LUNS) ||
1010 	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1011 		mtx_unlock(&softc->ctl_lock);
1012 		return;
1013 	}
1014 	mtx_lock(&lun->lun_lock);
1015 	mtx_unlock(&softc->ctl_lock);
1016 	if (lun->flags & CTL_LUN_DISABLED) {
1017 		mtx_unlock(&lun->lun_lock);
1018 		return;
1019 	}
1020 	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1021 	if (msg->lun.lun_devid_len != i || (i > 0 &&
1022 	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1023 		mtx_unlock(&lun->lun_lock);
1024 		printf("%s: Received conflicting HA LUN %d\n",
1025 		    __func__, msg->hdr.nexus.targ_lun);
1026 		return;
1027 	} else {
1028 		/* Record whether peer is primary. */
1029 		oflags = lun->flags;
1030 		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1031 		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1032 			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1033 		else
1034 			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1035 		if (oflags != lun->flags)
1036 			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1037 
1038 		/* If peer is primary and we are not -- use data */
1039 		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1040 		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1041 			lun->PRGeneration = msg->lun.pr_generation;
1042 			lun->pr_res_idx = msg->lun.pr_res_idx;
1043 			lun->res_type = msg->lun.pr_res_type;
1044 			lun->pr_key_count = msg->lun.pr_key_count;
1045 			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1046 				ctl_clr_prkey(lun, k);
1047 			for (k = 0; k < msg->lun.pr_key_count; k++) {
1048 				memcpy(&pr_key, &msg->lun.data[i],
1049 				    sizeof(pr_key));
1050 				ctl_alloc_prkey(lun, pr_key.pr_iid);
1051 				ctl_set_prkey(lun, pr_key.pr_iid,
1052 				    pr_key.pr_key);
1053 				i += sizeof(pr_key);
1054 			}
1055 		}
1056 
1057 		mtx_unlock(&lun->lun_lock);
1058 		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1059 		    __func__, msg->hdr.nexus.targ_lun,
1060 		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1061 		    "primary" : "secondary"));
1062 
1063 		/* If we are primary but peer doesn't know -- notify */
1064 		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1065 		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1066 			ctl_isc_announce_lun(lun);
1067 	}
1068 }
1069 
1070 static void
1071 ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1072 {
1073 	struct ctl_port *port;
1074 	struct ctl_lun *lun;
1075 	int i, new;
1076 
1077 	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1078 	if (port == NULL) {
1079 		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1080 		    msg->hdr.nexus.targ_port));
1081 		new = 1;
1082 		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1083 		port->frontend = &ha_frontend;
1084 		port->targ_port = msg->hdr.nexus.targ_port;
1085 		port->fe_datamove = ctl_ha_datamove;
1086 		port->fe_done = ctl_ha_done;
1087 	} else if (port->frontend == &ha_frontend) {
1088 		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1089 		    msg->hdr.nexus.targ_port));
1090 		new = 0;
1091 	} else {
1092 		printf("%s: Received conflicting HA port %d\n",
1093 		    __func__, msg->hdr.nexus.targ_port);
1094 		return;
1095 	}
1096 	port->port_type = msg->port.port_type;
1097 	port->physical_port = msg->port.physical_port;
1098 	port->virtual_port = msg->port.virtual_port;
1099 	port->status = msg->port.status;
1100 	i = 0;
1101 	free(port->port_name, M_CTL);
1102 	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1103 	    M_CTL);
1104 	i += msg->port.name_len;
1105 	if (msg->port.lun_map_len != 0) {
1106 		if (port->lun_map == NULL)
1107 			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1108 			    M_CTL, M_WAITOK);
1109 		memcpy(port->lun_map, &msg->port.data[i],
1110 		    sizeof(uint32_t) * CTL_MAX_LUNS);
1111 		i += msg->port.lun_map_len;
1112 	} else {
1113 		free(port->lun_map, M_CTL);
1114 		port->lun_map = NULL;
1115 	}
1116 	if (msg->port.port_devid_len != 0) {
1117 		if (port->port_devid == NULL ||
1118 		    port->port_devid->len != msg->port.port_devid_len) {
1119 			free(port->port_devid, M_CTL);
1120 			port->port_devid = malloc(sizeof(struct ctl_devid) +
1121 			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1122 		}
1123 		memcpy(port->port_devid->data, &msg->port.data[i],
1124 		    msg->port.port_devid_len);
1125 		port->port_devid->len = msg->port.port_devid_len;
1126 		i += msg->port.port_devid_len;
1127 	} else {
1128 		free(port->port_devid, M_CTL);
1129 		port->port_devid = NULL;
1130 	}
1131 	if (msg->port.target_devid_len != 0) {
1132 		if (port->target_devid == NULL ||
1133 		    port->target_devid->len != msg->port.target_devid_len) {
1134 			free(port->target_devid, M_CTL);
1135 			port->target_devid = malloc(sizeof(struct ctl_devid) +
1136 			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1137 		}
1138 		memcpy(port->target_devid->data, &msg->port.data[i],
1139 		    msg->port.target_devid_len);
1140 		port->target_devid->len = msg->port.target_devid_len;
1141 		i += msg->port.target_devid_len;
1142 	} else {
1143 		free(port->target_devid, M_CTL);
1144 		port->target_devid = NULL;
1145 	}
1146 	if (msg->port.init_devid_len != 0) {
1147 		if (port->init_devid == NULL ||
1148 		    port->init_devid->len != msg->port.init_devid_len) {
1149 			free(port->init_devid, M_CTL);
1150 			port->init_devid = malloc(sizeof(struct ctl_devid) +
1151 			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1152 		}
1153 		memcpy(port->init_devid->data, &msg->port.data[i],
1154 		    msg->port.init_devid_len);
1155 		port->init_devid->len = msg->port.init_devid_len;
1156 		i += msg->port.init_devid_len;
1157 	} else {
1158 		free(port->init_devid, M_CTL);
1159 		port->init_devid = NULL;
1160 	}
1161 	if (new) {
1162 		if (ctl_port_register(port) != 0) {
1163 			printf("%s: ctl_port_register() failed with error\n",
1164 			    __func__);
1165 		}
1166 	}
1167 	mtx_lock(&softc->ctl_lock);
1168 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1169 		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1170 			continue;
1171 		mtx_lock(&lun->lun_lock);
1172 		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1173 		mtx_unlock(&lun->lun_lock);
1174 	}
1175 	mtx_unlock(&softc->ctl_lock);
1176 }
1177 
1178 static void
1179 ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1180 {
1181 	struct ctl_port *port;
1182 	int iid;
1183 
1184 	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1185 	if (port == NULL) {
1186 		printf("%s: Received IID for unknown port %d\n",
1187 		    __func__, msg->hdr.nexus.targ_port);
1188 		return;
1189 	}
1190 	iid = msg->hdr.nexus.initid;
1191 	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1192 	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1193 	free(port->wwpn_iid[iid].name, M_CTL);
1194 	if (msg->iid.name_len) {
1195 		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1196 		    msg->iid.name_len, M_CTL);
1197 	} else
1198 		port->wwpn_iid[iid].name = NULL;
1199 }
1200 
1201 static void
1202 ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1203 {
1204 
1205 	if (msg->login.version != CTL_HA_VERSION) {
1206 		printf("CTL HA peers have different versions %d != %d\n",
1207 		    msg->login.version, CTL_HA_VERSION);
1208 		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1209 		return;
1210 	}
1211 	if (msg->login.ha_mode != softc->ha_mode) {
1212 		printf("CTL HA peers have different ha_mode %d != %d\n",
1213 		    msg->login.ha_mode, softc->ha_mode);
1214 		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1215 		return;
1216 	}
1217 	if (msg->login.ha_id == softc->ha_id) {
1218 		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1219 		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1220 		return;
1221 	}
1222 	if (msg->login.max_luns != CTL_MAX_LUNS ||
1223 	    msg->login.max_ports != CTL_MAX_PORTS ||
1224 	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1225 		printf("CTL HA peers have different limits\n");
1226 		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1227 		return;
1228 	}
1229 }
1230 
1231 static void
1232 ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1233 {
1234 	struct ctl_lun *lun;
1235 	int i;
1236 	uint32_t initidx, targ_lun;
1237 
1238 	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1239 	mtx_lock(&softc->ctl_lock);
1240 	if ((targ_lun >= CTL_MAX_LUNS) ||
1241 	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1242 		mtx_unlock(&softc->ctl_lock);
1243 		return;
1244 	}
1245 	mtx_lock(&lun->lun_lock);
1246 	mtx_unlock(&softc->ctl_lock);
1247 	if (lun->flags & CTL_LUN_DISABLED) {
1248 		mtx_unlock(&lun->lun_lock);
1249 		return;
1250 	}
1251 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1252 		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1253 		    msg->mode.page_code &&
1254 		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1255 			break;
1256 	}
1257 	if (i == CTL_NUM_MODE_PAGES) {
1258 		mtx_unlock(&lun->lun_lock);
1259 		return;
1260 	}
1261 	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1262 	    lun->mode_pages.index[i].page_len);
1263 	initidx = ctl_get_initindex(&msg->hdr.nexus);
1264 	if (initidx != -1)
1265 		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1266 	mtx_unlock(&lun->lun_lock);
1267 }
1268 
1269 /*
1270  * ISC (Inter Shelf Communication) event handler.  Events from the HA
1271  * subsystem come in here.
1272  */
1273 static void
1274 ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1275 {
1276 	struct ctl_softc *softc = control_softc;
1277 	union ctl_io *io;
1278 	struct ctl_prio *presio;
1279 	ctl_ha_status isc_status;
1280 
1281 	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1282 	if (event == CTL_HA_EVT_MSG_RECV) {
1283 		union ctl_ha_msg *msg, msgbuf;
1284 
1285 		if (param > sizeof(msgbuf))
1286 			msg = malloc(param, M_CTL, M_WAITOK);
1287 		else
1288 			msg = &msgbuf;
1289 		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1290 		    M_WAITOK);
1291 		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1292 			printf("%s: Error receiving message: %d\n",
1293 			    __func__, isc_status);
1294 			if (msg != &msgbuf)
1295 				free(msg, M_CTL);
1296 			return;
1297 		}
1298 
1299 		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1300 		switch (msg->hdr.msg_type) {
1301 		case CTL_MSG_SERIALIZE:
1302 			io = ctl_alloc_io(softc->othersc_pool);
1303 			ctl_zero_io(io);
1304 			// populate ctsio from msg
1305 			io->io_hdr.io_type = CTL_IO_SCSI;
1306 			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1307 			io->io_hdr.original_sc = msg->hdr.original_sc;
1308 			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1309 					    CTL_FLAG_IO_ACTIVE;
1310 			/*
1311 			 * If we're in serialization-only mode, we don't
1312 			 * want to go through full done processing.  Thus
1313 			 * the COPY flag.
1314 			 *
1315 			 * XXX KDM add another flag that is more specific.
1316 			 */
1317 			if (softc->ha_mode != CTL_HA_MODE_XFER)
1318 				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1319 			io->io_hdr.nexus = msg->hdr.nexus;
1320 #if 0
1321 			printf("port %u, iid %u, lun %u\n",
1322 			       io->io_hdr.nexus.targ_port,
1323 			       io->io_hdr.nexus.initid,
1324 			       io->io_hdr.nexus.targ_lun);
1325 #endif
1326 			io->scsiio.tag_num = msg->scsi.tag_num;
1327 			io->scsiio.tag_type = msg->scsi.tag_type;
1328 #ifdef CTL_TIME_IO
1329 			io->io_hdr.start_time = time_uptime;
1330 			getbinuptime(&io->io_hdr.start_bt);
1331 #endif /* CTL_TIME_IO */
1332 			io->scsiio.cdb_len = msg->scsi.cdb_len;
1333 			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1334 			       CTL_MAX_CDBLEN);
1335 			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1336 				const struct ctl_cmd_entry *entry;
1337 
1338 				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1339 				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1340 				io->io_hdr.flags |=
1341 					entry->flags & CTL_FLAG_DATA_MASK;
1342 			}
1343 			ctl_enqueue_isc(io);
1344 			break;
1345 
1346 		/* Performed on the Originating SC, XFER mode only */
1347 		case CTL_MSG_DATAMOVE: {
1348 			struct ctl_sg_entry *sgl;
1349 			int i, j;
1350 
1351 			io = msg->hdr.original_sc;
1352 			if (io == NULL) {
1353 				printf("%s: original_sc == NULL!\n", __func__);
1354 				/* XXX KDM do something here */
1355 				break;
1356 			}
1357 			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1358 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1359 			/*
1360 			 * Keep track of this, we need to send it back over
1361 			 * when the datamove is complete.
1362 			 */
1363 			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1364 			if (msg->hdr.status == CTL_SUCCESS)
1365 				io->io_hdr.status = msg->hdr.status;
1366 
1367 			if (msg->dt.sg_sequence == 0) {
1368 #ifdef CTL_TIME_IO
1369 				getbinuptime(&io->io_hdr.dma_start_bt);
1370 #endif
1371 				i = msg->dt.kern_sg_entries +
1372 				    msg->dt.kern_data_len /
1373 				    CTL_HA_DATAMOVE_SEGMENT + 1;
1374 				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1375 				    M_WAITOK | M_ZERO);
1376 				io->io_hdr.remote_sglist = sgl;
1377 				io->io_hdr.local_sglist =
1378 				    &sgl[msg->dt.kern_sg_entries];
1379 
1380 				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1381 
1382 				io->scsiio.kern_sg_entries =
1383 					msg->dt.kern_sg_entries;
1384 				io->scsiio.rem_sg_entries =
1385 					msg->dt.kern_sg_entries;
1386 				io->scsiio.kern_data_len =
1387 					msg->dt.kern_data_len;
1388 				io->scsiio.kern_total_len =
1389 					msg->dt.kern_total_len;
1390 				io->scsiio.kern_data_resid =
1391 					msg->dt.kern_data_resid;
1392 				io->scsiio.kern_rel_offset =
1393 					msg->dt.kern_rel_offset;
1394 				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1395 				io->io_hdr.flags |= msg->dt.flags &
1396 				    CTL_FLAG_BUS_ADDR;
1397 			} else
1398 				sgl = (struct ctl_sg_entry *)
1399 					io->scsiio.kern_data_ptr;
1400 
1401 			for (i = msg->dt.sent_sg_entries, j = 0;
1402 			     i < (msg->dt.sent_sg_entries +
1403 			     msg->dt.cur_sg_entries); i++, j++) {
1404 				sgl[i].addr = msg->dt.sg_list[j].addr;
1405 				sgl[i].len = msg->dt.sg_list[j].len;
1406 
1407 #if 0
1408 				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1409 				    __func__, sgl[i].addr, sgl[i].len, j, i);
1410 #endif
1411 			}
1412 
1413 			/*
1414 			 * If this is the last piece of the I/O, we've got
1415 			 * the full S/G list.  Queue processing in the thread.
1416 			 * Otherwise wait for the next piece.
1417 			 */
1418 			if (msg->dt.sg_last != 0)
1419 				ctl_enqueue_isc(io);
1420 			break;
1421 		}
1422 		/* Performed on the Serializing (primary) SC, XFER mode only */
1423 		case CTL_MSG_DATAMOVE_DONE: {
1424 			if (msg->hdr.serializing_sc == NULL) {
1425 				printf("%s: serializing_sc == NULL!\n",
1426 				       __func__);
1427 				/* XXX KDM now what? */
1428 				break;
1429 			}
1430 			/*
1431 			 * We grab the sense information here in case
1432 			 * there was a failure, so we can return status
1433 			 * back to the initiator.
1434 			 */
1435 			io = msg->hdr.serializing_sc;
1436 			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1437 			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1438 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1439 			io->io_hdr.port_status = msg->scsi.fetd_status;
1440 			io->scsiio.residual = msg->scsi.residual;
1441 			if (msg->hdr.status != CTL_STATUS_NONE) {
1442 				io->io_hdr.status = msg->hdr.status;
1443 				io->scsiio.scsi_status = msg->scsi.scsi_status;
1444 				io->scsiio.sense_len = msg->scsi.sense_len;
1445 				io->scsiio.sense_residual =msg->scsi.sense_residual;
1446 				memcpy(&io->scsiio.sense_data,
1447 				    &msg->scsi.sense_data,
1448 				    msg->scsi.sense_len);
1449 				if (msg->hdr.status == CTL_SUCCESS)
1450 					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1451 			}
1452 			ctl_enqueue_isc(io);
1453 			break;
1454 		}
1455 
1456 		/* Preformed on Originating SC, SER_ONLY mode */
1457 		case CTL_MSG_R2R:
1458 			io = msg->hdr.original_sc;
1459 			if (io == NULL) {
1460 				printf("%s: original_sc == NULL!\n",
1461 				    __func__);
1462 				break;
1463 			}
1464 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1465 			io->io_hdr.msg_type = CTL_MSG_R2R;
1466 			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1467 			ctl_enqueue_isc(io);
1468 			break;
1469 
1470 		/*
1471 		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1472 		 * mode.
1473 		 * Performed on the Originating (i.e. secondary) SC in XFER
1474 		 * mode
1475 		 */
1476 		case CTL_MSG_FINISH_IO:
1477 			if (softc->ha_mode == CTL_HA_MODE_XFER)
1478 				ctl_isc_handler_finish_xfer(softc, msg);
1479 			else
1480 				ctl_isc_handler_finish_ser_only(softc, msg);
1481 			break;
1482 
1483 		/* Preformed on Originating SC */
1484 		case CTL_MSG_BAD_JUJU:
1485 			io = msg->hdr.original_sc;
1486 			if (io == NULL) {
1487 				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1488 				       __func__);
1489 				break;
1490 			}
1491 			ctl_copy_sense_data(msg, io);
1492 			/*
1493 			 * IO should have already been cleaned up on other
1494 			 * SC so clear this flag so we won't send a message
1495 			 * back to finish the IO there.
1496 			 */
1497 			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1498 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1499 
1500 			/* io = msg->hdr.serializing_sc; */
1501 			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1502 			ctl_enqueue_isc(io);
1503 			break;
1504 
1505 		/* Handle resets sent from the other side */
1506 		case CTL_MSG_MANAGE_TASKS: {
1507 			struct ctl_taskio *taskio;
1508 			taskio = (struct ctl_taskio *)ctl_alloc_io(
1509 			    softc->othersc_pool);
1510 			ctl_zero_io((union ctl_io *)taskio);
1511 			taskio->io_hdr.io_type = CTL_IO_TASK;
1512 			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1513 			taskio->io_hdr.nexus = msg->hdr.nexus;
1514 			taskio->task_action = msg->task.task_action;
1515 			taskio->tag_num = msg->task.tag_num;
1516 			taskio->tag_type = msg->task.tag_type;
1517 #ifdef CTL_TIME_IO
1518 			taskio->io_hdr.start_time = time_uptime;
1519 			getbinuptime(&taskio->io_hdr.start_bt);
1520 #endif /* CTL_TIME_IO */
1521 			ctl_run_task((union ctl_io *)taskio);
1522 			break;
1523 		}
1524 		/* Persistent Reserve action which needs attention */
1525 		case CTL_MSG_PERS_ACTION:
1526 			presio = (struct ctl_prio *)ctl_alloc_io(
1527 			    softc->othersc_pool);
1528 			ctl_zero_io((union ctl_io *)presio);
1529 			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1530 			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1531 			presio->io_hdr.nexus = msg->hdr.nexus;
1532 			presio->pr_msg = msg->pr;
1533 			ctl_enqueue_isc((union ctl_io *)presio);
1534 			break;
1535 		case CTL_MSG_UA:
1536 			ctl_isc_ua(softc, msg, param);
1537 			break;
1538 		case CTL_MSG_PORT_SYNC:
1539 			ctl_isc_port_sync(softc, msg, param);
1540 			break;
1541 		case CTL_MSG_LUN_SYNC:
1542 			ctl_isc_lun_sync(softc, msg, param);
1543 			break;
1544 		case CTL_MSG_IID_SYNC:
1545 			ctl_isc_iid_sync(softc, msg, param);
1546 			break;
1547 		case CTL_MSG_LOGIN:
1548 			ctl_isc_login(softc, msg, param);
1549 			break;
1550 		case CTL_MSG_MODE_SYNC:
1551 			ctl_isc_mode_sync(softc, msg, param);
1552 			break;
1553 		default:
1554 			printf("Received HA message of unknown type %d\n",
1555 			    msg->hdr.msg_type);
1556 			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1557 			break;
1558 		}
1559 		if (msg != &msgbuf)
1560 			free(msg, M_CTL);
1561 	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1562 		printf("CTL: HA link status changed from %d to %d\n",
1563 		    softc->ha_link, param);
1564 		if (param == softc->ha_link)
1565 			return;
1566 		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1567 			softc->ha_link = param;
1568 			ctl_isc_ha_link_down(softc);
1569 		} else {
1570 			softc->ha_link = param;
1571 			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1572 				ctl_isc_ha_link_up(softc);
1573 		}
1574 		return;
1575 	} else {
1576 		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1577 		return;
1578 	}
1579 }
1580 
1581 static void
1582 ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1583 {
1584 
1585 	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1586 	    src->scsi.sense_len);
1587 	dest->scsiio.scsi_status = src->scsi.scsi_status;
1588 	dest->scsiio.sense_len = src->scsi.sense_len;
1589 	dest->io_hdr.status = src->hdr.status;
1590 }
1591 
1592 static void
1593 ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1594 {
1595 
1596 	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1597 	    src->scsiio.sense_len);
1598 	dest->scsi.scsi_status = src->scsiio.scsi_status;
1599 	dest->scsi.sense_len = src->scsiio.sense_len;
1600 	dest->hdr.status = src->io_hdr.status;
1601 }
1602 
1603 void
1604 ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1605 {
1606 	struct ctl_softc *softc = lun->ctl_softc;
1607 	ctl_ua_type *pu;
1608 
1609 	if (initidx < softc->init_min || initidx >= softc->init_max)
1610 		return;
1611 	mtx_assert(&lun->lun_lock, MA_OWNED);
1612 	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1613 	if (pu == NULL)
1614 		return;
1615 	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1616 }
1617 
1618 void
1619 ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1620 {
1621 	int i;
1622 
1623 	mtx_assert(&lun->lun_lock, MA_OWNED);
1624 	if (lun->pending_ua[port] == NULL)
1625 		return;
1626 	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1627 		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1628 			continue;
1629 		lun->pending_ua[port][i] |= ua;
1630 	}
1631 }
1632 
1633 void
1634 ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1635 {
1636 	struct ctl_softc *softc = lun->ctl_softc;
1637 	int i;
1638 
1639 	mtx_assert(&lun->lun_lock, MA_OWNED);
1640 	for (i = softc->port_min; i < softc->port_max; i++)
1641 		ctl_est_ua_port(lun, i, except, ua);
1642 }
1643 
1644 void
1645 ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1646 {
1647 	struct ctl_softc *softc = lun->ctl_softc;
1648 	ctl_ua_type *pu;
1649 
1650 	if (initidx < softc->init_min || initidx >= softc->init_max)
1651 		return;
1652 	mtx_assert(&lun->lun_lock, MA_OWNED);
1653 	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1654 	if (pu == NULL)
1655 		return;
1656 	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1657 }
1658 
1659 void
1660 ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1661 {
1662 	struct ctl_softc *softc = lun->ctl_softc;
1663 	int i, j;
1664 
1665 	mtx_assert(&lun->lun_lock, MA_OWNED);
1666 	for (i = softc->port_min; i < softc->port_max; i++) {
1667 		if (lun->pending_ua[i] == NULL)
1668 			continue;
1669 		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1670 			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1671 				continue;
1672 			lun->pending_ua[i][j] &= ~ua;
1673 		}
1674 	}
1675 }
1676 
1677 void
1678 ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1679     ctl_ua_type ua_type)
1680 {
1681 	struct ctl_lun *lun;
1682 
1683 	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1684 	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1685 		mtx_lock(&lun->lun_lock);
1686 		ctl_clr_ua(lun, initidx, ua_type);
1687 		mtx_unlock(&lun->lun_lock);
1688 	}
1689 }
1690 
1691 static int
1692 ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1693 {
1694 	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1695 	struct ctl_lun *lun;
1696 	struct ctl_lun_req ireq;
1697 	int error, value;
1698 
1699 	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1700 	error = sysctl_handle_int(oidp, &value, 0, req);
1701 	if ((error != 0) || (req->newptr == NULL))
1702 		return (error);
1703 
1704 	mtx_lock(&softc->ctl_lock);
1705 	if (value == 0)
1706 		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1707 	else
1708 		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1709 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1710 		mtx_unlock(&softc->ctl_lock);
1711 		bzero(&ireq, sizeof(ireq));
1712 		ireq.reqtype = CTL_LUNREQ_MODIFY;
1713 		ireq.reqdata.modify.lun_id = lun->lun;
1714 		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1715 		    curthread);
1716 		if (ireq.status != CTL_LUN_OK) {
1717 			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1718 			    __func__, ireq.status, ireq.error_str);
1719 		}
1720 		mtx_lock(&softc->ctl_lock);
1721 	}
1722 	mtx_unlock(&softc->ctl_lock);
1723 	return (0);
1724 }
1725 
1726 static int
1727 ctl_init(void)
1728 {
1729 	struct ctl_softc *softc;
1730 	void *other_pool;
1731 	int i, error;
1732 
1733 	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1734 			       M_WAITOK | M_ZERO);
1735 
1736 	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1737 			      "cam/ctl");
1738 	softc->dev->si_drv1 = softc;
1739 
1740 	sysctl_ctx_init(&softc->sysctl_ctx);
1741 	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1742 		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1743 		CTLFLAG_RD, 0, "CAM Target Layer");
1744 
1745 	if (softc->sysctl_tree == NULL) {
1746 		printf("%s: unable to allocate sysctl tree\n", __func__);
1747 		destroy_dev(softc->dev);
1748 		free(control_softc, M_DEVBUF);
1749 		control_softc = NULL;
1750 		return (ENOMEM);
1751 	}
1752 
1753 	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1754 	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1755 	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1756 	softc->flags = 0;
1757 
1758 	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1759 	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1760 	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1761 
1762 	/*
1763 	 * In Copan's HA scheme, the "master" and "slave" roles are
1764 	 * figured out through the slot the controller is in.  Although it
1765 	 * is an active/active system, someone has to be in charge.
1766 	 */
1767 	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1768 	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1769 	    "HA head ID (0 - no HA)");
1770 	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1771 		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1772 		softc->is_single = 1;
1773 		softc->port_cnt = CTL_MAX_PORTS;
1774 		softc->port_min = 0;
1775 	} else {
1776 		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1777 		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1778 	}
1779 	softc->port_max = softc->port_min + softc->port_cnt;
1780 	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1781 	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1782 
1783 	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1784 	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1785 	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1786 
1787 	STAILQ_INIT(&softc->lun_list);
1788 	STAILQ_INIT(&softc->pending_lun_queue);
1789 	STAILQ_INIT(&softc->fe_list);
1790 	STAILQ_INIT(&softc->port_list);
1791 	STAILQ_INIT(&softc->be_list);
1792 	ctl_tpc_init(softc);
1793 
1794 	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1795 	                    &other_pool) != 0)
1796 	{
1797 		printf("ctl: can't allocate %d entry other SC pool, "
1798 		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1799 		return (ENOMEM);
1800 	}
1801 	softc->othersc_pool = other_pool;
1802 
1803 	if (worker_threads <= 0)
1804 		worker_threads = max(1, mp_ncpus / 4);
1805 	if (worker_threads > CTL_MAX_THREADS)
1806 		worker_threads = CTL_MAX_THREADS;
1807 
1808 	for (i = 0; i < worker_threads; i++) {
1809 		struct ctl_thread *thr = &softc->threads[i];
1810 
1811 		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1812 		thr->ctl_softc = softc;
1813 		STAILQ_INIT(&thr->incoming_queue);
1814 		STAILQ_INIT(&thr->rtr_queue);
1815 		STAILQ_INIT(&thr->done_queue);
1816 		STAILQ_INIT(&thr->isc_queue);
1817 
1818 		error = kproc_kthread_add(ctl_work_thread, thr,
1819 		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1820 		if (error != 0) {
1821 			printf("error creating CTL work thread!\n");
1822 			ctl_pool_free(other_pool);
1823 			return (error);
1824 		}
1825 	}
1826 	error = kproc_kthread_add(ctl_lun_thread, softc,
1827 	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1828 	if (error != 0) {
1829 		printf("error creating CTL lun thread!\n");
1830 		ctl_pool_free(other_pool);
1831 		return (error);
1832 	}
1833 	error = kproc_kthread_add(ctl_thresh_thread, softc,
1834 	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1835 	if (error != 0) {
1836 		printf("error creating CTL threshold thread!\n");
1837 		ctl_pool_free(other_pool);
1838 		return (error);
1839 	}
1840 
1841 	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1842 	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1843 	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1844 
1845 	if (softc->is_single == 0) {
1846 		ctl_frontend_register(&ha_frontend);
1847 		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1848 			printf("ctl_init: ctl_ha_msg_init failed.\n");
1849 			softc->is_single = 1;
1850 		} else
1851 		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1852 		    != CTL_HA_STATUS_SUCCESS) {
1853 			printf("ctl_init: ctl_ha_msg_register failed.\n");
1854 			softc->is_single = 1;
1855 		}
1856 	}
1857 	return (0);
1858 }
1859 
1860 void
1861 ctl_shutdown(void)
1862 {
1863 	struct ctl_softc *softc = control_softc;
1864 	struct ctl_lun *lun, *next_lun;
1865 
1866 	if (softc->is_single == 0) {
1867 		ctl_ha_msg_shutdown(softc);
1868 		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1869 		    != CTL_HA_STATUS_SUCCESS)
1870 			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1871 		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1872 			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1873 		ctl_frontend_deregister(&ha_frontend);
1874 	}
1875 
1876 	mtx_lock(&softc->ctl_lock);
1877 
1878 	/*
1879 	 * Free up each LUN.
1880 	 */
1881 	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1882 		next_lun = STAILQ_NEXT(lun, links);
1883 		ctl_free_lun(lun);
1884 	}
1885 
1886 	mtx_unlock(&softc->ctl_lock);
1887 
1888 #if 0
1889 	ctl_shutdown_thread(softc->work_thread);
1890 	mtx_destroy(&softc->queue_lock);
1891 #endif
1892 
1893 	ctl_tpc_shutdown(softc);
1894 	uma_zdestroy(softc->io_zone);
1895 	mtx_destroy(&softc->ctl_lock);
1896 
1897 	destroy_dev(softc->dev);
1898 
1899 	sysctl_ctx_free(&softc->sysctl_ctx);
1900 
1901 	free(control_softc, M_DEVBUF);
1902 	control_softc = NULL;
1903 }
1904 
1905 static int
1906 ctl_module_event_handler(module_t mod, int what, void *arg)
1907 {
1908 
1909 	switch (what) {
1910 	case MOD_LOAD:
1911 		return (ctl_init());
1912 	case MOD_UNLOAD:
1913 		return (EBUSY);
1914 	default:
1915 		return (EOPNOTSUPP);
1916 	}
1917 }
1918 
1919 /*
1920  * XXX KDM should we do some access checks here?  Bump a reference count to
1921  * prevent a CTL module from being unloaded while someone has it open?
1922  */
1923 static int
1924 ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1925 {
1926 	return (0);
1927 }
1928 
1929 static int
1930 ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1931 {
1932 	return (0);
1933 }
1934 
1935 /*
1936  * Remove an initiator by port number and initiator ID.
1937  * Returns 0 for success, -1 for failure.
1938  */
1939 int
1940 ctl_remove_initiator(struct ctl_port *port, int iid)
1941 {
1942 	struct ctl_softc *softc = port->ctl_softc;
1943 
1944 	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1945 
1946 	if (iid > CTL_MAX_INIT_PER_PORT) {
1947 		printf("%s: initiator ID %u > maximun %u!\n",
1948 		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1949 		return (-1);
1950 	}
1951 
1952 	mtx_lock(&softc->ctl_lock);
1953 	port->wwpn_iid[iid].in_use--;
1954 	port->wwpn_iid[iid].last_use = time_uptime;
1955 	mtx_unlock(&softc->ctl_lock);
1956 	ctl_isc_announce_iid(port, iid);
1957 
1958 	return (0);
1959 }
1960 
1961 /*
1962  * Add an initiator to the initiator map.
1963  * Returns iid for success, < 0 for failure.
1964  */
1965 int
1966 ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1967 {
1968 	struct ctl_softc *softc = port->ctl_softc;
1969 	time_t best_time;
1970 	int i, best;
1971 
1972 	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1973 
1974 	if (iid >= CTL_MAX_INIT_PER_PORT) {
1975 		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1976 		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1977 		free(name, M_CTL);
1978 		return (-1);
1979 	}
1980 
1981 	mtx_lock(&softc->ctl_lock);
1982 
1983 	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1984 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1985 			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1986 				iid = i;
1987 				break;
1988 			}
1989 			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1990 			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1991 				iid = i;
1992 				break;
1993 			}
1994 		}
1995 	}
1996 
1997 	if (iid < 0) {
1998 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1999 			if (port->wwpn_iid[i].in_use == 0 &&
2000 			    port->wwpn_iid[i].wwpn == 0 &&
2001 			    port->wwpn_iid[i].name == NULL) {
2002 				iid = i;
2003 				break;
2004 			}
2005 		}
2006 	}
2007 
2008 	if (iid < 0) {
2009 		best = -1;
2010 		best_time = INT32_MAX;
2011 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2012 			if (port->wwpn_iid[i].in_use == 0) {
2013 				if (port->wwpn_iid[i].last_use < best_time) {
2014 					best = i;
2015 					best_time = port->wwpn_iid[i].last_use;
2016 				}
2017 			}
2018 		}
2019 		iid = best;
2020 	}
2021 
2022 	if (iid < 0) {
2023 		mtx_unlock(&softc->ctl_lock);
2024 		free(name, M_CTL);
2025 		return (-2);
2026 	}
2027 
2028 	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2029 		/*
2030 		 * This is not an error yet.
2031 		 */
2032 		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2033 #if 0
2034 			printf("%s: port %d iid %u WWPN %#jx arrived"
2035 			    " again\n", __func__, port->targ_port,
2036 			    iid, (uintmax_t)wwpn);
2037 #endif
2038 			goto take;
2039 		}
2040 		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2041 		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2042 #if 0
2043 			printf("%s: port %d iid %u name '%s' arrived"
2044 			    " again\n", __func__, port->targ_port,
2045 			    iid, name);
2046 #endif
2047 			goto take;
2048 		}
2049 
2050 		/*
2051 		 * This is an error, but what do we do about it?  The
2052 		 * driver is telling us we have a new WWPN for this
2053 		 * initiator ID, so we pretty much need to use it.
2054 		 */
2055 		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2056 		    " but WWPN %#jx '%s' is still at that address\n",
2057 		    __func__, port->targ_port, iid, wwpn, name,
2058 		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2059 		    port->wwpn_iid[iid].name);
2060 
2061 		/*
2062 		 * XXX KDM clear have_ca and ua_pending on each LUN for
2063 		 * this initiator.
2064 		 */
2065 	}
2066 take:
2067 	free(port->wwpn_iid[iid].name, M_CTL);
2068 	port->wwpn_iid[iid].name = name;
2069 	port->wwpn_iid[iid].wwpn = wwpn;
2070 	port->wwpn_iid[iid].in_use++;
2071 	mtx_unlock(&softc->ctl_lock);
2072 	ctl_isc_announce_iid(port, iid);
2073 
2074 	return (iid);
2075 }
2076 
2077 static int
2078 ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2079 {
2080 	int len;
2081 
2082 	switch (port->port_type) {
2083 	case CTL_PORT_FC:
2084 	{
2085 		struct scsi_transportid_fcp *id =
2086 		    (struct scsi_transportid_fcp *)buf;
2087 		if (port->wwpn_iid[iid].wwpn == 0)
2088 			return (0);
2089 		memset(id, 0, sizeof(*id));
2090 		id->format_protocol = SCSI_PROTO_FC;
2091 		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2092 		return (sizeof(*id));
2093 	}
2094 	case CTL_PORT_ISCSI:
2095 	{
2096 		struct scsi_transportid_iscsi_port *id =
2097 		    (struct scsi_transportid_iscsi_port *)buf;
2098 		if (port->wwpn_iid[iid].name == NULL)
2099 			return (0);
2100 		memset(id, 0, 256);
2101 		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2102 		    SCSI_PROTO_ISCSI;
2103 		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2104 		len = roundup2(min(len, 252), 4);
2105 		scsi_ulto2b(len, id->additional_length);
2106 		return (sizeof(*id) + len);
2107 	}
2108 	case CTL_PORT_SAS:
2109 	{
2110 		struct scsi_transportid_sas *id =
2111 		    (struct scsi_transportid_sas *)buf;
2112 		if (port->wwpn_iid[iid].wwpn == 0)
2113 			return (0);
2114 		memset(id, 0, sizeof(*id));
2115 		id->format_protocol = SCSI_PROTO_SAS;
2116 		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2117 		return (sizeof(*id));
2118 	}
2119 	default:
2120 	{
2121 		struct scsi_transportid_spi *id =
2122 		    (struct scsi_transportid_spi *)buf;
2123 		memset(id, 0, sizeof(*id));
2124 		id->format_protocol = SCSI_PROTO_SPI;
2125 		scsi_ulto2b(iid, id->scsi_addr);
2126 		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2127 		return (sizeof(*id));
2128 	}
2129 	}
2130 }
2131 
2132 /*
2133  * Serialize a command that went down the "wrong" side, and so was sent to
2134  * this controller for execution.  The logic is a little different than the
2135  * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2136  * sent back to the other side, but in the success case, we execute the
2137  * command on this side (XFER mode) or tell the other side to execute it
2138  * (SER_ONLY mode).
2139  */
2140 static int
2141 ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2142 {
2143 	struct ctl_softc *softc = control_softc;
2144 	union ctl_ha_msg msg_info;
2145 	struct ctl_port *port;
2146 	struct ctl_lun *lun;
2147 	const struct ctl_cmd_entry *entry;
2148 	int retval = 0;
2149 	uint32_t targ_lun;
2150 
2151 	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2152 	mtx_lock(&softc->ctl_lock);
2153 
2154 	/* Make sure that we know about this port. */
2155 	port = ctl_io_port(&ctsio->io_hdr);
2156 	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2157 		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2158 					 /*retry_count*/ 1);
2159 		goto badjuju;
2160 	}
2161 
2162 	/* Make sure that we know about this LUN. */
2163 	if ((targ_lun < CTL_MAX_LUNS) &&
2164 	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2165 		mtx_lock(&lun->lun_lock);
2166 		mtx_unlock(&softc->ctl_lock);
2167 		/*
2168 		 * If the LUN is invalid, pretend that it doesn't exist.
2169 		 * It will go away as soon as all pending I/O has been
2170 		 * completed.
2171 		 */
2172 		if (lun->flags & CTL_LUN_DISABLED) {
2173 			mtx_unlock(&lun->lun_lock);
2174 			lun = NULL;
2175 		}
2176 	} else {
2177 		mtx_unlock(&softc->ctl_lock);
2178 		lun = NULL;
2179 	}
2180 	if (lun == NULL) {
2181 		/*
2182 		 * The other node would not send this request to us unless
2183 		 * received announce that we are primary node for this LUN.
2184 		 * If this LUN does not exist now, it is probably result of
2185 		 * a race, so respond to initiator in the most opaque way.
2186 		 */
2187 		ctl_set_busy(ctsio);
2188 		goto badjuju;
2189 	}
2190 
2191 	entry = ctl_get_cmd_entry(ctsio, NULL);
2192 	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2193 		mtx_unlock(&lun->lun_lock);
2194 		goto badjuju;
2195 	}
2196 
2197 	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2198 	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2199 
2200 	/*
2201 	 * Every I/O goes into the OOA queue for a
2202 	 * particular LUN, and stays there until completion.
2203 	 */
2204 #ifdef CTL_TIME_IO
2205 	if (TAILQ_EMPTY(&lun->ooa_queue))
2206 		lun->idle_time += getsbinuptime() - lun->last_busy;
2207 #endif
2208 	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2209 
2210 	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2211 		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2212 		 ooa_links))) {
2213 	case CTL_ACTION_BLOCK:
2214 		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2215 		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2216 				  blocked_links);
2217 		mtx_unlock(&lun->lun_lock);
2218 		break;
2219 	case CTL_ACTION_PASS:
2220 	case CTL_ACTION_SKIP:
2221 		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2222 			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2223 			ctl_enqueue_rtr((union ctl_io *)ctsio);
2224 			mtx_unlock(&lun->lun_lock);
2225 		} else {
2226 			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2227 			mtx_unlock(&lun->lun_lock);
2228 
2229 			/* send msg back to other side */
2230 			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2231 			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2232 			msg_info.hdr.msg_type = CTL_MSG_R2R;
2233 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2234 			    sizeof(msg_info.hdr), M_WAITOK);
2235 		}
2236 		break;
2237 	case CTL_ACTION_OVERLAP:
2238 		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2239 		mtx_unlock(&lun->lun_lock);
2240 		ctl_set_overlapped_cmd(ctsio);
2241 		goto badjuju;
2242 	case CTL_ACTION_OVERLAP_TAG:
2243 		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2244 		mtx_unlock(&lun->lun_lock);
2245 		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2246 		goto badjuju;
2247 	case CTL_ACTION_ERROR:
2248 	default:
2249 		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2250 		mtx_unlock(&lun->lun_lock);
2251 
2252 		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2253 					 /*retry_count*/ 0);
2254 badjuju:
2255 		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2256 		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2257 		msg_info.hdr.serializing_sc = NULL;
2258 		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2259 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2260 		    sizeof(msg_info.scsi), M_WAITOK);
2261 		retval = 1;
2262 		break;
2263 	}
2264 	return (retval);
2265 }
2266 
2267 /*
2268  * Returns 0 for success, errno for failure.
2269  */
2270 static void
2271 ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2272 		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2273 {
2274 	union ctl_io *io;
2275 
2276 	mtx_lock(&lun->lun_lock);
2277 	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2278 	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2279 	     ooa_links)) {
2280 		struct ctl_ooa_entry *entry;
2281 
2282 		/*
2283 		 * If we've got more than we can fit, just count the
2284 		 * remaining entries.
2285 		 */
2286 		if (*cur_fill_num >= ooa_hdr->alloc_num)
2287 			continue;
2288 
2289 		entry = &kern_entries[*cur_fill_num];
2290 
2291 		entry->tag_num = io->scsiio.tag_num;
2292 		entry->lun_num = lun->lun;
2293 #ifdef CTL_TIME_IO
2294 		entry->start_bt = io->io_hdr.start_bt;
2295 #endif
2296 		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2297 		entry->cdb_len = io->scsiio.cdb_len;
2298 		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2299 			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2300 
2301 		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2302 			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2303 
2304 		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2305 			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2306 
2307 		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2308 			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2309 
2310 		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2311 			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2312 	}
2313 	mtx_unlock(&lun->lun_lock);
2314 }
2315 
2316 static void *
2317 ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2318 		 size_t error_str_len)
2319 {
2320 	void *kptr;
2321 
2322 	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2323 
2324 	if (copyin(user_addr, kptr, len) != 0) {
2325 		snprintf(error_str, error_str_len, "Error copying %d bytes "
2326 			 "from user address %p to kernel address %p", len,
2327 			 user_addr, kptr);
2328 		free(kptr, M_CTL);
2329 		return (NULL);
2330 	}
2331 
2332 	return (kptr);
2333 }
2334 
2335 static void
2336 ctl_free_args(int num_args, struct ctl_be_arg *args)
2337 {
2338 	int i;
2339 
2340 	if (args == NULL)
2341 		return;
2342 
2343 	for (i = 0; i < num_args; i++) {
2344 		free(args[i].kname, M_CTL);
2345 		free(args[i].kvalue, M_CTL);
2346 	}
2347 
2348 	free(args, M_CTL);
2349 }
2350 
2351 static struct ctl_be_arg *
2352 ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2353 		char *error_str, size_t error_str_len)
2354 {
2355 	struct ctl_be_arg *args;
2356 	int i;
2357 
2358 	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2359 				error_str, error_str_len);
2360 
2361 	if (args == NULL)
2362 		goto bailout;
2363 
2364 	for (i = 0; i < num_args; i++) {
2365 		args[i].kname = NULL;
2366 		args[i].kvalue = NULL;
2367 	}
2368 
2369 	for (i = 0; i < num_args; i++) {
2370 		uint8_t *tmpptr;
2371 
2372 		args[i].kname = ctl_copyin_alloc(args[i].name,
2373 			args[i].namelen, error_str, error_str_len);
2374 		if (args[i].kname == NULL)
2375 			goto bailout;
2376 
2377 		if (args[i].kname[args[i].namelen - 1] != '\0') {
2378 			snprintf(error_str, error_str_len, "Argument %d "
2379 				 "name is not NUL-terminated", i);
2380 			goto bailout;
2381 		}
2382 
2383 		if (args[i].flags & CTL_BEARG_RD) {
2384 			tmpptr = ctl_copyin_alloc(args[i].value,
2385 				args[i].vallen, error_str, error_str_len);
2386 			if (tmpptr == NULL)
2387 				goto bailout;
2388 			if ((args[i].flags & CTL_BEARG_ASCII)
2389 			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2390 				snprintf(error_str, error_str_len, "Argument "
2391 				    "%d value is not NUL-terminated", i);
2392 				goto bailout;
2393 			}
2394 			args[i].kvalue = tmpptr;
2395 		} else {
2396 			args[i].kvalue = malloc(args[i].vallen,
2397 			    M_CTL, M_WAITOK | M_ZERO);
2398 		}
2399 	}
2400 
2401 	return (args);
2402 bailout:
2403 
2404 	ctl_free_args(num_args, args);
2405 
2406 	return (NULL);
2407 }
2408 
2409 static void
2410 ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2411 {
2412 	int i;
2413 
2414 	for (i = 0; i < num_args; i++) {
2415 		if (args[i].flags & CTL_BEARG_WR)
2416 			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2417 	}
2418 }
2419 
2420 /*
2421  * Escape characters that are illegal or not recommended in XML.
2422  */
2423 int
2424 ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2425 {
2426 	char *end = str + size;
2427 	int retval;
2428 
2429 	retval = 0;
2430 
2431 	for (; *str && str < end; str++) {
2432 		switch (*str) {
2433 		case '&':
2434 			retval = sbuf_printf(sb, "&amp;");
2435 			break;
2436 		case '>':
2437 			retval = sbuf_printf(sb, "&gt;");
2438 			break;
2439 		case '<':
2440 			retval = sbuf_printf(sb, "&lt;");
2441 			break;
2442 		default:
2443 			retval = sbuf_putc(sb, *str);
2444 			break;
2445 		}
2446 
2447 		if (retval != 0)
2448 			break;
2449 
2450 	}
2451 
2452 	return (retval);
2453 }
2454 
2455 static void
2456 ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2457 {
2458 	struct scsi_vpd_id_descriptor *desc;
2459 	int i;
2460 
2461 	if (id == NULL || id->len < 4)
2462 		return;
2463 	desc = (struct scsi_vpd_id_descriptor *)id->data;
2464 	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2465 	case SVPD_ID_TYPE_T10:
2466 		sbuf_printf(sb, "t10.");
2467 		break;
2468 	case SVPD_ID_TYPE_EUI64:
2469 		sbuf_printf(sb, "eui.");
2470 		break;
2471 	case SVPD_ID_TYPE_NAA:
2472 		sbuf_printf(sb, "naa.");
2473 		break;
2474 	case SVPD_ID_TYPE_SCSI_NAME:
2475 		break;
2476 	}
2477 	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2478 	case SVPD_ID_CODESET_BINARY:
2479 		for (i = 0; i < desc->length; i++)
2480 			sbuf_printf(sb, "%02x", desc->identifier[i]);
2481 		break;
2482 	case SVPD_ID_CODESET_ASCII:
2483 		sbuf_printf(sb, "%.*s", (int)desc->length,
2484 		    (char *)desc->identifier);
2485 		break;
2486 	case SVPD_ID_CODESET_UTF8:
2487 		sbuf_printf(sb, "%s", (char *)desc->identifier);
2488 		break;
2489 	}
2490 }
2491 
2492 static int
2493 ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2494 	  struct thread *td)
2495 {
2496 	struct ctl_softc *softc = dev->si_drv1;
2497 	struct ctl_lun *lun;
2498 	int retval;
2499 
2500 	retval = 0;
2501 
2502 	switch (cmd) {
2503 	case CTL_IO:
2504 		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2505 		break;
2506 	case CTL_ENABLE_PORT:
2507 	case CTL_DISABLE_PORT:
2508 	case CTL_SET_PORT_WWNS: {
2509 		struct ctl_port *port;
2510 		struct ctl_port_entry *entry;
2511 
2512 		entry = (struct ctl_port_entry *)addr;
2513 
2514 		mtx_lock(&softc->ctl_lock);
2515 		STAILQ_FOREACH(port, &softc->port_list, links) {
2516 			int action, done;
2517 
2518 			if (port->targ_port < softc->port_min ||
2519 			    port->targ_port >= softc->port_max)
2520 				continue;
2521 
2522 			action = 0;
2523 			done = 0;
2524 			if ((entry->port_type == CTL_PORT_NONE)
2525 			 && (entry->targ_port == port->targ_port)) {
2526 				/*
2527 				 * If the user only wants to enable or
2528 				 * disable or set WWNs on a specific port,
2529 				 * do the operation and we're done.
2530 				 */
2531 				action = 1;
2532 				done = 1;
2533 			} else if (entry->port_type & port->port_type) {
2534 				/*
2535 				 * Compare the user's type mask with the
2536 				 * particular frontend type to see if we
2537 				 * have a match.
2538 				 */
2539 				action = 1;
2540 				done = 0;
2541 
2542 				/*
2543 				 * Make sure the user isn't trying to set
2544 				 * WWNs on multiple ports at the same time.
2545 				 */
2546 				if (cmd == CTL_SET_PORT_WWNS) {
2547 					printf("%s: Can't set WWNs on "
2548 					       "multiple ports\n", __func__);
2549 					retval = EINVAL;
2550 					break;
2551 				}
2552 			}
2553 			if (action == 0)
2554 				continue;
2555 
2556 			/*
2557 			 * XXX KDM we have to drop the lock here, because
2558 			 * the online/offline operations can potentially
2559 			 * block.  We need to reference count the frontends
2560 			 * so they can't go away,
2561 			 */
2562 			if (cmd == CTL_ENABLE_PORT) {
2563 				mtx_unlock(&softc->ctl_lock);
2564 				ctl_port_online(port);
2565 				mtx_lock(&softc->ctl_lock);
2566 			} else if (cmd == CTL_DISABLE_PORT) {
2567 				mtx_unlock(&softc->ctl_lock);
2568 				ctl_port_offline(port);
2569 				mtx_lock(&softc->ctl_lock);
2570 			} else if (cmd == CTL_SET_PORT_WWNS) {
2571 				ctl_port_set_wwns(port,
2572 				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2573 				    1 : 0, entry->wwnn,
2574 				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2575 				    1 : 0, entry->wwpn);
2576 			}
2577 			if (done != 0)
2578 				break;
2579 		}
2580 		mtx_unlock(&softc->ctl_lock);
2581 		break;
2582 	}
2583 	case CTL_GET_OOA: {
2584 		struct ctl_ooa *ooa_hdr;
2585 		struct ctl_ooa_entry *entries;
2586 		uint32_t cur_fill_num;
2587 
2588 		ooa_hdr = (struct ctl_ooa *)addr;
2589 
2590 		if ((ooa_hdr->alloc_len == 0)
2591 		 || (ooa_hdr->alloc_num == 0)) {
2592 			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2593 			       "must be non-zero\n", __func__,
2594 			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2595 			retval = EINVAL;
2596 			break;
2597 		}
2598 
2599 		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2600 		    sizeof(struct ctl_ooa_entry))) {
2601 			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2602 			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2603 			       __func__, ooa_hdr->alloc_len,
2604 			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2605 			retval = EINVAL;
2606 			break;
2607 		}
2608 
2609 		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2610 		if (entries == NULL) {
2611 			printf("%s: could not allocate %d bytes for OOA "
2612 			       "dump\n", __func__, ooa_hdr->alloc_len);
2613 			retval = ENOMEM;
2614 			break;
2615 		}
2616 
2617 		mtx_lock(&softc->ctl_lock);
2618 		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2619 		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2620 		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2621 			mtx_unlock(&softc->ctl_lock);
2622 			free(entries, M_CTL);
2623 			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2624 			       __func__, (uintmax_t)ooa_hdr->lun_num);
2625 			retval = EINVAL;
2626 			break;
2627 		}
2628 
2629 		cur_fill_num = 0;
2630 
2631 		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2632 			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2633 				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2634 				    ooa_hdr, entries);
2635 			}
2636 		} else {
2637 			lun = softc->ctl_luns[ooa_hdr->lun_num];
2638 			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2639 			    entries);
2640 		}
2641 		mtx_unlock(&softc->ctl_lock);
2642 
2643 		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2644 		ooa_hdr->fill_len = ooa_hdr->fill_num *
2645 			sizeof(struct ctl_ooa_entry);
2646 		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2647 		if (retval != 0) {
2648 			printf("%s: error copying out %d bytes for OOA dump\n",
2649 			       __func__, ooa_hdr->fill_len);
2650 		}
2651 
2652 		getbinuptime(&ooa_hdr->cur_bt);
2653 
2654 		if (cur_fill_num > ooa_hdr->alloc_num) {
2655 			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2656 			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2657 		} else {
2658 			ooa_hdr->dropped_num = 0;
2659 			ooa_hdr->status = CTL_OOA_OK;
2660 		}
2661 
2662 		free(entries, M_CTL);
2663 		break;
2664 	}
2665 	case CTL_DELAY_IO: {
2666 		struct ctl_io_delay_info *delay_info;
2667 
2668 		delay_info = (struct ctl_io_delay_info *)addr;
2669 
2670 #ifdef CTL_IO_DELAY
2671 		mtx_lock(&softc->ctl_lock);
2672 
2673 		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2674 		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2675 			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2676 		} else {
2677 			lun = softc->ctl_luns[delay_info->lun_id];
2678 			mtx_lock(&lun->lun_lock);
2679 
2680 			delay_info->status = CTL_DELAY_STATUS_OK;
2681 
2682 			switch (delay_info->delay_type) {
2683 			case CTL_DELAY_TYPE_CONT:
2684 				break;
2685 			case CTL_DELAY_TYPE_ONESHOT:
2686 				break;
2687 			default:
2688 				delay_info->status =
2689 					CTL_DELAY_STATUS_INVALID_TYPE;
2690 				break;
2691 			}
2692 
2693 			switch (delay_info->delay_loc) {
2694 			case CTL_DELAY_LOC_DATAMOVE:
2695 				lun->delay_info.datamove_type =
2696 					delay_info->delay_type;
2697 				lun->delay_info.datamove_delay =
2698 					delay_info->delay_secs;
2699 				break;
2700 			case CTL_DELAY_LOC_DONE:
2701 				lun->delay_info.done_type =
2702 					delay_info->delay_type;
2703 				lun->delay_info.done_delay =
2704 					delay_info->delay_secs;
2705 				break;
2706 			default:
2707 				delay_info->status =
2708 					CTL_DELAY_STATUS_INVALID_LOC;
2709 				break;
2710 			}
2711 			mtx_unlock(&lun->lun_lock);
2712 		}
2713 
2714 		mtx_unlock(&softc->ctl_lock);
2715 #else
2716 		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2717 #endif /* CTL_IO_DELAY */
2718 		break;
2719 	}
2720 	case CTL_GETSTATS: {
2721 		struct ctl_stats *stats;
2722 		int i;
2723 
2724 		stats = (struct ctl_stats *)addr;
2725 
2726 		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2727 		     stats->alloc_len) {
2728 			stats->status = CTL_SS_NEED_MORE_SPACE;
2729 			stats->num_luns = softc->num_luns;
2730 			break;
2731 		}
2732 		/*
2733 		 * XXX KDM no locking here.  If the LUN list changes,
2734 		 * things can blow up.
2735 		 */
2736 		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2737 		     i++, lun = STAILQ_NEXT(lun, links)) {
2738 			retval = copyout(&lun->stats, &stats->lun_stats[i],
2739 					 sizeof(lun->stats));
2740 			if (retval != 0)
2741 				break;
2742 		}
2743 		stats->num_luns = softc->num_luns;
2744 		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2745 				 softc->num_luns;
2746 		stats->status = CTL_SS_OK;
2747 #ifdef CTL_TIME_IO
2748 		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2749 #else
2750 		stats->flags = CTL_STATS_FLAG_NONE;
2751 #endif
2752 		getnanouptime(&stats->timestamp);
2753 		break;
2754 	}
2755 	case CTL_ERROR_INJECT: {
2756 		struct ctl_error_desc *err_desc, *new_err_desc;
2757 
2758 		err_desc = (struct ctl_error_desc *)addr;
2759 
2760 		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2761 				      M_WAITOK | M_ZERO);
2762 		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2763 
2764 		mtx_lock(&softc->ctl_lock);
2765 		lun = softc->ctl_luns[err_desc->lun_id];
2766 		if (lun == NULL) {
2767 			mtx_unlock(&softc->ctl_lock);
2768 			free(new_err_desc, M_CTL);
2769 			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2770 			       __func__, (uintmax_t)err_desc->lun_id);
2771 			retval = EINVAL;
2772 			break;
2773 		}
2774 		mtx_lock(&lun->lun_lock);
2775 		mtx_unlock(&softc->ctl_lock);
2776 
2777 		/*
2778 		 * We could do some checking here to verify the validity
2779 		 * of the request, but given the complexity of error
2780 		 * injection requests, the checking logic would be fairly
2781 		 * complex.
2782 		 *
2783 		 * For now, if the request is invalid, it just won't get
2784 		 * executed and might get deleted.
2785 		 */
2786 		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2787 
2788 		/*
2789 		 * XXX KDM check to make sure the serial number is unique,
2790 		 * in case we somehow manage to wrap.  That shouldn't
2791 		 * happen for a very long time, but it's the right thing to
2792 		 * do.
2793 		 */
2794 		new_err_desc->serial = lun->error_serial;
2795 		err_desc->serial = lun->error_serial;
2796 		lun->error_serial++;
2797 
2798 		mtx_unlock(&lun->lun_lock);
2799 		break;
2800 	}
2801 	case CTL_ERROR_INJECT_DELETE: {
2802 		struct ctl_error_desc *delete_desc, *desc, *desc2;
2803 		int delete_done;
2804 
2805 		delete_desc = (struct ctl_error_desc *)addr;
2806 		delete_done = 0;
2807 
2808 		mtx_lock(&softc->ctl_lock);
2809 		lun = softc->ctl_luns[delete_desc->lun_id];
2810 		if (lun == NULL) {
2811 			mtx_unlock(&softc->ctl_lock);
2812 			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2813 			       __func__, (uintmax_t)delete_desc->lun_id);
2814 			retval = EINVAL;
2815 			break;
2816 		}
2817 		mtx_lock(&lun->lun_lock);
2818 		mtx_unlock(&softc->ctl_lock);
2819 		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2820 			if (desc->serial != delete_desc->serial)
2821 				continue;
2822 
2823 			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2824 				      links);
2825 			free(desc, M_CTL);
2826 			delete_done = 1;
2827 		}
2828 		mtx_unlock(&lun->lun_lock);
2829 		if (delete_done == 0) {
2830 			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2831 			       "error serial %ju on LUN %u\n", __func__,
2832 			       delete_desc->serial, delete_desc->lun_id);
2833 			retval = EINVAL;
2834 			break;
2835 		}
2836 		break;
2837 	}
2838 	case CTL_DUMP_STRUCTS: {
2839 		int i, j, k;
2840 		struct ctl_port *port;
2841 		struct ctl_frontend *fe;
2842 
2843 		mtx_lock(&softc->ctl_lock);
2844 		printf("CTL Persistent Reservation information start:\n");
2845 		for (i = 0; i < CTL_MAX_LUNS; i++) {
2846 			lun = softc->ctl_luns[i];
2847 
2848 			if ((lun == NULL)
2849 			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2850 				continue;
2851 
2852 			for (j = 0; j < CTL_MAX_PORTS; j++) {
2853 				if (lun->pr_keys[j] == NULL)
2854 					continue;
2855 				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2856 					if (lun->pr_keys[j][k] == 0)
2857 						continue;
2858 					printf("  LUN %d port %d iid %d key "
2859 					       "%#jx\n", i, j, k,
2860 					       (uintmax_t)lun->pr_keys[j][k]);
2861 				}
2862 			}
2863 		}
2864 		printf("CTL Persistent Reservation information end\n");
2865 		printf("CTL Ports:\n");
2866 		STAILQ_FOREACH(port, &softc->port_list, links) {
2867 			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2868 			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2869 			       port->frontend->name, port->port_type,
2870 			       port->physical_port, port->virtual_port,
2871 			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2872 			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2873 				if (port->wwpn_iid[j].in_use == 0 &&
2874 				    port->wwpn_iid[j].wwpn == 0 &&
2875 				    port->wwpn_iid[j].name == NULL)
2876 					continue;
2877 
2878 				printf("    iid %u use %d WWPN %#jx '%s'\n",
2879 				    j, port->wwpn_iid[j].in_use,
2880 				    (uintmax_t)port->wwpn_iid[j].wwpn,
2881 				    port->wwpn_iid[j].name);
2882 			}
2883 		}
2884 		printf("CTL Port information end\n");
2885 		mtx_unlock(&softc->ctl_lock);
2886 		/*
2887 		 * XXX KDM calling this without a lock.  We'd likely want
2888 		 * to drop the lock before calling the frontend's dump
2889 		 * routine anyway.
2890 		 */
2891 		printf("CTL Frontends:\n");
2892 		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2893 			printf("  Frontend '%s'\n", fe->name);
2894 			if (fe->fe_dump != NULL)
2895 				fe->fe_dump();
2896 		}
2897 		printf("CTL Frontend information end\n");
2898 		break;
2899 	}
2900 	case CTL_LUN_REQ: {
2901 		struct ctl_lun_req *lun_req;
2902 		struct ctl_backend_driver *backend;
2903 
2904 		lun_req = (struct ctl_lun_req *)addr;
2905 
2906 		backend = ctl_backend_find(lun_req->backend);
2907 		if (backend == NULL) {
2908 			lun_req->status = CTL_LUN_ERROR;
2909 			snprintf(lun_req->error_str,
2910 				 sizeof(lun_req->error_str),
2911 				 "Backend \"%s\" not found.",
2912 				 lun_req->backend);
2913 			break;
2914 		}
2915 		if (lun_req->num_be_args > 0) {
2916 			lun_req->kern_be_args = ctl_copyin_args(
2917 				lun_req->num_be_args,
2918 				lun_req->be_args,
2919 				lun_req->error_str,
2920 				sizeof(lun_req->error_str));
2921 			if (lun_req->kern_be_args == NULL) {
2922 				lun_req->status = CTL_LUN_ERROR;
2923 				break;
2924 			}
2925 		}
2926 
2927 		retval = backend->ioctl(dev, cmd, addr, flag, td);
2928 
2929 		if (lun_req->num_be_args > 0) {
2930 			ctl_copyout_args(lun_req->num_be_args,
2931 				      lun_req->kern_be_args);
2932 			ctl_free_args(lun_req->num_be_args,
2933 				      lun_req->kern_be_args);
2934 		}
2935 		break;
2936 	}
2937 	case CTL_LUN_LIST: {
2938 		struct sbuf *sb;
2939 		struct ctl_lun_list *list;
2940 		struct ctl_option *opt;
2941 
2942 		list = (struct ctl_lun_list *)addr;
2943 
2944 		/*
2945 		 * Allocate a fixed length sbuf here, based on the length
2946 		 * of the user's buffer.  We could allocate an auto-extending
2947 		 * buffer, and then tell the user how much larger our
2948 		 * amount of data is than his buffer, but that presents
2949 		 * some problems:
2950 		 *
2951 		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2952 		 *     we can't hold a lock while calling them with an
2953 		 *     auto-extending buffer.
2954  		 *
2955 		 * 2.  There is not currently a LUN reference counting
2956 		 *     mechanism, outside of outstanding transactions on
2957 		 *     the LUN's OOA queue.  So a LUN could go away on us
2958 		 *     while we're getting the LUN number, backend-specific
2959 		 *     information, etc.  Thus, given the way things
2960 		 *     currently work, we need to hold the CTL lock while
2961 		 *     grabbing LUN information.
2962 		 *
2963 		 * So, from the user's standpoint, the best thing to do is
2964 		 * allocate what he thinks is a reasonable buffer length,
2965 		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2966 		 * double the buffer length and try again.  (And repeat
2967 		 * that until he succeeds.)
2968 		 */
2969 		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2970 		if (sb == NULL) {
2971 			list->status = CTL_LUN_LIST_ERROR;
2972 			snprintf(list->error_str, sizeof(list->error_str),
2973 				 "Unable to allocate %d bytes for LUN list",
2974 				 list->alloc_len);
2975 			break;
2976 		}
2977 
2978 		sbuf_printf(sb, "<ctllunlist>\n");
2979 
2980 		mtx_lock(&softc->ctl_lock);
2981 		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2982 			mtx_lock(&lun->lun_lock);
2983 			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2984 					     (uintmax_t)lun->lun);
2985 
2986 			/*
2987 			 * Bail out as soon as we see that we've overfilled
2988 			 * the buffer.
2989 			 */
2990 			if (retval != 0)
2991 				break;
2992 
2993 			retval = sbuf_printf(sb, "\t<backend_type>%s"
2994 					     "</backend_type>\n",
2995 					     (lun->backend == NULL) ?  "none" :
2996 					     lun->backend->name);
2997 
2998 			if (retval != 0)
2999 				break;
3000 
3001 			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3002 					     lun->be_lun->lun_type);
3003 
3004 			if (retval != 0)
3005 				break;
3006 
3007 			if (lun->backend == NULL) {
3008 				retval = sbuf_printf(sb, "</lun>\n");
3009 				if (retval != 0)
3010 					break;
3011 				continue;
3012 			}
3013 
3014 			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3015 					     (lun->be_lun->maxlba > 0) ?
3016 					     lun->be_lun->maxlba + 1 : 0);
3017 
3018 			if (retval != 0)
3019 				break;
3020 
3021 			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3022 					     lun->be_lun->blocksize);
3023 
3024 			if (retval != 0)
3025 				break;
3026 
3027 			retval = sbuf_printf(sb, "\t<serial_number>");
3028 
3029 			if (retval != 0)
3030 				break;
3031 
3032 			retval = ctl_sbuf_printf_esc(sb,
3033 			    lun->be_lun->serial_num,
3034 			    sizeof(lun->be_lun->serial_num));
3035 
3036 			if (retval != 0)
3037 				break;
3038 
3039 			retval = sbuf_printf(sb, "</serial_number>\n");
3040 
3041 			if (retval != 0)
3042 				break;
3043 
3044 			retval = sbuf_printf(sb, "\t<device_id>");
3045 
3046 			if (retval != 0)
3047 				break;
3048 
3049 			retval = ctl_sbuf_printf_esc(sb,
3050 			    lun->be_lun->device_id,
3051 			    sizeof(lun->be_lun->device_id));
3052 
3053 			if (retval != 0)
3054 				break;
3055 
3056 			retval = sbuf_printf(sb, "</device_id>\n");
3057 
3058 			if (retval != 0)
3059 				break;
3060 
3061 			if (lun->backend->lun_info != NULL) {
3062 				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3063 				if (retval != 0)
3064 					break;
3065 			}
3066 			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3067 				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3068 				    opt->name, opt->value, opt->name);
3069 				if (retval != 0)
3070 					break;
3071 			}
3072 
3073 			retval = sbuf_printf(sb, "</lun>\n");
3074 
3075 			if (retval != 0)
3076 				break;
3077 			mtx_unlock(&lun->lun_lock);
3078 		}
3079 		if (lun != NULL)
3080 			mtx_unlock(&lun->lun_lock);
3081 		mtx_unlock(&softc->ctl_lock);
3082 
3083 		if ((retval != 0)
3084 		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3085 			retval = 0;
3086 			sbuf_delete(sb);
3087 			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3088 			snprintf(list->error_str, sizeof(list->error_str),
3089 				 "Out of space, %d bytes is too small",
3090 				 list->alloc_len);
3091 			break;
3092 		}
3093 
3094 		sbuf_finish(sb);
3095 
3096 		retval = copyout(sbuf_data(sb), list->lun_xml,
3097 				 sbuf_len(sb) + 1);
3098 
3099 		list->fill_len = sbuf_len(sb) + 1;
3100 		list->status = CTL_LUN_LIST_OK;
3101 		sbuf_delete(sb);
3102 		break;
3103 	}
3104 	case CTL_ISCSI: {
3105 		struct ctl_iscsi *ci;
3106 		struct ctl_frontend *fe;
3107 
3108 		ci = (struct ctl_iscsi *)addr;
3109 
3110 		fe = ctl_frontend_find("iscsi");
3111 		if (fe == NULL) {
3112 			ci->status = CTL_ISCSI_ERROR;
3113 			snprintf(ci->error_str, sizeof(ci->error_str),
3114 			    "Frontend \"iscsi\" not found.");
3115 			break;
3116 		}
3117 
3118 		retval = fe->ioctl(dev, cmd, addr, flag, td);
3119 		break;
3120 	}
3121 	case CTL_PORT_REQ: {
3122 		struct ctl_req *req;
3123 		struct ctl_frontend *fe;
3124 
3125 		req = (struct ctl_req *)addr;
3126 
3127 		fe = ctl_frontend_find(req->driver);
3128 		if (fe == NULL) {
3129 			req->status = CTL_LUN_ERROR;
3130 			snprintf(req->error_str, sizeof(req->error_str),
3131 			    "Frontend \"%s\" not found.", req->driver);
3132 			break;
3133 		}
3134 		if (req->num_args > 0) {
3135 			req->kern_args = ctl_copyin_args(req->num_args,
3136 			    req->args, req->error_str, sizeof(req->error_str));
3137 			if (req->kern_args == NULL) {
3138 				req->status = CTL_LUN_ERROR;
3139 				break;
3140 			}
3141 		}
3142 
3143 		if (fe->ioctl)
3144 			retval = fe->ioctl(dev, cmd, addr, flag, td);
3145 		else
3146 			retval = ENODEV;
3147 
3148 		if (req->num_args > 0) {
3149 			ctl_copyout_args(req->num_args, req->kern_args);
3150 			ctl_free_args(req->num_args, req->kern_args);
3151 		}
3152 		break;
3153 	}
3154 	case CTL_PORT_LIST: {
3155 		struct sbuf *sb;
3156 		struct ctl_port *port;
3157 		struct ctl_lun_list *list;
3158 		struct ctl_option *opt;
3159 		int j;
3160 		uint32_t plun;
3161 
3162 		list = (struct ctl_lun_list *)addr;
3163 
3164 		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3165 		if (sb == NULL) {
3166 			list->status = CTL_LUN_LIST_ERROR;
3167 			snprintf(list->error_str, sizeof(list->error_str),
3168 				 "Unable to allocate %d bytes for LUN list",
3169 				 list->alloc_len);
3170 			break;
3171 		}
3172 
3173 		sbuf_printf(sb, "<ctlportlist>\n");
3174 
3175 		mtx_lock(&softc->ctl_lock);
3176 		STAILQ_FOREACH(port, &softc->port_list, links) {
3177 			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3178 					     (uintmax_t)port->targ_port);
3179 
3180 			/*
3181 			 * Bail out as soon as we see that we've overfilled
3182 			 * the buffer.
3183 			 */
3184 			if (retval != 0)
3185 				break;
3186 
3187 			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3188 			    "</frontend_type>\n", port->frontend->name);
3189 			if (retval != 0)
3190 				break;
3191 
3192 			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3193 					     port->port_type);
3194 			if (retval != 0)
3195 				break;
3196 
3197 			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3198 			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3199 			if (retval != 0)
3200 				break;
3201 
3202 			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3203 			    port->port_name);
3204 			if (retval != 0)
3205 				break;
3206 
3207 			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3208 			    port->physical_port);
3209 			if (retval != 0)
3210 				break;
3211 
3212 			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3213 			    port->virtual_port);
3214 			if (retval != 0)
3215 				break;
3216 
3217 			if (port->target_devid != NULL) {
3218 				sbuf_printf(sb, "\t<target>");
3219 				ctl_id_sbuf(port->target_devid, sb);
3220 				sbuf_printf(sb, "</target>\n");
3221 			}
3222 
3223 			if (port->port_devid != NULL) {
3224 				sbuf_printf(sb, "\t<port>");
3225 				ctl_id_sbuf(port->port_devid, sb);
3226 				sbuf_printf(sb, "</port>\n");
3227 			}
3228 
3229 			if (port->port_info != NULL) {
3230 				retval = port->port_info(port->onoff_arg, sb);
3231 				if (retval != 0)
3232 					break;
3233 			}
3234 			STAILQ_FOREACH(opt, &port->options, links) {
3235 				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3236 				    opt->name, opt->value, opt->name);
3237 				if (retval != 0)
3238 					break;
3239 			}
3240 
3241 			if (port->lun_map != NULL) {
3242 				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3243 				for (j = 0; j < CTL_MAX_LUNS; j++) {
3244 					plun = ctl_lun_map_from_port(port, j);
3245 					if (plun >= CTL_MAX_LUNS)
3246 						continue;
3247 					sbuf_printf(sb,
3248 					    "\t<lun id=\"%u\">%u</lun>\n",
3249 					    j, plun);
3250 				}
3251 			}
3252 
3253 			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3254 				if (port->wwpn_iid[j].in_use == 0 ||
3255 				    (port->wwpn_iid[j].wwpn == 0 &&
3256 				     port->wwpn_iid[j].name == NULL))
3257 					continue;
3258 
3259 				if (port->wwpn_iid[j].name != NULL)
3260 					retval = sbuf_printf(sb,
3261 					    "\t<initiator id=\"%u\">%s</initiator>\n",
3262 					    j, port->wwpn_iid[j].name);
3263 				else
3264 					retval = sbuf_printf(sb,
3265 					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3266 					    j, port->wwpn_iid[j].wwpn);
3267 				if (retval != 0)
3268 					break;
3269 			}
3270 			if (retval != 0)
3271 				break;
3272 
3273 			retval = sbuf_printf(sb, "</targ_port>\n");
3274 			if (retval != 0)
3275 				break;
3276 		}
3277 		mtx_unlock(&softc->ctl_lock);
3278 
3279 		if ((retval != 0)
3280 		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3281 			retval = 0;
3282 			sbuf_delete(sb);
3283 			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3284 			snprintf(list->error_str, sizeof(list->error_str),
3285 				 "Out of space, %d bytes is too small",
3286 				 list->alloc_len);
3287 			break;
3288 		}
3289 
3290 		sbuf_finish(sb);
3291 
3292 		retval = copyout(sbuf_data(sb), list->lun_xml,
3293 				 sbuf_len(sb) + 1);
3294 
3295 		list->fill_len = sbuf_len(sb) + 1;
3296 		list->status = CTL_LUN_LIST_OK;
3297 		sbuf_delete(sb);
3298 		break;
3299 	}
3300 	case CTL_LUN_MAP: {
3301 		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3302 		struct ctl_port *port;
3303 
3304 		mtx_lock(&softc->ctl_lock);
3305 		if (lm->port < softc->port_min ||
3306 		    lm->port >= softc->port_max ||
3307 		    (port = softc->ctl_ports[lm->port]) == NULL) {
3308 			mtx_unlock(&softc->ctl_lock);
3309 			return (ENXIO);
3310 		}
3311 		if (port->status & CTL_PORT_STATUS_ONLINE) {
3312 			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3313 				if (ctl_lun_map_to_port(port, lun->lun) >=
3314 				    CTL_MAX_LUNS)
3315 					continue;
3316 				mtx_lock(&lun->lun_lock);
3317 				ctl_est_ua_port(lun, lm->port, -1,
3318 				    CTL_UA_LUN_CHANGE);
3319 				mtx_unlock(&lun->lun_lock);
3320 			}
3321 		}
3322 		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3323 		if (lm->plun < CTL_MAX_LUNS) {
3324 			if (lm->lun == UINT32_MAX)
3325 				retval = ctl_lun_map_unset(port, lm->plun);
3326 			else if (lm->lun < CTL_MAX_LUNS &&
3327 			    softc->ctl_luns[lm->lun] != NULL)
3328 				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3329 			else
3330 				return (ENXIO);
3331 		} else if (lm->plun == UINT32_MAX) {
3332 			if (lm->lun == UINT32_MAX)
3333 				retval = ctl_lun_map_deinit(port);
3334 			else
3335 				retval = ctl_lun_map_init(port);
3336 		} else
3337 			return (ENXIO);
3338 		if (port->status & CTL_PORT_STATUS_ONLINE)
3339 			ctl_isc_announce_port(port);
3340 		break;
3341 	}
3342 	default: {
3343 		/* XXX KDM should we fix this? */
3344 #if 0
3345 		struct ctl_backend_driver *backend;
3346 		unsigned int type;
3347 		int found;
3348 
3349 		found = 0;
3350 
3351 		/*
3352 		 * We encode the backend type as the ioctl type for backend
3353 		 * ioctls.  So parse it out here, and then search for a
3354 		 * backend of this type.
3355 		 */
3356 		type = _IOC_TYPE(cmd);
3357 
3358 		STAILQ_FOREACH(backend, &softc->be_list, links) {
3359 			if (backend->type == type) {
3360 				found = 1;
3361 				break;
3362 			}
3363 		}
3364 		if (found == 0) {
3365 			printf("ctl: unknown ioctl command %#lx or backend "
3366 			       "%d\n", cmd, type);
3367 			retval = EINVAL;
3368 			break;
3369 		}
3370 		retval = backend->ioctl(dev, cmd, addr, flag, td);
3371 #endif
3372 		retval = ENOTTY;
3373 		break;
3374 	}
3375 	}
3376 	return (retval);
3377 }
3378 
3379 uint32_t
3380 ctl_get_initindex(struct ctl_nexus *nexus)
3381 {
3382 	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3383 }
3384 
3385 int
3386 ctl_lun_map_init(struct ctl_port *port)
3387 {
3388 	struct ctl_softc *softc = port->ctl_softc;
3389 	struct ctl_lun *lun;
3390 	uint32_t i;
3391 
3392 	if (port->lun_map == NULL)
3393 		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3394 		    M_CTL, M_NOWAIT);
3395 	if (port->lun_map == NULL)
3396 		return (ENOMEM);
3397 	for (i = 0; i < CTL_MAX_LUNS; i++)
3398 		port->lun_map[i] = UINT32_MAX;
3399 	if (port->status & CTL_PORT_STATUS_ONLINE) {
3400 		if (port->lun_disable != NULL) {
3401 			STAILQ_FOREACH(lun, &softc->lun_list, links)
3402 				port->lun_disable(port->targ_lun_arg, lun->lun);
3403 		}
3404 		ctl_isc_announce_port(port);
3405 	}
3406 	return (0);
3407 }
3408 
3409 int
3410 ctl_lun_map_deinit(struct ctl_port *port)
3411 {
3412 	struct ctl_softc *softc = port->ctl_softc;
3413 	struct ctl_lun *lun;
3414 
3415 	if (port->lun_map == NULL)
3416 		return (0);
3417 	free(port->lun_map, M_CTL);
3418 	port->lun_map = NULL;
3419 	if (port->status & CTL_PORT_STATUS_ONLINE) {
3420 		if (port->lun_enable != NULL) {
3421 			STAILQ_FOREACH(lun, &softc->lun_list, links)
3422 				port->lun_enable(port->targ_lun_arg, lun->lun);
3423 		}
3424 		ctl_isc_announce_port(port);
3425 	}
3426 	return (0);
3427 }
3428 
3429 int
3430 ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3431 {
3432 	int status;
3433 	uint32_t old;
3434 
3435 	if (port->lun_map == NULL) {
3436 		status = ctl_lun_map_init(port);
3437 		if (status != 0)
3438 			return (status);
3439 	}
3440 	old = port->lun_map[plun];
3441 	port->lun_map[plun] = glun;
3442 	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3443 		if (port->lun_enable != NULL)
3444 			port->lun_enable(port->targ_lun_arg, plun);
3445 		ctl_isc_announce_port(port);
3446 	}
3447 	return (0);
3448 }
3449 
3450 int
3451 ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3452 {
3453 	uint32_t old;
3454 
3455 	if (port->lun_map == NULL)
3456 		return (0);
3457 	old = port->lun_map[plun];
3458 	port->lun_map[plun] = UINT32_MAX;
3459 	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3460 		if (port->lun_disable != NULL)
3461 			port->lun_disable(port->targ_lun_arg, plun);
3462 		ctl_isc_announce_port(port);
3463 	}
3464 	return (0);
3465 }
3466 
3467 uint32_t
3468 ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3469 {
3470 
3471 	if (port == NULL)
3472 		return (UINT32_MAX);
3473 	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3474 		return (lun_id);
3475 	return (port->lun_map[lun_id]);
3476 }
3477 
3478 uint32_t
3479 ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3480 {
3481 	uint32_t i;
3482 
3483 	if (port == NULL)
3484 		return (UINT32_MAX);
3485 	if (port->lun_map == NULL)
3486 		return (lun_id);
3487 	for (i = 0; i < CTL_MAX_LUNS; i++) {
3488 		if (port->lun_map[i] == lun_id)
3489 			return (i);
3490 	}
3491 	return (UINT32_MAX);
3492 }
3493 
3494 static struct ctl_port *
3495 ctl_io_port(struct ctl_io_hdr *io_hdr)
3496 {
3497 
3498 	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3499 }
3500 
3501 int
3502 ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3503 {
3504 	int i;
3505 
3506 	for (i = first; i < last; i++) {
3507 		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3508 			return (i);
3509 	}
3510 	return (-1);
3511 }
3512 
3513 int
3514 ctl_set_mask(uint32_t *mask, uint32_t bit)
3515 {
3516 	uint32_t chunk, piece;
3517 
3518 	chunk = bit >> 5;
3519 	piece = bit % (sizeof(uint32_t) * 8);
3520 
3521 	if ((mask[chunk] & (1 << piece)) != 0)
3522 		return (-1);
3523 	else
3524 		mask[chunk] |= (1 << piece);
3525 
3526 	return (0);
3527 }
3528 
3529 int
3530 ctl_clear_mask(uint32_t *mask, uint32_t bit)
3531 {
3532 	uint32_t chunk, piece;
3533 
3534 	chunk = bit >> 5;
3535 	piece = bit % (sizeof(uint32_t) * 8);
3536 
3537 	if ((mask[chunk] & (1 << piece)) == 0)
3538 		return (-1);
3539 	else
3540 		mask[chunk] &= ~(1 << piece);
3541 
3542 	return (0);
3543 }
3544 
3545 int
3546 ctl_is_set(uint32_t *mask, uint32_t bit)
3547 {
3548 	uint32_t chunk, piece;
3549 
3550 	chunk = bit >> 5;
3551 	piece = bit % (sizeof(uint32_t) * 8);
3552 
3553 	if ((mask[chunk] & (1 << piece)) == 0)
3554 		return (0);
3555 	else
3556 		return (1);
3557 }
3558 
3559 static uint64_t
3560 ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3561 {
3562 	uint64_t *t;
3563 
3564 	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3565 	if (t == NULL)
3566 		return (0);
3567 	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3568 }
3569 
3570 static void
3571 ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3572 {
3573 	uint64_t *t;
3574 
3575 	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3576 	if (t == NULL)
3577 		return;
3578 	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3579 }
3580 
3581 static void
3582 ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3583 {
3584 	uint64_t *p;
3585 	u_int i;
3586 
3587 	i = residx/CTL_MAX_INIT_PER_PORT;
3588 	if (lun->pr_keys[i] != NULL)
3589 		return;
3590 	mtx_unlock(&lun->lun_lock);
3591 	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3592 	    M_WAITOK | M_ZERO);
3593 	mtx_lock(&lun->lun_lock);
3594 	if (lun->pr_keys[i] == NULL)
3595 		lun->pr_keys[i] = p;
3596 	else
3597 		free(p, M_CTL);
3598 }
3599 
3600 static void
3601 ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3602 {
3603 	uint64_t *t;
3604 
3605 	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3606 	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3607 	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3608 }
3609 
3610 /*
3611  * ctl_softc, pool_name, total_ctl_io are passed in.
3612  * npool is passed out.
3613  */
3614 int
3615 ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3616 		uint32_t total_ctl_io, void **npool)
3617 {
3618 #ifdef IO_POOLS
3619 	struct ctl_io_pool *pool;
3620 
3621 	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3622 					    M_NOWAIT | M_ZERO);
3623 	if (pool == NULL)
3624 		return (ENOMEM);
3625 
3626 	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3627 	pool->ctl_softc = ctl_softc;
3628 	pool->zone = uma_zsecond_create(pool->name, NULL,
3629 	    NULL, NULL, NULL, ctl_softc->io_zone);
3630 	/* uma_prealloc(pool->zone, total_ctl_io); */
3631 
3632 	*npool = pool;
3633 #else
3634 	*npool = ctl_softc->io_zone;
3635 #endif
3636 	return (0);
3637 }
3638 
3639 void
3640 ctl_pool_free(struct ctl_io_pool *pool)
3641 {
3642 
3643 	if (pool == NULL)
3644 		return;
3645 
3646 #ifdef IO_POOLS
3647 	uma_zdestroy(pool->zone);
3648 	free(pool, M_CTL);
3649 #endif
3650 }
3651 
3652 union ctl_io *
3653 ctl_alloc_io(void *pool_ref)
3654 {
3655 	union ctl_io *io;
3656 #ifdef IO_POOLS
3657 	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3658 
3659 	io = uma_zalloc(pool->zone, M_WAITOK);
3660 #else
3661 	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3662 #endif
3663 	if (io != NULL)
3664 		io->io_hdr.pool = pool_ref;
3665 	return (io);
3666 }
3667 
3668 union ctl_io *
3669 ctl_alloc_io_nowait(void *pool_ref)
3670 {
3671 	union ctl_io *io;
3672 #ifdef IO_POOLS
3673 	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3674 
3675 	io = uma_zalloc(pool->zone, M_NOWAIT);
3676 #else
3677 	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3678 #endif
3679 	if (io != NULL)
3680 		io->io_hdr.pool = pool_ref;
3681 	return (io);
3682 }
3683 
3684 void
3685 ctl_free_io(union ctl_io *io)
3686 {
3687 #ifdef IO_POOLS
3688 	struct ctl_io_pool *pool;
3689 #endif
3690 
3691 	if (io == NULL)
3692 		return;
3693 
3694 #ifdef IO_POOLS
3695 	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3696 	uma_zfree(pool->zone, io);
3697 #else
3698 	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3699 #endif
3700 }
3701 
3702 void
3703 ctl_zero_io(union ctl_io *io)
3704 {
3705 	void *pool_ref;
3706 
3707 	if (io == NULL)
3708 		return;
3709 
3710 	/*
3711 	 * May need to preserve linked list pointers at some point too.
3712 	 */
3713 	pool_ref = io->io_hdr.pool;
3714 	memset(io, 0, sizeof(*io));
3715 	io->io_hdr.pool = pool_ref;
3716 }
3717 
3718 /*
3719  * This routine is currently used for internal copies of ctl_ios that need
3720  * to persist for some reason after we've already returned status to the
3721  * FETD.  (Thus the flag set.)
3722  *
3723  * XXX XXX
3724  * Note that this makes a blind copy of all fields in the ctl_io, except
3725  * for the pool reference.  This includes any memory that has been
3726  * allocated!  That memory will no longer be valid after done has been
3727  * called, so this would be VERY DANGEROUS for command that actually does
3728  * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3729  * start and stop commands, which don't transfer any data, so this is not a
3730  * problem.  If it is used for anything else, the caller would also need to
3731  * allocate data buffer space and this routine would need to be modified to
3732  * copy the data buffer(s) as well.
3733  */
3734 void
3735 ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3736 {
3737 	void *pool_ref;
3738 
3739 	if ((src == NULL)
3740 	 || (dest == NULL))
3741 		return;
3742 
3743 	/*
3744 	 * May need to preserve linked list pointers at some point too.
3745 	 */
3746 	pool_ref = dest->io_hdr.pool;
3747 
3748 	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3749 
3750 	dest->io_hdr.pool = pool_ref;
3751 	/*
3752 	 * We need to know that this is an internal copy, and doesn't need
3753 	 * to get passed back to the FETD that allocated it.
3754 	 */
3755 	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3756 }
3757 
3758 int
3759 ctl_expand_number(const char *buf, uint64_t *num)
3760 {
3761 	char *endptr;
3762 	uint64_t number;
3763 	unsigned shift;
3764 
3765 	number = strtoq(buf, &endptr, 0);
3766 
3767 	switch (tolower((unsigned char)*endptr)) {
3768 	case 'e':
3769 		shift = 60;
3770 		break;
3771 	case 'p':
3772 		shift = 50;
3773 		break;
3774 	case 't':
3775 		shift = 40;
3776 		break;
3777 	case 'g':
3778 		shift = 30;
3779 		break;
3780 	case 'm':
3781 		shift = 20;
3782 		break;
3783 	case 'k':
3784 		shift = 10;
3785 		break;
3786 	case 'b':
3787 	case '\0': /* No unit. */
3788 		*num = number;
3789 		return (0);
3790 	default:
3791 		/* Unrecognized unit. */
3792 		return (-1);
3793 	}
3794 
3795 	if ((number << shift) >> shift != number) {
3796 		/* Overflow */
3797 		return (-1);
3798 	}
3799 	*num = number << shift;
3800 	return (0);
3801 }
3802 
3803 
3804 /*
3805  * This routine could be used in the future to load default and/or saved
3806  * mode page parameters for a particuar lun.
3807  */
3808 static int
3809 ctl_init_page_index(struct ctl_lun *lun)
3810 {
3811 	int i;
3812 	struct ctl_page_index *page_index;
3813 	const char *value;
3814 	uint64_t ival;
3815 
3816 	memcpy(&lun->mode_pages.index, page_index_template,
3817 	       sizeof(page_index_template));
3818 
3819 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3820 
3821 		page_index = &lun->mode_pages.index[i];
3822 		if (lun->be_lun->lun_type != T_DIRECT &&
3823 		    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3824 			continue;
3825 
3826 		switch (page_index->page_code & SMPH_PC_MASK) {
3827 		case SMS_RW_ERROR_RECOVERY_PAGE: {
3828 			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3829 				panic("subpage is incorrect!");
3830 			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3831 			       &rw_er_page_default,
3832 			       sizeof(rw_er_page_default));
3833 			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3834 			       &rw_er_page_changeable,
3835 			       sizeof(rw_er_page_changeable));
3836 			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3837 			       &rw_er_page_default,
3838 			       sizeof(rw_er_page_default));
3839 			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3840 			       &rw_er_page_default,
3841 			       sizeof(rw_er_page_default));
3842 			page_index->page_data =
3843 				(uint8_t *)lun->mode_pages.rw_er_page;
3844 			break;
3845 		}
3846 		case SMS_FORMAT_DEVICE_PAGE: {
3847 			struct scsi_format_page *format_page;
3848 
3849 			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3850 				panic("subpage is incorrect!");
3851 
3852 			/*
3853 			 * Sectors per track are set above.  Bytes per
3854 			 * sector need to be set here on a per-LUN basis.
3855 			 */
3856 			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3857 			       &format_page_default,
3858 			       sizeof(format_page_default));
3859 			memcpy(&lun->mode_pages.format_page[
3860 			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3861 			       sizeof(format_page_changeable));
3862 			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3863 			       &format_page_default,
3864 			       sizeof(format_page_default));
3865 			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3866 			       &format_page_default,
3867 			       sizeof(format_page_default));
3868 
3869 			format_page = &lun->mode_pages.format_page[
3870 				CTL_PAGE_CURRENT];
3871 			scsi_ulto2b(lun->be_lun->blocksize,
3872 				    format_page->bytes_per_sector);
3873 
3874 			format_page = &lun->mode_pages.format_page[
3875 				CTL_PAGE_DEFAULT];
3876 			scsi_ulto2b(lun->be_lun->blocksize,
3877 				    format_page->bytes_per_sector);
3878 
3879 			format_page = &lun->mode_pages.format_page[
3880 				CTL_PAGE_SAVED];
3881 			scsi_ulto2b(lun->be_lun->blocksize,
3882 				    format_page->bytes_per_sector);
3883 
3884 			page_index->page_data =
3885 				(uint8_t *)lun->mode_pages.format_page;
3886 			break;
3887 		}
3888 		case SMS_RIGID_DISK_PAGE: {
3889 			struct scsi_rigid_disk_page *rigid_disk_page;
3890 			uint32_t sectors_per_cylinder;
3891 			uint64_t cylinders;
3892 #ifndef	__XSCALE__
3893 			int shift;
3894 #endif /* !__XSCALE__ */
3895 
3896 			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3897 				panic("invalid subpage value %d",
3898 				      page_index->subpage);
3899 
3900 			/*
3901 			 * Rotation rate and sectors per track are set
3902 			 * above.  We calculate the cylinders here based on
3903 			 * capacity.  Due to the number of heads and
3904 			 * sectors per track we're using, smaller arrays
3905 			 * may turn out to have 0 cylinders.  Linux and
3906 			 * FreeBSD don't pay attention to these mode pages
3907 			 * to figure out capacity, but Solaris does.  It
3908 			 * seems to deal with 0 cylinders just fine, and
3909 			 * works out a fake geometry based on the capacity.
3910 			 */
3911 			memcpy(&lun->mode_pages.rigid_disk_page[
3912 			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3913 			       sizeof(rigid_disk_page_default));
3914 			memcpy(&lun->mode_pages.rigid_disk_page[
3915 			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3916 			       sizeof(rigid_disk_page_changeable));
3917 
3918 			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3919 				CTL_DEFAULT_HEADS;
3920 
3921 			/*
3922 			 * The divide method here will be more accurate,
3923 			 * probably, but results in floating point being
3924 			 * used in the kernel on i386 (__udivdi3()).  On the
3925 			 * XScale, though, __udivdi3() is implemented in
3926 			 * software.
3927 			 *
3928 			 * The shift method for cylinder calculation is
3929 			 * accurate if sectors_per_cylinder is a power of
3930 			 * 2.  Otherwise it might be slightly off -- you
3931 			 * might have a bit of a truncation problem.
3932 			 */
3933 #ifdef	__XSCALE__
3934 			cylinders = (lun->be_lun->maxlba + 1) /
3935 				sectors_per_cylinder;
3936 #else
3937 			for (shift = 31; shift > 0; shift--) {
3938 				if (sectors_per_cylinder & (1 << shift))
3939 					break;
3940 			}
3941 			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3942 #endif
3943 
3944 			/*
3945 			 * We've basically got 3 bytes, or 24 bits for the
3946 			 * cylinder size in the mode page.  If we're over,
3947 			 * just round down to 2^24.
3948 			 */
3949 			if (cylinders > 0xffffff)
3950 				cylinders = 0xffffff;
3951 
3952 			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3953 				CTL_PAGE_DEFAULT];
3954 			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3955 
3956 			if ((value = ctl_get_opt(&lun->be_lun->options,
3957 			    "rpm")) != NULL) {
3958 				scsi_ulto2b(strtol(value, NULL, 0),
3959 				     rigid_disk_page->rotation_rate);
3960 			}
3961 
3962 			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3963 			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3964 			       sizeof(rigid_disk_page_default));
3965 			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3966 			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3967 			       sizeof(rigid_disk_page_default));
3968 
3969 			page_index->page_data =
3970 				(uint8_t *)lun->mode_pages.rigid_disk_page;
3971 			break;
3972 		}
3973 		case SMS_CACHING_PAGE: {
3974 			struct scsi_caching_page *caching_page;
3975 
3976 			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3977 				panic("invalid subpage value %d",
3978 				      page_index->subpage);
3979 			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3980 			       &caching_page_default,
3981 			       sizeof(caching_page_default));
3982 			memcpy(&lun->mode_pages.caching_page[
3983 			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3984 			       sizeof(caching_page_changeable));
3985 			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3986 			       &caching_page_default,
3987 			       sizeof(caching_page_default));
3988 			caching_page = &lun->mode_pages.caching_page[
3989 			    CTL_PAGE_SAVED];
3990 			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3991 			if (value != NULL && strcmp(value, "off") == 0)
3992 				caching_page->flags1 &= ~SCP_WCE;
3993 			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3994 			if (value != NULL && strcmp(value, "off") == 0)
3995 				caching_page->flags1 |= SCP_RCD;
3996 			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3997 			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3998 			       sizeof(caching_page_default));
3999 			page_index->page_data =
4000 				(uint8_t *)lun->mode_pages.caching_page;
4001 			break;
4002 		}
4003 		case SMS_CONTROL_MODE_PAGE: {
4004 			switch (page_index->subpage) {
4005 			case SMS_SUBPAGE_PAGE_0: {
4006 				struct scsi_control_page *control_page;
4007 
4008 				memcpy(&lun->mode_pages.control_page[
4009 				    CTL_PAGE_DEFAULT],
4010 				       &control_page_default,
4011 				       sizeof(control_page_default));
4012 				memcpy(&lun->mode_pages.control_page[
4013 				    CTL_PAGE_CHANGEABLE],
4014 				       &control_page_changeable,
4015 				       sizeof(control_page_changeable));
4016 				memcpy(&lun->mode_pages.control_page[
4017 				    CTL_PAGE_SAVED],
4018 				       &control_page_default,
4019 				       sizeof(control_page_default));
4020 				control_page = &lun->mode_pages.control_page[
4021 				    CTL_PAGE_SAVED];
4022 				value = ctl_get_opt(&lun->be_lun->options,
4023 				    "reordering");
4024 				if (value != NULL &&
4025 				    strcmp(value, "unrestricted") == 0) {
4026 					control_page->queue_flags &=
4027 					    ~SCP_QUEUE_ALG_MASK;
4028 					control_page->queue_flags |=
4029 					    SCP_QUEUE_ALG_UNRESTRICTED;
4030 				}
4031 				memcpy(&lun->mode_pages.control_page[
4032 				    CTL_PAGE_CURRENT],
4033 				       &lun->mode_pages.control_page[
4034 				    CTL_PAGE_SAVED],
4035 				       sizeof(control_page_default));
4036 				page_index->page_data =
4037 				    (uint8_t *)lun->mode_pages.control_page;
4038 				break;
4039 			}
4040 			case 0x01:
4041 				memcpy(&lun->mode_pages.control_ext_page[
4042 				    CTL_PAGE_DEFAULT],
4043 				       &control_ext_page_default,
4044 				       sizeof(control_ext_page_default));
4045 				memcpy(&lun->mode_pages.control_ext_page[
4046 				    CTL_PAGE_CHANGEABLE],
4047 				       &control_ext_page_changeable,
4048 				       sizeof(control_ext_page_changeable));
4049 				memcpy(&lun->mode_pages.control_ext_page[
4050 				    CTL_PAGE_SAVED],
4051 				       &control_ext_page_default,
4052 				       sizeof(control_ext_page_default));
4053 				memcpy(&lun->mode_pages.control_ext_page[
4054 				    CTL_PAGE_CURRENT],
4055 				       &lun->mode_pages.control_ext_page[
4056 				    CTL_PAGE_SAVED],
4057 				       sizeof(control_ext_page_default));
4058 				page_index->page_data =
4059 				    (uint8_t *)lun->mode_pages.control_ext_page;
4060 				break;
4061 			}
4062 			break;
4063 		}
4064 		case SMS_INFO_EXCEPTIONS_PAGE: {
4065 			switch (page_index->subpage) {
4066 			case SMS_SUBPAGE_PAGE_0:
4067 				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4068 				       &ie_page_default,
4069 				       sizeof(ie_page_default));
4070 				memcpy(&lun->mode_pages.ie_page[
4071 				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4072 				       sizeof(ie_page_changeable));
4073 				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4074 				       &ie_page_default,
4075 				       sizeof(ie_page_default));
4076 				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4077 				       &ie_page_default,
4078 				       sizeof(ie_page_default));
4079 				page_index->page_data =
4080 					(uint8_t *)lun->mode_pages.ie_page;
4081 				break;
4082 			case 0x02: {
4083 				struct ctl_logical_block_provisioning_page *page;
4084 
4085 				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4086 				       &lbp_page_default,
4087 				       sizeof(lbp_page_default));
4088 				memcpy(&lun->mode_pages.lbp_page[
4089 				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4090 				       sizeof(lbp_page_changeable));
4091 				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4092 				       &lbp_page_default,
4093 				       sizeof(lbp_page_default));
4094 				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4095 				value = ctl_get_opt(&lun->be_lun->options,
4096 				    "avail-threshold");
4097 				if (value != NULL &&
4098 				    ctl_expand_number(value, &ival) == 0) {
4099 					page->descr[0].flags |= SLBPPD_ENABLED |
4100 					    SLBPPD_ARMING_DEC;
4101 					if (lun->be_lun->blocksize)
4102 						ival /= lun->be_lun->blocksize;
4103 					else
4104 						ival /= 512;
4105 					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4106 					    page->descr[0].count);
4107 				}
4108 				value = ctl_get_opt(&lun->be_lun->options,
4109 				    "used-threshold");
4110 				if (value != NULL &&
4111 				    ctl_expand_number(value, &ival) == 0) {
4112 					page->descr[1].flags |= SLBPPD_ENABLED |
4113 					    SLBPPD_ARMING_INC;
4114 					if (lun->be_lun->blocksize)
4115 						ival /= lun->be_lun->blocksize;
4116 					else
4117 						ival /= 512;
4118 					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4119 					    page->descr[1].count);
4120 				}
4121 				value = ctl_get_opt(&lun->be_lun->options,
4122 				    "pool-avail-threshold");
4123 				if (value != NULL &&
4124 				    ctl_expand_number(value, &ival) == 0) {
4125 					page->descr[2].flags |= SLBPPD_ENABLED |
4126 					    SLBPPD_ARMING_DEC;
4127 					if (lun->be_lun->blocksize)
4128 						ival /= lun->be_lun->blocksize;
4129 					else
4130 						ival /= 512;
4131 					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4132 					    page->descr[2].count);
4133 				}
4134 				value = ctl_get_opt(&lun->be_lun->options,
4135 				    "pool-used-threshold");
4136 				if (value != NULL &&
4137 				    ctl_expand_number(value, &ival) == 0) {
4138 					page->descr[3].flags |= SLBPPD_ENABLED |
4139 					    SLBPPD_ARMING_INC;
4140 					if (lun->be_lun->blocksize)
4141 						ival /= lun->be_lun->blocksize;
4142 					else
4143 						ival /= 512;
4144 					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4145 					    page->descr[3].count);
4146 				}
4147 				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4148 				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4149 				       sizeof(lbp_page_default));
4150 				page_index->page_data =
4151 					(uint8_t *)lun->mode_pages.lbp_page;
4152 			}}
4153 			break;
4154 		}
4155 		case SMS_VENDOR_SPECIFIC_PAGE:{
4156 			switch (page_index->subpage) {
4157 			case DBGCNF_SUBPAGE_CODE: {
4158 				memcpy(&lun->mode_pages.debugconf_subpage[
4159 				       CTL_PAGE_CURRENT],
4160 				       &debugconf_page_default,
4161 				       sizeof(debugconf_page_default));
4162 				memcpy(&lun->mode_pages.debugconf_subpage[
4163 				       CTL_PAGE_CHANGEABLE],
4164 				       &debugconf_page_changeable,
4165 				       sizeof(debugconf_page_changeable));
4166 				memcpy(&lun->mode_pages.debugconf_subpage[
4167 				       CTL_PAGE_DEFAULT],
4168 				       &debugconf_page_default,
4169 				       sizeof(debugconf_page_default));
4170 				memcpy(&lun->mode_pages.debugconf_subpage[
4171 				       CTL_PAGE_SAVED],
4172 				       &debugconf_page_default,
4173 				       sizeof(debugconf_page_default));
4174 				page_index->page_data =
4175 				    (uint8_t *)lun->mode_pages.debugconf_subpage;
4176 				break;
4177 			}
4178 			default:
4179 				panic("invalid subpage value %d",
4180 				      page_index->subpage);
4181 				break;
4182 			}
4183    			break;
4184 		}
4185 		default:
4186 			panic("invalid page value %d",
4187 			      page_index->page_code & SMPH_PC_MASK);
4188 			break;
4189     	}
4190 	}
4191 
4192 	return (CTL_RETVAL_COMPLETE);
4193 }
4194 
4195 static int
4196 ctl_init_log_page_index(struct ctl_lun *lun)
4197 {
4198 	struct ctl_page_index *page_index;
4199 	int i, j, k, prev;
4200 
4201 	memcpy(&lun->log_pages.index, log_page_index_template,
4202 	       sizeof(log_page_index_template));
4203 
4204 	prev = -1;
4205 	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4206 
4207 		page_index = &lun->log_pages.index[i];
4208 		if (lun->be_lun->lun_type != T_DIRECT &&
4209 		    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4210 			continue;
4211 
4212 		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4213 		    lun->backend->lun_attr == NULL)
4214 			continue;
4215 
4216 		if (page_index->page_code != prev) {
4217 			lun->log_pages.pages_page[j] = page_index->page_code;
4218 			prev = page_index->page_code;
4219 			j++;
4220 		}
4221 		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4222 		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4223 		k++;
4224 	}
4225 	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4226 	lun->log_pages.index[0].page_len = j;
4227 	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4228 	lun->log_pages.index[1].page_len = k * 2;
4229 	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4230 	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4231 	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4232 	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4233 
4234 	return (CTL_RETVAL_COMPLETE);
4235 }
4236 
4237 static int
4238 hex2bin(const char *str, uint8_t *buf, int buf_size)
4239 {
4240 	int i;
4241 	u_char c;
4242 
4243 	memset(buf, 0, buf_size);
4244 	while (isspace(str[0]))
4245 		str++;
4246 	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4247 		str += 2;
4248 	buf_size *= 2;
4249 	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4250 		c = str[i];
4251 		if (isdigit(c))
4252 			c -= '0';
4253 		else if (isalpha(c))
4254 			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4255 		else
4256 			break;
4257 		if (c >= 16)
4258 			break;
4259 		if ((i & 1) == 0)
4260 			buf[i / 2] |= (c << 4);
4261 		else
4262 			buf[i / 2] |= c;
4263 	}
4264 	return ((i + 1) / 2);
4265 }
4266 
4267 /*
4268  * LUN allocation.
4269  *
4270  * Requirements:
4271  * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4272  *   wants us to allocate the LUN and he can block.
4273  * - ctl_softc is always set
4274  * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4275  *
4276  * Returns 0 for success, non-zero (errno) for failure.
4277  */
4278 static int
4279 ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4280 	      struct ctl_be_lun *const be_lun)
4281 {
4282 	struct ctl_lun *nlun, *lun;
4283 	struct scsi_vpd_id_descriptor *desc;
4284 	struct scsi_vpd_id_t10 *t10id;
4285 	const char *eui, *naa, *scsiname, *vendor;
4286 	int lun_number, i, lun_malloced;
4287 	int devidlen, idlen1, idlen2 = 0, len;
4288 
4289 	if (be_lun == NULL)
4290 		return (EINVAL);
4291 
4292 	/*
4293 	 * We currently only support Direct Access or Processor LUN types.
4294 	 */
4295 	switch (be_lun->lun_type) {
4296 	case T_DIRECT:
4297 		break;
4298 	case T_PROCESSOR:
4299 		break;
4300 	case T_SEQUENTIAL:
4301 	case T_CHANGER:
4302 	default:
4303 		be_lun->lun_config_status(be_lun->be_lun,
4304 					  CTL_LUN_CONFIG_FAILURE);
4305 		break;
4306 	}
4307 	if (ctl_lun == NULL) {
4308 		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4309 		lun_malloced = 1;
4310 	} else {
4311 		lun_malloced = 0;
4312 		lun = ctl_lun;
4313 	}
4314 
4315 	memset(lun, 0, sizeof(*lun));
4316 	if (lun_malloced)
4317 		lun->flags = CTL_LUN_MALLOCED;
4318 
4319 	/* Generate LUN ID. */
4320 	devidlen = max(CTL_DEVID_MIN_LEN,
4321 	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4322 	idlen1 = sizeof(*t10id) + devidlen;
4323 	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4324 	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4325 	if (scsiname != NULL) {
4326 		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4327 		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4328 	}
4329 	eui = ctl_get_opt(&be_lun->options, "eui");
4330 	if (eui != NULL) {
4331 		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4332 	}
4333 	naa = ctl_get_opt(&be_lun->options, "naa");
4334 	if (naa != NULL) {
4335 		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4336 	}
4337 	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4338 	    M_CTL, M_WAITOK | M_ZERO);
4339 	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4340 	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4341 	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4342 	desc->length = idlen1;
4343 	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4344 	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4345 	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4346 		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4347 	} else {
4348 		strncpy(t10id->vendor, vendor,
4349 		    min(sizeof(t10id->vendor), strlen(vendor)));
4350 	}
4351 	strncpy((char *)t10id->vendor_spec_id,
4352 	    (char *)be_lun->device_id, devidlen);
4353 	if (scsiname != NULL) {
4354 		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4355 		    desc->length);
4356 		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4357 		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4358 		    SVPD_ID_TYPE_SCSI_NAME;
4359 		desc->length = idlen2;
4360 		strlcpy(desc->identifier, scsiname, idlen2);
4361 	}
4362 	if (eui != NULL) {
4363 		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4364 		    desc->length);
4365 		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4366 		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4367 		    SVPD_ID_TYPE_EUI64;
4368 		desc->length = hex2bin(eui, desc->identifier, 16);
4369 		desc->length = desc->length > 12 ? 16 :
4370 		    (desc->length > 8 ? 12 : 8);
4371 		len -= 16 - desc->length;
4372 	}
4373 	if (naa != NULL) {
4374 		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4375 		    desc->length);
4376 		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4377 		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4378 		    SVPD_ID_TYPE_NAA;
4379 		desc->length = hex2bin(naa, desc->identifier, 16);
4380 		desc->length = desc->length > 8 ? 16 : 8;
4381 		len -= 16 - desc->length;
4382 	}
4383 	lun->lun_devid->len = len;
4384 
4385 	mtx_lock(&ctl_softc->ctl_lock);
4386 	/*
4387 	 * See if the caller requested a particular LUN number.  If so, see
4388 	 * if it is available.  Otherwise, allocate the first available LUN.
4389 	 */
4390 	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4391 		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4392 		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4393 			mtx_unlock(&ctl_softc->ctl_lock);
4394 			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4395 				printf("ctl: requested LUN ID %d is higher "
4396 				       "than CTL_MAX_LUNS - 1 (%d)\n",
4397 				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4398 			} else {
4399 				/*
4400 				 * XXX KDM return an error, or just assign
4401 				 * another LUN ID in this case??
4402 				 */
4403 				printf("ctl: requested LUN ID %d is already "
4404 				       "in use\n", be_lun->req_lun_id);
4405 			}
4406 			if (lun->flags & CTL_LUN_MALLOCED)
4407 				free(lun, M_CTL);
4408 			be_lun->lun_config_status(be_lun->be_lun,
4409 						  CTL_LUN_CONFIG_FAILURE);
4410 			return (ENOSPC);
4411 		}
4412 		lun_number = be_lun->req_lun_id;
4413 	} else {
4414 		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4415 		if (lun_number == -1) {
4416 			mtx_unlock(&ctl_softc->ctl_lock);
4417 			printf("ctl: can't allocate LUN, out of LUNs\n");
4418 			if (lun->flags & CTL_LUN_MALLOCED)
4419 				free(lun, M_CTL);
4420 			be_lun->lun_config_status(be_lun->be_lun,
4421 						  CTL_LUN_CONFIG_FAILURE);
4422 			return (ENOSPC);
4423 		}
4424 	}
4425 	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4426 
4427 	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4428 	lun->lun = lun_number;
4429 	lun->be_lun = be_lun;
4430 	/*
4431 	 * The processor LUN is always enabled.  Disk LUNs come on line
4432 	 * disabled, and must be enabled by the backend.
4433 	 */
4434 	lun->flags |= CTL_LUN_DISABLED;
4435 	lun->backend = be_lun->be;
4436 	be_lun->ctl_lun = lun;
4437 	be_lun->lun_id = lun_number;
4438 	atomic_add_int(&be_lun->be->num_luns, 1);
4439 	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4440 		lun->flags |= CTL_LUN_OFFLINE;
4441 
4442 	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4443 		lun->flags |= CTL_LUN_STOPPED;
4444 
4445 	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4446 		lun->flags |= CTL_LUN_INOPERABLE;
4447 
4448 	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4449 		lun->flags |= CTL_LUN_PRIMARY_SC;
4450 
4451 	lun->ctl_softc = ctl_softc;
4452 #ifdef CTL_TIME_IO
4453 	lun->last_busy = getsbinuptime();
4454 #endif
4455 	TAILQ_INIT(&lun->ooa_queue);
4456 	TAILQ_INIT(&lun->blocked_queue);
4457 	STAILQ_INIT(&lun->error_list);
4458 	ctl_tpc_lun_init(lun);
4459 
4460 	/*
4461 	 * Initialize the mode and log page index.
4462 	 */
4463 	ctl_init_page_index(lun);
4464 	ctl_init_log_page_index(lun);
4465 
4466 	/*
4467 	 * Now, before we insert this lun on the lun list, set the lun
4468 	 * inventory changed UA for all other luns.
4469 	 */
4470 	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4471 		mtx_lock(&nlun->lun_lock);
4472 		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4473 		mtx_unlock(&nlun->lun_lock);
4474 	}
4475 
4476 	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4477 
4478 	ctl_softc->ctl_luns[lun_number] = lun;
4479 
4480 	ctl_softc->num_luns++;
4481 
4482 	/* Setup statistics gathering */
4483 	lun->stats.device_type = be_lun->lun_type;
4484 	lun->stats.lun_number = lun_number;
4485 	lun->stats.blocksize = be_lun->blocksize;
4486 	if (be_lun->blocksize == 0)
4487 		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4488 	for (i = 0;i < CTL_MAX_PORTS;i++)
4489 		lun->stats.ports[i].targ_port = i;
4490 
4491 	mtx_unlock(&ctl_softc->ctl_lock);
4492 
4493 	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4494 	return (0);
4495 }
4496 
4497 /*
4498  * Delete a LUN.
4499  * Assumptions:
4500  * - LUN has already been marked invalid and any pending I/O has been taken
4501  *   care of.
4502  */
4503 static int
4504 ctl_free_lun(struct ctl_lun *lun)
4505 {
4506 	struct ctl_softc *softc;
4507 	struct ctl_lun *nlun;
4508 	int i;
4509 
4510 	softc = lun->ctl_softc;
4511 
4512 	mtx_assert(&softc->ctl_lock, MA_OWNED);
4513 
4514 	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4515 
4516 	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4517 
4518 	softc->ctl_luns[lun->lun] = NULL;
4519 
4520 	if (!TAILQ_EMPTY(&lun->ooa_queue))
4521 		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4522 
4523 	softc->num_luns--;
4524 
4525 	/*
4526 	 * Tell the backend to free resources, if this LUN has a backend.
4527 	 */
4528 	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4529 	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4530 
4531 	ctl_tpc_lun_shutdown(lun);
4532 	mtx_destroy(&lun->lun_lock);
4533 	free(lun->lun_devid, M_CTL);
4534 	for (i = 0; i < CTL_MAX_PORTS; i++)
4535 		free(lun->pending_ua[i], M_CTL);
4536 	for (i = 0; i < CTL_MAX_PORTS; i++)
4537 		free(lun->pr_keys[i], M_CTL);
4538 	free(lun->write_buffer, M_CTL);
4539 	if (lun->flags & CTL_LUN_MALLOCED)
4540 		free(lun, M_CTL);
4541 
4542 	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4543 		mtx_lock(&nlun->lun_lock);
4544 		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4545 		mtx_unlock(&nlun->lun_lock);
4546 	}
4547 
4548 	return (0);
4549 }
4550 
4551 static void
4552 ctl_create_lun(struct ctl_be_lun *be_lun)
4553 {
4554 
4555 	/*
4556 	 * ctl_alloc_lun() should handle all potential failure cases.
4557 	 */
4558 	ctl_alloc_lun(control_softc, NULL, be_lun);
4559 }
4560 
4561 int
4562 ctl_add_lun(struct ctl_be_lun *be_lun)
4563 {
4564 	struct ctl_softc *softc = control_softc;
4565 
4566 	mtx_lock(&softc->ctl_lock);
4567 	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4568 	mtx_unlock(&softc->ctl_lock);
4569 	wakeup(&softc->pending_lun_queue);
4570 
4571 	return (0);
4572 }
4573 
4574 int
4575 ctl_enable_lun(struct ctl_be_lun *be_lun)
4576 {
4577 	struct ctl_softc *softc;
4578 	struct ctl_port *port, *nport;
4579 	struct ctl_lun *lun;
4580 	int retval;
4581 
4582 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4583 	softc = lun->ctl_softc;
4584 
4585 	mtx_lock(&softc->ctl_lock);
4586 	mtx_lock(&lun->lun_lock);
4587 	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4588 		/*
4589 		 * eh?  Why did we get called if the LUN is already
4590 		 * enabled?
4591 		 */
4592 		mtx_unlock(&lun->lun_lock);
4593 		mtx_unlock(&softc->ctl_lock);
4594 		return (0);
4595 	}
4596 	lun->flags &= ~CTL_LUN_DISABLED;
4597 	mtx_unlock(&lun->lun_lock);
4598 
4599 	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4600 		nport = STAILQ_NEXT(port, links);
4601 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4602 		    port->lun_map != NULL || port->lun_enable == NULL)
4603 			continue;
4604 
4605 		/*
4606 		 * Drop the lock while we call the FETD's enable routine.
4607 		 * This can lead to a callback into CTL (at least in the
4608 		 * case of the internal initiator frontend.
4609 		 */
4610 		mtx_unlock(&softc->ctl_lock);
4611 		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4612 		mtx_lock(&softc->ctl_lock);
4613 		if (retval != 0) {
4614 			printf("%s: FETD %s port %d returned error "
4615 			       "%d for lun_enable on lun %jd\n",
4616 			       __func__, port->port_name, port->targ_port,
4617 			       retval, (intmax_t)lun->lun);
4618 		}
4619 	}
4620 
4621 	mtx_unlock(&softc->ctl_lock);
4622 	ctl_isc_announce_lun(lun);
4623 
4624 	return (0);
4625 }
4626 
4627 int
4628 ctl_disable_lun(struct ctl_be_lun *be_lun)
4629 {
4630 	struct ctl_softc *softc;
4631 	struct ctl_port *port;
4632 	struct ctl_lun *lun;
4633 	int retval;
4634 
4635 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4636 	softc = lun->ctl_softc;
4637 
4638 	mtx_lock(&softc->ctl_lock);
4639 	mtx_lock(&lun->lun_lock);
4640 	if (lun->flags & CTL_LUN_DISABLED) {
4641 		mtx_unlock(&lun->lun_lock);
4642 		mtx_unlock(&softc->ctl_lock);
4643 		return (0);
4644 	}
4645 	lun->flags |= CTL_LUN_DISABLED;
4646 	mtx_unlock(&lun->lun_lock);
4647 
4648 	STAILQ_FOREACH(port, &softc->port_list, links) {
4649 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4650 		    port->lun_map != NULL || port->lun_disable == NULL)
4651 			continue;
4652 
4653 		/*
4654 		 * Drop the lock before we call the frontend's disable
4655 		 * routine, to avoid lock order reversals.
4656 		 *
4657 		 * XXX KDM what happens if the frontend list changes while
4658 		 * we're traversing it?  It's unlikely, but should be handled.
4659 		 */
4660 		mtx_unlock(&softc->ctl_lock);
4661 		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4662 		mtx_lock(&softc->ctl_lock);
4663 		if (retval != 0) {
4664 			printf("%s: FETD %s port %d returned error "
4665 			       "%d for lun_disable on lun %jd\n",
4666 			       __func__, port->port_name, port->targ_port,
4667 			       retval, (intmax_t)lun->lun);
4668 		}
4669 	}
4670 
4671 	mtx_unlock(&softc->ctl_lock);
4672 	ctl_isc_announce_lun(lun);
4673 
4674 	return (0);
4675 }
4676 
4677 int
4678 ctl_start_lun(struct ctl_be_lun *be_lun)
4679 {
4680 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4681 
4682 	mtx_lock(&lun->lun_lock);
4683 	lun->flags &= ~CTL_LUN_STOPPED;
4684 	mtx_unlock(&lun->lun_lock);
4685 	return (0);
4686 }
4687 
4688 int
4689 ctl_stop_lun(struct ctl_be_lun *be_lun)
4690 {
4691 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4692 
4693 	mtx_lock(&lun->lun_lock);
4694 	lun->flags |= CTL_LUN_STOPPED;
4695 	mtx_unlock(&lun->lun_lock);
4696 	return (0);
4697 }
4698 
4699 int
4700 ctl_lun_offline(struct ctl_be_lun *be_lun)
4701 {
4702 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4703 
4704 	mtx_lock(&lun->lun_lock);
4705 	lun->flags |= CTL_LUN_OFFLINE;
4706 	mtx_unlock(&lun->lun_lock);
4707 	return (0);
4708 }
4709 
4710 int
4711 ctl_lun_online(struct ctl_be_lun *be_lun)
4712 {
4713 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4714 
4715 	mtx_lock(&lun->lun_lock);
4716 	lun->flags &= ~CTL_LUN_OFFLINE;
4717 	mtx_unlock(&lun->lun_lock);
4718 	return (0);
4719 }
4720 
4721 int
4722 ctl_lun_primary(struct ctl_be_lun *be_lun)
4723 {
4724 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4725 
4726 	mtx_lock(&lun->lun_lock);
4727 	lun->flags |= CTL_LUN_PRIMARY_SC;
4728 	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4729 	mtx_unlock(&lun->lun_lock);
4730 	ctl_isc_announce_lun(lun);
4731 	return (0);
4732 }
4733 
4734 int
4735 ctl_lun_secondary(struct ctl_be_lun *be_lun)
4736 {
4737 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4738 
4739 	mtx_lock(&lun->lun_lock);
4740 	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4741 	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4742 	mtx_unlock(&lun->lun_lock);
4743 	ctl_isc_announce_lun(lun);
4744 	return (0);
4745 }
4746 
4747 int
4748 ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4749 {
4750 	struct ctl_softc *softc;
4751 	struct ctl_lun *lun;
4752 
4753 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4754 	softc = lun->ctl_softc;
4755 
4756 	mtx_lock(&lun->lun_lock);
4757 
4758 	/*
4759 	 * The LUN needs to be disabled before it can be marked invalid.
4760 	 */
4761 	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4762 		mtx_unlock(&lun->lun_lock);
4763 		return (-1);
4764 	}
4765 	/*
4766 	 * Mark the LUN invalid.
4767 	 */
4768 	lun->flags |= CTL_LUN_INVALID;
4769 
4770 	/*
4771 	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4772 	 * If we have something in the OOA queue, we'll free it when the
4773 	 * last I/O completes.
4774 	 */
4775 	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4776 		mtx_unlock(&lun->lun_lock);
4777 		mtx_lock(&softc->ctl_lock);
4778 		ctl_free_lun(lun);
4779 		mtx_unlock(&softc->ctl_lock);
4780 	} else
4781 		mtx_unlock(&lun->lun_lock);
4782 
4783 	return (0);
4784 }
4785 
4786 int
4787 ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4788 {
4789 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4790 
4791 	mtx_lock(&lun->lun_lock);
4792 	lun->flags |= CTL_LUN_INOPERABLE;
4793 	mtx_unlock(&lun->lun_lock);
4794 	return (0);
4795 }
4796 
4797 int
4798 ctl_lun_operable(struct ctl_be_lun *be_lun)
4799 {
4800 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4801 
4802 	mtx_lock(&lun->lun_lock);
4803 	lun->flags &= ~CTL_LUN_INOPERABLE;
4804 	mtx_unlock(&lun->lun_lock);
4805 	return (0);
4806 }
4807 
4808 void
4809 ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4810 {
4811 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4812 	union ctl_ha_msg msg;
4813 
4814 	mtx_lock(&lun->lun_lock);
4815 	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4816 	mtx_unlock(&lun->lun_lock);
4817 	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4818 		/* Send msg to other side. */
4819 		bzero(&msg.ua, sizeof(msg.ua));
4820 		msg.hdr.msg_type = CTL_MSG_UA;
4821 		msg.hdr.nexus.initid = -1;
4822 		msg.hdr.nexus.targ_port = -1;
4823 		msg.hdr.nexus.targ_lun = lun->lun;
4824 		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4825 		msg.ua.ua_all = 1;
4826 		msg.ua.ua_set = 1;
4827 		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4828 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4829 		    M_WAITOK);
4830 	}
4831 }
4832 
4833 /*
4834  * Backend "memory move is complete" callback for requests that never
4835  * make it down to say RAIDCore's configuration code.
4836  */
4837 int
4838 ctl_config_move_done(union ctl_io *io)
4839 {
4840 	int retval;
4841 
4842 	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4843 	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4844 	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4845 
4846 	if ((io->io_hdr.port_status != 0) &&
4847 	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4848 	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4849 		/*
4850 		 * For hardware error sense keys, the sense key
4851 		 * specific value is defined to be a retry count,
4852 		 * but we use it to pass back an internal FETD
4853 		 * error code.  XXX KDM  Hopefully the FETD is only
4854 		 * using 16 bits for an error code, since that's
4855 		 * all the space we have in the sks field.
4856 		 */
4857 		ctl_set_internal_failure(&io->scsiio,
4858 					 /*sks_valid*/ 1,
4859 					 /*retry_count*/
4860 					 io->io_hdr.port_status);
4861 	}
4862 
4863 	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4864 		ctl_data_print(io);
4865 	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4866 	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4867 	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4868 	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4869 		/*
4870 		 * XXX KDM just assuming a single pointer here, and not a
4871 		 * S/G list.  If we start using S/G lists for config data,
4872 		 * we'll need to know how to clean them up here as well.
4873 		 */
4874 		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4875 			free(io->scsiio.kern_data_ptr, M_CTL);
4876 		ctl_done(io);
4877 		retval = CTL_RETVAL_COMPLETE;
4878 	} else {
4879 		/*
4880 		 * XXX KDM now we need to continue data movement.  Some
4881 		 * options:
4882 		 * - call ctl_scsiio() again?  We don't do this for data
4883 		 *   writes, because for those at least we know ahead of
4884 		 *   time where the write will go and how long it is.  For
4885 		 *   config writes, though, that information is largely
4886 		 *   contained within the write itself, thus we need to
4887 		 *   parse out the data again.
4888 		 *
4889 		 * - Call some other function once the data is in?
4890 		 */
4891 
4892 		/*
4893 		 * XXX KDM call ctl_scsiio() again for now, and check flag
4894 		 * bits to see whether we're allocated or not.
4895 		 */
4896 		retval = ctl_scsiio(&io->scsiio);
4897 	}
4898 	return (retval);
4899 }
4900 
4901 /*
4902  * This gets called by a backend driver when it is done with a
4903  * data_submit method.
4904  */
4905 void
4906 ctl_data_submit_done(union ctl_io *io)
4907 {
4908 	/*
4909 	 * If the IO_CONT flag is set, we need to call the supplied
4910 	 * function to continue processing the I/O, instead of completing
4911 	 * the I/O just yet.
4912 	 *
4913 	 * If there is an error, though, we don't want to keep processing.
4914 	 * Instead, just send status back to the initiator.
4915 	 */
4916 	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4917 	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4918 	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4919 	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4920 		io->scsiio.io_cont(io);
4921 		return;
4922 	}
4923 	ctl_done(io);
4924 }
4925 
4926 /*
4927  * This gets called by a backend driver when it is done with a
4928  * configuration write.
4929  */
4930 void
4931 ctl_config_write_done(union ctl_io *io)
4932 {
4933 	uint8_t *buf;
4934 
4935 	/*
4936 	 * If the IO_CONT flag is set, we need to call the supplied
4937 	 * function to continue processing the I/O, instead of completing
4938 	 * the I/O just yet.
4939 	 *
4940 	 * If there is an error, though, we don't want to keep processing.
4941 	 * Instead, just send status back to the initiator.
4942 	 */
4943 	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4944 	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4945 	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4946 	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4947 		io->scsiio.io_cont(io);
4948 		return;
4949 	}
4950 	/*
4951 	 * Since a configuration write can be done for commands that actually
4952 	 * have data allocated, like write buffer, and commands that have
4953 	 * no data, like start/stop unit, we need to check here.
4954 	 */
4955 	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4956 		buf = io->scsiio.kern_data_ptr;
4957 	else
4958 		buf = NULL;
4959 	ctl_done(io);
4960 	if (buf)
4961 		free(buf, M_CTL);
4962 }
4963 
4964 void
4965 ctl_config_read_done(union ctl_io *io)
4966 {
4967 	uint8_t *buf;
4968 
4969 	/*
4970 	 * If there is some error -- we are done, skip data transfer.
4971 	 */
4972 	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4973 	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4974 	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4975 		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4976 			buf = io->scsiio.kern_data_ptr;
4977 		else
4978 			buf = NULL;
4979 		ctl_done(io);
4980 		if (buf)
4981 			free(buf, M_CTL);
4982 		return;
4983 	}
4984 
4985 	/*
4986 	 * If the IO_CONT flag is set, we need to call the supplied
4987 	 * function to continue processing the I/O, instead of completing
4988 	 * the I/O just yet.
4989 	 */
4990 	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4991 		io->scsiio.io_cont(io);
4992 		return;
4993 	}
4994 
4995 	ctl_datamove(io);
4996 }
4997 
4998 /*
4999  * SCSI release command.
5000  */
5001 int
5002 ctl_scsi_release(struct ctl_scsiio *ctsio)
5003 {
5004 	struct ctl_lun *lun;
5005 	uint32_t residx;
5006 
5007 	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5008 
5009 	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5010 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5011 
5012 	/*
5013 	 * XXX KDM right now, we only support LUN reservation.  We don't
5014 	 * support 3rd party reservations, or extent reservations, which
5015 	 * might actually need the parameter list.  If we've gotten this
5016 	 * far, we've got a LUN reservation.  Anything else got kicked out
5017 	 * above.  So, according to SPC, ignore the length.
5018 	 */
5019 
5020 	mtx_lock(&lun->lun_lock);
5021 
5022 	/*
5023 	 * According to SPC, it is not an error for an intiator to attempt
5024 	 * to release a reservation on a LUN that isn't reserved, or that
5025 	 * is reserved by another initiator.  The reservation can only be
5026 	 * released, though, by the initiator who made it or by one of
5027 	 * several reset type events.
5028 	 */
5029 	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5030 			lun->flags &= ~CTL_LUN_RESERVED;
5031 
5032 	mtx_unlock(&lun->lun_lock);
5033 
5034 	ctl_set_success(ctsio);
5035 	ctl_done((union ctl_io *)ctsio);
5036 	return (CTL_RETVAL_COMPLETE);
5037 }
5038 
5039 int
5040 ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5041 {
5042 	struct ctl_lun *lun;
5043 	uint32_t residx;
5044 
5045 	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5046 
5047 	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5048 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5049 
5050 	/*
5051 	 * XXX KDM right now, we only support LUN reservation.  We don't
5052 	 * support 3rd party reservations, or extent reservations, which
5053 	 * might actually need the parameter list.  If we've gotten this
5054 	 * far, we've got a LUN reservation.  Anything else got kicked out
5055 	 * above.  So, according to SPC, ignore the length.
5056 	 */
5057 
5058 	mtx_lock(&lun->lun_lock);
5059 	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5060 		ctl_set_reservation_conflict(ctsio);
5061 		goto bailout;
5062 	}
5063 	lun->flags |= CTL_LUN_RESERVED;
5064 	lun->res_idx = residx;
5065 	ctl_set_success(ctsio);
5066 
5067 bailout:
5068 	mtx_unlock(&lun->lun_lock);
5069 	ctl_done((union ctl_io *)ctsio);
5070 	return (CTL_RETVAL_COMPLETE);
5071 }
5072 
5073 int
5074 ctl_start_stop(struct ctl_scsiio *ctsio)
5075 {
5076 	struct scsi_start_stop_unit *cdb;
5077 	struct ctl_lun *lun;
5078 	int retval;
5079 
5080 	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5081 
5082 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5083 	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5084 
5085 	/*
5086 	 * XXX KDM
5087 	 * We don't support the immediate bit on a stop unit.  In order to
5088 	 * do that, we would need to code up a way to know that a stop is
5089 	 * pending, and hold off any new commands until it completes, one
5090 	 * way or another.  Then we could accept or reject those commands
5091 	 * depending on its status.  We would almost need to do the reverse
5092 	 * of what we do below for an immediate start -- return the copy of
5093 	 * the ctl_io to the FETD with status to send to the host (and to
5094 	 * free the copy!) and then free the original I/O once the stop
5095 	 * actually completes.  That way, the OOA queue mechanism can work
5096 	 * to block commands that shouldn't proceed.  Another alternative
5097 	 * would be to put the copy in the queue in place of the original,
5098 	 * and return the original back to the caller.  That could be
5099 	 * slightly safer..
5100 	 */
5101 	if ((cdb->byte2 & SSS_IMMED)
5102 	 && ((cdb->how & SSS_START) == 0)) {
5103 		ctl_set_invalid_field(ctsio,
5104 				      /*sks_valid*/ 1,
5105 				      /*command*/ 1,
5106 				      /*field*/ 1,
5107 				      /*bit_valid*/ 1,
5108 				      /*bit*/ 0);
5109 		ctl_done((union ctl_io *)ctsio);
5110 		return (CTL_RETVAL_COMPLETE);
5111 	}
5112 
5113 	if ((lun->flags & CTL_LUN_PR_RESERVED)
5114 	 && ((cdb->how & SSS_START)==0)) {
5115 		uint32_t residx;
5116 
5117 		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5118 		if (ctl_get_prkey(lun, residx) == 0
5119 		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5120 
5121 			ctl_set_reservation_conflict(ctsio);
5122 			ctl_done((union ctl_io *)ctsio);
5123 			return (CTL_RETVAL_COMPLETE);
5124 		}
5125 	}
5126 
5127 	/*
5128 	 * If there is no backend on this device, we can't start or stop
5129 	 * it.  In theory we shouldn't get any start/stop commands in the
5130 	 * first place at this level if the LUN doesn't have a backend.
5131 	 * That should get stopped by the command decode code.
5132 	 */
5133 	if (lun->backend == NULL) {
5134 		ctl_set_invalid_opcode(ctsio);
5135 		ctl_done((union ctl_io *)ctsio);
5136 		return (CTL_RETVAL_COMPLETE);
5137 	}
5138 
5139 	/*
5140 	 * In the non-immediate case, we send the request to
5141 	 * the backend and return status to the user when
5142 	 * it is done.
5143 	 *
5144 	 * In the immediate case, we allocate a new ctl_io
5145 	 * to hold a copy of the request, and send that to
5146 	 * the backend.  We then set good status on the
5147 	 * user's request and return it immediately.
5148 	 */
5149 	if (cdb->byte2 & SSS_IMMED) {
5150 		union ctl_io *new_io;
5151 
5152 		new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5153 		ctl_copy_io((union ctl_io *)ctsio, new_io);
5154 		retval = lun->backend->config_write(new_io);
5155 		ctl_set_success(ctsio);
5156 		ctl_done((union ctl_io *)ctsio);
5157 	} else {
5158 		retval = lun->backend->config_write(
5159 			(union ctl_io *)ctsio);
5160 	}
5161 	return (retval);
5162 }
5163 
5164 /*
5165  * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5166  * we don't really do anything with the LBA and length fields if the user
5167  * passes them in.  Instead we'll just flush out the cache for the entire
5168  * LUN.
5169  */
5170 int
5171 ctl_sync_cache(struct ctl_scsiio *ctsio)
5172 {
5173 	struct ctl_lun *lun;
5174 	struct ctl_softc *softc;
5175 	struct ctl_lba_len_flags *lbalen;
5176 	uint64_t starting_lba;
5177 	uint32_t block_count;
5178 	int retval;
5179 	uint8_t byte2;
5180 
5181 	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5182 
5183 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5184 	softc = lun->ctl_softc;
5185 	retval = 0;
5186 
5187 	switch (ctsio->cdb[0]) {
5188 	case SYNCHRONIZE_CACHE: {
5189 		struct scsi_sync_cache *cdb;
5190 		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5191 
5192 		starting_lba = scsi_4btoul(cdb->begin_lba);
5193 		block_count = scsi_2btoul(cdb->lb_count);
5194 		byte2 = cdb->byte2;
5195 		break;
5196 	}
5197 	case SYNCHRONIZE_CACHE_16: {
5198 		struct scsi_sync_cache_16 *cdb;
5199 		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5200 
5201 		starting_lba = scsi_8btou64(cdb->begin_lba);
5202 		block_count = scsi_4btoul(cdb->lb_count);
5203 		byte2 = cdb->byte2;
5204 		break;
5205 	}
5206 	default:
5207 		ctl_set_invalid_opcode(ctsio);
5208 		ctl_done((union ctl_io *)ctsio);
5209 		goto bailout;
5210 		break; /* NOTREACHED */
5211 	}
5212 
5213 	/*
5214 	 * We check the LBA and length, but don't do anything with them.
5215 	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5216 	 * get flushed.  This check will just help satisfy anyone who wants
5217 	 * to see an error for an out of range LBA.
5218 	 */
5219 	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5220 		ctl_set_lba_out_of_range(ctsio);
5221 		ctl_done((union ctl_io *)ctsio);
5222 		goto bailout;
5223 	}
5224 
5225 	/*
5226 	 * If this LUN has no backend, we can't flush the cache anyway.
5227 	 */
5228 	if (lun->backend == NULL) {
5229 		ctl_set_invalid_opcode(ctsio);
5230 		ctl_done((union ctl_io *)ctsio);
5231 		goto bailout;
5232 	}
5233 
5234 	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5235 	lbalen->lba = starting_lba;
5236 	lbalen->len = block_count;
5237 	lbalen->flags = byte2;
5238 	retval = lun->backend->config_write((union ctl_io *)ctsio);
5239 
5240 bailout:
5241 	return (retval);
5242 }
5243 
5244 int
5245 ctl_format(struct ctl_scsiio *ctsio)
5246 {
5247 	struct scsi_format *cdb;
5248 	struct ctl_lun *lun;
5249 	int length, defect_list_len;
5250 
5251 	CTL_DEBUG_PRINT(("ctl_format\n"));
5252 
5253 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5254 
5255 	cdb = (struct scsi_format *)ctsio->cdb;
5256 
5257 	length = 0;
5258 	if (cdb->byte2 & SF_FMTDATA) {
5259 		if (cdb->byte2 & SF_LONGLIST)
5260 			length = sizeof(struct scsi_format_header_long);
5261 		else
5262 			length = sizeof(struct scsi_format_header_short);
5263 	}
5264 
5265 	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5266 	 && (length > 0)) {
5267 		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5268 		ctsio->kern_data_len = length;
5269 		ctsio->kern_total_len = length;
5270 		ctsio->kern_data_resid = 0;
5271 		ctsio->kern_rel_offset = 0;
5272 		ctsio->kern_sg_entries = 0;
5273 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5274 		ctsio->be_move_done = ctl_config_move_done;
5275 		ctl_datamove((union ctl_io *)ctsio);
5276 
5277 		return (CTL_RETVAL_COMPLETE);
5278 	}
5279 
5280 	defect_list_len = 0;
5281 
5282 	if (cdb->byte2 & SF_FMTDATA) {
5283 		if (cdb->byte2 & SF_LONGLIST) {
5284 			struct scsi_format_header_long *header;
5285 
5286 			header = (struct scsi_format_header_long *)
5287 				ctsio->kern_data_ptr;
5288 
5289 			defect_list_len = scsi_4btoul(header->defect_list_len);
5290 			if (defect_list_len != 0) {
5291 				ctl_set_invalid_field(ctsio,
5292 						      /*sks_valid*/ 1,
5293 						      /*command*/ 0,
5294 						      /*field*/ 2,
5295 						      /*bit_valid*/ 0,
5296 						      /*bit*/ 0);
5297 				goto bailout;
5298 			}
5299 		} else {
5300 			struct scsi_format_header_short *header;
5301 
5302 			header = (struct scsi_format_header_short *)
5303 				ctsio->kern_data_ptr;
5304 
5305 			defect_list_len = scsi_2btoul(header->defect_list_len);
5306 			if (defect_list_len != 0) {
5307 				ctl_set_invalid_field(ctsio,
5308 						      /*sks_valid*/ 1,
5309 						      /*command*/ 0,
5310 						      /*field*/ 2,
5311 						      /*bit_valid*/ 0,
5312 						      /*bit*/ 0);
5313 				goto bailout;
5314 			}
5315 		}
5316 	}
5317 
5318 	/*
5319 	 * The format command will clear out the "Medium format corrupted"
5320 	 * status if set by the configuration code.  That status is really
5321 	 * just a way to notify the host that we have lost the media, and
5322 	 * get them to issue a command that will basically make them think
5323 	 * they're blowing away the media.
5324 	 */
5325 	mtx_lock(&lun->lun_lock);
5326 	lun->flags &= ~CTL_LUN_INOPERABLE;
5327 	mtx_unlock(&lun->lun_lock);
5328 
5329 	ctl_set_success(ctsio);
5330 bailout:
5331 
5332 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5333 		free(ctsio->kern_data_ptr, M_CTL);
5334 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5335 	}
5336 
5337 	ctl_done((union ctl_io *)ctsio);
5338 	return (CTL_RETVAL_COMPLETE);
5339 }
5340 
5341 int
5342 ctl_read_buffer(struct ctl_scsiio *ctsio)
5343 {
5344 	struct ctl_lun *lun;
5345 	uint64_t buffer_offset;
5346 	uint32_t len;
5347 	uint8_t byte2;
5348 	static uint8_t descr[4];
5349 	static uint8_t echo_descr[4] = { 0 };
5350 
5351 	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5352 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5353 	switch (ctsio->cdb[0]) {
5354 	case READ_BUFFER: {
5355 		struct scsi_read_buffer *cdb;
5356 
5357 		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5358 		buffer_offset = scsi_3btoul(cdb->offset);
5359 		len = scsi_3btoul(cdb->length);
5360 		byte2 = cdb->byte2;
5361 		break;
5362 	}
5363 	case READ_BUFFER_16: {
5364 		struct scsi_read_buffer_16 *cdb;
5365 
5366 		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5367 		buffer_offset = scsi_8btou64(cdb->offset);
5368 		len = scsi_4btoul(cdb->length);
5369 		byte2 = cdb->byte2;
5370 		break;
5371 	}
5372 	default: /* This shouldn't happen. */
5373 		ctl_set_invalid_opcode(ctsio);
5374 		ctl_done((union ctl_io *)ctsio);
5375 		return (CTL_RETVAL_COMPLETE);
5376 	}
5377 
5378 	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5379 	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5380 	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5381 		ctl_set_invalid_field(ctsio,
5382 				      /*sks_valid*/ 1,
5383 				      /*command*/ 1,
5384 				      /*field*/ 1,
5385 				      /*bit_valid*/ 1,
5386 				      /*bit*/ 4);
5387 		ctl_done((union ctl_io *)ctsio);
5388 		return (CTL_RETVAL_COMPLETE);
5389 	}
5390 
5391 	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5392 	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5393 		ctl_set_invalid_field(ctsio,
5394 				      /*sks_valid*/ 1,
5395 				      /*command*/ 1,
5396 				      /*field*/ 6,
5397 				      /*bit_valid*/ 0,
5398 				      /*bit*/ 0);
5399 		ctl_done((union ctl_io *)ctsio);
5400 		return (CTL_RETVAL_COMPLETE);
5401 	}
5402 
5403 	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5404 		descr[0] = 0;
5405 		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5406 		ctsio->kern_data_ptr = descr;
5407 		len = min(len, sizeof(descr));
5408 	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5409 		ctsio->kern_data_ptr = echo_descr;
5410 		len = min(len, sizeof(echo_descr));
5411 	} else {
5412 		if (lun->write_buffer == NULL) {
5413 			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5414 			    M_CTL, M_WAITOK);
5415 		}
5416 		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5417 	}
5418 	ctsio->kern_data_len = len;
5419 	ctsio->kern_total_len = len;
5420 	ctsio->kern_data_resid = 0;
5421 	ctsio->kern_rel_offset = 0;
5422 	ctsio->kern_sg_entries = 0;
5423 	ctl_set_success(ctsio);
5424 	ctsio->be_move_done = ctl_config_move_done;
5425 	ctl_datamove((union ctl_io *)ctsio);
5426 	return (CTL_RETVAL_COMPLETE);
5427 }
5428 
5429 int
5430 ctl_write_buffer(struct ctl_scsiio *ctsio)
5431 {
5432 	struct scsi_write_buffer *cdb;
5433 	struct ctl_lun *lun;
5434 	int buffer_offset, len;
5435 
5436 	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5437 
5438 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5439 	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5440 
5441 	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5442 		ctl_set_invalid_field(ctsio,
5443 				      /*sks_valid*/ 1,
5444 				      /*command*/ 1,
5445 				      /*field*/ 1,
5446 				      /*bit_valid*/ 1,
5447 				      /*bit*/ 4);
5448 		ctl_done((union ctl_io *)ctsio);
5449 		return (CTL_RETVAL_COMPLETE);
5450 	}
5451 
5452 	len = scsi_3btoul(cdb->length);
5453 	buffer_offset = scsi_3btoul(cdb->offset);
5454 
5455 	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5456 		ctl_set_invalid_field(ctsio,
5457 				      /*sks_valid*/ 1,
5458 				      /*command*/ 1,
5459 				      /*field*/ 6,
5460 				      /*bit_valid*/ 0,
5461 				      /*bit*/ 0);
5462 		ctl_done((union ctl_io *)ctsio);
5463 		return (CTL_RETVAL_COMPLETE);
5464 	}
5465 
5466 	/*
5467 	 * If we've got a kernel request that hasn't been malloced yet,
5468 	 * malloc it and tell the caller the data buffer is here.
5469 	 */
5470 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5471 		if (lun->write_buffer == NULL) {
5472 			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5473 			    M_CTL, M_WAITOK);
5474 		}
5475 		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5476 		ctsio->kern_data_len = len;
5477 		ctsio->kern_total_len = len;
5478 		ctsio->kern_data_resid = 0;
5479 		ctsio->kern_rel_offset = 0;
5480 		ctsio->kern_sg_entries = 0;
5481 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5482 		ctsio->be_move_done = ctl_config_move_done;
5483 		ctl_datamove((union ctl_io *)ctsio);
5484 
5485 		return (CTL_RETVAL_COMPLETE);
5486 	}
5487 
5488 	ctl_set_success(ctsio);
5489 	ctl_done((union ctl_io *)ctsio);
5490 	return (CTL_RETVAL_COMPLETE);
5491 }
5492 
5493 int
5494 ctl_write_same(struct ctl_scsiio *ctsio)
5495 {
5496 	struct ctl_lun *lun;
5497 	struct ctl_lba_len_flags *lbalen;
5498 	uint64_t lba;
5499 	uint32_t num_blocks;
5500 	int len, retval;
5501 	uint8_t byte2;
5502 
5503 	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5504 
5505 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5506 
5507 	switch (ctsio->cdb[0]) {
5508 	case WRITE_SAME_10: {
5509 		struct scsi_write_same_10 *cdb;
5510 
5511 		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5512 
5513 		lba = scsi_4btoul(cdb->addr);
5514 		num_blocks = scsi_2btoul(cdb->length);
5515 		byte2 = cdb->byte2;
5516 		break;
5517 	}
5518 	case WRITE_SAME_16: {
5519 		struct scsi_write_same_16 *cdb;
5520 
5521 		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5522 
5523 		lba = scsi_8btou64(cdb->addr);
5524 		num_blocks = scsi_4btoul(cdb->length);
5525 		byte2 = cdb->byte2;
5526 		break;
5527 	}
5528 	default:
5529 		/*
5530 		 * We got a command we don't support.  This shouldn't
5531 		 * happen, commands should be filtered out above us.
5532 		 */
5533 		ctl_set_invalid_opcode(ctsio);
5534 		ctl_done((union ctl_io *)ctsio);
5535 
5536 		return (CTL_RETVAL_COMPLETE);
5537 		break; /* NOTREACHED */
5538 	}
5539 
5540 	/* ANCHOR flag can be used only together with UNMAP */
5541 	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5542 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5543 		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5544 		ctl_done((union ctl_io *)ctsio);
5545 		return (CTL_RETVAL_COMPLETE);
5546 	}
5547 
5548 	/*
5549 	 * The first check is to make sure we're in bounds, the second
5550 	 * check is to catch wrap-around problems.  If the lba + num blocks
5551 	 * is less than the lba, then we've wrapped around and the block
5552 	 * range is invalid anyway.
5553 	 */
5554 	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5555 	 || ((lba + num_blocks) < lba)) {
5556 		ctl_set_lba_out_of_range(ctsio);
5557 		ctl_done((union ctl_io *)ctsio);
5558 		return (CTL_RETVAL_COMPLETE);
5559 	}
5560 
5561 	/* Zero number of blocks means "to the last logical block" */
5562 	if (num_blocks == 0) {
5563 		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5564 			ctl_set_invalid_field(ctsio,
5565 					      /*sks_valid*/ 0,
5566 					      /*command*/ 1,
5567 					      /*field*/ 0,
5568 					      /*bit_valid*/ 0,
5569 					      /*bit*/ 0);
5570 			ctl_done((union ctl_io *)ctsio);
5571 			return (CTL_RETVAL_COMPLETE);
5572 		}
5573 		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5574 	}
5575 
5576 	len = lun->be_lun->blocksize;
5577 
5578 	/*
5579 	 * If we've got a kernel request that hasn't been malloced yet,
5580 	 * malloc it and tell the caller the data buffer is here.
5581 	 */
5582 	if ((byte2 & SWS_NDOB) == 0 &&
5583 	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5584 		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5585 		ctsio->kern_data_len = len;
5586 		ctsio->kern_total_len = len;
5587 		ctsio->kern_data_resid = 0;
5588 		ctsio->kern_rel_offset = 0;
5589 		ctsio->kern_sg_entries = 0;
5590 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5591 		ctsio->be_move_done = ctl_config_move_done;
5592 		ctl_datamove((union ctl_io *)ctsio);
5593 
5594 		return (CTL_RETVAL_COMPLETE);
5595 	}
5596 
5597 	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5598 	lbalen->lba = lba;
5599 	lbalen->len = num_blocks;
5600 	lbalen->flags = byte2;
5601 	retval = lun->backend->config_write((union ctl_io *)ctsio);
5602 
5603 	return (retval);
5604 }
5605 
5606 int
5607 ctl_unmap(struct ctl_scsiio *ctsio)
5608 {
5609 	struct ctl_lun *lun;
5610 	struct scsi_unmap *cdb;
5611 	struct ctl_ptr_len_flags *ptrlen;
5612 	struct scsi_unmap_header *hdr;
5613 	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5614 	uint64_t lba;
5615 	uint32_t num_blocks;
5616 	int len, retval;
5617 	uint8_t byte2;
5618 
5619 	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5620 
5621 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5622 	cdb = (struct scsi_unmap *)ctsio->cdb;
5623 
5624 	len = scsi_2btoul(cdb->length);
5625 	byte2 = cdb->byte2;
5626 
5627 	/*
5628 	 * If we've got a kernel request that hasn't been malloced yet,
5629 	 * malloc it and tell the caller the data buffer is here.
5630 	 */
5631 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5632 		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5633 		ctsio->kern_data_len = len;
5634 		ctsio->kern_total_len = len;
5635 		ctsio->kern_data_resid = 0;
5636 		ctsio->kern_rel_offset = 0;
5637 		ctsio->kern_sg_entries = 0;
5638 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5639 		ctsio->be_move_done = ctl_config_move_done;
5640 		ctl_datamove((union ctl_io *)ctsio);
5641 
5642 		return (CTL_RETVAL_COMPLETE);
5643 	}
5644 
5645 	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5646 	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5647 	if (len < sizeof (*hdr) ||
5648 	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5649 	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5650 	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5651 		ctl_set_invalid_field(ctsio,
5652 				      /*sks_valid*/ 0,
5653 				      /*command*/ 0,
5654 				      /*field*/ 0,
5655 				      /*bit_valid*/ 0,
5656 				      /*bit*/ 0);
5657 		goto done;
5658 	}
5659 	len = scsi_2btoul(hdr->desc_length);
5660 	buf = (struct scsi_unmap_desc *)(hdr + 1);
5661 	end = buf + len / sizeof(*buf);
5662 
5663 	endnz = buf;
5664 	for (range = buf; range < end; range++) {
5665 		lba = scsi_8btou64(range->lba);
5666 		num_blocks = scsi_4btoul(range->length);
5667 		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5668 		 || ((lba + num_blocks) < lba)) {
5669 			ctl_set_lba_out_of_range(ctsio);
5670 			ctl_done((union ctl_io *)ctsio);
5671 			return (CTL_RETVAL_COMPLETE);
5672 		}
5673 		if (num_blocks != 0)
5674 			endnz = range + 1;
5675 	}
5676 
5677 	/*
5678 	 * Block backend can not handle zero last range.
5679 	 * Filter it out and return if there is nothing left.
5680 	 */
5681 	len = (uint8_t *)endnz - (uint8_t *)buf;
5682 	if (len == 0) {
5683 		ctl_set_success(ctsio);
5684 		goto done;
5685 	}
5686 
5687 	mtx_lock(&lun->lun_lock);
5688 	ptrlen = (struct ctl_ptr_len_flags *)
5689 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5690 	ptrlen->ptr = (void *)buf;
5691 	ptrlen->len = len;
5692 	ptrlen->flags = byte2;
5693 	ctl_check_blocked(lun);
5694 	mtx_unlock(&lun->lun_lock);
5695 
5696 	retval = lun->backend->config_write((union ctl_io *)ctsio);
5697 	return (retval);
5698 
5699 done:
5700 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5701 		free(ctsio->kern_data_ptr, M_CTL);
5702 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5703 	}
5704 	ctl_done((union ctl_io *)ctsio);
5705 	return (CTL_RETVAL_COMPLETE);
5706 }
5707 
5708 /*
5709  * Note that this function currently doesn't actually do anything inside
5710  * CTL to enforce things if the DQue bit is turned on.
5711  *
5712  * Also note that this function can't be used in the default case, because
5713  * the DQue bit isn't set in the changeable mask for the control mode page
5714  * anyway.  This is just here as an example for how to implement a page
5715  * handler, and a placeholder in case we want to allow the user to turn
5716  * tagged queueing on and off.
5717  *
5718  * The D_SENSE bit handling is functional, however, and will turn
5719  * descriptor sense on and off for a given LUN.
5720  */
5721 int
5722 ctl_control_page_handler(struct ctl_scsiio *ctsio,
5723 			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5724 {
5725 	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5726 	struct ctl_lun *lun;
5727 	int set_ua;
5728 	uint32_t initidx;
5729 
5730 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5731 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5732 	set_ua = 0;
5733 
5734 	user_cp = (struct scsi_control_page *)page_ptr;
5735 	current_cp = (struct scsi_control_page *)
5736 		(page_index->page_data + (page_index->page_len *
5737 		CTL_PAGE_CURRENT));
5738 	saved_cp = (struct scsi_control_page *)
5739 		(page_index->page_data + (page_index->page_len *
5740 		CTL_PAGE_SAVED));
5741 
5742 	mtx_lock(&lun->lun_lock);
5743 	if (((current_cp->rlec & SCP_DSENSE) == 0)
5744 	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5745 		/*
5746 		 * Descriptor sense is currently turned off and the user
5747 		 * wants to turn it on.
5748 		 */
5749 		current_cp->rlec |= SCP_DSENSE;
5750 		saved_cp->rlec |= SCP_DSENSE;
5751 		lun->flags |= CTL_LUN_SENSE_DESC;
5752 		set_ua = 1;
5753 	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5754 		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5755 		/*
5756 		 * Descriptor sense is currently turned on, and the user
5757 		 * wants to turn it off.
5758 		 */
5759 		current_cp->rlec &= ~SCP_DSENSE;
5760 		saved_cp->rlec &= ~SCP_DSENSE;
5761 		lun->flags &= ~CTL_LUN_SENSE_DESC;
5762 		set_ua = 1;
5763 	}
5764 	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5765 	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5766 		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5767 		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5768 		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5769 		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5770 		set_ua = 1;
5771 	}
5772 	if ((current_cp->eca_and_aen & SCP_SWP) !=
5773 	    (user_cp->eca_and_aen & SCP_SWP)) {
5774 		current_cp->eca_and_aen &= ~SCP_SWP;
5775 		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5776 		saved_cp->eca_and_aen &= ~SCP_SWP;
5777 		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5778 		set_ua = 1;
5779 	}
5780 	if (set_ua != 0)
5781 		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5782 	mtx_unlock(&lun->lun_lock);
5783 	if (set_ua) {
5784 		ctl_isc_announce_mode(lun,
5785 		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5786 		    page_index->page_code, page_index->subpage);
5787 	}
5788 	return (0);
5789 }
5790 
5791 int
5792 ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5793 		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5794 {
5795 	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5796 	struct ctl_lun *lun;
5797 	int set_ua;
5798 	uint32_t initidx;
5799 
5800 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5801 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5802 	set_ua = 0;
5803 
5804 	user_cp = (struct scsi_caching_page *)page_ptr;
5805 	current_cp = (struct scsi_caching_page *)
5806 		(page_index->page_data + (page_index->page_len *
5807 		CTL_PAGE_CURRENT));
5808 	saved_cp = (struct scsi_caching_page *)
5809 		(page_index->page_data + (page_index->page_len *
5810 		CTL_PAGE_SAVED));
5811 
5812 	mtx_lock(&lun->lun_lock);
5813 	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5814 	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5815 		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5816 		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5817 		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5818 		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5819 		set_ua = 1;
5820 	}
5821 	if (set_ua != 0)
5822 		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5823 	mtx_unlock(&lun->lun_lock);
5824 	if (set_ua) {
5825 		ctl_isc_announce_mode(lun,
5826 		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5827 		    page_index->page_code, page_index->subpage);
5828 	}
5829 	return (0);
5830 }
5831 
5832 int
5833 ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5834 				struct ctl_page_index *page_index,
5835 				uint8_t *page_ptr)
5836 {
5837 	uint8_t *c;
5838 	int i;
5839 
5840 	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5841 	ctl_time_io_secs =
5842 		(c[0] << 8) |
5843 		(c[1] << 0) |
5844 		0;
5845 	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5846 	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5847 	printf("page data:");
5848 	for (i=0; i<8; i++)
5849 		printf(" %.2x",page_ptr[i]);
5850 	printf("\n");
5851 	return (0);
5852 }
5853 
5854 int
5855 ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5856 			       struct ctl_page_index *page_index,
5857 			       int pc)
5858 {
5859 	struct copan_debugconf_subpage *page;
5860 
5861 	page = (struct copan_debugconf_subpage *)page_index->page_data +
5862 		(page_index->page_len * pc);
5863 
5864 	switch (pc) {
5865 	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5866 	case SMS_PAGE_CTRL_DEFAULT >> 6:
5867 	case SMS_PAGE_CTRL_SAVED >> 6:
5868 		/*
5869 		 * We don't update the changable or default bits for this page.
5870 		 */
5871 		break;
5872 	case SMS_PAGE_CTRL_CURRENT >> 6:
5873 		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5874 		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5875 		break;
5876 	default:
5877 		break;
5878 	}
5879 	return (0);
5880 }
5881 
5882 
5883 static int
5884 ctl_do_mode_select(union ctl_io *io)
5885 {
5886 	struct scsi_mode_page_header *page_header;
5887 	struct ctl_page_index *page_index;
5888 	struct ctl_scsiio *ctsio;
5889 	int page_len, page_len_offset, page_len_size;
5890 	union ctl_modepage_info *modepage_info;
5891 	struct ctl_lun *lun;
5892 	int *len_left, *len_used;
5893 	int retval, i;
5894 
5895 	ctsio = &io->scsiio;
5896 	page_index = NULL;
5897 	page_len = 0;
5898 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5899 
5900 	modepage_info = (union ctl_modepage_info *)
5901 		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5902 	len_left = &modepage_info->header.len_left;
5903 	len_used = &modepage_info->header.len_used;
5904 
5905 do_next_page:
5906 
5907 	page_header = (struct scsi_mode_page_header *)
5908 		(ctsio->kern_data_ptr + *len_used);
5909 
5910 	if (*len_left == 0) {
5911 		free(ctsio->kern_data_ptr, M_CTL);
5912 		ctl_set_success(ctsio);
5913 		ctl_done((union ctl_io *)ctsio);
5914 		return (CTL_RETVAL_COMPLETE);
5915 	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5916 
5917 		free(ctsio->kern_data_ptr, M_CTL);
5918 		ctl_set_param_len_error(ctsio);
5919 		ctl_done((union ctl_io *)ctsio);
5920 		return (CTL_RETVAL_COMPLETE);
5921 
5922 	} else if ((page_header->page_code & SMPH_SPF)
5923 		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5924 
5925 		free(ctsio->kern_data_ptr, M_CTL);
5926 		ctl_set_param_len_error(ctsio);
5927 		ctl_done((union ctl_io *)ctsio);
5928 		return (CTL_RETVAL_COMPLETE);
5929 	}
5930 
5931 
5932 	/*
5933 	 * XXX KDM should we do something with the block descriptor?
5934 	 */
5935 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5936 
5937 		if (lun->be_lun->lun_type != T_DIRECT &&
5938 		    (lun->mode_pages.index[i].page_flags &
5939 		     CTL_PAGE_FLAG_DISK_ONLY))
5940 			continue;
5941 
5942 		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5943 		    (page_header->page_code & SMPH_PC_MASK))
5944 			continue;
5945 
5946 		/*
5947 		 * If neither page has a subpage code, then we've got a
5948 		 * match.
5949 		 */
5950 		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5951 		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5952 			page_index = &lun->mode_pages.index[i];
5953 			page_len = page_header->page_length;
5954 			break;
5955 		}
5956 
5957 		/*
5958 		 * If both pages have subpages, then the subpage numbers
5959 		 * have to match.
5960 		 */
5961 		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5962 		  && (page_header->page_code & SMPH_SPF)) {
5963 			struct scsi_mode_page_header_sp *sph;
5964 
5965 			sph = (struct scsi_mode_page_header_sp *)page_header;
5966 
5967 			if (lun->mode_pages.index[i].subpage ==
5968 			    sph->subpage) {
5969 				page_index = &lun->mode_pages.index[i];
5970 				page_len = scsi_2btoul(sph->page_length);
5971 				break;
5972 			}
5973 		}
5974 	}
5975 
5976 	/*
5977 	 * If we couldn't find the page, or if we don't have a mode select
5978 	 * handler for it, send back an error to the user.
5979 	 */
5980 	if ((page_index == NULL)
5981 	 || (page_index->select_handler == NULL)) {
5982 		ctl_set_invalid_field(ctsio,
5983 				      /*sks_valid*/ 1,
5984 				      /*command*/ 0,
5985 				      /*field*/ *len_used,
5986 				      /*bit_valid*/ 0,
5987 				      /*bit*/ 0);
5988 		free(ctsio->kern_data_ptr, M_CTL);
5989 		ctl_done((union ctl_io *)ctsio);
5990 		return (CTL_RETVAL_COMPLETE);
5991 	}
5992 
5993 	if (page_index->page_code & SMPH_SPF) {
5994 		page_len_offset = 2;
5995 		page_len_size = 2;
5996 	} else {
5997 		page_len_size = 1;
5998 		page_len_offset = 1;
5999 	}
6000 
6001 	/*
6002 	 * If the length the initiator gives us isn't the one we specify in
6003 	 * the mode page header, or if they didn't specify enough data in
6004 	 * the CDB to avoid truncating this page, kick out the request.
6005 	 */
6006 	if ((page_len != (page_index->page_len - page_len_offset -
6007 			  page_len_size))
6008 	 || (*len_left < page_index->page_len)) {
6009 
6010 
6011 		ctl_set_invalid_field(ctsio,
6012 				      /*sks_valid*/ 1,
6013 				      /*command*/ 0,
6014 				      /*field*/ *len_used + page_len_offset,
6015 				      /*bit_valid*/ 0,
6016 				      /*bit*/ 0);
6017 		free(ctsio->kern_data_ptr, M_CTL);
6018 		ctl_done((union ctl_io *)ctsio);
6019 		return (CTL_RETVAL_COMPLETE);
6020 	}
6021 
6022 	/*
6023 	 * Run through the mode page, checking to make sure that the bits
6024 	 * the user changed are actually legal for him to change.
6025 	 */
6026 	for (i = 0; i < page_index->page_len; i++) {
6027 		uint8_t *user_byte, *change_mask, *current_byte;
6028 		int bad_bit;
6029 		int j;
6030 
6031 		user_byte = (uint8_t *)page_header + i;
6032 		change_mask = page_index->page_data +
6033 			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6034 		current_byte = page_index->page_data +
6035 			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6036 
6037 		/*
6038 		 * Check to see whether the user set any bits in this byte
6039 		 * that he is not allowed to set.
6040 		 */
6041 		if ((*user_byte & ~(*change_mask)) ==
6042 		    (*current_byte & ~(*change_mask)))
6043 			continue;
6044 
6045 		/*
6046 		 * Go through bit by bit to determine which one is illegal.
6047 		 */
6048 		bad_bit = 0;
6049 		for (j = 7; j >= 0; j--) {
6050 			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6051 			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6052 				bad_bit = i;
6053 				break;
6054 			}
6055 		}
6056 		ctl_set_invalid_field(ctsio,
6057 				      /*sks_valid*/ 1,
6058 				      /*command*/ 0,
6059 				      /*field*/ *len_used + i,
6060 				      /*bit_valid*/ 1,
6061 				      /*bit*/ bad_bit);
6062 		free(ctsio->kern_data_ptr, M_CTL);
6063 		ctl_done((union ctl_io *)ctsio);
6064 		return (CTL_RETVAL_COMPLETE);
6065 	}
6066 
6067 	/*
6068 	 * Decrement these before we call the page handler, since we may
6069 	 * end up getting called back one way or another before the handler
6070 	 * returns to this context.
6071 	 */
6072 	*len_left -= page_index->page_len;
6073 	*len_used += page_index->page_len;
6074 
6075 	retval = page_index->select_handler(ctsio, page_index,
6076 					    (uint8_t *)page_header);
6077 
6078 	/*
6079 	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6080 	 * wait until this queued command completes to finish processing
6081 	 * the mode page.  If it returns anything other than
6082 	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6083 	 * already set the sense information, freed the data pointer, and
6084 	 * completed the io for us.
6085 	 */
6086 	if (retval != CTL_RETVAL_COMPLETE)
6087 		goto bailout_no_done;
6088 
6089 	/*
6090 	 * If the initiator sent us more than one page, parse the next one.
6091 	 */
6092 	if (*len_left > 0)
6093 		goto do_next_page;
6094 
6095 	ctl_set_success(ctsio);
6096 	free(ctsio->kern_data_ptr, M_CTL);
6097 	ctl_done((union ctl_io *)ctsio);
6098 
6099 bailout_no_done:
6100 
6101 	return (CTL_RETVAL_COMPLETE);
6102 
6103 }
6104 
6105 int
6106 ctl_mode_select(struct ctl_scsiio *ctsio)
6107 {
6108 	int param_len, pf, sp;
6109 	int header_size, bd_len;
6110 	union ctl_modepage_info *modepage_info;
6111 
6112 	switch (ctsio->cdb[0]) {
6113 	case MODE_SELECT_6: {
6114 		struct scsi_mode_select_6 *cdb;
6115 
6116 		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6117 
6118 		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6119 		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6120 		param_len = cdb->length;
6121 		header_size = sizeof(struct scsi_mode_header_6);
6122 		break;
6123 	}
6124 	case MODE_SELECT_10: {
6125 		struct scsi_mode_select_10 *cdb;
6126 
6127 		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6128 
6129 		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6130 		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6131 		param_len = scsi_2btoul(cdb->length);
6132 		header_size = sizeof(struct scsi_mode_header_10);
6133 		break;
6134 	}
6135 	default:
6136 		ctl_set_invalid_opcode(ctsio);
6137 		ctl_done((union ctl_io *)ctsio);
6138 		return (CTL_RETVAL_COMPLETE);
6139 	}
6140 
6141 	/*
6142 	 * From SPC-3:
6143 	 * "A parameter list length of zero indicates that the Data-Out Buffer
6144 	 * shall be empty. This condition shall not be considered as an error."
6145 	 */
6146 	if (param_len == 0) {
6147 		ctl_set_success(ctsio);
6148 		ctl_done((union ctl_io *)ctsio);
6149 		return (CTL_RETVAL_COMPLETE);
6150 	}
6151 
6152 	/*
6153 	 * Since we'll hit this the first time through, prior to
6154 	 * allocation, we don't need to free a data buffer here.
6155 	 */
6156 	if (param_len < header_size) {
6157 		ctl_set_param_len_error(ctsio);
6158 		ctl_done((union ctl_io *)ctsio);
6159 		return (CTL_RETVAL_COMPLETE);
6160 	}
6161 
6162 	/*
6163 	 * Allocate the data buffer and grab the user's data.  In theory,
6164 	 * we shouldn't have to sanity check the parameter list length here
6165 	 * because the maximum size is 64K.  We should be able to malloc
6166 	 * that much without too many problems.
6167 	 */
6168 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6169 		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6170 		ctsio->kern_data_len = param_len;
6171 		ctsio->kern_total_len = param_len;
6172 		ctsio->kern_data_resid = 0;
6173 		ctsio->kern_rel_offset = 0;
6174 		ctsio->kern_sg_entries = 0;
6175 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6176 		ctsio->be_move_done = ctl_config_move_done;
6177 		ctl_datamove((union ctl_io *)ctsio);
6178 
6179 		return (CTL_RETVAL_COMPLETE);
6180 	}
6181 
6182 	switch (ctsio->cdb[0]) {
6183 	case MODE_SELECT_6: {
6184 		struct scsi_mode_header_6 *mh6;
6185 
6186 		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6187 		bd_len = mh6->blk_desc_len;
6188 		break;
6189 	}
6190 	case MODE_SELECT_10: {
6191 		struct scsi_mode_header_10 *mh10;
6192 
6193 		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6194 		bd_len = scsi_2btoul(mh10->blk_desc_len);
6195 		break;
6196 	}
6197 	default:
6198 		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6199 		break;
6200 	}
6201 
6202 	if (param_len < (header_size + bd_len)) {
6203 		free(ctsio->kern_data_ptr, M_CTL);
6204 		ctl_set_param_len_error(ctsio);
6205 		ctl_done((union ctl_io *)ctsio);
6206 		return (CTL_RETVAL_COMPLETE);
6207 	}
6208 
6209 	/*
6210 	 * Set the IO_CONT flag, so that if this I/O gets passed to
6211 	 * ctl_config_write_done(), it'll get passed back to
6212 	 * ctl_do_mode_select() for further processing, or completion if
6213 	 * we're all done.
6214 	 */
6215 	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6216 	ctsio->io_cont = ctl_do_mode_select;
6217 
6218 	modepage_info = (union ctl_modepage_info *)
6219 		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6220 	memset(modepage_info, 0, sizeof(*modepage_info));
6221 	modepage_info->header.len_left = param_len - header_size - bd_len;
6222 	modepage_info->header.len_used = header_size + bd_len;
6223 
6224 	return (ctl_do_mode_select((union ctl_io *)ctsio));
6225 }
6226 
6227 int
6228 ctl_mode_sense(struct ctl_scsiio *ctsio)
6229 {
6230 	struct ctl_lun *lun;
6231 	int pc, page_code, dbd, llba, subpage;
6232 	int alloc_len, page_len, header_len, total_len;
6233 	struct scsi_mode_block_descr *block_desc;
6234 	struct ctl_page_index *page_index;
6235 
6236 	dbd = 0;
6237 	llba = 0;
6238 	block_desc = NULL;
6239 	page_index = NULL;
6240 
6241 	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6242 
6243 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6244 	switch (ctsio->cdb[0]) {
6245 	case MODE_SENSE_6: {
6246 		struct scsi_mode_sense_6 *cdb;
6247 
6248 		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6249 
6250 		header_len = sizeof(struct scsi_mode_hdr_6);
6251 		if (cdb->byte2 & SMS_DBD)
6252 			dbd = 1;
6253 		else
6254 			header_len += sizeof(struct scsi_mode_block_descr);
6255 
6256 		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6257 		page_code = cdb->page & SMS_PAGE_CODE;
6258 		subpage = cdb->subpage;
6259 		alloc_len = cdb->length;
6260 		break;
6261 	}
6262 	case MODE_SENSE_10: {
6263 		struct scsi_mode_sense_10 *cdb;
6264 
6265 		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6266 
6267 		header_len = sizeof(struct scsi_mode_hdr_10);
6268 
6269 		if (cdb->byte2 & SMS_DBD)
6270 			dbd = 1;
6271 		else
6272 			header_len += sizeof(struct scsi_mode_block_descr);
6273 		if (cdb->byte2 & SMS10_LLBAA)
6274 			llba = 1;
6275 		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6276 		page_code = cdb->page & SMS_PAGE_CODE;
6277 		subpage = cdb->subpage;
6278 		alloc_len = scsi_2btoul(cdb->length);
6279 		break;
6280 	}
6281 	default:
6282 		ctl_set_invalid_opcode(ctsio);
6283 		ctl_done((union ctl_io *)ctsio);
6284 		return (CTL_RETVAL_COMPLETE);
6285 		break; /* NOTREACHED */
6286 	}
6287 
6288 	/*
6289 	 * We have to make a first pass through to calculate the size of
6290 	 * the pages that match the user's query.  Then we allocate enough
6291 	 * memory to hold it, and actually copy the data into the buffer.
6292 	 */
6293 	switch (page_code) {
6294 	case SMS_ALL_PAGES_PAGE: {
6295 		int i;
6296 
6297 		page_len = 0;
6298 
6299 		/*
6300 		 * At the moment, values other than 0 and 0xff here are
6301 		 * reserved according to SPC-3.
6302 		 */
6303 		if ((subpage != SMS_SUBPAGE_PAGE_0)
6304 		 && (subpage != SMS_SUBPAGE_ALL)) {
6305 			ctl_set_invalid_field(ctsio,
6306 					      /*sks_valid*/ 1,
6307 					      /*command*/ 1,
6308 					      /*field*/ 3,
6309 					      /*bit_valid*/ 0,
6310 					      /*bit*/ 0);
6311 			ctl_done((union ctl_io *)ctsio);
6312 			return (CTL_RETVAL_COMPLETE);
6313 		}
6314 
6315 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6316 			if (lun->be_lun->lun_type != T_DIRECT &&
6317 			    (lun->mode_pages.index[i].page_flags &
6318 			     CTL_PAGE_FLAG_DISK_ONLY))
6319 				continue;
6320 
6321 			/*
6322 			 * We don't use this subpage if the user didn't
6323 			 * request all subpages.
6324 			 */
6325 			if ((lun->mode_pages.index[i].subpage != 0)
6326 			 && (subpage == SMS_SUBPAGE_PAGE_0))
6327 				continue;
6328 
6329 #if 0
6330 			printf("found page %#x len %d\n",
6331 			       lun->mode_pages.index[i].page_code &
6332 			       SMPH_PC_MASK,
6333 			       lun->mode_pages.index[i].page_len);
6334 #endif
6335 			page_len += lun->mode_pages.index[i].page_len;
6336 		}
6337 		break;
6338 	}
6339 	default: {
6340 		int i;
6341 
6342 		page_len = 0;
6343 
6344 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6345 			/* Look for the right page code */
6346 			if ((lun->mode_pages.index[i].page_code &
6347 			     SMPH_PC_MASK) != page_code)
6348 				continue;
6349 
6350 			/* Look for the right subpage or the subpage wildcard*/
6351 			if ((lun->mode_pages.index[i].subpage != subpage)
6352 			 && (subpage != SMS_SUBPAGE_ALL))
6353 				continue;
6354 
6355 			/* Make sure the page is supported for this dev type */
6356 			if (lun->be_lun->lun_type != T_DIRECT &&
6357 			    (lun->mode_pages.index[i].page_flags &
6358 			     CTL_PAGE_FLAG_DISK_ONLY))
6359 				continue;
6360 
6361 #if 0
6362 			printf("found page %#x len %d\n",
6363 			       lun->mode_pages.index[i].page_code &
6364 			       SMPH_PC_MASK,
6365 			       lun->mode_pages.index[i].page_len);
6366 #endif
6367 
6368 			page_len += lun->mode_pages.index[i].page_len;
6369 		}
6370 
6371 		if (page_len == 0) {
6372 			ctl_set_invalid_field(ctsio,
6373 					      /*sks_valid*/ 1,
6374 					      /*command*/ 1,
6375 					      /*field*/ 2,
6376 					      /*bit_valid*/ 1,
6377 					      /*bit*/ 5);
6378 			ctl_done((union ctl_io *)ctsio);
6379 			return (CTL_RETVAL_COMPLETE);
6380 		}
6381 		break;
6382 	}
6383 	}
6384 
6385 	total_len = header_len + page_len;
6386 #if 0
6387 	printf("header_len = %d, page_len = %d, total_len = %d\n",
6388 	       header_len, page_len, total_len);
6389 #endif
6390 
6391 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6392 	ctsio->kern_sg_entries = 0;
6393 	ctsio->kern_data_resid = 0;
6394 	ctsio->kern_rel_offset = 0;
6395 	if (total_len < alloc_len) {
6396 		ctsio->residual = alloc_len - total_len;
6397 		ctsio->kern_data_len = total_len;
6398 		ctsio->kern_total_len = total_len;
6399 	} else {
6400 		ctsio->residual = 0;
6401 		ctsio->kern_data_len = alloc_len;
6402 		ctsio->kern_total_len = alloc_len;
6403 	}
6404 
6405 	switch (ctsio->cdb[0]) {
6406 	case MODE_SENSE_6: {
6407 		struct scsi_mode_hdr_6 *header;
6408 
6409 		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6410 
6411 		header->datalen = MIN(total_len - 1, 254);
6412 		if (lun->be_lun->lun_type == T_DIRECT) {
6413 			header->dev_specific = 0x10; /* DPOFUA */
6414 			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6415 			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6416 			    .eca_and_aen & SCP_SWP) != 0)
6417 				    header->dev_specific |= 0x80; /* WP */
6418 		}
6419 		if (dbd)
6420 			header->block_descr_len = 0;
6421 		else
6422 			header->block_descr_len =
6423 				sizeof(struct scsi_mode_block_descr);
6424 		block_desc = (struct scsi_mode_block_descr *)&header[1];
6425 		break;
6426 	}
6427 	case MODE_SENSE_10: {
6428 		struct scsi_mode_hdr_10 *header;
6429 		int datalen;
6430 
6431 		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6432 
6433 		datalen = MIN(total_len - 2, 65533);
6434 		scsi_ulto2b(datalen, header->datalen);
6435 		if (lun->be_lun->lun_type == T_DIRECT) {
6436 			header->dev_specific = 0x10; /* DPOFUA */
6437 			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6438 			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6439 			    .eca_and_aen & SCP_SWP) != 0)
6440 				    header->dev_specific |= 0x80; /* WP */
6441 		}
6442 		if (dbd)
6443 			scsi_ulto2b(0, header->block_descr_len);
6444 		else
6445 			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6446 				    header->block_descr_len);
6447 		block_desc = (struct scsi_mode_block_descr *)&header[1];
6448 		break;
6449 	}
6450 	default:
6451 		panic("invalid CDB type %#x", ctsio->cdb[0]);
6452 		break; /* NOTREACHED */
6453 	}
6454 
6455 	/*
6456 	 * If we've got a disk, use its blocksize in the block
6457 	 * descriptor.  Otherwise, just set it to 0.
6458 	 */
6459 	if (dbd == 0) {
6460 		if (lun->be_lun->lun_type == T_DIRECT)
6461 			scsi_ulto3b(lun->be_lun->blocksize,
6462 				    block_desc->block_len);
6463 		else
6464 			scsi_ulto3b(0, block_desc->block_len);
6465 	}
6466 
6467 	switch (page_code) {
6468 	case SMS_ALL_PAGES_PAGE: {
6469 		int i, data_used;
6470 
6471 		data_used = header_len;
6472 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6473 			struct ctl_page_index *page_index;
6474 
6475 			page_index = &lun->mode_pages.index[i];
6476 
6477 			if (lun->be_lun->lun_type != T_DIRECT &&
6478 			    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
6479 				continue;
6480 
6481 			/*
6482 			 * We don't use this subpage if the user didn't
6483 			 * request all subpages.  We already checked (above)
6484 			 * to make sure the user only specified a subpage
6485 			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6486 			 */
6487 			if ((page_index->subpage != 0)
6488 			 && (subpage == SMS_SUBPAGE_PAGE_0))
6489 				continue;
6490 
6491 			/*
6492 			 * Call the handler, if it exists, to update the
6493 			 * page to the latest values.
6494 			 */
6495 			if (page_index->sense_handler != NULL)
6496 				page_index->sense_handler(ctsio, page_index,pc);
6497 
6498 			memcpy(ctsio->kern_data_ptr + data_used,
6499 			       page_index->page_data +
6500 			       (page_index->page_len * pc),
6501 			       page_index->page_len);
6502 			data_used += page_index->page_len;
6503 		}
6504 		break;
6505 	}
6506 	default: {
6507 		int i, data_used;
6508 
6509 		data_used = header_len;
6510 
6511 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6512 			struct ctl_page_index *page_index;
6513 
6514 			page_index = &lun->mode_pages.index[i];
6515 
6516 			/* Look for the right page code */
6517 			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6518 				continue;
6519 
6520 			/* Look for the right subpage or the subpage wildcard*/
6521 			if ((page_index->subpage != subpage)
6522 			 && (subpage != SMS_SUBPAGE_ALL))
6523 				continue;
6524 
6525 			/* Make sure the page is supported for this dev type */
6526 			if (lun->be_lun->lun_type != T_DIRECT &&
6527 			    (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
6528 				continue;
6529 
6530 			/*
6531 			 * Call the handler, if it exists, to update the
6532 			 * page to the latest values.
6533 			 */
6534 			if (page_index->sense_handler != NULL)
6535 				page_index->sense_handler(ctsio, page_index,pc);
6536 
6537 			memcpy(ctsio->kern_data_ptr + data_used,
6538 			       page_index->page_data +
6539 			       (page_index->page_len * pc),
6540 			       page_index->page_len);
6541 			data_used += page_index->page_len;
6542 		}
6543 		break;
6544 	}
6545 	}
6546 
6547 	ctl_set_success(ctsio);
6548 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6549 	ctsio->be_move_done = ctl_config_move_done;
6550 	ctl_datamove((union ctl_io *)ctsio);
6551 	return (CTL_RETVAL_COMPLETE);
6552 }
6553 
6554 int
6555 ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6556 			       struct ctl_page_index *page_index,
6557 			       int pc)
6558 {
6559 	struct ctl_lun *lun;
6560 	struct scsi_log_param_header *phdr;
6561 	uint8_t *data;
6562 	uint64_t val;
6563 
6564 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6565 	data = page_index->page_data;
6566 
6567 	if (lun->backend->lun_attr != NULL &&
6568 	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6569 	     != UINT64_MAX) {
6570 		phdr = (struct scsi_log_param_header *)data;
6571 		scsi_ulto2b(0x0001, phdr->param_code);
6572 		phdr->param_control = SLP_LBIN | SLP_LP;
6573 		phdr->param_len = 8;
6574 		data = (uint8_t *)(phdr + 1);
6575 		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6576 		data[4] = 0x02; /* per-pool */
6577 		data += phdr->param_len;
6578 	}
6579 
6580 	if (lun->backend->lun_attr != NULL &&
6581 	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6582 	     != UINT64_MAX) {
6583 		phdr = (struct scsi_log_param_header *)data;
6584 		scsi_ulto2b(0x0002, phdr->param_code);
6585 		phdr->param_control = SLP_LBIN | SLP_LP;
6586 		phdr->param_len = 8;
6587 		data = (uint8_t *)(phdr + 1);
6588 		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6589 		data[4] = 0x01; /* per-LUN */
6590 		data += phdr->param_len;
6591 	}
6592 
6593 	if (lun->backend->lun_attr != NULL &&
6594 	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6595 	     != UINT64_MAX) {
6596 		phdr = (struct scsi_log_param_header *)data;
6597 		scsi_ulto2b(0x00f1, phdr->param_code);
6598 		phdr->param_control = SLP_LBIN | SLP_LP;
6599 		phdr->param_len = 8;
6600 		data = (uint8_t *)(phdr + 1);
6601 		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6602 		data[4] = 0x02; /* per-pool */
6603 		data += phdr->param_len;
6604 	}
6605 
6606 	if (lun->backend->lun_attr != NULL &&
6607 	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6608 	     != UINT64_MAX) {
6609 		phdr = (struct scsi_log_param_header *)data;
6610 		scsi_ulto2b(0x00f2, phdr->param_code);
6611 		phdr->param_control = SLP_LBIN | SLP_LP;
6612 		phdr->param_len = 8;
6613 		data = (uint8_t *)(phdr + 1);
6614 		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6615 		data[4] = 0x02; /* per-pool */
6616 		data += phdr->param_len;
6617 	}
6618 
6619 	page_index->page_len = data - page_index->page_data;
6620 	return (0);
6621 }
6622 
6623 int
6624 ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6625 			       struct ctl_page_index *page_index,
6626 			       int pc)
6627 {
6628 	struct ctl_lun *lun;
6629 	struct stat_page *data;
6630 	uint64_t rn, wn, rb, wb;
6631 	struct bintime rt, wt;
6632 	int i;
6633 
6634 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6635 	data = (struct stat_page *)page_index->page_data;
6636 
6637 	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6638 	data->sap.hdr.param_control = SLP_LBIN;
6639 	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6640 	    sizeof(struct scsi_log_param_header);
6641 	rn = wn = rb = wb = 0;
6642 	bintime_clear(&rt);
6643 	bintime_clear(&wt);
6644 	for (i = 0; i < CTL_MAX_PORTS; i++) {
6645 		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6646 		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6647 		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6648 		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6649 		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6650 		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6651 	}
6652 	scsi_u64to8b(rn, data->sap.read_num);
6653 	scsi_u64to8b(wn, data->sap.write_num);
6654 	if (lun->stats.blocksize > 0) {
6655 		scsi_u64to8b(wb / lun->stats.blocksize,
6656 		    data->sap.recvieved_lba);
6657 		scsi_u64to8b(rb / lun->stats.blocksize,
6658 		    data->sap.transmitted_lba);
6659 	}
6660 	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6661 	    data->sap.read_int);
6662 	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6663 	    data->sap.write_int);
6664 	scsi_u64to8b(0, data->sap.weighted_num);
6665 	scsi_u64to8b(0, data->sap.weighted_int);
6666 	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6667 	data->it.hdr.param_control = SLP_LBIN;
6668 	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6669 	    sizeof(struct scsi_log_param_header);
6670 #ifdef CTL_TIME_IO
6671 	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6672 #endif
6673 	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6674 	data->it.hdr.param_control = SLP_LBIN;
6675 	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6676 	    sizeof(struct scsi_log_param_header);
6677 	scsi_ulto4b(3, data->ti.exponent);
6678 	scsi_ulto4b(1, data->ti.integer);
6679 
6680 	page_index->page_len = sizeof(*data);
6681 	return (0);
6682 }
6683 
6684 int
6685 ctl_log_sense(struct ctl_scsiio *ctsio)
6686 {
6687 	struct ctl_lun *lun;
6688 	int i, pc, page_code, subpage;
6689 	int alloc_len, total_len;
6690 	struct ctl_page_index *page_index;
6691 	struct scsi_log_sense *cdb;
6692 	struct scsi_log_header *header;
6693 
6694 	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6695 
6696 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6697 	cdb = (struct scsi_log_sense *)ctsio->cdb;
6698 	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6699 	page_code = cdb->page & SLS_PAGE_CODE;
6700 	subpage = cdb->subpage;
6701 	alloc_len = scsi_2btoul(cdb->length);
6702 
6703 	page_index = NULL;
6704 	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6705 		page_index = &lun->log_pages.index[i];
6706 
6707 		/* Look for the right page code */
6708 		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6709 			continue;
6710 
6711 		/* Look for the right subpage or the subpage wildcard*/
6712 		if (page_index->subpage != subpage)
6713 			continue;
6714 
6715 		break;
6716 	}
6717 	if (i >= CTL_NUM_LOG_PAGES) {
6718 		ctl_set_invalid_field(ctsio,
6719 				      /*sks_valid*/ 1,
6720 				      /*command*/ 1,
6721 				      /*field*/ 2,
6722 				      /*bit_valid*/ 0,
6723 				      /*bit*/ 0);
6724 		ctl_done((union ctl_io *)ctsio);
6725 		return (CTL_RETVAL_COMPLETE);
6726 	}
6727 
6728 	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6729 
6730 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6731 	ctsio->kern_sg_entries = 0;
6732 	ctsio->kern_data_resid = 0;
6733 	ctsio->kern_rel_offset = 0;
6734 	if (total_len < alloc_len) {
6735 		ctsio->residual = alloc_len - total_len;
6736 		ctsio->kern_data_len = total_len;
6737 		ctsio->kern_total_len = total_len;
6738 	} else {
6739 		ctsio->residual = 0;
6740 		ctsio->kern_data_len = alloc_len;
6741 		ctsio->kern_total_len = alloc_len;
6742 	}
6743 
6744 	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6745 	header->page = page_index->page_code;
6746 	if (page_index->subpage) {
6747 		header->page |= SL_SPF;
6748 		header->subpage = page_index->subpage;
6749 	}
6750 	scsi_ulto2b(page_index->page_len, header->datalen);
6751 
6752 	/*
6753 	 * Call the handler, if it exists, to update the
6754 	 * page to the latest values.
6755 	 */
6756 	if (page_index->sense_handler != NULL)
6757 		page_index->sense_handler(ctsio, page_index, pc);
6758 
6759 	memcpy(header + 1, page_index->page_data, page_index->page_len);
6760 
6761 	ctl_set_success(ctsio);
6762 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6763 	ctsio->be_move_done = ctl_config_move_done;
6764 	ctl_datamove((union ctl_io *)ctsio);
6765 	return (CTL_RETVAL_COMPLETE);
6766 }
6767 
6768 int
6769 ctl_read_capacity(struct ctl_scsiio *ctsio)
6770 {
6771 	struct scsi_read_capacity *cdb;
6772 	struct scsi_read_capacity_data *data;
6773 	struct ctl_lun *lun;
6774 	uint32_t lba;
6775 
6776 	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6777 
6778 	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6779 
6780 	lba = scsi_4btoul(cdb->addr);
6781 	if (((cdb->pmi & SRC_PMI) == 0)
6782 	 && (lba != 0)) {
6783 		ctl_set_invalid_field(/*ctsio*/ ctsio,
6784 				      /*sks_valid*/ 1,
6785 				      /*command*/ 1,
6786 				      /*field*/ 2,
6787 				      /*bit_valid*/ 0,
6788 				      /*bit*/ 0);
6789 		ctl_done((union ctl_io *)ctsio);
6790 		return (CTL_RETVAL_COMPLETE);
6791 	}
6792 
6793 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6794 
6795 	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6796 	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6797 	ctsio->residual = 0;
6798 	ctsio->kern_data_len = sizeof(*data);
6799 	ctsio->kern_total_len = sizeof(*data);
6800 	ctsio->kern_data_resid = 0;
6801 	ctsio->kern_rel_offset = 0;
6802 	ctsio->kern_sg_entries = 0;
6803 
6804 	/*
6805 	 * If the maximum LBA is greater than 0xfffffffe, the user must
6806 	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6807 	 * serivce action set.
6808 	 */
6809 	if (lun->be_lun->maxlba > 0xfffffffe)
6810 		scsi_ulto4b(0xffffffff, data->addr);
6811 	else
6812 		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6813 
6814 	/*
6815 	 * XXX KDM this may not be 512 bytes...
6816 	 */
6817 	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6818 
6819 	ctl_set_success(ctsio);
6820 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6821 	ctsio->be_move_done = ctl_config_move_done;
6822 	ctl_datamove((union ctl_io *)ctsio);
6823 	return (CTL_RETVAL_COMPLETE);
6824 }
6825 
6826 int
6827 ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6828 {
6829 	struct scsi_read_capacity_16 *cdb;
6830 	struct scsi_read_capacity_data_long *data;
6831 	struct ctl_lun *lun;
6832 	uint64_t lba;
6833 	uint32_t alloc_len;
6834 
6835 	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6836 
6837 	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6838 
6839 	alloc_len = scsi_4btoul(cdb->alloc_len);
6840 	lba = scsi_8btou64(cdb->addr);
6841 
6842 	if ((cdb->reladr & SRC16_PMI)
6843 	 && (lba != 0)) {
6844 		ctl_set_invalid_field(/*ctsio*/ ctsio,
6845 				      /*sks_valid*/ 1,
6846 				      /*command*/ 1,
6847 				      /*field*/ 2,
6848 				      /*bit_valid*/ 0,
6849 				      /*bit*/ 0);
6850 		ctl_done((union ctl_io *)ctsio);
6851 		return (CTL_RETVAL_COMPLETE);
6852 	}
6853 
6854 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6855 
6856 	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6857 	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6858 
6859 	if (sizeof(*data) < alloc_len) {
6860 		ctsio->residual = alloc_len - sizeof(*data);
6861 		ctsio->kern_data_len = sizeof(*data);
6862 		ctsio->kern_total_len = sizeof(*data);
6863 	} else {
6864 		ctsio->residual = 0;
6865 		ctsio->kern_data_len = alloc_len;
6866 		ctsio->kern_total_len = alloc_len;
6867 	}
6868 	ctsio->kern_data_resid = 0;
6869 	ctsio->kern_rel_offset = 0;
6870 	ctsio->kern_sg_entries = 0;
6871 
6872 	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6873 	/* XXX KDM this may not be 512 bytes... */
6874 	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6875 	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6876 	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6877 	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6878 		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6879 
6880 	ctl_set_success(ctsio);
6881 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6882 	ctsio->be_move_done = ctl_config_move_done;
6883 	ctl_datamove((union ctl_io *)ctsio);
6884 	return (CTL_RETVAL_COMPLETE);
6885 }
6886 
6887 int
6888 ctl_get_lba_status(struct ctl_scsiio *ctsio)
6889 {
6890 	struct scsi_get_lba_status *cdb;
6891 	struct scsi_get_lba_status_data *data;
6892 	struct ctl_lun *lun;
6893 	struct ctl_lba_len_flags *lbalen;
6894 	uint64_t lba;
6895 	uint32_t alloc_len, total_len;
6896 	int retval;
6897 
6898 	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6899 
6900 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6901 	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6902 	lba = scsi_8btou64(cdb->addr);
6903 	alloc_len = scsi_4btoul(cdb->alloc_len);
6904 
6905 	if (lba > lun->be_lun->maxlba) {
6906 		ctl_set_lba_out_of_range(ctsio);
6907 		ctl_done((union ctl_io *)ctsio);
6908 		return (CTL_RETVAL_COMPLETE);
6909 	}
6910 
6911 	total_len = sizeof(*data) + sizeof(data->descr[0]);
6912 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6913 	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6914 
6915 	if (total_len < alloc_len) {
6916 		ctsio->residual = alloc_len - total_len;
6917 		ctsio->kern_data_len = total_len;
6918 		ctsio->kern_total_len = total_len;
6919 	} else {
6920 		ctsio->residual = 0;
6921 		ctsio->kern_data_len = alloc_len;
6922 		ctsio->kern_total_len = alloc_len;
6923 	}
6924 	ctsio->kern_data_resid = 0;
6925 	ctsio->kern_rel_offset = 0;
6926 	ctsio->kern_sg_entries = 0;
6927 
6928 	/* Fill dummy data in case backend can't tell anything. */
6929 	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6930 	scsi_u64to8b(lba, data->descr[0].addr);
6931 	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6932 	    data->descr[0].length);
6933 	data->descr[0].status = 0; /* Mapped or unknown. */
6934 
6935 	ctl_set_success(ctsio);
6936 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6937 	ctsio->be_move_done = ctl_config_move_done;
6938 
6939 	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6940 	lbalen->lba = lba;
6941 	lbalen->len = total_len;
6942 	lbalen->flags = 0;
6943 	retval = lun->backend->config_read((union ctl_io *)ctsio);
6944 	return (CTL_RETVAL_COMPLETE);
6945 }
6946 
6947 int
6948 ctl_read_defect(struct ctl_scsiio *ctsio)
6949 {
6950 	struct scsi_read_defect_data_10 *ccb10;
6951 	struct scsi_read_defect_data_12 *ccb12;
6952 	struct scsi_read_defect_data_hdr_10 *data10;
6953 	struct scsi_read_defect_data_hdr_12 *data12;
6954 	uint32_t alloc_len, data_len;
6955 	uint8_t format;
6956 
6957 	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6958 
6959 	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6960 		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6961 		format = ccb10->format;
6962 		alloc_len = scsi_2btoul(ccb10->alloc_length);
6963 		data_len = sizeof(*data10);
6964 	} else {
6965 		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6966 		format = ccb12->format;
6967 		alloc_len = scsi_4btoul(ccb12->alloc_length);
6968 		data_len = sizeof(*data12);
6969 	}
6970 	if (alloc_len == 0) {
6971 		ctl_set_success(ctsio);
6972 		ctl_done((union ctl_io *)ctsio);
6973 		return (CTL_RETVAL_COMPLETE);
6974 	}
6975 
6976 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6977 	if (data_len < alloc_len) {
6978 		ctsio->residual = alloc_len - data_len;
6979 		ctsio->kern_data_len = data_len;
6980 		ctsio->kern_total_len = data_len;
6981 	} else {
6982 		ctsio->residual = 0;
6983 		ctsio->kern_data_len = alloc_len;
6984 		ctsio->kern_total_len = alloc_len;
6985 	}
6986 	ctsio->kern_data_resid = 0;
6987 	ctsio->kern_rel_offset = 0;
6988 	ctsio->kern_sg_entries = 0;
6989 
6990 	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6991 		data10 = (struct scsi_read_defect_data_hdr_10 *)
6992 		    ctsio->kern_data_ptr;
6993 		data10->format = format;
6994 		scsi_ulto2b(0, data10->length);
6995 	} else {
6996 		data12 = (struct scsi_read_defect_data_hdr_12 *)
6997 		    ctsio->kern_data_ptr;
6998 		data12->format = format;
6999 		scsi_ulto2b(0, data12->generation);
7000 		scsi_ulto4b(0, data12->length);
7001 	}
7002 
7003 	ctl_set_success(ctsio);
7004 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7005 	ctsio->be_move_done = ctl_config_move_done;
7006 	ctl_datamove((union ctl_io *)ctsio);
7007 	return (CTL_RETVAL_COMPLETE);
7008 }
7009 
7010 int
7011 ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7012 {
7013 	struct scsi_maintenance_in *cdb;
7014 	int retval;
7015 	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7016 	int num_target_port_groups, num_target_ports;
7017 	struct ctl_lun *lun;
7018 	struct ctl_softc *softc;
7019 	struct ctl_port *port;
7020 	struct scsi_target_group_data *rtg_ptr;
7021 	struct scsi_target_group_data_extended *rtg_ext_ptr;
7022 	struct scsi_target_port_group_descriptor *tpg_desc;
7023 
7024 	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7025 
7026 	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7027 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7028 	softc = lun->ctl_softc;
7029 
7030 	retval = CTL_RETVAL_COMPLETE;
7031 
7032 	switch (cdb->byte2 & STG_PDF_MASK) {
7033 	case STG_PDF_LENGTH:
7034 		ext = 0;
7035 		break;
7036 	case STG_PDF_EXTENDED:
7037 		ext = 1;
7038 		break;
7039 	default:
7040 		ctl_set_invalid_field(/*ctsio*/ ctsio,
7041 				      /*sks_valid*/ 1,
7042 				      /*command*/ 1,
7043 				      /*field*/ 2,
7044 				      /*bit_valid*/ 1,
7045 				      /*bit*/ 5);
7046 		ctl_done((union ctl_io *)ctsio);
7047 		return(retval);
7048 	}
7049 
7050 	if (softc->is_single)
7051 		num_target_port_groups = 1;
7052 	else
7053 		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7054 	num_target_ports = 0;
7055 	mtx_lock(&softc->ctl_lock);
7056 	STAILQ_FOREACH(port, &softc->port_list, links) {
7057 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7058 			continue;
7059 		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7060 			continue;
7061 		num_target_ports++;
7062 	}
7063 	mtx_unlock(&softc->ctl_lock);
7064 
7065 	if (ext)
7066 		total_len = sizeof(struct scsi_target_group_data_extended);
7067 	else
7068 		total_len = sizeof(struct scsi_target_group_data);
7069 	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7070 		num_target_port_groups +
7071 	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7072 
7073 	alloc_len = scsi_4btoul(cdb->length);
7074 
7075 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7076 
7077 	ctsio->kern_sg_entries = 0;
7078 
7079 	if (total_len < alloc_len) {
7080 		ctsio->residual = alloc_len - total_len;
7081 		ctsio->kern_data_len = total_len;
7082 		ctsio->kern_total_len = total_len;
7083 	} else {
7084 		ctsio->residual = 0;
7085 		ctsio->kern_data_len = alloc_len;
7086 		ctsio->kern_total_len = alloc_len;
7087 	}
7088 	ctsio->kern_data_resid = 0;
7089 	ctsio->kern_rel_offset = 0;
7090 
7091 	if (ext) {
7092 		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7093 		    ctsio->kern_data_ptr;
7094 		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7095 		rtg_ext_ptr->format_type = 0x10;
7096 		rtg_ext_ptr->implicit_transition_time = 0;
7097 		tpg_desc = &rtg_ext_ptr->groups[0];
7098 	} else {
7099 		rtg_ptr = (struct scsi_target_group_data *)
7100 		    ctsio->kern_data_ptr;
7101 		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7102 		tpg_desc = &rtg_ptr->groups[0];
7103 	}
7104 
7105 	mtx_lock(&softc->ctl_lock);
7106 	pg = softc->port_min / softc->port_cnt;
7107 	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7108 		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7109 	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7110 		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7111 	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7112 		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7113 	else
7114 		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7115 	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7116 		os = gs;
7117 		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7118 	} else
7119 		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7120 	for (g = 0; g < num_target_port_groups; g++) {
7121 		tpg_desc->pref_state = (g == pg) ? gs : os;
7122 		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7123 		    TPG_U_SUP | TPG_T_SUP;
7124 		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7125 		tpg_desc->status = TPG_IMPLICIT;
7126 		pc = 0;
7127 		STAILQ_FOREACH(port, &softc->port_list, links) {
7128 			if (port->targ_port < g * softc->port_cnt ||
7129 			    port->targ_port >= (g + 1) * softc->port_cnt)
7130 				continue;
7131 			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7132 				continue;
7133 			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7134 				continue;
7135 			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7136 			    relative_target_port_identifier);
7137 			pc++;
7138 		}
7139 		tpg_desc->target_port_count = pc;
7140 		tpg_desc = (struct scsi_target_port_group_descriptor *)
7141 		    &tpg_desc->descriptors[pc];
7142 	}
7143 	mtx_unlock(&softc->ctl_lock);
7144 
7145 	ctl_set_success(ctsio);
7146 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7147 	ctsio->be_move_done = ctl_config_move_done;
7148 	ctl_datamove((union ctl_io *)ctsio);
7149 	return(retval);
7150 }
7151 
7152 int
7153 ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7154 {
7155 	struct ctl_lun *lun;
7156 	struct scsi_report_supported_opcodes *cdb;
7157 	const struct ctl_cmd_entry *entry, *sentry;
7158 	struct scsi_report_supported_opcodes_all *all;
7159 	struct scsi_report_supported_opcodes_descr *descr;
7160 	struct scsi_report_supported_opcodes_one *one;
7161 	int retval;
7162 	int alloc_len, total_len;
7163 	int opcode, service_action, i, j, num;
7164 
7165 	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7166 
7167 	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7168 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7169 
7170 	retval = CTL_RETVAL_COMPLETE;
7171 
7172 	opcode = cdb->requested_opcode;
7173 	service_action = scsi_2btoul(cdb->requested_service_action);
7174 	switch (cdb->options & RSO_OPTIONS_MASK) {
7175 	case RSO_OPTIONS_ALL:
7176 		num = 0;
7177 		for (i = 0; i < 256; i++) {
7178 			entry = &ctl_cmd_table[i];
7179 			if (entry->flags & CTL_CMD_FLAG_SA5) {
7180 				for (j = 0; j < 32; j++) {
7181 					sentry = &((const struct ctl_cmd_entry *)
7182 					    entry->execute)[j];
7183 					if (ctl_cmd_applicable(
7184 					    lun->be_lun->lun_type, sentry))
7185 						num++;
7186 				}
7187 			} else {
7188 				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7189 				    entry))
7190 					num++;
7191 			}
7192 		}
7193 		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7194 		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7195 		break;
7196 	case RSO_OPTIONS_OC:
7197 		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7198 			ctl_set_invalid_field(/*ctsio*/ ctsio,
7199 					      /*sks_valid*/ 1,
7200 					      /*command*/ 1,
7201 					      /*field*/ 2,
7202 					      /*bit_valid*/ 1,
7203 					      /*bit*/ 2);
7204 			ctl_done((union ctl_io *)ctsio);
7205 			return (CTL_RETVAL_COMPLETE);
7206 		}
7207 		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7208 		break;
7209 	case RSO_OPTIONS_OC_SA:
7210 		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7211 		    service_action >= 32) {
7212 			ctl_set_invalid_field(/*ctsio*/ ctsio,
7213 					      /*sks_valid*/ 1,
7214 					      /*command*/ 1,
7215 					      /*field*/ 2,
7216 					      /*bit_valid*/ 1,
7217 					      /*bit*/ 2);
7218 			ctl_done((union ctl_io *)ctsio);
7219 			return (CTL_RETVAL_COMPLETE);
7220 		}
7221 		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7222 		break;
7223 	default:
7224 		ctl_set_invalid_field(/*ctsio*/ ctsio,
7225 				      /*sks_valid*/ 1,
7226 				      /*command*/ 1,
7227 				      /*field*/ 2,
7228 				      /*bit_valid*/ 1,
7229 				      /*bit*/ 2);
7230 		ctl_done((union ctl_io *)ctsio);
7231 		return (CTL_RETVAL_COMPLETE);
7232 	}
7233 
7234 	alloc_len = scsi_4btoul(cdb->length);
7235 
7236 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7237 
7238 	ctsio->kern_sg_entries = 0;
7239 
7240 	if (total_len < alloc_len) {
7241 		ctsio->residual = alloc_len - total_len;
7242 		ctsio->kern_data_len = total_len;
7243 		ctsio->kern_total_len = total_len;
7244 	} else {
7245 		ctsio->residual = 0;
7246 		ctsio->kern_data_len = alloc_len;
7247 		ctsio->kern_total_len = alloc_len;
7248 	}
7249 	ctsio->kern_data_resid = 0;
7250 	ctsio->kern_rel_offset = 0;
7251 
7252 	switch (cdb->options & RSO_OPTIONS_MASK) {
7253 	case RSO_OPTIONS_ALL:
7254 		all = (struct scsi_report_supported_opcodes_all *)
7255 		    ctsio->kern_data_ptr;
7256 		num = 0;
7257 		for (i = 0; i < 256; i++) {
7258 			entry = &ctl_cmd_table[i];
7259 			if (entry->flags & CTL_CMD_FLAG_SA5) {
7260 				for (j = 0; j < 32; j++) {
7261 					sentry = &((const struct ctl_cmd_entry *)
7262 					    entry->execute)[j];
7263 					if (!ctl_cmd_applicable(
7264 					    lun->be_lun->lun_type, sentry))
7265 						continue;
7266 					descr = &all->descr[num++];
7267 					descr->opcode = i;
7268 					scsi_ulto2b(j, descr->service_action);
7269 					descr->flags = RSO_SERVACTV;
7270 					scsi_ulto2b(sentry->length,
7271 					    descr->cdb_length);
7272 				}
7273 			} else {
7274 				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7275 				    entry))
7276 					continue;
7277 				descr = &all->descr[num++];
7278 				descr->opcode = i;
7279 				scsi_ulto2b(0, descr->service_action);
7280 				descr->flags = 0;
7281 				scsi_ulto2b(entry->length, descr->cdb_length);
7282 			}
7283 		}
7284 		scsi_ulto4b(
7285 		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7286 		    all->length);
7287 		break;
7288 	case RSO_OPTIONS_OC:
7289 		one = (struct scsi_report_supported_opcodes_one *)
7290 		    ctsio->kern_data_ptr;
7291 		entry = &ctl_cmd_table[opcode];
7292 		goto fill_one;
7293 	case RSO_OPTIONS_OC_SA:
7294 		one = (struct scsi_report_supported_opcodes_one *)
7295 		    ctsio->kern_data_ptr;
7296 		entry = &ctl_cmd_table[opcode];
7297 		entry = &((const struct ctl_cmd_entry *)
7298 		    entry->execute)[service_action];
7299 fill_one:
7300 		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7301 			one->support = 3;
7302 			scsi_ulto2b(entry->length, one->cdb_length);
7303 			one->cdb_usage[0] = opcode;
7304 			memcpy(&one->cdb_usage[1], entry->usage,
7305 			    entry->length - 1);
7306 		} else
7307 			one->support = 1;
7308 		break;
7309 	}
7310 
7311 	ctl_set_success(ctsio);
7312 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7313 	ctsio->be_move_done = ctl_config_move_done;
7314 	ctl_datamove((union ctl_io *)ctsio);
7315 	return(retval);
7316 }
7317 
7318 int
7319 ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7320 {
7321 	struct scsi_report_supported_tmf *cdb;
7322 	struct scsi_report_supported_tmf_data *data;
7323 	int retval;
7324 	int alloc_len, total_len;
7325 
7326 	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7327 
7328 	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7329 
7330 	retval = CTL_RETVAL_COMPLETE;
7331 
7332 	total_len = sizeof(struct scsi_report_supported_tmf_data);
7333 	alloc_len = scsi_4btoul(cdb->length);
7334 
7335 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7336 
7337 	ctsio->kern_sg_entries = 0;
7338 
7339 	if (total_len < alloc_len) {
7340 		ctsio->residual = alloc_len - total_len;
7341 		ctsio->kern_data_len = total_len;
7342 		ctsio->kern_total_len = total_len;
7343 	} else {
7344 		ctsio->residual = 0;
7345 		ctsio->kern_data_len = alloc_len;
7346 		ctsio->kern_total_len = alloc_len;
7347 	}
7348 	ctsio->kern_data_resid = 0;
7349 	ctsio->kern_rel_offset = 0;
7350 
7351 	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7352 	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7353 	    RST_TRS;
7354 	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7355 
7356 	ctl_set_success(ctsio);
7357 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7358 	ctsio->be_move_done = ctl_config_move_done;
7359 	ctl_datamove((union ctl_io *)ctsio);
7360 	return (retval);
7361 }
7362 
7363 int
7364 ctl_report_timestamp(struct ctl_scsiio *ctsio)
7365 {
7366 	struct scsi_report_timestamp *cdb;
7367 	struct scsi_report_timestamp_data *data;
7368 	struct timeval tv;
7369 	int64_t timestamp;
7370 	int retval;
7371 	int alloc_len, total_len;
7372 
7373 	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7374 
7375 	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7376 
7377 	retval = CTL_RETVAL_COMPLETE;
7378 
7379 	total_len = sizeof(struct scsi_report_timestamp_data);
7380 	alloc_len = scsi_4btoul(cdb->length);
7381 
7382 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7383 
7384 	ctsio->kern_sg_entries = 0;
7385 
7386 	if (total_len < alloc_len) {
7387 		ctsio->residual = alloc_len - total_len;
7388 		ctsio->kern_data_len = total_len;
7389 		ctsio->kern_total_len = total_len;
7390 	} else {
7391 		ctsio->residual = 0;
7392 		ctsio->kern_data_len = alloc_len;
7393 		ctsio->kern_total_len = alloc_len;
7394 	}
7395 	ctsio->kern_data_resid = 0;
7396 	ctsio->kern_rel_offset = 0;
7397 
7398 	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7399 	scsi_ulto2b(sizeof(*data) - 2, data->length);
7400 	data->origin = RTS_ORIG_OUTSIDE;
7401 	getmicrotime(&tv);
7402 	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7403 	scsi_ulto4b(timestamp >> 16, data->timestamp);
7404 	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7405 
7406 	ctl_set_success(ctsio);
7407 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7408 	ctsio->be_move_done = ctl_config_move_done;
7409 	ctl_datamove((union ctl_io *)ctsio);
7410 	return (retval);
7411 }
7412 
7413 int
7414 ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7415 {
7416 	struct scsi_per_res_in *cdb;
7417 	int alloc_len, total_len = 0;
7418 	/* struct scsi_per_res_in_rsrv in_data; */
7419 	struct ctl_lun *lun;
7420 	struct ctl_softc *softc;
7421 	uint64_t key;
7422 
7423 	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7424 
7425 	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7426 
7427 	alloc_len = scsi_2btoul(cdb->length);
7428 
7429 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7430 	softc = lun->ctl_softc;
7431 
7432 retry:
7433 	mtx_lock(&lun->lun_lock);
7434 	switch (cdb->action) {
7435 	case SPRI_RK: /* read keys */
7436 		total_len = sizeof(struct scsi_per_res_in_keys) +
7437 			lun->pr_key_count *
7438 			sizeof(struct scsi_per_res_key);
7439 		break;
7440 	case SPRI_RR: /* read reservation */
7441 		if (lun->flags & CTL_LUN_PR_RESERVED)
7442 			total_len = sizeof(struct scsi_per_res_in_rsrv);
7443 		else
7444 			total_len = sizeof(struct scsi_per_res_in_header);
7445 		break;
7446 	case SPRI_RC: /* report capabilities */
7447 		total_len = sizeof(struct scsi_per_res_cap);
7448 		break;
7449 	case SPRI_RS: /* read full status */
7450 		total_len = sizeof(struct scsi_per_res_in_header) +
7451 		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7452 		    lun->pr_key_count;
7453 		break;
7454 	default:
7455 		panic("Invalid PR type %x", cdb->action);
7456 	}
7457 	mtx_unlock(&lun->lun_lock);
7458 
7459 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7460 
7461 	if (total_len < alloc_len) {
7462 		ctsio->residual = alloc_len - total_len;
7463 		ctsio->kern_data_len = total_len;
7464 		ctsio->kern_total_len = total_len;
7465 	} else {
7466 		ctsio->residual = 0;
7467 		ctsio->kern_data_len = alloc_len;
7468 		ctsio->kern_total_len = alloc_len;
7469 	}
7470 
7471 	ctsio->kern_data_resid = 0;
7472 	ctsio->kern_rel_offset = 0;
7473 	ctsio->kern_sg_entries = 0;
7474 
7475 	mtx_lock(&lun->lun_lock);
7476 	switch (cdb->action) {
7477 	case SPRI_RK: { // read keys
7478         struct scsi_per_res_in_keys *res_keys;
7479 		int i, key_count;
7480 
7481 		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7482 
7483 		/*
7484 		 * We had to drop the lock to allocate our buffer, which
7485 		 * leaves time for someone to come in with another
7486 		 * persistent reservation.  (That is unlikely, though,
7487 		 * since this should be the only persistent reservation
7488 		 * command active right now.)
7489 		 */
7490 		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7491 		    (lun->pr_key_count *
7492 		     sizeof(struct scsi_per_res_key)))){
7493 			mtx_unlock(&lun->lun_lock);
7494 			free(ctsio->kern_data_ptr, M_CTL);
7495 			printf("%s: reservation length changed, retrying\n",
7496 			       __func__);
7497 			goto retry;
7498 		}
7499 
7500 		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7501 
7502 		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7503 			     lun->pr_key_count, res_keys->header.length);
7504 
7505 		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7506 			if ((key = ctl_get_prkey(lun, i)) == 0)
7507 				continue;
7508 
7509 			/*
7510 			 * We used lun->pr_key_count to calculate the
7511 			 * size to allocate.  If it turns out the number of
7512 			 * initiators with the registered flag set is
7513 			 * larger than that (i.e. they haven't been kept in
7514 			 * sync), we've got a problem.
7515 			 */
7516 			if (key_count >= lun->pr_key_count) {
7517 				key_count++;
7518 				continue;
7519 			}
7520 			scsi_u64to8b(key, res_keys->keys[key_count].key);
7521 			key_count++;
7522 		}
7523 		break;
7524 	}
7525 	case SPRI_RR: { // read reservation
7526 		struct scsi_per_res_in_rsrv *res;
7527 		int tmp_len, header_only;
7528 
7529 		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7530 
7531 		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7532 
7533 		if (lun->flags & CTL_LUN_PR_RESERVED)
7534 		{
7535 			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7536 			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7537 				    res->header.length);
7538 			header_only = 0;
7539 		} else {
7540 			tmp_len = sizeof(struct scsi_per_res_in_header);
7541 			scsi_ulto4b(0, res->header.length);
7542 			header_only = 1;
7543 		}
7544 
7545 		/*
7546 		 * We had to drop the lock to allocate our buffer, which
7547 		 * leaves time for someone to come in with another
7548 		 * persistent reservation.  (That is unlikely, though,
7549 		 * since this should be the only persistent reservation
7550 		 * command active right now.)
7551 		 */
7552 		if (tmp_len != total_len) {
7553 			mtx_unlock(&lun->lun_lock);
7554 			free(ctsio->kern_data_ptr, M_CTL);
7555 			printf("%s: reservation status changed, retrying\n",
7556 			       __func__);
7557 			goto retry;
7558 		}
7559 
7560 		/*
7561 		 * No reservation held, so we're done.
7562 		 */
7563 		if (header_only != 0)
7564 			break;
7565 
7566 		/*
7567 		 * If the registration is an All Registrants type, the key
7568 		 * is 0, since it doesn't really matter.
7569 		 */
7570 		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7571 			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7572 			    res->data.reservation);
7573 		}
7574 		res->data.scopetype = lun->res_type;
7575 		break;
7576 	}
7577 	case SPRI_RC:     //report capabilities
7578 	{
7579 		struct scsi_per_res_cap *res_cap;
7580 		uint16_t type_mask;
7581 
7582 		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7583 		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7584 		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7585 		type_mask = SPRI_TM_WR_EX_AR |
7586 			    SPRI_TM_EX_AC_RO |
7587 			    SPRI_TM_WR_EX_RO |
7588 			    SPRI_TM_EX_AC |
7589 			    SPRI_TM_WR_EX |
7590 			    SPRI_TM_EX_AC_AR;
7591 		scsi_ulto2b(type_mask, res_cap->type_mask);
7592 		break;
7593 	}
7594 	case SPRI_RS: { // read full status
7595 		struct scsi_per_res_in_full *res_status;
7596 		struct scsi_per_res_in_full_desc *res_desc;
7597 		struct ctl_port *port;
7598 		int i, len;
7599 
7600 		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7601 
7602 		/*
7603 		 * We had to drop the lock to allocate our buffer, which
7604 		 * leaves time for someone to come in with another
7605 		 * persistent reservation.  (That is unlikely, though,
7606 		 * since this should be the only persistent reservation
7607 		 * command active right now.)
7608 		 */
7609 		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7610 		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7611 		     lun->pr_key_count)){
7612 			mtx_unlock(&lun->lun_lock);
7613 			free(ctsio->kern_data_ptr, M_CTL);
7614 			printf("%s: reservation length changed, retrying\n",
7615 			       __func__);
7616 			goto retry;
7617 		}
7618 
7619 		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7620 
7621 		res_desc = &res_status->desc[0];
7622 		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7623 			if ((key = ctl_get_prkey(lun, i)) == 0)
7624 				continue;
7625 
7626 			scsi_u64to8b(key, res_desc->res_key.key);
7627 			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7628 			    (lun->pr_res_idx == i ||
7629 			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7630 				res_desc->flags = SPRI_FULL_R_HOLDER;
7631 				res_desc->scopetype = lun->res_type;
7632 			}
7633 			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7634 			    res_desc->rel_trgt_port_id);
7635 			len = 0;
7636 			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7637 			if (port != NULL)
7638 				len = ctl_create_iid(port,
7639 				    i % CTL_MAX_INIT_PER_PORT,
7640 				    res_desc->transport_id);
7641 			scsi_ulto4b(len, res_desc->additional_length);
7642 			res_desc = (struct scsi_per_res_in_full_desc *)
7643 			    &res_desc->transport_id[len];
7644 		}
7645 		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7646 		    res_status->header.length);
7647 		break;
7648 	}
7649 	default:
7650 		/*
7651 		 * This is a bug, because we just checked for this above,
7652 		 * and should have returned an error.
7653 		 */
7654 		panic("Invalid PR type %x", cdb->action);
7655 		break; /* NOTREACHED */
7656 	}
7657 	mtx_unlock(&lun->lun_lock);
7658 
7659 	ctl_set_success(ctsio);
7660 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7661 	ctsio->be_move_done = ctl_config_move_done;
7662 	ctl_datamove((union ctl_io *)ctsio);
7663 	return (CTL_RETVAL_COMPLETE);
7664 }
7665 
7666 /*
7667  * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7668  * it should return.
7669  */
7670 static int
7671 ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7672 		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7673 		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7674 		struct scsi_per_res_out_parms* param)
7675 {
7676 	union ctl_ha_msg persis_io;
7677 	int i;
7678 
7679 	mtx_lock(&lun->lun_lock);
7680 	if (sa_res_key == 0) {
7681 		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7682 			/* validate scope and type */
7683 			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7684 			     SPR_LU_SCOPE) {
7685 				mtx_unlock(&lun->lun_lock);
7686 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7687 						      /*sks_valid*/ 1,
7688 						      /*command*/ 1,
7689 						      /*field*/ 2,
7690 						      /*bit_valid*/ 1,
7691 						      /*bit*/ 4);
7692 				ctl_done((union ctl_io *)ctsio);
7693 				return (1);
7694 			}
7695 
7696 		        if (type>8 || type==2 || type==4 || type==0) {
7697 				mtx_unlock(&lun->lun_lock);
7698 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7699        	           				      /*sks_valid*/ 1,
7700 						      /*command*/ 1,
7701 						      /*field*/ 2,
7702 						      /*bit_valid*/ 1,
7703 						      /*bit*/ 0);
7704 				ctl_done((union ctl_io *)ctsio);
7705 				return (1);
7706 		        }
7707 
7708 			/*
7709 			 * Unregister everybody else and build UA for
7710 			 * them
7711 			 */
7712 			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7713 				if (i == residx || ctl_get_prkey(lun, i) == 0)
7714 					continue;
7715 
7716 				ctl_clr_prkey(lun, i);
7717 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7718 			}
7719 			lun->pr_key_count = 1;
7720 			lun->res_type = type;
7721 			if (lun->res_type != SPR_TYPE_WR_EX_AR
7722 			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7723 				lun->pr_res_idx = residx;
7724 			lun->PRGeneration++;
7725 			mtx_unlock(&lun->lun_lock);
7726 
7727 			/* send msg to other side */
7728 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7729 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7730 			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7731 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7732 			persis_io.pr.pr_info.res_type = type;
7733 			memcpy(persis_io.pr.pr_info.sa_res_key,
7734 			       param->serv_act_res_key,
7735 			       sizeof(param->serv_act_res_key));
7736 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7737 			    sizeof(persis_io.pr), M_WAITOK);
7738 		} else {
7739 			/* not all registrants */
7740 			mtx_unlock(&lun->lun_lock);
7741 			free(ctsio->kern_data_ptr, M_CTL);
7742 			ctl_set_invalid_field(ctsio,
7743 					      /*sks_valid*/ 1,
7744 					      /*command*/ 0,
7745 					      /*field*/ 8,
7746 					      /*bit_valid*/ 0,
7747 					      /*bit*/ 0);
7748 			ctl_done((union ctl_io *)ctsio);
7749 			return (1);
7750 		}
7751 	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7752 		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7753 		int found = 0;
7754 
7755 		if (res_key == sa_res_key) {
7756 			/* special case */
7757 			/*
7758 			 * The spec implies this is not good but doesn't
7759 			 * say what to do. There are two choices either
7760 			 * generate a res conflict or check condition
7761 			 * with illegal field in parameter data. Since
7762 			 * that is what is done when the sa_res_key is
7763 			 * zero I'll take that approach since this has
7764 			 * to do with the sa_res_key.
7765 			 */
7766 			mtx_unlock(&lun->lun_lock);
7767 			free(ctsio->kern_data_ptr, M_CTL);
7768 			ctl_set_invalid_field(ctsio,
7769 					      /*sks_valid*/ 1,
7770 					      /*command*/ 0,
7771 					      /*field*/ 8,
7772 					      /*bit_valid*/ 0,
7773 					      /*bit*/ 0);
7774 			ctl_done((union ctl_io *)ctsio);
7775 			return (1);
7776 		}
7777 
7778 		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7779 			if (ctl_get_prkey(lun, i) != sa_res_key)
7780 				continue;
7781 
7782 			found = 1;
7783 			ctl_clr_prkey(lun, i);
7784 			lun->pr_key_count--;
7785 			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7786 		}
7787 		if (!found) {
7788 			mtx_unlock(&lun->lun_lock);
7789 			free(ctsio->kern_data_ptr, M_CTL);
7790 			ctl_set_reservation_conflict(ctsio);
7791 			ctl_done((union ctl_io *)ctsio);
7792 			return (CTL_RETVAL_COMPLETE);
7793 		}
7794 		lun->PRGeneration++;
7795 		mtx_unlock(&lun->lun_lock);
7796 
7797 		/* send msg to other side */
7798 		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7799 		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7800 		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7801 		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7802 		persis_io.pr.pr_info.res_type = type;
7803 		memcpy(persis_io.pr.pr_info.sa_res_key,
7804 		       param->serv_act_res_key,
7805 		       sizeof(param->serv_act_res_key));
7806 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7807 		    sizeof(persis_io.pr), M_WAITOK);
7808 	} else {
7809 		/* Reserved but not all registrants */
7810 		/* sa_res_key is res holder */
7811 		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7812 			/* validate scope and type */
7813 			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7814 			     SPR_LU_SCOPE) {
7815 				mtx_unlock(&lun->lun_lock);
7816 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7817 						      /*sks_valid*/ 1,
7818 						      /*command*/ 1,
7819 						      /*field*/ 2,
7820 						      /*bit_valid*/ 1,
7821 						      /*bit*/ 4);
7822 				ctl_done((union ctl_io *)ctsio);
7823 				return (1);
7824 			}
7825 
7826 			if (type>8 || type==2 || type==4 || type==0) {
7827 				mtx_unlock(&lun->lun_lock);
7828 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7829 						      /*sks_valid*/ 1,
7830 						      /*command*/ 1,
7831 						      /*field*/ 2,
7832 						      /*bit_valid*/ 1,
7833 						      /*bit*/ 0);
7834 				ctl_done((union ctl_io *)ctsio);
7835 				return (1);
7836 			}
7837 
7838 			/*
7839 			 * Do the following:
7840 			 * if sa_res_key != res_key remove all
7841 			 * registrants w/sa_res_key and generate UA
7842 			 * for these registrants(Registrations
7843 			 * Preempted) if it wasn't an exclusive
7844 			 * reservation generate UA(Reservations
7845 			 * Preempted) for all other registered nexuses
7846 			 * if the type has changed. Establish the new
7847 			 * reservation and holder. If res_key and
7848 			 * sa_res_key are the same do the above
7849 			 * except don't unregister the res holder.
7850 			 */
7851 
7852 			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7853 				if (i == residx || ctl_get_prkey(lun, i) == 0)
7854 					continue;
7855 
7856 				if (sa_res_key == ctl_get_prkey(lun, i)) {
7857 					ctl_clr_prkey(lun, i);
7858 					lun->pr_key_count--;
7859 					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7860 				} else if (type != lun->res_type
7861 					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7862 					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7863 					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7864 				}
7865 			}
7866 			lun->res_type = type;
7867 			if (lun->res_type != SPR_TYPE_WR_EX_AR
7868 			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7869 				lun->pr_res_idx = residx;
7870 			else
7871 				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7872 			lun->PRGeneration++;
7873 			mtx_unlock(&lun->lun_lock);
7874 
7875 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7876 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7877 			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7878 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7879 			persis_io.pr.pr_info.res_type = type;
7880 			memcpy(persis_io.pr.pr_info.sa_res_key,
7881 			       param->serv_act_res_key,
7882 			       sizeof(param->serv_act_res_key));
7883 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7884 			    sizeof(persis_io.pr), M_WAITOK);
7885 		} else {
7886 			/*
7887 			 * sa_res_key is not the res holder just
7888 			 * remove registrants
7889 			 */
7890 			int found=0;
7891 
7892 			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7893 				if (sa_res_key != ctl_get_prkey(lun, i))
7894 					continue;
7895 
7896 				found = 1;
7897 				ctl_clr_prkey(lun, i);
7898 				lun->pr_key_count--;
7899 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7900 			}
7901 
7902 			if (!found) {
7903 				mtx_unlock(&lun->lun_lock);
7904 				free(ctsio->kern_data_ptr, M_CTL);
7905 				ctl_set_reservation_conflict(ctsio);
7906 				ctl_done((union ctl_io *)ctsio);
7907 		        	return (1);
7908 			}
7909 			lun->PRGeneration++;
7910 			mtx_unlock(&lun->lun_lock);
7911 
7912 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7913 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7914 			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7915 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7916 			persis_io.pr.pr_info.res_type = type;
7917 			memcpy(persis_io.pr.pr_info.sa_res_key,
7918 			       param->serv_act_res_key,
7919 			       sizeof(param->serv_act_res_key));
7920 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7921 			    sizeof(persis_io.pr), M_WAITOK);
7922 		}
7923 	}
7924 	return (0);
7925 }
7926 
7927 static void
7928 ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7929 {
7930 	uint64_t sa_res_key;
7931 	int i;
7932 
7933 	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7934 
7935 	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7936 	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7937 	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7938 		if (sa_res_key == 0) {
7939 			/*
7940 			 * Unregister everybody else and build UA for
7941 			 * them
7942 			 */
7943 			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7944 				if (i == msg->pr.pr_info.residx ||
7945 				    ctl_get_prkey(lun, i) == 0)
7946 					continue;
7947 
7948 				ctl_clr_prkey(lun, i);
7949 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7950 			}
7951 
7952 			lun->pr_key_count = 1;
7953 			lun->res_type = msg->pr.pr_info.res_type;
7954 			if (lun->res_type != SPR_TYPE_WR_EX_AR
7955 			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7956 				lun->pr_res_idx = msg->pr.pr_info.residx;
7957 		} else {
7958 		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7959 				if (sa_res_key == ctl_get_prkey(lun, i))
7960 					continue;
7961 
7962 				ctl_clr_prkey(lun, i);
7963 				lun->pr_key_count--;
7964 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7965 			}
7966 		}
7967 	} else {
7968 		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7969 			if (i == msg->pr.pr_info.residx ||
7970 			    ctl_get_prkey(lun, i) == 0)
7971 				continue;
7972 
7973 			if (sa_res_key == ctl_get_prkey(lun, i)) {
7974 				ctl_clr_prkey(lun, i);
7975 				lun->pr_key_count--;
7976 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7977 			} else if (msg->pr.pr_info.res_type != lun->res_type
7978 				&& (lun->res_type == SPR_TYPE_WR_EX_RO
7979 				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
7980 				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7981 			}
7982 		}
7983 		lun->res_type = msg->pr.pr_info.res_type;
7984 		if (lun->res_type != SPR_TYPE_WR_EX_AR
7985 		 && lun->res_type != SPR_TYPE_EX_AC_AR)
7986 			lun->pr_res_idx = msg->pr.pr_info.residx;
7987 		else
7988 			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7989 	}
7990 	lun->PRGeneration++;
7991 
7992 }
7993 
7994 
7995 int
7996 ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
7997 {
7998 	int retval;
7999 	u_int32_t param_len;
8000 	struct scsi_per_res_out *cdb;
8001 	struct ctl_lun *lun;
8002 	struct scsi_per_res_out_parms* param;
8003 	struct ctl_softc *softc;
8004 	uint32_t residx;
8005 	uint64_t res_key, sa_res_key, key;
8006 	uint8_t type;
8007 	union ctl_ha_msg persis_io;
8008 	int    i;
8009 
8010 	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8011 
8012 	retval = CTL_RETVAL_COMPLETE;
8013 
8014 	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8015 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8016 	softc = lun->ctl_softc;
8017 
8018 	/*
8019 	 * We only support whole-LUN scope.  The scope & type are ignored for
8020 	 * register, register and ignore existing key and clear.
8021 	 * We sometimes ignore scope and type on preempts too!!
8022 	 * Verify reservation type here as well.
8023 	 */
8024 	type = cdb->scope_type & SPR_TYPE_MASK;
8025 	if ((cdb->action == SPRO_RESERVE)
8026 	 || (cdb->action == SPRO_RELEASE)) {
8027 		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8028 			ctl_set_invalid_field(/*ctsio*/ ctsio,
8029 					      /*sks_valid*/ 1,
8030 					      /*command*/ 1,
8031 					      /*field*/ 2,
8032 					      /*bit_valid*/ 1,
8033 					      /*bit*/ 4);
8034 			ctl_done((union ctl_io *)ctsio);
8035 			return (CTL_RETVAL_COMPLETE);
8036 		}
8037 
8038 		if (type>8 || type==2 || type==4 || type==0) {
8039 			ctl_set_invalid_field(/*ctsio*/ ctsio,
8040 					      /*sks_valid*/ 1,
8041 					      /*command*/ 1,
8042 					      /*field*/ 2,
8043 					      /*bit_valid*/ 1,
8044 					      /*bit*/ 0);
8045 			ctl_done((union ctl_io *)ctsio);
8046 			return (CTL_RETVAL_COMPLETE);
8047 		}
8048 	}
8049 
8050 	param_len = scsi_4btoul(cdb->length);
8051 
8052 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8053 		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8054 		ctsio->kern_data_len = param_len;
8055 		ctsio->kern_total_len = param_len;
8056 		ctsio->kern_data_resid = 0;
8057 		ctsio->kern_rel_offset = 0;
8058 		ctsio->kern_sg_entries = 0;
8059 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8060 		ctsio->be_move_done = ctl_config_move_done;
8061 		ctl_datamove((union ctl_io *)ctsio);
8062 
8063 		return (CTL_RETVAL_COMPLETE);
8064 	}
8065 
8066 	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8067 
8068 	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8069 	res_key = scsi_8btou64(param->res_key.key);
8070 	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8071 
8072 	/*
8073 	 * Validate the reservation key here except for SPRO_REG_IGNO
8074 	 * This must be done for all other service actions
8075 	 */
8076 	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8077 		mtx_lock(&lun->lun_lock);
8078 		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8079 			if (res_key != key) {
8080 				/*
8081 				 * The current key passed in doesn't match
8082 				 * the one the initiator previously
8083 				 * registered.
8084 				 */
8085 				mtx_unlock(&lun->lun_lock);
8086 				free(ctsio->kern_data_ptr, M_CTL);
8087 				ctl_set_reservation_conflict(ctsio);
8088 				ctl_done((union ctl_io *)ctsio);
8089 				return (CTL_RETVAL_COMPLETE);
8090 			}
8091 		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8092 			/*
8093 			 * We are not registered
8094 			 */
8095 			mtx_unlock(&lun->lun_lock);
8096 			free(ctsio->kern_data_ptr, M_CTL);
8097 			ctl_set_reservation_conflict(ctsio);
8098 			ctl_done((union ctl_io *)ctsio);
8099 			return (CTL_RETVAL_COMPLETE);
8100 		} else if (res_key != 0) {
8101 			/*
8102 			 * We are not registered and trying to register but
8103 			 * the register key isn't zero.
8104 			 */
8105 			mtx_unlock(&lun->lun_lock);
8106 			free(ctsio->kern_data_ptr, M_CTL);
8107 			ctl_set_reservation_conflict(ctsio);
8108 			ctl_done((union ctl_io *)ctsio);
8109 			return (CTL_RETVAL_COMPLETE);
8110 		}
8111 		mtx_unlock(&lun->lun_lock);
8112 	}
8113 
8114 	switch (cdb->action & SPRO_ACTION_MASK) {
8115 	case SPRO_REGISTER:
8116 	case SPRO_REG_IGNO: {
8117 
8118 #if 0
8119 		printf("Registration received\n");
8120 #endif
8121 
8122 		/*
8123 		 * We don't support any of these options, as we report in
8124 		 * the read capabilities request (see
8125 		 * ctl_persistent_reserve_in(), above).
8126 		 */
8127 		if ((param->flags & SPR_SPEC_I_PT)
8128 		 || (param->flags & SPR_ALL_TG_PT)
8129 		 || (param->flags & SPR_APTPL)) {
8130 			int bit_ptr;
8131 
8132 			if (param->flags & SPR_APTPL)
8133 				bit_ptr = 0;
8134 			else if (param->flags & SPR_ALL_TG_PT)
8135 				bit_ptr = 2;
8136 			else /* SPR_SPEC_I_PT */
8137 				bit_ptr = 3;
8138 
8139 			free(ctsio->kern_data_ptr, M_CTL);
8140 			ctl_set_invalid_field(ctsio,
8141 					      /*sks_valid*/ 1,
8142 					      /*command*/ 0,
8143 					      /*field*/ 20,
8144 					      /*bit_valid*/ 1,
8145 					      /*bit*/ bit_ptr);
8146 			ctl_done((union ctl_io *)ctsio);
8147 			return (CTL_RETVAL_COMPLETE);
8148 		}
8149 
8150 		mtx_lock(&lun->lun_lock);
8151 
8152 		/*
8153 		 * The initiator wants to clear the
8154 		 * key/unregister.
8155 		 */
8156 		if (sa_res_key == 0) {
8157 			if ((res_key == 0
8158 			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8159 			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8160 			  && ctl_get_prkey(lun, residx) == 0)) {
8161 				mtx_unlock(&lun->lun_lock);
8162 				goto done;
8163 			}
8164 
8165 			ctl_clr_prkey(lun, residx);
8166 			lun->pr_key_count--;
8167 
8168 			if (residx == lun->pr_res_idx) {
8169 				lun->flags &= ~CTL_LUN_PR_RESERVED;
8170 				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8171 
8172 				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8173 				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8174 				 && lun->pr_key_count) {
8175 					/*
8176 					 * If the reservation is a registrants
8177 					 * only type we need to generate a UA
8178 					 * for other registered inits.  The
8179 					 * sense code should be RESERVATIONS
8180 					 * RELEASED
8181 					 */
8182 
8183 					for (i = softc->init_min; i < softc->init_max; i++){
8184 						if (ctl_get_prkey(lun, i) == 0)
8185 							continue;
8186 						ctl_est_ua(lun, i,
8187 						    CTL_UA_RES_RELEASE);
8188 					}
8189 				}
8190 				lun->res_type = 0;
8191 			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8192 				if (lun->pr_key_count==0) {
8193 					lun->flags &= ~CTL_LUN_PR_RESERVED;
8194 					lun->res_type = 0;
8195 					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8196 				}
8197 			}
8198 			lun->PRGeneration++;
8199 			mtx_unlock(&lun->lun_lock);
8200 
8201 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8202 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8203 			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8204 			persis_io.pr.pr_info.residx = residx;
8205 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8206 			    sizeof(persis_io.pr), M_WAITOK);
8207 		} else /* sa_res_key != 0 */ {
8208 
8209 			/*
8210 			 * If we aren't registered currently then increment
8211 			 * the key count and set the registered flag.
8212 			 */
8213 			ctl_alloc_prkey(lun, residx);
8214 			if (ctl_get_prkey(lun, residx) == 0)
8215 				lun->pr_key_count++;
8216 			ctl_set_prkey(lun, residx, sa_res_key);
8217 			lun->PRGeneration++;
8218 			mtx_unlock(&lun->lun_lock);
8219 
8220 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8221 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8222 			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8223 			persis_io.pr.pr_info.residx = residx;
8224 			memcpy(persis_io.pr.pr_info.sa_res_key,
8225 			       param->serv_act_res_key,
8226 			       sizeof(param->serv_act_res_key));
8227 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8228 			    sizeof(persis_io.pr), M_WAITOK);
8229 		}
8230 
8231 		break;
8232 	}
8233 	case SPRO_RESERVE:
8234 #if 0
8235                 printf("Reserve executed type %d\n", type);
8236 #endif
8237 		mtx_lock(&lun->lun_lock);
8238 		if (lun->flags & CTL_LUN_PR_RESERVED) {
8239 			/*
8240 			 * if this isn't the reservation holder and it's
8241 			 * not a "all registrants" type or if the type is
8242 			 * different then we have a conflict
8243 			 */
8244 			if ((lun->pr_res_idx != residx
8245 			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8246 			 || lun->res_type != type) {
8247 				mtx_unlock(&lun->lun_lock);
8248 				free(ctsio->kern_data_ptr, M_CTL);
8249 				ctl_set_reservation_conflict(ctsio);
8250 				ctl_done((union ctl_io *)ctsio);
8251 				return (CTL_RETVAL_COMPLETE);
8252 			}
8253 			mtx_unlock(&lun->lun_lock);
8254 		} else /* create a reservation */ {
8255 			/*
8256 			 * If it's not an "all registrants" type record
8257 			 * reservation holder
8258 			 */
8259 			if (type != SPR_TYPE_WR_EX_AR
8260 			 && type != SPR_TYPE_EX_AC_AR)
8261 				lun->pr_res_idx = residx; /* Res holder */
8262 			else
8263 				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8264 
8265 			lun->flags |= CTL_LUN_PR_RESERVED;
8266 			lun->res_type = type;
8267 
8268 			mtx_unlock(&lun->lun_lock);
8269 
8270 			/* send msg to other side */
8271 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8272 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8273 			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8274 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8275 			persis_io.pr.pr_info.res_type = type;
8276 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8277 			    sizeof(persis_io.pr), M_WAITOK);
8278 		}
8279 		break;
8280 
8281 	case SPRO_RELEASE:
8282 		mtx_lock(&lun->lun_lock);
8283 		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8284 			/* No reservation exists return good status */
8285 			mtx_unlock(&lun->lun_lock);
8286 			goto done;
8287 		}
8288 		/*
8289 		 * Is this nexus a reservation holder?
8290 		 */
8291 		if (lun->pr_res_idx != residx
8292 		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8293 			/*
8294 			 * not a res holder return good status but
8295 			 * do nothing
8296 			 */
8297 			mtx_unlock(&lun->lun_lock);
8298 			goto done;
8299 		}
8300 
8301 		if (lun->res_type != type) {
8302 			mtx_unlock(&lun->lun_lock);
8303 			free(ctsio->kern_data_ptr, M_CTL);
8304 			ctl_set_illegal_pr_release(ctsio);
8305 			ctl_done((union ctl_io *)ctsio);
8306 			return (CTL_RETVAL_COMPLETE);
8307 		}
8308 
8309 		/* okay to release */
8310 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8311 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8312 		lun->res_type = 0;
8313 
8314 		/*
8315 		 * if this isn't an exclusive access
8316 		 * res generate UA for all other
8317 		 * registrants.
8318 		 */
8319 		if (type != SPR_TYPE_EX_AC
8320 		 && type != SPR_TYPE_WR_EX) {
8321 			for (i = softc->init_min; i < softc->init_max; i++) {
8322 				if (i == residx || ctl_get_prkey(lun, i) == 0)
8323 					continue;
8324 				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8325 			}
8326 		}
8327 		mtx_unlock(&lun->lun_lock);
8328 
8329 		/* Send msg to other side */
8330 		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8331 		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8332 		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8333 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8334 		     sizeof(persis_io.pr), M_WAITOK);
8335 		break;
8336 
8337 	case SPRO_CLEAR:
8338 		/* send msg to other side */
8339 
8340 		mtx_lock(&lun->lun_lock);
8341 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8342 		lun->res_type = 0;
8343 		lun->pr_key_count = 0;
8344 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8345 
8346 		ctl_clr_prkey(lun, residx);
8347 		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8348 			if (ctl_get_prkey(lun, i) != 0) {
8349 				ctl_clr_prkey(lun, i);
8350 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8351 			}
8352 		lun->PRGeneration++;
8353 		mtx_unlock(&lun->lun_lock);
8354 
8355 		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8356 		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8357 		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8358 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8359 		     sizeof(persis_io.pr), M_WAITOK);
8360 		break;
8361 
8362 	case SPRO_PREEMPT:
8363 	case SPRO_PRE_ABO: {
8364 		int nretval;
8365 
8366 		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8367 					  residx, ctsio, cdb, param);
8368 		if (nretval != 0)
8369 			return (CTL_RETVAL_COMPLETE);
8370 		break;
8371 	}
8372 	default:
8373 		panic("Invalid PR type %x", cdb->action);
8374 	}
8375 
8376 done:
8377 	free(ctsio->kern_data_ptr, M_CTL);
8378 	ctl_set_success(ctsio);
8379 	ctl_done((union ctl_io *)ctsio);
8380 
8381 	return (retval);
8382 }
8383 
8384 /*
8385  * This routine is for handling a message from the other SC pertaining to
8386  * persistent reserve out. All the error checking will have been done
8387  * so only perorming the action need be done here to keep the two
8388  * in sync.
8389  */
8390 static void
8391 ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8392 {
8393 	struct ctl_softc *softc = control_softc;
8394 	struct ctl_lun *lun;
8395 	int i;
8396 	uint32_t residx, targ_lun;
8397 
8398 	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8399 	mtx_lock(&softc->ctl_lock);
8400 	if ((targ_lun >= CTL_MAX_LUNS) ||
8401 	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8402 		mtx_unlock(&softc->ctl_lock);
8403 		return;
8404 	}
8405 	mtx_lock(&lun->lun_lock);
8406 	mtx_unlock(&softc->ctl_lock);
8407 	if (lun->flags & CTL_LUN_DISABLED) {
8408 		mtx_unlock(&lun->lun_lock);
8409 		return;
8410 	}
8411 	residx = ctl_get_initindex(&msg->hdr.nexus);
8412 	switch(msg->pr.pr_info.action) {
8413 	case CTL_PR_REG_KEY:
8414 		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8415 		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8416 			lun->pr_key_count++;
8417 		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8418 		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8419 		lun->PRGeneration++;
8420 		break;
8421 
8422 	case CTL_PR_UNREG_KEY:
8423 		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8424 		lun->pr_key_count--;
8425 
8426 		/* XXX Need to see if the reservation has been released */
8427 		/* if so do we need to generate UA? */
8428 		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8429 			lun->flags &= ~CTL_LUN_PR_RESERVED;
8430 			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8431 
8432 			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8433 			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8434 			 && lun->pr_key_count) {
8435 				/*
8436 				 * If the reservation is a registrants
8437 				 * only type we need to generate a UA
8438 				 * for other registered inits.  The
8439 				 * sense code should be RESERVATIONS
8440 				 * RELEASED
8441 				 */
8442 
8443 				for (i = softc->init_min; i < softc->init_max; i++) {
8444 					if (ctl_get_prkey(lun, i) == 0)
8445 						continue;
8446 
8447 					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8448 				}
8449 			}
8450 			lun->res_type = 0;
8451 		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8452 			if (lun->pr_key_count==0) {
8453 				lun->flags &= ~CTL_LUN_PR_RESERVED;
8454 				lun->res_type = 0;
8455 				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8456 			}
8457 		}
8458 		lun->PRGeneration++;
8459 		break;
8460 
8461 	case CTL_PR_RESERVE:
8462 		lun->flags |= CTL_LUN_PR_RESERVED;
8463 		lun->res_type = msg->pr.pr_info.res_type;
8464 		lun->pr_res_idx = msg->pr.pr_info.residx;
8465 
8466 		break;
8467 
8468 	case CTL_PR_RELEASE:
8469 		/*
8470 		 * if this isn't an exclusive access res generate UA for all
8471 		 * other registrants.
8472 		 */
8473 		if (lun->res_type != SPR_TYPE_EX_AC
8474 		 && lun->res_type != SPR_TYPE_WR_EX) {
8475 			for (i = softc->init_min; i < softc->init_max; i++)
8476 				if (i == residx || ctl_get_prkey(lun, i) == 0)
8477 					continue;
8478 				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8479 		}
8480 
8481 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8482 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8483 		lun->res_type = 0;
8484 		break;
8485 
8486 	case CTL_PR_PREEMPT:
8487 		ctl_pro_preempt_other(lun, msg);
8488 		break;
8489 	case CTL_PR_CLEAR:
8490 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8491 		lun->res_type = 0;
8492 		lun->pr_key_count = 0;
8493 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8494 
8495 		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8496 			if (ctl_get_prkey(lun, i) == 0)
8497 				continue;
8498 			ctl_clr_prkey(lun, i);
8499 			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8500 		}
8501 		lun->PRGeneration++;
8502 		break;
8503 	}
8504 
8505 	mtx_unlock(&lun->lun_lock);
8506 }
8507 
8508 int
8509 ctl_read_write(struct ctl_scsiio *ctsio)
8510 {
8511 	struct ctl_lun *lun;
8512 	struct ctl_lba_len_flags *lbalen;
8513 	uint64_t lba;
8514 	uint32_t num_blocks;
8515 	int flags, retval;
8516 	int isread;
8517 
8518 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8519 
8520 	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8521 
8522 	flags = 0;
8523 	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8524 	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8525 	switch (ctsio->cdb[0]) {
8526 	case READ_6:
8527 	case WRITE_6: {
8528 		struct scsi_rw_6 *cdb;
8529 
8530 		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8531 
8532 		lba = scsi_3btoul(cdb->addr);
8533 		/* only 5 bits are valid in the most significant address byte */
8534 		lba &= 0x1fffff;
8535 		num_blocks = cdb->length;
8536 		/*
8537 		 * This is correct according to SBC-2.
8538 		 */
8539 		if (num_blocks == 0)
8540 			num_blocks = 256;
8541 		break;
8542 	}
8543 	case READ_10:
8544 	case WRITE_10: {
8545 		struct scsi_rw_10 *cdb;
8546 
8547 		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8548 		if (cdb->byte2 & SRW10_FUA)
8549 			flags |= CTL_LLF_FUA;
8550 		if (cdb->byte2 & SRW10_DPO)
8551 			flags |= CTL_LLF_DPO;
8552 		lba = scsi_4btoul(cdb->addr);
8553 		num_blocks = scsi_2btoul(cdb->length);
8554 		break;
8555 	}
8556 	case WRITE_VERIFY_10: {
8557 		struct scsi_write_verify_10 *cdb;
8558 
8559 		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8560 		flags |= CTL_LLF_FUA;
8561 		if (cdb->byte2 & SWV_DPO)
8562 			flags |= CTL_LLF_DPO;
8563 		lba = scsi_4btoul(cdb->addr);
8564 		num_blocks = scsi_2btoul(cdb->length);
8565 		break;
8566 	}
8567 	case READ_12:
8568 	case WRITE_12: {
8569 		struct scsi_rw_12 *cdb;
8570 
8571 		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8572 		if (cdb->byte2 & SRW12_FUA)
8573 			flags |= CTL_LLF_FUA;
8574 		if (cdb->byte2 & SRW12_DPO)
8575 			flags |= CTL_LLF_DPO;
8576 		lba = scsi_4btoul(cdb->addr);
8577 		num_blocks = scsi_4btoul(cdb->length);
8578 		break;
8579 	}
8580 	case WRITE_VERIFY_12: {
8581 		struct scsi_write_verify_12 *cdb;
8582 
8583 		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8584 		flags |= CTL_LLF_FUA;
8585 		if (cdb->byte2 & SWV_DPO)
8586 			flags |= CTL_LLF_DPO;
8587 		lba = scsi_4btoul(cdb->addr);
8588 		num_blocks = scsi_4btoul(cdb->length);
8589 		break;
8590 	}
8591 	case READ_16:
8592 	case WRITE_16: {
8593 		struct scsi_rw_16 *cdb;
8594 
8595 		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8596 		if (cdb->byte2 & SRW12_FUA)
8597 			flags |= CTL_LLF_FUA;
8598 		if (cdb->byte2 & SRW12_DPO)
8599 			flags |= CTL_LLF_DPO;
8600 		lba = scsi_8btou64(cdb->addr);
8601 		num_blocks = scsi_4btoul(cdb->length);
8602 		break;
8603 	}
8604 	case WRITE_ATOMIC_16: {
8605 		struct scsi_write_atomic_16 *cdb;
8606 
8607 		if (lun->be_lun->atomicblock == 0) {
8608 			ctl_set_invalid_opcode(ctsio);
8609 			ctl_done((union ctl_io *)ctsio);
8610 			return (CTL_RETVAL_COMPLETE);
8611 		}
8612 
8613 		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8614 		if (cdb->byte2 & SRW12_FUA)
8615 			flags |= CTL_LLF_FUA;
8616 		if (cdb->byte2 & SRW12_DPO)
8617 			flags |= CTL_LLF_DPO;
8618 		lba = scsi_8btou64(cdb->addr);
8619 		num_blocks = scsi_2btoul(cdb->length);
8620 		if (num_blocks > lun->be_lun->atomicblock) {
8621 			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8622 			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8623 			    /*bit*/ 0);
8624 			ctl_done((union ctl_io *)ctsio);
8625 			return (CTL_RETVAL_COMPLETE);
8626 		}
8627 		break;
8628 	}
8629 	case WRITE_VERIFY_16: {
8630 		struct scsi_write_verify_16 *cdb;
8631 
8632 		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8633 		flags |= CTL_LLF_FUA;
8634 		if (cdb->byte2 & SWV_DPO)
8635 			flags |= CTL_LLF_DPO;
8636 		lba = scsi_8btou64(cdb->addr);
8637 		num_blocks = scsi_4btoul(cdb->length);
8638 		break;
8639 	}
8640 	default:
8641 		/*
8642 		 * We got a command we don't support.  This shouldn't
8643 		 * happen, commands should be filtered out above us.
8644 		 */
8645 		ctl_set_invalid_opcode(ctsio);
8646 		ctl_done((union ctl_io *)ctsio);
8647 
8648 		return (CTL_RETVAL_COMPLETE);
8649 		break; /* NOTREACHED */
8650 	}
8651 
8652 	/*
8653 	 * The first check is to make sure we're in bounds, the second
8654 	 * check is to catch wrap-around problems.  If the lba + num blocks
8655 	 * is less than the lba, then we've wrapped around and the block
8656 	 * range is invalid anyway.
8657 	 */
8658 	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8659 	 || ((lba + num_blocks) < lba)) {
8660 		ctl_set_lba_out_of_range(ctsio);
8661 		ctl_done((union ctl_io *)ctsio);
8662 		return (CTL_RETVAL_COMPLETE);
8663 	}
8664 
8665 	/*
8666 	 * According to SBC-3, a transfer length of 0 is not an error.
8667 	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8668 	 * translates to 256 blocks for those commands.
8669 	 */
8670 	if (num_blocks == 0) {
8671 		ctl_set_success(ctsio);
8672 		ctl_done((union ctl_io *)ctsio);
8673 		return (CTL_RETVAL_COMPLETE);
8674 	}
8675 
8676 	/* Set FUA and/or DPO if caches are disabled. */
8677 	if (isread) {
8678 		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8679 		    SCP_RCD) != 0)
8680 			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8681 	} else {
8682 		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8683 		    SCP_WCE) == 0)
8684 			flags |= CTL_LLF_FUA;
8685 	}
8686 
8687 	lbalen = (struct ctl_lba_len_flags *)
8688 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8689 	lbalen->lba = lba;
8690 	lbalen->len = num_blocks;
8691 	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8692 
8693 	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8694 	ctsio->kern_rel_offset = 0;
8695 
8696 	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8697 
8698 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8699 	return (retval);
8700 }
8701 
8702 static int
8703 ctl_cnw_cont(union ctl_io *io)
8704 {
8705 	struct ctl_scsiio *ctsio;
8706 	struct ctl_lun *lun;
8707 	struct ctl_lba_len_flags *lbalen;
8708 	int retval;
8709 
8710 	ctsio = &io->scsiio;
8711 	ctsio->io_hdr.status = CTL_STATUS_NONE;
8712 	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8713 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8714 	lbalen = (struct ctl_lba_len_flags *)
8715 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8716 	lbalen->flags &= ~CTL_LLF_COMPARE;
8717 	lbalen->flags |= CTL_LLF_WRITE;
8718 
8719 	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8720 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8721 	return (retval);
8722 }
8723 
8724 int
8725 ctl_cnw(struct ctl_scsiio *ctsio)
8726 {
8727 	struct ctl_lun *lun;
8728 	struct ctl_lba_len_flags *lbalen;
8729 	uint64_t lba;
8730 	uint32_t num_blocks;
8731 	int flags, retval;
8732 
8733 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8734 
8735 	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8736 
8737 	flags = 0;
8738 	switch (ctsio->cdb[0]) {
8739 	case COMPARE_AND_WRITE: {
8740 		struct scsi_compare_and_write *cdb;
8741 
8742 		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8743 		if (cdb->byte2 & SRW10_FUA)
8744 			flags |= CTL_LLF_FUA;
8745 		if (cdb->byte2 & SRW10_DPO)
8746 			flags |= CTL_LLF_DPO;
8747 		lba = scsi_8btou64(cdb->addr);
8748 		num_blocks = cdb->length;
8749 		break;
8750 	}
8751 	default:
8752 		/*
8753 		 * We got a command we don't support.  This shouldn't
8754 		 * happen, commands should be filtered out above us.
8755 		 */
8756 		ctl_set_invalid_opcode(ctsio);
8757 		ctl_done((union ctl_io *)ctsio);
8758 
8759 		return (CTL_RETVAL_COMPLETE);
8760 		break; /* NOTREACHED */
8761 	}
8762 
8763 	/*
8764 	 * The first check is to make sure we're in bounds, the second
8765 	 * check is to catch wrap-around problems.  If the lba + num blocks
8766 	 * is less than the lba, then we've wrapped around and the block
8767 	 * range is invalid anyway.
8768 	 */
8769 	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8770 	 || ((lba + num_blocks) < lba)) {
8771 		ctl_set_lba_out_of_range(ctsio);
8772 		ctl_done((union ctl_io *)ctsio);
8773 		return (CTL_RETVAL_COMPLETE);
8774 	}
8775 
8776 	/*
8777 	 * According to SBC-3, a transfer length of 0 is not an error.
8778 	 */
8779 	if (num_blocks == 0) {
8780 		ctl_set_success(ctsio);
8781 		ctl_done((union ctl_io *)ctsio);
8782 		return (CTL_RETVAL_COMPLETE);
8783 	}
8784 
8785 	/* Set FUA if write cache is disabled. */
8786 	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8787 	    SCP_WCE) == 0)
8788 		flags |= CTL_LLF_FUA;
8789 
8790 	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8791 	ctsio->kern_rel_offset = 0;
8792 
8793 	/*
8794 	 * Set the IO_CONT flag, so that if this I/O gets passed to
8795 	 * ctl_data_submit_done(), it'll get passed back to
8796 	 * ctl_ctl_cnw_cont() for further processing.
8797 	 */
8798 	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8799 	ctsio->io_cont = ctl_cnw_cont;
8800 
8801 	lbalen = (struct ctl_lba_len_flags *)
8802 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8803 	lbalen->lba = lba;
8804 	lbalen->len = num_blocks;
8805 	lbalen->flags = CTL_LLF_COMPARE | flags;
8806 
8807 	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8808 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8809 	return (retval);
8810 }
8811 
8812 int
8813 ctl_verify(struct ctl_scsiio *ctsio)
8814 {
8815 	struct ctl_lun *lun;
8816 	struct ctl_lba_len_flags *lbalen;
8817 	uint64_t lba;
8818 	uint32_t num_blocks;
8819 	int bytchk, flags;
8820 	int retval;
8821 
8822 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8823 
8824 	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8825 
8826 	bytchk = 0;
8827 	flags = CTL_LLF_FUA;
8828 	switch (ctsio->cdb[0]) {
8829 	case VERIFY_10: {
8830 		struct scsi_verify_10 *cdb;
8831 
8832 		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8833 		if (cdb->byte2 & SVFY_BYTCHK)
8834 			bytchk = 1;
8835 		if (cdb->byte2 & SVFY_DPO)
8836 			flags |= CTL_LLF_DPO;
8837 		lba = scsi_4btoul(cdb->addr);
8838 		num_blocks = scsi_2btoul(cdb->length);
8839 		break;
8840 	}
8841 	case VERIFY_12: {
8842 		struct scsi_verify_12 *cdb;
8843 
8844 		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8845 		if (cdb->byte2 & SVFY_BYTCHK)
8846 			bytchk = 1;
8847 		if (cdb->byte2 & SVFY_DPO)
8848 			flags |= CTL_LLF_DPO;
8849 		lba = scsi_4btoul(cdb->addr);
8850 		num_blocks = scsi_4btoul(cdb->length);
8851 		break;
8852 	}
8853 	case VERIFY_16: {
8854 		struct scsi_rw_16 *cdb;
8855 
8856 		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8857 		if (cdb->byte2 & SVFY_BYTCHK)
8858 			bytchk = 1;
8859 		if (cdb->byte2 & SVFY_DPO)
8860 			flags |= CTL_LLF_DPO;
8861 		lba = scsi_8btou64(cdb->addr);
8862 		num_blocks = scsi_4btoul(cdb->length);
8863 		break;
8864 	}
8865 	default:
8866 		/*
8867 		 * We got a command we don't support.  This shouldn't
8868 		 * happen, commands should be filtered out above us.
8869 		 */
8870 		ctl_set_invalid_opcode(ctsio);
8871 		ctl_done((union ctl_io *)ctsio);
8872 		return (CTL_RETVAL_COMPLETE);
8873 	}
8874 
8875 	/*
8876 	 * The first check is to make sure we're in bounds, the second
8877 	 * check is to catch wrap-around problems.  If the lba + num blocks
8878 	 * is less than the lba, then we've wrapped around and the block
8879 	 * range is invalid anyway.
8880 	 */
8881 	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8882 	 || ((lba + num_blocks) < lba)) {
8883 		ctl_set_lba_out_of_range(ctsio);
8884 		ctl_done((union ctl_io *)ctsio);
8885 		return (CTL_RETVAL_COMPLETE);
8886 	}
8887 
8888 	/*
8889 	 * According to SBC-3, a transfer length of 0 is not an error.
8890 	 */
8891 	if (num_blocks == 0) {
8892 		ctl_set_success(ctsio);
8893 		ctl_done((union ctl_io *)ctsio);
8894 		return (CTL_RETVAL_COMPLETE);
8895 	}
8896 
8897 	lbalen = (struct ctl_lba_len_flags *)
8898 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8899 	lbalen->lba = lba;
8900 	lbalen->len = num_blocks;
8901 	if (bytchk) {
8902 		lbalen->flags = CTL_LLF_COMPARE | flags;
8903 		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8904 	} else {
8905 		lbalen->flags = CTL_LLF_VERIFY | flags;
8906 		ctsio->kern_total_len = 0;
8907 	}
8908 	ctsio->kern_rel_offset = 0;
8909 
8910 	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8911 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8912 	return (retval);
8913 }
8914 
8915 int
8916 ctl_report_luns(struct ctl_scsiio *ctsio)
8917 {
8918 	struct ctl_softc *softc;
8919 	struct scsi_report_luns *cdb;
8920 	struct scsi_report_luns_data *lun_data;
8921 	struct ctl_lun *lun, *request_lun;
8922 	struct ctl_port *port;
8923 	int num_luns, retval;
8924 	uint32_t alloc_len, lun_datalen;
8925 	int num_filled;
8926 	uint32_t initidx, targ_lun_id, lun_id;
8927 
8928 	retval = CTL_RETVAL_COMPLETE;
8929 	cdb = (struct scsi_report_luns *)ctsio->cdb;
8930 	port = ctl_io_port(&ctsio->io_hdr);
8931 	softc = port->ctl_softc;
8932 
8933 	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8934 
8935 	mtx_lock(&softc->ctl_lock);
8936 	num_luns = 0;
8937 	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8938 		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8939 			num_luns++;
8940 	}
8941 	mtx_unlock(&softc->ctl_lock);
8942 
8943 	switch (cdb->select_report) {
8944 	case RPL_REPORT_DEFAULT:
8945 	case RPL_REPORT_ALL:
8946 	case RPL_REPORT_NONSUBSID:
8947 		break;
8948 	case RPL_REPORT_WELLKNOWN:
8949 	case RPL_REPORT_ADMIN:
8950 	case RPL_REPORT_CONGLOM:
8951 		num_luns = 0;
8952 		break;
8953 	default:
8954 		ctl_set_invalid_field(ctsio,
8955 				      /*sks_valid*/ 1,
8956 				      /*command*/ 1,
8957 				      /*field*/ 2,
8958 				      /*bit_valid*/ 0,
8959 				      /*bit*/ 0);
8960 		ctl_done((union ctl_io *)ctsio);
8961 		return (retval);
8962 		break; /* NOTREACHED */
8963 	}
8964 
8965 	alloc_len = scsi_4btoul(cdb->length);
8966 	/*
8967 	 * The initiator has to allocate at least 16 bytes for this request,
8968 	 * so he can at least get the header and the first LUN.  Otherwise
8969 	 * we reject the request (per SPC-3 rev 14, section 6.21).
8970 	 */
8971 	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
8972 	    sizeof(struct scsi_report_luns_lundata))) {
8973 		ctl_set_invalid_field(ctsio,
8974 				      /*sks_valid*/ 1,
8975 				      /*command*/ 1,
8976 				      /*field*/ 6,
8977 				      /*bit_valid*/ 0,
8978 				      /*bit*/ 0);
8979 		ctl_done((union ctl_io *)ctsio);
8980 		return (retval);
8981 	}
8982 
8983 	request_lun = (struct ctl_lun *)
8984 		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8985 
8986 	lun_datalen = sizeof(*lun_data) +
8987 		(num_luns * sizeof(struct scsi_report_luns_lundata));
8988 
8989 	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
8990 	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
8991 	ctsio->kern_sg_entries = 0;
8992 
8993 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8994 
8995 	mtx_lock(&softc->ctl_lock);
8996 	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
8997 		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
8998 		if (lun_id >= CTL_MAX_LUNS)
8999 			continue;
9000 		lun = softc->ctl_luns[lun_id];
9001 		if (lun == NULL)
9002 			continue;
9003 
9004 		if (targ_lun_id <= 0xff) {
9005 			/*
9006 			 * Peripheral addressing method, bus number 0.
9007 			 */
9008 			lun_data->luns[num_filled].lundata[0] =
9009 				RPL_LUNDATA_ATYP_PERIPH;
9010 			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9011 			num_filled++;
9012 		} else if (targ_lun_id <= 0x3fff) {
9013 			/*
9014 			 * Flat addressing method.
9015 			 */
9016 			lun_data->luns[num_filled].lundata[0] =
9017 				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9018 			lun_data->luns[num_filled].lundata[1] =
9019 				(targ_lun_id & 0xff);
9020 			num_filled++;
9021 		} else if (targ_lun_id <= 0xffffff) {
9022 			/*
9023 			 * Extended flat addressing method.
9024 			 */
9025 			lun_data->luns[num_filled].lundata[0] =
9026 			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9027 			scsi_ulto3b(targ_lun_id,
9028 			    &lun_data->luns[num_filled].lundata[1]);
9029 			num_filled++;
9030 		} else {
9031 			printf("ctl_report_luns: bogus LUN number %jd, "
9032 			       "skipping\n", (intmax_t)targ_lun_id);
9033 		}
9034 		/*
9035 		 * According to SPC-3, rev 14 section 6.21:
9036 		 *
9037 		 * "The execution of a REPORT LUNS command to any valid and
9038 		 * installed logical unit shall clear the REPORTED LUNS DATA
9039 		 * HAS CHANGED unit attention condition for all logical
9040 		 * units of that target with respect to the requesting
9041 		 * initiator. A valid and installed logical unit is one
9042 		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9043 		 * INQUIRY data (see 6.4.2)."
9044 		 *
9045 		 * If request_lun is NULL, the LUN this report luns command
9046 		 * was issued to is either disabled or doesn't exist. In that
9047 		 * case, we shouldn't clear any pending lun change unit
9048 		 * attention.
9049 		 */
9050 		if (request_lun != NULL) {
9051 			mtx_lock(&lun->lun_lock);
9052 			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9053 			mtx_unlock(&lun->lun_lock);
9054 		}
9055 	}
9056 	mtx_unlock(&softc->ctl_lock);
9057 
9058 	/*
9059 	 * It's quite possible that we've returned fewer LUNs than we allocated
9060 	 * space for.  Trim it.
9061 	 */
9062 	lun_datalen = sizeof(*lun_data) +
9063 		(num_filled * sizeof(struct scsi_report_luns_lundata));
9064 
9065 	if (lun_datalen < alloc_len) {
9066 		ctsio->residual = alloc_len - lun_datalen;
9067 		ctsio->kern_data_len = lun_datalen;
9068 		ctsio->kern_total_len = lun_datalen;
9069 	} else {
9070 		ctsio->residual = 0;
9071 		ctsio->kern_data_len = alloc_len;
9072 		ctsio->kern_total_len = alloc_len;
9073 	}
9074 	ctsio->kern_data_resid = 0;
9075 	ctsio->kern_rel_offset = 0;
9076 	ctsio->kern_sg_entries = 0;
9077 
9078 	/*
9079 	 * We set this to the actual data length, regardless of how much
9080 	 * space we actually have to return results.  If the user looks at
9081 	 * this value, he'll know whether or not he allocated enough space
9082 	 * and reissue the command if necessary.  We don't support well
9083 	 * known logical units, so if the user asks for that, return none.
9084 	 */
9085 	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9086 
9087 	/*
9088 	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9089 	 * this request.
9090 	 */
9091 	ctl_set_success(ctsio);
9092 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9093 	ctsio->be_move_done = ctl_config_move_done;
9094 	ctl_datamove((union ctl_io *)ctsio);
9095 	return (retval);
9096 }
9097 
9098 int
9099 ctl_request_sense(struct ctl_scsiio *ctsio)
9100 {
9101 	struct scsi_request_sense *cdb;
9102 	struct scsi_sense_data *sense_ptr;
9103 	struct ctl_softc *ctl_softc;
9104 	struct ctl_lun *lun;
9105 	uint32_t initidx;
9106 	int have_error;
9107 	scsi_sense_data_type sense_format;
9108 	ctl_ua_type ua_type;
9109 
9110 	cdb = (struct scsi_request_sense *)ctsio->cdb;
9111 
9112 	ctl_softc = control_softc;
9113 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9114 
9115 	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9116 
9117 	/*
9118 	 * Determine which sense format the user wants.
9119 	 */
9120 	if (cdb->byte2 & SRS_DESC)
9121 		sense_format = SSD_TYPE_DESC;
9122 	else
9123 		sense_format = SSD_TYPE_FIXED;
9124 
9125 	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9126 	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9127 	ctsio->kern_sg_entries = 0;
9128 
9129 	/*
9130 	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9131 	 * larger than the largest allowed value for the length field in the
9132 	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9133 	 */
9134 	ctsio->residual = 0;
9135 	ctsio->kern_data_len = cdb->length;
9136 	ctsio->kern_total_len = cdb->length;
9137 
9138 	ctsio->kern_data_resid = 0;
9139 	ctsio->kern_rel_offset = 0;
9140 	ctsio->kern_sg_entries = 0;
9141 
9142 	/*
9143 	 * If we don't have a LUN, we don't have any pending sense.
9144 	 */
9145 	if (lun == NULL)
9146 		goto no_sense;
9147 
9148 	have_error = 0;
9149 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9150 	/*
9151 	 * Check for pending sense, and then for pending unit attentions.
9152 	 * Pending sense gets returned first, then pending unit attentions.
9153 	 */
9154 	mtx_lock(&lun->lun_lock);
9155 #ifdef CTL_WITH_CA
9156 	if (ctl_is_set(lun->have_ca, initidx)) {
9157 		scsi_sense_data_type stored_format;
9158 
9159 		/*
9160 		 * Check to see which sense format was used for the stored
9161 		 * sense data.
9162 		 */
9163 		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9164 
9165 		/*
9166 		 * If the user requested a different sense format than the
9167 		 * one we stored, then we need to convert it to the other
9168 		 * format.  If we're going from descriptor to fixed format
9169 		 * sense data, we may lose things in translation, depending
9170 		 * on what options were used.
9171 		 *
9172 		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9173 		 * for some reason we'll just copy it out as-is.
9174 		 */
9175 		if ((stored_format == SSD_TYPE_FIXED)
9176 		 && (sense_format == SSD_TYPE_DESC))
9177 			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9178 			    &lun->pending_sense[initidx],
9179 			    (struct scsi_sense_data_desc *)sense_ptr);
9180 		else if ((stored_format == SSD_TYPE_DESC)
9181 		      && (sense_format == SSD_TYPE_FIXED))
9182 			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9183 			    &lun->pending_sense[initidx],
9184 			    (struct scsi_sense_data_fixed *)sense_ptr);
9185 		else
9186 			memcpy(sense_ptr, &lun->pending_sense[initidx],
9187 			       MIN(sizeof(*sense_ptr),
9188 			       sizeof(lun->pending_sense[initidx])));
9189 
9190 		ctl_clear_mask(lun->have_ca, initidx);
9191 		have_error = 1;
9192 	} else
9193 #endif
9194 	{
9195 		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9196 		if (ua_type != CTL_UA_NONE)
9197 			have_error = 1;
9198 		if (ua_type == CTL_UA_LUN_CHANGE) {
9199 			mtx_unlock(&lun->lun_lock);
9200 			mtx_lock(&ctl_softc->ctl_lock);
9201 			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9202 			mtx_unlock(&ctl_softc->ctl_lock);
9203 			mtx_lock(&lun->lun_lock);
9204 		}
9205 
9206 	}
9207 	mtx_unlock(&lun->lun_lock);
9208 
9209 	/*
9210 	 * We already have a pending error, return it.
9211 	 */
9212 	if (have_error != 0) {
9213 		/*
9214 		 * We report the SCSI status as OK, since the status of the
9215 		 * request sense command itself is OK.
9216 		 * We report 0 for the sense length, because we aren't doing
9217 		 * autosense in this case.  We're reporting sense as
9218 		 * parameter data.
9219 		 */
9220 		ctl_set_success(ctsio);
9221 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9222 		ctsio->be_move_done = ctl_config_move_done;
9223 		ctl_datamove((union ctl_io *)ctsio);
9224 		return (CTL_RETVAL_COMPLETE);
9225 	}
9226 
9227 no_sense:
9228 
9229 	/*
9230 	 * No sense information to report, so we report that everything is
9231 	 * okay.
9232 	 */
9233 	ctl_set_sense_data(sense_ptr,
9234 			   lun,
9235 			   sense_format,
9236 			   /*current_error*/ 1,
9237 			   /*sense_key*/ SSD_KEY_NO_SENSE,
9238 			   /*asc*/ 0x00,
9239 			   /*ascq*/ 0x00,
9240 			   SSD_ELEM_NONE);
9241 
9242 	/*
9243 	 * We report 0 for the sense length, because we aren't doing
9244 	 * autosense in this case.  We're reporting sense as parameter data.
9245 	 */
9246 	ctl_set_success(ctsio);
9247 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9248 	ctsio->be_move_done = ctl_config_move_done;
9249 	ctl_datamove((union ctl_io *)ctsio);
9250 	return (CTL_RETVAL_COMPLETE);
9251 }
9252 
9253 int
9254 ctl_tur(struct ctl_scsiio *ctsio)
9255 {
9256 
9257 	CTL_DEBUG_PRINT(("ctl_tur\n"));
9258 
9259 	ctl_set_success(ctsio);
9260 	ctl_done((union ctl_io *)ctsio);
9261 
9262 	return (CTL_RETVAL_COMPLETE);
9263 }
9264 
9265 /*
9266  * SCSI VPD page 0x00, the Supported VPD Pages page.
9267  */
9268 static int
9269 ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9270 {
9271 	struct scsi_vpd_supported_pages *pages;
9272 	int sup_page_size;
9273 	struct ctl_lun *lun;
9274 	int p;
9275 
9276 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9277 
9278 	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9279 	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9280 	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9281 	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9282 	ctsio->kern_sg_entries = 0;
9283 
9284 	if (sup_page_size < alloc_len) {
9285 		ctsio->residual = alloc_len - sup_page_size;
9286 		ctsio->kern_data_len = sup_page_size;
9287 		ctsio->kern_total_len = sup_page_size;
9288 	} else {
9289 		ctsio->residual = 0;
9290 		ctsio->kern_data_len = alloc_len;
9291 		ctsio->kern_total_len = alloc_len;
9292 	}
9293 	ctsio->kern_data_resid = 0;
9294 	ctsio->kern_rel_offset = 0;
9295 	ctsio->kern_sg_entries = 0;
9296 
9297 	/*
9298 	 * The control device is always connected.  The disk device, on the
9299 	 * other hand, may not be online all the time.  Need to change this
9300 	 * to figure out whether the disk device is actually online or not.
9301 	 */
9302 	if (lun != NULL)
9303 		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9304 				lun->be_lun->lun_type;
9305 	else
9306 		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9307 
9308 	p = 0;
9309 	/* Supported VPD pages */
9310 	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9311 	/* Serial Number */
9312 	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9313 	/* Device Identification */
9314 	pages->page_list[p++] = SVPD_DEVICE_ID;
9315 	/* Extended INQUIRY Data */
9316 	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9317 	/* Mode Page Policy */
9318 	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9319 	/* SCSI Ports */
9320 	pages->page_list[p++] = SVPD_SCSI_PORTS;
9321 	/* Third-party Copy */
9322 	pages->page_list[p++] = SVPD_SCSI_TPC;
9323 	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9324 		/* Block limits */
9325 		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9326 		/* Block Device Characteristics */
9327 		pages->page_list[p++] = SVPD_BDC;
9328 		/* Logical Block Provisioning */
9329 		pages->page_list[p++] = SVPD_LBP;
9330 	}
9331 	pages->length = p;
9332 
9333 	ctl_set_success(ctsio);
9334 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9335 	ctsio->be_move_done = ctl_config_move_done;
9336 	ctl_datamove((union ctl_io *)ctsio);
9337 	return (CTL_RETVAL_COMPLETE);
9338 }
9339 
9340 /*
9341  * SCSI VPD page 0x80, the Unit Serial Number page.
9342  */
9343 static int
9344 ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9345 {
9346 	struct scsi_vpd_unit_serial_number *sn_ptr;
9347 	struct ctl_lun *lun;
9348 	int data_len;
9349 
9350 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9351 
9352 	data_len = 4 + CTL_SN_LEN;
9353 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9354 	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9355 	if (data_len < alloc_len) {
9356 		ctsio->residual = alloc_len - data_len;
9357 		ctsio->kern_data_len = data_len;
9358 		ctsio->kern_total_len = data_len;
9359 	} else {
9360 		ctsio->residual = 0;
9361 		ctsio->kern_data_len = alloc_len;
9362 		ctsio->kern_total_len = alloc_len;
9363 	}
9364 	ctsio->kern_data_resid = 0;
9365 	ctsio->kern_rel_offset = 0;
9366 	ctsio->kern_sg_entries = 0;
9367 
9368 	/*
9369 	 * The control device is always connected.  The disk device, on the
9370 	 * other hand, may not be online all the time.  Need to change this
9371 	 * to figure out whether the disk device is actually online or not.
9372 	 */
9373 	if (lun != NULL)
9374 		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9375 				  lun->be_lun->lun_type;
9376 	else
9377 		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9378 
9379 	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9380 	sn_ptr->length = CTL_SN_LEN;
9381 	/*
9382 	 * If we don't have a LUN, we just leave the serial number as
9383 	 * all spaces.
9384 	 */
9385 	if (lun != NULL) {
9386 		strncpy((char *)sn_ptr->serial_num,
9387 			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9388 	} else
9389 		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9390 
9391 	ctl_set_success(ctsio);
9392 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9393 	ctsio->be_move_done = ctl_config_move_done;
9394 	ctl_datamove((union ctl_io *)ctsio);
9395 	return (CTL_RETVAL_COMPLETE);
9396 }
9397 
9398 
9399 /*
9400  * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9401  */
9402 static int
9403 ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9404 {
9405 	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9406 	struct ctl_lun *lun;
9407 	int data_len;
9408 
9409 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9410 
9411 	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9412 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9413 	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9414 	ctsio->kern_sg_entries = 0;
9415 
9416 	if (data_len < alloc_len) {
9417 		ctsio->residual = alloc_len - data_len;
9418 		ctsio->kern_data_len = data_len;
9419 		ctsio->kern_total_len = data_len;
9420 	} else {
9421 		ctsio->residual = 0;
9422 		ctsio->kern_data_len = alloc_len;
9423 		ctsio->kern_total_len = alloc_len;
9424 	}
9425 	ctsio->kern_data_resid = 0;
9426 	ctsio->kern_rel_offset = 0;
9427 	ctsio->kern_sg_entries = 0;
9428 
9429 	/*
9430 	 * The control device is always connected.  The disk device, on the
9431 	 * other hand, may not be online all the time.
9432 	 */
9433 	if (lun != NULL)
9434 		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9435 				     lun->be_lun->lun_type;
9436 	else
9437 		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9438 	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9439 	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9440 	/*
9441 	 * We support head of queue, ordered and simple tags.
9442 	 */
9443 	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9444 	/*
9445 	 * Volatile cache supported.
9446 	 */
9447 	eid_ptr->flags3 = SVPD_EID_V_SUP;
9448 
9449 	/*
9450 	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9451 	 * attention for a particular IT nexus on all LUNs once we report
9452 	 * it to that nexus once.  This bit is required as of SPC-4.
9453 	 */
9454 	eid_ptr->flags4 = SVPD_EID_LUICLT;
9455 
9456 	/*
9457 	 * XXX KDM in order to correctly answer this, we would need
9458 	 * information from the SIM to determine how much sense data it
9459 	 * can send.  So this would really be a path inquiry field, most
9460 	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9461 	 * but the hardware may or may not be able to support that much.
9462 	 * 0 just means that the maximum sense data length is not reported.
9463 	 */
9464 	eid_ptr->max_sense_length = 0;
9465 
9466 	ctl_set_success(ctsio);
9467 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9468 	ctsio->be_move_done = ctl_config_move_done;
9469 	ctl_datamove((union ctl_io *)ctsio);
9470 	return (CTL_RETVAL_COMPLETE);
9471 }
9472 
9473 static int
9474 ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9475 {
9476 	struct scsi_vpd_mode_page_policy *mpp_ptr;
9477 	struct ctl_lun *lun;
9478 	int data_len;
9479 
9480 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9481 
9482 	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9483 	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9484 
9485 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9486 	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9487 	ctsio->kern_sg_entries = 0;
9488 
9489 	if (data_len < alloc_len) {
9490 		ctsio->residual = alloc_len - data_len;
9491 		ctsio->kern_data_len = data_len;
9492 		ctsio->kern_total_len = data_len;
9493 	} else {
9494 		ctsio->residual = 0;
9495 		ctsio->kern_data_len = alloc_len;
9496 		ctsio->kern_total_len = alloc_len;
9497 	}
9498 	ctsio->kern_data_resid = 0;
9499 	ctsio->kern_rel_offset = 0;
9500 	ctsio->kern_sg_entries = 0;
9501 
9502 	/*
9503 	 * The control device is always connected.  The disk device, on the
9504 	 * other hand, may not be online all the time.
9505 	 */
9506 	if (lun != NULL)
9507 		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9508 				     lun->be_lun->lun_type;
9509 	else
9510 		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9511 	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9512 	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9513 	mpp_ptr->descr[0].page_code = 0x3f;
9514 	mpp_ptr->descr[0].subpage_code = 0xff;
9515 	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9516 
9517 	ctl_set_success(ctsio);
9518 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9519 	ctsio->be_move_done = ctl_config_move_done;
9520 	ctl_datamove((union ctl_io *)ctsio);
9521 	return (CTL_RETVAL_COMPLETE);
9522 }
9523 
9524 /*
9525  * SCSI VPD page 0x83, the Device Identification page.
9526  */
9527 static int
9528 ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9529 {
9530 	struct scsi_vpd_device_id *devid_ptr;
9531 	struct scsi_vpd_id_descriptor *desc;
9532 	struct ctl_softc *softc;
9533 	struct ctl_lun *lun;
9534 	struct ctl_port *port;
9535 	int data_len;
9536 	uint8_t proto;
9537 
9538 	softc = control_softc;
9539 
9540 	port = ctl_io_port(&ctsio->io_hdr);
9541 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9542 
9543 	data_len = sizeof(struct scsi_vpd_device_id) +
9544 	    sizeof(struct scsi_vpd_id_descriptor) +
9545 		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9546 	    sizeof(struct scsi_vpd_id_descriptor) +
9547 		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9548 	if (lun && lun->lun_devid)
9549 		data_len += lun->lun_devid->len;
9550 	if (port && port->port_devid)
9551 		data_len += port->port_devid->len;
9552 	if (port && port->target_devid)
9553 		data_len += port->target_devid->len;
9554 
9555 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9556 	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9557 	ctsio->kern_sg_entries = 0;
9558 
9559 	if (data_len < alloc_len) {
9560 		ctsio->residual = alloc_len - data_len;
9561 		ctsio->kern_data_len = data_len;
9562 		ctsio->kern_total_len = data_len;
9563 	} else {
9564 		ctsio->residual = 0;
9565 		ctsio->kern_data_len = alloc_len;
9566 		ctsio->kern_total_len = alloc_len;
9567 	}
9568 	ctsio->kern_data_resid = 0;
9569 	ctsio->kern_rel_offset = 0;
9570 	ctsio->kern_sg_entries = 0;
9571 
9572 	/*
9573 	 * The control device is always connected.  The disk device, on the
9574 	 * other hand, may not be online all the time.
9575 	 */
9576 	if (lun != NULL)
9577 		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9578 				     lun->be_lun->lun_type;
9579 	else
9580 		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9581 	devid_ptr->page_code = SVPD_DEVICE_ID;
9582 	scsi_ulto2b(data_len - 4, devid_ptr->length);
9583 
9584 	if (port && port->port_type == CTL_PORT_FC)
9585 		proto = SCSI_PROTO_FC << 4;
9586 	else if (port && port->port_type == CTL_PORT_ISCSI)
9587 		proto = SCSI_PROTO_ISCSI << 4;
9588 	else
9589 		proto = SCSI_PROTO_SPI << 4;
9590 	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9591 
9592 	/*
9593 	 * We're using a LUN association here.  i.e., this device ID is a
9594 	 * per-LUN identifier.
9595 	 */
9596 	if (lun && lun->lun_devid) {
9597 		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9598 		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9599 		    lun->lun_devid->len);
9600 	}
9601 
9602 	/*
9603 	 * This is for the WWPN which is a port association.
9604 	 */
9605 	if (port && port->port_devid) {
9606 		memcpy(desc, port->port_devid->data, port->port_devid->len);
9607 		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9608 		    port->port_devid->len);
9609 	}
9610 
9611 	/*
9612 	 * This is for the Relative Target Port(type 4h) identifier
9613 	 */
9614 	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9615 	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9616 	    SVPD_ID_TYPE_RELTARG;
9617 	desc->length = 4;
9618 	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9619 	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9620 	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9621 
9622 	/*
9623 	 * This is for the Target Port Group(type 5h) identifier
9624 	 */
9625 	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9626 	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9627 	    SVPD_ID_TYPE_TPORTGRP;
9628 	desc->length = 4;
9629 	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9630 	    &desc->identifier[2]);
9631 	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9632 	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9633 
9634 	/*
9635 	 * This is for the Target identifier
9636 	 */
9637 	if (port && port->target_devid) {
9638 		memcpy(desc, port->target_devid->data, port->target_devid->len);
9639 	}
9640 
9641 	ctl_set_success(ctsio);
9642 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9643 	ctsio->be_move_done = ctl_config_move_done;
9644 	ctl_datamove((union ctl_io *)ctsio);
9645 	return (CTL_RETVAL_COMPLETE);
9646 }
9647 
9648 static int
9649 ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9650 {
9651 	struct ctl_softc *softc = control_softc;
9652 	struct scsi_vpd_scsi_ports *sp;
9653 	struct scsi_vpd_port_designation *pd;
9654 	struct scsi_vpd_port_designation_cont *pdc;
9655 	struct ctl_lun *lun;
9656 	struct ctl_port *port;
9657 	int data_len, num_target_ports, iid_len, id_len;
9658 
9659 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9660 
9661 	num_target_ports = 0;
9662 	iid_len = 0;
9663 	id_len = 0;
9664 	mtx_lock(&softc->ctl_lock);
9665 	STAILQ_FOREACH(port, &softc->port_list, links) {
9666 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9667 			continue;
9668 		if (lun != NULL &&
9669 		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9670 			continue;
9671 		num_target_ports++;
9672 		if (port->init_devid)
9673 			iid_len += port->init_devid->len;
9674 		if (port->port_devid)
9675 			id_len += port->port_devid->len;
9676 	}
9677 	mtx_unlock(&softc->ctl_lock);
9678 
9679 	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9680 	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9681 	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9682 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9683 	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9684 	ctsio->kern_sg_entries = 0;
9685 
9686 	if (data_len < alloc_len) {
9687 		ctsio->residual = alloc_len - data_len;
9688 		ctsio->kern_data_len = data_len;
9689 		ctsio->kern_total_len = data_len;
9690 	} else {
9691 		ctsio->residual = 0;
9692 		ctsio->kern_data_len = alloc_len;
9693 		ctsio->kern_total_len = alloc_len;
9694 	}
9695 	ctsio->kern_data_resid = 0;
9696 	ctsio->kern_rel_offset = 0;
9697 	ctsio->kern_sg_entries = 0;
9698 
9699 	/*
9700 	 * The control device is always connected.  The disk device, on the
9701 	 * other hand, may not be online all the time.  Need to change this
9702 	 * to figure out whether the disk device is actually online or not.
9703 	 */
9704 	if (lun != NULL)
9705 		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9706 				  lun->be_lun->lun_type;
9707 	else
9708 		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9709 
9710 	sp->page_code = SVPD_SCSI_PORTS;
9711 	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9712 	    sp->page_length);
9713 	pd = &sp->design[0];
9714 
9715 	mtx_lock(&softc->ctl_lock);
9716 	STAILQ_FOREACH(port, &softc->port_list, links) {
9717 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9718 			continue;
9719 		if (lun != NULL &&
9720 		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9721 			continue;
9722 		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9723 		if (port->init_devid) {
9724 			iid_len = port->init_devid->len;
9725 			memcpy(pd->initiator_transportid,
9726 			    port->init_devid->data, port->init_devid->len);
9727 		} else
9728 			iid_len = 0;
9729 		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9730 		pdc = (struct scsi_vpd_port_designation_cont *)
9731 		    (&pd->initiator_transportid[iid_len]);
9732 		if (port->port_devid) {
9733 			id_len = port->port_devid->len;
9734 			memcpy(pdc->target_port_descriptors,
9735 			    port->port_devid->data, port->port_devid->len);
9736 		} else
9737 			id_len = 0;
9738 		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9739 		pd = (struct scsi_vpd_port_designation *)
9740 		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9741 	}
9742 	mtx_unlock(&softc->ctl_lock);
9743 
9744 	ctl_set_success(ctsio);
9745 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9746 	ctsio->be_move_done = ctl_config_move_done;
9747 	ctl_datamove((union ctl_io *)ctsio);
9748 	return (CTL_RETVAL_COMPLETE);
9749 }
9750 
9751 static int
9752 ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9753 {
9754 	struct scsi_vpd_block_limits *bl_ptr;
9755 	struct ctl_lun *lun;
9756 
9757 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9758 
9759 	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9760 	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9761 	ctsio->kern_sg_entries = 0;
9762 
9763 	if (sizeof(*bl_ptr) < alloc_len) {
9764 		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9765 		ctsio->kern_data_len = sizeof(*bl_ptr);
9766 		ctsio->kern_total_len = sizeof(*bl_ptr);
9767 	} else {
9768 		ctsio->residual = 0;
9769 		ctsio->kern_data_len = alloc_len;
9770 		ctsio->kern_total_len = alloc_len;
9771 	}
9772 	ctsio->kern_data_resid = 0;
9773 	ctsio->kern_rel_offset = 0;
9774 	ctsio->kern_sg_entries = 0;
9775 
9776 	/*
9777 	 * The control device is always connected.  The disk device, on the
9778 	 * other hand, may not be online all the time.  Need to change this
9779 	 * to figure out whether the disk device is actually online or not.
9780 	 */
9781 	if (lun != NULL)
9782 		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9783 				  lun->be_lun->lun_type;
9784 	else
9785 		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9786 
9787 	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9788 	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9789 	bl_ptr->max_cmp_write_len = 0xff;
9790 	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9791 	if (lun != NULL) {
9792 		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9793 		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9794 			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9795 			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9796 			if (lun->be_lun->ublockexp != 0) {
9797 				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9798 				    bl_ptr->opt_unmap_grain);
9799 				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9800 				    bl_ptr->unmap_grain_align);
9801 			}
9802 		}
9803 		scsi_ulto4b(lun->be_lun->atomicblock,
9804 		    bl_ptr->max_atomic_transfer_length);
9805 		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9806 		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9807 		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9808 		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9809 	}
9810 	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9811 
9812 	ctl_set_success(ctsio);
9813 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9814 	ctsio->be_move_done = ctl_config_move_done;
9815 	ctl_datamove((union ctl_io *)ctsio);
9816 	return (CTL_RETVAL_COMPLETE);
9817 }
9818 
9819 static int
9820 ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9821 {
9822 	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9823 	struct ctl_lun *lun;
9824 	const char *value;
9825 	u_int i;
9826 
9827 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9828 
9829 	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9830 	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9831 	ctsio->kern_sg_entries = 0;
9832 
9833 	if (sizeof(*bdc_ptr) < alloc_len) {
9834 		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9835 		ctsio->kern_data_len = sizeof(*bdc_ptr);
9836 		ctsio->kern_total_len = sizeof(*bdc_ptr);
9837 	} else {
9838 		ctsio->residual = 0;
9839 		ctsio->kern_data_len = alloc_len;
9840 		ctsio->kern_total_len = alloc_len;
9841 	}
9842 	ctsio->kern_data_resid = 0;
9843 	ctsio->kern_rel_offset = 0;
9844 	ctsio->kern_sg_entries = 0;
9845 
9846 	/*
9847 	 * The control device is always connected.  The disk device, on the
9848 	 * other hand, may not be online all the time.  Need to change this
9849 	 * to figure out whether the disk device is actually online or not.
9850 	 */
9851 	if (lun != NULL)
9852 		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9853 				  lun->be_lun->lun_type;
9854 	else
9855 		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9856 	bdc_ptr->page_code = SVPD_BDC;
9857 	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9858 	if (lun != NULL &&
9859 	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9860 		i = strtol(value, NULL, 0);
9861 	else
9862 		i = CTL_DEFAULT_ROTATION_RATE;
9863 	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9864 	if (lun != NULL &&
9865 	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9866 		i = strtol(value, NULL, 0);
9867 	else
9868 		i = 0;
9869 	bdc_ptr->wab_wac_ff = (i & 0x0f);
9870 	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9871 
9872 	ctl_set_success(ctsio);
9873 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9874 	ctsio->be_move_done = ctl_config_move_done;
9875 	ctl_datamove((union ctl_io *)ctsio);
9876 	return (CTL_RETVAL_COMPLETE);
9877 }
9878 
9879 static int
9880 ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9881 {
9882 	struct scsi_vpd_logical_block_prov *lbp_ptr;
9883 	struct ctl_lun *lun;
9884 
9885 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9886 
9887 	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9888 	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9889 	ctsio->kern_sg_entries = 0;
9890 
9891 	if (sizeof(*lbp_ptr) < alloc_len) {
9892 		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9893 		ctsio->kern_data_len = sizeof(*lbp_ptr);
9894 		ctsio->kern_total_len = sizeof(*lbp_ptr);
9895 	} else {
9896 		ctsio->residual = 0;
9897 		ctsio->kern_data_len = alloc_len;
9898 		ctsio->kern_total_len = alloc_len;
9899 	}
9900 	ctsio->kern_data_resid = 0;
9901 	ctsio->kern_rel_offset = 0;
9902 	ctsio->kern_sg_entries = 0;
9903 
9904 	/*
9905 	 * The control device is always connected.  The disk device, on the
9906 	 * other hand, may not be online all the time.  Need to change this
9907 	 * to figure out whether the disk device is actually online or not.
9908 	 */
9909 	if (lun != NULL)
9910 		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9911 				  lun->be_lun->lun_type;
9912 	else
9913 		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9914 
9915 	lbp_ptr->page_code = SVPD_LBP;
9916 	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9917 	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9918 	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9919 		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9920 		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9921 		lbp_ptr->prov_type = SVPD_LBP_THIN;
9922 	}
9923 
9924 	ctl_set_success(ctsio);
9925 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9926 	ctsio->be_move_done = ctl_config_move_done;
9927 	ctl_datamove((union ctl_io *)ctsio);
9928 	return (CTL_RETVAL_COMPLETE);
9929 }
9930 
9931 /*
9932  * INQUIRY with the EVPD bit set.
9933  */
9934 static int
9935 ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9936 {
9937 	struct ctl_lun *lun;
9938 	struct scsi_inquiry *cdb;
9939 	int alloc_len, retval;
9940 
9941 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9942 	cdb = (struct scsi_inquiry *)ctsio->cdb;
9943 	alloc_len = scsi_2btoul(cdb->length);
9944 
9945 	switch (cdb->page_code) {
9946 	case SVPD_SUPPORTED_PAGES:
9947 		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9948 		break;
9949 	case SVPD_UNIT_SERIAL_NUMBER:
9950 		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9951 		break;
9952 	case SVPD_DEVICE_ID:
9953 		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9954 		break;
9955 	case SVPD_EXTENDED_INQUIRY_DATA:
9956 		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9957 		break;
9958 	case SVPD_MODE_PAGE_POLICY:
9959 		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9960 		break;
9961 	case SVPD_SCSI_PORTS:
9962 		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9963 		break;
9964 	case SVPD_SCSI_TPC:
9965 		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9966 		break;
9967 	case SVPD_BLOCK_LIMITS:
9968 		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9969 			goto err;
9970 		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9971 		break;
9972 	case SVPD_BDC:
9973 		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9974 			goto err;
9975 		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9976 		break;
9977 	case SVPD_LBP:
9978 		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9979 			goto err;
9980 		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9981 		break;
9982 	default:
9983 err:
9984 		ctl_set_invalid_field(ctsio,
9985 				      /*sks_valid*/ 1,
9986 				      /*command*/ 1,
9987 				      /*field*/ 2,
9988 				      /*bit_valid*/ 0,
9989 				      /*bit*/ 0);
9990 		ctl_done((union ctl_io *)ctsio);
9991 		retval = CTL_RETVAL_COMPLETE;
9992 		break;
9993 	}
9994 
9995 	return (retval);
9996 }
9997 
9998 /*
9999  * Standard INQUIRY data.
10000  */
10001 static int
10002 ctl_inquiry_std(struct ctl_scsiio *ctsio)
10003 {
10004 	struct scsi_inquiry_data *inq_ptr;
10005 	struct scsi_inquiry *cdb;
10006 	struct ctl_softc *softc = control_softc;
10007 	struct ctl_port *port;
10008 	struct ctl_lun *lun;
10009 	char *val;
10010 	uint32_t alloc_len, data_len;
10011 	ctl_port_type port_type;
10012 
10013 	port = ctl_io_port(&ctsio->io_hdr);
10014 	port_type = port->port_type;
10015 	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10016 		port_type = CTL_PORT_SCSI;
10017 
10018 	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10019 	cdb = (struct scsi_inquiry *)ctsio->cdb;
10020 	alloc_len = scsi_2btoul(cdb->length);
10021 
10022 	/*
10023 	 * We malloc the full inquiry data size here and fill it
10024 	 * in.  If the user only asks for less, we'll give him
10025 	 * that much.
10026 	 */
10027 	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10028 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10029 	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10030 	ctsio->kern_sg_entries = 0;
10031 	ctsio->kern_data_resid = 0;
10032 	ctsio->kern_rel_offset = 0;
10033 
10034 	if (data_len < alloc_len) {
10035 		ctsio->residual = alloc_len - data_len;
10036 		ctsio->kern_data_len = data_len;
10037 		ctsio->kern_total_len = data_len;
10038 	} else {
10039 		ctsio->residual = 0;
10040 		ctsio->kern_data_len = alloc_len;
10041 		ctsio->kern_total_len = alloc_len;
10042 	}
10043 
10044 	if (lun != NULL) {
10045 		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10046 		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10047 			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10048 			    lun->be_lun->lun_type;
10049 		} else {
10050 			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10051 			    lun->be_lun->lun_type;
10052 		}
10053 	} else
10054 		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10055 
10056 	/* RMB in byte 2 is 0 */
10057 	inq_ptr->version = SCSI_REV_SPC4;
10058 
10059 	/*
10060 	 * According to SAM-3, even if a device only supports a single
10061 	 * level of LUN addressing, it should still set the HISUP bit:
10062 	 *
10063 	 * 4.9.1 Logical unit numbers overview
10064 	 *
10065 	 * All logical unit number formats described in this standard are
10066 	 * hierarchical in structure even when only a single level in that
10067 	 * hierarchy is used. The HISUP bit shall be set to one in the
10068 	 * standard INQUIRY data (see SPC-2) when any logical unit number
10069 	 * format described in this standard is used.  Non-hierarchical
10070 	 * formats are outside the scope of this standard.
10071 	 *
10072 	 * Therefore we set the HiSup bit here.
10073 	 *
10074 	 * The reponse format is 2, per SPC-3.
10075 	 */
10076 	inq_ptr->response_format = SID_HiSup | 2;
10077 
10078 	inq_ptr->additional_length = data_len -
10079 	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10080 	CTL_DEBUG_PRINT(("additional_length = %d\n",
10081 			 inq_ptr->additional_length));
10082 
10083 	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10084 	if (port_type == CTL_PORT_SCSI)
10085 		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10086 	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10087 	inq_ptr->flags = SID_CmdQue;
10088 	if (port_type == CTL_PORT_SCSI)
10089 		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10090 
10091 	/*
10092 	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10093 	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10094 	 * name and 4 bytes for the revision.
10095 	 */
10096 	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10097 	    "vendor")) == NULL) {
10098 		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10099 	} else {
10100 		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10101 		strncpy(inq_ptr->vendor, val,
10102 		    min(sizeof(inq_ptr->vendor), strlen(val)));
10103 	}
10104 	if (lun == NULL) {
10105 		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10106 		    sizeof(inq_ptr->product));
10107 	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10108 		switch (lun->be_lun->lun_type) {
10109 		case T_DIRECT:
10110 			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10111 			    sizeof(inq_ptr->product));
10112 			break;
10113 		case T_PROCESSOR:
10114 			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10115 			    sizeof(inq_ptr->product));
10116 			break;
10117 		default:
10118 			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10119 			    sizeof(inq_ptr->product));
10120 			break;
10121 		}
10122 	} else {
10123 		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10124 		strncpy(inq_ptr->product, val,
10125 		    min(sizeof(inq_ptr->product), strlen(val)));
10126 	}
10127 
10128 	/*
10129 	 * XXX make this a macro somewhere so it automatically gets
10130 	 * incremented when we make changes.
10131 	 */
10132 	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10133 	    "revision")) == NULL) {
10134 		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10135 	} else {
10136 		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10137 		strncpy(inq_ptr->revision, val,
10138 		    min(sizeof(inq_ptr->revision), strlen(val)));
10139 	}
10140 
10141 	/*
10142 	 * For parallel SCSI, we support double transition and single
10143 	 * transition clocking.  We also support QAS (Quick Arbitration
10144 	 * and Selection) and Information Unit transfers on both the
10145 	 * control and array devices.
10146 	 */
10147 	if (port_type == CTL_PORT_SCSI)
10148 		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10149 				    SID_SPI_IUS;
10150 
10151 	/* SAM-5 (no version claimed) */
10152 	scsi_ulto2b(0x00A0, inq_ptr->version1);
10153 	/* SPC-4 (no version claimed) */
10154 	scsi_ulto2b(0x0460, inq_ptr->version2);
10155 	if (port_type == CTL_PORT_FC) {
10156 		/* FCP-2 ANSI INCITS.350:2003 */
10157 		scsi_ulto2b(0x0917, inq_ptr->version3);
10158 	} else if (port_type == CTL_PORT_SCSI) {
10159 		/* SPI-4 ANSI INCITS.362:200x */
10160 		scsi_ulto2b(0x0B56, inq_ptr->version3);
10161 	} else if (port_type == CTL_PORT_ISCSI) {
10162 		/* iSCSI (no version claimed) */
10163 		scsi_ulto2b(0x0960, inq_ptr->version3);
10164 	} else if (port_type == CTL_PORT_SAS) {
10165 		/* SAS (no version claimed) */
10166 		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10167 	}
10168 
10169 	if (lun == NULL) {
10170 		/* SBC-4 (no version claimed) */
10171 		scsi_ulto2b(0x0600, inq_ptr->version4);
10172 	} else {
10173 		switch (lun->be_lun->lun_type) {
10174 		case T_DIRECT:
10175 			/* SBC-4 (no version claimed) */
10176 			scsi_ulto2b(0x0600, inq_ptr->version4);
10177 			break;
10178 		case T_PROCESSOR:
10179 		default:
10180 			break;
10181 		}
10182 	}
10183 
10184 	ctl_set_success(ctsio);
10185 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10186 	ctsio->be_move_done = ctl_config_move_done;
10187 	ctl_datamove((union ctl_io *)ctsio);
10188 	return (CTL_RETVAL_COMPLETE);
10189 }
10190 
10191 int
10192 ctl_inquiry(struct ctl_scsiio *ctsio)
10193 {
10194 	struct scsi_inquiry *cdb;
10195 	int retval;
10196 
10197 	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10198 
10199 	cdb = (struct scsi_inquiry *)ctsio->cdb;
10200 	if (cdb->byte2 & SI_EVPD)
10201 		retval = ctl_inquiry_evpd(ctsio);
10202 	else if (cdb->page_code == 0)
10203 		retval = ctl_inquiry_std(ctsio);
10204 	else {
10205 		ctl_set_invalid_field(ctsio,
10206 				      /*sks_valid*/ 1,
10207 				      /*command*/ 1,
10208 				      /*field*/ 2,
10209 				      /*bit_valid*/ 0,
10210 				      /*bit*/ 0);
10211 		ctl_done((union ctl_io *)ctsio);
10212 		return (CTL_RETVAL_COMPLETE);
10213 	}
10214 
10215 	return (retval);
10216 }
10217 
10218 /*
10219  * For known CDB types, parse the LBA and length.
10220  */
10221 static int
10222 ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10223 {
10224 	if (io->io_hdr.io_type != CTL_IO_SCSI)
10225 		return (1);
10226 
10227 	switch (io->scsiio.cdb[0]) {
10228 	case COMPARE_AND_WRITE: {
10229 		struct scsi_compare_and_write *cdb;
10230 
10231 		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10232 
10233 		*lba = scsi_8btou64(cdb->addr);
10234 		*len = cdb->length;
10235 		break;
10236 	}
10237 	case READ_6:
10238 	case WRITE_6: {
10239 		struct scsi_rw_6 *cdb;
10240 
10241 		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10242 
10243 		*lba = scsi_3btoul(cdb->addr);
10244 		/* only 5 bits are valid in the most significant address byte */
10245 		*lba &= 0x1fffff;
10246 		*len = cdb->length;
10247 		break;
10248 	}
10249 	case READ_10:
10250 	case WRITE_10: {
10251 		struct scsi_rw_10 *cdb;
10252 
10253 		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10254 
10255 		*lba = scsi_4btoul(cdb->addr);
10256 		*len = scsi_2btoul(cdb->length);
10257 		break;
10258 	}
10259 	case WRITE_VERIFY_10: {
10260 		struct scsi_write_verify_10 *cdb;
10261 
10262 		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10263 
10264 		*lba = scsi_4btoul(cdb->addr);
10265 		*len = scsi_2btoul(cdb->length);
10266 		break;
10267 	}
10268 	case READ_12:
10269 	case WRITE_12: {
10270 		struct scsi_rw_12 *cdb;
10271 
10272 		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10273 
10274 		*lba = scsi_4btoul(cdb->addr);
10275 		*len = scsi_4btoul(cdb->length);
10276 		break;
10277 	}
10278 	case WRITE_VERIFY_12: {
10279 		struct scsi_write_verify_12 *cdb;
10280 
10281 		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10282 
10283 		*lba = scsi_4btoul(cdb->addr);
10284 		*len = scsi_4btoul(cdb->length);
10285 		break;
10286 	}
10287 	case READ_16:
10288 	case WRITE_16: {
10289 		struct scsi_rw_16 *cdb;
10290 
10291 		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10292 
10293 		*lba = scsi_8btou64(cdb->addr);
10294 		*len = scsi_4btoul(cdb->length);
10295 		break;
10296 	}
10297 	case WRITE_ATOMIC_16: {
10298 		struct scsi_write_atomic_16 *cdb;
10299 
10300 		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10301 
10302 		*lba = scsi_8btou64(cdb->addr);
10303 		*len = scsi_2btoul(cdb->length);
10304 		break;
10305 	}
10306 	case WRITE_VERIFY_16: {
10307 		struct scsi_write_verify_16 *cdb;
10308 
10309 		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10310 
10311 		*lba = scsi_8btou64(cdb->addr);
10312 		*len = scsi_4btoul(cdb->length);
10313 		break;
10314 	}
10315 	case WRITE_SAME_10: {
10316 		struct scsi_write_same_10 *cdb;
10317 
10318 		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10319 
10320 		*lba = scsi_4btoul(cdb->addr);
10321 		*len = scsi_2btoul(cdb->length);
10322 		break;
10323 	}
10324 	case WRITE_SAME_16: {
10325 		struct scsi_write_same_16 *cdb;
10326 
10327 		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10328 
10329 		*lba = scsi_8btou64(cdb->addr);
10330 		*len = scsi_4btoul(cdb->length);
10331 		break;
10332 	}
10333 	case VERIFY_10: {
10334 		struct scsi_verify_10 *cdb;
10335 
10336 		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10337 
10338 		*lba = scsi_4btoul(cdb->addr);
10339 		*len = scsi_2btoul(cdb->length);
10340 		break;
10341 	}
10342 	case VERIFY_12: {
10343 		struct scsi_verify_12 *cdb;
10344 
10345 		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10346 
10347 		*lba = scsi_4btoul(cdb->addr);
10348 		*len = scsi_4btoul(cdb->length);
10349 		break;
10350 	}
10351 	case VERIFY_16: {
10352 		struct scsi_verify_16 *cdb;
10353 
10354 		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10355 
10356 		*lba = scsi_8btou64(cdb->addr);
10357 		*len = scsi_4btoul(cdb->length);
10358 		break;
10359 	}
10360 	case UNMAP: {
10361 		*lba = 0;
10362 		*len = UINT64_MAX;
10363 		break;
10364 	}
10365 	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10366 		struct scsi_get_lba_status *cdb;
10367 
10368 		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10369 		*lba = scsi_8btou64(cdb->addr);
10370 		*len = UINT32_MAX;
10371 		break;
10372 	}
10373 	default:
10374 		return (1);
10375 		break; /* NOTREACHED */
10376 	}
10377 
10378 	return (0);
10379 }
10380 
10381 static ctl_action
10382 ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10383     bool seq)
10384 {
10385 	uint64_t endlba1, endlba2;
10386 
10387 	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10388 	endlba2 = lba2 + len2 - 1;
10389 
10390 	if ((endlba1 < lba2) || (endlba2 < lba1))
10391 		return (CTL_ACTION_PASS);
10392 	else
10393 		return (CTL_ACTION_BLOCK);
10394 }
10395 
10396 static int
10397 ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10398 {
10399 	struct ctl_ptr_len_flags *ptrlen;
10400 	struct scsi_unmap_desc *buf, *end, *range;
10401 	uint64_t lba;
10402 	uint32_t len;
10403 
10404 	/* If not UNMAP -- go other way. */
10405 	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10406 	    io->scsiio.cdb[0] != UNMAP)
10407 		return (CTL_ACTION_ERROR);
10408 
10409 	/* If UNMAP without data -- block and wait for data. */
10410 	ptrlen = (struct ctl_ptr_len_flags *)
10411 	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10412 	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10413 	    ptrlen->ptr == NULL)
10414 		return (CTL_ACTION_BLOCK);
10415 
10416 	/* UNMAP with data -- check for collision. */
10417 	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10418 	end = buf + ptrlen->len / sizeof(*buf);
10419 	for (range = buf; range < end; range++) {
10420 		lba = scsi_8btou64(range->lba);
10421 		len = scsi_4btoul(range->length);
10422 		if ((lba < lba2 + len2) && (lba + len > lba2))
10423 			return (CTL_ACTION_BLOCK);
10424 	}
10425 	return (CTL_ACTION_PASS);
10426 }
10427 
10428 static ctl_action
10429 ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10430 {
10431 	uint64_t lba1, lba2;
10432 	uint64_t len1, len2;
10433 	int retval;
10434 
10435 	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10436 		return (CTL_ACTION_ERROR);
10437 
10438 	retval = ctl_extent_check_unmap(io1, lba2, len2);
10439 	if (retval != CTL_ACTION_ERROR)
10440 		return (retval);
10441 
10442 	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10443 		return (CTL_ACTION_ERROR);
10444 
10445 	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10446 		seq = FALSE;
10447 	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10448 }
10449 
10450 static ctl_action
10451 ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10452 {
10453 	uint64_t lba1, lba2;
10454 	uint64_t len1, len2;
10455 
10456 	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10457 		return (CTL_ACTION_PASS);
10458 	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10459 		return (CTL_ACTION_ERROR);
10460 	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10461 		return (CTL_ACTION_ERROR);
10462 
10463 	if (lba1 + len1 == lba2)
10464 		return (CTL_ACTION_BLOCK);
10465 	return (CTL_ACTION_PASS);
10466 }
10467 
10468 static ctl_action
10469 ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10470     union ctl_io *ooa_io)
10471 {
10472 	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10473 	const ctl_serialize_action *serialize_row;
10474 
10475 	/*
10476 	 * The initiator attempted multiple untagged commands at the same
10477 	 * time.  Can't do that.
10478 	 */
10479 	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10480 	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10481 	 && ((pending_io->io_hdr.nexus.targ_port ==
10482 	      ooa_io->io_hdr.nexus.targ_port)
10483 	  && (pending_io->io_hdr.nexus.initid ==
10484 	      ooa_io->io_hdr.nexus.initid))
10485 	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10486 	      CTL_FLAG_STATUS_SENT)) == 0))
10487 		return (CTL_ACTION_OVERLAP);
10488 
10489 	/*
10490 	 * The initiator attempted to send multiple tagged commands with
10491 	 * the same ID.  (It's fine if different initiators have the same
10492 	 * tag ID.)
10493 	 *
10494 	 * Even if all of those conditions are true, we don't kill the I/O
10495 	 * if the command ahead of us has been aborted.  We won't end up
10496 	 * sending it to the FETD, and it's perfectly legal to resend a
10497 	 * command with the same tag number as long as the previous
10498 	 * instance of this tag number has been aborted somehow.
10499 	 */
10500 	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10501 	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10502 	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10503 	 && ((pending_io->io_hdr.nexus.targ_port ==
10504 	      ooa_io->io_hdr.nexus.targ_port)
10505 	  && (pending_io->io_hdr.nexus.initid ==
10506 	      ooa_io->io_hdr.nexus.initid))
10507 	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10508 	      CTL_FLAG_STATUS_SENT)) == 0))
10509 		return (CTL_ACTION_OVERLAP_TAG);
10510 
10511 	/*
10512 	 * If we get a head of queue tag, SAM-3 says that we should
10513 	 * immediately execute it.
10514 	 *
10515 	 * What happens if this command would normally block for some other
10516 	 * reason?  e.g. a request sense with a head of queue tag
10517 	 * immediately after a write.  Normally that would block, but this
10518 	 * will result in its getting executed immediately...
10519 	 *
10520 	 * We currently return "pass" instead of "skip", so we'll end up
10521 	 * going through the rest of the queue to check for overlapped tags.
10522 	 *
10523 	 * XXX KDM check for other types of blockage first??
10524 	 */
10525 	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10526 		return (CTL_ACTION_PASS);
10527 
10528 	/*
10529 	 * Ordered tags have to block until all items ahead of them
10530 	 * have completed.  If we get called with an ordered tag, we always
10531 	 * block, if something else is ahead of us in the queue.
10532 	 */
10533 	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10534 		return (CTL_ACTION_BLOCK);
10535 
10536 	/*
10537 	 * Simple tags get blocked until all head of queue and ordered tags
10538 	 * ahead of them have completed.  I'm lumping untagged commands in
10539 	 * with simple tags here.  XXX KDM is that the right thing to do?
10540 	 */
10541 	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10542 	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10543 	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10544 	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10545 		return (CTL_ACTION_BLOCK);
10546 
10547 	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10548 	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10549 
10550 	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10551 
10552 	switch (serialize_row[pending_entry->seridx]) {
10553 	case CTL_SER_BLOCK:
10554 		return (CTL_ACTION_BLOCK);
10555 	case CTL_SER_EXTENT:
10556 		return (ctl_extent_check(ooa_io, pending_io,
10557 		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10558 	case CTL_SER_EXTENTOPT:
10559 		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10560 		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10561 			return (ctl_extent_check(ooa_io, pending_io,
10562 			    (lun->be_lun &&
10563 			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10564 		return (CTL_ACTION_PASS);
10565 	case CTL_SER_EXTENTSEQ:
10566 		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10567 			return (ctl_extent_check_seq(ooa_io, pending_io));
10568 		return (CTL_ACTION_PASS);
10569 	case CTL_SER_PASS:
10570 		return (CTL_ACTION_PASS);
10571 	case CTL_SER_BLOCKOPT:
10572 		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10573 		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10574 			return (CTL_ACTION_BLOCK);
10575 		return (CTL_ACTION_PASS);
10576 	case CTL_SER_SKIP:
10577 		return (CTL_ACTION_SKIP);
10578 	default:
10579 		panic("invalid serialization value %d",
10580 		      serialize_row[pending_entry->seridx]);
10581 	}
10582 
10583 	return (CTL_ACTION_ERROR);
10584 }
10585 
10586 /*
10587  * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10588  * Assumptions:
10589  * - pending_io is generally either incoming, or on the blocked queue
10590  * - starting I/O is the I/O we want to start the check with.
10591  */
10592 static ctl_action
10593 ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10594 	      union ctl_io *starting_io)
10595 {
10596 	union ctl_io *ooa_io;
10597 	ctl_action action;
10598 
10599 	mtx_assert(&lun->lun_lock, MA_OWNED);
10600 
10601 	/*
10602 	 * Run back along the OOA queue, starting with the current
10603 	 * blocked I/O and going through every I/O before it on the
10604 	 * queue.  If starting_io is NULL, we'll just end up returning
10605 	 * CTL_ACTION_PASS.
10606 	 */
10607 	for (ooa_io = starting_io; ooa_io != NULL;
10608 	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10609 	     ooa_links)){
10610 
10611 		/*
10612 		 * This routine just checks to see whether
10613 		 * cur_blocked is blocked by ooa_io, which is ahead
10614 		 * of it in the queue.  It doesn't queue/dequeue
10615 		 * cur_blocked.
10616 		 */
10617 		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10618 		switch (action) {
10619 		case CTL_ACTION_BLOCK:
10620 		case CTL_ACTION_OVERLAP:
10621 		case CTL_ACTION_OVERLAP_TAG:
10622 		case CTL_ACTION_SKIP:
10623 		case CTL_ACTION_ERROR:
10624 			return (action);
10625 			break; /* NOTREACHED */
10626 		case CTL_ACTION_PASS:
10627 			break;
10628 		default:
10629 			panic("invalid action %d", action);
10630 			break;  /* NOTREACHED */
10631 		}
10632 	}
10633 
10634 	return (CTL_ACTION_PASS);
10635 }
10636 
10637 /*
10638  * Assumptions:
10639  * - An I/O has just completed, and has been removed from the per-LUN OOA
10640  *   queue, so some items on the blocked queue may now be unblocked.
10641  */
10642 static int
10643 ctl_check_blocked(struct ctl_lun *lun)
10644 {
10645 	struct ctl_softc *softc = lun->ctl_softc;
10646 	union ctl_io *cur_blocked, *next_blocked;
10647 
10648 	mtx_assert(&lun->lun_lock, MA_OWNED);
10649 
10650 	/*
10651 	 * Run forward from the head of the blocked queue, checking each
10652 	 * entry against the I/Os prior to it on the OOA queue to see if
10653 	 * there is still any blockage.
10654 	 *
10655 	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10656 	 * with our removing a variable on it while it is traversing the
10657 	 * list.
10658 	 */
10659 	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10660 	     cur_blocked != NULL; cur_blocked = next_blocked) {
10661 		union ctl_io *prev_ooa;
10662 		ctl_action action;
10663 
10664 		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10665 							  blocked_links);
10666 
10667 		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10668 						      ctl_ooaq, ooa_links);
10669 
10670 		/*
10671 		 * If cur_blocked happens to be the first item in the OOA
10672 		 * queue now, prev_ooa will be NULL, and the action
10673 		 * returned will just be CTL_ACTION_PASS.
10674 		 */
10675 		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10676 
10677 		switch (action) {
10678 		case CTL_ACTION_BLOCK:
10679 			/* Nothing to do here, still blocked */
10680 			break;
10681 		case CTL_ACTION_OVERLAP:
10682 		case CTL_ACTION_OVERLAP_TAG:
10683 			/*
10684 			 * This shouldn't happen!  In theory we've already
10685 			 * checked this command for overlap...
10686 			 */
10687 			break;
10688 		case CTL_ACTION_PASS:
10689 		case CTL_ACTION_SKIP: {
10690 			const struct ctl_cmd_entry *entry;
10691 
10692 			/*
10693 			 * The skip case shouldn't happen, this transaction
10694 			 * should have never made it onto the blocked queue.
10695 			 */
10696 			/*
10697 			 * This I/O is no longer blocked, we can remove it
10698 			 * from the blocked queue.  Since this is a TAILQ
10699 			 * (doubly linked list), we can do O(1) removals
10700 			 * from any place on the list.
10701 			 */
10702 			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10703 				     blocked_links);
10704 			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10705 
10706 			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10707 			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10708 				/*
10709 				 * Need to send IO back to original side to
10710 				 * run
10711 				 */
10712 				union ctl_ha_msg msg_info;
10713 
10714 				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10715 				msg_info.hdr.original_sc =
10716 					cur_blocked->io_hdr.original_sc;
10717 				msg_info.hdr.serializing_sc = cur_blocked;
10718 				msg_info.hdr.msg_type = CTL_MSG_R2R;
10719 				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10720 				    sizeof(msg_info.hdr), M_NOWAIT);
10721 				break;
10722 			}
10723 			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10724 
10725 			/*
10726 			 * Check this I/O for LUN state changes that may
10727 			 * have happened while this command was blocked.
10728 			 * The LUN state may have been changed by a command
10729 			 * ahead of us in the queue, so we need to re-check
10730 			 * for any states that can be caused by SCSI
10731 			 * commands.
10732 			 */
10733 			if (ctl_scsiio_lun_check(lun, entry,
10734 						 &cur_blocked->scsiio) == 0) {
10735 				cur_blocked->io_hdr.flags |=
10736 				                      CTL_FLAG_IS_WAS_ON_RTR;
10737 				ctl_enqueue_rtr(cur_blocked);
10738 			} else
10739 				ctl_done(cur_blocked);
10740 			break;
10741 		}
10742 		default:
10743 			/*
10744 			 * This probably shouldn't happen -- we shouldn't
10745 			 * get CTL_ACTION_ERROR, or anything else.
10746 			 */
10747 			break;
10748 		}
10749 	}
10750 
10751 	return (CTL_RETVAL_COMPLETE);
10752 }
10753 
10754 /*
10755  * This routine (with one exception) checks LUN flags that can be set by
10756  * commands ahead of us in the OOA queue.  These flags have to be checked
10757  * when a command initially comes in, and when we pull a command off the
10758  * blocked queue and are preparing to execute it.  The reason we have to
10759  * check these flags for commands on the blocked queue is that the LUN
10760  * state may have been changed by a command ahead of us while we're on the
10761  * blocked queue.
10762  *
10763  * Ordering is somewhat important with these checks, so please pay
10764  * careful attention to the placement of any new checks.
10765  */
10766 static int
10767 ctl_scsiio_lun_check(struct ctl_lun *lun,
10768     const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10769 {
10770 	struct ctl_softc *softc = lun->ctl_softc;
10771 	int retval;
10772 	uint32_t residx;
10773 
10774 	retval = 0;
10775 
10776 	mtx_assert(&lun->lun_lock, MA_OWNED);
10777 
10778 	/*
10779 	 * If this shelf is a secondary shelf controller, we may have to
10780 	 * reject some commands disallowed by HA mode and link state.
10781 	 */
10782 	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10783 		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10784 		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10785 			ctl_set_lun_unavail(ctsio);
10786 			retval = 1;
10787 			goto bailout;
10788 		}
10789 		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10790 		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10791 			ctl_set_lun_transit(ctsio);
10792 			retval = 1;
10793 			goto bailout;
10794 		}
10795 		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10796 		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10797 			ctl_set_lun_standby(ctsio);
10798 			retval = 1;
10799 			goto bailout;
10800 		}
10801 
10802 		/* The rest of checks are only done on executing side */
10803 		if (softc->ha_mode == CTL_HA_MODE_XFER)
10804 			goto bailout;
10805 	}
10806 
10807 	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10808 		if (lun->be_lun &&
10809 		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10810 			ctl_set_hw_write_protected(ctsio);
10811 			retval = 1;
10812 			goto bailout;
10813 		}
10814 		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10815 		    .eca_and_aen & SCP_SWP) != 0) {
10816 			ctl_set_sense(ctsio, /*current_error*/ 1,
10817 			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10818 			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10819 			retval = 1;
10820 			goto bailout;
10821 		}
10822 	}
10823 
10824 	/*
10825 	 * Check for a reservation conflict.  If this command isn't allowed
10826 	 * even on reserved LUNs, and if this initiator isn't the one who
10827 	 * reserved us, reject the command with a reservation conflict.
10828 	 */
10829 	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10830 	if ((lun->flags & CTL_LUN_RESERVED)
10831 	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10832 		if (lun->res_idx != residx) {
10833 			ctl_set_reservation_conflict(ctsio);
10834 			retval = 1;
10835 			goto bailout;
10836 		}
10837 	}
10838 
10839 	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10840 	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10841 		/* No reservation or command is allowed. */;
10842 	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10843 	    (lun->res_type == SPR_TYPE_WR_EX ||
10844 	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10845 	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10846 		/* The command is allowed for Write Exclusive resv. */;
10847 	} else {
10848 		/*
10849 		 * if we aren't registered or it's a res holder type
10850 		 * reservation and this isn't the res holder then set a
10851 		 * conflict.
10852 		 */
10853 		if (ctl_get_prkey(lun, residx) == 0
10854 		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10855 			ctl_set_reservation_conflict(ctsio);
10856 			retval = 1;
10857 			goto bailout;
10858 		}
10859 	}
10860 
10861 	if ((lun->flags & CTL_LUN_OFFLINE)
10862 	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10863 		ctl_set_lun_not_ready(ctsio);
10864 		retval = 1;
10865 		goto bailout;
10866 	}
10867 
10868 	if ((lun->flags & CTL_LUN_STOPPED)
10869 	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10870 		/* "Logical unit not ready, initializing cmd. required" */
10871 		ctl_set_lun_stopped(ctsio);
10872 		retval = 1;
10873 		goto bailout;
10874 	}
10875 
10876 	if ((lun->flags & CTL_LUN_INOPERABLE)
10877 	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10878 		/* "Medium format corrupted" */
10879 		ctl_set_medium_format_corrupted(ctsio);
10880 		retval = 1;
10881 		goto bailout;
10882 	}
10883 
10884 bailout:
10885 	return (retval);
10886 }
10887 
10888 static void
10889 ctl_failover_io(union ctl_io *io, int have_lock)
10890 {
10891 	ctl_set_busy(&io->scsiio);
10892 	ctl_done(io);
10893 }
10894 
10895 static void
10896 ctl_failover_lun(union ctl_io *rio)
10897 {
10898 	struct ctl_softc *softc = control_softc;
10899 	struct ctl_lun *lun;
10900 	struct ctl_io_hdr *io, *next_io;
10901 	uint32_t targ_lun;
10902 
10903 	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
10904 	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
10905 
10906 	/* Find and lock the LUN. */
10907 	mtx_lock(&softc->ctl_lock);
10908 	if ((targ_lun < CTL_MAX_LUNS) &&
10909 	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
10910 		mtx_lock(&lun->lun_lock);
10911 		mtx_unlock(&softc->ctl_lock);
10912 		if (lun->flags & CTL_LUN_DISABLED) {
10913 			mtx_unlock(&lun->lun_lock);
10914 			return;
10915 		}
10916 	} else {
10917 		mtx_unlock(&softc->ctl_lock);
10918 		return;
10919 	}
10920 
10921 	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10922 		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10923 			/* We are master */
10924 			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10925 				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10926 					io->flags |= CTL_FLAG_ABORT;
10927 					io->flags |= CTL_FLAG_FAILOVER;
10928 				} else { /* This can be only due to DATAMOVE */
10929 					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10930 					io->flags &= ~CTL_FLAG_DMA_INPROG;
10931 					io->flags |= CTL_FLAG_IO_ACTIVE;
10932 					io->port_status = 31340;
10933 					ctl_enqueue_isc((union ctl_io *)io);
10934 				}
10935 			}
10936 			/* We are slave */
10937 			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10938 				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10939 				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10940 					io->flags |= CTL_FLAG_FAILOVER;
10941 				} else {
10942 					ctl_set_busy(&((union ctl_io *)io)->
10943 					    scsiio);
10944 					ctl_done((union ctl_io *)io);
10945 				}
10946 			}
10947 		}
10948 	} else { /* SERIALIZE modes */
10949 		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10950 		    next_io) {
10951 			/* We are master */
10952 			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10953 				TAILQ_REMOVE(&lun->blocked_queue, io,
10954 				    blocked_links);
10955 				io->flags &= ~CTL_FLAG_BLOCKED;
10956 				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10957 				ctl_free_io((union ctl_io *)io);
10958 			}
10959 		}
10960 		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10961 			/* We are master */
10962 			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10963 				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10964 				ctl_free_io((union ctl_io *)io);
10965 			}
10966 			/* We are slave */
10967 			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10968 				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10969 				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
10970 					ctl_set_busy(&((union ctl_io *)io)->
10971 					    scsiio);
10972 					ctl_done((union ctl_io *)io);
10973 				}
10974 			}
10975 		}
10976 		ctl_check_blocked(lun);
10977 	}
10978 	mtx_unlock(&lun->lun_lock);
10979 }
10980 
10981 static int
10982 ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
10983 {
10984 	struct ctl_lun *lun;
10985 	const struct ctl_cmd_entry *entry;
10986 	uint32_t initidx, targ_lun;
10987 	int retval;
10988 
10989 	retval = 0;
10990 
10991 	lun = NULL;
10992 
10993 	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
10994 	if ((targ_lun < CTL_MAX_LUNS)
10995 	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
10996 		/*
10997 		 * If the LUN is invalid, pretend that it doesn't exist.
10998 		 * It will go away as soon as all pending I/O has been
10999 		 * completed.
11000 		 */
11001 		mtx_lock(&lun->lun_lock);
11002 		if (lun->flags & CTL_LUN_DISABLED) {
11003 			mtx_unlock(&lun->lun_lock);
11004 			lun = NULL;
11005 			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11006 			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11007 		} else {
11008 			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11009 			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11010 				lun->be_lun;
11011 
11012 			/*
11013 			 * Every I/O goes into the OOA queue for a
11014 			 * particular LUN, and stays there until completion.
11015 			 */
11016 #ifdef CTL_TIME_IO
11017 			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11018 				lun->idle_time += getsbinuptime() -
11019 				    lun->last_busy;
11020 			}
11021 #endif
11022 			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11023 			    ooa_links);
11024 		}
11025 	} else {
11026 		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11027 		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11028 	}
11029 
11030 	/* Get command entry and return error if it is unsuppotyed. */
11031 	entry = ctl_validate_command(ctsio);
11032 	if (entry == NULL) {
11033 		if (lun)
11034 			mtx_unlock(&lun->lun_lock);
11035 		return (retval);
11036 	}
11037 
11038 	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11039 	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11040 
11041 	/*
11042 	 * Check to see whether we can send this command to LUNs that don't
11043 	 * exist.  This should pretty much only be the case for inquiry
11044 	 * and request sense.  Further checks, below, really require having
11045 	 * a LUN, so we can't really check the command anymore.  Just put
11046 	 * it on the rtr queue.
11047 	 */
11048 	if (lun == NULL) {
11049 		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11050 			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11051 			ctl_enqueue_rtr((union ctl_io *)ctsio);
11052 			return (retval);
11053 		}
11054 
11055 		ctl_set_unsupported_lun(ctsio);
11056 		ctl_done((union ctl_io *)ctsio);
11057 		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11058 		return (retval);
11059 	} else {
11060 		/*
11061 		 * Make sure we support this particular command on this LUN.
11062 		 * e.g., we don't support writes to the control LUN.
11063 		 */
11064 		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11065 			mtx_unlock(&lun->lun_lock);
11066 			ctl_set_invalid_opcode(ctsio);
11067 			ctl_done((union ctl_io *)ctsio);
11068 			return (retval);
11069 		}
11070 	}
11071 
11072 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11073 
11074 #ifdef CTL_WITH_CA
11075 	/*
11076 	 * If we've got a request sense, it'll clear the contingent
11077 	 * allegiance condition.  Otherwise, if we have a CA condition for
11078 	 * this initiator, clear it, because it sent down a command other
11079 	 * than request sense.
11080 	 */
11081 	if ((ctsio->cdb[0] != REQUEST_SENSE)
11082 	 && (ctl_is_set(lun->have_ca, initidx)))
11083 		ctl_clear_mask(lun->have_ca, initidx);
11084 #endif
11085 
11086 	/*
11087 	 * If the command has this flag set, it handles its own unit
11088 	 * attention reporting, we shouldn't do anything.  Otherwise we
11089 	 * check for any pending unit attentions, and send them back to the
11090 	 * initiator.  We only do this when a command initially comes in,
11091 	 * not when we pull it off the blocked queue.
11092 	 *
11093 	 * According to SAM-3, section 5.3.2, the order that things get
11094 	 * presented back to the host is basically unit attentions caused
11095 	 * by some sort of reset event, busy status, reservation conflicts
11096 	 * or task set full, and finally any other status.
11097 	 *
11098 	 * One issue here is that some of the unit attentions we report
11099 	 * don't fall into the "reset" category (e.g. "reported luns data
11100 	 * has changed").  So reporting it here, before the reservation
11101 	 * check, may be technically wrong.  I guess the only thing to do
11102 	 * would be to check for and report the reset events here, and then
11103 	 * check for the other unit attention types after we check for a
11104 	 * reservation conflict.
11105 	 *
11106 	 * XXX KDM need to fix this
11107 	 */
11108 	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11109 		ctl_ua_type ua_type;
11110 
11111 		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11112 		    SSD_TYPE_NONE);
11113 		if (ua_type != CTL_UA_NONE) {
11114 			mtx_unlock(&lun->lun_lock);
11115 			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11116 			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11117 			ctsio->sense_len = SSD_FULL_SIZE;
11118 			ctl_done((union ctl_io *)ctsio);
11119 			return (retval);
11120 		}
11121 	}
11122 
11123 
11124 	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11125 		mtx_unlock(&lun->lun_lock);
11126 		ctl_done((union ctl_io *)ctsio);
11127 		return (retval);
11128 	}
11129 
11130 	/*
11131 	 * XXX CHD this is where we want to send IO to other side if
11132 	 * this LUN is secondary on this SC. We will need to make a copy
11133 	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11134 	 * the copy we send as FROM_OTHER.
11135 	 * We also need to stuff the address of the original IO so we can
11136 	 * find it easily. Something similar will need be done on the other
11137 	 * side so when we are done we can find the copy.
11138 	 */
11139 	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11140 	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11141 	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11142 		union ctl_ha_msg msg_info;
11143 		int isc_retval;
11144 
11145 		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11146 		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11147 		mtx_unlock(&lun->lun_lock);
11148 
11149 		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11150 		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11151 		msg_info.hdr.serializing_sc = NULL;
11152 		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11153 		msg_info.scsi.tag_num = ctsio->tag_num;
11154 		msg_info.scsi.tag_type = ctsio->tag_type;
11155 		msg_info.scsi.cdb_len = ctsio->cdb_len;
11156 		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11157 
11158 		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11159 		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11160 		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11161 			ctl_set_busy(ctsio);
11162 			ctl_done((union ctl_io *)ctsio);
11163 			return (retval);
11164 		}
11165 		return (retval);
11166 	}
11167 
11168 	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11169 			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11170 			      ctl_ooaq, ooa_links))) {
11171 	case CTL_ACTION_BLOCK:
11172 		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11173 		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11174 				  blocked_links);
11175 		mtx_unlock(&lun->lun_lock);
11176 		return (retval);
11177 	case CTL_ACTION_PASS:
11178 	case CTL_ACTION_SKIP:
11179 		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11180 		mtx_unlock(&lun->lun_lock);
11181 		ctl_enqueue_rtr((union ctl_io *)ctsio);
11182 		break;
11183 	case CTL_ACTION_OVERLAP:
11184 		mtx_unlock(&lun->lun_lock);
11185 		ctl_set_overlapped_cmd(ctsio);
11186 		ctl_done((union ctl_io *)ctsio);
11187 		break;
11188 	case CTL_ACTION_OVERLAP_TAG:
11189 		mtx_unlock(&lun->lun_lock);
11190 		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11191 		ctl_done((union ctl_io *)ctsio);
11192 		break;
11193 	case CTL_ACTION_ERROR:
11194 	default:
11195 		mtx_unlock(&lun->lun_lock);
11196 		ctl_set_internal_failure(ctsio,
11197 					 /*sks_valid*/ 0,
11198 					 /*retry_count*/ 0);
11199 		ctl_done((union ctl_io *)ctsio);
11200 		break;
11201 	}
11202 	return (retval);
11203 }
11204 
11205 const struct ctl_cmd_entry *
11206 ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11207 {
11208 	const struct ctl_cmd_entry *entry;
11209 	int service_action;
11210 
11211 	entry = &ctl_cmd_table[ctsio->cdb[0]];
11212 	if (sa)
11213 		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11214 	if (entry->flags & CTL_CMD_FLAG_SA5) {
11215 		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11216 		entry = &((const struct ctl_cmd_entry *)
11217 		    entry->execute)[service_action];
11218 	}
11219 	return (entry);
11220 }
11221 
11222 const struct ctl_cmd_entry *
11223 ctl_validate_command(struct ctl_scsiio *ctsio)
11224 {
11225 	const struct ctl_cmd_entry *entry;
11226 	int i, sa;
11227 	uint8_t diff;
11228 
11229 	entry = ctl_get_cmd_entry(ctsio, &sa);
11230 	if (entry->execute == NULL) {
11231 		if (sa)
11232 			ctl_set_invalid_field(ctsio,
11233 					      /*sks_valid*/ 1,
11234 					      /*command*/ 1,
11235 					      /*field*/ 1,
11236 					      /*bit_valid*/ 1,
11237 					      /*bit*/ 4);
11238 		else
11239 			ctl_set_invalid_opcode(ctsio);
11240 		ctl_done((union ctl_io *)ctsio);
11241 		return (NULL);
11242 	}
11243 	KASSERT(entry->length > 0,
11244 	    ("Not defined length for command 0x%02x/0x%02x",
11245 	     ctsio->cdb[0], ctsio->cdb[1]));
11246 	for (i = 1; i < entry->length; i++) {
11247 		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11248 		if (diff == 0)
11249 			continue;
11250 		ctl_set_invalid_field(ctsio,
11251 				      /*sks_valid*/ 1,
11252 				      /*command*/ 1,
11253 				      /*field*/ i,
11254 				      /*bit_valid*/ 1,
11255 				      /*bit*/ fls(diff) - 1);
11256 		ctl_done((union ctl_io *)ctsio);
11257 		return (NULL);
11258 	}
11259 	return (entry);
11260 }
11261 
11262 static int
11263 ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11264 {
11265 
11266 	switch (lun_type) {
11267 	case T_PROCESSOR:
11268 		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11269 			return (0);
11270 		break;
11271 	case T_DIRECT:
11272 		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11273 			return (0);
11274 		break;
11275 	default:
11276 		return (0);
11277 	}
11278 	return (1);
11279 }
11280 
11281 static int
11282 ctl_scsiio(struct ctl_scsiio *ctsio)
11283 {
11284 	int retval;
11285 	const struct ctl_cmd_entry *entry;
11286 
11287 	retval = CTL_RETVAL_COMPLETE;
11288 
11289 	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11290 
11291 	entry = ctl_get_cmd_entry(ctsio, NULL);
11292 
11293 	/*
11294 	 * If this I/O has been aborted, just send it straight to
11295 	 * ctl_done() without executing it.
11296 	 */
11297 	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11298 		ctl_done((union ctl_io *)ctsio);
11299 		goto bailout;
11300 	}
11301 
11302 	/*
11303 	 * All the checks should have been handled by ctl_scsiio_precheck().
11304 	 * We should be clear now to just execute the I/O.
11305 	 */
11306 	retval = entry->execute(ctsio);
11307 
11308 bailout:
11309 	return (retval);
11310 }
11311 
11312 /*
11313  * Since we only implement one target right now, a bus reset simply resets
11314  * our single target.
11315  */
11316 static int
11317 ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11318 {
11319 	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11320 }
11321 
11322 static int
11323 ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11324 		 ctl_ua_type ua_type)
11325 {
11326 	struct ctl_port *port;
11327 	struct ctl_lun *lun;
11328 	int retval;
11329 
11330 	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11331 		union ctl_ha_msg msg_info;
11332 
11333 		msg_info.hdr.nexus = io->io_hdr.nexus;
11334 		if (ua_type==CTL_UA_TARG_RESET)
11335 			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11336 		else
11337 			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11338 		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11339 		msg_info.hdr.original_sc = NULL;
11340 		msg_info.hdr.serializing_sc = NULL;
11341 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11342 		    sizeof(msg_info.task), M_WAITOK);
11343 	}
11344 	retval = 0;
11345 
11346 	mtx_lock(&softc->ctl_lock);
11347 	port = ctl_io_port(&io->io_hdr);
11348 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11349 		if (port != NULL &&
11350 		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11351 			continue;
11352 		retval += ctl_do_lun_reset(lun, io, ua_type);
11353 	}
11354 	mtx_unlock(&softc->ctl_lock);
11355 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11356 	return (retval);
11357 }
11358 
11359 /*
11360  * The LUN should always be set.  The I/O is optional, and is used to
11361  * distinguish between I/Os sent by this initiator, and by other
11362  * initiators.  We set unit attention for initiators other than this one.
11363  * SAM-3 is vague on this point.  It does say that a unit attention should
11364  * be established for other initiators when a LUN is reset (see section
11365  * 5.7.3), but it doesn't specifically say that the unit attention should
11366  * be established for this particular initiator when a LUN is reset.  Here
11367  * is the relevant text, from SAM-3 rev 8:
11368  *
11369  * 5.7.2 When a SCSI initiator port aborts its own tasks
11370  *
11371  * When a SCSI initiator port causes its own task(s) to be aborted, no
11372  * notification that the task(s) have been aborted shall be returned to
11373  * the SCSI initiator port other than the completion response for the
11374  * command or task management function action that caused the task(s) to
11375  * be aborted and notification(s) associated with related effects of the
11376  * action (e.g., a reset unit attention condition).
11377  *
11378  * XXX KDM for now, we're setting unit attention for all initiators.
11379  */
11380 static int
11381 ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11382 {
11383 	union ctl_io *xio;
11384 #if 0
11385 	uint32_t initidx;
11386 #endif
11387 #ifdef CTL_WITH_CA
11388 	int i;
11389 #endif
11390 
11391 	mtx_lock(&lun->lun_lock);
11392 	/*
11393 	 * Run through the OOA queue and abort each I/O.
11394 	 */
11395 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11396 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11397 		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11398 	}
11399 
11400 	/*
11401 	 * This version sets unit attention for every
11402 	 */
11403 #if 0
11404 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11405 	ctl_est_ua_all(lun, initidx, ua_type);
11406 #else
11407 	ctl_est_ua_all(lun, -1, ua_type);
11408 #endif
11409 
11410 	/*
11411 	 * A reset (any kind, really) clears reservations established with
11412 	 * RESERVE/RELEASE.  It does not clear reservations established
11413 	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11414 	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11415 	 * reservations made with the RESERVE/RELEASE commands, because
11416 	 * those commands are obsolete in SPC-3.
11417 	 */
11418 	lun->flags &= ~CTL_LUN_RESERVED;
11419 
11420 #ifdef CTL_WITH_CA
11421 	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11422 		ctl_clear_mask(lun->have_ca, i);
11423 #endif
11424 	mtx_unlock(&lun->lun_lock);
11425 
11426 	return (0);
11427 }
11428 
11429 static int
11430 ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11431 {
11432 	struct ctl_lun *lun;
11433 	uint32_t targ_lun;
11434 	int retval;
11435 
11436 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11437 	mtx_lock(&softc->ctl_lock);
11438 	if ((targ_lun >= CTL_MAX_LUNS) ||
11439 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11440 		mtx_unlock(&softc->ctl_lock);
11441 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11442 		return (1);
11443 	}
11444 	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11445 	mtx_unlock(&softc->ctl_lock);
11446 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11447 
11448 	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11449 		union ctl_ha_msg msg_info;
11450 
11451 		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11452 		msg_info.hdr.nexus = io->io_hdr.nexus;
11453 		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11454 		msg_info.hdr.original_sc = NULL;
11455 		msg_info.hdr.serializing_sc = NULL;
11456 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11457 		    sizeof(msg_info.task), M_WAITOK);
11458 	}
11459 	return (retval);
11460 }
11461 
11462 static void
11463 ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11464     int other_sc)
11465 {
11466 	union ctl_io *xio;
11467 
11468 	mtx_assert(&lun->lun_lock, MA_OWNED);
11469 
11470 	/*
11471 	 * Run through the OOA queue and attempt to find the given I/O.
11472 	 * The target port, initiator ID, tag type and tag number have to
11473 	 * match the values that we got from the initiator.  If we have an
11474 	 * untagged command to abort, simply abort the first untagged command
11475 	 * we come to.  We only allow one untagged command at a time of course.
11476 	 */
11477 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11478 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11479 
11480 		if ((targ_port == UINT32_MAX ||
11481 		     targ_port == xio->io_hdr.nexus.targ_port) &&
11482 		    (init_id == UINT32_MAX ||
11483 		     init_id == xio->io_hdr.nexus.initid)) {
11484 			if (targ_port != xio->io_hdr.nexus.targ_port ||
11485 			    init_id != xio->io_hdr.nexus.initid)
11486 				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11487 			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11488 			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11489 				union ctl_ha_msg msg_info;
11490 
11491 				msg_info.hdr.nexus = xio->io_hdr.nexus;
11492 				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11493 				msg_info.task.tag_num = xio->scsiio.tag_num;
11494 				msg_info.task.tag_type = xio->scsiio.tag_type;
11495 				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11496 				msg_info.hdr.original_sc = NULL;
11497 				msg_info.hdr.serializing_sc = NULL;
11498 				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11499 				    sizeof(msg_info.task), M_NOWAIT);
11500 			}
11501 		}
11502 	}
11503 }
11504 
11505 static int
11506 ctl_abort_task_set(union ctl_io *io)
11507 {
11508 	struct ctl_softc *softc = control_softc;
11509 	struct ctl_lun *lun;
11510 	uint32_t targ_lun;
11511 
11512 	/*
11513 	 * Look up the LUN.
11514 	 */
11515 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11516 	mtx_lock(&softc->ctl_lock);
11517 	if ((targ_lun >= CTL_MAX_LUNS) ||
11518 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11519 		mtx_unlock(&softc->ctl_lock);
11520 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11521 		return (1);
11522 	}
11523 
11524 	mtx_lock(&lun->lun_lock);
11525 	mtx_unlock(&softc->ctl_lock);
11526 	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11527 		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11528 		    io->io_hdr.nexus.initid,
11529 		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11530 	} else { /* CTL_TASK_CLEAR_TASK_SET */
11531 		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11532 		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11533 	}
11534 	mtx_unlock(&lun->lun_lock);
11535 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11536 	return (0);
11537 }
11538 
11539 static int
11540 ctl_i_t_nexus_reset(union ctl_io *io)
11541 {
11542 	struct ctl_softc *softc = control_softc;
11543 	struct ctl_lun *lun;
11544 	uint32_t initidx;
11545 
11546 	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11547 		union ctl_ha_msg msg_info;
11548 
11549 		msg_info.hdr.nexus = io->io_hdr.nexus;
11550 		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11551 		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11552 		msg_info.hdr.original_sc = NULL;
11553 		msg_info.hdr.serializing_sc = NULL;
11554 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11555 		    sizeof(msg_info.task), M_WAITOK);
11556 	}
11557 
11558 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11559 	mtx_lock(&softc->ctl_lock);
11560 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11561 		mtx_lock(&lun->lun_lock);
11562 		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11563 		    io->io_hdr.nexus.initid, 1);
11564 #ifdef CTL_WITH_CA
11565 		ctl_clear_mask(lun->have_ca, initidx);
11566 #endif
11567 		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11568 			lun->flags &= ~CTL_LUN_RESERVED;
11569 		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11570 		mtx_unlock(&lun->lun_lock);
11571 	}
11572 	mtx_unlock(&softc->ctl_lock);
11573 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11574 	return (0);
11575 }
11576 
11577 static int
11578 ctl_abort_task(union ctl_io *io)
11579 {
11580 	union ctl_io *xio;
11581 	struct ctl_lun *lun;
11582 	struct ctl_softc *softc;
11583 #if 0
11584 	struct sbuf sb;
11585 	char printbuf[128];
11586 #endif
11587 	int found;
11588 	uint32_t targ_lun;
11589 
11590 	softc = control_softc;
11591 	found = 0;
11592 
11593 	/*
11594 	 * Look up the LUN.
11595 	 */
11596 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11597 	mtx_lock(&softc->ctl_lock);
11598 	if ((targ_lun >= CTL_MAX_LUNS) ||
11599 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11600 		mtx_unlock(&softc->ctl_lock);
11601 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11602 		return (1);
11603 	}
11604 
11605 #if 0
11606 	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11607 	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11608 #endif
11609 
11610 	mtx_lock(&lun->lun_lock);
11611 	mtx_unlock(&softc->ctl_lock);
11612 	/*
11613 	 * Run through the OOA queue and attempt to find the given I/O.
11614 	 * The target port, initiator ID, tag type and tag number have to
11615 	 * match the values that we got from the initiator.  If we have an
11616 	 * untagged command to abort, simply abort the first untagged command
11617 	 * we come to.  We only allow one untagged command at a time of course.
11618 	 */
11619 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11620 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11621 #if 0
11622 		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11623 
11624 		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11625 			    lun->lun, xio->scsiio.tag_num,
11626 			    xio->scsiio.tag_type,
11627 			    (xio->io_hdr.blocked_links.tqe_prev
11628 			    == NULL) ? "" : " BLOCKED",
11629 			    (xio->io_hdr.flags &
11630 			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11631 			    (xio->io_hdr.flags &
11632 			    CTL_FLAG_ABORT) ? " ABORT" : "",
11633 			    (xio->io_hdr.flags &
11634 			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11635 		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11636 		sbuf_finish(&sb);
11637 		printf("%s\n", sbuf_data(&sb));
11638 #endif
11639 
11640 		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11641 		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11642 		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11643 			continue;
11644 
11645 		/*
11646 		 * If the abort says that the task is untagged, the
11647 		 * task in the queue must be untagged.  Otherwise,
11648 		 * we just check to see whether the tag numbers
11649 		 * match.  This is because the QLogic firmware
11650 		 * doesn't pass back the tag type in an abort
11651 		 * request.
11652 		 */
11653 #if 0
11654 		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11655 		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11656 		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11657 #endif
11658 		/*
11659 		 * XXX KDM we've got problems with FC, because it
11660 		 * doesn't send down a tag type with aborts.  So we
11661 		 * can only really go by the tag number...
11662 		 * This may cause problems with parallel SCSI.
11663 		 * Need to figure that out!!
11664 		 */
11665 		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11666 			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11667 			found = 1;
11668 			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11669 			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11670 				union ctl_ha_msg msg_info;
11671 
11672 				msg_info.hdr.nexus = io->io_hdr.nexus;
11673 				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11674 				msg_info.task.tag_num = io->taskio.tag_num;
11675 				msg_info.task.tag_type = io->taskio.tag_type;
11676 				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11677 				msg_info.hdr.original_sc = NULL;
11678 				msg_info.hdr.serializing_sc = NULL;
11679 #if 0
11680 				printf("Sent Abort to other side\n");
11681 #endif
11682 				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11683 				    sizeof(msg_info.task), M_NOWAIT);
11684 			}
11685 #if 0
11686 			printf("ctl_abort_task: found I/O to abort\n");
11687 #endif
11688 		}
11689 	}
11690 	mtx_unlock(&lun->lun_lock);
11691 
11692 	if (found == 0) {
11693 		/*
11694 		 * This isn't really an error.  It's entirely possible for
11695 		 * the abort and command completion to cross on the wire.
11696 		 * This is more of an informative/diagnostic error.
11697 		 */
11698 #if 0
11699 		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11700 		       "%u:%u:%u tag %d type %d\n",
11701 		       io->io_hdr.nexus.initid,
11702 		       io->io_hdr.nexus.targ_port,
11703 		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11704 		       io->taskio.tag_type);
11705 #endif
11706 	}
11707 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11708 	return (0);
11709 }
11710 
11711 static int
11712 ctl_query_task(union ctl_io *io, int task_set)
11713 {
11714 	union ctl_io *xio;
11715 	struct ctl_lun *lun;
11716 	struct ctl_softc *softc;
11717 	int found = 0;
11718 	uint32_t targ_lun;
11719 
11720 	softc = control_softc;
11721 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11722 	mtx_lock(&softc->ctl_lock);
11723 	if ((targ_lun >= CTL_MAX_LUNS) ||
11724 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11725 		mtx_unlock(&softc->ctl_lock);
11726 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11727 		return (1);
11728 	}
11729 	mtx_lock(&lun->lun_lock);
11730 	mtx_unlock(&softc->ctl_lock);
11731 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11732 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11733 
11734 		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11735 		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11736 		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11737 			continue;
11738 
11739 		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11740 			found = 1;
11741 			break;
11742 		}
11743 	}
11744 	mtx_unlock(&lun->lun_lock);
11745 	if (found)
11746 		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11747 	else
11748 		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11749 	return (0);
11750 }
11751 
11752 static int
11753 ctl_query_async_event(union ctl_io *io)
11754 {
11755 	struct ctl_lun *lun;
11756 	struct ctl_softc *softc;
11757 	ctl_ua_type ua;
11758 	uint32_t targ_lun, initidx;
11759 
11760 	softc = control_softc;
11761 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11762 	mtx_lock(&softc->ctl_lock);
11763 	if ((targ_lun >= CTL_MAX_LUNS) ||
11764 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11765 		mtx_unlock(&softc->ctl_lock);
11766 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11767 		return (1);
11768 	}
11769 	mtx_lock(&lun->lun_lock);
11770 	mtx_unlock(&softc->ctl_lock);
11771 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11772 	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11773 	mtx_unlock(&lun->lun_lock);
11774 	if (ua != CTL_UA_NONE)
11775 		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11776 	else
11777 		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11778 	return (0);
11779 }
11780 
11781 static void
11782 ctl_run_task(union ctl_io *io)
11783 {
11784 	struct ctl_softc *softc = control_softc;
11785 	int retval = 1;
11786 
11787 	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11788 	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11789 	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11790 	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11791 	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11792 	switch (io->taskio.task_action) {
11793 	case CTL_TASK_ABORT_TASK:
11794 		retval = ctl_abort_task(io);
11795 		break;
11796 	case CTL_TASK_ABORT_TASK_SET:
11797 	case CTL_TASK_CLEAR_TASK_SET:
11798 		retval = ctl_abort_task_set(io);
11799 		break;
11800 	case CTL_TASK_CLEAR_ACA:
11801 		break;
11802 	case CTL_TASK_I_T_NEXUS_RESET:
11803 		retval = ctl_i_t_nexus_reset(io);
11804 		break;
11805 	case CTL_TASK_LUN_RESET:
11806 		retval = ctl_lun_reset(softc, io);
11807 		break;
11808 	case CTL_TASK_TARGET_RESET:
11809 		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11810 		break;
11811 	case CTL_TASK_BUS_RESET:
11812 		retval = ctl_bus_reset(softc, io);
11813 		break;
11814 	case CTL_TASK_PORT_LOGIN:
11815 		break;
11816 	case CTL_TASK_PORT_LOGOUT:
11817 		break;
11818 	case CTL_TASK_QUERY_TASK:
11819 		retval = ctl_query_task(io, 0);
11820 		break;
11821 	case CTL_TASK_QUERY_TASK_SET:
11822 		retval = ctl_query_task(io, 1);
11823 		break;
11824 	case CTL_TASK_QUERY_ASYNC_EVENT:
11825 		retval = ctl_query_async_event(io);
11826 		break;
11827 	default:
11828 		printf("%s: got unknown task management event %d\n",
11829 		       __func__, io->taskio.task_action);
11830 		break;
11831 	}
11832 	if (retval == 0)
11833 		io->io_hdr.status = CTL_SUCCESS;
11834 	else
11835 		io->io_hdr.status = CTL_ERROR;
11836 	ctl_done(io);
11837 }
11838 
11839 /*
11840  * For HA operation.  Handle commands that come in from the other
11841  * controller.
11842  */
11843 static void
11844 ctl_handle_isc(union ctl_io *io)
11845 {
11846 	int free_io;
11847 	struct ctl_lun *lun;
11848 	struct ctl_softc *softc = control_softc;
11849 	uint32_t targ_lun;
11850 
11851 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11852 	lun = softc->ctl_luns[targ_lun];
11853 
11854 	switch (io->io_hdr.msg_type) {
11855 	case CTL_MSG_SERIALIZE:
11856 		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11857 		break;
11858 	case CTL_MSG_R2R: {
11859 		const struct ctl_cmd_entry *entry;
11860 
11861 		/*
11862 		 * This is only used in SER_ONLY mode.
11863 		 */
11864 		free_io = 0;
11865 		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11866 		mtx_lock(&lun->lun_lock);
11867 		if (ctl_scsiio_lun_check(lun,
11868 		    entry, (struct ctl_scsiio *)io) != 0) {
11869 			mtx_unlock(&lun->lun_lock);
11870 			ctl_done(io);
11871 			break;
11872 		}
11873 		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11874 		mtx_unlock(&lun->lun_lock);
11875 		ctl_enqueue_rtr(io);
11876 		break;
11877 	}
11878 	case CTL_MSG_FINISH_IO:
11879 		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11880 			free_io = 0;
11881 			ctl_done(io);
11882 		} else {
11883 			free_io = 1;
11884 			mtx_lock(&lun->lun_lock);
11885 			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11886 				     ooa_links);
11887 			ctl_check_blocked(lun);
11888 			mtx_unlock(&lun->lun_lock);
11889 		}
11890 		break;
11891 	case CTL_MSG_PERS_ACTION:
11892 		ctl_hndl_per_res_out_on_other_sc(
11893 			(union ctl_ha_msg *)&io->presio.pr_msg);
11894 		free_io = 1;
11895 		break;
11896 	case CTL_MSG_BAD_JUJU:
11897 		free_io = 0;
11898 		ctl_done(io);
11899 		break;
11900 	case CTL_MSG_DATAMOVE:
11901 		/* Only used in XFER mode */
11902 		free_io = 0;
11903 		ctl_datamove_remote(io);
11904 		break;
11905 	case CTL_MSG_DATAMOVE_DONE:
11906 		/* Only used in XFER mode */
11907 		free_io = 0;
11908 		io->scsiio.be_move_done(io);
11909 		break;
11910 	case CTL_MSG_FAILOVER:
11911 		ctl_failover_lun(io);
11912 		free_io = 1;
11913 		break;
11914 	default:
11915 		free_io = 1;
11916 		printf("%s: Invalid message type %d\n",
11917 		       __func__, io->io_hdr.msg_type);
11918 		break;
11919 	}
11920 	if (free_io)
11921 		ctl_free_io(io);
11922 
11923 }
11924 
11925 
11926 /*
11927  * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11928  * there is no match.
11929  */
11930 static ctl_lun_error_pattern
11931 ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11932 {
11933 	const struct ctl_cmd_entry *entry;
11934 	ctl_lun_error_pattern filtered_pattern, pattern;
11935 
11936 	pattern = desc->error_pattern;
11937 
11938 	/*
11939 	 * XXX KDM we need more data passed into this function to match a
11940 	 * custom pattern, and we actually need to implement custom pattern
11941 	 * matching.
11942 	 */
11943 	if (pattern & CTL_LUN_PAT_CMD)
11944 		return (CTL_LUN_PAT_CMD);
11945 
11946 	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11947 		return (CTL_LUN_PAT_ANY);
11948 
11949 	entry = ctl_get_cmd_entry(ctsio, NULL);
11950 
11951 	filtered_pattern = entry->pattern & pattern;
11952 
11953 	/*
11954 	 * If the user requested specific flags in the pattern (e.g.
11955 	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11956 	 * flags.
11957 	 *
11958 	 * If the user did not specify any flags, it doesn't matter whether
11959 	 * or not the command supports the flags.
11960 	 */
11961 	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11962 	     (pattern & ~CTL_LUN_PAT_MASK))
11963 		return (CTL_LUN_PAT_NONE);
11964 
11965 	/*
11966 	 * If the user asked for a range check, see if the requested LBA
11967 	 * range overlaps with this command's LBA range.
11968 	 */
11969 	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
11970 		uint64_t lba1;
11971 		uint64_t len1;
11972 		ctl_action action;
11973 		int retval;
11974 
11975 		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
11976 		if (retval != 0)
11977 			return (CTL_LUN_PAT_NONE);
11978 
11979 		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
11980 					      desc->lba_range.len, FALSE);
11981 		/*
11982 		 * A "pass" means that the LBA ranges don't overlap, so
11983 		 * this doesn't match the user's range criteria.
11984 		 */
11985 		if (action == CTL_ACTION_PASS)
11986 			return (CTL_LUN_PAT_NONE);
11987 	}
11988 
11989 	return (filtered_pattern);
11990 }
11991 
11992 static void
11993 ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
11994 {
11995 	struct ctl_error_desc *desc, *desc2;
11996 
11997 	mtx_assert(&lun->lun_lock, MA_OWNED);
11998 
11999 	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12000 		ctl_lun_error_pattern pattern;
12001 		/*
12002 		 * Check to see whether this particular command matches
12003 		 * the pattern in the descriptor.
12004 		 */
12005 		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12006 		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12007 			continue;
12008 
12009 		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12010 		case CTL_LUN_INJ_ABORTED:
12011 			ctl_set_aborted(&io->scsiio);
12012 			break;
12013 		case CTL_LUN_INJ_MEDIUM_ERR:
12014 			ctl_set_medium_error(&io->scsiio,
12015 			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12016 			     CTL_FLAG_DATA_OUT);
12017 			break;
12018 		case CTL_LUN_INJ_UA:
12019 			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12020 			 * OCCURRED */
12021 			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12022 			break;
12023 		case CTL_LUN_INJ_CUSTOM:
12024 			/*
12025 			 * We're assuming the user knows what he is doing.
12026 			 * Just copy the sense information without doing
12027 			 * checks.
12028 			 */
12029 			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12030 			      MIN(sizeof(desc->custom_sense),
12031 				  sizeof(io->scsiio.sense_data)));
12032 			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12033 			io->scsiio.sense_len = SSD_FULL_SIZE;
12034 			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12035 			break;
12036 		case CTL_LUN_INJ_NONE:
12037 		default:
12038 			/*
12039 			 * If this is an error injection type we don't know
12040 			 * about, clear the continuous flag (if it is set)
12041 			 * so it will get deleted below.
12042 			 */
12043 			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12044 			break;
12045 		}
12046 		/*
12047 		 * By default, each error injection action is a one-shot
12048 		 */
12049 		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12050 			continue;
12051 
12052 		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12053 
12054 		free(desc, M_CTL);
12055 	}
12056 }
12057 
12058 #ifdef CTL_IO_DELAY
12059 static void
12060 ctl_datamove_timer_wakeup(void *arg)
12061 {
12062 	union ctl_io *io;
12063 
12064 	io = (union ctl_io *)arg;
12065 
12066 	ctl_datamove(io);
12067 }
12068 #endif /* CTL_IO_DELAY */
12069 
12070 void
12071 ctl_datamove(union ctl_io *io)
12072 {
12073 	struct ctl_lun *lun;
12074 	void (*fe_datamove)(union ctl_io *io);
12075 
12076 	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12077 
12078 	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12079 
12080 	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12081 #ifdef CTL_TIME_IO
12082 	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12083 		char str[256];
12084 		char path_str[64];
12085 		struct sbuf sb;
12086 
12087 		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12088 		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12089 
12090 		sbuf_cat(&sb, path_str);
12091 		switch (io->io_hdr.io_type) {
12092 		case CTL_IO_SCSI:
12093 			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12094 			sbuf_printf(&sb, "\n");
12095 			sbuf_cat(&sb, path_str);
12096 			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12097 				    io->scsiio.tag_num, io->scsiio.tag_type);
12098 			break;
12099 		case CTL_IO_TASK:
12100 			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12101 				    "Tag Type: %d\n", io->taskio.task_action,
12102 				    io->taskio.tag_num, io->taskio.tag_type);
12103 			break;
12104 		default:
12105 			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12106 			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12107 			break;
12108 		}
12109 		sbuf_cat(&sb, path_str);
12110 		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12111 			    (intmax_t)time_uptime - io->io_hdr.start_time);
12112 		sbuf_finish(&sb);
12113 		printf("%s", sbuf_data(&sb));
12114 	}
12115 #endif /* CTL_TIME_IO */
12116 
12117 #ifdef CTL_IO_DELAY
12118 	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12119 		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12120 	} else {
12121 		if ((lun != NULL)
12122 		 && (lun->delay_info.datamove_delay > 0)) {
12123 
12124 			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12125 			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12126 			callout_reset(&io->io_hdr.delay_callout,
12127 				      lun->delay_info.datamove_delay * hz,
12128 				      ctl_datamove_timer_wakeup, io);
12129 			if (lun->delay_info.datamove_type ==
12130 			    CTL_DELAY_TYPE_ONESHOT)
12131 				lun->delay_info.datamove_delay = 0;
12132 			return;
12133 		}
12134 	}
12135 #endif
12136 
12137 	/*
12138 	 * This command has been aborted.  Set the port status, so we fail
12139 	 * the data move.
12140 	 */
12141 	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12142 		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12143 		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12144 		       io->io_hdr.nexus.targ_port,
12145 		       io->io_hdr.nexus.targ_lun);
12146 		io->io_hdr.port_status = 31337;
12147 		/*
12148 		 * Note that the backend, in this case, will get the
12149 		 * callback in its context.  In other cases it may get
12150 		 * called in the frontend's interrupt thread context.
12151 		 */
12152 		io->scsiio.be_move_done(io);
12153 		return;
12154 	}
12155 
12156 	/* Don't confuse frontend with zero length data move. */
12157 	if (io->scsiio.kern_data_len == 0) {
12158 		io->scsiio.be_move_done(io);
12159 		return;
12160 	}
12161 
12162 	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12163 	fe_datamove(io);
12164 }
12165 
12166 static void
12167 ctl_send_datamove_done(union ctl_io *io, int have_lock)
12168 {
12169 	union ctl_ha_msg msg;
12170 #ifdef CTL_TIME_IO
12171 	struct bintime cur_bt;
12172 #endif
12173 
12174 	memset(&msg, 0, sizeof(msg));
12175 	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12176 	msg.hdr.original_sc = io;
12177 	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12178 	msg.hdr.nexus = io->io_hdr.nexus;
12179 	msg.hdr.status = io->io_hdr.status;
12180 	msg.scsi.tag_num = io->scsiio.tag_num;
12181 	msg.scsi.tag_type = io->scsiio.tag_type;
12182 	msg.scsi.scsi_status = io->scsiio.scsi_status;
12183 	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12184 	       io->scsiio.sense_len);
12185 	msg.scsi.sense_len = io->scsiio.sense_len;
12186 	msg.scsi.sense_residual = io->scsiio.sense_residual;
12187 	msg.scsi.fetd_status = io->io_hdr.port_status;
12188 	msg.scsi.residual = io->scsiio.residual;
12189 	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12190 	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12191 		ctl_failover_io(io, /*have_lock*/ have_lock);
12192 		return;
12193 	}
12194 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12195 	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12196 	    msg.scsi.sense_len, M_WAITOK);
12197 
12198 #ifdef CTL_TIME_IO
12199 	getbinuptime(&cur_bt);
12200 	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12201 	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12202 #endif
12203 	io->io_hdr.num_dmas++;
12204 }
12205 
12206 /*
12207  * The DMA to the remote side is done, now we need to tell the other side
12208  * we're done so it can continue with its data movement.
12209  */
12210 static void
12211 ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12212 {
12213 	union ctl_io *io;
12214 	int i;
12215 
12216 	io = rq->context;
12217 
12218 	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12219 		printf("%s: ISC DMA write failed with error %d", __func__,
12220 		       rq->ret);
12221 		ctl_set_internal_failure(&io->scsiio,
12222 					 /*sks_valid*/ 1,
12223 					 /*retry_count*/ rq->ret);
12224 	}
12225 
12226 	ctl_dt_req_free(rq);
12227 
12228 	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12229 		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12230 	free(io->io_hdr.remote_sglist, M_CTL);
12231 	io->io_hdr.remote_sglist = NULL;
12232 	io->io_hdr.local_sglist = NULL;
12233 
12234 	/*
12235 	 * The data is in local and remote memory, so now we need to send
12236 	 * status (good or back) back to the other side.
12237 	 */
12238 	ctl_send_datamove_done(io, /*have_lock*/ 0);
12239 }
12240 
12241 /*
12242  * We've moved the data from the host/controller into local memory.  Now we
12243  * need to push it over to the remote controller's memory.
12244  */
12245 static int
12246 ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12247 {
12248 	int retval;
12249 
12250 	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12251 					  ctl_datamove_remote_write_cb);
12252 	return (retval);
12253 }
12254 
12255 static void
12256 ctl_datamove_remote_write(union ctl_io *io)
12257 {
12258 	int retval;
12259 	void (*fe_datamove)(union ctl_io *io);
12260 
12261 	/*
12262 	 * - Get the data from the host/HBA into local memory.
12263 	 * - DMA memory from the local controller to the remote controller.
12264 	 * - Send status back to the remote controller.
12265 	 */
12266 
12267 	retval = ctl_datamove_remote_sgl_setup(io);
12268 	if (retval != 0)
12269 		return;
12270 
12271 	/* Switch the pointer over so the FETD knows what to do */
12272 	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12273 
12274 	/*
12275 	 * Use a custom move done callback, since we need to send completion
12276 	 * back to the other controller, not to the backend on this side.
12277 	 */
12278 	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12279 
12280 	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12281 	fe_datamove(io);
12282 }
12283 
12284 static int
12285 ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12286 {
12287 #if 0
12288 	char str[256];
12289 	char path_str[64];
12290 	struct sbuf sb;
12291 #endif
12292 	int i;
12293 
12294 	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12295 		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12296 	free(io->io_hdr.remote_sglist, M_CTL);
12297 	io->io_hdr.remote_sglist = NULL;
12298 	io->io_hdr.local_sglist = NULL;
12299 
12300 #if 0
12301 	scsi_path_string(io, path_str, sizeof(path_str));
12302 	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12303 	sbuf_cat(&sb, path_str);
12304 	scsi_command_string(&io->scsiio, NULL, &sb);
12305 	sbuf_printf(&sb, "\n");
12306 	sbuf_cat(&sb, path_str);
12307 	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12308 		    io->scsiio.tag_num, io->scsiio.tag_type);
12309 	sbuf_cat(&sb, path_str);
12310 	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12311 		    io->io_hdr.flags, io->io_hdr.status);
12312 	sbuf_finish(&sb);
12313 	printk("%s", sbuf_data(&sb));
12314 #endif
12315 
12316 
12317 	/*
12318 	 * The read is done, now we need to send status (good or bad) back
12319 	 * to the other side.
12320 	 */
12321 	ctl_send_datamove_done(io, /*have_lock*/ 0);
12322 
12323 	return (0);
12324 }
12325 
12326 static void
12327 ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12328 {
12329 	union ctl_io *io;
12330 	void (*fe_datamove)(union ctl_io *io);
12331 
12332 	io = rq->context;
12333 
12334 	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12335 		printf("%s: ISC DMA read failed with error %d\n", __func__,
12336 		       rq->ret);
12337 		ctl_set_internal_failure(&io->scsiio,
12338 					 /*sks_valid*/ 1,
12339 					 /*retry_count*/ rq->ret);
12340 	}
12341 
12342 	ctl_dt_req_free(rq);
12343 
12344 	/* Switch the pointer over so the FETD knows what to do */
12345 	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12346 
12347 	/*
12348 	 * Use a custom move done callback, since we need to send completion
12349 	 * back to the other controller, not to the backend on this side.
12350 	 */
12351 	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12352 
12353 	/* XXX KDM add checks like the ones in ctl_datamove? */
12354 
12355 	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12356 	fe_datamove(io);
12357 }
12358 
12359 static int
12360 ctl_datamove_remote_sgl_setup(union ctl_io *io)
12361 {
12362 	struct ctl_sg_entry *local_sglist;
12363 	uint32_t len_to_go;
12364 	int retval;
12365 	int i;
12366 
12367 	retval = 0;
12368 	local_sglist = io->io_hdr.local_sglist;
12369 	len_to_go = io->scsiio.kern_data_len;
12370 
12371 	/*
12372 	 * The difficult thing here is that the size of the various
12373 	 * S/G segments may be different than the size from the
12374 	 * remote controller.  That'll make it harder when DMAing
12375 	 * the data back to the other side.
12376 	 */
12377 	for (i = 0; len_to_go > 0; i++) {
12378 		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12379 		local_sglist[i].addr =
12380 		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12381 
12382 		len_to_go -= local_sglist[i].len;
12383 	}
12384 	/*
12385 	 * Reset the number of S/G entries accordingly.  The original
12386 	 * number of S/G entries is available in rem_sg_entries.
12387 	 */
12388 	io->scsiio.kern_sg_entries = i;
12389 
12390 #if 0
12391 	printf("%s: kern_sg_entries = %d\n", __func__,
12392 	       io->scsiio.kern_sg_entries);
12393 	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12394 		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12395 		       local_sglist[i].addr, local_sglist[i].len);
12396 #endif
12397 
12398 	return (retval);
12399 }
12400 
12401 static int
12402 ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12403 			 ctl_ha_dt_cb callback)
12404 {
12405 	struct ctl_ha_dt_req *rq;
12406 	struct ctl_sg_entry *remote_sglist, *local_sglist;
12407 	uint32_t local_used, remote_used, total_used;
12408 	int i, j, isc_ret;
12409 
12410 	rq = ctl_dt_req_alloc();
12411 
12412 	/*
12413 	 * If we failed to allocate the request, and if the DMA didn't fail
12414 	 * anyway, set busy status.  This is just a resource allocation
12415 	 * failure.
12416 	 */
12417 	if ((rq == NULL)
12418 	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12419 	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12420 		ctl_set_busy(&io->scsiio);
12421 
12422 	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12423 	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12424 
12425 		if (rq != NULL)
12426 			ctl_dt_req_free(rq);
12427 
12428 		/*
12429 		 * The data move failed.  We need to return status back
12430 		 * to the other controller.  No point in trying to DMA
12431 		 * data to the remote controller.
12432 		 */
12433 
12434 		ctl_send_datamove_done(io, /*have_lock*/ 0);
12435 
12436 		return (1);
12437 	}
12438 
12439 	local_sglist = io->io_hdr.local_sglist;
12440 	remote_sglist = io->io_hdr.remote_sglist;
12441 	local_used = 0;
12442 	remote_used = 0;
12443 	total_used = 0;
12444 
12445 	/*
12446 	 * Pull/push the data over the wire from/to the other controller.
12447 	 * This takes into account the possibility that the local and
12448 	 * remote sglists may not be identical in terms of the size of
12449 	 * the elements and the number of elements.
12450 	 *
12451 	 * One fundamental assumption here is that the length allocated for
12452 	 * both the local and remote sglists is identical.  Otherwise, we've
12453 	 * essentially got a coding error of some sort.
12454 	 */
12455 	isc_ret = CTL_HA_STATUS_SUCCESS;
12456 	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12457 		uint32_t cur_len;
12458 		uint8_t *tmp_ptr;
12459 
12460 		rq->command = command;
12461 		rq->context = io;
12462 
12463 		/*
12464 		 * Both pointers should be aligned.  But it is possible
12465 		 * that the allocation length is not.  They should both
12466 		 * also have enough slack left over at the end, though,
12467 		 * to round up to the next 8 byte boundary.
12468 		 */
12469 		cur_len = MIN(local_sglist[i].len - local_used,
12470 			      remote_sglist[j].len - remote_used);
12471 		rq->size = cur_len;
12472 
12473 		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12474 		tmp_ptr += local_used;
12475 
12476 #if 0
12477 		/* Use physical addresses when talking to ISC hardware */
12478 		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12479 			/* XXX KDM use busdma */
12480 			rq->local = vtophys(tmp_ptr);
12481 		} else
12482 			rq->local = tmp_ptr;
12483 #else
12484 		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12485 		    ("HA does not support BUS_ADDR"));
12486 		rq->local = tmp_ptr;
12487 #endif
12488 
12489 		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12490 		tmp_ptr += remote_used;
12491 		rq->remote = tmp_ptr;
12492 
12493 		rq->callback = NULL;
12494 
12495 		local_used += cur_len;
12496 		if (local_used >= local_sglist[i].len) {
12497 			i++;
12498 			local_used = 0;
12499 		}
12500 
12501 		remote_used += cur_len;
12502 		if (remote_used >= remote_sglist[j].len) {
12503 			j++;
12504 			remote_used = 0;
12505 		}
12506 		total_used += cur_len;
12507 
12508 		if (total_used >= io->scsiio.kern_data_len)
12509 			rq->callback = callback;
12510 
12511 #if 0
12512 		printf("%s: %s: local %p remote %p size %d\n", __func__,
12513 		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12514 		       rq->local, rq->remote, rq->size);
12515 #endif
12516 
12517 		isc_ret = ctl_dt_single(rq);
12518 		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12519 			break;
12520 	}
12521 	if (isc_ret != CTL_HA_STATUS_WAIT) {
12522 		rq->ret = isc_ret;
12523 		callback(rq);
12524 	}
12525 
12526 	return (0);
12527 }
12528 
12529 static void
12530 ctl_datamove_remote_read(union ctl_io *io)
12531 {
12532 	int retval;
12533 	int i;
12534 
12535 	/*
12536 	 * This will send an error to the other controller in the case of a
12537 	 * failure.
12538 	 */
12539 	retval = ctl_datamove_remote_sgl_setup(io);
12540 	if (retval != 0)
12541 		return;
12542 
12543 	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12544 					  ctl_datamove_remote_read_cb);
12545 	if (retval != 0) {
12546 		/*
12547 		 * Make sure we free memory if there was an error..  The
12548 		 * ctl_datamove_remote_xfer() function will send the
12549 		 * datamove done message, or call the callback with an
12550 		 * error if there is a problem.
12551 		 */
12552 		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12553 			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12554 		free(io->io_hdr.remote_sglist, M_CTL);
12555 		io->io_hdr.remote_sglist = NULL;
12556 		io->io_hdr.local_sglist = NULL;
12557 	}
12558 }
12559 
12560 /*
12561  * Process a datamove request from the other controller.  This is used for
12562  * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12563  * first.  Once that is complete, the data gets DMAed into the remote
12564  * controller's memory.  For reads, we DMA from the remote controller's
12565  * memory into our memory first, and then move it out to the FETD.
12566  */
12567 static void
12568 ctl_datamove_remote(union ctl_io *io)
12569 {
12570 
12571 	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12572 
12573 	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12574 		ctl_failover_io(io, /*have_lock*/ 0);
12575 		return;
12576 	}
12577 
12578 	/*
12579 	 * Note that we look for an aborted I/O here, but don't do some of
12580 	 * the other checks that ctl_datamove() normally does.
12581 	 * We don't need to run the datamove delay code, since that should
12582 	 * have been done if need be on the other controller.
12583 	 */
12584 	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12585 		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12586 		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12587 		       io->io_hdr.nexus.targ_port,
12588 		       io->io_hdr.nexus.targ_lun);
12589 		io->io_hdr.port_status = 31338;
12590 		ctl_send_datamove_done(io, /*have_lock*/ 0);
12591 		return;
12592 	}
12593 
12594 	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12595 		ctl_datamove_remote_write(io);
12596 	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12597 		ctl_datamove_remote_read(io);
12598 	else {
12599 		io->io_hdr.port_status = 31339;
12600 		ctl_send_datamove_done(io, /*have_lock*/ 0);
12601 	}
12602 }
12603 
12604 static void
12605 ctl_process_done(union ctl_io *io)
12606 {
12607 	struct ctl_lun *lun;
12608 	struct ctl_softc *softc = control_softc;
12609 	void (*fe_done)(union ctl_io *io);
12610 	union ctl_ha_msg msg;
12611 	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12612 
12613 	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12614 	fe_done = softc->ctl_ports[targ_port]->fe_done;
12615 
12616 #ifdef CTL_TIME_IO
12617 	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12618 		char str[256];
12619 		char path_str[64];
12620 		struct sbuf sb;
12621 
12622 		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12623 		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12624 
12625 		sbuf_cat(&sb, path_str);
12626 		switch (io->io_hdr.io_type) {
12627 		case CTL_IO_SCSI:
12628 			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12629 			sbuf_printf(&sb, "\n");
12630 			sbuf_cat(&sb, path_str);
12631 			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12632 				    io->scsiio.tag_num, io->scsiio.tag_type);
12633 			break;
12634 		case CTL_IO_TASK:
12635 			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12636 				    "Tag Type: %d\n", io->taskio.task_action,
12637 				    io->taskio.tag_num, io->taskio.tag_type);
12638 			break;
12639 		default:
12640 			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12641 			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12642 			break;
12643 		}
12644 		sbuf_cat(&sb, path_str);
12645 		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12646 			    (intmax_t)time_uptime - io->io_hdr.start_time);
12647 		sbuf_finish(&sb);
12648 		printf("%s", sbuf_data(&sb));
12649 	}
12650 #endif /* CTL_TIME_IO */
12651 
12652 	switch (io->io_hdr.io_type) {
12653 	case CTL_IO_SCSI:
12654 		break;
12655 	case CTL_IO_TASK:
12656 		if (ctl_debug & CTL_DEBUG_INFO)
12657 			ctl_io_error_print(io, NULL);
12658 		fe_done(io);
12659 		return;
12660 	default:
12661 		panic("ctl_process_done: invalid io type %d\n",
12662 		      io->io_hdr.io_type);
12663 		break; /* NOTREACHED */
12664 	}
12665 
12666 	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12667 	if (lun == NULL) {
12668 		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12669 				 io->io_hdr.nexus.targ_mapped_lun));
12670 		goto bailout;
12671 	}
12672 
12673 	mtx_lock(&lun->lun_lock);
12674 
12675 	/*
12676 	 * Check to see if we have any errors to inject here.  We only
12677 	 * inject errors for commands that don't already have errors set.
12678 	 */
12679 	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12680 	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12681 	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12682 		ctl_inject_error(lun, io);
12683 
12684 	/*
12685 	 * XXX KDM how do we treat commands that aren't completed
12686 	 * successfully?
12687 	 *
12688 	 * XXX KDM should we also track I/O latency?
12689 	 */
12690 	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12691 	    io->io_hdr.io_type == CTL_IO_SCSI) {
12692 #ifdef CTL_TIME_IO
12693 		struct bintime cur_bt;
12694 #endif
12695 		int type;
12696 
12697 		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12698 		    CTL_FLAG_DATA_IN)
12699 			type = CTL_STATS_READ;
12700 		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12701 		    CTL_FLAG_DATA_OUT)
12702 			type = CTL_STATS_WRITE;
12703 		else
12704 			type = CTL_STATS_NO_IO;
12705 
12706 		lun->stats.ports[targ_port].bytes[type] +=
12707 		    io->scsiio.kern_total_len;
12708 		lun->stats.ports[targ_port].operations[type]++;
12709 #ifdef CTL_TIME_IO
12710 		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12711 		   &io->io_hdr.dma_bt);
12712 		getbinuptime(&cur_bt);
12713 		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12714 		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12715 #endif
12716 		lun->stats.ports[targ_port].num_dmas[type] +=
12717 		    io->io_hdr.num_dmas;
12718 	}
12719 
12720 	/*
12721 	 * Remove this from the OOA queue.
12722 	 */
12723 	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12724 #ifdef CTL_TIME_IO
12725 	if (TAILQ_EMPTY(&lun->ooa_queue))
12726 		lun->last_busy = getsbinuptime();
12727 #endif
12728 
12729 	/*
12730 	 * Run through the blocked queue on this LUN and see if anything
12731 	 * has become unblocked, now that this transaction is done.
12732 	 */
12733 	ctl_check_blocked(lun);
12734 
12735 	/*
12736 	 * If the LUN has been invalidated, free it if there is nothing
12737 	 * left on its OOA queue.
12738 	 */
12739 	if ((lun->flags & CTL_LUN_INVALID)
12740 	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12741 		mtx_unlock(&lun->lun_lock);
12742 		mtx_lock(&softc->ctl_lock);
12743 		ctl_free_lun(lun);
12744 		mtx_unlock(&softc->ctl_lock);
12745 	} else
12746 		mtx_unlock(&lun->lun_lock);
12747 
12748 bailout:
12749 
12750 	/*
12751 	 * If this command has been aborted, make sure we set the status
12752 	 * properly.  The FETD is responsible for freeing the I/O and doing
12753 	 * whatever it needs to do to clean up its state.
12754 	 */
12755 	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12756 		ctl_set_task_aborted(&io->scsiio);
12757 
12758 	/*
12759 	 * If enabled, print command error status.
12760 	 */
12761 	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12762 	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12763 		ctl_io_error_print(io, NULL);
12764 
12765 	/*
12766 	 * Tell the FETD or the other shelf controller we're done with this
12767 	 * command.  Note that only SCSI commands get to this point.  Task
12768 	 * management commands are completed above.
12769 	 */
12770 	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12771 	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12772 		memset(&msg, 0, sizeof(msg));
12773 		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12774 		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12775 		msg.hdr.nexus = io->io_hdr.nexus;
12776 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12777 		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12778 		    M_WAITOK);
12779 	}
12780 
12781 	fe_done(io);
12782 }
12783 
12784 #ifdef CTL_WITH_CA
12785 /*
12786  * Front end should call this if it doesn't do autosense.  When the request
12787  * sense comes back in from the initiator, we'll dequeue this and send it.
12788  */
12789 int
12790 ctl_queue_sense(union ctl_io *io)
12791 {
12792 	struct ctl_lun *lun;
12793 	struct ctl_port *port;
12794 	struct ctl_softc *softc;
12795 	uint32_t initidx, targ_lun;
12796 
12797 	softc = control_softc;
12798 
12799 	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
12800 
12801 	/*
12802 	 * LUN lookup will likely move to the ctl_work_thread() once we
12803 	 * have our new queueing infrastructure (that doesn't put things on
12804 	 * a per-LUN queue initially).  That is so that we can handle
12805 	 * things like an INQUIRY to a LUN that we don't have enabled.  We
12806 	 * can't deal with that right now.
12807 	 */
12808 	mtx_lock(&softc->ctl_lock);
12809 
12810 	/*
12811 	 * If we don't have a LUN for this, just toss the sense
12812 	 * information.
12813 	 */
12814 	port = ctl_io_port(&ctsio->io_hdr);
12815 	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12816 	if ((targ_lun < CTL_MAX_LUNS)
12817 	 && (softc->ctl_luns[targ_lun] != NULL))
12818 		lun = softc->ctl_luns[targ_lun];
12819 	else
12820 		goto bailout;
12821 
12822 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12823 
12824 	mtx_lock(&lun->lun_lock);
12825 	/*
12826 	 * Already have CA set for this LUN...toss the sense information.
12827 	 */
12828 	if (ctl_is_set(lun->have_ca, initidx)) {
12829 		mtx_unlock(&lun->lun_lock);
12830 		goto bailout;
12831 	}
12832 
12833 	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
12834 	       MIN(sizeof(lun->pending_sense[initidx]),
12835 	       sizeof(io->scsiio.sense_data)));
12836 	ctl_set_mask(lun->have_ca, initidx);
12837 	mtx_unlock(&lun->lun_lock);
12838 
12839 bailout:
12840 	mtx_unlock(&softc->ctl_lock);
12841 
12842 	ctl_free_io(io);
12843 
12844 	return (CTL_RETVAL_COMPLETE);
12845 }
12846 #endif
12847 
12848 /*
12849  * Primary command inlet from frontend ports.  All SCSI and task I/O
12850  * requests must go through this function.
12851  */
12852 int
12853 ctl_queue(union ctl_io *io)
12854 {
12855 	struct ctl_port *port;
12856 
12857 	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
12858 
12859 #ifdef CTL_TIME_IO
12860 	io->io_hdr.start_time = time_uptime;
12861 	getbinuptime(&io->io_hdr.start_bt);
12862 #endif /* CTL_TIME_IO */
12863 
12864 	/* Map FE-specific LUN ID into global one. */
12865 	port = ctl_io_port(&io->io_hdr);
12866 	io->io_hdr.nexus.targ_mapped_lun =
12867 	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12868 
12869 	switch (io->io_hdr.io_type) {
12870 	case CTL_IO_SCSI:
12871 	case CTL_IO_TASK:
12872 		if (ctl_debug & CTL_DEBUG_CDB)
12873 			ctl_io_print(io);
12874 		ctl_enqueue_incoming(io);
12875 		break;
12876 	default:
12877 		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
12878 		return (EINVAL);
12879 	}
12880 
12881 	return (CTL_RETVAL_COMPLETE);
12882 }
12883 
12884 #ifdef CTL_IO_DELAY
12885 static void
12886 ctl_done_timer_wakeup(void *arg)
12887 {
12888 	union ctl_io *io;
12889 
12890 	io = (union ctl_io *)arg;
12891 	ctl_done(io);
12892 }
12893 #endif /* CTL_IO_DELAY */
12894 
12895 void
12896 ctl_serseq_done(union ctl_io *io)
12897 {
12898 	struct ctl_lun *lun;
12899 
12900 	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12901 	if (lun->be_lun == NULL ||
12902 	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
12903 		return;
12904 	mtx_lock(&lun->lun_lock);
12905 	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
12906 	ctl_check_blocked(lun);
12907 	mtx_unlock(&lun->lun_lock);
12908 }
12909 
12910 void
12911 ctl_done(union ctl_io *io)
12912 {
12913 
12914 	/*
12915 	 * Enable this to catch duplicate completion issues.
12916 	 */
12917 #if 0
12918 	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
12919 		printf("%s: type %d msg %d cdb %x iptl: "
12920 		       "%u:%u:%u tag 0x%04x "
12921 		       "flag %#x status %x\n",
12922 			__func__,
12923 			io->io_hdr.io_type,
12924 			io->io_hdr.msg_type,
12925 			io->scsiio.cdb[0],
12926 			io->io_hdr.nexus.initid,
12927 			io->io_hdr.nexus.targ_port,
12928 			io->io_hdr.nexus.targ_lun,
12929 			(io->io_hdr.io_type ==
12930 			CTL_IO_TASK) ?
12931 			io->taskio.tag_num :
12932 			io->scsiio.tag_num,
12933 		        io->io_hdr.flags,
12934 			io->io_hdr.status);
12935 	} else
12936 		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
12937 #endif
12938 
12939 	/*
12940 	 * This is an internal copy of an I/O, and should not go through
12941 	 * the normal done processing logic.
12942 	 */
12943 	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
12944 		return;
12945 
12946 #ifdef CTL_IO_DELAY
12947 	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12948 		struct ctl_lun *lun;
12949 
12950 		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12951 
12952 		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12953 	} else {
12954 		struct ctl_lun *lun;
12955 
12956 		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12957 
12958 		if ((lun != NULL)
12959 		 && (lun->delay_info.done_delay > 0)) {
12960 
12961 			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12962 			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12963 			callout_reset(&io->io_hdr.delay_callout,
12964 				      lun->delay_info.done_delay * hz,
12965 				      ctl_done_timer_wakeup, io);
12966 			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
12967 				lun->delay_info.done_delay = 0;
12968 			return;
12969 		}
12970 	}
12971 #endif /* CTL_IO_DELAY */
12972 
12973 	ctl_enqueue_done(io);
12974 }
12975 
12976 static void
12977 ctl_work_thread(void *arg)
12978 {
12979 	struct ctl_thread *thr = (struct ctl_thread *)arg;
12980 	struct ctl_softc *softc = thr->ctl_softc;
12981 	union ctl_io *io;
12982 	int retval;
12983 
12984 	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
12985 
12986 	for (;;) {
12987 		/*
12988 		 * We handle the queues in this order:
12989 		 * - ISC
12990 		 * - done queue (to free up resources, unblock other commands)
12991 		 * - RtR queue
12992 		 * - incoming queue
12993 		 *
12994 		 * If those queues are empty, we break out of the loop and
12995 		 * go to sleep.
12996 		 */
12997 		mtx_lock(&thr->queue_lock);
12998 		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
12999 		if (io != NULL) {
13000 			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13001 			mtx_unlock(&thr->queue_lock);
13002 			ctl_handle_isc(io);
13003 			continue;
13004 		}
13005 		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13006 		if (io != NULL) {
13007 			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13008 			/* clear any blocked commands, call fe_done */
13009 			mtx_unlock(&thr->queue_lock);
13010 			ctl_process_done(io);
13011 			continue;
13012 		}
13013 		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13014 		if (io != NULL) {
13015 			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13016 			mtx_unlock(&thr->queue_lock);
13017 			if (io->io_hdr.io_type == CTL_IO_TASK)
13018 				ctl_run_task(io);
13019 			else
13020 				ctl_scsiio_precheck(softc, &io->scsiio);
13021 			continue;
13022 		}
13023 		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13024 		if (io != NULL) {
13025 			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13026 			mtx_unlock(&thr->queue_lock);
13027 			retval = ctl_scsiio(&io->scsiio);
13028 			if (retval != CTL_RETVAL_COMPLETE)
13029 				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13030 			continue;
13031 		}
13032 
13033 		/* Sleep until we have something to do. */
13034 		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13035 	}
13036 }
13037 
13038 static void
13039 ctl_lun_thread(void *arg)
13040 {
13041 	struct ctl_softc *softc = (struct ctl_softc *)arg;
13042 	struct ctl_be_lun *be_lun;
13043 
13044 	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13045 
13046 	for (;;) {
13047 		mtx_lock(&softc->ctl_lock);
13048 		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13049 		if (be_lun != NULL) {
13050 			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13051 			mtx_unlock(&softc->ctl_lock);
13052 			ctl_create_lun(be_lun);
13053 			continue;
13054 		}
13055 
13056 		/* Sleep until we have something to do. */
13057 		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13058 		    PDROP | PRIBIO, "-", 0);
13059 	}
13060 }
13061 
13062 static void
13063 ctl_thresh_thread(void *arg)
13064 {
13065 	struct ctl_softc *softc = (struct ctl_softc *)arg;
13066 	struct ctl_lun *lun;
13067 	struct scsi_da_rw_recovery_page *rwpage;
13068 	struct ctl_logical_block_provisioning_page *page;
13069 	const char *attr;
13070 	union ctl_ha_msg msg;
13071 	uint64_t thres, val;
13072 	int i, e, set;
13073 
13074 	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13075 
13076 	for (;;) {
13077 		mtx_lock(&softc->ctl_lock);
13078 		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13079 			if ((lun->flags & CTL_LUN_DISABLED) ||
13080 			    (lun->flags & CTL_LUN_OFFLINE) ||
13081 			    lun->backend->lun_attr == NULL)
13082 				continue;
13083 			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13084 			    softc->ha_mode == CTL_HA_MODE_XFER)
13085 				continue;
13086 			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13087 			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13088 				continue;
13089 			e = 0;
13090 			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13091 			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13092 				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13093 					continue;
13094 				thres = scsi_4btoul(page->descr[i].count);
13095 				thres <<= CTL_LBP_EXPONENT;
13096 				switch (page->descr[i].resource) {
13097 				case 0x01:
13098 					attr = "blocksavail";
13099 					break;
13100 				case 0x02:
13101 					attr = "blocksused";
13102 					break;
13103 				case 0xf1:
13104 					attr = "poolblocksavail";
13105 					break;
13106 				case 0xf2:
13107 					attr = "poolblocksused";
13108 					break;
13109 				default:
13110 					continue;
13111 				}
13112 				mtx_unlock(&softc->ctl_lock); // XXX
13113 				val = lun->backend->lun_attr(
13114 				    lun->be_lun->be_lun, attr);
13115 				mtx_lock(&softc->ctl_lock);
13116 				if (val == UINT64_MAX)
13117 					continue;
13118 				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13119 				    == SLBPPD_ARMING_INC)
13120 					e = (val >= thres);
13121 				else
13122 					e = (val <= thres);
13123 				if (e)
13124 					break;
13125 			}
13126 			mtx_lock(&lun->lun_lock);
13127 			if (e) {
13128 				scsi_u64to8b((uint8_t *)&page->descr[i] -
13129 				    (uint8_t *)page, lun->ua_tpt_info);
13130 				if (lun->lasttpt == 0 ||
13131 				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13132 					lun->lasttpt = time_uptime;
13133 					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13134 					set = 1;
13135 				} else
13136 					set = 0;
13137 			} else {
13138 				lun->lasttpt = 0;
13139 				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13140 				set = -1;
13141 			}
13142 			mtx_unlock(&lun->lun_lock);
13143 			if (set != 0 &&
13144 			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13145 				/* Send msg to other side. */
13146 				bzero(&msg.ua, sizeof(msg.ua));
13147 				msg.hdr.msg_type = CTL_MSG_UA;
13148 				msg.hdr.nexus.initid = -1;
13149 				msg.hdr.nexus.targ_port = -1;
13150 				msg.hdr.nexus.targ_lun = lun->lun;
13151 				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13152 				msg.ua.ua_all = 1;
13153 				msg.ua.ua_set = (set > 0);
13154 				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13155 				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13156 				mtx_unlock(&softc->ctl_lock); // XXX
13157 				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13158 				    sizeof(msg.ua), M_WAITOK);
13159 				mtx_lock(&softc->ctl_lock);
13160 			}
13161 		}
13162 		mtx_unlock(&softc->ctl_lock);
13163 		pause("-", CTL_LBP_PERIOD * hz);
13164 	}
13165 }
13166 
13167 static void
13168 ctl_enqueue_incoming(union ctl_io *io)
13169 {
13170 	struct ctl_softc *softc = control_softc;
13171 	struct ctl_thread *thr;
13172 	u_int idx;
13173 
13174 	idx = (io->io_hdr.nexus.targ_port * 127 +
13175 	       io->io_hdr.nexus.initid) % worker_threads;
13176 	thr = &softc->threads[idx];
13177 	mtx_lock(&thr->queue_lock);
13178 	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13179 	mtx_unlock(&thr->queue_lock);
13180 	wakeup(thr);
13181 }
13182 
13183 static void
13184 ctl_enqueue_rtr(union ctl_io *io)
13185 {
13186 	struct ctl_softc *softc = control_softc;
13187 	struct ctl_thread *thr;
13188 
13189 	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13190 	mtx_lock(&thr->queue_lock);
13191 	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13192 	mtx_unlock(&thr->queue_lock);
13193 	wakeup(thr);
13194 }
13195 
13196 static void
13197 ctl_enqueue_done(union ctl_io *io)
13198 {
13199 	struct ctl_softc *softc = control_softc;
13200 	struct ctl_thread *thr;
13201 
13202 	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13203 	mtx_lock(&thr->queue_lock);
13204 	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13205 	mtx_unlock(&thr->queue_lock);
13206 	wakeup(thr);
13207 }
13208 
13209 static void
13210 ctl_enqueue_isc(union ctl_io *io)
13211 {
13212 	struct ctl_softc *softc = control_softc;
13213 	struct ctl_thread *thr;
13214 
13215 	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13216 	mtx_lock(&thr->queue_lock);
13217 	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13218 	mtx_unlock(&thr->queue_lock);
13219 	wakeup(thr);
13220 }
13221 
13222 /*
13223  *  vim: ts=8
13224  */
13225